条件访问的最终用户体验End-user experience of conditional access

当用户首次尝试访问设备上的电子邮件或随后同步时,将检查设备注册和合规性状态。When the user attempts to access email on the device for the first time, or sync subsequently, the device enrollment and compliance status is checked. 注册或修复合规性问题的过程是一种指导式体验。The process of enrolling or fixing compliance issues is a guided experience. 将向最终用户显示注册设备并让其合规的必要步骤,用户无需联系 IT 支持人员:The end-user is shown the necessary steps to enroll their device and make it compliant without needing to call your IT help desk:

  • 如果设备未注册,登录页面将显示访问被拒绝并提示你进行注册。If the device is not enrolled, the sign-in page will show access denied and will prompt for enrollment. 注册时,设备会自动注册 Azure Active Directory。On enrollment, the device is automatically registered in Azure Active Directory. Intune 检查设备是否合规,并提供修正措施以解决任何非合规性问题。Intune checks the device for compliance and provides remediation steps to resolve any non-compliance issues. 设备合规后,Intune 将使用 Azure Active Directory 设定设备的合规性状态。Once the device is compliant, Intune sets the device compliance status with Azure Active Directory.

  • 如果设备已注册但不合规,则将向设备发送包含问题修正措施的链接。If the device is enrolled but is not in compliance, a link with steps to remediate the issues is sent to the device. 最终用户纠正此问题后(例如设置密码、加密),管理合规性策略的 Intune 将在 Azure AD 中更新设备的合规性状态。When the end-user corrects the issue (for example, set password, encryption), Intune which manages the compliance policies updates the compliance status of the device in Azure AD.

设备被评定为已注册且合规后,几分钟内即会进行电子邮件同步。Once the device is evaluated as enrolled and compliant, the email sync should happen within a few minutes.

AndroidAndroid

本主题描述在启用条件访问并且最终用户首次尝试在其 Android 移动设备上访问电子邮件之后的注册体验。This topic describes the enrollment experience after conditional access is enabled and an end user first tries to access email on their Android mobile device.

iOSiOS

本主题描述在启用条件访问后,当最终用户首次尝试在其 iOS 移动设备上访问电子邮件时的用户体验。This topic describes the user experience when an end user first tries to access email on their iOS mobile device after conditional access is enabled.

Windows PhoneWindows Phone

本主题描述在启用条件访问并且最终用户首次尝试在其 Windows Phone 上访问电子邮件之后的最终用户体验。This topic describes the end-user experience after conditional access is enabled and an end user tries to access email on their Windows Phone.