移动设备保护加强计划Plan for enhancing mobile devices protection

备注

本主题是更大的设计注意事项指南的一部分。This topic is part of a larger design considerations guide. 如果你希望从指南的开头开始,请查看主要主题If you'd like to start at the beginning of the guide, check out the main topic. 若要获取此完整指南的可下载副本,请访问 TechNet 库To get a downloadable copy of this entire guide, visit the TechNet Gallery.

虽然本地和远程用户可通过在其移动设备上访问公司资源来提高工作效率,但允许他们这样做也会增加安全威胁,你将需要缓解这些威胁来帮助保护你的公司数据和维护用户隐私。While on-premises and remote users can be more productive by accessing company resources on their mobile devices, letting them to do also increases security threats that you’ll need to mitigate in order to help protect your company’s data and maintain user privacy. 你的公司可能对如何平衡这些需求有特定的要求。Your company might have specific requirements about how to balance these needs. 例如,合规性规则可能因你的公司所经营的行业而异,这可能导致不同的设计决策。Compliance rules can vary depending on the industry in which your company operates, for example, which may lead to different design decisions.

但是,需要浏览和遵循移动设备管理中安全性的某些常规方面,而无需考虑该行业。However, there are some general aspects of security in mobile device management to explore and conform to, regardless of the industry. 这些如下图中所示。These are shown in the figure below.

MDM 平台的核心安全功能

MDM 解决方案中的安全功能Security capabilities in a MDM solution

下图显示任何 MDM 解决方案中所需的核心安全功能。This diagram shows the core security capabilities required in any MDM solution. 要考虑的关键领域如下所示:The key areas to consider are the following:

  1. 移动设备级别的数据保护的注意事项:Considerations for data protection at the mobile device level:
    • 数据加密Data encryption
    • 数据分类Data classification
    • 客户端隐私Client privacy
    • 容器化Containerization
    • 策略强制Policy enforcement
    • 相容性策略Compliance policies
    • 强化Hardening
  2. 传输过程中的数据保护的注意事项:Considerations for data protection while in transit:
    • 数据加密Data encryption
    • 身份验证Authentication
    • 授权Authorization
  3. 在本地组织中处于静态时的数据保护的注意事项:Considerations for data protection while at rest in your on-premises organization:
    • 数据加密Data encryption
    • 身份验证Authentication
    • 授权Authorization
  4. 在云中处于静态时的数据保护的注意事项:Considerations for data protection while at rest in the cloud:
    • 数据加密Data encryption
    • 身份验证Authentication
    • 授权Authorization

下列部分描述的任务可以帮助你了解你的特定安全需求将如何影响关于业务要求的最佳 MDM 解决方案的决策。The tasks described in the sections that follow can help you understand how your specific security needs will influence your decision about the best MDM solution for your business requirements.

关于此步骤About this step

本指南此部分有 12 个步骤。There are 12 steps in this section of the guide. 阅读这些部分的总时间大约为 36 分钟,你也可以跳到特定的部分。Total time to read through the sections is about 36 minutes, or you can jump to a specific section.