使用 Configuration Manager 中的移动应用管理策略Use Mobile App Management policies in Configuration Manager

从 System Center 2012 Configuration Manager SP2 开始,应用程序管理策略可以修改部署的应用的功能,以使其符合公司的合规性策略和安全策略。Beginning with System Center 2012 Configuration Manager SP2, app management policies let you modify the functionality of apps that you deploy to help bring them into line with your company compliance and security policies. 例如,您可以限制在受限制的应用内进行剪切、复制和粘贴操作,或配置应用以打开托管浏览器内的所有 Web 链接。For example, you can restrict cut, copy and paste operations within a restricted app, or configure an app to open all web links inside a managed browser. 应用管理策略支持:App management policies support:

  • 运行 Android 4 和更高版本的设备。Devices that run Android 4 and later.
  • 运行 iOS 7 和更高版本的设备。Devices that run iOS 7 and later.
提示

除了托管设备,移动应用管理 (MAM) 策略还可用于保护不由 Intune 管理的设备上的应用。In addition to managed devices, mobile app management (MAM) policies can be used to protect apps on devices that are not managed by Intune. 你可以使用这项新功能,为连接到 Office 365 服务的应用应用移动应用管理策略。Using this new capability, you can apply mobile app management policies for apps connecting to Office 365 services. 连接到内部部署 Exchange 或 SharePoint 的应用不支持此操作。This is not supported for apps connecting to on-premises Exchange or SharePoint. 若要使用这项新功能,必须使用 Azure 门户。To use this new capability, you must use the Azure portal. 下列主题可帮你入门:The following topics can help you get started:

与 Configuration Manager 中的配置项目和基线不同,你不会直接部署应用程序管理策略。Unlike configuration items and baselines in Configuration Manager, you do not deploy an application management policy directly. 而是将该策略与你想要进行限制的应用部署类型 (DT) 关联。Instead, you associate the policy with the app deployment type (DT) that you want to restrict. 在设备上部署并安装了应用 DT 后,你指定的设置将生效。When the app DT is deployed and installed on devices, the settings you specify will take effect.

若要将限制应用到应用上,该应用必须包含 Microsoft Intune 应用软件开发工具包 (SDK)。To apply restrictions to an app, the app must incorporate the Microsoft Intune App Software Development Kit (SDK). 有两种方式获得此类应用:There are two methods of obtaining this type of app:

使用移动应用管理策略在 Configuration Manager 中创建并部署应用Create and deploy an app in Configuration Manager with a mobile app management policy

  • 步骤 1:获取指向策略托管应用的链接,或创建已包装的应用。Step 1: Get the link to a policy managed app, or create a wrapped app.
  • 步骤 2:创建包含应用的 Configuration Manager 应用程序。Step 2: Create a Configuration Manager application that contains an app.
  • 步骤 3:创建移动应用管理策略。Step 3: Create a mobile app management policy.
  • 步骤 4:将应用管理策略与部署类型关联。Step 4: Associate the app management policy with a deployment type.
  • 步骤 5:监视应用部署。Step 5: Monitor the app deployment.

步骤 2:创建包含应用的 Configuration Manager 应用程序。Step 2: Create a Configuration Manager application that contains an app.

创建 Configuration Manager 应用程序的过程有所不同,具体取决于使用的是策略托管应用(外部链接)还是通过适用于 iOS 的 Microsoft Intune 应用包装工具(iOS 应用包)创建的应用。The procedure to create the Configuration Manager application differs depending on whether you are using a policy managed app (external link), or an app that was created by using the Microsoft Intune App Wrapping Tool for iOS (App package for iOS).

有关创建包含应用的 Configuration Manager 应用程序所需的完整步骤,请参阅如何在 Configuration Manager 中使用移动应用程序管理策略控制应用See How to Control Apps Using Mobile Application Management Policies in Configuration Manager for the complete steps required to create a Configuration Manager application that contains an app.

创建应用程序后,它会显示在“软件库”工作区“应用程序”节点中。After you have created the application, it is displayed in the Applications node of the Software Library workspace.

步骤 3:创建移动应用程序管理策略。Step 3: Create a mobile application management policy.

接下来,你将创建一个应用程序管理策略,该策略将与该应用程序关联。Next, you will create an application management policy that you will associate with the application. 可以创建一个常规或托管浏览器策略。You can create a general or managed browser policy.

新建策略后,它会显示在“软件库”工作区“应用程序管理策略”节点中。After you have created the new policy, it is displayed in the Application Management Policies node of the Software Library workspace.

步骤 4:将应用管理策略与部署类型关联。Step 4: Associate the app management policy with a deployment type.

在为某个需要应用程序管理策略的应用创建部署类型时,Configuration Manager 将在部署关联应用时确认应用管理策略必须已链接到此部署类型,并提示你关联应用管理策略。When a deployment type is created for an app that requires an application management policy, Configuration Manager will recognize that an app management policy must be linked to this deployment type when the associated app gets deployed and prompt you to associate an app management policy. 对于托管浏览器,将需要关联常规和托管浏览器策略。For the Managed Browser, you will be required to associate both a General and Managed Browser policy. 有关详细信息,请参阅如何在 Configuration Manager 中针对移动设备创建和部署应用程序For more information, see How to Create and Deploy Applications for Mobile Devices in Configuration Manager.

提示

对于运行 iOS 7.1 之前的操作系统的设备,关联的策略只有在卸载应用后才能删除。For devices that run operating systems earlier than iOS 7.1, associated policies will not be removed when the app is uninstalled.

如果从 Configuration Manager 取消注册设备,则策略不会从应用中删除。If the device is unenrolled from Configuration Manager, polices are not removed from the apps. 应用了策略的应用将保留策略设置,甚至在卸载并重新安装了该应用后也是如此。Apps that had policies applied will retain the policy settings even after the app is uninstalled and reinstalled.

步骤 5:监视应用部署。Step 5: Monitor the app deployment.

创建并部署了与 MAM 策略关联的应用后,可以监视应用并解决所有策略冲突问题Once you have created and deployed an app associated with a MAM policy, you can monitor the app and resolve any policy conflicts.

有关监视应用程序的常规信息,请参阅如何在 Configuration Manager 中监视应用程序For general information about monitoring applications, see How to Monitor Applications in Configuration Manager.

后续步骤Where to go from here

创建并部署与 MAM 策略关联的应用后,可以了解有关 MAM 最终用户体验的详细信息。After you have created and deployed an app associated with a MAM policy, you can learn more about the end-user experience of MAM. 这将帮助你为可能出现的任何问题做好准备。This will help prepare you for any issues that might arise.