Create restrictedAppsViolation
Namespace: microsoft.graph
Important: Microsoft Graph APIs under the /beta version are subject to change; production use is not supported.
Note: The Microsoft Graph API for Intune requires an active Intune license for the tenant.
Create a new restrictedAppsViolation object.
This API is available in the following national cloud deployments.
| Global service | US Government L4 | US Government L5 (DOD) | China operated by 21Vianet |
|---|---|---|---|
| ✅ | ✅ | ✅ | ✅ |
Permissions
One of the following permissions is required to call this API. To learn more, including how to choose permissions, see Permissions.
| Permission type | Permissions (from least to most privileged) |
|---|---|
| Delegated (work or school account) | DeviceManagementConfiguration.ReadWrite.All |
| Delegated (personal Microsoft account) | Not supported. |
| Application | DeviceManagementConfiguration.ReadWrite.All |
HTTP Request
POST /deviceManagement/deviceConfigurationRestrictedAppsViolations
Request headers
| Header | Value |
|---|---|
| Authorization | Bearer {token}. Required. Learn more about authentication and authorization. |
| Accept | application/json |
Request body
In the request body, supply a JSON representation for the restrictedAppsViolation object.
The following table shows the properties that are required when you create the restrictedAppsViolation.
| Property | Type | Description |
|---|---|---|
| id | String | Unique identifier for the object. Composed from accountId, deviceId, policyId and userId |
| userId | String | User unique identifier, must be Guid |
| userName | String | User name |
| managedDeviceId | String | Managed device unique identifier, must be Guid |
| deviceName | String | Device name |
| deviceConfigurationId | String | Device configuration profile unique identifier, must be Guid |
| deviceConfigurationName | String | Device configuration profile name |
| platformType | policyPlatformType | Platform type. Possible values are: android, androidForWork, iOS, macOS, windowsPhone81, windows81AndLater, windows10AndLater, androidWorkProfile, windows10XProfile, androidAOSP, linux, all. |
| restrictedAppsState | restrictedAppsState | Restricted apps state. Possible values are: prohibitedApps, notApprovedApps. |
| restrictedApps | managedDeviceReportedApp collection | List of violated restricted apps |
Response
If successful, this method returns a 201 Created response code and a restrictedAppsViolation object in the response body.
Example
Request
Here is an example of the request.
POST https://graph.microsoft.com/beta/deviceManagement/deviceConfigurationRestrictedAppsViolations
Content-type: application/json
Content-length: 564
{
"@odata.type": "#microsoft.graph.restrictedAppsViolation",
"userId": "User Id value",
"userName": "User Name value",
"managedDeviceId": "Managed Device Id value",
"deviceName": "Device Name value",
"deviceConfigurationId": "Device Configuration Id value",
"deviceConfigurationName": "Device Configuration Name value",
"platformType": "androidForWork",
"restrictedAppsState": "notApprovedApps",
"restrictedApps": [
{
"@odata.type": "microsoft.graph.managedDeviceReportedApp",
"appId": "App Id value"
}
]
}
Response
Here is an example of the response. Note: The response object shown here may be truncated for brevity. All of the properties will be returned from an actual call.
HTTP/1.1 201 Created
Content-Type: application/json
Content-Length: 613
{
"@odata.type": "#microsoft.graph.restrictedAppsViolation",
"id": "53f99903-9903-53f9-0399-f9530399f953",
"userId": "User Id value",
"userName": "User Name value",
"managedDeviceId": "Managed Device Id value",
"deviceName": "Device Name value",
"deviceConfigurationId": "Device Configuration Id value",
"deviceConfigurationName": "Device Configuration Name value",
"platformType": "androidForWork",
"restrictedAppsState": "notApprovedApps",
"restrictedApps": [
{
"@odata.type": "microsoft.graph.managedDeviceReportedApp",
"appId": "App Id value"
}
]
}