在 Microsoft Intune 中部署和监视设备法规遵从性策略Deploy and monitor a device compliance policy in Microsoft Intune

适用于:经典门户中的 IntuneApplies to: Intune in the classic portal
在寻找有关 Azure 门户中 Intune 的文档吗?Looking for documentation about Intune in the Azure portal? 请转到此处Go here.

部署合规性策略Deploy a compliance policy

将你创建的合规性策略部署到组织中的一个或多个用户组。Deploy the compliance policy that you created to one or more groups of users in your organization. 将合规性策略部署到用户后,会对用户设备检查合规性。When a compliance policy is deployed to a user, the user's devices are checked for compliance.

  1. 在“策略”工作区中,选择想要部署的策略,然后选择“管理部署”。In the Policy workspace, select the policy you want to deploy, and then choose Manage Deployment. 合规性策略页面的屏幕截图,显示顶部的“管理部署”菜单选项Screenshot of the compliance policy page showing the Manage Deployment menu option at the top

  2. 在“管理部署”对话框中,选择要对其部署策略的一个或多个组,然后选择“添加” > “确定”。In the Manage Deployment dialog box, choose one or more groups to which you want to deploy the policy, and then choose Add > OK. “管理部署”对话框的屏幕截图使用刚才创建的 Active Directory 组并同步到 Intune,或在 Intune 控制台中手动创建这些组。Screenshot of the Manage Deployment dialog box Use Active Directory groups that you have already created and synced to Intune, or create these groups manually in the Intune console. 若要了解有关如何部署策略的详细信息,请参阅部署配置策略To learn more about how to deploy policies, see Deploy a configuration policy.

使用“策略”工作区“概述”页的状态摘要和警报来识别需要关注的策略问题。Use the status summary and alerts on the Overview page of the Policy workspace to identify problems with the policy that need your attention. 此外,状态摘要会显示在“仪表板” 工作区中。Additionally, a status summary appears in the Dashboard workspace.

重要

如果尚未部署合规性策略,但是启用了 Exchange 条件访问策略,则所有目标设备都将获得访问权限。If you have not deployed a compliance policy and you enable an Exchange conditional access policy, all targeted devices will have access.

监视合规性策略Monitor the compliance policy

要查看不符合法规遵从性策略的设备To view devices that do not conform to a compliance policy

  1. Microsoft Intune 管理控制台中,选择“组” > “所有设备”。In the Microsoft Intune administration console, choose Groups > All Devices.

  2. 双击设备列表中设备的名称。Double-click the name of a device in the list of devices.

  3. 选择“策略”选项卡以查看该设备的策略列表。Choose the Policy tab to see a list of the policies for that device.

  4. 从“筛选器”下拉列表中,选择“不符合合规性策略”。From the Filters drop-down list, choose Does not conform to compliance policy. 显示筛选器列表中的选项列表的屏幕截图Screenshot that shows the list of options in the filters list

查看运行状况证明报告To view the health attestation reports

  1. Microsoft Intune 管理控制台中,选择“报告”。In the Microsoft Intune administration console, choose Reports.

  2. 在“运行状况证明报告 - 创建新的报告”页面,可以查看 Intune 收集的包含所有 Windows 10 运行状况证明数据的报告。On the Health Attestation Report - Create a new report page, you can view a report with all the Windows 10 health attestation data that Intune has collected. 也可以使用筛选器创建包含数据子集的报告。You can also create a report with a subset of the data by using filters. 筛选器可基于设备类型、操作系统或数据点子集。The filters can be based on the type of device, the operating system, or only a subset of data points.

Intune 如何解决策略冲突How Intune resolves policy conflicts

多个 Intune 策略应用到设备时可能会发生策略冲突。Policy conflicts can occur when multiple Intune policies are applied to a device. 如果策略设置重叠,Intune 将使用以下规则解决所有冲突:If the policy settings overlap, Intune resolves any conflicts by using the following rules:

  • 如果冲突的设置来自 Intune 配置策略和合规性策略,那么合规性策略中的设置优先于配置策略中的设置。If the conflicting settings are from an Intune configuration policy and a compliance policy, the settings in the compliance policy take precedence over the settings in the configuration policy. 即使配置策略中的设置更安全,也会发生这种情况。This happens even if the settings in the configuration policy are more secure.

  • 如果部署了多个合规性策略,Intune 将使用其中最安全的策略。If you have deployed multiple compliance policies, Intune will use the most secure of these policies.

后续步骤Next steps

若要了解如何将合规性策略与条件访问策略配合使用,以控制对组织中服务的访问,请参阅限制对电子邮件和 O365 服务的访问To learn how to use the compliance policy with conditional access policies to control access to services in your organization, see Restrict access to email and O365 services.

另请参阅See also

Intune 中的设备合规性策略简介Introduction to device compliance polices in Intune