使用 Intune 將應用程式指派給 Android 工作設定檔裝置Assign apps to Android work profile devices with Intune

Android 企業是適用於 Android 工作設定檔裝置和 kiosk 裝置的方案。Android enterprise is a program for Android work profile devices and kiosk devices. 對於 Android 工作設定檔裝置來說,Android 企業是一組功能與服務,可將個人應用程式與資料和公司應用程式與資料分隔開來。For Android work profile devices, Android enterprise is a set of features and services that separate personal apps and data from work apps and data. 使用者以 Android 裝置進行工作時,Android 企業可提供額外的管理選項與隱私權。Android enterprise provides additional management options and privacy when people use their Android devices for work. Intune 可協助您將應用程式和設定部署到 Android 工作設定檔裝置,以確定公司及個人資訊各自分開。Intune helps you deploy apps and settings to Android work profile devices to make sure work and personal information are separate. 您在 Android 工作設定檔裝置上安裝的所有應用程式都是來自受控 Google Play 商店。All apps you install on Android work profile devices come from the Managed Google Play store. 將應用程式指派給 Android 工作設定檔裝置的方式,與您將應用程式指派給標準 Android 裝置的方式不同。How you assign apps to Android work profile devices differs from how you assign them to standard Android devices. 您需要登入商店、瀏覽所需的應用程式,並核准這些應用程式。You sign in to the store, browse for the apps you want, and approve them. 然後,該應用程式會出現在 Azure 入口網站的 [授權的應用程式] 節點中,而且您可以管理應用程式的指派,如同其他應用程式一樣。The app then appears in the Licensed apps node of the Azure portal, and you can manage assignment of the app as you would any other app.

此外,如果您已建立自己的企業營運 (LOB) 應用程式,則可以依照以下方式指派這些應用程式:Additionally, if you have created your own line-of-business (LOB) apps, you can assign them as follows:

  • 註冊一個 Google 開發人員帳戶,您就能夠在 Google Play 商店的私人區域發佈應用程式。Sign up for a Google Developer account that lets you publish apps to a private area in the Google Play store.
  • 使用 Intune 同步應用程式。Synchronize the apps with Intune.

開始之前Before you start

確定您已在 Azure 入口網站的 [裝置註冊] 工作負載中,設定 Intune 與 Android 工作設定檔搭配使用。Make sure you have configured Intune and Android work profiles to work together in the Device enrollment workload of the Azure portal. 如需詳細資訊,請參閱註冊 Android 裝置For more information, see Enroll Android devices.

與受控 Google Play 商店中的應用程式同步處理Synchronize an app from the Managed Google Play store

  1. 前往受控 Google Play 商店Go to the Managed Google Play store. 使用您用來設定 Intune 與 Android 企業間連線的相同帳戶進行登入。Sign in with the same account you used to configure the connection between Intune and Android enterprise.

  2. 搜尋市集並選取您要使用 Intune 指派的應用程式。Search the store and select the app you want to assign by using Intune.

  3. 在顯示應用程式的頁面上,選取 [核准]。On the page that displays the app, select Approve.
    在下列範例中,已經選擇 Microsoft Excel 應用程式。In the following example, the Microsoft Excel app has been chosen.

    受控 Google Play 商店中的 [核准] 按鈕

    應用程式視窗隨即開啟,要求您授權讓應用程式執行各種作業。A window for the app opens asking you to give permissions for the app to perform various operations.

  4. 選取 [核准] 接受應用程式權限,並繼續作業。Select Approve to accept the app permissions and continue.

    應用程式權限的 [核准] 按鈕

  5. 選取一個選項來處理新的應用程式權限要求,然後選取 [儲存]。Select an option for handling new app permission requests, and then select Save.

    用來處理新應用程式權限要求的選項

    應用程式已通過核准並顯示在您的 IT 管理主控台中。The app is approved, and it is displayed in your IT admin console. 接下來,您可以使用 Intune 同步處理 Android 工作設定檔應用程式Next, you can sync the Android work profile app with Intune.

使用 Intune 同步處理受控 Google Play 應用程式Sync a Managed Google Play app with Intune

如果您已核准商店中的某個應用程式,但未在 [行動應用程式] 工作負載的 [授權的應用程式] 節點中看到它,請以如下方式強制立即同步:If you have approved an app from the store and don't see it in the Licensed apps node of the Mobile apps workload, force an immediate sync as follows:

  1. 登入 Azure 入口網站Sign in to the Azure portal.
  2. 選取 [所有服務] > [Intune]。Select All services > Intune. Intune 位於 [Monitoring + Management] (監視 + 管理) 區段。Intune is located in the Monitoring + Management section.
  3. 在 [Intune] 窗格中,選取 [行動應用程式]。In the Intune pane, select Mobile apps.
  4. 在 [行動應用程式] 工作負載窗格的 [安裝] 底下,選取 [受控 Google Play]。In the Mobile apps workload pane, under Setup, select Managed Google Play.
  5. 在 [受控 Google Play] 窗格中,選擇 [重新整理]。In the Managed Google Play pane, choose Refresh.
    此頁面會更新上一次同步的時間和狀態。The page updates the time and status of the last sync.
  6. 在 [行動應用程式] 工作負載窗格中,選取 [應用程式]。In the Mobile apps workload pane, select Apps.
    隨即會顯示新的可用受控 Google Play 應用程式。The newly available Managed Google Play app is displayed.

當此應用程式顯示在 [行動應用程式] 工作負載窗格的 [應用程式授權] 節點時,您就可以像是指派任何其他應用程式一樣來指派它When the app is displayed in the App licenses node of the Mobile apps workload pane, you can assign it just as you would assign any other app. 您只能將應用程式指派給使用者的群組。You can assign the app to groups of users only.

在您指派應用程式之後,它會安裝在您的目標裝置上,After you assign the app, it is installed on the devices that you've targeted. 而不會要求裝置的使用者核准安裝。The user of the device is not asked to approve the installation.

管理 Android 企業應用程式權限Manage Android enterprise app permissions

Android 企業會要求您在受控 Google Play Web 主控台核准應用程式,然後才能利用 Intune 同步處理應用程式並指派給使用者。Android enterprise requires you to approve apps in the managed Google Play web console before you sync them with Intune and assign them to your users. 因為 Android 企業可讓您以無訊息模式且自動地將這些應用程式推送到使用者的裝置,因此您必須代表所有使用者接受應用程式的權限。Because Android enterprise allows you to silently and automatically push the apps to users' devices, you must accept the app permissions on behalf of all your users. 使用者在安裝應用程式時不會看到任何應用程式權限,因此請務必了解這些權限。Users don't see any app permissions when they install the apps, so it's important that you understand the permissions.

當應用程式開發人員使用新版本應用程式更新權限時,即使您已核准先前的權限,也不會自動接受那些權限。When an app developer updates permissions with a new version of the app, the permissions are not automatically accepted even if you approved the previous permissions. 執行舊版本應用程式的裝置仍可以繼續使用該應用程式。Devices that run the previous version of the app can still use it. 但是,在核准新的權限之前,不會升級應用程式。However, the app is not upgraded until the new permissions are approved. 在您核准應用程式的新權限之前,未安裝該應用程式的裝置不會安裝應用程式。Devices without the app installed do not install the app until you approve the app's new permissions.

更新應用程式權限Update app permissions

請定期造訪受管理的 Google Play 主控台來檢查新的權限。Periodically visit the managed Google Play console to check for new permissions. 您可以設定 Google Play 在需要新權限以使用核准的應用程式時,寄送電子郵件給您或其他使用者。You can configure Google Play to send you or others an email when new permissions are required for an approved app. 若您指派了應用程式,並發現它並未安裝在裝置上,請遵循下列步驟來檢查是否有新的權限:If you assign an app and observe that it isn't installed on devices, check for new permissions following these steps:

  1. 前往 Google PlayGo to Google Play.
  2. 使用您用來發行及核准應用程式的 Google 帳戶登入。Sign in with the Google account that you used to publish and approve the apps.
  3. 選取 [更新] 索引標籤,然後檢查任何應用程式是否需要更新。Select the Updates tab, and check to see whether any apps require an update.
    任何列出的應用程式都需要新的權限,而且在套用新權限之前將不會指派。Any listed apps require new permissions and are not assigned until they are applied.

或者,您可以設定 Google Play,以每個應用程式為基礎,自動核准應用程式權限。Alternatively, you can configure Google Play to automatically reapprove app permissions on a per-app basis.

使用受控 Google Play 商店的企業營運應用程式Working with a line-of-business app from the Managed Google Play store

  1. 使用您用來設定 Intune 與 Android 企業間連線的相同帳戶來登入 Google Play Developer ConsoleSign in to the Google Play Developer Console with the same account you used to configure the connection between Intune and Android enterprise.
    如果您是第一次登入,則必須註冊並支付費用,才能成為 Google 開發人員計劃的會員。If you are signing in for the first time, you must register and pay a fee to become a member of the Google Developer program.

  2. 在主控台中,選取 [加入新的應用程式]。In the console, select Add new application.

  3. 您可以透過用來將任何應用程式發行至 Google Play 商店的相同方式,來上傳及提供應用程式的相關資訊。You upload and provide information about your app in the same way as you publish any app to the Google Play store. 不過,您必須選取 [只讓我的組織 (<組織名稱>) 使用此應用程式]。However, you must select Only make this application available to my organization (<organization name>).

    只將應用程式提供給您組織使用

    這項作業只會將應用程式提供給您的組織使用。This operation makes the app available only to your organization. 在公用 Google Play 商店上則不提供該應用程式。It won't be available on the public Google Play store.

    如需如何上傳及發行 Android 應用程式的詳細資訊,請參閱 Google Developer Console 說明For more information about uploading and publishing Android apps, see Google Developer Console Help.

  4. 發佈您的應用程式之後,使用您用來設定 Intune 與 Android 企業間連線的相同帳戶來登入受控 Google Play 商店After you've published your app, sign in to the Managed Google Play store with the same account that you used to configure the connection between Intune and Android enterprise.

  5. 在商店的 [應用程式] 節點中,確認您可以看見自已發行的應用程式。In the Apps node of the store, verify that the app you've published is displayed.
    應用程式會自動通過核准,以與 Intune 同步處理。The app is automatically approved to be synchronized with Intune.

接下來的步驟Next steps