User account managementUser account management

Microsoft 支持以下用于创建、管理和对用户进行身份验证的方法。Microsoft supports the following methods for creating, managing, and authenticating users.

备注

本主题不包含允许或禁止访问单个 Microsoft 资源(例如,Microsoft Exchange Online 中的基于角色的访问控制或在 Microsoft SharePoint Online 中配置安全性)的安全功能的相关信息。This topic does not include information about security features that allow or prohibit access to individual Microsoft resources (for example, role-based access control in Microsoft Exchange Online or configuring security in Microsoft SharePoint Online). 有关这些功能的详细信息,请参阅Exchange online 服务说明SharePoint online 服务说明For details about these features, see the Exchange Online service description and the SharePoint Online service description.

如果您需要有关可帮助您执行管理任务的工具的信息,请参阅tools to Manage Microsoft accountsIf you need information about tools that can help you perform administrative tasks, see Tools to manage Microsoft accounts. 若要了解如何执行日常管理任务,请参阅常见管理任务To learn how to perform day-to-day management tasks, see Common management tasks.

需要获取有关登录、安装/卸载或取消订阅方面的帮助吗?Need help signing in, installing or uninstalling, or canceling your subscription?

获取有关 | 安装或卸载 office时进行登录的帮助 | 取消 office 365Get help with signing in | Installing or uninstalling Office | Canceling Office 365

有关其他问题,请访问Microsoft 支持中心For other issues visit the Microsoft support center. 若要获取由中国的世纪互联运营的 Office 365 的支持,请联系世纪互联支持团队To get support for Office 365 operated by 21Vianet in China, contact the 21Vianet support team. 对于 Office 365 Germany,请联系 Office 365 Germany 支持团队For Office 365 Germany, contact the Office 365 Germany support team.

登录选项Sign-in options

Microsoft 有两个可用于用户标识的系统:Microsoft has two systems that can be used for user identities:

  • 工作或学校帐户(云标识) 用户接收 Azure Active Directory 云凭据(与其他桌面或公司凭据分开)以登录到 Microsoft 云服务。Work or school account (cloud identity) Users receive Azure Active Directory cloud credentials—separate from other desktop or corporate credentials—for signing into Microsoft cloud services. 这是默认标识,推荐使用此标识以最大限度地减少部署的复杂度。This is the default identity, and is recommended in order to minimize deployment complexity. 工作或学校的帐户密码使用 Azure Active Directory 密码策略Passwords for work or school accounts use the Azure Active Directory password policy.

  • 联合帐户(联合身份) 对于使用单一登录(SSO)的本地 Active Directory 的组织中的所有订阅,用户可以使用其 Active Directory 凭据登录到 Microsoft 服务。Federated account (federated identity) For all subscriptions in organizations with on-premises Active Directory that use single sign-on (SSO), users can sign into Microsoft services by using their Active Directory credentials. 公司 Active Directory 将存储和控制密码策略。The corporate Active Directory stores and controls the password policy. 若要了解 SSO,请参阅 单一登录路线图For information about SSO, see Single sign-on roadmap.

身份类型将影响用户体验和用户账户管理选项,以及硬件和软件要求和其他部署考虑。The type of identity affects the user experience and user account management options, as well as hardware and software requirements and other deployment considerations.

自定义域和身份选项Custom domains and identity options

当您创建新用户时,用户的登录名和电子邮件地址将被分配给 Microsoft 365 管理中心中设置的默认域。When you create a new user, the user's sign-in name and email address are assigned to the default domain as set in the Microsoft 365 admin center. 若要了解详细信息,请参阅添加你的用户和域To learn more, see Add your users and domain.

默认情况下,订阅使用在 < company name> .onmicrosoft.com帐户 * 中创建的. onmicrosoft.com 域。您可以将一个或多个自定义域添加到 Microsoft,而不是保留 onmicrosoft.com 域,并可分配用户以使用任何经过验证的域进行登录。By default, the subscription uses the < company name> .onmicrosoft.com domain that was created with the account.* You can add one or more custom domains to Microsoft rather than retaining the onmicrosoft.com domain, and can assign users to sign in with any of the validated domains. 每个用户分配的域是将显示在发送和接收的电子邮件上的电子邮件地址。Each user's assigned domain is the email address that will appear on sent and received email messages.

最多可以承载900个已注册的 internet 域,每个域都由不同的命名空间表示。You can host up to 900 registered internet domains, each represented by a different namespace.

对于使用单点登录的组织,同一域中的所有用户都必须使用相同的身份系统:云身份或联合身份。For organizations using single sign-on, all users on a domain must use the same identity system: either cloud identity or federated identity. 例如,您可以拥有一组仅需要云标识的用户,因为他们不访问本地系统,而是使用 Microsoft 和本地系统的另一组用户。For example, you could have one group of users that only needs a cloud identity because they don't access on-premises systems, and another group of users who use Microsoft and on-premises systems. 将两个域添加到 Office 365,如 contractors.contoso.com 和 staff.contoso.com,并且只为其中一个域设置 SSO。You would add two domains to Office 365, such as contractors.contoso.com and staff.contoso.com, and only set up SSO for one of them. 整个域可以从云身份转换为联合身份,也可以从联合身份转换为云身份。An entire domain can be converted from cloud identity to federated identity, or from federated identity to cloud identity.

有关 Office 365 中的域的详细信息,请参阅服务说明。For more information about domains in Office 365, see the Domains service description.

*如果您在中国使用由世纪互联运营的 Office 365,则默认域为 <companyname> onmsChina.cn* If you are using Office 365 operated by 21Vianet in China, the default domain is <companyname> .onmsChina.cn. 如果使用的是 Office 365 德国,则默认域为 <companyname> onmicrosoft.de。If you are using Office 365 Germany, the default domain is <companyname> .onmicrosoft.de

身份验证Authentication

除了使用 SharePoint Online 创建匿名访问的 internet 网站之外,用户在访问 Microsoft 服务时必须对用户进行身份验证。With the exception of internet sites for anonymous access created with SharePoint Online, users must be authenticated when accessing Microsoft services.

  • 新式验证新式验证将基于 Active Directory Authentication Library (ADAL) 的登录引入跨平台的 Office 客户端应用。Modern authentication Modern authentication brings Active Directory Authentication Library (ADAL)-based sign-in to Office client apps across platforms. 这将启用部分登录功能,如 Multi-Factor Authentication (MFA)、使用 Office 客户端应用程序的基于 SAML 的第三方身份提供程序,以及智能卡和基于证书的身份验证。This enables sign-in features such as Multi-Factor Authentication (MFA), SAML-based third-party identity providers with Office client applications, and smart card and certificate-based authentication. 它还让 Microsoft Outlook 无需使用基本身份验证协议。It also removes the need for Microsoft Outlook to use the basic authentication protocol. 有关详细信息(包括跨 Office 应用程序的新式验证的可用性),请参阅如何对 office 2013 和 office 2016 客户端应用程序进行新式验证For more information, including the availability of modern authentication across Office applications, see How modern authentication works for Office 2013 and Office 2016 client apps.

    默认情况下,将为 Exchange Online 启用新式验证。Modern authentication is turned on by default for Exchange Online. 若要了解如何打开或关闭它,请参阅在 Exchange Online 中启用新式验证To learn how to turn it on or off, see Enable modern authentication in Exchange Online.

  • 云身份身份验证 具有云身份的用户将使用传统挑战/回复进行身份验证。Cloud identity authentication Users with cloud identities are authenticated using traditional challenge/response. Web 浏览器会重定向到 Microsoft 登录服务,在其中键入工作或学校帐户的用户名和密码。The web browser is redirected to the Microsoft sign-in service, where you type the user name and password for your work or school account. 登录服务将对您的凭据进行身份验证并生成服务令牌,以便 Web 浏览器发送到请求的服务并登录。The sign-in service authenticates your credentials and generates a service token, which the web browser posts to the requested service and logs you in.

  • 联合身份验证 具有联合身份的用户将使用 Active Directory 联合身份验证服务 (AD FS) 2.0 或其他安全令牌服务进行身份验证。Federated identity authentication Users with federated identities are authenticated using Active Directory Federation Services (AD FS) 2.0 or other Security Token Services. Web 浏览器会重定向到 Microsoft 登录服务,在此服务中,可在表单中键入用户主体名称(UPN,例如,isabel@contoso.com)的公司 ID。The web browser is redirected to the Microsoft sign-in service, where you type your corporate ID in the form a user principal name (UPN; for example, isabel@contoso.com). 登录服务会确定你是否属于联盟域,并建议将你重定向到本地联合服务器进行身份验证。The sign-in service determines that you are part of a federated domain and offers to redirect you to the on-premises Federation Server for authentication. 如果登录到桌面(已加入域),则会通过身份验证(使用 Kerberos 或 NTLMv2)和本地安全令牌服务生成登录令牌,web 浏览器会将其发布到 Microsoft 登录服务。If you are logged on to the desktop (domain joined), you are authenticated (using Kerberos or NTLMv2) and the on-premises Security Token Service generates a logon token, which the web browser posts to the Microsoft sign-in service. 使用登录令牌,登录服务会生成 Web 浏览器发布给请求的服务的服务令牌,并将你登入。Using the logon token, the sign-in service generates a service token that the web browser posts to the requested service and logs you in. 有关可用安全令牌服务的列表,请参阅 单一登录路线图For a list of available Security Token Services available, see Single sign-on roadmap.

Microsoft 使用基于表单的身份验证,并且通过网络的身份验证通信始终使用端口443通过 TLS/SSL 进行加密。Microsoft uses forms-based authentication, and authentication traffic over the network is always encrypted with TLS/SSL using port 443. 身份验证流量使用的是 Microsoft 服务的带宽的不计百分比。Authentication traffic uses a negligible percentage of bandwidth for Microsoft services.

多因素身份验证Multi-Factor Authentication

通过多重身份验证,用户在正确输入其密码后,需要用户确认其智能手机上的电话呼叫、短信或应用通知。With Multi-Factor Authentication, users are required to acknowledge a phone call, text message, or an app notification on their smartphone after correctly entering their password. 只有经过这第二次身份验证后,用户才可以登录。Only after this second authentication can the user sign in. Microsoft 管理员可以在 Microsoft 365 管理中心中为用户注册多重身份验证。Microsoft administrators can enroll users for multi-factor authentication in the Microsoft 365 admin center. 了解有关多因素身份验证的详细信息。Learn more about Multi-Factor Authentication.

富客户端身份验证Rich client authentication

对于 Microsoft Office 桌面应用程序等丰富客户端,身份验证以两种方式进行:For rich clients such as Microsoft Office desktop applications, authentication can occur in two ways:

  • Microsoft Online Services 登录助手登录助手(由桌面安装程序安装)包含从登录服务获取服务令牌并将其返回到富客户端的客户端服务。Microsoft Online Services Sign-In Assistant The Sign-in assistant, which is installed by desktop setup, contains a client service that obtains a service token from the sign-in service and returns it to the rich client.

    • 如果你有云标识,则会收到一条凭据提示,客户端服务会将其发送到登录服务以进行身份验证(使用 WS-TRUST)。If you have a cloud identity, you receive a prompt for credentials, which the client service sends to the sign-in service for authentication (using WS-Trust).

    • 如果你拥有联合身份,客户端服务将首先联系 AD FS 2.0 服务器,以对凭据进行身份验证(使用 Kerberos 或 NTLMv2),并获取发送到登录服务的登录令牌(使用 WS-FEDERATION 和 WS-TRUST)。If you have a federated identity, the client service first contacts the AD FS 2.0 server to authenticate the credentials (using Kerberos or NTLMv2) and obtain a logon token that is sent to the sign-in service (using WS-Federation and WS-Trust).

  • 通过 SSL 的基本/代理身份验证 Outlook 客户端通过 SSL 将基本身份验证凭据传递给 Exchange Online。Basic/proxy authentication over SSL The Outlook client passes basic authentication credentials over SSL to Exchange Online. Exchange Online 将身份验证请求代理到标识平台,然后代理到本地 Active Directory 联合服务器(针对 SSO)。Exchange Online proxies the authentication request to the identity platform, and then to on-premises Active Directory Federation Server (for SSO).

为了确保正确发现和验证 Microsoft 服务,管理员必须将一组组件和更新应用到使用丰富客户端(如 Microsoft Office 2010)的每个工作站,并连接到 Office 365。To ensure proper discovery and authentication of Microsoft services, administrators must apply a set of components and updates to each workstation that uses rich clients (such as Microsoft Office 2010) and connects to Office 365. 桌面安装程序是一种自动工具,用于配置具有所需更新的工作站。Desktop setup is an automated tool to configure workstations with the required updates. 有关详细信息,请参阅使用我当前的 Office 桌面应用For more information, see Use my current Office desktop apps.

登录体验Sign-in experience

登录体验根据使用的标识类型的不同而变化:The sign-in experience changes depending on the type of identity in use:

云身份Cloud Identity 联合身份Federated Identity
Outlook 2016Outlook 2016
每次会话登录 1Sign in each session 1
每次会话登录 2Sign in each session 2
Outlook 2013Outlook 2013
每次会话登录 1Sign in each session 1
每次会话登录 2Sign in each session 2
Windows 7 上的 Outlook 2010 或 Office 2007。Outlook 2010 or Office 2007 on Windows 7
每次会话登录 1Sign in each session 1
每次会话登录 2Sign in each session 2
Windows Vista 上的 Outlook 2010 或 Office Outlook 2007。Outlook 2010 or Office Outlook 2007 on Windows Vista
每次会话登录 1Sign in each session 1
每次会话登录 2Sign in each session 2
Microsoft Exchange ActiveSyncMicrosoft Exchange ActiveSync
每次会话登录 1Sign in each session 1
每次会话登录 2Sign in each session 2
POP、IMAP、Outlook for MacPOP, IMAP, Outlook for Mac
每次会话登录 1Sign in each session 1
每次会话登录 2Sign in each session 2
Web 体验:适用于 web 的 web/SharePoint Online/Office 上的 Microsoft 365 管理中心/OutlookWeb experiences: Microsoft 365 admin center / Outlook on the web/ SharePoint Online / Office for the web
每次浏览器会话登录 4Sign in each browser session4
每次会话登录 3Sign in each session 3
使用 SharePoint Online 的 Office 2010 或 Office 2007。Office 2010 or Office 2007 using SharePoint Online
每次 SharePoint Online 会话登录 4Sign in each SharePoint Online session 4
每次 SharePoint Online 会话登录 3Sign in each SharePoint Online session3
Skype for Business OnlineSkype for Business Online
每次会话登录 1Sign in each session 1
无提示No prompt
Outlook for MacOutlook for Mac
每次会话登录 1Sign in each session 1
每次会话登录 2Sign in each session 2

备注

1当首次收到提示时,您可以保存密码以供将来使用。1 When first prompted, you can save your password for future use. 在更改密码之前,你将不会收到另一个提示。You will not receive another prompt until you change the password.
2输入公司凭据。 2 You enter your corporate credentials. 你可以保存密码,并且在更改密码之前不会再次提示你。You can save your password and will not be prompted again until your password changes.
3所有应用程序都要求你输入或选择你的用户名以登录。 3 All apps require you to enter or select your username to sign in. 如果你的计算机已加入域,将不会提示你输入密码。You are not prompted for your password if your computer is joined to the domain. 如果选择 "使我保持登录状态" ,则在您注销之前不会再次提示您。If you select Keep me signed in you will not be prompted again until you sign out.
4如果选择\ *"使我保持登录状态"* ,则在您注销之前不会再次提示。 4 If you select\ *Keep me signed in* you will not be prompted again until you sign out.

创建用户帐户Creating user accounts

您可以通过多种方式添加用户。There are multiple ways for you to add users. 若要了解详细信息,请参阅在 Microsoft 365 管理中心预览版中单独添加用户或在批量管理员帮助添加、删除和管理用户To learn more, see Add users individually or in bulk - Admin Help and Add, remove, and manage users in Microsoft 365 admin center Preview. 如果使用的是由世纪互联在中国运营的 Office 365,请参阅在由世纪互联运营的 Office 365 中创建或编辑用户帐户 - 管理帮助If you are using Office 365 operated by 21Vianet in China, see Create or edit user accounts in Office 365 operated by 21Vianet - Admin Help.

删除帐户Deleting accounts

如何删除账户取决于是否正在使用目录同步。How you delete accounts depends on whether or not you are using directory synchronization:

  • 如果未使用目录同步,则可以使用管理页面或使用 Windows PowerShell 删除帐户。If you are not using directory synchronization, accounts can be deleted by using the admin page or by using Windows PowerShell.

  • 如果正在使用目录同步,您必须从本地 Active Directory 而不是 Office 365 删除用户。If you are using directory synchronization, you must delete users from the local Active Directory, rather than from Office 365.

帐户删除后,它将变为非活动状态。When an account is deleted, it becomes inactive. 若要在删除后大约30天,可以还原帐户。For approximately 30 days after having deleted it, you can restore the account. 有关删除和还原帐户的详细信息,请参阅删除用户还原用户或者,如果使用由世纪互联运营的 office 365,请参阅在由世纪互联运营的 office 365 中创建或编辑用户帐户-管理员帮助For more information about deleting and restoring accounts, see Delete users and Restore users or, if you are using Office 365 operated by 21Vianet in China, see Create or edit user accounts in Office 365 operated by 21Vianet - Admin Help.

密码管理Password management

密码管理策略和程序取决于身份系统。The policies and procedures for password management depend on the identity system.

云身份密码管理:Cloud identity password management:

当使用云身份时,将在创建账户时自动生成密码。When using cloud identities, passwords are automatically generated when the account is created.

  • 有关云身份密码强度要求的信息,请参阅密码策略For cloud identity password strength requirements, see password policy.

  • 若要提高安全性,用户必须在首次访问 Microsoft 服务时更改其密码。To increase security, users must change their passwords when they first access Microsoft services. 因此,在用户可以访问 Microsoft 服务之前,他们必须登录到 Microsoft 365 管理中心,在这种情况下,系统会提示他们更改其密码。As a result, before users can access Microsoft services, they must sign into the Microsoft 365 admin center, where they are prompted to change their passwords.

  • 管理员可以设置密码过期策略。Admins can set the password expiration policy. 有关详细信息,请参阅设置用户的密码过期策略For more information, see Set a user's password expiration policy.

可通过以下几个工具为拥有云身份的用户重置密码:There are several tools for resetting passwords for users with cloud identities:

  • 管理员重置密码如果用户丢失或忘记了密码,则管理员可以在管理中心或使用 Windows PowerShell 重置用户密码。Admin resets password If users lose or forget their passwords, admins can reset users' passwords in the admin center or by using Windows PowerShell. 只有在知道自己现有密码的情况下,用户才能更改密码。Users can only change their own password if they know their existing password.

    对于企业计划,如果管理员丢失或忘记了密码,则具有全局管理员角色的不同管理员可以在 Microsoft 365 管理中心或使用 Windows PowerShell 重置管理员密码。For Enterprise plans, if administrators lose or forget their passwords, a different administrator with the Global Administrator role can reset administrators' passwords in the Microsoft 365 admin center or by using Windows PowerShell. 有关详细信息,请参阅重置管理员密码For more information, see Reset passwords for admins. 如果使用的是由世纪互联在中国运营的 Office 365,请参阅在由世纪互联运营的 Office 365 中更改或重置密码If you are working in Office 365 operated by 21Vianet in China, see Change or reset passwords in Office 365 operated by 21Vianet.

  • 用户在 web 上使用 Outlook 更改密码"Web 上的 Outlook 选项" 页包含 "更改密码" 超链接,可将用户重定向到 "更改密码" 页面。User changes passwords with Outlook on the web The Outlook on the web options page includes a Change password hyperlink, which redirects users to the Change Password page. 用户必须知道旧密码。The user must know their previous password. 有关详细信息,请参阅更改密码For more information, see Change password. 如果使用的是由世纪互联在中国运营的 Office 365,请参阅在由世纪互联运营的 Office 365 中更改或重置密码If you are using Office 365 operated by 21Vianet in China, see Change or reset passwords in Office 365 operated by 21Vianet.

  • 基于角色的重置密码权限对于企业版计划,可以通过使用预定义或自定义角色(而不是完全服务管理员)将 "重置密码" 用户权限和权限更改密码的权限分配给支持人员(如帮助人员)。Role-based reset password rights For Enterprise plans, authorized users such as helpdesk staff can be assigned the Reset Password user right and the right to change passwords by using predefined or custom roles without becoming full services administrators. 默认情况下,在企业版计划中,具有"全局管理员"、"密码管理员"或"用户管理管理员"角色的管理员可以更改密码。By default in Enterprise plans, admins with the Global Administrator, Password Administrator, or User Management Administrator role can change passwords. 有关详细信息,请参阅分配管理员角色For more information, see Assigning admin roles.

  • "使用 Windows PowerShell 重置密码" 服务管理员可以使用 Windows PowerShell 重置密码。Reset passwords using Windows PowerShell Service administrators can use Windows PowerShell to reset passwords.

联合身份密码管理:Federated identity password management:

当使用联合身份时,密码将在 Active Directory 中管理。When using federated identities, passwords are managed in Active Directory. 本地安全令牌服务将身份验证与联合网关协商,而不会通过 internet 将用户的本地 Active Directory 密码传递到 Office 365。The on-premises Security Token Service negotiates the authentication with Federation Gateway without passing users' local Active Directory passwords over the internet to Office 365. 使用本地密码策略,或针对 Web 客户端进行双因素身份验证。Local password policies are used, or, for web clients, two-factor identification. Web 上的 Outlook 不包含 "更改密码" 超链接。Outlook on the web does not include a Change Password hyperlink. 用户可以使用标准、内部部署工具或通过他们的桌面 PC 登录选项更改密码。Users change their passwords using standard, on-premises tools or through their desktop PC logon options.

如果你在组织环境中启用了单一登录(SSO)的目录同步,并且存在影响联合身份提供程序的中断,则联合登录的密码同步备份提供了手动将域切换到密码同步的选项。使用密码同步可在修复中断时允许用户访问。If you have Directory Sync with single sign-on (SSO) enabled in your organization environment and there is an outage that impacts your federated identity provider, Password Sync Backup for Federated Sign-in provides the option to manually switch your domain to Password Sync. Using Password Sync will allow your users access while the outage is fixed. 了解如何从单一登录切换到密码同步Learn how to switch from Single Sign-On to Password Sync.

许可证管理License management

许可证为用户提供了对一组 Microsoft 服务的访问权限。A license gives a user access to a set of Microsoft services. 对于需要访问权限的服务,管理员可以向每位用户分配许可证。An administrator assigns a license to each user for the service they need access to. 例如,您可以向用户分配 Skype for Business Online(而不是 SharePoint Online)的访问权限。For example, you can assign a user access to Skype for Business Online, but not SharePoint Online.

Microsoft 计费管理员可以对订阅详细信息进行更改,如用户许可证数和贵公司使用的其他服务数量。Microsoft billing admins can make changes to subscription details like the number of user licenses and number of additional services your company uses. 请查看分配或删除许可证Check out Assign or remove a license. 如果使用的是由世纪互联运营的 Office 365,请参阅在由世纪互联运营的 Office 365 中分配或删除许可证If you are using Office 365 operated by 21Vianet, see Assign or remove licenses in Office 365 operated by 21Vianet.

组管理Group management

在 SharePoint Online 中使用安全组以控制对站点的访问权限。Security groups are used in SharePoint Online to control access to sites. 可以在 Microsoft 365 管理中心中创建安全组。Security groups can be created in the Microsoft 365 admin center. 有关安全组的详细信息,请参阅创建、编辑或删除安全组For more information about security groups, see Create, edit, or delete a security group.

管理员角色Administrator roles

Office 365 企业版采用基于角色的访问控制 (RBAC) 模型:权限和功能由管理角色定义。Office 365 Enterprise follows a role-based access control (RBAC) model: permissions and capabilities are defined by management roles. 为其组织注册 Office 365 的用户自动成为全局管理员或顶级管理员。The person who signs up for Office 365 for his or her organization automatically becomes a global administrator, or top-level administrator. 有五种管理员角色:全局管理员、帐务管理员、密码管理员、服务管理员和用户管理管理员。There are five administrator roles: global administrator, billing administrator, password administrator, service administrator, and user management administrator. 若要详细了解 Office 365 企业版中的管理员角色(包括如何将这些角色应用于 Exchange Online、SharePoint Online 和 Skype for Business Online 管理),请参阅分配管理员角色For more information about administrator roles in Office 365 Enterprise, including how they apply to Exchange Online, SharePoint Online, and Skype for Business Online administration, see Assigning administrator roles. 如果您在中国使用由世纪互联运营的 Office 365,请参阅在 Office 365 for business 中分配管理员角色If you are using Office 365 operated by 21Vianet in China, see Assign admin roles in Office 365 for business.

合作伙伴的委派管理和支持Delegated administration and support for partners

可以授权合作伙伴代表客户管理帐户。Partners can be authorized to administer accounts on behalf of customers. 客户不需要合作伙伴使用的用户帐户,并且在授予委派管理权限时不会使用许可证。The customer does not require a user account for the partners use and does not consume a license when granting delegated administration authority. 合作伙伴可以向其组织内的用户分配完整或受限访问权限。Partners can assign full or limited access to users within their organization. 受限访问权限包括重置密码、管理服务请求和监视服务运行状况。Limited access includes rights to reset passwords, manage service requests, and monitor service health.

备注

将合作伙伴用作或指定为委派管理员的功能因地区而异。Ability to use and specify a partner as a delegated administrator varies by region.

Azure Active Directory 服务Azure Active Directory services

Azure Active Directory (AD) 将身份和访问管理综合功能引入 Office 365。不仅整合了目录服务、高级身份管理、应用程序访问管理,并为开发者提供了一个基于标准的丰富平台。若要详细了解 Office 365 中的 AD 功能,请参阅 Sign in page branding and cloud user self-service password reset(登录页品牌塑造和云用户自助服务密码重置)。详细了解 Free, Basic, and Premium editions of Azure Active Directory(Azure Active Directory 免费版、基本版和高级版)。Azure Active Directory (AD) brings comprehensive identity and access management capabilities to Office 365. It combines directory services, advanced identity governance, application access management and a rich standards-based platform for developers. To learn more about AD features in Office 365, see Sign in page branding and cloud user self-service password reset. Learn more about the Free, Basic, and Premium editions of Azure Active Directory.

功能可用性Feature availability

若要查看跨计划、独立选项和本地解决方案的功能可用性,请参阅Microsoft 365 And Office 365 platform service descriptionTo view feature availability across plans, standalone options, and on-premises solutions, see Microsoft 365 and Office 365 platform service description.