在 Intune 中啟用 Mobile Threat Defense 連接器Enable the Mobile Threat Defense connector in Intune

在 Mobile Threat Defense (MTD) 安裝期間,您已設定原則以在 Mobile Threat Defense 合作夥伴主控台中分類威脅,且已在 Intune 中建立裝置合規性原則。During Mobile Threat Defense (MTD) setup, you've configured a policy for classifying threats in your Mobile Threat Defense partner console and you've created the device compliance policy in Intune. 如果您已在 MTD 夥伴主控台中設定 Intune 連接器,您現在可以啟用 MTD 合作夥伴應用程式的 MTD 連線。If you've already configured the Intune connector in the MTD partner console, you can now enable the MTD connection for MTD partner applications.

注意

此主題適用於所有 Mobile Threat Defense 合作夥伴。This topic applies to all Mobile Threat Defense partners.

適用於 MTD 應用程式的傳統條件式存取原則Classic conditional access policies for MTD apps

當您將新的應用程式整合到 Intune Mobile Threat Defense 並啟用 Intune 連線時,Intune 會在 Azure Active Directory 中建立傳統條件式存取原則。When you integrate a new application to Intune Mobile Threat Defense and enable the connection to Intune, Intune creates a classic conditional access policy in Azure Active Directory. 您整合的每個 MTD 應用程式 (包括 Defender ATP 或任何其他 MTD 合作夥伴) 都會建立新的傳統條件式存取原則。Each MTD app you integrate, including Defender ATP or any of our additional MTD partners, creates a new classic conditional access policy. 這些原則可以忽略,但不應編輯、刪除或停用。These policies can be ignored, but shouldn't be edited, deleted, or disabled.

如已刪除傳統原則,則需要刪除負責建立該原則的 Intune 連線,然後再次設定。If the classic policy is deleted, you'll need to delete the connection to Intune that was responsible for its creation, and then set it up again. 此程序會重新建立此傳統原則。This process recreates the classic policy. 不支援將 MTD 應用程式的傳統原則移轉至條件式存取的新原則類型。It's not supported to migrate classic policies for MTD apps to the new policy type for conditional access.

適用於 MTD 應用程式的傳統條件式存取原則:Classic conditional access policies for MTD apps:

  • 由 Intune MTD 用於要求裝置必須在 Azure AD 中註冊,以便它們與 MTD 合作夥伴通訊之前擁有裝置識別碼。Are used by Intune MTD to require that devices are registered in Azure AD so that they have a device ID before communicating to MTD partners. 此識別碼為必要,以便裝置成功向 Intune 報告其狀態。The ID is required so that devices and can successfully report their status to Intune.

  • 不會影響任何其他雲端應用程式或資源。Have no effect on any other Cloud apps or Resources.

  • 不同於您可能會建立用來協助管理 MTD 的條件式存取原則。Are distinct from conditional access policies you might create to help manage MTD.

  • 根據預設,不會與用於評估的其他條件式存取原則互動。By default, don't interact with other conditional access policies you use for evaluation.

若要檢視傳統條件式存取原則,請前往 Azure 中的 [Azure Active Directory] > [條件式存取] > [傳統原則] 。To view classic conditional access policies, in Azure, go to Azure Active Directory > Conditional Access > Classic policies.

啟用 Mobile Threat Defense 連接器To enable the Mobile Threat Defense connector

  1. 登入 Microsoft Endpoint Manager 系統管理中心Sign in to the Microsoft Endpoint Manager admin center.

  2. 選取 [租用戶系統管理] > [連接器與權杖] > [Mobile Threat Defense] 。Select Tenant administration > Connectors and tokens > Mobile Threat Defense.

  3. 在 [Mobile Threat Defense] 窗格上,選取 [新增] 。On the Mobile Threat Defense pane, select Add.

  4. 針對 [選取要設定的 Mobile Threat Defense 連接器] ,請從下拉式清單中選取您的 MTD 解決方案。For Mobile Threat Defense connector to setup, select your MTD solution from the drop-down list.

  5. 根據組織的需求啟用切換選項。Enable the toggle options according to your organization's requirements. 可見的切換選項會根據 MTD 夥伴而不同。Toggle options visible will vary depending on the MTD partner. 如需範例,下圖會顯示可供 Symantec Endpoint Protection 使用的選項:For example, the following image shows the options that are available for Symantec Endpoint Protection:

    Intune Azure 入口網站中的 MTD 設定

Mobile Threat Defense 切換選項Mobile Threat Defense toggle options

您可以決定根據組織的需求必須啟用哪些 MTD 切換選項。You can decide which MTD toggle options you need to enable according to your organization's requirements. 並非所有 Mobile Thread Defense 合作夥伴都會支援下列所有選項:Not all of the following options are supported by all Mobile Thread Defense partners:

MDM 合規性政策設定MDM Compliance Policy Settings

  • 將版本 <支援版本的 Android 裝置連接 > <MTD 合作夥伴名稱 > :當您啟用此選項時,可讓 Android 4.1+ 裝置將安全性風險回報給 Intune。Connect Android devices of version <supported versions> to <MTD partner name>: When you enable this option, you can have Android 4.1+ devices reporting security risk back to Intune.

  • 將 iOS 裝置版本 <支援的版本 > <MTD 夥伴名稱 > :當您啟用此選項時,可讓 iOS 8.0+ 裝置將安全性風險回報給 Intune。Connect iOS devices version <supported versions> to <MTD partner name>: When you enable this option, you can have iOS 8.0+ devices reporting security risk back to Intune.

  • 啟用 iOS 裝置的應用程式同步:允許此 Mobile Threat Defense 合作夥伴向 Intune 要求 iOS 應用程式的中繼資料,以針對威脅分析用途使用。Enable App Sync for iOS Devices: Allows this Mobile Threat Defense partner to request metadata of iOS applications from Intune to use for threat analysis purposes.

  • 封鎖不支援的 OS 版本:如果裝置所執行的作業系統低於支援的最低版本,則將其封鎖。Block unsupported OS versions: Block if the device is running an operating system less than the minimum supported version.

應用程式防護原則設定App Protection Policy Settings

  • 將 <支援的版本> 版的 Android 裝置連線到 <MTD 合作夥伴名稱> ,以進行應用程式保護原則評估:當您啟用此選項時,使用裝置威脅等級規則的應用程式防護原則會評估裝置,包括來自此連接器的資料。Connect Android devices of version <supported versions> to <MTD partner name> for app protection policy evaluation: When you enable this option, app protection policies using the Device Threat Level rule will evaluate devices including data from this connector.

  • 將 <支援的版本> 版的 iOS 裝置連線到 <MTD 合作夥伴名稱> ,以進行應用程式保護原則評估:當您啟用此選項時,使用裝置威脅等級規則的應用程式防護原則會評估裝置,包括來自此連接器的資料。Connect iOS devices version <supported versions> to <MTD partner name> for app protection policy evaluation: When you enable this option, app protection policies using the Device Threat Level rule will evaluate devices including data from this connector.

若要深入了解如何將 Mobile Threat Defense 連接器用於 Intune 應用程式防護原則評估,請參閱針對尚未註冊的裝置設定 Mobile Threat DefenseTo learn more about using Mobile Threat Defense connectors for Intune App Protection Policy evaluation, see Set up Mobile Threat Defense for unenrolled devices.

一般共用設定Common Shared Settings

  • 合作夥伴無回應前的天數:Intune 將合作夥伴視為因連線中斷而無回應之前的閒置天數。Number of days until partner is unresponsive: Number of days of inactivity before Intune considers the partner to be unresponsive because the connection is lost. 針對沒有回應的 MTD 合作夥伴,Intune 會忽略其合規性狀態。Intune ignores compliance state for unresponsive MTD partners.

重要

在情況允許時,建議您先新增並指派 MTD 應用程式,再建立裝置合規性和條件式存取原則規則。When possible, we recommend that you add and assign the MTD apps before creating the device compliance and the Conditional Access policy rules. 這樣做有助於確保 MTD 應用程式已準備好供使用者進行安裝,安裝後使用者才能存取電子郵件或其他公司資源。This helps ensures that the MTD app is ready and available for end users to install before they can get access to email or other company resources.

提示

您可從 [Mobile Threat Defense] 窗格中看見 Intune 與 MTD 合作夥伴之間的 [連線狀態] 與 [上次同步處理] 時間。You can see the Connection status and the Last synchronized time between Intune and the MTD partner from the Mobile Threat Defense pane.

後續步驟Next steps