從建立原則開始Get started with creating policies

Intune 原則是註冊裝置並確保其符合您公司原則的絶佳方法。Intune policies are a great way to enroll devices, and make sure they comply with your corporate policies. 合規性原則可協助管理特殊裝置類型,例如公司擁有的 Kiosk,以及管理個人 (攜帶您自己) 的裝置、平板電腦和無使用者裝置。Compliance policies help manage specialized device types, such as corporate-owned kiosks, and personal (Bring Your Own) devices, tablets, and user-less devices.

具有少數資料的相容性儀表板

使用合規性原則可管理行動裝置,包括:Mobile devices can be managed using compliance policies, including:

  • 管理使用者在 Intune 中註冊的裝置數目Regulate the number of devices a user enrolls in Intune
  • 管理裝置設定,例如裝置層級加密、密碼長度和相機使用方式Manage device settings, such as device-level encryption, password length, and camera usage
  • 提供應用程式、電子郵件設定檔、VPN 設定檔等Deliver apps, email profiles, VPN profiles, and more
  • 評估安全性合規性原則的裝置層級準則Evaluate device-level criteria for security compliance policies

為每個平台建立合規性原則,例如 iOS、Android、Windows 等。Compliance policies are created for each platform, such as iOS, Android, Windows, and more. 在此練習中,請使用 iOS。For this exercise, use iOS. 下列是 iOS 裝置可用的原則:The following policies are available for iOS devices:

  • PIN 碼或密碼設定PIN or password configuration
  • 裝置加密Device encryption
  • 已進行 JB 破解的裝置Jailbroken device
  • 電子郵件設定檔Email profile
  • 最低 OS 版本Minimum OS version
  • 最高 OS 版本Maximum OS version

建立原則Create a policy

  1. 登入 Azure 入口網站Sign in to the Azure portal.

  2. 選取 [All services] (所有服務),篩選 [Intune],然後選取 [Microsoft Intune]。Select All services, filter on Intune, and select Microsoft Intune.

  3. 選取 [裝置相容性] > [原則] > [建立原則]。Select Device compliance > Policies > Create Policy.

  4. 輸入原則的 [名稱] 和 [描述]。Enter a policy Name and a Description.

  5. 針對 [平台],選取 [iOS]。For the Platform, select iOS.

  6. 在 [設定] 中,選取 [系統安全性],然後將 [需要密碼才可解除鎖定行動裝置] 設定為 [需要]。In Settings, select System Security, and then set Require a password to unlock mobile devices to Require.

    您也可以設定其他規則,例如:You can also set other rules, such as:

    • 密碼長度下限Minimum password length
    • 必要的密碼類型Required password type
    • 密碼中的非英數字元數Number of non-alphanumeric characters in password

    設定完成您的原則之後,選取 [確定]。When finished setting up your policy, select OK.

  7. 回到 [建立原則],然後選取 [建立]。Go back to Create policy, and select Create. 此步驟會建立原則,並在 [裝置合規性] > [原則] 中列出您的原則。This step creates the policy, and lists your policy in Device compliance > Policies.

  8. 選取您的新原則,然後選擇 [指派]。Select your new policy, and choose Assignments. 您可以包含或排除 Azure Active Directory (AD) 安全性群組。You can include or exclude Azure Active Directory (AD) security groups. 選擇 [選取的群組] 以查看您現有的 Azure AD 安全性群組。Choose Selected groups to see your existing Azure AD security groups. 選取要套用這項原則的使用者群組,然後選擇 [儲存] 將原則部署給使用者。Select the user groups you want this policy to apply, and choose Save to deploy the policy to users.

為符合新的公司原則,幾分鐘後,您的已註冊裝置會提示輸入更新的密碼。To be compliant with the new corporate policy, after a few minutes, your enrolled device prompts for an updated password. 您可在 iOS 版公司入口網站應用程式中手動檢查更新。You can manually check for the update in the Company Portal app for iOS. 開啟公司入口網站應用程式,選取裝置名稱,然後選取 [同步]。Open the Company Portal app, select the device name, and then select Sync.

注意

套用至動態裝置群組的新原則最多可能需要八小時才能套用至群組中的所有裝置。New policies applied to a dynamic device group may take up to eight hours to apply to all devices in the group.

接下來的步驟Next steps

開始註冊裝置 - 透過 iOS 裝置的完整註冊體驗,來學習註冊體驗。Get started enrolling devices - Learn the enrollment experience by going through a full enrollment experience of an iOS device.

深入了解Learn more