在 Microsoft Intune 中为 iOS 和 iPadOS 设备添加 Wi-Fi 设置Add Wi-Fi settings for iOS and iPadOS devices in Microsoft Intune

可以使用特定的 WiFi 设置创建配置文件,然后将此配置文件部署到 iOS/iPadOS 设备。You can create a profile with specific WiFi settings, and then deploy this profile to your iOS/iPadOS devices. Microsoft Intune 提供多种功能,包括对网络进行身份验证,添加 PKCS 或 SCEP 证书等。Microsoft Intune offers many features, including authenticating to your network, adding a PKCS or SCEP certificate, and more.

这些 Wi-Fi 设置分为两个类别:基本设置和企业级设置。These Wi-Fi settings are separated in to two categories: Basic settings and Enterprise-level settings.

本文将说明这些设置。This article describes these settings.

在开始之前Before you begin

创建设备配置文件Create a device profile.

备注

这些设置适用于所有注册类型。These settings are available for all enrollment types. 有关注册类型的详细信息,请参阅 iOS/iPadOS 注册For more information on the enrollment types, see iOS/iPadOS enrollment.

基本配置文件Basic profiles

  • Wi-Fi 类型:选择“基本” 。Wi-Fi type: Choose Basic.

  • 网络名称:输入此 Wi-Fi 连接的名称。Network name: Enter a name for this Wi-Fi connection. 该值是用户在其设备上浏览可用连接列表时看到的名称。This value is the name that users see when they browse the list of available connections on their device.

  • SSID:“服务集标识符” 的英文缩写。SSID: Short for service set identifier. 该属性是设备连接到的无线网络的真实名称。This property is the real name of the wireless network that devices connect to. 但是,用户在选择连接时只会看到你之前配置的网络名称。However, users only see the network name you configured when they choose the connection.

  • 自动连接:选择“启用” 可以在设备处于范围内时自动连接到此网络。Connect automatically: Choose Enable to automatically connect to this network when the device is in range. 选择“禁用” 以防止设备自动连接。Choose Disable to prevent devices from automatically connecting.

  • 隐藏的网络:如果网络的 SSID 未广播,选择“启用” 。Hidden network: Choose Enable if the SSID of the network isn't broadcasted. 如果网络的 SSID 已广播且可见,选择“禁用” 。Choose Disable if the SSID of the network is broadcasted and visible.

  • 安全类型:选择用于对 Wi-Fi 网络进行身份验证的安全协议。Security type: Select the security protocol to authenticate to the Wi-Fi network. 选项包括:Your options:

    • 开放(无身份验证) :仅在网络未受保护的情况下使用此选项。Open (no authentication): Only use this option if the network is unsecured.
    • WPA/WPA2 - 个人版:在“预共享密钥” 中输入密码。WPA/WPA2 - Personal: Enter the password in Pre-shared key. 设置或配置组织的网络后,还要配置密码或网络密钥。When your organization's network is set up or configured, a password or network key is also configured. 输入此密码或网络密钥作为 PSK 值。Enter this password or network key for the PSK value.
    • WEPWEP
  • 代理设置:选项包括:Proxy settings: Your options:

    • :不配置任何代理设置。None: No proxy settings are configured.
    • 手动:输入“代理服务器地址”作为 IP 地址及其“端口号” 。Manual: Enter the Proxy server address as an IP address, and its Port number.
    • 自动:使用文件配置代理服务器。Automatic: Use a file to configure the proxy server. 输入包含配置文件的代理服务器 URL (例如 http://proxy.contoso.com)。Enter the Proxy server URL (for example http://proxy.contoso.com) that contains the configuration file.

企业配置文件Enterprise profiles

  • Wi-Fi 类型:选择“企业” 。Wi-Fi type: Choose Enterprise.

  • SSID:“服务集标识符” 的英文缩写。SSID: Short for service set identifier. 该属性是设备连接到的无线网络的真实名称。This property is the real name of the wireless network that devices connect to. 但是,用户在选择连接时只会看到你之前配置的网络名称。However, users only see the network name you configured when they choose the connection.

  • 自动连接:选择“启用” 可以在设备处于范围内时自动连接到此网络。Connect automatically: Choose Enable to automatically connect to this network when the device is in range. 选择“禁用” 以防止设备自动连接。Choose Disable to prevent devices from automatically connecting.

  • 隐藏的网络:选择“启用” 可以在设备上的可用网络列表中隐藏此网络。Hidden network: Choose Enable to hide this network from the list of available networks on the device. 不广播 SSID。The SSID isn't broadcasted. 选择“禁用” 以在设备上的可用网络列表中显示此网络。Choose Disable to show this network in the list of available networks on the device.

  • 安全类型:选择用于对 Wi-Fi 网络进行身份验证的安全协议。Security type: Select the security protocol to authenticate to the Wi-Fi network. 选项包括:Your options:

    • WPA - 企业WPA - Enterprise
    • WPA/WPA2 - 企业WPA/WPA2 - Enterprise
  • EAP 类型:选择用于验证安全无线连接的可扩展身份验证协议 (EAP) 类型。EAP type: Choose the Extensible Authentication Protocol (EAP) type used to authenticate secured wireless connections. 选项包括:Your options:

    • EAP-FAST:输入“受保护的访问凭据(PAC)设置” 。EAP-FAST: Enter the Protected Access Credential (PAC) Settings. 此选项使用受保护的访问凭据来创建客户端和身份验证服务器之间经过身份验证的隧道。This option uses protected access credentials to create an authenticated tunnel between the client and the authentication server. 选项包括:Your options:

      • 不使用 (PAC) Do not use (PAC)
      • 使用 (PAC) :如果存在现有 PAC 文件,则使用它。Use (PAC): If an existing PAC file exists, use it.
      • 使用和预配 PAC:创建 PAC 文件并将其添加到设备中。Use and Provision PAC: Create and add the PAC file to your devices.
      • 匿名使用和预配 PAC:创建 PAC 文件并将其添加到设备中,无需对服务器进行身份验证。Use and Provision PAC Anonymously: Create and add the PAC file to your devices without authenticating to the server.
    • EAP-SIMEAP-SIM

    • EAP-TLS:此外请输入:EAP-TLS: Also enter:

      • 服务器信任 - 证书服务器名称: 将由受信任的证书颁发机构 (CA) 颁发的证书中使用的一个或多个常用名称添加到无线网络访问服务器 。Server Trust - Certificate server names: Add one or more common names used in the certificates issued by your trusted certificate authority (CA) to your wireless network access servers. 例如:添加 mywirelessserver.contoso.commywirelessserverFor example, add mywirelessserver.contoso.com or mywirelessserver. 输入此信息时,可在用户设备连接到此 Wi-Fi 网络时,绕过该设备上显示的动态信任窗口。When you enter this information, you can bypass the dynamic trust window displayed on user's devices when they connect to this Wi-Fi network.

      • 用于服务器验证的根证书:选择现有受信任的根证书配置文件。Root certificate for server validation: Choose an existing trusted root certificate profile. 此证书可让客户端信任无线网络访问服务器的证书。This certificate allows the client to trust the wireless network access server's certificate.

      • 客户端身份验证:选择一种身份验证方法 。Client Authentication Choose an Authentication method. 选项包括:Your options:

        • 派生凭据:使用从用户的智能卡派生的证书。Derived credential: Use a certificate that's derived from a user's smart card. 如果未配置任何派生凭据颁发者,Intune 会提示你添加一个。If no derived credential issuer is configured, Intune prompts you to add one. 有关详细信息,请参阅在 Microsoft Intune 中使用派生凭据For more information, see Use derived credentials in Microsoft Intune.

        • 证书:选择也被部署到设备的 SCEP 或 PKCS 客户端证书配置文件。Certificates: Choose the SCEP or PKCS client certificate profile that is also deployed to the device. 此证书是由设备呈现给服务器以用于对连接进行身份验证的标识。This certificate is the identity presented by the device to the server to authenticate the connection.

      • 标识隐私(外部标识) :输入为响应 EAP 标识请求而发送的文本。Identity privacy (outer identity): Enter the text sent in the response to an EAP identity request. 此文本可以是任何值,例如 anonymousThis text can be any value, such as anonymous. 在身份验证过程中,将首先发送此匿名标识,然后在安全隧道内发送真实标识。During authentication, this anonymous identity is initially sent, and then followed by the real identification sent in a secure tunnel.

    • EAP-TTLS:此外请输入:EAP-TTLS: Also enter:

      • 服务器信任 - 证书服务器名称: 将由受信任的证书颁发机构 (CA) 颁发的证书中使用的一个或多个常用名称添加到无线网络访问服务器 。Server Trust - Certificate server names: Add one or more common names used in the certificates issued by your trusted certificate authority (CA) to your wireless network access servers. 例如:添加 mywirelessserver.contoso.commywirelessserverFor example, add mywirelessserver.contoso.com or mywirelessserver. 输入此信息时,可在用户设备连接到此 Wi-Fi 网络时,绕过该设备上显示的动态信任窗口。When you enter this information, you can bypass the dynamic trust window displayed on user's devices when they connect to this Wi-Fi network.

      • 用于服务器验证的根证书:选择现有受信任的根证书配置文件。Root certificate for server validation: Choose an existing trusted root certificate profile. 此证书可让客户端信任无线网络访问服务器的证书。This certificate allows the client to trust the wireless network access server's certificate.

      • 客户端身份验证 - 选择一种身份验证方法 。Client Authentication - Choose an Authentication method. 选项包括:Your options:

        • 派生凭据:使用从用户的智能卡派生的证书。Derived credential: Use a certificate that's derived from a user's smart card. 如果未配置任何派生凭据颁发者,Intune 会提示你添加一个。If no derived credential issuer is configured, Intune prompts you to add one. 有关详细信息,请参阅在 Microsoft Intune 中使用派生凭据For more information, see Use derived credentials in Microsoft Intune.

        • 用户名和密码:提示用户输入验证连接所需的用户名和密码。Username and Password: Prompt the user for a user name and password to authenticate the connection. 此外请输入:Also enter:

          • 非 EAP 方法(内部标识) :选择连接验证方法。Non-EAP method (inner identity): Choose how you authenticate the connection. 请确保选择在你的 Wi-Fi 网络上配置同一协议。Be sure you choose the same protocol that's configured on your Wi-Fi network.

            选项包括:“未加密密码(PAP)” 、“质询握手身份验证协议(CHAP)” 、“Microsoft CHAP (MS-CHAP)” 或“Microsoft CHAP 版本 2 (MS-CHAP v2)” Your options: Unencrypted password (PAP), Challenge Handshake Authentication Protocol (CHAP), Microsoft CHAP (MS-CHAP), or Microsoft CHAP Version 2 (MS-CHAP v2)

        • 证书:选择也被部署到设备的 SCEP 或 PKCS 客户端证书配置文件。Certificates: Choose the SCEP or PKCS client certificate profile that is also deployed to the device. 此证书是由设备呈现给服务器以用于对连接进行身份验证的标识。This certificate is the identity presented by the device to the server to authenticate the connection.

        • 标识隐私(外部标识) :输入为响应 EAP 标识请求而发送的文本。Identity privacy (outer identity): Enter the text sent in the response to an EAP identity request. 此文本可以是任何值,例如 anonymousThis text can be any value, such as anonymous. 在身份验证过程中,将首先发送此匿名标识,然后在安全隧道内发送真实标识。During authentication, this anonymous identity is initially sent, and then followed by the real identification sent in a secure tunnel.

    • LEAPLEAP

    • PEAP:此外请输入:PEAP: Also enter:

      • 服务器信任 - 证书服务器名称: 将由受信任的证书颁发机构 (CA) 颁发的证书中使用的一个或多个常用名称添加到无线网络访问服务器 。Server Trust - Certificate server names: Add one or more common names used in the certificates issued by your trusted certificate authority (CA) to your wireless network access servers. 例如:添加 mywirelessserver.contoso.commywirelessserverFor example, add mywirelessserver.contoso.com or mywirelessserver. 输入此信息时,可在用户设备连接到此 Wi-Fi 网络时,绕过该设备上显示的动态信任窗口。When you enter this information, you can bypass the dynamic trust window displayed on user's devices when they connect to this Wi-Fi network.

      • 用于服务器验证的根证书:选择现有受信任的根证书配置文件。Root certificate for server validation: Choose an existing trusted root certificate profile. 此证书可让客户端信任无线网络访问服务器的证书。This certificate allows the client to trust the wireless network access server's certificate.

      • 客户端身份验证 - 选择一种身份验证方法 。Client Authentication - Choose an Authentication method. 选项包括:Your options:

        • 派生凭据:使用从用户的智能卡派生的证书。Derived credential: Use a certificate that's derived from a user's smart card. 如果未配置任何派生凭据颁发者,Intune 会提示你添加一个。If no derived credential issuer is configured, Intune prompts you to add one. 有关详细信息,请参阅在 Microsoft Intune 中使用派生凭据For more information, see Use derived credentials in Microsoft Intune.

        • 用户名和密码:提示用户输入验证连接所需的用户名和密码。Username and Password: Prompt the user for a user name and password to authenticate the connection.

        • 证书:选择也被部署到设备的 SCEP 或 PKCS 客户端证书配置文件。Certificates: Choose the SCEP or PKCS client certificate profile that is also deployed to the device. 此证书是由设备呈现给服务器以用于对连接进行身份验证的标识。This certificate is the identity presented by the device to the server to authenticate the connection.

        • 标识隐私(外部标识) :输入为响应 EAP 标识请求而发送的文本。Identity privacy (outer identity): Enter the text sent in the response to an EAP identity request. 此文本可以是任何值,例如 anonymousThis text can be any value, such as anonymous. 在身份验证过程中,将首先发送此匿名标识,然后在安全隧道内发送真实标识。During authentication, this anonymous identity is initially sent, and then followed by the real identification sent in a secure tunnel.

  • 代理设置:选项包括:Proxy settings: Your options:

    • :不配置任何代理设置。None: No proxy settings are configured.
    • 手动:输入“代理服务器地址”作为 IP 地址及其“端口号” 。Manual: Enter the Proxy server address as an IP address, and its Port number.
    • 自动:使用文件配置代理服务器。Automatic: Use a file to configure the proxy server. 输入包含配置文件的代理服务器 URL (例如 http://proxy.contoso.com)。Enter the Proxy server URL (for example http://proxy.contoso.com) that contains the configuration file.

后续步骤Next steps

配置文件已创建,但未执行任何操作。The profile is created, but it's not doing anything. 下一步是分配此配置文件,并监视配置文件状态Next, assign this profile, and monitor its status.

AndroidAndroid EnterprisemacOSWindows 10 设备上配置 Wi-Fi 设置。Configure Wi-Fi settings on Android, Android Enterprise, macOS, and Windows 10 devices.