客户端隐私Client privacy

备注

本主题是更大的设计注意事项指南的一部分。This topic is part of a larger design considerations guide. 如果你希望从指南的开头开始,请查看主要主题If you'd like to start at the beginning of the guide, check out the main topic. 若要获取此完整指南的可下载副本,请访问 TechNet 库To get a downloadable copy of this entire guide, visit the TechNet Gallery.

当你的公司部署移动设备管理时,请务必注意用户隐私和组织隐私之间的界限。When your company rolls out mobile device management, it’s important to be aware of the boundaries between user privacy and organization privacy. 理想情况下,你的组织应该已经有一个明确的隐私策略,指出用户在数据隐私方面的预期。Ideally, your organization should already have a clear privacy policy stating what’s expected from users regarding data privacy. 由于移动设备可能存储公司数据,并且这些设备将随用户而动,因此明确定义界限并让用户事先知道他们在维护组织隐私方面所起的作用很重要。Since mobile devices might store company data and these devices will be traveling around with the user, it’s important that boundaries are well defined, and that your users know upfront what their role is to maintain privacy for your organization.

另一个注意事项是你将如何确保用户知道当他们在组织的 MDM 解决方案中注册其设备时会发生什么。Another consideration is how you will make sure users are aware of what to expect when they enroll their devices in your organization’s MDM solution. 使用 Microsoft Intune 公司门户,你可以自定义公司的隐私声明来包含一个 URL,该 URL 具有当用户使用托管设备时将收集用户的哪些信息的说明。Using Microsoft Intune Company Portal, you can customize your company’s privacy statement to include a URL that has the description of what will be collected from users when they use managed devices.

你还可以发布条款和条件,供用户在首次从其设备使用公司门户时查看,无论该设备是否已在 MDM 解决方案中注册。You can also publish terms and conditions that your users will see when they first use the company portal from their devices, whether or not the device is enrolled in the MDM solution. 用户必须接受这些条款才能访问公司门户。Users must accept the terms before they can access the company portal. 当你更新条款和条件并希望用户查看和接受新条款时,你可以将新的条款和条件标记为新版本,并且用户将在下次访问公司门户时完成相同的接受过程。When you update the terms and conditions and want users to see and accept the new terms, you can mark the new terms and conditions as a new version, and users will go through the same acceptance process the next time they visit the company portal.

当你有将 ConfigMgr 与 Intune 连接的混合环境时,也可以使用相同的要求接受条款和条件的功能。The same capability for requiring acceptance of terms and conditions is also available when you have a hybrid environment with ConfigMgr connected with Intune. 此外,ConfigMgr 可以使用合规性设置来确定设备是否符合你使用配置基线部署的配置项目。In addition, ConfigMgr can use compliance settings to determine whether devices comply with configuration items that you deployed using configuration baselines. 如果某些设置不合规,可以自动修复它们。Some settings can be automatically fixed if they’re out of compliance.

管理点会将符合性信息会发送到站点服务器,并存储在站点数据库中。Compliance information is sent to the site server by the management point and stored in the site database. 设备在将此信息发送到管理点时会对其进行加密,但信息不会以加密格式存储在站点数据库中。This information is encrypted when devices send it to the management point, but it’s not stored in an encrypted format in the site database. 信息将保留在数据库中,直到每 90 天站点维护任务“删除过期的配置管理数据”将其删除。Information is retained in the database until the site maintenance task Delete Aged Configuration Management Data deletes it every 90 days. 你还能够配置删除间隔。You also have the capability to configure the deletion interval. 此合规性信息不会被发送到 Microsoft。This compliance information is not sent to Microsoft.

由于 Intune 和 Office 365 是基于云的服务,因此用户可能还希望知道 Microsoft 如何为这些服务处理用户隐私。Since Intune and Office 365 are cloud-based services, users might also want to be aware of how Microsoft handles user privacy for these services. 你可以提供指针,指向这些服务相关的隐私信息,例如以下各项:You can provide pointers to privacy information about these services, such as the following:

  • Office 365 信任中心Office 365 Trust Center
  • Microsoft Intune 信任中心Microsoft Intune Trust Center

隐私对于用户和贵组织来说非常重要,使用的 MDM 解决方案必须十分恰当地平衡隐私需求之间的关系,并使用户了解贵组织的隐私策略和期望。Privacy is important for both users and your organization, and the MDM solution that you use must appropriately balance privacy needs as well as inform users about your organization’s privacy policy and expectations. 下表比较了不同 MDM 解决方案中提供的隐私要求帮助选项,它们可帮助你选择最适合贵组织隐私要求的 MDM 选项。The table below compares options for assisting with privacy requirements in different MDM solutions to assist you choosing the MDM option that best fits your organization’s privacy requirements.

Intune(独立版)Intune (standalone)

优点Advantages

  • 使用 Intune 公司门户发布组织的隐私声明Uses the Intune Company Portal to publish your organization’s privacy statement

缺点Disadvantages

  • 它没有隐私策略的模板。It doesn’t have a template for a privacy policy. 存在如下假设:你的组织已采用某个隐私策略,并且公司门户将只播发存储在其他位置的此策略。There is an assumption that your organization has a privacy policy in place and the Company Portal is only going to advertise this policy that is stored in another location

包含 MDM 的 Office 365Office 365 with MDM

优点Advantages

  • 没有用于发布隐私声明的功能No features for publishing privacy statements

缺点Disadvantages

  • 没有用于发布隐私声明的功能No features for publishing privacy statements

混合版(带 ConfigMgr 的 Intune)Hybrid (Intune with ConfigMgr)

优点Advantages

  • 使用 Intune 公司门户发布组织的隐私声明Uses the Intune Company Portal to publish your organization’s privacy statement
  • 从云和本地设备注册的移动设备的单个管理控制台Single management console for mobile devices registered from the cloud and on-premises devices

缺点Disadvantages

  • 如果组织没有当前本地 ConfigMgr 基础结构,则需在集成前规划、安装和配置此平台If the organization does not have a current on-premises ConfigMgr infrastructure, it will require to plan, install and configure this platform prior to the integration