我正在尝试将用户组分配给InTune App Protection中的托管应用程序策略。我试过下面的API来做,但没有一个工作: POST / managedAppPolicies / - 在创建托管策略时添加了targetedsecuritygroup(适用于iOS和Android) - 返回200但未添加有针对性的安全组。
示例创建托管应用程序策略请求:
POST /managedAppPolicies/
Request Body :
{
"@odata.context": "https://graph.microsoft.com/beta/$metadata#managedAppPolicies/$entity",
"@odata.type": "#microsoft.graph.iosManagedAppProtection",
"displayName": "Test IOS Policy",
"description": "test",
"periodOfflineBeforeAccessCheck": "PT12H",
"periodOnlineBeforeAccessCheck": "PT30M",
"allowedInboundDataTransferSources": "allApps",
"allowedOutboundDataTransferDestinations": "allApps",
"organizationalCredentialsRequired": false,
"allowedOutboundClipboardSharingLevel": "allApps",
"dataBackupBlocked": true,
"deviceComplianceRequired": true,
"managedBrowserToOpenLinksRequired": false,
"saveAsBlocked": false,
"periodOfflineBeforeWipeIsEnforced": "P90D",
"pinRequired": true,
"maximumPinRetries": 5,
"simplePinBlocked": false,
"minimumPinLength": 4,
"pinCharacterSet": "any",
"allowedDataStorageLocations": [
"oneDriveForBusiness",
"sharePoint"
],
"contactSyncBlocked": false,
"printBlocked": false,
"fingerprintBlocked": false,
"targetedSecurityGroupIds": [ "valid directory group id 1",
"valid directory group id 2" ],
"appDataEncryptionType": "whenDeviceLocked"
}
回复:200 OK
PATCH / managedAppPolicies / {managedAppPoliciesId} - 在更新托管策略时添加了targetedsecuritygroup(适用于iOS和Android) - 返回204但目标安全组未更新。
更新托管应用政策的示例请求:
PATCH /managedAppPolicies/{managedAppPoliciesId}
Request Body :
{
"@odata.context": "https://graph.microsoft.com/beta/$metadata#managedAppPolicies/$entity",
"@odata.type": "#microsoft.graph.iosManagedAppProtection",
"displayName": "Test IOS Policy",
"description": "test",
"deployedAppCount": 5,
"id": "valid id",
"periodOfflineBeforeAccessCheck": "PT12H",
"periodOnlineBeforeAccessCheck": "PT30M",
"allowedInboundDataTransferSources": "allApps",
"allowedOutboundDataTransferDestinations": "allApps",
"organizationalCredentialsRequired": false,
"allowedOutboundClipboardSharingLevel": "allApps",
"dataBackupBlocked": true,
"deviceComplianceRequired": true,
"managedBrowserToOpenLinksRequired": false,
"saveAsBlocked": false,
"periodOfflineBeforeWipeIsEnforced": "P90D",
"pinRequired": true,
"maximumPinRetries": 5,
"simplePinBlocked": false,
"minimumPinLength": 4,
"pinCharacterSet": "any",
"allowedDataStorageLocations": [
"oneDriveForBusiness",
"sharePoint"
],
"contactSyncBlocked": false,
"printBlocked": false,
"fingerprintBlocked": false,
"targetedSecurityCount" : 1,
"targetedSecurityGroupIds": ["valid user group id"],
"appDataEncryptionType": "whenDeviceLocked"
}
回复:204
POST / managedAppPolicies / {managedAppPoliciesId} / updateTargetedSecurityGroups - 此API失败,500 文件: https://graph.microsoft.io/en-us/docs/api-reference/beta/api/intune_mam_targetedmanagedappprotection_updatetargetedsecuritygroups
样品申请:
POST /managedAppPolicies/{managedAppPoliciesId}/updateTargetedSecurityGroups
Request Body:
{
"targetedSecurityGroups": [
{
"@odata.type": "#microsoft.graph.directoryObject",
"id": "valid user group id"
}
]
}
Response : 400
Response Body:
{
"error": {
"code": "BadRequest",
"message": "Resource not found for the segment 'updateTargetedSecurityGroups'.",
"innerError": {
"request-id": "XXX....",
"date": "2017-02-20T23:35:48"
}
}
}
答案 0 :(得分:1)
您可以尝试使用类型限定符,如下所示:
POST ~/managedAppPolicies/managedAppPoliciesId}/microsoft.graph.targetedManagedAppProtection/updateTargetedSecurityGroups
{
"targetedSecurityGroups": [
{"id":"https://graph.microsoft.com/beta/directoryObjects/{groupGuidId}"},
{"id":"https://graph.microsoft.com/beta/directoryObjects/{groupGuidId}"}]
}