创建 appManagementPolicy

项目
11/12/2024

命名空间：microsoft.graph

全局服务	美国政府 L4	美国政府 L5 (DOD)	由世纪互联运营的中国
✅	✅	✅	✅

权限

为此 API 选择标记为最低特权的权限。只有在应用需要它时，才使用更高的特权权限。有关委派权限和应用程序权限的详细信息，请参阅权限类型。要了解有关这些权限的详细信息，请参阅权限参考。

权限类型	最低特权权限	更高特权权限
委派（工作或学校帐户）	Policy.Read.ApplicationConfiguration	Policy.ReadWrite.ApplicationConfiguration
委派（个人 Microsoft 帐户）	不支持。	不支持。
应用程序	Policy.Read.ApplicationConfiguration	Policy.ReadWrite.ApplicationConfiguration

重要

在具有工作或学校帐户的委托方案中，必须为登录用户分配受支持的Microsoft Entra角色或具有支持的角色权限的自定义角色。此操作支持以下最低特权角色：

云应用程序管理员
应用程序管理员

HTTP 请求

POST /policies/appManagementPolicies

请求标头

名称	说明
Authorization	持有者 {token}。必填。详细了解身份验证和授权。
Content-Type	application/json. 必需。

重要

具有 createdDateTime null 的服务主体被视为在 2019 年 1 月 1 日创建。

请求正文

在请求正文中，提供 appManagementPolicy 对象的 JSON 表示形式。

创建 appManagementPolicy 时，可以指定以下属性。

属性	类型	说明
displayName	String	策略的显示名称。必需。
description	String	策略说明。必填。
isEnabled	Boolean	表示是否启用策略。可选。
限制	appManagementConfiguration	适用于应用程序或服务主体对象的限制。可选。

响应

如果成功，此方法返回响应 201 Created 代码，并在响应有效负载中包含新的 appManagementPolicy 对象。

示例

请求

以下示例显示了一个请求。此请求使用以下设置创建了应用管理策略：

启用策略。
阻止为 2019 年 10 月 19 日上午 10：37 UTC 时间上午 10：37 创建的应用程序和服务主体创建新密码。
将 2014 年 10 月 19 日上午 10：37 UTC 时间创建的应用和服务主体的密码密码限制为少于 90 天。
禁用 nonDefaultUriAddition 限制。这意味着应用了此策略的应用可以向其应用添加新的非默认标识符 URI，即使租户默认策略通常会阻止它。
不指定任何其他限制。这意味着，应用了此策略的应用/服务主体的这些限制行为会回退到租户默认策略的配置方式。

POST https://graph.microsoft.com/v1.0/policies/appManagementPolicies

{
    "displayName": "Credential management policy",
    "description": "Cred policy sample",
    "isEnabled": true,
    "restrictions": {
        "passwordCredentials": [
            {
                "restrictionType": "passwordAddition",
                "state": "enabled",
                "maxLifetime": null,
                "restrictForAppsCreatedAfterDateTime": "2019-10-19T10:37:00Z"
            },
            {
                "restrictionType": "passwordLifetime",
                "state": "enabled",
                "maxLifetime": "P90D",
                "restrictForAppsCreatedAfterDateTime": "2014-10-19T10:37:00Z"
            },
            {
                "restrictionType": "symmetricKeyAddition",
                "state": "enabled",
                "maxLifetime": null,
                "restrictForAppsCreatedAfterDateTime": "2019-10-19T10:37:00Z"
            },
            {
                "restrictionType": "symmetricKeyLifetime",
                "state": "enabled",
                "maxLifetime": "P90D",
                "restrictForAppsCreatedAfterDateTime": "2014-10-19T10:37:00Z"
            }
        ],
        "keyCredentials": [],
        "applicationRestrictions": {
            "identifierUris": {
                "nonDefaultUriAddition": {
                    "state": "disabled",
                    "restrictForAppsCreatedAfterDateTime": null,
                    "excludeAppsReceivingV2Tokens": true,
                    "excludeSaml": true
                }
            }
        }
    }
}


// Code snippets are only available for the latest version. Current version is 5.x

// Dependencies
using Microsoft.Graph.Models;
using Microsoft.Kiota.Abstractions.Serialization;

var requestBody = new AppManagementPolicy
{
	DisplayName = "Credential management policy",
	Description = "Cred policy sample",
	IsEnabled = true,
	Restrictions = new CustomAppManagementConfiguration
	{
		PasswordCredentials = new List<PasswordCredentialConfiguration>
		{
			new PasswordCredentialConfiguration
			{
				RestrictionType = AppCredentialRestrictionType.PasswordAddition,
				MaxLifetime = null,
				RestrictForAppsCreatedAfterDateTime = DateTimeOffset.Parse("2019-10-19T10:37:00Z"),
				AdditionalData = new Dictionary<string, object>
				{
					{
						"state" , "enabled"
					},
				},
			},
			new PasswordCredentialConfiguration
			{
				RestrictionType = AppCredentialRestrictionType.PasswordLifetime,
				MaxLifetime = TimeSpan.Parse("P90D"),
				RestrictForAppsCreatedAfterDateTime = DateTimeOffset.Parse("2014-10-19T10:37:00Z"),
				AdditionalData = new Dictionary<string, object>
				{
					{
						"state" , "enabled"
					},
				},
			},
			new PasswordCredentialConfiguration
			{
				RestrictionType = AppCredentialRestrictionType.SymmetricKeyAddition,
				MaxLifetime = null,
				RestrictForAppsCreatedAfterDateTime = DateTimeOffset.Parse("2019-10-19T10:37:00Z"),
				AdditionalData = new Dictionary<string, object>
				{
					{
						"state" , "enabled"
					},
				},
			},
			new PasswordCredentialConfiguration
			{
				RestrictionType = AppCredentialRestrictionType.SymmetricKeyLifetime,
				MaxLifetime = TimeSpan.Parse("P90D"),
				RestrictForAppsCreatedAfterDateTime = DateTimeOffset.Parse("2014-10-19T10:37:00Z"),
				AdditionalData = new Dictionary<string, object>
				{
					{
						"state" , "enabled"
					},
				},
			},
		},
		KeyCredentials = new List<KeyCredentialConfiguration>
		{
		},
		AdditionalData = new Dictionary<string, object>
		{
			{
				"applicationRestrictions" , new UntypedObject(new Dictionary<string, UntypedNode>
				{
					{
						"identifierUris", new UntypedObject(new Dictionary<string, UntypedNode>
						{
							{
								"nonDefaultUriAddition", new UntypedObject(new Dictionary<string, UntypedNode>
								{
									{
										"state", new UntypedString("disabled")
									},
									{
										"restrictForAppsCreatedAfterDateTime", new UntypedNull()
									},
									{
										"excludeAppsReceivingV2Tokens", new UntypedBoolean(true)
									},
									{
										"excludeSaml", new UntypedBoolean(true)
									},
								})
							},
						})
					},
				})
			},
		},
	},
};

// To initialize your graphClient, see https://learn.microsoft.com/en-us/graph/sdks/create-client?from=snippets&tabs=csharp
var result = await graphClient.Policies.AppManagementPolicies.PostAsync(requestBody);

有关如何将 SDK 添加到项目并创建 authProvider 实例的详细信息，请参阅 SDK 文档。



mgc policies app-management-policies create

有关如何将 SDK 添加到项目并创建 authProvider 实例的详细信息，请参阅 SDK 文档。



// Code snippets are only available for the latest major version. Current major version is $v1.*

// Dependencies
import (
	  "context"
	  msgraphsdk "github.com/microsoftgraph/msgraph-sdk-go"
	  graphmodels "github.com/microsoftgraph/msgraph-sdk-go/models"
	  //other-imports
)

requestBody := graphmodels.NewAppManagementPolicy()
displayName := "Credential management policy"
requestBody.SetDisplayName(&displayName) 
description := "Cred policy sample"
requestBody.SetDescription(&description) 
isEnabled := true
requestBody.SetIsEnabled(&isEnabled) 
restrictions := graphmodels.NewCustomAppManagementConfiguration()


passwordCredentialConfiguration := graphmodels.NewPasswordCredentialConfiguration()
restrictionType := graphmodels.PASSWORDADDITION_APPCREDENTIALRESTRICTIONTYPE 
passwordCredentialConfiguration.SetRestrictionType(&restrictionType) 
maxLifetime := null
passwordCredentialConfiguration.SetMaxLifetime(&maxLifetime) 
restrictForAppsCreatedAfterDateTime , err := time.Parse(time.RFC3339, "2019-10-19T10:37:00Z")
passwordCredentialConfiguration.SetRestrictForAppsCreatedAfterDateTime(&restrictForAppsCreatedAfterDateTime) 
additionalData := map[string]interface{}{
	"state" : "enabled", 
}
passwordCredentialConfiguration.SetAdditionalData(additionalData)
passwordCredentialConfiguration1 := graphmodels.NewPasswordCredentialConfiguration()
restrictionType := graphmodels.PASSWORDLIFETIME_APPCREDENTIALRESTRICTIONTYPE 
passwordCredentialConfiguration1.SetRestrictionType(&restrictionType) 
maxLifetime , err := abstractions.ParseISODuration("P90D")
passwordCredentialConfiguration1.SetMaxLifetime(&maxLifetime) 
restrictForAppsCreatedAfterDateTime , err := time.Parse(time.RFC3339, "2014-10-19T10:37:00Z")
passwordCredentialConfiguration1.SetRestrictForAppsCreatedAfterDateTime(&restrictForAppsCreatedAfterDateTime) 
additionalData := map[string]interface{}{
	"state" : "enabled", 
}
passwordCredentialConfiguration1.SetAdditionalData(additionalData)
passwordCredentialConfiguration2 := graphmodels.NewPasswordCredentialConfiguration()
restrictionType := graphmodels.SYMMETRICKEYADDITION_APPCREDENTIALRESTRICTIONTYPE 
passwordCredentialConfiguration2.SetRestrictionType(&restrictionType) 
maxLifetime := null
passwordCredentialConfiguration2.SetMaxLifetime(&maxLifetime) 
restrictForAppsCreatedAfterDateTime , err := time.Parse(time.RFC3339, "2019-10-19T10:37:00Z")
passwordCredentialConfiguration2.SetRestrictForAppsCreatedAfterDateTime(&restrictForAppsCreatedAfterDateTime) 
additionalData := map[string]interface{}{
	"state" : "enabled", 
}
passwordCredentialConfiguration2.SetAdditionalData(additionalData)
passwordCredentialConfiguration3 := graphmodels.NewPasswordCredentialConfiguration()
restrictionType := graphmodels.SYMMETRICKEYLIFETIME_APPCREDENTIALRESTRICTIONTYPE 
passwordCredentialConfiguration3.SetRestrictionType(&restrictionType) 
maxLifetime , err := abstractions.ParseISODuration("P90D")
passwordCredentialConfiguration3.SetMaxLifetime(&maxLifetime) 
restrictForAppsCreatedAfterDateTime , err := time.Parse(time.RFC3339, "2014-10-19T10:37:00Z")
passwordCredentialConfiguration3.SetRestrictForAppsCreatedAfterDateTime(&restrictForAppsCreatedAfterDateTime) 
additionalData := map[string]interface{}{
	"state" : "enabled", 
}
passwordCredentialConfiguration3.SetAdditionalData(additionalData)

passwordCredentials := []graphmodels.PasswordCredentialConfigurationable {
	passwordCredentialConfiguration,
	passwordCredentialConfiguration1,
	passwordCredentialConfiguration2,
	passwordCredentialConfiguration3,
}
restrictions.SetPasswordCredentials(passwordCredentials)
keyCredentials := []graphmodels.KeyCredentialConfigurationable {

}
restrictions.SetKeyCredentials(keyCredentials)
additionalData := map[string]interface{}{
applicationRestrictions := graph.New()
identifierUris := graph.New()
nonDefaultUriAddition := graph.New()
state := "disabled"
nonDefaultUriAddition.SetState(&state) 
	restrictForAppsCreatedAfterDateTime := null
nonDefaultUriAddition.SetRestrictForAppsCreatedAfterDateTime(&restrictForAppsCreatedAfterDateTime) 
	excludeAppsReceivingV2Tokens := true
nonDefaultUriAddition.SetExcludeAppsReceivingV2Tokens(&excludeAppsReceivingV2Tokens) 
	excludeSaml := true
nonDefaultUriAddition.SetExcludeSaml(&excludeSaml) 
	identifierUris.SetNonDefaultUriAddition(nonDefaultUriAddition)
	applicationRestrictions.SetIdentifierUris(identifierUris)
	restrictions.SetApplicationRestrictions(applicationRestrictions)
}
restrictions.SetAdditionalData(additionalData)
requestBody.SetRestrictions(restrictions)

// To initialize your graphClient, see https://learn.microsoft.com/en-us/graph/sdks/create-client?from=snippets&tabs=go
appManagementPolicies, err := graphClient.Policies().AppManagementPolicies().Post(context.Background(), requestBody, nil)

有关如何将 SDK 添加到项目并创建 authProvider 实例的详细信息，请参阅 SDK 文档。


// Code snippets are only available for the latest version. Current version is 6.x

GraphServiceClient graphClient = new GraphServiceClient(requestAdapter);

AppManagementPolicy appManagementPolicy = new AppManagementPolicy();
appManagementPolicy.setDisplayName("Credential management policy");
appManagementPolicy.setDescription("Cred policy sample");
appManagementPolicy.setIsEnabled(true);
CustomAppManagementConfiguration restrictions = new CustomAppManagementConfiguration();
LinkedList<PasswordCredentialConfiguration> passwordCredentials = new LinkedList<PasswordCredentialConfiguration>();
PasswordCredentialConfiguration passwordCredentialConfiguration = new PasswordCredentialConfiguration();
passwordCredentialConfiguration.setRestrictionType(AppCredentialRestrictionType.PasswordAddition);
passwordCredentialConfiguration.setMaxLifetime(null);
OffsetDateTime restrictForAppsCreatedAfterDateTime = OffsetDateTime.parse("2019-10-19T10:37:00Z");
passwordCredentialConfiguration.setRestrictForAppsCreatedAfterDateTime(restrictForAppsCreatedAfterDateTime);
HashMap<String, Object> additionalData = new HashMap<String, Object>();
additionalData.put("state", "enabled");
passwordCredentialConfiguration.setAdditionalData(additionalData);
passwordCredentials.add(passwordCredentialConfiguration);
PasswordCredentialConfiguration passwordCredentialConfiguration1 = new PasswordCredentialConfiguration();
passwordCredentialConfiguration1.setRestrictionType(AppCredentialRestrictionType.PasswordLifetime);
PeriodAndDuration maxLifetime1 = PeriodAndDuration.ofDuration(Duration.parse("P90D"));
passwordCredentialConfiguration1.setMaxLifetime(maxLifetime1);
OffsetDateTime restrictForAppsCreatedAfterDateTime1 = OffsetDateTime.parse("2014-10-19T10:37:00Z");
passwordCredentialConfiguration1.setRestrictForAppsCreatedAfterDateTime(restrictForAppsCreatedAfterDateTime1);
HashMap<String, Object> additionalData1 = new HashMap<String, Object>();
additionalData1.put("state", "enabled");
passwordCredentialConfiguration1.setAdditionalData(additionalData1);
passwordCredentials.add(passwordCredentialConfiguration1);
PasswordCredentialConfiguration passwordCredentialConfiguration2 = new PasswordCredentialConfiguration();
passwordCredentialConfiguration2.setRestrictionType(AppCredentialRestrictionType.SymmetricKeyAddition);
passwordCredentialConfiguration2.setMaxLifetime(null);
OffsetDateTime restrictForAppsCreatedAfterDateTime2 = OffsetDateTime.parse("2019-10-19T10:37:00Z");
passwordCredentialConfiguration2.setRestrictForAppsCreatedAfterDateTime(restrictForAppsCreatedAfterDateTime2);
HashMap<String, Object> additionalData2 = new HashMap<String, Object>();
additionalData2.put("state", "enabled");
passwordCredentialConfiguration2.setAdditionalData(additionalData2);
passwordCredentials.add(passwordCredentialConfiguration2);
PasswordCredentialConfiguration passwordCredentialConfiguration3 = new PasswordCredentialConfiguration();
passwordCredentialConfiguration3.setRestrictionType(AppCredentialRestrictionType.SymmetricKeyLifetime);
PeriodAndDuration maxLifetime3 = PeriodAndDuration.ofDuration(Duration.parse("P90D"));
passwordCredentialConfiguration3.setMaxLifetime(maxLifetime3);
OffsetDateTime restrictForAppsCreatedAfterDateTime3 = OffsetDateTime.parse("2014-10-19T10:37:00Z");
passwordCredentialConfiguration3.setRestrictForAppsCreatedAfterDateTime(restrictForAppsCreatedAfterDateTime3);
HashMap<String, Object> additionalData3 = new HashMap<String, Object>();
additionalData3.put("state", "enabled");
passwordCredentialConfiguration3.setAdditionalData(additionalData3);
passwordCredentials.add(passwordCredentialConfiguration3);
restrictions.setPasswordCredentials(passwordCredentials);
LinkedList<KeyCredentialConfiguration> keyCredentials = new LinkedList<KeyCredentialConfiguration>();
restrictions.setKeyCredentials(keyCredentials);
HashMap<String, Object> additionalData4 = new HashMap<String, Object>();
 applicationRestrictions = new ();
 identifierUris = new ();
 nonDefaultUriAddition = new ();
nonDefaultUriAddition.setState("disabled");
nonDefaultUriAddition.setRestrictForAppsCreatedAfterDateTime(null);
nonDefaultUriAddition.setExcludeAppsReceivingV2Tokens(true);
nonDefaultUriAddition.setExcludeSaml(true);
identifierUris.setNonDefaultUriAddition(nonDefaultUriAddition);
applicationRestrictions.setIdentifierUris(identifierUris);
additionalData4.put("applicationRestrictions", applicationRestrictions);
restrictions.setAdditionalData(additionalData4);
appManagementPolicy.setRestrictions(restrictions);
AppManagementPolicy result = graphClient.policies().appManagementPolicies().post(appManagementPolicy);

有关如何将 SDK 添加到项目并创建 authProvider 实例的详细信息，请参阅 SDK 文档。


const options = {
	authProvider,
};

const client = Client.init(options);

const appManagementPolicy = {
    displayName: 'Credential management policy',
    description: 'Cred policy sample',
    isEnabled: true,
    restrictions: {
        passwordCredentials: [
            {
                restrictionType: 'passwordAddition',
                state: 'enabled',
                maxLifetime: null,
                restrictForAppsCreatedAfterDateTime: '2019-10-19T10:37:00Z'
            },
            {
                restrictionType: 'passwordLifetime',
                state: 'enabled',
                maxLifetime: 'P90D',
                restrictForAppsCreatedAfterDateTime: '2014-10-19T10:37:00Z'
            },
            {
                restrictionType: 'symmetricKeyAddition',
                state: 'enabled',
                maxLifetime: null,
                restrictForAppsCreatedAfterDateTime: '2019-10-19T10:37:00Z'
            },
            {
                restrictionType: 'symmetricKeyLifetime',
                state: 'enabled',
                maxLifetime: 'P90D',
                restrictForAppsCreatedAfterDateTime: '2014-10-19T10:37:00Z'
            }
        ],
        keyCredentials: [],
        applicationRestrictions: {
            identifierUris: {
                nonDefaultUriAddition: {
                    state: 'disabled',
                    restrictForAppsCreatedAfterDateTime: null,
                    excludeAppsReceivingV2Tokens: true,
                    excludeSaml: true
                }
            }
        }
    }
};

await client.api('/policies/appManagementPolicies')
	.post(appManagementPolicy);

有关如何将 SDK 添加到项目并创建 authProvider 实例的详细信息，请参阅 SDK 文档。


<?php
use Microsoft\Graph\GraphServiceClient;
use Microsoft\Graph\Generated\Models\AppManagementPolicy;
use Microsoft\Graph\Generated\Models\CustomAppManagementConfiguration;
use Microsoft\Graph\Generated\Models\PasswordCredentialConfiguration;
use Microsoft\Graph\Generated\Models\AppCredentialRestrictionType;
use Microsoft\Graph\Generated\Models\KeyCredentialConfiguration;


$graphServiceClient = new GraphServiceClient($tokenRequestContext, $scopes);

$requestBody = new AppManagementPolicy();
$requestBody->setDisplayName('Credential management policy');
$requestBody->setDescription('Cred policy sample');
$requestBody->setIsEnabled(true);
$restrictions = new CustomAppManagementConfiguration();
$passwordCredentialsPasswordCredentialConfiguration1 = new PasswordCredentialConfiguration();
$passwordCredentialsPasswordCredentialConfiguration1->setRestrictionType(new AppCredentialRestrictionType('passwordAddition'));
$passwordCredentialsPasswordCredentialConfiguration1->setMaxLifetime(null);
$passwordCredentialsPasswordCredentialConfiguration1->setRestrictForAppsCreatedAfterDateTime(new \DateTime('2019-10-19T10:37:00Z'));
$additionalData = [
	'state' => 'enabled',
];
$passwordCredentialsPasswordCredentialConfiguration1->setAdditionalData($additionalData);
$passwordCredentialsArray []= $passwordCredentialsPasswordCredentialConfiguration1;
$passwordCredentialsPasswordCredentialConfiguration2 = new PasswordCredentialConfiguration();
$passwordCredentialsPasswordCredentialConfiguration2->setRestrictionType(new AppCredentialRestrictionType('passwordLifetime'));
$passwordCredentialsPasswordCredentialConfiguration2->setMaxLifetime(new \DateInterval('P90D'));
$passwordCredentialsPasswordCredentialConfiguration2->setRestrictForAppsCreatedAfterDateTime(new \DateTime('2014-10-19T10:37:00Z'));
$additionalData = [
	'state' => 'enabled',
];
$passwordCredentialsPasswordCredentialConfiguration2->setAdditionalData($additionalData);
$passwordCredentialsArray []= $passwordCredentialsPasswordCredentialConfiguration2;
$passwordCredentialsPasswordCredentialConfiguration3 = new PasswordCredentialConfiguration();
$passwordCredentialsPasswordCredentialConfiguration3->setRestrictionType(new AppCredentialRestrictionType('symmetricKeyAddition'));
$passwordCredentialsPasswordCredentialConfiguration3->setMaxLifetime(null);
$passwordCredentialsPasswordCredentialConfiguration3->setRestrictForAppsCreatedAfterDateTime(new \DateTime('2019-10-19T10:37:00Z'));
$additionalData = [
	'state' => 'enabled',
];
$passwordCredentialsPasswordCredentialConfiguration3->setAdditionalData($additionalData);
$passwordCredentialsArray []= $passwordCredentialsPasswordCredentialConfiguration3;
$passwordCredentialsPasswordCredentialConfiguration4 = new PasswordCredentialConfiguration();
$passwordCredentialsPasswordCredentialConfiguration4->setRestrictionType(new AppCredentialRestrictionType('symmetricKeyLifetime'));
$passwordCredentialsPasswordCredentialConfiguration4->setMaxLifetime(new \DateInterval('P90D'));
$passwordCredentialsPasswordCredentialConfiguration4->setRestrictForAppsCreatedAfterDateTime(new \DateTime('2014-10-19T10:37:00Z'));
$additionalData = [
	'state' => 'enabled',
];
$passwordCredentialsPasswordCredentialConfiguration4->setAdditionalData($additionalData);
$passwordCredentialsArray []= $passwordCredentialsPasswordCredentialConfiguration4;
$restrictions->setPasswordCredentials($passwordCredentialsArray);

$restrictions->setKeyCredentials([]);
$additionalData = [
'applicationRestrictions' => [
	'identifierUris' => [
		'nonDefaultUriAddition' => [
			'state' => 'disabled',
			'restrictForAppsCreatedAfterDateTime' => null,
			'excludeAppsReceivingV2Tokens' => true,
			'excludeSaml' => true,
		],
	],
],
];
$restrictions->setAdditionalData($additionalData);
$requestBody->setRestrictions($restrictions);

$result = $graphServiceClient->policies()->appManagementPolicies()->post($requestBody)->wait();

有关如何将 SDK 添加到项目并创建 authProvider 实例的详细信息，请参阅 SDK 文档。


Import-Module Microsoft.Graph.Identity.SignIns

$params = @{
	displayName = "Credential management policy"
	description = "Cred policy sample"
	isEnabled = $true
	restrictions = @{
		passwordCredentials = @(
			@{
				restrictionType = "passwordAddition"
				state = "enabled"
				maxLifetime = $null
				restrictForAppsCreatedAfterDateTime = [System.DateTime]::Parse("2019-10-19T10:37:00Z")
			}
			@{
				restrictionType = "passwordLifetime"
				state = "enabled"
				maxLifetime = "P90D"
				restrictForAppsCreatedAfterDateTime = [System.DateTime]::Parse("2014-10-19T10:37:00Z")
			}
			@{
				restrictionType = "symmetricKeyAddition"
				state = "enabled"
				maxLifetime = $null
				restrictForAppsCreatedAfterDateTime = [System.DateTime]::Parse("2019-10-19T10:37:00Z")
			}
			@{
				restrictionType = "symmetricKeyLifetime"
				state = "enabled"
				maxLifetime = "P90D"
				restrictForAppsCreatedAfterDateTime = [System.DateTime]::Parse("2014-10-19T10:37:00Z")
			}
		)
		keyCredentials = @(
		)
		applicationRestrictions = @{
			identifierUris = @{
				nonDefaultUriAddition = @{
					state = "disabled"
					restrictForAppsCreatedAfterDateTime = $null
					excludeAppsReceivingV2Tokens = $true
					excludeSaml = $true
				}
			}
		}
	}
}

New-MgPolicyAppManagementPolicy -BodyParameter $params

有关如何将 SDK 添加到项目并创建 authProvider 实例的详细信息，请参阅 SDK 文档。


# Code snippets are only available for the latest version. Current version is 1.x
from msgraph import GraphServiceClient
from msgraph.generated.models.app_management_policy import AppManagementPolicy
from msgraph.generated.models.custom_app_management_configuration import CustomAppManagementConfiguration
from msgraph.generated.models.password_credential_configuration import PasswordCredentialConfiguration
from msgraph.generated.models.app_credential_restriction_type import AppCredentialRestrictionType
from msgraph.generated.models.key_credential_configuration import KeyCredentialConfiguration
# To initialize your graph_client, see https://learn.microsoft.com/en-us/graph/sdks/create-client?from=snippets&tabs=python
request_body = AppManagementPolicy(
	display_name = "Credential management policy",
	description = "Cred policy sample",
	is_enabled = True,
	restrictions = CustomAppManagementConfiguration(
		password_credentials = [
			PasswordCredentialConfiguration(
				restriction_type = AppCredentialRestrictionType.PasswordAddition,
				max_lifetime = None,
				restrict_for_apps_created_after_date_time = "2019-10-19T10:37:00Z",
				additional_data = {
						"state" : "enabled",
				}
			),
			PasswordCredentialConfiguration(
				restriction_type = AppCredentialRestrictionType.PasswordLifetime,
				max_lifetime = "P90D",
				restrict_for_apps_created_after_date_time = "2014-10-19T10:37:00Z",
				additional_data = {
						"state" : "enabled",
				}
			),
			PasswordCredentialConfiguration(
				restriction_type = AppCredentialRestrictionType.SymmetricKeyAddition,
				max_lifetime = None,
				restrict_for_apps_created_after_date_time = "2019-10-19T10:37:00Z",
				additional_data = {
						"state" : "enabled",
				}
			),
			PasswordCredentialConfiguration(
				restriction_type = AppCredentialRestrictionType.SymmetricKeyLifetime,
				max_lifetime = "P90D",
				restrict_for_apps_created_after_date_time = "2014-10-19T10:37:00Z",
				additional_data = {
						"state" : "enabled",
				}
			),
		],
		key_credentials = [
		],
		additional_data = {
				"application_restrictions" : {
						"identifier_uris" : {
								"non_default_uri_addition" : {
										"state" : "disabled",
										"restrict_for_apps_created_after_date_time" : None,
										"exclude_apps_receiving_v2_tokens" : True,
										"exclude_saml" : True,
								},
						},
				},
		}
	),
)

result = await graph_client.policies.app_management_policies.post(request_body)

有关如何将 SDK 添加到项目并创建 authProvider 实例的详细信息，请参阅 SDK 文档。

响应

以下示例显示了相应的响应。

HTTP/1.1 200 OK
Content-type: application/json

{
    "@odata.context": "https://graph.microsoft.com/v1.0/$metadata#policies/appManagementPolicies/$entity",
    "id": "a4ab1ed9-46bb-4bef-88d4-86fd6398dd5d",
    "displayName": "credential management policy",
    "description": "Lorem ipsum",
    "isEnabled": true,
    "restrictions": {
        "passwordCredentials": [
            {
                "restrictionType": "passwordAddition",
                "state": "enabled",
                "maxLifetime": null,
                "restrictForAppsCreatedAfterDateTime": "2019-10-19T10:37:00Z"
            },
            {
                "restrictionType": "passwordLifetime",
                "state": "enabled",
                "maxLifetime": "P90D",
                "restrictForAppsCreatedAfterDateTime": "2018-10-19T10:37:00Z"
            },
            {
                "restrictionType": "symmetricKeyAddition",
                "state": "enabled",
                "maxLifetime": null,
                "restrictForAppsCreatedAfterDateTime": "2019-10-19T10:37:00Z"
            },
            {
                "restrictionType": "symmetricKeyLifetime",
                "state": "enabled",
                "maxLifetime": "P90D",
                "restrictForAppsCreatedAfterDateTime": "2014-10-19T10:37:00Z"
            }
        ],
        "keyCredentials": [],
        "applicationRestrictions": {
            "identifierUris": {
                "nonDefaultUriAddition": {
                    "state": "disabled",
                    "restrictForAppsCreatedAfterDateTime": null,
                    "excludeAppsReceivingV2Tokens": true,
                    "excludeSaml": true
                }
            }
        }
    }
}

通过

创建 appManagementPolicy

权限

HTTP 请求

请求标头

请求正文

响应

示例

请求

响应

反馈

其他资源