图 API 设备管理配置合规性策略搜索
Graph API Device Management Configuration Compliance Policy Search
我们有多个客户制定了安全软件合规政策。我的目标是研究这些政策,并淘汰不合规的设备。然后从那里查看机器并提取缺少的软件。我在这个过程中使用图表 api。这是我正在使用的图表:
GET https://graph.microsoft.com/beta/deviceManagement/deviceCompliancePolicies('$PolicyID')/deviceStatuses
以下是应用程序的权限:
我们不需要委托,也不需要写,因为我们不写。我已经对两者进行了测试,但都没有用。这是我发现的错误消息:
我觉得是图的权限。大家怎么看?
编辑:上面的代码在图形资源管理器中运行。但是,它在 powershell 中不起作用。授予相同的权限。正在执行相同的命令。我不确定为什么它在图形中有效但在 pwsh 中无效。
编辑:
下面是我正在使用的代码。
$TenantID = "<Code>"
$AppID = "<Code>"
$AppKey = "<Code>"
$PolicyID = "<Code>"
$redirect_url = "https://localhost"
$authority = "https://login.microsoftonline.com/$TenantID"
$tokenUrl = "$authority/oauth2/token"
$Body = @{
client_id = "$AppID"
client_secret = "$AppKey"
redirect_url = "$redirect_url"
grant_type = "client_credentials"
scope = "https://graph.microsoft.com/"
}
$response = Invoke-RestMethod -Uri $tokenUrl -Body $body -Method Post
$Access_Token = $response.access_token
#Creates the header
$Header = @{
Authorization = "Bearer $Access_Token"
}
$PolicyURL = "https://graph.microsoft.com/beta/deviceManagement/deviceCompliancePolicies('$PolicyID')/deviceStatuses"
$PageInfo = Invoke-RestMethod -Headers $header -Uri $PolicyURL -Method Get
你是对的,这看起来像是权限问题。
输入您的访问令牌 jwt.ms 并查看是否存在以下权限。
从这个post:
OAUTH 2.0 requires multiple steps. The first request returns an OAUTH Code. The next step is converting that OAUTH code into a Bearer Token. This is the step you are missing here.
您是否正在发送 Bearer Token 以对端点进行身份验证?
这确实是一个 oauth 2.0 问题。
下面是代码:
$Token = "https://login.microsoftonline.com/$($TenantID)/oauth2/v2.0/token"
$Body = @{
client_id = "$AppID"
client_secret = "$AppKey"
redirect_url = "https://localhost"
grant_type = "client_credentials"
scope = "https://graph.microsoft.com/.default"
}
$request = Invoke-RestMethod -Uri $token -Body $Body -Method Post
$Access_Token = $request.access_token
$Header = @{
Authorization = "Bearer $($Access_Token)"
}
$GraphURL = "https://graph.microsoft.com/beta/deviceManagement/deviceCompliancePolicies('$PolicyID')/deviceStatuses"
$PageInfo = Invoke-RestMethod -Headers $header -Uri $GraphURL -Method Get
我们有多个客户制定了安全软件合规政策。我的目标是研究这些政策,并淘汰不合规的设备。然后从那里查看机器并提取缺少的软件。我在这个过程中使用图表 api。这是我正在使用的图表:
GET https://graph.microsoft.com/beta/deviceManagement/deviceCompliancePolicies('$PolicyID')/deviceStatuses
以下是应用程序的权限:
我们不需要委托,也不需要写,因为我们不写。我已经对两者进行了测试,但都没有用。这是我发现的错误消息:
我觉得是图的权限。大家怎么看?
编辑:上面的代码在图形资源管理器中运行。但是,它在 powershell 中不起作用。授予相同的权限。正在执行相同的命令。我不确定为什么它在图形中有效但在 pwsh 中无效。
编辑: 下面是我正在使用的代码。
$TenantID = "<Code>"
$AppID = "<Code>"
$AppKey = "<Code>"
$PolicyID = "<Code>"
$redirect_url = "https://localhost"
$authority = "https://login.microsoftonline.com/$TenantID"
$tokenUrl = "$authority/oauth2/token"
$Body = @{
client_id = "$AppID"
client_secret = "$AppKey"
redirect_url = "$redirect_url"
grant_type = "client_credentials"
scope = "https://graph.microsoft.com/"
}
$response = Invoke-RestMethod -Uri $tokenUrl -Body $body -Method Post
$Access_Token = $response.access_token
#Creates the header
$Header = @{
Authorization = "Bearer $Access_Token"
}
$PolicyURL = "https://graph.microsoft.com/beta/deviceManagement/deviceCompliancePolicies('$PolicyID')/deviceStatuses"
$PageInfo = Invoke-RestMethod -Headers $header -Uri $PolicyURL -Method Get
你是对的,这看起来像是权限问题。 输入您的访问令牌 jwt.ms 并查看是否存在以下权限。
从这个post:
OAUTH 2.0 requires multiple steps. The first request returns an OAUTH Code. The next step is converting that OAUTH code into a Bearer Token. This is the step you are missing here.
您是否正在发送 Bearer Token 以对端点进行身份验证?
这确实是一个 oauth 2.0 问题。
下面是代码:
$Token = "https://login.microsoftonline.com/$($TenantID)/oauth2/v2.0/token"
$Body = @{
client_id = "$AppID"
client_secret = "$AppKey"
redirect_url = "https://localhost"
grant_type = "client_credentials"
scope = "https://graph.microsoft.com/.default"
}
$request = Invoke-RestMethod -Uri $token -Body $Body -Method Post
$Access_Token = $request.access_token
$Header = @{
Authorization = "Bearer $($Access_Token)"
}
$GraphURL = "https://graph.microsoft.com/beta/deviceManagement/deviceCompliancePolicies('$PolicyID')/deviceStatuses"
$PageInfo = Invoke-RestMethod -Headers $header -Uri $GraphURL -Method Get