使用 Intune 建立 Mobile Threat Defense 應用程式防護原則Create Mobile Threat Defense app protection policy with Intune

搭配 Mobile Threat Defense (MTD) 的 Intune 可協助偵測行動裝置上的威脅及評估風險。Intune with Mobile Threat Defense (MTD) helps you detect threats and assess risk on mobile devices. 您可以建立評估風險的 Intune 應用程式保護原則,以決定是否允許裝置存取公司資料。You can create an Intune app protection policy that assesses risk to determine if the device is allowed to access corporate data or not.

注意

此文章適用於所有支援應用程式防護原則的 Mobile Threat Defense 合作夥伴:This article applies to all Mobile Threat Defense partners that support app protection policies:

  • Better Mobile (Android、iOS/iPadOS)Better Mobile (Android, iOS/iPadOS)
  • Lookout for Work (Android、iOS/iPadOS)Lookout for Work (Android, iOS/iPadOS)
  • Wandera (Android、iOS/iPadOS)Wandera (Android, iOS/iPadOS)
  • Zimperium (Android、iOS/iPadOS)Zimperium (Android, iOS/iPadOS)

開始之前Before you begin

在 MTD 的設定過程中,您已在 MTD 夥伴主控台中建立一項原則來將各種威脅分類為高、中和低。As part of the MTD setup, in the MTD partner console, you created a policy that classifies various threats as high, medium, and low. 您現在需要在 Intune 應用程式防護則中設定 Mobile Threat Defense 等級。You now need to set the Mobile Threat Defense level in the Intune app protection policy.

使用 MTD 建立應用程式防護原則的必要條件:Prerequisites for app protection policy with MTD:

  • 設定 MTD 與 Intune 整合。Set up MTD integration with Intune. 若沒有此整合,MTD 應用程式防護原則將不會有作用。Without this integration, the MTD app protection policy will have no effect.

建立 MTD 應用程式防護原則To create an MTD app protection policy

使用此程序來建立 iOS/iPadOS 或 Android 的應用程式保護原則,然後在 [應用程式]、[條件式啟動]和 [指派] 頁面中使用下列資訊:Use the procedure to create an Application protection policy for either iOS/iPadOS or Android, and use the following information on the Apps , Conditional launch , and Assignments pages:

  • 應用程式 :選取要作為應用程式保護原則目標的應用程式。Apps : Select the apps you wish to be targeted by app protection policies. 針對此功能集,根據您所選 Mobile Threat Defense 廠商的裝置風險評定,以封鎖或選擇性抹除這些應用程式。For this feature set, these apps are blocked or selectively wiped based on device risk assessment from your chosen Mobile Threat Defense vendor.

  • 條件式啟動 :在 [裝置狀況] 下,使用下拉式方塊選取 [允許的最高裝置威脅等級]。Conditional launch : Below Device conditions , use the drop-down box to select Max allowed device threat level .

    威脅等級 [值] 的選項:Options for the threat level Value :

    • 安全 :這個層級最安全。Secured : This level is the most secure. 裝置不能在具有任何威脅的同時還能存取公司資源。The device can't have any threats present and still access company resources. 發現任何威脅時,即會將裝置評估為不相容。If any threats are found, the device is evaluated as noncompliant.
    • :如果只有低層級的威脅,則會將裝置評估為符合規範。Low : The device is compliant if only low-level threats are present. 任何更高等級的威脅都會使裝置處於不相容狀態。Anything higher puts the device in a noncompliant status.
    • 中等 :如果在裝置上發現的威脅為低或中層級,則會將裝置評估為符合規範。Medium : The device is compliant if the threats found on the device are low or medium level. 如果偵測到高層級的威脅,則會將裝置判斷為不相容。If high-level threats are detected, the device is determined as noncompliant.
    • :此等級最不安全並允許所有威脅等級,且只將 Mobile Threat Defense 作為回報之用。High : This level is the least secure and allows all threat levels, using Mobile Threat Defense for reporting purposes only. 裝置必須要有使用此裝置啟用的 MTD 應用程式。Devices are required to have the MTD app activated with this setting.

    [動作] 的選項:Options for Action :

    • 封鎖存取Block access
    • 抹除資料Wipe data
  • 指派 :將原則指派給使用者群組。Assignments : Assign the policy to groups of users. 透過 Intune 應用程式保護評估群組成員所使用的裝置,以在目標應用程式上存取公司資料。The devices used by the group's members are evaluated for access to corporate data on targeted apps via Intune app protection.

重要

如果您為任何受保護的應用程式建立應用程式防護原則,則會評定裝置的威脅等級。If you create an app protection policy for any protected app, the device's threat level is assessed. 視設定而定,不符合可接受等級的裝置會遭到封鎖,或透過條件式啟動選擇性地抹除。Depending on the configuration, devices that don’t meet an acceptable level are either blocked or selectively wiped through conditional launch. 如果遭到封鎖,除非選擇的 MTD 廠商解決裝置上的威脅並向 Intune 回報,否則裝置無法存取公司資源。If blocked, they are prevented from accessing corporate resources until the threat on the device is resolved and reported to Intune by the chosen MTD vendor.

後續步驟Next steps