Microsoft Intune 中的 Android 和 Samsung KNOX 标准版策略设置Android and Samsung KNOX Standard policy settings in Microsoft Intune

适用于:经典门户中的 IntuneApplies to: Intune in the classic portal
在寻找有关 Azure 门户中 Intune 的文档吗?Looking for documentation about Intune in the Azure portal? 请转到此处Go here.

Intune 提供了一系列内置常规设置,你可以在 Android 设备上进行配置。Intune supplies a range of built-in general settings that you can configure on Android devices. 此外,还可指定开放移动联盟统一资源标识符 (OMA-URI) 值创建 Intune 未提供的自定义设置。Additionally, you can specify Open Mobile Alliance Uniform Resource Identifier (OMA-URI) values to create custom settings that are not available from Intune.

常规配置策略General configuration policy

使用 Intune Android 常规配置策略为以下对象配置设置:Use the Intune Android general configuration policy to configure settings for:

  • 移动设备安全设置 – 从让你能够控制设备上的一系列功能的预定义设置列表中选择。Mobile device security settings - Choose from a list of predefined settings that let you control a range of features and functionality on the device.

  • 展台模式(仅适用于 Samsung KNOX 标准版设备)– 锁定设备以只允许某些功能工作。Kiosk mode (for Samsung KNOX Standard devices only) - Lock a device to allow only certain features to work. 例如,你可以让设备只运行一个指定的托管应用,也可以禁用设备上的音量按钮。For example, you can allow a device to run only one managed app that you specify, or you can disable the volume buttons on a device. 这些设置可用于设备的演示模型,也可用于专门执行一个功能的设备(如销售点设备)。These settings might be used for a demonstration model of a device or a device that is dedicated to performing only one function, such as a point-of-sale device.

  • 相容和不相容应用 - 指定在你的公司中相容或不相容的应用列表。Compliant and noncompliant apps - Specify a list of apps that are compliant or noncompliant in your company. 在 Android 和 iOS 设备上,“不相容应用报告”可用于查看你在列表中指定的应用对于用户已经安装的应用的相容性。On Android and iOS devices, the Noncompliant Apps Report can be used to view the compliance of apps that you specified in the list against the apps that users have installed. 该报表不能实际阻止应用的安装。The report can't actually block the installation of the app.


你可以为用户配置条款和条件,确保他们确认其设备上的所有应用(包括个人应用)将会受到评估,不相容的应用将被阻止或报告为不相容。You can configure terms and conditions for users to ensure that they acknowledge that all apps on their device, including personal apps, will be evaluated, and that noncompliant apps will either be blocked or reported as noncompliant. 用户必须接受这些条款和条件,然后才能注册其设备并使用公司门户获取应用。Users must accept these terms and conditions before they can enroll their device and use the company portal to get apps. 有关使用条款和条件的详细信息,请参阅 Microsoft Intune 中的条款和条件策略For more information about using terms and conditions, see Terms and condition policy settings in Microsoft Intune.

如果你寻找的设置没有在本主题中出现,你可能能够使用 Android 自定义策略创建它,该自定义策略允许你使用 OMA-URI 设置来控制设备。If the setting you are looking for does not appear in this topic, you might be able to create it by using an Android custom policy that lets you use OMA-URI settings to control the device. 有关详细信息,请参阅本主题后面的“自定义策略设置”。For more information, go to Custom policy settings later in this topic.

密码设置Password settings

设置名Setting name 详细信息Details Android 4.0+Android 4.0+ Samsung KNOX 标准版Samsung KNOX Standard
需要密码才可解锁移动设备Require a password to unlock mobile devices 指定支持的设备上是否需要密码。Specifies whether to require a password on supported devices. Yes Yes
最短密码长度Minimum password length 指定密码的最短长度。Specifies the minimum length of the password. Yes Yes
擦除设备前允许的重复登录失败次数Number of repeated sign-in failures to allow before the device is wiped 指定在擦除设备前允许的登录失败次数。Specifies the number of sign-in failures to allow before the device is wiped. Yes Yes
屏幕关闭前处于不活动状态的分钟数Minutes of inactivity before screen turns off 指定设备自动锁定之前处于非活动状态的分钟数。Specifies the number of minutes of inactivity before the device automatically locks. Yes Yes
密码过期(天数)Password expiration (days) 指定必须更改密码前的天数。Specifies the number of days before a password must be changed. Yes Yes
记住密码历史记录Remember password history 指定要记住的以前所用密码的数量。Specifies the number of previously used passwords to remember. Yes Yes
“记住密码历史记录” - “防止重用以前的密码”Remember password history - Prevent reuse of previous passwords 防止重用以前的密码。Prevents reuse of previous passwords. Yes Yes
密码质量Password quality 指定所需的密码复杂性级别以及是否可以使用生物识别设备。Specifies the password complexity level that's required and whether biometric devices can be used. Yes Yes
允许指纹解锁Allow fingerprint unlock 允许使用指纹对设备解锁。Allows the use of a fingerprint to unlock the device. No Yes
允许 Smart Lock 和其他信任代理Allow Smart Lock and other trust agents
(Android 5 及更高版本)(Android 5 and later)
让你控制兼容 Android 设备上的 Smart Lock 功能。Lets you control the Smart Lock feature on compatible Android devices. 如果设备处于可信位置(例如当它连接到特定蓝牙设备时,或者在 NFC 标记附近时),则此手机功能(有时称为信任代理)使你可以禁用或绕过设备锁屏界面密码。可以使用此设置防止用户配置 Smart Lock。This phone capability, sometimes known as a trust agent, lets you disable or bypass the device lock screen password if the device is in a trusted location (for example, when it's connected to a specific Bluetooth device, or when it's close to an NFC tag.) You can use this setting to prevent users from configuring Smart Lock. Yes No

加密设置Encryption settings

设置名Setting name 详细信息Details Android 4.0+Android 4.0+ Samsung KNOX 标准版Samsung KNOX Standard
需要对移动设备加密Require encryption on mobile device 要求对移动设备上的文件进行加密。Requires that files on the mobile device are encrypted. Yes Yes
需要对存储卡进行加密Require encryption on storage cards 指定是否必须对设备存储卡进行加密。Specifies whether the device storage card must be encrypted. No Yes

系统设置System settings

设置名Setting name 详细信息Details Android 4.0+Android 4.0+ Samsung KNOX 标准版Samsung KNOX Standard
允许屏幕捕获Allow screen capture 让用户以图像形式捕获屏幕内容。Lets the user capture the screen contents as an image. No Yes
允许提交诊断数据Allow diagnostic data submission 允许设备将诊断信息提交到 Google。Allows the device to submit diagnostic information to Google. No Yes
允许恢复出厂设置Allow factory reset 允许用户对设备执行恢复出厂设置。Allows the user to perform a factory reset on the device. No Yes

云设置 - 文档和数据Cloud settings - documents and data

设置名Setting name 详细信息Details Android 4.0+Android 4.0+ Samsung KNOX 标准版Samsung KNOX Standard
允许 Google 备份Allow Google backup 允许使用 Google 备份。Allows the use of Google backup. No Yes

云设置 - 帐户和同步Cloud settings - accounts and synchronization

设置名Setting name 详细信息Details Android 4.0+Android 4.0+ Samsung KNOX 标准版Samsung KNOX Standard
允许 Google 帐户自动同步Allow Google account auto sync 允许 Google 帐户设置自动同步。Allows Google account settings to be automatically synchronized. No Yes

应用设置 - 浏览器Application settings - browser

设置名Setting name 详细信息Details Android 4.0+Android 4.0+ Samsung KNOX 标准版Samsung KNOX Standard
允许 Web 浏览器Allow web browser 指定是否可以使用设备的默认 Web 浏览器。Specifies whether the device's default web browser can be used. No Yes
允许自动填充Allow autofill 允许使用 Web 浏览器的自动填充功能。Allows the autofill function of the web browser to be used. No Yes
允许使用弹出窗口阻止程序Allow pop-up blocker 允许使用 Web 浏览器中的弹出窗口阻止程序。Allows the use of the pop-up blocker in the web browser. No Yes
允许使用 CookieAllow cookies 允许设备 Web 浏览器使用 Cookie。Allows the device web browser to use cookies. No Yes
允许使用活动脚本Allow active scripting 允许设备 Web 浏览器使用活动脚本。Allows the device web browser to use active scripting. No Yes

应用设置 - 应用程序Application settings - apps

设置名Setting name 详细信息Details Android 4.0+Android 4.0+ Samsung KNOX 标准版Samsung KNOX Standard
允许 Google Play 商店Allow Google Play store 允许用户访问设备上的 Google Play 商店。Allows the user to access the Google Play store on the device. No Yes

设备性能设置 - 硬件Device capabilities settings - hardware

设置名Setting name 详细信息Details Android 4.0+Android 4.0+ Samsung KNOX 标准版Samsung KNOX Standard
允许照相机Allow camera 允许使用设备相机。Allows the use of the device camera. Yes Yes
允许可移动存储Allow removable storage 允许设备使用可移动存储,如 SD 卡。Allows the device to use removable storage, like an SD card. No Yes
允许 Wi-FiAllow Wi-Fi 允许使用设备的 Wi-Fi 功能。Allows the use of the Wi-Fi capabilities of the device. No Yes
允许 Wi-Fi tetheringAllow Wi-Fi tethering 允许在设备上使用 Wi-Fi Tethering。Allows the use of Wi-Fi tethering on the device. No Yes
允许地理位置Allow geolocation 允许设备利用位置信息。Allows the device to utilize location information. No Yes
允许 NFCAllow NFC 允许使用近场通信(如果设备支持)的操作。Allows operations that use near field communication if the device supports it. No Yes
允许蓝牙Allow Bluetooth 允许在设备上使用蓝牙。Allows the use of Bluetooth on the device. No Yes
允许关闭电源Allow power off 允许用户关闭设备电源。Allows the user to power off the device.

如果禁用了此设置,则 Samsung KNOX 标准版设备的“擦除设备前允许重复登录失败的次数”设置不起作用。If this setting is disabled, the setting Number of repeated sign in failures to allow before the device is wiped for Samsung KNOX Standard devices does not function.
No Yes

设备性能设置 - 蜂窝网络Device capabilities settings - cellular

设置名Setting name 详细信息Details Android 4.0+Android 4.0+ Samsung KNOX 标准版Samsung KNOX Standard
允许语音漫游Allow voice roaming 当设备处于移动电话网络中时允许语音漫游。Allows voice roaming when the device is on a cellular network. No Yes
允许数据漫游Allow data roaming 当设备处于移动电话网络中时允许数据漫游。Allows data roaming when the device is on a cellular network. No Yes
允许 SMS/MMS 消息传送Allow SMS/MMS messaging 允许在设备上使用短信和彩信消息传送。Allows the use of SMS and MMS messaging on the device. No Yes

设备性能设置 - 功能Device capabilities settings - features

设置名Setting name 详细信息Details Android 4.0+Android 4.0+ Samsung KNOX 标准版Samsung KNOX Standard
允许使用语音助手Allow voice assistant 允许在设备上使用语音助手软件。Allows the use of voice assistant software on the device. No Yes
允许语音拨号Allow voice dialing 启用或禁用设备上的语音拨号功能。Enables or disables the voice dialing feature on the device. No Yes
允许复制和粘贴Allow copy and paste 允许使用设备上的复制和粘贴功能。Allows copy and paste functions on the device. No Yes
允许应用程序之间共享剪贴板Allow clipboard share between applications 使用使用剪贴板在应用之间进行复制和粘贴。Allows use of the clipboard to copy and paste between apps. No Yes
允许 YouTubeAllow YouTube 允许在设备上使用 YouTube。Allows the use of YouTube on the device. No Yes

相容和不相容应用的设置Settings for compliant and noncompliant apps

在“相容和不相容应用”列表中,指定使用以下信息的相容或不相容应用列表:In the Compliant & Noncompliant Apps list, specify a list of compliant or noncompliant apps that use the following information:


单个策略只能包含一个相容应用列表或一个不相容应用列表。A single policy can contain only a list of compliant apps or a list of noncompliant apps. 不能在同一策略中同时指定两个列表。You cannot specify both in the same policy.

设置名Setting name 详细信息Details
用户安装列出的应用时报告不相容情况Report noncompliance when users install the listed apps 列出未由 Intune 托管的、你不希望用户安装和运行的应用。Lists the apps that are not managed by Intune and which you do not want users to install and run. 如果用户安装其中的任一应用,不合规应用报告中将列出该应用。If users install one of these apps, it will be listed in the noncompliant apps report.
用户安装列出的应用时不报告不相容情况Do not report noncompliance when users install the listed apps 列出要允许运行的应用。Lists the apps that you want to allow. 为了保持合规状态,用户不得安装未列出的任何应用。To remain compliant, users must not install any apps that are not listed. 自动允许由 Intune 托管的应用。Apps that are managed by Intune are automatically allowed.
添加Add 将应用添加到选定的列表。Adds an app to the selected list. 在应用商店中指定应用的名称、应用发布者(可选)和应用的 URL。Specify the name of the app, the app publisher (optional), and the URL of the app in the app store.

有关详细信息,请参阅本主题后面的指定应用商店的 URLFor more information, see Specify URLs to app stores later in this topic.
导入应用Import Apps 导入你已在逗号分隔值文件中指定的应用列表。Imports a list of apps that you have specified in a comma-separated values file. 在文件中使用格式、应用程序名称、发布者和应用 URL。Use the format, application name, publisher, and app URL in the file.
编辑Edit 允许你编辑选定应用的名称、发布者和 URL。Lets you edit the name, publisher, and URL of the selected app.
删除Delete 从列表中删除选定的应用。Deletes the selected app from the list.

必须将包含合规和不合规应用设置的策略部署到用户组。Policies containing compliant and noncompliant app settings must be deployed to groups of users.

展台模式设置Kiosk mode settings

为“Samsung KNOX 标准版设备”指定以下设置:Specify the following settings for Samsung KNOX Standard devices:

设置名Setting name 详细信息Details
选择当设备处于展台模式时可以运行的托管应用Select a managed app that can run when the device is in kiosk mode 选择“浏览”,然后选择当设备处于展台模式时可以运行的托管应用(目前尚不支持指定为指向应用商店的链接的应用)。Choose Browse, and then select the managed app that can run when the device is in kiosk mode (apps specified as a link to the store are not currently supported). 不允许在设备上运行其他应用。No other apps will be allowed to run on the device.
允许使用音量按钮Allow volume buttons 启用或禁用设备上的音量按钮。Enables or disables the use of the volume buttons on the device.
允许使用屏幕睡眠唤醒按钮Allow screen sleep wake button 启用或禁用设备上的屏幕睡眠唤醒按钮。Enables or disables the screen sleep wake button on the device.

相容和不相容应用的参考信息Reference information for compliant and noncompliant apps

监视相容和不相容应用Monitor compliant and noncompliant apps

使用“不相容应用报告”查看允许和阻止的应用的相容性。Use the Noncompliant Apps Report to view the compliance of allowed and blocked apps.

运行不相容应用报告To run the Noncompliant Apps Report
  1. Microsoft Intune 管理控制台中,选择“报告”>“不合规应用报告”。In the Microsoft Intune administration console, choose Reports > Noncompliant Apps Report.

  2. 选择要进行检查的设备组。Select the device groups that you want to check. 然后,选择是否要检查相容应用和/或不相容应用。Then choose whether you want to check for compliant apps, noncompliant apps, or both. 最后,选择“查看报告”。Finally, choose View Report.

指定应用商店的 URLSpecify URLs to app stores

若要在相容应用和不相容应用列表中指定应用 URL,请执行以下步骤:To specify an app URL in the compliant and noncompliant apps list, take the following steps:

Google Play 的应用部分中,搜索你想要使用的应用。In the Apps section of Google Play, search for the app you want to use.

打开应用的安装页面,然后将 URL 复制到剪贴板。Open the installation page for the app, and then copy the URL to the clipboard. 你现在可以在符合或不符合要求的应用列表中使用这个 URL。You can now use this as the URL in either the compliant or noncompliant apps list.

示例:搜索适用于 Microsoft Office Mobile 的 Google Play。Example: Search Google Play for Microsoft Office Mobile. 你使用的 URL 将为 URL you use will be

自定义策略设置Custom policy settings

使用 Microsoft Intune 的 Android 自定义配置策略来部署可用于控制 Android 设备功能的 OMA URI 设置。Use the Microsoft Intune Android custom configuration policy to deploy OMA-URI settings that can be used to control features on Android devices. 这些设置是许多移动设备制造商用来控制设备功能的标准设置。These are standard settings that many mobile device manufacturers use to control device features.

此功能旨在使你能够部署不能使用 Intune 策略配置的 Android 设置。This capability is intended to allow you to deploy Android settings that are not configurable with Intune policies. Intune 目前支持有限数量的 Android 自定义策略。Intune supports a limited number of Android custom policies at present. 请参阅本主题的示例,查找可配置的策略。See the examples in this topic to find out which policies you can configure.

常规设置General settings

设置名Setting name 详细信息Details
NameName 输入 Android 自定义策略的唯一名称,以帮助你在 Intune 控制台中识别它。Enter a unique name for the Android custom policy to help you identify it in the Intune console.
描述Description 提供对 Android 自定义策略的概述以及可帮助你查找它的其他相关信息。Provide a description that gives an overview of the Android custom policy and other relevant information that helps you to locate it.

OMA-URI 设置OMA-URI settings

设置名Setting name 详细信息Details
设置名称Setting name 输入 OMA-URI 设置的唯一名称,以帮助你在设置列表中识别它。Enter a unique name for the OMA-URI setting to help you identify it in the list of settings.
设置描述Setting description 提供对设置进行概述的说明以及帮助你找到该设置的其他相关信息。Provide a description that gives an overview of the setting and other relevant information to help you locate it.
数据类型Data type 选择将在其中指定此 OMA-URI 设置的日期类型。Select the data type in which you will specify this OMA-URI setting. 从“字符串、字符串 (XML)、日期和时间、整数、浮点”,或者“布尔值”中进行选择。Choose from String, String (XML), Date and time, Integer, Floating point, or Boolean.
OMA-URI(区分大小写)OMA-URI (case sensitive) 指定需为其提供设置的 OMA-URI。Specify the OMA-URI you want to supply a setting for.
Value 指定要与之前指定的 OMA-URI 关联的值。Specify the value to associate with the OMA-URI that you specified previously.


受支持的 Samsung KNOX Standard 标准版设备Supported Samsung KNOX Standard devices

在 MDM 注册期间,仅当设备显示在受支持的 KNOX 设备列表中时,公司门户应用才会尝试 Samsung KNOX 激活。The Company Portal app only attempts Samsung KNOX activation during MDM enrollment if the device appears in the list of supported KNOX devices. 这有助于避免出现会阻止 MDM 注册的 KNOX 激活错误。This helps avoid KNOX activation errors that prevent MDM enrollment. 不支持 Samsung KNOX 激活的设备将作为标准 Android 设备进行注册。Devices that don't support Samsung KNOX activation enroll as standard Android devices. Samsung 设备可能有一些支持 KNOX 的型号,其他设备则不具备。A Samsung device might have some model numbers that support KNOX, while others don't. 购买并部署 Samsung 设备前,请与设备经销商确认 KNOX 兼容性。Verify KNOX compatibility with your device reseller before you purchase and deploy Samsung devices.

可查找支持的 Samsung KNOX 设备列表,以及 Intune 支持的设备列表。You can find a list of supported Samsung KNOX devices along with the list of Intune supported devices.

另请参阅See also

使用 Microsoft Intune 策略管理设备上的设置和功能Manage settings and features on your devices with Microsoft Intune policies