更新 onPremisesConditionalAccessSettings

命名空间：microsoft.graph

注意：适用于 Intune 的 Microsoft Graph API 需要适用于租户的活动 Intune 许可证。

更新 onPremisesConditionalAccessSettings 对象的属性。

此 API 可用于以下国家级云部署。

全局服务	美国政府 L4	美国政府 L5 (DOD)	由世纪互联运营的中国
✅	✅	✅	✅

权限

要调用此 API，需要以下权限之一。 若要了解详细信息，包括如何选择权限的信息，请参阅权限。

权限类型	权限（从最低特权到最高特权）
委派（工作或学校帐户）	DeviceManagementServiceConfig.ReadWrite.All、DeviceManagementConfiguration.ReadWrite.All
委派（个人 Microsoft 帐户）	不支持。
应用程序	DeviceManagementServiceConfig.ReadWrite.All、DeviceManagementConfiguration.ReadWrite.All

HTTP 请求

PATCH /deviceManagement/conditionalAccessSettings

请求标头

标头	值
Authorization	持有者 {token}。 必填。 详细了解 身份验证和授权。
接受	application/json

请求正文

在请求正文中，提供 onPremisesConditionalAccessSettings 对象的 JSON 表示形式。

下表显示创建 onPremisesConditionalAccessSettings 时所需的属性。

属性	类型	说明
id	String	尚未记录
enabled	Boolean	指示是否为该组织启用了本地条件访问
includedGroups	Guid 集合	本地条件访问将面向的用户组。 这些组中的所有用户都需要托管移动设备并符合邮件访问的要求。
excludedGroups	Guid 集合	将由本地条件访问豁免的用户组。 这些组中的所有用户都将从条件访问策略中豁免。
overrideDefaultRule	Boolean	允许设备时重写默认访问规则以确保授予访问。

响应

如果成功，此方法将在响应正文中返回 200 OK 响应代码和更新的 onPremisesConditionalAccessSettings 对象。

示例

请求

下面是一个请求示例。

HTTP

PATCH https://graph.microsoft.com/v1.0/deviceManagement/conditionalAccessSettings
Content-type: application/json
Content-length: 275

{
  "@odata.type": "#microsoft.graph.onPremisesConditionalAccessSettings",
  "enabled": true,
  "includedGroups": [
    "77c9d466-d466-77c9-66d4-c97766d4c977"
  ],
  "excludedGroups": [
    "2a0afae4-fae4-2a0a-e4fa-0a2ae4fa0a2a"
  ],
  "overrideDefaultRule": true
}

C#

// Code snippets are only available for the latest version. Current version is 5.x

// Dependencies
using Microsoft.Graph.Models;

var requestBody = new OnPremisesConditionalAccessSettings
{
	OdataType = "#microsoft.graph.onPremisesConditionalAccessSettings",
	Enabled = true,
	IncludedGroups = new List<Guid?>
	{
		Guid.Parse("77c9d466-d466-77c9-66d4-c97766d4c977"),
	},
	ExcludedGroups = new List<Guid?>
	{
		Guid.Parse("2a0afae4-fae4-2a0a-e4fa-0a2ae4fa0a2a"),
	},
	OverrideDefaultRule = true,
};

// To initialize your graphClient, see https://learn.microsoft.com/en-us/graph/sdks/create-client?from=snippets&tabs=csharp
var result = await graphClient.DeviceManagement.ConditionalAccessSettings.PatchAsync(requestBody);

有关如何将 SDK 添加到项目并创建 authProvider 实例的详细信息，请参阅 SDK 文档。

CLI

mgc device-management conditional-access-settings patch --body '{\
  "@odata.type": "#microsoft.graph.onPremisesConditionalAccessSettings",\
  "enabled": true,\
  "includedGroups": [\
    "77c9d466-d466-77c9-66d4-c97766d4c977"\
  ],\
  "excludedGroups": [\
    "2a0afae4-fae4-2a0a-e4fa-0a2ae4fa0a2a"\
  ],\
  "overrideDefaultRule": true\
}\
'

有关如何将 SDK 添加到项目并创建 authProvider 实例的详细信息，请参阅 SDK 文档。

Go

// Code snippets are only available for the latest major version. Current major version is $v1.*

// Dependencies
import (
	  "context"
	  msgraphsdk "github.com/microsoftgraph/msgraph-sdk-go"
	  graphmodels "github.com/microsoftgraph/msgraph-sdk-go/models"
	  //other-imports
)

requestBody := graphmodels.NewOnPremisesConditionalAccessSettings()
enabled := true
requestBody.SetEnabled(&enabled) 
includedGroups := []uuid.UUID {
	uuid.MustParse("77c9d466-d466-77c9-66d4-c97766d4c977"),
}
requestBody.SetIncludedGroups(includedGroups)
excludedGroups := []uuid.UUID {
	uuid.MustParse("2a0afae4-fae4-2a0a-e4fa-0a2ae4fa0a2a"),
}
requestBody.SetExcludedGroups(excludedGroups)
overrideDefaultRule := true
requestBody.SetOverrideDefaultRule(&overrideDefaultRule) 

// To initialize your graphClient, see https://learn.microsoft.com/en-us/graph/sdks/create-client?from=snippets&tabs=go
conditionalAccessSettings, err := graphClient.DeviceManagement().ConditionalAccessSettings().Patch(context.Background(), requestBody, nil)

有关如何将 SDK 添加到项目并创建 authProvider 实例的详细信息，请参阅 SDK 文档。

Java

// Code snippets are only available for the latest version. Current version is 6.x

GraphServiceClient graphClient = new GraphServiceClient(requestAdapter);

OnPremisesConditionalAccessSettings onPremisesConditionalAccessSettings = new OnPremisesConditionalAccessSettings();
onPremisesConditionalAccessSettings.setOdataType("#microsoft.graph.onPremisesConditionalAccessSettings");
onPremisesConditionalAccessSettings.setEnabled(true);
LinkedList<UUID> includedGroups = new LinkedList<UUID>();
includedGroups.add(UUID.fromString("77c9d466-d466-77c9-66d4-c97766d4c977"));
onPremisesConditionalAccessSettings.setIncludedGroups(includedGroups);
LinkedList<UUID> excludedGroups = new LinkedList<UUID>();
excludedGroups.add(UUID.fromString("2a0afae4-fae4-2a0a-e4fa-0a2ae4fa0a2a"));
onPremisesConditionalAccessSettings.setExcludedGroups(excludedGroups);
onPremisesConditionalAccessSettings.setOverrideDefaultRule(true);
OnPremisesConditionalAccessSettings result = graphClient.deviceManagement().conditionalAccessSettings().patch(onPremisesConditionalAccessSettings);

有关如何将 SDK 添加到项目并创建 authProvider 实例的详细信息，请参阅 SDK 文档。

JavaScript

const options = {
	authProvider,
};

const client = Client.init(options);

const onPremisesConditionalAccessSettings = {
  '@odata.type': '#microsoft.graph.onPremisesConditionalAccessSettings',
  enabled: true,
  includedGroups: [
    '77c9d466-d466-77c9-66d4-c97766d4c977'
  ],
  excludedGroups: [
    '2a0afae4-fae4-2a0a-e4fa-0a2ae4fa0a2a'
  ],
  overrideDefaultRule: true
};

await client.api('/deviceManagement/conditionalAccessSettings')
	.update(onPremisesConditionalAccessSettings);

有关如何将 SDK 添加到项目并创建 authProvider 实例的详细信息，请参阅 SDK 文档。

PHP

<?php
use Microsoft\Graph\GraphServiceClient;
use Microsoft\Graph\Generated\Models\OnPremisesConditionalAccessSettings;


$graphServiceClient = new GraphServiceClient($tokenRequestContext, $scopes);

$requestBody = new OnPremisesConditionalAccessSettings();
$requestBody->setOdataType('#microsoft.graph.onPremisesConditionalAccessSettings');
$requestBody->setEnabled(true);
$requestBody->setIncludedGroups(['77c9d466-d466-77c9-66d4-c97766d4c977', 	]);
$requestBody->setExcludedGroups(['2a0afae4-fae4-2a0a-e4fa-0a2ae4fa0a2a', 	]);
$requestBody->setOverrideDefaultRule(true);

$result = $graphServiceClient->deviceManagement()->conditionalAccessSettings()->patch($requestBody)->wait();

有关如何将 SDK 添加到项目并创建 authProvider 实例的详细信息，请参阅 SDK 文档。

PowerShell

Import-Module Microsoft.Graph.DeviceManagement.Enrollment

$params = @{
	"@odata.type" = "#microsoft.graph.onPremisesConditionalAccessSettings"
	enabled = $true
	includedGroups = @(
	"77c9d466-d466-77c9-66d4-c97766d4c977"
)
excludedGroups = @(
"2a0afae4-fae4-2a0a-e4fa-0a2ae4fa0a2a"
)
overrideDefaultRule = $true
}

Update-MgDeviceManagementConditionalAccessSetting -BodyParameter $params

有关如何将 SDK 添加到项目并创建 authProvider 实例的详细信息，请参阅 SDK 文档。

Python

from msgraph import GraphServiceClient
from msgraph.generated.models.on_premises_conditional_access_settings import OnPremisesConditionalAccessSettings

graph_client = GraphServiceClient(credentials, scopes)

request_body = OnPremisesConditionalAccessSettings(
	odata_type = "#microsoft.graph.onPremisesConditionalAccessSettings",
	enabled = True,
	included_groups = [
		UUID("77c9d466-d466-77c9-66d4-c97766d4c977"),
	],
	excluded_groups = [
		UUID("2a0afae4-fae4-2a0a-e4fa-0a2ae4fa0a2a"),
	],
	override_default_rule = True,
)

result = await graph_client.device_management.conditional_access_settings.patch(request_body)

有关如何将 SDK 添加到项目并创建 authProvider 实例的详细信息，请参阅 SDK 文档。

响应

下面是一个响应示例。 注意：为简洁起见，可能会截断此处显示的响应对象。 将从实际调用中返回所有属性。

HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 324

{
  "@odata.type": "#microsoft.graph.onPremisesConditionalAccessSettings",
  "id": "a0efde21-de21-a0ef-21de-efa021deefa0",
  "enabled": true,
  "includedGroups": [
    "77c9d466-d466-77c9-66d4-c97766d4c977"
  ],
  "excludedGroups": [
    "2a0afae4-fae4-2a0a-e4fa-0a2ae4fa0a2a"
  ],
  "overrideDefaultRule": true
}