Microsoft Intune 中的 Windows 策略设置Windows policy settings in Microsoft Intune

适用于:经典控制台中的 IntuneApplies to: Intune in the classic console
正在查找有关 Azure 中的 Intune 的文档?Looking for documentation about Intune on Azure? 请转到此处Go here.

使用 Microsoft Intune Windows 常规配置策略(Windows 8.1 及更高版本)为已注册的 Windows 8、Windows 8.1 和 Windows RT 8.1 设备配置以下设置:Use the Microsoft Intune Windows general configuration policy (Windows 8.1 and later) to configure the following settings for enrolled Windows 8, Windows 8.1, and Windows RT 8.1 devices:

适用性设置Applicability settings

设置名Setting name 详细信息Details
将所有配置应用到 Windows 10Apply all configurations to Windows 10 使此策略中的设置除了可以应用到 Windows 8 和 Windows 8.1 设备外,还可以应用到 Windows 10 设备。Enables settings in this policy to be applied to Windows 10 devices, in addition to Windows 8 and Windows 8.1 devices.

安全设置Security settings

设置名Setting name 详细信息Details
所需的密码类型Required password type 指定需要的密码类型,例如仅限字母数字或数字。Specifies the type of password that's required, such as alphanumeric or numeric only.
必填密码类型 – 字符集最小数量Required password type – Minimum number of character sets 指定密码中必须包括多少个不同的字符集。Specifies how many different character sets must be included in the password. 有以下四个字符集:小写字母、大写字母、数字和符号。There are four character sets: lowercase letters, uppercase letters, numbers, and symbols. 但是,对于 iOS 设备,此设置指定密码中必须包括的符号的数量。However, for iOS devices, this setting specifies the number of symbols that must be included in the password.
最短密码长度Minimum password length 配置密码的最小所需长度(以字符计算)。Configures the minimum required length (in characters) for the password.
擦除设备前允许的重复登录失败次数Number of repeated sign-in failures to allow before the device is wiped 如果登录尝试失败达到此次数,则擦除设备。Wipes the device if the sign-in attempts fail this number of times.
屏幕关闭前处于不活动状态的分钟数Minutes of inactivity before screen turns off 指定需要密码以进行解锁之前,设备必须保持空闲的分钟数。Specifies the number of minutes a device must be idle before a password is required to unlock it.
密码过期(天数)Password expiration (days) 指定必须更改设备密码前的天数。Specifies the number of days before the device password must be changed.
记住密码历史记录Remember password history 指定用户是否可以配置以前用过的密码。Specifies whether the user can configure previously used passwords.
“记住密码历史记录”“防止重用以前的密码”Remember password historyPrevent reuse of previous passwords 指定设备记住的以前用过的密码数目。Specifies the number of previously used passwords that are remembered by the device.
允许图片密码和 PINAllow picture password and PIN 允许使用图片密码和 PIN。Enables the use of a picture password and PIN. 图片密码允许用户使用图片上的手势登录。A picture password lets the user sign in with gestures on a picture. PIN 允许用户使用 4 位代码快速登录。A PIN lets users quickly sign in with a four-digit code.

加密设置Encryption settings

设置名Setting name 详细信息Details
需要对移动设备加密1Require encryption on mobile device1 要求对设备上的文件进行加密。Requires that files on the device are encrypted.

1运行 Windows 8.1 的设备的其他信息1 Additional information for devices that run Windows 8.1

  • 若要在运行 Windows 8.1 的设备上强制加密,必须在每台设备上安装 用于 Windows 的 December 2014 MDM 客户端更新To enforce encryption on devices that run Windows 8.1, you must install the December 2014 MDM client update for Windows on each device.

  • 如果对 Windows 8.1 设备启用此设置,则该设备的所有用户必须都具有 Microsoft 帐户。If you enable this setting for Windows 8.1 devices, all users of the device must have a Microsoft account.

  • 为了使加密正常工作,该设备必须满足 Microsoft InstantGo 硬件认证要求。For encryption to work, the device must meet the Microsoft InstantGo hardware certification requirements.

  • 在设备上强制加密时,恢复密钥仅可从用户的 Microsoft 帐户(从用户的 OneDrive 帐户访问)进行访问。When you enforce encryption on a device, the recovery key is only accessible from the user's Microsoft account, which is accessed from their OneDrive account. 无法代表用户恢复此密钥。You cannot recover this key on behalf of a user.

恶意软件设置Malware settings

设置名Setting name 详细信息Details
需要网络防火墙Require network firewall 需要 Windows 防火墙处于打开状态。Requires that the Windows Firewall is turned on.
启用 SmartScreenEnable SmartScreen 需要使用 Windows SmartScreen。Requires the use of Windows SmartScreen.

系统设置System settings

设置名Setting name 详细信息Details
需要自动更新Require automatic updates 打开设备上的自动更新设置。Turns on the automatic updates setting on devices.
需要自动更新 - 要自动安装的最小更新分类Require automatic updates – Minimum classification of updates to install automatically 选择将自动安装的更新分类:Chooses the classification of updates that will be installed automatically:

- 重要 - 安装归类为重要的所有更新。- Important – Installs all updates that are classified as important.
- 推荐 - 安装归类为重要或推荐的所有更新。- Recommended – Installs all updates that are classified as important or recommended.
用户帐户控制User Account Control 需要在设备上使用用户帐户控制 (UAC)。Requires the use of User Account Control (UAC) on devices.
允许提交诊断数据Allow diagnostic data submission 允许设备将诊断信息提交到 Microsoft。Enables the device to submit diagnostic information to Microsoft.

云设置 – 文档和数据Cloud settings – documents and data

设置名Setting name 详细信息Details
工作文件夹 URLWork Folders URL 设置工作文件夹的 URL,以允许文档跨设备同步。Sets the URL of the work folder to allow documents to be synchronized across devices.

电子邮件设置Email settings

设置名Setting name 详细信息Details
在 Windows 邮件应用程序中将 Microsoft 帐户设为可选Make Microsoft account optional in Windows Mail application 允许在没有 Microsoft 帐户的情况下访问 Windows Mail 应用程序。Enables access to the Windows Mail application without a Microsoft account.

应用设置 - 浏览器Application settings - browser

设置名Setting name 详细信息Details
允许自动填充Allow autofill 允许用户更改浏览器中的自动完成设置。Enables users to change autocomplete settings in the browser.
允许使用弹出窗口阻止程序Allow pop-up blocker 启用或禁用浏览器弹出窗口阻止程序。Enables or disables the browser pop-up blocker.
允许使用插件Allow plug-ins 允许用户向 Internet Explorer 添加插件。Enables users to add plug-ins to Internet Explorer.
允许使用活动脚本Allow active scripting 允许浏览器运行脚本,如 Active X 脚本。Enables the browser to run scripts, such as Active X scripts.
允许使用欺诈警告Allow fraud warning 启用或禁用对潜在欺诈网站的警告。Enables or disables warnings for potential fraudulent websites.
允许 Intranet 站点使用单字条目Allow intranet site for single word entry 允许使用单字将 Internet Explorer 转到“必应”之类的网站。Enables use of a single word to direct Internet Explorer to a web site, such as Bing.
允许自动检测 Intranet 网络Allow automatic detection of intranet network 帮助在 Internet Explorer 中配置 intranet 站点安全性。Helps configure security for intranet sites in Internet Explorer.
互联网的安全级别Security level for Internet 设置 Internet 站点的 Internet Explorer 安全级别。Sets the Internet Explorer security level for Internet sites.
Intranet 安全级别Security level for intranet 设置 Intranet 站点的 Internet Explorer 安全级别。Sets the Internet Explorer security level for intranet sites.
受信任的站点的安全级别Security level for trusted sites 配置受信任的站点区域的安全级别。Configures the security level for the trusted sites zone.
受限制的站点的安全级别Security level for restricted sites 配置受限制的站点区域的安全级别。Configures the security level for the restricted sites zone.
发送“不跟踪”标头Send Do Not Track header 在 Internet Explorer 中,将“不跟踪”标头发送到访问过的网站。Sends a do not track header to visited sites in Internet Explorer.
允许企业模式菜单访问Allow Enterprise Mode menu access 允许用户从 Internet Explorer 访问企业模式菜单选项。Lets users access the Enterprise Mode menu options from Internet Explorer.
如果选择此设置,你还可以指定日志记录报告位置,其中包含指向一个报表的 URL,该报表显示了用户为其启用了企业模式访问的网站。If you select this setting, you can also specify a Logging report location, which contains a URL to a report that shows websites for which users have turned on Enterprise Mode access.
企业模式网站列表位置Enterprise Mode site list location 指定活动状态下将使用企业模式的网站列表的位置。Specifies the location of the list of websites that will use Enterprise Mode when it is active.

设备性能设置 - 蜂窝网络Device capabilities settings - cellular

设置名Setting name 详细信息Details
允许数据漫游Allow data roaming 当设备处于移动电话网络中时允许数据漫游。Enables data roaming when the device is on a cellular network.

另请参阅See also

使用 Microsoft Intune 策略管理设备上的设置和功能Manage settings and features on your devices with Microsoft Intune policies

要提交产品反馈,请访问 Intune Feedback