CloudPC.ReadWrite.All
Allows the app to read and write the properties of Cloud PCs on behalf of the signed-in user.
Graph Methods
Type: A = Application Permission, D = Delegate Permission
| Ver |
Type |
Method |
| V1 |
A,D |
DELETE /deviceManagement/virtualEndpoint/deviceImages/{id} |
| V1 |
D |
DELETE /deviceManagement/virtualEndpoint/onPremisesConnections/{id} |
| V1 |
A,D |
DELETE /deviceManagement/virtualEndpoint/provisioningPolicies/{id} |
| V1 |
A,D |
DELETE /deviceManagement/virtualEndpoint/userSettings/{id} |
| V1 |
A,D |
DELETE /roleManagement/cloudPC/roleAssignments/{id} |
| V1 |
A,D |
DELETE /roleManagement/deviceManagement/roleDefinitions/{id} |
| V1 |
A,D |
GET /deviceManagement/managedDevices/{managedDeviceId}/getCloudPcRemoteActionResults |
| V1 |
A,D |
GET /deviceManagement/managedDevices/{managedDeviceId}/getCloudPcReviewStatus |
| V1 |
A,D |
GET /deviceManagement/monitoring/alertRecords |
| V1 |
A,D |
GET /deviceManagement/monitoring/alertRecords/{alertRecordId} |
| V1 |
A,D |
GET /deviceManagement/monitoring/alertRecords/getPortalNotifications |
| V1 |
A,D |
GET /deviceManagement/monitoring/alertRules |
| V1 |
A,D |
GET /deviceManagement/monitoring/alertRules/{alertRuleId} |
| V1 |
A,D |
GET /deviceManagement/virtualEndpoint/auditEvents |
| V1 |
A,D |
GET /deviceManagement/virtualEndpoint/auditEvents/{id} |
| V1 |
A,D |
GET /deviceManagement/virtualEndpoint/auditEvents/getAuditActivityTypes |
| V1 |
A,D |
GET /deviceManagement/virtualEndpoint/cloudPCs |
| V1 |
A,D |
GET /deviceManagement/virtualEndpoint/cloudPCs/{id}/getCloudPcConnectivityHistory |
| V1 |
A |
GET /deviceManagement/virtualEndpoint/cloudPCs/{id}/getSupportedCloudPcRemoteActions |
| V1 |
D |
GET /deviceManagement/virtualEndpoint/crossCloudGovernmentOrganizationMapping |
| V1 |
A,D |
GET /deviceManagement/virtualEndpoint/deviceImages |
| V1 |
A,D |
GET /deviceManagement/virtualEndpoint/deviceImages/{id} |
| V1 |
A,D |
GET /deviceManagement/virtualEndpoint/deviceImages/getSourceImages |
| V1 |
A,D |
GET /deviceManagement/virtualEndpoint/externalPartnerSettings |
| V1 |
A,D |
GET /deviceManagement/virtualEndpoint/externalPartnerSettings/{cloudPcExternalPartnerSettingId} |
| V1 |
A,D |
GET /deviceManagement/virtualEndpoint/galleryImages |
| V1 |
A,D |
GET /deviceManagement/virtualEndpoint/galleryImages/{id} |
| V1 |
D |
GET /deviceManagement/virtualEndpoint/getEffectivePermissions |
| V1 |
A,D |
GET /deviceManagement/virtualEndpoint/onPremisesConnections |
| V1 |
A,D |
GET /deviceManagement/virtualEndpoint/onPremisesConnections/{id} |
| V1 |
A,D |
GET /deviceManagement/virtualEndpoint/organizationSettings |
| V1 |
A,D |
GET /deviceManagement/virtualEndpoint/provisioningPolicies |
| V1 |
A,D |
GET /deviceManagement/virtualEndpoint/provisioningPolicies/{id} |
| V1 |
A,D |
GET /deviceManagement/virtualEndpoint/reports/exportJobs/{cloudPcExportJobId} |
| V1 |
A,D |
GET /deviceManagement/virtualEndpoint/reports/getRealTimeRemoteConnectionLatency(cloudPcId='id') |
| V1 |
A,D |
GET /deviceManagement/virtualEndpoint/reports/getRealTimeRemoteConnectionStatus(cloudPcId='id') |
| V1 |
A,D |
GET /deviceManagement/virtualEndpoint/servicePlans |
| V1 |
A,D |
GET /deviceManagement/virtualEndpoint/snapshots |
| V1 |
A,D |
GET /deviceManagement/virtualEndpoint/snapshots/{cloudPcSnapshotId} |
| V1 |
A,D |
GET /deviceManagement/virtualEndpoint/snapshots/getStorageAccounts(subscriptionId='{subscriptionId}') |
| V1 |
A,D |
GET /deviceManagement/virtualEndpoint/snapshots/getSubscriptions |
| V1 |
A,D |
GET /deviceManagement/virtualEndpoint/supportedRegions |
| V1 |
A,D |
GET /deviceManagement/virtualEndpoint/userSettings |
| V1 |
A,D |
GET /deviceManagement/virtualEndpoint/userSettings/{id} |
| V1 |
D |
GET /me/cloudPCs |
| V1 |
D |
GET /me/cloudPCs/{cloudPCId}/getCloudPcLaunchInfo |
| V1 |
A,D |
GET /me/cloudPCs/{id} |
| V1 |
A,D |
GET /roleManagement/cloudPc/roleAssignments |
| V1 |
A,D |
GET /roleManagement/cloudPC/roleAssignments/{id} |
| V1 |
A,D |
GET /roleManagement/cloudPC/roleDefinitions |
| V1 |
A,D |
GET /roleManagement/cloudPC/roleDefinitions/{id} |
| V1 |
D |
GET /tenantRelationships/managedTenants/cloudPcConnections |
| V1 |
D |
GET /tenantRelationships/managedTenants/cloudPcConnections/{cloudPcConnectionId} |
| V1 |
D |
GET /tenantRelationships/managedTenants/cloudPcDevices |
| V1 |
D |
GET /tenantRelationships/managedTenants/cloudPcDevices/{cloudPcDeviceId} |
| V1 |
D |
GET /tenantRelationships/managedTenants/cloudPcsOverview |
| V1 |
D |
GET /tenantRelationships/managedTenants/cloudPcsOverview/{cloudPcOverviewId} |
| V1 |
A,D |
GET /users/{userId}/cloudPCs/{id} |
| V1 |
A,D |
PATCH /deviceManagement/monitoring/alertRules/{alertRuleId} |
| V1 |
A,D |
PATCH /deviceManagement/virtualEndpoint/externalPartnerSettings/{cloudPcExternalPartnerSettingId} |
| V1 |
D |
PATCH /deviceManagement/virtualEndpoint/onPremisesConnections/{id} |
| V1 |
A,D |
PATCH /deviceManagement/virtualEndpoint/organizationSettings |
| V1 |
A,D |
PATCH /deviceManagement/virtualEndpoint/provisioningPolicies/{id} |
| V1 |
A,D |
PATCH /roleManagement/cloudPC/roleAssignments |
| V1 |
A,D |
PATCH /roleManagement/deviceManagement/roleDefinitions/{id} |
| V1 |
D |
POST /deviceManagement/managedDevices/{managedDeviceId}/reprovisionCloudPc |
| V1 |
A,D |
POST /deviceManagement/managedDevices/{managedDeviceId}/resizeCloudPc |
| V1 |
A,D |
POST /deviceManagement/managedDevices/{managedDeviceId}/restoreCloudPc |
| V1 |
A,D |
POST /deviceManagement/managedDevices/{managedDeviceId}/setCloudPcReviewStatus |
| V1 |
A,D |
POST /deviceManagement/managedDevices/bulkReprovisionCloudPc |
| V1 |
A,D |
POST /deviceManagement/managedDevices/bulkRestoreCloudPc |
| V1 |
A,D |
POST /deviceManagement/managedDevices/bulkSetCloudPcReviewStatus |
| V1 |
A,D |
POST /deviceManagement/monitoring/alertRecords/{alertRecordId}/setPortalNotificationAsSent |
| V1 |
A,D |
POST /deviceManagement/monitoring/alertRules |
| V1 |
A,D |
POST /deviceManagement/virtualEndpoint/cloudPCs/{cloudPCId}/changeUserAccountType |
| V1 |
A,D |
POST /deviceManagement/virtualEndpoint/cloudPCs/{cloudPCId}/endGracePeriod |
| V1 |
A,D |
POST /deviceManagement/virtualEndpoint/cloudPCs/{id}/restore |
| V1 |
A,D |
POST /deviceManagement/virtualEndpoint/cloudPCs/{id}/retryPartnerAgentInstallation |
| V1 |
D |
POST /deviceManagement/virtualEndpoint/crossCloudGovernmentOrganizationMapping |
| V1 |
A,D |
POST /deviceManagement/virtualEndpoint/deviceImages |
| V1 |
A,D |
POST /deviceManagement/virtualEndpoint/deviceImages/{cloudPcDeviceImageId}/reupload |
| V1 |
A,D |
POST /deviceManagement/virtualEndpoint/externalPartnerSettings |
| V1 |
D |
POST /deviceManagement/virtualEndpoint/onPremisesConnections |
| V1 |
D |
POST /deviceManagement/virtualEndpoint/onPremisesConnections/{id}/runHealthChecks |
| V1 |
A,D |
POST /deviceManagement/virtualEndpoint/onPremisesConnections/{Id}/UpdateAdDomainPassword |
| V1 |
A,D |
POST /deviceManagement/virtualEndpoint/provisioningPolicies |
| V1 |
A,D |
POST /deviceManagement/virtualEndpoint/provisioningPolicies/{id}/assign |
| V1 |
A,D |
POST /deviceManagement/virtualEndpoint/reports/exportJobs |
| V1 |
A,D |
POST /deviceManagement/virtualEndpoint/reports/getDailyAggregatedRemoteConnectionReports |
| V1 |
A,D |
POST /deviceManagement/virtualEndpoint/reports/getRemoteConnectionHistoricalReports |
| V1 |
A,D |
POST /deviceManagement/virtualEndpoint/reports/getSharedUseLicenseUsageReport |
| V1 |
A,D |
POST /deviceManagement/virtualEndpoint/reports/getTotalAggregatedRemoteConnectionReports |
| V1 |
A,D |
POST /deviceManagement/virtualEndpoint/userSettings |
| V1 |
A,D |
POST /deviceManagement/virtualEndpoint/userSettings/{id}/assign |
| V1 |
A,D |
POST /me/cloudPCs/{cloudPCId}/reboot |
| V1 |
A,D |
POST /me/cloudPCs/{cloudPCId}/rename |
| V1 |
A,D |
POST /me/cloudPCs/{cloudPCId}/troubleshoot |
| V1 |
A,D |
POST /me/cloudPCs/{id}/reprovision |
| V1 |
A,D |
POST /roleManagement/cloudPC/roleAssignments |
| V1 |
A,D |
POST /roleManagement/deviceManagement/roleDefinitions |
| V1 |
A,D |
POST /users/{userId}/cloudPCs/{cloudPCId}/reboot |
| V1 |
A,D |
POST /users/{userId}/cloudPCs/{cloudPCId}/rename |
| V1 |
A,D |
POST /users/{userId}/cloudPCs/{cloudPCId}/troubleshoot |
| V1 |
A,D |
POST /users/{userId}/cloudPCs/{id}/reprovision |
Delegate Permission
|
|
| Id |
9d77138f-f0e2-47ba-ab33-cd246c8b79d1 |
| Consent Type |
Admin |
| Display String |
Read and write Cloud PCs |
| Description |
Allows the app to read and write the properties of Cloud PCs on behalf of the signed-in user. |
Application Permission
|
|
| Id |
3b4349e1-8cf5-45a3-95b7-69d1751d3e6a |
| Display String |
Read and write Cloud PCs |
| Description |
Allows the app to read and write the properties of Cloud PCs, without a signed-in user. |
Resources
| Property |
Type |
Description |
| aadDeviceId |
String |
The Azure Active Directory (Azure AD) device ID of the Cloud PC. |
| connectivityResult |
cloudPcConnectivityResult |
The connectivity health check result of a Cloud PC, including the updated timestamp and whether the Cloud PC is able to be connected or not. |
| displayName |
String |
The display name of the Cloud PC. |
| gracePeriodEndDateTime |
DateTimeOffset |
The date and time when the grace period ends and reprovisioning/deprovisioning happens. Required only if the status is inGracePeriod. The timestamp is shown in ISO 8601 format and Coordinated Universal Time (UTC). For example, midnight UTC on Jan 1, 2014 is 2014-01-01T00:00:00Z. |
| id |
String |
The unique identifier for the Cloud PC. Read-only. |
| imageDisplayName |
String |
Name of the OS image that's on the Cloud PC. |
| lastLoginResult |
cloudPcLoginResult |
The last login result of the Cloud PC. For example, { "time": "2014-01-01T00:00:00Z"}. |
| lastModifiedDateTime |
DateTimeOffset |
The last modified date and time of the Cloud PC. The Timestamp type represents date and time information using ISO 8601 format and is always in UTC time. For example, midnight UTC on Jan 1, 2014 is 2014-01-01T00:00:00Z. |
| lastRemoteActionResult |
cloudPcRemoteActionResult |
The last remote action result of the enterprise Cloud PCs. The supported remote actions are: Reboot, Rename, Reprovision, Restore, and Troubleshoot. |
| managedDeviceId |
String |
The Intune device ID of the Cloud PC. |
| managedDeviceName |
String |
The Intune device name of the Cloud PC. |
| onPremisesConnectionName |
String |
The Azure network connection that is applied during the provisioning of Cloud PCs. |
| osVersion |
cloudPcOperatingSystem |
The version of the operating system (OS) to provision on Cloud PCs. Possible values are: windows10, windows11, and unknownFutureValue. |
| provisioningPolicyId |
String |
The provisioning policy ID of the Cloud PC. |
| provisioningPolicyName |
String |
The provisioning policy that is applied during the provisioning of Cloud PCs. |
| partnerAgentInstallResults |
cloudPcPartnerAgentInstallResult collection |
The results of every partner agent's installation status on Cloud PC. |
| servicePlanId |
String |
The service plan ID of the Cloud PC. |
| servicePlanName |
String |
The service plan name of the Cloud PC. |
| servicePlanType |
cloudPcServicePlanType |
The service plan type of the Cloud PC. |
| status |
cloudPcStatus |
The status of the Cloud PC. Possible values are: notProvisioned, provisioning, provisioned, upgrading, inGracePeriod, deprovisioning, failed, restoring. |
| statusDetails |
cloudPcStatusDetails |
The details of the Cloud PC status. |
| userAccountType |
cloudPcUserAccountType |
The account type of the user on provisioned Cloud PCs. Possible values are: standardUser, administrator, and unknownFutureValue. |
| userPrincipalName |
String |
The user principal name (UPN) of the user assigned to the Cloud PC. |
| Property |
Type |
Description |
| activity |
String |
Friendly name of the activity. Optional. |
| activityDateTime |
DateTimeOffset |
The date time in UTC when the activity was performed. Read-only. |
| activityOperationType |
cloudPcAuditActivityOperationType |
The HTTP operation type of the activity. Possible values include create, delete, patch and other. Read-only. |
| activityResult |
cloudPcAuditActivityResult |
The result of the activity. Read-only. |
| activityType |
String |
The type of activity that was performed. Read-only. |
| actor |
cloudPcAuditActor |
Azure AD user and application associated with the audit event. Read-only. |
| category |
cloudPcAuditCategory |
Audit category. Read-only. |
| componentName |
String |
Component name. Read-only. |
| correlationId |
String |
The client request identifier, used to correlate activity within the system. Read-only. |
| displayName |
String |
Event display name. Read-only. |
| id |
String |
Key of the audit entity. Read-only. |
| resources |
cloudPcAuditResource collection |
List of cloudPcAuditResource objects. Read-only. |
| Property |
Type |
Description |
| failedDeviceIds |
String collection |
A list of all the Intune managed device IDs that completed the bulk action with a failure. |
| notFoundDeviceIds |
String collection |
A list of all the Intune managed device IDs that were not found when the bulk action was attempted. |
| notSupportedDeviceIds |
String collection |
A list of all the Intune managed device IDs that were identified as unsupported for the bulk action. |
| successfulDeviceIds |
String collection |
A list of all the Intune managed device IDs that completed the bulk action successfully. |
| Property |
Type |
Description |
| eventDateTime |
DateTimeOffset |
Indicates the date and time when this event was created. The timestamp is shown in ISO 8601 format and Coordinated Universal Time (UTC). For example, midnight UTC on Jan 1, 2014 appears as 2014-01-01T00:00:00Z. |
| eventName |
string |
Name of the event. |
| eventResult |
cloudPcConnectivityEventResult |
Result of this event. Possible values are: unknown, success, failure, and unknownFutureValue. |
| eventType |
cloudPcConnectivityEventType |
Type of this event. Possible values are: unknown, userConnection, userTroubleshooting, deviceHealthCheck, and unknownFutureValue. |
| message |
string |
Additional message for this event. |
| Property |
Type |
Description |
| id |
String |
The tenant ID of the GCC tenant in public cloud. |
| organizationIdsInUSGovCloud |
String collection |
The tenant ID in the Azure Government cloud corresponding to the GCC tenant in the public cloud. Currently, 1:1 mappings are supported, so this collection can only contain one tenant ID. |
| Property |
Type |
Description |
| displayName |
String |
The image's display name. |
| expirationDate |
Date |
The date the image became unavailable. |
| id |
String |
Unique identifier for the image resource on the Cloud PC. Read-only. |
| lastModifiedDateTime |
DateTimeOffset |
The data and time that the image was last modified. The time is shown in ISO 8601 format and Coordinated Universal Time (UTC) time. For example, midnight UTC on Jan 1, 2014 appears as '2014-01-01T00:00:00Z'. |
| operatingSystem |
String |
The image's operating system. For example: Windows 10 Enterprise. |
| osBuildNumber |
String |
The image's OS build version. For example: 1909. |
| osStatus |
cloudPcDeviceImageOsStatus |
The OS status of this image. Possible values are: supported, supportedWithWarning, unknownFutureValue. |
| sourceImageResourceId |
String |
The ID of the source image resource on Azure. Required format: "/subscriptions/{subscription-id}/resourceGroups/{resourceGroupName}/providers/Microsoft.Compute/images/{imageName}". |
| status |
cloudPcDeviceImageStatus |
The status of the image on Cloud PC. Possible values are: pending, ready, failed. |
| statusDetails |
cloudPcDeviceImageStatusDetails |
The details of the image's status, which indicates why the upload failed, if applicable. Possible values are: internalServerError, sourceImageNotFound, osVersionNotSupported, sourceImageInvalid, and sourceImageNotGeneralized. |
| version |
String |
The image version. For example: 0.0.1, 1.5.13. |
| Property |
Type |
Description |
| onPremisesConnectionId |
String |
The Azure network connection ID that matches the virtual network IT admins want the provisioning policy to use when they create Cloud PCs. You can use this property in both domain join types: Azure AD joined or Hybrid Azure AD joined. If you enter an onPremisesConnectionId, leave regionName as empty. |
| regionName |
String |
The supported Azure region where the IT admin wants the provisioning policy to create Cloud PCs. The underlying virtual network will be created and managed by the Windows 365 service. This can only be entered if the IT admin chooses Azure AD joined as the domain join type. If you enter a regionName, leave onPremisesConnectionId as empty. |
| type |
cloudPcDomainJoinType |
Specifies how the provisioned Cloud PC will be joined to Azure AD. If you choose the hybridAzureADJoin type, only provide a value for the **o |
| Property |
Type |
Description |
| expirationDateTime |
DateTimeOffset |
The date and time when the export job expires. |
| exportJobStatus |
cloudPcExportJobStatus |
The status of the export job. The possible values are: notStarted, inProgress, completed, unknownFutureValue. Read-only. |
| exportUrl |
String |
The storage account URL of the exported report. It can be used to download the file. |
| filter |
String |
The filter applied on the report. |
| format |
String |
The format of the exported report. |
| id |
String |
The unique identifier for the report. Read-only. |
| reportName |
cloudPcReportName |
The report name. The possible values are: remoteConnectionHistoricalReports, dailyAggregatedRemoteConnectionReports, totalAggregatedRemoteConnectionReports, sharedUseLicenseUsageReport, sharedUseLicenseUsageRealTimeReport, or unknownFutureValue. |
| requestDateTime |
DateTimeOffset |
The date and time when the export job was requested. |
| select |
String collection |
The selected columns of the report. |
| Property |
Type |
Description |
| enableConnection |
Boolean |
Enable or disable the connection to an external partner. If true, an external partner API will accept incoming calls from external partners. Required. Supports $filter (eq). |
| id |
String |
The unique identifier for the Cloud PC external partner setting. Read-only. |
| lastSyncDateTime |
DateTimeOffset |
Last data sync time for this external partner. The Timestamp type represents the date and time information using ISO 8601 format and is always in UTC time. For example, midnight UTC on Jan 1, 2014 looks like this: '2014-01-01T00:00:00Z'. |
| partnerId |
String |
The external partner ID. |
| status |
cloudPcExternalPartnerStatus |
The status of the connection to the external partner. The possible values are: notAvailable, available, healthy, unhealthy, unknownFutureValue. |
| statusDetails |
String |
Status details message. |
| Property |
Type |
Description |
| storageAccountId |
String |
The ID of the storage account. |
| storageAccountName |
String |
The name of the storage account. |
| Property |
Type |
Description |
| displayName |
String |
The official display name of the gallery image. Read-only. |
| endDate |
Date |
The date in which this image is no longer within long-term support. The Cloud PC will continue to provide short-term support. Read-only. |
| expirationDate |
Date |
The date when the image is no longer available. Read-only. |
| id |
String |
Unique identifier for the gallery image resource on the Cloud PC. Read-only. |
| offer |
String |
The offer name of the gallery image. This value will be passed to Azure to get the image resource. Read-only. |
| offerDisplayName |
String |
The official display offer name of the gallery image. For example, Windows 10 Enterprise + OS Optimizations. Read-only. |
| publisher |
String |
The publisher name of the gallery image. This value will be passed to Azure to get the image resource. Read-only. |
| recommendedSku |
String |
Recommended Cloud PC SKU for this gallery image. Read-only. |
| sizeInGB |
Int32 |
The size of this image in gigabytes. Read-only. |
| sku |
String |
The SKU name of the gallery image. This value will be passed to Azure to get the image resource. Read-only. |
| skuDisplayName |
String |
The official display stock keeping unit (SKU) name of this gallery image. For example, 2004. Read-only. |
| startDate |
Date |
The date when the image becomes available. Read-only. |
| status |
cloudPcGalleryImageStatus |
The status of the gallery image on the Cloud PC. Possible values are: supported, supportedWithWarning, notSupported, unknownFutureValue. Read-only. |
| Property |
Type |
Description |
| cloudPcId |
String |
The unique identifier of the Cloud PC. |
| cloudPcLaunchUrl |
String |
The connect URL of the Cloud PC. |
| Property |
Type |
Description |
| adDomainName |
String |
The fully qualified domain name (FQDN) of the Active Directory domain you want to join. Optional. |
| adDomainPassword |
String |
The password associated with adDomainUsername. |
| adDomainUsername |
String |
The username of an Active Directory account (user or service account) that has permissions to create computer objects in Active Directory. Required format: [email protected]oso.com. Optional. |
| alternateResourceUrl |
String |
The interface URL of the partner service's resource that links to this Azure network connection. Returned only on $select. |
| displayName |
String |
The display name for the Azure network connection. |
| healthCheckStatus |
cloudPcOnPremisesConnectionStatus |
The status of the most recent health check done on the Azure network connection. For example, if status is passed, the Azure network connection has passed all checks run by the service. Possible values are: pending, running, passed, failed, unknownFutureValue. Read-only. |
| healthCheckStatusDetails |
cloudPcOnPremisesConnectionStatusDetails |
The details of the connection's health checks and the corresponding results. Returned only on $select. For an example that shows how to get the inUse property, see Example 2: Get the selected properties of an Azure network connection, including healthCheckStatusDetails. Read-only. |
| id |
String |
Unique identifier for the Azure network connection. Read-only. |
| inUse |
Boolean |
When true, the Azure network connection is in use. When false, the connection is not in use. You cannot delete a connection that’s in use. Returned only on $select. For an example that shows how to get the inUse property, see Example 2: Get the selected properties of an Azure network connection, including healthCheckStatusDetails. Read-only. |
| managedBy |
cloudPcManagementService |
Specifies which services manage the Azure network connection. Possible values are: windows365, devBox, unknownFutureValue, rpaBox. Note that you must use the Prefer: include-unknown-enum-members request header to get the following value(s) in this evolvable enum: rpaBox. Read-only. |
| organizationalUnit |
String |
The organizational unit (OU) in which the computer account is created. If left null, the OU that’s configured as the default (a well-known computer object container) in your Active Directory domain (OU) is used. Optional. |
| virtualNetworkLocation |
String |
Indicates resource location of the virtual target network. Read-only, computed value. |
| resourceGroupId |
String |
The ID of the target resource group. Required format: /subscriptions/{subscription-id}/resourceGroups/{resourceGroupName}. |
| subnetId |
String |
The ID of the target subnet. Required format: /subscriptions/{subscription-id}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/virtualNetworks/{virtualNetworkId}/subnets/{subnetName}. |
| subscriptionId |
String |
The ID of the target Azure subscription that’s associated with your tenant. |
| subscriptionName |
String |
The name of the target Azure subscription. Read-only. |
| type |
cloudPcOnPremisesConnectionType |
Specifies how the provisioned Cloud PC will be joined to Azure Active Directory. Default value is hybridAzureADJoin. Possible values are: azureADJoin, hybridAzureADJoin, unknownFutureValue. |
| virtualNetworkId |
String |
The ID of the target virtual network. Required format: /subscriptions/{subscription-id}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/virtualNetworks/{virtualNetworkName}. |
| Property |
Type |
Description |
| startDateTime |
DateTimeOffset |
The start time of the connection health check. The Timestamp type represents date and time information using ISO 8601 format and is always in UTC time. For example, midnight UTC on Jan 1, 2014 is 2014-01-01T00:00:00Z. |
| endDateTime |
DateTimeOffset |
The end time of the connection health check. The Timestamp type represents date and time information using ISO 8601 format and is always in UTC time. For example, midnight UTC on Jan 1, 2014 is 2014-01-01T00:00:00Z. |
| healthChecks |
cloudPcOnPremisesConnectionHealthCheck collection |
All checks that are done on the connection. |
| Property |
Type |
Description |
| enableMEMAutoEnroll |
Boolean |
Specifies whether new Cloud PCs will be automatically enrolled in Microsoft Endpoint Manager(MEM). The default value is false. |
| id |
String |
The ID of the organization settings. |
| osVersion |
cloudPcOperatingSystem |
The version of the operating system (OS) to provision on Cloud PCs. The possible values are: windows10, windows11, unknownFutureValue. |
| userAccountType |
cloudPcUserAccountType |
The account type of the user on provisioned Cloud PCs. The possible values are: standardUser, administrator, unknownFutureValue. |
| windowsSettings |
cloudPcWindowsSettings |
Represents the Cloud PC organization settings for a tenant. A tenant has only one **c |
| Property |
Type |
Description |
| alternateResourceUrl |
String |
The URL of the alternate resource that links to this provisioning policy. Read-only. |
| cloudPcGroupDisplayName |
String |
The display name of the Cloud PC group that the Cloud PCs reside in. Read-only. |
| description |
String |
The provisioning policy description. |
| displayName |
String |
The display name for the provisioning policy. |
| domainJoinConfiguration |
cloudPcDomainJoinConfiguration |
Specifies how Cloud PCs will join Azure Active Directory. |
| gracePeriodInHours |
Int32 |
The number of hours to wait before reprovisioning/deprovisioning happens. Read-only. |
| id |
String |
Unique identifier for the Cloud PC provisioning policy. Read-only. |
| imageDisplayName |
String |
The display name for the OS image you’re provisioning. |
| imageId |
String |
The ID of the OS image you want to provision on Cloud PCs. The format for a gallery type image is: {publisher_offer_sku}. Supported values for each of the parameters are as follows:- publisher: Microsoftwindowsdesktop.
- offer: windows-ent-cpc.
- sku: 21h1-ent-cpc-m365, 21h1-ent-cpc-os, 20h2-ent-cpc-m365, 20h2-ent-cpc-os, 20h1-ent-cpc-m365, 20h1-ent-cpc-os, 19h2-ent-cpc-m365 and 19h2-ent-cpc-os.
|
| imageType |
cloudPcProvisioningPolicyImageType |
The type of OS image (custom or gallery) you want to provision on Cloud PCs. Possible values are: gallery, custom. |
| localAdminEnabled |
Boolean |
Indicates whether the local admin option is enabled. If the local admin option is enabled, the end user can be an admin of the Cloud PC device. Read-only. |
| managedBy |
cloudPcManagementService |
Specifies which services manage the Azure network connection. Possible values are: windows365, devBox, unknownFutureValue, rpaBox. Note that you must use the Prefer: include-unknown-enum-members request header to get the following value(s) in this evolvable enum: rpaBox. Read-only. |
| microsoftManagedDesktop |
microsoftManagedDesktop |
The specific settings for the Microsoft Managed Desktop, which enables customers to get a managed device experience for the Cloud PC. Before you can enable Microsoft Managed Desktop, an admin must configure it. |
| onPremisesConnectionId |
String |
The ID of the cloudPcOnPremisesConnection. To ensure that Cloud PCs have network connectivity and that they domain join, choose a connection with a virtual network that’s validated by the Cloud PC service. |
| windowsSettings |
cloudPcWindowsSettings |
Specific Windows settings to configure while creating Cloud PCs for this provisioning policy. |
| Property |
Type |
Description |
| id |
String |
Unique Identifier for the provisioning policy assignment. Read-only. If target is a user group, then the ID is shown as {policyId}_{groupId}. |
| target |
cloudPcManagementAssignmentTarget |
The assignment target for the provisioning policy. Currently, the only target supported for this policy is a user group. For details, see cloudPcManagementGroupAssignmentTarget. |
| Property |
Type |
Description |
| actionCapability |
actionCapability |
Indicates the state of the supported action capability to perform a Cloud PC remote action. Possible values are: enabled, disabled. Default value is enabled. |
| actionName |
cloudPcRemoteActionName |
The name of the supported Cloud PC remote action. Possible values are: unknown, restart, rename, restore, resize, reprovision, troubleShoot, changeUserAccountType, placeUnderReview. Default value is unknown. |
| Property |
Type |
Description |
| actionName |
String |
The specified action. Supported values in the Microsoft Endpoint Manager portal are: Reprovision, Resize, Restore. Supported values in enterprise Cloud PC devices are: Reboot, Rename, Reprovision, Troubleshoot. |
| actionState |
actionState |
State of the action. Possible values are: None, pending, canceled, active, done, failed, notSupported. Read-only. |
| cloudPcId |
String |
The ID of the Cloud PC device on which the remote action is performed. Read-only. |
| managedDeviceId |
String |
The ID of the Intune managed device on which the remote action is performed. Read-only. |
| startDateTime |
DateTimeOffset |
Time the action was initiated. The Timestamp is shown in ISO 8601 format and Coordinated Universal Time (UTC). For example, midnight UTC on Jan 1, 2014 appears as '2014-01-01T00:00:00Z'. |
| lastUpdatedDateTime |
DateTimeOffset |
Last update time for action. The Timestamp is shown in ISO 8601 format and Coordinated Universal Time (UTC). For example, midnight UTC on Jan 1, 2014 appears as '2014-01-01T00:00:00Z'. |
| statusDetails |
cloudPcStatusDetails |
The details of the Cloud PC status. |
| Property |
Type |
Description |
| frequencyInHours |
Int32 |
The time interval in hours to take snapshots (restore points) of a Cloud PC automatically. Possible values are 4, 6, 12, 16, and 24. The default frequency is 12 hours. |
| userRestoreEnabled |
Boolean |
If true, the user has the ability to use snapshots to restore Cloud PCs. If false, non-admin users cannot use snapshots to restore the Cloud PC. |
| Property |
Type |
Description |
| azureStorageAccountId |
String |
The resource ID of the Azure Storage account in which the Cloud PC snapshot is being saved. |
| azureStorageAccountName |
String |
The name of the Azure Storage account in which the Cloud PC snapshot is being saved. |
| azureStorageContainerName |
String |
The name of the container in an Azure Storage account in which the Cloud PC snapshot is being saved. |
| inReview |
Boolean |
True if the Cloud PC is set to in review by the administrator. |
| restorePointDateTime |
DateTimeOffset |
The specific date and time of the Cloud PC snapshot that was taken and saved automatically, when the Cloud PC is set to in review. The timestamp is shown in ISO 8601 format and Coordinated Universal Time (UTC). For example, midnight UTC on Jan 1, 2014 appears as 2014-01-01T00:00:00Z. |
| reviewStartDateTime |
DateTimeOffset |
The specific date and time when the Cloud PC was set to in review. The timestamp is shown in ISO 8601 format and Coordinated Universal Time (UTC). For example, midnight UTC on Jan 1, 2014 appears as 2014-01-01T00:00:00Z. |
| subscriptionId |
String |
The ID of the Azure subscription in which the Cloud PC snapshot is being saved, in GUID format. |
| subscriptionName |
String |
The name of the Azure subscription in which the Cloud PC snapshot is being saved. |
| userAccessLevel |
cloudPcUserAccessLevel |
The access level of the end user on the Cloud PC. Possible values are: unrestricted, restricted. |
| Property |
Type |
Description |
| displayName |
String |
The name for the service plan. Read-only. |
| id |
String |
Unique identifier for the service plan. Read-only. |
| ramInGB |
Int32 |
The size of the RAM in GB. Read-only. |
| storageInGB |
Int32 |
The size of the OS Disk in GB. Read-only. |
| type |
cloudPcServicePlanType |
The type of the service plan. Possible values are: enterprise, business, unknownFutureValue. Read-only. |
| userProfileInGB |
Int32 |
The size of the user profile disk in GB. Read-only. |
| vCpuCount |
Int32 |
The number of vCPUs. Read-only. |
| Property |
Type |
Description |
| cloudPcId |
String |
The unique identifier for the Cloud PC. |
| createdDateTime |
DateTimeOffset |
The date and time at which the snapshot was taken. The timestamp is shown in ISO 8601 format and Coordinated Universal Time (UTC). For example, midnight UTC on Jan 1, 2014 is 2014-01-01T00:00:00Z. |
| id |
String |
The unique identifier for the snapshot of the Cloud PC device at a specific point in time. Inherited from entity. |
| lastRestoredDateTime |
DateTimeOffset |
The date and time at which the snapshot was last used to restore the Cloud PC device. The timestamp is shown in ISO 8601 format and Coordinated Universal Time (UTC). For example, midnight UTC on Jan 1, 2014 is 2014-01-01T00:00:00Z. |
| status |
cloudPcSnapshotStatus |
The status of the Cloud PC snapshot. The possible values are: ready, unknownFutureValue. |
| Property |
Type |
Description |
| id |
String |
The ID of the source image. |
| displayName |
String |
The display name for the source image. |
| subscriptionId |
String |
The ID of subscription that hosts the source image. |
| subscriptionDisplayName |
String |
The display name of subscription that hosts the source image. |
| Property |
Type |
Description |
| subscriptionId |
String |
The ID of the subscription. |
| subscriptionName |
String |
The name of the subscription. |
| Property |
Type |
Description |
| displayName |
String |
The name for the supported region. Read-only. |
| id |
String |
The unique identifier for the supported region. Read-only. |
| regionGroup |
cloudPcRegionGroup |
The geographic group this region belongs to. Multiple regions can belong to one region group. For example, the europeUnion region group contains the Northern Europe and Western Europe regions. A customer can select a region group when provisioning a Cloud PC; however, the Cloud PC will be put under one of the regions under the group based on resource capacity. The region with more quota will be chosen. Possible values are: default, australia, canada, usCentral, usEast, usWest, france, germany, europeUnion, unitedKingdom, japan, asia, india, southAmerica, euap, usGovernment, usGovernmentDOD, unknownFutureValue, norway, switzerland,southKorea. Note that you must use the Prefer: include-unknown-enum-members request header to get the following value(s) in this evolvable enum: norway, switzerland,southKorea. Read-only. |
| regionStatus |
cloudPcSupportedRegionStatus |
The status of the supported region. Possible values are: available, restricted, unavailable, unknownFutureValue. Read-only. |
| supportedSolution |
cloudPcManagementService |
The supported service or solution for the region. The possible values are: windows365, devBox, unknownFutureValue, rpaBox. Note that you must use the Prefer: include-unknown-enum-members request header to get the following value(s) in this evolvable enum: rpaBox. Read-only. |
| Property |
Type |
Description |
| createdDateTime |
DateTimeOffset |
The date and time the setting was created. The Timestamp type represents the date and time information using ISO 8601 format and is always in UTC time. For example, midnight UTC on Jan 1, 2014 looks like this: '2014-01-01T00:00:00Z'. |
| displayName |
String |
The setting name displayed in the user interface. |
| id |
String |
Unique identifier for the Cloud PC user setting. Read-only. |
| lastModifiedDateTime |
DateTimeOffset |
The last date and time the setting was modified. The Timestamp type represents the date and time information using ISO 8601 format and is always in UTC time. For example, midnight UTC on Jan 1, 2014 looks like this: '2014-01-01T00:00:00Z'. |
| localAdminEnabled |
Boolean |
Indicates whether the local admin option is enabled. Default value is false. To enable the local admin option, change the setting to true. If the local admin option is enabled, the end user can be an admin of the Cloud PC device. |
| restorePointSetting |
cloudPcRestorePointSetting |
Defines how frequently a restore point is created that is, a snapshot is taken) for users' provisioned Cloud PCs (default is 12 hours), and whether the user is allowed to restore their own Cloud PCs to a backup made at a specific point in time. |
| selfServiceEnabled |
Boolean |
Indicates whether the self-service option is enabled. Default value is false. To enable the self-service option, change the setting to true. If the self-service option is enabled, the end user is allowed to perform some self-service operations, such as upgrading the Cloud PC through the end user portal. |
| Property |
Type |
Description |
| id |
String |
Unique Identifier for the user setting assignment. Read-only. If target is a user group, the ID has this structure: {policyID}_{groupID}. |
| target |
cloudPcManagementAssignmentTarget |
The assignment target for the user setting. Currently, the only target supported for this user setting is a user group. For details, see cloudPcManagementGroupAssignmentTarget. |
| createdDateTime |
DateTimeOffset |
The date and time this assignment was created. The Timestamp type represents the date and time information using ISO 8601 format and is always in UTC time. For example, midnight UTC on Jan 1, 2014 looks like this: '2014-01-01T00:00:00Z'. |
| Property |
Type |
Description |
| language |
String |
The Windows language/region tag to use for language pack configuration and localization of the Cloud PC. The default value is en-US, which corresponds to English (United States). |
| Property |
Type |
Description |
| alertImpact |
microsoft.graph.deviceManagement.alertImpact |
The impact of the alert event. Consists of a number followed by the aggregation type. For example, 6 affectedCloudPcCount means that 6 Cloud PCs are affected. 12 affectedCloudPcPercentage means 12% of Cloud PCs are affected. |
| alertRuleId |
String |
The corresponding ID of the alert rule. |
| alertRuleTemplate |
microsoft.graph.deviceManagement.alertRuleTemplate |
The rule template of the alert event. The possible values are: cloudPcProvisionScenario, cloudPcImageUploadScenario, cloudPcOnPremiseNetworkConnectionCheckScenario, unknownFutureValue. |
| detectedDateTime |
DateTimeOffset |
The date and time when the alert event was detected. The Timestamp type represents date and time information using ISO 8601 format. For example, midnight UTC on Jan 1, 2014 is 2014-01-01T00:00:00Z. |
| displayName |
String |
The display name of the alert record. |
| id |
String |
The unique identifier for the alert record. Inherited from entity. |
| lastUpdatedDateTime |
DateTimeOffset |
The date and time when the alert record was last updated. The Timestamp type represents date and time information using ISO 8601 format. For example, midnight UTC on Jan 1, 2014 is 2014-01-01T00:00:00Z. |
| resolvedDateTime |
DateTimeOffset |
The date and time when the alert event was resolved. The Timestamp type represents date and time information using ISO 8601 format. For example, midnight UTC on Jan 1, 2014 is 2014-01-01T00:00:00Z. |
| severity |
microsoft.graph.deviceManagement.ruleSeverityType |
The severity of the alert event. The possible values are: unknown, informational, warning, critical, unknownFutureValue. |
| status |
microsoft.graph.deviceManagement.alertStatusType |
The status of the alert record. The possible values are: active, resolved, unknownFutureValue. |
| Property |
Type |
Description |
| alertRuleTemplate |
microsoft.graph.deviceManagement.alertRuleTemplate |
The rule template of the alert event. The possible values are: cloudPcProvisionScenario, cloudPcImageUploadScenario, cloudPcOnPremiseNetworkConnectionCheckScenario, unknownFutureValue. |
| description |
String |
The rule description. |
| displayName |
String |
The display name of the rule. |
| enabled |
Boolean |
The status of the rule that indicates whether the rule is enabled or disabled. If true, the rule is enabled; otherwise, the rule is disabled. |
| id |
String |
The unique identifier for the alert rule. Inherited from entity. |
| isSystemRule |
Boolean |
Indicates whether the rule is a system rule. If true, the rule is a system rule; otherwise, the rule is a custom defined rule and can be edited. System rules are built-in and only a few properties can be edited. |
| notificationChannels |
microsoft.graph.deviceManagement.notificationChannel collection |
The notification channels of the rule selected by the user. |
| severity |
microsoft.graph.deviceManagement.ruleSeverityType |
The severity of the rule. The possible values are: unknown, informational, warning, critical, unknownFutureValue. |
| threshold |
microsoft.graph.deviceManagement.ruleThreshold |
The conditions to send alerts. For example, send alert when provisioning has failed for greater than or equal to 6 Cloud PCs. |
| Property |
Type |
Description |
| notificationChannelType |
microsoft.graph.deviceManagement.notificationChannelType |
The type of the notification channel. The possible values are: portal, email, phoneCall, sms, unknownFutureValue. |
| notificationReceivers |
microsoft.graph.deviceManagement.notificationReceiver collection |
Information about the notification receivers, such as locale and contact information. For example, en-us for locale and [email protected] for contact information. |
| receivers |
String collection |
The contact information about the notification receivers, such as email addresses. For portal notifications, **r |
| Property |
Type |
Description |
| alertImpact |
microsoft.graph.deviceManagement.alertImpact |
The associated alert impact. |
| alertRecordId |
String |
The associated alert record ID. |
| alertRuleId |
String |
The associated alert rule ID. |
| alertRuleName |
String |
The associated alert rule name. |
| alertRuleTemplate |
microsoft.graph.deviceManagement.alertRuleTemplate |
The associated alert rule template. The possible values are: cloudPcProvisionScenario, cloudPcImageUploadScenario, cloudPcOnPremiseNetworkConnectionCheckScenario, unknownFutureValue. |
| id |
String |
The unique identifier for the portal notification. |
| isPortalNotificationSent |
Boolean |
true if the portal notification has already been sent to the user; false otherwise. |
| severity |
microsoft.graph.deviceManagement.ruleSeverityType |
The associated alert rule severity. The possible values are: unknown, informational, warning, critical, unknownFutureValue. |
| Property |
Type |
Description |
| aggregation |
microsoft.graph.deviceManagement.aggregationType |
Indicates the built-in aggregation methods. The possible values are: count, percentage, affectedCloudPcCount, affectedCloudPcPercentage, unknownFutureValue. |
| operator |
microsoft.graph.deviceManagement.operatorType |
Indicates the built-in operator. The possible values are: greaterOrEqual, equal, greater, less, lessOrEqual, notEqual, unknownFutureValue. |
| target |
Int32 |
The target threshold value. |
| Property |
Type |
Description |
| displayName |
String |
The display name of the cloud PC connection. Required. Read-only. |
| healthCheckStatus |
String |
The health status of the cloud PC connection. Possible values are: pending, running, passed, failed, unknownFutureValue. Required. Read-only. |
| id |
String |
The unique identifier for the cloud PC connection. Required. Read-only. |
| lastRefreshedDateTime |
DateTimeOffset |
Date and time the entity was last updated in the multi-tenant management platform. Required. Read-only. |
| tenantDisplayName |
String |
The display name for the managed tenant. Required. Read-only. |
| tenantId |
String |
The Azure Active Directory tenant identifier for the managed tenant. Required. Read-only. |
| Property |
Type |
Description |
| cloudPcStatus |
String |
The status of the cloud PC. Possible values are: notProvisioned, provisioning, provisioned, upgrading, inGracePeriod, deprovisioning, failed. Required. Read-only. |
| deviceSpecification |
String |
The specification of the cloud PC device. Required. Read-only. |
| displayName |
String |
The display name of the cloud PC device. Required. Read-only. |
| id |
String |
The unique identifier of the cloud PC device. Required. Read-only. |
| lastRefreshedDateTime |
DateTimeOffset |
Date and time the entity was last updated in the multi-tenant management platform. Required. Read-only. |
| managedDeviceId |
String |
The managed device identifier of the cloud PC device. Optional. Read-only. |
| managedDeviceName |
String |
The managed device display name of the cloud PC device. Optional. Read-only. |
| provisioningPolicyId |
String |
The provisioning policy identifier for the cloud PC device. Required. Read-only. |
| servicePlanName |
String |
The service plan name of the cloud PC device. Required. Read-only. |
| servicePlanType |
String |
The service plan type of the cloud PC device. Required. Read-only. |
| tenantDisplayName |
String |
The display name for the managed tenant. Required. Read-only. |
| tenantId |
String |
The Azure Active Directory tenant identifier for the managed tenant. Required. Read-only. |
| userPrincipalName |
String |
The user principal name (UPN) of the user assigned to the cloud PC device. Required. Read-only. |
| Property |
Type |
Description |
| id |
String |
The unique identifier for the cloud PC overview. Required. Read-only. |
| lastRefreshedDateTime |
DateTimeOffset |
Date and time the entity was last updated in the multi-tenant management platform. Optional. Read-only. |
| numberOfCloudPcConnectionStatusFailed |
Int32 |
The number of cloud PC connections that have a status of failed. Optional. Read-only. |
| numberOfCloudPcConnectionStatusPassed |
Int32 |
The number of cloud PC connections that have a status of passed. Optional. Read-only. |
| numberOfCloudPcConnectionStatusPending |
Int32 |
The number of cloud PC connections that have a status of pending. Optional. Read-only. |
| numberOfCloudPcConnectionStatusRunning |
Int32 |
The number of cloud PC connections that have a status of running. Optional. Read-only. |
| numberOfCloudPcConnectionStatusUnkownFutureValue |
Int32 |
The number of cloud PC connections that have a status of unknownFutureValue. Optional. Read-only. |
| numberOfCloudPcStatusDeprovisioning |
Int32 |
The number of cloud PCs that have a status of deprovisioning. Optional. Read-only. |
| numberOfCloudPcStatusFailed |
Int32 |
The number of cloud PCs that have a status of failed. Optional. Read-only. |
| numberOfCloudPcStatusInGracePeriod |
Int32 |
The number of cloud PCs that have a status of inGracePeriod. Optional. Read-only. |
| numberOfCloudPcStatusNotProvisioned |
Int32 |
The number of cloud PCs that have a status of notProvisioned. Optional. Read-only. |
| numberOfCloudPcStatusProvisioned |
Int32 |
The number of cloud PCs that have a status of provisioned. Optional. Read-only. |
| numberOfCloudPcStatusProvisioning |
Int32 |
The number of cloud PCs that have a status of provisioning. Optional. Read-only. |
| numberOfCloudPcStatusUnknown |
Int32 |
The number of cloud PCs that have a status of unknown. Optional. Read-only. |
| numberOfCloudPcStatusUpgrading |
Int32 |
The number of cloud PCs that have a status of upgrading. Optional. Read-only. |
| tenantDisplayName |
String |
The display name for the managed tenant. Optional. Read-only. |
| totalBusinessLicenses |
Int32 |
The total number of cloud PC devices that have the Business SKU. Optional. Read-only. |
| totalCloudPcConnectionStatus |
Int32 |
The total number of cloud PC connection statuses for the given managed tenant. Optional. Read-only. |
| totalCloudPcStatus |
Int32 |
The total number of cloud PC statues for the given managed tenant. Optional. Read-only. |
| totalEnterpriseLicenses |
Int32 |
The total number of cloud PC devices that have the Enterprise SKU. Optional. Read-only. |
| Property |
Type |
Description |
| appScopeId |
String |
Identifier of the app-specific scope when the assignment scope is app-specific. Either this property or directoryScopeId is required. App scopes are scopes that are defined and understood by this application only. Use / for tenant-wide app scopes. Use directoryScopeId to limit the scope to particular directory objects, for example, administrative units. Supports $filter (eq, in). |
| directoryScopeId |
String |
Identifier of the directory object representing the scope of the assignment. Either this property or appScopeId is required. The scope of an assignment determines the set of resources for which the principal has been granted access. Directory scopes are shared scopes stored in the directory that are understood by multiple applications. Use / for tenant-wide scope. Use appScopeId to limit the scope to an application only. Supports $filter (eq, in). |
| id |
String |
The unique identifier for the role assignment. Key, not nullable, Read-only. Inherited from entity. |
| roleDefinitionId |
String |
Identifier of the role definition the assignment is for. Read only. Supports $filter (eq, in). |
| principalId |
String |
Identifier of the principal to which the assignment is granted. Supports $filter (eq, in). |
| Property |
Type |
Description |
| appScopeIds |
String collection |
Ids of the app specific scopes when the assignment scopes are app specific. The scopes of an assignment determines the set of resources for which the principal has been granted access. Directory scopes are shared scopes stored in the directory that are understood by multiple applications. Use / for tenant-wide scope. App scopes are scopes that are defined and understood by this application only. |
| description |
String |
Description of the role assignment. |
| directoryScopeIds |
String collection |
Ids of the directory objects representing the scopes of the assignment. The scopes of an assignment determine the set of resources for which the principals have been granted access. Directory scopes are shared scopes stored in the directory that are understood by multiple applications. App scopes are scopes that are defined and understood by this application only. |
| displayName |
String |
Name of the role assignment. Required. |
| id |
String |
The unique identifier for the unifiedRoleAssignmentMultiple. Key, not nullable, Read-only. |
| roleDefinitionId |
String |
Identifier of the unifiedRoleDefinition the assignment is for. |
| principalIds |
String collection |
Identifiers of the principals to which the assignment is granted. Supports $filter (any operator only). |
| Property |
Type |
Description |
| description |
String |
The description for the unifiedRoleDefinition. Read-only when isBuiltIn is true. |
| displayName |
String |
The display name for the unifiedRoleDefinition. Read-only when isBuiltIn is true. Required. Supports $filter (eq, in). |
| id |
String |
The unique identifier for the role definition. Key, not nullable, Read-only. Inherited from entity. Supports $filter (eq, in). |
| isBuiltIn |
Boolean |
Flag indicating whether the role definition is part of the default set included in Azure Active Directory (Azure AD) or a custom definition. Read-only. Supports $filter (eq, in). |
| isEnabled |
Boolean |
Flag indicating whether the role is enabled for assignment. If false the role is not available for assignment. Read-only when isBuiltIn is true. |
| resourceScopes |
String collection |
List of the scopes or permissions the role definition applies to. Currently only / is supported. Read-only when isBuiltIn is true. DO NOT USE. This will be deprecated soon. Attach scope to role assignment. |
| rolePermissions |
unifiedRolePermission collection |
List of permissions included in the role. Read-only when isBuiltIn is true. Required. |
| templateId |
String |
Custom template identifier that can be set when isBuiltIn is false but is read-only when isBuiltIn is true. This identifier is typically used if one needs an identifier to be the same across different directories. |
| version |
String |
Indicates version of the role definition. Read-only when **i |
| Property |
Type |
Description |
| allowedResourceActions |
String collection |
Set of tasks that can be performed on a resource. Required. |
| condition |
String |
Optional constraints that must be met for the permission to be effective. Not supported for custom roles. |
| excludedResourceActions |
String collection |
Set of tasks that may not be performed on a resource. Not yet supported. |