教學課程:針對現有 Configuration Manager 用戶端啟用共同管理Tutorial: Enable co-management for existing Configuration Manager clients

藉由共同管理,您將可保有已妥善建立的程序,以使用 Configuration Manager 來管理您組織中的電腦。With co-management, you can keep your well-established processes for using Configuration Manager to manage PCs in your organization. 同時,您也會使用 Intune 來投資雲端,以取得安全性和現代化佈建。At the same time, you're investing in the cloud through use of Intune for security and modern provisioning.

在此教學課程中,您會針對已註冊於 Configuration Manager 中的 Windows 10 裝置設定共同管理。In this tutorial, you set up co-management of your Windows 10 devices that are already enrolled in Configuration Manager. 此教學課程會以您已經使用 Configuration Manager 來管理 Windows 10 裝置作為前提。This tutorial begins with the premise that you already use Configuration Manager to manage your Windows 10 devices.

在下列情況下,請使用此教學課程:Use this tutorial when:

  • 您已經具有內部部署 Active Directory,並可以混合式 Azure AD 設定的形式將它連線至 Azure Active Directory (Azure AD)。You have an on-premises Active Directory that you can connect to Azure Active Directory (Azure AD) in a hybrid Azure AD configuration.

    如果您無法部署能聯結內部部署 AD 與 Azure AD 的混合式 Azure Active Directory (AD),建議您遵循我們隨附的教學課程:為新的網際網路型 Windows 10 裝置啟用共同管理If you can't deploy a hybrid Azure Active Directory (AD) that joins your on-premises AD with Azure AD, we recommend following our companion tutorial, Enable co-management for new internet-based Windows 10 devices.

  • 您有想要連線到雲端的現有 Configuration Manager 用戶端。You have existing Configuration Manager clients that you want to cloud-attach.

在此教學課程中,您將會:In this tutorial you will:

  • 檢閱 Azure 和您內部部署環境的先決條件Review prerequisites for Azure and your on-premises environment
  • 設定混合式 Azure ADSet up hybrid Azure AD
  • 設定 Configuration Manager 用戶端代理程式以向 Azure AD 註冊Configure Configuration Manager client agents to register with Azure AD
  • 設定 Intune 以自動註冊裝置Configure Intune to auto-enroll devices
  • 在 Configuration Manager 中啟用共同管理Enable co-management in Configuration Manager

先決條件Prerequisites

Azure 服務和環境Azure services and environment

  • Azure 訂用帳戶 (免費試用)Azure Subscription (free trial)
  • Azure Active Directory PremiumAzure Active Directory Premium
  • Microsoft Intune 訂閱Microsoft Intune subscription

    提示

    Enterprise Mobility + Security (EMS) 訂用帳戶同時包括 Azure Active Directory Premium 和 Microsoft Intune。An Enterprise Mobility + Security (EMS) Subscription includes both Azure Active Directory Premium and Microsoft Intune. EMS 訂用帳戶 (免費試用)。EMS Subscription (free trial).

如果其尚未存在於您的環境,在此教學課程期間您將會:If not already present in your environment, during this tutorial you'll:

  • 在您的內部部署 Active Directory 與 Azure Active Directory (AD) 租用戶之間設定 Azure AD Connect (部分機器翻譯)。Configure Azure AD Connect between your on-premises Active Directory and your Azure Active Directory (AD) tenant.

提示

您不再需要購買並指派個別的 Intune 或 EMS 授權給使用者。You no longer need to purchase and assign individual Intune or EMS licenses to your users. 如需詳細資訊,請參閱產品與授權常見問題集For more information, see the Product and licensing FAQ.

內部部署基礎結構On-premises infrastructure

  • Configuration Manager 最新分支的支援版本A supported version of Configuration Manager current branch
  • 行動裝置管理 (MDM) 授權單位必須設定為 Intune。The mobile device management (MDM) authority must be set to Intune.

權限Permissions

在此教學課程的整個過程中,請使用下列權限來完成工作:Throughout this tutorial, use the following permissions to complete tasks:

  • 在您內部部署基礎結構上為「網域管理員」的帳戶An account that is a domain admin on your on-premises infrastructure
  • 在 Configuration Manager 中為「所有」範圍之「系統高權限管理員」的帳戶An account that is a full administrator for all scopes in Configuration Manager
  • 在 Azure Active Directory (Azure AD) 中為「全域管理員」帳戶An account that is a global administrator in Azure Active Directory (Azure AD)
    • 請確定您已將 Intune 授權指派給您用來登入租用戶的帳戶。Make sure you've assigned an Intune license to the account that you use to sign in to your tenant. 否則登入將會失敗,並顯示錯誤訊息「無法辨識的使用者」。Otherwise, sign in fails with the error message "User not recognized".

設定混合式 Azure ADSet up hybrid Azure AD

當您設定混合式 Azure AD 時,您實際上是使用 Azure AD Connect 和 Active Directory Federated Services (ADFS) 設定內部部署 AD 與 Azure AD 的整合。When you set up a hybrid Azure AD, you're really setting up integration of an on-premises AD with Azure AD using Azure AD Connect and Active Directory Federated Services (ADFS). 設定成功之後,您的員工便能使用其內部部署 AD 認證順暢地登入外部系統。With successful configuration, your workers can seamlessly sign in to external systems using their on-premises AD credentials.

重要

此教學課程會詳述針對受控網域設定混合式 Azure AD 的極簡程序。This tutorial details a bare-bones process to set up hybrid Azure AD for a managed domain. 我們建議您熟悉該程序,且不要仰賴此教學課程作為了解及部署混合式 Azure AD 的指南。We recommend you be familiar with the process and not rely on this tutorial as your guide to understanding and deploying hybrid Azure AD.

如需混合式 Azure AD 的詳細資訊,請以下列來自 Azure Active Directory 文件中的文章作為開始:For more information about hybrid Azure AD, start with the following articles in the Azure Active Directory documentation:

設定 Azure AD ConnectSet up Azure AD Connect

混合式 Azure AD 需要設定 Azure AD Connect,以確保內部部署 Active Directory (AD) 中的電腦帳戶以及 Azure AD 中的裝置物件能保持同步。Hybrid Azure AD requires configuration of Azure AD Connect to keep computer accounts in your on-premises Active Directory (AD) and the device object in Azure AD in sync.

從 1.1.819.0 版開始,Azure AD Connect 能提供設定混合式 Azure AD Join 的精靈。Beginning with version 1.1.819.0, Azure AD Connect provides you with a wizard to configure hybrid Azure AD join. 使用該精靈將能簡化設定程序。Use of that wizard simplifies the configuration process.

若要設定 Azure AD Connect,則需要 Azure AD 的全域系統管理員認證。To configure Azure AD Connect, you need credentials of a global administrator for Azure AD.

提示

下列程序不應該被當作設定 Azure AD Connect 的正當作法,在此提供它的原因是為了協助簡化 Intune 和 Configuration Manager 之間的共同管理設定。The following procedure should not be considered authoritative for set up of Azure AD Connect but is provided here to help streamline configuration of co-management between Intune and Configuration Manager. 如需此主題的正當內容,以及設定 Azure AD 的相關程序,請參閱 Azure AD 文件中的設定適用於受控網域的混合式 Azure AD JoinFor the authoritative content on this and related procedures for set up of Azure AD, see Configure hybrid Azure AD join for managed domains in the Azure AD documentation.

使用 Azure AD Connect 設定混合式 Azure AD JoinConfigure a hybrid Azure AD join using Azure AD Connect

  1. 取得並安裝最新版本的 Azure AD Connect (英文) (1.1.819.0 或更高版本)。Get and install the latest version of Azure AD Connect (1.1.819.0 or higher).

  2. 啟動 Azure AD Connect,然後選取 [設定]。Launch Azure AD Connect, and then select Configure.

  3. 在 [其他工作] 頁面上,選取 [設定裝置選項],然後選取 [下一步]。On the Additional tasks page, select Configure device options, and then select Next.

  4. 在 [概觀] 頁面上,選取 [下一步]。On the Overview page, select Next.

  5. 在 [連線到 Azure AD] 頁面中,輸入 Azure AD 的全域系統管理員認證。On the Connect to Azure AD page, enter the credentials of a global administrator for Azure AD.

  6. 在 [裝置選項] 頁面上,選取 [設定混合式 Azure AD Join],然後選取 [下一步]。On the Device options page, select Configure Hybrid Azure AD join, and then select Next.

  7. 在 [裝置作業系統] 頁面上,選取您 Active Directory 環境中裝置所使用的作業系統,然後選取 [下一步]。On the Device operating systems page, select the operating systems used by devices in your Active Directory environment, and then select Next.

    您可以選取支援 Windows 舊版已加入網域裝置的選項,但請牢記裝置的共同管理僅支援 Windows 10。You can select the option to support Windows downlevel domain-joined devices, but keep in mind that co-management of devices is only supported for Windows 10.

  8. 在 [SCP] 頁面上,針對您想要 Azure AD Connect 設定服務連接點 (SCP) 的每個內部部署樹系執行下列步驟,然後選取 [下一步]:On the SCP page, for each on-premises forest you want Azure AD Connect to configure the service connection point (SCP), do the following steps, and then select Next:

    1. 選取樹系。Select the forest.
    2. 選取驗證服務。Select the authentication service. 如果您有同盟的網域,請選取 AD FS 伺服器,除非您的組織只具有 Windows 10 用戶端且您已設定電腦/裝置同步,或是您的組織是使用 SeamlessSSOIf you have a federated domain, select AD FS server unless your organization has exclusively Windows 10 clients and you have configured computer/device sync or your organization is using SeamlessSSO.
    3. 按一下 [新增] 以輸入企業系統管理員認證。Click Add to enter the enterprise administrator credentials.
  9. 如果您有受控網域,請略過此步驟。If you have a managed domain, skip this step.

    在 [同盟設定] 頁面上,輸入 AD FS 系統管理員的認證,然後選取 [下一步]。On the Federation configuration page, enter the credentials of your AD FS administrator, and then select Next.

  10. 在 [準備設定] 頁面上,選取 [設定]。On the Ready to configure page, select Configure.

  11. 在 [設定完成] 頁面上,選取 [結束]。On the Configuration complete page, select Exit.

如果您在針對已加入網域的 Windows 裝置完成混合式 Azure AD Join 時遇到問題,請參閱針對 Windows 目前裝置進行混合式 Azure AD Join 的疑難排解If you experience issues with completing hybrid Azure AD join for domain joined Windows devices, see Troubleshooting hybrid Azure AD join for Windows current devices.

設定 [用戶端設定] 指示用戶端向 Azure AD 註冊Configure Client Settings to direct clients to register with Azure AD

使用 [用戶端設定] 來設定讓 Configuration Manager 用戶端自動向 Azure AD 註冊。Use Client Settings to configure Configuration Manager clients to automatically register with Azure AD.

  1. 開啟 [Configuration Manager 主控台] > [系統管理] > [概觀] > [用戶端設定],然後編輯 [預設用戶端設定]。Open the Configuration Manager console > Administration > Overview > Client Settings, and then edit the Default Client Settings.

  2. 選取 [雲端服務]。Select Cloud Services.

  3. 在 [預設設定] 頁面上,將 [自動向 Azure Active Directory 註冊新加入 Windows 10 網域的裝置] 設定為 [是]。On the Default Settings page, set Automatically register new Windows 10 domain joined devices with Azure Active Directory to = Yes.

  4. 按一下 [確定] 儲存這項設定。Select OK to save this configuration.

設定針對 Intune 自動註冊裝置Configure auto-enrollment of devices to Intune

接下來,我們將搭配 Intune 設定裝置自動註冊。Next, we'll set up auto-enrollment of devices with Intune. 透過自動註冊,您使用 Configuration Manager 管理的裝置都會自動向 Intune 註冊。With automatic enrollment, devices you manage with Configuration Manager automatically enroll with Intune.

自動註冊也能讓使用者向 Intune 註冊其 Windows 10 裝置。Automatic enrollment also lets users enroll their Windows 10 devices to Intune. 裝置會在使用者將其公司帳戶新增到其個人擁有的裝置,或在公司擁有的裝置加入 Azure Active Directory 時註冊。Devices enroll when a user adds their work account to their personally owned device, or when a corporate-owned device is joined to Azure Active Directory.

  1. 登入 Azure 入口網站,然後選取 [Azure Active Directory] > [行動性 (MDM 與 MAM)] > [Microsoft Intune]。Sign in to the Azure portal and select Azure Active Directory > Mobility (MDM and MAM) > Microsoft Intune.

  2. 設定 [MDM 使用者範圍]。Configure MDM user scope. 指定下列其中一個,以設定有哪些使用者的裝置是由 Microsoft Intune 管理,然後接受 URL 值的預設值。Specify one of the following to configure which users' devices are managed by Microsoft Intune and accept the defaults for the URL values.

    • 部分:選取可以自動註冊其 Windows 10 裝置的 [群組]Some: Select the Groups that can automatically enroll their Windows 10 devices

    • 全部:所有使用者都可以自動註冊其 Windows 10 裝置All: All users can automatically enroll their Windows 10 devices

    • :停用 MDM 自動註冊None: Disable MDM automatic enrollment

    重要

    如果同時針對某個群組啟用 [MAM 使用者範圍] 和自動 MDM 註冊 ([MDM 使用者範圍]),則只會啟用 MAM。If both MAM user scope and automatic MDM enrollment (MDM user scope) are enabled for a group, only MAM is enabled. 當該群組中的使用者將個人裝置加入工作場所網路時,系統只會針對他們新增行動應用程式管理 (MAM)。Only Mobile Application Management (MAM) is added for users in that group when they workplace join personal device. 裝置不會自動進行 MDM 註冊。Devices aren't automatically MDM-enrolled.

  3. 選取 [儲存] 以完成自動註冊的設定。Select Save to complete configuration of automatic enrollment.

  4. 返回 [行動性 (MDM 與 MAM)] 並選取 [Microsoft Intune 註冊]。Return to Mobility (MDM and MAM) and then select Microsoft Intune Enrollment.

    注意

    某些租用戶可能無法設定這些選項。Some tenants may not have these options to configure.

    Microsoft Intune 是為 Azure AD 設定 MDM 應用程式的方式。Microsoft Intune is how you configure the MDM app for Azure AD. Microsoft Intune 註冊是當針對 iOS 和 Android 註冊套用多重要素驗證原則時所建立的特定 Azure AD 應用程式。Microsoft Intune Enrollment is a specific Azure AD app that's created when you apply multi-factor authentication policies for iOS and Android enrollment. 如需詳細資訊,請參閱需要 Intune 裝置註冊的多重要素驗證 (英文)。For more information, see Require multi-factor authentication for Intune device enrollments.

  5. 針對 MDM 使用者範圍,請選取 [全部],然後選取 [儲存]。For MDM user scope, select All, and then Save.

在 Configuration Manager 中啟用共同管理Enable co-management in Configuration Manager

設定混合式 Azure AD 並備妥 Configuration Manager 用戶端設定之後,您便已準備好啟用 Windows 10 裝置的共同管理。With hybrid Azure AD set-up and Configuration Manager client configurations in place, you're ready to flip the switch and enable co-management of your Windows 10 devices. 試驗群組一詞會在整個共同管理功能和設定對話方塊中使用。The phrase Pilot group is used throughout the co-management feature and configuration dialogs. 「試驗群組」是一個集合,包含您 Configuration Manager 裝置的子集。A pilot group is a collection containing a subset of your Configuration Manager devices. 針對初始測試使用「試驗群組」,視需要新增裝置,直到準備好移動所有 Configuration Manager 裝置的工作負載為止。Use a pilot group for your initial testing, adding devices as needed, until you're ready to move the workloads for all Configuration Manager devices. 將「試驗群組」用於工作負載的時間長度沒有限制。There isn't a time limit on how long a pilot group can be used for workloads. 若不想要將工作負載移動到所有 Configuration Manager 裝置,則可無限期使用「試驗群組」。A pilot group can be used indefinitely if you don't wish to move the workload to all Configuration Manager devices.

提示

  • 當您啟用共同管理時,將會指派一個集合作為「試驗群組」。When you enable co-management, you'll assign a collection as a Pilot group. 這是一個包含少量用戶端的群組,以用來測試共同管理設定。This is a group that contains a small number of clients to test your co-management configurations. 建議您先建立一個適當的集合,再開始進行此程序。We recommend you create a suitable collection before you start the procedure. 如此一來,您無需結束此程序,即可選取該集合。Then you can select that collection without exiting the procedure to do so.
  • 從 Configuration Manager 1906 版開始,您可能需要多個集合,因為您可以為每個工作負載指派不同的「試驗群組」。Starting in Configuration Manager version 1906, you may need multiple collections since you can assign a different Pilot group for each workload.

從 1906 版開始啟用共同管理Enable co-management starting in version 1906

啟用共同管理時,您可以使用 Azure 公用雲端、Azure 美國政府雲端,或 Microsoft Azure China 21Vianet (於 2006 版中新增)。When enabling co-management, you can use the Azure Public Cloud, Azure US Government Cloud, or Microsoft Azure China 21Vianet (added in version 2006). 若要從 Configuration Manager 1906 版開始啟用共同管理,請遵循下列指示:To enable co-management starting in Configuration Manager version 1906, follow the instructions below:

  1. 在 Configuration Manager 主控台中,移至 [系統管理] 工作區,展開 [雲端服務],然後選取 [共同管理] 節點。In the Configuration Manager console, go to the Administration workspace, expand Cloud Services, and select the Co-management node. 選取功能區中的 [設定共同管理] 以開啟 [共同管理設定精靈]。Select Configure co-management in the ribbon to open the Co-management Configuration Wizard.

  2. 在精靈的 [租用戶上線] 頁面上,設定要使用的 [Azure 環境]。On the Tenant onboarding page of the wizard, configure the Azure environment to use. 選擇下列其中一個環境︰Choose one of the following environments:

    • Azure 公用雲端Azure Public Cloud
    • Azure 美國政府雲端。Azure US Government Cloud.
    • Azure China 雲端運算 (於 2006 版中新增)Azure China Cloud (added in version 2006)
      • 在上線至 Azure 中國雲端之前,請將您裝置上的 Configuration Manager 用戶端更新到最新版本。Update the Configuration Manager client to the latest version on your devices before onboarding to Azure China Cloud.

    當您選取 [Azure China 雲端運算] 或 [Azure 美國政府雲端] 時,會停用租用戶附加的 [上傳至 Microsoft 端點管理員系統管理中心] 選項。When you select Azure China Cloud or Azure US Government Cloud, the Upload to Microsoft Endpoint Manager admin center option for tenant attach is disabled.

  3. 選取 [登入]。Select Sign In. 以 Azure 全域系統管理員身分登入,然後選取 [下一步]。Sign in as an Azure AD global administrator, and then select Next. 您將針對此精靈的目的登入一次。You sign in this one time for the purposes of this wizard. 這些認證不會在其他位置儲存或重複使用。The credentials aren't stored or reused elsewhere.

  4. 在 [啟用]**** 頁面上,選擇下列設定:On the Enablement page, choose the following settings:

    • 自動註冊到 Intune:為現有的 Configuration Manager 用戶端在 Intune 中啟用自動用戶端註冊。Automatic enrollment into Intune - Enables automatic client enrollment in Intune for existing Configuration Manager clients. 此選項可讓您在用戶端子集上啟用共同管理,初步測試共同管理,並推出使用分段方法的共同管理。This option allows you to enable co-management on a subset of clients to initially test co-management, and rollout co-management using a phased approach. 如果使用者將裝置取消註冊,則該裝置會在下一次評估原則時重新註冊。If a device is unenrolled by the user, on the next evaluation of the policy, it will re-enroll.

      • 試驗:只有為 Intune 自動註冊集合成員的 Configuration Manager 用戶端會在 Intune 中自動註冊。Pilot - Only the Configuration Manager clients that are members of the Intune Auto Enrollment collection are automatically enrolled to Intune.
      • 全部:針對所有 Windows 10 1709 版或更新版本用戶端啟用自動註冊。All - Enable automatic enrollment for all Windows 10, version 1709 or later, clients.
    • Intune 自動註冊:此集合應包含所有要上架到共同管理的用戶端。Intune Auto Enrollment - This collection should contain all of the clients you want to onboard into co-management. 其就本質上而言,是其他暫存集合的超集。It's essentially a superset of all the other staging collections.

    指定 Intune 自動註冊集合Specify Intune auto enrollment collection

    自動註冊不會立即提供給所有用戶端。Automatic enrollment isn't immediate for all clients. 這個行為有助於大型環境的大規模註冊。This behavior helps enrollment scale better for large environments. Configuration Manager 根據用戶端數目隨機化註冊。Configuration Manager randomizes enrollment based on the number of clients. 例如,如果您的環境有 100,000 個用戶端,則當您啟用此設定時,註冊會在數天之間進行。For example, if your environment has 100,000 clients, when you enable this setting, enrollment occurs over several days.

    注意

    從 1906 版開始:Starting in version 1906:

    • 新的共同管理裝置現在會根據其 Azure Active Directory (Azure AD)「裝置」權杖自動註冊到 Microsoft Intune 服務。A new co-managed device now automatically enrolls to the Microsoft Intune service based on its Azure Active Directory (Azure AD) device token. 不需要等待使用者登入裝置以啟動自動註冊。It doesn't need to wait for a user to sign in to the device for auto-enrollment to start. 此變更有助於減少註冊狀態為「擱置使用者登入」** 的裝置數目。This change helps to reduce the number of devices with the enrollment status Pending user sign in. 若要支援此行為,裝置需要執行 Windows 10 1803 版或更新版本。To support this behavior, the device needs to be running Windows 10, version 1803 or later. 如需詳細資訊,請參閱共同管理註冊狀態For more information, see Co-management enrollment status.

    • 如果您已將裝置註冊到共同管理,新的裝置現在會在符合必要條件之後立即註冊。If you already have devices enrolled to co-management, new devices now enroll immediately once they meet the prerequisites.

  5. 針對已在 Intune 中註冊的網際網路型裝置,請複製 [啟用]**** 頁面上的命令列並加以儲存。For internet-based devices that are already enrolled in Intune, copy and save the command line on the Enablement page. 您可以使用此命令列,將 Configuration Manager 用戶端安裝為 Intune 中的應用程式,以供網際網路型裝置使用。You'll use this command line to install the Configuration Manager client as an app in Intune for internet-based devices. 如果您現在不儲存此命令列,則可隨時檢閱共同管理設定來取得此命令列。If you don't save this command line now, you can review the co-management configuration at any time to get this command line.

    提示

    命令列只會顯示您是否已滿足所有先決條件,例如設定雲端管理閘道。The command line only shows if you've met all of the prerequisites, such as set up a cloud management gateway.

  6. 在 [工作負載]**** 頁面上,針對每個工作負載選擇要移動以使用 Intune 進行管理的裝置群組。On the Workloads page, for each workload, choose which device group to move over for management with Intune. 如需詳細資訊,請參閱工作負載For more information, see Workloads. 如果您只想要啟用共同管理,則不需要現在切換工作負載。If you only want to enable co-management, you don't need to switch workloads now. 您可以稍後再切換工作負載。You can switch workloads later. 如需詳細資訊,請參閱如何切換工作負載For more information, see How to switch workloads.

    • 試驗 Intune:只會針對您將在 [暫存]**** 頁面上設定之試驗集合中的裝置,切換相關聯的工作負載。Pilot Intune - Switches the associated workload only for the devices in the pilot collections you'll specify on the Staging page. 每個工作負載都可以有不同的試驗集合。Each workload can have a different pilot collection.
    • Intune - 會針對所有共同管理的 Windows 10 裝置切換相關工作負載。Intune - Switches the associated workload for all co-managed Windows 10 devices.

    重要

    切換任何工作負載之前,請確定您已正確地設定及部署 Intune 中對應的工作負載。Before you switch any workloads, make sure you properly configure and deploy the corresponding workload in Intune. 請確保工作負載一律受您裝置的其中一項管理工具所管理。Make sure that workloads are always managed by one of the management tools for your devices.

  7. 在 [暫存]**** 頁面上,針對每個設為 [試驗 Intune]**** 的工作負載指定試驗集合。On the Staging page, specify the pilot collection for each of the workloads that are set to Pilot Intune.

    共同管理設定精靈, 預備頁面, 指定試驗集合

  8. 若要啟用共同管理,請完成精靈。To enable co-management, complete the wizard.

在 1902 版和更早版本中啟用共同管理Enable co-management in version 1902 and earlier

若要針對 Configuration Manager 1902 版和更早版本啟用共同管理,請遵循下列指示:To enable co-management for Configuration Manager version 1902 and earlier, follow the instructions below:

  1. 在 Configuration Manager 主控台中,移至 [系統管理] 工作區,展開 [雲端服務],然後選取 [共同管理] 節點。In the Configuration Manager console, go to the Administration workspace, expand Cloud Services, and select the Co-management node. 按一下功能區的 [設定共同管理]**** 以開啟 [共同管理設定精靈]****。Click Configure co-management in the ribbon to open the Co-management Configuration Wizard.

  2. 在精靈的 [訂閱]**** 頁面上,選取 [登入]****。On the Subscription page of the wizard, select Sign In. 登入您的 Intune 租用戶,然後選取 [下一步]****。Sign in to your Intune tenant, and then select Next.

  3. 在 [啟用]**** 頁面上,選擇您的 [自動註冊到 Intune]**** 設定 ([試驗]**** 或 [全部]****)。On the Enablement page, choose your Automatic enrollment into Intune setting, either Pilot or All. 如果使用者將裝置取消註冊,則該裝置會在下一次評估原則時重新註冊。If a device is unenrolled by the user, on the next evaluation of the policy, it will re-enroll.

    此動作可為現有 Configuration Manager 用戶端在 Intune 中啟用自動用戶端註冊。This action enables automatic client enrollment in Intune for existing Configuration Manager clients. 當您選擇 [試驗]**** 時,只有為試驗集合成員的 Configuration Manager 用戶端會在 Intune 中自動註冊。When you choose Pilot, only the Configuration Manager clients that are members of the pilot collection are automatically enrolled to Intune. 此選項可讓您在用戶端子集上啟用共同管理,初步測試共同管理,並推出使用分段方法的共同管理。This option allows you to enable co-management on a subset of clients to initially test co-management, and rollout co-management using a phased approach.

    自動註冊不會立即提供給所有用戶端。Automatic enrollment isn't immediate for all clients. 這個行為有助於大型環境的大規模註冊。This behavior helps enrollment scale better for large environments. Configuration Manager 根據用戶端數目隨機化註冊。Configuration Manager randomizes enrollment based on the number of clients. 例如,如果您的環境有 100,000 個用戶端,則當您啟用此設定時,註冊會在數天之間進行。For example, if your environment has 100,000 clients, when you enable this setting, enrollment occurs over several days.

  4. 針對已在 Intune 中註冊的網際網路型裝置,請複製 [啟用]**** 頁面上的命令列並加以儲存。For internet-based devices that are already enrolled in Intune, copy and save the command line on the Enablement page. 您可以使用此命令列將 Configuration Manager 用戶端作為 Intune 中的應用程式來安裝。You can use this command line to install the Configuration Manager client as an app in Intune. 如果您現在不儲存此命令列,則可隨時檢閱共同管理設定來取得此命令列。If you don't save this command line now, you can review the co-management configuration at any time to get this command line.

    提示

    命令列只會顯示您是否已滿足所有先決條件,例如設定雲端管理閘道。The command line only shows if you've met all of the prerequisites, such as set up a cloud management gateway.

  5. 在 [工作負載]**** 頁面上,針對每個工作負載選擇要移動以使用 Intune 進行管理的裝置群組。On the Workloads page, for each workload, choose which device group to move over for management with Intune. 如需詳細資訊,請參閱工作負載For more information, see Workloads.

    如果您只想要啟用共同管理,則不需要現在切換工作負載。If you only want to enable co-management, you don't need to switch workloads now. 您可以稍後再切換工作負載。You can switch workloads later. 如需詳細資訊,請參閱如何切換工作負載For more information, see How to switch workloads.

    試驗 Intune 設定只會切換試驗集合裝置的相關工作負載。The Pilot Intune setting switches the associated workload only for the devices in the pilot collection. Intune 設定會切換所有共同管理的 Windows 10 裝置的相關工作負載。The Intune setting switches the associated workload for all co-managed Windows 10 devices.

    重要

    切換任何工作負載之前,請確定您已正確地設定及部署 Intune 中對應的工作負載。Before you switch any workloads, make sure you properly configure and deploy the corresponding workload in Intune. 請確保工作負載一律受您裝置的其中一項管理工具所管理。Make sure that workloads are always managed by one of the management tools for your devices.

  6. 在 [預備] 頁面上,設定下列設定:On the Staging page, configure the following settings:

    • 試驗:試驗群組包含一或多個您選取的集合。Pilot: The pilot group contains one or more collections that you select. 使用此群組作為共同管理分段推出的一部分。Use this group as part of your phased rollout of co-management. 從小型的測試集合開始,當向更多使用者與裝置推出共同管理時,再新增更多的集合到試驗群組。Start with a small test collection, and then add more collections to the pilot group as you roll out co-management to more users and devices. 您可以隨時變更試驗群組中的集合。You can change the collections in the pilot group at any time.

    • 生產:設定具有一或多個集合的排除群組Production: Configure the Exclusion group with one or more collections. 凡是此群組中任何集合成員的裝置,都會從使用共同管理中排除。Devices that are members of any of the collections in this group are excluded from using co-management.

  7. 若要啟用共同管理,請完成精靈。To enable co-management, complete the wizard.

後續步驟Next steps