保护未在 Microsoft Intune 上注册的设备上的业务线应用和数据Protect line-of-business apps and data on devices that are not enrolled in Microsoft Intune

适用于:经典控制台中的 IntuneApplies to: Intune in the classic console
正在查找有关 Azure 中的 Intune 的文档?Looking for documentation about Intune on Azure? 请转到此处Go here.

移动应用管理 (MAM) 策略通过限制可能会泄漏公司数据的操作以及实施数据访问要求(如应用 PIN)来保护公司数据。Mobile application management (MAM) policies help protect company data by restricting actions that could leak company data and by enforcing data access requirements, such as an app PIN. 若要将 MAM 策略应用于 iOS 和/或 Android 业务线应用,首先必须使用 Microsoft Intune 应用包装工具包装此应用。To apply MAM policies to iOS and Android line-of-business apps, you must first wrap the app with the Microsoft Intune App Wrapping Tool. 应用包装是一个将管理层应用于移动应用的过程,不要求对其进行任何更改并将其分发给用户。App wrapping is the process of applying a management layer to a mobile app without requiring any changes to it and distribute it to your users.

本主题说明将 MAM 策略应用于用户在不受管理的员工自有设备以及由第三方移动设备管理 (MDM) 解决方案管理的设备上访问的应用所需的步骤。This topic explains the steps that are required to apply MAM policies for apps that users access on employee-owned devices that are not managed and devices that are managed by a third-party mobile device management (MDM) solution. 若要准备已在 Intune MDM 中注册的设备上运行的业务线应用,请参阅决定如何使用 Microsoft Intune 为移动应用管理准备应用To prepare your line-of-business apps that run on devices that are enrolled in Intune MDM, see Decide how to prepare apps for mobile application management with Microsoft Intune.

步骤 1:准备应用Step 1: Prepare the app

将 MAM 策略应用于某个应用前,首先必须使用 iOSAndroid 版 Microsoft Intune 应用包装工具包装该应用,或者使用 Intune 应用 SDK 手动集成 Intune 应用保护功能。Before you can apply MAM policies to an app, you must first wrap the app by using the Microsoft Intune App Wrapping Tool for iOS, Android, or use the Intune App SDK to manually integrate Intune app protection features.

若要深入了解应该使用应用包装工具还是 SDK,请参阅决定如何使用 Microsoft Intune 为移动应用管理准备应用For more information on using the App Wrapping Tool vs. the SDK, see Decide how to prepare apps for mobile application management with Microsoft Intune.

步骤 2:添加应用Step 2: Add the app

若要将业务线应用与 MAM 策略关联,必须按照以下步骤将应用详细信息添加至 Intune 订阅/租户:To associate your line-of-business app with MAM policies, you must add the app details to your Intune subscription/tenant by using the following steps:

  1. Azure 门户中,转到“Intune 移动应用管理” > “设置”,然后选择“业务线应用”。In the Azure portal, go to Intune mobile application management > Settings, and choose Line-of-business apps.

    包括业务线选项的“设置”边栏选项卡的屏幕截图

  2. 在“业务线应用”边栏选项卡中,选择“添加自定义应用”。On the Line-of-business-apps blade, choose Add a custom app.

    “添加自定义应用”按钮位于顶部的“业务线应用”边栏选项卡的屏幕截图

  3. 提供应用名称、应用标识符字段的捆绑标识符以及平台(iOS 或 Android)。Provide a name for the app, the bundle identifier in the App Identifier field, and the platform (iOS or Android).

    “添加自定义应用”边栏选项卡的屏幕截图

    此步骤可帮助创建唯一的应用列表。This step helps create a unique listing of your app. 租户 MAM 策略的目标应用列表中也会显示该应用,如下一步中所述。The app will also be displayed in the list of Targeted apps for a MAM policy for your tenant, as described in the next step.

步骤 3:应用 MAM 策略Step 3: Apply MAM policies

将应用元数据上传到服务后,应用列表中将显示该应用。After the app metadata is uploaded to the service, the app shows up in the list of apps. 现可创建新策略或使用现有策略,并将其应用于步骤 2 中添加的业务线应用。You can now create a new policy or use an existing policy, and apply it to the line-of-business app that you added in step 2.

重要

必须将 MAM 策略定位给要使用已包装应用的用户。You must target the MAM policy to the users who are going to use the wrapped app. 未部署此策略的用户将无法使用该应用。Users who don’t have this policy deployed to them won't be able to use the app.

显示有新业务线应用的“目标应用列表”边栏选项卡的屏幕截图

步骤 4:分配应用Step 4: Distribute the app

可通过以下方式将应用部署到用户:You can deploy apps to your users in the following ways:

  • 对于在第三方 MDM 解决方案中注册的设备,可通过 MDM 解决方案分发应用。For devices that are enrolled in a third-party MDM solution, you can distribute the apps through your MDM solution.
  • 对于不受任何 MDM 解决方案管理的设备,需要自定义解决方案。For devices that aren't managed by any MDM solution, you need a custom solution. 用户必须在其设备上下载并安装应用。Users must download and install the app on their device.

更改元数据Change the metadata

如果需要更改应用详细信息(如应用名称或捆绑标识符),必须删除应用,并向其添加新的元数据。If you need to change the app details, like the name of the app or the bundle identifier, you must remove the app and add it with the new metadata.

删除应用Remove apps

可从应用列表中删除业务线应用。You can remove a line-of-business app from the app list. 这会从列表中删除该应用及与 MAM 策略的关联,但不会从用户设备中删除或卸载该应用。This will remove the app from the list and will remove the association with MAM policies, but will not remove or uninstall the app from the user’s device.

  1. Azure 门户中,转到“Intune 移动应用管理” > “设置”。In the Azure portal, go to Intune mobile app management > Settings. 设置边栏选项卡上,选择业务线打开现有应用的列表。On the Settings blade, choose Line-of-business to open the list of existing apps.
  2. 选择要删除的应用,并选择“...”上下文菜单。Choose the app that you want to remove, and choose the (…) context menu.

    含省略号的“业务线应用”边栏选项卡的屏幕截图

  3. 选择删除应用程序以删除该应用。Choose Delete Application to delete the app.

    含“删除应用程序”选项的“业务线”边栏选项卡的屏幕截图

    这会从业务线应用列表及 MAM 策略中的目标应用列表中删除该应用。This will remove apps from the list of line-of-business apps and the Targeted list of apps in the MAM policy.

要提交产品反馈,请访问 Intune Feedback