使用 Intune 建立 Mobile Threat Defense (MTD) 裝置合規性原則Create Mobile Threat Defense (MTD) device compliance policy with Intune

注意

此主題適用於所有 Mobile Threat Defense 合作夥伴。This topic applies to all Mobile Threat Defense partners.

搭配 MTD 的 Intune 可協助您偵測行動裝置上的威脅及評估其風險。Intune with MTD helps you detect threats and assess risk on mobile devices. 您可以建立評估風險的 Intune 裝置合規性原則規則,來判斷裝置是否符合規範。You can create an Intune device compliance policy rule that assesses risk to determine if the device is compliant or not. 接著,您即可使用條件式存取原則,根據裝置合規性來封鎖對服務的存取。You can then use a conditional access policy to block access to services based on device compliance.

開始之前Before you begin

在 MTD 的設定過程中,您已在 MTD 夥伴主控台中建立一項原則來將各種威脅分類為高、中和低。As part of the MTD setup, in the MTD partner console, you created a policy that classifies various threats as high, medium and low. 您現在需要在 Intune 裝置合規性原則中設定 Mobile Threat Defense 等級。You now need to set the Mobile Threat Defense level in the Intune device compliance policy.

搭配 Intune 建立裝置合規性原則的必要條件:Prerequisites for device compliance policy with MTD:

  • 設定 MTD 與 Intune 整合Set up MTD integration with Intune

建立 MTD 裝置合規性原則To create a MTD device compliance policy

  1. 移至 Azure 入口網站,並使用您的 Intune 認證登入。Go to the Azure portal, and sign in with your Intune credentials.

  2. 在 [Azure 儀表板] 中,選擇左功能表中的 [更多服務],然後在文字方塊篩選中輸入 IntuneOn the Azure Dashboard, choose More services from the left menu, then type Intune in the text box filter.

  3. 選擇 [Intune],即會開啟 [Intune 儀表板]。Choose Intune, the Intune Dashboard opens.

  4. 在 [Intune 儀表板] 上,選擇 [裝置合規性],然後選擇 [管理] 區段下的 [原則]。On the Intune Dashboard, choose Device compliance, then choose Policies under the Manage section.

  5. 選擇 [建立原則],輸入裝置合規性 [名稱]、[描述],選取 [平台],然後選擇 [設定] 區段下的 [設定]。Choose Create policy, enter the device compliance Name, Description, select the Platform, then choose Configure under the Settings section.

  6. 在 [合規性原則] 刀鋒視窗中,選擇 [裝置健全狀況]。On the compliance policy blade, choose Device Health.

  7. 在 [裝置健全狀況] 刀鋒視窗中,從 Require the device to be at or under the Mobile threat Defense Level 下方的下拉式清單中選擇行動威脅等級。On the Device Health blade, choose the Mobile Threat Level from the drop-down list under the Require the device to be at or under the Mobile threat Defense Level.

    a.a. 受保護︰這是最安全的選項。Secured: This is the most secure. 裝置不能在具有任何威脅的同時還能存取公司資源。The device cannot have any threats present and still access company resources. 發現任何威脅時,即會將裝置評估為不相容。If any threats are found, the device is evaluated as non-compliant.

    b。b. ︰如果只有低層級的威脅,則裝置相容。Low: The device is compliant if only low level threats are present. 任何更高等級的威脅都會使裝置處於不相容狀態。Anything higher puts the device in a non-compliant status.

    c.c. ︰如果發現裝置有低層級或中層級的威脅,則裝置相容。Medium: The device is compliant if the threats found on the device are low or medium level. 如果偵測到高等級的威脅,則會將裝置判斷為不相容。If high level threats are detected, the device is determined as non-compliant.

    d.d. :這是最不安全的選項。High: This is the least secure. 這會允許所有威脅等級,並只將 Mobile Threat Defense 用於回報用途。This allows all threat levels, and uses Mobile Threat Defense for reporting purposes only. 裝置必須要有使用此裝置啟用的 MTD 應用程式。Devices are required to have the MTD app activated with this setting.

  8. 按一下 [確定] 兩次,然後選擇 [建立]。Click OK twice, then choose Create.

重要

如果您建立 Office 365 或其他服務的條件式存取原則,則會評估裝置合規性評估,並封鎖不符合規範的裝置,使其無法存取公司資源,直到裝置中的威脅獲得解決為止。If you create conditional access policies for Office 365 or other services, the device compliance evaluation is assessed and non-compliant devices are blocked from accessing corporate resources until the threat is resolved in the device.

指派 MTD 裝置合規性原則To assign a MTD device compliance policy

若要將裝置合規性原則指派給使用者,請選擇您先前設定的原則。To assign a device compliance policy to users, choose a policy that you have previously configured. 現有的原則可以在 [裝置合規性原則] 刀鋒視窗中找到。Existing policies can be found in the Device Compliance policies blade.

  1. 選擇您想要指派給使用者的原則,然後選擇 [指派]。Choose the policy you want to assign to users and choose Assignments. 這會開啟刀鋒視窗讓您從中選取 [Azure Active Directory 安全性群組],並將其指派給原則。This opens the blade where you can select Azure Active Directory security groups and assign them to the policy.

  2. 選擇 [選取群組] 會開啟刀鋒視窗顯示 Azure AD 安全性群組。Choose Select groups to open the blade that displays the Azure AD security groups. 選擇 [選取] 會將原則部署給使用者。Choosing Select deploys the policy to users.

    注意

    您已對使用者套用此原則。You have applied the policy to users. 要套用原則之使用者的裝置將會接受合規性評估。The devices used by the users who are targeted by the policy will be evaluated for compliance.

後續步驟Next steps