使用 iOS 行動佈建設定檔,以避免您的應用程式過期Use iOS mobile provisioning profiles to prevent your apps from expiring

適用於︰Azure 上的 IntuneApplies to: Intune on Azure
您需要傳統主控台中之 Intune 的相關文件嗎?Looking for documentation about Intune in the classic console? 請移至這裡Go to here.

簡介Introduction

指派至 iPhone 與 iPad 的 Apple iOS 企業營運應用程式,是使用包含的佈建設定檔與透過憑證簽署的程式碼所建置。Apple iOS line of business apps that are assigned to iPhones and iPads are built with an included provisioning profile and code that is signed with a certificate. 當該應用程式執行時,iOS 會確認該 iOS 應用程式的完整性,並強制執行由佈建設定檔定義的原則。When the app is run, iOS confirms the integrity of the iOS app and enforces policies that are defined by the provisioning profile. 發生下列驗證︰The following validations happen:

  • 安裝檔案完整性 - iOS 會將應用程式詳細資料與企業簽署憑證的公開金鑰加以比較。Installation file integrity - iOS compares the app's details with the enterprise signing certificate's public key. 如果不同,應用程式內容可能已變更,且將不允許執行該應用程式。If they differ, the app's content might have changed, and the app will not be allowed to run.
  • 功能強制 - iOS 嘗試從包含在應用程式安裝檔 (.ipa) 中的企業佈建設定檔 (而非個別開發人員佈建設定檔) 強制執行應用程式功能。Capabilities enforcement - iOS attempts to enforce the app's capabilities from the enterprise provisioning profile (not individual developer provisioning profiles) that are in the app installation (.ipa) file.

您用來簽署應用程式的企業簽署憑證通常會持續三年。The enterprise signing certificate that you use to sign apps typically lasts for three years. 不過佈建設定檔將會在一年後到期。However, the provisioning profile expires after a year. 當憑證仍然有效時,Intune 會提供工具,您可主動將新的佈建設定檔指派至有應用程式即將到期的裝置。While the certificate is still valid, Intune gives you the tools to proactively assign a new provisioning profile to devices that have apps that are nearing expiry. 憑證過期後,您必須使用新的憑證再次簽署應用程式,並使用新憑證的金鑰內嵌新的佈建設定檔。After the certificate expires, you must sign the app again with a new certificate and embed a new provisioning profile with the key of the new certificate.

如何建立 iOS 行動應用程式佈建設定檔How to create an iOS mobile app provisioning profile

  1. 登入 Azure 入口網站。Sign into the Azure portal.
  2. 選擇 [更多服務] > [監視 + 管理] > [Intune]。Choose More Services > Monitoring +Management > Intune.
  3. 在 [Intune] 刀鋒視窗上,選擇 [行動應用程式]。On the Intune blade, choose Mobile apps.
  4. 在 [行動應用程式] 工作負載中,選擇 [管理] > [iOS 佈建設定檔]。In the Mobile apps workload, choose Manage > iOS provisioning profiles.
  5. 在設定檔刀鋒視窗清單中,選擇 [建立設定檔]。In the list of profiles blade, choose Create profile.
  6. 在 [建立設定檔] 刀鋒視窗中,設定下列值︰In the Create profile blade, configure the following values:
    • 名稱 - 提供此行動佈建設定檔的名稱。Name - Provide a name for this mobile provisioning profile.
    • [描述] - 提供原則的描述 (選擇性)。Description - Optionally, provide a description for the policy.
    • 上傳設定檔 - 選擇 [匯入],然後選擇您從 Apple 開發人員網站下載的 Apple 行動組態設定檔檔案 (副檔名為 .mobileprovision)。Upload profile file - Choose Import, and then choose an Apple Mobile Configuration Profile file (with the extension .mobileprovision) that you downloaded from the Apple Developer website.
  7. 完成之後,請選擇 [建立]。When you are done, choose Create.

後續步驟Next steps

將設定檔指派給所需的 iOS 裝置。Assign the profile to the required iOS devices. 如需詳細資訊,請使用如何指派裝置設定檔中的步驟。For more information, use the steps in How to assign device profiles.

若要提交意見反應,請前往 Intune Feedback