Microsoft Intune 中的 macOS 裝置限制設定macOS device restriction settings in Microsoft Intune

適用對象:Azure 入口網站的 IntuneApplies to: Intune in the Azure portal
您需要傳統入口網站的 Intune 相關文件嗎?Looking for documentation about Intune in the classic portal? 請移至這裡Go here.

使用這些設定可在裝置限制設定檔中管理 macOS 裝置。Use these settings to manage macOS devices in a device restriction profile.


  • 密碼 - 需要使用者輸入密碼才可存取該裝置。Password - Require the end user to enter a password to access the device.
    • 必要的密碼類型 - 指定密碼是否只能是數字,或者是否必須為英數字元 (包含字母和數字)。Required password type - Specify whether the password can be Numeric only, or whether it must be Alphanumeric (contain letters and numbers). 只有 Mac OS X 10.10.3 版與更新版本才支援這項設定。This setting is supported only on Mac OS X version 10.10.3 and later.
    • 密碼中的非英數字元數目 - 指定密碼中所需的複雜字元數 (04)。Number of non-alphanumeric characters in password - Specify the number of complex characters required in the password (0 to 4).
      複雜字元是一種符號,例如 "?"。A complex character is a symbol, for example "?".
    • 密碼長度下限 - 輸入使用者必須設定的密碼長度下限 (介於 416 個字元之間)。Minimum password length - Enter the minimum length of password a user must configure (between 4 and 16 characters).
    • 簡單密碼 - 允許使用簡單密碼,例如 00001234Simple passwords - Allow the use of simple passwords such as 0000 or 1234.
    • 在螢幕鎖定最少幾分鐘後必須輸入密碼- 指定電腦多長時間沒有活動後,即需要密碼才可解除鎖定。Maximum minutes after screen lock before password is required - Specify how long the computer must be inactive before a password is required to unlock it.
    • 沒有活動最久幾分鐘後鎖定螢幕 - 指定電腦必須閒置多長時間,螢幕才會鎖住。Maximum minutes of inactivity until screen locks - Specify the length of time that the computer must be idle before the screen locks.
    • 密碼到期 (天) - 指定使用者經過多少天後必須變更密碼 (1255 天)。Password expiration (days) - Specify how many days elapse before the user must change the password (1 to 255 days).
    • 避免重複使用以前用過的密碼 - 指定不可重複使用先前用過之密碼的次數 (124)。Prevent reuse of previous passwords - Specify the number of previously used passwords that cannot be reused (1 to 24).

受限應用程式Restricted apps

您可以在受限制應用程式清單中,設定下列清單之一︰In the restricted apps list, you can configure one of the following lists:

  • 禁止的應用程式清單 - 列出不允許使用者安裝與執行的應用程式 (並非由 Intune 管理)。A Prohibited apps list - List the apps (not managed by Intune) that users are not allowed to install and run. 使用者安裝禁止的應用程式並不會受到阻止,但如果已安裝,系統會向您回報。Users are not prevented from installing a prohibited app, but if they do so, this is reported to you.
  • 核准的應用程式清單 - 列出允許使用者安裝的應用程式。An Approved apps list - List the apps that users are allowed to install. 使用者絕不能安裝未列出的應用程式。Users must not install apps that are not listed. 自動允許 Intune 所管理的應用程式。Apps that are managed by Intune are automatically allowed. 使用者安裝不在核准的清單上的應用程式並不會受到阻止,但如果已安裝,系統會向您回報。Users are not prevented from installing an app that is not on the approved list, but if they do so, this is reported to you.

若要設定清單,請按一下 [新增],然後指定您所選的名稱,也可指定應用程式發行者以及應用程式的套件組合識別碼 (例如。To configure the list, click Add, then specify a name of your choice, optionally the app publisher, and the bundle ID of the app (for example


未標記的電子郵件網域Unmarked email domains

在 [電子郵件網域 URL] 欄位中,將一或多個 URL 新增到清單中。In the Email Domain URL field, add one or more URLs to the list. 當使用者接收到來自不是您所設定之網域的電子郵件時,該電子郵件會在 iOS 郵件應用程式中標記為不受信任。When end users receive an email from a domain other than one you configured, the email is marked as untrusted in the iOS Mail app.