在不註冊裝置的情況下新增受管理應用程式的應用程式設定原則Add app configuration policies for managed apps without device enrollment

即使在未註冊的裝置上,您仍然可以透過支援 Intune App SDK 的受管理應用程式使用應用程式設定原則。You can use app configuration policies with managed apps that support the Intune App SDK, even on devices that are not enrolled.

  1. 登入 Microsoft Endpoint Manager 系統管理中心Sign in to the Microsoft Endpoint Manager admin center.

  2. 選擇 [應用程式] > [應用程式設定原則] > [新增] > [受管理的應用程式] 。Choose the Apps > App configuration policies > Add > Managed apps.

  3. 在 [基本] 頁面上,設定下列詳細資料:On the Basics page, set the following details:

    • 名稱:將在 Azure 入口網站中顯示的設定檔名稱。Name: The name of the profile that will appear in the Azure portal.
    • 描述:將在 Azure 入口網站中顯示的設定檔描述。Description: The description of the profile that will appear in the Azure portal.
    • 裝置註冊類型:已選取受控應用程式。Device enrollment type: Managed apps is selected.
  4. 選擇 [選取公用應用程式] 或 [選取自訂應用程式] 來選擇您要設定的應用程式。Choose either Select public apps or Select custom apps to choose the app that you are going to configure. 從應用程式清單中選取您已經使用 Intune 核准並同步處理的應用程式。Select the app from the list of apps that you have approved and synchronized with Intune.

  5. 按一下 [下一步] 以顯示 [設定] 頁面。Click Next to display the Settings page.

  6. [設定] 頁面提供的選項會根據正在設定的應用程式顯示:The Settings page provides options that are displayed based on the app that you're configuring:

    • 一般組態設定:針對應用程式支援的每個一般組態設定,鍵入 [名稱] 和 [值]。General configuration settings - For each general configuration setting that the app supports, type the Name and Value.

      啟用 Intune App SDK 的應用程式支援機碼值組中的設定。Intune App SDK-enabled apps support configurations in key/value pairs. 請參閱每個應用程式的文件,以深入了解支援的機碼值設定。To learn more about which key-value configurations are supported, consult the documentation for each app. 請注意,您可以使用會動態填入應用程式所產生資料的權杖。Note that you can use tokens that will be dynamically populated with data generated by the application. 若要刪除一般組態設定,請選擇省略符號 ( ... ),然後選取 [刪除]。To delete a general configuration setting, choose the ellipsis () and select Delete. 如需詳細資訊,請參閱使用權杖的設定值For more information, see Configuration values for using tokens.

    • Outlook 組態設定:iOS 與 Android 版 Outlook 可供系統管理員為數個應用程式內設定自訂預設設定。Outlook configuration settings - Outlook for iOS and Android offers administrators the ability to customize the default configuration for several in-app settings. 如需詳細資訊,請參閱 iOS 和 Android 版 Outlook - 一般應用程式設定案例 (機器翻譯)。For more information, see Outlook for iOS and Android - General app configuration scenarios.

    • S/MIME:安全多用途網際網路郵件延伸 (S/MIME) 這種規格,可供使用者傳送及接收經過數位簽章與加密的電子郵件。S/MIME - Secure Multipurpose Internet Mail Extensions (S/MIME) is a specification that allows users to send and receive digitally signed and encrypted emails.

      • 啟用 S/MIME:指定是否在撰寫電子郵件時,啟用 S/MIME 控制。Enable S/MIME - Specify whether or not S/MIME controls are enabled when composing an email. 預設值:未設定Default value: Not configured.
      • 允許使用者變更設定:指定是否允許使用者變更設定。Allow user to change setting - Specify if the user is allowed to change the setting. 必須啟用 S/MIME。S/MIME must be enabled. 預設值:Default value: Yes.

    如需 Outlook 設定原則設定的資訊,請參閱部署 iOS 與 Android 版 Outlook 應用程式組態設定 (機器翻譯)。For information about Outlook app configuration policy settings, see Deploying Outlook for iOS and Android app configuration settings.

  7. 按一下 [下一步] 以顯示 [指派] 頁面。Click Next to display the Assignments page.

  8. 按一下 [選取要納入的群組]。Click Select groups to include.

  9. 在 [選取要納入的群組] 窗格中選取群組,然後按一下 [選取]。Select a group in the Select groups to include pane and click Select.

  10. 按一下 [選取要排除的群組] 以顯示相關的窗格。Click Select groups to exclude to display the related pane.

  11. 選擇您要排除的群組,然後按一下 [選取]。Choose the groups you want to exclude and then click Select.

    注意

    新增群組時,如已包含任何其他群組用於指定的指派類型,就會預先選取且無法針對其他包含指派類型進行變更。When adding a group, if any other group has already been included for a given assignment type, it is pre-selected and unchangeable for other include assignment types. 因此,已使用的該群組,不能用為排除的群組。Therefore, that group that has been used, cannot be used as an excluded group.

  12. 按一下 [下一步] 以顯示 [檢閱 + 建立] 頁面。Click Next to display the Review + create page.

  13. 按一下 [建立] 以將應用程式設定原則新增至 Intune。Click Create to add the app configuration policy to Intune.

使用權杖的設定值Configuration values for using tokens

Intune 可以產生特定的權杖,並將它們傳送給受管理的應用程式。Intune can generate certain tokens and send them to the managed application. 例如,如果您的應用程式設定可以使用電子郵件設定,則可以使用權杖新增動態電子郵件。For example, if your app configuration can use an email setting, you can add a dynamic email by using a token. 在 [名稱] 欄位中輸入應用程式所預期的名稱,然後在 [值] 欄位中輸入 {{mail}}Type the name expected by the app in the Name field, and then type {{mail}} in the Value field.

Intune 支援組態設定中的下列權杖類型。Intune supports the following token types in the configuration settings. 不支援其他自訂的索引鍵/值組。Other custom key/value pairs are not supported.

  • {{userprincipalname}} - 例如,John@contoso.com{{userprincipalname}}—for example, John@contoso.com
  • {{mail}} - 例如,John@contoso.com{{mail}}—for example, John@contoso.com
  • {{partialupn}} - 例如,John{{partialupn}}—for example, John
  • {{accountid}} - 例如,fc0dc142-71d8-4b12-bbea-bae2a8514c81{{accountid}}—for example, fc0dc142-71d8-4b12-bbea-bae2a8514c81
  • {{userid}} - 例如,3ec2c00f-b125-4519-acf0-302ac3761822{{userid}}—for example, 3ec2c00f-b125-4519-acf0-302ac3761822
  • {{username}} - 例如,John Doe{{username}}—for example, John Doe
  • {{PrimarySMTPAddress}} - 例如,testuser@ad.domain.com{{PrimarySMTPAddress}}—for example, testuser@ad.domain.com

注意

{{ 和 }} 字元僅供權杖類型使用,絕不能用於其他用途。The {{ and }} characters are used by token types only and must not be used for other purposes.

後續步驟Next steps

一如往常般地繼續指派監視應用程式。Continue to assign and monitor the app as usual.