在 Intune 中註冊 iOS 裝置Enroll iOS devices in Intune

Intune 啟用 iPad 和 iPhone 的行動裝置管理 (MDM),讓使用者存取公司的電子郵件和應用程式。Intune enables mobile device management (MDM) of iPads and iPhones to give users access to company email and apps.

身為 Intune 管理員,您可以啟用 iOS 裝置註冊。As an Intune admin, you can enable enrollment for iOS devices. 您可以允許使用者註冊個人擁有的裝置,又稱為「攜帶您自己的裝置」(BYOD) 註冊。You can allow users to enroll personally owned devices, known as "bring your own device" (BYOD) enrollment. 您也可以啟用公司擁有的裝置註冊。You can also enable enrollment of company-owned devices.

iOS 註冊的必要條件Prerequisites for iOS enrollment

啟用 iOS 裝置之前,請先完成下列步驟:Before you can enable iOS devices, complete the following steps:

使用者擁有的 iOS 裝置 (BYOD)User-owned iOS devices (BYOD)

您可以讓使用者註冊其個人的裝置讓 Intune 管理,這稱為「攜帶您自己的裝置」或 BYOD。You can let users enroll their personal devices for Intune management, know as "bring your own device" or BYOD. 當您完成必要條件及指派使用者授權之後,使用者即可從 App Store 下載 Intune 公司入口網站應用程式,並遵循應用程式中的註冊指示進行。Once you've completed the prerequisites and assigned users licenses, they can download the Intune Company Portal app from the App Store, and follow enrollment instructions in the app.

公司擁有的 iOS 裝置Company-owned iOS devices

針對為使用者購買裝置的組織來說,Intune 可支援下列 iOS 公司擁有裝置的註冊方法:For organizations that purchase devices for their users, Intune supports the following iOS company-owned device enrollment methods:

  • Apple 的裝置註冊計劃 (DEP)Apple's Device Enrollment Program (DEP)
  • Apple School ManagerApple School Manager
  • Apple Configurator 設定助理註冊Apple Configurator Setup Assistant enrollment
  • Apple Configurator 直接註冊Apple Configurator direct enrollment

您也可以使用裝置註冊管理員帳戶,來註冊公司擁有的 iOS 裝置。You can also enroll company-owned iOS devices with a device enrollment manager account.

裝置註冊方案Device Enrollment Program

組織可以透過 Apple 的裝置註冊計劃 (DEP) 購買 iOS 裝置。Organizations can purchase iOS devices through Apple's Device Enrollment Program (DEP). DEP 可以讓您在「線上」部署註冊設定檔,將裝置納入管理。DEP lets you deploy an enrollment profile “over the air” to bring devices into management. 深入了解裝置註冊計劃Learn more about Device Enrollment Program.

Apple School ManagerApple School Manager

Apple School Manager 是針對學校提供的裝置採購暨註冊方案。Apple School Manager is a device purchase and enrollment program for schools. 就像 DEP,您可以部署設定檔以註冊管理的裝置。Like DEP, you can deploy a profile to enroll devices in management. 深入了解 Apple School ManagerLearn more about Apple School Manager.

Apple ConfiguratorApple Configurator

您可以使用 Apple Configurator 在 Mac 電腦上註冊 iOS 裝置。You can enroll iOS devices with Apple Configurator running on a Mac computer. 若要準備裝置,請以 USB 連接它們並安裝註冊設定檔。To prepare devices, you USB-connect them and install an enrollment profile. 使用 Apple Configurator 註冊裝置的方法共有兩種:You can enroll devices with Apple Configurator in two ways:

  • 設定助理註冊 - 將裝置重設為原廠設定,並將裝置備妥可執行設定助理,以及為裝置的新使用者安裝公司原則。Setup Assistant enrollment - Factory resets the device, prepares it to run Setup Assistant, and installs the company's policies for the device’s new user.
  • 直接註冊 - 不會將裝置重設為原廠設定,並使用預先定義的原則來註冊裝置。Direct enrollment - Does not factory-reset the device and enrolls the device with a predefined policy. 這個方法適用於無使用者親和性的裝置。This method is for devices with no user affinity.

深入了解 Apple Configurator 註冊Learn more about Apple Configurator enrollment.

在已註冊 DEP 或 Apple Configurator 的裝置上使用公司入口網站Use the Company Portal on DEP-enrolled or Apple Configurator-enrolled devices

已設定使用者親和性的裝置可以安裝並執行公司入口網站 App,以下載 App 及管理裝置。Devices that are configured with user affinity can install and run the Company Portal app to download apps and manage devices. 使用者收到裝置之後,他們必須完成一些額外步驟,以完成設定助理並安裝公司入口網站 App。After users receive their devices, they must complete a number of additional steps to complete the Setup Assistant and install the Company Portal app.

需要有使用者親和性,才能支援下項項目︰User affinity is required to support the following:

  • 行動應用程式管理 (MAM) 應用程式Mobile application management (MAM) apps
  • 對電子郵件和公司資料進行條件式存取Conditional access to email and company data
  • 公司入口網站應用程式Company Portal app

使用者如何註冊具有使用者親和性的屬公司擁有 iOS 裝置How users enroll corporate-owned iOS devices with user affinity

  1. 當使用者將其裝置開啟時,系統會提示他們完成設定助理。When users turn on their device, they are prompted to complete the Setup Assistant. 設定期間,系統會提示使用者輸入其認證。During setup, users are prompted for their credentials. 他們必須輸入與其 Intune 中訂閱相關聯的認證 (也就是唯一的個人識別碼或 UPN)。They must use the credentials (i.e. the unique personal name or UPN) that are associated with their subscription in Intune.

  2. 設定期間,系統會提示使用者輸入 Apple ID。During setup, users are prompted for an Apple ID. 使用者必須提供 Apple ID 以允許裝置安裝「公司入口網站」。They must provide an Apple ID to allow the device to install the Company Portal. 他們也可以在安裝完成後,從 iOS 設定功能表提供 ID。They can also provide the ID from the iOS settings menu after setup is finished.

  3. 設定完成之後,該 iOS 裝置必須從 App Store 安裝公司入口網站 App。After completing setup, the iOS device must install the Company Portal app from the App Store.

  4. 使用者現在可以使用於設定裝置時所用的 UPN 來登入公司入口網站。The user can now sign in to the Company Portal by using the UPN that they used when setting up the device.

  5. 登入之後,系統會提示使用者註冊其裝置。After logging in, the user is prompted to enroll their device. 第一個步驟是識別裝置。The first step is to identify their device. App 會在清單中顯示已經過公司註冊並指派給使用者 Intune 帳戶的 iOS 裝置。The app presents a list of iOS devices that have already been corporate enrolled and assigned to the user’s Intune account. 使用者應該要選擇相符的裝置。They should choose the matching device.

    如果此裝置尚未經過公司註冊,使用者應該選擇 [新裝置] 來繼續標準註冊流程。If this device is not already corporate enrolled, they should choose new device to continue with the standard enrollment flow.

  6. 在下一個畫面中,使用者必須確認新裝置的序號。On the next screen, the user must confirm the serial number of the new device. 使用者可以點選 [確認序號] 連結,隨即啟動使用「設定」App 來驗證序號的指示。The user can tap the link confirm the Serial Number which will launch instructions to use the Settings app to verify the serial number. 使用者必須在公司入口網站 App 中輸入序號的最後四個字元。The user must then enter the last four characters of the serial number into the Company Portal app.

    此步驟會確認裝置是公司在 Intune 中註冊的裝置。This step verifies that the device is the corporate device enrolled in Intune. 如果裝置上的序號不符,則可能選取了錯誤的裝置。If the serial number on the device does not match, the wrong device was selected. 使用者應該返回上一個畫面,並選取不同的裝置。The user should go back to the previous screen and select a different device.

  7. 序號通過驗證後,公司入口網站 App 會重新導向至「公司入口網站」網站,以完成註冊。After the serial number is verified, the Company Portal app redirects to the Company Portal website to finalize enrollment. 該網站接著將會提示使用者返回 App。Then the website prompts the user to return to the app.

  8. 現在已經完成註冊。Enrollment is now complete. 使用者現在已可使用裝置的完整功能。The user can now use this device with the full set of capabilities.

關於無使用者親和性之公司擁有的受管理的裝置About corporate-owned managed devices with no user affinity

設定為無使用者親和性的裝置並不支援公司入口網站,且不應該安裝該 App。Devices that are configured with no user affinity do not support the Company Portal and should not have the app installed. [公司入口網站] 是針對有公司認證且需要存取個人化公司資源 (如電子郵件) 的使用者而設計。The Company Portal is designed for users who have corporate credentials and require access to personalized corporate resources (e.g. email). 註冊為無使用者親和性的裝置並非專供單一使用者登入使用。Devices that are enrolled with no user affinity are not intended to have a dedicated user sign in. Kiosk、銷售點 (POS),或共用公用程式裝置,皆屬註冊為無使用者親和性的常見案例。Kiosk, point of sale (POS), or shared-utility devices are typical use cases for devices that are enrolled with no user affinity.

如果需要使用者親和性,請在註冊裝置之前確認裝置的註冊設定檔已選取 [使用者親和性]。If user affinity is required, be sure that the device’s enrollment profile has User Affinity selected before enrolling the device. 若要變更裝置的親和性狀態,您必須將裝置淘汰並重新註冊該裝置。To change the affinity status on a device, you must retire the device and reenroll it.