Actualizar windows10EndpointProtectionConfigurationUpdate windows10EndpointProtectionConfiguration

Espacio de nombres: microsoft.graphNamespace: microsoft.graph

Nota: la API de Microsoft Graph para Intune requiere una licencia activa de Intune para el espacio empresarial.Note: The Microsoft Graph API for Intune requires an active Intune license for the tenant.

Actualice las propiedades de un objeto windows10EndpointProtectionConfiguration.Update the properties of a windows10EndpointProtectionConfiguration object.

Requisitos previosPrerequisites

Se requiere uno de los siguientes permisos para llamar a esta API. Para obtener más información, incluido cómo elegir permisos, vea Permisos.One of the following permissions is required to call this API. To learn more, including how to choose permissions, see Permissions.

Tipo de permisoPermission type Permisos (de más a menos privilegiados)Permissions (from most to least privileged)
Delegado (cuenta profesional o educativa)Delegated (work or school account) DeviceManagementConfiguration.ReadWrite.AllDeviceManagementConfiguration.ReadWrite.All
Delegado (cuenta personal de Microsoft)Delegated (personal Microsoft account) No admitida.Not supported.
AplicaciónApplication No admitida.Not supported.

Solicitud HTTPHTTP Request

PATCH /deviceManagement/deviceConfigurations/{deviceConfigurationId}

Encabezados de solicitudRequest headers

EncabezadoHeader ValorValue
AuthorizationAuthorization Se requiere <token> de portador.Bearer <token> Required.
AceptarAccept application/jsonapplication/json

Cuerpo de la solicitudRequest body

En el cuerpo de la solicitud, especifique una representación JSON del objeto windows10EndpointProtectionConfiguration.In the request body, supply a JSON representation for the windows10EndpointProtectionConfiguration object.

En la tabla siguiente se muestran las propiedades necesarias para crear el objeto windows10EndpointProtectionConfiguration.The following table shows the properties that are required when you create the windows10EndpointProtectionConfiguration.

PropiedadProperty TipoType DescripciónDescription
idid CadenaString Clave de la entidad.Key of the entity. Heredado de deviceConfigurationInherited from deviceConfiguration
lastModifiedDateTimelastModifiedDateTime DateTimeOffsetDateTimeOffset Fecha y hora en la que se modificó el objeto por última vez.DateTime the object was last modified. Heredado de deviceConfigurationInherited from deviceConfiguration
createdDateTimecreatedDateTime DateTimeOffsetDateTimeOffset Fecha y hora en la que se creó el objeto.DateTime the object was created. Heredado de deviceConfigurationInherited from deviceConfiguration
descriptiondescription CadenaString Descripción proporcionada por el administrador de la configuración del dispositivo.Admin provided description of the Device Configuration. Heredado de deviceConfigurationInherited from deviceConfiguration
displayNamedisplayName CadenaString Nombre proporcionado por el administrador de la configuración del dispositivo.Admin provided name of the device configuration. Heredado de deviceConfigurationInherited from deviceConfiguration
versionversion Int32Int32 Versión de la configuración del dispositivo.Version of the device configuration. Heredado de deviceConfigurationInherited from deviceConfiguration
firewallBlockStatefulFTPfirewallBlockStatefulFTP BooleanoBoolean Bloquea las conexiones FTP con estado en el dispositivo.Blocks stateful FTP connections to the device
firewallIdleTimeoutForSecurityAssociationInSecondsfirewallIdleTimeoutForSecurityAssociationInSeconds Int32Int32 Configura el tiempo de espera inactivo para asociaciones de seguridad, en segundos, de 300 a 3600 inclusive.Configures the idle timeout for security associations, in seconds, from 300 to 3600 inclusive. Se trata del período tras el cual expiran y se eliminan las asociaciones de seguridad.This is the period after which security associations will expire and be deleted. Valores válidos de 300 a 3600.Valid values 300 to 3600
firewallPreSharedKeyEncodingMethodfirewallPreSharedKeyEncodingMethod firewallPreSharedKeyEncodingMethodTypefirewallPreSharedKeyEncodingMethodType Seleccione la codificación de clave previamente compartida que se va a usar.Select the preshared key encoding to be used. Los valores posibles son: deviceDefault, none y utF8.Possible values are: deviceDefault, none, utF8.
firewallIPSecExemptionsAllowNeighborDiscoveryfirewallIPSecExemptionsAllowNeighborDiscovery BooleanoBoolean Configura las exenciones IPSec para permitir los códigos de tipo ICMP de IPv6 de detección de vecinos.Configures IPSec exemptions to allow neighbor discovery IPv6 ICMP type-codes
firewallIPSecExemptionsAllowICMPfirewallIPSecExemptionsAllowICMP BooleanoBoolean Configura las exenciones IPSec para permitir ICMP.Configures IPSec exemptions to allow ICMP
firewallIPSecExemptionsAllowRouterDiscoveryfirewallIPSecExemptionsAllowRouterDiscovery BooleanoBoolean Configura las exenciones IPSec para permitir los códigos de tipo ICMP de IPv6 de detección de enrutadores.Configures IPSec exemptions to allow router discovery IPv6 ICMP type-codes
firewallIPSecExemptionsAllowDHCPfirewallIPSecExemptionsAllowDHCP BooleanoBoolean Configura las exenciones IPSec para permitir el tráfico DHCP de IPv4 e IPv6.Configures IPSec exemptions to allow both IPv4 and IPv6 DHCP traffic
firewallCertificateRevocationListCheckMethodfirewallCertificateRevocationListCheckMethod firewallCertificateRevocationListCheckMethodTypefirewallCertificateRevocationListCheckMethodType Especifique cómo debe aplicarse la lista de revocación de certificados.Specify how the certificate revocation list is to be enforced. Los valores posibles son: deviceDefault, none, attempt y require.Possible values are: deviceDefault, none, attempt, require.
firewallMergeKeyingModuleSettingsfirewallMergeKeyingModuleSettings BooleanoBoolean Si un conjunto de autenticación no es totalmente compatible con un módulo de generación de claves, dirija el módulo para que solo ignore los conjuntos de autenticación no admitidos, en lugar de todo el conjunto.If an authentication set is not fully supported by a keying module, direct the module to ignore only unsupported authentication suites rather than the entire set
firewallPacketQueueingMethodfirewallPacketQueueingMethod firewallPacketQueueingMethodTypefirewallPacketQueueingMethodType Configura cómo se deben aplicar las colas de paquetes en el escenario de puerta de enlace de túnel.Configures how packet queueing should be applied in the tunnel gateway scenario. Los valores posibles son: deviceDefault, disabled, queueInbound, queueOutbound y queueBoth.Possible values are: deviceDefault, disabled, queueInbound, queueOutbound, queueBoth.
firewallProfileDomainfirewallProfileDomain windowsFirewallNetworkProfilewindowsFirewallNetworkProfile Configura las opciones del perfil de firewall para redes de dominio.Configures the firewall profile settings for domain networks
firewallProfilePublicfirewallProfilePublic windowsFirewallNetworkProfilewindowsFirewallNetworkProfile Configura las opciones del perfil de firewall para redes públicas.Configures the firewall profile settings for public networks
firewallProfilePrivatefirewallProfilePrivate windowsFirewallNetworkProfilewindowsFirewallNetworkProfile Configura las opciones del perfil de firewall para redes privadas.Configures the firewall profile settings for private networks
defenderAttackSurfaceReductionExcludedPathsdefenderAttackSurfaceReductionExcludedPaths Colección de cadenasString collection Lista de archivos exe y carpetas que se deben excluir de las reglas de reducción de la superficie expuesta a ataques.List of exe files and folders to be excluded from attack surface reduction rules
defenderGuardedFoldersAllowedAppPathsdefenderGuardedFoldersAllowedAppPaths Colección de cadenasString collection Lista de rutas de acceso a exe que pueden obtener acceso a carpetas protegidas.List of paths to exe that are allowed to access protected folders
defenderAdditionalGuardedFoldersdefenderAdditionalGuardedFolders Colección de cadenasString collection Lista de las rutas de acceso de carpeta que se van a agregar a la lista de carpetas protegidas.List of folder paths to be added to the list of protected folders
defenderExploitProtectionXmldefenderExploitProtectionXml BinarioBinary Contenido XML que contiene información sobre detalles de protección contra vulnerabilidades de seguridad.Xml content containing information regarding exploit protection details.
defenderExploitProtectionXmlFileNamedefenderExploitProtectionXmlFileName CadenaString Nombre del archivo del que se obtuvo DefenderExploitProtectionXml.Name of the file from which DefenderExploitProtectionXml was obtained.
defenderSecurityCenterBlockExploitProtectionOverridedefenderSecurityCenterBlockExploitProtectionOverride BooleanoBoolean Indica si se va a impedir que el usuario invalide la configuración de protección contra vulnerabilidades.Indicates whether or not to block user from overriding Exploit Protection settings.
appLockerApplicationControlappLockerApplicationControl appLockerApplicationControlTypeappLockerApplicationControlType Permite que el administrador elija los tipos de aplicación que se permiten en los dispositivos.Enables the Admin to choose what types of app to allow on devices. Los valores posibles son: notConfigured, enforceComponentsAndStoreApps, auditComponentsAndStoreApps, enforceComponentsStoreAppsAndSmartlocker y auditComponentsStoreAppsAndSmartlocker.Possible values are: notConfigured, enforceComponentsAndStoreApps, auditComponentsAndStoreApps, enforceComponentsStoreAppsAndSmartlocker, auditComponentsStoreAppsAndSmartlocker.
smartScreenEnableInShellsmartScreenEnableInShell BooleanoBoolean Permite que los administradores de TI configuren SmartScreen para Windows.Allows IT Admins to configure SmartScreen for Windows.
smartScreenBlockOverrideForFilessmartScreenBlockOverrideForFiles BooleanoBoolean Permite a los administradores de ti controlar si los usuarios pueden omitir las advertencias de SmartScreen y ejecutar archivos malintencionados.Allows IT Admins to control whether users can ignore SmartScreen warnings and run malicious files.
applicationGuardEnabledapplicationGuardEnabled BooleanoBoolean Habilitar la Protección de aplicaciones de Windows Defender.Enable Windows Defender Application Guard
applicationGuardBlockFileTransferapplicationGuardBlockFileTransfer applicationGuardBlockFileTransferTypeapplicationGuardBlockFileTransferType Bloquear portapapeles para transferir el archivo de imagen, el archivo de texto o ninguno de ellos.Block clipboard to transfer image file, text file or neither of them. Los valores posibles son: notConfigured, blockImageAndTextFile, blockImageFile, blockNone y blockTextFile.Possible values are: notConfigured, blockImageAndTextFile, blockImageFile, blockNone, blockTextFile.
applicationGuardBlockNonEnterpriseContentapplicationGuardBlockNonEnterpriseContent BooleanoBoolean Impedir que los sitios de la empresa carguen contenido no empresarial, como complementos de terceros.Block enterprise sites to load non-enterprise content, such as third party plug-ins
applicationGuardAllowPersistenceapplicationGuardAllowPersistence BooleanoBoolean Permitir el almacenamiento de los datos generados por el usuario en el contenedor de la protección de aplicaciones (favoritos, cookies, contraseñas web, etc.).Allow persisting user generated data inside the App Guard Containter (favorites, cookies, web passwords, etc.)
applicationGuardForceAuditingapplicationGuardForceAuditing BooleanoBoolean La auditoría forzada conservará los registros y eventos de Windows para cumplir con los criterios de seguridad y cumplimiento (algunos eventos de ejemplo son el inicio y cierre de sesión del usuario, el uso de derechos de privilegio, la instalación de software, los cambios del sistema, etc.).Force auditing will persist Windows logs and events to meet security/compliance criteria (sample events are user login-logoff, use of privilege rights, software installation, system changes, etc.)
applicationGuardBlockClipboardSharingapplicationGuardBlockClipboardSharing applicationGuardBlockClipboardSharingTypeapplicationGuardBlockClipboardSharingType Impedir que el Portapapeles comparta los datos del host al contenedor, del contenedor al host, en ambas direcciones o en ninguna.Block clipboard to share data from Host to Container, or from Container to Host, or both ways, or neither ways. Los valores posibles son: notConfigured, blockBoth, blockHostToContainer, blockContainerToHost y blockNone.Possible values are: notConfigured, blockBoth, blockHostToContainer, blockContainerToHost, blockNone.
applicationGuardAllowPrintToPDFapplicationGuardAllowPrintToPDF BooleanoBoolean Permitir la impresión en PDF desde el contenedor.Allow printing to PDF from Container
applicationGuardAllowPrintToXPSapplicationGuardAllowPrintToXPS BooleanoBoolean Permitir la impresión en XPS desde el contenedor.Allow printing to XPS from Container
applicationGuardAllowPrintToLocalPrintersapplicationGuardAllowPrintToLocalPrinters BooleanoBoolean Permitir la impresión en impresoras locales desde el contenedor.Allow printing to Local Printers from Container
applicationGuardAllowPrintToNetworkPrintersapplicationGuardAllowPrintToNetworkPrinters BooleanoBoolean Permitir la impresión en impresoras en red desde el contenedor.Allow printing to Network Printers from Container
bitLockerDisableWarningForOtherDiskEncryptionbitLockerDisableWarningForOtherDiskEncryption BooleanoBoolean Permite que el administrador deshabilite el mensaje de advertencia para otro cifrado de disco en los equipos de usuario.Allows the Admin to disable the warning prompt for other disk encryption on the user machines.
bitLockerEnableStorageCardEncryptionOnMobilebitLockerEnableStorageCardEncryptionOnMobile BooleanoBoolean Permite que el administrador exija que se active el cifrado con BitLocker.Allows the admin to require encryption to be turned on using BitLocker. Esta directiva solo es válida para una SKU móvil.This policy is valid only for a mobile SKU.
bitLockerEncryptDevicebitLockerEncryptDevice BooleanoBoolean Permite que el administrador exija que se active el cifrado con BitLocker.Allows the admin to require encryption to be turned on using BitLocker.
bitLockerRemovableDrivePolicybitLockerRemovableDrivePolicy bitLockerRemovableDrivePolicybitLockerRemovableDrivePolicy Directiva de unidad extraíble de BitLocker.BitLocker Removable Drive Policy.

RespuestaResponse

Si se ejecuta correctamente, este método devuelve un código de respuesta 200 OK y un objeto windows10EndpointProtectionConfiguration actualizado en el cuerpo de la respuesta.If successful, this method returns a 200 OK response code and an updated windows10EndpointProtectionConfiguration object in the response body.

EjemploExample

SolicitudRequest

Aquí tiene un ejemplo de la solicitud.Here is an example of the request.

PATCH https://graph.microsoft.com/v1.0/deviceManagement/deviceConfigurations/{deviceConfigurationId}
Content-type: application/json
Content-length: 4245

{
  "@odata.type": "#microsoft.graph.windows10EndpointProtectionConfiguration",
  "description": "Description value",
  "displayName": "Display Name value",
  "version": 7,
  "firewallBlockStatefulFTP": true,
  "firewallIdleTimeoutForSecurityAssociationInSeconds": 2,
  "firewallPreSharedKeyEncodingMethod": "none",
  "firewallIPSecExemptionsAllowNeighborDiscovery": true,
  "firewallIPSecExemptionsAllowICMP": true,
  "firewallIPSecExemptionsAllowRouterDiscovery": true,
  "firewallIPSecExemptionsAllowDHCP": true,
  "firewallCertificateRevocationListCheckMethod": "none",
  "firewallMergeKeyingModuleSettings": true,
  "firewallPacketQueueingMethod": "disabled",
  "firewallProfileDomain": {
    "@odata.type": "microsoft.graph.windowsFirewallNetworkProfile",
    "firewallEnabled": "blocked",
    "stealthModeBlocked": true,
    "incomingTrafficBlocked": true,
    "unicastResponsesToMulticastBroadcastsBlocked": true,
    "inboundNotificationsBlocked": true,
    "authorizedApplicationRulesFromGroupPolicyMerged": true,
    "globalPortRulesFromGroupPolicyMerged": true,
    "connectionSecurityRulesFromGroupPolicyMerged": true,
    "outboundConnectionsBlocked": true,
    "inboundConnectionsBlocked": true,
    "securedPacketExemptionAllowed": true,
    "policyRulesFromGroupPolicyMerged": true
  },
  "firewallProfilePublic": {
    "@odata.type": "microsoft.graph.windowsFirewallNetworkProfile",
    "firewallEnabled": "blocked",
    "stealthModeBlocked": true,
    "incomingTrafficBlocked": true,
    "unicastResponsesToMulticastBroadcastsBlocked": true,
    "inboundNotificationsBlocked": true,
    "authorizedApplicationRulesFromGroupPolicyMerged": true,
    "globalPortRulesFromGroupPolicyMerged": true,
    "connectionSecurityRulesFromGroupPolicyMerged": true,
    "outboundConnectionsBlocked": true,
    "inboundConnectionsBlocked": true,
    "securedPacketExemptionAllowed": true,
    "policyRulesFromGroupPolicyMerged": true
  },
  "firewallProfilePrivate": {
    "@odata.type": "microsoft.graph.windowsFirewallNetworkProfile",
    "firewallEnabled": "blocked",
    "stealthModeBlocked": true,
    "incomingTrafficBlocked": true,
    "unicastResponsesToMulticastBroadcastsBlocked": true,
    "inboundNotificationsBlocked": true,
    "authorizedApplicationRulesFromGroupPolicyMerged": true,
    "globalPortRulesFromGroupPolicyMerged": true,
    "connectionSecurityRulesFromGroupPolicyMerged": true,
    "outboundConnectionsBlocked": true,
    "inboundConnectionsBlocked": true,
    "securedPacketExemptionAllowed": true,
    "policyRulesFromGroupPolicyMerged": true
  },
  "defenderAttackSurfaceReductionExcludedPaths": [
    "Defender Attack Surface Reduction Excluded Paths value"
  ],
  "defenderGuardedFoldersAllowedAppPaths": [
    "Defender Guarded Folders Allowed App Paths value"
  ],
  "defenderAdditionalGuardedFolders": [
    "Defender Additional Guarded Folders value"
  ],
  "defenderExploitProtectionXml": "ZGVmZW5kZXJFeHBsb2l0UHJvdGVjdGlvblhtbA==",
  "defenderExploitProtectionXmlFileName": "Defender Exploit Protection Xml File Name value",
  "defenderSecurityCenterBlockExploitProtectionOverride": true,
  "appLockerApplicationControl": "enforceComponentsAndStoreApps",
  "smartScreenEnableInShell": true,
  "smartScreenBlockOverrideForFiles": true,
  "applicationGuardEnabled": true,
  "applicationGuardBlockFileTransfer": "blockImageAndTextFile",
  "applicationGuardBlockNonEnterpriseContent": true,
  "applicationGuardAllowPersistence": true,
  "applicationGuardForceAuditing": true,
  "applicationGuardBlockClipboardSharing": "blockBoth",
  "applicationGuardAllowPrintToPDF": true,
  "applicationGuardAllowPrintToXPS": true,
  "applicationGuardAllowPrintToLocalPrinters": true,
  "applicationGuardAllowPrintToNetworkPrinters": true,
  "bitLockerDisableWarningForOtherDiskEncryption": true,
  "bitLockerEnableStorageCardEncryptionOnMobile": true,
  "bitLockerEncryptDevice": true,
  "bitLockerRemovableDrivePolicy": {
    "@odata.type": "microsoft.graph.bitLockerRemovableDrivePolicy",
    "encryptionMethod": "aesCbc256",
    "requireEncryptionForWriteAccess": true,
    "blockCrossOrganizationWriteAccess": true
  }
}

RespuestaResponse

Aquí tiene un ejemplo de la respuesta. Nota: Puede que el objeto de respuesta que aparece aquí se trunque para abreviar. Todas las propiedades se devolverán de una llamada real.Here is an example of the response. Note: The response object shown here may be truncated for brevity. All of the properties will be returned from an actual call.

HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 4417

{
  "@odata.type": "#microsoft.graph.windows10EndpointProtectionConfiguration",
  "id": "09709403-9403-0970-0394-700903947009",
  "lastModifiedDateTime": "2017-01-01T00:00:35.1329464-08:00",
  "createdDateTime": "2017-01-01T00:02:43.5775965-08:00",
  "description": "Description value",
  "displayName": "Display Name value",
  "version": 7,
  "firewallBlockStatefulFTP": true,
  "firewallIdleTimeoutForSecurityAssociationInSeconds": 2,
  "firewallPreSharedKeyEncodingMethod": "none",
  "firewallIPSecExemptionsAllowNeighborDiscovery": true,
  "firewallIPSecExemptionsAllowICMP": true,
  "firewallIPSecExemptionsAllowRouterDiscovery": true,
  "firewallIPSecExemptionsAllowDHCP": true,
  "firewallCertificateRevocationListCheckMethod": "none",
  "firewallMergeKeyingModuleSettings": true,
  "firewallPacketQueueingMethod": "disabled",
  "firewallProfileDomain": {
    "@odata.type": "microsoft.graph.windowsFirewallNetworkProfile",
    "firewallEnabled": "blocked",
    "stealthModeBlocked": true,
    "incomingTrafficBlocked": true,
    "unicastResponsesToMulticastBroadcastsBlocked": true,
    "inboundNotificationsBlocked": true,
    "authorizedApplicationRulesFromGroupPolicyMerged": true,
    "globalPortRulesFromGroupPolicyMerged": true,
    "connectionSecurityRulesFromGroupPolicyMerged": true,
    "outboundConnectionsBlocked": true,
    "inboundConnectionsBlocked": true,
    "securedPacketExemptionAllowed": true,
    "policyRulesFromGroupPolicyMerged": true
  },
  "firewallProfilePublic": {
    "@odata.type": "microsoft.graph.windowsFirewallNetworkProfile",
    "firewallEnabled": "blocked",
    "stealthModeBlocked": true,
    "incomingTrafficBlocked": true,
    "unicastResponsesToMulticastBroadcastsBlocked": true,
    "inboundNotificationsBlocked": true,
    "authorizedApplicationRulesFromGroupPolicyMerged": true,
    "globalPortRulesFromGroupPolicyMerged": true,
    "connectionSecurityRulesFromGroupPolicyMerged": true,
    "outboundConnectionsBlocked": true,
    "inboundConnectionsBlocked": true,
    "securedPacketExemptionAllowed": true,
    "policyRulesFromGroupPolicyMerged": true
  },
  "firewallProfilePrivate": {
    "@odata.type": "microsoft.graph.windowsFirewallNetworkProfile",
    "firewallEnabled": "blocked",
    "stealthModeBlocked": true,
    "incomingTrafficBlocked": true,
    "unicastResponsesToMulticastBroadcastsBlocked": true,
    "inboundNotificationsBlocked": true,
    "authorizedApplicationRulesFromGroupPolicyMerged": true,
    "globalPortRulesFromGroupPolicyMerged": true,
    "connectionSecurityRulesFromGroupPolicyMerged": true,
    "outboundConnectionsBlocked": true,
    "inboundConnectionsBlocked": true,
    "securedPacketExemptionAllowed": true,
    "policyRulesFromGroupPolicyMerged": true
  },
  "defenderAttackSurfaceReductionExcludedPaths": [
    "Defender Attack Surface Reduction Excluded Paths value"
  ],
  "defenderGuardedFoldersAllowedAppPaths": [
    "Defender Guarded Folders Allowed App Paths value"
  ],
  "defenderAdditionalGuardedFolders": [
    "Defender Additional Guarded Folders value"
  ],
  "defenderExploitProtectionXml": "ZGVmZW5kZXJFeHBsb2l0UHJvdGVjdGlvblhtbA==",
  "defenderExploitProtectionXmlFileName": "Defender Exploit Protection Xml File Name value",
  "defenderSecurityCenterBlockExploitProtectionOverride": true,
  "appLockerApplicationControl": "enforceComponentsAndStoreApps",
  "smartScreenEnableInShell": true,
  "smartScreenBlockOverrideForFiles": true,
  "applicationGuardEnabled": true,
  "applicationGuardBlockFileTransfer": "blockImageAndTextFile",
  "applicationGuardBlockNonEnterpriseContent": true,
  "applicationGuardAllowPersistence": true,
  "applicationGuardForceAuditing": true,
  "applicationGuardBlockClipboardSharing": "blockBoth",
  "applicationGuardAllowPrintToPDF": true,
  "applicationGuardAllowPrintToXPS": true,
  "applicationGuardAllowPrintToLocalPrinters": true,
  "applicationGuardAllowPrintToNetworkPrinters": true,
  "bitLockerDisableWarningForOtherDiskEncryption": true,
  "bitLockerEnableStorageCardEncryptionOnMobile": true,
  "bitLockerEncryptDevice": true,
  "bitLockerRemovableDrivePolicy": {
    "@odata.type": "microsoft.graph.bitLockerRemovableDrivePolicy",
    "encryptionMethod": "aesCbc256",
    "requireEncryptionForWriteAccess": true,
    "blockCrossOrganizationWriteAccess": true
  }
}