Update macOSCompliancePolicy
Namespace: microsoft.graph
Important: Microsoft Graph APIs under the /beta version are subject to change; production use is not supported.
Note: The Microsoft Graph API for Intune requires an active Intune license for the tenant.
Update the properties of a macOSCompliancePolicy object.
This API is available in the following national cloud deployments.
Global service | US Government L4 | US Government L5 (DOD) | China operated by 21Vianet |
---|---|---|---|
✅ | ✅ | ✅ | ✅ |
Permissions
One of the following permissions is required to call this API. To learn more, including how to choose permissions, see Permissions.
Permission type | Permissions (from least to most privileged) |
---|---|
Delegated (work or school account) | DeviceManagementConfiguration.ReadWrite.All |
Delegated (personal Microsoft account) | Not supported. |
Application | DeviceManagementConfiguration.ReadWrite.All |
HTTP Request
PATCH /deviceManagement/deviceCompliancePolicies/{deviceCompliancePolicyId}
Request headers
Header | Value |
---|---|
Authorization | Bearer {token}. Required. Learn more about authentication and authorization. |
Accept | application/json |
Request body
In the request body, supply a JSON representation for the macOSCompliancePolicy object.
The following table shows the properties that are required when you create the macOSCompliancePolicy.
Property | Type | Description |
---|---|---|
roleScopeTagIds | String collection | List of Scope Tags for this Entity instance. Inherited from deviceCompliancePolicy |
id | String | Key of the entity. Inherited from deviceCompliancePolicy |
createdDateTime | DateTimeOffset | DateTime the object was created. Inherited from deviceCompliancePolicy |
description | String | Admin provided description of the Device Configuration. Inherited from deviceCompliancePolicy |
lastModifiedDateTime | DateTimeOffset | DateTime the object was last modified. Inherited from deviceCompliancePolicy |
displayName | String | Admin provided name of the device configuration. Inherited from deviceCompliancePolicy |
version | Int32 | Version of the device configuration. Inherited from deviceCompliancePolicy |
passwordRequired | Boolean | Whether or not to require a password. |
passwordBlockSimple | Boolean | Indicates whether or not to block simple passwords. |
passwordExpirationDays | Int32 | Number of days before the password expires. Valid values 1 to 65535 |
passwordMinimumLength | Int32 | Minimum length of password. Valid values 4 to 14 |
passwordMinutesOfInactivityBeforeLock | Int32 | Minutes of inactivity before a password is required. |
passwordPreviousPasswordBlockCount | Int32 | Number of previous passwords to block. Valid values 1 to 24 |
passwordMinimumCharacterSetCount | Int32 | The number of character sets required in the password. |
passwordRequiredType | requiredPasswordType | The required password type. Possible values are: deviceDefault , alphanumeric , numeric . |
osMinimumVersion | String | Minimum MacOS version. |
osMaximumVersion | String | Maximum MacOS version. |
osMinimumBuildVersion | String | Minimum MacOS build version. |
osMaximumBuildVersion | String | Maximum MacOS build version. |
systemIntegrityProtectionEnabled | Boolean | Require that devices have enabled system integrity protection. |
deviceThreatProtectionEnabled | Boolean | Require that devices have enabled device threat protection. |
deviceThreatProtectionRequiredSecurityLevel | deviceThreatProtectionLevel | Require Mobile Threat Protection minimum risk level to report noncompliance. Possible values are: unavailable , secured , low , medium , high , notSet . |
advancedThreatProtectionRequiredSecurityLevel | deviceThreatProtectionLevel | MDATP Require Mobile Threat Protection minimum risk level to report noncompliance. Possible values are: unavailable , secured , low , medium , high , notSet . |
storageRequireEncryption | Boolean | Require encryption on Mac OS devices. |
gatekeeperAllowedAppSource | macOSGatekeeperAppSources | System and Privacy setting that determines which download locations apps can be run from on a macOS device. Possible values are: notConfigured , macAppStore , macAppStoreAndIdentifiedDevelopers , anywhere . |
firewallEnabled | Boolean | Whether the firewall should be enabled or not. |
firewallBlockAllIncoming | Boolean | Corresponds to the “Block all incoming connections” option. |
firewallEnableStealthMode | Boolean | Corresponds to “Enable stealth mode.” |
Response
If successful, this method returns a 200 OK
response code and an updated macOSCompliancePolicy object in the response body.
Example
Request
Here is an example of the request.
PATCH https://graph.microsoft.com/beta/deviceManagement/deviceCompliancePolicies/{deviceCompliancePolicyId}
Content-type: application/json
Content-length: 1146
{
"@odata.type": "#microsoft.graph.macOSCompliancePolicy",
"roleScopeTagIds": [
"Role Scope Tag Ids value"
],
"description": "Description value",
"displayName": "Display Name value",
"version": 7,
"passwordRequired": true,
"passwordBlockSimple": true,
"passwordExpirationDays": 6,
"passwordMinimumLength": 5,
"passwordMinutesOfInactivityBeforeLock": 5,
"passwordPreviousPasswordBlockCount": 2,
"passwordMinimumCharacterSetCount": 0,
"passwordRequiredType": "alphanumeric",
"osMinimumVersion": "Os Minimum Version value",
"osMaximumVersion": "Os Maximum Version value",
"osMinimumBuildVersion": "Os Minimum Build Version value",
"osMaximumBuildVersion": "Os Maximum Build Version value",
"systemIntegrityProtectionEnabled": true,
"deviceThreatProtectionEnabled": true,
"deviceThreatProtectionRequiredSecurityLevel": "secured",
"advancedThreatProtectionRequiredSecurityLevel": "secured",
"storageRequireEncryption": true,
"gatekeeperAllowedAppSource": "macAppStore",
"firewallEnabled": true,
"firewallBlockAllIncoming": true,
"firewallEnableStealthMode": true
}
Response
Here is an example of the response. Note: The response object shown here may be truncated for brevity. All of the properties will be returned from an actual call.
HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 1318
{
"@odata.type": "#microsoft.graph.macOSCompliancePolicy",
"roleScopeTagIds": [
"Role Scope Tag Ids value"
],
"id": "ddbadff3-dff3-ddba-f3df-baddf3dfbadd",
"createdDateTime": "2017-01-01T00:02:43.5775965-08:00",
"description": "Description value",
"lastModifiedDateTime": "2017-01-01T00:00:35.1329464-08:00",
"displayName": "Display Name value",
"version": 7,
"passwordRequired": true,
"passwordBlockSimple": true,
"passwordExpirationDays": 6,
"passwordMinimumLength": 5,
"passwordMinutesOfInactivityBeforeLock": 5,
"passwordPreviousPasswordBlockCount": 2,
"passwordMinimumCharacterSetCount": 0,
"passwordRequiredType": "alphanumeric",
"osMinimumVersion": "Os Minimum Version value",
"osMaximumVersion": "Os Maximum Version value",
"osMinimumBuildVersion": "Os Minimum Build Version value",
"osMaximumBuildVersion": "Os Maximum Build Version value",
"systemIntegrityProtectionEnabled": true,
"deviceThreatProtectionEnabled": true,
"deviceThreatProtectionRequiredSecurityLevel": "secured",
"advancedThreatProtectionRequiredSecurityLevel": "secured",
"storageRequireEncryption": true,
"gatekeeperAllowedAppSource": "macAppStore",
"firewallEnabled": true,
"firewallBlockAllIncoming": true,
"firewallEnableStealthMode": true
}
Feedback
https://aka.ms/ContentUserFeedback.
Coming soon: Throughout 2024 we will be phasing out GitHub Issues as the feedback mechanism for content and replacing it with a new feedback system. For more information see:Submit and view feedback for