如何使用 iOS 適用的 Microsoft Intune 應用程式設定原則How to use Microsoft Intune app configuration policies for iOS

適用對象:Azure 入口網站的 IntuneApplies to: Intune in the Azure portal
您需要傳統入口網站的 Intune 相關文件嗎?Looking for documentation about Intune in the classic portal? 請移至這裡Go here.

在 Microsoft Intune 中使用應用程式設定,以提供使用者執行 iOS 應用程式時會使用的設定。Use app configuration policies in Microsoft Intune to supply settings that are used when users run an iOS app. 例如,應用程式可能需要使用者指定:For example, an app might require users to specify:

  • 自訂連接埠號碼。A custom port number.

  • 語言設定。Language settings.

  • 安全性設定。Security settings.

  • 公司標誌等品牌設定。Branding settings such as a company logo.

若使用者未正確輸入這些設定,可能會增加技術支援中心的負擔,使得採用新應用程式的速度變慢。If users enter these settings incorrectly, it can increase the burden on your help desk and slow the adoption of new apps.

應用程式組態原則可讓您在使用者執行應用程式之前,將這些設定指派給使用者來避開這些問題。App configuration policies can help you eliminate these problems by letting you assign these settings to users in a policy before they run the app. 這些設定會自動提供,使用者無須採取任何動作。The settings are then supplied automatically, and users need to take no action. 必須撰寫應用程式,才能支援使用應用程式設定。Apps must have been written to support the use of app configurations. 如需詳細資訊,請洽詢您的應用程式廠商。Consult your app vendor for more information.

您不會直接將這些原則部署給使用者與裝置。You do not assign these policies directly to users and devices. 而是將原則與應用程式關聯,然後再指派應用程式。Instead, you associate a policy with an app, and then assign the app. 每當應用程式檢查是否有原則設定時 (通常於初次執行時),都會加以使用。The policy settings are used whenever the app checks for them (typically, the first time it is run).

提示

此原則類型目前僅針對執行 iOS 8.0 和更新版本的裝置提供。This policy type is currently available only for devices running iOS 8.0 and later. 它支援下列應用程式安裝類型︰It supports the following app installation types:

  • App Store 中的受管理 iOS 應用程式Managed iOS app from the app store
  • iOS 應用程式套件App package for iOS

如需應用程式安裝類型的詳細資訊,請參閱如何將應用程式新增至 Microsoft IntuneFor more information about app installation types, see How to add an app to Microsoft Intune.

建立應用程式設定原則Create an app configuration policy

  1. 登入 Azure 入口網站。Sign into the Azure portal.
  2. 選擇 [更多服務] > [監視 + 管理] > [Intune]。Choose More Services > Monitoring + Management > Intune.
  3. 在 [Intune] 刀鋒視窗上,選擇 [行動應用程式]。On the Intune blade, choose Mobile apps.
  4. 在 [行動應用程式] 工作負載中,選擇 [管理] > [應用程式設定原則]。In the Mobile apps workload, choose Manage > App Configuration Policies.
  5. 在原則清單刀鋒視窗中選擇 [新增]。In the list of policies blade, choose Add.
  6. 在 [新增設定原則] 刀鋒視窗上,為應用程式原則提供 [名稱] 及選擇性 [敘述]。On the Add Configuration Policy blade, supply a Name and an optional Description for the app configuration policy.
  7. 對於 [裝置註冊類型],請選擇下列其中一項:For Device enrollment type, choose one of:
    • 已註冊到 Intune - 適用於由 Intune 管理的應用程式。Enrolled with Intune - For apps that are managed by Intune.
    • 尚未註冊到 Intune - 適用於不受 Intune 管理,或由另一個解決方案管理的應用程式。Not enrolled with Intune - For apps that are not managed by Intune, or are managed by another solution.
  8. 對於 [平台],請選擇 iOSFor Platform, choose iOS (for devices enrolled with Intune only)
  9. 選擇 [相關聯的應用程式],然後在 [相關聯的應用程式] 刀鋒視窗中,選擇要套用設定之受管理的應用程式。Choose Associated App, then, on the Associated App blade, choose the managed app to which you want to apply the configuration.
  10. 在 [新增設定原則] 刀鋒視窗上,選擇 [組態設定]On the Add Configuration Policy blade, choose Configuration settings
  11. 在 [組態設定] 刀鋒視窗上,於下列選項中,選擇您想要如何指定組成組態設定檔的 XML 值:On the Configuration Settings blade, choose how you want to specify the XML values that make up the configuration profile from:
    • 輸入 XML 資料 (僅限已向 Intune 註冊的裝置) - 輸入或貼上 XML 屬性清單,其中包含您需要的應用程式組態設定。Enter XML data (for devices enrolled with Intune only) - Enter or paste an XML property list that contains the app configuration settings that you want. XML 屬性清單的格式會依您所設定的應用程式而有所不同。The format of the XML property list varies depending on the app you are configuring. 如需所要使用之確切格式的詳細資訊,請連絡應用程式供應商。Contact the supplier of the app for details about the exact format to use. Intune 會檢查您輸入的 XML 格式是否正確。Intune checks that the XML you entered is in a valid format. 而不會檢查 XML 屬性清單是否適用於已建立關聯的應用程式。It does not check that the XML property list works with the app that it is associated with. 若要深入了解 XML 屬性清單,請參閱 iOS Developer Library 中的 Understanding XML Property ListsTo find out more about XML property lists, see Understanding XML Property Lists in the iOS Developer Library.
    • 使用設定設計工具 (不論裝置是否已向 Intune 註冊) - 讓您能夠在入口網站中直接指定 XML 索引鍵/值組。Use configuration designer (whether or not the device is enrolled with Intune) - Lets you specify XML key and value pairs directly in the portal.
  12. 當您完成時,請返回 [新增設定原則] 刀鋒視窗,然後點擊 [建立]。When you're done, go back to the Add Configuration Policy blade, and hit Create.

已建立此原則,並顯示在 [原則清單] 刀鋒視窗上。The policy is created and appears on the policies list blade.

注意

不論裝置是否已向 Intune 註冊,您都可以使用 Intune App SDK 準備讓企業營運應用程式受 Intune 應用程式防護原則及應用程式設定原則管理。You can use the Intune App SDK to prepare line-of-business apps to be managed by Intune app protection policies, and app configuration policies, whether the device is enrolled with Intune or not. 例如,您可以使用應用程式設定原則,設定 Intune Managed Browser 允許及封鎖的 URL。For example, you can use an app configuration policy to configure allowed and blocked URLs for the Intune Managed Browser. 只要應用程式與這些原則相容,即可使用原則加以設定。Once an app is compatible with these policies, you can configure them using a policy.

當指派的應用程式在裝置上執行時,會依照您在應用程式設定原則中的設定執行。When the assigned app is run on a device, it runs with the settings that you configured in the app configuration policy. 請參閱您正在設定之應用程式的文件以取得資訊,了解若一或多個應用程式設定原則發生衝突,會產生甚麼影響。See the documentation for the app you are configuring for information about what happens if one or more app configuration policies conflict.

提示

此外,您也可以使用圖形 API 來完成這些工作。Additionally, you can use Graph API to accomplish these tasks. 如需詳細資料,請參閱 Graph API Reference MAM Targeted Config (以圖形 API 參考 MAM 為目標的設定)。For details, see Graph API Reference MAM Targeted Config.

XML 檔案格式的相關資訊Information about the XML file format

Intune 支援屬性清單中的下列資料類型:Intune supports the following data types in a property list:

  • <integer><integer>
  • <real><real>
  • <string><string>
  • <array><array>
  • <dict><dict>
  • <true /> 或 <false /><true /> or <false />

如需資料類型的詳細資訊,請參閱 iOS Developer Library 中的 關於屬性清單For more information about data types, see About Property Lists in the iOS Developer Library.

此外,Intune 支援屬性清單中的下列權杖類型︰Additionally, Intune supports the following token types in the property list:

  • {{userprincipalname}} - (範例:John@contoso.com){{userprincipalname}} - (Example: John@contoso.com)
  • {{mail}} - (範例:John@contoso.com){{mail}} - (Example: John@contoso.com)
  • {{partialupn}} - (範例:John){{partialupn}} - (Example: John)
  • {{accountid}} - (範例:fc0dc142-71d8-4b12-bbea-bae2a8514c81){{accountid}} - (Example: fc0dc142-71d8-4b12-bbea-bae2a8514c81)
  • {{deviceid}} - (範例:b9841cd9-9843-405f-be28-b2265c59ef97){{deviceid}} - (Example: b9841cd9-9843-405f-be28-b2265c59ef97)
  • {{userid}} - (範例:3ec2c00f-b125-4519-acf0-302ac3761822){{userid}} - (Example: 3ec2c00f-b125-4519-acf0-302ac3761822)
  • {{username}} - (範例:John Doe){{username}} - (Example: John Doe)
  • {{serialnumber}} - 適用於 iOS 裝置 (範例:F4KN99ZUG5V2){{serialnumber}} - (Example: F4KN99ZUG5V2) for iOS devices
  • {{serialnumberlast4digits}} - 適用於 iOS 裝置 (範例:G5V2){{serialnumberlast4digits}} - (Example: G5V2) for iOS devices

{{ 和 }} 字元僅供權杖類型使用,絕不能用於其他用途。The {{ and }} characters are used by token types only and must not be used for other purposes.

應用程式設定 XML 檔案的範例格式Example format for an app configuration XML file

當您建立應用程式設定檔時,可以使用下列格式指定下列一或多個值︰When you create an app configuration file, you can specify one or more of the following values by using this format:

<dict>
  <key>userprincipalname</key>
  <string>{{userprincipalname}}</string>
  <key>mail</key>
  <string>{{mail}}</string>
  <key>partialupn</key>
  <string>{{partialupn}}</string>
  <key>accountid</key>
  <string>{{accountid}}</string>
  <key>deviceid</key>
  <string>{{deviceid}}</string>
  <key>userid</key>
  <string>{{userid}}</string>
  <key>username</key>
  <string>{{username}}</string>
  <key>serialnumber</key>
  <string>{{serialnumber}}</string>
  <key>serialnumberlast4digits</key>
  <string>{{serialnumberlast4digits}}</string>
  <key>udidlast4digits</key>
  <string>{{udidlast4digits}}</string>
</dict>

後續步驟Next steps

一如往常般地指派監視應用程式。Continue to assign and monitor the app as usual.