當 iOS 應用程式交由應用程式保護原則管理時的行為What to expect when your iOS app is managed by app protection policies

了解應用程式保護原則所管理之 iOS 應用程式的使用者體驗。Learn about the user experience for iOS apps with app protection policies. 只有在應用程式用於工作內容時,才會套用應用程式保護原則。App protection polices are applied only when apps are used in the work context. 例如,當您以公司帳戶存取應用程式,或存取儲存在公司 OneDrive 位置的檔案時。For example, when you access an app with a work account, or when you access files stored in your company OneDrive location.

存取應用程式Accessing apps

如果裝置未註冊於 Intune 中,會要求使用者在第一次使用應用程式時重新啟動應用程式。If the device is not enrolled in Intune, the user will be asked to restart the app when they first use the app. 必須先重新啟動,才會將應用程式保護原則套用到應用程式。A restart is required so app protection polices can be applied to the app. 下列螢幕擷取畫面使用 Skype 應用程式來說明這點︰The following screenshot illustrates this using the Skype app:

顯示 PIN 提示之 iOS 裝置的螢幕擷取畫面

針對在 Intune 中註冊以進行管理的裝置,使用者會看到現在已管理其應用程式的訊息:For devices that are enrolled for management in Intune, the user will see a message that their app is now managed:

顯示公司訊息所管理並具有 PIN 提示之 iOS 裝置的螢幕擷取畫面

使用多重身分識別支援的應用程式Using apps with multi-identity support

只有當使用者嘗試存取與工作相關的資料時,才會運用應用程式防護原則。App protection policies take effect only when a user tries to access work-related data. 如果使用者嘗試存取供個人使用的應用程式,可能會出現不同的行為。You may see different behavior if the user tries to access the app for personal use. 原則也不適用於尚未儲存的新內容。The policies also do not apply to new content that is not yet saved. 新內容只有在儲存至公司位置 (例如 SharePoint 或商務用 OneDrive) 之後,才會視為公司資訊。New content is considered corporate information only after it is saved to a corporate location, such as SharePoint or OneDrive for Business.

針對支援多重身分識別的應用程式,Intune 只會在使用者存取工作資料時套用應用程式保護原則。For apps that support multi-identity, Intune only applies app protection policies if a user accesses work data. 例如,使用者可能會收到 PIN 提示。For example, a user may get a PIN prompt. Outlook 應用程式中,當使用者啟動應用程式時,會出現提示。In the Outlook app, a prompt occurs when a user launches the app. OneDrive 應用程式中,當使用者輸入工作帳戶時,會出現提示。In the OneDrive app, a prompt occurs when a user types in the work account. 在 Microsoft WordPowerPointExcel 中,當使用者存取公司的 OneDrive 文件時,會出現提示。In Microsoft Word, PowerPoint, and Excel, a prompt occurs when a user accesses company OneDrive documents.

管理裝置上的使用者帳戶Managing user accounts on the device

Intune 只允許將應用程式保護原則部署到每部裝置上的一個使用者帳戶。Intune only supports deploying app protection policies to only one user account per device.

  • 根據您所使用的應用程式,可能或不會封鎖裝置上的第二位使用者。Depending on the app that you are using, the second user may or may not be blocked on the device. 在所有情況下,只有套用應用程式保護原則的第一位使用者才會受到原則的影響。However, in all cases, only the first user who gets the app protection policies are affected by the policy.

    • Microsoft WordExcelPowerPoint 不會封鎖其他使用者帳戶的存取權。Microsoft Word, Excel, and PowerPoint won't block access to an additional user account. 但使用者帳戶不會受到應用程式防護原則的影響。However, the user account will not be affected by the app protection policies.

    • 若為 OneDrive 和 Outlook 應用程式,您只能使用一個工作帳戶。For OneDrive and Outlook apps, you can only use one work account. 在這些應用程式中新增多個工作帳戶會遭到封鎖。Adding multiple work accounts are blocked on these apps. 但您可以從裝置移除使用者,然後將不同的使用者新增至該裝置。However, you can remove a user from a device, and then add a different user to the device.

  • 在部署應用程式保護原則之前,裝置可能有多個現有的使用者帳戶。A device may have multiple existing user accounts before the app protection policies are deployed. 在此情況下,應用程式保護原則所部署的第一個帳戶會受 Intune 應用程式保護原則管理。In this case, the first account that the app protection policies are deployed to is managed by Intune app protection policies.

請閱讀下列案例範例,了解 Intune 如何處理多重使用者帳戶。Read the following example scenario to learn how Intune handles multiple user accounts.

使用者 A 為兩家公司服務:X 公司Y 公司。使用者 A 在這兩家公司各有一個工作帳戶,且兩者全都使用 Intune 部署應用程式保護原則。User A works for two companies: Company X, and Company Y. User A has a work account for each company, and both use Intune to deploy app protection policies. X 公司部署先於 Y 公司部署應用程式保護原則。因此將會對與 X 公司相關聯的帳戶,套用應用程式防護原則,但不會對與 Y 公司相關聯的帳戶套用。若希望應用程式防護原則可管理 Y 公司的帳戶,使用者 A 必須移除 X 公司使用者帳戶。Company X deploys app protection policies before Company Y. The account associated with Company X will get the app protection policy, but not the account associated with Company Y. To have the Company Y user account managed by the app protection policies, User A must remove the Company X user account.

新增第二個帳戶Adding a second account

如果您使用 iOS 裝置,則嘗試在同一部裝置上新增第二個工作帳戶時,會看到封鎖訊息。If you are using an iOS device, when you try to add a second work account on the same device, you may see a blocking message. 將會顯示帳戶,而且您可以選擇想要移除的帳戶。The accounts will be displayed and you can choose the account you want to remove.

包含封鎖訊息和 [是] 與 [否] 選項之對話方塊的螢幕擷取畫面

接下來的步驟Next steps

當 Android 應用程式交由應用程式防護原則管理時的行為What to expect when your Android app is managed by app protection policies

另請參閱See also

使用 Microsoft Intune 建立及部署應用程式保護原則Create and deploy app protection policies with Microsoft Intune