要在 Intune 中使用常見 iOS/iPadOS 功能用的 iOS 與 iPadOS 裝置設定iOS and iPadOS device settings to use common iOS/iPadOS features in Intune

Intune 包含一些內建設定,可讓 iOS/iPadOS 使用者在其裝置上使用不同的 Apple 功能。Intune includes some built-in settings to allow iOS/iPadOS users to use different Apple features on their devices. 例如,您可以控制 AirPrint 印表機、將應用程式和資料夾新增至 Dock 和主畫面頁面、顯示應用程式通知、在鎖定畫面上顯示資產標籤詳細資料、使用單一登入驗證,以及使用憑證驗證。For example, you can control AirPrint printers, add apps and folders to the dock and home screen pages, show app notifications, show asset tag details on the lock screen, use single sign-on authentication, and use certificate authentication.

使用這些功能來控制 iOS/iPadOS 裝置,作為行動裝置管理 (MDM) 解決方案的一部分。Use these features to control iOS/iPadOS devices as part of your mobile device management (MDM) solution.

本文會列出這些設定,並說明每個設定的用途。This article lists these settings, and describes what each setting does. 如需這些功能的詳細資訊,請移至新增 iOS/iPadOS 或 macOS 裝置功能設定For more information on these features, go to Add iOS/iPadOS or macOS device feature settings.

開始之前Before you begin

建立 iOS/iPadOS 裝置功能設定檔Create an iOS/iPadOS device features profile.

注意

這些設定適用於不同的註冊類型,而其中有部分設定適用於所有註冊選項。These settings apply to different enrollment types, with some settings applying to all enrollment options. 如需不同註冊類型的詳細資訊,請參閱 iOS/iPadOS 註冊For more information on the different enrollment types, see iOS/iPadOS enrollment.

AirPrintAirPrint

設定適用於:所有註冊類型Settings apply to: All enrollment types

注意

請務必將所有印表機新增到相同的設定檔。Be sure to add all printers to the same profile. Apple 會防止多個 AirPrint 設定檔以相同裝置為目標。Apple prevents multiple AirPrint profiles from targeting the same device.

  • IP 位址:輸入印表機的 IPv4 或 IPv6 位址。IP address: Enter the IPv4 or IPv6 address of the printer. 如果您是使用主機名稱來識別印表機,則可以透過在終端機偵測該印表機來取得 IP 位址。If you use hostnames to identify printers, you can get the IP address by pinging the printer in the terminal. 本文中的取得 IP 位址和路徑會提供更多詳細資料。Get the IP address and path (in this article) provides more details.
  • 路徑:您網路上印表機的路徑通常是 ipp/printPath: The path is typically ipp/print for printers on your network. 本文中的取得 IP 位址和路徑會提供更多詳細資料。Get the IP address and path (in this article) provides more details.
  • 連接埠:輸入 AirPrint 目的地的接聽連接埠。Port: Enter the listening port of the AirPrint destination. 如果將此屬性留白,AirPrint 就會使用預設連接埠。If you leave this property blank, AirPrint uses the default port. 可以在 iOS 11.0+ 與 iPadOS 13.0+ 上使用。Available on iOS 11.0+, and iPadOS 13.0+.
  • TLS:[啟用] 可使用傳輸層安全性 (TLS) 保護 AirPrint 連線。TLS: Enable secures AirPrint connections with Transport Layer Security (TLS). 可以在 iOS 11.0+ 與 iPadOS 13.0+ 上使用。Available on iOS 11.0+, and iPadOS 13.0+.

若要新增 AirPrint 伺服器,您可以:To add AirPrint servers, you can:

  • [新增] 可新增 AirPrint 伺服器至清單中。Add adds the AirPrint server to the list. 可以新增許多 AirPrint 伺服器。Many AirPrint servers can be added.
  • 匯入含有此資訊的逗點分隔檔 (.csv)。Import a comma-separated file (.csv) with this information. 或者,[匯出] 以建立您所新增之 AirPrint 伺服器的清單。Or, Export to create a list of the AirPrint servers you added.

取得伺服器 IP 位址、資源路徑與連接埠Get server IP address, resource path, and port

若要新增 AirPrinter 伺服器,您需要印表機的 IP 位址、資源路徑及連接埠。To add AirPrinter servers, you need the IP address of the printer, the resource path, and the port. 下列步驟說明如何取得此資訊。The following steps show you how to get this information.

  1. 在連線到與 AirPrint 印表機相同區域網路 (子網路) 的 Mac 上,開啟 [終端機] (從 /Applications/Utilities)。On a Mac that's connected to the same local network (subnet) as the AirPrint printers, open Terminal (from /Applications/Utilities).

  2. 在 [終端機] 中,輸入 ippfind,然後選取 Enter 鍵。In the Terminal, type ippfind, and select enter.

    請記下印表機資訊。Note the printer information. 例如,可能會傳回類似 ipp://myprinter.local.:631/ipp/port1 的內容。For example, it may return something similar to ipp://myprinter.local.:631/ipp/port1. 第一個部分是印表機的名稱。The first part is the name of the printer. 最後一個部分 (ipp/port1) 是資源路徑。The last part (ipp/port1) is the resource path.

  3. 在 [終端機] 中,輸入 ping myprinter.local,然後選取 Enter 鍵。In the Terminal, type ping myprinter.local, and select enter.

    記下 IP 位址。Note the IP address. 例如,可能會傳回類似 PING myprinter.local (10.50.25.21) 的內容。For example, it may return something similar to PING myprinter.local (10.50.25.21).

  4. 使用 IP 位址和資源路徑值。Use the IP address and resource path values. 在此範例中,IP 位址是 10.50.25.21,而資源路徑則是 /ipp/port1In this example, the IP address is 10.50.25.21, and the resource path is /ipp/port1.

主畫面配置Home screen layout

本功能適用於:This feature applies to:

  • iOS 9.3 或更新版本iOS 9.3 or newer
  • iPadOS 13.0 和更新版本iPadOS 13.0 and newer

設定適用於:自動裝置註冊 (受監督)Settings apply to: Automated device enrollment (supervised)

注意

請只將一個應用程式新增至 Dock、頁面或頁面上的資料夾。Only add one app to the dock, a page, or a folder on a page. 在所有位置新增相同的應用程式會導致應用程式無法在裝置上顯示,且可能會顯示報告錯誤。Adding the same app in all places prevents the app from showing on devices, and may show reporting errors.

例如,如果將相機應用程式新增至 Dock 和頁面,則不會顯示相機應用程式,且報告可能會顯示原則錯誤。For example, if you add the camera app to a dock and a page, the camera app isn't shown, and reporting might show an error for the policy. 若要將相機應用程式新增至主畫面配置,請只選擇 Dock 或頁面,而不是兩者。To add the camera app to the home screen layout, choose only the dock or a page, not both.

DockDock

使用 [Dock] 設定將最多 6 個項目或資料夾新增到畫面上的 Dock 中。Use the Dock settings to add up to six items or folders to the dock on the screen. 許多裝置支援的項目數較少。Many devices support fewer items. 例如,iPhone 裝置最多支援 4 個項目。For example, iPhone devices support up to four items. 在本例中,裝置上只會顯示所新增的前四個項目。In this case, only the first four items you add are shown on devices.

您最多可以為裝置 Dock 新增六個項目 (應用程式和資料夾合併)。You can add up to six items (apps and folders combined) for the device dock.

  • 新增:新增應用程式或資料夾到裝置上的 Dock。Add: Adds apps or folders to the dock on devices.

  • 類型:新增 [應用程式] 或 [資料夾]:Type: Add an App or a Folder:

    • 應用程式:選擇此選項以將應用程式新增至畫面上的 Dock。App: Choose this option to add apps to the dock on the screen. 輸入:Enter:

      • 應用程式名稱:輸入應用程式的名稱。App Name: Enter a name for the app. 此名稱用於供您在 Microsoft 端點管理員系統管理中心中參考,This name is used for your reference in the Microsoft Endpoint Manager admin center. 而「不會」顯示在 iOS/iPadOS 裝置上。It isn't shown on the iOS/iPadOS device.
      • 應用程式套件組合識別碼:輸入應用程式的套件組合識別碼。App Bundle ID: Enter the bundle ID of the app. 請參閱內建 iOS/iPadOS 應用程式的套件組合識別碼,以取得一些範例。See Bundle IDs for built-in iOS/iPadOS apps for some examples.
    • 資料夾:選擇此選項以將資料夾新增至畫面上的 Dock。Folder: Choose this option to add a folder to the dock on the screen.

      新增到資料夾中頁面的應用程式會以和清單相同的順序,由左至右排列。Apps that you add to a page in a folder are arranged from left to right, and in the same order as the list. 如果您新增的應用程式超過一個頁面所能容納的數目,應用程式就會被移到另一個頁面。If you add more apps than can fit on a page, the apps are moved to another page.

      • 資料夾名稱:資料夾的名稱。Folder name: Enter the name of the folder. 此名稱會在其裝置上向使用者顯示。This name is shown to users on their devices.

      • 頁面清單新增頁面,然後輸入下列屬性:List of pages: Add a page, and enter the following properties:

        • 頁面名稱:輸入頁面的名稱。Page name: Enter a name for the page. 此名稱用於供您在 Microsoft 端點管理員系統管理中心中參考,This name is used for your reference in the Microsoft Endpoint Manager admin center. 而「不會」顯示在 iOS/iPadOS 裝置上。It isn't shown on the iOS/iPadOS device.
        • 應用程式名稱:輸入應用程式的名稱。App Name: Enter a name for the app. 此名稱用於供您在 Microsoft 端點管理員系統管理中心中參考,This name is used for your reference in the Microsoft Endpoint Manager admin center. 而「不會」顯示在 iOS/iPadOS 裝置上。It isn't shown on the iOS/iPadOS device.
        • 應用程式套件組合識別碼:輸入應用程式的套件組合識別碼。App Bundle ID: Enter the bundle ID of the app. 請參閱內建 iOS/iPadOS 應用程式的套件組合識別碼,以取得一些範例。See Bundle IDs for built-in iOS/iPadOS apps for some examples.

        您最多可以為裝置 Dock 新增 20 個頁面。You can add up to 20 pages for the device dock.

注意

當您使用 [主畫面配置] 設定來新增頁面,或是將頁面與應用程式新增到 Dock 時,系統會鎖定主畫面上的圖示與頁面。When you use the Home Screen Layout settings to add pages, or add pages and apps to the Dock, the icons on the Home Screen and pages are locked. 您無法加以移動或刪除。They can't be moved or deleted. 此行為可能是 iOS/iPadOS 與 Apple 的 MDM 原則設計使然。This behavior might be by design with iOS/iPadOS and Apple's MDM policies.

範例Example

在下列範例中,Dock 畫面會顯示 [Safari]、[郵件] 和 [股市] 應用程式。In the following example, the dock screen shows the Safari, Mail, and Stocks apps. 其中已選取 [郵件] 應用程式來顯示其屬性:The Mail app is selected to show its properties:

Intune 中 iOS/iPadOS 主畫面配置的 Dock 設定範例Sample iOS/iPadOS Home screen layout dock settings in Intune

當您將該原則指派給 iPhone 時,Dock 看起來會如下圖所示:When you assign the policy to an iPhone, the dock looks similar to the following image:

iPhone 上的 iOS/iPadOS Dock 配置範例Sample iOS/iPadOS dock layout on iPhone

PagesPages

新增您想要在主畫面上顯示的頁面,以及要在每個頁面顯示的應用程式。Add the pages you want shown on the home screen, and the apps you want shown on each page. 新增到頁面的應用程式會以和清單相同的順序,由左至右排列。Apps that you add to a page are arranged from left to right, in the same order as the list. 如果您新增的應用程式超過一個頁面所能容納的數目,應用程式就會被移到另一個頁面。If you add more apps than can fit on a page, the apps are moved to another page.

提示

若要將任何主畫面或頁面清單中的項目重新排序,您可以拖放那些項目。To reorder items in any Home screen and pages lists, you can drag and drop them.

您最多可以在裝置上新增 40 個頁面。You can add up to 40 pages on a device.

  • 頁面清單新增頁面,然後輸入下列屬性:List of pages: Add a page, and enter the following properties:

    • 頁面名稱:輸入頁面的名稱。Page name: Enter a name for the page. 此名稱用於供您在 Microsoft 端點管理員系統管理中心中參考,而「不會」顯示在 iOS/iPadOS 裝置上。This name is used for your reference in the Microsoft Endpoint Manager admin center, and isn't shown on the iOS/iPadOS device.

    您最多可以在裝置上新增 60 個項目 (應用程式和資料夾合併)。You can add up to 60 items (apps and folder combined) on a device.

    • 新增:新增應用程式或資料夾到裝置的頁面。Add: Adds apps or folders to a page on devices.

      • 類型:新增 [應用程式] 或 [資料夾]:Type: Add an App or a Folder:

        • 應用程式:選擇此選項以將應用程式新增至畫面上的頁面。App: Choose this option to add apps to a page on the screen. 另請輸入:Also enter:

          • 應用程式名稱:輸入應用程式的名稱。App Name: Enter a name for the app. 此名稱用於供您在 Microsoft 端點管理員系統管理中心中參考,This name is used for your reference in the Microsoft Endpoint Manager admin center. 而「不會」顯示在 iOS/iPadOS 裝置上。It isn't shown on the iOS/iPadOS device.
          • 應用程式套件組合識別碼:輸入應用程式的套件組合識別碼。App Bundle ID: Enter the bundle ID of the app. 請參閱內建 iOS/iPadOS 應用程式的套件組合識別碼,以取得一些範例。See Bundle IDs for built-in iOS/iPadOS apps for some examples.
        • 資料夾:選擇此選項以將資料夾新增至畫面上的 Dock。Folder: Choose this option to add a folder to the dock on the screen.

          新增到資料夾中頁面的應用程式會以和清單相同的順序,由左至右排列。Apps that you add to a page in a folder are arranged from left to right, and in the same order as the list. 如果您新增的應用程式超過一個頁面所能容納的數目,應用程式就會被移到另一個頁面。If you add more apps than can fit on a page, the apps are moved to another page.

          • 資料夾名稱:輸入資料夾的名稱。Folder name: Enter a name for the folder. 這是裝置向使用者顯示的名稱。This name is shown to users on devices.

          • 新增:將頁面新增到資料夾。Add: Adds pages to the folder. 一併輸入下列屬性:Also enter the following properties:

            • 頁面名稱:輸入頁面的名稱。Page name: Enter a name for the page. 此名稱用於供您在 Microsoft 端點管理員系統管理中心中參考,This name is used for your reference in the Microsoft Endpoint Manager admin center. 而「不會」顯示在 iOS/iPadOS 裝置上。It isn't shown on the iOS/iPadOS device.
            • 應用程式名稱:輸入應用程式的名稱。App Name: Enter a name for the app. 此名稱用於供您在 Microsoft 端點管理員系統管理中心中參考,This name is used for your reference in the Microsoft Endpoint Manager admin center. 而「不會」顯示在 iOS/iPadOS 裝置上。It isn't shown on the iOS/iPadOS device.
            • 應用程式套件組合識別碼:輸入應用程式的套件組合識別碼。App Bundle ID: Enter the bundle ID of the app. 請參閱內建 iOS/iPadOS 應用程式的套件組合識別碼,以取得一些範例。See Bundle IDs for built-in iOS/iPadOS apps for some examples.

範例Example

在以下範例中,將會新增名為 Contoso 的新頁面。In the following example, a new page named Contoso is added. 此頁面會顯示 [尋找朋友] 和 [設定] 應用程式:The page shows the Find Friends and Settings apps:

Intune 中 iOS/iPadOS 主畫面配置的新頁面設定和範例iOS/iPadOS Home screen layout new page settings and example in Intune

其中已選取 [設定] 應用程式來顯示其屬性:The Settings app is selected to show its properties:

Intune 中 iOS/iPadOS 主畫面配置的 [設定] 應用程式屬性範例iOS/iPadOS Home screen layout Settings app properties example in Intune

當您將該原則指派給 iPhone 時,頁面看起來會如下圖所示:When you assign the policy to an iPhone, the page looks similar to the following image:

Intune 中已修改主畫面的 iOS/iPadOS 裝置iOS/iPadOS device with modified home screen in Intune

應用程式通知App notifications

設定適用於:自動裝置註冊 (受監督)Settings apply to: Automated device enrollment (supervised)

  • 新增:為應用程式新增通知:Add: Add notifications for apps:

    在 Intune 的 iOS/iPadOS 設定檔中新增應用程式通知Add app notification in iOS/iPadOS profile in Intune

    • 應用程式套件組合識別碼:輸入您要新增之應用程式的 [應用程式套件組合識別碼]。App bundle ID: Enter the App Bundle ID of the app you want to add. 請參閱內建 iOS/iPadOS 應用程式的套件組合識別碼,以取得一些範例。See Bundle IDs for built-in iOS/iPadOS apps for some examples.
    • 應用程式名稱:輸入您要新增之應用程式的名稱。App name: Enter the name of the app you want to add. 此名稱用於供您在 Microsoft 端點管理員系統管理中心中參考,This name is used for your reference in the Microsoft Endpoint Manager admin center. 「不會」顯示在裝置上。It isn't shown on devices.
    • 發行者:輸入您要新增之應用程式的發行者。Publisher: Enter the publisher of the app you're adding. 此名稱用於供您在 Microsoft 端點管理員系統管理中心中參考,This name is used for your reference in the Microsoft Endpoint Manager admin center. 「不會」顯示在裝置上。It isn't shown on devices.
    • 通知:[啟用] 或 [停用] 應用程式對裝置傳送通知的功能。Notifications: Enable or Disable the app from sending notifications to devices.
      • 在通知中心顯示:[啟用] 會允許應用程式在裝置的「通知中心」內顯示通知。Show in Notification Center: Enable allows the app to show notifications in the device Notification Center. [停用] 會防止應用程式在裝置的「通知中心」內顯示通知。Disable prevents the app from showing notifications in the Notification Center.
      • 在鎖定畫面顯示:[啟用] 會在裝置鎖定畫面上顯示應用程式通知。Show in Lock Screen: Enable shows app notifications on the device lock screen. [停用] 會防止應用程式在鎖定畫面上顯示通知。Disable prevents the app from showing notifications on the lock screen.
      • 警示類型:當裝置解除鎖定後,請選擇通知的顯示方式。Alert type: When devices are unlocked, choose how the notification is shown. 選項包括:Your options:
        • :不顯示任何通知。None: No notification is shown.
        • 橫幅:短暫顯示含有通知的橫幅。Banner: A banner is briefly shown with the notification.
        • 強制回應:裝置顯示通知後,使用者必須手動關閉通知,才能繼續使用裝置。Modal: The notification is shown and users must manually dismiss it before continuing to use the device.
      • 應用程式圖示上的徽章:選取 [啟用] 以將徽章新增至應用程式圖示。Badge on app icon: Select Enable to add a badge to the app icon. 徽章意謂著應用程式已傳送通知。The badge means the app sent a notification.
      • 音效:選取 [啟用] 以在傳遞通知時播放音效。Sounds: Select Enable to play a sound when a notification is delivered.

鎖定畫面訊息Lock screen message

本功能適用於:This feature applies to:

  • iOS 9.3 和更新版本iOS 9.3 and later
  • iPadOS 13.0 和更新版本iPadOS 13.0 and newer

設定適用於:自動裝置註冊 (受監督)Settings apply to: Automated device enrollment (supervised)

  • 資產標籤資訊:輸入裝置資產標籤的相關資訊。Asset tag information: Enter information about the asset tag of the device. 例如,輸入 Owned by Contoso CorpSerial Number: {{serialnumber}}For example, enter Owned by Contoso Corp or Serial Number: {{serialnumber}}.

    所輸入的文字會顯示在裝置的登入視窗與鎖定畫面中。The text you enter is shown on the sign in window and lock screen on devices.

  • 鎖定畫面註腳:輸入備註可能有助於在裝置遺失或遭竊時取回裝置。Lock screen footnote: If devices are lost or stolen, enter a note that might help get the device returned. 您可以輸入任何所需的文字。You can enter any text you want. 例如,輸入類似 If found, call Contoso at ... 的內容。For example, enter something like If found, call Contoso at ....

    裝置權杖也可用來在這些欄位中新增裝置特定資訊。Device tokens can also be used to add device-specific information to these fields. 例如,若要顯示序號,請輸入 Serial Number: {{serialnumber}}Device ID: {{DEVICEID}}For example, to show the serial number, enter Serial Number: {{serialnumber}} or Device ID: {{DEVICEID}}. 在鎖定畫面上,此文字顯示類似於 Serial Number 123456789ABCOn the lock screen, the text shows similar to Serial Number 123456789ABC. 輸入變數時,請務必使用大括弧 {{ }}When entering variables, be sure to use curly brackets {{ }}. 應用程式設定權杖包含可以使用的變數清單。App configuration tokens includes a list of variables that can be used. 您也可以使用 DEVICENAME 或任何其他的裝置特定值。You can also use DEVICENAME or any other device-specific value.

    注意

    變數不會在 UI 中驗證,而且會區分大小寫。Variables aren't validated in the UI, and are case sensitive. 因此,您可能會看到儲存之設定檔含有不正確的輸入。As a result, you may see profiles saved with incorrect input. 例如,如果您輸入 {{DeviceID}} 而不是 {{deviceid}} 或 '{{DEVICEID}}',則會顯示常值字串而非裝置的唯一識別碼。For example, if you enter {{DeviceID}} instead of {{deviceid}} or '{{DEVICEID}}', then the literal string is shown instead of the device's unique ID. 請務必輸入正確的資訊。Be sure to enter the correct information. 支援全部小寫或全部大寫的變數,但不能混合。All lowercase or all uppercase variables are supported, but not a mix.

單一登入Single sign-on

設定適用於:裝置註冊、自動裝置註冊 (受監督)Settings apply to: Device enrollment, Automated device enrollment (supervised)

  • 領域:輸入 URL 的網域部分。Realm: Enter the domain part of the URL. 例如,輸入 contoso.comFor example, enter contoso.com.

  • Kerberos 主體名稱:Intune 會針對 Azure AD 中的每個使用者尋找這個屬性。Kerberos principal name: Intune looks for this attribute for each user in Azure AD. Intune 接著會先填入各欄位 (例如 UPN),再產生要安裝在裝置上的 XML。Intune then populates the respective field (such as UPN) before generating the XML that gets installed on devices. 選項包括:Your options:

    • 未設定:Intune 不會變更或更新此設定。Not configured: Intune doesn't change or update this setting. 根據預設,當設定檔部署到裝置時,OS 會提示使用者輸入 Kerberos 主體名稱。By default, the OS will prompt users for a Kerberos principal name when the profile is deployed to devices. MDM 需要主體名稱才能安裝 SSO 設定檔。A principal name is required for MDMs to install SSO profiles.

    • 使用者主體名稱:使用者主體名稱 (UPN) 會以下列方式剖析:User principal name: The user principal name (UPN) is parsed in the following way:

      Intune 中的 iOS/iPadOS 使用者名稱 SSO 屬性iOS/iPadOS Username SSO attribute in Intune

      您也可以使用在 [領域] 文字方塊中輸入的文字覆寫領域。You can also overwrite the realm with the text you enter in the Realm text box.

      例如,Contoso 有數個區域,包括歐洲、亞洲及北美洲。For example, Contoso has several regions, including Europe, Asia, and North America. Contoso 想要讓其亞洲使用者使用 SSO,而應用程式將會要求 username@asia.contoso.com 格式的 UPN。Contoso wants their Asia users to use SSO, and the app requires the UPN in the username@asia.contoso.com format. 當您選取 [使用者主體名稱] 時,系統會從 Azure AD 取得每個使用者的領域,亦即 contoso.comWhen you select User Principal Name, the realm for each user is taken from Azure AD, which is contoso.com. 因此,針對在亞洲的使用者,請選取 [使用者主體名稱],然後輸入 asia.contoso.comSo for users in Asia, select User Principal Name, and enter asia.contoso.com. 使用者的 UPN 會變成 username@asia.contoso.com,而不是 username@contoso.comThe user's UPN becomes username@asia.contoso.com, instead of username@contoso.com.

    • Intune 裝置識別碼:Intune 會自動選取 Intune 裝置識別碼。Intune device ID: Intune automatically selects the Intune Device ID.

      根據預設,應用程式只需要使用裝置識別碼。By default, apps only need to use the device ID. 但如果您的應用程式會使用領域和裝置識別碼,您可以在 [領域] 文字方塊中輸入領域。But if your app uses the realm and the device ID, you can type the realm in the Realm text box.

      注意

      如果使用裝置識別碼,則領域預設為留白。By default, keep the realm empty if you use device ID.

    • Azure AD 裝置識別碼Azure AD device ID

    • SAM 帳戶名稱:Intune 會填入內部部署安全性帳戶管理員 (SAM) 帳戶名稱。SAM account name: Intune populates the on-premises Security Accounts Manager (SAM) account name.

  • 應用程式:在可使用單一登入的使用者裝置上 [新增] 應用程式。Apps: Add apps on users devices that can use single sign-on.

    AppIdentifierMatches 陣列必須包含符合應用程式套件組合識別碼的字串。The AppIdentifierMatches array must include strings that match app bundle IDs. 這些字串可以是完全相符的項目 (例如 com.contoso.myapp),或是您也可以使用 * 萬用字元來輸入套件組合識別碼的首碼相符項目。These strings may be exact matches, such as com.contoso.myapp, or enter a prefix match on the bundle ID using the * wildcard character. 此萬用字元必須出現在字串結尾處的句號字元 (.) 之後,且只能出現一次 (例如 com.contoso.*)。The wildcard character must appear after a period character (.), and may appear only once, at the end of the string, such as com.contoso.*. 包含萬用字元時,套件組合識別碼開頭為首碼的任何應用程式都會被授與帳戶存取權。When a wildcard is included, any app whose bundle ID begins with the prefix is granted access to the account.

    使用 [應用程式名稱] 輸入使用者易記的名稱來協助您識別套件組合識別碼。Use App Name to enter a user-friendly name to help you identify the bundle ID.

  • URL 前置詞:[新增] 貴組織中需要使用者單一登入驗證的任何 URL。URL prefixes: Add any URLs in your organization that require user single sign-on authentication.

    例如,當使用者連線到這些網站的任一個時,iOS/iPadOS 裝置會使用單一登入認證。For example, when a user connects to any of these sites, the iOS/iPadOS device uses the single sign-on credentials. 使用者不需要輸入任何其他認證。Users don't need to enter any additional credentials. 如果已啟用多重要素驗證,使用者就必須輸入第二道驗證。If multi-factor authentication is enabled, then users are required to enter the second authentication.

    注意

    這些 URL 必須是格式正確的 FQDN。These URLs must be properly formatted FQDN. Apple 要求這些必須採用 http://<yourURL.domain> 格式。Apple requires these to be in the http://<yourURL.domain> format.

    URL 的比對模式開頭必須是 http://https://The URL matching patterns must begin with either http:// or https://. 系統會執行簡單的字串比對,因此 http://www.contoso.com/ URL 首碼不會與 http://www.contoso.com:80/ 相符。A simple string match is run, so the http://www.contoso.com/ URL prefix doesn't match http://www.contoso.com:80/. 使用 iOS 10.0+ 與 iPadOS 13.0+ 或更新版本時,可以使用單一萬用字元 * 來輸入所有符合的值。With iOS 10.0+ and iPadOS 13.0+, a single wildcard * may be used to enter all matching values. 例如,http://*.contoso.com/ 同時會符合 http://store.contoso.com/http://www.contoso.comFor example, http://*.contoso.com/ matches both http://store.contoso.com/ and http://www.contoso.com.

    http://.comhttps://.com 模式分別會符合所有 HTTP 和 HTTPS URL。The http://.com and https://.com patterns match all HTTP and HTTPS URLs, respectively.

  • 更新憑證:如果使用憑證 (而不是密碼) 來進行驗證,請選取現有的 SCEP 或 PFX 憑證作為驗證憑證。Renewal certificate: If using certificates for authentication (not passwords), select the existing SCEP or PFX certificate as the authentication certificate. 一般而言,此憑證就是部署供使用者用於 VPN、Wi-Fi 或電子郵件等其他設定檔的同一憑證。Typically, this certificate is the same certificate that's deployed to users for other profiles, such as VPN, Wi-Fi, or email.

Web 內容篩選Web content filter

設定適用於:自動裝置註冊 (受監督)Settings apply to: Automated device enrollment (supervised)

  • 篩選類型:選擇以允許特定網站。Filter Type: Choose to allow specific web sites. 選項包括:Your options:

    • 設定 URL:使用 Apple 的內建網路篩選器,以尋找成人詞彙,包含不雅及成人內容語言。Configure URLs: Use Apple's built-in web filter that looks for adult terms, including profanity and sexually explicit language. 此功能會在每個網頁載入時對它進行評估,然後識別並封鎖不合適的內容。This feature evaluates each web page as it's loaded, and identifies and blocks unsuitable content. 您也可以新增不想要讓篩選器檢查的 URL。You can also add URLs that you don't want checked by the filter. 或是封鎖特定 URL,不論 Apple 的篩選器設定為何。Or, block specific URLs, regardless of Apple's filter settings.

      • 允許的 URL:[新增] 您想要允許的 URL。Permitted URLs: Add the URLs you want to allow. 這些 URL 會略過 Apple 的網路篩選器。These URLs bypass Apple's web filter.

        注意

        您輸入的 URL 是您不想要讓 Apple 網路篩選器評估的 URL。The URLs you enter are the URLs you don't want evauluated by the Apple web filter. 這些 URL 不是允許網站的清單。These URLs aren't a list of allowed web sites. 若要建立允許網站的清單,請將 [篩選器類型] 設定為 [僅限特定網站]。To create a list of allowed websites, set the Filter Type to Specific websites only.

      • 封鎖的 URL:[新增] 您想要防止開啟的 URL,不論 Apple 網路篩選器設定為何。Blocked URLs: Add the URLs you want to stop from opening, regardless of the Apple web filter settings.

    • 僅限特定網站 (僅適用於 Safari 網頁瀏覽器):這些 URL 會被新增至 Safari 瀏覽器的書籤。Specific websites only (for the Safari web browser only): These URLs are added to the Safari browser's bookmarks. 使用者只能瀏覽這些網站,無法開啟任何其他網站。Users are only allowed to visit these sites; no other sites can be opened. 只有在您知道使用者可以存取的確切 URL 清單時,才使用此選項。Use this option only if you know the exact list of URLs that users can access.

      • URL:輸入您要允許的網站 URL。URL: Enter the URL of the website you want to allow. 例如,輸入 https://www.contoso.comFor example, enter https://www.contoso.com.
      • 書籤路徑:Apple 已變更此設定。Bookmark Path: Apple changed this setting. 所有書籤都會進入 [允許的網站] 資料夾。All bookmarks go into the Approved Sites folder. 書籤不會進入您輸入的書籤路徑。Bookmarks don't go in to the bookmark path you enter.
      • 標題:輸入書籤的描述性標題。Title: Enter a descriptive title for the bookmark.

      如未輸入任何 URL,則使用者只能存取 microsoft.commicrosoft.netapple.com 網站。If you don't enter any URLs, then users can't access any websites except for microsoft.com, microsoft.net, and apple.com. 這些 URL 是 Intune 自動允許的 URL。These URLs are automatically allowed by Intune.

單一登入應用程式擴充功能Single sign-on app extension

本功能適用於:This feature applies to:

  • iOS 13.0 與更新版本iOS 13.0 and later
  • iPadOS 13.0 和更新版本iPadOS 13.0 and later

設定適用於:所有註冊類型Settings apply to: All enrollment types

  • SSO 應用程式延伸模組類型:選擇 SSO 應用程式延伸模組的類型。SSO app extension type: Choose the type of SSO app extension. 選項包括:Your options:

    • 未設定:Intune 不會變更或更新此設定。Not configured: Intune doesn't change or update this setting. 根據預設,OS 不會使用應用程式延伸模組。By default, the OS doesn't use app extensions. 若要停用應用程式延伸模組,您可以將 SSO 應用程式延伸模組類型切換為 [未設定]。To disable an app extension, you can switch the SSO app extension type to Not configured.

    • Microsoft Azure AD:使用 Microsoft 企業單一登入外掛程式,這是重新導向類型的 SSO 應用程式擴充功能。Microsoft Azure AD: Uses the Microsoft Enterprise SSO plug-in, which is a redirect-type SSO app extension. 此外掛程式會在所有可支援 Apple 的企業單一登入功能的應用程式中,提供 Active Directory 帳戶的 SSO。This plug-in provides SSO for Active Directory accounts across all applications that support Apple's Enterprise Single Sign-On feature. 使用此 SSO 應用程式擴充類型,在 Microsoft 應用程式、組織應用程式和使用 Azure AD 進行驗證的網站上啟用 SSO。Use this SSO app extension type to enable SSO on Microsoft apps, organization apps, and websites that authenticate using Azure AD.

      SSO 外掛程式可充當進階驗證代理人,其提供安全性和使用者體驗改善。The SSO plug-in acts as an advanced authentication broker that offers security and user experience improvements. 先前使用 Microsoft Authenticator 應用程式進行驗證的所有應用程式,都會繼續透過適用於 Apple 裝置的 Microsoft 企業單一登入外掛程式 (部分機器翻譯) 取得 SSO。All apps that used the Microsoft Authenticator app for authentication continue to get SSO with the Microsoft Enterprise SSO plug-in for Apple devices.

      重要

      若要使用 Microsoft Azure AD SSO 應用程式擴充類型實現 SSO,請先在裝置上安裝 iOS/iPadOS Microsoft Authenticator 應用程式。To achieve SSO with the Microsoft Azure AD SSO app extension type, first install the iOS/iPadOS Microsoft Authenticator app on devices. Authenticator 應用程式會將 Microsoft 企業單一登入外掛程式傳遞至裝置,而 MDM SSO 應用程式擴充功能設定會啟用此外掛程式。The Authenticator app delivers the Microsoft Enterprise SSO plug-in to devices, and the MDM SSO app extension settings activate the plug-in. 一旦 Authenticator 和 SSO 應用程式擴充設定檔安裝在裝置上,使用者就必須輸入認證,才能登入並在其裝置上建立工作階段。Once Authenticator and the SSO app extension profile are installed on devices, users must enter their credentials to sign in, and establish a session on their devices. 此工作階段之後會用於不同的應用程式,而不需要使用者再次進行驗證。This session is then used across different applications without requiring users to authenticate again. 如需有關 Authenticator 的詳細資訊,請參閱什麼是 Microsoft Authenticator 應用程式For more information about Authenticator, see What is the Microsoft Authenticator app.

    • 重新導向:使用一般且可自訂的重新導向應用程式延伸模組,以搭配新式驗證流程使用 SSO。Redirect: Use a generic, customizable redirect app extension to use SSO with modern authentication flows. 請確定您知道組織應用程式延伸模組的延伸模組識別碼。Be sure you know the extension ID for your organization's app extension.

    • 認證:使用一般且可自訂的認證應用程式延伸模組,以搭配查問與回應驗證流程使用 SSO。Credential: Use a generic, customizable credential app extension to use SSO with challenge-and-response authentication flows. 請確定您知道組織應用程式延伸模組的延伸模組識別碼。Be sure you know the extension ID for your organization's app extension.

    • Kerberos:使用 Apple 的內建 Kerberos 延伸模組,其包含在 iOS 13.0+ 與 iPadOS 13.0+ 中。Kerberos: Use Apple's built-in Kerberos extension, which is included on iOS 13.0+ and iPadOS 13.0+. 此選項為 [認證] 應用程式延伸模組的 Kerberos 特定版本。This option is a Kerberos-specific version of the Credential app extension.

    提示

    使用 [重新導向] 與 [認證] 類型時,您會新增自己的設定值來透過延伸模組傳遞。With the Redirect and Credential types, you add your own configuration values to pass through the extension. 如果您使用的是認證,請考慮使用 Apple 在 Kerberos 類型中提供的內建組態設定。If you're using Credential, consider using built-in configuration settings provided by Apple in the Kerberos type.

  • 共用裝置模式 (僅限 Microsoft Azure AD):如果您要將 Microsoft 企業單一登入外掛程式部署至針對 Azure AD 的共用裝置模式功能所設定的 iOS/iPadOS 裝置,請選擇 [啟用]。Shared device mode (Microsoft Azure AD only): Choose Enable if you're deploying the Microsoft Enterprise SSO plug-in to iOS/iPadOS devices configured for Azure AD's shared device mode feature. 處於共用模式的裝置可讓許多使用者全域登入和登出可支援共用裝置模式的應用程式。Devices in shared mode allow many users to globally sign in and out of applications that support shared device mode. 當設定為 [未設定] 時,Intune 則不會變更或更新此設定。When set to Not configured, Intune doesn't change or update this setting. 根據預設,iOS/iPadOS 裝置不打算在多個使用者之間共用。By default, iOS/iPadOS devices aren't intended to be shared among multiple users.

    如需共用裝置模式及其啟用方式的詳細資訊,請參閱共用裝置模式概觀,以及 iOS 裝置的共用裝置模式For more information about shared device mode and how to enable it, see Overview of shared device mode and Shared device mode for iOS devices.

    本功能適用於:This feature applies to:

    • iOS/iPadOS 13.5 和更新版本iOS/iPadOS 13.5 and newer
  • 延伸模組識別碼 (重新導向與認證):輸入能識別 SSO 應用程式延伸模組的套件組合識別碼,例如 com.apple.extensiblessoExtension ID (Redirect and Credential): Enter the bundle identifier that identifies your SSO app extension, such as com.apple.extensiblesso.

  • 小組識別碼 (重新導向與認證):輸入 SSO 應用程式延伸模組的小組識別碼。Team ID (Redirect and Credential): Enter the team identifier of your SSO app extension. 小組識別碼是由 Apple 產生之 10 個字元的英數 (數字與字母) 字串,例如 ABCDE12345A team identifier is a 10-character alphanumerical (numbers and letters) string generated by Apple, such as ABCDE12345. 小組識別碼不是必要的。The team ID isn't required.

    尋找小組識別碼 (會開啟 Apple 的網站) 會提供詳細資訊。Locate your Team ID (opens Apple's website) has more information.

  • 領域 (認證與 Kerberos):輸入驗證領域的名稱。Realm (Credential and Kerberos): Enter the name of your authentication realm. 領域名稱應為大寫,例如 CONTOSO.COMThe realm name should be capitalized, such as CONTOSO.COM. 您的領域名稱通常會與您的 DNS 網域名稱相同,但全部都是大寫。Typically, your realm name is the same as your DNS domain name, but in all uppercase.

  • 網域 (認證與 Kerberos):輸入可以透過 SSO 驗證的網站網域或主機名稱。Domains (Credential and Kerberos): Enter the domain or host names of the sites that can authenticate through SSO. 例如,如果您的網站是 mysite.contoso.com,則 mysite 是主機名稱,而 contoso.com 則是網域名稱。For example, if your website is mysite.contoso.com, then mysite is the host name, and contoso.com is the domain name. 當使用者連線到上述其中一個網站時,應用程式延伸模組會處理驗證挑戰。When users connect to any of these sites, the app extension handles the authentication challenge. 此驗證可讓使用者使用 Face ID、Touch ID 或 Apple PIN 碼/密碼來登入。This authentication allows users to use Face ID, Touch ID, or Apple pincode/passcode to sign in.

    • 您單一登入應用程式延伸模組 Intune 設定檔中的所有網域都不能重複。All the domains in your single sign-on app extension Intune profiles must be unique. 您不能在任何單一登入應用程式延伸模組設定檔中重複使用網域,即使您是使用不同類型的 SSO 應用程式延伸模組也一樣。You can't repeat a domain in any sign-on app extension profile, even if you're using different types of SSO app extensions.
    • 這些網域不會區分大小寫。These domains aren't case-sensitive.
  • URL (僅限重新導向):輸入識別提供者的 URL 前置詞,重新導向應用程式延伸模組會代為使用 SSO。URLs (Redirect only): Enter the URL prefixes of your identity providers on whose behalf the redirect app extension uses SSO. 當系統將使用者重新導向到這些 URL 時,SSO 應用程式延伸模組將會介入並提示進行 SSO。When users are redirected to these URLs, the SSO app extension intervenes and prompts SSO.

    • 您的 Intune 單一登入應用程式延伸模組設定檔中的所有 URL 都不能重複。All the URLs in your Intune single sign-on app extension profiles must be unique. 您不能在任何 SSO 應用程式延伸模組設定檔中重複使用網域,即使您是使用不同類型的 SSO 應用程式延伸模組也一樣。You can't repeat a domain in any SSO app extension profile, even if you're using different types of SSO app extensions.
    • URL 的開頭必須是 http://https://The URLs must begin with http:// or https://.
  • 其他設定 (Microsoft Azure AD、重新導向和認證):輸入要傳遞到 SSO 應用程式延伸模組的其他延伸模組專用資料:Additional configuration (Microsoft Azure AD, Redirect, and Credential): Enter additional extension-specific data to pass to the SSO app extension:

    • 索引鍵:輸入所要新增項目的名稱,例如 user nameKey: Enter the name of the item you want to add, such as user name. AppAllowList 區分大小寫。AppAllowList is case sensitive. 請務必準確地輸入 'AppAllowList'。Be sure to exactly enter 'AppAllowList'.

    • 類型:輸入資料的類型。Type: Enter the type of data. 選項包括:Your options:

      • 字串String
      • 布林值:在 [設定值] 中,輸入 TrueFalseBoolean: In Configuration value, enter True or False.
      • 整數:在 [設定值] 中,輸入數字。Integer: In Configuration value, enter a number.
    • :輸入資料。Value: Enter the data.

    • 新增:選取以新增設定金鑰。Add: Select to add your configuration keys.

  • 鑰匙串使用方式 (僅限 Kerberos):[封鎖] 可防止將密碼儲存並保存在 Keychain 中。Keychain usage (Kerberos only): Block prevents passwords from being saved and stored in the keychain. 如果選擇封鎖,則系統不會提示使用者儲存其密碼,且需要在 Kerberos 票證到期時重新輸入該密碼。If blocked, users aren't prompted to save their password, and need to reenter the password when the Kerberos ticket expires. 當設定為 [未設定] (預設) 時,Intune 不會變更或更新此設定。When set to Not configured (default), Intune doesn't change or update this setting. 根據預設,OS 會允許將密碼儲存並保存在 Keychain 中。By default, the OS might allow passwords to be saved and stored in the keychain. 當票證到期時,系統不會提示使用者重新輸入其密碼。Users aren't prompted to reenter their password when the ticket expires.

  • Face ID、Touch ID 或密碼 (僅限 Kerberos):[必要],強制使用者在需要認證以更新 Kerberos 票證時,輸入 Face ID、Touch ID 或裝置密碼。Face ID, Touch ID, or passcode (Kerberos only): Require forces users to enter their Face ID, Touch ID, or device passcode when the credential is needed to refresh the Kerberos ticket. 當設定為 [未設定] (預設) 時,Intune 不會變更或更新此設定。When set to Not configured (default), Intune doesn't change or update this setting. 根據預設,OS 不會要求使用者使用生物識別技術或裝置密碼來重新整理 Kerberos 票證。By default, the OS might not require users to use biometrics or device passcode to refresh the Kerberos ticket. 如果封鎖 [鑰匙串使用方式],則不會套用此設定。If Keychain usage is blocked, then this setting doesn't apply.

  • 預設領域 (僅限 Kerberos):[啟用] 會將所輸入的 [領域] 值設定為預設領域。Default realm (Kerberos only): Enable sets the Realm value you entered as the default realm. 當設定為 [未設定] (預設) 時,Intune 不會變更或更新此設定。When set to Not configured (default), Intune doesn't change or update this setting. 根據預設,OS 不會設定預設領域。By default, the OS might not set a default realm.

    提示

    • 如果您要在組織中設定多個 Kerberos SSO 應用程式延伸模組,就必須 [啟用] 此設定。Enable this setting if you're configuring multiple Kerberos SSO app extensions in your organization.
    • 如果您會使用多個領域,請 [啟用] 此設定。Enable this setting if you're using multiple realms. 其會將您輸入的 [領域] 值設定為預設領域。It sets the Realm value you entered as the default realm.
    • 如果您只有單一領域,請將其保留為 [未設定] (預設)。If you only have one realm, leave it Not configured (default).
  • 主體名稱 (僅限 Kerberos):輸入 Kerberos 主體的使用者名稱。Principal name (Kerberos only): Enter the username of the Kerberos principal. 您不需要包含領域名稱。You don't need to include the realm name. 例如,在 user@contoso.com 中,user 是主體名稱,而 contoso.com 則是領域名稱。For example, in user@contoso.com, user is the principal name, and contoso.com is the realm name.

    提示

    • 您也可以在主體名稱中使用變數,方法是輸入大括弧 {{ }}You can also use variables in the principal name by entering curly brackets {{ }}. 例如,若要顯示使用者名稱,請輸入 Username: {{username}}For example, to show the username, enter Username: {{username}}.
    • 不過,請小心使用變數替代,因為變數不會在 UI 中驗證,而且會區分大小寫。However, be careful with variable substitution because variables aren't validated in the UI and they are case sensitive. 請務必輸入正確的資訊。Be sure to enter the correct information.
  • Active Directory 網站代碼 (僅限 Kerberos):輸入 Kerberos 延伸模組應使用的 Active Directory 網站名稱。Active Directory site code (Kerberos only): Enter the name of the Active Directory site that the Kerberos extension should use. 您可能不需要變更此值,因為 Kerberos 延伸模組可能會自動尋找 Active Directory 站台碼。You may not need to change this value, as the Kerberos extension may automatically find the Active Directory site code.

  • 快取名稱 (僅限 Kerberos):輸入 Kerberos 快取的一般安全性服務 (GSS) 名稱。Cache name (Kerberos only): Enter the Generic Security Services (GSS) name of the Kerberos cache. 您通常不會需要設定此值。You most likely don't need to set this value.

  • 應用程式套件組合識別碼 (Microsoft Azure AD、Kerberos):輸入應該透過您裝置上的延伸模組取得單一登入之其他應用程式的套件組合識別碼。App bundle IDs (Microsoft Azure AD, Kerberos): Enter the bundle IDs of the additional apps that should get single sign-on through an extension on your devices.

    如果您是使用 Microsoft Azure AD SSO 應用程式延伸模組類型,這些應用程式會使用 Microsoft 企業單一登入外掛程式,在不要求登入的情況下驗證使用者。If you're using the Microsoft Azure AD SSO app extension type, these apps use the Microsoft Enterprise SSO plug-in to authenticate the user without requiring a sign-in. 您輸入的應用程式套件組合識別碼,在其不使用任何 Microsoft 程式庫 (例如 Microsoft 驗證程式庫 (MSAL)) 的情況下,具有使用 Microsoft Azure AD SSO 應用程式延伸模組的權限。The app bundle IDs you enter have permission to use the Microsoft Azure AD SSO app extension if they don't use any Microsoft libraries, such as Microsoft Authentication Library (MSAL). 與 Microsoft 程式庫相比,這些應用程式的體驗可能較不順暢。The experience for these apps may not be as seamless compared to the Microsoft libraries. 使用 MSAL 驗證的較舊應用程式,或是不使用最新 Microsoft 程式庫的應用程式都必須新增到此清單,才能搭配 Microsoft Azure SSO 應用程式延伸模組正確運作。Older apps that use MSAL authentication, or apps that don't use the newest Microsoft libraries, must be added to this list to work properly with the Microsoft Azure SSO app extension.

    如果您是使用 Kerberos SSO 應用程式延伸模組類型,這些應用程式將能夠存取 Kerberos 票證授與票證 (驗證票證),並能夠將使用者驗證至其具有存取權的服務。If you're using the Kerberos SSO app extension type, these apps have access to the Kerberos Ticket Granting Ticket, the authentication ticket, and authenticate users to services they’re authorized to access.

  • 網域領域對應 (僅限 Kerberos):[新增] 應對應至領域的網域 DNS 尾碼。Domain realm mapping (Kerberos only): Add the domain DNS suffixes that should map to your realm. 在主機 DNS 名稱不符合領域名稱的情況下使用此設定。Use this setting when the DNS names of the hosts don't match the realm name. 您通常不會需要建立此自訂網域對領域對應。You most likely don't need to create this custom domain-to-realm mapping.

  • PKINIT 憑證 (僅限 Kerberos):[選取] 可用於 Kerberos 驗證的初始驗證公開金鑰加密 (PKINIT) 憑證。PKINIT certificate (Kerberos only): Select the Public Key Cryptography for Initial Authentication (PKINIT) certificate that can be used for Kerberos authentication. 您可以從自己已在 Intune 中新增的 PKCSSCEP 憑證中選擇。You can choose from PKCS or SCEP certificates that you've added in Intune. 如需憑證的詳細資訊,請參閱在 Microsoft Intune 中使用憑證進行驗證For more information about certificates, see Use certificates for authentication in Microsoft Intune.

桌布Wallpaper

若將沒有影像之設定檔指派給已有影像的裝置,您可能會遇到非預期的行為。You may experience unexpected behavior when a profile with no image is assigned to devices with an existing image. 例如,您建立一個沒有影像的設定檔。For example, you create a profile without an image. 然後將此設定檔指派給已有影像的裝置。This profile is assigned to devices that already have an image. 在此案例中,影像可能會變更為裝置預設,或原始影像可能會保留在裝置上。In this scenario, the image may change to the device default, or the original image may stay on the device. 此行為受到 Apple MDM 平台的控制和限制。This behavior is controlled and limited by Apple's MDM platform.

設定適用於:自動裝置註冊 (受監督)Settings apply to: Automated device enrollment (supervised)

  • 底色圖案顯示位置:選擇在裝置中顯示影像的位置。Wallpaper Display Location: Choose a location on devices to show the image. 選項包括:Your options:
    • 未設定:Intune 不會變更或更新此設定。Not configured: Intune doesn't change or update this setting. 自訂映像未新增至裝置。A custom image isn't added to devices. 根據預設,OS 會設定自己的映像。By default, the OS might set its own image.
    • 鎖定畫面:將影像新增至鎖定畫面。Lock screen: Adds the image to the lock screen.
    • 主畫面:將影像新增至主畫面。Home screen: Adds the image to the home screen.
    • 鎖定畫面與主畫面:在鎖定畫面與主畫面上使用相同的影像。Lock screen and Home screen: Uses the same image on the lock screen and home screen.
  • 底色圖案影像:上傳您想要使用的現有 .png、.jpg 或 .jpeg 影像。Wallpaper Image: Upload an existing .png, .jpg, or .jpeg image you want to use. 請確定檔案大小小於 750 KB。Be sure the file size is less than 750 KB. 您也可以移除已新增的影像。You can also remove an image that you added.

提示

若要在鎖定畫面與主畫面上顯示不同的影像,請使用鎖定畫面影像來建立設定檔。To display different images on the lock screen and home screen, create a profile with the lock screen image. 然後使用主畫面影像建立另一個設定檔。Create another profile with the home screen image. 將兩個設定檔都指派給您的 iOS/iPadOS 使用者或裝置群組。Assign both profiles to your iOS/iPadOS user or device groups.

後續步驟Next steps

指派設定檔監視其狀態Assign the profile and monitor its status.

您也可以針對 macOS 裝置建立裝置功能設定檔。You can also create device feature profiles for macOS devices.