在 Intune 中为未注册的设备启用移动威胁防御连接器Enable the Mobile Threat Defense connector in Intune for unenrolled devices

在移动威胁防御 (MTD) 安装过程中,已配置了用于在移动威胁防御合作伙伴控制台中对威胁进行分类的策略,并且已在 Intune 中创建了应用保护策略。During Mobile Threat Defense (MTD) setup, you've configured a policy for classifying threats in your Mobile Threat Defense partner console and you've created the app protection policy in Intune. 如果已在 MTD 合作伙伴控制台中配置了 Intune 连接器,则现在可为 MTD 合作伙伴应用程序启用 MTD 连接。If you've already configured the Intune connector in the MTD partner console, you can now enable the MTD connection for MTD partner applications.

备注

本文适用于支持应用保护策略的所有移动威胁防御合作伙伴:This article applies to all Mobile Threat Defense partners that support app protection policies:

  • Better Mobile(Android、iOS/iPadOS)Better Mobile (Android,iOS/iPadOS)
  • Lookout for Work(Android、iOS/iPadOS)Lookout for Work (Android,iOS/iPadOS)
  • Wandera(Android、iOS/iPadOS)Wandera (Android,iOS/iPadOS)
  • Zimperium(Android、iOS/iPadOS)Zimperium (Android,iOS/iPadOS)

MTD 应用的经典条件访问策略Classic conditional access policies for MTD apps

如果你将新应用集成到 Intune Mobile Threat Defense,并启用与 Intune 的连接,Intune 会在 Azure Active Directory 中创建经典条件访问策略。When you integrate a new application to Intune Mobile Threat Defense and enable the connection to Intune, Intune creates a classic conditional access policy in Azure Active Directory. 集成的每个 MTD 应用(包括 Defender ATP 或其他任何 MTD 合作伙伴)都会新建经典条件访问策略。Each MTD app you integrate, including Defender ATP or any of our additional MTD partners, creates a new classic conditional access policy. 可以忽略这些策略,但不能对其进行编辑、删除或禁用。These policies can be ignored, but shouldn't be edited, deleted, or disabled.

如果删除了经典策略,你将需要删除负责创建它的 Intune 的连接,然后重新设置。If the classic policy is deleted, you'll need to delete the connection to Intune that was responsible for its creation, and then set it up again. 此过程将重新创建经典策略。This process recreates the classic policy. 不支持将 MTD 应用的经典策略迁移到新的条件访问策略类型。It's not supported to migrate classic policies for MTD apps to the new policy type for conditional access.

MTD 应用的经典条件访问策略:Classic conditional access policies for MTD apps:

  • 供 Intune MTD 使用,以要求在 Azure AD 中注册设备,这样它们就在与 MTD 合作伙伴通信前有设备 ID 了。Are used by Intune MTD to require that devices are registered in Azure AD so that they have a device ID before communicating to MTD partners. 此 ID 是必需的,以便设备可以成功向 Intune 报告其状态。The ID is required so that devices and can successfully report their status to Intune.

  • 不会影响其他任何云应用或资源。Have no effect on any other Cloud apps or Resources.

  • 此策略与可能创建的用于帮助管理 MTD 的条件访问策略不同。Are distinct from conditional access policies you might create to help manage MTD.

  • 默认情况下,该策略与用于评估的其他条件访问策略不交互。By default, don't interact with other conditional access policies you use for evaluation.

要查看经典条件访问策略,请转到 Azure 中的“Azure Active Directory” > “条件访问” > “经典策略” 。To view classic conditional access policies, in Azure, go to Azure Active Directory > Conditional Access > Classic policies.

启用 MTD 连接器To enable the MTD connector

  1. 登录到 Microsoft 终结点管理器管理中心Sign in to the Microsoft Endpoint Manager admin center.

  2. 选择“租户管理” > “连接器和令牌” > “移动威胁防御”。Select Tenant administration > Connectors and tokens > Mobile Threat Defense.

  3. 在“移动威胁防御”窗格上选择“添加” 。On the Mobile Threat Defense pane, choose Add.

  4. 从下拉列表中选择 MTD 解决方案作为“要设置的移动威胁防御连接器”。Choose your MTD solution as the Mobile Threat Defense connector to setup from the drop-down list.

  5. 根据你组织的要求启用切换选项。Enable the toggle options according to your organization's requirements. 可见的切换选项因 MTD 合作伙伴而异。Toggle options visible will vary depending on the MTD partner.

移动威胁防御切换选项Mobile Threat Defense toggle options

可以根据组织要求决定需要启用哪些 MTD 切换选项。You can decide which MTD toggle options you need to enable according to your organization's requirements. 下面是更多详细信息:Here are more details:

应用保护策略设置App Protection Policy Settings

  • 将版本 4.4 及更高版本的 Android 设备连接到 <MTD partner name> 以进行应用保护策略评估:启用此选项时,使用设备威胁级别规则的应用保护策略将评估包括来自此连接器的数据的设备。Connect Android devices of version 4.4 and above to <MTD partner name> for app protection policy evaluation: When you enable this option, app protection policies using the Device Threat Level rule will evaluate devices including data from this connector.

  • 将 11 及更高版本的 iOS 设备连接到 <MTD partner name> 以进行应用保护策略评估:启用此选项时,使用设备威胁级别规则的应用保护策略将评估包括来自此连接器的数据的设备。Connect iOS devices version 11 and above to <MTD partner name> for app protection policy evaluation: When you enable this option, app protection policies using the Device Threat Level rule will evaluate devices including data from this connector.

常见的共享设置Common Shared Settings

  • 合作伙伴无响应之前的天数:在 Intune 由于连接断开将合作伙伴视为无响应之前的天数。Number of days until partner is unresponsive: Number of days of inactivity before Intune considers the partner to be unresponsive because the connection is lost. Intune 将忽略无响应 MTD 合作伙伴的符合性状态。Intune ignores compliance state for unresponsive MTD partners.

提示

可以从“移动威胁防御”窗格中查看 Intune 和 MTD 合作伙伴之间的“连接状态”和“上次同步”时间 。You can see the Connection status and the Last synchronized time between Intune and the MTD partner from the Mobile Threat Defense pane.

后续步骤Next Steps