Azure Active Directory B2B 协作的限制Limitations of Azure AD B2B collaboration

Azure Active Directory (Azure AD) B2B 协作当前具有本文中描述的限制。Azure Active Directory (Azure AD) B2B collaboration is currently subject to the limitations described in this article.

可能需要进行两次多重身份验证Possible double multi-factor authentication

使用 Azure AD B2B,可在资源组织(邀请方组织)上进行多重身份验证。With Azure AD B2B, you can enforce multi-factor authentication at the resource organization (the inviting organization). B2B 协作用户的条件访问中对使用此方法的原因进行了详细说明。The reasons for this approach are detailed in Conditional Access for B2B collaboration users. 如果合作伙伴已设置并实施了多重身份验证,则他们的用户可能必须在其主组织中执行一次身份验证,然后在你的组织中再次进行身份验证。If a partner already has multi-factor authentication set up and enforced, their users might have to perform the authentication once in their home organization and then again in yours.


通过 B2B 协作流,我们将用户添加到目录,并在邀请兑换、应用分配等期间动态更新用户。In the B2B collaboration flows, we add users to the directory and dynamically update them during invitation redemption, app assignment, and so on. 更新和写入通常发生在一个目录实例中,并且必须复制到所有实例中。The updates and writes ordinarily happen in one directory instance and must be replicated across all instances. 更新所有实例后完成复制。Replication is completed once all instances are updated. 有时,如果在一个实例中编写或更新对象,但是检索该对象的调用针对的是另一个实例,就会出现复制延迟。Sometimes when the object is written or updated in one instance and the call to retrieve this object is to another instance, replication latencies can occur. 如果发生这种情况,刷新或重试可有所帮助。If that happens, refresh or retry to help. 如果正在使用 API 编写应用,则请重试后退操作,这是解决该问题的一个很好的防御措施。If you are writing an app using our API, then retries with some back-off is a good, defensive practice to alleviate this issue.

Azure AD 目录Azure AD directories

Azure AD B2B 受制于 Azure AD 服务目录限制。Azure AD B2B is subject to Azure AD service directory limits. 有关用户可以创建的目录数以及用户或来宾用户可以属于的目录数的详细信息,请参阅 Azure AD 服务限制For details about the number of directories a user can create and the number of directories to which a user or guest user can belong, see Azure AD service limits and restrictions.

国家云National clouds

国家云是物理上独立的 Azure 实例。National clouds are physically isolated instances of Azure. 不支持跨国家云边界的 B2B 协作。B2B collaboration is not supported across national cloud boundaries. 例如,如果 Azure 租户位于公共全球云中,则你无法邀请其帐户位于国家云中的用户。For example, if your Azure tenant is in the public, global cloud, you can't invite a user whose account is in a national cloud. 若要与该用户协作,请让他们使用其他电子邮件地址,或者在你的目录中为他们创建成员用户帐户。To collaborate with the user, ask them for another email address or create a member user account for them in your directory.


Azure 中国 b2b 不支持非 AAD 帐户(如 Microsoft 帐户)、Google 联合身份验证、直接联合身份验证和电子邮件一次性密码。Non-AAD accounts, such as microsoft accounts, google federation, direct federation, and email one-time passcode are not supported in Azure China b2b.

后续步骤Next steps

请参阅以下有关 Azure AD B2B 协作的文章:See the following articles on Azure AD B2B collaboration: