设置或编辑 Windows 10 设备的应用程序保护设置Set or edit application protection settings for Windows 10 devices

本文适用于 Microsoft 365 商业高级版。This article applies to Microsoft 365 Business Premium.

编辑 Windows 10 的应用管理策略Edit an app management policy for Windows 10

  1. 转到位于 https://admin.microsoft.com 的管理中心。Go to the admin center at https://admin.microsoft.com.
  2. 在左侧导航中,选择 "设备策略 > "。On the left nav, choose Devices > Policies .
  3. 选择现有的 Windows 应用策略,然后选择"编辑 "。Choose an existing Windows app policy and then Edit.
  4. 选择 更改的设置旁边的"编辑",然后选择"保存 "。Choose Edit next to a setting you want to change and then Save.

创建适用于 Windows 10 的应用管理Create an app management policy for Windows 10

如果用户在个人 Windows 10 设备上执行工作任务,也可以在该类设备上保护你的数据。If your users have personal Windows 10 devices on which they perform work tasks, you can protect your data on those devices as well.

  1. 转到位于 https://admin.microsoft.com 的管理中心。Go to the admin center at https://admin.microsoft.com.

  2. 在左侧导航上,选择 "设备策略 > > ""添加"。On the left nav, choose Devices > Policies > Add.

  3. 在" 添加策略"窗格中,输入此策略的唯一名称。On the Add policy pane, enter a unique name for this policy.

  4. 在" 策略类型"下,选择" 适用于 Windows 10 的应用程序管理"。Under Policy type, choose Application Management for Windows 10.

  5. "设备类型"下,选择"个人""公司拥有"。Under Device type, choose either Personal or Company Owned.

  6. 将自动打开" 加密工作文件"。The Encrypt work files is turned on automatically.

  7. 如果不希望用户在其电脑上保存工作文件,请将" 阻止用户将公司数据复制到个人文件,并强制其将工作文件保存到 OneDrive for Business"设置为" "。Set Prevent users from copying company data to personal files and force them to save work files to OneDrive for Business to On if you don't want the users to save work files on their PC.

  8. 展开 "恢复 Windows 设备上的数据"。Expand Recover data on Windows devices. 建议将其 打开。We recommend that you turn it On. 必须先创建一个数据恢复代理证书,才能浏览到该证书的位置。Before you can browse to the location of the Data Recovery Agent certificate, you have to first create one. 有关说明,请参阅 Create and verify an Encrypting File System (EFS) Data Recovery Agent (DRA) certificateFor instructions, see Create and verify an Encrypting File System (EFS) Data Recovery Agent (DRA) certificate.

    默认情况下,使用存储在设备上并与用户配置文件相关联的密钥对工作文件进行加密。By default, work files are encrypted using a secret key that is stored on the device and associated with the user's profile. 只有该用户可以打开和解密文件。Only the user can open and decrypt the file. 但是,如果设备丢失或用户被删除,文件可能停滞在加密状态。However, if a device is lost or a user is removed, a file can be stuck in an encrypted state. 管理员可以使用数据恢复代理 (DRA) 解密文件。An admin can use the Data Recovery Agent (DRA) certificate to decrypt the file.

    Browse to Data Recovery Agent certificate.

  9. 如果要 添加其他域 或 SharePoint Online 位置,请展开"保护其他网络和云位置",以确保所有列出的应用中的文件都受到保护。Expand Protect additional network and cloud locations if you want to add additional domains or SharePoint Online locations to make sure that files in all the listed apps are protected. 如需为某字段输入多个项,请使用分号 (;) 进行分隔。If you need to enter more than one item for either field, use a semicolon (;) between the items.

    Expand Protect additional network and cloud locations, and enter domains or SharePoint Online sites you own.

  10. Next decide Who will get these settings? If you don't want to use the default All Users security group, choose Change, choose the security groups who will get these settings > Select.Next decide Who will get these settings? If you don't want to use the default All Users security group, choose Change, choose the security groups who will get these settings > Select.

  11. 最后,选择" 添加"以保存该策略,并将其分配到设备。Finally, choose Add to save the policy, and assign it to devices.