将 Android 设备从设备管理员转到工作配置文件管理Move Android devices from device administrator to work profile management

通过使用符合性设置“阻止由设备管理员管理的设备”,可以帮助用户将自己的 Android 设备从设备管理员转到工作配置文件管理。You can help users move their Android devices from device administrator to work profile management by using the compliance setting to Block devices managed with device administrator. 通过此设置,可以将不通过设备管理员管理的设备设为不符合要求。This setting lets you make devices non-compliant if they're managed with device administrator.

当用户看到他们出于此原因不符合要求时,他们可以点击“解决”。When users see that they're out of compliance for this reason, they can tap Resolve. 系统会将他们转到一个清单,将指导他们完成一系列步骤:They'll be taken to a checklist that will guide them through:

  1. 从设备管理员管理取消注册Unenrolling from device administrator management
  2. 注册到工作配置文件管理Enrolling into work profile management
  3. 解决符合性问题。Resolving any compliance issues.

必备条件Prerequisites

创建设备符合性策略Create device compliance policy

  1. Microsoft Endpoint Manager 管理中心中,选择“设备” > “符合性策略” > “策略” > “创建策略” 。In the Microsoft Endpoint Manager admin center, select Devices > Compliance policies > Policies > Create Policy.

    创建策略

  2. 在“创建策略”页上,将“平台”设置为“Android 设备管理员” > “创建”。On the Create a policy page, set Platform to Android device administrator > Create.

  3. 在“基本信息”页上,键入“名称”和“说明” > “下一步” 。On the Basics page, type in the Name and Description > Next.

    “基本信息”页

  4. 在“符合性设置”页上的“设备运行状况”部分中,将“阻止由设备管理员托管的设备”设置为“是” > “下一步”。On the Compliance settings page, in the Device Health section, set Block devices managed with device administrator to Yes > Next.

    阻止设备

  5. 在“位置”页上,根据需要添加位置,然后单击“下一步”。On the Locations page, you can add locations if you want > Next.

  6. 在“针对非符合性的操作”选项卡上,你可以配置可用于处理不符合性的操作来自定义此流的最终用户体验。On the Actions for noncompliance tab, you can configure the available actions for noncompliance to customize the end user experience for this flow.

    非符合性操作

    以下是一些可以考虑的操作:These are some actions to consider:

    • 标记不符合设备:默认情况下,此操作设置为零 (0) 天,即会立即将设备标记为不符合。Mark device noncompliant: By default, this action is set to zero (0) days, marking devices as noncompliant immediately. 将其更改为更大的天数可以为用户提供宽限期,在此期间,可以将流迁移至工作配置文件管理,且不会被标记为不符合。Changing this to a greater number of days provides users with a grace period in which they can see the flow to move to work profile management without yet being marked noncompliant. 例如,将其设置为 14 天,则用户将有两周时间从设备管理员迁移至工作配置文件管理,且没有失去资源访问权限的风险。For example, setting this to 14 days would give users two weeks to move from device administrator to work profile management without the risk of losing access to resources.

    • 向最终用户发送推送通知:将其配置为向设备管理员设备发送推送通知。Send push notification to end user: Configure this to send push notifications to the device administrator devices. 用户选择通知时,它将启动“Android 公司门户”进入“更新设备设置”页面,用户可以在其中着手将流迁移至工作配置文件管理。When a user selects the notification, it will launch the Android Company Portal to the Update device settings page where they can start the flow to move to work profile management.

    • 向最终用户发送电子邮件:将其配置为向用户发送有关从设备管理员迁移至工作配置文件管理的电子邮件。Send email to end user: Configure this to send emails to users about the move from device administrator to work profile management. 你可以在邮件中加入以下 URL。选择该 URL 时将启动“Android 公司门户”进入“更新设备设置”页面,用户可以在其中着手将流迁移至工作配置文件管理。In the email, you can include the URL below , which when selected, will launch the Android Company Portal to the Update device settings page where they can start the flow to move to work profile management.

      • https://portal.manage.microsoft.com/UpdateSettings.aspxhttps://portal.manage.microsoft.com/UpdateSettings.aspx.
      • 对于美国政府版,可以改用以下链接:https://portal.manage.microsoft.us/UpdateSettings.aspxFor US government, you can use this link instead: https://portal.manage.microsoft.us/UpdateSettings.aspx.

      备注

      • 当然,在与用户通信时,可以使用用户友好的超文本链接。Of course, you can use user-friendly hyper-text for the links in your communication with users. 不过,请不要使用 URL 缩短器,这样很可能导致链接失效。However, don't use URL-shorteners because the links may not work if changed that way.
      • 如果 Android 公司门户在后台处于打开状态,当用户点击该链接时,他们可能会转到上次打开的页面。If the Android Company Portal is open and in the background, when a user taps the link they might go to the last page they had open instead.
      • 用户必须在 Android 设备上点击此链接。Users must tap the link on an Android device. 如果他们将其粘贴到浏览器中,则不会启动 Android 公司门户。If they instead paste it into a browser, it will not launch the Android Company Portal.

    选择“下一步”。Choose Next.

  7. 在“范围标记”页上,选择要包括的任何范围标记。On the Scope tags page, select any scope tags you want to include.

  8. 在“分配”页上,将策略分配到其中的设备已注册设备管理员管理的组,然后单击“下一步”。On the Assignments page, assign the policy to a group that has devices enrolled with device administrator management > Next.

  9. 在“查看 + 创建”页上,确认所有设置,然后选择“创建”。On the Review + create page, confirm all your settings and then select Create.

疑难解答Troubleshooting

转到新的设备管理设置的最终用户流程可指导用户从设备管理员管理取消注册,并设置工作配置文件管理。The end user flow to move to new device management setup guides users through unenrolling from device administrator management and getting set up with work profile management. 用户的已注册 Android 设备管理员的设备必须安装有 Android 公司门户版本 5.0.4720.0 或更高版本。Users must have Android device administrator enrolled devices with Android Company Portal version 5.0.4720.0 or later.

用户在点击“解决”后看到错误User sees an error after tapping Resolve

如果用户在点击“解决”按钮后出现错误,可能是由于以下原因之一导致的:If users see an error after tapping the Resolve button, it's likely because of one of these reasons:

  • 未正确设置工作配置文件注册(未连接 Android Enterprise 帐户或设置了用于阻止工作配置文件注册的注册限制)。Work profile enrollment isn't set up correctly (either an Android Enterprise account isn't connected or enrollment restrictions are set to block work profile enrollment).
  • 设备运行的是 Android 4.4 或更早版本,不支持注册工作配置文件。The device is running Android 4.4 or earlier, which doesn't support work profile enrollment.
  • 设备制造商不支持在该设备型号上注册工作配置文件。The device manufacturer doesn't support work profile enrollment on the device model.

用户设备上不显示“解决”按钮Resolve button doesn't appear on the user's device

如果用户符合上述设备符合性策略的要求并已注册设备管理员管理,用户设备上将不会显示“解决”按钮。The Resolve button won't appear on the user's device if the user enrolls into device administrator management after they've been targeted with the device compliance policy explained above.

要显示“解决”按钮,用户必须推迟设置并从通知中重新开始该过程。To get the Resolve button to appear, the user must postpone setup and restart the process from the notification.

为避免这种情况,请使用注册限制来阻止注册设备管理员管理。To avoid this condition, use enrollment restrictions to block enrollment into device administrator management.

用户点击 URL 转到“更新设备设置”页后看到错误User sees an error after tapping URL to Update device settings page

当用户点击指向 Android 公司门户的“更新设备设置”页的 URL 时,浏览器中可能显示错误页面。Users might see an error page in the browser when they tap the URL to the Update device settings page of the Android Company Portal. 此错误可能是由于以下原因之一导致的:This error can be caused by one of the following:

  • 设备不是 Android 设备。The device isn't an Android.
  • Android 设备没有公司门户应用。The Android device doesn't have the Company Portal app.
  • Android 公司门户版本低于 5.0.4720.0。The Android Company Portal version is earlier than 5.0.4720.0.
  • Android 设备使用的是 Android 6 或更低版本。The Android device uses Android 6 or earlier.

后续步骤Next steps

请参阅最终用户流 使用 Intune 管理 Android 工作配置文件设备See the end user flow Manage Android work profile devices with Intune