DeviceManagementConfiguration.Read.All
Allows the app to read properties of Microsoft Intune-managed device configuration and device compliance policies and their assignment to groups.
Graph Methods
Type: A = Application Permission, D = Delegate Permission
Delegate Permission
| Id | f1493658-876a-4c87-8fa7-edb559b3476a |
| Consent Type | Admin |
| Display String | Read Microsoft Intune Device Configuration and Policies |
| Description | Allows the app to read properties of Microsoft Intune-managed device configuration and device compliance policies and their assignment to groups. |
Application Permission
| Id | dc377aa6-52d8-4e23-b271-2a7ae04cedf3 |
| Display String | Read Microsoft Intune device configuration and policies |
| Description | Allows the app to read properties of Microsoft Intune-managed device configuration and device compliance policies and their assignment to groups, without a signed-in user. |
Resources
androidDeviceOwnerEnrollmentProfile
| Property | Type | Description |
|---|---|---|
| accountId | String | Tenant GUID the enrollment profile belongs to. |
| id | String | Unique GUID for the enrollment profile. |
| displayName | String | Display name for the enrollment profile. |
| description | String | Description for the enrollment profile. |
| enrollmentMode | androidDeviceOwnerEnrollmentMode | The enrollment mode of devices that use this enrollment profile. Possible values are: corporateOwnedDedicatedDevice, corporateOwnedFullyManaged, corporateOwnedWorkProfile, corporateOwnedAOSPUserlessDevice, corporateOwnedAOSPUserAssociatedDevice. |
| enrollmentTokenType | androidDeviceOwnerEnrollmentTokenType | The enrollment token type for an enrollment profile. Possible values are: default, corporateOwnedDedicatedDeviceWithAzureADSharedMode. |
| createdDateTime | DateTimeOffset | Date time the enrollment profile was created. |
| lastModifiedDateTime | DateTimeOffset | Date time the enrollment profile was last modified. |
| tokenValue | String | Value of the most recently created token for this enrollment profile. |
| tokenCreationDateTime | DateTimeOffset | Date time the most recently created token was created. |
| tokenExpirationDateTime | DateTimeOffset | Date time the most recently created token will expire. |
| enrolledDeviceCount | Int32 | Total number of Android devices that have enrolled using this enrollment profile. |
| enrollmentTokenUsageCount | Int32 | Total number of AOSP devices that have enrolled using the current token. |
| qrCodeContent | String | String used to generate a QR code for the token. |
| qrCodeImage | mimeContent | String used to generate a QR code for the token. |
| roleScopeTagIds | String collection | List of Scope Tags for this Entity instance. |
| configureWifi | Boolean | Boolean that indicates that the Wi-Fi network should be configured during device provisioning. When set to TRUE, device provisioning will use Wi-Fi related properties to automatically connect to Wi-Fi networks. When set to FALSE or undefined, other Wi-Fi related properties will be ignored. Default value is TRUE. Returned by default. |
| wifiSsid | String | String that contains the wi-fi login ssid |
| wifiPassword | String | String that contains the wi-fi login password |
| wifiSecurityType | aospWifiSecurityType | String that contains the wi-fi security type. Possible values are: none, wpa, wep. |
| wifiHidden | Boolean | Boolean that indicates if hidden wifi networks are enabled |
| isTeamsDeviceProfile | Boolean | Boolean indicating if this profile is an Android AOSP for Teams device profile. |
androidForWorkAppConfigurationSchema
| Property | Type | Description |
|---|---|---|
| id | String | Key of the entity the Android package name for the application the schema corresponds to |
| exampleJson | Binary | UTF8 encoded byte array containing example JSON string conforming to this schema that demonstrates how to set the configuration for this app |
| schemaItems | androidForWorkAppConfigurationSchemaItem collection | Collection of items each representing a named configuration option in the schema |
androidForWorkEnrollmentProfile
| Property | Type | Description |
|---|---|---|
| accountId | String | Tenant GUID the enrollment profile belongs to. |
| id | String | Unique GUID for the enrollment profile. |
| displayName | String | Display name for the enrollment profile. |
| description | String | Description for the enrollment profile. |
| createdDateTime | DateTimeOffset | Date time the enrollment profile was created. |
| lastModifiedDateTime | DateTimeOffset | Date time the enrollment profile was last modified. |
| tokenValue | String | Value of the most recently created token for this enrollment profile. |
| tokenExpirationDateTime | DateTimeOffset | Date time the most recently created token will expire. |
| enrolledDeviceCount | Int32 | Total number of Android devices that have enrolled using this enrollment profile. |
| qrCodeContent | String | String used to generate a QR code for the token. |
| qrCodeImage | mimeContent | String used to generate a QR code for the token. |
androidForWorkSettings
| Property | Type | Description |
|---|---|---|
| id | String | The Android for Work settings identifier |
| bindStatus | androidForWorkBindStatus | Bind status of the tenant with the Google EMM API. Possible values are: notBound, bound, boundAndValidated, unbinding. |
| lastAppSyncDateTime | DateTimeOffset | Last completion time for app sync |
| lastAppSyncStatus | androidForWorkSyncStatus | Last application sync result. Possible values are: success, credentialsNotValid, androidForWorkApiError, managementServiceError, unknownError, none. |
| ownerUserPrincipalName | String | Owner UPN that created the enterprise |
| ownerOrganizationName | String | Organization name used when onboarding Android for Work |
| lastModifiedDateTime | DateTimeOffset | Last modification time for Android for Work settings |
| enrollmentTarget | androidForWorkEnrollmentTarget | Indicates which users can enroll devices in Android for Work device management. Possible values are: none, all, targeted, targetedAsEnrollmentRestrictions. |
| targetGroupIds | String collection | Specifies which AAD groups can enroll devices in Android for Work device management if enrollmentTarget is set to 'Targeted' |
| deviceOwnerManagementEnabled | Boolean | Indicates if this account is flighting for Android Device Owner Management with CloudDPC. |
androidManagedStoreAccountEnterpriseSettings
| Property | Type | Description |
|---|---|---|
| id | String | The Android store account enterprise settings identifier |
| bindStatus | androidManagedStoreAccountBindStatus | Bind status of the tenant with the Google EMM API. Possible values are: notBound, bound, boundAndValidated, unbinding. |
| lastAppSyncDateTime | DateTimeOffset | Last completion time for app sync |
| lastAppSyncStatus | androidManagedStoreAccountAppSyncStatus | Last application sync result. Possible values are: success, credentialsNotValid, androidForWorkApiError, managementServiceError, unknownError, none. |
| ownerUserPrincipalName | String | Owner UPN that created the enterprise |
| ownerOrganizationName | String | Organization name used when onboarding Android Enterprise |
| lastModifiedDateTime | DateTimeOffset | Last modification time for Android enterprise settings |
| enrollmentTarget | androidManagedStoreAccountEnrollmentTarget | Indicates which users can enroll devices in Android Enterprise device management. Possible values are: none, all, targeted, targetedAsEnrollmentRestrictions. |
| targetGroupIds | String collection | Specifies which AAD groups can enroll devices in Android for Work device management if enrollmentTarget is set to 'Targeted' |
| deviceOwnerManagementEnabled | Boolean | Indicates if this account is flighting for Android Device Owner Management with CloudDPC. |
| companyCodes | androidEnrollmentCompanyCode collection | Company codes for AndroidManagedStoreAccountEnterpriseSettings |
| androidDeviceOwnerFullyManagedEnrollmentEnabled | Boolean | Company codes for AndroidManagedStoreAccountEnterpriseSettings |
| managedGooglePlayInitialScopeTagIds | String collection | Initial scope tags for MGP apps |
androidManagedStoreAppConfigurationSchema
| Property | Type | Description |
|---|---|---|
| id | String | Key of the entity the Android package name for the application the schema corresponds to |
| exampleJson | Binary | UTF8 encoded byte array containing example JSON string conforming to this schema that demonstrates how to set the configuration for this app |
| schemaItems | androidManagedStoreAppConfigurationSchemaItem collection | Collection of items each representing a named configuration option in the schema. It only contains the root-level configuration. |
| nestedSchemaItems | androidManagedStoreAppConfigurationSchemaItem collection | Collection of items each representing a named configuration option in the schema. It contains a flat list of all configuration. |
deviceManagement
| Property | Type | Description |
|---|---|---|
| id | String | Not yet documented |
deviceManagementReports
| Property | Type | Description |
|---|
zebraFotaArtifact
| Property | Type | Description |
|---|---|---|
| id | String | Artifact unique ID from Zebra |
| deviceModel | String | Applicable device model (e.g.: TC8300) |
| osVersion | String | Artifact OS version (e.g.: 8.1.0) |
| patchVersion | String | Artifact patch version (e.g.: U00) |
| boardSupportPackageVersion | String | The version of the Board Support Package (BSP. E.g.: 01.18.02.00) |
| releaseNotesUrl | String | Artifact release notes URL (e.g.: https://www.zebra.com/<filename.pdf>) |
| description | String | Artifact description. (e.g.: `LifeGuard Update 98 (released 24-September-2021) |
zebraFotaConnector
| Property | Type | Description |
|---|---|---|
| id | String | Id of ZebraFotaConnector. |
| state | zebraFotaConnectorState | The Zebra connector state. Possible values are: none, connected, disconnected, unknownFutureValue. |
| enrollmentToken | String | Tenant enrollment token from Zebra. The token is used to enroll Zebra devices in the FOTA Service via app config. |
| enrollmentAuthorizationUrl | String | Complete account enrollment authorization URL. This corresponds to verification_uri_complete in the Zebra API documentations. |
| lastSyncDateTime | DateTimeOffset | Date and time when the account was last synched with Zebra |
| fotaAppsApproved | Boolean | Flag indicating if required Firmware Over-the-Air (FOTA) Apps have been approved. |
zebraFotaDeployment
| Property | Type | Description |
|---|---|---|
| id | String | System generated deployment id provided during creation of the deployment. Returned only if operation was a success. |
| displayName | String | A human readable name of the deployment. |
| description | String | A human readable description of the deployment. |
| deploymentSettings | zebraFotaDeploymentSettings | Represents settings required to create a deployment such as deployment type, artifact info, download and installation |
| deploymentAssignments | androidFotaDeploymentAssignment collection | Collection of Android FOTA Assignment |
| deploymentStatus | zebraFotaDeploymentStatus | Represents the deployment status from Zebra. The status is a high level status of the deployment as opposed being a detailed status per device. |
chromeOSOnboardingSettings
| Property | Type | Description |
|---|---|---|
| id | String | The ChromebookTenant's Id |
| ownerUserPrincipalName | String | The ChromebookTenant's OwnerUserPrincipalName |
| onboardingStatus | onboardingStatus | The ChromebookTenant's OnboardingStatus. Possible values are: unknown, inprogress, onboarded, failed, offboarding, unknownFutureValue. |
| lastModifiedDateTime | DateTimeOffset | The ChromebookTenant's LastModifiedDateTime |
| lastDirectorySyncDateTime | DateTimeOffset | The ChromebookTenant's LastDirectorySyncDateTime |
intune-chromebooksync-chromeosonboardingstatus
officeClientConfiguration
| Property | Type | Description |
|---|---|---|
| id | String | Id of the office client configuration policy. |
| userPreferencePayload | Stream | Preference settings JSON string in binary format, these values can be overridden by the user. |
| policyPayload | Stream | Policy settings JSON string in binary format, these values cannot be changed by the user. |
| description | String | Not yet documented |
| displayName | String | Admin provided description of the office client configuration policy. |
| lastModifiedDateTime | DateTime | Last modified datetime stamp of the policy. |
| priority | Int32 | Priority value should be unique value for each policy under a tenant and will be used for conflict resolution, lower values mean priority is high. |
| userCheckinSummary | officeUserCheckinSummary | User check-in summary for the policy. |
| checkinStatuses | officeClientCheckinStatus collection | List of office Client check-in status. |
windowsOfficeClientConfiguration
| Property | Type | Description |
|---|---|---|
| id | String | Id of the office client configuration policy. Inherited from officeClientConfiguration |
| userPreferencePayload | Stream | Preference settings JSON string in binary format, these values can be overridden by the user. Inherited from officeClientConfiguration |
| policyPayload | Stream | Policy settings JSON string in binary format, these values cannot be changed by the user. Inherited from officeClientConfiguration |
| description | String | Admin provided description of the office client configuration policy. Inherited from officeClientConfiguration |
| displayName | String | Admin provided name of the office client configuration policy. Inherited from officeClientConfiguration |
| priority | Int32 | Priority value should be unique value for each policy under a tenant and will be used for conflict resolution, lower values mean priority is high. Inherited from officeClientConfiguration |
| lastModifiedDateTime | DateTime | Last modified datetime stamp of the policy. Inherited from officeClientConfiguration |
| userCheckinSummary | officeUserCheckinSummary | User check-in summary for the policy. Inherited from officeClientConfiguration |
| checkinStatuses | officeClientCheckinStatus collection | List of office Client check-in status. Inherited from officeClientConfiguration |
windowsOfficeClientSecurityConfiguration
| Property | Type | Description |
|---|---|---|
| id | String | Id of the office client configuration policy. Inherited from officeClientConfiguration |
| userPreferencePayload | Stream | Preference settings JSON string in binary format, these values can be overridden by the user. Inherited from officeClientConfiguration |
| policyPayload | Stream | Policy settings JSON string in binary format, these values cannot be changed by the user. Inherited from officeClientConfiguration |
| description | String | Admin provided description of the office client configuration policy. Inherited from officeClientConfiguration |
| displayName | String | Admin provided name of the office client configuration policy. Inherited from officeClientConfiguration |
| priority | Int32 | Priority value should be unique value for each policy under a tenant and will be used for conflict resolution, lower values mean priority is high. Inherited from officeClientConfiguration |
| lastModifiedDateTime | DateTime | Last modified datetime stamp of the policy. Inherited from officeClientConfiguration |
| userCheckinSummary | officeUserCheckinSummary | User check-in summary for the policy. Inherited from officeClientConfiguration |
| checkinStatuses | officeClientCheckinStatus collection | List of office Client check-in status. Inherited from officeClientConfiguration |
advancedThreatProtectionOnboardingDeviceSettingState
| Property | Type | Description |
|---|---|---|
| id | String | Key of the entity |
| platformType | deviceType | Device platform type. Possible values are: desktop, windowsRT, winMO6, nokia, windowsPhone, mac, winCE, winEmbedded, iPhone, iPad, iPod, android, iSocConsumer, unix, macMDM, holoLens, surfaceHub, androidForWork, androidEnterprise, windows10x, androidnGMS, chromeOS, linux, blackberry, palm, unknown, cloudPC. |
| setting | String | The setting class name and property name. |
| settingName | String | The Setting Name that is being reported |
| deviceId | String | The Device Id that is being reported |
| deviceName | String | The Device Name that is being reported |
| userId | String | The user Id that is being reported |
| userEmail | String | The User email address that is being reported |
| userName | String | The User Name that is being reported |
| userPrincipalName | String | The User PrincipalName that is being reported |
| deviceModel | String | The device model that is being reported |
| state | complianceStatus | The compliance state of the setting. Possible values are: unknown, notApplicable, compliant, remediated, nonCompliant, error, conflict, notAssigned. |
| complianceGracePeriodExpirationDateTime | DateTimeOffset | The DateTime when device compliance grace period expires |
advancedThreatProtectionOnboardingStateSummary
| Property | Type | Description |
|---|---|---|
| id | String | Unique Identifier |
| unknownDeviceCount | Int32 | Number of unknown devices |
| notApplicableDeviceCount | Int32 | Number of not applicable devices |
| compliantDeviceCount | Int32 | Number of compliant devices |
| remediatedDeviceCount | Int32 | Number of remediated devices |
| nonCompliantDeviceCount | Int32 | Number of NonCompliant devices |
| errorDeviceCount | Int32 | Number of error devices |
| conflictDeviceCount | Int32 | Number of conflict devices |
| notAssignedDeviceCount | Int32 | Number of not assigned devices |
androidCertificateProfileBase
| Property | Type | Description |
|---|---|---|
| id | String | Key of the entity. Inherited from deviceConfiguration |
| lastModifiedDateTime | DateTimeOffset | DateTime the object was last modified. Inherited from deviceConfiguration |
| roleScopeTagIds | String collection | List of Scope Tags for this Entity instance. Inherited from deviceConfiguration |
| supportsScopeTags | Boolean | Indicates whether or not the underlying Device Configuration supports the assignment of scope tags. Assigning to the ScopeTags property is not allowed when this value is false and entities will not be visible to scoped users. This occurs for Legacy policies created in Silverlight and can be resolved by deleting and recreating the policy in the Azure Portal. This property is read-only. Inherited from deviceConfiguration |
| deviceManagementApplicabilityRuleOsEdition | deviceManagementApplicabilityRuleOsEdition | The OS edition applicability for this Policy. Inherited from deviceConfiguration |
| deviceManagementApplicabilityRuleOsVersion | deviceManagementApplicabilityRuleOsVersion | The OS version applicability rule for this Policy. Inherited from deviceConfiguration |
| deviceManagementApplicabilityRuleDeviceMode | deviceManagementApplicabilityRuleDeviceMode | The device mode applicability rule for this Policy. Inherited from deviceConfiguration |
| createdDateTime | DateTimeOffset | DateTime the object was created. Inherited from deviceConfiguration |
| description | String | Admin provided description of the Device Configuration. Inherited from deviceConfiguration |
| displayName | String | Admin provided name of the device configuration. Inherited from deviceConfiguration |
| version | Int32 | Version of the device configuration. Inherited from deviceConfiguration |
| renewalThresholdPercentage | Int32 | Certificate renewal threshold percentage. Valid values 1 to 99 |
| subjectNameFormat | subjectNameFormat | Certificate Subject Name Format. Possible values are: commonName, commonNameIncludingEmail, commonNameAsEmail, custom, commonNameAsIMEI, commonNameAsSerialNumber, commonNameAsAadDeviceId, commonNameAsIntuneDeviceId, commonNameAsDurableDeviceId. |
| subjectAlternativeNameType | subjectAlternativeNameType | Certificate Subject Alternative Name Type. Possible values are: none, emailAddress, userPrincipalName, customAzureADAttribute, domainNameService, universalResourceIdentifier. |
| certificateValidityPeriodValue | Int32 | Value for the Certificate Validity Period. |
| certificateValidityPeriodScale | certificateValidityPeriodScale | Scale for the Certificate Validity Period. Possible values are: days, months, years. |
| extendedKeyUsages | extendedKeyUsage collection | Extended Key Usage (EKU) settings. This collection can contain a maximum of 500 elements. |
androidCompliancePolicy
| Property | Type | Description |
|---|---|---|
| id | String | Key of the entity. Inherited from deviceCompliancePolicy |
| createdDateTime | DateTimeOffset | DateTime the object was created. Inherited from deviceCompliancePolicy |
| description | String | Admin provided description of the Device Configuration. Inherited from deviceCompliancePolicy |
| lastModifiedDateTime | DateTimeOffset | DateTime the object was last modified. Inherited from deviceCompliancePolicy |
| displayName | String | Admin provided name of the device configuration. Inherited from deviceCompliancePolicy |
| version | Int32 | Version of the device configuration. Inherited from deviceCompliancePolicy |
| passwordRequired | Boolean | Require a password to unlock device. |
| passwordMinimumLength | Int32 | Minimum password length. Valid values 4 to 16 |
| passwordRequiredType | androidRequiredPasswordType | Type of characters in password. Possible values are: deviceDefault, alphabetic, alphanumeric, alphanumericWithSymbols, lowSecurityBiometric, numeric, numericComplex, any. |
| passwordMinutesOfInactivityBeforeLock | Int32 | Minutes of inactivity before a password is required. |
| passwordExpirationDays | Int32 | Number of days before the password expires. Valid values 1 to 365 |
| passwordPreviousPasswordBlockCount | Int32 | Number of previous passwords to block. Valid values 1 to 24 |
| securityPreventInstallAppsFromUnknownSources | Boolean | Require that devices disallow installation of apps from unknown sources. |
| securityDisableUsbDebugging | Boolean | Disable USB debugging on Android devices. |
| securityRequireVerifyApps | Boolean | Require the Android Verify apps feature is turned on. |
| deviceThreatProtectionEnabled | Boolean | Require that devices have enabled device threat protection. |
| deviceThreatProtectionRequiredSecurityLevel | deviceThreatProtectionLevel | Require Mobile Threat Protection minimum risk level to report noncompliance. Possible values are: unavailable, secured, low, medium, high, notSet. |
| securityBlockJailbrokenDevices | Boolean | Devices must not be jailbroken or rooted. |
| osMinimumVersion | String | Minimum Android version. |
| osMaximumVersion | String | Maximum Android version. |
| minAndroidSecurityPatchLevel | String | Minimum Android security patch level. |
| storageRequireEncryption | Boolean | Require encryption on Android devices. |
| securityRequireSafetyNetAttestationBasicIntegrity | Boolean | Require the device to pass the SafetyNet basic integrity check. |
| securityRequireSafetyNetAttestationCertifiedDevice | Boolean | Require the device to pass the SafetyNet certified device check. |
| securityRequireGooglePlayServices | Boolean | Require Google Play Services to be installed and enabled on the device. |
| securityRequireUpToDateSecurityProviders | Boolean | Require the device to have up to date security providers. The device will require Google Play Services to be enabled and up to date. |
| securityRequireCompanyPortalAppIntegrity | Boolean | Require the device to pass the Company Portal client app runtime integrity check. |
androidCustomConfiguration
| Property | Type | Description |
|---|---|---|
| id | String | Key of the entity. Inherited from deviceConfiguration |
| lastModifiedDateTime | DateTimeOffset | DateTime the object was last modified. Inherited from deviceConfiguration |
| createdDateTime | DateTimeOffset | DateTime the object was created. Inherited from deviceConfiguration |
| description | String | Admin provided description of the Device Configuration. Inherited from deviceConfiguration |
| displayName | String | Admin provided name of the device configuration. Inherited from deviceConfiguration |
| version | Int32 | Version of the device configuration. Inherited from deviceConfiguration |
| omaSettings | omaSetting collection | OMA settings. This collection can contain a maximum of 1000 elements. |
androidDeviceOwnerCertificateProfileBase
| Property | Type | Description |
|---|---|---|
| id | String | Key of the entity. Inherited from deviceConfiguration |
| lastModifiedDateTime | DateTimeOffset | DateTime the object was last modified. Inherited from deviceConfiguration |
| roleScopeTagIds | String collection | List of Scope Tags for this Entity instance. Inherited from deviceConfiguration |
| supportsScopeTags | Boolean | Indicates whether or not the underlying Device Configuration supports the assignment of scope tags. Assigning to the ScopeTags property is not allowed when this value is false and entities will not be visible to scoped users. This occurs for Legacy policies created in Silverlight and can be resolved by deleting and recreating the policy in the Azure Portal. This property is read-only. Inherited from deviceConfiguration |
| deviceManagementApplicabilityRuleOsEdition | deviceManagementApplicabilityRuleOsEdition | The OS edition applicability for this Policy. Inherited from deviceConfiguration |
| deviceManagementApplicabilityRuleOsVersion | deviceManagementApplicabilityRuleOsVersion | The OS version applicability rule for this Policy. Inherited from deviceConfiguration |
| deviceManagementApplicabilityRuleDeviceMode | deviceManagementApplicabilityRuleDeviceMode | The device mode applicability rule for this Policy. Inherited from deviceConfiguration |
| createdDateTime | DateTimeOffset | DateTime the object was created. Inherited from deviceConfiguration |
| description | String | Admin provided description of the Device Configuration. Inherited from deviceConfiguration |
| displayName | String | Admin provided name of the device configuration. Inherited from deviceConfiguration |
| version | Int32 | Version of the device configuration. Inherited from deviceConfiguration |
| renewalThresholdPercentage | Int32 | Certificate renewal threshold percentage. Valid values 1 to 99 |
| subjectNameFormat | subjectNameFormat | Certificate Subject Name Format. Possible values are: commonName, commonNameIncludingEmail, commonNameAsEmail, custom, commonNameAsIMEI, commonNameAsSerialNumber, commonNameAsAadDeviceId, commonNameAsIntuneDeviceId, commonNameAsDurableDeviceId. |
| certificateValidityPeriodValue | Int32 | Value for the Certificate Validity Period. |
| certificateValidityPeriodScale | certificateValidityPeriodScale | Scale for the Certificate Validity Period. Possible values are: days, months, years. |
| extendedKeyUsages | extendedKeyUsage collection | Extended Key Usage (EKU) settings. This collection can contain a maximum of 500 elements. |
| subjectAlternativeNameType | subjectAlternativeNameType | Certificate Subject Alternative Name Type. Possible values are: none, emailAddress, userPrincipalName, customAzureADAttribute, domainNameService, universalResourceIdentifier. |
androidDeviceOwnerCompliancePolicy
| Property | Type | Description |
|---|---|---|
| roleScopeTagIds | String collection | List of Scope Tags for this Entity instance. Inherited from deviceCompliancePolicy |
| id | String | Key of the entity. Inherited from deviceCompliancePolicy |
| createdDateTime | DateTimeOffset | DateTime the object was created. Inherited from deviceCompliancePolicy |
| description | String | Admin provided description of the Device Configuration. Inherited from deviceCompliancePolicy |
| lastModifiedDateTime | DateTimeOffset | DateTime the object was last modified. Inherited from deviceCompliancePolicy |
| displayName | String | Admin provided name of the device configuration. Inherited from deviceCompliancePolicy |
| version | Int32 | Version of the device configuration. Inherited from deviceCompliancePolicy |
| deviceThreatProtectionEnabled | Boolean | Require that devices have enabled device threat protection. |
| deviceThreatProtectionRequiredSecurityLevel | deviceThreatProtectionLevel | Require Mobile Threat Protection minimum risk level to report noncompliance. Possible values are: unavailable, secured, low, medium, high, notSet. |
| advancedThreatProtectionRequiredSecurityLevel | deviceThreatProtectionLevel | MDATP Require Mobile Threat Protection minimum risk level to report noncompliance. Possible values are: unavailable, secured, low, medium, high, notSet. |
| securityRequireSafetyNetAttestationBasicIntegrity | Boolean | Require the device to pass the SafetyNet basic integrity check. |
| securityRequireSafetyNetAttestationCertifiedDevice | Boolean | Require the device to pass the SafetyNet certified device check. |
| osMinimumVersion | String | Minimum Android version. |
| osMaximumVersion | String | Maximum Android version. |
| minAndroidSecurityPatchLevel | String | Minimum Android security patch level. |
| passwordRequired | Boolean | Require a password to unlock device. |
| passwordMinimumLength | Int32 | Minimum password length. Valid values 4 to 16 |
| passwordMinimumLetterCharacters | Int32 | Indicates the minimum number of letter characters required for device password. Valid values 1 to 16 |
| passwordMinimumLowerCaseCharacters | Int32 | Indicates the minimum number of lower case characters required for device password. Valid values 1 to 16 |
| passwordMinimumNonLetterCharacters | Int32 | Indicates the minimum number of non-letter characters required for device password. Valid values 1 to 16 |
| passwordMinimumNumericCharacters | Int32 | Indicates the minimum number of numeric characters required for device password. Valid values 1 to 16 |
| passwordMinimumSymbolCharacters | Int32 | Indicates the minimum number of symbol characters required for device password. Valid values 1 to 16 |
| passwordMinimumUpperCaseCharacters | Int32 | Indicates the minimum number of upper case letter characters required for device password. Valid values 1 to 16 |
| passwordRequiredType | androidDeviceOwnerRequiredPasswordType | Type of characters in password. Possible values are: deviceDefault, required, numeric, numericComplex, alphabetic, alphanumeric, alphanumericWithSymbols, lowSecurityBiometric, customPassword. |
| passwordMinutesOfInactivityBeforeLock | Int32 | Minutes of inactivity before a password is required. |
| passwordExpirationDays | Int32 | Number of days before the password expires. Valid values 1 to 365 |
| passwordPreviousPasswordCountToBlock | Int32 | Number of previous passwords to block. Valid values 1 to 24 |
| storageRequireEncryption | Boolean | Require encryption on Android devices. |
| securityRequireIntuneAppIntegrity | Boolean | If setting is set to true, checks that the Intune app installed on fully managed, dedicated, or corporate-owned work profile Android Enterprise enrolled devices, is the one provided by Microsoft from the Managed Google Playstore. If the check fails, the device will be reported as non-compliant. |
androidDeviceOwnerDerivedCredentialAuthenticationConfiguration
| Property | Type | Description |
|---|---|---|
| id | String | Key of the entity. Inherited from deviceConfiguration |
| lastModifiedDateTime | DateTimeOffset | DateTime the object was last modified. Inherited from deviceConfiguration |
| roleScopeTagIds | String collection | List of Scope Tags for this Entity instance. Inherited from deviceConfiguration |
| supportsScopeTags | Boolean | Indicates whether or not the underlying Device Configuration supports the assignment of scope tags. Assigning to the ScopeTags property is not allowed when this value is false and entities will not be visible to scoped users. This occurs for Legacy policies created in Silverlight and can be resolved by deleting and recreating the policy in the Azure Portal. This property is read-only. Inherited from deviceConfiguration |
| deviceManagementApplicabilityRuleOsEdition | deviceManagementApplicabilityRuleOsEdition | The OS edition applicability for this Policy. Inherited from deviceConfiguration |
| deviceManagementApplicabilityRuleOsVersion | deviceManagementApplicabilityRuleOsVersion | The OS version applicability rule for this Policy. Inherited from deviceConfiguration |
| deviceManagementApplicabilityRuleDeviceMode | deviceManagementApplicabilityRuleDeviceMode | The device mode applicability rule for this Policy. Inherited from deviceConfiguration |
| createdDateTime | DateTimeOffset | DateTime the object was created. Inherited from deviceConfiguration |
| description | String | Admin provided description of the Device Configuration. Inherited from deviceConfiguration |
| displayName | String | Admin provided name of the device configuration. Inherited from deviceConfiguration |
| version | Int32 | Version of the device configuration. Inherited from deviceConfiguration |
| certificateAccessType | androidDeviceOwnerCertificateAccessType | Certificate access type. Possible values are: userApproval, specificApps, unknownFutureValue. |
| silentCertificateAccessDetails | androidDeviceOwnerSilentCertificateAccess collection | Certificate access information. This collection can contain a maximum of 50 elements. |
androidDeviceOwnerEnterpriseWiFiConfiguration
| Property | Type | Description |
|---|---|---|
| id | String | Key of the entity. Inherited from deviceConfiguration |
| lastModifiedDateTime | DateTimeOffset | DateTime the object was last modified. Inherited from deviceConfiguration |
| roleScopeTagIds | String collection | List of Scope Tags for this Entity instance. Inherited from deviceConfiguration |
| supportsScopeTags | Boolean | Indicates whether or not the underlying Device Configuration supports the assignment of scope tags. Assigning to the ScopeTags property is not allowed when this value is false and entities will not be visible to scoped users. This occurs for Legacy policies created in Silverlight and can be resolved by deleting and recreating the policy in the Azure Portal. This property is read-only. Inherited from deviceConfiguration |
| deviceManagementApplicabilityRuleOsEdition | deviceManagementApplicabilityRuleOsEdition | The OS edition applicability for this Policy. Inherited from deviceConfiguration |
| deviceManagementApplicabilityRuleOsVersion | deviceManagementApplicabilityRuleOsVersion | The OS version applicability rule for this Policy. Inherited from deviceConfiguration |
| deviceManagementApplicabilityRuleDeviceMode | deviceManagementApplicabilityRuleDeviceMode | The device mode applicability rule for this Policy. Inherited from deviceConfiguration |
| createdDateTime | DateTimeOffset | DateTime the object was created. Inherited from deviceConfiguration |
| description | String | Admin provided description of the Device Configuration. Inherited from deviceConfiguration |
| displayName | String | Admin provided name of the device configuration. Inherited from deviceConfiguration |
| version | Int32 | Version of the device configuration. Inherited from deviceConfiguration |
| networkName | String | Network Name Inherited from androidDeviceOwnerWiFiConfiguration |
| ssid | String | This is the name of the Wi-Fi network that is broadcast to all devices. Inherited from androidDeviceOwnerWiFiConfiguration |
| connectAutomatically | Boolean | Connect automatically when this network is in range. Setting this to true will skip the user prompt and automatically connect the device to Wi-Fi network. Inherited from androidDeviceOwnerWiFiConfiguration |
| connectWhenNetworkNameIsHidden | Boolean | When set to true, this profile forces the device to connect to a network that doesn't broadcast its SSID to all devices. Inherited from androidDeviceOwnerWiFiConfiguration |
| wiFiSecurityType | androidDeviceOwnerWiFiSecurityType | Indicates whether Wi-Fi endpoint uses an EAP based security type. Inherited from androidDeviceOwnerWiFiConfiguration. Possible values are: open, wep, wpaPersonal, wpaEnterprise. |
| preSharedKey | String | This is the pre-shared key for WPA Personal Wi-Fi network. Inherited from androidDeviceOwnerWiFiConfiguration |
| preSharedKeyIsSet | Boolean | This is the pre-shared key for WPA Personal Wi-Fi network. Inherited from androidDeviceOwnerWiFiConfiguration |
| proxySettings | wiFiProxySetting | Specify the proxy setting for Wi-Fi configuration. Possible values include none, manual, and automatic. Inherited from androidDeviceOwnerWiFiConfiguration. Possible values are: none, manual, automatic. |
| proxyManualAddress | String | Specify the proxy server IP address. Android documentation does not specify IPv4 or IPv6. For example: 192.168.1.1. Inherited from androidDeviceOwnerWiFiConfiguration |
| proxyManualPort | Int32 | Specify the proxy server port. Inherited from androidDeviceOwnerWiFiConfiguration |
| proxyAutomaticConfigurationUrl | String | Specify the proxy server configuration script URL. Inherited from androidDeviceOwnerWiFiConfiguration |
| proxyExclusionList | String | List of hosts to exclude using the proxy on connections for. These hosts can use wildcards such as *.example.com. Inherited from androidDeviceOwnerWiFiConfiguration |
| eapType | androidEapType | Indicates the type of EAP protocol set on the Wi-Fi endpoint (router). Possible values are: eapTls, eapTtls, peap. |
| trustedServerCertificateNames | String collection | Trusted server certificate names when EAP Type is configured to EAP-TLS/TTLS/FAST or PEAP. This is the common name used in the certificates issued by your trusted certificate authority (CA). If you provide this information, you can bypass the dynamic trust dialog that is displayed on end users' devices when they connect to this Wi-Fi network. |
| authenticationMethod | wiFiAuthenticationMethod | Indicates the Authentication Method the client (device) needs to use when the EAP Type is configured to PEAP or EAP-TTLS. Possible values are: certificate, usernameAndPassword, derivedCredential. |
| innerAuthenticationProtocolForEapTtls | nonEapAuthenticationMethodForEapTtlsType | Non-EAP Method for Authentication (Inner Identity) when EAP Type is EAP-TTLS and Authenticationmethod is Username and Password. Possible values are: unencryptedPassword, challengeHandshakeAuthenticationProtocol, microsoftChap, microsoftChapVersionTwo. |
| innerAuthenticationProtocolForPeap | nonEapAuthenticationMethodForPeap | Non-EAP Method for Authentication (Inner Identity) when EAP Type is PEAP and Authenticationmethod is Username and Password. Possible values are: none, microsoftChapVersionTwo. |
| outerIdentityPrivacyTemporaryValue | String | Enable identity privacy (Outer Identity) when EAP Type is configured to EAP-TTLS or PEAP. The String provided here is used to mask the username of individual users when they attempt to connect to Wi-Fi network. |
androidDeviceOwnerGeneralDeviceConfiguration
| Property | Type | Description |
|---|---|---|
| id | String | Key of the entity. Inherited from deviceConfiguration |
| lastModifiedDateTime | DateTimeOffset | DateTime the object was last modified. Inherited from deviceConfiguration |
| roleScopeTagIds | String collection | List of Scope Tags for this Entity instance. Inherited from deviceConfiguration |
| supportsScopeTags | Boolean | Indicates whether or not the underlying Device Configuration supports the assignment of scope tags. Assigning to the ScopeTags property is not allowed when this value is false and entities will not be visible to scoped users. This occurs for Legacy policies created in Silverlight and can be resolved by deleting and recreating the policy in the Azure Portal. This property is read-only. Inherited from deviceConfiguration |
| deviceManagementApplicabilityRuleOsEdition | deviceManagementApplicabilityRuleOsEdition | The OS edition applicability for this Policy. Inherited from deviceConfiguration |
| deviceManagementApplicabilityRuleOsVersion | deviceManagementApplicabilityRuleOsVersion | The OS version applicability rule for this Policy. Inherited from deviceConfiguration |
| deviceManagementApplicabilityRuleDeviceMode | deviceManagementApplicabilityRuleDeviceMode | The device mode applicability rule for this Policy. Inherited from deviceConfiguration |
| createdDateTime | DateTimeOffset | DateTime the object was created. Inherited from deviceConfiguration |
| description | String | Admin provided description of the Device Configuration. Inherited from deviceConfiguration |
| displayName | String | Admin provided name of the device configuration. Inherited from deviceConfiguration |
| version | Int32 | Version of the device configuration. Inherited from deviceConfiguration |
| azureAdSharedDeviceDataClearApps | appListItem collection | A list of managed apps that will have their data cleared during a global sign-out in AAD shared device mode. This collection can contain a maximum of 500 elements. |
| accountsBlockModification | Boolean | Indicates whether or not adding or removing accounts is disabled. |
| appsAllowInstallFromUnknownSources | Boolean | Indicates whether or not the user is allowed to enable to unknown sources setting. |
| appsAutoUpdatePolicy | androidDeviceOwnerAppAutoUpdatePolicyType | Indicates the value of the app auto update policy. Possible values are: notConfigured, userChoice, never, wiFiOnly, always. |
| appsDefaultPermissionPolicy | androidDeviceOwnerDefaultAppPermissionPolicyType | Indicates the permission policy for requests for runtime permissions if one is not defined for the app specifically. Possible values are: deviceDefault, prompt, autoGrant, autoDeny. |
| appsRecommendSkippingFirstUseHints | Boolean | Whether or not to recommend all apps skip any first-time-use hints they may have added. |
| bluetoothBlockConfiguration | Boolean | Indicates whether or not to block a user from configuring bluetooth. |
| bluetoothBlockContactSharing | Boolean | Indicates whether or not to block a user from sharing contacts via bluetooth. |
| cameraBlocked | Boolean | Indicates whether or not to disable the use of the camera. |
| cellularBlockWiFiTethering | Boolean | Indicates whether or not to block Wi-Fi tethering. |
| certificateCredentialConfigurationDisabled | Boolean | Indicates whether or not to block users from any certificate credential configuration. |
| crossProfilePoliciesAllowCopyPaste | Boolean | Indicates whether or not text copied from one profile (personal or work) can be pasted in the other. |
| crossProfilePoliciesAllowDataSharing | androidDeviceOwnerCrossProfileDataSharing | Indicates whether data from one profile (personal or work) can be shared with apps in the other profile. Possible values are: notConfigured, crossProfileDataSharingBlocked, dataSharingFromWorkToPersonalBlocked, crossProfileDataSharingAllowed, unkownFutureValue. |
| crossProfilePoliciesShowWorkContactsInPersonalProfile | Boolean | Indicates whether or not contacts stored in work profile are shown in personal profile contact searches/incoming calls. |
| microsoftLauncherConfigurationEnabled | Boolean | Indicates whether or not to you want configure Microsoft Launcher. |
| microsoftLauncherCustomWallpaperEnabled | Boolean | Indicates whether or not to configure the wallpaper on the targeted devices. |
| microsoftLauncherCustomWallpaperImageUrl | String | Indicates the URL for the image file to use as the wallpaper on the targeted devices. |
| microsoftLauncherCustomWallpaperAllowUserModification | Boolean | Indicates whether or not the user can modify the wallpaper to personalize their device. |
| microsoftLauncherFeedEnabled | Boolean | Indicates whether or not you want to enable the launcher feed on the device. |
| microsoftLauncherFeedAllowUserModification | Boolean | Indicates whether or not the user can modify the launcher feed on the device. |
| microsoftLauncherDockPresenceConfiguration | microsoftLauncherDockPresence | Indicates whether or not you want to configure the device dock. Possible values are: notConfigured, show, hide, disabled. |
| microsoftLauncherDockPresenceAllowUserModification | Boolean | Indicates whether or not the user can modify the device dock configuration on the device. |
| microsoftLauncherSearchBarPlacementConfiguration | microsoftLauncherSearchBarPlacement | Indicates the search bar placement configuration on the device. Possible values are: notConfigured, top, bottom, hide. |
| enrollmentProfile | androidDeviceOwnerEnrollmentProfileType | Indicates which enrollment profile you want to configure. Possible values are: notConfigured, dedicatedDevice, fullyManaged. |
| dataRoamingBlocked | Boolean | Indicates whether or not to block a user from data roaming. |
| dateTimeConfigurationBlocked | Boolean | Indicates whether or not to block the user from manually changing the date or time on the device |
| detailedHelpText | androidDeviceOwnerUserFacingMessage | Represents the customized detailed help text provided to users when they attempt to modify managed settings on their device. |
| deviceOwnerLockScreenMessage | androidDeviceOwnerUserFacingMessage | Represents the customized lock screen message provided to users when they attempt to modify managed settings on their device. |
| securityCommonCriteriaModeEnabled | Boolean | Represents the security common criteria mode enabled provided to users when they attempt to modify managed settings on their device. |
| factoryResetDeviceAdministratorEmails | String collection | List of Google account emails that will be required to authenticate after a device is factory reset before it can be set up. |
| factoryResetBlocked | Boolean | Indicates whether or not the factory reset option in settings is disabled. |
| globalProxy | androidDeviceOwnerGlobalProxy | Proxy is set up directly with host, port and excluded hosts. |
| googleAccountsBlocked | Boolean | Indicates whether or not google accounts will be blocked. |
| kioskCustomizationDeviceSettingsBlocked | Boolean | Indicates whether a user can access the device's Settings app while in Kiosk Mode. |
| kioskCustomizationPowerButtonActionsBlocked | Boolean | Whether the power menu is shown when a user long presses the Power button of a device in Kiosk Mode. |
| kioskCustomizationStatusBar | androidDeviceOwnerKioskCustomizationStatusBar | Indicates whether system info and notifications are disabled in Kiosk Mode. Possible values are: notConfigured, notificationsAndSystemInfoEnabled, systemInfoOnly. |
| kioskCustomizationSystemErrorWarnings | Boolean | Indicates whether system error dialogs for crashed or unresponsive apps are shown in Kiosk Mode. |
| kioskCustomizationSystemNavigation | androidDeviceOwnerKioskCustomizationSystemNavigation | Indicates which navigation features are enabled in Kiosk Mode. Possible values are: notConfigured, navigationEnabled, homeButtonOnly. |
| kioskModeScreenSaverConfigurationEnabled | Boolean | Whether or not to enable screen saver mode or not in Kiosk Mode. |
| kioskModeScreenSaverImageUrl | String | URL for an image that will be the device's screen saver in Kiosk Mode. |
| kioskModeScreenSaverDisplayTimeInSeconds | Int32 | The number of seconds that the device will display the screen saver for in Kiosk Mode. Valid values 0 to 9999999 |
| kioskModeScreenSaverStartDelayInSeconds | Int32 | The number of seconds the device needs to be inactive for before the screen saver is shown in Kiosk Mode. Valid values 1 to 9999999 |
| kioskModeScreenSaverDetectMediaDisabled | Boolean | Whether or not the device screen should show the screen saver if audio/video is playing in Kiosk Mode. |
| kioskModeApps | appListItem collection | A list of managed apps that will be shown when the device is in Kiosk Mode. This collection can contain a maximum of 500 elements. |
| kioskModeWallpaperUrl | String | URL to a publicly accessible image to use for the wallpaper when the device is in Kiosk Mode. |
| kioskModeExitCode | String | Exit code to allow a user to escape from Kiosk Mode when the device is in Kiosk Mode. |
| kioskModeVirtualHomeButtonEnabled | Boolean | Whether or not to display a virtual home button when the device is in Kiosk Mode. |
| kioskModeVirtualHomeButtonType | androidDeviceOwnerVirtualHomeButtonType | Indicates whether the virtual home button is a swipe up home button or a floating home button. Possible values are: notConfigured, swipeUp, floating. |
| kioskModeBluetoothConfigurationEnabled | Boolean | Whether or not to allow a user to configure Bluetooth settings in Kiosk Mode. |
| kioskModeWiFiConfigurationEnabled | Boolean | Whether or not to allow a user to configure Wi-Fi settings in Kiosk Mode. |
| kioskModeFlashlightConfigurationEnabled | Boolean | Whether or not to allow a user to use the flashlight in Kiosk Mode. |
| kioskModeMediaVolumeConfigurationEnabled | Boolean | Whether or not to allow a user to change the media volume in Kiosk Mode. |
| kioskModeShowDeviceInfo | Boolean | Whether or not to allow a user to access basic device information. |
| kioskModeManagedSettingsEntryDisabled | Boolean | Whether or not to display the Managed Settings entry point on the managed home screen in Kiosk Mode. |
| kioskModeDebugMenuEasyAccessEnabled | Boolean | Whether or not to allow a user to easy access to the debug menu in Kiosk Mode. |
| kioskModeShowAppNotificationBadge | Boolean | Whether or not to display application notification badges in Kiosk Mode. |
| kioskModeScreenOrientation | androidDeviceOwnerKioskModeScreenOrientation | Screen orientation configuration for managed home screen in Kiosk Mode. Possible values are: notConfigured, portrait, landscape, autoRotate. |
| kioskModeIconSize | androidDeviceOwnerKioskModeIconSize | Icon size configuration for managed home screen in Kiosk Mode. Possible values are: notConfigured, smallest, small, regular, large, largest. |
| kioskModeFolderIcon | androidDeviceOwnerKioskModeFolderIcon | Folder icon configuration for managed home screen in Kiosk Mode. Possible values are: notConfigured, darkSquare, darkCircle, lightSquare, lightCircle. |
| kioskModeWifiAllowedSsids | String collection | The restricted set of WIFI SSIDs available for the user to configure in Kiosk Mode. This collection can contain a maximum of 500 elements. |
| kioskModeAppOrderEnabled | Boolean | Whether or not to enable app ordering in Kiosk Mode. |
| kioskModeAppsInFolderOrderedByName | Boolean | Whether or not to alphabetize applications within a folder in Kiosk Mode. |
| kioskModeGridHeight | Int32 | Number of rows for Managed Home Screen grid with app ordering enabled in Kiosk Mode. Valid values 1 to 9999999 |
| kioskModeGridWidth | Int32 | Number of columns for Managed Home Screen grid with app ordering enabled in Kiosk Mode. Valid values 1 to 9999999 |
| kioskModeLockHomeScreen | Boolean | Whether or not to lock home screen to the end user in Kiosk Mode. |
| kioskModeManagedFolders | androidDeviceOwnerKioskModeManagedFolder collection | A list of managed folders for a device in Kiosk Mode. This collection can contain a maximum of 500 elements. |
| kioskModeAppPositions | androidDeviceOwnerKioskModeAppPositionItem collection | The ordering of items on Kiosk Mode Managed Home Screen. This collection can contain a maximum of 500 elements. |
| kioskModeManagedHomeScreenAutoSignout | Boolean | Whether or not to automatically sign-out of MHS and Shared device mode applications after inactive for Managed Home Screen. |
| kioskModeManagedHomeScreenInactiveSignOutDelayInSeconds | Int32 | Number of seconds to give user notice before automatically signing them out for Managed Home Screen. Valid values 0 to 9999999 |
| kioskModeManagedHomeScreenInactiveSignOutNoticeInSeconds | Int32 | Number of seconds device is inactive before automatically signing user out for Managed Home Screen. Valid values 0 to 9999999 |
| kioskModeManagedHomeScreenPinComplexity | kioskModeManagedHomeScreenPinComplexity | Complexity of PIN for sign-in session for Managed Home Screen. Possible values are: notConfigured, simple, complex. |
| kioskModeManagedHomeScreenPinRequired | Boolean | Whether or not require user to set a PIN for sign-in session for Managed Home Screen. |
| kioskModeManagedHomeScreenPinRequiredToResume | Boolean | Whether or not required user to enter session PIN if screensaver has appeared for Managed Home Screen. |
| kioskModeManagedHomeScreenSignInBackground | String | Custom URL background for sign-in screen for Managed Home Screen. |
| kioskModeManagedHomeScreenSignInBrandingLogo | String | Custom URL branding logo for sign-in screen and session pin page for Managed Home Screen. |
| kioskModeManagedHomeScreenSignInEnabled | Boolean | Whether or not show sign-in screen for Managed Home Screen. |
| kioskModeUseManagedHomeScreenApp | kioskModeType | Whether or not to use single app kiosk mode or multi-app kiosk mode. Possible values are: notConfigured, singleAppMode, multiAppMode. |
| microphoneForceMute | Boolean | Indicates whether or not to block unmuting the microphone on the device. |
| networkEscapeHatchAllowed | Boolean | Indicates whether or not the device will allow connecting to a temporary network connection at boot time. |
| nfcBlockOutgoingBeam | Boolean | Indicates whether or not to block NFC outgoing beam. |
| passwordBlockKeyguard | Boolean | Indicates whether or not the keyguard is disabled. |
| passwordBlockKeyguardFeatures | androidKeyguardFeature collection | List of device keyguard features to block. This collection can contain a maximum of 11 elements. |
| passwordExpirationDays | Int32 | Indicates the amount of time that a password can be set for before it expires and a new password will be required. Valid values 1 to 365 |
| passwordMinimumLength | Int32 | Indicates the minimum length of the password required on the device. Valid values 4 to 16 |
| passwordMinimumLetterCharacters | Int32 | Indicates the minimum number of letter characters required for device password. Valid values 1 to 16 |
| passwordMinimumLowerCaseCharacters | Int32 | Indicates the minimum number of lower case characters required for device password. Valid values 1 to 16 |
| passwordMinimumNonLetterCharacters | Int32 | Indicates the minimum number of non-letter characters required for device password. Valid values 1 to 16 |
| passwordMinimumNumericCharacters | Int32 | Indicates the minimum number of numeric characters required for device password. Valid values 1 to 16 |
| passwordMinimumSymbolCharacters | Int32 | Indicates the minimum number of symbol characters required for device password. Valid values 1 to 16 |
| passwordMinimumUpperCaseCharacters | Int32 | Indicates the minimum number of upper case letter characters required for device password. Valid values 1 to 16 |
| passwordMinutesOfInactivityBeforeScreenTimeout | Int32 | Minutes of inactivity before the screen times out. |
| passwordPreviousPasswordCountToBlock | Int32 | Indicates the length of password history, where the user will not be able to enter a new password that is the same as any password in the history. Valid values 0 to 24 |
| passwordRequiredType | androidDeviceOwnerRequiredPasswordType | Indicates the minimum password quality required on the device. Possible values are: deviceDefault, required, numeric, numericComplex, alphabetic, alphanumeric, alphanumericWithSymbols, lowSecurityBiometric, customPassword. |
| passwordRequireUnlock | androidDeviceOwnerRequiredPasswordUnlock | Indicates the timeout period after which a device must be unlocked using a form of strong authentication. Possible values are: deviceDefault, daily, unkownFutureValue. |
| passwordSignInFailureCountBeforeFactoryReset | Int32 | Indicates the number of times a user can enter an incorrect password before the device is wiped. Valid values 4 to 11 |
| playStoreMode | androidDeviceOwnerPlayStoreMode | Indicates the Play Store mode of the device. Possible values are: notConfigured, allowList, blockList. |
| screenCaptureBlocked | Boolean | Indicates whether or not to disable the capability to take screenshots. |
| securityDeveloperSettingsEnabled | Boolean | Indicates whether or not the user is allowed to access developer settings like developer options and safe boot on the device. |
| securityRequireVerifyApps | Boolean | Indicates whether or not verify apps is required. |
| shortHelpText | androidDeviceOwnerUserFacingMessage | Represents the customized short help text provided to users when they attempt to modify managed settings on their device. |
| statusBarBlocked | Boolean | Indicates whether or the status bar is disabled, including notifications, quick settings and other screen overlays. |
| stayOnModes | androidDeviceOwnerBatteryPluggedMode collection | List of modes in which the device's display will stay powered-on. This collection can contain a maximum of 4 elements. |
| storageAllowUsb | Boolean | Indicates whether or not to allow USB mass storage. |
| storageBlockExternalMedia | Boolean | Indicates whether or not to block external media. |
| storageBlockUsbFileTransfer | Boolean | Indicates whether or not to block USB file transfer. |
| systemUpdateFreezePeriods | androidDeviceOwnerSystemUpdateFreezePeriod collection | Indicates the annually repeating time periods during which system updates are postponed. This collection can contain a maximum of 500 elements. |
| systemUpdateWindowStartMinutesAfterMidnight | Int32 | Indicates the number of minutes after midnight that the system update window starts. Valid values 0 to 1440 |
| systemUpdateWindowEndMinutesAfterMidnight | Int32 | Indicates the number of minutes after midnight that the system update window ends. Valid values 0 to 1440 |
| systemUpdateInstallType | androidDeviceOwnerSystemUpdateInstallType | The type of system update configuration. Possible values are: deviceDefault, postpone, windowed, automatic. |
| systemWindowsBlocked | Boolean | Whether or not to block Android system prompt windows, like toasts, phone activities, and system alerts. |
| usersBlockAdd | Boolean | Indicates whether or not adding users and profiles is disabled. |
| usersBlockRemove | Boolean | Indicates whether or not to disable removing other users from the device. |
| volumeBlockAdjustment | Boolean | Indicates whether or not adjusting the master volume is disabled. |
| vpnAlwaysOnLockdownMode | Boolean | If an always on VPN package name is specified, whether or not to lock network traffic when that VPN is disconnected. |
| vpnAlwaysOnPackageIdentifier | String | Android app package name for app that will handle an always-on VPN connection. |
| wifiBlockEditConfigurations | Boolean | Indicates whether or not to block the user from editing the wifi connection settings. |
| wifiBlockEditPolicyDefinedConfigurations | Boolean | Indicates whether or not to block the user from editing just the networks defined by the policy. |
| personalProfileAppsAllowInstallFromUnknownSources | Boolean | Indicates whether the user can install apps from unknown sources on the personal profile. |
| personalProfileCameraBlocked | Boolean | Indicates whether to disable the use of the camera on the personal profile. |
| personalProfileScreenCaptureBlocked | Boolean | Indicates whether to disable the capability to take screenshots on the personal profile. |
| personalProfilePlayStoreMode | personalProfilePersonalPlayStoreMode | Used together with PersonalProfilePersonalApplications to control how apps in the personal profile are allowed or blocked. Possible values are: notConfigured, blockedApps, allowedApps. |
| personalProfilePersonalApplications | appListItem collection | Policy applied to applications in the personal profile. This collection can contain a maximum of 500 elements. |
| workProfilePasswordExpirationDays | Int32 | Indicates the number of days that a work profile password can be set before it expires and a new password will be required. Valid values 1 to 365 |
| workProfilePasswordMinimumLength | Int32 | Indicates the minimum length of the work profile password. Valid values 4 to 16 |
| workProfilePasswordMinimumNumericCharacters | Int32 | Indicates the minimum number of numeric characters required for the work profile password. Valid values 1 to 16 |
| workProfilePasswordMinimumNonLetterCharacters | Int32 | Indicates the minimum number of non-letter characters required for the work profile password. Valid values 1 to 16 |
| workProfilePasswordMinimumLetterCharacters | Int32 | Indicates the minimum number of letter characters required for the work profile password. Valid values 1 to 16 |
| workProfilePasswordMinimumLowerCaseCharacters | Int32 | Indicates the minimum number of lower-case characters required for the work profile password. Valid values 1 to 16 |
| workProfilePasswordMinimumUpperCaseCharacters | Int32 | Indicates the minimum number of upper-case letter characters required for the work profile password. Valid values 1 to 16 |
| workProfilePasswordMinimumSymbolCharacters | Int32 | Indicates the minimum number of symbol characters required for the work profile password. Valid values 1 to 16 |
| workProfilePasswordPreviousPasswordCountToBlock | Int32 | Indicates the length of the work profile password history, where the user will not be able to enter a new password that is the same as any password in the history. Valid values 0 to 24 |
| workProfilePasswordSignInFailureCountBeforeFactoryReset | Int32 | Indicates the number of times a user can enter an incorrect work profile password before the device is wiped. Valid values 4 to 11 |
| workProfilePasswordRequiredType | androidDeviceOwnerRequiredPasswordType | Indicates the minimum password quality required on the work profile password. Possible values are: deviceDefault, required, numeric, numericComplex, alphabetic, alphanumeric, alphanumericWithSymbols, lowSecurityBiometric, customPassword. |
| workProfilePasswordRequireUnlock | androidDeviceOwnerRequiredPasswordUnlock | Indicates the timeout period after which a work profile must be unlocked using a form of strong authentication. Possible values are: deviceDefault, daily, unkownFutureValue. |
androidDeviceOwnerImportedPFXCertificateProfile
| Property | Type | Description |
|---|---|---|
| id | String | Key of the entity. Inherited from deviceConfiguration |
| lastModifiedDateTime | DateTimeOffset | DateTime the object was last modified. Inherited from deviceConfiguration |
| roleScopeTagIds | String collection | List of Scope Tags for this Entity instance. Inherited from deviceConfiguration |
| supportsScopeTags | Boolean | Indicates whether or not the underlying Device Configuration supports the assignment of scope tags. Assigning to the ScopeTags property is not allowed when this value is false and entities will not be visible to scoped users. This occurs for Legacy policies created in Silverlight and can be resolved by deleting and recreating the policy in the Azure Portal. This property is read-only. Inherited from deviceConfiguration |
| deviceManagementApplicabilityRuleOsEdition | deviceManagementApplicabilityRuleOsEdition | The OS edition applicability for this Policy. Inherited from deviceConfiguration |
| deviceManagementApplicabilityRuleOsVersion | deviceManagementApplicabilityRuleOsVersion | The OS version applicability rule for this Policy. Inherited from deviceConfiguration |
| deviceManagementApplicabilityRuleDeviceMode | deviceManagementApplicabilityRuleDeviceMode | The device mode applicability rule for this Policy. Inherited from deviceConfiguration |
| createdDateTime | DateTimeOffset | DateTime the object was created. Inherited from deviceConfiguration |
| description | String | Admin provided description of the Device Configuration. Inherited from deviceConfiguration |
| displayName | String | Admin provided name of the device configuration. Inherited from deviceConfiguration |
| version | Int32 | Version of the device configuration. Inherited from deviceConfiguration |
| renewalThresholdPercentage | Int32 | Certificate renewal threshold percentage. Valid values 1 to 99 Inherited from androidDeviceOwnerCertificateProfileBase |
| subjectNameFormat | subjectNameFormat | Certificate Subject Name Format. Inherited from androidDeviceOwnerCertificateProfileBase. Possible values are: commonName, commonNameIncludingEmail, commonNameAsEmail, custom, commonNameAsIMEI, commonNameAsSerialNumber, commonNameAsAadDeviceId, commonNameAsIntuneDeviceId, commonNameAsDurableDeviceId. |
| certificateValidityPeriodValue | Int32 | Value for the Certificate Validity Period. Inherited from androidDeviceOwnerCertificateProfileBase |
| certificateValidityPeriodScale | certificateValidityPeriodScale | Scale for the Certificate Validity Period. Inherited from androidDeviceOwnerCertificateProfileBase. Possible values are: days, months, years. |
| extendedKeyUsages | extendedKeyUsage collection | Extended Key Usage (EKU) settings. This collection can contain a maximum of 500 elements. Inherited from androidDeviceOwnerCertificateProfileBase |
| subjectAlternativeNameType | subjectAlternativeNameType | Certificate Subject Alternative Name Type. Inherited from androidDeviceOwnerCertificateProfileBase. Possible values are: none, emailAddress, userPrincipalName, customAzureADAttribute, domainNameService, universalResourceIdentifier. |
| intendedPurpose | intendedPurpose | Intended Purpose of the Certificate Profile - which could be Unassigned, SmimeEncryption, SmimeSigning etc. Possible values are: unassigned, smimeEncryption, smimeSigning, vpn, wifi. |
| certificateAccessType | androidDeviceOwnerCertificateAccessType | Certificate access type. Possible values are: userApproval, specificApps, unknownFutureValue. |
| silentCertificateAccessDetails | androidDeviceOwnerSilentCertificateAccess collection | Certificate access information. This collection can contain a maximum of 50 elements. |
androidDeviceOwnerPkcsCertificateProfile
| Property | Type | Description |
|---|---|---|
| id | String | Key of the entity. Inherited from deviceConfiguration |
| lastModifiedDateTime | DateTimeOffset | DateTime the object was last modified. Inherited from deviceConfiguration |
| roleScopeTagIds | String collection | List of Scope Tags for this Entity instance. Inherited from deviceConfiguration |
| supportsScopeTags | Boolean | Indicates whether or not the underlying Device Configuration supports the assignment of scope tags. Assigning to the ScopeTags property is not allowed when this value is false and entities will not be visible to scoped users. This occurs for Legacy policies created in Silverlight and can be resolved by deleting and recreating the policy in the Azure Portal. This property is read-only. Inherited from deviceConfiguration |
| deviceManagementApplicabilityRuleOsEdition | deviceManagementApplicabilityRuleOsEdition | The OS edition applicability for this Policy. Inherited from deviceConfiguration |
| deviceManagementApplicabilityRuleOsVersion | deviceManagementApplicabilityRuleOsVersion | The OS version applicability rule for this Policy. Inherited from deviceConfiguration |
| deviceManagementApplicabilityRuleDeviceMode | deviceManagementApplicabilityRuleDeviceMode | The device mode applicability rule for this Policy. Inherited from deviceConfiguration |
| createdDateTime | DateTimeOffset | DateTime the object was created. Inherited from deviceConfiguration |
| description | String | Admin provided description of the Device Configuration. Inherited from deviceConfiguration |
| displayName | String | Admin provided name of the device configuration. Inherited from deviceConfiguration |
| version | Int32 | Version of the device configuration. Inherited from deviceConfiguration |
| renewalThresholdPercentage | Int32 | Certificate renewal threshold percentage. Valid values 1 to 99 Inherited from androidDeviceOwnerCertificateProfileBase |
| subjectNameFormat | subjectNameFormat | Certificate Subject Name Format. Inherited from androidDeviceOwnerCertificateProfileBase. Possible values are: commonName, commonNameIncludingEmail, commonNameAsEmail, custom, commonNameAsIMEI, commonNameAsSerialNumber, commonNameAsAadDeviceId, commonNameAsIntuneDeviceId, commonNameAsDurableDeviceId. |
| certificateValidityPeriodValue | Int32 | Value for the Certificate Validity Period. Inherited from androidDeviceOwnerCertificateProfileBase |
| certificateValidityPeriodScale | certificateValidityPeriodScale | Scale for the Certificate Validity Period. Inherited from androidDeviceOwnerCertificateProfileBase. Possible values are: days, months, years. |
| extendedKeyUsages | extendedKeyUsage collection | Extended Key Usage (EKU) settings. This collection can contain a maximum of 500 elements. Inherited from androidDeviceOwnerCertificateProfileBase |
| subjectAlternativeNameType | subjectAlternativeNameType | Certificate Subject Alternative Name Type. Inherited from androidDeviceOwnerCertificateProfileBase. Possible values are: none, emailAddress, userPrincipalName, customAzureADAttribute, domainNameService, universalResourceIdentifier. |
| certificationAuthority | String | PKCS Certification Authority |
| certificationAuthorityName | String | PKCS Certification Authority Name |
| certificationAuthorityType | deviceManagementCertificationAuthority | Certification authority type. Possible values are: notConfigured, microsoft, digiCert. |
| certificateTemplateName | String | PKCS Certificate Template Name |
| subjectAlternativeNameFormatString | String | Custom String that defines the AAD Attribute. |
| subjectNameFormatString | String | Custom format to use with SubjectNameFormat = Custom. Example: CN={{EmailAddress}},E={{EmailAddress}},OU=Enterprise Users,O=Contoso Corporation,L=Redmond,ST=WA,C=US |
| certificateStore | certificateStore | Target store certificate. Possible values are: user, machine. |
| customSubjectAlternativeNames | customSubjectAlternativeName collection | Custom Subject Alternative Name Settings. This collection can contain a maximum of 500 elements. |
| certificateAccessType | androidDeviceOwnerCertificateAccessType | Certificate access type. Possible values are: userApproval, specificApps, unknownFutureValue. |
| silentCertificateAccessDetails | androidDeviceOwnerSilentCertificateAccess collection | Certificate access information. This collection can contain a maximum of 50 elements. |
androidDeviceOwnerScepCertificateProfile
| Property | Type | Description |
|---|---|---|
| id | String | Key of the entity. Inherited from deviceConfiguration |
| lastModifiedDateTime | DateTimeOffset | DateTime the object was last modified. Inherited from deviceConfiguration |
| roleScopeTagIds | String collection | List of Scope Tags for this Entity instance. Inherited from deviceConfiguration |
| supportsScopeTags | Boolean | Indicates whether or not the underlying Device Configuration supports the assignment of scope tags. Assigning to the ScopeTags property is not allowed when this value is false and entities will not be visible to scoped users. This occurs for Legacy policies created in Silverlight and can be resolved by deleting and recreating the policy in the Azure Portal. This property is read-only. Inherited from deviceConfiguration |
| deviceManagementApplicabilityRuleOsEdition | deviceManagementApplicabilityRuleOsEdition | The OS edition applicability for this Policy. Inherited from deviceConfiguration |
| deviceManagementApplicabilityRuleOsVersion | deviceManagementApplicabilityRuleOsVersion | The OS version applicability rule for this Policy. Inherited from deviceConfiguration |
| deviceManagementApplicabilityRuleDeviceMode | deviceManagementApplicabilityRuleDeviceMode | The device mode applicability rule for this Policy. Inherited from deviceConfiguration |
| createdDateTime | DateTimeOffset | DateTime the object was created. Inherited from deviceConfiguration |
| description | String | Admin provided description of the Device Configuration. Inherited from deviceConfiguration |
| displayName | String | Admin provided name of the device configuration. Inherited from deviceConfiguration |
| version | Int32 | Version of the device configuration. Inherited from deviceConfiguration |
| renewalThresholdPercentage | Int32 | Certificate renewal threshold percentage. Valid values 1 to 99 Inherited from androidDeviceOwnerCertificateProfileBase |
| subjectNameFormat | subjectNameFormat | Certificate Subject Name Format. Inherited from androidDeviceOwnerCertificateProfileBase. Possible values are: commonName, commonNameIncludingEmail, commonNameAsEmail, custom, commonNameAsIMEI, commonNameAsSerialNumber, commonNameAsAadDeviceId, commonNameAsIntuneDeviceId, commonNameAsDurableDeviceId. |
| certificateValidityPeriodValue | Int32 | Value for the Certificate Validity Period. Inherited from androidDeviceOwnerCertificateProfileBase |
| certificateValidityPeriodScale | certificateValidityPeriodScale | Scale for the Certificate Validity Period. Inherited from androidDeviceOwnerCertificateProfileBase. Possible values are: days, months, years. |
| extendedKeyUsages | extendedKeyUsage collection | Extended Key Usage (EKU) settings. This collection can contain a maximum of 500 elements. Inherited from androidDeviceOwnerCertificateProfileBase |
| subjectAlternativeNameType | subjectAlternativeNameType | Certificate Subject Alternative Name Type. Inherited from androidDeviceOwnerCertificateProfileBase. Possible values are: none, emailAddress, userPrincipalName, customAzureADAttribute, domainNameService, universalResourceIdentifier. |
| scepServerUrls | String collection | SCEP Server Url(s) |
| subjectNameFormatString | String | Custom format to use with SubjectNameFormat = Custom. Example: CN={{EmailAddress}},E={{EmailAddress}},OU=Enterprise Users,O=Contoso Corporation,L=Redmond,ST=WA,C=US |
| keyUsage | keyUsages | SCEP Key Usage. Possible values are: keyEncipherment, digitalSignature. |
| keySize | keySize | SCEP Key Size. Possible values are: size1024, size2048, size4096. |
| hashAlgorithm | hashAlgorithms | SCEP Hash Algorithm. Possible values are: sha1, sha2. |
| subjectAlternativeNameFormatString | String | Custom String that defines the AAD Attribute. |
| certificateStore | certificateStore | Target store certificate. Possible values are: user, machine. |
| customSubjectAlternativeNames | customSubjectAlternativeName collection | Custom Subject Alternative Name Settings. This collection can contain a maximum of 500 elements. |
| certificateAccessType | androidDeviceOwnerCertificateAccessType | Certificate access type. Possible values are: userApproval, specificApps, unknownFutureValue. |
| silentCertificateAccessDetails | androidDeviceOwnerSilentCertificateAccess collection | Certificate access information. This collection can contain a maximum of 50 elements. |
androidDeviceOwnerTrustedRootCertificate
| Property | Type | Description |
|---|---|---|
| id | String | Key of the entity. Inherited from deviceConfiguration |
| lastModifiedDateTime | DateTimeOffset | DateTime the object was last modified. Inherited from deviceConfiguration |
| roleScopeTagIds | String collection | List of Scope Tags for this Entity instance. Inherited from deviceConfiguration |
| supportsScopeTags | Boolean | Indicates whether or not the underlying Device Configuration supports the assignment of scope tags. Assigning to the ScopeTags property is not allowed when this value is false and entities will not be visible to scoped users. This occurs for Legacy policies created in Silverlight and can be resolved by deleting and recreating the policy in the Azure Portal. This property is read-only. Inherited from deviceConfiguration |
| deviceManagementApplicabilityRuleOsEdition | deviceManagementApplicabilityRuleOsEdition | The OS edition applicability for this Policy. Inherited from deviceConfiguration |
| deviceManagementApplicabilityRuleOsVersion | deviceManagementApplicabilityRuleOsVersion | The OS version applicability rule for this Policy. Inherited from deviceConfiguration |
| deviceManagementApplicabilityRuleDeviceMode | deviceManagementApplicabilityRuleDeviceMode | The device mode applicability rule for this Policy. Inherited from deviceConfiguration |
| createdDateTime | DateTimeOffset | DateTime the object was created. Inherited from deviceConfiguration |
| description | String | Admin provided description of the Device Configuration. Inherited from deviceConfiguration |
| displayName | String | Admin provided name of the device configuration. Inherited from deviceConfiguration |
| version | Int32 | Version of the device configuration. Inherited from deviceConfiguration |
| trustedRootCertificate | Binary | Trusted Root Certificate |
| certFileName | String | File name to display in UI. |
androidDeviceOwnerVpnConfiguration
| Property | Type | Description |
|---|---|---|
| id | String | Key of the entity. Inherited from deviceConfiguration |
| lastModifiedDateTime | DateTimeOffset | DateTime the object was last modified. Inherited from deviceConfiguration |
| roleScopeTagIds | String collection | List of Scope Tags for this Entity instance. Inherited from deviceConfiguration |
| supportsScopeTags | Boolean | Indicates whether or not the underlying Device Configuration supports the assignment of scope tags. Assigning to the ScopeTags property is not allowed when this value is false and entities will not be visible to scoped users. This occurs for Legacy policies created in Silverlight and can be resolved by deleting and recreating the policy in the Azure Portal. This property is read-only. Inherited from deviceConfiguration |
| deviceManagementApplicabilityRuleOsEdition | deviceManagementApplicabilityRuleOsEdition | The OS edition applicability for this Policy. Inherited from deviceConfiguration |
| deviceManagementApplicabilityRuleOsVersion | deviceManagementApplicabilityRuleOsVersion | The OS version applicability rule for this Policy. Inherited from deviceConfiguration |
| deviceManagementApplicabilityRuleDeviceMode | deviceManagementApplicabilityRuleDeviceMode | The device mode applicability rule for this Policy. Inherited from deviceConfiguration |
| createdDateTime | DateTimeOffset | DateTime the object was created. Inherited from deviceConfiguration |
| description | String | Admin provided description of the Device Configuration. Inherited from deviceConfiguration |
| displayName | String | Admin provided name of the device configuration. Inherited from deviceConfiguration |
| version | Int32 | Version of the device configuration. Inherited from deviceConfiguration |
| authenticationMethod | vpnAuthenticationMethod | Authentication method. Inherited from vpnConfiguration. Possible values are: certificate, usernameAndPassword, sharedSecret, derivedCredential, azureAD. |
| connectionName | String | Connection name displayed to the user. Inherited from vpnConfiguration |
| role | String | Role when connection type is set to Pulse Secure. Inherited from vpnConfiguration |
| realm | String | Realm when connection type is set to Pulse Secure. Inherited from vpnConfiguration |
| servers | vpnServer collection | List of VPN Servers on the network. Make sure end users can access these network locations. This collection can contain a maximum of 500 elements. Inherited from vpnConfiguration |
| connectionType | androidVpnConnectionType | Connection type. Possible values are: ciscoAnyConnect, pulseSecure, f5EdgeClient, dellSonicWallMobileConnect, checkPointCapsuleVpn, citrix, microsoftTunnel, netMotionMobility, microsoftProtect. |
| proxyServer | vpnProxyServer | Proxy server. |
| targetedPackageIds | String collection | Targeted App package IDs. |
| targetedMobileApps | appListItem collection | Targeted mobile apps. This collection can contain a maximum of 500 elements. |
| alwaysOn | Boolean | Whether or not to enable always-on VPN connection. |
| alwaysOnLockdown | Boolean | If always-on VPN connection is enabled, whether or not to lock network traffic when that VPN is disconnected. |
| microsoftTunnelSiteId | String | Microsoft Tunnel site ID. |
| customData | keyValue collection | Custom data to define key/value pairs specific to a VPN provider. This collection can contain a maximum of 25 elements. |
| customKeyValueData | keyValuePair collection | Custom data to define key/value pairs specific to a VPN provider. This collection can contain a maximum of 25 elements. |
androidDeviceOwnerWiFiConfiguration
| Property | Type | Description |
|---|---|---|
| id | String | Key of the entity. Inherited from deviceConfiguration |
| lastModifiedDateTime | DateTimeOffset | DateTime the object was last modified. Inherited from deviceConfiguration |
| roleScopeTagIds | String collection | List of Scope Tags for this Entity instance. Inherited from deviceConfiguration |
| supportsScopeTags | Boolean | Indicates whether or not the underlying Device Configuration supports the assignment of scope tags. Assigning to the ScopeTags property is not allowed when this value is false and entities will not be visible to scoped users. This occurs for Legacy policies created in Silverlight and can be resolved by deleting and recreating the policy in the Azure Portal. This property is read-only. Inherited from deviceConfiguration |
| deviceManagementApplicabilityRuleOsEdition | deviceManagementApplicabilityRuleOsEdition | The OS edition applicability for this Policy. Inherited from deviceConfiguration |
| deviceManagementApplicabilityRuleOsVersion | deviceManagementApplicabilityRuleOsVersion | The OS version applicability rule for this Policy. Inherited from deviceConfiguration |
| deviceManagementApplicabilityRuleDeviceMode | deviceManagementApplicabilityRuleDeviceMode | The device mode applicability rule for this Policy. Inherited from deviceConfiguration |
| createdDateTime | DateTimeOffset | DateTime the object was created. Inherited from deviceConfiguration |
| description | String | Admin provided description of the Device Configuration. Inherited from deviceConfiguration |
| displayName | String | Admin provided name of the device configuration. Inherited from deviceConfiguration |
| version | Int32 | Version of the device configuration. Inherited from deviceConfiguration |
| networkName | String | Network Name |
| ssid | String | This is the name of the Wi-Fi network that is broadcast to all devices. |
| connectAutomatically | Boolean | Connect automatically when this network is in range. Setting this to true will skip the user prompt and automatically connect the device to Wi-Fi network. |
| connectWhenNetworkNameIsHidden | Boolean | When set to true, this profile forces the device to connect to a network that doesn't broadcast its SSID to all devices. |
| wiFiSecurityType | androidDeviceOwnerWiFiSecurityType | Indicates whether Wi-Fi endpoint uses an EAP based security type. Possible values are: open, wep, wpaPersonal, wpaEnterprise. |
| preSharedKey | String | This is the pre-shared key for WPA Personal Wi-Fi network. |
| preSharedKeyIsSet | Boolean | This is the pre-shared key for WPA Personal Wi-Fi network. |
| proxySettings | wiFiProxySetting | Specify the proxy setting for Wi-Fi configuration. Possible values include none, manual, and automatic. Possible values are: none, manual, automatic. |
| proxyManualAddress | String | Specify the proxy server IP address. Android documentation does not specify IPv4 or IPv6. For example: 192.168.1.1. |
| proxyManualPort | Int32 | Specify the proxy server port. |
| proxyAutomaticConfigurationUrl | String | Specify the proxy server configuration script URL. |
| proxyExclusionList | String | List of hosts to exclude using the proxy on connections for. These hosts can use wildcards such as *. |
androidEasEmailProfileConfiguration
| Property | Type | Description |
|---|---|---|
| id | String | Key of the entity. Inherited from deviceConfiguration |
| lastModifiedDateTime | DateTimeOffset | DateTime the object was last modified. Inherited from deviceConfiguration |
| roleScopeTagIds | String collection | List of Scope Tags for this Entity instance. Inherited from deviceConfiguration |
| supportsScopeTags | Boolean | Indicates whether or not the underlying Device Configuration supports the assignment of scope tags. Assigning to the ScopeTags property is not allowed when this value is false and entities will not be visible to scoped users. This occurs for Legacy policies created in Silverlight and can be resolved by deleting and recreating the policy in the Azure Portal. This property is read-only. Inherited from deviceConfiguration |
| deviceManagementApplicabilityRuleOsEdition | deviceManagementApplicabilityRuleOsEdition | The OS edition applicability for this Policy. Inherited from deviceConfiguration |
| deviceManagementApplicabilityRuleOsVersion | deviceManagementApplicabilityRuleOsVersion | The OS version applicability rule for this Policy. Inherited from deviceConfiguration |
| deviceManagementApplicabilityRuleDeviceMode | deviceManagementApplicabilityRuleDeviceMode | The device mode applicability rule for this Policy. Inherited from deviceConfiguration |
| createdDateTime | DateTimeOffset | DateTime the object was created. Inherited from deviceConfiguration |
| description | String | Admin provided description of the Device Configuration. Inherited from deviceConfiguration |
| displayName | String | Admin provided name of the device configuration. Inherited from deviceConfiguration |
| version | Int32 | Version of the device configuration. Inherited from deviceConfiguration |
| accountName | String | Exchange ActiveSync account name, displayed to users as name of EAS (this) profile. |
| authenticationMethod | easAuthenticationMethod | Authentication method for Exchange ActiveSync. Possible values are: usernameAndPassword, certificate, derivedCredential. |
| syncCalendar | Boolean | Toggles syncing the calendar. If set to false calendar is turned off on the device. |
| syncContacts | Boolean | Toggles syncing contacts. If set to false contacts are turned off on the device. |
| syncTasks | Boolean | Toggles syncing tasks. If set to false tasks are turned off on the device. |
| syncNotes | Boolean | Toggles syncing notes. If set to false notes are turned off on the device. |
| durationOfEmailToSync | emailSyncDuration | Duration of time email should be synced to. Possible values are: userDefined, oneDay, threeDays, oneWeek, twoWeeks, oneMonth, unlimited. |
| emailAddressSource | userEmailSource | Email attribute that is picked from AAD and injected into this profile before installing on the device. Possible values are: userPrincipalName, primarySmtpAddress. |
| emailSyncSchedule | emailSyncSchedule | Email sync schedule. Possible values are: userDefined, asMessagesArrive, manual, fifteenMinutes, thirtyMinutes, sixtyMinutes, basedOnMyUsage. |
| hostName | String | Exchange location (URL) that the native mail app connects to. |
| requireSmime | Boolean | Indicates whether or not to use S/MIME certificate. |
| requireSsl | Boolean | Indicates whether or not to use SSL. |
| usernameSource | androidUsernameSource | Username attribute that is picked from AAD and injected into this profile before installing on the device. Possible values are: username, userPrincipalName, samAccountName, primarySmtpAddress. |
| userDomainNameSource | domainNameSource | UserDomainname attribute that is picked from AAD and injected into this profile before installing on the device. Possible values are: fullDomainName, netBiosDomainName. |
| customDomainName | String | Custom domain name value used while generating an email profile before installing on the device. |
androidEnterpriseWiFiConfiguration
| Property | Type | Description |
|---|---|---|
| id | String | Key of the entity. Inherited from deviceConfiguration |
| lastModifiedDateTime | DateTimeOffset | DateTime the object was last modified. Inherited from deviceConfiguration |
| roleScopeTagIds | String collection | List of Scope Tags for this Entity instance. Inherited from deviceConfiguration |
| supportsScopeTags | Boolean | Indicates whether or not the underlying Device Configuration supports the assignment of scope tags. Assigning to the ScopeTags property is not allowed when this value is false and entities will not be visible to scoped users. This occurs for Legacy policies created in Silverlight and can be resolved by deleting and recreating the policy in the Azure Portal. This property is read-only. Inherited from deviceConfiguration |
| deviceManagementApplicabilityRuleOsEdition | deviceManagementApplicabilityRuleOsEdition | The OS edition applicability for this Policy. Inherited from deviceConfiguration |
| deviceManagementApplicabilityRuleOsVersion | deviceManagementApplicabilityRuleOsVersion | The OS version applicability rule for this Policy. Inherited from deviceConfiguration |
| deviceManagementApplicabilityRuleDeviceMode | deviceManagementApplicabilityRuleDeviceMode | The device mode applicability rule for this Policy. Inherited from deviceConfiguration |
| createdDateTime | DateTimeOffset | DateTime the object was created. Inherited from deviceConfiguration |
| description | String | Admin provided description of the Device Configuration. Inherited from deviceConfiguration |
| displayName | String | Admin provided name of the device configuration. Inherited from deviceConfiguration |
| version | Int32 | Version of the device configuration. Inherited from deviceConfiguration |
| networkName | String | Network Name Inherited from androidWiFiConfiguration |
| ssid | String | This is the name of the Wi-Fi network that is broadcast to all devices. Inherited from androidWiFiConfiguration |
| connectAutomatically | Boolean | Connect automatically when this network is in range. Setting this to true will skip the user prompt and automatically connect the device to Wi-Fi network. Inherited from androidWiFiConfiguration |
| connectWhenNetworkNameIsHidden | Boolean | When set to true, this profile forces the device to connect to a network that doesn't broadcast its SSID to all devices. Inherited from androidWiFiConfiguration |
| wiFiSecurityType | androidWiFiSecurityType | Indicates whether Wi-Fi endpoint uses an EAP based security type. Inherited from androidWiFiConfiguration. Possible values are: open, wpaEnterprise, wpa2Enterprise. |
| eapType | androidEapType | Indicates the type of EAP protocol set on the Wi-Fi endpoint (router). Possible values are: eapTls, eapTtls, peap. |
| trustedServerCertificateNames | String collection | Trusted server certificate names when EAP Type is configured to EAP-TLS/TTLS/FAST or PEAP. This is the common name used in the certificates issued by your trusted certificate authority (CA). If you provide this information, you can bypass the dynamic trust dialog that is displayed on end users' devices when they connect to this Wi-Fi network. |
| authenticationMethod | wiFiAuthenticationMethod | Indicates the Authentication Method the client (device) needs to use when the EAP Type is configured to PEAP or EAP-TTLS. Possible values are: certificate, usernameAndPassword, derivedCredential. |
| innerAuthenticationProtocolForEapTtls | nonEapAuthenticationMethodForEapTtlsType | Non-EAP Method for Authentication (Inner Identity) when EAP Type is EAP-TTLS and Authenticationmethod is Username and Password. Possible values are: unencryptedPassword, challengeHandshakeAuthenticationProtocol, microsoftChap, microsoftChapVersionTwo. |
| innerAuthenticationProtocolForPeap | nonEapAuthenticationMethodForPeap | Non-EAP Method for Authentication (Inner Identity) when EAP Type is PEAP and Authenticationmethod is Username and Password. Possible values are: none, microsoftChapVersionTwo. |
| outerIdentityPrivacyTemporaryValue | String | Enable identity privacy (Outer Identity) when EAP Type is configured to EAP-TTLS or PEAP. The String provided here is used to mask the username of individual users when they attempt to connect to Wi-Fi network. |
| usernameFormatString | String | Username format string used to build the username to connect to wifi |
| passwordFormatString | String | Password format string used to build the password to connect to wifi |
| preSharedKey | String | PreSharedKey used to build the password to connect to wifi |
androidForWorkCertificateProfileBase
| Property | Type | Description |
|---|---|---|
| id | String | Key of the entity. Inherited from deviceConfiguration |
| lastModifiedDateTime | DateTimeOffset | DateTime the object was last modified. Inherited from deviceConfiguration |
| roleScopeTagIds | String collection | List of Scope Tags for this Entity instance. Inherited from deviceConfiguration |
| supportsScopeTags | Boolean | Indicates whether or not the underlying Device Configuration supports the assignment of scope tags. Assigning to the ScopeTags property is not allowed when this value is false and entities will not be visible to scoped users. This occurs for Legacy policies created in Silverlight and can be resolved by deleting and recreating the policy in the Azure Portal. This property is read-only. Inherited from deviceConfiguration |
| deviceManagementApplicabilityRuleOsEdition | deviceManagementApplicabilityRuleOsEdition | The OS edition applicability for this Policy. Inherited from deviceConfiguration |
| deviceManagementApplicabilityRuleOsVersion | deviceManagementApplicabilityRuleOsVersion | The OS version applicability rule for this Policy. Inherited from deviceConfiguration |
| deviceManagementApplicabilityRuleDeviceMode | deviceManagementApplicabilityRuleDeviceMode | The device mode applicability rule for this Policy. Inherited from deviceConfiguration |
| createdDateTime | DateTimeOffset | DateTime the object was created. Inherited from deviceConfiguration |
| description | String | Admin provided description of the Device Configuration. Inherited from deviceConfiguration |
| displayName | String | Admin provided name of the device configuration. Inherited from deviceConfiguration |
| version | Int32 | Version of the device configuration. Inherited from deviceConfiguration |
| renewalThresholdPercentage | Int32 | Certificate renewal threshold percentage. Valid values 1 to 99 |
| subjectNameFormat | subjectNameFormat | Certificate Subject Name Format. Possible values are: commonName, commonNameIncludingEmail, commonNameAsEmail, custom, commonNameAsIMEI, commonNameAsSerialNumber, commonNameAsAadDeviceId, commonNameAsIntuneDeviceId, commonNameAsDurableDeviceId. |
| certificateValidityPeriodValue | Int32 | Value for the Certificate Validity Period. |
| certificateValidityPeriodScale | certificateValidityPeriodScale | Scale for the Certificate Validity Period. Possible values are: days, months, years. |
| extendedKeyUsages | extendedKeyUsage collection | Extended Key Usage (EKU) settings. This collection can contain a maximum of 500 elements. |
| subjectAlternativeNameType | subjectAlternativeNameType | Certificate Subject Alternative Name Type. Possible values are: none, emailAddress, userPrincipalName, customAzureADAttribute, domainNameService, universalResourceIdentifier. |
androidForWorkCompliancePolicy
| Property | Type | Description |
|---|---|---|
| roleScopeTagIds | String collection | List of Scope Tags for this Entity instance. Inherited from deviceCompliancePolicy |
| id | String | Key of the entity. Inherited from deviceCompliancePolicy |
| createdDateTime | DateTimeOffset | DateTime the object was created. Inherited from deviceCompliancePolicy |
| description | String | Admin provided description of the Device Configuration. Inherited from deviceCompliancePolicy |
| lastModifiedDateTime | DateTimeOffset | DateTime the object was last modified. Inherited from deviceCompliancePolicy |
| displayName | String | Admin provided name of the device configuration. Inherited from deviceCompliancePolicy |
| version | Int32 | Version of the device configuration. Inherited from deviceCompliancePolicy |
| passwordRequired | Boolean | Require a password to unlock device. |
| passwordMinimumLength | Int32 | Minimum password length. Valid values 4 to 16 |
| passwordRequiredType | androidRequiredPasswordType | Type of characters in password. Possible values are: deviceDefault, alphabetic, alphanumeric, alphanumericWithSymbols, lowSecurityBiometric, numeric, numericComplex, any. |
| requiredPasswordComplexity | androidRequiredPasswordComplexity | Indicates the required device password complexity on Android. One of: NONE, LOW, MEDIUM, HIGH. This is a new API targeted to Android API 12+. Possible values are: none, low, medium, high. |
| passwordMinutesOfInactivityBeforeLock | Int32 | Minutes of inactivity before a password is required. |
| passwordExpirationDays | Int32 | Number of days before the password expires. Valid values 1 to 365 |
| passwordPreviousPasswordBlockCount | Int32 | Number of previous passwords to block. Valid values 1 to 24 |
| passwordSignInFailureCountBeforeFactoryReset | Int32 | Number of sign-in failures allowed before factory reset. Valid values 1 to 16 |
| securityPreventInstallAppsFromUnknownSources | Boolean | Require that devices disallow installation of apps from unknown sources. |
| securityDisableUsbDebugging | Boolean | Disable USB debugging on Android devices. |
| securityRequireVerifyApps | Boolean | Require the Android Verify apps feature is turned on. |
| deviceThreatProtectionEnabled | Boolean | Require that devices have enabled device threat protection. |
| deviceThreatProtectionRequiredSecurityLevel | deviceThreatProtectionLevel | Require Mobile Threat Protection minimum risk level to report noncompliance. Possible values are: unavailable, secured, low, medium, high, notSet. |
| securityBlockJailbrokenDevices | Boolean | Devices must not be jailbroken or rooted. |
| osMinimumVersion | String | Minimum Android version. |
| osMaximumVersion | String | Maximum Android version. |
| minAndroidSecurityPatchLevel | String | Minimum Android security patch level. |
| storageRequireEncryption | Boolean | Require encryption on Android devices. |
| securityRequireSafetyNetAttestationBasicIntegrity | Boolean | Require the device to pass the SafetyNet basic integrity check. |
| securityRequireSafetyNetAttestationCertifiedDevice | Boolean | Require the device to pass the SafetyNet certified device check. |
| securityRequireGooglePlayServices | Boolean | Require Google Play Services to be installed and enabled on the device. |
| securityRequireUpToDateSecurityProviders | Boolean | Require the device to have up to date security providers. The device will require Google Play Services to be enabled and up to date. |
| securityRequireCompanyPortalAppIntegrity | Boolean | Require the device to pass the Company Portal client app runtime integrity check. |
| securityRequiredAndroidSafetyNetEvaluationType | androidSafetyNetEvaluationType | Require a specific SafetyNet evaluation type for compliance. Possible values are: basic, hardwareBacked. |
androidForWorkCustomConfiguration
| Property | Type | Description |
|---|---|---|
| id | String | Key of the entity. Inherited from deviceConfiguration |
| lastModifiedDateTime | DateTimeOffset | DateTime the object was last modified. Inherited from deviceConfiguration |
| roleScopeTagIds | String collection | List of Scope Tags for this Entity instance. Inherited from deviceConfiguration |
| supportsScopeTags | Boolean | Indicates whether or not the underlying Device Configuration supports the assignment of scope tags. Assigning to the ScopeTags property is not allowed when this value is false and entities will not be visible to scoped users. This occurs for Legacy policies created in Silverlight and can be resolved by deleting and recreating the policy in the Azure Portal. This property is read-only. Inherited from deviceConfiguration |
| deviceManagementApplicabilityRuleOsEdition | deviceManagementApplicabilityRuleOsEdition | The OS edition applicability for this Policy. Inherited from deviceConfiguration |
| deviceManagementApplicabilityRuleOsVersion | deviceManagementApplicabilityRuleOsVersion | The OS version applicability rule for this Policy. Inherited from deviceConfiguration |
| deviceManagementApplicabilityRuleDeviceMode | deviceManagementApplicabilityRuleDeviceMode | The device mode applicability rule for this Policy. Inherited from deviceConfiguration |
| createdDateTime | DateTimeOffset | DateTime the object was created. Inherited from deviceConfiguration |
| description | String | Admin provided description of the Device Configuration. Inherited from deviceConfiguration |
| displayName | String | Admin provided name of the device configuration. Inherited from deviceConfiguration |
| version | Int32 | Version of the device configuration. Inherited from deviceConfiguration |
| omaSettings | omaSetting collection | OMA settings. This collection can contain a maximum of 500 elements. |
androidForWorkEasEmailProfileBase
| Property | Type | Description |
|---|---|---|
| id | String | Key of the entity. Inherited from deviceConfiguration |
| lastModifiedDateTime | DateTimeOffset | DateTime the object was last modified. Inherited from deviceConfiguration |
| roleScopeTagIds | String collection | List of Scope Tags for this Entity instance. Inherited from deviceConfiguration |
| supportsScopeTags | Boolean | Indicates whether or not the underlying Device Configuration supports the assignment of scope tags. Assigning to the ScopeTags property is not allowed when this value is false and entities will not be visible to scoped users. This occurs for Legacy policies created in Silverlight and can be resolved by deleting and recreating the policy in the Azure Portal. This property is read-only. Inherited from deviceConfiguration |
| deviceManagementApplicabilityRuleOsEdition | deviceManagementApplicabilityRuleOsEdition | The OS edition applicability for this Policy. Inherited from deviceConfiguration |
| deviceManagementApplicabilityRuleOsVersion | deviceManagementApplicabilityRuleOsVersion | The OS version applicability rule for this Policy. Inherited from deviceConfiguration |
| deviceManagementApplicabilityRuleDeviceMode | deviceManagementApplicabilityRuleDeviceMode | The device mode applicability rule for this Policy. Inherited from deviceConfiguration |
| createdDateTime | DateTimeOffset | DateTime the object was created. Inherited from deviceConfiguration |
| description | String | Admin provided description of the Device Configuration. Inherited from deviceConfiguration |
| displayName | String | Admin provided name of the device configuration. Inherited from deviceConfiguration |
| version | Int32 | Version of the device configuration. Inherited from deviceConfiguration |
| authenticationMethod | easAuthenticationMethod | Authentication method for Exchange ActiveSync. Possible values are: usernameAndPassword, certificate, derivedCredential. |
| durationOfEmailToSync | emailSyncDuration | Duration of time email should be synced to. Possible values are: userDefined, oneDay, threeDays, oneWeek, twoWeeks, oneMonth, unlimited. |
| emailAddressSource | userEmailSource | Email attribute that is picked from AAD and injected into this profile before installing on the device. Possible values are: userPrincipalName, primarySmtpAddress. |
| hostName | String | Exchange location (URL) that the mail app connects to. |
| requireSsl | Boolean | Indicates whether or not to use SSL. |
| usernameSource | androidUsernameSource | Username attribute that is picked from AAD and injected into this profile before installing on the device. Possible values are: username, userPrincipalName, samAccountName, primarySmtpAddress. |
androidForWorkEnterpriseWiFiConfiguration
| Property | Type | Description |
|---|---|---|
| id | String | Key of the entity. Inherited from deviceConfiguration |
| lastModifiedDateTime | DateTimeOffset | DateTime the object was last modified. Inherited from deviceConfiguration |
| roleScopeTagIds | String collection | List of Scope Tags for this Entity instance. Inherited from deviceConfiguration |
| supportsScopeTags | Boolean | Indicates whether or not the underlying Device Configuration supports the assignment of scope tags. Assigning to the ScopeTags property is not allowed when this value is false and entities will not be visible to scoped users. This occurs for Legacy policies created in Silverlight and can be resolved by deleting and recreating the policy in the Azure Portal. This property is read-only. Inherited from deviceConfiguration |
| deviceManagementApplicabilityRuleOsEdition | deviceManagementApplicabilityRuleOsEdition | The OS edition applicability for this Policy. Inherited from deviceConfiguration |
| deviceManagementApplicabilityRuleOsVersion | deviceManagementApplicabilityRuleOsVersion | The OS version applicability rule for this Policy. Inherited from deviceConfiguration |
| deviceManagementApplicabilityRuleDeviceMode | deviceManagementApplicabilityRuleDeviceMode | The device mode applicability rule for this Policy. Inherited from deviceConfiguration |
| createdDateTime | DateTimeOffset | DateTime the object was created. Inherited from deviceConfiguration |
| description | String | Admin provided description of the Device Configuration. Inherited from deviceConfiguration |
| displayName | String | Admin provided name of the device configuration. Inherited from deviceConfiguration |
| version | Int32 | Version of the device configuration. Inherited from deviceConfiguration |
| networkName | String | Network Name Inherited from androidForWorkWiFiConfiguration |
| ssid | String | This is the name of the Wi-Fi network that is broadcast to all devices. Inherited from androidForWorkWiFiConfiguration |
| connectAutomatically | Boolean | Connect automatically when this network is in range. Setting this to true will skip the user prompt and automatically connect the device to Wi-Fi network. Inherited from androidForWorkWiFiConfiguration |
| connectWhenNetworkNameIsHidden | Boolean | When set to true, this profile forces the device to connect to a network that doesn't broadcast its SSID to all devices. Inherited from androidForWorkWiFiConfiguration |
| wiFiSecurityType | androidWiFiSecurityType | Indicates whether Wi-Fi endpoint uses an EAP based security type. Inherited from androidForWorkWiFiConfiguration. Possible values are: open, wpaEnterprise, wpa2Enterprise. |
| eapType | androidEapType | Indicates the type of EAP protocol set on the Wi-Fi endpoint (router). Possible values are: eapTls, eapTtls, peap. |
| trustedServerCertificateNames | String collection | Trusted server certificate names when EAP Type is configured to EAP-TLS/TTLS/FAST or PEAP. This is the common name used in the certificates issued by your trusted certificate authority (CA). If you provide this information, you can bypass the dynamic trust dialog that is displayed on end users' devices when they connect to this Wi-Fi network. |
| authenticationMethod | wiFiAuthenticationMethod | Indicates the Authentication Method the client (device) needs to use when the EAP Type is configured to PEAP or EAP-TTLS. Possible values are: certificate, usernameAndPassword, derivedCredential. |
| innerAuthenticationProtocolForEapTtls | nonEapAuthenticationMethodForEapTtlsType | Non-EAP Method for Authentication (Inner Identity) when EAP Type is EAP-TTLS and Authenticationmethod is Username and Password. Possible values are: unencryptedPassword, challengeHandshakeAuthenticationProtocol, microsoftChap, microsoftChapVersionTwo. |
| innerAuthenticationProtocolForPeap | nonEapAuthenticationMethodForPeap | Non-EAP Method for Authentication (Inner Identity) when EAP Type is PEAP and Authenticationmethod is Username and Password. Possible values are: none, microsoftChapVersionTwo. |
| outerIdentityPrivacyTemporaryValue | String | Enable identity privacy (Outer Identity) when EAP Type is configured to EAP-TTLS or PEAP. The String provided here is used to mask the username of individual users when they attempt to connect to Wi-Fi network. |
androidForWorkGeneralDeviceConfiguration
| Property | Type | Description |
|---|---|---|
| id | String | Key of the entity. Inherited from deviceConfiguration |
| lastModifiedDateTime | DateTimeOffset | DateTime the object was last modified. Inherited from deviceConfiguration |
| roleScopeTagIds | String collection | List of Scope Tags for this Entity instance. Inherited from deviceConfiguration |
| supportsScopeTags | Boolean | Indicates whether or not the underlying Device Configuration supports the assignment of scope tags. Assigning to the ScopeTags property is not allowed when this value is false and entities will not be visible to scoped users. This occurs for Legacy policies created in Silverlight and can be resolved by deleting and recreating the policy in the Azure Portal. This property is read-only. Inherited from deviceConfiguration |
| deviceManagementApplicabilityRuleOsEdition | deviceManagementApplicabilityRuleOsEdition | The OS edition applicability for this Policy. Inherited from deviceConfiguration |
| deviceManagementApplicabilityRuleOsVersion | deviceManagementApplicabilityRuleOsVersion | The OS version applicability rule for this Policy. Inherited from deviceConfiguration |
| deviceManagementApplicabilityRuleDeviceMode | deviceManagementApplicabilityRuleDeviceMode | The device mode applicability rule for this Policy. Inherited from deviceConfiguration |
| createdDateTime | DateTimeOffset | DateTime the object was created. Inherited from deviceConfiguration |
| description | String | Admin provided description of the Device Configuration. Inherited from deviceConfiguration |
| displayName | String | Admin provided name of the device configuration. Inherited from deviceConfiguration |
| version | Int32 | Version of the device configuration. Inherited from deviceConfiguration |
| passwordBlockFaceUnlock | Boolean | Indicates whether or not to block face unlock. |
| passwordBlockFingerprintUnlock | Boolean | Indicates whether or not to block fingerprint unlock. |
| passwordBlockIrisUnlock | Boolean | Indicates whether or not to block iris unlock. |
| passwordBlockTrustAgents | Boolean | Indicates whether or not to block Smart Lock and other trust agents. |
| passwordExpirationDays | Int32 | Number of days before the password expires. Valid values 1 to 365 |
| passwordMinimumLength | Int32 | Minimum length of passwords. Valid values 4 to 16 |
| passwordMinutesOfInactivityBeforeScreenTimeout | Int32 | Minutes of inactivity before the screen times out. |
| passwordPreviousPasswordBlockCount | Int32 | Number of previous passwords to block. Valid values 0 to 24 |
| passwordSignInFailureCountBeforeFactoryReset | Int32 | Number of sign in failures allowed before factory reset. Valid values 1 to 16 |
| passwordRequiredType | androidForWorkRequiredPasswordType | Type of password that is required. Possible values are: deviceDefault, lowSecurityBiometric, required, atLeastNumeric, numericComplex, atLeastAlphabetic, atLeastAlphanumeric, alphanumericWithSymbols. |
| requiredPasswordComplexity | androidRequiredPasswordComplexity | Indicates the required device password complexity on Android. One of: NONE, LOW, MEDIUM, HIGH. This is a new API targeted to Android 12+. Possible values are: none, low, medium, high. |
| workProfileDataSharingType | androidForWorkCrossProfileDataSharingType | Type of data sharing that is allowed. Possible values are: deviceDefault, preventAny, allowPersonalToWork, noRestrictions. |
| workProfileBlockNotificationsWhileDeviceLocked | Boolean | Indicates whether or not to block notifications while device locked. |
| workProfileBlockAddingAccounts | Boolean | Block users from adding/removing accounts in work profile. |
| workProfileBluetoothEnableContactSharing | Boolean | Allow bluetooth devices to access enterprise contacts. |
| workProfileBlockScreenCapture | Boolean | Block screen capture in work profile. |
| workProfileBlockCrossProfileCallerId | Boolean | Block display work profile caller ID in personal profile. |
| workProfileBlockCamera | Boolean | Block work profile camera. |
| workProfileBlockCrossProfileContactsSearch | Boolean | Block work profile contacts availability in personal profile. |
| workProfileBlockCrossProfileCopyPaste | Boolean | Boolean that indicates if the setting disallow cross profile copy/paste is enabled. |
| workProfileDefaultAppPermissionPolicy | androidForWorkDefaultAppPermissionPolicyType | Type of password that is required. Possible values are: deviceDefault, prompt, autoGrant, autoDeny. |
| workProfilePasswordBlockFaceUnlock | Boolean | Indicates whether or not to block face unlock for work profile. |
| workProfilePasswordBlockFingerprintUnlock | Boolean | Indicates whether or not to block fingerprint unlock for work profile. |
| workProfilePasswordBlockIrisUnlock | Boolean | Indicates whether or not to block iris unlock for work profile. |
| workProfilePasswordBlockTrustAgents | Boolean | Indicates whether or not to block Smart Lock and other trust agents for work profile. |
| workProfilePasswordExpirationDays | Int32 | Number of days before the work profile password expires. Valid values 1 to 365 |
| workProfilePasswordMinimumLength | Int32 | Minimum length of work profile password. Valid values 4 to 16 |
| workProfilePasswordMinNumericCharacters | Int32 | Minimum # of numeric characters required in work profile password. Valid values 1 to 10 |
| workProfilePasswordMinNonLetterCharacters | Int32 | Minimum # of non-letter characters required in work profile password. Valid values 1 to 10 |
| workProfilePasswordMinLetterCharacters | Int32 | Minimum # of letter characters required in work profile password. Valid values 1 to 10 |
| workProfilePasswordMinLowerCaseCharacters | Int32 | Minimum # of lower-case characters required in work profile password. Valid values 1 to 10 |
| workProfilePasswordMinUpperCaseCharacters | Int32 | Minimum # of upper-case characters required in work profile password. Valid values 1 to 10 |
| workProfilePasswordMinSymbolCharacters | Int32 | Minimum # of symbols required in work profile password. Valid values 1 to 10 |
| workProfilePasswordMinutesOfInactivityBeforeScreenTimeout | Int32 | Minutes of inactivity before the screen times out. |
| workProfilePasswordPreviousPasswordBlockCount | Int32 | Number of previous work profile passwords to block. Valid values 0 to 24 |
| workProfilePasswordSignInFailureCountBeforeFactoryReset | Int32 | Number of sign in failures allowed before work profile is removed and all corporate data deleted. Valid values 1 to 16 |
| workProfilePasswordRequiredType | androidForWorkRequiredPasswordType | Type of work profile password that is required. Possible values are: deviceDefault, lowSecurityBiometric, required, atLeastNumeric, numericComplex, atLeastAlphabetic, atLeastAlphanumeric, alphanumericWithSymbols. |
| workProfileRequiredPasswordComplexity | androidRequiredPasswordComplexity | Indicates the required work profile password complexity on Android. One of: NONE, LOW, MEDIUM, HIGH. This is a new API targeted to Android 12+. Possible values are: none, low, medium, high. |
| workProfileRequirePassword | Boolean | Password is required or not for work profile |
| securityRequireVerifyApps | Boolean | Require the Android Verify apps feature is turned on. |
| vpnAlwaysOnPackageIdentifier | String | Enable lockdown mode for always-on VPN. |
| vpnEnableAlwaysOnLockdownMode | Boolean | Enable lockdown mode for always-on VPN. |
| workProfileAllowWidgets | Boolean | Allow widgets from work profile apps. |
| workProfileBlockPersonalAppInstallsFromUnknownSources | Boolean | Prevent app installations from unknown sources in the personal profile. |
androidForWorkGmailEasConfiguration
| Property | Type | Description |
|---|---|---|
| id | String | Key of the entity. Inherited from deviceConfiguration |
| lastModifiedDateTime | DateTimeOffset | DateTime the object was last modified. Inherited from deviceConfiguration |
| roleScopeTagIds | String collection | List of Scope Tags for this Entity instance. Inherited from deviceConfiguration |
| supportsScopeTags | Boolean | Indicates whether or not the underlying Device Configuration supports the assignment of scope tags. Assigning to the ScopeTags property is not allowed when this value is false and entities will not be visible to scoped users. This occurs for Legacy policies created in Silverlight and can be resolved by deleting and recreating the policy in the Azure Portal. This property is read-only. Inherited from deviceConfiguration |
| deviceManagementApplicabilityRuleOsEdition | deviceManagementApplicabilityRuleOsEdition | The OS edition applicability for this Policy. Inherited from deviceConfiguration |
| deviceManagementApplicabilityRuleOsVersion | deviceManagementApplicabilityRuleOsVersion | The OS version applicability rule for this Policy. Inherited from deviceConfiguration |
| deviceManagementApplicabilityRuleDeviceMode | deviceManagementApplicabilityRuleDeviceMode | The device mode applicability rule for this Policy. Inherited from deviceConfiguration |
| createdDateTime | DateTimeOffset | DateTime the object was created. Inherited from deviceConfiguration |
| description | String | Admin provided description of the Device Configuration. Inherited from deviceConfiguration |
| displayName | String | Admin provided name of the device configuration. Inherited from deviceConfiguration |
| version | Int32 | Version of the device configuration. Inherited from deviceConfiguration |
| authenticationMethod | easAuthenticationMethod | Authentication method for Exchange ActiveSync. Inherited from androidForWorkEasEmailProfileBase. Possible values are: usernameAndPassword, certificate, derivedCredential. |
| durationOfEmailToSync | emailSyncDuration | Duration of time email should be synced to. Inherited from androidForWorkEasEmailProfileBase. Possible values are: userDefined, oneDay, threeDays, oneWeek, twoWeeks, oneMonth, unlimited. |
| emailAddressSource | userEmailSource | Email attribute that is picked from AAD and injected into this profile before installing on the device. Inherited from androidForWorkEasEmailProfileBase. Possible values are: userPrincipalName, primarySmtpAddress. |
| hostName | String | Exchange location (URL) that the mail app connects to. Inherited from androidForWorkEasEmailProfileBase |
| requireSsl | Boolean | Indicates whether or not to use SSL. Inherited from androidForWorkEasEmailProfileBase |
| usernameSource | androidUsernameSource | Username attribute that is picked from AAD and injected into this profile before installing on the device. Inherited from androidForWorkEasEmailProfileBase. Possible values are: username, userPrincipalName, samAccountName, primarySmtpAddress. |
androidForWorkImportedPFXCertificateProfile
| Property | Type | Description |
|---|---|---|
| id | String | Key of the entity. Inherited from deviceConfiguration |
| lastModifiedDateTime | DateTimeOffset | DateTime the object was last modified. Inherited from deviceConfiguration |
| roleScopeTagIds | String collection | List of Scope Tags for this Entity instance. Inherited from deviceConfiguration |
| supportsScopeTags | Boolean | Indicates whether or not the underlying Device Configuration supports the assignment of scope tags. Assigning to the ScopeTags property is not allowed when this value is false and entities will not be visible to scoped users. This occurs for Legacy policies created in Silverlight and can be resolved by deleting and recreating the policy in the Azure Portal. This property is read-only. Inherited from deviceConfiguration |
| deviceManagementApplicabilityRuleOsEdition | deviceManagementApplicabilityRuleOsEdition | The OS edition applicability for this Policy. Inherited from deviceConfiguration |
| deviceManagementApplicabilityRuleOsVersion | deviceManagementApplicabilityRuleOsVersion | The OS version applicability rule for this Policy. Inherited from deviceConfiguration |
| deviceManagementApplicabilityRuleDeviceMode | deviceManagementApplicabilityRuleDeviceMode | The device mode applicability rule for this Policy. Inherited from deviceConfiguration |
| createdDateTime | DateTimeOffset | DateTime the object was created. Inherited from deviceConfiguration |
| description | String | Admin provided description of the Device Configuration. Inherited from deviceConfiguration |
| displayName | String | Admin provided name of the device configuration. Inherited from deviceConfiguration |
| version | Int32 | Version of the device configuration. Inherited from deviceConfiguration |
| renewalThresholdPercentage | Int32 | Certificate renewal threshold percentage. Valid values 1 to 99 Inherited from androidCertificateProfileBase |
| subjectNameFormat | subjectNameFormat | Certificate Subject Name Format. Inherited from androidCertificateProfileBase. Possible values are: commonName, commonNameIncludingEmail, commonNameAsEmail, custom, commonNameAsIMEI, commonNameAsSerialNumber, commonNameAsAadDeviceId, commonNameAsIntuneDeviceId, commonNameAsDurableDeviceId. |
| subjectAlternativeNameType | subjectAlternativeNameType | Certificate Subject Alternative Name Type. Inherited from androidCertificateProfileBase. Possible values are: none, emailAddress, userPrincipalName, customAzureADAttribute, domainNameService, universalResourceIdentifier. |
| certificateValidityPeriodValue | Int32 | Value for the Certificate Validity Period. Inherited from androidCertificateProfileBase |
| certificateValidityPeriodScale | certificateValidityPeriodScale | Scale for the Certificate Validity Period. Inherited from androidCertificateProfileBase. Possible values are: days, months, years. |
| extendedKeyUsages | extendedKeyUsage collection | Extended Key Usage (EKU) settings. This collection can contain a maximum of 500 elements. Inherited from androidCertificateProfileBase |
| intendedPurpose | intendedPurpose | Intended Purpose of the Certificate Profile - which could be Unassigned, SmimeEncryption, SmimeSigning etc. Possible values are: unassigned, smimeEncryption, smimeSigning, vpn, wifi. |
androidForWorkNineWorkEasConfiguration
| Property | Type | Description |
|---|---|---|
| id | String | Key of the entity. Inherited from deviceConfiguration |
| lastModifiedDateTime | DateTimeOffset | DateTime the object was last modified. Inherited from deviceConfiguration |
| roleScopeTagIds | String collection | List of Scope Tags for this Entity instance. Inherited from deviceConfiguration |
| supportsScopeTags | Boolean | Indicates whether or not the underlying Device Configuration supports the assignment of scope tags. Assigning to the ScopeTags property is not allowed when this value is false and entities will not be visible to scoped users. This occurs for Legacy policies created in Silverlight and can be resolved by deleting and recreating the policy in the Azure Portal. This property is read-only. Inherited from deviceConfiguration |
| deviceManagementApplicabilityRuleOsEdition | deviceManagementApplicabilityRuleOsEdition | The OS edition applicability for this Policy. Inherited from deviceConfiguration |
| deviceManagementApplicabilityRuleOsVersion | deviceManagementApplicabilityRuleOsVersion | The OS version applicability rule for this Policy. Inherited from deviceConfiguration |
| deviceManagementApplicabilityRuleDeviceMode | deviceManagementApplicabilityRuleDeviceMode | The device mode applicability rule for this Policy. Inherited from deviceConfiguration |
| createdDateTime | DateTimeOffset | DateTime the object was created. Inherited from deviceConfiguration |
| description | String | Admin provided description of the Device Configuration. Inherited from deviceConfiguration |
| displayName | String | Admin provided name of the device configuration. Inherited from deviceConfiguration |
| version | Int32 | Version of the device configuration. Inherited from deviceConfiguration |
| authenticationMethod | easAuthenticationMethod | Authentication method for Exchange ActiveSync. Inherited from androidForWorkEasEmailProfileBase. Possible values are: usernameAndPassword, certificate, derivedCredential. |
| durationOfEmailToSync | emailSyncDuration | Duration of time email should be synced to. Inherited from androidForWorkEasEmailProfileBase. Possible values are: userDefined, oneDay, threeDays, oneWeek, twoWeeks, oneMonth, unlimited. |
| emailAddressSource | userEmailSource | Email attribute that is picked from AAD and injected into this profile before installing on the device. Inherited from androidForWorkEasEmailProfileBase. Possible values are: userPrincipalName, primarySmtpAddress. |
| hostName | String | Exchange location (URL) that the mail app connects to. Inherited from androidForWorkEasEmailProfileBase |
| requireSsl | Boolean | Indicates whether or not to use SSL. Inherited from androidForWorkEasEmailProfileBase |
| usernameSource | androidUsernameSource | Username attribute that is picked from AAD and injected into this profile before installing on the device. Inherited from androidForWorkEasEmailProfileBase. Possible values are: username, userPrincipalName, samAccountName, primarySmtpAddress. |
| syncCalendar | Boolean | Toggles syncing the calendar. If set to false the calendar is turned off on the device. |
| syncContacts | Boolean | Toggles syncing contacts. If set to false contacts are turned off on the device. |
| syncTasks | Boolean | Toggles syncing tasks. If set to false tasks are turned off on the device. |
androidForWorkPkcsCertificateProfile
| Property | Type | Description |
|---|---|---|
| id | String | Key of the entity. Inherited from deviceConfiguration |
| lastModifiedDateTime | DateTimeOffset | DateTime the object was last modified. Inherited from deviceConfiguration |
| roleScopeTagIds | String collection | List of Scope Tags for this Entity instance. Inherited from deviceConfiguration |
| supportsScopeTags | Boolean | Indicates whether or not the underlying Device Configuration supports the assignment of scope tags. Assigning to the ScopeTags property is not allowed when this value is false and entities will not be visible to scoped users. This occurs for Legacy policies created in Silverlight and can be resolved by deleting and recreating the policy in the Azure Portal. This property is read-only. Inherited from deviceConfiguration |
| deviceManagementApplicabilityRuleOsEdition | deviceManagementApplicabilityRuleOsEdition | The OS edition applicability for this Policy. Inherited from deviceConfiguration |
| deviceManagementApplicabilityRuleOsVersion | deviceManagementApplicabilityRuleOsVersion | The OS version applicability rule for this Policy. Inherited from deviceConfiguration |
| deviceManagementApplicabilityRuleDeviceMode | deviceManagementApplicabilityRuleDeviceMode | The device mode applicability rule for this Policy. Inherited from deviceConfiguration |
| createdDateTime | DateTimeOffset | DateTime the object was created. Inherited from deviceConfiguration |
| description | String | Admin provided description of the Device Configuration. Inherited from deviceConfiguration |
| displayName | String | Admin provided name of the device configuration. Inherited from deviceConfiguration |
| version | Int32 | Version of the device configuration. Inherited from deviceConfiguration |
| renewalThresholdPercentage | Int32 | Certificate renewal threshold percentage. Valid values 1 to 99 Inherited from androidForWorkCertificateProfileBase |
| subjectNameFormat | subjectNameFormat | Certificate Subject Name Format. Inherited from androidForWorkCertificateProfileBase. Possible values are: commonName, commonNameIncludingEmail, commonNameAsEmail, custom, commonNameAsIMEI, commonNameAsSerialNumber, commonNameAsAadDeviceId, commonNameAsIntuneDeviceId, commonNameAsDurableDeviceId. |
| certificateValidityPeriodValue | Int32 | Value for the Certificate Validity Period. Inherited from androidForWorkCertificateProfileBase |
| certificateValidityPeriodScale | certificateValidityPeriodScale | Scale for the Certificate Validity Period. Inherited from androidForWorkCertificateProfileBase. Possible values are: days, months, years. |
| extendedKeyUsages | extendedKeyUsage collection | Extended Key Usage (EKU) settings. This collection can contain a maximum of 500 elements. Inherited from androidForWorkCertificateProfileBase |
| subjectAlternativeNameType | subjectAlternativeNameType | Certificate Subject Alternative Name Type. Inherited from androidForWorkCertificateProfileBase. Possible values are: none, emailAddress, userPrincipalName, customAzureADAttribute, domainNameService, universalResourceIdentifier. |
| certificationAuthority | String | PKCS Certification Authority |
| certificationAuthorityName | String | PKCS Certification Authority Name |
| certificateTemplateName | String | PKCS Certificate Template Name |
| subjectAlternativeNameFormatString | String | Custom String that defines the AAD Attribute. |
androidForWorkScepCertificateProfile
| Property | Type | Description |
|---|---|---|
| id | String | Key of the entity. Inherited from deviceConfiguration |
| lastModifiedDateTime | DateTimeOffset | DateTime the object was last modified. Inherited from deviceConfiguration |
| roleScopeTagIds | String collection | List of Scope Tags for this Entity instance. Inherited from deviceConfiguration |
| supportsScopeTags | Boolean | Indicates whether or not the underlying Device Configuration supports the assignment of scope tags. Assigning to the ScopeTags property is not allowed when this value is false and entities will not be visible to scoped users. This occurs for Legacy policies created in Silverlight and can be resolved by deleting and recreating the policy in the Azure Portal. This property is read-only. Inherited from deviceConfiguration |
| deviceManagementApplicabilityRuleOsEdition | deviceManagementApplicabilityRuleOsEdition | The OS edition applicability for this Policy. Inherited from deviceConfiguration |
| deviceManagementApplicabilityRuleOsVersion | deviceManagementApplicabilityRuleOsVersion | The OS version applicability rule for this Policy. Inherited from deviceConfiguration |
| deviceManagementApplicabilityRuleDeviceMode | deviceManagementApplicabilityRuleDeviceMode | The device mode applicability rule for this Policy. Inherited from deviceConfiguration |
| createdDateTime | DateTimeOffset | DateTime the object was created. Inherited from deviceConfiguration |
| description | String | Admin provided description of the Device Configuration. Inherited from deviceConfiguration |
| displayName | String | Admin provided name of the device configuration. Inherited from deviceConfiguration |
| version | Int32 | Version of the device configuration. Inherited from deviceConfiguration |
| renewalThresholdPercentage | Int32 | Certificate renewal threshold percentage. Valid values 1 to 99 Inherited from androidForWorkCertificateProfileBase |
| subjectNameFormat | subjectNameFormat | Certificate Subject Name Format. Inherited from androidForWorkCertificateProfileBase. Possible values are: commonName, commonNameIncludingEmail, commonNameAsEmail, custom, commonNameAsIMEI, commonNameAsSerialNumber, commonNameAsAadDeviceId, commonNameAsIntuneDeviceId, commonNameAsDurableDeviceId. |
| certificateValidityPeriodValue | Int32 | Value for the Certificate Validity Period. Inherited from androidForWorkCertificateProfileBase |
| certificateValidityPeriodScale | certificateValidityPeriodScale | Scale for the Certificate Validity Period. Inherited from androidForWorkCertificateProfileBase. Possible values are: days, months, years. |
| extendedKeyUsages | extendedKeyUsage collection | Extended Key Usage (EKU) settings. This collection can contain a maximum of 500 elements. Inherited from androidForWorkCertificateProfileBase |
| subjectAlternativeNameType | subjectAlternativeNameType | Certificate Subject Alternative Name Type. Inherited from androidForWorkCertificateProfileBase. Possible values are: none, emailAddress, userPrincipalName, customAzureADAttribute, domainNameService, universalResourceIdentifier. |
| scepServerUrls | String collection | SCEP Server Url(s) |
| subjectNameFormatString | String | Custom format to use with SubjectNameFormat = Custom. Example: CN={{EmailAddress}},E={{EmailAddress}},OU=Enterprise Users,O=Contoso Corporation,L=Redmond,ST=WA,C=US |
| keyUsage | keyUsages | SCEP Key Usage. Possible values are: keyEncipherment, digitalSignature. |
| keySize | keySize | SCEP Key Size. Possible values are: size1024, size2048, size4096. |
| hashAlgorithm | hashAlgorithms | SCEP Hash Algorithm. Possible values are: sha1, sha2. |
| subjectAlternativeNameFormatString | String | Custom String that defines the AAD Attribute. |
| certificateStore | certificateStore | Target store certificate. Possible values are: user, machine. |
| customSubjectAlternativeNames | customSubjectAlternativeName collection | Custom Subject Alternative Name Settings. This collection can contain a maximum of 500 elements. |
androidForWorkTrustedRootCertificate
| Property | Type | Description |
|---|---|---|
| id | String | Key of the entity. Inherited from deviceConfiguration |
| lastModifiedDateTime | DateTimeOffset | DateTime the object was last modified. Inherited from deviceConfiguration |
| roleScopeTagIds | String collection | List of Scope Tags for this Entity instance. Inherited from deviceConfiguration |
| supportsScopeTags | Boolean | Indicates whether or not the underlying Device Configuration supports the assignment of scope tags. Assigning to the ScopeTags property is not allowed when this value is false and entities will not be visible to scoped users. This occurs for Legacy policies created in Silverlight and can be resolved by deleting and recreating the policy in the Azure Portal. This property is read-only. Inherited from deviceConfiguration |
| deviceManagementApplicabilityRuleOsEdition | deviceManagementApplicabilityRuleOsEdition | The OS edition applicability for this Policy. Inherited from deviceConfiguration |
| deviceManagementApplicabilityRuleOsVersion | deviceManagementApplicabilityRuleOsVersion | The OS version applicability rule for this Policy. Inherited from deviceConfiguration |
| deviceManagementApplicabilityRuleDeviceMode | deviceManagementApplicabilityRuleDeviceMode | The device mode applicability rule for this Policy. Inherited from deviceConfiguration |
| createdDateTime | DateTimeOffset | DateTime the object was created. Inherited from deviceConfiguration |
| description | String | Admin provided description of the Device Configuration. Inherited from deviceConfiguration |
| displayName | String | Admin provided name of the device configuration. Inherited from deviceConfiguration |
| version | Int32 | Version of the device configuration. Inherited from deviceConfiguration |
| trustedRootCertificate | Binary | Trusted Root Certificate |
| certFileName | String | File name to display in UI. |
androidForWorkVpnConfiguration
| Property | Type | Description |
|---|---|---|
| id | String | Key of the entity. Inherited from deviceConfiguration |
| lastModifiedDateTime | DateTimeOffset | DateTime the object was last modified. Inherited from deviceConfiguration |
| roleScopeTagIds | String collection | List of Scope Tags for this Entity instance. Inherited from deviceConfiguration |
| supportsScopeTags | Boolean | Indicates whether or not the underlying Device Configuration supports the assignment of scope tags. Assigning to the ScopeTags property is not allowed when this value is false and entities will not be visible to scoped users. This occurs for Legacy policies created in Silverlight and can be resolved by deleting and recreating the policy in the Azure Portal. This property is read-only. Inherited from deviceConfiguration |
| deviceManagementApplicabilityRuleOsEdition | deviceManagementApplicabilityRuleOsEdition | The OS edition applicability for this Policy. Inherited from deviceConfiguration |
| deviceManagementApplicabilityRuleOsVersion | deviceManagementApplicabilityRuleOsVersion | The OS version applicability rule for this Policy. Inherited from deviceConfiguration |
| deviceManagementApplicabilityRuleDeviceMode | deviceManagementApplicabilityRuleDeviceMode | The device mode applicability rule for this Policy. Inherited from deviceConfiguration |
| createdDateTime | DateTimeOffset | DateTime the object was created. Inherited from deviceConfiguration |
| description | String | Admin provided description of the Device Configuration. Inherited from deviceConfiguration |
| displayName | String | Admin provided name of the device configuration. Inherited from deviceConfiguration |
| version | Int32 | Version of the device configuration. Inherited from deviceConfiguration |
| connectionName | String | Connection name displayed to the user. |
| connectionType | androidForWorkVpnConnectionType | Connection type. Possible values are: ciscoAnyConnect, pulseSecure, f5EdgeClient, dellSonicWallMobileConnect, checkPointCapsuleVpn, citrix. |
| role | String | Role when connection type is set to Pulse Secure. |
| realm | String | Realm when connection type is set to Pulse Secure. |
| servers | vpnServer collection | List of VPN Servers on the network. Make sure end users can access these network locations. This collection can contain a maximum of 500 elements. |
| fingerprint | String | Fingerprint is a string that will be used to verify the VPN server can be trusted, which is only applicable when connection type is Check Point Capsule VPN. |
| customData | keyValue collection | Custom data when connection type is set to Citrix. This collection can contain a maximum of 25 elements. |
| customKeyValueData | keyValuePair collection | Custom data when connection type is set to Citrix. This collection can contain a maximum of 25 elements. |
| authenticationMethod | vpnAuthenticationMethod | Authentication method. Possible values are: certificate, usernameAndPassword, sharedSecret, derivedCredential, azureAD. |
androidForWorkWiFiConfiguration
| Property | Type | Description |
|---|---|---|
| id | String | Key of the entity. Inherited from deviceConfiguration |
| lastModifiedDateTime | DateTimeOffset | DateTime the object was last modified. Inherited from deviceConfiguration |
| roleScopeTagIds | String collection | List of Scope Tags for this Entity instance. Inherited from deviceConfiguration |
| supportsScopeTags | Boolean | Indicates whether or not the underlying Device Configuration supports the assignment of scope tags. Assigning to the ScopeTags property is not allowed when this value is false and entities will not be visible to scoped users. This occurs for Legacy policies created in Silverlight and can be resolved by deleting and recreating the policy in the Azure Portal. This property is read-only. Inherited from deviceConfiguration |
| deviceManagementApplicabilityRuleOsEdition | deviceManagementApplicabilityRuleOsEdition | The OS edition applicability for this Policy. Inherited from deviceConfiguration |
| deviceManagementApplicabilityRuleOsVersion | deviceManagementApplicabilityRuleOsVersion | The OS version applicability rule for this Policy. Inherited from deviceConfiguration |
| deviceManagementApplicabilityRuleDeviceMode | deviceManagementApplicabilityRuleDeviceMode | The device mode applicability rule for this Policy. Inherited from deviceConfiguration |
| createdDateTime | DateTimeOffset | DateTime the object was created. Inherited from deviceConfiguration |
| description | String | Admin provided description of the Device Configuration. Inherited from deviceConfiguration |
| displayName | String | Admin provided name of the device configuration. Inherited from deviceConfiguration |
| version | Int32 | Version of the device configuration. Inherited from deviceConfiguration |
| networkName | String | Network Name |
| ssid | String | This is the name of the Wi-Fi network that is broadcast to all devices. |
| connectAutomatically | Boolean | Connect automatically when this network is in range. Setting this to true will skip the user prompt and automatically connect the device to Wi-Fi network. |
| connectWhenNetworkNameIsHidden | Boolean | When set to true, this profile forces the device to connect to a network that doesn't broadcast its SSID to all devices. |
| wiFiSecurityType | androidWiFiSecurityType | Indicates whether Wi-Fi endpoint uses an EAP based security type. Possible values are: open, wpaEnterprise, wpa2Enterprise. |
androidGeneralDeviceConfiguration
| Property | Type | Description |
|---|---|---|
| id | String | Key of the entity. Inherited from deviceConfiguration |
| lastModifiedDateTime | DateTimeOffset | DateTime the object was last modified. Inherited from deviceConfiguration |
| createdDateTime | DateTimeOffset | DateTime the object was created. Inherited from deviceConfiguration |
| description | String | Admin provided description of the Device Configuration. Inherited from deviceConfiguration |
| displayName | String | Admin provided name of the device configuration. Inherited from deviceConfiguration |
| version | Int32 | Version of the device configuration. Inherited from deviceConfiguration |
| appsBlockClipboardSharing | Boolean | Indicates whether or not to block clipboard sharing to copy and paste between applications. |
| appsBlockCopyPaste | Boolean | Indicates whether or not to block copy and paste within applications. |
| appsBlockYouTube | Boolean | Indicates whether or not to block the YouTube app. |
| bluetoothBlocked | Boolean | Indicates whether or not to block Bluetooth. |
| cameraBlocked | Boolean | Indicates whether or not to block the use of the camera. |
| cellularBlockDataRoaming | Boolean | Indicates whether or not to block data roaming. |
| cellularBlockMessaging | Boolean | Indicates whether or not to block SMS/MMS messaging. |
| cellularBlockVoiceRoaming | Boolean | Indicates whether or not to block voice roaming. |
| cellularBlockWiFiTethering | Boolean | Indicates whether or not to block syncing Wi-Fi tethering. |
| compliantAppsList | appListItem collection | List of apps in the compliance (either allow list or block list, controlled by CompliantAppListType). This collection can contain a maximum of 10000 elements. |
| compliantAppListType | appListType | Type of list that is in the CompliantAppsList. Possible values are: none, appsInListCompliant, appsNotInListCompliant. |
| diagnosticDataBlockSubmission | Boolean | Indicates whether or not to block diagnostic data submission. |
| locationServicesBlocked | Boolean | Indicates whether or not to block location services. |
| googleAccountBlockAutoSync | Boolean | Indicates whether or not to block Google account auto sync. |
| googlePlayStoreBlocked | Boolean | Indicates whether or not to block the Google Play store. |
| kioskModeBlockSleepButton | Boolean | Indicates whether or not to block the screen sleep button while in Kiosk Mode. |
| kioskModeBlockVolumeButtons | Boolean | Indicates whether or not to block the volume buttons while in Kiosk Mode. |
| kioskModeApps | appListItem collection | A list of apps that will be allowed to run when the device is in Kiosk Mode. This collection can contain a maximum of 500 elements. |
| nfcBlocked | Boolean | Indicates whether or not to block Near-Field Communication. |
| passwordBlockFingerprintUnlock | Boolean | Indicates whether or not to block fingerprint unlock. |
| passwordBlockTrustAgents | Boolean | Indicates whether or not to block Smart Lock and other trust agents. |
| passwordExpirationDays | Int32 | Number of days before the password expires. Valid values 1 to 365 |
| passwordMinimumLength | Int32 | Minimum length of passwords. Valid values 4 to 16 |
| passwordMinutesOfInactivityBeforeScreenTimeout | Int32 | Minutes of inactivity before the screen times out. |
| passwordPreviousPasswordBlockCount | Int32 | Number of previous passwords to block. Valid values 0 to 24 |
| passwordSignInFailureCountBeforeFactoryReset | Int32 | Number of sign in failures allowed before factory reset. Valid values 1 to 16 |
| passwordRequiredType | androidRequiredPasswordType | Type of password that is required. Possible values are: deviceDefault, alphabetic, alphanumeric, alphanumericWithSymbols, lowSecurityBiometric, numeric, numericComplex, any. |
| passwordRequired | Boolean | Indicates whether or not to require a password. |
| powerOffBlocked | Boolean | Indicates whether or not to block powering off the device. |
| factoryResetBlocked | Boolean | Indicates whether or not to block user performing a factory reset. |
| screenCaptureBlocked | Boolean | Indicates whether or not to block screenshots. |
| deviceSharingAllowed | Boolean | Indicates whether or not to allow device sharing mode. |
| storageBlockGoogleBackup | Boolean | Indicates whether or not to block Google Backup. |
| storageBlockRemovableStorage | Boolean | Indicates whether or not to block removable storage usage. |
| storageRequireDeviceEncryption | Boolean | Indicates whether or not to require device encryption. |
| storageRequireRemovableStorageEncryption | Boolean | Indicates whether or not to require removable storage encryption. |
| voiceAssistantBlocked | Boolean | Indicates whether or not to block the use of the Voice Assistant. |
| voiceDialingBlocked | Boolean | Indicates whether or not to block voice dialing. |
| webBrowserBlockPopups | Boolean | Indicates whether or not to block popups within the web browser. |
| webBrowserBlockAutofill | Boolean | Indicates whether or not to block the web browser's auto fill feature. |
| webBrowserBlockJavaScript | Boolean | Indicates whether or not to block JavaScript within the web browser. |
| webBrowserBlocked | Boolean | Indicates whether or not to block the web browser. |
| webBrowserCookieSettings | webBrowserCookieSettings | Cookie settings within the web browser. Possible values are: browserDefault, blockAlways, allowCurrentWebSite, allowFromWebsitesVisited, allowAlways. |
| wiFiBlocked | Boolean | Indicates whether or not to block syncing Wi-Fi. |
| appsInstallAllowList | appListItem collection | List of apps which can be installed on the KNOX device. This collection can contain a maximum of 500 elements. |
| appsLaunchBlockList | appListItem collection | List of apps which are blocked from being launched on the KNOX device. This collection can contain a maximum of 500 elements. |
| appsHideList | appListItem collection | List of apps to be hidden on the KNOX device. This collection can contain a maximum of 500 elements. |
| securityRequireVerifyApps | Boolean | Require the Android Verify apps feature is turned on. |
androidImportedPFXCertificateProfile
| Property | Type | Description |
|---|---|---|
| id | String | Key of the entity. Inherited from deviceConfiguration |
| lastModifiedDateTime | DateTimeOffset | DateTime the object was last modified. Inherited from deviceConfiguration |
| roleScopeTagIds | String collection | List of Scope Tags for this Entity instance. Inherited from deviceConfiguration |
| supportsScopeTags | Boolean | Indicates whether or not the underlying Device Configuration supports the assignment of scope tags. Assigning to the ScopeTags property is not allowed when this value is false and entities will not be visible to scoped users. This occurs for Legacy policies created in Silverlight and can be resolved by deleting and recreating the policy in the Azure Portal. This property is read-only. Inherited from deviceConfiguration |
| deviceManagementApplicabilityRuleOsEdition | deviceManagementApplicabilityRuleOsEdition | The OS edition applicability for this Policy. Inherited from deviceConfiguration |
| deviceManagementApplicabilityRuleOsVersion | deviceManagementApplicabilityRuleOsVersion | The OS version applicability rule for this Policy. Inherited from deviceConfiguration |
| deviceManagementApplicabilityRuleDeviceMode | deviceManagementApplicabilityRuleDeviceMode | The device mode applicability rule for this Policy. Inherited from deviceConfiguration |
| createdDateTime | DateTimeOffset | DateTime the object was created. Inherited from deviceConfiguration |
| description | String | Admin provided description of the Device Configuration. Inherited from deviceConfiguration |
| displayName | String | Admin provided name of the device configuration. Inherited from deviceConfiguration |
| version | Int32 | Version of the device configuration. Inherited from deviceConfiguration |
| renewalThresholdPercentage | Int32 | Certificate renewal threshold percentage. Valid values 1 to 99 Inherited from androidCertificateProfileBase |
| subjectNameFormat | subjectNameFormat | Certificate Subject Name Format. Inherited from androidCertificateProfileBase. Possible values are: commonName, commonNameIncludingEmail, commonNameAsEmail, custom, commonNameAsIMEI, commonNameAsSerialNumber, commonNameAsAadDeviceId, commonNameAsIntuneDeviceId, commonNameAsDurableDeviceId. |
| subjectAlternativeNameType | subjectAlternativeNameType | Certificate Subject Alternative Name Type. Inherited from androidCertificateProfileBase. Possible values are: none, emailAddress, userPrincipalName, customAzureADAttribute, domainNameService, universalResourceIdentifier. |
| certificateValidityPeriodValue | Int32 | Value for the Certificate Validity Period. Inherited from androidCertificateProfileBase |
| certificateValidityPeriodScale | certificateValidityPeriodScale | Scale for the Certificate Validity Period. Inherited from androidCertificateProfileBase. Possible values are: days, months, years. |
| extendedKeyUsages | extendedKeyUsage collection | Extended Key Usage (EKU) settings. This collection can contain a maximum of 500 elements. Inherited from androidCertificateProfileBase |
| intendedPurpose | intendedPurpose | Intended Purpose of the Certificate Profile - which could be Unassigned, SmimeEncryption, SmimeSigning etc. Possible values are: unassigned, smimeEncryption, smimeSigning, vpn, wifi. |
androidOmaCpConfiguration
| Property | Type | Description |
|---|---|---|
| id | String | Key of the entity. Inherited from deviceConfiguration |
| lastModifiedDateTime | DateTimeOffset | DateTime the object was last modified. Inherited from deviceConfiguration |
| roleScopeTagIds | String collection | List of Scope Tags for this Entity instance. Inherited from deviceConfiguration |
| supportsScopeTags | Boolean | Indicates whether or not the underlying Device Configuration supports the assignment of scope tags. Assigning to the ScopeTags property is not allowed when this value is false and entities will not be visible to scoped users. This occurs for Legacy policies created in Silverlight and can be resolved by deleting and recreating the policy in the Azure Portal. This property is read-only. Inherited from deviceConfiguration |
| deviceManagementApplicabilityRuleOsEdition | deviceManagementApplicabilityRuleOsEdition | The OS edition applicability for this Policy. Inherited from deviceConfiguration |
| deviceManagementApplicabilityRuleOsVersion | deviceManagementApplicabilityRuleOsVersion | The OS version applicability rule for this Policy. Inherited from deviceConfiguration |
| deviceManagementApplicabilityRuleDeviceMode | deviceManagementApplicabilityRuleDeviceMode | The device mode applicability rule for this Policy. Inherited from deviceConfiguration |
| createdDateTime | DateTimeOffset | DateTime the object was created. Inherited from deviceConfiguration |
| description | String | Admin provided description of the Device Configuration. Inherited from deviceConfiguration |
| displayName | String | Admin provided name of the device configuration. Inherited from deviceConfiguration |
| version | Int32 | Version of the device configuration. Inherited from deviceConfiguration |
| configurationXml | Binary | Configuration XML that will be applied to the device. When it is read, it only provides a placeholder string since the original data is encrypted and stored. |
androidPkcsCertificateProfile
| Property | Type | Description |
|---|---|---|
| id | String | Key of the entity. Inherited from deviceConfiguration |
| lastModifiedDateTime | DateTimeOffset | DateTime the object was last modified. Inherited from deviceConfiguration |
| roleScopeTagIds | String collection | List of Scope Tags for this Entity instance. Inherited from deviceConfiguration |
| supportsScopeTags | Boolean | Indicates whether or not the underlying Device Configuration supports the assignment of scope tags. Assigning to the ScopeTags property is not allowed when this value is false and entities will not be visible to scoped users. This occurs for Legacy policies created in Silverlight and can be resolved by deleting and recreating the policy in the Azure Portal. This property is read-only. Inherited from deviceConfiguration |
| deviceManagementApplicabilityRuleOsEdition | deviceManagementApplicabilityRuleOsEdition | The OS edition applicability for this Policy. Inherited from deviceConfiguration |
| deviceManagementApplicabilityRuleOsVersion | deviceManagementApplicabilityRuleOsVersion | The OS version applicability rule for this Policy. Inherited from deviceConfiguration |
| deviceManagementApplicabilityRuleDeviceMode | deviceManagementApplicabilityRuleDeviceMode | The device mode applicability rule for this Policy. Inherited from deviceConfiguration |
| createdDateTime | DateTimeOffset | DateTime the object was created. Inherited from deviceConfiguration |
| description | String | Admin provided description of the Device Configuration. Inherited from deviceConfiguration |
| displayName | String | Admin provided name of the device configuration. Inherited from deviceConfiguration |
| version | Int32 | Version of the device configuration. Inherited from deviceConfiguration |
| renewalThresholdPercentage | Int32 | Certificate renewal threshold percentage. Valid values 1 to 99 Inherited from androidCertificateProfileBase |
| subjectNameFormat | subjectNameFormat | Certificate Subject Name Format. Inherited from androidCertificateProfileBase. Possible values are: commonName, commonNameIncludingEmail, commonNameAsEmail, custom, commonNameAsIMEI, commonNameAsSerialNumber, commonNameAsAadDeviceId, commonNameAsIntuneDeviceId, commonNameAsDurableDeviceId. |
| subjectAlternativeNameType | subjectAlternativeNameType | Certificate Subject Alternative Name Type. Inherited from androidCertificateProfileBase. Possible values are: none, emailAddress, userPrincipalName, customAzureADAttribute, domainNameService, universalResourceIdentifier. |
| certificateValidityPeriodValue | Int32 | Value for the Certificate Validity Period. Inherited from androidCertificateProfileBase |
| certificateValidityPeriodScale | certificateValidityPeriodScale | Scale for the Certificate Validity Period. Inherited from androidCertificateProfileBase. Possible values are: days, months, years. |
| extendedKeyUsages | extendedKeyUsage collection | Extended Key Usage (EKU) settings. This collection can contain a maximum of 500 elements. Inherited from androidCertificateProfileBase |
| certificationAuthority | String | PKCS Certification Authority |
| certificationAuthorityName | String | PKCS Certification Authority Name |
| certificateTemplateName | String | PKCS Certificate Template Name |
| subjectAlternativeNameFormatString | String | Custom String that defines the AAD Attribute. |
androidScepCertificateProfile
| Property | Type | Description |
|---|---|---|
| id | String | Key of the entity. Inherited from deviceConfiguration |
| lastModifiedDateTime | DateTimeOffset | DateTime the object was last modified. Inherited from deviceConfiguration |
| roleScopeTagIds | String collection | List of Scope Tags for this Entity instance. Inherited from deviceConfiguration |
| supportsScopeTags | Boolean | Indicates whether or not the underlying Device Configuration supports the assignment of scope tags. Assigning to the ScopeTags property is not allowed when this value is false and entities will not be visible to scoped users. This occurs for Legacy policies created in Silverlight and can be resolved by deleting and recreating the policy in the Azure Portal. This property is read-only. Inherited from deviceConfiguration |
| deviceManagementApplicabilityRuleOsEdition | deviceManagementApplicabilityRuleOsEdition | The OS edition applicability for this Policy. Inherited from deviceConfiguration |
| deviceManagementApplicabilityRuleOsVersion | deviceManagementApplicabilityRuleOsVersion | The OS version applicability rule for this Policy. Inherited from deviceConfiguration |
| deviceManagementApplicabilityRuleDeviceMode | deviceManagementApplicabilityRuleDeviceMode | The device mode applicability rule for this Policy. Inherited from deviceConfiguration |
| createdDateTime | DateTimeOffset | DateTime the object was created. Inherited from deviceConfiguration |
| description | String | Admin provided description of the Device Configuration. Inherited from deviceConfiguration |
| displayName | String | Admin provided name of the device configuration. Inherited from deviceConfiguration |
| version | Int32 | Version of the device configuration. Inherited from deviceConfiguration |
| renewalThresholdPercentage | Int32 | Certificate renewal threshold percentage. Valid values 1 to 99 Inherited from androidCertificateProfileBase |
| subjectNameFormat | subjectNameFormat | Certificate Subject Name Format. Inherited from androidCertificateProfileBase. Possible values are: commonName, commonNameIncludingEmail, commonNameAsEmail, custom, commonNameAsIMEI, commonNameAsSerialNumber, commonNameAsAadDeviceId, commonNameAsIntuneDeviceId, commonNameAsDurableDeviceId. |
| subjectAlternativeNameType | subjectAlternativeNameType | Certificate Subject Alternative Name Type. Inherited from androidCertificateProfileBase. Possible values are: none, emailAddress, userPrincipalName, customAzureADAttribute, domainNameService, universalResourceIdentifier. |
| certificateValidityPeriodValue | Int32 | Value for the Certificate Validity Period. Inherited from androidCertificateProfileBase |
| certificateValidityPeriodScale | certificateValidityPeriodScale | Scale for the Certificate Validity Period. Inherited from androidCertificateProfileBase. Possible values are: days, months, years. |
| extendedKeyUsages | extendedKeyUsage collection | Extended Key Usage (EKU) settings. This collection can contain a maximum of 500 elements. Inherited from androidCertificateProfileBase |
| scepServerUrls | String collection | SCEP Server Url(s) |
| subjectNameFormatString | String | Custom format to use with SubjectNameFormat = Custom. Example: CN={{EmailAddress}},E={{EmailAddress}},OU=Enterprise Users,O=Contoso Corporation,L=Redmond,ST=WA,C=US |
| keyUsage | keyUsages | SCEP Key Usage. Possible values are: keyEncipherment, digitalSignature. |
| keySize | keySize | SCEP Key Size. Possible values are: size1024, size2048, size4096. |
| hashAlgorithm | hashAlgorithms | SCEP Hash Algorithm. Possible values are: sha1, sha2. |
| subjectAlternativeNameFormatString | String | Custom String that defines the AAD Attribute. |
androidTrustedRootCertificate
| Property | Type | Description |
|---|---|---|
| id | String | Key of the entity. Inherited from deviceConfiguration |
| lastModifiedDateTime | DateTimeOffset | DateTime the object was last modified. Inherited from deviceConfiguration |
| roleScopeTagIds | String collection | List of Scope Tags for this Entity instance. Inherited from deviceConfiguration |
| supportsScopeTags | Boolean | Indicates whether or not the underlying Device Configuration supports the assignment of scope tags. Assigning to the ScopeTags property is not allowed when this value is false and entities will not be visible to scoped users. This occurs for Legacy policies created in Silverlight and can be resolved by deleting and recreating the policy in the Azure Portal. This property is read-only. Inherited from deviceConfiguration |
| deviceManagementApplicabilityRuleOsEdition | deviceManagementApplicabilityRuleOsEdition | The OS edition applicability for this Policy. Inherited from deviceConfiguration |
| deviceManagementApplicabilityRuleOsVersion | deviceManagementApplicabilityRuleOsVersion | The OS version applicability rule for this Policy. Inherited from deviceConfiguration |
| deviceManagementApplicabilityRuleDeviceMode | deviceManagementApplicabilityRuleDeviceMode | The device mode applicability rule for this Policy. Inherited from deviceConfiguration |
| createdDateTime | DateTimeOffset | DateTime the object was created. Inherited from deviceConfiguration |
| description | String | Admin provided description of the Device Configuration. Inherited from deviceConfiguration |
| displayName | String | Admin provided name of the device configuration. Inherited from deviceConfiguration |
| version | Int32 | Version of the device configuration. Inherited from deviceConfiguration |
| trustedRootCertificate | Binary | Trusted Root Certificate |
| certFileName | String | File name to display in UI. |
androidVpnConfiguration
| Property | Type | Description |
|---|---|---|
| id | String | Key of the entity. Inherited from deviceConfiguration |
| lastModifiedDateTime | DateTimeOffset | DateTime the object was last modified. Inherited from deviceConfiguration |
| roleScopeTagIds | String collection | List of Scope Tags for this Entity instance. Inherited from deviceConfiguration |
| supportsScopeTags | Boolean | Indicates whether or not the underlying Device Configuration supports the assignment of scope tags. Assigning to the ScopeTags property is not allowed when this value is false and entities will not be visible to scoped users. This occurs for Legacy policies created in Silverlight and can be resolved by deleting and recreating the policy in the Azure Portal. This property is read-only. Inherited from deviceConfiguration |
| deviceManagementApplicabilityRuleOsEdition | deviceManagementApplicabilityRuleOsEdition | The OS edition applicability for this Policy. Inherited from deviceConfiguration |
| deviceManagementApplicabilityRuleOsVersion | deviceManagementApplicabilityRuleOsVersion | The OS version applicability rule for this Policy. Inherited from deviceConfiguration |
| deviceManagementApplicabilityRuleDeviceMode | deviceManagementApplicabilityRuleDeviceMode | The device mode applicability rule for this Policy. Inherited from deviceConfiguration |
| createdDateTime | DateTimeOffset | DateTime the object was created. Inherited from deviceConfiguration |
| description | String | Admin provided description of the Device Configuration. Inherited from deviceConfiguration |
| displayName | String | Admin provided name of the device configuration. Inherited from deviceConfiguration |
| version | Int32 | Version of the device configuration. Inherited from deviceConfiguration |
| connectionName | String | Connection name displayed to the user. |
| connectionType | androidVpnConnectionType | Connection type. Possible values are: ciscoAnyConnect, pulseSecure, f5EdgeClient, dellSonicWallMobileConnect, checkPointCapsuleVpn, citrix, microsoftTunnel, netMotionMobility, microsoftProtect. |
| role | String | Role when connection type is set to Pulse Secure. |
| realm | String | Realm when connection type is set to Pulse Secure. |
| servers | vpnServer collection | List of VPN Servers on the network. Make sure end users can access these network locations. This collection can contain a maximum of 500 elements. |
| fingerprint | String | Fingerprint is a string that will be used to verify the VPN server can be trusted, which is only applicable when connection type is Check Point Capsule VPN. |
| customData | keyValue collection | Custom data when connection type is set to Citrix. This collection can contain a maximum of 25 elements. |
| customKeyValueData | keyValuePair collection | Custom data when connection type is set to Citrix. This collection can contain a maximum of 25 elements. |
| authenticationMethod | vpnAuthenticationMethod | Authentication method. Possible values are: certificate, usernameAndPassword, sharedSecret, derivedCredential, azureAD. |
androidWiFiConfiguration
| Property | Type | Description |
|---|---|---|
| id | String | Key of the entity. Inherited from deviceConfiguration |
| lastModifiedDateTime | DateTimeOffset | DateTime the object was last modified. Inherited from deviceConfiguration |
| roleScopeTagIds | String collection | List of Scope Tags for this Entity instance. Inherited from deviceConfiguration |
| supportsScopeTags | Boolean | Indicates whether or not the underlying Device Configuration supports the assignment of scope tags. Assigning to the ScopeTags property is not allowed when this value is false and entities will not be visible to scoped users. This occurs for Legacy policies created in Silverlight and can be resolved by deleting and recreating the policy in the Azure Portal. This property is read-only. Inherited from deviceConfiguration |
| deviceManagementApplicabilityRuleOsEdition | deviceManagementApplicabilityRuleOsEdition | The OS edition applicability for this Policy. Inherited from deviceConfiguration |
| deviceManagementApplicabilityRuleOsVersion | deviceManagementApplicabilityRuleOsVersion | The OS version applicability rule for this Policy. Inherited from deviceConfiguration |
| deviceManagementApplicabilityRuleDeviceMode | deviceManagementApplicabilityRuleDeviceMode | The device mode applicability rule for this Policy. Inherited from deviceConfiguration |
| createdDateTime | DateTimeOffset | DateTime the object was created. Inherited from deviceConfiguration |
| description | String | Admin provided description of the Device Configuration. Inherited from deviceConfiguration |
| displayName | String | Admin provided name of the device configuration. Inherited from deviceConfiguration |
| version | Int32 | Version of the device configuration. Inherited from deviceConfiguration |
| networkName | String | Network Name |
| ssid | String | This is the name of the Wi-Fi network that is broadcast to all devices. |
| connectAutomatically | Boolean | Connect automatically when this network is in range. Setting this to true will skip the user prompt and automatically connect the device to Wi-Fi network. |
| connectWhenNetworkNameIsHidden | Boolean | When set to true, this profile forces the device to connect to a network that doesn't broadcast its SSID to all devices. |
| wiFiSecurityType | androidWiFiSecurityType | Indicates whether Wi-Fi endpoint uses an EAP based security type. Possible values are: open, wpaEnterprise, wpa2Enterprise. |
androidWorkProfileCertificateProfileBase
| Property | Type | Description |
|---|---|---|
| id | String | Key of the entity. Inherited from deviceConfiguration |
| lastModifiedDateTime | DateTimeOffset | DateTime the object was last modified. Inherited from deviceConfiguration |
| roleScopeTagIds | String collection | List of Scope Tags for this Entity instance. Inherited from deviceConfiguration |
| supportsScopeTags | Boolean | Indicates whether or not the underlying Device Configuration supports the assignment of scope tags. Assigning to the ScopeTags property is not allowed when this value is false and entities will not be visible to scoped users. This occurs for Legacy policies created in Silverlight and can be resolved by deleting and recreating the policy in the Azure Portal. This property is read-only. Inherited from deviceConfiguration |
| deviceManagementApplicabilityRuleOsEdition | deviceManagementApplicabilityRuleOsEdition | The OS edition applicability for this Policy. Inherited from deviceConfiguration |
| deviceManagementApplicabilityRuleOsVersion | deviceManagementApplicabilityRuleOsVersion | The OS version applicability rule for this Policy. Inherited from deviceConfiguration |
| deviceManagementApplicabilityRuleDeviceMode | deviceManagementApplicabilityRuleDeviceMode | The device mode applicability rule for this Policy. Inherited from deviceConfiguration |
| createdDateTime | DateTimeOffset | DateTime the object was created. Inherited from deviceConfiguration |
| description | String | Admin provided description of the Device Configuration. Inherited from deviceConfiguration |
| displayName | String | Admin provided name of the device configuration. Inherited from deviceConfiguration |
| version | Int32 | Version of the device configuration. Inherited from deviceConfiguration |
| renewalThresholdPercentage | Int32 | Certificate renewal threshold percentage. Valid values 1 to 99 |
| subjectNameFormat | subjectNameFormat | Certificate Subject Name Format. Possible values are: commonName, commonNameIncludingEmail, commonNameAsEmail, custom, commonNameAsIMEI, commonNameAsSerialNumber, commonNameAsAadDeviceId, commonNameAsIntuneDeviceId, commonNameAsDurableDeviceId. |
| certificateValidityPeriodValue | Int32 | Value for the Certificate Validity Period. |
| certificateValidityPeriodScale | certificateValidityPeriodScale | Scale for the Certificate Validity Period. Possible values are: days, months, years. |
| extendedKeyUsages | extendedKeyUsage collection | Extended Key Usage (EKU) settings. This collection can contain a maximum of 500 elements. |
| subjectAlternativeNameType | subjectAlternativeNameType | Certificate Subject Alternative Name Type. Possible values are: none, emailAddress, userPrincipalName, customAzureADAttribute, domainNameService, universalResourceIdentifier. |
androidWorkProfileCompliancePolicy
| Property | Type | Description |
|---|---|---|
| id | String | Key of the entity. Inherited from deviceCompliancePolicy |
| createdDateTime | DateTimeOffset | DateTime the object was created. Inherited from deviceCompliancePolicy |
| description | String | Admin provided description of the Device Configuration. Inherited from deviceCompliancePolicy |
| lastModifiedDateTime | DateTimeOffset | DateTime the object was last modified. Inherited from deviceCompliancePolicy |
| displayName | String | Admin provided name of the device configuration. Inherited from deviceCompliancePolicy |
| version | Int32 | Version of the device configuration. Inherited from deviceCompliancePolicy |
| passwordRequired | Boolean | Require a password to unlock device. |
| passwordMinimumLength | Int32 | Minimum password length. Valid values 4 to 16 |
| passwordRequiredType | androidRequiredPasswordType | Type of characters in password. Possible values are: deviceDefault, alphabetic, alphanumeric, alphanumericWithSymbols, lowSecurityBiometric, numeric, numericComplex, any. |
| passwordMinutesOfInactivityBeforeLock | Int32 | Minutes of inactivity before a password is required. |
| passwordExpirationDays | Int32 | Number of days before the password expires. Valid values 1 to 365 |
| passwordPreviousPasswordBlockCount | Int32 | Number of previous passwords to block. Valid values 1 to 24 |
| securityPreventInstallAppsFromUnknownSources | Boolean | Require that devices disallow installation of apps from unknown sources. |
| securityDisableUsbDebugging | Boolean | Disable USB debugging on Android devices. |
| securityRequireVerifyApps | Boolean | Require the Android Verify apps feature is turned on. |
| deviceThreatProtectionEnabled | Boolean | Require that devices have enabled device threat protection. |
| deviceThreatProtectionRequiredSecurityLevel | deviceThreatProtectionLevel | Require Mobile Threat Protection minimum risk level to report noncompliance. Possible values are: unavailable, secured, low, medium, high, notSet. |
| securityBlockJailbrokenDevices | Boolean | Devices must not be jailbroken or rooted. |
| osMinimumVersion | String | Minimum Android version. |
| osMaximumVersion | String | Maximum Android version. |
| minAndroidSecurityPatchLevel | String | Minimum Android security patch level. |
| storageRequireEncryption | Boolean | Require encryption on Android devices. |
| securityRequireSafetyNetAttestationBasicIntegrity | Boolean | Require the device to pass the SafetyNet basic integrity check. |
| securityRequireSafetyNetAttestationCertifiedDevice | Boolean | Require the device to pass the SafetyNet certified device check. |
| securityRequireGooglePlayServices | Boolean | Require Google Play Services to be installed and enabled on the device. |
| securityRequireUpToDateSecurityProviders | Boolean | Require the device to have up to date security providers. The device will require Google Play Services to be enabled and up to date. |
| securityRequireCompanyPortalAppIntegrity | Boolean | Require the device to pass the Company Portal client app runtime integrity check. |
androidWorkProfileCustomConfiguration
| Property | Type | Description |
|---|---|---|
| id | String | Key of the entity. Inherited from deviceConfiguration |
| lastModifiedDateTime | DateTimeOffset | DateTime the object was last modified. Inherited from deviceConfiguration |
| createdDateTime | DateTimeOffset | DateTime the object was created. Inherited from deviceConfiguration |
| description | String | Admin provided description of the Device Configuration. Inherited from deviceConfiguration |
| displayName | String | Admin provided name of the device configuration. Inherited from deviceConfiguration |
| version | Int32 | Version of the device configuration. Inherited from deviceConfiguration |
| omaSettings | omaSetting collection | OMA settings. This collection can contain a maximum of 500 elements. |
androidWorkProfileEasEmailProfileBase
| Property | Type | Description |
|---|---|---|
| id | String | Key of the entity. Inherited from deviceConfiguration |
| lastModifiedDateTime | DateTimeOffset | DateTime the object was last modified. Inherited from deviceConfiguration |
| roleScopeTagIds | String collection | List of Scope Tags for this Entity instance. Inherited from deviceConfiguration |
| supportsScopeTags | Boolean | Indicates whether or not the underlying Device Configuration supports the assignment of scope tags. Assigning to the ScopeTags property is not allowed when this value is false and entities will not be visible to scoped users. This occurs for Legacy policies created in Silverlight and can be resolved by deleting and recreating the policy in the Azure Portal. This property is read-only. Inherited from deviceConfiguration |
| deviceManagementApplicabilityRuleOsEdition | deviceManagementApplicabilityRuleOsEdition | The OS edition applicability for this Policy. Inherited from deviceConfiguration |
| deviceManagementApplicabilityRuleOsVersion | deviceManagementApplicabilityRuleOsVersion | The OS version applicability rule for this Policy. Inherited from deviceConfiguration |
| deviceManagementApplicabilityRuleDeviceMode | deviceManagementApplicabilityRuleDeviceMode | The device mode applicability rule for this Policy. Inherited from deviceConfiguration |
| createdDateTime | DateTimeOffset | DateTime the object was created. Inherited from deviceConfiguration |
| description | String | Admin provided description of the Device Configuration. Inherited from deviceConfiguration |
| displayName | String | Admin provided name of the device configuration. Inherited from deviceConfiguration |
| version | Int32 | Version of the device configuration. Inherited from deviceConfiguration |
| authenticationMethod | easAuthenticationMethod | Authentication method for Exchange ActiveSync. Possible values are: usernameAndPassword, certificate, derivedCredential. |
| durationOfEmailToSync | emailSyncDuration | Duration of time email should be synced to. Possible values are: userDefined, oneDay, threeDays, oneWeek, twoWeeks, oneMonth, unlimited. |
| emailAddressSource | userEmailSource | Email attribute that is picked from AAD and injected into this profile before installing on the device. Possible values are: userPrincipalName, primarySmtpAddress. |
| hostName | String | Exchange location (URL) that the mail app connects to. |
| requireSsl | Boolean | Indicates whether or not to use SSL. |
| usernameSource | androidUsernameSource | Username attribute that is picked from AAD and injected into this profile before installing on the device. Possible values are: username, userPrincipalName, samAccountName, primarySmtpAddress. |
androidWorkProfileEnterpriseWiFiConfiguration
| Property | Type | Description |
|---|---|---|
| id | String | Key of the entity. Inherited from deviceConfiguration |
| lastModifiedDateTime | DateTimeOffset | DateTime the object was last modified. Inherited from deviceConfiguration |
| roleScopeTagIds | String collection | List of Scope Tags for this Entity instance. Inherited from deviceConfiguration |
| supportsScopeTags | Boolean | Indicates whether or not the underlying Device Configuration supports the assignment of scope tags. Assigning to the ScopeTags property is not allowed when this value is false and entities will not be visible to scoped users. This occurs for Legacy policies created in Silverlight and can be resolved by deleting and recreating the policy in the Azure Portal. This property is read-only. Inherited from deviceConfiguration |
| deviceManagementApplicabilityRuleOsEdition | deviceManagementApplicabilityRuleOsEdition | The OS edition applicability for this Policy. Inherited from deviceConfiguration |
| deviceManagementApplicabilityRuleOsVersion | deviceManagementApplicabilityRuleOsVersion | The OS version applicability rule for this Policy. Inherited from deviceConfiguration |
| deviceManagementApplicabilityRuleDeviceMode | deviceManagementApplicabilityRuleDeviceMode | The device mode applicability rule for this Policy. Inherited from deviceConfiguration |
| createdDateTime | DateTimeOffset | DateTime the object was created. Inherited from deviceConfiguration |
| description | String | Admin provided description of the Device Configuration. Inherited from deviceConfiguration |
| displayName | String | Admin provided name of the device configuration. Inherited from deviceConfiguration |
| version | Int32 | Version of the device configuration. Inherited from deviceConfiguration |
| networkName | String | Network Name Inherited from androidWorkProfileWiFiConfiguration |
| ssid | String | This is the name of the Wi-Fi network that is broadcast to all devices. Inherited from androidWorkProfileWiFiConfiguration |
| connectAutomatically | Boolean | Connect automatically when this network is in range. Setting this to true will skip the user prompt and automatically connect the device to Wi-Fi network. Inherited from androidWorkProfileWiFiConfiguration |
| connectWhenNetworkNameIsHidden | Boolean | When set to true, this profile forces the device to connect to a network that doesn't broadcast its SSID to all devices. Inherited from androidWorkProfileWiFiConfiguration |
| wiFiSecurityType | androidWiFiSecurityType | Indicates whether Wi-Fi endpoint uses an EAP based security type. Inherited from androidWorkProfileWiFiConfiguration. Possible values are: open, wpaEnterprise, wpa2Enterprise. |
| eapType | androidEapType | Indicates the type of EAP protocol set on the Wi-Fi endpoint (router). Possible values are: eapTls, eapTtls, peap. |
| trustedServerCertificateNames | String collection | Trusted server certificate names when EAP Type is configured to EAP-TLS/TTLS/FAST or PEAP. This is the common name used in the certificates issued by your trusted certificate authority (CA). If you provide this information, you can bypass the dynamic trust dialog that is displayed on end users' devices when they connect to this Wi-Fi network. |
| authenticationMethod | wiFiAuthenticationMethod | Indicates the Authentication Method the client (device) needs to use when the EAP Type is configured to PEAP or EAP-TTLS. Possible values are: certificate, usernameAndPassword, derivedCredential. |
| innerAuthenticationProtocolForEapTtls | nonEapAuthenticationMethodForEapTtlsType | Non-EAP Method for Authentication (Inner Identity) when EAP Type is EAP-TTLS and Authenticationmethod is Username and Password. Possible values are: unencryptedPassword, challengeHandshakeAuthenticationProtocol, microsoftChap, microsoftChapVersionTwo. |
| innerAuthenticationProtocolForPeap | nonEapAuthenticationMethodForPeap | Non-EAP Method for Authentication (Inner Identity) when EAP Type is PEAP and Authenticationmethod is Username and Password. Possible values are: none, microsoftChapVersionTwo. |
| outerIdentityPrivacyTemporaryValue | String | Enable identity privacy (Outer Identity) when EAP Type is configured to EAP-TTLS or PEAP. The String provided here is used to mask the username of individual users when they attempt to connect to Wi-Fi network. |
| proxySettings | wiFiProxySetting | Proxy Type for this Wi-Fi connection. Possible values are: none, manual, automatic. |
| proxyAutomaticConfigurationUrl | String | URL of the proxy server automatic configuration script when automatic configuration is selected. This URL is typically the location of PAC (Proxy Auto Configuration) file. |
androidWorkProfileGeneralDeviceConfiguration
| Property | Type | Description |
|---|---|---|
| id | String | Key of the entity. Inherited from deviceConfiguration |
| lastModifiedDateTime | DateTimeOffset | DateTime the object was last modified. Inherited from deviceConfiguration |
| createdDateTime | DateTimeOffset | DateTime the object was created. Inherited from deviceConfiguration |
| description | String | Admin provided description of the Device Configuration. Inherited from deviceConfiguration |
| displayName | String | Admin provided name of the device configuration. Inherited from deviceConfiguration |
| version | Int32 | Version of the device configuration. Inherited from deviceConfiguration |
| passwordBlockFingerprintUnlock | Boolean | Indicates whether or not to block fingerprint unlock. |
| passwordBlockTrustAgents | Boolean | Indicates whether or not to block Smart Lock and other trust agents. |
| passwordExpirationDays | Int32 | Number of days before the password expires. Valid values 1 to 365 |
| passwordMinimumLength | Int32 | Minimum length of passwords. Valid values 4 to 16 |
| passwordMinutesOfInactivityBeforeScreenTimeout | Int32 | Minutes of inactivity before the screen times out. |
| passwordPreviousPasswordBlockCount | Int32 | Number of previous passwords to block. Valid values 0 to 24 |
| passwordSignInFailureCountBeforeFactoryReset | Int32 | Number of sign in failures allowed before factory reset. Valid values 1 to 16 |
| passwordRequiredType | androidWorkProfileRequiredPasswordType | Type of password that is required. Possible values are: deviceDefault, lowSecurityBiometric, required, atLeastNumeric, numericComplex, atLeastAlphabetic, atLeastAlphanumeric, alphanumericWithSymbols. |
| workProfileDataSharingType | androidWorkProfileCrossProfileDataSharingType | Type of data sharing that is allowed. Possible values are: deviceDefault, preventAny, allowPersonalToWork, noRestrictions. |
| workProfileBlockNotificationsWhileDeviceLocked | Boolean | Indicates whether or not to block notifications while device locked. |
| workProfileBlockAddingAccounts | Boolean | Block users from adding/removing accounts in work profile. |
| workProfileBluetoothEnableContactSharing | Boolean | Allow bluetooth devices to access enterprise contacts. |
| workProfileBlockScreenCapture | Boolean | Block screen capture in work profile. |
| workProfileBlockCrossProfileCallerId | Boolean | Block display work profile caller ID in personal profile. |
| workProfileBlockCamera | Boolean | Block work profile camera. |
| workProfileBlockCrossProfileContactsSearch | Boolean | Block work profile contacts availability in personal profile. |
| workProfileBlockCrossProfileCopyPaste | Boolean | Boolean that indicates if the setting disallow cross profile copy/paste is enabled. |
| workProfileDefaultAppPermissionPolicy | androidWorkProfileDefaultAppPermissionPolicyType | Type of password that is required. Possible values are: deviceDefault, prompt, autoGrant, autoDeny. |
| workProfilePasswordBlockFingerprintUnlock | Boolean | Indicates whether or not to block fingerprint unlock for work profile. |
| workProfilePasswordBlockTrustAgents | Boolean | Indicates whether or not to block Smart Lock and other trust agents for work profile. |
| workProfilePasswordExpirationDays | Int32 | Number of days before the work profile password expires. Valid values 1 to 365 |
| workProfilePasswordMinimumLength | Int32 | Minimum length of work profile password. Valid values 4 to 16 |
| workProfilePasswordMinNumericCharacters | Int32 | Minimum # of numeric characters required in work profile password. Valid values 1 to 10 |
| workProfilePasswordMinNonLetterCharacters | Int32 | Minimum # of non-letter characters required in work profile password. Valid values 1 to 10 |
| workProfilePasswordMinLetterCharacters | Int32 | Minimum # of letter characters required in work profile password. Valid values 1 to 10 |
| workProfilePasswordMinLowerCaseCharacters | Int32 | Minimum # of lower-case characters required in work profile password. Valid values 1 to 10 |
| workProfilePasswordMinUpperCaseCharacters | Int32 | Minimum # of upper-case characters required in work profile password. Valid values 1 to 10 |
| workProfilePasswordMinSymbolCharacters | Int32 | Minimum # of symbols required in work profile password. Valid values 1 to 10 |
| workProfilePasswordMinutesOfInactivityBeforeScreenTimeout | Int32 | Minutes of inactivity before the screen times out. |
| workProfilePasswordPreviousPasswordBlockCount | Int32 | Number of previous work profile passwords to block. Valid values 0 to 24 |
| workProfilePasswordSignInFailureCountBeforeFactoryReset | Int32 | Number of sign in failures allowed before work profile is removed and all corporate data deleted. Valid values 1 to 16 |
| workProfilePasswordRequiredType | androidWorkProfileRequiredPasswordType | Type of work profile password that is required. Possible values are: deviceDefault, lowSecurityBiometric, required, atLeastNumeric, numericComplex, atLeastAlphabetic, atLeastAlphanumeric, alphanumericWithSymbols. |
| workProfileRequirePassword | Boolean | Password is required or not for work profile |
| securityRequireVerifyApps | Boolean | Require the Android Verify apps feature is turned on. |
androidWorkProfileGmailEasConfiguration
| Property | Type | Description |
|---|---|---|
| id | String | Key of the entity. Inherited from deviceConfiguration |
| lastModifiedDateTime | DateTimeOffset | DateTime the object was last modified. Inherited from deviceConfiguration |
| roleScopeTagIds | String collection | List of Scope Tags for this Entity instance. Inherited from deviceConfiguration |
| supportsScopeTags | Boolean | Indicates whether or not the underlying Device Configuration supports the assignment of scope tags. Assigning to the ScopeTags property is not allowed when this value is false and entities will not be visible to scoped users. This occurs for Legacy policies created in Silverlight and can be resolved by deleting and recreating the policy in the Azure Portal. This property is read-only. Inherited from deviceConfiguration |
| deviceManagementApplicabilityRuleOsEdition | deviceManagementApplicabilityRuleOsEdition | The OS edition applicability for this Policy. Inherited from deviceConfiguration |
| deviceManagementApplicabilityRuleOsVersion | deviceManagementApplicabilityRuleOsVersion | The OS version applicability rule for this Policy. Inherited from deviceConfiguration |
| deviceManagementApplicabilityRuleDeviceMode | deviceManagementApplicabilityRuleDeviceMode | The device mode applicability rule for this Policy. Inherited from deviceConfiguration |
| createdDateTime | DateTimeOffset | DateTime the object was created. Inherited from deviceConfiguration |
| description | String | Admin provided description of the Device Configuration. Inherited from deviceConfiguration |
| displayName | String | Admin provided name of the device configuration. Inherited from deviceConfiguration |
| version | Int32 | Version of the device configuration. Inherited from deviceConfiguration |
| authenticationMethod | easAuthenticationMethod | Authentication method for Exchange ActiveSync. Inherited from androidWorkProfileEasEmailProfileBase. Possible values are: usernameAndPassword, certificate, derivedCredential. |
| durationOfEmailToSync | emailSyncDuration | Duration of time email should be synced to. Inherited from androidWorkProfileEasEmailProfileBase. Possible values are: userDefined, oneDay, threeDays, oneWeek, twoWeeks, oneMonth, unlimited. |
| emailAddressSource | userEmailSource | Email attribute that is picked from AAD and injected into this profile before installing on the device. Inherited from androidWorkProfileEasEmailProfileBase. Possible values are: userPrincipalName, primarySmtpAddress. |
| hostName | String | Exchange location (URL) that the mail app connects to. Inherited from androidWorkProfileEasEmailProfileBase |
| requireSsl | Boolean | Indicates whether or not to use SSL. Inherited from androidWorkProfileEasEmailProfileBase |
| usernameSource | androidUsernameSource | Username attribute that is picked from AAD and injected into this profile before installing on the device. Inherited from androidWorkProfileEasEmailProfileBase. Possible values are: username, userPrincipalName, samAccountName, primarySmtpAddress. |
androidWorkProfileNineWorkEasConfiguration
| Property | Type | Description |
|---|---|---|
| id | String | Key of the entity. Inherited from deviceConfiguration |
| lastModifiedDateTime | DateTimeOffset | DateTime the object was last modified. Inherited from deviceConfiguration |
| roleScopeTagIds | String collection | List of Scope Tags for this Entity instance. Inherited from deviceConfiguration |
| supportsScopeTags | Boolean | Indicates whether or not the underlying Device Configuration supports the assignment of scope tags. Assigning to the ScopeTags property is not allowed when this value is false and entities will not be visible to scoped users. This occurs for Legacy policies created in Silverlight and can be resolved by deleting and recreating the policy in the Azure Portal. This property is read-only. Inherited from deviceConfiguration |
| deviceManagementApplicabilityRuleOsEdition | deviceManagementApplicabilityRuleOsEdition | The OS edition applicability for this Policy. Inherited from deviceConfiguration |
| deviceManagementApplicabilityRuleOsVersion | deviceManagementApplicabilityRuleOsVersion | The OS version applicability rule for this Policy. Inherited from deviceConfiguration |
| deviceManagementApplicabilityRuleDeviceMode | deviceManagementApplicabilityRuleDeviceMode | The device mode applicability rule for this Policy. Inherited from deviceConfiguration |
| createdDateTime | DateTimeOffset | DateTime the object was created. Inherited from deviceConfiguration |
| description | String | Admin provided description of the Device Configuration. Inherited from deviceConfiguration |
| displayName | String | Admin provided name of the device configuration. Inherited from deviceConfiguration |
| version | Int32 | Version of the device configuration. Inherited from deviceConfiguration |
| authenticationMethod | easAuthenticationMethod | Authentication method for Exchange ActiveSync. Inherited from androidWorkProfileEasEmailProfileBase. Possible values are: usernameAndPassword, certificate, derivedCredential. |
| durationOfEmailToSync | emailSyncDuration | Duration of time email should be synced to. Inherited from androidWorkProfileEasEmailProfileBase. Possible values are: userDefined, oneDay, threeDays, oneWeek, twoWeeks, oneMonth, unlimited. |
| emailAddressSource | userEmailSource | Email attribute that is picked from AAD and injected into this profile before installing on the device. Inherited from androidWorkProfileEasEmailProfileBase. Possible values are: userPrincipalName, primarySmtpAddress. |
| hostName | String | Exchange location (URL) that the mail app connects to. Inherited from androidWorkProfileEasEmailProfileBase |
| requireSsl | Boolean | Indicates whether or not to use SSL. Inherited from androidWorkProfileEasEmailProfileBase |
| usernameSource | androidUsernameSource | Username attribute that is picked from AAD and injected into this profile before installing on the device. Inherited from androidWorkProfileEasEmailProfileBase. Possible values are: username, userPrincipalName, samAccountName, primarySmtpAddress. |
| syncCalendar | Boolean | Toggles syncing the calendar. If set to false the calendar is turned off on the device. |
| syncContacts | Boolean | Toggles syncing contacts. If set to false contacts are turned off on the device. |
| syncTasks | Boolean | Toggles syncing tasks. If set to false tasks are turned off on the device. |
androidWorkProfilePkcsCertificateProfile
| Property | Type | Description |
|---|---|---|
| id | String | Key of the entity. Inherited from deviceConfiguration |
| lastModifiedDateTime | DateTimeOffset | DateTime the object was last modified. Inherited from deviceConfiguration |
| roleScopeTagIds | String collection | List of Scope Tags for this Entity instance. Inherited from deviceConfiguration |
| supportsScopeTags | Boolean | Indicates whether or not the underlying Device Configuration supports the assignment of scope tags. Assigning to the ScopeTags property is not allowed when this value is false and entities will not be visible to scoped users. This occurs for Legacy policies created in Silverlight and can be resolved by deleting and recreating the policy in the Azure Portal. This property is read-only. Inherited from deviceConfiguration |
| deviceManagementApplicabilityRuleOsEdition | deviceManagementApplicabilityRuleOsEdition | The OS edition applicability for this Policy. Inherited from deviceConfiguration |
| deviceManagementApplicabilityRuleOsVersion | deviceManagementApplicabilityRuleOsVersion | The OS version applicability rule for this Policy. Inherited from deviceConfiguration |
| deviceManagementApplicabilityRuleDeviceMode | deviceManagementApplicabilityRuleDeviceMode | The device mode applicability rule for this Policy. Inherited from deviceConfiguration |
| createdDateTime | DateTimeOffset | DateTime the object was created. Inherited from deviceConfiguration |
| description | String | Admin provided description of the Device Configuration. Inherited from deviceConfiguration |
| displayName | String | Admin provided name of the device configuration. Inherited from deviceConfiguration |
| version | Int32 | Version of the device configuration. Inherited from deviceConfiguration |
| renewalThresholdPercentage | Int32 | Certificate renewal threshold percentage. Valid values 1 to 99 Inherited from androidWorkProfileCertificateProfileBase |
| subjectNameFormat | subjectNameFormat | Certificate Subject Name Format. Inherited from androidWorkProfileCertificateProfileBase. Possible values are: commonName, commonNameIncludingEmail, commonNameAsEmail, custom, commonNameAsIMEI, commonNameAsSerialNumber, commonNameAsAadDeviceId, commonNameAsIntuneDeviceId, commonNameAsDurableDeviceId. |
| certificateValidityPeriodValue | Int32 | Value for the Certificate Validity Period. Inherited from androidWorkProfileCertificateProfileBase |
| certificateValidityPeriodScale | certificateValidityPeriodScale | Scale for the Certificate Validity Period. Inherited from androidWorkProfileCertificateProfileBase. Possible values are: days, months, years. |
| extendedKeyUsages | extendedKeyUsage collection | Extended Key Usage (EKU) settings. This collection can contain a maximum of 500 elements. Inherited from androidWorkProfileCertificateProfileBase |
| subjectAlternativeNameType | subjectAlternativeNameType | Certificate Subject Alternative Name Type. Inherited from androidWorkProfileCertificateProfileBase. Possible values are: none, emailAddress, userPrincipalName, customAzureADAttribute, domainNameService, universalResourceIdentifier. |
| certificationAuthority | String | PKCS Certification Authority |
| certificationAuthorityName | String | PKCS Certification Authority Name |
| certificateTemplateName | String | PKCS Certificate Template Name |
| subjectAlternativeNameFormatString | String | Custom String that defines the AAD Attribute. |
| subjectNameFormatString | String | Custom format to use with SubjectNameFormat = Custom. Example: CN={{EmailAddress}},E={{EmailAddress}},OU=Enterprise Users,O=Contoso Corporation,L=Redmond,ST=WA,C=US |
| certificateStore | certificateStore | Target store certificate. Possible values are: user, machine. |
| customSubjectAlternativeNames | customSubjectAlternativeName collection | Custom Subject Alternative Name Settings. This collection can contain a maximum of 500 elements. |
androidWorkProfileScepCertificateProfile
| Property | Type | Description |
|---|---|---|
| id | String | Key of the entity. Inherited from deviceConfiguration |
| lastModifiedDateTime | DateTimeOffset | DateTime the object was last modified. Inherited from deviceConfiguration |
| roleScopeTagIds | String collection | List of Scope Tags for this Entity instance. Inherited from deviceConfiguration |
| supportsScopeTags | Boolean | Indicates whether or not the underlying Device Configuration supports the assignment of scope tags. Assigning to the ScopeTags property is not allowed when this value is false and entities will not be visible to scoped users. This occurs for Legacy policies created in Silverlight and can be resolved by deleting and recreating the policy in the Azure Portal. This property is read-only. Inherited from deviceConfiguration |
| deviceManagementApplicabilityRuleOsEdition | deviceManagementApplicabilityRuleOsEdition | The OS edition applicability for this Policy. Inherited from deviceConfiguration |
| deviceManagementApplicabilityRuleOsVersion | deviceManagementApplicabilityRuleOsVersion | The OS version applicability rule for this Policy. Inherited from deviceConfiguration |
| deviceManagementApplicabilityRuleDeviceMode | deviceManagementApplicabilityRuleDeviceMode | The device mode applicability rule for this Policy. Inherited from deviceConfiguration |
| createdDateTime | DateTimeOffset | DateTime the object was created. Inherited from deviceConfiguration |
| description | String | Admin provided description of the Device Configuration. Inherited from deviceConfiguration |
| displayName | String | Admin provided name of the device configuration. Inherited from deviceConfiguration |
| version | Int32 | Version of the device configuration. Inherited from deviceConfiguration |
| renewalThresholdPercentage | Int32 | Certificate renewal threshold percentage. Valid values 1 to 99 Inherited from androidWorkProfileCertificateProfileBase |
| subjectNameFormat | subjectNameFormat | Certificate Subject Name Format. Inherited from androidWorkProfileCertificateProfileBase. Possible values are: commonName, commonNameIncludingEmail, commonNameAsEmail, custom, commonNameAsIMEI, commonNameAsSerialNumber, commonNameAsAadDeviceId, commonNameAsIntuneDeviceId, commonNameAsDurableDeviceId. |
| certificateValidityPeriodValue | Int32 | Value for the Certificate Validity Period. Inherited from androidWorkProfileCertificateProfileBase |
| certificateValidityPeriodScale | certificateValidityPeriodScale | Scale for the Certificate Validity Period. Inherited from androidWorkProfileCertificateProfileBase. Possible values are: days, months, years. |
| extendedKeyUsages | extendedKeyUsage collection | Extended Key Usage (EKU) settings. This collection can contain a maximum of 500 elements. Inherited from androidWorkProfileCertificateProfileBase |
| subjectAlternativeNameType | subjectAlternativeNameType | Certificate Subject Alternative Name Type. Inherited from androidWorkProfileCertificateProfileBase. Possible values are: none, emailAddress, userPrincipalName, customAzureADAttribute, domainNameService, universalResourceIdentifier. |
| scepServerUrls | String collection | SCEP Server Url(s) |
| subjectNameFormatString | String | Custom format to use with SubjectNameFormat = Custom. Example: CN={{EmailAddress}},E={{EmailAddress}},OU=Enterprise Users,O=Contoso Corporation,L=Redmond,ST=WA,C=US |
| keyUsage | keyUsages | SCEP Key Usage. Possible values are: keyEncipherment, digitalSignature. |
| keySize | keySize | SCEP Key Size. Possible values are: size1024, size2048, size4096. |
| hashAlgorithm | hashAlgorithms | SCEP Hash Algorithm. Possible values are: sha1, sha2. |
| subjectAlternativeNameFormatString | String | Custom String that defines the AAD Attribute. |
| certificateStore | certificateStore | Target store certificate. Possible values are: user, machine. |
| customSubjectAlternativeNames | customSubjectAlternativeName collection | Custom Subject Alternative Name Settings. This collection can contain a maximum of 500 elements. |
androidWorkProfileTrustedRootCertificate
| Property | Type | Description |
|---|---|---|
| id | String | Key of the entity. Inherited from deviceConfiguration |
| lastModifiedDateTime | DateTimeOffset | DateTime the object was last modified. Inherited from deviceConfiguration |
| roleScopeTagIds | String collection | List of Scope Tags for this Entity instance. Inherited from deviceConfiguration |
| supportsScopeTags | Boolean | Indicates whether or not the underlying Device Configuration supports the assignment of scope tags. Assigning to the ScopeTags property is not allowed when this value is false and entities will not be visible to scoped users. This occurs for Legacy policies created in Silverlight and can be resolved by deleting and recreating the policy in the Azure Portal. This property is read-only. Inherited from deviceConfiguration |
| deviceManagementApplicabilityRuleOsEdition | deviceManagementApplicabilityRuleOsEdition | The OS edition applicability for this Policy. Inherited from deviceConfiguration |
| deviceManagementApplicabilityRuleOsVersion | deviceManagementApplicabilityRuleOsVersion | The OS version applicability rule for this Policy. Inherited from deviceConfiguration |
| deviceManagementApplicabilityRuleDeviceMode | deviceManagementApplicabilityRuleDeviceMode | The device mode applicability rule for this Policy. Inherited from deviceConfiguration |
| createdDateTime | DateTimeOffset | DateTime the object was created. Inherited from deviceConfiguration |
| description | String | Admin provided description of the Device Configuration. Inherited from deviceConfiguration |
| displayName | String | Admin provided name of the device configuration. Inherited from deviceConfiguration |
| version | Int32 | Version of the device configuration. Inherited from deviceConfiguration |
| trustedRootCertificate | Binary | Trusted Root Certificate |
| certFileName | String | File name to display in UI. |
androidWorkProfileVpnConfiguration
| Property | Type | Description |
|---|---|---|
| id | String | Key of the entity. Inherited from deviceConfiguration |
| lastModifiedDateTime | DateTimeOffset | DateTime the object was last modified. Inherited from deviceConfiguration |
| roleScopeTagIds | String collection | List of Scope Tags for this Entity instance. Inherited from deviceConfiguration |
| supportsScopeTags | Boolean | Indicates whether or not the underlying Device Configuration supports the assignment of scope tags. Assigning to the ScopeTags property is not allowed when this value is false and entities will not be visible to scoped users. This occurs for Legacy policies created in Silverlight and can be resolved by deleting and recreating the policy in the Azure Portal. This property is read-only. Inherited from deviceConfiguration |
| deviceManagementApplicabilityRuleOsEdition | deviceManagementApplicabilityRuleOsEdition | The OS edition applicability for this Policy. Inherited from deviceConfiguration |
| deviceManagementApplicabilityRuleOsVersion | deviceManagementApplicabilityRuleOsVersion | The OS version applicability rule for this Policy. Inherited from deviceConfiguration |
| deviceManagementApplicabilityRuleDeviceMode | deviceManagementApplicabilityRuleDeviceMode | The device mode applicability rule for this Policy. Inherited from deviceConfiguration |
| createdDateTime | DateTimeOffset | DateTime the object was created. Inherited from deviceConfiguration |
| description | String | Admin provided description of the Device Configuration. Inherited from deviceConfiguration |
| displayName | String | Admin provided name of the device configuration. Inherited from deviceConfiguration |
| version | Int32 | Version of the device configuration. Inherited from deviceConfiguration |
| connectionName | String | Connection name displayed to the user. |
| connectionType | androidWorkProfileVpnConnectionType | Connection type. Possible values are: ciscoAnyConnect, pulseSecure, f5EdgeClient, dellSonicWallMobileConnect, checkPointCapsuleVpn, citrix, paloAltoGlobalProtect, microsoftTunnel, netMotionMobility, microsoftProtect. |
| role | String | Role when connection type is set to Pulse Secure. |
| realm | String | Realm when connection type is set to Pulse Secure. |
| servers | vpnServer collection | List of VPN Servers on the network. Make sure end users can access these network locations. This collection can contain a maximum of 500 elements. |
| fingerprint | String | Fingerprint is a string that will be used to verify the VPN server can be trusted, which is only applicable when connection type is Check Point Capsule VPN. |
| customData | keyValue collection | Custom data when connection type is set to Citrix. This collection can contain a maximum of 25 elements. |
| customKeyValueData | keyValuePair collection | Custom data when connection type is set to Citrix. This collection can contain a maximum of 25 elements. |
| authenticationMethod | vpnAuthenticationMethod | Authentication method. Possible values are: certificate, usernameAndPassword, sharedSecret, derivedCredential, azureAD. |
| proxyServer | vpnProxyServer | Proxy server. |
| targetedPackageIds | String collection | Targeted App package IDs. |
| targetedMobileApps | appListItem collection | Targeted mobile apps. This collection can contain a maximum of 500 elements. |
| alwaysOn | Boolean | Whether or not to enable always-on VPN connection. |
| alwaysOnLockdown | Boolean | If always-on VPN connection is enabled, whether or not to lock network traffic when that VPN is disconnected. |
| microsoftTunnelSiteId | String | Microsoft Tunnel site ID. |
androidWorkProfileWiFiConfiguration
| Property | Type | Description |
|---|---|---|
| id | String | Key of the entity. Inherited from deviceConfiguration |
| lastModifiedDateTime | DateTimeOffset | DateTime the object was last modified. Inherited from deviceConfiguration |
| roleScopeTagIds | String collection | List of Scope Tags for this Entity instance. Inherited from deviceConfiguration |
| supportsScopeTags | Boolean | Indicates whether or not the underlying Device Configuration supports the assignment of scope tags. Assigning to the ScopeTags property is not allowed when this value is false and entities will not be visible to scoped users. This occurs for Legacy policies created in Silverlight and can be resolved by deleting and recreating the policy in the Azure Portal. This property is read-only. Inherited from deviceConfiguration |
| deviceManagementApplicabilityRuleOsEdition | deviceManagementApplicabilityRuleOsEdition | The OS edition applicability for this Policy. Inherited from deviceConfiguration |
| deviceManagementApplicabilityRuleOsVersion | deviceManagementApplicabilityRuleOsVersion | The OS version applicability rule for this Policy. Inherited from deviceConfiguration |
| deviceManagementApplicabilityRuleDeviceMode | deviceManagementApplicabilityRuleDeviceMode | The device mode applicability rule for this Policy. Inherited from deviceConfiguration |
| createdDateTime | DateTimeOffset | DateTime the object was created. Inherited from deviceConfiguration |
| description | String | Admin provided description of the Device Configuration. Inherited from deviceConfiguration |
| displayName | String | Admin provided name of the device configuration. Inherited from deviceConfiguration |
| version | Int32 | Version of the device configuration. Inherited from deviceConfiguration |
| networkName | String | Network Name |
| ssid | String | This is the name of the Wi-Fi network that is broadcast to all devices. |
| connectAutomatically | Boolean | Connect automatically when this network is in range. Setting this to true will skip the user prompt and automatically connect the device to Wi-Fi network. |
| connectWhenNetworkNameIsHidden | Boolean | When set to true, this profile forces the device to connect to a network that doesn't broadcast its SSID to all devices. |
| wiFiSecurityType | androidWiFiSecurityType | Indicates whether Wi-Fi endpoint uses an EAP based security type. Possible values are: open, wpaEnterprise, wpa2Enterprise. |
aospDeviceOwnerCertificateProfileBase
| Property | Type | Description |
|---|---|---|
| id | String | Key of the entity. Inherited from deviceConfiguration |
| lastModifiedDateTime | DateTimeOffset | DateTime the object was last modified. Inherited from deviceConfiguration |
| roleScopeTagIds | String collection | List of Scope Tags for this Entity instance. Inherited from deviceConfiguration |
| supportsScopeTags | Boolean | Indicates whether or not the underlying Device Configuration supports the assignment of scope tags. Assigning to the ScopeTags property is not allowed when this value is false and entities will not be visible to scoped users. This occurs for Legacy policies created in Silverlight and can be resolved by deleting and recreating the policy in the Azure Portal. This property is read-only. Inherited from deviceConfiguration |
| deviceManagementApplicabilityRuleOsEdition | deviceManagementApplicabilityRuleOsEdition | The OS edition applicability for this Policy. Inherited from deviceConfiguration |
| deviceManagementApplicabilityRuleOsVersion | deviceManagementApplicabilityRuleOsVersion | The OS version applicability rule for this Policy. Inherited from deviceConfiguration |
| deviceManagementApplicabilityRuleDeviceMode | deviceManagementApplicabilityRuleDeviceMode | The device mode applicability rule for this Policy. Inherited from deviceConfiguration |
| createdDateTime | DateTimeOffset | DateTime the object was created. Inherited from deviceConfiguration |
| description | String | Admin provided description of the Device Configuration. Inherited from deviceConfiguration |
| displayName | String | Admin provided name of the device configuration. Inherited from deviceConfiguration |
| version | Int32 | Version of the device configuration. Inherited from deviceConfiguration |
| renewalThresholdPercentage | Int32 | Certificate renewal threshold percentage. Valid values 1 to 99 |
| subjectNameFormat | subjectNameFormat | Certificate Subject Name Format. This collection can contain a maximum of 500 elements. Possible values are: commonName, commonNameIncludingEmail, commonNameAsEmail, custom, commonNameAsIMEI, commonNameAsSerialNumber, commonNameAsAadDeviceId, commonNameAsIntuneDeviceId, commonNameAsDurableDeviceId. |
| certificateValidityPeriodValue | Int32 | Value for the Certificate Validity Period. |
| certificateValidityPeriodScale | certificateValidityPeriodScale | Scale for the Certificate Validity Period. Possible values are: days, months, years. |
| extendedKeyUsages | extendedKeyUsage collection | Extended Key Usage (EKU) settings. This collection can contain a maximum of 500 elements. |
| subjectAlternativeNameType | subjectAlternativeNameType | Certificate Subject Alternative Name Type. This collection can contain a maximum of 500 elements. Possible values are: none, emailAddress, userPrincipalName, customAzureADAttribute, domainNameService, universalResourceIdentifier. |
aospDeviceOwnerCompliancePolicy
| Property | Type | Description |
|---|---|---|
| roleScopeTagIds | String collection | List of Scope Tags for this Entity instance. Inherited from deviceCompliancePolicy |
| id | String | Key of the entity. Inherited from deviceCompliancePolicy |
| createdDateTime | DateTimeOffset | DateTime the object was created. Inherited from deviceCompliancePolicy |
| description | String | Admin provided description of the Device Configuration. Inherited from deviceCompliancePolicy |
| lastModifiedDateTime | DateTimeOffset | DateTime the object was last modified. Inherited from deviceCompliancePolicy |
| displayName | String | Admin provided name of the device configuration. Inherited from deviceCompliancePolicy |
| version | Int32 | Version of the device configuration. Inherited from deviceCompliancePolicy |
| osMinimumVersion | String | Minimum Android version. |
| osMaximumVersion | String | Maximum Android version. |
| minAndroidSecurityPatchLevel | String | Minimum Android security patch level. |
| securityBlockJailbrokenDevices | Boolean | Devices must not be jailbroken or rooted. |
| passwordRequired | Boolean | Require a password to unlock device. |
| passwordRequiredType | androidDeviceOwnerRequiredPasswordType | Type of characters in password. Possible values are: deviceDefault, required, numeric, numericComplex, alphabetic, alphanumeric, alphanumericWithSymbols, lowSecurityBiometric, customPassword. |
| passwordMinutesOfInactivityBeforeLock | Int32 | Minutes of inactivity before a password is required. Valid values 1 to 8640 |
| passwordMinimumLength | Int32 | Minimum password length. Valid values 4 to 16 |
| storageRequireEncryption | Boolean | Require encryption on Android devices. |
aospDeviceOwnerDeviceConfiguration
| Property | Type | Description |
|---|---|---|
| id | String | Key of the entity. Inherited from deviceConfiguration |
| lastModifiedDateTime | DateTimeOffset | DateTime the object was last modified. Inherited from deviceConfiguration |
| roleScopeTagIds | String collection | List of Scope Tags for this Entity instance. Inherited from deviceConfiguration |
| supportsScopeTags | Boolean | Indicates whether or not the underlying Device Configuration supports the assignment of scope tags. Assigning to the ScopeTags property is not allowed when this value is false and entities will not be visible to scoped users. This occurs for Legacy policies created in Silverlight and can be resolved by deleting and recreating the policy in the Azure Portal. This property is read-only. Inherited from deviceConfiguration |
| deviceManagementApplicabilityRuleOsEdition | deviceManagementApplicabilityRuleOsEdition | The OS edition applicability for this Policy. Inherited from deviceConfiguration |
| deviceManagementApplicabilityRuleOsVersion | deviceManagementApplicabilityRuleOsVersion | The OS version applicability rule for this Policy. Inherited from deviceConfiguration |
| deviceManagementApplicabilityRuleDeviceMode | deviceManagementApplicabilityRuleDeviceMode | The device mode applicability rule for this Policy. Inherited from deviceConfiguration |
| createdDateTime | DateTimeOffset | DateTime the object was created. Inherited from deviceConfiguration |
| description | String | Admin provided description of the Device Configuration. Inherited from deviceConfiguration |
| displayName | String | Admin provided name of the device configuration. Inherited from deviceConfiguration |
| version | Int32 | Version of the device configuration. Inherited from deviceConfiguration |
| appsBlockInstallFromUnknownSources | Boolean | Indicates whether or not the user is allowed to enable unknown sources setting. When set to true, user is not allowed to enable unknown sources settings. |
| bluetoothBlocked | Boolean | Indicates whether or not to disable the use of bluetooth. When set to true, bluetooth cannot be enabled on the device. |
| bluetoothBlockConfiguration | Boolean | Indicates whether or not to block a user from configuring bluetooth. |
| cameraBlocked | Boolean | Indicates whether or not to disable the use of the camera. |
| factoryResetBlocked | Boolean | Indicates whether or not the factory reset option in settings is disabled. |
| passwordMinimumLength | Int32 | Indicates the minimum length of the password required on the device. Valid values 4 to 16 |
| passwordMinutesOfInactivityBeforeScreenTimeout | Int32 | Minutes of inactivity before the screen times out. |
| passwordRequiredType | androidDeviceOwnerRequiredPasswordType | Indicates the minimum password quality required on the device. Possible values are: deviceDefault, required, numeric, numericComplex, alphabetic, alphanumeric, alphanumericWithSymbols, lowSecurityBiometric, customPassword. |
| passwordSignInFailureCountBeforeFactoryReset | Int32 | Indicates the number of times a user can enter an incorrect password before the device is wiped. Valid values 4 to 11 |
| screenCaptureBlocked | Boolean | Indicates whether or not to disable the capability to take screenshots. |
| securityAllowDebuggingFeatures | Boolean | Indicates whether or not to block the user from enabling debugging features on the device. |
| storageBlockExternalMedia | Boolean | Indicates whether or not to block external media. |
| storageBlockUsbFileTransfer | Boolean | Indicates whether or not to block USB file transfer. |
| wifiBlockEditConfigurations | Boolean | Indicates whether or not to block the user from editing the wifi connection settings. |
aospDeviceOwnerEnterpriseWiFiConfiguration
| Property | Type | Description |
|---|---|---|
| id | String | Key of the entity. Inherited from deviceConfiguration |
| lastModifiedDateTime | DateTimeOffset | DateTime the object was last modified. Inherited from deviceConfiguration |
| roleScopeTagIds | String collection | List of Scope Tags for this Entity instance. Inherited from deviceConfiguration |
| supportsScopeTags | Boolean | Indicates whether or not the underlying Device Configuration supports the assignment of scope tags. Assigning to the ScopeTags property is not allowed when this value is false and entities will not be visible to scoped users. This occurs for Legacy policies created in Silverlight and can be resolved by deleting and recreating the policy in the Azure Portal. This property is read-only. Inherited from deviceConfiguration |
| deviceManagementApplicabilityRuleOsEdition | deviceManagementApplicabilityRuleOsEdition | The OS edition applicability for this Policy. Inherited from deviceConfiguration |
| deviceManagementApplicabilityRuleOsVersion | deviceManagementApplicabilityRuleOsVersion | The OS version applicability rule for this Policy. Inherited from deviceConfiguration |
| deviceManagementApplicabilityRuleDeviceMode | deviceManagementApplicabilityRuleDeviceMode | The device mode applicability rule for this Policy. Inherited from deviceConfiguration |
| createdDateTime | DateTimeOffset | DateTime the object was created. Inherited from deviceConfiguration |
| description | String | Admin provided description of the Device Configuration. Inherited from deviceConfiguration |
| displayName | String | Admin provided name of the device configuration. Inherited from deviceConfiguration |
| version | Int32 | Version of the device configuration. Inherited from deviceConfiguration |
| networkName | String | Network Name Inherited from aospDeviceOwnerWiFiConfiguration |
| ssid | String | This is the name of the Wi-Fi network that is broadcast to all devices. Inherited from aospDeviceOwnerWiFiConfiguration |
| connectAutomatically | Boolean | Connect automatically when this network is in range. Setting this to true will skip the user prompt and automatically connect the device to Wi-Fi network. Inherited from aospDeviceOwnerWiFiConfiguration |
| connectWhenNetworkNameIsHidden | Boolean | When set to true, this profile forces the device to connect to a network that doesn't broadcast its SSID to all devices. Inherited from aospDeviceOwnerWiFiConfiguration |
| wiFiSecurityType | aospDeviceOwnerWiFiSecurityType | Indicates whether Wi-Fi endpoint uses an EAP based security type. Inherited from aospDeviceOwnerWiFiConfiguration. Possible values are: open, wep, wpaPersonal, wpaEnterprise. |
| preSharedKey | String | This is the pre-shared key for WPA Personal Wi-Fi network. Inherited from aospDeviceOwnerWiFiConfiguration |
| preSharedKeyIsSet | Boolean | This is the pre-shared key for WPA Personal Wi-Fi network. Inherited from aospDeviceOwnerWiFiConfiguration |
| eapType | androidEapType | Indicates the type of EAP protocol set on the Wi-Fi endpoint (router). Possible values are: eapTls, eapTtls, peap. |
| trustedServerCertificateNames | String collection | Trusted server certificate names when EAP Type is configured to EAP-TLS/TTLS/FAST or PEAP. This is the common name used in the certificates issued by your trusted certificate authority (CA). If you provide this information, you can bypass the dynamic trust dialog that is displayed on end users' devices when they connect to this Wi-Fi network. |
| authenticationMethod | wiFiAuthenticationMethod | Indicates the Authentication Method the client (device) needs to use when the EAP Type is configured to PEAP or EAP-TTLS. Possible values are: certificate, usernameAndPassword, derivedCredential. |
| innerAuthenticationProtocolForEapTtls | nonEapAuthenticationMethodForEapTtlsType | Non-EAP Method for Authentication (Inner Identity) when EAP Type is EAP-TTLS and Authenticationmethod is Username and Password. Possible values are: unencryptedPassword, challengeHandshakeAuthenticationProtocol, microsoftChap, microsoftChapVersionTwo. |
| innerAuthenticationProtocolForPeap | nonEapAuthenticationMethodForPeap | Non-EAP Method for Authentication (Inner Identity) when EAP Type is PEAP and Authenticationmethod is Username and Password. This collection can contain a maximum of 500 elements. Possible values are: none, microsoftChapVersionTwo. |
| outerIdentityPrivacyTemporaryValue | String | Enable identity privacy (Outer Identity) when EAP Type is configured to EAP-TTLS or PEAP. The String provided here is used to mask the username of individual users when they attempt to connect to Wi-Fi network. |
aospDeviceOwnerPkcsCertificateProfile
| Property | Type | Description |
|---|---|---|
| id | String | Key of the entity. Inherited from deviceConfiguration |
| lastModifiedDateTime | DateTimeOffset | DateTime the object was last modified. Inherited from deviceConfiguration |
| roleScopeTagIds | String collection | List of Scope Tags for this Entity instance. Inherited from deviceConfiguration |
| supportsScopeTags | Boolean | Indicates whether or not the underlying Device Configuration supports the assignment of scope tags. Assigning to the ScopeTags property is not allowed when this value is false and entities will not be visible to scoped users. This occurs for Legacy policies created in Silverlight and can be resolved by deleting and recreating the policy in the Azure Portal. This property is read-only. Inherited from deviceConfiguration |
| deviceManagementApplicabilityRuleOsEdition | deviceManagementApplicabilityRuleOsEdition | The OS edition applicability for this Policy. Inherited from deviceConfiguration |
| deviceManagementApplicabilityRuleOsVersion | deviceManagementApplicabilityRuleOsVersion | The OS version applicability rule for this Policy. Inherited from deviceConfiguration |
| deviceManagementApplicabilityRuleDeviceMode | deviceManagementApplicabilityRuleDeviceMode | The device mode applicability rule for this Policy. Inherited from deviceConfiguration |
| createdDateTime | DateTimeOffset | DateTime the object was created. Inherited from deviceConfiguration |
| description | String | Admin provided description of the Device Configuration. Inherited from deviceConfiguration |
| displayName | String | Admin provided name of the device configuration. Inherited from deviceConfiguration |
| version | Int32 | Version of the device configuration. Inherited from deviceConfiguration |
| renewalThresholdPercentage | Int32 | Certificate renewal threshold percentage. Valid values 1 to 99 Inherited from aospDeviceOwnerCertificateProfileBase |
| subjectNameFormat | subjectNameFormat | Certificate Subject Name Format. This collection can contain a maximum of 500 elements. Inherited from aospDeviceOwnerCertificateProfileBase. Possible values are: commonName, commonNameIncludingEmail, commonNameAsEmail, custom, commonNameAsIMEI, commonNameAsSerialNumber, commonNameAsAadDeviceId, commonNameAsIntuneDeviceId, commonNameAsDurableDeviceId. |
| certificateValidityPeriodValue | Int32 | Value for the Certificate Validity Period. Inherited from aospDeviceOwnerCertificateProfileBase |
| certificateValidityPeriodScale | certificateValidityPeriodScale | Scale for the Certificate Validity Period. Inherited from aospDeviceOwnerCertificateProfileBase. Possible values are: days, months, years. |
| extendedKeyUsages | extendedKeyUsage collection | Extended Key Usage (EKU) settings. This collection can contain a maximum of 500 elements. Inherited from aospDeviceOwnerCertificateProfileBase |
| subjectAlternativeNameType | subjectAlternativeNameType | Certificate Subject Alternative Name Type. This collection can contain a maximum of 500 elements. Inherited from aospDeviceOwnerCertificateProfileBase. Possible values are: none, emailAddress, userPrincipalName, customAzureADAttribute, domainNameService, universalResourceIdentifier. |
| certificationAuthority | String | PKCS Certification Authority |
| certificationAuthorityName | String | PKCS Certification Authority Name |
| certificationAuthorityType | deviceManagementCertificationAuthority | Certification authority type. Possible values are: notConfigured, microsoft, digiCert. |
| certificateTemplateName | String | PKCS Certificate Template Name |
| subjectAlternativeNameFormatString | String | Custom String that defines the AAD Attribute. |
| subjectNameFormatString | String | Custom format to use with SubjectNameFormat = Custom. Example: CN={{EmailAddress}},E={{EmailAddress}},OU=Enterprise Users,O=Contoso Corporation,L=Redmond,ST=WA,C=US |
| certificateStore | certificateStore | Target store certificate. Possible values are: user, machine. |
| customSubjectAlternativeNames | customSubjectAlternativeName collection | Custom Subject Alternative Name Settings. This collection can contain a maximum of 500 elements. |
aospDeviceOwnerScepCertificateProfile
| Property | Type | Description |
|---|---|---|
| id | String | Key of the entity. Inherited from deviceConfiguration |
| lastModifiedDateTime | DateTimeOffset | DateTime the object was last modified. Inherited from deviceConfiguration |
| roleScopeTagIds | String collection | List of Scope Tags for this Entity instance. Inherited from deviceConfiguration |
| supportsScopeTags | Boolean | Indicates whether or not the underlying Device Configuration supports the assignment of scope tags. Assigning to the ScopeTags property is not allowed when this value is false and entities will not be visible to scoped users. This occurs for Legacy policies created in Silverlight and can be resolved by deleting and recreating the policy in the Azure Portal. This property is read-only. Inherited from deviceConfiguration |
| deviceManagementApplicabilityRuleOsEdition | deviceManagementApplicabilityRuleOsEdition | The OS edition applicability for this Policy. Inherited from deviceConfiguration |
| deviceManagementApplicabilityRuleOsVersion | deviceManagementApplicabilityRuleOsVersion | The OS version applicability rule for this Policy. Inherited from deviceConfiguration |
| deviceManagementApplicabilityRuleDeviceMode | deviceManagementApplicabilityRuleDeviceMode | The device mode applicability rule for this Policy. Inherited from deviceConfiguration |
| createdDateTime | DateTimeOffset | DateTime the object was created. Inherited from deviceConfiguration |
| description | String | Admin provided description of the Device Configuration. Inherited from deviceConfiguration |
| displayName | String | Admin provided name of the device configuration. Inherited from deviceConfiguration |
| version | Int32 | Version of the device configuration. Inherited from deviceConfiguration |
| renewalThresholdPercentage | Int32 | Certificate renewal threshold percentage. Valid values 1 to 99 Inherited from aospDeviceOwnerCertificateProfileBase |
| subjectNameFormat | subjectNameFormat | Certificate Subject Name Format. This collection can contain a maximum of 500 elements. Inherited from aospDeviceOwnerCertificateProfileBase. Possible values are: commonName, commonNameIncludingEmail, commonNameAsEmail, custom, commonNameAsIMEI, commonNameAsSerialNumber, commonNameAsAadDeviceId, commonNameAsIntuneDeviceId, commonNameAsDurableDeviceId. |
| certificateValidityPeriodValue | Int32 | Value for the Certificate Validity Period. Inherited from aospDeviceOwnerCertificateProfileBase |
| certificateValidityPeriodScale | certificateValidityPeriodScale | Scale for the Certificate Validity Period. Inherited from aospDeviceOwnerCertificateProfileBase. Possible values are: days, months, years. |
| extendedKeyUsages | extendedKeyUsage collection | Extended Key Usage (EKU) settings. This collection can contain a maximum of 500 elements. Inherited from aospDeviceOwnerCertificateProfileBase |
| subjectAlternativeNameType | subjectAlternativeNameType | Certificate Subject Alternative Name Type. This collection can contain a maximum of 500 elements. Inherited from aospDeviceOwnerCertificateProfileBase. Possible values are: none, emailAddress, userPrincipalName, customAzureADAttribute, domainNameService, universalResourceIdentifier. |
| scepServerUrls | String collection | SCEP Server Url(s) |
| subjectNameFormatString | String | Custom format to use with SubjectNameFormat = Custom. Example: CN={{EmailAddress}},E={{EmailAddress}},OU=Enterprise Users,O=Contoso Corporation,L=Redmond,ST=WA,C=US |
| keyUsage | keyUsages | SCEP Key Usage. Possible values are: keyEncipherment, digitalSignature. |
| keySize | keySize | SCEP Key Size. Possible values are: size1024, size2048, size4096. |
| hashAlgorithm | hashAlgorithms | SCEP Hash Algorithm. Possible values are: sha1, sha2. |
| subjectAlternativeNameFormatString | String | Custom String that defines the AAD Attribute. |
| certificateStore | certificateStore | Target store certificate. This collection can contain a maximum of 500 elements. Possible values are: user, machine. |
| customSubjectAlternativeNames | customSubjectAlternativeName collection | Custom Subject Alternative Name Settings. This collection can contain a maximum of 500 elements. |
aospDeviceOwnerTrustedRootCertificate
| Property | Type | Description |
|---|---|---|
| id | String | Key of the entity. Inherited from deviceConfiguration |
| lastModifiedDateTime | DateTimeOffset | DateTime the object was last modified. Inherited from deviceConfiguration |
| roleScopeTagIds | String collection | List of Scope Tags for this Entity instance. Inherited from deviceConfiguration |
| supportsScopeTags | Boolean | Indicates whether or not the underlying Device Configuration supports the assignment of scope tags. Assigning to the ScopeTags property is not allowed when this value is false and entities will not be visible to scoped users. This occurs for Legacy policies created in Silverlight and can be resolved by deleting and recreating the policy in the Azure Portal. This property is read-only. Inherited from deviceConfiguration |
| deviceManagementApplicabilityRuleOsEdition | deviceManagementApplicabilityRuleOsEdition | The OS edition applicability for this Policy. Inherited from deviceConfiguration |
| deviceManagementApplicabilityRuleOsVersion | deviceManagementApplicabilityRuleOsVersion | The OS version applicability rule for this Policy. Inherited from deviceConfiguration |
| deviceManagementApplicabilityRuleDeviceMode | deviceManagementApplicabilityRuleDeviceMode | The device mode applicability rule for this Policy. Inherited from deviceConfiguration |
| createdDateTime | DateTimeOffset | DateTime the object was created. Inherited from deviceConfiguration |
| description | String | Admin provided description of the Device Configuration. Inherited from deviceConfiguration |
| displayName | String | Admin provided name of the device configuration. Inherited from deviceConfiguration |
| version | Int32 | Version of the device configuration. Inherited from deviceConfiguration |
| trustedRootCertificate | Binary | Trusted Root Certificate |
| certFileName | String | File name to display in UI. |
aospDeviceOwnerWiFiConfiguration
| Property | Type | Description |
|---|---|---|
| id | String | Key of the entity. Inherited from deviceConfiguration |
| lastModifiedDateTime | DateTimeOffset | DateTime the object was last modified. Inherited from deviceConfiguration |
| roleScopeTagIds | String collection | List of Scope Tags for this Entity instance. Inherited from deviceConfiguration |
| supportsScopeTags | Boolean | Indicates whether or not the underlying Device Configuration supports the assignment of scope tags. Assigning to the ScopeTags property is not allowed when this value is false and entities will not be visible to scoped users. This occurs for Legacy policies created in Silverlight and can be resolved by deleting and recreating the policy in the Azure Portal. This property is read-only. Inherited from deviceConfiguration |
| deviceManagementApplicabilityRuleOsEdition | deviceManagementApplicabilityRuleOsEdition | The OS edition applicability for this Policy. Inherited from deviceConfiguration |
| deviceManagementApplicabilityRuleOsVersion | deviceManagementApplicabilityRuleOsVersion | The OS version applicability rule for this Policy. Inherited from deviceConfiguration |
| deviceManagementApplicabilityRuleDeviceMode | deviceManagementApplicabilityRuleDeviceMode | The device mode applicability rule for this Policy. Inherited from deviceConfiguration |
| createdDateTime | DateTimeOffset | DateTime the object was created. Inherited from deviceConfiguration |
| description | String | Admin provided description of the Device Configuration. Inherited from deviceConfiguration |
| displayName | String | Admin provided name of the device configuration. Inherited from deviceConfiguration |
| version | Int32 | Version of the device configuration. Inherited from deviceConfiguration |
| networkName | String | Network Name |
| ssid | String | This is the name of the Wi-Fi network that is broadcast to all devices. |
| connectAutomatically | Boolean | Connect automatically when this network is in range. Setting this to true will skip the user prompt and automatically connect the device to Wi-Fi network. |
| connectWhenNetworkNameIsHidden | Boolean | When set to true, this profile forces the device to connect to a network that doesn't broadcast its SSID to all devices. |
| wiFiSecurityType | aospDeviceOwnerWiFiSecurityType | Indicates whether Wi-Fi endpoint uses an EAP based security type. Possible values are: open, wep, wpaPersonal, wpaEnterprise. |
| preSharedKey | String | This is the pre-shared key for WPA Personal Wi-Fi network. |
| preSharedKeyIsSet | Boolean | This is the pre-shared key for WPA Personal Wi-Fi network. |
appleDeviceFeaturesConfigurationBase
| Property | Type | Description |
|---|---|---|
| id | String | Key of the entity. Inherited from deviceConfiguration |
| lastModifiedDateTime | DateTimeOffset | DateTime the object was last modified. Inherited from deviceConfiguration |
| createdDateTime | DateTimeOffset | DateTime the object was created. Inherited from deviceConfiguration |
| description | String | Admin provided description of the Device Configuration. Inherited from deviceConfiguration |
| displayName | String | Admin provided name of the device configuration. Inherited from deviceConfiguration |
| version | Int32 | Version of the device configuration. Inherited from deviceConfiguration |
appleExpeditedCheckinConfigurationBase
| Property | Type | Description |
|---|---|---|
| id | String | Key of the entity. Inherited from deviceConfiguration |
| lastModifiedDateTime | DateTimeOffset | DateTime the object was last modified. Inherited from deviceConfiguration |
| roleScopeTagIds | String collection | List of Scope Tags for this Entity instance. Inherited from deviceConfiguration |
| supportsScopeTags | Boolean | Indicates whether or not the underlying Device Configuration supports the assignment of scope tags. Assigning to the ScopeTags property is not allowed when this value is false and entities will not be visible to scoped users. This occurs for Legacy policies created in Silverlight and can be resolved by deleting and recreating the policy in the Azure Portal. This property is read-only. Inherited from deviceConfiguration |
| deviceManagementApplicabilityRuleOsEdition | deviceManagementApplicabilityRuleOsEdition | The OS edition applicability for this Policy. Inherited from deviceConfiguration |
| deviceManagementApplicabilityRuleOsVersion | deviceManagementApplicabilityRuleOsVersion | The OS version applicability rule for this Policy. Inherited from deviceConfiguration |
| deviceManagementApplicabilityRuleDeviceMode | deviceManagementApplicabilityRuleDeviceMode | The device mode applicability rule for this Policy. Inherited from deviceConfiguration |
| createdDateTime | DateTimeOffset | DateTime the object was created. Inherited from deviceConfiguration |
| description | String | Admin provided description of the Device Configuration. Inherited from deviceConfiguration |
| displayName | String | Admin provided name of the device configuration. Inherited from deviceConfiguration |
| version | Int32 | Version of the device configuration. Inherited from deviceConfiguration |
| enableExpeditedCheckin | Boolean | Gets or sets whether to enable expedited device check-ins. |
appleVpnConfiguration
| Property | Type | Description |
|---|---|---|
| id | String | Key of the entity. Inherited from deviceConfiguration |
| lastModifiedDateTime | DateTimeOffset | DateTime the object was last modified. Inherited from deviceConfiguration |
| roleScopeTagIds | String collection | List of Scope Tags for this Entity instance. Inherited from deviceConfiguration |
| supportsScopeTags | Boolean | Indicates whether or not the underlying Device Configuration supports the assignment of scope tags. Assigning to the ScopeTags property is not allowed when this value is false and entities will not be visible to scoped users. This occurs for Legacy policies created in Silverlight and can be resolved by deleting and recreating the policy in the Azure Portal. This property is read-only. Inherited from deviceConfiguration |
| deviceManagementApplicabilityRuleOsEdition | deviceManagementApplicabilityRuleOsEdition | The OS edition applicability for this Policy. Inherited from deviceConfiguration |
| deviceManagementApplicabilityRuleOsVersion | deviceManagementApplicabilityRuleOsVersion | The OS version applicability rule for this Policy. Inherited from deviceConfiguration |
| deviceManagementApplicabilityRuleDeviceMode | deviceManagementApplicabilityRuleDeviceMode | The device mode applicability rule for this Policy. Inherited from deviceConfiguration |
| createdDateTime | DateTimeOffset | DateTime the object was created. Inherited from deviceConfiguration |
| description | String | Admin provided description of the Device Configuration. Inherited from deviceConfiguration |
| displayName | String | Admin provided name of the device configuration. Inherited from deviceConfiguration |
| version | Int32 | Version of the device configuration. Inherited from deviceConfiguration |
| connectionName | String | Connection name displayed to the user. |
| connectionType | appleVpnConnectionType | Connection type. Possible values are: ciscoAnyConnect, pulseSecure, f5EdgeClient, dellSonicWallMobileConnect, checkPointCapsuleVpn, customVpn, ciscoIPSec, citrix, ciscoAnyConnectV2, paloAltoGlobalProtect, zscalerPrivateAccess, f5Access2018, citrixSso, paloAltoGlobalProtectV2, ikEv2, alwaysOn, microsoftTunnel, netMotionMobility, microsoftProtect. |
| loginGroupOrDomain | String | Login group or domain when connection type is set to Dell SonicWALL Mobile Connection. |
| role | String | Role when connection type is set to Pulse Secure. |
| realm | String | Realm when connection type is set to Pulse Secure. |
| server | vpnServer | VPN Server on the network. Make sure end users can access this network location. |
| identifier | String | Identifier provided by VPN vendor when connection type is set to Custom VPN. For example: Cisco AnyConnect uses an identifier of the form com.cisco.anyconnect.applevpn.plugin |
| customData | keyValue collection | Custom data when connection type is set to Custom VPN. Use this field to enable functionality not supported by Intune, but available in your VPN solution. Contact your VPN vendor to learn how to add these key/value pairs. This collection can contain a maximum of 25 elements. |
| customKeyValueData | keyValuePair collection | Custom data when connection type is set to Custom VPN. Use this field to enable functionality not supported by Intune, but available in your VPN solution. Contact your VPN vendor to learn how to add these key/value pairs. This collection can contain a maximum of 25 elements. |
| enableSplitTunneling | Boolean | Send all network traffic through VPN. |
| authenticationMethod | vpnAuthenticationMethod | Authentication method for this VPN connection. Possible values are: certificate, usernameAndPassword, sharedSecret, derivedCredential, azureAD. |
| enablePerApp | Boolean | Setting this to true creates Per-App VPN payload which can later be associated with Apps that can trigger this VPN conneciton on the end user's iOS device. |
| safariDomains | String collection | Safari domains when this VPN per App setting is enabled. In addition to the apps associated with this VPN, Safari domains specified here will also be able to trigger this VPN connection. |
| onDemandRules | vpnOnDemandRule collection | On-Demand Rules. This collection can contain a maximum of 500 elements. |
| providerType | vpnProviderType | Provider type for per-app VPN. Possible values are: notConfigured, appProxy, packetTunnel. |
| associatedDomains | String collection | Associated Domains |
| excludedDomains | String collection | Domains that are accessed through the public internet instead of through VPN, even when per-app VPN is activated |
| disableOnDemandUserOverride | Boolean | Toggle to prevent user from disabling automatic VPN in the Settings app |
| disconnectOnIdle | Boolean | Whether to disconnect after on-demand connection idles |
| disconnectOnIdleTimerInSeconds | Int32 | The length of time in seconds to wait before disconnecting an on-demand connection. Valid values 0 to 65535 |
| proxyServer | vpnProxyServer | Proxy Server. |
| optInToDeviceIdSharing | Boolean | Opt-In to sharing the device's Id to third-party vpn clients for use during network access control validation. |
cartToClassAssociation
| Property | Type | Description |
|---|---|---|
| id | String | Key of the entity. |
| createdDateTime | DateTimeOffset | DateTime the object was created. |
| lastModifiedDateTime | DateTimeOffset | DateTime the object was last modified. |
| version | Int32 | Version of the CartToClassAssociation. |
| displayName | String | Admin provided name of the device configuration. |
| description | String | Admin provided description of the CartToClassAssociation. |
| deviceCartIds | String collection | Identifiers of device carts to be associated with classes. |
| classroomIds | String collection | Identifiers of classrooms to be associated with device carts. |
defaultDeviceCompliancePolicy
| Property | Type | Description |
|---|---|---|
| roleScopeTagIds | String collection | List of Scope Tags for this Entity instance. Inherited from deviceCompliancePolicy |
| id | String | Key of the entity. Inherited from deviceCompliancePolicy |
| createdDateTime | DateTimeOffset | DateTime the object was created. Inherited from deviceCompliancePolicy |
| description | String | Admin provided description of the Device Configuration. Inherited from deviceCompliancePolicy |
| lastModifiedDateTime | DateTimeOffset | DateTime the object was last modified. Inherited from deviceCompliancePolicy |
| displayName | String | Admin provided name of the device configuration. Inherited from deviceCompliancePolicy |
| version | Int32 | Version of the device configuration. Inherited from deviceCompliancePolicy |
deviceComplianceActionItem
| Property | Type | Description |
|---|---|---|
| id | String | Key of the entity. |
| gracePeriodHours | Int32 | Number of hours to wait till the action will be enforced. Valid values 0 to 8760 |
| actionType | deviceComplianceActionType | What action to take. Possible values are: noAction, notification, block, retire, wipe, removeResourceAccessProfiles, pushNotification. |
| notificationTemplateId | String | What notification Message template to use |
| notificationMessageCCList | String collection | A list of group IDs to speicify who to CC this notification message to. |
deviceComplianceDeviceOverview
| Property | Type | Description |
|---|---|---|
| id | String | Key of the entity. |
| pendingCount | Int32 | Number of pending devices |
| notApplicableCount | Int32 | Number of not applicable devices |
| successCount | Int32 | Number of succeeded devices |
| errorCount | Int32 | Number of error devices |
| failedCount | Int32 | Number of failed devices |
| lastUpdateDateTime | DateTimeOffset | Last update time |
| configurationVersion | Int32 | Version of the policy for that overview |
deviceComplianceDeviceStatus
| Property | Type | Description |
|---|---|---|
| id | String | Key of the entity. |
| deviceDisplayName | String | Device name of the DevicePolicyStatus. |
| userName | String | The User Name that is being reported |
| deviceModel | String | The device model that is being reported |
| complianceGracePeriodExpirationDateTime | DateTimeOffset | The DateTime when device compliance grace period expires |
| status | complianceStatus | Compliance status of the policy report. Possible values are: unknown, notApplicable, compliant, remediated, nonCompliant, error, conflict, notAssigned. |
| lastReportedDateTime | DateTimeOffset | Last modified date time of the policy report. |
| userPrincipalName | String | UserPrincipalName. |
deviceCompliancePolicy
| Property | Type | Description |
|---|---|---|
| id | String | Key of the entity. |
| createdDateTime | DateTimeOffset | DateTime the object was created. |
| description | String | Admin provided description of the Device Configuration. |
| lastModifiedDateTime | DateTimeOffset | DateTime the object was last modified. |
| displayName | String | Admin provided name of the device configuration. |
| version | Int32 | Version of the device configuration. |
deviceCompliancePolicyAssignment
| Property | Type | Description |
|---|---|---|
| id | String | Key of the entity. |
| target | deviceAndAppManagementAssignmentTarget | Target for the compliance policy assignment. |
deviceCompliancePolicyDeviceStateSummary
| Property | Type | Description |
|---|---|---|
| inGracePeriodCount | Int32 | Number of devices that are in grace period |
| configManagerCount | Int32 | Number of devices that have compliance managed by System Center Configuration Manager |
| id | String | Key of the entity. |
| unknownDeviceCount | Int32 | Number of unknown devices |
| notApplicableDeviceCount | Int32 | Number of not applicable devices |
| compliantDeviceCount | Int32 | Number of compliant devices |
| remediatedDeviceCount | Int32 | Number of remediated devices |
| nonCompliantDeviceCount | Int32 | Number of NonCompliant devices |
| errorDeviceCount | Int32 | Number of error devices |
| conflictDeviceCount | Int32 | Number of conflict devices |
deviceCompliancePolicySettingStateSummary
| Property | Type | Description |
|---|---|---|
| id | String | Key of the entity. |
| setting | String | The setting class name and property name. |
| settingName | String | Name of the setting. |
| platformType | policyPlatformType | Setting platform. Possible values are: android, iOS, macOS, windowsPhone81, windows81AndLater, windows10AndLater, androidWorkProfile, all. |
| unknownDeviceCount | Int32 | Number of unknown devices |
| notApplicableDeviceCount | Int32 | Number of not applicable devices |
| compliantDeviceCount | Int32 | Number of compliant devices |
| remediatedDeviceCount | Int32 | Number of remediated devices |
| nonCompliantDeviceCount | Int32 | Number of NonCompliant devices |
| errorDeviceCount | Int32 | Number of error devices |
| conflictDeviceCount | Int32 | Number of conflict devices |
deviceComplianceScheduledActionForRule
| Property | Type | Description |
|---|---|---|
| id | String | Key of the entity. |
| ruleName | String | Name of the rule which this scheduled action applies to. Currently scheduled actions are created per policy instead of per rule, thus RuleName is always set to default value PasswordRequired. |
deviceComplianceSettingState
| Property | Type | Description |
|---|---|---|
| id | String | Key of the entity |
| setting | String | The setting class name and property name. |
| settingName | String | The Setting Name that is being reported |
| deviceId | String | The Device Id that is being reported |
| deviceName | String | The Device Name that is being reported |
| userId | String | The user Id that is being reported |
| userEmail | String | The User email address that is being reported |
| userName | String | The User Name that is being reported |
| userPrincipalName | String | The User PrincipalName that is being reported |
| deviceModel | String | The device model that is being reported |
| state | complianceStatus | The compliance state of the setting. Possible values are: unknown, notApplicable, compliant, remediated, nonCompliant, error, conflict, notAssigned. |
| complianceGracePeriodExpirationDateTime | DateTimeOffset | The DateTime when device compliance grace period expires |
deviceComplianceUserOverview
| Property | Type | Description |
|---|---|---|
| id | String | Key of the entity. |
| pendingCount | Int32 | Number of pending Users |
| notApplicableCount | Int32 | Number of not applicable users |
| successCount | Int32 | Number of succeeded Users |
| errorCount | Int32 | Number of error Users |
| failedCount | Int32 | Number of failed Users |
| lastUpdateDateTime | DateTimeOffset | Last update time |
| configurationVersion | Int32 | Version of the policy for that overview |
deviceComplianceUserStatus
| Property | Type | Description |
|---|---|---|
| id | String | Key of the entity. |
| userDisplayName | String | User name of the DevicePolicyStatus. |
| devicesCount | Int32 | Devices count for that user. |
| status | complianceStatus | Compliance status of the policy report. Possible values are: unknown, notApplicable, compliant, remediated, nonCompliant, error, conflict, notAssigned. |
| lastReportedDateTime | DateTimeOffset | Last modified date time of the policy report. |
| userPrincipalName | String | UserPrincipalName. |
deviceConfiguration
| Property | Type | Description |
|---|---|---|
| id | String | Key of the entity. |
| lastModifiedDateTime | DateTimeOffset | DateTime the object was last modified. |
| createdDateTime | DateTimeOffset | DateTime the object was created. |
| description | String | Admin provided description of the Device Configuration. |
| displayName | String | Admin provided name of the device configuration. |
| version | Int32 | Version of the device configuration. |
deviceConfigurationAssignment
| Property | Type | Description |
|---|---|---|
| id | String | The key of the assignment. |
| target | deviceAndAppManagementAssignmentTarget | The assignment target for the device configuration. |
deviceConfigurationConflictSummary
| Property | Type | Description |
|---|---|---|
| conflictingDeviceConfigurations | settingSource collection | The set of policies in conflict with the given setting |
| id | String | The id for this set of conflicting policies. This id is the ids of all the policies in ConflictingDeviceConfigurations in lexicographical order separated by underscores. |
| contributingSettings | String collection | The set of settings in conflict with the given policies |
| deviceCheckinsImpacted | Int32 | The count of checkins impacted by the conflicting policies and settings |
deviceConfigurationDeviceOverview
| Property | Type | Description |
|---|---|---|
| id | String | Key of the entity. |
| pendingCount | Int32 | Number of pending devices |
| notApplicableCount | Int32 | Number of not applicable devices |
| successCount | Int32 | Number of succeeded devices |
| errorCount | Int32 | Number of error devices |
| failedCount | Int32 | Number of failed devices |
| lastUpdateDateTime | DateTimeOffset | Last update time |
| configurationVersion | Int32 | Version of the policy for that overview |
deviceConfigurationDeviceStateSummary
| Property | Type | Description |
|---|---|---|
| id | String | Key of the entity. |
| unknownDeviceCount | Int32 | Number of unknown devices |
| notApplicableDeviceCount | Int32 | Number of not applicable devices |
| compliantDeviceCount | Int32 | Number of compliant devices |
| remediatedDeviceCount | Int32 | Number of remediated devices |
| nonCompliantDeviceCount | Int32 | Number of NonCompliant devices |
| errorDeviceCount | Int32 | Number of error devices |
| conflictDeviceCount | Int32 | Number of conflict devices |
deviceConfigurationDeviceStatus
| Property | Type | Description |
|---|---|---|
| id | String | Key of the entity. |
| deviceDisplayName | String | Device name of the DevicePolicyStatus. |
| userName | String | The User Name that is being reported |
| deviceModel | String | The device model that is being reported |
| complianceGracePeriodExpirationDateTime | DateTimeOffset | The DateTime when device compliance grace period expires |
| status | complianceStatus | Compliance status of the policy report. Possible values are: unknown, notApplicable, compliant, remediated, nonCompliant, error, conflict, notAssigned. |
| lastReportedDateTime | DateTimeOffset | Last modified date time of the policy report. |
| userPrincipalName | String | UserPrincipalName. |
deviceConfigurationGroupAssignment
| Property | Type | Description |
|---|---|---|
| id | String | Key of the entity. |
| targetGroupId | String | The Id of the AAD group we are targeting the device configuration to. |
| excludeGroup | Boolean | Indicates if this group is should be excluded. Defaults that the group should be included |
deviceConfigurationTargetedUserAndDevice
| Property | Type | Description |
|---|---|---|
| deviceId | String | The id of the device in the checkin. |
| deviceName | String | The name of the device in the checkin. |
| userId | String | The id of the user in the checkin. |
| userDisplayName | String | The display name of the user in the checkin |
| userPrincipalName | String | The UPN of the user in the checkin. |
| lastCheckinDateTime | DateTimeOffset | Last checkin time for this user/device pair. |
deviceConfigurationUserOverview
| Property | Type | Description |
|---|---|---|
| id | String | Key of the entity. |
| pendingCount | Int32 | Number of pending Users |
| notApplicableCount | Int32 | Number of not applicable users |
| successCount | Int32 | Number of succeeded Users |
| errorCount | Int32 | Number of error Users |
| failedCount | Int32 | Number of failed Users |
| lastUpdateDateTime | DateTimeOffset | Last update time |
| configurationVersion | Int32 | Version of the policy for that overview |
deviceConfigurationUserStateSummary
| Property | Type | Description |
|---|---|---|
| id | String | Key of the entity. |
| unknownUserCount | Int32 | Number of unknown users |
| notApplicableUserCount | Int32 | Number of not applicable users |
| compliantUserCount | Int32 | Number of compliant users |
| remediatedUserCount | Int32 | Number of remediated users |
| nonCompliantUserCount | Int32 | Number of NonCompliant users |
| errorUserCount | Int32 | Number of error users |
| conflictUserCount | Int32 | Number of conflict users |
deviceConfigurationUserStatus
| Property | Type | Description |
|---|---|---|
| id | String | Key of the entity. |
| userDisplayName | String | User name of the DevicePolicyStatus. |
| devicesCount | Int32 | Devices count for that user. |
| status | complianceStatus | Compliance status of the policy report. Possible values are: unknown, notApplicable, compliant, remediated, nonCompliant, error, conflict, notAssigned. |
| lastReportedDateTime | DateTimeOffset | Last modified date time of the policy report. |
| userPrincipalName | String | UserPrincipalName. |
deviceManagement
| Property | Type | Description |
|---|---|---|
| id | String | Unique Identifier |
| settings | deviceManagementSettings | Account level settings. |
| intuneAccountId | Guid | Intune Account Id for given tenant |
easEmailProfileConfigurationBase
| Property | Type | Description |
|---|---|---|
| id | String | Key of the entity. Inherited from deviceConfiguration |
| lastModifiedDateTime | DateTimeOffset | DateTime the object was last modified. Inherited from deviceConfiguration |
| roleScopeTagIds | String collection | List of Scope Tags for this Entity instance. Inherited from deviceConfiguration |
| supportsScopeTags | Boolean | Indicates whether or not the underlying Device Configuration supports the assignment of scope tags. Assigning to the ScopeTags property is not allowed when this value is false and entities will not be visible to scoped users. This occurs for Legacy policies created in Silverlight and can be resolved by deleting and recreating the policy in the Azure Portal. This property is read-only. Inherited from deviceConfiguration |
| deviceManagementApplicabilityRuleOsEdition | deviceManagementApplicabilityRuleOsEdition | The OS edition applicability for this Policy. Inherited from deviceConfiguration |
| deviceManagementApplicabilityRuleOsVersion | deviceManagementApplicabilityRuleOsVersion | The OS version applicability rule for this Policy. Inherited from deviceConfiguration |
| deviceManagementApplicabilityRuleDeviceMode | deviceManagementApplicabilityRuleDeviceMode | The device mode applicability rule for this Policy. Inherited from deviceConfiguration |
| createdDateTime | DateTimeOffset | DateTime the object was created. Inherited from deviceConfiguration |
| description | String | Admin provided description of the Device Configuration. Inherited from deviceConfiguration |
| displayName | String | Admin provided name of the device configuration. Inherited from deviceConfiguration |
| version | Int32 | Version of the device configuration. Inherited from deviceConfiguration |
| usernameSource | userEmailSource | Username attribute that is picked from AAD and injected into this profile before installing on the device. Possible values are: userPrincipalName, primarySmtpAddress. |
| usernameAADSource | usernameSource | Name of the AAD field, that will be used to retrieve UserName for email profile. Possible values are: userPrincipalName, primarySmtpAddress, samAccountName. |
| userDomainNameSource | domainNameSource | UserDomainname attribute that is picked from AAD and injected into this profile before installing on the device. Possible values are: fullDomainName, netBiosDomainName. |
| customDomainName | String | Custom domain name value used while generating an email profile before installing on the device. |
editionUpgradeConfiguration
| Property | Type | Description |
|---|---|---|
| id | String | Key of the entity. Inherited from deviceConfiguration |
| lastModifiedDateTime | DateTimeOffset | DateTime the object was last modified. Inherited from deviceConfiguration |
| createdDateTime | DateTimeOffset | DateTime the object was created. Inherited from deviceConfiguration |
| description | String | Admin provided description of the Device Configuration. Inherited from deviceConfiguration |
| displayName | String | Admin provided name of the device configuration. Inherited from deviceConfiguration |
| version | Int32 | Version of the device configuration. Inherited from deviceConfiguration |
| licenseType | editionUpgradeLicenseType | Edition Upgrade License Type. Possible values are: productKey, licenseFile. |
| targetEdition | windows10EditionType | Edition Upgrade Target Edition. Possible values are: windows10Enterprise, windows10EnterpriseN, windows10Education, windows10EducationN, windows10MobileEnterprise, windows10HolographicEnterprise, windows10Professional, windows10ProfessionalN, windows10ProfessionalEducation, windows10ProfessionalEducationN, windows10ProfessionalWorkstation, windows10ProfessionalWorkstationN. |
| license | String | Edition Upgrade License File Content. |
| productKey | String | Edition Upgrade Product Key. |
hardwareConfiguration
| Property | Type | Description |
|---|---|---|
| id | String | Unique Identifier for the hardware configuration |
| version | Int32 | Version of the hardware configuration (E.g. 1, 2, 3 ...) |
| displayName | String | Name of the hardware configuration |
| description | String | Description of the hardware configuration |
| createdDateTime | DateTimeOffset | Timestamp of when the hardware configuration was created. This property is read-only. |
| lastModifiedDateTime | DateTimeOffset | Timestamp of when the hardware configuration was modified. This property is read-only. |
| fileName | String | File name of the hardware configuration |
| configurationFileContent | Binary | File content of the hardware configuration |
| hardwareConfigurationFormat | hardwareConfigurationFormat | Oem type of the hardware configuration (E.g. DELL, HP, Surface and SurfaceDock). Possible values are: dell, surface, surfaceDock. |
| roleScopeTagIds | String collection | List of Scope Tag IDs for the hardware configuration |
| perDevicePasswordDisabled | Boolean | A value indicating whether per devcive pasword disabled |
hardwareConfigurationAssignment
| Property | Type | Description |
|---|---|---|
| id | String | Key of the hardware configuration group assignment entity. This property is read-only. |
| target | deviceAndAppManagementAssignmentTarget | The Id of the Azure Active Directory group we are targeting the configuration to. |
hardwareConfigurationDeviceState
| Property | Type | Description |
|---|---|---|
| id | String | Key of the hardware configuration script device state entity. This property is read-only. |
| deviceName | String | The name of the device |
| osVersion | String | Operating system version of the device (E.g. 10.0.19042.1165, 10.0.19042.1288 etc.) |
| upn | String | User Principal Name (UPN). |
| internalVersion | Int32 | The Policy internal version |
| lastStateUpdateDateTime | DateTimeOffset | The last timestamp of when the hardware configuration executed |
| configurationState | runState | Configuration state from the lastest hardware configuration execution. Possible values are: unknown, success, fail, scriptError, pending, notApplicable. |
| configurationOutput | String | Output of the hardware configuration execution |
| configurationError | String | Error from the hardware configuration execution |
hardwareConfigurationRunSummary
| Property | Type | Description |
|---|---|---|
| id | String | Key of the hardware configuration run summary entity. This property is read-only. |
| successfulDeviceCount | Int32 | Number of devices for which hardware configured without any issue |
| failedDeviceCount | Int32 | Number of devices for which hardware configuration found an issue |
| pendingDeviceCount | Int32 | Number of devices for which hardware configuration is in pending state |
| errorDeviceCount | Int32 | Number of devices for which hardware configuration state is error |
| notApplicableDeviceCount | Int32 | Number of devices for which hardware configuration state is not applicable |
| unknownDeviceCount | Int32 | Number of devices for which hardware configuration state is unknown |
| successfulUserCount | Int32 | Number of users for which hardware configured without any issue |
| failedUserCount | Int32 | Number of users for which hardware configuration found an issue |
| pendingUserCount | Int32 | Number of users for which hardware configuration is in pending state |
| errorUserCount | Int32 | Number of users for which hardware configuration state is error |
| notApplicableUserCount | Int32 | Number of users for which hardware configuration state is not applicable |
| unknownUserCount | Int32 | Number of users for which hardware configuration state is unknown |
| lastRunDateTime | DateTimeOffset | Last run time for the configuration across all devices |
hardwareConfigurationUserState
| Property | Type | Description |
|---|---|---|
| id | String | Key of the hardware configuration script user state entity. This property is read-only. |
| upn | String | User Principal Name (UPN). |
| userEmail | String | User Email address. |
| userName | String | User name |
| lastStateUpdateDateTime | DateTimeOffset | Last timestamp when the hardware configuration executed |
| successfulDeviceCount | Int32 | Success device count for specific user. |
| failedDeviceCount | Int32 | Failed device count for specific user. |
| pendingDeviceCount | Int32 | Pending device count for specific user. |
| errorDeviceCount | Int32 | Error device count for specific user. |
| notApplicableDeviceCount | Int32 | Not applicable device count for specific user. |
| unknownDeviceCount | Int32 | Unknown device count for specific user. |
hardwarePasswordInfo
| Property | Type | Description |
|---|---|---|
| id | String | Unique Identifier for the hardware password info |
| serialNumber | String | Device serial number |
| currentPassword | String | Current device password |
| previousPasswords | String collection | List of previous device passwords |
iosCertificateProfile
| Property | Type | Description |
|---|---|---|
| id | String | Key of the entity. Inherited from deviceConfiguration |
| lastModifiedDateTime | DateTimeOffset | DateTime the object was last modified. Inherited from deviceConfiguration |
| createdDateTime | DateTimeOffset | DateTime the object was created. Inherited from deviceConfiguration |
| description | String | Admin provided description of the Device Configuration. Inherited from deviceConfiguration |
| displayName | String | Admin provided name of the device configuration. Inherited from deviceConfiguration |
| version | Int32 | Version of the device configuration. Inherited from deviceConfiguration |
iosCertificateProfileBase
| Property | Type | Description |
|---|---|---|
| id | String | Key of the entity. Inherited from deviceConfiguration |
| lastModifiedDateTime | DateTimeOffset | DateTime the object was last modified. Inherited from deviceConfiguration |
| roleScopeTagIds | String collection | List of Scope Tags for this Entity instance. Inherited from deviceConfiguration |
| supportsScopeTags | Boolean | Indicates whether or not the underlying Device Configuration supports the assignment of scope tags. Assigning to the ScopeTags property is not allowed when this value is false and entities will not be visible to scoped users. This occurs for Legacy policies created in Silverlight and can be resolved by deleting and recreating the policy in the Azure Portal. This property is read-only. Inherited from deviceConfiguration |
| deviceManagementApplicabilityRuleOsEdition | deviceManagementApplicabilityRuleOsEdition | The OS edition applicability for this Policy. Inherited from deviceConfiguration |
| deviceManagementApplicabilityRuleOsVersion | deviceManagementApplicabilityRuleOsVersion | The OS version applicability rule for this Policy. Inherited from deviceConfiguration |
| deviceManagementApplicabilityRuleDeviceMode | deviceManagementApplicabilityRuleDeviceMode | The device mode applicability rule for this Policy. Inherited from deviceConfiguration |
| createdDateTime | DateTimeOffset | DateTime the object was created. Inherited from deviceConfiguration |
| description | String | Admin provided description of the Device Configuration. Inherited from deviceConfiguration |
| displayName | String | Admin provided name of the device configuration. Inherited from deviceConfiguration |
| version | Int32 | Version of the device configuration. Inherited from deviceConfiguration |
| renewalThresholdPercentage | Int32 | Certificate renewal threshold percentage. Valid values 1 to 99 |
| subjectNameFormat | appleSubjectNameFormat | Certificate Subject Name Format. Possible values are: commonName, commonNameAsEmail, custom, commonNameIncludingEmail, commonNameAsIMEI, commonNameAsSerialNumber. |
| subjectAlternativeNameType | subjectAlternativeNameType | Certificate Subject Alternative Name type. Possible values are: none, emailAddress, userPrincipalName, customAzureADAttribute, domainNameService, universalResourceIdentifier. |
| certificateValidityPeriodValue | Int32 | Value for the Certificate Validity Period. |
| certificateValidityPeriodScale | certificateValidityPeriodScale | Scale for the Certificate Validity Period. Possible values are: days, months, years. |
iosCompliancePolicy
| Property | Type | Description |
|---|---|---|
| id | String | Key of the entity. Inherited from deviceCompliancePolicy |
| createdDateTime | DateTimeOffset | DateTime the object was created. Inherited from deviceCompliancePolicy |
| description | String | Admin provided description of the Device Configuration. Inherited from deviceCompliancePolicy |
| lastModifiedDateTime | DateTimeOffset | DateTime the object was last modified. Inherited from deviceCompliancePolicy |
| displayName | String | Admin provided name of the device configuration. Inherited from deviceCompliancePolicy |
| version | Int32 | Version of the device configuration. Inherited from deviceCompliancePolicy |
| passcodeBlockSimple | Boolean | Indicates whether or not to block simple passcodes. |
| passcodeExpirationDays | Int32 | Number of days before the passcode expires. Valid values 1 to 65535 |
| passcodeMinimumLength | Int32 | Minimum length of passcode. Valid values 4 to 14 |
| passcodeMinutesOfInactivityBeforeLock | Int32 | Minutes of inactivity before a passcode is required. |
| passcodePreviousPasscodeBlockCount | Int32 | Number of previous passcodes to block. Valid values 1 to 24 |
| passcodeMinimumCharacterSetCount | Int32 | The number of character sets required in the password. |
| passcodeRequiredType | requiredPasswordType | The required passcode type. Possible values are: deviceDefault, alphanumeric, numeric. |
| passcodeRequired | Boolean | Indicates whether or not to require a passcode. |
| osMinimumVersion | String | Minimum IOS version. |
| osMaximumVersion | String | Maximum IOS version. |
| securityBlockJailbrokenDevices | Boolean | Devices must not be jailbroken or rooted. |
| deviceThreatProtectionEnabled | Boolean | Require that devices have enabled device threat protection . |
| deviceThreatProtectionRequiredSecurityLevel | deviceThreatProtectionLevel | Require Mobile Threat Protection minimum risk level to report noncompliance. Possible values are: unavailable, secured, low, medium, high, notSet. |
| managedEmailProfileRequired | Boolean | Indicates whether or not to require a managed email profile. |
iosCustomConfiguration
| Property | Type | Description | |
|---|---|---|---|
| id | String | Key of the entity. Inherited from deviceConfiguration | |
| lastModifiedDateTime | DateTimeOffset | DateTime the object was last modified. Inherited from deviceConfiguration | |
| createdDateTime | DateTimeOffset | DateTime the object was created. Inherited from deviceConfiguration | |
| description | String | Admin provided description of the Device Configuration. Inherited from deviceConfiguration | |
| displayName | String | Admin provided name of the device configuration. Inherited from deviceConfiguration | |
| version | Int32 | Version of the device configuration. Inherited from deviceConfiguration | |
| payloadName | String | Name that is displayed to the user. | |
| payloadFileName | String | Payload file name (*.mobileconfig | *.xml). |
| payload | Binary | Payload. (UTF8 encoded byte array) |
iosDerivedCredentialAuthenticationConfiguration
| Property | Type | Description |
|---|---|---|
| id | String | Key of the entity. Inherited from deviceConfiguration |
| lastModifiedDateTime | DateTimeOffset | DateTime the object was last modified. Inherited from deviceConfiguration |
| roleScopeTagIds | String collection | List of Scope Tags for this Entity instance. Inherited from deviceConfiguration |
| supportsScopeTags | Boolean | Indicates whether or not the underlying Device Configuration supports the assignment of scope tags. Assigning to the ScopeTags property is not allowed when this value is false and entities will not be visible to scoped users. This occurs for Legacy policies created in Silverlight and can be resolved by deleting and recreating the policy in the Azure Portal. This property is read-only. Inherited from deviceConfiguration |
| deviceManagementApplicabilityRuleOsEdition | deviceManagementApplicabilityRuleOsEdition | The OS edition applicability for this Policy. Inherited from deviceConfiguration |
| deviceManagementApplicabilityRuleOsVersion | deviceManagementApplicabilityRuleOsVersion | The OS version applicability rule for this Policy. Inherited from deviceConfiguration |
| deviceManagementApplicabilityRuleDeviceMode | deviceManagementApplicabilityRuleDeviceMode | The device mode applicability rule for this Policy. Inherited from deviceConfiguration |
| createdDateTime | DateTimeOffset | DateTime the object was created. Inherited from deviceConfiguration |
| description | String | Admin provided description of the Device Configuration. Inherited from deviceConfiguration |
| displayName | String | Admin provided name of the device configuration. Inherited from deviceConfiguration |
| version | Int32 | Version of the device configuration. Inherited from deviceConfiguration |
iosDeviceFeaturesConfiguration
| Property | Type | Description |
|---|---|---|
| id | String | Key of the entity. Inherited from deviceConfiguration |
| lastModifiedDateTime | DateTimeOffset | DateTime the object was last modified. Inherited from deviceConfiguration |
| createdDateTime | DateTimeOffset | DateTime the object was created. Inherited from deviceConfiguration |
| description | String | Admin provided description of the Device Configuration. Inherited from deviceConfiguration |
| displayName | String | Admin provided name of the device configuration. Inherited from deviceConfiguration |
| version | Int32 | Version of the device configuration. Inherited from deviceConfiguration |
| assetTagTemplate | String | Asset tag information for the device, displayed on the login window and lock screen. |
| lockScreenFootnote | String | A footnote displayed on the login window and lock screen. Available in iOS 9.3.1 and later. |
| homeScreenDockIcons | iosHomeScreenItem collection | A list of app and folders to appear on the Home Screen Dock. This collection can contain a maximum of 500 elements. |
| homeScreenPages | iosHomeScreenPage collection | A list of pages on the Home Screen. This collection can contain a maximum of 500 elements. |
| notificationSettings | iosNotificationSettings collection | Notification settings for each bundle id. Applicable to devices in supervised mode only (iOS 9.3 and later). This collection can contain a maximum of 500 elements. |
iosEasEmailProfileConfiguration
| Property | Type | Description |
|---|---|---|
| id | String | Key of the entity. Inherited from deviceConfiguration |
| lastModifiedDateTime | DateTimeOffset | DateTime the object was last modified. Inherited from deviceConfiguration |
| roleScopeTagIds | String collection | List of Scope Tags for this Entity instance. Inherited from deviceConfiguration |
| supportsScopeTags | Boolean | Indicates whether or not the underlying Device Configuration supports the assignment of scope tags. Assigning to the ScopeTags property is not allowed when this value is false and entities will not be visible to scoped users. This occurs for Legacy policies created in Silverlight and can be resolved by deleting and recreating the policy in the Azure Portal. This property is read-only. Inherited from deviceConfiguration |
| deviceManagementApplicabilityRuleOsEdition | deviceManagementApplicabilityRuleOsEdition | The OS edition applicability for this Policy. Inherited from deviceConfiguration |
| deviceManagementApplicabilityRuleOsVersion | deviceManagementApplicabilityRuleOsVersion | The OS version applicability rule for this Policy. Inherited from deviceConfiguration |
| deviceManagementApplicabilityRuleDeviceMode | deviceManagementApplicabilityRuleDeviceMode | The device mode applicability rule for this Policy. Inherited from deviceConfiguration |
| createdDateTime | DateTimeOffset | DateTime the object was created. Inherited from deviceConfiguration |
| description | String | Admin provided description of the Device Configuration. Inherited from deviceConfiguration |
| displayName | String | Admin provided name of the device configuration. Inherited from deviceConfiguration |
| version | Int32 | Version of the device configuration. Inherited from deviceConfiguration |
| usernameSource | userEmailSource | Username attribute that is picked from AAD and injected into this profile before installing on the device. Inherited from easEmailProfileConfigurationBase. Possible values are: userPrincipalName, primarySmtpAddress. |
| usernameAADSource | usernameSource | Name of the AAD field, that will be used to retrieve UserName for email profile. Inherited from easEmailProfileConfigurationBase. Possible values are: userPrincipalName, primarySmtpAddress, samAccountName. |
| userDomainNameSource | domainNameSource | UserDomainname attribute that is picked from AAD and injected into this profile before installing on the device. Inherited from easEmailProfileConfigurationBase. Possible values are: fullDomainName, netBiosDomainName. |
| customDomainName | String | Custom domain name value used while generating an email profile before installing on the device. Inherited from easEmailProfileConfigurationBase |
| accountName | String | Account name. |
| authenticationMethod | easAuthenticationMethod | Authentication method for this Email profile. Possible values are: usernameAndPassword, certificate, derivedCredential. |
| blockMovingMessagesToOtherEmailAccounts | Boolean | Indicates whether or not to block moving messages to other email accounts. |
| blockSendingEmailFromThirdPartyApps | Boolean | Indicates whether or not to block sending email from third party apps. |
| blockSyncingRecentlyUsedEmailAddresses | Boolean | Indicates whether or not to block syncing recently used email addresses, for instance - when composing new email. |
| durationOfEmailToSync | emailSyncDuration | Duration of time email should be synced back to. . Possible values are: userDefined, oneDay, threeDays, oneWeek, twoWeeks, oneMonth, unlimited. |
| emailAddressSource | userEmailSource | Email attribute that is picked from AAD and injected into this profile before installing on the device. Possible values are: userPrincipalName, primarySmtpAddress. |
| easServices | easServices | Exchange data to sync. Possible values are: none, calendars, contacts, email, notes, reminders. |
| easServicesUserOverrideEnabled | Boolean | Allow users to change sync settings. |
| hostName | String | Exchange location that (URL) that the native mail app connects to. |
| requireSmime | Boolean | Indicates whether or not to use S/MIME certificate. |
| smimeEnablePerMessageSwitch | Boolean | Indicates whether or not to allow unencrypted emails. |
| smimeEncryptByDefaultEnabled | Boolean | If set to true S/MIME encryption is enabled by default. |
| smimeSigningEnabled | Boolean | If set to true S/MIME signing is enabled for this account |
| smimeSigningUserOverrideEnabled | Boolean | If set to true, the user can toggle S/MIME signing on or off. |
| smimeEncryptByDefaultUserOverrideEnabled | Boolean | If set to true, the user can toggle the encryption by default setting. |
| smimeSigningCertificateUserOverrideEnabled | Boolean | If set to true, the user can select the signing identity. |
| smimeEncryptionCertificateUserOverrideEnabled | Boolean | If set to true the user can select the S/MIME encryption identity. |
| requireSsl | Boolean | Indicates whether or not to use SSL. |
| useOAuth | Boolean | Specifies whether the connection should use OAuth for authentication. |
| signingCertificateType | emailCertificateType | Signing Certificate type for this Email profile. Possible values are: none, certificate, derivedCredential. |
| encryptionCertificateType | emailCertificateType | Encryption Certificate type for this Email profile. Possible values are: none, certificate, derivedCredential. |
| perAppVPNProfileId | String | Profile ID of the Per-App VPN policy to be used to access emails from the native Mail client |
iosEducationDeviceConfiguration
| Property | Type | Description |
|---|---|---|
| id | String | Key of the entity. Inherited from deviceConfiguration |
| lastModifiedDateTime | DateTimeOffset | DateTime the object was last modified. Inherited from deviceConfiguration |
| roleScopeTagIds | String collection | List of Scope Tags for this Entity instance. Inherited from deviceConfiguration |
| supportsScopeTags | Boolean | Indicates whether or not the underlying Device Configuration supports the assignment of scope tags. Assigning to the ScopeTags property is not allowed when this value is false and entities will not be visible to scoped users. This occurs for Legacy policies created in Silverlight and can be resolved by deleting and recreating the policy in the Azure Portal. This property is read-only. Inherited from deviceConfiguration |
| deviceManagementApplicabilityRuleOsEdition | deviceManagementApplicabilityRuleOsEdition | The OS edition applicability for this Policy. Inherited from deviceConfiguration |
| deviceManagementApplicabilityRuleOsVersion | deviceManagementApplicabilityRuleOsVersion | The OS version applicability rule for this Policy. Inherited from deviceConfiguration |
| deviceManagementApplicabilityRuleDeviceMode | deviceManagementApplicabilityRuleDeviceMode | The device mode applicability rule for this Policy. Inherited from deviceConfiguration |
| createdDateTime | DateTimeOffset | DateTime the object was created. Inherited from deviceConfiguration |
| description | String | Admin provided description of the Device Configuration. Inherited from deviceConfiguration |
| displayName | String | Admin provided name of the device configuration. Inherited from deviceConfiguration |
| version | Int32 | Version of the device configuration. Inherited from deviceConfiguration |
iosEduDeviceConfiguration
| Property | Type | Description |
|---|---|---|
| id | String | Key of the entity. Inherited from deviceConfiguration |
| lastModifiedDateTime | DateTimeOffset | DateTime the object was last modified. Inherited from deviceConfiguration |
| roleScopeTagIds | String collection | List of Scope Tags for this Entity instance. Inherited from deviceConfiguration |
| supportsScopeTags | Boolean | Indicates whether or not the underlying Device Configuration supports the assignment of scope tags. Assigning to the ScopeTags property is not allowed when this value is false and entities will not be visible to scoped users. This occurs for Legacy policies created in Silverlight and can be resolved by deleting and recreating the policy in the Azure Portal. This property is read-only. Inherited from deviceConfiguration |
| deviceManagementApplicabilityRuleOsEdition | deviceManagementApplicabilityRuleOsEdition | The OS edition applicability for this Policy. Inherited from deviceConfiguration |
| deviceManagementApplicabilityRuleOsVersion | deviceManagementApplicabilityRuleOsVersion | The OS version applicability rule for this Policy. Inherited from deviceConfiguration |
| deviceManagementApplicabilityRuleDeviceMode | deviceManagementApplicabilityRuleDeviceMode | The device mode applicability rule for this Policy. Inherited from deviceConfiguration |
| createdDateTime | DateTimeOffset | DateTime the object was created. Inherited from deviceConfiguration |
| description | String | Admin provided description of the Device Configuration. Inherited from deviceConfiguration |
| displayName | String | Admin provided name of the device configuration. Inherited from deviceConfiguration |
| version | Int32 | Version of the device configuration. Inherited from deviceConfiguration |
| teacherCertificateSettings | iosEduCertificateSettings | The Trusted Root and PFX certificates for Teacher |
| studentCertificateSettings | iosEduCertificateSettings | The Trusted Root and PFX certificates for Student |
| deviceCertificateSettings | iosEduCertificateSettings | The Trusted Root and PFX certificates for Device |
iosEnterpriseWiFiConfiguration
| Property | Type | Description |
|---|---|---|
| id | String | Key of the entity. Inherited from deviceConfiguration |
| lastModifiedDateTime | DateTimeOffset | DateTime the object was last modified. Inherited from deviceConfiguration |
| roleScopeTagIds | String collection | List of Scope Tags for this Entity instance. Inherited from deviceConfiguration |
| supportsScopeTags | Boolean | Indicates whether or not the underlying Device Configuration supports the assignment of scope tags. Assigning to the ScopeTags property is not allowed when this value is false and entities will not be visible to scoped users. This occurs for Legacy policies created in Silverlight and can be resolved by deleting and recreating the policy in the Azure Portal. This property is read-only. Inherited from deviceConfiguration |
| deviceManagementApplicabilityRuleOsEdition | deviceManagementApplicabilityRuleOsEdition | The OS edition applicability for this Policy. Inherited from deviceConfiguration |
| deviceManagementApplicabilityRuleOsVersion | deviceManagementApplicabilityRuleOsVersion | The OS version applicability rule for this Policy. Inherited from deviceConfiguration |
| deviceManagementApplicabilityRuleDeviceMode | deviceManagementApplicabilityRuleDeviceMode | The device mode applicability rule for this Policy. Inherited from deviceConfiguration |
| createdDateTime | DateTimeOffset | DateTime the object was created. Inherited from deviceConfiguration |
| description | String | Admin provided description of the Device Configuration. Inherited from deviceConfiguration |
| displayName | String | Admin provided name of the device configuration. Inherited from deviceConfiguration |
| version | Int32 | Version of the device configuration. Inherited from deviceConfiguration |
| networkName | String | Network Name Inherited from iosWiFiConfiguration |
| ssid | String | This is the name of the Wi-Fi network that is broadcast to all devices. Inherited from iosWiFiConfiguration |
| connectAutomatically | Boolean | Connect automatically when this network is in range. Setting this to true will skip the user prompt and automatically connect the device to Wi-Fi network. Inherited from iosWiFiConfiguration |
| connectWhenNetworkNameIsHidden | Boolean | Connect when the network is not broadcasting its name (SSID). When set to true, this profile forces the device to connect to a network that doesn't broadcast its SSID to all devices. Inherited from iosWiFiConfiguration |
| wiFiSecurityType | wiFiSecurityType | Indicates whether Wi-Fi endpoint uses an EAP based security type. Inherited from iosWiFiConfiguration. Possible values are: open, wpaPersonal, wpaEnterprise, wep, wpa2Personal, wpa2Enterprise. |
| proxySettings | wiFiProxySetting | Proxy Type for this Wi-Fi connection Inherited from iosWiFiConfiguration. Possible values are: none, manual, automatic. |
| proxyManualAddress | String | IP Address or DNS hostname of the proxy server when manual configuration is selected. Inherited from iosWiFiConfiguration |
| proxyManualPort | Int32 | Port of the proxy server when manual configuration is selected. Inherited from iosWiFiConfiguration |
| proxyAutomaticConfigurationUrl | String | URL of the proxy server automatic configuration script when automatic configuration is selected. This URL is typically the location of PAC (Proxy Auto Configuration) file. Inherited from iosWiFiConfiguration |
| disableMacAddressRandomization | Boolean | If set to true, forces devices connecting using this Wi-Fi profile to present their actual Wi-Fi MAC address instead of a random MAC address. Applies to iOS 14 and later. Inherited from iosWiFiConfiguration |
| preSharedKey | String | This is the pre-shared key for WPA Personal Wi-Fi network. Inherited from iosWiFiConfiguration |
| eapType | eapType | Extensible Authentication Protocol (EAP). Indicates the type of EAP protocol set on the Wi-Fi endpoint (router). Possible values are: eapTls, leap, eapSim, eapTtls, peap, eapFast, teap. |
| eapFastConfiguration | eapFastConfiguration | EAP-FAST Configuration Option when EAP-FAST is the selected EAP Type. Possible values are: noProtectedAccessCredential, useProtectedAccessCredential, useProtectedAccessCredentialAndProvision, useProtectedAccessCredentialAndProvisionAnonymously. |
| trustedServerCertificateNames | String collection | Trusted server certificate names when EAP Type is configured to EAP-TLS/TTLS/FAST or PEAP. This is the common name used in the certificates issued by your trusted certificate authority (CA). If you provide this information, you can bypass the dynamic trust dialog that is displayed on end users' devices when they connect to this Wi-Fi network. |
| authenticationMethod | wiFiAuthenticationMethod | Authentication Method when EAP Type is configured to PEAP or EAP-TTLS. Possible values are: certificate, usernameAndPassword, derivedCredential. |
| innerAuthenticationProtocolForEapTtls | nonEapAuthenticationMethodForEapTtlsType | Non-EAP Method for Authentication when EAP Type is EAP-TTLS and Authenticationmethod is Username and Password. Possible values are: unencryptedPassword, challengeHandshakeAuthenticationProtocol, microsoftChap, microsoftChapVersionTwo. |
| outerIdentityPrivacyTemporaryValue | String | Enable identity privacy (Outer Identity) when EAP Type is configured to EAP - TTLS, EAP - FAST or PEAP. This property masks usernames with the text you enter. For example, if you use 'anonymous', each user that authenticates with this Wi-Fi connection using their real username is displayed as 'anonymous'. |
| usernameFormatString | String | Username format string used to build the username to connect to wifi |
| passwordFormatString | String | Password format string used to build the password to connect to wifi |
iosExpeditedCheckinConfiguration
| Property | Type | Description |
|---|---|---|
| id | String | Key of the entity. Inherited from deviceConfiguration |
| lastModifiedDateTime | DateTimeOffset | DateTime the object was last modified. Inherited from deviceConfiguration |
| roleScopeTagIds | String collection | List of Scope Tags for this Entity instance. Inherited from deviceConfiguration |
| supportsScopeTags | Boolean | Indicates whether or not the underlying Device Configuration supports the assignment of scope tags. Assigning to the ScopeTags property is not allowed when this value is false and entities will not be visible to scoped users. This occurs for Legacy policies created in Silverlight and can be resolved by deleting and recreating the policy in the Azure Portal. This property is read-only. Inherited from deviceConfiguration |
| deviceManagementApplicabilityRuleOsEdition | deviceManagementApplicabilityRuleOsEdition | The OS edition applicability for this Policy. Inherited from deviceConfiguration |
| deviceManagementApplicabilityRuleOsVersion | deviceManagementApplicabilityRuleOsVersion | The OS version applicability rule for this Policy. Inherited from deviceConfiguration |
| deviceManagementApplicabilityRuleDeviceMode | deviceManagementApplicabilityRuleDeviceMode | The device mode applicability rule for this Policy. Inherited from deviceConfiguration |
| createdDateTime | DateTimeOffset | DateTime the object was created. Inherited from deviceConfiguration |
| description | String | Admin provided description of the Device Configuration. Inherited from deviceConfiguration |
| displayName | String | Admin provided name of the device configuration. Inherited from deviceConfiguration |
| version | Int32 | Version of the device configuration. Inherited from deviceConfiguration |
| enableExpeditedCheckin | Boolean | Gets or sets whether to enable expedited device check-ins. Inherited from appleExpeditedCheckinConfigurationBase |
iosGeneralDeviceConfiguration
| Property | Type | Description |
|---|---|---|
| id | String | Key of the entity. Inherited from deviceConfiguration |
| lastModifiedDateTime | DateTimeOffset | DateTime the object was last modified. Inherited from deviceConfiguration |
| createdDateTime | DateTimeOffset | DateTime the object was created. Inherited from deviceConfiguration |
| description | String | Admin provided description of the Device Configuration. Inherited from deviceConfiguration |
| displayName | String | Admin provided name of the device configuration. Inherited from deviceConfiguration |
| version | Int32 | Version of the device configuration. Inherited from deviceConfiguration |
| accountBlockModification | Boolean | Indicates whether or not to allow account modification when the device is in supervised mode. |
| activationLockAllowWhenSupervised | Boolean | Indicates whether or not to allow activation lock when the device is in the supervised mode. |
| airDropBlocked | Boolean | Indicates whether or not to allow AirDrop when the device is in supervised mode. |
| airDropForceUnmanagedDropTarget | Boolean | Indicates whether or not to cause AirDrop to be considered an unmanaged drop target (iOS 9.0 and later). |
| airPlayForcePairingPasswordForOutgoingRequests | Boolean | Indicates whether or not to enforce all devices receiving AirPlay requests from this device to use a pairing password. |
| appleWatchBlockPairing | Boolean | Indicates whether or not to allow Apple Watch pairing when the device is in supervised mode (iOS 9.0 and later). |
| appleWatchForceWristDetection | Boolean | Indicates whether or not to force a paired Apple Watch to use Wrist Detection (iOS 8.2 and later). |
| appleNewsBlocked | Boolean | Indicates whether or not to block the user from using News when the device is in supervised mode (iOS 9.0 and later). |
| appsSingleAppModeList | appListItem collection | Gets or sets the list of iOS apps allowed to autonomously enter Single App Mode. Supervised only. iOS 7.0 and later. This collection can contain a maximum of 500 elements. |
| appsVisibilityList | appListItem collection | List of apps in the visibility list (either visible/launchable apps list or hidden/unlaunchable apps list, controlled by AppsVisibilityListType) (iOS 9.3 and later). This collection can contain a maximum of 10000 elements. |
| appsVisibilityListType | appListType | Type of list that is in the AppsVisibilityList. Possible values are: none, appsInListCompliant, appsNotInListCompliant. |
| appStoreBlockAutomaticDownloads | Boolean | Indicates whether or not to block the automatic downloading of apps purchased on other devices when the device is in supervised mode (iOS 9.0 and later). |
| appStoreBlocked | Boolean | Indicates whether or not to block the user from using the App Store. Requires a supervised device for iOS 13 and later. |
| appStoreBlockInAppPurchases | Boolean | Indicates whether or not to block the user from making in app purchases. |
| appStoreBlockUIAppInstallation | Boolean | Indicates whether or not to block the App Store app, not restricting installation through Host apps. Applies to supervised mode only (iOS 9.0 and later). |
| appStoreRequirePassword | Boolean | Indicates whether or not to require a password when using the app store. |
| bluetoothBlockModification | Boolean | Indicates whether or not to allow modification of Bluetooth settings when the device is in supervised mode (iOS 10.0 and later). |
| cameraBlocked | Boolean | Indicates whether or not to block the user from accessing the camera of the device. Requires a supervised device for iOS 13 and later. |
| cellularBlockDataRoaming | Boolean | Indicates whether or not to block data roaming. |
| cellularBlockGlobalBackgroundFetchWhileRoaming | Boolean | Indicates whether or not to block global background fetch while roaming. |
| cellularBlockPerAppDataModification | Boolean | Indicates whether or not to allow changes to cellular app data usage settings when the device is in supervised mode. |
| cellularBlockPersonalHotspot | Boolean | Indicates whether or not to block Personal Hotspot. |
| cellularBlockVoiceRoaming | Boolean | Indicates whether or not to block voice roaming. |
| certificatesBlockUntrustedTlsCertificates | Boolean | Indicates whether or not to block untrusted TLS certificates. |
| classroomAppBlockRemoteScreenObservation | Boolean | Indicates whether or not to allow remote screen observation by Classroom app when the device is in supervised mode (iOS 9.3 and later). |
| classroomAppForceUnpromptedScreenObservation | Boolean | Indicates whether or not to automatically give permission to the teacher of a managed course on the Classroom app to view a student's screen without prompting when the device is in supervised mode. |
| compliantAppsList | appListItem collection | List of apps in the compliance (either allow list or block list, controlled by CompliantAppListType). This collection can contain a maximum of 10000 elements. |
| compliantAppListType | appListType | List that is in the AppComplianceList. Possible values are: none, appsInListCompliant, appsNotInListCompliant. |
| configurationProfileBlockChanges | Boolean | Indicates whether or not to block the user from installing configuration profiles and certificates interactively when the device is in supervised mode. |
| definitionLookupBlocked | Boolean | Indicates whether or not to block definition lookup when the device is in supervised mode (iOS 8.1.3 and later ). |
| deviceBlockEnableRestrictions | Boolean | Indicates whether or not to allow the user to enables restrictions in the device settings when the device is in supervised mode. |
| deviceBlockEraseContentAndSettings | Boolean | Indicates whether or not to allow the use of the 'Erase all content and settings' option on the device when the device is in supervised mode. |
| deviceBlockNameModification | Boolean | Indicates whether or not to allow device name modification when the device is in supervised mode (iOS 9.0 and later). |
| diagnosticDataBlockSubmission | Boolean | Indicates whether or not to block diagnostic data submission. |
| diagnosticDataBlockSubmissionModification | Boolean | Indicates whether or not to allow diagnostics submission settings modification when the device is in supervised mode (iOS 9.3.2 and later). |
| documentsBlockManagedDocumentsInUnmanagedApps | Boolean | Indicates whether or not to block the user from viewing managed documents in unmanaged apps. |
| documentsBlockUnmanagedDocumentsInManagedApps | Boolean | Indicates whether or not to block the user from viewing unmanaged documents in managed apps. |
| emailInDomainSuffixes | String collection | An email address lacking a suffix that matches any of these strings will be considered out-of-domain. |
| enterpriseAppBlockTrust | Boolean | Indicates whether or not to block the user from trusting an enterprise app. |
| enterpriseAppBlockTrustModification | Boolean | [Deprecated] Configuring this setting and setting the value to 'true' has no effect on the device. |
| faceTimeBlocked | Boolean | Indicates whether or not to block the user from using FaceTime. Requires a supervised device for iOS 13 and later. |
| findMyFriendsBlocked | Boolean | Indicates whether or not to block changes to Find My Friends when the device is in supervised mode. |
| gamingBlockGameCenterFriends | Boolean | Indicates whether or not to block the user from having friends in Game Center. Requires a supervised device for iOS 13 and later. |
| gamingBlockMultiplayer | Boolean | Indicates whether or not to block the user from using multiplayer gaming. Requires a supervised device for iOS 13 and later. |
| gameCenterBlocked | Boolean | Indicates whether or not to block the user from using Game Center when the device is in supervised mode. |
| hostPairingBlocked | Boolean | indicates whether or not to allow host pairing to control the devices an iOS device can pair with when the iOS device is in supervised mode. |
| iBooksStoreBlocked | Boolean | Indicates whether or not to block the user from using the iBooks Store when the device is in supervised mode. |
| iBooksStoreBlockErotica | Boolean | Indicates whether or not to block the user from downloading media from the iBookstore that has been tagged as erotica. |
| iCloudBlockActivityContinuation | Boolean | Indicates whether or not to block the user from continuing work they started on iOS device to another iOS or macOS device. |
| iCloudBlockBackup | Boolean | Indicates whether or not to block iCloud backup. Requires a supervised device for iOS 13 and later. |
| iCloudBlockDocumentSync | Boolean | Indicates whether or not to block iCloud document sync. Requires a supervised device for iOS 13 and later. |
| iCloudBlockManagedAppsSync | Boolean | Indicates whether or not to block Managed Apps Cloud Sync. |
| iCloudBlockPhotoLibrary | Boolean | Indicates whether or not to block iCloud Photo Library. |
| iCloudBlockPhotoStreamSync | Boolean | Indicates whether or not to block iCloud Photo Stream Sync. |
| iCloudBlockSharedPhotoStream | Boolean | Indicates whether or not to block Shared Photo Stream. |
| iCloudRequireEncryptedBackup | Boolean | Indicates whether or not to require backups to iCloud be encrypted. |
| iTunesBlockExplicitContent | Boolean | Indicates whether or not to block the user from accessing explicit content in iTunes and the App Store. Requires a supervised device for iOS 13 and later. |
| iTunesBlockMusicService | Boolean | Indicates whether or not to block Music service and revert Music app to classic mode when the device is in supervised mode (iOS 9.3 and later and macOS 10.12 and later). |
| iTunesBlockRadio | Boolean | Indicates whether or not to block the user from using iTunes Radio when the device is in supervised mode (iOS 9.3 and later). |
| keyboardBlockAutoCorrect | Boolean | Indicates whether or not to block keyboard auto-correction when the device is in supervised mode (iOS 8.1.3 and later). |
| keyboardBlockDictation | Boolean | Indicates whether or not to block the user from using dictation input when the device is in supervised mode. |
| keyboardBlockPredictive | Boolean | Indicates whether or not to block predictive keyboards when device is in supervised mode (iOS 8.1.3 and later). |
| keyboardBlockShortcuts | Boolean | Indicates whether or not to block keyboard shortcuts when the device is in supervised mode (iOS 9.0 and later). |
| keyboardBlockSpellCheck | Boolean | Indicates whether or not to block keyboard spell-checking when the device is in supervised mode (iOS 8.1.3 and later). |
| kioskModeAllowAssistiveSpeak | Boolean | Indicates whether or not to allow assistive speak while in kiosk mode. |
| kioskModeAllowAssistiveTouchSettings | Boolean | Indicates whether or not to allow access to the Assistive Touch Settings while in kiosk mode. |
| kioskModeAllowAutoLock | Boolean | Indicates whether or not to allow device auto lock while in kiosk mode. This property's functionality is redundant with the OS default and is deprecated. Use KioskModeBlockAutoLock instead. |
| kioskModeAllowColorInversionSettings | Boolean | Indicates whether or not to allow access to the Color Inversion Settings while in kiosk mode. |
| kioskModeAllowRingerSwitch | Boolean | Indicates whether or not to allow use of the ringer switch while in kiosk mode. This property's functionality is redundant with the OS default and is deprecated. Use KioskModeBlockRingerSwitch instead. |
| kioskModeAllowScreenRotation | Boolean | Indicates whether or not to allow screen rotation while in kiosk mode. This property's functionality is redundant with the OS default and is deprecated. Use KioskModeBlockScreenRotation instead. |
| kioskModeAllowSleepButton | Boolean | Indicates whether or not to allow use of the sleep button while in kiosk mode. This property's functionality is redundant with the OS default and is deprecated. Use KioskModeBlockSleepButton instead. |
| kioskModeAllowTouchscreen | Boolean | Indicates whether or not to allow use of the touchscreen while in kiosk mode. This property's functionality is redundant with the OS default and is deprecated. Use KioskModeBlockTouchscreen instead. |
| kioskModeAllowVoiceOverSettings | Boolean | Indicates whether or not to allow access to the voice over settings while in kiosk mode. |
| kioskModeAllowVolumeButtons | Boolean | Indicates whether or not to allow use of the volume buttons while in kiosk mode. This property's functionality is redundant with the OS default and is deprecated. Use KioskModeBlockVolumeButtons instead. |
| kioskModeAllowZoomSettings | Boolean | Indicates whether or not to allow access to the zoom settings while in kiosk mode. |
| kioskModeAppStoreUrl | String | URL in the app store to the app to use for kiosk mode. Use if KioskModeManagedAppId is not known. |
| kioskModeBuiltInAppId | String | ID for built-in apps to use for kiosk mode. Used when KioskModeManagedAppId and KioskModeAppStoreUrl are not set. |
| kioskModeRequireAssistiveTouch | Boolean | Indicates whether or not to require assistive touch while in kiosk mode. |
| kioskModeRequireColorInversion | Boolean | Indicates whether or not to require color inversion while in kiosk mode. |
| kioskModeRequireMonoAudio | Boolean | Indicates whether or not to require mono audio while in kiosk mode. |
| kioskModeRequireVoiceOver | Boolean | Indicates whether or not to require voice over while in kiosk mode. |
| kioskModeRequireZoom | Boolean | Indicates whether or not to require zoom while in kiosk mode. |
| kioskModeManagedAppId | String | Managed app id of the app to use for kiosk mode. If KioskModeManagedAppId is specified then KioskModeAppStoreUrl will be ignored. |
| lockScreenBlockControlCenter | Boolean | Indicates whether or not to block the user from using control center on the lock screen. |
| lockScreenBlockNotificationView | Boolean | Indicates whether or not to block the user from using the notification view on the lock screen. |
| lockScreenBlockPassbook | Boolean | Indicates whether or not to block the user from using passbook when the device is locked. |
| lockScreenBlockTodayView | Boolean | Indicates whether or not to block the user from using the Today View on the lock screen. |
| mediaContentRatingAustralia | mediaContentRatingAustralia | Media content rating settings for Australia |
| mediaContentRatingCanada | mediaContentRatingCanada | Media content rating settings for Canada |
| mediaContentRatingFrance | mediaContentRatingFrance | Media content rating settings for France |
| mediaContentRatingGermany | mediaContentRatingGermany | Media content rating settings for Germany |
| mediaContentRatingIreland | mediaContentRatingIreland | Media content rating settings for Ireland |
| mediaContentRatingJapan | mediaContentRatingJapan | Media content rating settings for Japan |
| mediaContentRatingNewZealand | mediaContentRatingNewZealand | Media content rating settings for New Zealand |
| mediaContentRatingUnitedKingdom | mediaContentRatingUnitedKingdom | Media content rating settings for United Kingdom |
| mediaContentRatingUnitedStates | mediaContentRatingUnitedStates | Media content rating settings for United States |
| networkUsageRules | iosNetworkUsageRule collection | List of managed apps and the network rules that applies to them. This collection can contain a maximum of 1000 elements. |
| mediaContentRatingApps | ratingAppsType | Media content rating settings for Apps. Possible values are: allAllowed, allBlocked, agesAbove4, agesAbove9, agesAbove12, agesAbove17. |
| messagesBlocked | Boolean | Indicates whether or not to block the user from using the Messages app on the supervised device. |
| notificationsBlockSettingsModification | Boolean | Indicates whether or not to allow notifications settings modification (iOS 9.3 and later). |
| passcodeBlockFingerprintUnlock | Boolean | Indicates whether or not to block fingerprint unlock. |
| passcodeBlockFingerprintModification | Boolean | Block modification of registered Touch ID fingerprints when in supervised mode. |
| passcodeBlockModification | Boolean | Indicates whether or not to allow passcode modification on the supervised device (iOS 9.0 and later). |
| passcodeBlockSimple | Boolean | Indicates whether or not to block simple passcodes. |
| passcodeExpirationDays | Int32 | Number of days before the passcode expires. Valid values 1 to 65535 |
| passcodeMinimumLength | Int32 | Minimum length of passcode. Valid values 4 to 14 |
| passcodeMinutesOfInactivityBeforeLock | Int32 | Minutes of inactivity before a passcode is required. |
| passcodeMinutesOfInactivityBeforeScreenTimeout | Int32 | Minutes of inactivity before the screen times out. |
| passcodeMinimumCharacterSetCount | Int32 | Number of character sets a passcode must contain. Valid values 0 to 4 |
| passcodePreviousPasscodeBlockCount | Int32 | Number of previous passcodes to block. Valid values 1 to 24 |
| passcodeSignInFailureCountBeforeWipe | Int32 | Number of sign in failures allowed before wiping the device. Valid values 2 to 11 |
| passcodeRequiredType | requiredPasswordType | Type of passcode that is required. Possible values are: deviceDefault, alphanumeric, numeric. |
| passcodeRequired | Boolean | Indicates whether or not to require a passcode. |
| podcastsBlocked | Boolean | Indicates whether or not to block the user from using podcasts on the supervised device (iOS 8.0 and later). |
| safariBlockAutofill | Boolean | Indicates whether or not to block the user from using Auto fill in Safari. Requires a supervised device for iOS 13 and later. |
| safariBlockJavaScript | Boolean | Indicates whether or not to block JavaScript in Safari. |
| safariBlockPopups | Boolean | Indicates whether or not to block popups in Safari. |
| safariBlocked | Boolean | Indicates whether or not to block the user from using Safari. Requires a supervised device for iOS 13 and later. |
| safariCookieSettings | webBrowserCookieSettings | Cookie settings for Safari. Possible values are: browserDefault, blockAlways, allowCurrentWebSite, allowFromWebsitesVisited, allowAlways. |
| safariManagedDomains | String collection | URLs matching the patterns listed here will be considered managed. |
| safariPasswordAutoFillDomains | String collection | Users can save passwords in Safari only from URLs matching the patterns listed here. Applies to devices in supervised mode (iOS 9.3 and later). |
| safariRequireFraudWarning | Boolean | Indicates whether or not to require fraud warning in Safari. |
| screenCaptureBlocked | Boolean | Indicates whether or not to block the user from taking Screenshots. |
| siriBlocked | Boolean | Indicates whether or not to block the user from using Siri. |
| siriBlockedWhenLocked | Boolean | Indicates whether or not to block the user from using Siri when locked. |
| siriBlockUserGeneratedContent | Boolean | Indicates whether or not to block Siri from querying user-generated content when used on a supervised device. |
| siriRequireProfanityFilter | Boolean | Indicates whether or not to prevent Siri from dictating, or speaking profane language on supervised device. |
| spotlightBlockInternetResults | Boolean | Indicates whether or not to block Spotlight search from returning internet results on supervised device. |
| voiceDialingBlocked | Boolean | Indicates whether or not to block voice dialing. |
| wallpaperBlockModification | Boolean | Indicates whether or not to allow wallpaper modification on supervised device (iOS 9.0 and later) . |
| wiFiConnectOnlyToConfiguredNetworks | Boolean | Indicates whether or not to force the device to use only Wi-Fi networks from configuration profiles when the device is in supervised mode. Available for devices running iOS and iPadOS versions 14.4 and earlier. Devices running 14.5+ should use the setting, “WiFiConnectToAllowedNetworksOnlyForced. |
iosikEv2VpnConfiguration
| Property | Type | Description |
|---|---|---|
| id | String | Key of the entity. Inherited from deviceConfiguration |
| lastModifiedDateTime | DateTimeOffset | DateTime the object was last modified. Inherited from deviceConfiguration |
| roleScopeTagIds | String collection | List of Scope Tags for this Entity instance. Inherited from deviceConfiguration |
| supportsScopeTags | Boolean | Indicates whether or not the underlying Device Configuration supports the assignment of scope tags. Assigning to the ScopeTags property is not allowed when this value is false and entities will not be visible to scoped users. This occurs for Legacy policies created in Silverlight and can be resolved by deleting and recreating the policy in the Azure Portal. This property is read-only. Inherited from deviceConfiguration |
| deviceManagementApplicabilityRuleOsEdition | deviceManagementApplicabilityRuleOsEdition | The OS edition applicability for this Policy. Inherited from deviceConfiguration |
| deviceManagementApplicabilityRuleOsVersion | deviceManagementApplicabilityRuleOsVersion | The OS version applicability rule for this Policy. Inherited from deviceConfiguration |
| deviceManagementApplicabilityRuleDeviceMode | deviceManagementApplicabilityRuleDeviceMode | The device mode applicability rule for this Policy. Inherited from deviceConfiguration |
| createdDateTime | DateTimeOffset | DateTime the object was created. Inherited from deviceConfiguration |
| description | String | Admin provided description of the Device Configuration. Inherited from deviceConfiguration |
| displayName | String | Admin provided name of the device configuration. Inherited from deviceConfiguration |
| version | Int32 | Version of the device configuration. Inherited from deviceConfiguration |
| connectionName | String | Connection name displayed to the user. Inherited from appleVpnConfiguration |
| connectionType | appleVpnConnectionType | Connection type. Inherited from appleVpnConfiguration. Possible values are: ciscoAnyConnect, pulseSecure, f5EdgeClient, dellSonicWallMobileConnect, checkPointCapsuleVpn, customVpn, ciscoIPSec, citrix, ciscoAnyConnectV2, paloAltoGlobalProtect, zscalerPrivateAccess, f5Access2018, citrixSso, paloAltoGlobalProtectV2, ikEv2, alwaysOn, microsoftTunnel, netMotionMobility, microsoftProtect. |
| loginGroupOrDomain | String | Login group or domain when connection type is set to Dell SonicWALL Mobile Connection. Inherited from appleVpnConfiguration |
| role | String | Role when connection type is set to Pulse Secure. Inherited from appleVpnConfiguration |
| realm | String | Realm when connection type is set to Pulse Secure. Inherited from appleVpnConfiguration |
| server | vpnServer | VPN Server on the network. Make sure end users can access this network location. Inherited from appleVpnConfiguration |
| identifier | String | Identifier provided by VPN vendor when connection type is set to Custom VPN. For example: Cisco AnyConnect uses an identifier of the form com.cisco.anyconnect.applevpn.plugin Inherited from appleVpnConfiguration |
| customData | keyValue collection | Custom data when connection type is set to Custom VPN. Use this field to enable functionality not supported by Intune, but available in your VPN solution. Contact your VPN vendor to learn how to add these key/value pairs. This collection can contain a maximum of 25 elements. Inherited from appleVpnConfiguration |
| customKeyValueData | keyValuePair collection | Custom data when connection type is set to Custom VPN. Use this field to enable functionality not supported by Intune, but available in your VPN solution. Contact your VPN vendor to learn how to add these key/value pairs. This collection can contain a maximum of 25 elements. Inherited from appleVpnConfiguration |
| enableSplitTunneling | Boolean | Send all network traffic through VPN. Inherited from appleVpnConfiguration |
| authenticationMethod | vpnAuthenticationMethod | Authentication method for this VPN connection. Inherited from appleVpnConfiguration. Possible values are: certificate, usernameAndPassword, sharedSecret, derivedCredential, azureAD. |
| enablePerApp | Boolean | Setting this to true creates Per-App VPN payload which can later be associated with Apps that can trigger this VPN conneciton on the end user's iOS device. Inherited from appleVpnConfiguration |
| safariDomains | String collection | Safari domains when this VPN per App setting is enabled. In addition to the apps associated with this VPN, Safari domains specified here will also be able to trigger this VPN connection. Inherited from appleVpnConfiguration |
| onDemandRules | vpnOnDemandRule collection | On-Demand Rules. This collection can contain a maximum of 500 elements. Inherited from appleVpnConfiguration |
| providerType | vpnProviderType | Provider type for per-app VPN. Inherited from appleVpnConfiguration. Possible values are: notConfigured, appProxy, packetTunnel. |
| associatedDomains | String collection | Associated Domains Inherited from appleVpnConfiguration |
| excludedDomains | String collection | Domains that are accessed through the public internet instead of through VPN, even when per-app VPN is activated Inherited from appleVpnConfiguration |
| disableOnDemandUserOverride | Boolean | Toggle to prevent user from disabling automatic VPN in the Settings app Inherited from appleVpnConfiguration |
| disconnectOnIdle | Boolean | Whether to disconnect after on-demand connection idles Inherited from appleVpnConfiguration |
| disconnectOnIdleTimerInSeconds | Int32 | The length of time in seconds to wait before disconnecting an on-demand connection. Valid values 0 to 65535 Inherited from appleVpnConfiguration |
| proxyServer | vpnProxyServer | Proxy Server. Inherited from appleVpnConfiguration |
| optInToDeviceIdSharing | Boolean | Opt-In to sharing the device's Id to third-party vpn clients for use during network access control validation. Inherited from appleVpnConfiguration |
| userDomain | String | Zscaler only. Enter a static domain to pre-populate the login field with in the Zscaler app. If this is left empty, the user's Azure Active Directory domain will be used instead. Inherited from iosVpnConfiguration |
| strictEnforcement | Boolean | Zscaler only. Blocks network traffic until the user signs into Zscaler app. "True" means traffic is blocked. Inherited from iosVpnConfiguration |
| cloudName | String | Zscaler only. Zscaler cloud which the user is assigned to. Inherited from iosVpnConfiguration |
| excludeList | String collection | Zscaler only. List of network addresses which are not sent through the Zscaler cloud. Inherited from iosVpnConfiguration |
| targetedMobileApps | appListItem collection | Targeted mobile apps. This collection can contain a maximum of 500 elements. Inherited from iosVpnConfiguration |
| microsoftTunnelSiteId | String | Microsoft Tunnel site ID. Inherited from iosVpnConfiguration |
| childSecurityAssociationParameters | iosVpnSecurityAssociationParameters | Child Security Association Parameters |
| clientAuthenticationType | vpnClientAuthenticationType | Type of Client Authentication the VPN client will use. Possible values are: userAuthentication, deviceAuthentication. |
| deadPeerDetectionRate | vpnDeadPeerDetectionRate | Determine how often to check if a peer connection is still active. . Possible values are: medium, none, low, high. |
| disableMobilityAndMultihoming | Boolean | Disable MOBIKE |
| disableRedirect | Boolean | Disable Redirect |
| enableCertificateRevocationCheck | Boolean | Enables a best-effort revocation check; server response timeouts will not cause it to fail |
| enableEAP | Boolean | Enables EAP only authentication |
| enablePerfectForwardSecrecy | Boolean | Enable Perfect Forward Secrecy (PFS). |
| enableUseInternalSubnetAttributes | Boolean | Enable Use Internal Subnet Attributes. |
| localIdentifier | vpnLocalIdentifier | Method of identifying the client that is trying to connect via VPN. . Possible values are: deviceFQDN, empty, clientCertificateSubjectName. |
| remoteIdentifier | String | Address of the IKEv2 server. Must be a FQDN, UserFQDN, network address, or ASN1DN |
| securityAssociationParameters | iosVpnSecurityAssociationParameters | Security Association Parameters |
| serverCertificateCommonName | String | Common name of the IKEv2 Server Certificate used in Server Authentication |
| serverCertificateIssuerCommonName | String | Issuer Common name of the IKEv2 Server Certificate issuer used in Authentication |
| serverCertificateType | vpnServerCertificateType | The type of certificate the VPN server will present to the VPN client for authentication. Possible values are: rsa, ecdsa256, ecdsa384, ecdsa521. |
| sharedSecret | String | Used when Shared Secret Authentication is selected |
| tlsMaximumVersion | String | The maximum TLS version to be used with EAP-TLS authentication |
| tlsMinimumVersion | String | The minimum TLS version to be used with EAP-TLS authentication |
| allowDefaultSecurityAssociationParameters | Boolean | Allows the use of security association parameters by setting all parameters to the device's default unless explicitly specified. |
| allowDefaultChildSecurityAssociationParameters | Boolean | Allows the use of child security association parameters by setting all parameters to the device's default unless explicitly specified. |
| alwaysOnConfiguration | appleVpnAlwaysOnConfiguration | AlwaysOn Configuration |
| enableAlwaysOnConfiguration | Boolean | Determines if Always on VPN is enabled |
| mtuSizeInBytes | Int32 | Maximum transmission unit. Valid values 1280 to 1400 |
iosImportedPFXCertificateProfile
| Property | Type | Description |
|---|---|---|
| id | String | Key of the entity. Inherited from deviceConfiguration |
| lastModifiedDateTime | DateTimeOffset | DateTime the object was last modified. Inherited from deviceConfiguration |
| roleScopeTagIds | String collection | List of Scope Tags for this Entity instance. Inherited from deviceConfiguration |
| supportsScopeTags | Boolean | Indicates whether or not the underlying Device Configuration supports the assignment of scope tags. Assigning to the ScopeTags property is not allowed when this value is false and entities will not be visible to scoped users. This occurs for Legacy policies created in Silverlight and can be resolved by deleting and recreating the policy in the Azure Portal. This property is read-only. Inherited from deviceConfiguration |
| deviceManagementApplicabilityRuleOsEdition | deviceManagementApplicabilityRuleOsEdition | The OS edition applicability for this Policy. Inherited from deviceConfiguration |
| deviceManagementApplicabilityRuleOsVersion | deviceManagementApplicabilityRuleOsVersion | The OS version applicability rule for this Policy. Inherited from deviceConfiguration |
| deviceManagementApplicabilityRuleDeviceMode | deviceManagementApplicabilityRuleDeviceMode | The device mode applicability rule for this Policy. Inherited from deviceConfiguration |
| createdDateTime | DateTimeOffset | DateTime the object was created. Inherited from deviceConfiguration |
| description | String | Admin provided description of the Device Configuration. Inherited from deviceConfiguration |
| displayName | String | Admin provided name of the device configuration. Inherited from deviceConfiguration |
| version | Int32 | Version of the device configuration. Inherited from deviceConfiguration |
| intendedPurpose | intendedPurpose | Intended Purpose of the Certificate Profile - which could be Unassigned, SmimeEncryption, SmimeSigning etc. Possible values are: unassigned, smimeEncryption, smimeSigning, vpn, wifi. |
iosPkcsCertificateProfile
| Property | Type | Description |
|---|---|---|
| id | String | Key of the entity. Inherited from deviceConfiguration |
| lastModifiedDateTime | DateTimeOffset | DateTime the object was last modified. Inherited from deviceConfiguration |
| roleScopeTagIds | String collection | List of Scope Tags for this Entity instance. Inherited from deviceConfiguration |
| supportsScopeTags | Boolean | Indicates whether or not the underlying Device Configuration supports the assignment of scope tags. Assigning to the ScopeTags property is not allowed when this value is false and entities will not be visible to scoped users. This occurs for Legacy policies created in Silverlight and can be resolved by deleting and recreating the policy in the Azure Portal. This property is read-only. Inherited from deviceConfiguration |
| deviceManagementApplicabilityRuleOsEdition | deviceManagementApplicabilityRuleOsEdition | The OS edition applicability for this Policy. Inherited from deviceConfiguration |
| deviceManagementApplicabilityRuleOsVersion | deviceManagementApplicabilityRuleOsVersion | The OS version applicability rule for this Policy. Inherited from deviceConfiguration |
| deviceManagementApplicabilityRuleDeviceMode | deviceManagementApplicabilityRuleDeviceMode | The device mode applicability rule for this Policy. Inherited from deviceConfiguration |
| createdDateTime | DateTimeOffset | DateTime the object was created. Inherited from deviceConfiguration |
| description | String | Admin provided description of the Device Configuration. Inherited from deviceConfiguration |
| displayName | String | Admin provided name of the device configuration. Inherited from deviceConfiguration |
| version | Int32 | Version of the device configuration. Inherited from deviceConfiguration |
| renewalThresholdPercentage | Int32 | Certificate renewal threshold percentage. Valid values 1 to 99 Inherited from iosCertificateProfileBase |
| subjectNameFormat | appleSubjectNameFormat | Certificate Subject Name Format. Inherited from iosCertificateProfileBase. Possible values are: commonName, commonNameAsEmail, custom, commonNameIncludingEmail, commonNameAsIMEI, commonNameAsSerialNumber. |
| subjectAlternativeNameType | subjectAlternativeNameType | Certificate Subject Alternative Name type. Inherited from iosCertificateProfileBase. Possible values are: none, emailAddress, userPrincipalName, customAzureADAttribute, domainNameService, universalResourceIdentifier. |
| certificateValidityPeriodValue | Int32 | Value for the Certificate Validity Period. Inherited from iosCertificateProfileBase |
| certificateValidityPeriodScale | certificateValidityPeriodScale | Scale for the Certificate Validity Period. Inherited from iosCertificateProfileBase. Possible values are: days, months, years. |
| certificationAuthority | String | PKCS Certification Authority. |
| certificationAuthorityName | String | PKCS Certification Authority Name. |
| certificateTemplateName | String | PKCS Certificate Template Name. |
| subjectAlternativeNameFormatString | String | Custom String that defines the AAD Attribute. |
| subjectNameFormatString | String | Custom format to use with SubjectNameFormat = Custom. Example: CN={{EmailAddress}},E={{EmailAddress}},OU=Enterprise Users,O=Contoso Corporation,L=Redmond,ST=WA,C=US |
| certificateStore | certificateStore | Target store certificate. Possible values are: user, machine. |
| customSubjectAlternativeNames | customSubjectAlternativeName collection | Custom Subject Alternative Name Settings. This collection can contain a maximum of 500 elements. |
iosScepCertificateProfile
| Property | Type | Description |
|---|---|---|
| id | String | Key of the entity. Inherited from deviceConfiguration |
| lastModifiedDateTime | DateTimeOffset | DateTime the object was last modified. Inherited from deviceConfiguration |
| roleScopeTagIds | String collection | List of Scope Tags for this Entity instance. Inherited from deviceConfiguration |
| supportsScopeTags | Boolean | Indicates whether or not the underlying Device Configuration supports the assignment of scope tags. Assigning to the ScopeTags property is not allowed when this value is false and entities will not be visible to scoped users. This occurs for Legacy policies created in Silverlight and can be resolved by deleting and recreating the policy in the Azure Portal. This property is read-only. Inherited from deviceConfiguration |
| deviceManagementApplicabilityRuleOsEdition | deviceManagementApplicabilityRuleOsEdition | The OS edition applicability for this Policy. Inherited from deviceConfiguration |
| deviceManagementApplicabilityRuleOsVersion | deviceManagementApplicabilityRuleOsVersion | The OS version applicability rule for this Policy. Inherited from deviceConfiguration |
| deviceManagementApplicabilityRuleDeviceMode | deviceManagementApplicabilityRuleDeviceMode | The device mode applicability rule for this Policy. Inherited from deviceConfiguration |
| createdDateTime | DateTimeOffset | DateTime the object was created. Inherited from deviceConfiguration |
| description | String | Admin provided description of the Device Configuration. Inherited from deviceConfiguration |
| displayName | String | Admin provided name of the device configuration. Inherited from deviceConfiguration |
| version | Int32 | Version of the device configuration. Inherited from deviceConfiguration |
| renewalThresholdPercentage | Int32 | Certificate renewal threshold percentage. Valid values 1 to 99 Inherited from iosCertificateProfileBase |
| subjectNameFormat | appleSubjectNameFormat | Certificate Subject Name Format. Inherited from iosCertificateProfileBase. Possible values are: commonName, commonNameAsEmail, custom, commonNameIncludingEmail, commonNameAsIMEI, commonNameAsSerialNumber. |
| subjectAlternativeNameType | subjectAlternativeNameType | Certificate Subject Alternative Name type. Inherited from iosCertificateProfileBase. Possible values are: none, emailAddress, userPrincipalName, customAzureADAttribute, domainNameService, universalResourceIdentifier. |
| certificateValidityPeriodValue | Int32 | Value for the Certificate Validity Period. Inherited from iosCertificateProfileBase |
| certificateValidityPeriodScale | certificateValidityPeriodScale | Scale for the Certificate Validity Period. Inherited from iosCertificateProfileBase. Possible values are: days, months, years. |
| scepServerUrls | String collection | SCEP Server Url(s). |
| subjectNameFormatString | String | Custom format to use with SubjectNameFormat = Custom. Example: CN={{EmailAddress}},E={{EmailAddress}},OU=Enterprise Users,O=Contoso Corporation,L=Redmond,ST=WA,C=US |
| keyUsage | keyUsages | SCEP Key Usage. Possible values are: keyEncipherment, digitalSignature. |
| keySize | keySize | SCEP Key Size. Possible values are: size1024, size2048, size4096. |
| extendedKeyUsages | extendedKeyUsage collection | Extended Key Usage (EKU) settings. This collection can contain a maximum of 500 elements. |
| subjectAlternativeNameFormatString | String | Custom String that defines the AAD Attribute. |
| certificateStore | certificateStore | Target store certificate. Possible values are: user, machine. |
| customSubjectAlternativeNames | customSubjectAlternativeName collection | Custom Subject Alternative Name Settings. The OnPremisesUserPrincipalName variable is support as well as others documented here: https://go.microsoft.com/fwlink/?LinkId=2027630. This collection can contain a maximum of 500 elements. |
iosTrustedRootCertificate
| Property | Type | Description |
|---|---|---|
| id | String | Key of the entity. Inherited from deviceConfiguration |
| lastModifiedDateTime | DateTimeOffset | DateTime the object was last modified. Inherited from deviceConfiguration |
| roleScopeTagIds | String collection | List of Scope Tags for this Entity instance. Inherited from deviceConfiguration |
| supportsScopeTags | Boolean | Indicates whether or not the underlying Device Configuration supports the assignment of scope tags. Assigning to the ScopeTags property is not allowed when this value is false and entities will not be visible to scoped users. This occurs for Legacy policies created in Silverlight and can be resolved by deleting and recreating the policy in the Azure Portal. This property is read-only. Inherited from deviceConfiguration |
| deviceManagementApplicabilityRuleOsEdition | deviceManagementApplicabilityRuleOsEdition | The OS edition applicability for this Policy. Inherited from deviceConfiguration |
| deviceManagementApplicabilityRuleOsVersion | deviceManagementApplicabilityRuleOsVersion | The OS version applicability rule for this Policy. Inherited from deviceConfiguration |
| deviceManagementApplicabilityRuleDeviceMode | deviceManagementApplicabilityRuleDeviceMode | The device mode applicability rule for this Policy. Inherited from deviceConfiguration |
| createdDateTime | DateTimeOffset | DateTime the object was created. Inherited from deviceConfiguration |
| description | String | Admin provided description of the Device Configuration. Inherited from deviceConfiguration |
| displayName | String | Admin provided name of the device configuration. Inherited from deviceConfiguration |
| version | Int32 | Version of the device configuration. Inherited from deviceConfiguration |
| trustedRootCertificate | Binary | Trusted Root Certificate. |
| certFileName | String | File name to display in UI. |
iosUpdateConfiguration
| Property | Type | Description |
|---|---|---|
| id | String | Key of the entity. Inherited from deviceConfiguration |
| lastModifiedDateTime | DateTimeOffset | DateTime the object was last modified. Inherited from deviceConfiguration |
| createdDateTime | DateTimeOffset | DateTime the object was created. Inherited from deviceConfiguration |
| description | String | Admin provided description of the Device Configuration. Inherited from deviceConfiguration |
| displayName | String | Admin provided name of the device configuration. Inherited from deviceConfiguration |
| version | Int32 | Version of the device configuration. Inherited from deviceConfiguration |
| activeHoursStart | TimeOfDay | Active Hours Start (active hours mean the time window when updates install should not happen) |
| activeHoursEnd | TimeOfDay | Active Hours End (active hours mean the time window when updates install should not happen) |
| scheduledInstallDays | dayOfWeek collection | Days in week for which active hours are configured. This collection can contain a maximum of 7 elements. |
| utcTimeOffsetInMinutes | Int32 | UTC Time Offset indicated in minutes |
iosUpdateDeviceStatus
| Property | Type | Description |
|---|---|---|
| id | String | Key of the entity. |
| installStatus | iosUpdatesInstallStatus | The installation status of the policy report. Possible values are: success, available, idle, unknown, downloading, downloadFailed, downloadRequiresComputer, downloadInsufficientSpace, downloadInsufficientPower, downloadInsufficientNetwork, installing, installInsufficientSpace, installInsufficientPower, installPhoneCallInProgress, installFailed, notSupportedOperation, sharedDeviceUserLoggedInError, deviceOsHigherThanDesiredOsVersion. |
| osVersion | String | The device version that is being reported. |
| deviceId | String | The device id that is being reported. |
| userId | String | The User id that is being reported. |
| deviceDisplayName | String | Device name of the DevicePolicyStatus. |
| userName | String | The User Name that is being reported |
| deviceModel | String | The device model that is being reported |
| complianceGracePeriodExpirationDateTime | DateTimeOffset | The DateTime when device compliance grace period expires |
| status | complianceStatus | Compliance status of the policy report. Possible values are: unknown, notApplicable, compliant, remediated, nonCompliant, error, conflict, notAssigned. |
| lastReportedDateTime | DateTimeOffset | Last modified date time of the policy report. |
| userPrincipalName | String | UserPrincipalName. |
iosVpnConfiguration
| Property | Type | Description |
|---|---|---|
| id | String | Key of the entity. Inherited from deviceConfiguration |
| lastModifiedDateTime | DateTimeOffset | DateTime the object was last modified. Inherited from deviceConfiguration |
| roleScopeTagIds | String collection | List of Scope Tags for this Entity instance. Inherited from deviceConfiguration |
| supportsScopeTags | Boolean | Indicates whether or not the underlying Device Configuration supports the assignment of scope tags. Assigning to the ScopeTags property is not allowed when this value is false and entities will not be visible to scoped users. This occurs for Legacy policies created in Silverlight and can be resolved by deleting and recreating the policy in the Azure Portal. This property is read-only. Inherited from deviceConfiguration |
| deviceManagementApplicabilityRuleOsEdition | deviceManagementApplicabilityRuleOsEdition | The OS edition applicability for this Policy. Inherited from deviceConfiguration |
| deviceManagementApplicabilityRuleOsVersion | deviceManagementApplicabilityRuleOsVersion | The OS version applicability rule for this Policy. Inherited from deviceConfiguration |
| deviceManagementApplicabilityRuleDeviceMode | deviceManagementApplicabilityRuleDeviceMode | The device mode applicability rule for this Policy. Inherited from deviceConfiguration |
| createdDateTime | DateTimeOffset | DateTime the object was created. Inherited from deviceConfiguration |
| description | String | Admin provided description of the Device Configuration. Inherited from deviceConfiguration |
| displayName | String | Admin provided name of the device configuration. Inherited from deviceConfiguration |
| version | Int32 | Version of the device configuration. Inherited from deviceConfiguration |
| connectionName | String | Connection name displayed to the user. Inherited from appleVpnConfiguration |
| connectionType | appleVpnConnectionType | Connection type. Inherited from appleVpnConfiguration. Possible values are: ciscoAnyConnect, pulseSecure, f5EdgeClient, dellSonicWallMobileConnect, checkPointCapsuleVpn, customVpn, ciscoIPSec, citrix, ciscoAnyConnectV2, paloAltoGlobalProtect, zscalerPrivateAccess, f5Access2018, citrixSso, paloAltoGlobalProtectV2, ikEv2, alwaysOn, microsoftTunnel, netMotionMobility, microsoftProtect. |
| loginGroupOrDomain | String | Login group or domain when connection type is set to Dell SonicWALL Mobile Connection. Inherited from appleVpnConfiguration |
| role | String | Role when connection type is set to Pulse Secure. Inherited from appleVpnConfiguration |
| realm | String | Realm when connection type is set to Pulse Secure. Inherited from appleVpnConfiguration |
| server | vpnServer | VPN Server on the network. Make sure end users can access this network location. Inherited from appleVpnConfiguration |
| identifier | String | Identifier provided by VPN vendor when connection type is set to Custom VPN. For example: Cisco AnyConnect uses an identifier of the form com.cisco.anyconnect.applevpn.plugin Inherited from appleVpnConfiguration |
| customData | keyValue collection | Custom data when connection type is set to Custom VPN. Use this field to enable functionality not supported by Intune, but available in your VPN solution. Contact your VPN vendor to learn how to add these key/value pairs. This collection can contain a maximum of 25 elements. Inherited from appleVpnConfiguration |
| customKeyValueData | keyValuePair collection | Custom data when connection type is set to Custom VPN. Use this field to enable functionality not supported by Intune, but available in your VPN solution. Contact your VPN vendor to learn how to add these key/value pairs. This collection can contain a maximum of 25 elements. Inherited from appleVpnConfiguration |
| enableSplitTunneling | Boolean | Send all network traffic through VPN. Inherited from appleVpnConfiguration |
| authenticationMethod | vpnAuthenticationMethod | Authentication method for this VPN connection. Inherited from appleVpnConfiguration. Possible values are: certificate, usernameAndPassword, sharedSecret, derivedCredential, azureAD. |
| enablePerApp | Boolean | Setting this to true creates Per-App VPN payload which can later be associated with Apps that can trigger this VPN conneciton on the end user's iOS device. Inherited from appleVpnConfiguration |
| safariDomains | String collection | Safari domains when this VPN per App setting is enabled. In addition to the apps associated with this VPN, Safari domains specified here will also be able to trigger this VPN connection. Inherited from appleVpnConfiguration |
| onDemandRules | vpnOnDemandRule collection | On-Demand Rules. This collection can contain a maximum of 500 elements. Inherited from appleVpnConfiguration |
| providerType | vpnProviderType | Provider type for per-app VPN. Inherited from appleVpnConfiguration. Possible values are: notConfigured, appProxy, packetTunnel. |
| associatedDomains | String collection | Associated Domains Inherited from appleVpnConfiguration |
| excludedDomains | String collection | Domains that are accessed through the public internet instead of through VPN, even when per-app VPN is activated Inherited from appleVpnConfiguration |
| disableOnDemandUserOverride | Boolean | Toggle to prevent user from disabling automatic VPN in the Settings app Inherited from appleVpnConfiguration |
| disconnectOnIdle | Boolean | Whether to disconnect after on-demand connection idles Inherited from appleVpnConfiguration |
| disconnectOnIdleTimerInSeconds | Int32 | The length of time in seconds to wait before disconnecting an on-demand connection. Valid values 0 to 65535 Inherited from appleVpnConfiguration |
| proxyServer | vpnProxyServer | Proxy Server. Inherited from appleVpnConfiguration |
| optInToDeviceIdSharing | Boolean | Opt-In to sharing the device's Id to third-party vpn clients for use during network access control validation. Inherited from appleVpnConfiguration |
| userDomain | String | Zscaler only. Enter a static domain to pre-populate the login field with in the Zscaler app. If this is left empty, the user's Azure Active Directory domain will be used instead. |
| strictEnforcement | Boolean | Zscaler only. Blocks network traffic until the user signs into Zscaler app. "True" means traffic is blocked. |
| cloudName | String | Zscaler only. Zscaler cloud which the user is assigned to. |
| excludeList | String collection | Zscaler only. List of network addresses which are not sent through the Zscaler cloud. |
| targetedMobileApps | appListItem collection | Targeted mobile apps. This collection can contain a maximum of 500 elements. |
| microsoftTunnelSiteId | String | Microsoft Tunnel site ID. |
iosWiFiConfiguration
| Property | Type | Description |
|---|---|---|
| id | String | Key of the entity. Inherited from deviceConfiguration |
| lastModifiedDateTime | DateTimeOffset | DateTime the object was last modified. Inherited from deviceConfiguration |
| roleScopeTagIds | String collection | List of Scope Tags for this Entity instance. Inherited from deviceConfiguration |
| supportsScopeTags | Boolean | Indicates whether or not the underlying Device Configuration supports the assignment of scope tags. Assigning to the ScopeTags property is not allowed when this value is false and entities will not be visible to scoped users. This occurs for Legacy policies created in Silverlight and can be resolved by deleting and recreating the policy in the Azure Portal. This property is read-only. Inherited from deviceConfiguration |
| deviceManagementApplicabilityRuleOsEdition | deviceManagementApplicabilityRuleOsEdition | The OS edition applicability for this Policy. Inherited from deviceConfiguration |
| deviceManagementApplicabilityRuleOsVersion | deviceManagementApplicabilityRuleOsVersion | The OS version applicability rule for this Policy. Inherited from deviceConfiguration |
| deviceManagementApplicabilityRuleDeviceMode | deviceManagementApplicabilityRuleDeviceMode | The device mode applicability rule for this Policy. Inherited from deviceConfiguration |
| createdDateTime | DateTimeOffset | DateTime the object was created. Inherited from deviceConfiguration |
| description | String | Admin provided description of the Device Configuration. Inherited from deviceConfiguration |
| displayName | String | Admin provided name of the device configuration. Inherited from deviceConfiguration |
| version | Int32 | Version of the device configuration. Inherited from deviceConfiguration |
| networkName | String | Network Name |
| ssid | String | This is the name of the Wi-Fi network that is broadcast to all devices. |
| connectAutomatically | Boolean | Connect automatically when this network is in range. Setting this to true will skip the user prompt and automatically connect the device to Wi-Fi network. |
| connectWhenNetworkNameIsHidden | Boolean | Connect when the network is not broadcasting its name (SSID). When set to true, this profile forces the device to connect to a network that doesn't broadcast its SSID to all devices. |
| wiFiSecurityType | wiFiSecurityType | Indicates whether Wi-Fi endpoint uses an EAP based security type. Possible values are: open, wpaPersonal, wpaEnterprise, wep, wpa2Personal, wpa2Enterprise. |
| proxySettings | wiFiProxySetting | Proxy Type for this Wi-Fi connection. Possible values are: none, manual, automatic. |
| proxyManualAddress | String | IP Address or DNS hostname of the proxy server when manual configuration is selected. |
| proxyManualPort | Int32 | Port of the proxy server when manual configuration is selected. |
| proxyAutomaticConfigurationUrl | String | URL of the proxy server automatic configuration script when automatic configuration is selected. This URL is typically the location of PAC (Proxy Auto Configuration) file. |
| disableMacAddressRandomization | Boolean | If set to true, forces devices connecting using this Wi-Fi profile to present their actual Wi-Fi MAC address instead of a random MAC address. Applies to iOS 14 and later. |
| preSharedKey | String | This is the pre-shared key for WPA Personal Wi-Fi network. |
macOSCertificateProfileBase
| Property | Type | Description |
|---|---|---|
| id | String | Key of the entity. Inherited from deviceConfiguration |
| lastModifiedDateTime | DateTimeOffset | DateTime the object was last modified. Inherited from deviceConfiguration |
| roleScopeTagIds | String collection | List of Scope Tags for this Entity instance. Inherited from deviceConfiguration |
| supportsScopeTags | Boolean | Indicates whether or not the underlying Device Configuration supports the assignment of scope tags. Assigning to the ScopeTags property is not allowed when this value is false and entities will not be visible to scoped users. This occurs for Legacy policies created in Silverlight and can be resolved by deleting and recreating the policy in the Azure Portal. This property is read-only. Inherited from deviceConfiguration |
| deviceManagementApplicabilityRuleOsEdition | deviceManagementApplicabilityRuleOsEdition | The OS edition applicability for this Policy. Inherited from deviceConfiguration |
| deviceManagementApplicabilityRuleOsVersion | deviceManagementApplicabilityRuleOsVersion | The OS version applicability rule for this Policy. Inherited from deviceConfiguration |
| deviceManagementApplicabilityRuleDeviceMode | deviceManagementApplicabilityRuleDeviceMode | The device mode applicability rule for this Policy. Inherited from deviceConfiguration |
| createdDateTime | DateTimeOffset | DateTime the object was created. Inherited from deviceConfiguration |
| description | String | Admin provided description of the Device Configuration. Inherited from deviceConfiguration |
| displayName | String | Admin provided name of the device configuration. Inherited from deviceConfiguration |
| version | Int32 | Version of the device configuration. Inherited from deviceConfiguration |
| renewalThresholdPercentage | Int32 | Certificate renewal threshold percentage. |
| subjectNameFormat | appleSubjectNameFormat | Certificate Subject Name Format. Possible values are: commonName, commonNameAsEmail, custom, commonNameIncludingEmail, commonNameAsIMEI, commonNameAsSerialNumber. |
| subjectAlternativeNameType | subjectAlternativeNameType | Certificate Subject Alternative Name Type. Possible values are: none, emailAddress, userPrincipalName, customAzureADAttribute, domainNameService, universalResourceIdentifier. |
| certificateValidityPeriodValue | Int32 | Value for the Certificate Validity Period. |
| certificateValidityPeriodScale | certificateValidityPeriodScale | Scale for the Certificate Validity Period. Possible values are: days, months, years. |
macOSCompliancePolicy
| Property | Type | Description |
|---|---|---|
| id | String | Key of the entity. Inherited from deviceCompliancePolicy |
| createdDateTime | DateTimeOffset | DateTime the object was created. Inherited from deviceCompliancePolicy |
| description | String | Admin provided description of the Device Configuration. Inherited from deviceCompliancePolicy |
| lastModifiedDateTime | DateTimeOffset | DateTime the object was last modified. Inherited from deviceCompliancePolicy |
| displayName | String | Admin provided name of the device configuration. Inherited from deviceCompliancePolicy |
| version | Int32 | Version of the device configuration. Inherited from deviceCompliancePolicy |
| passwordRequired | Boolean | Whether or not to require a password. |
| passwordBlockSimple | Boolean | Indicates whether or not to block simple passwords. |
| passwordExpirationDays | Int32 | Number of days before the password expires. Valid values 1 to 65535 |
| passwordMinimumLength | Int32 | Minimum length of password. Valid values 4 to 14 |
| passwordMinutesOfInactivityBeforeLock | Int32 | Minutes of inactivity before a password is required. |
| passwordPreviousPasswordBlockCount | Int32 | Number of previous passwords to block. Valid values 1 to 24 |
| passwordMinimumCharacterSetCount | Int32 | The number of character sets required in the password. |
| passwordRequiredType | requiredPasswordType | The required password type. Possible values are: deviceDefault, alphanumeric, numeric. |
| osMinimumVersion | String | Minimum MacOS version. |
| osMaximumVersion | String | Maximum MacOS version. |
| systemIntegrityProtectionEnabled | Boolean | Require that devices have enabled system integrity protection. |
| deviceThreatProtectionEnabled | Boolean | Require that devices have enabled device threat protection. |
| deviceThreatProtectionRequiredSecurityLevel | deviceThreatProtectionLevel | Require Mobile Threat Protection minimum risk level to report noncompliance. Possible values are: unavailable, secured, low, medium, high, notSet. |
| storageRequireEncryption | Boolean | Require encryption on Mac OS devices. |
| firewallEnabled | Boolean | Whether the firewall should be enabled or not. |
| firewallBlockAllIncoming | Boolean | Corresponds to the “Block all incoming connections” option. |
| firewallEnableStealthMode | Boolean | Corresponds to “Enable stealth mode.” |
macOSCustomAppConfiguration
| Property | Type | Description | |
|---|---|---|---|
| id | String | Key of the entity. Inherited from deviceConfiguration | |
| lastModifiedDateTime | DateTimeOffset | DateTime the object was last modified. Inherited from deviceConfiguration | |
| roleScopeTagIds | String collection | List of Scope Tags for this Entity instance. Inherited from deviceConfiguration | |
| supportsScopeTags | Boolean | Indicates whether or not the underlying Device Configuration supports the assignment of scope tags. Assigning to the ScopeTags property is not allowed when this value is false and entities will not be visible to scoped users. This occurs for Legacy policies created in Silverlight and can be resolved by deleting and recreating the policy in the Azure Portal. This property is read-only. Inherited from deviceConfiguration | |
| deviceManagementApplicabilityRuleOsEdition | deviceManagementApplicabilityRuleOsEdition | The OS edition applicability for this Policy. Inherited from deviceConfiguration | |
| deviceManagementApplicabilityRuleOsVersion | deviceManagementApplicabilityRuleOsVersion | The OS version applicability rule for this Policy. Inherited from deviceConfiguration | |
| deviceManagementApplicabilityRuleDeviceMode | deviceManagementApplicabilityRuleDeviceMode | The device mode applicability rule for this Policy. Inherited from deviceConfiguration | |
| createdDateTime | DateTimeOffset | DateTime the object was created. Inherited from deviceConfiguration | |
| description | String | Admin provided description of the Device Configuration. Inherited from deviceConfiguration | |
| displayName | String | Admin provided name of the device configuration. Inherited from deviceConfiguration | |
| version | Int32 | Version of the device configuration. Inherited from deviceConfiguration | |
| bundleId | String | Bundle id for targeting. | |
| fileName | String | Configuration file name (*.plist | *.xml). |
| configurationXml | Binary | Configuration xml. (UTF8 encoded byte array) |
macOSCustomConfiguration
| Property | Type | Description | |
|---|---|---|---|
| id | String | Key of the entity. Inherited from deviceConfiguration | |
| lastModifiedDateTime | DateTimeOffset | DateTime the object was last modified. Inherited from deviceConfiguration | |
| createdDateTime | DateTimeOffset | DateTime the object was created. Inherited from deviceConfiguration | |
| description | String | Admin provided description of the Device Configuration. Inherited from deviceConfiguration | |
| displayName | String | Admin provided name of the device configuration. Inherited from deviceConfiguration | |
| version | Int32 | Version of the device configuration. Inherited from deviceConfiguration | |
| payloadName | String | Name that is displayed to the user. | |
| payloadFileName | String | Payload file name (*.mobileconfig | *.xml). |
| payload | Binary | Payload. (UTF8 encoded byte array) |
macOSDeviceFeaturesConfiguration
| Property | Type | Description |
|---|---|---|
| id | String | Key of the entity. Inherited from deviceConfiguration |
| lastModifiedDateTime | DateTimeOffset | DateTime the object was last modified. Inherited from deviceConfiguration |
| createdDateTime | DateTimeOffset | DateTime the object was created. Inherited from deviceConfiguration |
| description | String | Admin provided description of the Device Configuration. Inherited from deviceConfiguration |
| displayName | String | Admin provided name of the device configuration. Inherited from deviceConfiguration |
| version | Int32 | Version of the device configuration. Inherited from deviceConfiguration |
macOSEndpointProtectionConfiguration
| Property | Type | Description |
|---|---|---|
| id | String | Key of the entity. Inherited from deviceConfiguration |
| lastModifiedDateTime | DateTimeOffset | DateTime the object was last modified. Inherited from deviceConfiguration |
| roleScopeTagIds | String collection | List of Scope Tags for this Entity instance. Inherited from deviceConfiguration |
| supportsScopeTags | Boolean | Indicates whether or not the underlying Device Configuration supports the assignment of scope tags. Assigning to the ScopeTags property is not allowed when this value is false and entities will not be visible to scoped users. This occurs for Legacy policies created in Silverlight and can be resolved by deleting and recreating the policy in the Azure Portal. This property is read-only. Inherited from deviceConfiguration |
| deviceManagementApplicabilityRuleOsEdition | deviceManagementApplicabilityRuleOsEdition | The OS edition applicability for this Policy. Inherited from deviceConfiguration |
| deviceManagementApplicabilityRuleOsVersion | deviceManagementApplicabilityRuleOsVersion | The OS version applicability rule for this Policy. Inherited from deviceConfiguration |
| deviceManagementApplicabilityRuleDeviceMode | deviceManagementApplicabilityRuleDeviceMode | The device mode applicability rule for this Policy. Inherited from deviceConfiguration |
| createdDateTime | DateTimeOffset | DateTime the object was created. Inherited from deviceConfiguration |
| description | String | Admin provided description of the Device Configuration. Inherited from deviceConfiguration |
| displayName | String | Admin provided name of the device configuration. Inherited from deviceConfiguration |
| version | Int32 | Version of the device configuration. Inherited from deviceConfiguration |
| gatekeeperAllowedAppSource | macOSGatekeeperAppSources | System and Privacy setting that determines which download locations apps can be run from on a macOS device. Possible values are: notConfigured, macAppStore, macAppStoreAndIdentifiedDevelopers, anywhere. |
| gatekeeperBlockOverride | Boolean | If set to true, the user override for Gatekeeper will be disabled. |
| firewallEnabled | Boolean | Whether the firewall should be enabled or not. |
| firewallBlockAllIncoming | Boolean | Corresponds to the “Block all incoming connections” option. |
| firewallEnableStealthMode | Boolean | Corresponds to “Enable stealth mode.” |
| firewallApplications | macOSFirewallApplication collection | List of applications with firewall settings. Firewall settings for applications not on this list are determined by the user. This collection can contain a maximum of 500 elements. |
| fileVaultEnabled | Boolean | Whether FileVault should be enabled or not. |
| fileVaultSelectedRecoveryKeyTypes | macOSFileVaultRecoveryKeyTypes | Required if FileVault is enabled, determines the type(s) of recovery key to use. . Possible values are: notConfigured, institutionalRecoveryKey, personalRecoveryKey. |
| fileVaultInstitutionalRecoveryKeyCertificate | Binary | Required if selected recovery key type(s) include InstitutionalRecoveryKey. The DER Encoded certificate file used to set an institutional recovery key. |
| fileVaultInstitutionalRecoveryKeyCertificateFileName | String | File name of the institutional recovery key certificate to display in UI. (*.der). |
| fileVaultPersonalRecoveryKeyHelpMessage | String | Required if selected recovery key type(s) include PersonalRecoveryKey. A short message displayed to the user that explains how they can retrieve their personal recovery key. |
| fileVaultAllowDeferralUntilSignOut | Boolean | Optional. If set to true, the user can defer the enabling of FileVault until they sign out. |
| fileVaultNumberOfTimesUserCanIgnore | Int32 | Optional. When using the Defer option, this is the maximum number of times the user can ignore prompts to enable FileVault before FileVault will be required for the user to sign in. If set to -1, it will always prompt to enable FileVault until FileVault is enabled, though it will allow the user to bypass enabling FileVault. Setting this to 0 will disable the feature. |
| fileVaultDisablePromptAtSignOut | Boolean | Optional. When using the Defer option, if set to true, the user is not prompted to enable FileVault at sign-out. |
| fileVaultPersonalRecoveryKeyRotationInMonths | Int32 | Optional. If selected recovery key type(s) include PersonalRecoveryKey, the frequency to rotate that key, in months. |
| fileVaultHidePersonalRecoveryKey | Boolean | Optional. A hidden personal recovery key does not appear on the user's screen during FileVault encryption, reducing the risk of it ending up in the wrong hands. |
| advancedThreatProtectionRealTime | enablement | Determines whether or not to enable real-time protection for Microsoft Defender Advanced Threat Protection on macOS. Possible values are: notConfigured, enabled, disabled. |
| advancedThreatProtectionCloudDelivered | enablement | Determines whether or not to enable cloud-delivered protection for Microsoft Defender Advanced Threat Protection on macOS. Possible values are: notConfigured, enabled, disabled. |
| advancedThreatProtectionAutomaticSampleSubmission | enablement | Determines whether or not to enable automatic file sample submission for Microsoft Defender Advanced Threat Protection on macOS. Possible values are: notConfigured, enabled, disabled. |
| advancedThreatProtectionDiagnosticDataCollection | enablement | Determines whether or not to enable diagnostic and usage data collection for Microsoft Defender Advanced Threat Protection on macOS. Possible values are: notConfigured, enabled, disabled. |
| advancedThreatProtectionExcludedFolders | String collection | A list of paths to folders to exclude from antivirus scanning for Microsoft Defender Advanced Threat Protection on macOS. |
| advancedThreatProtectionExcludedFiles | String collection | A list of paths to files to exclude from antivirus scanning for Microsoft Defender Advanced Threat Protection on macOS. |
| advancedThreatProtectionExcludedExtensions | String collection | A list of file extensions to exclude from antivirus scanning for Microsoft Defender Advanced Threat Protection on macOS. |
| advancedThreatProtectionExcludedProcesses | String collection | A list of process names to exclude from antivirus scanning for Microsoft Defender Advanced Threat Protection on macOS. |
macOSEnterpriseWiFiConfiguration
| Property | Type | Description |
|---|---|---|
| id | String | Key of the entity. Inherited from deviceConfiguration |
| lastModifiedDateTime | DateTimeOffset | DateTime the object was last modified. Inherited from deviceConfiguration |
| roleScopeTagIds | String collection | List of Scope Tags for this Entity instance. Inherited from deviceConfiguration |
| supportsScopeTags | Boolean | Indicates whether or not the underlying Device Configuration supports the assignment of scope tags. Assigning to the ScopeTags property is not allowed when this value is false and entities will not be visible to scoped users. This occurs for Legacy policies created in Silverlight and can be resolved by deleting and recreating the policy in the Azure Portal. This property is read-only. Inherited from deviceConfiguration |
| deviceManagementApplicabilityRuleOsEdition | deviceManagementApplicabilityRuleOsEdition | The OS edition applicability for this Policy. Inherited from deviceConfiguration |
| deviceManagementApplicabilityRuleOsVersion | deviceManagementApplicabilityRuleOsVersion | The OS version applicability rule for this Policy. Inherited from deviceConfiguration |
| deviceManagementApplicabilityRuleDeviceMode | deviceManagementApplicabilityRuleDeviceMode | The device mode applicability rule for this Policy. Inherited from deviceConfiguration |
| createdDateTime | DateTimeOffset | DateTime the object was created. Inherited from deviceConfiguration |
| description | String | Admin provided description of the Device Configuration. Inherited from deviceConfiguration |
| displayName | String | Admin provided name of the device configuration. Inherited from deviceConfiguration |
| version | Int32 | Version of the device configuration. Inherited from deviceConfiguration |
| networkName | String | Network Name Inherited from macOSWiFiConfiguration |
| ssid | String | This is the name of the Wi-Fi network that is broadcast to all devices. Inherited from macOSWiFiConfiguration |
| connectAutomatically | Boolean | Connect automatically when this network is in range. Setting this to true will skip the user prompt and automatically connect the device to Wi-Fi network. Inherited from macOSWiFiConfiguration |
| connectWhenNetworkNameIsHidden | Boolean | Connect when the network is not broadcasting its name (SSID). When set to true, this profile forces the device to connect to a network that doesn't broadcast its SSID to all devices. Inherited from macOSWiFiConfiguration |
| wiFiSecurityType | wiFiSecurityType | Indicates whether Wi-Fi endpoint uses an EAP based security type. Inherited from macOSWiFiConfiguration. Possible values are: open, wpaPersonal, wpaEnterprise, wep, wpa2Personal, wpa2Enterprise. |
| proxySettings | wiFiProxySetting | Proxy Type for this Wi-Fi connection Inherited from macOSWiFiConfiguration. Possible values are: none, manual, automatic. |
| proxyManualAddress | String | IP Address or DNS hostname of the proxy server when manual configuration is selected. Inherited from macOSWiFiConfiguration |
| proxyManualPort | Int32 | Port of the proxy server when manual configuration is selected. Inherited from macOSWiFiConfiguration |
| proxyAutomaticConfigurationUrl | String | URL of the proxy server automatic configuration script when automatic configuration is selected. This URL is typically the location of PAC (Proxy Auto Configuration) file. Inherited from macOSWiFiConfiguration |
| preSharedKey | String | This is the pre-shared key for WPA Personal Wi-Fi network. Inherited from macOSWiFiConfiguration |
| eapType | eapType | Extensible Authentication Protocol (EAP). Indicates the type of EAP protocol set on the Wi-Fi endpoint (router). Possible values are: eapTls, leap, eapSim, eapTtls, peap, eapFast, teap. |
| eapFastConfiguration | eapFastConfiguration | EAP-FAST Configuration Option when EAP-FAST is the selected EAP Type. Possible values are: noProtectedAccessCredential, useProtectedAccessCredential, useProtectedAccessCredentialAndProvision, useProtectedAccessCredentialAndProvisionAnonymously. |
| trustedServerCertificateNames | String collection | Trusted server certificate names when EAP Type is configured to EAP-TLS/TTLS/FAST or PEAP. This is the common name used in the certificates issued by your trusted certificate authority (CA). If you provide this information, you can bypass the dynamic trust dialog that is displayed on end users devices when they connect to this Wi-Fi network. |
| authenticationMethod | wiFiAuthenticationMethod | Authentication Method when EAP Type is configured to PEAP or EAP-TTLS. Possible values are: certificate, usernameAndPassword, derivedCredential. |
| innerAuthenticationProtocolForEapTtls | nonEapAuthenticationMethodForEapTtlsType | Non-EAP Method for Authentication (Inner Identity) when EAP Type is EAP-TTLS and Authenticationmethod is Username and Password. Possible values are: unencryptedPassword, challengeHandshakeAuthenticationProtocol, microsoftChap, microsoftChapVersionTwo. |
| outerIdentityPrivacyTemporaryValue | String | Enable identity privacy (Outer Identity) when EAP Type is configured to EAP-TTLS, EAP-FAST or PEAP. This property masks usernames with the text you enter. For example, if you use 'anonymous', each user that authenticates with this Wi-Fi connection using their real username is displayed as 'anonymous'. |
macOSExtensionsConfiguration
| Property | Type | Description |
|---|---|---|
| id | String | Key of the entity. Inherited from deviceConfiguration |
| lastModifiedDateTime | DateTimeOffset | DateTime the object was last modified. Inherited from deviceConfiguration |
| roleScopeTagIds | String collection | List of Scope Tags for this Entity instance. Inherited from deviceConfiguration |
| supportsScopeTags | Boolean | Indicates whether or not the underlying Device Configuration supports the assignment of scope tags. Assigning to the ScopeTags property is not allowed when this value is false and entities will not be visible to scoped users. This occurs for Legacy policies created in Silverlight and can be resolved by deleting and recreating the policy in the Azure Portal. This property is read-only. Inherited from deviceConfiguration |
| deviceManagementApplicabilityRuleOsEdition | deviceManagementApplicabilityRuleOsEdition | The OS edition applicability for this Policy. Inherited from deviceConfiguration |
| deviceManagementApplicabilityRuleOsVersion | deviceManagementApplicabilityRuleOsVersion | The OS version applicability rule for this Policy. Inherited from deviceConfiguration |
| deviceManagementApplicabilityRuleDeviceMode | deviceManagementApplicabilityRuleDeviceMode | The device mode applicability rule for this Policy. Inherited from deviceConfiguration |
| createdDateTime | DateTimeOffset | DateTime the object was created. Inherited from deviceConfiguration |
| description | String | Admin provided description of the Device Configuration. Inherited from deviceConfiguration |
| displayName | String | Admin provided name of the device configuration. Inherited from deviceConfiguration |
| version | Int32 | Version of the device configuration. Inherited from deviceConfiguration |
| kernelExtensionOverridesAllowed | Boolean | If set to true, users can approve additional kernel extensions not explicitly allowed by configurations profiles. |
| kernelExtensionAllowedTeamIdentifiers | String collection | All kernel extensions validly signed by the team identifiers in this list will be allowed to load. |
| kernelExtensionsAllowed | macOSKernelExtension collection | A list of kernel extensions that will be allowed to load. . This collection can contain a maximum of 500 elements. |
| systemExtensionsBlockOverride | Boolean | Gets or sets whether to allow the user to approve additional system extensions not explicitly allowed by configuration profiles. |
| systemExtensionsAllowedTeamIdentifiers | String collection | Gets or sets a list of allowed team identifiers. Any system extension signed with any of the specified team identifiers will be approved. |
| systemExtensionsAllowed | macOSSystemExtension collection | Gets or sets a list of allowed macOS system extensions. This collection can contain a maximum of 500 elements. |
| systemExtensionsAllowedTypes | macOSSystemExtensionTypeMapping collection | Gets or sets a list of allowed macOS system extension types. This collection can contain a maximum of 500 elements. |
macOSGeneralDeviceConfiguration
| Property | Type | Description |
|---|---|---|
| id | String | Key of the entity. Inherited from deviceConfiguration |
| lastModifiedDateTime | DateTimeOffset | DateTime the object was last modified. Inherited from deviceConfiguration |
| createdDateTime | DateTimeOffset | DateTime the object was created. Inherited from deviceConfiguration |
| description | String | Admin provided description of the Device Configuration. Inherited from deviceConfiguration |
| displayName | String | Admin provided name of the device configuration. Inherited from deviceConfiguration |
| version | Int32 | Version of the device configuration. Inherited from deviceConfiguration |
| compliantAppsList | appListItem collection | List of apps in the compliance (either allow list or block list, controlled by CompliantAppListType). This collection can contain a maximum of 10000 elements. |
| compliantAppListType | appListType | List that is in the CompliantAppsList. Possible values are: none, appsInListCompliant, appsNotInListCompliant. |
| emailInDomainSuffixes | String collection | An email address lacking a suffix that matches any of these strings will be considered out-of-domain. |
| passwordBlockSimple | Boolean | Block simple passwords. |
| passwordExpirationDays | Int32 | Number of days before the password expires. |
| passwordMinimumCharacterSetCount | Int32 | Number of character sets a password must contain. Valid values 0 to 4 |
| passwordMinimumLength | Int32 | Minimum length of passwords. |
| passwordMinutesOfInactivityBeforeLock | Int32 | Minutes of inactivity required before a password is required. |
| passwordMinutesOfInactivityBeforeScreenTimeout | Int32 | Minutes of inactivity required before the screen times out. |
| passwordPreviousPasswordBlockCount | Int32 | Number of previous passwords to block. |
| passwordRequiredType | requiredPasswordType | Type of password that is required. Possible values are: deviceDefault, alphanumeric, numeric. |
| passwordRequired | Boolean | Whether or not to require a password. |
macOSImportedPFXCertificateProfile
| Property | Type | Description |
|---|---|---|
| id | String | Key of the entity. Inherited from deviceConfiguration |
| lastModifiedDateTime | DateTimeOffset | DateTime the object was last modified. Inherited from deviceConfiguration |
| roleScopeTagIds | String collection | List of Scope Tags for this Entity instance. Inherited from deviceConfiguration |
| supportsScopeTags | Boolean | Indicates whether or not the underlying Device Configuration supports the assignment of scope tags. Assigning to the ScopeTags property is not allowed when this value is false and entities will not be visible to scoped users. This occurs for Legacy policies created in Silverlight and can be resolved by deleting and recreating the policy in the Azure Portal. This property is read-only. Inherited from deviceConfiguration |
| deviceManagementApplicabilityRuleOsEdition | deviceManagementApplicabilityRuleOsEdition | The OS edition applicability for this Policy. Inherited from deviceConfiguration |
| deviceManagementApplicabilityRuleOsVersion | deviceManagementApplicabilityRuleOsVersion | The OS version applicability rule for this Policy. Inherited from deviceConfiguration |
| deviceManagementApplicabilityRuleDeviceMode | deviceManagementApplicabilityRuleDeviceMode | The device mode applicability rule for this Policy. Inherited from deviceConfiguration |
| createdDateTime | DateTimeOffset | DateTime the object was created. Inherited from deviceConfiguration |
| description | String | Admin provided description of the Device Configuration. Inherited from deviceConfiguration |
| displayName | String | Admin provided name of the device configuration. Inherited from deviceConfiguration |
| version | Int32 | Version of the device configuration. Inherited from deviceConfiguration |
| renewalThresholdPercentage | Int32 | Certificate renewal threshold percentage. Inherited from macOSCertificateProfileBase |
| subjectNameFormat | appleSubjectNameFormat | Certificate Subject Name Format. Inherited from macOSCertificateProfileBase. Possible values are: commonName, commonNameAsEmail, custom, commonNameIncludingEmail, commonNameAsIMEI, commonNameAsSerialNumber. |
| subjectAlternativeNameType | subjectAlternativeNameType | Certificate Subject Alternative Name Type. Inherited from macOSCertificateProfileBase. Possible values are: none, emailAddress, userPrincipalName, customAzureADAttribute, domainNameService, universalResourceIdentifier. |
| certificateValidityPeriodValue | Int32 | Value for the Certificate Validity Period. Inherited from macOSCertificateProfileBase |
| certificateValidityPeriodScale | certificateValidityPeriodScale | Scale for the Certificate Validity Period. Inherited from macOSCertificateProfileBase. Possible values are: days, months, years. |
| intendedPurpose | intendedPurpose | Intended Purpose of the Certificate Profile - which could be Unassigned, SmimeEncryption, SmimeSigning etc. Possible values are: unassigned, smimeEncryption, smimeSigning, vpn, wifi. |
macOSPkcsCertificateProfile
| Property | Type | Description |
|---|---|---|
| id | String | Key of the entity. Inherited from deviceConfiguration |
| lastModifiedDateTime | DateTimeOffset | DateTime the object was last modified. Inherited from deviceConfiguration |
| roleScopeTagIds | String collection | List of Scope Tags for this Entity instance. Inherited from deviceConfiguration |
| supportsScopeTags | Boolean | Indicates whether or not the underlying Device Configuration supports the assignment of scope tags. Assigning to the ScopeTags property is not allowed when this value is false and entities will not be visible to scoped users. This occurs for Legacy policies created in Silverlight and can be resolved by deleting and recreating the policy in the Azure Portal. This property is read-only. Inherited from deviceConfiguration |
| deviceManagementApplicabilityRuleOsEdition | deviceManagementApplicabilityRuleOsEdition | The OS edition applicability for this Policy. Inherited from deviceConfiguration |
| deviceManagementApplicabilityRuleOsVersion | deviceManagementApplicabilityRuleOsVersion | The OS version applicability rule for this Policy. Inherited from deviceConfiguration |
| deviceManagementApplicabilityRuleDeviceMode | deviceManagementApplicabilityRuleDeviceMode | The device mode applicability rule for this Policy. Inherited from deviceConfiguration |
| createdDateTime | DateTimeOffset | DateTime the object was created. Inherited from deviceConfiguration |
| description | String | Admin provided description of the Device Configuration. Inherited from deviceConfiguration |
| displayName | String | Admin provided name of the device configuration. Inherited from deviceConfiguration |
| version | Int32 | Version of the device configuration. Inherited from deviceConfiguration |
| renewalThresholdPercentage | Int32 | Certificate renewal threshold percentage. Inherited from macOSCertificateProfileBase |
| subjectNameFormat | appleSubjectNameFormat | Certificate Subject Name Format. Inherited from macOSCertificateProfileBase. Possible values are: commonName, commonNameAsEmail, custom, commonNameIncludingEmail, commonNameAsIMEI, commonNameAsSerialNumber. |
| subjectAlternativeNameType | subjectAlternativeNameType | Certificate Subject Alternative Name Type. Inherited from macOSCertificateProfileBase. Possible values are: none, emailAddress, userPrincipalName, customAzureADAttribute, domainNameService, universalResourceIdentifier. |
| certificateValidityPeriodValue | Int32 | Value for the Certificate Validity Period. Inherited from macOSCertificateProfileBase |
| certificateValidityPeriodScale | certificateValidityPeriodScale | Scale for the Certificate Validity Period. Inherited from macOSCertificateProfileBase. Possible values are: days, months, years. |
| certificationAuthority | String | PKCS certification authority FQDN. |
| certificationAuthorityName | String | PKCS certification authority Name. |
| certificateTemplateName | String | PKCS certificate template name. |
| subjectAlternativeNameFormatString | String | Format string that defines the subject alternative name. |
| subjectNameFormatString | String | Format string that defines the subject name. Example: CN={{EmailAddress}},E={{EmailAddress}},OU=Enterprise Users,O=Contoso Corporation,L=Redmond,ST=WA,C=US |
| certificateStore | certificateStore | Target store certificate. Possible values are: user, machine. |
| customSubjectAlternativeNames | customSubjectAlternativeName collection | Custom Subject Alternative Name Settings. This collection can contain a maximum of 500 elements. |
| allowAllAppsAccess | Boolean | AllowAllAppsAccess setting |
macOSScepCertificateProfile
| Property | Type | Description |
|---|---|---|
| id | String | Key of the entity. Inherited from deviceConfiguration |
| lastModifiedDateTime | DateTimeOffset | DateTime the object was last modified. Inherited from deviceConfiguration |
| roleScopeTagIds | String collection | List of Scope Tags for this Entity instance. Inherited from deviceConfiguration |
| supportsScopeTags | Boolean | Indicates whether or not the underlying Device Configuration supports the assignment of scope tags. Assigning to the ScopeTags property is not allowed when this value is false and entities will not be visible to scoped users. This occurs for Legacy policies created in Silverlight and can be resolved by deleting and recreating the policy in the Azure Portal. This property is read-only. Inherited from deviceConfiguration |
| deviceManagementApplicabilityRuleOsEdition | deviceManagementApplicabilityRuleOsEdition | The OS edition applicability for this Policy. Inherited from deviceConfiguration |
| deviceManagementApplicabilityRuleOsVersion | deviceManagementApplicabilityRuleOsVersion | The OS version applicability rule for this Policy. Inherited from deviceConfiguration |
| deviceManagementApplicabilityRuleDeviceMode | deviceManagementApplicabilityRuleDeviceMode | The device mode applicability rule for this Policy. Inherited from deviceConfiguration |
| createdDateTime | DateTimeOffset | DateTime the object was created. Inherited from deviceConfiguration |
| description | String | Admin provided description of the Device Configuration. Inherited from deviceConfiguration |
| displayName | String | Admin provided name of the device configuration. Inherited from deviceConfiguration |
| version | Int32 | Version of the device configuration. Inherited from deviceConfiguration |
| renewalThresholdPercentage | Int32 | Certificate renewal threshold percentage. Inherited from macOSCertificateProfileBase |
| subjectNameFormat | appleSubjectNameFormat | Certificate Subject Name Format. Inherited from macOSCertificateProfileBase. Possible values are: commonName, commonNameAsEmail, custom, commonNameIncludingEmail, commonNameAsIMEI, commonNameAsSerialNumber. |
| subjectAlternativeNameType | subjectAlternativeNameType | Certificate Subject Alternative Name Type. Inherited from macOSCertificateProfileBase. Possible values are: none, emailAddress, userPrincipalName, customAzureADAttribute, domainNameService, universalResourceIdentifier. |
| certificateValidityPeriodValue | Int32 | Value for the Certificate Validity Period. Inherited from macOSCertificateProfileBase |
| certificateValidityPeriodScale | certificateValidityPeriodScale | Scale for the Certificate Validity Period. Inherited from macOSCertificateProfileBase. Possible values are: days, months, years. |
| scepServerUrls | String collection | SCEP Server Url(s). |
| subjectNameFormatString | String | Custom format to use with SubjectNameFormat = Custom. Example: CN={{EmailAddress}},E={{EmailAddress}},OU=Enterprise Users,O=Contoso Corporation,L=Redmond,ST=WA,C=US |
| keyUsage | keyUsages | SCEP Key Usage. Possible values are: keyEncipherment, digitalSignature. |
| keySize | keySize | SCEP Key Size. Possible values are: size1024, size2048, size4096. |
| hashAlgorithm | hashAlgorithms | SCEP Hash Algorithm. Possible values are: sha1, sha2. |
| extendedKeyUsages | extendedKeyUsage collection | Extended Key Usage (EKU) settings. This collection can contain a maximum of 500 elements. |
| subjectAlternativeNameFormatString | String | Custom String that defines the AAD Attribute. |
| certificateStore | certificateStore | Target store certificate. Possible values are: user, machine. |
| customSubjectAlternativeNames | customSubjectAlternativeName collection | Custom Subject Alternative Name Settings. This collection can contain a maximum of 500 elements. |
| allowAllAppsAccess | Boolean | AllowAllAppsAccess setting |