0

我正在尝试将用户组分配给 InTune App Protection 中的托管应用策略。我尝试使用以下 API 来执行此操作,但都不起作用: POST /managedAppPolicies/ - 在创建托管策略时添加了目标安全组(适用于 iOS 和 Android) - 返回 200 但未添加目标安全组。

示例创建托管应用程序策略请求:

POST /managedAppPolicies/  
Request Body :
{
  "@odata.context": "https://graph.microsoft.com/beta/$metadata#managedAppPolicies/$entity",
  "@odata.type": "#microsoft.graph.iosManagedAppProtection",
  "displayName": "Test IOS Policy",
  "description": "test",
  "periodOfflineBeforeAccessCheck": "PT12H",
  "periodOnlineBeforeAccessCheck": "PT30M",
  "allowedInboundDataTransferSources": "allApps",
  "allowedOutboundDataTransferDestinations": "allApps",
  "organizationalCredentialsRequired": false,
  "allowedOutboundClipboardSharingLevel": "allApps",
  "dataBackupBlocked": true,
  "deviceComplianceRequired": true,
  "managedBrowserToOpenLinksRequired": false,
  "saveAsBlocked": false,
  "periodOfflineBeforeWipeIsEnforced": "P90D",
  "pinRequired": true,
  "maximumPinRetries": 5,
  "simplePinBlocked": false,
  "minimumPinLength": 4,
  "pinCharacterSet": "any",
  "allowedDataStorageLocations": [
    "oneDriveForBusiness",
    "sharePoint"
  ],
  "contactSyncBlocked": false,
  "printBlocked": false,
  "fingerprintBlocked": false,
  "targetedSecurityGroupIds": [  "valid directory group id 1",
    "valid directory group id 2" ],
  "appDataEncryptionType": "whenDeviceLocked"
}

响应:200 OK

PATCH /managedAppPolicies/{managedAppPoliciesId} - 在更新托管策略时添加了目标安全组(适用于 iOS 和 Android) - 返回 204,但目标安全组未更新。

更新托管应用政策的示例请求:

    PATCH /managedAppPolicies/{managedAppPoliciesId}
Request Body :
    {
      "@odata.context": "https://graph.microsoft.com/beta/$metadata#managedAppPolicies/$entity",
      "@odata.type": "#microsoft.graph.iosManagedAppProtection",
      "displayName": "Test IOS Policy",
      "description": "test",
      "deployedAppCount": 5,
      "id": "valid id",
      "periodOfflineBeforeAccessCheck": "PT12H",
      "periodOnlineBeforeAccessCheck": "PT30M",
      "allowedInboundDataTransferSources": "allApps",
      "allowedOutboundDataTransferDestinations": "allApps",
      "organizationalCredentialsRequired": false,
      "allowedOutboundClipboardSharingLevel": "allApps",
      "dataBackupBlocked": true,
      "deviceComplianceRequired": true,
      "managedBrowserToOpenLinksRequired": false,
      "saveAsBlocked": false,
      "periodOfflineBeforeWipeIsEnforced": "P90D",
      "pinRequired": true,
      "maximumPinRetries": 5,
      "simplePinBlocked": false,
      "minimumPinLength": 4,
      "pinCharacterSet": "any",
      "allowedDataStorageLocations": [
        "oneDriveForBusiness",
        "sharePoint"
      ],
      "contactSyncBlocked": false,
      "printBlocked": false,
      "fingerprintBlocked": false,
      "targetedSecurityCount" : 1,
      "targetedSecurityGroupIds": ["valid user group id"],
      "appDataEncryptionType": "whenDeviceLocked"
    }

回复:204

POST /managedAppPolicies/{managedAppPoliciesId}/updateTargetedSecurityGroups - 此 API 失败并显示 500 文档: https ://graph.microsoft.io/en-us/docs/api-reference/beta/api/intune_mam_targetedmanagedappprotection_updatetargetedsecuritygroups

样品要求:

POST /managedAppPolicies/{managedAppPoliciesId}/updateTargetedSecurityGroups
Request Body:
{
  "targetedSecurityGroups": [
    {
      "@odata.type": "#microsoft.graph.directoryObject",
      "id": "valid user group id"
    }
  ]
}

Response : 400
Response Body:
{
  "error": {
    "code": "BadRequest",
    "message": "Resource not found for the segment 'updateTargetedSecurityGroups'.",
    "innerError": {
      "request-id": "XXX....",
      "date": "2017-02-20T23:35:48"
    }
  }
}
4

1 回答 1

1

您可以尝试像这样使用类型限定符:

POST ~/managedAppPolicies/managedAppPoliciesId}/microsoft.graph.targetedManagedAppProtection/updateTargetedSecurityGroups

{
"targetedSecurityGroups": [
    {"id":"https://graph.microsoft.com/beta/directoryObjects/{groupGuidId}"},
    {"id":"https://graph.microsoft.com/beta/directoryObjects/{groupGuidId}"}]
}
于 2017-02-22T00:40:01.033 回答