使用 Microsoft Intune 中的设备组映射对设备进行分类Categorize devices with device group mapping in Microsoft Intune

适用于:经典门户中的 IntuneApplies to: Intune in the classic portal
在寻找有关 Azure 门户中 Intune 的文档吗?Looking for documentation about Intune in the Azure portal? 请转到此处Go here.

使用 Microsoft Intune 设备组映射可基于你定义的类别自动将设备添加到组,以便更轻松地管理这些设备。Use Microsoft Intune device group mapping to automatically add devices to groups based on categories that you define, in order to make it easier for you to manage those devices.

设备组映射使用以下工作流:Device group mapping uses the following workflow:

  1. 创建用户在注册其设备时将进行选择的类别Create categories that users will choose from when they enroll their device
  2. 可为要使用的每个类别创建组或使用现有组。You create groups, or use existing groups for each category you want to use. 根据所使用的 Intune 版本,这些组是 Intune 组或 Azure Active Directory 安全组。Depending on the version of Intune you are using, these will either be Intune groups, or Azure Active Directory security groups.
  3. 配置将所选类别映射到所创建的设备组的规则。You configure rules that map the category you choose to the device group you created.
  4. 当 iOS 和 Android 设备的最终用户注册其设备时,他们必须从你配置的类别列表中选择一个类别。When end users of iOS and Android devices enroll their device, they must choose a category from the list of categories you configured. 若要向 Windows 设备分配一个类别,最终用户必须使用“公司门户”网站(请参阅本主题中的“配置设备组之后”了解详细信息)。To assign a category to a Windows device, end users must use the Company Portal website (see After you configure device groups in this topic for more details).
  5. 你随后可以将策略和应用部署到这些组。You can then deploy policies and apps to these groups.

可以创建任何所需的设备类别,例如:You can create any device categories you want, for example:

  • 销售点设备Point of sale device
  • 演示设备Demonstration device
  • 销售额Sales
  • 记帐Accounting
  • ManagerManager

有关 Intune 组管理中的更改的重要信息Important information about a change in group management for Intune

基于反馈,我们正在跨企业移动性 + 安全性统一分组和目标体验。Based on your feedback, we are in the process of unifying the grouping and targeting experience across Enterprise Mobility + Security. 因此,我们很快会将 Intune 组转换为基于 Azure Active Directory 的安全组。For this reason, we will soon be converting Intune groups to Azure Active Directory-based security groups. 进行此更改之后,你将不会再使用 Intune 创建组。After this change, you will no longer create groups using Intune. 而是会在 Azure 门户中创建它们。Instead, you'll create them in the Azure portal. 此更改会逐步进行,你可以在本主题中阅读有关此更改及其时间线的完整详细信息。This change will happen on a gradual basis and you can read full details about this change, and its timeline in this topic.

应使用本主题中的哪个过程来配置设备组映射?Which procedure in this topic should you use to configure device group mapping?

由于基于 Azure Active Directory 的安全组的分阶段实现,因此必须在 Intune 管理控制台中打开“组”工作区来确定要使用的过程:Due to the phased implementation of Azure Active Directory-based security groups, you must open the Groups workspace in the Intune administration console to identify which procedure to use:

如何为 Intune 组配置设备组映射How to configure device group mapping for Intune groups

  1. 针对要使用的每个设备类别,创建一个 Intune 设备组,或标识一个现有组。For each device category you want to use, create an Intune device group, or identify an existing group. 有关如何创建组的信息,请参阅通过 Microsoft Intune 使用组来管理用户和设备For information about how to create groups, see Use groups to manage users and devices with Microsoft Intune.
  2. Microsoft Intune 管理控制台中,选择管理员In the Microsoft Intune administration console, choose Admin.
  3. 在“管理”工作区中,展开“移动设备管理”,然后选择“设备组映射”。In the Administration workspace, expand Mobile Device Management, and then choose Device Group Mapping.
  4. 在“设备组映射”页上,启用设备组映射。On the Device Group Mapping page, enable device group mapping.
  5. 选择“添加”以创建新的映射规则。Choose Add to create a new mapping rule.
  6. 在“添加设备组映射规则”对话框中,输入你想要创建的类别的名称,然后从下拉列表中选择要将此类别映射到的设备集合。In the Add device group mapping rule dialog box, enter the name of the category you want to create and then, from the drop-down list, choose the device collection you want to map this category to. 完成后选择“添加”。Choose Add when you are done.
  7. 完成添加类别和组后,选择“保存”。When you have finished adding categories and groups, choose Save.

如何为 Azure Active Directory 组配置设备组映射How to configure device group mapping for Azure Active Directory groups

步骤 1 - 在 Intune 管理控制台中创建设备类别Step 1 - Create device categories in the Intune administration console

  1. Microsoft Intune 管理控制台中,选择“管理员”。In the Microsoft Intune administration console, choose Admin.
  2. 在“管理”工作区中,展开“移动设备管理”,然后选择“设备类别”。In the Administration workspace, expand Mobile Device Management, and then choose Device Categories.
  3. 在“设备类别”页上,你会看到一个列表,可以在其中配置设备类别:On the Device Categories page, you'll see a list where you can configure device categories:
  4. 可以输入名称,然后单击“添加”以将它添加为新的设备类别。You can enter a name, then click Add, to add it as a new device category.
  5. 此外,可以选择类别,然后“删除”它。Additionally, you can select a category and then Delete it.

在步骤 2 中创建 Azure Active Directory 安全组时将使用设备类别名称。You'll use the device category name when you create Azure Active Directory security groups in step 2.

步骤 2 - 创建 Active Directory 安全组Step 2 - Create Azure Active Directory security groups

在此步骤中,你将在 Azure 门户中基于设备类别和设备类别名称创建动态组。In this step, you'll create dynamic groups in the Azure portal based on the device category and device category name.

若要继续,请参阅 Azure Active Directory 文档中的主题使用属性创建高级规则To continue, refer to the topic Using attributes to create advanced rules in the Azure Active Directory documentation. 按照本主题中的信息可使用“deviceCategory”属性创建具有高级规则的设备组。Use the information in this topic to create a device group with an advanced rule using the deviceCategory attribute. 例如 (device.deviceCategory -eq "<从 Intune 管理控制台获取的设备类别名称>")For example (device.deviceCategory -eq "<the device category name you got from the Intune administration console>")

配置设备组之后After you configure device groups

当 iOS 和 Android 设备的最终用户注册其设备时,他们必须从你配置的类别列表中选择一个类别。When end users of iOS and Android devices enroll their device, they must choose a category from the list of categories you configured. 选择某个类别并完成注册后,他们的设备将添加到与他们选择的类别相对应的 Intune 设备组或 Active Directory 安全组。After they choose a category and finish enrollment, their device is added to the Intune device group, or Active Directory security group that corresponds with the category they chose.

若要向 Windows 设备分配一个类别,注册设备后最终用户必须使用“公司门户”网站 (portal.manage.microsoft.com)。To assign a category to a Windows device, end users must use the Company Portal website (portal.manage.microsoft.com) after enrolling the device. 在 Windows 设备上,访问此网站并转到“菜单” > “我的设备”。On a Windows device, access the website and go to Menu > My Devices. 选择页面上列出的一个已注册设备,然后选择一个类别。Choose an enrolled device listed on the page, then select a category.

选择类别后,该设备将自动添加到你创建的对应组。After choosing a category, the device is automatically added to the corresponding group you created. 在配置类别前,如果设备已经注册,则最终用户将会在“公司门户”网站上看到一个关于此设备的通知,并在下次从 iOS 或 Android 访问“公司门户”应用时被要求选择一个类别。If a device is already enrolled before you configure categories, the end user will see a notification about the device on the Company Portal website, and will be asked to select a category the next time they access the Company Portal app on iOS or Android.

另请参阅See also

通过 Microsoft Intune 使用组来管理用户和设备Use groups to manage users and devices with Microsoft Intune