设备注册选项Device enrollment options

备注

本主题是更大的设计注意事项指南的一部分。This topic is part of a larger design considerations guide. 如果你希望从指南的开头开始,请查看主要主题If you'd like to start at the beginning of the guide, check out the main topic. 若要获取此完整指南的可下载副本,请访问 TechNet 库To get a downloadable copy of this entire guide, visit the TechNet Gallery.

在 Microsoft Intune 中注册设备(无论它是独立版本还是已连接到 System Center 2012 R2 Configuration Manager (ConfigMgr)),要求你准备用于设备的服务。Enrolling devices in Microsoft Intune, whether standalone or when connected to System Center 2012 R2 Configuration Manager (ConfigMgr), requires that you prepare the service for the devices. 在 Office 365 的 MDM 中注册移动设备还要求你激活 MDM、配置基本设置,以及将每位用户包含在下次他们在其移动设备上登录到 Office 365 时的注册消息的安全策略响应中。Enrolling mobile devices in MDM for Office 365 also requires that you activate MDM, configure basic settings, and include each user in a security policy respond to an enrollment message the next time they sign in to Office 365 on their mobile device. 他们必须在用于访问 Office 365 电子邮件和文档的每台移动设备上完成注册和激活步骤。They must complete the enrollment and activation steps on each mobile device they will use to access Office 365 email and documents.

Intune 独立版本需要配置为定义移动设备管理机构解决方案,这既可以是 Intune 也可以是本地 ConfigMgr 基础结构。Intune standalone needs to be configured to define the Mobile Device Management Authority solution, which can be either Intune or an on-premises ConfigMgr infrastructure. 这仅表示“你想要使用哪个管理平台来管理已注册 Intune 的设备 – 是 Intune 还是 ConfigMgr?”This simply means “which management platform do you want to use to manage Intune-enrolled devices – Intune or ConfigMgr?” 请务必了解选择最佳选项对你的组织的影响,因为管理解决方案一经选定将无法轻易更改。It’s very important to understand the impact of choosing the best option for your organization, as the management solution cannot be easily changed once chosen. 如果你以后需要更改此配置,必须联系 Microsoft 支持人员获取帮助。If you need to change this configuration later, you’ll have to contact Microsoft Support for assistance. Office 365 租户可以更轻松地指定和更改 Office 365 的 MDM 与 Intune 之间的 MDM机构。For Office 365 tenants, you can more easily designate and change the MDM authority between MDM for Office 365 and Intune. 通过更改用户的许可证分配,可以轻松地切换用户级别管理机构。You can easily switch the user-level management authority by changing the license assignment for a user.

对于大多数已使用 ConfigMgr 管理电脑、服务器和其他设备的组织而言,通过 Intune 连接本地解决方案并且通过 ConfigMgr 管理设备通常是最佳选择。For most organizations that are already using ConfigMgr to manage PCs, servers, and other devices, connect the on-premises solution with Intune and managing devices with ConfigMgr is usually the best choice. 若要将移动设备管理机构分配给 ConfigMgr,你需要创建 Intune 订阅,并选择允许 ConfigMgr 管理 Intune 订阅和已注册 Intune 的设备的选项。To assign the mobile device management authority to ConfigMgr, you need to create an Intune subscription and select the option to allow ConfigMgr to manage the Intune subscription and Intune-enrolled devices. 也可以从 ConfigMgr 控制台中创建 Intune 订阅。The Intune subscription can also be created from within the ConfigMgr console.

此外,在能够注册运行不同类型的移动操作系统的某些类型的移动设备之前,你将需要根据特定的配置要求准备 Intune 服务或 Office 365 的 MDM。Additionally, before you can enroll certain types of mobile devices running different types of mobile operating systems, you’ll need to prepare the Intune service or MDM for Office 365 with specific configuration requirements. 例如,如果你计划注册基于 Apple iOS 的设备,则在注册基于 iOS 的设备前,你需要使用 Apple 推送通知 (APN) 服务证书配置 Intune。For example, if you plan to enroll Apple iOS-based devices, you’ll need to configure Intune with an Apple Push Notification (APN) service certificate prior to enrolling iOS-based devices. 如果未配置 Intune,它将无法与 APN 服务和基于 iOS 的设备通信。If this isn’t configured, Intune can’t communicate with the APN service and iOS-based devices. 运行 AndroidWindows Phone 操作系统的移动设备具有单独的注册要求。Mobile devices running Android or Windows Phone operating systems have separate enrollment requirements

对步骤 1 中的问题的回答将帮助你决定你希望设备如何在移动设备管理解决方案中注册。Your answers to the questions in Step 1 will help you decide how you want devices to be enrolled in your mobile device management solution. 下表比较了每个注册方案的优缺点:The table below compares the advantages and disadvantages of each enrollment scenario:

领域Area 管理员注册设备Administrators enroll devices 用户自助注册设备Users self-enroll devices
成本Costs 如果是有经验的管理员执行设备注册,支持/帮助人员成本可能会降低Support/help desk costs may decrease since experienced administrators are performing the device enrollments. 支持成本或支持人员呼叫次数可能会增加,因为缺乏经验的用户可能在注册期间需要私人帮助Potential increase in support costs or help desk calls, less-experienced users may need personal help with enrollment
方便Convenience 每台设备均可在没有任何用户交互的情况下进行注册,从而减少了设备注册错误。Each device is enrolled without any user interaction, reducing device enrollment errors. 用户可能不得不跟你一起安排时间放置和选取移动设备,这需要进行设备注册计划和跟踪。Users may have to arrange times with you to drop off and pick up mobile devices, requiring device enrollment scheduling and tracking. 在大多数情况下,设备注册比集中注册过程要快。Quicker device enrollment than a centralized enrollment process in most cases. 也许对设备所有者/用户而言,这一方案更为方便灵活。May be more convenient and flexible for device owners/users.
AdministrationAdministration 更易于支持更复杂、自动化、批量或高度自定义的设备注册。Easier to support more complex, automated, bulk, or highly customized device enrollment. 管理员密切控制所有设备的注册情况,这可在注册过程开始时有效地预筛选任意设备或用户。Administrators closely control the enrollment of all devices, effectively pre-screening any device or user at the beginning of the enrollment process. 将相对简单的管理任务转移到你的用户,可节省时间、计划、跟踪和管理开销。Offloads relatively simple administration tasks to your users, saving time, scheduling, tracking, and administration overhead.
安全Security 如果支持 BYOD 策略,则在未提供相应的安全控制时,管理员将更有可能看到或公开敏感的用户个人信息。If supporting a BYOD strategy, increased likelihood that administrators may see or expose sensitive user personal information if appropriate security controls are not in place. 现代移动设备的用户可能觉得这种集中既管理繁琐又不方便,使得用户定义的解决方法可能会危及注册安全和合规性过程Modern mobile device users may feel that this centralization is cumbersome and inconvenient, leading to user-defined workarounds that may compromise enrollment security and compliance processes

你的组织可能想要同时使用这两个注册方案,以便可以灵活地针对不同的部门或情况使用不同的方法。Your organization might want to allow both of these enrollment scenarios, taking a flexible approach to permit different methods for different departments or situations. 如果是这样,你的移动设备管理解决方案必须能同时支持这两个方案。If so, your mobile device management solution must be able to support both scenarios.