在 Microsoft Intune 中使用自訂原則來允許和封鎖 Samsung Knox Standard 裝置的應用程式Use custom policies in Microsoft Intune to allow and block apps for Samsung Knox Standard devices

使用本文中的程序,可建立 Microsoft Intune 的自訂原則,該原則會建立下列其中一個項目︰Use the procedure in this article to create a Microsoft Intune custom policy that creates one of the following:

  • 無法在裝置上執行的應用程式清單。A list of apps that are blocked from running on the device. 這份清單中的應用程式會被封鎖而無法執行,即使它們在套用原則時已安裝也一樣。Apps in this list are blocked from being run, even if they were already installed when the policy was applied.
  • 裝置使用者可從 Google Play 市集安裝的應用程式清單。A list of apps that users of the device are allowed to install from the Google Play store. 只可以安裝您列出的應用程式。Only the apps you list can be installed. 無法從市集安裝其他應用程式。No other apps can be installed from the store.

只有執行 Samsung Knox Standard 的裝置可使用這些設定。These settings can only be used by devices that run Samsung Knox Standard.

建立已允許或已封鎖的應用程式清單Create an allowed or blocked app list

  1. 登入 Azure 入口網站Sign into the Azure portal.

  2. 選擇 [All services] (所有服務) > [Intune]。Choose All services > Intune. Intune 位於 [Monitoring + Management] (監視 + 管理) 區段。Intune is located in the Monitoring + Management section.

  3. 在 [Intune] 窗格中,選擇 [裝置設定]。On the Intune pane, choose Device configuration.

  4. 在 [裝置設定] 窗格中,選擇 [管理] > [設定檔]。On the Device configuration pane, choose Manage > Profiles.

  5. 在設定檔清單窗格中,選擇 [建立設定檔]。In the list of profiles pane, choose Create profile.

  6. 在 [建立設定檔] 窗格中,輸入此裝置設定檔的 [名稱] 以及選用的 [描述]。On the Create profile pane, enter a Name and optional Description for this device profile.

  7. 將 [平台] 選為 [Android],且將 [設定檔類型] 選為 [自訂]。Choose a Platform of Android, and a Profile type of Custom.

  8. 按一下 [設定]。Click Settings.

  9. 在 [Custom OMA-URI Settings] (自訂 OMA-URI 設定) 窗格中,選擇 [新增]。On the Custom OMA-URI Settings pane, choose Add.

  10. 在 [Add or Edit OMA-URI Setting] (新增或編輯 OMA-URI 設定) 對話方塊中,指定下列設定:In the Add or Edit OMA-URI Setting dialog box, specify the following settings:

    無法在裝置上執行的應用程式清單:For a list of apps that are blocked from running on the device:

    • 名稱 - 輸入 PreventStartPackagesName - Enter PreventStartPackages.
    • 描述 - 輸入選用描述,例如「封鎖而無法執行的應用程式清單」。Description - Enter an optional description like 'List of apps that are blocked from running.'
    • 資料類型 - 從下拉式清單中選擇 [字串]。Data type - From the drop-down list, choose String.
    • OMA URI - 輸入 ./Vendor/MSFT/PolicyManager/My/ApplicationManagement/PreventStartPackagesOMA-URI - Enter ./Vendor/MSFT/PolicyManager/My/ApplicationManagement/PreventStartPackages
    • - 輸入您允許的應用程式套件名稱之清單。Value - Enter a list of the app package names you want to allow. 您可以使用 ; : ,| 作為分隔符號。You can use ; : , or | as a delimiter. (範例︰package1;package2;)(Example: package1;package2;)

    針對使用者在排除所有其他應用程式時,可從 Google Play 商店安裝的應用程式清單:For a list of apps that users are allowed to install from the Google Play store while excluding all other apps:

    • 名稱 - 輸入 AllowInstallPackagesName - Enter AllowInstallPackages.
    • 描述 - 輸入選用描述,例如「使用者可從 Google Play 安裝的應用程式清單」。Description - Enter an optional description like 'List of apps that users can install from Google Play.'
    • 資料類型 - 從下拉式清單中選擇 [字串]。Data type - From the drop-down list, choose String.
    • OMA URI - 輸入 ./Vendor/MSFT/PolicyManager/My/ApplicationManagement/AllowInstallPackagesOMA-URI - Enter ./Vendor/MSFT/PolicyManager/My/ApplicationManagement/AllowInstallPackages
    • - 輸入您允許的應用程式套件名稱之清單。Value - Enter a list of the app package names you want to allow. 您可以使用 ; : ,| 作為分隔符號。You can use ; : , or | as a delimiter. (範例︰package1;package2;)(Example: package1;package2;)
  11. 按一下 [確定],然後在 [建立設定檔] 窗格中,選擇 [建立]。Click OK, and then, on the Create Profile pane, choose Create.

提示

您可以藉由瀏覽至 Google Play 商店上的應用程式,找到應用程式的套件識別碼。You can find the package ID of an app by browsing to the app on the Google Play store. 套件識別碼被包含在應用程式頁面的 URL 中。The package ID is contained in the URL of the app's page. 例如,Microsoft Word 應用程式的套件識別碼為 com.microsoft.office.wordFor example, the package ID of the Microsoft Word app is com.microsoft.office.word.

下一次,登入每個目標裝置後,就會套用應用程式設定。The next time each targeted device checks in, the app settings will be applied.