開始使用 Intune 裝置合規性政策Get started with Intune device compliance policies

適用於︰Azure 上的 IntuneApplies to: Intune on Azure
您需要傳統主控台中之 Intune 的相關文件嗎?Looking for documentation about Intune in the classic console? 請移至這裡Go to here.

Intune 中的裝置合規性是什麼?What is device compliance in Intune?

Intune 裝置合規性政策會定義裝置必須符合才能被 Intune 視為符合規範的規則與設定。Intune device compliance policies define the rules and settings that a device must comply with in order to be considered compliant by Intune.

這些規則包括:These rules include the following:

  • 使用密碼才能存取裝置Use a password to access devices

  • 加密Encryption

  • 裝置為越獄或取得根權限破解Whether the device is jail-broken or rooted

  • 所需的最低 OS 版本Minimum OS version required

  • 允許的最高 OS 版本Maximum OS version allowed

  • 需要裝置層級不高於 Mobile Threat DefenseRequire the device to be at or under the Mobile Threat Defense level

您也可以使用裝置合規性政策,來監視裝置的合規性狀態。You can also use device compliance policies to monitor the compliance status in your devices.

裝置合規性需求Device compliance requirements

合規性需求是一組基本規則,舉例來說,是否需要提供裝置 PIN 碼或加密就可以在合規性政策中指定。Compliance requirements are essentially rules like requiring a device PIN or encryption that you can specify as required or not required for a compliance policy.

必要條件Pre-requisites

您需要有下列訂閱才能使用 Intune 的裝置合規性政策:You need to have the following subscriptions to use device compliance policies with Intune:

  • Intune EMSIntune EMS

  • Azure AD PremiumAzure AD Premium

支援的平台:Supported Platforms:

  • AndroidAndroid

  • iOSiOS

  • macOS (預覽)macOS (preview)

  • Windows 8.1Windows 8.1

  • Windows Phone 8.1Windows Phone 8.1

  • Windows 10Windows 10

重要

裝置必須在 Intune 註冊才能回報其合規性狀態。Devices must be enrolled into Intune to report their compliance statuses.

Intune 裝置合規性政策如何與 Azure AD 一起運作How Intune device compliance policies work with Azure AD

當裝置註冊到 Intune 時,Azure AD 就開始註冊程序,這會將裝置屬性的詳細資訊更新至 Azure AD。When a device is enrolled into Intune, the Azure AD registration process happens, which updates the device atributes with more information into Azure AD. 裝置合規性狀態是重要的裝置資訊之一,條件式存取原則利用它封鎖或允許存取電子郵件和其他公司資源。One of the key device information is the device compliance status, which is used by conditional access policies to block or allow access to e-mail and other corporate resources.

使用裝置合規性政策的方式Ways to use device compliance policies

使用條件式存取With conditional access

合規性政策可與條件式存取原則搭配使用,只讓符合一或多條合規性政策規則的裝置存取電子郵件和其他公司資源。You can use compliance policy with conditional access to allow only devices that comply with one or more device compliance policy rules to access email and other corporate resources.

不使用條件式存取Without conditional access

您也可以使用與條件式存取無關的裝置合規性政策。You can also use device compliance policies independently of conditional access. 單獨使用合規性政策時,將會評估目標裝置,並回報其合規狀態。When you use compliance policies independently, the targeted devices are evaluated and reported with their compliance status. 例如,您可以取得報告,列出未加密的裝置數,或是列出已遭越獄或取得根權限破解的裝置。For example, you can get a report on how many devices are not encrypted, or which devices are jail-broken or rooted. 不過,單獨使用合規性政策時,對公司資源沒有存取限制。But when you use compliance policies independently, no access restrictions to company resources are in place.

您可以對使用者部署合規性政策。You deploy compliance policy to users. 將合規性政策部署到使用者時,即會檢查使用者裝置的相容性。When a compliance policy is deployed to a user, the user's devices are checked for compliance. 如需深入了解行動裝置在部署原則之後原則生效所需的時間,請參閱您裝置上的管理設定和功能。To learn about how long it takes for mobile devices to get a policy after the policy is deployed, see Manage settings and features on your devices.

使用 Intune 傳統入口網站中的裝置合規性政策與Azure 入口網站Using device compliance policies in the Intune classic portal vs. Azure portal

請注意 Azure 入口網站中協助您轉換至新裝置合規性政策工作流程的主要差異。Note the main differences to help you transition to the new device compliance policy work-flow in the Azure portal.

  • 在 Azure 入口網站中,必須個別為各個支援平台建立合規性政策。In the Azure portal, the compliance policies are created separately for each supported platform.
  • 在 Intune 傳統入口網站中,所有支援平台可以共用同一個合規性政策。In the Intune classic portal, one device compliance policy was common to all supported platforms.

將裝置合規性政策從 Intune 傳統入口網站移轉到 Azure 入口網站Migrate device compliance policies from the Intune classic portal to the Azure portal

Intune 傳統入口網站中建立的裝置合規性政策不會出現在新的 Intune Azure 入口網站中。Device compliance policies created in the Intune classic portal will not appear in the new Intune Azure portal. 不過,它們仍會以使用者作為目標,並可透過 Intune 傳統入口網站管理。However, they’re still targeted to users and manageable via the Intune classic portal.

如果您想要充分利用 Azure 入口網站中新的裝置合規性相關功能,您需要在 Azure 入口網站本身中建立新的裝置合規性政策。If you want to take advantage of the new device compliance related features in the Azure portal, you need to create new device compliance policies in the Azure portal itself. 如果您在 Azure 入口網站中將新的裝置合規性政策指派給已從 Intune 傳統入口網站被指派裝置合規性政策的使用者,則 Intune Azure 入口網站的裝置合規性政策會優先於在 Intune 傳統入口網站中建立的裝置合規性政策。If you assign a new device compliance policy in the Azure portal to a user who also has been assigned with a device compliance policy from the Intune classic portal, the device compliance policies from the Intune Azure portal takes precedence over the ones created in the Intune classic portal.

後續步驟Next steps

為下列平台建立裝置合規性政策:Create a device compliance policy for the following platforms:

若要提交意見反應,請前往 Intune Feedback