設定應用程式保護原則 (選用)Configure app protection policies (optional)

應用程式保護原則可讓您:App protection policies allow you to:

  • 加密應用程式Encrypt apps
  • 定義存取應用程式時的 PINDefine a PIN when the app is accessed
  • 封鎖應用程式使其無法在已破解或取得根權限的裝置上執行,以及許多其他的保護。Block apps from running on jail-broken or rooted devices, and many other protections.

如果使用者的手機遺失或遭竊,您可以選擇從遠端抹除公司資料,同時保留個人資料。If the user's phone is lost or stolen, you can selectively wipe the corporate data remotely while leaving the personal data intact.

應用程式保護原則在應用程式層級套用安全性,而且不需註冊裝置。App protection policies apply security at the app level and do not require device enrollment. 您可以將它們與已向或未向 Intune 註冊的裝置搭配使用。You can use them with devices enrolled into Intune or not. 此外,還可以將它們套用到已向協力廠商 MDM 提供者註冊的裝置。Additionally, you can apply them to devices enrolled into a third-party MDM provider.

應用程式保護原則搭配 LOB 應用程式App protection policies with LOB apps

您也可以使用 Microsoft Intune App SDKIOSAndroid 平台適用的 Microsoft Intune App Wrapping Tool,將行動裝置應用程式保護原則擴充到您的商務營運 (LOB) 應用程式。You can also extend the mobile app protection policies to your line-of-business (LOB) apps by using the Microsoft Intune App SDK or the Microsoft Intune App Wrapping Tool for both IOS and Android platforms.

應用程式保護原則在移轉期間如何提供協助?How do app protection policies help during migration?

在移轉中,您必須從舊的 MDM 提供者中移除裝置,並將它們註冊到 Intune。In a migration, you must remove devices from the old MDM provider and enroll them into Intune. 您應該先為此做規劃,並鼓勵使用者離開舊的 MDM 提供者,並立即註冊到 Intune。You should plan for this and encourage your end-users to leave the old MDM provider and immediately enroll into Intune. 不過,在移轉期間,有的使用者可能會延遲完成註冊程序,而且其裝置不受任一個 MDM 提供者所管理。However, during the migration there may be users who delay completing the enrollment process and whose devices are not managed by either MDM provider.

這段期間如果仍允許存取公司資源,可能會讓您的組織更易面臨裝置遭竊或公司資料遺失的風險。This period can leave your organization more vulnerable to device theft and corporate data loss if corporate resource access is still allowed. 如果封鎖公司資源的存取,也可能會造成使用者生產力降低。It may also lead to lower user productivity if corporate resource access is blocked.

Intune 可以在移轉期間提供公司資料保護,所以在沒有裝置層級的管理時,您的公司資料仍會受到完整保護。Intune can offer corporate data protections during the migration so you can still have security coverage for your corporate data when there’s no device-level management.

在舊的 MDM 提供者停用條件式存取時,使用者在您將他們移轉到 Intune 的同時仍可維持生產力。As you disable conditional access in the old MDM provider, users can still be productive while you on-board them into Intune.

應用程式保護原則的工作清單Task list for app protection policies

  1. 建立應用程式保護原則Create an app protection policy
  2. 部署原則Deploy a policy

後續步驟Next steps

特殊移轉考量Special migration considerations

若要提交意見反應,請前往 Intune Feedback