Microsoft Teams 中的來賓存取Guest access in Microsoft Teams

透過來賓存取,您可以向組織外部的人員提供團隊、頻道中的文件、資源、聊天和應用程式的存取權,同時又能保有自身公司資料的完整控制權。With guest access, you can provide access to teams, documents in channels, resources, chats, and applications to people outside your organization, while maintaining control over your corporate data.

來賓是不屬於員工、學生或組織成員的人員。A guest is someone who isn't an employee, student, or member of your organization. 他們沒有貴組織的學校或公司帳戶。They don't have a school or work account with your organization. 例如,來賓可能包括有合作夥伴、廠商、供應商或顧問。For example, guests may include partners, vendors, suppliers, or consultants. 只要是不屬於貴組織成員的任何人都可以在 Teams 中新增為來賓。Anyone who is not part of your organization can be added as guest in Teams. 這表示任何擁有商務帳戶(也就是 Azure Active Directory 帳戶)或消費者電子郵件帳戶(使用 Outlook.com、Gmail.com 或其他)的人員都能以來賓身分參與 Teams,擁有對團隊和頻道體驗的存取權。This means that anyone with a business account (that is, an Azure Active Directory account) or consumer email account (with Outlook.com, Gmail.com or others) can participate as a guest in Teams, with access to teams and channel experiences.

Teams 中的來賓與其他部分的 Microsoft 365 一樣,都受到相同的合規性和稽核保護,且可在 Azure AD 中管理這些來賓。Guests in Teams are covered by the same compliance and auditing protection as the rest of Microsoft 365, and can be managed within Azure AD. 來賓存取受到 Azure AD 和 Microsoft 365 或 Office 365 服務的限制。Guest access is subject to Azure AD and Microsoft 365 or Office 365 service limits.

來賓體驗有刻意設計的限制。The guest experience has limitations by design. 如需有關來賓在 Teams 中可以和不可以使用的功能完整清單,請參閱團隊成員和來賓功能的比較For a full list of what a guest can and can't do in Teams, see comparison of team member and guest capabilities.

重要

對於共存的升級模式,來賓遵循 Teams 的全組織設定。Guests follow Teams Org-wide settings for the coexistence Upgrade mode. 這項設定無法變更。This can't be changed.

若要設定來賓存取,請參閱 在小組中與來賓共同作業To set up guest access, see Collaborate with guests in a team.

若要比較外部存取 (同盟) 和來賓存取 (並決定您應使用的方式),請閱讀在 Teams 中與其他組織的使用者通訊To compare external access (federation) with guest access (and decide which one you should use), read Communicate with users from other organizations in Teams.

設定來賓存取Set up guest access

Teams 中的來賓存取需要設定 Microsoft 365 中的其他設定,包括在 Azure AD、Microsoft 365 群組和 SharePoint 中的設定。Guest access in Teams requires configuring other settings in Microsoft 365, including settings in Azure AD, Microsoft 365 Groups, and SharePoint. 如果您準備好要開始邀請來賓使用 Teams,請閱讀下列其中一項:If you're ready to start inviting guests to teams, read one of the following:

Teams 的來賓存取是一項全組織設定,預設為關閉。Guest access in Teams is an organization-wide setting and is turned off by default. 您可以透過使用 敏感性標籤,控制來賓對個別 Teams 的存取。You can control guest access to individual teams by using sensitivity labels.

來賓成為小組成員的方式How a guest becomes a member of a team

  1. 小組擁有者或 Microsoft 365 系統管理 將來賓新增至小組A team owner or a Microsoft 365 admin adds a guest to a team.
  2. 來賓會收到來自小組擁有者的歡迎電子郵件,其中具有小組相關資訊,以及現在成為成員預期有什麼優點。The guest receives a welcome email from the team owner, with information about the team and what to expect now that they're a member.
  3. 來賓接受邀請。The guest accepts the invitation. 在 Azure Active Directory 中擁有公司或學校帳戶的來賓可以接受邀請並直接驗證。Guests who have a work or school account in Azure Active Directory can accept the invitation and authenticate directly. 其他使用者會收到一次性密碼以驗證其身分識別 (一次性密碼驗證 必要)。Other users are sent a one-time pass code to validate their identity (One-time passcode authentication required).
  4. 接受邀請之後,來賓可以參與小組和頻道、接收及回應頻道訊息、存取頻道中的檔案、參與交談、加入會議、在文件上共同作業等等。After accepting the invitation, the guest can participate in teams and channels, receive and respond to channel messages, access files in channels, participate in chats, join meetings, collaborate on documents, and more.

在 Teams 中,系統會清楚地識別來賓。In Teams, guests are clearly identified. 來賓的名稱包括標籤 (來賓),頻道包含一個圖示指出小組中有來賓。A guest's name includes the label (Guest), and a channel includes an icon to indicate that there are guests on the team. 如需詳細資訊,請參閱來賓體驗像什麼For more details, see What the guest experience is like.

來賓隨時可以離開 Teams 內的小組。Guests can leave the team at any time from within Teams. 如需詳細資訊,請參閱如何離開小組?For details, see How do I leave a team?

注意

離開小組並不會將來賓帳戶直接從貴組織中移除。Leaving the team doesn't remove the guest account from your organization's directory. 必須由 Microsoft 365 全域系統管理員或 Azure AD 系統管理員來完成。This must be done by a Microsoft 365 global admin or an Azure AD admin.

來賓存取的授權Licensing for guest access

來賓存取隨附於所有 Microsoft 365 商務標準版、Microsoft 365 企業版和 Microsoft 365 教育版訂閱。Guest access is included with all Microsoft 365 Business Standard, Microsoft 365 Enterprise, and Microsoft 365 Education subscriptions. 您不需要額外的 Microsoft 365 授權。No additional Microsoft 365 license is necessary. Teams 未限制您可以新增的來賓數量。Teams doesn't restrict the number of guests you can add. 不過,可新增至您租用戶的來賓總數可能受到 Azure AD 的付費功能限制。However, the total number of guests that can be added to your tenant may be restricted by the paid features of Azure AD. 如需詳細資訊,請參閱 適用於 Azure AD 外部身分的計費模型For more information, see Billing model for Azure AD External Identities.

注意

僅擁有獨立版 Microsoft 365 訂閱方案(例如 Exchange Online Plan 2)的組織使用者將無法接受邀請成貴組織的來賓,因為 Teams 認為這些使用者屬於相同的組織。Users in your organization who have standalone Microsoft 365 subscription plans only, such as Exchange Online Plan 2, cannot be invited as guests to your organization because Teams considers these users to belong to the same organization. 若要讓這些使用者使用 Teams,這些使用者必須獲派 Microsoft 365 商務標準版、Office 365 企業版或 Office 365 教育版訂閱。For these users to use Teams, they must be assigned an Microsoft 365 Business Standard, Office 365 Enterprise, or Office 365 Education subscription.

來賓存取權檢閱Guest access reviews

您可以針對群組成員或指派至應用程式的使用者,使用 Azure AD 建立存取權檢閱。You can use Azure AD to create an access review for group members or users assigned to an application. 建立週期性的存取權檢閱可以節省您的時間。Creating recurring access reviews can save you time. 如果您需要定期檢閱能夠存取應用程式、小組或群組成員的使用者,您可以定義這些檢閱的頻率。If you need to routinely review users who have access to an application, a team, or are members of a group, you can define the frequency of those reviews.

您可以自行執行來賓存取,要求來賓查閱其成員資格,或要求應用程式擁有者或商務決策者執行存取權檢閱。You can perform a guest access review yourself, ask guests to review their own membership, or ask an application owner or business decision maker to perform the access review. 使用 Azure 入口網站以執行來賓存取權檢閱。Use the Azure portal to perform guest access reviews. 如需其他資訊,請參閱 使用 Azure AD 存取權檢閱管理來賓存取For more information, see Manage guest access with Azure AD access reviews.

與組織外部的人員共同作業Collaborating with people outside your organization

在特定的 Microsoft 365 群組或 Microsoft Teams 小組封鎖來賓Block guests from a specific Microsoft 365 group or Microsoft Teams team

建立安全的來賓共用環境Create a secure guest sharing environment

連絡商務產品的客戶支援 - 系統管理說明Contact support for business products - Admin Help

為 Teams 設定三層保護Configure Teams with three tiers of protection