使用 iOS 移动预配配置文件策略防止你的应用过期Use iOS mobile provisioning profile policies to prevent your apps from expiring

适用于:经典门户中的 IntuneApplies to: Intune in the classic portal
在寻找有关 Azure 门户中 Intune 的文档吗?Looking for documentation about Intune in the Azure portal? 请转到此处Go here.

部署到 iPhone 和 iPad 的 Apple iOS 业务线应用附带已包含的预配配置文件和证书签名的代码。Apple iOS line of business apps that are deployed to iPhones and iPads are built with an included provisioning profile and code that is signed with a certificate. 应用运行时,iOS 将确认 iOS 应用的完整性,并强制实施由预配配置文件定义的策略。When the app is run, iOS confirms the integrity of the iOS app and enforces policies that are defined by the provisioning profile. 发生以下验证:The following validations happen:

  • 安装文件完整性 - iOS 将应用详细信息与企业签名证书的公钥进行比较。Installation file integrity - iOS compares the app's details with the enterprise signing certificate's public key. 如果它们不同,则应用内容可能已经更改,该应用不允许运行。If they differ, the app's content might have changed, and the app will not be allowed to run.
  • 功能强制实施 - iOS 尝试从应用安装 (.ipa) 文件中的企业预配配置文件(而非各开发人员预配配置文件)强制实施应用功能。Capabilities enforcement - iOS attempts to enforce the app's capabilities from the enterprise provisioning profile (not individual developer provisioning profiles) that are in the app installation (.ipa) file.

用于签署应用的企业签名证书通常持续三年。The enterprise signing certificate that you use to sign apps typically lasts for three years. 但是,预配配置文件在 1 年后过期。However, the provisioning profile expires after a year. 使用 Intune 对拥有即将过期(但证书仍然有效)应用的设备主动部署新的预配配文件策略。While the certificate is still valid, Intune gives you the tools to proactively deploy a new provisioning profile policy to devices that have apps that are nearing expiry. 证书过期后,必须使用新证书再次对应用进行签名,并使用新证书的密钥嵌入新的预配配置。After the certificate expires, you must sign the app again with a new certificate and embed a new provisioning profile with the key of the new certificate.

如何知道业务线应用何时过期How to find out when a line of business app will expire

  1. 在“Microsoft Intune 管理控制台”中,选择“应用” > “应用”。In the Microsoft Intune administration console, choose Apps > Apps.
  2. 在应用列表中,查看“到期日期”列以查看应用的到期日期。In the list of apps, look at the Expiration date column to see the expiry date for the app. 你还可以将“筛选器”下拉列表设置为“过期/即将到期”以仅查看你必须采取操作的应用。You can also set the Filters drop-down list to Expired/about to expire to see only the apps for which you must take action.

如何创建 iOS 移动预配配置文件策略How to create an iOS mobile provisioning profile policy

  1. 在“Microsoft Intune 管理控制台”中,选择“策略” > “概述” > “添加策略”。In the Microsoft Intune administration console, choose Policy > Overview > Add Policy.
  2. 在“新建策略”对话框中,选择“iOS” > “移动预配配置文件策略”,然后选择“创建策略”。In the Create a New Policy dialog box, choose iOS > Mobile Provisioning Profile Policy, and then choose Create Policy.
  3. 在“常规”页,配置下列值:On the General page, configure the following values:
    • 命名 - 为该预配配置文件策略提供一个名称。Name - Provide a name for this mobile provisioning profile policy.
    • 说明 -(可选)提供策略的说明。Description - Optionally, provide a description for the policy.
    • 配置文件 - 单击“导入”,然后选择从 Apple 开发人员网站下载的 Apple 移动配置文件(扩展名为 .mobileprovision)。Configuration profile file - Click Import, and then choose an Apple Mobile Configuration Profile file (with the extension .mobileprovision) that you downloaded from the Apple Developer website.
  4. 完成后,选择“保存策略”。When you are done, choose Save Policy.
  5. 现在,将策略部署到所需的 iOS 设备。Now, deploy the policy to the required iOS devices. 有关详细信息,请参阅使用 Microsoft Intune 策略管理设备上的设置和功能For more information, see Manage settings and features on your devices with Microsoft Intune policies.