階段 1:準備 Intune 以用於行動裝置管理 (MDM)Phase 1: Prepare Intune for mobile device management (MDM)

在探究設定 Intune 的詳細資訊之前,讓我們先檢閱您組織的行動裝置管理需求。Before diving into the details of setting up Intune, let’s review the mobile device management requirements of your organization. 它可能有助於在目前的 MDM 提供者中執行作用中使用者的報告,以識別重要的使用者群組。It might be helpful to run reports of active users in your current MDM provider to identify the critical user groups. 然後,您就可以開始處理評估 MDM 需求一節中的問題。Then you can begin addressing the questions in the Assess MDM requirements section.

評估 MDM 需求Assess MDM requirements

您需要管理的裝置種類?What kinds of devices do you need to manage?

  • 需要支援的平台Which platforms do you need to support?

  • 您需要支援的裝置是屬公司擁有的裝置或個人裝置?Are the devices you need to support corporate-owned or personal devices?

  • 使用何種連線?What kind of connectivity do you use? Wi-Fi、行動電話、VPN?Wi-Fi, cellular, VPN?

使用者在受管理的裝置上需執行什麼工作?What do your users need to do on managed devices?

  • 您需要佈建使用者的應用程式嗎?Do you need to provision apps to your end-users?

  • 您使用自訂的企業營運應用程式嗎?Do you use custom line-of-business apps? 或是您只需要公用儲存區應用程式?Or do you only need public store apps?

  • 您需要佈建電子郵件帳戶嗎?Do you need to provision email accounts?

使用者的種類?What kinds of users?

  • 多少個使用者會使用單一裝置?How many users will use a single device?

  • 您需要的使用條款?What terms of use do you need?

    • 請務必提前和您的法務部門對此協商。Make sure to involve your legal department early in this.
    • 需要的當地語系化?What localization is required?
  • 使用者是否熟悉一般技術和 IT?Are the users familiar with technology and IT in general?

您的行動裝置安全性原則是什麼?What is your device security policy?

  • 您需要裝置層級加密嗎?Do you need device-level encryption?

  • 您目前的裝置密碼/PIN 碼長度是多少?What are your current device passcode/pin code lengths?

  • 您需要停用裝置功能,或限制特定裝置行為嗎?Do you need to disable device features, or restrict certain device behaviors? 您可以使用裝置組態設定檔控制各種平台特定的設定,例如:You can control a variety of platform-specific settings with device configuration profiles, for example:

    • 停用數位相機Disable camera
    • 鎖定在單一應用程式模式Lock to single-app mode
  • 您必須支援何種驗證?What kinds of authentication must you support? 如果您需要憑證式驗證,必須佈建何種憑證?If you need certificate-based authentication, what kinds of certificates must be provisioned?

    • Intune 可使用資源存取設定檔為已註冊的裝置佈建憑證。Intune can provision certificates with resource access profiles for enrolled devices.
    • 您需要支援何種公開金鑰基礎結構 (PKI)?What kind of Public Key Infrastructure (PKI) infra do you need to support?
  • 您需要在裝置或應用程式層級支援虛擬私人網路 (VPN) 嗎?Do you need to support Virtual Private Network (VPN) at the device or app level?

    • Intune 可以佈建協力廠商 VPN 提供者的 VPN 設定。Intune can provision VPN configurations for third-party VPN providers.

  • 可容許因應特定需求的暫時性例外狀況,以避免停機時間嗎?Can temporary exceptions be made for certain requirements to avoid downtime? 或是具有存取權的裝置永遠必須符合所有安全性需求?Or must devices with access always comply with all security requirements?

後續步驟Next steps

閱讀這些來自不同產業面的個案研究 (英文),觀察組織如何評估其行動裝置管理的需求。Read these case studies from different industry sectors to see how organizations assessed their requirements for mobile device management.

檢閱基本 Intune 設定Review the basic Intune setup.