Microsoft Intune 已注册设备管理功能Enrolled device management capabilities of Microsoft Intune

适用于:经典控制台中的 IntuneApplies to: Intune in the classic console
正在查找有关 Azure 中的 Intune 的文档?Looking for documentation about Intune on Azure? 请转到此处Go here.

通过在 Microsoft Intune 服务中注册设备,你可以使用 Microsoft Intune 管理各种设备。Microsoft Intune lets you manage a range of devices by enrolling them into the service. 你可自己注册一些设备类型,或者用户可使用公司门户应用注册。You can enroll some device types yourself, or users can enroll using the company portal app. 这还可让他们执行浏览和安装应用、确保其设备符合公司策略以及联系其 IT 支持人员等操作。This also lets them perform operations like browsing and installing apps, ensuring that their devices are compliant with company policies, and contacting their IT support.

此主题提供有关你注册设备后获得的功能的完整列表。This topic gives a full list of the capabilities that you get after you enroll your device.

管理、清单、应用部署、设置和停用都可通过 Intune 管理控制台进行处理。Management, inventory, app deployment, provisioning, and retirement are all handled through the Intune administration console. 用户获取公司门户的访问权限,这使他们可以安装应用、注册和删除设备以及与其 IT 部门或支持人员联系。Users gain access to the company portal, which enables them to install apps, enroll and remove devices, and contact their IT department or helpdesk.

设备安全性和配置Device security and configuration

功能Capability 详细信息Details 更多信息More information
配置策略Configuration policies

自定义策略Custom policies
让你可在组织中管理移动设备上多个设置和功能。Lets you manage many settings and features on mobile devices in your organization. 例如,你可以申请密码、限制失败尝试次数、限制屏幕锁定前的时间量、设置密码过期时间,以及阻止使用以前用过的密码。For example, you can require a password, limit the number of failed attempts, limit the amount of time before the screen locks, set password expiration, and prevent previously used passwords. 你还可以控制硬件和软件功能的使用,例如设备的摄像头或 Web 浏览器。You can also control the use of hardware and software features such as the device camera or the web browser.

在配置策略不包含你需要的设置时使用自定义策略。Use custom polices when configuration policies do not contain the settings that you require. 对于 iOS 设备,你可以导入你从 Apple 配置工具中导出的设置。For iOS devices, you can import settings that you exported from the Apple Configurator tool. 对于其他设备,你可以使用开放移动联盟统一资源标识符 (OMA-URI) 设置配置设备上的设置和功能。For other devices, you can use Open Mobile Alliance Uniform Resource Identifier (OMA-URI) settings to configure settings and features on the device.
使用 Microsoft Intune 策略管理设备上的设置和功能Manage settings and features on your devices with Microsoft Intune policies
远程擦除、远程锁定和密码重置Remote Wipe, Remote Lock, and Passcode Reset 在设备丢失或被盗时,清除敏感数据。Erases sensitive data when a device is lost or stolen. 例如,你可以远程锁定设备、将其还原为出厂设置或仅擦除企业数据。For example, you can remotely lock the device, restore it to factory settings, or wipe only corporate data.

你可以在用户无法访问其设备时重置密码,锁定遗失或被盗的设备,甚至擦除遗失或被盗设备的数据。You can reset passcodes if users lose access to their device, lock missing or stolen devices, or even wipe data off of missing or stolen devices.
使用远程锁定和密码重置功能帮助保护设备Help protect your devices with remote lock and passcode reset
展台模式Kiosk mode 允许你锁定移动设备的某些功能,如屏幕捕捉和电源开关。Lets you lock down certain features of mobile devices such as screen captures and power switches. 此外允许您限制设备运行您指定的单个应用程序。Also lets you restrict devices to run a single app that you specify. Microsoft Intune 中的 iOS 配置策略设置iOS configuration policy settings in Microsoft Intune

应用管理App management

功能Capability 详细信息Details 更多信息More information
应用部署和管理App deployment and management 提供了一系列的工具以帮助你在移动应用的整个生命周期中对其进行管理,包括部署来自安装文件和应用商店的应用、对应用状态的详细监视以及应用删除。Provides a range of tools to help you manage mobile apps through their lifecycle, including app deployment from installation files and app stores, detailed monitoring of app status, and app removal. 在 Microsoft Intune 中部署应用Deploy apps in Microsoft Intune
符合和不符合要求的应用程序Compliant and noncompliant apps 你可以指定符合(即允许用户安装)和不符合要求的应用程序(不允许用户安装)的列表。Lets you specify lists of compliant apps (that users are allowed to install) and noncompliant apps (that users aren't allowed to install). Microsoft Intune 中的 iOS 策略设置iOS policy settings in Microsoft Intune
移动应用程序管理Mobile application management 使用针对所有设备(无论是否由 Intune 托管)的移动应用程序管理配置应用的限制。Configures restrictions for apps by using mobile application management for all devices that are both managed with Intune and not managed with Intune. 这可以帮助你通过限制数据的复制和粘贴、外部备份和应用程序之间的数据传输等操作来提高你公司的数据的安全性。This helps you to increase the security of your company data by restricting operations such as copy and paste, external backup of data, and the transfer of data between apps. 在 Microsoft Intune 控制台中配置和部署移动应用程序管理策略Configure and deploy mobile application management policies in the Microsoft Intune console
iOS 移动应用配置iOS mobile app configuration 使用移动应用配置策略可提供用户在运行 iOS 应用时可能需要的设置。Uses mobile app configuration policies to supply settings for iOS apps that might be required when the user runs the app. 例如,某一个应用可能要求用户指定端口号或登录信息。For example, an app might require the user to specify a port number or logon information. 这可以帮助简化应用程序的配置并减少支持呼叫次数。This can help streamline app configuration and reduce the number of support calls. 使用 Microsoft Intune 中的移动应用配置策略配置 iOS 应用Configure iOS apps with mobile app configuration policies in Microsoft Intune
iOS 移动应用预配配置文件iOS mobile app provisioning profiles 帮助你将预配配置文件部署到即将到期的 iOS 应用。Helps you deploy provisioning profiles to iOS apps that are nearing expiration. 使用 iOS 移动预配配置文件策略防止应用过期Use iOS mobile provisioning profile policies to prevent your apps from expiring
托管浏览器Managed browser 配置托管浏览器策略以控制设备用户可访问的网站。Configures managed browser policies to control the websites that device users can visit. 此外,您可以将移动应用程序管理策略应用到托管浏览器。In addition, you can also apply mobile application management policies to the managed browser. 使用 Microsoft Intune 的 Managed Browser 策略管理 Internet 访问Manage Internet access using managed browser policies with Microsoft Intune
Windows Hello 企业版Windows Hello for Business 让你可以与 Windows Hello 企业版集成,这是一种适用于 Windows 10 的替代登录方法,它使用本地 Active Directory 或 Azure Active Directory 来取代密码、智能卡或虚拟智能卡。Lets you integrate with Windows Hello for Business, which is an alternative sign-in method for Windows 10 that uses on-premises Active Directory or Azure Active Directory to replace passwords, smart cards, or virtual smart cards. 使用 Microsoft Intune 控制设备上的 Windows Hello 企业版设置Control Windows Hello for Business settings on devices with Microsoft Intune
批量购买应用程序Volume purchased apps 帮助你通过以下操作管理通过批量购买计划购买的应用:从应用商店中导入许可证信息、跟踪已使用的许可证的数量,以及阻止安装超出你所拥有的应用的更多副本。Helps you manage apps that you purchased through a volume-purchase program by importing the license information from the app store, tracking how many of the licenses you have used, and preventing you from installing more copies of the app than you own. 使用 Microsoft Intune 管理批量购买的应用Manage volume-purchased apps using Microsoft Intune

公司资源访问Company resource access

功能Capability 详细信息Details 更多信息More information
证书配置文件Certificate profiles 创建和部署受信任的证书配置文件和简单证书注册协议 (SCEP) 证书,这些文件和证书可对 Wi-Fi、VPN 和电子邮件配置文件进行保护和身份验证。Creates and deploys trusted certificate profiles and Simple Certificate Enrollment Protocol (SCEP) certificates, which can be used to secure and authenticate Wi-Fi, VPN, and email profiles. 使用 Microsoft Intune 中的证书配置文件确保资源访问的安全性Secure resource access with certificate profiles in Microsoft Intune
Wi-Fi 配置文件Wi-Fi profiles 将无线网络设置部署到你的用户。Deploys wireless network settings to your users. 通过部署这些设置,你可最小化用户连接到公司网络时所需的工作。By deploying these settings, you minimize the user effort that's required to connect to the corporate network. Microsoft Intune 中的 Wi-Fi 连接Wi-Fi connections in Microsoft Intune
电子邮件配置文件Email profiles 创建电子邮件设置并将其部署到设备。Creates and deploys email settings to devices. 这意味着用户无需进行特殊设置,就能通过个人设备访问企业电子邮件。This means that users can access corporate email on their personal devices without any required setup on their part. 使用 Microsoft Intune 的电子邮件配置文件配置对公司电子邮件的访问Configure access to corporate email using email profiles with Microsoft Intune
VPN 配置文件VPN profiles 将 VPN 设置部署到用户和你的组织中的设备。Deploys VPN settings to users and devices in your organization. 通过部署这些设置,你可以最大限度减少用户连接到公司网络资源需要进行的工作。By deploying these settings, you minimize the user effort that's required to connect to resources on the company network. Microsoft Intune 中的 VPN 连接VPN connections in Microsoft Intune
条件性访问策略Conditional access policies 管理从非 Intune 托管设备对 Microsoft Exchange 电子邮件和 SharePoint Online 进行的访问。Manages access to Microsoft Exchange email and SharePoint Online from devices that are not managed by Intune. 使用 Microsoft Intune 限制对电子邮件和 SharePoint 的访问Restrict access to email and SharePoint with Microsoft Intune

清单和报告Inventory and reporting

功能Capability 详细信息Details 更多信息More information
清单和报告Inventory and reporting 查找有关你管理的设备以及设备正在使用的软件的信息。Finds information about the devices that you manage and the software that the devices are using. 在 Microsoft Intune 中通过清单了解设备Understand your devices with inventory in Microsoft Intune
要提交产品反馈,请访问 Intune Feedback