如何設定 iOS Classroom 應用程式的 Intune 設定How to configure Intune settings for the iOS Classroom app

適用對象:Azure 入口網站的 IntuneApplies to: Intune in the Azure portal
您需要傳統入口網站的 Intune 相關文件嗎?Looking for documentation about Intune in the classic portal? 請移至這裡Go here.

簡介Introduction

Classroom 應用程式可協助老師在課堂中引導學習,並控制學生的裝置。Classroom is an app that helps teachers to guide learning, and control student devices in the classroom. 例如,老師使用應用程式可以︰For example, using the app, a teacher can:

  • 開啟學生裝置上的應用程式Open apps on student devices
  • 鎖定和解除鎖定 iPad 螢幕Lock, and unlock the iPad screen
  • 檢視學生的 iPad 螢幕View the screen of a student iPad
  • 將學生的 iPad 導覽至一本書的書籤或章節Navigate students iPads to a bookmark, or chapter in a book
  • 將學生的 iPad 螢幕顯示到 Apple 電視上Display the screen from a student iPad on an Apple TV

使用 Intune iOS 教育裝置設定檔,以及本主題中的資訊,可協助您設定 Classroom 應用程式,以及在其中使用此應用程式的裝置。Use the Intune iOS Education device profile, and the information in this topic to help you set up the Classroom app, and the devices on which you use it.

開始之前Before you start

開始進行這些設定之前,請先考慮下列事項:Consider the following before you begin to configure these settings:

  • 老師和學生都必須在 Intune 中註冊 iPadBoth teachers and student iPads must be enrolled in Intune
  • 確認您已在老師的裝置上安裝 Apple Classroom 應用程式。Ensure that you have installed the Apple Classroom app on the teacher’s device. 您可以手動或使用 Intune 應用程式管理安裝此應用程式。You can either install the app manually, or use Intune app management.
  • 您必須設定憑證來驗證老師裝置和學生裝置之間的連線 (請參閱步驟 2)You must configure certificates to authenticate connections between teacher and student devices (see Step 2)
  • 老師和學生的 iPad 必須位於相同的 Wi-Fi 網路,而且也都啟用藍牙Teacher and student iPads must be on the same Wi-Fi network, and also have Bluetooth enabled
  • Classroom 應用程式是在執行 iOS 9.3 或更新版本之受監督的 iPad 上執行The Classroom app runs on supervised iPads running iOS 9.3 or later
  • 在此版本中,Intune 支援管理每個學生都有自己專用 iPad 的 1 對 1 案例In this release, Intune supports managing a 1:1 scenario where each student has their own dedicated iPad

步驟 1 - 將學校資料匯入至 Azure Active DirectoryStep 1 - Import your school data into Azure Active Directory

使用 Microsoft 的學校資料同步處理 (SDS) 從現有的學生資訊系統 (SIS) 將學校記錄匯入至 Azure Active Directory (Azure AD)。Use Microsoft's School Data Sync (SDS) to import school records from an existing Student Information System (SIS) to Azure Active Directory (Azure AD). SDS 會同步處理 SIS 的資訊,並將它儲存在 Azure AD 中。SDS synchronizes information from your SIS and stores it in Azure AD. Azure AD 是一套可協助您組織使用者與裝置的 Microsoft 管理系統。Azure AD is a Microsoft management system that helps you organize users and devices. 之後,您就可以使用這些資料來協助管理您的學生和課程。You can then use this data to help you manage your students and classes. 深入了解如何部署 SDSLearn more about how to deploy SDS.

如何使用 SDS 匯入資料How to import data using SDS

您可以使用下列其中一種方法,將資訊匯入至 SDS:You can import information into SDS by using one of the following methods:

  • CSV 檔案 - 手動匯出並編譯逗號分隔值 (.csv) 檔案CSV files - Manually export and compile comma-separated value (.csv) files
  • PowerSchool API - 簡化 Azure AD 同步流程的 SIS 提供者PowerSchool API - An SIS provider that simplifies syncing with Azure AD
  • Clever API - 直接與 Azure AD 進行同步處理的身分識別管理解決方案Clever API - An identity management solution that syncs directly with Azure AD
  • OneRoster - 您可以匯出並轉換成此種 CSV 格式以便與 Azure AD 同步OneRoster - A CSV format that you can export and convert to sync with Azure AD

深入了解Find out more

步驟 2 - 在 Intune 中建立並指派 iOS 教育設定檔Step 2 - Create and assign an iOS Education profile in Intune

設定一般設定Configure general settings

  1. 登入 Azure 入口網站。Sign into the Azure portal.
  2. 選擇 [更多服務] > [監視 + 管理] > [Intune]。Choose More Services > Monitoring + Management > Intune.
  3. 在 [Intune] 刀鋒視窗中選擇 [設定裝置]。On the Intune blade, choose Configure devices.
  4. 在 [裝置設定] 刀鋒視窗中,選擇 [管理] > [設定檔]。On the Device Configuration blade, choose Manage > Profiles.
  5. 在設定檔刀鋒視窗中,選擇 [建立設定檔]。On the profiles blade, choose Create Profile.
  6. 在 [建立設定檔] 刀鋒視窗中,為 iOS 教育設定檔輸入 [名稱] 及 [描述]。On the Create Profile blade, enter a Name and Description for the iOS education profile.
  7. 從 [平台] 下拉式清單中,選擇 [iOS]。From the Platform drop-down list, choose iOS.
  8. 從 [設定檔類型] 下拉式清單中,選擇 [教育]。From the Profile type drop-down list, choose Education.
  9. 選擇 [設定] > [設定]。Choose Settings > Configure.

接下來,您需要憑證才能建立老師和學生 iPad 之間的信任關係。Next, you need certificates to establish a trust relationship between teacher and student iPads. 憑證是用來順暢且無訊息地驗證裝置之間的連線,而不需要輸入使用者名稱和密碼。Certificates are used to seamlessly and silently authenticate connections between devices without having to enter user names and passwords.

重要

您使用的老師和學生憑證必須由不同的憑證授權單位 (CA) 發行。The teacher and student certificates you use must be issued by different certification authorities (CAs). 您必須建立兩個新的次級 CA,連線到現有的憑證基礎結構。一個供老師使用,一個供學生使用。You must create two new subordinate CAs connected to your existing certificate infrastructure; one for teachers, and one for students.

iOS 教育設定檔只支援 PFX 憑證。iOS education profiles support only PFX certificates. 不支援 SCEP 憑證。SCEP certificates are not supported.

您建立的憑證除了支援使用者驗證,還必須支援伺服器驗證。Certificates you create must support server authentication in addition to user authentication.

設定老師憑證Configure teacher certificates

在 [教育] 刀鋒視窗中,選擇 [老師憑證]。On the Education blade, choose Teacher certificates.

設定老師根憑證Configure teacher root certificate

在 [老師根憑證] 下,選擇瀏覽按鈕以選取副檔名為 .cer (DER 或 Base64 編碼) 或 .P7B (不論有無完整鏈結) 的老師根憑證。Under Teacher root certificate, choose the browse button to select the teacher root certificate with the extension .cer (DER, or Base64 encoded), or .P7B (with or without full chain).

設定老師 PKCS#12 憑證Configure teacher PKCS#12 certificate

在 [老師 PKCS #12 憑證] 下,設定下列值︰Under Teacher PKCS#12 certificate, configure the following values:

  • 主體名稱格式 - Intune 會自動為老師憑證的憑證一般名稱前面加上 leader,然後為學生憑證的憑證一般名稱前面加上 memberSubject name format - Intune automatically prefixes the certificate common name with leader, for the teacher certificate, and member, for the student certificate.
  • 憑證授權單位:在企業版 Windows Server 2008 R2 或更新版本上執行的企業憑證授權單位 (CA)。Certification authority - An Enterprise Certification Authority (CA) that runs on an Enterprise edition of Windows Server 2008 R2 or later. 不支援獨立 CA。A Standalone CA is not supported.
  • 憑證授權單位名稱:輸入您的憑證授權單位名稱。Certification authority name - Enter the name of your certification authority.
  • 憑證範本名稱 - 輸入已新增至發行 CA 的憑證範本名稱。Certificate template name - Enter the name of a certificate template that has been added to an issuing CA.
  • 更新閾值 (%) - 指定裝置要求憑證更新之前,剩餘的憑證存留時間百分比。Renewal threshold (%) - Specify the percentage of the certificate lifetime that remains before the device requests renewal of the certificate.
  • 憑證有效期間 - 指定憑證到期之前的剩餘時間。Certificate validity period - Specify the amount of remaining time before the certificate expires. 您可以指定一個比憑證範本中指定之有效期間更低,而不是更高的值。You can specify a value that is lower than the validity period in the specified certificate template, but not higher. 舉例來說,如果憑證範本中的憑證有效期間為兩年,您可以指定一年而不是五年的值。For example, if the certificate validity period in the certificate template is two years, you can specify a value of one year but not a value of five years. 此值也必須低於發行 CA 憑證的剩餘有效期間。The value must also be lower than the remaining validity period of the issuing CA certificate.

當您完成設定憑證時,請選擇 [確定]。When you have finished configuring certificates, choose OK.

設定學生憑證Configure student certificates

  1. 在 [教育] 刀鋒視窗中,選擇 [學生憑證]。On the Education blade, choose Student certificates.
  2. 在 [學生憑證] 刀鋒視窗中,從 [學生裝置憑證] 類型清單中,選擇 [1:1]。On the Student certificates blade, from the Student device certificates type list, choose 1:1.

設定學生根憑證Configure student root certificate

在 [學生根憑證] 下,選擇瀏覽按鈕以選取副檔名為 .cer (DER 或 Base64 編碼) 或 .P7B (不論有無完整鏈結) 的學生根憑證。Under Student root certificate, choose the browse button to select the student root certificate with the extension .cer (DER, or Base64 encoded), or .P7B (with or without full chain).

設定學生 PKCS#12 憑證Configure student PKCS#12 certificate

在 [學生 PKCS #12 憑證] 下,設定下列值︰Under Student PKCS#12 certificate, configure the following values:

  • 主體名稱格式 - Intune 會自動為老師憑證的憑證一般名稱前面加上 leader,然後為學生憑證的憑證一般名稱前面加上 memberSubject name format - Intune automatically prefixes the certificate common name with leader, for the teacher certificate, and member, for the student certificate.
  • 憑證授權單位:在企業版 Windows Server 2008 R2 或更新版本上執行的企業憑證授權單位 (CA)。Certification authority - An Enterprise Certification Authority (CA) that runs on an Enterprise edition of Windows Server 2008 R2 or later. 不支援獨立 CA。A Standalone CA is not supported.
  • 憑證授權單位名稱:輸入您的憑證授權單位名稱。Certification authority name - Enter the name of your certification authority.
  • 憑證範本名稱 - 輸入已新增至發行 CA 的憑證範本名稱。Certificate template name - Enter the name of a certificate template that has been added to an issuing CA.
  • 更新閾值 (%) - 指定裝置要求憑證更新之前,剩餘的憑證存留時間百分比。Renewal threshold (%) - Specify the percentage of the certificate lifetime that remains before the device requests renewal of the certificate.
  • 憑證有效期間 - 指定憑證到期之前的剩餘時間。Certificate validity period - Specify the amount of remaining time before the certificate expires. 您可以指定一個比憑證範本中指定之有效期間更低,而不是更高的值。You can specify a value that is lower than the validity period in the specified certificate template, but not higher. 舉例來說,如果憑證範本中的憑證有效期間為兩年,您可以指定一年而不是五年的值。For example, if the certificate validity period in the certificate template is two years, you can specify a value of one year but not a value of five years. 此值也必須低於發行 CA 憑證的剩餘有效期間。The value must also be lower than the remaining validity period of the issuing CA certificate.

當您完成設定憑證時,請選擇 [確定]。When you are finished configuring certificates, choose OK.

完成Finish up

  1. 在 [教育] 刀鋒視窗中,選擇 [確定]。On the Education blade, choose OK.
  2. 在 [建立設定檔] 刀鋒視窗中,選擇 [建立]。On the Create Profile blade, choose Create.

設定檔隨即建立,並出現在 [設定檔清單] 刀鋒視窗上。The profile is created and appears on the profiles list blade.

針對當您將學校資料與 Azure AD 同步時所建立的課堂群組,將設定檔指派給群組中的學生裝置。請參閱如何指派裝置設定檔Assign the profile to student devices in the classroom groups that were created when you synchronized your school data with Azure AD (see How to assign device profiles.

後續步驟Next steps

現在,當老師使用 Classroom 應用程式時,就可以完整控制學生裝置。Now, when a teacher uses the Classroom app, they will have full control over student devices.

如需 Classroom 應用程式的詳細資訊,請參閱 Apple 網站上的課堂輔助說明For more information about the Classroom app, see Classroom help, on the Apple web site.

如果您想要設定共用的 iPad 裝置學生版,請參閱如何設定共用 iPad 裝置的 Intune 教育設定If you want to configure shared iPad devices for students, see How to configure Intune education settings for shared iPad devices.