创建 windows10VpnConfiguration

命名空间：microsoft.graph

重要： Microsoft /beta 版本下的 Graph API 可能会发生更改;不支持生产使用。

注意：适用于 Intune 的 Microsoft Graph API 需要适用于租户的活动 Intune 许可证。

创建新的 windows10VpnConfiguration 对象。

此 API 可用于以下国家级云部署。

全局服务	美国政府 L4	美国政府 L5 (DOD)	由世纪互联运营的中国
✅	✅	✅	✅

权限

要调用此 API，需要以下权限之一。 若要了解详细信息，包括如何选择权限的信息，请参阅权限。

权限类型	权限（从最低特权到最高特权）
委派（工作或学校帐户）	DeviceManagementConfiguration.ReadWrite.All
委派（个人 Microsoft 帐户）	不支持。
应用程序	DeviceManagementConfiguration.ReadWrite.All

HTTP 请求

POST /deviceManagement/deviceConfigurations
POST /deviceManagement/deviceConfigurations/{deviceConfigurationId}/microsoft.graph.windowsDomainJoinConfiguration/networkAccessConfigurations

请求标头

标头	值
Authorization	持有者 {token}。 必填。 详细了解 身份验证和授权。
接受	application/json

请求正文

在请求正文中，提供 windows10VpnConfiguration 对象的 JSON 表示形式。

下表显示了创建 windows10VpnConfiguration 时所需的属性。

属性	类型	说明
id	String	实体的键。 继承自 deviceConfiguration
lastModifiedDateTime	DateTimeOffset	上次修改对象的日期/时间。 继承自 deviceConfiguration
roleScopeTagIds	字符串集合	此实体实例的范围标记列表。 继承自 deviceConfiguration
supportsScopeTags	布尔值	指示基础设备配置是否支持分配范围标记。 如果此值为 false，并且实体对限定范围的用户不可见，则不允许向 ScopeTags 属性分配。 这发生在 Silverlight 中创建的旧策略，可以通过在 Azure 门户中删除并重新创建策略来解决。 此属性是只读的。 继承自 deviceConfiguration
deviceManagementApplicabilityRuleOsEdition	deviceManagementApplicabilityRuleOsEdition	此策略的 OS 版本适用性。 继承自 deviceConfiguration
deviceManagementApplicabilityRuleOsVersion	deviceManagementApplicabilityRuleOsVersion	此策略的 OS 版本适用性规则。 继承自 deviceConfiguration
deviceManagementApplicabilityRuleDeviceMode	deviceManagementApplicabilityRuleDeviceMode	此策略的设备模式适用性规则。 继承自 deviceConfiguration
createdDateTime	DateTimeOffset	创建对象的日期/时间。 继承自 deviceConfiguration
description	String	管理员提供的设备配置的说明。 继承自 deviceConfiguration
displayName	String	管理员提供的设备配置的名称。 继承自 deviceConfiguration
version	Int32	设备配置的版本。 继承自 deviceConfiguration
connectionName	String	向用户显示的连接名称。 继承自 windowsVpnConfiguration
服务器	vpnServer 集合	网络上的 VPN 服务器列表。 确保最终用户可以访问这些网络位置。 该集合最多可包含 500 个元素。 继承自 windowsVpnConfiguration
customXml	Binary	用于配置 VPN 连接的自定义 XML 命令。 (UTF8 编码的字节数组) 继承自 windowsVpnConfiguration
profileTarget	windows10VpnProfileTarget	配置文件目标类型。 可取值为：user、device、autoPilotDevice。
connectionType	windows10VpnConnectionType	连接类型。 可能的值是：pulseSecure、f5EdgeClient、dellSonicWallMobileConnect、checkPointCapsuleVpn、automatic、ikEv2、l2tp、pptp、citrix、paloAltoGlobalProtect、ciscoAnyConnect、unknownFutureValue、microsoftTunnel。
enableSplitTunneling	布尔值	启用拆分隧道。
enableAlwaysOn	布尔值	启用Always On模式。
enableDeviceTunnel	布尔值	启用设备隧道。
enableDnsRegistration	布尔值	使用内部 DNS 启用 IP 地址注册。
dnsSuffixes	字符串集合	指定要添加到 DNS 搜索列表以正确路由短名称的 DNS 后缀。
microsoftTunnelSiteId	String	与 VPN 配置文件关联的Microsoft隧道站点的 ID。
authenticationMethod	windows10VpnAuthenticationMethod	身份验证方法。 可能的值是：certificate、usernameAndPassword、customEapXml、derivedCredential。
rememberUserCredentials	布尔值	记住用户凭据。
enableConditionalAccess	布尔值	启用条件访问。
enableSingleSignOnWithAlternateCertificate	布尔值	使用备用证书启用单一登录 (SSO) 。
singleSignOnEku	extendedKeyUsage	单一登录扩展密钥用法 (EKU) 。
singleSignOnIssuerHash	String	单一登录颁发者哈希。
eapXml	Binary	可扩展身份验证协议 (EAP) XML。 （UTF8 编码的字节数组）
proxyServer	windows10VpnProxyServer	代理服务器。
associatedApps	windows10AssociatedApps 集合	关联的应用。 该集合最多可包含 10000 个元素。
onlyAssociatedAppsCanUseConnection	布尔值	只有关联的应用可以使用连接 (每个应用 VPN) 。
windowsInformationProtectionDomain	String	要与此连接关联的 Windows 信息保护 (WIP) 域。
trafficRules	vpnTrafficRule 集合	流量规则。 该集合最多可包含 1000 个元素。
路线	vpnRoute 集合	路由 (第三方提供程序) 可选。 该集合最多可包含 1000 个元素。
dnsRules	vpnDnsRule 集合	DNS 规则。 该集合最多可包含 1000 个元素。
trustedNetworkDomains	字符串集合	受信任的网络域
cryptographySuite	cryptographySuite	Windows10 及更高版本中 IKEv2 VPN 的加密套件安全设置

响应

如果成功，此方法在 201 Created 响应正文中返回响应代码和 windows10VpnConfiguration 对象。

示例

请求

下面是一个请求示例。

POST https://graph.microsoft.com/beta/deviceManagement/deviceConfigurations
Content-type: application/json
Content-length: 4566

{
  "@odata.type": "#microsoft.graph.windows10VpnConfiguration",
  "roleScopeTagIds": [
    "Role Scope Tag Ids value"
  ],
  "supportsScopeTags": true,
  "deviceManagementApplicabilityRuleOsEdition": {
    "@odata.type": "microsoft.graph.deviceManagementApplicabilityRuleOsEdition",
    "osEditionTypes": [
      "windows10EnterpriseN"
    ],
    "name": "Name value",
    "ruleType": "exclude"
  },
  "deviceManagementApplicabilityRuleOsVersion": {
    "@odata.type": "microsoft.graph.deviceManagementApplicabilityRuleOsVersion",
    "minOSVersion": "Min OSVersion value",
    "maxOSVersion": "Max OSVersion value",
    "name": "Name value",
    "ruleType": "exclude"
  },
  "deviceManagementApplicabilityRuleDeviceMode": {
    "@odata.type": "microsoft.graph.deviceManagementApplicabilityRuleDeviceMode",
    "deviceMode": "sModeConfiguration",
    "name": "Name value",
    "ruleType": "exclude"
  },
  "description": "Description value",
  "displayName": "Display Name value",
  "version": 7,
  "connectionName": "Connection Name value",
  "servers": [
    {
      "@odata.type": "microsoft.graph.vpnServer",
      "description": "Description value",
      "address": "Address value",
      "isDefaultServer": true
    }
  ],
  "customXml": "Y3VzdG9tWG1s",
  "profileTarget": "device",
  "connectionType": "f5EdgeClient",
  "enableSplitTunneling": true,
  "enableAlwaysOn": true,
  "enableDeviceTunnel": true,
  "enableDnsRegistration": true,
  "dnsSuffixes": [
    "Dns Suffixes value"
  ],
  "microsoftTunnelSiteId": "Microsoft Tunnel Site Id value",
  "authenticationMethod": "usernameAndPassword",
  "rememberUserCredentials": true,
  "enableConditionalAccess": true,
  "enableSingleSignOnWithAlternateCertificate": true,
  "singleSignOnEku": {
    "@odata.type": "microsoft.graph.extendedKeyUsage",
    "name": "Name value",
    "objectIdentifier": "Object Identifier value"
  },
  "singleSignOnIssuerHash": "Single Sign On Issuer Hash value",
  "eapXml": "ZWFwWG1s",
  "proxyServer": {
    "@odata.type": "microsoft.graph.windows10VpnProxyServer",
    "automaticConfigurationScriptUrl": "https://example.com/automaticConfigurationScriptUrl/",
    "address": "Address value",
    "port": 4,
    "bypassProxyServerForLocalAddress": true
  },
  "associatedApps": [
    {
      "@odata.type": "microsoft.graph.windows10AssociatedApps",
      "appType": "universal",
      "identifier": "Identifier value"
    }
  ],
  "onlyAssociatedAppsCanUseConnection": true,
  "windowsInformationProtectionDomain": "Windows Information Protection Domain value",
  "trafficRules": [
    {
      "@odata.type": "microsoft.graph.vpnTrafficRule",
      "name": "Name value",
      "protocols": 9,
      "localPortRanges": [
        {
          "@odata.type": "microsoft.graph.numberRange",
          "lowerNumber": 11,
          "upperNumber": 11
        }
      ],
      "remotePortRanges": [
        {
          "@odata.type": "microsoft.graph.numberRange",
          "lowerNumber": 11,
          "upperNumber": 11
        }
      ],
      "localAddressRanges": [
        {
          "@odata.type": "microsoft.graph.iPv4Range",
          "lowerAddress": "Lower Address value",
          "upperAddress": "Upper Address value"
        }
      ],
      "remoteAddressRanges": [
        {
          "@odata.type": "microsoft.graph.iPv4Range",
          "lowerAddress": "Lower Address value",
          "upperAddress": "Upper Address value"
        }
      ],
      "appId": "App Id value",
      "appType": "desktop",
      "routingPolicyType": "splitTunnel",
      "claims": "Claims value",
      "vpnTrafficDirection": "inbound"
    }
  ],
  "routes": [
    {
      "@odata.type": "microsoft.graph.vpnRoute",
      "destinationPrefix": "Destination Prefix value",
      "prefixSize": 10
    }
  ],
  "dnsRules": [
    {
      "@odata.type": "microsoft.graph.vpnDnsRule",
      "name": "Name value",
      "servers": [
        "Servers value"
      ],
      "proxyServerUri": "Proxy Server Uri value",
      "autoTrigger": true,
      "persistent": true
    }
  ],
  "trustedNetworkDomains": [
    "Trusted Network Domains value"
  ],
  "cryptographySuite": {
    "@odata.type": "microsoft.graph.cryptographySuite",
    "encryptionMethod": "des",
    "integrityCheckMethod": "sha1_96",
    "dhGroup": "group2",
    "cipherTransformConstants": "des",
    "authenticationTransformConstants": "sha1_96",
    "pfsGroup": "pfs2"
  }
}

响应

下面是一个响应示例。 注意：为简洁起见，可能会截断此处显示的响应对象。 将从实际调用中返回所有属性。

HTTP/1.1 201 Created
Content-Type: application/json
Content-Length: 4738

{
  "@odata.type": "#microsoft.graph.windows10VpnConfiguration",
  "id": "c23c9727-9727-c23c-2797-3cc227973cc2",
  "lastModifiedDateTime": "2017-01-01T00:00:35.1329464-08:00",
  "roleScopeTagIds": [
    "Role Scope Tag Ids value"
  ],
  "supportsScopeTags": true,
  "deviceManagementApplicabilityRuleOsEdition": {
    "@odata.type": "microsoft.graph.deviceManagementApplicabilityRuleOsEdition",
    "osEditionTypes": [
      "windows10EnterpriseN"
    ],
    "name": "Name value",
    "ruleType": "exclude"
  },
  "deviceManagementApplicabilityRuleOsVersion": {
    "@odata.type": "microsoft.graph.deviceManagementApplicabilityRuleOsVersion",
    "minOSVersion": "Min OSVersion value",
    "maxOSVersion": "Max OSVersion value",
    "name": "Name value",
    "ruleType": "exclude"
  },
  "deviceManagementApplicabilityRuleDeviceMode": {
    "@odata.type": "microsoft.graph.deviceManagementApplicabilityRuleDeviceMode",
    "deviceMode": "sModeConfiguration",
    "name": "Name value",
    "ruleType": "exclude"
  },
  "createdDateTime": "2017-01-01T00:02:43.5775965-08:00",
  "description": "Description value",
  "displayName": "Display Name value",
  "version": 7,
  "connectionName": "Connection Name value",
  "servers": [
    {
      "@odata.type": "microsoft.graph.vpnServer",
      "description": "Description value",
      "address": "Address value",
      "isDefaultServer": true
    }
  ],
  "customXml": "Y3VzdG9tWG1s",
  "profileTarget": "device",
  "connectionType": "f5EdgeClient",
  "enableSplitTunneling": true,
  "enableAlwaysOn": true,
  "enableDeviceTunnel": true,
  "enableDnsRegistration": true,
  "dnsSuffixes": [
    "Dns Suffixes value"
  ],
  "microsoftTunnelSiteId": "Microsoft Tunnel Site Id value",
  "authenticationMethod": "usernameAndPassword",
  "rememberUserCredentials": true,
  "enableConditionalAccess": true,
  "enableSingleSignOnWithAlternateCertificate": true,
  "singleSignOnEku": {
    "@odata.type": "microsoft.graph.extendedKeyUsage",
    "name": "Name value",
    "objectIdentifier": "Object Identifier value"
  },
  "singleSignOnIssuerHash": "Single Sign On Issuer Hash value",
  "eapXml": "ZWFwWG1s",
  "proxyServer": {
    "@odata.type": "microsoft.graph.windows10VpnProxyServer",
    "automaticConfigurationScriptUrl": "https://example.com/automaticConfigurationScriptUrl/",
    "address": "Address value",
    "port": 4,
    "bypassProxyServerForLocalAddress": true
  },
  "associatedApps": [
    {
      "@odata.type": "microsoft.graph.windows10AssociatedApps",
      "appType": "universal",
      "identifier": "Identifier value"
    }
  ],
  "onlyAssociatedAppsCanUseConnection": true,
  "windowsInformationProtectionDomain": "Windows Information Protection Domain value",
  "trafficRules": [
    {
      "@odata.type": "microsoft.graph.vpnTrafficRule",
      "name": "Name value",
      "protocols": 9,
      "localPortRanges": [
        {
          "@odata.type": "microsoft.graph.numberRange",
          "lowerNumber": 11,
          "upperNumber": 11
        }
      ],
      "remotePortRanges": [
        {
          "@odata.type": "microsoft.graph.numberRange",
          "lowerNumber": 11,
          "upperNumber": 11
        }
      ],
      "localAddressRanges": [
        {
          "@odata.type": "microsoft.graph.iPv4Range",
          "lowerAddress": "Lower Address value",
          "upperAddress": "Upper Address value"
        }
      ],
      "remoteAddressRanges": [
        {
          "@odata.type": "microsoft.graph.iPv4Range",
          "lowerAddress": "Lower Address value",
          "upperAddress": "Upper Address value"
        }
      ],
      "appId": "App Id value",
      "appType": "desktop",
      "routingPolicyType": "splitTunnel",
      "claims": "Claims value",
      "vpnTrafficDirection": "inbound"
    }
  ],
  "routes": [
    {
      "@odata.type": "microsoft.graph.vpnRoute",
      "destinationPrefix": "Destination Prefix value",
      "prefixSize": 10
    }
  ],
  "dnsRules": [
    {
      "@odata.type": "microsoft.graph.vpnDnsRule",
      "name": "Name value",
      "servers": [
        "Servers value"
      ],
      "proxyServerUri": "Proxy Server Uri value",
      "autoTrigger": true,
      "persistent": true
    }
  ],
  "trustedNetworkDomains": [
    "Trusted Network Domains value"
  ],
  "cryptographySuite": {
    "@odata.type": "microsoft.graph.cryptographySuite",
    "encryptionMethod": "des",
    "integrityCheckMethod": "sha1_96",
    "dhGroup": "group2",
    "cipherTransformConstants": "des",
    "authenticationTransformConstants": "sha1_96",
    "pfsGroup": "pfs2"
  }
}