當 Android 應用程式交由應用程式保護原則管理時的行為What to expect when your Android app is managed by app protection policies

適用對象:Azure 入口網站的 IntuneApplies to: Intune in the Azure portal
您需要傳統入口網站的 Intune 相關文件嗎?Looking for documentation about Intune in the classic portal? 請移至這裡Go here.

本主題說明應用程式保護原則所管理應用程式的使用者體驗。This topic describes the user experience for apps with app protection policies. 僅當應用程式在工作內容中使用時 (例如使用工作帳戶存取應用程式,或存取公司 OneDrive 上公司位置內儲存的檔案),才會套應用程式保護原則。App protection polices are applied only when apps are used in the work context: like accessing apps using your work account, or accessing files stored in your company OneDrive business location.

存取應用程式Accessing apps

所有與 Android 裝置上之應用程式保護原則相關聯的應用程式,都需要公司入口網站應用程式。The Company Portal app is required for all apps associated with app protection policies on Android devices.

對於不在 Intune 中註冊的裝置,公司入口網站應用程式必須安裝在裝置上。For devices not enrolled in Intune, the Company Portal app must be installed on the device. 但使用者無須啟動或登入公司入口網站應用程式,即可使用應用程式保護原則管理的應用程式。However, user does not have to launch or sign into the Company Portal app before they can use apps managed by app protection policies. 公司入口網站應用程式可讓 Intune 共用安全位置中的資料,因此這是必要的,即使未在 Intune 中註冊裝置也是一樣。The Company Portal app is a way for Intune to share data in a secure location, hence this is a requirement even if the device is not enrolled in Intune.

使用多重身分識別支援的應用程式Using apps with multi-identity support

使用應用程式時,因為只會對工作內容套用應用程式保護原則,所以原則的行為會隨內容 (工作或個人) 而不同。App protection polices are only applied in the work context when using the app, so you may see different app behaviors depending on the context: work or personal.

對於支援多種身分識別的應用程式,Intune 只會在使用者於工作內容中使用應用程式時,才套用應用程式保護原則。For apps that support multi-identity, Intune only applies the app protection policies when the end-user is using the app in the work context. 例如,使用者會在存取工作資料時取得 PIN 提示。For example, the end-user will get a PIN prompt when accessing work data. 針對 Outlook 應用程式,系統會提示使用者在啟動應用程式時輸入 PIN。For the Outlook app, the end-user is prompted for a PIN on launching the app. 針對 OneDrive 應用程式,這發生在使用者輸入工作帳戶時。For the OneDrive app, this happens when the end-user types in the work account. 對於 Microsoft WordPowerPoint*、及 **Excel,這會在終端使用者存取儲存在公司商務用 OneDrive 位置中的文件時發生。For Microsoft Word, PowerPoint*, and **Excel, this happens when the end-user accesses documents stored in the company OneDrive for Business location.

管理裝置上的使用者帳戶Managing user accounts on the device

Intune 只允許將應用程式保護原則部署到每部裝置上的一個使用者帳戶。Intune only supports deploying app protection policies to only one user account per device.

  • 根據您所使用的應用程式,可能或不會封鎖裝置上的第二位使用者。Depending on the app that you are using, the second user may or may not be blocked on the device. 在所有情況下,只有套用應用程式保護原則的第一位使用者會受原則影響。However, in all cases, only the first user who gets the app protection policies is affected by the policy.

    • Microsoft WordExcelPowerPoint 不會封鎖第二個使用者帳戶,但第二個使用者帳戶不會受應用程式保護原則影響。Microsoft Word, Excel, and PowerPoint don't block a second user account, but the second user account is not affected by the app protection policies.

    • 若為 OneDrive 和 Outlook 應用程式,您只能使用一個工作帳戶。For OneDrive and Outlook apps, you can only use one work account. 在這些應用程式中新增多個工作帳戶會遭到封鎖。Adding multiple work accounts are blocked on these apps. 不過,您可以在裝置上移除使用者並新增不同的使用者。You can however, remove a user and add a different user on the device.

  • 若裝置在應用程式保護原則部署之前已有多個使用者帳戶,則應用程式保護原則所部署的第一個帳戶將由 Intune 應用程式保護原則管理。If a device has existing multiple user accounts before the app protection policies are deployed, the account that the app protection policies is deployed to first is managed by Intune app protection policies.

閱讀下列案例範例以深入了解如何處理多個使用者帳戶。Read the example scenario below to get a deeper understanding of how multiple user accounts are treated.

使用者 A 為兩家公司服務 - X 公司Y 公司。使用者 A 在這兩家公司各有一個工作帳戶,且兩者全都使用 Intune 部署應用程式保護原則。User A works for two companies - Company X, and Company Y. User A has a work account for each company, and both use Intune to deploy app protection policies. X 公司部署先於 Y 公司部署應用程式保護原則。因此將會對 X 公司所關聯的帳戶套用應用程式保護原則,而不會對 Y 公司所關聯的帳戶套用。若希望 Y 公司所關聯的使用者帳戶也能交由應用程式保護原則管理,必須移除 X 公司所關聯的使用者帳戶。Company X deploys app protection policies before Company Y. The account associated with Company X will get the app protection policy, but not the account associated with Company Y. If you want the user account associated with Company Y to be managed by the app protection policies, you must remove the user account associated with Company X.

新增第二個帳戶Adding a second account

AndroidAndroid

如果您使用 Android 裝置,則可能會看到封鎖訊息,其中包含有關如何移除現有帳戶並新增帳戶的指示。If you are using an Android device, you may see a blocking message with instructions to remove the existing account and add a new one. 若要移除現有帳戶,請移至 [設定] > [一般] > [應用程式管理員] > [公司入口網站],然後選取 [清除資料]。To remove the existing account, go to Settings >General > Application Manager >Company Portal and select "Clear Data".

移除該帳戶的錯誤訊息和指示的螢幕擷取畫面

使用 Azure Information Protection 應用程式 (前稱為 Rights Management 共用應用程式) 檢視媒體檔案Viewing media files with the Azure Information Protection app (previously known as Rights Management sharing app)

若要在 Android 裝置上檢視公司 AV、PDF 和影像檔,請使用 Azure Information Protection 應用程式To view company AV, PDF, and image files on Android devices, use the Azure Information Protection app.

從 Google Play 商店下載這個應用程式。Download this app from the Google Play store.

以下是支援的檔案類型:The following filetypes are supported:

  • 音訊︰AAC LC、HE-AACv1 (AAC+)、HE-AACv2 (增強 AAC+)、AAC ELD (增強低延遲 AAC)、AMR-NB、AMR-WB、FLAC、MP3、MIDI、Ogg Vorbis、PCM/WAVE。Audio: AAC LC, HE-AACv1 (AAC+), HE-AACv2 (enhanced AAC+), AAC ELD (enhanced low delay AAC), AMR-NB, AMR-WB, FLAC, MP3, MIDI, Ogg Vorbis, PCM/WAVE.
  • 視訊︰H.263、H.264 AVC、MPEG-4 SP、VP8。Video: H.263, H.264 AVC, MPEG-4 SP, VP8.
  • 影像︰jpg、pjpg、png、ppng、bmp、pbmp、gif、pgif、jpeg、pjpeg。Image: jpg, pjpg, png, ppng, bmp, pbmp, gif, pgif, jpeg, pjpeg.
  • 文件:PDF、PPDFDocuments: PDF, PPDF

pfilepfile texttext
Pfile 是適用於受保護檔案的泛型「包裝函式」格式,它會封裝已加密的內容和 Azure Information Protection 授權,而且可以用來保護任何檔案類型。Pfile is a generic “wrapper” format for protected files that encapsulates the encrypted content and the Azure Information Protection licenses and can be used to protect any file type. 文字檔案,包括 XML、CSV 等可以在應用程式中開啟以便進行檢視,即使它們受保護也一樣。Text files, including XML, CSV, etc. can be opened for viewing in the app even when they are protected. 檔案類型︰txt、ptxt、csv、pcsv、log、plog、xml、pxml。File types: txt, ptxt, csv, pcsv, log, plog, xml, pxml.

後續步驟Next steps

當 iOS 應用程式交由應用程式保護原則管理時的行為What to expect when your iOS app is managed by app protection policies

請參閱See also

使用 Microsoft Intune 建立及部署應用程式保護原則Create and deploy app protection policies with Microsoft Intune