创建条件访问策略时出现内部服务器错误

时间:2019-12-12 15:07:16

标签: azure-active-directory microsoft-graph

我提到this documentation发出了POST请求。

以下是发出POST请求以创建条件访问策略时的错误

{
  "message": "There was an internal server error while processing the request. Error ID: 2dbb1530-4ce6-44f5-9c63-08de28d7218a",
  "innerError": {
    "request-id": "2dbb1530-4ce6-44f5-9c63-08de28d7218a"
  }
}

与请求一起传递的有效负载如下:

{
  "displayName": "Test Policy",
  "state": "enabled",
  "conditions": {
    "clientAppTypes": ["modern", "browser"],
    "applications": {
      "includeApplications": ["None"]
    },
    "users": {
      "includeUsers": [
        "08290005-23ba-46b4-a377-b381d651a2fb"
      ]
    },
    "locations": {
      "includeLocations": ["All"],
      "excludeLocations": ["AllTrusted"]
    }
  },
  "grantControls": {
    "operator": "OR",
    "builtInControls": ["approvedApplication"]
  }
}

我尝试使用此端点来获取策略:

https://graph.microsoft.com/beta/{tenant_id}/conditionalAccess/policies

成功返回现有策略的位置。但是,上述POST请求无法正常工作。

1 个答案:

答案 0 :(得分:1)

“ approvedApplication”要求仅针对设备平台条件支持iOS和Android。查看详细信息here

您需要在json正文中添加“ includePlatforms” iOSandroid

{
  "displayName": "Test Policy",
  "state": "enabled",
  "conditions": {
    "clientAppTypes": ["modern", "browser"],
    "applications": {
      "includeApplications": ["None"]
    },
    "users": {
      "includeUsers": [
        "08290005-23ba-46b4-a377-b381d651a2fb"
      ]
    },
    "platforms": {
        "includePlatforms": [
            "iOS", "android"
        ]
    },  
    "locations": {
      "includeLocations": ["All"],
      "excludeLocations": ["AllTrusted"]
    }
  },
  "grantControls": {
    "operator": "OR",
    "builtInControls": ["approvedApplication"]
  }
}