我正在嘗試創建intune應用程序保護策略。我嘗試了下面的API來做到這一點,但它們都不起作用: POST/managedAppPolicies/- 創建託管策略(嘗試iOS和Android) - 返回401未經授權。創建ManagedAppPolicies測試版Microsoft Graph API不能與應用程序權限配合使用
樣品創建託管應用程序策略請求:
POST /managedAppPolicies/
Request Body :
{
"@odata.context": "https://graph.microsoft.com/beta/$metadata#managedAppPolicies/$entity",
"@odata.type": "#microsoft.graph.iosManagedAppProtection",
"displayName": "Test IOS Policy",
"description": "test",
"periodOfflineBeforeAccessCheck": "PT12H",
"periodOnlineBeforeAccessCheck": "PT30M",
"allowedInboundDataTransferSources": "allApps",
"allowedOutboundDataTransferDestinations": "allApps",
"organizationalCredentialsRequired": false,
"allowedOutboundClipboardSharingLevel": "allApps",
"dataBackupBlocked": true,
"deviceComplianceRequired": true,
"managedBrowserToOpenLinksRequired": false,
"saveAsBlocked": false,
"periodOfflineBeforeWipeIsEnforced": "P90D",
"pinRequired": true,
"maximumPinRetries": 5,
"simplePinBlocked": false,
"minimumPinLength": 4,
"pinCharacterSet": "any",
"allowedDataStorageLocations": [
"oneDriveForBusiness",
"sharePoint"
],
"contactSyncBlocked": false,
"printBlocked": false,
"fingerprintBlocked": false,
"targetedSecurityGroupIds": [ "valid directory group id 1",
"valid directory group id 2" ],
"appDataEncryptionType": "whenDeviceLocked"
}
響應:401未經授權
{
"error": {
"code": "UnknownError",
"message": "{\"ErrorCode\":\"Forbidden\",\"Message\":\"An error has occurred - Operation ID (for customer support): 00000000-0000-0000-0000-000000000000 - Activity ID: f932cecd-028f-42ea-9464-abf6e04f9ede - Url: https://fef.amsua0502.manage.microsoft.com/MAMAdmin/MAMAdminFEService/managedAppPolicies?api-version=2016-06-16 - CustomApiErrorPhrase: \",\"Target\":null,\"Details\":null,\"InnerError\":null,\"InstanceAnnotations\":[]}",
"innerError": {
"request-id": "f932cecd-028f-42ea-9464-abf6e04f9ede",
"date": "2017-03-03T17:44:10"
}
}}
我創建了一個Web應用程序在Azure門戶網站,也給DeviceManagementApps .ReadWrite.All權限給我的應用程序。的是的access_token編程方式通過使用
https://login.microsoftonline.com/<tenantid>/oauth2/token
其中它可以在應用程序的上下文來獲得,而不是網頁表單上提供的用戶憑證(用戶格蘭特方法)
P.S.獲得我已經確定從clientid和secret生成的access_token是正確的,因爲當用於在azure上搜索組時,同一標記起作用。
GET https://graph.microsoft.com/beta/groups?$filter=startswith(displayName,%27test users%27)
我的用戶有3個許可證,企業移動+安全E5,Intune的和Office365企業E3。仍然不起作用。 @alemeshet Alemu – adison88