CloudPC.ReadWrite.All
Allows the app to read and write the properties of Cloud PCs on behalf of the signed-in user.
Graph Methods
Type: A = Application Permission, D = Delegate Permission
| Ver |
Type |
Method |
| Beta |
A,D |
DELETE /deviceManagement/virtualEndpoint/deviceImages/{id} |
| Beta |
D |
DELETE /deviceManagement/virtualEndpoint/onPremisesConnections/{id} |
| Beta |
A,D |
DELETE /deviceManagement/virtualEndpoint/provisioningPolicies/{id} |
| Beta |
A,D |
DELETE /deviceManagement/virtualEndpoint/userSettings/{id} |
| Beta |
A,D |
DELETE /roleManagement/cloudPC/roleAssignments/{id} |
| Beta |
A,D |
GET /deviceManagement/managedDevices/{managedDeviceId}/getCloudPcRemoteActionResults |
| Beta |
A,D |
GET /deviceManagement/virtualEndpoint/auditEvents |
| Beta |
A,D |
GET /deviceManagement/virtualEndpoint/auditEvents/{id} |
| Beta |
A,D |
GET /deviceManagement/virtualEndpoint/auditEvents/getAuditActivityTypes |
| Beta |
A,D |
GET /deviceManagement/virtualEndpoint/cloudPCs |
| Beta |
A,D |
GET /deviceManagement/virtualEndpoint/cloudPCs/{id} |
| Beta |
A,D |
GET /deviceManagement/virtualEndpoint/deviceImages |
| Beta |
A,D |
GET /deviceManagement/virtualEndpoint/deviceImages/{id} |
| Beta |
A,D |
GET /deviceManagement/virtualEndpoint/deviceImages/getSourceImages |
| Beta |
D |
GET /deviceManagement/virtualEndpoint/getEffectivePermissions |
| Beta |
A,D |
GET /deviceManagement/virtualEndpoint/onPremisesConnections |
| Beta |
A,D |
GET /deviceManagement/virtualEndpoint/onPremisesConnections/{id} |
| Beta |
A,D |
GET /deviceManagement/virtualEndpoint/provisioningPolicies |
| Beta |
A,D |
GET /deviceManagement/virtualEndpoint/provisioningPolicies/{id} |
| Beta |
A,D |
GET /deviceManagement/virtualEndpoint/supportedRegions |
| Beta |
A,D |
GET /deviceManagement/virtualEndpoint/userSettings |
| Beta |
A,D |
GET /deviceManagement/virtualEndpoint/userSettings/{id} |
| Beta |
A,D |
GET /roleManagement/cloudPc/roleAssignments |
| Beta |
A,D |
GET /roleManagement/cloudPC/roleAssignments/{id} |
| Beta |
A,D |
GET /roleManagement/cloudPC/roleDefinitions |
| Beta |
A,D |
GET /roleManagement/cloudPC/roleDefinitions/{id} |
| Beta |
D |
GET /tenantRelationships/managedTenants/cloudPcConnections |
| Beta |
D |
GET /tenantRelationships/managedTenants/cloudPcConnections/{cloudPcConnectionId} |
| Beta |
D |
GET /tenantRelationships/managedTenants/cloudPcDevices |
| Beta |
D |
GET /tenantRelationships/managedTenants/cloudPcDevices/{cloudPcDeviceId} |
| Beta |
D |
GET /tenantRelationships/managedTenants/cloudPcsOverview |
| Beta |
D |
GET /tenantRelationships/managedTenants/cloudPcsOverview/{cloudPcOverviewId} |
| Beta |
D |
PATCH /deviceManagement/virtualEndpoint/onPremisesConnections/{id} |
| Beta |
A,D |
PATCH /deviceManagement/virtualEndpoint/onPremisesConnections/{Id}/UpdateAdDomainPassword |
| Beta |
A,D |
PATCH /deviceManagement/virtualEndpoint/provisioningPolicies/{id} |
| Beta |
A,D |
PATCH /roleManagement/cloudPC/roleAssignments |
| Beta |
D |
POST /deviceManagement/managedDevices/{managedDeviceId}/reprovisionCloudPc |
| Beta |
A,D |
POST /deviceManagement/managedDevices/{managedDeviceId}/resizeCloudPc |
| Beta |
A,D |
POST /deviceManagement/managedDevices/bulkReprovisionCloudPc |
| Beta |
A,D |
POST /deviceManagement/virtualEndpoint/cloudPCs/{cloudPCId}/endGracePeriod |
| Beta |
A,D |
POST /deviceManagement/virtualEndpoint/cloudPCs/{id}/reprovision |
| Beta |
A,D |
POST /deviceManagement/virtualEndpoint/deviceImages |
| Beta |
A,D |
POST /deviceManagement/virtualEndpoint/deviceImages/{cloudPcDeviceImageId}/reupload |
| Beta |
D |
POST /deviceManagement/virtualEndpoint/onPremisesConnections |
| Beta |
D |
POST /deviceManagement/virtualEndpoint/onPremisesConnections/{id}/runHealthChecks |
| Beta |
A,D |
POST /deviceManagement/virtualEndpoint/provisioningPolicies |
| Beta |
A,D |
POST /deviceManagement/virtualEndpoint/provisioningPolicies/{id}/assign |
| Beta |
A,D |
POST /deviceManagement/virtualEndpoint/userSettings |
| Beta |
A,D |
POST /deviceManagement/virtualEndpoint/userSettings/{id}/assign |
| Beta |
A,D |
POST /roleManagement/cloudPC/roleAssignments |
Delegate Permission
|
|
| Id |
9d77138f-f0e2-47ba-ab33-cd246c8b79d1 |
| Consent Type |
Admin |
| Display String |
Read and write Cloud PCs |
| Description |
Allows the app to read and write the properties of Cloud PCs on behalf of the signed-in user. |
Application Permission
|
|
| Id |
3b4349e1-8cf5-45a3-95b7-69d1751d3e6a |
| Display String |
Read and write Cloud PCs |
| Description |
Allows the app to read and write the properties of Cloud PCs, without a signed-in user. |
Resources
| Property |
Type |
Description |
| id |
String |
Unique identifier for the Cloud PC. Read-only. |
| displayName |
String |
The Cloud PC display name. |
| imageDisplayName |
String |
Name of the OS image that's on the Cloud PC. |
| managedDeviceId |
String |
The Cloud PC’s Intune device ID. |
| managedDeviceName |
String |
The Cloud PC’s Intune device name. |
| provisioningPolicyId |
String |
The Cloud PC's provisioning policy ID. |
| provisioningPolicyName |
String |
The provisioning policy that is applied during provisioning of Cloud PCs. |
| onPremisesConnectionName |
String |
The on-premises connection that is applied during provisioning of Cloud PCs. |
| servicePlanId |
String |
The Cloud PC's service plan ID. |
| servicePlanName |
String |
The Cloud PC's service plan name. |
| status |
cloudPcStatus |
Status of the Cloud PC. Possible values are: notProvisioned, provisioning, provisioned, upgrading, inGracePeriod, deprovisioning, failed. |
| statusDetails |
cloudPcStatusDetails |
The details of the Cloud PC status. |
| userPrincipalName |
String |
The user principal name (UPN) of the user assigned to the Cloud PC. |
| lastModifiedDateTime |
DateTimeOffset |
The Cloud PC's last modified date and time. The Timestamp type represents date and time information using ISO 8601 format and is always in UTC time. For example, midnight UTC on Jan 1, 2014 is 2014-01-01T00:00:00Z. |
| gracePeriodEndDateTime |
DateTimeOffset |
The date and time when the grace period ends and reprovisioning/deprovisioning happens. Required only if status is inGracePeriod. The timestamp is shown in ISO 8601 format and Coordinated Universal Time (UTC). For example, midnight UTC on Jan 1, 2014 is 2014-01-01T00:00:00Z. |
| Property |
Type |
Description |
| id |
String |
Key of the audit entity. Read-only. |
| displayName |
String |
Event display name. Read-only. |
| componentName |
String |
Component name. Read-only. |
| actor |
cloudPcAuditActor |
Azure AD user and application associated with the audit event. Read-only. |
| activity |
String |
Friendly name of the activity. Optional. |
| activityDateTime |
DateTimeOffset |
The date time in UTC when the activity was performed. Read-only. |
| activityType |
String |
The type of activity that was performed. Read-only. |
| activityOperationType |
cloudPcAuditActivityOperationType |
The HTTP operation type of the activity. Possible values include create, delete, patch and other. Read-only. |
| activityResult |
cloudPcAuditActivityResult |
The result of the activity. Read-only. |
| correlationId |
String |
The client request identifier, used to correlate activity within the system. Read-only. |
| resources |
cloudPcAuditResource collection |
List of cloudPcAuditResource objects. Read-only. |
| category |
cloudPcAuditCategory |
Audit category. Read-only. |
| Property |
Type |
Description |
| id |
String |
Unique identifier for the image resource on the Cloud PC. Read-only. |
| sourceImageResourceId |
String |
The ID of the source image resource on Azure. Required format: "/subscriptions/{subscription-id}/resourceGroups/{resourceGroupName}/providers/Microsoft.Compute/images/{imageName}". |
| displayName |
String |
The image's display name. |
| version |
String |
The image version. For example: 0.0.1, 1.5.13. |
| osBuildNumber |
String |
The image's OS build version. For example: 1909. |
| operatingSystem |
String |
The image's operating system. For example: Windows 10 Enterprise. |
| lastModifiedDateTime |
DateTimeOffset |
The data and time that the image was last modified. The time is shown in ISO 8601 format and Coordinated Universal Time (UTC) time. For example, midnight UTC on Jan 1, 2014 appears as '2014-01-01T00:00:00Z'. |
| status |
cloudPcDeviceImageStatus |
The status of the image on Cloud PC. Possible values are: pending, ready, failed. |
| statusDetails |
cloudPcDeviceImageStatusDetails |
The details of the image's status, which indicates why the upload failed, if applicable. Possible values are: internalServerError, sourceImageNotFound, osVersionNotSupported, and sourceImageInvalid. |
| Property |
Type |
Description |
| id |
String |
Unique identifier for the on-premises connection. Read-only. |
| displayName |
String |
The display name for the on-premises connection. |
| subscriptionId |
String |
The ID of the target Azure subscription that’s associated with your tenant. |
| subscriptionName |
String |
The name of the target Azure subscription. Read-only. |
| adDomainName |
String |
The fully qualified domain name (FQDN) of the Active Directory domain you want to join. |
| adDomainUsername |
String |
The username of an Active Directory account (user or service account) that has permissions to create computer objects in Active Directory. Required format: admin@contoso.com. |
| adDomainPassword |
String |
The password associated with adDomainUsername. |
| organizationalUnit |
String |
The organizational unit (OU) in which the computer account is created. If left null, the OU that’s configured as the default (a well-known computer object container) in your Active Directory domain (OU) is used. Optional. |
| resourceGroupId |
String |
The ID of the target resource group. Required format: "/subscriptions/{subscription-id}/resourceGroups/{resourceGroupName}". |
| virtualNetworkId |
String |
The ID of the target virtual network. Required format: "/subscriptions/{subscription-id}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/virtualNetworks/{virtualNetworkName}". |
| subnetId |
String |
The ID of the target subnet. Required format: "/subscriptions/{subscription-id}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/virtualNetworks/{virtualNetworkId}/subnets/{subnetName}". |
| healthCheckStatus |
cloudPcOnPremisesConnectionStatus |
The status of the most recent health check done on the on-premises connection. For example, if status is "passed", the on-premises connection has passed all checks run by the service. Possible values are: pending, running, passed, failed, unknownFutureValue. Read-only. |
| healthCheckStatusDetails |
cloudPcOnPremisesConnectionStatusDetails |
The details of the connection's health checks and the corresponding results. Returned only on $select.For an example that shows how to get the inUse property, see Example 2: Get the selected properties of an on-premises connection, including healthCheckStatusDetails. Read-only. |
| inUse |
Boolean |
When true, the on-premises connection is in use. When false, the connection is not in use. You cannot delete a connection that’s in use. Returned only on $select. For an example that shows how to get the **i |
| Property |
Type |
Description |
| startDateTime |
DateTimeOffset |
The start time of the connection health check. The Timestamp type represents date and time information using ISO 8601 format and is always in UTC time. For example, midnight UTC on Jan 1, 2014 is 2014-01-01T00:00:00Z. |
| endDateTime |
DateTimeOffset |
The end time of the connection health check. The Timestamp type represents date and time information using ISO 8601 format and is always in UTC time. For example, midnight UTC on Jan 1, 2014 is 2014-01-01T00:00:00Z. |
| healthChecks |
cloudPcOnPremisesConnectionHealthCheck collection |
All checks that are done on the connection. |
| Property |
Type |
Description |
| id |
String |
Unique identifier for the Cloud PC provisioning policy. Read-only. |
| displayName |
String |
The display name for the provisioning policy. |
| description |
String |
The provisioning policy description. |
| onPremisesConnectionId |
String |
The ID of the cloudPcOnPremisesConnection. To ensure that Cloud PCs have network connectivity and that they domain join, choose a connection with a virtual network that’s validated by the Cloud PC service. |
| imageId |
String |
The ID of the OS image you want to provision on Cloud PCs. The format for a gallery type image is: {publisher_offer_sku}. Supported values for each of the parameters are as follows:- publisher: Microsoftwindowsdesktop.
- offer: windows-ent-cpc.
- sku: 21h1-ent-cpc-m365, 21h1-ent-cpc-os, 20h2-ent-cpc-m365, 20h2-ent-cpc-os, 20h1-ent-cpc-m365, 20h1-ent-cpc-os, 19h2-ent-cpc-m365 and 19h2-ent-cpc-os.
|
| imageDisplayName |
String |
The display name for the OS image you’re provisioning. |
| imageType |
cloudPcProvisioningPolicyImageType |
The type of OS image (custom or gallery) you want to provision on Cloud PCs. Possible values are: gallery, custom. |
| Property |
Type |
Description |
| id |
String |
Unique Identifier for the provisioning policy assignment. Read-only. If target is a user group, then the ID is shown as {policyId}_{groupId}. |
| target |
cloudPcManagementAssignmentTarget |
The assignment target for the provisioning policy. Currently, the only target supported for this policy is a user group. For details, see cloudPcManagementGroupAssignmentTarget. |
| Property |
Type |
Description |
| actionName |
String |
The specified action. Supported values: Reprovision, Resize. |
| actionState |
actionState |
State of the action. Possible values are: None, pending, canceled, active, done, failed, notSupported. Read-only. |
| cloudPcId |
String |
The ID of the Cloud PC device on which the remote action is performed. Read-only. |
| managedDeviceId |
String |
The ID of the Intune managed device on which the remote action is performed. Read-only. |
| startDateTime |
DateTimeOffset |
Time the action was initiated. The Timestamp is shown in ISO 8601 format and Coordinated Universal Time (UTC). For example, midnight UTC on Jan 1, 2014 appears as '2014-01-01T00:00:00Z'. |
| lastUpdatedDateTime |
DateTimeOffset |
Last update time for action. The Timestamp is shown in ISO 8601 format and Coordinated Universal Time (UTC). For example, midnight UTC on Jan 1, 2014 appears as '2014-01-01T00:00:00Z'. |
| statusDetails |
cloudPcStatusDetails |
The details of the Cloud PC status. |
| Property |
Type |
Description |
| id |
String |
The ID of the source image. |
| displayName |
String |
The display name for the source image. |
| Property |
Type |
Description |
| id |
String |
Unique identifier for the supported region. Read-only. |
| displayName |
String |
The name for the supported region. Read-only. |
| Property |
Type |
Description |
| id |
String |
Unique identifier for the Cloud PC user setting. Read-only. |
| displayName |
String |
The setting name displayed in the user interface. |
| localAdminEnabled |
Boolean |
Indicates whether the local admin option is enabled. Default value is false. To enable the local admin option, change the setting to true. If the local admin option is enabled, the end user can be an admin of the Cloud PC device. |
| selfServiceEnabled |
Boolean |
Indicates whether the self-service option is enabled. Default value is false. To enable the self-service option, change the setting to true. If the self-service option is enabled, the end user is allowed to perform some self-service operations, such as upgrading the Cloud PC through the end user portal. |
| lastModifiedDateTime |
DateTimeOffset |
The last date and time the setting was modified. The Timestamp type represents the date and time information using ISO 8601 format and is always in UTC time. For example, midnight UTC on Jan 1, 2014 looks like this: '2014-01-01T00:00:00Z'. |
| createdDateTime |
DateTimeOffset |
The date and time the setting was created. The Timestamp type represents the date and time information using ISO 8601 format and is always in UTC time. For example, midnight UTC on Jan 1, 2014 looks like this: '2014-01-01T00:00:00Z'. |
| Property |
Type |
Description |
| id |
String |
Unique Identifier for the user setting assignment. Read-only. If target is a user group, the ID has this structure: {policyID}_{groupID}. |
| target |
cloudPcManagementAssignmentTarget |
The assignment target for the user setting. Currently, the only target supported for this user setting is a user group. For details, see cloudPcManagementGroupAssignmentTarget. |
| createdDateTime |
DateTimeOffset |
The date and time this assignment was created. The Timestamp type represents the date and time information using ISO 8601 format and is always in UTC time. For example, midnight UTC on Jan 1, 2014 looks like this: '2014-01-01T00:00:00Z'. |
| Property |
Type |
Description |
| displayName |
String |
The display name of the cloud PC connection. Required. Read-only. |
| healthCheckStatus |
String |
The health status of the cloud PC connection. Possible values are: pending, running, passed, failed, unknownFutureValue. Required. Read-only. |
| id |
String |
The unique identifier for the cloud PC connection. Required. Read-only. |
| lastRefreshedDateTime |
DateTimeOffset |
Date and time the entity was last updated in the multi-tenant management platform. Required. Read-only. |
| tenantDisplayName |
String |
The display name for the managed tenant. Required. Read-only. |
| tenantId |
String |
The Azure Active Directory tenant identifier for the managed tenant. Required. Read-only. |
| Property |
Type |
Description |
| cloudPcStatus |
String |
The status of the cloud PC. Possible values are: notProvisioned, provisioning, provisioned, upgrading, inGracePeriod, deprovisioning, failed. Required. Read-only. |
| displayName |
String |
The display name for the cloud PC. Required. Read-only. |
| id |
String |
The unique identifier for the cloud PC. Required. Read-only. |
| lastRefreshedDateTime |
DateTimeOffset |
Date and time the entity was last updated in the multi-tenant management platform. Required. Read-only. |
| managedDeviceId |
String |
The managed device identifier for the cloud PC. Optional. Read-only. |
| managedDeviceName |
String |
The managed device display name for the cloud PC. Optional. Read-only. |
| provisioningPolicyId |
String |
The provisioning policy identifier for the cloud PC. Required. Read-only. |
| servicePlanName |
String |
The service plan name for the cloud PC. Required. Read-only. |
| tenantDisplayName |
String |
The display name for the managed tenant. Required. Read-only. |
| tenantId |
String |
The Azure Active Directory tenant identifier for the managed tenant. Required. Read-only. |
| userPrincipalName |
String |
The user principal name (UPN) of the user assigned to the cloud PC. Required. Read-only. |
| Property |
Type |
Description |
| id |
String |
The unique identifier for the cloud PC overview. Required. Read-only. |
| lastRefreshedDateTime |
DateTimeOffset |
Date and time the entity was last updated in the multi-tenant management platform. Optional. Read-only. |
| numberOfCloudPcConnectionStatusFailed |
Int32 |
The number of cloud PC connections that have a status of failed. Optional. Read-only. |
| numberOfCloudPcConnectionStatusPassed |
Int32 |
The number of cloud PC connections that have a status of passed. Optional. Read-only. |
| numberOfCloudPcConnectionStatusPending |
Int32 |
The number of cloud PC connections that have a status of pending. Optional. Read-only. |
| numberOfCloudPcConnectionStatusRunning |
Int32 |
The number of cloud PC connections that have a status of running. Optional. Read-only. |
| numberOfCloudPcConnectionStatusUnkownFutureValue |
Int32 |
The number of cloud PC connections that have a status of unknownFutureValue. Optional. Read-only. |
| numberOfCloudPcStatusDeprovisioning |
Int32 |
The number of cloud PCs that have a status of deprovisioning. Optional. Read-only. |
| numberOfCloudPcStatusFailed |
Int32 |
The number of cloud PCs that have a status of failed. Optional. Read-only. |
| numberOfCloudPcStatusInGracePeriod |
Int32 |
The number of cloud PCs that have a status of inGracePeriod. Optional. Read-only. |
| numberOfCloudPcStatusNotProvisioned |
Int32 |
The number of cloud PCs that have a status of notProvisioned. Optional. Read-only. |
| numberOfCloudPcStatusProvisioned |
Int32 |
The number of cloud PCs that have a status of provisioned. Optional. Read-only. |
| numberOfCloudPcStatusProvisioning |
Int32 |
The number of cloud PCs that have a status of provisioning. Optional. Read-only. |
| numberOfCloudPcStatusUnknown |
Int32 |
The number of cloud PCs that have a status of unknown. Optional. Read-only. |
| numberOfCloudPcStatusUpgrading |
Int32 |
The number of cloud PCs that have a status of upgrading. Optional. Read-only. |
| tenantDisplayName |
String |
The display name for the managed tenant. Optional. Read-only. |
| totalCloudPcConnectionStatus |
Int32 |
The total number of cloud PC connection statuses for the given managed tenant. Optional. Read-only. |
| totalCloudPcStatus |
Int32 |
The total number of cloud PC statues for the given managed tenant. Optional. Read-only. |
| Property |
Type |
Description |
| id |
String |
The unique identifier for the role assignment. Key, not nullable, Read-only. Inherited from entity. |
| roleDefinitionId |
String |
Identifier of the role definition the assignment is for. Read only. Supports $filter (eq, in). |
| principalId |
String |
Identifier of the principal to which the assignment is granted. Supports $filter (eq, in). |
| directoryScopeId |
String |
Identifier of the directory object representing the scope of the assignment. Either this property or appScopeId is required. The scope of an assignment determines the set of resources for which the principal has been granted access. Directory scopes are shared scopes stored in the directory that are understood by multiple applications. Use / for tenant-wide scope. Use appScopeId to limit the scope to an application only. Supports $filter (eq, in). |
| appScopeId |
String |
Identifier of the app-specific scope when the assignment scope is app-specific. Either this property or **d |
| Property |
Type |
Description |
| appScopeIds |
String collection |
Ids of the app specific scopes when the assignment scopes are app specific. The scopes of an assignment determines the set of resources for which the principal has been granted access. Directory scopes are shared scopes stored in the directory that are understood by multiple applications. Use / for tenant-wide scope. App scopes are scopes that are defined and understood by this application only. |
| description |
String |
Description of the role assignment. |
| directoryScopeIds |
String collection |
Ids of the directory objects representing the scopes of the assignment. The scopes of an assignment determine the set of resources for which the principals have been granted access. Directory scopes are shared scopes stored in the directory that are understood by multiple applications. App scopes are scopes that are defined and understood by this application only. |
| displayName |
String |
Name of the role assignment. Required. |
| id |
String |
The unique identifier for the unifiedRoleAssignmentMultiple. Key, not nullable, Read-only. |
| roleDefinitionId |
String |
Identifier of the unifiedRoleDefinition the assignment is for. |
| principalIds |
String collection |
Identifiers of the principals to which the assignment is granted. Supports $filter (any operator only). |
| Property |
Type |
Description |
| description |
String |
The description for the unifiedRoleDefinition. Read-only when isBuiltIn is true. |
| displayName |
String |
The display name for the unifiedRoleDefinition. Read-only when isBuiltIn is true. Required. Supports $filter (eq, in). |
| id |
String |
The unique identifier for the role definition. Key, not nullable, Read-only. Inherited from entity. Supports $filter (eq, in). |
| isBuiltIn |
Boolean |
Flag indicating whether the role definition is part of the default set included in Azure Active Directory (Azure AD) or a custom definition. Read-only. Supports $filter (eq, in). |
| isEnabled |
Boolean |
Flag indicating whether the role is enabled for assignment. If false the role is not available for assignment. Read-only when isBuiltIn is true. |
| resourceScopes |
String collection |
List of the scopes or permissions the role definition applies to. Currently only / is supported. Read-only when isBuiltIn is true. DO NOT USE. This will be deprecated soon. Attach scope to role assignment. |
| rolePermissions |
unifiedRolePermission collection |
List of permissions included in the role. Read-only when isBuiltIn is true. Required. |
| templateId |
String |
Custom template identifier that can be set when isBuiltIn is false but is read-only when isBuiltIn is true. This identifier is typically used if one needs an identifier to be the same across different directories. |
| version |
String |
Indicates version of the role definition. Read-only when **i |