配置设备以连接到公司 Wi-Fi 网络Configure devices to connect to your corporate Wi-Fi networks

适用于:经典门户中的 IntuneApplies to: Intune in the classic portal
在寻找有关 Azure 门户中 Intune 的文档吗?Looking for documentation about Intune in the Azure portal? 请转到此处Go here.

使用 Microsoft Intune Wi-Fi 配置文件将无线网络设置部署到组织中的用户和设备。Use Microsoft Intune Wi-Fi profiles to deploy wireless network settings to users and devices in your organization. 部署 Wi-Fi 配置文件时,你的用户有权访问你公司的 Wi-Fi,而无需自行配置。When you deploy a Wi-Fi profile, your users have access to your corporate Wi-Fi without having to configure it themselves.

例如,安装名为 Contoso Wi-Fi 的新 Wi-Fi 网络,并且想要将所有 iOS 设备设置为连接到此网络。For example, you install a new Wi-Fi network named Contoso Wi-Fi and want to set up all iOS devices to connect to this network. 过程如下:Here's the process:

Wi-Fi 配置文件过程摘要

  1. 创建包含连接到 Contoso Wi-Fi 无线网络所必需的设置的 Wi-Fi 配置文件。Create a Wi-Fi profile that contains the settings that are necessary to connect to the Contoso Wi-Fi wireless network.

  2. 使用 iOS 设备将配置文件部署到用户组。Deploy the profile to the group of users with iOS devices.

  3. 用户在无线网络列表中找到新的“Contoso Wi-Fi”网络,然后即可轻松连接到此网络。Users find the new Contoso Wi-Fi network in the list of wireless networks and can easily connect to this network.

创建 Wi-fi 配置文件Create a Wi-Fi profile

你可以将 Wi-Fi 配置文件部署到以下平台:You can deploy Wi-Fi profiles to the following platforms:

  • Android 4.0 及更高版本Android 4.0 and later

  • Android for WorkAndroid for Work

  • iOS 8.0 及更高版本iOS 8.0 and later

  • Mac OS X 10.9 及更高版本Mac OS X 10.9 and later

对于运行 Windows 8.1 或 Windows 10 桌面版或移动版操作系统的设备,可以导入之前导出到文件的 Wi-Fi 配置文件。For devices that run Windows 8.1 or Windows 10 desktop or mobile operating systems, you can import a Wi-Fi configuration profile that was previously exported to a file. 有关详细信息,请参阅导出或导入 Wi-Fi 配置的配置文件(适用于 Windows 设备)For details, see Export or import a Wi-Fi configuration profile for Windows devices.

  1. Microsoft Intune 管理控制台中,选择“策略”>“添加策略”。In the Microsoft Intune administration console, choose Policy > Add Policy.

  2. 选择以下策略类型之一,然后选择“创建策略”:Select one of the following policy types, and then choose Create Policy:

    • Wi-fi 配置文件(Android 4 及更高版本)Wi-Fi Profile (Android 4 and later)

    • Wi-Fi 配置文件 (Android for Work)Wi-Fi Profile (Android for Work)

    • Wi-Fi 配置文件(iOS 8.0 及更高版本)Wi-Fi Profile (iOS 8.0 and later)

    • Wi-Fi 配置文件(Mac OS X 10.9 及更高版本)Wi-Fi Profile (Mac OS X 10.9 and later)

没有针对此策略类型的建议设置。There are no recommended settings for this policy type. 必须创建自定义策略。You must create a custom policy.

  1. 提供配置文件的名称和描述。Provide the name and description for the profile.

  2. 指定“网络连接”值。Specify the Network Connections values.

    • SSID (服务设置标识符):如果希望用户看到网络名称而看不到 SSID,请选择此选项。SSID (Service Set Identifier): Select this option if you want users to see the network name and not the SSID.
    • 在网络未广播其名称 (SSID) 时连接:选择此选项以使设备可以在网络列表中未显示某网络时连接到该网络(因其处于隐藏状态且未广播其名称)。Connect when the network is not broadcasting its name (SSID): Select this option to enable devices to connect to the network when it is not visible in the list of networks (because it is hidden and not broadcasting its name).
  3. 为选定的平台配置 “安全设置”Configure the Security Settings for the selected platform. 可用的设置取决于你选择的安全类型。The available settings depend on the security types you select. 安全设置中对其进行了说明。They are described in Security settings.

  4. 配置代理设置(仅 iOS 和 MAC OS X)。Configure Proxy Settings (iOS and MAC OS X only).

    设置名Setting name 更多信息More information 何时使用When to use
    此 Wi-Fi 连接的代理设置Proxy settings for this Wi-Fi connection 选择代理设置类型:Choose the proxy settings type:

    - (默认值)- None (default)
    - 手动 - 手动指定代理服务器的 URL 和端口号。- Manual - Manually specify the URL and port number of the proxy server.
    - 自动 - 使用配置文件配置代理服务器。- Automatic – Use a configuration file to configure the proxy server.
    始终Always
    “代理服务器地址”和“端口号”Proxy server address and Port number 指定代理服务器的 URL 和端口号。Specify the URL and port number of the proxy server. 如果将“此 Wi-Fi 连接的代理设置”设置为“手动”If Proxy settings for this Wi-Fi connection is set to Manual
    代理服务器 URLProxy Server URL 指定包含代理服务器设置的文件的 URL。Specify the URL of the file that contains the proxy server settings. 如果将“此 Wi-Fi 连接的代理设置”设置为“自动”If Proxy settings for this Wi-Fi connection is set to Automatic
  5. 保存 Wi-Fi 配置文件Save the Wi-Fi profile

新的策略将在“策略”工作区的“配置策略”节点处显示。The new policy is displayed in the Configuration Policies node of the Policy workspace. 有关部署配置文件的信息,请参阅接下来的步骤See Next steps for information about deploying the profile.

导出或导入 Wi-Fi 配置的配置文件(适用于 Windows 设备)Export or import a Wi-Fi configuration profile for Windows devices

对于运行 Windows 8.1 或 Windows 10 桌面版或移动版操作系统的设备,可以导入之前导出到文件的 Wi-Fi 配置文件。For devices that run Windows 8.1 or Windows 10 desktop or mobile operating systems, you can import a Wi-Fi configuration profile that was previously exported to a file.

导出 Wi-Fi 配置文件Export a Wi-Fi profile

在 Windows 中,可以使用 netsh wlan 实用程序将现有的 Wi-Fi 配置文件导出为 Intune 可读取的 XML 文件。In Windows, you can use the netsh wlan utility to export an existing Wi-Fi profile to an XML file that's readable by Intune. 如果 Windows 计算机上已安装了所需的 Wi-Fi 配置文件,请执行以下步骤:On a Windows computer that already has the required Wi-Fi profile installed, here are the steps to take:

  1. 为导出的 Wi-Fi 配置文件创建本地文件夹。Create a local folder for the exported Wi-Fi- profiles. 例如,创建名为 c:\WiFi. 的文件夹。For example, create a folder called c:\WiFi.

  2. 以管理员身份打开命令提示符。Open a command prompt as an administrator.

  3. 运行 netsh wlan show profiles 命令,并记下想导出的配置文件的名称。Run the command netsh wlan show profiles, and note the name of the profile you'd like to export. 在此示例中,配置文件的名称是 WiFiNameIn this example, the profile name is WiFiName.

  4. 运行以下命令:netsh wlan export profile name="ProfileName" folder=c:\Wifi。这会在目标文件夹中创建一个名为 Wi-Fi-WiFiName.xml 的 Wi-Fi 配置文件。Run this command: netsh wlan export profile name="ProfileName" folder=c:\Wifi.This creates a Wi-Fi profile file named Wi-Fi-WiFiName.xml in your target folder.

导入 Wi-Fi 配置文件Import a Wi-Fi profile

使用“Windows Wi-Fi 导入策略”导入一组你可以随后部署到所需用户或设备组的 Wi-Fi 设置。Use the Windows Wi-Fi Import Policy to import a set of Wi-Fi settings that you can then deploy to the required user or device groups.

  1. Microsoft Intune 管理控制台中,单击策略>添加策略In the Microsoft Intune administration console, click Policy > Add Policy.

  2. 配置类型为“Windows”>“Wi-Fi 导入(Windows 8.1 及更高版本)”的策略。Configure a policy of the type Windows > Wi-Fi Import (Windows 8.1 and later).

    此策略可以应用于运行 Windows 8.1 和 Windows 10 桌面版和移动版操作系统的设备。This policy can be applied to devices that run Windows 8.1 and Windows 10 desktop and mobile operating systems.

    你仅可以创建和部署自定义 Windows Wi-Fi 导入策略。You can only create and deploy a custom Windows Wi-Fi import policy. 建议的设置不可用。Recommended settings are not available.

  3. 为 Windows Wi-Fi 导入策略指定以下常规值:Specify the following general values for the Windows Wi-Fi Import Policy:

    设置名Setting name 更多信息More information
    NameName 输入 Wi-Fi 配置文件的唯一名称,以在 Intune 控制台中识别。Enter a unique name for the Wi-Fi profile to identify it in the Intune console.
    描述Description 提供对 Wi-Fi 配置文件的描述和其他可帮助你找到它的相关信息。Provide a description of the Wi-Fi profile and other relevant information that helps you locate it.
  4. 在“自定义 Wi-Fi 配置文件”的标题下指定以下值:Specify the following values under the Custom Wi-Fi Profile heading:

    设置名Setting name 更多信息More information
    配置的配置文件Configuration profile file 选择“导入”以选择包含想要导入 Intune 的 Wi-Fi 配置文件设置的 XML 文件。Choose Import to select the XML file that contains the Wi-Fi profile settings that you want to import into Intune.
    自定义配置的配置文件名称(对用户显示)Custom configuration profile name (displayed to users) 选择 Wi-Fi 配置的配置文件名称的显示方式,因为它会显示在用户的设备上。Choose how to display the name of the Wi-Fi configuration profile as it will be shown to users on their device.
    配置的配置文件详细信息Configuration profile details 选择所选配置文件的 XML 代码的显示方式。Choose how to display the XML code for the configuration profile that you selected.
  5. 完成后,请选择“保存策略”。When you're finished, choose Save Policy.

  6. 新的策略将在“策略” 工作区的“配置策略” 节点处显示。The new policy displays in the Configuration Policies node of the Policy workspace.

部署配置文件Deploy the profile

因为配置文件是一种策略,因此使用“策略”工作区来对其进行部署。Because a profile is a type of policy, you use the Policy workspace to deploy it.

  1. 在“策略”工作区中,选择想要部署的策略,然后选择“管理部署”。In the Policy workspace, select the policy you want to deploy, then choose Manage Deployment.

  2. 在“管理部署” 对话框中:In the Manage Deployment dialog box:

    • 部署策略:选择要向其中部署策略的一个或多个组。To deploy the policy: Select one or more groups to which you want to deploy the policy. 然后选择“添加”>“确定”。Then choose Add > OK.

    • 关闭对话框而不部署:单击“取消”。To close the dialog box without deploying it: Click Cancel.

“策略”工作区的“概述”页显示需要关注的策略问题。The Overview page of the Policy workspace displays issues with the policy that require your attention. 此外,状态摘要会显示在“仪表板”工作区中。Additionally, a status summary appears in the Dashboard workspace.

安全设置Security settings

这些表具有适用于 Android、iOS 和 Mac OS X Wi-Fi 配置文件的安全设置的详细信息。These tables have the details for the security settings that are available for Android, iOS, and Mac OS X Wi-Fi profiles.

适用于 Android 设备的安全设置Security settings for Android devices

设置名Setting name 更多信息More information 何时使用When to use
安全类型Security type 选择无线网络的安全协议:Select the security protocol for the wireless network:

- WPA-Enterprise/WPA2-Enterprise- WPA-Enterprise/WPA2-Enterprise
- 如果网络不安全,则为 无身份验证(开放式)- No authentication (Open) if the network is unsecured.
始终Always
EAP 类型EAP Type 请选择用于验证安全无线连接的可扩展身份验证协议 (EAP) 类型:Choose the Extensible Authentication Protocol (EAP) type that's used to authenticate secured wireless connections:

- EAP-TLS- EAP-TLS
- PEAP- PEAP
- EAP-TTLS- EAP-TTLS
如果选择“WPA-Enterprise/WPA2-Enterprise”安全类型。If you selected the WPA-Enterprise/WPA2-Enterprise security type.
请选择用于服务器验证的根证书Select root certificates for server validation 选择“选择”,然后选择用于对连接进行身份验证的受信任根证书配置文件。Choose Select, and then choose the trusted root certificate profile that you used to authenticate the connection. 有关创建受信任的根证书配置文件的详细信息,请转到使用证书配置文件保护资源访问的安全For more information about creating the trusted root certificate profile, go to Secure resource access with certificate profiles. 如果选择任意“EAP 类型”。If you selected any EAP Type.
身份验证方法Authentication method 请选择用于连接的身份验证方法:Select the authentication method that's used for the connection:

- 证书可指定客户端证书- Certificates to specify the client certificate
- 用户名和密码可指定进行身份验证的不同方法- Username and Password to specify a different method for authentication
“EAP 类型”是 PEAPEAP-TTLSThe EAP type is PEAP or EAP-TTLS.
选择一个用于身份验证的非 EAP 方法(内部识别)Select a non-EAP method for authentication (Inner identity) 选择对连接进行身份验证的方法:Select how you will authenticate the connection:

- - None
- 未加密的密码 (PAP)- Unencrypted password (PAP)
- 质询握手身份验证协议 (CHAP)- Challenge Handshake Authentication Protocol (CHAP)
- Microsoft CHAP (MS-CHAP)- Microsoft CHAP (MS-CHAP)
- Microsoft CHAP 版本 2 (MS-CHAP v2)- Microsoft CHAP Version 2 (MS-CHAP v2)

可用的选项取决于所选择的 EAP 类型。The options that are available depend on the EAP type that you selected.
“身份验证方法”“用户名和密码”The Authentication method is Username and Password.
启用标识隐私(外部识别)Enable identity privacy (Outer Identity) 请指定为响应 EAP 标识请求而发送的文本。Specify the text that's sent in response to an EAP identity request. 此文本可以是任何值。This text can be any value. 在身份验证期间,首先会发送该匿名标识。During authentication, this anonymous identity is initially sent. 然后会在安全隧道中发送真实标识。The real identification is then sent in a secure tunnel. 如果“EAP 类型”是“PEAP”或“EAP-TTLS”。If the EAP type is PEAP or EAP-TTLS.
选择客户端证书用于客户端身份验证(身份证书)Select a client certificate for client authentication (Identity Certificate) 选择“选择”,然后选择用于对连接进行身份验证的 SCEP 证书配置文件。Choose Select, and then choose the SCEP certificate profile that's used to authenticate the connection. 有关创建 SCEP 根证书配置文件的详细信息,请转到使用证书配置文件保护资源访问的安全For more information about creating an SCEP certificate profile, go to Secure resource access with certificate profiles. 如果安全类型为“WPA-Enterprise/WPA2-Enterprise”,并选择了任意“EAP 类型”。If the security type is WPA-Enterprise/WPA2-Enterprise, and any EAP type is selected.

适用于 iOS 和 Mac OS X 设备的安全设置Security settings for iOS and Mac OS X devices

设置名Setting name 更多信息More information 何时使用When to use
安全类型Security type 选择无线网络安全协议:Select the wireless network security protocol:

- WPA-Personal/WPA2-Personal- WPA-Personal/WPA2-Personal
- WPA-Enterprise/WPA2-Enterprise- WPA-Enterprise/WPA2-Enterprise
- WEP- WEP
- 如果网络不安全,则为 无身份验证(开放式)- No authentication (Open) if the network is unsecured.
始终Always
EAP 类型EAP Type 请选择用于验证安全无线连接的可扩展身份验证协议 (EAP) 类型:Choose the Extensible Authentication Protocol (EAP) type that's used to authenticate secured wireless connections:

- EAP-TLS- EAP-TLS
- PEAP- PEAP
- EAP-TLS- EAP-TLS
- EAP-AST- EAP-AST
- LEAP- LEAP
- EAP-SIM- EAP-SIM
如果选择的安全类型为“WPA-Enterprise/WPA2-Enterprise”。If you selected a security type of WPA-Enterprise/WPA2-Enterprise.
受信任的服务器证书名称Trusted server certificate names 选择用于对连接进行身份验证的受信任的根证书配置文件。Select the trusted root certificate profile that's used to authenticate the connection. 有关创建受信任的根证书配置文件的详细信息,请转到使用证书配置文件保护资源访问的安全For more information about creating the trusted root certificate profile, go to Secure resource access with certificate profiles. 如果选择的 EAP 类型为“EAP-TLS”、“PEAP”、“EAP-TTLS”或“EAP-FAST”。If you selected an EAP type of EAP-TLS, PEAP, EAP-TTLS, or EAP-FAST.
使用受保护的访问凭证 (PAC)Use Protected Access Credential (PAC) 选择以使用受保护的访问凭证来建立客户端和身份验证服务器之间经过身份验证的隧道。Select to use protected access credentials to establish an authenticated tunnel between the client and the authentication server. 如果存在一个现有的 PAC 文件,则使用它。An existing PAC file is used if present. 如果“EAP 类型”为“EAP-FAST”。If the EAP-type is EAP-FAST.
预配 PACProvision PAC 在设备上设置 PAC 文件。Sets up the PAC file on your devices.

使用时,你也可以选择“以匿名方式配置 PAC”以确保在不进行服务器身份验证的情况下设置 PAC 文件。When used, you can also select Provision PAC Anonymously to ensure that the PAC file is set up without authenticating the server.
如果选择“安全访问凭证 (PAC)”。If Use Protected Access Credential (PAC) is selected.
身份验证方法Authentication method 请选择用于连接的身份验证方法:Select the authentication method that's used for the connection:

  • “证书” 可指定客户端证书Certificates to specify the client certificate
  • 用户名和密码可指定以下非 EAP 方法之一用于身份验证(也称为内部标识):Username and Password to specify one of the following non-EAP methods for authentication (also known as Inner identity):

    • None
    • 未加密的密码 (PAP)Unencrypted password (PAP)
    • 质询握手身份验证协议 (CHAP)Challenge Handshake Authentication Protocol (CHAP)
    • Microsoft CHAP (MS-CHAP)Microsoft CHAP (MS-CHAP)
    • Microsoft CHAP 版本 2 (MS-CHAP v2)Microsoft CHAP Version 2 (MS-CHAP v2)
    • EAP-TLSEAP-TLS
如果“EAP 类型”是“PEAP”或“EAP-TTLS”。If the EAP type is PEAP, or EAP-TTLS.
选择客户端证书用于客户端身份验证(身份证书)Select a client certificate for client authentication (Identity Certificate) 选择用于对连接进行身份验证的 SCEP 证书配置文件。Select the SCEP certificate profile that's used to authenticate the connection. 有关创建 SCEP 根证书配置文件的详细信息,请转到使用证书配置文件保护资源访问的安全For more information about creating a SCEP certificate profile, go to Secure resource access with certificate profiles. 如果安全类型为“WPA-Enterprise/WPA2-Enterprise”并且“EAP 类型”为“EAP-TLS”、“PEAP”或“EAP-TTLS”。If the security type is WPA-Enterprise/WPA2-Enterprise and the EAP type is EAP-TLS, PEAP or EAP-TTLS.
启用标识隐私(外部识别)Enable identity privacy (Outer Identity) 请指定为响应 EAP 标识请求而发送的文本。Specify text that's sent in response to an EAP identity request. 此文本可以是任何值。This text can be any value.

在身份验证期间,首先会发送该匿名标识。During authentication, this anonymous identity is initially sent. 然后会在安全隧道中发送真实标识。The real identification is then sent in a secure tunnel.
如果“EAP 类型”设置为“PEAP”、“EAP-TTLS”或“EAP-FAST”。If the EAP type is set to PEAP, EAP-TTLS, or EAP-FAST.

另请参阅See also

预共享密钥 Wi-Fi 配置文件中了解如何创建具有预共享密钥的 Wi-Fi 配置文件。Learn how to create a Wi-Fi profile with a pre-shared key in Pre-shared key Wi-Fi profile.