使用條件式存取引導使用者採用Drive end-user adoption with conditional access

使用 Intune 啟用條件式存取功能 (例如封鎖來自未註冊裝置的電子郵件) 有助於推動註冊與合規性,但不是移轉成功的要件。Enabling conditional access features with Intune, such as blocking email for unenrolled devices, can help drive enrollment and compliance but they are not required for a migration to be successful. 您的移轉採用目標和安全性需求才是決定成功的關鍵。Your migration adoption goals and security requirements should dictate the success.

使用條件式存取的移轉活動Migration campaign with conditional access

以下是使用條件式存取增強移轉活動的典型方法︰Here is a typical approach to enhancing a migration campaign with conditional access:

  1. 設定針對所有使用者強制的條件式存取規則,但特別排除需要從舊的 MDM 提供者移轉的使用者。Set conditional access rules to be enforced for all users but specifically exclude the users who need to migrate from the old MDM provider. 您可以建立一個 Azure AD 使用者群組,其中包含所有條件式存取排除的使用者。You can create an Azure AD user group with all conditional access excluded users.

  2. 當使用者移轉時,從條件式存取排除群組中移除他們。As users migrate, remove them from the conditional access exclusion group.

  3. 在移轉完成後,將所有條件式存取原則設為除非 Intune 允許否則預設為封鎖。After migration completes, configure all conditional access policies to block by default unless Intune allows access.

優點Advantages

  • 為新的使用者帳戶或不受先前的解決方案管理的使用者帳戶提供存取控制。Provides access control for new user accounts or user account who were not managed by the previous solution.

  • 為先前的解決方案使用者提供移轉寬限期。Provides grace period for users of previous solution to migration.

  • 將生產力的損失降至最低Minimizes loss of productivity

缺點Disadvantages

  • 先前的解決方案使用者可能會使用未受管理的裝置存取資源,直到針對這些使用者啟用條件式存取為止。Users of previous solution could potentially access resources using unmanaged devices until conditional access is enabled for those users.

這是眾多方法之一。This is one approach among many. 您可以選擇較簡單的程序,以延遲所有條件式存取直到使用者已收到每個階段的註冊指示後為止,或是選擇較嚴格的程序,從一開始就強制條件式存取,而且要求所有存取的完整合規性。You may choose a simpler process that defers all conditional access until after every phase has been instructed to enroll, or a stricter process that enforces conditional access from the very beginning and requires full compliance for all access.

條件式存取的工作清單Task list for conditional access

工作 1:決定實作條件式存取的方式Task 1: Decide how you are going to implement conditional access

使用條件式存取的常見方式Common ways to use conditional access.

工作 2︰設定 Intune 條件式存取Task 2: Set up Intune conditional access

選擇下列其中一個選項:Choose one of the following options:

後續步驟Next steps

了解典型移轉週期Learn about the typical migration cycle.