如何只抹除 Intune 管理之應用程式中的公司資料How to wipe only corporate data from Intune-managed apps

當裝置遺失或遭竊,或者如果員工離職,您會想要確定公司應用程式資料已從裝置移除。When a device is lost or stolen, or if the employee leaves your company, you want to make sure company app data is removed from the device. 不過,您可能不想要移除裝置上的個人資料,特別是當該裝置為員工擁有的裝置時。But you might not want to remove personal data on the device, especially if the device is an employee-owned device.

注意

目前僅支援 iOS/iPadOS、Android 和 Windows 10 平台可從 Intune 管理的應用程式抹除公司資料。The iOS/iPadOS, Android, and Windows 10 platforms are the only platforms currently supported for wiping corporate data from Intune managed apps. Intune 受控應用程式是包含 Intune APP SDK 並具有至少一個組織啟用並授權之使用者帳戶的應用程式。Intune managed apps are applications that include the Intune APP SDK, and have at least one enabled and licensed user account in your organization. 需要部署應用程式保護原則,才能在 Android 和 iOS 上啟用應用程式選擇性抹除。Deployment of Application Protection Policies is required to enable app selective wipe on Android and iOS.

若要選擇性地移除公司應用程式資料,請使用本主題中的步驟建立抹除要求。To selectively remove company app data, create a wipe request by using the steps in this topic. 完成抹除要求之後,當裝置下一次執行應用程式時,即會從應用程式中移除公司資料。After the request is finished, the next time the app runs on the device, company data is removed from the app. 不符合應用程式保護原則 (APP) 存取設定的條件時,除了建立抹除要求之外,您還可以設定選擇性抹除組識資料作為新的動作。In addition to creating a wipe request, you can configure a selective wipe of your organization's data as a new action when the conditions of Application Protection Policies (APP) Access settings are not met. 這項功能可協助您依據預先設定的準則,自動保護並移除應用程式中的機密組織資料。This feature helps you automatically protect and remove sensitive organization data from applications based on pre-configured criteria.

重要

移除直接從應用程式同步到原生通訊錄的連絡人。Contacts synced directly from the app to the native address book are removed. 無法清除從原生通訊錄同步處理到其他外部來源的任何連絡人。Any contacts synced from the native address book to another external source can't be wiped. 目前只有 Microsoft Outlook 應用程式可使用此功能。Currently, this only applies to the Microsoft Outlook app.

在無須使用者註冊的情況下部署 WIP 原則Deployed WIP policies without user enrollment

「Windows 資訊保護」(WIP) 原則能在無須 MDM 使用者註冊其 Windows 10 裝置的情況下部署。Windows Information Protection (WIP) policies can be deployed without requiring MDM users to enroll their Windows 10 device. 此設定允許公司根據 WIP 設定保護其公司文件,同時允許使用者維持其自身 Windows 裝置的管理。This configuration allows companies to protect their corporate documents based on the WIP configuration, while allowing the user to maintain management of their own Windows devices. 一旦使用 WIP 原則保護文件,Intune 系統管理員便可以選擇性抹除受保護的資料 (全域管理員或 Intune 服務管理員)。Once documents are protected with a WIP policy, the protected data can be selectively wiped by an Intune administrator (Global administrator or an Intune Service administrator). 透過選取使用者和裝置,並傳送抹除要求,所有透過 WIP 原則保護的資料都會無法使用。By selecting the user and device, and sending a wipe request, all data that was protected via the WIP policy will become unusable. 從 Azure 入口網站中的 Intune,選取 [用戶端應用程式] > [應用程式選擇性抹除] 。From the Intune in the Azure portal, select Client app > App selective wipe. 如需詳細資訊,請參閱使用 Intune 建立及部署 Windows 資訊保護 (WIP) 應用程式保護原則For more information, see Create and deploy Windows Information Protection (WIP) app protection policy with Intune.

建立以裝置為基礎的抹除要求Create a device based wipe request

  1. 登入 Microsoft Endpoint Manager 系統管理中心Sign in to the Microsoft Endpoint Manager admin center.

  2. 選取 [應用程式] > [應用程式選擇性抹除] > [建立抹除要求] 。Select Apps > App selective wipe > Create wipe request.
    即會顯示 [Create wipe request] (建立抹除要求) 窗格。The Create wipe request pane is displayed.

  3. 按一下 [選取使用者] ,選擇想要抹除其應用程式資料的使用者,然後按一下 [選取使用者] 窗格底部的 [選取] 。Click Select user, choose the user whose app data you want to wipe, and click Select at the bottom of the Select user pane.

    [選取使用者] 窗格的螢幕擷取畫面

  4. 按一下 [選取裝置] 選擇裝置,然後按一下 [選取裝置] 窗格底部的 [選取] 。Click Select the device, choose the device, and click Select at the bottom of the Select Device pane.

    [建立抹除要求] 窗格的螢幕擷取畫面,其中已選取裝置

  5. 按一下 [確定] 以提出抹除要求。Click Create to make a wipe request.

此服務會為裝置上每個受保護的應用程式建立個別的抹除要求,並加以追蹤,以及抹除要求相關聯的使用者。The service creates and tracks a separate wipe request for each protected app on the device, and the user associated with the wipe request.

[用戶端應用程式 - 應用程式選擇性抹除] 窗格的螢幕擷取畫面

建立以使用者為基礎的抹除要求Create a user based wipe request

藉由將使用者新增至使用者層級抹除,將會自動對所有使用者裝置上的所有應用程式發出抹除命令。By adding a user to the User-level wipe we will automatically issue wipe commands to all apps on all the user's devices. 使用者將會在每次從所有裝置簽入時繼續取得抹除命令。The user will continue to get wipe commands at every check-in from all devices. 若要重新啟用使用者,您必須將其從清單中移除。To re-enable a user, you must remove them from the list.

  1. 登入 Microsoft Endpoint Manager 系統管理中心Sign in to the Microsoft Endpoint Manager admin center.
  2. 選取 [應用程式] > [應用程式選擇性抹除] > [使用者層級抹除]Select Apps > App selective wipe > User-Level Wipe
  3. 按一下 [新增] ,[選取使用者] 窗格隨即顯示。Click Add and Select user pane is displayed.
  4. 選擇您想要抹除其應用程式資料的使用者,然後按一下 [選取] 。Chose the user whose app data you would like to wipe and click Select.

監視抹除要求Monitor your wipe requests

您可有摘要報表顯示抹除要求的整體狀態,以及暫止的要求數與失敗數。You can have a summarized report that shows the overall status of the wipe request, and includes the number of pending requests and failures. 若要取得更多詳細資訊,請遵循下列步驟︰To get more details, follow these steps:

  1. 在 [應用程式] > [應用程式選擇性抹除] 窗格上會依使用者分組列出您的要求清單。On the Apps > App selective wipe pane, you can see the list of your requests grouped by users. 由於系統會針對裝置上執行的每個受保護應用程式建立抹除要求,因此您可能會看到一名使用者具有多個要求的情況。Because the system creates a wipe request for each protected app running on the device, you might see multiple requests for a user. 狀態指出抹除要求為 擱置失敗成功The status indicates whether a wipe request is pending, failed, or successful.

    [應用程式選擇性抹除] 窗格中抹除要求狀態的螢幕擷取畫面

此外,您可以查看裝置名稱及其裝置類型,這對閱讀報表十分有幫助。Additionally, you are able to see the device name, and its device type, which can be helpful when reading the reports.

重要

使用者必須開啟應用程式,抹除才會發生,並可能在發出要求後花費 30 分鐘的時間。The user must open the app for the wipe to occur, and the wipe may take up to 30 minutes after the request was made.

刪除裝置抹除要求Delete a device wipe request

處於擱置狀態的抹除將會顯示,直到您手動將其刪除為止。Wipes with pending status are displayed until you manually delete them. 若要手動刪除抹除要求:To manually delete a wipe request:

  1. 在 [用戶端應用程式 - 應用程式選擇性抹除] 窗格上。On the Client Apps - App selective wipe pane.

  2. 在清單中,以滑鼠右鍵按一下要刪除的抹除要求,然後選擇 [刪除抹除要求] 。From the list, right-click on the wipe request you want to delete, then choose Delete wipe request.

    [應用程式選擇性抹除] 窗格中抹除要求清單的螢幕擷取畫面

  3. 當收到確認刪除的提示時,請選擇 [是] 或 [否] ,然後按一下 [確定] 。You're prompted to confirm the deletion, choose Yes or No, then click OK.

刪除使用者抹除要求Delete a user wipe request

在系統管理員移除前,使用者抹除都會保留在清單中。User wipes will remain in the list until removed by an administrator. 若要從清單中移除使用者:To remove a user from the list:

  1. 在 [用戶端應用程式 - 應用程式選擇性抹除] 窗格上,選取 [使用者層級抹除] 。On the Client Apps - App selective wipe pane select User-Level Wipe
  2. 在清單中,以滑鼠右鍵按一下要刪除的使用者,然後選擇 [刪除] 。From the list, right-click on the user you want to delete, then choose Delete.

請參閱See also

什麼是應用程式保護原則What's app protection policy

什麼是應用程式管理What's app management