Exchange Online 中的移动设备邮箱策略Mobile device mailbox policies in Exchange Online

在 Office 365 中,您可以创建移动设备邮箱策略,将常用的策略集或安全设置应用于一组用户。默认移动设备邮箱策略创建在每个 Office 365 组织中。In Office 365, you can create mobile device mailbox policies to apply a common set of policies or security settings to a collection of users. A default mobile device mailbox policy is created in every Office 365 organization.

移动设备邮箱策略概述Overview of mobile device mailbox policies

您可以使用移动设备邮箱策略管理许多不同的设置。其中包括:You can use mobile device mailbox policies to manage many different settings. These include the following:

  • 要求使用密码Require a password

  • 指定最小密码长度Specify the minimum password length

  • 允许使用数字 PIN 或要求在密码中使用特殊字符Allow a numeric PIN or require special characters in the password

  • 指定在要求用户重新输入密码之前设备可以保持非活动状态的时间Designate how long a device can be inactive before requiring the user to re-enter a password

  • 指定密码尝试失败多少次后擦除设备Wipe a device after a specific number of failed password attempts

管理 Exchange ActiveSync 邮箱策略Managing Exchange ActiveSync mailbox policies

移动设备邮箱策略可在 Exchange 管理中心 (EAC) 或 Exchange 命令行管理程序 中创建。如果在 EAC 中创建策略,只能配置可用设置的子集。可以使用 Exchange 命令行管理程序 配置其余的设置。Mobile device mailbox policies can be created in the Exchange Administration Center (EAC) or the Exchange Management Shell. If you create a policy in the EAC, you can configure only a subset of the available settings. You can configure the rest of the settings using the Exchange Management Shell.

移动设备邮箱策略设置Mobile device mailbox policy settings

下表总结了可以使用移动设备邮箱策略指定的设置。The following table summarizes the settings you can specify using mobile device mailbox policies.

移动设备邮箱策略设置Mobile device mailbox policy settings

设置Setting 描述Description
允许蓝牙Allow Bluetooth
此设置指定移动设备是否允许建立 Bluetooth 连接。可用选项包括“禁用”、“仅免提”和“允许”。默认值为“允许”。This setting specifies whether a mobile device allows Bluetooth connections. The available options are Disable, HandsFree Only, and Allow. The default value is Allow.
允许浏览器Allow Browser
此设置指定是否允许在移动设备上使用 Pocket Internet Explorer。此设置不会影响移动设备上安装的第三方浏览器。默认值为 $trueThis setting specifies whether Pocket Internet Explorer is allowed on the mobile device. This setting doesn't affect third-party browsers installed on the mobile device. The default value is $true.
允许照相机Allow Camera
此设置指定是否可以使用移动设备上的照相机。默认值是 $trueThis setting specifies whether the mobile device camera can be used. The default value is $true.
允许用户电子邮件Allow Consumer EMail
此设置指定移动设备用户是否可以在移动设备上配置个人电子邮件帐户(POP3 或 IMAP4)。默认值为 $true。此设置不控制使用第三方移动设备电子邮件程序对电子邮件帐户的访问。 This setting specifies whether the mobile device user can configure a personal email account (either POP3 or IMAP4) on the mobile device. The default value is $true. This setting doesn't control access to email accounts that are using third-party mobile device email programs.
允许桌面同步Allow Desktop Sync
此设置指定移动设备是否可以通过电缆、蓝牙或 IrDA 连接与计算机进行同步。默认值是 $trueThis setting specifies whether the mobile device can synchronize with a computer through a cable, Bluetooth, or IrDA connection. The default value is $true.
允许外部设备管理Allow External Device Management
此设置指定是否允许使用外部设备管理程序来管理移动设备。This setting specifies whether an external device management program is allowed to manage the mobile device.
允许 HTML 电子邮件Allow HTML Email
此设置指定同步到移动设备的电子邮件是否可以采用 HTML 格式。如果此设置设为 $false,所有电子邮件将转换为纯文本。 This setting specifies whether email synchronized to the mobile device can be in HTML format. If this setting is set to $false, all email is converted to plain text.
允许 Internet 共享Allow Internet Sharing
此设置指定是否可以使用移动设备作为台式机或便携式计算机的调制解调器。默认值是 $trueThis setting specifies whether the mobile device can be used as a modem for a desktop or a portable computer. The default value is $true.
AllowIrDAAllowIrDA
此设置指定移动设备是否允许建立红外连接。This setting specifies whether infrared connections are allowed to and from the mobile device.
允许移动 OTA 更新Allow Mobile OTA Update
此设置指定是否可以通过手机网络数据连接将移动设备邮箱策略设置发送到移动设备。默认值为 $trueThis setting specifies whether the mobile device mailbox policy settings can be sent to the mobile device over a cellular data connection. The default value is $true.
允许不可设置的设备Allow non-provisionable devices
此设置指定是否允许可能不支持应用所有策略设置的移动设备使用 Exchange ActiveSync 连接到 Office 365。允许不可设置的设备会产生安全隐患。例如,某些不可设置的设备可能无法实现组织的密码要求。This setting specifies whether mobile devices that may not support application of all policy settings are allowed to connect to Office 365 by using Exchange ActiveSync. Allowing non-provisionable mobile devices has security implications. For example, some non-provisionable devices may not be able to implement an organization's password requirements.
允许 POP/IMAP 电子邮件Allow POPIMAPEmail
此设置指定用户是否可以在移动设备上配置 POP3 或 IMAP4 电子邮件帐户。默认值为 $true。此设置不控制第三方电子邮件程序的访问。 This setting specifies whether the user can configure a POP3 or an IMAP4 email account on the mobile device. The default value is $true. This setting doesn't control access by third-party email programs.
允许远程桌面Allow Remote Desktop
此设置指定移动设备是否可以启动远程桌面连接。默认值是 $trueThis setting specifies whether the mobile device can initiate a remote desktop connection. The default value is $true.
允许简单密码Allow simple password
此设置启用或禁用诸如 1111 或 1234 这样的简单密码。默认值为 $trueThis setting enables or disables the ability to use a simple password such as 1111 or 1234. The default value is $true.
允许 S/MIME 加密算法协商Allow S/MIME encryption algorithm negotiation
此设置指定移动设备上的邮件应用程序是否可以在收件人的证书不支持指定的加密算法时协商加密算法。This setting specifies whether the messaging application on the mobile device can negotiate the encryption algorithm if a recipient's certificate doesn't support the specified encryption algorithm.
允许 S/MIME 软件证书Allow S/MIME software certificates
此设置指定移动设备上是否允许使用 S/MIME 软件证书。This setting specifies whether S/MIME software certificates are allowed on the mobile device.
允许存储卡Allow storage card
此设置指定移动设备是否可以访问存储卡中存储的信息。This setting specifies whether the mobile device can access information that's stored on a storage card.
允许短信服务Allow text messaging
此设置指定是否可以在移动设备上使用短信服务。默认值是 $trueThis setting specifies whether text messaging is allowed from the mobile device. The default value is $true.
允许未签名应用程序Allow unsigned applications
此设置指定是否可以在移动设备上安装未签名的应用程序。默认值是 $trueThis setting specifies whether unsigned applications can be installed on the mobile device. The default value is $true.
允许未签名安装程序包Allow unsigned installation packages
此设置指定是否可以在移动设备上运行未签名的安装程序包。默认值是 $trueThis setting specifies whether an unsigned installation package can be run on the mobile device. The default value is $true.
允许 Wi-FiAllow Wi-Fi
此设置指定是否允许在移动设备上进行无线 Internet 访问。默认值是 $trueThis setting specifies whether wireless Internet access is allowed on the mobile device. The default value is $true.
必须是字母数字密码Alphanumeric password required
此设置要求密码包含数字和非数字字符。默认值为 $trueThis setting requires that a password contains numeric and non-numeric characters. The default value is $true.
已许可应用程序列表Approved Application List
此设置存储了可以在移动设备上运行的已许可应用程序的列表。This setting stores a list of approved applications that can be run on the mobile device.
启用附件Attachments enabled
此设置使附件可以下载到移动设备。默认值为 $trueThis setting enables attachments to be downloaded to the mobile device. The default value is $true.
启用设备加密Device encryption enabled
此设置在移动设备上启用加密。并非所有移动设备都可以强制实行加密。有关详细信息,请参阅设备和移动操作系统文档。This setting enables encryption on the mobile device. Not all mobile devices can enforce encryption. For more information, see the device and mobile operating system documentation.
设备策略刷新间隔Device policy refresh interval
此设置指定从服务器向移动设备发送移动设备邮箱策略的频率。This setting specifies how often the mobile device mailbox policy is sent from the server to the mobile device.
启用 IRMIRM enabled
此设置指定移动设备上是否启用了信息权限管理 (IRM)。This setting specifies whether Information Rights Management (IRM) is enabled on the mobile device.
最大附件大小Max attachment size
此设置控制可下载到移动设备的附件的最大大小。默认值为“Unlimited”。This setting controls the maximum size of attachments that can be downloaded to the mobile device. The default value is Unlimited.
最长日历期限筛选器Max calendar age filter
此设置指定可同步到移动设备的日历日的最大范围。接受以下值:This setting specifies the maximum range of calendar days that can be synchronized to the mobile device. The following values are accepted:
AllAll
工期OneDay
3 个工作日ThreeDays
1 周时间OneWeek
TwoWeeksTwoWeeks
OneMonthOneMonth
最长电子邮件期限筛选器Max email age filter
此设置指定可同步到移动设备的电子邮件项的最大天数。接受以下值:This setting specifies the maximum number of days of email items to synchronize to the mobile device. The following values are accepted:
AllAll
工期OneDay
3 个工作日ThreeDays
1 周时间OneWeek
TwoWeeksTwoWeeks
OneMonthOneMonth
最大电子邮件正文截断大小Max email body truncation size
此设置指定电子邮件在同步到移动设备的过程中被截断的最大大小。该值以千字节 (KB) 为单位。This setting specifies the maximum size at which email messages are truncated when synchronized to the mobile device. The value is in kilobytes (KB).
最大电子邮件 HTML 正文截断大小Max email HTML body truncation size
此设置指定 HTML 电子邮件在同步到移动设备的过程中被截断的最大大小。该值以千字节 (KB) 为单位。This setting specifies the maximum size at which HTML email messages are truncated when synchronized to the mobile device. The value is in kilobytes (KB).
最大不活动时间锁定Max inactivity time lock
此值指定移动设备在要求提供密码重新激活之前可处于非活动状态的时长。可以输入 30 秒和 1 小时之间的任何时间间隔。默认值为 15 分钟。This value specifies the length of time that the mobile device can be inactive before a password is required to reactivate it. You can enter any interval between 30 seconds and 1 hour. The default value is 15 minutes.
最大密码失败尝试次数Max password failed attempts
此设置指定用户为移动设备输入正确密码之前可以尝试的次数。可以输入 4 到 16 之间的任意数字。默认值为 8。This setting specifies the number of attempts a user can make to enter the correct password for the mobile device. You can enter any number from 4 through 16. The default value is 8.
最小密码复杂字符数Min password complex characters
此设置指定移动设备密码要求的最小复杂字符数。复杂字符是指非字母字符。This setting specifies the minimum number of complex characters required in the mobile device's password. A complex character is a character that is not a letter.
最短密码长度Min password length
此设置指定移动设备密码包含的最小字符数。可以输入 1 到 16 之间的任意数字。默认值为 4。This setting specifies the minimum number of characters in the mobile device password. You can enter any number from 1 through 16. The default value is 4.
启用密码Password enabled
此设置启用移动设备密码。This setting enables the mobile device password.
密码有效期Password expiration
此设置使管理员可以配置密码更改时长,经过此时长之后必须更改移动设备的密码。This setting enables the administrator to configure a length of time after which a mobile device password must be changed.
密码历史记录Password history
此设置指定可以存储在用户邮箱中的旧密码数。用户不能重复使用已存储的密码。This setting specifies the number of past passwords that can be stored in a user's mailbox. A user can't reuse a stored password.
启用密码恢复Password recovery enabled
启用此设置后,移动设备可以生成恢复密码并发送到服务器。如果用户忘记自己的移动设备密码,可使用恢复密码解除锁定移动设备,然后可以创建新的移动设备密码。When this setting is enabled, the mobile device generates a recovery password that's sent to the server. If the user forgets their mobile device password, the recovery password can be used to unlock the mobile device and enable the user to create a new mobile device password.
要求设备加密Require device encryption
此设置指定是否要求设备加密。如果设置为 $true,移动设备必须能够支持和实现加密,才能与服务器同步。 This setting specifies whether device encryption is required. If set to $true, the mobile device must be able to support and implement encryption to synchronize with the server.
要求加密 S/MIME 邮件Require encrypted S/MIME messages
此设置指定是否必须加密 S/MIME 邮件。默认值为 $falseThis setting specifies whether S/MIME messages must be encrypted. The default value is $false.
要求加密 S/MIME 算法Require encryption S/MIME algorithm
此设置指定加密 S/MIME 邮件时必须使用哪种必需的算法。This setting specifies what required algorithm must be used when encrypting S/MIME messages.
漫游时要求手动同步Require manual synchronization while roaming
此设置指定移动设备漫游时是否必须手动同步。如果允许在漫游时自动同步,将会经常使移动设备数据计划的数据费用超过预期。This setting specifies whether the mobile device must synchronize manually while roaming. Allowing automatic synchronization while roaming will frequently lead to larger-than-expected data costs for the mobile device data plan.
要求签名 S/MIME 算法Require signed S/MIME algorithm
此设置指定为邮件签名时必须使用哪种必需的算法。This setting specifies what required algorithm must be used when signing a message.
要求签名 S/MIME 邮件Require signed S/MIME messages
此设置指定移动设备是否必须发送已签名的 S/MIME 邮件。This setting specifies whether the mobile device must send signed S/MIME messages.
要求存储卡加密Require storage card encryption
此设置指定是否必须加密存储卡。并非所有移动设备操作系统均支持存储卡加密。有关详细信息,请参阅您的移动设备及移动操作系统的文档。This setting specifies whether the storage card must be encrypted. Not all mobile device operating systems support storage card encryption. For more information, see your mobile device and mobile operating system documentation.
未许可的 ROM 中应用程序列表Unapproved InROM application list
此设置指定不能在 ROM 中运行的应用程序列表。This setting specifies a list of applications that cannot be run in ROM.