Microsoft Intune 中的设备合规性策略Device compliance policies in Microsoft Intune

适用于:经典门户中的 IntuneApplies to: Intune in the classic portal
在寻找有关 Azure 门户中 Intune 的文档吗?Looking for documentation about Intune in the Azure portal? 请转到此处Go here.

什么是合规性策略?What is a compliance policy?

若要帮助保护公司数据,则需确保用于访问公司应用和数据的设备符合特定规则。To help protect company data, you need to make sure that the devices used to access company apps and data comply with certain rules. 这些规则可能包括使用 PIN 访问设备和加密存储在设备上的数据。These rules might include using a PIN to access devices and encrypting data stored on devices. 一组这样的规则就称为合规性策略。A set of such rules is called a compliance policy.

应如何使用合规性策略?How should I use compliance policies?

可以将合规性策略与条件性访问策略结合使用,以便只允许符合合规性策略规则的设备访问电子邮件和其他服务。You can use compliance policies with conditional access policies to allow only devices that comply with compliance policy rules to access email and other services. 若要了解如何将这两种策略结合使用,请阅读限制对电子邮件和 O365 服务的访问To learn how the two policies can be used together, read the Restrict access to email and O365 services article.

还可以使用独立于条件性访问的合规性策略。You can also use compliance policies independently of conditional access. 独立使用合规性策略时,会评估目标设备并报告其相容性状态。When you use compliance policies independently, the targeted devices are evaluated and reported with their compliance status. 例如,你可能要报告未加密的设备数,或哪些设备已越狱或取得 root 权限。For example, you might want to report about how many devices are not encrypted, or which devices are jailbroken or rooted. 但是独立使用合规性策略时,不会实施对公司资源的访问限制。But when you use compliance policies independently, no access restrictions to company resources are in place.

将合规性策略部署到用户。You deploy compliance policies to users. 将合规性策略部署到用户后,会对用户设备检查合规性。When a compliance policy is deployed to a user, the user's devices are checked for compliance. 若要了解策略部署完成后,移动设备需要多长时间获取策略,请参阅管理设备上的设置和功能To learn about how long it takes for mobile devices to get a policy after the policy is deployed, see Manage settings and features on your devices.

下表列出了合规性策略支持的设备类型。The following table lists the device types that compliance policies support. 该表还说明了结合使用合规性策略和条件访问策略时如何管理非合规性设置。The table also describes how noncompliant settings are managed when a compliance policy is used with a conditional access policy.

策略设置Policy setting Windows 8.1 及更高版本Windows 8.1 and later Windows Phone 8.1 及更高版本Windows Phone 8.1 and later iOS 8.0 及更高版本iOS 8.0 and later Android 4.0 及更高版本Android 4.0 and later
Samsung Knox 标准版 4.0 及更高版本Samsung Knox Standard 4.0 and later
PIN 或密码配置PIN or password configuration 已修正Remediated 已修正Remediated 已修正Remediated 已隔离Quarantined
设备加密Device encryption 不适用Not applicable 已修正Remediated 已修正(通过设置 PIN)Remediated (by setting PIN) 已隔离Quarantined
已越狱或取得 root 权限的设备Jailbroken or rooted device 不适用Not applicable 不适用Not applicable 已隔离(非设置)Quarantined (not a setting) 已隔离(非设置)Quarantined (not a setting)
电子邮件配置文件Email profile 不适用Not applicable 不适用Not applicable 已隔离Quarantined 不适用Not applicable
最低操作系统版本Minimum OS version 已隔离Quarantined 已隔离Quarantined 已隔离Quarantined 已隔离Quarantined
最高操作系统版本Maximum OS version 已隔离Quarantined 已隔离Quarantined 已隔离Quarantined 已隔离Quarantined
Windows 运行状况证明Windows health attestation 已隔离:Windows 10 和 Windows 10 移动版Quarantined: Windows 10 and Windows 10 Mobile

不适用:Windows 8.1Not applicable: Windows 8.1
不适用Not applicable 不适用Not applicable 不适用Not applicable

已修正 = 设备操作系统强制合规性。Remediated = The device operating system enforces compliance. (例如,强制用户设置 PIN。)(For example, the user is forced to set a PIN.)

已隔离 = 设备操作系统不会强制合规性。Quarantined = The device operating system does not enforce compliance. (例如,Android 设备不强制用户加密设备。)当设备不合规时,进行以下操作:(For example, Android devices do not force the user to encrypt the device.) When the devices is not compliant, the following actions take place:

  • 如果条件访问策略应用到用户,则将阻止该设备。The device is blocked if a conditional access policy applies to the user.

  • 公司门户会通知用户任何合规性问题。The company portal notifies the user about any compliance problems.

后续步骤Next steps

创建设备合规性策略Create a device compliance policy

部署和监视设备合规性策略Deploy and monitor a device compliance policy

另请参阅See also

限制对电子邮件和 O365 服务的访问Restrict access to email and O365 services