设置 Android Enterprise 专用设备的 Intune 注册Set up Intune enrollment of Android Enterprise dedicated devices

Android Enterprise 通过其专用设备解决方案集支持企业所有的单一用途的展台式设备。Android Enterprise supports corporate-owned, single-use, kiosk-style devices with its dedicated devices solution set. 这些设备用于单一用途,例如数字签名、票据打印或库存管理等。Such devices are used for a single purpose, such as digital signage, ticket printing, or inventory management, to name just a few. 管理员会将设备的用途限制为有限的一组应用和 Web 链接。Admins lock down the usage of a device for a limited set of apps and web links. 它还可以防止用户在设备上添加其他应用或执行其他操作。It also prevents users from adding other apps or taking other actions on the device.

Intune可帮助将应用和设置部署到 Android Enterprise 专用设备。Intune helps you deploy apps and settings to Android Enterprise dedicated devices. 有关 Android Enterprise 的特定详细信息,请参阅 Android Enterprise 要求For specific details about Android Enterprise, see Android enterprise requirements.

通过此方式管理的设备在没有用户帐户的情况下注册到 Intune,且不与任何最终用户关联。Devices that you manage in this way are enrolled in Intune without a user account and aren't associated with any end user. 它们不适用于个人使用的应用程序或非常需要 Outlook 或 Gmail 等特定于用户的帐户数据的应用。They're not intended for personal use applications or apps that have a strong requirement for user-specific account data such as Outlook or Gmail.

设备要求Device requirements

设备必须满足以下要求才能作为 Android Enterprise 专用设备进行托管:Devices must meet these requirements to be managed as an Android Enterprise dedicated device:

  • Android OS 版本 6.0 及更高版本。Android OS version 6.0 and above.
  • 设备必须运行具有 Google Mobile Services (GMS) 连接性的 Android 发行版。Devices must run a distribution of Android that has Google Mobile Services (GMS) connectivity. 设备必须有可用的 GMS,并且必须能连接到 GMS。Devices must have GMS available and must be able to connect to GMS.

设置 Android Enterprise 专用设备管理Set up Android Enterprise dedicated device management

要设置 Android Enterprise 专用设备管理,请执行以下步骤:To set up Android Enterprise dedicated device management, follow these steps:

  1. 若准备管理移动设备,必须将移动设备管理 (MDM) 机构设置为“Microsoft Intune”以获取说明。To prepare to manage mobile devices, you must set the mobile device management (MDM) authority to Microsoft Intune for instructions. 第一次设置 Intune 以进行移动设备管理时,只需设置一次此项。You set this item only once, when you're first setting up Intune for mobile device management.
  2. 将 Intune 租户帐户连接到托管的 Google Play 帐户Connect your Intune tenant account to your Managed Google Play account.
  3. 创建注册配置文件Create an enrollment profile.
  4. 创建设备组Create a device group.
  5. 注册专用设备Enroll the dedicated devices.

创建注册配置文件Create an enrollment profile

备注

如果令牌已过期,则与其关联的配置文件将不会显示在“设备注册” > “Android 注册” > “公司拥有的专用设备” 中。If a token has expired, the profile associated with it will not be displayed in Device enrollment > Android enrollment > Corporate-owned dedicated devices. 若要查看与活动令牌和非活动令牌关联的所有配置文件,请单击“筛选” ,然后选中“活动”和“非活动”策略状态对应的框。To see all profiles associated with both active and inactive tokens, click on Filter and check the boxes for both "Active" and "Inactive" policy states.

必须创建注册配置文件,以便注册专用设备。You must create an enrollment profile so that you can enroll your dedicated devices. 创建配置文件时,它会提供注册令牌(随机字符串)和 QR 码。When the profile is created, it provides you with an enrollment token (random string) and a QR code. 可使用令牌或 QR 码注册专用设备,具体取决于 Android OS 和设备版本。Depending on the Android OS and version of the device, you can use either the token or QR code to enroll the dedicated device.

  1. 登录到 Microsoft Endpoint Manager 管理中心,选择“设备” > “Android ” > “Android 注册” > “公司拥有的专用设备”。Sign in to the Microsoft Endpoint Manager admin center and choose Devices > Android > Android enrollment > Corporate-owned dedicated devices.
  2. 选择“创建”并填写必填字段 。Choose Create and fill out the required fields.
    • 名称:键入将配置文件分配给动态设备组时将使用的名称。Name: Type a name that you'll use when assigning the profile to the dynamic device group.
    • 令牌到期日期:令牌到期的日期。Token expiration date: The date when the token expires. Google 规定最长为 90 天。Google enforces a maximum of 90 days.
  3. 选择“创建” 保存该配置文件。Choose Create to save the profile.

创建设备组Create a device group

可将应用和策略定位到已分配或动态设备组。You can target apps and policies to either assigned or dynamic device groups. 可按照以下步骤配置动态 AAD 设备组,以自动填充使用特定注册配置文件进行注册的设备:You can configure dynamic AAD device groups to automatically populate devices that are enrolled with a particular enrollment profile by following these steps:

  1. Microsoft Endpoint Manager 管理中心中,选择“组” > “所有组” > “新组”。Sign in to the Microsoft Endpoint Manager admin center and choose Groups > All groups > New group.
  2. 在“组”边栏选项卡中,填写必填字段,如下所示 :In the Group blade, fill out the required fields as follows:
    • 组类型:安全性Group type: Security
    • 组名:键入直观的名称(如中心 1 设备)Group name: Type an intuitive name (like Factory 1 devices)
    • 成员身份类型:动态设备Membership type: Dynamic device
  3. 选择“添加动态查询” 。Choose Add dynamic query.
  4. 在“动态成员身份规则”边栏选项卡中,填写如下字段 :In the Dynamic membership rules blade, fill out the fields as follows:
    • 添加动态成员身份规则:简单规则Add dynamic membership rule: Simple rule
    • 添加设备位置enrollmentProfileNameAdd devices where: enrollmentProfileName
    • 在中间的框中,选择“等于” 。In the middle box, choose Equals.
    • 在最后一个字段中,输入之前创建的注册配置文件名称。In the last field, enter the enrollment profile name that you created earlier. 有关动态成员身份规则的详细信息,请参阅 AAD 中的组动态成员身份规则For more information about dynamic membership rules, see Dynamic membership rules for groups in AAD.
  5. 选择“添加查询” > “创建”。Choose Add query > Create.

替换或删除令牌Replace or remove tokens

  • 替换令牌:当令牌接近到期日期时,可使用替换令牌生成新令牌/QR 码。Replace token: You can generate a new token/QR code when one nears expiration by using Replace Token.
  • 撤销令牌:可立即使令牌/QR 码到期。Revoke token: You can immediately expire the token/QR code. 从此时起,令牌/QR 码不再可用。From this point on, the token/QR code is no longer usable. 在以下情况下可使用此选项:You might use this option if you:
    • 意外地与未经授权的一方共享令牌/QR 码accidentally share the token/QR code with an unauthorized party
    • 完成所有注册,不再需要令牌/QR 码complete all enrollments and no longer need the token/QR code

替换或撤销令牌/QR 码不会对已注册的设备产生任何影响。Replacing or revoking a token/QR code won't have any effect on devices that are already enrolled.

  1. 登录到 Microsoft Endpoint Manager 管理中心,选择“设备” > “Android ” > “Android 注册” > “公司拥有的专用设备”。Sign in to the Microsoft Endpoint Manager admin center and choose Devices > Android > Android enrollment > Corporate-owned dedicated devices.
  2. 选择要使用的配置文件。Choose the profile that you want to work with.
  3. 选择“令牌” 。Choose Token.
  4. 若要替换令牌,请选择“替换令牌” 。To replace the token, choose Replace token.
  5. 若要撤销令牌,请选择“撤销令牌” 。To revoke the token, choose Revoke token.

注册专用设备Enroll the dedicated devices

现在可以注册专用设备You can now enroll your dedicated devices.

备注

注册专用设备期间将自动安装 Microsoft Intune 应用。The Microsoft Intune app will be automatically installed during enrollment of a dedicated device. 此应用必须进行注册,不能卸载。This app is required for enrollment and cannot be uninstalled.

在 Android Enterprise 专用设备上管理应用Managing apps on Android Enterprise dedicated devices

Android Enterprise 专用设备上只能安装分配类型设置为必需的应用。Only apps that have Assignment type set to Required can be installed on Android Enterprise dedicated devices. 从托管的 Google Play 商店安装应用与从 Android Enterprise 工作配置文件设备安装应用的方式相同。Apps are installed from the Managed Google Play store in the same manner as Android Enterprise work profile devices.

当应用开发人员向 Google Play 发布更新时,托管设备上的应用会自动更新。Apps are automatically updated on managed devices when the app developer publishes an update to Google Play.

要从 Android Enterprise 专业设备中删除应用,可执行以下任一操作:To remove an app from Android Enterprise dedicated devices, you can do either of the following:

  • 删除所需的应用部署。Delete the Required app deployment.
  • 创建应用的卸载部署。Create an uninstall deployment for the app.

后续步骤Next steps