国家云National clouds

国家云是物理上独立的 Azure 实例。National clouds are physically isolated instances of Azure. Azure 的这些区域旨在确保数据驻留、主权和合规性要求在地理边界内得到遵从。These regions of Azure are designed to make sure that data residency, sovereignty, and compliance requirements are honored within geographical boundaries.

包括全球云,Azure Active Directory (Azure AD) 部署在以下国家云中:Including the global cloud, Azure Active Directory (Azure AD) is deployed in the following national clouds:

  • Azure GovernmentAzure Government
  • Azure 德国Azure Germany
  • Azure 中国世纪互联Azure China 21Vianet

国家云是独一无二的,与 Azure 全球分开的环境。National clouds are unique and a separate environment from Azure global. 在为这些环境开发应用程序时,了解关键差异非常重要。It's important to be aware of key differences while developing your application for these environments. 差异包括注册应用程序、获取令牌和配置终结点。Differences include registering applications, acquiring tokens, and configuring endpoints.

应用注册终结点App registration endpoints

每个国家云都有一个单独的 Azure 门户。There's a separate Azure portal for each one of the national clouds. 若要在国家云中将应用程序与 Microsoft 标识平台集成,需要在每个特定于环境的 Azure 门户中单独注册应用程序。To integrate applications with the Microsoft identity platform in a national cloud, you're required to register your application separately in each Azure portal that's specific to the environment.

下表列出了用于为每个国家云注册应用程序的 Azure AD 终结点的基 URL。The following table lists the base URLs for the Azure AD endpoints used to register an application for each national cloud.

国家云National cloud Azure AD 门户终结点Azure AD portal endpoint
适用于美国政府的 Azure ADAzure AD for US Government https://portal.azure.us
Azure AD 德国Azure AD Germany https://portal.microsoftazure.de
由世纪互联运营的 Azure AD 中国Azure AD China operated by 21Vianet https://portal.azure.cn
Azure AD(全局服务)Azure AD (global service) https://portal.azure.com

Azure AD 身份验证终结点Azure AD authentication endpoints

所有各国云在每个环境中分别对用户进行身份验证,并具有单独的身份验证终结点。All the national clouds authenticate users separately in each environment and have separate authentication endpoints.

下表列出了用于获取每个国家云的令牌的 Azure AD 终结点的基 URL。The following table lists the base URLs for the Azure AD endpoints used to acquire tokens for each national cloud.

国家云National cloud Azure AD 身份验证终结点Azure AD authentication endpoint
适用于美国政府的 Azure ADAzure AD for US Government https://login.microsoftonline.us
Azure AD 德国Azure AD Germany https://login.microsoftonline.de
由世纪互联运营的 Azure AD 中国Azure AD China operated by 21Vianet https://login.chinacloudapi.cn
Azure AD(全局服务)Azure AD (global service) https://login.microsoftonline.com

可以使用适当的特定于区域的基 URL 来形成对 Azure AD 授权或令牌终结点的请求。You can form requests to the Azure AD authorization or token endpoints by using the appropriate region-specific base URL. 例如,对于 Azure 德国:For example, for Azure Germany:

  • 授权常用终结点为 https://login.microsoftonline.de/common/oauth2/v2.0/authorizeAuthorization common endpoint is https://login.microsoftonline.de/common/oauth2/v2.0/authorize.
  • 令牌常用终结点为 https://login.microsoftonline.de/common/oauth2/v2.0/tokenToken common endpoint is https://login.microsoftonline.de/common/oauth2/v2.0/token.

对于单租户应用程序,请将先前 URL 中的“common”替换为你的租户 ID 或名称。For single-tenant applications, replace "common" in the previous URLs with your tenant ID or name. 例如 https://login.microsoftonline.de/contoso.comAn example is https://login.microsoftonline.de/contoso.com.

Microsoft Graph APIMicrosoft Graph API

若要了解如何在国家云环境中调用 Microsoft Graph API,请转到国家云部署中的 Microsoft GraphTo learn how to call the Microsoft Graph APIs in a national cloud environment, go to Microsoft Graph in national cloud deployments.

重要

全球服务的特定区域中的某些服务和功能可能并非在所有国家云中都可用。Certain services and features that are in specific regions of the global service might not be available in all of the national clouds. 若要了解哪些服务可用,请访问可用产品(按区域)To find out what services are available, go to Products available by region.

后续步骤Next steps

了解有关以下方面的详细信息:Learn more about: