如何建立 Intune 應用程式保護原則 (APP) 資料傳輸原則的例外狀況How to create exceptions to the Intune App Protection Policy (APP) data transfer policy

身為系統管理員,您可以建立 Intune 應用程式保護原則 (APP) 資料傳輸原則的例外狀況。As an administrator, you can create exceptions to the Intune App Protection Policy (APP) data transfer policy. 例外狀況可讓您明確選擇哪些未受管理的應用程式可以與受管理應用程式互相傳輸資料。An exception allows you to specifically choose which unmanaged apps can transfer data to and from managed apps. 您的 IT 人員必須信任您包含在例外狀況清單中的非受控應用程式。Your IT must trust the unmanaged apps that you include in the exception list.

警告

您必須負責變更資料傳輸例外狀況原則。You are responsible for making changes to the data transfer exception policy. 新增項目到此原則允許未受管理的應用程式 (不由 Intune 管理的應用程式) 存取由受管理應用程式保護的資料。Additions to this policy allow unmanaged apps (apps that are not managed by Intune) to access data protected by managed apps. 對受保護資料的這種存取可能會導致資料安全性外洩。This access to protected data may result in data security leaks. 請您只為您的組織必須使用但不支援 Intune 應用程式 (應用程式保護原則) 的應用程式新增資料傳輸例外狀況。Only add data transfer exceptions for apps that your organization must use, but that do not support Intune APP (Application Protection Policies). 此外,也請只為您不認為是資料洩漏風險的應用程式新增例外狀況。Additionally, only add exceptions for apps that you do not consider to be data leak risks.

在 Intune 應用程式防護原則中,將 [允許應用程式將資料傳送至其他應用程式] 設定為 [受原則管理的應用程式] 表示應用程式只能將資料傳送至由 Intune 管理的應用程式。Within an Intune Application Protection Policy, setting Allow app to transfer data to other apps to Policy managed apps means that the app can transfer data only to apps managed by Intune. 如果您需要允許將資料傳送到不支援 Intune 應用程式的特定應用程式,則可以使用 [選取排除的應用程式] 來為此原則建立例外狀況。If you need to allow data to be transferred to specific apps that don't support Intune APP, you can create exceptions to this policy by using Select apps to exempt. 豁免允許由 Intune 管理的應用程式根據 URL 通訊協定 (iOS/iPadOS) 或套件名稱 (Android) 叫用非受控應用程式。Exemptions allow applications managed by Intune to invoke unmanaged applications based on URL protocol (iOS/iPadOS) or package name (Android). 根據預設,Intune 會將重要的原生應用程式新增到此例外狀況的清單。By default, Intune adds vital native applications to this list of exceptions.

注意

修改或新增至資料傳輸原則例外狀況,並不會影響其他應用程式保護原則,例如剪下、複製和貼上限制。Modifying or adding to the data transfer policy exceptions doesn't impact other App Protection Policies, such as cut, copy, and paste restrictions.

iOS 資料傳輸例外狀況iOS data transfer exceptions

針對以 iOS/iPadOS 為目標的原則,您可以依 URL 通訊協定設定資料傳輸例外。For a policy targeting iOS/iPadOS, you can configure data transfer exceptions by URL protocol. 若要新增例外狀況,請檢查應用程式開發人員提供的文件,尋找支援的 URL 通訊協定的相關資訊。To add an exception, check the documentation provided by the developer of the app to find information about supported URL protocols. 如需 iOS/iPadOS 資料傳輸例外的詳細資訊,請參閱 iOS/iPadOS 應用程式保護原則設定 - 資料傳輸豁免For more information about iOS/iPadOS data transfer exceptions, see iOS/iPadOS app protection policy settings - Data transfer exemptions.

注意

Microsoft 並沒有以手動方式尋找用於為第三方應用程式建立應用程式例外狀況之 URL 通訊協定的方法。Microsoft does not have a method to manually find the URL protocol for creating app exceptions for third-party applications.

Android 資料傳輸例外狀況Android data transfer exceptions

對於以 Android 為目標的原則,您可以依應用程式套件名稱設定資料傳輸例外狀況。For a policy targeting Android, you can configure data transfer exceptions by app package name. 您可以檢查 Google Play 商店頁面,尋找您想要新增例外狀況的應用程式,以尋找應用程式套件名稱。You can check the Google Play store page for the app you would like to add an exception for to find the app package name. 如需 Android 資料傳輸例外狀況的詳細資訊,請參閱 Android 應用程式防護原則設定 - 資料傳輸豁免For more information about Android data transfer exceptions, see Android app protection policy settings - Data transfer exemptions.

提示

您可以藉由瀏覽至 Google Play 商店上的應用程式,找到應用程式的套件識別碼。You can find the package ID of an app by browsing to the app on the Google Play store. 套件識別碼被包含在應用程式頁面的 URL 中。The package ID is contained in the URL of the app's page. 例如,Microsoft Word 應用程式的套件識別碼為 com.microsoft.office.wordFor example, the package ID of the Microsoft Word app is com.microsoft.office.word.

範例Example

藉由新增 Webex 套件作為 MAM 資料傳輸原則的例外狀況,會允許受管理 Outlook 電子郵件訊息內的 Webex 連結直接在 Webex 應用程式中開啟。By adding the Webex package as an exception to the MAM data transfer policy, Webex links inside a managed Outlook email message are allowed to open directly in the Webex application. 其他未受管理應用程式中的資料傳輸仍會受到限制。Data transfer is still restricted in other unmanaged apps.

  • iOS/iPadOS Webex 範例: 若要豁免 Webex 應用程式,以允許它由 Intune 受控應用程式叫用,您必須新增下列字串的資料傳輸例外狀況:wbxiOS/iPadOS Webex example: To exempt the Webex app so that it's allowed to be invoked by Intune managed apps, you must add a data transfer exception for the following string: wbx

  • iOS/iPadOS 地圖範例: 若要豁免原生 Maps 應用程式,以允許它由 Intune 受控應用程式叫用,您必須新增下列字串的資料傳輸例外狀況:mapsiOS/iPadOS Maps example: To exempt the native Maps app so that it's allowed to be invoked by Intune managed apps, you must add a data transfer exception for the following string: maps

  • Android Webex 範例: 若要豁免 Webex 應用程式,以允許它由 Intune 受控應用程式叫用,您必須新增下列字串的資料傳輸例外狀況:com.cisco.webex.meetingsAndroid Webex example: To exempt the Webex app so that it's allowed to be invoked by Intune managed apps, you must add a data transfer exception for the following string: com.cisco.webex.meetings

  • Android SMS 範例: 若要豁免原生 SMS 應用程式,以允許它由 Intune 受控應用程式跨越不同傳訊應用程式和 Android 裝置來叫用,您必須新增下列字串的資料傳輸例外狀況:Android SMS example: To exempt the native SMS app so that it's allowed to be invoked by Intune managed apps across different messaging apps and Android devices, you must add data transfer exceptions for the following strings: com.google.android.apps.messaging

    com.android.mms

    com.samsung.android.messaging

後續步驟Next steps