使用 Microsoft Intune 中的设备注册管理器注册企业自有设备Enroll corporate-owned devices with the device enrollment manager in Microsoft Intune

适用于:经典门户中的 IntuneApplies to: Intune in the classic portal
在寻找有关 Azure 门户中 Intune 的文档吗?Looking for documentation about Intune in the Azure portal? 请转到此处Go here.

组织可以使用 Intune 来管理大量带有单一用户帐户的移动设备。Organizations can use Intune to manage large numbers of mobile devices with a single user account. 设备注册管理器 (DEM) 帐户是可注册最多 1,000 台设备的特殊用户帐户。The device enrollment manager (DEM) account is a special user account that can enroll up to 1,000 devices. 将现有用户添加到 DEM 帐户以向他们提供特殊 DEM 功能。You add existing users to the DEM account to give them the special DEM capabilities. 每台已注册设备均使用单一许可证。Each enrolled device uses a single license. 建议将通过此帐户注册的设备用作共享设备(即没有用户关联),而不是个人 ("BYOD") 设备。We recommend that you use devices enrolled through this account as shared devices (that is, with no user affinity) rather than personal ("BYOD") devices.

用户必须在 Azure 门户中存在才能添加为设备注册管理器。Users must exist in the Azure portal to be added as device enrollment managers. 为获得最佳安全性,DEM 用户也不应是 Intune 管理员。For optimal security, the DEM user should not also be an Intune admin.

备注

DEM 注册方法不能与 Apple Configurator 设置助理直接注册DEP 注册方法共同使用。The DEM enrollment method can't be used with the Apple Configurator Setup Assistant or direct enrollment, or the DEP enrollment method.

设备注册管理器方案示例Example of a device enrollment manager scenario

一家餐厅想为服务员提供 50 台销售点平板电脑,为厨房员工提供订单监视器。A restaurant wants to provide 50 point-of-sale tablets for its wait staff, and order monitors for its kitchen staff. 员工无需访问公司数据或以用户身份登录。The employees never need to access company data or sign in as users. Intune 管理员将创建一个设备注册管理器帐户并向该 DEM 帐户添加餐厅主管,使主管拥有 DEM 功能。The Intune admin creates a device enrollment manager account and adds a restaurant supervisor to the DEM account, in effect giving that supervisor DEM capabilities. 现在主管便可使用 DEM 凭据注册这 50 台平板电脑。The supervisor can now enroll the 50 tablets devices by using the DEM credentials.

只有 Intune 控制台中的用户可以是设备注册管理员。Only users in the Intune console can be device enrollment managers. 设备注册管理器用户不能充当 Intune 管理员。The device enrollment manager user cannot be an Intune admin.

DEM 用户可以:The DEM user can:

  • 在 Intune 中最多注册 1000 台设备Enroll up to 1000 devices in Intune
  • 使用公司门户应用以获得公司应用Use the Company Portal app to get company apps
  • 通过向平板电脑部署特定于角色的应用来配置对公司数据的访问权限Configure access to company data by deploying role-specific apps to the tablets

使用 DEM 帐户注册的设备限制Limitations of devices that are enrolled with a DEM account

使用设备注册管理器帐户注册的设备具有以下限制:Devices that are enrolled with a device enrollment manager account have the following limitations:

  • 没有具体的设备“用户”。There is no specific device "user." 因此,也没有电子邮件或公司数据访问。Therefore, there is no email or company data access. 但是 VPN 等仍可用于向设备应用提供数据访问权限。However VPN, for example, could still be used to provide device apps with access to data.

  • 无条件性访问,因为这些设备按每个用户进行注册。There is no conditional access because these are per-user scenarios.

  • DEM 用户无法在设备本身上使用公司门户注销 DEM 注册的设备。The DEM user can't unenroll DEM-enrolled devices on the device itself by using the Company Portal. Intune 管理员具有此功能,但 DEM 用户没有。The Intune admin has this capability, but the DEM user does not.

  • 公司门户应用或网站中仅显示本地设备。Only the local device appears in the Company Portal app or website.

  • 用户无法使用 Apple 批量购买计划 (VPP) 应用,因为每个用户都需具有 Apple ID 才可管理应用。Users can't use Apple Volume Purchase Program (VPP) apps because of per-user Apple ID requirements for app management.

  • (仅限 iOS)如果使用 DEM 注册 iOS 设备,则无法使用 Apple Configurator 或 Apple Device Enrollment Program (DEP) 注册设备。(iOS only) If you use DEM to enroll iOS devices, you can't use the Apple Configurator or Apple Device Enrollment Program (DEP) to enroll devices.

备注

若要将公司应用部署到设备注册管理器托管的设备,请将公司门户应用作为“必需的安装”部署到此设备注册管理器用户帐户。To deploy company apps to devices that are managed by the device enrollment manager, deploy the Company Portal app as a Required Install to the device enrollment manager's user account. 为提高性能,在 DEM 设备上查看公司门户应用将仅显示本地设备。To improve performance, viewing the Company Portal app on a DEM device shows only the local device. 仅可通过 Intune 管理控制台执行其他 DEM 设备的远程管理。Remote management of other DEM devices can only be done from the Intune admin console.

添加一个设备注册管理器Add a device enrollment manager

  1. 确保想要向 DEM 帐户添加的用户已存在。Ensure that the user that you want to add to the DEM account already exists. 如果需要添加用户,请登录到 Office 365 门户,然后按照向 Office 365 门户逐一或批量添加用户中的步骤进行操作。If you need to add the user, sign in to the Office 365 portal, and follow the steps in Add users individually or in bulk to the Office 365 portal.

  2. 使用管理员凭据登录到 Microsoft Intune 管理控制台Sign in to the Microsoft Intune administration console with your admin credentials.

  3. 在导航窗格中,选择“管理员”,转到“管理员管理”,然后选择“设备注册管理器”。In the navigation pane, choose Admin, go to Administrator Management, and select Device Enrollment Manager. 此时将打开设备注册管理器页。The Device Enrollment Managers page opens.

  4. 选择“添加…”。Choose Add…. 打开“添加设备注册管理员”对话框。The Add Device Enrollment Manager dialog box opens.

  5. 输入 Intune 帐户的“用户 ID”,然后选择“确定”。Enter the User ID of the Intune account, and then choose OK.

    DEM 用户现在可以使用相同的过程注册移动设备,与最终用户在公司门户中针对 BYOD 方案采用的过程相同。The DEM user can now enroll mobile devices by using the same procedure that an end user uses for a BYOD scenario in the Company Portal. 管理器最终用户可以使用 DEM 凭据在多达 1000 台设备上安装公司门户应用并注册设备。The manager end user can install the Company Portal app and enroll the device using her DEM credentials on up to 1000 devices. 若要深入了解用于每个平台的最终用户注册步骤,请参阅:For the end-user enrollment steps for each platform, see:

从 Intune 删除设备注册管理员Delete a device enrollment manager from Intune

  1. 使用管理员凭据登录到 Microsoft Intune 管理门户Sign in to the Microsoft Intune admin portal with your admin credentials.

  2. 在导航窗格中,选择“管理员”,转到“管理员管理”,然后选择“设备注册管理器”。In the navigation pane, choose Admin, go to Administrator Management, and select Device Enrollment Manager. 此时将打开设备注册管理器页。The Device Enrollment Managers page opens.

  3. 选择要删除的设备注册管理员“用户”,然后选择“删除”。Select the device enrollment manager User that you want to delete, and then choose Delete. 不会从 Intune 中删除此用户,并且此用户管理的设备仍将在 Intune 中处于注册状态。This user won’t be deleted from Intune, and the devices this user manages will remain enrolled in Intune. 删除设备注册管理员可防止该用户在 Intune 中注册更多设备。Deleting a device enrollment manager prevents that user from enrolling more devices in Intune.

  4. 选择“是”,确认删除此设备注册管理器。Choose Yes to confirm that you want to delete the device enrollment manager.

删除设备注册管理器不会影响注册的设备。Deleting a device enrollment manager does not affect enrolled devices. 删除设备注册管理器时:When a device enrollment manager is deleted:

  • 已注册设备均不会受到影响。No enrolled devices are affected.

  • 仍能继续完全管理已注册设备。Enrolled devices continue to be fully managed.

  • 已删除的设备注册管理器帐户凭据仍有效,能够登录到公司门户来访问应用。The deleted device enrollment manager account credentials remain valid to sign in to the Company Portal to access apps.

  • 已删除的设备注册管理器帐户凭据仍无法擦除或停用设备。The deleted device enrollment manager account credentials still cannot wipe or retire devices.

  • 已删除的设备注册管理器帐户与已注册设备的关系仍存在,但不可以注册任何其他设备。The deleted device enrollment manager account’s relationship to enrolled devices remains, but no additional devices can be enrolled.