Microsoft Intune 中的 Mac OS X 配置策略设置Mac OS X configuration policy settings in Microsoft Intune

适用于:经典门户中的 IntuneApplies to: Intune in the classic portal
在寻找有关 Azure 门户中 Intune 的文档吗?Looking for documentation about Intune in the Azure portal? 请转到此处Go here.

Intune 提供了一系列可在 Mac OS X 设备上进行配置的内置常规设置。Intune supplies a range of built-in general settings that you can configure on Mac OS X devices. 此外,还可使用 Apple Configurator 工具创建 Intune 未提供的自定义设置。Additionally, you can use the Apple Configurator tool to create custom settings that are not available from Intune.

常规配置策略设置General configuration policy settings

使用 Microsoft Intune 的“Mac OS X 常规配置策略”为以下对象配置设置:Use the Microsoft Intune Mac OS X general configuration policy to configure settings for:

  • “设备安全设置”。Device security settings. 从预定义设置列表中进行选择,此列表让你可以控制设备上的一系列功能。Choose from a list of predefined settings that let you control a range of features and functionality on the device.

  • “相容和不相容的应用”。Compliant and noncompliant apps. 指定公司中相容和不相容的应用的列表。Specify a list of apps that are compliant or not compliant in your company. “不相容应用报告”可用于查看你在列表中指定的应用对于用户已安装的应用的相容性(但不能实际阻止应用的安装)。The Noncompliant Apps Report can be used to view the compliance of apps that you specified in the list against the apps that users have installed (but cannot actually block the installation of the app).

如果此列表中未显示你正在寻找的设置,你或许能够使用 Mac OS X 自定义策略创建它,该策略让你能够使用“Apple Configurator 工具”导入所创建的设置。If the setting you are looking for does not appear in this list, you might be able to create it by using a Mac OS X custom policy that lets you import settings you created by using the Apple Configurator tool. 有关详细信息,请参阅本主题后面的“自定义策略设置”。For more information, see "Custom policy settings" later in this topic.

密码设置Password settings

设置名Setting name 详细信息Details
需要密码才能解锁设备Require a password to unlock devices 指定用户是否必须使用密码才可访问其 Mac 计算机。Specify whether the user must use a password to access their Mac computer. 重要提示:与 iOS 设备不同,在 Mac OS X 设备上,不会立即通知用户更新其密码来符合此设置。Important: Unlike iOS devices, on Mac OS X devices, the user is not immediately notified to update their password to comply with this setting.
所需的密码类型Required password type 指定密码是否可以仅由数值组成,还是必须为字母数字(包含字母和数字)。Specify whether the password can be Numeric only, or whether it must be Alphanumeric (contain letters and numbers). 重要提示:仅在 Mac OS X 10.10.3 及更高版本上支持此设置。Important: This setting is supported only on Mac OS X version 10.10.3 and later.
密码中所需的复杂字符数Number of complex characters required in password 指定密码中所需的复杂字符数(0 to 4)。Specify the number of complex characters required in the password (0 to 4).

复杂字符是一个符号,如 ?A complex character is a symbol, such as ?.
最短密码长度Minimum password length 指定密码的最短长度。(414 个字符)。Specify the minimum length for the password (4 to 14 characters).
允许简单密码Allow simple passwords 允许使用简单密码,如 00001234Allow the use of simple passwords such as 0000 or 1234.
需要提供密码之前处于非活动状态的分钟数Minutes of inactivity before password is required 指定在需要密码来进行解锁之前,计算机必须保持非活动状态的时间。Specify how long the computer must be inactive before a password is required to unlock it.
密码过期(天数)Password expiration (days) 指定用户在多少天之后必须更改密码(1255 天)。Specify how many days elapse before the user must change the password (1 to 255 days).
记住密码历史记录Remember password history 防止用户使用以前用过的密码。Prevent the user from using a previously used password. 设置该选项时,还可以设置“防止重用以前的密码”以指定以前使用的不能重复使用的密码数(124 个)。When this is set, you can also set Prevent reuse of previous passwords to specify the number of previously used passwords that cannot be reused (1 to 24).
屏幕保护程序激活前处于非活动状态的分钟数Minutes of inactivity before screensaver activates 指定屏幕保护程序激活前计算机必须处于空闲状态的时间。Specify the length of time that the computer must be idle before the screensaver is activated.

相容和不相容应用的设置Settings for compliant and noncompliant apps

在“Mac OS X 的相容&不相容应用列表”中,启用“设备的托管设置”,然后使用以下信息指定相容或不相容应用的列表。In the Compliant & Noncompliant Apps list for Mac OS X, enable Managed settings for devices, and then specify a list of compliant or noncompliant apps by using the following information.

备注

单个策略只能包含一个相容应用列表或一个不相容应用列表。A single policy can contain only a list of compliant apps or a list of noncompliant apps. 不能在同一策略中同时指定两个列表。You cannot specify both in the same policy.

Intune 允许你报告安装了不相容应用的设备。Intune lets you report devices with noncompliant apps. 它不会阻止安装,也不会删除不相容应用。It does not block installation or remove noncompliant apps.

设置名Setting name 详细信息Details
用户安装列出的应用时报告不相容情况Report noncompliance when users install the listed apps 显示不允许用户安装的 Mac OS X 应用。Displays the Mac OS X apps that users are not allowed to install. 如果用户安装任何这些应用,“不相容应用报告”中将报告安装的应用。If users install any of these apps, they will be reported in Noncompliant Apps Reports.
用户安装未列出的应用时报告不合规性Report noncompliance when users install apps which are not listed 显示允许用户安装的 Mac OS X 应用。Displays the Mac OS X apps that users are allowed to install. 如果用户安装任何其他应用,“不相容应用报告”中将报告安装的应用。If users install any other apps, they will be reported in Noncompliant Apps Reports.
添加Add 将应用添加到选定的列表。Add an app to the selected list. 指定你选择的名称(可为应用发布者)和应用的捆绑 ID。Specify a name of your choice, optionally the app publisher, and the bundle ID of the app. 提示:若要查找应用的捆绑 ID,请在已安装此应用的 Mac 计算机上执行以下步骤:Tip: To find the bundle ID of an app, use the following steps on a Mac computer that has the app installed:
  1. 打开安装应用的文件夹(例如,/Applications)。Open the folder in which the app is installed (for example, /Applications).
  2. 选择 <App Name>.app 捆绑包,然后选择“显示包内容”。Select the <App Name>.app bundle, and choose Show Package Contents.
  3. 打开“Info.plist”文件。Open the Info.plist file.
  4. 检查与“CFBundleIdentifier”键相关联的值。Check the value associated with the key CFBundleIdentifier.
捆绑 ID 的格式是“com.contoso.appname”。The format for the bundle ID is com.contoso.appname.
导入应用Import Apps 导入你已在逗号分隔值文件中指定的应用列表。Import a list of apps that you have specified in a comma-separated values file. 在文件中使用此格式:应用名称、发布者和应用捆绑 ID。In the file, use this format: app name, publisher, app bundle ID.
编辑Edit 编辑所选应用的名称、发布者和捆绑 ID。Edit the name, publisher, and app bundle ID of the selected app.
删除Delete 从列表中删除选定的应用。Delete the selected app from the list.

提示

有关 Intune 报告的详细信息,请参阅通过使用报表了解 Microsoft Intune 操作For more information about Intune reports, see Understand Microsoft Intune operations by using reports.

重要

Mac OS X 设备处于休眠模式时,无法传递策略和配置文件或列出它们的清单。When a Mac OS X device is in sleep mode, policies and profiles cannot be delivered or inventoried. 因此,Intune 控制台可能会暂时显示状态“策略设置错误”,直到下一次从休眠模式中唤醒设备。As a result, the Intune console might temporarily display the status Policy settings in error until the next time the device wakes from sleep mode.

监视相容和不相容应用Monitor compliant and noncompliant apps

使用“不相容应用报告”查看指定应用的相容性。Use Noncompliant Apps Reports to view the compliance of apps that you specified.

运行报表To run a report

  1. Microsoft Intune 管理控制台中,选择“报告”>“不相容应用报告”。In the Microsoft Intune administration console, choose Reports > Noncompliant Apps Reports.

  2. 选择你想要检查的设备组,选择要检查相容应用还是不相容应用,或是同时检查两者,然后选择“查看报告”。Select the device groups that you want to check, select whether you want to check for compliant apps, noncompliant apps, or both, and then choose View Report.

Microsoft Intune 中的 Mac OS X 自定义策略设置Mac OS X custom policy settings in Microsoft Intune

使用 Microsoft Intune 的“Mac OS X 自定义配置策略”,将用 Apple Configurator 工具创建的设置部署到 Mac OS X 设备。Use the Microsoft Intune Mac OS X custom configuration policy to deploy settings that you created by using the Apple Configurator tool to Mac OS X devices. 使用此工具可以创建控制这些设备的操作的许多设置,并将其导出到配置的配置文件中。This tool lets you create many settings that control the operation of these devices and export them to a configuration profile. 然后可将此配置文件导入到 Intune Mac OS X 自定义策略,并向组织中的用户和设备部署这些设置。You can then import this configuration profile into an Intune Mac OS X custom policy and deploy the settings to users and devices in your organization.

此功能允许你部署不能与 Intune Mac OS X 常规配置策略一起配置的 Mac OS X 设置。This capability allows you to deploy Mac OS X settings that are not configurable with the Intune Mac OS X general configuration policy.

先决条件Prerequisites

在开始之前,必须已安装了 Apple Configurator 并创建了包含需部署到用户或设备的设置的配置文件。Before you start, you must have installed the Apple Configurator and created a configuration file that contains the settings you want to deploy to users or devices. 可从 Mac 应用商店下载和了解 Apple Configurator。You can download and learn about the Apple Configurator from the Mac App Store.

备注

Intune 不会报告 Mac OS X 自定义策略中各个设置的合规性。Intune does not report the compliance of individual settings in a Mac OS X custom policy. 但会报告策略的总体合规性。However, the overall compliance of the policy is reported.

常规设置General settings

设置名Setting name 详细信息Details
NameName 输入 Mac OS X 自定义策略的唯一名称,以帮助你在 Intune 控制台中识别它。Enter a unique name for the Mac OS X custom policy to help you identify it in the Intune console.
描述Description 提供对 Mac OS X 自定义策略的概述以及可帮助你查找它的其他相关信息。Provide a description that gives an overview of the Mac OS X custom policy and other relevant information that helps you to locate it.

自定义设置Custom settings

设置名Setting name 详细信息Details
自定义配置的配置文件名称(对用户显示)Custom configuration profile name (displayed to users) 提供策略的名称,该名称将显示在设备上以及 Intune 策略报告中。Provide a name for the policy as it will be displayed on the device and in Intune policy reports.
配置的配置文件Configuration profile file 选择“导入”,然后浏览到使用 Apple Configurator 创建的配置文件。Choose Import, and then browse to the configuration profile that you created by using the Apple Configurator. 提示:请参阅本主题中的“如何创建配置文件”来帮助创建配置文件。Tip: See "How to create a configuration profile file" in this topic for help in creating the configuration profile.
配置的配置文件详细信息Configuration profile details 显示导入的配置文件的 XML 代码。Display the XML code for the configuration profile that you imported.

如何创建配置文件How to create a configuration profile file

可以通过以下两种方法创建自定义策略使用的配置文件:You can create the configuration profile file used by the custom policy in two ways:

  • 从 Apple Configurator 工具中导出文件(扩展名为 .mobileconfig)。Export the file (with the extension .mobileconfig) from the Apple Configurator tool.

  • 使用 Apple 配置文件键引用中的相应架构自行创作文件。Author the file yourself by using the appropriate schema from the Apple Configuration Profile Key Reference.

另请参阅See also

使用 Microsoft Intune 策略管理设备上的设置和功能Manage settings and features on your devices with Microsoft Intune policies