在 Microsoft Intune 中注册企业所有的 iOS 设备Enroll corporate-owned iOS devices in Microsoft Intune

适用于:经典控制台中的 IntuneApplies to: Intune in the classic console
正在查找有关 Azure 中的 Intune 的文档?Looking for documentation about Intune on Azure? 请转到此处Go here.

Microsoft Intune 支持注册公司所有的 iOS 设备,方法是使用 Apple 的设备注册程序 (DEP),或在 Mac 计算机上运行的 Apple 配置器工具。Microsoft Intune supports the enrollment of corporate-owned iOS devices through the Apple Device Enrollment Program (DEP) or the Apple Configurator tool running on a Mac computer.

先决条件:Apple Push Notification 服务证书Prerequisite: An Apple Push Notification service certificate

可通过以下三种方式之一注册公司拥有的 iOS 设备:You can enroll corporate-enrolled iOS devices by using one of three methods:

  • Apple Configurator,使用设置助理或直接注册Apple Configurator, using either Setup Assistant or direct enrollment
  • 设备注册计划Device enrollment program
  • 公司门户应用Company Portal app
备注

Apple Configurator 和设备注册计划注册方法不能与设备注册管理器方法共同使用。The Apple Configurator and Device Enrollment Program enrollment methods can't be used with the device enrollment manager method.

默认情况下,所有 iOS 设备都可在 Intune 中进行注册。By default, all iOS devices are allowed to enroll in Intune. 若要阻止个人或公司拥有的设备进行注册,请使用管理员凭据登录 Microsoft Intune 管理门户To block personal or corporate-owned devices from enrolling, sign to the Microsoft Intune admin portal with your admin credentials. 选择“管理” > “移动设备管理” > “注册规则”,然后清除相应选项。Choose Admin > Mobile Device Management > Enrollment Rules and then clear the applicable options.

使用 Apple 配置器Use Apple Configurator

可通过导出公司注册配置文件,然后将那些移动设备连接到运行 Apple 配置器的 Mac 来注册 iOS 设备。You can enroll iOS devices by exporting a Corporate Enrollment profile and then connecting those mobile devices to a Mac that is running Apple Configurator. Apple 配置器支持两种形式的注册:Apple Configurator supports two forms of enrollment:

  • 设置助理注册”:将设备重置为出厂设置,使其准备好由设备的新用户进行设置。Setup Assistant enrollment: Resets the device to factory settings and prepares it for setup by the device's new user. 此方法要求管理员通过 USB 将 iOS 设备连接到运行 Apple 配置器 的 Mac 计算机以预配置注册。This method requires the admin to connect the iOS device through USB to a Mac computer running Apple Configurator to preconfigure the enrollment. 然后,将设备提供给运行设置助理过程的用户。Devices are then delivered to their users, who run the Setup Assistant process. 此过程使用工作或学校凭据配置该设备,并完成注册过程。This process configures the device with their work or school credentials and completes the enrollment process. 有关详细信息,请参阅使用 Apple 配置器和设置助理注册 iOS 设备For more information, see Enroll iOS devices using Apple Configurator and Setup Assistant.

  • 直接注册:在设备准备过程中创建 Apple 配置器兼容文件以供使用。Direct enrollment: Creates an Apple Configurator–compliant file for use during device preparation. 已注册设备没有进行出厂重置,但没有用户隶属关系。The enrolled device isn’t factory reset, but it has no user affiliation. 此方法要求管理员通过 USB 将 iOS 设备连接到运行 Apple 配置器的 Mac 计算机以注册设备。This method requires the admin to connect the iOS device through USB to a Mac computer running Apple Configurator to enroll the device. 有关详细信息,请参阅使用 Apple 配置器直接注册注册 iOS 设备For more information, see Enroll iOS devices using Apple Configurator Direct Enrollment.

使用设备注册程序 (DEP)Use the Device Enrollment Program (DEP)

DEP 将注册配置文件“无线”部署到通过 DEP 购买的设备。DEP deploys an enrollment profile “over the air” to devices that are purchased through DEP. 用户在设备上运行设置助理时,设备会在 Intune 中进行注册。When a user runs Setup Assistant on the device, the device is enrolled in Intune. 有关详细信息,请参阅注册设备注册程序 iOS 设备For more information, see Enroll Device Enrollment Program iOS devices.

在注册了 DEP 或 Apple 配置器的设备上使用公司门户Use the Company Portal on DEP-enrolled or Apple Configurator-enrolled devices

配置了用户关联的设备可以安装和运行公司门户应用,以下载应用和管理设备。Devices that are configured with user affinity can install and run the Company Portal app to download apps and manage devices. 用户收到设备后,必须完成一些其他步骤,以便完成设置助理并安装公司门户应用。After users receive their devices, they must complete a number of additional steps to complete the Setup Assistant and install the Company Portal app.

需要关联用户才可支持以下内容:User affinity is required to support the following:

  • 移动应用程序管理 (MAM) 应用Mobile application management (MAM) apps
  • 对电子邮件和公司数据的条件性访问Conditional access to email and company data
  • 公司门户应用Company Portal app

用户如何注册具有用户关联的公司所有的 iOS 设备How users enroll corporate-owned iOS devices with user affinity

  1. 用户打开设备时,系统会提示其完成设置助理。When users turn on their device, they are prompted to complete the Setup Assistant. 安装过程中,系统会提示用户输入其凭据。During setup, users are prompted for their credentials. 用户必须使用与其在 Intune 中的订阅相关的凭据(即唯一的个人名称或 UPN)。They must use the credentials (i.e. the unique personal name or UPN) that are associated with their subscription in Intune.

  2. 安装过程中,系统会提示用户输入 Apple ID。During setup, users are prompted for an Apple ID. 必须提供 Apple ID 才能允许设备安装公司门户。They must provide an Apple ID to allow the device to install the Company Portal. 设置完成后,他们还可以提供 iOS 设置菜单中的 ID。They can also provide the ID from the iOS settings menu after setup is finished.

  3. 完成设置后,iOS 设备必须从应用商店安装公司门户应用。After completing setup, the iOS device must install the Company Portal app from the App Store.

  4. 现在用户可以使用在设置设备时使用的 UPN 登录公司门户。The user can now sign in to the Company Portal by using the UPN that they used when setting up the device.

  5. 登录后,系统会提示用户注册其设备。After logging in, the user is prompted to enroll their device. 第一步是识别其设备。The first step is to identify their device. 应用会提供一份已为公司注册并已被分配到用户的 Intune 帐户的 iOS 设备列表。The app presents a list of iOS devices that have already been corporate enrolled and assigned to the user’s Intune account. 他们应选择匹配的设备。They should choose the matching device.

    如果该设备还不是公司注册的设备,他们应选择“新设备”以使用标准注册流程继续操作。If this device is not already corporate enrolled, they should choose new device to continue with the standard enrollment flow.

  6. 在下一个屏幕上,用户必须确认新设备的序列号。On the next screen, the user must confirm the serial number of the new device. 用户可以点击“确认序列号”链接以启动设置应用来验证序列号。The user can tap the link confirm the Serial Number to launch the Settings app to verify the serial number. 然后用户必须将序列号的最后 4 个字符输入到公司门户应用中。The user must then enter the last four characters of the serial number into the Company Portal app.

    此步骤验证该设备是否是在 Intune 中注册的企业设备。This step verifies that the device is the corporate device enrolled in Intune. 如果设备上的序列号不匹配,则选择了错误的设备。If the serial number on the device does not match, the wrong device was selected. 用户需返回到上一屏幕并选择其他设备。The user should go back to the previous screen and select a different device.

  7. 验证序列号后,公司门户应用将重定向到公司门户网站以完成注册。After the serial number is verified, the Company Portal app redirects to the Company Portal website to finalize enrollment. 然后该网站会提示用户返回到应用。Then the website prompts the user to return to the app.

  8. 注册现已完成。Enrollment is now complete. 现在用户可以使用此设备的完整功能集。The user can now use this device with the full set of capabilities.

有关无用户关联的企业拥有的托管设备About corporate-owned managed devices with no user affinity

配置为无用户关联的设备不支持公司门户,并且不应安装应用。Devices that are configured with no user affinity do not support the Company Portal and should not have the app installed. 公司门户适用于具有企业凭据的用户,并且需要访问个性化企业资源(例如邮件)的权限。The Company Portal is designed for users who have corporate credentials and require access to personalized corporate resources (e.g. email). 注册为无用户关联的设备并不具有专用的用户登录。Devices that are enrolled with no user affinity are not intended to have a dedicated user sign in. 展台、销售点 (POS) 或共享实用程序设备是注册为“无用户关联”的设备的典型用例。Kiosk, point of sale (POS), or shared-utility devices are typical use cases for devices that are enrolled with no user affinity.

如果需要用户关联,注册设备前请确保设备的注册配置文件选中“用户关联”。If user affinity is required, be sure that the device’s enrollment profile has User Affinity selected before enrolling the device. 若要更改设备的关联状态,必须停用并重新注册设备。To change the affinity status on a device, you must retire the device and reenroll it.

另请参阅See also

在 Microsoft Intune 中注册设备的先决条件Prerequisites for enrolling devices in Microsoft Intune

要提交产品反馈,请访问 Intune Feedback