确定 SaaS 连接要求Identify SaaS connectivity requirements

备注

本主题是更大的设计注意事项指南的一部分。This topic is part of a larger design considerations guide. 如果你希望从指南的开头开始,请查看主要主题If you'd like to start at the beginning of the guide, check out the main topic. 若要获取此完整指南的可下载副本,请访问 TechNet 库To get a downloadable copy of this entire guide, visit the TechNet Gallery.

你连接本地基础结构的方式将影响使用所有 MDM 解决方案管理用户和设备身份的方式:Intune、适用于 Office 365 的 MDM 与混合 Intune 和 ConfigMgr 部署。How you connect your on-premises infrastructure will impact of how user and device identity is managed with all MDM solutions: Intune, MDM for Office 365, and hybrid Intune and ConfigMgr deployments. Intune 和适用于 Office 365 的 MDM 都利用了由 Azure Active Directory 服务提供的目录服务体系结构。Both Intune and MDM for Office 365 leverage the directory services architecture provided by Azure Active Directory Services. 当你设计移动设备管理解决方案中的身份管理支持时,与 Azure 的集成为你提供了很大的灵活性。This integration with Azure gives you a lot of flexibility when you're designing identity management support in your mobile device management solution.

如下面的列表所示,将本地目录服务与 Azure 连接是启用单一登录和统一目录帐户管理的关键要求。As shown in the lists below, connecting your on-premises directory services with Azure is the key requirement for enabling single sign-on and unified directory account management. 单一登录使用户可以更加容易地连接到在本地和云中的公司资源。Single sign-on makes it much easier for your users to connect to company resources that are on-premises and in the cloud. 使用单个位置可使管理员更轻松地管理帐户。Having a single place to manage accounts makes it easier for administrators. 对于移动访问,在 Azure 和本地目录服务之间同步目录帐户属性和凭据可允许用户在其移动设备上进行身份验证,以访问由适用于 Office 365 的 MDM 或 Intune 管理的资源。For mobile access, synchronizing directory account attributes and credentials between Azure and on-premises directory services allows users to authenticate on their mobile devices for accessing resources that are managed by either MDM for Office 365 or Intune.

集成身份管理的概述

集成身份管理的概述Overview of integrated identity management

根据你对任务 2 中的问题的回答,你应该能够确定 SaaS 解决方案需要如何连接到移动设备管理解决方案的本地客户端管理平台。Depending on how you answered the questions in Task 2, you should be able to determine how the SaaS solution needs to connect to your on-premises client management platform for your mobile device management solution. 下面的列表将帮助你了解将本地基础结构与 SaaS 解决方案连接的优点和缺点。The lists below will help you understand the advantages and disadvantages of connecting your on-premises infrastructure with a SaaS solution.

Intune(独立版)Intune (standalone)

优点Advantages

  • 与 Azure Active Directory 紧密集成,用于管理用户和设备身份和身份验证Tightly integrated with Azure Active Directory for managing user and device identity and authentication
  • 支持可利用现有本地帐户凭据的用户凭据自我管理和单一登录体验Supports user credential self-management and single sign-on experiences that can leverage existing on-premises account credentials
  • 支持对数千个预先集成的 SaaS 应用程序进行单一登录访问Supports single sign-on access to thousands of pre-integrated SaaS applications
  • 通过为本地和云应用程序强制执行基于规则的多因素身份验证 (MFA) 来支持应用程序访问安全性Supports application access security by enforcing rules-based multifactor authentication (MFA) for both on-premises and cloud applications

缺点Disadvantages

  • 高级目录服务连接性特性和功能需要与 Azure Active Directory Premium 配对Advanced directory services connectivity features and functionality require pairing with Azure Active Directory Premium

Office 365 的 MDMMDM for Office 365

优点Advantages

  • 与 Office 365 租户集成,后者使用 Azure Active Directory 主干管理用户和设备身份和身份验证Integrated with Office 365 tenants, which use the Azure Active Directory backbone for managing user and device identity and authentication
  • 作为将服务与 Office 365 连接的一部分,可以连接本地目录服务On-premises directory services can be connected as a part of connecting services with Office 365
  • 支持可利用现有本地帐户凭据的用户自我管理和单一登录体验Supports user self-management and single sign-on experiences that can leverage existing on-premises account credentials
  • 通过使用 Azure MFA 服务支持设备注册的多重身份验证Supports multi-factor authorization for device enrollments by using the Azure MFA service

缺点Disadvantages

  • 不支持与其他 SaaS 解决方案或应用程序的移动应用程序管理集成Doesn’t support mobile application management integration with other SaaS solutions or applications

混合版(带 ConfigMgr 的 Intune)Hybrid (Intune with ConfigMgr)

优点Advantages

  • 除了 Intune 独立版的所有优点外,还包括以下优点:All the advantages of Intune standalone, plus the following:
    • 通过 ConfigMgr 基础结构与本地目录服务直接集成Direct integration with on-premises directory services through ConfigMgr infrastructure

缺点Disadvantages

  • 对于尚未配置当前 ConfigMgr 基础结构的组织,将需要在与 Intune 集成前进行规划、安装和配置For organizations that don’t have a current ConfigMgr infrastructure configured, it will need to be planned, installed and configured prior to integrating with Intune
  • 对于具有 ConfigMgr 的组织,需要满足其他本地部署要求和配置更改。Requires additional on-premises deployment requirements and configuration changes for organizations with ConfigMgr.