使用裝置註冊管理員帳戶在 Intune 中註冊裝置Enroll devices in Intune by using a device enrollment manager account

您可以使用裝置註冊管理員 (DEM) 帳戶,向單一 Azure Active Directory 帳戶註冊多達 1,000 部行動裝置。You can enroll up to 1,000 mobile devices with a single Azure Active Directory account by using a device enrollment manager (DEM) account. DEM 是 Intune 權限,可套用至 AAD 使用者帳戶,並讓使用者註冊多達 1,000 部裝置。DEM is an Intune permission that can be applied to an AAD user account and lets the user enroll up to 1,000 devices. 如果裝置在交給裝置使用者之前就已註冊並備妥,則 DEM 帳戶會很有用。A DEM account is useful for scenarios where devices are enrolled and prepared before handing them out to the users of the devices. 根據設計,Microsoft Intune 中有最多 150 個裝置註冊管理員 (DEM) 帳戶的限制。By design, there's a limit of 150 Device Enrollment Manager (DEM) accounts in Microsoft Intune.

以 DEM 帳戶註冊裝置的限制Limitations of devices that are enrolled with a DEM account

DEM 使用者帳戶及以 DEM 使用者帳戶註冊的裝置具有下列限制:DEM user accounts and devices that are enrolled with a DEM user account have the following limitations:

  • DEM 帳戶使用者必須獲指派 Intune 授權。A DEM account user must be assigned an Intune license.
  • 無法從公司入口網站進行抹除。Wipe can't be done from the Company Portal. 您可以從 Azure 入口網站中的 Intune,對 DEM 使用者帳戶註冊的裝置進行抹除。Wiping a device enrolled by a DEM user account can be done from the Intune in Azure portal.
  • 只有本機裝置會出現在公司入口網站應用程式或網站中。Only the local device appears in the Company Portal app or website.
  • DEM 使用者帳戶無法將 Apple 大量採購方案 (VPP) 應用程式與 Apple VPP 使用者授權搭配使用,因為應用程式管理需要個別使用者的 Apple ID。DEM user accounts cannot use Apple Volume Purchase Program (VPP) apps with Apple VPP user licenses because of per-user Apple ID requirements for app management.
  • 透過 Apple 的自動裝置註冊 (ADE) 註冊裝置時,無法使用 DEM 帳戶。DEM accounts cannot be used when enrolling devices via Apple's Automated Device Enrollment (ADE).
  • 裝置如果具有 Apple VPP 裝置授權,即可以安裝 VPP 應用程式。Devices can install VPP apps if they have Apple VPP device licenses.
  • 裝置已針對條件式存取封鎖,但 indows 10 1803+ 除外Devices are blocked for Conditional Access with the exception of Windows 10 1803+
  • 使用 DEM 帳戶註冊的每部裝置都必須獲得正確授權,才能由 Intune 進行管理。Every device enrolled with DEM accounts needs to be properly licensed to be managed by Intune. 授權可能是 Intune 使用者授權或 Intune 裝置授權。The license could be an Intune user license or an Intune device license.
  • 若要使用 DEM 帳戶註冊 Android Enterprise 工作設定檔裝置,每個帳戶只能註冊 10 部裝置。If you're enrolling Android Enterprise work profile devices by using a DEM account, there is a limit of 10 devices that can be enrolled per account.
  • 不支援使用 DEM 帳戶註冊 Android Enterprise 完全受控裝置Enrolling Android Enterprise fully managed devices with DEM accounts isn't supported.
  • 將 Azure AD 裝置限制套用至 DEM 帳戶,將會防止您達到 DEM 帳戶可以註冊的 1,000 個裝置限制。Applying an Azure AD device restriction to a DEM account will prevent you from reaching the 1,000 device limit that the DEM account can enroll.

DEM 帳戶支援的註冊方法Enrollment methods supported by DEM accounts

您可以使用下列方法來使用 DEM 帳戶註冊裝置:You can use the following methods to enroll devices using DEM accounts:

新增裝置註冊管理員Add a device enrollment manager

  1. 登入 Microsoft 端點管理員系統管理中心,選擇 [裝置] > [註冊裝置] > [裝置註冊管理員] 。Sign in to the Microsoft Endpoint Manager admin center, choose Devices > Enroll devices > Device enrollment managers.

  2. 選取 [新增] 。Select Add.

  3. 在 [新增使用者] 刀鋒視窗中,輸入 DEM 使用者的使用者主體名稱,然後選取 [新增] 。On the Add User blade, enter a user principal name for the DEM user, and select Add. DEM 隨即會新增至 DEM 使用者清單。The DEM user is added to the list of DEM users.

建立 DEM 帳戶所需的權限Permissions required to create DEM accounts

需要具備全域管理員或 Intune 服務管理員 Azure AD 角色以Global Administrator or Intune Service Administrator Azure AD roles are required to

  • 將 DEM 權限指派給 Azure AD 使用者帳戶assign DEM permission to an Azure AD user account
  • 查看所有 DEM 使用者see all DEM users

若未針對使用者指派全域管理員或 Intune 服務管理員角色,但他們具備已針對所指派裝置註冊管理員角色啟用的讀取權限,則只能看到他們所建立的 DEM 使用者。If a user doesn't have the Global Administrator or Intune Service Administrator role assigned to them, but has read permissions enabled for the Device Enrollment Managers role assigned to them, they can see only the DEM users they've created.

移除裝置註冊管理員權限Remove device enrollment manager permissions

移除裝置註冊管理員並不會影響已註冊的裝置。Removing a device enrollment manager doesn't affect enrolled devices.

移除裝置註冊管理員To remove a device enrollment manager

  1. 登入 Microsoft 端點管理員系統管理中心,選擇 [裝置] > [註冊裝置] > [裝置註冊管理員] 。Sign in to the Microsoft Endpoint Manager admin center, choose Devices > Enroll devices > Device enrollment managers.
  2. 在 [裝置註冊管理員] 刀鋒視窗上,依序選取 DEM 使用者和 [刪除] 。On the Device enrollment managers blade, select the DEM user, and select Delete.