Windows 设备的批量注册Bulk enrollment for Windows devices

适用于:经典门户中的 IntuneApplies to: Intune in the classic portal
在寻找有关 Azure 门户中 Intune 的文档吗?Looking for documentation about Intune in the Azure portal? 请转到此处Go here.

作为管理员,可以将大量新的 Windows 设备加入到 Azure Active Directory 和 Intune。As an administrator, you can join large numbers of new Windows devices to Azure Active Directory and Intune. 若要为你的 Azure AD 租户批量注册设备,可以使用 Windows 配置设计器 (WCD) 应用来创建配置包。To bulk enroll devices for your Azure AD tenant, you create a provisioning package with the Windows Configuration Designer (WCD) app. 将配置包应用于企业拥有的设备可将设备加入到你的 Azure AD 租户并为其注册 Intune 管理。Applying the provisioning package to corporate-owned devices joins the devices to your Azure AD tenant and enrolls them for Intune management. 应用此包后,即可供你的 Azure AD 用户登录。Once the package is applied, it's ready for your Azure AD users to log on.

Azure AD 用户是这些设备上的标准用户并接收分配的 Intune 策略和必需的应用。Azure AD users are standard users on these devices and receive assigned Intune policies and required apps. 目前不支持自助服务和公司门户方案。Self-service and Company Portal scenarios are not supported at this time.

Windows 设备批量注册的先决条件Prerequisites for Windows devices bulk enrollment

Windows 设备的批量注册需要以下条件:Bulk enrollment for Window devices requires the following:

创建预配包Create a provisioning package

  1. 从 Microsoft 应用商店下载 Windows 配置设计器 (WCD)Download Windows Configuration Designer (WCD) from the Microsoft Store. Windows 配置设计器应用应用商店屏幕快照和说明的屏幕快照Screenshot of the Windows Configuration Designer app Store screenshots and description

  2. 打开“Windows 配置设计器”应用,然后选择“配置桌面设备”。Open the Windows Configuration Designer app and select Provision desktop devices. 在 Windows 配置设计器应用中选择配置桌面设备的屏幕快照Screenshot of selecting Provision desktop devices in the Windows Configuration Designer app

  3. 将打开一个“新项目”窗口,在此处指定以下信息:A New project window opens where you specify the following:

    • 名称 - 你的项目的名称Name - A name for your project
    • 项目文件夹 - 新项目保存的位置Project folder - Where your new project will be saved
    • 说明 - 项目的可选说明在 Windows 配置设计器应用中指定名称、项目文件夹和说明的屏幕快照Description - An optional description of the project Screenshot of specifying name, project folder, and description in the Windows Configuration Designer app
  4. 输入设备的唯一名称。Enter a unique name for your devices. 名称可以包含序列号 (%%SERIAL%%) 或一组随机的字符。Names can include a serial number (%%SERIAL%%) or a random set of characters. (可选)如果正在升级 Windows 版本,还可以输入产品密钥、将设备配置为共享以及删除预安装的软件。Optionally, you can also enter a product key if you are upgrading the edition of Windows, configure the device for shared use, and remove pre-installed software.
    在 Windows 配置设计器应用中指定名称、项目文件夹和说明的屏幕快照 Screenshot of specifying name, project folder, and description in the Windows Configuration Designer app

  5. (可选)可以配置 Wi-Fi 网络设备首次启动时所连接到的网络。Optionally, you can configure the Wi-Fi network devices connect to when they first start. 如未配置此项,则在设备首次启动时,需要有线网络连接。If this isn’t configured, a wired network connection is required when the device is first started. 在 Windows 配置设计器应用中启用包括网络 SSID 和网络类型选项的 Wi-Fi 的屏幕快照Screenshot of enabling Wi-Fi including Network SSID and Network type options in the Windows Configuration Designer app

  6. 选择“在 Azure AD 中注册”,输入“批量令牌到期”日期,然后选择“获取批量令牌”。Select Enroll in Azure AD, enter a Bulk Token Expiry date, and then select Get Bulk Token. 在 Windows 配置设计器应用中指定名称、项目文件夹和说明的屏幕快照Screenshot of specifying name, project folder, and description in the Windows Configuration Designer app

  7. 提供你的 Azure AD 凭据,以获取批量令牌。Provide your Azure AD credentials to get a bulk token. 在 Windows 配置设计器应用中指定名称、项目文件夹和说明的屏幕快照Screenshot of specifying name, project folder, and description in the Windows Configuration Designer app

  8. 成功提取“批量令牌”后,单击“下一步”。Click Next when Bulk Token is fetched successfully.

  9. (可选)可以“添加应用程序”和“添加证书”。Optionally, you can Add applications and Add certificates. 将在此设备上配置应用和证书。These apps and certificates are provisioned on the device.

  10. (可选)还可以使用密码保护你的配置包。Optionally, you can password protect your provisioning package. 单击“创建”。Click Create. 在 Windows 配置设计器应用中指定名称、项目文件夹和说明的屏幕快照Screenshot of specifying name, project folder, and description in the Windows Configuration Designer app

配置设备Provision devices

  1. 在应用中所指定的“项目文件夹”中访问指定位置的配置包。Access the provisioning package in the location specified in Project folder specified in the app.

  2. 选择向设备应用配置包的方式。Choose how you’re going to apply the provisioning package to the device. 可使用以下方法之一向设备应用配置包:A provisioning package can be applied to a device one of the following ways:

    • 将配置包置于 USB 驱动器,将 USB 驱动器插入想要进行批量注册的设备,并在初始设置时应用它Place the provisioning package on a USB drive, insert the USB drive into the device you’d like to bulk enroll, and apply it during initial setup
    • 将配置包置于网络文件夹,并在初始设置后将其应用于想要进行批处理注册的设备上Place the provisioning package on a network folder, and apply it insert on the device you’d like to bulk enroll after initial setup

    有关应用配置包的分步说明,请参阅应用配置包For step-by-step instruction on applying a provisioning package, see Apply a provisioning package.

  3. 应用配置包后,设备将在 1 分钟后自动启动。After you apply the package, the device will automatically restart in 1 minute. 在 Windows 配置设计器应用中指定名称、项目文件夹和说明的屏幕快照Screenshot of specifying name, project folder, and description in the Windows Configuration Designer app

  4. 设备重新启动时,将连接到 Azure Active Directory 并在 Microsoft Intune 中注册。When the device restarts, it connects to the Azure Active Directory and enrolls in Microsoft Intune.

Windows 批量注册的疑难解答Troubleshooting Windows bulk enrollment

配置旨在用于新的 Windows 设备上。Provisioning is intended to be used on new Windows devices. 配置失败可能需要对设备进行恢复出厂设置或通过启动映像来恢复设备。Provisioning failures might require a factory reset of the device or device recovery from a boot image. 这些示例描述了配置失败的一些原因:These examples describe some reasons for provisioning failures:

  • 如果因为缺少网络连接导致域加入过程失败,则尝试加入 Active Directory 域或不创建本地帐户的 Azure Active Directory 租户的配置包可能会使设备无法访问。A provisioning package that attempts to join an Active Directory domain or Azure Active Directory tenant that does not create a local account could make the device unreachable if the domain-join process fails due to lack of network connectivity.
  • 通过配置包运行的脚本在系统上下文中运行,能够对设备文件系统和配置进行任意更改。Scripts run by the provisioning package are run in system context, and are able to make arbitrary changes to the device file system and configurations. 恶意或不正确的脚本可将设备置于仅能通过重置映像或恢复出厂设置才能将其恢复的状态。A malicious or bad script could put the device in a state that can only be recovered by reimaging or factory resetting the device.