什麼是 Microsoft Intune 裝置設定檔?What are Microsoft Intune device profiles?

Microsoft Intune 包含讓您可以在組織內不同的裝置上啟用或停用之設定及功能。Microsoft Intune includes settings and features that you can enable or disable on different devices within your organization. 可使用設定檔來管理這些設定和功能。These settings and features are managed using profiles. 一些設定檔範例包括:Some profile examples include:

  • 可讓不同裝置存取您的公司 WiFi 之 WiFi 設定檔A WiFi profile that gives different devices access to your corporate WiFi
  • 可讓不同裝置存取您公司網路內 VPN 伺服器的 VPN 設定檔A VPN profile that gives different devices access to your VPN server within your corporate network

本文提供可為您的裝置建立不同設定檔的概觀。This article provides an overview of the different profiles you can create for your devices. 使用這些設定檔以允許或禁止裝置上的某些功能。Use these profiles to allow and or prevent some features on the devices.

開始之前Before you begin

若要查看可用的功能,請開啟 Azure 入口網站,並開啟您的 Intune 資源。To see the available features, open the Azure portal, and open your Intune resource.

裝置設定包括下列各項:Device configuration includes the following options:

  • 概觀:列出您的設定檔狀態,並在您指派給使用者和裝置的設定檔中提供其他詳細資料Overview: Lists the status of your profiles, and provides additional details on the profiles you assigned to users and devices
  • 管理:建立裝置設定檔,並上傳自訂 PowerShell 指令碼以在設定檔中執行Manage: Create device profiles, and upload custom PowerShell scripts to run within the profile
  • 監視:檢查設定檔的狀態為成功或失敗,也檢視您設定檔中的記錄Monitor: Check the status of a profile for success or failure, and also view logs on your profiles
  • 安裝:新增憑證授權單位 (SCEP 或 PFX) 或啟用電信費用管理 (Telecom Expense Management) 至設定檔Setup: Add a certificate authority (SCEP or PFX), or enable Telecom Expense Management to the profile

建立設定檔Create the profile

建立裝置設定檔提供建立設定檔的逐步指示。Create device profiles provides step-by-step guidance to create a profile.

裝置功能 - iOS 和 macOSDevice features - iOS and macOS

裝置功能控制 iOS 和 macOS 裝置上的功能,例如 AirPrint、通知,以及共用的裝置設定。Device features controls features on iOS and macOS devices, such as AirPrint, notifications, and shared device configurations.

這項功能支援:This feature supports:

  • iOSiOS
  • macOSmacOS

裝置限制Device restrictions

裝置限制控制安全性、硬體、資料共用,以及裝置上的更多設定。Device restrictions controls security, hardware, data sharing, and more settings on the devices. 例如,建立裝置限制設定檔以禁止 iOS 裝置的使用者使用裝置相機 。For example, create a device restriction profile that prevents iOS device users from using the device camera.

這項功能支援:This feature supports:

  • AndroidAndroid
  • iOSiOS
  • macOSmacOS
  • Windows 10Windows 10
  • Windows 10 團隊版Windows 10 Team

Endpoint ProtectionEndpoint protection

適用於 Windows 10 的 Endpoint protection 設定 可設定適用於 Windows 10 裝置的 BitLocker 及 Windows Defender 設定。Endpoint protection settings for Windows 10 configures BitLocker and Windows Defender settings for Windows 10 devices.

若要使用 Microsoft Intune 上架 Windows Defender 進階威脅防護 (WDATP),請參閱 Configure endpoints using Mobile Device Management (MDM) tools (使用行動裝置管理 (MDM) 工具設定端點)。To onboard Windows Defender Advanced Threat Protection (WDATP) with Microsoft Intune, see Configure endpoints using Mobile Device Management (MDM) tools.

這項功能支援:This feature supports:

  • Windows 10 及更新版本Windows 10 and later

KioskKiosk

Kiosk 設定設定檔可將裝置設定為執行一或多個應用程式。Kiosk settings profile configures a device to run one app, or run multiple apps. 您也可以在 Kiosk 上自訂其他功能,包括 [開始] 功能表和網頁瀏覽器。You can also customize other features on your kiosk, including a start menu and a web browser.

這項功能支援:This feature supports:

  • Windows 10 及更新版本Windows 10 and later

電子郵件Email

電子郵件設定設定檔建立、指派、監視裝置上的 Exchange ActiveSync 電子郵件設定。Email settings profile creates, assigns, and monitors Exchange ActiveSync email settings on the devices. 電子郵件設定檔可協助確保一致性、減少支援來電,以及讓終端使用者無須任何設定,就能從其個人裝置存取公司的電子郵件。Email profiles help ensure consistency, reduce support calls, and let end-users access company email on their personal devices, without any required setup on their part.

這項功能支援:This feature supports:

  • AndroidAndroid
  • iOSiOS
  • Windows Phone 8.1Windows Phone 8.1
  • Windows 10Windows 10

VPNVPN

VPN 設定指派 VPN 設定檔給組織中的使用者與裝置,讓他們可以輕鬆又安全地連線到網路。VPN settings assigns VPN profiles to users and devices in your organization, so they can easily and securely connect to the network.

虛擬私人網路 (VPN) 為使用者提供安全的公司網路遠端存取。Virtual private networks (VPNs) give users secure remote access to your company network. 裝置使用 VPN 連線設定檔來啟動與 VPN 伺服器的連線。Devices use a VPN connection profile to start a connection with your VPN server.

這項功能支援:This feature supports:

  • AndroidAndroid
  • iOSiOS
  • macOSmacOS
  • Windows Phone 8.1Windows Phone 8.1
  • Windows 8.1Windows 8.1
  • Windows 10Windows 10

Wi-FiWi-Fi

Wi-Fi 設定指派給使用者和裝置的無線網路設定。Wi-Fi settings assigns wireless network settings to users and devices. 若您指派 Wi-Fi 設定檔,使用者不需要自行設定即可存取您公司的 Wi-Fi。When you assign a WiFi profile, users get access to your corporate WiFi without having to configure it themselves.

這項功能支援:This feature supports:

  • AndroidAndroid
  • iOSiOS
  • macOSmacOS
  • Windows 8.1 (僅匯入)Windows 8.1 (import only)

教育Education

教育設定 - Windows 10 設定 Windows「進行測驗」應用程式的選項。Education settings - Windows 10 configure options for the Windows Take a Test app. 當您設定這些選項時,裝置將無法執行其他應用程式,直到測驗結束為止。When you configure these options, no other apps can run on the device until the test is complete.

教育設定 - iOS 使用 iOS Classroom 應用程式,可在課堂中引導學習並控制學生的裝置。Education settings - iOS uses the iOS Classroom app to guide learning, and control student devices in the classroom. 您可以設定 iPad 裝置,讓多位學生可以共用單一裝置。You can configure iPad devices to multiple students can share a single device.

版本升級Edition upgrade

Windows 10 版本升級自動升級執行某些 Windows 10 版本的裝置至較新的版本。Windows 10 edition upgrades automatically upgrades devices that run some versions of Windows 10 to a newer edition.

這項功能支援:This feature supports:

  • Windows 10 及更新版本Windows 10 and later

更新原則Update policies

iOS 更新原則示範如何建立及指派 iOS 原則,以將軟體更新安裝在 iOS 裝置上。iOS update policies shows you how to create and assign iOS policies to install software updates on your iOS devices. 您也可以檢閱安裝狀態。You can also review the installation status.

這項功能支援:This feature supports:

  • iOSiOS

憑證Certificates

憑證設定信任的憑證、SCEP 憑證及 PKCS 憑證指派給裝置,以及用於驗證 Wi-Fi、VPN 及電子郵件設定檔。Certificates configures trusted, SCEP, and PKCS certificates that can be assigned to devices, and used to authenticate WiFi, VPN, and email profiles.

這項功能支援:This feature supports:

  • AndroidAndroid
  • iOSiOS
  • Windows Phone 8.1Windows Phone 8.1
  • Windows 8.1Windows 8.1
  • Windows 10Windows 10

Windows 資訊保護設定檔Windows Information Protection profile

Windows 資訊保護可協助防範資料流失,但不會干擾員工的操作。Windows Information Protection helps protect against data leakage without interfering with the employee experience. 其也能協助保護企業應用程式與資料,防止企業擁有的裝置和員工在工作中使用的個人裝置意外外洩資料。It also helps to protect enterprise apps and data against accidental data leaks on enterprise-owned devices and personal devices that employees use at work. 不需要變更您的環境或其他應用程式即可進行。It does this without requiring changes to your environment or other apps.

這項功能支援:This feature supports:

  • Windows 10 及更新版本Windows 10 and later

自訂設定檔Custom profile

自訂設定包含指派不屬於 Intune 內建設定之裝置設定的能力。Custom settings includes the ability to assign device settings that are not built-into Intune. 例如,您可以在 Android 裝置上輸入 OMA-URI 值。For example, on Android devices, you can enter OMA-URI values. 對於 iOS 裝置,您可以匯入您在 Apple Configurator 中建立的設定檔。For iOS devices, you can import a configuration file you created in the Apple Configurator.

這項功能支援:This feature supports:

  • AndroidAndroid
  • iOSiOS
  • macOSmacOS
  • Windows Phone 8.1Windows Phone 8.1