0

我正在尝试创建一个 JSON 模板以通过 Graph api 创建 Intune(基于 Office 365)策略。我能够为某些 URI(例如条款和条件)创建策略,但也可以为其他 URI 创建策略。我尝试为 odata 创建

microsoft.graph.iosEasEmailProfileConfiguration

它未能给出错误 400。我想知道它是否适用于任何人以及如何

4

2 回答 2

0

如果您在 MS Graph API 中遇到 400 个错误,您可以使用 Azure 支持创建一个案例。

你说的那个我没试过。但是我已经想出了其中的几个,在用糟糕的 Microsoft Graph API 文档把我的头撞到墙上几个星期之后。

合规政策:

发布https://graph.microsoft.com/v1.0/deviceManagement/deviceCompliancePolicies

   {
    "@odata.type": "microsoft.graph.androidCompliancePolicy",
    "displayName": "Android",
    "passwordRequired": true,
    "passwordMinimumLength": 4,
    "passwordRequiredType": "numericComplex",
    "passwordMinutesOfInactivityBeforeLock": 15,
    "storageRequireEncryption": true,
    "scheduledActionsForRule":[{"ruleName":"Mark device noncompliaant","scheduledActionConfigurations":[{"actionType":"block","gracePeriodHours":72,"notificationTemplateId":""}]}]
    }

设备配置策略:

发布https://graph.microsoft.com/v1.0/deviceManagement/deviceConfigurations

{
            "@odata.type": "#microsoft.graph.androidGeneralDeviceConfiguration",
            "description": "",
            "displayName": "Device restriction - Android",
            "passwordBlockFingerprintUnlock": false,
            "passwordBlockTrustAgents": false,
            "passwordExpirationDays": null,
            "passwordMinimumLength": 4,
            "passwordMinutesOfInactivityBeforeScreenTimeout": 15,
            "passwordPreviousPasswordBlockCount": null,
            "passwordSignInFailureCountBeforeFactoryReset": 11,
            "passwordRequiredType": "numericComplex",
            "passwordRequired": true,
            "storageRequireDeviceEncryption": true
}

我还弄清楚了品牌、组、设置 MDM 权限、设置更新环和添加 Windows hello 设置。

但我无法弄清楚如何将合规策略分配给组。MS Graph API 文档中的示例只是引发错误。

我也找不到在 Graph API 中可以在 Intune 中进行条件访问的位置以及如何控制 Azure AD 中的设备设置。

于 2018-03-19T12:33:01.533 回答
0

您可以使用以下示例有效负载对deviceManagement/deviceConfigurations进行POST :

{
    "id": "00000000-0000-0000-0000-000000000000",
    "displayName": "profile name",
    "description": "profile description",
    "scopeTags": [],
    "@odata.type": "#microsoft.graph.iosEasEmailProfileConfiguration",
    "blockMovingMessagesToOtherEmailAccounts": false,
    "blockSendingEmailFromThirdPartyApps": false,
    "blockSyncingRecentlyUsedEmailAddresses": false,
    "durationOfEmailToSync": "userDefined",
    "requireSmime": false,
    "requireSsl": true,
    "hostName": "outlook.microsoft.com",
    "accountName": "Account name",
    "usernameSource": "userPrincipalName",
    "emailAddressSource": "userPrincipalName",
    "authenticationMethod": "usernameAndPassword"
}
于 2018-03-19T23:08:54.870 回答