與 Intune 的網路存取控制 (NAC) 整合Network access control (NAC) integration with Intune

Intune 會與網路存取控制夥伴整合,以協助組織在裝置嘗試存取內部資源時保護公司資料。Intune integrates with network access control partners to help organizations secure corporate data when devices try to access on-premises resources.

Intune 和 NAC 解決方案如何協助保護您的組織資源?How do Intune and NAC solutions help protect your organization resources?

NAC 解決方案負責檢查裝置註冊與合規性狀態,Intune 則進行存取控制決定。NAC solutions are responsible for checking the device enrollment and compliance state with Intune to make access control decisions. 如果裝置未註冊,或是已註冊但不符合 Intune 裝置合規性原則,裝置應該重新導向至 Intune 進行註冊及/或裝置合規性檢查。If the device is not enrolled or is enrolled and not compliant with Intune device compliance policies, the device should be redirected to Intune for enrollment and/or for a device compliance check.

範例Example

如果裝置已註冊並符合 Intune,NAC 解決方案應該允許裝置存取公司資源。If the device is enrolled and compliant with Intune, the NAC solution should allow the device access to corporate resources. 例如,在嘗試存取公司 Wi-Fi 或 VPN 資源時,可以允許或拒絕使用者存取。For example, users can be allowed or denied access when trying to access corporate Wi-Fi or VPN resources.

NAC 和條件式存取NAC and conditional access

NAC 搭配條件式存取,以提供存取控制決定。NAC works with with conditional access to provide access control decisions.

NAC 整合的運作方式How the NAC integration works

以下是在與 Intune 整合時,NAC 整合的運作方式概觀,前三個步驟說明上架程序。Here’s an overview on how the NAC integration works when integrated with Intune, the first three steps explain the onboarding process. 一旦 NAC 解決方案與 Intune 整合之後,步驟 4 至 9 說明進行中的作業。Once the NAC solution is integrated with Intune, steps 4-9 describe the on-going operation.

NAC 搭配 Intune 的運作方式

  1. 向 Azure Active Directory (AAD) 註冊 NAC 合作夥伴解決方案,並授權委派權限給 Intune NAC 應用程式開發介面。Register the NAC partner solution with Azure Active Directory (AAD), and grant delegated permissions to the Intune NAC API.

  2. 為 NAC 合作夥伴解決方案設定適當的設定,包括 Intune 探索 URL。Configure the NAC partner solution with the appropriate settings including the Intune discovery URL.

  3. 設定 NAC 合作夥伴解決方案以進行憑證驗證。Configure the NAC partner solution for certificate authentication.

  4. 使用者連線到公司 Wi-Fi 存取點或進行 VPN 連線要求。User connects to corporate Wi-Fi access point or makes a VPN connection request.

  5. NAC 合作夥伴解決方案將裝置資訊轉送至 Intune,並詢問 Intune 裝置註冊與合規性狀態。NAC partner solution forwards the device information to Intune, and asks Intune about the device enrollment and compliance state.

  6. 如果裝置不符合規範或未註冊,NAC 合作夥伴解決方案會指示使用者註冊或修正裝置合規性。If the device is not compliant or not enrolled, the NAC partner solution instructs the user to enroll or fix the device compliance.

  7. 裝置會嘗試重新確認其合規性和/或註冊狀態。The device attempts to re-verify its compliance and/or the enrollment state.

  8. 一旦裝置已註冊且符合規範,NCA 合作夥伴解決方案會從 Intune 取得狀態。Once the device is enrolled and compliant, NAC partner solution gets the state from Intune.

  9. 已成功建立連線,可讓裝置存取公司資源。Connection is successfully established which allows the device access to corporate resources.

後續步驟Next steps