當 Android 應用程式交由應用程式保護原則管理時的行為What to expect when your Android app is managed by app protection policies

適用於︰IntuneApplies to: Intune
本主題適用於 Azure 入口網站和傳統入口網站中的 Intune。This topic applies to Intune in both the Azure portal and the classic portal.

本文說明具有應用程式保護原則的應用程式使用者體驗。This article describes the user experience for apps with app protection policies. 應用程式保護原則只適用於工作環境中使用的應用程式:例如,當使用者使用公司帳戶來存取應用程式,或存取儲存於商務用 OneDrive 位置的檔案。App protection policies are applied only when apps are used in a work context: for example, when the user is accessing apps with a work account or accessing files that are stored in a OneDrive for Business location.

存取應用程式Access apps

所有與 Android 裝置上應用程式保護原則關聯的應用程式,都需要公司入口網站應用程式。The Company Portal app is required for all apps that are associated with app protection policies on Android devices.

對於不在 Intune 中註冊的裝置,公司入口網站應用程式必須安裝在裝置上。For devices that are not enrolled in Intune, the Company Portal app must be installed on the device. 不過,使用者不需要先啟動或登入公司入口網站應用程式,即可使用應用程式保護原則所管理的應用程式。However, the user does not have to launch or sign into the Company Portal app before they can use apps that are managed by app protection policies.

公司入口網站應用程式可讓 Intune 分享在安全位置中的資料。The Company Portal app is a way for Intune to share data in a secure location. 因此,即使裝置並未在 Intune 中註冊,應用程式保護原則關聯的所有應用程式仍都需要公司入口網站應用程式。Therefore, the Company Portal app is a requirement for all apps that are associated with app protection policies, even if the device is not enrolled in Intune.

使用具有多重身分識別支援的應用程式Use apps with multi-identity support

應用程式保護原則只適用於工作環境。App protection polices are only applied in the work context. 因此,應用程式可能因工作環境或個人環境而有不同的行為。Therefore, the app might behave differently depending on whether the context is work or personal.

例如,使用者會在存取工作資料時看到 PIN 提示。For example, the user gets a PIN prompt when accessing work data. 針對 Outlook 應用程式,使用者在啟動應用程式時,系統會提示使用者輸入 PIN。For the Outlook app, the user is prompted for a PIN when they launch the app. 針對 OneDrive 應用程式,使用者輸入工作帳戶時,系統會提示使用者輸入 PIN。For the OneDrive app, the user is prompted for the pin when they type in the work account. 針對 Microsoft WordPowerPointExcel,當使用者存取公司商務用 OneDrive 位置中所儲存的文件時,系統會提示使用者輸入 PIN。For Microsoft Word, PowerPoint, and Excel, the user is prompted for the pin when they access documents that are stored in the company OneDrive for Business location.

管理裝置上的使用者帳戶Manage user accounts on the device

多重身分識別應用程式可讓使用者新增多個帳戶。Multi-identity applications allow users to add multiple accounts. Intune 應用程式僅支援一個受控帳戶。Intune APP supports only one managed account. Intune 應用程式不會限制非受控帳戶的數目。Intune APP does not limit the number of unmanaged accounts.

當應用程式中有受控帳戶時:When there is a managed account in an application:

  • 若使用者嘗試新增第二個受控帳戶,系統會要求使用者選取要使用哪個受控帳戶。If a user attempts to add a second managed account, the user is asked to select which managed account to use. 另一個帳戶會移除。The other account is removed.
  • 若 IT 系統管理員對第二個現有帳戶新增原則,系統會要求使用者選取要使用哪個受控帳戶。If the IT admin adds a policy to a second existing account, the user is asked to select which managed account to use. 另一個帳戶會移除。The other account is removed.

閱讀下列案例範例以深入了解如何處理多個使用者帳戶。Read the following example scenario to get a deeper understanding of how multiple user accounts are treated.

使用者 A 為兩家公司服務 - X 公司Y 公司。使用者 A 在這兩家公司各有一個工作帳戶,且兩者全都使用 Intune 部署應用程式保護原則。User A works for two companies—Company X and Company Y. User A has a work account for each company, and both use Intune to deploy app protection policies. X 公司部署先於 Y 公司部署應用程式保護原則。與X 公司建立關聯的帳戶會得到應用程式保護原則,與 Y 公司建立關聯的帳戶則否。如果您希望與 Y 公司建立關聯的使用者帳戶受控於應用程式保護原則,您必須移除與 X 公司建立關聯的使用者帳戶,然後新增與 Y 公司建立關聯的帳戶。Company X deploys app protection policies before Company Y. The account that's associated with Company X gets the app protection policy, but not the account that's associated with Company Y. If you want the user account that's associated with Company Y to be managed by the app protection policies, you must remove the user account that's associated with Company X and add the account that is associated with Company Y.

新增第二個帳戶Add a second account

AndroidAndroid

如果您使用 Android 裝置,則可能會看到封鎖訊息,其中包含有關如何移除現有帳戶並新增帳戶的指示。If you are using an Android device, you might see a blocking message with instructions to remove the existing account and add a new one. 若要移除現有帳戶,請移至 [設定] > [一般] > [應用程式管理員] > [公司入口網站]。To remove the existing account, go to Settings >General > Application Manager >Company Portal. 然後選擇 [清除資料]。Then choose Clear Data.

移除該帳戶的錯誤訊息和指示的螢幕擷取畫面

使用 Azure 資訊保護 App 檢視媒體檔案View media files with the Azure Information Protection app

若要在 Android 裝置上檢視公司 AV、PDF 和影像檔,請使用 Azure 資訊保護 App (先前稱為 Rights Management 共用應用程式)。To view company AV, PDF, and image files on Android devices, use the Azure Information Protection app (previously known as the Rights Management sharing app).

從 Google Play 商店下載這個 App。Download this app from the Google Play store.

支援下列檔案類型:The following file types are supported:

  • **音訊︰**AAC LC、HE-AACv1 (AAC+)、HE-AACv2 (增強 AAC+)、AAC ELD (增強低延遲 AAC)、AMR-NB、AMR-WB、FLAC、MP3、MIDI、Ogg Vorbis、PCM/WAVEAudio: AAC LC, HE-AACv1 (AAC+), HE-AACv2 (enhanced AAC+), AAC ELD (enhanced low delay AAC), AMR-NB, AMR-WB, FLAC, MP3, MIDI, Ogg Vorbis, PCM/WAVE
  • **視訊︰**H.263、H.264 AVC、MPEG-4 SP、VP8Video: H.263, H.264 AVC, MPEG-4 SP, VP8
  • 影像︰.jpg、.pjpg、.png、.ppng、.bmp、.pbmp、.gif、.pgif、.jpeg、.pjpegImage: .jpg, .pjpg, .png, .ppng, .bmp, .pbmp, .gif, .pgif, .jpeg, .pjpeg
  • **文件:**PDF、PPDFDocuments: PDF, PPDF
pfilepfile texttext
Pfile 是適用於受保護檔案的泛型「包裝函式」格式,它會封裝已加密的內容和 Azure 資訊保護授權。Pfile is a generic “wrapper” format for protected files that encapsulates the encrypted content and the Azure Information Protection licenses. 它可用來保護任何檔案類型。It can be used to protect any file type. 文字檔案,包括 XML、CSV 等等可以在 App 中開啟以便進行檢視,即使它們受保護也一樣。Text files, including XML, CSV, and so on, can be opened for viewing in the app even when they are protected. 檔案類型︰.txt、.ptxt、.csv、.pcsv、.log、.plog、.xml、.pxml。File types: .txt, .ptxt, .csv, .pcsv, .log, .plog, .xml, .pxml.

接下來的步驟Next steps

當 iOS 應用程式交由應用程式防護原則管理時的行為What to expect when your iOS app is managed by app protection policies