网络连接管理选项Network connectivity management options

备注

本主题是更大的设计注意事项指南的一部分。This topic is part of a larger design considerations guide. 如果你希望从指南的开头开始,请查看主要主题If you'd like to start at the beginning of the guide, check out the main topic. 若要获取此完整指南的可下载副本,请访问 TechNet 库To get a downloadable copy of this entire guide, visit the TechNet Gallery.

根据基础结构,移动设备可以从各种 Internet 连接服务连接到企业资源,这些资源通常由 VPN 保护的终结点进行保护。Depending on your infrastructure, mobile devices might be able to connect to corporate resources from a variety of Internet connectivity services, which are often secured by VPN-protected endpoints.

使用 Intune 或与 ConfigMgr 的混合部署,你可以部署 Wi-Fi 配置文件来预配 Wi-Fi 网络,使设备在位于网络范围内时可自动连接到网络。By using Intune or a hybrid deployment with ConfigMgr, you can deploy Wi-Fi profiles to provision Wi-Fi networks, so a device can auto-connect to the network when it is in range. 例如,移动设备可配置为连接分段到会议室的 Wi-Fi 网络,但在漫游到不同位置时又随即切换为连接某个 Wi-Fi 网络段。For example, mobile devices can be configured to connect to a Wi-Fi network segmented to a conference room, but then switch to connect to a Wi-Fi network segment when roaming to a different location. 用户无需输入密码或选择网络,因为连接自动进行。Users don’t have to enter passwords or choose a network; the connection works automatically.

IntuneConfigMgr 也可以将 VPN 配置文件直接部署到移动设备,让用户无需额外配置或手动操作即可访问内部企业资源。Intune and ConfigMgr can also deploy VPN profiles directly to mobile devices, to let user access internal corporate resources without extra configuration or manual work. 此外,Intune 还可以将移动设备配置为自动启动基于资源类型或访问方法的 VPN 连接。Additionally, Intune can configure mobile devices to automatically start a VPN connection that is based on the type resource or method of access. 但请注意,不同类型的移动设备操作系统执行此操作会有不同的配置要求。Be aware, however, that there are different configuration requirements for doing this for different types of mobile device operating systems.

对任务 3 中的问题的回答可以帮助你确定设备要如何连接企业资源。Your answers to the questions in Task 3 can help you determine how you want devices to be connect to corporate resources. 请注意, Office 365 的 MDM 当前不支持管理移动设备的无线和 VPN 网络资源。Be aware that currently, MDM for Office 365 doesn’t support managing wireless and VPN network resources for mobile devices.

下表列出了使用 Intune 独立版和带 ConfigMgr 的 Intune 混合版来管理无线网络和 VPN 网络的优缺点。The lists below outline the advantages and disadvantages of managing wireless and VPN networks using Intune standalone and hybrid Intune with ConfigMgr.

Intune(独立版)Intune (standalone)

优点Advantages

  • 支持所有主要的移动设备操作系统(Android、iOS、Windows 10、Windows 8.x 以及 Windows Phone)上的无线和 VPN 配置文件Supports wireless and VPN profiles on all major mobile device operating systems (Android, iOS, Windows 10, Windows 8.x, and Windows Phone)
  • 支持业界领先的 VPN 连接类型,包括 Cisco、Juniper、Dell SonicWall 和 Checkpoint 等Supports industry leading VPN connection types, including Cisco, Juniper, Dell SonicWall, Checkpoint, and others
  • 无线和 VPN 配置文件可与 SCEP 证书配置文件集成,以提升安全性Wireless and VPN profiles can be integrated with SCEP certificate profiles for increased security
  • 支持为不同类型的用户、设备、设备操作系统或用户组和角色配置自定义的无线和 VPN 配置文件Supports configuring customized wireless and VPN profiles for different types of users, devices, device operating systems, or user groups and roles
  • Windows 10、Windows 8.1、Windows Phone 8.1 和 iOS 支持基于 DNS 名称启动DNS name-based initiation support for Windows 10, Windows 8.1, Windows Phone 8.1 and iOS
  • 基于应用程序 ID 的初始化支持 Windows 10 和 Windows 8.1Application ID based initiation support for Windows 10 and Windows 8.1
  • 选择通过 VPN 配置文件中的 VPN 自动连接到你的企业网络的应用。Select apps that automatically connect to your corporate network over VPN in VPN profiles

缺点Disadvantages

  • 若要支持 VPN 配置文件,你将需要部署和维护本地 VPN 基础结构To support VPN profiles, you’ll need to deploy and maintain an on-premises VPN infrastructure

Office 365 的 MDMMDM for Office 365

Office 365 的 MDM 不支持 Wi-Fi 和 VPN 策略。Support for Wi-Fi and VPN policies aren't supported in MDM for Office 365.

混合版(带 ConfigMgr 的 Intune)Hybrid (Intune with ConfigMgr)

优点Advantages

  • 除了 Intune 独立版的所有优点外,还包括以下优点:All the advantages of Intune standalone, plus the following:
    • 现有的本地企业 VPN 基础结构支持 VPN 配置文件VPN profiles are supported by your existing on-premises enterprise VPN infrastructure

缺点Disadvantages

  • 若要支持 VPN 配置文件,你将需要部署和维护本地 VPN 基础结构To support VPN profiles, you’ll need to deploy and maintain an on-premises VPN infrastructure
  • 必须授予特定安全权限,以在 ConfigMgr 中管理 Wi-Fi 配置文件VPN 配置文件Specific security permissions must be granted to manage Wi-Fi profiles and VPN profiles in ConfigMgr

查看以下内容,了解有关移动设备电子邮件配置管理选项的详细信息:Explore the details about mobile device email configuration management options by reviewing the following: