實作您的 Intune 計劃Implement your Intune plan

在上架階段中,您要將 Intune 部署到生產環境。During the onboarding phase, you deploy Intune into your production environment. 實作程序包含根據使用案例需求安裝及設定 Intune 與外部相依性 (如有必要)。The implementation process consists of setting up and configuring Intune and external dependencies (if required) based on your use-case requirements.

下一節提供包括需求和高階工作的 Intune 實作程序概觀。The following section provides an overview of the Intune implementation process that includes requirements and high-level tasks.

Intune 需求Intune requirements

主要的 Intune 獨立需求如下︰The main Intune standalone requirements are:

  • Enterprise Mobility + Security (EMS)/Intune 訂閱Enterprise Mobility + Security (EMS)/Intune subscription

  • Office 365 訂閱 (適用於 Office 應用程式和應用程式保護原則管理的應用程式)Office 365 subscription (for Office apps and app-protection-policy managed apps)

  • Apple APN 憑證 (啟用 iOS 裝置平台管理)Apple APNs Certificate (to enable iOS device platform management)

  • Azure AD Connect (適用於目錄同步作業)Azure AD Connect (for directory synchronization)

  • Intune On-Premises Connector for Exchange (適用於 Exchange 內部部署的條件式存取,如有需要)Intune On-Premises Connector for Exchange (for conditional access for Exchange On-Premises, if needed)

  • Intune 憑證連接器 (適用於 SCEP 憑證部署,如有需要)Intune Certificate Connector (for SCEP certificate deployment, if needed)

提示

如需可以使用 Intune 管理的完整裝置清單,請查看支援的裝置清單。See the list of supported devices for a complete list of devices you can manage with Intune.

Intune 實作程序Intune implementation process

我們已找出實作 Intune 部署的 13 項分開的工作。We've identified 13 discrete tasks for implementing an Intune deployment. 根據業務需求、現有的基礎結構和裝置管理策略,其中部分工作可能已經完成。Depending on your business requirements, existing infrastructure, and device management strategy, some of these tasks may already be finished. 其他可能不適合您的計劃。Others may not apply to your plan.

工作 1:取得 Intune 訂閱Task 1: Get an Intune subscription

如前面的<Intune 需求>一節所述,您需要 EMS 或 Intune 訂閱。As indicated in the Intune requirements section above, you need an EMS or Intune subscription. 如果貴組織沒有訂閱,請連絡 Microsoft 或 Microsoft 帳戶小組洽詢 Enterprise Mobility + Security (EMS) 或 Intune 購買事宜。If your organization does not have one, contact Microsoft or your Microsoft account team regarding your interest in purchasing Enterprise Mobility + Security (EMS) or Intune.

工作 2︰新增 Office 365 訂閱Task 2: Add Office 365 subscription

這個參數是選擇性的。This step is optional. 如果您打算使用 Exchange Online,以及使用應用程式保護原則管理 Office 行動應用程式,您需要訂閱 Office 365。You need an Office 365 subscription if you plan to use Exchange Online and manage Office mobile apps with app protection policies. 貴組織若未訂閱 Office 365,請連絡 Microsoft 或 Microsoft 帳戶小組洽詢 Office 365 購買事宜。If your organization does not have an Office 365 subscription, contact Microsoft or your Microsoft account team regarding your interest in purchasing Office 365.

工作 3︰在 Azure AD 中新增使用者群組Task 3: Add users groups in Azure AD

您可能需要根據 Intune 部署使用案例和需求,在 Active Directory 或 Azure Active Directory 中新增使用者或安全性群組。You may need to add users or security groups in Active Directory or Azure Active Directory based on your Intune deployment use-case scenarios and requirements. 請檢閱 Active Directory 或 Azure Active Directory 目前的使用者和安全性群組,並判斷其是否完全符合您的需求。Review your current users and security groups in Active Directory or Azure Active Directory and determine if they fully meet your needs. 在新增新的使用者和安全性群組時,建議您將它們新增至 Active Directory,使用 Azure AD Connect 與 Azure Active Directory 同步處理。When adding new users and security groups, we recommend adding them in Active Directory and synchronizing with Azure Active Directory using Azure AD Connect.

工作 4︰指派 Intune 和 Office 365 的使用者授權Task 4: Assign Intune and Office 365 user licenses

EMS/Intune 和 Office 365 新產品的所有目標使用者,都需要獲指派授權。All users you target for EMS/Intune and Office 365 rollout need to have a license assigned to them. 您可在 Office 365 系統管理中心入口網站中指派 EMS/Intune 和 Office 365 授權。You can assign EMS/Intune and Office 365 licenses in the Office 365 Admin Center Portal.

工作 5:將行動裝置管理授權單位設定為 IntuneTask 5: Set mobile device management authority to Intune

您必須先將裝置管理授權單位設定為 Intune,才能使用 Intune 開始安裝、設定、管理與和註冊裝置。Before you can begin to set up, configure, manage and enroll devices using Intune, you must set the device management authority to Intune.

工作 6︰啟用裝置平台Task 6: Enable device platforms

依預設,除了 Apple 裝置 (iOS 和 Mac) 之外,大部分的裝置平台都會啟用。By default, most device platforms are enabled except for Apple devices (iOS and Mac). 您必須先啟用裝置平台,才可以在 Intune 中註冊及管理 iOS 裝置。Before iOS devices can be enrolled and managed in Intune, the device platform must be enabled. 若要這樣做,您需要建立 MDM Push Certificate,並將其新增至 Intune。To do so, you need to create an MDM Push certificate, and add it to Intune.

工作 7︰新增及部署條款及條件原則Task 7: Add and deploy terms and conditions policies

Intune 支援條款和條件原則。Intune supports terms and conditions policies. 適當新增條款及條件原則,根據您的 Intune 部署使用案例和需求將它們部署至目標群組。Add terms and conditions policies as appropriate and deploy them to targeted groups based on your Intune deployment use cases and requirements.

工作 8︰新增及部署設定原則Task 8: Add and deploy configuration policies

Intune 支援兩種類型的設定原則:一般和自訂。Intune supports two types of configuration policies, general and custom. 適當新增設定原則,根據您的 Intune 部署使用案例和需求將其部署至目標群組。Add the configuration policies as appropriate and deploy them to targeted groups based on your Intune deployment use cases and requirements.

工作 9︰新增及部署資源設定檔Task 9: Add and deploy resource profiles

Intune 支援電子郵件、Wi-Fi 和 VPN 設定檔。Intune supports email, Wi-Fi, and VPN profiles. 適當新增這些設定檔,根據您的 Intune 部署使用案例和需求將它們部署至目標群組。Add these profiles as appropriate and deploy them to targeted groups based on your Intune deployment use cases and requirements.

工作 10:新增及部署應用程式Task 10: Add and deploy apps

Intune 支援部署 Web、企業營運和公用市集應用程式。Intune supports the deployment of web, line-of-business, and public Store apps. 您也可以建立應用程式與應用程式保護原則的關聯性,來管理已與 Intune SDK 整合的應用程式。You can also manage apps that have integrated the Intune SDK by associating them with app protection policies. 適當新增應用程式,根據您的 Intune 部署使用案例和需求將它們部署至目標群組。Add apps as appropriate and deploy them to targeted groups based on your Intune deployment use cases and requirements.

工作 11:新增及部署相容性原則Task 11: Add and deploy compliance policies

Intune 支援合規性原則。Intune supports compliance policies. 適當新增合規性原則,根據您的 Intune 部署使用案例和需求將它們部署至目標群組。Add compliance policies as appropriate and deploy them to targeted groups based on your Intune deployment use cases and requirements.

工作 12:啟用條件式存取原則Task 12: Enable conditional access policies

Intune 支援 Exchange Online、Exchange 內部部署、SharePoint Online、商務用 Skype Online 及 Dynamics CRM Online 的條件式存取。Intune supports conditional access for Exchange Online, Exchange on-premises, SharePoint Online, Skype for Business Online, and Dynamics CRM Online. 根據您的 Intune 部署使用案例和需求適當啟用及設定條件式存取。Enable and configure conditional access as appropriate based on your Intune deployment use cases and requirements.

工作 13:註冊裝置Task 13: Enroll devices

Intune 支援 iOS、Mac 作業系統、Android、Windows Desktop 和 Windows 行動裝置平台。Intune supports iOS, Mac OS, Android, Windows desktop, and Windows mobile device platforms. 根據您的 Intune 部署使用案例和需求,適當啟用行動裝置平台。Enroll mobile device platforms as appropriate based on your Intune deployment use cases and requirements.

後續步驟Next steps

如需 Intune 實作程序的詳細資訊,請參閱 Microsoft Virtual Academy Intune 工作階段模組Check out this Microsoft Virtual Academy Intune session module for more information on the Intune implementation process.

請參閱測試與驗證 Intune 部署的指引。See guidance on testing and validating your Intune deployment.

若要提交意見反應,請前往 Intune Feedback