Обновление объекта windows10EndpointProtectionConfiguration

Пространство имен: microsoft.graph

Примечание. API Microsoft Graph для Intune требует наличия активной лицензии Intune для клиента.

Обновляет свойства объекта windows10EndpointProtectionConfiguration.

Этот API доступен в следующих национальных облачных развертываниях.

Глобальная служба	Правительство США L4	Правительство США L5 (DOD)	Китай управляется 21Vianet
✅	✅	✅	✅

Разрешения

Для вызова этого API требуется одно из следующих разрешений. Дополнительные сведения, включая сведения о том, как выбрать разрешения, см. в статье Разрешения.

Тип разрешения	Разрешения (в порядке повышения привилегий)
Делегированные (рабочая или учебная учетная запись)	DeviceManagementConfiguration.ReadWrite.All
Делегированные (личная учетная запись Майкрософт)	Не поддерживается.
Приложение	DeviceManagementConfiguration.ReadWrite.All

HTTP-запрос

PATCH /deviceManagement/deviceConfigurations/{deviceConfigurationId}

Заголовки запроса

Заголовок	Значение
Авторизация	Bearer {token}. Обязательно. Дополнительные сведения о проверке подлинности и авторизации.
Accept	application/json

Текст запроса

В теле запроса добавьте представление объекта windows10EndpointProtectionConfiguration в формате JSON.

Ниже показаны свойства, которые необходимо указывать при создании объекта windows10EndpointProtectionConfiguration.

Свойство	Тип	Описание
id	String	Ключ объекта. Наследуется от объекта deviceConfiguration.
lastModifiedDateTime	DateTimeOffset	Дата и время последнего изменения объекта. Наследуется от объекта deviceConfiguration.
createdDateTime	DateTimeOffset	Дата и время создания объекта. Наследуется от объекта deviceConfiguration.
description	String	Указанное администратором описание конфигурации устройства. Наследуется от объекта deviceConfiguration.
displayName	String	Указанное администратором имя конфигурации устройства. Наследуется от объекта deviceConfiguration.
version	Int32	Версия конфигурации устройства. Наследуется от deviceConfiguration.
firewallBlockStatefulFTP	Boolean	Блокирует FTP-подключения к устройству с отслеживанием состояния.
firewallIdleTimeoutForSecurityAssociationInSeconds	Int32	Настраивает время ожидания для сопоставлений безопасности в секундах от 300 до 3600 включительно. По истечении этого срока сопоставления безопасности перестают действовать и удаляются. Допустимые значения: от 300 до 3600
firewallPreSharedKeyEncodingMethod	firewallPreSharedKeyEncodingMethodType	Выберите кодировку предварительного ключа для использования. Возможные значения: deviceDefault, none, utF8.
firewallIPSecExemptionsAllowNeighborDiscovery	Boolean	Настраивает исключения IPSec для разрешения обнаружения соседей. Коды типов ICMP IPv6.
firewallIPSecExemptionsAllowICMP	Boolean	Настраивает исключения IPSec для разрешения ICMP
firewallIPSecExemptionsAllowRouterDiscovery	Boolean	Настраивает исключения IPSec для разрешения обнаружения маршрутизаторов. Коды типов ICMP IPv6.
firewallIPSecExemptionsAllowDHCP	Boolean	Настраивает исключения IPSec для разрешения DHCP-трафика IPv4 и IPv6
firewallCertificateRevocationListCheckMethod	firewallCertificateRevocationListCheckMethodType	Укажите способ принудительного применения списка отзыва сертификатов. Возможные значения: deviceDefault, none, attempt, require.
firewallMergeKeyingModuleSettings	Boolean	Если модуль ключей поддерживает не весь набор проверки подлинности, дайте ему указание игнорировать только неподдерживаемые пакеты, а не весь набор
firewallPacketQueueingMethod	firewallPacketQueueingMethodType	Настраивает способ применения очереди пакетов в сценарии шлюза туннеля. Возможные значения: deviceDefault, disabled, queueInbound, queueOutbound, queueBoth.
firewallProfileDomain	windowsFirewallNetworkProfile	Настраивает параметры профиля брандмауэра для доменных сетей
firewallProfilePublic	windowsFirewallNetworkProfile	Настраивает параметры профиля брандмауэра для общедоступных сетей
firewallProfilePrivate	windowsFirewallNetworkProfile	Настраивает параметры профиля брандмауэра для частных сетей
defenderAttackSurfaceReductionExcludedPaths	Коллекция String	Список файлов EXE и папок, которые следует исключить из правил сокращения направлений атак
defenderGuardedFoldersAllowedAppPaths	Коллекция String	Список путей к файлам EXE, которым разрешен доступ к защищенным папкам
defenderAdditionalGuardedFolders	Коллекция String	Список путей к папкам, которые следует добавить в список защищенных папок
defenderExploitProtectionXml	Binary	XML-файл с информацией о защите от эксплойтов.
defenderExploitProtectionXmlFileName	String	Имя файла, из которого получено свойство DefenderExploitProtectionXml.
defenderSecurityCenterBlockExploitProtectionOverride	Boolean	Указывает, следует ли запретить пользователю переопределять настройки защиты от эксплойтов.
appLockerApplicationControl	appLockerApplicationControlType	Позволяет администратору выбирать разрешенные типы приложений для устройств. Возможные значения: notConfigured, enforceComponentsAndStoreApps, auditComponentsAndStoreApps, enforceComponentsStoreAppsAndSmartlocker, auditComponentsStoreAppsAndSmartlocker.
smartScreenEnableInShell	Boolean	Позволяет ИТ-администраторам настраивать SmartScreen для Windows.
smartScreenBlockOverrideForFiles	Boolean	Позволяет ИТ-администраторам указывать, могут ли пользователи игнорировать предупреждения SmartScreen и запускать вредоносные файлы.
applicationGuardEnabled	Boolean	Включение Application Guard в Защитнике Windows
applicationGuardBlockFileTransfer	applicationGuardBlockFileTransferType	Блок буфера обмена для передачи файла изображения, текстового файла или ни один из них. Возможные значения: notConfigured, blockImageAndTextFile, blockImageFile, blockNone, blockTextFile.
applicationGuardBlockNonEnterpriseContent	Boolean	Позволяет заблокировать загрузку некорпоративного контента, например сторонних подключаемых модулей, на корпоративных сайтах.
applicationGuardAllowPersistence	Boolean	Позволяет разрешить сохранение пользовательских данных в контейнере App Guard (избранное, файлы cookie, веб-пароли и т. д.).
applicationGuardForceAuditing	Boolean	Эта политика позволяет сохранять журналы и события Windows (попытки входа и выхода, использование привилегий, установка программного обеспечения, системные изменения и т. д.) для обеспечения безопасности и соответствия требованиям.
applicationGuardBlockClipboardSharing	applicationGuardBlockClipboardSharingType	Позволяет заблокировать передачу данных с узла в контейнер или с контейнера в узел через буфер обмена. Возможные значения: notConfigured, blockBoth, blockHostToContainer, blockContainerToHost, blockNone.
applicationGuardAllowPrintToPDF	Boolean	Позволяет разрешить печать в PDF из контейнера.
applicationGuardAllowPrintToXPS	Boolean	Позволяет разрешить печать в XPS из контейнера.
applicationGuardAllowPrintToLocalPrinters	Boolean	Позволяет разрешить печать на локальных принтерах из контейнера.
applicationGuardAllowPrintToNetworkPrinters	Boolean	Позволяет разрешить печать на сетевых принтерах из контейнера.
bitLockerDisableWarningForOtherDiskEncryption	Boolean	Позволяет администратору отключить предупреждение о другом методе шифрования диска на компьютерах пользователей.
bitLockerEnableStorageCardEncryptionOnMobile	Boolean	Позволяет администратору требовать включения шифрования с помощью BitLocker. Эта политика действительна только для мобильных устройств.
bitLockerEncryptDevice	Boolean	Позволяет администратору требовать включения шифрования с помощью BitLocker.
bitLockerRemovableDrivePolicy	bitLockerRemovableDrivePolicy	Политика BitLocker в отношении съемных дисков.

Отклик

В случае успешного выполнения этот метод возвращает код ответа 200 OK и обновленный объект windows10EndpointProtectionConfiguration в теле ответа.

Пример

Запрос

Ниже приведен пример запроса.

HTTP

PATCH https://graph.microsoft.com/v1.0/deviceManagement/deviceConfigurations/{deviceConfigurationId}
Content-type: application/json
Content-length: 4245

{
  "@odata.type": "#microsoft.graph.windows10EndpointProtectionConfiguration",
  "description": "Description value",
  "displayName": "Display Name value",
  "version": 7,
  "firewallBlockStatefulFTP": true,
  "firewallIdleTimeoutForSecurityAssociationInSeconds": 2,
  "firewallPreSharedKeyEncodingMethod": "none",
  "firewallIPSecExemptionsAllowNeighborDiscovery": true,
  "firewallIPSecExemptionsAllowICMP": true,
  "firewallIPSecExemptionsAllowRouterDiscovery": true,
  "firewallIPSecExemptionsAllowDHCP": true,
  "firewallCertificateRevocationListCheckMethod": "none",
  "firewallMergeKeyingModuleSettings": true,
  "firewallPacketQueueingMethod": "disabled",
  "firewallProfileDomain": {
    "@odata.type": "microsoft.graph.windowsFirewallNetworkProfile",
    "firewallEnabled": "blocked",
    "stealthModeBlocked": true,
    "incomingTrafficBlocked": true,
    "unicastResponsesToMulticastBroadcastsBlocked": true,
    "inboundNotificationsBlocked": true,
    "authorizedApplicationRulesFromGroupPolicyMerged": true,
    "globalPortRulesFromGroupPolicyMerged": true,
    "connectionSecurityRulesFromGroupPolicyMerged": true,
    "outboundConnectionsBlocked": true,
    "inboundConnectionsBlocked": true,
    "securedPacketExemptionAllowed": true,
    "policyRulesFromGroupPolicyMerged": true
  },
  "firewallProfilePublic": {
    "@odata.type": "microsoft.graph.windowsFirewallNetworkProfile",
    "firewallEnabled": "blocked",
    "stealthModeBlocked": true,
    "incomingTrafficBlocked": true,
    "unicastResponsesToMulticastBroadcastsBlocked": true,
    "inboundNotificationsBlocked": true,
    "authorizedApplicationRulesFromGroupPolicyMerged": true,
    "globalPortRulesFromGroupPolicyMerged": true,
    "connectionSecurityRulesFromGroupPolicyMerged": true,
    "outboundConnectionsBlocked": true,
    "inboundConnectionsBlocked": true,
    "securedPacketExemptionAllowed": true,
    "policyRulesFromGroupPolicyMerged": true
  },
  "firewallProfilePrivate": {
    "@odata.type": "microsoft.graph.windowsFirewallNetworkProfile",
    "firewallEnabled": "blocked",
    "stealthModeBlocked": true,
    "incomingTrafficBlocked": true,
    "unicastResponsesToMulticastBroadcastsBlocked": true,
    "inboundNotificationsBlocked": true,
    "authorizedApplicationRulesFromGroupPolicyMerged": true,
    "globalPortRulesFromGroupPolicyMerged": true,
    "connectionSecurityRulesFromGroupPolicyMerged": true,
    "outboundConnectionsBlocked": true,
    "inboundConnectionsBlocked": true,
    "securedPacketExemptionAllowed": true,
    "policyRulesFromGroupPolicyMerged": true
  },
  "defenderAttackSurfaceReductionExcludedPaths": [
    "Defender Attack Surface Reduction Excluded Paths value"
  ],
  "defenderGuardedFoldersAllowedAppPaths": [
    "Defender Guarded Folders Allowed App Paths value"
  ],
  "defenderAdditionalGuardedFolders": [
    "Defender Additional Guarded Folders value"
  ],
  "defenderExploitProtectionXml": "ZGVmZW5kZXJFeHBsb2l0UHJvdGVjdGlvblhtbA==",
  "defenderExploitProtectionXmlFileName": "Defender Exploit Protection Xml File Name value",
  "defenderSecurityCenterBlockExploitProtectionOverride": true,
  "appLockerApplicationControl": "enforceComponentsAndStoreApps",
  "smartScreenEnableInShell": true,
  "smartScreenBlockOverrideForFiles": true,
  "applicationGuardEnabled": true,
  "applicationGuardBlockFileTransfer": "blockImageAndTextFile",
  "applicationGuardBlockNonEnterpriseContent": true,
  "applicationGuardAllowPersistence": true,
  "applicationGuardForceAuditing": true,
  "applicationGuardBlockClipboardSharing": "blockBoth",
  "applicationGuardAllowPrintToPDF": true,
  "applicationGuardAllowPrintToXPS": true,
  "applicationGuardAllowPrintToLocalPrinters": true,
  "applicationGuardAllowPrintToNetworkPrinters": true,
  "bitLockerDisableWarningForOtherDiskEncryption": true,
  "bitLockerEnableStorageCardEncryptionOnMobile": true,
  "bitLockerEncryptDevice": true,
  "bitLockerRemovableDrivePolicy": {
    "@odata.type": "microsoft.graph.bitLockerRemovableDrivePolicy",
    "encryptionMethod": "aesCbc256",
    "requireEncryptionForWriteAccess": true,
    "blockCrossOrganizationWriteAccess": true
  }
}

C#

// Code snippets are only available for the latest version. Current version is 5.x

// Dependencies
using Microsoft.Graph.Models;

var requestBody = new Windows10EndpointProtectionConfiguration
{
	OdataType = "#microsoft.graph.windows10EndpointProtectionConfiguration",
	Description = "Description value",
	DisplayName = "Display Name value",
	Version = 7,
	FirewallBlockStatefulFTP = true,
	FirewallIdleTimeoutForSecurityAssociationInSeconds = 2,
	FirewallPreSharedKeyEncodingMethod = FirewallPreSharedKeyEncodingMethodType.None,
	FirewallIPSecExemptionsAllowNeighborDiscovery = true,
	FirewallIPSecExemptionsAllowICMP = true,
	FirewallIPSecExemptionsAllowRouterDiscovery = true,
	FirewallIPSecExemptionsAllowDHCP = true,
	FirewallCertificateRevocationListCheckMethod = FirewallCertificateRevocationListCheckMethodType.None,
	FirewallMergeKeyingModuleSettings = true,
	FirewallPacketQueueingMethod = FirewallPacketQueueingMethodType.Disabled,
	FirewallProfileDomain = new WindowsFirewallNetworkProfile
	{
		OdataType = "microsoft.graph.windowsFirewallNetworkProfile",
		FirewallEnabled = StateManagementSetting.Blocked,
		StealthModeBlocked = true,
		IncomingTrafficBlocked = true,
		UnicastResponsesToMulticastBroadcastsBlocked = true,
		InboundNotificationsBlocked = true,
		AuthorizedApplicationRulesFromGroupPolicyMerged = true,
		GlobalPortRulesFromGroupPolicyMerged = true,
		ConnectionSecurityRulesFromGroupPolicyMerged = true,
		OutboundConnectionsBlocked = true,
		InboundConnectionsBlocked = true,
		SecuredPacketExemptionAllowed = true,
		PolicyRulesFromGroupPolicyMerged = true,
	},
	FirewallProfilePublic = new WindowsFirewallNetworkProfile
	{
		OdataType = "microsoft.graph.windowsFirewallNetworkProfile",
		FirewallEnabled = StateManagementSetting.Blocked,
		StealthModeBlocked = true,
		IncomingTrafficBlocked = true,
		UnicastResponsesToMulticastBroadcastsBlocked = true,
		InboundNotificationsBlocked = true,
		AuthorizedApplicationRulesFromGroupPolicyMerged = true,
		GlobalPortRulesFromGroupPolicyMerged = true,
		ConnectionSecurityRulesFromGroupPolicyMerged = true,
		OutboundConnectionsBlocked = true,
		InboundConnectionsBlocked = true,
		SecuredPacketExemptionAllowed = true,
		PolicyRulesFromGroupPolicyMerged = true,
	},
	FirewallProfilePrivate = new WindowsFirewallNetworkProfile
	{
		OdataType = "microsoft.graph.windowsFirewallNetworkProfile",
		FirewallEnabled = StateManagementSetting.Blocked,
		StealthModeBlocked = true,
		IncomingTrafficBlocked = true,
		UnicastResponsesToMulticastBroadcastsBlocked = true,
		InboundNotificationsBlocked = true,
		AuthorizedApplicationRulesFromGroupPolicyMerged = true,
		GlobalPortRulesFromGroupPolicyMerged = true,
		ConnectionSecurityRulesFromGroupPolicyMerged = true,
		OutboundConnectionsBlocked = true,
		InboundConnectionsBlocked = true,
		SecuredPacketExemptionAllowed = true,
		PolicyRulesFromGroupPolicyMerged = true,
	},
	DefenderAttackSurfaceReductionExcludedPaths = new List<string>
	{
		"Defender Attack Surface Reduction Excluded Paths value",
	},
	DefenderGuardedFoldersAllowedAppPaths = new List<string>
	{
		"Defender Guarded Folders Allowed App Paths value",
	},
	DefenderAdditionalGuardedFolders = new List<string>
	{
		"Defender Additional Guarded Folders value",
	},
	DefenderExploitProtectionXml = Convert.FromBase64String("ZGVmZW5kZXJFeHBsb2l0UHJvdGVjdGlvblhtbA=="),
	DefenderExploitProtectionXmlFileName = "Defender Exploit Protection Xml File Name value",
	DefenderSecurityCenterBlockExploitProtectionOverride = true,
	AppLockerApplicationControl = AppLockerApplicationControlType.EnforceComponentsAndStoreApps,
	SmartScreenEnableInShell = true,
	SmartScreenBlockOverrideForFiles = true,
	ApplicationGuardEnabled = true,
	ApplicationGuardBlockFileTransfer = ApplicationGuardBlockFileTransferType.BlockImageAndTextFile,
	ApplicationGuardBlockNonEnterpriseContent = true,
	ApplicationGuardAllowPersistence = true,
	ApplicationGuardForceAuditing = true,
	ApplicationGuardBlockClipboardSharing = ApplicationGuardBlockClipboardSharingType.BlockBoth,
	ApplicationGuardAllowPrintToPDF = true,
	ApplicationGuardAllowPrintToXPS = true,
	ApplicationGuardAllowPrintToLocalPrinters = true,
	ApplicationGuardAllowPrintToNetworkPrinters = true,
	BitLockerDisableWarningForOtherDiskEncryption = true,
	BitLockerEnableStorageCardEncryptionOnMobile = true,
	BitLockerEncryptDevice = true,
	BitLockerRemovableDrivePolicy = new BitLockerRemovableDrivePolicy
	{
		OdataType = "microsoft.graph.bitLockerRemovableDrivePolicy",
		EncryptionMethod = BitLockerEncryptionMethod.AesCbc256,
		RequireEncryptionForWriteAccess = true,
		BlockCrossOrganizationWriteAccess = true,
	},
};

// To initialize your graphClient, see https://learn.microsoft.com/en-us/graph/sdks/create-client?from=snippets&tabs=csharp
var result = await graphClient.DeviceManagement.DeviceConfigurations["{deviceConfiguration-id}"].PatchAsync(requestBody);

Подробнее о том, как добавить SDK в свой проект и создать экземпляр authProvider, см. в документации по SDK.

CLI

// THE CLI IS IN PREVIEW. NON-PRODUCTION USE ONLY
mgc device-management device-configurations patch --device-configuration-id {deviceConfiguration-id} --body '{\
  "@odata.type": "#microsoft.graph.windows10EndpointProtectionConfiguration",\
  "description": "Description value",\
  "displayName": "Display Name value",\
  "version": 7,\
  "firewallBlockStatefulFTP": true,\
  "firewallIdleTimeoutForSecurityAssociationInSeconds": 2,\
  "firewallPreSharedKeyEncodingMethod": "none",\
  "firewallIPSecExemptionsAllowNeighborDiscovery": true,\
  "firewallIPSecExemptionsAllowICMP": true,\
  "firewallIPSecExemptionsAllowRouterDiscovery": true,\
  "firewallIPSecExemptionsAllowDHCP": true,\
  "firewallCertificateRevocationListCheckMethod": "none",\
  "firewallMergeKeyingModuleSettings": true,\
  "firewallPacketQueueingMethod": "disabled",\
  "firewallProfileDomain": {\
    "@odata.type": "microsoft.graph.windowsFirewallNetworkProfile",\
    "firewallEnabled": "blocked",\
    "stealthModeBlocked": true,\
    "incomingTrafficBlocked": true,\
    "unicastResponsesToMulticastBroadcastsBlocked": true,\
    "inboundNotificationsBlocked": true,\
    "authorizedApplicationRulesFromGroupPolicyMerged": true,\
    "globalPortRulesFromGroupPolicyMerged": true,\
    "connectionSecurityRulesFromGroupPolicyMerged": true,\
    "outboundConnectionsBlocked": true,\
    "inboundConnectionsBlocked": true,\
    "securedPacketExemptionAllowed": true,\
    "policyRulesFromGroupPolicyMerged": true\
  },\
  "firewallProfilePublic": {\
    "@odata.type": "microsoft.graph.windowsFirewallNetworkProfile",\
    "firewallEnabled": "blocked",\
    "stealthModeBlocked": true,\
    "incomingTrafficBlocked": true,\
    "unicastResponsesToMulticastBroadcastsBlocked": true,\
    "inboundNotificationsBlocked": true,\
    "authorizedApplicationRulesFromGroupPolicyMerged": true,\
    "globalPortRulesFromGroupPolicyMerged": true,\
    "connectionSecurityRulesFromGroupPolicyMerged": true,\
    "outboundConnectionsBlocked": true,\
    "inboundConnectionsBlocked": true,\
    "securedPacketExemptionAllowed": true,\
    "policyRulesFromGroupPolicyMerged": true\
  },\
  "firewallProfilePrivate": {\
    "@odata.type": "microsoft.graph.windowsFirewallNetworkProfile",\
    "firewallEnabled": "blocked",\
    "stealthModeBlocked": true,\
    "incomingTrafficBlocked": true,\
    "unicastResponsesToMulticastBroadcastsBlocked": true,\
    "inboundNotificationsBlocked": true,\
    "authorizedApplicationRulesFromGroupPolicyMerged": true,\
    "globalPortRulesFromGroupPolicyMerged": true,\
    "connectionSecurityRulesFromGroupPolicyMerged": true,\
    "outboundConnectionsBlocked": true,\
    "inboundConnectionsBlocked": true,\
    "securedPacketExemptionAllowed": true,\
    "policyRulesFromGroupPolicyMerged": true\
  },\
  "defenderAttackSurfaceReductionExcludedPaths": [\
    "Defender Attack Surface Reduction Excluded Paths value"\
  ],\
  "defenderGuardedFoldersAllowedAppPaths": [\
    "Defender Guarded Folders Allowed App Paths value"\
  ],\
  "defenderAdditionalGuardedFolders": [\
    "Defender Additional Guarded Folders value"\
  ],\
  "defenderExploitProtectionXml": "ZGVmZW5kZXJFeHBsb2l0UHJvdGVjdGlvblhtbA==",\
  "defenderExploitProtectionXmlFileName": "Defender Exploit Protection Xml File Name value",\
  "defenderSecurityCenterBlockExploitProtectionOverride": true,\
  "appLockerApplicationControl": "enforceComponentsAndStoreApps",\
  "smartScreenEnableInShell": true,\
  "smartScreenBlockOverrideForFiles": true,\
  "applicationGuardEnabled": true,\
  "applicationGuardBlockFileTransfer": "blockImageAndTextFile",\
  "applicationGuardBlockNonEnterpriseContent": true,\
  "applicationGuardAllowPersistence": true,\
  "applicationGuardForceAuditing": true,\
  "applicationGuardBlockClipboardSharing": "blockBoth",\
  "applicationGuardAllowPrintToPDF": true,\
  "applicationGuardAllowPrintToXPS": true,\
  "applicationGuardAllowPrintToLocalPrinters": true,\
  "applicationGuardAllowPrintToNetworkPrinters": true,\
  "bitLockerDisableWarningForOtherDiskEncryption": true,\
  "bitLockerEnableStorageCardEncryptionOnMobile": true,\
  "bitLockerEncryptDevice": true,\
  "bitLockerRemovableDrivePolicy": {\
    "@odata.type": "microsoft.graph.bitLockerRemovableDrivePolicy",\
    "encryptionMethod": "aesCbc256",\
    "requireEncryptionForWriteAccess": true,\
    "blockCrossOrganizationWriteAccess": true\
  }\
}\
'

Подробнее о том, как добавить SDK в свой проект и создать экземпляр authProvider, см. в документации по SDK.

Go

import (
	  "context"
	  msgraphsdk "github.com/microsoftgraph/msgraph-sdk-go"
	  graphmodels "github.com/microsoftgraph/msgraph-sdk-go/models"
	  //other-imports
)

graphClient := msgraphsdk.NewGraphServiceClientWithCredentials(cred, scopes)


requestBody := graphmodels.NewDeviceConfiguration()
description := "Description value"
requestBody.SetDescription(&description) 
displayName := "Display Name value"
requestBody.SetDisplayName(&displayName) 
version := int32(7)
requestBody.SetVersion(&version) 
firewallBlockStatefulFTP := true
requestBody.SetFirewallBlockStatefulFTP(&firewallBlockStatefulFTP) 
firewallIdleTimeoutForSecurityAssociationInSeconds := int32(2)
requestBody.SetFirewallIdleTimeoutForSecurityAssociationInSeconds(&firewallIdleTimeoutForSecurityAssociationInSeconds) 
firewallPreSharedKeyEncodingMethod := graphmodels.NONE_FIREWALLPRESHAREDKEYENCODINGMETHODTYPE 
requestBody.SetFirewallPreSharedKeyEncodingMethod(&firewallPreSharedKeyEncodingMethod) 
firewallIPSecExemptionsAllowNeighborDiscovery := true
requestBody.SetFirewallIPSecExemptionsAllowNeighborDiscovery(&firewallIPSecExemptionsAllowNeighborDiscovery) 
firewallIPSecExemptionsAllowICMP := true
requestBody.SetFirewallIPSecExemptionsAllowICMP(&firewallIPSecExemptionsAllowICMP) 
firewallIPSecExemptionsAllowRouterDiscovery := true
requestBody.SetFirewallIPSecExemptionsAllowRouterDiscovery(&firewallIPSecExemptionsAllowRouterDiscovery) 
firewallIPSecExemptionsAllowDHCP := true
requestBody.SetFirewallIPSecExemptionsAllowDHCP(&firewallIPSecExemptionsAllowDHCP) 
firewallCertificateRevocationListCheckMethod := graphmodels.NONE_FIREWALLCERTIFICATEREVOCATIONLISTCHECKMETHODTYPE 
requestBody.SetFirewallCertificateRevocationListCheckMethod(&firewallCertificateRevocationListCheckMethod) 
firewallMergeKeyingModuleSettings := true
requestBody.SetFirewallMergeKeyingModuleSettings(&firewallMergeKeyingModuleSettings) 
firewallPacketQueueingMethod := graphmodels.DISABLED_FIREWALLPACKETQUEUEINGMETHODTYPE 
requestBody.SetFirewallPacketQueueingMethod(&firewallPacketQueueingMethod) 
firewallProfileDomain := graphmodels.NewWindowsFirewallNetworkProfile()
firewallEnabled := graphmodels.BLOCKED_STATEMANAGEMENTSETTING 
firewallProfileDomain.SetFirewallEnabled(&firewallEnabled) 
stealthModeBlocked := true
firewallProfileDomain.SetStealthModeBlocked(&stealthModeBlocked) 
incomingTrafficBlocked := true
firewallProfileDomain.SetIncomingTrafficBlocked(&incomingTrafficBlocked) 
unicastResponsesToMulticastBroadcastsBlocked := true
firewallProfileDomain.SetUnicastResponsesToMulticastBroadcastsBlocked(&unicastResponsesToMulticastBroadcastsBlocked) 
inboundNotificationsBlocked := true
firewallProfileDomain.SetInboundNotificationsBlocked(&inboundNotificationsBlocked) 
authorizedApplicationRulesFromGroupPolicyMerged := true
firewallProfileDomain.SetAuthorizedApplicationRulesFromGroupPolicyMerged(&authorizedApplicationRulesFromGroupPolicyMerged) 
globalPortRulesFromGroupPolicyMerged := true
firewallProfileDomain.SetGlobalPortRulesFromGroupPolicyMerged(&globalPortRulesFromGroupPolicyMerged) 
connectionSecurityRulesFromGroupPolicyMerged := true
firewallProfileDomain.SetConnectionSecurityRulesFromGroupPolicyMerged(&connectionSecurityRulesFromGroupPolicyMerged) 
outboundConnectionsBlocked := true
firewallProfileDomain.SetOutboundConnectionsBlocked(&outboundConnectionsBlocked) 
inboundConnectionsBlocked := true
firewallProfileDomain.SetInboundConnectionsBlocked(&inboundConnectionsBlocked) 
securedPacketExemptionAllowed := true
firewallProfileDomain.SetSecuredPacketExemptionAllowed(&securedPacketExemptionAllowed) 
policyRulesFromGroupPolicyMerged := true
firewallProfileDomain.SetPolicyRulesFromGroupPolicyMerged(&policyRulesFromGroupPolicyMerged) 
requestBody.SetFirewallProfileDomain(firewallProfileDomain)
firewallProfilePublic := graphmodels.NewWindowsFirewallNetworkProfile()
firewallEnabled := graphmodels.BLOCKED_STATEMANAGEMENTSETTING 
firewallProfilePublic.SetFirewallEnabled(&firewallEnabled) 
stealthModeBlocked := true
firewallProfilePublic.SetStealthModeBlocked(&stealthModeBlocked) 
incomingTrafficBlocked := true
firewallProfilePublic.SetIncomingTrafficBlocked(&incomingTrafficBlocked) 
unicastResponsesToMulticastBroadcastsBlocked := true
firewallProfilePublic.SetUnicastResponsesToMulticastBroadcastsBlocked(&unicastResponsesToMulticastBroadcastsBlocked) 
inboundNotificationsBlocked := true
firewallProfilePublic.SetInboundNotificationsBlocked(&inboundNotificationsBlocked) 
authorizedApplicationRulesFromGroupPolicyMerged := true
firewallProfilePublic.SetAuthorizedApplicationRulesFromGroupPolicyMerged(&authorizedApplicationRulesFromGroupPolicyMerged) 
globalPortRulesFromGroupPolicyMerged := true
firewallProfilePublic.SetGlobalPortRulesFromGroupPolicyMerged(&globalPortRulesFromGroupPolicyMerged) 
connectionSecurityRulesFromGroupPolicyMerged := true
firewallProfilePublic.SetConnectionSecurityRulesFromGroupPolicyMerged(&connectionSecurityRulesFromGroupPolicyMerged) 
outboundConnectionsBlocked := true
firewallProfilePublic.SetOutboundConnectionsBlocked(&outboundConnectionsBlocked) 
inboundConnectionsBlocked := true
firewallProfilePublic.SetInboundConnectionsBlocked(&inboundConnectionsBlocked) 
securedPacketExemptionAllowed := true
firewallProfilePublic.SetSecuredPacketExemptionAllowed(&securedPacketExemptionAllowed) 
policyRulesFromGroupPolicyMerged := true
firewallProfilePublic.SetPolicyRulesFromGroupPolicyMerged(&policyRulesFromGroupPolicyMerged) 
requestBody.SetFirewallProfilePublic(firewallProfilePublic)
firewallProfilePrivate := graphmodels.NewWindowsFirewallNetworkProfile()
firewallEnabled := graphmodels.BLOCKED_STATEMANAGEMENTSETTING 
firewallProfilePrivate.SetFirewallEnabled(&firewallEnabled) 
stealthModeBlocked := true
firewallProfilePrivate.SetStealthModeBlocked(&stealthModeBlocked) 
incomingTrafficBlocked := true
firewallProfilePrivate.SetIncomingTrafficBlocked(&incomingTrafficBlocked) 
unicastResponsesToMulticastBroadcastsBlocked := true
firewallProfilePrivate.SetUnicastResponsesToMulticastBroadcastsBlocked(&unicastResponsesToMulticastBroadcastsBlocked) 
inboundNotificationsBlocked := true
firewallProfilePrivate.SetInboundNotificationsBlocked(&inboundNotificationsBlocked) 
authorizedApplicationRulesFromGroupPolicyMerged := true
firewallProfilePrivate.SetAuthorizedApplicationRulesFromGroupPolicyMerged(&authorizedApplicationRulesFromGroupPolicyMerged) 
globalPortRulesFromGroupPolicyMerged := true
firewallProfilePrivate.SetGlobalPortRulesFromGroupPolicyMerged(&globalPortRulesFromGroupPolicyMerged) 
connectionSecurityRulesFromGroupPolicyMerged := true
firewallProfilePrivate.SetConnectionSecurityRulesFromGroupPolicyMerged(&connectionSecurityRulesFromGroupPolicyMerged) 
outboundConnectionsBlocked := true
firewallProfilePrivate.SetOutboundConnectionsBlocked(&outboundConnectionsBlocked) 
inboundConnectionsBlocked := true
firewallProfilePrivate.SetInboundConnectionsBlocked(&inboundConnectionsBlocked) 
securedPacketExemptionAllowed := true
firewallProfilePrivate.SetSecuredPacketExemptionAllowed(&securedPacketExemptionAllowed) 
policyRulesFromGroupPolicyMerged := true
firewallProfilePrivate.SetPolicyRulesFromGroupPolicyMerged(&policyRulesFromGroupPolicyMerged) 
requestBody.SetFirewallProfilePrivate(firewallProfilePrivate)
defenderAttackSurfaceReductionExcludedPaths := []string {
	"Defender Attack Surface Reduction Excluded Paths value",
}
requestBody.SetDefenderAttackSurfaceReductionExcludedPaths(defenderAttackSurfaceReductionExcludedPaths)
defenderGuardedFoldersAllowedAppPaths := []string {
	"Defender Guarded Folders Allowed App Paths value",
}
requestBody.SetDefenderGuardedFoldersAllowedAppPaths(defenderGuardedFoldersAllowedAppPaths)
defenderAdditionalGuardedFolders := []string {
	"Defender Additional Guarded Folders value",
}
requestBody.SetDefenderAdditionalGuardedFolders(defenderAdditionalGuardedFolders)
defenderExploitProtectionXml := []byte("zGVmZW5kZXJFeHBsb2l0UHJvdGVjdGlvblhtbA==")
requestBody.SetDefenderExploitProtectionXml(&defenderExploitProtectionXml) 
defenderExploitProtectionXmlFileName := "Defender Exploit Protection Xml File Name value"
requestBody.SetDefenderExploitProtectionXmlFileName(&defenderExploitProtectionXmlFileName) 
defenderSecurityCenterBlockExploitProtectionOverride := true
requestBody.SetDefenderSecurityCenterBlockExploitProtectionOverride(&defenderSecurityCenterBlockExploitProtectionOverride) 
appLockerApplicationControl := graphmodels.ENFORCECOMPONENTSANDSTOREAPPS_APPLOCKERAPPLICATIONCONTROLTYPE 
requestBody.SetAppLockerApplicationControl(&appLockerApplicationControl) 
smartScreenEnableInShell := true
requestBody.SetSmartScreenEnableInShell(&smartScreenEnableInShell) 
smartScreenBlockOverrideForFiles := true
requestBody.SetSmartScreenBlockOverrideForFiles(&smartScreenBlockOverrideForFiles) 
applicationGuardEnabled := true
requestBody.SetApplicationGuardEnabled(&applicationGuardEnabled) 
applicationGuardBlockFileTransfer := graphmodels.BLOCKIMAGEANDTEXTFILE_APPLICATIONGUARDBLOCKFILETRANSFERTYPE 
requestBody.SetApplicationGuardBlockFileTransfer(&applicationGuardBlockFileTransfer) 
applicationGuardBlockNonEnterpriseContent := true
requestBody.SetApplicationGuardBlockNonEnterpriseContent(&applicationGuardBlockNonEnterpriseContent) 
applicationGuardAllowPersistence := true
requestBody.SetApplicationGuardAllowPersistence(&applicationGuardAllowPersistence) 
applicationGuardForceAuditing := true
requestBody.SetApplicationGuardForceAuditing(&applicationGuardForceAuditing) 
applicationGuardBlockClipboardSharing := graphmodels.BLOCKBOTH_APPLICATIONGUARDBLOCKCLIPBOARDSHARINGTYPE 
requestBody.SetApplicationGuardBlockClipboardSharing(&applicationGuardBlockClipboardSharing) 
applicationGuardAllowPrintToPDF := true
requestBody.SetApplicationGuardAllowPrintToPDF(&applicationGuardAllowPrintToPDF) 
applicationGuardAllowPrintToXPS := true
requestBody.SetApplicationGuardAllowPrintToXPS(&applicationGuardAllowPrintToXPS) 
applicationGuardAllowPrintToLocalPrinters := true
requestBody.SetApplicationGuardAllowPrintToLocalPrinters(&applicationGuardAllowPrintToLocalPrinters) 
applicationGuardAllowPrintToNetworkPrinters := true
requestBody.SetApplicationGuardAllowPrintToNetworkPrinters(&applicationGuardAllowPrintToNetworkPrinters) 
bitLockerDisableWarningForOtherDiskEncryption := true
requestBody.SetBitLockerDisableWarningForOtherDiskEncryption(&bitLockerDisableWarningForOtherDiskEncryption) 
bitLockerEnableStorageCardEncryptionOnMobile := true
requestBody.SetBitLockerEnableStorageCardEncryptionOnMobile(&bitLockerEnableStorageCardEncryptionOnMobile) 
bitLockerEncryptDevice := true
requestBody.SetBitLockerEncryptDevice(&bitLockerEncryptDevice) 
bitLockerRemovableDrivePolicy := graphmodels.NewBitLockerRemovableDrivePolicy()
encryptionMethod := graphmodels.AESCBC256_BITLOCKERENCRYPTIONMETHOD 
bitLockerRemovableDrivePolicy.SetEncryptionMethod(&encryptionMethod) 
requireEncryptionForWriteAccess := true
bitLockerRemovableDrivePolicy.SetRequireEncryptionForWriteAccess(&requireEncryptionForWriteAccess) 
blockCrossOrganizationWriteAccess := true
bitLockerRemovableDrivePolicy.SetBlockCrossOrganizationWriteAccess(&blockCrossOrganizationWriteAccess) 
requestBody.SetBitLockerRemovableDrivePolicy(bitLockerRemovableDrivePolicy)

deviceConfigurations, err := graphClient.DeviceManagement().DeviceConfigurations().ByDeviceConfigurationId("deviceConfiguration-id").Patch(context.Background(), requestBody, nil)

Подробнее о том, как добавить SDK в свой проект и создать экземпляр authProvider, см. в документации по SDK.

Java

// Code snippets are only available for the latest version. Current version is 6.x

GraphServiceClient graphClient = new GraphServiceClient(requestAdapter);

Windows10EndpointProtectionConfiguration deviceConfiguration = new Windows10EndpointProtectionConfiguration();
deviceConfiguration.setOdataType("#microsoft.graph.windows10EndpointProtectionConfiguration");
deviceConfiguration.setDescription("Description value");
deviceConfiguration.setDisplayName("Display Name value");
deviceConfiguration.setVersion(7);
deviceConfiguration.setFirewallBlockStatefulFTP(true);
deviceConfiguration.setFirewallIdleTimeoutForSecurityAssociationInSeconds(2);
deviceConfiguration.setFirewallPreSharedKeyEncodingMethod(FirewallPreSharedKeyEncodingMethodType.None);
deviceConfiguration.setFirewallIPSecExemptionsAllowNeighborDiscovery(true);
deviceConfiguration.setFirewallIPSecExemptionsAllowICMP(true);
deviceConfiguration.setFirewallIPSecExemptionsAllowRouterDiscovery(true);
deviceConfiguration.setFirewallIPSecExemptionsAllowDHCP(true);
deviceConfiguration.setFirewallCertificateRevocationListCheckMethod(FirewallCertificateRevocationListCheckMethodType.None);
deviceConfiguration.setFirewallMergeKeyingModuleSettings(true);
deviceConfiguration.setFirewallPacketQueueingMethod(FirewallPacketQueueingMethodType.Disabled);
WindowsFirewallNetworkProfile firewallProfileDomain = new WindowsFirewallNetworkProfile();
firewallProfileDomain.setOdataType("microsoft.graph.windowsFirewallNetworkProfile");
firewallProfileDomain.setFirewallEnabled(StateManagementSetting.Blocked);
firewallProfileDomain.setStealthModeBlocked(true);
firewallProfileDomain.setIncomingTrafficBlocked(true);
firewallProfileDomain.setUnicastResponsesToMulticastBroadcastsBlocked(true);
firewallProfileDomain.setInboundNotificationsBlocked(true);
firewallProfileDomain.setAuthorizedApplicationRulesFromGroupPolicyMerged(true);
firewallProfileDomain.setGlobalPortRulesFromGroupPolicyMerged(true);
firewallProfileDomain.setConnectionSecurityRulesFromGroupPolicyMerged(true);
firewallProfileDomain.setOutboundConnectionsBlocked(true);
firewallProfileDomain.setInboundConnectionsBlocked(true);
firewallProfileDomain.setSecuredPacketExemptionAllowed(true);
firewallProfileDomain.setPolicyRulesFromGroupPolicyMerged(true);
deviceConfiguration.setFirewallProfileDomain(firewallProfileDomain);
WindowsFirewallNetworkProfile firewallProfilePublic = new WindowsFirewallNetworkProfile();
firewallProfilePublic.setOdataType("microsoft.graph.windowsFirewallNetworkProfile");
firewallProfilePublic.setFirewallEnabled(StateManagementSetting.Blocked);
firewallProfilePublic.setStealthModeBlocked(true);
firewallProfilePublic.setIncomingTrafficBlocked(true);
firewallProfilePublic.setUnicastResponsesToMulticastBroadcastsBlocked(true);
firewallProfilePublic.setInboundNotificationsBlocked(true);
firewallProfilePublic.setAuthorizedApplicationRulesFromGroupPolicyMerged(true);
firewallProfilePublic.setGlobalPortRulesFromGroupPolicyMerged(true);
firewallProfilePublic.setConnectionSecurityRulesFromGroupPolicyMerged(true);
firewallProfilePublic.setOutboundConnectionsBlocked(true);
firewallProfilePublic.setInboundConnectionsBlocked(true);
firewallProfilePublic.setSecuredPacketExemptionAllowed(true);
firewallProfilePublic.setPolicyRulesFromGroupPolicyMerged(true);
deviceConfiguration.setFirewallProfilePublic(firewallProfilePublic);
WindowsFirewallNetworkProfile firewallProfilePrivate = new WindowsFirewallNetworkProfile();
firewallProfilePrivate.setOdataType("microsoft.graph.windowsFirewallNetworkProfile");
firewallProfilePrivate.setFirewallEnabled(StateManagementSetting.Blocked);
firewallProfilePrivate.setStealthModeBlocked(true);
firewallProfilePrivate.setIncomingTrafficBlocked(true);
firewallProfilePrivate.setUnicastResponsesToMulticastBroadcastsBlocked(true);
firewallProfilePrivate.setInboundNotificationsBlocked(true);
firewallProfilePrivate.setAuthorizedApplicationRulesFromGroupPolicyMerged(true);
firewallProfilePrivate.setGlobalPortRulesFromGroupPolicyMerged(true);
firewallProfilePrivate.setConnectionSecurityRulesFromGroupPolicyMerged(true);
firewallProfilePrivate.setOutboundConnectionsBlocked(true);
firewallProfilePrivate.setInboundConnectionsBlocked(true);
firewallProfilePrivate.setSecuredPacketExemptionAllowed(true);
firewallProfilePrivate.setPolicyRulesFromGroupPolicyMerged(true);
deviceConfiguration.setFirewallProfilePrivate(firewallProfilePrivate);
LinkedList<String> defenderAttackSurfaceReductionExcludedPaths = new LinkedList<String>();
defenderAttackSurfaceReductionExcludedPaths.add("Defender Attack Surface Reduction Excluded Paths value");
deviceConfiguration.setDefenderAttackSurfaceReductionExcludedPaths(defenderAttackSurfaceReductionExcludedPaths);
LinkedList<String> defenderGuardedFoldersAllowedAppPaths = new LinkedList<String>();
defenderGuardedFoldersAllowedAppPaths.add("Defender Guarded Folders Allowed App Paths value");
deviceConfiguration.setDefenderGuardedFoldersAllowedAppPaths(defenderGuardedFoldersAllowedAppPaths);
LinkedList<String> defenderAdditionalGuardedFolders = new LinkedList<String>();
defenderAdditionalGuardedFolders.add("Defender Additional Guarded Folders value");
deviceConfiguration.setDefenderAdditionalGuardedFolders(defenderAdditionalGuardedFolders);
byte[] defenderExploitProtectionXml = Base64.getDecoder().decode("ZGVmZW5kZXJFeHBsb2l0UHJvdGVjdGlvblhtbA==");
deviceConfiguration.setDefenderExploitProtectionXml(defenderExploitProtectionXml);
deviceConfiguration.setDefenderExploitProtectionXmlFileName("Defender Exploit Protection Xml File Name value");
deviceConfiguration.setDefenderSecurityCenterBlockExploitProtectionOverride(true);
deviceConfiguration.setAppLockerApplicationControl(AppLockerApplicationControlType.EnforceComponentsAndStoreApps);
deviceConfiguration.setSmartScreenEnableInShell(true);
deviceConfiguration.setSmartScreenBlockOverrideForFiles(true);
deviceConfiguration.setApplicationGuardEnabled(true);
deviceConfiguration.setApplicationGuardBlockFileTransfer(ApplicationGuardBlockFileTransferType.BlockImageAndTextFile);
deviceConfiguration.setApplicationGuardBlockNonEnterpriseContent(true);
deviceConfiguration.setApplicationGuardAllowPersistence(true);
deviceConfiguration.setApplicationGuardForceAuditing(true);
deviceConfiguration.setApplicationGuardBlockClipboardSharing(ApplicationGuardBlockClipboardSharingType.BlockBoth);
deviceConfiguration.setApplicationGuardAllowPrintToPDF(true);
deviceConfiguration.setApplicationGuardAllowPrintToXPS(true);
deviceConfiguration.setApplicationGuardAllowPrintToLocalPrinters(true);
deviceConfiguration.setApplicationGuardAllowPrintToNetworkPrinters(true);
deviceConfiguration.setBitLockerDisableWarningForOtherDiskEncryption(true);
deviceConfiguration.setBitLockerEnableStorageCardEncryptionOnMobile(true);
deviceConfiguration.setBitLockerEncryptDevice(true);
BitLockerRemovableDrivePolicy bitLockerRemovableDrivePolicy = new BitLockerRemovableDrivePolicy();
bitLockerRemovableDrivePolicy.setOdataType("microsoft.graph.bitLockerRemovableDrivePolicy");
bitLockerRemovableDrivePolicy.setEncryptionMethod(BitLockerEncryptionMethod.AesCbc256);
bitLockerRemovableDrivePolicy.setRequireEncryptionForWriteAccess(true);
bitLockerRemovableDrivePolicy.setBlockCrossOrganizationWriteAccess(true);
deviceConfiguration.setBitLockerRemovableDrivePolicy(bitLockerRemovableDrivePolicy);
DeviceConfiguration result = graphClient.deviceManagement().deviceConfigurations().byDeviceConfigurationId("{deviceConfiguration-id}").patch(deviceConfiguration);

Подробнее о том, как добавить SDK в свой проект и создать экземпляр authProvider, см. в документации по SDK.

JavaScript

const options = {
	authProvider,
};

const client = Client.init(options);

const deviceConfiguration = {
  '@odata.type': '#microsoft.graph.windows10EndpointProtectionConfiguration',
  description: 'Description value',
  displayName: 'Display Name value',
  version: 7,
  firewallBlockStatefulFTP: true,
  firewallIdleTimeoutForSecurityAssociationInSeconds: 2,
  firewallPreSharedKeyEncodingMethod: 'none',
  firewallIPSecExemptionsAllowNeighborDiscovery: true,
  firewallIPSecExemptionsAllowICMP: true,
  firewallIPSecExemptionsAllowRouterDiscovery: true,
  firewallIPSecExemptionsAllowDHCP: true,
  firewallCertificateRevocationListCheckMethod: 'none',
  firewallMergeKeyingModuleSettings: true,
  firewallPacketQueueingMethod: 'disabled',
  firewallProfileDomain: {
    '@odata.type': 'microsoft.graph.windowsFirewallNetworkProfile',
    firewallEnabled: 'blocked',
    stealthModeBlocked: true,
    incomingTrafficBlocked: true,
    unicastResponsesToMulticastBroadcastsBlocked: true,
    inboundNotificationsBlocked: true,
    authorizedApplicationRulesFromGroupPolicyMerged: true,
    globalPortRulesFromGroupPolicyMerged: true,
    connectionSecurityRulesFromGroupPolicyMerged: true,
    outboundConnectionsBlocked: true,
    inboundConnectionsBlocked: true,
    securedPacketExemptionAllowed: true,
    policyRulesFromGroupPolicyMerged: true
  },
  firewallProfilePublic: {
    '@odata.type': 'microsoft.graph.windowsFirewallNetworkProfile',
    firewallEnabled: 'blocked',
    stealthModeBlocked: true,
    incomingTrafficBlocked: true,
    unicastResponsesToMulticastBroadcastsBlocked: true,
    inboundNotificationsBlocked: true,
    authorizedApplicationRulesFromGroupPolicyMerged: true,
    globalPortRulesFromGroupPolicyMerged: true,
    connectionSecurityRulesFromGroupPolicyMerged: true,
    outboundConnectionsBlocked: true,
    inboundConnectionsBlocked: true,
    securedPacketExemptionAllowed: true,
    policyRulesFromGroupPolicyMerged: true
  },
  firewallProfilePrivate: {
    '@odata.type': 'microsoft.graph.windowsFirewallNetworkProfile',
    firewallEnabled: 'blocked',
    stealthModeBlocked: true,
    incomingTrafficBlocked: true,
    unicastResponsesToMulticastBroadcastsBlocked: true,
    inboundNotificationsBlocked: true,
    authorizedApplicationRulesFromGroupPolicyMerged: true,
    globalPortRulesFromGroupPolicyMerged: true,
    connectionSecurityRulesFromGroupPolicyMerged: true,
    outboundConnectionsBlocked: true,
    inboundConnectionsBlocked: true,
    securedPacketExemptionAllowed: true,
    policyRulesFromGroupPolicyMerged: true
  },
  defenderAttackSurfaceReductionExcludedPaths: [
    'Defender Attack Surface Reduction Excluded Paths value'
  ],
  defenderGuardedFoldersAllowedAppPaths: [
    'Defender Guarded Folders Allowed App Paths value'
  ],
  defenderAdditionalGuardedFolders: [
    'Defender Additional Guarded Folders value'
  ],
  defenderExploitProtectionXml: 'ZGVmZW5kZXJFeHBsb2l0UHJvdGVjdGlvblhtbA==',
  defenderExploitProtectionXmlFileName: 'Defender Exploit Protection Xml File Name value',
  defenderSecurityCenterBlockExploitProtectionOverride: true,
  appLockerApplicationControl: 'enforceComponentsAndStoreApps',
  smartScreenEnableInShell: true,
  smartScreenBlockOverrideForFiles: true,
  applicationGuardEnabled: true,
  applicationGuardBlockFileTransfer: 'blockImageAndTextFile',
  applicationGuardBlockNonEnterpriseContent: true,
  applicationGuardAllowPersistence: true,
  applicationGuardForceAuditing: true,
  applicationGuardBlockClipboardSharing: 'blockBoth',
  applicationGuardAllowPrintToPDF: true,
  applicationGuardAllowPrintToXPS: true,
  applicationGuardAllowPrintToLocalPrinters: true,
  applicationGuardAllowPrintToNetworkPrinters: true,
  bitLockerDisableWarningForOtherDiskEncryption: true,
  bitLockerEnableStorageCardEncryptionOnMobile: true,
  bitLockerEncryptDevice: true,
  bitLockerRemovableDrivePolicy: {
    '@odata.type': 'microsoft.graph.bitLockerRemovableDrivePolicy',
    encryptionMethod: 'aesCbc256',
    requireEncryptionForWriteAccess: true,
    blockCrossOrganizationWriteAccess: true
  }
};

await client.api('/deviceManagement/deviceConfigurations/{deviceConfigurationId}')
	.update(deviceConfiguration);

Подробнее о том, как добавить SDK в свой проект и создать экземпляр authProvider, см. в документации по SDK.

PHP

<?php
use Microsoft\Graph\GraphServiceClient;
use Microsoft\Graph\Generated\Models\Windows10EndpointProtectionConfiguration;
use Microsoft\Graph\Generated\Models\WindowsFirewallNetworkProfile;
use Microsoft\Graph\Generated\Models\BitLockerRemovableDrivePolicy;


$graphServiceClient = new GraphServiceClient($tokenRequestContext, $scopes);

$requestBody = new Windows10EndpointProtectionConfiguration();
$requestBody->setOdataType('#microsoft.graph.windows10EndpointProtectionConfiguration');
$requestBody->setDescription('Description value');
$requestBody->setDisplayName('Display Name value');
$requestBody->setVersion(7);
$requestBody->setFirewallBlockStatefulFTP(true);
$requestBody->setFirewallIdleTimeoutForSecurityAssociationInSeconds(2);
$requestBody->setFirewallPreSharedKeyEncodingMethod(new FirewallPreSharedKeyEncodingMethodType('none'));
$requestBody->setFirewallIPSecExemptionsAllowNeighborDiscovery(true);
$requestBody->setFirewallIPSecExemptionsAllowICMP(true);
$requestBody->setFirewallIPSecExemptionsAllowRouterDiscovery(true);
$requestBody->setFirewallIPSecExemptionsAllowDHCP(true);
$requestBody->setFirewallCertificateRevocationListCheckMethod(new FirewallCertificateRevocationListCheckMethodType('none'));
$requestBody->setFirewallMergeKeyingModuleSettings(true);
$requestBody->setFirewallPacketQueueingMethod(new FirewallPacketQueueingMethodType('disabled'));
$firewallProfileDomain = new WindowsFirewallNetworkProfile();
$firewallProfileDomain->setOdataType('microsoft.graph.windowsFirewallNetworkProfile');
$firewallProfileDomain->setFirewallEnabled(new StateManagementSetting('blocked'));
$firewallProfileDomain->setStealthModeBlocked(true);
$firewallProfileDomain->setIncomingTrafficBlocked(true);
$firewallProfileDomain->setUnicastResponsesToMulticastBroadcastsBlocked(true);
$firewallProfileDomain->setInboundNotificationsBlocked(true);
$firewallProfileDomain->setAuthorizedApplicationRulesFromGroupPolicyMerged(true);
$firewallProfileDomain->setGlobalPortRulesFromGroupPolicyMerged(true);
$firewallProfileDomain->setConnectionSecurityRulesFromGroupPolicyMerged(true);
$firewallProfileDomain->setOutboundConnectionsBlocked(true);
$firewallProfileDomain->setInboundConnectionsBlocked(true);
$firewallProfileDomain->setSecuredPacketExemptionAllowed(true);
$firewallProfileDomain->setPolicyRulesFromGroupPolicyMerged(true);
$requestBody->setFirewallProfileDomain($firewallProfileDomain);
$firewallProfilePublic = new WindowsFirewallNetworkProfile();
$firewallProfilePublic->setOdataType('microsoft.graph.windowsFirewallNetworkProfile');
$firewallProfilePublic->setFirewallEnabled(new StateManagementSetting('blocked'));
$firewallProfilePublic->setStealthModeBlocked(true);
$firewallProfilePublic->setIncomingTrafficBlocked(true);
$firewallProfilePublic->setUnicastResponsesToMulticastBroadcastsBlocked(true);
$firewallProfilePublic->setInboundNotificationsBlocked(true);
$firewallProfilePublic->setAuthorizedApplicationRulesFromGroupPolicyMerged(true);
$firewallProfilePublic->setGlobalPortRulesFromGroupPolicyMerged(true);
$firewallProfilePublic->setConnectionSecurityRulesFromGroupPolicyMerged(true);
$firewallProfilePublic->setOutboundConnectionsBlocked(true);
$firewallProfilePublic->setInboundConnectionsBlocked(true);
$firewallProfilePublic->setSecuredPacketExemptionAllowed(true);
$firewallProfilePublic->setPolicyRulesFromGroupPolicyMerged(true);
$requestBody->setFirewallProfilePublic($firewallProfilePublic);
$firewallProfilePrivate = new WindowsFirewallNetworkProfile();
$firewallProfilePrivate->setOdataType('microsoft.graph.windowsFirewallNetworkProfile');
$firewallProfilePrivate->setFirewallEnabled(new StateManagementSetting('blocked'));
$firewallProfilePrivate->setStealthModeBlocked(true);
$firewallProfilePrivate->setIncomingTrafficBlocked(true);
$firewallProfilePrivate->setUnicastResponsesToMulticastBroadcastsBlocked(true);
$firewallProfilePrivate->setInboundNotificationsBlocked(true);
$firewallProfilePrivate->setAuthorizedApplicationRulesFromGroupPolicyMerged(true);
$firewallProfilePrivate->setGlobalPortRulesFromGroupPolicyMerged(true);
$firewallProfilePrivate->setConnectionSecurityRulesFromGroupPolicyMerged(true);
$firewallProfilePrivate->setOutboundConnectionsBlocked(true);
$firewallProfilePrivate->setInboundConnectionsBlocked(true);
$firewallProfilePrivate->setSecuredPacketExemptionAllowed(true);
$firewallProfilePrivate->setPolicyRulesFromGroupPolicyMerged(true);
$requestBody->setFirewallProfilePrivate($firewallProfilePrivate);
$requestBody->setDefenderAttackSurfaceReductionExcludedPaths(['Defender Attack Surface Reduction Excluded Paths value', 	]);
$requestBody->setDefenderGuardedFoldersAllowedAppPaths(['Defender Guarded Folders Allowed App Paths value', 	]);
$requestBody->setDefenderAdditionalGuardedFolders(['Defender Additional Guarded Folders value', 	]);
$requestBody->setDefenderExploitProtectionXml(\GuzzleHttp\Psr7\Utils::streamFor(base64_decode('ZGVmZW5kZXJFeHBsb2l0UHJvdGVjdGlvblhtbA==')));
$requestBody->setDefenderExploitProtectionXmlFileName('Defender Exploit Protection Xml File Name value');
$requestBody->setDefenderSecurityCenterBlockExploitProtectionOverride(true);
$requestBody->setAppLockerApplicationControl(new AppLockerApplicationControlType('enforceComponentsAndStoreApps'));
$requestBody->setSmartScreenEnableInShell(true);
$requestBody->setSmartScreenBlockOverrideForFiles(true);
$requestBody->setApplicationGuardEnabled(true);
$requestBody->setApplicationGuardBlockFileTransfer(new ApplicationGuardBlockFileTransferType('blockImageAndTextFile'));
$requestBody->setApplicationGuardBlockNonEnterpriseContent(true);
$requestBody->setApplicationGuardAllowPersistence(true);
$requestBody->setApplicationGuardForceAuditing(true);
$requestBody->setApplicationGuardBlockClipboardSharing(new ApplicationGuardBlockClipboardSharingType('blockBoth'));
$requestBody->setApplicationGuardAllowPrintToPDF(true);
$requestBody->setApplicationGuardAllowPrintToXPS(true);
$requestBody->setApplicationGuardAllowPrintToLocalPrinters(true);
$requestBody->setApplicationGuardAllowPrintToNetworkPrinters(true);
$requestBody->setBitLockerDisableWarningForOtherDiskEncryption(true);
$requestBody->setBitLockerEnableStorageCardEncryptionOnMobile(true);
$requestBody->setBitLockerEncryptDevice(true);
$bitLockerRemovableDrivePolicy = new BitLockerRemovableDrivePolicy();
$bitLockerRemovableDrivePolicy->setOdataType('microsoft.graph.bitLockerRemovableDrivePolicy');
$bitLockerRemovableDrivePolicy->setEncryptionMethod(new BitLockerEncryptionMethod('aesCbc256'));
$bitLockerRemovableDrivePolicy->setRequireEncryptionForWriteAccess(true);
$bitLockerRemovableDrivePolicy->setBlockCrossOrganizationWriteAccess(true);
$requestBody->setBitLockerRemovableDrivePolicy($bitLockerRemovableDrivePolicy);

$result = $graphServiceClient->deviceManagement()->deviceConfigurations()->byDeviceConfigurationId('deviceConfiguration-id')->patch($requestBody)->wait();

Подробнее о том, как добавить SDK в свой проект и создать экземпляр authProvider, см. в документации по SDK.

PowerShell

Import-Module Microsoft.Graph.DeviceManagement

$params = @{
	"@odata.type" = "#microsoft.graph.windows10EndpointProtectionConfiguration"
	description = "Description value"
	displayName = "Display Name value"
	version = 7
	firewallBlockStatefulFTP = $true
	firewallIdleTimeoutForSecurityAssociationInSeconds = 
	firewallPreSharedKeyEncodingMethod = "none"
	firewallIPSecExemptionsAllowNeighborDiscovery = $true
	firewallIPSecExemptionsAllowICMP = $true
	firewallIPSecExemptionsAllowRouterDiscovery = $true
	firewallIPSecExemptionsAllowDHCP = $true
	firewallCertificateRevocationListCheckMethod = "none"
	firewallMergeKeyingModuleSettings = $true
	firewallPacketQueueingMethod = "disabled"
	firewallProfileDomain = @{
		"@odata.type" = "microsoft.graph.windowsFirewallNetworkProfile"
		firewallEnabled = "blocked"
		stealthModeBlocked = $true
		incomingTrafficBlocked = $true
		unicastResponsesToMulticastBroadcastsBlocked = $true
		inboundNotificationsBlocked = $true
		authorizedApplicationRulesFromGroupPolicyMerged = $true
		globalPortRulesFromGroupPolicyMerged = $true
		connectionSecurityRulesFromGroupPolicyMerged = $true
		outboundConnectionsBlocked = $true
		inboundConnectionsBlocked = $true
		securedPacketExemptionAllowed = $true
		policyRulesFromGroupPolicyMerged = $true
	}
	firewallProfilePublic = @{
		"@odata.type" = "microsoft.graph.windowsFirewallNetworkProfile"
		firewallEnabled = "blocked"
		stealthModeBlocked = $true
		incomingTrafficBlocked = $true
		unicastResponsesToMulticastBroadcastsBlocked = $true
		inboundNotificationsBlocked = $true
		authorizedApplicationRulesFromGroupPolicyMerged = $true
		globalPortRulesFromGroupPolicyMerged = $true
		connectionSecurityRulesFromGroupPolicyMerged = $true
		outboundConnectionsBlocked = $true
		inboundConnectionsBlocked = $true
		securedPacketExemptionAllowed = $true
		policyRulesFromGroupPolicyMerged = $true
	}
	firewallProfilePrivate = @{
		"@odata.type" = "microsoft.graph.windowsFirewallNetworkProfile"
		firewallEnabled = "blocked"
		stealthModeBlocked = $true
		incomingTrafficBlocked = $true
		unicastResponsesToMulticastBroadcastsBlocked = $true
		inboundNotificationsBlocked = $true
		authorizedApplicationRulesFromGroupPolicyMerged = $true
		globalPortRulesFromGroupPolicyMerged = $true
		connectionSecurityRulesFromGroupPolicyMerged = $true
		outboundConnectionsBlocked = $true
		inboundConnectionsBlocked = $true
		securedPacketExemptionAllowed = $true
		policyRulesFromGroupPolicyMerged = $true
	}
	defenderAttackSurfaceReductionExcludedPaths = @(
	"Defender Attack Surface Reduction Excluded Paths value"
)
defenderGuardedFoldersAllowedAppPaths = @(
"Defender Guarded Folders Allowed App Paths value"
)
defenderAdditionalGuardedFolders = @(
"Defender Additional Guarded Folders value"
)
defenderExploitProtectionXml = "ZGVmZW5kZXJFeHBsb2l0UHJvdGVjdGlvblhtbA=="
defenderExploitProtectionXmlFileName = "Defender Exploit Protection Xml File Name value"
defenderSecurityCenterBlockExploitProtectionOverride = $true
appLockerApplicationControl = "enforceComponentsAndStoreApps"
smartScreenEnableInShell = $true
smartScreenBlockOverrideForFiles = $true
applicationGuardEnabled = $true
applicationGuardBlockFileTransfer = "blockImageAndTextFile"
applicationGuardBlockNonEnterpriseContent = $true
applicationGuardAllowPersistence = $true
applicationGuardForceAuditing = $true
applicationGuardBlockClipboardSharing = "blockBoth"
applicationGuardAllowPrintToPDF = $true
applicationGuardAllowPrintToXPS = $true
applicationGuardAllowPrintToLocalPrinters = $true
applicationGuardAllowPrintToNetworkPrinters = $true
bitLockerDisableWarningForOtherDiskEncryption = $true
bitLockerEnableStorageCardEncryptionOnMobile = $true
bitLockerEncryptDevice = $true
bitLockerRemovableDrivePolicy = @{
"@odata.type" = "microsoft.graph.bitLockerRemovableDrivePolicy"
encryptionMethod = "aesCbc256"
requireEncryptionForWriteAccess = $true
blockCrossOrganizationWriteAccess = $true
}
}

Update-MgDeviceManagementDeviceConfiguration -DeviceConfigurationId $deviceConfigurationId -BodyParameter $params

Подробнее о том, как добавить SDK в свой проект и создать экземпляр authProvider, см. в документации по SDK.

Python

from msgraph import GraphServiceClient
from msgraph.generated.models.windows10_endpoint_protection_configuration import Windows10EndpointProtectionConfiguration
from msgraph.generated.models.windows_firewall_network_profile import WindowsFirewallNetworkProfile
from msgraph.generated.models.bit_locker_removable_drive_policy import BitLockerRemovableDrivePolicy

graph_client = GraphServiceClient(credentials, scopes)

request_body = Windows10EndpointProtectionConfiguration(
	odata_type = "#microsoft.graph.windows10EndpointProtectionConfiguration",
	description = "Description value",
	display_name = "Display Name value",
	version = 7,
	firewall_block_stateful_f_t_p = True,
	firewall_idle_timeout_for_security_association_in_seconds = 2,
	firewall_pre_shared_key_encoding_method = FirewallPreSharedKeyEncodingMethodType.None,
	firewall_i_p_sec_exemptions_allow_neighbor_discovery = True,
	firewall_i_p_sec_exemptions_allow_i_c_m_p = True,
	firewall_i_p_sec_exemptions_allow_router_discovery = True,
	firewall_i_p_sec_exemptions_allow_d_h_c_p = True,
	firewall_certificate_revocation_list_check_method = FirewallCertificateRevocationListCheckMethodType.None,
	firewall_merge_keying_module_settings = True,
	firewall_packet_queueing_method = FirewallPacketQueueingMethodType.Disabled,
	firewall_profile_domain = WindowsFirewallNetworkProfile(
		odata_type = "microsoft.graph.windowsFirewallNetworkProfile",
		firewall_enabled = StateManagementSetting.Blocked,
		stealth_mode_blocked = True,
		incoming_traffic_blocked = True,
		unicast_responses_to_multicast_broadcasts_blocked = True,
		inbound_notifications_blocked = True,
		authorized_application_rules_from_group_policy_merged = True,
		global_port_rules_from_group_policy_merged = True,
		connection_security_rules_from_group_policy_merged = True,
		outbound_connections_blocked = True,
		inbound_connections_blocked = True,
		secured_packet_exemption_allowed = True,
		policy_rules_from_group_policy_merged = True,
	),
	firewall_profile_public = WindowsFirewallNetworkProfile(
		odata_type = "microsoft.graph.windowsFirewallNetworkProfile",
		firewall_enabled = StateManagementSetting.Blocked,
		stealth_mode_blocked = True,
		incoming_traffic_blocked = True,
		unicast_responses_to_multicast_broadcasts_blocked = True,
		inbound_notifications_blocked = True,
		authorized_application_rules_from_group_policy_merged = True,
		global_port_rules_from_group_policy_merged = True,
		connection_security_rules_from_group_policy_merged = True,
		outbound_connections_blocked = True,
		inbound_connections_blocked = True,
		secured_packet_exemption_allowed = True,
		policy_rules_from_group_policy_merged = True,
	),
	firewall_profile_private = WindowsFirewallNetworkProfile(
		odata_type = "microsoft.graph.windowsFirewallNetworkProfile",
		firewall_enabled = StateManagementSetting.Blocked,
		stealth_mode_blocked = True,
		incoming_traffic_blocked = True,
		unicast_responses_to_multicast_broadcasts_blocked = True,
		inbound_notifications_blocked = True,
		authorized_application_rules_from_group_policy_merged = True,
		global_port_rules_from_group_policy_merged = True,
		connection_security_rules_from_group_policy_merged = True,
		outbound_connections_blocked = True,
		inbound_connections_blocked = True,
		secured_packet_exemption_allowed = True,
		policy_rules_from_group_policy_merged = True,
	),
	defender_attack_surface_reduction_excluded_paths = [
		"Defender Attack Surface Reduction Excluded Paths value",
	],
	defender_guarded_folders_allowed_app_paths = [
		"Defender Guarded Folders Allowed App Paths value",
	],
	defender_additional_guarded_folders = [
		"Defender Additional Guarded Folders value",
	],
	defender_exploit_protection_xml = base64.urlsafe_b64decode("ZGVmZW5kZXJFeHBsb2l0UHJvdGVjdGlvblhtbA=="),
	defender_exploit_protection_xml_file_name = "Defender Exploit Protection Xml File Name value",
	defender_security_center_block_exploit_protection_override = True,
	app_locker_application_control = AppLockerApplicationControlType.EnforceComponentsAndStoreApps,
	smart_screen_enable_in_shell = True,
	smart_screen_block_override_for_files = True,
	application_guard_enabled = True,
	application_guard_block_file_transfer = ApplicationGuardBlockFileTransferType.BlockImageAndTextFile,
	application_guard_block_non_enterprise_content = True,
	application_guard_allow_persistence = True,
	application_guard_force_auditing = True,
	application_guard_block_clipboard_sharing = ApplicationGuardBlockClipboardSharingType.BlockBoth,
	application_guard_allow_print_to_p_d_f = True,
	application_guard_allow_print_to_x_p_s = True,
	application_guard_allow_print_to_local_printers = True,
	application_guard_allow_print_to_network_printers = True,
	bit_locker_disable_warning_for_other_disk_encryption = True,
	bit_locker_enable_storage_card_encryption_on_mobile = True,
	bit_locker_encrypt_device = True,
	bit_locker_removable_drive_policy = BitLockerRemovableDrivePolicy(
		odata_type = "microsoft.graph.bitLockerRemovableDrivePolicy",
		encryption_method = BitLockerEncryptionMethod.AesCbc256,
		require_encryption_for_write_access = True,
		block_cross_organization_write_access = True,
	),
)

result = await graph_client.device_management.device_configurations.by_device_configuration_id('deviceConfiguration-id').patch(request_body)

Подробнее о том, как добавить SDK в свой проект и создать экземпляр authProvider, см. в документации по SDK.

Отклик

Ниже приведен пример отклика. Примечание. Представленный здесь объект отклика может быть усечен для краткости. При фактическом вызове будут возвращены все свойства.

HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 4417

{
  "@odata.type": "#microsoft.graph.windows10EndpointProtectionConfiguration",
  "id": "09709403-9403-0970-0394-700903947009",
  "lastModifiedDateTime": "2017-01-01T00:00:35.1329464-08:00",
  "createdDateTime": "2017-01-01T00:02:43.5775965-08:00",
  "description": "Description value",
  "displayName": "Display Name value",
  "version": 7,
  "firewallBlockStatefulFTP": true,
  "firewallIdleTimeoutForSecurityAssociationInSeconds": 2,
  "firewallPreSharedKeyEncodingMethod": "none",
  "firewallIPSecExemptionsAllowNeighborDiscovery": true,
  "firewallIPSecExemptionsAllowICMP": true,
  "firewallIPSecExemptionsAllowRouterDiscovery": true,
  "firewallIPSecExemptionsAllowDHCP": true,
  "firewallCertificateRevocationListCheckMethod": "none",
  "firewallMergeKeyingModuleSettings": true,
  "firewallPacketQueueingMethod": "disabled",
  "firewallProfileDomain": {
    "@odata.type": "microsoft.graph.windowsFirewallNetworkProfile",
    "firewallEnabled": "blocked",
    "stealthModeBlocked": true,
    "incomingTrafficBlocked": true,
    "unicastResponsesToMulticastBroadcastsBlocked": true,
    "inboundNotificationsBlocked": true,
    "authorizedApplicationRulesFromGroupPolicyMerged": true,
    "globalPortRulesFromGroupPolicyMerged": true,
    "connectionSecurityRulesFromGroupPolicyMerged": true,
    "outboundConnectionsBlocked": true,
    "inboundConnectionsBlocked": true,
    "securedPacketExemptionAllowed": true,
    "policyRulesFromGroupPolicyMerged": true
  },
  "firewallProfilePublic": {
    "@odata.type": "microsoft.graph.windowsFirewallNetworkProfile",
    "firewallEnabled": "blocked",
    "stealthModeBlocked": true,
    "incomingTrafficBlocked": true,
    "unicastResponsesToMulticastBroadcastsBlocked": true,
    "inboundNotificationsBlocked": true,
    "authorizedApplicationRulesFromGroupPolicyMerged": true,
    "globalPortRulesFromGroupPolicyMerged": true,
    "connectionSecurityRulesFromGroupPolicyMerged": true,
    "outboundConnectionsBlocked": true,
    "inboundConnectionsBlocked": true,
    "securedPacketExemptionAllowed": true,
    "policyRulesFromGroupPolicyMerged": true
  },
  "firewallProfilePrivate": {
    "@odata.type": "microsoft.graph.windowsFirewallNetworkProfile",
    "firewallEnabled": "blocked",
    "stealthModeBlocked": true,
    "incomingTrafficBlocked": true,
    "unicastResponsesToMulticastBroadcastsBlocked": true,
    "inboundNotificationsBlocked": true,
    "authorizedApplicationRulesFromGroupPolicyMerged": true,
    "globalPortRulesFromGroupPolicyMerged": true,
    "connectionSecurityRulesFromGroupPolicyMerged": true,
    "outboundConnectionsBlocked": true,
    "inboundConnectionsBlocked": true,
    "securedPacketExemptionAllowed": true,
    "policyRulesFromGroupPolicyMerged": true
  },
  "defenderAttackSurfaceReductionExcludedPaths": [
    "Defender Attack Surface Reduction Excluded Paths value"
  ],
  "defenderGuardedFoldersAllowedAppPaths": [
    "Defender Guarded Folders Allowed App Paths value"
  ],
  "defenderAdditionalGuardedFolders": [
    "Defender Additional Guarded Folders value"
  ],
  "defenderExploitProtectionXml": "ZGVmZW5kZXJFeHBsb2l0UHJvdGVjdGlvblhtbA==",
  "defenderExploitProtectionXmlFileName": "Defender Exploit Protection Xml File Name value",
  "defenderSecurityCenterBlockExploitProtectionOverride": true,
  "appLockerApplicationControl": "enforceComponentsAndStoreApps",
  "smartScreenEnableInShell": true,
  "smartScreenBlockOverrideForFiles": true,
  "applicationGuardEnabled": true,
  "applicationGuardBlockFileTransfer": "blockImageAndTextFile",
  "applicationGuardBlockNonEnterpriseContent": true,
  "applicationGuardAllowPersistence": true,
  "applicationGuardForceAuditing": true,
  "applicationGuardBlockClipboardSharing": "blockBoth",
  "applicationGuardAllowPrintToPDF": true,
  "applicationGuardAllowPrintToXPS": true,
  "applicationGuardAllowPrintToLocalPrinters": true,
  "applicationGuardAllowPrintToNetworkPrinters": true,
  "bitLockerDisableWarningForOtherDiskEncryption": true,
  "bitLockerEnableStorageCardEncryptionOnMobile": true,
  "bitLockerEncryptDevice": true,
  "bitLockerRemovableDrivePolicy": {
    "@odata.type": "microsoft.graph.bitLockerRemovableDrivePolicy",
    "encryptionMethod": "aesCbc256",
    "requireEncryptionForWriteAccess": true,
    "blockCrossOrganizationWriteAccess": true
  }
}