Microsoft Intune 中的 Android for Work 策略设置Android for Work policy settings in Microsoft Intune

适用于:经典控制台中的 IntuneApplies to: Intune in the classic console
正在查找有关 Azure 中的 Intune 的文档?Looking for documentation about Intune on Azure? 请转到此处Go here.

Intune 提供了一系列内置常规设置,你可以在 Android for Work 设备上进行配置。Intune supplies a range of built-in general settings that you can configure on Android for Work devices.

常规配置策略General configuration policy

使用 Intune Android for Work 常规配置策略可为 Android for Work 设备配置安全性和工作配置文件设置。Use the Intune Android for Work general configuration policy to configure security and work profile settings for your Android for Work devices.

如果你寻找的设置没有在本主题中出现,你可能能够使用 Android 自定义策略创建它,该自定义策略允许你使用 OMA-URI 设置来控制设备。If the setting you are looking for does not appear in this topic, you might be able to create it by using an Android custom policy that lets you use OMA-URI settings to control the device. 有关详细信息,请参阅本主题后面的“自定义策略设置”。For more information, go to Custom policy settings later in this topic.


设置工作配置文件时,设备会自动进行加密。Devices are automatically encrypted when you provision a work profile. 无法更改此设置。You cannot change this setting.

密码设置Password settings

设置名Setting name 详细信息Details
需要密码才可解锁移动设备Require a password to unlock mobile devices 指定在托管设备上是否需要密码。Specifies whether a password is required on managed devices. 选择:Choose from:

- 复杂 - 至少需要一个字母、数字和符号- Complex – requires at least one letter, number, and symbol
- 字母数字 - 至少需要一个数字和一个字母字符- Alphanumeric – requires at least one number and one alphabetic character
- 字母 - 至少需要字母或符号- Alphabetic – requires at least letters or symbols
- 复杂数字 - 需要不重复或连续的数字字符- Numeric complex – Requires numeric characters that are not repeating or consecutive
- 数字- Numeric

如果未启用此设置,则没有复杂性要求。If this setting is not enabled, there are no complexity requirements.
最短密码长度Minimum password length 指定密码中所需的最少字符或数字数。Specifies the minimum number of characters or numbers in the password.
设备锁定之前须经历的不活动分钟数Minutes of inactivity before device locks 指定设备自动锁定之前没有进行用户活动的分钟数。Specifies the number of minutes without user activity before the device automatically locks.
允许 Smart Lock 和其他信任代理Allow Smart Lock and other trust agents
(Android 6 及更高版本)(Android 6 and later)
让你控制兼容 Android 设备上的 Smart Lock 功能。Lets you control the Smart Lock feature on compatible Android devices. 如果设备处于可信位置(例如当它连接到特定蓝牙设备时,或者在 NFC 标记附近时),则此手机功能(有时称为信任代理)使你可以禁用或绕过设备锁屏界面密码。可以使用此设置防止用户配置 Smart Lock。This phone capability, sometimes known as a trust agent, lets you disable or bypass the device lock screen password if the device is in a trusted location (for example, when it's connected to a specific Bluetooth device, or when it's close to an NFC tag.) You can use this setting to prevent users from configuring Smart Lock.
删除工作配置文件之前的重复登录失败次数Number of repeated sign-in failures before the work profile is removed 指定在删除设备上的工作配置文件之前允许的登录失败次数。Specifies the number of sign-in failures allowed before the work profile on the device is removed. 这不会执行完整设备擦除。This does not perform a full device wipe.
记住密码历史记录Remember password history 防止重复使用以前用过的密码。Prevents the reuse of previously used passwords.
“记住密码历史记录” - “防止重用以前的密码”Remember password history - Prevent reuse of previous passwords 指定要记住的以前所用密码的数量。Specifies the number of previously used passwords to remember.
密码过期(天数)Password expiration (days) 指定必须更改设备密码前的天数。Specifies the number of days before the device password must be changed.
允许指纹解锁Allow fingerprint unlock
(Android 6 及更高版本)(Android 6 and later)
允许使用指纹解锁具有此功能的设备。Lets you use a fingerprint to unlock devices with this capability.

工作配置文件设置Work profile settings

设置名Setting name 详细信息Details
允许在工作和个人配置文件之间共享数据Allow data sharing between work and personal profiles 允许工作配置文件中的应用与用户个人配置文件中的应用共享数据。Lets apps in the work profile share data with apps in the users personal profile. 选择:Choose from:

- 阻止任何跨边界的共享- Prevent any sharing across boundaries
- 工作配置文件中的应用可处理来自个人配置文件的共享请求- Apps in work profile can handle sharing request from personal profile
- 无共享限制- No restrictions on sharing
设备锁定时隐藏工作配置文件通知Hide work profile notifications when the device is locked
(Android 6 及更高版本)(Android 6 and later)
控制是否在设备锁定时显示来自工作配置文件的任何通知。Control whether to show any notifications from the work profile when the device is locked.
设置默认应用权限策略Set default app permission policy
(Android 6 及更高版本)(Android 6 and later)
为工作配置文件中的所有应用设置默认权限策略。Sets the default permission policy for all apps in the work profile. 自 Android 6 起,系统在运行时将向最终用户提示应用所需的一些权限。Starting in Android 6, some permissions required by apps are prompted to the end user at runtime. 此策略设置可让 IT 部门决定:用户是否会收到以及以何种方式收到为工作配置文件中的应用授予权限的提示。This policy setting allows IT to decide how or if users are prompted to grant permissions for apps in the work profile.

例如,IT 可能将应用推送到需要位置访问权限的工作配置文件。For example, IT may push an app to the work profile that requires location access. 通常,应用将弹出一个对话框,询问用户是否要授予应用的位置访问权限,用户可允许也可拒绝。Normally that app would pop up a dialog to the user asking if they wanted to grant location access to the app, and the user could approve it or deny it. 此策略使 IT 部门能决定:在无提示的情况下自动授予所有权限、在无提示的情况下自动拒绝,还是让最终用户决定。This policy allows IT to decide whether all permissions should be auto-granted without a prompt, auto-denied without a prompt, or let the end user decide.

自定义策略设置Custom policy settings

使用 Microsoft Intune 的 Android for Work 自定义配置策略来部署可用于控制 Android for Work 设备功能的 OMA URI 设置。Use the Microsoft Intune Android for Work custom configuration policy to deploy OMA-URI settings that can be used to control features on Android for Work devices. 这些设置是许多移动设备制造商用来控制设备功能的标准设置。These are standard settings that many mobile device manufacturers use to control device features.

此功能旨在使你能够部署不能使用 Intune 策略配置的 Android 设置。This capability is intended to allow you to deploy Android settings that are not configurable with Intune policies. Intune 目前支持有限数量的 Android 自定义策略。Intune supports a limited number of Android custom policies at present. 请参阅本主题的示例,查找可配置的策略。See the examples in this topic to find out which policies you can configure.

常规设置General settings

设置名Setting name 详细信息Details
NameName 输入 Android 自定义策略的唯一名称,以帮助你在 Intune 控制台中识别它。Enter a unique name for the Android custom policy to help you identify it in the Intune console.
描述Description 提供对 Android 自定义策略的概述以及可帮助你查找它的其他相关信息。Provide a description that gives an overview of the Android custom policy and other relevant information that helps you to locate it.

OMA-URI 设置OMA-URI settings

设置名Setting name 详细信息Details
设置名称Setting name 输入 OMA-URI 设置的唯一名称,以帮助你在设置列表中识别它。Enter a unique name for the OMA-URI setting to help you identify it in the list of settings.
设置描述Setting description 提供对设置进行概述的说明以及帮助你找到该设置的其他相关信息。Provide a description that gives an overview of the setting and other relevant information to help you locate it.
数据类型Data type 选择将在其中指定此 OMA-URI 设置的日期类型。Select the data type in which you will specify this OMA-URI setting. 从“字符串、字符串 (XML)、日期和时间、整数、浮点”,或者“布尔值”中进行选择。Choose from String, String (XML), Date and time, Integer, Floating point, or Boolean.
OMA-URI(区分大小写)OMA-URI (case sensitive) 指定需为其提供设置的 OMA-URI。Specify the OMA-URI you want to supply a setting for.
Value 指定要与之前指定的 OMA-URI 关联的值。Specify the value to associate with the OMA-URI that you specified previously.


另请参阅See also

使用 Microsoft Intune 策略管理设备上的设置和功能Manage settings and features on your devices with Microsoft Intune policies

要提交产品反馈,请访问 Intune Feedback