Namespace: microsoft.graph
Importante
As APIs na versão /beta no Microsoft Graph estão sujeitas a alterações. Não há suporte para o uso dessas APIs em aplicativos de produção. Para determinar se uma API está disponível na v1.0, use o seletor Versão.
Crie um objeto appManagementPolicy .
Esta API está disponível nas seguintes implementações de cloud nacionais.
| Serviço global |
US Government L4 |
US Government L5 (DOD) |
China operada pela 21Vianet |
| ✅ |
✅ |
✅ |
✅ |
Permissões
Escolha a permissão ou permissões marcadas como menos privilegiadas para esta API. Utilize uma permissão ou permissões com privilégios mais elevados apenas se a sua aplicação o exigir. Para obter detalhes sobre as permissões delegadas e de aplicação, veja Tipos de permissão. Para saber mais sobre estas permissões, veja a referência de permissões.
| Tipo de permissão |
Permissões com menos privilégios |
Permissões com privilégios superiores |
| Delegado (conta corporativa ou de estudante) |
Policy.Read.ApplicationConfiguration |
Policy.ReadWrite.ApplicationConfiguration |
| Delegado (conta pessoal da Microsoft) |
Sem suporte. |
Sem suporte. |
| Application |
Policy.Read.ApplicationConfiguration |
Policy.ReadWrite.ApplicationConfiguration |
Importante
Em cenários delegados com contas escolares ou profissionais, o utilizador com sessão iniciada tem de ter uma função de Microsoft Entra suportada ou uma função personalizada com uma permissão de função suportada. As seguintes funções com menos privilégios são suportadas para esta operação:
- Administrador de Aplicativos de Nuvem
- Administrador de Aplicativos
Solicitação HTTP
POST /policies/appManagementPolicies
| Nome |
Descrição |
| Autorização |
{token} de portador. Obrigatório. Saiba mais sobre autenticação e autorização. |
| Content-Type |
application/json. Obrigatório. |
Importante
Os principais de serviço com um createdDateTime null são tratados como tendo sido criados a 01/01/01/2019.
Corpo da solicitação
No corpo do pedido, forneça uma representação JSON do objeto appManagementPolicy .
Pode especificar as seguintes propriedades ao criar uma appManagementPolicy.
| Propriedade |
Tipo |
Descrição |
| displayName |
Cadeia de caracteres |
O nome a apresentar da política. Obrigatório. |
| description |
Cadeia de caracteres |
A descrição da política. Obrigatório. |
| isEnabled |
Booliano |
Indica se a política está ativada. Opcional. |
| Restrições |
appManagementConfiguration |
Restrições que se aplicam a uma aplicação ou objeto de principal de serviço. Opcional. |
Resposta
Se for bem-sucedido, este método devolve um 201 Created código de resposta com o novo objeto appManagementPolicy no payload de resposta.
Exemplos
Solicitação
O exemplo a seguir mostra uma solicitação. Este pedido criou uma política de gestão de aplicações com as seguintes definições:
- Ativa a política.
- Bloqueia a criação de novas palavras-passe para aplicações e principais de serviço criados em ou depois de 19 de outubro de 2019 às 10:37 HORA UTC.
- Limita os segredos de palavra-passe para aplicações e principais de serviço criados após 19 de outubro de 2014 às 10:37 HORA UTC para menos de 90 dias.
- Desativa a restrição nonDefaultUriAddition. Isto significa que as aplicações com esta política aplicada podem adicionar novos URIs de identificador não predefinido às respetivas aplicações, mesmo que a política predefinida do inquilino o bloqueie normalmente.
- Não especifica outras restrições. Isto significa que o comportamento dessas restrições em aplicações/principais de serviço com esta política aplicada reverte para, no entanto, a política predefinida do inquilino está configurada.
POST https://graph.microsoft.com/beta/policies/appManagementPolicies
{
"displayName": "Credential management policy",
"description": "Cred policy sample",
"isEnabled": true,
"restrictions": {
"passwordCredentials": [
{
"restrictionType": "passwordAddition",
"state": "enabled",
"maxLifetime": null,
"restrictForAppsCreatedAfterDateTime": "2019-10-19T10:37:00Z"
},
{
"restrictionType": "passwordLifetime",
"state": "enabled",
"maxLifetime": "P90D",
"restrictForAppsCreatedAfterDateTime": "2014-10-19T10:37:00Z"
},
{
"restrictionType": "symmetricKeyAddition",
"state": "enabled",
"maxLifetime": null,
"restrictForAppsCreatedAfterDateTime": "2019-10-19T10:37:00Z"
},
{
"restrictionType": "symmetricKeyLifetime",
"state": "enabled",
"maxLifetime": "P90D",
"restrictForAppsCreatedAfterDateTime": "2014-10-19T10:37:00Z"
}
],
"keyCredentials": [],
"applicationRestrictions": {
"identifierUris": {
"nonDefaultUriAddition": {
"state": "disabled",
"restrictForAppsCreatedAfterDateTime": null,
"excludeAppsReceivingV2Tokens": true,
"excludeSaml": true
}
}
}
}
}
// Code snippets are only available for the latest version. Current version is 5.x
// Dependencies
using Microsoft.Graph.Beta.Models;
var requestBody = new AppManagementPolicy
{
DisplayName = "Credential management policy",
Description = "Cred policy sample",
IsEnabled = true,
Restrictions = new CustomAppManagementConfiguration
{
PasswordCredentials = new List<PasswordCredentialConfiguration>
{
new PasswordCredentialConfiguration
{
RestrictionType = AppCredentialRestrictionType.PasswordAddition,
State = AppManagementRestrictionState.Enabled,
MaxLifetime = null,
RestrictForAppsCreatedAfterDateTime = DateTimeOffset.Parse("2019-10-19T10:37:00Z"),
},
new PasswordCredentialConfiguration
{
RestrictionType = AppCredentialRestrictionType.PasswordLifetime,
State = AppManagementRestrictionState.Enabled,
MaxLifetime = TimeSpan.Parse("P90D"),
RestrictForAppsCreatedAfterDateTime = DateTimeOffset.Parse("2014-10-19T10:37:00Z"),
},
new PasswordCredentialConfiguration
{
RestrictionType = AppCredentialRestrictionType.SymmetricKeyAddition,
State = AppManagementRestrictionState.Enabled,
MaxLifetime = null,
RestrictForAppsCreatedAfterDateTime = DateTimeOffset.Parse("2019-10-19T10:37:00Z"),
},
new PasswordCredentialConfiguration
{
RestrictionType = AppCredentialRestrictionType.SymmetricKeyLifetime,
State = AppManagementRestrictionState.Enabled,
MaxLifetime = TimeSpan.Parse("P90D"),
RestrictForAppsCreatedAfterDateTime = DateTimeOffset.Parse("2014-10-19T10:37:00Z"),
},
},
KeyCredentials = new List<KeyCredentialConfiguration>
{
},
ApplicationRestrictions = new CustomAppManagementApplicationConfiguration
{
IdentifierUris = new IdentifierUriConfiguration
{
NonDefaultUriAddition = new IdentifierUriRestriction
{
State = AppManagementRestrictionState.Disabled,
RestrictForAppsCreatedAfterDateTime = null,
ExcludeAppsReceivingV2Tokens = true,
ExcludeSaml = true,
},
},
},
},
};
// To initialize your graphClient, see https://learn.microsoft.com/en-us/graph/sdks/create-client?from=snippets&tabs=csharp
var result = await graphClient.Policies.AppManagementPolicies.PostAsync(requestBody);
// Code snippets are only available for the latest major version. Current major version is $v0.*
// Dependencies
import (
"context"
msgraphsdk "github.com/microsoftgraph/msgraph-beta-sdk-go"
graphmodels "github.com/microsoftgraph/msgraph-beta-sdk-go/models"
//other-imports
)
requestBody := graphmodels.NewAppManagementPolicy()
displayName := "Credential management policy"
requestBody.SetDisplayName(&displayName)
description := "Cred policy sample"
requestBody.SetDescription(&description)
isEnabled := true
requestBody.SetIsEnabled(&isEnabled)
restrictions := graphmodels.NewCustomAppManagementConfiguration()
passwordCredentialConfiguration := graphmodels.NewPasswordCredentialConfiguration()
restrictionType := graphmodels.PASSWORDADDITION_APPCREDENTIALRESTRICTIONTYPE
passwordCredentialConfiguration.SetRestrictionType(&restrictionType)
state := graphmodels.ENABLED_APPMANAGEMENTRESTRICTIONSTATE
passwordCredentialConfiguration.SetState(&state)
maxLifetime := null
passwordCredentialConfiguration.SetMaxLifetime(&maxLifetime)
restrictForAppsCreatedAfterDateTime , err := time.Parse(time.RFC3339, "2019-10-19T10:37:00Z")
passwordCredentialConfiguration.SetRestrictForAppsCreatedAfterDateTime(&restrictForAppsCreatedAfterDateTime)
passwordCredentialConfiguration1 := graphmodels.NewPasswordCredentialConfiguration()
restrictionType := graphmodels.PASSWORDLIFETIME_APPCREDENTIALRESTRICTIONTYPE
passwordCredentialConfiguration1.SetRestrictionType(&restrictionType)
state := graphmodels.ENABLED_APPMANAGEMENTRESTRICTIONSTATE
passwordCredentialConfiguration1.SetState(&state)
maxLifetime , err := abstractions.ParseISODuration("P90D")
passwordCredentialConfiguration1.SetMaxLifetime(&maxLifetime)
restrictForAppsCreatedAfterDateTime , err := time.Parse(time.RFC3339, "2014-10-19T10:37:00Z")
passwordCredentialConfiguration1.SetRestrictForAppsCreatedAfterDateTime(&restrictForAppsCreatedAfterDateTime)
passwordCredentialConfiguration2 := graphmodels.NewPasswordCredentialConfiguration()
restrictionType := graphmodels.SYMMETRICKEYADDITION_APPCREDENTIALRESTRICTIONTYPE
passwordCredentialConfiguration2.SetRestrictionType(&restrictionType)
state := graphmodels.ENABLED_APPMANAGEMENTRESTRICTIONSTATE
passwordCredentialConfiguration2.SetState(&state)
maxLifetime := null
passwordCredentialConfiguration2.SetMaxLifetime(&maxLifetime)
restrictForAppsCreatedAfterDateTime , err := time.Parse(time.RFC3339, "2019-10-19T10:37:00Z")
passwordCredentialConfiguration2.SetRestrictForAppsCreatedAfterDateTime(&restrictForAppsCreatedAfterDateTime)
passwordCredentialConfiguration3 := graphmodels.NewPasswordCredentialConfiguration()
restrictionType := graphmodels.SYMMETRICKEYLIFETIME_APPCREDENTIALRESTRICTIONTYPE
passwordCredentialConfiguration3.SetRestrictionType(&restrictionType)
state := graphmodels.ENABLED_APPMANAGEMENTRESTRICTIONSTATE
passwordCredentialConfiguration3.SetState(&state)
maxLifetime , err := abstractions.ParseISODuration("P90D")
passwordCredentialConfiguration3.SetMaxLifetime(&maxLifetime)
restrictForAppsCreatedAfterDateTime , err := time.Parse(time.RFC3339, "2014-10-19T10:37:00Z")
passwordCredentialConfiguration3.SetRestrictForAppsCreatedAfterDateTime(&restrictForAppsCreatedAfterDateTime)
passwordCredentials := []graphmodels.PasswordCredentialConfigurationable {
passwordCredentialConfiguration,
passwordCredentialConfiguration1,
passwordCredentialConfiguration2,
passwordCredentialConfiguration3,
}
restrictions.SetPasswordCredentials(passwordCredentials)
keyCredentials := []graphmodels.KeyCredentialConfigurationable {
}
restrictions.SetKeyCredentials(keyCredentials)
applicationRestrictions := graphmodels.NewCustomAppManagementApplicationConfiguration()
identifierUris := graphmodels.NewIdentifierUriConfiguration()
nonDefaultUriAddition := graphmodels.NewIdentifierUriRestriction()
state := graphmodels.DISABLED_APPMANAGEMENTRESTRICTIONSTATE
nonDefaultUriAddition.SetState(&state)
restrictForAppsCreatedAfterDateTime := null
nonDefaultUriAddition.SetRestrictForAppsCreatedAfterDateTime(&restrictForAppsCreatedAfterDateTime)
excludeAppsReceivingV2Tokens := true
nonDefaultUriAddition.SetExcludeAppsReceivingV2Tokens(&excludeAppsReceivingV2Tokens)
excludeSaml := true
nonDefaultUriAddition.SetExcludeSaml(&excludeSaml)
identifierUris.SetNonDefaultUriAddition(nonDefaultUriAddition)
applicationRestrictions.SetIdentifierUris(identifierUris)
restrictions.SetApplicationRestrictions(applicationRestrictions)
requestBody.SetRestrictions(restrictions)
// To initialize your graphClient, see https://learn.microsoft.com/en-us/graph/sdks/create-client?from=snippets&tabs=go
appManagementPolicies, err := graphClient.Policies().AppManagementPolicies().Post(context.Background(), requestBody, nil)
// Code snippets are only available for the latest version. Current version is 6.x
GraphServiceClient graphClient = new GraphServiceClient(requestAdapter);
AppManagementPolicy appManagementPolicy = new AppManagementPolicy();
appManagementPolicy.setDisplayName("Credential management policy");
appManagementPolicy.setDescription("Cred policy sample");
appManagementPolicy.setIsEnabled(true);
CustomAppManagementConfiguration restrictions = new CustomAppManagementConfiguration();
LinkedList<PasswordCredentialConfiguration> passwordCredentials = new LinkedList<PasswordCredentialConfiguration>();
PasswordCredentialConfiguration passwordCredentialConfiguration = new PasswordCredentialConfiguration();
passwordCredentialConfiguration.setRestrictionType(AppCredentialRestrictionType.PasswordAddition);
passwordCredentialConfiguration.setState(AppManagementRestrictionState.Enabled);
passwordCredentialConfiguration.setMaxLifetime(null);
OffsetDateTime restrictForAppsCreatedAfterDateTime = OffsetDateTime.parse("2019-10-19T10:37:00Z");
passwordCredentialConfiguration.setRestrictForAppsCreatedAfterDateTime(restrictForAppsCreatedAfterDateTime);
passwordCredentials.add(passwordCredentialConfiguration);
PasswordCredentialConfiguration passwordCredentialConfiguration1 = new PasswordCredentialConfiguration();
passwordCredentialConfiguration1.setRestrictionType(AppCredentialRestrictionType.PasswordLifetime);
passwordCredentialConfiguration1.setState(AppManagementRestrictionState.Enabled);
PeriodAndDuration maxLifetime1 = PeriodAndDuration.ofDuration(Duration.parse("P90D"));
passwordCredentialConfiguration1.setMaxLifetime(maxLifetime1);
OffsetDateTime restrictForAppsCreatedAfterDateTime1 = OffsetDateTime.parse("2014-10-19T10:37:00Z");
passwordCredentialConfiguration1.setRestrictForAppsCreatedAfterDateTime(restrictForAppsCreatedAfterDateTime1);
passwordCredentials.add(passwordCredentialConfiguration1);
PasswordCredentialConfiguration passwordCredentialConfiguration2 = new PasswordCredentialConfiguration();
passwordCredentialConfiguration2.setRestrictionType(AppCredentialRestrictionType.SymmetricKeyAddition);
passwordCredentialConfiguration2.setState(AppManagementRestrictionState.Enabled);
passwordCredentialConfiguration2.setMaxLifetime(null);
OffsetDateTime restrictForAppsCreatedAfterDateTime2 = OffsetDateTime.parse("2019-10-19T10:37:00Z");
passwordCredentialConfiguration2.setRestrictForAppsCreatedAfterDateTime(restrictForAppsCreatedAfterDateTime2);
passwordCredentials.add(passwordCredentialConfiguration2);
PasswordCredentialConfiguration passwordCredentialConfiguration3 = new PasswordCredentialConfiguration();
passwordCredentialConfiguration3.setRestrictionType(AppCredentialRestrictionType.SymmetricKeyLifetime);
passwordCredentialConfiguration3.setState(AppManagementRestrictionState.Enabled);
PeriodAndDuration maxLifetime3 = PeriodAndDuration.ofDuration(Duration.parse("P90D"));
passwordCredentialConfiguration3.setMaxLifetime(maxLifetime3);
OffsetDateTime restrictForAppsCreatedAfterDateTime3 = OffsetDateTime.parse("2014-10-19T10:37:00Z");
passwordCredentialConfiguration3.setRestrictForAppsCreatedAfterDateTime(restrictForAppsCreatedAfterDateTime3);
passwordCredentials.add(passwordCredentialConfiguration3);
restrictions.setPasswordCredentials(passwordCredentials);
LinkedList<KeyCredentialConfiguration> keyCredentials = new LinkedList<KeyCredentialConfiguration>();
restrictions.setKeyCredentials(keyCredentials);
CustomAppManagementApplicationConfiguration applicationRestrictions = new CustomAppManagementApplicationConfiguration();
IdentifierUriConfiguration identifierUris = new IdentifierUriConfiguration();
IdentifierUriRestriction nonDefaultUriAddition = new IdentifierUriRestriction();
nonDefaultUriAddition.setState(AppManagementRestrictionState.Disabled);
nonDefaultUriAddition.setRestrictForAppsCreatedAfterDateTime(null);
nonDefaultUriAddition.setExcludeAppsReceivingV2Tokens(true);
nonDefaultUriAddition.setExcludeSaml(true);
identifierUris.setNonDefaultUriAddition(nonDefaultUriAddition);
applicationRestrictions.setIdentifierUris(identifierUris);
restrictions.setApplicationRestrictions(applicationRestrictions);
appManagementPolicy.setRestrictions(restrictions);
AppManagementPolicy result = graphClient.policies().appManagementPolicies().post(appManagementPolicy);
const options = {
authProvider,
};
const client = Client.init(options);
const appManagementPolicy = {
displayName: 'Credential management policy',
description: 'Cred policy sample',
isEnabled: true,
restrictions: {
passwordCredentials: [
{
restrictionType: 'passwordAddition',
state: 'enabled',
maxLifetime: null,
restrictForAppsCreatedAfterDateTime: '2019-10-19T10:37:00Z'
},
{
restrictionType: 'passwordLifetime',
state: 'enabled',
maxLifetime: 'P90D',
restrictForAppsCreatedAfterDateTime: '2014-10-19T10:37:00Z'
},
{
restrictionType: 'symmetricKeyAddition',
state: 'enabled',
maxLifetime: null,
restrictForAppsCreatedAfterDateTime: '2019-10-19T10:37:00Z'
},
{
restrictionType: 'symmetricKeyLifetime',
state: 'enabled',
maxLifetime: 'P90D',
restrictForAppsCreatedAfterDateTime: '2014-10-19T10:37:00Z'
}
],
keyCredentials: [],
applicationRestrictions: {
identifierUris: {
nonDefaultUriAddition: {
state: 'disabled',
restrictForAppsCreatedAfterDateTime: null,
excludeAppsReceivingV2Tokens: true,
excludeSaml: true
}
}
}
}
};
await client.api('/policies/appManagementPolicies')
.version('beta')
.post(appManagementPolicy);
<?php
use Microsoft\Graph\Beta\GraphServiceClient;
use Microsoft\Graph\Beta\Generated\Models\AppManagementPolicy;
use Microsoft\Graph\Beta\Generated\Models\CustomAppManagementConfiguration;
use Microsoft\Graph\Beta\Generated\Models\PasswordCredentialConfiguration;
use Microsoft\Graph\Beta\Generated\Models\AppCredentialRestrictionType;
use Microsoft\Graph\Beta\Generated\Models\AppManagementRestrictionState;
use Microsoft\Graph\Beta\Generated\Models\KeyCredentialConfiguration;
use Microsoft\Graph\Beta\Generated\Models\CustomAppManagementApplicationConfiguration;
use Microsoft\Graph\Beta\Generated\Models\IdentifierUriConfiguration;
use Microsoft\Graph\Beta\Generated\Models\IdentifierUriRestriction;
$graphServiceClient = new GraphServiceClient($tokenRequestContext, $scopes);
$requestBody = new AppManagementPolicy();
$requestBody->setDisplayName('Credential management policy');
$requestBody->setDescription('Cred policy sample');
$requestBody->setIsEnabled(true);
$restrictions = new CustomAppManagementConfiguration();
$passwordCredentialsPasswordCredentialConfiguration1 = new PasswordCredentialConfiguration();
$passwordCredentialsPasswordCredentialConfiguration1->setRestrictionType(new AppCredentialRestrictionType('passwordAddition'));
$passwordCredentialsPasswordCredentialConfiguration1->setState(new AppManagementRestrictionState('enabled'));
$passwordCredentialsPasswordCredentialConfiguration1->setMaxLifetime(null);
$passwordCredentialsPasswordCredentialConfiguration1->setRestrictForAppsCreatedAfterDateTime(new \DateTime('2019-10-19T10:37:00Z'));
$passwordCredentialsArray []= $passwordCredentialsPasswordCredentialConfiguration1;
$passwordCredentialsPasswordCredentialConfiguration2 = new PasswordCredentialConfiguration();
$passwordCredentialsPasswordCredentialConfiguration2->setRestrictionType(new AppCredentialRestrictionType('passwordLifetime'));
$passwordCredentialsPasswordCredentialConfiguration2->setState(new AppManagementRestrictionState('enabled'));
$passwordCredentialsPasswordCredentialConfiguration2->setMaxLifetime(new \DateInterval('P90D'));
$passwordCredentialsPasswordCredentialConfiguration2->setRestrictForAppsCreatedAfterDateTime(new \DateTime('2014-10-19T10:37:00Z'));
$passwordCredentialsArray []= $passwordCredentialsPasswordCredentialConfiguration2;
$passwordCredentialsPasswordCredentialConfiguration3 = new PasswordCredentialConfiguration();
$passwordCredentialsPasswordCredentialConfiguration3->setRestrictionType(new AppCredentialRestrictionType('symmetricKeyAddition'));
$passwordCredentialsPasswordCredentialConfiguration3->setState(new AppManagementRestrictionState('enabled'));
$passwordCredentialsPasswordCredentialConfiguration3->setMaxLifetime(null);
$passwordCredentialsPasswordCredentialConfiguration3->setRestrictForAppsCreatedAfterDateTime(new \DateTime('2019-10-19T10:37:00Z'));
$passwordCredentialsArray []= $passwordCredentialsPasswordCredentialConfiguration3;
$passwordCredentialsPasswordCredentialConfiguration4 = new PasswordCredentialConfiguration();
$passwordCredentialsPasswordCredentialConfiguration4->setRestrictionType(new AppCredentialRestrictionType('symmetricKeyLifetime'));
$passwordCredentialsPasswordCredentialConfiguration4->setState(new AppManagementRestrictionState('enabled'));
$passwordCredentialsPasswordCredentialConfiguration4->setMaxLifetime(new \DateInterval('P90D'));
$passwordCredentialsPasswordCredentialConfiguration4->setRestrictForAppsCreatedAfterDateTime(new \DateTime('2014-10-19T10:37:00Z'));
$passwordCredentialsArray []= $passwordCredentialsPasswordCredentialConfiguration4;
$restrictions->setPasswordCredentials($passwordCredentialsArray);
$restrictions->setKeyCredentials([]);
$restrictionsApplicationRestrictions = new CustomAppManagementApplicationConfiguration();
$restrictionsApplicationRestrictionsIdentifierUris = new IdentifierUriConfiguration();
$restrictionsApplicationRestrictionsIdentifierUrisNonDefaultUriAddition = new IdentifierUriRestriction();
$restrictionsApplicationRestrictionsIdentifierUrisNonDefaultUriAddition->setState(new AppManagementRestrictionState('disabled'));
$restrictionsApplicationRestrictionsIdentifierUrisNonDefaultUriAddition->setRestrictForAppsCreatedAfterDateTime(null);
$restrictionsApplicationRestrictionsIdentifierUrisNonDefaultUriAddition->setExcludeAppsReceivingV2Tokens(true);
$restrictionsApplicationRestrictionsIdentifierUrisNonDefaultUriAddition->setExcludeSaml(true);
$restrictionsApplicationRestrictionsIdentifierUris->setNonDefaultUriAddition($restrictionsApplicationRestrictionsIdentifierUrisNonDefaultUriAddition);
$restrictionsApplicationRestrictions->setIdentifierUris($restrictionsApplicationRestrictionsIdentifierUris);
$restrictions->setApplicationRestrictions($restrictionsApplicationRestrictions);
$requestBody->setRestrictions($restrictions);
$result = $graphServiceClient->policies()->appManagementPolicies()->post($requestBody)->wait();
Import-Module Microsoft.Graph.Beta.Identity.SignIns
$params = @{
displayName = "Credential management policy"
description = "Cred policy sample"
isEnabled = $true
restrictions = @{
passwordCredentials = @(
@{
restrictionType = "passwordAddition"
state = "enabled"
maxLifetime = $null
restrictForAppsCreatedAfterDateTime = [System.DateTime]::Parse("2019-10-19T10:37:00Z")
}
@{
restrictionType = "passwordLifetime"
state = "enabled"
maxLifetime = "P90D"
restrictForAppsCreatedAfterDateTime = [System.DateTime]::Parse("2014-10-19T10:37:00Z")
}
@{
restrictionType = "symmetricKeyAddition"
state = "enabled"
maxLifetime = $null
restrictForAppsCreatedAfterDateTime = [System.DateTime]::Parse("2019-10-19T10:37:00Z")
}
@{
restrictionType = "symmetricKeyLifetime"
state = "enabled"
maxLifetime = "P90D"
restrictForAppsCreatedAfterDateTime = [System.DateTime]::Parse("2014-10-19T10:37:00Z")
}
)
keyCredentials = @(
)
applicationRestrictions = @{
identifierUris = @{
nonDefaultUriAddition = @{
state = "disabled"
restrictForAppsCreatedAfterDateTime = $null
excludeAppsReceivingV2Tokens = $true
excludeSaml = $true
}
}
}
}
}
New-MgBetaPolicyAppManagementPolicy -BodyParameter $params
# Code snippets are only available for the latest version. Current version is 1.x
from msgraph_beta import GraphServiceClient
from msgraph_beta.generated.models.app_management_policy import AppManagementPolicy
from msgraph_beta.generated.models.custom_app_management_configuration import CustomAppManagementConfiguration
from msgraph_beta.generated.models.password_credential_configuration import PasswordCredentialConfiguration
from msgraph_beta.generated.models.app_credential_restriction_type import AppCredentialRestrictionType
from msgraph_beta.generated.models.app_management_restriction_state import AppManagementRestrictionState
from msgraph_beta.generated.models.key_credential_configuration import KeyCredentialConfiguration
from msgraph_beta.generated.models.custom_app_management_application_configuration import CustomAppManagementApplicationConfiguration
from msgraph_beta.generated.models.identifier_uri_configuration import IdentifierUriConfiguration
from msgraph_beta.generated.models.identifier_uri_restriction import IdentifierUriRestriction
# To initialize your graph_client, see https://learn.microsoft.com/en-us/graph/sdks/create-client?from=snippets&tabs=python
request_body = AppManagementPolicy(
display_name = "Credential management policy",
description = "Cred policy sample",
is_enabled = True,
restrictions = CustomAppManagementConfiguration(
password_credentials = [
PasswordCredentialConfiguration(
restriction_type = AppCredentialRestrictionType.PasswordAddition,
state = AppManagementRestrictionState.Enabled,
max_lifetime = None,
restrict_for_apps_created_after_date_time = "2019-10-19T10:37:00Z",
),
PasswordCredentialConfiguration(
restriction_type = AppCredentialRestrictionType.PasswordLifetime,
state = AppManagementRestrictionState.Enabled,
max_lifetime = "P90D",
restrict_for_apps_created_after_date_time = "2014-10-19T10:37:00Z",
),
PasswordCredentialConfiguration(
restriction_type = AppCredentialRestrictionType.SymmetricKeyAddition,
state = AppManagementRestrictionState.Enabled,
max_lifetime = None,
restrict_for_apps_created_after_date_time = "2019-10-19T10:37:00Z",
),
PasswordCredentialConfiguration(
restriction_type = AppCredentialRestrictionType.SymmetricKeyLifetime,
state = AppManagementRestrictionState.Enabled,
max_lifetime = "P90D",
restrict_for_apps_created_after_date_time = "2014-10-19T10:37:00Z",
),
],
key_credentials = [
],
application_restrictions = CustomAppManagementApplicationConfiguration(
identifier_uris = IdentifierUriConfiguration(
non_default_uri_addition = IdentifierUriRestriction(
state = AppManagementRestrictionState.Disabled,
restrict_for_apps_created_after_date_time = None,
exclude_apps_receiving_v2_tokens = True,
exclude_saml = True,
),
),
),
),
)
result = await graph_client.policies.app_management_policies.post(request_body)
Resposta
O exemplo a seguir mostra a resposta.
HTTP/1.1 200 OK
Content-type: application/json
{
"@odata.context": "https://graph.microsoft.com/beta/$metadata#policies/appManagementPolicies/$entity",
"id": "a4ab1ed9-46bb-4bef-88d4-86fd6398dd5d",
"displayName": "credential management policy",
"description": "Lorem ipsum",
"isEnabled": true,
"restrictions": {
"passwordCredentials": [
{
"restrictionType": "passwordAddition",
"state": "enabled",
"maxLifetime": null,
"restrictForAppsCreatedAfterDateTime": "2019-10-19T10:37:00Z"
},
{
"restrictionType": "passwordLifetime",
"state": "enabled",
"maxLifetime": "P90D",
"restrictForAppsCreatedAfterDateTime": "2018-10-19T10:37:00Z"
},
{
"restrictionType": "symmetricKeyAddition",
"state": "enabled",
"maxLifetime": null,
"restrictForAppsCreatedAfterDateTime": "2019-10-19T10:37:00Z"
},
{
"restrictionType": "symmetricKeyLifetime",
"state": "enabled",
"maxLifetime": "P90D",
"restrictForAppsCreatedAfterDateTime": "2014-10-19T10:37:00Z"
}
],
"keyCredentials": [],
"applicationRestrictions": {
"identifierUris": {
"nonDefaultUriAddition": {
"state": "disabled",
"excludeAppsReceivingV2Tokens": true,
"excludeSaml": true
}
}
}
}
}