创建 deviceEnrollmentWindowsHelloForBusinessConfiguration

命名空间：microsoft.graph

注意：适用于 Intune 的 Microsoft Graph API 需要适用于租户的活动 Intune 许可证。

创建新的 deviceEnrollmentWindowsHelloForBusinessConfiguration 对象。

此 API 可用于以下国家级云部署。

全局服务	美国政府 L4	美国政府 L5 (DOD)	由世纪互联运营的中国
✅	✅	✅	✅

权限

要调用此 API，需要以下权限之一。 若要了解详细信息，包括如何选择权限的信息，请参阅权限。

权限类型	权限（从最低特权到最高特权）
委派（工作或学校帐户）	DeviceManagementServiceConfig.ReadWrite.All、DeviceManagementConfiguration.ReadWrite.All
委派（个人 Microsoft 帐户）	不支持。
应用程序	DeviceManagementServiceConfig.ReadWrite.All、DeviceManagementConfiguration.ReadWrite.All

HTTP 请求

POST /deviceManagement/deviceEnrollmentConfigurations

请求标头

标头	值
Authorization	持有者 {token}。 必填。 详细了解 身份验证和授权。
接受	application/json

请求正文

在请求正文中，提供 deviceEnrollmentWindowsHelloForBusinessConfiguration 对象的 JSON 表示形式。

下表显示创建 deviceEnrollmentWindowsHelloForBusinessConfiguration 时所需的属性。

属性	类型	说明
id	String	继承自 deviceEnrollmentConfiguration 的帐户的唯一标识符
displayName	String	继承自 deviceEnrollmentConfiguration 的设备注册配置的显示名称
description	String	继承自 deviceEnrollmentConfiguration 的设备注册配置的说明
priority	Int32	当用户存在于分配的注册配置的多个组中时，将使用优先级。 用户仅受具有最低优先级值的配置的约束。 继承自 deviceEnrollmentConfiguration
createdDateTime	DateTimeOffset	从 deviceEnrollmentConfiguration 继承的设备注册配置的 UTC 创建日期时间
lastModifiedDateTime	DateTimeOffset	设备注册配置的上次修改日期时间（UTC）继承自 deviceEnrollmentConfiguration
version	Int32	继承自 deviceEnrollmentConfiguration 的设备注册配置版本
pinMinimumLength	Int32	控制Windows Hello 企业版 PIN 所需的最小字符数。 此值必须介于 4 和 127（含）之间，并且小于或等于为最大 PIN 设置的值。
pinMaximumLength	Int32	控制允许Windows Hello 企业版 PIN 的最大字符数。 此值必须介于 4 和 127 之间（含）。 此值必须大于或等于为最小 PIN 设置的值。
pinUppercaseCharactersUsage	windowsHelloForBusinessPinUsage	控制在Windows Hello 企业版 PIN 中使用大写字母的能力。 Allowed 允许使用大写字母 () ，而 Required 则确保它们存在。 如果设置为“不允许”，则不允许使用大写字母。 可取值为：allowed、required、disallowed。
pinLowercaseCharactersUsage	windowsHelloForBusinessPinUsage	控制在Windows Hello 企业版 PIN 中使用小写字母的能力。 Allowed 允许使用小写字母 () ，而 Required 则确保它们存在。 如果设置为“不允许”，则不允许使用小写字母。 可取值为：allowed、required、disallowed。
pinSpecialCharactersUsage	windowsHelloForBusinessPinUsage	控制在Windows Hello 企业版 PIN 中使用特殊字符的能力。 Allowed 允许使用特殊字符 () ，而“必需”则确保它们存在。 如果设置为“不允许”，则不允许使用特殊字符 () 。 可取值为：allowed、required、disallowed。
state	支持	控制是否允许为Windows Hello 企业版配置设备。 如果设置为“已禁用”，则用户无法预配Windows Hello 企业版，除非在已加入 Azure Active Directory 的移动电话上，否则需要预配。 如果设置为“未配置”，Intune不会替代客户端默认值。 可取值为：notConfigured、enabled、disabled。
securityDeviceRequired	布尔值	控制是否需要受信任的平台模块 (TPM) 来预配Windows Hello 企业版。 TPM 提供了额外的安全优势，因为它上存储的数据不能在其他设备上使用。 如果设置为 False，则所有设备都可以预配Windows Hello 企业版即使没有可用 TPM 也是如此。
unlockWithBiometricsEnabled	布尔值	控制使用生物识别手势（如人脸和指纹）作为Windows Hello 企业版 PIN 的替代方法。 如果设置为 False，则不允许生物识别手势。 在发生故障时，用户仍必须将 PIN 配置为备份。
remotePassportEnabled	布尔值	控制远程Windows Hello 企业版的使用。 远程Windows Hello 企业版使已注册的便携式设备能够用作桌面身份验证的配套设备。 桌面必须已加入 Azure AD，并且配套设备必须具有Windows Hello 企业版 PIN。
pinPreviousBlockCount	Int32	控制阻止用户使用过去的 PIN 的功能。 这必须设置在 0 到 50（含）之间，并且用户的当前 PIN 包含在该计数中。 如果设置为 0，则不存储以前的 PIN。 PIN 历史记录不会通过 PIN 重置来保留。
pinExpirationInDays	Int32	控制在系统要求用户更改 PIN 之前可以使用 PIN 的时间段 (天数) 。 这必须设置为 0 到 730（含）。 如果设置为 0，则用户的 PIN 将永不过期
enhancedBiometricsState	支持	控制在支持该功能的设备上使用反欺骗功能进行面部识别的能力。 如果设置为 disabled，则不允许使用反欺骗功能。 如果设置为“未配置”，用户可以选择是否要使用反欺骗。 可取值为：notConfigured、enabled、disabled。

响应

如果成功，此方法将在响应正文中返回 201 Created 响应代码和 deviceEnrollmentWindowsHelloForBusinessConfiguration 对象。

示例

请求

下面是一个请求示例。

HTTP

POST https://graph.microsoft.com/v1.0/deviceManagement/deviceEnrollmentConfigurations
Content-type: application/json
Content-length: 629

{
  "@odata.type": "#microsoft.graph.deviceEnrollmentWindowsHelloForBusinessConfiguration",
  "displayName": "Display Name value",
  "description": "Description value",
  "priority": 8,
  "version": 7,
  "pinMinimumLength": 0,
  "pinMaximumLength": 0,
  "pinUppercaseCharactersUsage": "required",
  "pinLowercaseCharactersUsage": "required",
  "pinSpecialCharactersUsage": "required",
  "state": "enabled",
  "securityDeviceRequired": true,
  "unlockWithBiometricsEnabled": true,
  "remotePassportEnabled": true,
  "pinPreviousBlockCount": 5,
  "pinExpirationInDays": 3,
  "enhancedBiometricsState": "enabled"
}

C#

// Code snippets are only available for the latest version. Current version is 5.x

// Dependencies
using Microsoft.Graph.Models;

var requestBody = new DeviceEnrollmentWindowsHelloForBusinessConfiguration
{
	OdataType = "#microsoft.graph.deviceEnrollmentWindowsHelloForBusinessConfiguration",
	DisplayName = "Display Name value",
	Description = "Description value",
	Priority = 8,
	Version = 7,
	PinMinimumLength = 0,
	PinMaximumLength = 0,
	PinUppercaseCharactersUsage = WindowsHelloForBusinessPinUsage.Required,
	PinLowercaseCharactersUsage = WindowsHelloForBusinessPinUsage.Required,
	PinSpecialCharactersUsage = WindowsHelloForBusinessPinUsage.Required,
	State = Enablement.Enabled,
	SecurityDeviceRequired = true,
	UnlockWithBiometricsEnabled = true,
	RemotePassportEnabled = true,
	PinPreviousBlockCount = 5,
	PinExpirationInDays = 3,
	EnhancedBiometricsState = Enablement.Enabled,
};

// To initialize your graphClient, see https://learn.microsoft.com/en-us/graph/sdks/create-client?from=snippets&tabs=csharp
var result = await graphClient.DeviceManagement.DeviceEnrollmentConfigurations.PostAsync(requestBody);

有关如何将 SDK 添加到项目并创建 authProvider 实例的详细信息，请参阅 SDK 文档。

CLI

mgc device-management device-enrollment-configurations create --body '{\
  "@odata.type": "#microsoft.graph.deviceEnrollmentWindowsHelloForBusinessConfiguration",\
  "displayName": "Display Name value",\
  "description": "Description value",\
  "priority": 8,\
  "version": 7,\
  "pinMinimumLength": 0,\
  "pinMaximumLength": 0,\
  "pinUppercaseCharactersUsage": "required",\
  "pinLowercaseCharactersUsage": "required",\
  "pinSpecialCharactersUsage": "required",\
  "state": "enabled",\
  "securityDeviceRequired": true,\
  "unlockWithBiometricsEnabled": true,\
  "remotePassportEnabled": true,\
  "pinPreviousBlockCount": 5,\
  "pinExpirationInDays": 3,\
  "enhancedBiometricsState": "enabled"\
}\
'

有关如何将 SDK 添加到项目并创建 authProvider 实例的详细信息，请参阅 SDK 文档。

Go

// Code snippets are only available for the latest major version. Current major version is $v1.*

// Dependencies
import (
	  "context"
	  msgraphsdk "github.com/microsoftgraph/msgraph-sdk-go"
	  graphmodels "github.com/microsoftgraph/msgraph-sdk-go/models"
	  //other-imports
)

requestBody := graphmodels.NewDeviceEnrollmentConfiguration()
displayName := "Display Name value"
requestBody.SetDisplayName(&displayName) 
description := "Description value"
requestBody.SetDescription(&description) 
priority := int32(8)
requestBody.SetPriority(&priority) 
version := int32(7)
requestBody.SetVersion(&version) 
pinMinimumLength := int32(0)
requestBody.SetPinMinimumLength(&pinMinimumLength) 
pinMaximumLength := int32(0)
requestBody.SetPinMaximumLength(&pinMaximumLength) 
pinUppercaseCharactersUsage := graphmodels.REQUIRED_WINDOWSHELLOFORBUSINESSPINUSAGE 
requestBody.SetPinUppercaseCharactersUsage(&pinUppercaseCharactersUsage) 
pinLowercaseCharactersUsage := graphmodels.REQUIRED_WINDOWSHELLOFORBUSINESSPINUSAGE 
requestBody.SetPinLowercaseCharactersUsage(&pinLowercaseCharactersUsage) 
pinSpecialCharactersUsage := graphmodels.REQUIRED_WINDOWSHELLOFORBUSINESSPINUSAGE 
requestBody.SetPinSpecialCharactersUsage(&pinSpecialCharactersUsage) 
state := graphmodels.ENABLED_ENABLEMENT 
requestBody.SetState(&state) 
securityDeviceRequired := true
requestBody.SetSecurityDeviceRequired(&securityDeviceRequired) 
unlockWithBiometricsEnabled := true
requestBody.SetUnlockWithBiometricsEnabled(&unlockWithBiometricsEnabled) 
remotePassportEnabled := true
requestBody.SetRemotePassportEnabled(&remotePassportEnabled) 
pinPreviousBlockCount := int32(5)
requestBody.SetPinPreviousBlockCount(&pinPreviousBlockCount) 
pinExpirationInDays := int32(3)
requestBody.SetPinExpirationInDays(&pinExpirationInDays) 
enhancedBiometricsState := graphmodels.ENABLED_ENABLEMENT 
requestBody.SetEnhancedBiometricsState(&enhancedBiometricsState) 

// To initialize your graphClient, see https://learn.microsoft.com/en-us/graph/sdks/create-client?from=snippets&tabs=go
deviceEnrollmentConfigurations, err := graphClient.DeviceManagement().DeviceEnrollmentConfigurations().Post(context.Background(), requestBody, nil)

有关如何将 SDK 添加到项目并创建 authProvider 实例的详细信息，请参阅 SDK 文档。

Java

// Code snippets are only available for the latest version. Current version is 6.x

GraphServiceClient graphClient = new GraphServiceClient(requestAdapter);

DeviceEnrollmentWindowsHelloForBusinessConfiguration deviceEnrollmentConfiguration = new DeviceEnrollmentWindowsHelloForBusinessConfiguration();
deviceEnrollmentConfiguration.setOdataType("#microsoft.graph.deviceEnrollmentWindowsHelloForBusinessConfiguration");
deviceEnrollmentConfiguration.setDisplayName("Display Name value");
deviceEnrollmentConfiguration.setDescription("Description value");
deviceEnrollmentConfiguration.setPriority(8);
deviceEnrollmentConfiguration.setVersion(7);
deviceEnrollmentConfiguration.setPinMinimumLength(0);
deviceEnrollmentConfiguration.setPinMaximumLength(0);
deviceEnrollmentConfiguration.setPinUppercaseCharactersUsage(WindowsHelloForBusinessPinUsage.Required);
deviceEnrollmentConfiguration.setPinLowercaseCharactersUsage(WindowsHelloForBusinessPinUsage.Required);
deviceEnrollmentConfiguration.setPinSpecialCharactersUsage(WindowsHelloForBusinessPinUsage.Required);
deviceEnrollmentConfiguration.setState(Enablement.Enabled);
deviceEnrollmentConfiguration.setSecurityDeviceRequired(true);
deviceEnrollmentConfiguration.setUnlockWithBiometricsEnabled(true);
deviceEnrollmentConfiguration.setRemotePassportEnabled(true);
deviceEnrollmentConfiguration.setPinPreviousBlockCount(5);
deviceEnrollmentConfiguration.setPinExpirationInDays(3);
deviceEnrollmentConfiguration.setEnhancedBiometricsState(Enablement.Enabled);
DeviceEnrollmentConfiguration result = graphClient.deviceManagement().deviceEnrollmentConfigurations().post(deviceEnrollmentConfiguration);

有关如何将 SDK 添加到项目并创建 authProvider 实例的详细信息，请参阅 SDK 文档。

JavaScript

const options = {
	authProvider,
};

const client = Client.init(options);

const deviceEnrollmentConfiguration = {
  '@odata.type': '#microsoft.graph.deviceEnrollmentWindowsHelloForBusinessConfiguration',
  displayName: 'Display Name value',
  description: 'Description value',
  priority: 8,
  version: 7,
  pinMinimumLength: 0,
  pinMaximumLength: 0,
  pinUppercaseCharactersUsage: 'required',
  pinLowercaseCharactersUsage: 'required',
  pinSpecialCharactersUsage: 'required',
  state: 'enabled',
  securityDeviceRequired: true,
  unlockWithBiometricsEnabled: true,
  remotePassportEnabled: true,
  pinPreviousBlockCount: 5,
  pinExpirationInDays: 3,
  enhancedBiometricsState: 'enabled'
};

await client.api('/deviceManagement/deviceEnrollmentConfigurations')
	.post(deviceEnrollmentConfiguration);

有关如何将 SDK 添加到项目并创建 authProvider 实例的详细信息，请参阅 SDK 文档。

PHP

<?php
use Microsoft\Graph\GraphServiceClient;
use Microsoft\Graph\Generated\Models\DeviceEnrollmentWindowsHelloForBusinessConfiguration;
use Microsoft\Graph\Generated\Models\WindowsHelloForBusinessPinUsage;
use Microsoft\Graph\Generated\Models\Enablement;


$graphServiceClient = new GraphServiceClient($tokenRequestContext, $scopes);

$requestBody = new DeviceEnrollmentWindowsHelloForBusinessConfiguration();
$requestBody->setOdataType('#microsoft.graph.deviceEnrollmentWindowsHelloForBusinessConfiguration');
$requestBody->setDisplayName('Display Name value');
$requestBody->setDescription('Description value');
$requestBody->setPriority(8);
$requestBody->setVersion(7);
$requestBody->setPinMinimumLength(0);
$requestBody->setPinMaximumLength(0);
$requestBody->setPinUppercaseCharactersUsage(new WindowsHelloForBusinessPinUsage('required'));
$requestBody->setPinLowercaseCharactersUsage(new WindowsHelloForBusinessPinUsage('required'));
$requestBody->setPinSpecialCharactersUsage(new WindowsHelloForBusinessPinUsage('required'));
$requestBody->setState(new Enablement('enabled'));
$requestBody->setSecurityDeviceRequired(true);
$requestBody->setUnlockWithBiometricsEnabled(true);
$requestBody->setRemotePassportEnabled(true);
$requestBody->setPinPreviousBlockCount(5);
$requestBody->setPinExpirationInDays(3);
$requestBody->setEnhancedBiometricsState(new Enablement('enabled'));

$result = $graphServiceClient->deviceManagement()->deviceEnrollmentConfigurations()->post($requestBody)->wait();

有关如何将 SDK 添加到项目并创建 authProvider 实例的详细信息，请参阅 SDK 文档。

PowerShell

Import-Module Microsoft.Graph.DeviceManagement.Enrollment

$params = @{
	"@odata.type" = "#microsoft.graph.deviceEnrollmentWindowsHelloForBusinessConfiguration"
	displayName = "Display Name value"
	description = "Description value"
	priority = 8
	version = 7
	pinMinimumLength = 
	pinMaximumLength = 
	pinUppercaseCharactersUsage = "required"
	pinLowercaseCharactersUsage = "required"
	pinSpecialCharactersUsage = "required"
	state = "enabled"
	securityDeviceRequired = $true
	unlockWithBiometricsEnabled = $true
	remotePassportEnabled = $true
	pinPreviousBlockCount = 
	pinExpirationInDays = 
	enhancedBiometricsState = "enabled"
}

New-MgDeviceManagementDeviceEnrollmentConfiguration -BodyParameter $params

有关如何将 SDK 添加到项目并创建 authProvider 实例的详细信息，请参阅 SDK 文档。

Python

# Code snippets are only available for the latest version. Current version is 1.x
from msgraph import GraphServiceClient
from msgraph.generated.models.device_enrollment_windows_hello_for_business_configuration import DeviceEnrollmentWindowsHelloForBusinessConfiguration
from msgraph.generated.models.windows_hello_for_business_pin_usage import WindowsHelloForBusinessPinUsage
from msgraph.generated.models.enablement import Enablement
# To initialize your graph_client, see https://learn.microsoft.com/en-us/graph/sdks/create-client?from=snippets&tabs=python
request_body = DeviceEnrollmentWindowsHelloForBusinessConfiguration(
	odata_type = "#microsoft.graph.deviceEnrollmentWindowsHelloForBusinessConfiguration",
	display_name = "Display Name value",
	description = "Description value",
	priority = 8,
	version = 7,
	pin_minimum_length = 0,
	pin_maximum_length = 0,
	pin_uppercase_characters_usage = WindowsHelloForBusinessPinUsage.Required,
	pin_lowercase_characters_usage = WindowsHelloForBusinessPinUsage.Required,
	pin_special_characters_usage = WindowsHelloForBusinessPinUsage.Required,
	state = Enablement.Enabled,
	security_device_required = True,
	unlock_with_biometrics_enabled = True,
	remote_passport_enabled = True,
	pin_previous_block_count = 5,
	pin_expiration_in_days = 3,
	enhanced_biometrics_state = Enablement.Enabled,
)

result = await graph_client.device_management.device_enrollment_configurations.post(request_body)

有关如何将 SDK 添加到项目并创建 authProvider 实例的详细信息，请参阅 SDK 文档。

响应

下面是一个响应示例。 注意：为简洁起见，可能会截断此处显示的响应对象。 将从实际调用中返回所有属性。

HTTP/1.1 201 Created
Content-Type: application/json
Content-Length: 801

{
  "@odata.type": "#microsoft.graph.deviceEnrollmentWindowsHelloForBusinessConfiguration",
  "id": "3068e0cd-e0cd-3068-cde0-6830cde06830",
  "displayName": "Display Name value",
  "description": "Description value",
  "priority": 8,
  "createdDateTime": "2017-01-01T00:02:43.5775965-08:00",
  "lastModifiedDateTime": "2017-01-01T00:00:35.1329464-08:00",
  "version": 7,
  "pinMinimumLength": 0,
  "pinMaximumLength": 0,
  "pinUppercaseCharactersUsage": "required",
  "pinLowercaseCharactersUsage": "required",
  "pinSpecialCharactersUsage": "required",
  "state": "enabled",
  "securityDeviceRequired": true,
  "unlockWithBiometricsEnabled": true,
  "remotePassportEnabled": true,
  "pinPreviousBlockCount": 5,
  "pinExpirationInDays": 3,
  "enhancedBiometricsState": "enabled"
}