验证 Android 或 iOS 设备上的应用保护设置Validate app protection settings on Android or iOS devices

按照以下部分中的说明验证 Android 或 iOS 设备上的应用保护设置。Follow the instructions in the following sections to validate app protection settings on Android or iOS devices.

AndroidAndroid

检查应用保护设置在用户设备上是否正常工作Check that the app protection settings are working on user devices

设置用于 Android 设备的应用配置以保护应用后,可按以下步骤验证所选设置是否有效。After you set app configurations for Android devices to protect the apps, you can follow these steps to validate that the settings you chose work.

首先,确保该策略适用于你要验证它的应用。First, make sure that the policy applies to the app in which you're going to validate it.

  1. 在 Microsoft 365 商业高级版 管理中心中,转到"策略 > ""编辑策略"。In the Microsoft 365 Business Premium admin center, go to Policies > Edit policy.

  2. 选择 "适用于 Android 的应用程序策略",选择在设置时创建的设置或您创建的另一个策略,并验证是否对 Outlook(例如)强制执行了此设置。Choose Application policy for Android for the settings you created at setup, or another policy you created, and verify that it's enforced for Outlook, for example.

    Shows all the apps for which this policy protects files.

验证"需要 PIN 或指纹才能访问 Office 应用"Validate Require a PIN or a fingerprint to access Office apps

在" 编辑策略"窗格中,选择" Office 文档的访问控制"旁边的" 编辑",展开" 管理用户如何在移动设备上访问 Office 文件",并确保将" 需要 PIN 或指纹才能访问 Office 应用"设置为" "。In the Edit policy pane, choose Edit next to Office documents access control, expand Manage how users access Office files on mobile devices, and make sure that Require a PIN or fingerprint to access Office apps is set to On.

确保"需要 PIN 或指纹来访问 Office 应用"设置为"打开"。

  1. 在用户的 Android 设备上,打开 Outlook,然后使用用户的 Microsoft 365 商业高级版凭据登录。In the user's Android device, open Outlook and sign in with the user's Microsoft 365 Business Premium credentials.

  2. 系统还会提示你输入 PIN 或使用指纹。You'll also be prompted to enter a PIN or use a fingerprint.

    Enter a PIN on your Android device to access Office apps.

验证"超过登录失败次数限制后重置 PIN"Validate Reset PIN after number of failed attempts

在"编辑策略"窗格中,选择 "Office 文档访问控制"旁边的"编辑",展开"管理用户如何在移动设备上访问 Office 文件",并确保"在失败尝试次数后重置 PIN" 设置为一个数字。In the Edit policy pane, choose Edit next to Office documents access control, expand Manage how users access Office files on mobile devices, and make sure that Reset PIN after number of failed attempts is set to some number. 默认情况下为 5。This is 5 by default.

  1. 在用户的 Android 设备上,打开 Outlook,然后使用用户的 Microsoft 365 商业高级版凭据登录。In the user's Android device, open Outlook and sign in with the user's Microsoft 365 Business Premium credentials.

  2. 输入错误 PIN 的次数达到策略指定次数。Enter an incorrect PIN as many times as specified by the policy. 你将看到一条提示,指出 "PIN 尝试限制已到达 "以重置 PIN。You'll see a prompt that states PIN Attempt Limit Reached to reset the PIN.

    After too many incorrect PIN attempts, you need to reset your PIN.

  3. 按" 重置 PIN"。Press Reset PIN. 系统将提示你使用用户的 Microsoft 365 商业高级版凭据登录,然后需要设置新的 PIN。You'll be prompted to sign in with the user's Microsoft 365 Business Premium credentials, and then required to set a new PIN.

验证"强制用户将所有工作文件保存到 OneDrive for Business"Validate Force users to save all work files to OneDrive for Business

在" 编辑策略"窗格中,选择" 设备丢失或被盗防护"旁边的" 编辑",展开" 设备丢失或被盗时保护工作文件",并确保将" 强制用户将所有工作文件保存到 OneDrive for Business"设置为" "。In the Edit policy pane, choose Edit next to Protection against lost or stolen devices, expand Protect work files when devices are lost or stolen, and make sure that Force users to save all work files to OneDrive for Business is set to On.

Verify that Force users to save all work files to OneDrive for Business is set to On.

  1. 在用户的 Android 设备上,打开 Outlook,然后使用用户的 Microsoft 365 商业高级版凭据登录,并输入 PIN(如果需要)。In the user's Android device, open Outlook and sign in with the user's Microsoft 365 Business Premium credentials, and enter a PIN if requested.

  2. 打开带附件的电子邮件,然后点击附件信息旁边的向下箭头图标。Open an email that contains an attachment and tap the down arrow icon next to the attachment's information.

    Tap the down arrow next to an attachment to try to save it.

    你将在屏幕 底部看到 无法保存到设备。You'll see Cannot save to device on the bottom of the screen.

    Warning text that indicates cannot save a file locally to an Android.

    备注

    目前尚不可在 Android 上保存到 OneDrive for Business,因此仅会看到本地保存被阻止。Saving to OneDrive for Business is not enabled for Android at this time, so you can only see that saving locally is blocked.

验证"Office 应用空闲指定时间后要求用户再次登录"Validate Require user to sign in again if Office apps have been idle for a specified time

在"编辑策略"窗格中,选择 "Office 文档访问控制"旁边的"编辑",展开"管理用户如何在移动设备上访问 Office 文件",并确保"要求用户在 Office 应用空闲后重新登录"设置为几分钟。In the Edit policy pane, choose Edit next to Office documents access control, expand Manage how users access Office files on mobile devices, and make sure that Require users to sign in again after Office apps have been idle for is set to some number of minutes. 默认情况下为 30 分钟。This is 30 minutes by default.

  1. 在用户的 Android 设备上,打开 Outlook,然后使用用户的 Microsoft 365 商业高级版凭据登录,并输入 PIN(如果需要)。In the user's Android device, open Outlook and sign in with the user's Microsoft 365 Business Premium credentials, and enter a PIN if requested.

  2. 现应该会显示 Outlook 收件箱。(最低标准)30 分钟不触碰 Android 设备而使其闲置(或者长于策略中指定时长的其他时间)。设备屏幕可能变暗。You should now see Outlook's inbox. Let the Android device idle untouched for at least 30 minutes (or some other amount of time, longer than what you specified in the policy). The device will likely dim.

  3. 再次访问 Android 设备上的 Outlook。Access Outlook on the Android device again.

  4. 系统将提示你输入 PIN,然后才能再次访问 Outlook。You'll be prompted to enter your PIN before you can access Outlook again.

验证"使用加密保护工作文件"Validate Protect work files with encryption

在" 编辑策略"窗格中,选择" 设备丢失或被盗防护"旁边的" 编辑",展开" 设备丢失或被盗时保护工作文件",并确保将" 使用加密保护工作文件"设置为" ",将" 强制用户将所有工作文件保存到 OneDrive for Business"设置为" "。In the Edit policy pane, choose Edit next to Protection against lost or stolen devices, expand Protect work files when devices are lost or stolen, and make sure that Protect work files with encryption is set to On, and Force users to save all work files to OneDrive for Business is set to Off.

  1. 在用户的 Android 设备上,打开 Outlook,然后使用用户的 Microsoft 365 商业高级版凭据登录,并输入 PIN(如果需要)。In the user's Android device, open Outlook and sign in with the user's Microsoft 365 Business Premium credentials, and enter a PIN if requested.

  2. 打开一封包含一些图像文件附件的电子邮件。Open an email that contains a few image file attachments.

  3. 点击附件信息旁边的向下箭头图标进行保存。Tap the down arrow icon next to the attachment's info to save it.

    Tap the down arrow to save the figure file to the Android device.

  4. 系统可能会提示允许 Outlook 访问设备中的照片、媒体和文件。点击" 允许"。You may be prompted to allow Outlook to access photos, media, and files on your device. Tap Allow.

  5. 在屏幕底部,选择" 保存到设备",然后打开" "应用。At the bottom of the screen, choose to Save to Device and then open the Gallery app.

  6. 列表中应该会显示一张已加密的照片(如果保存了多个图像文件,将显示多张)。它可能会在"图片"列表中显示为灰色方框,其中心显示带白色感叹号的白色圆圈。You should see an encrypted photo (or more, if you saved multiple image file attachments) in the list. It may appear in the Pictures list as a gray square with a white exclamation point within a white circle in the center of the gray square.

    An encrypted image file in the Gallery app.

iOSiOS

检查"应用保护"设置在用户设备上是否正常工作Check that the App protection settings are working on user devices

设置 iOS 设备的应用配置以保护应用后,可按以下步骤验证所选设置是否有效。After you set app configurations for iOS devices to protect apps, you can follow these steps to validate that the settings you chose work.

首先,确保该策略适用于你要验证它的应用。First, make sure that the policy applies to the app in which you're going to validate it.

  1. 在 Microsoft 365 商业高级版 管理中心中,转到"策略 > ""编辑策略"。In the Microsoft 365 Business Premium admin center, go to Policies > Edit policy.

  2. 选择 "iOS 的应用程序策略"作为在设置时创建的设置或创建的另一个策略,并验证是否对 Outlook 强制执行了此设置。Choose Application policy for iOS for the settings you created at setup, or another policy you created, and verify that it's enforced for Outlook for example.

    Shows all the apps for which this policy protects files.

验证需要 PIN 才能访问 Office 应用Validate Require a PIN to access Office apps

在" 编辑策略"窗格中,选择" Office 文档的访问控制"旁边的" 编辑",展开" 管理用户如何在移动设备上访问 Office 文件",并确保将" 需要 PIN 或指纹才能访问 Office 应用"设置为" "。In the Edit policy pane, choose Edit next to Office documents access control, expand Manage how users access Office files on mobile devices, and make sure that Require a PIN or fingerprint to access Office apps is set to On.

确保"需要 PIN 或指纹来访问 Office 应用"设置为"打开"。

  1. 在用户的 iOS 设备中,打开 Outlook,然后使用用户的 Microsoft 365 商业高级版凭据登录。In the user's iOS device, open Outlook and sign in with the user's Microsoft 365 Business Premium credentials.

  2. 系统还会提示你输入 PIN 或使用指纹。You'll also be prompted to enter a PIN or use a fingerprint.

    Enter a PIN on your IOS device to access Office apps.

验证"超过登录失败次数限制后重置 PIN"Validate Reset PIN after number of failed attempts

在"编辑策略"窗格中,选择 "Office 文档访问控制"旁边的"编辑",展开"管理用户如何在移动设备上访问 Office 文件",并确保"在失败尝试次数后重置 PIN" 设置为一个数字。In the Edit policy pane, choose Edit next to Office documents access control, expand Manage how users access Office files on mobile devices, and make sure that Reset PIN after number of failed attempts is set to some number. 默认情况下为 5。This is 5 by default.

  1. 在用户的 iOS 设备中,打开 Outlook,然后使用用户的 Microsoft 365 商业高级版凭据登录。In the user's iOS device, open Outlook and sign in with the user's Microsoft 365 Business Premium credentials.

  2. 输入错误 PIN 的次数达到策略指定次数。Enter an incorrect PIN as many times as specified by the policy. 你将看到一条提示,指出 "PIN 尝试限制已到达 "以重置 PIN。You'll see a prompt that states PIN Attempt Limit Reached to reset the PIN.

    After too many incorrect PIN attempts, you need to reset your PIN.

  3. 按" 确定"。Press OK. 系统将提示你使用用户的 Microsoft 365 商业高级版凭据登录,然后需要设置新的 PIN。You'll be prompted to sign in with the user's Microsoft 365 Business Premium credentials, and then required to set a new PIN.

验证"强制用户将所有工作文件保存到 OneDrive for Business"Validate Force users to save all work files to OneDrive for Business

在" 编辑策略"窗格中,选择" 设备丢失或被盗防护"旁边的" 编辑",展开" 设备丢失或被盗时保护工作文件",并确保将" 强制用户将所有工作文件保存到 OneDrive for Business"设置为" "。In the Edit policy pane, choose Edit next to Protection against lost or stolen devices, expand Protect work files when devices are lost or stolen, and make sure that Force users to save all work files to OneDrive for Business is set to On.

Verify that Force users to save all work files to OneDrive for Business is set to On.

  1. 在用户的 iOS 设备中,打开 Outlook,然后使用用户的 Microsoft 365 商业高级版凭据登录,并输入 PIN(如果需要)。In the user's iOS device, open Outlook and sign in with the user's Microsoft 365 Business Premium credentials, and enter a PIN if requested.

  2. 打开包含附件的电子邮件,然后打开附件,在屏幕底部选择" 保存"。Open an email that contains an attachment, open the attachment and choose Save on the bottom of the screen.

    Tap the Save option after you open an attachment to try to save it.

  3. 应只会看到用于 OneDrive for Business 的选项。You should only see an option for OneDrive for Business. 如果没有,请点击"添加帐户", 然后从"添加存储帐户"屏幕中选择 "OneDrive for Business"。If not, tap Add Account and select OneDrive for Business from the Add Storage Account screen. 提供最终用户的 Microsoft 365 商业高级版,以在系统提示时登录。Provide the end user's Microsoft 365 Business Premium to sign in when prompted.

    点击" 保存",选择" OneDrive for Business"。Tap Save and select OneDrive for Business.

验证"Office 应用空闲指定时间后要求用户再次登录"Validate Require user to sign in again if Office apps have been idle for a specified time

在"编辑策略"窗格中,选择 "Office 文档访问控制"旁边的"编辑",展开"管理用户如何在移动设备上访问 Office 文件",并确保"要求用户在 Office 应用空闲后重新登录"设置为几分钟。In the Edit policy pane, choose Edit next to Office documents access control, expand Manage how users access Office files on mobile devices, and make sure that Require users to sign in again after Office apps have been idle for is set to some number of minutes. 默认情况下为 30 分钟。This is 30 minutes by default.

  1. 在用户的 iOS 设备中,打开 Outlook,然后使用用户的 Microsoft 365 商业高级版凭据登录,并输入 PIN(如果需要)。In the user's iOS device, open Outlook and sign in with the user's Microsoft 365 Business Premium credentials, and enter a PIN if requested.

  2. 现应该会显示 Outlook 收件箱。在至少 30 分钟(或长于策略中指定时间的其他时间)内不触碰 iOS 设备。设备屏幕可能变暗。You should now see Outlook's inbox. Let the iOS device untouched for at least 30 minutes (or some other amount of time, longer than what you specified in the policy). The device will likely dim.

  3. 再次访问 iOS 设备的 Outlook。Access Outlook on the iOS device again.

  4. 系统将提示你输入 PIN,然后才能再次访问 Outlook。You'll be prompted to enter your PIN before you can access Outlook again.

验证"使用加密保护工作文件"Validate Protect work files with encryption

在" 编辑策略"窗格中,选择" 设备丢失或被盗防护"旁边的" 编辑",展开" 设备丢失或被盗时保护工作文件",并确保将" 使用加密保护工作文件"设置为" ",将" 强制用户将所有工作文件保存到 OneDrive for Business"设置为" "。In the Edit policy pane, choose Edit next to Protection against lost or stolen devices, expand Protect work files when devices are lost or stolen, and make sure that Protect work files with encryption is set to On, and Force users to save all work files to OneDrive for Business is set to Off.

  1. 在用户的 iOS 设备中,打开 Outlook,然后使用用户的 Microsoft 365 商业高级版凭据登录,并输入 PIN(如果需要)。In the user's iOS device, open Outlook and sign in with the user's Microsoft 365 Business Premium credentials, and enter a PIN if requested.

  2. 打开一封包含一些图像文件附件的电子邮件。Open an email that contains a few image file attachments.

  3. 点击该附件,然后点击其下的" 保存"选项。Tap the attachment and then tap the Save option under it.

  4. 从主屏幕打开" 照片"应用。应看到已保存且加密的照片(如果保存了多个图像文件附件,将看到更多照片)。Open Photos app from the home screen. You should see an encrypted photo (or more, if you saved multiple image file attachments) saved, but encrypted.