设置 iOS/iPadOS 和 iPadOS 用户注册(预览版)Set up iOS/iPadOS and iPadOS User Enrollment (preview)

可以将 Intune 设置为使用 Apple 的用户注册过程注册 iOS/iPadOS 和 iPadOS 设备。You can set up Intune to enroll iOS/iPadOS and iPadOS devices using Apple's User Enrollment process. 与其他注册方法相比,用户注册为管理员提供部分简化的管理选项。User Enrollment gives admins a streamlined subset of management options compared to other enrollment methods.

有关用户注册可用的选项的详细信息,请参阅用户注册支持的操作、密码和其他选项For more information about the options available with User Enrollment, see User Enrollment supported actions, passwords, and other options.

备注

Intune 中对 Apple 用户注册的支持目前处于预览状态。Support for Apple's User Enrollment in Intune is currently in preview.

必备条件Prerequisites

在 Intune 中创建用户注册配置文件Create a User Enrollment profile in Intune

注册配置文件定义注册时应用于设备组的设置。An enrollment profile defines the settings applied to a group of devices during enrollment.

  1. Microsoft Endpoint Manager 管理中心中,选择“设备” > “iOS/iPadOS” > “iOS 注册” > “注册类型(预览)” > “创建配置文件” > “iOS/iPadOS”。In the Microsoft Endpoint Manager admin center, choose Devices > iOS/iPadOS > iOS enrollment > Enrollment types (preview) > Create profile > iOS/iPadOS. 此配置文件将说明 iOS/iPadOS 和 iPadOS 最终用户在未通过公司 Apple 方法注册的设备上的注册体验。This profile is where you'll indicate what enrollment experience your iOS/iPadOS and iPadOS end users will have on devices not enrolled through a corporate Apple method. 如果你想要进行更改,可以在创建此配置文件后对其进行编辑。If you'd like to make changes, you can edit this profile after you've created it.

    创建 Apple 注册配置文件

  2. 在“基本信息”页上,输入配置文件的“名称”和“说明”,以便于管理。On the Basics page, enter a Name and Description for the profile for administrative purposes. 用户看不到这些详细信息。Users don't see these details. 可以使用此“名称”字段在 Azure Active Directory 中创建动态组。You can use this Name field to create a dynamic group in Azure Active Directory. 使用配置文件名称定义 enrollmentProfileName 参数,以向设备分配此注册配置文件。Use the profile name to define the enrollmentProfileName parameter to assign devices with this enrollment profile. 详细了解 Azure Active Directory 动态组Learn more about Azure Active Directory dynamic groups.

    “基本信息”页

  3. 选择“下一步”。Select Next.

  4. 在“设置”页面中,选择“注册类型”的下列选项之一:On the Settings page, select one of the following options for Enrollment type:

    “设置”页面

    • 设备注册:此配置文件中的所有用户都将使用设备注册。Device enrollment: All the users in this profile will use Device Enrollment.
    • 用户注册:此配置文件中的所有用户都将使用用户注册。User enrollment: All the users in this profile will use User Enrollment.
    • 基于用户选择进行确定:将为此组中的所有用户提供要使用的注册类型。Determine based on user choice: All users in this group will be given the choice of which enrollment type to use. 当用户注册其设备时,他们可以在“我拥有此设备”和“(公司)拥有此设备”之间看到一个可选择的选项。When users enroll their devices, they'll see an option to choose between I own this device and (Company) owns this device. 如果他们选择了前者,设备将使用设备注册进行注册。If they choose the latter, the device will be enrolled by using Device Enrollment. 如果用户选择“我拥有此设备”,则他们还可以选择保护整个设备或仅保护与工作相关的应用程序和数据。If the user chooses I own this device, they'll get another option to secure the entire device or only secure work-related apps and data. 最终用户选择是否拥有设备确定在其设备上实现哪些注册类型。The end user's selection of whether they own the device determines which enrollment type is implemented on their device. 此用户选项反映在 Intune 中的“设备所有权”属性中。This user choice is also reflected in the Device Ownership attribute in Intune. 若要了解有关用户体验的详细信息,请参阅设置 iOS/iPadOS 设备对公司资源的访问To learn more about the user experience, see Set up iOS/iPadOS device access to your company resources.
  5. 选择“下一步”。Select Next.

  6. 在“分配”页上,选择包含要为其分配此配置文件的用户的用户组。On the Assignments page, choose the user groups containing the users to which you want this profile assigned. 可以选择将配置文件分配给所有用户或特定组。You can choose to assign the profile to all users or specific groups. 选定组中的所有用户都将使用上面选择的注册类型。All users in the selected groups will use the enrollment type chosen above. 用户注册方案不支持设备组,因为该功能基于用户标识,而不是设备。Device groups aren't supported for User Enrollment scenarios because the feature is based on user identities, rather than devices. 可以选择将配置文件分配给所有用户或特定组。You can choose to assign the profile to all users or specific groups.

    “分配”页

  7. 选择“下一步”。Select Next.

  8. 在“查看和创建”页上,查看你的选择,然后选择“创建”以将配置文件分配给用户。On the Review and Create page, review your choices, and then select Create to assign the profile to the users.

    “分配”页

配置文件优先级Profile priority

创建多个注册类型配置文件后,可以更改应用的优先级顺序。After you've created more than one enrollment type profile, you can change the priority order in which they're applied.

  1. Microsoft Endpoint Manager 管理中心中,选择“设备” > “iOS/iPadOS” > “iOS 注册” > “注册类型(预览)”。In the Microsoft Endpoint Manager admin center, choose Devices > iOS/iPadOS > iOS enrollment > Enrollment types (preview).
  2. 按你希望应用的顺序拖放列表中的配置文件。Drag and drop the profiles in the list in the order you want them applied.

如果任何用户的配置文件之间发生冲突,则会为用户应用较高优先级的配置文件。In case of conflicts between profiles for any user, the higher priority profile is applied for the user.