appManagementPolicy の作成
[アーティクル]
12/06/2021
3 人の共同作成者
この記事の内容
名前空間: microsoft.graph
重要
Microsoft Graph のバージョンの /beta API は変更される可能性があります。 実稼働アプリケーションでこれらの API を使用することは、サポートされていません。 API が v1.0 で使用できるかどうかを確認するには、 バージョン セレクターを使用します。
appManagementPolicy オブジェクトを作成 します。
アクセス許可
この API を呼び出すには、次のいずれかのアクセス許可が必要です。アクセス許可の選択方法などの詳細については、「アクセス許可 」を参照してください。
アクセス許可の種類
アクセス許可 (特権の小さいものから大きいものへ)
委任 (職場または学校のアカウント)
Policy.ReadWrite.ApplicationConfiguration
委任 (個人用 Microsoft アカウント)
サポートされていません。
アプリケーション
Policy.ReadWrite.ApplicationConfiguration
HTTP 要求
POST /policies/appManagementPolicies
名前
説明
Authorization
ベアラー {token}。必須。
Content-Type
application/json. Required.
要求本文
要求本文で 、appManagementPolicy の JSON 表記を指定します 。
応答
成功した場合、このメソッドは応答ペイロードに 201 Created 新しい appManagementPolicy オブジェクトを含む応答コードを返します。
例
要求
要求の例を次に示します。 この要求は、次の設定でアプリ管理ポリシーを作成しました。
ポリシーを有効にする。
2019-10-19 以降に UTC 時間 10:37 に作成されたアプリケーションおよびサービス プリンシパルの新しいパスワードの作成をブロックします。
2014-10-19 以降に UTC 時間 10:37 に作成されたアプリケーションのパスワード シークレットとキー資格情報の有効期間を強制します。
2019-10-19 の午前 10 時 37 分の UTC 時間以降に作成されたアプリとサービス プリンシパルのパスワード シークレットを、4 日、12 時間 30 分、5 秒未満に制限します。
POST https://graph.microsoft.com/beta/policies/appManagementPolicies
{
"displayName": "Credential management policy",
"description": "Cred policy sample",
"isEnabled": true,
"restrictions": {
"passwordCredentials": [
{
"restrictionType": "passwordAddition",
"maxLifetime": null,
"restrictForAppsCreatedAfterDateTime": "2019-10-19T10:37:00Z"
},
{
"restrictionType": "passwordLifetime",
"maxLifetime": "P4DT12H30M5S",
"restrictForAppsCreatedAfterDateTime": "2014-10-19T10:37:00Z"
},
{
"restrictionType": "symmetricKeyAddition",
"maxLifetime": null,
"restrictForAppsCreatedAfterDateTime": "2019-10-19T10:37:00Z"
},
{
"restrictionType": "symmetricKeyLifetime",
"maxLifetime": "P4D",
"restrictForAppsCreatedAfterDateTime": "2014-10-19T10:37:00Z"
}
],
"keyCredentials": [
{
"restrictionType": "asymmetricKeyLifetime",
"maxLifetime": "P90D",
"restrictForAppsCreatedAfterDateTime": "2014-10-19T10:37:00Z"
}
]
}
}
GraphServiceClient graphClient = new GraphServiceClient( authProvider );
var appManagementPolicy = new AppManagementPolicy
{
DisplayName = "Credential management policy",
Description = "Cred policy sample",
IsEnabled = true,
Restrictions = new AppManagementConfiguration
{
PasswordCredentials = new List<PasswordCredentialConfiguration>()
{
new PasswordCredentialConfiguration
{
RestrictionType = AppCredentialRestrictionType.PasswordAddition,
MaxLifetime = null,
RestrictForAppsCreatedAfterDateTime = DateTimeOffset.Parse("2019-10-19T10:37:00Z")
},
new PasswordCredentialConfiguration
{
RestrictionType = AppCredentialRestrictionType.PasswordLifetime,
MaxLifetime = new Duration("P4DT12H30M5S"),
RestrictForAppsCreatedAfterDateTime = DateTimeOffset.Parse("2014-10-19T10:37:00Z")
},
new PasswordCredentialConfiguration
{
RestrictionType = AppCredentialRestrictionType.SymmetricKeyAddition,
MaxLifetime = null,
RestrictForAppsCreatedAfterDateTime = DateTimeOffset.Parse("2019-10-19T10:37:00Z")
},
new PasswordCredentialConfiguration
{
RestrictionType = AppCredentialRestrictionType.SymmetricKeyLifetime,
MaxLifetime = new Duration("P4D"),
RestrictForAppsCreatedAfterDateTime = DateTimeOffset.Parse("2014-10-19T10:37:00Z")
}
},
KeyCredentials = new List<KeyCredentialConfiguration>()
{
new KeyCredentialConfiguration
{
RestrictionType = AppKeyCredentialRestrictionType.AsymmetricKeyLifetime,
MaxLifetime = new Duration("P90D"),
RestrictForAppsCreatedAfterDateTime = DateTimeOffset.Parse("2014-10-19T10:37:00Z")
}
}
}
};
await graphClient.Policies.AppManagementPolicies
.Request()
.AddAsync(appManagementPolicy);
const options = {
authProvider,
};
const client = Client.init(options);
const appManagementPolicy = {
displayName: 'Credential management policy',
description: 'Cred policy sample',
isEnabled: true,
restrictions: {
passwordCredentials: [
{
restrictionType: 'passwordAddition',
maxLifetime: null,
restrictForAppsCreatedAfterDateTime: '2019-10-19T10:37:00Z'
},
{
restrictionType: 'passwordLifetime',
maxLifetime: 'P4DT12H30M5S',
restrictForAppsCreatedAfterDateTime: '2014-10-19T10:37:00Z'
},
{
restrictionType: 'symmetricKeyAddition',
maxLifetime: null,
restrictForAppsCreatedAfterDateTime: '2019-10-19T10:37:00Z'
},
{
restrictionType: 'symmetricKeyLifetime',
maxLifetime: 'P4D',
restrictForAppsCreatedAfterDateTime: '2014-10-19T10:37:00Z'
}
],
keyCredentials: [
{
restrictionType: 'asymmetricKeyLifetime',
maxLifetime: 'P90D',
restrictForAppsCreatedAfterDateTime: '2014-10-19T10:37:00Z'
}
]
}
};
await client.api('/policies/appManagementPolicies')
.version('beta')
.post(appManagementPolicy);
MSHTTPClient *httpClient = [MSClientFactory createHTTPClientWithAuthenticationProvider:authenticationProvider];
NSString *MSGraphBaseURL = @"https://graph.microsoft.com/beta/";
NSMutableURLRequest *urlRequest = [NSMutableURLRequest requestWithURL:[NSURL URLWithString:[MSGraphBaseURL stringByAppendingString:@"/policies/appManagementPolicies"]]];
[urlRequest setHTTPMethod:@"POST"];
MSGraphAppManagementPolicy *appManagementPolicy = [[MSGraphAppManagementPolicy alloc] init];
[appManagementPolicy setDisplayName:@"Credential management policy"];
[appManagementPolicy setDescription:@"Cred policy sample"];
[appManagementPolicy setIsEnabled: true];
MSGraphAppManagementConfiguration *restrictions = [[MSGraphAppManagementConfiguration alloc] init];
NSMutableArray *passwordCredentialsList = [[NSMutableArray alloc] init];
MSGraphPasswordCredentialConfiguration *passwordCredentials = [[MSGraphPasswordCredentialConfiguration alloc] init];
[passwordCredentials setRestrictionType: [MSGraphAppCredentialRestrictionType passwordAddition]];
[passwordCredentials setMaxLifetime: null];
[passwordCredentials setRestrictForAppsCreatedAfterDateTime: "2019-10-19T10:37:00Z"];
[passwordCredentialsList addObject: passwordCredentials];
MSGraphPasswordCredentialConfiguration *passwordCredentials = [[MSGraphPasswordCredentialConfiguration alloc] init];
[passwordCredentials setRestrictionType: [MSGraphAppCredentialRestrictionType passwordLifetime]];
[passwordCredentials setMaxLifetime:@"P4DT12H30M5S"];
[passwordCredentials setRestrictForAppsCreatedAfterDateTime: "2014-10-19T10:37:00Z"];
[passwordCredentialsList addObject: passwordCredentials];
MSGraphPasswordCredentialConfiguration *passwordCredentials = [[MSGraphPasswordCredentialConfiguration alloc] init];
[passwordCredentials setRestrictionType: [MSGraphAppCredentialRestrictionType symmetricKeyAddition]];
[passwordCredentials setMaxLifetime: null];
[passwordCredentials setRestrictForAppsCreatedAfterDateTime: "2019-10-19T10:37:00Z"];
[passwordCredentialsList addObject: passwordCredentials];
MSGraphPasswordCredentialConfiguration *passwordCredentials = [[MSGraphPasswordCredentialConfiguration alloc] init];
[passwordCredentials setRestrictionType: [MSGraphAppCredentialRestrictionType symmetricKeyLifetime]];
[passwordCredentials setMaxLifetime:@"P4D"];
[passwordCredentials setRestrictForAppsCreatedAfterDateTime: "2014-10-19T10:37:00Z"];
[passwordCredentialsList addObject: passwordCredentials];
[restrictions setPasswordCredentials:passwordCredentialsList];
NSMutableArray *keyCredentialsList = [[NSMutableArray alloc] init];
MSGraphKeyCredentialConfiguration *keyCredentials = [[MSGraphKeyCredentialConfiguration alloc] init];
[keyCredentials setRestrictionType: [MSGraphAppKeyCredentialRestrictionType asymmetricKeyLifetime]];
[keyCredentials setMaxLifetime:@"P90D"];
[keyCredentials setRestrictForAppsCreatedAfterDateTime: "2014-10-19T10:37:00Z"];
[keyCredentialsList addObject: keyCredentials];
[restrictions setKeyCredentials:keyCredentialsList];
[appManagementPolicy setRestrictions:restrictions];
NSError *error;
NSData *appManagementPolicyData = [appManagementPolicy getSerializedDataWithError:&error];
[urlRequest setHTTPBody:appManagementPolicyData];
MSURLSessionDataTask *meDataTask = [httpClient dataTaskWithRequest:urlRequest
completionHandler: ^(NSData *data, NSURLResponse *response, NSError *nserror) {
//Request Completed
}];
[meDataTask execute];
GraphServiceClient graphClient = GraphServiceClient.builder().authenticationProvider( authProvider ).buildClient();
AppManagementPolicy appManagementPolicy = new AppManagementPolicy();
appManagementPolicy.displayName = "Credential management policy";
appManagementPolicy.description = "Cred policy sample";
appManagementPolicy.isEnabled = true;
AppManagementConfiguration restrictions = new AppManagementConfiguration();
LinkedList<PasswordCredentialConfiguration> passwordCredentialsList = new LinkedList<PasswordCredentialConfiguration>();
PasswordCredentialConfiguration passwordCredentials = new PasswordCredentialConfiguration();
passwordCredentials.restrictionType = AppCredentialRestrictionType.PASSWORD_ADDITION;
passwordCredentials.maxLifetime = DatatypeFactory.newInstance().newDuration("null");
passwordCredentials.restrictForAppsCreatedAfterDateTime = OffsetDateTimeSerializer.deserialize("2019-10-19T10:37:00Z");
passwordCredentialsList.add(passwordCredentials);
PasswordCredentialConfiguration passwordCredentials1 = new PasswordCredentialConfiguration();
passwordCredentials1.restrictionType = AppCredentialRestrictionType.PASSWORD_LIFETIME;
passwordCredentials1.maxLifetime = DatatypeFactory.newInstance().newDuration("P4DT12H30M5S");
passwordCredentials1.restrictForAppsCreatedAfterDateTime = OffsetDateTimeSerializer.deserialize("2014-10-19T10:37:00Z");
passwordCredentialsList.add(passwordCredentials1);
PasswordCredentialConfiguration passwordCredentials2 = new PasswordCredentialConfiguration();
passwordCredentials2.restrictionType = AppCredentialRestrictionType.SYMMETRIC_KEY_ADDITION;
passwordCredentials2.maxLifetime = DatatypeFactory.newInstance().newDuration("null");
passwordCredentials2.restrictForAppsCreatedAfterDateTime = OffsetDateTimeSerializer.deserialize("2019-10-19T10:37:00Z");
passwordCredentialsList.add(passwordCredentials2);
PasswordCredentialConfiguration passwordCredentials3 = new PasswordCredentialConfiguration();
passwordCredentials3.restrictionType = AppCredentialRestrictionType.SYMMETRIC_KEY_LIFETIME;
passwordCredentials3.maxLifetime = DatatypeFactory.newInstance().newDuration("P4D");
passwordCredentials3.restrictForAppsCreatedAfterDateTime = OffsetDateTimeSerializer.deserialize("2014-10-19T10:37:00Z");
passwordCredentialsList.add(passwordCredentials3);
restrictions.passwordCredentials = passwordCredentialsList;
LinkedList<KeyCredentialConfiguration> keyCredentialsList = new LinkedList<KeyCredentialConfiguration>();
KeyCredentialConfiguration keyCredentials = new KeyCredentialConfiguration();
keyCredentials.restrictionType = AppKeyCredentialRestrictionType.ASYMMETRIC_KEY_LIFETIME;
keyCredentials.maxLifetime = DatatypeFactory.newInstance().newDuration("P90D");
keyCredentials.restrictForAppsCreatedAfterDateTime = OffsetDateTimeSerializer.deserialize("2014-10-19T10:37:00Z");
keyCredentialsList.add(keyCredentials);
restrictions.keyCredentials = keyCredentialsList;
appManagementPolicy.restrictions = restrictions;
graphClient.policies().appManagementPolicies()
.buildRequest()
.post(appManagementPolicy);
//THE GO SDK IS IN PREVIEW. NON-PRODUCTION USE ONLY
graphClient := msgraphsdk.NewGraphServiceClient(requestAdapter)
requestBody := msgraphsdk.NewAppManagementPolicy()
displayName := "Credential management policy"
requestBody.SetDisplayName(&displayName)
description := "Cred policy sample"
requestBody.SetDescription(&description)
isEnabled := true
requestBody.SetIsEnabled(&isEnabled)
restrictions := msgraphsdk.NewAppManagementConfiguration()
requestBody.SetRestrictions(restrictions)
restrictions.SetPasswordCredentials( []PasswordCredentialConfiguration {
msgraphsdk.NewPasswordCredentialConfiguration(),
restrictionType := "passwordAddition"
SetRestrictionType(&restrictionType)
SetMaxLifetime(nil)
restrictForAppsCreatedAfterDateTime, err := time.Parse(time.RFC3339, "2019-10-19T10:37:00Z")
SetRestrictForAppsCreatedAfterDateTime(&restrictForAppsCreatedAfterDateTime)
msgraphsdk.NewPasswordCredentialConfiguration(),
restrictionType := "passwordLifetime"
SetRestrictionType(&restrictionType)
maxLifetime := "P4DT12H30M5S"
SetMaxLifetime(&maxLifetime)
restrictForAppsCreatedAfterDateTime, err := time.Parse(time.RFC3339, "2014-10-19T10:37:00Z")
SetRestrictForAppsCreatedAfterDateTime(&restrictForAppsCreatedAfterDateTime)
msgraphsdk.NewPasswordCredentialConfiguration(),
restrictionType := "symmetricKeyAddition"
SetRestrictionType(&restrictionType)
SetMaxLifetime(nil)
restrictForAppsCreatedAfterDateTime, err := time.Parse(time.RFC3339, "2019-10-19T10:37:00Z")
SetRestrictForAppsCreatedAfterDateTime(&restrictForAppsCreatedAfterDateTime)
msgraphsdk.NewPasswordCredentialConfiguration(),
restrictionType := "symmetricKeyLifetime"
SetRestrictionType(&restrictionType)
maxLifetime := "P4D"
SetMaxLifetime(&maxLifetime)
restrictForAppsCreatedAfterDateTime, err := time.Parse(time.RFC3339, "2014-10-19T10:37:00Z")
SetRestrictForAppsCreatedAfterDateTime(&restrictForAppsCreatedAfterDateTime)
}
restrictions.SetKeyCredentials( []KeyCredentialConfiguration {
msgraphsdk.NewKeyCredentialConfiguration(),
restrictionType := "asymmetricKeyLifetime"
SetRestrictionType(&restrictionType)
maxLifetime := "P90D"
SetMaxLifetime(&maxLifetime)
restrictForAppsCreatedAfterDateTime, err := time.Parse(time.RFC3339, "2014-10-19T10:37:00Z")
SetRestrictForAppsCreatedAfterDateTime(&restrictForAppsCreatedAfterDateTime)
}
result, err := graphClient.Policies().AppManagementPolicies().Post(requestBody)
応答
応答の例を次に示します。
HTTP/1.1 200 OK
Content-type: application/json
{
"@odata.context": "https://graph.microsoft.com/beta/$metadata#policies/appManagementPolicies/$entity",
"id": "a4ab1ed9-46bb-4bef-88d4-86fd6398dd5d",
"displayName": "credential management policy",
"description": "Lorem ipsum",
"isEnabled": true,
"restrictions": {
"passwordCredentials": [
{
"restrictionType": "passwordAddition",
"maxLifetime": null,
"restrictForAppsCreatedAfterDateTime": "2019-10-19T10:37:00Z"
},
{
"restrictionType": "passwordLifetime",
"maxLifetime": "P4DT12H30M5S",
"restrictForAppsCreatedAfterDateTime": "2018-10-19T10:37:00Z"
}
]
}
}