创建 windows10EndpointProtectionConfiguration

命名空间:microsoft.graph

注意:适用于 Intune 的 Microsoft Graph API 需要适用于租户的活动 Intune 许可证

创建新的 windows10EndpointProtectionConfiguration 对象。

此 API 可用于以下国家级云部署

全局服务 美国政府 L4 美国政府 L5 (DOD) 由世纪互联运营的中国

权限

要调用此 API,需要以下权限之一。 若要了解详细信息,包括如何选择权限的信息,请参阅权限

权限类型 权限(从最低特权到最高特权)
委派(工作或学校帐户) DeviceManagementConfiguration.ReadWrite.All
委派(个人 Microsoft 帐户) 不支持。
应用程序 DeviceManagementConfiguration.ReadWrite.All

HTTP 请求

POST /deviceManagement/deviceConfigurations

请求标头

标头
Authorization 持有者 {token}。 必填。 详细了解 身份验证和授权
接受 application/json

请求正文

在请求正文中,提供 windows10EndpointProtectionConfiguration 对象的 JSON 表示形式。

下表显示了创建 windows10EndpointProtectionConfiguration 时所需的属性。

属性 类型 说明
id String 实体的键。 继承自 deviceConfiguration
lastModifiedDateTime DateTimeOffset 上次修改对象的日期/时间。 继承自 deviceConfiguration
createdDateTime DateTimeOffset 创建对象的日期/时间。 继承自 deviceConfiguration
description String 管理员提供的设备配置的说明。 继承自 deviceConfiguration
displayName String 管理员提供的设备配置的名称。 继承自 deviceConfiguration
version Int32 设备配置的版本。 继承自 deviceConfiguration
firewallBlockStatefulFTP Boolean 阻止到设备的有状态 FTP 连接
firewallIdleTimeoutForSecurityAssociationInSeconds Int32 配置安全关联的空闲超时(以秒为单位),值范围为 300 到 3600(包括这两个值)。 这是一个时间段,在此之后安全关联将过期并被删除。 有效值为 300 至 3600
firewallPreSharedKeyEncodingMethod firewallPreSharedKeyEncodingMethodType 选择要使用的预共享密钥编码。 可取值为:deviceDefaultnoneutF8
firewallIPSecExemptionsAllowNeighborDiscovery Boolean 配置 IPSec 免除项以允许邻居发现 IPv6 ICMP 类型代码
firewallIPSecExemptionsAllowICMP Boolean 配置 IPSec 免除项以允许 ICMP
firewallIPSecExemptionsAllowRouterDiscovery Boolean 配置 IPSec 免除项以允许路由器发现 IPv6 ICMP 类型代码
firewallIPSecExemptionsAllowDHCP Boolean 配置 IPSec 免除项以允许 IPv4 和 IPv6 DHCP 通信
firewallCertificateRevocationListCheckMethod firewallCertificateRevocationListCheckMethodType 指定如何强制实施证书吊销列表。 可取值为:deviceDefaultnoneattemptrequire
firewallMergeKeyingModuleSettings Boolean 如果键控模块不完全支持身份验证集,请指示模块仅忽略不受支持的身份验证套件而不是整个集
firewallPacketQueueingMethod firewallPacketQueueingMethodType 配置应在隧道网关方案中应用数据包队列的方式。 可取值为:deviceDefaultdisabledqueueInboundqueueOutboundqueueBoth
firewallProfileDomain windowsFirewallNetworkProfile 配置域网络的防火墙配置文件设置
firewallProfilePublic windowsFirewallNetworkProfile 配置公用网络的防火墙配置文件设置
firewallProfilePrivate windowsFirewallNetworkProfile 配置专用网络的防火墙配置文件设置
defenderAttackSurfaceReductionExcludedPaths String 集合 要从攻击面减少规则中排除的 exe 文件和文件夹的列表
defenderGuardedFoldersAllowedAppPaths String 集合 允许访问受保护文件夹的 exe 路径列表
defenderAdditionalGuardedFolders String 集合 要添加到受保护文件夹列表的文件夹路径列表
defenderExploitProtectionXml Binary 包含有关 Exploit Protection 详细信息的 xml 内容。
defenderExploitProtectionXmlFileName String 从中获取 DefenderExploitProtectionXml 的文件的名称。
defenderSecurityCenterBlockExploitProtectionOverride Boolean 指示是否阻止用户覆盖 Exploit Protection 设置。
appLockerApplicationControl appLockerApplicationControlType 使管理员能够选择在设备上允许哪些类型的应用。 可取值为:notConfiguredenforceComponentsAndStoreAppsauditComponentsAndStoreAppsenforceComponentsStoreAppsAndSmartlockerauditComponentsStoreAppsAndSmartlocker
smartScreenEnableInShell Boolean 允许 IT 管理员配置适用于 Windows 的 SmartScreen。
smartScreenBlockOverrideForFiles Boolean 允许 IT 管理员控制用户是否可以忽略 SmartScreen 警告并运行恶意文件。
applicationGuardEnabled Boolean 启用 Windows Defender 应用程序防护
applicationGuardBlockFileTransfer applicationGuardBlockFileTransferType 阻止剪贴板传输图像文件、文本文件或两者均不传输。 可取值为:notConfiguredblockImageAndTextFileblockImageFileblockNoneblockTextFile
applicationGuardBlockNonEnterpriseContent Boolean 阻止企业站点加载非企业内容,例如第三方插件
applicationGuardAllowPersistence Boolean 允许 App Guard 容器(收藏夹、Cookie、Web 密码等)内的持久用户生成数据
applicationGuardForceAuditing Boolean 强制审核将存留 Windows 日志和事件以满足安全/符合性条件(示例事件是用户登录注销、特权使用、软件安装、系统更改等)
applicationGuardBlockClipboardSharing applicationGuardBlockClipboardSharingType 阻止剪贴板将数据从主机共享到容器或从容器共享到主机,或阻止两种方式,或两种方式均不阻止。 可取值为:notConfiguredblockBothblockHostToContainerblockContainerToHostblockNone
applicationGuardAllowPrintToPDF Boolean 允许从容器打印为 PDF 格式
applicationGuardAllowPrintToXPS Boolean 允许从容器打印为 XPS 格式
applicationGuardAllowPrintToLocalPrinters Boolean 允许从容器打印到本地打印机
applicationGuardAllowPrintToNetworkPrinters Boolean 允许从容器打印到网络打印机
bitLockerDisableWarningForOtherDiskEncryption Boolean 允许管理员禁用对用户计算机上其他磁盘加密的警告提示。
bitLockerEnableStorageCardEncryptionOnMobile Boolean 允许管理员要求使用 BitLocker 开启加密功能。 此策略仅适用于移动 SKU。
bitLockerEncryptDevice Boolean 允许管理员要求使用 BitLocker 开启加密功能。
bitLockerRemovableDrivePolicy bitLockerRemovableDrivePolicy BitLocker 可移动驱动器策略。

响应

如果成功,此方法在响应正文中返回 201 Created 响应代码和 windows10EndpointProtectionConfiguration 对象。

示例

请求

下面是一个请求示例。

POST https://graph.microsoft.com/v1.0/deviceManagement/deviceConfigurations
Content-type: application/json
Content-length: 4245

{
  "@odata.type": "#microsoft.graph.windows10EndpointProtectionConfiguration",
  "description": "Description value",
  "displayName": "Display Name value",
  "version": 7,
  "firewallBlockStatefulFTP": true,
  "firewallIdleTimeoutForSecurityAssociationInSeconds": 2,
  "firewallPreSharedKeyEncodingMethod": "none",
  "firewallIPSecExemptionsAllowNeighborDiscovery": true,
  "firewallIPSecExemptionsAllowICMP": true,
  "firewallIPSecExemptionsAllowRouterDiscovery": true,
  "firewallIPSecExemptionsAllowDHCP": true,
  "firewallCertificateRevocationListCheckMethod": "none",
  "firewallMergeKeyingModuleSettings": true,
  "firewallPacketQueueingMethod": "disabled",
  "firewallProfileDomain": {
    "@odata.type": "microsoft.graph.windowsFirewallNetworkProfile",
    "firewallEnabled": "blocked",
    "stealthModeBlocked": true,
    "incomingTrafficBlocked": true,
    "unicastResponsesToMulticastBroadcastsBlocked": true,
    "inboundNotificationsBlocked": true,
    "authorizedApplicationRulesFromGroupPolicyMerged": true,
    "globalPortRulesFromGroupPolicyMerged": true,
    "connectionSecurityRulesFromGroupPolicyMerged": true,
    "outboundConnectionsBlocked": true,
    "inboundConnectionsBlocked": true,
    "securedPacketExemptionAllowed": true,
    "policyRulesFromGroupPolicyMerged": true
  },
  "firewallProfilePublic": {
    "@odata.type": "microsoft.graph.windowsFirewallNetworkProfile",
    "firewallEnabled": "blocked",
    "stealthModeBlocked": true,
    "incomingTrafficBlocked": true,
    "unicastResponsesToMulticastBroadcastsBlocked": true,
    "inboundNotificationsBlocked": true,
    "authorizedApplicationRulesFromGroupPolicyMerged": true,
    "globalPortRulesFromGroupPolicyMerged": true,
    "connectionSecurityRulesFromGroupPolicyMerged": true,
    "outboundConnectionsBlocked": true,
    "inboundConnectionsBlocked": true,
    "securedPacketExemptionAllowed": true,
    "policyRulesFromGroupPolicyMerged": true
  },
  "firewallProfilePrivate": {
    "@odata.type": "microsoft.graph.windowsFirewallNetworkProfile",
    "firewallEnabled": "blocked",
    "stealthModeBlocked": true,
    "incomingTrafficBlocked": true,
    "unicastResponsesToMulticastBroadcastsBlocked": true,
    "inboundNotificationsBlocked": true,
    "authorizedApplicationRulesFromGroupPolicyMerged": true,
    "globalPortRulesFromGroupPolicyMerged": true,
    "connectionSecurityRulesFromGroupPolicyMerged": true,
    "outboundConnectionsBlocked": true,
    "inboundConnectionsBlocked": true,
    "securedPacketExemptionAllowed": true,
    "policyRulesFromGroupPolicyMerged": true
  },
  "defenderAttackSurfaceReductionExcludedPaths": [
    "Defender Attack Surface Reduction Excluded Paths value"
  ],
  "defenderGuardedFoldersAllowedAppPaths": [
    "Defender Guarded Folders Allowed App Paths value"
  ],
  "defenderAdditionalGuardedFolders": [
    "Defender Additional Guarded Folders value"
  ],
  "defenderExploitProtectionXml": "ZGVmZW5kZXJFeHBsb2l0UHJvdGVjdGlvblhtbA==",
  "defenderExploitProtectionXmlFileName": "Defender Exploit Protection Xml File Name value",
  "defenderSecurityCenterBlockExploitProtectionOverride": true,
  "appLockerApplicationControl": "enforceComponentsAndStoreApps",
  "smartScreenEnableInShell": true,
  "smartScreenBlockOverrideForFiles": true,
  "applicationGuardEnabled": true,
  "applicationGuardBlockFileTransfer": "blockImageAndTextFile",
  "applicationGuardBlockNonEnterpriseContent": true,
  "applicationGuardAllowPersistence": true,
  "applicationGuardForceAuditing": true,
  "applicationGuardBlockClipboardSharing": "blockBoth",
  "applicationGuardAllowPrintToPDF": true,
  "applicationGuardAllowPrintToXPS": true,
  "applicationGuardAllowPrintToLocalPrinters": true,
  "applicationGuardAllowPrintToNetworkPrinters": true,
  "bitLockerDisableWarningForOtherDiskEncryption": true,
  "bitLockerEnableStorageCardEncryptionOnMobile": true,
  "bitLockerEncryptDevice": true,
  "bitLockerRemovableDrivePolicy": {
    "@odata.type": "microsoft.graph.bitLockerRemovableDrivePolicy",
    "encryptionMethod": "aesCbc256",
    "requireEncryptionForWriteAccess": true,
    "blockCrossOrganizationWriteAccess": true
  }
}

响应

下面是一个响应示例。 注意:为简洁起见,可能会截断此处显示的响应对象。 将从实际调用中返回所有属性。

HTTP/1.1 201 Created
Content-Type: application/json
Content-Length: 4417

{
  "@odata.type": "#microsoft.graph.windows10EndpointProtectionConfiguration",
  "id": "09709403-9403-0970-0394-700903947009",
  "lastModifiedDateTime": "2017-01-01T00:00:35.1329464-08:00",
  "createdDateTime": "2017-01-01T00:02:43.5775965-08:00",
  "description": "Description value",
  "displayName": "Display Name value",
  "version": 7,
  "firewallBlockStatefulFTP": true,
  "firewallIdleTimeoutForSecurityAssociationInSeconds": 2,
  "firewallPreSharedKeyEncodingMethod": "none",
  "firewallIPSecExemptionsAllowNeighborDiscovery": true,
  "firewallIPSecExemptionsAllowICMP": true,
  "firewallIPSecExemptionsAllowRouterDiscovery": true,
  "firewallIPSecExemptionsAllowDHCP": true,
  "firewallCertificateRevocationListCheckMethod": "none",
  "firewallMergeKeyingModuleSettings": true,
  "firewallPacketQueueingMethod": "disabled",
  "firewallProfileDomain": {
    "@odata.type": "microsoft.graph.windowsFirewallNetworkProfile",
    "firewallEnabled": "blocked",
    "stealthModeBlocked": true,
    "incomingTrafficBlocked": true,
    "unicastResponsesToMulticastBroadcastsBlocked": true,
    "inboundNotificationsBlocked": true,
    "authorizedApplicationRulesFromGroupPolicyMerged": true,
    "globalPortRulesFromGroupPolicyMerged": true,
    "connectionSecurityRulesFromGroupPolicyMerged": true,
    "outboundConnectionsBlocked": true,
    "inboundConnectionsBlocked": true,
    "securedPacketExemptionAllowed": true,
    "policyRulesFromGroupPolicyMerged": true
  },
  "firewallProfilePublic": {
    "@odata.type": "microsoft.graph.windowsFirewallNetworkProfile",
    "firewallEnabled": "blocked",
    "stealthModeBlocked": true,
    "incomingTrafficBlocked": true,
    "unicastResponsesToMulticastBroadcastsBlocked": true,
    "inboundNotificationsBlocked": true,
    "authorizedApplicationRulesFromGroupPolicyMerged": true,
    "globalPortRulesFromGroupPolicyMerged": true,
    "connectionSecurityRulesFromGroupPolicyMerged": true,
    "outboundConnectionsBlocked": true,
    "inboundConnectionsBlocked": true,
    "securedPacketExemptionAllowed": true,
    "policyRulesFromGroupPolicyMerged": true
  },
  "firewallProfilePrivate": {
    "@odata.type": "microsoft.graph.windowsFirewallNetworkProfile",
    "firewallEnabled": "blocked",
    "stealthModeBlocked": true,
    "incomingTrafficBlocked": true,
    "unicastResponsesToMulticastBroadcastsBlocked": true,
    "inboundNotificationsBlocked": true,
    "authorizedApplicationRulesFromGroupPolicyMerged": true,
    "globalPortRulesFromGroupPolicyMerged": true,
    "connectionSecurityRulesFromGroupPolicyMerged": true,
    "outboundConnectionsBlocked": true,
    "inboundConnectionsBlocked": true,
    "securedPacketExemptionAllowed": true,
    "policyRulesFromGroupPolicyMerged": true
  },
  "defenderAttackSurfaceReductionExcludedPaths": [
    "Defender Attack Surface Reduction Excluded Paths value"
  ],
  "defenderGuardedFoldersAllowedAppPaths": [
    "Defender Guarded Folders Allowed App Paths value"
  ],
  "defenderAdditionalGuardedFolders": [
    "Defender Additional Guarded Folders value"
  ],
  "defenderExploitProtectionXml": "ZGVmZW5kZXJFeHBsb2l0UHJvdGVjdGlvblhtbA==",
  "defenderExploitProtectionXmlFileName": "Defender Exploit Protection Xml File Name value",
  "defenderSecurityCenterBlockExploitProtectionOverride": true,
  "appLockerApplicationControl": "enforceComponentsAndStoreApps",
  "smartScreenEnableInShell": true,
  "smartScreenBlockOverrideForFiles": true,
  "applicationGuardEnabled": true,
  "applicationGuardBlockFileTransfer": "blockImageAndTextFile",
  "applicationGuardBlockNonEnterpriseContent": true,
  "applicationGuardAllowPersistence": true,
  "applicationGuardForceAuditing": true,
  "applicationGuardBlockClipboardSharing": "blockBoth",
  "applicationGuardAllowPrintToPDF": true,
  "applicationGuardAllowPrintToXPS": true,
  "applicationGuardAllowPrintToLocalPrinters": true,
  "applicationGuardAllowPrintToNetworkPrinters": true,
  "bitLockerDisableWarningForOtherDiskEncryption": true,
  "bitLockerEnableStorageCardEncryptionOnMobile": true,
  "bitLockerEncryptDevice": true,
  "bitLockerRemovableDrivePolicy": {
    "@odata.type": "microsoft.graph.bitLockerRemovableDrivePolicy",
    "encryptionMethod": "aesCbc256",
    "requireEncryptionForWriteAccess": true,
    "blockCrossOrganizationWriteAccess": true
  }
}