使用 Microsoft Intune 保护设备Protect devices with Microsoft Intune

适用于:经典门户中的 IntuneApplies to: Intune in the classic portal
在寻找有关 Azure 门户中 Intune 的文档吗?Looking for documentation about Intune in the Azure portal? 请转到此处Go here.

Microsoft Intune 提供一系列完整的功能,帮助保护你所管理的设备,以及存储在这些设备上的数据。Microsoft Intune offers a full set of capabilities to help you protect the devices you manage, and the data stored on those devices. 阅读本主题,了解这些功能的基础知识以及了解详细信息的方式。Read this topic to learn the basics of these capabilities and to find out how to learn more.

保护所有设备的常用方法General ways to protect all devices

设备配置Device configuration

Intune 配置策略,通过控制大量设置和功能来帮助保护和配置设备。Intune configuration policies, help you protect and configure devices by controlling a multitude of settings and features. 例如:For example:

  • 可以限制照相机或蓝牙等设备上的硬件功能的使用。You can restrict use of hardware features on the device such as the camera, or Bluetooth.
  • 可以配置合规和不合规应用。You can configure compliant and noncompliant apps. 如果安装了不合规应用,则会收到警报(一些平台实际上可以阻止该安装)。You will be alerted if a noncompliant app is installed (and some platforms can actually block the install).

在用户无法解锁其设备时重置密码Reset passcodes when users are locked out of their devices

由于保护移动设备上公司数据的第一步是要求输入密码来使用该设备,所以有时必须通过删除密码或远程设置临时密码来重置密码或帮助员工重置密码。Since the first step in protecting company data on mobile devices is to require a passcode to use the device, sometimes you have to reset a passcode or help an employee do so, either by removing the passcode or setting a temporary passcode remotely. 如果设备丢失或被盗,还可以远程锁定设备You can also lock a device remotely if it is lost or stolen.

停用设备并删除数据Retire devices and remove data

如果需要将某设备从 Intune 管理删除,(例如,用户离开,或设备丢失或被盗),你很可能想要从该设备删除数据。When a device needs to be removed from Intune management (for example, a user leaves, or the device is lost or stolen), it's likely that you will want to remove data from that device. Intune 提供了一系列方法,确保你的公司数据的安全性。Intune provides a range of methods to ensure your company data remains secure.

要求设备合规Require devices to be compliant

Intune 功能设备合规策略能够让你评估(甚至在某些情况下修正)不符合指定规则的设备。Intune features device compliance policies that let you evaluate (and in some cases remediate) devices that are not compliant with rules you specify. 例如,可以报告越狱的 iOS 设备、设备是否已加密,或者 Windows 10 设备是否被运行状况证明服务报告为运行正常。For example, you can report about iOS devices that are jailbroken, whether devices are encrypted, or whether Windows 10 devices are reported as healthy by the Health Attestation Service.

保护他们使用的应用和数据Protect apps and the data they use

Intune 为你提供了一系列功能,帮助保护应用及其数据。Intune gives you a range of features to help you protect apps and their data. 例如,移动应用管理 (MAM) 策略可以阻止数据从受保护的应用进行备份、限制复制并向其他应用粘贴,以及在访问应用时要求提供 PIN 等。For example, mobile application management (MAM) policies can prevent data from being backed up from a protected app, restrict copy and paste to other apps, require a PIN to access an app, and more. 有关保护应用的详细信息,请参阅使用 Microsoft Intune 保护应用和数据For more details about protecting apps, see Protect apps and data with Microsoft Intune

向设备添加额外的保护层Add an additional layer of protection to devices

多重身份验证 (MFA) 是验证网络中设备的用户身份的更安全方式。Multi-factor authentication (MFA) is a more secure way of authenticating the users of devices on the network. 使用 MFA 时,除用户名和密码外,用户还需要通过电话呼叫或短信确认其身份。With MFA, users need to confirm their identity beyond user name and password, through a phone call, or text message.

适用于 Windows 设备的更多功能Further capabilities for Windows devices

控制 Windows 设备上的 Windows Hello 企业版设置Control Windows Hello for Business settings on Windows devices

Intune 允许集成 Windows Hello 企业版(以前称为 Microsoft Passport),这是一种适用于 Windows 10 及更高版本的替代登录方法,它使用 Active Directory 或 Azure Active Directory 帐户来取代密码、智能卡或虚拟智能卡。Intune lets you integrate with Windows Hello for Business (formerly Microsoft Passport) which is an alternative sign-in method for Windows 10 and later that uses Active Directory, or an Azure Active Directory account to replace a password, smart card, or virtual smart card.

适用于 iOS 设备的更多功能Further capabilities for iOS devices

在 iOS 设备上绕过激活锁定Bypass Activation Lock on iOS devices

激活锁定是一种帮助保护用户设备的功能,它要求任何人在擦除或重新激活设备前都要先输入其 Apple ID 和密码。Activation Lock is a feature that help protect users' devices by requiring their Apple ID and password to be entered before anyone can erase, or reactivate the device. 但是,如果用户离开了公司,但未删除该锁定,就可能会导致出现问题。However, this can lead to problems, for example if the user leaves the company without removing the lock. 绕过 iOS 激活锁定通过从监管的 iOS 设备删除锁定并允许你重新分配或将其擦除可提供帮助。iOS Activation Lock bypass can help by removing the lock from supervised iOS devices allowing you to reallocate, or erase them.

保护通过 Intune 客户端管理的 Windows 电脑Protect Windows PCs managed with the Intune client

Intune 继续支持适用于未注册但通过 Intune 计算机客户端软件管理的 Windows 电脑的安全性策略。Intune continues to support security policies for Windows PCs that you don't enroll, but manage with the Intune computer client software. 若要了解这些策略如何帮助你保护 Windows 电脑,请参阅使用策略来帮助保护运行 Intune 客户端软件的 Windows 电脑To find out how these policies can help you secure your Windows PCs, see Use policies to help protect Windows PCs that run the Intune client software.