在 Intune 中註冊 iOS/iPadOS 裝置Enroll iOS/iPadOS devices in Intune

Intune 啟用 iPad 和 iPhone 的行動裝置管理 (MDM),讓使用者安全地存取公司的電子郵件、資料和應用程式。Intune enables mobile device management (MDM) of iPads and iPhones to give users secure access to company email, data, and apps.

身為 Intune 系統管理員,您可以設定 iOS/iPadOS 與 iPadOS 裝置的註冊作業,以存取公司資源。As an Intune admin, you can set up enrollment for iOS/iPadOS and iPadOS devices to access company resources. 您可以允許使用者註冊個人擁有的裝置,又稱為「攜帶您自己的裝置」(BYOD) 註冊。You can let users enroll personally-owned devices, known as "bring your own device" (BYOD) enrollment. 您也可以設定公司擁有的裝置的註冊作業。You can also set up enrollment of company-owned devices.

iOS/iPadOS 註冊的必要條件Prerequisites for iOS/iPadOS enrollment

啟用 iOS/iPadOS 裝置之前,請先完成下列步驟:Before you can enable iOS/iPadOS devices, complete the following steps:

使用者擁有的 iOS/iPadOS 與 iPadOS 裝置 (BYOD)User-owned iOS/iPadOS and iPadOS devices (BYOD)

您可以讓使用者註冊其個人的裝置讓 Intune 管理,這稱為「攜帶您自己的裝置」或 BYOD。You can let users enroll their personal devices for Intune management, know as "bring your own device" or BYOD. 共有三種選項可註冊使用者:There are three options for enrolling users:

  • 應用程式保護原則提供您最輕鬆的 BYOD 體驗,僅提供應用程式層級的管理。App Protection Policies give you the lightest BYOD experience, providing management at an app level only. 但如果您也想要使用 6 碼複雜 PIN 來保護裝置,您可以搭配使用者註冊使用這些原則。However, if you want to also secure the device with a 6-digit complex PIN, you can use these policies along with User Enrollment.
  • 您可以將裝置註冊視為一般的 BYOD 註冊。Device Enrollment is what you may think of as typical BYOD enrollment. 它也為系統管理員提供各式各樣的管理選項。It provides admins with a wide range of management options.
  • 使用者註冊是更簡化的註冊程序,可為系統管理員提供一組裝置管理選項的子集。User Enrollment is a more streamlined enrollment process that provides admins with a subset of device management options. 這項功能目前為預覽狀態。This feature is currently in preview.

當您完成必要條件及指派使用者授權之後,使用者即可從 App Store 下載 Intune 公司入口網站應用程式,並遵循應用程式中的註冊指示進行。After you've completed the prerequisites and assigned user licenses, users can download the Intune Company Portal app from the App Store, and follow enrollment instructions in the app. 您可以在 iOS/iPadOS 裝置上自訂公司入口網站隱私權聲明,如同如何自訂 Intune 公司入口網站應用程式、公司入口網站及 Intune 應用程式中所述。You can customize the Company Portal privacy statement on iOS/iPadOS devices as explained in How to customize the Intune Company Portal apps, Company Portal website, and Intune app.

屬公司擁有的 iOS/iPadOS 裝置Company-owned iOS/iPadOS devices

針對為使用者購買裝置的組織來說,Intune 可支援下列 iOS/iPadOS 屬公司擁有裝置的註冊方法:For organizations that buy devices for their users, Intune supports the following iOS/iPadOS company-owned device enrollment methods:

  • Apple 的自動裝置註冊 (ADE)Apple's Automated Device Enrollment (ADE)
  • Apple School ManagerApple School Manager
  • Apple Configurator 設定助理註冊Apple Configurator Setup Assistant enrollment
  • Apple Configurator 直接註冊Apple Configurator direct enrollment

您也可以使用裝置註冊管理員帳戶,來註冊屬公司擁有的 iOS/iPadOS 裝置。You can also enroll company-owned iOS/iPadOS devices with a device enrollment manager account.

自動的裝置註冊Automated Device Enrollment

組織可以透過 Apple 的自動裝置註冊 (ADE) 購買 iOS/iPadOS 裝置。Organizations can purchase iOS/iPadOS devices through Apple's Automated Device Enrollment (ADE). ADE 可供在「線上」部署註冊設定檔,將裝置納入管理。ADE lets you deploy an enrollment profile "over the air" to bring devices into management. 如需詳細資訊,請參閱使用 Apple 的自動化裝置註冊來自動註冊 iOS/iPadOS 裝置For more information, see Automatically enroll iOS/iPadOS devices with Apple's Automated Device Enrollment.

使用者註冊User enrollment

相較於其他註冊方法,使用者註冊會提供一組管理選項子集給管理員。User Enrollment gives admins a subset of management options compared to other enrollment methods. 如需詳細資訊,請參閱使用者註冊支援的動作、密碼和其他選項,以及設定 iOS/iPadOS 與 iPadOS 使用者註冊For more information, see User Enrollment supported actions, passwords, and other options and Set up iOS/iPadOS and iPadOS User Enrollment.

Apple School ManagerApple School Manager

Apple School Manager 是針對學校提供的裝置採購暨註冊方案。Apple School Manager is a device purchase and enrollment program for schools. 如同 ADE,您可部署設定檔以註冊管理的裝置。Like ADE, you can deploy a profile to enroll devices in management. 深入了解 Apple School ManagerLearn more about Apple School Manager.

Apple ConfiguratorApple Configurator

您可以使用 Apple Configurator 在 Mac 電腦上註冊 iOS/iPadOS 裝置。You can enroll iOS/iPadOS devices with Apple Configurator running on a Mac computer. 若要準備裝置,請以 USB 連接它們並安裝註冊設定檔。To prepare devices, you USB-connect them and install an enrollment profile. 使用 Apple Configurator 註冊裝置的方法共有兩種:You can enroll devices with Apple Configurator in two ways:

  • 設定助理註冊 - 抹除裝置、將裝置備妥以執行設定助理,以及為裝置的新使用者安裝公司原則。Setup Assistant enrollment - Wipes the device, prepares it to run Setup Assistant, and installs the company's policies for the device's new user.
  • 直接註冊 - 不會抹除裝置,並使用預先定義的原則來註冊裝置。Direct enrollment - Doesn't wipe the device and enrolls the device with a predefined policy. 這個方法適用於無使用者親和性的裝置。This method is for devices with no user affinity.

深入了解 Apple Configurator 註冊Learn more about Apple Configurator enrollment.

在已註冊 ADE 或 Apple Configurator 的裝置上使用公司入口網站Use the Company Portal on ADE-enrolled or Apple Configurator-enrolled devices

已設定使用者親和性的裝置可以安裝並執行公司入口網站應用程式,以下載應用程式及管理裝置。Devices configured with user affinity can install and run the Company Portal app to download apps and manage devices. 使用者收到裝置之後,他們必須完成一些額外步驟,以完成設定助理並安裝公司入口網站 App。After users receive their devices, they must complete a number of additional steps to complete the Setup Assistant and install the Company Portal app.

需要有使用者親和性,才能支援下項項目︰User affinity is required to support the following:

  • 行動應用程式管理 (MAM) 應用程式Mobile application management (MAM) apps
  • 對電子郵件和公司資料進行條件式存取Conditional Access to email and company data
  • 公司入口網站應用程式Company Portal app

使用者如何註冊具有使用者親和性的屬公司擁有 iOS/iPadOS 裝置How users enroll corporate-owned iOS/iPadOS devices with user affinity

  1. 當使用者將其裝置開啟時,系統會提示他們完成設定助理。When users turn on their device, they are prompted to complete the Setup Assistant.
  2. 設定後,系統會提示使用者輸入 Apple ID。After completing setup, users are prompted for an Apple ID. 使用者必須提供 Apple ID 以允許裝置安裝公司入口網站。They must provide an Apple ID to allow the device to install Company Portal.
  3. iOS/iPadOS 裝置會自動從 App Store 安裝公司入口網站應用程式。The iOS/iPadOS device automatically installs the Company Portal app from the App Store.
  4. 使用者應啟動公司入口網站應用程式,並使用與自己 Intune 訂用帳戶相關的認證 (例如唯一個人名稱或 UPN) 來登入。Users should launch the Company Portal app and sign in using the credentials (like the unique personal name or UPN) that are associated with their subscription in Intune.
  5. 登入後,註冊就告一段落。After logging in, enrollment is complete. 使用者即可使用裝置的完整功能。Users can now use this device with the full set of capabilities.

關於無使用者親和性之公司擁有的受管理的裝置About corporate-owned managed devices with no user affinity

設定為無使用者親和性的裝置並不支援公司入口網站,且不應該安裝該 App。Devices that are configured with no user affinity do not support the Company Portal and should not have the app installed. 公司入口網站專為有公司認證且需要存取個人化公司資源 (如電子郵件) 的使用者設計。The Company Portal is designed for users who have corporate credentials and require access to personalized corporate resources (like email). 註冊為無使用者親和性的裝置並非專供單一使用者登入使用。Devices that are enrolled with no user affinity aren't intended to have a dedicated user sign in. Kiosk、銷售點 (POS),或共用公用程式裝置,皆屬註冊為無使用者親和性的常見案例。Kiosk, point of sale (POS), or shared-utility devices are typical use cases for devices that are enrolled with no user affinity.

如果需要使用者親和性,請在註冊裝置之前確認裝置的註冊設定檔已選取 [使用者親和性]。If user affinity is required, be sure that the device's enrollment profile has User Affinity selected before enrolling the device. 若要變更裝置的親和性狀態,您必須將裝置淘汰並重新註冊該裝置。To change the affinity status on a device, you must retire the device and reenroll it.

請參閱See also

針對 Microsoft Intune 中的 iOS/iPadOS 裝置註冊問題進行疑難排解 (英文)Troubleshooting iOS/iPadOS device enrollment problems in Microsoft Intune