什麼是 Microsoft Intune 應用程式管理?What is Microsoft Intune app management?

身為 IT 系統管理員,您可以使用 Microsoft Intune 來管理公司員工使用的行動應用程式。As an IT admin, you can use Microsoft Intune to manage the mobile apps that your company's workforce uses. 這項功能與管理裝置和保護資料一起存在。This functionality is in addition to managing devices and protecting data. 系統管理員最優先的事項之一,是確保使用者能夠存取工作所需的應用程式。One of an admin's priorities is to ensure that end users have access to the apps they need to do their work. 這個目標不易達成,因為:This goal can be a challenge because:

  • 裝置平台及應用程式類型有千百種。There are a wide range of device platforms and app types.
  • 您可能需要同時管理公司裝置和使用者個人裝置上的應用程式。You might need to manage apps on both company devices and users' personal devices.
  • 您必須確保網路和資料的安全。You must ensure that your network and your data remain secure.

此外,您也可能需要指派及管理未向 Intune 註冊之裝置上的應用程式。Additionally, you might want to assign and manage apps on devices that are not enrolled with Intune.

Intune 提供各種功能,可協助您在所要的裝置上取得所需的應用程式並執行。Intune offers a range of capabilities to help you get the apps you need on the devices you want to run them on. 下表提供應用程式管理功能的摘要:The following table provides a summary of app management capabilities:

各種平台的應用程式管理功能App management capabilities by platform

AndroidAndroid iOSiOS Windows Phone 8.1Windows Phone 8.1 Windows 10Windows 10
新增應用程式並指派給裝置與使用者Add and assign apps to devices and users Yes Yes Yes Yes
指派應用程式給未向 Intune 註冊的裝置Assign apps to devices not enrolled with Intune Yes Yes No No
使用應用程式設定原則控制應用程式的啟動行為Use app configuration policies to control the startup behavior of apps No Yes No No
使用行動裝置應用程式佈建原則更新過期的應用程式Use mobile app provisioning policies to renew expired apps No Yes No No
使用應用程式保護原則保護應用程式中的公司資料Protect company data in apps with app protection policies Yes Yes No 1No1
只移除已安裝應用程式中的公司資料 (應用程式選擇性抹除)Remove only corporate data from an installed app (app selective wipe) Yes Yes Yes Yes
監視應用程式指派Monitor app assignments Yes Yes Yes Yes
指派及追蹤從應用程式市集中大量採購的應用程式Assign and track volume-purchased apps from an app store No No No Yes
強制安裝在裝置上的應用程式 (必要)2Mandatory install of apps on devices (required)2 Yes Yes Yes Yes
可從公司入口網站安裝在裝置上的選擇 (可用安裝)Optional installation on devices from the Company Portal (available installation) Yes Yes Yes Yes
安裝網路應用程式的捷徑 (網路連結)Install shortcut to an app on the web (web link) Yes Yes Yes Yes
內部 (企業營運) 應用程式In-house (line-of-business) apps Yes Yes No Yes
市集應用程式Apps from a store Yes Yes Yes Yes
更新應用程式Update apps Yes Yes Yes Yes

1您可以考慮使用 Windows 資訊保護來保護 Windows 10 裝置上的應用程式。1 Consider using Windows Information Protection to protect apps on devices that run Windows 10.

2 僅適用於 Intune 管理的裝置。2 Applies to devices managed by Intune only.

開始使用Get started

您可以按照以下步驟,在行動應用程式工作負載中,找到與應用程式最密切相關的資訊:You can find most app-related information in the Mobile Apps workload, which you can access by doing the following:

  1. 登入 Azure 入口網站Sign in to the Azure portal.

  2. 選取 [所有服務] > [Intune]。Select All services > Intune.
    Intune 位於 [Monitoring + Management] (監視 + 管理) 區段。Intune is located in the Monitoring + Management section.

  3. 在 [Microsoft Intune] 窗格中,選取 [行動應用程式]。In the Microsoft Intune pane, select Mobile apps.

    [行動應用程式] 工作負載窗格

接下來四個小節會描述 [行動應用程式] 窗格中可用的選項。The next four sections describe the options available in the Mobile apps pane.

管理Manage

  • 應用程式:選取此選項可新增、檢視、指派和監視您工作人員使用的應用程式。Apps: Select this option to add, view, assign, and monitor the apps that your workforce uses. 如需詳細資訊,請參閱:For more information, see:
  • 應用程式設定原則:選取此選項來提供使用者執行應用程式時可能需要的設定。App configuration policies: Select this option to supply settings that might be required when a user runs an app. 如需詳細資訊,請參閱:For more information, see:
  • 應用程式保護原則:選取此選項,將各項設定與應用程式產生關聯並協助保護它所使用的公司資料。App protection policies: Select this option to associate settings with an app and help protect the company data it uses. 例如,您可以限制某應用程式與其他應用程式的通訊能力,或者您可以要求使用者輸入 PIN 碼才能存取公司應用程式。For example, you might restrict the capabilities of an app to communicate with other apps, or you might require the user to enter a PIN to access a company app. 如需詳細資訊,請參閱:For more information, see:
  • 應用程式選擇性抹除:選取此選項,從選取的使用者裝置只移除公司資料。App selective wipe: Select this option to remove only corporate data from a selected user's device. 如需詳細資訊,請參閱:For more information, see:
  • iOS 應用程式佈建設定檔:iOS 應用程式包含佈建設定檔和由憑證所簽署的程式碼。iOS app provisioning profiles: iOS apps include a provisioning profile and code that is signed by a certificate. 憑證過期之後,就無法再執行應用程式。When the certificate expires, the app can no longer be run. Intune 提供工具,讓您可主動將新的佈建設定檔原則指派至具有即將到期應用程式的裝置。Intune gives you the tools to proactively assign a new provisioning profile policy to devices that have apps that are nearing expiration. 如需詳細資訊,請參閱:For more information, see:

如需本節的詳細資訊,請參閱管理應用程式For more information about this section, see Manage apps.

監視Monitor

  • 應用程式授權:檢視、指派及監視從應用程式市集大量採購的應用程式。App licenses: View, assign, and monitor volume-purchased apps from the app stores. 如需詳細資訊,請參閱:For more information, see:
  • 探索到的應用程式:檢視 Intune 指派並安裝在裝置上的所有應用程式。Discovered Apps: View all apps that were assigned by Intune and installed on a device.
  • 應用程式安裝狀態:檢視您所建立應用程式指派的狀態。App Install Status: View the status of an app assignment that you created.
  • 應用程式保護狀態:檢視您所選取使用者的應用程式保護原則狀態。App protection status: View the status of an app protection policy for a user that you select.
  • 稽核記錄檔:檢視所有 IT 系統管理員所進行的 Intune 應用程式相關活動。Audit logs: View the Intune app-related activity of all IT admins.

如需本節的詳細資訊,請參閱監視應用程式For more information about this section, see Monitor apps.

設定Set up

  • iOS VPP 權杖:套用並檢視您的 iOS 大量採購方案 (VPP) 授權。iOS VPP tokens: Apply and view your iOS Volume Purchase Program (VPP) licenses. 如需詳細資訊,請參閱:For more information, see:
  • Windows 企業憑證:套用或檢視程式碼簽署憑證的狀態,此憑證可用來將企業營運應用程式發佈到您的受控 Windows 裝置。Windows enterprise certificate: Apply or view the status of a code-signing certificate that's used to distribute line-of-business apps to your managed Windows devices.
  • Windows Symantec 憑證:套用或檢視 Symantec 程式碼簽署憑證的狀態,將 XAP 和 WP8.x appx 檔案發佈至 Windows 10 行動裝置時需要此憑證。Windows Symantec certificate: Apply or view the status of a Symantec code-signing certificate, which is needed to distribute XAP and WP8.x appx files to Windows 10 Mobile devices.
  • 商務用 Microsoft Store :設定對商務用 Microsoft Store 的整合。Microsoft Store for Business: Set up integration to the Microsoft Store for Business. 執行此動作之後,可以將採購的應用程式同步到 Intune 並加以指派,以及追蹤授權使用狀況。Afterward, you can synchronize purchased applications to Intune, assign them, and track your license usage. 如需詳細資訊,請參閱:For more information, see:
  • Windows 側載金鑰:新增 Windows 側載金鑰,以便用來將應用程式直接安裝到裝置,而非發行應用程式並從 Windows 市集下載。Windows side loading keys: Add a Windows side-loading key that can be used to install an app directly to devices rather than publishing and downloading the app from the Windows store. 如需詳細資訊,請參閱:For more information, see:
  • 公司入口網站品牌:自訂公司入口網站以顯示您公司的品牌。Company Portal branding: Customize the Company Portal to give it your company branding. 如需詳細資訊,請參閱:For more information, see:
  • 應用程式類別:新增、釘選及刪除應用程式類別名稱。App categories: Add, pin, and delete app category names.
  • Android 工作設定檔:核准並同步處理您已經為企業核准的應用程式。Android work profile: Approve and sync the apps that you have approved for your enterprise. 如需詳細資訊,請參閱:For more information, see:

說明及支援Help and support

  • 說明及支援:進行疑難排解、要求支援,或者檢視 Intune 狀態。Help and support: Troubleshoot, request support, or view Intune status. 如需詳細資訊,請參閱:For more information, see:

接下來的步驟Next steps