設定 Symantec Endpoint Protection Mobile 與 Intune 整合Set up Symantec Endpoint Protection Mobile integration with Intune

完成下列步驟以將 Symantec Endpoint Protection Mobile (SEP Mobile) 解決方案與 Intune 整合。Complete the following steps to integrate the Symantec Endpoint Protection Mobile (SEP Mobile) solution with Intune. 您必須將 SEP Mobile 應用程式新增至 Azure AD,才能使用單一登入功能。You need to add SEP Mobile apps into Azure AD to have Single Sign On capabilities.

開始之前Before you begin

用來整合 Intune 與 SEP Mobile 的 Azure AD 帳戶Azure AD account used to integrate Intune and SEP Mobile

網路設定Network Setup

您可以參閱 Symantec 文章設定您的網路設定,確定您的網路是否已正確設定,以便與 SEP Mobile 設定整合。You can make sure your network is properly configured for integration with SEP Mobile setup by referring to the Symantec article Setting up your network configuration.

完整整合與唯讀Full integration vs. Read-only

SEP Mobile 支援兩種與 Intune 整合的模式:SEP Mobile supports two modes of integration with Intune:

  • 唯讀整合 (基本設定): 僅清查來自 Azure Active Directory 的裝置,並將它們填入 Symantec Endpoint Protection Mobile 管理主控台。Read-only integration (Basic setup): Only inventories devices from Azure Active Directory and populates them in the Symantec Endpoint Protection Mobile Management console.
    • 如果未在 Symantec Endpoint Protection Mobile 管理主控台中選取 [向 Intune 報告裝置的健全狀況和風險] 和 [也向 Intune 報告安全性事件] 方塊,則整合將會是唯讀,並因此一律不會變更 Intune 中的裝置狀態 (符合規範或不符合規範)。If the Report the health and risk of devices to Intune, and Also report security incidents to Intune boxes are not selected in the Symantec Endpoint Protection Mobile Management console, the integration is read-only and therefore will never change a device's state (compliant or noncompliant) in Intune.
  • 完整整合: 允許 SEP Mobile 向 Intune 報告裝置的風險和安全性事件詳細資料,這會在兩個雲端服務之間建立雙向通訊。Full integration: Allows SEP Mobile to report devices on risk and security incident details to Intune, which creates a bi-directional communication between both cloud services.

SEP Mobile 應用程式如何與 Azure AD 和 Intune 搭配使用?How are the SEP Mobile apps used with Azure AD and Intune?

  • iOS 應用程式︰ 允許使用者使用 iOS 應用程式登入 Azure AD。iOS app: Allows end-users to sign in to Azure AD using an iOS app.

  • Android 應用程式︰ 允許使用者使用 Android 應用程式登入 Azure AD。Android app: Allows end-users to sign in to Azure AD using an Android app.

  • 管理應用程式︰ 這是 SEP Mobile Azure AD 多租用戶應用程式,可啟用與 Intune 的服務對服務通訊。Management app: This is the SEP Mobile Azure AD multi-tenant app which enables service-to-service communication with Intune.

設定 Intune 和 SEP Mobile 之間的唯讀整合To set up the read-only integration between Intune and SEP Mobile

重要

SEP Mobile 系統管理員認證必須是屬於 Azure Active Directory 中有效使用者的電子郵件帳戶,否則登入將會失敗。The SEP Mobile admin credentials must consist of an e-mail account that belongs to a valid user in the Azure Active Directory, otherwise the login will fail. SEP Mobile 會使用 Azure Active Directory,透過單一登入 (SSO) 來驗證它的系統管理員。SEP Mobile uses Azure Active Directory to authenticate its admin using Single Sign On (SSO).

  1. 移至 Symantec Endpoint Protection Mobile 管理主控台Go to Symantec Endpoint Protection Mobile Management Console.

  2. 輸入您的 SEP Mobile 系統管理員認證,然後選擇 [繼續]。Enter your SEP Mobile admin credentials, and then choose Continue.

  3. 移至 [設定],在 [Intune 整合] 底下選擇 [基本設定]。Go to Settings, and under Intune Integration, choose Basic Setup.

  4. 在 [iOS 應用程式] 旁,選擇 [新增至 Active Directory]。Next to iOS App, choose Add to Active Directory.

    [Symantec Endpoint Protection Mobile 管理主控台] 上的 iOS 應用程式影像

  5. 當登入頁面開啟時,輸入您的 Intune 認證,然後選擇 [接受]。When the login page opens, enter your Intune credentials, and then choose Accept.

    iOS 應用程式 Intune 登入提示的影像

  6. 應用程式新增至 Azure AD 之後,您會看到已成功新增應用程式的指示。After the app is added to Azure AD, you'll see an indication that the app was added successfully.

    iOS 應用程式完成畫面的影像

  7. 針對 [SEP Mobile Android] 和 [管理] 應用程式重複這些步驟。Repeat these steps for the SEP Mobile Android and Management apps.

將 Azure AD 安全性群組新增至 SEP MobileAdd an Azure AD Security group into SEP Mobile

您需要新增包含所有執行 SEP Mobile 之裝置的 Azure AD 安全性群組。You need to add an Azure AD security group that contains all devices running SEP Mobile.

  • 輸入並選取所有執行 SEP Mobile 之裝置的安全性群組,然後儲存變更。Enter and select all the security groups of devices that are running SEP Mobile, and then save the changes.

    顯示 SEP Mobile 應用程式使用者群組的影像

SEP Mobile 會將執行其 Mobile Threat Defense 服務的裝置,與 Azure AD 安全性群組同步。SEP Mobile syncs the devices running its Mobile Threat Defense service with the Azure AD security groups.

顯示在 SEP Mobile 管理主控台上完成之安全性群組設定的影像

設定 Intune 和 SEP Mobile 之間的完整整合To set up the full integration between Intune and SEP Mobile

擷取 Azure AD 中的目錄識別碼Retrieve the Directory ID in Azure AD

  1. 登入 Azure 入口網站Sign in to the Azure portal.

  2. 在搜尋方塊中輸入「Azure Directory」,然後選取 [Azure Active Directory]。Type "Active Directory" in the search box, and then select Azure Active Directory.

  3. 選擇 [內容]。Choose Properties.

  4. 在 [目錄識別碼] 旁邊,選擇複製圖示,然後將它貼到安全的位置。Next to the Directory ID, choose the copy icon, and then paste it to a safe location. 您在稍後的步驟將需要此識別碼。You’ll need this identifier in a later step.

    在 Azure 入口網站中顯示目錄識別碼的影像

(選擇性) 針對需要執行 SEP Mobile 應用程式的裝置建立專用的安全性群組(Optional) Create a dedicated Security Group for devices that need to run the SEP Mobile apps

  1. Azure 入口網站中,選擇 [管理] 底下的 [使用者和群組],然後選擇 [所有群組]。In the Azure portal, under Manage, choose Users and groups, and then choose All groups.

  2. 選擇 [新增] 按鈕。Choose the Add button. 輸入群組名稱Type a group Name. 在 [成員資格類型] 底下,選擇 [已指派]。Under Membership type, choose Assigned.

  3. 在 [成員] 刀鋒視窗中,選取群組成員,然後選擇 [選取] 按鈕。In the Members blade, select the group members, and then choose the Select button.

  4. 在 [群組] 刀鋒視窗中,選擇 [建立]。In the Group blade, choose Create.

設定 Symantec Endpoint Protection Mobile 與 Intune 整合Set up the integration between Symantec Endpoint Protection Mobile and Intune

  1. 移至 Symantec Endpoint Protection Mobile 管理主控台Go to Symantec Endpoint Protection Mobile Management Console.

  2. 輸入您的 SEP Mobile 系統管理員認證,然後選擇 [繼續]。Enter your SEP Mobile admin credentials, then choose Continue.

  3. 移至 [設定] > [整合] > [Intune] > [EMM 整合選擇] 區段。Go to the Settings > Integrations > Intune > EMM Integration Selection section.

  4. 在 [目錄識別碼] 方塊中,貼上您在上一小節中從 Azure Active Directory 複製的目錄識別碼,並儲存設定。In the Directory ID box, paste the Directory ID you copied from Azure Active Directory in the previous section and save the settings.

    在 SEP Mobile 入口網站中顯示目錄識別碼的影像

  5. 移至 [設定] > [整合] > [Intune] > [基本設定] 區段。Go to the Settings > Integrations > Intune > Basic Setup section.

  6. 在 [iOS 應用程式] 旁,選擇 [新增至 Active Directory] 按鈕。Next to iOS App, choose the Add to Active Directory button.

    顯示將 iOS 應用程式新增到 Active Directory 的影像

  7. 使用 Azure Active Directory 認證登入管理目錄的 Office 365 帳戶。Sign in using the Azure Active Directory credentials for the Office 365 account that manages the directory.

  8. 選擇 [接受] 按鈕以將 SEP Mobile iOS 應用程式新增至 Azure Active Directory。Choose the Accept button to add the SEP Mobile iOS app to Azure Active Directory.

    顯示接受按鈕的影像

  9. 針對 [Android 應用程式] 和 [管理應用程式] 重複相同程序。Repeat the same process for the Android app and the Management App.

  10. 選取需要執行 SEP Mobile 應用程式的所有使用者群組,例如您在稍早建立的安全性群組。Select all user groups that need to run the SEP Mobile apps, for example, the security group you created earlier.

    顯示 SEP Mobile 應用程式使用者群組的影像

  11. SEP Mobile 會同步處理所選取群組中的裝置,並開始向 Intune 報告資訊。SEP Mobile syncs the devices in the selected groups and starts reporting information to Intune. 您可以在 [完整整合] 區段中檢視此資料。You can view this data in the Full Integration section. 移至 [設定] > [整合] > [Intune] > [完整整合] 區段。Go to the Settings > Integrations > Intune > Full Integration section.

    顯示完成 SEP Mobile 完整整合的影像

接下來的步驟Next steps

設定 SEP Mobile 應用程式Set up SEP Mobile apps