限制 SharePoint 和 OneDrive 内容的共享(按域)Restrict sharing of SharePoint and OneDrive content by domain

如果要限制与其他组织(在组织级别或站点级别)的共享,可以按域限制共享。If you want to restrict sharing with other organizations (either at the organization level or site level), you can limit sharing by domain.

限制域Limiting domains

您可以通过仅允许您指定的域或允许除阻止的域之外的所有域来限制域。You can limit domains by allowing only the domains you specify or by allowing all domains except those you block.

限制组织级别的域To limit domains at the organization level

  1. 转到SharePoint 管理中心的 "共享" 页,并使用对组织具有管理员权限的帐户进行登录。Go to the Sharing page of the SharePoint admin center, and sign in with an account that has admin permissions for your organization.

    备注

    如果使用的是 Office 365 Germany,请登录 Microsoft 365 管理中心,然后浏览到 SharePoint 管理中心并打开“共享”页面。 If you have Office 365 Germany, sign in to the Microsoft 365 admin center, then browse to the SharePoint admin center and open the Sharing page.
    如果使用的是由世纪互联(中国)运营的 Office 365,请登录 Microsoft 365 管理中心,然后浏览到 SharePoint 管理中心并打开“共享”页面。If you have Office 365 operated by 21Vianet (China), sign in to the Microsoft 365 admin center, then browse to the SharePoint admin center and open the Sharing page.

  2. 在 "外部共享的高级设置" 下,选中 "按域限制外部共享" 复选框,然后选择 "添加域"。Under Advanced settings for external sharing, select the Limit external sharing by domain check box, and then select Add domains.

  3. 若要创建允许列表(最受限制),请选择 "仅允许特定域";若要仅阻止指定的域,请选择 "阻止特定域"。To create an allow list (most restrictive), select Allow only specific domains; to block only the domains you specify, select Block specific domains.

  4. 使用 domain.com 格式列出提供的框中的域(最多为3000) List the domains (maximum of 3000) in the box provided, using the format domain.com. 如果列出多个域,请在新行中输入每个域。If listing more than one domain, enter each domain on a new line.

    备注

    域条目不支持通配符。Wildcards are not supported for domain entries.

  5. 选择“保存”。Select Save.

您还可以使用Set-spotenant PowerShell cmdlet 配置组织范围内的设置。You can also configure the organization-wide setting by using the Set-SPOTenant PowerShell cmdlet.

您还可以在网站集级别限制域。You can also limit domains at the site collection level. 请注意以下事项:Note the following considerations:

  • 在发生冲突的情况下,组织范围内的配置将优先于网站集配置。In the case of conflicts, the organization-wide configuration takes precedence over the site collection configuration.

  • 如果配置了组织范围的允许列表,则只能在网站集级别配置允许列表。If an organization-wide allow list is configured, then you can only configure an allow list at the site collection level. 网站集允许列表必须是组织允许列表的子集。The site collection allow list must be a subset of the organization's allow list.

  • 如果配置了组织范围的拒绝列表,则可以在网站集级别配置允许列表或拒绝列表。If an organization-wide deny list is configured, then you can configure either an allow list or a deny list at the site collection level.

  • 对于单个 OneDrive 网站集,只能使用Get-sposite Windows PowerShell cmdlet 配置此设置。For individual OneDrive site collections, you can only configure this setting by using the Set-SPOSite Windows PowerShell cmdlet.

限制网站的域To limit domains for a site

  1. 转到新 SharePoint 管理中心中的 "活动网站" 页,并使用对组织具有管理员权限的帐户进行登录。Go to the Active sites page in the new SharePoint admin center, and sign in with an account that has admin permissions for your organization.

    备注

    如果使用的是 Office 365 Germany,请登录 Microsoft 365 管理中心,然后浏览到 SharePoint 管理中心并打开“更多功能”页面。 If you have Office 365 Germany, sign in to the Microsoft 365 admin center, then browse to the SharePoint admin center and open the More features page.
    如果使用的是由世纪互联(中国)运营的 Office 365,请登录 Microsoft 365 管理中心,然后浏览到 SharePoint 管理中心并打开“更多功能”页面。If you have Office 365 operated by 21Vianet (China), sign in to the Microsoft 365 admin center, then browse to the SharePoint admin center and open the More features page.

  2. 选择要限制其域所在的站点。Select the site that you want to restrict domains on.

  3. 在 "策略" 选项卡上的 "外部共享" 下,选择 "编辑"。On the Policies tab, under External sharing, select Edit.

  4. 在 "外部共享的高级设置" 下,选中 "按域限制外部共享" 复选框,然后选择 "添加域"。Under Advanced settings for external sharing, select the Limit external sharing by domain check box, and then select Add domains.

  5. 选择 "仅允许特定域创建允许列表(最受限制)" 或 "仅阻止指定的域",选择 "阻止特定域"。Select Allow only specific domains to create an allow list (most restrictive), or to block only the domains you specify, select Block specific domains.

  6. 使用 domain.com 格式列出提供的框中的域(最多为100) List the domains (maximum of 100) in the box provided, using the format domain.com. 如果列出多个域,请在新行中输入每个域。If listing more than one domain, enter each domain on a new line.

    备注

    域条目不支持通配符。Wildcards are not supported for domain entries.

  7. 选择 "保存",然后再次选择 "保存"。Select Save, and then select Save again.

    备注

    若要为未在此列表中显示的网站集(如组连接的网站或单个 OneDrive 网站集)配置网站集设置,必须使用Get-sposite PowerShell cmdlet。To configure the site collection setting for site collections that do not appear in this list (such as Group-connected sites or individual OneDrive site collections), you must use the Set-SPOSite PowerShell cmdlet.

共享体验Sharing experience

在按域限制共享之后,您将在共享文档时看到以下内容:After you limit sharing by domain, here's what you'll see when you share a document:

  • 与不允许的电子邮件域共享内容。Sharing content with email domains that are not allowed. 如果尝试与不允许其电子邮件地址域的来宾共享内容,则将显示一条错误消息,并且不允许共享。If you attempt to share content with a guest whose email address domain isn't allowed, an error message will display and sharing will not be allowed.

    (如果用户已在您的目录中,则不会看到此错误,但如果他们尝试访问网站,则会被阻止。)(If the user is already in your directory, you won't see the error, but they will be blocked if they attempt to access the site.)

    与阻止的用户共享时共享错误消息的屏幕截图。

  • 在不允许的域中与来宾共享 OneDrive 文件。Sharing OneDrive files with guests on domains that aren't allowed. 如果用户尝试与不允许其电子邮件域的来宾共享 OneDrive 文件,则将显示一条错误消息,并且不允许共享。If a users tries to share a OneDrive file with a guest whose email domain isn't allowed, an error message will display and sharing will not be allowed.

    共享包含阻止用户的 OneDrive 文件时出现错误消息的屏幕截图。

  • 与允许的电子邮件域共享内容。Sharing content with email domains that are allowed. 用户将能够与来宾成功共享内容。Users will be able to successfully share the content with the guest. 将显示一个工具提示,让他们知道来宾在其组织之外。A tooltip will appear to let them know that the guest is outside of their organization.

    与受限制的用户成功共享内容的屏幕截图。

用户审核和生命周期管理User auditing and lifecycle management

与任何 extranet 共享方案一样,考虑来宾用户的生命周期、如何审核其活动以及最终如何存档网站,这一点非常重要。As with any extranet sharing scenario it's important to consider the lifecycle of your guest users, how to audit their activity, and eventually how to archive the site. 有关详细信息,请参阅规划 SharePoint 企业到企业(B2B) extranet 网站See Planning SharePoint business-to-business (B2B) extranet sites for more information.

另请参阅See also

外部共享概述External sharing overview

适用于 Microsoft 365 的合作伙伴的 ExtranetExtranet for Partners with Microsoft 365

Set-SPOTenantSet-SPOTenant