查看客户端应用保护日志Review client app protection logs
了解可在应用保护日志中查看的设置。Learn about the settings you can review in the app protection logs. 启用移动客户端上的 Intune 诊断来访问这些日志。Access logs by enabling Intune Diagnostics on a mobile client.
启用和收集日志的过程因平台而异:The process to enable and collect logs varies by platform:
iOS/iPadOS 设备 - 使用适用于 iOS/iPadOS 的 Microsoft Edge 收集日志。iOS/iPadOS devices - Use Microsoft Edge for iOS/iPadOS to collect logs. 有关详细信息,请参阅使用适用于 iOS 和 Android 的 Microsoft Edge 访问托管的应用日志。For details, see Use Edge for iOS and Android to access managed app logs.
Windows 10 设备 - 使用“MDMDiag”和事件日志。Windows 10 devices - Use MDMDiag and event logs. 请参阅 Windows 客户端管理内容中的诊断 Windows 10 中的 MDM 故障和博客 Windows 10 Intune 策略故障排除。See, Diagnose MDM failures in Windows 10 in the Windows client management content, and the blog Troubleshooting Windows 10 Intune Policy Failures.
Android 设备 - 使用 Android 版 Microsoft Edge 来收集日志。Android devices - Use Microsoft Edge for Android to collect logs. 有关详细信息,请参阅使用适用于 iOS 和 Android 的 Microsoft Edge 访问托管的应用日志。For details, see Use Edge for iOS and Android to access managed app logs.
备注
在 Android 完全托管的设备上,在某些情况下,Intune 公司门户应用可能在所有应用下都可见。On Android Fully Managed devices, in certain instances the Intune Company Portal app may be visible under all apps. 当未安装或未启动与应用保护策略关联的应用时,可能会发生这种情况。This may happen when an app associated with an app protection policy is either not installed or not launched.
下表列出了在日志中记录的应用保护策略设置名称和受支持的值。The following tables list the App protection policy setting name and supported values that are recorded in the log. 此外,每个设置都标识在 Microsoft 终结点管理器门户中找到的策略设置。In addition, each setting identifies the policy setting found within Microsoft Endpoint Manager portal. 有关每个设置的详细信息,请参阅 iOS/iPadOS 应用保护策略设置和 Microsoft Intune 中的 Android 应用保护策略设置。For detailed information on each setting, see iOS/iPadOS app protection policy settings and Android app protection policy settings in Microsoft Intune.
iOS/iPadOS 应用保护策略设置iOS/iPadOS App protection policy settings
| 名称Name | 值详细信息Value details | Microsoft 终结点管理器应用保护策略中的设置Setting in Microsoft Endpoint Manager App Protection Policy |
|---|---|---|
| AccessRecheckOfflineTimeoutAccessRecheckOfflineTimeout | x 分钟x minutes | 部分:条件启动Section: Conditional Launch 设置:操作“阻止访问(分钟)”的脱机宽限期Setting: Offline grace period with action Block access (minutes) |
| AccessRecheckOnlineTimeoutAccessRecheckOnlineTimeout | x 分钟x minutes | 部分:访问要求Section: Access requirements 设置:在(非活动状态的分钟数)后重新检查访问要求Setting: Recheck the access requirements after (minutes of inactivity) |
| AllowedOutboundClipboardSharingExceptionLengthAllowedOutboundClipboardSharingExceptionLength | x 个字符x characters | 部分:数据保护Section: Data protection 设置:针对任何应用的字符剪切和复制限制Setting: Cut and copy character limit for any app |
| AppPinDisabledAppPinDisabled | 0 = 必需0 = Require 1 = 非必需1 = Not required |
部分:访问要求Section: Access requirements 设置:应用 PIN(设置了设备 PIN 时)Setting: App PIN when device PIN is set |
| AppSharingFromLevelAppSharingFromLevel | 0 = 无0 = None 1 = 策略托管应用1 = Policy Managed apps 2 = 所有应用2 = All apps |
部分:数据保护Section: Data Protection 设置:从其他应用接收数据Setting: Receive data from other apps |
| AppSharingToLevelAppSharingToLevel | 0 = 无0 = None 1 = 策略托管应用1 = Policy managed apps 2 = 所有应用2 = All app |
部分:数据保护Section: Data Protection 设置:将组织数据发送到其他应用Setting: Send org data to other apps |
| ProtectManagedOpenInDataProtectManagedOpenInData | 0 = False0 = False 1 = True1 = True |
部分:数据保护Section: Data Protection 设置:如果为 true,则“将组织数据发送到其他应用”设置为具有“打开方式/共享”筛选的策略托管应用Setting: Send org data to other apps is set to Policy Managed apps with Open-In/Share filtering when true |
| AuthenticationEnabledAuthenticationEnabled | 0 = 非必需0 = Not required 1 = 必需1 = Require |
部分:访问要求Section: Access requirements 设置:用于访问的工作或学校帐户凭据Setting: Work or school account credentials for access |
| ClipboardSharingLevelClipboardSharingLevel | 0 = 已阻止0 = Blocked 1 = 策略托管应用1 = Policy managed apps 2 = 带粘贴的策略托管应用2 = Policy managed apps with paste in 3 = 任何应用3 = Any app |
部分:数据保护Section: Data Protection 设置:限制在其他应用间进行剪切、复制和粘贴Setting: Restrict cut, copy, and paste between other apps |
| ContactSyncDisabledContactSyncDisabled | 0 = 允许0 = Allow 1 = 阻止1 = Block |
部分:数据保护Section: Data Protection 设置:将应用与本机联系人应用进行同步Setting: Sync app with native contacts app |
| DataBackupDisabledDataBackupDisabled | 0 = 允许0 = Allow 1 = 阻止1 = Block |
部分:数据保护Section: Data Protection 设置:阻止备份Setting: Prevent backups |
| DeviceComplianceEnabledDeviceComplianceEnabled | 0 = False0 = False 1 = True1 = True |
部分:条件启动Section: Conditional Launch 设置:已越狱/获得 root 权限的设备Setting: Jailbroken/rooted devices |
| DeviceComplianceFailureActionDeviceComplianceFailureAction | 0 = 阻止访问0 = Block acess 1 = 擦除数据1 = Wipe data |
部分:条件启动Section: Conditional Launch 设置:已越狱/获得 root 权限的设备Setting: Jailbroken/rooted devices |
| DisableShareSenseDisableShareSense | 不适用N/A | 不适用:Intune 服务不会主动使用。N/A: Not actively used by Intune service. |
| FileEncryptionLevelFileEncryptionLevel | 0 = 锁定设备时0 = When device is locked 1 = 设备锁定并存在打开的文件时1 = When device is locked and there are open files 2 = 设备重启后2 = After device restart 3 = 使用设备设置3 = Use device settings |
部分:数据保护Section: Data Protection 设置:对组织数据进行加密Setting: Encrypt org data |
| FileSharingSaveAsDisabledFileSharingSaveAsDisabled | 0 = 允许0 = Allow 1 = 阻止1 = Block |
部分:数据保护Section: Data Protection 设置:保存组织数据的副本Setting: Save copies of org data |
| IntuneIdentityUPNIntuneIdentityUPN | Intune MAM 用户的 UPNUPN of the Intune MAM user | 不适用N/A |
| ManagedBrowserRequiredManagedBrowserRequired | 0 = False0 = False 1 = True1 = True |
部分:数据保护Section: Data Protection 设置:限制使用其他应用传输 Web 内容Setting: Restrict web content transfer with other apps |
| ManagedLocationsManagedLocations | 该值表示应用程序可以将数据保存到的托管存储位置数。A value that represents the number of managed storage locations to which the app can save data. 1 = OneDrive1 = OneDrive 2 = SharePoint2 = SharePoint 3 = OneDrive 和 SharePoint3 = OneDrive and SharePoint 32 = 本地存储32 = Local Storage 33 = 本地存储和 OneDrive33 = Local Storage & OneDrive 34 = 本地存储和 SharePoint34 = Local Storage & SharePoint 35 = 本地存储、OneDrive 和 SharePoint35 = Local Storage, OneDrive, and SharePoint |
部分:数据保护Section: Data Protection 设置:允许用户将副本保存到所选的服务Setting: Allow user to save copies to selected services |
| MinAppVersionMinAppVersion | "0.0" = 无最低应用版本"0.0" = no minimum app version 任何其他 = 最低应用版本anything else = minimum app version |
部分:条件启动Section: Conditional launch 设置:操作“阻止访问”的最低应用版本Setting: Min app version with action Block access |
| MinAppVersionWarningMinAppVersionWarning | "0.0" = 无最低应用版本。"0.0" = no minimum app version. 任何其他 = 最低应用版本anything else = minimum app version |
部分:条件启动Section: Conditional launch 设置:操作“警告”的最低应用版本Setting: Min app version with action Warn |
| MinAppVersionWipeMinAppVersionWipe | "0.0" = 无最低操作系统版本"0.0" = no minimum OS version 任何其他 = 最低操作系统版本anything else = minimum OS version |
部分:条件启动Section: Conditional launch 设置:操作“擦除数据”的最低应用版本Setting: Min app version with action Wipe data |
| MinOsVersionMinOsVersion | "0.0" = 无最低操作系统版本"0.0" = no minimum OS version 任何其他 = 最低操作系统版本anything else = minimum OS version |
部分:条件启动Section: Conditional launch 设置:操作“阻止访问”的最低操作系统版本Setting: Min OS version with action Block access |
| MinOsVersionWarningMinOsVersionWarning | "0.0" = 无最低操作系统版本"0.0" = no minimum OS version 任何其他 = 最低操作系统版本anything else = minimum OS version |
部分:条件启动Section: Conditional launch 设置:操作“警告”的最低操作系统版本Setting: Min OS version with action Warn |
| MinOsVersionWipeMinOsVersionWipe | "0.0" = 无最低操作系统版本"0.0" = no minimum OS version 任何其他 = 最低操作系统版本anything else = minimum OS version |
部分:条件启动Section: Conditional launch 设置:操作“擦除数据”的最低操作系统版本Setting: Min OS version with action Wipe data |
| MinSDKVersionMinSDKVersion | "0.0" = 无最低 SDK 版本"0.0" = no minimum SDK version 任何其他 = 最低操作系统版本anything else = minimum OS version |
部分:条件启动Section: Conditional launch 设置:操作“阻止访问”的最低 SDK 版本Setting: Min SDK version with action Block access |
| MinSDKVersionWipeMinSDKVersionWipe | "0.0" = 无最低 SDK 版本"0.0" = no minimum SDK version 任何其他 = 最低操作系统版本anything else = minimum OS version |
部分:条件启动Section: Conditional launch 设置:操作“阻止访问”的最低 SDK 版本Setting: Min SDK version with action Block access |
| NotificationRestrictionNotificationRestriction | 0 = 允许0 = Allow 1 = 阻止组织数据1 = Block Org Data 2 = 阻止2 = Block |
部分:数据保护Section: Data Protection 设置:组织数据通知Setting: Org data notifications |
| PINCharacterTypePINCharacterType | 0 = 密码0 = Passcode 1 = 数值1 = Numeric |
部分:访问要求Section: Access requirements 设置:PIN 类型Setting: Pin type |
| PINEnabledPINEnabled | 0 = 非必需0 = Not required 1 = 必需1 = Require |
部分:访问要求Section: Access requirements 设置:需要 PIN 才能进行访问Setting: PIN for access |
| PINMinLengthPINMinLength | x 个字符x characters | 部分:访问要求Section: Access requirements 设置:选择最小 PIN 长度Setting: Select minimum PIN length |
| PINNumRetryPINNumRetry | x 次尝试x attempts | 部分:条件启动Section: Conditional launch 设置:最大 PIN 尝试次数Setting: Max PIN attempts |
| MaxPinRetryExceededActionMaxPinRetryExceededAction | 0 = 重置 PIN0 = Reset PIN 1 = 擦除数据1 = Wipe data |
部分:条件启动Section: Conditional launch 设置:最大 PIN 尝试次数Setting: Max PIN attempts |
| PrintingBlockedPrintingBlocked | 0 = 允许0 = Allow 1 = 阻止1 = Block |
部分:数据保护Section: Data Protection 设置:打印组织数据Setting: Printing org data |
| SimplePINAllowedSimplePINAllowed | 0 = 阻止0 = Block 1 = 允许1 = Allow |
部分:访问要求Section: Access requirements 设置:简单 PINSetting: Simple PIN |
| TouchIDEnabledTouchIDEnabled | 0 = 阻止0 = Block 1 = 允许1 = Allow |
部分:访问要求Section: Access requirements 设置:访问时使用 Touch ID 而非 PIN (iOS 8+/iPadOS)Setting: Touch ID instead of PIN for access (iOS 8+/iPadOS) |
| ThirdPartyKeyboardsBlockedThirdPartyKeyboardsBlocked | 0 = 允许0 = Allow 1 = 阻止1 = Block |
部分:数据保护Section: Data Protection 设置:第三方键盘Setting: Third party keyboards |
| FaceIDEnabledFaceIDEnabled | 0 = 阻止0 = Block 1 = 允许1 = Allow |
部分:访问要求Section: Access requirements 设置:访问时使用 Face ID 而非 PIN (iOS 11+/iPadOS)Setting: Face ID instead of PIN for access (iOS 11+/iPadOS) |
| PINExpiryDaysPINExpiryDays | x 个字符x characters | 部分:访问要求Section: Access requirements 设置:PIN 重置前的天数 > 天数Setting: PIN reset after number of days > Number of days |
| NonBioPassTimeOutRequiredNonBioPassTimeOutRequired | 0 = 非必需0 = Not required 1 = 必需1 = Require |
部分:访问要求Section: Access requirements 设置:超时后使用 PIN 覆盖 Touch IDSetting: Override Touch ID with PIN after timeout |
| NonBioPassTimeOutNonBioPassTimeOut | x 分钟x minutes | 部分:访问要求Section: Access requirements 设置:超时后使用 PIN 覆盖 Touch ID > 超时(非活动状态分钟数)Setting: Override Touch ID with PIN after timeout > Timeout (minutes of inactivity) |
| DictationBlockedDictationBlocked | 0 = 允许0 = Allow 1 = 阻止1 = Block |
没有针对此设置的管理控制。No administration control for this setting. |
| OfflineWipeIntervalOfflineWipeInterval | x 天x days | 注意:没有针对此设置的管理控制。Note: No admin control for this setting. |
| ProtocolExclusionsProtocolExclusions | 0 = 允许0 = Allow 1 = 阻止1 = Block |
部分:数据保护Section: Data Protection 设置:选择要豁免的应用Setting: Select apps to exempt |
| EnableOpenInFilterEnableOpenInFilter | 0 - 禁用0 = Disabled 1 = 启用1 = Enabled |
部分:数据保护Section: Data Protection 设置:将组织数据发送到其他应用 > 具有“打开方式/共享”筛选的策略托管应用Setting: Send Org data to other apps > Policy managed apps with Open-In/Share filtering |
| MinimumRequiredDeviceThreatProtectionLevelMinimumRequiredDeviceThreatProtectionLevel | 0 = 未配置0 = Not configured 1 = 安全1 = Secured 2 = 低2 = Low 3 = 中3 = Medium 4 = 高4 = High |
部分:条件启动Section: Conditional launch 设置:允许的最高设备威胁级别Setting: Max allowed device threat level |
| MobileThreatDefenseRemediationActionMobileThreatDefenseRemediationAction | 0 = 阻止访问0 = Block access 1 = 擦除数据1 = Wipe data |
部分:访问要求Section: Access requirements 设置:允许的最大设备威胁级别操作Setting: Max allowed device threat level action) |
| AllowedIOSModelsElseBlockAllowedIOSModelsElseBlock | x 个字符x characters | 部分:条件启动Section: Conditional launch 设置:具有“允许指定项(阻止非指定项)”操作的设备模型Setting: Device model(s) with action Allow specified (Block non-specific) |
| AllowedIOSModelsElseWipeAllowedIOSModelsElseWipe | x 个字符x characters | 部分:条件启动Section: Conditional launch 设置:具有“允许指定项(擦除非指定项)”操作的设备模型Setting: Device model(s) with action Allow specified (Wipe non-specific) |
| ProtectAllIncomingUnknownSourceDataProtectAllIncomingUnknownSourceData | 不适用N/A | 注意:Intune 服务不会主动使用。Note: Not actively used by Intune service. |
Android 应用保护策略设置Android App protection policy settings
| 名称Name | 值详细信息Value details | Microsoft 终结点管理器应用保护策略中的设置Setting in Microsoft Endpoint Manager App Protection Policy |
|---|---|---|
| AccessRecheckOfflineTimeoutAccessRecheckOfflineTimeout | x 分钟x minutes | 部分:条件启动Section: Conditional Launch 设置:操作“阻止访问(分钟)”的脱机宽限期Setting: Offline grace period with action Block access (minutes) |
| AccessRecheckOnlineTimeoutAccessRecheckOnlineTimeout | x 分钟x minutes | 部分:访问要求Section: Access requirements 设置:在(非活动状态的分钟数)后重新检查访问要求Setting: Recheck the access requirements after (minutes of inactivity) |
| AppPinDisabledAppPinDisabled | true = 必需true = Require false = 非必需false = Not required |
部分:访问要求Section: Access requirements 设置:应用 PIN(设置了设备 PIN 时)Setting: App PIN when device PIN is set |
| AllowedAndroidManufacturersElseBlockAllowedAndroidManufacturersElseBlock | 如果未设置,则为空,否则为允许的制造商列表Empty if not set, otherwise list of allowed manufacturers | 部分:条件启动Section: Conditional launch 设置:具有“允许指定项(阻止非指定项)”操作的设备制造商Setting: Device manufacturers with action Allow specified (Block non-specified) |
| AllowedAndroidManufacturersElseWipeAllowedAndroidManufacturersElseWipe | 如果未设置,则为空,否则为允许的制造商列表Empty if not set, otherwise list of allowed manufacturers | 部分:条件启动Section: Conditional launch 设置:具有“允许指定项(擦除非指定项)”操作的设备制造商Setting: Device manufacturers with action Allow specified (Wipe non-specified) |
| AllowedAndroidModelsElseBlockAllowedAndroidModelsElseBlock | 如果未设置,则为空,否则为允许的模型列表Empty if not set, otherwise list of allowed models | 没有针对此设置的管理控制。No administration control for this setting. |
| AllowedAndroidModelsElseWipeAllowedAndroidModelsElseWipe | 如果未设置,则为空,否则为允许的模型列表Empty if not set, otherwise list of allowed models | 没有针对此设置的管理控制。No administration control for this setting. |
| AndroidSafetyNetDeviceAttestationEnforcementAndroidSafetyNetDeviceAttestationEnforcement | NOT_REQUIRED = 未设置NOT_REQUIRED = not set BASIC_INTEGRITY = 基本完整性BASIC_INTEGRITY = Basic Integrity BASIC_INTEGRITY_AND_DEVICE_CERTIFICATION = 基本完整性和认证设备BASIC_INTEGRITY_AND_DEVICE_CERTIFICATION = Basic Integrity and certified devices |
部分:条件启动Section: Conditional launch 设置:SafetyNet 设备证明Setting: SafetyNet device attestation |
| AndroidSafetyNetDeviceAttestationFailedActionAndroidSafetyNetDeviceAttestationFailedAction | BLOCK = 阻止访问BLOCK = Block access WARN = 警告WARN = Warn WIPE_DATA = 擦除数据WIPE_DATA = Wipe Data |
部分:条件启动Section: Conditional launch 设置:SafetyNet 设备证明Setting: SafetyNet device attestation |
| AndroidSafetyNetVerifyAppsEnforcementTypeAndroidSafetyNetVerifyAppsEnforcementType | NOT_REQUIRED = 未设置NOT_REQUIRED = not set REQUIRE_ENABLED = 已配置REQUIRE_ENABLED = configured |
部分:条件启动Section: Conditional launch 设置:要求对应用进行威胁扫描Setting: Require threat scan on apps |
| AndroidSafetyNetVerifyAppsFailedActionAndroidSafetyNetVerifyAppsFailedAction | BLOCK = 阻止访问BLOCK = Block access WARN = 警告WARN = Warn |
部分:条件启动Section: Conditional launch 设置:要求对应用进行威胁扫描Setting: Require threat scan on apps |
| AppSharingFromLevelAppSharingFromLevel | BLOCKED = 无BLOCKED = None MANAGED = 策略托管应用MANAGED = Policy Managed apps UNRESTRICTED = 所有应用UNRESTRICTED = All apps |
部分:数据保护Section: Data Protection 设置:从其他应用接收数据Setting: Receive data from other apps |
| AppSharingToLevelAppSharingToLevel | BLOCKED = 无BLOCKED = None MANAGED = 策略托管应用MANAGED = Policy Managed apps UNRESTRICTED = 所有应用UNRESTRICTED = All app |
部分:数据保护Section: Data Protection 设置:将组织数据发送到其他应用Setting: Send org data to other apps |
| AuthenticationEnabledAuthenticationEnabled | false = 非必需false = Not required true = 必需true = Require |
部分:访问要求Section: Access requirements 设置:用于访问的工作或学校帐户凭据Setting: Work or school account credentials for access |
| BlockScreenCaptureBlockScreenCapture | false = 允许false = Allow true = 阻止true = Block |
部分:数据保护Section: Data Protection 设置:屏幕捕获和 Google 助手Setting: Screen capture and Google Assistant |
| ClipboardCharacterExceptionLengthClipboardCharacterExceptionLength | x 个字符x characters | 部分:数据保护Section: Data protection 设置:针对任何应用的字符剪切和复制限制Setting: Cut and copy character limit for any app |
| ClipboardSharingLevelClipboardSharingLevel | BLOCKED = 已阻止BLOCKED = Blocked MANAGED = 策略托管应用MANAGED = Policy managed apps MANAGED_PASTE_IN = 带粘贴的策略托管应用MANAGED_PASTE_IN = Policy managed apps with paste in UNMANAGED = 任何应用UNMANAGED = Any app |
部分:数据保护Section: Data Protection 设置:限制在其他应用间进行剪切、复制和粘贴Setting: Restrict cut, copy, and paste between other apps |
| ConditionalEncryptionEnabledConditionalEncryptionEnabled | false = 必需false = Require true = 非必需true = Not required |
部分:数据保护Section: Data Protection 设置:对已注册设备上的组织数据进行加密Setting: Encrypt org data on enrolled devices |
| ContactSyncDisabledContactSyncDisabled | false = 允许false = Allow true = 阻止true = Block |
部分:数据保护Section: Data Protection 设置:将应用与本机联系人应用进行同步Setting: Sync app with native contacts app |
| DataBackupDisabledDataBackupDisabled | false = 允许false = Allow true = 阻止true = Block |
部分:数据保护Section: Data Protection 设置:阻止备份Setting: Prevent backups |
| DeviceComplianceEnabledDeviceComplianceEnabled | false = Falsefalse = False true = Truetrue = True |
部分:条件启动Section: Conditional Launch 设置:已越狱/获得 root 权限的设备Setting: Jailbroken/rooted devices |
| DeviceComplianceFailureActionDeviceComplianceFailureAction | BLOCK = 阻止访问BLOCK = Block acess WIPE_DATA = 擦除数据WIPE_DATA = Wipe data |
部分:条件启动Section: Conditional Launch 设置:已越狱/获得 root 权限的设备Setting: Jailbroken/rooted devices |
| DialerRestrictionLevelDialerRestrictionLevel | 0 = 无,不在应用之间传输此数据0 = None, do not transfer this data between apps 1 = 特定拨号应用1 = A specific dialer app 2 = 任何由策略管理的拨号应用2 = Any policy-managed dialer app 3 = 任何拨号应用3 = Any dialer app |
部分:数据保护Section: Data Protection 设置:将电信数据传输到Setting: Transfer telecommunication data to |
| DictationBlockedDictationBlocked | false = 允许false = Allow true = 阻止true = Block |
没有针对此设置的管理控制。No administration control for this setting. |
| FileEncryptionKeyLengthFileEncryptionKeyLength | 128128 256256 |
没有针对此设置的管理控制。No administration control for this setting. |
| FileSharingSaveAsDisabledFileSharingSaveAsDisabled | false = 允许false = Allow true = 阻止true = Block |
部分:数据保护Section: Data Protection 设置:保存组织数据的副本Setting: Save copies of org data |
| IntuneMAMPolicyVersionIntuneMAMPolicyVersion | 版本号version number | 不适用N/A |
| isManagedisManaged | truetrue falsefalse |
不适用N/A |
| KeyboardsRestrictedKeyboardsRestricted | true = 必需true = Required false = 非必需false = Not required |
部分:数据保护Section: Data Protection 设置:批准的键盘Setting: Approved keyboards |
| ManagedBrowserRequiredManagedBrowserRequired | true = Microsoft Edge 或非托管浏览器true = Microsoft Edge or Unmanaged browser false = 任何应用false = Any app |
部分:数据保护Section: Data Protection 设置:限制向其他应用传输 Web 内容。Setting: Restrict web content transfer to other apps app. |
| ManagedLocationsManagedLocations | 该值表示应用可以将数据保存到的托管存储位置数,用分号隔开。A value that represents the number of managed storage locations to which the app can save data, separated by a semi-colon. ONEDRIVE_FOR_BUSINESSONEDRIVE_FOR_BUSINESS SHAREPOINTSHAREPOINT LOCALLOCAL |
部分:数据保护Section: Data Protection 设置:允许用户将副本保存到所选的服务Setting: Allow user to save copies to selected services |
| MaxPinRetryExceededActionMaxPinRetryExceededAction | RESET_PIN = 重置 PINRESET_PIN = Reset PIN WIPE_DATA = 擦除数据WIPE_DATA = Wipe data |
部分:条件启动Section: Conditional launch 设置:最大 PIN 尝试次数Setting: Max PIN attempts |
| MinAppVersionMinAppVersion | "0.0" = 无最低应用版本"0.0" = no minimum app version 任何其他 = 最低应用版本anything else = minimum app version |
部分:条件启动Section: Conditional launch 设置:操作“阻止访问”的最低应用版本Setting: Min app version with action Block access |
| MinAppVersionWarningMinAppVersionWarning | "0.0" = 无最低应用版本。"0.0" = no minimum app version. 任何其他 = 最低应用版本anything else = minimum app version |
部分:条件启动Section: Conditional launch 设置:操作“警告”的最低应用版本Setting: Min app version with action Warn |
| MinAppVersionWipeMinAppVersionWipe | "0.0" = 无最低操作系统版本"0.0" = no minimum OS version 任何其他 = 最低操作系统版本anything else = minimum OS version |
部分:条件启动Section: Conditional launch 设置:操作“擦除数据”的最低应用版本Setting: Min app version with action Wipe data |
| MinOsVersionMinOsVersion | "0.0" = 无最低操作系统版本"0.0" = no minimum OS version 任何其他 = 最低操作系统版本anything else = minimum OS version |
部分:条件启动Section: Conditional launch 设置:操作“阻止访问”的最低操作系统版本Setting: Min OS version with action Block access |
| MinOsVersionWarningMinOsVersionWarning | "0.0" = 无最低操作系统版本"0.0" = no minimum OS version 任何其他 = 最低操作系统版本anything else = minimum OS version |
部分:条件启动Section: Conditional launch 设置:操作“警告”的最低操作系统版本Setting: Min OS version with action Warn |
| MinOsVersionWipeMinOsVersionWipe | "0.0" = 无最低操作系统版本"0.0" = no minimum OS version 任何其他 = 最低操作系统版本anything else = minimum OS version |
部分:条件启动Section: Conditional launch 设置:操作“擦除数据”的最低操作系统版本Setting: Min OS version with action Wipe data |
| MinPatchVersionMinPatchVersion | "0000-00-00" = 无最低修补程序版本"0000-00-00" = no minimum Patch version 任何其他 = 最低修补程序版本anything else = minimum Patch version |
部分:条件启动Section: Conditional launch 设置:“阻止访问”操作的最低修补程序版本Setting: Min Patch version with action Block access |
| MinPatchVersionWarningMinPatchVersionWarning | "0000-00-00" = 无最低修补程序版本"0000-00-00" = no minimum Patch version 任何其他 = 最低修补程序版本anything else = minimum Patch version |
部分:条件启动Section: Conditional launch 设置:“警告”操作的最低修补程序版本Setting: Min Patch version with action Warn |
| MinPatchVersionWipeMinPatchVersionWipe | "0000-00-00" = 无最低修补程序版本"0000-00-00" = no minimum Patch version 任何其他 = 最低修补程序版本anything else = minimum Patch version |
部分:条件启动Section: Conditional launch 设置:“擦除数据”操作的最低修补程序版本Setting: Min Patch version with action Wipe data |
| MinimumRequiredCompanyPortalVersionMinimumRequiredCompanyPortalVersion | "0.0" = 无最低公司门户版本"0.0" = no minimum Company Portal version 任何其他 = 最低公司门户版本anything else = minimum Company Portal version |
部分:条件启动Section: Conditional launch 设置:“阻止访问”操作的最低公司门户版本Setting: Min Company Portal version with action Block access |
| MinimumRequiredDeviceThreatProtectionLevelMinimumRequiredDeviceThreatProtectionLevel | NOT_SET = 未在策略中定义NOT_SET = not defined in the policy SECURED = 安全SECURED = Secured LOW = 低LOW = Low MEDIUM = 中MEDIUM = Medium HIGH = 高HIGH = High |
部分:条件启动Section: Conditional launch 设置:允许的最高设备威胁级别Setting: Max allowed device threat level |
| MinimumWarningCompanyPortalVersionMinimumWarningCompanyPortalVersion | "0.0" = 无最低公司门户版本"0.0" = no minimum Company Portal version 任何其他 = 最低公司门户版本anything else = minimum Company Portal version |
部分:条件启动Section: Conditional launch 设置:“警告”操作的最低公司门户版本Setting: Min Company Portal version with action Warn |
| MinimumWipeCompanyPortalVersionMinimumWipeCompanyPortalVersion | "0.0" = 无最低公司门户版本"0.0" = no minimum Company Portal version 任何其他 = 最低公司门户版本anything else = minimum Company Portal version |
部分:条件启动Section: Conditional launch 设置:“擦除数据”操作的最低公司门户版本Setting: Min Company Portal version with action Wipe data |
| MobileThreatDefenseRemediationActionMobileThreatDefenseRemediationAction | BLOCK = 阻止访问BLOCK = Block Access WIPE_DATA = 擦除数据WIPE_DATA = Wipe data |
部分:条件启动Section: Conditional launch 设置:允许的最高设备威胁级别Setting: Max allowed device threat level |
| NonBioPassTimeOutNonBioPassTimeOut | x 分钟x minutes | 部分:访问要求Section: Access requirements 设置:超时后使用 PIN 替代指纹 > 超时(非活动状态分钟数)Setting: Override fingerprint with PIN after timeout > Timeout (minutes of inactivity) |
| NonBioPassTimeOutRequiredNonBioPassTimeOutRequired | false = 非必需false = Not required true = 必需true = Require |
部分:访问要求Section: Access requirements 设置:超时后使用 PIN 替代指纹Setting: Override fingerprint with PIN after timeout |
| NotificationRestrictionNotificationRestriction | UNRESTRICTED = 允许UNRESTRICTED = Allow BLOCK_ORG_DATA = 阻止组织数据BLOCK_ORG_DATA = Block Org Data BLOCK = 阻止BLOCK = Block |
部分:数据保护Section: Data Protection 设置:组织数据通知Setting: Org data notifications |
| PINCharacterTypePINCharacterType | PASSCODE = 密码PASSCODE = Passcode NUMERIC = 数值NUMERIC = Numeric |
部分:访问要求Section: Access requirements 设置:PIN 类型Setting: Pin type |
| PINEnabledPINEnabled | false = 非必需false = Not required true = 必需true = Require |
部分:访问要求Section: Access requirements 设置:需要 PIN 才能进行访问Setting: PIN for access |
| PINMinLengthPINMinLength | x 个字符x characters | 部分:访问要求Section: Access requirements 设置:选择最小 PIN 长度Setting: Select minimum PIN length |
| PINNumRetryPINNumRetry | x 次尝试x attempts | 部分:条件启动Section: Conditional launch 设置:最大 PIN 尝试次数Setting: Max PIN attempts |
| PackageExclusionsPackageExclusions | 如果未配置捆绑 ID,则为空,否则为分号隔开的捆绑 IDEmpty if no bundle IDs are configured, otherwise bundle IDs separated by a semi-colon | 部分:数据保护Section: Data protection 设置:选择要豁免的应用Setting: Select apps to exempt |
| PinHistoryLengthPinHistoryLength | 要保留的 x PIN 值x PIN values to maintain | 部分:访问要求Section: Access requirements 设置:选择要保留的曾用 PIN 值个数Setting: Select number of previous PIN values to maintain |
| PolicyCountPolicyCount | 数值number | 不适用N/A |
| PrintingBlockedPrintingBlocked | false = 允许false = Allow true = 阻止true = Block |
部分:数据保护Section: Data Protection 设置:打印组织数据Setting: Printing org data |
| RequireFileEncryptionRequireFileEncryption | false = 非必需false = Not required true = 必需true = Require |
部分:数据保护Section: Data Protection 设置:对组织数据进行加密Setting: Encrypt org data |
| SimplePINAllowedSimplePINAllowed | false = 阻止false = Block true = 允许true = Allow |
部分:访问要求Section: Access requirements 设置:简单 PINSetting: Simple PIN |
| SpecificDialerDisplayNameSpecificDialerDisplayName | 拨号应用名称Dialer app name | 部分:数据保护Section: Data Protection 设置:拨号应用名称Setting: Dialer app name |
| SpecificDialerPackageIDSpecificDialerPackageID | 拨号应用捆绑 IDDialer app bundle ID | 部分:数据保护Section: Data Protection 设置:拨号应用包 IDSetting: Dialer App Package ID |
| TouchIDEnabledTouchIDEnabled | false = 阻止false = Block true = 允许true = Allow |
部分:访问要求Section: Access requirements 设置:访问时使用指纹而非 PIN (Android 6.0+)Setting: Fingerprint instead of PIN for access (Android 6.0+) |
| ThirdPartyKeyboardsBlockedThirdPartyKeyboardsBlocked | 0 = 允许0 = Allow 1 = 阻止1 = Block |
部分:数据保护Section: Data Protection 设置:第三方键盘Setting: Third party keyboards |
| FaceIDEnabledFaceIDEnabled | 0 = 阻止0 = Block 1 = 允许1 = Allow |
部分:访问要求Section: Access requirements 设置:访问时使用 Face ID 而非 PIN (iOS 11+/iPadOS)Setting: Face ID instead of PIN for access (iOS 11+/iPadOS) |
| PINExpiryDaysPINExpiryDays | x 个字符x characters | 部分:访问要求Section: Access requirements 设置:PIN 重置前的天数 > 天数Setting: PIN reset after number of days > Number of days |
| UnmanagedBrowserDisplayNameUnmanagedBrowserDisplayName | 非托管 Wed 浏览器显示名称Unmanaged web browser display name | 部分:数据保护Section: Data protection 设置:非托管浏览器名称Setting: Unmanaged Browser name |
| UnmanagedBrowserPackageIDUnmanagedBrowserPackageID | 非托管 Web 浏览器包 IDUnmanaged web browser package ID | 部分:数据保护Section: Data protection 设置:非托管浏览器 IDSetting: Unmanaged Browser ID |
后续步骤Next steps
- 若要了解有关应用保护策略的详细信息,请参阅什么是应用保护策略?To learn more about app protection policies, see What are app protection policies?
- Intune 提供了多种工具来帮助你解决环境中的问题。Intune offers a number of tools to help you troubleshoot issues in your environment. 有关详细信息,请参阅使用疑难解答门户帮助用户。For more information, see Use the troubleshooting portal to help users.