创建 tlsInspectionRule

命名空间：microsoft.graph.networkaccess

重要

Microsoft Graph /beta 版本下的 API 可能会发生更改。不支持在生产应用程序中使用这些 API。若要确定 API 是否在 v1.0 中可用，请使用版本选择器。

在 tlsInspectionPolicy 中创建新的 tlsInspectionRule 对象。

全局服务	美国政府 L4	美国政府 L5 (DOD)	由世纪互联运营的中国
✅	❌	❌	❌

权限

为此 API 选择标记为最低特权的权限。只有在应用需要它时，才使用更高的特权权限。有关委派权限和应用程序权限的详细信息，请参阅权限类型。要了解有关这些权限的详细信息，请参阅权限参考。

权限类型	最低特权权限	更高特权权限
委派（工作或学校帐户）	NetworkAccess.ReadWrite.All	不可用。
委派（个人 Microsoft 帐户）	不支持。	不支持。
应用程序	NetworkAccess.ReadWrite.All	不可用。

重要

在具有工作或学校帐户的委托方案中，必须为登录用户分配受支持的Microsoft Entra角色或具有支持的角色权限的自定义角色。此作支持以下最低特权角色。

全局安全访问管理员
安全管理员

HTTP 请求

POST /networkAccess/tlsInspectionPolicies/{tlsInspectionPolicyId}/policyRules

请求标头

名称	说明
Authorization	持有者 {token}。必填。详细了解身份验证和授权。
Content-Type	application/json. 必需。

请求正文

在请求正文中，提供 tlsInspectionRule 对象的 JSON 表示形式。

创建 policyRule 时，可以指定以下属性。

属性	类型	说明
name	String	规则的显示名称。必需。
description	String	说明规则用途的可选说明。
action	microsoft.graph.networkaccess.tlsInspectionAction	流量与此规则匹配时要执行的作。可能的值为： `bypass`、 `inspect`。必填。
priority	Int64	规则的优先级。规则按优先级的升序计算。数字越小，优先级越高。必填。
settings	microsoft.graph.networkaccess.tlsInspectionRuleSettings	配置规则行为的其他设置。必填。
matchingConditions	microsoft.graph.networkaccess.tlsInspectionMatchingConditions	确定何时应将此规则应用于流量的条件。必填。

响应

如果成功，此方法在 201 Created 响应正文中返回响应代码和 tlsInspectionRule 对象。

示例

请求

以下示例显示了一个请求。

POST https://graph.microsoft.com/beta/networkAccess/tlsInspectionPolicies/b712c469-e7cd-e7cb-738f-94b199570b0d/policyRules
Content-Type: application/json

{
  "@odata.type": "#microsoft.graph.networkaccess.tlsInspectionRule",
  "name": "Contoso TLS Rule 1",
  "priority": 100,
  "description": "My TLS rule",
  "action": "inspect",
  "settings": {
    "status": "enabled"
  },
  "matchingConditions": {
    "destinations": [
      {
        "@odata.type": "#microsoft.graph.networkaccess.tlsInspectionFqdnDestination",
        "values": [
          "www.contoso.test.com",
          "*.contoso.org"
        ]
      },
      {
        "@odata.type": "#microsoft.graph.networkaccess.tlsInspectionWebCategoriesDestination",
        "values": [
          "Entertainment"
        ]
      }
    ]
  }
}


// Code snippets are only available for the latest version. Current version is 5.x

// Dependencies
using Microsoft.Graph.Beta.Models.Networkaccess;

var requestBody = new TlsInspectionRule
{
	OdataType = "#microsoft.graph.networkaccess.tlsInspectionRule",
	Name = "Contoso TLS Rule 1",
	Priority = 100L,
	Description = "My TLS rule",
	Settings = new TlsInspectionRuleSettings
	{
		Status = SecurityRuleStatus.Enabled,
	},
	MatchingConditions = new TlsInspectionMatchingConditions
	{
		Destinations = new List<TlsInspectionDestination>
		{
			new TlsInspectionFqdnDestination
			{
				OdataType = "#microsoft.graph.networkaccess.tlsInspectionFqdnDestination",
				Values = new List<string>
				{
					"www.contoso.test.com",
					"*.contoso.org",
				},
			},
			new TlsInspectionDestination
			{
				OdataType = "#microsoft.graph.networkaccess.tlsInspectionWebCategoriesDestination",
				AdditionalData = new Dictionary<string, object>
				{
					{
						"values" , new List<string>
						{
							"Entertainment",
						}
					},
				},
			},
		},
	},
	AdditionalData = new Dictionary<string, object>
	{
		{
			"action" , "inspect"
		},
	},
};

// To initialize your graphClient, see https://learn.microsoft.com/en-us/graph/sdks/create-client?from=snippets&tabs=csharp
var result = await graphClient.NetworkAccess.TlsInspectionPolicies["{tlsInspectionPolicy-id}"].PolicyRules.PostAsync(requestBody);

重要

Microsoft Graph SDK 默认使用 v1.0 版本的 API，并且不支持 beta 版本中提供的所有类型、属性和 API。有关使用 SDK 访问 beta API 的详细信息，请参阅将 Microsoft Graph SDK 与 beta API 配合使用。

有关如何将 SDK 添加到项目并创建 authProvider 实例的详细信息，请参阅 SDK 文档。



// Code snippets are only available for the latest major version. Current major version is $v0.*

// Dependencies
import (
	  "context"
	  msgraphsdk "github.com/microsoftgraph/msgraph-beta-sdk-go"
	  graphmodelsnetworkaccess "github.com/microsoftgraph/msgraph-beta-sdk-go/models/networkaccess"
	  //other-imports
)

requestBody := graphmodelsnetworkaccess.NewPolicyRule()
name := "Contoso TLS Rule 1"
requestBody.SetName(&name) 
priority := int64(100)
requestBody.SetPriority(&priority) 
description := "My TLS rule"
requestBody.SetDescription(&description) 
settings := graphmodelsnetworkaccess.NewTlsInspectionRuleSettings()
status := graphmodels.ENABLED_SECURITYRULESTATUS 
settings.SetStatus(&status) 
requestBody.SetSettings(settings)
matchingConditions := graphmodelsnetworkaccess.NewTlsInspectionMatchingConditions()


tlsInspectionDestination := graphmodelsnetworkaccess.NewTlsInspectionFqdnDestination()
values := []string {
	"www.contoso.test.com",
	"*.contoso.org",
}
tlsInspectionDestination.SetValues(values)
tlsInspectionDestination1 := graphmodelsnetworkaccess.NewTlsInspectionDestination()
additionalData := map[string]interface{}{
	values := []string {
		"Entertainment",
	}
}
tlsInspectionDestination1.SetAdditionalData(additionalData)

destinations := []graphmodelsnetworkaccess.TlsInspectionDestinationable {
	tlsInspectionDestination,
	tlsInspectionDestination1,
}
matchingConditions.SetDestinations(destinations)
requestBody.SetMatchingConditions(matchingConditions)
additionalData := map[string]interface{}{
	"action" : "inspect", 
}
requestBody.SetAdditionalData(additionalData)

// To initialize your graphClient, see https://learn.microsoft.com/en-us/graph/sdks/create-client?from=snippets&tabs=go
policyRules, err := graphClient.NetworkAccess().TlsInspectionPolicies().ByTlsInspectionPolicyId("tlsInspectionPolicy-id").PolicyRules().Post(context.Background(), requestBody, nil)

重要

有关如何将 SDK 添加到项目并创建 authProvider 实例的详细信息，请参阅 SDK 文档。


// Code snippets are only available for the latest version. Current version is 6.x

GraphServiceClient graphClient = new GraphServiceClient(requestAdapter);

com.microsoft.graph.beta.models.networkaccess.TlsInspectionRule policyRule = new com.microsoft.graph.beta.models.networkaccess.TlsInspectionRule();
policyRule.setOdataType("#microsoft.graph.networkaccess.tlsInspectionRule");
policyRule.setName("Contoso TLS Rule 1");
policyRule.setPriority(100L);
policyRule.setDescription("My TLS rule");
com.microsoft.graph.beta.models.networkaccess.TlsInspectionRuleSettings settings = new com.microsoft.graph.beta.models.networkaccess.TlsInspectionRuleSettings();
settings.setStatus(com.microsoft.graph.beta.models.networkaccess.SecurityRuleStatus.Enabled);
policyRule.setSettings(settings);
com.microsoft.graph.beta.models.networkaccess.TlsInspectionMatchingConditions matchingConditions = new com.microsoft.graph.beta.models.networkaccess.TlsInspectionMatchingConditions();
LinkedList<com.microsoft.graph.beta.models.networkaccess.TlsInspectionDestination> destinations = new LinkedList<com.microsoft.graph.beta.models.networkaccess.TlsInspectionDestination>();
com.microsoft.graph.beta.models.networkaccess.TlsInspectionFqdnDestination tlsInspectionDestination = new com.microsoft.graph.beta.models.networkaccess.TlsInspectionFqdnDestination();
tlsInspectionDestination.setOdataType("#microsoft.graph.networkaccess.tlsInspectionFqdnDestination");
LinkedList<String> values = new LinkedList<String>();
values.add("www.contoso.test.com");
values.add("*.contoso.org");
tlsInspectionDestination.setValues(values);
destinations.add(tlsInspectionDestination);
com.microsoft.graph.beta.models.networkaccess.TlsInspectionDestination tlsInspectionDestination1 = new com.microsoft.graph.beta.models.networkaccess.TlsInspectionDestination();
tlsInspectionDestination1.setOdataType("#microsoft.graph.networkaccess.tlsInspectionWebCategoriesDestination");
HashMap<String, Object> additionalData = new HashMap<String, Object>();
LinkedList<String> values1 = new LinkedList<String>();
values1.add("Entertainment");
additionalData.put("values", values1);
tlsInspectionDestination1.setAdditionalData(additionalData);
destinations.add(tlsInspectionDestination1);
matchingConditions.setDestinations(destinations);
policyRule.setMatchingConditions(matchingConditions);
HashMap<String, Object> additionalData1 = new HashMap<String, Object>();
additionalData1.put("action", "inspect");
policyRule.setAdditionalData(additionalData1);
com.microsoft.graph.models.networkaccess.PolicyRule result = graphClient.networkAccess().tlsInspectionPolicies().byTlsInspectionPolicyId("{tlsInspectionPolicy-id}").policyRules().post(policyRule);

重要

有关如何将 SDK 添加到项目并创建 authProvider 实例的详细信息，请参阅 SDK 文档。


const options = {
	authProvider,
};

const client = Client.init(options);

const policyRule = {
  '@odata.type': '#microsoft.graph.networkaccess.tlsInspectionRule',
  name: 'Contoso TLS Rule 1',
  priority: 100,
  description: 'My TLS rule',
  action: 'inspect',
  settings: {
    status: 'enabled'
  },
  matchingConditions: {
    destinations: [
      {
        '@odata.type': '#microsoft.graph.networkaccess.tlsInspectionFqdnDestination',
        values: [
          'www.contoso.test.com',
          '*.contoso.org'
        ]
      },
      {
        '@odata.type': '#microsoft.graph.networkaccess.tlsInspectionWebCategoriesDestination',
        values: [
          'Entertainment'
        ]
      }
    ]
  }
};

await client.api('/networkAccess/tlsInspectionPolicies/b712c469-e7cd-e7cb-738f-94b199570b0d/policyRules')
	.version('beta')
	.post(policyRule);

重要

有关如何将 SDK 添加到项目并创建 authProvider 实例的详细信息，请参阅 SDK 文档。


<?php
use Microsoft\Graph\Beta\GraphServiceClient;
use Microsoft\Graph\Beta\Generated\Models\Networkaccess\TlsInspectionRule;
use Microsoft\Graph\Beta\Generated\Models\Networkaccess\TlsInspectionRuleSettings;
use Microsoft\Graph\Beta\Generated\Models\Networkaccess\SecurityRuleStatus;
use Microsoft\Graph\Beta\Generated\Models\Networkaccess\TlsInspectionMatchingConditions;
use Microsoft\Graph\Beta\Generated\Models\Networkaccess\TlsInspectionDestination;
use Microsoft\Graph\Beta\Generated\Models\Networkaccess\TlsInspectionFqdnDestination;


$graphServiceClient = new GraphServiceClient($tokenRequestContext, $scopes);

$requestBody = new TlsInspectionRule();
$requestBody->setOdataType('#microsoft.graph.networkaccess.tlsInspectionRule');
$requestBody->setName('Contoso TLS Rule 1');
$requestBody->setPriority(100);
$requestBody->setDescription('My TLS rule');
$settings = new TlsInspectionRuleSettings();
$settings->setStatus(new SecurityRuleStatus('enabled'));
$requestBody->setSettings($settings);
$matchingConditions = new TlsInspectionMatchingConditions();
$destinationsTlsInspectionDestination1 = new TlsInspectionFqdnDestination();
$destinationsTlsInspectionDestination1->setOdataType('#microsoft.graph.networkaccess.tlsInspectionFqdnDestination');
$destinationsTlsInspectionDestination1->setValues(['www.contoso.test.com', '*.contoso.org', 	]);
$destinationsArray []= $destinationsTlsInspectionDestination1;
$destinationsTlsInspectionDestination2 = new TlsInspectionDestination();
$destinationsTlsInspectionDestination2->setOdataType('#microsoft.graph.networkaccess.tlsInspectionWebCategoriesDestination');
$additionalData = [
	'values' => [
'Entertainment', ],
];
$destinationsTlsInspectionDestination2->setAdditionalData($additionalData);
$destinationsArray []= $destinationsTlsInspectionDestination2;
$matchingConditions->setDestinations($destinationsArray);

$requestBody->setMatchingConditions($matchingConditions);
$additionalData = [
'action' => 'inspect',
];
$requestBody->setAdditionalData($additionalData);

$result = $graphServiceClient->networkAccess()->tlsInspectionPolicies()->byTlsInspectionPolicyId('tlsInspectionPolicy-id')->policyRules()->post($requestBody)->wait();

重要

有关如何将 SDK 添加到项目并创建 authProvider 实例的详细信息，请参阅 SDK 文档。


# Code snippets are only available for the latest version. Current version is 1.x
from msgraph_beta import GraphServiceClient
from msgraph_beta.generated.models.networkaccess.tls_inspection_rule import TlsInspectionRule
from msgraph_beta.generated.models.networkaccess.tls_inspection_rule_settings import TlsInspectionRuleSettings
from msgraph_beta.generated.models.security_rule_status import SecurityRuleStatus
from msgraph_beta.generated.models.networkaccess.tls_inspection_matching_conditions import TlsInspectionMatchingConditions
from msgraph_beta.generated.models.networkaccess.tls_inspection_destination import TlsInspectionDestination
from msgraph_beta.generated.models.networkaccess.tls_inspection_fqdn_destination import TlsInspectionFqdnDestination
# To initialize your graph_client, see https://learn.microsoft.com/en-us/graph/sdks/create-client?from=snippets&tabs=python
request_body = TlsInspectionRule(
	odata_type = "#microsoft.graph.networkaccess.tlsInspectionRule",
	name = "Contoso TLS Rule 1",
	priority = 100,
	description = "My TLS rule",
	settings = TlsInspectionRuleSettings(
		status = SecurityRuleStatus.Enabled,
	),
	matching_conditions = TlsInspectionMatchingConditions(
		destinations = [
			TlsInspectionFqdnDestination(
				odata_type = "#microsoft.graph.networkaccess.tlsInspectionFqdnDestination",
				values = [
					"www.contoso.test.com",
					"*.contoso.org",
				],
			),
			TlsInspectionDestination(
				odata_type = "#microsoft.graph.networkaccess.tlsInspectionWebCategoriesDestination",
				additional_data = {
						"values" : [
							"Entertainment",
						],
				}
			),
		],
	),
	additional_data = {
			"action" : "inspect",
	}
)

result = await graph_client.network_access.tls_inspection_policies.by_tls_inspection_policy_id('tlsInspectionPolicy-id').policy_rules.post(request_body)

重要

有关如何将 SDK 添加到项目并创建 authProvider 实例的详细信息，请参阅 SDK 文档。

响应

以下示例显示了相应的响应。

注意：为了提高可读性，可能缩短了此处显示的响应对象。

HTTP/1.1 201 Created
Content-Type: application/json

{
  "@odata.type": "#microsoft.graph.networkaccess.tlsInspectionRule",
  "id": "ecf99dcc-6575-4d01-83dc-3fa5a940c76b",
  "name": "Contoso TLS Rule 1",
  "priority": 100,
  "description": "My TLS rule",
  "action": "inspect",
  "settings": {
    "status": "enabled"
  },
  "matchingConditions": {
    "destinations": [
      {
        "@odata.type": "#microsoft.graph.networkaccess.tlsInspectionFqdnDestination",
        "values": [
          "www.contoso.test.com",
          "*.contoso.org"
        ]
      },
      {
        "@odata.type": "#microsoft.graph.networkaccess.tlsInspectionWebCategoriesDestination",
        "values": [
          "Entertainment"
        ]
      }
    ]
  }
}

反馈

此页面是否有帮助？

Last updated on 2025-07-24

通过

创建 tlsInspectionRule

权限

HTTP 请求

请求标头

请求正文

响应

示例

请求

响应

反馈

其他资源