註冊 Android 裝置Enroll Android devices

您身為 Intune 系統管理員,可管理下列 Android 裝置:As an Intune administrator, you can manage the following Android devices:

  • Android 裝置,包括 Samsung Knox Standard 裝置。Android devices, including Samsung Knox Standard devices.
  • Android 企業裝置,包括 Android 工作設定檔裝置和 Android kiosk 裝置。Android enterprise devices, including Android work profile devices and Android kiosk devices.

Intune 的多使用者管理支援執行 Samsung Knox Standard 的裝置。Devices that run Samsung Knox Standard are supported for multi-user management by Intune. 這表示使用者可以利用他們的 Azure AD 認證登入和登出裝置。This means that users can sign in and out of a device with their Azure AD credentials. 裝置不論是否處於使用狀態,都是集中管理。The device is centrally managed whether it’s in use or not. 當使用者登入時,他們可以存取應用程式,此外也可以將任何原則套用到這些應用程式。When users sign in, they have access to apps and additionally get any policies applied to them. 當使用者登出時,會清除所有應用程式資料。When users sign out, all app data is cleared.

必要條件Prerequisite

若要準備管理行動裝置,您必須將行動裝置管理 (MDM) 授權單位設定為 Microsoft IntuneTo prepare to manage mobile devices, you must set the mobile device management (MDM) authority to Microsoft Intune. 請參閱設定 MDM 授權單以取得相關指示。See Set the MDM authority for instructions. 此項目只會設定一次,也就是第一次為行動裝置管理設定 Intune 之時。You set this item only once, when you are first setting up Intune for mobile device management.

設定 Android 註冊Set up Android enrollment

根據預設,Intune 允許註冊 Android 和 Samsung Knox Standard 裝置。By default, Intune allows enrollment of Android and Samsung Knox Standard devices. 滿足必要條件之後,系統管理員只需要告訴他們的使用者如何註冊其裝置After fullfilling the prerequisite, admins merely need to tell their users how to enroll their devices.

使用者註冊之後,您就可以開始管理其在 Intune 中的裝置,包括指派合規性原則管理應用程式等等。After a user has enrolled, you can begin managing their devices in Intune, including assigning compliance policies, managing apps, and more.

如需其他使用者工作的資訊,請參閱下列文章:For information about other user tasks, see these articles:

若要封鎖 Android 裝置,或者僅封鎖註冊個人擁有的 Android 裝置,請參閱Set device type restrictions (設定裝置類型限制)。To block Android devices, or to block only personally owned Android devices from enrollment, see Set device type restrictions.

設定 Android 企業註冊Set up Android enterprise enrollment

Android 企業是一組 Android 裝置功能與服務,可將個人應用程式與資料和包含公司應用程式與資料的公司設定檔分隔開來。Android enterprise is a set of Android device features and services that separate personal apps and data from a work profile containing work apps and data. Android 企業裝置,包括工作設定檔裝置和 kiosk 裝置。Android enterprise devices include work profile devices and kiosk devices.

若要設定 Android 企業裝置的註冊,您必須先將 Android 企業連線至 IntuneTo set up enrollment for Android enterprise devices, you must first connect Android enterprise to Intune. 完成此步驟之後,您可以:After completing this step, you can:

設定 Android 工作設定檔註冊 設定 Android kiosk 註冊Set up Android work profile enrollments Set up Android kiosk enrollments

註冊 Samsung Knox 裝置時的使用者體驗End user experience when enrolling a Samsung Knox device

註冊 Samsung Knox 裝置時,有數個考量:There are several considerations when enrolling Samsung Knox devices:

  • 即使沒有任何原則要求 PIN,裝置仍然必須至少有一個四位數的 PIN,才能註冊。Even if no policies require a PIN, the device must have at least a four-digit PIN to enroll. 如果裝置沒有 PIN,系統就會提示使用者建立一個 PIN。If the device does not have a PIN, the user will be prompted to create one.
  • Workplace Join 憑證 (WPJ) 沒有任何使用者互動。There is no user interaction for Workplace Join Certificates (WPJ).
  • 系統會向使用者提示「服務註冊」資訊及應用程式所能執行的動作。The user is prompted with Service Enrollment info and what the app can do.
  • 系統會向使用者提示「Knox 註冊」資訊及 Knox 所能執行的動作。The user is prompted with Knox Enrollment info and what Knox can do.
  • 如果實施「加密原則」,使用者就必須設定一個六字元複雜密碼來作為裝置密碼。If an Encryption Policy is enforced, users are required to set a six Character Complex password for the device passcode.
  • 沒有任何額外的使用者提示來安裝服務針對「公司資源存取」推播的憑證。There are no additional user prompts to install certificates pushed by a service for Company Resource Access.
  • 有些舊版 Knox 裝置會提示使用者提供用於「公司資源存取」的額外憑證。Some older Knox devices will prompt the user for additional certificates used for Company Resource Access.
  • 如果 Samsung Mini 裝置因發生找不到憑證無法註冊裝置錯誤而無法安裝 WPJ,請安裝最新的「Samsung 韌體更新」。If a Samsung Mini device fails to install the WPJ with either the Certificate Not Found or Unable to Register Device errors, install the latest Samsung Firmware Updates.