Microsoft Intune 的新功能What's new in Microsoft Intune

適用於︰Azure 上的 IntuneApplies to: Intune on Azure
您需要傳統主控台中之 Intune 的相關文件嗎?Looking for documentation about Intune in the classic console? 請移至這裡Go to here.

了解每週的 Microsoft Intune 新功能Learn what’s new each week in Microsoft Intune. 您也可以了解即將推出的變更、關於服務的重要通知,以及過去版本的相關資訊。You can also find out about upcoming changes, important notices about the service, and information about past releases.

注意

具備 Configuration Manager 的混合式部署於未來將會支援多數的這些功能。Many of these features will eventually be supported for hybrid deployments with Configuration Manager. 如需新混合式功能的詳細資訊,請查看我們的混合式新增功能頁面。For more information about new hybrid features, check out our hybrid What’s New page.

2017 年 7 月 31 日一週Week of July 31, 2017

裝置註冊Device enrollment

依作業系統版本限制 Android 和 iOS 裝置註冊限制 Restrict Android and iOS device enrollment restriction by OS version

Intune 現在支援依作業系統版本號碼限制 iOS 和 Android 註冊。Intune now supports restricting iOS and Android enrollment by operating system version number. 在 [裝置類型限制] 下,IT 系統管理員現在可以進行平台設定,以便將註冊限制於作業系統值上下限之間。Under Device Type Restriction, the IT admin can now set a platform configuration to restrict enrollment between a minimum and maximum operating system value. Android 作業系統版本必須指定為 Major.Minor.Build.Rev,其中 Minor、Build 和 Rev 為選擇性。Android operating system versions must be specified as Major.Minor.Build.Rev, where Minor, Build and Rev are optional. iOS 版本必須指定為 Major.Minor.Build,其中 Minor 和 Build 為選擇性。iOS versions must be specified as Major.Minor.Build where Minor and Build are optional. 深入了解裝置註冊限制Learn more about device enrollment restrictions.

注意

請勿將註冊限制為透過 Apple 註冊計劃或 Apple Configurator 進行。Does not restrict enrollment through Apple enrollment programs or Apple Configurator.

限制 Android、iOS 和 macOS 裝置以個人擁有的裝置註冊Restrict Android, iOS, and macOS device personally owned device enrollment

Intune 可以透過將公司裝置 IMEI 編號列入白名單,來限制個人裝置註冊。Intune can restricts personal device enrollment by white-listing corporate device IMEI numbers. Intune 現在已使用裝置序號,將這項功能擴充到 iOS、Android 和 macOS。Intune has now expanded this functionality to iOS, Android, and macOS using device serial numbers. 將序號上傳至 Intune,您就可以預先宣告此為公司擁有的裝置。By uploading the serial numbers to Intune, you can predeclare devices as corporate-owned. 使用註冊限制,您可以封鎖個人擁有 (BYOD) 的裝置,僅註冊公司擁有的裝置。Using enrollment restrictions, you can block personally owned (BYOD) devices, allowing enrollment only for corporate-owned devices. 深入了解裝置註冊限制Learn more about device enrollment restrictions.

若要匯入序號,請移至 [裝置註冊] > [公司裝置識別碼] 並按一下 [新增],然後上傳 .CSV 檔案 (不含標頭的兩個序號和 IMEI 編號等詳細資料欄位)。To import serial numbers, go Device enrollment > Corporate device identifiers and click Add and then upload a .CSV file (no header, two columns for serial number and details like IMEI numbers). 若要限制個人擁有的裝置,請移至 [裝置註冊] > [註冊限制]。To restrict personally owned devices, go Device enrollment > Enrollment restrictions. 在 [裝置類型限制] 下選取 [預設],然後選取 [平台設定]。Under Device Type Restrictions, select the Default and then select Platform Configurations. 您可以 [允許] 或 [封鎖] 個人擁有的 iOS、Android 和 macOS 裝置。You can Allow or Block personally owned devices for iOS, Android, and macOS.

裝置管理Device management

新的裝置動作會強制裝置與 Intune 同步處理New device action to force devices to sync with Intune

在此版本中,我們已新增裝置動作,強制所選裝置立即使用 Intune 簽入。In this release, we've added a new device action that forces the selected device to immediately check-in with Intune. 當裝置簽入時,會立即收到所有擱置動作或已指派給它的原則。When a device checks-in, it immediately receives any pending actions or policies that have been assigned to it. 這個動作可協助您立即驗證和針對您已指派的原則進行疑難排解,不用等到下次排程的簽入。This action can help you to immediately validate and troubleshoot policies you’ve assigned, without waiting for the next scheduled check-in. 如需詳細資料,請參閱同步處理裝置For details, see Synchronize device

強制受監督的 iOS 裝置自動安裝最新可用的軟體更新Force supervised iOS devices to automatically install the latest available software update

新的原則可從 [軟體更新] 工作區取得,您可在此強制受監督的 iOS 裝置自動安裝最新可用的軟體更新。A new policy is available from the Software updates workspace where you can force supervised iOS devices to automatically install the latest available software update. 如需詳細資料,請參閱設定 iOS 更新原則For details see, Configure iOS update policies

Check Point SandBlast Mobile - 新的 Mobile Threat Defense 夥伴Check Point SandBlast Mobile - New Mobile Threat Defense partner

您可以根據由 Checkpoint SandBlast Mobile (一個與 Microsoft Intune 整合的 Mobile Threat Defense 解決方案) 所進行的風險評估,使用條件式存取來控制行動裝置對公司資源的存取。You can control mobile device access to corporate resources using conditional access based on risk assessment conducted by Checkpoint SandBlast Mobile, a mobile threat defense solution that integrates with Microsoft Intune.

整合 Intune 如何運作?How integration with Intune works?

風險乃依據收集自執行 Checkpoint SandBlast Mobile 裝置的遙測來進行評估。Risk is assessed based on telemetry collected from devices running Checkpoint SandBlast Mobile. 您可以根據透過 Intune 裝置合規性政策所啟用的 Checkpoint SandBlast Mobile 風險評估,來設定 EMS 條件式存取原則。You can configure EMS conditional access policies based on Checkpoint SandBlast Mobile risk assessment enabled through Intune device compliance policies. 您可以根據偵測到的威脅,允許或封鎖不符合規範的裝置存取公司資源。You can allow or block non-compliant devices access to corporate resources based on detected threats.

應用程式管理App management

將應用程式部署為商務用 Microsoft 網上商店中的可用項目 Deploy an app as available in the Microsoft Store for Business

系統管理員現在可以使用此版本將商務用 Microsoft 網上商店指派為可用。With this release, admins can now assign the Microsoft Store for Business as available. 設定為可用時,終端使用者就可以從公司入口網站應用程式或網站安裝應用程式,而不會被重新導向至 Microsoft 網上商店。When set as available, end-users can install the app from the Company Portal app or website without being redirected to the Microsoft Store.

Intune 應用程式Intune apps

公司入口網站的 UI 更新 UI updates to the Company Portal website

我們對公司入口網站的 UI 進行了數項更新,以增強終端使用者體驗。We made several updates to the UI of the Company Portal website to enhance the end user experience.

  • 應用程式磚的增強功能:應用程式圖示現在會根據圖示的主要色彩 (如果可偵測)來顯示自動產生的背景。Enhancements to app tiles: App icons will now display with an automatically generated background based on the dominant color of the icon (if it can be detected). 適用時,此背景會取代先前在應用程式磚上顯示的灰色框線。When applicable, this background replaces the gray border that was previously visible on app tiles.

    公司入口網站會在未來版本中盡可能顯示大圖示。The Company Portal website displays large icons whenever possible in an upcoming release. 建議 IT 系統管理員使用大小下限為 120 x120 像素的高解析度圖示來發佈應用程式。We recommend that IT admins publish apps using high-resolution icons with a minimum size of 120 x120 pixels.

  • 導覽變更:導覽列項目移至左上方的漢堡功能表。Navigation changes: Navigation bar items are moved to the hamburger menu in the top left. 移除 [類別] 頁面。The Categories page is removed. 使用者現在可以在瀏覽時依類別篩選內容。Users can now filter content by category while browsing.

  • 精選 App 的更新:我們已將專用頁面新增至網站 (使用者可在其中瀏覽您選為精選的應用程式),並對首頁上的 [精選] 區段進行一些 UI 調校。Updates to Featured Apps: We've added a dedicated page to the site where users can browse apps that you've chosen to feature, and made some UI tweaks to the Featured section on the homepage.

公司入口網站的 iBooks 支援 iBooks support for the Company Portal website

我們已將專用頁面新增至公司入口網站,讓使用者可以瀏覽並下載 iBooks。We've added a dedicated page to the Company Portal website that allows users to browse and download iBooks.

報告Reporting

Intune 資料倉儲 (公開預覽)Intune Data Warehouse (Public Preview)

Intune 資料倉儲會每日對資料進行抽樣,以提供您租用戶的歷程檢視。The Intune Data Warehouse samples data daily to provide a historical view of your tenant. 您可以藉由使用 Power BI 檔案 (PBIX)、與許多分析工具相容的 OData 連結,或與 REST API 互動,來存取資料。You can access the data using a Power BI file (PBIX), an OData link that is compatible with many analytics tools, or interacting with the REST API. 如需詳細資訊,請參閱使用 Intune 資料倉儲For more information, see Use the Intune Data Warehouse.

2017 年 7 月 23 日一週Week of July 23rd, 2017

Windows 10 的公司入口網站應用程式提供日間和夜間模式Light and dark modes available for the Company Portal app for Windows 10

使用者可以自訂 Windows 10 公司入口網站應用程式的色彩模式。End users will be able to customize the color mode for the Company Portal app for Windows 10. 使用者可在公司入口網站應用程式的 [設定] 區段中進行變更。The user is able to make the change in the Settings section of the Company Portal app. 使用者重新啟動應用程式後,即會看到變更。The change will appear after the user has restarted the app. 至於 Windows 10 版本 1607 及更新版本,應用程式模式會預設為系統設定。For Windows 10 version 1607 and later, the app mode will default to the system setting. 至於 Windows 10 版本 1511 及更新版本,應用程式模式會預設為日間模式。For Windows 10 version 1511 and earlier, the app mode will default to the light mode.

讓使用者在 Windows 10 的公司入口網站應用程式中標記其裝置群組Enable end users to tag their device group in the Company Portal app for Windows 10

終端使用者現在可以直接在 Windows 10 公司入口網站應用程式中標記群組,選取其裝置所屬群組。End users are now able to select which group their device belongs to by tagging it directly from within the Company Portal app for Windows 10.

通知Notices

Intune 的 IP 位址已更新IP addresses for Intune updated

防火牆 Proxy 設定有更新的 DNS 名稱和 IP 位址清單An updated list of DNS names and IP addresses is available for firewall proxy settings.

使用 Azure Active Directory 進行條件式存取Use Azure Active Directory for conditional access

Azure 主控台的 Azure Active Directory 區段提供條件式存取,在設定 Office 365 Exchange Online 和 SharePoint Online 等雲端應用程式的原則時,可提供更強大而彈性的架構。Conditional access is available in the Azure Active Directory section of the Azure console and provides a more powerful and flexible framework for setting policies for cloud apps like Office 365 Exchange Online and SharePoint Online. 使用 [Azure Active Directory] 刀鋒視窗中的 [條件式存取] 來設定原則,取代傳統的 Intune 主控台。Use the Conditional access in Azure Active Directory blade to configure policies instead of the classic Intune console. 傳統 Intune 主控台中的現有原則,必須在 Azure 主控台中重新建立。Existing policies in the classic Intune console need to be re-created in the Azure console. 如需詳細資訊,請參閱建立 Azure AD 條件式存取原則For more information, see Create Azure AD conditional access policies

直接存取 Apple 註冊案例 Direct access to Apple enrollment scenarios

對於在 2017 年 1 月之後建立的 Intune 帳戶,Intune 已經啟用使用 Azure 入口網站中的「註冊裝置」工作負載直接存取 Apple 註冊案例。For Intune accounts created after January 2017, Intune has enabled direct access to Apple enrollment scenarios using the Enroll Devices workload in the Azure portal. Apple 註冊預覽原本只能從傳統 Intune 入口網站中的連結存取。Previously, the Apple enrollment preview was only accessible from links in the classic Intune portal. 在 2017 年 1 月之前建立的 Intune 帳戶需要進行一次性移轉,才能在 Azure 中使用這些功能。Intune accounts created before January 2017 require a one-time migration before these features are available in Azure. 移轉的排程尚未宣布,但將會盡快提供詳細資料。The schedule for migration has not been announced yet, but details will be made available as soon as possible. 如果您現有的帳戶無法存取 Azure 入口網站,我們強烈建議您建立試用帳戶來測試新的體驗。We strongly recommend creating a trial account to test out the new experience if your existing account cannot access the Azure portal.

Azure 入口網站中將被取代的系統管理角色Administration roles being replaced in Azure portal

在 Intune 傳統入口網站 (Silverlight) 中使用的現有行動應用程式管理 (MAM) 系統管理角色 (參與者、擁有者或唯讀) 在 Intune Azure 入口網站中會被取代為一組新的、完整的角色型系統管理控制 (RBAC)。The existing mobile application management (MAM) administration roles (Contributor, Owner, and Read-Only) used in the Intune classic portal (Silverlight) are being replaced with a full set of new role-based administration controls (RBAC) in the Intune Azure portal. 當您移轉至 Azure 入口網站之後,必須將系統管理員重新指派至這些新的系統管理角色。Once you are migrated to the Azure portal, you will need to reassign your admins to these new administration roles. 如需 RBAC 和新角色的詳細資訊,請參閱 Microsoft Intune 的角色型存取控制For more information about RBAC and the new roles, see Role-based access control for Microsoft Intune.

未來動態What's coming

結束對 iOS 8.0 的支援End of support for iOS 8.0

受管理的應用程式和 iOS 公司入口網站應用程式需要 iOS 9.0 及更新版本才能存取公司資源。Managed apps and the Company Portal app for iOS will require iOS 9.0 and higher to access company resources. 今年 9 月前未更新的裝置將不再能存取公司入口網站或這些應用程式。Devices that aren't updated before this September will no longer be able to access the Company Portal or those apps.

公司入口網站的 UI 更新 UI updates to the Company Portal website

精選 App 的更新Updates to Featured Apps
我們已將專用頁面新增至網站 (使用者可在其中瀏覽您選為精選的應用程式),並對首頁上的 [精選] 區段進行一些 UI 調校。We've added a dedicated page to the site where users can browse apps that you've chosen to feature, and made some UI tweaks to the Featured section on the homepage. 您可以在應用程式 UI 的新功能頁面看到這些變更的樣子。You can see what these changes look like on the what's new in app UI page.

結束對 Android 4.3 和較舊版本的支援End of support for Android 4.3 and lower

受管理的應用程式和 Android 公司入口網站應用程式需要 Android 4.4 及更新版本才能存取公司資源。Managed apps and the Company Portal app for Android will require Android 4.4 and higher to access company resources. 10 月初前未更新的裝置將不再能存取公司入口網站或這些應用程式。Devices that aren't updated before the beginning of October will no longer be able to access the Company Portal or those apps. 今年 12 月會強制淘汰所有已註冊的裝置,以致無法存取公司資源。By December, all enrolled devices will be force retired in December, resulting in loss of access to company resources. 如果您使用不含 MDM 的應用程式保護原則,應用程式就不會接收更新,其體驗品質會隨著時間而降低。If you are using app protection policies without MDM, apps will not receive updates, and the quality of their experience will diminish over time.

平台支援提醒:Windows Phone 8.1 的主要支援已於 2017 年 7 月 11 日結束Platform Support Reminder: Windows Phone 8.1 mainstream support ended July 11, 2017

Windows Phone 8.1 平台已於 2017 年 7 月 11 日結束主要支援。On July 11, 2017, the Windows Phone 8.1 platform reached end of mainstream support. Windows 8.1 電腦的支援不受影響。Windows 8.1 PC support is not impacted.

受 Intune 服務管理的所有 Windows Phone 8.1 裝置沒有直接影響。There is no immediate impact to any Windows Phone 8.1 device that is managed by the Intune service. 已註冊的裝置會繼續運作,而所有的原則、設定和應用程式也會一如預期般運作。Devices that are enrolled will continue to work and all policies, configurations, and apps will continue to work as expected. 請注意,沒有以 Intune 服務內的 Windows Phone 8.1 平台為目標的改進,也沒有以 Windows Phone 8.1 公司入口網站應用程式為目標的改進。Note that there are no improvements targeted for the Windows Phone 8.1 platform within the Intune Service, and for the Windows Phone 8.1 Company Portal app.

我們建議您儘早將符合資格的 Windows Phone 8.1 裝置升級至 Windows 10 行動裝置版。We recommend that you upgrade eligible Windows Phone 8.1 devices to Windows 10 Mobile at your earliest opportunity.

Intune iOS 公司入口網站應用程式的支援變更 Changes in support for the Intune iOS Company Portal app

iOS 的 Microsoft Intune 公司入口網站應用程式很快將會有更新,屆時將只支援執行 iOS 9.0 或更新版本的裝置。Coming soon, there will be a new version of the Microsoft Intune Company Portal app for iOS that will support only devices running iOS 9.0 or later. 支援 iOS 8 的公司入口網站版本仍然可以使用非常短的一段時間。The version of the Company Portal that supports iOS 8 will still be available for a very short period of time. 不過,請注意,如果您也使用啟用 MAM 的 iOS 應用程式,我們支援 iOS 9.0 及更新版本,因此您會想要確保您的終端使用者更新到最新的作業系統。However, please note that if you also use MAM-enabled iOS apps we support iOS 9.0 and later, so you'll want to ensure your end users update to the latest OS.

此變更對我造成什麼影響?How does this affect me?

我們讓您事先知道這項資訊,雖然我們沒有特定的日期,您仍有時間進行規劃。We are letting you know this in advance, even though we don't have specific dates, so you have time to plan. 請確認您的使用者更新為 iOS 9+,且當公司入口網站應用程式發表時,要求您的終端使用者更新其公司入口網站應用程式。Please ensure your users are updated to iOS 9+ and when the Company Portal app releases, request that your end users update their Company Portal app.

我需要為這項變更做什麼準備?What do I need to do to prepare for this change?

鼓勵您的使用者更新到 iOS 9.0 或更新版本,以便完全利用 Intune 的新功能。Encourage your users to update to iOS 9.0 or later to take full advantage of new Intune features. 鼓勵使用者安裝新版的公司入口網站,並利用它將提供的新功能。Encourage users to install the new version of the Company Portal and take advantage of the new features it will offer.

在 Azure 入口網站移至 Intune,並檢視 [裝置] > [所有裝置],並依 iOS 版本篩選,查看作業系統早於 iOS 9 的任何目前的裝置。Go to the Intune on Azure portal and view Devices > All Devices and filter by iOS version to see any current devices with operating systems earlier than iOS 9.

變更計畫:Intune 正在變更 Intune 合作夥伴入口網站體驗 Plan for change: Intune is changing the Intune Partner Portal experience

我們會在 2017 年 5 月中旬的服務更新將 Intune 合作夥伴頁面從 manage.microsoft.com 移除。We are removing the Intune Partner page from manage.microsoft.com beginning with the service update in mid-May 2017.

如果您是合作夥伴系統管理員,將無法再從 Intune 合作夥伴頁面代表客戶檢視或採取動作,但會需要登入在 Microsoft 的另外兩個合作夥伴入口網站的其中一個。If you are a partner administrator, you will no longer be able to view and take action on behalf of your customers from the Intune Partner page, but will instead need to sign in at one of two other partner portals at Microsoft.

Microsoft 合作夥伴中心Microsoft Office 365 合作夥伴系統管理中心都能讓您登入所管理客戶的帳戶。Both the Microsoft Partner Center and the Microsoft Office 365 Partner Admin Center will allow you to sign into the customer accounts you manage. 合作夥伴在此後請使用這兩個網站來管理客戶。Moving forward as a partner, please use one of these sites to manage your customers.

Apple 要求必須更新 Application Transport Security Apple to require updates for Application Transport Security

Apple 宣布將會強制執行 Application Transport Security (ATS) 的特定需求。Apple has announced that they will enforce specific requirements for Application Transport Security (ATS). ATS 可用來對透過 HTTPS 進行的所有應用程式通訊,強制執行更嚴格的安全性。ATS is used to enforce stricter security on all app communications over HTTPS. 此變更會影響使用 iOS 公司入口網站應用程式的 Intune 客戶。This change impacts Intune customers using the iOS Company Portal apps.

我們已透過 Apple TestFlight 方案,提供符合新 ATS 需求的 iOS 版公司入口網站應用程式。We have made available a version of the Company Portal app for iOS through the Apple TestFlight program that enforces the new ATS requirements. 如果您想試用該版本以便測試 ATS 合規性,請傳送電子郵件到 CompanyPortalBeta@microsoft.com,並附上您的姓氏、名字、電子郵件地址和公司名稱。If you would like to try it so you can test your ATS compliance, email CompanyPortalBeta@microsoft.com with your first name, last name, email address, and company name. 如需詳細資訊,請檢閱我們的 Intune 支援部落格Review our Intune support blog for more details.

另請參閱See also

若要提交意見反應,請前往 Intune Feedback