監視 Intune 裝置合規性政策Monitor Intune Device compliance policies

相容性報表可協助管理員分析其組織內裝置的相容性狀態,並針對組織內使用者遇到的相容性相關問題快速進行疑難排解。Compliance reports help admins to analyze the compliance posture of devices in their organization, and quickly troubleshoot compliance-related issues encountered by users inside their organization. 您可以檢視裝置的整體合規性狀態、個別設定的合規性狀態、個別政策的合規性狀態,向下切入個別裝置,檢視會影響裝置的特定設定和政策。You can view information about the overall compliance state of devices, compliance state for an individual setting, compliance state for an individual policy and drill down into individual devices to view specific settings and policies that affect the device.

開始之前Before you begin

請遵循下列步驟在 Azure 入口網站中尋找 Intune 裝置合規性儀表板Follow these steps to find the Intune Device compliance dashboard in the Azure portal:

  1. Azure 入口網站中,使用您的 Intune 認證登入。In the Azure portal, sign in with your Intune credentials.

  2. 選取 [All services] (所有服務),篩選 [Intune],然後選取 [Microsoft Intune]。Select All services, filter on Intune, and select Microsoft Intune.

  3. 選取 [裝置合規性] > [概觀]。Select Device compliance > Overview. [裝置合規性] 儀表板隨即開啟。The Device compliance dashboard opens.

重要

裝置必須在 Intune 註冊才能接收裝置合規性政策。Devices must be enrolled into Intune to receive device compliance policies.

裝置合規性儀表板Device compliance dashboard

在 [裝置合規性] 儀表板中,您可以監視不同裝置的合規性、其保護狀態等。In the Device compliance dashboard, you can monitor the compliance of different devices, their protection status, and more. 您可以檢視下列報告:You can view the following reports:

  • 整體裝置合規性彙總Overall device compliance aggregate

  • 每一政策的裝置合規性Per-policy device compliance

  • 每一設定的裝置合規性Per-setting device compliance

  • 裝置保護狀態Device protection status

  • 威脅代理程式狀態Threat agent status

顯示裝置相容性儀表板的圖片

您也可以檢視套用至個別裝置的特定合規性政策和設定,以及裝置上這些設定個別的最終合規性狀態。You can also view the specific compliance policies and settings that apply to an individual device, and the final compliance state for each of those settings on the device.

整體裝置合規性彙總報告Overall device compliance aggregate report

其為環圈圖,且顯示所有在 Intune 中註冊之裝置的彙總合規性狀態。It’s a donut chart showing the aggregate compliance state for all Intune enrolled devices. 裝置合規性狀態會保留在兩個不同的資料庫中:Intune 和 Azure Active Directory。The device compliance states are kept in two different databases, Intune and Azure Active Directory. 以下是裝置合規性政策狀態的更多細節︰Here’s more details about the device compliance policy states:

  • 符合標準︰裝置已成功套用一或多個由系統管理員鎖定目標的裝置合規性政策設定。Compliant: The device successfully applied one or more device compliance policy settings targeted by the admin.

  • 不符合標準︰ 裝置沒有套用一或多個由系統管理員鎖定目標的裝置合規性政策設定,或是使用者尚未符合系統管理員鎖定目標的政策。Not-compliant: The device failed to apply one or more device compliance policy settings targeted by the admin or the user hasn’t complied with the policies targeted by the admin.

  • 在寬限期內︰ 系統管理員已為裝置鎖定一或多個裝置合規性政策設定目標,但使用者尚未套用這些政策,這表示裝置不符合標準,但在系統管理員定義的寬限期中。In-grace period: The device was targeted by the admin with one or more device compliance policy settings, but the user hasn’t applied the policies yet, which means the device is not-compliant, but it’s in the grace-period defined by the admin.

    • 了解對不相容之裝置所要採取的動作。Learn more about Actions for noncompliant devices.
  • 裝置未同步處理︰ 裝置無法報告其裝置合規性政策狀態,原因為下列其中之一︰Device not synced: The device failed to report its device compliance policy status because one of the following reasons:

    • 不明︰裝置已離線或因為其他原因無法與 Azure AD 或 Intune 通訊。Unknown: The device is offline or failed to communicate with Intune or Azure AD for other reasons.

    • 錯誤︰裝置無法與 Intune 和 Azure AD 通訊,並收到錯誤訊息和原因。Error: The device failed to communicate with Intune and Azure AD, and received an error message with the reason.

重要

已在 Intune 註冊但未鎖定任何裝置相容性原則目標的裝置,會納入此報表中的 [相容] 值區之下。Devices that are enrolled into Intune, but not targeted by any device compliance policies are included in this report under the Compliant bucket.

向下切入選項Drill-down option

從 [裝置合規性] 儀表板,選取 [裝置合規性] 磚以向下切入至裝置合規性原則鎖定目標之每個裝置的特定 [合規性狀態]、[使用者的電子郵件別名]、[裝置型號] 及 [位置]。From the Device compliance dashboard, select a device compliance tile to drill down into a specific compliance status, user’s email alias, device model, and location for each device that is targeted by the device compliance policies.

顯示裝置相容性儀表板向下切入的圖片

如果您需要特定使用者的詳細資訊,可以輸入使用者的電子郵件別名來篩選裝置合規性圖表報告。If you need more details about a specific user, you can filter the Device compliance chart report by typing the user’s e-mail alias.

顯示裝置相容性儀表板特定使用者的圖片

您也可以按一下裝置合規性圖表中的不同合規性狀態,查看使用者的裝置合規性政策狀態的相關詳細資料。You can also click the different compliance status on the Device compliance chart to see more details about the user’s devices compliance policy statuses.

顯示裝置相容性儀表板不同狀態的圖片

篩選Filter

當您選取 [篩選] 按鈕時,[篩選] 飛出視窗隨即開啟並顯示下列選項:When you select the Filter button, the filter fly-out opens with the following options:

  • 型號Model

    • 文字方塊接受免費的搜尋字串Textbox accepting free search string
  • 平台Platform

    • AndroidAndroid

    • iOSiOS

    • macOSmacOS

    • WindowsWindows

    • Windows PhoneWindows Phone

  • 狀態Status

    • 符合標準Compliant

    • 不符合標準Not Compliant

    • 在寬限期內In Grace period

    • UnknownUnknown

    • 錯誤Error

當您選取 [更新] 按鈕時,飛出視窗隨即關閉,並使用選取的篩選準則更新結果。When you select the Update button, the fly out closes, and the results update using the selected filter criteria.

裝置詳細資訊Device details

選取裝置會開啟 [裝置] 並已選取裝置。Selecting a device opens Devices with the device selected. 這會提供該裝置套用之裝置合規性原則設定的更多詳細資料。It provides more details on the device compliance policy setting applied for that device.

當您選取裝置原則設定本身時,可以看到裝置合規性原則名稱,這個名稱源自管理員鎖定目標的裝置合規性設定。When you select on the device policy setting itself, you can see the device compliance policy name originated that device compliance setting targeted by the admin.

沒有合規性政策的裝置Devices without compliance policy

此報告會識別未獲指派任何合規性原則的裝置。This report identifies devices that don't have any compliance policies assigned to them. 在導入可將所有無合規性原則之裝置標示為「不符合規範」的安全性設定之後,能夠識別這些裝置便相當重要。With the introduction of the security setting that marks all devices without compliance policies as "not compliant," it's important to be able to identify these devices. 接著,您可以將至少一個合規性原則指派給這些裝置。Then you can assign at least one compliance policy to them.

注意

您可以在 Intune 入口網站中設定新的安全性設定。The new security setting is configurable in the Intune portal. 選取 [裝置合規性],然後在 [設定] 底下,選擇 [合規性政策設定]。Select Device compliance, and under Setup, choose Compliance policy settings. 接著,使用切換將 [將未指派合規性原則的裝置標記為] 設定為 [符合規範] 或 [不符合規範]。Then use the toggle to set Mark devices with no compliance policy assigned as to either Compliant or Not compliant. 深入了解 Intune 服務中的安全性增強功能 (英文)。Read more about this security enhancement in the Intune service.

顯示 [沒有合規性政策的裝置] 報告的圖像

從 [裝置合規性] 儀表板可以找到 [沒有合規性政策的裝置] 圖格,它會顯示所有無合規性原則的裝置、裝置的使用者、合規性狀態,以及裝置模型。The Devices without compliance policy tile is available from the Device compliance dashboard, and it shows all devices without a compliance policy, the user of the device, the compliance status, and the device model.

注意

使用者如果已獲指派任何類型的合規性原則,便不會出現在此報告中,不論是使用哪一種裝置平台。Users who are assigned a compliance policy of any type will not show up in the report, regardless of device platform. 例如,如果您不小心將 Windows 合規性原則指派給具有 Android 裝置的使用者,該裝置便不會出現在此報告中。For example, if you have unintentionally assigned a Windows compliance policy to a user with an Android device, the device will not show up in the report. 不過,Intune 會將該 Android 裝置視為不符合規範。However, Intune will consider that Android device not compliant. 為了避免發生問題,建議您針對每個裝置平台建立原則,然後將它們部署至所有使用者。To avoid issues, we recommend that you create policies for each device platform and deploy them to all users.

每一政策的裝置合規性報告Per-policy device compliance report

此報告會提供每個合規性政策的檢視,以及每個合規性狀態中的裝置總數。This report provides you per compliance policy view and the total number of devices in each compliance state. [裝置相容性儀表板] 中有 [原則合規性] 標題,其中顯示所有先前由系統管理員建立的原則、套用原則的平台、相容的裝置數目和不相容的裝置數目。The Policy compliance title is available from the Device compliance dashboard, and it shows all policies previously created by the admin, the platforms the policy is applied, number of compliant devices and number of noncompliant devices.

顯示逐條原則裝置相容性報告的圖片

當您按一下 [裝置相容性] 磚,然後按一下其中一個裝置相容性原則,便可以看到裝置相容性原則已鎖定目標之每個裝置的 [相容性狀態]、[使用者的電子郵件別名]、[裝置型號] 及 [位置]。When you click on the Policy compliance tile, then click on one of the device compliance policies, you can see the compliance status, user’s email alias, device model, and location for each device that was targeted by that device compliance policy.

設定相容性報表Setting compliance report

此報告可讓您檢視每個合規性設定和每個合規性狀態中的裝置總數。This report allows you to view, per compliance setting, the total number of devices in each compliance state. [裝置相容性儀表板] 中有 [設定相容性] 標題,其中顯示由系統管理員建立的所有裝置相容性原則下的所有裝置相容性原則設定、套用原則設定的平台、不相容的裝置數目。The Settings compliance title is available from the Device compliance dashboard, and it shows all device compliance policy settings from all device compliance policies created by the admin, the platforms to which the policy settings were applied, and the number of noncompliant devices.

顯示逐項設定裝置相容性報告的圖片

當您按一下 [設定相容性] 磚,然後按一下其中一個裝置相容性原則設定,便可以看到裝置相容性原則設定已鎖定目標的每個裝置的 [相容性狀態]、[使用者的電子郵件別名]、[裝置型號] 及 [位置]。When you click on the Setting compliance tile, then click on one of the device compliance policy settings, you can see the compliance status, user’s email alias, device model, and location for each device that was targeted by that device compliance policy setting.

檢視裝置原則狀態View status of device policies

您可以依平台檢查原則的不同狀態。You can check the different states of your policies, by platform. 例如,您有一個 macOS 合規性原則。For example, you have a macOS compliance policy. 您希望查看受此原則影響的裝置,並了解是否存在衝突或失敗。You want to see the devices that are impacted by this policy, and know if there are conflicts or failures.

這項功能包含在裝置狀態報告中:This feature is included in the device status reporting:

  1. 選取 [裝置合規性] > [原則]。Select Device compliance > Policies. 會顯示原則清單,包括平台 (如果已指派原則) 以及更多詳細資料。A list of policies is shown, including the platform, if the policy is assigned, and more details.
  2. 選取一個原則 > [概觀]:Select a policy > Overview. 在此檢視中,原則指派會包含下列狀態:In this view, the policy assignment includes the following statuses:
  • 已成功Succeeded
  • 錯誤Error
  • 衝突Conflict
  • PendingPending
  • 不適用Not applicable
  1. 若要在使用此原則的裝置上查看詳細資料,請選取其中一個狀態。To see details on the devices using this policy, select one of the statuses. 例如,選取 [成功]。For example, select Succeeded. 在下一個視窗中會列出特定裝置詳細資料,包括裝置名稱與部署狀態。In the next window, specific device details, including the device name and deployment status are listed.

Intune 如何解決原則衝突How Intune resolves policy conflicts

將多項 Intune 原則套用至一部裝置時,可能會發生原則衝突。Policy conflicts can occur when multiple Intune policies are applied to a device. 如果原則設定重疊,Intune 會使用下列規則解決任何衝突︰If the policy settings overlap, Intune resolves any conflicts by using the following rules:

  • 若衝突的設定來自 Intune 設定原則與合規性原則,合規性原則中的設定仍優先於設定原則中的設定。If the conflicting settings are from an Intune configuration policy and a compliance policy, the settings in the compliance policy take precedence over the settings in the configuration policy. 即使設定原則中的設定更為安全亦然。This happens even if the settings in the configuration policy are more secure.

  • 若您已部署多項合規性原則,Intune 會使用其中最安全的原則。If you have deployed multiple compliance policies, Intune uses the most secure of these policies.