Windows 裝置的大量註冊Bulk enrollment for Windows devices

適用對象:Azure 入口網站的 IntuneApplies to: Intune in the Azure portal
您需要傳統入口網站的 Intune 相關文件嗎?Looking for documentation about Intune in the classic portal? 請參閱本 Intune 簡介Read the introduction to Intune.

身為系統管理員,您可以將大量的新 Windows 裝置加入 Azure Active Directory 和 Intune。As an administrator, you can join large numbers of new Windows devices to Azure Active Directory and Intune. 若要為您的 Azure AD 租用戶大量註冊裝置,請使用 Windows Configuration Designer (WCD) 應用程式來建立佈建套件。To bulk enroll devices for your Azure AD tenant, you create a provisioning package with the Windows Configuration Designer (WCD) app. 將佈建套件套用到公司擁有的裝置,就會將裝置加入您的 Azure AD 租用戶,並加以註冊以供 Intune 管理。Applying the provisioning package to corporate-owned devices joins the devices to your Azure AD tenant and enrolls them for Intune management. 套用套件之後,Azure AD 使用者即可登入。Once the package is applied, it's ready for your Azure AD users to log on.

Azure AD 使用者是這些裝置上的標準使用者,並且會接收指派的 Intune 原則和必要應用程式。Azure AD users are standard users on these devices and receive assigned Intune policies and required apps. 目前不支援自助式和公司入口網站案例。Self-service and Company Portal scenarios are not supported at this time.

Windows 裝置大量註冊的先決條件Prerequisites for Windows devices bulk enrollment

建立佈建套件Create a provisioning package

  1. 從 Microsoft 網上商店下載 Windows Configuration Designer (WCD)Download Windows Configuration Designer (WCD) from the Microsoft Store. Windows 設定設計工具 Microsoft Store 的螢幕擷取畫面Screenshot of the Windows Configuration Designer app Store

  2. 開啟 Windows Configuration Designer 應用程式並選取 [Provision desktop devices (佈建電腦裝置)]。Open the Windows Configuration Designer app and select Provision desktop devices. 在 Windows Configuration Designer 應用程式中選取佈建電腦裝置的螢幕擷取畫面Screenshot of selecting Provision desktop devices in the Windows Configuration Designer app

  3. 新專案 視窗隨即開啟,您可以在其中指定下列資訊:A New project window opens where you specify the following information:

    • Name (名稱) - 專案名稱Name - A name for your project
    • Project folder (專案資料夾) - 專案的儲存位置Project folder - Save location for the project
    • Description (描述) - 專案的選擇性描述 在 Windows Configuration Designer 應用程式中指定名稱、專案資料夾和描述的螢幕擷取畫面Description - An optional description of the project Screenshot of specifying name, project folder, and description in the Windows Configuration Designer app
  4. 輸入您裝置的唯一名稱。Enter a unique name for your devices. 名稱可以包含序號 (%%SERIAL%%) 或一組隨機字元。Names can include a serial number (%%SERIAL%%) or a random set of characters. 您也可以選擇輸入產品金鑰 (如果您正在升級 Windows 的版本)、將裝置設定為共用,以及移除預先安裝的軟體。Optionally, you can also enter a product key if you are upgrading the edition of Windows, configure the device for shared use, and remove pre-installed software.

    在 Windows 設定設計工具應用程式中指定名稱和產品金鑰的螢幕擷取畫面

  5. 您可以選擇設定裝置第一次啟動時要連線的 Wi-Fi 網路。Optionally, you can configure the Wi-Fi network devices connect to when they first start. 如果未設定網路裝置,則裝置第一次啟動時需要有線網路連線。If the network devices aren't configured, a wired network connection is required when the device is first started. 在 Windows Configuration Designer 中啟用 Wi-Fi (包含網路 SSID 和網路類型選項) 的螢幕擷取畫面Screenshot of enabling Wi-Fi including Network SSID and Network type options in the Windows Configuration Designer app

  6. 選取 [Enroll in Azure AD (在 Azure AD 中註冊)],輸入 [Bulk Token Expiry (大量權杖到期)] 日期,然後選取 [Get Bulk Token (取得大量權杖)]。Select Enroll in Azure AD, enter a Bulk Token Expiry date, and then select Get Bulk Token. Windows 設定設計工具應用程式中帳戶管理的螢幕擷取畫面Screenshot of account management in the Windows Configuration Designer app

  7. 提供您的 Azure AD 認證以取得大量權杖。Provide your Azure AD credentials to get a bulk token. 登入 Windows 設定設計工具應用程式的螢幕擷取畫面Screenshot of signing in to the Windows Configuration Designer app

  8. 成功擷取「大量權杖」之後,按一下 [Next (下一步)]。Click Next when Bulk Token is fetched successfully.

  9. 您可以選擇 [Add applications (新增應用程式)] 和 [Add certificates (新增憑證)]。Optionally, you can Add applications and Add certificates. 這些應用程式和憑證都佈建在該裝置上。These apps and certificates are provisioned on the device.

  10. 您可以選擇以密碼保護佈建套件。Optionally, you can password protect your provisioning package. 按一下 [建立]。Click Create. Windows 設定設計工具應用程式中套件保護的螢幕擷取畫面Screenshot of package protection in the Windows Configuration Designer app

佈建裝置Provision devices

  1. 存取應用程式所指定 [Project folder (專案資料夾)] 中指定的佈建套件位置。Access the provisioning package in the location specified in Project folder specified in the app.

  2. 選擇將佈建套件套用到裝置的方式。Choose how you’re going to apply the provisioning package to the device. 您可以使用下列其中一種方式將佈建套件套用到裝置:A provisioning package can be applied to a device one of the following ways:

    • 將佈建套件置於 USB 磁碟機,將 USB 磁碟機插入要大量註冊的裝置,並在初始安裝期間套用佈建套件Place the provisioning package on a USB drive, insert the USB drive into the device you’d like to bulk enroll, and apply it during initial setup
    • 將佈建套件置於網路資料夾,並在初始安裝之後,針對您要大量註冊的裝置套用佈建套件Place the provisioning package on a network folder, and apply it insert on the device you’d like to bulk enroll after initial setup

    如需套用佈建套件的逐步指示,請參閱套用佈建套件For step-by-step instruction on applying a provisioning package, see Apply a provisioning package.

  3. 套用套件之後,裝置會在一分鐘後自動重新啟動。After you apply the package, the device will automatically restart in one minute. 在 Windows Configuration Designer 應用程式中指定名稱、專案資料夾和描述的螢幕擷取畫面Screenshot of specifying name, project folder, and description in the Windows Configuration Designer app

  4. 當裝置重新啟動時,它會連線到 Azure Active Directory 並在 Microsoft Intune 中註冊。When the device restarts, it connects to the Azure Active Directory and enrolls in Microsoft Intune.

針對 Windows 大量註冊進行疑難排解Troubleshooting Windows bulk enrollment

佈建問題Provisioning issues

佈建是要用於新的 Windows 裝置上。Provisioning is intended to be used on new Windows devices. 佈建如果失敗,可能需要進行裝置原廠重設,或使用開機映像進行裝置還原。Provisioning failures might require a factory reset of the device or device recovery from a boot image. 下列例子說明佈建失敗的某些原因:These examples describe some reasons for provisioning failures:

  • 嘗試加入 Active Directory 網域或 Azure Active Directory 租用戶的佈建套件,如果未建立本機帳戶,當沒有網路連線而造成網域加入程序失敗時,會使得裝置無法使用。A provisioning package that attempts to join an Active Directory domain or Azure Active Directory tenant that does not create a local account could make the device unreachable if the domain-join process fails due to lack of network connectivity.
  • 由佈建套件執行的指令碼是在系統環境中執行。Scripts run by the provisioning package are run in system context. 指令碼可以任意對裝置檔案系統與設定進行變更。The scripts are able to make arbitrary changes to the device file system and configurations. 惡意或不良的指令碼可能會使裝置處於某種狀態,而只能透過重新安裝映像或進行原廠重設才能還原裝置。A malicious or bad script could put the device in a state that can only be recovered by reimaging or factory resetting the device.

大量註冊和公司入口網站的問題Problems with bulk enrollment and Company Portal

如果使用者使用公司入口網站嘗試註冊先前的大量註冊裝置,就會收到警告,指出其裝置需要進一步的動作 (設定或註冊)。If a user tries to enroll a previously bulk-enrolled device using the Company Portal, they will receive a warning that their device needs further actions, either setup or enrollment. 裝置已註冊,但公司入口網站應用程式或網站無法辨識註冊。The device is enrolled, but the enrollment is not recognized by the Company Portal app or website.

大量註冊使用 Wi-FiBulk enrollment with Wi-Fi

大量註冊的裝置無法使用指派給使用者的憑證及 Wi-Fi 部署。Bulk enrolled devices are unable to use to user-targeted certificates and Wi-Fi deployment. 您必須使用裝置層級憑證,才能管理這些連線。You must use device-level certificates to manage these connections.

條件式存取Conditional access

使用大量註冊來註冊的 Windows 裝置無法使用條件式存取。Conditional access is not available for Windows devices enrolled using bulk enrollment.