Android 应用由应用保护策略托管时会出现的情况What to expect when your Android app is managed by app protection policies

本文介绍启用了应用保护策略的应用的用户体验。This article describes the user experience for apps with app protection policies. 仅在工作环境中使用应用时,应用保护策略才适用:例如,用户使用工作帐户访问应用,或访问 OneDrive for Business 位置存储的文件时。App protection policies are applied only when apps are used in a work context: for example, when the user is accessing apps with a work account or accessing files that are stored in a OneDrive for Business location.

访问应用Access apps

Android 设备上与应用保护策略关联的所有应用都需要公司门户应用。The Company Portal app is required for all apps that are associated with app protection policies on Android devices.

对于未在 Intune 中注册的设备,必须在设备上安装公司门户应用。For devices that are not enrolled in Intune, the Company Portal app must be installed on the device. 但是,用户不必启动或登录到公司门户应用,即可使用由应用保护策略托管的应用。However, the user does not have to launch or sign into the Company Portal app before they can use apps that are managed by app protection policies.

公司门户应用是 Intune 共享安全位置中的数据的一种方法。The Company Portal app is a way for Intune to share data in a secure location. 因此,即使未在 Intune 中注册设备,与应用保护策略关联的所有应用也需要公司门户应用。Therefore, the Company Portal app is a requirement for all apps that are associated with app protection policies, even if the device is not enrolled in Intune.

使用具有多身份支持的应用Use apps with multi-identity support

应用保护策略仅用于工作环境。App protection polices are only applied in the work context. 因此,应用的行为可能有所不同,具体取决于是工作环境还是个人环境。Therefore, the app might behave differently depending on whether the context is work or personal.

例如,用户访问工作数据时会遇到 PIN 提示。For example, the user gets a PIN prompt when accessing work data. 对于 Outlook 应用,在用户启动应用时提示他们输入 PIN。For the Outlook app, the user is prompted for a PIN when they launch the app. 对于 OneDrive 应用,在用户键入工作帐户时提示他们输入 PIN。For the OneDrive app, the user is prompted for the pin when they type in the work account. 对于 Microsoft WordPowerPointExcel,在用户访问存储在公司 OneDrive for Business 位置的文档时提示他们输入 PIN。For Microsoft Word, PowerPoint, and Excel, the user is prompted for the pin when they access documents that are stored in the company OneDrive for Business location.

在设备上管理用户帐户Manage user accounts on the device

多标识应用程序允许用户添加多个帐户。Multi-identity applications allow users to add multiple accounts. Intune 应用仅支持一个托管帐户。Intune APP supports only one managed account. Intune 应用不限制非托管帐户的数量。Intune APP does not limit the number of unmanaged accounts.

当应用程序中存在托管帐户时:When there is a managed account in an application:

  • 如果用户尝试添加第二个托管帐户,则需要选择要使用的托管帐户。If a user attempts to add a second managed account, the user is asked to select which managed account to use. 另一个帐户则被删除。The other account is removed.
  • 如果 IT 管理员将一个策略添加到第二个现有帐户,用户需要选择要使用的托管帐户。If the IT admin adds a policy to a second existing account, the user is asked to select which managed account to use. 另一个帐户则被删除。The other account is removed.

阅读以下示例场景以更深入地了解如何处理多个用户帐户。Read the following example scenario to get a deeper understanding of how multiple user accounts are treated.

用户 A 为两家公司(X 公司Y 公司)工作。用户 A 对于每家公司具有 1 个工作帐户,它们都使用 Intune 来部署应用保护策略。User A works for two companies—Company X and Company Y. User A has a work account for each company, and both use Intune to deploy app protection policies. X 公司在 Y 公司之前部署应用保护策略。 与 X 公司 关联的帐户会获得应用保护策略,而与 Y 公司关联的帐户不会。如果希望与 Y 公司关联的用户帐户由应用保护策略管理,必须删除与 X 公司关联的用户帐户,并添加与 Y 公司关联的帐户。Company X deploys app protection policies before Company Y. The account that's associated with Company X gets the app protection policy, but not the account that's associated with Company Y. If you want the user account that's associated with Company Y to be managed by the app protection policies, you must remove the user account that's associated with Company X and add the account that is associated with Company Y.

添加第二个帐户Add a second account

AndroidAndroid

如果使用 Android 设备,则可能会看到具有删除现有帐户并添加新帐户指令的阻止消息。If you are using an Android device, you might see a blocking message with instructions to remove the existing account and add a new one. 若要删除现有帐户,请转到“设置”>“常规”>应用程序管理器”>“公司门户”, To remove the existing account, go to Settings >General > Application Manager >Company Portal. 然后选择“清除数据” 。Then choose Clear Data.

错误消息以及删除操作的指令的屏幕截图

使用 Azure 信息保护应用查看媒体文件View media files with the Azure Information Protection app

若要在 Android 设备上查看公司 AV、PDF 和图像文件,请使用 Azure 信息保护应用(以前称为 Rights Management 共享应用)。To view company AV, PDF, and image files on Android devices, use the Azure Information Protection app (previously known as the Rights Management sharing app).

从 Google Play 商店下载此应用。Download this app from the Google Play store.

支持以下文件类型:The following file types are supported:

  • 音频: AAC LC、HE-AACv1 (AAC+)、HE-AACv2(增强型 AAC+)、AAC ELD(增强型低延迟 AAC)、AMR-NB、AMR-WB、FLAC、MP3、MIDI、Ogg VorbisAudio: AAC LC, HE-AACv1 (AAC+), HE-AACv2 (enhanced AAC+), AAC ELD (enhanced low delay AAC), AMR-NB, AMR-WB, FLAC, MP3, MIDI, Ogg Vorbis
  • 视频: H.263、H.264 AVC、MPEG-4 SP、VP8Video: H.263, H.264 AVC, MPEG-4 SP, VP8
  • 图像: .jpg、.pjpg、.png、.ppng、.bmp、.pbmp、.gif、.pgif,.jpeg、.pjpeg。Image: .jpg, .pjpg, .png, .ppng, .bmp, .pbmp, .gif, .pgif, .jpeg, .pjpeg
  • 文档: PDF、PPDFDocuments: PDF, PPDF
pfilepfile
Pfile 是一种用于受保护文件的通用“包装器”格式,它可封装加密内容和 Azure 信息保护许可证。Pfile is a generic "wrapper" format for protected files that encapsulates the encrypted content and the Azure Information Protection licenses. 它可以用于保护任何文件类型。It can be used to protect any file type.

后续步骤Next steps

iOS/iPadOS 应用由应用保护策略托管时会出现的情况What to expect when your iOS/iPadOS app is managed by app protection policies