updateTargetedSecurityGroups not working in Intune Graph APIs
我正在尝试将用户组分配给 InTune App Protection 中的托管应用策略。我尝试了下面的 API 来做到这一点,但它都不起作用:
POST /managedAppPolicies/ - 在创建托管策略时添加了目标安全组(iOS 和 Android 均已尝试)
- 返回 200 但未添加目标安全组。
创建托管应用策略请求示例:
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 | POST /managedAppPolicies/ Request Body : { "@odata.context":"https://graph.microsoft.com/beta/$metadata#managedAppPolicies/$entity", "@odata.type":"#microsoft.graph.iosManagedAppProtection", "displayName":"Test IOS Policy", "description":"test", "periodOfflineBeforeAccessCheck":"PT12H", "periodOnlineBeforeAccessCheck":"PT30M", "allowedInboundDataTransferSources":"allApps", "allowedOutboundDataTransferDestinations":"allApps", "organizationalCredentialsRequired": false, "allowedOutboundClipboardSharingLevel":"allApps", "dataBackupBlocked": true, "deviceComplianceRequired": true, "managedBrowserToOpenLinksRequired": false, "saveAsBlocked": false, "periodOfflineBeforeWipeIsEnforced":"P90D", "pinRequired": true, "maximumPinRetries": 5, "simplePinBlocked": false, "minimumPinLength": 4, "pinCharacterSet":"any", "allowedDataStorageLocations": [ "oneDriveForBusiness", "sharePoint" ], "contactSyncBlocked": false, "printBlocked": false, "fingerprintBlocked": false, "targetedSecurityGroupIds": [ "valid directory group id 1", "valid directory group id 2" ], "appDataEncryptionType":"whenDeviceLocked" } |
响应:200 OK
PATCH /managedAppPolicies/{managedAppPoliciesId} - 在更新托管策略时添加了目标安全组(iOS 和 Android 均已尝试)
- 返回 204 但未更新目标安全组。
更新托管应用政策的示例请求:
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 | PATCH /managedAppPolicies/{managedAppPoliciesId} Request Body : { "@odata.context":"https://graph.microsoft.com/beta/$metadata#managedAppPolicies/$entity", "@odata.type":"#microsoft.graph.iosManagedAppProtection", "displayName":"Test IOS Policy", "description":"test", "deployedAppCount": 5, "id":"valid id", "periodOfflineBeforeAccessCheck":"PT12H", "periodOnlineBeforeAccessCheck":"PT30M", "allowedInboundDataTransferSources":"allApps", "allowedOutboundDataTransferDestinations":"allApps", "organizationalCredentialsRequired": false, "allowedOutboundClipboardSharingLevel":"allApps", "dataBackupBlocked": true, "deviceComplianceRequired": true, "managedBrowserToOpenLinksRequired": false, "saveAsBlocked": false, "periodOfflineBeforeWipeIsEnforced":"P90D", "pinRequired": true, "maximumPinRetries": 5, "simplePinBlocked": false, "minimumPinLength": 4, "pinCharacterSet":"any", "allowedDataStorageLocations": [ "oneDriveForBusiness", "sharePoint" ], "contactSyncBlocked": false, "printBlocked": false, "fingerprintBlocked": false, "targetedSecurityCount" : 1, "targetedSecurityGroupIds": ["valid user group id"], "appDataEncryptionType":"whenDeviceLocked" } |
响应:204
POST /managedAppPolicies/{managedAppPoliciesId}/updateTargetedSecurityGroups
- 此 API 失败,返回 500
文档:
https://graph.microsoft.io/en-us/docs/api-reference/beta/api/intune_mam_targetedmanagedappprotection_updatetargetedsecuritygroups
样品请求:
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 | POST /managedAppPolicies/{managedAppPoliciesId}/updateTargetedSecurityGroups Request Body: { "targetedSecurityGroups": [ { "@odata.type":"#microsoft.graph.directoryObject", "id":"valid user group id" } ] } Response : 400 Response Body: { "error": { "code":"BadRequest", "message":"Resource not found for the segment 'updateTargetedSecurityGroups'.", "innerError": { "request-id":"XXX....", "date":"2017-02-20T23:35:48" } } } |
你能试试这样的类型限定符吗:
1 2 3 4 5 6 7 | POST ~/managedAppPolicies/managedAppPoliciesId}/microsoft.graph.targetedManagedAppProtection/updateTargetedSecurityGroups { "targetedSecurityGroups": [ {"id":"https://graph.microsoft.com/beta/directoryObjects/{groupGuidId}"}, {"id":"https://graph.microsoft.com/beta/directoryObjects/{groupGuidId}"}] } |