Exchange Online 中的行動裝置信箱原則Mobile device mailbox policies in Exchange Online

在 Office 365 中,您可以建立行動裝置信箱原則套用至使用者的集合的一組通用原則] 或 [安全性設定。預設的每一個 Office 365 組織中建立行動裝置信箱原則。In Office 365, you can create mobile device mailbox policies to apply a common set of policies or security settings to a collection of users. A default mobile device mailbox policy is created in every Office 365 organization.

行動裝置信箱原則概述Overview of mobile device mailbox policies

您可以使用行動裝置信箱原則來管理許多不同的設定。其中包含下列各項:You can use mobile device mailbox policies to manage many different settings. These include the following:

  • 需要密碼Require a password

  • 指定密碼長度下限Specify the minimum password length

  • 允許的數字的 PIN 或需要在密碼中的特殊字元Allow a numeric PIN or require special characters in the password

  • 指定在要求使用者重新輸入密碼之前,裝置可以維持閒置的時間Designate how long a device can be inactive before requiring the user to re-enter a password

  • 在密碼錯誤幾次之後清除裝置Wipe a device after a specific number of failed password attempts

管理 Exchange ActiveSync 信箱原則Managing Exchange ActiveSync mailbox policies

可以在 Exchange 系統管理中心 (EAC) 或 Exchange 管理命令介面建立行動裝置信箱原則。如果您在 EAC 中建立的原則,您可以設定只可設定的子集。您可以設定其餘使用 Exchange 管理命令介面設定。Mobile device mailbox policies can be created in the Exchange Administration Center (EAC) or the Exchange Management Shell. If you create a policy in the EAC, you can configure only a subset of the available settings. You can configure the rest of the settings using the Exchange Management Shell.

行動裝置信箱原則設定Mobile device mailbox policy settings

下表概述您可以使用行動裝置信箱原則來指定的設定。The following table summarizes the settings you can specify using mobile device mailbox policies.

行動裝置信箱原則設定Mobile device mailbox policy settings

設定Setting 描述Description
允許 BluetoothAllow Bluetooth
此設定指定行動裝置是否允許 Bluetooth 連線。可用的選項為停用、 只顯示 HandsFree 及允許。預設值為允許。This setting specifies whether a mobile device allows Bluetooth connections. The available options are Disable, HandsFree Only, and Allow. The default value is Allow.
允許瀏覽器Allow Browser
此設定指定行動裝置上是否允許以 Pocket Internet Explorer。此設定不會影響安裝在行動裝置上的第三方瀏覽器。預設值是$trueThis setting specifies whether Pocket Internet Explorer is allowed on the mobile device. This setting doesn't affect third-party browsers installed on the mobile device. The default value is $true.
允許照相機Allow Camera
此設定指定是否可以使用行動裝置相機。預設值是$trueThis setting specifies whether the mobile device camera can be used. The default value is $true.
允許用戶電子郵件Allow Consumer EMail
此設定指定行動裝置使用者是否可以設定個人電子郵件帳戶 (POP3 或 IMAP4) 行動裝置上。預設值是$true。此設定不會控制存取權使用協力廠商的行動裝置電子郵件程式的電子郵件帳戶。This setting specifies whether the mobile device user can configure a personal email account (either POP3 or IMAP4) on the mobile device. The default value is $true. This setting doesn't control access to email accounts that are using third-party mobile device email programs.
允許桌面同步Allow Desktop Sync
此設定指定行動裝置可以同步處理與透過纜線、 Bluetooth、 電腦或 IrDA 連線。預設值是$trueThis setting specifies whether the mobile device can synchronize with a computer through a cable, Bluetooth, or IrDA connection. The default value is $true.
允許外部裝置管理Allow External Device Management
此設定指定是否允許以外部裝置管理程式來管理行動裝置。This setting specifies whether an external device management program is allowed to manage the mobile device.
允許 HTML 電子郵件Allow HTML Email
此設定會指定以 HTML 格式是否可與行動裝置同步處理的電子郵件。如果此設定設為$false,所有電子郵件轉換為純文字。This setting specifies whether email synchronized to the mobile device can be in HTML format. If this setting is set to $false, all email is converted to plain text.
允許網際網路共用Allow Internet Sharing
此設定指定是否行動裝置可以當做數據機桌面或可攜式電腦。預設值是$trueThis setting specifies whether the mobile device can be used as a modem for a desktop or a portable computer. The default value is $true.
AllowIrDAAllowIrDA
此設定指定是否可對行動裝置建立紅外線連線。This setting specifies whether infrared connections are allowed to and from the mobile device.
允許行動 OTA 更新Allow Mobile OTA Update
此設定指定是否行動裝置信箱原則設定可透過傳送至行動裝置的行動電話資料連線。預設值是$trueThis setting specifies whether the mobile device mailbox policy settings can be sent to the mobile device over a cellular data connection. The default value is $true.
允許非可提供裝置Allow non-provisionable devices
此設定指定是否允許可能無法支援所有的原則設定的應用程式的行動裝置使用 Exchange ActiveSync 連線至 Office 365。允許非可提供行動裝置有安全性含意。例如,某些非可提供裝置可能無法實作組織的密碼需求。This setting specifies whether mobile devices that may not support application of all policy settings are allowed to connect to Office 365 by using Exchange ActiveSync. Allowing non-provisionable mobile devices has security implications. For example, some non-provisionable devices may not be able to implement an organization's password requirements.
允許 POPIMAPEmailAllow POPIMAPEmail
此設定會指定使用者是否可以設定 POP3 或 IMAP4 電子郵件帳戶在行動裝置上。預設值是$true。此設定不會控制協力廠商電子郵件程式存取。This setting specifies whether the user can configure a POP3 or an IMAP4 email account on the mobile device. The default value is $true. This setting doesn't control access by third-party email programs.
允許遠端桌面Allow Remote Desktop
此設定指定行動裝置是否可以起始連線的遠端桌面連線。預設值是$trueThis setting specifies whether the mobile device can initiate a remote desktop connection. The default value is $true.
允許簡單密碼Allow simple password
此設定會啟用或停用簡單密碼 1111年或 1234年等功能。預設值是$trueThis setting enables or disables the ability to use a simple password such as 1111 or 1234. The default value is $true.
允許 S/MIME 加密演算法交涉Allow S/MIME encryption algorithm negotiation
此設定指定行動裝置上的郵件應用程式是否可以交涉加密演算法萬一收件者的憑證不支援指定的加密演算法。This setting specifies whether the messaging application on the mobile device can negotiate the encryption algorithm if a recipient's certificate doesn't support the specified encryption algorithm.
允許 S/MIME 軟體憑證Allow S/MIME software certificates
此設定指定是否允許在行動裝置上使用 S/MIME 軟體憑證。This setting specifies whether S/MIME software certificates are allowed on the mobile device.
允許儲存卡Allow storage card
此設定指定行動裝置是否可以存取儲存卡上所儲存的資訊。This setting specifies whether the mobile device can access information that's stored on a storage card.
允許簡訊Allow text messaging
此設定指定是否從行動裝置中允許的文字訊息。預設值是$trueThis setting specifies whether text messaging is allowed from the mobile device. The default value is $true.
允許未簽署的應用程式Allow unsigned applications
此設定指定是否可以在行動裝置上安裝未簽署應用程式。預設值是$trueThis setting specifies whether unsigned applications can be installed on the mobile device. The default value is $true.
允許未簽署的安裝套件Allow unsigned installation packages
此設定指定是否可以在行動裝置上執行未簽署的安裝套件。預設值是$trueThis setting specifies whether an unsigned installation package can be run on the mobile device. The default value is $true.
允許 Wi-FiAllow Wi-Fi
此設定指定行動裝置上是否允許無線網際網路存取。預設值是$trueThis setting specifies whether wireless Internet access is allowed on the mobile device. The default value is $true.
需要英數字元密碼Alphanumeric password required
此設定需要密碼包含數字和非數字字元。預設值是$trueThis setting requires that a password contains numeric and non-numeric characters. The default value is $true.
核准的應用程式清單Approved Application List
此設定儲存可以在行動行動上執行的已核准應用程式的清單。This setting stores a list of approved applications that can be run on the mobile device.
已啟用附件Attachments enabled
此設定可讓行動裝置下載附件。預設值是$trueThis setting enables attachments to be downloaded to the mobile device. The default value is $true.
已啟用裝置加密Device encryption enabled
此設定啟用行動裝置的加密功能。並非所有行動裝置都可以強制加密。如需詳細資訊,請參閱裝置和行動作業系統文件。This setting enables encryption on the mobile device. Not all mobile devices can enforce encryption. For more information, see the device and mobile operating system documentation.
裝置原則重新整理間隔Device policy refresh interval
此設定指定從伺服器傳送行動裝置信箱原則到行動裝置的頻率。This setting specifies how often the mobile device mailbox policy is sent from the server to the mobile device.
啟用的 IRMIRM enabled
此設定指定是否在行動裝置上啟用資訊版權管理 (IRM)。This setting specifies whether Information Rights Management (IRM) is enabled on the mobile device.
附件大小上限Max attachment size
此設定控制可下載至行動裝置之附件的大小上限。預設值為無限制。This setting controls the maximum size of attachments that can be downloaded to the mobile device. The default value is Unlimited.
行事曆保留篩選上限Max calendar age filter
此設定指定可與行動裝置進行同步處理的行事曆天數最大範圍。下列是公認的值:This setting specifies the maximum range of calendar days that can be synchronized to the mobile device. The following values are accepted:
全部All
OneDayOneDay
ThreeDaysThreeDays
OneWeekOneWeek
TwoWeeksTwoWeeks
OneMonthOneMonth
電子郵件保留篩選上限Max email age filter
此設定指定電子郵件項目同步至行動裝置的最多天數。下列是公認的值:This setting specifies the maximum number of days of email items to synchronize to the mobile device. The following values are accepted:
全部All
OneDayOneDay
ThreeDaysThreeDays
OneWeekOneWeek
TwoWeeksTwoWeeks
OneMonthOneMonth
電子郵件內文截斷大小上限Max email body truncation size
此設定指定電子郵件同步至行動裝置時截斷的大小上限。此值以 KB 計算。This setting specifies the maximum size at which email messages are truncated when synchronized to the mobile device. The value is in kilobytes (KB).
電子郵件 HTML 內文截斷大小上限Max email HTML body truncation size
此設定指定 HTML 電子郵件同步至行動裝置時截斷的大小上限。此值以 KB 計算。This setting specifies the maximum size at which HTML email messages are truncated when synchronized to the mobile device. The value is in kilobytes (KB).
閒置時間鎖定上限Max inactivity time lock
此設定指定行動裝置可為非使用中的時間長度,超過此時間長度則會要求輸入密碼以重新啟用行動裝置。您可以輸入介於 30 秒到 1 小時之間的任何間隔。此預設值為 15 分鐘。This value specifies the length of time that the mobile device can be inactive before a password is required to reactivate it. You can enter any interval between 30 seconds and 1 hour. The default value is 15 minutes.
密碼失敗的嘗試上限Max password failed attempts
此設定指定使用者能夠針對行動裝置嘗試輸入正確密碼的次數。您可以輸入 4 到 16 之間的任何數字。預設值為 8。This setting specifies the number of attempts a user can make to enter the correct password for the mobile device. You can enter any number from 4 through 16. The default value is 8.
最少的密碼複雜字元Min password complex characters
此設定指定行動裝置密碼中所需的複雜字元的數下限。複雜字元是不是字母字元。This setting specifies the minimum number of complex characters required in the mobile device's password. A complex character is a character that is not a letter.
最小密碼長度Min password length
此裝置指定行動裝置密碼中字元數的下限。您可以輸入 1 到 16 之間的任何數字。預設值為 4。This setting specifies the minimum number of characters in the mobile device password. You can enter any number from 1 through 16. The default value is 4.
已啟用密碼Password enabled
此設定會啟用行動裝置密碼。This setting enables the mobile device password.
密碼過期Password expiration
此設定允許系統管理員設定一段時間,超過這段時間之後必須變更行動裝置密碼。This setting enables the administrator to configure a length of time after which a mobile device password must be changed.
密碼歷程Password history
此設定指定可以儲存在使用者信箱中的先前密碼數。使用者無法再使用儲存的密碼。This setting specifies the number of past passwords that can be stored in a user's mailbox. A user can't reuse a stored password.
已啟用密碼復原Password recovery enabled
啟用此設定時,行動裝置會產生復原密碼,此密碼會傳送至伺服器。如果使用者忘記行動裝置密碼,復原密碼可用來解除鎖定行動裝置,而且可讓使用者建立新的行動裝置密碼。When this setting is enabled, the mobile device generates a recovery password that's sent to the server. If the user forgets their mobile device password, the recovery password can be used to unlock the mobile device and enable the user to create a new mobile device password.
需要裝置加密Require device encryption
此設定指定是否需要裝置加密。如果設為$true、 行動裝置必須能夠支援和實作同步處理伺服器與加密。This setting specifies whether device encryption is required. If set to $true, the mobile device must be able to support and implement encryption to synchronize with the server.
需要加密的 S/MIME 郵件Require encrypted S/MIME messages
此設定指定是否必須加密的 S/MIME 郵件。預設值是$falseThis setting specifies whether S/MIME messages must be encrypted. The default value is $false.
需要加密 S/MIME 演算法Require encryption S/MIME algorithm
此說定指定加密 S/MIME 郵件時必須使用的必要演算法。This setting specifies what required algorithm must be used when encrypting S/MIME messages.
漫遊時需要手動同步處理Require manual synchronization while roaming
此設定指定行動裝置在漫遊時是否必須手動同步處理。允許漫遊時自動同步處理通常會導致行動裝置資料計劃的資料成本大於預期。This setting specifies whether the mobile device must synchronize manually while roaming. Allowing automatic synchronization while roaming will frequently lead to larger-than-expected data costs for the mobile device data plan.
需要簽署的 S/MIME 演算法Require signed S/MIME algorithm
此設定指定簽署郵件時必須使用的必要演算法。This setting specifies what required algorithm must be used when signing a message.
需要簽署的 S/MIME 郵件Require signed S/MIME messages
此設定指定行動裝置是否必須傳送簽署的 S/MIME 郵件。This setting specifies whether the mobile device must send signed S/MIME messages.
需要儲存卡加密Require storage card encryption
此設定指定儲存卡是否必須加密。並非所有行動裝置作業系統都支援儲存卡加密。如需詳細資訊,請參閱行動裝置和行動作業系統文件。This setting specifies whether the storage card must be encrypted. Not all mobile device operating systems support storage card encryption. For more information, see your mobile device and mobile operating system documentation.
未核准的 InROM 應用程式清單Unapproved InROM application list
此設定指定無法在 ROM 中執行的應用程式清單。This setting specifies a list of applications that cannot be run in ROM.