Update macOSCompliancePolicy
Namespace: microsoft.graph
Important: Microsoft Graph APIs under the /beta version are subject to change; production use is not supported.
Note: The Microsoft Graph API for Intune requires an active Intune license for the tenant.
Update the properties of a macOSCompliancePolicy object.
This API is available in the following national cloud deployments.
| Global service | US Government L4 | US Government L5 (DOD) | China operated by 21Vianet |
|---|---|---|---|
| ✅ | ✅ | ✅ | ✅ |
Permissions
One of the following permissions is required to call this API. To learn more, including how to choose permissions, see Permissions.
| Permission type | Permissions (from least to most privileged) |
|---|---|
| Delegated (work or school account) | DeviceManagementConfiguration.ReadWrite.All |
| Delegated (personal Microsoft account) | Not supported. |
| Application | DeviceManagementConfiguration.ReadWrite.All |
HTTP Request
PATCH /deviceManagement/deviceCompliancePolicies/{deviceCompliancePolicyId}
Request headers
| Header | Value |
|---|---|
| Authorization | Bearer {token}. Required. Learn more about authentication and authorization. |
| Accept | application/json |
Request body
In the request body, supply a JSON representation for the macOSCompliancePolicy object.
The following table shows the properties that are required when you create the macOSCompliancePolicy.
| Property | Type | Description |
|---|---|---|
| roleScopeTagIds | String collection | List of Scope Tags for this Entity instance. Inherited from deviceCompliancePolicy |
| id | String | Key of the entity. Inherited from deviceCompliancePolicy |
| createdDateTime | DateTimeOffset | DateTime the object was created. Inherited from deviceCompliancePolicy |
| description | String | Admin provided description of the Device Configuration. Inherited from deviceCompliancePolicy |
| lastModifiedDateTime | DateTimeOffset | DateTime the object was last modified. Inherited from deviceCompliancePolicy |
| displayName | String | Admin provided name of the device configuration. Inherited from deviceCompliancePolicy |
| version | Int32 | Version of the device configuration. Inherited from deviceCompliancePolicy |
| passwordRequired | Boolean | Whether or not to require a password. |
| passwordBlockSimple | Boolean | Indicates whether or not to block simple passwords. |
| passwordExpirationDays | Int32 | Number of days before the password expires. Valid values 1 to 65535 |
| passwordMinimumLength | Int32 | Minimum length of password. Valid values 4 to 14 |
| passwordMinutesOfInactivityBeforeLock | Int32 | Minutes of inactivity before a password is required. |
| passwordPreviousPasswordBlockCount | Int32 | Number of previous passwords to block. Valid values 1 to 24 |
| passwordMinimumCharacterSetCount | Int32 | The number of character sets required in the password. |
| passwordRequiredType | requiredPasswordType | The required password type. Possible values are: deviceDefault, alphanumeric, numeric. |
| osMinimumVersion | String | Minimum MacOS version. |
| osMaximumVersion | String | Maximum MacOS version. |
| osMinimumBuildVersion | String | Minimum MacOS build version. |
| osMaximumBuildVersion | String | Maximum MacOS build version. |
| systemIntegrityProtectionEnabled | Boolean | Require that devices have enabled system integrity protection. |
| deviceThreatProtectionEnabled | Boolean | Require that devices have enabled device threat protection. |
| deviceThreatProtectionRequiredSecurityLevel | deviceThreatProtectionLevel | Require Mobile Threat Protection minimum risk level to report noncompliance. Possible values are: unavailable, secured, low, medium, high, notSet. |
| advancedThreatProtectionRequiredSecurityLevel | deviceThreatProtectionLevel | MDATP Require Mobile Threat Protection minimum risk level to report noncompliance. Possible values are: unavailable, secured, low, medium, high, notSet. |
| storageRequireEncryption | Boolean | Require encryption on Mac OS devices. |
| gatekeeperAllowedAppSource | macOSGatekeeperAppSources | System and Privacy setting that determines which download locations apps can be run from on a macOS device. Possible values are: notConfigured, macAppStore, macAppStoreAndIdentifiedDevelopers, anywhere. |
| firewallEnabled | Boolean | Whether the firewall should be enabled or not. |
| firewallBlockAllIncoming | Boolean | Corresponds to the “Block all incoming connections” option. |
| firewallEnableStealthMode | Boolean | Corresponds to “Enable stealth mode.” |
Response
If successful, this method returns a 200 OK response code and an updated macOSCompliancePolicy object in the response body.
Example
Request
Here is an example of the request.
PATCH https://graph.microsoft.com/beta/deviceManagement/deviceCompliancePolicies/{deviceCompliancePolicyId}
Content-type: application/json
Content-length: 1146
{
"@odata.type": "#microsoft.graph.macOSCompliancePolicy",
"roleScopeTagIds": [
"Role Scope Tag Ids value"
],
"description": "Description value",
"displayName": "Display Name value",
"version": 7,
"passwordRequired": true,
"passwordBlockSimple": true,
"passwordExpirationDays": 6,
"passwordMinimumLength": 5,
"passwordMinutesOfInactivityBeforeLock": 5,
"passwordPreviousPasswordBlockCount": 2,
"passwordMinimumCharacterSetCount": 0,
"passwordRequiredType": "alphanumeric",
"osMinimumVersion": "Os Minimum Version value",
"osMaximumVersion": "Os Maximum Version value",
"osMinimumBuildVersion": "Os Minimum Build Version value",
"osMaximumBuildVersion": "Os Maximum Build Version value",
"systemIntegrityProtectionEnabled": true,
"deviceThreatProtectionEnabled": true,
"deviceThreatProtectionRequiredSecurityLevel": "secured",
"advancedThreatProtectionRequiredSecurityLevel": "secured",
"storageRequireEncryption": true,
"gatekeeperAllowedAppSource": "macAppStore",
"firewallEnabled": true,
"firewallBlockAllIncoming": true,
"firewallEnableStealthMode": true
}
Response
Here is an example of the response. Note: The response object shown here may be truncated for brevity. All of the properties will be returned from an actual call.
HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 1318
{
"@odata.type": "#microsoft.graph.macOSCompliancePolicy",
"roleScopeTagIds": [
"Role Scope Tag Ids value"
],
"id": "ddbadff3-dff3-ddba-f3df-baddf3dfbadd",
"createdDateTime": "2017-01-01T00:02:43.5775965-08:00",
"description": "Description value",
"lastModifiedDateTime": "2017-01-01T00:00:35.1329464-08:00",
"displayName": "Display Name value",
"version": 7,
"passwordRequired": true,
"passwordBlockSimple": true,
"passwordExpirationDays": 6,
"passwordMinimumLength": 5,
"passwordMinutesOfInactivityBeforeLock": 5,
"passwordPreviousPasswordBlockCount": 2,
"passwordMinimumCharacterSetCount": 0,
"passwordRequiredType": "alphanumeric",
"osMinimumVersion": "Os Minimum Version value",
"osMaximumVersion": "Os Maximum Version value",
"osMinimumBuildVersion": "Os Minimum Build Version value",
"osMaximumBuildVersion": "Os Maximum Build Version value",
"systemIntegrityProtectionEnabled": true,
"deviceThreatProtectionEnabled": true,
"deviceThreatProtectionRequiredSecurityLevel": "secured",
"advancedThreatProtectionRequiredSecurityLevel": "secured",
"storageRequireEncryption": true,
"gatekeeperAllowedAppSource": "macAppStore",
"firewallEnabled": true,
"firewallBlockAllIncoming": true,
"firewallEnableStealthMode": true
}
Feedback
Coming soon: Throughout 2024 we will be phasing out GitHub Issues as the feedback mechanism for content and replacing it with a new feedback system. For more information see: https://aka.ms/ContentUserFeedback.
Submit and view feedback for