保护 Azure Active Directory 和 Microsoft 365 中的外部协作Securing external collaboration in Azure Active Directory and Microsoft 365

保护与外部合作伙伴之间的协作可确保合适的外部合作伙伴可以在合适的时间范围内适当访问内部资源。Secure collaboration with external partners ensures that the right external partners have appropriate access to internal resources for the right length of time. 通过全面的管理方法,可以降低安全风险,满足合规性目标,并确保你了解具有访问权限的人员。Through a holistic governance approach, you can reduce security risks, meet compliance goals, and ensure that you know who has access.

不受管理的协作将导致访问所有权不清晰,还可能会暴露敏感资源。Ungoverned collaboration leads to a lack of clarity on ownership of access, and the possibility of sensitive resources being exposed. 转向安全和受管理的协作可以确保明确外部用户访问的所有权和责任。Moving to secure and governed collaboration can ensure that there are clear lines of ownership and accountability for external users’ access. 这包括:This includes:

  • 管理有权访问资源的外部组织和其中的用户。Managing the external organizations, and users within them, that have access to resources.

  • 确保访问是恰当的、经过审核的、有时间限制的(视具体情况而定)。Ensuring that access is appropriate, reviewed, and time bound where appropriate.

  • 使业务负责人能够在 IT 搭建的防护栏内管理协作。Empowering business owners to manage collaboration within IT-created guard rails.

如果必须满足合规性框架的要求,则受管理的协作可以让你证明访问是否合理。If you must meet compliance frameworks, governed collaboration enables you to attest to the appropriateness of access.

Microsoft 提供了全面的工具套件来保护外部访问。Microsoft offers comprehensive suites of tools for secure external access. Azure Active Directory (Azure AD) B2B 协作是所有外部协作计划的核心。Azure Active Directory (Azure AD) B2B Collaboration is at the center of any external collaboration plan. Azure AD B2B 可以与 Azure AD 中的其他工具和 Microsoft 365 服务中的工具集成,帮助保护和管理外部访问。Azure AD B2B can integrate with other tools in Azure AD, and tools in Microsoft 365 services, to help secure and manage your external access.

此文档集旨在让你能够从临时或松散的外部协作转向更安全的状态。This document set is designed to enable you to move from ad hoc or loosely governed external collaboration to a more secure state.

后续步骤Next steps

请参阅以下文章,了解如何保护对资源的外部访问。See the following articles on securing external access to resources. 建议你按列出顺序执行这些操作。We recommend you take the actions in the listed order.

  1. 确定与外部访问相关的安全状况Determine your security posture for external access

  2. 了解当前的状况Discover your current state

  3. 创建治理计划Create a governance plan

  4. 使用组以确保安全性Use groups for security

  5. 转换到 Azure AD B2BTransition to Azure AD B2B

  6. 通过权利管理实现安全访问Secure access with Entitlement Management

  7. 通过条件访问策略实现安全访问Secure access with Conditional Access policies

  8. 通过敏感度标签实现安全访问Secure access with Sensitivity labels

  9. 实现对 Microsoft Teams、OneDrive 和 SharePoint 的安全访问Secure access to Microsoft Teams, OneDrive, and SharePoint