Microsoft Intune App SDK for Android 開發人員測試指南Microsoft Intune App SDK for Android developers testing guide

Microsoft Intune App SDK for Android 測試指南旨在協助您測試 Intune 管理的 Android 應用程式。The Microsoft Intune App SDK for Android testing guide is designed to help you test your Intune-managed Android app.

示範租用戶設定Demo tenant setup

若您的公司還沒有租用戶,您可以建立包含或不包含預先產生資料的示範租用戶。If you do not already have a tenant with your company, you can create a demo tenant with or without pre-generated data. 您必須註冊成為 Microsoft 合作夥伴,才能存取 Microsoft CDX。You must register as a Microsoft partner to access Microsoft CDX. 建立新帳戶:To create a new account:

  1. 瀏覽至 Microsoft CDX 租用戶建立網站並建立 Microsoft 365 企業版租用戶。Navigate to the Microsoft CDX tenant creation site and create a Microsoft 365 Enterprise tenant.
  2. 設定 Intune 以啟用行動裝置管理 (MDM)。Set up Intune to enable mobile device management (MDM).
  3. 建立使用者Create users.
  4. [建立群組]../fundamentals/(groups-add.md)。[Create groups]../fundamentals/(groups-add.md).
  5. 根據測試需要指派授權Assign licenses as appropriate for your testing.

Azure 入口網站原則設定Azure portal policy configuration

Azure 入口網站的 Intune 刀鋒視窗建立及指派應用程式保護原則Create and assign app protection policies in the Azure portal's Intune blade. 您也可以在 Intune 刀鋒視窗中建立及指派應用程式設定原則You can also create and assign your app configuration policy in the Intune blade.

注意

若您的應用程式未列於 Azure 入口網站中,您可以選取 [更多應用程式] 選項並在文字方塊中提供套件名稱,使用原則將該應用程式設為目標。If your app isn't listed in the Azure portal, you can target it with a policy by selecting the more apps option and providing the package name in the text box.

測試案例Test Cases

下列測試案例提供設定和確認步驟。The following test cases provide configuration and confirmation steps. 使用這些測試來驗證最近整合的 Android 應用程式。Use these tests to verify your newly integrated Android app.

必要的 PIN 和公司認證Required PIN and corporate credentials

您可以要求 PIN 以存取公司資源。You can require a PIN to access corporate resources. 此外,您可以要求使用者進行公司驗證,才能使用受控應用程式。Also, you can enforce corporate authentication before users can use managed apps. 以下說明做法:Here's how:

  1. 將 [需要 PIN 碼才可存取] 與 [需要公司認證以進行存取] 設定為 [是]。Set Require PIN for access and Require corporate credentials for access to Yes. 如需詳細資訊,請參閱 Microsoft Intune 的 Android 應用程式保護原則設定For more information, see Android app protection policy settings in Microsoft Intune.
  2. 確認下列條件:Confirm the following conditions:
    • 應用程式啟動應顯示輸入 PIN 的提示,和/或使用者在公司入口網站註冊期間所使用的生產環境。App launch should present a prompt for PIN input, or the production user that was used during enrollment with the Company Portal.
    • 無法顯示有效登入提示的原因可能是 Android 資訊清單設定不正確,特別是 Azure Active Directory 驗證程式庫 (ADAL) 整合 (SkipBroker、ClientID 和授權單位) 的值。Failure to present a valid sign-in prompt might be due to an incorrectly configured Android manifest, specifically the values for Azure Active Directory Authentication Library (ADAL) integration (SkipBroker, ClientID, and Authority).
    • 若未顯示任何提示字元,可能是因整合的 MAMActivity 值不正確。Failure to present any prompt might be due to an incorrectly integrated MAMActivity value. 如需 MAMActivity 的詳細資訊,請參閱 Microsoft Intune App SDK for Android 開發人員指南For more information about MAMActivity, see Microsoft Intune App SDK for Android developer guide.

注意

如果前面的測試無法運作,則接下來的測試可能也會失敗。If the preceding test isn't working, the following tests will likely also fail. 檢閱 SDKADAL 整合。Review SDK and ADAL integration.

限制傳送和接收其他應用程式的資料Restrict transferring and receiving data with other apps

您可以控制公司管理應用程式之間的資料傳輸,如下所示:You can control data transfer between corporate managed applications, as follows:

  1. 將 [允許應用程式將資料傳送到其他應用程式] 設定為 [受原則管理的應用程式]。Set Allow app to transfer data to other apps to Policy-managed apps.
  2. 將 [允許應用程式接收其他應用程式的資料] 設定為 [所有應用程式]。Set Allow app to receive data from other apps to All apps.

使用方式和內容提供者會受到這些原則影響。Use of intents and content providers are affected by these policies. 3. 確認下列條件:Confirm the following conditions: - 可以正常從非受控應用程式開啟您的應用程式。Opening from an unmanaged app into your app functions correctly. - 允許在應用程式與受控應用程式之間共用內容。Sharing content between your app and managed apps is allowed. - 禁止從應用程式共用到非受控應用程式 (例如 Chrome)。Sharing from your app to non-managed apps (for example, Chrome) is blocked.

限制接收來自其他應用程式的資料Restrict receiving data from other apps

  1. 將 [將組織資料傳送到其他應用程式] 設定為 [所有應用程式]。Set Send org data to other apps to All apps.
  2. 將 [接收其他應用程式的資料] 設定為 [受原則管理的應用程式]。Set Receive data from other apps to Policy managed apps.
  3. 確認下列條件:Confirm the following conditions:
    • 從您的應用程式函式中正確傳送至非受控應用程式。Sending to an unmanaged app from your app functions correctly.
    • 允許在應用程式與受控應用程式之間共用內容。Sharing content between your app and managed apps is allowed.
    • 禁止從非受控應用程式 (例如 Chrome) 共用到應用程式。Sharing from non-managed apps (for example, Chrome) to your app is blocked.

若您的應用程式需要整合的「開啟自」控制項,您可以控制開啟自功能,如下所示:If your app requires integrated 'open from' controls, you can control open from functionality as follows:

  1. 將 [接收其他應用程式的資料] 設定為 [受原則管理的應用程式]。Set Receive data from other apps to Policy managed apps.
  2. 將 [將資料開啟為組織文件] 設定為 [封鎖]。Set Open data into org documents to Block.
  3. 確認下列條件:Confirm the following conditions:
    • 開啟僅限於適當的受控位置。Opening is restricted to only appropriate managed locations.

限制剪下、複製及貼上Restrict cut, copy, and paste

您可以將系統剪貼簿限制於受控應用程式,如下所示:You can restrict the system clipboard to managed applications, as follows:

  1. 將 [限制與其他應用程式的剪下、複製和貼上] 設為 [原則管理的貼上]。Set Restrict cut, copy, and paste with other apps to Policy managed with paste in.
  2. 確認下列條件:Confirm the following conditions:
    • 將文字複製從您的應用程式複製到非受控應用程式 (例如 Messages) 會被封鎖。Copying text from your app into an unmanaged app (for example, Messages) is blocked.

禁止儲存Prevent save

若應用程式需要整合的 [另存新檔] 控制項,您可控制 [另存新檔] 功能,如下所示:If your app requires integrated Save As controls, you can control Save As functionality, as follows:

  1. 將 [不可進行另存新檔] 設為 [是]。Set Prevent 'Save As' to Yes.
  2. 確認下列條件:Confirm the following conditions:
    • 儲存僅限於適當的受管理位置。Save is restricted to only appropriate managed locations.

檔案加密File Encryption

您可以加密裝置上的資料,如下所示:You can encrypt data on the device, as follows:

  1. 將 [應用程式資料加密] 設為 [是]。Set Encrypt app data to Yes.
  2. 確認下列條件:Confirm the following conditions:
    • 一般的應用程式行為不會受到影響。Normal application behavior isn't affected.

禁止 Android 備份Prevent Android Backups

您可以控制應用程式備份,如下所示:You can control app backup, as follows:

  1. 如果您已設定 整合式備份限制,請將 [禁止 Android 備份] 設定為 [是]。If you have set integrated backup restrictions, set Prevent Android backups to Yes.
  2. 確認下列條件:Confirm the following conditions:
    • 備份受到限制。Backups are restricted.

抹除Wipe

您可以從遠端抹除包含公司電子郵件與文件的受管理應用程式。You can remotely wipe managed apps from containing corporate email and documents. 當個人資料不再受到管理時,會將其解密。Personal data is decrypted when it's no longer administered. 以下說明做法:Here's how:

  1. 從 Azure 入口網站發出抹除From the Azure portal, issue a wipe.
  2. 如果您的應用程式沒有註冊任何抹除處理常式,請確認下列條件:If your app doesn't register for any wipe handlers, confirm the following conditions:
    • 可完整抹除應用程式。A full wipe of the app occurs.
  3. 如果您的應用程式已註冊 WIPE_USER_DATAWIPE_USER_AUXILARY_DATA,請確認下列條件:If your app has registered for WIPE_USER_DATA or WIPE_USER_AUXILARY_DATA, confirm the following conditions:

多重身分識別支援Multi-Identity support

整合多重身分識別支援是高風險的變更,必須先經過徹底測試。Integrating multi-identity support is a high risk change that needs to be thoroughly tested. 最常見的問題是因為使用中的身分識別設定不正確 (Context 與威脅層級),或是追蹤檔案身分識別不正確 (MAMFileProtectionManager)。The most common issues occur because of improperly setting the active identity (Context vs. thread level) or improperly tracking file identities (MAMFileProtectionManager).

請至少確認:Minimally, confirm that:

  • 另存新檔原則是否正常運作於受控識別。Save As policy is working correctly for managed identities.
  • 複製並貼上的限制正確實施 (從受控到個人)。Copy and paste restrictions are correctly enforced from managed to personal.
  • 僅加密屬於受控識別的資料,不修改個人檔案。Only data belonging to the managed identity is encrypted, and personal files are not modified.
  • 在取消註冊期間的選擇性抹除只會移除受控識別資料。Selective wipe during unenrollment only removes the managed identity data.
  • 從非受控的帳戶變更為受控帳戶時,系統會提示使用者進行條件式啟動 (僅限第一次)。The end user is prompted for conditional launch when changing from an unmanaged to a managed account (first time only).

應用程式設定 (選用)App configuration (optional)

您可以設定受控應用程式的行為。You can configure behavior of managed apps. 如果您的應用程式會取用任何應用程式組態設定,您應該測試應用程式是否可正確處理您 (系統管理員) 能夠設定的所有值。If your app consumes any app configuration settings, you should test that your app correctly handles all values that you (as the admin) can set. 您可以在 Intune 中建立並指派應用程式設定原則You can create and assign app configuration policies in Intune.