Intune 中 Android 和 Samsung Knox Standard 设备限制设置列表Android and Samsung Knox Standard device restriction settings lists in Intune

本文介绍可为运行 Android 的设备配置的所有 Microsoft Intune 设备限制设置。This article shows you all the Microsoft Intune device restrictions settings that you can configure for devices running Android.

提示

如果所需设置不可用,可能能够使用自定义配置文件来配置设备。If the settings you want are not available, you might be able to configure your devices using a custom profile.

在开始之前Before you begin

创建 Android 设备管理员设备限制配置文件Create an Android device administrator device restrictions configuration profile.

常规General

  • 照相机:设置为“阻止”可阻止访问设备照相机 。Camera: Block prevents access to the device camera. 设置为“未配置”(默认)时,Intune 不会更改或更新此设置 。When set to Not configured (default), Intune doesn't change or update this setting. 默认情况下,OS 可能允许访问设备的照相机。By default, the OS might allow access to the device camera.

    Intune 只管理对设备照相机的访问。Intune only manages access to the device camera. 它无法访问图片或视频。It doesn't have access to pictures or videos.

  • 复制和粘贴(仅限 Samsung Knox) :设置为“阻止”可阻止复制和粘贴 。Copy and paste (Samsung Knox only): Block prevents copy-and-paste. 设置为“未配置”可允许使用设备上的复制和粘贴功能 。Not configured allows copy and paste functions on devices.

  • 应用间的剪贴板共享(仅限 Samsung Knox) :选择“阻止”可阻止使用剪贴板在应用之间进行复制和粘贴 。Clipboard sharing between apps (Samsung Knox only): Block prevents using the clipboard to copy-and-paste between apps. 设置为“未配置”(默认)时,Intune 不会更改或更新此设置 。When set to Not configured (default), Intune doesn't change or update this setting. 默认情况下,OS 可能允许在设备上使用复制和粘贴功能。By default, the OS might allow copy and paste functions on devices.

  • 诊断数据提交(仅限 Samsung Knox) :设置为“阻止”可阻止用户从设备提交 bug 报告 。Diagnostic data submission (Samsung Knox only): Block stops users from submitting bug reports from devices. 设置为“未配置”(默认)时,Intune 不会更改或更新此设置 。When set to Not configured (default), Intune doesn't change or update this setting. 默认情况下,OS 可能允许用户提交数据。By default, the OS might allow users to submit the data.

  • 擦除(仅限 Samsung Knox) :允许用户在设备上运行擦除操作。Wipe (Samsung Knox only): Allows users to run a wipe action on devices. 设置为“未配置”(默认)时,Intune 不会更改或更新此设置 。When set to Not configured (default), Intune doesn't change or update this setting.

  • 地理位置(仅限 Samsung Knox) :设置为“阻止”可禁止设备使用位置信息 。Geolocation (Samsung Knox only): Block disables devices from using location information. 设置为“未配置”(默认)时,Intune 不会更改或更新此设置 。When set to Not configured (default), Intune doesn't change or update this setting. 默认情况下,OS 可能允许设备使用位置信息。By default, the OS might allow devices to use the location information.

  • 关闭电源(仅限 Samsung Knox) :设置为“阻止”可阻止用户关闭设备电源 。Power off (Samsung Knox only): Block prevents users from powering off device. 还可阻止配置和使用“擦除设备前的登录失败次数”设置 。It also prevents the Number of sign-in failures before wiping device setting from being configured, and from working. 设置为“未配置”(默认)时,Intune 不会更改或更新此设置 。When set to Not configured (default), Intune doesn't change or update this setting. 默认情况下,OS 可能允许用户关闭设备电源。By default, the OS might allow users to power off devices.

  • 屏幕捕获(仅限 Samsung Knox) :设置为“阻止”可阻止屏幕截图 。Screen capture (Samsung Knox only): Block prevents screenshots. 设置为“未配置”(默认)时,Intune 不会更改或更新此设置 。When set to Not configured (default), Intune doesn't change or update this setting. 默认情况下,OS 可能允许用户以图像形式捕获屏幕内容。By default, the OS might let users capture the screen contents as an image.

  • 语音助手(仅限 Samsung Knox) :设置为“阻止”可禁用 S Voice 服务 。Voice assistant (Samsung Knox only): Block disables the S Voice service. 设置为“未配置”(默认)时,Intune 不会更改或更新此设置 。When set to Not configured (default), Intune doesn't change or update this setting. 默认情况下,OS 可能允许在设备上使用 S Voice 服务和应用。By default, the OS might allow using the S Voice service and app on devices. 此设置不适用于 Bixby 或用于朗读屏幕内容的辅助功能的语音助手。This setting doesn't apply to Bixby or the voice assistant for accessibility that reads the screen content aloud.

  • YouTube(仅限 Samsung Knox) :设置为“阻止”可阻止用户使用 YouTube 应用 。YouTube (Samsung Knox only): Block prevents users from using the YouTube app. 设置为“未配置”(默认)时,Intune 不会更改或更新此设置 。When set to Not configured (default), Intune doesn't change or update this setting. 默认情况下,OS 可能允许在设备上使用 YouTube 应用。By default, the OS might allow using the YouTube app on devices.

  • 共享设备(仅限 Samsung Knox) :将托管的 Samsung KNOX 标准设备配置为共享。Shared devices (Samsung Knox only): Configure a managed Samsung Knox Standard device as shared. 设置为“允许”可允许用户使用其 Azure AD 凭据登录或注销设备 。Allow lets users sign in and out of devices with their Azure AD credentials. 设备仍然受到管理,无论是否正在使用中。Devices stay managed, whether they're in use or not.

    与 SCEP 证书配置文件一起使用时,此功能允许用户与所有用户共享具有相同应用的设备。When used in with a SCEP certificate profile, this feature allows users to share a device with the same apps for all users. 但每个用户都有其自己的 SCEP 用户证书。But, each user has their own SCEP user certificate. 用户注销时,会清除所有应用数据。When users sign out, all app data is cleared. 此功能仅限于 LOB 应用。This feature is limited to LOB apps only.

    设置为“未配置”(默认)时,Intune 不会更改或更新此设置 。When set to Not configured (default), Intune doesn't change or update this setting. 默认情况下,OS 可能阻止多个用户在设备上使用其 Azure AD 凭据登录公司门户应用。By default, the OS might prevent multiple users from signing in to the Company Portal app on devices using their Azure AD credentials.

  • 更改日期和时间 (Samsung Knox) :设置为“阻止”可阻止用户更改设备上的日期和时间设置 。Block date and time changes (Samsung Knox): Block prevents users from changing the date and time settings on devices. 设置为“未配置”(默认)时,Intune 不会更改或更新此设置 。When set to Not configured (default), Intune doesn't change or update this setting. 默认情况下,OS 可能允许用户更改日期和时间设置。By default, the OS might allow users to change the date and time settings.

PasswordPassword

  • 加密:选择“必需”,以便对设备上的文件进行加密。Encryption: Select Require so that files on the device are encrypted. 并非所有设备都支持加密。Not all devices support encryption. 设置为“未配置”(默认)时,Intune 不会更改或更新此设置。When set to Not configured (default), Intune doesn't change or update this setting. 若要配置此设置并正确报告合规性,还需要配置:To configure this setting, and correctly report compliance, also configure:

    1. 密码:设置为“需要” 。Password: Set to Require.
    2. 所需的密码类型:设置为“至少包含数字” 。Required password type: Set to At least numeric.
    3. 最短密码长度:设置为至少包含 4Minimum password length: Set to at least 4.

    备注

    如果强制执行了加密策略,则 Samsung Knox 设备要求用户设置六个字符的复杂密码作为设备密码。If an encryption policy is enforced, Samsung Knox devices require users to set a 6-character complex password as the device passcode.

所有 Android 设备All Android devices

这些设置适用于 Android 4.0 和更高版本,以及 Knox 4.0 和更高版本。These settings apply to Android 4.0 and newer, and Knox 4.0 and newer.

  • 屏幕锁定前的最大非活动分钟数:输入设备在屏幕自动锁定前必须处于空闲状态的时间长度。Maximum minutes of inactivity until screen locks: Enter the length of time a device must be idle before the screen is automatically locked. 例如,输入 5 可在空闲 5 分钟后锁定设备。For example, enter 5 to lock devices after 5 minutes of being idle. 值为空或设置为“未配置”时,Intune 不会更改或更新此设置 。When the value is blank or set to Not configured, Intune doesn't change or update this setting.

    在设备上,用户设置的时间值不能大于在配置文件中配置的时间。On a device, users can't set a time value greater than the configured time in the profile. 用户可以设置更低的时间值。Users can set a lower time value. 例如,如果配置文件设置为 15 分钟,则用户可将值设置为 5 分钟。For example, if the profile is set to 15 minutes, users can set the value to 5 minutes. 用户不得将值设置为 30 分钟。Users can't set the value to 30 minutes.

  • 擦除设备前的登录失败次数:输入设备擦除前允许的错误密码数,从 4-11。Number of sign-in failures before wiping device: Enter the number of wrong passwords allowed before devices are wiped, from 4-11. 如果为 0(零),可能会禁用设备擦除功能。0 (zero) might disable device wipe functionality. 如果该值为空,Intune 不会更改或更新此设置。When the value is blank, Intune doesn't change or update this setting.

  • 密码:设置为“需要”时,用户必须输入密码才能访问设备。Password: Require users to enter a password to access devices. 设置为“未配置”(默认)时,Intune 不会更改或更新此设置。When set to Not configured (default), Intune doesn't change or update this setting. 默认情况下,OS 可能允许用户无需输入密码即可访问设备。By default, the OS might allow users to access devices without entering a password.

    备注

    在 MDM 注册期间,Samsung Knox 设备自动要求使用 4 位数的 PIN。Samsung Knox devices automatically require a 4-digit PIN during MDM enrollment. 本机 Android 设备可能会自动要求,必须有 PIN 才符合条件访问。Native Android devices may automatically require a PIN to become compliant with Conditional Access.

Android 10 及更高版本Android 10 and later

  • 密码复杂性:输入所需的密码复杂性。Password complexity: Enter the required password complexity. 选项包括:Your options:

    • 无(默认值):无需密码。None (default): No password required.
    • :密码满足以下条件之一:Low: The password satisfies one of the following conditions:
      • 模式Pattern
      • PIN 具有重复 (4444) 或有序(1234、4321、2468)序列。PIN has a repeating (4444) or ordered (1234, 4321, 2468) sequence.
    • :密码满足以下条件之一:Medium: The password satisfies one of the following conditions:
      • PIN 不具有重复 (4444) 或有序(1234、4321、2468)序列,且其长度至少为 4。PIN doesn’t have a repeating (4444) or ordered (1234, 4321, 2468) sequence, and has minimum length of 4.
      • 为字母,长度至少为 4。Alphabetic, with a minimum length of 4.
      • 为字母数字,长度至少为 4。Alphanumeric, with a minimum length of 4.
    • :密码满足以下条件之一:High: The password satisfies one of the following conditions:
      • PIN 不具有重复 (4444) 或有序(1234、4321、2468)序列,且其长度至少为 8。PIN doesn’t have a repeating (4444) or ordered (1234, 4321, 2468) sequence, and has minimum length of 8.
      • 为字母,长度至少为 6。Alphabetic, with a minimum length of 6.
      • 为字母数字,长度至少为 6。Alphanumeric, with a minimum length of 6.

    此设置适用于:This setting applies to:

    • Android 10 及更高版本,但不适用于 Samsung Knox。Android 10 and newer, but not on Samsung Knox.

    重要

    密码复杂性设置处于开发阶段。The Password complexity setting is a work in progress. 密码复杂性将于 2020 年 10 月底在设备上生效。In late October 2020, Password complexity will take effect on devices.

    如果将“密码复杂度”设置为除“无”以外的选项,还请将“密码”设置设为“需要”,这可以在“所有 Android 设备”部分下找到。If you set Password complexity to something other than None, then also set the Password setting to Require, which is found under the All Android devices section. 如果具有密码的用户不符合复杂性要求,则会收到一条更新其密码的警告。Users with passwords that don't meet your complexity requirements receive a warning to update their password. 如果未将“密码”设置设为“必需”,则具有弱密码的用户不会收到警告。If you don’t set the Password setting to Require, users with weak passwords won’t receive the warning.

Android 9 及更早版本或 Samsung Knox(任何版本)Android 9 and earlier, or Samsung Knox (any version)

  • 最短密码长度:输入所需的最小字符数,范围为 4-16 个。Minimum password length: Enter the minimum number of characters required, from 4-16. 例如,输入 6 可要求密码长度至少为六个数字或字符。For example, enter 6 to require at least six numbers or characters in the password length.

  • 密码过期(天) :输入在用户必须更改设备密码前,设备密码保持有效的天数(介于 1-365 天之间)。Password expiration (days): Enter the number of days, until the device password must be changed, from 1-365. 例如,要使密码在 90 天后过期,请输入 90For example, enter 90 to expire the password after 90 days. 密码到期后,系统会提示用户创建新密码。When the password expires, users are prompted to create a new password. 如果该值为空,Intune 不会更改或更新此设置。When the value is blank, Intune doesn't change or update this setting.

  • 所需的密码类型:输入所需的密码复杂性级别以及是否可以使用生物识别设备。Required password type: Enter the required password complexity level, and whether biometric devices can be used. 选项包括:Your options:

    • 设备默认值Device default

    • 低安全性生物识别强与弱生物识别(打开 Android 的网站)Low security biometric: Strong vs. weak biometrics (opens Android's web site)

    • 至少包含数字:包含数字字符,如 123456789At least numeric: Includes numeric characters, such as 123456789.

    • 数字复杂度:不允许使用重复或连续数字(例如,“1111”或“1234”)。Numeric complex: Repeated or consecutive numbers, such as "1111" or "1234", aren't allowed. 向设备分配此设置之前,请确保将这些设备上的公司门户更新至最新版本。Before you assign this setting to devices, be sure to update the Company Portal app to the latest version on those devices.

      如果设置为“数值复杂度”,并将设置分配给运行 Android 版本早于 5.0 的设备,则以下行为适用 :When set to Numeric complex, and you assign the setting to devices running an Android version earlier than 5.0, then the following behavior applies:

      • 如果公司门户应用运行的版本低于 1704,则不会向设备应用任何 PIN 策略,并且 Microsoft Endpoint Manager 管理中心中会显示错误。If the Company Portal app is running a version earlier than 1704, no PIN policy applies to devices, and an error shows in the Microsoft Endpoint Manager admin center.
      • 如果公司门户应用运行 1704 版本或更高版本,则只能应用简单的 PIN。If the Company Portal app runs the 1704 version or later, only a simple PIN can be applied. 5.0 以前的 Android 版本不支持此设置。Android version earlier than 5.0 don't support this setting. Microsoft 终结点管理器管理中心未显示任何错误。No error is shown in the Microsoft Endpoint Manager admin center.
    • 至少为字母:包含字母表中的字母。At least alphabetic: Includes letters in the alphabet. 不使用数字和符号。Numbers and symbols aren't required.

    • 至少包含字母数字:包括大写字母、小写字母和数字字符。At least alphanumeric: Includes uppercase letters, lowercase letters, and numeric characters.

    • 至少为包含符号的字母数字:包括大写字母、小写字母、数字字符、标点和符号。At least alphanumeric with symbols: Includes uppercase letters, lowercase letters, numeric characters, punctuation marks, and symbols.

  • 防止重用以前的密码:使用此设置可限制用户创建以前用过的密码。Prevent reuse of previous passwords: Use this setting to restrict users from creating previously used passwords. 输入以前用过的不能重用的密码数,从 1 到 24。Enter the number of previously used passwords that can't be used, from 1-24. 例如,输入 5 意味着用户不能将其新密码设置为当前密码或以前四个密码中的任何一个。For example, enter 5 so users can't set a new password to their current password or any of their previous four passwords. 如果该值为空,Intune 不会更改或更新此设置。When the value is blank, Intune doesn't change or update this setting.

  • 指纹解锁(仅限 Samsung Knox) :设置为“阻止”可阻止使用指纹解锁设备 。Fingerprint unlock (Samsung Knox only): Block prevents using a fingerprint to unlock devices. 设置为“未配置”(默认值)时,Intune 不会更改或更新此设置。默认情况下,OS 可能允许用户使用指纹解锁设备 。When set to Not configured (default), Intune doesn't change or update this setting.By default, the OS might allow users to unlock devices using a fingerprint.

  • Smart Lock 和其他信任代理:设置为“阻止”可阻止 Smart Lock 或其他信任代理调整锁屏界面设置 。Smart Lock and other trust agents: Block prevents Smart Lock or other trust agents from adjusting lock screen settings. 此功能(也称为“信任代理”)可以在设备处于可信任位置时禁用或绕过设备锁屏界面密码。If the device is in a trusted location, then this feature, also known as a trust agent, lets you disable or bypass the device lock screen password. 例如,设备连接到特定的蓝牙设备时或靠近 NFC 标签时使用此功能。For example, use this feature when devices are connected to a specific Bluetooth device, or when devices are close to an NFC tag. 可以使用此设置防止用户配置 Smart Lock。You can use this setting to prevent users from configuring Smart Lock.

    设置为“未配置”(默认)时,Intune 不会更改或更新此设置 。When set to Not configured (default), Intune doesn't change or update this setting.

    此设置适用于:This setting applies to:

    • Samsung KNOX 标准版 5.0 及更高版本Samsung KNOX Standard 5.0 and newer

Google Play StoreGoogle Play Store

  • Google Play 商店(仅限 Samsung Knox) :设置为“阻止”可阻止用户使用 Google Play 商店 。Google Play store (Samsung Knox only): Block prevents users from using the Google Play store. 设置为“未配置”(默认)时,Intune 不会更改或更新此设置 。When set to Not configured (default), Intune doesn't change or update this setting. 默认情况下,OS 可能允许用户访问设备上的 Google Play 商店。By default, the OS might allow users to access the Google Play store on devices.

受限制的应用Restricted apps

Android 和 Samsung Knox Standard 设备上支持此功能。This feature is supported on Android and Samsung Knox Standard devices.

  • 受限应用类型列表:创建要在设备上允许或阻止的应用的列表。Type of restricted apps list: Create a list of apps to allow or block on devices. Android 和 Samsung Knox Standard 设备上支持此功能。This feature is supported on Android and Samsung Knox Standard devices. 选项包括:Your options:

    • 未配置(默认):Intune 不会更改或更新此设置。Not configured (default): Intune doesn't change or update this setting.
    • 禁止的应用:列出不允许用户安装和运行的应用(未由 Intune 托管)。Prohibited apps: List the apps (not managed by Intune) that users aren't allowed to install and run. 如果用户安装此列表中的某个应用,Intune 会通知你。If a user installs an app from this list, you're notified by Intune.
    • 允许的应用: 列出允许用户安装的应用。Approved apps: List the apps that users are allowed to install. 为了保持兼容性,用户不得安装其他应用。To stay compliant, users must not install other apps. 系统会自动允许由 Intune 管理的应用,包括公司门户应用。Apps that are managed by Intune are automatically allowed, including the Company Portal app.
  • 应用列表:添加 应用:Apps list: Add your app:

    • App Store URL:输入所需应用的 Google Play 商店 URL。App store URL: Enter the Google Play Store URL of the app you want. 例如,要添加适用于 Android 的 Microsoft 远程桌面应用,请输入 https://play.google.com/store/apps/details?id=com.microsoft.rdc.androidFor example, to add the Microsoft Remote Desktop app for Android, enter https://play.google.com/store/apps/details?id=com.microsoft.rdc.android.

      若要查找应用的 URL,请打开 Google Play 商店,并搜索该应用。To find the URL of an app, open the Google Play store, and search for the app. 例如,搜索 Microsoft Remote Desktop Play StoreMicrosoft PlannerFor example, search for Microsoft Remote Desktop Play Store or Microsoft Planner. 选择应用并复制 URL。Select the app, and copy the URL.

    • 应用捆绑 ID:输入应用程序包 ID。App bundle ID: Enter the app bundle ID.

    • 应用名称:输入所需的名称。App name: Enter the name you want. 此名称向用户显示。This name is shown to users.

    • 发布者(可选):输入应用的发布者,如 MicrosoftPublisher (optional): Enter the publisher of the app, such as Microsoft.

还可以导入包含应用详细信息的 CSV 文件,包括 URL 。You can also Import a CSV file with details about the app, including the URL. 使用 <应用 url >, <应用名称 >, <应用发行者 > 格式。Use the <app url>, <app name>, <app publisher> format. 或,导出 包含相同格式的受限应用列表的现有列表。Or, Export an existing list that includes the restricted apps list in the same format.

重要

使用受限应用设置的设备配置文件必须分配给用户组,而不是设备组。Device profiles that use the restricted app settings must be assigned to user groups, not device groups.

浏览器Browser

  • Web 浏览器(仅限 Samsung Knox) :设置为“阻止”可阻止在设备上使用默认 Web 浏览器 。Web browser (Samsung Knox only): Block prevents the default web browser from being used on devices. 设置为“未配置”(默认)时,Intune 不会更改或更新此设置 。When set to Not configured (default), Intune doesn't change or update this setting. 默认情况下,OS 可能允许使用设备的默认 Web 浏览器。By default, the OS might allow the device's default web browser to be used.
  • 自动填充(仅限 Samsung Knox) :设置为“阻止”可阻止浏览器自动填充文本 。Autofill (Samsung Knox only): Block prevents the browser from automatically filling in text. 设置为“未配置”(默认)时,Intune 不会更改或更新此设置 。When set to Not configured (default), Intune doesn't change or update this setting. 默认情况下,OS 可能允许自动填充。By default, the OS might allow Autofill.
  • Cookie(仅限 Samsung Knox) :选择如何在设备上处理网站的 cookie。Cookies (Samsung Knox only): Choose how to handle cookies from websites on devices. 选项包括:Your options:
    • AllowAllow
    • 阻止所有 cookieBlock all cookies
    • 允许访问的网站的 cookieAllow cookies from visited web sites
    • 允许当前网站的 cookieAllow cookies from current web site
  • JavaScript(仅限 Samsung Knox) :设置为“阻止”可阻止在设备上运行浏览器中的 Java 脚本 。JavaScript (Samsung Knox only): Block prevents JavaScript from running in the browser. 设置为“未配置”(默认)时,Intune 不会更改或更新此设置 。When set to Not configured (default), Intune doesn't change or update this setting. 默认情况下,OS 可能允许使用这些脚本。By default, the OS might allow these scripts.
  • 弹出窗口(仅限 Samsung Knox) :设置为“阻止”将打开弹出窗口阻止程序,以阻止 Web 浏览器中的弹出窗口 。Pop-ups (Samsung Knox only): Block turns on Pop-up Blocker to prevent pop-ups in the web browser. 设置为“未配置”(默认)时,Intune 不会更改或更新此设置 。When set to Not configured (default), Intune doesn't change or update this setting. 默认情况下,OS 可能允许弹出窗口。By default, the OS might allow pop-ups.

允许或禁止应用Allow or Block apps

使用这些设置允许、阻止或隐藏在 Samsung Knox Standard 设备上运行特定应用。Use these settings to allow, block, or hide specific apps on Samsung Knox Standard devices. 用户无法打开或运行隐藏的应用。Apps that are hidden can't be opened or ran by users.

选项包括:Your options:

  • 允许安装的应用(仅限 Samsung Knox Standard) :添加用户可以安装的应用。Apps allowed to be installed (Samsung Knox Standard only): Add apps that users can install. 用户无法安装列表中没有的应用。Users can't install apps that aren't on the list.
  • 禁止启动的应用(仅限 Samsung Knox Standard) :输入用户不能在其设备上运行的应用。Apps blocked from launching (Samsung Knox Standard only): Enter the apps that users can't run on their device.
  • 对用户隐藏的应用(仅限 Samsung Knox Standard) :输入在设备上隐藏的应用。Apps hidden from user (Samsung Knox Standard only): Enter the apps that are hidden on devices. 用户无法发现或运行这些应用。Users can't discover or run these apps.

对于每个设置,添加你的应用:For each setting, add your apps:

  • 按包名称添加应用:输入应用和应用包的名称。Add apps by package name: Enter the app name, and the name of the app package. 主要用于业务线应用。Primarily used for line-of-business apps.
  • 按 URL 添加应用:输入应用名称及其在 Google Play 商店中的 URL。Add apps by URL: Enter the app name, and its URL in the Google Play store.
  • 添加应用商店应用:在 Intune 中管理的现有应用列表中选择一个应用。Add store app: Select an app from the existing list of apps you manage in Intune.

云和存储Cloud and Storage

  • Google 备份(仅限 Samsung Knox) :设置为“阻止”可阻止设备同步到 Google 备份 。Google backup (Samsung Knox only): Block prevents devices from syncing to Google backup. 设置为“未配置”(默认)时,Intune 不会更改或更新此设置 。When set to Not configured (default), Intune doesn't change or update this setting. 默认情况下,OS 可能允许使用 Google 备份。By default, the OS might allow using Google backup.
  • Google 帐户自动同步(仅限 Samsung Knox) :设置为“阻止”可在设备上阻止 Google 帐户自动功能 。Google account auto sync (Samsung Knox only): Block prevents the Google account auto sync feature on devices. 设置为“未配置”(默认)时,Intune 不会更改或更新此设置 。When set to Not configured (default), Intune doesn't change or update this setting. 默认情况下,OS 可能允许 Google 帐户设置自动同步。By default, the OS might allow Google account settings to be automatically synchronized.
  • 可移动存储(仅限 Samsung Knox) :设置为“阻止”可阻止设备使用可移动存储 。Removable storage (Samsung Knox only): Block prevents devices from using removable storage. 设置为“未配置”(默认)时,Intune 不会更改或更新此设置 。When set to Not configured (default), Intune doesn't change or update this setting. 默认情况下,OS 可能允许设备使用可移动存储,如 SD 卡。By default, the OS might allow devices to use removable storage, like an SD card.
  • 对存储卡进行加密(仅限 Samsung Knox) :选择“必需”,强制要求必须对存储卡进行加密 。Encryption on storage cards (Samsung Knox only): Require enforces that storage cards must be encrypted. 设置为“未配置”(默认)时,Intune 不会更改或更新此设置 。When set to Not configured (default), Intune doesn't change or update this setting. 默认情况下,OS 可能会允许使用未加密的存储卡。By default, the OS might allow unencrypted storage cards to be used. 并非所有设备都支持存储卡加密。Not all devices support storage card encryption. 若要进行确认,请咨询设备制造商。To confirm, check with the device manufacturer.

手机网络和连接性Cellular and Connectivity

  • 数据漫游(仅限 Samsung Knox) :设置为“阻止”可阻止通过手机网络进行数据漫游 。Data roaming (Samsung Knox only): Block prevents data roaming over the cellular network. 设置为“未配置”(默认)时,Intune 不会更改或更新此设置 。When set to Not configured (default), Intune doesn't change or update this setting. 默认情况下,OS 可能允许使用数据漫游。By default, the OS might allow data roaming.
  • SMS/MMS 消息传递(仅限 Samsung Knox) :设置为“阻止”可阻止设备上的文本消息 。SMS/MMS messaging (Samsung Knox only): Block prevents text messaging on devices. 设置为“未配置”(默认)时,Intune 不会更改或更新此设置 。When set to Not configured (default), Intune doesn't change or update this setting. 默认情况下,OS 可能允许使用 SMS 和 MMS 消息传递。By default, the OS might allow using SMS and MMS messaging.
  • 语音拨号(仅限 Samsung Knox) :设置为“阻止”可阻止用户在设备上使用语音拨号功能 。Voice dialing (Samsung Knox only): Block prevents users from using the voice dialing feature on devices. 设置为“未配置”(默认)时,Intune 不会更改或更新此设置 。When set to Not configured (default), Intune doesn't change or update this setting. 默认情况下,OS 可能允许使用语音拨号功能。By default, the OS might allow voice dialing.
  • 语音漫游(仅限 Samsung Knox) :设置为“阻止”可阻止通过手机网络进行语音漫游 。Voice roaming (Samsung Knox only): Block prevents voice roaming over the cellular network. 设置为“未配置”(默认)时,Intune 不会更改或更新此设置 。When set to Not configured (default), Intune doesn't change or update this setting. 默认情况下,OS 可能允许使用语音漫游。By default, the OS might allow voice roaming.
  • 蓝牙(仅限 Samsung Knox) :设置为“阻止”可阻止在设备上使用蓝牙 。Bluetooth (Samsung Knox only): Block prevents using Bluetooth on devices. 设置为“未配置”(默认)时,Intune 不会更改或更新此设置 。When set to Not configured (default), Intune doesn't change or update this setting. 默认情况下,OS 可能允许使用蓝牙。By default, the OS might allow using Bluetooth.
  • NFC(仅限 Samsung Knox) :设置为“阻止”可禁用在支持它的设备上使用近场通信 (NFC) 的操作 。NFC (Samsung Knox only): Block disables operations that use near field communication (NFC) on devices that support it. 设置为“未配置”(默认)时,Intune 不会更改或更新此设置 。When set to Not configured (default), Intune doesn't change or update this setting. 默认情况下,OS 可能允许 NFC 操作。By default, the OS might allow NFC operations.
  • Wi-Fi(仅限 Samsung Knox) :设置为“阻止”可阻止在设备上使用 Wi-Fi 。Wi-Fi (Samsung Knox only): Block prevents using Wi-Fi on devices. 设置为“未配置”(默认)时,Intune 不会更改或更新此设置 。When set to Not configured (default), Intune doesn't change or update this setting. 默认情况下,OS 可能允许使用 Wi-Fi。By default, the OS might allow using Wi-Fi.
  • Wi-Fi Tethering(仅限 Samsung Knox) :设置为“阻止”可阻止使用设备上的 Wi-Fi Tethering 。Wi-Fi tethering (Samsung Knox only): Block prevents using Wi-Fi tethering on devices. 设置为“未配置”(默认)时,Intune 不会更改或更新此设置 。When set to Not configured (default), Intune doesn't change or update this setting. 默认情况下,OS 可能允许使用 Wi-Fi Tethering。By default, the OS might allow using Wi-Fi tethering.

KioskKiosk

展台设置仅适用于 Samsung Knox Standard 设备和使用 Intune 管理的应用。Kiosk settings apply only to Samsung Knox Standard devices, and only to apps you manage using Intune.

  • 添加要在设备处于展台模式时运行的应用。Add apps you want to run when the device is in kiosk mode. 在展台模式下,仅运行所添加的应用,未添加的应用不会运行。In kiosk mode, only the apps you add run; apps not added don't run. 当设备处于展台模式时,预安装的浏览器不会作为应用运行。Pre-installed browsers don't run as an app when the device is in kiosk mode. 如果需要浏览器,请考虑使用 Managed BrowserIf a browser is required, consider using the Managed Browser.

    应用选项:Your app options:

    • 按包名称添加应用:主要用于业务线应用。Add apps by package name: Primarily used for line-of-business apps. 输入应用和应用包的名称。Enter the app name, and the name of the app package.
    • 按 URL 添加应用:输入应用名称及其在 Google Play 商店中的 URL。Add apps by URL: Enter the app name, and its URL in the Google Play store.
    • 添加应用商店应用:在 Intune 中管理的现有应用列表中选择一个应用。Add store app: Select an app from the existing list of apps you manage in Intune.
  • 屏幕睡眠按钮:选择“阻止”可阻止或隐藏屏幕睡眠按钮 。Screen sleep button: Block prevents or hides the screen sleep button. 设置为“未配置”(默认)时,Intune 不会更改或更新此设置 。When set to Not configured (default), Intune doesn't change or update this setting. 默认情况下,OS 可能允许在设备上使用屏幕睡眠唤醒按钮。By default, the OS might allow the screen sleep wake button on devices.

  • 音量按钮:设置为“阻止”可阻止用户通过禁用音量按钮来调节音量 。Volume buttons: Block prevents users from adjusting the volume by disabling the volume buttons. 设置为“未配置”(默认)时,Intune 不会更改或更新此设置 。When set to Not configured (default), Intune doesn't change or update this setting. 默认情况下,OS 可能允许在设备上使用音量按钮。By default, the OS might allow using the volume buttons on devices.

后续步骤Next steps

分配配置文件监视其状态Assign the profile and monitor its status.

还可以为 Android 企业Windows 10 设备创建展台配置文件。You can also create kiosk profiles for Android Enterprise and Windows 10 devices.