在 Microsoft Intune 中使用自定义策略以允许和阻止在 Samsung Knox 标准设备上运行应用Use custom policies in Microsoft Intune to allow and block apps for Samsung Knox Standard devices

使用此本文中的过程创建 Microsoft Intune 自定义策略,该策略创建以下内容之一:Use the procedure in this article to create a Microsoft Intune custom policy that creates one of the following:

  • 阻止在设备上运行的应用的列表。A list of apps that are blocked from running on the device. 阻止运行此列表中的应用,即使应用此策略时已安装这些应用也是如此。Apps in this list are blocked from being run, even if they were already installed when the policy was applied.
  • 允许设备用户从 Google Play 商店安装的应用列表。A list of apps that users of the device are allowed to install from the Google Play store. 仅可安装你列出的应用。Only the apps you list can be installed. 其他应用不能从应用商店安装。No other apps can be installed from the store.

这些设置只可供运行 Samsung Knox Standard 的设备使用。These settings can only be used by devices that run Samsung Knox Standard.

创建允许或阻止的应用列表Create an allowed or blocked app list

  1. 登录到 Microsoft 终结点管理器管理中心Sign in to the Microsoft Endpoint Manager admin center.

  2. 选择“设备” > “配置文件” > “创建配置文件” 。Select Devices > Configuration profiles > Create profile.

  3. 输入以下设置:Enter the following settings:

    • 名称:输入配置文件的描述性名称。Name: Enter a descriptive name for the profile. 为配置文件命名,以便稍后可以轻松地识别它们。Name your profiles so you can easily identify them later. 例如,将配置文件命名为“Android 自定义配置文件”就很不错。For example, a good profile name is Android custom profile.
    • 描述:输入包含设置概述以及其他所有重要详细信息的说明。Description: Enter a description that gives an overview of the setting, and any other important details.
    • 平台:选择“Android” 。Platform: Select Android.
    • 配置文件类型:选择“自定义” 。Profile type: Select Custom.
  4. 在“自定义 OMA-URI 设置”中,选择“添加” 。In Custom OMA-URI Settings, select Add. 输入以下设置:Enter the following settings:

    阻止在设备上运行的应用的列表:For a list of apps that are blocked from running on the device:

    • 名称:输入 PreventStartPackagesName: Enter PreventStartPackages.
    • 描述:输入设置的简要说明以及有助于找到该配置文件的其他所有相关信息。Description: Enter a description that gives an overview of the setting, and any other relevant information to help you locate the profile. 例如,输入“阻止运行的应用列表” 。For example, enter List of apps that are blocked from running.
    • OMA-URI(区分大小写):输入“./Vendor/MSFT/PolicyManager/My/ApplicationManagement/PreventStartPackages” 。OMA-URI (case sensitive): Enter ./Vendor/MSFT/PolicyManager/My/ApplicationManagement/PreventStartPackages.
    • 数据类型:选择“字符串” 。Data type: Select String.
    • :输入你要允许的应用包名称的列表。Value: Enter a list of the app package names you want to allow. 可使用 ;:| 作为分隔符。You can use ;, :, or | as a delimiter. 例如,输入 package1;package2;For example, enter package1;package2;.

    有关允许用户从 Google Play 商店中安装的应用(同时排除所有其他应用)的列表:For a list of apps that users are allowed to install from the Google Play store while excluding all other apps:

    • 名称:输入 AllowInstallPackagesName: Enter AllowInstallPackages.
    • 说明:输入设置的简要说明以及有助于找到该配置文件的其他所有相关信息。Description:Enter a description that gives an overview of the setting, and any other relevant information to help you locate the profile. 例如,输入“用户可从 Google Play 安装的应用列表” 。For example, enter List of apps that users can install from Google Play.
    • OMA-URI(区分大小写):输入“./Vendor/MSFT/PolicyManager/My/ApplicationManagement/AllowInstallPackages” 。OMA-URI (case sensitive): Enter ./Vendor/MSFT/PolicyManager/My/ApplicationManagement/AllowInstallPackages.
    • 数据类型:选择“字符串” 。Data type: Select String.
    • :输入你要允许的应用包名称的列表。Value: Enter a list of the app package names you want to allow. 可使用 ;:| 作为分隔符。You can use ;, :, or | as a delimiter. 例如,输入 package1;package2;For example, enter package1;package2;.
  5. 选择“确定”,保存所做更改 。Select OK to save your changes.

  6. 完成后,选择“确定” > “创建” ,以创建 Intune 配置文件。When finished, select OK > Create to create the Intune profile. 完成后,配置文件将显示在“设备 - 配置文件”列表中 。When complete, your profile is shown in the Devices - Configuration profiles list.

提示

可通过浏览 Google Play 商店上的应用找到应用的包 ID。You can find the package ID of an app by browsing to the app on the Google Play store. 包 ID 包含在应用页面的 URL 中。The package ID is contained in the URL of the app's page. 例如,Microsoft Word 应用的包 ID 是 com.microsoft.office.wordFor example, the package ID of the Microsoft Word app is com.microsoft.office.word.

每个目标设备下次签入时,将应用此应用设置。The next time each targeted device checks in, the app settings are applied.

后续步骤Next steps

配置文件已创建,但它尚未起到任何作用。The profile is created, but it's not doing anything yet. 下一步,分配配置文件监视其状态Next, assign the profile and monitor its status.