Android Enterprise 安全配置框架应用配置策略Android Enterprise security configuration framework app configuration policies

作为 Android Enterprise 安全配置框架的一部分,必须为 Android Enterprise 设备正确设置应用配置策略。As part of the Android Enterprise security configuration framework, you must properly set app configuration policies for Android Enterprise devices.

Android Enterprise 工作配置文件设备旨在用于隔离工作数据和个人数据。Android Enterprise work profile devices are designed to isolate work and personal data from one another. Android Enterprise 完全受管理设备仅设计用于工作数据或学校数据。Android Enterprise fully managed devices are designed work or school data only. 因此,部署在这些设备上的 Microsoft 应用必须配置为禁止个人帐户。So, Microsoft apps deployed on these devices must be configured to disallow personal accounts.

禁止在 Android Enterprise 设备上对 Microsoft 应用使用个人帐户Disallow personal accounts for Microsoft apps on Android Enterprise devices

  1. 将应用添加到托管 Google Play。Add the apps to Managed Google Play. 有关详细信息,请参阅使用 Intune 将托管 Google Play 应用添加到 Android Enterprise 设备For more information, see Add Managed Google Play apps to Android Enterprise devices with Intune.

  2. 为每个托管 Google Play 应用创建策略,如为受管理 Android Enterprise 设备添加应用配置策略中所述。Create a policy for each Managed Google Play app as described in Add app configuration policies for managed Android Enterprise devices.

  3. 在每个策略中创建以下单个键:Create the following single key in each policy:

    KeyKey Values
    com.microsoft.intune.mam.AllowedAccountUPNscom.microsoft.intune.mam.AllowedAccountUPNs 一个或多个;分隔的 UPN。One or more; delimited UPNs.
    仅允许此键定义的托管用户帐户。Only account(s) allowed are the managed user account(s) defined by this key.
    对于已注册 Intune 的设备,{{userprincipalname}} 令牌可用于表示已注册的用户帐户。For Intune enrolled devices, the {{userprincipalname}} token may be used to represent the enrolled user account.

后续步骤Next steps

应用 Android Enterprise 工作配置文件安全设置Android Enterprise 完全受管理的安全设置Apply Android Enterprise work profile security settings or Android Enterprise fully managed security settings.