SharePoint 和 OneDrive 与 Azure AD B2B 的集成SharePoint and OneDrive integration with Azure AD B2B

本文介绍了如何启用 Microsoft SharePoint 和 Microsoft OneDrive 与 Azure AD B2B 兼容。This article describes how to enable Microsoft SharePoint and Microsoft OneDrive integration with Azure AD B2B.

Azure AD B2B 提供对来宾的身份验证和管理。Azure AD B2B provides authentication and management of guests. 当他们还没有工作或学校帐户或 Microsoft 帐户时,通过一次性密码进行身份验证。Authentication happens via one-time passcode when they don't already have a work or school account or a Microsoft account.

通过启用 SharePoint 和 OneDrive 与 Azure B2B 邀请管理器的集成,Azure B2B 邀请管理器可用于对文件、文件夹、列表项、文档库和网站的外部用户共享。With SharePoint and OneDrive integration with Azure B2B Invitation Manager enabled, Azure B2B Invitation Manager can be used for external user sharing of files, folders, list items, document libraries and sites. 此功能通过现有的安全的外部共享收件人体验提供升级的体验。This feature provides an upgraded experience from the existing secure external sharing recipient experience. 此外,Azure B2B 邀请管理器的一步密码功能允许现有工作或学校帐户或 Microsoft 帐户的用户无需为进行身份验证而创建帐户,但可使用一次密码验证其身份。Additionally, Azure B2B Invitation Manager one-time passcode feature allows users who do not have existing Work or School accounts or Microsoft Accounts to not have to create accounts in order to authenticate, but can instead use the one time passcode to verify their identity.

启用此集成不会更改共享设置。Enabling this integration does not change your sharing settings. 例如,如果你有已关闭外部共享的网站集,则这些网站集将保持不变。For example, if you have site collections where external sharing is turned off, it will remain off.

启用集成后,你和用户就不需要重新共享或对以前共享的来宾执行手动迁移。Once the integration is enabled you and your users do not have to reshare or do any manual migration for guests previously shared with. 相反,当组织外部的用户点击启用 Azure AD B2B 集成之前创建的链接时,SharePoint 将自动创建一个 B2B 来宾帐户。Instead, when someone outside your organization clicks on a link that was created before Azure AD B2B integration was enabled, SharePoint will automatically create a B2B guest account. 这个访客账户是代表最初创建分享链接的用户而创建的。This guest account is created on behalf of the user who originally created the sharing link. (如果创建链接的用户已经不在组织中,或者不再有共享的权限,来宾将不会被添加到该目录中,并需要重新共享文件)。(If the user who created the link is no longer in the organization or no longer has permission to share, the guest will not be added to the directory and the file will need to be reshared.)

当前默认不启用 SharePoint 和 OneDrive 与 Azure AD B2B 一次密码功能集成。SharePoint and OneDrive integration with the Azure AD B2B one-time passcode feature is currently not enabled by default. 稍后,此功能将取代目前 OneDrive 和 SharePoint 中使用的临时外部共享体验。Later, this feature will replace the ad-hoc external sharing experience used in OneDrive and SharePoint today.

Azure AD B2B 的优势包括:Advantages of Azure AD B2B include:

  • 每个受邀的组织外部的用户都在目录中获得一个帐户,并受 Azure AD 访问策略(如多重身份验证)的限制。Invited people outside your organization are each given an account in the directory and are subject to Azure AD access policies such as multi-factor authentication.
  • SharePoint 网站邀请将使用 Azure AD B2B,不再需要用户拥有或创建 Microsoft 帐户。Invitations to a SharePoint site use Azure AD B2B and no longer require users to have or create a Microsoft account.
  • 如果你在 Azure AD 中配置了 Google 联合身份验证,则联合用户现在可以访问你与其共享的 SharePoint 和 OneDrive 资源。If you have configured Google federation in Azure AD, federated users can now access SharePoint and OneDrive resources that you have shared with them.
  • SharePoint 和 OneDrive 共享受 Azure AD 组织关系设置(例如“成员可邀请”和“来宾可邀请”)的限制。SharePoint and OneDrive sharing is subject to the Azure AD organizational relationships settings, such as Members can invite and Guests can invite.

以下 Microsoft 365 服务不支持此集成:This integration is not supported in the following Microsoft 365 services:

  • Office 365 德国Office 365 Germany
  • 由世纪互联运营的 Office 365Office 365 operated by 21Vianet
  • GCC High 和 DoDGCC High and DoD

启用集成Enabling the integration

此集成要求组织也 Azure AD 电子邮件一次密码身份验证This integration requires that your organization also enable Azure AD email one-time passcode authentication.

备注

启用集成后,从 SharePoint 共享时,组织外部人员可通过 Azure B2B 平台受邀。When the integration is enabled, people outside the organization will be invited via the Azure B2B platform when sharing from SharePoint. 如果启用了 Azure B2B 一次密码选项,没有密码备份帐户的收件人可以通过使用一次密码的 Azure AD 获得登录体验。If the Azure B2B One Time Passcode option is enabled, recipients that do not have password-backed accounts will get a sign-in experience through Azure AD that uses One Time Passcodes. 否则,用户可通过自己的 Azure AD 帐户或 MSA 帐户进行身份验证。Otherwise, they will authenticate via their own Azure AD account or via an MSA account. 未启用集成时,组织外部人员将继续使用以前邀请到租户时创建的现有帐户。When the integration is not enabled, people outside the organizaton will continue to use their existing accounts created when previously invited to the tenant. 与组织外部的新人员共享可能会导致 Azure AD 支持的帐户或仅 SharePoint 电子邮件身份验证来宾使用 SharePoint 一次密码体验登录。Any sharing to new people outside the organizaton may result in either Azure AD-backed accounts or SharePoint-only email auth guests that use a SharePoint One Time Passcode experience to sign in.

启用 Azure AD 密码身份验证To enable Azure AD passcode authentication

  1. 以 Azure AD 全局管理员身份登录到 Azure 门户Sign in to the Azure portal as an Azure AD global admin.
  2. 在导航窗格中,选择“Azure Active Directory”。In the nav pane, select Azure Active Directory.
  3. 在“管理”下,单击“外部标识”。Under Manage, click External identities.
  4. 单击“外部协作设置”。Click External collaboration settings.
  5. 在“适用于来宾的电子邮件一次性密码”下,选择“为来宾启用电子邮件一次性密码立即生效”。Under Email one-time passcode for guests, choose Enable email one-time passcode for guests effective now.
  6. 选择“保存”。Select Save.

启用 SharePoint 和 OneDrive 与 Azure AD B2B 的集成To enable SharePoint and OneDrive integration with Azure AD B2B

  1. 下载最新的SharePoint在线管理壳Download the latest SharePoint Online Management Shell.

    备注

    如果你已安装早期版本的SharePoint Online Management Shell,请进入添加或删除程序并卸载 "SharePoint Online Management Shell"。If you installed a previous version of the SharePoint Online Management Shell, go to Add or remove programs and uninstall "SharePoint Online Management Shell."
    在 "下载中心" 页面上,选择你的语言,然后单击 "下载" 按钮。On the Download Center page, select your language and then click the Download button. 系统会要求你下载 x64 和 x86 .msi 文件之间做出选择。You'll be asked to choose between downloading a x64 and x86 .msi file. 如果你运行的是64位版本的Windows,请下载x64文件,如果你运行的是32位版本,请下载x86文件。Download the x64 file if you're running the 64-bit version of Windows or the x86 file if you're running the 32-bit version. 如果你不知道,请参阅我运行的是哪个版本的 Windows 操作系统?If you don't know, see Which version of Windows operating system am I running?. 下载文件后,运行该文件并按照安装向导中的步骤进行操作。After the file downloads, run it and follow the steps in the Setup Wizard.

  2. 在Microsoft 365中,以全局管理员或SharePoint管理员连接到SharePoint。Connect to SharePoint as a global admin or SharePoint admin in Microsoft 365. 若要了解具体操作步骤,请参阅 SharePoint 在线管理壳入门To learn how, see Getting started with SharePoint Online Management Shell.

  3. 运行以下 cmdlet:Run the following cmdlets:

    Set-SPOTenant -EnableAzureADB2BIntegration $true
    Set-SPOTenant -SyncAadB2BManagementPolicy $true
    

禁用集成Disabling the integration

可通过运行 <a0/ Set-SPOTenant -EnableAzureADB2BIntegration $falseYou can disable the integration by running Set-SPOTenant -EnableAzureADB2BIntegration $false. 启用集成时外部共享的内容需要与这些人员再次共享。Content that was shared externally while the integration was enabled will need to be shared again with those people.

另请参阅See also

Set-SPOTenantSet-SPOTenant

外部共享概述External sharing overview