Microsoft 365 设备管理指南Device management roadmap for Microsoft 365

Microsoft 365 企业版包括可帮助在组织中管理设备及其应用的功能。Microsoft 365 for enterprise includes features to help manage devices, and their apps, within your organization. 管理移动设备可帮助您保护组织的资源。Managing mobile devices helps you secure and protect your organization's resources.

设备管理有两个选项:There are two options for device management:

Microsoft IntuneMicrosoft Intune

可以使用 Microsoft Intune 通过移动设备管理或移动应用程序管理来管理对组织的访问权限。You can use Microsoft Intune to manage access to your organization using mobile device management or mobile application management. 移动设备管理是当用户在 Intune 中"注册"其设备时。Mobile device management is when users "enroll" their devices in Intune. 注册设备后,它是托管设备;因此,它可以接收组织的策略、规则和设置。After a device is enrolled, it is a managed device; therefore, it can receive your organization's policies, rules, and settings. 例如,你可以安装特定应用、创建密码策略、安装 VPN 连接等。For example, you can install specific apps, create a password policy, install a VPN connection, and more.

具有其自己的个人设备的用户可能不希望注册其设备或由 Intune 和组织的策略进行管理。Users with their own personal devices may not want to enroll their devices or be managed by Intune and your organization's policies. 但仍需要保护组织的资源和数据。But you still need to protect your organization's resources and data. 在此方案中,可以使用移动应用程序管理来保护应用。In this scenario, you can protect your apps using mobile application management. 例如,可以使用移动应用程序管理策略,要求用户在设备上访问 SharePoint Online 时输入 PIN。For example, you can use a mobile application management policy that requires a user to enter a PIN when accessing SharePoint Online on the device.

你还将确定如何管理个人设备和组织拥有的设备。You'll also determine how you're going to manage personal devices and organization-owned devices. 你可能希望以不同方式处理设备,具体取决于设备的用途。You might want to treat devices differently, depending on their uses.

基本移动性和安全性Basic Mobility and Security

这内置于 Microsoft 365 中,可帮助你保护和管理用户的移动设备,如 iPhone、iPad、Android 和 Windows 手机。This is built into Microsoft 365 and helps you secure and manage your users' mobile devices like iPhones, iPads, Androids, and Windows phones. 可以创建和管理设备安全策略,远程擦除设备,以及查看详细的设备报告。You can create and manage device security policies, remotely wipe a device, and view detailed device reports.

在两个选项中进行选择Choose between the two options

为了帮助你更好地评估最适合你的设备管理选项,请参阅在 基本移动性安全性和 Intune之间选择。To help you better assess which device management option is best for you, see Choose between Basic Mobility Security and Intune.

根据你的评估,开始使用:Based on your assessment, get started managing your devices with:

标识和设备访问建议Identity and device access recommendations

Microsoft 提供了一组有关身份和设备访问的建议,以确保全体员工安全且高效地工作。Microsoft provides a set of recommendations for identity and device access to ensure a secure and productive workforce. 对于设备访问,请使用以下文章中的建议和设置:For device access, use the recommendations and settings in these articles:

Contoso 如何管理 Microsoft 365 的设备How Contoso did device management for Microsoft 365

有关虚构但具有代表性的多方企业如何使用 Microsoft 365 云服务部署其移动设备管理基础结构的信息,请参阅 Contoso移动设备管理。For information about how a fictional but representative multi-national business deployed their mobile device management infrastructure with Microsoft 365 cloud services, see Mobile device management for Contoso.