Microsoft Intune 中 Windows 10 及更新版本的裝置限制設定Windows 10 and later device restriction settings in Microsoft Intune

適用於︰Azure 上的 IntuneApplies to: Intune on Azure
您需要傳統主控台中之 Intune 的相關文件嗎?Looking for documentation about Intune in the classic console? 請移至這裡Go to here.

一般General

  • 螢幕擷取 (僅限行動裝置) - 讓使用者可將裝置螢幕擷取為影像。Screen capture (mobile only) - Lets the user capture the device screen as an image.
  • 複製並貼上 (僅限行動裝置) - 允許在裝置上的應用程式之間,進行複製並貼上的動作。Copy and paste (mobile only) - Allow copy and paste actions between apps on the device.
  • 手動取消註冊 - 讓使用者可從裝置手動刪除工作場所帳戶。Manual unenrollment - Lets the user manually delete the workplace account from the device.
  • 手動安裝根憑證 (僅限行動裝置) - 阻止使用者手動安裝根憑證及中繼 CAP 憑證。Manual root certificate installation (mobile only) - Stops the user from manually installing root certificates, and intermediate CAP certificates.
  • 診斷資料提交 - 可能的值為︰Diagnostic data submission - Possible values are:
    • 不傳送任何資料到 MicrosoftNone No data is sent to Microsoft
    • 基本 傳送有限的資訊到 MicrosoftBasic Limited information is sent to Microsoft
    • 增強 傳送增強的診斷資料到 MicrosoftEnhanced Enhanced diagnostic data is sent to Microsoft
    • 完整 傳送和增強相同的資料,再加上裝置狀態的其他相關資料Full Sends the same data as Enhanced, plus additional data about the device state
  • 相機 - 允許或封鎖在裝置上使用相機。Camera - Allow or block use of the camera on the device.
  • OneDrive 檔案同步 - 封鎖裝置將檔案同步處理至 OneDrive。OneDrive file sync - Blocks the device from synchronizing files to OneDrive.
  • 抽取式存放裝置 - 指定是否可以與裝置搭配使用 SD 卡等外部存放裝置。Removable storage - Specifies whether external storage devices, like SD cards can be used with the device.
  • 地理位置 - 指定裝置是否可以使用定位服務資訊。Geolocation - Specifies whether the device can use location services information.
  • 網際網路共用 - 允許在裝置上使用網際網路連線共用。Internet sharing - Allow the use of Internet connection sharing on the device.
  • 重設手機 - 控制使用者是否可以將裝置重設成出廠預設值。Phone reset - Controls whether the user can do a factory reset on their device.
  • USB 連線 (僅限行動裝置) - 控制裝置是否可以透過 USB 連接來存取外接式存放裝置。USB connection (mobile only) - Controls whether devices can access external storage devices through a USB connection.
  • 防竊模式 (僅限行動裝置) - 設定是否啟用 Windows 防竊模式。AntiTheft mode (mobile only) - Configure whether Windows Antitheft mode is enabled.
  • Cortana - 啟用或停用 Cortana 語音助理。Cortana - Enable or disable the Cortana voice assistant.
  • 錄音 (僅限行動裝置) - 允許或封鎖使用裝置錄音機。Voice recording (mobile only) - Allow or block use of the device voice recorder.
  • 修改裝置名稱 - 防止終端使用者變更裝置名稱 (僅限 Windows 10 行動裝置版)Device name modification - Prevents the end user from changing the device name (Windows 10 Mobile only)
  • 新增佈建套件 - 封鎖安裝佈建套件的執行階段設定代理程式。Add provisioning packages - Blocks the run time configuration agent that installs provisioning packages.
  • 移除佈建套件 - 封鎖移除佈建套件的執行階段設定代理程式。Remove provisioning packages - Blocks the run time configuration agent that removes provisioning packages.
  • 裝置探索 - 封鎖裝置以使它無法被其他裝置找到。Device discovery - Block a device from being discovered by other devices.
  • 工作切換器 (僅限行動裝置) - 封鎖裝置上的工作切換器。Task Switcher (mobile only) - Blocks the task switcher on the device.
  • SIM 卡錯誤對話方塊 (僅限行動裝置) - 封鎖在沒有偵測到 SIM 卡的情況下會顯示於裝置上的錯誤訊息。SIM card error dialog (mobile only) - Blocks an error message from displaying on the device if no SIM card is detected.

密碼Password

  • 密碼 - 需要使用者輸入密碼才可存取該裝置。Password - Require the end user to enter a password to access the device.
    • 必要的密碼類型 - 指定密碼必須為數字還是英數字元。Required password type - Specifies whether the password must be numeric only, or alphanumeric.
    • 密碼長度下限 - 僅適用於 Windows 10 行動裝置版。Minimum password length - Applies to Windows 10 Mobile only.
    • 登入失敗幾次後即抹除裝置 - 若為執行 Windows 10 的裝置︰如果裝置已啟用 BitLocker,將會在登入失敗達您所指定的次數時置於 BitLocker 復原模式。Number of sign-in failures before wiping device - For devices running Windows 10: If the device has BitLocker enabled, it's put into BitLocker recovery mode after sign-in fails the number of times that you specified. 如果裝置未啟用 BitLocker,便不會套用此設定。If the device is not BitLocker enabled, then this setting doesn't apply. 若為執行 Windows 10 行動裝置版的裝置︰登入失敗達您所指定的次數時,就會抹除裝置。For devices running Windows 10 Mobile: After sign-in fails the number of times you specify, the device is wiped.
    • 沒有活動最久幾分鐘後鎖定螢幕指定裝置必須處於閒置狀態多久的時間,才會鎖住螢幕。Maximum minutes of inactivity until screen locks - Specifies the length of time a device must be idle before the screen is locked.
    • 密碼到期 (天) - 指定在多久之後必須變更該裝置的密碼。Password expiration (days) - Specifies the length of time after which the device password must be changed.
    • 避免重複使用以前用過的密碼 - 指定裝置記憶先前使用過的密碼數目。Prevent reuse of previous passwords - Specifies the number of previously used passwords that are remembered by the device.
    • 裝置從閒置狀態回復時需要密碼 (僅限行動裝置) - 指定使用者必須輸入密碼才能解除鎖定裝置 (僅限 Windows 10 行動裝置版)。Require password when device returns from idle state (Mobile only) - Specifies that the user must enter a password to unlock the device (Windows 10 Mobile only).
    • 簡單密碼 - 可讓您使用 1111 和 1234 等簡單密碼。Simple passwords – Lets you allow the use of simple passwords like 1111 and 1234. 這項設定也會允許或封鎖使用 Windows 圖片密碼。This setting also allows or blocks the use of Windows picture passwords.
  • 加密 - 啟用在目標裝置 (僅限 Windows 10 行動裝置版) 上加密。Encryption - Enable encryption on targeted devices (Windows 10 Mobile only).

個人化Personalization

  • 桌面背景圖片 URL (僅限桌面版) - 指定要作為 Windows 桌面桌布使用之 PNG、JPG 或 JPEG 格式圖片的 URL。Desktop background picture URL (Desktop only) - Specify the URL to a picture in PNG, JPG, or JPEG format that you want to use as the Windows desktop wallpaper. 使用者將無法變更此設定。Users will not be able to change this.

隱私權Privacy

  • 輸入個人化 - 不允許為 Cortana、聽寫或 Microsoft 網上商店應用程式使用雲端式語音服務。Input personalization – Don’t allow the use of cloud-based speech services for Cortana, dictation, or Microsoft Store apps. 如果您允許使用這些服務,Microsoft 可能會收集語音資料來改進服務。If you allow these services, Microsoft might collect voice data to improve the service.
  • 自動接受配對及隱私權使用者同意提示 – 允許 Windows 在執行應用程式時,自動接受配對及隱私權同意訊息。Automatic acceptance of the pairing and privacy user consent prompts – Allow Windows to automatically accept pairing and privacy consent messages when running apps.

鎖定畫面體驗Locked screen experience

  • 控制中心通知 (僅限行動裝置) – 可讓控制中心通知出現在裝置鎖定畫面上 (僅限 Windows 10 行動裝置版)。Action center notifications (mobile only) – Lets Action Center notifications appear on the device lock screen (Windows 10 Mobile only).
  • 鎖定畫面圖片 URL (僅限桌面版) - 指定會做為 Windows 鎖定畫面桌布使用之 PNG、JPG 或 JPEG 格式圖片的 URL。Locked screen picture URL (Desktop only) - Specify the URL to a picture in PNG, JPG, or JPEG format that will be used as the Windows lock screen wallpaper. 使用者將無法變更此設定。Users will not be able to change this.
  • 使用者可設定的畫面逾時 (僅限行動裝置) – 可讓使用者設定時間量User configurable screen timeout (mobile only) – Lets users configure the amount of time
  • 鎖定畫面上的 Cortana (僅限桌面版) – 不允許使用者在裝置位於鎖定畫面時與 Cortana 互動 (僅限 Windows 10 桌面版)。Cortana on locked screen (desktop only) – Don’t allow the user to interact with Cortana when the device is on the lock screen (Windows 10 desktop only).
  • 鎖定畫面上的快顯通知 – 封鎖警示訊息,使其無法顯示在裝置鎖定畫面上。Toast notifications on locked screen – Block alert messages from being displayed on the device lock screen.
  • 畫面逾時 (僅限行動裝置) - 指定畫面鎖定之後的時間 (以秒為單位),在該段時間後將會關閉畫面。Screen timeout (mobile only) - Specifies the time in seconds after the screen locks, when it will turn off.

App StoreApp Store

  • App Store (僅限行動裝置) - 啟用或封鎖在 Windows 10 行動裝置上使用 App Store。App store (mobile only) - Enable or block use of the app store on Windows 10 Mobile devices.
  • 自動更新來自市集的應用程式 - 允許自動更新從 Microsoft 網上商店安裝的應用程式。Auto-update apps from store - Allows apps installed from the Microsoft Store to be automatically updated.
  • 安裝信任的應用程式 - 允許側載使用受信任憑證簽署的應用程式。Trusted app installation - Allows apps signed with a trusted certificate to be sideloaded.
  • 開發人員解除鎖定 - 允許 Windows 開發人員設定,例如允許使用者修改側載應用程式。Developer unlock - Allow Windows developer settings, such as allowing sideloaded apps to be modified by the end user.
  • 共用的使用者應用程式資料 - 允許應用程式在相同裝置上的不同使用者之間共用資料。Shared user app data - Allows apps to share data between different users on the same device.
  • 僅使用私人市集 - 啟用此設定以僅允許使用者從您的私人市集下載應用程式。Use private store only - Enable this to only allow end users to download apps from your private store.
  • 啟動來自市集的應用程式 - 用來停用預先安裝於裝置上,或是從 Microsoft 網上商店下載的所有應用程式。Store originated app launch - Used to disable all apps that were pre-installed on the device, or downloaded from the Microsoft Store.
  • 將應用程式資料安裝在系統磁碟區 - 阻止應用程式將資料儲存在裝置的系統磁碟區上。Install app data on system volume - Stops apps from storing data on the system volume of the device.
  • 將應用程式安裝在系統磁碟機 - 阻止應用程式將資料儲存在裝置的系統磁碟機上。Install apps on system drive - Stops apps from storing data on the system drive of the device.
  • 遊戲 DVR (僅限桌面版) - 設定是否允許錄製和廣播遊戲。Game DVR (desktop only) - Configures whether recording and broadcasting of games is allowed.
  • 僅限來自市集的應用程式 - 設定使用者是否可以從 App Store 以外的地方安裝應用程式。Apps from store only - Configures whether users can install apps from places other than the app store.

Microsoft Edge 瀏覽器Edge Browser

  • Microsoft Edge 瀏覽器 (僅限行動裝置) - 允許在裝置上使用 Edge 網頁瀏覽器。Microsoft Edge browser (mobile only) - Allow the use of the Edge web browser on the device.
  • 網址列下拉 (僅限桌面版) – 使用此選項可阻止 Edge 在您輸入時,於下拉式清單中顯示建議清單。Address bar dropdown (desktop only) – Use this to stop Edge from displaying a list of suggestions in a drop-down list when you type. 這有助於將 Edge 與 Microsoft 服務之間的網路頻寬用量降到最低。This helps to minimize network bandwidth use between Edge and Microsoft services.
  • 在 Microsoft 瀏覽器之間同步我的最愛 (僅限桌面版) – 可讓 Windows 同步處理 Internet Explorer 與 Edge 之間的我的最愛。Sync favorites between Microsoft browsers (desktop only) – Lets Windows synchronize favorites between Internet Explorer and Edge.
  • 傳送不追蹤標頭 - 設定 Microsoft Edge 瀏覽器以傳送「不追蹤」標頭給使用者瀏覽的網站。Send do-not-track headers - Configures the Edge browser to send do not track headers to websites that users visit.
  • Cookie - 讓瀏覽器儲存網際網路 Cookie 到裝置上。Cookies - Lets the browser save internet cookies to the device.
  • JavaScript - 允許在 Microsoft Edge 瀏覽器中執行 JavaScript 等指令碼。JavaScript - Allows scripts, such as Javascript, to run in the Edge browser.
  • 快顯視窗 - 封鎖瀏覽器中的快顯視窗 (僅適用於 Windows 10 桌面版)。Pop-ups - Blocks pop-up windows in the browser (Applies to Windows 10 desktop only).
  • 搜尋建議 - 讓您的搜尋引擎在您輸入搜尋片語時建議網站。Search suggestions - Lets your search engine suggest sites as you type search phrases.
  • 將內部網路流量傳送到 Internet Explorer - 讓使用者可在 Internet Explorer 中開啟內部網路網站 (僅限 Windows 10 桌面版)。Send intranet traffic to Internet Explorer - Lets users open intranet websites in Internet Explorer (Windows 10 desktop only).
  • 自動填滿 - 允許使用者變更瀏覽器中的自動完成設定 (僅限 Windows 10 桌面版)。Autofill - Allow users to change autocomplete settings in the browser (Windows 10 desktop only).
  • 密碼管理員 - 啟用或停用 Microsoft Edge 密碼管理員功能。Password Manager - Enable or disable the Edge Password Manager feature.
  • 企業模式網站清單位置 - 指定在何處尋找以企業模式開啟的網站清單。Enterprise mode site list location - Specifies where to find the list of web sites that open in Enterprise mode. 使用者無法編輯這份清單。Users cannot edit this list.
    (僅限 Windows 10 桌面版)。(Windows 10 desktop only).
  • 開發人員工具 - 防止使用者開啟 Edge 開發人員工具。Developer tools - Prevent the end user from opening the Edge developer tools.
  • 延伸模組 - 允許使用者在裝置上安裝 Edge 延伸模組。Extensions - Allow the end user to install Edge extensions on the device.
  • InPrivate 瀏覽 - 防止使用者開啟 InPrivate 瀏覽工作階段。InPrivate browsing - Prevent the end user from opening InPrivate browsing sessions.
  • 顯示初次執行網頁 – 第一次執行 Edge 時,停止顯示簡介頁面。Show first run page – Stops the introduction page from appearing the first time you run Edge.
    • 初次執行 URL – 指定使用者第一次執行 Edge 時顯示的網頁 URL (僅限 Windows 10 行動裝置版)。First run URL – Specifies the URL of a page that is displayed the first time a user runs Edge (Windows 10 Mobile only).
  • 首頁 - 新增要作為 Edge 瀏覽器首頁使用的網站清單 (僅限桌面版)。Homepages - Add a list of sites that you want to use as home pages in the Edge browser (desktop only).
  • 起始畫面的變更 – 可讓使用者變更 Edge 開啟時顯示的起始畫面。Changes to start page – Lets users change the start pages displayed when Edge is opened. 若要建立 Edge 啟動時開啟的網頁或網頁清單,請使用 [首頁] 設定。Use the Homepages setting to create the page, or list of pages that is opened when Edge starts.
  • 禁止存取 about 旗標 - 防止使用者存取 Edge 中包含開發人員和實驗性設定的 about:flags 頁面。Block access to about flags - Prevent the end user from accessing the about:flags page in Edge that contains developer and experimental settings.
  • WebRtc localhost IP 位址 - 禁止於使用 Web RTC 通訊協定撥打電話時,顯示使用者的 localhost IP 位址。WebRtc localhost ip address - Block the users localhost IP address from being displayed when making phone calls using the web RTC protocol.
  • 預設搜尋引擎 - 指定要使用的預設搜尋引擎。Default search engine - Specify the default search engine to be used. 使用者可以隨時變更此值。End users can change this value at any time.
  • 在結束時清除瀏覽資料 – 當使用者結束 Edge 時,清除歷程記錄和瀏覽資料。Clear browsing data on exit – Clears history, and browsing data when the user exits Edge.
  • 動態磚資料收集 – 當使用者從 Edge 釘選網站到 [開始] 功能表時,阻止 Windows 從動態磚收集資訊。Live Tile data collection – Stops Windows collecting information from the Live Tile when users pin a site to the start menu from Edge.

Edge 瀏覽器 SmartScreenEdge Browser SmartScreen

  • SmartScreen - 啟用或停用封鎖詐騙網站的 SmartScreen。SmartScreen - Enables or disables SmartScreen, which blocks fraudulent web sites.
  • SmartScreen 提示覆寫 - 允許使用者略過有關潛在惡意網站的 SmartScreen 篩選工具警告。Smart screen prompt override - Allow the end user to bypass SmartScreen filter warnings about potentially malicious websites.
  • 檔案的 SmartScreen 提示覆寫 - 允許使用者略過有關下載潛在惡意檔案的 SmartScreen 篩選工具警告。Smart screen prompt override for files - Allow the end user to bypass SmartScreen filter warnings about downloading potentially malicious files.
  • 安全搜尋 (僅限行動裝置) - 控制 Cortana 在搜尋結果中篩選成人內容的方式。Safe Search (mobile only) - Control how Cortana filters adult content in search results. 您可以選取 [嚴格]、[普通],或允許使用者自行選擇設定。You can select Strict, Moderate, or allow the end user to choose their own settings.

雲端與儲存體Cloud and Storage

  • Microsoft 帳戶 - 讓使用者建立 Microsoft 帳戶與裝置之間的關聯。Microsoft account - Lets the user associate a Microsoft account with the device.
  • 非 Microsoft 帳戶 - 讓使用者將電子郵件帳戶新增至未與 Microsoft 帳戶相關聯的裝置。Non-Microsoft account - Lets the user add email accounts to the device that are not associated with a Microsoft account.
  • Microsoft 帳戶的設定同步 - 允許與 Microsoft 帳戶相關聯的裝置和應用程式設定在裝置之間進行同步處理。Settings synchronization for Microsoft account - Allow device and app settings that are associated with a Microsoft account to synchronize between devices.

行動數據與連線Cellular and Connectivity

  • 行動數據頻道 – 當使用者連線到行動電話通訊網路時,阻止使用者使用資料,如瀏覽網頁。Cellular data channel – Stop users from using data, like browsing the web, when they are connected to a cellular network.
  • 數據漫遊 - 存取資料時允許網路之間的漫遊。Data roaming - Allow roaming between networks when accessing data.
  • 透過行動電話通訊網路的 VPN - 控制裝置是否可以在連線到行動電話通訊網路時存取 VPN 連線。VPN over the cellular network - Controls whether the device can access VPN connections when connected to a cellular network.
  • 透過行動電話通訊網路的 VPN - 控制裝置是否可以在連線到行動電話通訊網路時存取 VPN 連線。VPN roaming over the cellular network - Controls whether the device can access VPN connections when roaming on a cellular network.
  • 藍牙- 控制使用者是否可在裝置上啟用及設定藍牙。Bluetooth - Controls whether the user can enable and configure Bluetooth on the device.
  • 藍牙探索 - 讓其他藍牙啟用的裝置探索此裝置。Bluetooth discoverability - Lets the device be discovered by other Bluetooth-enabled devices.
  • 藍芽預先配對 – 可讓您設定特定的藍芽裝置與主機裝置自動配對。Bluetooth pre-pairing – Lets you configure specific Bluetooth devices to automatically pair with a host device.
  • 藍牙廣告 - 讓藍牙可透過藍牙裝置接收廣告。Bluetooth advertising - Lets the device receive advertisements over Bluetooth.
  • 連線的裝置服務 – 可讓您選擇是否要允許連線的裝置服務,這可探索其他藍芽裝置並連線到其中。Connected devices service – Lets you choose whether to allow the connected devices service, which enables discovery and connection to other Bluetooth devices.
  • NFC - 讓使用者可在裝置上啟用及設定近距離無線通訊功能。NFC - Lets the user enable and configure Near Field Communications capabilities on the device.
  • Wi-fi - 讓使用者可在裝置上啟用及設定 Wi-Fi (僅限 Windows 10 行動裝置版)。Wi-Fi - Lets the user enable and configure Wi-Fi on the device (Windows 10 Mobile only).
  • 自動連線至 Wi-Fi 熱點 - 讓裝置能自動連線到免費 Wi-Fi 熱點並自動接受任何連線條款和條件。Automatically connect to Wi-Fi hotspots - Lets the device automatically connect to free Wi-Fi hotspots and automatically accept any terms and conditions for the connection.
  • 手動設定 Wi-Fi - 控制使用者是否可設定自己的 Wi-Fi 連線,是或只能使用由 Wi-Fi 設定檔所設定的連線 (僅限 Windows 10 行動裝置版)。Manual Wi-Fi configuration - Controls whether the user can configure their own Wi-Fi connections, or whether they can only use connections configured by a Wi-Fi profile (Windows 10 Mobile only).
  • Wi-Fi 掃描間隔 – 指定裝置掃描 Wi-Fi 網路的頻率。Wi-Fi scan interval – Specify how often devices scan for Wi-Fi networks. 指定 1 (最頻繁) 到 500 (最不頻繁) 的值。Specify a value from 1 (most frequent) to 500 (least frequent).
  • 藍牙允許的服務 – 以十六進位字串,指定允許的藍芽服務和設定檔的清單。Bluetooth allowed services – Specify as hex strings, a list of allowed Bluetooth services and profiles.

控制台和設定Control Panel and Settings

  • 設定應用程式 - 封鎖對 Windows [設定] 應用程式的存取。Settings app - Block access to the Windows settings app.
    • 系統 - 封鎖對 [設定] 應用程式 [系統] 區域的存取。System - Blocks access to the system area of the settings app.
      • 修改電源及睡眠設定 (僅限桌面版) - 防止使用者變更裝置上的電源及睡眠設定。Power and sleep settings modification (desktop only) - Prevents the end user from changing power and sleep settings on the device.
    • 裝置 - 封鎖對 [設定] 應用程式 [裝置] 區域的存取。Devices - Blocks access to the devices area of the settings app.
    • 網路網際網路 - 封鎖對 [設定] 應用程式 [網路和網際網路] 區域的存取。Network Internet - Blocks access to the network and internet area of the settings app.
    • 個人化 - 封鎖對 [設定] 應用程式 [個人化] 區域的存取。Personalization - Blocks access to the personalization area of the settings app.
    • 帳戶 - 封鎖對 [設定] 應用程式 [帳戶] 區域的存取。Accounts - Blocks access to the accounts area of the settings app.
    • 時間與語言 - 封鎖對 [設定] 應用程式 [時間與語言] 區域的存取。Time and Language - Blocks access to the time and language area of the settings app.
      • 修改系統時間 - 防止使用者變更裝置日期和時間。System Time modification - Prevents the end user from changing the device date and time.
      • 修改區域設定 (僅限桌面版) - 防止使用者變更裝置上的區域設定。Region settings modification (desktop only) - Prevents the end user from changing the region settings on the device.
      • 修改語言設定 (僅限桌面版) - 防止使用者變更裝置上的語言設定。Language settings modification (desktop only) - Prevents the user from changing the language settings on the device.
    • 遊戲 - 封鎖對 [設定] 中 [遊戲] 應用程式的存取。Gaming - Blocks access to the Gaming app in Settings.
    • 輕鬆存取 - 封鎖對 [設定] 應用程式 [輕鬆存取] 區域的存取。Ease of Access - Blocks access to the ease of access area of the settings app.
    • 隱私權 - 封鎖對 [設定] 應用程式 [隱私權] 區域的存取。Privacy - Blocks access to the privacy area of the settings app.
    • 更新與安全性 - 封鎖對設定應用程式之更新與安全性區域的存取。Update and Security - Blocks access to the updates and security area of the settings app.

DefenderDefender

  • 即時監視 - 啟用惡意程式碼、間諜軟體和其他垃圾軟體的即時掃描。Real-time monitoring - Enables real-time scanning for malware, spyware, and other unwanted software.
  • 行為監視 - 讓 Defender 在裝置上檢查某些已知模式的可疑活動。Behavior monitoring - Lets Defender check for certain known patterns of suspicious activity on devices.
  • 網路檢查系統 (NIS) - NIS 可協助保護裝置免於遭受網路型入侵。Network Inspection System (NIS) - NIS helps to protect devices against network-based exploits. 它會使用 Microsoft Endpoint Protection 中心提供之已知弱點的病毒碼,協助偵測及阻擋惡意流量。It uses the signatures of known vulnerabilities from the Microsoft Endpoint Protection Center to help detect and block malicious traffic.
  • 掃描所有下載 - 控制 Defender 是否掃描從網際網路下載的所有檔案。Scan all downloads - Controls whether Defender scans all files downloaded from the Internet.
  • 掃描 Microsoft Web 瀏覽器中所載入的指令碼 - 讓 Defender 可掃描 Internet Explorer 中所使用的指令碼。Scan scripts loaded in Microsoft web browsers - Lets Defender scan scripts that are used in Internet Explorer.
  • Defender 的使用者存取 - 控制是否對使用者隱藏 Windows Defender 使用者介面。End user access to Defender - Controls whether the Windows Defender user interface is hidden from end users. 變更此設定後,要在使用者電腦下次重新啟動時才會生效。When this setting is changed, it takes effect the next time the end user's PC is restarted.
  • 病毒碼更新間隔 (小時) - 指定 Defender 查看是否有新的病毒碼檔案的間隔。Signature update interval (in hours) - Specify the interval at which Defender checks for new signature files.
  • 監視檔案與程式活動 - 允許 Defender 監視裝置上的檔案和程式活動。Monitor file and program activity - Allows Defender to monitor file and program activity on devices.
  • 多少天之後刪除隔離的惡意程式碼 - 在您指定的天數內,讓 Defender 繼續追蹤已解決的惡意程式碼,讓您可以手動檢查先前受影響的裝置。Days before deleting quarantined malware - Lets Defender continue to track resolved malware for the number of days you specify so that you can manually check previously affected devices. 如果您將此天數設為 0,惡意程式碼會保留在「隔離」資料夾,而且不會自動移除。If you set the number of days to 0, malware remains in the Quarantine folder and is not automatically removed.
  • 掃描期間的 CPU 使用率限制 - 讓您限制掃描可以使用的 CPU 資源數量 (從 1100)。CPU usage limit during a scan - Lets you limit the amount of CPU that scans are allowed to use (from 1 to 100).
  • 掃描封存檔 - 允許 Defender 掃描封存的檔案,例如 .zip 或 .cab 檔案。Scan archive files - Allows Defender to scan archived files such as Zip or Cab files.
  • 掃描內送郵件訊息 - 允許 Defender 在電子郵件訊息到達裝置時加以掃描。Scan incoming mail messages - Allows Defender to scan email messages as they arrive on the device.
  • 在完整掃描期間掃描抽取式磁碟機 - 讓 Defender 可掃描像是 USB 隨身碟之類的抽取式磁碟機。Scan removable drives during a full scan - Lets Defender scan removable drives like USB sticks.
  • 在完整掃描期間掃描對應的網路磁碟機 - 讓 Defender 可掃描對應網路磁碟機上的檔案。Scan mapped network drives during a full scan - Lets Defender scan files on mapped network drives.
    如果磁碟機上的檔案是唯讀,則 Defender 無法移除在其中發現的任何惡意程式碼。If the files on the drive are read-only, Defender cannot remove any malware found in them.
  • 掃描從網路資料夾中開啟的檔案 - 讓 Defender 在共用網路磁碟機上掃描檔案 (例如,從 UNC 路徑存取的檔案)。Scan files opened from network folders - Lets Defender scan files on shared network drives (for example, files accessed from a UNC path). 如果磁碟機上的檔案是唯讀,則 Defender 無法移除在其中發現的任何惡意程式碼。If the files on the drive are read-only, Defender cannot remove any malware found in them.
  • 雲端保護 - 允許或封鎖 Microsoft Active Protection Service 從您管理的裝置接收惡意程式碼活動的相關資訊。Cloud protection - Allows or blocks the Microsoft Active Protection Service from receiving information about malware activity from devices that you manage. 此資訊未來可用於改善本服務。This information is used to improve the service in the future.
  • 在提交範例之前提示使用者 - 控制可能需要進一步分析的潛在惡意檔案,是否自動傳送給 Microsoft。Prompt users before sample submission - Controls whether potentially malicious files that might require further analysis are automatically sent to Microsoft.
  • 執行每日快速掃描的時間 - 讓您排程每天在您選取的時間進行快速掃描。Time to perform a daily quick scan - Lets you schedule a quick scan that occurs daily at the time you select.
  • 要執行的系統掃描類型 - 可讓您指定排程系統掃描時執行的掃描層級。Type of system scan to perform - Lets you specify the level of scanning that is performed when you schedule a system scan.
  • 偵測潛在的不必要應用程式 – 選擇 Windows 用以偵測潛在的不必要應用程式的保護層級:Detect potentially unwanted applications – Choose the level of protection when Windows detects potentially unwanted applications from:
    • 封鎖Block
    • 稽核 如需潛在的不必要應用程式的詳細資訊,請參閱本主題Audit For more information about potentially unwanted apps, see this topic.
  • 對偵測到的惡意程式碼威脅採取的動作 – 啟用此選項,可指定您希望 Defender 針對它偵測到的每種威脅等級 (低、中、高及嚴重) 所採取的動作。Actions on detected malware threats – Enable this option to specify the actions you want Defender to take for each threat level it detects (Low, Moderate, High, and Severe). 您可以採取的動作如下:The actions you can take are:
    • 清除Clean
    • 隔離Quarantine
    • 移除Remove
    • 允許Allow
    • 使用者定義User defined
    • 封鎖Block

Defender 排除Defender Exclusions

  • 不進行掃描和即時保護的檔案和資料夾 - 將一或多個 C:\Path%ProgramFiles%\Path\filename.exe 等檔案與資料夾,新增至排除清單。Files and folders to exclude from scans and real-time protection - Adds one or more files and folders like C:\Path or %ProgramFiles%\Path\filename.exe to the exclusions list. 任何即時或已排程的掃描都不會包含這些檔案和資料夾。These files and folders aren't included in any real-time or scheduled scans.
  • 不進行掃描和即時保護的副檔名 - 新增一或多個檔案副檔名,像是 jpgtxt 至排除清單中。File extensions to exclude from scans and real-time protection - Add one or more file extensions like jpg or txt to the exclusions list. 任何即時掃描或排定的掃描,都不會包含有這些副檔名的任何檔案。Any files with these extensions are not included in any real-time or scheduled scans.
  • 排除不進行掃描和即時保護的程序 - 新增一或多個類型為 .exe.com.scr 等處理序至排除清單中。Processes to exclude from scans and real-time protection - Add one or more processes of the type .exe, .com, or .scr to the exclusions list. 任何即時或已排程的掃描都不會包含這些處理序。These processes are not included in any real-time, or scheduled scans.

網路 ProxyNetwork proxy

  • 自動偵測 Proxy 設定 - 啟用時,裝置會嘗試尋找 PAC 指令碼的路徑。Automatically detect proxy settings - When enabled, the device attempts to find the path to a PAC script.
  • 使用 Proxy 指令碼 - 如果您想要指定 PAC 指令碼路徑以設定 Proxy 伺服器,請選取此設定。Use proxy script - Select this if you want to specify a path to a PAC script to configure the proxy server.
    • 設定指令碼位址 URL - 輸入您想要用於設定 Proxy 伺服器的 PAC 指令碼 URL。Setup script address URL - Enter the URL of a PAC script you want to use to configure the proxy server.
  • 使用手動 Proxy 伺服器 - 如果您想要手動提供 Proxy 伺服器資訊,請選取此設定。Use manual proxy server - Select this if you want to manually provide proxy server information.
    • 位址 - 輸入 Proxy 伺服器的名稱或 IP 位址。Address - Enter the name, or IP address of the proxy server.
    • 連接埠號碼 - 輸入 Proxy 伺服器的連接埠號碼。Port number - Enter the port number of your proxy server.
    • Proxy 例外狀況 - 輸入任何不得使用 Proxy 伺服器的 URL。Proxy exceptions - Enter any URLs that must not use the proxy server. 請使用分號來分隔每個項目。Use a semicolon to separate each item.
    • 針對本機位址略過 Proxy 伺服器 - 如果您不想要針對內部網路上的本機位址使用 Proxy 伺服器,請啟用此選項。Bypass proxy server for local address - If you don't want to use the proxy server for local addresses on your intranet, enable this option .

Windows 焦點Windows Spotlight

  • Windows 焦點 - 使用此設定可封鎖 Windows 10 裝置上的所有 Windows 焦點功能。Windows Spotlight – Use this setting to block all Windows Spotlight functionality on Windows 10 devices. 如果您封鎖這項設定,則無法使用下列設定。If you block this setting, the following settings are not available.
    • 鎖定畫面上的 Windows 焦點 – 阻止 Windows 焦點在裝置鎖定畫面上顯示資訊。Windows Spotlight on lock screen – Stop Windows Spotlight from displaying information on the device lock screen.
    • Windows 焦點中的第三方建議 – 阻止 Windows 焦點建議不是由 Microsoft 發佈的內容。Third-party suggestions in Windows Spotlight – Stop Windows Spotlight from suggesting content that is not published by Microsoft.
    • 消費者功能 - 讓您封鎖如 [開始] 功能表建議和成員資格通知等消費者功能。Consumer Features - Lets you block consumer features like Start menu suggestions, and membership notifications.
    • Windows 提示 - 讓您封鎖快顯提示於 Windows 中顯示。Windows Tips - Lets you block pop-up tips from displaying in Windows.
    • 控制中心的 Windows 焦點 – 封鎖 Windows 焦點建議 (如新的應用程式或安全性內容),使其不要出現在 Windows 控制中心。Windows Spotlight in action center – Block Windows Spotlight suggestions like new app or security content from appearing in the Windows Action Center.
    • Windows 焦點個人化 – 阻止 Windows 焦點根據裝置的使用方式將結果個人化。Windows Spotlight personalization – Stops Windows Spotlight from personalizing results based on the usage of a device.
    • Windows 歡迎使用體驗 – 封鎖 Windows 歡迎使用體驗,該體驗會顯示有關新功能或更新功能的使用者資訊。Windows welcome experience – Block the Windows welcome experience that shows the user information about new, or updated features.

投影Projection

  • 來自無線顯示器接收器的使用者輸入 - 封鎖來自無線顯示器接收器的使用者輸入。User input from wireless display receivers - Blocks user input from wireless display receivers.
  • 投影到此電腦 - 阻止其他裝置探索該電腦以進行投影。Projection to this PC - Stops other devices from discovering the PC for projection.
  • 要求提供 PIN 以進行配對 - 於連線至投影裝置時要求 PIN。Require PIN for pairing - Require a PIN when connecting to a projection device.

開始Start

  • 從工作列取消釘選應用程式 - 阻止使用者從 [開始] 功能表取消釘選應用程式。Unpin apps from task bar - Stop the user from unpinning apps from the Start menu.
  • [開始] 上的 [文件] - 隱藏或顯示 Windows [開始] 功能表中的 [文件] 資料夾。Documents on Start - Hide or show the Documents folder in the Windows Start menu.
  • [開始] 上的 [下載] - 隱藏或顯示 Windows [開始] 功能表中的 [下載] 資料夾。Downloads on Start - Hide or show the Downloads folder in the Windows Start menu.
  • [開始] 上的 [檔案總管] - 隱藏或顯示 Windows [開始] 功能表中的 [檔案總管] 應用程式。File Explorer on Start - Hide or show the File Explorer app in the Windows Start menu.
  • [開始] 上的 [家用群組] - 隱藏或顯示 Windows [開始] 功能表中的 [家用群組] 資料夾。HomeGroup on Start - Hide or show the HomeGroup folder in the Windows Start menu.
  • [開始] 上的 [音樂] - 隱藏或顯示 Windows [開始] 功能表中的 [音樂] 資料夾。Music on Start - Hide or show the Music folder in the Windows Start menu.
  • [開始] 上的 [網路] - 隱藏或顯示 Windows [開始] 功能表中的 [網路] 資料夾。Network on Start - Hide or show the Network folder in the Windows Start menu.
  • [開始] 上的 [個人] 資料夾 - 隱藏或顯示 Windows [開始] 功能表中的 [個人] 資料夾。Personal folder on Start - Hide or show the Personal folder in the Windows Start menu.
  • [開始] 上的 [圖片] - 隱藏或顯示 Windows [開始] 功能表中的 [圖片] 資料夾。Pictures on Start - Hide or show the folder for pictures in the Windows Start menu.
  • [開始] 上的 [設定] - 隱藏或顯示 Windows [開始] 功能表中的 [設定] 應用程式。Settings on Start - Hide or show the Settings app in the Windows Start menu.
  • [開始] 上的 [影片] - 隱藏或顯示 Windows [開始] 功能表中的 [影片] 資料夾。Videos on Start - Hide or show the folder for videos in the Windows Start menu.
若要提交意見反應,請前往 Intune Feedback