在 Intune 中注册设备以进行管理Enroll devices for management in Intune

适用于:经典门户中的 IntuneApplies to: Intune in the classic portal
在寻找有关 Azure 门户中 Intune 的文档吗?Looking for documentation about Intune in the Azure portal? 请转到此处Go here.

可注册包括 Windows 电脑在内的设备,使用 Microsoft Intune 启用移动设备管理 (MDM)。You can enroll devices, including Windows PCs, to enable mobile device management (MDM) with Microsoft Intune. 本主题介绍了在 Intune 管理中注册移动设备的不同方法。This topic describes different ways to enroll mobile devices in Intune management. 注册设备的方式取决于设备类型、所有权和所需管理级别。The way you enroll your devices depends on the device type, ownership, and the level of management that's needed. “自带设备办公”(BYOD) 注册允许用户注册其个人电话、平板电脑或电脑。"Bring your own device" (BYOD) enrollment lets users enroll their personal phones, tablets, or PCs. 通过公司自有设备 (COD) 注册,可实现自动注册、共享设备或预授权注册要求等管理方案。Corporate-owned device (COD) enrollment enables management scenarios like automatic enrollment, shared devices, or pre-authorized enrollment requirements.

若使用 Exchange ActiveSync(在本地或在云中承载),无需注册就可启用简单的 Intune 管理。If you use Exchange ActiveSync, either on-premises or hosted in the cloud, you can enable simple Intune management without enrollment. 还可以使用 Intune 客户端软件管理 Windows 电脑。Windows PCs can also be managed using Intune client software.

默认情况下,适用于所有平台的设备都可在 Intune 中进行注册。By default, devices for all platforms are allowed to enroll in Intune. 若要阻止设备注册,请使用管理员凭据登录 Microsoft Intune 管理门户To block devices from enrolling, sign to the Microsoft Intune admin portal with your admin credentials. 选择“管理” > “移动设备管理” > “注册规则”,然后清除要阻止的平台对应的复选框。Choose Admin > Mobile Device Management > Enrollment Rules and then clear the applicable check boxes for the platforms that you want to block.

设备注册方法概述Overview of device enrollment methods

下表列出了 Intune 注册方法、支持的功能以及每个方法的要求。The following table shows Intune enrollment methods and the supported capabilities and requirements of each method. 功能和要求如下所述。The capabilities and requirements are described below.

  • 擦除 - 指示是否需要擦除设备后才使用户可注册设备。Wipe - Indicates whether the device needs to be wiped before users can enroll the device. 术语“擦除”意味着对设备恢复出厂设置,这将删除所有数据。The term "wipe" means a factory reset of the device, which removes all data. 有关详细信息,请参阅停用设备For more information, see Retire devices.
  • 关联 - 将设备与用户关联。Affinity - Associates devices with users. 对于移动应用程序管理 (MAM) 和公司数据的条件访问是必需的。Required for mobile application management (MAM) and conditional access to company data. 有关详细信息,请参阅用户关联For more information, see User affinity.
  • 锁定 - 指示是否阻止用户使用本机操作系统菜单取消注册其设备。Lock - Indicates if users are prevented from unenrolling their devices using native operating system menus. 用户可使用公司门户应用在所有平台上取消注册其设备。Users can unenroll their devices on all platforms by using their Company Portal app.

iOS 注册方法iOS enrollment methods

方法Method 需要擦除?Wipe required? 相关性Affinity 锁定Lock 详细信息Details
BYODBYOD No Yes No 详细信息More information
DEMDEM No No No 详细信息More information
DEPDEP Yes 可选Optional 可选Optional 详细信息More information
USB-SAUSB-SA Yes 可选Optional No 详细信息More information
USB-DirectUSB-Direct No No No 详细信息More information

Windows 注册方法Windows enrollment methods

方法Method 需要擦除?Wipe required? 相关性Affinity 锁定Lock 详细信息Details
BYODBYOD No Yes No 详细信息More information
DEMDEM No No No 详细信息More information

Android 注册方法Android enrollment methods

方法Method 需要擦除?Wipe required? 相关性Affinity 锁定Lock 详细信息Details
BYODBYOD No Yes No 详细信息More information
DEMDEM No No No 详细信息More information

Android for Work 注册方法Android for Work enrollment methods

方法Method 需要擦除?Wipe required? 相关性Affinity 锁定Lock 详细信息Details
BYODBYOD No Yes No 详细信息More information
DEMDEM No No No 详细信息More information

macOS 注册方法macOS enrollment methods

方法Method 需要擦除?Wipe required? 相关性Affinity 锁定Lock 详细信息Details
BYODBYOD No Yes No 详细信息More information

若要了解有助于找到适当方法的一系列问题,请参阅选择如何注册设备For a series of questions that help you find the right method, see Choose how to enroll devices.

BYODBYOD

“自带设备办公”用户安装公司门户应用并注册其设备。"Bring your own device" users install the Company Portal app and enroll their device. 这让用户可连接到公司网络,并加入该域或 Azure Active Directory。This enables users to connect to the company network and join the domain or Azure Active Directory. 对于大多数平台,需要为许多 COD 方案启用 BYOD 注册。For most platforms, you have to enable BYOD enrollment for many COD scenarios. 有关详细信息,请参阅设备注册的先决条件For more information, see Prerequisites for device enrollment. 返回到表(Go back to the table)

企业持有设备Corporate-owned devices

可以通过使用 Intune 控制台管理公司拥有的设备 (COD)。Corporate-owned devices (COD) can be managed by using the Intune console. 可以直接通过 Apple 提供的工具注册 iOS 设备。iOS devices can be enrolled directly through the tools that are provided by Apple. 管理员或经理可以使用设备注册管理器注册所有设备类型。All device types can be enrolled by an admin or manager using the device enrollment manager. 具有 IMEI 号码的设备也可以标识并标记为公司拥有,以实现 COD 方案。Devices with an IMEI number can also be identified and tagged as company-owned to enable COD scenarios.

有关详细信息,请参阅注册公司拥有的设备For more information, see Enroll corporate-owned devices.

DEMDEM

设备注册管理员是一个特殊的 Intune 帐户,用于注册和管理多个公司拥有的设备。Device enrollment manager is a special Intune account that's used to enroll and manage multiple corporate-owned devices. 管理员可安装公司门户并注册多个无用户设备。Managers can install the Company Portal and enroll many user-less devices. 了解有关 DEM 的详细信息。Learn more about DEM. 返回到表(Go back to the table)

DEPDEP

通过 Apple 设备注册计划 (DEP) 管理,可“无线”创建策略并将其部署到通过 DEP 购买和管理的 iOS 设备。Apple Device Enrollment Program (DEP) management lets you create and deploy policy “over the air” to iOS devices that are purchased and managed with DEP. 用户第一次开启设备并运行 iOS 设置助理时,将注册设备。The device is enrolled when users turn on the device for the first time and run iOS Setup Assistant. 此方法支持 iOS 监督模式,此模式又允许:This method supports iOS Supervised mode, which in turn enables:

  • 锁定注册Locked enrollment
  • 展台模式以及其他高级配置和限制Kiosk mode and other advanced configurations and restrictions

了解有关 DEP 的详细信息。Learn more about DEP. 返回到表(Go back to the table)

USB-SAUSB-SA

IT 管理员通过 USB 使用 Apple Configurator 手动准备每台公司自有设备,以便使用设备助理进行注册。IT admins use Apple Configurator, via USB, to prepare each corporate-owned device manually for enrollment using Setup Assistant. IT 管理员创建注册配置文件并将其导出到 Apple Configurator。The IT admin creates an enrollment profile and exports it to Apple Configurator. 用户收到设备时,系统随后会提示其运行设备助理来注册设备。When users receive their devices, they are then prompted to run Setup Assistant to enroll their device. 此方法支持 iOS 监督模式,此模式又允许:This method supports iOS Supervised mode, which in turn enables:

  • 锁定注册Locked enrollment
  • 展台模式以及其他高级配置和限制Kiosk mode and other advanced configurations and restrictions

了解有关使用 Apple Configurator 设置助理注册的详细信息。Learn more about Setup Assistant enrollment with Apple Configurator. 返回到表(Go back to the table)

USB-DirectUSB-Direct

对于直接注册,管理员必须创建注册策略并将其导出到 Apple Configurator,进而手动注册每台设备。For direct enrollment, the admin must enroll each device manually by creating an enrollment policy and exporting it to Apple Configurator. 连接了 USB 的公司拥有的设备可直接进行注册,无需恢复出厂设置。USB-connected, corporate-owned devices are enrolled directly and don't require a factory reset. 这些设备作为无用户设备进行管理。Devices are managed as user-less devices. 它们未锁定、不受监控,且无法支持条件性访问、越狱检测或移动应用管理。They are not locked or supervised and cannot support conditional access, jailbreak detection, or mobile application management. 了解有关使用 Apple Configurator 直接注册的详细信息。Learn more about direct enrollment with Apple Configurator. 返回到表(Go back to the table)

使用 Exchange ActiveSync 和 Intune 管理移动设备Mobile device management with Exchange ActiveSync and Intune

可以使用 EAS MDM 策略,通过 Intune 管理未注册、但连接到 Exchange ActiveSync (EAS) 的移动设备。Mobile devices that aren't enrolled but that connect to Exchange ActiveSync (EAS) can be managed by Intune using EAS MDM policy. Intune 使用 Exchange Connector 与 EAS 在本地或云托管环境中进行通信。Intune uses an Exchange Connector to communicate with EAS, either on-premises or cloud-hosted. 有关详细信息,请参阅使用 Exchange ActiveSync 和 Intune 管理移动设备For more information, see Mobile device management with Exchange ActiveSync and Intune.

使用 Intune 管理 Windows 电脑Windows PC management with Intune

还可以使用 Microsoft Intune 管理使用 Intune 客户端软件的 Windows 电脑。You can also use Microsoft Intune to manage Windows PCs with the Intune client software. 使用 Intune 客户端管理的电脑可以:PCs that are managed with the Intune client can:

  • 报告软件和硬件清单Report software and hardware inventories
  • 安装桌面应用程序(例如 .exe 和 .msi 文件)Install desktop applications (for example .exe and .msi files)
  • 管理防火墙设置Manage firewall settings

使用 Intune 客户端软件管理的电脑不能完全擦除,但可以选择性擦除。PCs that are managed with the Intune client software cannot be fully wiped, although selective wipe is available. 使用 Intune 软件客户端管理的电脑不能利用许多 Intune 管理功能,如条件访问、VPN 和 Wi-Fi 设置或证书和电子邮件配置的部署。PCs managed with the Intune software client cannot take advantage of many Intune management features such as conditional access, VPN and Wi-Fi settings, or deployment of certificates and email configurations. 有关详细信息,请参阅使用 Intune 管理 Windows 电脑For more information, see Manage Windows PCs with Intune.

支持的设备平台Supported device platforms

Intune 可以管理以下设备平台:Intune can manage the following device platforms:

AppleApple

  • Apple iOS 9.0 及更高版本Apple iOS 9.0 and later
  • Mac OS X 10.9 及更高版本Mac OS X 10.9 and later

WindowsWindows

  • 运行 Windows 10(家庭版、专业版、教育版和企业版)的电脑PCs running Windows 10 (Home, Pro, Education, and Enterprise versions)
  • Windows 10 移动版Windows 10 Mobile
  • 运行 Windows 10 IoT 企业版的设备(x86、x64)Devices running Windows 10 IoT Enterprise (x86, x64)
  • 运行 Windows 10 IoT 移动企业版的设备Devices running Windows 10 IoT Mobile Enterprise
  • Windows 全息版和 Windows 全息企业版Windows Holographic & Windows Holographic Enterprise
  • Windows Phone 8.1、Windows 8.1 RT 及运行 Windows 8.1(持续模式)的电脑Windows Phone 8.1, Windows 8.1 RT, and PCs running Windows 8.1 (Sustaining mode)

    拥有企业移动性 + 安全性 (EMS) 的客户还可以使用 Azure Active Directory (AAD) 注册 Windows 10 设备Customers with Enterprise Management + Security (EMS) can also use Azure Active Directory (AAD) to register Windows 10 devices.

    也可使用 Intune 软件客户端管理 Windows 7 和更高版本的电脑,Windows 10 家庭版除外。Windows 7 and later PCs, with the exception of Windows 10 Home edition, can also be managed with the Intune software client.

GoogleGoogle

  • Google Android 4.0 及更高版本(包括 Samsung KNOX Standard 4.0 及更高版本)Google Android 4.0 and later (including Samsung KNOX Standard 4.0 and higher)
  • Google 的 Android for Work(要求Google Android for Work (requirements)

Samsung Galaxy Ace 电话的以下型号都不能由 Intune 作为 Samsung KNOX Standard 设备进行管理:SM-G313HU、SM-G313HY、SM-G313M、SM-G313MY 和 SM-G313U。The following models of the Samsung Galaxy Ace phone cannot be managed by Intune as Samsung KNOX Standard devices: SM-G313HU, SM-G313HY, SM-G313M, SM-G313MY, and SM-G313U. 这些设备作为标准的 Android 设备进行管理。These devices are managed as standard Android devices. 有关详细信息,请参阅 Samsung KNOX 网站See the Samsung KNOX website for more information.

有关设备和管理方法的完整列表,请参阅 Intune 支持的设备For a full list of devices and management methods, see Intune supported devices.

后续步骤Next steps