Reputation: 1
updateTargetedSecurityGroups not working in Intune Graph APIs
I am trying to assign user groups to Managed App Policies in InTune App Protection. I tried below APIs to do it, but none of it works : POST /managedAppPolicies/ - Added targetedsecuritygroups while creating managed Policy (tried for both iOS and Android) - Returns 200 but targetedsecuritygroups were not added.
Sample Create Managed App Policy Request:
POST /managedAppPolicies/
Request Body :
{
"@odata.context": "https://graph.microsoft.com/beta/$metadata#managedAppPolicies/$entity",
"@odata.type": "#microsoft.graph.iosManagedAppProtection",
"displayName": "Test IOS Policy",
"description": "test",
"periodOfflineBeforeAccessCheck": "PT12H",
"periodOnlineBeforeAccessCheck": "PT30M",
"allowedInboundDataTransferSources": "allApps",
"allowedOutboundDataTransferDestinations": "allApps",
"organizationalCredentialsRequired": false,
"allowedOutboundClipboardSharingLevel": "allApps",
"dataBackupBlocked": true,
"deviceComplianceRequired": true,
"managedBrowserToOpenLinksRequired": false,
"saveAsBlocked": false,
"periodOfflineBeforeWipeIsEnforced": "P90D",
"pinRequired": true,
"maximumPinRetries": 5,
"simplePinBlocked": false,
"minimumPinLength": 4,
"pinCharacterSet": "any",
"allowedDataStorageLocations": [
"oneDriveForBusiness",
"sharePoint"
],
"contactSyncBlocked": false,
"printBlocked": false,
"fingerprintBlocked": false,
"targetedSecurityGroupIds": [ "valid directory group id 1",
"valid directory group id 2" ],
"appDataEncryptionType": "whenDeviceLocked"
}
Response : 200 OK
PATCH /managedAppPolicies/{managedAppPoliciesId} - Added targetedsecuritygroups while updating managed Policy (tried for both iOS and Android) - Returns 204 but targetedsecuritygroups are not updated.
Sample request for updating managed app policy:
PATCH /managedAppPolicies/{managedAppPoliciesId}
Request Body :
{
"@odata.context": "https://graph.microsoft.com/beta/$metadata#managedAppPolicies/$entity",
"@odata.type": "#microsoft.graph.iosManagedAppProtection",
"displayName": "Test IOS Policy",
"description": "test",
"deployedAppCount": 5,
"id": "valid id",
"periodOfflineBeforeAccessCheck": "PT12H",
"periodOnlineBeforeAccessCheck": "PT30M",
"allowedInboundDataTransferSources": "allApps",
"allowedOutboundDataTransferDestinations": "allApps",
"organizationalCredentialsRequired": false,
"allowedOutboundClipboardSharingLevel": "allApps",
"dataBackupBlocked": true,
"deviceComplianceRequired": true,
"managedBrowserToOpenLinksRequired": false,
"saveAsBlocked": false,
"periodOfflineBeforeWipeIsEnforced": "P90D",
"pinRequired": true,
"maximumPinRetries": 5,
"simplePinBlocked": false,
"minimumPinLength": 4,
"pinCharacterSet": "any",
"allowedDataStorageLocations": [
"oneDriveForBusiness",
"sharePoint"
],
"contactSyncBlocked": false,
"printBlocked": false,
"fingerprintBlocked": false,
"targetedSecurityCount" : 1,
"targetedSecurityGroupIds": ["valid user group id"],
"appDataEncryptionType": "whenDeviceLocked"
}
Response : 204
POST /managedAppPolicies/{managedAppPoliciesId}/updateTargetedSecurityGroups - This API fails with 500 Documentation : https://graph.microsoft.io/en-us/docs/api-reference/beta/api/intune_mam_targetedmanagedappprotection_updatetargetedsecuritygroups
Sample Request:
POST /managedAppPolicies/{managedAppPoliciesId}/updateTargetedSecurityGroups
Request Body:
{
"targetedSecurityGroups": [
{
"@odata.type": "#microsoft.graph.directoryObject",
"id": "valid user group id"
}
]
}
Response : 400
Response Body:
{
"error": {
"code": "BadRequest",
"message": "Resource not found for the segment 'updateTargetedSecurityGroups'.",
"innerError": {
"request-id": "XXX....",
"date": "2017-02-20T23:35:48"
}
}
}
Upvotes: 0
Views: 131
Answers (1)
Reputation: 71
Could you try with type qualifier like so:
POST ~/managedAppPolicies/managedAppPoliciesId}/microsoft.graph.targetedManagedAppProtection/updateTargetedSecurityGroups
{
"targetedSecurityGroups": [
{"id":"https://graph.microsoft.com/beta/directoryObjects/{groupGuidId}"},
{"id":"https://graph.microsoft.com/beta/directoryObjects/{groupGuidId}"}]
}
Upvotes: 1
Related Questions
- Assigning Intune scope tags to Azure Azure AD group
- Microsoft Graph API - Update Existing Group
- Assign a group to a Intune Endpoint security policy
- Unable to modify existing properties of groups from Graph API
- Update sensitivity label to M365 Group with Graph API and PowerShell throws 401 error
- Unable to update to mail enabled security group by Microsoft Graph API
- Graph API - Microsoft Groups - Unable to enable these two properties during creation or update/patch
- Getting code=OrganizationFromTenantGuidNotFound while updating group using Microsoft Graph
- Add a security group to a security group fails with Request_BadRequest
- Intune App Protection - User group can be assigned multiple policies