Intune 中 Windows 10 (和更新版本) 的裝置限制設定Device restriction for Windows 10 (and newer) settings in Intune

本文將告訴您所有的 Microsoft Intune 裝置限制設定,讓您可以為執行 Windows 10 的裝置進行設定。This article shows you all the Microsoft Intune device restrictions settings that you can configure for devices running Windows 10.

適用對象:Azure 入口網站的 IntuneApplies to: Intune in the Azure portal
您需要傳統入口網站的 Intune 相關文件嗎?Looking for documentation about Intune in the classic portal? 請參閱本 Intune 簡介Read the introduction to Intune.

一般General

  • 螢幕擷取 (僅限行動裝置) - 讓使用者可將裝置螢幕擷取為影像。Screen capture (mobile only) - Lets the user capture the device screen as an image.

  • 複製並貼上 (僅限行動裝置) - 允許在裝置上的應用程式之間,進行複製並貼上的動作。Copy and paste (mobile only) - Allow copy and paste actions between apps on the device.

  • 手動取消註冊 - 讓使用者可從裝置手動刪除工作場所帳戶。Manual unenrollment - Lets the user manually delete the workplace account from the device.

    • 如果電腦已加入 Azure Active Directory,並且啟用自動註冊,則不會套用此原則設定。This policy setting is not applied if the computer is Azure Active Directory joined and auto-enrollment is enabled.
    • 此原則設定不適用於執行 Windows 10 家用版的電腦。This policy setting does not apply to computers running Windows 10 Home.
  • 手動安裝根憑證 (僅限行動裝置) - 阻止使用者手動安裝根憑證及中繼 CAP 憑證。Manual root certificate installation (mobile only) - Stops the user from manually installing root certificates, and intermediate CAP certificates.

  • 相機 - 允許或封鎖在裝置上使用相機。Camera - Allow or block use of the camera on the device.

  • OneDrive 檔案同步 - 封鎖裝置將檔案同步處理至 OneDrive。OneDrive file sync - Blocks the device from synchronizing files to OneDrive.

  • 抽取式存放裝置 - 指定是否可以與裝置搭配使用 SD 卡等外部存放裝置。Removable storage - Specifies whether external storage devices, like SD cards can be used with the device.

  • 地理位置 - 指定裝置是否可以使用定位服務資訊。Geolocation - Specifies whether the device can use location services information.

  • 網際網路共用 - 允許在裝置上使用網際網路連線共用。Internet sharing - Allow the use of Internet connection sharing on the device.

  • 重設手機 - 控制使用者是否可以將裝置重設成出廠預設值。Phone reset - Controls whether the user can do a factory reset on their device.

  • USB 連線 (僅限行動裝置) - 控制裝置是否可以透過 USB 連接來存取外接式存放裝置。USB connection (mobile only) - Controls whether devices can access external storage devices through a USB connection.

  • 防竊模式 (僅限行動裝置) - 設定是否啟用 Windows 防竊模式。AntiTheft mode (mobile only) - Configure whether Windows Antitheft mode is enabled.

  • Cortana - 啟用或停用 Cortana 語音助理。Cortana - Enable or disable the Cortana voice assistant.

  • 錄音 (僅限行動裝置) - 允許或封鎖使用裝置錄音機。Voice recording (mobile only) - Allow or block use of the device voice recorder.

  • 修改裝置名稱 - 防止終端使用者變更裝置名稱 (僅限 Windows 10 行動裝置版)Device name modification - Prevents the end user from changing the device name (Windows 10 Mobile only)

  • 新增佈建套件 - 封鎖安裝佈建套件的執行階段設定代理程式。Add provisioning packages - Blocks the run time configuration agent that installs provisioning packages.

  • 移除佈建套件 - 封鎖移除佈建套件的執行階段設定代理程式。Remove provisioning packages - Blocks the run time configuration agent that removes provisioning packages.

  • 裝置探索 - 封鎖裝置以使它無法被其他裝置找到。Device discovery - Block a device from being discovered by other devices.

  • 工作切換器 (僅限行動裝置) - 封鎖裝置上的工作切換器。Task Switcher (mobile only) - Blocks the task switcher on the device.

  • SIM 卡錯誤對話方塊 (僅限行動裝置) - 封鎖在沒有偵測到 SIM 卡的情況下會顯示於裝置上的錯誤訊息。SIM card error dialog (mobile only) - Blocks an error message from displaying on the device if no SIM card is detected.

  • Ink 工作區 - 禁止使用者存取 Ink 工作區。Ink Workspace - Block users from accessing the ink workspace. 未設定此設定時,會啟用 Ink 工作區 (功能已開啟),並允許使用者在鎖定螢幕上使用它。When this setting is not configured, the ink workspace is enabled (feature is turned on), and the user is allowed to use it above the lock screen.

  • 自動重新部署 允許具有系統管理權限的使用者,在裝置鎖定畫面上使用 CTRL + Win + R 來刪除所有使用者資料和設定。Automatic redeployment - Allows users with administrative rights to delete all user data and settings using CTRL + Win + R at the device lock screen. 裝置會自動重新設定並重新註冊以納入管理。The device is automatically reconfigured and reenrolled into management.

密碼Password

  • 密碼 - 需要使用者輸入密碼才可存取該裝置。Password - Require the end user to enter a password to access the device.
    • 必要的密碼類型 - 指定密碼必須為數字還是英數字元。Required password type - Specifies whether the password must be numeric only, or alphanumeric.
    • 密碼長度下限 - 僅適用於 Windows 10 行動裝置版。Minimum password length - Applies to Windows 10 Mobile only.
    • 登入失敗幾次後即抹除裝置 - 若為執行 Windows 10 的裝置︰如果裝置已啟用 BitLocker,將會在登入失敗達您所指定的次數時置於 BitLocker 復原模式。Number of sign-in failures before wiping device - For devices running Windows 10: If the device has BitLocker enabled, it's put into BitLocker recovery mode after sign-in fails the number of times that you specified. 如果裝置未啟用 BitLocker,便不會套用此設定。If the device is not BitLocker enabled, then this setting doesn't apply. 若為執行 Windows 10 行動裝置版的裝置︰登入失敗達您所指定的次數時,就會抹除裝置。For devices running Windows 10 Mobile: After sign-in fails the number of times you specify, the device is wiped.
    • 沒有活動最久幾分鐘後鎖定螢幕指定裝置必須處於閒置狀態多久的時間,才會鎖住螢幕。Maximum minutes of inactivity until screen locks - Specifies the length of time a device must be idle before the screen is locked.
    • 密碼到期 (天) - 指定在多久之後必須變更該裝置的密碼。Password expiration (days) - Specifies the length of time after which the device password must be changed.
    • 避免重複使用以前用過的密碼 - 指定裝置記憶先前使用過的密碼數目。Prevent reuse of previous passwords - Specifies the number of previously used passwords that are remembered by the device.
    • 裝置從閒置狀態回復時需要密碼 (僅限行動裝置) - 指定使用者必須輸入密碼才能解除鎖定裝置 (僅限 Windows 10 行動裝置版)。Require password when device returns from idle state (Mobile only) - Specifies that the user must enter a password to unlock the device (Windows 10 Mobile only).
    • 簡單密碼 - 可讓您使用 1111 和 1234 等簡單密碼。Simple passwords – Lets you allow the use of simple passwords like 1111 and 1234. 這項設定也會允許或封鎖使用 Windows 圖片密碼。This setting also allows or blocks the use of Windows picture passwords.
  • 加密 - 在目標裝置上啟用加密。Encryption - Enable encryption on targeted devices.

個人化Personalization

  • 桌面背景圖片 URL (僅限桌面版) - 指定要作為 Windows 桌面桌布使用之 JPEG 格式圖片的 URL。Desktop background picture URL (Desktop only) - Specify the URL to a picture in JPEG format that you want to use as the Windows desktop wallpaper. 使用者無法變更此項目。Users can't change this.

隱私權Privacy

  • 輸入個人化 - 不允許為 Cortana、聽寫或 Microsoft 網上商店應用程式使用雲端式語音服務。Input personalization – Don’t allow the use of cloud-based speech services for Cortana, dictation, or Microsoft Store apps. 如果您允許使用這些服務,Microsoft 可能會收集語音資料來改進服務。If you allow these services, Microsoft might collect voice data to improve the service.
  • 自動接受配對及隱私權使用者同意提示 – 允許 Windows 在執行應用程式時,自動接受配對及隱私權同意訊息。Automatic acceptance of the pairing and privacy user consent prompts – Allow Windows to automatically accept pairing and privacy consent messages when running apps.
  • 發佈使用者活動:設定此項以封鎖防止共用體驗以及在工作切換器中探索最近使用的資源。Publish user activities: Set this to Block to prevent shared experiences and discovery of recently used resources in the task switcher.
  • 僅限本機活動:設定此項以封鎖防止共用體驗,以及僅根據本機活動,在工作切換器中探索最近使用的資源。Local activities only: Set this to Block to prevent shared experiences and discovery of recently used resources in task switcher based only on local activity.

您可以定義可供裝置上所有應用程式存取的資訊。You can define information that all apps on the device can access. 您可以使用個別應用程式隱私權例外狀況來定義以個別應用程式為基礎的例外。You can define exceptions on a per-app basis using Per-app privacy exceptions.

例外狀況Exceptions

  • 帳戶資訊 - 定義此應用程式能否存取使用者名稱、圖片及其他連絡人資訊。Account information - Define whether this app can access the user name, picture, and other contact info.
  • 背景應用程式 - 定義此應用程式能否在背景執行。Background apps - Define whether this app can run in the background.
  • 行事曆 - 定義此應用程式能否存取行事曆。Calendar - Define whether this app can access the calendar.
  • 通話記錄 - 定義此應用程式能否存取我的通話記錄。Call history - Define whether this app can access my call history.
  • 相機 - 定義此應用程式能否存取網路攝影機。Camera - Define whether this app can access the camera.
  • 連絡人 - 定義此應用程式能否存取連絡人。Contacts - Define whether this app can access contacts.
  • 電子郵件 - 定義此應用程式能否存取及傳送電子郵件。Email - Define whether this app can access and send email.
  • 位置 - 定義此應用程式能否存取位置資訊。Location - Define whether this app can access location information.
  • 訊息中心 - 定義此應用程式能否讀取或傳送文字或 MMS 訊息。Messaging - Define whether this app can read or send text or MMS messages.
  • 麥克風 - 定義此應用程式能否使用麥克風。Microphone - Define whether this app can use the microphone.
  • 動作 - 定義此應用程式能否存取裝置動作資訊。Motion - Define whether this app can access device motion information.
  • 通知 - 定義此應用程式能否存取通知。Notifications - Define whether this app can access notifications.
  • 電話 - 定義此應用程式能否存取手機。Phone - Define whether this app can access the phone.
  • 無線電 - 有些應用程式會在您的裝置上使用無線電波 (例如,藍牙) 來傳送及接收資料,因此必須開啟或關閉這些無線電波。Radios - Some apps use radios (for example, Bluetooth) in your device to send and receive data and need to turn these radios on or off. 定義此應用程式能否控制這些無線電波。Define whether this app can control these radios.
  • 工作 - 定義此應用程式能否存取您的工作。Tasks - Define whether this app can access your tasks.
  • 信任的裝置 - 定義此應用程式是否可以使用信任的裝置 (您已連線或此電腦、平板電腦或手機上搭載的硬體)。Trusted devices - Define whether this app can use trusted devices (hardware you've already connected or that comes with this PC, tablet, or phone). 例如電視、投影機等等。For example: TVs, projectors, and so on.
  • 意見反應與診斷 - 定義此應用程式能否存取診斷資訊。Feedback and diagnostics - Define whether this app can access diagnostic information.
  • 與裝置同步 - 定義此應用程式能否自動與未和此電腦、平板電腦或手機直接配對的無線裝置共用及同步資訊。Sync with devices -Define whether this app can automatically share and sync info with wireless devices that don't explicitly pair with this PC, tablet, or phone.

個別應用程式的隱私權例外狀況Per-app privacy exceptions

您可以新增隱私權行為應該與您在「預設原則」中所定義之隱私權行為不同的應用程式。You can add apps that should have a different privacy behavior from what you defined in “Default privacy”.

  • 套件名稱 - 新增套件系列名稱。Package Name - App package family name.
  • 應用程式名稱 - 應用程式的名稱。App Name - The name of the app.

例外狀況Exceptions

  • 帳戶資訊 - 定義此應用程式能否存取使用者名稱、圖片及其他連絡人資訊。Account information - Define whether this app can access the user name, picture, and other contact info.
  • 背景應用程式 - 定義此應用程式能否在背景執行。Background apps - Define whether this app can run in the background.
  • 行事曆 - 定義此應用程式能否存取行事曆。Calendar - Define whether this app can access the calendar.
  • 通話記錄 - 定義此應用程式能否存取我的通話記錄。Call history - Define whether this app can access my call history.
  • 相機 - 定義此應用程式能否存取網路攝影機。Camera - Define whether this app can access the camera.
  • 連絡人 - 定義此應用程式能否存取連絡人。Contacts - Define whether this app can access contacts.
  • 電子郵件 - 定義此應用程式能否存取及傳送電子郵件。Email - Define whether this app can access and send email.
  • 位置 - 定義此應用程式能否存取位置資訊。Location - Define whether this app can access location information.
  • 訊息中心 - 定義此應用程式能否讀取或傳送文字或 MMS 訊息。Messaging - Define whether this app can read or send text or MMS messages.
  • 麥克風 - 定義此應用程式能否使用麥克風。Microphone - Define whether this app can use the microphone.
  • 動作 - 定義此應用程式能否存取裝置動作資訊。Motion - Define whether this app can access device motion information.
  • 通知 - 定義此應用程式能否存取通知。Notifications - Define whether this app can access notifications.
  • 電話 - 定義此應用程式能否存取手機。Phone - Define whether this app can access the phone.
  • 無線電 - 有些應用程式會在您的裝置上使用無線電波 (例如,藍牙) 來傳送及接收資料,因此必須開啟或關閉這些無線電波。Radios - Some apps use radios (for example, Bluetooth) in your device to send and receive data and need to turn these radios on or off. 定義此應用程式能否控制這些無線電波。Define whether this app can control these radios.
  • 工作 - 定義此應用程式能否存取您的工作。Tasks - Define whether this app can access your tasks.
  • 信任的裝置 - 定義此應用程式是否可以使用信任的裝置 (您已連線或此電腦、平板電腦或手機上搭載的硬體)。Trusted devices - Define whether this app can use trusted devices (hardware you've already connected or that comes with this PC, tablet, or phone). 例如電視、投影機等等。For example: TVs, projectors, and so on.
  • 意見反應與診斷 - 定義此應用程式能否存取診斷資訊。Feedback and diagnostics - Define whether this app can access diagnostic information.
  • 與裝置同步 - 定義此應用程式能否自動與未和此電腦、平板電腦或手機直接配對的無線裝置共用及同步資訊。Sync with devices -Define whether this app can automatically share and sync info with wireless devices that don't explicitly pair with this PC, tablet, or phone.

鎖定畫面體驗Locked screen experience

  • 控制中心通知 (僅限行動裝置) – 可讓控制中心通知出現在裝置鎖定畫面上 (僅限 Windows 10 行動裝置版)。Action center notifications (mobile only) – Lets Action Center notifications appear on the device lock screen (Windows 10 Mobile only).
  • 鎖定畫面圖片 URL (僅限桌面版) - 指定會作為 Windows 鎖定畫面桌布使用之 JPEG 格式圖片的 URL。Locked screen picture URL (Desktop only) - Specify the URL to a picture in JPEG format that will be used as the Windows lock screen wallpaper. 使用者無法變更此項目。Users can't change this.
  • 使用者可設定的畫面逾時 (僅限行動裝置) – 可讓使用者設定時間量User configurable screen timeout (mobile only) – Lets users configure the amount of time
  • 鎖定畫面上的 Cortana (僅限桌面版) – 不允許使用者在裝置位於鎖定畫面時與 Cortana 互動 (僅限 Windows 10 桌面版)。Cortana on locked screen (desktop only) – Don’t allow the user to interact with Cortana when the device is on the lock screen (Windows 10 desktop only).
  • 鎖定畫面上的快顯通知 – 封鎖警示訊息,使其無法顯示在裝置鎖定畫面上。Toast notifications on locked screen – Block alert messages from being displayed on the device lock screen.
  • 畫面逾時 (僅限行動裝置) - 指定畫面鎖定之後的時間 (以秒為單位),在該段時間後將會關閉畫面。Screen timeout (mobile only) - Specifies the time in seconds after the screen locks, when it will turn off.

App StoreApp Store

  • App Store (僅限行動裝置) - 啟用或封鎖在 Windows 10 行動裝置上使用 App Store。App store (mobile only) - Enable or block use of the app store on Windows 10 Mobile devices.
  • 自動更新來自市集的應用程式 - 允許自動更新從 Microsoft 網上商店安裝的應用程式。Auto-update apps from store - Allows apps installed from the Microsoft Store to be automatically updated.
  • 安裝信任的應用程式 - 允許側載使用受信任憑證簽署的應用程式。Trusted app installation - Allows apps signed with a trusted certificate to be sideloaded.
  • 開發人員解除鎖定 - 允許 Windows 開發人員設定,例如允許使用者修改側載應用程式。Developer unlock - Allow Windows developer settings, such as allowing sideloaded apps to be modified by the end user.
  • 共用的使用者應用程式資料 - 允許應用程式在相同裝置上的不同使用者之間共用資料。Shared user app data - Allows apps to share data between different users on the same device.
  • 僅使用私人市集 - 啟用此設定以僅允許使用者從您的私人市集下載應用程式。Use private store only - Enable this to only allow end users to download apps from your private store.
  • 啟動來自市集的應用程式 - 用來停用預先安裝於裝置上,或是從 Microsoft 網上商店下載的所有應用程式。Store originated app launch - Used to disable all apps that were pre-installed on the device, or downloaded from the Microsoft Store.
  • 將應用程式資料安裝在系統磁碟區 - 阻止應用程式將資料儲存在裝置的系統磁碟區上。Install app data on system volume - Stops apps from storing data on the system volume of the device.
  • 將應用程式安裝在系統磁碟機 - 阻止應用程式將資料儲存在裝置的系統磁碟機上。Install apps on system drive - Stops apps from storing data on the system drive of the device.
  • 遊戲 DVR (僅限桌面版) - 設定是否允許錄製和廣播遊戲。Game DVR (desktop only) - Configures whether recording and broadcasting of games is allowed.
  • 僅限來自市集的應用程式 - 設定使用者是否可以從 App Store 以外的地方安裝應用程式。Apps from the store only - Configures whether users can install apps from places other than the app store.

Microsoft Edge 瀏覽器Edge Browser

  • Microsoft Edge 瀏覽器 (僅限行動裝置) - 允許在裝置上使用 Edge 網頁瀏覽器。Microsoft Edge browser (mobile only) - Allow the use of the Edge web browser on the device.
  • 網址列下拉 (僅限桌面版) – 使用此選項可阻止 Edge 在您輸入時,於下拉式清單中顯示建議清單。Address bar dropdown (desktop only) – Use this to stop Edge from displaying a list of suggestions in a drop-down list when you type. 這有助於將 Edge 與 Microsoft 服務之間的網路頻寬用量降到最低。This helps to minimize network bandwidth use between Edge and Microsoft services.
  • 在 Microsoft 瀏覽器之間同步我的最愛 (僅限桌面版) – 可讓 Windows 同步處理 Internet Explorer 與 Edge 之間的我的最愛。Sync favorites between Microsoft browsers (desktop only) – Lets Windows synchronize favorites between Internet Explorer and Edge.
  • 傳送不追蹤標頭 - 設定 Microsoft Edge 瀏覽器以傳送「不追蹤」標頭給使用者瀏覽的網站。Send do-not-track headers - Configures the Edge browser to send do not track headers to websites that users visit.
  • Cookie - 讓瀏覽器儲存網際網路 Cookie 到裝置上。Cookies - Lets the browser save internet cookies to the device.
  • JavaScript - 允許在 Microsoft Edge 瀏覽器中執行 JavaScript 等指令碼。JavaScript - Allows scripts, such as Javascript, to run in the Edge browser.
  • 快顯視窗 - 封鎖瀏覽器中的快顯視窗 (僅適用於 Windows 10 桌面版)。Pop-ups - Blocks pop-up windows in the browser (Applies to Windows 10 desktop only).
  • 搜尋建議 - 讓您的搜尋引擎在您輸入搜尋片語時建議網站。Search suggestions - Lets your search engine suggest sites as you type search phrases.
  • 將內部網路流量傳送到 Internet Explorer - 讓使用者可在 Internet Explorer 中開啟內部網路網站 (僅限 Windows 10 桌面版)。Send intranet traffic to Internet Explorer - Lets users open intranet websites in Internet Explorer (Windows 10 desktop only).
  • 自動填滿 - 允許使用者變更瀏覽器中的自動完成設定 (僅限 Windows 10 桌面版)。Autofill - Allow users to change autocomplete settings in the browser (Windows 10 desktop only).
  • 密碼管理員 - 啟用或停用 Microsoft Edge 密碼管理員功能。Password Manager - Enable or disable the Edge Password Manager feature.
  • 企業模式網站清單位置 - 指定在何處尋找以企業模式開啟的網站清單。Enterprise mode site list location - Specifies where to find the list of web sites that open in Enterprise mode. 使用者無法編輯這份清單。Users cannot edit this list.
    (僅限 Windows 10 桌面版)。(Windows 10 desktop only).
  • 開發人員工具 - 防止使用者開啟 Edge 開發人員工具。Developer tools - Prevent the end user from opening the Edge developer tools.
  • 延伸模組 - 允許使用者在裝置上安裝 Edge 延伸模組。Extensions - Allow the end user to install Edge extensions on the device.
  • InPrivate 瀏覽 - 防止使用者開啟 InPrivate 瀏覽工作階段。InPrivate browsing - Prevent the end user from opening InPrivate browsing sessions.
  • 顯示初次執行網頁 – 第一次執行 Edge 時,停止顯示簡介頁面。Show first run page – Stops the introduction page from appearing the first time you run Edge.
    • 初次執行 URL – 指定使用者第一次執行 Edge 時顯示的網頁 URL (僅限 Windows 10 行動裝置版)。First run URL – Specifies the URL of a page that is displayed the first time a user runs Edge (Windows 10 Mobile only).
  • 首頁 - 新增要作為 Edge 瀏覽器首頁使用的網站清單 (僅限桌面版)。Homepages - Add a list of sites that you want to use as home pages in the Edge browser (desktop only).
  • 起始畫面的變更 – 可讓使用者變更 Edge 開啟時顯示的起始畫面。Changes to start page – Lets users change the start pages displayed when Edge is opened. 若要建立 Edge 啟動時開啟的網頁或網頁清單,請使用 [首頁] 設定。Use the Homepages setting to create the page, or list of pages that is opened when Edge starts.
  • 禁止存取 About 旗標 - 防止使用者存取 Edge 中包含開發人員和實驗性設定的 about:flags 頁面。Block access to About flags - Prevent the end user from accessing the about:flags page in Edge that contains developer and experimental settings.
  • WebRtc localhost IP 位址 - 禁止於使用 Web RTC 通訊協定撥打電話時,顯示使用者的 localhost IP 位址。WebRtc localhost ip address - Block the users localhost IP address from being displayed when making phone calls using the web RTC protocol.
  • 預設搜尋引擎 - 指定要使用的預設搜尋引擎。Default search engine - Specify the default search engine to be used. 使用者可以隨時變更此值。End users can change this value at any time.
  • 在結束時清除瀏覽資料 – 當使用者結束 Edge 時,清除歷程記錄和瀏覽資料。Clear browsing data on exit – Clears history, and browsing data when the user exits Edge.
  • 動態磚資料收集 – 當使用者從 Edge 釘選網站到 [開始] 功能表時,阻止 Windows 從動態磚收集資訊。Live Tile data collection – Stops Windows collecting information from the Live Tile when users pin a site to the start menu from Edge.
  • 我的最愛清單 - 定義我的最愛檔案的路徑。Favorites List - Defines the path to the favorites file. 例如,http://contoso.com/favorites.html。For example, http://contoso.com/favorites.html.
  • 限制我的最愛變更 - 將此項目設定為 [封鎖],防止使用者新增、匯入、排序或編輯我的最愛清單。Restrict changes to Favorites - Set this to Block to prevent users from adding, importing, sorting, or editing the Favorites list.

Windows Defender SmartScreen 篩選工具Windows Defender Smart Screen

  • 適用於 Microsoft Edge 的 SmartScreen 篩選工具 - 啟用 Edge SmartScreen 以存取網站和檔案下載。SmartScreen for Microsoft Edge - Enable Edge SmartScreen for accessing site and file downloads.
  • 惡意網站存取 - 禁止使用者略過 Windows Defender SmartScreen 篩選工具警告,並防止他們進入網站。Malicious site access - Block users from ignoring the Windows Defender SmartScreen Filter warnings and block them from going to the site.
  • 未經驗證的檔案下載 - 禁止使用者略過 Windows Defender SmartScreen 篩選工具警告,並防止他們下載未經驗證的檔案。Unverified file download - Block users from ignoring the Windows Defender SmartScreen Filter warnings and block them from downloading unverified files.
  • 安全搜尋 (僅限行動裝置) - 控制 Cortana 在搜尋結果中篩選成人內容的方式。Safe Search (mobile only) - Control how Cortana filters adult content in search results. 您可以選取 [嚴格]、[普通],或允許使用者自行選擇設定。You can select Strict, Moderate, or allow the end user to choose their own settings.
  • 在 [搜尋] 中顯示網頁搜尋結果 - 封鎖或允許網頁結果顯示在對裝置進行的搜尋中。Display web results in search - Block or allow web results to appear in searches made on the device.

雲端與儲存體Cloud and Storage

  • Microsoft 帳戶 - 讓使用者建立 Microsoft 帳戶與裝置之間的關聯。Microsoft account - Lets the user associate a Microsoft account with the device.
  • 非 Microsoft 帳戶 - 讓使用者將電子郵件帳戶新增至未與 Microsoft 帳戶相關聯的裝置。Non-Microsoft account - Lets the user add email accounts to the device that are not associated with a Microsoft account.
  • Microsoft 帳戶的設定同步 - 允許與 Microsoft 帳戶相關聯的裝置和應用程式設定在裝置之間進行同步處理。Settings synchronization for Microsoft account - Allow device and app settings that are associated with a Microsoft account to synchronize between devices.

行動數據與連線Cellular and Connectivity

  • 行動數據頻道 – 當使用者連線到行動電話通訊網路時,阻止使用者使用資料,如瀏覽網頁。Cellular data channel – Stop users from using data, like browsing the web, when they are connected to a cellular network.
  • 數據漫遊 - 存取資料時允許網路之間的漫遊。Data roaming - Allow roaming between networks when accessing data.
  • 透過行動電話通訊網路的 VPN - 控制裝置是否可以在連線到行動電話通訊網路時存取 VPN 連線。VPN over the cellular network - Controls whether the device can access VPN connections when connected to a cellular network.
  • 透過行動電話通訊網路的 VPN - 控制裝置是否可以在連線到行動電話通訊網路時存取 VPN 連線。VPN roaming over the cellular network - Controls whether the device can access VPN connections when roaming on a cellular network.
  • 藍牙- 控制使用者是否可在裝置上啟用及設定藍牙。Bluetooth - Controls whether the user can enable and configure Bluetooth on the device.
  • 藍牙探索 - 讓其他藍牙啟用的裝置探索此裝置。Bluetooth discoverability - Lets the device be discovered by other Bluetooth-enabled devices.
  • 藍芽預先配對 – 可讓您設定特定的藍芽裝置與主機裝置自動配對。Bluetooth pre-pairing – Lets you configure specific Bluetooth devices to automatically pair with a host device.
  • 藍牙廣告 - 讓藍牙可透過藍牙裝置接收廣告。Bluetooth advertising - Lets the device receive advertisements over Bluetooth.
  • 連線的裝置服務 – 可讓您選擇是否要允許連線的裝置服務,這可探索其他藍芽裝置並連線到其中。Connected devices service – Lets you choose whether to allow the connected devices service, which enables discovery and connection to other Bluetooth devices.
  • NFC - 讓使用者可在裝置上啟用及設定近距離無線通訊功能。NFC - Lets the user enable and configure Near Field Communications capabilities on the device.
  • Wi-fi - 讓使用者可在裝置上啟用及設定 Wi-Fi (僅限 Windows 10 行動裝置版)。Wi-Fi - Lets the user enable and configure Wi-Fi on the device (Windows 10 Mobile only).
  • 自動連線至 Wi-Fi 熱點 - 讓裝置能自動連線到免費 Wi-Fi 熱點並自動接受任何連線條款和條件。Automatically connect to Wi-Fi hotspots - Lets the device automatically connect to free Wi-Fi hotspots and automatically accept any terms and conditions for the connection.
  • 手動設定 Wi-Fi - 控制使用者是否可設定自己的 Wi-Fi 連線,是或只能使用由 Wi-Fi 設定檔所設定的連線 (僅限 Windows 10 行動裝置版)。Manual Wi-Fi configuration - Controls whether the user can configure their own Wi-Fi connections, or whether they can only use connections configured by a Wi-Fi profile (Windows 10 Mobile only).
  • Wi-Fi 掃描間隔 – 指定裝置掃描 Wi-Fi 網路的頻率。Wi-Fi scan interval – Specify how often devices scan for Wi-Fi networks. 指定 1 (最頻繁) 到 500 (最不頻繁) 的值。Specify a value from 1 (most frequent) to 500 (least frequent).
  • 藍牙允許的服務 – 以十六進位字串,指定允許的藍芽服務和設定檔的清單。Bluetooth allowed services – Specify as hex strings, a list of allowed Bluetooth services and profiles.

控制台和設定Control Panel and Settings

  • 設定應用程式 - 封鎖對 Windows [設定] 應用程式的存取。Settings app - Block access to the Windows settings app.
    • 系統 - 封鎖對 [設定] 應用程式 [系統] 區域的存取。System - Blocks access to the system area of the settings app.
      • 修改電源及睡眠設定 (僅限桌面版) - 防止使用者變更裝置上的電源及睡眠設定。Power and sleep settings modification (desktop only) - Prevents the end user from changing power and sleep settings on the device.
    • 裝置 - 封鎖對 [設定] 應用程式 [裝置] 區域的存取。Devices - Blocks access to the devices area of the settings app.
    • 網路網際網路 - 封鎖對 [設定] 應用程式 [網路和網際網路] 區域的存取。Network Internet - Blocks access to the network and internet area of the settings app.
    • 個人化 - 封鎖對 [設定] 應用程式 [個人化] 區域的存取。Personalization - Blocks access to the personalization area of the settings app.
    • 帳戶 - 封鎖對 [設定] 應用程式 [帳戶] 區域的存取。Accounts - Blocks access to the accounts area of the settings app.
    • 時間與語言 - 封鎖對 [設定] 應用程式 [時間與語言] 區域的存取。Time and Language - Blocks access to the time and language area of the settings app.
      • 修改系統時間 - 防止使用者變更裝置日期和時間。System Time modification - Prevents the end user from changing the device date and time.
      • 修改區域設定 (僅限桌面版) - 防止使用者變更裝置上的區域設定。Region settings modification (desktop only) - Prevents the end user from changing the region settings on the device.
      • 修改語言設定 (僅限桌面版) - 防止使用者變更裝置上的語言設定。Language settings modification (desktop only) - Prevents the user from changing the language settings on the device.
    • 遊戲 - 封鎖對 [設定] 中 [遊戲] 應用程式的存取。Gaming - Blocks access to the Gaming app in Settings.
    • 輕鬆存取 - 封鎖對 [設定] 應用程式 [輕鬆存取] 區域的存取。Ease of Access - Blocks access to the ease of access area of the settings app.
    • 隱私權 - 封鎖對 [設定] 應用程式 [隱私權] 區域的存取。Privacy - Blocks access to the privacy area of the settings app.
    • 更新與安全性 - 封鎖對設定應用程式之更新與安全性區域的存取。Update and Security - Blocks access to the updates and security area of the settings app.

開始Start

  • 從工作列取消釘選應用程式 - 阻止使用者從 [開始] 功能表取消釘選應用程式。Unpin apps from task bar - Stop the user from unpinning apps from the Start menu.
  • [開始] 上的 [文件] - 隱藏或顯示 Windows [開始] 功能表中的 [文件] 資料夾。Documents on Start - Hide or show the Documents folder in the Windows Start menu.
  • [開始] 上的 [下載] - 隱藏或顯示 Windows [開始] 功能表中的 [下載] 資料夾。Downloads on Start - Hide or show the Downloads folder in the Windows Start menu.
  • [開始] 上的 [檔案總管] - 隱藏或顯示 Windows [開始] 功能表中的 [檔案總管] 應用程式。File Explorer on Start - Hide or show the File Explorer app in the Windows Start menu.
  • [開始] 上的 [家用群組] - 隱藏或顯示 Windows [開始] 功能表中的 [家用群組] 資料夾。HomeGroup on Start - Hide or show the HomeGroup folder in the Windows Start menu.
  • [開始] 上的 [音樂] - 隱藏或顯示 Windows [開始] 功能表中的 [音樂] 資料夾。Music on Start - Hide or show the Music folder in the Windows Start menu.
  • [開始] 上的 [網路] - 隱藏或顯示 Windows [開始] 功能表中的 [網路] 資料夾。Network on Start - Hide or show the Network folder in the Windows Start menu.
  • [開始] 上的 [個人] 資料夾 - 隱藏或顯示 Windows [開始] 功能表中的 [個人] 資料夾。Personal folder on Start - Hide or show the Personal folder in the Windows Start menu.
  • [開始] 上的 [圖片] - 隱藏或顯示 Windows [開始] 功能表中的 [圖片] 資料夾。Pictures on Start - Hide or show the folder for pictures in the Windows Start menu.
  • [開始] 上的 [設定] - 隱藏或顯示 Windows [開始] 功能表中的 [設定] 應用程式。Settings on Start - Hide or show the Settings app in the Windows Start menu.
  • [開始] 上的 [影片] - 隱藏或顯示 Windows [開始] 功能表中的 [影片] 資料夾。Videos on Start - Hide or show the folder for videos in the Windows Start menu.

顯示Display

  • 開啟應用程式的 GDI 調整功能Turn on GDI scaling for apps

  • 關閉應用程式的 GDI 調整功能Turn off GDI scaling for apps

    GDI DPI 縮放比例會讓非 DPI 感知的應用程式變成個別監視器 DPI 感知。GDI DPI Scaling lets apps that are not DPI aware to become per-monitor DPI aware. 請指定會開啟 GDI DPI 縮放比例的舊版應用程式。Specify the legacy apps that have GDI DPI Scaling turned on. 應用程式上的 GDI DPI 縮放比例若同時設為開啟和關閉,該應用程式的縮放比例功能就會關閉。With GDI DPI Scaling configured to both turn on and turn off on an app, scaling is turned off for the app.

Kiosk (預覽)Kiosk (Preview)

Kiosk 裝置通常執行一個應用程式,或一組特定的應用程式。A kiosk device typically runs one app, or a specific set of apps. 使用者無法存取裝置上任何 kiosk 應用程式外的任何功能。Users are prevented from accessing any features or functions on the device outside of any kiosk apps.

  • Kiosk 模式 - 識別原則所支援的 kiosk 模式類型。Kiosk mode - Identifies the type of kiosk mode supported by the policy. 這些選項包括:Options include:

    • 未設定 (預設) - 不啟用 kiosk 模式的原則。Not Configured (default) - The policy does not enable a kiosk mode.
    • 單一應用程式 kiosk - 此設定檔可讓裝置只在單一應用程式上執行。Single app kiosk - The profile enables the device to only run one app. 當使用者登入時,會啟動特定的應用程式。When the user signs in, a specific app starts. 此模式也會限制使用者開啟新的應用程式或變更執行中的應用程式。This mode also restricts the user from opening new apps, or changing the running app.
    • 多應用程式 kiosk - 此設定檔可讓裝置在多個應用程式上執行。Multi-app kiosk - The profile enables the device to run multiple apps. 只有您新增的應用程式才可供使用者使用。Only the apps you add are available to the user. 多應用程式 kiosk (或固定用途裝置) 的好處是讓個人只存取所需的應用程式,而從其檢視中移除不需要的應用程式,來為個人提供一個簡單明瞭的體驗。The benefit of a multi-app kiosk, or fixed-purpose device, is to provide an easy-to-understand experience for individuals by only accessing apps they need, and removing from their view the apps they don’t need.

單一應用程式 KioskSingle app kiosks

輸入下列設定:Enter the following settings:

  • 使用者帳戶 - 輸入與 kiosk 應用程式關聯的本機 (對裝置而言) 使用者帳戶或 Azure AD 帳戶登入。User account - Enter the local (to the device) user account or the Azure AD account login associated with the kiosk app. 針對已加入 Azure AD 網域的帳戶,請使用 domain\username@tenant.org 格式來輸入帳戶。For accounts joined to Azure AD domains, enter the account using the domain\username@tenant.org format.

    針對在面對大眾的環境中且已啟用自動登入功能的 kiosk,應該使用權限最低 (例如本機標準使用者帳戶) 的使用者類型。For kiosks in public-facing environments with auto logon enabled, a user type with the least privilege (such as the local standard user account) should be used. 若要設定 Azure Active Directory (AD) 帳戶以使用 kiosk 模式,請使用 AzureAD\user@contoso.com 格式。To configure an Azure Active Directory (AD) account for kiosk mode, use the AzureAD\user@contoso.com format.

  • 應用程式的應用程式使用者模型識別碼 (AUMID) - 輸入 kiosk 應用程式的 AUMID。Application user model ID (AUMID) of app - Enter the AUMID of the kiosk app. 若要深入了解,請參閱 Find the Application User Model ID of an installed app(尋找已安裝應用程式的應用程式使用者模型識別碼)。To learn more, see Find the Application User Model ID of an installed app.

多應用程式 kioskMulti-app kiosks

多應用程式 kiosk 使用會列出所允許應用程式及其他設定的 kiosk 設定。Multi-app kiosks use a kiosk configuration that lists the allowed apps, and other settings.

請使用 [新增] 按鈕來建立 kiosk 設定 (或選取現有的設定)。Use the Add button to create a kiosk configuration (or select an existing configuration). 接著,輸入下列設定:Then, enter the following settings:

  • Kiosk 設定名稱 - 輸入用來識別設定的易記名稱。Kiosk configuration name - Enter a friendly name used to identify the configuration.

  • Kiosk 應用程式 - 輸入 [開始] 功能表上可用的應用程式。Kiosk apps - Enter the apps that are available on the Start menu. 您新增的應用程式是使用者唯一能夠開啟的應用程式。The apps you add are the only apps the user can open.

    • 應用程式類型 - 選擇 kiosk 應用程式的類型:App Type - Choose the type of the kiosk app:

      • Win32 應用程式 - 傳統型應用程式。Win32 App - A traditional desktop app. 在裝置方面,您需要可執行檔的完整路徑名稱。You need the fully qualified pathname of the executable, with respect to the device.
      • UWP App - 通用 Windows app。UWP App - A Universal Windows app. 您需要應用程式的 AUMIDYou need the AUMID for the app.
    • 識別碼 - 輸入可執行檔 (Win32 應用程式) 的完整路徑名稱,或應用程式的 AUMID (UWP app)。Identifier - Enter the fully qualified pathname for the executable file (Win32 apps), or the app's AUMID (UWP apps).

  • 工作列:選擇是要 [啟用] (顯示) 工作列,還是要讓它在 kiosk 上保持 [未設定] (隱藏) 狀態。Taskbar: Choose to Enable (show) the taskbar, or keep it Not configured (hidden) on the kiosk.

  • [開始] 功能表配置 - 輸入描述應用程式在 [開始] 功能表上如何顯示的 XML 檔案。Start menu layout - Enter an XML file that describes how the apps appear on the Start menu. 自訂與匯出 [開始] 配置提供一些指引和範例 XML。Customize and export Start layout provides some guidance, and sample XML.

    建立可執行多個應用程式的 Windows 10 kiosk 提供有關使用及建立 XML 檔案的更多詳細資料。Create a Windows 10 kiosk that runs multiple apps provides more details on using and creating XML files.

  • 指派的使用者 - 新增一或多個能夠使用您所新增應用程式的使用者帳戶。Assigned users - Add one or more user accounts that can use the apps you add. 當該帳戶登入時,只有設定中所定義的應用程式可供使用。When the account signs in, only the apps defined in the configuration are available. 帳戶可以是與 kiosk 應用程式建立關聯的裝置本機帳戶或 Azure AD 帳戶登入。The account may be local to the device or an Azure AD account login associated with the kiosk app.

    針對在面對大眾的環境中且已啟用自動登入功能的 kiosk,應該使用權限最低 (例如本機標準使用者帳戶) 的使用者類型。For kiosks in public-facing environments with auto logon enabled, a user type with the least privilege (such as the local standard user account) should be used. 若要設定 Azure Active Directory (AD) 帳戶以使用 kiosk 模式,請使用 domain\user@tenant.com 格式。To configure an Azure Active Directory (AD) account for kiosk mode, use the domain\user@tenant.com format.

Windows Defender 防毒軟體Windows Defender Antivirus

  • 即時監視 - 啟用惡意程式碼、間諜軟體和其他垃圾軟體的即時掃描。Real-time monitoring - Enables real-time scanning for malware, spyware, and other unwanted software.
  • 行為監視 - 讓 Defender 在裝置上檢查某些已知模式的可疑活動。Behavior monitoring - Lets Defender check for certain known patterns of suspicious activity on devices.
  • 網路檢查系統 (NIS) - NIS 可協助保護裝置免於遭受網路型入侵。Network Inspection System (NIS) - NIS helps to protect devices against network-based exploits. 它會使用 Microsoft Endpoint Protection 中心提供之已知弱點的病毒碼,協助偵測及阻擋惡意流量。It uses the signatures of known vulnerabilities from the Microsoft Endpoint Protection Center to help detect and block malicious traffic.
  • 掃描所有下載 - 控制 Defender 是否掃描從網際網路下載的所有檔案。Scan all downloads - Controls whether Defender scans all files downloaded from the Internet.
  • 掃描 Microsoft Web 瀏覽器中所載入的指令碼 - 讓 Defender 可掃描 Internet Explorer 中所使用的指令碼。Scan scripts loaded in Microsoft web browsers - Lets Defender scan scripts that are used in Internet Explorer.
  • Defender 的使用者存取 - 控制是否對使用者隱藏 Windows Defender 使用者介面。End user access to Defender - Controls whether the Windows Defender user interface is hidden from end users. 變更此設定後,要在使用者電腦下次重新啟動時才會生效。When this setting is changed, it takes effect the next time the end user's PC is restarted.
  • 病毒碼更新間隔 (小時) - 指定 Defender 查看是否有新的病毒碼檔案的間隔。Signature update interval (in hours) - Specify the interval at which Defender checks for new signature files.
  • 監視檔案與程式活動 - 允許 Defender 監視裝置上的檔案和程式活動。Monitor file and program activity - Allows Defender to monitor file and program activity on devices.
  • 多少天之後刪除隔離的惡意程式碼 - 在您指定的天數內,讓 Defender 繼續追蹤已解決的惡意程式碼,讓您可以手動檢查先前受影響的裝置。Days before deleting quarantined malware - Lets Defender continue to track resolved malware for the number of days you specify so that you can manually check previously affected devices. 如果您將此天數設為 0,惡意程式碼會保留在「隔離」資料夾,而且不會自動移除。If you set the number of days to 0, malware remains in the Quarantine folder and is not automatically removed.
  • 掃描期間的 CPU 使用率限制 - 讓您限制掃描可以使用的 CPU 資源數量 (從 1100)。CPU usage limit during a scan - Lets you limit the amount of CPU that scans are allowed to use (from 1 to 100).
  • 掃描封存檔 - 允許 Defender 掃描封存的檔案,例如 .zip 或 .cab 檔案。Scan archive files - Allows Defender to scan archived files such as Zip or Cab files.
  • 掃描內送郵件訊息 - 允許 Defender 在電子郵件訊息到達裝置時加以掃描。Scan incoming mail messages - Allows Defender to scan email messages as they arrive on the device.
  • 在完整掃描期間掃描抽取式磁碟機 - 讓 Defender 可掃描像是 USB 隨身碟之類的抽取式磁碟機。Scan removable drives during a full scan - Lets Defender scan removable drives like USB sticks.
  • 在完整掃描期間掃描對應的網路磁碟機 - 讓 Defender 可掃描對應網路磁碟機上的檔案。Scan mapped network drives during a full scan - Lets Defender scan files on mapped network drives.
    如果磁碟機上的檔案是唯讀,則 Defender 無法移除在其中發現的任何惡意程式碼。If the files on the drive are read-only, Defender cannot remove any malware found in them.
  • 掃描從網路資料夾中開啟的檔案 - 讓 Defender 在共用網路磁碟機上掃描檔案 (例如,從 UNC 路徑存取的檔案)。Scan files opened from network folders - Lets Defender scan files on shared network drives (for example, files accessed from a UNC path). 如果磁碟機上的檔案是唯讀,則 Defender 無法移除在其中發現的任何惡意程式碼。If the files on the drive are read-only, Defender cannot remove any malware found in them.
  • 雲端保護 - 允許或封鎖 Microsoft Active Protection Service 從您管理的裝置接收惡意程式碼活動的相關資訊。Cloud protection - Allows or blocks the Microsoft Active Protection Service from receiving information about malware activity from devices that you manage. 此資訊未來可用於改善本服務。This information is used to improve the service in the future.
  • 在提交範例之前提示使用者 - 控制可能需要進一步分析的潛在惡意檔案,是否自動傳送給 Microsoft。Prompt users before sample submission - Controls whether potentially malicious files that might require further analysis are automatically sent to Microsoft.
  • 執行每日快速掃描的時間 - 讓您排程每天在您選取的時間進行快速掃描。Time to perform a daily quick scan - Lets you schedule a quick scan that occurs daily at the time you select.
  • 要執行的系統掃描類型 - 可讓您指定排程系統掃描時執行的掃描層級。Type of system scan to perform - Lets you specify the level of scanning that is performed when you schedule a system scan.
  • 偵測潛在的不必要應用程式 – 選擇 Windows 用以偵測潛在的不必要應用程式的保護層級:Detect potentially unwanted applications – Choose the level of protection when Windows detects potentially unwanted applications from: - 封鎖Block - 稽核 如需潛在的不必要應用程式的詳細資訊,請參閱本主題Audit For more information about potentially unwanted apps, see this topic.
  • 對偵測到的惡意程式碼威脅採取的動作 – 啟用此選項,可指定您希望 Defender 針對它偵測到的每種威脅等級 (低、中、高及嚴重) 所採取的動作。Actions on detected malware threats – Enable this option to specify the actions you want Defender to take for each threat level it detects (Low, Moderate, High, and Severe). 您可以採取的動作如下:The actions you can take are:
    • 清除Clean
    • 隔離Quarantine
    • 移除Remove
    • 允許Allow
    • 使用者定義User defined
    • 封鎖Block

Windows Defender 防毒軟體排除Windows Defender Antivirus Exclusions

  • 不進行掃描和即時保護的檔案和資料夾 - 將一或多個 C:\Path%ProgramFiles%\Path\filename.exe 等檔案與資料夾,新增至排除清單。Files and folders to exclude from scans and real-time protection - Adds one or more files and folders like C:\Path or %ProgramFiles%\Path\filename.exe to the exclusions list. 任何即時或已排程的掃描都不會包含這些檔案和資料夾。These files and folders aren't included in any real-time or scheduled scans.
  • 不進行掃描和即時保護的副檔名 - 新增一或多個檔案副檔名,像是 jpgtxt 至排除清單中。File extensions to exclude from scans and real-time protection - Add one or more file extensions like jpg or txt to the exclusions list. 任何即時掃描或排定的掃描,都不會包含有這些副檔名的任何檔案。Any files with these extensions are not included in any real-time or scheduled scans.
  • 排除不進行掃描和即時保護的程序 - 新增一或多個類型為 .exe.com.scr 等處理序至排除清單中。Processes to exclude from scans and real-time protection - Add one or more processes of the type .exe, .com, or .scr to the exclusions list. 任何即時或已排程的掃描都不會包含這些處理序。These processes are not included in any real-time, or scheduled scans.

網路 ProxyNetwork proxy

  • 自動偵測 Proxy 設定 - 啟用時,裝置會嘗試尋找 PAC 指令碼的路徑。Automatically detect proxy settings - When enabled, the device attempts to find the path to a PAC script.
  • 使用 Proxy 指令碼 - 如果您想要指定 PAC 指令碼路徑以設定 Proxy 伺服器,請選取此設定。Use proxy script - Select this if you want to specify a path to a PAC script to configure the proxy server.
    • 設定指令碼位址 URL - 輸入您想要用於設定 Proxy 伺服器的 PAC 指令碼 URL。Setup script address URL - Enter the URL of a PAC script you want to use to configure the proxy server.
  • 使用手動 Proxy 伺服器 - 如果您想要手動提供 Proxy 伺服器資訊,請選取此設定。Use manual proxy server - Select this if you want to manually provide proxy server information.
    • 位址 - 輸入 Proxy 伺服器的名稱或 IP 位址。Address - Enter the name, or IP address of the proxy server.
    • 連接埠號碼 - 輸入 Proxy 伺服器的連接埠號碼。Port number - Enter the port number of your proxy server.
    • Proxy 例外狀況 - 輸入任何不得使用 Proxy 伺服器的 URL。Proxy exceptions - Enter any URLs that must not use the proxy server. 請使用分號來分隔每個項目。Use a semicolon to separate each item.
    • 為本機位址略過 Proxy 伺服器 - 如果您不想要針對內部網路上的本機位址使用 Proxy 伺服器,請啟用此選項。Bypass proxy server for local address - If you don't want to use the proxy server for local addresses on your intranet, enable this option.

Windows 焦點Windows Spotlight

  • Windows 焦點 - 使用此設定可封鎖 Windows 10 裝置上的所有 Windows 焦點功能。Windows Spotlight – Use this setting to block all Windows Spotlight functionality on Windows 10 devices. 如果您封鎖這項設定,則無法使用下列設定。If you block this setting, the following settings are not available.
    • 鎖定畫面上的 Windows 焦點 – 阻止 Windows 焦點在裝置鎖定畫面上顯示資訊。Windows Spotlight on lock screen – Stop Windows Spotlight from displaying information on the device lock screen.
    • Windows 焦點中的第三方建議 – 阻止 Windows 焦點建議不是由 Microsoft 發佈的內容。Third-party suggestions in Windows Spotlight – Stop Windows Spotlight from suggesting content that is not published by Microsoft.
    • 消費者功能 - 讓您封鎖如 [開始] 功能表建議和成員資格通知等消費者功能。Consumer Features - Lets you block consumer features like Start menu suggestions, and membership notifications.
    • Windows 提示 - 讓您封鎖快顯提示於 Windows 中顯示。Windows Tips - Lets you block pop-up tips from displaying in Windows.
    • 控制中心的 Windows 焦點 – 封鎖 Windows 焦點建議 (如新的應用程式或安全性內容),使其不要出現在 Windows 控制中心。Windows Spotlight in action center – Block Windows Spotlight suggestions like new app or security content from appearing in the Windows Action Center.
    • Windows 焦點個人化 – 阻止 Windows 焦點根據裝置的使用方式將結果個人化。Windows Spotlight personalization – Stops Windows Spotlight from personalizing results based on the usage of a device.
    • Windows 歡迎使用體驗 – 封鎖 Windows 歡迎使用體驗,該體驗會顯示有關新功能或更新功能的使用者資訊。Windows welcome experience – Block the Windows welcome experience that shows the user information about new, or updated features.

投影Projection

  • 來自無線顯示器接收器的使用者輸入 - 封鎖來自無線顯示器接收器的使用者輸入。User input from wireless display receivers - Blocks user input from wireless display receivers.
  • 投影到此電腦 - 阻止其他裝置探索該電腦以進行投影。Projection to this PC - Stops other devices from discovering the PC for projection.
  • 要求提供 PIN 以進行配對 - 於連線至投影裝置時要求 PIN。Require PIN for pairing - Require a PIN when connecting to a projection device.

雲端印表機Cloud Printer

  • 印表機探索 URL - 用於探索雲端印表機的端點。Printer discovery URL -Endpoint for discovering cloud printers.
  • 印表機存取授權 URL - 用於取得 OAuth 權杖的驗證端點。Printer access authority URL - Authentication endpoint for acquiring OAuth tokens.
  • Azure 原生用戶端應用程式 GUID - GUID,識別已有授權可從 OAuthAuthority 擷取 OAuth 權杖的用戶端應用程式。Azure native client app GUID - GUID of a client application authorized to retrieve OAuth tokens from the OAuthAuthority.
  • 列印服務資源 URI - 列印服務的 OAuth 資源 URI,如 Azure 入口網站中所設定。Print service resource URI - OAuth resource URI for print service as configured in Azure portal.
  • 要查詢的印表機上限 (僅限行動裝置) - 應該從探索端點查詢的印表機數目上限。Maximum printers to query (Mobile only) - Maximum number of printers that should be queried from a discovery endpoint.
  • 印表機探索服務資源 URI - 印表機探索服務的 OAuth 資源 URI,如 Azure 入口網站中所設定。Printer discovery service resource URI - OAuth resource URI for printer discovery service as configured in the Azure portal.

本機印表機Local Printer

  • 印表機 - 已新增的本機印表機清單。Printers - List of local printers that have been added.
  • 預設印表機 - 設定預設印表機。Default printer - Set the default printer.
  • 使用者存取新增新印表機 - 允許或封鎖使用本機印表機。User access to add new printers - Allow or block use of local printers.

報告和遙測Reporting and Telemetry

  • 共用使用方式資料 - 選取診斷資料傳送層級。Share usage data - Select level of diagnostic data submission.

  • 遙測 Proxy 伺服器Telemetry proxy server

    指定要用來轉送「已連線使用者體驗與遙測」要求 (使用安全通訊端層 (SSL) 連線) 之 Proxy 伺服器的完整網域名稱 (FQDN) 或 IP 位址。Specify the fully qualified domain name (FQDN) or IP address of a proxy server to forward Connected User Experiences and Telemetry requests, using a Secure Sockets Layer (SSL) connection. 此設定的格式是伺服器:連接埠The format for this setting is server:port. 若具名 Proxy 失敗,或若啟用此原則時未指定 Proxy,「已連線使用者體驗與遙測」資料不會傳輸且會留在本機裝置上。If the named proxy fails, or if there is no proxy specified when this policy is enabled, the Connected User Experiences and Telemetry data is not transmitted and remains on the local device.

    範例格式:Example formats:

    IPv4:192.246.246.106:100IPv4: 192.246.246.106:100
    IPv6:[2001:4898:4010:4013:95c1:a8b2:953c:c633]:100IPv6: [2001:4898:4010:4013:95c1:a8b2:953c:c633]:100
    FQDN:www.contoso.com:345FQDN: www.contoso.com:345

訊息傳送Messaging

  • 訊息同步 (僅限行動裝置) - 停用訊息中心橋接和文字訊息備份及還原。Message sync (mobile only) - Disable Messaging Everywhere and text message backup and restore.
  • 多媒體訊息 (僅限行動裝置) - 停用裝置上的多媒體訊息傳送/接收功能。MMS (mobile only) - Disable the MMS send/receive functionality on the device.
  • RCS (僅限行動裝置) - 停用裝置上的 Rich Communication Services 傳送/接收功能。RCS (mobile only) - Disable the Rich Communication Services send/receive functionality on the device.