透過搭配 Microsoft Intune 使用 iOS 與 Android 版 Edge 來管理 Web 存取Manage web access by using Edge for iOS and Android with Microsoft Intune

iOS 與 Android 版 Edge 是設計用來讓使用者瀏覽 Web 並支援多重身分識別。Edge for iOS and Android is designed to enable users to browse the web and supports multi-identity. 使用者可以新增工作帳戶與個人帳戶以進行瀏覽。Users can add a work account, as well as a personal account, for browsing. 這兩個身分識別之間有完整的分隔,就像其他 Microsoft 行動裝置應用程式中所提供的一樣。There is complete separation between the two identities, which is like what is offered in other Microsoft mobile apps.

iOS 12.0 與更新版本支援 iOS 版 Edge。Edge for iOS is supported on iOS 12.0 and later. Android 5 與更新版本支援 Android 版 Edge。Edge for Android is supported on Android 5 and later.

注意

iOS 與 Android 版 Edge 不會使用使用者在其裝置上針對原生瀏覽器所做的設定,因為 iOS 與 Android 版 Edge 無法存取這些設定。Edge for iOS and Android doesn't consume settings that users set for the native browser on their devices, because Edge for iOS and Android can't access these settings.

當訂閱 Enterprise Mobility + Security 套件 (包括 Microsoft Intune 與 Azure Active Directory Premium 功能,例如條件式存取) 時,可以使用 Microsoft 365 資料最豐富且最廣泛的保護功能。The richest and broadest protection capabilities for Microsoft 365 data are available when you subscribe to the Enterprise Mobility + Security suite, which includes Microsoft Intune and Azure Active Directory Premium features, such as conditional access. 您至少會想要部署條件式存取原則,只允許從行動裝置連線到 iOS 與 Android 版 Edge,以及可確保瀏覽體驗受到保護的 Intune 應用程式保護原則。At a minimum, you will want to deploy a conditional access policy that only allows connectivity to Edge for iOS and Android from mobile devices and an Intune app protection policy that ensures the browsing experience is protected.

注意

需要在受保護的瀏覽器中開啟時,新的 Web 剪輯 (釘選的 Web 應用程式) 將會在 iOS 與 Android 版 Edge (而不是 Intune Managed Browser) 中開啟。New web clips (pinned web apps) on iOS devices will open in Edge for iOS and Android instead of the Intune Managed Browser when required to open in a protected browser. 針對較舊的 iOS Web 剪輯,您必須為這些 Web 剪輯重定目標,以確保其會在 iOS 與 Android 版 Edge (而非 Managed Browser) 中開啟。For older iOS web clips, you must re-target these web clips to ensure they open in Edge for iOS and Android rather than the Managed Browser.

套用條件式存取Apply Conditional Access

組織可以使用 Azure AD 條件式存取原則確保使用者只能使用 iOS 與 Android 版 Edge 來存取公司或學校內容。Organizations can use Azure AD Conditional Access policies to ensure that users can only access work or school content using Edge for iOS and Android. 若要這樣做,您將需要以所有潛在使用者為目標的條件式存取原則。To do this, you will need a conditional access policy that targets all potential users. 如需有關如何建立此原則的詳細資料,請參閱需要應用程式保護原則,以使用條件式存取來存取雲端應用程式 (部分機器翻譯)。Details on creating this policy can be found in Require app protection policy for cloud app access with Conditional Access.

  1. 遵循案例 2:瀏覽器應用程式需要具有應用程式保護原則的已核准應用程式,這允許 iOS 與 Android 版 Edge,但會封鎖其他行動裝置網頁瀏覽器,使其無法連線到 Office 365 端點。Follow Scenario 2: Browser apps require approved apps with app protection policies, which allows Edge for iOS and Android, but blocks other mobile device web browsers from connecting to Office 365 endpoints.

    注意

    此原則可確保行動裝置使用者可從 iOS 與 Android 版 Edge 存取所有 Microsoft 365 端點。This policy ensures mobile users can access all Microsoft 365 endpoints from within Edge for iOS and Android. 此原則也會防止使用者使用 InPrivate 來存取 Microsoft 365 端點。This policy also prevents users from using InPrivate to access Microsoft 365 endpoints.

使用條件式存取時,您也能以透過 Azure AD 應用程式 Proxy 公開給外部使用者的內部部署網站為目標。With Conditional Access, you can also target on-premises sites that you have exposed to external users via the Azure AD Application Proxy.

建立 Intune 應用程式保護原則Create Intune app protection policies

應用程式保護原則 (APP) 定義允許哪些應用程式,以及其可以對組織資料採取的動作。App Protection Policies (APP) define which apps are allowed and the actions they can take with your organization's data. APP 中可用的選擇可讓組織針對其特定需求量身訂作保護方案。The choices available in APP enable organizations to tailor the protection to their specific needs. 針對一些組織,實作完整案例需要哪種原則設定可能不是那麼明顯。For some, it may not be obvious which policy settings are required to implement a complete scenario. 為了協助組織排定行動用戶端端點強化的優先順序,Microsoft 引進了適用於 iOS 與 Android 行動裝置應用程式管理的 APP 資料保護架構分類法。To help organizations prioritize mobile client endpoint hardening, Microsoft has introduced taxonomy for its APP data protection framework for iOS and Android mobile app management.

應用程式資料保護架構會組織成三個不同的設定層級,每個層級都以前一層為基礎而建置:The APP data protection framework is organized into three distinct configuration levels, with each level building off the previous level:

  • 企業基本資料保護 (層級 1) 可確保應用程式使用 PIN 來保護並加密,並執行選擇性抹除作業。Enterprise basic data protection (Level 1) ensures that apps are protected with a PIN and encrypted and performs selective wipe operations. 針對 Android 裝置,此層級會驗證 Android 裝置證明。For Android devices, this level validates Android device attestation. 這是一種入門級設定,可在 Exchange Online 信箱原則中提供類似的資料保護控制,並將 IT 與使用者人口引進 APP。This is an entry level configuration that provides similar data protection control in Exchange Online mailbox policies and introduces IT and the user population to APP.
  • 企業增強的資料保護 (層級 2) 引進 APP 資料洩露防護機制與最低 OS 需求。Enterprise enhanced data protection (Level 2) introduces APP data leakage prevention mechanisms and minimum OS requirements. 此設定適用於大部分存取公司或學校資料的行動使用者。This is the configuration that is applicable to most mobile users accessing work or school data.
  • 企業高資料保護 (層級 3) 引進進階資料保護機制、增強的 PIN 設定,以及 APP 行動威脅防禦。Enterprise high data protection (Level 3) introduces advanced data protection mechanisms, enhanced PIN configuration, and APP Mobile Threat Defense. 對於存取高風險資料的使用者而言,這是理想的設定。This configuration is desirable for users that are accessing high risk data.

若要查看必須保護之每個設定層級與最低應用程式的特定建議,請參閱使用應用程式保護原則的資料保護架構To see the specific recommendations for each configuration level and the minimum apps that must be protected, review Data protection framework using app protection policies.

無論裝置是否已在聯合式端點管理 (UEM) 解決方案中註冊,都必須使用如何建立及指派應用程式保護原則中的步驟,為 iOS 與 Android 應用程式建立 Intune 應用程式保護原則。Regardless of whether the device is enrolled in an unified endpoint management (UEM) solution, an Intune app protection policy needs to be created for both iOS and Android apps, using the steps in How to create and assign app protection policies. 這些原則至少必須符合下列條件:These policies, at a minimum, must meet the following conditions:

  1. 其包含所有 Microsoft 365 行動應用程式,例如 Edge、Outlook、OneDrive、Office 或 Teams ,因為這可確保使用者能夠以安全的管道,存取及操作任何 Microsoft 應用程式中的公司或學校資料。They include all Microsoft 365 mobile applications, such as Edge, Outlook, OneDrive, Office, or Teams, as this ensures that users can access and manipulate work or school data within any Microsoft app in a secure fashion.

  2. 其會指派給所有使用者。They are assigned to all users. 這可確保所有使用者都受到保護,不論他們是否使用 iOS 或 Android 版 Edge。This ensures that all users are protected, regardless of whether they use Edge for iOS or Android.

  3. 判斷哪一個架構層級符合您的需求。Determine which framework level meets your requirements. 大部分的組織都應該實作 Enterprise 增強的資料保護 (層級 2) 中所定義的設定,因為這樣可啟用資料保護與存取需求控制。Most organizations should implement the settings defined in Enterprise enhanced data protection (Level 2) as that enables data protection and access requirements controls.

如需有關可用設定的詳細資訊,請參閱 Android 應用程式保護原則設定iOS 應用程式保護原則設定For more information on the available settings, see Android app protection policy settings and iOS app protection policy settings.

重要

若要針對未在 Intune 中註冊之 Android 裝置上的應用程式套用 Intune 應用程式保護原則,使用者也必須安裝 Intune 公司入口網站。To apply Intune app protection policies against apps on Android devices that are not enrolled in Intune, the user must also install the Intune Company Portal. 如需詳細資訊,請參閱當 Android 應用程式交由應用程式保護原則管理時的行為For more information, see What to expect when your Android app is managed by app protection policies.

在被原則保護的瀏覽器中針對已連線至 Azure AD 的 Web 應用程式使用單一登入Single sign-on to Azure AD-connected web apps in policy-protected browsers

iOS 與 Android 版 Edge 可以針對所有已連線至 Azure AD 的 Web 應用程式 (SaaS 與內部部署) 利用單一登入 (SSO)。Edge for iOS and Android can take advantage of single sign-on (SSO) to all web apps (SaaS and on-premises) that are Azure AD-connected. SSO 可讓使用者透過 iOS 與 Android 版 Edge 存取已連線至 Azure AD 的 Web 應用程式,而不必重新輸入其認證。SSO allows users to access Azure AD-connected web apps through Edge for iOS and Android, without having to re-enter their credentials.

SSO 要求裝置必須註冊 iOS 裝置的 Microsoft Authenticator 應用程式或 Android 上 Intune 公司入口網站應用程式。SSO requires your device to be registered by either the Microsoft Authenticator app for iOS devices, or the Intune Company Portal on Android. 當使用者具備上述其中一項時,系統會在他們在受原則保護的瀏覽器中移至已連線至 Azure AD 的 Web 應用程式時通知他們註冊其裝置 (只有當其裝置尚未註冊時才會發出此通知)。When users have either of these, they are prompted to register their device when they go to an Azure AD-connected web app in a policy-protected browser (this is only true if their device hasn't already been registered). 使用 Intune 所管理的使用者帳戶註冊裝置之後,該帳戶便會針對已連線至 Azure AD 的 Web 應用程式啟用 SSO。After the device is registered with the user's account managed by Intune, that account has SSO enabled for Azure AD-connected web apps.

注意

裝置註冊是使用 Azure AD 服務的簡單簽入。Device registration is a simple check-in with the Azure AD service. 它不需要完整裝置註冊,且不會在該裝置上授與 IT 人員額外的權限。It doesn't require full device enrollment, and doesn't give IT any additional privileges on the device.

利用應用程式設定來管理瀏覽體驗Utilize app configuration to manage the browsing experience

iOS 與 Android 版 Edge 支援允許聯合式端點管理 (如 Microsoft 端點管理員) 的應用程式設定,可讓系統管理員自訂應用程式的行為。Edge for iOS and Android supports app settings that allow unified endpoint management, like Microsoft Endpoint Manager, administrators to customize the behavior of the app.

應用程式設定可以透過已註冊裝置上的行動裝置管理 (MDM) OS 通道 (適用於 iOS 的受控應用程式設定 (英文) 或適用於 Android 的 Android in the Enterprise (英文) 通道) 或透過 Intune 應用程式保護原則 (APP) 通道來傳遞。App configuration can be delivered either through the mobile device management (MDM) OS channel on enrolled devices (Managed App Configuration channel for iOS or the Android in the Enterprise channel for Android) or through the Intune App Protection Policy (APP) channel. iOS 與 Android 版 Edge 支援下列設定案例:Edge for iOS and Android supports the following configuration scenarios:

  • 只允許公司或學校帳戶Only allow work or school accounts
  • 一般應用程式組態設定General app configuration settings
  • 資料保護設定Data protection settings

重要

針對要求在 Android 進行裝置註冊的設定案例,裝置必須在 Android Enterprise 中註冊,而且必須透過受控 Google Play 商店部署 Android 版 Edge。For configuration scenarios that require device enrollment on Android, the devices must be enrolled in Android Enterprise and Edge for Android must be deployed via the Managed Google Play store. 如需詳細資訊,請參閱設定 Android Enterprise 工作設定檔裝置的註冊為受控的 Android Enterprise 裝置新增應用程式設定原則For more information, see Set up enrollment of Android Enterprise work profile devices and Add app configuration policies for managed Android Enterprise devices.

每個設定案例都會強調其特定需求。Each configuration scenario highlights its specific requirements. 例如,設定案例是否要求進行裝置註冊,因此可與任何 UEM 提供者搭配運作,或要求 Intune 應用程式保護原則。For example, whether the configuration scenario requires device enrollment, and thus works with any UEM provider, or requires Intune App Protection Policies.

注意

使用 Microsoft 端點管理員時,透過 MDM OS 通道傳遞的應用程式設定稱為受控裝置 應用程式組態原則 (ACP);透過應用程式保護原則通道提供的應用程式設定稱為受控應用程式應用程式組態原則。With Microsoft Endpoint Manager, app configuration delivered through the MDM OS channel is referred to as a Managed Devices App Configuration Policy (ACP); app configuration delivered through the App Protection Policy channel is referred to as a Managed Apps App Configuration Policy.

只允許公司或學校帳戶Only allow work or school accounts

尊重我們最大規模且高度管制之客戶的資料安全性和合規性政策,是 Microsoft 365 價值的關鍵要件。Respecting the data security and compliance policies of our largest and highly regulated customers is a key pillar to the Microsoft 365 value. 有些公司需要在公司環境內擷取所有通訊資訊,以及確保裝置僅可用於公司通訊。Some companies have a requirement to capture all communications information within their corporate environment, as well as, ensure the devices are only used for corporate communications. 為了支援這些需求,可將已註冊裝置上的 iOS 與 Android 版 Edge 設定為只允許在應用程式內佈建單一公司帳戶。To support these requirements, Edge for iOS and Android on enrolled devices can be configured to only allow a single corporate account to be provisioned within the app.

您可以在這裡深入了解如何設定組織允許的帳戶模式設定:You can learn more about configuring the org allowed accounts mode setting here:

此設定案例僅適用於已註冊的裝置。This configuration scenario only works with enrolled devices. 不過,支援任何 UEM 提供者。However, any UEM provider is supported. 如果您不是使用 Microsoft 端點管理員,則需要參閱您的 UEM 文件,以了解如何部署這些設定金鑰。If you are not using Microsoft Endpoint Manager, you need to consult with your UEM documentation on how to deploy these configuration keys.

一般應用程式設定案例General app configuration scenarios

iOS 與 Android 版 Edge 可讓系統管理員為數個應用程式內設定自訂預設設定。Edge for iOS and Android offers administrators the ability to customize the default configuration for several in-app settings. 目前只有當 iOS 與 Android 版 Edge 已將 Intune 應用程式防護原則套用至已登入應用程式的公司或學校帳戶,且原則設定是透過受控應用程式的應用程式設定原則傳遞時,才會提供此功能。This capability is currently only offered when Edge for iOS and Android has an Intune App Protection Policy applied to the work or school account that is signed into the app and the policy settings are delivered through a managed apps App Configuration Policy.

重要

Android 版 Edge 不支援受控 Google Play 中提供的 Chromium 設定。Edge for Android does not support Chromium settings that are available in Managed Google Play.

Edge 支援下列組態設定:Edge supports the following settings for configuration:

  • 新的索引標籤頁面體驗New Tab Page experiences
  • 書籤體驗Bookmark experiences
  • 應用程式行為體驗App behavior experiences
  • Kiosk 模式體驗Kiosk mode experiences

無論裝置註冊狀態為何,這些設定都可以部署到應用程式。These settings can be deployed to the app regardless of device enrollment status.

新的索引標籤頁面體驗New Tab Page experiences

iOS 與 Android 版 Edge 為組織提供數個調整新索引標籤頁面體驗的選項。Edge for iOS and Android offers organizations several options for adjusting the New Tab Page experience.

組織標誌與品牌色彩Organization logo and brand color

這些設定可讓您自訂 iOS 與 Android 版 Edge 的新索引標籤頁面,以顯示您組織的標誌與品牌色彩作為頁面背景。These settings allow you to customize the New Tab Page for Edge for iOS and Android to display your organization's logo and brand color as the page background.

若要上傳您組織的標誌與色彩,請先完成下列步驟:To upload your organization's logo and color, first complete the following steps:

  1. Microsoft 端點管理員中,瀏覽至 [租用戶系統管理] -> [自訂] -> [公司身分識別商標]。Within Microsoft Endpoint Manager, navigate to Tenant Administration -> Customization -> Company Identity Branding.
  2. 若要設定品牌的標誌,請在 [在標題中顯示] 旁,選擇 [僅組織標誌]。To set your brand's logo, next to Show in header, choose "Organization logo only". 建議使用透明背景標誌。Transparent background logos are recommended.
  3. 若要設定您品牌的背景色彩,請選取 [佈景主題色彩]。To set your brand's background color, select a Theme color. iOS 與 Android 版 Edge 會在新索引標籤頁面上套用較淺的色彩著色,以確保頁面具有高可讀性。Edge for iOS and Android applies a lighter shade of the color on the New Tab Page, which ensures the page has high readability.

接下來,使用下列機碼/值組,將您的組織商標套用到 iOS 與 Android 版 Edge:Next, utilize the following key/value pairs to pull your organization's branding into Edge for iOS and Android:

機碼Key Value
com.microsoft.intune.mam.managedbrowser.NewTabPage.BrandLogocom.microsoft.intune.mam.managedbrowser.NewTabPage.BrandLogo true 會顯示組織的品牌標誌true shows organization's brand logo
false (預設值) 將不會公開標誌false (default) will not expose a logo
com.microsoft.intune.mam.managedbrowser.NewTabPage.BrandColorcom.microsoft.intune.mam.managedbrowser.NewTabPage.BrandColor true 會顯示組織的品牌色彩true shows organization's brand color
false (預設值) 將不會公開色彩false (default) will not expose a color

首頁捷徑Homepage shortcut

此設定可讓您設定 iOS 與 Android 版 Edge 的首頁捷徑。This setting allows you to configure a homepage shortcut for Edge for iOS and Android. 當使用者在 iOS 與 Android 版 Edge 中開啟新索引標籤時,您設定的首頁捷徑會成為搜尋列下方第一個圖示。The homepage shortcut you configure appears as the first icon beneath the search bar when the user opens a new tab in Edge for iOS and Android. 使用者在其受控內容中無法編輯或刪除這個捷徑。The user can't edit or delete this shortcut in their managed context. 首頁捷徑會顯示您組織的名稱,以區分該捷徑。The homepage shortcut displays your organization's name to distinguish it.

機碼Key Value
com.microsoft.intune.mam.managedbrowser.homepagecom.microsoft.intune.mam.managedbrowser.homepage 指定有效的 URL。Specify a valid URL. 基於安全性考量,會封鎖不正確的 URL。Incorrect URLs are blocked as a security measure.
例如:https://www.bing.comFor example: https://www.bing.com

多個熱門網站捷徑Multiple top site shortcuts

如同設定首頁捷徑,您也可以在 iOS 與 Android 版 Edge 中的新索引標籤頁面上設定多個熱門網站捷徑。Similarly to configuring a homepage shortcut, you can configure multiple top site shortcuts on new tab pages in Edge for iOS and Android. 使用者在受控內容中無法編輯或刪除這些捷徑。The user can't edit or delete these shortcuts in a managed context. 注意:您最多可以設定 8 個捷徑 (包含首頁捷徑)。Note: you can configure a total of 8 shortcuts, including a homepage shortcut. 如果您設定了首頁捷徑,則該捷徑將會覆寫先前設定的第一個網站。If you have configured a homepage shortcut, that will override the first top site configured.

機碼Key Value
com.microsoft.intune.mam.managedbrowser.managedTopSitescom.microsoft.intune.mam.managedbrowser.managedTopSites 指定一組值 URL。Specify set of value URLs. 每個熱門網站捷徑都會包含一個標題與 URL。Each top site shortcut consists of a title and URL. 請使用 | 字元來分隔標題和 URL。Separate the title and URL with the | character.
例如:GitHub|https://github.com/||LinkedIn|https://www.linkedin.comFor example: GitHub|https://github.com/||LinkedIn|https://www.linkedin.com

產業新聞Industry news

您可以在 iOS 與 Android 版 Edge 中設定新索引標籤頁面體驗,以顯示與您組織相關的產業新聞。You can configure the New Tab Page experience within Edge for iOS and Android to display industry news that is relevant to your organization. 當您啟用此功能時,iOS 與 Android 版 Edge 會使用您組織的網域名稱,從網路彙總您的組織、組織產業與競爭者的相關新聞,讓您的使用者可以從 iOS 與 Android 版 Edge 的集中式新索引標籤頁面中找到所有相關外部新聞。When you enable this feature, Edge for iOS and Android uses your organization's domain name to aggregate news from the web about your organization, organization's industry, and competitors, so your users can find relevant external news all from the centralized new tab pages within Edge for iOS and Android. 產業新聞預設為關閉。Industry News is off by default.

機碼Key Value
com.microsoft.intune.mam.managedbrowser.NewTabPage.IndustryNewscom.microsoft.intune.mam.managedbrowser.NewTabPage.IndustryNews true 會在新索引標籤頁面上顯示產業新聞true shows Industry News on the New Tab Page
False (預設值) 將會在新索引標籤頁面上隱藏產業新聞false (default) hides Industry News from the New Tab Page

書籤體驗Bookmark experiences

iOS 與 Android 版 Edge 為組織提供數個管理書籤的選項。Edge for iOS and Android offers organizations several options for managing bookmarks.

受控書籤Managed bookmarks

為了方便存取,您可以設定想讓使用者在使用 iOS 與 Android 版 Edge 時可用的書籤。For ease of access, you can configure bookmarks that you'd like your users to have available when they are using Edge for iOS and Android.

  • 書籤只會出現在公司或學校帳戶中,而不會公開至個人帳戶。Bookmarks only appear in the work or school account and are not exposed to personal accounts.
  • 使用者無法刪除或修改書籤。Bookmarks can't be deleted or modified by users.
  • 書籤會顯示在清單頂端。Bookmarks appear at the top of the list. 使用者所建立的書籤都會顯示在這些書籤下方。Any bookmarks that users create appear below these bookmarks.
  • 如果您已啟用應用程式 Proxy 重新導向,即可使用應用程式 Proxy Web 應用程式的內部或外部 URL 來新增這些應用程式 Proxy Web 應用程式。If you have enabled Application Proxy redirection, you can add Application Proxy web apps by using either their internal or external URL.
  • 確定您在清單中輸入 UTL 時,已在所有 URL 中加上 http://https:// 的前置詞。Ensure that you prefix all URLs with http:// or https:// when entering them into the list.
  • 書籤會放在以 Azure Active Directory 中定義之組織名稱命名的資料夾中。Bookmarks are created in a folder named after the organization's name which is defined in Azure Active Directory.
機碼Key Value
com.microsoft.intune.mam.managedbrowser.bookmarkscom.microsoft.intune.mam.managedbrowser.bookmarks 此設定值是書籤清單。The value for this configuration is a list of bookmarks. 每個書籤都是由書籤標題和書籤 URL 所組成。Each bookmark consists of the bookmark title and the bookmark URL. 請使用 | 字元來分隔標題和 URL。Separate the title and URL with the | character.
例如:Microsoft Bing|https://www.bing.comFor example: Microsoft Bing|https://www.bing.com

若要設定多個書籤,請以雙引號字元 || 分隔每組配對。To configure multiple bookmarks, separate each pair with the double character ||.
例如:For example:
Microsoft Bing|https://www.bing.com||Contoso|https://www.contoso.com

我的應用程式書籤My Apps bookmark

根據預設,使用者會在 iOS 與 Android 版 Edge 內的組織資料夾內設定 [我的應用程式書籤]。By default, users have the My Apps bookmark configured within the organization folder inside Edge for iOS and Android.

機碼Key Value
com.microsoft.intune.mam.managedbrowser.MyAppscom.microsoft.intune.mam.managedbrowser.MyApps true (預設值) 會在 iOS 與 Android 版 Edge 書籤內顯示 [我的應用程式]true (default) shows My Apps within the Edge for iOS and Android bookmarks
false 會在 iOS 與 Android 版 Edge 隱藏 [我的應用程式]false hides My Apps within Edge for iOS and Android

應用程式行為體驗App behavior experiences

iOS 與 Android 版 Edge 為組織提供數個管理應用程式行為的選項。Edge for iOS and Android offers organizations several options for managing the app's behavior.

預設通訊協定處理常式Default protocol handler

根據預設,當使用者未在 URL 中指定通訊協定時,iOS 與 Android 版 Edge 會使用 HTTPS 通訊協定處理常式。By default, Edge for iOS and Android uses the HTTPS protocol handler when the user doesn't specify the protocol in the URL. 一般而言,這是最佳做法,但您也可以加以停用。Generally, this is considered a best practice, but can be disabled.

機碼Key Value
com.microsoft.intune.mam.managedbrowser.defaultHTTPScom.microsoft.intune.mam.managedbrowser.defaultHTTPS true (預設值) 預設通訊協定處理常式是 HTTPStrue (default) default protocol handler is HTTPS
false 預設通訊協定處理常式是 HTTPfalse default protocol handler is HTTP

停用資料共用以進行個人化Disable data sharing for personalization

根據預設,iOS 與 Android 版 Edge 會提示使用者同意使用狀況資料收集並共用瀏覽歷程記錄,以將其瀏覽體驗個人化。By default, Edge for iOS and Android prompts users for usage data collection and sharing browsing history to personalize their browsing experience. 組可以透過防止此提示顯示給終端使用者,以停用此資料共用。Organizations can disable this data sharing by preventing this prompt from being shown to end users.

機碼Key Value
com.microsoft.intune.mam.managedbrowser.disableShareUsageDatacom.microsoft.intune.mam.managedbrowser.disableShareUsageData true 會停用此提示,使其無法向終端使用者顯示true disables this prompt from displaying to end users
false (預設值) 會提示使用者共用使用狀況資料false (default) users are prompted to share usage data
com.microsoft.intune.mam.managedbrowser.disableShareBrowsingHistorycom.microsoft.intune.mam.managedbrowser.disableShareBrowsingHistory true 會停用此提示,使其無法向終端使用者顯示true disables this prompt from displaying to end users
false (預設值) 會提示使用者共用瀏覽歷程記錄false (default) users are prompted to share browsing history

停用特定功能Disable specific features

iOS 與 Android 版 Edge 可讓組織停用預設啟用的特定功能。Edge for iOS and Android allows organizations to disable certain features that are enabled by default. 若要停用這些功能,請進行下列設定:To disable these features, configure the following setting:

機碼Key Value
com.microsoft.intune.mam.managedbrowser.disabledFeaturescom.microsoft.intune.mam.managedbrowser.disabledFeatures password 會停用儲存終端使用者密碼的提示password disables prompts that offer to save passwords for the end user
inprivate 會停用 InPrivate 瀏覽inprivate disables InPrivate browsing

若要停用多項功能,請使用 | 來分隔值。To disable multiple features, separate values with |. 例如,inprivate|password 可同時停用 InPrivate 與密碼儲存。For example, inprivate|password disables both InPrivate and password storage.

注意

Android 版 Edge 不支援停用密碼管理員。Edge for Android does not support disabling the password manager.

停用延伸模組Disable extensions

您可以停用 Android 版 Edge 內的延伸模組架構,以防止使用者安裝任何應用程式延伸模組。You can disable the extension framework within Edge for Android to prevent users from installing any app extensions. 若要執行此動作,請進行下列設定:To do this, configure the following setting:

機碼Key Value
com.microsoft.intune.mam.managedbrowser.disableExtensionFrameworkcom.microsoft.intune.mam.managedbrowser.disableExtensionFramework true 會停用延伸模組架構true disables the extension framework
false (預設值) 會啟用延伸模組架構false (default) enables the extension framework

Android 裝置上的 Kiosk 模式體驗Kiosk mode experiences on Android devices

您可以使用下列設定,將 Android 版 Edge 啟用為 Kiosk 應用程式:Edge for Android can be enabled as a kiosk app with the following settings:

機碼Key Value
com.microsoft.intune.mam.managedbrowser.enableKioskModecom.microsoft.intune.mam.managedbrowser.enableKioskMode true 會啟用 Android 版 Edge 的 Kiosk 模式true enables kiosk mode for Edge for Android
false (預設值) 會停用 Kiosk 模式false (default) disables kiosk mode
com.microsoft.intune.mam.managedbrowser.showAddressBarInKioskModecom.microsoft.intune.mam.managedbrowser.showAddressBarInKioskMode true 會在 Kiosk 模式中顯示網址列true shows the address bar in kiosk mode
false (預設值) 會在啟用 Kiosk 模式時隱藏網址列false (default) hides the address bar when kiosk mode is enabled
com.microsoft.intune.mam.managedbrowser.showBottomBarInKioskModecom.microsoft.intune.mam.managedbrowser.showBottomBarInKioskMode true 會在 Kiosk 模式中顯示底部動作列true shows the bottom action bar in kiosk mode
false (預設值) 會在啟用 Kiosk 模式時隱藏底部列false (default) hides the bottom bar when kiosk mode is enabled

資料保護應用程式設定案例Data protection app configuration scenarios

當應用程式由 Microsoft 端點管理員管理且 Intune 應用程式防護原則已套用到已登入應用程式的公司或學校帳戶,而原則設定是透過受控應用程式的應用程式設定原則傳遞時,iOS 與 Android 版 Edge 支援下列資料保護設定的應用程式設定原則:Edge for iOS and Android supports app configuration policies for the following data protection settings when the app is managed by Microsoft Endpoint Manager with an Intune App Protection Policy applied to the work or school account that is signed into the app and the policy settings are delivered through a managed apps App Configuration Policy:

  • 管理帳戶同步Manage account synchronization
  • 管理受限制的網站Manage restricted web sites
  • 管理 Proxy 設定Manage proxy configuration
  • 管理 NTLM 單一登入網站Manage NTLM single sign-on sites

無論裝置註冊狀態為何,這些設定都可以部署到應用程式。These settings can be deployed to the app regardless of device enrollment status.

管理帳戶同步Manage account synchronization

根據預設,Microsoft Edge 同步可讓使用者在其登入的所有裝置上存取其瀏覽資料。By default, Microsoft Edge sync enables users to access their browsing data across all their signed-in devices. 同步支援的資料包括:The data supported by sync includes:

  • 我的最愛Favorites
  • 密碼Passwords
  • 地址等 (自動填入表單輸入)Addresses and more (autofill form entry)

同步功能是透過使用者同意啟用,而且使用者可以針對上面列出的每個資料類型開啟或關閉同步。Sync functionality is enabled via user consent and users can turn sync on or off for each of the data types listed above. 如需詳細資訊,請參閱 Microsoft Edge 同步For more information see Microsoft Edge Sync.

組織可以停用 iOS 與 Android 上的 Edge 同步。Organizations have the capability to disable Edge sync on iOS and Android.

機碼Key Value
com.microsoft.intune.mam.managedbrowser.account.syncDisabledcom.microsoft.intune.mam.managedbrowser.account.syncDisabled true (預設值) 會停用 Edge 同步true (default) disables Edge sync
false 允許 Edge 同步處理false allows Edge sync

管理受限制的網站Manage restricted web sites

組織可以定義使用者在 iOS 與 Android 版 Edge 中使用公司或學校帳戶時可以存取哪些網站。Organizations can define which sites users can access within the work or school account context in Edge for iOS and Android. 如果您使用允許清單,使用者將只能存取明確列出的網站。If you use an allow list, your users are only able to access the sites explicitly listed. 如果您使用封鎖的清單,使用者將能夠存取明確封鎖之網站以外的所有網站。If you use a blocked list, users can access all sites except for those explicitly blocked. 您只應該強制允許或封鎖清單,而不應該同時使用兩者。You should only impose either an allowed or a blocked list, not both. 如果您同時強制兩者,系統只會採用允許清單。If you impose both, only the allowed list is honored.

組織也會定義當使用者嘗試瀏覽至受限制的網站時會發生什麼事。Organization also define what happens when a user attempts to navigate to a restricted web site. 根據預設,會允許轉換。By default, transitions are allowed. 如果組織允許,受限制的網站可以在個人帳戶內容、Azure AD 帳戶的 InPrivate 內容中開啟,或是否完全封鎖網站。If the organization allows it, restricted web sites can be opened in the personal account context, the Azure AD account’s InPrivate context, or whether the site is blocked entirely. 如需支援之各種案例的詳細資訊,請參閱 Microsoft Edge 行動裝置版中的受限網站轉換 (英文)。For more information on the various scenarios that are supported, see Restricted website transitions in Microsoft Edge mobile. 透過允許轉換體驗,組織的使用者會保持受保護狀態,同時確保公司資源的安全。By allowing transitioning experiences, the organization's users stay protected, while keeping corporate resources safe.

注意

iOS 與 Android 版 Edge 只有在直接存取網站時,才能封鎖對網站的存取。Edge for iOS and Android can block access to sites only when they are accessed directly. 它不會在使用者使用中繼服務 (例如翻譯服務) 來存取網站時封鎖存取。It doesn't block access when users use intermediate services (such as a translation service) to access the site.

請使用下列機碼/值組來為 iOS 與 Android 版 Edge 設定允許或封鎖的網站清單。Use the following key/value pairs to configure either an allowed or blocked site list for Edge for iOS and Android.

機碼Key Value
com.microsoft.intune.mam.managedbrowser.AllowListURLscom.microsoft.intune.mam.managedbrowser.AllowListURLs 金鑰的相對應值為 URL 清單。The corresponding value for the key is a list of URLs. 您能以單一值的方式輸入要允許的所有 URL,並使用垂直線 | 字元分隔。You enter all the URLs you want to allow as a single value, separated by a pipe | character.

範例:Examples:
URL1|URL2|URL3
http://.contoso.com/|https://.bing.com/|https://expenses.contoso.com

com.microsoft.intune.mam.managedbrowser.BlockListURLscom.microsoft.intune.mam.managedbrowser.BlockListURLs 金鑰的相對應值為 URL 清單。The corresponding value for the key is a list of URLs. 您能以單一值的方式輸入要封鎖的所有 URL,並使用垂直線 | 字元分隔。You enter all the URLs you want to block as a single value, separated by a pipe | character.
範例:Examples:
URL1|URL2|URL3
http://.contoso.com/|https://.bing.com/|https://expenses.contoso.com
com.microsoft.intune.mam.managedbrowser.AllowTransitionOnBlockcom.microsoft.intune.mam.managedbrowser.AllowTransitionOnBlock true (預設值) 允許 iOS 與 Android 版 Edge 轉換限制的網站。true (default) allows Edge for iOS and Android to transition restricted sites. 當個人帳戶未停用時,系統會提示使用者切換到個人上下文以開啟限制的網站,或新增個人帳戶。When personal accounts are not disabled, users are prompted to either switch to the personal context to open the restricted site, or to add a personal account. 如果 com.microsoft.intune.mam.managedbrowser.openInPrivateIfBlocked 設定為 true,使用者將能在 InPrivate 模式中開啟限制的網站。If com.microsoft.intune.mam.managedbrowser.openInPrivateIfBlocked is set to true, users have the capability of opening the restricted site in the InPrivate context.

false 會防止 iOS 與 Android 版 Edge 轉換使用者。false prevents Edge for iOS and Android from transitioning users. 使用者只會看見說明其所嘗試存取網站已封鎖的訊息。Users are simply shown a message stating that the site they are trying to access is blocked.

com.microsoft.intune.mam.managedbrowser.openInPrivateIfBlockedcom.microsoft.intune.mam.managedbrowser.openInPrivateIfBlocked true 會允許在 Azure AD 帳戶的 InPrivate 模式中開啟限制的網站。true allows restricted sites to be opened in the Azure AD account's InPrivate context. 如果該 Azure AD 帳戶是 iOS 與 Android 版 Edge 中設定的唯一帳戶,則會在 InPrivate 模式中自動開啟限制的網站。If the Azure AD account is the only account configured in Edge for iOS and Android, the restricted site is opened automatically in the InPrivate context. 如果使用者已設定個人帳戶,系統會提示使用者在開啟 InPrivate 或切換至個人帳戶之間進行選擇。If the user has a personal account configured, the user is prompted to choose between opening InPrivate or switch to the personal account.

false (預設值) 會要求在使用者的個人帳戶中開啟限制的網站。false (default) requires the restricted site to be opened in the user's personal account. 若個人帳戶已停用,則會封鎖網站。If personal accounts are disabled, then the site is blocked.

為了讓此設定生效,com.microsoft.intune.mam.managedbrowser.AllowTransitionOnBlock 必須設定為 true。In order for this setting to take effect, com.microsoft.intune.mam.managedbrowser.AllowTransitionOnBlock must be set to true.

com.microsoft.intune.mam.managedbrowser.durationOfOpenInPrivateSnackBarcom.microsoft.intune.mam.managedbrowser.durationOfOpenInPrivateSnackBar 輸入使用者會看到點心棒通知「連結已使用 InPrivate 模式開啟。Enter the number of seconds that users will see the snack bar notification "Link opened with InPrivate mode. 您的組織要求必須使用 InPrivate 模式來存取此內容。」的秒數。Your organization requires the use of InPrivate mode for this content." 根據預設,點心棒通知會顯示 7 秒。By default, the snack bar notification is shown for 7 seconds.

無論定義的允許清單或封鎖清單設定為何,一律允許下列網站:The following sites are always allowed regardless of the defined allow list or block list settings:

  • https://*.microsoft.com/*
  • http://*.microsoft.com/*
  • https://microsoft.com/*
  • http://microsoft.com/*
  • https://*.windowsazure.com/*
  • https://*.microsoftonline.com/*
  • https://*.microsoftonline-p.com/*

適用於允許和封鎖網站清單的 URL 格式URL formats for allowed and blocked site list

您可以使用各種不同 URL 格式來建置您的允許/封鎖網站清單。You can use various URL formats to build your allowed/blocked sites lists. 下表會詳細說明這些允許的模式。These permitted patterns are detailed in the following table.

  • 確定您在清單中輸入 UTL 時,已在所有 URL 中加上 http://https:// 的前置詞。Ensure that you prefix all URLs with http:// or https:// when entering them into the list.

  • 您可以根據下列許可模式清單中的規則,來使用萬用字元符號 (*)。You can use the wildcard symbol (*) according to the rules in the following permitted patterns list.

  • 萬用字元只能比對主機名稱的部分元件 (例如 news-contoso.com) 或整個元件 (例如 host.contoso.com);當以正斜線分隔時,則可比對路徑的整個部分 (www.contoso.com/images)。A wildcard can only match a portion (e.g., news-contoso.com) or entire component of the hostname (e.g., host.contoso.com) or entire parts of the path when separated by forward slashes (www.contoso.com/images).

  • 您可以在位址中指定連接埠號碼。You can specify port numbers in the address. 如不指定連接埠號碼,會使用下列值:If you do not specify a port number, the values used are:

    • 針對 http 使用連接埠 80Port 80 for http
    • 針對 https 使用連接埠 443Port 443 for https
  • 支援對連接埠號碼使用萬用字元。Using wildcards for the port number is not supported. 例如,不支援 http://www.contoso.com:*http://www.contoso.com:*/For example, http://www.contoso.com:* and http://www.contoso.com:*/ are not supported.

    URLURL 詳細資料Details 相符項Matches 不符合Does not match
    http://www.contoso.com 比對單一頁面Matches a single page www.contoso.com host.contoso.com
    www.contoso.com/images
    contoso.com/
    http://contoso.com 比對單一頁面Matches a single page contoso.com/ host.contoso.com
    www.contoso.com/images
    www.contoso.com
    http://www.contoso.com/* 比對所有以 www.contoso.com 開頭的 URLMatches all URLs that begin with www.contoso.com www.contoso.com
    www.contoso.com/images
    www.contoso.com/videos/tvshows
    host.contoso.com
    host.contoso.com/images
    http://*.contoso.com/* 比對 contoso.com 下的所有子網域Matches all subdomains under contoso.com developer.contoso.com/resources
    news.contoso.com/images
    news.contoso.com/videos
    contoso.host.com
    news-contoso.com
    http://*contoso.com/* 比對所有結尾為 contoso.com/ 的子網域Matches all subdomains ending with contoso.com/ news-contoso.com
    news-contoso.com.com/daily
    news-contoso.host.com
    news.contoso.com
    http://www.contoso.com/images 比對單一資料夾Matches a single folder www.contoso.com/images www.contoso.com/images/dogs
    http://www.contoso.com:80 使用連接埠號碼來比對單一頁面Matches a single page, by using a port number www.contoso.com:80
    https://www.contoso.com 比對單一且安全的頁面Matches a single, secure page www.contoso.com www.contoso.com
    http://www.contoso.com/images/* 符合單一資料夾及所有子資料夾Matches a single folder and all subfolders www.contoso.com/images/dogs
    www.contoso.com/images/cats
    www.contoso.com/videos
  • 以下是一些您無法指定的輸入範例:The following are examples of some of the inputs that you can't specify:

    • *.com
    • *.contoso/*
    • www.contoso.com/*images
    • www.contoso.com/*images*pigs
    • www.contoso.com/page*
    • IP 位址IP addresses
    • https://*
    • http://*
    • http://www.contoso.com:*
    • http://www.contoso.com: /*

管理 Proxy 設定Manage proxy configuration

iOS 與 Android 版 Edge 和 Azure AD 應用程式 Proxy (部分機器翻譯) 可以一起使用,來讓使用者在他們的行動裝置上存取內部網路網站。You can use Edge for iOS and Android and Azure AD Application Proxy together to give users access to intranet sites on their mobile devices. 例如:For example:

  • 使用者正在使用受 Intune 保護的 Outlook 行動應用程式。A user is using the Outlook mobile app, which is protected by Intune. 然後他們按一下電子郵件中的內部網路網站連結,iOS 與 Android 版 Edge 則辨識此內部網路網站已透過應用程式 Proxy 向使用者公開。They then click a link to an intranet site in an email, and Edge for iOS and Android recognizes that this intranet site has been exposed to the user through Application Proxy. 使用者會透過應用程式 Proxy 自動進行路由傳送,在到達內部網路網站之前,使用任何適用的多重要素驗證和條件式存取來進行驗證。The user is automatically routed through Application Proxy, to authenticate with any applicable multi-factor authentication and Conditional Access, before reaching the intranet site. 使用者現在能夠存取內部網路網站 (甚至是在其行動裝置上),且 Outlook 中的連結會如預期運作。The user is now able to access internal sites, even on their mobile devices, and the link in Outlook works as expected.
  • 使用者在其 iOS 或 Android 裝置上開啟 iOS 與 Android 版 Edge。A user opens Edge for iOS and Android on their iOS or Android device. 如果 iOS 與 Android 版 Edge 已受 Intune 保護,且已啟用應用程式 Proxy,則使用者可以使用他們慣用的內部 URL 來移至內部網路網站。If Edge for iOS and Android is protected with Intune, and Application Proxy is enabled, the user can go to an intranet site by using the internal URL they are used to. iOS 與 Android 版 Edge 會辨識此內部網路網站已透過應用程式 Proxy 向使用者公開。Edge for iOS and Android recognizes that this intranet site has been exposed to the user through Application Proxy. 系統會自動透過應用程式 Proxy 路由使用者,以在抵達內部網路網站之前進行驗證。The user is automatically routed through Application Proxy, to authenticate before reaching the intranet site.

在開始之前:Before you start:

  • 透過 Azure AD 應用程式 Proxy 設定內部應用程式。Set up your internal applications through Azure AD Application Proxy.
  • iOS 與 Android 版 Edge 應用程式必須獲指派 Intune 應用程式保護原則The Edge for iOS and Android app must have an Intune app protection policy assigned.
  • Microsoft 應用程式必須有限制使用其他應用程式的 Web 內容傳輸資料傳輸設定已設定為 Microsoft Edge 的應用程式保護原則。Microsoft apps must have an app protection policy that has Restrict web content transfer with other apps data transfer setting set to Microsoft Edge.

注意

已更新的應用程式 Proxy 重新導向資料最多可能需要 24 小時才會在 iOS 與 Android 版 Edge 中生效。Updated Application Proxy redirection data can take up to 24 hours to take effect in Edge for iOS and Android.

使用下列機碼/值組將 iOS 與 Android 版 Edge 設定為目標,以啟用應用程式 Proxy:Target Edge for iOS with the following key/value pair, to enable Application Proxy:

機碼Key Value
com.microsoft.intune.mam.managedbrowser.AppProxyRedirectioncom.microsoft.intune.mam.managedbrowser.AppProxyRedirection true 會啟用 Azure AD App Proxy 重新導向案例true enables Azure AD App Proxy redirection scenarios
false (預設值) 會防止 Azure AD App Proxy 案例false (default) prevents Azure AD App Proxy scenarios

注意

Android 版 Edge 不會使用此機碼。Edge for Android does not consume this key. 相反地,只要已登入的 Azure AD 帳戶已套用應用程式保護原則,Android 版 Edge 就會自動使用 Azure AD 應用程式 Proxy 設定。Instead, Edge for Android consumes Azure AD Application Proxy configuration automatically as long as the signed-in Azure AD account has an App Protection Policy applied.

如需如何使用 iOS 與 Android 版 Edge 和 Azure AD 應用程式 Proxy 來緊密 (且以受保護方式) 地存取內部部署 Web 應用程式的詳細資訊,請參閱建議搭配使用:Intune 和 Azure Active Directory 合作以改善使用者存取 (英文)。For more information about how to use Edge for iOS and Android and Azure AD Application Proxy in tandem for seamless (and protected) access to on-premises web apps, see Better together: Intune and Azure Active Directory team up to improve user access. 此部落格文章參考 Intune Managed Browser,但內容也適用於 iOS 與 Android 版 Edge。This blog post references the Intune Managed Browser, but the content applies to Edge for iOS and Android as well.

管理 NTLM 單一登入網站Manage NTLM single sign-on sites

組織可能會要求使用者使用 NTLM 進行驗證,以存取內部網路網站。Organizations may require users to authenticate with NTLM to access intranet web sites. 根據預設,每次使用者存取需要 NTLM 驗證的網站時,系統都會提示他們輸入認證,因為 NTLM 認證快取已停用。By default, users are prompted to enter credentials each time they access a web site that requires NTLM authentication as NTLM credential caching is disabled.

組織可以針對特定網站啟用 NTLM 認證快取。Organizations can enable NTLM credential caching for particular web sites. 針對這些網站,使用者輸入認證並成功驗證之後,預設會快取認證 30 天。For these sites, after the user enters credentials and successfully authenticates, the credentials are cached by default for 30 days.

機碼Key Value
com.microsoft.intune.mam.managedbrowser.NTLMSSOURLscom.microsoft.intune.mam.managedbrowser.NTLMSSOURLs 金鑰的相對應值為 URL 清單。The corresponding value for the key is a list of URLs. 您能以單一值的方式輸入要允許的所有 URL,並使用垂直線 | 字元分隔。You enter all the URLs you want to allow as a single value, separated by a pipe | character.

範例:Examples:
URL1|URL2
http://app.contoso.com/|https://expenses.contoso.com

如需所支援 URL 格式類型的詳細資訊,請參閱允許和封鎖的網站清單的 URL 格式For more information on the types of URL formats that are supported, see URL formats for allowed and blocked site list.

com.microsoft.intune.mam.managedbrowser.durationOfNTLMSSOcom.microsoft.intune.mam.managedbrowser.durationOfNTLMSSO 快取認證的時數,預設值為 720 小時Number of hours to cache credentials, default is 720 hours

使用 Microsoft 端點管理員部署應用程式設定案例Deploy app configuration scenarios with Microsoft Endpoint Manager

如果您使用 Microsoft 端點管理員作為您的行動裝置應用程式管理提供者,下列步驟可讓您建立受控應用程式設定原則。If you are using Microsoft Endpoint Manager as your mobile app management provider, the following steps allow you to create a managed apps app configuration policy. 建立組態之後,您可以將其設定指派給使用者群組。After the configuration is created, you can assign its settings to groups of users.

  1. 登入 Microsoft 端點管理員Sign into Microsoft Endpoint Manager.

  2. 選取 [應用程式],然後選取 [應用程式設定原則]。Select Apps and then select App configuration policies.

  3. 在 [應用程式設定原則] 刀鋒視窗上,選擇 [新增],然後選取 [受控應用程式]。On the App Configuration policies blade, choose Add and select Managed apps.

  4. 在 [基本] 區段上,輸入應用程式組態設定的 [名稱] 與選擇性的 [描述]。On the Basics section, enter a Name, and optional Description for the app configuration settings.

  5. 針對 [公用應用程式],選擇 [選取公用應用程式],然後在 [目標應用程式] 刀鋒視窗上,透過同時選取 iOS 與 Android 平台應用程式以選擇 [iOS 與 Android 版 Edge]。For Public apps, choose Select public apps, and then, on the Targeted apps blade, choose Edge for iOS and Android by selecting both the iOS and Android platform apps. 按一下 [選取] 以儲存選取的公用應用程式。Click Select to save the selected public apps.

  6. 按一下 [下一步] 以完成應用程式設定原則的基本設定。Click Next to complete the basic settings of the app configuration policy.

  7. 在 [設定] 區段上,展開 [Edge 組態設定]。On the Settings section, expand the Edge configuration settings.

  8. 如果您想要管理資料保護設定,請據以設定所需的設定:If you want to manage the data protection settings, configure the desired settings accordingly:

    • 針對 [應用程式 Proxy 重新導向],請從可用選項中選擇:啟用停用 (預設值)。For Application proxy redirection, choose from the available options: Enable, Disable (default).

    • 針對 [首頁捷徑 URL],指定包含 http://https:// 前置詞的有效 URL。For Homepage shortcut URL, specify a valid URL that includes the prefix of either http:// or https://. 基於安全性考量,會封鎖不正確的 URL。Incorrect URLs are blocked as a security measure.

    • 針對 [受控書籤],請指定標題與包含 http://https:// 前置詞的有效 URL。For Managed bookmarks, specify the title and a valid URL that includes the prefix of either http:// or https://.

    • 針對[ 允許的 URL],指定有效的 URL (只允許這些 URL;無法存取其他站台)。For Allowed URLs, specify a valid URL (only these URLs are allowed; no other sites can be accessed). 如需所支援 URL 格式類型的詳細資訊,請參閱允許和封鎖的網站清單的 URL 格式For more information on the types of URL formats that are supported, see URL formats for allowed and blocked site list.

    • 針對 [封鎖的 URL],指定有效的 URL (只會封鎖這些 URL)。For Blocked URLs, specify a valid URL (only these URLs are blocked). 如需所支援 URL 格式類型的詳細資訊,請參閱允許和封鎖的網站清單的 URL 格式For more information on the types of URL formats that are supported, see URL formats for allowed and blocked site list.

    • 針對 [將受限制網站重新導向至個人內容],請從可用選項中選擇:啟用 (預設值)、停用For Redirect restricted sites to personal context, choose from the available options: Enable (default), Disable.

    注意

    當原則中同時定義了允許的 URL 與封鎖的 URL 時,只會接受允許的清單。When both Allowed URLs and Blocked URLs are defined in the policy, only the allowed list is honored.

  9. 若要新增上述原則中未公開的其他應用程式組態設定,請展開 [一般組態設定] 節點,並據以輸入機碼值組。If you want to additional app configuration settings not exposed in the above policy, expand the General configuration settings node and enter in the key value pairs accordingly.

  10. 當您完成設定之後,請選擇 [下一步]。When you are finished configuring the settings, choose Next.

  11. 在 [指派] 區段上,選擇 [選取要納入的群組]。On the Assignments section, choose Select groups to include. 選取您要指派應用程式設定原則的 Azure AD 群組,然後選擇 [選取]。Select the Azure AD group to which you want to assign the app configuration policy, and then choose Select.

  12. 當您完成指派時,請選擇 [下一步]。When you are finished with the assignments, choose Next.

  13. 在 [建立應用程式設定原則檢閱 + 建立] 刀鋒視窗上,檢閱配置的設定,然後選擇 [建立]。On the Create app configuration policy Review + Create blade, review the settings configured and choose Create.

新建立的設定原則會顯示在 [應用程式設定] 刀鋒視窗上。The newly created configuration policy is displayed on the App configuration blade.

使用 iOS 與 Android 版 Edge 來存取受控應用程式記錄檔Use Edge for iOS and Android to access managed app logs

在其 iOS 或 Android 裝置上安裝 iOS 與 Android 版 Edge 的使用者,可以檢視所有由 Microsoft 發行之應用程式的管理狀態。Users with Edge for iOS and Android installed on their iOS or Android device can view the management status of all Microsoft published apps. 使用者可以使用下列步驟,傳送記錄來對其受控的 iOS 或 Android 應用程式進行疑難排解:They can send logs for troubleshooting their managed iOS or Android apps by using the following steps:

  1. 在您的裝置上開啟 iOS 與 Android 版 Edge。Open Edge for iOS and Android on your device.
  2. 網址方塊中的類型 about:intunehelpType about:intunehelp in the address box.
  3. iOS 與 Android 版 Edge 會啟動疑難排解模式。Edge for iOS and Android launches troubleshooting mode.

如需儲存在應用程式記錄中的設定清單,請參閱檢閱用戶端應用程式防護記錄For a list of the settings stored in the app logs, see Review client app protection logs.

若要了解如何在 Android 裝置上檢視記錄檔,請參閱透過電子郵件將記錄檔傳送給 IT 系統管理員To see how to view logs on Android devices, see Send logs to your IT admin by email.

後續步驟Next steps