Microsoft Intune 中适用于 iOS 设备的合规性策略设置Compliance policy settings for iOS devices in Microsoft Intune

适用于:经典控制台中的 IntuneApplies to: Intune in the classic console
正在查找有关 Azure 中的 Intune 的文档?Looking for documentation about Intune on Azure? 请转到此处Go here.

本主题中描述的策略设置适用于运行 iOS 8.0 及更高版本的设备。The policy settings described in this topic apply to devices running iOS 8.0 and later.

如果你要查找有关其他平台的信息,请选择以下选项之一:If you are looking for information about other platforms, select one of the following:

系统安全设置System security settings


  • 需要密码才可解锁移动设备:将此选项设置为“是”,要求用户在访问其设备之前输入密码。Require a password to unlock mobile devices: Set this to Yes to require the user to enter a password before they can access their device. 使用密码的 iOS 设备已加密。iOS devices that use a password are encrypted.

  • 允许简单密码:将此选项设置为“是”,允许用户创建简单密码,如“1234”或“1111”。Allow simple passwords: Set this to Yes to let the user create a simple password like 1234 or 1111.

  • 最短密码长度:指定用户密码必须包含的最小位数或最小字符数。Minimum password length: Specify the minimum number of digits or characters that the user’s password must have.

  • 所需的密码类型:指定用户必须创建“字母数字”密码还是“数字”密码。Required password type: Specify whether the user must create an Alphanumeric password or a Numeric password.

  • 最小字符集数:如果将“所需的密码类型”设置为“字母数字”,请使用此设置指定密码必须具有的最小字符集数。Minimum number of character sets: If you set Required password type to Alphanumeric, use this setting to specify the minimum number of character sets that the password must have. 四个字符集为:The four character sets are:

    • 小写字母Lowercase letters
    • 大写字母Uppercase letters
    • 符号Symbols
    • 数字Numbers

    设置的数字越大,要求用户创建的密码越复杂。Setting a higher number will require the user to create a password that is more complex.

    对于 iOS 设备,此设置是指必须包括在密码中的特殊字符数(例如 !#&)。For iOS devices, this setting refers to the number of special characters (for example, !, #, &) that must be included in the password.

  • 要求提供密码之前的非活动分钟数:指定用户必须重新输入其密码前的空闲时间。Minutes of inactivity before password is required: Specify the idle time before the user must reenter their password.

  • 密码过期(天):选择用户密码过期之前的天数,然后必须创建一个新的密码。Password expiration (days): Select the number of days before the user’s password expires and they must create a new one.

  • 记住密码历史记录:将此设置与“防止重用旧密码”结合使用,限制用户使用以前创建的密码。Remember password history: Use this setting in conjunction with Prevent reuse of previous passwords to restrict the user from creating previously used passwords.

  • 防止重用以前的密码:如果选择了“记住密码历史记录”,请指定不能重用的以前用过的密码数。Prevent reuse of previous passwords: If you selected Remember password history, specify the number of previously used passwords that cannot be reused.

  • 设备从空闲状态返回时需要密码:与“要求提供密码之前的非活动分钟数”设置一起使用此设置。Require a password when the device returns from an idle state: Use this setting together with the in the Minutes of inactivity before password is required setting. 设备在“要求提供密码之前的非活动分钟数”设置指定的时间内处于非活动状态时,将提示用户输入密码才能访问设备。The user is prompted to enter a password to access a device that has been inactive for the time specified in the Minutes of inactivity before password is required setting.

电子邮件配置文件Email profile

  • 必须由 Intune 管理电子邮件帐户:如果该选项设置为“是”,则设备必须使用部署到设备的电子邮件配置文件。Email account must be managed by Intune: When this option is set to Yes, the device must use the email profile deployed to the device. 在以下情况中设备被视为不符合要求:The device is considered noncompliant in the following situations:

    • 电子邮件配置文件部署到合规性策略目标外的用户组。The email profile is deployed to a user group other than the user group that the compliance policy targets.
    • 用户已在设备上设置了电子邮件帐户,且该帐户与部署到该设备的 Intune 电子邮件配置文件相匹配。The user has already set up an email account on the device that matches the Intune email profile deployed to the device. Intune 不能覆盖用户设置的配置文件,因此无法管理它。Intune cannot overwrite the user-provisioned profile, and therefore cannot manage it. 若要确保合规性,用户必须删除现有电子邮件设置。To ensure compliance, the user must remove the existing email settings. 然后,Intune 可以安装托管的电子邮件配置文件。Then, Intune can install the managed email profile.
  • 选择必须由 Intune 管理的电子邮件配置文件:如果选择了“必须由 Intune 管理电子邮件帐户”设置,请选择“选择”以指定 Intune 电子邮件配置文件。Select the email profile that must be managed by Intune: If the Email account must be managed by Intune setting is selected, choose Select to specify the Intune email profile. 电子邮件配置文件必须存在于设备上。The email profile must be present on the device.

    有关电子邮件配置文件的详细信息,请参阅通过 Microsoft Intune 使用电子邮件配置文件配置对公司电子邮件的访问For details about email profiles, see Configure access to corporate email using email profiles with Microsoft Intune.

设备运行状况设置Device health settings

  • 设备不得越狱或取得 root 权限:如果启用此设置,已越狱的设备将不符合要求。Device must not be jailbroken or rooted: If you enable this setting, jailbroken devices will not be compliant.

设备属性Device properties

  • 所需的最低操作系统版本:设备不满足最低操作系统版本要求时,它将被报告为不符合要求。Minimum OS required: When a device does not meet the minimum OS version requirement, it is reported as noncompliant. 将显示一个链接,链接中包含有关如何升级的信息。A link with information on how to upgrade appears. 用户可以选择升级其设备。The user can choose to upgrade their device. 然后可访问公司资源。After that, they can access company resources.

  • 允许的最高 OS 版本:设备使用的 OS 版本高于规则中指定的版本时,将阻止访问公司资源,并要求用户联系其 IT 管理员。Maximum OS version allowed: When a device is using an OS version later than the one specified in the rule, access to company resources is blocked and the user is asked to contact their IT admin. 除非变更规则以允许该操作系统版本,否则该设备将不能用于访问公司资源。Until there is a change in rule to allow the OS version, this device cannot be used to access company resources.

要提交产品反馈,请访问 Intune Feedback