通过 Microsoft Intune 的绕过激活锁定帮助保护 iOS 设备Help protect iOS devices with Activation Lock bypass for Microsoft Intune

适用于:经典门户中的 IntuneApplies to: Intune in the classic portal
在寻找有关 Azure 门户中 Intune 的文档吗?Looking for documentation about Intune in the Azure portal? 请转到此处Go here.

Microsoft Intune 可以帮助你管理 iOS 激活锁定,它具有 iOS 8.0 和更高版本设备上的“查找我的 iPhone”应用的功能。Microsoft Intune can help you manage iOS Activation Lock, a feature of the Find My iPhone app for iOS 8.0 and later devices. 当用户在设备上打开了“查找我的 iPhone”应用时,激活锁定将自动启用。Activation Lock is enabled automatically when a user opens the Find My iPhone app on a device. 启用后,任何人都必须先输入用户的 Apple ID 和密码,然后才能执行以下操作:After it is enabled, the user's Apple ID and password must be entered before anyone can:

  • 关闭“查找我的 iPhone”Turn off Find My iPhone

  • 擦除设备Erase the device

  • 重新激活设备Reactivate the device

激活锁定对你有何影响How Activation Lock affects you

尽管激活锁定可帮助保护 iOS 设备的安全,并可提高找回丢失和被盗设备的几率,但对于 IT 管理员来说,此功能仍然带来了许多挑战。While Activation Lock helps secure iOS devices and improves the chances of recovering a lost or stolen device, this capability can present you, as an IT admin, with a number of challenges. 例如:For example:

  • 某个用户在设备上设置了激活锁定。A user sets up Activation Lock on a device. 该用户之后离开了公司并返回使用其设备。The user then leaves the company and returns the device. 如果不提供用户的 Apple ID 和密码,则不能重新激活该设备。Without the user's Apple ID and password, there is no way to reactivate the device.

  • 你需要报告启用了激活锁定的所有设备。You need a report of all devices that have Activation Lock enabled.

  • 更新你组织中的设备分配情况时,你希望将某些设备分配重新给另一个部门。You want to reassign some devices to a different department during a device refresh in your organization. 你只能重新分配未启用激活锁定的设备。You can only reassign devices that do not have Activation Lock enabled.

为了帮助解决这些问题,Apple 在 iOS 7.1 中引入了绕过激活锁定。To help solve these problems, Apple introduced Activation Lock bypass in iOS 7.1. 借助此功能,你无需用户的 Apple ID 和密码即可删除监管设备中的激活锁定。This lets you remove the Activation Lock from supervised devices without the user's Apple ID and password. 监管设备可以生成设备特定的绕过激活锁定代码,该代码存储在 Apple 的激活服务器上。Supervised devices can generate a device-specific Activation Lock bypass code, which is stored on Apple's activation server.

提示

在 iOS 设备的监管模式下,你可以使用 Apple Configurator 来锁定设备,以将设备的功能限制为完成特定的业务目的。Supervised mode for iOS devices lets you use Apple Configurator to lock down a device and limit functionality to specific business purposes. 监管模式通常仅适用于公司拥有的设备。Supervised mode is generally only for corporate-owned devices.

可以在 此处阅读有关激活锁定的详细信息。You can read more about Activation Lock here.

Intune 如何帮助你管理激活锁定How Intune helps you manage Activation Lock

Intune 可以请求运行 iOS 8.0 和更高版本的监管设备的激活锁定状态。Intune can request the Activation Lock status of supervised devices that run iOS 8.0 and later. 仅就监管设备而言,Intune 可以检索绕过激活锁定代码并直接将代码发布到设备。For supervised devices only, Intune can retrieve the Activation Lock bypass code and directly issue it to the device. 如果已擦除设备,可通过使用空的用户名和代码作为密码来直接访问设备。If the device has been wiped, you can directly access the device by using a blank user name and the code as the password.

此功能的业务优势有The business benefits of this are:

  • 用户能够获得 Find My iPhone 应用所具有的安全优势。The user gets the security benefits of the Find My iPhone app.

  • 你可以让用户在知道如下事实的情况下进行工作:当需要重新调整设备的用途时,可以停用或解锁设备。You can enable users to do their work and know that when a device needs to be re-purposed, you can retire or unlock it.

开始之前Before you start

必须先在设备上启用“激活锁定”,然后才能绕过它。Before you can bypass Activation Lock on devices, you must enable it first. 为此,请执行以下操作:To do this:

  1. 使用主题使用 Microsoft Intune 策略管理设备上的设置和功能中的信息。Use the information in the topic Manage settings and features on your devices with Microsoft Intune policies.
  2. 在设置页面的“注册”部分中,将设置“允许在设备处于监督模式时使用激活锁定”配置为“是”。In the Enrollment section, of the settings page, configure the setting Allow Activation Lock when the device is in supervised mode to Yes.
  3. 保存策略,然后将其部署到要对其管理“激活锁定”绕过的设备。Save the policy, and deploy it to the devices on which you want to manage Activation Lock bypass.

如何从 Intune 管理员控制台使用绕过激活锁定How to use Activation Lock bypass from the Intune admin console

重要

绕过设备上的激活锁定后,如果“查找我的 iPhone”应用处于打开状态,将自动应用新的激活锁定。After you bypass the Activation Lock on a device, a new Activation Lock is automatically applied if the Find My iPhone app is opened. 因此,你应实际拥有该设备,才能执行此过程Because of this, you should be in physical possession of the device before you follow this procedure.

  1. Microsoft Intune 管理控制台中,选择 > 所有设备 > 公司拥有的所有设备In the Microsoft Intune administration console, choose Groups > All Devices > All Corporate-owned Devices.

  2. 选择想要绕过其“激活锁定”的设备。Select the device whose Activation Lock you want to bypass. 选择“绕过激活锁定”。Choose Activation Lock Bypass.

  3. 阅读警告消息。Read the warning message. 选择“是”以继续。Choose Yes to proceed.

你可以在设备的详细信息页上查看解锁请求的状态。You can examine the status of the unlock request on the details page for the device.

如何查看哪些设备正在使用激活锁定How to see which devices are using Activation Lock

有两种方式可以查看哪些设备正在使用激活锁定:You can see which devices are using Activation Lock in two ways:

  • 运行“移动设备清单报告” 。Run the Mobile Device Inventory Reports. 此报告将通过显示“激活锁定状态”和“监管”列来指示设备的状态。This report displays the Activation Lock Status and Supervised columns to indicate the state of devices. “监管” 的值为“是” 或“否” ,“激活锁定状态” 的值为:The values for Supervised are Yes or No, and the values for Activation Lock Status are:

    • 已使用绕过代码启用Enabled with bypass code

    • 未使用绕过代码启用(未监管设备)Enabled without bypass code (device is not supervised)

    • 未使用旁路代码启用(无法到达设备)Enabled without bypass code (device cannot be reached)

    • 未启用Not enabled

    对于不运行 iOS 8.0 或更高版本的设备而言,“激活锁定状态”框为空。The Activation Lock Status box is blank for devices that do not run iOS 8.0 or later.

  • 在组视图中选择一个设备以在“设备详细信息”窗格中查看激活锁定状态。Select a device in a groups view to see the Activation Lock status in the device details pane.

    如果选择“公司拥有的所有设备”节点中的设备,并为该设备启用了激活锁定,则还可以看到绕过代码。If you select a device in the All Corporate-owned Devices node and Activation Lock is enabled for the device, you can also see the bypass code. 此代码可用于手动发布绕过激活锁定命令。This code can be used to manually issue an Activation Lock bypass.

    重要

    Intune 每七天从设备中对激活锁定执行一次清查。Intune takes inventory from devices for Activation Lock every seven days. 因此,设备可能无法在 Intune 控制台中立即显示其激活锁定状态。Because of this, devices might not immediately be displayed with their Activation Lock status in the Intune console.

另请参阅See also

停用设备 使用远程锁定和密码重置功能帮助保护设备Retire devices Help protect your devices with remote lock and passcode reset