One of the following permissions is required to call this API. To learn more, including how to choose permissions, see Permissions.
In the request body, supply a JSON representation for the windows10EndpointProtectionConfiguration object.
The following table shows the properties that are required when you create the windows10EndpointProtectionConfiguration.
Here is an example of the request.
POST https://graph.microsoft.com/v1.0/deviceManagement/deviceConfigurations
Content-type: application/json
Content-length: 4245
{
"@odata.type": "#microsoft.graph.windows10EndpointProtectionConfiguration",
"description": "Description value",
"displayName": "Display Name value",
"version": 7,
"firewallBlockStatefulFTP": true,
"firewallIdleTimeoutForSecurityAssociationInSeconds": 2,
"firewallPreSharedKeyEncodingMethod": "none",
"firewallIPSecExemptionsAllowNeighborDiscovery": true,
"firewallIPSecExemptionsAllowICMP": true,
"firewallIPSecExemptionsAllowRouterDiscovery": true,
"firewallIPSecExemptionsAllowDHCP": true,
"firewallCertificateRevocationListCheckMethod": "none",
"firewallMergeKeyingModuleSettings": true,
"firewallPacketQueueingMethod": "disabled",
"firewallProfileDomain": {
"@odata.type": "microsoft.graph.windowsFirewallNetworkProfile",
"firewallEnabled": "blocked",
"stealthModeBlocked": true,
"incomingTrafficBlocked": true,
"unicastResponsesToMulticastBroadcastsBlocked": true,
"inboundNotificationsBlocked": true,
"authorizedApplicationRulesFromGroupPolicyMerged": true,
"globalPortRulesFromGroupPolicyMerged": true,
"connectionSecurityRulesFromGroupPolicyMerged": true,
"outboundConnectionsBlocked": true,
"inboundConnectionsBlocked": true,
"securedPacketExemptionAllowed": true,
"policyRulesFromGroupPolicyMerged": true
},
"firewallProfilePublic": {
"@odata.type": "microsoft.graph.windowsFirewallNetworkProfile",
"firewallEnabled": "blocked",
"stealthModeBlocked": true,
"incomingTrafficBlocked": true,
"unicastResponsesToMulticastBroadcastsBlocked": true,
"inboundNotificationsBlocked": true,
"authorizedApplicationRulesFromGroupPolicyMerged": true,
"globalPortRulesFromGroupPolicyMerged": true,
"connectionSecurityRulesFromGroupPolicyMerged": true,
"outboundConnectionsBlocked": true,
"inboundConnectionsBlocked": true,
"securedPacketExemptionAllowed": true,
"policyRulesFromGroupPolicyMerged": true
},
"firewallProfilePrivate": {
"@odata.type": "microsoft.graph.windowsFirewallNetworkProfile",
"firewallEnabled": "blocked",
"stealthModeBlocked": true,
"incomingTrafficBlocked": true,
"unicastResponsesToMulticastBroadcastsBlocked": true,
"inboundNotificationsBlocked": true,
"authorizedApplicationRulesFromGroupPolicyMerged": true,
"globalPortRulesFromGroupPolicyMerged": true,
"connectionSecurityRulesFromGroupPolicyMerged": true,
"outboundConnectionsBlocked": true,
"inboundConnectionsBlocked": true,
"securedPacketExemptionAllowed": true,
"policyRulesFromGroupPolicyMerged": true
},
"defenderAttackSurfaceReductionExcludedPaths": [
"Defender Attack Surface Reduction Excluded Paths value"
],
"defenderGuardedFoldersAllowedAppPaths": [
"Defender Guarded Folders Allowed App Paths value"
],
"defenderAdditionalGuardedFolders": [
"Defender Additional Guarded Folders value"
],
"defenderExploitProtectionXml": "ZGVmZW5kZXJFeHBsb2l0UHJvdGVjdGlvblhtbA==",
"defenderExploitProtectionXmlFileName": "Defender Exploit Protection Xml File Name value",
"defenderSecurityCenterBlockExploitProtectionOverride": true,
"appLockerApplicationControl": "enforceComponentsAndStoreApps",
"smartScreenEnableInShell": true,
"smartScreenBlockOverrideForFiles": true,
"applicationGuardEnabled": true,
"applicationGuardBlockFileTransfer": "blockImageAndTextFile",
"applicationGuardBlockNonEnterpriseContent": true,
"applicationGuardAllowPersistence": true,
"applicationGuardForceAuditing": true,
"applicationGuardBlockClipboardSharing": "blockBoth",
"applicationGuardAllowPrintToPDF": true,
"applicationGuardAllowPrintToXPS": true,
"applicationGuardAllowPrintToLocalPrinters": true,
"applicationGuardAllowPrintToNetworkPrinters": true,
"bitLockerDisableWarningForOtherDiskEncryption": true,
"bitLockerEnableStorageCardEncryptionOnMobile": true,
"bitLockerEncryptDevice": true,
"bitLockerRemovableDrivePolicy": {
"@odata.type": "microsoft.graph.bitLockerRemovableDrivePolicy",
"encryptionMethod": "aesCbc256",
"requireEncryptionForWriteAccess": true,
"blockCrossOrganizationWriteAccess": true
}
}
// Code snippets are only available for the latest version. Current version is 5.x
// Dependencies
using Microsoft.Graph.Models;
var requestBody = new Windows10EndpointProtectionConfiguration
{
OdataType = "#microsoft.graph.windows10EndpointProtectionConfiguration",
Description = "Description value",
DisplayName = "Display Name value",
Version = 7,
FirewallBlockStatefulFTP = true,
FirewallIdleTimeoutForSecurityAssociationInSeconds = 2,
FirewallPreSharedKeyEncodingMethod = FirewallPreSharedKeyEncodingMethodType.None,
FirewallIPSecExemptionsAllowNeighborDiscovery = true,
FirewallIPSecExemptionsAllowICMP = true,
FirewallIPSecExemptionsAllowRouterDiscovery = true,
FirewallIPSecExemptionsAllowDHCP = true,
FirewallCertificateRevocationListCheckMethod = FirewallCertificateRevocationListCheckMethodType.None,
FirewallMergeKeyingModuleSettings = true,
FirewallPacketQueueingMethod = FirewallPacketQueueingMethodType.Disabled,
FirewallProfileDomain = new WindowsFirewallNetworkProfile
{
OdataType = "microsoft.graph.windowsFirewallNetworkProfile",
FirewallEnabled = StateManagementSetting.Blocked,
StealthModeBlocked = true,
IncomingTrafficBlocked = true,
UnicastResponsesToMulticastBroadcastsBlocked = true,
InboundNotificationsBlocked = true,
AuthorizedApplicationRulesFromGroupPolicyMerged = true,
GlobalPortRulesFromGroupPolicyMerged = true,
ConnectionSecurityRulesFromGroupPolicyMerged = true,
OutboundConnectionsBlocked = true,
InboundConnectionsBlocked = true,
SecuredPacketExemptionAllowed = true,
PolicyRulesFromGroupPolicyMerged = true,
},
FirewallProfilePublic = new WindowsFirewallNetworkProfile
{
OdataType = "microsoft.graph.windowsFirewallNetworkProfile",
FirewallEnabled = StateManagementSetting.Blocked,
StealthModeBlocked = true,
IncomingTrafficBlocked = true,
UnicastResponsesToMulticastBroadcastsBlocked = true,
InboundNotificationsBlocked = true,
AuthorizedApplicationRulesFromGroupPolicyMerged = true,
GlobalPortRulesFromGroupPolicyMerged = true,
ConnectionSecurityRulesFromGroupPolicyMerged = true,
OutboundConnectionsBlocked = true,
InboundConnectionsBlocked = true,
SecuredPacketExemptionAllowed = true,
PolicyRulesFromGroupPolicyMerged = true,
},
FirewallProfilePrivate = new WindowsFirewallNetworkProfile
{
OdataType = "microsoft.graph.windowsFirewallNetworkProfile",
FirewallEnabled = StateManagementSetting.Blocked,
StealthModeBlocked = true,
IncomingTrafficBlocked = true,
UnicastResponsesToMulticastBroadcastsBlocked = true,
InboundNotificationsBlocked = true,
AuthorizedApplicationRulesFromGroupPolicyMerged = true,
GlobalPortRulesFromGroupPolicyMerged = true,
ConnectionSecurityRulesFromGroupPolicyMerged = true,
OutboundConnectionsBlocked = true,
InboundConnectionsBlocked = true,
SecuredPacketExemptionAllowed = true,
PolicyRulesFromGroupPolicyMerged = true,
},
DefenderAttackSurfaceReductionExcludedPaths = new List<string>
{
"Defender Attack Surface Reduction Excluded Paths value",
},
DefenderGuardedFoldersAllowedAppPaths = new List<string>
{
"Defender Guarded Folders Allowed App Paths value",
},
DefenderAdditionalGuardedFolders = new List<string>
{
"Defender Additional Guarded Folders value",
},
DefenderExploitProtectionXml = Convert.FromBase64String("ZGVmZW5kZXJFeHBsb2l0UHJvdGVjdGlvblhtbA=="),
DefenderExploitProtectionXmlFileName = "Defender Exploit Protection Xml File Name value",
DefenderSecurityCenterBlockExploitProtectionOverride = true,
AppLockerApplicationControl = AppLockerApplicationControlType.EnforceComponentsAndStoreApps,
SmartScreenEnableInShell = true,
SmartScreenBlockOverrideForFiles = true,
ApplicationGuardEnabled = true,
ApplicationGuardBlockFileTransfer = ApplicationGuardBlockFileTransferType.BlockImageAndTextFile,
ApplicationGuardBlockNonEnterpriseContent = true,
ApplicationGuardAllowPersistence = true,
ApplicationGuardForceAuditing = true,
ApplicationGuardBlockClipboardSharing = ApplicationGuardBlockClipboardSharingType.BlockBoth,
ApplicationGuardAllowPrintToPDF = true,
ApplicationGuardAllowPrintToXPS = true,
ApplicationGuardAllowPrintToLocalPrinters = true,
ApplicationGuardAllowPrintToNetworkPrinters = true,
BitLockerDisableWarningForOtherDiskEncryption = true,
BitLockerEnableStorageCardEncryptionOnMobile = true,
BitLockerEncryptDevice = true,
BitLockerRemovableDrivePolicy = new BitLockerRemovableDrivePolicy
{
OdataType = "microsoft.graph.bitLockerRemovableDrivePolicy",
EncryptionMethod = BitLockerEncryptionMethod.AesCbc256,
RequireEncryptionForWriteAccess = true,
BlockCrossOrganizationWriteAccess = true,
},
};
// To initialize your graphClient, see https://learn.microsoft.com/en-us/graph/sdks/create-client?from=snippets&tabs=csharp
var result = await graphClient.DeviceManagement.DeviceConfigurations.PostAsync(requestBody);
For details about how to add the SDK to your project and create an authProvider instance, see the SDK documentation.
mgc device-management device-configurations create --body '{\
"@odata.type": "#microsoft.graph.windows10EndpointProtectionConfiguration",\
"description": "Description value",\
"displayName": "Display Name value",\
"version": 7,\
"firewallBlockStatefulFTP": true,\
"firewallIdleTimeoutForSecurityAssociationInSeconds": 2,\
"firewallPreSharedKeyEncodingMethod": "none",\
"firewallIPSecExemptionsAllowNeighborDiscovery": true,\
"firewallIPSecExemptionsAllowICMP": true,\
"firewallIPSecExemptionsAllowRouterDiscovery": true,\
"firewallIPSecExemptionsAllowDHCP": true,\
"firewallCertificateRevocationListCheckMethod": "none",\
"firewallMergeKeyingModuleSettings": true,\
"firewallPacketQueueingMethod": "disabled",\
"firewallProfileDomain": {\
"@odata.type": "microsoft.graph.windowsFirewallNetworkProfile",\
"firewallEnabled": "blocked",\
"stealthModeBlocked": true,\
"incomingTrafficBlocked": true,\
"unicastResponsesToMulticastBroadcastsBlocked": true,\
"inboundNotificationsBlocked": true,\
"authorizedApplicationRulesFromGroupPolicyMerged": true,\
"globalPortRulesFromGroupPolicyMerged": true,\
"connectionSecurityRulesFromGroupPolicyMerged": true,\
"outboundConnectionsBlocked": true,\
"inboundConnectionsBlocked": true,\
"securedPacketExemptionAllowed": true,\
"policyRulesFromGroupPolicyMerged": true\
},\
"firewallProfilePublic": {\
"@odata.type": "microsoft.graph.windowsFirewallNetworkProfile",\
"firewallEnabled": "blocked",\
"stealthModeBlocked": true,\
"incomingTrafficBlocked": true,\
"unicastResponsesToMulticastBroadcastsBlocked": true,\
"inboundNotificationsBlocked": true,\
"authorizedApplicationRulesFromGroupPolicyMerged": true,\
"globalPortRulesFromGroupPolicyMerged": true,\
"connectionSecurityRulesFromGroupPolicyMerged": true,\
"outboundConnectionsBlocked": true,\
"inboundConnectionsBlocked": true,\
"securedPacketExemptionAllowed": true,\
"policyRulesFromGroupPolicyMerged": true\
},\
"firewallProfilePrivate": {\
"@odata.type": "microsoft.graph.windowsFirewallNetworkProfile",\
"firewallEnabled": "blocked",\
"stealthModeBlocked": true,\
"incomingTrafficBlocked": true,\
"unicastResponsesToMulticastBroadcastsBlocked": true,\
"inboundNotificationsBlocked": true,\
"authorizedApplicationRulesFromGroupPolicyMerged": true,\
"globalPortRulesFromGroupPolicyMerged": true,\
"connectionSecurityRulesFromGroupPolicyMerged": true,\
"outboundConnectionsBlocked": true,\
"inboundConnectionsBlocked": true,\
"securedPacketExemptionAllowed": true,\
"policyRulesFromGroupPolicyMerged": true\
},\
"defenderAttackSurfaceReductionExcludedPaths": [\
"Defender Attack Surface Reduction Excluded Paths value"\
],\
"defenderGuardedFoldersAllowedAppPaths": [\
"Defender Guarded Folders Allowed App Paths value"\
],\
"defenderAdditionalGuardedFolders": [\
"Defender Additional Guarded Folders value"\
],\
"defenderExploitProtectionXml": "ZGVmZW5kZXJFeHBsb2l0UHJvdGVjdGlvblhtbA==",\
"defenderExploitProtectionXmlFileName": "Defender Exploit Protection Xml File Name value",\
"defenderSecurityCenterBlockExploitProtectionOverride": true,\
"appLockerApplicationControl": "enforceComponentsAndStoreApps",\
"smartScreenEnableInShell": true,\
"smartScreenBlockOverrideForFiles": true,\
"applicationGuardEnabled": true,\
"applicationGuardBlockFileTransfer": "blockImageAndTextFile",\
"applicationGuardBlockNonEnterpriseContent": true,\
"applicationGuardAllowPersistence": true,\
"applicationGuardForceAuditing": true,\
"applicationGuardBlockClipboardSharing": "blockBoth",\
"applicationGuardAllowPrintToPDF": true,\
"applicationGuardAllowPrintToXPS": true,\
"applicationGuardAllowPrintToLocalPrinters": true,\
"applicationGuardAllowPrintToNetworkPrinters": true,\
"bitLockerDisableWarningForOtherDiskEncryption": true,\
"bitLockerEnableStorageCardEncryptionOnMobile": true,\
"bitLockerEncryptDevice": true,\
"bitLockerRemovableDrivePolicy": {\
"@odata.type": "microsoft.graph.bitLockerRemovableDrivePolicy",\
"encryptionMethod": "aesCbc256",\
"requireEncryptionForWriteAccess": true,\
"blockCrossOrganizationWriteAccess": true\
}\
}\
'
For details about how to add the SDK to your project and create an authProvider instance, see the SDK documentation.
// Code snippets are only available for the latest major version. Current major version is $v1.*
// Dependencies
import (
"context"
msgraphsdk "github.com/microsoftgraph/msgraph-sdk-go"
graphmodels "github.com/microsoftgraph/msgraph-sdk-go/models"
//other-imports
)
requestBody := graphmodels.NewDeviceConfiguration()
description := "Description value"
requestBody.SetDescription(&description)
displayName := "Display Name value"
requestBody.SetDisplayName(&displayName)
version := int32(7)
requestBody.SetVersion(&version)
firewallBlockStatefulFTP := true
requestBody.SetFirewallBlockStatefulFTP(&firewallBlockStatefulFTP)
firewallIdleTimeoutForSecurityAssociationInSeconds := int32(2)
requestBody.SetFirewallIdleTimeoutForSecurityAssociationInSeconds(&firewallIdleTimeoutForSecurityAssociationInSeconds)
firewallPreSharedKeyEncodingMethod := graphmodels.NONE_FIREWALLPRESHAREDKEYENCODINGMETHODTYPE
requestBody.SetFirewallPreSharedKeyEncodingMethod(&firewallPreSharedKeyEncodingMethod)
firewallIPSecExemptionsAllowNeighborDiscovery := true
requestBody.SetFirewallIPSecExemptionsAllowNeighborDiscovery(&firewallIPSecExemptionsAllowNeighborDiscovery)
firewallIPSecExemptionsAllowICMP := true
requestBody.SetFirewallIPSecExemptionsAllowICMP(&firewallIPSecExemptionsAllowICMP)
firewallIPSecExemptionsAllowRouterDiscovery := true
requestBody.SetFirewallIPSecExemptionsAllowRouterDiscovery(&firewallIPSecExemptionsAllowRouterDiscovery)
firewallIPSecExemptionsAllowDHCP := true
requestBody.SetFirewallIPSecExemptionsAllowDHCP(&firewallIPSecExemptionsAllowDHCP)
firewallCertificateRevocationListCheckMethod := graphmodels.NONE_FIREWALLCERTIFICATEREVOCATIONLISTCHECKMETHODTYPE
requestBody.SetFirewallCertificateRevocationListCheckMethod(&firewallCertificateRevocationListCheckMethod)
firewallMergeKeyingModuleSettings := true
requestBody.SetFirewallMergeKeyingModuleSettings(&firewallMergeKeyingModuleSettings)
firewallPacketQueueingMethod := graphmodels.DISABLED_FIREWALLPACKETQUEUEINGMETHODTYPE
requestBody.SetFirewallPacketQueueingMethod(&firewallPacketQueueingMethod)
firewallProfileDomain := graphmodels.NewWindowsFirewallNetworkProfile()
firewallEnabled := graphmodels.BLOCKED_STATEMANAGEMENTSETTING
firewallProfileDomain.SetFirewallEnabled(&firewallEnabled)
stealthModeBlocked := true
firewallProfileDomain.SetStealthModeBlocked(&stealthModeBlocked)
incomingTrafficBlocked := true
firewallProfileDomain.SetIncomingTrafficBlocked(&incomingTrafficBlocked)
unicastResponsesToMulticastBroadcastsBlocked := true
firewallProfileDomain.SetUnicastResponsesToMulticastBroadcastsBlocked(&unicastResponsesToMulticastBroadcastsBlocked)
inboundNotificationsBlocked := true
firewallProfileDomain.SetInboundNotificationsBlocked(&inboundNotificationsBlocked)
authorizedApplicationRulesFromGroupPolicyMerged := true
firewallProfileDomain.SetAuthorizedApplicationRulesFromGroupPolicyMerged(&authorizedApplicationRulesFromGroupPolicyMerged)
globalPortRulesFromGroupPolicyMerged := true
firewallProfileDomain.SetGlobalPortRulesFromGroupPolicyMerged(&globalPortRulesFromGroupPolicyMerged)
connectionSecurityRulesFromGroupPolicyMerged := true
firewallProfileDomain.SetConnectionSecurityRulesFromGroupPolicyMerged(&connectionSecurityRulesFromGroupPolicyMerged)
outboundConnectionsBlocked := true
firewallProfileDomain.SetOutboundConnectionsBlocked(&outboundConnectionsBlocked)
inboundConnectionsBlocked := true
firewallProfileDomain.SetInboundConnectionsBlocked(&inboundConnectionsBlocked)
securedPacketExemptionAllowed := true
firewallProfileDomain.SetSecuredPacketExemptionAllowed(&securedPacketExemptionAllowed)
policyRulesFromGroupPolicyMerged := true
firewallProfileDomain.SetPolicyRulesFromGroupPolicyMerged(&policyRulesFromGroupPolicyMerged)
requestBody.SetFirewallProfileDomain(firewallProfileDomain)
firewallProfilePublic := graphmodels.NewWindowsFirewallNetworkProfile()
firewallEnabled := graphmodels.BLOCKED_STATEMANAGEMENTSETTING
firewallProfilePublic.SetFirewallEnabled(&firewallEnabled)
stealthModeBlocked := true
firewallProfilePublic.SetStealthModeBlocked(&stealthModeBlocked)
incomingTrafficBlocked := true
firewallProfilePublic.SetIncomingTrafficBlocked(&incomingTrafficBlocked)
unicastResponsesToMulticastBroadcastsBlocked := true
firewallProfilePublic.SetUnicastResponsesToMulticastBroadcastsBlocked(&unicastResponsesToMulticastBroadcastsBlocked)
inboundNotificationsBlocked := true
firewallProfilePublic.SetInboundNotificationsBlocked(&inboundNotificationsBlocked)
authorizedApplicationRulesFromGroupPolicyMerged := true
firewallProfilePublic.SetAuthorizedApplicationRulesFromGroupPolicyMerged(&authorizedApplicationRulesFromGroupPolicyMerged)
globalPortRulesFromGroupPolicyMerged := true
firewallProfilePublic.SetGlobalPortRulesFromGroupPolicyMerged(&globalPortRulesFromGroupPolicyMerged)
connectionSecurityRulesFromGroupPolicyMerged := true
firewallProfilePublic.SetConnectionSecurityRulesFromGroupPolicyMerged(&connectionSecurityRulesFromGroupPolicyMerged)
outboundConnectionsBlocked := true
firewallProfilePublic.SetOutboundConnectionsBlocked(&outboundConnectionsBlocked)
inboundConnectionsBlocked := true
firewallProfilePublic.SetInboundConnectionsBlocked(&inboundConnectionsBlocked)
securedPacketExemptionAllowed := true
firewallProfilePublic.SetSecuredPacketExemptionAllowed(&securedPacketExemptionAllowed)
policyRulesFromGroupPolicyMerged := true
firewallProfilePublic.SetPolicyRulesFromGroupPolicyMerged(&policyRulesFromGroupPolicyMerged)
requestBody.SetFirewallProfilePublic(firewallProfilePublic)
firewallProfilePrivate := graphmodels.NewWindowsFirewallNetworkProfile()
firewallEnabled := graphmodels.BLOCKED_STATEMANAGEMENTSETTING
firewallProfilePrivate.SetFirewallEnabled(&firewallEnabled)
stealthModeBlocked := true
firewallProfilePrivate.SetStealthModeBlocked(&stealthModeBlocked)
incomingTrafficBlocked := true
firewallProfilePrivate.SetIncomingTrafficBlocked(&incomingTrafficBlocked)
unicastResponsesToMulticastBroadcastsBlocked := true
firewallProfilePrivate.SetUnicastResponsesToMulticastBroadcastsBlocked(&unicastResponsesToMulticastBroadcastsBlocked)
inboundNotificationsBlocked := true
firewallProfilePrivate.SetInboundNotificationsBlocked(&inboundNotificationsBlocked)
authorizedApplicationRulesFromGroupPolicyMerged := true
firewallProfilePrivate.SetAuthorizedApplicationRulesFromGroupPolicyMerged(&authorizedApplicationRulesFromGroupPolicyMerged)
globalPortRulesFromGroupPolicyMerged := true
firewallProfilePrivate.SetGlobalPortRulesFromGroupPolicyMerged(&globalPortRulesFromGroupPolicyMerged)
connectionSecurityRulesFromGroupPolicyMerged := true
firewallProfilePrivate.SetConnectionSecurityRulesFromGroupPolicyMerged(&connectionSecurityRulesFromGroupPolicyMerged)
outboundConnectionsBlocked := true
firewallProfilePrivate.SetOutboundConnectionsBlocked(&outboundConnectionsBlocked)
inboundConnectionsBlocked := true
firewallProfilePrivate.SetInboundConnectionsBlocked(&inboundConnectionsBlocked)
securedPacketExemptionAllowed := true
firewallProfilePrivate.SetSecuredPacketExemptionAllowed(&securedPacketExemptionAllowed)
policyRulesFromGroupPolicyMerged := true
firewallProfilePrivate.SetPolicyRulesFromGroupPolicyMerged(&policyRulesFromGroupPolicyMerged)
requestBody.SetFirewallProfilePrivate(firewallProfilePrivate)
defenderAttackSurfaceReductionExcludedPaths := []string {
"Defender Attack Surface Reduction Excluded Paths value",
}
requestBody.SetDefenderAttackSurfaceReductionExcludedPaths(defenderAttackSurfaceReductionExcludedPaths)
defenderGuardedFoldersAllowedAppPaths := []string {
"Defender Guarded Folders Allowed App Paths value",
}
requestBody.SetDefenderGuardedFoldersAllowedAppPaths(defenderGuardedFoldersAllowedAppPaths)
defenderAdditionalGuardedFolders := []string {
"Defender Additional Guarded Folders value",
}
requestBody.SetDefenderAdditionalGuardedFolders(defenderAdditionalGuardedFolders)
defenderExploitProtectionXml := []byte("zGVmZW5kZXJFeHBsb2l0UHJvdGVjdGlvblhtbA==")
requestBody.SetDefenderExploitProtectionXml(&defenderExploitProtectionXml)
defenderExploitProtectionXmlFileName := "Defender Exploit Protection Xml File Name value"
requestBody.SetDefenderExploitProtectionXmlFileName(&defenderExploitProtectionXmlFileName)
defenderSecurityCenterBlockExploitProtectionOverride := true
requestBody.SetDefenderSecurityCenterBlockExploitProtectionOverride(&defenderSecurityCenterBlockExploitProtectionOverride)
appLockerApplicationControl := graphmodels.ENFORCECOMPONENTSANDSTOREAPPS_APPLOCKERAPPLICATIONCONTROLTYPE
requestBody.SetAppLockerApplicationControl(&appLockerApplicationControl)
smartScreenEnableInShell := true
requestBody.SetSmartScreenEnableInShell(&smartScreenEnableInShell)
smartScreenBlockOverrideForFiles := true
requestBody.SetSmartScreenBlockOverrideForFiles(&smartScreenBlockOverrideForFiles)
applicationGuardEnabled := true
requestBody.SetApplicationGuardEnabled(&applicationGuardEnabled)
applicationGuardBlockFileTransfer := graphmodels.BLOCKIMAGEANDTEXTFILE_APPLICATIONGUARDBLOCKFILETRANSFERTYPE
requestBody.SetApplicationGuardBlockFileTransfer(&applicationGuardBlockFileTransfer)
applicationGuardBlockNonEnterpriseContent := true
requestBody.SetApplicationGuardBlockNonEnterpriseContent(&applicationGuardBlockNonEnterpriseContent)
applicationGuardAllowPersistence := true
requestBody.SetApplicationGuardAllowPersistence(&applicationGuardAllowPersistence)
applicationGuardForceAuditing := true
requestBody.SetApplicationGuardForceAuditing(&applicationGuardForceAuditing)
applicationGuardBlockClipboardSharing := graphmodels.BLOCKBOTH_APPLICATIONGUARDBLOCKCLIPBOARDSHARINGTYPE
requestBody.SetApplicationGuardBlockClipboardSharing(&applicationGuardBlockClipboardSharing)
applicationGuardAllowPrintToPDF := true
requestBody.SetApplicationGuardAllowPrintToPDF(&applicationGuardAllowPrintToPDF)
applicationGuardAllowPrintToXPS := true
requestBody.SetApplicationGuardAllowPrintToXPS(&applicationGuardAllowPrintToXPS)
applicationGuardAllowPrintToLocalPrinters := true
requestBody.SetApplicationGuardAllowPrintToLocalPrinters(&applicationGuardAllowPrintToLocalPrinters)
applicationGuardAllowPrintToNetworkPrinters := true
requestBody.SetApplicationGuardAllowPrintToNetworkPrinters(&applicationGuardAllowPrintToNetworkPrinters)
bitLockerDisableWarningForOtherDiskEncryption := true
requestBody.SetBitLockerDisableWarningForOtherDiskEncryption(&bitLockerDisableWarningForOtherDiskEncryption)
bitLockerEnableStorageCardEncryptionOnMobile := true
requestBody.SetBitLockerEnableStorageCardEncryptionOnMobile(&bitLockerEnableStorageCardEncryptionOnMobile)
bitLockerEncryptDevice := true
requestBody.SetBitLockerEncryptDevice(&bitLockerEncryptDevice)
bitLockerRemovableDrivePolicy := graphmodels.NewBitLockerRemovableDrivePolicy()
encryptionMethod := graphmodels.AESCBC256_BITLOCKERENCRYPTIONMETHOD
bitLockerRemovableDrivePolicy.SetEncryptionMethod(&encryptionMethod)
requireEncryptionForWriteAccess := true
bitLockerRemovableDrivePolicy.SetRequireEncryptionForWriteAccess(&requireEncryptionForWriteAccess)
blockCrossOrganizationWriteAccess := true
bitLockerRemovableDrivePolicy.SetBlockCrossOrganizationWriteAccess(&blockCrossOrganizationWriteAccess)
requestBody.SetBitLockerRemovableDrivePolicy(bitLockerRemovableDrivePolicy)
// To initialize your graphClient, see https://learn.microsoft.com/en-us/graph/sdks/create-client?from=snippets&tabs=go
deviceConfigurations, err := graphClient.DeviceManagement().DeviceConfigurations().Post(context.Background(), requestBody, nil)
For details about how to add the SDK to your project and create an authProvider instance, see the SDK documentation.
// Code snippets are only available for the latest version. Current version is 6.x
GraphServiceClient graphClient = new GraphServiceClient(requestAdapter);
Windows10EndpointProtectionConfiguration deviceConfiguration = new Windows10EndpointProtectionConfiguration();
deviceConfiguration.setOdataType("#microsoft.graph.windows10EndpointProtectionConfiguration");
deviceConfiguration.setDescription("Description value");
deviceConfiguration.setDisplayName("Display Name value");
deviceConfiguration.setVersion(7);
deviceConfiguration.setFirewallBlockStatefulFTP(true);
deviceConfiguration.setFirewallIdleTimeoutForSecurityAssociationInSeconds(2);
deviceConfiguration.setFirewallPreSharedKeyEncodingMethod(FirewallPreSharedKeyEncodingMethodType.None);
deviceConfiguration.setFirewallIPSecExemptionsAllowNeighborDiscovery(true);
deviceConfiguration.setFirewallIPSecExemptionsAllowICMP(true);
deviceConfiguration.setFirewallIPSecExemptionsAllowRouterDiscovery(true);
deviceConfiguration.setFirewallIPSecExemptionsAllowDHCP(true);
deviceConfiguration.setFirewallCertificateRevocationListCheckMethod(FirewallCertificateRevocationListCheckMethodType.None);
deviceConfiguration.setFirewallMergeKeyingModuleSettings(true);
deviceConfiguration.setFirewallPacketQueueingMethod(FirewallPacketQueueingMethodType.Disabled);
WindowsFirewallNetworkProfile firewallProfileDomain = new WindowsFirewallNetworkProfile();
firewallProfileDomain.setOdataType("microsoft.graph.windowsFirewallNetworkProfile");
firewallProfileDomain.setFirewallEnabled(StateManagementSetting.Blocked);
firewallProfileDomain.setStealthModeBlocked(true);
firewallProfileDomain.setIncomingTrafficBlocked(true);
firewallProfileDomain.setUnicastResponsesToMulticastBroadcastsBlocked(true);
firewallProfileDomain.setInboundNotificationsBlocked(true);
firewallProfileDomain.setAuthorizedApplicationRulesFromGroupPolicyMerged(true);
firewallProfileDomain.setGlobalPortRulesFromGroupPolicyMerged(true);
firewallProfileDomain.setConnectionSecurityRulesFromGroupPolicyMerged(true);
firewallProfileDomain.setOutboundConnectionsBlocked(true);
firewallProfileDomain.setInboundConnectionsBlocked(true);
firewallProfileDomain.setSecuredPacketExemptionAllowed(true);
firewallProfileDomain.setPolicyRulesFromGroupPolicyMerged(true);
deviceConfiguration.setFirewallProfileDomain(firewallProfileDomain);
WindowsFirewallNetworkProfile firewallProfilePublic = new WindowsFirewallNetworkProfile();
firewallProfilePublic.setOdataType("microsoft.graph.windowsFirewallNetworkProfile");
firewallProfilePublic.setFirewallEnabled(StateManagementSetting.Blocked);
firewallProfilePublic.setStealthModeBlocked(true);
firewallProfilePublic.setIncomingTrafficBlocked(true);
firewallProfilePublic.setUnicastResponsesToMulticastBroadcastsBlocked(true);
firewallProfilePublic.setInboundNotificationsBlocked(true);
firewallProfilePublic.setAuthorizedApplicationRulesFromGroupPolicyMerged(true);
firewallProfilePublic.setGlobalPortRulesFromGroupPolicyMerged(true);
firewallProfilePublic.setConnectionSecurityRulesFromGroupPolicyMerged(true);
firewallProfilePublic.setOutboundConnectionsBlocked(true);
firewallProfilePublic.setInboundConnectionsBlocked(true);
firewallProfilePublic.setSecuredPacketExemptionAllowed(true);
firewallProfilePublic.setPolicyRulesFromGroupPolicyMerged(true);
deviceConfiguration.setFirewallProfilePublic(firewallProfilePublic);
WindowsFirewallNetworkProfile firewallProfilePrivate = new WindowsFirewallNetworkProfile();
firewallProfilePrivate.setOdataType("microsoft.graph.windowsFirewallNetworkProfile");
firewallProfilePrivate.setFirewallEnabled(StateManagementSetting.Blocked);
firewallProfilePrivate.setStealthModeBlocked(true);
firewallProfilePrivate.setIncomingTrafficBlocked(true);
firewallProfilePrivate.setUnicastResponsesToMulticastBroadcastsBlocked(true);
firewallProfilePrivate.setInboundNotificationsBlocked(true);
firewallProfilePrivate.setAuthorizedApplicationRulesFromGroupPolicyMerged(true);
firewallProfilePrivate.setGlobalPortRulesFromGroupPolicyMerged(true);
firewallProfilePrivate.setConnectionSecurityRulesFromGroupPolicyMerged(true);
firewallProfilePrivate.setOutboundConnectionsBlocked(true);
firewallProfilePrivate.setInboundConnectionsBlocked(true);
firewallProfilePrivate.setSecuredPacketExemptionAllowed(true);
firewallProfilePrivate.setPolicyRulesFromGroupPolicyMerged(true);
deviceConfiguration.setFirewallProfilePrivate(firewallProfilePrivate);
LinkedList<String> defenderAttackSurfaceReductionExcludedPaths = new LinkedList<String>();
defenderAttackSurfaceReductionExcludedPaths.add("Defender Attack Surface Reduction Excluded Paths value");
deviceConfiguration.setDefenderAttackSurfaceReductionExcludedPaths(defenderAttackSurfaceReductionExcludedPaths);
LinkedList<String> defenderGuardedFoldersAllowedAppPaths = new LinkedList<String>();
defenderGuardedFoldersAllowedAppPaths.add("Defender Guarded Folders Allowed App Paths value");
deviceConfiguration.setDefenderGuardedFoldersAllowedAppPaths(defenderGuardedFoldersAllowedAppPaths);
LinkedList<String> defenderAdditionalGuardedFolders = new LinkedList<String>();
defenderAdditionalGuardedFolders.add("Defender Additional Guarded Folders value");
deviceConfiguration.setDefenderAdditionalGuardedFolders(defenderAdditionalGuardedFolders);
byte[] defenderExploitProtectionXml = Base64.getDecoder().decode("ZGVmZW5kZXJFeHBsb2l0UHJvdGVjdGlvblhtbA==");
deviceConfiguration.setDefenderExploitProtectionXml(defenderExploitProtectionXml);
deviceConfiguration.setDefenderExploitProtectionXmlFileName("Defender Exploit Protection Xml File Name value");
deviceConfiguration.setDefenderSecurityCenterBlockExploitProtectionOverride(true);
deviceConfiguration.setAppLockerApplicationControl(AppLockerApplicationControlType.EnforceComponentsAndStoreApps);
deviceConfiguration.setSmartScreenEnableInShell(true);
deviceConfiguration.setSmartScreenBlockOverrideForFiles(true);
deviceConfiguration.setApplicationGuardEnabled(true);
deviceConfiguration.setApplicationGuardBlockFileTransfer(ApplicationGuardBlockFileTransferType.BlockImageAndTextFile);
deviceConfiguration.setApplicationGuardBlockNonEnterpriseContent(true);
deviceConfiguration.setApplicationGuardAllowPersistence(true);
deviceConfiguration.setApplicationGuardForceAuditing(true);
deviceConfiguration.setApplicationGuardBlockClipboardSharing(ApplicationGuardBlockClipboardSharingType.BlockBoth);
deviceConfiguration.setApplicationGuardAllowPrintToPDF(true);
deviceConfiguration.setApplicationGuardAllowPrintToXPS(true);
deviceConfiguration.setApplicationGuardAllowPrintToLocalPrinters(true);
deviceConfiguration.setApplicationGuardAllowPrintToNetworkPrinters(true);
deviceConfiguration.setBitLockerDisableWarningForOtherDiskEncryption(true);
deviceConfiguration.setBitLockerEnableStorageCardEncryptionOnMobile(true);
deviceConfiguration.setBitLockerEncryptDevice(true);
BitLockerRemovableDrivePolicy bitLockerRemovableDrivePolicy = new BitLockerRemovableDrivePolicy();
bitLockerRemovableDrivePolicy.setOdataType("microsoft.graph.bitLockerRemovableDrivePolicy");
bitLockerRemovableDrivePolicy.setEncryptionMethod(BitLockerEncryptionMethod.AesCbc256);
bitLockerRemovableDrivePolicy.setRequireEncryptionForWriteAccess(true);
bitLockerRemovableDrivePolicy.setBlockCrossOrganizationWriteAccess(true);
deviceConfiguration.setBitLockerRemovableDrivePolicy(bitLockerRemovableDrivePolicy);
DeviceConfiguration result = graphClient.deviceManagement().deviceConfigurations().post(deviceConfiguration);
For details about how to add the SDK to your project and create an authProvider instance, see the SDK documentation.
const options = {
authProvider,
};
const client = Client.init(options);
const deviceConfiguration = {
'@odata.type': '#microsoft.graph.windows10EndpointProtectionConfiguration',
description: 'Description value',
displayName: 'Display Name value',
version: 7,
firewallBlockStatefulFTP: true,
firewallIdleTimeoutForSecurityAssociationInSeconds: 2,
firewallPreSharedKeyEncodingMethod: 'none',
firewallIPSecExemptionsAllowNeighborDiscovery: true,
firewallIPSecExemptionsAllowICMP: true,
firewallIPSecExemptionsAllowRouterDiscovery: true,
firewallIPSecExemptionsAllowDHCP: true,
firewallCertificateRevocationListCheckMethod: 'none',
firewallMergeKeyingModuleSettings: true,
firewallPacketQueueingMethod: 'disabled',
firewallProfileDomain: {
'@odata.type': 'microsoft.graph.windowsFirewallNetworkProfile',
firewallEnabled: 'blocked',
stealthModeBlocked: true,
incomingTrafficBlocked: true,
unicastResponsesToMulticastBroadcastsBlocked: true,
inboundNotificationsBlocked: true,
authorizedApplicationRulesFromGroupPolicyMerged: true,
globalPortRulesFromGroupPolicyMerged: true,
connectionSecurityRulesFromGroupPolicyMerged: true,
outboundConnectionsBlocked: true,
inboundConnectionsBlocked: true,
securedPacketExemptionAllowed: true,
policyRulesFromGroupPolicyMerged: true
},
firewallProfilePublic: {
'@odata.type': 'microsoft.graph.windowsFirewallNetworkProfile',
firewallEnabled: 'blocked',
stealthModeBlocked: true,
incomingTrafficBlocked: true,
unicastResponsesToMulticastBroadcastsBlocked: true,
inboundNotificationsBlocked: true,
authorizedApplicationRulesFromGroupPolicyMerged: true,
globalPortRulesFromGroupPolicyMerged: true,
connectionSecurityRulesFromGroupPolicyMerged: true,
outboundConnectionsBlocked: true,
inboundConnectionsBlocked: true,
securedPacketExemptionAllowed: true,
policyRulesFromGroupPolicyMerged: true
},
firewallProfilePrivate: {
'@odata.type': 'microsoft.graph.windowsFirewallNetworkProfile',
firewallEnabled: 'blocked',
stealthModeBlocked: true,
incomingTrafficBlocked: true,
unicastResponsesToMulticastBroadcastsBlocked: true,
inboundNotificationsBlocked: true,
authorizedApplicationRulesFromGroupPolicyMerged: true,
globalPortRulesFromGroupPolicyMerged: true,
connectionSecurityRulesFromGroupPolicyMerged: true,
outboundConnectionsBlocked: true,
inboundConnectionsBlocked: true,
securedPacketExemptionAllowed: true,
policyRulesFromGroupPolicyMerged: true
},
defenderAttackSurfaceReductionExcludedPaths: [
'Defender Attack Surface Reduction Excluded Paths value'
],
defenderGuardedFoldersAllowedAppPaths: [
'Defender Guarded Folders Allowed App Paths value'
],
defenderAdditionalGuardedFolders: [
'Defender Additional Guarded Folders value'
],
defenderExploitProtectionXml: 'ZGVmZW5kZXJFeHBsb2l0UHJvdGVjdGlvblhtbA==',
defenderExploitProtectionXmlFileName: 'Defender Exploit Protection Xml File Name value',
defenderSecurityCenterBlockExploitProtectionOverride: true,
appLockerApplicationControl: 'enforceComponentsAndStoreApps',
smartScreenEnableInShell: true,
smartScreenBlockOverrideForFiles: true,
applicationGuardEnabled: true,
applicationGuardBlockFileTransfer: 'blockImageAndTextFile',
applicationGuardBlockNonEnterpriseContent: true,
applicationGuardAllowPersistence: true,
applicationGuardForceAuditing: true,
applicationGuardBlockClipboardSharing: 'blockBoth',
applicationGuardAllowPrintToPDF: true,
applicationGuardAllowPrintToXPS: true,
applicationGuardAllowPrintToLocalPrinters: true,
applicationGuardAllowPrintToNetworkPrinters: true,
bitLockerDisableWarningForOtherDiskEncryption: true,
bitLockerEnableStorageCardEncryptionOnMobile: true,
bitLockerEncryptDevice: true,
bitLockerRemovableDrivePolicy: {
'@odata.type': 'microsoft.graph.bitLockerRemovableDrivePolicy',
encryptionMethod: 'aesCbc256',
requireEncryptionForWriteAccess: true,
blockCrossOrganizationWriteAccess: true
}
};
await client.api('/deviceManagement/deviceConfigurations')
.post(deviceConfiguration);
For details about how to add the SDK to your project and create an authProvider instance, see the SDK documentation.
<?php
use Microsoft\Graph\GraphServiceClient;
use Microsoft\Graph\Generated\Models\Windows10EndpointProtectionConfiguration;
use Microsoft\Graph\Generated\Models\FirewallPreSharedKeyEncodingMethodType;
use Microsoft\Graph\Generated\Models\FirewallCertificateRevocationListCheckMethodType;
use Microsoft\Graph\Generated\Models\FirewallPacketQueueingMethodType;
use Microsoft\Graph\Generated\Models\WindowsFirewallNetworkProfile;
use Microsoft\Graph\Generated\Models\StateManagementSetting;
use Microsoft\Graph\Generated\Models\AppLockerApplicationControlType;
use Microsoft\Graph\Generated\Models\ApplicationGuardBlockFileTransferType;
use Microsoft\Graph\Generated\Models\ApplicationGuardBlockClipboardSharingType;
use Microsoft\Graph\Generated\Models\BitLockerRemovableDrivePolicy;
use Microsoft\Graph\Generated\Models\BitLockerEncryptionMethod;
$graphServiceClient = new GraphServiceClient($tokenRequestContext, $scopes);
$requestBody = new Windows10EndpointProtectionConfiguration();
$requestBody->setOdataType('#microsoft.graph.windows10EndpointProtectionConfiguration');
$requestBody->setDescription('Description value');
$requestBody->setDisplayName('Display Name value');
$requestBody->setVersion(7);
$requestBody->setFirewallBlockStatefulFTP(true);
$requestBody->setFirewallIdleTimeoutForSecurityAssociationInSeconds(2);
$requestBody->setFirewallPreSharedKeyEncodingMethod(new FirewallPreSharedKeyEncodingMethodType('none'));
$requestBody->setFirewallIPSecExemptionsAllowNeighborDiscovery(true);
$requestBody->setFirewallIPSecExemptionsAllowICMP(true);
$requestBody->setFirewallIPSecExemptionsAllowRouterDiscovery(true);
$requestBody->setFirewallIPSecExemptionsAllowDHCP(true);
$requestBody->setFirewallCertificateRevocationListCheckMethod(new FirewallCertificateRevocationListCheckMethodType('none'));
$requestBody->setFirewallMergeKeyingModuleSettings(true);
$requestBody->setFirewallPacketQueueingMethod(new FirewallPacketQueueingMethodType('disabled'));
$firewallProfileDomain = new WindowsFirewallNetworkProfile();
$firewallProfileDomain->setOdataType('microsoft.graph.windowsFirewallNetworkProfile');
$firewallProfileDomain->setFirewallEnabled(new StateManagementSetting('blocked'));
$firewallProfileDomain->setStealthModeBlocked(true);
$firewallProfileDomain->setIncomingTrafficBlocked(true);
$firewallProfileDomain->setUnicastResponsesToMulticastBroadcastsBlocked(true);
$firewallProfileDomain->setInboundNotificationsBlocked(true);
$firewallProfileDomain->setAuthorizedApplicationRulesFromGroupPolicyMerged(true);
$firewallProfileDomain->setGlobalPortRulesFromGroupPolicyMerged(true);
$firewallProfileDomain->setConnectionSecurityRulesFromGroupPolicyMerged(true);
$firewallProfileDomain->setOutboundConnectionsBlocked(true);
$firewallProfileDomain->setInboundConnectionsBlocked(true);
$firewallProfileDomain->setSecuredPacketExemptionAllowed(true);
$firewallProfileDomain->setPolicyRulesFromGroupPolicyMerged(true);
$requestBody->setFirewallProfileDomain($firewallProfileDomain);
$firewallProfilePublic = new WindowsFirewallNetworkProfile();
$firewallProfilePublic->setOdataType('microsoft.graph.windowsFirewallNetworkProfile');
$firewallProfilePublic->setFirewallEnabled(new StateManagementSetting('blocked'));
$firewallProfilePublic->setStealthModeBlocked(true);
$firewallProfilePublic->setIncomingTrafficBlocked(true);
$firewallProfilePublic->setUnicastResponsesToMulticastBroadcastsBlocked(true);
$firewallProfilePublic->setInboundNotificationsBlocked(true);
$firewallProfilePublic->setAuthorizedApplicationRulesFromGroupPolicyMerged(true);
$firewallProfilePublic->setGlobalPortRulesFromGroupPolicyMerged(true);
$firewallProfilePublic->setConnectionSecurityRulesFromGroupPolicyMerged(true);
$firewallProfilePublic->setOutboundConnectionsBlocked(true);
$firewallProfilePublic->setInboundConnectionsBlocked(true);
$firewallProfilePublic->setSecuredPacketExemptionAllowed(true);
$firewallProfilePublic->setPolicyRulesFromGroupPolicyMerged(true);
$requestBody->setFirewallProfilePublic($firewallProfilePublic);
$firewallProfilePrivate = new WindowsFirewallNetworkProfile();
$firewallProfilePrivate->setOdataType('microsoft.graph.windowsFirewallNetworkProfile');
$firewallProfilePrivate->setFirewallEnabled(new StateManagementSetting('blocked'));
$firewallProfilePrivate->setStealthModeBlocked(true);
$firewallProfilePrivate->setIncomingTrafficBlocked(true);
$firewallProfilePrivate->setUnicastResponsesToMulticastBroadcastsBlocked(true);
$firewallProfilePrivate->setInboundNotificationsBlocked(true);
$firewallProfilePrivate->setAuthorizedApplicationRulesFromGroupPolicyMerged(true);
$firewallProfilePrivate->setGlobalPortRulesFromGroupPolicyMerged(true);
$firewallProfilePrivate->setConnectionSecurityRulesFromGroupPolicyMerged(true);
$firewallProfilePrivate->setOutboundConnectionsBlocked(true);
$firewallProfilePrivate->setInboundConnectionsBlocked(true);
$firewallProfilePrivate->setSecuredPacketExemptionAllowed(true);
$firewallProfilePrivate->setPolicyRulesFromGroupPolicyMerged(true);
$requestBody->setFirewallProfilePrivate($firewallProfilePrivate);
$requestBody->setDefenderAttackSurfaceReductionExcludedPaths(['Defender Attack Surface Reduction Excluded Paths value', ]);
$requestBody->setDefenderGuardedFoldersAllowedAppPaths(['Defender Guarded Folders Allowed App Paths value', ]);
$requestBody->setDefenderAdditionalGuardedFolders(['Defender Additional Guarded Folders value', ]);
$requestBody->setDefenderExploitProtectionXml(\GuzzleHttp\Psr7\Utils::streamFor(base64_decode('ZGVmZW5kZXJFeHBsb2l0UHJvdGVjdGlvblhtbA==')));
$requestBody->setDefenderExploitProtectionXmlFileName('Defender Exploit Protection Xml File Name value');
$requestBody->setDefenderSecurityCenterBlockExploitProtectionOverride(true);
$requestBody->setAppLockerApplicationControl(new AppLockerApplicationControlType('enforceComponentsAndStoreApps'));
$requestBody->setSmartScreenEnableInShell(true);
$requestBody->setSmartScreenBlockOverrideForFiles(true);
$requestBody->setApplicationGuardEnabled(true);
$requestBody->setApplicationGuardBlockFileTransfer(new ApplicationGuardBlockFileTransferType('blockImageAndTextFile'));
$requestBody->setApplicationGuardBlockNonEnterpriseContent(true);
$requestBody->setApplicationGuardAllowPersistence(true);
$requestBody->setApplicationGuardForceAuditing(true);
$requestBody->setApplicationGuardBlockClipboardSharing(new ApplicationGuardBlockClipboardSharingType('blockBoth'));
$requestBody->setApplicationGuardAllowPrintToPDF(true);
$requestBody->setApplicationGuardAllowPrintToXPS(true);
$requestBody->setApplicationGuardAllowPrintToLocalPrinters(true);
$requestBody->setApplicationGuardAllowPrintToNetworkPrinters(true);
$requestBody->setBitLockerDisableWarningForOtherDiskEncryption(true);
$requestBody->setBitLockerEnableStorageCardEncryptionOnMobile(true);
$requestBody->setBitLockerEncryptDevice(true);
$bitLockerRemovableDrivePolicy = new BitLockerRemovableDrivePolicy();
$bitLockerRemovableDrivePolicy->setOdataType('microsoft.graph.bitLockerRemovableDrivePolicy');
$bitLockerRemovableDrivePolicy->setEncryptionMethod(new BitLockerEncryptionMethod('aesCbc256'));
$bitLockerRemovableDrivePolicy->setRequireEncryptionForWriteAccess(true);
$bitLockerRemovableDrivePolicy->setBlockCrossOrganizationWriteAccess(true);
$requestBody->setBitLockerRemovableDrivePolicy($bitLockerRemovableDrivePolicy);
$result = $graphServiceClient->deviceManagement()->deviceConfigurations()->post($requestBody)->wait();
For details about how to add the SDK to your project and create an authProvider instance, see the SDK documentation.
Import-Module Microsoft.Graph.DeviceManagement
$params = @{
"@odata.type" = "#microsoft.graph.windows10EndpointProtectionConfiguration"
description = "Description value"
displayName = "Display Name value"
version = 7
firewallBlockStatefulFTP = $true
firewallIdleTimeoutForSecurityAssociationInSeconds =
firewallPreSharedKeyEncodingMethod = "none"
firewallIPSecExemptionsAllowNeighborDiscovery = $true
firewallIPSecExemptionsAllowICMP = $true
firewallIPSecExemptionsAllowRouterDiscovery = $true
firewallIPSecExemptionsAllowDHCP = $true
firewallCertificateRevocationListCheckMethod = "none"
firewallMergeKeyingModuleSettings = $true
firewallPacketQueueingMethod = "disabled"
firewallProfileDomain = @{
"@odata.type" = "microsoft.graph.windowsFirewallNetworkProfile"
firewallEnabled = "blocked"
stealthModeBlocked = $true
incomingTrafficBlocked = $true
unicastResponsesToMulticastBroadcastsBlocked = $true
inboundNotificationsBlocked = $true
authorizedApplicationRulesFromGroupPolicyMerged = $true
globalPortRulesFromGroupPolicyMerged = $true
connectionSecurityRulesFromGroupPolicyMerged = $true
outboundConnectionsBlocked = $true
inboundConnectionsBlocked = $true
securedPacketExemptionAllowed = $true
policyRulesFromGroupPolicyMerged = $true
}
firewallProfilePublic = @{
"@odata.type" = "microsoft.graph.windowsFirewallNetworkProfile"
firewallEnabled = "blocked"
stealthModeBlocked = $true
incomingTrafficBlocked = $true
unicastResponsesToMulticastBroadcastsBlocked = $true
inboundNotificationsBlocked = $true
authorizedApplicationRulesFromGroupPolicyMerged = $true
globalPortRulesFromGroupPolicyMerged = $true
connectionSecurityRulesFromGroupPolicyMerged = $true
outboundConnectionsBlocked = $true
inboundConnectionsBlocked = $true
securedPacketExemptionAllowed = $true
policyRulesFromGroupPolicyMerged = $true
}
firewallProfilePrivate = @{
"@odata.type" = "microsoft.graph.windowsFirewallNetworkProfile"
firewallEnabled = "blocked"
stealthModeBlocked = $true
incomingTrafficBlocked = $true
unicastResponsesToMulticastBroadcastsBlocked = $true
inboundNotificationsBlocked = $true
authorizedApplicationRulesFromGroupPolicyMerged = $true
globalPortRulesFromGroupPolicyMerged = $true
connectionSecurityRulesFromGroupPolicyMerged = $true
outboundConnectionsBlocked = $true
inboundConnectionsBlocked = $true
securedPacketExemptionAllowed = $true
policyRulesFromGroupPolicyMerged = $true
}
defenderAttackSurfaceReductionExcludedPaths = @(
"Defender Attack Surface Reduction Excluded Paths value"
)
defenderGuardedFoldersAllowedAppPaths = @(
"Defender Guarded Folders Allowed App Paths value"
)
defenderAdditionalGuardedFolders = @(
"Defender Additional Guarded Folders value"
)
defenderExploitProtectionXml = "ZGVmZW5kZXJFeHBsb2l0UHJvdGVjdGlvblhtbA=="
defenderExploitProtectionXmlFileName = "Defender Exploit Protection Xml File Name value"
defenderSecurityCenterBlockExploitProtectionOverride = $true
appLockerApplicationControl = "enforceComponentsAndStoreApps"
smartScreenEnableInShell = $true
smartScreenBlockOverrideForFiles = $true
applicationGuardEnabled = $true
applicationGuardBlockFileTransfer = "blockImageAndTextFile"
applicationGuardBlockNonEnterpriseContent = $true
applicationGuardAllowPersistence = $true
applicationGuardForceAuditing = $true
applicationGuardBlockClipboardSharing = "blockBoth"
applicationGuardAllowPrintToPDF = $true
applicationGuardAllowPrintToXPS = $true
applicationGuardAllowPrintToLocalPrinters = $true
applicationGuardAllowPrintToNetworkPrinters = $true
bitLockerDisableWarningForOtherDiskEncryption = $true
bitLockerEnableStorageCardEncryptionOnMobile = $true
bitLockerEncryptDevice = $true
bitLockerRemovableDrivePolicy = @{
"@odata.type" = "microsoft.graph.bitLockerRemovableDrivePolicy"
encryptionMethod = "aesCbc256"
requireEncryptionForWriteAccess = $true
blockCrossOrganizationWriteAccess = $true
}
}
New-MgDeviceManagementDeviceConfiguration -BodyParameter $params
For details about how to add the SDK to your project and create an authProvider instance, see the SDK documentation.
# Code snippets are only available for the latest version. Current version is 1.x
from msgraph import GraphServiceClient
from msgraph.generated.models.windows10_endpoint_protection_configuration import Windows10EndpointProtectionConfiguration
from msgraph.generated.models.firewall_pre_shared_key_encoding_method_type import FirewallPreSharedKeyEncodingMethodType
from msgraph.generated.models.firewall_certificate_revocation_list_check_method_type import FirewallCertificateRevocationListCheckMethodType
from msgraph.generated.models.firewall_packet_queueing_method_type import FirewallPacketQueueingMethodType
from msgraph.generated.models.windows_firewall_network_profile import WindowsFirewallNetworkProfile
from msgraph.generated.models.state_management_setting import StateManagementSetting
from msgraph.generated.models.app_locker_application_control_type import AppLockerApplicationControlType
from msgraph.generated.models.application_guard_block_file_transfer_type import ApplicationGuardBlockFileTransferType
from msgraph.generated.models.application_guard_block_clipboard_sharing_type import ApplicationGuardBlockClipboardSharingType
from msgraph.generated.models.bit_locker_removable_drive_policy import BitLockerRemovableDrivePolicy
from msgraph.generated.models.bit_locker_encryption_method import BitLockerEncryptionMethod
# To initialize your graph_client, see https://learn.microsoft.com/en-us/graph/sdks/create-client?from=snippets&tabs=python
request_body = Windows10EndpointProtectionConfiguration(
odata_type = "#microsoft.graph.windows10EndpointProtectionConfiguration",
description = "Description value",
display_name = "Display Name value",
version = 7,
firewall_block_stateful_f_t_p = True,
firewall_idle_timeout_for_security_association_in_seconds = 2,
firewall_pre_shared_key_encoding_method = FirewallPreSharedKeyEncodingMethodType.None,
firewall_i_p_sec_exemptions_allow_neighbor_discovery = True,
firewall_i_p_sec_exemptions_allow_i_c_m_p = True,
firewall_i_p_sec_exemptions_allow_router_discovery = True,
firewall_i_p_sec_exemptions_allow_d_h_c_p = True,
firewall_certificate_revocation_list_check_method = FirewallCertificateRevocationListCheckMethodType.None,
firewall_merge_keying_module_settings = True,
firewall_packet_queueing_method = FirewallPacketQueueingMethodType.Disabled,
firewall_profile_domain = WindowsFirewallNetworkProfile(
odata_type = "microsoft.graph.windowsFirewallNetworkProfile",
firewall_enabled = StateManagementSetting.Blocked,
stealth_mode_blocked = True,
incoming_traffic_blocked = True,
unicast_responses_to_multicast_broadcasts_blocked = True,
inbound_notifications_blocked = True,
authorized_application_rules_from_group_policy_merged = True,
global_port_rules_from_group_policy_merged = True,
connection_security_rules_from_group_policy_merged = True,
outbound_connections_blocked = True,
inbound_connections_blocked = True,
secured_packet_exemption_allowed = True,
policy_rules_from_group_policy_merged = True,
),
firewall_profile_public = WindowsFirewallNetworkProfile(
odata_type = "microsoft.graph.windowsFirewallNetworkProfile",
firewall_enabled = StateManagementSetting.Blocked,
stealth_mode_blocked = True,
incoming_traffic_blocked = True,
unicast_responses_to_multicast_broadcasts_blocked = True,
inbound_notifications_blocked = True,
authorized_application_rules_from_group_policy_merged = True,
global_port_rules_from_group_policy_merged = True,
connection_security_rules_from_group_policy_merged = True,
outbound_connections_blocked = True,
inbound_connections_blocked = True,
secured_packet_exemption_allowed = True,
policy_rules_from_group_policy_merged = True,
),
firewall_profile_private = WindowsFirewallNetworkProfile(
odata_type = "microsoft.graph.windowsFirewallNetworkProfile",
firewall_enabled = StateManagementSetting.Blocked,
stealth_mode_blocked = True,
incoming_traffic_blocked = True,
unicast_responses_to_multicast_broadcasts_blocked = True,
inbound_notifications_blocked = True,
authorized_application_rules_from_group_policy_merged = True,
global_port_rules_from_group_policy_merged = True,
connection_security_rules_from_group_policy_merged = True,
outbound_connections_blocked = True,
inbound_connections_blocked = True,
secured_packet_exemption_allowed = True,
policy_rules_from_group_policy_merged = True,
),
defender_attack_surface_reduction_excluded_paths = [
"Defender Attack Surface Reduction Excluded Paths value",
],
defender_guarded_folders_allowed_app_paths = [
"Defender Guarded Folders Allowed App Paths value",
],
defender_additional_guarded_folders = [
"Defender Additional Guarded Folders value",
],
defender_exploit_protection_xml = base64.urlsafe_b64decode("ZGVmZW5kZXJFeHBsb2l0UHJvdGVjdGlvblhtbA=="),
defender_exploit_protection_xml_file_name = "Defender Exploit Protection Xml File Name value",
defender_security_center_block_exploit_protection_override = True,
app_locker_application_control = AppLockerApplicationControlType.EnforceComponentsAndStoreApps,
smart_screen_enable_in_shell = True,
smart_screen_block_override_for_files = True,
application_guard_enabled = True,
application_guard_block_file_transfer = ApplicationGuardBlockFileTransferType.BlockImageAndTextFile,
application_guard_block_non_enterprise_content = True,
application_guard_allow_persistence = True,
application_guard_force_auditing = True,
application_guard_block_clipboard_sharing = ApplicationGuardBlockClipboardSharingType.BlockBoth,
application_guard_allow_print_to_p_d_f = True,
application_guard_allow_print_to_x_p_s = True,
application_guard_allow_print_to_local_printers = True,
application_guard_allow_print_to_network_printers = True,
bit_locker_disable_warning_for_other_disk_encryption = True,
bit_locker_enable_storage_card_encryption_on_mobile = True,
bit_locker_encrypt_device = True,
bit_locker_removable_drive_policy = BitLockerRemovableDrivePolicy(
odata_type = "microsoft.graph.bitLockerRemovableDrivePolicy",
encryption_method = BitLockerEncryptionMethod.AesCbc256,
require_encryption_for_write_access = True,
block_cross_organization_write_access = True,
),
)
result = await graph_client.device_management.device_configurations.post(request_body)
For details about how to add the SDK to your project and create an authProvider instance, see the SDK documentation.
Here is an example of the response. Note: The response object shown here may be truncated for brevity. All of the properties will be returned from an actual call.