使用 Intune 新增並指派 Mobile Threat Defense (MTD) 應用程式Add and assign Mobile Threat Defense (MTD) apps with Intune

注意

此主題適用於所有 Mobile Threat Defense 合作夥伴。This topic applies to all Mobile Threat Defense partners.

您可以使用 Intune 來新增及部署 MTD 應用程式,讓使用者可在其行動裝置上識別出威脅時收到通知,以及收到修復威脅的指引。You can use Intune to add and deploy MTD apps so end-users can receive notifications when a threat is identified in their mobile devices, and to receive guidance to remediate the threats.

針對 iOS 裝置,您需要有 Microsoft Authenticator,讓使用者可以透過 Azure AD 檢查其身分識別。For iOS devices, you need the Microsoft Authenticator so users can have their identities checked by Azure AD. 此外,您需要發出訊號給 MTD iOS 應用程式,以搭配使用 Intune 的 iOS 應用程式組態原則。Additionally, you need the iOS app configuration policy which signals the MTD iOS app to use with Intune.

提示

Intune 公司入口網站可作為 Android 裝置上的代理程式,讓使用者可以透過 Azure AD 檢查其身分識別。The Intune company portal works as the broker on Android devices so users can have their identities checked by Azure AD.

開始之前Before you begin

新增應用程式To add apps

所有 MTD 合作夥伴All MTD partners

適用於 iOS 的 Microsoft Authenticator 應用程式Microsoft Authenticator app for iOS

SkycureSkycure

AndroidAndroid

iOSiOS

LookoutLookout

AndroidAndroid

iOSiOS

Apple 市集之外的 Lookout for Work 應用程式Lookout for Work app outside the Apple store

您必須重新簽署 Lookout for Work iOS 應用程式。You need to re-sign the Lookout for Work iOS app. Lookout 會將其 Lookout for Work iOS 應用程式散發到 iOS App Store 之外。Lookout distributes its Lookout for Work iOS app outside of the iOS App Store. 發佈應用程式之前,您必須使用 iOS 企業開發人員憑證重新簽署應用程式。Before distributing the app, you must re-sign the app with your iOS Enterprise Developer Certificate.

如需重新簽署 Lookout for Work iOS 應用程式的詳細指示,請參閱 Lookout 網站上的 Lookout for Work iOS app re-signing process (Lookout for Work iOS App 重新簽署程序)。For detailed instructions to re-sign the Lookout for Work iOS apps, see Lookout for Work iOS app re-signing process on the Lookout website.

啟用 Lookout for Work iOS 應用程式的 Azure AD 驗證Enable Azure AD authentication for Lookout for Work iOS app

執行下列動作,啟用 iOS 使用者的 Azure Active Directory 驗證:Enable Azure Active Directory authentication for the iOS users by doing the following:

  1. 移至 Azure 入口網站,使用您的認證登入,然後巡覽至應用程式頁面。Go to the Azure portal, sign in with your credentials, then navigate to the application page.

  2. 新增 Lookout for Work iOS 應用程式作為原生用戶端應用程式Add the Lookout for Work iOS app as a native client application.

  3. 以您簽署 IPA 時所選取的客戶配套識別碼取代 com.lookout.enterprise.yourcompanynameReplace the com.lookout.enterprise.yourcompanyname with the customer bundle ID you selected when you signed the IPA.

  4. 新增其他重新導向 URI:<公司入口網站 ://code/>,後面接著原始重新導向 URI 的 URL 編碼版本。Add additional redirect URI: <companyportal://code/> followed by a URL encoded version of your original redirect URI.

  5. 新增委派的權限至您的應用程式。Add Delegated Permissions to your app.

新增 Lookout for Work ipa 檔案Add the Lookout for Work ipa file

Check Point SandBlast MobileCheck Point SandBlast Mobile

AndroidAndroid

iOSiOS

建立 MTD 應用程式與 iOS 應用程式設定原則的關聯性To associate the MTD app with an iOS app configuration policy

若為 SkycureFor Skycure

  • 使用先前在 Skycure Management 主控台中設定的同一個 Azure AD 帳戶,此帳戶應與用於登入 Intune 傳統主控台的帳戶相同。Use the same Azure AD account previously configured in the Skycure Management console, which should be the same account used to log in into the Intune classic console.

  • 您必須下載 iOS 應用程式設定原則檔案:You need to download the iOS app configuration policy file:

    • 前往 Skycure Management 主控台,並以管理員認證登入。Go to Skycure Management console and sign in with your admin credentials.

    • 移至 [設定] > [裝置管理整合] > [EMM 整合選項]、選擇 [Microsoft Intune],然後儲存您的選項。Go to Settings > Device Management Integrations > EMM Integration Selection, choose Microsoft Intune, then save your selection.

    • 按一下 [整合安裝檔案] 連結,然後儲存所產生的 *.zip 檔案。Click on the Integration setup files link and save the generated *.zip file. 此 .zip 檔案包含 skycure_configuration.plist 檔案,這會用來在 Intune 中建立 iOS 應用程式設定原則。The .zip file contains the skycure_configuration.plist file, which will be used to create the iOS app configuration policy in Intune.

    • 請參閱使用適用於 iOS 的 Microsoft Intune 應用程式設定原則的指示,以新增 Skycure iOS 應用程式設定原則。See the instructions for using Microsoft Intune app configuration policies for iOS to add the Skycure iOS app configuration policy.

    • 步驟 8 中,使用選項 [輸入 XML 資料],從 skycure_configuration.plist 檔案複製內容,再將其貼到設定原則本文中。On step 8, use the option Enter XML data, copy the content from the skycure_configuration.plist file and paste its content into the configuration policy body.

您也可以從此處複製 skycure_configuration.plist 內容:You can also copy the skycure_configuration.plist content from here:

<dict>
    <key>MdmType</key>
    <string>Intune</string>
    <key>UserEmail</key>
    <string>{{userprincipalname}}</string>
</dict>

若為 LookoutFor Lookout

適用於 Check Point SandBlast MobileFor Check Point SandBlast Mobile

<dict><key>MDM</key><string>INTUNE</string></dict>

指派應用程式 (所有 MTD 合作夥伴)To assign apps (All MTD partners)

後續步驟Next steps

若要提交意見反應,請前往 Intune Feedback