CloudPC.Read.All
Allows the app to read the properties of Cloud PCs on behalf of the signed-in user.
Merill's Note
For an app to access data in Microsoft Graph, the user or administrator must grant it the permissions it needs. This article lists all the Microsoft Graph APIs and your tenant data that can be accessed by the application (vendor/developer) if you consent to the
CloudPC.Read.All
permission.If you need to create an audit report of the permissions granted to all the apps in your tenant, you can run the
Export-MsIdAppConsentGrantReport
command. See How To: Run a quick OAuth app audit of your tenant
Category | Application | Delegated |
---|---|---|
Identifier | a9e09520-8ed4-4cde-838e-4fdea192c227 | 5252ec4e-fd40-4d92-8c68-89dd1d3c6110 |
DisplayText | Read Cloud PCs | Read Cloud PCs |
Description | Allows the app to read the properties of Cloud PCs, without a signed-in user. | Allows the app to read the properties of Cloud PCs on behalf of the signed-in user. |
AdminConsentRequired | Yes | No |
Graph Methods
→ API supports delegated access (access on behalf of a user)
→ API supports app-only access (access without a user)
Methods | |
---|---|
→ API supports delegated access (access on behalf of a user)
→ API supports app-only access (access without a user)
Methods | |
---|---|
→ Command supports delegated access (access on behalf of a user)
→ Command supports app-only access (access without a user)
Commands | |
---|---|
→ Command supports delegated access (access on behalf of a user)
→ Command supports app-only access (access without a user)
Commands | |
---|---|
Resources
Granting this permission allows the calling application to access (and/or update) the following information in your tenant.
- cloudPC
- cloudPcAuditEvent
- cloudPcBulkAction
- cloudPcConnectivityEvent
- cloudPcCrossCloudGovernmentOrganizationMapping
- cloudPcDeviceImage
- cloudPcExportJob
- cloudPcExternalPartnerSetting
- cloudPcForensicStorageAccount
- cloudPcFrontLineServicePlan
- cloudPcGalleryImage
- cloudPcLaunchInfo
- cloudPcOnPremisesConnection
- cloudPcOrganizationSettings
- cloudPcProvisioningPolicy
- cloudPcRemoteActionCapability
- cloudPcReviewStatus
- cloudPcScopedPermission
- cloudPcServicePlan
- cloudPcSnapshot
- cloudPcSourceDeviceImage
- cloudPcSubscription
- cloudPcSupportedRegion
- cloudPcTenantEncryptionSetting
- cloudPcUserSetting
- alertRecord
- alertRule
- portalNotification
- cloudPcConnection
- cloudPcDevice
- cloudPcOverview
- unifiedRoleAssignment
- unifiedRoleAssignmentMultiple
- unifiedRoleDefinition
Graph reference: cloudPC
Property | Type | Description |
---|---|---|
aadDeviceId | String | The Microsoft Entra device ID for the Cloud PC, also known as the Azure Active Directory (Azure AD) device ID, that consists of 32 characters in a GUID format. Generated on a VM joined to Microsoft Entra ID. Read-only. |
displayName | String | The display name for the Cloud PC. Maximum length is 64 characters. Read-only. You can use the cloudPC: rename API to modify the Cloud PC name. |
gracePeriodEndDateTime | DateTimeOffset | The date and time when the grace period ends and reprovisioning or deprovisioning happen. Required only if the status is inGracePeriod . The timestamp is shown in ISO 8601 format and Coordinated Universal Time (UTC). For example, midnight UTC on Jan 1, 2014 is 2014-01-01T00:00:00Z . |
id | String | The unique identifier of the customer-facing Cloud PC entity that consists of 32 characters in a GUID format. Read-only. Inherited from entity. |
imageDisplayName | String | The name of the operating system image used for the Cloud PC. Maximum length is 50 characters. Only letters (A-Z, a-z), numbers (0-9), and special characters (-,_,.) are allowed for this property. The property value can't begin or end with an underscore. Read-only. |
lastModifiedDateTime | DateTimeOffset | The last modified date and time of the Cloud PC. The timestamp type represents date and time information using ISO 8601 format and is always in UTC. For example, midnight UTC on Jan 1, 2014 is 2014-01-01T00:00:00Z . |
managedDeviceId | String | The Intune enrolled device ID for the Cloud PC that consists of 32 characters in a GUID format. The managedDeviceId property of Windows 365 Business Cloud PCs is always null as Windows 365 Business Cloud PCs aren't Intune-enrolled automatically by Windows 365. Read-only. |
managedDeviceName | String | The Intune enrolled device name for the Cloud PC. The managedDeviceName property of Windows 365 Business Cloud PCs is always null as Windows 365 Business Cloud PCs aren't Intune-enrolled automatically by Windows 365. Read-only. |
onPremisesConnectionName | String | The on-premises connection that applied during the provisioning of Cloud PCs. Read-only. |
provisioningPolicyId | String | The provisioning policy ID for the Cloud PC that consists of 32 characters in a GUID format. A policy defines the type of Cloud PC the user wants to create. Read-only. |
provisioningPolicyName | String | The provisioning policy that applied during the provisioning of Cloud PCs. Maximum length is 120 characters. Read-only. |
provisioningType | cloudPcProvisioningType | The type of licenses to be used when provisioning Cloud PCs using this policy. Possible values are: dedicated , shared , unknownFutureValue . The default value is dedicated . |
servicePlanId | String | The service plan ID for the Cloud PC that consists of 32 characters in a GUID format. For more information about service plans, see Product names and service plan identifiers for licensing. Read-only. |
servicePlanName | String | The service plan name for the customer-facing Cloud PC entity. Read-only. |
userPrincipalName | String | The user principal name (UPN) of the user assigned to the Cloud PC. Maximum length is 113 characters. For more information on username policies, see Password policies and account restrictions in Microsoft Entra ID. Read-only. |
Graph reference: cloudPcAuditEvent
Property | Type | Description |
---|---|---|
activity | String | The friendly name of the audit activity. |
activityDateTime | DateTimeOffset | The date time in UTC when the activity was performed. Read-only. |
activityOperationType | cloudPcAuditActivityOperationType | The HTTP operation type of the activity. Possible values include create , delete , patch and unknownFutureValue . Read-only. |
activityResult | cloudPcAuditActivityResult | The result of the activity. Possible values include success , clientError , failure , timeout and unknownFutureValue . Read-only. |
activityType | String | The type of activity that was performed. Read-only. |
actor | cloudPcAuditActor | Microsoft Entra ID user and application associated with the audit event. Read-only. |
category | cloudPcAuditCategory | The category of the audit event. Possible values include cloudPC and unknownFutureValue . Read-only. |
componentName | String | The component name for the audit event. Read-only. |
correlationId | String | The client request ID that is used to correlate activity within the system. Read-only. |
displayName | String | The display name for the audit event. Read-only. |
id | String | The unique identifier for the audit event. Read-only. |
resources | cloudPcAuditResource collection | The list of cloudPcAuditResource objects. Read-only. |
Graph reference: cloudPcBulkAction
Property | Type | Description |
---|---|---|
actionSummary | cloudPcBulkActionSummary | Run summary of this bulk action. |
cloudPcIDs | String collection | IDs of the Cloud PCs the bulk action applies to. |
createdDateTime | DateTimeOffset | The date and time when the bulk action was created. The timestamp type represents date and time information using ISO 8601 format and is always in UTC. For example, midnight UTC on Jan 1, 2014 is 2014-01-01T00:00:00Z . |
displayName | String | Name of the bulk action. |
id | String | ID of the bulk action. Inherited from entity. |
initiatedByUserPrincipalName | String | Indicates the user principal name (UPN) of the user who initiated this bulk action. Read-only. |
scheduledDuringMaintenanceWindow | Boolean | Indicates whether the bulk action is scheduled according to the maintenance window. When true , the bulk action uses the maintenance window to schedule the action; false means that the bulk action doesn't use the maintenance window. The default value is false . |
status | cloudPcBulkActionStatus | Indicates the status of bulk actions. Possible values are pending , succeeded , failed , unknownFutureValue . The default value is pending . Read-only. |
Graph reference: cloudPcConnectivityEvent
Property | Type | Description |
---|---|---|
eventDateTime | DateTimeOffset | Indicates the date and time when this event was created. The timestamp is shown in ISO 8601 format and Coordinated Universal Time (UTC). For example, midnight UTC on Jan 1, 2014 appears as 2014-01-01T00:00:00Z . |
eventName | string | Name of the event. |
eventResult | cloudPcConnectivityEventResult | Result of this event. Possible values are: unknown , success , failure , and unknownFutureValue . |
eventType | cloudPcConnectivityEventType | Type of this event. Possible values are: unknown , userConnection , userTroubleshooting , deviceHealthCheck , and unknownFutureValue . |
message | string | Additional message for this event. |
Graph reference: cloudPcCrossCloudGovernmentOrganizationMapping
Property | Type | Description |
---|---|---|
id | String | The tenant ID of the GCC tenant in public cloud. |
organizationIdsInUSGovCloud | String collection | The tenant ID in the Azure Government cloud corresponding to the GCC tenant in the public cloud. Currently, 1:1 mappings are supported, so this collection can only contain one tenant ID. |
Graph reference: cloudPcDeviceImage
Property | Type | Description |
---|---|---|
displayName | String | The display name of the associated device image. The device image display name and the version are used to uniquely identify the Cloud PC device image. Read-only. |
errorCode | cloudPcDeviceImageErrorCode | The error code of the status of the image that indicates why the upload failed, if applicable. Possible values are: internalServerError , sourceImageNotFound , osVersionNotSupported , sourceImageInvalid , sourceImageNotGeneralized , unknownFutureValue , vmAlreadyAzureAdJoined , paidSourceImageNotSupport , sourceImageNotSupportCustomizeVMName , sourceImageSizeExceedsLimitation . Note that you must use the Prefer: include-unknown-enum-members request header to get the following values from this evolvable enum: vmAlreadyAzureAdJoined , paidSourceImageNotSupport , sourceImageNotSupportCustomizeVMName , sourceImageSizeExceedsLimitation . Read-only. |
expirationDate | Date | The date when the image became unavailable. Read-only. |
id | String | The unique identifier (ID) of the image resource on the Cloud PC. Read-only. Inherited from entity. |
lastModifiedDateTime | DateTimeOffset | The data and time when the image was last modified. The timestamp represents date and time information using ISO 8601 format and is always in UTC. For example, midnight UTC on Jan 1, 2014 is 2014-01-01T00:00:00Z . Read-only. |
operatingSystem | String | The operating system (OS) of the image. For example, Windows 10 Enterprise . Read-only. |
osBuildNumber | String | The OS build version of the image. For example, 1909 . Read-only. |
osStatus | cloudPcDeviceImageOsStatus | The OS status of this image. Possible values are: supported , supportedWithWarning , unknown , unknownFutureValue . The default value is unknown . Read-only. |
sourceImageResourceId | String | The unique identifier (ID) of the source image resource on Azure. The required ID format is: "/subscriptions/{subscription-id}/resourceGroups/{resourceGroupName}/providers/Microsoft.Compute/images/{imageName}". Read-only. |
status | cloudPcDeviceImageStatus | The status of the image on the Cloud PC. Possible values are: pending , ready , failed , unknownFutureValue . Read-only. |
version | String | The image version. For example, 0.0.1 and 1.5.13 . Read-only. |
Graph reference: cloudPcExportJob
Property | Type | Description |
---|---|---|
expirationDateTime | DateTimeOffset | The date and time when the export job expires. |
exportJobStatus | cloudPcExportJobStatus | The status of the export job. The possible values are: notStarted , inProgress , completed , unknownFutureValue . Read-only. |
exportUrl | String | The storage account URL of the exported report. It can be used to download the file. |
filter | String | The filter applied on the report. |
format | String | The format of the exported report. |
id | String | The unique identifier for the report. Read-only. |
reportName | cloudPcReportName | The report name. The possible values are: remoteConnectionHistoricalReports , dailyAggregatedRemoteConnectionReports , totalAggregatedRemoteConnectionReports , sharedUseLicenseUsageReport , sharedUseLicenseUsageRealTimeReport , unknownFutureValue , noLicenseAvailableConnectivityFailureReport , frontlineLicenseUsageReport , frontlineLicenseUsageRealTimeReport , remoteConnectionQualityReports , inaccessibleCloudPcReports , actionStatusReport , rawRemoteConnectionReports , cloudPcUsageCategoryReports , crossRegionDisasterRecoveryReport , regionalConnectionQualityTrendReport , regionalConnectionQualityInsightsReport , remoteConnectionQualityReport , bulkActionStatusReport . You must use the Prefer: include-unknown-enum-members request header to get the following values in this evolvable enum: noLicenseAvailableConnectivityFailureReport , frontlineLicenseUsageReport , frontlineLicenseUsageRealTimeReport , remoteConnectionQualityReports , inaccessibleCloudPcReports , rawRemoteConnectionReports , cloudPcUsageCategoryReports , crossRegionDisasterRecoveryReport . |
requestDateTime | DateTimeOffset | The date and time when the export job was requested. |
select | String collection | The selected columns of the report. |
Graph reference: cloudPcExternalPartnerSetting
Property | Type | Description |
---|---|---|
enableConnection | Boolean | Enable or disable the connection to an external partner. If true , an external partner API will accept incoming calls from external partners. Required. Supports $filter (eq ). |
id | String | The unique identifier for the Cloud PC external partner setting. Read-only. |
lastSyncDateTime | DateTimeOffset | Last data sync time for this external partner. The Timestamp type represents the date and time information using ISO 8601 format and is always in UTC time. For example, midnight UTC on Jan 1, 2014 looks like this: '2014-01-01T00:00:00Z'. |
partnerId | String | The external partner ID. |
status | cloudPcExternalPartnerStatus | The status of the connection to the external partner. The possible values are: notAvailable , available , healthy , unhealthy , unknownFutureValue . |
statusDetails | String | Status details message. |
Graph reference: cloudPcForensicStorageAccount
Property | Type | Description |
---|---|---|
storageAccountId | String | The ID of the storage account. |
storageAccountName | String | The name of the storage account. |
Graph reference: cloudPcFrontLineServicePlan
Property | Type | Description |
---|---|---|
displayName | String | The display name of the front-line service plan. For example, 2vCPU/8GB/128GB Front-line or 4vCPU/16GB/256GB Front-line . |
id | String | The unique identifier (ID) of the front-line service plan. |
totalCount | Int32 | The total number of front-line service plans purchased by the customer. |
usedCount | Int32 | The number of service plans that have been used for the account. |
Graph reference: cloudPcGalleryImage
Property | Type | Description |
---|---|---|
displayName | String | The display name of this gallery image. For example, Windows 11 Enterprise + Microsoft 365 Apps 22H2 . Read-only. |
endDate | Date | The date when the status of the image becomes supportedWithWarning . Users can still provision new Cloud PCs if the current time is later than endDate and earlier than expirationDate. For example, assume the endDate of a gallery image is 2023-9-14 and expirationDate is 2024-3-14 , users are able to provision new Cloud PCs if today is 2023-10-01. Read-only. |
expirationDate | Date | The date when the image is no longer available. Users are unable to provision new Cloud PCs if the current time is later than expirationDate. The value is usually endDate plus six months. For example, if the startDate is 2025-10-14 , the expirationDate is usually 2026-04-14 . Read-only. |
id | String | The unique identifier (ID) of the gallery image resource on Cloud PC. The ID format is {publisherName_offerName_skuName}. For example, MicrosoftWindowsDesktop_windows-ent-cpc_win11-22h2-ent-cpc-m365 . You can find the publisherName, offerName, and skuName in the Azure Marketplace. Inherited from entity. Read-only. |
offerName | String | The offer name of this gallery image that is passed to Azure Resource Manager (ARM) to retrieve the image resource. Read-only. |
publisherName | String | The publisher name of this gallery image that is passed to Azure Resource Manager (ARM) to retrieve the image resource. Read-only. |
sizeInGB | Int32 | Indicates the size of this image in gigabytes. For example, 64 . Read-only. |
skuName | String | The SKU name of this image that is passed to Azure Resource Manager (ARM) to retrieve the image resource. Read-only. |
startDate | Date | The date when the Cloud PC image is available for provisioning new Cloud PCs. For example, 2022-09-20 . Read-only. |
status | cloudPcGalleryImageStatus | The status of the gallery image on the Cloud PC. Possible values are: supported , supportedWithWarning , notSupported , unknownFutureValue . The default value is supported . Read-only. |
Graph reference: cloudPcLaunchInfo
Property | Type | Description |
---|---|---|
cloudPcId | String | The unique identifier of the Cloud PC. |
cloudPcLaunchUrl | String | The connect URL of the Cloud PC. |
windows365SwitchCompatible | Boolean | Indicates whether the Cloud PC supports switch functionality. If the value is true , it supports switch functionality; otherwise, false . |
windows365SwitchNotCompatibleReason | String | Indicates the reason the Cloud PC doesn't support switch. CPCOsVersionNotMeetRequirement indicates that the user needs to update their Cloud PC operation system version. CPCHardwareNotMeetRequirement indicates that the Cloud PC needs more CPU or RAM to support the functionality. |
Graph reference: cloudPcOnPremisesConnection
Property | Type | Description |
---|---|---|
adDomainName | String | The fully qualified domain name (FQDN) of the Active Directory domain you want to join. Maximum length is 255. Optional. |
adDomainPassword | String | The password associated with the username of an Active Directory account (adDomainUsername). |
adDomainUsername | String | The username of an Active Directory account (user or service account) that has permission to create computer objects in Active Directory. Required format: [email protected] . Optional. |
alternateResourceUrl | String | The interface URL of the partner service's resource that links to this Azure network connection. Returned only on $select . |
connectionType | cloudPcOnPremisesConnectionType | Specifies how the provisioned Cloud PC joins to Microsoft Entra. It includes different types, one is Microsoft Entra ID join, which means there's no on-premises Active Directory (AD) in the current tenant, and the Cloud PC device is joined by Microsoft Entra. Another one is hybridAzureADJoin, which means there's also an on-premises Active Directory (AD) in the current tenant and the Cloud PC device joins to on-premises Active Directory (AD) and Microsoft Entra. The type also determines which types of users can be assigned and can sign into a Cloud PC. The azureADJoin type indicates that cloud-only and hybrid users can be assigned and signed into the Cloud PC. hybridAzureADJoin indicates only hybrid users can be assigned and signed into the Cloud PC. The default value is hybridAzureADJoin . |
displayName | String | The display name for the Azure network connection. |
healthCheckStatus | cloudPcOnPremisesConnectionStatus | The status of the most recent health check done on the on-premises connection. For example, if the status is passed , the on-premises connection passed all checks run by the service. Possible values: pending , running , passed , failed , warning , informational . Default is pending . Read-only. |
healthCheckStatusDetail | cloudPcOnPremisesConnectionStatusDetail | Indicates the results of health checks performed on the on-premises connection. Read-only. Returned only on $select . For an example that shows how to get the inUse property, see Example 2: Get the selected properties of an Azure network connection, including healthCheckStatusDetail. Read-only. |
id | String | Unique identifier for the Azure network connection. Read-only. |
inUse | Boolean | When true , the Azure network connection is in use. When false , the connection isn't in use. You can't delete a connection that’s in use. Returned only on $select . For an example that shows how to get the inUse property, see Example 2: Get the selected properties of an Azure network connection, including healthCheckStatusDetail. Read-only. |
organizationalUnit | String | The organizational unit (OU) in which the computer account is created. If left null, the OU configured as the default (a well-known computer object container) in the tenant's Active Directory domain (OU) is used. Optional. |
resourceGroupId | String | The unique identifier of the target resource group used associated with the on-premises network connectivity for Cloud PCs. Required format: “/subscriptions/{subscription-id}/resourceGroups/{resourceGroupName}” |
subnetId | String | The unique identifier of the target subnet used associated with the on-premises network connectivity for Cloud PCs. Required format: “/subscriptions/{subscription-id}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/virtualNetworks/{virtualNetworkId}/subnets/{subnetName}” |
subscriptionId | String | The unique identifier of the Azure subscription associated with the tenant. |
subscriptionName | String | The name of the Azure subscription is used to create an Azure network connection. Read-only. |
virtualNetworkId | String | The unique identifier of the target virtual network used associated with the on-premises network connectivity for Cloud PCs. Required format: “/subscriptions/{subscription-id}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/virtualNetworks/{virtualNetworkName}” |
virtualNetworkLocation | String | Indicates the resource location of the target virtual network. For example, the location can be eastus2, westeurope, etc. Read-only (computed value). |
Graph reference: cloudPcOrganizationSettings
Property | Type | Description |
---|---|---|
enableMEMAutoEnroll | Boolean | Specifies whether new Cloud PCs will be automatically enrolled in Microsoft Endpoint Manager (MEM). The default value is false . |
enableSingleSignOn | Boolean | True if the provisioned Cloud PC can be accessed by single sign-on. False indicates that the provisioned Cloud PC doesn't support this feature. Default value is false . Windows 365 users can use single sign-on to authenticate to Microsoft Entra ID with passwordless options (for example, FIDO keys) to access their Cloud PC. Optional. |
id | String | The ID of the organization settings. |
osVersion | cloudPcOperatingSystem | The version of the operating system (OS) to provision on Cloud PCs. The possible values are: windows10 , windows11 , unknownFutureValue . |
userAccountType | cloudPcUserAccountType | The account type of the user on provisioned Cloud PCs. The possible values are: standardUser , administrator , unknownFutureValue . |
windowsSettings | cloudPcWindowsSettings | Represents the Cloud PC organization settings for a tenant. A tenant has only one **c |
Graph reference: cloudPcProvisioningPolicy
Property | Type | Description |
---|---|---|
alternateResourceUrl | String | The URL of the alternate resource that links to this provisioning policy. Read-only. |
cloudPcGroupDisplayName | String | The display name of the Cloud PC group that the Cloud PCs reside in. Read-only. |
cloudPcNamingTemplate | String | The template used to name Cloud PCs provisioned using this policy. The template can contain custom text and replacement tokens, including %USERNAME:x% and %RAND:x% , which represent the user's name and a randomly generated number, respectively. For example, CPC-%USERNAME:4%-%RAND:5% means that the name of the Cloud PC starts with CPC- , followed by a four-character username, a - character, and then five random characters. The total length of the text generated by the template can't exceed 15 characters. Supports $filter , $select , and $orderby . |
description | String | The provisioning policy description. Supports $filter , $select , and $orderBy . |
displayName | String | The display name for the provisioning policy. |
domainJoinConfigurations | cloudPcDomainJoinConfiguration collection | Specifies a list ordered by priority on how Cloud PCs join Microsoft Entra ID (Azure AD). Supports $select . |
enableSingleSignOn | Boolean | True if the provisioned Cloud PC can be accessed by single sign-on. False indicates that the provisioned Cloud PC doesn't support this feature. The default value is false . Windows 365 users can use single sign-on to authenticate to Microsoft Entra ID with passwordless options (for example, FIDO keys) to access their Cloud PC. Optional. |
gracePeriodInHours | Int32 | The number of hours to wait before reprovisioning/deprovisioning happens. Read-only. |
id | String | The unique identifier associated with the provisioning policy. This ID is auto populated during the creation of a new provisioning policy. Supports $filter , $select , and $orderBy . Read-only. Inherited from entity. |
imageDisplayName | String | The display name of the operating system image that is used for provisioning. For example, Windows 11 Preview + Microsoft 365 Apps 23H2 23H2 . Supports $filter , $select , and $orderBy . |
imageId | String | The unique identifier that represents an operating system image that is used for provisioning new Cloud PCs. The format for a gallery type image is: {publisherName_offerName_skuName}. Supported values for each of the parameters are:
$filter , $select , and $orderBy . |
imageType | cloudPcProvisioningPolicyImageType | The type of operating system image (custom or gallery) that is used for provisioning on Cloud PCs. Possible values are: gallery , custom . The default value is gallery . Supports $filter, $select, and $orderBy. |
localAdminEnabled | Boolean | When true , the local admin is enabled for Cloud PCs; false indicates that the local admin isn't enabled for Cloud PCs. The default value is false . Supports $filter , $select , and $orderBy . |
microsoftManagedDesktop | microsoftManagedDesktop | The specific settings to microsoftManagedDesktop that enables Microsoft Managed Desktop customers to get device managed experience for Cloud PC. To enable microsoftManagedDesktop to provide more value, an admin needs to specify certain settings in it. Supports $filter , $select , and $orderBy . |
provisioningType | cloudPcProvisioningType | Specifies the type of license used when provisioning Cloud PCs using this policy. By default, the license type is dedicated if the provisioningType isn't specified when you create the cloudPcProvisioningPolicy. You can't change this property after the cloudPcProvisioningPolicy was created. Possible values are: dedicated , shared , unknownFutureValue . |
windowsSetting | cloudPcWindowsSetting | Indicates a specific Windows setting to configure during the creation of Cloud PCs for this provisioning policy. Supports $select . |
Graph reference: cloudPcRemoteActionCapability
Property | Type | Description |
---|---|---|
actionCapability | actionCapability | Indicates the state of the supported action capability to perform a Cloud PC remote action. Possible values are: enabled , disabled . Default value is enabled . |
actionName | cloudPcRemoteActionName | The name of the supported Cloud PC remote action. Possible values are: unknown , restart , rename , restore , resize , reprovision , troubleShoot , changeUserAccountType , placeUnderReview . Default value is unknown . |
Graph reference: cloudPcReviewStatus
Property | Type | Description |
---|---|---|
azureStorageAccountId | String | The resource ID of the Azure Storage account in which the Cloud PC snapshot is being saved. |
azureStorageAccountName | String | The name of the Azure Storage account in which the Cloud PC snapshot is being saved. |
azureStorageContainerName | String | The name of the container in an Azure Storage account in which the Cloud PC snapshot is being saved. |
inReview | Boolean | True if the Cloud PC is set to in review by the administrator. |
restorePointDateTime | DateTimeOffset | The specific date and time of the Cloud PC snapshot that was taken and saved automatically, when the Cloud PC is set to in review. The timestamp is shown in ISO 8601 format and Coordinated Universal Time (UTC). For example, midnight UTC on Jan 1, 2014 appears as 2014-01-01T00:00:00Z . |
reviewStartDateTime | DateTimeOffset | The specific date and time when the Cloud PC was set to in review. The timestamp is shown in ISO 8601 format and Coordinated Universal Time (UTC). For example, midnight UTC on Jan 1, 2014 appears as 2014-01-01T00:00:00Z . |
subscriptionId | String | The ID of the Azure subscription in which the Cloud PC snapshot is being saved, in GUID format. |
subscriptionName | String | The name of the Azure subscription in which the Cloud PC snapshot is being saved. |
userAccessLevel | cloudPcUserAccessLevel | The access level of the end user on the Cloud PC. Possible values are: unrestricted , restricted . |
Graph reference: cloudPcScopedPermission
Property | Type | Description |
---|---|---|
permission | String | The operations allowed on scoped resources for the authenticated user. Example permission is Microsoft.CloudPC/ProvisioningPolicies/Create . |
scopeIds | Collection(String) | The scope IDs of corresponding permission. Currently, it's Intune scope tag ID. |
Graph reference: cloudPcServicePlan
Property | Type | Description |
---|---|---|
displayName | String | The name for the service plan. Read-only. |
id | String | Unique identifier for the service plan. Read-only. |
provisioningType | cloudPcProvisioningType | Specifies the type of license used when provisioning Cloud PCs. By default, the license type is dedicated . Possible values are: dedicated , shared , unknownFutureValue , sharedByUser , sharedByEntraGroup . You must use the Prefer: include-unknown-enum-members request header to get the following values from this evolvable enum: sharedByUser , sharedByEntraGroup . The shared member is deprecated and will stop returning on April 30, 2027; going forward, use the sharedByUser member. |
ramInGB | Int32 | The size of the RAM in GB. Read-only. |
supportedSolution | cloudPcManagementService | The supported service or solution for the region. The possible values are: windows365 , devBox , rpaBox , unknownFutureValue . Read-only. |
storageInGB | Int32 | The size of the OS Disk in GB. Read-only. |
type | cloudPcServicePlanType | The type of the service plan. Possible values are: enterprise , business , unknownFutureValue . Read-only. |
userProfileInGB | Int32 | The size of the user profile disk in GB. Read-only. |
vCpuCount | Int32 | The number of vCPUs. Read-only. |
Graph reference: cloudPcSnapshot
Property | Type | Description |
---|---|---|
cloudPcId | String | The unique identifier for the Cloud PC. |
createdDateTime | DateTimeOffset | The date and time at which the snapshot was taken. The timestamp is shown in ISO 8601 format and Coordinated Universal Time (UTC). For example, midnight UTC on Jan 1, 2014 is 2014-01-01T00:00:00Z . |
id | String | The unique identifier for the snapshot of the Cloud PC device at a specific point in time. Inherited from entity. |
lastRestoredDateTime | DateTimeOffset | The date and time at which the snapshot was last used to restore the Cloud PC device. The timestamp is shown in ISO 8601 format and Coordinated Universal Time (UTC). For example, midnight UTC on Jan 1, 2014 is 2014-01-01T00:00:00Z . |
snapshotType | cloudPcSnapshotType | The type of snapshot that indicates how to create the snapshot. Possible values are automatic , manual . Default value is automatic . |
status | cloudPcSnapshotStatus | The status of the Cloud PC snapshot. The possible values are: ready , unknownFutureValue . |
expirationDateTime | DateTimeOffset | The date and time when the snapshot expires. The time is shown in ISO 8601 format and Coordinated Universal Time (UTC) time. For example, midnight UTC on Jan 1, 2014 is 2014-01-01T00:00:00Z . |
Graph reference: cloudPcSourceDeviceImage
Property | Type | Description |
---|---|---|
displayName | String | The display name for the source image. Read-only. |
resourceId | String | The fully qualified unique identifier (ID) of the source image resource in Azure. The ID format is: "/subscriptions/{subscription-id}/resourceGroups/{resourceGroupName}/providers/Microsoft.Compute/images/{imageName}". Read-only. |
subscriptionDisplayName | String | The display name of the subscription that hosts the source image. Read-only. |
subscriptionId | String | The unique identifier (ID) of the subscription that hosts the source image. Read-only. |
Graph reference: cloudPcSubscription
Property | Type | Description |
---|---|---|
subscriptionId | String | The ID of the subscription. |
subscriptionName | String | The name of the subscription. |
Graph reference: cloudPcSupportedRegion
Property | Type | Description |
---|---|---|
displayName | String | The name for the supported region. Read-only. |
id | String | The unique identifier for the supported region. Read-only. |
regionGroup | cloudPcRegionGroup | The geographic group this region belongs to. Multiple regions can belong to one region group. For example, the europeUnion region group contains the Northern Europe and Western Europe regions. A customer can select a region group when provisioning a Cloud PC; however, the Cloud PC is put under one of the regions under the group based on resource capacity. The region with more quota is chosen. Possible values are: default , australia , canada , usCentral , usEast , usWest , france , germany , europeUnion , unitedKingdom , japan , asia , india , southAmerica , euap , usGovernment , usGovernmentDOD , unknownFutureValue , norway , switzerland ,southKorea , middleEast , mexico . You must use the Prefer: include-unknown-enum-members request header to get the following values in this evolvable enum: norway , switzerland ,southKorea , middleEast , mexico . Read-only. |
regionStatus | cloudPcSupportedRegionStatus | The status of the supported region. Possible values are: available , restricted , unavailable , unknownFutureValue . Read-only. |
supportedSolution | cloudPcManagementService | The supported service or solution for the region. The possible values are: windows365 , devBox , unknownFutureValue , rpaBox . You must use the Prefer: include-unknown-enum-members request header to get the following value or values in this evolvable enum: rpaBox . Read-only. |
Graph reference: cloudPcTenantEncryptionSetting
Property | Type | Description |
---|---|---|
tenantDiskEncryptionType | cloudPcDiskEncryptionType | Indicates the Cloud PC disk encryption type for a tenant. It is a tenant-level setting that applies globally to all Cloud PCs in the tenant. Possible values are: platformManagedKey , customerManagedKey , unknownFutureValue . Read-only. |
lastSyncDateTime | DateTimeOffset | Indicates the date and time when last sync tenant encryption setting. |
Graph reference: cloudPcUserSetting
Property | Type | Description |
---|---|---|
createdDateTime | DateTimeOffset | The date and time when the setting was created. The timestamp type represents the date and time information using ISO 8601 format and is always in UTC. For example, midnight UTC on Jan 1, 2014 is 2014-01-01T00:00:00Z . |
displayName | String | The setting name displayed in the user interface. |
id | String | Unique identifier for the Cloud PC user setting. Read-only. Inherited from entity. |
lastModifiedDateTime | DateTimeOffset | The date and time when the setting was last modified. The timestamp type represents the date and time information using ISO 8601 format and is always in UTC. For example, midnight UTC on Jan 1, 2014 is 2014-01-01T00:00:00Z . |
localAdminEnabled | Boolean | Indicates whether the local admin option is enabled. The default value is false . To enable the local admin option, change the setting to true . If the local admin option is enabled, the end user can be an admin of the Cloud PC device. |
resetEnabled | Boolean | Indicates whether an end user is allowed to reset their Cloud PC. When true , the user is allowed to reset their Cloud PC. When false , end-user initiated reset is not allowed. The default value is false . |
restorePointSetting | cloudPcRestorePointSetting | Defines how frequently a restore point is created that is, a snapshot is taken) for users' provisioned Cloud PCs (default is 12 hours), and whether the user is allowed to restore their own Cloud PCs to a backup made at a specific point in time. |
Graph reference: alertRecord
Property | Type | Description |
---|---|---|
alertImpact | microsoft.graph.deviceManagement.alertImpact | The impact of the alert event. Consists of a list of key-value pair and a number followed by the aggregation type. For example, 6 affectedCloudPcCount means that 6 Cloud PCs are affected. 12 affectedCloudPcPercentage means 12% of Cloud PCs are affected. The list of key-value pair indicates the details of the alert impact. |
alertRuleId | String | The corresponding ID of the alert rule. |
alertRuleTemplate | microsoft.graph.deviceManagement.alertRuleTemplate | The rule template of the alert event. The possible values are: cloudPcProvisionScenario , cloudPcImageUploadScenario , cloudPcOnPremiseNetworkConnectionCheckScenario , unknownFutureValue , cloudPcInGracePeriodScenario . Note that you must use the Prefer: include-unknown-enum-members request header to get the following values from this evolvable enum: cloudPcInGracePeriodScenario . |
detectedDateTime | DateTimeOffset | The date and time when the alert event was detected. The Timestamp type represents date and time information using ISO 8601 format. For example, midnight UTC on Jan 1, 2014 is 2014-01-01T00:00:00Z . |
displayName | String | The display name of the alert record. |
id | String | The unique identifier for the alert record. Inherited from entity. |
lastUpdatedDateTime | DateTimeOffset | The date and time when the alert record was last updated. The Timestamp type represents date and time information using ISO 8601 format. For example, midnight UTC on Jan 1, 2014 is 2014-01-01T00:00:00Z . |
resolvedDateTime | DateTimeOffset | The date and time when the alert event was resolved. The Timestamp type represents date and time information using ISO 8601 format. For example, midnight UTC on Jan 1, 2014 is 2014-01-01T00:00:00Z . |
severity | microsoft.graph.deviceManagement.ruleSeverityType | The severity of the alert event. The possible values are: unknown , informational , warning , critical , unknownFutureValue . |
status | microsoft.graph.deviceManagement.alertStatusType | The status of the alert record. The possible values are: active , resolved , unknownFutureValue . |
Graph reference: alertRule
Property | Type | Description |
---|---|---|
alertRuleTemplate | microsoft.graph.deviceManagement.alertRuleTemplate | The rule template of the alert event. The possible values are: cloudPcProvisionScenario , cloudPcImageUploadScenario , cloudPcOnPremiseNetworkConnectionCheckScenario , cloudPcInGracePeriodScenario , cloudPcFrontlineInsufficientLicensesScenario , cloudPcInaccessibleScenario . Note that you must use the Prefer: include-unknown-enum-members request header to get the following values from this evolvable enum: cloudPcInGracePeriodScenario . |
description | String | The rule description. |
displayName | String | The display name of the rule. |
enabled | Boolean | The status of the rule that indicates whether the rule is enabled or disabled. If true , the rule is enabled; otherwise, the rule is disabled. |
id | String | The unique identifier for the alert rule. Inherited from entity. |
isSystemRule | Boolean | Indicates whether the rule is a system rule. If true , the rule is a system rule; otherwise, the rule is a custom-defined rule and can be edited. System rules are built in and only a few properties can be edited. |
notificationChannels | microsoft.graph.deviceManagement.notificationChannel collection | The notification channels of the rule selected by the user. |
severity | microsoft.graph.deviceManagement.ruleSeverityType | The severity of the rule. The possible values are: unknown , informational , warning , critical , unknownFutureValue . |
threshold | microsoft.graph.deviceManagement.ruleThreshold | The conditions that determine when to send alerts. For example, you can configure a condition to send an alert when provisioning fails for six or more Cloud PCs. This property is deprecated. Use conditions instead. |
conditions | microsoft.graph.deviceManagement.ruleCondition collection | The conditions that determine when to send alerts. For example, you can configure a condition to send an alert when provisioning fails for six or more Cloud PCs. |
Graph reference: portalNotification
Property | Type | Description |
---|---|---|
alertImpact | microsoft.graph.deviceManagement.alertImpact | The associated alert impact. |
alertRecordId | String | The associated alert record ID. |
alertRuleId | String | The associated alert rule ID. |
alertRuleName | String | The associated alert rule name. |
alertRuleTemplate | microsoft.graph.deviceManagement.alertRuleTemplate | The associated alert rule template. The possible values are: cloudPcProvisionScenario , cloudPcImageUploadScenario , cloudPcOnPremiseNetworkConnectionCheckScenario , unknownFutureValue , cloudPcInGracePeriodScenario . Note that you must use the Prefer: include-unknown-enum-members request header to get the following values from this evolvable enum: cloudPcInGracePeriodScenario . |
id | String | The unique identifier for the portal notification. |
isPortalNotificationSent | Boolean | true if the portal notification has already been sent to the user; false otherwise. |
severity | microsoft.graph.deviceManagement.ruleSeverityType | The associated alert rule severity. The possible values are: unknown , informational , warning , critical , unknownFutureValue . |
Graph reference: cloudPcConnection
Property | Type | Description |
---|---|---|
displayName | String | The display name of the cloud PC connection. Required. Read-only. |
healthCheckStatus | String | The health status of the cloud PC connection. Possible values are: pending , running , passed , failed , unknownFutureValue . Required. Read-only. |
id | String | The unique identifier for the cloud PC connection. Required. Read-only. |
lastRefreshedDateTime | DateTimeOffset | Date and time the entity was last updated in the multi-tenant management platform. Required. Read-only. |
tenantDisplayName | String | The display name for the managed tenant. Required. Read-only. |
tenantId | String | The Microsoft Entra tenant identifier for the managed tenant. Required. Read-only. |
Graph reference: cloudPcDevice
Property | Type | Description |
---|---|---|
cloudPcStatus | String | The status of the cloud PC. Possible values are: notProvisioned , provisioning , provisioned , upgrading , inGracePeriod , deprovisioning , failed . Required. Read-only. |
deviceSpecification | String | The specification of the cloud PC device. Required. Read-only. |
displayName | String | The display name of the cloud PC device. Required. Read-only. |
id | String | The unique identifier of the cloud PC device. Required. Read-only. |
lastRefreshedDateTime | DateTimeOffset | Date and time the entity was last updated in the multi-tenant management platform. Required. Read-only. |
managedDeviceId | String | The managed device identifier of the cloud PC device. Optional. Read-only. |
managedDeviceName | String | The managed device display name of the cloud PC device. Optional. Read-only. |
provisioningPolicyId | String | The provisioning policy identifier for the cloud PC device. Required. Read-only. |
servicePlanName | String | The service plan name of the cloud PC device. Required. Read-only. |
servicePlanType | String | The service plan type of the cloud PC device. Required. Read-only. |
tenantDisplayName | String | The display name for the managed tenant. Required. Read-only. |
tenantId | String | The Microsoft Entra tenant identifier for the managed tenant. Required. Read-only. |
userPrincipalName | String | The user principal name (UPN) of the user assigned to the cloud PC device. Required. Read-only. |
Graph reference: cloudPcOverview
Property | Type | Description |
---|---|---|
frontlineLicensesCount | Int32 | The total number of cloud PC devices that have the Frontline SKU. Optional. Read-only. |
id | String | The unique identifier for the cloud PC overview. Required. Read-only. |
lastRefreshedDateTime | DateTimeOffset | Date and time the entity was last updated in the multi-tenant management platform. Optional. Read-only. |
numberOfCloudPcConnectionStatusFailed | Int32 | The number of cloud PC connections that have a status of failed . Optional. Read-only. |
numberOfCloudPcConnectionStatusPassed | Int32 | The number of cloud PC connections that have a status of passed . Optional. Read-only. |
numberOfCloudPcConnectionStatusPending | Int32 | The number of cloud PC connections that have a status of pending . Optional. Read-only. |
numberOfCloudPcConnectionStatusRunning | Int32 | The number of cloud PC connections that have a status of running . Optional. Read-only. |
numberOfCloudPcConnectionStatusUnkownFutureValue | Int32 | The number of cloud PC connections that have a status of unknownFutureValue . Optional. Read-only. |
numberOfCloudPcStatusDeprovisioning | Int32 | The number of cloud PCs that have a status of deprovisioning . Optional. Read-only. |
numberOfCloudPcStatusFailed | Int32 | The number of cloud PCs that have a status of failed . Optional. Read-only. |
numberOfCloudPcStatusInGracePeriod | Int32 | The number of cloud PCs that have a status of inGracePeriod . Optional. Read-only. |
numberOfCloudPcStatusNotProvisioned | Int32 | The number of cloud PCs that have a status of notProvisioned . Optional. Read-only. |
numberOfCloudPcStatusProvisioned | Int32 | The number of cloud PCs that have a status of provisioned . Optional. Read-only. |
numberOfCloudPcStatusProvisioning | Int32 | The number of cloud PCs that have a status of provisioning . Optional. Read-only. |
numberOfCloudPcStatusUnknown | Int32 | The number of cloud PCs that have a status of unknown . Optional. Read-only. |
numberOfCloudPcStatusUpgrading | Int32 | The number of cloud PCs that have a status of upgrading . Optional. Read-only. |
tenantDisplayName | String | The display name for the managed tenant. Optional. Read-only. |
totalBusinessLicenses | Int32 | The total number of cloud PC devices that have the Business SKU. Optional. Read-only. |
totalCloudPcConnectionStatus | Int32 | The total number of cloud PC connection statuses for the given managed tenant. Optional. Read-only. |
totalCloudPcStatus | Int32 | The total number of cloud PC statues for the given managed tenant. Optional. Read-only. |
totalEnterpriseLicenses | Int32 | The total number of cloud PC devices that have the Enterprise SKU. Optional. Read-only. |
Graph reference: unifiedRoleAssignment
Property | Type | Description |
---|---|---|
appScopeId | String | Identifier of the app specific scope when the assignment scope is app specific. The scope of an assignment determines the set of resources for which the principal has been granted access. App scopes are scopes that are defined and understood by a resource application only. For the entitlement management provider, use this property to specify a catalog. For example, /AccessPackageCatalog/beedadfe-01d5-4025-910b-84abb9369997 . Supports $filter (eq , in ). For example, /roleManagement/entitlementManagement/roleAssignments?$filter=appScopeId eq '/AccessPackageCatalog/{catalog id}' . |
directoryScopeId | String | Identifier of the directory object representing the scope of the assignment. The scope of an assignment determines the set of resources for which the principal has been granted access. Directory scopes are shared scopes stored in the directory that are understood by multiple applications, unlike app scopes that are defined and understood by a resource application only. Supports $filter (eq , in ). |
id | String | The unique identifier for the unifiedRoleAssignment. Key, not nullable, Read-only. |
principalId | String | Identifier of the principal to which the assignment is granted. Supported principals are users, role-assignable groups, and service principals. Supports $filter (eq , in ). |
roleDefinitionId | String | Identifier of the unifiedRoleDefinition the assignment is for. Read-only. Supports $filter (eq , in ). |
Graph reference: unifiedRoleAssignmentMultiple
Property | Type | Description |
---|---|---|
appScopeIds | String collection | Ids of the app specific scopes when the assignment scopes are app specific. The scopes of an assignment determine the set of resources for which the principal has access. Directory scopes are shared scopes stored in the directory that are understood by multiple applications. Use / for tenant-wide scope. App scopes are scopes that are defined and understood by this application only. |
description | String | Description of the role assignment. |
directoryScopeIds | String collection | Ids of the directory objects that represent the scopes of the assignment. The scopes of an assignment determine the set of resources for which the principals have been granted access. Directory scopes are shared scopes stored in the directory that are understood by multiple applications. App scopes are scopes that are defined and understood by this application only. |
displayName | String | Name of the role assignment. Required. |
id | String | The unique identifier for the unifiedRoleAssignmentMultiple object. Key, not nullable, Read-only. |
principalIds | String collection | Identifiers of the principals to which the assignment is granted. Supports $filter (any operator only). |
roleDefinitionId | String | Identifier of the unifiedRoleDefinition the assignment is for. |
Graph reference: unifiedRoleDefinition
Property | Type | Description |
---|---|---|
description | String | The description for the unifiedRoleDefinition. Read-only when isBuiltIn is true . |
displayName | String | The display name for the unifiedRoleDefinition. Read-only when isBuiltIn is true . Required. Supports $filter (eq , in ). |
id | String | The unique identifier for the role definition. Key, not nullable, Read-only. Inherited from entity. Supports $filter (eq , in ). |
isBuiltIn | Boolean | Flag indicating whether the role definition is part of the default set included in Microsoft Entra or a custom definition. Read-only. Supports $filter (eq , in ). |
isEnabled | Boolean | Flag indicating whether the role is enabled for assignment. If false the role is not available for assignment. Read-only when isBuiltIn is true. |
resourceScopes | String collection | List of the scopes or permissions the role definition applies to. Currently only / is supported. Read-only when isBuiltIn is true. DO NOT USE. This will be deprecated soon. Attach scope to role assignment. |
rolePermissions | unifiedRolePermission collection | List of permissions included in the role. Read-only when isBuiltIn is true . Required. |
templateId | String | Custom template identifier that can be set when isBuiltIn is false but is read-only when isBuiltIn is true . This identifier is typically used if one needs an identifier to be the same across different directories. |
version | String | Indicates version of the role definition. Read-only when **i |