使用 Samsung 的 Knox 移动注册自动注册 Android 设备Automatically enroll Android devices by using Samsung's Knox Mobile Enrollment

本主题可帮助你使用 Samsung Knox 移动注册 (KME) 来设置 Intune,以注册支持的 Android 设备。This topic helps you set up Intune for enrolling supported Android devices using Samsung Knox Mobile Enrollment (KME). 将 Intune 与 Samsung KME 结合使用,可以在最终用户首次打开其设备并连接到 WiFi 或蜂窝网络时注册大量公司自有的 Android 设备。Using Intune with Samsung KME, you can enroll large numbers of company-owned Android devices when end users turn on their devices for the first time and connect to a WiFi or cellular network. 此外,在使用 Knox 部署应用时,可使用蓝牙或 NFC 来注册设备。Also, devices can be enrolled using Bluetooth or NFC when using the Knox Deployment App.

若要使用 Samsung KME 启用 Intune 注册,请按此顺序使用 Intune 和 Samsung Knox 门户:To enable Intune enrollment using Samsung KME, you use both the Intune and Samsung Knox portals in this order:

  1. 在 Knox 门户中:In the Knox portal:
    1. 创建 MDM 配置文件Create an MDM profile
    2. 添加设备Add devices
    3. 向设备分配 MDM 配置文件Assign an MDM profile to the devices
  2. 在 Knox 门户中,配置最终用户登录In the Knox portal, configure end user sign in.
  3. 分配设备Distribute the devices.

如果你从加入 Knox 部署计划的授权经销商购买设备,设备标识符(序列号和 IMEI)列表会自动添加到 Knox 门户。A list of device identifiers (serial numbers and IMEIs) is automatically added to the Knox Portal when purchasing devices from authorized resellers participating in the Knox Deployment Program.

必备条件Prerequisites

若要使用 KME 注册到 Intune,必须首先通过执行以下步骤在 Samsung Knox 门户上注册你的公司:To enroll into Intune using KME, you must first register your company on the Samsung Knox portal by following these steps:

  1. 确保 KME 适用于你所在的国家/地区:KME 适用于超过 55 个国家/地区。Make sure KME is available in your country/region: KME is available in over 55 countries/regions. 请确保支持部署到你所在的国家/地区。Ensure that your country/region of deployment is supported.

  2. 受支持的设备:KME 适用于所有 Samsung 设备。若要进行 Android 注册,版本至少必须为 Knox 2.4;若要进行 Android Enterprise 注册,版本至少必须为 Knox 2.8。Supported devices: KME is available on all Samsung devices with a minimum of Knox 2.4 for Android enrollment and a minimum of Knox 2.8 for Android enterprise enrollment.

  3. 网络要求:请确保网络允许必要的防火墙和网络访问规则。Network requirements: Make sure that the necessary firewall and network access rules are permitted on your network.

  4. 注册 Samsung 帐户:必须使用 Samsung 帐户,才能注册和启用 KME,并在一处集中管理所有 Knox Enterprise 权利。Register for a Samsung account: A Samsung account is needed to register and enable KME and manage all Knox Enterprise entitlements in a single place.

  5. 注册审核:在你完成并提交配置文件后,Samsung 会审阅你的申请,然后要么立即批准它,要么将它置于待审阅状态,以供进一步跟进。Registration Review: After your profile is completed and submitted, Samsung reviews your application and either approves it immediately or puts it in a pending review status for further follow-up. 在你的帐户获准后,可以继续执行后续步骤。After your account is approved, you can continue to further steps.

创建 MDM 配置文件Create MDM profile

公司成功注册后,可以使用以下信息在 Knox 门户中为 Microsoft Intune 创建 MDM 配置文件。When your company is successfully registered, you can create your MDM profile for Microsoft Intune in the Knox portal using the information below. 可以在 Knox 门户中为 Android 和 Android Enterprise 创建 MDM 配置文件。You can create MDM profiles for both Android and Android enterprise in the Knox portal.

  • 若要创建 Android MDM 配置文件,请在 Knox 门户中选择“设备管理”作为配置文件类型 。To create an Android MDM profile, select Device Admin as the profile type in the Knox Portal.
  • 若要创建 Android Enterprise MDM 配置文件,请在 Knox 门户中选择“设备所有者”作为配置文件类型 。To create an Android Enterprise MDM profile, select Device Owner as the profile type in the Knox Portal.

对于 Android EnterpriseFor Android Enterprise

MDM 配置文件字段MDM Profile Fields 是否必需?Required? Values
配置文件名称Profile Name Yes 输入选择的配置文件名称。Enter a profile name of your choice.
说明Description No 输入说明配置文件的文本。Enter text describing the Profile.
MDM 信息MDM Information Yes 选择“我的 MDM 不需要服务器 URI” 。Choose Server URI not required for my MDM.
MDM 代理 APKMDM Agent APK Yes https://aka.ms/intune_kme_deviceowner
自定义 JSONCustom JSON 是*Yes* {"com.google.android.apps.work.clouddpc.EXTRA_ENROLLMENT_TOKEN":“输入 Intune 注册令牌字符串”}。{"com.google.android.apps.work.clouddpc.EXTRA_ENROLLMENT_TOKEN": "Enter Intune enrollment token string"}. 了解如何为专用设备完全管理设备创建注册令牌。Learn how to create an enrollment token for dedicated devices and fully managed devices.
跳过安装向导Skip Setup wizard No 选中此选项可以为最终用户跳过标准设备安装提示。Choose this option to skip standard device setup prompts for the end user.
允许最终用户取消注册Allow End User to Cancel Enrollment No 选择此选项以允许用户取消 KME。Choose this option to allow users to cancel KME.
隐私策略、EULA 和服务条款Privacy Policy, EULAs and Terms of Service No 将其留空。Leave this blank.
支持联系人详细信息Support contact details Yes 选择“编辑”以更新联系人详细信息Choose Edit to update your contact details
将 Knox 许可证与此配置文件关联Associate a Knox license with this profile No 将此选项保持未选定状态。Leave this option unselected. 使用 KME 注册 Intune 不需要使用 Knox 许可证。Enrolling to Intune using KME doesn't require a Knox license.

*在 Knox 门户中完成概要文件创建不需要此字段。* This field is not required to complete profile creation in the Knox portal. 但是,Intune 确实要求填写此字段,以便配置文件可以在 Intune 中成功注册设备。However, Intune does require this field to be filled in so that the profile can successfully enroll the device in Intune.

对于 Android 设备管理员For Android device administrator

有关分步指南,请参阅 Samsung 的“创建配置文件”说明。For step-by-step guidance, see the Samsung's Create Profile instructions.

MDM 配置文件字段MDM Profile Fields 是否必需?Required? Values
配置文件名称Profile Name Yes 输入选择的配置文件名称。Enter a profile name of your choice.
说明Description No 输入说明配置文件的文本。Enter text describing the Profile.
选择 MDMPick your MDM Yes 选择 Microsoft Intune。Choose Microsoft Intune.
MDM 代理 APKMDM Agent APK Yes https://aka.ms/intune_kme
MDM Server URIMDM Server URI No 将其留空。Leave this blank.
自定义 JSON 数据Custom JSON Data No 将其留空。Leave this blank.
双 DARDual DAR No 将其留空。Leave this blank.
注册的 QR 码QR code for enrollment No 可以添加 QR 码以加快注册速度。You can add a QR code to speed enrollment.
系统应用程序System applications Yes 选择“保持启用所有系统应用”选项可确保所有应用都已启用并可供配置文件使用 。Choose the Leave all system apps enabled option to ensure all apps are enabled and available to the profile. 如果你未选中此选项,设备的应用托盘中只会显示一组有限的系统应用。If this option isn't selected, only a limited set of system apps displays in the device's apps tray. 电子邮件应用等应用仍然处于隐藏状态。Apps such as the Email app remain hidden.
隐私策略、EULA 和服务条款Privacy Policy, EULAs and Terms of Service No 将其留空。Leave this blank.
公司名称Company Name Yes 此名称将在设备注册期间显示。This name will display during device enrollment.

添加设备Add devices

若要向设备分配 MDM 配置文件,必须使用以下方法之一将支持的 Samsung Knox 设备添加到 Knox 门户:To assign MDM Profiles to devices, supported Samsung Knox devices must be added to the Knox Portal using one of the following methods:

将 MDM 配置文件分配给设备Assign an MDM profile to devices

在注册设备前,必须在 Knox 门户中将 MDM 配置文件分配给添加的设备。You must assign an MDM profile to added devices in the Knox Portal before they can be enrolled. 访问 Samsung Knox 注册用户指南以了解设备配置Visit the Samsung Knox Enrollment User Guide to learn about device configuration.

配置最终用户的登录方式Configure how end users sign in

对于使用 Android KME 在 Intune 中注册的设备,可以将最终用户的登录方式配置为如下所示:For devices enrolled in Intune using KME for Android, you can configure how an end user signs in as follows:

  • 不含用户名关联: 在 Knox 门户中,对于已添加设备,将“设备详细信息” 下的“用户 ID” 和“密码” 字段留空。Without user name association: In the Knox Portal under Device details, leave the User ID and Password fields blank for the added devices. 此选项要求最终用户必须在注册 Intune 时输入用户名和密码。This option requires the end user to enter both user name and password when enrolling to Intune.

  • 含用户名关联: 在 Knox 门户中,对于已添加设备,填写“设备详细信息” 下的“用户 ID” (如,已分配用户的用户名或 设备注册管理员帐户)。With user name association: In the Knox Portal under Device details, provide a User ID (such as a user name for the assigned user or a Device Enrollment Manager account) for the added devices. 此选项预填充用户名,并要求最终用户必须在注册 Intune 时输入密码。This option prepopulates the user name and requires the end user to enter a password when enrolling to Intune.

备注

用户关联仅适用于 Android 设备管理员注册。User association only applies to Android device administrator enrollment. 在定义用户关联后,只有关联的用户才可以使用 KME 来注册设备。When user association is defined, only the associated user can enroll the device using KME. 即使对设备恢复出厂设置后,也是如此。This is true even after a factory reset of the device. 当未在 Knox 门户中定义用户关联时,拥有有效 Intune 许可证的任何用户都可以使用 KME 来注册设备。When no user association is defined in the Knox portal, any user with a valid Intune license can enroll the device using KME. 对于 Android Enterprise 完全托管设备,即使定义了用户关联,也不会将其传递到该设备或将设备与用户关联。For Android Enterprise fully managed devices, even if user association is defined, it will not be passed to the device or tie the device to the user.

分发设备Distribute devices

创建和分配 MDM 配置文件后,关联用户名称并在 Intune 中将设备标识为“公司自有”,可以向用户分配设备。After creating and assigning an MDM profile, associating a user name, and identifying the devices as corporate-owned in Intune, you can distribute devices to users.

仍需帮助?Still need help? 请查看完整的 KME 用户指南Check out the complete KME User Guide.

常见问题解答Frequently asked questions

  • 设备所有者支持: - 设备所有者支持: Intune 支持使用 KME 门户注册专用设备和完全托管设备。Device Owner support: - Device Owner support: Intune supports enrolling Dedicated and Fully Managed devices by using the KME portal. 其他 Android Enterprise 设备所有者模式将在 Intune 中可用时受支持。Other Android enterprise device owner modes will be supported as they become available in Intune.

  • 无工作配置文件支持: KME 是公司设备注册方法,而在 Android 个人拥有的工作配置文件中注册的设备则确保工作数据和个人数据在个人设备上相互独立。No work profile support: KME is a corporate device enrollment method and devices enrolled in Android personally-owned work profile ensure work and personal data are separate on personal devices. 因此,Intune 不支持使用 KME 向个人拥有的工作配置文件注册设备。So, device enrollment to personally-owned work profile using KME isn't a supported scenario in Intune.

  • 恢复出厂设置才能注册到 Android Enterprise: 若要重新利用已设置的设备,必须在注册到 Android Enterprise 时对设备恢复出厂设置。Factory reset to enroll to Android enterprise: If repurposing devices that have already been set up, devices need to be factory reset when enrolling to Android enterprise.

  • 使用 Google Play 帐户更新: 向 Microsoft Intune 注册设备不需要使用 Google Play 帐户。Updates using Google Play account: Google Play account isn't necessary for enrolling the device to Microsoft Intune. 但是,对于 Android 设备管理员注册,未来对 Intune 公司门户应用的更新可能会要求在设备上使用 Google Play 帐户。But, for Android device administrator enrollments, future updates to the Intune Company Portal app may require a Google Play account on the device. 注册 Google 设备所有者不需要使用 Google Play 帐户。Google Play account isn't required when enrolling to Google Device Owner.

  • “密码”字段被忽略: 如果“密码” 字段是使用 Knox 门户中的“设备详细信息” 进行填充,它便会在 Android 注册期间被 Intune 公司门户应用忽略。"Password" field is ignored: If the password field is populated in Device details in the Knox Portal, it's ignored by the Intune Company Portal app during Android enrollment. 最终用户必须在设备上输入密码才能完成设备注册。The end user must enter a password on the device to complete device enrollment.

获取支持Getting support

详细了解如何获取 Samsung KME 的支持Learn more about how to get support for Samsung KME.