在 Microsoft Teams 中將原則指派給使用者Assign policies to your users in Microsoft Teams

身為系統管理員,您可以使用原則來控制貴組織中的使用者可以使用的小組功能。As an admin, you use policies to control the Teams features that are available to users in your organization. 例如,有一些通話原則、會議原則和訊息原則,只會為您命名。For example, there are calling policies, meeting policies, and messaging policies, to name just a few.

組織擁有不同類型的使用者,而且您可以建立並指派您所建立及指派的規則,讓您根據這些需求,將原則設定量身定制給不同的使用者組。Organizations have different types of users with unique needs and custom policies that you create and assign let you tailor policy settings to different sets of users based on those needs.

為了讓您更容易管理貴組織中的原則,小組提供了幾種指派原則給使用者的方法。To make it easier to manage policies in your organization, Teams offers several ways to assign policies to users. 您可以將原則直接指派給使用者、個別或在批次作業中縮放,或指派給使用者是其成員的群組。You can assign a policy directly to users, either individually or at scale through a batch assignment, or to a group that the users are members of. 您也可以使用 [原則套件],將預設的原則集合指派給組織中擁有相似角色的使用者。You can also use policy packages to assign a preset collection of policies to users in your organization who have similar roles. 您選擇的選項取決於您所管理的原則數量,以及您要指派的使用者數目。The option that you choose depends on the number of policies that you're managing and the number of users that you're assigning to. 透過設定全域 (組織範圍的預設) 原則,使其套用到貴組織中的最大使用者數,您只需將原則指派給需要特殊原則的使用者。By setting the global (Org-wide default) policies so that they apply to the largest number of users in your organization, you only have to assign policies to those users that require specialized policies.

本文說明您可以將原則指派給使用者的不同方式,以及使用方式的建議案例。This article describes the different ways that you can assign policies to users and the recommended scenarios for when to use what.

優先使用哪種原則?Which policy takes precedence?

使用者針對每種原則類型都有一個有效原則。A user has one effective policy for each policy type. 您可能也有可能是使用者直接指派了原則,也是指派了相同類型之原則之一或多個群組的成員。It's possible or even likely that a user is directly assigned a policy and is also a member of one or more groups that's assigned a policy of the same type. 在這種情況下,哪個原則優先?In these kinds of scenarios, which policy takes precedence? 根據優先順序規則來決定使用者的有效原則,如下所示。A user's effective policy is determined according to rules of precedence, as follows.

如果使用者直接指派原則 (或透過批次指派) ,該原則會優先取得優先順序。If a user is directly assigned a policy (either individually or through a batch assignment), that policy takes precedence. 在下列範例中,使用者的有效原則是 Lincoln 方形會議原則,可直接指派給使用者。In the following example, the user's effective policy is the Lincoln Square meeting policy, which is directly assigned to the user.

顯示直接指派的原則優先的圖表

如果使用者未直接指派指定類型的原則,則指派給該使用者所屬群組的原則優先。If a user isn't directly assigned a policy of a given type, the policy assigned to a group that the user is a member of takes precedence. 如果使用者是多個群組的成員,則具有指定原則類型之最高 群組指派排名 的原則優先。If a user is a member of multiple groups, the policy that has the highest group assignment ranking for the given policy type takes precedence.

在這個範例中,使用者的有效原則是 Exec 小組和 HD 原則,其指派優先順序最高為與使用者所屬的其他群組相關,而且也指派有相同原則類型的原則。In this example, the user's effective policy is the Exec Teams and HD policy, which has the highest assignment ranking relative to other groups that the user is a member of and that are also assigned a policy of the same policy type.

圖表顯示如何從群組繼承原則優先

如果使用者不是直接指派原則,或是不是指派策略的任何群組的成員,使用者就會取得該原則類型的全域 (組織範圍預設) 原則。If a user isn't directly assigned a policy or isn't a member of any groups that are assigned a policy, the user gets the global (Org-wide default) policy for that policy type. 以下是範例。Here's an example.

圖表顯示全域原則優先的方式

若要深入瞭解,請參閱 優先順序規則To learn more, see Precedence rules.

指派原則的方法Ways to assign policies

以下是您可以將原則指派給使用者的方式,以及每個方案的建議案例的概覽。Here's an overview of the ways that you can assign policies to users and the recommended scenarios for each. 按一下連結以深入瞭解。Click the links to learn more.

在將原則指派給個別的使用者或群組之前,請先 設定全域 (組織範圍的預設) 原則 ,讓其套用到貴組織中的最大使用者數。Before assigning policies to individual users or groups, start by setting the global (Org-wide default) policies so that they apply to the largest number of users in your organization. 全域原則設定之後,您只需將原則指派給需要特殊原則的使用者。Once the global policies are set, you will only need to assign policies to those users that require specialized policies.

請這麼做Do this If .。。If... 使用 .。。Using...
指派原則給個別使用者Assign a policy to individual users 您是團隊新手,剛開始使用,或只需要指派一或幾個原則給少數使用者。You're new to Teams and just getting started or you only need to assign one or a couple of policies to a small number of users. 商務用 Skype Online PowerShell 模組中的 Microsoft 團隊管理員中心或 PowerShell CmdletThe Microsoft Teams admin center or PowerShell cmdlets in the Skype for Business Online PowerShell module
指派原則給群組Assign a policy to a group 您必須根據使用者的群組成員資格指派原則。You need to assign policies based on a user's group membership. 例如,您想要將原則指派給安全性群組或通訊群組清單中的所有使用者。For example, you want to assign a policy to all users in a security group or distribution list. 團隊 PowerShell 模組中的 Microsoft 團隊系統管理中心或 PowerShell CmdletThe Microsoft Teams admin center or PowerShell cmdlets in the Teams PowerShell module
指派原則給一批使用者Assign a policy to a batch of users 您必須將原則指派給大型使用者組。You need to assign policies to large sets of users. 例如,您想要一次將原則指派給組織中的成百上千位使用者。For example, you want to assign a policy to hundreds or thousands of users in your organization at a time. 團隊 PowerShell 模組中的 Microsoft 團隊系統管理中心或 PowerShell CmdletThe Microsoft Teams admin center or PowerShell cmdlets in the Teams PowerShell module
指派原則套件給使用者Assign a policy package to users 您需要將多個原則指派給貴組織中擁有相同或相似角色的特定使用者組。You need to assign multiple policies to specific sets of users in your organization who have the same or similar roles. 例如,將「教育 (教師」) 原則套件指派給學校中的教師,讓他們能完全存取聊天、通話及會議,以及教育 (次要學生) 原則套件,以限制私人電話等特定功能。For example, assign the Education (Teacher) policy package to teachers in your school to give them full access to chats, calling, and meetings and the Education (Secondary school student) policy package to secondary students to limit certain capabilities like private calling. 團隊 PowerShell 模組中的 Microsoft 團隊系統管理中心或 PowerShell CmdletThe Microsoft Teams admin center or PowerShell cmdlets in the Teams PowerShell module
將原則套件指派給 私人預覽中的群組 () Assign a policy package to a group (in private preview) 您需要將多個原則指派給組織中擁有相同或相似角色的使用者群組。You need to assign multiple policies to a group of users in your organization who have the same or similar roles. 例如,您想要將原則套件指派給安全性群組或通訊群組清單中的所有使用者。For example, you want to assign a policy package to all users in a security group or distribution list. 在團隊 PowerShell 模組中,Microsoft 團隊管理中心 (即將推出) 或 PowerShell CmdletThe Microsoft Teams admin center (coming soon) or PowerShell cmdlets in the Teams PowerShell module
指派原則套件給一批使用者Assign a policy package to a batch of users 您需要將多個原則指派給組織中擁有相同或相似角色的使用者。You need to assign multiple policies to a batch of users in your organization who have the same or similar roles. 例如,將「教育 (老師」) 原則套件指派給學校中的所有教師,方法是使用批次作業,為他們提供對聊天、通話和會議的完整存取權,並將教育版 ([次要學校學生]) 原則套件指派給次要學生,以限制私人通話之類的特定功能。For example, assign the Education (Teacher) policy package to all teachers in your school using batch assignment to give them full access to chats, calling, and meetings and assign the Education (Secondary school student) policy package to a batch of secondary students to limit certain capabilities like private calling. 團隊 PowerShell 模組中的 PowerShell CmdletPowerShell cmdlets in the Teams PowerShell module

設定全域原則Set the global policies

請依照下列步驟來設定每個原則類型的全域 (組織範圍預設) 原則。Follow these steps to set the global (Org-wide default) policies for each policy type.

使用 Microsoft Teams 系統管理中心Using the Microsoft Teams admin center

  1. 在 Microsoft 團隊系統管理中心的左導覽中,移至您要更新之原則類型的原則頁面。In the left navigation of the Microsoft Teams admin center, go to the policy page for the policy type you want to update. 例如,小組 > 團隊原則會議 > 會議原則訊息策略語音 > 通話原則For example, Teams > Teams policies, Meetings > Meetings policies, Messaging policies, or Voice > Calling policies.
  2. 選取 [ 全域 (組織範圍的預設) 原則,以查看目前的設定。Select the Global (Org-wide default) policy to view the current settings.
  3. 視需要更新原則, 然後選取 [ 套用]。Update the policy as needed, and then select Apply.

使用 PowerShellUsing PowerShell

若要使用 PowerShell 來設定全域原則,請使用全域識別碼。To set the global policies using PowerShell, use the Global identifier. 首先,查看目前的全域原則,以判斷您要變更的設定。Start by reviewing the current Global policy to determine which setting you want to change.

Get-CsTeamsMessagingPolicy -Identity Global
 
Identity                      : Global
Description                   :
AllowUrlPreviews              : True
AllowOwnerDeleteMessage       : False
AllowUserEditMessage          : True
AllowUserDeleteMessage        : True
AllowUserChat                 : True
AllowRemoveUser               : True
AllowGiphy                    : True
GiphyRatingType               : Moderate
AllowMemes                    : True
AllowImmersiveReader          : True
AllowStickers                 : True
AllowUserTranslation          : False
ReadReceiptsEnabledType       : UserPreference
AllowPriorityMessages         : True
ChannelsInChatListEnabledType : DisabledUserOverride
AudioMessageEnabledType       : ChatsAndChannels
Expand (20 lines) Collapse 

接著,視需要更新全域原則。Next, update the Global policy as needed. 您只需要指定您想要變更之設定的值。You only need to specify values for the settings that you want to change.

Set-CsTeamsMessagingPolicy -Identity Global -AllowUserEditMessage $false

指派原則給個別使用者Assign a policy to individual users

請按照下列步驟,將原則指派給個別的使用者或一次少數的使用者。Follow these steps to assign a policy to an individual user or to a small number of users at a time.

使用 Microsoft Teams 系統管理中心Using the Microsoft Teams admin center

若要將原則指派給使用者:To assign a policy to a user:

  1. 在 Microsoft Teams 系統管理中心的左側瀏覽窗格中,移至 [使用者],然後按一下該使用者。In the left navigation of the Microsoft Teams admin center, go to Users, and then click the user.
  2. 按一下使用者名稱左方以選取使用者,然後按一下 [編輯設定]。Select the user by clicking to the left of the user name, and then click Edit settings.
  3. 選取您要指派的原則, 然後按一下 [ 套用]。Select the policy you want to assign, and then click Apply.

或者,您也可以執行下列動作:Or, you can also do the following:

  1. 在 Microsoft 團隊系統管理中心的左導覽中,移至 [原則] 頁面。In the left navigation of the Microsoft Teams admin center, go to the policy page.
  2. 按一下原則名稱左邊的,選取您要指派的原則。Select the policy you want to assign by clicking to the left of the policy name.
  3. 選取 [管理使用者]。Select Manage users.
  4. [管理使用者] 窗格中,依顯示名稱或使用者名稱搜尋使用者,選取名稱,然後選取 [新增]In the Manage users pane, search for the user by display name or by user name, select the name, and then select Add. 針對要新增的每一個使用者重複此步驟。Repeat this step for each user that you want to add.
  5. 完成新增使用者後, 請選取 [ 套用]。When you're finished adding users, select Apply.

使用 PowerShellUsing PowerShell

每個原則類型都有自己的一組 Cmdlet 來管理它。Each policy type has its own set of cmdlets for managing it. 使用 Grant- 指定原則類型的 Cmdlet 來指派原則。Use the Grant- cmdlet for a given policy type to assign the policy. 例如,使用 Grant-CsTeamsMeetingPolicy Cmdlet 將團隊會議原則指派給使用者。For example, use the Grant-CsTeamsMeetingPolicy cmdlet to assign a Teams meeting policy to users. 這些 Cmdlet 包含在商務用 Skype Online PowerShell 模組中,且已記錄在 商務用 skype Cmdlet 參考中。These cmdlets are included in the Skype for Business Online PowerShell module and are documented in the Skype for Business cmdlet reference.

如果您尚未) ,請下載並安裝 商務用 Skype Online PowerShell 模組 (,然後執行下列動作以連線至商務用 skype online,並啟動會話。Download and install the Skype for Business Online PowerShell module (if you haven't already), and then run the following to connect to Skype for Business Online and start a session.

注意

商務用 Skype Online 連接器目前是最新團隊 PowerShell 模組的一部分。Skype for Business Online Connector is currently part of the latest Teams PowerShell module.

如果您使用的是最新的 團隊 PowerShell 公開發行,就不需要安裝商務用 Skype Online 連接器。If you're using the latest Teams PowerShell public release, you don't need to install the Skype for Business Online Connector.

Import-Module -Name MicrosoftTeams
$Cred = Get-Credential
$CSSession = New-CsOnlineSession -Credential $Cred
Import-PSSession -Session $CSSession

在這個範例中,我們會將名為 Student 會議原則的小組會議原則指派給名為 Reda 的使用者。In this example, we assign a Teams meeting policy named Student Meeting Policy to a user named Reda.

Grant-CsTeamsMeetingPolicy -Identity reda@contoso.com -PolicyName "Student Meeting Policy"

若要深入瞭解,請參閱透過 PowerShell 管理原則To learn more, read Manage policies via PowerShell.

指派原則給群組Assign a policy to a group

[群組原則指派] 可讓您將原則指派給使用者群組,例如安全群組或通訊群組清單。Policy assignment to groups lets you assign a policy to a group of users, such as a security group or distribution list. 原則指派將根據優先順序規則傳播到群組成員。The policy assignment is propagated to members of the group according to precedence rules. 在群組中新增或移除成員時,系統會相應地更新其繼承的原則指派。As members are added to or removed from a group, their inherited policy assignments are updated accordingly.

建議將原則指派給群組,以適用于最多50000個使用者的群組,但也適用于較大的群組。Policy assignment to groups is recommended for groups of up to 50,000 users but it will also work with larger groups.

指派原則時,它會立即指派給群組。When you assign the policy, it's immediately assigned to the group. 不過,請注意,原則指派對群組成員的傳播是作為背景作業執行,可能需要一些時間,視群組的大小而定。However, note that the propagation of the policy assignment to members of the group is performed as a background operation and may take some time, depending on the size of the group. 如果沒有從群組中取消指派原則,或是在群組中新增或移除某個原則,就是如此。The same is true when a policy is unassigned from a group, or when members are added to or removed from a group.

[群組原則指派] 只會傳播給直接成員屬於群組的使用者。Group policy assignments are only propagated to users that are direct members of the group. 工作分派不會傳播至嵌套群組的成員。The assignments aren't propagated to members of nested groups.

針對群組的原則指派所需注意的事項What you need to know about policy assignment to groups

在您開始之前,請務必瞭解優先規則與群組指派排名。Before you get started, it's important to understand precedence rules and group assignment ranking.

優先規則Precedence rules

針對特定原則類型,根據下列專案來決定使用者的有效原則:For a given policy type, a user's effective policy is determined according to the following:

  • 直接指派給使用者的原則,優先于任何其他指派給群組之相同類型的原則。A policy that's directly assigned to a user takes precedence over any other policy of the same type that's assigned to a group. 換句話說,如果使用者是直接指派給特定類型的原則,該使用者就不會從群組繼承相同類型的原則。In other words, if a user is directly assigned a policy of a given type, that user won't inherit a policy of the same type from a group. 這也表示如果使用者具有直接指派給他們的特定類型的原則,您必須先移除使用者的原則,才能從群組繼承相同類型的原則。This also means that if a user has a policy of a given type that was directly assigned to them, you have to remove that policy from the user before they can inherit a policy of the same type from a group.
  • 如果使用者沒有直接指派的原則,且是兩個或多個群組的成員,且每個群組都有指派相同類型的原則,則使用者會繼承最高排名的群組指派原則。If a user doesn't have a policy directly assigned to them and is a member of two or more groups and each group has a policy of the same type assigned to it, the user inherits the policy of the group assignment that has the highest ranking.
  • 如果使用者不是指派原則的任何群組的成員,該原則類型的全域 (組織範圍預設) 原則會套用給使用者。If a user isn't a member of any groups that are assigned a policy, the global (Org-wide default) policy for that policy type applies to the user.

在已指派原則的群組中新增或移除使用者時,會根據這些規則來更新使用者的有效原則、將原則指派給群組,或直接指派給該使用者的原則也會被移除。A user's effective policy is updated according to these rules when a user is added to or removed from a group that's assigned a policy, a policy is unassigned from a group, or a policy that's directly assigned to the user is removed.

群組指派排名Group assignment ranking

當您將原則指派給群組時,請指定群組指派的排名。When you assign a policy to a group, you specify a ranking for the group assignment. 這是用來判斷,如果使用者是兩個或多個群組的成員,且每個群組都指派相同類型的原則,使用者應該繼承為其有效原則的原則。This is used to determine which policy a user should inherit as their effective policy if the user is a member of two or more groups and each group is assigned a policy of the same type.

群組指派排名是相對於相同類型的其他群組分派。The group assignment ranking is relative to other group assignments of the same type. 例如,如果您要將通話原則指派給兩個群組,請將一個指派的等級設定為1,而另一個指派給2,1為最高排名。For example, if you're assigning a calling policy to two groups, set the ranking of one assignment to 1 and the other to 2, with 1 being the highest ranking. [群組指派排名] 會指出哪些群組成員資格比繼承更重要,或比其他群組成員資格更相關。The group assignment ranking indicates which group membership is more important or more relevant than other group memberships with regards to inheritance.

例如,您有兩個群組,請儲存 [員工] 和 [書店管理員]。Say, for example, you have two groups, Store Employees and Store Managers. 兩個群組都會獲指派團隊通話原則,分別將員工撥打電話給原則和商店管理員呼叫原則。Both groups are assigned a Teams calling policy, Store Employees Calling Policy and Store Managers Calling Policy, respectively. 對於在這兩個群組中的書店管理員而言,其角色會與員工的角色更相關,所以指派給商店管理員群組的呼叫原則應該有較高的排名。For a store manager who is in both groups, their role as a manager is more relevant than their role as an employee, so the calling policy that's assigned to the Store Managers group should have a higher ranking.

群組Group 小組通話原則名稱Teams calling policy name 排名Rank
商店管理員Store Managers 商店管理員通話原則Store Managers Calling Policy 11
儲存員工Store Employees 儲存員工的通話原則Store Employees Calling Policy 22

如果您沒有指定排名,則會給予原則指派最低等級。If you don't specify a ranking, the policy assignment is given the lowest ranking.

使用 Microsoft Teams 系統管理中心Using the Microsoft Teams admin center

注意

目前,使用 Microsoft 團隊系統管理中心群組的原則指派只適用于小組呼叫原則、小組通話寄存原則、團隊原則、團隊即時事件原則、團隊會議原則和團隊訊息原則。Currently, policy assignment to groups using the Microsoft Teams admin center is only available for Teams calling policy, Teams call park policy, Teams policy, Teams live events policy, Teams meeting policy, and Teams messaging policy. 針對其他原則類型,請使用 PowerShell。For other policy types, use PowerShell.

  1. 在 Microsoft 團隊系統管理中心的左導覽中,移至 [原則類型] 頁面。In the left navigation of the Microsoft Teams admin center, go to the policy type page. 例如,移至 [會議 > 會議原則]。For example, go to Meetings > Meeting policies.
  2. 選取 [ 群組原則指派 ] 索引標籤。Select the Group policy assignment tab.
  3. 選取 [ 新增群組],然後在 [ 將原則指派給群組 ] 窗格中,執行下列動作:Select Add group, and then in the Assign policy to group pane, do the following:
    1. 搜尋並新增您要指派原則的群組。Search for and add the group you want to assign the policy to.
    2. 設定群組指派的排名。Set the ranking for the group assignment.
    3. 選取您要指派的原則。Select the policy that you want to assign.
    4. 選取 [ 套用]。Select Apply.

若要移除群組原則指派,請在 [原則] 頁面的 [ 群組原則指派 ] 索引標籤上,選取 [群組指派],然後選取 [ 移除]。To remove a group policy assignment, on the Group policy assignment tab of the policy page, select the group assignment, and then select Remove.

若要變更群組指派的排名,您必須先移除 [群組原則指派]。To change the ranking of a group assignment, you have to first remove the group policy assignment. 然後,按照上述步驟,將原則指派給群組。Then, follow the steps above to assign the policy to a group.

使用 PowerShellUsing PowerShell

注意

目前,對於所有團隊原則類型,使用 PowerShell 的群組的原則指派都無法使用。Currently, policy assignment to groups using PowerShell isn't available for all Teams policy types. 如需支援的原則類型清單,請參閱 新-CsGroupPolicyAssignmentSee New-CsGroupPolicyAssignment for the list of supported policy types.

安裝並連接至 Microsoft 團隊 PowerShell 模組Install and connect to the Microsoft Teams PowerShell module

如需逐步指導方針,請參閱 安裝團隊 PowerShellFor step-by-step guidance, see Install Teams PowerShell.

指派原則給一組使用者Assign a policy to a group of users

您使用 CsGroupPolicyAssignment Cmdlet 將原則指派給群組。You use the New-CsGroupPolicyAssignment cmdlet to assign a policy to a group. 您可以使用 [物件識別碼]、[SIP 位址] 或 [電子郵件地址] 來指定群組。You can specify a group by using the object Id, SIP address, or email address.

在這個範例中,我們會將名為「零售經理」會議原則的小組會議原則指派給作業排名為1的群組。In this example, we assign a Teams meeting policy named Retail Managers Meeting Policy to a group with an assignment ranking of 1.

New-CsGroupPolicyAssignment -GroupId d8ebfa45-0f28-4d2d-9bcc-b158a49e2d17 -PolicyType TeamsMeetingPolicy -PolicyName "Retail Managers Meeting Policy" -Rank 1

取得群組的原則指派Get policy assignments for a group

使用 CsGroupPolicyAssignment Cmdlet 來取得指派給群組的所有原則。Use the Get-CsGroupPolicyAssignment cmdlet to get all policies assigned to a group. 請注意,即使其 SIP 位址或電子郵件地址是用來指派原則,群組也永遠會依其群組識別碼列出。Note that groups are always listed by their group Id even if its SIP address or email address was used to assign the policy.

在這個範例中,我們會檢索指派給特定群組的所有原則。In this example, we retrieve all policies assigned to a specific group.

Get-CsGroupPolicyAssignment -GroupId e050ce51-54bc-45b7-b3e6-c00343d31274

在這個範例中,我們會傳回指派給「團隊」會議原則的所有群組。In this example, we return all groups that are assigned a Teams meeting policy.

Get-CsGroupPolicyAssignment -PolicyType TeamsMeetingPolicy

從群組中移除原則Remove a policy from a group

使用 CsGroupPolicyAssignment Cmdlet 來從群組中移除原則。Use the Remove-CsGroupPolicyAssignment cmdlet to remove a policy from a group. 當您從群組中移除原則時,會更新指派給該群組之相同類型之其他原則的優先順序,並更新較低排名的專案。When you remove a policy from a group, the priorities of other policies of the same type assigned to that group and that have a lower ranking are updated. 例如,如果您移除等級為2的原則,就會更新等級為3和4的原則,以反映其新的排名。For example, if you remove a policy that has a ranking of 2, policies that have a ranking of 3 and 4 are updated to reflect their new ranking. 下列兩個數據表顯示這個範例。The following two tables show this example.

以下是團隊會議原則的原則指派與優先順序清單。Here's a list of the policy assignments and priorities for a Teams meeting policy.

組名Group name 原則名稱Policy name 排名Rank
銷售Sales 銷售原則Sales policy 11
西部地區West Region 西部地區原則West Region policy 22
除以Division 部門原則Division policy 33
附屬Subsidiary 附屬原則Subsidiary policy 44

如果我們移除 [西部區域] 群組中的 [西部區域原則],原則指派與優先順序會更新為以下所示。If we remove the West Region policy from the West Region group, the policy assignments and priorities are updated as follows.

組名Group name 原則名稱Policy name 排名Rank
銷售Sales 銷售原則Sales policy 11
除以Division 部門原則Division policy 22
附屬Subsidiary 附屬原則Subsidiary policy 33

在這個範例中,我們會從群組中移除團隊會議原則。In this example, we remove the Teams meeting policy from a group.

Remove-CsGroupPolicyAssignment -PolicyType TeamsMeetingPolicy -GroupId f985e013-0826-40bb-8c94-e5f367076044

變更群組的原則指派Change a policy assignment for a group

注意

CsGroupPolicyAssignment Cmdlet 即將提供。The Set-CsGroupPolicyAssignment cmdlet will be available soon. 在這種情況下,若要變更群組原則指派,您可以從群組中移除目前的原則指派,然後新增指派的原則。In the meantime, to change a group policy assignment, you can remove the current policy assignment from the group, and then add a new policy assignment.

將原則指派給群組之後,您可以使用 CsGroupPolicyAssignment Cmdlet 來變更該組的原則指派,如下所示:After you assign a policy to a group, you can use the Set-CsGroupPolicyAssignment cmdlet to change that group's policy assignment as follows:

  • 變更排名Change the ranking
  • 變更指定原則類型的原則Change the policy of a given policy type
  • 變更指定原則類型和排名的原則Change the policy of a given policy type and the ranking

在這個範例中,我們會將群組的小組通話駐留原則給名為 SupportCallPark 的原則,並將作業排名等級設為3。In this example, we change a group's Teams call park policy to a policy named SupportCallPark and the assignment ranking to 3.

Set-CsGroupPolicyAssignment -GroupId 566b8d39-5c5c-4aaa-bc07-4f36278a1b38 -PolicyType TeamsMeetingPolicy -PolicyName SupportCallPark -Rank 3

變更使用者的有效原則Change the effective policy for a user

以下範例說明如何變更直接指派原則的使用者的有效原則。Here's an example of how to change the effective policy for a user who is directly assigned a policy.

首先,我們會將 CsUserPolicyAssignment Cmdlet 與參數搭配使用, PolicySource 以取得與使用者相關聯之小組會議廣播原則的詳細資料。First, we use the Get-CsUserPolicyAssignment cmdlet together with the PolicySource parameter to get details of the Teams meeting broadcast policies associated with the user.

Get-CsUserPolicyAssignment -Identity daniel@contoso.com -PolicyType TeamsMeetingBroadcastPolicy | select -ExpandProperty PolicySource

輸出顯示使用者是直接指派給員工事件的小組會議廣播原則,其優先順序高於指派給該使用者所屬群組的「提供者即時事件」原則。The output shows that the user was directly assigned a Teams meeting broadcast policy named Employee Events, which takes precedence over the policy named Vendor Live Events that's assigned to a group the user belongs to.

AssignmentType PolicyName         Reference
-------------- ----------         ---------
Direct         Employee Events
Group          Vendor Live Events 566b8d39-5c5c-4aaa-bc07-4f36278a1b38

現在,我們移除使用者的員工活動原則。Now, we remove the Employee Events policy from the user. 這表示使用者已不再將團隊會議廣播原則直接指派給他們,並將繼承指派給該使用者所屬群組的供應商即時事件原則。This means that the user no longer has a Teams meeting broadcast policy directly assigned to them and will inherit the Vendor Live Events policy that's assigned to the group the user belongs to.

在商務用 Skype PowerShell 模組中使用下列 Cmdlet 來執行這項作業。Use the following cmdlet in the Skype for Business PowerShell module to do this.

Grant-CsTeamsMeetingBroadcastPolicy -Identity daniel@contoso.com -PolicyName $null

您可以在團隊 PowerShell 模組中使用下列 Cmdlet,透過批次原則指派來執行這項作業,其中 $users 是您指定的使用者清單。You can use following cmdlet in the Teams PowerShell module to do this at scale though a batch policy assignment, where $users is a list of users that you specify.

New-CsBatchPolicyAssignmentOperation -OperationName "Assigning null at bulk" -PolicyType TeamsMeetingBroadcastPolicy -PolicyName $null -Identity $users  

指派原則給一批使用者Assign a policy to a batch of users

使用 Microsoft Teams 系統管理中心Using the Microsoft Teams admin center

若要將原則大量指派給使用者:To assign a policy to users in bulk:

  1. 在 Microsoft [團隊管理中心] 的左導覽中,選取 [ 使用者]。In the left navigation of the Microsoft Teams admin center, select Users.
  2. 搜尋您要指派原則的使用者,或篩選視圖以顯示您想要的使用者。Search for the users you want to assign the policy to or filter the view to show the users you want.
  3. 在 [✓] (核取方塊) 欄中,選取使用者。In the (check mark) column, select the users. 若要選取 [所有使用者],請按一下表格頂端的 [✓] (核取方塊)。To select all users, click the ✓ (check mark) at the top of the table.
  4. 按一下 [編輯設定],進行所需的變更,然後按一下 [套用]。Click Edit settings, make the changes that you want, and then click Apply.

若要查看原則指派的狀態,在您按一下 [套用] 以提交原則指派之後,在 [ 使用者 ] 頁面頂端出現的橫幅中 ,按一下 [ 活動記錄]。To view the status of your policy assignment, in the banner that appears at the top of the Users page after you click Apply to submit your policy assignment, click Activity log. 或者,在 Microsoft [團隊管理中心] 的左導覽中,移至 [ 儀表板],然後按一下 [ 活動記錄] 下的 [ 查看詳細資料]。Or, in the left navigation of the Microsoft Teams admin center, go to Dashboard, and then under Activity log, click View details. 活動記錄會顯示在過去30天內,透過 Microsoft [小組系統管理中心] 向超過20名使用者批次的原則作業。The Activity log shows policy assignments to batches of more than 20 users through the Microsoft Teams admin center from the last 30 days. 若要深入瞭解,請參閱 在活動記錄中查看您的原則分派To learn more, see View your policy assignments in the Activity log.

使用 PowerShellUsing PowerShell

注意

目前,使用 PowerShell 的批原則指派不適用於所有團隊原則類型。Currently, batch policy assignment using PowerShell isn't available for all Teams policy types. 如需支援的原則類型清單,請參閱 新-CsBatchPolicyAssignmentOperationSee New-CsBatchPolicyAssignmentOperation for the list of supported policy types.

使用批次原則指派,您可以一次將原則指派給大型的使用者組,而不需要使用腳本。With batch policy assignment, you can assign a policy to large sets of users at a time without having to use a script. 您使用 CsBatchPolicyAssignmentOperation Cmdlet 來提交一批使用者和您要指派的原則。You use the New-CsBatchPolicyAssignmentOperation cmdlet to submit a batch of users and the policy that you want to assign. 系統會將工作處理為背景作業,並為每個批次產生作業識別碼。The assignments are processed as a background operation and an operation ID is generated for each batch. 然後,您可以使用 CsBatchPolicyAssignmentOperation Cmdlet 來追蹤批次中作業的進度和狀態。You can then use the Get-CsBatchPolicyAssignmentOperation cmdlet to track the progress and status of the assignments in a batch.

您可以根據使用者的物件識別碼或會話初始通訊協定,以 (SIP) 位址來指定使用者。You can specify users by their object Id or Session Initiation Protocol (SIP) address. 請注意,使用者的 SIP 位址通常會有與使用者主體名稱 (UPN) 或電子郵件地址相同的值,但這不是必要的。Note that a user's SIP address often has the same value as the User Principal Name (UPN) or email address, but this is not required. 如果使用者是使用其 UPN 或電子郵件指定的,但其值不是其 SIP 位址,則使用者的原則指派將會失敗。If a user is specified using their UPN or email, but it has a different value than their SIP address, then policy assignment will fail for the user. 如果批次包含重複的使用者,則會在處理前從批次中移除重複專案,且狀態將只提供給批次中剩餘的唯一使用者。If a batch includes duplicate users, the duplicates will be removed from the batch before processing and status will only be provided for the unique users remaining in the batch.

批次最多可包含 5000 個使用者。A batch can contain up to 5,000 users. 若要獲得最佳結果,請不要一次提交超過幾個批次。For best results, do not submit more than a few batches at a time. 允許批次完成處理,然後再提交更多批次。Allow batches to complete processing before submitting more batches.

安裝並連接至 Microsoft 團隊 PowerShell 模組Install and connect to the Microsoft Teams PowerShell module

請執行下列動作來安裝 Microsoft 團隊 PowerShell 模組Run the following to install the Microsoft Teams PowerShell module. 請確定您已安裝版本1.0.5 或更新版本。Make sure you install version 1.0.5 or later.

Install-Module -Name MicrosoftTeams

執行下列動作以連線至團隊並啟動會話。Run the following to connect to Teams and start a session.

Connect-MicrosoftTeams

出現提示時,請使用您的系統管理員認證登入。When you're prompted, sign in using your admin credentials.

安裝並連接至 Azure AD PowerShell for Graph 模組 (選用) Install and connect to the Azure AD PowerShell for Graph module (optional)

如果您還沒有) 並聯機至 Azure AD,您可能也想要 下載並安裝 AZURE Ad PowerShell For Graph 模組 (,這樣您就可以在組織中取得使用者清單。You may also want to download and install the Azure AD PowerShell for Graph module (if you haven't already) and connect to Azure AD so that you can retrieve a list of users in your organization.

執行下列動作以連線至 Azure AD。Run the following to connect to Azure AD.

Connect-AzureAD

出現提示時,請使用您用來連線至團隊的相同管理員認證登入。When you're prompted, sign in using the same admin credentials that you used to connect to Teams.

指派原則給一批使用者Assign a policy to a batch of users

在這個範例中,我們使用 CsBatchPolicyAssignmentOperation Cmdlet,將名為 HR App 設定原則的 app 設定原則指派給 Users_ids 文字檔中所列的一批使用者。In this example, we use the New-CsBatchPolicyAssignmentOperation cmdlet to assign an app setup policy named HR App Setup Policy to a batch of users listed in the Users_ids.text file.

$user_ids = Get-Content .\users_ids.txt
New-CsBatchPolicyAssignmentOperation -PolicyType TeamsAppSetupPolicy -PolicyName "HR App Setup Policy" -Identity $users_ids -OperationName "Example 1 batch"

在這個範例中,我們會連線至 Azure AD 來取得使用者集合,然後將名為「新員工訊息」的訊息策略指派給使用其 SIP 位址指定的一批使用者。In this example, we connect to Azure AD to retrieve a collection of users and then assign a messaging policy named New Hire Messaging Policy to a batch of users specified by using their SIP address.

Connect-AzureAD
$users = Get-AzureADUser
New-CsBatchPolicyAssignmentOperation -PolicyType TeamsMessagingPolicy -PolicyName "New Hire Messaging Policy" -Identity $users.SipProxyAddress -OperationName "Example 2 batch"

取得批次作業的狀態Get the status of a batch assignment

執行下列操作以取得批次工作的狀態,其中 OperationId 是由 New-CsBatchPolicyAssignmentOperation Cmdlet 針對指定批次傳回的作業識別碼。Run the following to get the status of a batch assignment, where OperationId is the operation ID that's returned by the New-CsBatchPolicyAssignmentOperation cmdlet for a given batch.

$Get-CsBatchPolicyAssignmentOperation -OperationId f985e013-0826-40bb-8c94-e5f367076044 | fl

如果輸出顯示發生錯誤,請執行下列動作,以取得有關屬性中錯誤的詳細資訊 UserStateIf the output shows that an error occurred, run the following to get more information about errors, which are in the UserState property.

Get-CsBatchPolicyAssignmentOperation -OperationId f985e013-0826-40bb-8c94-e5f367076044 | Select -ExpandProperty UserState

若要深入瞭解,請參閱 CsBatchPolicyAssignmentOperationTo learn more, see Get-CsBatchPolicyAssignmentOperation.

指派原則套件給使用者Assign a policy package to users

小組中的原則套件是預先定義的原則與原則設定的集合,您可以指派給在貴組織中擁有相同或相似角色的使用者。A policy package in Teams is a collection of predefined policies and policy settings that you can assign to users who have the same or similar roles in your organization. 每個原則套件都是圍繞使用者角色來設計,其中包含支援該角色典型活動的預先定義原則與原則設定。Each policy package is designed around a user role and includes predefined policies and policy settings that support activities typical for that role. (老師) 套件和醫療保健 (臨床工人) 套件中,就是一些原則。Some examples of policy packages are the Education (Teacher) package and Healthcare (Clinical worker) package. 若要深入瞭解,請參閱 管理團隊中的原則套件To learn more, see Manage policy packages in Teams.

指派原則套件給一個使用者Assign a policy package to one user

  1. 在 Microsoft Teams 系統管理中心的左側瀏覽窗格中,移至 [使用者],然後按一下該使用者。In the left navigation of the Microsoft Teams admin center, go to Users, and then click the user.
  2. 在使用者的頁面上,按一下 [ 原則],然後按一下 [ 原則封裝] 旁的 [ 編輯]。On the user's page, click Policies, and then next to Policy package, click Edit.
  3. 在 [ 指派原則套件 ] 窗格中,選取您要指派的套件,然後按一下 [ 儲存]。In the Assign policy package pane, select the package you want to assign, and then click Save.

指派原則套件給多位使用者Assign a policy package to multiple users

  1. 在 Microsoft 團隊系統管理中心的左導覽中,移至 [ 原則套件],然後按一下套件名稱左邊的 [原則],選取您要指派的原則套件。In the left navigation of the Microsoft Teams admin center, go to Policy packages, and then select the policy package you want to assign by clicking to the left of the package name.
  2. 按一下 [ 管理使用者]。Click Manage users.
  3. 在 [管理使用者] 窗格中,依顯示名稱或使用者名稱搜尋使用者,選取名稱,然後按一下 [新增]。In the Manage users pane, search for the user by display name or by user name, select the name, and then click Add. 針對要新增的每一個使用者重複此步驟。Repeat this step for each user that you want to add.
  4. 完成新增使用者後,請按一下 [ 儲存]。When you're finished adding users, click Save.

將原則套件指派給群組Assign a policy package to a group

這項功能在私人預覽中This feature is in private preview

透過向群組指派原則套件,可以將多個原則指派給一組使用者,例如安全性群組或通訊群組。Policy package assignment to groups let you assign multiple policies to a group of users, such as a security group or distribution list. 原則指派將根據優先順序規則傳播到群組成員。The policy assignment is propagated to members of the group according to precedence rules. 在群組中新增或移除成員時,系統會相應地更新其繼承的原則指派。As members are added to or removed from a group, their inherited policy assignments are updated accordingly.

建議將 [原則封裝指派給群組] 提供給最多50000個使用者,但也適用于較大的群組。Policy package assignment to groups is recommended for groups of up to 50,000 users but it will also work with larger groups.

當您指派原則套件時,它會立即指派給群組。When you assign the policy package, it's immediately assigned to the group. 不過,請注意,原則指派對群組成員的傳播是作為背景作業執行,可能需要一些時間,視群組的大小而定。However, note that the propagation of the policy assignment to members of the group is performed as a background operation and may take some time, depending on the size of the group. 如果沒有從群組中取消指派原則,或是在群組中新增或移除某個原則,就是如此。The same is true when a policy is unassigned from a group, or when members are added to or removed from a group.

重要

在您開始之前,請務必瞭解 優先規則群組指派排名Before you get started, it's important to understand precedence rules and group assignment ranking. 請務必閱讀並瞭解本文先前所 需瞭解的原則指派給群組 的概念。Make sure you read and understand the concepts in What you need to know about policy assignment to groups earlier in this article.

使用 Microsoft 團隊系統管理中心 (即將推出) Using the Microsoft Teams admin center (coming soon)

即將推出 [Microsoft 團隊系統管理中心] 群組的 [原則套件指派]。Policy package assignment to groups in the Microsoft Teams admin center is coming soon. 回到這裡查看最新的更新。Check back here for the latest updates.

使用 PowerShellUsing PowerShell

安裝並連接至 Microsoft 團隊 PowerShell 模組Install and connect to the Microsoft Teams PowerShell module

如需逐步指導方針,請參閱 安裝團隊 PowerShellFor step-by-step guidance, see Install Teams PowerShell.

指派原則套件給使用者群組Assign a policy package to a group of users

您可以使用 授與 CsGroupPolicyPackageAssignment Cmdlet,將原則套件指派給群組。You use the Grant-CsGroupPolicyPackageAssignment cmdlet to assign a policy package to a group. 您可以使用 [物件識別碼]、[SIP 位址] 或 [電子郵件地址] 來指定群組。You can specify a group by using the object Id, SIP address, or email address. 指派原則套件時,請針對原則套件中的每個原則類型,指定 群組指派等級When you assign the policy package, specify a group assignment ranking for each policy type in the policy package.

在這個範例中,我們會將 Education_Teacher 原則套件指派給 TeamsAppSetupPolicy 和 TeamsMeetingBroadcastPolicy 的作業排名為1的群組,並將 TeamsMeetingPolicy 的等級設為2。In this example, we assign the Education_Teacher policy package to a group with an assignment ranking of 1 for TeamsAppSetupPolicy and TeamsMeetingBroadcastPolicy and a ranking of 2 for TeamsMeetingPolicy.

Grant-CsGroupPolicyPackageAssignment -GroupId "dae90bb4-120f-4a3e-a15d-30f142e79f69" -PackageName "Education_Teacher" -PolicyRankings "TeamsAppSetupPolicy, 1", "TeamsMeetingBroadcastPolicy, 1", "TeamsMeetingPolicy, 2"

指派原則套件給一批使用者Assign a policy package to a batch of users

使用批次原則套件指派,您可以一次將原則套件指派給大型的使用者組,而不需要使用腳本。With batch policy package assignment, you can assign a policy package to large sets of users at a time without having to use a script. 您使用 CsBatchPolicyAssignmentOperation Cmdlet 來提交一批使用者和您要指派的原則套件。You use the New-CsBatchPolicyAssignmentOperation cmdlet to submit a batch of users and the policy package that you want to assign. 系統會將工作處理為背景作業,並為每個批次產生作業識別碼。The assignments are processed as a background operation and an operation ID is generated for each batch. 然後,您可以使用 CsBatchPolicyAssignmentOperation Cmdlet 來追蹤批次中作業的進度和狀態。You can then use the Get-CsBatchPolicyAssignmentOperation cmdlet to track the progress and status of the assignments in a batch.

您可以根據使用者的物件識別碼或會話初始通訊協定,以 (SIP) 位址來指定使用者。You can specify users by their object Id or Session Initiation Protocol (SIP) address. 請注意,使用者的 SIP 位址通常會有與使用者主體名稱 (UPN) 或電子郵件地址相同的值,但這不是必要的。Note that a user's SIP address often has the same value as the User Principal Name (UPN) or email address, but this is not required. 如果使用者是使用其 UPN 或電子郵件指定的,但其值不是其 SIP 位址,則使用者的原則指派將會失敗。If a user is specified using their UPN or email, but it has a different value than their SIP address, then policy assignment will fail for the user. 如果批次包含重複的使用者,則會在處理前從批次中移除重複專案,且狀態將只提供給批次中剩餘的唯一使用者。If a batch includes duplicate users, the duplicates will be removed from the batch before processing and status will only be provided for the unique users remaining in the batch.

批次最多可包含 5000 個使用者。A batch can contain up to 5,000 users. 若要獲得最佳結果,請不要一次提交超過幾個批次。For best results, do not submit more than a few batches at a time. 允許批次完成處理,然後再提交更多批次。Allow batches to complete processing before submitting more batches.

安裝並連接至 Microsoft 團隊 PowerShell 模組Install and connect to the Microsoft Teams PowerShell module

如果您尚未) ,請執行下列動作來安裝 Microsoft 團隊 PowerShell 模組 (。Run the following to install the Microsoft Teams PowerShell module (if you haven't already). 請確定您已安裝版本1.0.5 或更新版本。Make sure you install version 1.0.5 or later.

Install-Module -Name MicrosoftTeams

執行下列動作以連線至團隊並啟動會話。Run the following to connect to Teams and start a session.

Connect-MicrosoftTeams

出現提示時,請使用您的系統管理員認證登入。When you're prompted, sign in using your admin credentials.

指派原則套件給一批使用者Assign a policy package to a batch of users

在這個範例中,我們使用 CsBatchPolicyAssignmentOperation Cmdlet,將 Education_PrimaryStudent 原則套件指派給一批使用者。In this example, we use the New-CsBatchPolicyAssignmentOperation cmdlet to assign the Education_PrimaryStudent policy package to a batch of users.

New-CsBatchPolicyPackageAssignmentOperation -Identity 1bc0b35f-095a-4a37-a24c-c4b6049816ab,user1@econtoso.com,user2@contoso.com -PackageName Education_PrimaryStudent

取得批次作業的狀態Get the status of a batch assignment

執行下列操作以取得批次工作的狀態,其中 OperationId 是由 New-CsBatchPolicyAssignmentOperation Cmdlet 針對指定批次傳回的作業識別碼。Run the following to get the status of a batch assignment, where OperationId is the operation ID that's returned by the New-CsBatchPolicyAssignmentOperation cmdlet for a given batch.

$Get-CsBatchPolicyAssignmentOperation -OperationId f985e013-0826-40bb-8c94-e5f367076044 | fl

如果輸出顯示發生錯誤,請執行下列動作,以取得有關屬性中錯誤的詳細資訊 UserStateIf the output shows that an error occurred, run the following to get more information about errors, which are in the UserState property.

Get-CsBatchPolicyAssignmentOperation -OperationId f985e013-0826-40bb-8c94-e5f367076044 | Select -ExpandProperty UserState

若要深入瞭解,請參閱 CsBatchPolicyAssignmentOperationTo learn more, see Get-CsBatchPolicyAssignmentOperation.

團隊 PowerShell 概覽Teams PowerShell Overview