移动应用程序管理故障排除Troubleshoot mobile application management

适用于:经典门户中的 IntuneApplies to: Intune in the classic portal
在寻找有关 Azure 门户中 Intune 的文档吗?Looking for documentation about Intune in the Azure portal? 请转到此处Go here.

若有关于 Intune 移动应用程序管理的问题,请从此处开始阅读。If you are having problems with Intune mobile application management, start here. 本主题包含一些用户可能会遇到的常见问题,并提供解决方案和答案。This topic contains some common problems and questions you might have and provides solutions and answers.

如果此信息未解决你的问题,请参阅如何获取对 Microsoft Intune 的支持,了解更多获得帮助的方法。If this information does not solve your problem, see How to get support for Microsoft Intune to find more ways to get help.

IT 管理员常见问题Common IT administrator issues

这些是 IT 管理员使用 Intune 应用保护策略可能会遇到的常见问题。These are common issues an IT administrator may experience with using Intune app protection policy.

问题Issue 说明Description 解决方法Resolution
策略不适用于 Skype for BusinessPolicy not applied to Skype for Business Azure 门户中制定的无需设备注册的应用保护策略不适用于 iOS 和 Android 设备上的 Skype for Business 应用。App protection policy without device enrollment, made in the Azure portal, is not applying to the Skype for Business app on iOS and Android devices. 必须将 Skype for Business 设置为进行新式验证。Skype for Business must be set up for modern authentication. 请按照为租户启用新式验证中的指示为 Skype 设置新式验证。Please follow instructions in Enable your tenant for modern authentication to set up modern authentication for Skype.
Office 应用策略不适用Office app policy not applied 应用保护策略不适用于任何用户的任何支持的 Office 应用App protection policies are not applying to any supported Office App for any user. 确认用户已获得 Intune 许可,且 Office 应用是某个已部署的应用保护策略的目标对象。Confirm that the user is licensed for Intune and the Office apps are targeted by a deployed app protection policy. 可能需要最多 8 小时来使新部署的应用保护策略生效。It can take up to 8 hours for a newly deployed app protection policy to be applied.
管理员无法在 Azure 门户中配置应用保护策略Admin can't configure app protection policy in Azure portal IT 管理员用户无法在 Azure 门户中配置应用保护策略。IT administrator user is unable to configure app protection policies in Azure Portal. 下列用户角色可访问 Azure 门户:The following user roles have access to the Azure Portal: 请参阅准备好使用 Microsoft Intune 配置移动应用管理策略,获取设置这些角色的帮助。Refer to Get ready to configure mobile app management policies with Microsoft Intune for help setting up these roles.
应用保护策略报表中缺少用户帐户User accounts missing from app protection policy reports 管理控制台报表不显示最近部署了应用保护策略的用户帐户。Admin console reports do not show user accounts to which app protection policy was recently deployed. 若用户是应用保护策略的新目标用户,则可能要 24 小时后,该用户才会在报表中显示为目标用户。If a user is newly targeted by an app protection policy, it can take up to 24 hours for that user to show up in reports as a targeted user.
策略更改无效Policy changes not working 对应用保护策略的更改和更新可能需要 8 小时才能应用。Changes and updates to app protection policy can take up to 8 hours to apply. 如果适用,最终用户可注销该应用,然后重新登录,强行与服务同步。If applicable, the end-user can log out of the app and log back in to force sync with service.
DEP 中无法使用应用保护策略App protection policy not working with DEP 应用保护策略不适用于 Apple DEP 设备。App protection policy is not applying to Apple DEP devices. 请确保通过 Apple 设备注册计划 (DEP) 使用用户关联。Please ensure you are using User Affinity with Apple Device Enrollment Program (DEP). 对需要在 DEP 下进行用户身份验证的应用而言,用户关联是必须的。User Affinity is required for any app that requires user authentication under DEP.

请参阅 Enroll corporate-owned Device Enrollment Program iOS devices(将通过“设备注册计划”购买的 iOS 设备注册为企业所有),了解有关 iOS DEP 注册的详细信息。Refer to Enroll corporate-owned Device Enrollment Program iOS devices for more information on iOS DEP enrollment.
iOS 中无法使用数据传输策略Data transfer policy not working with iOS 允许应用向其他应用传输数据允许应用从其他应用接收数据策略未成功管理 iOS 中的数据传输。The Allow app to transfer data to other apps and Allow app to receive data from other apps policies do not successfully manage data transfer in iOS. 请参阅使用 Microsoft Intune 管理 iOS 应用之间的数据传输.See Manage data transfer between iOS apps with Microsoft Intune.

常见最终用户问题Common end-user issues

常见最终用户问题细分为以下类别:Common end-user issues are broken down in the following categories:

  • 正常使用场景:最终用户可能会在具有 Intune 应用保护策略的应用上遇到这些情况。Normal usage scenarios: An end-user might experience these scenarios on apps that have Intune app protection policy. 这些不是实际问题,但可能会被视为 bug 或错误。These are not actual issues, but may be perceived as bugs or errors.

  • 正常使用对话:它们是最终用户可能会在具有 Intune 应用保护策略的应用中看到的使用对话。Normal usage dialogs: These are usage dialogs an end-user might see in apps that have Intune app protection policy. 这些消息和对话指示错误或 bug。These messages and dialogs do not indicate an error or bug.

  • 错误消息和对话:它们是最终用户可能会在具有 Intune 应用保护策略的应用中看到的错误消息和对话。Error messages and dialogs: These are error messages and dialogs an end-user might see on apps that have Intune app protection policy. 通常会指示由 IT 管理员造成的错误或 Intune 应用保护的 bug。These often indicate an error was made by the IT administrator or a bug with Intune app protection.

正常使用场景Normal usage scenarios

平台Platform 方案Scenario 说明Explanation
iOSiOS 即使将数据传输策略设置为“仅托管应用”或“无应用”,最终用户也可使用 iOS 共享扩展在非托管应用中打开工作或学校数据。The end-user can use the iOS share extension to open work or school data in unmanaged apps, even with the data transfer policy set to Managed apps only or No apps. 这样不会泄漏数据吗?Doesn't this leak data? 在不管理设备的情况下,Intune 应用保护策略不能控制 iOS 共享扩展。Intune app protection policy cannot control the iOS share extension without managing the device. 因此,Intune 会在应用外共享“企业”数据前先加密数据Therefore, Intune encrypts "corporate" data before sharing it outside the app. 可通过尝试在托管应用外打开“企业”文件进行验证。You can validate this by attempting to open the "corporate" file outside of the managed app. 该文件应进行加密,且无法在托管应用外打开。The file should be encrypted and unable to be opened outside the managed app.
AndroidAndroid 为什么即使使用不需设备注册的 MAM 应用保护,最终用户也需要安装公司门户应用Why does the end-user need to install the Company Portal app, even if I'm using MAM app protection without device enrollment? 在 Android 上,应用保护的许多功能都内置于公司门户应用中。On Android, much of app protection functionality is built into the Company Portal app. 虽然始终需要公司门户应用,但无需设备注册Device enrollment is not required even though the Company Portal app is always required. 对于不需注册的应用保护,最终用户只需在设备上安装公司门户应用即可。For app protection without enrollment, the end-user just needs to have the Company Portal app installed on the device.

正常使用对话Normal usage dialogs

平台Platform 消息或对话Message or dialog 说明Explanation
iOS、AndroidiOS, Android 登录:为保护其数据,组织需要管理此应用。Sign-in: To protect its data, your organization needs to manage this app. 要完成此操作,请使用工作或学校帐户登录。To complete this action, sign in with your work or school account. 最终用户必须使用其工作或学校帐户登录才能使用此应用,这就需要应用保护策略。The end-user must sign in with their work or school account in order to use this app, which requires app protection policy. 为使策略适用,用户必须对 Azure Active Directory 进行身份验证。In order for policy to apply, the user must authenticate against Azure Active Directory.
iOS、AndroidiOS, Android 需要重启:组织当前正在此应用中保护其数据。Restart Required: Your organization is now protecting its data in this app. 需重启应用才能继续。You need to restart the app to continue. 应用刚收到 Intune 应用保护策略,必须重启才能应用该策略。The app has just received Intune app protection policy and must restart in order for the policy to apply.
iOS、AndroidiOS, Android 操作未允许:组织仅允许在此应用中打开工作或学校数据。Action Not Allowed: Your organization only allows you to open work or school data in this app. IT 管理员已将“允许应用从其他应用接收数据”设置为“仅托管应用”。The IT administrator has set the Allow app to receive data from other apps to Managed apps only. 因此,最终用户只可将数据从其他具有应用保护策略的应用传输到此应用。Therefore, the end-user can only transfer data into this app from other apps that have app protection policy.
iOS、AndroidiOS, Android 操作未允许:组织仅允许将其数据传输到其他托管应用。Action Not Allowed: Your organization only allows you to transfer its data to other managed apps. IT 管理员已将“允许应用将数据传输到其他应用”设置为“仅托管应用”。The IT administrator has set the Allow app to transfer data to other apps to Managed apps only. 因此,最终用户只可将此应用的数据传输到其他具有应用保护策略的应用。Therefore, the end-user can only transfer data out of this app to other apps that have app protection policy.
iOS、AndroidiOS, Android 擦除警报:组织已删除与此应用关联的组织数据。Wipe Alert: Your organization has removed its data associated with this app. 若要继续,请重启应用。To continue, restart the app. IT 管理员已使用 Intune 应用保护启动了应用擦除。The IT administrator has initiated an app wipe using Intune app protection.
AndroidAndroid 需要公司门户:若要将工作或学校帐户用于此应用,必须安装 Intune 公司门户应用。Company Portal required: To use your work or school account with this app, you must install the Intune Company Portal app. 点击“转至商店”继续操作。Tap “Go to store” to continue. 在 Android 上,应用保护的许多功能都内置于公司门户应用中。On Android, much of app protection functionality is built into the Company Portal app. 虽然始终需要公司门户应用,但无需设备注册Device enrollment is not required even though the Company Portal app is always required. 对于不需注册的应用保护,最终用户只需在设备上安装公司门户应用即可。For app protection without enrollment, the end-user just needs to have the Company Portal app installed on the device.

iOS 上的错误消息和对话Error messages and dialogs on iOS

错误消息和对话Error message or dialog 原因Cause 补救Remediation
应用未设置:此应用未设置,尚无法使用。App Not Set Up: This app has not been set up for you to use. 请联系你的 IT 管理员获取帮助。Contact your IT administrator for help. 未能检测到应用所需的应用保护策略。Failure to detect required app protection policy for the app. 确保将 iOS 应用保护策略部署到用户的安全组,并以此应用为目标。Make sure an iOS app protection policy is deployed to the user's security group and targets this app.
欢迎使用 Intune Managed Browser:当由 Microsoft Intune 管理时,此应用运行效果最佳。Welcome to the Intune Managed Browser: This app works best when managed by Microsoft Intune. 可始终使用此应用浏览 Web,并且当它由 Microsoft Intune 管理时,可访问附加的数据保护功能。You can always use this app to browse the web, and when it is managed by Microsoft Intune you gain access to additional data protection features. 未能检测到 Intune Managed Browser 应用所需的应用保护策略。Failure to detect required app protection policy for the Intune Managed Browser app.

用户仍可使用该应用浏览 Web,但该应用不由 Intune 托管。The user can still use the app to browse the web, but the app is not managed by Intune.
确保将 iOS 应用保护策略部署到用户的安全组,并以 Intune Managed Browser 应用为目标。Make sure an iOS app protection policy is deployed to the user's security group and targets the Intune Managed Browser app.
登录失败:目前无法登录。Sign-in Failed: We can't sign you in right now. 请稍后重试。Please try again later. 未能在用户尝试使用其工作或学校帐户登录后,向 MAM 服务注册该用户。Failure to enroll the user with the MAM service after the user attempts to sign in with their work or school account. 确保将 iOS 应用保护策略部署到用户的安全组,并以此应用为目标。Make sure an iOS app protection policy is deployed to the user's security group and targets this app.
帐户未设置:组织未设置你的帐户来访问工作或学校数据。Account Not Set Up: Your organization has not set up your account to access work or school data. 请联系 IT 管理员寻求帮助。Please contact your IT administrator for help. 用户帐户没有 Intune A Direct 许可证。The user account does not have an Intune A Direct license. 确保用户的帐户在 Office 门户中分配有 Intune 许可证。Make sure the user's account has an Intune license assigned in the Office portal.
设备不合规:无法使用此应用,因为正在使用越狱的设备。Device Non-Compliant: This app cannot be used because you are using a jailbroken device. 请联系你的 IT 管理员获取帮助。Contact your IT administrator for help. Intune 检测到用户正在使用越狱的设备。Intune detected the user is on a jailbroken device. 将设备重置为默认出厂设置。Reset the device to default factory settings. 按照 Apple 支持站点中的这些说明操作。Follow these instructions from the Apple support site.
需要 Internet 连接:必须连接到 Internet 才可验证是否可使用此应用。Internet Connection Required: You must be connected to the Internet to verify that you can use this app. 设备未连接到 Internet。The device is not connected to the Internet. 将设备连接到 WiFi 或数据网络。Connect the device to a WiFi or Data network.
未知故障:尝试重启此应用。Unknown Failure: Try restarting this app. 如果问题仍然存在,请与 IT 管理员联系以寻求帮助。If the problem persists, contact your IT administrator for help. 发生未知故障。An unknown failure occurred. 请稍后重试。Wait a while and try again. 如果错误仍然存在,请通过 Intune 在此处创建支持票证。If the error persists, create a support ticket with Intune here.
访问组织数据:指定的工作或学校帐户无权访问此应用。Accessing Your Organization's Data: The work or school account you specified does not have access to this app. 可能必须使用其他帐户登录。You may have to sign in with a different account. 请联系你的 IT 管理员获取帮助。Contact your IT administrator for help. Intune 检测到用户尝试使用另一个工作或学校帐户(不同于已注册 MAM 的设备帐户)登录。Intune detects the user attempted to sign in with second work or school account that is different from the MAM enrolled account for the device. 对于每个设备,MAM 一次只能管理一个工作或学校帐户。Only one work or school account can be managed by MAM at a time per device. 让用户使用具有通过登录屏幕预填充的用户名的相应帐户登录。Have the user sign in with the account whose username is pre-populated by the sign-in screen.

或让用户使用新的工作或学校帐户登录,并删除已注册 MAM 的现有帐户。Or, have the user sign in with the new work or school account and remove the existing MAM enrolled account.
连接问题:出现意外的连接问题。Connection Issue: An unexpected connection issue occurred. 检查连接,然后重试。Check your connection and try again. 意外故障。Unexpected failure. 请稍后重试。Wait a while and try again. 如果错误仍然存在,请通过 Intune 在此处创建支持票证。If the error persists, create a support ticket with Intune here.
警报:此应用无法再进行使用。Alert: This app can no longer be used. 有关详细信息,请与 IT 管理员联系。Contact your IT administrator for more information. 验证应用证书失败。Failure to validate the app's certificate. 确保应用版本为最新。Make sure the app version is up-to-date.

重新安装应用。Reinstall the app.
错误:此应用遇到问题,必须关闭。Error: This app has encountered a problem and must close. 如果此错误仍然存在,请与 IT 管理员联系。If this error persists, please contact your IT administrator. 未能从 Apple iOS Keychain 读取 MAM 应用 PIN。Failure to read the MAM app PIN from the Apple iOS Keychain. 重启设备。Restart the device. 确保应用版本为最新。Make sure the app version is up-to-date.

重新安装应用。Reinstall the app.

Android 上的错误消息和对话Error messages and dialogs on Android

对话框/错误消息Dialog/Error message 原因Cause 补救Remediation
应用未设置:此应用未设置,尚无法使用。App not set up: This app has not been set up for you to use. 请联系你的 IT 管理员获取帮助。Contact your IT administrator for help. 未能检测到应用所需的应用保护策略。Failure to detect required app protection policy for the app. 确保将 Android 应用保护策略部署到用户的安全组,并以此应用为目标。Make sure an Android app protection policy is deployed to the user's security group and targets this app.
应用启动失败:启动应用时出现问题。Failed app launch: There was an issue launching your app. 请尝试更新该应用或 Intune 公司门户应用。Try updating the app or the Intune Company Portal app. 如果需要帮助,请与你的 IT 管理员联系。If you need help, contact your IT administrator. Intune 检测到应用适用的有效应用保护策略,但应用在 MAM 初始化过程中崩溃。Intune detected valid app protection policy for the app, but the app is crashing during MAM initialization. 确保应用版本为最新。Make sure the app version is up-to-date.

确保 Intune 公司门户应用已安装且在设备上为最新。Make sure the Intune Company Portal app is installed and up-to-date on the device.

如果错误仍然存在,使用公司门户应用将日志发送到 Intune 或在此处创建支持票证。If the error persists, use the Company Portal app to send logs to Intune or create a support ticket here.
未找到应用:组织不允许使用此设备上的任何应用来打开此内容。No apps found: There are no apps on this device that your organization allows to open this content. 请联系你的 IT 管理员获取帮助。Contact your IT administrator for help. 用户尝试使用另一个应用打开工作或学校数据,但 Intune 找不到任何其他有权打开该数据的托管应用。The user tried to open work or school data with another app, but Intune cannot find any other managed apps that are allowed to open the data. 确保将 Android 应用保护策略部署到用户的安全组,并至少再以另一个启用了 MAM 且可打开相关数据的应用为目标。Make sure an Android app protection policy is deployed to the user's security and targets at least one other MAM-enabled app that can open the data in question.
登录失败:重试登录。Sign-in failed: Try to sign in again. 如果此问题仍然存在,请与 IT 管理员联系以寻求帮助。If this problem persists, contact your IT administrator for help. 未能验证用户登录时尝试使用的帐户。Failure to authenticate the account with which the user attempted to sign in. 确保用户使用已注册 Intune MAM 服务的工作或学校帐户(第一个成功登录到此应用的工作或学校帐户)登录。Make sure the user signs in with the work or school account that is already enrolled with the Intune MAM service (the first work or school account that was successfully signed into in this app).

清除应用数据。Clear the app's data.

确保应用版本为最新。Make sure the app version is up-to-date.

确保公司门户版本为最新版。Make sure the Company Portal version is up-to-date.
需要 Internet 连接:必须连接到 Internet 才可验证是否可使用此应用。Internet connection required: You must be connected to the Internet to verify that you can use this app. 设备未连接到 Internet。The device is not connected to the Internet. 将设备连接到 WiFi 或数据网络。Connect the device to a WiFi or Data network.
设备不合规:无法使用此应用,因为你正在使用已取得 root 权限的设备。Device non-compliant: This app can't be used because you are using a rooted device. 请联系你的 IT 管理员获取帮助。Contact your IT administrator for help. Intune 检测到用户正在使用已取得 root 权限的设备。Intune detected the user is on a rooted device. 将设备重置为默认出厂设置。Reset the device to default factory settings.
帐户未设置:此应用必须由 Microsoft Intune 托管,但帐户尚未设置。Account not set up: This app must be managed by Microsoft Intune, but your account has not been set up. 请联系你的 IT 管理员获取帮助。Contact your IT administrator for help. 用户帐户没有 Intune A Direct 许可证。The user account does not have an Intune A Direct license. 确保用户的帐户在 Office 门户中分配有 Intune 许可证。Make sure the user's account has an Intune license assigned in the Office portal.
无法注册应用:此应用必须由 Microsoft Intune 托管,但目前无法注册此应用。Unable to register the app: This app must be managed by Microsoft Intune, but we were unable to register this app at this time. 请联系你的 IT 管理员获取帮助。Contact your IT administrator for help. 需要应用保护策略时,未能自动向 MAM 服务注册该应用。Failure to automatically enroll the app with the MAM service when app protection policy is required. 清除应用数据。Clear the app's data.

通过公司门户应用将日志发送给 Intune,或在此处提供支持票证。Send logs to Intune through the Company Portal app or file a support ticket here.

另请参阅See also