當 Android 應用程式交由應用程式保護原則管理時的行為What to expect when your Android app is managed by app protection policies

適用於︰IntuneApplies to: Intune
本主題適用於 Azure 入口網站和傳統入口網站中的 Intune。This topic applies to Intune in both the Azure portal and the classic portal.

本主題說明應用程式保護原則所管理應用程式的使用者體驗。This topic describes the user experience for apps with app protection policies. 應用程式保護原則只適用於工作環境中使用的應用程式:例如,當使用者使用工作帳戶來存取應用程式,或存取公司商務用 OneDrive 地點中所儲存的檔案。App protection policies are applied only when apps are used in a work context: for example, when the user is accessing apps with a work account or accessing files that are stored in a company OneDrive business location.

存取應用程式Access apps

所有與 Android 裝置上應用程式保護原則關聯的應用程式,都需要公司入口網站應用程式。The Company Portal app is required for all apps that are associated with app protection policies on Android devices.

對於不在 Intune 中註冊的裝置,公司入口網站應用程式必須安裝在裝置上。For devices that are not enrolled in Intune, the Company Portal app must be installed on the device. 不過,使用者不需要先啟動或登入公司入口網站應用程式,即可使用應用程式保護原則所管理的應用程式。However, the user does not have to launch or sign into the Company Portal app before they can use apps that are managed by app protection policies.

公司入口網站應用程式可讓 Intune 分享在安全位置中的資料。The Company Portal app is a way for Intune to share data in a secure location. 因此,即使裝置並未在 Intune 中註冊,應用程式保護原則關聯的所有應用程式仍都需要公司入口網站應用程式。Therefore, the Company Portal app is a requirement for all apps that are associated with app protection policies, even if the device is not enrolled in Intune.

使用具有多重身分識別支援的應用程式Use apps with multi-identity support

應用程式保護原則只適用於工作環境。App protection polices are only applied in the work context. 因此,應用程式可能因工作環境或個人環境而有不同的行為。Therefore, the app might behave differently depending on whether the context is work or personal.

例如,使用者會在存取工作資料時看到 PIN 提示。For example, the user gets a PIN prompt when accessing work data. 針對 Outlook 應用程式,使用者在啟動應用程式時,系統會提示使用者輸入 PIN。For the Outlook app, the user is prompted for a PIN when they launch the app. 針對 OneDrive 應用程式,使用者輸入工作帳戶時,系統會提示使用者輸入 PIN。For the OneDrive app, the user is prompted for the pin when they type in the work account. 針對 Microsoft WordPowerPointExcel,當使用者存取公司商務用 OneDrive 位置中所儲存的文件時,系統會提示使用者輸入 PIN。For Microsoft Word, PowerPoint, and Excel, the user is prompted for the pin when they access documents that are stored in the company OneDrive for Business location.

管理裝置上的使用者帳戶Manage user accounts on the device

Intune 僅支援將應用程式保護原則部署到每個裝置的一個使用者帳戶。Intune supports the deployment of app protection policies to one user account per device only.

  • 根據您所使用的應用程式,可能會封鎖裝置上的第二個使用者。Depending on the app that you're using, the second user might be blocked on the device. 在所有情況下,只有套用應用程式保護原則的第一位使用者會受原則影響。However, in all cases, only the first user who gets the app protection policies is affected by the policy.

    • Microsoft WordExcelPowerPoint 不會封鎖第二個使用者帳戶,但第二個使用者帳戶不會受應用程式保護原則影響。Microsoft Word, Excel, and PowerPoint don't block a second user account, but the second user account is not affected by the app protection policies.

    • 若為 OneDriveOutlook 應用程式,您只能使用一個工作帳戶。For OneDrive and Outlook apps, you can only use one work account. 您無法針對這些應用程式新增多個工作帳戶。You can't add multiple work accounts for these apps. 不過,您可以在裝置上移除使用者並新增不同的使用者。You can however, remove a user and add a different user on the device.

  • 若裝置在應用程式保護原則部署之前已有多個使用者帳戶,則應用程式保護原則所部署的第一個帳戶將由 Intune 應用程式保護原則管理。If a device has existing multiple user accounts before the app protection policies are deployed, the account that the app protection policies are deployed to first is managed by Intune app protection policies.

閱讀下列案例範例以深入了解如何處理多個使用者帳戶。Read the following example scenario to get a deeper understanding of how multiple user accounts are treated.

使用者 A 為兩家公司服務 - X 公司Y 公司。使用者 A 在這兩家公司各有一個工作帳戶,且兩者全都使用 Intune 部署應用程式保護原則。User A works for two companies—Company X and Company Y. User A has a work account for each company, and both use Intune to deploy app protection policies. X 公司部署先於 Y 公司部署應用程式保護原則。X 公司關聯的帳戶將得到應用程式保護原則,Y 公司關聯的帳戶則否。如果您希望 Y 公司關聯的使用者帳戶受應用程式保護原則管理,您必須移除與 X 公司關聯的使用者帳戶。Company X deploys app protection policies before Company Y. The account that's associated with Company X gets the app protection policy, but not the account that's associated with Company Y. If you want the user account that's associated with Company Y to be managed by the app protection policies, you must remove the user account that's associated with Company X.

新增第二個帳戶Add a second account

AndroidAndroid

如果您使用 Android 裝置,則可能會看到封鎖訊息,其中包含有關如何移除現有帳戶並新增帳戶的指示。If you are using an Android device, you might see a blocking message with instructions to remove the existing account and add a new one. 若要移除現有帳戶,請移至 [設定] > [一般] > [應用程式管理員] > [公司入口網站]。To remove the existing account, go to Settings >General > Application Manager >Company Portal. 然後選擇 [清除資料]。Then choose Clear Data.

移除該帳戶的錯誤訊息和指示的螢幕擷取畫面

使用 Azure 資訊保護 App 檢視媒體檔案View media files with the Azure Information Protection app

若要在 Android 裝置上檢視公司 AV、PDF 和影像檔,請使用 Azure 資訊保護 App (先前稱為 Rights Management 共用應用程式)。To view company AV, PDF, and image files on Android devices, use the Azure Information Protection app (previously known as the Rights Management sharing app).

從 Google Play 商店下載這個 App。Download this app from the Google Play store.

支援下列檔案類型:The following file types are supported:

  • 音訊︰AAC LC、HE-AACv1 (AAC+)、HE-AACv2 (增強 AAC+)、AAC ELD (增強低延遲 AAC)、AMR-NB、AMR-WB、FLAC、MP3、MIDI、Ogg Vorbis、PCM/WAVEAudio: AAC LC, HE-AACv1 (AAC+), HE-AACv2 (enhanced AAC+), AAC ELD (enhanced low delay AAC), AMR-NB, AMR-WB, FLAC, MP3, MIDI, Ogg Vorbis, PCM/WAVE
  • 視訊︰H.263、H.264 AVC、MPEG-4 SP、VP8Video: H.263, H.264 AVC, MPEG-4 SP, VP8
  • 影像︰.jpg、.pjpg、.png、.ppng、.bmp、.pbmp、.gif、.pgif、.jpeg、.pjpegImage: .jpg, .pjpg, .png, .ppng, .bmp, .pbmp, .gif, .pgif, .jpeg, .pjpeg
  • 文件:PDF、PPDFDocuments: PDF, PPDF
pfilepfile texttext
Pfile 是適用於受保護檔案的泛型「包裝函式」格式,它會封裝已加密的內容和 Azure 資訊保護授權。Pfile is a generic “wrapper” format for protected files that encapsulates the encrypted content and the Azure Information Protection licenses. 它可用來保護任何檔案類型。It can be used to protect any file type. 文字檔案,包括 XML、CSV 等等可以在 App 中開啟以便進行檢視,即使它們受保護也一樣。Text files, including XML, CSV, and so on, can be opened for viewing in the app even when they are protected. 檔案類型︰.txt、.ptxt、.csv、.pcsv、.log、.plog、.xml、.pxml。File types: .txt, .ptxt, .csv, .pcsv, .log, .plog, .xml, .pxml.

後續步驟Next steps

當 iOS 應用程式交由應用程式保護原則管理時的行為What to expect when your iOS app is managed by app protection policies