查看客户端应用保护日志Review client app protection logs

了解可在应用保护日志中查看的设置。Learn about the settings you can review in the app protection logs. 启用移动客户端上的 Intune 诊断来访问这些日志。Access logs by enabling Intune Diagnostics on a mobile client.

启用和收集日志的过程因平台而异:The process to enable and collect logs varies by platform:

下表列出了在日志中记录的应用保护策略设置名称和受支持的值。The following tables list the App protection policy setting name and supported values that are recorded in the log. 此外,每个设置都标识在 Microsoft 终结点管理器门户中找到的策略设置。In addition, each setting identifies the policy setting found within Microsoft Endpoint Manager portal. 有关每个设置的详细信息,请参阅 iOS/iPadOS 应用保护策略设置Microsoft Intune 中的 Android 应用保护策略设置For detailed information on each setting, see iOS/iPadOS app protection policy settings and Android app protection policy settings in Microsoft Intune.

iOS/iPadOS 应用保护策略设置iOS/iPadOS App protection policy settings

名称Name 值详细信息Value details Microsoft 终结点管理器应用保护策略中的设置Setting in Microsoft Endpoint Manager App Protection Policy
AccessRecheckOfflineTimeoutAccessRecheckOfflineTimeout x 分钟x minutes 部分:条件启动Section: Conditional Launch
设置:操作“阻止访问(分钟)”的脱机宽限期Setting: Offline grace period with action Block access (minutes)
AccessRecheckOnlineTimeoutAccessRecheckOnlineTimeout x 分钟x minutes 部分:访问要求Section: Access requirements
设置:在(非活动状态的分钟数)后重新检查访问要求Setting: Recheck the access requirements after (minutes of inactivity)
AllowedOutboundClipboardSharingExceptionLengthAllowedOutboundClipboardSharingExceptionLength x 个字符x characters 部分:数据保护Section: Data protection
设置:针对任何应用的字符剪切和复制限制Setting: Cut and copy character limit for any app
AppPinDisabledAppPinDisabled 0 = 必需0 = Require
1 = 非必需1 = Not required
部分:访问要求Section: Access requirements
设置:应用 PIN(设置了设备 PIN 时)Setting: App PIN when device PIN is set
AppSharingFromLevelAppSharingFromLevel 0 = 无0 = None
1 = 策略托管应用1 = Policy Managed apps
2 = 所有应用2 = All apps
部分:数据保护Section: Data Protection
设置:从其他应用接收数据Setting: Receive data from other apps
AppSharingToLevelAppSharingToLevel 0 = 无0 = None
1 = 策略托管应用1 = Policy managed apps
2 = 所有应用2 = All app
部分:数据保护Section: Data Protection
设置:将组织数据发送到其他应用Setting: Send org data to other apps
ProtectManagedOpenInDataProtectManagedOpenInData 0 = False0 = False
1 = True1 = True
部分:数据保护Section: Data Protection
设置:如果为 true,则“将组织数据发送到其他应用”设置为具有“打开方式/共享”筛选的策略托管应用Setting: Send org data to other apps is set to Policy Managed apps with Open-In/Share filtering when true
AuthenticationEnabledAuthenticationEnabled 0 = 非必需0 = Not required
1 = 必需1 = Require
部分:访问要求Section: Access requirements
设置:用于访问的工作或学校帐户凭据Setting: Work or school account credentials for access
ClipboardSharingLevelClipboardSharingLevel 0 = 已阻止0 = Blocked
1 = 策略托管应用1 = Policy managed apps
2 = 带粘贴的策略托管应用2 = Policy managed apps with paste in
3 = 任何应用3 = Any app
部分:数据保护Section: Data Protection
设置:限制在其他应用间进行剪切、复制和粘贴Setting: Restrict cut, copy, and paste between other apps
ContactSyncDisabledContactSyncDisabled 0 = 允许0 = Allow
1 = 阻止1 = Block
部分:数据保护Section: Data Protection
设置:将应用与本机联系人应用进行同步Setting: Sync app with native contacts app
DataBackupDisabledDataBackupDisabled 0 = 允许0 = Allow
1 = 阻止1 = Block
部分:数据保护Section: Data Protection
设置:阻止备份Setting: Prevent backups
DeviceComplianceEnabledDeviceComplianceEnabled 0 = False0 = False
1 = True1 = True
部分:条件启动Section: Conditional Launch
设置:已越狱/获得 root 权限的设备Setting: Jailbroken/rooted devices
DeviceComplianceFailureActionDeviceComplianceFailureAction 0 = 阻止访问0 = Block acess
1 = 擦除数据1 = Wipe data
部分:条件启动Section: Conditional Launch
设置:已越狱/获得 root 权限的设备Setting: Jailbroken/rooted devices
DisableShareSenseDisableShareSense 不适用N/A 不适用:Intune 服务不会主动使用。N/A: Not actively used by Intune service.
FileEncryptionLevelFileEncryptionLevel 0 = 锁定设备时0 = When device is locked
1 = 设备锁定并存在打开的文件时1 = When device is locked and there are open files
2 = 设备重启后2 = After device restart
3 = 使用设备设置3 = Use device settings
部分:数据保护Section: Data Protection
设置:对组织数据进行加密Setting: Encrypt org data
FileSharingSaveAsDisabledFileSharingSaveAsDisabled 0 = 允许0 = Allow
1 = 阻止1 = Block
部分:数据保护Section: Data Protection
设置:保存组织数据的副本Setting: Save copies of org data
IntuneIdentityUPNIntuneIdentityUPN Intune MAM 用户的 UPNUPN of the Intune MAM user 不适用N/A
ManagedBrowserRequiredManagedBrowserRequired 0 = False0 = False
1 = True1 = True
部分:数据保护Section: Data Protection
设置:限制使用其他应用传输 Web 内容Setting: Restrict web content transfer with other apps
ManagedLocationsManagedLocations 该值表示应用程序可以将数据保存到的托管存储位置数。A value that represents the number of managed storage locations to which the app can save data.
1 = OneDrive1 = OneDrive
2 = SharePoint2 = SharePoint
3 = OneDrive 和 SharePoint3 = OneDrive and SharePoint
32 = 本地存储32 = Local Storage
33 = 本地存储和 OneDrive33 = Local Storage & OneDrive
34 = 本地存储和 SharePoint34 = Local Storage & SharePoint
35 = 本地存储、OneDrive 和 SharePoint35 = Local Storage, OneDrive, and SharePoint
部分:数据保护Section: Data Protection
设置:允许用户将副本保存到所选的服务Setting: Allow user to save copies to selected services
MinAppVersionMinAppVersion "0.0" = 无最低应用版本"0.0" = no minimum app version
任何其他 = 最低应用版本anything else = minimum app version
部分:条件启动Section: Conditional launch
设置:操作“阻止访问”的最低应用版本Setting: Min app version with action Block access
MinAppVersionWarningMinAppVersionWarning "0.0" = 无最低应用版本。"0.0" = no minimum app version.
任何其他 = 最低应用版本anything else = minimum app version
部分:条件启动Section: Conditional launch
设置:操作“警告”的最低应用版本Setting: Min app version with action Warn
MinAppVersionWipeMinAppVersionWipe "0.0" = 无最低操作系统版本"0.0" = no minimum OS version
任何其他 = 最低操作系统版本anything else = minimum OS version
部分:条件启动Section: Conditional launch
设置:操作“擦除数据”的最低应用版本Setting: Min app version with action Wipe data
MinOsVersionMinOsVersion "0.0" = 无最低操作系统版本"0.0" = no minimum OS version
任何其他 = 最低操作系统版本anything else = minimum OS version
部分:条件启动Section: Conditional launch
设置:操作“阻止访问”的最低操作系统版本Setting: Min OS version with action Block access
MinOsVersionWarningMinOsVersionWarning "0.0" = 无最低操作系统版本"0.0" = no minimum OS version
任何其他 = 最低操作系统版本anything else = minimum OS version
部分:条件启动Section: Conditional launch
设置:操作“警告”的最低操作系统版本Setting: Min OS version with action Warn
MinOsVersionWipeMinOsVersionWipe "0.0" = 无最低操作系统版本"0.0" = no minimum OS version
任何其他 = 最低操作系统版本anything else = minimum OS version
部分:条件启动Section: Conditional launch
设置:操作“擦除数据”的最低操作系统版本Setting: Min OS version with action Wipe data
MinSDKVersionMinSDKVersion "0.0" = 无最低 SDK 版本"0.0" = no minimum SDK version
任何其他 = 最低操作系统版本anything else = minimum OS version
部分:条件启动Section: Conditional launch
设置:操作“阻止访问”的最低 SDK 版本Setting: Min SDK version with action Block access
MinSDKVersionWipeMinSDKVersionWipe "0.0" = 无最低 SDK 版本"0.0" = no minimum SDK version
任何其他 = 最低操作系统版本anything else = minimum OS version
部分:条件启动Section: Conditional launch
设置:操作“阻止访问”的最低 SDK 版本Setting: Min SDK version with action Block access
NotificationRestrictionNotificationRestriction 0 = 允许0 = Allow
1 = 阻止组织数据1 = Block Org Data
2 = 阻止2 = Block
部分:数据保护Section: Data Protection
设置:组织数据通知Setting: Org data notifications
PINCharacterTypePINCharacterType 0 = 密码0 = Passcode
1 = 数值1 = Numeric
部分:访问要求Section: Access requirements
设置:PIN 类型Setting: Pin type
PINEnabledPINEnabled 0 = 非必需0 = Not required
1 = 必需1 = Require
部分:访问要求Section: Access requirements
设置:需要 PIN 才能进行访问Setting: PIN for access
PINMinLengthPINMinLength x 个字符x characters 部分:访问要求Section: Access requirements
设置:选择最小 PIN 长度Setting: Select minimum PIN length
PINNumRetryPINNumRetry x 次尝试x attempts 部分:条件启动Section: Conditional launch
设置:最大 PIN 尝试次数Setting: Max PIN attempts
MaxPinRetryExceededActionMaxPinRetryExceededAction 0 = 重置 PIN0 = Reset PIN
1 = 擦除数据1 = Wipe data
部分:条件启动Section: Conditional launch
设置:最大 PIN 尝试次数Setting: Max PIN attempts
PrintingBlockedPrintingBlocked 0 = 允许0 = Allow
1 = 阻止1 = Block
部分:数据保护Section: Data Protection
设置:打印组织数据Setting: Printing org data
SimplePINAllowedSimplePINAllowed 0 = 阻止0 = Block
1 = 允许1 = Allow
部分:访问要求Section: Access requirements
设置:简单 PINSetting: Simple PIN
TouchIDEnabledTouchIDEnabled 0 = 阻止0 = Block
1 = 允许1 = Allow
部分:访问要求Section: Access requirements
设置:访问时使用 Touch ID 而非 PIN (iOS 8+/iPadOS)Setting: Touch ID instead of PIN for access (iOS 8+/iPadOS)
ThirdPartyKeyboardsBlockedThirdPartyKeyboardsBlocked 0 = 允许0 = Allow
1 = 阻止1 = Block
部分:数据保护Section: Data Protection
设置:第三方键盘Setting: Third party keyboards
FaceIDEnabledFaceIDEnabled 0 = 阻止0 = Block
1 = 允许1 = Allow
部分:访问要求Section: Access requirements
设置:访问时使用 Face ID 而非 PIN (iOS 11+/iPadOS)Setting: Face ID instead of PIN for access (iOS 11+/iPadOS)
PINExpiryDaysPINExpiryDays x 个字符x characters 部分:访问要求Section: Access requirements
设置:PIN 重置前的天数 > 天数Setting: PIN reset after number of days > Number of days
NonBioPassTimeOutRequiredNonBioPassTimeOutRequired 0 = 非必需0 = Not required
1 = 必需1 = Require
部分:访问要求Section: Access requirements
设置:超时后使用 PIN 覆盖 Touch IDSetting: Override Touch ID with PIN after timeout
NonBioPassTimeOutNonBioPassTimeOut x 分钟x minutes 部分:访问要求Section: Access requirements
设置:超时后使用 PIN 覆盖 Touch ID > 超时(非活动状态分钟数)Setting: Override Touch ID with PIN after timeout > Timeout (minutes of inactivity)
DictationBlockedDictationBlocked 0 = 允许0 = Allow
1 = 阻止1 = Block
没有针对此设置的管理控制。No administration control for this setting.
OfflineWipeIntervalOfflineWipeInterval x 天x days 注意:没有针对此设置的管理控制。Note: No admin control for this setting.
ProtocolExclusionsProtocolExclusions 0 = 允许0 = Allow
1 = 阻止1 = Block
部分:数据保护Section: Data Protection
设置:选择要豁免的应用Setting: Select apps to exempt
EnableOpenInFilterEnableOpenInFilter 0 - 禁用0 = Disabled
1 = 启用1 = Enabled
部分:数据保护Section: Data Protection
设置:将组织数据发送到其他应用 > 具有“打开方式/共享”筛选的策略托管应用Setting: Send Org data to other apps > Policy managed apps with Open-In/Share filtering
MinimumRequiredDeviceThreatProtectionLevelMinimumRequiredDeviceThreatProtectionLevel 0 = 未配置0 = Not configured
1 = 安全1 = Secured
2 = 低2 = Low
3 = 中3 = Medium
4 = 高4 = High
部分:条件启动Section: Conditional launch
设置:允许的最高设备威胁级别Setting: Max allowed device threat level
MobileThreatDefenseRemediationActionMobileThreatDefenseRemediationAction 0 = 阻止访问0 = Block access
1 = 擦除数据1 = Wipe data
部分:访问要求Section: Access requirements
设置:允许的最大设备威胁级别操作Setting: Max allowed device threat level action)
AllowedIOSModelsElseBlockAllowedIOSModelsElseBlock x 个字符x characters 部分:条件启动Section: Conditional launch
设置:具有“允许指定项(阻止非指定项)”操作的设备模型Setting: Device model(s) with action Allow specified (Block non-specific)
AllowedIOSModelsElseWipeAllowedIOSModelsElseWipe x 个字符x characters 部分:条件启动Section: Conditional launch
设置:具有“允许指定项(擦除非指定项)”操作的设备模型Setting: Device model(s) with action Allow specified (Wipe non-specific)
ProtectAllIncomingUnknownSourceDataProtectAllIncomingUnknownSourceData 不适用N/A 注意:Intune 服务不会主动使用。Note: Not actively used by Intune service.

Android 应用保护策略设置Android App protection policy settings

名称Name 值详细信息Value details Microsoft 终结点管理器应用保护策略中的设置Setting in Microsoft Endpoint Manager App Protection Policy
AccessRecheckOfflineTimeoutAccessRecheckOfflineTimeout x 分钟x minutes 部分:条件启动Section: Conditional Launch
设置:操作“阻止访问(分钟)”的脱机宽限期Setting: Offline grace period with action Block access (minutes)
AccessRecheckOnlineTimeoutAccessRecheckOnlineTimeout x 分钟x minutes 部分:访问要求Section: Access requirements
设置:在(非活动状态的分钟数)后重新检查访问要求Setting: Recheck the access requirements after (minutes of inactivity)
AppPinDisabledAppPinDisabled true = 必需true = Require
false = 非必需false = Not required
部分:访问要求Section: Access requirements
设置:应用 PIN(设置了设备 PIN 时)Setting: App PIN when device PIN is set
AllowedAndroidManufacturersElseBlockAllowedAndroidManufacturersElseBlock 如果未设置,则为空,否则为允许的制造商列表Empty if not set, otherwise list of allowed manufacturers 部分:条件启动Section: Conditional launch
设置:具有“允许指定项(阻止非指定项)”操作的设备制造商Setting: Device manufacturers with action Allow specified (Block non-specified)
AllowedAndroidManufacturersElseWipeAllowedAndroidManufacturersElseWipe 如果未设置,则为空,否则为允许的制造商列表Empty if not set, otherwise list of allowed manufacturers 部分:条件启动Section: Conditional launch
设置:具有“允许指定项(擦除非指定项)”操作的设备制造商Setting: Device manufacturers with action Allow specified (Wipe non-specified)
AllowedAndroidModelsElseBlockAllowedAndroidModelsElseBlock 如果未设置,则为空,否则为允许的模型列表Empty if not set, otherwise list of allowed models 没有针对此设置的管理控制。No administration control for this setting.
AllowedAndroidModelsElseWipeAllowedAndroidModelsElseWipe 如果未设置,则为空,否则为允许的模型列表Empty if not set, otherwise list of allowed models 没有针对此设置的管理控制。No administration control for this setting.
AndroidSafetyNetDeviceAttestationEnforcementAndroidSafetyNetDeviceAttestationEnforcement NOT_REQUIRED = 未设置NOT_REQUIRED = not set
BASIC_INTEGRITY = 基本完整性BASIC_INTEGRITY = Basic Integrity
BASIC_INTEGRITY_AND_DEVICE_CERTIFICATION = 基本完整性和认证设备BASIC_INTEGRITY_AND_DEVICE_CERTIFICATION = Basic Integrity and certified devices
部分:条件启动Section: Conditional launch
设置:SafetyNet 设备证明Setting: SafetyNet device attestation
AndroidSafetyNetDeviceAttestationFailedActionAndroidSafetyNetDeviceAttestationFailedAction BLOCK = 阻止访问BLOCK = Block access
WARN = 警告WARN = Warn
WIPE_DATA = 擦除数据WIPE_DATA = Wipe Data
部分:条件启动Section: Conditional launch
设置:SafetyNet 设备证明Setting: SafetyNet device attestation
AndroidSafetyNetVerifyAppsEnforcementTypeAndroidSafetyNetVerifyAppsEnforcementType NOT_REQUIRED = 未设置NOT_REQUIRED = not set
REQUIRE_ENABLED = 已配置REQUIRE_ENABLED = configured
部分:条件启动Section: Conditional launch
设置:要求对应用进行威胁扫描Setting: Require threat scan on apps
AndroidSafetyNetVerifyAppsFailedActionAndroidSafetyNetVerifyAppsFailedAction BLOCK = 阻止访问BLOCK = Block access
WARN = 警告WARN = Warn
部分:条件启动Section: Conditional launch
设置:要求对应用进行威胁扫描Setting: Require threat scan on apps
AppSharingFromLevelAppSharingFromLevel BLOCKED = 无BLOCKED = None
MANAGED = 策略托管应用MANAGED = Policy Managed apps
UNRESTRICTED = 所有应用UNRESTRICTED = All apps
部分:数据保护Section: Data Protection
设置:从其他应用接收数据Setting: Receive data from other apps
AppSharingToLevelAppSharingToLevel BLOCKED = 无BLOCKED = None
MANAGED = 策略托管应用MANAGED = Policy Managed apps
UNRESTRICTED = 所有应用UNRESTRICTED = All app
部分:数据保护Section: Data Protection
设置:将组织数据发送到其他应用Setting: Send org data to other apps
AuthenticationEnabledAuthenticationEnabled false = 非必需false = Not required
true = 必需true = Require
部分:访问要求Section: Access requirements
设置:用于访问的工作或学校帐户凭据Setting: Work or school account credentials for access
BlockScreenCaptureBlockScreenCapture false = 允许false = Allow
true = 阻止true = Block
部分:数据保护Section: Data Protection
设置:屏幕捕获和 Google 助手Setting: Screen capture and Google Assistant
ClipboardCharacterExceptionLengthClipboardCharacterExceptionLength x 个字符x characters 部分:数据保护Section: Data protection
设置:针对任何应用的字符剪切和复制限制Setting: Cut and copy character limit for any app
ClipboardSharingLevelClipboardSharingLevel BLOCKED = 已阻止BLOCKED = Blocked
MANAGED = 策略托管应用MANAGED = Policy managed apps
MANAGED_PASTE_IN = 带粘贴的策略托管应用MANAGED_PASTE_IN = Policy managed apps with paste in
UNMANAGED = 任何应用UNMANAGED = Any app
部分:数据保护Section: Data Protection
设置:限制在其他应用间进行剪切、复制和粘贴Setting: Restrict cut, copy, and paste between other apps
ConditionalEncryptionEnabledConditionalEncryptionEnabled false = 必需false = Require
true = 非必需true = Not required
部分:数据保护Section: Data Protection
设置:对已注册设备上的组织数据进行加密Setting: Encrypt org data on enrolled devices
ContactSyncDisabledContactSyncDisabled false = 允许false = Allow
true = 阻止true = Block
部分:数据保护Section: Data Protection
设置:将应用与本机联系人应用进行同步Setting: Sync app with native contacts app
DataBackupDisabledDataBackupDisabled false = 允许false = Allow
true = 阻止true = Block
部分:数据保护Section: Data Protection
设置:阻止备份Setting: Prevent backups
DeviceComplianceEnabledDeviceComplianceEnabled false = Falsefalse = False
true = Truetrue = True
部分:条件启动Section: Conditional Launch
设置:已越狱/获得 root 权限的设备Setting: Jailbroken/rooted devices
DeviceComplianceFailureActionDeviceComplianceFailureAction BLOCK = 阻止访问BLOCK = Block acess
WIPE_DATA = 擦除数据WIPE_DATA = Wipe data
部分:条件启动Section: Conditional Launch
设置:已越狱/获得 root 权限的设备Setting: Jailbroken/rooted devices
DialerRestrictionLevelDialerRestrictionLevel 0 = 无,不在应用之间传输此数据0 = None, do not transfer this data between apps
1 = 特定拨号应用1 = A specific dialer app
2 = 任何由策略管理的拨号应用2 = Any policy-managed dialer app
3 = 任何拨号应用3 = Any dialer app
部分:数据保护Section: Data Protection
设置:将电信数据传输到Setting: Transfer telecommunication data to
DictationBlockedDictationBlocked false = 允许false = Allow
true = 阻止true = Block
没有针对此设置的管理控制。No administration control for this setting.
FileEncryptionKeyLengthFileEncryptionKeyLength 128128
256256
没有针对此设置的管理控制。No administration control for this setting.
FileSharingSaveAsDisabledFileSharingSaveAsDisabled false = 允许false = Allow
true = 阻止true = Block
部分:数据保护Section: Data Protection
设置:保存组织数据的副本Setting: Save copies of org data
IntuneMAMPolicyVersionIntuneMAMPolicyVersion 版本号version number 不适用N/A
isManagedisManaged truetrue
falsefalse
不适用N/A
KeyboardsRestrictedKeyboardsRestricted true = 必需true = Required
false = 非必需false = Not required
部分:数据保护Section: Data Protection
设置:批准的键盘Setting: Approved keyboards
ManagedBrowserRequiredManagedBrowserRequired true = Microsoft Edge 或非托管浏览器true = Microsoft Edge or Unmanaged browser
false = 任何应用false = Any app
部分:数据保护Section: Data Protection
设置:限制向其他应用传输 Web 内容。Setting: Restrict web content transfer to other apps app.
ManagedLocationsManagedLocations 该值表示应用可以将数据保存到的托管存储位置数,用分号隔开。A value that represents the number of managed storage locations to which the app can save data, separated by a semi-colon.
ONEDRIVE_FOR_BUSINESSONEDRIVE_FOR_BUSINESS
SHAREPOINTSHAREPOINT
LOCALLOCAL
部分:数据保护Section: Data Protection
设置:允许用户将副本保存到所选的服务Setting: Allow user to save copies to selected services
MaxPinRetryExceededActionMaxPinRetryExceededAction RESET_PIN = 重置 PINRESET_PIN = Reset PIN
WIPE_DATA = 擦除数据WIPE_DATA = Wipe data
部分:条件启动Section: Conditional launch
设置:最大 PIN 尝试次数Setting: Max PIN attempts
MinAppVersionMinAppVersion "0.0" = 无最低应用版本"0.0" = no minimum app version
任何其他 = 最低应用版本anything else = minimum app version
部分:条件启动Section: Conditional launch
设置:操作“阻止访问”的最低应用版本Setting: Min app version with action Block access
MinAppVersionWarningMinAppVersionWarning "0.0" = 无最低应用版本。"0.0" = no minimum app version.
任何其他 = 最低应用版本anything else = minimum app version
部分:条件启动Section: Conditional launch
设置:操作“警告”的最低应用版本Setting: Min app version with action Warn
MinAppVersionWipeMinAppVersionWipe "0.0" = 无最低操作系统版本"0.0" = no minimum OS version
任何其他 = 最低操作系统版本anything else = minimum OS version
部分:条件启动Section: Conditional launch
设置:操作“擦除数据”的最低应用版本Setting: Min app version with action Wipe data
MinOsVersionMinOsVersion "0.0" = 无最低操作系统版本"0.0" = no minimum OS version
任何其他 = 最低操作系统版本anything else = minimum OS version
部分:条件启动Section: Conditional launch
设置:操作“阻止访问”的最低操作系统版本Setting: Min OS version with action Block access
MinOsVersionWarningMinOsVersionWarning "0.0" = 无最低操作系统版本"0.0" = no minimum OS version
任何其他 = 最低操作系统版本anything else = minimum OS version
部分:条件启动Section: Conditional launch
设置:操作“警告”的最低操作系统版本Setting: Min OS version with action Warn
MinOsVersionWipeMinOsVersionWipe "0.0" = 无最低操作系统版本"0.0" = no minimum OS version
任何其他 = 最低操作系统版本anything else = minimum OS version
部分:条件启动Section: Conditional launch
设置:操作“擦除数据”的最低操作系统版本Setting: Min OS version with action Wipe data
MinPatchVersionMinPatchVersion "0000-00-00" = 无最低修补程序版本"0000-00-00" = no minimum Patch version
任何其他 = 最低修补程序版本anything else = minimum Patch version
部分:条件启动Section: Conditional launch
设置:“阻止访问”操作的最低修补程序版本Setting: Min Patch version with action Block access
MinPatchVersionWarningMinPatchVersionWarning "0000-00-00" = 无最低修补程序版本"0000-00-00" = no minimum Patch version
任何其他 = 最低修补程序版本anything else = minimum Patch version
部分:条件启动Section: Conditional launch
设置:“警告”操作的最低修补程序版本Setting: Min Patch version with action Warn
MinPatchVersionWipeMinPatchVersionWipe "0000-00-00" = 无最低修补程序版本"0000-00-00" = no minimum Patch version
任何其他 = 最低修补程序版本anything else = minimum Patch version
部分:条件启动Section: Conditional launch
设置:“擦除数据”操作的最低修补程序版本Setting: Min Patch version with action Wipe data
MinimumRequiredCompanyPortalVersionMinimumRequiredCompanyPortalVersion "0.0" = 无最低公司门户版本"0.0" = no minimum Company Portal version
任何其他 = 最低公司门户版本anything else = minimum Company Portal version
部分:条件启动Section: Conditional launch
设置:“阻止访问”操作的最低公司门户版本Setting: Min Company Portal version with action Block access
MinimumRequiredDeviceThreatProtectionLevelMinimumRequiredDeviceThreatProtectionLevel NOT_SET = 未在策略中定义NOT_SET = not defined in the policy
SECURED = 安全SECURED = Secured
LOW = 低LOW = Low
MEDIUM = 中MEDIUM = Medium
HIGH = 高HIGH = High
部分:条件启动Section: Conditional launch
设置:允许的最高设备威胁级别Setting: Max allowed device threat level
MinimumWarningCompanyPortalVersionMinimumWarningCompanyPortalVersion "0.0" = 无最低公司门户版本"0.0" = no minimum Company Portal version
任何其他 = 最低公司门户版本anything else = minimum Company Portal version
部分:条件启动Section: Conditional launch
设置:“警告”操作的最低公司门户版本Setting: Min Company Portal version with action Warn
MinimumWipeCompanyPortalVersionMinimumWipeCompanyPortalVersion "0.0" = 无最低公司门户版本"0.0" = no minimum Company Portal version
任何其他 = 最低公司门户版本anything else = minimum Company Portal version
部分:条件启动Section: Conditional launch
设置:“擦除数据”操作的最低公司门户版本Setting: Min Company Portal version with action Wipe data
MobileThreatDefenseRemediationActionMobileThreatDefenseRemediationAction BLOCK = 阻止访问BLOCK = Block Access
WIPE_DATA = 擦除数据WIPE_DATA = Wipe data
部分:条件启动Section: Conditional launch
设置:允许的最高设备威胁级别Setting: Max allowed device threat level
NonBioPassTimeOutNonBioPassTimeOut x 分钟x minutes 部分:访问要求Section: Access requirements
设置:超时后使用 PIN 替代指纹 > 超时(非活动状态分钟数)Setting: Override fingerprint with PIN after timeout > Timeout (minutes of inactivity)
NonBioPassTimeOutRequiredNonBioPassTimeOutRequired false = 非必需false = Not required
true = 必需true = Require
部分:访问要求Section: Access requirements
设置:超时后使用 PIN 替代指纹Setting: Override fingerprint with PIN after timeout
NotificationRestrictionNotificationRestriction UNRESTRICTED = 允许UNRESTRICTED = Allow
BLOCK_ORG_DATA = 阻止组织数据BLOCK_ORG_DATA = Block Org Data
BLOCK = 阻止BLOCK = Block
部分:数据保护Section: Data Protection
设置:组织数据通知Setting: Org data notifications
PINCharacterTypePINCharacterType PASSCODE = 密码PASSCODE = Passcode
NUMERIC = 数值NUMERIC = Numeric
部分:访问要求Section: Access requirements
设置:PIN 类型Setting: Pin type
PINEnabledPINEnabled false = 非必需false = Not required
true = 必需true = Require
部分:访问要求Section: Access requirements
设置:需要 PIN 才能进行访问Setting: PIN for access
PINMinLengthPINMinLength x 个字符x characters 部分:访问要求Section: Access requirements
设置:选择最小 PIN 长度Setting: Select minimum PIN length
PINNumRetryPINNumRetry x 次尝试x attempts 部分:条件启动Section: Conditional launch
设置:最大 PIN 尝试次数Setting: Max PIN attempts
PackageExclusionsPackageExclusions 如果未配置捆绑 ID,则为空,否则为分号隔开的捆绑 IDEmpty if no bundle IDs are configured, otherwise bundle IDs separated by a semi-colon 部分:数据保护Section: Data protection
设置:选择要豁免的应用Setting: Select apps to exempt
PinHistoryLengthPinHistoryLength 要保留的 x PIN 值x PIN values to maintain 部分:访问要求Section: Access requirements
设置:选择要保留的曾用 PIN 值个数Setting: Select number of previous PIN values to maintain
PolicyCountPolicyCount 数值number 不适用N/A
PrintingBlockedPrintingBlocked false = 允许false = Allow
true = 阻止true = Block
部分:数据保护Section: Data Protection
设置:打印组织数据Setting: Printing org data
RequireFileEncryptionRequireFileEncryption false = 非必需false = Not required
true = 必需true = Require
部分:数据保护Section: Data Protection
设置:对组织数据进行加密Setting: Encrypt org data
SimplePINAllowedSimplePINAllowed false = 阻止false = Block
true = 允许true = Allow
部分:访问要求Section: Access requirements
设置:简单 PINSetting: Simple PIN
SpecificDialerDisplayNameSpecificDialerDisplayName 拨号应用名称Dialer app name 部分:数据保护Section: Data Protection
设置:拨号应用名称Setting: Dialer app name
SpecificDialerPackageIDSpecificDialerPackageID 拨号应用捆绑 IDDialer app bundle ID 部分:数据保护Section: Data Protection
设置:拨号应用包 IDSetting: Dialer App Package ID
TouchIDEnabledTouchIDEnabled false = 阻止false = Block
true = 允许true = Allow
部分:访问要求Section: Access requirements
设置:访问时使用指纹而非 PIN (Android 6.0+)Setting: Fingerprint instead of PIN for access (Android 6.0+)
ThirdPartyKeyboardsBlockedThirdPartyKeyboardsBlocked 0 = 允许0 = Allow
1 = 阻止1 = Block
部分:数据保护Section: Data Protection
设置:第三方键盘Setting: Third party keyboards
FaceIDEnabledFaceIDEnabled 0 = 阻止0 = Block
1 = 允许1 = Allow
部分:访问要求Section: Access requirements
设置:访问时使用 Face ID 而非 PIN (iOS 11+/iPadOS)Setting: Face ID instead of PIN for access (iOS 11+/iPadOS)
PINExpiryDaysPINExpiryDays x 个字符x characters 部分:访问要求Section: Access requirements
设置:PIN 重置前的天数 > 天数Setting: PIN reset after number of days > Number of days
UnmanagedBrowserDisplayNameUnmanagedBrowserDisplayName 非托管 Wed 浏览器显示名称Unmanaged web browser display name 部分:数据保护Section: Data protection
设置:非托管浏览器名称Setting: Unmanaged Browser name
UnmanagedBrowserPackageIDUnmanagedBrowserPackageID 非托管 Web 浏览器包 IDUnmanaged web browser package ID 部分:数据保护Section: Data protection
设置:非托管浏览器 IDSetting: Unmanaged Browser ID

后续步骤Next steps