使用 Microsoft Intune 将属性列表文件添加到 macOS 设备Add a property list file to macOS devices using Microsoft Intune

使用 Microsoft Intune,可以为 macOS 设备或 macOS 设备上的应用添加属性列表文件 (.plist)。Using Microsoft Intune, you can add a property list file (.plist) for macOS devices, or apps on macOS devices.

此功能适用于:This feature applies to:

  • macOS 10.7 及更高版本macOS 10.7 and newer

属性列表文件包含有关 macOS 应用程序的信息。Property list files include information about macOS applications. 有关详细信息,请参阅关于信息属性列表文件(Apple 网站)和自定义有效负载设置For more information, see About Information Property List Files (Apple's website) and Custom payload settings.

本文列出并介绍了可以添加到 macOS 设备的不同属性列表文件设置。This article lists and describes the different property list file settings you can add to macOS devices. 作为移动设备管理 (MDM) 解决方案的一部分,请使用这些设置添加应用程序包 ID (com.company.application) 及应用的 .plist 文件。As part of your mobile device management (MDM) solution, use these settings to add the app bundle ID (com.company.application), and add the app's .plist file.

我们将这些设置添加到 Intune 中的设备配置配置文件中,然后分配或部署到 macOS 设备。These settings are added to a device configuration profile in Intune, and then assigned or deployed to your macOS devices.

须知内容What you need to know

  • 这些设置未验证。These settings aren't validated. 在将配置文件分配给设备之前,请务必测试你的更改。Be sure to test your changes before assigning the profile to your devices.
  • 如果不确定如何输入应用密钥,请在应用中更改设置。If you're not sure how to enter an app key, change the setting within the app. 然后,使用 Xcode 查看应用的首选项文件,了解设置的配置方式。Then, review the app's preference file using Xcode to see how the setting is configured. Apple 建议在导入文件前使用 Xcode 删除不可管理的设置。Apple recommends removing non-manageable settings using Xcode before importing the file.
  • 只有某些应用使用托管首选项,并且可能不允许管理所有设置。Only some apps work with managed preferences, and might not allow you to manage all settings.
  • 请确保上传的属性列表文件的目标是设备通道设置,而非用户通道设置。Be sure you upload property list files that target device channel settings, not user channel settings. 属性列表文件以整个设备为目标。Property list files target the entire device.

创建配置文件Create the profile

  1. 登录到 Microsoft 终结点管理器管理中心Sign in to the Microsoft Endpoint Manager admin center.

  2. 选择“设备” > “配置文件” > “创建配置文件”。Select Devices > Configuration profiles > Create profile.

  3. 输入以下属性:Enter the following properties:

    • 平台:选择“macOS”Platform: Select macOS
    • 配置文件:选择“首选项文件”。Profile: Select Preference file.
  4. 选择“创建”。Select Create.

  5. 在“基本信息”中,输入以下属性:In Basics, enter the following properties:

    • 名称:输入策略的描述性名称。Name: Enter a descriptive name for the policy. 为策略命名,以便稍后可以轻松地识别它们。Name your policies so you can easily identify them later. 例如,策略名称最好是“macOS:配置登录屏幕”添加在设备上配置 Microsoft Defender ATP 的首选项文件For example, a good policy name is macOS: Add preference file that configures Microsoft Defender ATP on devices.
    • 描述:输入策略的说明。Description: Enter a description for the policy. 此设置是可选的,但建议进行。This setting is optional, but recommended.
  6. 选择“下一步”。Select Next.

  7. 在“配置设置”中,配置以下设置:In Configuration settings, configure your settings:

    • 首选项域名:输入该程序包 ID,例如 com.company.applicationPreference domain name: Enter the bundle ID, such as com.company.application. 例如,输入 com.Contoso.applicationNamecom.Microsoft.Edgecom.microsoft.wdavFor example, enter com.Contoso.applicationName, com.Microsoft.Edge, or com.microsoft.wdav.

      属性列表文件通常用于 Web 浏览器 (Microsoft Edge)、Microsoft Defender 高级威胁防护和自定义应用。Property list files are typically used for web browsers (Microsoft Edge), Microsoft Defender Advanced Threat Protection, and custom apps. 创建首选项域时,还会创建一个程序包 ID。When you create a preference domain, a bundle ID is also created.

    • 属性列表文件:选择与应用关联的属性列表文件。Property list file: Select the property list file associated with your app. 请确保它是 .plist.xml 文件。Be sure it's a .plist or .xml file. 例如上传 YourApp-Manifest.plistYourApp-Manifest.xml 文件。For example, upload a YourApp-Manifest.plist or YourApp-Manifest.xml file.

      显示属性列表文件中的密钥信息。The key information in the property list file is shown. 如果需要更改密钥信息,请在另一个编辑器中打开列表文件,然后在 Intune 中重新上传文件。If you need to change the key information, open the list file in another editor, and then reupload the file in Intune.

    请确保文件的格式正确。Be sure your file is formatted correctly. 文件应仅具有键值对,并且不应包装在 <dict>``<plist><xml> 标记中。The file should only have key value pairs, and shouldn't be wrapped in <dict>, <plist>, or <xml> tags. 例如,属性列表文件应类似于以下文件:For example, your property list file should be similar to the following file:

    <key>SomeKey</key>
    <string>someString</string>
    <key>AnotherKey</key>
    <false/>
    ...
    
  8. 选择“下一步”。Select Next.

  9. 在“作用域标记”(可选)中,分配一个标记以将配置文件筛选到特定 IT 组(如 US-NC IT TeamJohnGlenn_ITDepartment)。In Scope tags (optional), assign a tag to filter the profile to specific IT groups, such as US-NC IT Team or JohnGlenn_ITDepartment. 有关范围标记的详细信息,请参阅将 RBAC 和范围标记用于分布式 ITFor more information about scope tags, see Use RBAC and scope tags for distributed IT.

    选择“下一步”。Select Next.

  10. 在“分配”中,选择将接收配置文件的用户或组。In Assignments, select the users or groups that will receive your profile. 有关分配配置文件的详细信息,请参阅分配用户和设备配置文件For more information on assigning profiles, see Assign user and device profiles.

    选择“下一步”。Select Next.

  11. 在“查看并创建”中查看设置。In Review + create, review your settings. 选择“创建”时,将保存所做的更改并分配配置文件。When you select Create, your changes are saved, and the profile is assigned. 该策略也会显示在配置文件列表中。The policy is also shown in the profiles list.

后续步骤Next steps

分配配置文件监视其状态Assign the profile and monitor its status.

有关 Microsoft Edge 首选项文件的详细信息,请参阅配置 macOS 上的 Microsoft Edge 策略设置For more information on preference files for Microsoft Edge, see Configure Microsoft Edge policy settings on macOS.