Azure Active Directory 使用規定Azure Active Directory terms of use

Azure AD 使用規定提供簡單的方法,組織可以使用來呈現給終端使用者的資訊。Azure AD terms of use provides a simple method that organizations can use to present information to end users. 此呈現可確保使用者看到合法或合規性需求的相關免責聲明。This presentation ensures users see relevant disclaimers for legal or compliance requirements. 本文說明如何開始使用的使用規定。This article describes how to get started with terms of use.

注意

本文提供如何從裝置或服務上刪除個人資料的步驟,而且可以用來支援 GDPR 的義務。This article provides steps for how to delete personal data from the device or service and can be used to support your obligations under the GDPR. 如果您想要尋找有關 GDPR 的一般資訊,請參閱 Service Trust 入口網站的 GDPR 區段If you’re looking for general info about GDPR, see the GDPR section of the Service Trust portal.

概觀影片Overview videos

下列影片提供使用規定的快速概觀。The following video provides a quick overview of terms of use.

如需其他影片,請參閱:For additional videos, see:

我可以使用規定用來做什麼?What can I do with terms of use?

Azure AD 使用規定具有下列功能:Azure AD terms of use has the following capabilities:

  • 需要接受才能存取的使用規定的員工或來賓。Require employees or guests to accept your terms of use before getting access.
  • 需要接受您的每個裝置上使用,才能存取條款的員工或來賓。Require employees or guests to accept your terms of use on every device before getting access.
  • 需要接受其按照週期性排程的使用規定的員工或來賓。Require employees or guests to accept your terms of use on a recurring schedule.
  • 需要接受之前註冊安全性資訊在 Azure Multi-factor Authentication (MFA) 的使用規定的員工或來賓。Require employees or guests to accept your terms of use prior to registering security information in Azure Multi-Factor Authentication (MFA).
  • 要求員工在接受之前在 Azure AD 自助式密碼重設 (SSPR) 註冊安全性資訊的使用規定。Require employees to accept your terms of use prior to registering security information in Azure AD self-service password reset (SSPR).
  • 出現的一般使用規定您的組織中的所有使用者。Present general terms of use for all users in your organization.
  • 顯示特定使用者屬性 (例如為基礎的使用規定Present specific terms of use based on a user attributes (ex. 醫生與護士或國內員工與國際員工,透過使用動態群組完成)。doctors vs nurses or domestic vs international employees, by using dynamic groups).
  • 存取高商業影響應用程式,例如 Salesforce 時所提供特定使用的規定。Present specific terms of use when accessing high business impact applications, like Salesforce.
  • 以不同語言表示使用的規定。Present terms of use in different languages.
  • 有或沒有接受使用規定的清單。List who has or hasn't accepted to your terms of use.
  • 協助符合隱私權法規。Assist in meeting privacy regulations.
  • 顯示條款使用活動的符合性與稽核記錄的檔。Display a log of terms of use activity for compliance and audit.
  • 建立和管理使用使用中的條款Microsoft Graph Api (目前處於預覽狀態)。Create and manage terms of use using Microsoft Graph APIs (currently in preview).

必要條件Prerequisites

若要使用及設定 Azure AD 使用規定,您必須:To use and configure Azure AD terms of use, you must have:

  • Azure AD Premium P1、P2、EMS E3 或 EMS E5 訂用帳戶。Azure AD Premium P1, P2, EMS E3, or EMS E5 subscription.
  • 下列其中一個管理帳戶,將用於您要設定的目錄:One of the following administrator accounts for the directory you want to configure:
    • 全域管理員Global Administrator
    • 安全性系統管理員Security Administrator
    • 條件式存取系統管理員Conditional Access Administrator

使用規定文件Terms of use document

Azure AD 使用規定使用 PDF 格式來呈現內容。Azure AD terms of use uses the PDF format to present content. 此 PDF 檔案可以是任何內容 (例如現有的合約文件) 可讓您在使用者登入期間收集終端使用者合約。The PDF file can be any content, such as existing contract documents, allowing you to collect end-user agreements during user sign-in. 若要支援行動裝置上的使用者,建議在 PDF 中使用 24 點的字型大小。To support users on mobile devices, the recommended font size in the PDF is 24 point.

新增使用規定Add terms of use

一旦完成您使用文件的條款,請使用下列程序將它加入。Once you have finalized your terms of use document, use the following procedure to add it.

  1. 以全域管理員、安全性系統管理員或條件式存取系統管理員的身分登入 Azure。Sign in to Azure as a Global Administrator, Security Administrator, or Conditional Access Administrator.

  2. 瀏覽至 https://aka.ms/catou 上的 [使用規定] 。Navigate to Terms of use at https://aka.ms/catou.

    [使用規定] 刀鋒視窗

  3. 按一下 [新增規定] 。Click New terms.

    新增 TOU

  4. 名稱方塊中,輸入將使用的使用規定的名稱在 Azure 入口網站中。In the Name box, enter a name for the terms of use that will be used in the Azure portal.

  5. 在 [顯示名稱] 方塊中,輸入使用者在登入時會看見的標題。In the Display name box, enter a title that users see when they sign in.

  6. 針對使用規定文件,瀏覽至您最終使用規定 PDF 並加以選取。For Terms of use document, browse to your finalized terms of use PDF and select it.

  7. 選取您使用規定文件的語言。Select the language for your terms of use document. 語言選項可讓您上傳多個使用規定,各有不同的語言。The language option allows you to upload multiple terms of use, each with a different language. 終端使用者會看到的使用規定版本將以其瀏覽器喜好設定為基礎。The version of the terms of use that an end user will see will be based on their browser preferences.

  8. 若要要求若要檢視使用規定再接受它們的使用者,設定要求使用者展開使用規定To require end users to view the terms of use prior to accepting them, set Require users to expand the terms of use to On.

  9. 若要要求使用者接受從存取每個裝置上的使用規定,設定要求每個裝置上同意的使用者To require end users to accept your terms of use on every device they are accessing from, set Require users to consent on every device to On. 如需詳細資訊,請參閱 < 每一裝置的使用規定For more information, see Per-device terms of use.

  10. 如果您想要到期的排程同意使用條款,設定到期同意If you want to expire terms of use consents on a schedule, set Expire consents to On. 設定為 [開啟] 時,系統會顯示兩個額外的排程設定。When set to On, two additional schedule settings are displayed.

    到期同意

  11. 使用到期時間起頻率設定,以指定的排程中的條款使用到期時間。Use the Expire starting on and Frequency settings to specify the schedule for terms of use expirations. 下表會顯示幾個範例設定的結果:The following table shows the result for a couple of example settings:

    到期生效時間Expire starting on 頻率Frequency 結果Result
    今天的日期Today's date 每月Monthly 從現在開始,使用者必須接受使用規定,並再接受每個月。Starting today, users must accept the terms of use and then reaccept every month.
    未來的日期Date in the future 每月Monthly 從現在開始,使用者必須接受使用規定。Starting today, users must accept the terms of use. 抵達未來的日期時,同意將會到期,且使用者必須於每個月重新接受。When the future date occurs, consents will expire and then users must reaccept every month.

    例如,如果您將 [到期生效時間] 設定為 [1 月 1 日] ,並將 [頻率] 設定為 [每月] ,則下列兩個使用者所遇到的到期方式將如下所示:For example, if you set the expire starting on date to Jan 1 and frequency to Monthly, here is how expirations might occur for two users:

    使用者User 第一次接受日期First accept date 第一次到期日期First expire date 第二次到期日期Second expire date 第三次到期日期Third expire date
    AliceAlice 1 月 1 日Jan 1 2 月 1 日Feb 1 3 月 1 日Mar 1 4 月 1 日Apr 1
    BobBob 1 月 15 日Jan 15 2 月 1 日Feb 1 3 月 1 日Mar 1 4 月 1 日Apr 1
  12. 使用 持續時間之前重新接受需要 (天) 設定來指定使用者必須接受使用規定之前的天數。Use the Duration before re-acceptance requires (days) setting to specify the number of days before the user must reaccept the terms of use. 這可讓使用者遵循自己的排程。This allows users to follow their own schedule. 例如,如果您將期間設定為 30 天,則下列兩個使用者所遇到的到期方式將如下所示:For example, if you set the duration to 30 days, here is how expirations might occur for two users:

    使用者User 第一次接受日期First accept date 第一次到期日期First expire date 第二次到期日期Second expire date 第三次到期日期Third expire date
    AliceAlice 1 月 1 日Jan 1 1 月 31 日Jan 31 3 月 2 日Mar 2 4 月 1 日Apr 1
    BobBob 1 月 15 日Jan 15 2 月 14 日Feb 14 3 月 16 日Mar 16 4 月 15 日Apr 15

    您可以同時使用 [到期同意] 和 [需要重新接受之前的期間 (天)] 設定,但通常您只會使用其中一個。It is possible to use the Expire consents and Duration before re-acceptance requires (days) settings together, but typically you use one or the other.

  13. 底下條件式存取,使用強制使用條件式存取原則範本清單中選取的範本,以強制執行的使用規定。Under Conditional Access, use the Enforce with Conditional Access policy template list to select the template to enforce the terms of use.

    條件式存取範本

    範本Template 描述Description
    所有來賓的雲端應用程式存取權Access to cloud apps for all guests 條件式存取原則會建立所有來賓和所有雲端應用程式。A Conditional Access policy will be created for all guests and all cloud apps. 此原則會影響 Azure 入口網站。This policy impacts the Azure portal. 建立此原則之後,您可能需要登出然後再登入。Once this is created, you might be required to sign-out and sign-in.
    所有使用者的雲端應用程式存取權Access to cloud apps for all users 條件式存取原則會建立所有使用者和所有雲端應用程式。A Conditional Access policy will be created for all users and all cloud apps. 此原則會影響 Azure 入口網站。This policy impacts the Azure portal. 建立此原則之後,您必須登出然後再登入。Once this is created, you will be required to sign-out and sign-in.
    自訂原則Custom policy 選取使用者、 群組,以及使用此規定將會套用到的應用程式。Select the users, groups, and apps that this terms of use will be applied to.
    稍後建立條件式存取原則Create Conditional Access policy later 當建立條件式存取原則授與控制項清單就會出現此使用條款。This terms of use will appear in the grant control list when creating a Conditional Access policy.

    重要

    條件式存取原則可控制 (包括使用條款) 不支援強制服務帳戶。Conditional Access policy controls (including terms of use) do not support enforcement on service accounts. 我們建議您排除條件式存取原則中的所有服務帳戶。We recommend excluding all service accounts from the Conditional Access policy.

    自訂的條件式存取原則可讓細微使用條款,向特定的雲端應用程式或使用者群組。Custom Conditional Access policies enable granular terms of use, down to a specific cloud application or group of users. 如需詳細資訊,請參閱快速入門:必須接受使用規定才可存取雲端應用程式For more information, see Quickstart: Require terms of use to be accepted before accessing cloud apps.

  14. 按一下頁面底部的 [新增] 。Click Create.

    如果您選取自訂的條件式存取範本,然後新畫面隨即出現,可讓您建立自訂的條件式存取原則。If you selected a custom Conditional Access template, then a new screen appears that allows you to create the custom Conditional Access policy.

    自訂原則

    現在,您應該會看到新使用規定。You should now see your new terms of use.

    新增 TOU

檢視已接受和已拒絕的人員報表View report of who has accepted and declined

[使用規定] 刀鋒視窗會顯示已接受和已拒絕的使用者計數。The Terms of use blade shows a count of the users who have accepted and declined. 這些計數和人員接受/拒絕會儲存生命週期的使用規定。These counts and who accepted/declined are stored for the life of the terms of use.

  1. 登入 Azure 並瀏覽至 https://aka.ms/catou 上的 [使用規定] 。Sign in to Azure and navigate to Terms of use at https://aka.ms/catou.

    [使用規定] 刀鋒視窗

  2. 使用規定,請按一下下方的數字Accepted或是已拒絕若要檢視使用者的目前狀態。For a terms of use, click the numbers under Accepted or Declined to view the current state for users.

    針對使用規定的同意

  3. 若要檢視個別使用者的歷程記錄,請按一下省略符號 ( ... ),然後按一下 [檢視記錄] 。To view the history for an individual user, click the ellipsis (...) and then View History.

    [檢視記錄] 功能表

    在 [檢視記錄] 窗格中,您可以看見所有接受、拒絕及到期的歷程記錄。In the view history pane, you see a history of all the accepts, declines, and expirations.

    [檢視記錄] 窗格

檢視 Azure AD 稽核記錄View Azure AD audit logs

如果您想要檢視其他的活動,Azure AD 使用規定會包含稽核記錄檔。If you want to view additional activity, Azure AD terms of use includes audit logs. 使用者每次同意時都會觸發稽核記錄事件,並將儲存 30 天Each user consent triggers an event in the audit logs that is stored for 30 days. 您可以在入口網站中檢視這些記錄或將其下載為 .csv 檔案。You can view these logs in the portal or download as a .csv file.

若要開始使用 Azure AD 稽核記錄,請使用下列程序:To get started with Azure AD audit logs, use the following procedure:

  1. 登入 Azure 並瀏覽至 https://aka.ms/catou 上的 [使用規定] 。Sign in to Azure and navigate to Terms of use at https://aka.ms/catou.

  2. 選取 使用規定。Select a terms of use.

  3. 按一下 [檢視稽核記錄] 。Click View audit logs.

    [使用規定] 刀鋒視窗

  4. 在 Azure AD 稽核記錄畫面上,您可以使用提供的清單來篩選資訊,以找出特定的稽核記錄資訊。On the Azure AD audit logs screen, you can filter the information using the provided lists to target specific audit log information.

    您也可以按一下 [下載] ,將資訊下載成 .csv 檔案,以在本機中使用。You can also click Download to download the information in a .csv file for use locally.

    稽核記錄

    如果您按一下某個記錄,螢幕會出現具有額外活動詳細資料的窗格。If you click a log, a pane appears with additional activity details.

    活動詳細資料

使用者的使用條款看起來像What terms of use looks like for users

一旦建立並強制執行使用規定,使用者會在範圍內,會在登入時看到下列畫面。Once a terms of use is created and enforced, users, who are in scope, will see the following screen during sign-in.

使用者網頁登入

使用者可以檢視使用規定,如果有必要,請使用按鈕來放大和縮小。Users can view the terms of use and, if necessary, use buttons to zoom in and out.

檢視與縮放按鈕的使用規定

下列畫面顯示使用規定行動裝置上的外觀。The following screen shows how terms of use looks on mobile devices.

使用者行動裝置登入

使用者只需要接受使用條款之後,它們將不會看到的使用規定再次後續的登入。Users are only required to accept the terms of use once and they will not see the terms of use again on subsequent sign-ins.

使用者可以列印文件的檢閱,請使用其規定How users can review their terms of use

使用者可以檢閱,並查看他們已使用下列程序接受使用規定。Users can review and see the terms of use that they have accepted by using the following procedure.

  1. 登入 https://myapps.microsoft.comSign in to https://myapps.microsoft.com.

  2. 在右上角,按一下您的名稱並選取 [設定檔] 。In the upper right corner, click your name and select Profile.

    設定檔

  3. 在您的設定檔頁面上,按一下 [檢閱使用規定] 。On your Profile page, click Review terms of use.

    設定檔 - 檢閱使用規定

  4. 您可以在此檢閱您已接受的使用規定。From there, you can review the terms of use you have accepted.

編輯使用規定詳細資料Edit terms of use details

您可以編輯使用條款的一些詳細資料,但您無法修改現有的文件。You can edit some details of terms of use, but you can't modify an existing document. 下列程序說明如何編輯詳細資料。The following procedure describes how to edit the details.

  1. 登入 Azure 並瀏覽至 https://aka.ms/catou 上的 [使用規定] 。Sign in to Azure and navigate to Terms of use at https://aka.ms/catou.

  2. 選取您想要編輯的使用規定。Select the terms of use you want to edit.

  3. 按一下 [編輯使用規定] 。Click Edit terms.

  4. 在 [編輯使用規定] 窗格中,變更名稱、顯示名稱,或要求使用者展開值。In the Edit terms of use pane, change the name, display name, or require users to expand values.

    如果您想要變更,例如 PDF 文件的其他設定要求使用者同意每個裝置上,過期同意、 持續時間 reacceptance 或之前的條件式存取原則,您必須建立新的使用條款。If there are other settings you would like to change, such as PDF document, require users to consent on every device, expire consents, duration before reacceptance, or Conditional Access policy, you must create a new terms of use.

    編輯使用規定

  5. 按一下 [確定] 儲存變更。Click Save to save your changes.

    儲存您的變更後,使用者將不需要重新接受這些編輯後的規定。Once you save your changes, users will not have to reaccept these edits.

將使用語言的詞彙Add a terms of use language

下列程序描述如何將使用語言的詞彙。The following procedure describes how to add a terms of use language.

  1. 登入 Azure 並瀏覽至 https://aka.ms/catou 上的 [使用規定] 。Sign in to Azure and navigate to Terms of use at https://aka.ms/catou.

  2. 選取您想要編輯的使用規定。Select the terms of use you want to edit.

  3. 在 [詳細資料] 窗格中,按一下 [語言] 索引標籤。In the details pane, click the Languages tab.

    新增 TOU

  4. 按一下 [新增語言] 。Click Add language.

  5. 在 [新增使用規定語言] 窗格中,上傳當地語系化的 PDF 並選取的語言。In the Add terms of use language pane, upload your localized PDF and select the language.

    新增 TOU

  6. 按一下 [新增] 來新增語言。Click Add to add the language.

每一裝置的使用規定Per-device terms of use

使用者必須同意每個裝置上設定可讓您要求使用者接受從存取每個裝置上的使用規定。The Require users to consent on every device setting enables you to require end users to accept your terms of use on every device they are accessing from. 使用者必須在 Azure AD 中加入其裝置。The end user will be required to join their device in Azure AD. 當已加入裝置時,裝置識別碼用來強制執行的每個裝置上的使用規定。When the device is joined, the device ID is used to enforce the terms of use on each device.

以下是支援的平台與軟體清單。Here is a list of the supported platforms and software.

iOSiOS AndroidAndroid Windows 10Windows 10 其他Other
原生應用程式Native app Yes Yes Yes
Microsoft EdgeMicrosoft Edge Yes Yes Yes
Internet ExplorerInternet Explorer Yes Yes Yes
Chrome (搭配擴充功能)Chrome (with extension) Yes Yes Yes

每一裝置的使用規定會有下列限制:Per-device terms of use has the following constraints:

  • 一部裝置只能加入至單一租用戶。A device can only be joined to one tenant.
  • 使用者必須具有加入其裝置的權限。A user must have permissions to join their device.
  • 不支援「Intune 註冊」應用程式。The Intune Enrollment app is not supported.
  • 不支援 azure AD B2B 使用者。Azure AD B2B users are not supported.

如果使用者的裝置未加入,他們將會收到要求加入其裝置的訊息。If the user's device is not joined, they will receive a message that they need to join their device. 使用者的體驗將取決於平台和軟體。Their experience will be dependent on the platform and software.

加入 Windows 10 裝置Join a Windows 10 device

如果使用者是使用 Windows 10 和 Microsoft Edge,他們將會收到類似下列的訊息以加入其裝置If a user is using Windows 10 and Microsoft Edge, they will receive a message similar to the following to join their device.

Windows 10 和 Microsoft Edge - 加入裝置提示

如果他們是使用 Chrome,系統將會提示他們安裝 Windows 10 Accounts 擴充功能 (英文)。If they are using Chrome, they will be prompted to install the Windows 10 Accounts extension.

瀏覽器Browsers

如果使用者是使用不支援的瀏覽器,系統將會提示他們使用其他瀏覽器。If a user is using browser that is not supported, they will be asked to use a different browser.

不支援的瀏覽器

刪除使用規定Delete terms of use

您可以刪除舊的使用下列程序的使用規定。You can delete old terms of use using the following procedure.

  1. 登入 Azure 並瀏覽至 https://aka.ms/catou 上的 [使用規定] 。Sign in to Azure and navigate to Terms of use at https://aka.ms/catou.

  2. 選取您想要移除的使用規定。Select the terms of use you want to remove.

  3. 按一下 [刪除規定] 。Click Delete terms.

  4. 出現詢問您是否要繼續的訊息時,請按一下 [是] 。In the message that appears asking if you want to continue, click Yes.

    刪除使用規定

    您應該不會再看到使用規定。You should no longer see your terms of use.

已刪除的使用者與使用規定Deleted users and active terms of use

根據預設,已刪除的使用者會在 Azure AD 中以已刪除的狀態保留 30 天,在這段期間內,系統管理員可以視需要加以還原。By default, a deleted user is in a deleted state in Azure AD for 30 days, during which time they can be restored by an administrator if necessary. 經過 30 天後,該使用者將永久刪除。After 30 days, that user is permanently deleted. 此外,全域管理員可以使用 Azure Active Directory 入口網站,在該時段結束之前明確地永久刪除最近刪除的使用者In addition, using the Azure Active Directory portal, a Global Administrator can explicitly permanently delete a recently deleted user before that time period is reached. 其中一個使用者已永久刪除,該使用者相關的後續資料將會移除從作用中的使用規定。One a user has been permanently deleted, subsequent data about that user will be removed from the active terms of use. 與已刪除的使用者有關的稽核資訊仍會保留在稽核記錄中。Audit information about deleted users remains in the audit log.

原則變更Policy changes

條件式存取原則會立即生效。Conditional Access policies take effect immediately. 當此情況發生時,系統管理員便會開始看到「悲傷雲端」或「Azure AD 權杖問題」。When this happens, the administrator will start to see “sad clouds” or "Azure AD token issues". 系統管理員必須登出並再次登入,才能符合新的原則。The administrator must sign out and sign in again in order to satisfy the new policy.

重要

如果情況如下,範圍中的使用者必須登出並登入,才能符合新的原則:Users in scope will need to sign-out and sign-in in order to satisfy a new policy if:

  • 已啟用條件式存取原則上的使用規定a Conditional Access policy is enabled on a terms of use
  • 或建立第二個使用條款or a second terms of use is created

B2B 來賓 (預覽)B2B guests (Preview)

大部分的組織有一個程序為其員工同意其組織的規定與隱私權聲明。Most organizations have a process in place for their employees to consent to their organization's terms of use and privacy statements. 但在 Azure AD 企業對企業 (B2B) 來賓透過 SharePoint 或 Teams 新增的情況下,您要如何強制執行相同的同意程序呢?But how can you enforce the same consents for Azure AD business-to-business (B2B) guests when they're added via SharePoint or Teams? 使用條件式存取和使用規定,您可以強制執行原則,以直接針對 B2B 來賓使用者。Using Conditional Access and terms of use, you can enforce a policy directly towards B2B guest users. 邀請兌換在流程期間,使用者會看到與使用規定。During the invitation redemption flow, the user is presented with the terms of use. 這項支援目前只能預覽。This support is currently in preview.

使用規定只會在使用者於 Azure AD 中具有來賓帳戶的情況下顯示。Terms of use will only be displayed when the user has a guest account in Azure AD. SharePoint Online 目前有臨機操作外部共用收件者經驗共用文件或不需要使用者具有來賓帳戶的資料夾。SharePoint Online currently has an ad hoc external sharing recipient experience to share a document or a folder that does not require the user to have a guest account. 在此情況下,不會顯示使用規定。In this case, a terms of use is not displayed.

所有來賓使用者

針對雲端應用程式的支援 (預覽)Support for cloud apps (Preview)

使用規定可以用於不同的雲端應用程式,例如 Azure 資訊保護和 Microsoft Intune。Terms of use can be used for different cloud apps, such as Azure Information Protection and Microsoft Intune. 這項支援目前只能預覽。This support is currently in preview.

Azure 資訊保護Azure Information Protection

您可以設定 Azure 資訊保護應用程式的條件式存取原則,並要求使用規定,當使用者存取受保護的文件。You can configure a Conditional Access policy for the Azure Information Protection app and require a terms of use when a user accesses a protected document. 這會觸發在使用者第一次存取受保護的文件之前的使用規定。This will trigger a terms of use prior to a user accessing a protected document for the first time.

Azure 資訊保護雲端應用程式

Microsoft Intune 註冊Microsoft Intune Enrollment

您可以設定 Microsoft Intune 註冊應用程式的條件式存取原則,並要求在 Intune 中的裝置註冊之前的使用規定。You can configure a Conditional Access policy for the Microsoft Intune Enrollment app and require a terms of use prior to the enrollment of a device in Intune. 如需詳細資訊,請參閱為您組織的部落格文章選擇正確的規定解決方案 (英文)。For more information, see the Read Choosing the right Terms solution for your organization blog post.

Microsoft Intune 雲端應用程式

注意

Intune 註冊應用程式不支援每一裝置的使用規定The Intune Enrollment app is not supported for Per-device terms of use.

常見問題集Frequently asked questions

问:如何查看何時或是否使用者已接受使用規定?Q: How do I see when/if a user has accepted a terms of use?
答:在 [使用規定] 刀鋒視窗上,按一下 [已接受] 底下的數字。A: On the Terms of use blade, click the number under Accepted. 您也可以檢視或搜尋 Azure AD 稽核記錄中的接受活動。You can also view or search the accept activity in the Azure AD audit logs. 如需詳細資訊,請參閱檢視已接受和已拒絕的人員報表和檢視 Azure AD 稽核記錄For more information, see View report of who has accepted and declined and View Azure AD audit logs.

问:資訊會儲存多久時間?Q: How long is information stored?
答:使用者計算中使用的報表和人員接受/拒絕使用規定的存留期間儲存中的條款。A: The user counts in the terms of use report and who accepted/declined are stored for the life of the terms of use. Azure AD 稽核記錄會儲存 30 天。The Azure AD audit logs are stored for 30 days.

问:為什麼看到稽核記錄檔不同數目的同意在使用的報表,與 Azure AD 中的條款?Q: Why do I see a different number of consents in the terms of use report vs. the Azure AD audit logs?
答:使用報表中的條款會儲存該規定,在 Azure AD 稽核記錄檔會儲存 30 天的存留期。A: The terms of use report is stored for the lifetime of that terms of use, while the Azure AD audit logs are stored for 30 days. 此外,使用的報表中的條款只會顯示目前使用者的同意狀態。Also, the terms of use report only displays the users current consent state. 例如,如果使用者拒絕,然後接受,使用的報表中的條款將只會顯示該使用者的接受。For example, if a user declines and then accepts, the terms of use report will only show that user's accept. 如果您需要查看歷程記錄,您可以使用 Azure AD 稽核記錄。If you need to see the history, you can use the Azure AD audit logs.

问:如果我編輯使用規定詳細資料,不會要求使用者重新接受?Q: If I edit the details for a terms of use, does it require users to accept again?
答:否,如果系統管理員編輯使用規定詳細資料 (名稱、 顯示名稱、 要求使用者展開,或新增的語言),它不需要使用者重新接受新規定。A: No, if an administrator edits the details for a terms of use (name, display name, require users to expand, or add a language), it does not require users to reaccept the new terms.

问:我是否可以更新現有的條款使用文件?Q: Can I update an existing terms of use document?
答:目前,您無法更新現有的條款使用文件。A: Currently, you can't update an existing terms of use document. 若要變更使用規定文件,您必須建立新的條款使用執行個體。To change a terms of use document, you will have to create a new terms of use instance.

问:使用規定 PDF 文件中的超連結時,將終端使用者能夠按一下這些嗎?Q: If hyperlinks are in the terms of use PDF document, will end users be able to click them?
答:PDF 預設會以 JPEG 形式呈現,因此無法點選超連結。A: The PDF is rendered by default as a JPEG, so hyperlinks are not clickable. 使用者可以選取檢視時發生問題嗎?請按一下這裡的選項,這樣就會以原生方式呈現支援超連結的 PDF。Users have the option to select Having trouble viewing? Click here, which renders the PDF natively where hyperlinks are supported.

问:使用規定可支援多種語言?Q: Can a terms of use support multiple languages?
答:是。A: Yes. 目前有 108 不同的語言,系統管理員可以設定單一使用規定。Currently there are 108 different languages an administrator can configure for a single terms of use. 系統管理員可以上傳多個 PDF 文件,並以相對應的語言 (最多 108 個) 標記那些文件。An administrator can upload multiple PDF documents and tag those documents with a corresponding language (up to 108). 當使用者登入時,我們會查看其瀏覽器語言偏好設定,並顯示相符的文件。When end users sign in, we look at their browser language preference and display the matching document. 如果沒有相符項目,我們將會顯示預設文件,也就是第一個上傳的文件。If there is no match, we will display the default document, which is the first document that is uploaded.

问:何時觸發使用規定?Q: When is the terms of use triggered?
答:登入體驗期間,會觸發使用規定。A: The terms of use is triggered during the sign-in experience.

问:哪些應用程式可以設為目標來使用規定?Q: What applications can I target a terms of use to?
答:您可以建立條件式存取原則使用新式驗證的企業應用程式。A: You can create a Conditional Access policy on the enterprise applications using modern authentication. 如需詳細資訊,請參閱企業應用程式For more information, see enterprise applications.

问:可以指定的使用者或應用程式新增多個使用規定嗎?Q: Can I add multiple terms of use to a given user or app?
答:是,藉由建立這些群組或應用程式為目標的多個條件式存取原則。A: Yes, by creating multiple Conditional Access policies targeting those groups or applications. 如果使用者落在範圍內的多個使用規定,它們會接受一個一次的使用規定。If a user falls in scope of multiple terms of use, they accept one terms of use at a time.

问:如果使用者拒絕使用規定,會發生什麼事?Q: What happens if a user declines the terms of use?
答:使用者會被封鎖而無法存取應用程式。A: The user is blocked from getting access to the application. 使用者必須再次登入並同意規定,才能取得存取權。The user would have to sign in again and accept the terms in order to get access.

问:是否可以 unaccept 先前已接受的使用規定?Q: Is it possible to unaccept a terms of use that was previously accepted?
答:您可以檢閱先前接受使用規定,但目前沒有辦法 unaccept。A: You can review previously accepted terms of use, but currently there isn't a way to unaccept.

问:如果同時使用 Intune 條款及條件,會發生什麼事?Q: What happens if I'm also using Intune terms and conditions?
答:如果您已設定這兩個 Azure AD 使用規定及Intune 條款和條件,使用者必須接受兩者。A: If you have configured both Azure AD terms of use and Intune terms and conditions, the user will be required to accept both. 如需詳細資訊,請參閱為您組織的部落格文章選擇正確的條款解決方案 (英文)。For more information, see the Choosing the right Terms solution for your organization blog post.

问:使用服務合約會使用哪些端點進行驗證?Q: What endpoints does the terms of use service use for authentication?
答:使用規定會利用下列端點進行驗證: https://tokenprovider.termsofuse.identitygovernance.azure.comhttps://account.activedirectory.windowsazure.comA: Terms of use utilizes the following endpoints for authentication: https://tokenprovider.termsofuse.identitygovernance.azure.com and https://account.activedirectory.windowsazure.com. 如果您的組織已註冊的允許清單的 Url,您必須新增這些端點,以您的允許清單,以及 Azure AD 端點的登入。If your organization has an allow list of URLs for enrollment, you will need to add these endpoints to your allow list, along with the Azure AD endpoints for sign in.

後續步驟Next steps