关于 office365api:updateTargetedSecurityGroups 在 Intune Graph API 中不起作用

updateTargetedSecurityGroups not working in Intune Graph APIs

我正在尝试将用户组分配给 InTune App Protection 中的托管应用策略。我尝试了下面的 API 来做到这一点,但它都不起作用:
POST /managedAppPolicies/ - 在创建托管策略时添加了目标安全组(iOS 和 Android 均已尝试)
- 返回 200 但未添加目标安全组。

创建托管应用策略请求示例:

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
POST /managedAppPolicies/  
Request Body :
{
 "@odata.context":"https://graph.microsoft.com/beta/$metadata#managedAppPolicies/$entity",
 "@odata.type":"#microsoft.graph.iosManagedAppProtection",
 "displayName":"Test IOS Policy",
 "description":"test",
 "periodOfflineBeforeAccessCheck":"PT12H",
 "periodOnlineBeforeAccessCheck":"PT30M",
 "allowedInboundDataTransferSources":"allApps",
 "allowedOutboundDataTransferDestinations":"allApps",
 "organizationalCredentialsRequired": false,
 "allowedOutboundClipboardSharingLevel":"allApps",
 "dataBackupBlocked": true,
 "deviceComplianceRequired": true,
 "managedBrowserToOpenLinksRequired": false,
 "saveAsBlocked": false,
 "periodOfflineBeforeWipeIsEnforced":"P90D",
 "pinRequired": true,
 "maximumPinRetries": 5,
 "simplePinBlocked": false,
 "minimumPinLength": 4,
 "pinCharacterSet":"any",
 "allowedDataStorageLocations": [
   "oneDriveForBusiness",
   "sharePoint"
  ],
 "contactSyncBlocked": false,
 "printBlocked": false,
 "fingerprintBlocked": false,
 "targetedSecurityGroupIds": [ "valid directory group id 1",
   "valid directory group id 2" ],
 "appDataEncryptionType":"whenDeviceLocked"
}

响应:200 OK

PATCH /managedAppPolicies/{managedAppPoliciesId} - 在更新托管策略时添加了目标安全组(iOS 和 Android 均已尝试)
- 返回 204 但未更新目标安全组。

更新托管应用政策的示例请求:

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
    PATCH /managedAppPolicies/{managedAppPoliciesId}
Request Body :
    {
     "@odata.context":"https://graph.microsoft.com/beta/$metadata#managedAppPolicies/$entity",
     "@odata.type":"#microsoft.graph.iosManagedAppProtection",
     "displayName":"Test IOS Policy",
     "description":"test",
     "deployedAppCount": 5,
     "id":"valid id",
     "periodOfflineBeforeAccessCheck":"PT12H",
     "periodOnlineBeforeAccessCheck":"PT30M",
     "allowedInboundDataTransferSources":"allApps",
     "allowedOutboundDataTransferDestinations":"allApps",
     "organizationalCredentialsRequired": false,
     "allowedOutboundClipboardSharingLevel":"allApps",
     "dataBackupBlocked": true,
     "deviceComplianceRequired": true,
     "managedBrowserToOpenLinksRequired": false,
     "saveAsBlocked": false,
     "periodOfflineBeforeWipeIsEnforced":"P90D",
     "pinRequired": true,
     "maximumPinRetries": 5,
     "simplePinBlocked": false,
     "minimumPinLength": 4,
     "pinCharacterSet":"any",
     "allowedDataStorageLocations": [
       "oneDriveForBusiness",
       "sharePoint"
      ],
     "contactSyncBlocked": false,
     "printBlocked": false,
     "fingerprintBlocked": false,
     "targetedSecurityCount" : 1,
     "targetedSecurityGroupIds": ["valid user group id"],
     "appDataEncryptionType":"whenDeviceLocked"
    }

响应:204

POST /managedAppPolicies/{managedAppPoliciesId}/updateTargetedSecurityGroups
- 此 API 失败,返回 500
文档:
https://graph.microsoft.io/en-us/docs/api-reference/beta/api/intune_mam_targetedmanagedappprotection_updatetargetedsecuritygroups

样品请求:

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
POST /managedAppPolicies/{managedAppPoliciesId}/updateTargetedSecurityGroups
Request Body:
{
 "targetedSecurityGroups": [
    {
     "@odata.type":"#microsoft.graph.directoryObject",
     "id":"valid user group id"
    }
  ]
}

Response : 400
Response Body:
{
 "error": {
   "code":"BadRequest",
   "message":"Resource not found for the segment 'updateTargetedSecurityGroups'.",
   "innerError": {
     "request-id":"XXX....",
     "date":"2017-02-20T23:35:48"
    }
  }
}


你能试试这样的类型限定符吗:

1
2
3
4
5
6
7
POST ~/managedAppPolicies/managedAppPoliciesId}/microsoft.graph.targetedManagedAppProtection/updateTargetedSecurityGroups

{
"targetedSecurityGroups": [
    {"id":"https://graph.microsoft.com/beta/directoryObjects/{groupGuidId}"},
    {"id":"https://graph.microsoft.com/beta/directoryObjects/{groupGuidId}"}]
}