Microsoft Intune 中的 iOS 策略设置iOS policy settings in Microsoft Intune

适用于:经典门户中的 IntuneApplies to: Intune in the classic portal
在寻找有关 Azure 门户中 Intune 的文档吗?Looking for documentation about Intune in the Azure portal? 请转到此处Go here.

Intune 提供了一系列可在 iOS 设备上进行配置的内置常规设置。Intune supplies a range of built-in general settings that you can configure on iOS devices. 此外,还可使用 Apple Configurator 工具创建 Intune 未提供的自定义设置。Additionally, you can use the Apple Configurator tool to create custom settings that are not available from Intune.

常规配置策略设置General configuration policy settings

使用 Microsoft Intune 的“iOS 常规配置策略”为以下对象配置设置:Use the Microsoft Intune iOS general configuration policy to configure settings for:

  • “一般设备和安全设置”。General device, and security settings. 从预定义设置列表中进行选择,此列表让你可以控制设备上的一系列功能。Choose from a list of predefined settings that let you control a range of features and functionality on the device.

  • “展台模式”。Kiosk mode. 锁定设备为只允许某些功能运行。Lock a device to allow only certain features to work. 例如,你可以让设备只运行一个指定的托管应用,也可以禁用设备上的音量按钮。For example, you can allow a device to run only one managed app that you specify, or you can disable the volume buttons on a device. 这些设置可用于设备的演示模型,也可用于专门执行一个功能的设备(如销售点设备)。These settings might be used for a demonstration model of a device, or a device that is dedicated to performing only one function, such as a point-of-sale device.

  • “相容和不相容的应用”。Compliant and noncompliant apps. 指定公司中相容和不相容的应用的列表。Specify a list of apps that are compliant or not compliant in your company. 在 Android 和 iOS 设备上,“不相容应用报告”可用于查看你在列表中指定的应用对于用户已经安装的应用的相容性(但不能实际阻止应用的安装)。On Android and iOS devices, the Noncompliant Apps Report can be used to view the compliance of apps that you specified in the list against the apps that users have installed (but cannot actually block the installation of the app).


你可以为用户配置条款和条件,确保他们确认其设备上的应用(包括个人应用)将会受到评估,不相容的应用将被阻止或报告为不相容。You can configure terms and conditions for users to ensure that they acknowledge that apps on their device (including personal apps) will be evaluated, and noncompliant apps will be either blocked or reported as noncompliant. 用户必须接受这些条款和条件,然后才能注册其设备并使用公司门户获取应用。Users must accept these terms and conditions before they can enroll their device and use the company portal to get apps. 有关使用条款和条件的详细信息,请参阅 Microsoft Intune 中的条款和条件策略设置For more information about using terms and conditions, see Terms and conditions policy settings in Microsoft Intune.

如果你寻找的设置没有在此主题中出现,你可能可以使用 iOS 自定义策略创建它,通过该策略你可以使用 Apple Configurator 工具导入你创建的设置。If the setting you are looking for does not appear in this topic, you might be able to create it by using an iOS custom policy that lets you import settings you created by using the Apple Configurator tool. 有关详细信息,请参阅本主题后面的“自定义策略设置”。For more information, see "Custom policy settings" later in this topic.

安全设置Security settings

所有设置均适用于 iOS 8.0 及更高版本。All settings apply to iOS 8.0 and later.

设置名称Setting name 详细信息Details
需要密码才可解锁移动设备Require a password to unlock mobile devices 指定用户是否必须输入密码来访问其设备。Specify whether the user is required to enter a password to access their device.
所需的密码类型Required password type 指定需要的密码类型,例如仅限数字或字母数字。Specify the type of password that will be required, such as numeric only or alphanumeric.
密码中所需的复杂字符数Number of complex characters required in password 指定密码中必须包括的符号字符(如#@)数。Specify the number of symbol characters (like # or @) that must be included in the password.
最短密码长度Minimum password length 指定密码中所需的最少字符数。Specify the minimum number of characters in the password.
允许简单密码Allow simple passwords 允许简单密码,例如 00001234Allow simple passwords like 0000 and 1234.
擦除设备前允许的重复登录失败次数Number of repeated sign-in failures to allow before the device is wiped 指定此设置擦除设备前的失败登录尝试次数。Specify the number of failed login attempts before this setting wipes the device.
需要提供密码之前处于非活动状态的分钟数1Minutes of inactivity before password is required1 指定用户必须重新输入密码前设备可以保持空闲状态的时间。Specify how long the device can remain idle before the user must re-enter their password.
密码过期(天数)Password expiration (days) 指定必须更改设备密码前的天数。Specify the number of days before the device password must be changed.
记住密码历史记录Remember password history 指定用户是否可以使用以前用过的密码。Specify whether the user can use passwords that they have previously used.
“记住密码历史记录”“防止重用以前的密码”Remember password historyPrevent reuse of previous passwords 指定设备记住的以前用过的密码数目。Specify the number of previously used passwords that the device remembers.
屏幕关闭前处于非活动状态的分钟数1Minutes of inactivity before screen turns off1 指定设备显示屏关闭之前的分钟数。Specify the number of minutes before the device display is turned off.
允许指纹解锁Allow fingerprint unlock 允许使用指纹解锁设备。Allow using a fingerprint to unlock the device.

1对于 iOS 设备,配置“屏幕关闭前处于非活动状态的分钟数”和“需要提供密码之前处于非活动状态的分钟数”设置时,它们会按顺序应用。1 For iOS devices, when you configure the settings Minutes of inactivity before screen turns off and Minutes of inactivity before password is required, they are applied in sequence. 例如,如果你设置的两个设置的值均为“5”分钟,屏幕在 5 分钟后将自动关闭,然后再过 5 分钟后该设备将锁定。For example, if you set the value for both settings to 5 minutes, the screen will turn off automatically after 5 minutes, and the device will be locked after an additional 5 minutes. 但是,如果用户手动关闭屏幕,第二个设置将立即应用。However, if the user turns off the screen manually, the second setting is immediately applied. 在相同的示例中,用户关闭屏幕后,该设备将在 5 分钟后锁定。In the same example, after the user turns off the screen, the device will lock 5 minutes later.

系统设置System settings

所有设置均适用于 iOS 8.0 及更高版本。All settings apply to iOS 8.0 and later.

设置名称Setting name 详细信息Details
允许屏幕截图Allow screenshot 允许用户以图像形式捕获屏幕内容。Allow the user to capture the contents of the screen as an image.
允许在锁定屏幕中使用控制中心Allow control center in lock screen 允许用户在设备锁定时访问控制中心应用。Allow the user to access the control center app when the device is locked.
允许在锁定屏幕中使用通知视图Allow notification view in lock screen 允许用户在不解锁设备的情况下访问通知视图。Allow the user to access the notifications view without unlocking the device.
允许在锁定屏幕中使用今日视图Allow today view in lock screen 允许用户在设备锁定时查看通知。Allow the user to view notifications when the device is locked.
允许使用不受信任的 TLS 证书Allow untrusted TLS certificates 允许设备使用不受信任的传输层安全性证书。Allow untrusted Transport Layer Security certificates on the device.
允许提交诊断数据Allow diagnostic data submission 允许或阻止设备将诊断数据提交到 Apple。Allow or block the device from submitting diagnostic data to Apple.
允许在锁定时使用 passbookAllow passbook while locked 允许用户在设备锁定时访问 Passbook 应用。Allow the user to access the Passbook app while the device is locked.

文档和数据的云设置Cloud settings for documents and data

所有设置均适用于 iOS 8.0 及更高版本。All settings apply to iOS 8.0 and later.

设置名称Setting name 详细信息Details
允许备份到 iCloudAllow backup to iCloud 允许用户将设备备份到 iCloud。Allow the user to back up the device to iCloud.
允许将文档与 iCloud 同步Allow document sync to iCloud 允许将文档和键值同步到 iCloud 存储空间。Allow document and key-value synchronization to your iCloud storage space.
允许将照片流与 iCloud 同步Allow Photo Stream sync to iCloud 允许用户在其设备上启用“我的照片流”,该操作可将照片同步到 iCloud 并在所有用户设备上使用。Lets users enable My Photo Stream on their device which allow photos to sync to iCloud and be available on all the users devices.
需要加密的备份Require encrypted backup 需要将任何设备备份进行加密。Require any device backups to be encrypted.
允许托管应用将数据同步到 iCloudAllow managed apps to sync data to iCloud 允许你使用 Intune 管理的应用将数据同步到用户的 iCloud 帐户。Allow apps that you manage with Intune to sync data to the user's iCloud account.
允许 Handoff 在另一台设备上继续活动Allow Handoff to continue activities on another device 允许用户在一台 iOS 或 Mac OS X 设备上继续进行在另一台 iOS 设备上开始的工作。Allow the user to continue work that they started on an iOS device on another iOS or Mac OS X device.
允许 iCloud 照片共享Allow iCloud Photo Sharing 将其设置为“否”以在设备上禁用“iCloud 照片共享”。Set to No to disable iCloud Photo Sharing on the device.
允许 iCloud 照片库Allow iCloud Photo Library 如果设置为“否”,则会禁用可供用户在云中存储照片和视频的 iCloud 照片库。If set to No, disables the use of iCloud photo library which lets users store photos and videos in the cloud. 如果将其设置为“否”,则从设备中删除尚未从 iCloud 照片库完全下载到设备的所有照片。Any photos not fully downloaded from iCloud Photo Library to the device will be removed from the device if this is set to No.

浏览器的应用程序设置Application settings for the browser

所有设置均适用于 iOS 8.0 及更高版本。All settings apply to iOS 8.0 and later.

设置名称Setting name 详细信息Details
允许使用 SafariAllow Safari 指定是否可以在设备上使用 Safari 浏览器。Specify whether the Safari browser can be used on the device.
允许自动填充Allow autofill 允许用户更改浏览器中的自动完成设置。Allow the user to change autocomplete settings in the browser.
允许使用弹出窗口阻止程序Allow pop-up blocker 启用或禁用浏览器弹出窗口阻止程序。Enable or disable the browser pop-up blocker.
允许使用 CookieAllow cookies 允许浏览器使用 Cookie。Allow the browser to use cookies.
允许使用 Java 脚本Allow Java scripting 允许在浏览器中运行 Java 脚本。Allow Java scripts to run in the browser.
允许使用欺诈警告Allow fraud warning 允许在浏览器中使用欺诈警告。Allow fraud warnings in the browser.

应用的应用程序设置Application settings for apps

所有设置均适用于 iOS 8.0 及更高版本。All settings apply to iOS 8.0 and later.

设置名称Setting name 详细信息Details
允许安装应用Allow installing apps 允许设备访问应用商店和安装应用。Allow the device to access the app store and install apps.
需要提供密码来访问应用程序商店Require a password to access application store 要求用户输入密码后才能访问应用商店。Require the user to enter a password before they can visit the app store.
允许应用内购买Allow in-app purchases 允许在运行的应用中产生应用商店购买行为。Allow store purchases to be made from within a running app.
允许在其他非托管应用中使用托管文档Allow managed documents in other unmanaged apps 允许在任何应用中查看公司文档。Allow corporate documents to be viewed in any app.
**示例:**你想要防止用户将文件从 OneDrive 应用保存到 Dropbox。Example: You want to prevent users from saving files from the OneDrive app to Dropbox. 将此设置配置为“否”。Configure this setting as no. 设备收到策略后(例如在重启后),将不再允许保存。After the device receives the policy (for example, after a restart), it will no longer allow saving.
允许在其他托管应用中使用非托管文档Allow unmanaged documents in other managed apps 允许在公司托管的应用中查看任何文档。Allow any document to be viewed in corporate managed apps.
允许视频会议Allow video conferencing 允许在设备上使用视频会议应用,如 FaceTime。Allow video conferencing apps such as FaceTime on the device.
允许用户信任新的企业应用的作者Allow the user to trust new enterprise app authors 允许用户选择信任不是从应用商店下载的应用。Lets the user select to trust apps that were not downloaded from the app store.

游戏的应用程序设置Application settings for games

所有设置均适用于 iOS 8.0 及更高版本。All settings apply to iOS 8.0 and later.

设置名称Setting name 详细信息Details
允许添加游戏中心好友Allow adding Game Center friends 允许用户在游戏中心添加好友。Allow the user to add friends in Game Center.
允许多玩家游戏Allow multiplayer gaming 允许用户在设备上玩多玩家游戏。Allow the user to play multiplayer games on the device.

媒体内容的应用程序设置Application settings for media content

所有设置均适用于 iOS 8.0 及更高版本。All settings apply to iOS 8.0 and later.

设置名称Setting name 详细信息Details
分级区域Ratings region 选择区域,然后选择用户可以下载电影电视节目应用的最大分级。Select a region, then select the maximum rating that users can download for Movies, TV Shows and Apps.
允许媒体存储中有成人内容Allow adult content in media store 允许设备访问存储中认定为成人的内容。Allow the device to access content rated as adult from the store.
允许用户从标记为“Erotica”的 iBook 商店下载内容Allow the user to download content from the iBook store flagged as 'Erotica' 允许用户下载类别为“成人作品”的书籍。Allow the user to download books with the "Erotica" category.

硬件的设备性能设置Device capabilities settings for hardware

所有设置均适用于 iOS 8.0 及更高版本。All settings apply to iOS 8.0 and later.

设置名称Setting name 详细信息Details
允许照相机Allow camera 指定是否可以使用设备上的照相机。Specify whether the camera on the device can be used.
强制已配对的 Apple Watch 使用手腕检测Force paired Apple Watches to use wrist detection 启用后,Apple Watch 在未穿戴时不会显示通知。When enabled, the Apple Watch won't display notifications when it is not being worn.
要求提供配对密码来传出 AirPlay 请求Require a pairing password for outgoing AirPlay requests 当用户使用 AirPlay 将内容流式传输到其他 Apple 设备时,需要提供配对密码。Require a pairing password when the user uses AirPlay to stream content to other Apple devices.

手机网络的设备性能设置Device capabilities settings for cellular

所有设置均适用于 iOS 8.0 及更高版本。All settings apply to iOS 8.0 and later.

设置名称Setting name 详细信息Details
允许语音漫游Allow voice roaming 当设备在移动电话网络中时允许语音漫游。Allow voice roaming when the device is on a cellular network.
允许数据漫游Allow data roaming 当设备在移动电话网络中时允许数据漫游。Allow data roaming when the device is on a cellular network.
允许漫游时进行全局后台获取Allow global background fetch while roaming 允许当设备在移动电话网络漫游时提取数据,例如电子邮件。Allow the device to fetch data such as email while it is roaming on a cellular network.

功能的设备性能设置Device capabilities settings for features

所有设置均适用于 iOS 8.0 及更高版本。All settings apply to iOS 8.0 and later.

设置名称Setting name 详细信息Details
允许使用 SiriAllow Siri 允许在设备上使用 Siri 语音助手。Allow use of the Siri voice assistant on the device.
允许在设备锁定时使用 SiriAllow Siri while device is locked 允许在设备锁定时使用 Siri 语音助手。Allow use of the Siri voice assistant on the device while it is locked.
允许语音拨号Allow voice dialing 允许在设备上使用语音拨号功能。Allow use of the voice dialing feature on the device.
不允许托管应用使用 AirdropDo not allow Airdrop from managed apps 停止托管应用通过 Airdrop 发送数据的功能Stops managed apps from being able to send data via. Airdrop.

相容和不相容应用的设置Settings for compliant and noncompliant apps

在“相容和不相容应用”列表中,使用以下信息指定相容或不相容应用列表。In the Compliant & Noncompliant Apps list, specify a list of compliant or noncompliant apps by using the following information.


单个策略只能包含一个相容应用列表或一个不相容应用列表。A single policy can contain only a list of compliant apps or a list of noncompliant apps. 不能在同一策略中同时指定两个列表。You cannot specify both in the same policy.

设置名称Setting name 详细信息Details
用户安装列出的应用时报告不相容情况Report noncompliance when users install the listed apps 列出用户不得安装和运行的应用(未由 Intune 托管)。List the apps (not managed by Intune) that users are not allowed to install and run.
用户安装未列出的应用时报告不合规性Report noncompliance when users install apps which are not listed 列出允许用户安装的应用。List the apps that users are allowed to install. 为了保持相容状态,用户不得安装未列出的应用。To remain compliant, users must not install apps that are not listed. 自动允许由 Intune 托管的应用。Apps that are managed by Intune are automatically allowed.
添加Add 将应用添加到选定的列表。Add an app to the selected list. 在应用商店中指定你选择的名称(可选择使用应用发布者)和应用的 URL。Specify a name of your choice, optionally the app publisher, and the URL to the app in the app store. 若要获取更多帮助,请参阅本主题后面的“如何指定应用商店的 URL”。Read "How to specify URLs to app stores" later in this topic for more help.
导入应用Import Apps 导入你已在逗号分隔值文件中指定的应用列表。Import a list of apps you have specified in a comma-separated values file. 在文件中使用此格式:应用程序名称、发布者和应用 URL。In the file, use this format: application name, publisher, app URL.
编辑Edit 编辑选定应用的名称、发布者和 URL。Edit the name, publisher, and URL of the selected app.
删除Delete 从列表中删除选定的应用。Delete the selected app from the list.

必须将包含合规和不合规应用设置的策略部署到用户组。Policies containing compliant and noncompliant app settings must be deployed to groups of users.

展台模式设置Kiosk mode settings

设置名称Setting name 详细信息Details
选择当设备处于展台模式时允许运行的托管应用Select a managed app that will be allowed to run when the device is in kiosk mode 选择“浏览”,然后指定当设备处于展台模式时允许运行的托管应用或来自商店的应用。Choose Browse, and then specify the managed app or app from a store that will be allowed to run when the device is in kiosk mode. 不允许在设备上运行其他应用。No other apps will be allowed to run on the device. 若要获取更多帮助,请参阅本主题后面的“如何指定应用商店的 URL”。For more help, see "How to specify URLs to app stores" later in this topic.
允许触摸Allow touch 启用或禁用设备上的触摸屏。Enable or disable the touchscreen on the device.
允许屏幕旋转Allow screen rotation 启用或禁用在用户旋转设备时更改屏幕方向。Enable or disable changing the screen orientation when the user rotates the device.
允许使用音量按钮Allow volume buttons 启用或禁用设备上的音量按钮。Enable or disable the use of the volume buttons on the device.
允许使用响铃开关Allow ringer switch 启用或禁用设备上的响铃(静音)开关。Enable or disable the ringer (mute) switch on the device.
允许使用屏幕睡眠唤醒按钮Allow screen sleep wake button 启用或禁用设备上的屏幕睡眠唤醒按钮。Enable or disable the screen sleep wake button on the device.
允许自动锁定Allow auto lock 启用或禁用设备的自动锁定。Enable or disable automatic locking of the device.
启用单声道音频Enable mono audio 启用或禁用“单声道音频”辅助功能设置。Enable or disable the accessibility setting Mono audio.
启用语音朗读Enable voice over 启用或禁用“VoiceOver”辅助功能设置,它能朗读设备上显示的文本。Enable or disable the accessibility setting VoiceOver, which reads aloud text on the device display.
启用语音朗读调整Enable voice over adjustments 启用或禁用语音朗读调整,它允许用户调整 VoiceOver 功能(例如,屏幕上文本的朗读速度)。Enable or disable voiceover adjustments, which let the user adjust the VoiceOver function (for example, how fast on-screen text is read aloud).
启用缩放Enable zoom 启用或禁用“缩放”辅助功能设置,它允许用户通过触摸来缩放设备显示。Enable or disable the Zoom accessibility setting, which lets the user use touch to zoom in to the device display.
启用缩放调整Enable zoom adjustments 启用或禁用缩放调整,它允许用户调整缩放功能。Enable or disable zoom adjustments, which let the user adjust the zoom function.
启用反转颜色Enable invert colors 启用或禁用“反转颜色”辅助功能设置,它可调整显示效果以帮助有视觉障碍的用户。Enable or disable the Invert Colors accessibility setting, which adjusts the display to help users with visual impairments.
启用反转颜色调整Enable invert colors adjustments 启用或禁用反色调整,它允许用户调整反转颜色功能。Enable or disable invert colors adjustments, which let the user adjust the invert colors function.
启用辅助触摸Enable assistive touch 启用或禁用“辅助触摸”辅助功能设置,它可帮助用户执行可能难以执行的屏幕手势。Enable or disable the Assistive Touch accessibility setting, which helps the user perform on-screen gestures that might be difficult for them to perform.
启用辅助触摸调整Enable assistive touch adjustments 启用或禁用辅助触摸调节,它允许用户调节辅助触摸功能。Enable or disable assistive touch adjustments, which let the user adjust the assistive touch function.
启用朗读选项Enable speech selection 启用或禁用“朗读所选项”辅助功能设置,它可朗读用户选择的文本。Enable or disable the Speak Selection accessibility settings, which can read aloud the text that the user selects.


以下说明适用于 iOS 设备的展台模式设置:The following notes apply to kiosk mode settings for iOS devices:

  • 必须使用 Apple 配置器工具Apple 设备注册程序将设备置于监管模式后才能为 iOS 设备配置展台模式。Before you can configure an iOS device for kiosk mode, you must use the Apple Configurator tool or the Apple Device Enrollment Program to put the device into supervised mode. 有关 Apple Configurator 工具的详细信息,请参阅 Apple 文档。For more information about the Apple Configurator tool, see your Apple documentation.
  • 如果在部署配置策略之后安装指定的 iOS 应用,则设备将在重启后才会进入展台模式。If the iOS app that you specify is installed after you deploy the configuration policy, the device will not enter kiosk mode until after it is restarted.

相容和不相容应用的参考信息Reference information for compliant and noncompliant apps

使用“不相容应用报告”查看允许和阻止的应用的相容性。Use the Noncompliant Apps Report to view the compliance of allowed and blocked apps.

运行不相容应用报告To run the Noncompliant Apps Report
  1. Microsoft Intune 管理控制台中,选择“报告”>“不合规应用报告”。In the Microsoft Intune administration console, choose Reports > Noncompliant Apps Report.

  2. 选择你想要检查的设备组,选择要检查相容应用还是不相容应用,或是同时检查两者,然后选择“查看报告”。Select the device groups that you want to check, select whether you want to check for compliant apps, noncompliant apps, or both, and then choose View Report.

如何指定应用商店的 URLHow to specify URLs to app stores

要在相容和不相容应用列表中或在“选择一个在设备处于展台模式时能够运行的托管应用”选项(仅限 iOS)中指定一个应用 URL,请使用以下格式:To specify an app URL in the compliant and noncompliant apps list, or in the Select a managed app that will be allowed to run when the device is in kiosk mode option (iOS only), use the following format:

  1. 使用搜索引擎,查找你想在 iTunes 应用商店中使用的应用并打开该应用的页面。Using a search engine, find the app that you want to use in the iTunes App Store and open the page for the app.

  2. 复制页面的 URL,并使用此 URL 配置的符合或不符合要求的应用列表或你想要在展台模式下运行的应用。Copy the URL of the page and use this as the URL to configure the compliant or noncompliant apps list or the app that you want to run in kiosk mode.

**示例:**搜索 Microsoft Word for iPadExample: Search for Microsoft Word for iPad. 将要使用的 URL 为。The URL that you use will be


你还可以使用 iTunes 软件查找应用程序,然后使用“复制链接” 命令获取应用的 URL。You can also use the iTunes software to find the app and then use the Copy Link command to get the app URL.

注册设置Enrollment settings

所有设置均适用于 iOS 8.0 及更高版本。All settings apply to iOS 8.0 and later.

设置名称Setting name 详细信息Details
设备处于监督模式时允许激活锁定Allow Activation Lock when the device is in supervised mode 在已监督的 iOS 设备上启用激活锁定。Enable Activation Lock on supervised iOS devices.

监督模式设置Supervised mode settings

可以在运行 iOS 8.0 及更高版本的处于监督模式的设备上配置以下设置。You can configure the following settings on devices running iOS 8.0 and later that are in supervised mode.

设备限制的监督模式设置Supervised mode settings for device restrictions

设置名称Setting name 详细信息Details
允许帐户修改Allow account modification 允许用户更改帐户设置,如电子邮件配置。Allow the user to change account settings such as email configurations.
允许对应用的移动电话网络数据使用设置进行更改Allow changes to app cellular data usage settings 允许用户控制允许哪些应用使用移动电话网络数据。Allow the user to control which apps are allowed to use cellular data.
允许擦除设备上的所有内容和设置选项Allow the use of the erase all content and settings option on the device 允许用户使用擦除设备上的所有内容和设置的选项。Allow the user to use the option of erasing all content and settings on the device.
允许用户在设备设置中启用限制Allow the user to enable restrictions in the device settings 允许用户在设备上配置设备限制(家长控制)。Allow the user to configure device restrictions (parental controls) on the device.
允许主机配对控制 iOS 设备可与之配对的设备Allow host pairing to control the devices an iOS device can pair with 允许主机配对,以使管理员能够控制 iOS 设备可与之配对的设备。Allow host pairing to let the administrator control which devices an iOS device can pair with.
允许用户安装配置文件和证书Allow the user to install configuration profiles and certificates 允许用户安装配置文件和证书。Allow the user to install configuration profiles and certificates.
允许修改设备名称Allow device name modification 允许用户更改设备的名称。Allow the user to change the name of the device.
允许修改密码Allow passcode modification 允许添加、更改或删除设备密码。Allow the device password to be added, changed, or removed.
允许 Apple Watch 配对Allow Apple Watch pairing 允许设备与 Apple Watch 配对。Allow the device to pair with an Apple Watch.
允许修改通知设置Allow notification settings modification 允许用户更改设备通知设置。Allow the user to change the device notification settings.
允许修改壁纸Allow wallpaper modification 允许用户更改设备壁纸。Allow the user to change the device wallpaper.

功能限制的监督模式设置Supervised mode settings for feature restrictions

设置名称Setting name 详细信息Details
允许 AirDropAllow AirDrop 允许使用 AirDrop 功能,以与附近的设备相互传输内容。Allow use of the AirDrop feature to exchange content with nearby devices.
允许 Siri 从 Internet 查询用户生成的内容Allow Siri to query user-generated content from the Internet 允许 Siri 访问网站来回答问题。Allow Siri to access websites to answer questions.
使用 Siri 猥亵语言筛选器Use Siri profanity filter 防止 Siri 听写或说出猥亵语言。Prevents Siri from dictating, or speaking profane language.
允许 Spotlight 搜索从 Internet 返回结果Allow Spotlight search to return results from the Internet 允许 Spotlight 搜索连接到 Internet 以提供进一步结果。Let Spotlight search connect to the Internet to provide further results.
允许查找单词定义Allow word definition lookup 允许 iOS 功能,它允许突出显示某个字词并查找其定义。Allow the iOS feature that lets you highlight a word and look up it's definition.
允许使用预测键盘Allow predictive keyboards 允许使用预测键盘,它会建议用户可能想要使用的字词。Allow the use of predictive keyboards that suggest words the user might want.
允许自动更正Allow auto-correction 让设备自动更正拼写错误的词。Lets the device automatically correct misspelled words.
允许键盘拼写检查Allow keyboard spell-check 允许设备拼写检查程序。Allows the device spell checker.
允许键盘快捷方式Allow keyboard shortcuts 允许使用键盘快捷方式。Allows use of keyboard shortcuts.

应用限制的监督模式设置Supervised mode settings for app restrictions

设置名称Setting name 详细信息Details
允许修改企业应用的信任设置Allow enterprise app trust settings modification 让用户更改企业应用的信任设置。Lets users change the trust settings for enterprise apps.
仅允许使用 Apple 配置和 iTune 来安装应用Allow installing apps using Apple Configuration and iTunes only 从设备主屏幕启用或禁用 App Store。Enables or disables the App Store from the device home screen. 用户仍可使用 iTunes 或 Apple 配置器工具安装和更新应用。Users can still use iTunes, or the Apple Configurator tool to install and update apps.
允许自动下载应用Allow automatic app downloads 允许将在其他设备上购买的应用自动下载到此设备。Allow apps purchased on other devices to automatically download to this device. 此设置不会影响应用更新。This setting does not affect app updates.
允许对“查找我的好友”应用设置进行更改Allow changes to the Find My Friends app settings 允许用户更改“查找我的好友”应用的设置。Allow the user to change settings for the Find My Friends app.
允许访问 iBooks 商店Allow access to the iBooks store 允许用户从 iBooks 商店浏览和购买书籍。Allow the user to browse and purchase books from the iBooks store.
允许在设备上使用“邮件”应用Allow use of the Messages app on the device 允许使用“邮件”应用发送短信。Allow use of the Messages app to send text messages.
允许使用播客Allow use of Podcasts 允许使用播客应用。Allow use of the Podcasts app.
允许使用音乐服务Allow use of Music service 允许使用 Apple 音乐应用。Allow use of the Apple Music app.
允许 iTunes Radio 服务Allow iTunes Radio service 允许使用 iTune Radio 应用。Allow use of the iTunes Radio app.
允许 Apple 新闻Allow Apple News 允许使用 Apple 新闻应用。Allow use of the Apple News app.
允许游戏中心Allow Game Center 允许使用 Game Center 应用。Allow use of the Game Center app.

显示或隐藏应用Show or Hide Apps

使用“隐藏和显示应用列表”在运行 iOS 9.3 或更高版本的已监督设备上控制以下方面:Use the Hidden and shown apps list to control the following on supervised devices running iOS 9.3 or later:

  • 指定对用户隐藏的应用列表。Specify a list of apps that will be hidden from users. 用户无法查看,或启动这些应用。Users cannot view, or launch these apps.
  • 指定用户可以查看和启动的应用列表。Specify a list of apps that users can view and launch. 无法查看或启动其他应用。No other apps can be viewed or launched.

如何创建隐藏或显示的应用列表How to create a hidden or shown app list

指定以下设置:Specify the following settings:

设置名称Setting name 详细信息Details
隐藏和显示的应用列表Hidden and shown apps list 如果想要创建的隐藏或显示的应用列表,请启用此设置。Enable this setting if you want to create a hidden, or shown apps list.
向用户隐藏列出的应用Hide the listed apps from users 如果想要创建向用户隐藏的应用列表,请选择此选项。Select this option if you want to create a list of apps that will be hidden from users.
创建这种列表类型时,除了 iOS 设置电话(适用于 iPhone)应用外,其他的所有应用都处于隐藏状态。When you create this list type, all apps except for the iOS Settings and Phone (for iPhones) apps can be hidden.
仅向用户显示列出的应用Show only the listed apps to users 如果想要创建向用户显示的应用列表,请选择此选项。Select this option if you want to create a list of apps that are displayed to users.
创建这种列表类型时,除了 iOS 设置电话(适用于 iPhone)应用外,其他的所有应用都处于隐藏状态。When you create this list type, all other apps except for the iOS Settings and Phone (for iPhones) apps are hidden.
此外,必须将公司门户和任何已部署且使用 Intune 管理的应用添加到列表。Additionally, you must add the Company Portal, and any apps you have deployed, and manage with Intune to the list.
添加Add 将应用添加到选定的列表。Adds an app to the selected list.
对于隐藏列表,必须为要隐藏的每个应用指定名称发布者应用 URL 或捆绑 IDFor the hidden list, you must specify the Name, Publisher, and App URL or Bundle ID of each app you want to hide.
对于显示的列表中,可以选择托管应用,它为你提供要从中选择使用 Intune 托管的应用列表,或选择应用商店应用,此后必须为要显示的每个应用指定名称发布者应用 URL 或捆绑 IDFor the shown list, you can either Select a managed app which gives you a list of apps you manage with Intune to select from, or Select a store app, after which you must specify the Name, Publisher, and App URL or Bundle ID of each app you want to display.
导入应用Import Apps 导入你已在逗号分隔值文件中指定的应用列表。Imports a list of apps you have specified in a comma-separated values file. 在文件中使用格式、应用程序名称、发布者和应用 URL。Use the format, application name, publisher, app URL in the file.
编辑Edit 允许你编辑选定应用的名称、发布者和 URL。Let’s you edit the name, publisher and URL of the selected app.
删除Delete 从列表中删除选定的应用。Deletes the selected app from the list.

内置 iOS 应用的应用信息App information for built-in iOS apps

使用此列表中的信息识别想要显示或隐藏的内置 iOS 应用的名称、发布者和捆绑 ID。Use the information in this list to identify the name, publisher, and bundle ID of the built-in iOS apps that you might want to show or hide. 如果想要显示或隐藏列表中的所有应用,可以将下面的数据复制到扩展名为 .csv 的文本文件中,然后使用“导入应用”选项同时导入所有应用。If you want to show or hide all of the apps in the list, you can copy the data below into a text file with the extension .csv, then use the Import Apps option to import all of the apps simultaneously.

,,App Store,Apple
,,Find Friends,Apple
,,Find iPhone,Apple
,,Game Center,Apple
,,iTunes Store,Apple
,,iTunes U,Apple
,,Photo Booth,Apple

自定义策略设置Custom policy settings

使用 Microsoft Intune 的“iOS 自定义策略”将使用 Apple Configurator 工具创建的设置部署到 iOS 设备。Use the Microsoft Intune iOS custom policy to deploy settings that you created by using the Apple Configurator tool to iOS devices. 使用此工具可以创建控制这些设备的操作的许多设置,并将其导出到配置描述文件中。This tool lets you create many settings that control the operation of these devices and export them to a configuration profile. 然后可将此配置文件导入到 Intune iOS 自定义策略并将这些设置部署到组织中的用户和设备。You can then import this configuration profile into an Intune iOS custom policy and deploy the settings to users and devices in your organization.

此功能允许你部署不能与 Intune 常规配置策略一起配置的 iOS 设置。This capability allows you to deploy iOS settings that are not configurable with Intune general configuration policies.


在开始之前,必须已安装了 Apple Configurator并创建了包含需部署到用户或设备的设置的配置文件。Before you start, you must have installed the Apple Configurator and created a configuration file that contains the settings that you want to deploy to users or devices. 可从 Mac 应用商店下载和了解 Apple Configurator。You can download and learn about the Apple Configurator from the Mac App Store.


Intune 不会报告 iOS 自定义策略中各个设置的合规性。Intune does not report the compliance of individual settings in an iOS custom policy. 但会报告策略的总体合规性。However, the overall compliance of the policy is reported.

常规设置General settings

设置名称Setting name 详细信息Details
名称Name 输入 iOS 自定义策略的唯一名称,以帮助你在 Intune 控制台中识别它。Enter a unique name for the iOS custom policy to help you identify it in the Intune console.
描述Description 提供对 iOS 自定义策略的概述以及可帮助你查找它的其他相关信息。Provide a description that gives an overview of the iOS custom policy and other relevant information that helps you to locate it.

自定义设置Custom settings

设置名称Setting name 详细信息Details
自定义配置的配置文件名称(对用户显示)Custom configuration profile name (displayed to users) 提供策略的名称,该名称将显示在设备上以及 Intune 策略报告中。Provide a name for the policy as it will be displayed on the device, and in Intune policy reports.
配置的配置文件Configuration profile file 选择“导入”,然后浏览到使用 Apple Configurator 创建的配置文件。Choose Import, and then browse to the configuration profile that you created by using the Apple Configurator. **注意:**确保从 Apple Configurator 工具导出的设置在要部署 iOS 自定义策略的设备上与 iOS 版本兼容。Note: Ensure that the settings you export from the Apple Configurator tool are compatible with the version of iOS on the devices to which you deploy the iOS custom policy. 有关如何解析不兼容的设置的信息,可搜索 Apple 开发人员网站上的“配置描述文件参考”和“移动设备管理协议参考”。For information about how incompatible settings are resolved, search for Configuration Profile Reference and Mobile Device Management Protocol Reference on the Apple Developer website.
配置的配置文件详细信息Configuration profile details 显示导入的配置文件的 XML 代码。Display the XML code for the configuration profile that you imported.

另请参阅See also

使用 Microsoft Intune 策略管理设备上的设置和功能Manage settings and features on your devices with Microsoft Intune policies