使用 PowerShell 控制对团队的来宾访问Use PowerShell to control guest access to a team

除了使用 Microsoft 365 管理中心和 Azure Active Directory) 门户 (Azure AD,你还可以使用 Windows PowerShell 控制来宾访问。In addition to using the Microsoft 365 admin center and the Azure Active Directory (Azure AD) portal, you can use Windows PowerShell to control guest access. 使用 PowerShell 可以执行以下操作:With PowerShell, you can do the following:

  • 允许或阻止对所有团队和 Microsoft 365 组的来宾访问Allow or block guest access to all teams and Microsoft 365 Groups

  • 允许将来宾添加到所有团队和 Microsoft 365 组Allow guests to be added to all teams and Microsoft 365 Groups

  • 允许或阻止来自特定团队或 Microsoft 365 组的来宾用户Allow or block guest users from a specific team or Microsoft 365 group

有关详细信息,请参阅在 Microsoft 365 组中管理来宾访问中的 "使用 PowerShell 控制来宾访问"。For details, see "Use PowerShell to control guest access" in Manage guest access in Microsoft 365 Groups.

你还可以使用 PowerShell 根据来宾用户的域允许或阻止来宾用户。You can also use PowerShell to allow or block a guest user based on their domain. 例如,假定你的企业 (Contoso) 与另一家企业 (Fabrikam) 有合作关系。For example, let's say your business (Contoso) has a partnership with another business (Fabrikam). 你可以将 Fabrikam 添加到你的允许列表,以便你的用户可以将那些来宾添加到其组。You can add Fabrikam to your Allow list so your users can add those guests to their groups. 有关详细信息,请参阅 允许/阻止来宾访问 Microsoft 365 组For more information, see Allow/Block guest access to Microsoft 365 Groups.

如果要阻止团队中的来宾,但仍希望允许他们访问 SharePoint 网站,则可以使用 Azure AD PowerShell cmdlet 禁用公司对象上的 AllowGuestsToAccessGroups 参数,前提是已为 SharePoint 网站启用外部共享。If you want to block guests in Teams and still want to allow them to access SharePoint sites, you can use Azure AD PowerShell cmdlets to disable the AllowGuestsToAccessGroups parameter on the Company object, assuming external sharing is turned on for SharePoint sites.

使用 PowerShell 打开或关闭来宾访问Use PowerShell to turn guest access on or off

  1. 从下载 Skype for Business Online PowerShell 模块 https://www.microsoft.com/download/details.aspx?id=39366Download the Skype for Business Online PowerShell module from https://www.microsoft.com/download/details.aspx?id=39366

  2. 将 PowerShell 会话连接到 Skype for Business Online 终结点。Connect a PowerShell session to the Skype for Business Online endpoint.

备注

Skype for Business Online 连接器目前是最新团队 PowerShell 模块的一部分。Skype for Business Online Connector is currently part of the latest Teams PowerShell module.

如果您使用的是最新的 团队 PowerShell 公共版本,则无需安装 Skype For Business Online 连接器。If you're using the latest Teams PowerShell public release, you don't need to install the Skype for Business Online Connector.

```powershell
Import-Module -Name MicrosoftTeams
$Cred = Get-Credential
$CSSession = New-CsOnlineSession -Credential $Cred
Import-PSSession -Session $CSSession
```
  1. 检查您的配置,如果 AllowGuestUser$False ,请使用 CsTeamsClientConfiguration cmdlet 将其设置为 $TrueCheck your configuration and if AllowGuestUser is $False, use the Set-CsTeamsClientConfiguration cmdlet to set it to $True.

    Get-CsTeamsClientConfiguration
    
    Identity                         : Global
    AllowEmailIntoChannel            : True
    RestrictedSenderList             :
    AllowDropBox                     : True
    AllowBox                         : True
    AllowGoogleDrive                 : True
    AllowShareFile                   : True
    AllowOrganizationTab             : True
    AllowSkypeBusinessInterop        : True
    ContentPin                       : RequiredOutsideScheduleMeeting
    AllowResourceAccountSendMessage  : True
    ResourceAccountContentAccess     : NoAccess
    AllowGuestUser                   : True
    AllowScopedPeopleSearchandAccess : False
    
    Set-CsTeamsClientConfiguration -AllowGuestUser $True -Identity Global
    

您现在可以在组织的工作组中拥有来宾用户。You can now have guest users in Teams for your organization.

来宾访问和外部访问Guest access vs. external access

外部访问(联盟)和来宾访问不同:External access (federation) and guest access are different:

  • 外部访问提供对整个域的访问权限。External access gives access permission to an entire domain.
  • 来宾访问提供对个人的访问权限。Guest access gives access permission to an individual.

有关详细比较,请参阅与其他组织中的用户通信For a detailed comparison, see Communicate with users from other organizations.