更新 windows10EndpointProtectionConfiguration

命名空间：microsoft.graph

注意：适用于 Intune 的 Microsoft Graph API 需要适用于租户的活动 Intune 许可证。

更新 windows10EndpointProtectionConfiguration 对象的属性。

此 API 可用于以下国家级云部署。

全局服务	美国政府 L4	美国政府 L5 (DOD)	由世纪互联运营的中国
✅	✅	✅	✅

权限

要调用此 API，需要以下权限之一。 若要了解详细信息，包括如何选择权限的信息，请参阅权限。

权限类型	权限（从最低特权到最高特权）
委派（工作或学校帐户）	DeviceManagementConfiguration.ReadWrite.All
委派（个人 Microsoft 帐户）	不支持。
应用程序	DeviceManagementConfiguration.ReadWrite.All

HTTP 请求

PATCH /deviceManagement/deviceConfigurations/{deviceConfigurationId}

请求标头

标头	值
Authorization	持有者 {token}。 必填。 详细了解 身份验证和授权。
接受	application/json

请求正文

在请求正文中，提供 windows10EndpointProtectionConfiguration 对象的 JSON 表示形式。

下表显示了创建 windows10EndpointProtectionConfiguration 时所需的属性。

属性	类型	说明
id	String	实体的键。 继承自 deviceConfiguration
lastModifiedDateTime	DateTimeOffset	上次修改对象的日期/时间。 继承自 deviceConfiguration
createdDateTime	DateTimeOffset	创建对象的日期/时间。 继承自 deviceConfiguration
description	String	管理员提供的设备配置的说明。 继承自 deviceConfiguration
displayName	String	管理员提供的设备配置的名称。 继承自 deviceConfiguration
version	Int32	设备配置的版本。 继承自 deviceConfiguration
firewallBlockStatefulFTP	Boolean	阻止到设备的有状态 FTP 连接
firewallIdleTimeoutForSecurityAssociationInSeconds	Int32	配置安全关联的空闲超时（以秒为单位），值范围为 300 到 3600（包括这两个值）。 这是一个时间段，在此之后安全关联将过期并被删除。 有效值为 300 至 3600
firewallPreSharedKeyEncodingMethod	firewallPreSharedKeyEncodingMethodType	选择要使用的预共享密钥编码。 可取值为：deviceDefault、none、utF8。
firewallIPSecExemptionsAllowNeighborDiscovery	Boolean	配置 IPSec 免除项以允许邻居发现 IPv6 ICMP 类型代码
firewallIPSecExemptionsAllowICMP	Boolean	配置 IPSec 免除项以允许 ICMP
firewallIPSecExemptionsAllowRouterDiscovery	Boolean	配置 IPSec 免除项以允许路由器发现 IPv6 ICMP 类型代码
firewallIPSecExemptionsAllowDHCP	Boolean	配置 IPSec 免除项以允许 IPv4 和 IPv6 DHCP 通信
firewallCertificateRevocationListCheckMethod	firewallCertificateRevocationListCheckMethodType	指定如何强制实施证书吊销列表。 可能的值是：deviceDefault、none、attempt、require。
firewallMergeKeyingModuleSettings	Boolean	如果键控模块不完全支持身份验证集，请指示模块仅忽略不受支持的身份验证套件而不是整个集
firewallPacketQueueingMethod	firewallPacketQueueingMethodType	配置应在隧道网关方案中应用数据包队列的方式。 可取值为：deviceDefault、disabled、queueInbound、queueOutbound、queueBoth。
firewallProfileDomain	windowsFirewallNetworkProfile	配置域网络的防火墙配置文件设置
firewallProfilePublic	windowsFirewallNetworkProfile	配置公用网络的防火墙配置文件设置
firewallProfilePrivate	windowsFirewallNetworkProfile	配置专用网络的防火墙配置文件设置
defenderAttackSurfaceReductionExcludedPaths	String 集合	要从攻击面减少规则中排除的 exe 文件和文件夹的列表
defenderGuardedFoldersAllowedAppPaths	String 集合	允许访问受保护文件夹的 exe 路径列表
defenderAdditionalGuardedFolders	String 集合	要添加到受保护文件夹列表的文件夹路径列表
defenderExploitProtectionXml	Binary	包含有关 Exploit Protection 详细信息的 xml 内容。
defenderExploitProtectionXmlFileName	String	从中获取 DefenderExploitProtectionXml 的文件的名称。
defenderSecurityCenterBlockExploitProtectionOverride	Boolean	指示是否阻止用户覆盖 Exploit Protection 设置。
appLockerApplicationControl	appLockerApplicationControlType	使管理员能够选择在设备上允许哪些类型的应用。 可取值为：notConfigured、enforceComponentsAndStoreApps、auditComponentsAndStoreApps、enforceComponentsStoreAppsAndSmartlocker、auditComponentsStoreAppsAndSmartlocker。
smartScreenEnableInShell	Boolean	允许 IT 管理员配置适用于 Windows 的 SmartScreen。
smartScreenBlockOverrideForFiles	Boolean	允许 IT 管理员控制用户是否可以忽略 SmartScreen 警告并运行恶意文件。
applicationGuardEnabled	Boolean	启用 Windows Defender 应用程序防护
applicationGuardBlockFileTransfer	applicationGuardBlockFileTransferType	阻止剪贴板传输图像文件、文本文件或两者均不传输。 可取值为：notConfigured、blockImageAndTextFile、blockImageFile、blockNone、blockTextFile。
applicationGuardBlockNonEnterpriseContent	Boolean	阻止企业站点加载非企业内容，例如第三方插件
applicationGuardAllowPersistence	Boolean	允许 App Guard 容器（收藏夹、Cookie、Web 密码等）内的持久用户生成数据
applicationGuardForceAuditing	Boolean	强制审核将存留 Windows 日志和事件以满足安全/符合性条件（示例事件是用户登录注销、特权使用、软件安装、系统更改等）
applicationGuardBlockClipboardSharing	applicationGuardBlockClipboardSharingType	阻止剪贴板将数据从主机共享到容器或从容器共享到主机，或阻止两种方式，或两种方式均不阻止。 可取值为：notConfigured、blockBoth、blockHostToContainer、blockContainerToHost、blockNone。
applicationGuardAllowPrintToPDF	Boolean	允许从容器打印为 PDF 格式
applicationGuardAllowPrintToXPS	Boolean	允许从容器打印为 XPS 格式
applicationGuardAllowPrintToLocalPrinters	Boolean	允许从容器打印到本地打印机
applicationGuardAllowPrintToNetworkPrinters	Boolean	允许从容器打印到网络打印机
bitLockerDisableWarningForOtherDiskEncryption	Boolean	允许管理员禁用对用户计算机上其他磁盘加密的警告提示。
bitLockerEnableStorageCardEncryptionOnMobile	Boolean	允许管理员要求使用 BitLocker 开启加密功能。 此策略仅适用于移动 SKU。
bitLockerEncryptDevice	Boolean	允许管理员要求使用 BitLocker 开启加密功能。
bitLockerRemovableDrivePolicy	bitLockerRemovableDrivePolicy	BitLocker 可移动驱动器策略。

响应

如果成功，此方法在响应正文中返回 200 OK 响应代码和更新的 windows10EndpointProtectionConfiguration 对象。

示例

请求

下面是一个请求示例。

HTTP

PATCH https://graph.microsoft.com/v1.0/deviceManagement/deviceConfigurations/{deviceConfigurationId}
Content-type: application/json
Content-length: 4245

{
  "@odata.type": "#microsoft.graph.windows10EndpointProtectionConfiguration",
  "description": "Description value",
  "displayName": "Display Name value",
  "version": 7,
  "firewallBlockStatefulFTP": true,
  "firewallIdleTimeoutForSecurityAssociationInSeconds": 2,
  "firewallPreSharedKeyEncodingMethod": "none",
  "firewallIPSecExemptionsAllowNeighborDiscovery": true,
  "firewallIPSecExemptionsAllowICMP": true,
  "firewallIPSecExemptionsAllowRouterDiscovery": true,
  "firewallIPSecExemptionsAllowDHCP": true,
  "firewallCertificateRevocationListCheckMethod": "none",
  "firewallMergeKeyingModuleSettings": true,
  "firewallPacketQueueingMethod": "disabled",
  "firewallProfileDomain": {
    "@odata.type": "microsoft.graph.windowsFirewallNetworkProfile",
    "firewallEnabled": "blocked",
    "stealthModeBlocked": true,
    "incomingTrafficBlocked": true,
    "unicastResponsesToMulticastBroadcastsBlocked": true,
    "inboundNotificationsBlocked": true,
    "authorizedApplicationRulesFromGroupPolicyMerged": true,
    "globalPortRulesFromGroupPolicyMerged": true,
    "connectionSecurityRulesFromGroupPolicyMerged": true,
    "outboundConnectionsBlocked": true,
    "inboundConnectionsBlocked": true,
    "securedPacketExemptionAllowed": true,
    "policyRulesFromGroupPolicyMerged": true
  },
  "firewallProfilePublic": {
    "@odata.type": "microsoft.graph.windowsFirewallNetworkProfile",
    "firewallEnabled": "blocked",
    "stealthModeBlocked": true,
    "incomingTrafficBlocked": true,
    "unicastResponsesToMulticastBroadcastsBlocked": true,
    "inboundNotificationsBlocked": true,
    "authorizedApplicationRulesFromGroupPolicyMerged": true,
    "globalPortRulesFromGroupPolicyMerged": true,
    "connectionSecurityRulesFromGroupPolicyMerged": true,
    "outboundConnectionsBlocked": true,
    "inboundConnectionsBlocked": true,
    "securedPacketExemptionAllowed": true,
    "policyRulesFromGroupPolicyMerged": true
  },
  "firewallProfilePrivate": {
    "@odata.type": "microsoft.graph.windowsFirewallNetworkProfile",
    "firewallEnabled": "blocked",
    "stealthModeBlocked": true,
    "incomingTrafficBlocked": true,
    "unicastResponsesToMulticastBroadcastsBlocked": true,
    "inboundNotificationsBlocked": true,
    "authorizedApplicationRulesFromGroupPolicyMerged": true,
    "globalPortRulesFromGroupPolicyMerged": true,
    "connectionSecurityRulesFromGroupPolicyMerged": true,
    "outboundConnectionsBlocked": true,
    "inboundConnectionsBlocked": true,
    "securedPacketExemptionAllowed": true,
    "policyRulesFromGroupPolicyMerged": true
  },
  "defenderAttackSurfaceReductionExcludedPaths": [
    "Defender Attack Surface Reduction Excluded Paths value"
  ],
  "defenderGuardedFoldersAllowedAppPaths": [
    "Defender Guarded Folders Allowed App Paths value"
  ],
  "defenderAdditionalGuardedFolders": [
    "Defender Additional Guarded Folders value"
  ],
  "defenderExploitProtectionXml": "ZGVmZW5kZXJFeHBsb2l0UHJvdGVjdGlvblhtbA==",
  "defenderExploitProtectionXmlFileName": "Defender Exploit Protection Xml File Name value",
  "defenderSecurityCenterBlockExploitProtectionOverride": true,
  "appLockerApplicationControl": "enforceComponentsAndStoreApps",
  "smartScreenEnableInShell": true,
  "smartScreenBlockOverrideForFiles": true,
  "applicationGuardEnabled": true,
  "applicationGuardBlockFileTransfer": "blockImageAndTextFile",
  "applicationGuardBlockNonEnterpriseContent": true,
  "applicationGuardAllowPersistence": true,
  "applicationGuardForceAuditing": true,
  "applicationGuardBlockClipboardSharing": "blockBoth",
  "applicationGuardAllowPrintToPDF": true,
  "applicationGuardAllowPrintToXPS": true,
  "applicationGuardAllowPrintToLocalPrinters": true,
  "applicationGuardAllowPrintToNetworkPrinters": true,
  "bitLockerDisableWarningForOtherDiskEncryption": true,
  "bitLockerEnableStorageCardEncryptionOnMobile": true,
  "bitLockerEncryptDevice": true,
  "bitLockerRemovableDrivePolicy": {
    "@odata.type": "microsoft.graph.bitLockerRemovableDrivePolicy",
    "encryptionMethod": "aesCbc256",
    "requireEncryptionForWriteAccess": true,
    "blockCrossOrganizationWriteAccess": true
  }
}

C#

// Code snippets are only available for the latest version. Current version is 5.x

// Dependencies
using Microsoft.Graph.Models;

var requestBody = new Windows10EndpointProtectionConfiguration
{
	OdataType = "#microsoft.graph.windows10EndpointProtectionConfiguration",
	Description = "Description value",
	DisplayName = "Display Name value",
	Version = 7,
	FirewallBlockStatefulFTP = true,
	FirewallIdleTimeoutForSecurityAssociationInSeconds = 2,
	FirewallPreSharedKeyEncodingMethod = FirewallPreSharedKeyEncodingMethodType.None,
	FirewallIPSecExemptionsAllowNeighborDiscovery = true,
	FirewallIPSecExemptionsAllowICMP = true,
	FirewallIPSecExemptionsAllowRouterDiscovery = true,
	FirewallIPSecExemptionsAllowDHCP = true,
	FirewallCertificateRevocationListCheckMethod = FirewallCertificateRevocationListCheckMethodType.None,
	FirewallMergeKeyingModuleSettings = true,
	FirewallPacketQueueingMethod = FirewallPacketQueueingMethodType.Disabled,
	FirewallProfileDomain = new WindowsFirewallNetworkProfile
	{
		OdataType = "microsoft.graph.windowsFirewallNetworkProfile",
		FirewallEnabled = StateManagementSetting.Blocked,
		StealthModeBlocked = true,
		IncomingTrafficBlocked = true,
		UnicastResponsesToMulticastBroadcastsBlocked = true,
		InboundNotificationsBlocked = true,
		AuthorizedApplicationRulesFromGroupPolicyMerged = true,
		GlobalPortRulesFromGroupPolicyMerged = true,
		ConnectionSecurityRulesFromGroupPolicyMerged = true,
		OutboundConnectionsBlocked = true,
		InboundConnectionsBlocked = true,
		SecuredPacketExemptionAllowed = true,
		PolicyRulesFromGroupPolicyMerged = true,
	},
	FirewallProfilePublic = new WindowsFirewallNetworkProfile
	{
		OdataType = "microsoft.graph.windowsFirewallNetworkProfile",
		FirewallEnabled = StateManagementSetting.Blocked,
		StealthModeBlocked = true,
		IncomingTrafficBlocked = true,
		UnicastResponsesToMulticastBroadcastsBlocked = true,
		InboundNotificationsBlocked = true,
		AuthorizedApplicationRulesFromGroupPolicyMerged = true,
		GlobalPortRulesFromGroupPolicyMerged = true,
		ConnectionSecurityRulesFromGroupPolicyMerged = true,
		OutboundConnectionsBlocked = true,
		InboundConnectionsBlocked = true,
		SecuredPacketExemptionAllowed = true,
		PolicyRulesFromGroupPolicyMerged = true,
	},
	FirewallProfilePrivate = new WindowsFirewallNetworkProfile
	{
		OdataType = "microsoft.graph.windowsFirewallNetworkProfile",
		FirewallEnabled = StateManagementSetting.Blocked,
		StealthModeBlocked = true,
		IncomingTrafficBlocked = true,
		UnicastResponsesToMulticastBroadcastsBlocked = true,
		InboundNotificationsBlocked = true,
		AuthorizedApplicationRulesFromGroupPolicyMerged = true,
		GlobalPortRulesFromGroupPolicyMerged = true,
		ConnectionSecurityRulesFromGroupPolicyMerged = true,
		OutboundConnectionsBlocked = true,
		InboundConnectionsBlocked = true,
		SecuredPacketExemptionAllowed = true,
		PolicyRulesFromGroupPolicyMerged = true,
	},
	DefenderAttackSurfaceReductionExcludedPaths = new List<string>
	{
		"Defender Attack Surface Reduction Excluded Paths value",
	},
	DefenderGuardedFoldersAllowedAppPaths = new List<string>
	{
		"Defender Guarded Folders Allowed App Paths value",
	},
	DefenderAdditionalGuardedFolders = new List<string>
	{
		"Defender Additional Guarded Folders value",
	},
	DefenderExploitProtectionXml = Convert.FromBase64String("ZGVmZW5kZXJFeHBsb2l0UHJvdGVjdGlvblhtbA=="),
	DefenderExploitProtectionXmlFileName = "Defender Exploit Protection Xml File Name value",
	DefenderSecurityCenterBlockExploitProtectionOverride = true,
	AppLockerApplicationControl = AppLockerApplicationControlType.EnforceComponentsAndStoreApps,
	SmartScreenEnableInShell = true,
	SmartScreenBlockOverrideForFiles = true,
	ApplicationGuardEnabled = true,
	ApplicationGuardBlockFileTransfer = ApplicationGuardBlockFileTransferType.BlockImageAndTextFile,
	ApplicationGuardBlockNonEnterpriseContent = true,
	ApplicationGuardAllowPersistence = true,
	ApplicationGuardForceAuditing = true,
	ApplicationGuardBlockClipboardSharing = ApplicationGuardBlockClipboardSharingType.BlockBoth,
	ApplicationGuardAllowPrintToPDF = true,
	ApplicationGuardAllowPrintToXPS = true,
	ApplicationGuardAllowPrintToLocalPrinters = true,
	ApplicationGuardAllowPrintToNetworkPrinters = true,
	BitLockerDisableWarningForOtherDiskEncryption = true,
	BitLockerEnableStorageCardEncryptionOnMobile = true,
	BitLockerEncryptDevice = true,
	BitLockerRemovableDrivePolicy = new BitLockerRemovableDrivePolicy
	{
		OdataType = "microsoft.graph.bitLockerRemovableDrivePolicy",
		EncryptionMethod = BitLockerEncryptionMethod.AesCbc256,
		RequireEncryptionForWriteAccess = true,
		BlockCrossOrganizationWriteAccess = true,
	},
};

// To initialize your graphClient, see https://learn.microsoft.com/en-us/graph/sdks/create-client?from=snippets&tabs=csharp
var result = await graphClient.DeviceManagement.DeviceConfigurations["{deviceConfiguration-id}"].PatchAsync(requestBody);

有关如何将 SDK 添加到项目并创建 authProvider 实例的详细信息，请参阅 SDK 文档。

CLI

// THE CLI IS IN PREVIEW. NON-PRODUCTION USE ONLY
mgc device-management device-configurations patch --device-configuration-id {deviceConfiguration-id} --body '{\
  "@odata.type": "#microsoft.graph.windows10EndpointProtectionConfiguration",\
  "description": "Description value",\
  "displayName": "Display Name value",\
  "version": 7,\
  "firewallBlockStatefulFTP": true,\
  "firewallIdleTimeoutForSecurityAssociationInSeconds": 2,\
  "firewallPreSharedKeyEncodingMethod": "none",\
  "firewallIPSecExemptionsAllowNeighborDiscovery": true,\
  "firewallIPSecExemptionsAllowICMP": true,\
  "firewallIPSecExemptionsAllowRouterDiscovery": true,\
  "firewallIPSecExemptionsAllowDHCP": true,\
  "firewallCertificateRevocationListCheckMethod": "none",\
  "firewallMergeKeyingModuleSettings": true,\
  "firewallPacketQueueingMethod": "disabled",\
  "firewallProfileDomain": {\
    "@odata.type": "microsoft.graph.windowsFirewallNetworkProfile",\
    "firewallEnabled": "blocked",\
    "stealthModeBlocked": true,\
    "incomingTrafficBlocked": true,\
    "unicastResponsesToMulticastBroadcastsBlocked": true,\
    "inboundNotificationsBlocked": true,\
    "authorizedApplicationRulesFromGroupPolicyMerged": true,\
    "globalPortRulesFromGroupPolicyMerged": true,\
    "connectionSecurityRulesFromGroupPolicyMerged": true,\
    "outboundConnectionsBlocked": true,\
    "inboundConnectionsBlocked": true,\
    "securedPacketExemptionAllowed": true,\
    "policyRulesFromGroupPolicyMerged": true\
  },\
  "firewallProfilePublic": {\
    "@odata.type": "microsoft.graph.windowsFirewallNetworkProfile",\
    "firewallEnabled": "blocked",\
    "stealthModeBlocked": true,\
    "incomingTrafficBlocked": true,\
    "unicastResponsesToMulticastBroadcastsBlocked": true,\
    "inboundNotificationsBlocked": true,\
    "authorizedApplicationRulesFromGroupPolicyMerged": true,\
    "globalPortRulesFromGroupPolicyMerged": true,\
    "connectionSecurityRulesFromGroupPolicyMerged": true,\
    "outboundConnectionsBlocked": true,\
    "inboundConnectionsBlocked": true,\
    "securedPacketExemptionAllowed": true,\
    "policyRulesFromGroupPolicyMerged": true\
  },\
  "firewallProfilePrivate": {\
    "@odata.type": "microsoft.graph.windowsFirewallNetworkProfile",\
    "firewallEnabled": "blocked",\
    "stealthModeBlocked": true,\
    "incomingTrafficBlocked": true,\
    "unicastResponsesToMulticastBroadcastsBlocked": true,\
    "inboundNotificationsBlocked": true,\
    "authorizedApplicationRulesFromGroupPolicyMerged": true,\
    "globalPortRulesFromGroupPolicyMerged": true,\
    "connectionSecurityRulesFromGroupPolicyMerged": true,\
    "outboundConnectionsBlocked": true,\
    "inboundConnectionsBlocked": true,\
    "securedPacketExemptionAllowed": true,\
    "policyRulesFromGroupPolicyMerged": true\
  },\
  "defenderAttackSurfaceReductionExcludedPaths": [\
    "Defender Attack Surface Reduction Excluded Paths value"\
  ],\
  "defenderGuardedFoldersAllowedAppPaths": [\
    "Defender Guarded Folders Allowed App Paths value"\
  ],\
  "defenderAdditionalGuardedFolders": [\
    "Defender Additional Guarded Folders value"\
  ],\
  "defenderExploitProtectionXml": "ZGVmZW5kZXJFeHBsb2l0UHJvdGVjdGlvblhtbA==",\
  "defenderExploitProtectionXmlFileName": "Defender Exploit Protection Xml File Name value",\
  "defenderSecurityCenterBlockExploitProtectionOverride": true,\
  "appLockerApplicationControl": "enforceComponentsAndStoreApps",\
  "smartScreenEnableInShell": true,\
  "smartScreenBlockOverrideForFiles": true,\
  "applicationGuardEnabled": true,\
  "applicationGuardBlockFileTransfer": "blockImageAndTextFile",\
  "applicationGuardBlockNonEnterpriseContent": true,\
  "applicationGuardAllowPersistence": true,\
  "applicationGuardForceAuditing": true,\
  "applicationGuardBlockClipboardSharing": "blockBoth",\
  "applicationGuardAllowPrintToPDF": true,\
  "applicationGuardAllowPrintToXPS": true,\
  "applicationGuardAllowPrintToLocalPrinters": true,\
  "applicationGuardAllowPrintToNetworkPrinters": true,\
  "bitLockerDisableWarningForOtherDiskEncryption": true,\
  "bitLockerEnableStorageCardEncryptionOnMobile": true,\
  "bitLockerEncryptDevice": true,\
  "bitLockerRemovableDrivePolicy": {\
    "@odata.type": "microsoft.graph.bitLockerRemovableDrivePolicy",\
    "encryptionMethod": "aesCbc256",\
    "requireEncryptionForWriteAccess": true,\
    "blockCrossOrganizationWriteAccess": true\
  }\
}\
'

有关如何将 SDK 添加到项目并创建 authProvider 实例的详细信息，请参阅 SDK 文档。

Go

import (
	  "context"
	  msgraphsdk "github.com/microsoftgraph/msgraph-sdk-go"
	  graphmodels "github.com/microsoftgraph/msgraph-sdk-go/models"
	  //other-imports
)

graphClient := msgraphsdk.NewGraphServiceClientWithCredentials(cred, scopes)


requestBody := graphmodels.NewDeviceConfiguration()
description := "Description value"
requestBody.SetDescription(&description) 
displayName := "Display Name value"
requestBody.SetDisplayName(&displayName) 
version := int32(7)
requestBody.SetVersion(&version) 
firewallBlockStatefulFTP := true
requestBody.SetFirewallBlockStatefulFTP(&firewallBlockStatefulFTP) 
firewallIdleTimeoutForSecurityAssociationInSeconds := int32(2)
requestBody.SetFirewallIdleTimeoutForSecurityAssociationInSeconds(&firewallIdleTimeoutForSecurityAssociationInSeconds) 
firewallPreSharedKeyEncodingMethod := graphmodels.NONE_FIREWALLPRESHAREDKEYENCODINGMETHODTYPE 
requestBody.SetFirewallPreSharedKeyEncodingMethod(&firewallPreSharedKeyEncodingMethod) 
firewallIPSecExemptionsAllowNeighborDiscovery := true
requestBody.SetFirewallIPSecExemptionsAllowNeighborDiscovery(&firewallIPSecExemptionsAllowNeighborDiscovery) 
firewallIPSecExemptionsAllowICMP := true
requestBody.SetFirewallIPSecExemptionsAllowICMP(&firewallIPSecExemptionsAllowICMP) 
firewallIPSecExemptionsAllowRouterDiscovery := true
requestBody.SetFirewallIPSecExemptionsAllowRouterDiscovery(&firewallIPSecExemptionsAllowRouterDiscovery) 
firewallIPSecExemptionsAllowDHCP := true
requestBody.SetFirewallIPSecExemptionsAllowDHCP(&firewallIPSecExemptionsAllowDHCP) 
firewallCertificateRevocationListCheckMethod := graphmodels.NONE_FIREWALLCERTIFICATEREVOCATIONLISTCHECKMETHODTYPE 
requestBody.SetFirewallCertificateRevocationListCheckMethod(&firewallCertificateRevocationListCheckMethod) 
firewallMergeKeyingModuleSettings := true
requestBody.SetFirewallMergeKeyingModuleSettings(&firewallMergeKeyingModuleSettings) 
firewallPacketQueueingMethod := graphmodels.DISABLED_FIREWALLPACKETQUEUEINGMETHODTYPE 
requestBody.SetFirewallPacketQueueingMethod(&firewallPacketQueueingMethod) 
firewallProfileDomain := graphmodels.NewWindowsFirewallNetworkProfile()
firewallEnabled := graphmodels.BLOCKED_STATEMANAGEMENTSETTING 
firewallProfileDomain.SetFirewallEnabled(&firewallEnabled) 
stealthModeBlocked := true
firewallProfileDomain.SetStealthModeBlocked(&stealthModeBlocked) 
incomingTrafficBlocked := true
firewallProfileDomain.SetIncomingTrafficBlocked(&incomingTrafficBlocked) 
unicastResponsesToMulticastBroadcastsBlocked := true
firewallProfileDomain.SetUnicastResponsesToMulticastBroadcastsBlocked(&unicastResponsesToMulticastBroadcastsBlocked) 
inboundNotificationsBlocked := true
firewallProfileDomain.SetInboundNotificationsBlocked(&inboundNotificationsBlocked) 
authorizedApplicationRulesFromGroupPolicyMerged := true
firewallProfileDomain.SetAuthorizedApplicationRulesFromGroupPolicyMerged(&authorizedApplicationRulesFromGroupPolicyMerged) 
globalPortRulesFromGroupPolicyMerged := true
firewallProfileDomain.SetGlobalPortRulesFromGroupPolicyMerged(&globalPortRulesFromGroupPolicyMerged) 
connectionSecurityRulesFromGroupPolicyMerged := true
firewallProfileDomain.SetConnectionSecurityRulesFromGroupPolicyMerged(&connectionSecurityRulesFromGroupPolicyMerged) 
outboundConnectionsBlocked := true
firewallProfileDomain.SetOutboundConnectionsBlocked(&outboundConnectionsBlocked) 
inboundConnectionsBlocked := true
firewallProfileDomain.SetInboundConnectionsBlocked(&inboundConnectionsBlocked) 
securedPacketExemptionAllowed := true
firewallProfileDomain.SetSecuredPacketExemptionAllowed(&securedPacketExemptionAllowed) 
policyRulesFromGroupPolicyMerged := true
firewallProfileDomain.SetPolicyRulesFromGroupPolicyMerged(&policyRulesFromGroupPolicyMerged) 
requestBody.SetFirewallProfileDomain(firewallProfileDomain)
firewallProfilePublic := graphmodels.NewWindowsFirewallNetworkProfile()
firewallEnabled := graphmodels.BLOCKED_STATEMANAGEMENTSETTING 
firewallProfilePublic.SetFirewallEnabled(&firewallEnabled) 
stealthModeBlocked := true
firewallProfilePublic.SetStealthModeBlocked(&stealthModeBlocked) 
incomingTrafficBlocked := true
firewallProfilePublic.SetIncomingTrafficBlocked(&incomingTrafficBlocked) 
unicastResponsesToMulticastBroadcastsBlocked := true
firewallProfilePublic.SetUnicastResponsesToMulticastBroadcastsBlocked(&unicastResponsesToMulticastBroadcastsBlocked) 
inboundNotificationsBlocked := true
firewallProfilePublic.SetInboundNotificationsBlocked(&inboundNotificationsBlocked) 
authorizedApplicationRulesFromGroupPolicyMerged := true
firewallProfilePublic.SetAuthorizedApplicationRulesFromGroupPolicyMerged(&authorizedApplicationRulesFromGroupPolicyMerged) 
globalPortRulesFromGroupPolicyMerged := true
firewallProfilePublic.SetGlobalPortRulesFromGroupPolicyMerged(&globalPortRulesFromGroupPolicyMerged) 
connectionSecurityRulesFromGroupPolicyMerged := true
firewallProfilePublic.SetConnectionSecurityRulesFromGroupPolicyMerged(&connectionSecurityRulesFromGroupPolicyMerged) 
outboundConnectionsBlocked := true
firewallProfilePublic.SetOutboundConnectionsBlocked(&outboundConnectionsBlocked) 
inboundConnectionsBlocked := true
firewallProfilePublic.SetInboundConnectionsBlocked(&inboundConnectionsBlocked) 
securedPacketExemptionAllowed := true
firewallProfilePublic.SetSecuredPacketExemptionAllowed(&securedPacketExemptionAllowed) 
policyRulesFromGroupPolicyMerged := true
firewallProfilePublic.SetPolicyRulesFromGroupPolicyMerged(&policyRulesFromGroupPolicyMerged) 
requestBody.SetFirewallProfilePublic(firewallProfilePublic)
firewallProfilePrivate := graphmodels.NewWindowsFirewallNetworkProfile()
firewallEnabled := graphmodels.BLOCKED_STATEMANAGEMENTSETTING 
firewallProfilePrivate.SetFirewallEnabled(&firewallEnabled) 
stealthModeBlocked := true
firewallProfilePrivate.SetStealthModeBlocked(&stealthModeBlocked) 
incomingTrafficBlocked := true
firewallProfilePrivate.SetIncomingTrafficBlocked(&incomingTrafficBlocked) 
unicastResponsesToMulticastBroadcastsBlocked := true
firewallProfilePrivate.SetUnicastResponsesToMulticastBroadcastsBlocked(&unicastResponsesToMulticastBroadcastsBlocked) 
inboundNotificationsBlocked := true
firewallProfilePrivate.SetInboundNotificationsBlocked(&inboundNotificationsBlocked) 
authorizedApplicationRulesFromGroupPolicyMerged := true
firewallProfilePrivate.SetAuthorizedApplicationRulesFromGroupPolicyMerged(&authorizedApplicationRulesFromGroupPolicyMerged) 
globalPortRulesFromGroupPolicyMerged := true
firewallProfilePrivate.SetGlobalPortRulesFromGroupPolicyMerged(&globalPortRulesFromGroupPolicyMerged) 
connectionSecurityRulesFromGroupPolicyMerged := true
firewallProfilePrivate.SetConnectionSecurityRulesFromGroupPolicyMerged(&connectionSecurityRulesFromGroupPolicyMerged) 
outboundConnectionsBlocked := true
firewallProfilePrivate.SetOutboundConnectionsBlocked(&outboundConnectionsBlocked) 
inboundConnectionsBlocked := true
firewallProfilePrivate.SetInboundConnectionsBlocked(&inboundConnectionsBlocked) 
securedPacketExemptionAllowed := true
firewallProfilePrivate.SetSecuredPacketExemptionAllowed(&securedPacketExemptionAllowed) 
policyRulesFromGroupPolicyMerged := true
firewallProfilePrivate.SetPolicyRulesFromGroupPolicyMerged(&policyRulesFromGroupPolicyMerged) 
requestBody.SetFirewallProfilePrivate(firewallProfilePrivate)
defenderAttackSurfaceReductionExcludedPaths := []string {
	"Defender Attack Surface Reduction Excluded Paths value",
}
requestBody.SetDefenderAttackSurfaceReductionExcludedPaths(defenderAttackSurfaceReductionExcludedPaths)
defenderGuardedFoldersAllowedAppPaths := []string {
	"Defender Guarded Folders Allowed App Paths value",
}
requestBody.SetDefenderGuardedFoldersAllowedAppPaths(defenderGuardedFoldersAllowedAppPaths)
defenderAdditionalGuardedFolders := []string {
	"Defender Additional Guarded Folders value",
}
requestBody.SetDefenderAdditionalGuardedFolders(defenderAdditionalGuardedFolders)
defenderExploitProtectionXml := []byte("zGVmZW5kZXJFeHBsb2l0UHJvdGVjdGlvblhtbA==")
requestBody.SetDefenderExploitProtectionXml(&defenderExploitProtectionXml) 
defenderExploitProtectionXmlFileName := "Defender Exploit Protection Xml File Name value"
requestBody.SetDefenderExploitProtectionXmlFileName(&defenderExploitProtectionXmlFileName) 
defenderSecurityCenterBlockExploitProtectionOverride := true
requestBody.SetDefenderSecurityCenterBlockExploitProtectionOverride(&defenderSecurityCenterBlockExploitProtectionOverride) 
appLockerApplicationControl := graphmodels.ENFORCECOMPONENTSANDSTOREAPPS_APPLOCKERAPPLICATIONCONTROLTYPE 
requestBody.SetAppLockerApplicationControl(&appLockerApplicationControl) 
smartScreenEnableInShell := true
requestBody.SetSmartScreenEnableInShell(&smartScreenEnableInShell) 
smartScreenBlockOverrideForFiles := true
requestBody.SetSmartScreenBlockOverrideForFiles(&smartScreenBlockOverrideForFiles) 
applicationGuardEnabled := true
requestBody.SetApplicationGuardEnabled(&applicationGuardEnabled) 
applicationGuardBlockFileTransfer := graphmodels.BLOCKIMAGEANDTEXTFILE_APPLICATIONGUARDBLOCKFILETRANSFERTYPE 
requestBody.SetApplicationGuardBlockFileTransfer(&applicationGuardBlockFileTransfer) 
applicationGuardBlockNonEnterpriseContent := true
requestBody.SetApplicationGuardBlockNonEnterpriseContent(&applicationGuardBlockNonEnterpriseContent) 
applicationGuardAllowPersistence := true
requestBody.SetApplicationGuardAllowPersistence(&applicationGuardAllowPersistence) 
applicationGuardForceAuditing := true
requestBody.SetApplicationGuardForceAuditing(&applicationGuardForceAuditing) 
applicationGuardBlockClipboardSharing := graphmodels.BLOCKBOTH_APPLICATIONGUARDBLOCKCLIPBOARDSHARINGTYPE 
requestBody.SetApplicationGuardBlockClipboardSharing(&applicationGuardBlockClipboardSharing) 
applicationGuardAllowPrintToPDF := true
requestBody.SetApplicationGuardAllowPrintToPDF(&applicationGuardAllowPrintToPDF) 
applicationGuardAllowPrintToXPS := true
requestBody.SetApplicationGuardAllowPrintToXPS(&applicationGuardAllowPrintToXPS) 
applicationGuardAllowPrintToLocalPrinters := true
requestBody.SetApplicationGuardAllowPrintToLocalPrinters(&applicationGuardAllowPrintToLocalPrinters) 
applicationGuardAllowPrintToNetworkPrinters := true
requestBody.SetApplicationGuardAllowPrintToNetworkPrinters(&applicationGuardAllowPrintToNetworkPrinters) 
bitLockerDisableWarningForOtherDiskEncryption := true
requestBody.SetBitLockerDisableWarningForOtherDiskEncryption(&bitLockerDisableWarningForOtherDiskEncryption) 
bitLockerEnableStorageCardEncryptionOnMobile := true
requestBody.SetBitLockerEnableStorageCardEncryptionOnMobile(&bitLockerEnableStorageCardEncryptionOnMobile) 
bitLockerEncryptDevice := true
requestBody.SetBitLockerEncryptDevice(&bitLockerEncryptDevice) 
bitLockerRemovableDrivePolicy := graphmodels.NewBitLockerRemovableDrivePolicy()
encryptionMethod := graphmodels.AESCBC256_BITLOCKERENCRYPTIONMETHOD 
bitLockerRemovableDrivePolicy.SetEncryptionMethod(&encryptionMethod) 
requireEncryptionForWriteAccess := true
bitLockerRemovableDrivePolicy.SetRequireEncryptionForWriteAccess(&requireEncryptionForWriteAccess) 
blockCrossOrganizationWriteAccess := true
bitLockerRemovableDrivePolicy.SetBlockCrossOrganizationWriteAccess(&blockCrossOrganizationWriteAccess) 
requestBody.SetBitLockerRemovableDrivePolicy(bitLockerRemovableDrivePolicy)

deviceConfigurations, err := graphClient.DeviceManagement().DeviceConfigurations().ByDeviceConfigurationId("deviceConfiguration-id").Patch(context.Background(), requestBody, nil)

有关如何将 SDK 添加到项目并创建 authProvider 实例的详细信息，请参阅 SDK 文档。

Java

// Code snippets are only available for the latest version. Current version is 6.x

GraphServiceClient graphClient = new GraphServiceClient(requestAdapter);

Windows10EndpointProtectionConfiguration deviceConfiguration = new Windows10EndpointProtectionConfiguration();
deviceConfiguration.setOdataType("#microsoft.graph.windows10EndpointProtectionConfiguration");
deviceConfiguration.setDescription("Description value");
deviceConfiguration.setDisplayName("Display Name value");
deviceConfiguration.setVersion(7);
deviceConfiguration.setFirewallBlockStatefulFTP(true);
deviceConfiguration.setFirewallIdleTimeoutForSecurityAssociationInSeconds(2);
deviceConfiguration.setFirewallPreSharedKeyEncodingMethod(FirewallPreSharedKeyEncodingMethodType.None);
deviceConfiguration.setFirewallIPSecExemptionsAllowNeighborDiscovery(true);
deviceConfiguration.setFirewallIPSecExemptionsAllowICMP(true);
deviceConfiguration.setFirewallIPSecExemptionsAllowRouterDiscovery(true);
deviceConfiguration.setFirewallIPSecExemptionsAllowDHCP(true);
deviceConfiguration.setFirewallCertificateRevocationListCheckMethod(FirewallCertificateRevocationListCheckMethodType.None);
deviceConfiguration.setFirewallMergeKeyingModuleSettings(true);
deviceConfiguration.setFirewallPacketQueueingMethod(FirewallPacketQueueingMethodType.Disabled);
WindowsFirewallNetworkProfile firewallProfileDomain = new WindowsFirewallNetworkProfile();
firewallProfileDomain.setOdataType("microsoft.graph.windowsFirewallNetworkProfile");
firewallProfileDomain.setFirewallEnabled(StateManagementSetting.Blocked);
firewallProfileDomain.setStealthModeBlocked(true);
firewallProfileDomain.setIncomingTrafficBlocked(true);
firewallProfileDomain.setUnicastResponsesToMulticastBroadcastsBlocked(true);
firewallProfileDomain.setInboundNotificationsBlocked(true);
firewallProfileDomain.setAuthorizedApplicationRulesFromGroupPolicyMerged(true);
firewallProfileDomain.setGlobalPortRulesFromGroupPolicyMerged(true);
firewallProfileDomain.setConnectionSecurityRulesFromGroupPolicyMerged(true);
firewallProfileDomain.setOutboundConnectionsBlocked(true);
firewallProfileDomain.setInboundConnectionsBlocked(true);
firewallProfileDomain.setSecuredPacketExemptionAllowed(true);
firewallProfileDomain.setPolicyRulesFromGroupPolicyMerged(true);
deviceConfiguration.setFirewallProfileDomain(firewallProfileDomain);
WindowsFirewallNetworkProfile firewallProfilePublic = new WindowsFirewallNetworkProfile();
firewallProfilePublic.setOdataType("microsoft.graph.windowsFirewallNetworkProfile");
firewallProfilePublic.setFirewallEnabled(StateManagementSetting.Blocked);
firewallProfilePublic.setStealthModeBlocked(true);
firewallProfilePublic.setIncomingTrafficBlocked(true);
firewallProfilePublic.setUnicastResponsesToMulticastBroadcastsBlocked(true);
firewallProfilePublic.setInboundNotificationsBlocked(true);
firewallProfilePublic.setAuthorizedApplicationRulesFromGroupPolicyMerged(true);
firewallProfilePublic.setGlobalPortRulesFromGroupPolicyMerged(true);
firewallProfilePublic.setConnectionSecurityRulesFromGroupPolicyMerged(true);
firewallProfilePublic.setOutboundConnectionsBlocked(true);
firewallProfilePublic.setInboundConnectionsBlocked(true);
firewallProfilePublic.setSecuredPacketExemptionAllowed(true);
firewallProfilePublic.setPolicyRulesFromGroupPolicyMerged(true);
deviceConfiguration.setFirewallProfilePublic(firewallProfilePublic);
WindowsFirewallNetworkProfile firewallProfilePrivate = new WindowsFirewallNetworkProfile();
firewallProfilePrivate.setOdataType("microsoft.graph.windowsFirewallNetworkProfile");
firewallProfilePrivate.setFirewallEnabled(StateManagementSetting.Blocked);
firewallProfilePrivate.setStealthModeBlocked(true);
firewallProfilePrivate.setIncomingTrafficBlocked(true);
firewallProfilePrivate.setUnicastResponsesToMulticastBroadcastsBlocked(true);
firewallProfilePrivate.setInboundNotificationsBlocked(true);
firewallProfilePrivate.setAuthorizedApplicationRulesFromGroupPolicyMerged(true);
firewallProfilePrivate.setGlobalPortRulesFromGroupPolicyMerged(true);
firewallProfilePrivate.setConnectionSecurityRulesFromGroupPolicyMerged(true);
firewallProfilePrivate.setOutboundConnectionsBlocked(true);
firewallProfilePrivate.setInboundConnectionsBlocked(true);
firewallProfilePrivate.setSecuredPacketExemptionAllowed(true);
firewallProfilePrivate.setPolicyRulesFromGroupPolicyMerged(true);
deviceConfiguration.setFirewallProfilePrivate(firewallProfilePrivate);
LinkedList<String> defenderAttackSurfaceReductionExcludedPaths = new LinkedList<String>();
defenderAttackSurfaceReductionExcludedPaths.add("Defender Attack Surface Reduction Excluded Paths value");
deviceConfiguration.setDefenderAttackSurfaceReductionExcludedPaths(defenderAttackSurfaceReductionExcludedPaths);
LinkedList<String> defenderGuardedFoldersAllowedAppPaths = new LinkedList<String>();
defenderGuardedFoldersAllowedAppPaths.add("Defender Guarded Folders Allowed App Paths value");
deviceConfiguration.setDefenderGuardedFoldersAllowedAppPaths(defenderGuardedFoldersAllowedAppPaths);
LinkedList<String> defenderAdditionalGuardedFolders = new LinkedList<String>();
defenderAdditionalGuardedFolders.add("Defender Additional Guarded Folders value");
deviceConfiguration.setDefenderAdditionalGuardedFolders(defenderAdditionalGuardedFolders);
byte[] defenderExploitProtectionXml = Base64.getDecoder().decode("ZGVmZW5kZXJFeHBsb2l0UHJvdGVjdGlvblhtbA==");
deviceConfiguration.setDefenderExploitProtectionXml(defenderExploitProtectionXml);
deviceConfiguration.setDefenderExploitProtectionXmlFileName("Defender Exploit Protection Xml File Name value");
deviceConfiguration.setDefenderSecurityCenterBlockExploitProtectionOverride(true);
deviceConfiguration.setAppLockerApplicationControl(AppLockerApplicationControlType.EnforceComponentsAndStoreApps);
deviceConfiguration.setSmartScreenEnableInShell(true);
deviceConfiguration.setSmartScreenBlockOverrideForFiles(true);
deviceConfiguration.setApplicationGuardEnabled(true);
deviceConfiguration.setApplicationGuardBlockFileTransfer(ApplicationGuardBlockFileTransferType.BlockImageAndTextFile);
deviceConfiguration.setApplicationGuardBlockNonEnterpriseContent(true);
deviceConfiguration.setApplicationGuardAllowPersistence(true);
deviceConfiguration.setApplicationGuardForceAuditing(true);
deviceConfiguration.setApplicationGuardBlockClipboardSharing(ApplicationGuardBlockClipboardSharingType.BlockBoth);
deviceConfiguration.setApplicationGuardAllowPrintToPDF(true);
deviceConfiguration.setApplicationGuardAllowPrintToXPS(true);
deviceConfiguration.setApplicationGuardAllowPrintToLocalPrinters(true);
deviceConfiguration.setApplicationGuardAllowPrintToNetworkPrinters(true);
deviceConfiguration.setBitLockerDisableWarningForOtherDiskEncryption(true);
deviceConfiguration.setBitLockerEnableStorageCardEncryptionOnMobile(true);
deviceConfiguration.setBitLockerEncryptDevice(true);
BitLockerRemovableDrivePolicy bitLockerRemovableDrivePolicy = new BitLockerRemovableDrivePolicy();
bitLockerRemovableDrivePolicy.setOdataType("microsoft.graph.bitLockerRemovableDrivePolicy");
bitLockerRemovableDrivePolicy.setEncryptionMethod(BitLockerEncryptionMethod.AesCbc256);
bitLockerRemovableDrivePolicy.setRequireEncryptionForWriteAccess(true);
bitLockerRemovableDrivePolicy.setBlockCrossOrganizationWriteAccess(true);
deviceConfiguration.setBitLockerRemovableDrivePolicy(bitLockerRemovableDrivePolicy);
DeviceConfiguration result = graphClient.deviceManagement().deviceConfigurations().byDeviceConfigurationId("{deviceConfiguration-id}").patch(deviceConfiguration);

有关如何将 SDK 添加到项目并创建 authProvider 实例的详细信息，请参阅 SDK 文档。

JavaScript

const options = {
	authProvider,
};

const client = Client.init(options);

const deviceConfiguration = {
  '@odata.type': '#microsoft.graph.windows10EndpointProtectionConfiguration',
  description: 'Description value',
  displayName: 'Display Name value',
  version: 7,
  firewallBlockStatefulFTP: true,
  firewallIdleTimeoutForSecurityAssociationInSeconds: 2,
  firewallPreSharedKeyEncodingMethod: 'none',
  firewallIPSecExemptionsAllowNeighborDiscovery: true,
  firewallIPSecExemptionsAllowICMP: true,
  firewallIPSecExemptionsAllowRouterDiscovery: true,
  firewallIPSecExemptionsAllowDHCP: true,
  firewallCertificateRevocationListCheckMethod: 'none',
  firewallMergeKeyingModuleSettings: true,
  firewallPacketQueueingMethod: 'disabled',
  firewallProfileDomain: {
    '@odata.type': 'microsoft.graph.windowsFirewallNetworkProfile',
    firewallEnabled: 'blocked',
    stealthModeBlocked: true,
    incomingTrafficBlocked: true,
    unicastResponsesToMulticastBroadcastsBlocked: true,
    inboundNotificationsBlocked: true,
    authorizedApplicationRulesFromGroupPolicyMerged: true,
    globalPortRulesFromGroupPolicyMerged: true,
    connectionSecurityRulesFromGroupPolicyMerged: true,
    outboundConnectionsBlocked: true,
    inboundConnectionsBlocked: true,
    securedPacketExemptionAllowed: true,
    policyRulesFromGroupPolicyMerged: true
  },
  firewallProfilePublic: {
    '@odata.type': 'microsoft.graph.windowsFirewallNetworkProfile',
    firewallEnabled: 'blocked',
    stealthModeBlocked: true,
    incomingTrafficBlocked: true,
    unicastResponsesToMulticastBroadcastsBlocked: true,
    inboundNotificationsBlocked: true,
    authorizedApplicationRulesFromGroupPolicyMerged: true,
    globalPortRulesFromGroupPolicyMerged: true,
    connectionSecurityRulesFromGroupPolicyMerged: true,
    outboundConnectionsBlocked: true,
    inboundConnectionsBlocked: true,
    securedPacketExemptionAllowed: true,
    policyRulesFromGroupPolicyMerged: true
  },
  firewallProfilePrivate: {
    '@odata.type': 'microsoft.graph.windowsFirewallNetworkProfile',
    firewallEnabled: 'blocked',
    stealthModeBlocked: true,
    incomingTrafficBlocked: true,
    unicastResponsesToMulticastBroadcastsBlocked: true,
    inboundNotificationsBlocked: true,
    authorizedApplicationRulesFromGroupPolicyMerged: true,
    globalPortRulesFromGroupPolicyMerged: true,
    connectionSecurityRulesFromGroupPolicyMerged: true,
    outboundConnectionsBlocked: true,
    inboundConnectionsBlocked: true,
    securedPacketExemptionAllowed: true,
    policyRulesFromGroupPolicyMerged: true
  },
  defenderAttackSurfaceReductionExcludedPaths: [
    'Defender Attack Surface Reduction Excluded Paths value'
  ],
  defenderGuardedFoldersAllowedAppPaths: [
    'Defender Guarded Folders Allowed App Paths value'
  ],
  defenderAdditionalGuardedFolders: [
    'Defender Additional Guarded Folders value'
  ],
  defenderExploitProtectionXml: 'ZGVmZW5kZXJFeHBsb2l0UHJvdGVjdGlvblhtbA==',
  defenderExploitProtectionXmlFileName: 'Defender Exploit Protection Xml File Name value',
  defenderSecurityCenterBlockExploitProtectionOverride: true,
  appLockerApplicationControl: 'enforceComponentsAndStoreApps',
  smartScreenEnableInShell: true,
  smartScreenBlockOverrideForFiles: true,
  applicationGuardEnabled: true,
  applicationGuardBlockFileTransfer: 'blockImageAndTextFile',
  applicationGuardBlockNonEnterpriseContent: true,
  applicationGuardAllowPersistence: true,
  applicationGuardForceAuditing: true,
  applicationGuardBlockClipboardSharing: 'blockBoth',
  applicationGuardAllowPrintToPDF: true,
  applicationGuardAllowPrintToXPS: true,
  applicationGuardAllowPrintToLocalPrinters: true,
  applicationGuardAllowPrintToNetworkPrinters: true,
  bitLockerDisableWarningForOtherDiskEncryption: true,
  bitLockerEnableStorageCardEncryptionOnMobile: true,
  bitLockerEncryptDevice: true,
  bitLockerRemovableDrivePolicy: {
    '@odata.type': 'microsoft.graph.bitLockerRemovableDrivePolicy',
    encryptionMethod: 'aesCbc256',
    requireEncryptionForWriteAccess: true,
    blockCrossOrganizationWriteAccess: true
  }
};

await client.api('/deviceManagement/deviceConfigurations/{deviceConfigurationId}')
	.update(deviceConfiguration);

有关如何将 SDK 添加到项目并创建 authProvider 实例的详细信息，请参阅 SDK 文档。

PHP

<?php
use Microsoft\Graph\GraphServiceClient;
use Microsoft\Graph\Generated\Models\Windows10EndpointProtectionConfiguration;
use Microsoft\Graph\Generated\Models\WindowsFirewallNetworkProfile;
use Microsoft\Graph\Generated\Models\BitLockerRemovableDrivePolicy;


$graphServiceClient = new GraphServiceClient($tokenRequestContext, $scopes);

$requestBody = new Windows10EndpointProtectionConfiguration();
$requestBody->setOdataType('#microsoft.graph.windows10EndpointProtectionConfiguration');
$requestBody->setDescription('Description value');
$requestBody->setDisplayName('Display Name value');
$requestBody->setVersion(7);
$requestBody->setFirewallBlockStatefulFTP(true);
$requestBody->setFirewallIdleTimeoutForSecurityAssociationInSeconds(2);
$requestBody->setFirewallPreSharedKeyEncodingMethod(new FirewallPreSharedKeyEncodingMethodType('none'));
$requestBody->setFirewallIPSecExemptionsAllowNeighborDiscovery(true);
$requestBody->setFirewallIPSecExemptionsAllowICMP(true);
$requestBody->setFirewallIPSecExemptionsAllowRouterDiscovery(true);
$requestBody->setFirewallIPSecExemptionsAllowDHCP(true);
$requestBody->setFirewallCertificateRevocationListCheckMethod(new FirewallCertificateRevocationListCheckMethodType('none'));
$requestBody->setFirewallMergeKeyingModuleSettings(true);
$requestBody->setFirewallPacketQueueingMethod(new FirewallPacketQueueingMethodType('disabled'));
$firewallProfileDomain = new WindowsFirewallNetworkProfile();
$firewallProfileDomain->setOdataType('microsoft.graph.windowsFirewallNetworkProfile');
$firewallProfileDomain->setFirewallEnabled(new StateManagementSetting('blocked'));
$firewallProfileDomain->setStealthModeBlocked(true);
$firewallProfileDomain->setIncomingTrafficBlocked(true);
$firewallProfileDomain->setUnicastResponsesToMulticastBroadcastsBlocked(true);
$firewallProfileDomain->setInboundNotificationsBlocked(true);
$firewallProfileDomain->setAuthorizedApplicationRulesFromGroupPolicyMerged(true);
$firewallProfileDomain->setGlobalPortRulesFromGroupPolicyMerged(true);
$firewallProfileDomain->setConnectionSecurityRulesFromGroupPolicyMerged(true);
$firewallProfileDomain->setOutboundConnectionsBlocked(true);
$firewallProfileDomain->setInboundConnectionsBlocked(true);
$firewallProfileDomain->setSecuredPacketExemptionAllowed(true);
$firewallProfileDomain->setPolicyRulesFromGroupPolicyMerged(true);
$requestBody->setFirewallProfileDomain($firewallProfileDomain);
$firewallProfilePublic = new WindowsFirewallNetworkProfile();
$firewallProfilePublic->setOdataType('microsoft.graph.windowsFirewallNetworkProfile');
$firewallProfilePublic->setFirewallEnabled(new StateManagementSetting('blocked'));
$firewallProfilePublic->setStealthModeBlocked(true);
$firewallProfilePublic->setIncomingTrafficBlocked(true);
$firewallProfilePublic->setUnicastResponsesToMulticastBroadcastsBlocked(true);
$firewallProfilePublic->setInboundNotificationsBlocked(true);
$firewallProfilePublic->setAuthorizedApplicationRulesFromGroupPolicyMerged(true);
$firewallProfilePublic->setGlobalPortRulesFromGroupPolicyMerged(true);
$firewallProfilePublic->setConnectionSecurityRulesFromGroupPolicyMerged(true);
$firewallProfilePublic->setOutboundConnectionsBlocked(true);
$firewallProfilePublic->setInboundConnectionsBlocked(true);
$firewallProfilePublic->setSecuredPacketExemptionAllowed(true);
$firewallProfilePublic->setPolicyRulesFromGroupPolicyMerged(true);
$requestBody->setFirewallProfilePublic($firewallProfilePublic);
$firewallProfilePrivate = new WindowsFirewallNetworkProfile();
$firewallProfilePrivate->setOdataType('microsoft.graph.windowsFirewallNetworkProfile');
$firewallProfilePrivate->setFirewallEnabled(new StateManagementSetting('blocked'));
$firewallProfilePrivate->setStealthModeBlocked(true);
$firewallProfilePrivate->setIncomingTrafficBlocked(true);
$firewallProfilePrivate->setUnicastResponsesToMulticastBroadcastsBlocked(true);
$firewallProfilePrivate->setInboundNotificationsBlocked(true);
$firewallProfilePrivate->setAuthorizedApplicationRulesFromGroupPolicyMerged(true);
$firewallProfilePrivate->setGlobalPortRulesFromGroupPolicyMerged(true);
$firewallProfilePrivate->setConnectionSecurityRulesFromGroupPolicyMerged(true);
$firewallProfilePrivate->setOutboundConnectionsBlocked(true);
$firewallProfilePrivate->setInboundConnectionsBlocked(true);
$firewallProfilePrivate->setSecuredPacketExemptionAllowed(true);
$firewallProfilePrivate->setPolicyRulesFromGroupPolicyMerged(true);
$requestBody->setFirewallProfilePrivate($firewallProfilePrivate);
$requestBody->setDefenderAttackSurfaceReductionExcludedPaths(['Defender Attack Surface Reduction Excluded Paths value', 	]);
$requestBody->setDefenderGuardedFoldersAllowedAppPaths(['Defender Guarded Folders Allowed App Paths value', 	]);
$requestBody->setDefenderAdditionalGuardedFolders(['Defender Additional Guarded Folders value', 	]);
$requestBody->setDefenderExploitProtectionXml(\GuzzleHttp\Psr7\Utils::streamFor(base64_decode('ZGVmZW5kZXJFeHBsb2l0UHJvdGVjdGlvblhtbA==')));
$requestBody->setDefenderExploitProtectionXmlFileName('Defender Exploit Protection Xml File Name value');
$requestBody->setDefenderSecurityCenterBlockExploitProtectionOverride(true);
$requestBody->setAppLockerApplicationControl(new AppLockerApplicationControlType('enforceComponentsAndStoreApps'));
$requestBody->setSmartScreenEnableInShell(true);
$requestBody->setSmartScreenBlockOverrideForFiles(true);
$requestBody->setApplicationGuardEnabled(true);
$requestBody->setApplicationGuardBlockFileTransfer(new ApplicationGuardBlockFileTransferType('blockImageAndTextFile'));
$requestBody->setApplicationGuardBlockNonEnterpriseContent(true);
$requestBody->setApplicationGuardAllowPersistence(true);
$requestBody->setApplicationGuardForceAuditing(true);
$requestBody->setApplicationGuardBlockClipboardSharing(new ApplicationGuardBlockClipboardSharingType('blockBoth'));
$requestBody->setApplicationGuardAllowPrintToPDF(true);
$requestBody->setApplicationGuardAllowPrintToXPS(true);
$requestBody->setApplicationGuardAllowPrintToLocalPrinters(true);
$requestBody->setApplicationGuardAllowPrintToNetworkPrinters(true);
$requestBody->setBitLockerDisableWarningForOtherDiskEncryption(true);
$requestBody->setBitLockerEnableStorageCardEncryptionOnMobile(true);
$requestBody->setBitLockerEncryptDevice(true);
$bitLockerRemovableDrivePolicy = new BitLockerRemovableDrivePolicy();
$bitLockerRemovableDrivePolicy->setOdataType('microsoft.graph.bitLockerRemovableDrivePolicy');
$bitLockerRemovableDrivePolicy->setEncryptionMethod(new BitLockerEncryptionMethod('aesCbc256'));
$bitLockerRemovableDrivePolicy->setRequireEncryptionForWriteAccess(true);
$bitLockerRemovableDrivePolicy->setBlockCrossOrganizationWriteAccess(true);
$requestBody->setBitLockerRemovableDrivePolicy($bitLockerRemovableDrivePolicy);

$result = $graphServiceClient->deviceManagement()->deviceConfigurations()->byDeviceConfigurationId('deviceConfiguration-id')->patch($requestBody)->wait();

有关如何将 SDK 添加到项目并创建 authProvider 实例的详细信息，请参阅 SDK 文档。

PowerShell

Import-Module Microsoft.Graph.DeviceManagement

$params = @{
	"@odata.type" = "#microsoft.graph.windows10EndpointProtectionConfiguration"
	description = "Description value"
	displayName = "Display Name value"
	version = 7
	firewallBlockStatefulFTP = $true
	firewallIdleTimeoutForSecurityAssociationInSeconds = 
	firewallPreSharedKeyEncodingMethod = "none"
	firewallIPSecExemptionsAllowNeighborDiscovery = $true
	firewallIPSecExemptionsAllowICMP = $true
	firewallIPSecExemptionsAllowRouterDiscovery = $true
	firewallIPSecExemptionsAllowDHCP = $true
	firewallCertificateRevocationListCheckMethod = "none"
	firewallMergeKeyingModuleSettings = $true
	firewallPacketQueueingMethod = "disabled"
	firewallProfileDomain = @{
		"@odata.type" = "microsoft.graph.windowsFirewallNetworkProfile"
		firewallEnabled = "blocked"
		stealthModeBlocked = $true
		incomingTrafficBlocked = $true
		unicastResponsesToMulticastBroadcastsBlocked = $true
		inboundNotificationsBlocked = $true
		authorizedApplicationRulesFromGroupPolicyMerged = $true
		globalPortRulesFromGroupPolicyMerged = $true
		connectionSecurityRulesFromGroupPolicyMerged = $true
		outboundConnectionsBlocked = $true
		inboundConnectionsBlocked = $true
		securedPacketExemptionAllowed = $true
		policyRulesFromGroupPolicyMerged = $true
	}
	firewallProfilePublic = @{
		"@odata.type" = "microsoft.graph.windowsFirewallNetworkProfile"
		firewallEnabled = "blocked"
		stealthModeBlocked = $true
		incomingTrafficBlocked = $true
		unicastResponsesToMulticastBroadcastsBlocked = $true
		inboundNotificationsBlocked = $true
		authorizedApplicationRulesFromGroupPolicyMerged = $true
		globalPortRulesFromGroupPolicyMerged = $true
		connectionSecurityRulesFromGroupPolicyMerged = $true
		outboundConnectionsBlocked = $true
		inboundConnectionsBlocked = $true
		securedPacketExemptionAllowed = $true
		policyRulesFromGroupPolicyMerged = $true
	}
	firewallProfilePrivate = @{
		"@odata.type" = "microsoft.graph.windowsFirewallNetworkProfile"
		firewallEnabled = "blocked"
		stealthModeBlocked = $true
		incomingTrafficBlocked = $true
		unicastResponsesToMulticastBroadcastsBlocked = $true
		inboundNotificationsBlocked = $true
		authorizedApplicationRulesFromGroupPolicyMerged = $true
		globalPortRulesFromGroupPolicyMerged = $true
		connectionSecurityRulesFromGroupPolicyMerged = $true
		outboundConnectionsBlocked = $true
		inboundConnectionsBlocked = $true
		securedPacketExemptionAllowed = $true
		policyRulesFromGroupPolicyMerged = $true
	}
	defenderAttackSurfaceReductionExcludedPaths = @(
	"Defender Attack Surface Reduction Excluded Paths value"
)
defenderGuardedFoldersAllowedAppPaths = @(
"Defender Guarded Folders Allowed App Paths value"
)
defenderAdditionalGuardedFolders = @(
"Defender Additional Guarded Folders value"
)
defenderExploitProtectionXml = "ZGVmZW5kZXJFeHBsb2l0UHJvdGVjdGlvblhtbA=="
defenderExploitProtectionXmlFileName = "Defender Exploit Protection Xml File Name value"
defenderSecurityCenterBlockExploitProtectionOverride = $true
appLockerApplicationControl = "enforceComponentsAndStoreApps"
smartScreenEnableInShell = $true
smartScreenBlockOverrideForFiles = $true
applicationGuardEnabled = $true
applicationGuardBlockFileTransfer = "blockImageAndTextFile"
applicationGuardBlockNonEnterpriseContent = $true
applicationGuardAllowPersistence = $true
applicationGuardForceAuditing = $true
applicationGuardBlockClipboardSharing = "blockBoth"
applicationGuardAllowPrintToPDF = $true
applicationGuardAllowPrintToXPS = $true
applicationGuardAllowPrintToLocalPrinters = $true
applicationGuardAllowPrintToNetworkPrinters = $true
bitLockerDisableWarningForOtherDiskEncryption = $true
bitLockerEnableStorageCardEncryptionOnMobile = $true
bitLockerEncryptDevice = $true
bitLockerRemovableDrivePolicy = @{
"@odata.type" = "microsoft.graph.bitLockerRemovableDrivePolicy"
encryptionMethod = "aesCbc256"
requireEncryptionForWriteAccess = $true
blockCrossOrganizationWriteAccess = $true
}
}

Update-MgDeviceManagementDeviceConfiguration -DeviceConfigurationId $deviceConfigurationId -BodyParameter $params

有关如何将 SDK 添加到项目并创建 authProvider 实例的详细信息，请参阅 SDK 文档。

Python

from msgraph import GraphServiceClient
from msgraph.generated.models.windows10_endpoint_protection_configuration import Windows10EndpointProtectionConfiguration
from msgraph.generated.models.windows_firewall_network_profile import WindowsFirewallNetworkProfile
from msgraph.generated.models.bit_locker_removable_drive_policy import BitLockerRemovableDrivePolicy

graph_client = GraphServiceClient(credentials, scopes)

request_body = Windows10EndpointProtectionConfiguration(
	odata_type = "#microsoft.graph.windows10EndpointProtectionConfiguration",
	description = "Description value",
	display_name = "Display Name value",
	version = 7,
	firewall_block_stateful_f_t_p = True,
	firewall_idle_timeout_for_security_association_in_seconds = 2,
	firewall_pre_shared_key_encoding_method = FirewallPreSharedKeyEncodingMethodType.None,
	firewall_i_p_sec_exemptions_allow_neighbor_discovery = True,
	firewall_i_p_sec_exemptions_allow_i_c_m_p = True,
	firewall_i_p_sec_exemptions_allow_router_discovery = True,
	firewall_i_p_sec_exemptions_allow_d_h_c_p = True,
	firewall_certificate_revocation_list_check_method = FirewallCertificateRevocationListCheckMethodType.None,
	firewall_merge_keying_module_settings = True,
	firewall_packet_queueing_method = FirewallPacketQueueingMethodType.Disabled,
	firewall_profile_domain = WindowsFirewallNetworkProfile(
		odata_type = "microsoft.graph.windowsFirewallNetworkProfile",
		firewall_enabled = StateManagementSetting.Blocked,
		stealth_mode_blocked = True,
		incoming_traffic_blocked = True,
		unicast_responses_to_multicast_broadcasts_blocked = True,
		inbound_notifications_blocked = True,
		authorized_application_rules_from_group_policy_merged = True,
		global_port_rules_from_group_policy_merged = True,
		connection_security_rules_from_group_policy_merged = True,
		outbound_connections_blocked = True,
		inbound_connections_blocked = True,
		secured_packet_exemption_allowed = True,
		policy_rules_from_group_policy_merged = True,
	),
	firewall_profile_public = WindowsFirewallNetworkProfile(
		odata_type = "microsoft.graph.windowsFirewallNetworkProfile",
		firewall_enabled = StateManagementSetting.Blocked,
		stealth_mode_blocked = True,
		incoming_traffic_blocked = True,
		unicast_responses_to_multicast_broadcasts_blocked = True,
		inbound_notifications_blocked = True,
		authorized_application_rules_from_group_policy_merged = True,
		global_port_rules_from_group_policy_merged = True,
		connection_security_rules_from_group_policy_merged = True,
		outbound_connections_blocked = True,
		inbound_connections_blocked = True,
		secured_packet_exemption_allowed = True,
		policy_rules_from_group_policy_merged = True,
	),
	firewall_profile_private = WindowsFirewallNetworkProfile(
		odata_type = "microsoft.graph.windowsFirewallNetworkProfile",
		firewall_enabled = StateManagementSetting.Blocked,
		stealth_mode_blocked = True,
		incoming_traffic_blocked = True,
		unicast_responses_to_multicast_broadcasts_blocked = True,
		inbound_notifications_blocked = True,
		authorized_application_rules_from_group_policy_merged = True,
		global_port_rules_from_group_policy_merged = True,
		connection_security_rules_from_group_policy_merged = True,
		outbound_connections_blocked = True,
		inbound_connections_blocked = True,
		secured_packet_exemption_allowed = True,
		policy_rules_from_group_policy_merged = True,
	),
	defender_attack_surface_reduction_excluded_paths = [
		"Defender Attack Surface Reduction Excluded Paths value",
	],
	defender_guarded_folders_allowed_app_paths = [
		"Defender Guarded Folders Allowed App Paths value",
	],
	defender_additional_guarded_folders = [
		"Defender Additional Guarded Folders value",
	],
	defender_exploit_protection_xml = base64.urlsafe_b64decode("ZGVmZW5kZXJFeHBsb2l0UHJvdGVjdGlvblhtbA=="),
	defender_exploit_protection_xml_file_name = "Defender Exploit Protection Xml File Name value",
	defender_security_center_block_exploit_protection_override = True,
	app_locker_application_control = AppLockerApplicationControlType.EnforceComponentsAndStoreApps,
	smart_screen_enable_in_shell = True,
	smart_screen_block_override_for_files = True,
	application_guard_enabled = True,
	application_guard_block_file_transfer = ApplicationGuardBlockFileTransferType.BlockImageAndTextFile,
	application_guard_block_non_enterprise_content = True,
	application_guard_allow_persistence = True,
	application_guard_force_auditing = True,
	application_guard_block_clipboard_sharing = ApplicationGuardBlockClipboardSharingType.BlockBoth,
	application_guard_allow_print_to_p_d_f = True,
	application_guard_allow_print_to_x_p_s = True,
	application_guard_allow_print_to_local_printers = True,
	application_guard_allow_print_to_network_printers = True,
	bit_locker_disable_warning_for_other_disk_encryption = True,
	bit_locker_enable_storage_card_encryption_on_mobile = True,
	bit_locker_encrypt_device = True,
	bit_locker_removable_drive_policy = BitLockerRemovableDrivePolicy(
		odata_type = "microsoft.graph.bitLockerRemovableDrivePolicy",
		encryption_method = BitLockerEncryptionMethod.AesCbc256,
		require_encryption_for_write_access = True,
		block_cross_organization_write_access = True,
	),
)

result = await graph_client.device_management.device_configurations.by_device_configuration_id('deviceConfiguration-id').patch(request_body)

有关如何将 SDK 添加到项目并创建 authProvider 实例的详细信息，请参阅 SDK 文档。

响应

下面是一个响应示例。 注意：为简洁起见，可能会截断此处显示的响应对象。 将从实际调用中返回所有属性。

HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 4417

{
  "@odata.type": "#microsoft.graph.windows10EndpointProtectionConfiguration",
  "id": "09709403-9403-0970-0394-700903947009",
  "lastModifiedDateTime": "2017-01-01T00:00:35.1329464-08:00",
  "createdDateTime": "2017-01-01T00:02:43.5775965-08:00",
  "description": "Description value",
  "displayName": "Display Name value",
  "version": 7,
  "firewallBlockStatefulFTP": true,
  "firewallIdleTimeoutForSecurityAssociationInSeconds": 2,
  "firewallPreSharedKeyEncodingMethod": "none",
  "firewallIPSecExemptionsAllowNeighborDiscovery": true,
  "firewallIPSecExemptionsAllowICMP": true,
  "firewallIPSecExemptionsAllowRouterDiscovery": true,
  "firewallIPSecExemptionsAllowDHCP": true,
  "firewallCertificateRevocationListCheckMethod": "none",
  "firewallMergeKeyingModuleSettings": true,
  "firewallPacketQueueingMethod": "disabled",
  "firewallProfileDomain": {
    "@odata.type": "microsoft.graph.windowsFirewallNetworkProfile",
    "firewallEnabled": "blocked",
    "stealthModeBlocked": true,
    "incomingTrafficBlocked": true,
    "unicastResponsesToMulticastBroadcastsBlocked": true,
    "inboundNotificationsBlocked": true,
    "authorizedApplicationRulesFromGroupPolicyMerged": true,
    "globalPortRulesFromGroupPolicyMerged": true,
    "connectionSecurityRulesFromGroupPolicyMerged": true,
    "outboundConnectionsBlocked": true,
    "inboundConnectionsBlocked": true,
    "securedPacketExemptionAllowed": true,
    "policyRulesFromGroupPolicyMerged": true
  },
  "firewallProfilePublic": {
    "@odata.type": "microsoft.graph.windowsFirewallNetworkProfile",
    "firewallEnabled": "blocked",
    "stealthModeBlocked": true,
    "incomingTrafficBlocked": true,
    "unicastResponsesToMulticastBroadcastsBlocked": true,
    "inboundNotificationsBlocked": true,
    "authorizedApplicationRulesFromGroupPolicyMerged": true,
    "globalPortRulesFromGroupPolicyMerged": true,
    "connectionSecurityRulesFromGroupPolicyMerged": true,
    "outboundConnectionsBlocked": true,
    "inboundConnectionsBlocked": true,
    "securedPacketExemptionAllowed": true,
    "policyRulesFromGroupPolicyMerged": true
  },
  "firewallProfilePrivate": {
    "@odata.type": "microsoft.graph.windowsFirewallNetworkProfile",
    "firewallEnabled": "blocked",
    "stealthModeBlocked": true,
    "incomingTrafficBlocked": true,
    "unicastResponsesToMulticastBroadcastsBlocked": true,
    "inboundNotificationsBlocked": true,
    "authorizedApplicationRulesFromGroupPolicyMerged": true,
    "globalPortRulesFromGroupPolicyMerged": true,
    "connectionSecurityRulesFromGroupPolicyMerged": true,
    "outboundConnectionsBlocked": true,
    "inboundConnectionsBlocked": true,
    "securedPacketExemptionAllowed": true,
    "policyRulesFromGroupPolicyMerged": true
  },
  "defenderAttackSurfaceReductionExcludedPaths": [
    "Defender Attack Surface Reduction Excluded Paths value"
  ],
  "defenderGuardedFoldersAllowedAppPaths": [
    "Defender Guarded Folders Allowed App Paths value"
  ],
  "defenderAdditionalGuardedFolders": [
    "Defender Additional Guarded Folders value"
  ],
  "defenderExploitProtectionXml": "ZGVmZW5kZXJFeHBsb2l0UHJvdGVjdGlvblhtbA==",
  "defenderExploitProtectionXmlFileName": "Defender Exploit Protection Xml File Name value",
  "defenderSecurityCenterBlockExploitProtectionOverride": true,
  "appLockerApplicationControl": "enforceComponentsAndStoreApps",
  "smartScreenEnableInShell": true,
  "smartScreenBlockOverrideForFiles": true,
  "applicationGuardEnabled": true,
  "applicationGuardBlockFileTransfer": "blockImageAndTextFile",
  "applicationGuardBlockNonEnterpriseContent": true,
  "applicationGuardAllowPersistence": true,
  "applicationGuardForceAuditing": true,
  "applicationGuardBlockClipboardSharing": "blockBoth",
  "applicationGuardAllowPrintToPDF": true,
  "applicationGuardAllowPrintToXPS": true,
  "applicationGuardAllowPrintToLocalPrinters": true,
  "applicationGuardAllowPrintToNetworkPrinters": true,
  "bitLockerDisableWarningForOtherDiskEncryption": true,
  "bitLockerEnableStorageCardEncryptionOnMobile": true,
  "bitLockerEncryptDevice": true,
  "bitLockerRemovableDrivePolicy": {
    "@odata.type": "microsoft.graph.bitLockerRemovableDrivePolicy",
    "encryptionMethod": "aesCbc256",
    "requireEncryptionForWriteAccess": true,
    "blockCrossOrganizationWriteAccess": true
  }
}