Create defaultManagedAppProtection

Namespace: microsoft.graph

Note: The Microsoft Graph API for Intune requires an active Intune license for the tenant.

Create a new defaultManagedAppProtection object.

This API is available in the following national cloud deployments.

Global service	US Government L4	US Government L5 (DOD)	China operated by 21Vianet
✅	✅	✅	✅

Permissions

One of the following permissions is required to call this API. To learn more, including how to choose permissions, see Permissions.

Permission type	Permissions (from least to most privileged)
Delegated (work or school account)	DeviceManagementApps.ReadWrite.All
Delegated (personal Microsoft account)	Not supported.
Application	DeviceManagementApps.ReadWrite.All

HTTP Request

POST /deviceAppManagement/defaultManagedAppProtections

Request headers

Header	Value
Authorization	Bearer {token}. Required. Learn more about authentication and authorization.
Accept	application/json

Request body

In the request body, supply a JSON representation for the defaultManagedAppProtection object.

The following table shows the properties that are required when you create the defaultManagedAppProtection.

Property	Type	Description
displayName	String	Policy display name. Inherited from managedAppPolicy
description	String	The policy's description. Inherited from managedAppPolicy
createdDateTime	DateTimeOffset	The date and time the policy was created. Inherited from managedAppPolicy
lastModifiedDateTime	DateTimeOffset	Last time the policy was modified. Inherited from managedAppPolicy
id	String	Key of the entity. Inherited from managedAppPolicy
version	String	Version of the entity. Inherited from managedAppPolicy
periodOfflineBeforeAccessCheck	Duration	The period after which access is checked when the device is not connected to the internet. Inherited from managedAppProtection
periodOnlineBeforeAccessCheck	Duration	The period after which access is checked when the device is connected to the internet. Inherited from managedAppProtection
allowedInboundDataTransferSources	managedAppDataTransferLevel	Sources from which data is allowed to be transferred. Inherited from managedAppProtection. Possible values are: allApps, managedApps, none.
allowedOutboundDataTransferDestinations	managedAppDataTransferLevel	Destinations to which data is allowed to be transferred. Inherited from managedAppProtection. Possible values are: allApps, managedApps, none.
organizationalCredentialsRequired	Boolean	Indicates whether organizational credentials are required for app use. Inherited from managedAppProtection
allowedOutboundClipboardSharingLevel	managedAppClipboardSharingLevel	The level to which the clipboard may be shared between apps on the managed device. Inherited from managedAppProtection. Possible values are: allApps, managedAppsWithPasteIn, managedApps, blocked.
dataBackupBlocked	Boolean	Indicates whether the backup of a managed app's data is blocked. Inherited from managedAppProtection
deviceComplianceRequired	Boolean	Indicates whether device compliance is required. Inherited from managedAppProtection
managedBrowserToOpenLinksRequired	Boolean	Indicates whether internet links should be opened in the managed browser app, or any custom browser specified by CustomBrowserProtocol (for iOS) or CustomBrowserPackageId/CustomBrowserDisplayName (for Android) Inherited from managedAppProtection
saveAsBlocked	Boolean	Indicates whether users may use the "Save As" menu item to save a copy of protected files. Inherited from managedAppProtection
periodOfflineBeforeWipeIsEnforced	Duration	The amount of time an app is allowed to remain disconnected from the internet before all managed data it is wiped. Inherited from managedAppProtection
pinRequired	Boolean	Indicates whether an app-level pin is required. Inherited from managedAppProtection
maximumPinRetries	Int32	Maximum number of incorrect pin retry attempts before the managed app is either blocked or wiped. Inherited from managedAppProtection
simplePinBlocked	Boolean	Indicates whether simplePin is blocked. Inherited from managedAppProtection
minimumPinLength	Int32	Minimum pin length required for an app-level pin if PinRequired is set to True Inherited from managedAppProtection
pinCharacterSet	managedAppPinCharacterSet	Character set which may be used for an app-level pin if PinRequired is set to True. Inherited from managedAppProtection. Possible values are: numeric, alphanumericAndSymbol.
periodBeforePinReset	Duration	TimePeriod before the all-level pin must be reset if PinRequired is set to True. Inherited from managedAppProtection
allowedDataStorageLocations	managedAppDataStorageLocation collection	Data storage locations where a user may store managed data. Inherited from managedAppProtection. Possible values are: oneDriveForBusiness, sharePoint, box, localStorage.
contactSyncBlocked	Boolean	Indicates whether contacts can be synced to the user's device. Inherited from managedAppProtection
printBlocked	Boolean	Indicates whether printing is allowed from managed apps. Inherited from managedAppProtection
fingerprintBlocked	Boolean	Indicates whether use of the fingerprint reader is allowed in place of a pin if PinRequired is set to True. Inherited from managedAppProtection
disableAppPinIfDevicePinIsSet	Boolean	Indicates whether use of the app pin is required if the device pin is set. Inherited from managedAppProtection
minimumRequiredOsVersion	String	Versions less than the specified version will block the managed app from accessing company data. Inherited from managedAppProtection
minimumWarningOsVersion	String	Versions less than the specified version will result in warning message on the managed app from accessing company data. Inherited from managedAppProtection
minimumRequiredAppVersion	String	Versions less than the specified version will block the managed app from accessing company data. Inherited from managedAppProtection
minimumWarningAppVersion	String	Versions less than the specified version will result in warning message on the managed app. Inherited from managedAppProtection
managedBrowser	managedBrowserType	Indicates in which managed browser(s) that internet links should be opened. When this property is configured, ManagedBrowserToOpenLinksRequired should be true. Inherited from managedAppProtection. Possible values are: notConfigured, microsoftEdge.
appDataEncryptionType	managedAppDataEncryptionType	Type of encryption which should be used for data in a managed app. (iOS Only). Possible values are: useDeviceSettings, afterDeviceRestart, whenDeviceLockedExceptOpenFiles, whenDeviceLocked.
screenCaptureBlocked	Boolean	Indicates whether screen capture is blocked. (Android only)
encryptAppData	Boolean	Indicates whether managed-app data should be encrypted. (Android only)
disableAppEncryptionIfDeviceEncryptionIsEnabled	Boolean	When this setting is enabled, app level encryption is disabled if device level encryption is enabled. (Android only)
minimumRequiredSdkVersion	String	Versions less than the specified version will block the managed app from accessing company data. (iOS Only)
customSettings	keyValuePair collection	A set of string key and string value pairs to be sent to the affected users, unalterned by this service
deployedAppCount	Int32	Count of apps to which the current policy is deployed.
minimumRequiredPatchVersion	String	Define the oldest required Android security patch level a user can have to gain secure access to the app. (Android only)
minimumWarningPatchVersion	String	Define the oldest recommended Android security patch level a user can have for secure access to the app. (Android only)
faceIdBlocked	Boolean	Indicates whether use of the FaceID is allowed in place of a pin if PinRequired is set to True. (iOS Only)

Response

If successful, this method returns a 201 Created response code and a defaultManagedAppProtection object in the response body.

Example

Request

Here is an example of the request.

HTTP

POST https://graph.microsoft.com/v1.0/deviceAppManagement/defaultManagedAppProtections
Content-type: application/json
Content-length: 2009

{
  "@odata.type": "#microsoft.graph.defaultManagedAppProtection",
  "displayName": "Display Name value",
  "description": "Description value",
  "version": "Version value",
  "periodOfflineBeforeAccessCheck": "-PT17.1357909S",
  "periodOnlineBeforeAccessCheck": "PT35.0018757S",
  "allowedInboundDataTransferSources": "managedApps",
  "allowedOutboundDataTransferDestinations": "managedApps",
  "organizationalCredentialsRequired": true,
  "allowedOutboundClipboardSharingLevel": "managedAppsWithPasteIn",
  "dataBackupBlocked": true,
  "deviceComplianceRequired": true,
  "managedBrowserToOpenLinksRequired": true,
  "saveAsBlocked": true,
  "periodOfflineBeforeWipeIsEnforced": "-PT3M22.1587532S",
  "pinRequired": true,
  "maximumPinRetries": 1,
  "simplePinBlocked": true,
  "minimumPinLength": 0,
  "pinCharacterSet": "alphanumericAndSymbol",
  "periodBeforePinReset": "PT3M29.6631862S",
  "allowedDataStorageLocations": [
    "sharePoint"
  ],
  "contactSyncBlocked": true,
  "printBlocked": true,
  "fingerprintBlocked": true,
  "disableAppPinIfDevicePinIsSet": true,
  "minimumRequiredOsVersion": "Minimum Required Os Version value",
  "minimumWarningOsVersion": "Minimum Warning Os Version value",
  "minimumRequiredAppVersion": "Minimum Required App Version value",
  "minimumWarningAppVersion": "Minimum Warning App Version value",
  "managedBrowser": "microsoftEdge",
  "appDataEncryptionType": "afterDeviceRestart",
  "screenCaptureBlocked": true,
  "encryptAppData": true,
  "disableAppEncryptionIfDeviceEncryptionIsEnabled": true,
  "minimumRequiredSdkVersion": "Minimum Required Sdk Version value",
  "customSettings": [
    {
      "@odata.type": "microsoft.graph.keyValuePair",
      "name": "Name value",
      "value": "Value value"
    }
  ],
  "deployedAppCount": 0,
  "minimumRequiredPatchVersion": "Minimum Required Patch Version value",
  "minimumWarningPatchVersion": "Minimum Warning Patch Version value",
  "faceIdBlocked": true
}

C#

// Code snippets are only available for the latest version. Current version is 5.x

// Dependencies
using Microsoft.Graph.Models;

var requestBody = new DefaultManagedAppProtection
{
	OdataType = "#microsoft.graph.defaultManagedAppProtection",
	DisplayName = "Display Name value",
	Description = "Description value",
	Version = "Version value",
	PeriodOfflineBeforeAccessCheck = TimeSpan.Parse("-PT17.1357909S"),
	PeriodOnlineBeforeAccessCheck = TimeSpan.Parse("PT35.0018757S"),
	AllowedInboundDataTransferSources = ManagedAppDataTransferLevel.ManagedApps,
	AllowedOutboundDataTransferDestinations = ManagedAppDataTransferLevel.ManagedApps,
	OrganizationalCredentialsRequired = true,
	AllowedOutboundClipboardSharingLevel = ManagedAppClipboardSharingLevel.ManagedAppsWithPasteIn,
	DataBackupBlocked = true,
	DeviceComplianceRequired = true,
	ManagedBrowserToOpenLinksRequired = true,
	SaveAsBlocked = true,
	PeriodOfflineBeforeWipeIsEnforced = TimeSpan.Parse("-PT3M22.1587532S"),
	PinRequired = true,
	MaximumPinRetries = 1,
	SimplePinBlocked = true,
	MinimumPinLength = 0,
	PinCharacterSet = ManagedAppPinCharacterSet.AlphanumericAndSymbol,
	PeriodBeforePinReset = TimeSpan.Parse("PT3M29.6631862S"),
	AllowedDataStorageLocations = new List<ManagedAppDataStorageLocation?>
	{
		ManagedAppDataStorageLocation.SharePoint,
	},
	ContactSyncBlocked = true,
	PrintBlocked = true,
	FingerprintBlocked = true,
	DisableAppPinIfDevicePinIsSet = true,
	MinimumRequiredOsVersion = "Minimum Required Os Version value",
	MinimumWarningOsVersion = "Minimum Warning Os Version value",
	MinimumRequiredAppVersion = "Minimum Required App Version value",
	MinimumWarningAppVersion = "Minimum Warning App Version value",
	ManagedBrowser = ManagedBrowserType.MicrosoftEdge,
	AppDataEncryptionType = ManagedAppDataEncryptionType.AfterDeviceRestart,
	ScreenCaptureBlocked = true,
	EncryptAppData = true,
	DisableAppEncryptionIfDeviceEncryptionIsEnabled = true,
	MinimumRequiredSdkVersion = "Minimum Required Sdk Version value",
	CustomSettings = new List<KeyValuePair>
	{
		new KeyValuePair
		{
			OdataType = "microsoft.graph.keyValuePair",
			Name = "Name value",
			Value = "Value value",
		},
	},
	DeployedAppCount = 0,
	MinimumRequiredPatchVersion = "Minimum Required Patch Version value",
	MinimumWarningPatchVersion = "Minimum Warning Patch Version value",
	FaceIdBlocked = true,
};

// To initialize your graphClient, see https://learn.microsoft.com/en-us/graph/sdks/create-client?from=snippets&tabs=csharp
var result = await graphClient.DeviceAppManagement.DefaultManagedAppProtections.PostAsync(requestBody);

For details about how to add the SDK to your project and create an authProvider instance, see the SDK documentation.

CLI

mgc device-app-management default-managed-app-protections create --body '{\
  "@odata.type": "#microsoft.graph.defaultManagedAppProtection",\
  "displayName": "Display Name value",\
  "description": "Description value",\
  "version": "Version value",\
  "periodOfflineBeforeAccessCheck": "-PT17.1357909S",\
  "periodOnlineBeforeAccessCheck": "PT35.0018757S",\
  "allowedInboundDataTransferSources": "managedApps",\
  "allowedOutboundDataTransferDestinations": "managedApps",\
  "organizationalCredentialsRequired": true,\
  "allowedOutboundClipboardSharingLevel": "managedAppsWithPasteIn",\
  "dataBackupBlocked": true,\
  "deviceComplianceRequired": true,\
  "managedBrowserToOpenLinksRequired": true,\
  "saveAsBlocked": true,\
  "periodOfflineBeforeWipeIsEnforced": "-PT3M22.1587532S",\
  "pinRequired": true,\
  "maximumPinRetries": 1,\
  "simplePinBlocked": true,\
  "minimumPinLength": 0,\
  "pinCharacterSet": "alphanumericAndSymbol",\
  "periodBeforePinReset": "PT3M29.6631862S",\
  "allowedDataStorageLocations": [\
    "sharePoint"\
  ],\
  "contactSyncBlocked": true,\
  "printBlocked": true,\
  "fingerprintBlocked": true,\
  "disableAppPinIfDevicePinIsSet": true,\
  "minimumRequiredOsVersion": "Minimum Required Os Version value",\
  "minimumWarningOsVersion": "Minimum Warning Os Version value",\
  "minimumRequiredAppVersion": "Minimum Required App Version value",\
  "minimumWarningAppVersion": "Minimum Warning App Version value",\
  "managedBrowser": "microsoftEdge",\
  "appDataEncryptionType": "afterDeviceRestart",\
  "screenCaptureBlocked": true,\
  "encryptAppData": true,\
  "disableAppEncryptionIfDeviceEncryptionIsEnabled": true,\
  "minimumRequiredSdkVersion": "Minimum Required Sdk Version value",\
  "customSettings": [\
    {\
      "@odata.type": "microsoft.graph.keyValuePair",\
      "name": "Name value",\
      "value": "Value value"\
    }\
  ],\
  "deployedAppCount": 0,\
  "minimumRequiredPatchVersion": "Minimum Required Patch Version value",\
  "minimumWarningPatchVersion": "Minimum Warning Patch Version value",\
  "faceIdBlocked": true\
}\
'

For details about how to add the SDK to your project and create an authProvider instance, see the SDK documentation.

Go

// Code snippets are only available for the latest major version. Current major version is $v1.*

// Dependencies
import (
	  "context"
	  abstractions "github.com/microsoft/kiota-abstractions-go"
	  msgraphsdk "github.com/microsoftgraph/msgraph-sdk-go"
	  graphmodels "github.com/microsoftgraph/msgraph-sdk-go/models"
	  //other-imports
)

requestBody := graphmodels.NewDefaultManagedAppProtection()
displayName := "Display Name value"
requestBody.SetDisplayName(&displayName) 
description := "Description value"
requestBody.SetDescription(&description) 
version := "Version value"
requestBody.SetVersion(&version) 
periodOfflineBeforeAccessCheck , err := abstractions.ParseISODuration("-PT17.1357909S")
requestBody.SetPeriodOfflineBeforeAccessCheck(&periodOfflineBeforeAccessCheck) 
periodOnlineBeforeAccessCheck , err := abstractions.ParseISODuration("PT35.0018757S")
requestBody.SetPeriodOnlineBeforeAccessCheck(&periodOnlineBeforeAccessCheck) 
allowedInboundDataTransferSources := graphmodels.MANAGEDAPPS_MANAGEDAPPDATATRANSFERLEVEL 
requestBody.SetAllowedInboundDataTransferSources(&allowedInboundDataTransferSources) 
allowedOutboundDataTransferDestinations := graphmodels.MANAGEDAPPS_MANAGEDAPPDATATRANSFERLEVEL 
requestBody.SetAllowedOutboundDataTransferDestinations(&allowedOutboundDataTransferDestinations) 
organizationalCredentialsRequired := true
requestBody.SetOrganizationalCredentialsRequired(&organizationalCredentialsRequired) 
allowedOutboundClipboardSharingLevel := graphmodels.MANAGEDAPPSWITHPASTEIN_MANAGEDAPPCLIPBOARDSHARINGLEVEL 
requestBody.SetAllowedOutboundClipboardSharingLevel(&allowedOutboundClipboardSharingLevel) 
dataBackupBlocked := true
requestBody.SetDataBackupBlocked(&dataBackupBlocked) 
deviceComplianceRequired := true
requestBody.SetDeviceComplianceRequired(&deviceComplianceRequired) 
managedBrowserToOpenLinksRequired := true
requestBody.SetManagedBrowserToOpenLinksRequired(&managedBrowserToOpenLinksRequired) 
saveAsBlocked := true
requestBody.SetSaveAsBlocked(&saveAsBlocked) 
periodOfflineBeforeWipeIsEnforced , err := abstractions.ParseISODuration("-PT3M22.1587532S")
requestBody.SetPeriodOfflineBeforeWipeIsEnforced(&periodOfflineBeforeWipeIsEnforced) 
pinRequired := true
requestBody.SetPinRequired(&pinRequired) 
maximumPinRetries := int32(1)
requestBody.SetMaximumPinRetries(&maximumPinRetries) 
simplePinBlocked := true
requestBody.SetSimplePinBlocked(&simplePinBlocked) 
minimumPinLength := int32(0)
requestBody.SetMinimumPinLength(&minimumPinLength) 
pinCharacterSet := graphmodels.ALPHANUMERICANDSYMBOL_MANAGEDAPPPINCHARACTERSET 
requestBody.SetPinCharacterSet(&pinCharacterSet) 
periodBeforePinReset , err := abstractions.ParseISODuration("PT3M29.6631862S")
requestBody.SetPeriodBeforePinReset(&periodBeforePinReset) 
allowedDataStorageLocations := []graphmodels.ManagedAppDataStorageLocationable {
	managedAppDataStorageLocation := graphmodels.SHAREPOINT_MANAGEDAPPDATASTORAGELOCATION 
	requestBody.SetManagedAppDataStorageLocation(&managedAppDataStorageLocation)
}
requestBody.SetAllowedDataStorageLocations(allowedDataStorageLocations)
contactSyncBlocked := true
requestBody.SetContactSyncBlocked(&contactSyncBlocked) 
printBlocked := true
requestBody.SetPrintBlocked(&printBlocked) 
fingerprintBlocked := true
requestBody.SetFingerprintBlocked(&fingerprintBlocked) 
disableAppPinIfDevicePinIsSet := true
requestBody.SetDisableAppPinIfDevicePinIsSet(&disableAppPinIfDevicePinIsSet) 
minimumRequiredOsVersion := "Minimum Required Os Version value"
requestBody.SetMinimumRequiredOsVersion(&minimumRequiredOsVersion) 
minimumWarningOsVersion := "Minimum Warning Os Version value"
requestBody.SetMinimumWarningOsVersion(&minimumWarningOsVersion) 
minimumRequiredAppVersion := "Minimum Required App Version value"
requestBody.SetMinimumRequiredAppVersion(&minimumRequiredAppVersion) 
minimumWarningAppVersion := "Minimum Warning App Version value"
requestBody.SetMinimumWarningAppVersion(&minimumWarningAppVersion) 
managedBrowser := graphmodels.MICROSOFTEDGE_MANAGEDBROWSERTYPE 
requestBody.SetManagedBrowser(&managedBrowser) 
appDataEncryptionType := graphmodels.AFTERDEVICERESTART_MANAGEDAPPDATAENCRYPTIONTYPE 
requestBody.SetAppDataEncryptionType(&appDataEncryptionType) 
screenCaptureBlocked := true
requestBody.SetScreenCaptureBlocked(&screenCaptureBlocked) 
encryptAppData := true
requestBody.SetEncryptAppData(&encryptAppData) 
disableAppEncryptionIfDeviceEncryptionIsEnabled := true
requestBody.SetDisableAppEncryptionIfDeviceEncryptionIsEnabled(&disableAppEncryptionIfDeviceEncryptionIsEnabled) 
minimumRequiredSdkVersion := "Minimum Required Sdk Version value"
requestBody.SetMinimumRequiredSdkVersion(&minimumRequiredSdkVersion) 


keyValuePair := graphmodels.NewKeyValuePair()
name := "Name value"
keyValuePair.SetName(&name) 
value := "Value value"
keyValuePair.SetValue(&value) 

customSettings := []graphmodels.KeyValuePairable {
	keyValuePair,
}
requestBody.SetCustomSettings(customSettings)
deployedAppCount := int32(0)
requestBody.SetDeployedAppCount(&deployedAppCount) 
minimumRequiredPatchVersion := "Minimum Required Patch Version value"
requestBody.SetMinimumRequiredPatchVersion(&minimumRequiredPatchVersion) 
minimumWarningPatchVersion := "Minimum Warning Patch Version value"
requestBody.SetMinimumWarningPatchVersion(&minimumWarningPatchVersion) 
faceIdBlocked := true
requestBody.SetFaceIdBlocked(&faceIdBlocked) 

// To initialize your graphClient, see https://learn.microsoft.com/en-us/graph/sdks/create-client?from=snippets&tabs=go
defaultManagedAppProtections, err := graphClient.DeviceAppManagement().DefaultManagedAppProtections().Post(context.Background(), requestBody, nil)

For details about how to add the SDK to your project and create an authProvider instance, see the SDK documentation.

Java

// Code snippets are only available for the latest version. Current version is 6.x

GraphServiceClient graphClient = new GraphServiceClient(requestAdapter);

DefaultManagedAppProtection defaultManagedAppProtection = new DefaultManagedAppProtection();
defaultManagedAppProtection.setOdataType("#microsoft.graph.defaultManagedAppProtection");
defaultManagedAppProtection.setDisplayName("Display Name value");
defaultManagedAppProtection.setDescription("Description value");
defaultManagedAppProtection.setVersion("Version value");
PeriodAndDuration periodOfflineBeforeAccessCheck = PeriodAndDuration.ofDuration(Duration.parse("-PT17.1357909S"));
defaultManagedAppProtection.setPeriodOfflineBeforeAccessCheck(periodOfflineBeforeAccessCheck);
PeriodAndDuration periodOnlineBeforeAccessCheck = PeriodAndDuration.ofDuration(Duration.parse("PT35.0018757S"));
defaultManagedAppProtection.setPeriodOnlineBeforeAccessCheck(periodOnlineBeforeAccessCheck);
defaultManagedAppProtection.setAllowedInboundDataTransferSources(ManagedAppDataTransferLevel.ManagedApps);
defaultManagedAppProtection.setAllowedOutboundDataTransferDestinations(ManagedAppDataTransferLevel.ManagedApps);
defaultManagedAppProtection.setOrganizationalCredentialsRequired(true);
defaultManagedAppProtection.setAllowedOutboundClipboardSharingLevel(ManagedAppClipboardSharingLevel.ManagedAppsWithPasteIn);
defaultManagedAppProtection.setDataBackupBlocked(true);
defaultManagedAppProtection.setDeviceComplianceRequired(true);
defaultManagedAppProtection.setManagedBrowserToOpenLinksRequired(true);
defaultManagedAppProtection.setSaveAsBlocked(true);
PeriodAndDuration periodOfflineBeforeWipeIsEnforced = PeriodAndDuration.ofDuration(Duration.parse("-PT3M22.1587532S"));
defaultManagedAppProtection.setPeriodOfflineBeforeWipeIsEnforced(periodOfflineBeforeWipeIsEnforced);
defaultManagedAppProtection.setPinRequired(true);
defaultManagedAppProtection.setMaximumPinRetries(1);
defaultManagedAppProtection.setSimplePinBlocked(true);
defaultManagedAppProtection.setMinimumPinLength(0);
defaultManagedAppProtection.setPinCharacterSet(ManagedAppPinCharacterSet.AlphanumericAndSymbol);
PeriodAndDuration periodBeforePinReset = PeriodAndDuration.ofDuration(Duration.parse("PT3M29.6631862S"));
defaultManagedAppProtection.setPeriodBeforePinReset(periodBeforePinReset);
LinkedList<ManagedAppDataStorageLocation> allowedDataStorageLocations = new LinkedList<ManagedAppDataStorageLocation>();
allowedDataStorageLocations.add(ManagedAppDataStorageLocation.SharePoint);
defaultManagedAppProtection.setAllowedDataStorageLocations(allowedDataStorageLocations);
defaultManagedAppProtection.setContactSyncBlocked(true);
defaultManagedAppProtection.setPrintBlocked(true);
defaultManagedAppProtection.setFingerprintBlocked(true);
defaultManagedAppProtection.setDisableAppPinIfDevicePinIsSet(true);
defaultManagedAppProtection.setMinimumRequiredOsVersion("Minimum Required Os Version value");
defaultManagedAppProtection.setMinimumWarningOsVersion("Minimum Warning Os Version value");
defaultManagedAppProtection.setMinimumRequiredAppVersion("Minimum Required App Version value");
defaultManagedAppProtection.setMinimumWarningAppVersion("Minimum Warning App Version value");
defaultManagedAppProtection.setManagedBrowser(EnumSet.of(ManagedBrowserType.MicrosoftEdge));
defaultManagedAppProtection.setAppDataEncryptionType(ManagedAppDataEncryptionType.AfterDeviceRestart);
defaultManagedAppProtection.setScreenCaptureBlocked(true);
defaultManagedAppProtection.setEncryptAppData(true);
defaultManagedAppProtection.setDisableAppEncryptionIfDeviceEncryptionIsEnabled(true);
defaultManagedAppProtection.setMinimumRequiredSdkVersion("Minimum Required Sdk Version value");
LinkedList<KeyValuePair> customSettings = new LinkedList<KeyValuePair>();
KeyValuePair keyValuePair = new KeyValuePair();
keyValuePair.setOdataType("microsoft.graph.keyValuePair");
keyValuePair.setName("Name value");
keyValuePair.setValue("Value value");
customSettings.add(keyValuePair);
defaultManagedAppProtection.setCustomSettings(customSettings);
defaultManagedAppProtection.setDeployedAppCount(0);
defaultManagedAppProtection.setMinimumRequiredPatchVersion("Minimum Required Patch Version value");
defaultManagedAppProtection.setMinimumWarningPatchVersion("Minimum Warning Patch Version value");
defaultManagedAppProtection.setFaceIdBlocked(true);
DefaultManagedAppProtection result = graphClient.deviceAppManagement().defaultManagedAppProtections().post(defaultManagedAppProtection);

For details about how to add the SDK to your project and create an authProvider instance, see the SDK documentation.

JavaScript

const options = {
	authProvider,
};

const client = Client.init(options);

const defaultManagedAppProtection = {
  '@odata.type': '#microsoft.graph.defaultManagedAppProtection',
  displayName: 'Display Name value',
  description: 'Description value',
  version: 'Version value',
  periodOfflineBeforeAccessCheck: '-PT17.1357909S',
  periodOnlineBeforeAccessCheck: 'PT35.0018757S',
  allowedInboundDataTransferSources: 'managedApps',
  allowedOutboundDataTransferDestinations: 'managedApps',
  organizationalCredentialsRequired: true,
  allowedOutboundClipboardSharingLevel: 'managedAppsWithPasteIn',
  dataBackupBlocked: true,
  deviceComplianceRequired: true,
  managedBrowserToOpenLinksRequired: true,
  saveAsBlocked: true,
  periodOfflineBeforeWipeIsEnforced: '-PT3M22.1587532S',
  pinRequired: true,
  maximumPinRetries: 1,
  simplePinBlocked: true,
  minimumPinLength: 0,
  pinCharacterSet: 'alphanumericAndSymbol',
  periodBeforePinReset: 'PT3M29.6631862S',
  allowedDataStorageLocations: [
    'sharePoint'
  ],
  contactSyncBlocked: true,
  printBlocked: true,
  fingerprintBlocked: true,
  disableAppPinIfDevicePinIsSet: true,
  minimumRequiredOsVersion: 'Minimum Required Os Version value',
  minimumWarningOsVersion: 'Minimum Warning Os Version value',
  minimumRequiredAppVersion: 'Minimum Required App Version value',
  minimumWarningAppVersion: 'Minimum Warning App Version value',
  managedBrowser: 'microsoftEdge',
  appDataEncryptionType: 'afterDeviceRestart',
  screenCaptureBlocked: true,
  encryptAppData: true,
  disableAppEncryptionIfDeviceEncryptionIsEnabled: true,
  minimumRequiredSdkVersion: 'Minimum Required Sdk Version value',
  customSettings: [
    {
      '@odata.type': 'microsoft.graph.keyValuePair',
      name: 'Name value',
      value: 'Value value'
    }
  ],
  deployedAppCount: 0,
  minimumRequiredPatchVersion: 'Minimum Required Patch Version value',
  minimumWarningPatchVersion: 'Minimum Warning Patch Version value',
  faceIdBlocked: true
};

await client.api('/deviceAppManagement/defaultManagedAppProtections')
	.post(defaultManagedAppProtection);

For details about how to add the SDK to your project and create an authProvider instance, see the SDK documentation.

PHP

<?php
use Microsoft\Graph\GraphServiceClient;
use Microsoft\Graph\Generated\Models\DefaultManagedAppProtection;
use Microsoft\Graph\Generated\Models\ManagedAppDataTransferLevel;
use Microsoft\Graph\Generated\Models\ManagedAppClipboardSharingLevel;
use Microsoft\Graph\Generated\Models\ManagedAppPinCharacterSet;
use Microsoft\Graph\Generated\Models\ManagedAppDataStorageLocation;
use Microsoft\Graph\Generated\Models\ManagedBrowserType;
use Microsoft\Graph\Generated\Models\ManagedAppDataEncryptionType;
use Microsoft\Graph\Generated\Models\KeyValuePair;


$graphServiceClient = new GraphServiceClient($tokenRequestContext, $scopes);

$requestBody = new DefaultManagedAppProtection();
$requestBody->setOdataType('#microsoft.graph.defaultManagedAppProtection');
$requestBody->setDisplayName('Display Name value');
$requestBody->setDescription('Description value');
$requestBody->setVersion('Version value');
$requestBody->setPeriodOfflineBeforeAccessCheck(new \DateInterval('-PT17.1357909S'));
$requestBody->setPeriodOnlineBeforeAccessCheck(new \DateInterval('PT35.0018757S'));
$requestBody->setAllowedInboundDataTransferSources(new ManagedAppDataTransferLevel('managedApps'));
$requestBody->setAllowedOutboundDataTransferDestinations(new ManagedAppDataTransferLevel('managedApps'));
$requestBody->setOrganizationalCredentialsRequired(true);
$requestBody->setAllowedOutboundClipboardSharingLevel(new ManagedAppClipboardSharingLevel('managedAppsWithPasteIn'));
$requestBody->setDataBackupBlocked(true);
$requestBody->setDeviceComplianceRequired(true);
$requestBody->setManagedBrowserToOpenLinksRequired(true);
$requestBody->setSaveAsBlocked(true);
$requestBody->setPeriodOfflineBeforeWipeIsEnforced(new \DateInterval('-PT3M22.1587532S'));
$requestBody->setPinRequired(true);
$requestBody->setMaximumPinRetries(1);
$requestBody->setSimplePinBlocked(true);
$requestBody->setMinimumPinLength(0);
$requestBody->setPinCharacterSet(new ManagedAppPinCharacterSet('alphanumericAndSymbol'));
$requestBody->setPeriodBeforePinReset(new \DateInterval('PT3M29.6631862S'));
$requestBody->setAllowedDataStorageLocations([new ManagedAppDataStorageLocation('sharePoint'),	]);
$requestBody->setContactSyncBlocked(true);
$requestBody->setPrintBlocked(true);
$requestBody->setFingerprintBlocked(true);
$requestBody->setDisableAppPinIfDevicePinIsSet(true);
$requestBody->setMinimumRequiredOsVersion('Minimum Required Os Version value');
$requestBody->setMinimumWarningOsVersion('Minimum Warning Os Version value');
$requestBody->setMinimumRequiredAppVersion('Minimum Required App Version value');
$requestBody->setMinimumWarningAppVersion('Minimum Warning App Version value');
$requestBody->setManagedBrowser(new ManagedBrowserType('microsoftEdge'));
$requestBody->setAppDataEncryptionType(new ManagedAppDataEncryptionType('afterDeviceRestart'));
$requestBody->setScreenCaptureBlocked(true);
$requestBody->setEncryptAppData(true);
$requestBody->setDisableAppEncryptionIfDeviceEncryptionIsEnabled(true);
$requestBody->setMinimumRequiredSdkVersion('Minimum Required Sdk Version value');
$customSettingsKeyValuePair1 = new KeyValuePair();
$customSettingsKeyValuePair1->setOdataType('microsoft.graph.keyValuePair');
$customSettingsKeyValuePair1->setName('Name value');
$customSettingsKeyValuePair1->setValue('Value value');
$customSettingsArray []= $customSettingsKeyValuePair1;
$requestBody->setCustomSettings($customSettingsArray);

$requestBody->setDeployedAppCount(0);
$requestBody->setMinimumRequiredPatchVersion('Minimum Required Patch Version value');
$requestBody->setMinimumWarningPatchVersion('Minimum Warning Patch Version value');
$requestBody->setFaceIdBlocked(true);

$result = $graphServiceClient->deviceAppManagement()->defaultManagedAppProtections()->post($requestBody)->wait();

For details about how to add the SDK to your project and create an authProvider instance, see the SDK documentation.

PowerShell

Import-Module Microsoft.Graph.Devices.CorporateManagement

$params = @{
	"@odata.type" = "#microsoft.graph.defaultManagedAppProtection"
	displayName = "Display Name value"
	description = "Description value"
	version = "Version value"
	periodOfflineBeforeAccessCheck = "-PT17.1357909S"
	periodOnlineBeforeAccessCheck = "PT35.0018757S"
	allowedInboundDataTransferSources = "managedApps"
	allowedOutboundDataTransferDestinations = "managedApps"
	organizationalCredentialsRequired = $true
	allowedOutboundClipboardSharingLevel = "managedAppsWithPasteIn"
	dataBackupBlocked = $true
	deviceComplianceRequired = $true
	managedBrowserToOpenLinksRequired = $true
	saveAsBlocked = $true
	periodOfflineBeforeWipeIsEnforced = "-PT3M22.1587532S"
	pinRequired = $true
	maximumPinRetries = 1
	simplePinBlocked = $true
	minimumPinLength = 0
	pinCharacterSet = "alphanumericAndSymbol"
	periodBeforePinReset = "PT3M29.6631862S"
	allowedDataStorageLocations = @(
	"sharePoint"
)
contactSyncBlocked = $true
printBlocked = $true
fingerprintBlocked = $true
disableAppPinIfDevicePinIsSet = $true
minimumRequiredOsVersion = "Minimum Required Os Version value"
minimumWarningOsVersion = "Minimum Warning Os Version value"
minimumRequiredAppVersion = "Minimum Required App Version value"
minimumWarningAppVersion = "Minimum Warning App Version value"
managedBrowser = "microsoftEdge"
appDataEncryptionType = "afterDeviceRestart"
screenCaptureBlocked = $true
encryptAppData = $true
disableAppEncryptionIfDeviceEncryptionIsEnabled = $true
minimumRequiredSdkVersion = "Minimum Required Sdk Version value"
customSettings = @(
	@{
		"@odata.type" = "microsoft.graph.keyValuePair"
		name = "Name value"
		value = "Value value"
	}
)
deployedAppCount = 0
minimumRequiredPatchVersion = "Minimum Required Patch Version value"
minimumWarningPatchVersion = "Minimum Warning Patch Version value"
faceIdBlocked = $true
}

New-MgDeviceAppManagementDefaultManagedAppProtection -BodyParameter $params

For details about how to add the SDK to your project and create an authProvider instance, see the SDK documentation.

Python

# Code snippets are only available for the latest version. Current version is 1.x
from msgraph import GraphServiceClient
from msgraph.generated.models.default_managed_app_protection import DefaultManagedAppProtection
from msgraph.generated.models.managed_app_data_transfer_level import ManagedAppDataTransferLevel
from msgraph.generated.models.managed_app_clipboard_sharing_level import ManagedAppClipboardSharingLevel
from msgraph.generated.models.managed_app_pin_character_set import ManagedAppPinCharacterSet
from msgraph.generated.models.managed_app_data_storage_location import ManagedAppDataStorageLocation
from msgraph.generated.models.managed_browser_type import ManagedBrowserType
from msgraph.generated.models.managed_app_data_encryption_type import ManagedAppDataEncryptionType
from msgraph.generated.models.key_value_pair import KeyValuePair
# To initialize your graph_client, see https://learn.microsoft.com/en-us/graph/sdks/create-client?from=snippets&tabs=python
request_body = DefaultManagedAppProtection(
	odata_type = "#microsoft.graph.defaultManagedAppProtection",
	display_name = "Display Name value",
	description = "Description value",
	version = "Version value",
	period_offline_before_access_check = "-PT17.1357909S",
	period_online_before_access_check = "PT35.0018757S",
	allowed_inbound_data_transfer_sources = ManagedAppDataTransferLevel.ManagedApps,
	allowed_outbound_data_transfer_destinations = ManagedAppDataTransferLevel.ManagedApps,
	organizational_credentials_required = True,
	allowed_outbound_clipboard_sharing_level = ManagedAppClipboardSharingLevel.ManagedAppsWithPasteIn,
	data_backup_blocked = True,
	device_compliance_required = True,
	managed_browser_to_open_links_required = True,
	save_as_blocked = True,
	period_offline_before_wipe_is_enforced = "-PT3M22.1587532S",
	pin_required = True,
	maximum_pin_retries = 1,
	simple_pin_blocked = True,
	minimum_pin_length = 0,
	pin_character_set = ManagedAppPinCharacterSet.AlphanumericAndSymbol,
	period_before_pin_reset = "PT3M29.6631862S",
	allowed_data_storage_locations = [
		ManagedAppDataStorageLocation.SharePoint,
	],
	contact_sync_blocked = True,
	print_blocked = True,
	fingerprint_blocked = True,
	disable_app_pin_if_device_pin_is_set = True,
	minimum_required_os_version = "Minimum Required Os Version value",
	minimum_warning_os_version = "Minimum Warning Os Version value",
	minimum_required_app_version = "Minimum Required App Version value",
	minimum_warning_app_version = "Minimum Warning App Version value",
	managed_browser = ManagedBrowserType.MicrosoftEdge,
	app_data_encryption_type = ManagedAppDataEncryptionType.AfterDeviceRestart,
	screen_capture_blocked = True,
	encrypt_app_data = True,
	disable_app_encryption_if_device_encryption_is_enabled = True,
	minimum_required_sdk_version = "Minimum Required Sdk Version value",
	custom_settings = [
		KeyValuePair(
			odata_type = "microsoft.graph.keyValuePair",
			name = "Name value",
			value = "Value value",
		),
	],
	deployed_app_count = 0,
	minimum_required_patch_version = "Minimum Required Patch Version value",
	minimum_warning_patch_version = "Minimum Warning Patch Version value",
	face_id_blocked = True,
)

result = await graph_client.device_app_management.default_managed_app_protections.post(request_body)

For details about how to add the SDK to your project and create an authProvider instance, see the SDK documentation.

Response

Here is an example of the response. Note: The response object shown here may be truncated for brevity. All of the properties will be returned from an actual call.

HTTP/1.1 201 Created
Content-Type: application/json
Content-Length: 2181

{
  "@odata.type": "#microsoft.graph.defaultManagedAppProtection",
  "displayName": "Display Name value",
  "description": "Description value",
  "createdDateTime": "2017-01-01T00:02:43.5775965-08:00",
  "lastModifiedDateTime": "2017-01-01T00:00:35.1329464-08:00",
  "id": "77064c51-4c51-7706-514c-0677514c0677",
  "version": "Version value",
  "periodOfflineBeforeAccessCheck": "-PT17.1357909S",
  "periodOnlineBeforeAccessCheck": "PT35.0018757S",
  "allowedInboundDataTransferSources": "managedApps",
  "allowedOutboundDataTransferDestinations": "managedApps",
  "organizationalCredentialsRequired": true,
  "allowedOutboundClipboardSharingLevel": "managedAppsWithPasteIn",
  "dataBackupBlocked": true,
  "deviceComplianceRequired": true,
  "managedBrowserToOpenLinksRequired": true,
  "saveAsBlocked": true,
  "periodOfflineBeforeWipeIsEnforced": "-PT3M22.1587532S",
  "pinRequired": true,
  "maximumPinRetries": 1,
  "simplePinBlocked": true,
  "minimumPinLength": 0,
  "pinCharacterSet": "alphanumericAndSymbol",
  "periodBeforePinReset": "PT3M29.6631862S",
  "allowedDataStorageLocations": [
    "sharePoint"
  ],
  "contactSyncBlocked": true,
  "printBlocked": true,
  "fingerprintBlocked": true,
  "disableAppPinIfDevicePinIsSet": true,
  "minimumRequiredOsVersion": "Minimum Required Os Version value",
  "minimumWarningOsVersion": "Minimum Warning Os Version value",
  "minimumRequiredAppVersion": "Minimum Required App Version value",
  "minimumWarningAppVersion": "Minimum Warning App Version value",
  "managedBrowser": "microsoftEdge",
  "appDataEncryptionType": "afterDeviceRestart",
  "screenCaptureBlocked": true,
  "encryptAppData": true,
  "disableAppEncryptionIfDeviceEncryptionIsEnabled": true,
  "minimumRequiredSdkVersion": "Minimum Required Sdk Version value",
  "customSettings": [
    {
      "@odata.type": "microsoft.graph.keyValuePair",
      "name": "Name value",
      "value": "Value value"
    }
  ],
  "deployedAppCount": 0,
  "minimumRequiredPatchVersion": "Minimum Required Patch Version value",
  "minimumWarningPatchVersion": "Minimum Warning Patch Version value",
  "faceIdBlocked": true
}