Microsoft Intune 配置策略参考Microsoft Intune configuration policy reference

适用于:经典门户中的 IntuneApplies to: Intune in the classic portal
在寻找有关 Azure 门户中 Intune 的文档吗?Looking for documentation about Intune in the Azure portal? 请转到此处Go here.

通过本主题中的信息可帮助你确定管理设备所需要使用的 Microsoft Intune 配置策略。Use the information in this topic to help you decide which Microsoft Intune configuration policy you need to use to manage your devices.

提示

有关如何使用策略的详细信息,请参阅使用 Microsoft Intune 策略管理设备上的设置和功能For more detailed information about how to use policies, see Manage settings and features on your devices with Microsoft Intune Policies.

Android 配置策略Android configuration policies

策略名称Policy name 在你想要完成以下事项时使用:Use when you want to
自定义配置(Android 4 及更高版本、Samsung KNOX 标准版 4.0 及更高版本)Custom Configuration (Android 4 and later, Samsung KNOX Standard 4.0 and later)

自定义配置 (Android for Work)Custom Configuration (Android for Work)
部署开放移动联盟统一资源标识符 (OMA-URI) 设置,例如可用于控制设备功能的 Wi-Fi 设置。Deploy Open Mobile Alliance Uniform Resource Identifier (OMA-URI) settings, such as Wi-Fi settings that can be used to control device features. 这在配置策略未提供你需要的设置时十分有用。This is useful when the setting that you need is not available in a configuration policy.

有关详细信息,请参阅Microsoft Intune 中的 Android 策略设置For details, see Android policy settings in Microsoft Intune.
电子邮件配置文件(Samsung KNOX 标准版 4.0 及更高版本)Email Profile (Samsung KNOX Standard 4.0 and later)

电子邮件配置文件 (Android for Work - Gmail)Email Profile (Android for Work - Gmail)

电子邮件配置文件 (Android for Work - Nine Work)Email Profile (Android for Work - Nine Work)
创建、部署和监视受管理设备上的 Exchange ActiveSync 电子邮件设置。Create, deploy, and monitor Exchange ActiveSync email settings on managed devices. 这样一来,用户无需进行特殊设置,就能通过个人设备访问企业电子邮件。This lets users access corporate email on their personal devices without any required setup on their part.

有关详细信息,请参阅使用 Microsoft Intune 的电子邮件配置文件配置对公司电子邮件的访问For details, see Configure access to corporate email using email profiles with Microsoft Intune.
常规配置(Android 4 及更高版本、Samsung KNOX 标准版 4.0 及更高版本)General Configuration (Android 4 and later, Samsung KNOX Standard 4.0 and later)

常规配置 (Android for Work)General Configuration (Android for Work)
配置移动设备安全设置和功能设置。Configure mobile device security and functional settings.
指定相容或不相容的应用,并在使用这些应用时进行报告。Specify apps that are compliant or noncompliant, and report when they are used.
配置锁定设备为只允许某些功能运行的展台模式,例如,允许设备只运行一个应用或禁用音量按钮。Configure kiosk mode that locks devices to allow only certain features to work, for example, allow the device to run only one app, or disable the volume buttons.

有关详细信息,请参阅Microsoft Intune 中的 Android 策略设置For details, see Android policy settings in Microsoft Intune.
PKCS #12 (.PFX) 证书配置文件(Android 4 及更高版本)PKCS #12 (.PFX) Certificate Profile (Android 4 and later)

PKCS #12 (.PFX) 证书配置文件 (Android for Work)PKCS #12 (.PFX) Certificate Profile (Android for Work)
使用此配置文件针对设备证书请求创建和部署 .PFX 设置。Use this profile to create and deploy .PFX settings for device certificate requests.

有关详细信息,请参阅使用 Microsoft Intune 中的证书配置文件确保资源访问的安全性For details, see Secure resource access with certificate profiles in Microsoft Intune.
SCEP 证书配置文件(Android 4 及更高版本)SCEP Certificate Profile (Android 4 and later)

SCEP 证书配置文件 (Android for Work)SCEP Certificate Profile (Android for Work)
可以配置简单证书注册协议证书,该证书可与受信任的移动设备证书一起用于对移动设备进行身份验证,以允许它们访问 Wi-Fi 和 VPN 配置文件等配置的网络资源。Configure a Simple Certificate Enrollment Protocol certificate which can be used with a trusted mobile device certificate to authenticate mobile devices to allow them to access network resources such as those configured by Wi-Fi and VPN profiles.

有关详细信息,请参阅使用 Microsoft Intune 中的证书配置文件确保资源访问的安全性For details, see Secure resource access with certificate profiles in Microsoft Intune.
受信任的证书配置文件(Android 4 及更高版本)Trusted Certificate Profile (Android 4 and later)

受信任证书配置文件 (Android for Work)Trusted Certificate Profile (Android for Work)
可以配置受信任的移动设备证书,该证书可用于对移动设备进行身份验证,以允许它们访问 Wi-Fi 和 VPN 配置文件等配置的网络资源。Configure a trusted mobile device certificate which can be used to authenticate mobile devices to allow them to access network resources such as those configured by Wi-Fi and VPN profiles.

有关详细信息,请参阅使用 Microsoft Intune 中的证书配置文件确保资源访问的安全性For details, see Secure resource access with certificate profiles in Microsoft Intune.
VPN 配置文件(Android 4 及更高版本)VPN Profile (Android 4 and later)

VPN 配置文件 (Android for Work)VPN Profile (Android for Work)
配置和部署授权用户从其移动设备安全访问您公司网络的设置。Configure and deploy settings that give users secure access to your company network from their mobile device. 通过部署这些设置,可以为最终用户简化到其工作的连接。By deploying these settings, you simplify connections for end-users to their work.

有关详细信息,请参阅 Microsoft Intune.md 中的 VPN 连接For details, see VPN connections in Microsoft Intune.md.
Wi-Fi 配置文件(Android 4 及更高版本)Wi-Fi Profile (Android 4 and later)

Wi-Fi 配置文件 (Android for Work)Wi-Fi Profile (Android for Work)
配置和部署到您的组织中的用户的无线网络设置。Configure and deploy wireless network settings to users in your organization. 通过部署这些设置,可以为最终用户简化到无线网络的连接。By deploying these settings, you simplify connections for end-users to the wireless network.

有关详细信息,请参阅 Microsoft Intune 中的 Wi-Fi 连接For details, see Wi-Fi connections in Microsoft Intune.
移动应用配置策略 (Android for Work)Mobile App Configuration Policy (Android for Work) 移动应用配置策略可自动提供用户在运行 Android for Work 应用时可能需要的设置。Use mobile app configuration policies to automatically supply settings that might be required when the user runs an Android for Work app.

有关详细信息,请参阅在 Microsoft Intune 中使用移动应用配置策略配置 Android for Work 应用For details, see Configure Android for Work apps with mobile app configuration policies in Microsoft Intune.

iOS 配置策略iOS configuration policies

策略名称Policy name 在你想要完成以下事项时使用:Use when you want to
自定义配置(iOS 8.0 及更高版本)Custom Configuration (iOS 8.0 and later) 将配置文件部署到使用 Apple 配置器创建的 iOS 设备。Deploy configuration profiles to iOS devices that you created using Apple Configurator. 这在配置策略未提供你需要的设置时十分有用。This is useful when the setting that you need is not available in a configuration policy.

有关详细信息,请参阅 Microsoft Intune 中的 iOS 策略设置For details, see iOS policy settings in Microsoft Intune.
电子邮件配置文件(iOS 8.0 及更高版本)Email Profile (iOS 8.0 and later) 创建、部署和监视受管理设备上的 Exchange ActiveSync 电子邮件设置。Create, deploy, and monitor Exchange ActiveSync email settings on managed devices. 这样一来,用户无需进行特殊设置,就能通过个人设备访问企业电子邮件。This lets users access corporate email on their personal devices without any required setup on their part.

有关详细信息,请参阅使用 Microsoft Intune 的电子邮件配置文件配置对公司电子邮件的访问For details, see Configure access to corporate email using email profiles with Microsoft Intune.
常规配置(iOS 8.0 及更高版本)General Configuration (iOS 8.0 and later) 配置移动设备安全设置和功能设置。Configure mobile device security and functional settings.
指定相容或不相容的应用,并在使用这些应用时进行报告。Specify apps that are compliant or noncompliant, and report when they are used.
配置锁定设备为只允许某些功能运行的展台模式,例如,允许设备只运行一个应用或禁用音量按钮。Configure kiosk mode that locks devices to allow only certain features to work, for example, allow the device to run only one app, or disable the volume buttons.

有关详细信息,请参阅 Microsoft Intune 中的 iOS 策略设置For details, see iOS policy settings in Microsoft Intune.
移动应用配置策略(iOS 8.0 及更高版本)Mobile App Configuration Policy (iOS 8.0 and later) 移动应用配置策略可自动提供用户在运行 iOS 应用时可能需要的设置。Use mobile app configuration policies to automatically supply settings that might be required when the user runs an iOS app.

有关详细信息,请参阅使用 Microsoft Intune 中的移动应用配置策略配置 iOS 应用For details, see Configure iOS apps with mobile app configuration policies in Microsoft Intune.
移动预配配置文件策略(iOS 8.0 及更高版本)Mobile provisioning Profile Policy (iOS 8.0 and later) Apple iOS 业务线移动应用附带预配配置文件和证书签名的代码。Apple iOS line-of-business mobile apps are built with a provisioning profile that's included and code signed with a certificate. 当应用在 iOS 设备上运行时,iOS 会确认 iOS 应用的完整性,并强制实施由预配配置文件定义的策略。When the app is run on an iOS device, iOS confirms the integrity of the iOS app and enforces policies that the provisioning profile defines.

用于签署应用的企业签名证书通常持续三年。The enterprise signing certificate that you use to sign apps typically lasts for three years. 但是,预配配置文件在一年后过期。However, the provisioning profile expires after one year. 使用此策略对拥有即将过期(但证书仍然有效)应用的设备主动部署新的预配配置文件策略。Use this policy to proactively deploy a new provisioning profile policy to devices that have apps that are near expiry while the certificate is still valid.

有关详细信息,请参阅使用 iOS 移动预配配置文件策略防止你的应用过期For details, see Use iOS mobile provisioning profile policies to prevent your apps from expiring.
PKCS #12 (.PFX) 证书配置文件(iOS 8.0 及更高版本)PKCS #12 (.PFX) Certificate Profile (iOS 8.0 and later) 使用此配置文件针对设备证书请求创建和部署 .PFX 设置。Use this profile to create and deploy .PFX settings for device certificate requests.

有关详细信息,请参阅使用 Microsoft Intune 中的证书配置文件确保资源访问的安全性For details, see Secure resource access with certificate profiles in Microsoft Intune.
SCEP 证书配置文件(iOS 8.0 及更高版本)SCEP Certificate Profile (iOS 8.0 and later) 配置简单证书注册协议证书,该证书可与受信任的移动设备证书一起用于对移动设备进行身份验证,以允许它们访问 Wi-Fi 和 VPN 配置文件等配置的网络资源。Configure a Simple Certificate Enrollment Protocol certificate that can be used with a trusted mobile device certificate to authenticate mobile devices to allow them to access network resources such as those configured by Wi-Fi and VPN profiles.

有关详细信息,请参阅使用 Microsoft Intune 中的证书配置文件确保资源访问的安全性For details, see Secure resource access with certificate profiles in Microsoft Intune.
受信任证书配置文件(iOS 8.0 及更高版本)Trusted Certificate Profile (iOS 8.0 and later) 配置受信任的移动设备证书,该证书可用于对移动设备进行身份验证,以允许它们访问 Wi-Fi 和 VPN 配置文件等配置的网络资源。Configure a trusted mobile device certificate that can be used to authenticate mobile devices to allow them to access network resources such as those configured by Wi-Fi and VPN profiles.

有关详细信息,请参阅使用 Microsoft Intune 中的证书配置文件确保资源访问的安全性For details, see Secure resource access with certificate profiles in Microsoft Intune.
VPN 配置文件(iOS 8.0 及更高版本)VPN Profile (iOS 8.0 and later) 配置并部署授权用户从其移动设备安全访问你公司网络的设置。Configure and deploy settings that give users secure access to your company network from their mobile devices. 通过部署这些设置,可以为最终用户简化到其工作的连接。By deploying these settings, you simplify connections for end-users to their work.

有关详细信息,请参阅 Microsoft Intune.md 中的 VPN 连接For details, see VPN connections in Microsoft Intune.md.
Wi-Fi 配置文件(iOS 8.0 及更高版本)Wi-Fi Profile (iOS 8.0 and later) 配置和部署到您的组织中的用户的无线网络设置。Configure and deploy wireless network settings to users in your organization. 通过部署这些设置,可以为最终用户简化到无线网络的连接。By deploying these settings, you simplify connections for end-users to the wireless network.

有关详细信息,请参阅 Microsoft Intune 中的 Wi-Fi 连接For details, see Wi-Fi connections in Microsoft Intune.

Mac OS X 配置策略Mac OS X configuration policies

策略名称Policy name 在你想要完成以下事项时使用:Use when you want to
自定义配置(Mac OS X 10.9 及更高版本)Custom Configuration (Mac OS X 10.9 and later) 将配置文件部署到使用 Apple 配置器创建的 Mac 计算机。Deploy configuration profiles to Mac computers that you created using Apple Configurator. 这在配置策略未提供你需要的设置时十分有用。This is useful when the setting that you need is not available in a configuration policy.

有关详细信息,请参阅 Microsoft Intune 中的 Mac OS X 策略设置For details, see Mac OS X policy settings in Microsoft Intune.
常规配置(Mac OS X 10.9 及更高版本)General Configuration (Mac OS X 10.9 and later) 配置移动设备安全设置和功能设置。Configure mobile device security and functional settings.
指定相容或不相容的应用,并在使用这些应用时进行报告。Specify apps that are compliant or noncompliant, and report when they are used.

有关详细信息,请参阅 Microsoft Intune 中的 Mac OS X 策略设置For details, see Mac OS X policy settings in Microsoft Intune.
SCEP 证书配置文件(Mac OS X 10.9 及更高版本)SCEP Certificate Profile (Mac OS X 10.9 and later) 配置简单证书注册协议证书,该证书可与受信任的移动设备证书一起用于对移动设备进行身份验证,以允许它们访问 Wi-Fi 和 VPN 配置文件等配置的网络资源。Configure a Simple Certificate Enrollment Protocol certificate that can be used with a trusted mobile device certificate to authenticate mobile devices to allow them to access network resources such as those configured by Wi-Fi and VPN profiles.

有关详细信息,请参阅使用 Microsoft Intune 中的证书配置文件确保资源访问的安全性For details, see Secure resource access with certificate profiles in Microsoft Intune.
受信任证书配置文件(Mac OS X 10.9 及更高版本)Trusted Certificate Profile (Mac OS X 10.9 and later) 配置受信任的移动设备证书,该证书可用于对移动设备进行身份验证,以允许它们访问 Wi-Fi 和 VPN 配置文件等配置的网络资源。Configure a trusted mobile device certificate that can be used to authenticate mobile devices to allow them to access network resources such as those configured by Wi-Fi and VPN profiles.

有关详细信息,请参阅使用 Microsoft Intune 中的证书配置文件确保资源访问的安全性For details, see Secure resource access with certificate profiles in Microsoft Intune.
VPN 配置文件(Mac OS X 10.9 及更高版本)VPN Profile (Mac OS X 10.9 and later) 配置并部署授权用户从其移动设备安全访问你公司网络的设置。Configure and deploy settings that give users secure access to your company network from their mobile devices. 通过部署这些设置,可以为最终用户简化到其工作的连接。By deploying these settings, you simplify connections for end-users to their work.

有关详细信息,请参阅 Microsoft Intune.md 中的 VPN 连接For details, see VPN connections in Microsoft Intune.md.
Wi-Fi 配置文件(Mac OS X 10.9 及更高版本)Wi-Fi Profile (Mac OS X 10.9 and later) 配置和部署到您的组织中的用户的无线网络设置。Configure and deploy wireless network settings to users in your organization. 通过部署这些设置,可以为最终用户简化到无线网络的连接。By deploying these settings, you simplify connections for end-users to the wireless network.

有关详细信息,请参阅 Microsoft Intune 中的 Wi-Fi 连接For details, see Wi-Fi connections in Microsoft Intune.

Windows 配置策略Windows configuration policies

仅适用于 Windows Phone 和注册的 Windows 设备。Applies to Windows Phone and enrolled Windows devices only.

策略名称Policy name 在你想要完成以下事项时使用:Use when you want to
自定义配置(Windows 10 桌面版和移动版及更高版本)Custom Configuration (Windows 10 Desktop and Mobile and later) 部署可用于控制设备功能的 OMA-URI 设置。Deploy OMA-URI settings that can be used to control device features. 这在配置策略未提供你需要的设置时十分有用。This is useful when the setting that you need is not available in a configuration policy.
有关详细信息,请参阅 Microsoft Intune 中的 Windows 10 策略设置For details, see Windows 10 policy settings in Microsoft Intune.
自定义配置(Windows Phone 8.1 及更高版本)Custom Configuration (Windows Phone 8.1 and later) 部署可用于控制设备功能的 OMA-URI 设置。Deploy OMA-URI settings that can be used to control device features. 这在配置策略未提供你需要的设置时十分有用。This is useful when the setting that you need is not available in a configuration policy.

有关详细信息,请参阅 Microsoft Intune 中的 Windows Phone 8.1 设置For details, see Windows Phone 8.1 settings in Microsoft Intune.
版本升级策略(Windows 10 桌面版及更高版本)Edition Upgrade Policy (Windows 10 Desktop and later)

版本升级策略(Windows 10 全息版及更高版本)Edition Upgrade Policy (Windows 10 Holographic and later)

版本升级策略(Windows 10 移动版及更高版本)Edition Upgrade Policy (Windows 10 Mobile and later)
配置并部署包含用于将 Windows 10 设备更新到较新版本的许可证或产品密钥信息的策略。Configure and deploy policies that contain license or product key information that is used to update Windows 10 devices to a newer version.

有关详细信息,请参阅 Microsoft Intune 中的版本升级策略设置For details, see Edition upgrade policy settings in Microsoft Intune.
电子邮件配置文件(Windows Phone 8.1 及更高版本)Email Profile (Windows Phone 8.1 and later)

电子邮件配置文件(Windows 10 桌面版和移动版及更高版本)Email Profile (Windows 10 Desktop and Mobile and later)
创建、部署和监视受管理设备上的 Exchange ActiveSync 电子邮件设置。Create, deploy, and monitor Exchange ActiveSync email settings on managed devices. 这样一来,用户无需进行特殊设置,就能通过个人设备访问企业电子邮件。This lets users access corporate email on their personal devices without any required setup on their part.

有关详细信息,请参阅使用 Microsoft Intune 的电子邮件配置文件配置对公司电子邮件的访问For details, see Configure access to corporate email using email profiles with Microsoft Intune.
常规配置(Windows 10 桌面版和移动版及更高版本)General Configuration (Windows 10 Desktop and Mobile and later) 为注册的 Windows 10 桌面版和移动版设备配置移动设备安全和功能设置。Configure mobile device security and functional settings for enrolled Windows 10 desktop and Mobile devices.

有关详细信息,请参阅 Microsoft Intune 中的 Windows 10 策略设置For details, see Windows 10 policy settings in Microsoft Intune.
常规配置(Windows 10 协同版及更高版本)General Configuration (Windows 10 Team and later) 为已注册的 Windows 10 协同版设备(例如 Surface Hub 设备)配置设备安全性和功能设置。Configure device security and functional settings for enrolled Windows 10 Team devices (for example, a Surface Hub device).

有关详细信息,请参阅 Microsoft Intune 中的 Windows Team 配置策略设置For details, see Windows Team configuration policy settings in Microsoft Intune.
常规配置(Windows 8.1 及更高版本)General Configuration (Windows 8.1 and later) 为注册的 Windows 设备配置移动设备安全设置和功能设置。Configure mobile device security and functional settings for enrolled Windows devices.

有关详细信息,请参阅 Microsoft Intune 中的 Windows 策略设置For details, see Windows policy settings in Microsoft Intune.
常规配置(Windows Phone 8.1 及更高版本)General Configuration (Windows Phone 8.1 and later) 配置移动设备安全设置和功能设置。Configure mobile device security and functional settings.
指定用户可以使用或不能使用的应用,并阻止安装和使用不符合要求的应用。Specify apps that users can or cannot use, and block noncompliant apps from being installed or used.

有关详细信息,请参阅 Microsoft Intune 中的 Windows Phone 8.1 设置For details, see Windows Phone 8.1 settings in Microsoft Intune.
PKCS #12 (.PFX) 证书配置文件(Windows 10 桌面版和移动版及更高版本)PKCS #12 (.PFX) Certificate Profile (Windows 10 Desktop and Mobile and later) 使用此配置文件针对设备证书请求创建和部署 .PFX 设置。Use this profile to create and deploy .PFX settings for device certificate requests.

有关详细信息,请参阅使用 Microsoft Intune 中的证书配置文件确保资源访问的安全性For details, see Secure resource access with certificate profiles in Microsoft Intune.
SCEP 证书配置文件(Windows 8.1 及更高版本)SCEP Certificate Profile (Windows 8.1 and later)

SCEP 证书配置文件(Windows Phone 8.1 及更高版本)SCEP Certificate Profile (Windows Phone 8.1 and later)
配置简单证书注册协议证书,该证书可与受信任的移动设备证书一起用于对移动设备进行身份验证,以允许它们访问 Wi-Fi 和 VPN 配置文件等配置的网络资源。Configure a Simple Certificate Enrollment Protocol certificate that can be used with a trusted mobile device certificate to authenticate mobile devices to allow them to access network resources such as those configured by Wi-Fi and VPN profiles.

有关详细信息,请参阅使用 Microsoft Intune 中的证书配置文件确保资源访问的安全性For details, see Secure resource access with certificate profiles in Microsoft Intune.
受信任的证书配置文件(Windows 8.1 及更高版本)Trusted Certificate Profile (Windows 8.1 and later)

受信任的证书配置文件(Windows Phone 8.1 及更高版本)Trusted Certificate Profile (Windows Phone 8.1 and later)
可以配置受信任的移动设备证书,该证书可用于对移动设备进行身份验证,以允许它们访问 Wi-Fi 和 VPN 配置文件等配置的网络资源。Configure a trusted mobile device certificate which can be used to authenticate mobile devices to allow them to access network resources such as those configured by Wi-Fi and VPN profiles.

有关详细信息,请参阅使用 Microsoft Intune 中的证书配置文件确保资源访问的安全性For details, see Secure resource access with certificate profiles in Microsoft Intune.
VPN 配置文件(Windows 10 桌面版和移动版及更高版本)VPN Profile (Windows 10 Desktop and Mobile and later)

VPN 配置文件(Windows 8.1 及更高版本)VPN Profile (Windows 8.1 and later)

VPN 配置文件(Windows Phone 8.1 及更高版本)VPN Profile (Windows Phone 8.1 and later)
配置并部署授权用户从其移动设备安全访问你公司网络的设置。Configure and deploy settings that give users secure access to your company network from their mobile devices. 通过部署这些设置,可以为最终用户简化到其工作的连接。By deploying these settings, you simplify connections for end-users to their work.

有关详细信息,请参阅 Microsoft Intune 中的 VPN 连接For details, see VPN connections in Microsoft Intune.
Wi-Fi 导入Wi-Fi Import 导入和部署你之前导出到文件的 Windows Wi-Fi 配置。Import and deploy Windows Wi-Fi configurations that you have previously exported to a file.

有关详细信息,请参阅 Microsoft Intune 中的 Wi-Fi 连接For details, see Wi-Fi connections in Microsoft Intune.
Windows 信息保护Windows Information Protection
(以前称为企业数据保护)(formerly known as enterprise data protection)
随着企业中员工拥有的设备的增加,通过应用和服务(如电子邮件、社交媒体和公共云)发生的意外数据泄露的风险也在增加,这是不受企业控制的。With the increase of employee-owned devices in the enterprise, there’s also an increasing risk of accidental data leaks through apps and services, like email, social media, and the public cloud, which are outside of the enterprise’s control. 例如,某位员工从个人电子邮件帐户发送最新的工程图片、将产品信息复制并粘贴到推文,或将正在进行的销售报表保存到公有云存储。For example, an employee sends the latest engineering pictures from a personal email account, copies and pastes product info into a tweet, or saves an in-progress sales report to public cloud storage.

Windows 信息保护有助于防范潜在的数据泄露,而不会干扰员工体验。Windows Information Protection helps to protect against this potential data leakage without otherwise interfering with the employee experience. 它还有助于防范企业应用和数据在企业自有设备和员工带到工作中的个人设备上的意外数据泄露,而无需对你的环境或其他应用进行更改。It also helps to protect enterprise apps and data against accidental data leaks on enterprise-owned devices and personal devices that employees bring to work without requiring changes to your environment or other apps.

此 Intune 策略管理由 Windows 信息保护功能保护的应用、企业网络位置、保护级别和加密设置的列表。This Intune policy manages the list of apps protected by Windows Information Protection, enterprise network locations, protection level, and encryption settings.

有关详细信息,请参阅 Protect your enterprise data using Windows Information Protection(使用 Windows 信息保护来保护你的企业数据)。For more information, see Protect your enterprise data using Windows Information Protection.

软件策略Software policies

策略名称Policy name 在你想要完成以下事项时使用:Use when you want to
托管浏览器策略 (Android 4 和更高版本)Managed Browser Policy (Android 4 and later)

Managed Browser 策略(iOS 8.0 及更高版本)Managed Browser Policy (iOS 8.0 and later)
指定用户在使用 Managed Browser 应用时,他们能或不能访问的网站。Specify the websites that users can and cannot access when they are using the managed browser app.

有关详细信息,请参阅使用 Microsoft Intune 的托管浏览器策略管理 Internet 访问For details, see Manage Internet access using managed browser policies with Microsoft Intune.
移动应用管理(Android 4 及更高版本)Mobile Application Management (Android 4 and later)

移动应用程序管理策略(iOS 8.0 及更高版本)Mobile Application Management Policy (iOS 8.0 and later)
修改您部署的应用程序的功能,以帮助使其符合您的公司的遵从性和安全策略。Modify the functionality of apps that you deploy to help bring them into line with your company compliance and security policies. 例如,你可以限制受限制应用内的剪切、复制和粘贴操作,或配置应用以打开 Managed Browser 内的所有 Web 链接。For example, you can restrict cut, copy, and paste operations within a restricted app, or configure an app to open all web links inside the managed browser.

有关详细信息,请参阅 Configure and deploy mobile application management policies in the Microsoft Intune console(在 Microsoft Intune 控制台中配置和部署移动应用程序管理策略)For details, see Configure and deploy mobile application management policies in the Microsoft Intune console

常用的移动设备设置Common Mobile Device Settings

策略名称Policy name 在你想要完成以下事项时使用:Use when you want to
Exchange ActiveSync 策略Exchange ActiveSync Policy 为 Exchange ActiveSync 托管设备配置移动设备安全设置和功能设置。Configure mobile device security and functional settings for devices that are managed by Exchange ActiveSync.

有关详细信息,请参阅 Microsoft Intune 中的 Exchange ActiveSync 策略设置For details, see Exchange ActiveSync policy settings in Microsoft Intune.
移动设备安全策略Mobile Device Security Policy
  • 为移动设备(所有平台)配置设置,包括:Configures settings for mobile devices (all platforms) including:

    • 安全Security
    • 加密Encryption
    • 系统System
    • EmailEmail
    • 应用程序Applications

重要

Microsoft Intune 现在拥有针对每个设备平台的单独配置策略,这些策略包含你可以使用的最新设置。Microsoft Intune now features separate configuration policies for each device platform, and these policies contain the most up-to-date settings that you can use. 你可以继续使用移动设备安全策略,任何现有部署仍将起作用,但你应计划尽快迁移到新配置策略。You can continue to use the mobile device security policy and any existing deployments will still work, but you should plan to migrate to the new configuration policies as soon as possible.
有关详细信息,请参阅 Microsoft Intune 中的移动设备安全策略设置For details, see Mobile device security policy settings in Microsoft Intune.

由 Intune 软件客户端管理的 Windows 电脑策略Policies for Windows PCs managed by the Intune software client

策略名称Policy name 在你想要完成以下事项时使用:Use when you want to
Microsoft Intune 代理设置Microsoft Intune Agent Settings 在计算机上配置 Intune PC 客户端,包括下列各项的设置:Configure the Intune PC client on computers, including settings for:

- Endpoint Protection- Endpoint Protection
- 软件更新- Software updates
- 策略检查计划- Policy check schedule

这种策略仅可以部署到设备组。This type of policy can be deployed only to groups of devices.

Intune 客户端根据“更新和应用程序检测频率”设置下载新的和更新的策略,该设置的默认值为八小时。Intune clients download new and updated policy according to the Update and application detection frequency setting, which defaults to eight hours. 不过,你可以随时在计算机上强制刷新策略。However, you can force a refresh of policy on computers at any time.

有关详细信息,请参阅在 Microsoft Intune 中利用软件更新使 Windows 电脑保持最新版本For details, see Keep Windows PCs up to date with software updates in Microsoft Intune.
Microsoft Intune Center 设置Microsoft Intune Center Settings 配置在 Microsoft Intune 中心内出现的托管计算机的详细信息。Configure details that appear in the Microsoft Intune Center on managed computers.

这种策略仅可以部署到设备组。This type of policy can be deployed only to groups of devices.

有关详细信息,请参阅使用 Microsoft Intune 计算机客户端的常见 Windows 电脑管理任务For details, see Common Windows PC management tasks with the Microsoft Intune computer client.
Windows 防火墙设置Windows Firewall Settings 在计算机上为常见网络通信配置 Windows 防火墙设置和例外,包括:Configures Windows Firewall settings and exceptions for common network communications on computers, including:

- BranchCache- BranchCache
- 远程协助- Remote assistance
- 媒体共享- Media sharing

这种策略仅可以部署到设备组。This type of policy can be deployed only to groups of devices.

有关详细信息,请参阅使用 Microsoft Intune 的 Endpoint Protection 帮助保障 Windows 电脑的安全For details, see Help secure Windows PCs with Endpoint Protection for Microsoft Intune.

另请参阅See also

使用 Microsoft Intune 策略管理设备上的设置和功能Manage settings and features on your devices with Microsoft Intune policies