如何指派 Microsoft Intune 裝置設定檔How to assign Microsoft Intune device profiles

指派裝置設定檔Assign a device profile

  1. 登入 Azure 入口網站。Sign into the Azure portal.
  2. 選擇 [更多服務] > [監視 + 管理] > [Intune]。Choose More Services > Monitoring + Management > Intune.
  3. 在 [Intune] 刀鋒視窗中,選擇 [裝置設定]。On the Intune blade, choose Device configuration.
  4. 在 [裝置設定] 刀鋒視窗中,選擇 [管理] > [設定檔]。On the Device configuration blade, choose Manage > Profiles.
  5. 在設定檔刀鋒視窗清單中,選擇您想要管理的設定檔,然後在<設定檔名稱> [報表] 刀鋒視窗中,選擇 [管理] > [指派]。In the list of profiles blade, choose the profile you want to manage, and then, on the <profile name> Reports blade, choose Manage > Assignments.
  6. 在下一個刀鋒視窗中,選擇 包含排除,然後選擇 [選取群組]。On the next blade, choose either Include (to include groups) or Exclude (to exclude groups), then choose Select groups. 在設定檔指派中包含和排除群組。Include and exclude groups from a profile assignment.
  7. 在 [選取群組] 刀鋒視窗中,選擇要在指派中包含或排除的 Azure AD 群組。On the Select groups blade, choose the Azure AD groups, which you want to include in, or exclude from the assignment. 您可按住 CTRL 鍵以選取多個群組。You can hold down the CTRL key to select multiple groups.
  8. 完成之後,請在 [選取群組] 刀鋒視窗中,選擇 [選取]。When you are done, on the Select groups blade, choose Select.

如何從裝置設定檔指派排除群組How to exclude groups from a device profile assignment

Intune 裝置組態設定檔可讓您從原則指派排除群組。Intune device configuration profiles let you exclude groups from policy assignment. 例如,您可能會將裝置設定檔指派給所有公司使用者群組,但排除資深管理層群組的任何成員。For example, you could assign a device profile to the All corporate users group, but exclude any members of the Senior Management Staff group.

當您從指派排除群組時,只排除使用者或只排除裝置群組,不是排除混合的群組。When you exclude groups from an assignment, exclude only user, or only device groups, not a mixture of groups. Intune 在排除群組時,不會考慮任何使用者與裝置關聯。Intune does not take into account any user to device association when excluding groups. 包含使用者群組的同時排除裝置群組,不可能產生您所要的結果。Including user groups while excluding device groups is unlikely to produce the results you need. 萬一使用了混合群組,或有其他衝突,包含的優先順序高於排除。In case where mixed groups are used, or there are other conflicts, inclusion takes precedence over exclusion.

例如,您想要將裝置設定檔指派給組織中 Kiosk 裝置以外的所有裝置。For example, you want to assign a device profile to all devices in your organization, except kiosk devices. 您包含所有使用者群組,但是排除所有裝置群組。You include the All Users group, but exclude the All Devices group.

在此情況下,所有的使用者及其裝置都受原則約束,即使使用者的裝置屬於所有裝置群組。In this case, all your users and their devices get the policy, even if the user’s device is part of the All Devices group.

排除只會評估群組的直屬成員,不包含與使用者建立關聯的裝置。Exclusion only evaluates the direct members of the groups, and does not include devices that are associated with a user. 不過,沒有使用者的裝置不受原則約束,因為它們和所有使用者群組沒有任何關聯。However, devices that don't have a user do not get the policy because they have no association to the All Users group.

如果您包含所有裝置但排除所有使用者,則所有裝置都會收到原則。If you include All Devices, but exclude All Users, all the devices receive the policy. 本例的目的是要排除此原則中有相關聯使用者的裝置。The intent in this case is to exclude devices that have an associated user from this policy. 不過,它做不到,因為排除功能只會比對直屬群組成員。However, it does not because the exclusion feature only compares direct group members.

提示

合規性政策或應用程式指派目前不提供排除項目。Exclusions are not currently available for compliance policies or app assignment. 若要從指派排除成員,您可以使用「可用」及「不適用」的指派意圖。To exclude members from an assignment, you can use the Available, and Not applicable assignment intents. 例如,您將應用程式指派給具有可用意圖的所有公司使用者,又指派給具有不適用意圖的資深管理層For example, you assign an app to All corporate users with the Available intent, and to Senior Management Staff with the Not applicable intent. 此應用程式會指派給所有使用者,但資深管理層群組的使用者「除外」。the app is assigned to all users except users in the Senior Management Staff group. 如果您將應用程式指派給具有必要意圖的所有公司使用者,不會排除資深管理層群組的使用者。If you assign the app to All corporate users with the Required intent, the users in the Senior Management Staff group are not excluded.

後續步驟Next steps

請參閱如何監視裝置設定檔以取得資訊,協助您監視裝置的設定檔指派。See How to monitor device profiles for information to help you monitor device profile assignments.

若要提交意見反應,請前往 Intune Feedback