更新 deviceRegistrationPolicy
命名空间:microsoft.graph
重要
Microsoft Graph版本下的 /beta API 可能会发生更改。 不支持在生产应用程序中使用这些 API。 若要确定 API 是否在 v1.0 中可用,请使用 版本 选择器。
更新 deviceRegistrationPolicy 对象的 属性。 表示 deviceRegistrationPolicy 配额限制、其他身份验证和授权策略,用于向组织注册设备标识。
权限
要调用此 API,需要以下权限之一。要了解详细信息,包括如何选择权限的信息,请参阅权限。
| 权限类型 |
权限(从最低特权到最高特权) |
| 委派(工作或学校帐户) |
Policy.ReadWrite.DeviceConfiguration |
| 委派(个人 Microsoft 帐户) |
不支持 |
| Application |
不支持 |
代表用户调用时,用户需要属于以下 Azure AD 角色:
HTTP 请求
PUT /policies/deviceRegistrationPolicy
| 名称 |
说明 |
| Authorization |
Bearer {token}。必需。 |
| Content-Type |
application/json. Required. |
请求正文
在请求正文中,仅 提供应更新的属性的值。未包含在请求正文中的现有属性将保留其以前的值或根据对其他属性值的更改重新计算。
下表指定可更新的属性。
| 属性 |
类型 |
说明 |
| userDeviceQuota |
Int32 |
指定在阻止新设备注册之前,用户可在组织中拥有的最大设备数。 |
| multiFactorAuthConfiguration |
multiFactorAuthConfiguration |
指定用户使用组织内注册的 Azure AD Join 或 Azure AD 完成注册的身份验证策略。 可能的值是:notRequired 或 required。 |
| azureADRegistration |
azureADRegistrationPolicy |
指定用于在组织内使用 Azure AD 注册控制新设备注册的授权策略。 必填。 有关详细信息,请参阅什么是设备标识? 如果启用Intune,则无法修改此属性。 |
| azureADJoin |
azureAdJoinPolicy |
指定用于在组织内使用 Azure AD Join 控制新设备注册的授权策略。 必填。 有关详细信息,请参阅什么是设备标识? |
响应
如果成功,此方法在响应正文中返回 200 OK 响应代码和更新的 deviceRegistrationPolicy 对象。
示例
请求
PUT https://graph.microsoft.com/beta/deviceRegistrationPolicy
Content-Type: application/json
{
"id": "deviceRegistrationPolicy",
"displayName": "Device Registration Policy",
"description": "Tenant-wide policy that manages intial provisioning controls using quota restrictions, additional authentication and authorization checks",
"userDeviceQuota": 50,
"multiFactorAuthConfiguration": "0",
"azureADRegistration": {
"appliesTo": "1",
"isAdminConfigurable": false,
"allowedUsers": [],
"allowedGroups": []
},
"azureADJoin": {
"appliesTo": "1",
"isAdminConfigurable": true,
"allowedUsers": [],
"allowedGroups": []
}
}
GraphServiceClient graphClient = new GraphServiceClient( authProvider );
var deviceRegistrationPolicy = new DeviceRegistrationPolicy
{
Id = "deviceRegistrationPolicy",
DisplayName = "Device Registration Policy",
Description = "Tenant-wide policy that manages intial provisioning controls using quota restrictions, additional authentication and authorization checks",
UserDeviceQuota = 50,
MultiFactorAuthConfiguration = MultiFactorAuthConfiguration.NotRequired,
AzureADRegistration = new AzureADRegistrationPolicy
{
AppliesTo = PolicyScope.None,
IsAdminConfigurable = false,
AllowedUsers = new List<String>()
{
},
AllowedGroups = new List<String>()
{
}
},
AzureADJoin = new AzureAdJoinPolicy
{
AppliesTo = PolicyScope.None,
IsAdminConfigurable = true,
AllowedUsers = new List<String>()
{
},
AllowedGroups = new List<String>()
{
}
}
};
await graphClient.DeviceRegistrationPolicy
.Request()
.PutAsync(deviceRegistrationPolicy);
const options = {
authProvider,
};
const client = Client.init(options);
const deviceRegistrationPolicy = {
id: 'deviceRegistrationPolicy',
displayName: 'Device Registration Policy',
description: 'Tenant-wide policy that manages intial provisioning controls using quota restrictions, additional authentication and authorization checks',
userDeviceQuota: 50,
multiFactorAuthConfiguration: '0',
azureADRegistration: {
appliesTo: '1',
isAdminConfigurable: false,
allowedUsers: [],
allowedGroups: []
},
azureADJoin: {
appliesTo: '1',
isAdminConfigurable: true,
allowedUsers: [],
allowedGroups: []
}
};
await client.api('/deviceRegistrationPolicy')
.version('beta')
.put(deviceRegistrationPolicy);
GraphServiceClient graphClient = GraphServiceClient.builder().authenticationProvider( authProvider ).buildClient();
DeviceRegistrationPolicy deviceRegistrationPolicy = new DeviceRegistrationPolicy();
deviceRegistrationPolicy.id = "deviceRegistrationPolicy";
deviceRegistrationPolicy.displayName = "Device Registration Policy";
deviceRegistrationPolicy.description = "Tenant-wide policy that manages intial provisioning controls using quota restrictions, additional authentication and authorization checks";
deviceRegistrationPolicy.userDeviceQuota = 50;
deviceRegistrationPolicy.multiFactorAuthConfiguration = MultiFactorAuthConfiguration.NOT_REQUIRED;
AzureADRegistrationPolicy azureADRegistration = new AzureADRegistrationPolicy();
azureADRegistration.appliesTo = PolicyScope.NONE;
azureADRegistration.isAdminConfigurable = false;
LinkedList<String> allowedUsersList = new LinkedList<String>();
azureADRegistration.allowedUsers = allowedUsersList;
LinkedList<String> allowedGroupsList = new LinkedList<String>();
azureADRegistration.allowedGroups = allowedGroupsList;
deviceRegistrationPolicy.azureADRegistration = azureADRegistration;
AzureAdJoinPolicy azureADJoin = new AzureAdJoinPolicy();
azureADJoin.appliesTo = PolicyScope.NONE;
azureADJoin.isAdminConfigurable = true;
LinkedList<String> allowedUsersList1 = new LinkedList<String>();
azureADJoin.allowedUsers = allowedUsersList1;
LinkedList<String> allowedGroupsList1 = new LinkedList<String>();
azureADJoin.allowedGroups = allowedGroupsList1;
deviceRegistrationPolicy.azureADJoin = azureADJoin;
graphClient.deviceRegistrationPolicy()
.buildRequest()
.put(deviceRegistrationPolicy);
//THE GO SDK IS IN PREVIEW. NON-PRODUCTION USE ONLY
graphClient := msgraphsdk.NewGraphServiceClient(requestAdapter)
requestBody := msgraphsdk.New()
requestBody.SetAdditionalData(map[string]interface{}{
"id": "deviceRegistrationPolicy",
"displayName": "Device Registration Policy",
"description": "Tenant-wide policy that manages intial provisioning controls using quota restrictions, additional authentication and authorization checks",
"userDeviceQuota": ,
"multiFactorAuthConfiguration": "0",
}
graphClient.DeviceRegistrationPolicy().Put(requestBody)
响应
注意: 为了提高可读性,可能缩短了此处显示的响应对象。
HTTP/1.1 200 OK
Content-Type: application/json
{
"@odata.context": "https://graph.microsoft.com/beta/$metadata#deviceRegistrationPolicy",
"id": "deviceRegistrationPolicy",
"displayName": "Device Registration Policy",
"description": "Tenant-wide policy that manages intial provisioning controls using quota restrictions, additional authentication and authorization checks",
"userDeviceQuota": 50,
"multiFactorAuthConfiguration": "0",
"azureADRegistration": {
"appliesTo": "1",
"isAdminConfigurable": false,
"allowedUsers": [],
"allowedGroups": []
},
"azureADJoin": {
"appliesTo": "1",
"isAdminConfigurable": true,
"allowedUsers": [],
"allowedGroups": []
}
}