外部共享概述External sharing overview

利用 Microsoft SharePoint 的外部共享功能,组织中的用户可以与组织外部的人员(例如合作伙伴、供应商、客户或用户)共享内容。The external sharing features of Microsoft SharePoint let users in your organization share content with people outside the organization (such as partners, vendors, clients, or customers). 如果组织有多个订阅,还可以使用外部共享在多个 Microsoft 365 订阅上的许可用户之间共享。You can also use external sharing to share between licensed users on multiple Microsoft 365 subscriptions if your organization has more than one subscription. 外部共享规划应作为 Microsoft 365 中的 SharePoint 的整体权限规划的一部分包含在内。Planning for external sharing should be included as part of your overall permissions planning for SharePoint in Microsoft 365. 本文介绍了用户共享时的情况,具体取决于他们共享的内容以及与谁共享。This article describes what happens when users share, depending on what they're sharing and with whom.

如果你想要直接设置共享,请选择要启用的方案:If you want to get straight to setting up sharing, choose the scenario you want to enable:

(如果要尝试共享文件或文件夹,请参阅共享 OneDrive 文件和文件夹在 Microsoft 365 中共享 SharePoint 文件或文件夹。)(If you're trying to share a file or folder, see Share OneDrive files and folders or Share SharePoint files or folders in Microsoft 365.)

备注

默认情况下,为整个 SharePoint Online 环境及其中的网站启用外部共享。External sharing is turned on by default for your entire SharePoint environment and the sites in it. 你可能希望在用户开始使用网站之前,或在你确切知道希望如何使用外部共享之后全局禁用外部共享You may want to turn it off globally before people start using sites or until you know exactly how you want to use the feature.

外部共享设置的工作原理How the external sharing settings work

SharePoint Online 在组织级别和网站级别(以前称为“网站集”级别)具有外部共享设置。SharePoint has external sharing settings at both the organization level and the site level (previously called the "site collection" level). 若要允许在任何网站上进行外部共享,必须在组织级别允许共享。To allow external sharing on any site, you must allow it at the organization level. 然后,可以限制其他网站的外部共享。You can then restrict external sharing for other sites. 如果网站的外部共享选项与组织级别共享选项不匹配,则将始终应用限制性最高的值。If a site's external sharing option and the organization-level sharing option don't match, the most restrictive value will always be applied.

无论在组织级别或网站级别选择哪个选项,更具限制性的功能仍适用。Whichever option you choose at the organization or site level, the more restrictive functionality is still available. 例如,如果选择允许使用“任何人”链接(以前称为“可共享”链接或“匿名访问”链接)进行未经身份验证共享,则用户仍可与登录的来宾以及内部用户共享。For example, if you choose to allow unauthenticated sharing using "Anyone" links (previously called "shareable" links or "anonymous access" links), users can still share with guests, who sign in, and with internal users.

重要

即使你的组织级别设置允许外部共享,默认情况下也不是所有新网站都允许外部共享。Even if your organization-level setting allows external sharing, not all new sites allow it by default. Microsoft 365 与组连接的团队网站的默认共享设置为“新来宾和现有来宾”。The default sharing setting for Microsoft 365 group-connected team sites is "New and existing guests." 通信网站和经典网站的默认设置为“仅限你组织中的人员”。The default for communication sites and classic sites is "Only people in your organization."

安全和隐私Security and privacy

如果具有绝不能外部共享的机密信息,我们建议将该信息存储在已禁用外部共享的网站中。If you have confidential information that should never be shared externally, we recommend storing the information in a site that has external sharing turned off. 请根据需要创建其他网站,以便用于外部共享。Create additional sites as needed to use for external sharing. 这有助于你通过阻止对敏感信息的外部访问来管理安全性风险。This helps you to manage security risk by preventing external access to sensitive information.

备注

若要限制网站上内容的 内部 共享,可以阻止网站成员共享,并启用访问请求。To limit internal sharing of contents on a site, you can prevent site members from sharing, and enable access requests. 有关信息,请参阅设置和管理访问请求For info, see Set up and manage access requests.

当用户与多个来宾共享文件夹时,来宾将能够在“管理访问权限”面板中查看该文件夹(以及其中的任何项目)的彼此名称。When users share a folder with multiple guests, the guests will be able to see each other's names in the Manage Access panel for the folder (and any items within it).

共享 Microsoft 365 与组连接的团队网站Sharing Microsoft 365 group-connected team sites

当你或你的用户使用 Microsoft 365 组(例如在 Outlook 中,或通过在 Microsoft Teams 中创建团队)时,将会创建 SharePoint 团队网站。When you or your users create Microsoft 365 groups (for example in Outlook, or by creating a team in Microsoft Teams), a SharePoint team site is created. 管理员和用户也可以在 SharePoint 中创建团队网站,这将创建 Microsoft 365 组。Admins and users can also create team sites in SharePoint, which creates a Microsoft 365 group. 对于与组连接的团队网站,组所有者将添加为网站所有者,组成员将添加为网站成员。For group-connected team sites, the group owners are added as site owners, and the group members are added as site members. 大多数情况下,你希望通过将人员添加至 Microsoft 365 组来共享这些网站。In most cases, you'll want to share these sites by adding people to the Microsoft 365 group. 但是,你却只能共享此网站。However, you can share only the site.

重要

所有组成员均必须具有访问此团队网站的权限,这一点非常重要。It's important that all group members have permission to access the team site. 如果删除组的权限,则许多协作任务(例如在 Teams 聊天中共享文件)将无法工作。If you remove the group's permission, many collaboration tasks (such as sharing files in Teams chats) won't work. 如果希望来宾访问此网站,则只将来宾添加到组。Only add guests to the group if you want them to be able to access the site. 有关 Microsoft 365 组的来宾访问权限的信息,请参阅在组中管理来宾访问权限For info about guest access to Microsoft 365 groups, see Manage guest access in Groups.

用户共享时的情况What happens when users share

当用户与组织外部人员共享时,系统以电子邮件形式向该人员发送邀请,其中包含指向共享项目的链接。When users share with people outside the organization, an invitation is sent to the person in email, which contains a link to the shared item.

电子邮件形式的共享邀请

登录的收件人Recipients who sign in

当用户共享 网站 时,系统将提示收件人使用以下帐户登录:When users share sites , recipients will be prompted to sign in with:

  • Microsoft 帐户A Microsoft account
  • 来自其他组织的 Azure AD 中的工作或学校帐户A work or school account in Azure AD from another organization

登录屏幕

当用户共享 文件和文件夹 时,如果收件人具有以下帐户,则也会收到登录提示:When users share files and folders , recipients will also be prompted to sign in if they have:

  • Microsoft 帐户A Microsoft account

这些收件人通常会作为来宾添加到你的目录中,另外,这些来宾具有与内部用户相同的权限和组。These recipients will typically be added to your directory as guests, and then permissions and groups work the same for these guests as they do for internal users. (要确保所有来宾均添加到你的目录,请使用与 Azure AD B2B 预览版的 SharePoint 和 OneDrive 集成。)(To ensure that all guests are added to your directory, use the SharePoint and OneDrive integration with Azure AD B2B preview.)

由于来宾没有组织中的许可证,他们只能执行基本协作任务:Because these guests do not have a license in your organization, they are limited to basic collaboration tasks:

  • 他们可以使用 Office.com 查看和编辑文档。They can use Office.com for viewing and editing documents. 如果你的计划包含 Office Professional Plus,除非你为来宾分配许可证,否则他们无法在自己的计算机上安装桌面版 Office。If your plan includes Office Professional Plus, they can't install the desktop version of Office on their own computers unless you assign them a license.

  • 他们可以根据已获得的权限级别在网站上执行任务。They can perform tasks on a site based on the permission level that they've been given. 例如,如果添加某个来宾作为网站成员,他们将具有“编辑”权限,可添加、编辑和删除列表,也可查看、添加、更新和删除列表项及文档。For example, if you add a guest as a site member, they will have Edit permissions and they will be able to add, edit and delete lists; they will also be able to view, add, update and delete list items and files.

  • 他们将能够在网站上查看其他类型的内容,具体取决于他们获得的权限。They will be able to see other types of content on sites, depending on the permissions they've been given. 例如,他们可以导航到共享网站中的其他子网站。For example, they can navigate to different subsites within a shared site. 他们还将能够执行查看网站源之类的操作。They will also be able to do things like view site feeds.

如果经过身份验证的来宾需要更强大的功能(例如 OneDrive 存储或创建 Power Automate 流),则必须向其分配适当的许可证。If your authenticated guests need greater capability such as OneDrive storage or creating a Power Automate flow, you must assign them an appropriate license. 为此,请以全局管理员的身份登录 Microsoft 365 管理中心,确保预览版已关闭,再转到“ 活动用户 ”页面,选择来宾,然后依次单击“ 更多 ”和“ 编辑产品许可证 ”。To do this, sign in to the Microsoft 365 admin center as a global admin, make sure the Preview is off, go to the Active users page, select the guest, click More , and then click Edit product licenses.

提供验证码的收件人Recipients who provide a verification code

当用户共享文件或文件夹时,如果收件人具有以下帐户,系统会要求他们输入验证码:When users share files or folders, recipients will be asked to enter a verification code if they have:

  • 来自其他组织的 Azure AD 中的工作或学校帐户A work or school account in Azure AD from another organization
  • Azure AD 中非 Microsoft 帐户或工作或学校帐户的电子邮件地址An email address that isn't a Microsoft account or a work or school account in Azure AD

输入验证码屏幕

如果收件人拥有工作或学校帐户,他们只需要在第一次输入验证码。If the recipient has a work or school account, they only need to enter the code the first time. 然后,他们将被添加为来宾,并可以使用其组织的用户名和密码登录。Then they will be added as a guest and can sign in with their organization's user name and password.

如果收件人没有工作或学校帐户,则在每次访问文件或文件夹时,都需要使用验证码,并且系统不会将他们添加到你的目录中。If the recipient doesn't have a work or school account, they need to use a code each time they access the file or folder, and they are not added to your directory.

备注

除非用户在 Azure AD 中拥有 Microsoft 帐户或工作或学校帐户,否则无法与其共享网站。Sites can't be shared with people unless they have a Microsoft account or a work or school account in Azure AD.

不需要进行身份验证的收件人Recipients who don't need to authenticate

拥有链接的任何人(组织内部或外部)都可以访问文件和文件夹,而无需登录或提供验证码。Anyone with the link (inside or outside your organization) can access files and folders without having to sign in or provide a code. 这些链接可以不受限制地进行传递,并且在被删除或过期(如果设置了过期日期)之前一直有效。These links can be freely passed around and are valid until the link is deleted or expires (if you've set an expiration date). 无法验证使用这些链接的用户的身份,但是当用户访问或编辑共享内容时,他们的 IP 地址会被记录在审核日志中。You cannot verify the identity of the people using these links, but their IP address is recorded in audit logs when they access or edit shared content.

使用“任何人”链接共享文件夹

通过“任何人”链接访问文件和文件夹的用户不会被添加到你的组织目录中,也无法为其分配许可证。People who access files and folders through "Anyone" links aren't added to your organization's directory, and you can't assign them licenses. 他们也不能使用“任何人”链接访问网站。They also can't access sites using an "Anyone" link. 他们只能查看或编辑自己具有“任何人”链接的特定文件或文件夹。They can only view or edit the specific file or folder for which they have an "Anyone" link.

停止共享Stopping sharing

可以删除来宾对共享项目的相应权限,或者从他们作为来宾所属的目录中删除他们,通过这些方式停止与来宾共享。You can stop sharing with guests by removing their permissions from the shared item, or by removing them as a guest in your directory.

可以通过转到共享的文件或文件夹并删除链接,停止与拥有“任何人”链接的用户共享。You can stop sharing with people who have an "Anyone" link by going to the file or folder that you shared and deleting the link.

了解如何停止共享项目Learn how to stop sharing an item

需要更多帮助吗?Need more help?

提出问题 如果您有关于本主题的技术问题,您可能会发现将其发布到SharePoint 讨论论坛非常有用。 Ask a question If you have technical questions about this topic, you may find it helpful to post them on the SharePoint discussion forum. 这是一个很好的资源,用于查找已处理类似问题的其他用户或遇到相同情况的用户。It's a great resource for finding others who have worked with similar issues or who have encountered the same situation.

你还可以在这些来自 SharePoint 社区专家的 YouTube 视频中找到关于安全和权限的帮助。You can also find help on security and permissions in these YouTube videos from SharePoint community experts.

另请参阅See also

Microsoft 如何管理和实现与 SharePoint 之间的外部共享和协作 (Microsoft Ignite)How Microsoft manages and enables external sharing and collaboration with SharePoint (Microsoft Ignite)

指导来宾完成外部共享体验Coaching your guests through the external sharing experience

设置和管理访问请求Set up and manage access requests

搜索外部共享的网站内容Searching for site content shared externally

配置具有三层保护的 TeamsConfigure Teams with three tiers of protection

创建安全的来宾共享环境Create a secure guest sharing environment

Microsoft 365 组、Teams 和 SharePoint 之间的设置交互Settings interactions between Microsoft 365 Groups, Teams and SharePoint