更新 windows10EndpointProtectionConfigurationUpdate windows10EndpointProtectionConfiguration

命名空间:microsoft.graphNamespace: microsoft.graph

注意: 适用于 Intune 的 Microsoft Graph API 需要适用于租户的活动 Intune 许可证Note: The Microsoft Graph API for Intune requires an active Intune license for the tenant.

更新 windows10EndpointProtectionConfiguration 对象的属性。Update the properties of a windows10EndpointProtectionConfiguration object.

先决条件Prerequisites

要调用此 API,需要以下权限之一。要了解详细信息,包括如何选择权限的信息,请参阅权限One of the following permissions is required to call this API. To learn more, including how to choose permissions, see Permissions.

权限类型Permission type 权限(从最高特权到最低特权)Permissions (from most to least privileged)
委派(工作或学校帐户)Delegated (work or school account) DeviceManagementConfiguration.ReadWrite.AllDeviceManagementConfiguration.ReadWrite.All
委派(个人 Microsoft 帐户)Delegated (personal Microsoft account) 不支持。Not supported.
应用程序Application 不支持。Not supported.

HTTP 请求HTTP Request

PATCH /deviceManagement/deviceConfigurations/{deviceConfigurationId}

请求标头Request headers

标头Header Value
AuthorizationAuthorization Bearer <token>。必需。Bearer <token> Required.
接受Accept application/jsonapplication/json

请求正文Request body

在请求正文中,提供 windows10EndpointProtectionConfiguration 对象的 JSON 表示形式。In the request body, supply a JSON representation for the windows10EndpointProtectionConfiguration object.

下表显示了创建 windows10EndpointProtectionConfiguration 时所需的属性。The following table shows the properties that are required when you create the windows10EndpointProtectionConfiguration.

属性Property 类型Type 说明Description
idid StringString 实体的键。Key of the entity. 继承自 deviceConfigurationInherited from deviceConfiguration
lastModifiedDateTimelastModifiedDateTime DateTimeOffsetDateTimeOffset 上次修改对象的日期/时间。DateTime the object was last modified. 继承自 deviceConfigurationInherited from deviceConfiguration
createdDateTimecreatedDateTime DateTimeOffsetDateTimeOffset 创建对象的日期/时间。DateTime the object was created. 继承自 deviceConfigurationInherited from deviceConfiguration
descriptiondescription StringString 管理员提供的设备配置的说明。Admin provided description of the Device Configuration. 继承自 deviceConfigurationInherited from deviceConfiguration
displayNamedisplayName StringString 管理员提供的设备配置的名称。Admin provided name of the device configuration. 继承自 deviceConfigurationInherited from deviceConfiguration
versionversion Int32Int32 设备配置的版本。Version of the device configuration. 继承自 deviceConfigurationInherited from deviceConfiguration
firewallBlockStatefulFTPfirewallBlockStatefulFTP BooleanBoolean 阻止到设备的有状态 FTP 连接Blocks stateful FTP connections to the device
firewallIdleTimeoutForSecurityAssociationInSecondsfirewallIdleTimeoutForSecurityAssociationInSeconds Int32Int32 配置安全关联的空闲超时(以秒为单位),值范围为 300 到 3600(包括这两个值)。Configures the idle timeout for security associations, in seconds, from 300 to 3600 inclusive. 这是一个时间段,在此之后安全关联将过期并被删除。This is the period after which security associations will expire and be deleted. 有效值为 300 至 3600Valid values 300 to 3600
firewallPreSharedKeyEncodingMethodfirewallPreSharedKeyEncodingMethod firewallPreSharedKeyEncodingMethodTypefirewallPreSharedKeyEncodingMethodType 选择要使用的预共享密钥编码。Select the preshared key encoding to be used. 可取值为:deviceDefaultnoneutF8Possible values are: deviceDefault, none, utF8.
firewallIPSecExemptionsAllowNeighborDiscoveryfirewallIPSecExemptionsAllowNeighborDiscovery BooleanBoolean 配置 IPSec 免除项以允许邻居发现 IPv6 ICMP 类型代码Configures IPSec exemptions to allow neighbor discovery IPv6 ICMP type-codes
firewallIPSecExemptionsAllowICMPfirewallIPSecExemptionsAllowICMP BooleanBoolean 配置 IPSec 免除项以允许 ICMPConfigures IPSec exemptions to allow ICMP
firewallIPSecExemptionsAllowRouterDiscoveryfirewallIPSecExemptionsAllowRouterDiscovery BooleanBoolean 配置 IPSec 免除项以允许路由器发现 IPv6 ICMP 类型代码Configures IPSec exemptions to allow router discovery IPv6 ICMP type-codes
firewallIPSecExemptionsAllowDHCPfirewallIPSecExemptionsAllowDHCP BooleanBoolean 配置 IPSec 免除项以允许 IPv4 和 IPv6 DHCP 通信Configures IPSec exemptions to allow both IPv4 and IPv6 DHCP traffic
firewallCertificateRevocationListCheckMethodfirewallCertificateRevocationListCheckMethod firewallCertificateRevocationListCheckMethodTypefirewallCertificateRevocationListCheckMethodType 指定如何强制执行证书吊销列表。Specify how the certificate revocation list is to be enforced. 可取值为:deviceDefaultnoneattemptrequirePossible values are: deviceDefault, none, attempt, require.
firewallMergeKeyingModuleSettingsfirewallMergeKeyingModuleSettings BooleanBoolean 如果键控模块不完全支持身份验证集,请指示模块仅忽略不受支持的身份验证套件而不是整个集If an authentication set is not fully supported by a keying module, direct the module to ignore only unsupported authentication suites rather than the entire set
firewallPacketQueueingMethodfirewallPacketQueueingMethod firewallPacketQueueingMethodTypefirewallPacketQueueingMethodType 配置如何在隧道网关应用场景中应用数据包排队。Configures how packet queueing should be applied in the tunnel gateway scenario. 可取值为:deviceDefaultdisabledqueueInboundqueueOutboundqueueBothPossible values are: deviceDefault, disabled, queueInbound, queueOutbound, queueBoth.
firewallProfileDomainfirewallProfileDomain windowsFirewallNetworkProfilewindowsFirewallNetworkProfile 配置域网络的防火墙配置文件设置Configures the firewall profile settings for domain networks
firewallProfilePublicfirewallProfilePublic windowsFirewallNetworkProfilewindowsFirewallNetworkProfile 配置公用网络的防火墙配置文件设置Configures the firewall profile settings for public networks
firewallProfilePrivatefirewallProfilePrivate windowsFirewallNetworkProfilewindowsFirewallNetworkProfile 配置专用网络的防火墙配置文件设置Configures the firewall profile settings for private networks
defenderAttackSurfaceReductionExcludedPathsdefenderAttackSurfaceReductionExcludedPaths String 集合String collection 要从攻击面减少规则中排除的 exe 文件和文件夹的列表List of exe files and folders to be excluded from attack surface reduction rules
defenderGuardedFoldersAllowedAppPathsdefenderGuardedFoldersAllowedAppPaths String 集合String collection 允许访问受保护文件夹的 exe 路径列表List of paths to exe that are allowed to access protected folders
defenderAdditionalGuardedFoldersdefenderAdditionalGuardedFolders String 集合String collection 要添加到受保护文件夹列表的文件夹路径列表List of folder paths to be added to the list of protected folders
defenderExploitProtectionXmldefenderExploitProtectionXml BinaryBinary 包含有关 Exploit Protection 详细信息的 xml 内容。Xml content containing information regarding exploit protection details.
defenderExploitProtectionXmlFileNamedefenderExploitProtectionXmlFileName StringString 从中获取 DefenderExploitProtectionXml 的文件的名称。Name of the file from which DefenderExploitProtectionXml was obtained.
defenderSecurityCenterBlockExploitProtectionOverridedefenderSecurityCenterBlockExploitProtectionOverride BooleanBoolean 指示是否阻止用户覆盖 Exploit Protection 设置。Indicates whether or not to block user from overriding Exploit Protection settings.
appLockerApplicationControlappLockerApplicationControl appLockerApplicationControlTypeappLockerApplicationControlType 使管理员能够选择在设备上允许哪些类型的应用。Enables the Admin to choose what types of app to allow on devices. 可取值为:notConfiguredenforceComponentsAndStoreAppsauditComponentsAndStoreAppsenforceComponentsStoreAppsAndSmartlockerauditComponentsStoreAppsAndSmartlockerPossible values are: notConfigured, enforceComponentsAndStoreApps, auditComponentsAndStoreApps, enforceComponentsStoreAppsAndSmartlocker, auditComponentsStoreAppsAndSmartlocker.
smartScreenEnableInShellsmartScreenEnableInShell BooleanBoolean 允许 IT 管理员配置适用于 Windows 的 SmartScreen。Allows IT Admins to configure SmartScreen for Windows.
smartScreenBlockOverrideForFilessmartScreenBlockOverrideForFiles BooleanBoolean 允许 IT 管理员控制用户是否可以忽略 SmartScreen 警告并运行恶意文件。Allows IT Admins to control whether users can ignore SmartScreen warnings and run malicious files.
applicationGuardEnabledapplicationGuardEnabled BooleanBoolean 启用 Windows Defender 应用程序防护Enable Windows Defender Application Guard
applicationGuardBlockFileTransferapplicationGuardBlockFileTransfer applicationGuardBlockFileTransferTypeapplicationGuardBlockFileTransferType 阻止剪贴板传输图像文件、文本文件或二者都不。Block clipboard to transfer image file, text file or neither of them. 可取值为:notConfiguredblockImageAndTextFileblockImageFileblockNoneblockTextFilePossible values are: notConfigured, blockImageAndTextFile, blockImageFile, blockNone, blockTextFile.
applicationGuardBlockNonEnterpriseContentapplicationGuardBlockNonEnterpriseContent BooleanBoolean 阻止企业站点加载非企业内容,例如第三方插件Block enterprise sites to load non-enterprise content, such as third party plug-ins
applicationGuardAllowPersistenceapplicationGuardAllowPersistence BooleanBoolean 允许 App Guard 容器(收藏夹、Cookie、Web 密码等)内的持久用户生成数据Allow persisting user generated data inside the App Guard Containter (favorites, cookies, web passwords, etc.)
applicationGuardForceAuditingapplicationGuardForceAuditing BooleanBoolean 强制审核将存留 Windows 日志和事件以满足安全/符合性条件(示例事件是用户登录注销、特权使用、软件安装、系统更改等)Force auditing will persist Windows logs and events to meet security/compliance criteria (sample events are user login-logoff, use of privilege rights, software installation, system changes, etc.)
applicationGuardBlockClipboardSharingapplicationGuardBlockClipboardSharing applicationGuardBlockClipboardSharingTypeapplicationGuardBlockClipboardSharingType 阻止剪贴板将数据从主机共享到容器或从容器共享到主机,或阻止两种方式,或两种方式均不阻止。Block clipboard to share data from Host to Container, or from Container to Host, or both ways, or neither ways. 可取值为:notConfiguredblockBothblockHostToContainerblockContainerToHostblockNonePossible values are: notConfigured, blockBoth, blockHostToContainer, blockContainerToHost, blockNone.
applicationGuardAllowPrintToPDFapplicationGuardAllowPrintToPDF BooleanBoolean 允许从容器打印为 PDF 格式Allow printing to PDF from Container
applicationGuardAllowPrintToXPSapplicationGuardAllowPrintToXPS BooleanBoolean 允许从容器打印为 XPS 格式Allow printing to XPS from Container
applicationGuardAllowPrintToLocalPrintersapplicationGuardAllowPrintToLocalPrinters BooleanBoolean 允许从容器打印到本地打印机Allow printing to Local Printers from Container
applicationGuardAllowPrintToNetworkPrintersapplicationGuardAllowPrintToNetworkPrinters BooleanBoolean 允许从容器打印到网络打印机Allow printing to Network Printers from Container
bitLockerDisableWarningForOtherDiskEncryptionbitLockerDisableWarningForOtherDiskEncryption BooleanBoolean 允许管理员禁用对用户计算机上其他磁盘加密的警告提示。Allows the Admin to disable the warning prompt for other disk encryption on the user machines.
bitLockerEnableStorageCardEncryptionOnMobilebitLockerEnableStorageCardEncryptionOnMobile BooleanBoolean 允许管理员要求使用 BitLocker 开启加密功能。Allows the admin to require encryption to be turned on using BitLocker. 此策略仅适用于移动 SKU。This policy is valid only for a mobile SKU.
bitLockerEncryptDevicebitLockerEncryptDevice BooleanBoolean 允许管理员要求使用 BitLocker 开启加密功能。Allows the admin to require encryption to be turned on using BitLocker.
bitLockerRemovableDrivePolicybitLockerRemovableDrivePolicy bitLockerRemovableDrivePolicybitLockerRemovableDrivePolicy BitLocker 可移动驱动器策略。BitLocker Removable Drive Policy.

响应Response

如果成功,此方法在响应正文中返回 200 OK 响应代码和更新的 windows10EndpointProtectionConfiguration 对象。If successful, this method returns a 200 OK response code and an updated windows10EndpointProtectionConfiguration object in the response body.

示例Example

请求Request

下面是一个请求示例。Here is an example of the request.

PATCH https://graph.microsoft.com/v1.0/deviceManagement/deviceConfigurations/{deviceConfigurationId}
Content-type: application/json
Content-length: 4245

{
  "@odata.type": "#microsoft.graph.windows10EndpointProtectionConfiguration",
  "description": "Description value",
  "displayName": "Display Name value",
  "version": 7,
  "firewallBlockStatefulFTP": true,
  "firewallIdleTimeoutForSecurityAssociationInSeconds": 2,
  "firewallPreSharedKeyEncodingMethod": "none",
  "firewallIPSecExemptionsAllowNeighborDiscovery": true,
  "firewallIPSecExemptionsAllowICMP": true,
  "firewallIPSecExemptionsAllowRouterDiscovery": true,
  "firewallIPSecExemptionsAllowDHCP": true,
  "firewallCertificateRevocationListCheckMethod": "none",
  "firewallMergeKeyingModuleSettings": true,
  "firewallPacketQueueingMethod": "disabled",
  "firewallProfileDomain": {
    "@odata.type": "microsoft.graph.windowsFirewallNetworkProfile",
    "firewallEnabled": "blocked",
    "stealthModeBlocked": true,
    "incomingTrafficBlocked": true,
    "unicastResponsesToMulticastBroadcastsBlocked": true,
    "inboundNotificationsBlocked": true,
    "authorizedApplicationRulesFromGroupPolicyMerged": true,
    "globalPortRulesFromGroupPolicyMerged": true,
    "connectionSecurityRulesFromGroupPolicyMerged": true,
    "outboundConnectionsBlocked": true,
    "inboundConnectionsBlocked": true,
    "securedPacketExemptionAllowed": true,
    "policyRulesFromGroupPolicyMerged": true
  },
  "firewallProfilePublic": {
    "@odata.type": "microsoft.graph.windowsFirewallNetworkProfile",
    "firewallEnabled": "blocked",
    "stealthModeBlocked": true,
    "incomingTrafficBlocked": true,
    "unicastResponsesToMulticastBroadcastsBlocked": true,
    "inboundNotificationsBlocked": true,
    "authorizedApplicationRulesFromGroupPolicyMerged": true,
    "globalPortRulesFromGroupPolicyMerged": true,
    "connectionSecurityRulesFromGroupPolicyMerged": true,
    "outboundConnectionsBlocked": true,
    "inboundConnectionsBlocked": true,
    "securedPacketExemptionAllowed": true,
    "policyRulesFromGroupPolicyMerged": true
  },
  "firewallProfilePrivate": {
    "@odata.type": "microsoft.graph.windowsFirewallNetworkProfile",
    "firewallEnabled": "blocked",
    "stealthModeBlocked": true,
    "incomingTrafficBlocked": true,
    "unicastResponsesToMulticastBroadcastsBlocked": true,
    "inboundNotificationsBlocked": true,
    "authorizedApplicationRulesFromGroupPolicyMerged": true,
    "globalPortRulesFromGroupPolicyMerged": true,
    "connectionSecurityRulesFromGroupPolicyMerged": true,
    "outboundConnectionsBlocked": true,
    "inboundConnectionsBlocked": true,
    "securedPacketExemptionAllowed": true,
    "policyRulesFromGroupPolicyMerged": true
  },
  "defenderAttackSurfaceReductionExcludedPaths": [
    "Defender Attack Surface Reduction Excluded Paths value"
  ],
  "defenderGuardedFoldersAllowedAppPaths": [
    "Defender Guarded Folders Allowed App Paths value"
  ],
  "defenderAdditionalGuardedFolders": [
    "Defender Additional Guarded Folders value"
  ],
  "defenderExploitProtectionXml": "ZGVmZW5kZXJFeHBsb2l0UHJvdGVjdGlvblhtbA==",
  "defenderExploitProtectionXmlFileName": "Defender Exploit Protection Xml File Name value",
  "defenderSecurityCenterBlockExploitProtectionOverride": true,
  "appLockerApplicationControl": "enforceComponentsAndStoreApps",
  "smartScreenEnableInShell": true,
  "smartScreenBlockOverrideForFiles": true,
  "applicationGuardEnabled": true,
  "applicationGuardBlockFileTransfer": "blockImageAndTextFile",
  "applicationGuardBlockNonEnterpriseContent": true,
  "applicationGuardAllowPersistence": true,
  "applicationGuardForceAuditing": true,
  "applicationGuardBlockClipboardSharing": "blockBoth",
  "applicationGuardAllowPrintToPDF": true,
  "applicationGuardAllowPrintToXPS": true,
  "applicationGuardAllowPrintToLocalPrinters": true,
  "applicationGuardAllowPrintToNetworkPrinters": true,
  "bitLockerDisableWarningForOtherDiskEncryption": true,
  "bitLockerEnableStorageCardEncryptionOnMobile": true,
  "bitLockerEncryptDevice": true,
  "bitLockerRemovableDrivePolicy": {
    "@odata.type": "microsoft.graph.bitLockerRemovableDrivePolicy",
    "encryptionMethod": "aesCbc256",
    "requireEncryptionForWriteAccess": true,
    "blockCrossOrganizationWriteAccess": true
  }
}

响应Response

下面是一个响应示例。注意:为了简单起见,可能会将此处所示的响应对象截断。将从实际调用中返回所有属性。Here is an example of the response. Note: The response object shown here may be truncated for brevity. All of the properties will be returned from an actual call.

HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 4417

{
  "@odata.type": "#microsoft.graph.windows10EndpointProtectionConfiguration",
  "id": "09709403-9403-0970-0394-700903947009",
  "lastModifiedDateTime": "2017-01-01T00:00:35.1329464-08:00",
  "createdDateTime": "2017-01-01T00:02:43.5775965-08:00",
  "description": "Description value",
  "displayName": "Display Name value",
  "version": 7,
  "firewallBlockStatefulFTP": true,
  "firewallIdleTimeoutForSecurityAssociationInSeconds": 2,
  "firewallPreSharedKeyEncodingMethod": "none",
  "firewallIPSecExemptionsAllowNeighborDiscovery": true,
  "firewallIPSecExemptionsAllowICMP": true,
  "firewallIPSecExemptionsAllowRouterDiscovery": true,
  "firewallIPSecExemptionsAllowDHCP": true,
  "firewallCertificateRevocationListCheckMethod": "none",
  "firewallMergeKeyingModuleSettings": true,
  "firewallPacketQueueingMethod": "disabled",
  "firewallProfileDomain": {
    "@odata.type": "microsoft.graph.windowsFirewallNetworkProfile",
    "firewallEnabled": "blocked",
    "stealthModeBlocked": true,
    "incomingTrafficBlocked": true,
    "unicastResponsesToMulticastBroadcastsBlocked": true,
    "inboundNotificationsBlocked": true,
    "authorizedApplicationRulesFromGroupPolicyMerged": true,
    "globalPortRulesFromGroupPolicyMerged": true,
    "connectionSecurityRulesFromGroupPolicyMerged": true,
    "outboundConnectionsBlocked": true,
    "inboundConnectionsBlocked": true,
    "securedPacketExemptionAllowed": true,
    "policyRulesFromGroupPolicyMerged": true
  },
  "firewallProfilePublic": {
    "@odata.type": "microsoft.graph.windowsFirewallNetworkProfile",
    "firewallEnabled": "blocked",
    "stealthModeBlocked": true,
    "incomingTrafficBlocked": true,
    "unicastResponsesToMulticastBroadcastsBlocked": true,
    "inboundNotificationsBlocked": true,
    "authorizedApplicationRulesFromGroupPolicyMerged": true,
    "globalPortRulesFromGroupPolicyMerged": true,
    "connectionSecurityRulesFromGroupPolicyMerged": true,
    "outboundConnectionsBlocked": true,
    "inboundConnectionsBlocked": true,
    "securedPacketExemptionAllowed": true,
    "policyRulesFromGroupPolicyMerged": true
  },
  "firewallProfilePrivate": {
    "@odata.type": "microsoft.graph.windowsFirewallNetworkProfile",
    "firewallEnabled": "blocked",
    "stealthModeBlocked": true,
    "incomingTrafficBlocked": true,
    "unicastResponsesToMulticastBroadcastsBlocked": true,
    "inboundNotificationsBlocked": true,
    "authorizedApplicationRulesFromGroupPolicyMerged": true,
    "globalPortRulesFromGroupPolicyMerged": true,
    "connectionSecurityRulesFromGroupPolicyMerged": true,
    "outboundConnectionsBlocked": true,
    "inboundConnectionsBlocked": true,
    "securedPacketExemptionAllowed": true,
    "policyRulesFromGroupPolicyMerged": true
  },
  "defenderAttackSurfaceReductionExcludedPaths": [
    "Defender Attack Surface Reduction Excluded Paths value"
  ],
  "defenderGuardedFoldersAllowedAppPaths": [
    "Defender Guarded Folders Allowed App Paths value"
  ],
  "defenderAdditionalGuardedFolders": [
    "Defender Additional Guarded Folders value"
  ],
  "defenderExploitProtectionXml": "ZGVmZW5kZXJFeHBsb2l0UHJvdGVjdGlvblhtbA==",
  "defenderExploitProtectionXmlFileName": "Defender Exploit Protection Xml File Name value",
  "defenderSecurityCenterBlockExploitProtectionOverride": true,
  "appLockerApplicationControl": "enforceComponentsAndStoreApps",
  "smartScreenEnableInShell": true,
  "smartScreenBlockOverrideForFiles": true,
  "applicationGuardEnabled": true,
  "applicationGuardBlockFileTransfer": "blockImageAndTextFile",
  "applicationGuardBlockNonEnterpriseContent": true,
  "applicationGuardAllowPersistence": true,
  "applicationGuardForceAuditing": true,
  "applicationGuardBlockClipboardSharing": "blockBoth",
  "applicationGuardAllowPrintToPDF": true,
  "applicationGuardAllowPrintToXPS": true,
  "applicationGuardAllowPrintToLocalPrinters": true,
  "applicationGuardAllowPrintToNetworkPrinters": true,
  "bitLockerDisableWarningForOtherDiskEncryption": true,
  "bitLockerEnableStorageCardEncryptionOnMobile": true,
  "bitLockerEncryptDevice": true,
  "bitLockerRemovableDrivePolicy": {
    "@odata.type": "microsoft.graph.bitLockerRemovableDrivePolicy",
    "encryptionMethod": "aesCbc256",
    "requireEncryptionForWriteAccess": true,
    "blockCrossOrganizationWriteAccess": true
  }
}