Microsoft Intune 的已知問題Known issues in Microsoft Intune

適用對象:Azure 入口網站的 IntuneApplies to: Intune in the Azure portal
您需要傳統入口網站的 Intune 相關文件嗎?Looking for documentation about Intune in the classic portal? 請移至這裡Go here.

您可以使用本主題了解 Microsoft Intune 的任何已知問題。Use this topic to learn about any known issues in Microsoft Intune.

若要回報此處未列的 Bug,可提出支援要求If you want to report a bug that is not listed here, open a support request.

若要要求在 Intune 中新增功能,請考慮前往我們的 Uservoice 網站填寫報告。If you want to request a new feature for Intune, consider filing a report on our Uservoice site.

移轉Migration

Intune 舊版電腦用戶端功能只在 Silverlight 主控台提供Intune legacy PC client features are only available in the Silverlight console

Azure 入口網站上的 Intune 提供了使用 Windows MDM 註冊管理 Windows 10 的能力。The ability to manage Windows 10 in the Intune on Azure portal is available via Windows MDM enrollment. 如需詳細資訊,請參閱 Azure 主控台上的 Intune 和電腦用戶端上的舊版 IntuneFor more information, see Intune on Azure console and legacy Intune PC Client.

由 Intune 在移轉期間所建立的群組,可能會影響其他 Microsoft 產品的功能Groups created by Intune during migration might affect functionality of other Microsoft products

當您從 Intune 移轉到 Azure 入口網站時,可能會看到名為 All Users - b0b08746-4dbe-4a37-9adf-9e7652c0b421 的新群組。When you migrate from Intune to the Azure portal, you might see a new group named All Users - b0b08746-4dbe-4a37-9adf-9e7652c0b421. 此群組包含 Azure Active Directory 中的所有使用者,而非只有 Intune 授權的使用者。This group contains all users in your Azure Active Directory, not only Intune licensed users. 如果您預期有某些不屬於任何群組的現有或新使用者,此使用方式可能會對其他 Microsoft 產品造成問題。This usage can cause issues with other Microsoft products if you expect some existing or new users to not be a member of any groups.

需進行次要移轉以選取功能Secondary migration required for select capabilities

必須先移轉 2017 年 1 月之前建立的 Intune 帳戶,才能在 Azure 入口網站中使用下列功能:Intune accounts created before January 2017 must be migrated before the following capabilities can be used in the Azure portal:

  • 公司裝置註冊設定檔Corporate Device Enrollment profiles
  • Apple 裝置註冊方案Apple Device Enrollment Program
  • 依 iOS 序號預先宣告公司裝置Predeclare corporate devices by iOS serial number
  • 裝置註冊管理員帳戶Device Enrollment Manager accounts
  • Apple 大量採購方案Apple Volume Purchase Program

因為無法從 Intune (Silverlight) 主控台和 Azure 入口網站管理這些功能,所以移轉會:Because these capabilities cannot be managed from both the Intune (Silverlight) console and Azure portal, the migration:

  • 在傳統入口網站中停用這些功能Disables them in the classic portal
  • 在 Azure 入口網站中啟用它們Enables them in the Azure portal

在 2017 年 9 月 22 日之後,會將這些功能的移轉合併至 Azure 的主要移轉。After September 22, 2017, the migration of these features will be merged into the primary migration to Azure. 如果您已經將帳戶移轉為使用 Azure 入口網站,則這項次要移轉可能早已完成。If your account was already migrated to use the Azure portal, this secondary migration may have been completed by now. 如果沒有,這些功能會在 11 月前移轉至 Azure。If not, these capabilities will be migrated to Azure by November. 而開始移轉您的帳戶之後,將會在同一天完成。Once your account’s migration begins, it will complete the same day. 移轉最多可能需要 6 個小時,而且是從在 Intune 傳統入口網站中停用這些功能開始算起。Migration can take up to 6 hours from the time these features are disabled in the Intune classic portal.

如果您現在於 Azure 入口網站中管理這些 Intune 功能,請注意以下幾點:If you now manage these Intune capabilities in the Azure portal, be aware of the following points:

移除 Apple DEP 中的預設公司裝置註冊設定檔Removes default Corporate Device Enrollment profiles in Apple DEP

Azure 入口網站不支援 Apple 裝置註冊計劃 (DEP) 裝置的「預設」公司裝置註冊設定檔。The Azure portal does not support a default Corporate Device Enrollment profile for Apple Device Enrollment Program (DEP) devices. Intune (Silverlight) 主控台中提供此功能,但已停止提供,以避免不慎指派這類設定檔。This functionality, available in the Intune (Silverlight) console, is discontinued to prevent unintentional profile assignment. 在 Azure 入口網站中進行 DEP 序號同步處理時,不會指派任何公司裝置註冊設定檔。When DEP serial numbers sync in the Azure portal, no Corporate Device Enrollment profile is assigned. 使用裝置之前,必須先指派註冊設定檔。An enrollment profile must be assigned before using the device.

移轉時還原的 Apple DEP 權杖Apple DEP token restored with migration

如果您刪除 Intune (Silverlight) 入口網站中的 Apple 裝置註冊計劃權杖,且未將新的權杖上傳至 Azure 入口網站,則會在移轉時於 Azure 入口網站中還原原始權杖。If you deleted an Apple Device Enrollment Program token in the Intune (Silverlight) portal and do not upload a new token to the Azure portal, the original token is restored in the Azure portal when you migrate. 若要移除這個權杖並避免 DEP 註冊,請刪除 Azure 入口網站中的權杖。To remove this token and prevent DEP enrollment, delete the token from the Azure portal.

用於移轉原則的「狀態」刀鋒視窗無法運作Status blades for migrated policies do not work

您無法在 Azure 入口網站中,檢視從傳統入口網站移轉之原則的狀態資訊。You cannot view status information for policies that were migrated from the classic portal in the Azure portal. 但是,您可以在傳統入口網站中繼續檢視這些原則的報表。However, you can continue to view reports for these policies in the classic portal. 若要檢視移轉之設定原則的狀態資訊,請在 Azure 入口網站中重新建立它們。To view status information for migrated configuration policies, recreate them in the Azure portal.

應用程式Apps

iOS 大量採購應用程式僅適用於預設的 Intune 租用戶語言iOS volume-purchased apps only available in default Intune tenant language

iOS 大量採購應用程式只能針對與您的 Intune 帳戶相同的國碼/地區碼顯示,並且予以指派。iOS volume-purchased apps are displayed, and can be assigned only for the same country code as your Intune account. Intune 只會同步處理其 iTunes 地區設定與 Intune 租用戶帳戶國碼/地區碼相同的應用程式。Intune only sync apps from the same iTunes locale as the Intune tenant account country code. 例如,如果您購買僅於美國市集中提供的應用程式,但您的 Intune 帳戶是德文,則 Intune 不會顯示該應用程式。For example, if you purchase an app which is only available in the U.S. store, but your Intune account is German, Intune will not show that app.

上傳多份相同的 iOS 大量採購方案Multiple copies of the same iOS volume-purchase program are uploaded

請勿針對相同的 VPP 權杖多次按一下 [上傳] 按鈕。Do not click the Upload button multiple times for the same VPP token. 這會導致上傳重複的 VPP 權杖,並針對相同的 VPP 權杖多次進行應用程式同步處理。This will result in duplicate VPP tokens being uploaded, and apps syncing multiple times for the same VPP token.

裝置設定Device configuration

您無法為某些裝置儲存「Windows 資訊保護」原則You cannot save a Windows Information Protection policy for some devices

對於沒有在 Intune 註冊的裝置,您只能在「Windows 資訊保護」原則設定的 [公司識別] 欄位中指定一個主要網域。For devices not enrolled with Intune, you can only specify a primary domain in the Corporate Identify field in the settings for a Windows Information Protection policy. 如果您新增了其他網域 (使用 [進階設定] > [網路周圍] > [新增受保護網域]),則將無法儲存原則。If you add additional domains (using Advanced settings > Network perimeter > Add a protected domain), you cannot save the policy. 您看到的錯誤訊息很快就會變得更為準確。The error message you see will soon be changed to be more accurate.

Cisco AnyConnect VPN 用戶端支援Cisco AnyConnect VPN client support

Cisco AnyConnect VPN 用戶端的最新版本 (4.0.07072) 目前無法與 Intune 相容。The latest release of the Cisco AnyConnect VPN client (4.0.07072) is not currently compatible with Intune. 未來的 Intune 更新將會包含與這個 VPN 用戶端版本的相容性。A future Intune update will include compatibility with this VPN client version. 在此之前,建議您不要更新 Cisco AnyConnect VPN 用戶端,並繼續使用現有的版本。Until then, we recommend that you do not update your Cisco AnyConnect VPN client, and continue to use the existing version.

搭配 macOS Sierra 裝置使用數值密碼類型Using the numeric password type with macOS Sierra devices

目前,如果您在 macOS Sierra 裝置的裝置限制設定檔中依序選取 [數值] > [必要的密碼類型],它會強制為 [英數字元]。Currently, if you select the Numeric Required password type in a device restriction profile for macOS Sierra devices, it is enforced as Alphanumeric. 如果您想要搭配這些裝置使用數值密碼,請不要設定這項設定。If you want to use a numeric password with these devices, do not configure this setting. 未來的 macOS 版本可能會更正這個問題。This issue might be corrected in a future version of macOS.

如需這些設定的詳細資訊,請參閱 Microsoft Intune 中的 macOS 裝置限制設定For more information about these settings, see macOS device restriction settings in Microsoft Intune.

合規性Compliance

Intune 的合規性原則不會顯示於新的主控台中Compliance policies from Intune do not show up in new console

您在傳統入口網站中所建立的合規性原則都會移轉,但並不會顯示於 Azure 入口網站中,因為 Azure 入口網站的設計改變了。Compliance policies you created in the classic portal are migrated, but are not displayed in the Azure portal because of design changes in the Azure portal. 您在傳統 Intune 傳統入口網站所建立的合規性原則仍然會強制執行,但您必須在傳統入口網站中檢視及編輯這些原則。Compliance policies you created in the Intune classic portal are still enforced, but you must view and edit them in the classic portal.

除此之外,您在 Azure 入口網站中所建立的新合規性原則不會顯示於傳統入口網站中。Additionally, new compliance policies you create in the Azure portal are not visible in the classic portal.

如需詳細資訊,請參閱什麼是裝置合規性For more information, see What is device compliance.

資料保護Data protection

iOS 應用程式保護原則iOS app protection policies

您可以定義 iOS 應用程式保護原則,在透過行動應用程式管理 (MAM) 進行管理而不需要註冊的裝置上供使用者使用。You can define app protection policies for iOS that are available for users on devices managed through mobile app management (MAM) without enrollment. 由於暫時性的錯誤,您只能為僅一個小數位數、而非多個小數位數的 iOS 版本定義這些原則。Due to a temporary error, you can only define these policies for iOS versions with a single decimal point version rather than multiple decimal points. 可為 iOS 10.3 設定,不能為 iOS 10.3.1 的最低版本設定。Instead of setting a minimum version of iOS 10.3.1, you set it for iOS 10.3. 即將推出的 iOS SDK 更新會解決此問題。This will be resolved with a forthcoming update to the iOS SDK.

管理與帳戶Administration and accounts

全域管理員 (也稱為租用戶管理員) 無須個別的 Intune 或 Enterprise Mobility Suite (EMS) 授權,也可以繼續執行日常的管理工作。Global Admins (also referred to as Tenant Admins) can continue day-to-day administration tasks without a separate Intune or Enterprise Mobility Suite (EMS) license. 但是,若要使用服務,例如註冊自己的裝置、公司裝置或使用 Intune 公司入口網站,他們就需要有 Intune 或 EMS 授權。However, to use the service, such as to enroll their own device, a corporate device, or use the Intune Company Portal, they need an Intune or EMS license.