為受管理的 Android 裝置新增應用程式設定原則Add app configuration policies for managed Android devices

在 Microsoft Intune 中使用應用程式設定原則,以提供 Android 工作設定檔應用程式的設定。Use app configuration policies in Microsoft Intune to supply settings to Android work profile apps. 應用程式開發人員必須公開 Android 受控應用程式組態設定,才能為該應用程式指定組態設定。The app developer must expose Android managed app configuration settings in order to specify configuration settings for the app. 請將應用程式設定原則指派給您想要套用設定的使用者群組。Assign the app configuration policy to the user group for which you want the settings to apply. 每當應用程式檢查是否有原則設定時 (通常是第一次執行時),便會使用這些原則設定。The policy settings are used when the app checks for them, typically the first time it is run.

注意

並非每個應用程式都支援應用程式設定。Not every app supports app configuration. 請連絡應用程式開發人員,以了解他們建置的應用程式是否支援應用程式設定原則。Check with the app developer to see whether they have built their app to support app configuration policies.

  1. 登入 Azure 入口網站Sign into the Azure portal.
  2. 選擇 [All services] (所有服務) > [Intune]。Choose All services > Intune. Intune 位於 [監視 + 管理] 區段。Intune is located in the Monitoring + Management section.
  3. 選擇 [Mobile Apps] 工作負載。Choose the Mobile apps workload.
  4. 選擇 [管理] 群組中的 [應用程式設定原則],然後選擇 [新增]。Choose App configuration policies in the Manage group, and then choose Add.
  5. 使用下列詳細資料:Set the following details:
    • 名稱 - 將在 Azure 入口網站中顯示的設定檔名稱。Name - The name of the profile that will appear in the Azure portal.
    • 描述 - 將在 Azure 入口網站中顯示的設定檔描述。Description - The description of the profile that will appear in the Azure portal.
    • 裝置註冊類型 - 選擇 [受控裝置]。Device enrollment type - Choose Managed devices.
  6. 為 [平台] 選取 [Android]。Select Android for Platform.
  7. 選取 [相關聯的應用程式] 選擇您要定義應用程式設定原則的應用程式。Select Associated App to choose the app for which you want to define an app configuration policy. 從 Android 工作設定檔應用程式清單中選取您已經使用 Intune 核准並同步處理的應用程式。Select from the list of Android work profile apps that you have approved and synchronized with Intune.
  8. 選取 [權限]。Select Permissions. 您可以透過下列方式設定組態:You can set configurations by using:
  9. 選擇 [確定],然後選擇 [新增]。Choose OK, and then choose Add.

使用設定設計工具Use the configuration designer

您可以針對支援設定的 Android 應用程式使用設定設計工具。You can use the configuration designer for Android apps that support configuration. 設定將會套用在已於 Intune 中註冊的裝置上。Configuration will apply on devices that are enrolled in Intune. 設計工具可讓您針對應用程式未公開的設定,設定特定的設定值。The designer lets you configure specific configuration values for the settings than an app exposes.

請選取 [新增] 來選取您要為應用程式指定的組態設定清單。Select Add to select the list of configuration settings that you want to specify for the app.
對於設定中的每個金鑰和值,請設定:For each key and value in the configuration, set:

  • 實值型別Value type
    設定值的資料類型。The data type of the configuration value. 針對「字串」值類型,您可以視需要選擇變數或憑證設定檔作為值類型。For String value types, you can optionally choose a variable or certificate profile as the value type.
  • 設定值Configuration value
    設定的值。The value for the configuration. 如果您為值類型選取變數或憑證,將可以從設定值下拉式清單中的變數或憑證設定檔清單中選擇。If you select variable or certificate for the value type, you can choose from a list of variables or certificate profiles in the configuration value dropdown. 如果您選擇憑證,則會在執行階段填入部署至裝置之憑證的憑證別名。If you choose a certificate, the certificate alias of the cert deployed to the device will be populated at runtime.

支援的設定值變數Supported variables for configuration values

如果您選擇變數作為值類型,將可以選擇下列選項:You can choose the following options if you choose variable as the value type:

  • 使用者主體名稱 — 例如 **John@contoso.com**User Principal Name — for example, **John@contoso.com**
  • 郵件 — 例如 **John@contoso.com**Mail — for example, **John@contoso.com**
  • 部分 UPN — 例如 JohnPartian UPN — for example, John
  • 帳戶識別碼 — 例如 fc0dc142-71d8-4b12-bbea-bae2a8514c81Account ID — for example, fc0dc142-71d8-4b12-bbea-bae2a8514c81
  • 裝置識別碼 — 例如 b9841cd9-9843-405f-be28-b2265c59ef97Device ID — for example, b9841cd9-9843-405f-be28-b2265c59ef97
  • 使用者識別碼 — 例如 3ec2c00f-b125-4519-acf0-302ac3761822User ID — for example, 3ec2c00f-b125-4519-acf0-302ac3761822
  • 使用者名稱 — 例如 John DoeUser Name —for example, John Doe

進入 JSON 編輯器Enter the JSON editor

某些應用程式 (例如套件組合類型) 上的組態設定無法使用設定設計工具來設定。Some configuration settings on apps (such as those with Bundle types) cannot be configured with the configuration designer. 您需要使用 JSON 編輯器來編輯那些值。You need to use the JSON editor for those values. 安裝應用程式時,會自動將設定值提供給應用程式。Settings are supplied to apps automatically when the app is installed.

  1. 對於 [組態設定格式],請選取 [進入 JSON 編輯器]。For Configuration settings format, select Enter JSON editor.
  2. 您可以在編輯器中定義組態設定的 JSON 值。In the editor, you can define JSON values for configuration settings. 您可以選擇 [下載 JSON 範本] 來下載之後可以設定的範例檔案。You can choose Download JSON template to download a sample file that you can then configure.
  3. 選擇 [確定],然後選擇 [新增]。Choose OK, and then choose Add.

已建立此原則,並顯示在 [原則清單] 刀鋒視窗上。The policy is created and appears on the policies list blade.

當指派的應用程式在裝置上執行時,會依照您在應用程式設定原則中的設定執行。When the assigned app is run on a device, it runs with the settings that you configured in the app configuration policy.

預先設定應用程式的權限授與狀態Preconfigure the permissions grant state for apps

您也可以預先設定應用程式的權限,以存取 Android 裝置功能。You can also preconfigure permission for apps to access Android device features. 根據預設,需要裝置權限 (例如存取位置或裝置相機) 的 Android 應用程式會提示使用者接受或拒絕授與權限。By default, Android apps that require device permissions—such as access to location or the device camera—prompt users to accept or deny permissions. 例如,若應用程式會使用裝置的麥克風,則系統會提示使用者授與應用程式使用麥克風的權限。For example, if an app uses the device's microphone, the user is prompted to grant the app permission to use the microphone.

  1. 登入 Azure 入口網站Sign into the Azure portal.
  2. 選擇 [All services] (所有服務) > [Intune]。Choose All services > Intune. Intune 位於 [Monitoring + Management] (監視 + 管理) 區段。Intune is located in the Monitoring + Management section.
  3. 選擇 [Mobile Apps]。Choose Mobile apps.
  4. 在 [管理] 下方,選擇 [應用程式設定原則],然後選擇 [新增]。Under Manage, choose App configuration policies, and then choose Add.
  5. 使用下列詳細資料:Set the following details:
    • 名稱Name. 將在 Azure 入口網站中顯示的設定檔名稱。The name of the profile that will appear in the Azure portal.
    • 描述Description. 將在 Azure 入口網站中顯示的設定檔描述。The description of the profile that will appear in the Azure portal.
    • 裝置註冊類型Device enrollment type. 選取 受控裝置Select Managed devices.
    • 平台Platform. 選取 [Android]。Select Android.
  6. 選取 [相關聯的應用程式] 來選擇您要定義設定原則的應用程式。Select Associated App to choose the app for which you want to define a configuration policy. 從 Android 工作設定檔應用程式清單中選取您已經使用 Intune 核准並同步處理的應用程式。Select from the list of Android work profile apps that you have approved and synchronized with Intune.
  7. 選取 [權限],然後選擇 [新增]。Select Permissions and then choose Add.
  8. 從可用應用程式權限的清單選取權限,然後選擇 [確定]。Select from the list of available app permissions and then choose OK.
  9. 為每個權限選取要使用此原則授與的選項:Select an option for each permission to grant with this policy:
    • 提示Prompt. 提示使用者接受或拒絕。Prompt the user to accept or deny.
    • 自動授與Auto grant. 自動核准且不通知使用者。Automatically approve without notifying the user.
    • 自動拒絕Auto deny. 自動拒絕且不通知使用者。Automatically deny without notifying the user.
  10. 若要指派應用程式設定原則,請選取應用程式設定原則,選取 [指派],然後選取 [選取群組]。To assign the app configuration policy, select the app configuration policy, select Assignment, and then select Select groups.
  11. 選取要指派的使用者群組,然後選擇 [選取]。Select the user groups to assign, and then choose Select.
  12. 選擇 [儲存] 來指派原則。Choose Save to assign the policy.

接下來的步驟Next steps

繼續指派監視應用程式。Continue to assign and monitor the app.