準備工作評估工具Readiness assessment tools

若要在 Microsoft 受管理的電腦上登錄時產生最平滑的體驗,您必須預先設定和其他參數,以及符合的某些裝置和網路需求。For the smoothest possible experience when you enroll in Microsoft Managed Desktop, there are settings and other parameters you must set ahead of time, and certain device and network requirements to meet. 透過 Microsoft Managed Desktop Admin 入口網站存取的一個工具,會檢查與管理相關的設定。One tool, accessed through the Microsoft Managed Desktop Admin portal, checks management-related settings. 另一種可供下載的工具會檢查個別裝置需求和網路設定。Another tool, which is downloadable, checks individual device requirements and network settings. 您可以使用這些工具檢查這些設定,並取得修復任何非正確步驟的詳細步驟。You can use these tools to check those settings and receive detailed steps for fixing any that aren't right.

裝置和網路的可下載準備工作評估檢查Downloadable readiness assessment checker for devices and network

如需使用可下載的準備事項評估檢查程式的詳細資訊,請參閱 可下載的準備事項評估檢查程式。For details about using the downloadable readiness assessment checker, see Downloadable readiness assessment checker.

適用于管理設定的線上準備工作評估工具Online readiness assessment tool for management settings

線上工具會檢查 Microsoft Endpoint Manager 中的設定 (尤其是 microsoft Intune) 、Azure Active Directory (azure AD) 和 microsoft 365,以確保它們能夠與 Microsoft 受管理的電腦搭配使用。The online tool checks settings in Microsoft Endpoint Manager (specifically, Microsoft Intune), Azure Active Directory (Azure AD), and Microsoft 365 to ensure they will work with Microsoft Managed Desktop. 在您上次於 Azure AD 組織 (租使用者) 中執行檢查後,Microsoft 受管理的桌面會保留與這些檢查相關的資料。Microsoft Managed Desktop retains the data associated with these checks for 12 months after the last time you run a check in your Azure AD organization (tenant). 12個月後,我們會將它保留在解除識別的表單中。After 12 months, we retain it in de-identified form. 您可以選擇刪除我們收集的資料。You can choose to delete the data we collect.

任何至少具有全域讀取者或 Intune 系統管理員角色的人員,都可以執行此工具,但是兩個檢查 (條件式存取原則多重要素驗證 都需要額外的許可權。Anyone with at least the Global Reader or Intune Administrator role will be able to run this tool, but two of the checks (Conditional access policies and Multifactor authentication require additional permissions.

評估工具會檢查下列專案:The assessment tool checks these items:

Microsoft Intune 設定Microsoft Intune settings

支票Check 描述Description
Autopilot 部署設定檔Autopilot deployment profile 驗證 Autopilot 部署設定檔的指派是否不會套用到所有的裝置 (設定檔 不應該指派 給任何 Microsoft 受管理的桌面裝置。 ) Verifies that assignment of the Autopilot deployment profile does not apply to all devices (The profile should not be assigned to any Microsoft Managed Desktop devices.)
憑證連接器Certificate connectors 檢查憑證連接器的狀態,以確保它們為作用中狀態。Checks the state of certificate connectors to ensure they are active
條件式存取Conditional access 驗證是否 未將條件 式存取原則指派給所有使用者 (條件式存取原則不得指派給 Microsoft Managed Desktop 服務帳戶。 ) Verifies that conditional access policies are not assigned to all users (Conditional access policies should not be assigned to Microsoft Managed Desktop service accounts.)
裝置合規性原則Device Compliance policies 檢查是否未將 Intune 規範原則指派給所有使用者 ( 應該將原則指派給任何 Microsoft 受管理的桌面裝置。 ) Checks that Intune compliance policies are not assigned to all users (The policies should not be assigned to any Microsoft Managed Desktop devices.)
裝置設定檔Device Configuration profiles 確認設定設定檔並未指派給所有的使用者或所有裝置 (設定檔 應該指派給任何 Microsoft 受管理的桌面裝置。 ) Confirms that configuration profiles are not assigned to all users or all devices (Configuration profiles should not be assigned to any Microsoft Managed Desktop devices.)
裝置類型限制Device type restrictions 檢查您組織中的 Windows 10 裝置是否可在 Intune 中註冊Checks that Windows 10 devices in your organization are allowed to enroll in Intune
註冊狀態頁面Enrollment Status Page 確認未啟用 [註冊狀態] 頁面Confirms that Enrollment Status Page is not enabled
Intune 登記Intune enrollment 驗證 Azure AD 組織中的 Windows 10 裝置是否已自動註冊于 Intune 中Verifies that Windows 10 devices in your Azure AD organization are automatically enrolled in Intune
商務用 Microsoft StoreMicrosoft Store for Business 確認已啟用商務用 Microsoft Store,且已與 Intune 同步處理Confirms that Microsoft Store for Business is enabled and synced with Intune
多重要素驗證Multifactor authentication 驗證未套用至 Microsoft Managed Desktop 服務帳戶的多重要素驗證。Verifies that multifactor authentication isn't applied to Microsoft Managed Desktop service accounts.
PowerShell 腳本PowerShell scripts 檢查 Windows PowerShell 腳本的指派方式, 是以 Microsoft 受管理的電腦裝置為目標Checks that Windows PowerShell scripts are not assigned in a way that would target Microsoft Managed Desktop devices
地區Region 檢查 Microsoft Managed Desktop 是否支援您的地區Checks that your region is supported by Microsoft Managed Desktop
安全性基準Security baselines 檢查安全性基準設定檔不是以所有使用者或所有裝置為目標。 (安全性基準原則 應以任何 Microsoft 受管理的桌面裝置為目標。 ) Checks that the security baseline profile doesn't target all users or all devices (Security baseline policies should not target any Microsoft Managed Desktop devices.)
Windows 應用程式Windows apps 複查您要指派給 Microsoft 受管理的桌面裝置的應用程式Review which apps you want to assign to Microsoft Managed Desktop devices
Windows Hello 企業版Windows Hello for Business 檢查是否已啟用 Windows Hello 企業版Checks that Windows Hello for Business is enabled
Windows 10 更新環Windows 10 update ring 檢查 Intune 的「Windows 10 更新環路」原則並非針對所有使用者或所有裝置 (原則不得以任何 Microsoft 受管理的電腦裝置 為目標。 ) Checks that Intune's "Windows 10 update ring" policy doesn't target all users or all devices (The policy should not target any Microsoft Managed Desktop devices.)

Azure Active Directory 設定Azure Active Directory settings

支票Check 描述Description
企業狀態漫遊的「Ad hoc」訂閱"Ad hoc" subscriptions for Enterprise State Roaming 建議您如何檢查是否 (如果設定為 "false" ) 設定為 "false" 可使企業狀態漫遊無法正常運作Advises how to check a setting that (if set to "false") might prevent Enterprise State Roaming from working correctly
企業狀態漫遊Enterprise State Roaming 建議如何檢查是否已啟用企業狀態漫遊Advises how to check that Enterprise State Roaming is enabled
授權Licenses 檢查您是否已取得必要的 授權Checks that you have obtained the necessary licenses
多重要素驗證Multifactor authentication 檢查是否所有使用者都未套用多重要素驗證 (多重因素驗證不得意外套用至 Microsoft Managed Desktop service 帳戶。 ) Checks that multifactor authentication is not applied to all users (Multifactor authentication must not accidentally be applied to Microsoft Managed Desktop service accounts.)
安全性帳戶名稱Security account names 檢查沒有任何使用者名稱與 Microsoft Managed 桌面保留以供自己使用的使用者名稱衝突Checks that no user names conflict with ones that Microsoft Managed Desktop reserves for its own use
安全性管理員角色Security administrator roles 確認具有安全性讀取者、安全性操作員或全域讀取者角色的使用者已在 Microsoft Defender for Endpoint 中指派這些角色。Confirms that users with Security Reader, Security Operator, or Global Reader roles have been assigned those roles in Microsoft Defender for Endpoint
安全性預設Security defaults 檢查您的 Azure AD 組織是否已在 Azure Active Directory 中啟用安全性預設值Checks whether your Azure AD organization has security defaults enabled in Azure Active Directory
自助式密碼重設Self-service password reset 確認已啟用自助密碼重設Confirms that self-service password reset is enabled
標準使用者角色Standard user role 驗證使用者是標準使用者且不具備本機系統管理員許可權Verifies that users are standard users and do not have local administrator rights

Microsoft 365 應用程式的企業版設定Microsoft 365 Apps for enterprise settings

支票Check 描述Description
商務用 OneDriveOneDrive for Business 檢查商務用 OneDrive 是否使用不支援的設定。Checks whether OneDrive for Business is using unsupported settings.

針對每個檢查,該工具會報告下列四個可能的結果之一:For each check, the tool will report one of four possible results:

結果Result 意義Meaning
就緒Ready 完成註冊之前,不需要執行任何動作。No action is required before you complete enrollment.
諮詢Advisory 請遵循工具中的步驟,以取得註冊和使用者的最佳體驗。Follow the steps in the tool for the best experience with enrollment and for users. 可以 完成註冊,但是必須先修正這些問題,再部署第一個裝置。You can complete enrollment, but you must fix these issues before you deploy your first device.
未就緒Not ready 如果您未修正這些問題,註冊將會失敗Enrollment will fail if you don't fix these issues. 請遵循工具中的步驟加以解決。Follow the steps in the tool to resolve them.
錯誤Error 您所使用的 Azure Active Director (AD) 角色,沒有足夠的許可權可執行這種檢查。The Azure Active Director (AD) role you're using doesn't have sufficient permission to run this check.

註冊後After enrollment

在 Microsoft Managed Desktop 中完成註冊後,請記得回復並調整特定的 Intune 和 Azure AD 設定。After you've completed enrollment in Microsoft Managed Desktop, remember to go back and adjust certain Intune and Azure AD settings. 如需詳細資訊,請參閱 在登記後調整設定For details, see Adjust settings after enrollment.