行動裝置管理 (MDM) 生命週期的概觀Overview of the mobile device management (MDM) lifecycle

適用於︰IntuneApplies to: Intune
本主題適用於 Azure 入口網站和傳統入口網站中的 Intune。This topic applies to Intune in both the Azure portal and the classic portal.

您所管理之所有裝置都有所謂的生命週期All devices that you manage have what we call a lifecycle. Intune 可協助您管理這個生命週期—從註冊開始 (透過設定和保護),一直到不再需要裝置時將其淘汰︰Intune can help you manage this lifecycle—from enrollment, through configuration and protection, to retiring the device when it's no longer required:

裝置生命週期The device lifecycle

註冊Enroll

現今的行動裝置管理 (MDM) 策略可以處理各種行動電話、平板電腦和個人電腦 (iOS、Android、Windows 和 Mac OS X)。Today's mobile device management (MDM) strategies deal with a variety of phones, tablets, and PCs (iOS, Android, Windows, and Mac OS X). 如果您需要能夠管理裝置 (通常是屬公司擁有的裝置),第一個步驟是設定裝置註冊 (傳統入口網站)。If you need to be able to manage the device, which is commonly the case for corporate-owned devices, the first step is to set up device enrollment (Classic portal). 您也可以向 Intune (MDM) 註冊 Windows 電腦或安裝 Intune 用戶端軟體,以管理電腦。You can also manage Windows PCs by enrolling them with Intune (MDM) or by installing the Intune client software.

設定Configure

註冊您的裝置是第一個步驟。Getting your devices enrolled is just the first step. 若要充分利用 Intune 提供的選項,並確定您的裝置安全且與公司標準相容,您可以從各種不同的原則中進行選擇。To take advantage of all that Intune offers and to ensure that your devices are secure and compliant with company standards, you can choose from a wide range of policies. 這可讓您設定受管理裝置操作上的大部分層面。These let you configure almost every aspect of how managed devices operate. 例如,使用者是否應該擁有內含公司資料之裝置的密碼?For example, should users have a password on devices that have company data? 您可以擁有密碼。You can require one. 您擁有公司的 Wi-Fi 嗎?Do you have corporate Wi-Fi? 您可以自動設定它。You can automatically configure it. 以下是可供使用的設定選項類型︰Here are the types of configuration options that are available:

  • 裝置設定 (傳統入口網站)。Device configuration (Classic portal). 這些原則可讓您設定您所管理裝置的特性和功能。These policies let you configure the features and capabilities of the devices that you manage. 比方說,您可以在 Windows Phone 上要求使用密碼,或在 iPhone 上停用相機。For example, you could require the use of a password on Windows phones or disable the use of the camera on iPhones.
  • 公司資源存取 (傳統入口網站)。Company resource access (Classic portal). 讓使用者在其個人裝置上存取其工作時,這可能會形成挑戰。When you let your users access their work on their personal device, this can present you with challenges. 例如,您如何確保已正確設定所有需要存取公司電子郵件的裝置?For example, how do you ensure that all devices that need to access company email are configured correctly? 您如何確保使用者可以使用 VPN 連線來存取公司網路,而不需要了解複雜的設定?How can you ensure that users can access the company network with a VPN connection without having to know complex settings? 透過將您管理的裝置自動設定為可存取常用的公司資源,Intune 有助於減輕此項負擔。Intune can help to reduce this burden by automatically configuring the devices that you manage to access common company resources.
  • Windows 電腦的管理原則 (使用 Intune 用戶端軟體)Windows PC management policies (with the Intune client software). 雖然使用 Intune 註冊 Windows 電腦,可提供您最多的裝置管理功能,Intune 會繼續支援使用 Intune 用戶端軟體來管理 Windows 電腦。While enrolling Windows PCs with Intune gives you the most device management capabilities, Intune continues to support managing Windows PCs with the Intune client software. 如果您需要可使用電腦執行之部分工作的資訊,請從這裡開始。If you need information about some of the tasks that you can perform with PCs, start here.

保護Protect

在現代的 IT 世界裡,防止裝置未經授權的存取是您會執行的其中一項最重要工作。In the modern IT world, protecting devices from unauthorized access is one of the most important tasks that you'll perform. 除了裝置生命週期的設定步驟中的項目,Intune 提供的這些功能,可協助保護您管理的裝置不受未經授權的存取或惡意攻擊︰In addition to the items in the Configure step of the device lifecycle, Intune provides these capabilities that help protect devices you manage from unauthorized access or malicious attacks:

  • 多重要素驗證Multi-factor authentication. 在使用者登入中加入了額外一層的驗證,可協助讓裝置更為安全。Adding an extra layer of authentication to user sign-ins can help make devices even more secure. 許多裝置支援多重要素驗證,其在使用者能夠進行存取之前,要求第二個層級的驗證 (例如通話或簡訊)。Many devices support multi-factor authentication that requires a second level of authentication, such as a phone call or text message, before users can gain access.
  • Windows Hello 企業版設定 (傳統入口網站)。Windows Hello for Business settings (Classic portal). Windows Hello 企業版是替代的登入方法,可讓使用者使用手勢 (例如指紋或 Windows Hello) 登入,而不需要密碼。Windows Hello for Business is an alternative sign-in method that lets users use a gesture—such as a fingerprint or Windows Hello—to sign in without needing a password.
  • 保護 Windows 電腦的原則 (使用 Intune 用戶端軟體)Policies to protect Windows PCs (with the Intune client software). 當您使用 Intune 用戶端軟體來管理 Windows 電腦時,原則可供使用,讓您控制 Endpoint Protection、軟體更新以及您管理之電腦上的 Windows 防火牆設定。When you manage Windows PCs by using the Intune client software, policies are available that let you control settings for Endpoint Protection, software updates, and Windows Firewall on PCs that you manage.

淘汰Retire

當裝置遺失或遭竊、必須取代該裝置,或使用者移至另一個位置時,通常是淘汰或抹除 (傳統入口網站) 該裝置的時候。When a device gets lost or stolen, when it needs to be replaced, or when users move to another position, it's usually time to retire or wipe (Classic portal) the device. 有數種方式可執行此動作,包含重設裝置、從管理中移除裝置,或抹除裝置上的公司資料。There are a number of ways you can do this—including resetting the device, removing it from management, and wiping the corporate data on it.