Microsoft Intune 中适用于 Android for Work 设备的合规性策略设置Compliance policy settings for Android for Work devices in Microsoft Intune

适用于:经典门户中的 IntuneApplies to: Intune in the classic portal
在寻找有关 Azure 门户中 Intune 的文档吗?Looking for documentation about Intune in the Azure portal? 请转到此处Go here.

本主题中描述的策略设置适用于 Android for Work 设备。The policy settings described in this topic apply to Android for Work devices.

如果你要查找有关其他平台的信息,请选择以下选项之一:If you are looking for information about other platforms, select one of the following:

系统安全设置System security settings

PasswordPassword

  • 需要密码才可解锁移动设备:将此选项设置为“是”,以要求用户在访问其设备之前输入密码。Require a password to unlock mobile devices: Set this to Yes to require users to enter a password before they can access their device.

  • 最短密码长度:指定用户密码必须包含的最小位数或最小字符数。Minimum password length: Specify the minimum number of digits or characters that the user’s password must contain.

  • 密码质量:此设置检测是否在设备上配置了指定的密码要求。Password quality: This setting detects if the password requirements you specify is configured on the device. 启用此设置可要求用户为 Android 设备配置特定密码要求。Enable this setting to require that users configure certain password requirements for Android devices. 选择:Choose from:

    • 低安全性生物识别Low security biometric
    • 必需Required
    • 至少为数字At least numeric
    • 至少为字母At least alphabetic
    • 至少包含字母数字At least alphanumeric
    • 包含符号的字母数字Alphanumeric with symbols
  • 需要提供密码之前须经历的无活动分钟数:指定用户必须重新输入其密码前的空闲时间。Minutes of inactivity before password is required: Specifies the idle time before the user must re-enter their password.

  • 密码过期(天):选择用户的密码过期之前的天数,而且他们必须创建一个新的密码。Password expiration (days): Select the number of days before the user’s password expires and they must create a new one.

  • 记住密码历史记录:将此设置与“防止重用旧密码”结合使用,以限制用户使用以前创建的密码。Remember password history: Use this setting in conjunction with Prevent reuse of previous passwords to restrict the user from creating previously used passwords.

  • 防止重用以前的密码:如果选择了“记住密码历史记录”,请指定不能重用的以前用过的密码数量。Prevent reuse of previous passwords: If Remember password history is selected, specify the number of previously used passwords that cannot be re-used.

  • 当设备从空闲状态返回时需要密码:此设置应该与“需要提供密码之前处于非活动状态的分钟数”设置一起使用。Require a password when the device returns from an idle state: This setting should be used together with the in the Minutes of inactivity before password is required setting. 设备在“需要提供密码之前处于非活动状态的分钟数”设置指定的时间内处于非活动状态时,将提示最终用户输入密码才能访问设备。The end-users are prompted to enter a password to access a device that has been inactive for the time specified in the Minutes of inactivity before password is required setting.

加密Encryption

  • 需要对移动设备进行加密:不必配置此设置,因为 Android for Work 设备会强制进行加密。Require encryption on mobile device: You don't have to configure this setting since Android for Work devices enforce encryption.

设备运行状况和安全设置Device health and security settings

  • 设备不得越狱或取得 root 权限:如果启用此设置,已越狱的设备将评估为不符合要求。Device must not be jailbroken or rooted: If you enable this setting, jailbroken devices will be evaluated as noncompliant.
  • 要求设备阻止安装来自未知来源的应用:不必配置此设置,因为 Android for Work 设备会始终限制来自未知源的安装。Require that devices prevent installation of apps from unknown sources: You do not have to configure this setting as Android for Work devices always restrict installation from unknown sources. .

  • 要求禁用 USB 调试:不必配置此设置,因为 USB 调试已在 Android for Work 设备上禁用。Require that USB debugging is disabled: You do not have to configure this settings as USB debugging is already disabled on Android for Work devices.

  • 最低 Android 安全修补程序级别:使用此设置指定最小 Android 修补程序级别。Minimum Android security patch level: Use this setting to specify the minimum Android patch level. 不满足此修补程序级别的设备将会不相容。Devices that are not at least at this patch level will be noncompliant. 必须将日期的格式指定为:YYYY-MM-DD。The date must be specified the format: YYYY-MM-DD.

  • 需要启用设备威胁防护:使用此设置将设备威胁防护解决方案的风险评估视为合规性的条件。Require device threat protection to be enabled: Use this setting to take the risk assessment from the device threat protection solution as a condition for compliance. 从下面选择一个允许的最高威胁等级:Select the maximum allowed threat level, which is one of the following:

    • 无(安全)这是最安全的选项。None (secured) This is the most secure. 这意味着该设备不能具有任何威胁。This means that the device cannot have any threats. 若检测到设备具有任一等级的威胁,则将其评为不合规。If the device is detected as having any level of threats, it will be evaluated as non-compliant.
    • 低:若设备上仅存在低级威胁,则将其评为合规。Low: Device is evaluated as compliant if only low level threats are present. 低级以上的任意威胁都将使设备不合规。Anything higher puts the device in a non-compliant status.
    • 中:若设备设备上存在的威胁为低级或中级,则将其评为合规。Medium: Device is evaluated as compliant if the threats that are present on the device are low or medium level. 如果检测到高级威胁,则将其确定为不合规。If the device is detected to have high level threats, it is determined as non-compliant.
    • 高:这是最不安全的选项。High: This is the least secure. 本质上而言,此选项允许所有威胁等级,可能仅在将此解决方案用于报告时有用。Essentially, this allows all threat levels, and perhaps only useful if you using this solution only for reporting purposes.

    有关详细信息,请参阅创建设备符合性策略For more details, see Create device compliance policy.

设备属性设置Device property settings

  • 所需的最低操作系统版本:设备不满足最低操作系统 (OS) 版本要求时,它将被报告为不符合要求。Minimum OS required: When a device does not meet the minimum operating system (OS) version requirement, it is reported as noncompliant. 将显示一个链接,链接中包含有关如何升级的信息。A link with information on how to upgrade is displayed. 最终用户可以选择升级其设备,升级后他们可以访问公司资源。The end-user can choose to upgrade their device after which they can access company resources.

  • 允许的最高操作系统版本:设备使用的操作系统 (OS) 版本高于规则中指定的版本时,将阻止访问公司资源,并要求用户联系其 IT 管理员。除非变更规则以允许该操作系统版本,否则该设备将不能用于访问公司资源。Maximum OS version allowed: When a device is using an operating system (OS) version later than the one specified in the rule, access to company resources is blocked and the user is asked to contact their IT admin. Until there is a change in the rule to allow the operating system version, this device cannot be used to access company resources.