DeviceManagementConfiguration.Read.All
Allows the app to read properties of Microsoft Intune-managed device configuration and device compliance policies and their assignment to groups.
Using the Microsoft Graph APIs to configure Intune controls and policies still requires that the Intune service is correctly licensed by the customer.
These permissions aren't supported for personal Microsoft accounts.
Merill's Note
For an app to access data in Microsoft Graph, the user or administrator must grant it the permissions it needs. This article lists all the Microsoft Graph APIs and your tenant data that can be accessed by the application (vendor/developer) if you consent to the
DeviceManagementConfiguration.Read.Allpermission.If you need to create an audit report of the permissions granted to all the apps in your tenant, you can run the
Export-MsIdAppConsentGrantReportcommand. See How To: Run a quick OAuth app audit of your tenant
| Category | Application | Delegated |
|---|---|---|
| Identifier | dc377aa6-52d8-4e23-b271-2a7ae04cedf3 | f1493658-876a-4c87-8fa7-edb559b3476a |
| DisplayText | Read Microsoft Intune device configuration and policies | Read Microsoft Intune Device Configuration and Policies |
| Description | Allows the app to read properties of Microsoft Intune-managed device configuration and device compliance policies and their assignment to groups, without a signed-in user. | Allows the app to read properties of Microsoft Intune-managed device configuration and device compliance policies and their assignment to groups. |
| AdminConsentRequired | Yes | Yes |
Graph Methods
→ API supports delegated access (access on behalf of a user)
→ API supports app-only access (access without a user)
| Methods | |
|---|---|
→ API supports delegated access (access on behalf of a user)
→ API supports app-only access (access without a user)
| Methods | |
|---|---|
→ Command supports delegated access (access on behalf of a user)
→ Command supports app-only access (access without a user)
| Commands | |
|---|---|
→ Command supports delegated access (access on behalf of a user)
→ Command supports app-only access (access without a user)
| Commands | |
|---|---|
Resources
Granting this permission allows the calling application to access (and/or update) the following information in your tenant.
- androidDeviceOwnerEnrollmentProfile
- androidForWorkAppConfigurationSchema
- androidForWorkEnrollmentProfile
- androidForWorkSettings
- androidManagedStoreAccountEnterpriseSettings
- androidManagedStoreAppConfigurationSchema
- deviceManagement
- deviceManagementReports
- zebraFotaArtifact
- zebraFotaConnector
- zebraFotaDeployment
- androidForWorkApp
- androidForWorkMobileAppConfiguration
- androidLobApp
- androidManagedStoreApp
- androidManagedStoreAppConfiguration
- androidManagedStoreWebApp
- androidStoreApp
- deviceAppManagement
- enterpriseCodeSigningCertificate
- iosiPadOSWebClip
- iosLobApp
- iosLobAppProvisioningConfiguration
- iosLobAppProvisioningConfigurationAssignment
- iosMobileAppConfiguration
- iosStoreApp
- iosVppApp
- iosVppAppAssignedDeviceLicense
- iosVppAppAssignedLicense
- iosVppAppAssignedUserLicense
- macOSDmgApp
- macOSLobApp
- macOSMdatpApp
- macOSMicrosoftDefenderApp
- macOSMicrosoftEdgeApp
- macOSOfficeSuiteApp
- macOSPkgApp
- macOsVppApp
- macOsVppAppAssignedLicense
- macOSWebClip
- managedAndroidLobApp
- managedAndroidStoreApp
- managedApp
- managedDeviceMobileAppConfiguration
- managedDeviceMobileAppConfigurationAssignment
- managedDeviceMobileAppConfigurationDeviceStatus
- managedDeviceMobileAppConfigurationDeviceSummary
- managedDeviceMobileAppConfigurationUserStatus
- managedDeviceMobileAppConfigurationUserSummary
- managedIOSLobApp
- managedIOSStoreApp
- managedMobileLobApp
- microsoftStoreForBusinessApp
- microsoftStoreForBusinessContainedApp
- mobileApp
- mobileAppAssignment
- mobileAppCategory
- mobileAppContent
- mobileAppContentFile
- mobileAppDependency
- mobileAppProvisioningConfigGroupAssignment
- mobileAppPublishingConstraints
- mobileAppRelationship
- mobileAppSupersedence
- mobileContainedApp
- mobileLobApp
- officeSuiteApp
- symantecCodeSigningCertificate
- webApp
- win32LobApp
- windowsAppX
- intune-apps-windowsarchitecture
- windowsMicrosoftEdgeApp
- windowsMobileMSI
- windowsPhone81AppX
- windowsPhone81AppXBundle
- windowsPhone81StoreApp
- windowsPhoneXAP
- windowsStoreApp
- windowsUniversalAppX
- windowsUniversalAppXContainedApp
- windowsWebApp
- winGetApp
- chromeOSOnboardingSettings
- intune-chromebooksync-chromeosonboardingstatus
- cloudCertificationAuthority
- cloudCertificationAuthorityLeafCertificate
- intune-cloudpkigraphservice-cloudcertificationauthoritystatus
- deviceManagementReports
- trustChainCertificate
- advancedThreatProtectionOnboardingDeviceSettingState
- advancedThreatProtectionOnboardingStateSummary
- androidCertificateProfileBase
- androidCompliancePolicy
- androidCustomConfiguration
- androidDeviceOwnerCertificateProfileBase
- androidDeviceOwnerCompliancePolicy
- androidDeviceOwnerDerivedCredentialAuthenticationConfiguration
- androidDeviceOwnerEnterpriseWiFiConfiguration
- androidDeviceOwnerGeneralDeviceConfiguration
- androidDeviceOwnerImportedPFXCertificateProfile
- androidDeviceOwnerPkcsCertificateProfile
- androidDeviceOwnerScepCertificateProfile
- androidDeviceOwnerTrustedRootCertificate
- androidDeviceOwnerVpnConfiguration
- androidDeviceOwnerWiFiConfiguration
- androidEasEmailProfileConfiguration
- androidEnterpriseWiFiConfiguration
- androidForWorkCertificateProfileBase
- androidForWorkCompliancePolicy
- androidForWorkCustomConfiguration
- androidForWorkEasEmailProfileBase
- androidForWorkEnterpriseWiFiConfiguration
- androidForWorkGeneralDeviceConfiguration
- androidForWorkGmailEasConfiguration
- androidForWorkImportedPFXCertificateProfile
- androidForWorkNineWorkEasConfiguration
- androidForWorkPkcsCertificateProfile
- androidForWorkScepCertificateProfile
- androidForWorkTrustedRootCertificate
- androidForWorkVpnConfiguration
- androidForWorkWiFiConfiguration
- androidGeneralDeviceConfiguration
- androidImportedPFXCertificateProfile
- androidOmaCpConfiguration
- androidPkcsCertificateProfile
- androidScepCertificateProfile
- androidTrustedRootCertificate
- androidVpnConfiguration
- androidWiFiConfiguration
- androidWorkProfileCertificateProfileBase
- androidWorkProfileCompliancePolicy
- androidWorkProfileCustomConfiguration
- androidWorkProfileEasEmailProfileBase
- androidWorkProfileEnterpriseWiFiConfiguration
- androidWorkProfileGeneralDeviceConfiguration
- androidWorkProfileGmailEasConfiguration
- androidWorkProfileMigrationConfiguration
- androidWorkProfileNineWorkEasConfiguration
- androidWorkProfilePkcsCertificateProfile
- androidWorkProfileScepCertificateProfile
- androidWorkProfileTrustedRootCertificate
- androidWorkProfileVpnConfiguration
- androidWorkProfileWiFiConfiguration
- aospDeviceOwnerCertificateProfileBase
- aospDeviceOwnerCompliancePolicy
- aospDeviceOwnerDeviceConfiguration
- aospDeviceOwnerEnterpriseWiFiConfiguration
- aospDeviceOwnerPkcsCertificateProfile
- aospDeviceOwnerScepCertificateProfile
- aospDeviceOwnerTrustedRootCertificate
- aospDeviceOwnerWiFiConfiguration
- appleDeviceFeaturesConfigurationBase
- appleExpeditedCheckinConfigurationBase
- appleVpnConfiguration
- cartToClassAssociation
- defaultDeviceCompliancePolicy
- deviceComplianceActionItem
- deviceComplianceDeviceOverview
- deviceComplianceDeviceStatus
- deviceCompliancePolicy
- deviceCompliancePolicyAssignment
- deviceCompliancePolicyDeviceStateSummary
- deviceCompliancePolicySettingStateSummary
- deviceComplianceScheduledActionForRule
- deviceComplianceSettingState
- deviceComplianceUserOverview
- deviceComplianceUserStatus
- deviceConfiguration
- deviceConfigurationAssignment
- deviceConfigurationConflictSummary
- deviceConfigurationDeviceOverview
- deviceConfigurationDeviceStateSummary
- deviceConfigurationDeviceStatus
- deviceConfigurationGroupAssignment
- deviceConfigurationTargetedUserAndDevice
- deviceConfigurationUserOverview
- deviceConfigurationUserStateSummary
- deviceConfigurationUserStatus
- deviceManagement
- deviceManagementDerivedCredentialSettings
- easEmailProfileConfigurationBase
- editionUpgradeConfiguration
- endpointPrivilegeManagementProvisioningStatus
- hardwareConfiguration
- hardwareConfigurationAssignment
- hardwareConfigurationDeviceState
- hardwareConfigurationRunSummary
- hardwareConfigurationUserState
- hardwarePasswordDetail
- hardwarePasswordInfo
- iosCertificateProfile
- iosCertificateProfileBase
- iosCompliancePolicy
- iosCustomConfiguration
- iosDerivedCredentialAuthenticationConfiguration
- iosDeviceFeaturesConfiguration
- iosEasEmailProfileConfiguration
- iosEducationDeviceConfiguration
- iosEduDeviceConfiguration
- iosEnterpriseWiFiConfiguration
- iosExpeditedCheckinConfiguration
- iosGeneralDeviceConfiguration
- iosikEv2VpnConfiguration
- iosImportedPFXCertificateProfile
- iosPkcsCertificateProfile
- iosScepCertificateProfile
- iosTrustedRootCertificate
- iosUpdateConfiguration
- iosUpdateDeviceStatus
- iosVpnConfiguration
- iosWiFiConfiguration
- macOSCertificateProfileBase
- macOSCompliancePolicy
- macOSCustomAppConfiguration
- macOSCustomConfiguration
- macOSDeviceFeaturesConfiguration
- macOSEndpointProtectionConfiguration
- macOSEnterpriseWiFiConfiguration
- macOSExtensionsConfiguration
- macOSGeneralDeviceConfiguration
- macOSImportedPFXCertificateProfile
- macOSPkcsCertificateProfile
- macOSScepCertificateProfile
- macOSSoftwareUpdateAccountSummary
- macOSSoftwareUpdateCategorySummary
- macOSSoftwareUpdateConfiguration
- macOSSoftwareUpdateStateSummary
- macOSTrustedRootCertificate
- macOSVpnConfiguration
- macOSWiFiConfiguration
- macOSWiredNetworkConfiguration
- managedAllDeviceCertificateState
- managedDeviceCertificateState
- managedDeviceEncryptionState
- managementFeatureProjectDetail
- ndesConnector
- report
- reportRoot
- restrictedAppsViolation
- retireScheduledManagedDevice
- settingStateDeviceSummary
- sharedPCConfiguration
- softwareUpdateStatusSummary
- unsupportedDeviceConfiguration
- vpnConfiguration
- windows10CertificateProfileBase
- windows10CompliancePolicy
- windows10CustomConfiguration
- windows10DeviceFirmwareConfigurationInterface
- windows10EasEmailProfileConfiguration
- windows10EndpointProtectionConfiguration
- windows10EnterpriseModernAppManagementConfiguration
- windows10GeneralConfiguration
- windows10ImportedPFXCertificateProfile
- windows10MobileCompliancePolicy
- windows10NetworkBoundaryConfiguration
- windows10PFXImportCertificateProfile
- windows10PkcsCertificateProfile
- windows10SecureAssessmentConfiguration
- windows10TeamGeneralConfiguration
- windows10VpnConfiguration
- windows81CertificateProfileBase
- windows81CompliancePolicy
- windows81GeneralConfiguration
- windows81SCEPCertificateProfile
- windows81TrustedRootCertificate
- windows81VpnConfiguration
- windows81WifiImportConfiguration
- windowsCertificateProfileBase
- windowsDefenderAdvancedThreatProtectionConfiguration
- windowsDeliveryOptimizationConfiguration
- windowsDomainJoinConfiguration
- windowsHealthMonitoringConfiguration
- windowsIdentityProtectionConfiguration
- windowsKioskConfiguration
- windowsPhone81CertificateProfileBase
- windowsPhone81CompliancePolicy
- windowsPhone81CustomConfiguration
- windowsPhone81GeneralConfiguration
- windowsPhone81ImportedPFXCertificateProfile
- windowsPhone81SCEPCertificateProfile
- windowsPhone81TrustedRootCertificate
- windowsPhone81VpnConfiguration
- windowsPhoneEASEmailProfileConfiguration
- windowsPrivacyDataAccessControlItem
- windowsUpdateForBusinessConfiguration
- windowsVpnConfiguration
- windowsWifiConfiguration
- windowsWifiEnterpriseEAPConfiguration
- windowsWiredNetworkConfiguration
- deviceManagementComplianceActionItem
- deviceManagementCompliancePolicy
- deviceManagementComplianceScheduledActionForRule
- deviceManagementConfigurationCategory
- deviceManagementConfigurationChoiceSettingCollectionDefinition
- deviceManagementConfigurationChoiceSettingDefinition
- deviceManagementConfigurationPolicy
- deviceManagementConfigurationPolicyTemplate
- deviceManagementConfigurationRedirectSettingDefinition
- deviceManagementConfigurationSetting
- deviceManagementConfigurationSettingDefinition
- deviceManagementConfigurationSettingGroupCollectionDefinition
- deviceManagementConfigurationSettingGroupDefinition
- deviceManagementConfigurationSettingTemplate
- deviceManagementConfigurationSimpleSettingCollectionDefinition
- deviceManagementConfigurationSimpleSettingDefinition
- deviceManagementReusablePolicySetting
- deviceManagementTemplateInsightsDefinition
- deviceManagementAbstractComplexSettingDefinition
- deviceManagementAbstractComplexSettingInstance
- deviceManagementBooleanSettingInstance
- deviceManagementCollectionSettingDefinition
- deviceManagementCollectionSettingInstance
- deviceManagementComplexSettingDefinition
- deviceManagementComplexSettingInstance
- deviceManagementIntegerSettingInstance
- deviceManagementIntent
- deviceManagementIntentAssignment
- deviceManagementIntentCustomizedSetting
- deviceManagementIntentDeviceSettingStateSummary
- deviceManagementIntentDeviceState
- deviceManagementIntentDeviceStateSummary
- deviceManagementIntentSettingCategory
- deviceManagementIntentUserState
- deviceManagementIntentUserStateSummary
- deviceManagementSettingCategory
- deviceManagementSettingComparison
- deviceManagementSettingDefinition
- deviceManagementSettingInstance
- deviceManagementStringSettingInstance
- deviceManagementTemplate
- deviceManagementTemplateSettingCategory
- securityBaselineCategoryStateSummary
- securityBaselineDeviceState
- securityBaselineStateSummary
- securityBaselineTemplate
- applePushNotificationCertificate
- appLogCollectionDownloadDetails
- appLogCollectionRequest
- bulkManagedDeviceActionResult
- cloudPCConnectivityIssue
- comanagedDevicesSummary
- comanagementEligibleDevice
- comanagementEligibleDevicesSummary
- dataSharingConsent
- detectedApp
- deviceAppManagement
- deviceAssignmentItem
- deviceCategory
- deviceComplianceScript
- deviceComplianceScriptDeviceState
- deviceComplianceScriptRunSummary
- deviceCustomAttributeShellScript
- deviceHealthScript
- deviceHealthScriptAssignment
- deviceHealthScriptDeviceState
- deviceHealthScriptParameter
- deviceHealthScriptPolicyState
- deviceHealthScriptRemediationHistory
- deviceHealthScriptRemediationSummary
- deviceHealthScriptRunSchedule
- deviceHealthScriptRunSummary
- intune-devices-devicehealthscripttype
- deviceLogCollectionResponse
- deviceManagement
- deviceManagementScript
- deviceManagementScriptAssignment
- deviceManagementScriptDeviceState
- deviceManagementScriptGroupAssignment
- deviceManagementScriptRunSummary
- deviceManagementScriptUserState
- deviceScopeActionResult
- deviceShellScript
- intune-devices-globaldevicehealthscriptstate
- malwareStateForWindowsDevice
- managedDevice
- managedDeviceCleanupRule
- managedDeviceOverview
- intune-devices-manageddeviceremoteaction
- mobileAppTroubleshootingEvent
- powerliftAppDiagnosticDownloadRequest
- powerliftDownloadRequest
- powerliftIncidentDetail
- powerliftIncidentMetadata
- privilegeManagementElevation
- intune-devices-remediationstate
- remoteActionAudit
- tenantAttachRBAC
- tenantAttachRBACState
- user
- userExperienceAnalyticsAnomaly
- userExperienceAnalyticsAnomalyCorrelationGroupOverview
- userExperienceAnalyticsAnomalyDevice
- userExperienceAnalyticsAppHealthApplicationPerformance
- userExperienceAnalyticsAppHealthAppPerformanceByAppVersion
- userExperienceAnalyticsAppHealthAppPerformanceByAppVersionDetails
- userExperienceAnalyticsAppHealthAppPerformanceByAppVersionDeviceId
- userExperienceAnalyticsAppHealthAppPerformanceByOSVersion
- userExperienceAnalyticsAppHealthDeviceModelPerformance
- userExperienceAnalyticsAppHealthDevicePerformance
- userExperienceAnalyticsAppHealthDevicePerformanceDetails
- userExperienceAnalyticsAppHealthOSVersionPerformance
- userExperienceAnalyticsBaseline
- userExperienceAnalyticsBatteryHealthAppImpact
- userExperienceAnalyticsBatteryHealthCapacityDetails
- userExperienceAnalyticsBatteryHealthDeviceAppImpact
- userExperienceAnalyticsBatteryHealthDevicePerformance
- userExperienceAnalyticsBatteryHealthDeviceRuntimeHistory
- userExperienceAnalyticsBatteryHealthModelPerformance
- userExperienceAnalyticsBatteryHealthOsPerformance
- userExperienceAnalyticsBatteryHealthRuntimeDetails
- userExperienceAnalyticsCategory
- userExperienceAnalyticsDevicePerformance
- userExperienceAnalyticsDeviceScope
- userExperienceAnalyticsDeviceScopeSummary
- userExperienceAnalyticsDeviceScores
- userExperienceAnalyticsDeviceStartupHistory
- userExperienceAnalyticsDeviceStartupProcess
- userExperienceAnalyticsDeviceStartupProcessPerformance
- userExperienceAnalyticsDeviceTimelineEvents
- userExperienceAnalyticsDeviceWithoutCloudIdentity
- userExperienceAnalyticsImpactingProcess
- userExperienceAnalyticsMetric
- userExperienceAnalyticsMetricHistory
- userExperienceAnalyticsModelScores
- userExperienceAnalyticsNotAutopilotReadyDevice
- userExperienceAnalyticsOverview
- userExperienceAnalyticsRegressionSummary
- userExperienceAnalyticsRemoteConnection
- userExperienceAnalyticsResourcePerformance
- userExperienceAnalyticsScoreHistory
- intune-devices-userexperienceanalyticssummarizedby
- userExperienceAnalyticsWorkFromAnywhereDevice
- userExperienceAnalyticsWorkFromAnywhereHardwareReadinessMetric
- userExperienceAnalyticsWorkFromAnywhereMetric
- userExperienceAnalyticsWorkFromAnywhereModelPerformance
- windowsDeviceMalwareState
- windowsMalwareInformation
- windowsManagedDevice
- windowsManagementApp
- windowsManagementAppHealthState
- windowsProtectionState
- activeDirectoryWindowsAutopilotDeploymentProfile
- appleEnrollmentProfileAssignment
- appleUserInitiatedEnrollmentProfile
- azureADWindowsAutopilotDeploymentProfile
- deletedWindowsAutopilotDeviceState
- depEnrollmentBaseProfile
- depEnrollmentProfile
- depIOSEnrollmentProfile
- depMacOSEnrollmentProfile
- depOnboardingSetting
- depTvOSEnrollmentProfile
- depVisionOSEnrollmentProfile
- deviceManagement
- enrollmentProfile
- importedAppleDeviceIdentity
- importedAppleDeviceIdentityResult
- importedDeviceIdentity
- importedDeviceIdentityResult
- importedWindowsAutopilotDeviceIdentity
- suggestedEnrollmentLimit
- windowsAutopilotDeploymentProfile
- windowsAutopilotDeploymentProfileAssignment
- windowsAutopilotDeviceIdentity
- windowsAutopilotSettings
- windowsDomainJoinConfiguration
- privilegeManagementElevationRequest
- embeddedSIMActivationCodePool
- embeddedSIMActivationCodePoolAssignment
- embeddedSIMDeviceState
- deviceManagement
- groupPolicyMigrationReport
- groupPolicyObjectFile
- groupPolicySettingMapping
- unsupportedGroupPolicyExtension
- deviceManagementReports
- groupPolicyCategory
- groupPolicyConfiguration
- groupPolicyConfigurationAssignment
- groupPolicyDefinition
- groupPolicyDefinitionFile
- groupPolicyDefinitionValue
- groupPolicyOperation
- groupPolicyPresentation
- groupPolicyPresentationCheckBox
- groupPolicyPresentationComboBox
- groupPolicyPresentationDecimalTextBox
- groupPolicyPresentationDropdownList
- groupPolicyPresentationListBox
- groupPolicyPresentationLongDecimalTextBox
- groupPolicyPresentationMultiTextBox
- groupPolicyPresentationText
- groupPolicyPresentationTextBox
- groupPolicyPresentationValue
- groupPolicyPresentationValueBoolean
- groupPolicyPresentationValueDecimal
- groupPolicyPresentationValueList
- groupPolicyPresentationValueLongDecimal
- groupPolicyPresentationValueMultiText
- groupPolicyPresentationValueText
- groupPolicyUploadedCategory
- groupPolicyUploadedDefinition
- groupPolicyUploadedDefinitionFile
- groupPolicyUploadedPresentation
- androidManagedAppProtection
- androidManagedAppRegistration
- defaultManagedAppProtection
- deviceManagementConfigurationChoiceSettingCollectionDefinition
- deviceManagementConfigurationSetting
- deviceManagementConfigurationSettingGroupCollectionDefinition
- deviceManagementConfigurationSimpleSettingCollectionDefinition
- deviceManagementReports
- iosManagedAppProtection
- iosManagedAppRegistration
- managedAppConfiguration
- managedAppDiagnosticStatus
- managedAppLogCollectionRequest
- managedAppOperation
- managedAppPolicy
- managedAppPolicyDeploymentSummary
- managedAppProtection
- managedAppRegistration
- managedAppStatus
- managedAppStatusRaw
- managedMobileApp
- mdmWindowsInformationProtectionPolicy
- targetedManagedAppConfiguration
- targetedManagedAppPolicyAssignment
- targetedManagedAppProtection
- user
- windowsInformationProtection
- windowsInformationProtectionAppLockerFile
- windowsInformationProtectionDeviceRegistration
- windowsInformationProtectionPolicy
- windowsInformationProtectionWipeAction
- windowsManagedAppProtection
- windowsManagedAppRegistration
- metricTimeSeriesDataPoint
- microsoftTunnelConfiguration
- microsoftTunnelHealthThreshold
- microsoftTunnelServer
- microsoftTunnelServerLogCollectionResponse
- microsoftTunnelSite
- deviceManagementDomainJoinConnector
- complianceManagementPartner
- deviceAndAppManagementData
- deviceAppManagement
- deviceCategory
- deviceComanagementAuthorityConfiguration
- deviceEnrollmentConfiguration
- deviceEnrollmentLimitConfiguration
- deviceEnrollmentNotificationConfiguration
- deviceEnrollmentPlatformRestrictionConfiguration
- deviceEnrollmentPlatformRestrictionsConfiguration
- deviceEnrollmentWindowsHelloForBusinessConfiguration
- deviceManagement
- deviceManagementExchangeConnector
- deviceManagementExchangeOnPremisesPolicy
- deviceManagementPartner
- enrollmentConfigurationAssignment
- mobileThreatDefenseConnector
- onPremisesConditionalAccessSettings
- organization
- sideLoadingKey
- user
- vppToken
- windows10EnrollmentCompletionPageConfiguration
- windowsRestoreDeviceEnrollmentConfiguration
- assignmentFilterEvaluateRequest
- assignmentFilterState
- assignmentFilterStatusDetails
- assignmentFilterSupportedProperty
- deviceAndAppManagementAssignmentFilter
- deviceAppManagement
- deviceCompliancePolicyPolicySetItem
- deviceConfigurationPolicySetItem
- deviceManagement
- deviceManagementConfigurationPolicyPolicySetItem
- deviceManagementScriptPolicySetItem
- intune-policyset-deviceplatformtype
- enrollmentRestrictionsConfigurationPolicySetItem
- hasPayloadLinkResultItem
- iosLobAppProvisioningConfigurationPolicySetItem
- managedAppProtectionPolicySetItem
- managedDeviceMobileAppConfigurationPolicySetItem
- mdmWindowsInformationProtectionPolicyPolicySetItem
- mobileAppPolicySetItem
- payloadCompatibleAssignmentFilter
- policySet
- policySetAssignment
- policySetItem
- targetedManagedAppConfigurationPolicySetItem
- windows10EnrollmentCompletionPageConfigurationPolicySetItem
- windowsAutopilotDeploymentProfilePolicySetItem
- certificateConnectorDetails
- certificateConnectorHealthMetricValue
- deviceManagement
- onPremEncryptedPayload
- pfxRecryptionRequest
- pfxUserCertificate
- timeSeriesParameter
- userPFXCertificate
- deviceAndAppManagementAssignedRoleDetail
- deviceAndAppManagementAssignedRoleDetails
- deviceAndAppManagementRoleAssignment
- deviceAndAppManagementRoleDefinition
- deviceManagement
- operationApprovalPolicy
- operationApprovalPolicySet
- operationApprovalRequest
- operationApprovalRequestEntityStatus
- intune-rbac-operationapprovalsource
- rbacApplicationMultiple
- resourceOperation
- roleAssignment
- roleDefinition
- roleManagement
- rolePermission
- roleScopeTag
- roleScopeTagAutoAssignment
- deviceManagement
- deviceManagementReports
- remoteAssistancePartner
- remoteAssistanceSettings
- deviceManagement
- deviceManagementCachedReportConfiguration
- deviceManagementExportJob
- deviceManagementReports
- deviceManagementReportSchedule
- deviceAndAppManagementAssignmentTarget
- deviceCompliancePolicy
- deviceConfiguration
- deviceEnrollmentConfiguration
- deviceManagement
- deviceManagementConfigurationChoiceSettingDefinition
- deviceManagementConfigurationRedirectSettingDefinition
- deviceManagementConfigurationSettingDefinition
- deviceManagementConfigurationSettingGroupDefinition
- deviceManagementConfigurationSimpleSettingDefinition
- deviceManagementDerivedCredentialSettings
- deviceManagementScript
- enrollmentTimeDeviceMembershipTarget
- enrollmentTimeDeviceMembershipTargetResult
- keyLongValuePair
- mobileApp
- report
- reportRoot
- intune-shared-runasaccounttype
- intune-shared-runstate
- windowsDomainJoinConfiguration
- windowsUpdateState
- bulkCatalogItemActionResult
- bulkDriverActionResult
- intune-softwareupdate-driverapprovalaction
- windowsDriverUpdateInventory
- windowsDriverUpdateProfile
- windowsDriverUpdateProfileAssignment
- windowsFeatureUpdateCatalogItem
- windowsFeatureUpdateProfile
- windowsFeatureUpdateProfileAssignment
- windowsQualityUpdateCatalogItem
- windowsQualityUpdateCatalogItemPolicyDetail
- windowsQualityUpdatePolicy
- intune-softwareupdate-windowsqualityupdatepolicyactiontype
- windowsQualityUpdatePolicyAssignment
- windowsQualityUpdateProfile
- windowsQualityUpdateProfileAssignment
- windowsUpdateCatalogItem
- appleVppTokenTroubleshootingEvent
- deviceManagement
- deviceManagementAutopilotEvent
- deviceManagementTroubleshootingEvent
- enrollmentTroubleshootingEvent
- managedDeviceSummarizedAppState
- mobileAppIntentAndState
- mobileAppTroubleshootingEvent
- report
- reportRoot
- user
- aggregatedPolicyCompliance
- deviceCompliancePolicySettingStateSummary
Graph reference: androidDeviceOwnerEnrollmentProfile
| Property | Type | Description |
|---|---|---|
| accountId | String | Tenant GUID the enrollment profile belongs to. |
| id | String | Unique GUID for the enrollment profile. |
| displayName | String | Display name for the enrollment profile. |
| description | String | Description for the enrollment profile. |
| enrollmentMode | androidDeviceOwnerEnrollmentMode | The enrollment mode of devices that use this enrollment profile. Possible values are: corporateOwnedDedicatedDevice, corporateOwnedFullyManaged, corporateOwnedWorkProfile, corporateOwnedAOSPUserlessDevice, corporateOwnedAOSPUserAssociatedDevice. |
| enrollmentTokenType | androidDeviceOwnerEnrollmentTokenType | The enrollment token type for an enrollment profile. Possible values are: default, corporateOwnedDedicatedDeviceWithAzureADSharedMode, deviceStaging. |
| createdDateTime | DateTimeOffset | Date time the enrollment profile was created. |
| lastModifiedDateTime | DateTimeOffset | Date time the enrollment profile was last modified. |
| tokenValue | String | Value of the most recently created token for this enrollment profile. |
| tokenCreationDateTime | DateTimeOffset | Date time the most recently created token was created. |
| tokenExpirationDateTime | DateTimeOffset | Date time the most recently created token will expire. |
| enrolledDeviceCount | Int32 | Total number of Android devices that have enrolled using this enrollment profile. |
| enrollmentTokenUsageCount | Int32 | Total number of AOSP devices that have enrolled using the current token. Valid values 0 to 20000 |
| qrCodeContent | String | String used to generate a QR code for the token. |
| qrCodeImage | mimeContent | String used to generate a QR code for the token. |
| roleScopeTagIds | String collection | List of Scope Tags for this Entity instance. |
| configureWifi | Boolean | Boolean that indicates that the Wi-Fi network should be configured during device provisioning. When set to TRUE, device provisioning will use Wi-Fi related properties to automatically connect to Wi-Fi networks. When set to FALSE or undefined, other Wi-Fi related properties will be ignored. Default value is TRUE. Returned by default. |
| wifiSsid | String | String that contains the wi-fi login ssid |
| wifiPassword | String | String that contains the wi-fi login password |
| wifiSecurityType | aospWifiSecurityType | String that contains the wi-fi security type. Possible values are: none, wpa, wep. |
| wifiHidden | Boolean | Boolean that indicates if hidden wifi networks are enabled |
| isTeamsDeviceProfile | Boolean | Boolean indicating if this profile is an Android AOSP for Teams device profile. |
| deviceNameTemplate | String | Indicates the device name template used for the enrolled Android devices. The maximum length allowed for this property is 63 characters. The template expression contains normal text and tokens, including the serial number of the device, user name, device type, upn prefix, or a randomly generated number. Supported Tokens for device name templates are: (for device naming template expression): {{SERIAL}}, {{SERIALLAST4DIGITS}}, {{ENROLLMENTDATETIME}}, {{USERNAME}}, {{DEVICETYPE}}, {{UPNPREFIX}}, {{rand:x}}. Supports: $select, $top, $skip. $Search, $orderBy and $filter are not supported. |
Graph reference: androidForWorkAppConfigurationSchema
| Property | Type | Description |
|---|---|---|
| id | String | Key of the entity the Android package name for the application the schema corresponds to |
| exampleJson | Binary | UTF8 encoded byte array containing example JSON string conforming to this schema that demonstrates how to set the configuration for this app |
| schemaItems | androidForWorkAppConfigurationSchemaItem collection | Collection of items each representing a named configuration option in the schema |
Graph reference: androidForWorkEnrollmentProfile
| Property | Type | Description |
|---|---|---|
| accountId | String | Tenant GUID the enrollment profile belongs to. |
| id | String | Unique GUID for the enrollment profile. |
| displayName | String | Display name for the enrollment profile. |
| description | String | Description for the enrollment profile. |
| createdDateTime | DateTimeOffset | Date time the enrollment profile was created. |
| lastModifiedDateTime | DateTimeOffset | Date time the enrollment profile was last modified. |
| tokenValue | String | Value of the most recently created token for this enrollment profile. |
| tokenExpirationDateTime | DateTimeOffset | Date time the most recently created token will expire. |
| enrolledDeviceCount | Int32 | Total number of Android devices that have enrolled using this enrollment profile. |
| qrCodeContent | String | String used to generate a QR code for the token. |
| qrCodeImage | mimeContent | String used to generate a QR code for the token. |
Graph reference: androidForWorkSettings
| Property | Type | Description |
|---|---|---|
| id | String | The Android for Work settings identifier |
| bindStatus | androidForWorkBindStatus | Bind status of the tenant with the Google EMM API. Possible values are: notBound, bound, boundAndValidated, unbinding. |
| lastAppSyncDateTime | DateTimeOffset | Last completion time for app sync |
| lastAppSyncStatus | androidForWorkSyncStatus | Last application sync result. Possible values are: success, credentialsNotValid, androidForWorkApiError, managementServiceError, unknownError, none. |
| ownerUserPrincipalName | String | Owner UPN that created the enterprise |
| ownerOrganizationName | String | Organization name used when onboarding Android for Work |
| lastModifiedDateTime | DateTimeOffset | Last modification time for Android for Work settings |
| enrollmentTarget | androidForWorkEnrollmentTarget | Indicates which users can enroll devices in Android for Work device management. Possible values are: none, all, targeted, targetedAsEnrollmentRestrictions. |
| targetGroupIds | String collection | Specifies which AAD groups can enroll devices in Android for Work device management if enrollmentTarget is set to 'Targeted' |
| deviceOwnerManagementEnabled | Boolean | Indicates if this account is flighting for Android Device Owner Management with CloudDPC. |
Graph reference: androidManagedStoreAccountEnterpriseSettings
| Property | Type | Description |
|---|---|---|
| id | String | The Android store account enterprise settings identifier |
| bindStatus | androidManagedStoreAccountBindStatus | Bind status of the tenant with the Google EMM API. Possible values are: notBound, bound, boundAndValidated, unbinding. |
| lastAppSyncDateTime | DateTimeOffset | Last completion time for app sync |
| lastAppSyncStatus | androidManagedStoreAccountAppSyncStatus | Last application sync result. Possible values are: success, credentialsNotValid, androidForWorkApiError, managementServiceError, unknownError, none. |
| ownerUserPrincipalName | String | Owner UPN that created the enterprise |
| ownerOrganizationName | String | Organization name used when onboarding Android Enterprise |
| lastModifiedDateTime | DateTimeOffset | Last modification time for Android enterprise settings |
| enrollmentTarget | androidManagedStoreAccountEnrollmentTarget | Indicates which users can enroll devices in Android Enterprise device management. Possible values are: none, all, targeted, targetedAsEnrollmentRestrictions. |
| targetGroupIds | String collection | Specifies which AAD groups can enroll devices in Android for Work device management if enrollmentTarget is set to 'Targeted' |
| deviceOwnerManagementEnabled | Boolean | Indicates if this account is flighting for Android Device Owner Management with CloudDPC. |
| companyCodes | androidEnrollmentCompanyCode collection | Company codes for AndroidManagedStoreAccountEnterpriseSettings |
| androidDeviceOwnerFullyManagedEnrollmentEnabled | Boolean | Company codes for AndroidManagedStoreAccountEnterpriseSettings |
| managedGooglePlayInitialScopeTagIds | String collection | Initial scope tags for MGP apps |
Graph reference: androidManagedStoreAppConfigurationSchema
| Property | Type | Description |
|---|---|---|
| id | String | Key of the entity the Android package name for the application the schema corresponds to |
| exampleJson | Binary | UTF8 encoded byte array containing example JSON string conforming to this schema that demonstrates how to set the configuration for this app |
| schemaItems | androidManagedStoreAppConfigurationSchemaItem collection | Collection of items each representing a named configuration option in the schema. It only contains the root-level configuration. |
| nestedSchemaItems | androidManagedStoreAppConfigurationSchemaItem collection | Collection of items each representing a named configuration option in the schema. It contains a flat list of all configuration. |
Graph reference: deviceManagement
| Property | Type | Description |
|---|---|---|
| id | String | Not yet documented |
Graph reference: deviceManagementReports
| Property | Type | Description |
|---|
Graph reference: zebraFotaArtifact
| Property | Type | Description |
|---|---|---|
| id | String | Artifact unique ID from Zebra |
| deviceModel | String | Applicable device model (e.g.: TC8300) |
| osVersion | String | Artifact OS version (e.g.: 8.1.0) |
| patchVersion | String | Artifact patch version (e.g.: U00) |
| boardSupportPackageVersion | String | The version of the Board Support Package (BSP. E.g.: 01.18.02.00) |
| releaseNotesUrl | String | Artifact release notes URL (e.g.: https://www.zebra.com/<filename.pdf>) |
| description | String | Artifact description. (e.g.: `LifeGuard Update 98 (released 24-September-2021) |
Graph reference: zebraFotaConnector
| Property | Type | Description |
|---|---|---|
| id | String | Id of ZebraFotaConnector. |
| state | ** Unknown Type microsoft.intune.core.msGraph.zebraFotaConnectorState ** |
The Zebra connector state. |
| enrollmentToken | String | Tenant enrollment token from Zebra. The token is used to enroll Zebra devices in the FOTA Service via app config. |
| enrollmentAuthorizationUrl | String | Complete account enrollment authorization URL. This corresponds to verification_uri_complete in the Zebra API documentations. |
| lastSyncDateTime | DateTimeOffset | Date and time when the account was last synched with Zebra |
| fotaAppsApproved | Boolean | Flag indicating if required Firmware Over-the-Air (FOTA) Apps have been approved. |
Graph reference: zebraFotaDeployment
| Property | Type | Description |
|---|---|---|
| id | String | System generated deployment id provided during creation of the deployment. Returned only if operation was a success. |
| displayName | String | A human readable name of the deployment. |
| description | String | A human readable description of the deployment. |
| deploymentSettings | ** Unknown Type microsoft.intune.core.msGraph.zebraFotaDeploymentSettings ** |
Represents settings required to create a deployment such as deployment type, artifact info, download and installation |
| deploymentAssignments | ** Unknown Type microsoft.intune.core.msGraph.androidFotaDeploymentAssignment ** collection |
Collection of Android FOTA Assignment |
| deploymentStatus | ** Unknown Type microsoft.intune.core.msGraph.zebraFotaDeploymentStatus ** |
Represents the deployment status from Zebra. The status is a high level status of the deployment as opposed being a detailed status per device. |
| roleScopeTagIds | String collection | List of Scope Tags for this Entity instance |
Graph reference: androidForWorkApp
| Property | Type | Description |
|---|---|---|
| id | String | Key of the entity. This property is read-only. Inherited from mobileApp |
| displayName | String | The admin provided or imported title of the app. Inherited from mobileApp |
| description | String | The description of the app. Inherited from mobileApp |
| publisher | String | The publisher of the app. Inherited from mobileApp |
| largeIcon | mimeContent | The large icon, to be displayed in the app details and used for upload of the icon. Inherited from mobileApp |
| createdDateTime | DateTimeOffset | The date and time the app was created. This property is read-only. Inherited from mobileApp |
| lastModifiedDateTime | DateTimeOffset | The date and time the app was last modified. This property is read-only. Inherited from mobileApp |
| isFeatured | Boolean | The value indicating whether the app is marked as featured by the admin. Inherited from mobileApp |
| privacyInformationUrl | String | The privacy statement Url. Inherited from mobileApp |
| informationUrl | String | The more information Url. Inherited from mobileApp |
| owner | String | The owner of the app. Inherited from mobileApp |
| developer | String | The developer of the app. Inherited from mobileApp |
| notes | String | Notes for the app. Inherited from mobileApp |
| uploadState | Int32 | The upload state. Possible values are: 0 - Not Ready, 1 - Ready, 2 - Processing. This property is read-only. Inherited from mobileApp |
| publishingState | mobileAppPublishingState | The publishing state for the app. The app cannot be assigned unless the app is published. This property is read-only. Inherited from mobileApp. Possible values are: notPublished, processing, published. |
| isAssigned | Boolean | The value indicating whether the app is assigned to at least one group. This property is read-only. Inherited from mobileApp |
| roleScopeTagIds | String collection | List of scope tag ids for this mobile app. Inherited from mobileApp |
| dependentAppCount | Int32 | The total number of dependencies the child app has. This property is read-only. Inherited from mobileApp |
| supersedingAppCount | Int32 | The total number of apps this app directly or indirectly supersedes. This property is read-only. Inherited from mobileApp |
| supersededAppCount | Int32 | The total number of apps this app is directly or indirectly superseded by. This property is read-only. Inherited from mobileApp |
| packageId | String | The package identifier. This property is read-only. |
| appIdentifier | String | The Identity Name. This property is read-only. |
| usedLicenseCount | Int32 | The number of VPP licenses in use. |
| totalLicenseCount | Int32 | The total number of VPP licenses. |
| appStoreUrl | String | The Play for Work Store app URL. |
Graph reference: androidForWorkMobileAppConfiguration
| Property | Type | Description |
|---|---|---|
| id | String | Key of the entity. Inherited from managedDeviceMobileAppConfiguration |
| targetedMobileApps | String collection | the associated app. Inherited from managedDeviceMobileAppConfiguration |
| roleScopeTagIds | String collection | List of Scope Tags for this App configuration entity. Inherited from managedDeviceMobileAppConfiguration |
| createdDateTime | DateTimeOffset | DateTime the object was created. Inherited from managedDeviceMobileAppConfiguration |
| description | String | Admin provided description of the Device Configuration. Inherited from managedDeviceMobileAppConfiguration |
| lastModifiedDateTime | DateTimeOffset | DateTime the object was last modified. Inherited from managedDeviceMobileAppConfiguration |
| displayName | String | Admin provided name of the device configuration. Inherited from managedDeviceMobileAppConfiguration |
| version | Int32 | Version of the device configuration. Inherited from managedDeviceMobileAppConfiguration |
| packageId | String | Android For Work app configuration package id. |
| payloadJson | String | Android For Work app configuration JSON payload. |
| permissionActions | androidPermissionAction collection | List of Android app permissions and corresponding permission actions. |
| profileApplicability | androidProfileApplicability | Android Enterprise profile applicability (AndroidWorkProfile, DeviceOwner, or default (applies to both)). Possible values are: default, androidWorkProfile, androidDeviceOwner. |
| connectedAppsEnabled | Boolean | Setting to specify whether to allow ConnectedApps experience for this app. |
Graph reference: androidLobApp
| Property | Type | Description |
|---|---|---|
| id | String | Key of the entity. Inherited from mobileApp |
| displayName | String | The admin provided or imported title of the app. Inherited from mobileApp |
| description | String | The description of the app. Inherited from mobileApp |
| publisher | String | The publisher of the app. Inherited from mobileApp |
| largeIcon | mimeContent | The large icon, to be displayed in the app details and used for upload of the icon. Inherited from mobileApp |
| createdDateTime | DateTimeOffset | The date and time the app was created. Inherited from mobileApp |
| lastModifiedDateTime | DateTimeOffset | The date and time the app was last modified. Inherited from mobileApp |
| isFeatured | Boolean | The value indicating whether the app is marked as featured by the admin. Inherited from mobileApp |
| privacyInformationUrl | String | The privacy statement Url. Inherited from mobileApp |
| informationUrl | String | The more information Url. Inherited from mobileApp |
| owner | String | The owner of the app. Inherited from mobileApp |
| developer | String | The developer of the app. Inherited from mobileApp |
| notes | String | Notes for the app. Inherited from mobileApp |
| publishingState | mobileAppPublishingState | The publishing state for the app. The app cannot be assigned unless the app is published. Inherited from mobileApp. Possible values are: notPublished, processing, published. |
| committedContentVersion | String | The internal committed content version. Inherited from mobileLobApp |
| fileName | String | The name of the main Lob application file. Inherited from mobileLobApp |
| size | Int64 | The total size, including all uploaded files. Inherited from mobileLobApp |
| packageId | String | The package identifier. |
| minimumSupportedOperatingSystem | androidMinimumOperatingSystem | The value for the minimum applicable operating system. |
| versionName | String | The version name of Android Line of Business (LoB) app. |
| versionCode | String | The version code of Android Line of Business (LoB) app. |
Graph reference: androidManagedStoreApp
| Property | Type | Description |
|---|---|---|
| id | String | Key of the entity. This property is read-only. Inherited from mobileApp |
| displayName | String | The admin provided or imported title of the app. Inherited from mobileApp |
| description | String | The description of the app. Inherited from mobileApp |
| publisher | String | The publisher of the app. Inherited from mobileApp |
| largeIcon | mimeContent | The large icon, to be displayed in the app details and used for upload of the icon. Inherited from mobileApp |
| createdDateTime | DateTimeOffset | The date and time the app was created. This property is read-only. Inherited from mobileApp |
| lastModifiedDateTime | DateTimeOffset | The date and time the app was last modified. This property is read-only. Inherited from mobileApp |
| isFeatured | Boolean | The value indicating whether the app is marked as featured by the admin. Inherited from mobileApp |
| privacyInformationUrl | String | The privacy statement Url. Inherited from mobileApp |
| informationUrl | String | The more information Url. Inherited from mobileApp |
| owner | String | The owner of the app. Inherited from mobileApp |
| developer | String | The developer of the app. Inherited from mobileApp |
| notes | String | Notes for the app. Inherited from mobileApp |
| uploadState | Int32 | The upload state. Possible values are: 0 - Not Ready, 1 - Ready, 2 - Processing. This property is read-only. Inherited from mobileApp |
| publishingState | mobileAppPublishingState | The publishing state for the app. The app cannot be assigned unless the app is published. This property is read-only. Inherited from mobileApp. Possible values are: notPublished, processing, published. |
| isAssigned | Boolean | The value indicating whether the app is assigned to at least one group. This property is read-only. Inherited from mobileApp |
| roleScopeTagIds | String collection | List of scope tag ids for this mobile app. Inherited from mobileApp |
| dependentAppCount | Int32 | The total number of dependencies the child app has. This property is read-only. Inherited from mobileApp |
| supersedingAppCount | Int32 | The total number of apps this app directly or indirectly supersedes. This property is read-only. Inherited from mobileApp |
| supersededAppCount | Int32 | The total number of apps this app is directly or indirectly superseded by. This property is read-only. Inherited from mobileApp |
| packageId | String | The package identifier. This property is read-only. |
| appIdentifier | String | The Identity Name. |
| usedLicenseCount | Int32 | The number of VPP licenses in use. This property is read-only. |
| totalLicenseCount | Int32 | The total number of VPP licenses. This property is read-only. |
| appStoreUrl | String | The Play for Work Store app URL. This property is read-only. |
| isPrivate | Boolean | Indicates whether the app is only available to a given enterprise's users. This property is read-only. |
| isSystemApp | Boolean | Indicates whether the app is a preinstalled system app. |
| appTracks | androidManagedStoreAppTrack collection | The tracks that are visible to this enterprise. This property is read-only. |
| supportsOemConfig | Boolean | Whether this app supports OEMConfig policy. This property is read-only. |
Graph reference: androidManagedStoreAppConfiguration
| Property | Type | Description |
|---|---|---|
| id | String | Key of the entity. Inherited from managedDeviceMobileAppConfiguration |
| targetedMobileApps | String collection | the associated app. Inherited from managedDeviceMobileAppConfiguration |
| roleScopeTagIds | String collection | List of Scope Tags for this App configuration entity. Inherited from managedDeviceMobileAppConfiguration |
| createdDateTime | DateTimeOffset | DateTime the object was created. Inherited from managedDeviceMobileAppConfiguration |
| description | String | Admin provided description of the Device Configuration. Inherited from managedDeviceMobileAppConfiguration |
| lastModifiedDateTime | DateTimeOffset | DateTime the object was last modified. Inherited from managedDeviceMobileAppConfiguration |
| displayName | String | Admin provided name of the device configuration. Inherited from managedDeviceMobileAppConfiguration |
| version | Int32 | Version of the device configuration. Inherited from managedDeviceMobileAppConfiguration |
| packageId | String | Android Enterprise app configuration package id. |
| payloadJson | String | Android Enterprise app configuration JSON payload. |
| permissionActions | androidPermissionAction collection | List of Android app permissions and corresponding permission actions. |
| appSupportsOemConfig | Boolean | Whether or not this AppConfig is an OEMConfig policy. This property is read-only. |
| profileApplicability | androidProfileApplicability | Android Enterprise profile applicability (AndroidWorkProfile, DeviceOwner, or default (applies to both)). Possible values are: default, androidWorkProfile, androidDeviceOwner. |
| connectedAppsEnabled | Boolean | Setting to specify whether to allow ConnectedApps experience for this app. |
Graph reference: androidManagedStoreWebApp
| Property | Type | Description |
|---|---|---|
| id | String | Key of the entity. This property is read-only. Inherited from mobileApp |
| displayName | String | The admin provided or imported title of the app. Inherited from mobileApp |
| description | String | The description of the app. Inherited from mobileApp |
| publisher | String | The publisher of the app. Inherited from mobileApp |
| largeIcon | mimeContent | The large icon, to be displayed in the app details and used for upload of the icon. Inherited from mobileApp |
| createdDateTime | DateTimeOffset | The date and time the app was created. This property is read-only. Inherited from mobileApp |
| lastModifiedDateTime | DateTimeOffset | The date and time the app was last modified. This property is read-only. Inherited from mobileApp |
| isFeatured | Boolean | The value indicating whether the app is marked as featured by the admin. Inherited from mobileApp |
| privacyInformationUrl | String | The privacy statement Url. Inherited from mobileApp |
| informationUrl | String | The more information Url. Inherited from mobileApp |
| owner | String | The owner of the app. Inherited from mobileApp |
| developer | String | The developer of the app. Inherited from mobileApp |
| notes | String | Notes for the app. Inherited from mobileApp |
| uploadState | Int32 | The upload state. Possible values are: 0 - Not Ready, 1 - Ready, 2 - Processing. This property is read-only. Inherited from mobileApp |
| publishingState | mobileAppPublishingState | The publishing state for the app. The app cannot be assigned unless the app is published. This property is read-only. Inherited from mobileApp. Possible values are: notPublished, processing, published. |
| isAssigned | Boolean | The value indicating whether the app is assigned to at least one group. This property is read-only. Inherited from mobileApp |
| roleScopeTagIds | String collection | List of scope tag ids for this mobile app. Inherited from mobileApp |
| dependentAppCount | Int32 | The total number of dependencies the child app has. This property is read-only. Inherited from mobileApp |
| supersedingAppCount | Int32 | The total number of apps this app directly or indirectly supersedes. This property is read-only. Inherited from mobileApp |
| supersededAppCount | Int32 | The total number of apps this app is directly or indirectly superseded by. This property is read-only. Inherited from mobileApp |
| packageId | String | The package identifier. This property is read-only. Inherited from androidManagedStoreApp |
| appIdentifier | String | The Identity Name. Inherited from androidManagedStoreApp |
| usedLicenseCount | Int32 | The number of VPP licenses in use. This property is read-only. Inherited from androidManagedStoreApp |
| totalLicenseCount | Int32 | The total number of VPP licenses. This property is read-only. Inherited from androidManagedStoreApp |
| appStoreUrl | String | The Play for Work Store app URL. This property is read-only. Inherited from androidManagedStoreApp |
| isPrivate | Boolean | Indicates whether the app is only available to a given enterprise's users. This property is read-only. Inherited from androidManagedStoreApp |
| isSystemApp | Boolean | Indicates whether the app is a preinstalled system app. Inherited from androidManagedStoreApp |
| appTracks | androidManagedStoreAppTrack collection | The tracks that are visible to this enterprise. This property is read-only. Inherited from androidManagedStoreApp |
| supportsOemConfig | Boolean | Whether this app supports OEMConfig policy. This property is read-only. Inherited from androidManagedStoreApp |
Graph reference: androidStoreApp
| Property | Type | Description |
|---|---|---|
| id | String | Key of the entity. Inherited from mobileApp |
| displayName | String | The admin provided or imported title of the app. Inherited from mobileApp |
| description | String | The description of the app. Inherited from mobileApp |
| publisher | String | The publisher of the app. Inherited from mobileApp |
| largeIcon | mimeContent | The large icon, to be displayed in the app details and used for upload of the icon. Inherited from mobileApp |
| createdDateTime | DateTimeOffset | The date and time the app was created. Inherited from mobileApp |
| lastModifiedDateTime | DateTimeOffset | The date and time the app was last modified. Inherited from mobileApp |
| isFeatured | Boolean | The value indicating whether the app is marked as featured by the admin. Inherited from mobileApp |
| privacyInformationUrl | String | The privacy statement Url. Inherited from mobileApp |
| informationUrl | String | The more information Url. Inherited from mobileApp |
| owner | String | The owner of the app. Inherited from mobileApp |
| developer | String | The developer of the app. Inherited from mobileApp |
| notes | String | Notes for the app. Inherited from mobileApp |
| publishingState | mobileAppPublishingState | The publishing state for the app. The app cannot be assigned unless the app is published. Inherited from mobileApp. Possible values are: notPublished, processing, published. |
| packageId | String | The package identifier. |
| appStoreUrl | String | The Android app store URL. |
| minimumSupportedOperatingSystem | androidMinimumOperatingSystem | The value for the minimum applicable operating system. |
Graph reference: deviceAppManagement
| Property | Type | Description |
|---|---|---|
| id | String | Key of the entity. |
Graph reference: enterpriseCodeSigningCertificate
| Property | Type | Description |
|---|---|---|
| id | String | The unique identifier of the certificate, assigned upon creation. Supports: $filter, $select, $top, $OrderBy, $skip. $Search is not supported. Read-only. |
| content | Binary | The Windows Enterprise Code-Signing Certificate in the raw data format. Set to null once certificate has been uploaded and other properties have been populated. |
| status | certificateStatus | Whether the Certificate Status Provisioned or not Provisioned. Possible values are: notProvisioned, provisioned. Default is notProvisioned. Uploading a valid cert file through the Intune admin console will automatically populate this value in the HTTP response. Supports: $filter, $select, $top, $OrderBy, $skip. $Search is not supported. Possible values are: notProvisioned, provisioned. |
| subjectName | String | The subject name for the cert. This might contain information such as country (C), state or province (S), locality (L), common name of the cert (CN), organization (O), and organizational unit (OU). Uploading a valid cert file through the Intune admin console will automatically populate this value in the HTTP response. Supports: $filter, $select, $top, $OrderBy, $skip. $Search is not supported. |
| subject | String | The subject value for the cert. This might contain information such as country (C), state or province (S), locality (L), common name of the cert (CN), organization (O), and organizational unit (OU). Uploading a valid cert file through the Intune admin console will automatically populate this value in the HTTP response. Supports: $filter, $select, $top, $OrderBy, $skip. $Search is not supported. |
| issuerName | String | The issuer name for the cert. This might contain information such as country (C), state or province (S), locality (L), common name of the cert (CN), organization (O), and organizational unit (OU). Uploading a valid cert file through the Intune admin console will automatically populate this value in the HTTP response. Supports: $filter, $select, $top, $OrderBy, $skip. $Search is not supported. |
| issuer | String | The issuer value for the cert. This might contain information such as country (C), state or province (S), locality (L), common name of the cert (CN), organization (O), and organizational unit (OU). Uploading a valid cert file through the Intune admin console will automatically populate this value in the HTTP response. Supports: $filter, $select, $top, $OrderBy, $skip. $Search is not supported. |
| expirationDateTime | DateTimeOffset | The cert expiration date and time (using ISO 8601 format, in UTC time). Uploading a valid cert file through the Intune admin console will automatically populate this value in the HTTP response. Supports: $filter, $select, $top, $OrderBy, $skip. $Search is not supported. |
| uploadDateTime | DateTimeOffset | The date time of CodeSigning Cert when it is uploaded (using ISO 8601 format, in UTC time). Uploading a valid cert file through the Intune admin console will automatically populate this value in the HTTP response. Supports: $filter, $select, $top, $OrderBy, $skip. $Search is not supported. |
Graph reference: iosiPadOSWebClip
| Property | Type | Description |
|---|---|---|
| id | String | Key of the entity. Inherited from mobileApp |
| displayName | String | The admin provided or imported title of the app. Inherited from mobileApp |
| description | String | The description of the app. Inherited from mobileApp |
| publisher | String | The publisher of the app. Inherited from mobileApp |
| largeIcon | mimeContent | The large icon, to be displayed in the app details and used for upload of the icon. Inherited from mobileApp |
| createdDateTime | DateTimeOffset | The date and time the app was created. Inherited from mobileApp |
| lastModifiedDateTime | DateTimeOffset | The date and time the app was last modified. Inherited from mobileApp |
| isFeatured | Boolean | The value indicating whether the app is marked as featured by the admin. Inherited from mobileApp |
| privacyInformationUrl | String | The privacy statement Url. Inherited from mobileApp |
| informationUrl | String | The more information Url. Inherited from mobileApp |
| owner | String | The owner of the app. Inherited from mobileApp |
| developer | String | The developer of the app. Inherited from mobileApp |
| notes | String | Notes for the app. Inherited from mobileApp |
| publishingState | mobileAppPublishingState | The publishing state for the app. The app cannot be assigned unless the app is published. Inherited from mobileApp. Possible values are: notPublished, processing, published. |
| appUrl | String | Indicates iOS/iPadOS web clip app URL. Example: "https://www.contoso.com" |
| useManagedBrowser | Boolean | Whether or not to use managed browser. When TRUE, the app will be required to be opened in Microsoft Edge. When FALSE, the app will not be required to be opened in Microsoft Edge. By default, this property is set to FALSE. |
Graph reference: iosLobApp
| Property | Type | Description |
|---|---|---|
| id | String | Key of the entity. Inherited from mobileApp |
| displayName | String | The admin provided or imported title of the app. Inherited from mobileApp |
| description | String | The description of the app. Inherited from mobileApp |
| publisher | String | The publisher of the app. Inherited from mobileApp |
| largeIcon | mimeContent | The large icon, to be displayed in the app details and used for upload of the icon. Inherited from mobileApp |
| createdDateTime | DateTimeOffset | The date and time the app was created. Inherited from mobileApp |
| lastModifiedDateTime | DateTimeOffset | The date and time the app was last modified. Inherited from mobileApp |
| isFeatured | Boolean | The value indicating whether the app is marked as featured by the admin. Inherited from mobileApp |
| privacyInformationUrl | String | The privacy statement Url. Inherited from mobileApp |
| informationUrl | String | The more information Url. Inherited from mobileApp |
| owner | String | The owner of the app. Inherited from mobileApp |
| developer | String | The developer of the app. Inherited from mobileApp |
| notes | String | Notes for the app. Inherited from mobileApp |
| publishingState | mobileAppPublishingState | The publishing state for the app. The app cannot be assigned unless the app is published. Inherited from mobileApp. Possible values are: notPublished, processing, published. |
| committedContentVersion | String | The internal committed content version. Inherited from mobileLobApp |
| fileName | String | The name of the main Lob application file. Inherited from mobileLobApp |
| size | Int64 | The total size, including all uploaded files. Inherited from mobileLobApp |
| bundleId | String | The Identity Name. |
| applicableDeviceType | iosDeviceType | The iOS architecture for which this app can run on. |
| minimumSupportedOperatingSystem | iosMinimumOperatingSystem | The value for the minimum applicable operating system. |
| expirationDateTime | DateTimeOffset | The expiration time. |
| versionNumber | String | The version number of iOS Line of Business (LoB) app. |
| buildNumber | String | The build number of iOS Line of Business (LoB) app. |
Graph reference: iosLobAppProvisioningConfiguration
| Property | Type | Description | |
|---|---|---|---|
| id | String | The unique identifier of the LOB app provisioning configuration. This id is assigned during creation of the configuration. Supports: $filter, $select, $top, $OrderBy, $skip. $Search is not supported. Read-only. | |
| expirationDateTime | DateTimeOffset | Optional profile expiration date and time. The Timestamp type represents date and time information using ISO 8601 format and is always in UTC time. For example, midnight UTC on Jan 1, 2014 would look like this: '2014-01-01T00:00:00Z'. Returned by default. | |
| payloadFileName | String | Payload file name (*.mobileprovision | *.xml). |
| payload | Binary | Payload. (UTF8 encoded byte array) | |
| roleScopeTagIds | String collection | List of Scope Tags for this iOS LOB app provisioning configuration entity. | |
| createdDateTime | DateTimeOffset | DateTime the object was created. | |
| description | String | Admin provided description of the Device Configuration. | |
| lastModifiedDateTime | DateTimeOffset | DateTime the object was last modified. | |
| displayName | String | Admin provided name of the device configuration. | |
| version | Int32 | Version of the device configuration. |
Graph reference: iosLobAppProvisioningConfigurationAssignment
| Property | Type | Description |
|---|---|---|
| id | String | Key of the entity. |
| target | deviceAndAppManagementAssignmentTarget | The target group assignment defined by the admin. |
Graph reference: iosMobileAppConfiguration
| Property | Type | Description |
|---|---|---|
| id | String | Key of the entity. Inherited from managedDeviceMobileAppConfiguration |
| targetedMobileApps | String collection | the associated app. Inherited from managedDeviceMobileAppConfiguration |
| createdDateTime | DateTimeOffset | DateTime the object was created. Inherited from managedDeviceMobileAppConfiguration |
| description | String | Admin provided description of the Device Configuration. Inherited from managedDeviceMobileAppConfiguration |
| lastModifiedDateTime | DateTimeOffset | DateTime the object was last modified. Inherited from managedDeviceMobileAppConfiguration |
| displayName | String | Admin provided name of the device configuration. Inherited from managedDeviceMobileAppConfiguration |
| version | Int32 | Version of the device configuration. Inherited from managedDeviceMobileAppConfiguration |
| encodedSettingXml | Binary | mdm app configuration Base64 binary. |
| settings | appConfigurationSettingItem collection | app configuration setting items. |
Graph reference: iosStoreApp
| Property | Type | Description |
|---|---|---|
| id | String | Key of the entity. Inherited from mobileApp |
| displayName | String | The admin provided or imported title of the app. Inherited from mobileApp |
| description | String | The description of the app. Inherited from mobileApp |
| publisher | String | The publisher of the app. Inherited from mobileApp |
| largeIcon | mimeContent | The large icon, to be displayed in the app details and used for upload of the icon. Inherited from mobileApp |
| createdDateTime | DateTimeOffset | The date and time the app was created. Inherited from mobileApp |
| lastModifiedDateTime | DateTimeOffset | The date and time the app was last modified. Inherited from mobileApp |
| isFeatured | Boolean | The value indicating whether the app is marked as featured by the admin. Inherited from mobileApp |
| privacyInformationUrl | String | The privacy statement Url. Inherited from mobileApp |
| informationUrl | String | The more information Url. Inherited from mobileApp |
| owner | String | The owner of the app. Inherited from mobileApp |
| developer | String | The developer of the app. Inherited from mobileApp |
| notes | String | Notes for the app. Inherited from mobileApp |
| publishingState | mobileAppPublishingState | The publishing state for the app. The app cannot be assigned unless the app is published. Inherited from mobileApp. Possible values are: notPublished, processing, published. |
| bundleId | String | The Identity Name. |
| appStoreUrl | String | The Apple App Store URL |
| applicableDeviceType | iosDeviceType | The iOS architecture for which this app can run on. |
| minimumSupportedOperatingSystem | iosMinimumOperatingSystem | The value for the minimum applicable operating system. |
Graph reference: iosVppApp
| Property | Type | Description |
|---|---|---|
| id | String | Key of the entity. Inherited from mobileApp |
| displayName | String | The admin provided or imported title of the app. Inherited from mobileApp |
| description | String | The description of the app. Inherited from mobileApp |
| publisher | String | The publisher of the app. Inherited from mobileApp |
| largeIcon | mimeContent | The large icon, to be displayed in the app details and used for upload of the icon. Inherited from mobileApp |
| createdDateTime | DateTimeOffset | The date and time the app was created. Inherited from mobileApp |
| lastModifiedDateTime | DateTimeOffset | The date and time the app was last modified. Inherited from mobileApp |
| isFeatured | Boolean | The value indicating whether the app is marked as featured by the admin. Inherited from mobileApp |
| privacyInformationUrl | String | The privacy statement Url. Inherited from mobileApp |
| informationUrl | String | The more information Url. Inherited from mobileApp |
| owner | String | The owner of the app. Inherited from mobileApp |
| developer | String | The developer of the app. Inherited from mobileApp |
| notes | String | Notes for the app. Inherited from mobileApp |
| publishingState | mobileAppPublishingState | The publishing state for the app. The app cannot be assigned unless the app is published. Inherited from mobileApp. Possible values are: notPublished, processing, published. |
| usedLicenseCount | Int32 | The number of VPP licenses in use. |
| totalLicenseCount | Int32 | The total number of VPP licenses. |
| releaseDateTime | DateTimeOffset | The VPP application release date and time. |
| appStoreUrl | String | The store URL. |
| licensingType | vppLicensingType | The supported License Type. |
| applicableDeviceType | iosDeviceType | The applicable iOS Device Type. |
| vppTokenOrganizationName | String | The organization associated with the Apple Volume Purchase Program Token |
| vppTokenAccountType | vppTokenAccountType | The type of volume purchase program which the given Apple Volume Purchase Program Token is associated with. Possible values are: business, education. Possible values are: business, education. |
| vppTokenAppleId | String | The Apple Id associated with the given Apple Volume Purchase Program Token. |
| bundleId | String | The Identity Name. |
Graph reference: iosVppAppAssignedDeviceLicense
| Property | Type | Description |
|---|---|---|
| id | String | Key of the entity. This property is read-only. Inherited from iosVppAppAssignedLicense |
| userEmailAddress | String | The user email address. Inherited from iosVppAppAssignedLicense |
| userId | String | The user ID. Inherited from iosVppAppAssignedLicense |
| userName | String | The user name. Inherited from iosVppAppAssignedLicense |
| userPrincipalName | String | The user principal name. Inherited from iosVppAppAssignedLicense |
| managedDeviceId | String | The managed device ID. |
| deviceName | String | The device name. |
Graph reference: iosVppAppAssignedLicense
| Property | Type | Description |
|---|---|---|
| id | String | Key of the entity. This property is read-only. |
| userEmailAddress | String | The user email address. |
| userId | String | The user ID. |
| userName | String | The user name. |
| userPrincipalName | String | The user principal name. |
Graph reference: iosVppAppAssignedUserLicense
| Property | Type | Description |
|---|---|---|
| id | String | Key of the entity. This property is read-only. Inherited from iosVppAppAssignedLicense |
| userEmailAddress | String | The user email address. Inherited from iosVppAppAssignedLicense |
| userId | String | The user ID. Inherited from iosVppAppAssignedLicense |
| userName | String | The user name. Inherited from iosVppAppAssignedLicense |
| userPrincipalName | String | The user principal name. Inherited from iosVppAppAssignedLicense |
Graph reference: macOSDmgApp
| Property | Type | Description |
|---|---|---|
| id | String | Key of the entity. This property is read-only. Inherited from mobileApp |
| displayName | String | The admin provided or imported title of the app. Inherited from mobileApp |
| description | String | The description of the app. Inherited from mobileApp |
| publisher | String | The publisher of the app. Inherited from mobileApp |
| largeIcon | mimeContent | The large icon, to be displayed in the app details and used for upload of the icon. Inherited from mobileApp |
| createdDateTime | DateTimeOffset | The date and time the app was created. This property is read-only. Inherited from mobileApp |
| lastModifiedDateTime | DateTimeOffset | The date and time the app was last modified. This property is read-only. Inherited from mobileApp |
| isFeatured | Boolean | The value indicating whether the app is marked as featured by the admin. Inherited from mobileApp |
| privacyInformationUrl | String | The privacy statement Url. Inherited from mobileApp |
| informationUrl | String | The more information Url. Inherited from mobileApp |
| owner | String | The owner of the app. Inherited from mobileApp |
| developer | String | The developer of the app. Inherited from mobileApp |
| notes | String | Notes for the app. Inherited from mobileApp |
| uploadState | Int32 | The upload state. Possible values are: 0 - Not Ready, 1 - Ready, 2 - Processing. This property is read-only. Inherited from mobileApp |
| publishingState | mobileAppPublishingState | The publishing state for the app. The app cannot be assigned unless the app is published. This property is read-only. Inherited from mobileApp. Possible values are: notPublished, processing, published. |
| isAssigned | Boolean | The value indicating whether the app is assigned to at least one group. This property is read-only. Inherited from mobileApp |
| roleScopeTagIds | String collection | List of scope tag ids for this mobile app. Inherited from mobileApp |
| dependentAppCount | Int32 | The total number of dependencies the child app has. This property is read-only. Inherited from mobileApp |
| supersedingAppCount | Int32 | The total number of apps this app directly or indirectly supersedes. This property is read-only. Inherited from mobileApp |
| supersededAppCount | Int32 | The total number of apps this app is directly or indirectly superseded by. This property is read-only. Inherited from mobileApp |
| committedContentVersion | String | The internal committed content version. Inherited from mobileLobApp |
| fileName | String | The name of the main Lob application file. Inherited from mobileLobApp |
| size | Int64 | The total size, including all uploaded files. This property is read-only. Inherited from mobileLobApp |
| primaryBundleId | String | The bundleId of the primary .app in the DMG (Apple Disk Image). This maps to the CFBundleIdentifier in the app's bundle configuration. |
| primaryBundleVersion | String | The version of the primary .app in the DMG (Apple Disk Image). This maps to the CFBundleShortVersion in the app's bundle configuration. |
| includedApps | macOSIncludedApp collection | The list of .apps expected to be installed by the DMG (Apple Disk Image). This collection can contain a maximum of 500 elements. |
| ignoreVersionDetection | Boolean | When TRUE, indicates that the app's version will NOT be used to detect if the app is installed on a device. When FALSE, indicates that the app's version will be used to detect if the app is installed on a device. Set this to true for apps that use a self update feature. The default value is FALSE. |
| minimumSupportedOperatingSystem | macOSMinimumOperatingSystem | ComplexType macOSMinimumOperatingSystem that indicates the minimum operating system applicable for the application. |
Graph reference: macOSLobApp
| Property | Type | Description |
|---|---|---|
| id | String | Key of the entity. Inherited from mobileApp |
| displayName | String | The admin provided or imported title of the app. Inherited from mobileApp |
| description | String | The description of the app. Inherited from mobileApp |
| publisher | String | The publisher of the app. Inherited from mobileApp |
| largeIcon | mimeContent | The large icon, to be displayed in the app details and used for upload of the icon. Inherited from mobileApp |
| createdDateTime | DateTimeOffset | The date and time the app was created. Inherited from mobileApp |
| lastModifiedDateTime | DateTimeOffset | The date and time the app was last modified. Inherited from mobileApp |
| isFeatured | Boolean | The value indicating whether the app is marked as featured by the admin. Inherited from mobileApp |
| privacyInformationUrl | String | The privacy statement Url. Inherited from mobileApp |
| informationUrl | String | The more information Url. Inherited from mobileApp |
| owner | String | The owner of the app. Inherited from mobileApp |
| developer | String | The developer of the app. Inherited from mobileApp |
| notes | String | Notes for the app. Inherited from mobileApp |
| publishingState | mobileAppPublishingState | The publishing state for the app. The app cannot be assigned unless the app is published. Inherited from mobileApp. Possible values are: notPublished, processing, published. |
| committedContentVersion | String | The internal committed content version. Inherited from mobileLobApp |
| fileName | String | The name of the main Lob application file. Inherited from mobileLobApp |
| size | Int64 | The total size, including all uploaded files. Inherited from mobileLobApp |
| bundleId | String | The primary bundleId of the package. |
| minimumSupportedOperatingSystem | macOSMinimumOperatingSystem | ComplexType macOSMinimumOperatingSystem that indicates the minimum operating system applicable for the application. |
| buildNumber | String | The build number of the package. This should match the package CFBundleShortVersionString of the .pkg file. |
| versionNumber | String | The version number of the package. This should match the package CFBundleVersion in the packageinfo file. |
| childApps | macOSLobChildApp collection | List of ComplexType macOSLobChildApp objects. Represents the apps expected to be installed by the package. |
| md5HashChunkSize | Int32 | The chunk size for MD5 hash. This is '0' or empty if the package was uploaded directly. If the Intune App Wrapping Tool is used to create a .intunemac, this value can be found inside the Detection.xml file. |
| md5Hash | String collection | The MD5 hash codes. This is empty if the package was uploaded directly. If the Intune App Wrapping Tool is used to create a .intunemac, this value can be found inside the Detection.xml file. |
| ignoreVersionDetection | Boolean | When TRUE, indicates that the app's version will NOT be used to detect if the app is installed on a device. When FALSE, indicates that the app's version will be used to detect if the app is installed on a device. Set this to true for apps that use a self update feature. |
| installAsManaged | Boolean | When TRUE, indicates that the app will be installed as managed (requires macOS 11.0 and other managed package restrictions). When FALSE, indicates that the app will be installed as unmanaged. |
Graph reference: macOSMdatpApp
| Property | Type | Description |
|---|---|---|
| id | String | Key of the entity. Inherited from mobileApp |
| displayName | String | The admin provided or imported title of the app. Inherited from mobileApp |
| description | String | The description of the app. Inherited from mobileApp |
| publisher | String | The publisher of the app. Inherited from mobileApp |
| largeIcon | mimeContent | The large icon, to be displayed in the app details and used for upload of the icon. Inherited from mobileApp |
| createdDateTime | DateTimeOffset | The date and time the app was created. Inherited from mobileApp |
| lastModifiedDateTime | DateTimeOffset | The date and time the app was last modified. Inherited from mobileApp |
| isFeatured | Boolean | The value indicating whether the app is marked as featured by the admin. Inherited from mobileApp |
| privacyInformationUrl | String | The privacy statement Url. Inherited from mobileApp |
| informationUrl | String | The more information Url. Inherited from mobileApp |
| owner | String | The owner of the app. Inherited from mobileApp |
| developer | String | The developer of the app. Inherited from mobileApp |
| notes | String | Notes for the app. Inherited from mobileApp |
| uploadState | Int32 | The upload state. Possible values are: 0 - Not Ready, 1 - Ready, 2 - Processing. Inherited from mobileApp |
| publishingState | mobileAppPublishingState | The publishing state for the app. The app cannot be assigned unless the app is published. Inherited from mobileApp. Possible values are: notPublished, processing, published. |
| isAssigned | Boolean | The value indicating whether the app is assigned to at least one group. Inherited from mobileApp |
| roleScopeTagIds | String collection | List of scope tag ids for this mobile app. Inherited from mobileApp |
| dependentAppCount | Int32 | The total number of dependencies the child app has. Inherited from mobileApp |
| supersedingAppCount | Int32 | The total number of apps this app directly or indirectly supersedes. Inherited from mobileApp |
| supersededAppCount | Int32 | The total number of apps this app is directly or indirectly superseded by. Inherited from mobileApp |
Graph reference: macOSMicrosoftDefenderApp
| Property | Type | Description |
|---|---|---|
| id | String | Key of the entity. Inherited from mobileApp |
| displayName | String | The admin provided or imported title of the app. Inherited from mobileApp |
| description | String | The description of the app. Inherited from mobileApp |
| publisher | String | The publisher of the app. Inherited from mobileApp |
| largeIcon | mimeContent | The large icon, to be displayed in the app details and used for upload of the icon. Inherited from mobileApp |
| createdDateTime | DateTimeOffset | The date and time the app was created. Inherited from mobileApp |
| lastModifiedDateTime | DateTimeOffset | The date and time the app was last modified. Inherited from mobileApp |
| isFeatured | Boolean | The value indicating whether the app is marked as featured by the admin. Inherited from mobileApp |
| privacyInformationUrl | String | The privacy statement Url. Inherited from mobileApp |
| informationUrl | String | The more information Url. Inherited from mobileApp |
| owner | String | The owner of the app. Inherited from mobileApp |
| developer | String | The developer of the app. Inherited from mobileApp |
| notes | String | Notes for the app. Inherited from mobileApp |
| publishingState | mobileAppPublishingState | The publishing state for the app. The app cannot be assigned unless the app is published. Inherited from mobileApp. Possible values are: notPublished, processing, published. |
Graph reference: macOSMicrosoftEdgeApp
| Property | Type | Description |
|---|---|---|
| id | String | Key of the entity. Inherited from mobileApp |
| displayName | String | The admin provided or imported title of the app. Inherited from mobileApp |
| description | String | The description of the app. Inherited from mobileApp |
| publisher | String | The publisher of the app. Inherited from mobileApp |
| largeIcon | mimeContent | The large icon, to be displayed in the app details and used for upload of the icon. Inherited from mobileApp |
| createdDateTime | DateTimeOffset | The date and time the app was created. Inherited from mobileApp |
| lastModifiedDateTime | DateTimeOffset | The date and time the app was last modified. Inherited from mobileApp |
| isFeatured | Boolean | The value indicating whether the app is marked as featured by the admin. Inherited from mobileApp |
| privacyInformationUrl | String | The privacy statement Url. Inherited from mobileApp |
| informationUrl | String | The more information Url. Inherited from mobileApp |
| owner | String | The owner of the app. Inherited from mobileApp |
| developer | String | The developer of the app. Inherited from mobileApp |
| notes | String | Notes for the app. Inherited from mobileApp |
| publishingState | mobileAppPublishingState | The publishing state for the app. The app cannot be assigned unless the app is published. Inherited from mobileApp. Possible values are: notPublished, processing, published. |
| channel | microsoftEdgeChannel | The channel to install on target devices. Possible values are: dev, beta, stable, unknownFutureValue. |
Graph reference: macOSOfficeSuiteApp
| Property | Type | Description |
|---|---|---|
| id | String | Key of the entity. Inherited from mobileApp |
| displayName | String | The admin provided or imported title of the app. Inherited from mobileApp |
| description | String | The description of the app. Inherited from mobileApp |
| publisher | String | The publisher of the app. Inherited from mobileApp |
| largeIcon | mimeContent | The large icon, to be displayed in the app details and used for upload of the icon. Inherited from mobileApp |
| createdDateTime | DateTimeOffset | The date and time the app was created. Inherited from mobileApp |
| lastModifiedDateTime | DateTimeOffset | The date and time the app was last modified. Inherited from mobileApp |
| isFeatured | Boolean | The value indicating whether the app is marked as featured by the admin. Inherited from mobileApp |
| privacyInformationUrl | String | The privacy statement Url. Inherited from mobileApp |
| informationUrl | String | The more information Url. Inherited from mobileApp |
| owner | String | The owner of the app. Inherited from mobileApp |
| developer | String | The developer of the app. Inherited from mobileApp |
| notes | String | Notes for the app. Inherited from mobileApp |
| publishingState | mobileAppPublishingState | The publishing state for the app. The app cannot be assigned unless the app is published. Inherited from mobileApp. Possible values are: notPublished, processing, published. |
Graph reference: macOSPkgApp
| Property | Type | Description |
|---|---|---|
| id | String | Key of the entity. This property is read-only. Inherited from mobileApp |
| displayName | String | The admin provided or imported title of the app. Inherited from mobileApp |
| description | String | The description of the app. Inherited from mobileApp |
| publisher | String | The publisher of the app. Inherited from mobileApp |
| largeIcon | mimeContent | The large icon, to be displayed in the app details and used for upload of the icon. Inherited from mobileApp |
| createdDateTime | DateTimeOffset | The date and time the app was created. This property is read-only. Inherited from mobileApp |
| lastModifiedDateTime | DateTimeOffset | The date and time the app was last modified. This property is read-only. Inherited from mobileApp |
| isFeatured | Boolean | The value indicating whether the app is marked as featured by the admin. Inherited from mobileApp |
| privacyInformationUrl | String | The privacy statement Url. Inherited from mobileApp |
| informationUrl | String | The more information Url. Inherited from mobileApp |
| owner | String | The owner of the app. Inherited from mobileApp |
| developer | String | The developer of the app. Inherited from mobileApp |
| notes | String | Notes for the app. Inherited from mobileApp |
| uploadState | Int32 | The upload state. Possible values are: 0 - Not Ready, 1 - Ready, 2 - Processing. This property is read-only. Inherited from mobileApp |
| publishingState | mobileAppPublishingState | The publishing state for the app. The app cannot be assigned unless the app is published. This property is read-only. Inherited from mobileApp. Possible values are: notPublished, processing, published. |
| isAssigned | Boolean | The value indicating whether the app is assigned to at least one group. This property is read-only. Inherited from mobileApp |
| roleScopeTagIds | String collection | List of scope tag ids for this mobile app. Inherited from mobileApp |
| dependentAppCount | Int32 | The total number of dependencies the child app has. This property is read-only. Inherited from mobileApp |
| supersedingAppCount | Int32 | The total number of apps this app directly or indirectly supersedes. This property is read-only. Inherited from mobileApp |
| supersededAppCount | Int32 | The total number of apps this app is directly or indirectly superseded by. This property is read-only. Inherited from mobileApp |
| committedContentVersion | String | The internal committed content version. Inherited from mobileLobApp |
| fileName | String | The name of the main Lob application file. Inherited from mobileLobApp |
| size | Int64 | The total size, including all uploaded files. This property is read-only. Inherited from mobileLobApp |
| primaryBundleId | String | The bundleId of the primary app in the PKG. This maps to the CFBundleIdentifier in the app's bundle configuration. |
| primaryBundleVersion | String | The version of the primary app in the PKG. This maps to the CFBundleShortVersion in the app's bundle configuration. |
| includedApps | macOSIncludedApp collection | The list of apps expected to be installed by the PKG. This collection can contain a maximum of 500 elements. |
| ignoreVersionDetection | Boolean | When TRUE, indicates that the app's version will NOT be used to detect if the app is installed on a device. When FALSE, indicates that the app's version will be used to detect if the app is installed on a device. Set this to true for apps that use a self update feature. The default value is FALSE. |
| minimumSupportedOperatingSystem | macOSMinimumOperatingSystem | ComplexType macOSMinimumOperatingSystem that indicates the minimum operating system applicable for the application. |
| preInstallScript | macOSAppScript | ComplexType macOSAppScript the contains the post-install script for the app. This will execute on the macOS device after the app is installed. |
| postInstallScript | macOSAppScript | ComplexType macOSAppScript the contains the post-install script for the app. This will execute on the macOS device after the app is installed. |
Graph reference: macOsVppApp
| Property | Type | Description |
|---|---|---|
| id | String | Key of the entity. This property is read-only. Inherited from mobileApp |
| displayName | String | The admin provided or imported title of the app. Inherited from mobileApp |
| description | String | The description of the app. Inherited from mobileApp |
| publisher | String | The publisher of the app. Inherited from mobileApp |
| largeIcon | mimeContent | The large icon, to be displayed in the app details and used for upload of the icon. Inherited from mobileApp |
| createdDateTime | DateTimeOffset | The date and time the app was created. This property is read-only. Inherited from mobileApp |
| lastModifiedDateTime | DateTimeOffset | The date and time the app was last modified. This property is read-only. Inherited from mobileApp |
| isFeatured | Boolean | The value indicating whether the app is marked as featured by the admin. Inherited from mobileApp |
| privacyInformationUrl | String | The privacy statement Url. Inherited from mobileApp |
| informationUrl | String | The more information Url. Inherited from mobileApp |
| owner | String | The owner of the app. Inherited from mobileApp |
| developer | String | The developer of the app. Inherited from mobileApp |
| notes | String | Notes for the app. Inherited from mobileApp |
| uploadState | Int32 | The upload state. Possible values are: 0 - Not Ready, 1 - Ready, 2 - Processing. This property is read-only. Inherited from mobileApp |
| publishingState | mobileAppPublishingState | The publishing state for the app. The app cannot be assigned unless the app is published. This property is read-only. Inherited from mobileApp. Possible values are: notPublished, processing, published. |
| isAssigned | Boolean | The value indicating whether the app is assigned to at least one group. This property is read-only. Inherited from mobileApp |
| roleScopeTagIds | String collection | List of scope tag ids for this mobile app. Inherited from mobileApp |
| dependentAppCount | Int32 | The total number of dependencies the child app has. This property is read-only. Inherited from mobileApp |
| supersedingAppCount | Int32 | The total number of apps this app directly or indirectly supersedes. This property is read-only. Inherited from mobileApp |
| supersededAppCount | Int32 | The total number of apps this app is directly or indirectly superseded by. This property is read-only. Inherited from mobileApp |
| usedLicenseCount | Int32 | The number of VPP licenses in use. |
| totalLicenseCount | Int32 | The total number of VPP licenses. |
| releaseDateTime | DateTimeOffset | The VPP application release date and time. |
| appStoreUrl | String | The store URL. |
| licensingType | vppLicensingType | The supported License Type. |
| vppTokenOrganizationName | String | The organization associated with the Apple Volume Purchase Program Token |
| vppTokenAccountType | vppTokenAccountType | The type of volume purchase program which the given Apple Volume Purchase Program Token is associated with. Possible values are: business, education. Possible values are: business, education. |
| vppTokenAppleId | String | The Apple Id associated with the given Apple Volume Purchase Program Token. |
| bundleId | String | The Identity Name. |
| vppTokenId | String | Identifier of the VPP token associated with this app. |
| vppTokenDisplayName | String | Display name of the VPP token associated with this app. |
| revokeLicenseActionResults | macOsVppAppRevokeLicensesActionResult collection | Results of revoke license actions on this app. |
Graph reference: macOsVppAppAssignedLicense
| Property | Type | Description |
|---|---|---|
| id | String | Key of the entity. This property is read-only. |
| userEmailAddress | String | The user email address. |
| userId | String | The user ID. |
| userName | String | The user name. |
| userPrincipalName | String | The user principal name. |
Graph reference: macOSWebClip
| Property | Type | Description |
|---|---|---|
| id | String | Key of the entity. This property is read-only. Inherited from mobileApp |
| displayName | String | The admin provided or imported title of the app. Inherited from mobileApp |
| description | String | The description of the app. Inherited from mobileApp |
| publisher | String | The publisher of the app. Inherited from mobileApp |
| largeIcon | mimeContent | The large icon, to be displayed in the app details and used for upload of the icon. Inherited from mobileApp |
| createdDateTime | DateTimeOffset | The date and time the app was created. This property is read-only. Inherited from mobileApp |
| lastModifiedDateTime | DateTimeOffset | The date and time the app was last modified. This property is read-only. Inherited from mobileApp |
| isFeatured | Boolean | The value indicating whether the app is marked as featured by the admin. Inherited from mobileApp |
| privacyInformationUrl | String | The privacy statement Url. Inherited from mobileApp |
| informationUrl | String | The more information Url. Inherited from mobileApp |
| owner | String | The owner of the app. Inherited from mobileApp |
| developer | String | The developer of the app. Inherited from mobileApp |
| notes | String | Notes for the app. Inherited from mobileApp |
| uploadState | Int32 | The upload state. Possible values are: 0 - Not Ready, 1 - Ready, 2 - Processing. This property is read-only. Inherited from mobileApp |
| publishingState | mobileAppPublishingState | The publishing state for the app. The app cannot be assigned unless the app is published. This property is read-only. Inherited from mobileApp. Possible values are: notPublished, processing, published. |
| isAssigned | Boolean | The value indicating whether the app is assigned to at least one group. This property is read-only. Inherited from mobileApp |
| roleScopeTagIds | String collection | List of scope tag ids for this mobile app. Inherited from mobileApp |
| dependentAppCount | Int32 | The total number of dependencies the child app has. This property is read-only. Inherited from mobileApp |
| supersedingAppCount | Int32 | The total number of apps this app directly or indirectly supersedes. This property is read-only. Inherited from mobileApp |
| supersededAppCount | Int32 | The total number of apps this app is directly or indirectly superseded by. This property is read-only. Inherited from mobileApp |
| appUrl | String | The web app URL starting with http:// or https://, such as https://learn.microsoft.com/mem/.| |
| fullScreenEnabled | Boolean | Whether or not to open the web clip as a full-screen web app. Defaults to false. If TRUE, opens the web clip as a full-screen web app. If FALSE, the web clip opens inside of another app. |
| preComposedIconEnabled | Boolean | Whether or not the icon for the app is precomosed. Defaults to false. If TRUE, prevents SpringBoard from adding "shine" to the icon. If FALSE, SpringBoard can add "shine". |
Graph reference: managedAndroidLobApp
| Property | Type | Description |
|---|---|---|
| id | String | Key of the entity. Inherited from mobileApp |
| displayName | String | The admin provided or imported title of the app. Inherited from mobileApp |
| description | String | The description of the app. Inherited from mobileApp |
| publisher | String | The publisher of the app. Inherited from mobileApp |
| largeIcon | mimeContent | The large icon, to be displayed in the app details and used for upload of the icon. Inherited from mobileApp |
| createdDateTime | DateTimeOffset | The date and time the app was created. Inherited from mobileApp |
| lastModifiedDateTime | DateTimeOffset | The date and time the app was last modified. Inherited from mobileApp |
| isFeatured | Boolean | The value indicating whether the app is marked as featured by the admin. Inherited from mobileApp |
| privacyInformationUrl | String | The privacy statement Url. Inherited from mobileApp |
| informationUrl | String | The more information Url. Inherited from mobileApp |
| owner | String | The owner of the app. Inherited from mobileApp |
| developer | String | The developer of the app. Inherited from mobileApp |
| notes | String | Notes for the app. Inherited from mobileApp |
| publishingState | mobileAppPublishingState | The publishing state for the app. The app cannot be assigned unless the app is published. Inherited from mobileApp. Possible values are: notPublished, processing, published. |
| appAvailability | managedAppAvailability | The Application's availability. Inherited from managedApp. Possible values are: global, lineOfBusiness. |
| version | String | The Application's version. Inherited from managedApp |
| committedContentVersion | String | The internal committed content version. Inherited from managedMobileLobApp |
| fileName | String | The name of the main Lob application file. Inherited from managedMobileLobApp |
| size | Int64 | The total size, including all uploaded files. Inherited from managedMobileLobApp |
| packageId | String | The package identifier. |
| minimumSupportedOperatingSystem | androidMinimumOperatingSystem | The value for the minimum applicable operating system. |
| versionName | String | The version name of managed Android Line of Business (LoB) app. |
| versionCode | String | The version code of managed Android Line of Business (LoB) app. |
Graph reference: managedAndroidStoreApp
| Property | Type | Description |
|---|---|---|
| id | String | Key of the entity. Inherited from mobileApp |
| displayName | String | The admin provided or imported title of the app. Inherited from mobileApp |
| description | String | The description of the app. Inherited from mobileApp |
| publisher | String | The publisher of the app. Inherited from mobileApp |
| largeIcon | mimeContent | The large icon, to be displayed in the app details and used for upload of the icon. Inherited from mobileApp |
| createdDateTime | DateTimeOffset | The date and time the app was created. Inherited from mobileApp |
| lastModifiedDateTime | DateTimeOffset | The date and time the app was last modified. Inherited from mobileApp |
| isFeatured | Boolean | The value indicating whether the app is marked as featured by the admin. Inherited from mobileApp |
| privacyInformationUrl | String | The privacy statement Url. Inherited from mobileApp |
| informationUrl | String | The more information Url. Inherited from mobileApp |
| owner | String | The owner of the app. Inherited from mobileApp |
| developer | String | The developer of the app. Inherited from mobileApp |
| notes | String | Notes for the app. Inherited from mobileApp |
| publishingState | mobileAppPublishingState | The publishing state for the app. The app cannot be assigned unless the app is published. Inherited from mobileApp. Possible values are: notPublished, processing, published. |
| appAvailability | managedAppAvailability | The Application's availability. Inherited from managedApp. Possible values are: global, lineOfBusiness. |
| version | String | The Application's version. Inherited from managedApp |
| packageId | String | The app's package ID. |
| appStoreUrl | String | The Android AppStoreUrl. |
| minimumSupportedOperatingSystem | androidMinimumOperatingSystem | The value for the minimum supported operating system. |
Graph reference: managedApp
| Property | Type | Description |
|---|---|---|
| id | String | Key of the entity. Inherited from mobileApp |
| displayName | String | The admin provided or imported title of the app. Inherited from mobileApp |
| description | String | The description of the app. Inherited from mobileApp |
| publisher | String | The publisher of the app. Inherited from mobileApp |
| largeIcon | mimeContent | The large icon, to be displayed in the app details and used for upload of the icon. Inherited from mobileApp |
| createdDateTime | DateTimeOffset | The date and time the app was created. Inherited from mobileApp |
| lastModifiedDateTime | DateTimeOffset | The date and time the app was last modified. Inherited from mobileApp |
| isFeatured | Boolean | The value indicating whether the app is marked as featured by the admin. Inherited from mobileApp |
| privacyInformationUrl | String | The privacy statement Url. Inherited from mobileApp |
| informationUrl | String | The more information Url. Inherited from mobileApp |
| owner | String | The owner of the app. Inherited from mobileApp |
| developer | String | The developer of the app. Inherited from mobileApp |
| notes | String | Notes for the app. Inherited from mobileApp |
| publishingState | mobileAppPublishingState | The publishing state for the app. The app cannot be assigned unless the app is published. Inherited from mobileApp. Possible values are: notPublished, processing, published. |
| appAvailability | managedAppAvailability | The Application's availability. Possible values are: global, lineOfBusiness. |
| version | String | The Application's version. |
Graph reference: managedDeviceMobileAppConfiguration
| Property | Type | Description |
|---|---|---|
| id | String | Key of the entity. |
| targetedMobileApps | String collection | the associated app. |
| createdDateTime | DateTimeOffset | DateTime the object was created. |
| description | String | Admin provided description of the Device Configuration. |
| lastModifiedDateTime | DateTimeOffset | DateTime the object was last modified. |
| displayName | String | Admin provided name of the device configuration. |
| version | Int32 | Version of the device configuration. |
Graph reference: managedDeviceMobileAppConfigurationAssignment
| Property | Type | Description |
|---|---|---|
| id | String | Unique identifier of the entity. |
| target | deviceAndAppManagementAssignmentTarget | Assignment target that the T&C policy is assigned to. |
Graph reference: managedDeviceMobileAppConfigurationDeviceStatus
| Property | Type | Description |
|---|---|---|
| id | String | Key of the entity. |
| deviceDisplayName | String | Device name of the DevicePolicyStatus. |
| userName | String | The User Name that is being reported |
| deviceModel | String | The device model that is being reported |
| complianceGracePeriodExpirationDateTime | DateTimeOffset | The DateTime when device compliance grace period expires |
| status | complianceStatus | Compliance status of the policy report. Possible values are: unknown, notApplicable, compliant, remediated, nonCompliant, error, conflict, notAssigned. |
| lastReportedDateTime | DateTimeOffset | Last modified date time of the policy report. |
| userPrincipalName | String | UserPrincipalName. |
Graph reference: managedDeviceMobileAppConfigurationDeviceSummary
| Property | Type | Description |
|---|---|---|
| id | String | Key of the entity. |
| pendingCount | Int32 | Number of pending devices |
| notApplicableCount | Int32 | Number of not applicable devices |
| successCount | Int32 | Number of succeeded devices |
| errorCount | Int32 | Number of error devices |
| failedCount | Int32 | Number of failed devices |
| lastUpdateDateTime | DateTimeOffset | Last update time |
| configurationVersion | Int32 | Version of the policy for that overview |
Graph reference: managedDeviceMobileAppConfigurationUserStatus
| Property | Type | Description |
|---|---|---|
| id | String | Key of the entity. |
| userDisplayName | String | User name of the DevicePolicyStatus. |
| devicesCount | Int32 | Devices count for that user. |
| status | complianceStatus | Compliance status of the policy report. Possible values are: unknown, notApplicable, compliant, remediated, nonCompliant, error, conflict, notAssigned. |
| lastReportedDateTime | DateTimeOffset | Last modified date time of the policy report. |
| userPrincipalName | String | UserPrincipalName. |
Graph reference: managedDeviceMobileAppConfigurationUserSummary
| Property | Type | Description |
|---|---|---|
| id | String | Key of the entity. |
| pendingCount | Int32 | Number of pending Users |
| notApplicableCount | Int32 | Number of not applicable users |
| successCount | Int32 | Number of succeeded Users |
| errorCount | Int32 | Number of error Users |
| failedCount | Int32 | Number of failed Users |
| lastUpdateDateTime | DateTimeOffset | Last update time |
| configurationVersion | Int32 | Version of the policy for that overview |
Graph reference: managedIOSLobApp
| Property | Type | Description |
|---|---|---|
| id | String | Key of the entity. Inherited from mobileApp |
| displayName | String | The admin provided or imported title of the app. Inherited from mobileApp |
| description | String | The description of the app. Inherited from mobileApp |
| publisher | String | The publisher of the app. Inherited from mobileApp |
| largeIcon | mimeContent | The large icon, to be displayed in the app details and used for upload of the icon. Inherited from mobileApp |
| createdDateTime | DateTimeOffset | The date and time the app was created. Inherited from mobileApp |
| lastModifiedDateTime | DateTimeOffset | The date and time the app was last modified. Inherited from mobileApp |
| isFeatured | Boolean | The value indicating whether the app is marked as featured by the admin. Inherited from mobileApp |
| privacyInformationUrl | String | The privacy statement Url. Inherited from mobileApp |
| informationUrl | String | The more information Url. Inherited from mobileApp |
| owner | String | The owner of the app. Inherited from mobileApp |
| developer | String | The developer of the app. Inherited from mobileApp |
| notes | String | Notes for the app. Inherited from mobileApp |
| publishingState | mobileAppPublishingState | The publishing state for the app. The app cannot be assigned unless the app is published. Inherited from mobileApp. Possible values are: notPublished, processing, published. |
| appAvailability | managedAppAvailability | The Application's availability. Inherited from managedApp. Possible values are: global, lineOfBusiness. |
| version | String | The Application's version. Inherited from managedApp |
| committedContentVersion | String | The internal committed content version. Inherited from managedMobileLobApp |
| fileName | String | The name of the main Lob application file. Inherited from managedMobileLobApp |
| size | Int64 | The total size, including all uploaded files. Inherited from managedMobileLobApp |
| bundleId | String | The Identity Name. |
| applicableDeviceType | iosDeviceType | The iOS architecture for which this app can run on. |
| minimumSupportedOperatingSystem | iosMinimumOperatingSystem | The value for the minimum applicable operating system. |
| expirationDateTime | DateTimeOffset | The expiration time. |
| versionNumber | String | The version number of managed iOS Line of Business (LoB) app. |
| buildNumber | String | The build number of managed iOS Line of Business (LoB) app. |
Graph reference: managedIOSStoreApp
| Property | Type | Description |
|---|---|---|
| id | String | Key of the entity. Inherited from mobileApp |
| displayName | String | The admin provided or imported title of the app. Inherited from mobileApp |
| description | String | The description of the app. Inherited from mobileApp |
| publisher | String | The publisher of the app. Inherited from mobileApp |
| largeIcon | mimeContent | The large icon, to be displayed in the app details and used for upload of the icon. Inherited from mobileApp |
| createdDateTime | DateTimeOffset | The date and time the app was created. Inherited from mobileApp |
| lastModifiedDateTime | DateTimeOffset | The date and time the app was last modified. Inherited from mobileApp |
| isFeatured | Boolean | The value indicating whether the app is marked as featured by the admin. Inherited from mobileApp |
| privacyInformationUrl | String | The privacy statement Url. Inherited from mobileApp |
| informationUrl | String | The more information Url. Inherited from mobileApp |
| owner | String | The owner of the app. Inherited from mobileApp |
| developer | String | The developer of the app. Inherited from mobileApp |
| notes | String | Notes for the app. Inherited from mobileApp |
| publishingState | mobileAppPublishingState | The publishing state for the app. The app cannot be assigned unless the app is published. Inherited from mobileApp. Possible values are: notPublished, processing, published. |
| appAvailability | managedAppAvailability | The Application's availability. Inherited from managedApp. Possible values are: global, lineOfBusiness. |
| version | String | The Application's version. Inherited from managedApp |
| bundleId | String | The app's Bundle ID. |
| appStoreUrl | String | The Apple AppStoreUrl. |
| applicableDeviceType | iosDeviceType | The iOS architecture for which this app can run on. |
| minimumSupportedOperatingSystem | iosMinimumOperatingSystem | The value for the minimum supported operating system. |
Graph reference: managedMobileLobApp
| Property | Type | Description |
|---|---|---|
| id | String | Key of the entity. Inherited from mobileApp |
| displayName | String | The admin provided or imported title of the app. Inherited from mobileApp |
| description | String | The description of the app. Inherited from mobileApp |
| publisher | String | The publisher of the app. Inherited from mobileApp |
| largeIcon | mimeContent | The large icon, to be displayed in the app details and used for upload of the icon. Inherited from mobileApp |
| createdDateTime | DateTimeOffset | The date and time the app was created. Inherited from mobileApp |
| lastModifiedDateTime | DateTimeOffset | The date and time the app was last modified. Inherited from mobileApp |
| isFeatured | Boolean | The value indicating whether the app is marked as featured by the admin. Inherited from mobileApp |
| privacyInformationUrl | String | The privacy statement Url. Inherited from mobileApp |
| informationUrl | String | The more information Url. Inherited from mobileApp |
| owner | String | The owner of the app. Inherited from mobileApp |
| developer | String | The developer of the app. Inherited from mobileApp |
| notes | String | Notes for the app. Inherited from mobileApp |
| publishingState | mobileAppPublishingState | The publishing state for the app. The app cannot be assigned unless the app is published. Inherited from mobileApp. Possible values are: notPublished, processing, published. |
| appAvailability | managedAppAvailability | The Application's availability. Inherited from managedApp. Possible values are: global, lineOfBusiness. |
| version | String | The Application's version. Inherited from managedApp |
| committedContentVersion | String | The internal committed content version. |
| fileName | String | The name of the main Lob application file. |
| size | Int64 | The total size, including all uploaded files. |
Graph reference: microsoftStoreForBusinessApp
| Property | Type | Description |
|---|---|---|
| id | String | Key of the entity. Inherited from mobileApp |
| displayName | String | The admin provided or imported title of the app. Inherited from mobileApp |
| description | String | The description of the app. Inherited from mobileApp |
| publisher | String | The publisher of the app. Inherited from mobileApp |
| largeIcon | mimeContent | The large icon, to be displayed in the app details and used for upload of the icon. Inherited from mobileApp |
| createdDateTime | DateTimeOffset | The date and time the app was created. Inherited from mobileApp |
| lastModifiedDateTime | DateTimeOffset | The date and time the app was last modified. Inherited from mobileApp |
| isFeatured | Boolean | The value indicating whether the app is marked as featured by the admin. Inherited from mobileApp |
| privacyInformationUrl | String | The privacy statement Url. Inherited from mobileApp |
| informationUrl | String | The more information Url. Inherited from mobileApp |
| owner | String | The owner of the app. Inherited from mobileApp |
| developer | String | The developer of the app. Inherited from mobileApp |
| notes | String | Notes for the app. Inherited from mobileApp |
| publishingState | mobileAppPublishingState | The publishing state for the app. The app cannot be assigned unless the app is published. Inherited from mobileApp. Possible values are: notPublished, processing, published. |
| usedLicenseCount | Int32 | The number of Microsoft Store for Business licenses in use. |
| totalLicenseCount | Int32 | The total number of Microsoft Store for Business licenses. |
| productKey | String | The app product key |
| licenseType | microsoftStoreForBusinessLicenseType | The app license type. Possible values are: offline, online. |
| packageIdentityName | String | The app package identifier |
Graph reference: microsoftStoreForBusinessContainedApp
| Property | Type | Description |
|---|---|---|
| id | String | Key of the entity. This property is read-only. Inherited from mobileContainedApp |
| appUserModelId | String | The app user model ID of the contained app of a MicrosoftStoreForBusinessApp. |
Graph reference: mobileApp
| Property | Type | Description |
|---|---|---|
| id | String | Key of the entity. |
| displayName | String | The admin provided or imported title of the app. |
| description | String | The description of the app. |
| publisher | String | The publisher of the app. |
| largeIcon | mimeContent | The large icon, to be displayed in the app details and used for upload of the icon. |
| createdDateTime | DateTimeOffset | The date and time the app was created. |
| lastModifiedDateTime | DateTimeOffset | The date and time the app was last modified. |
| isFeatured | Boolean | The value indicating whether the app is marked as featured by the admin. |
| privacyInformationUrl | String | The privacy statement Url. |
| informationUrl | String | The more information Url. |
| owner | String | The owner of the app. |
| developer | String | The developer of the app. |
| notes | String | Notes for the app. |
| publishingState | mobileAppPublishingState | The publishing state for the app. The app cannot be assigned unless the app is published. Possible values are: notPublished, processing, published. |
Graph reference: mobileAppAssignment
| Property | Type | Description |
|---|---|---|
| id | String | Key of the entity. |
| intent | installIntent | The install intent defined by the admin. Possible values are: available, required, uninstall, availableWithoutEnrollment. |
| target | deviceAndAppManagementAssignmentTarget | The target group assignment defined by the admin. |
| settings | mobileAppAssignmentSettings | The settings for target assignment defined by the admin. |
Graph reference: mobileAppCategory
| Property | Type | Description |
|---|---|---|
| id | String | The key of the entity. |
| displayName | String | The name of the app category. |
| lastModifiedDateTime | DateTimeOffset | The date and time the mobileAppCategory was last modified. |
Graph reference: mobileAppContent
| Property | Type | Description |
|---|---|---|
| id | String | The app content version. |
Graph reference: mobileAppContentFile
| Property | Type | Description |
|---|---|---|
| azureStorageUri | String | The Azure Storage URI. |
| isCommitted | Boolean | A value indicating whether the file is committed. |
| id | String | The File Id. |
| createdDateTime | DateTimeOffset | The time the file was created. |
| name | String | the file name. |
| size | Int64 | The size of the file prior to encryption. |
| sizeEncrypted | Int64 | The size of the file after encryption. |
| azureStorageUriExpirationDateTime | DateTimeOffset | The time the Azure storage Uri expires. |
| manifest | Binary | The manifest information. |
| uploadState | mobileAppContentFileUploadState | The state of the current upload request. Possible values are: success, transientError, error, unknown, azureStorageUriRequestSuccess, azureStorageUriRequestPending, azureStorageUriRequestFailed, azureStorageUriRequestTimedOut, azureStorageUriRenewalSuccess, azureStorageUriRenewalPending, azureStorageUriRenewalFailed, azureStorageUriRenewalTimedOut, commitFileSuccess, commitFilePending, commitFileFailed, commitFileTimedOut. |
Graph reference: mobileAppDependency
| Property | Type | Description |
|---|---|---|
| id | String | The unique identifier for the mobile app relationship entity. This is assigned at MobileAppRelationship entity creation. For example: 2dbc75b9-e993-4e4d-a071-91ac5a218672_43aaaf35-ce51-4695-9447-5eac6df31161. Read-Only. Returned by default. Supports: $select. Does not support $search, $filter, $orderBy. Inherited from mobileAppRelationship |
| targetId | String | The unique app identifier of the target of the mobile app relationship entity. For example: 2dbc75b9-e993-4e4d-a071-91ac5a218672. Read-Only. Returned by default. Supports: $select. Does not support $search, $filter, $orderBy. Inherited from mobileAppRelationship |
| targetDisplayName | String | The display name of the app that is the target of the mobile app relationship entity. For example: Firefox Setup 52.0.2 32bit.intunewin. Maximum length is 500 characters. Read-Only. Returned by default. Supports: $select. Does not support $search, $filter, $orderBy. This property is read-only. Inherited from mobileAppRelationship |
| targetDisplayVersion | String | The display version of the app that is the target of the mobile app relationship entity. For example 1.0 or 1.2203.156. Read-Only. Returned by default. Supports: $select. Does not support $search, $filter, $orderBy. This property is read-only. Inherited from mobileAppRelationship |
| targetPublisher | String | The publisher of the app that is the target of the mobile app relationship entity. For example: Fabrikam. Maximum length is 500 characters. Read-Only. Returned by default. Supports: $select. Does not support $search, $filter, $orderBy. This property is read-only. Inherited from mobileAppRelationship |
| targetPublisherDisplayName | String | The publisher display name of the app that is the target of the mobile app relationship entity. For example: Fabrikam. Maximum length is 500 characters. Read-Only. Supports: $select. Does not support $search, $filter, $orderBy. This property is read-only. Inherited from mobileAppRelationship |
| sourceId | String | The unique app identifier of the source of the mobile app relationship entity. For example: 2dbc75b9-e993-4e4d-a071-91ac5a218672. If null during relationship creation, then it will be populated with parent Id. Read-Only. Supports: $select. Does not support $search, $filter, $orderBy. This property is read-only. Inherited from mobileAppRelationship |
| sourceDisplayName | String | The display name of the app that is the source of the mobile app relationship entity. For example: Orca. Maximum length is 500 characters. Read-Only. Supports: $select. Does not support $search, $filter, $orderBy. This property is read-only. Inherited from mobileAppRelationship |
| sourceDisplayVersion | String | The display version of the app that is the source of the mobile app relationship entity. For example 1.0.12 or 1.2203.156 or 3. Read-Only. Supports: $select. Does not support $search, $filter, $orderBy. This property is read-only. Inherited from mobileAppRelationship |
| sourcePublisherDisplayName | String | The publisher display name of the app that is the source of the mobile app relationship entity. For example: Fabrikam. Maximum length is 500 characters. Read-Only. Supports: $select. Does not support $search, $filter, $orderBy. This property is read-only. Inherited from mobileAppRelationship |
| targetType | mobileAppRelationshipType | The type of relationship indicating whether the target application of a relationship is a parent or child in the relationship. Possible values are: parent, child. Read-Only. Returned by default. Supports: $select, $filter. Does not support $search, $orderBy. This property is read-only. Inherited from mobileAppRelationship. Possible values are: child, parent, unknownFutureValue. |
| dependencyType | mobileAppDependencyType | The type of dependency relationship between the parent and child apps. Possible values are: detect, autoInstall. Read-Only. Possible values are: detect, autoInstall, unknownFutureValue. |
| dependentAppCount | Int32 | The total number of apps that directly or indirectly depend on the parent app. Read-Only. This property is read-only. |
| dependsOnAppCount | Int32 | The total number of apps the child app directly or indirectly depends on. Read-Only. This property is read-only. |
Graph reference: mobileAppProvisioningConfigGroupAssignment
| Property | Type | Description |
|---|---|---|
| targetGroupId | String | The ID of the AAD group in which the app provisioning configuration is being targeted. |
| id | String | Key of the entity. |
Graph reference: mobileAppPublishingConstraints
| Property | Type | Description |
|---|---|---|
| win32LobAppConstraints | win32LobAppPublishingConstraints | Contains properties for Win32 LOB app publishing constraints. |
Graph reference: mobileAppRelationship
| Property | Type | Description |
|---|---|---|
| id | String | The unique identifier for the mobile app relationship entity. This is assigned at MobileAppRelationship entity creation. For example: 2dbc75b9-e993-4e4d-a071-91ac5a218672_43aaaf35-ce51-4695-9447-5eac6df31161. Read-Only. Returned by default. Supports: $select. Does not support $search, $filter, $orderBy. |
| targetId | String | The unique app identifier of the target of the mobile app relationship entity. For example: 2dbc75b9-e993-4e4d-a071-91ac5a218672. Read-Only. Returned by default. Supports: $select. Does not support $search, $filter, $orderBy. |
| targetDisplayName | String | The display name of the app that is the target of the mobile app relationship entity. For example: Firefox Setup 52.0.2 32bit.intunewin. Maximum length is 500 characters. Read-Only. Returned by default. Supports: $select. Does not support $search, $filter, $orderBy. This property is read-only. |
| targetDisplayVersion | String | The display version of the app that is the target of the mobile app relationship entity. For example 1.0 or 1.2203.156. Read-Only. Returned by default. Supports: $select. Does not support $search, $filter, $orderBy. This property is read-only. |
| targetPublisher | String | The publisher of the app that is the target of the mobile app relationship entity. For example: Fabrikam. Maximum length is 500 characters. Read-Only. Returned by default. Supports: $select. Does not support $search, $filter, $orderBy. This property is read-only. |
| targetPublisherDisplayName | String | The publisher display name of the app that is the target of the mobile app relationship entity. For example: Fabrikam. Maximum length is 500 characters. Read-Only. Supports: $select. Does not support $search, $filter, $orderBy. This property is read-only. |
| sourceId | String | The unique app identifier of the source of the mobile app relationship entity. For example: 2dbc75b9-e993-4e4d-a071-91ac5a218672. If null during relationship creation, then it will be populated with parent Id. Read-Only. Supports: $select. Does not support $search, $filter, $orderBy. This property is read-only. |
| sourceDisplayName | String | The display name of the app that is the source of the mobile app relationship entity. For example: Orca. Maximum length is 500 characters. Read-Only. Supports: $select. Does not support $search, $filter, $orderBy. This property is read-only. |
| sourceDisplayVersion | String | The display version of the app that is the source of the mobile app relationship entity. For example 1.0.12 or 1.2203.156 or 3. Read-Only. Supports: $select. Does not support $search, $filter, $orderBy. This property is read-only. |
| sourcePublisherDisplayName | String | The publisher display name of the app that is the source of the mobile app relationship entity. For example: Fabrikam. Maximum length is 500 characters. Read-Only. Supports: $select. Does not support $search, $filter, $orderBy. This property is read-only. |
| targetType | mobileAppRelationshipType | The type of relationship indicating whether the target application of a relationship is a parent or child in the relationship. Possible values are: parent, child. Read-Only. Returned by default. Supports: $select, $filter. Does not support $search, $orderBy. This property is read-only. Possible values are: child, parent, unknownFutureValue. |
Graph reference: mobileAppSupersedence
| Property | Type | Description |
|---|---|---|
| id | String | The unique identifier for the mobile app relationship entity. This is assigned at MobileAppRelationship entity creation. For example: 2dbc75b9-e993-4e4d-a071-91ac5a218672_43aaaf35-ce51-4695-9447-5eac6df31161. Read-Only. Returned by default. Supports: $select. Does not support $search, $filter, $orderBy. Inherited from mobileAppRelationship |
| targetId | String | The unique app identifier of the target of the mobile app relationship entity. For example: 2dbc75b9-e993-4e4d-a071-91ac5a218672. Read-Only. Returned by default. Supports: $select. Does not support $search, $filter, $orderBy. Inherited from mobileAppRelationship |
| targetDisplayName | String | The display name of the app that is the target of the mobile app relationship entity. For example: Firefox Setup 52.0.2 32bit.intunewin. Maximum length is 500 characters. Read-Only. Returned by default. Supports: $select. Does not support $search, $filter, $orderBy. This property is read-only. Inherited from mobileAppRelationship |
| targetDisplayVersion | String | The display version of the app that is the target of the mobile app relationship entity. For example 1.0 or 1.2203.156. Read-Only. Returned by default. Supports: $select. Does not support $search, $filter, $orderBy. This property is read-only. Inherited from mobileAppRelationship |
| targetPublisher | String | The publisher of the app that is the target of the mobile app relationship entity. For example: Fabrikam. Maximum length is 500 characters. Read-Only. Returned by default. Supports: $select. Does not support $search, $filter, $orderBy. This property is read-only. Inherited from mobileAppRelationship |
| targetPublisherDisplayName | String | The publisher display name of the app that is the target of the mobile app relationship entity. For example: Fabrikam. Maximum length is 500 characters. Read-Only. Supports: $select. Does not support $search, $filter, $orderBy. This property is read-only. Inherited from mobileAppRelationship |
| sourceId | String | The unique app identifier of the source of the mobile app relationship entity. For example: 2dbc75b9-e993-4e4d-a071-91ac5a218672. If null during relationship creation, then it will be populated with parent Id. Read-Only. Supports: $select. Does not support $search, $filter, $orderBy. This property is read-only. Inherited from mobileAppRelationship |
| sourceDisplayName | String | The display name of the app that is the source of the mobile app relationship entity. For example: Orca. Maximum length is 500 characters. Read-Only. Supports: $select. Does not support $search, $filter, $orderBy. This property is read-only. Inherited from mobileAppRelationship |
| sourceDisplayVersion | String | The display version of the app that is the source of the mobile app relationship entity. For example 1.0.12 or 1.2203.156 or 3. Read-Only. Supports: $select. Does not support $search, $filter, $orderBy. This property is read-only. Inherited from mobileAppRelationship |
| sourcePublisherDisplayName | String | The publisher display name of the app that is the source of the mobile app relationship entity. For example: Fabrikam. Maximum length is 500 characters. Read-Only. Supports: $select. Does not support $search, $filter, $orderBy. This property is read-only. Inherited from mobileAppRelationship |
| targetType | mobileAppRelationshipType | The type of relationship indicating whether the target application of a relationship is a parent or child in the relationship. Possible values are: parent, child. Read-Only. Returned by default. Supports: $select, $filter. Does not support $search, $orderBy. This property is read-only. Inherited from mobileAppRelationship. Possible values are: child, parent, unknownFutureValue. |
| supersedenceType | mobileAppSupersedenceType | The supersedence relationship type between the parent and child apps. Possible values are: update, replace. Read-Only. Possible values are: update, replace, unknownFutureValue. |
| supersededAppCount | Int32 | The total number of apps directly or indirectly superseded by the child app. Read-Only. This property is read-only. |
| supersedingAppCount | Int32 | The total number of apps directly or indirectly superseding the parent app. Read-Only. This property is read-only. |
Graph reference: mobileContainedApp
| Property | Type | Description |
|---|---|---|
| id | String | Key of the entity. |
Graph reference: mobileLobApp
| Property | Type | Description |
|---|---|---|
| id | String | Key of the entity. Inherited from mobileApp |
| displayName | String | The admin provided or imported title of the app. Inherited from mobileApp |
| description | String | The description of the app. Inherited from mobileApp |
| publisher | String | The publisher of the app. Inherited from mobileApp |
| largeIcon | mimeContent | The large icon, to be displayed in the app details and used for upload of the icon. Inherited from mobileApp |
| createdDateTime | DateTimeOffset | The date and time the app was created. Inherited from mobileApp |
| lastModifiedDateTime | DateTimeOffset | The date and time the app was last modified. Inherited from mobileApp |
| isFeatured | Boolean | The value indicating whether the app is marked as featured by the admin. Inherited from mobileApp |
| privacyInformationUrl | String | The privacy statement Url. Inherited from mobileApp |
| informationUrl | String | The more information Url. Inherited from mobileApp |
| owner | String | The owner of the app. Inherited from mobileApp |
| developer | String | The developer of the app. Inherited from mobileApp |
| notes | String | Notes for the app. Inherited from mobileApp |
| publishingState | mobileAppPublishingState | The publishing state for the app. The app cannot be assigned unless the app is published. Inherited from mobileApp. Possible values are: notPublished, processing, published. |
| committedContentVersion | String | The internal committed content version. |
| fileName | String | The name of the main Lob application file. |
| size | Int64 | The total size, including all uploaded files. |
Graph reference: officeSuiteApp
| Property | Type | Description |
|---|---|---|
| id | String | Key of the entity. This property is read-only. Inherited from mobileApp |
| displayName | String | The admin provided or imported title of the app. Inherited from mobileApp |
| description | String | The description of the app. Inherited from mobileApp |
| publisher | String | The publisher of the app. Inherited from mobileApp |
| largeIcon | mimeContent | The large icon, to be displayed in the app details and used for upload of the icon. Inherited from mobileApp |
| createdDateTime | DateTimeOffset | The date and time the app was created. This property is read-only. Inherited from mobileApp |
| lastModifiedDateTime | DateTimeOffset | The date and time the app was last modified. This property is read-only. Inherited from mobileApp |
| isFeatured | Boolean | The value indicating whether the app is marked as featured by the admin. Inherited from mobileApp |
| privacyInformationUrl | String | The privacy statement Url. Inherited from mobileApp |
| informationUrl | String | The more information Url. Inherited from mobileApp |
| owner | String | The owner of the app. Inherited from mobileApp |
| developer | String | The developer of the app. Inherited from mobileApp |
| notes | String | Notes for the app. Inherited from mobileApp |
| uploadState | Int32 | The upload state. Possible values are: 0 - Not Ready, 1 - Ready, 2 - Processing. This property is read-only. Inherited from mobileApp |
| publishingState | mobileAppPublishingState | The publishing state for the app. The app cannot be assigned unless the app is published. This property is read-only. Inherited from mobileApp. Possible values are: notPublished, processing, published. |
| isAssigned | Boolean | The value indicating whether the app is assigned to at least one group. This property is read-only. Inherited from mobileApp |
| roleScopeTagIds | String collection | List of scope tag ids for this mobile app. Inherited from mobileApp |
| dependentAppCount | Int32 | The total number of dependencies the child app has. This property is read-only. Inherited from mobileApp |
| supersedingAppCount | Int32 | The total number of apps this app directly or indirectly supersedes. This property is read-only. Inherited from mobileApp |
| supersededAppCount | Int32 | The total number of apps this app is directly or indirectly superseded by. This property is read-only. Inherited from mobileApp |
| autoAcceptEula | Boolean | The value to accept the EULA automatically on the enduser's device. |
| productIds | officeProductId collection | The Product Ids that represent the Office365 Suite SKU. |
| excludedApps | excludedApps | The property to represent the apps which are excluded from the selected Office365 Product Id. |
| useSharedComputerActivation | Boolean | The property to represent that whether the shared computer activation is used not for Office365 app suite. |
| updateChannel | officeUpdateChannel | The property to represent the Office365 Update Channel. Possible values are: none, current, deferred, firstReleaseCurrent, firstReleaseDeferred, monthlyEnterprise. |
| officeSuiteAppDefaultFileFormat | officeSuiteDefaultFileFormatType | The property to represent the Office365 default file format type. Possible values are: notConfigured, officeOpenXMLFormat, officeOpenDocumentFormat, unknownFutureValue. |
| officePlatformArchitecture | windowsArchitecture | The property to represent the Office365 app suite version. Possible values are: none, x86, x64, arm, neutral, arm64. |
| localesToInstall | String collection | The property to represent the locales which are installed when the apps from Office365 is installed. It uses standard RFC 6033. Ref: https://technet.microsoft.com/library/cc179219(v=office.16).aspx| |
| installProgressDisplayLevel | officeSuiteInstallProgressDisplayLevel | To specify the level of display for the Installation Progress Setup UI on the Device. Possible values are: none, full. |
| shouldUninstallOlderVersionsOfOffice | Boolean | The property to determine whether to uninstall existing Office MSI if an Office365 app suite is deployed to the device or not. |
| targetVersion | String | The property to represent the specific target version for the Office365 app suite that should be remained deployed on the devices. |
| updateVersion | String | The property to represent the update version in which the specific target version is available for the Office365 app suite. |
| officeConfigurationXml | Binary | The property to represent the XML configuration file that can be specified for Office ProPlus Apps. Takes precedence over all other properties. When present, the XML configuration file will be used to create the app. |
Graph reference: symantecCodeSigningCertificate
| Property | Type | Description |
|---|---|---|
| id | String | The key of the entity. This property is read-only. |
| content | Binary | The Windows Symantec Code-Signing Certificate in the raw data format. |
| status | certificateStatus | The Cert Status Provisioned or not Provisioned. Possible values are: notProvisioned, provisioned. |
| password | String | The Password required for .pfx file. |
| subjectName | String | The Subject Name for the cert. |
| subject | String | The Subject value for the cert. |
| issuerName | String | The Issuer Name for the cert. |
| issuer | String | The Issuer value for the cert. |
| expirationDateTime | DateTimeOffset | The Cert Expiration Date. |
| uploadDateTime | DateTimeOffset | The Type of the CodeSigning Cert as Symantec Cert. |
Graph reference: webApp
| Property | Type | Description |
|---|---|---|
| id | String | Key of the entity. Inherited from mobileApp |
| displayName | String | The admin provided or imported title of the app. Inherited from mobileApp |
| description | String | The description of the app. Inherited from mobileApp |
| publisher | String | The publisher of the app. Inherited from mobileApp |
| largeIcon | mimeContent | The large icon, to be displayed in the app details and used for upload of the icon. Inherited from mobileApp |
| createdDateTime | DateTimeOffset | The date and time the app was created. Inherited from mobileApp |
| lastModifiedDateTime | DateTimeOffset | The date and time the app was last modified. Inherited from mobileApp |
| isFeatured | Boolean | The value indicating whether the app is marked as featured by the admin. Inherited from mobileApp |
| privacyInformationUrl | String | The privacy statement Url. Inherited from mobileApp |
| informationUrl | String | The more information Url. Inherited from mobileApp |
| owner | String | The owner of the app. Inherited from mobileApp |
| developer | String | The developer of the app. Inherited from mobileApp |
| notes | String | Notes for the app. Inherited from mobileApp |
| publishingState | mobileAppPublishingState | The publishing state for the app. The app cannot be assigned unless the app is published. Inherited from mobileApp. Possible values are: notPublished, processing, published. |
| appUrl | String | The web app URL. This property cannot be PATCHed. |
| useManagedBrowser | Boolean | Whether or not to use managed browser. This property is only applicable for Android and IOS. |
Graph reference: win32LobApp
| Property | Type | Description |
|---|---|---|
| id | String | Key of the entity. Inherited from mobileApp |
| displayName | String | The admin provided or imported title of the app. Inherited from mobileApp |
| description | String | The description of the app. Inherited from mobileApp |
| publisher | String | The publisher of the app. Inherited from mobileApp |
| largeIcon | mimeContent | The large icon, to be displayed in the app details and used for upload of the icon. Inherited from mobileApp |
| createdDateTime | DateTimeOffset | The date and time the app was created. Inherited from mobileApp |
| lastModifiedDateTime | DateTimeOffset | The date and time the app was last modified. Inherited from mobileApp |
| isFeatured | Boolean | The value indicating whether the app is marked as featured by the admin. Inherited from mobileApp |
| privacyInformationUrl | String | The privacy statement Url. Inherited from mobileApp |
| informationUrl | String | The more information Url. Inherited from mobileApp |
| owner | String | The owner of the app. Inherited from mobileApp |
| developer | String | The developer of the app. Inherited from mobileApp |
| notes | String | Notes for the app. Inherited from mobileApp |
| publishingState | mobileAppPublishingState | The publishing state for the app. The app cannot be assigned unless the app is published. Inherited from mobileApp. Possible values are: notPublished, processing, published. |
| committedContentVersion | String | The internal committed content version. Inherited from mobileLobApp |
| fileName | String | The name of the main Lob application file. Inherited from mobileLobApp |
| size | Int64 | The total size, including all uploaded files. Inherited from mobileLobApp |
| installCommandLine | String | The command line to install this app |
| uninstallCommandLine | String | The command line to uninstall this app |
| applicableArchitectures | windowsArchitecture | The Windows architecture(s) for which this app can run on. Possible values are: none, x86, x64, arm, neutral. |
| minimumFreeDiskSpaceInMB | Int32 | The value for the minimum free disk space which is required to install this app. |
| minimumMemoryInMB | Int32 | The value for the minimum physical memory which is required to install this app. |
| minimumNumberOfProcessors | Int32 | The value for the minimum number of processors which is required to install this app. |
| minimumCpuSpeedInMHz | Int32 | The value for the minimum CPU speed which is required to install this app. |
| rules | win32LobAppRule collection | The detection and requirement rules for this app. |
| installExperience | win32LobAppInstallExperience | The install experience for this app. |
| returnCodes | win32LobAppReturnCode collection | The return codes for post installation behavior. |
| msiInformation | win32LobAppMsiInformation | The MSI details if this Win32 app is an MSI app. |
| setupFilePath | String | The relative path of the setup file in the encrypted Win32LobApp package. |
| minimumSupportedWindowsRelease | String | The value for the minimum supported windows release. |
Graph reference: windowsAppX
| Property | Type | Description |
|---|---|---|
| id | String | Key of the entity. Inherited from mobileApp |
| displayName | String | The admin provided or imported title of the app. Inherited from mobileApp |
| description | String | The description of the app. Inherited from mobileApp |
| publisher | String | The publisher of the app. Inherited from mobileApp |
| largeIcon | mimeContent | The large icon, to be displayed in the app details and used for upload of the icon. Inherited from mobileApp |
| createdDateTime | DateTimeOffset | The date and time the app was created. Inherited from mobileApp |
| lastModifiedDateTime | DateTimeOffset | The date and time the app was last modified. Inherited from mobileApp |
| isFeatured | Boolean | The value indicating whether the app is marked as featured by the admin. Inherited from mobileApp |
| privacyInformationUrl | String | The privacy statement Url. Inherited from mobileApp |
| informationUrl | String | The more information Url. Inherited from mobileApp |
| owner | String | The owner of the app. Inherited from mobileApp |
| developer | String | The developer of the app. Inherited from mobileApp |
| notes | String | Notes for the app. Inherited from mobileApp |
| publishingState | mobileAppPublishingState | The publishing state for the app. The app cannot be assigned unless the app is published. Inherited from mobileApp. Possible values are: notPublished, processing, published. |
| committedContentVersion | String | The internal committed content version. Inherited from mobileLobApp |
| fileName | String | The name of the main Lob application file. Inherited from mobileLobApp |
| size | Int64 | The total size, including all uploaded files. Inherited from mobileLobApp |
| applicableArchitectures | windowsArchitecture | The Windows architecture(s) on which this app can run. Possible values are: none, x86, x64, arm, neutral; default value is none. Possible values are: none, x86, x64, arm, neutral. |
| identityName | String | The identity name of the uploaded app package. For example: "Contoso.DemoApp". |
| identityPublisherHash | String | The identity publisher hash of the uploaded app package. This is the hash of the publisher from the manifest. For example: "AB82CD0XYZ". |
| identityResourceIdentifier | String | The identity resource identifier of the uploaded app package. For example: "TestResourceId". |
| isBundle | Boolean | When TRUE, indicates that the app is a bundle. When FALSE, indicates that the app is not a bundle. By default, property is set to FALSE. |
| minimumSupportedOperatingSystem | windowsMinimumOperatingSystem | The value for the minimum applicable operating system. Valid values for a WindowsAppX app include v8_0, v8_1 and v10_0. If the app is a bundle, the minimum supported OS has to be at least v8_1. |
| identityVersion | String | The identity version of the uploaded app package. For example: "1.0.0.0". |
Graph reference: intune-apps-windowsarchitecture
Graph reference: windowsMicrosoftEdgeApp
| Property | Type | Description |
|---|---|---|
| id | String | Key of the entity. Inherited from mobileApp |
| displayName | String | The admin provided or imported title of the app. Inherited from mobileApp |
| description | String | The description of the app. Inherited from mobileApp |
| publisher | String | The publisher of the app. Inherited from mobileApp |
| largeIcon | mimeContent | The large icon, to be displayed in the app details and used for upload of the icon. Inherited from mobileApp |
| createdDateTime | DateTimeOffset | The date and time the app was created. Inherited from mobileApp |
| lastModifiedDateTime | DateTimeOffset | The date and time the app was last modified. Inherited from mobileApp |
| isFeatured | Boolean | The value indicating whether the app is marked as featured by the admin. Inherited from mobileApp |
| privacyInformationUrl | String | The privacy statement Url. Inherited from mobileApp |
| informationUrl | String | The more information Url. Inherited from mobileApp |
| owner | String | The owner of the app. Inherited from mobileApp |
| developer | String | The developer of the app. Inherited from mobileApp |
| notes | String | Notes for the app. Inherited from mobileApp |
| publishingState | mobileAppPublishingState | The publishing state for the app. The app cannot be assigned unless the app is published. Inherited from mobileApp. Possible values are: notPublished, processing, published. |
| channel | microsoftEdgeChannel | The channel to install on target devices. The possible values are dev, beta, and stable. By default, this property is set to dev. Possible values are: dev, beta, stable, unknownFutureValue. |
| displayLanguageLocale | String | The language locale to use when the Edge app displays text to the user. |
Graph reference: windowsMobileMSI
| Property | Type | Description |
|---|---|---|
| id | String | Key of the entity. Inherited from mobileApp |
| displayName | String | The admin provided or imported title of the app. Inherited from mobileApp |
| description | String | The description of the app. Inherited from mobileApp |
| publisher | String | The publisher of the app. Inherited from mobileApp |
| largeIcon | mimeContent | The large icon, to be displayed in the app details and used for upload of the icon. Inherited from mobileApp |
| createdDateTime | DateTimeOffset | The date and time the app was created. Inherited from mobileApp |
| lastModifiedDateTime | DateTimeOffset | The date and time the app was last modified. Inherited from mobileApp |
| isFeatured | Boolean | The value indicating whether the app is marked as featured by the admin. Inherited from mobileApp |
| privacyInformationUrl | String | The privacy statement Url. Inherited from mobileApp |
| informationUrl | String | The more information Url. Inherited from mobileApp |
| owner | String | The owner of the app. Inherited from mobileApp |
| developer | String | The developer of the app. Inherited from mobileApp |
| notes | String | Notes for the app. Inherited from mobileApp |
| publishingState | mobileAppPublishingState | The publishing state for the app. The app cannot be assigned unless the app is published. Inherited from mobileApp. Possible values are: notPublished, processing, published. |
| committedContentVersion | String | The internal committed content version. Inherited from mobileLobApp |
| fileName | String | The name of the main Lob application file. Inherited from mobileLobApp |
| size | Int64 | The total size, including all uploaded files. Inherited from mobileLobApp |
| commandLine | String | The command line. |
| productCode | String | The product code. |
| productVersion | String | The product version of Windows Mobile MSI Line of Business (LoB) app. |
| ignoreVersionDetection | Boolean | A boolean to control whether the app's version will be used to detect the app after it is installed on a device. Set this to true for Windows Mobile MSI Line of Business (LoB) apps that use a self update feature. |
Graph reference: windowsPhone81AppX
| Property | Type | Description |
|---|---|---|
| id | String | Key of the entity. This property is read-only. Inherited from mobileApp |
| displayName | String | The admin provided or imported title of the app. Inherited from mobileApp |
| description | String | The description of the app. Inherited from mobileApp |
| publisher | String | The publisher of the app. Inherited from mobileApp |
| largeIcon | mimeContent | The large icon, to be displayed in the app details and used for upload of the icon. Inherited from mobileApp |
| createdDateTime | DateTimeOffset | The date and time the app was created. This property is read-only. Inherited from mobileApp |
| lastModifiedDateTime | DateTimeOffset | The date and time the app was last modified. This property is read-only. Inherited from mobileApp |
| isFeatured | Boolean | The value indicating whether the app is marked as featured by the admin. Inherited from mobileApp |
| privacyInformationUrl | String | The privacy statement Url. Inherited from mobileApp |
| informationUrl | String | The more information Url. Inherited from mobileApp |
| owner | String | The owner of the app. Inherited from mobileApp |
| developer | String | The developer of the app. Inherited from mobileApp |
| notes | String | Notes for the app. Inherited from mobileApp |
| uploadState | Int32 | The upload state. Possible values are: 0 - Not Ready, 1 - Ready, 2 - Processing. This property is read-only. Inherited from mobileApp |
| publishingState | mobileAppPublishingState | The publishing state for the app. The app cannot be assigned unless the app is published. This property is read-only. Inherited from mobileApp. Possible values are: notPublished, processing, published. |
| isAssigned | Boolean | The value indicating whether the app is assigned to at least one group. This property is read-only. Inherited from mobileApp |
| roleScopeTagIds | String collection | List of scope tag ids for this mobile app. Inherited from mobileApp |
| dependentAppCount | Int32 | The total number of dependencies the child app has. This property is read-only. Inherited from mobileApp |
| supersedingAppCount | Int32 | The total number of apps this app directly or indirectly supersedes. This property is read-only. Inherited from mobileApp |
| supersededAppCount | Int32 | The total number of apps this app is directly or indirectly superseded by. This property is read-only. Inherited from mobileApp |
| committedContentVersion | String | The internal committed content version. Inherited from mobileLobApp |
| fileName | String | The name of the main Lob application file. Inherited from mobileLobApp |
| size | Int64 | The total size, including all uploaded files. This property is read-only. Inherited from mobileLobApp |
| applicableArchitectures | windowsArchitecture | The Windows architecture(s) for which this app can run on. Possible values are: none, x86, x64, arm, neutral, arm64. |
| identityName | String | The Identity Name. |
| identityPublisherHash | String | The Identity Publisher Hash. |
| identityResourceIdentifier | String | The Identity Resource Identifier. |
| minimumSupportedOperatingSystem | windowsMinimumOperatingSystem | The value for the minimum applicable operating system. |
| phoneProductIdentifier | String | The Phone Product Identifier. |
| phonePublisherId | String | The Phone Publisher Id. |
| identityVersion | String | The identity version. |
Graph reference: windowsPhone81AppXBundle
| Property | Type | Description |
|---|---|---|
| id | String | Key of the entity. This property is read-only. Inherited from mobileApp |
| displayName | String | The admin provided or imported title of the app. Inherited from mobileApp |
| description | String | The description of the app. Inherited from mobileApp |
| publisher | String | The publisher of the app. Inherited from mobileApp |
| largeIcon | mimeContent | The large icon, to be displayed in the app details and used for upload of the icon. Inherited from mobileApp |
| createdDateTime | DateTimeOffset | The date and time the app was created. This property is read-only. Inherited from mobileApp |
| lastModifiedDateTime | DateTimeOffset | The date and time the app was last modified. This property is read-only. Inherited from mobileApp |
| isFeatured | Boolean | The value indicating whether the app is marked as featured by the admin. Inherited from mobileApp |
| privacyInformationUrl | String | The privacy statement Url. Inherited from mobileApp |
| informationUrl | String | The more information Url. Inherited from mobileApp |
| owner | String | The owner of the app. Inherited from mobileApp |
| developer | String | The developer of the app. Inherited from mobileApp |
| notes | String | Notes for the app. Inherited from mobileApp |
| uploadState | Int32 | The upload state. Possible values are: 0 - Not Ready, 1 - Ready, 2 - Processing. This property is read-only. Inherited from mobileApp |
| publishingState | mobileAppPublishingState | The publishing state for the app. The app cannot be assigned unless the app is published. This property is read-only. Inherited from mobileApp. Possible values are: notPublished, processing, published. |
| isAssigned | Boolean | The value indicating whether the app is assigned to at least one group. This property is read-only. Inherited from mobileApp |
| roleScopeTagIds | String collection | List of scope tag ids for this mobile app. Inherited from mobileApp |
| dependentAppCount | Int32 | The total number of dependencies the child app has. This property is read-only. Inherited from mobileApp |
| supersedingAppCount | Int32 | The total number of apps this app directly or indirectly supersedes. This property is read-only. Inherited from mobileApp |
| supersededAppCount | Int32 | The total number of apps this app is directly or indirectly superseded by. This property is read-only. Inherited from mobileApp |
| committedContentVersion | String | The internal committed content version. Inherited from mobileLobApp |
| fileName | String | The name of the main Lob application file. Inherited from mobileLobApp |
| size | Int64 | The total size, including all uploaded files. This property is read-only. Inherited from mobileLobApp |
| applicableArchitectures | windowsArchitecture | The Windows architecture(s) for which this app can run on. Inherited from windowsPhone81AppX. Possible values are: none, x86, x64, arm, neutral, arm64. |
| identityName | String | The Identity Name. Inherited from windowsPhone81AppX |
| identityPublisherHash | String | The Identity Publisher Hash. Inherited from windowsPhone81AppX |
| identityResourceIdentifier | String | The Identity Resource Identifier. Inherited from windowsPhone81AppX |
| minimumSupportedOperatingSystem | windowsMinimumOperatingSystem | The value for the minimum applicable operating system. Inherited from windowsPhone81AppX |
| phoneProductIdentifier | String | The Phone Product Identifier. Inherited from windowsPhone81AppX |
| phonePublisherId | String | The Phone Publisher Id. Inherited from windowsPhone81AppX |
| identityVersion | String | The identity version. Inherited from windowsPhone81AppX |
| appXPackageInformationList | windowsPackageInformation collection | The list of AppX Package Information. |
Graph reference: windowsPhone81StoreApp
| Property | Type | Description |
|---|---|---|
| id | String | Key of the entity. This property is read-only. Inherited from mobileApp |
| displayName | String | The admin provided or imported title of the app. Inherited from mobileApp |
| description | String | The description of the app. Inherited from mobileApp |
| publisher | String | The publisher of the app. Inherited from mobileApp |
| largeIcon | mimeContent | The large icon, to be displayed in the app details and used for upload of the icon. Inherited from mobileApp |
| createdDateTime | DateTimeOffset | The date and time the app was created. This property is read-only. Inherited from mobileApp |
| lastModifiedDateTime | DateTimeOffset | The date and time the app was last modified. This property is read-only. Inherited from mobileApp |
| isFeatured | Boolean | The value indicating whether the app is marked as featured by the admin. Inherited from mobileApp |
| privacyInformationUrl | String | The privacy statement Url. Inherited from mobileApp |
| informationUrl | String | The more information Url. Inherited from mobileApp |
| owner | String | The owner of the app. Inherited from mobileApp |
| developer | String | The developer of the app. Inherited from mobileApp |
| notes | String | Notes for the app. Inherited from mobileApp |
| uploadState | Int32 | The upload state. Possible values are: 0 - Not Ready, 1 - Ready, 2 - Processing. This property is read-only. Inherited from mobileApp |
| publishingState | mobileAppPublishingState | The publishing state for the app. The app cannot be assigned unless the app is published. This property is read-only. Inherited from mobileApp. Possible values are: notPublished, processing, published. |
| isAssigned | Boolean | The value indicating whether the app is assigned to at least one group. This property is read-only. Inherited from mobileApp |
| roleScopeTagIds | String collection | List of scope tag ids for this mobile app. Inherited from mobileApp |
| dependentAppCount | Int32 | The total number of dependencies the child app has. This property is read-only. Inherited from mobileApp |
| supersedingAppCount | Int32 | The total number of apps this app directly or indirectly supersedes. This property is read-only. Inherited from mobileApp |
| supersededAppCount | Int32 | The total number of apps this app is directly or indirectly superseded by. This property is read-only. Inherited from mobileApp |
| appStoreUrl | String | The Windows Phone 8.1 app store URL. |
Graph reference: windowsPhoneXAP
| Property | Type | Description |
|---|---|---|
| id | String | Key of the entity. This property is read-only. Inherited from mobileApp |
| displayName | String | The admin provided or imported title of the app. Inherited from mobileApp |
| description | String | The description of the app. Inherited from mobileApp |
| publisher | String | The publisher of the app. Inherited from mobileApp |
| largeIcon | mimeContent | The large icon, to be displayed in the app details and used for upload of the icon. Inherited from mobileApp |
| createdDateTime | DateTimeOffset | The date and time the app was created. This property is read-only. Inherited from mobileApp |
| lastModifiedDateTime | DateTimeOffset | The date and time the app was last modified. This property is read-only. Inherited from mobileApp |
| isFeatured | Boolean | The value indicating whether the app is marked as featured by the admin. Inherited from mobileApp |
| privacyInformationUrl | String | The privacy statement Url. Inherited from mobileApp |
| informationUrl | String | The more information Url. Inherited from mobileApp |
| owner | String | The owner of the app. Inherited from mobileApp |
| developer | String | The developer of the app. Inherited from mobileApp |
| notes | String | Notes for the app. Inherited from mobileApp |
| uploadState | Int32 | The upload state. Possible values are: 0 - Not Ready, 1 - Ready, 2 - Processing. This property is read-only. Inherited from mobileApp |
| publishingState | mobileAppPublishingState | The publishing state for the app. The app cannot be assigned unless the app is published. This property is read-only. Inherited from mobileApp. Possible values are: notPublished, processing, published. |
| isAssigned | Boolean | The value indicating whether the app is assigned to at least one group. This property is read-only. Inherited from mobileApp |
| roleScopeTagIds | String collection | List of scope tag ids for this mobile app. Inherited from mobileApp |
| dependentAppCount | Int32 | The total number of dependencies the child app has. This property is read-only. Inherited from mobileApp |
| supersedingAppCount | Int32 | The total number of apps this app directly or indirectly supersedes. This property is read-only. Inherited from mobileApp |
| supersededAppCount | Int32 | The total number of apps this app is directly or indirectly superseded by. This property is read-only. Inherited from mobileApp |
| committedContentVersion | String | The internal committed content version. Inherited from mobileLobApp |
| fileName | String | The name of the main Lob application file. Inherited from mobileLobApp |
| size | Int64 | The total size, including all uploaded files. This property is read-only. Inherited from mobileLobApp |
| minimumSupportedOperatingSystem | windowsMinimumOperatingSystem | The value for the minimum applicable operating system. |
| productIdentifier | String | The Product Identifier. |
| identityVersion | String | The identity version. |
Graph reference: windowsStoreApp
| Property | Type | Description |
|---|---|---|
| id | String | Key of the entity. This property is read-only. Inherited from mobileApp |
| displayName | String | The admin provided or imported title of the app. Inherited from mobileApp |
| description | String | The description of the app. Inherited from mobileApp |
| publisher | String | The publisher of the app. Inherited from mobileApp |
| largeIcon | mimeContent | The large icon, to be displayed in the app details and used for upload of the icon. Inherited from mobileApp |
| createdDateTime | DateTimeOffset | The date and time the app was created. This property is read-only. Inherited from mobileApp |
| lastModifiedDateTime | DateTimeOffset | The date and time the app was last modified. This property is read-only. Inherited from mobileApp |
| isFeatured | Boolean | The value indicating whether the app is marked as featured by the admin. Inherited from mobileApp |
| privacyInformationUrl | String | The privacy statement Url. Inherited from mobileApp |
| informationUrl | String | The more information Url. Inherited from mobileApp |
| owner | String | The owner of the app. Inherited from mobileApp |
| developer | String | The developer of the app. Inherited from mobileApp |
| notes | String | Notes for the app. Inherited from mobileApp |
| uploadState | Int32 | The upload state. Possible values are: 0 - Not Ready, 1 - Ready, 2 - Processing. This property is read-only. Inherited from mobileApp |
| publishingState | mobileAppPublishingState | The publishing state for the app. The app cannot be assigned unless the app is published. This property is read-only. Inherited from mobileApp. Possible values are: notPublished, processing, published. |
| isAssigned | Boolean | The value indicating whether the app is assigned to at least one group. This property is read-only. Inherited from mobileApp |
| roleScopeTagIds | String collection | List of scope tag ids for this mobile app. Inherited from mobileApp |
| dependentAppCount | Int32 | The total number of dependencies the child app has. This property is read-only. Inherited from mobileApp |
| supersedingAppCount | Int32 | The total number of apps this app directly or indirectly supersedes. This property is read-only. Inherited from mobileApp |
| supersededAppCount | Int32 | The total number of apps this app is directly or indirectly superseded by. This property is read-only. Inherited from mobileApp |
| appStoreUrl | String | The Windows app store URL. |
Graph reference: windowsUniversalAppX
| Property | Type | Description |
|---|---|---|
| id | String | Key of the entity. Inherited from mobileApp |
| displayName | String | The admin provided or imported title of the app. Inherited from mobileApp |
| description | String | The description of the app. Inherited from mobileApp |
| publisher | String | The publisher of the app. Inherited from mobileApp |
| largeIcon | mimeContent | The large icon, to be displayed in the app details and used for upload of the icon. Inherited from mobileApp |
| createdDateTime | DateTimeOffset | The date and time the app was created. Inherited from mobileApp |
| lastModifiedDateTime | DateTimeOffset | The date and time the app was last modified. Inherited from mobileApp |
| isFeatured | Boolean | The value indicating whether the app is marked as featured by the admin. Inherited from mobileApp |
| privacyInformationUrl | String | The privacy statement Url. Inherited from mobileApp |
| informationUrl | String | The more information Url. Inherited from mobileApp |
| owner | String | The owner of the app. Inherited from mobileApp |
| developer | String | The developer of the app. Inherited from mobileApp |
| notes | String | Notes for the app. Inherited from mobileApp |
| publishingState | mobileAppPublishingState | The publishing state for the app. The app cannot be assigned unless the app is published. Inherited from mobileApp. Possible values are: notPublished, processing, published. |
| committedContentVersion | String | The internal committed content version. Inherited from mobileLobApp |
| fileName | String | The name of the main Lob application file. Inherited from mobileLobApp |
| size | Int64 | The total size, including all uploaded files. Inherited from mobileLobApp |
| applicableArchitectures | windowsArchitecture | The Windows architecture(s) for which this app can run on. Possible values are: none, x86, x64, arm, neutral. |
| applicableDeviceTypes | windowsDeviceType | The Windows device type(s) for which this app can run on. Possible values are: none, desktop, mobile, holographic, team. |
| identityName | String | The Identity Name. |
| identityPublisherHash | String | The Identity Publisher Hash. |
| identityResourceIdentifier | String | The Identity Resource Identifier. |
| isBundle | Boolean | Whether or not the app is a bundle. |
| minimumSupportedOperatingSystem | windowsMinimumOperatingSystem | The value for the minimum applicable operating system. |
| identityVersion | String | The identity version. |
Graph reference: windowsUniversalAppXContainedApp
| Property | Type | Description |
|---|---|---|
| id | String | Key of the entity. Inherited from mobileContainedApp |
| appUserModelId | String | The app user model ID of the contained app of a WindowsUniversalAppX app. |
Graph reference: windowsWebApp
| Property | Type | Description |
|---|---|---|
| id | String | Key of the entity. Inherited from mobileApp |
| displayName | String | The admin provided or imported title of the app. Inherited from mobileApp |
| description | String | The description of the app. Inherited from mobileApp |
| publisher | String | The publisher of the app. Inherited from mobileApp |
| largeIcon | mimeContent | The large icon, to be displayed in the app details and used for upload of the icon. Inherited from mobileApp |
| createdDateTime | DateTimeOffset | The date and time the app was created. Inherited from mobileApp |
| lastModifiedDateTime | DateTimeOffset | The date and time the app was last modified. Inherited from mobileApp |
| isFeatured | Boolean | The value indicating whether the app is marked as featured by the admin. Inherited from mobileApp |
| privacyInformationUrl | String | The privacy statement Url. Inherited from mobileApp |
| informationUrl | String | The more information Url. Inherited from mobileApp |
| owner | String | The owner of the app. Inherited from mobileApp |
| developer | String | The developer of the app. Inherited from mobileApp |
| notes | String | Notes for the app. Inherited from mobileApp |
| publishingState | mobileAppPublishingState | The publishing state for the app. The app cannot be assigned unless the app is published. Inherited from mobileApp. Possible values are: notPublished, processing, published. |
| appUrl | String | Indicates the Windows web app URL. Example: "https://www.contoso.com" |
Graph reference: winGetApp
| Property | Type | Description |
|---|---|---|
| id | String | Key of the entity. This property is read-only. Inherited from mobileApp |
| displayName | String | The admin provided or imported title of the app. Inherited from mobileApp |
| description | String | The description of the app. Inherited from mobileApp |
| publisher | String | The publisher of the app. Inherited from mobileApp |
| largeIcon | mimeContent | The large icon, to be displayed in the app details and used for upload of the icon. Inherited from mobileApp |
| createdDateTime | DateTimeOffset | The date and time the app was created. This property is read-only. Inherited from mobileApp |
| lastModifiedDateTime | DateTimeOffset | The date and time the app was last modified. This property is read-only. Inherited from mobileApp |
| isFeatured | Boolean | The value indicating whether the app is marked as featured by the admin. Inherited from mobileApp |
| privacyInformationUrl | String | The privacy statement Url. Inherited from mobileApp |
| informationUrl | String | The more information Url. Inherited from mobileApp |
| owner | String | The owner of the app. Inherited from mobileApp |
| developer | String | The developer of the app. Inherited from mobileApp |
| notes | String | Notes for the app. Inherited from mobileApp |
| uploadState | Int32 | The upload state. Possible values are: 0 - Not Ready, 1 - Ready, 2 - Processing. This property is read-only. Inherited from mobileApp |
| publishingState | mobileAppPublishingState | The publishing state for the app. The app cannot be assigned unless the app is published. This property is read-only. Inherited from mobileApp. Possible values are: notPublished, processing, published. |
| isAssigned | Boolean | The value indicating whether the app is assigned to at least one group. This property is read-only. Inherited from mobileApp |
| roleScopeTagIds | String collection | List of scope tag ids for this mobile app. Inherited from mobileApp |
| dependentAppCount | Int32 | The total number of dependencies the child app has. This property is read-only. Inherited from mobileApp |
| supersedingAppCount | Int32 | The total number of apps this app directly or indirectly supersedes. This property is read-only. Inherited from mobileApp |
| supersededAppCount | Int32 | The total number of apps this app is directly or indirectly superseded by. This property is read-only. Inherited from mobileApp |
| manifestHash | String | Hash of package metadata properties used to validate that the application matches the metadata in the source repository. |
| packageIdentifier | String | The PackageIdentifier from the WinGet source repository REST API. This also maps to the Id when using the WinGet client command line application. Required at creation time, cannot be modified on existing objects. |
| installExperience | winGetAppInstallExperience | The install experience settings associated with this application, which are used to ensure the desired install experiences on the target device are taken into account. This includes the account type (System or User) that actions should be run as on target devices. Required at creation time. |
Graph reference: chromeOSOnboardingSettings
| Property | Type | Description |
|---|---|---|
| id | String | The ChromebookTenant's Id |
| ownerUserPrincipalName | String | The ChromebookTenant's OwnerUserPrincipalName |
| onboardingStatus | onboardingStatus | The ChromebookTenant's OnboardingStatus. Possible values are: unknown, inprogress, onboarded, failed, offboarding, unknownFutureValue. |
| lastModifiedDateTime | DateTimeOffset | The ChromebookTenant's LastModifiedDateTime |
| lastDirectorySyncDateTime | DateTimeOffset | The ChromebookTenant's LastDirectorySyncDateTime |
Graph reference: intune-chromebooksync-chromeosonboardingstatus
Graph reference: cloudCertificationAuthority
| Property | Type | Description |
|---|---|---|
| id | String | The certification authority entity instance identifier, which is a globally unique identifier. Read-only. Supports $select. |
| displayName | String | The certification authority display name the Intune admin console. Read/write. Supports $select and $orderby. |
| description | String | The certification authority description displayed in the Intune admin console. Nullable. Read/write. Returns null if not set. |
| scepServerUrl | String | The SCEP server URL for device SCEP connections to request certificates. Read-only. |
| certificateRevocationListUrl | String | The cloud certification authority's Certificate Revocation List URL that can be used to determine revocation status. Read-only. |
| certificateDownloadUrl | String | The URL to download the certification authority certificate. Read-only. |
| certificationAuthorityIssuerUri | String | The URI of the issuing certification authority of a subordinate certification authority. Returns null if a root certification authority. Nullable. Read-only. |
| ocspResponderUri | String | The Online Certificate Status Protocol (OCSP) responder URI that can be used to determine certificate status. Read-only. |
| certificationAuthorityStatus | cloudCertificationAuthorityStatus | Cloud certification authority current status. Unknown value returned by default if the cloud certification authority status is not known. After cloud certification authorities are created their status is set to active. Cloud certification authorities can be set to paused to stop issuing certificates. Possible values are: unknown, active, paused, signingPending, revoked. Read-only. Supports $filter and $orderby. Possible values are: unknown, active, paused, revoked, signingPending, unknownFutureValue. |
| eTag | String | ETag for optimistic concurrency control. Read/write. |
| lastModifiedDateTime | DateTimeOffset | Last modification date and time of this certification authority entity instance. The DateTimeOffset type represents date and time information using ISO 8601 format and is always in UTC time. For example, midnight UTC on Jan 1, 2014 would look like this: '2014-01-01T00:00:00Z'. Nullable. Read/write. |
| roleScopeTagIds | String collection | List of Scope Tags for this entity instance. Scope tags limit access to an entity instance. Nullable. Read/write. |
| createdDateTime | DateTimeOffset | Creation date of this cloud certification authority entity instance. The DateTimeOffset type represents date and time information using ISO 8601 format and is always in UTC time. For example, midnight UTC on Jan 1, 2014 would look like this: '2014-01-01T00:00:00Z'. Nullable. Read-only. |
| certificationAuthorityIssuerId | String | Issuer (parent) certification authority identifier. Nullable. Read-only. Supports $orderby and $select. |
| issuerCommonName | String | |
| cloudCertificationAuthorityType | cloudCertificationAuthorityType | The certification authority type. rootCertificationAuthority value indicates root certification authorities that be used to create issuing certification authorities. issuingCertificationAuthority value indicates that a certification authority can be used to issue leaf certificates. Possible values are: rootCertificationAuthority, issuingCertificationAuthority, issuingCertificationAuthorityWithExternalRoot. Read-only. Supports $orderby. Possible values are: unknown, rootCertificationAuthority, issuingCertificationAuthority, issuingCertificationAuthorityWithExternalRoot, unknownFutureValue. |
| validityPeriodInYears | Int32 | The certification authority validity period in years configured by admins. |
| validityStartDateTime | DateTimeOffset | The start date time of the validity period of a certification authority certificate. Certificates cannot be used before this date time as they are not yet valid. The DateTimeOffset type represents date and time information using ISO 8601 format and is always in UTC time. For example, midnight UTC on Jan 1, 2014 would look like this: '2014-01-01T00:00:00Z'. Nullable. Read-only. Supports $orderby. |
| validityEndDateTime | DateTimeOffset | The end date time of the validity period of a certification authority certificate. Certificates cannot be used after this date time as they are longer valid. The DateTimeOffset type represents date and time information using ISO 8601 format and is always in UTC time. For example, midnight UTC on Jan 1, 2014 would look like this: '2014-01-01T00:00:00Z'. Nullable. Read-only. Supports $orderby. |
| organizationName | String | The organization name that is used as a distinguished name in the subject name of a certification authority certificate in the form "O= |
| organizationUnit | String | The organization unit name that is used as a distinguished name in the subject name of a certification authority certificate in the form "OU= |
| countryName | String | The country name that is used to compose the subject name of a certification authority certificate in the form "C= |
| stateName | String | The state or province name that is used to compose the subject name of a certification authority certificate in the form "ST= |
| localityName | String | The locality (town, city, etc.) name that is used to compose the subject name of a certification authority certificate in the form "L= |
| certificateKeySize | cloudCertificationAuthorityCertificateKeySize | The configured cryptography and key size in bits used to generate the certification authority certificate. Possible values are: rsa2048, rsa3072, rsa4096, eCP256, eCP256k, eCP384, eCP521. Read-only. Possible values are: unknown, rsa2048, rsa3072, rsa4096, eCP256, eCP256k, eCP384, eCP521, unknownFutureValue. |
| cloudCertificationAuthorityHashingAlgorithm | cloudCertificationAuthorityHashingAlgorithm | Certification authority certificate hashing algorithm. Possible values are: sha256, sha384, sha512. Read-only. Possible values are: unknown, sha256, sha384, sha512, unknownFutureValue. |
| thumbprint | String | Secure Hash Algorithm 1 digest of the certificate that can be used to identify it. Read-only. Supports $select. |
| serialNumber | String | The serial number used to uniquely identify a certificate with its issuing certification authority. Read-only. Supports $select. |
| subjectName | String | The subject name of the certificate. The subject is the target or intended beneficiary of the security being provided, such as a company or government entity. Read-only. Supports $orderby and $select. |
| commonName | String | The common name of the certificate subject name, which must be unique. This property is a relative distinguished name used to compose the certificate subject name. Read-only. Supports $select. |
| certificateSigningRequest | String | The certificate signing request used to create an issuing certification authority with a root certification authority external to Microsoft Cloud PKI. The based-64 encoded certificate signing request can be downloaded through this property. After downloading the certificate signing request, it must be signed by the external root certifcation authority. Read-only. |
| extendedKeyUsages | extendedKeyUsage collection | The certificate extended key usages, which specify the usage capabilities of the certificate. Read-only. |
| versionNumber | Int32 | The certification authority version, which is incremented each time the certification authority is renewed. Read-only. |
| rootCertificateCommonName | String | The common name of the certificate subject name of the certification authority issuer. This property can be used to identify the certification authority that issued the current certification authority. For issuing certification authorities, this is the common name of the certificate subject name of the root certification authority to which it is anchored. For externally signed certification authorities, this is the common name of the certificate subject name of the signing certification authority. For root certification authorities, this is the common name of the certification authority's own certificate subject name. Read-only. |
| keyPlatform | cloudCertificationAuthorityKeyPlatformType | The key platform used to store the certification authority keys. Read-only. Possible values are: unknown, software, hardwareSecurityModule, unknownFutureValue. |
Graph reference: cloudCertificationAuthorityLeafCertificate
| Property | Type | Description |
|---|---|---|
| id | String | The leaf certificate entity instance identifier, which is a randomly-generated globally unique identifier. Read-only. Supports $select. |
| subjectName | String | The subject name of the certificate. The subject is the target or intended beneficiary of the security being provided, such as a user or device. Read-only. Supports $select and $orderby. |
| issuerId | String | The globally unique identifier of the certification authority that issued the leaf certificate. Read-only. |
| issuerName | String | The name of the certification authority that issued the leaf certificate. Read-only. |
| certificateStatus | cloudCertificationAuthorityLeafCertificateStatus | The current status of a certificate. Active value indicates the is in its validity period and not revoked. Revoked value indicates the certificate has been revoked and is no longer valid. Expired value indicates that the validity period of the certificate has lapsed. Possible values are: active, revoked, expired. Read-only. Supports $filter and $orderby. Possible values are: unknown, active, revoked, expired, unknownFutureValue. |
| validityStartDateTime | DateTimeOffset | The start date time of the validity period of a certificate. Certificates cannot be used before this date time as they are not yet valid. The DateTimeOffset type represents date and time information using ISO 8601 format and is always in UTC time. For example, midnight UTC on Jan 1, 2014 would look like this: '2014-01-01T00:00:00Z'. Nullable. Read-only. Supports $orderby. |
| validityEndDateTime | DateTimeOffset | The end date time of the validity period of a certificate. Certificates cannot be used after this date time as they are longer valid. The DateTimeOffset type represents date and time information using ISO 8601 format and is always in UTC time. For example, midnight UTC on Jan 1, 2014 would look like this: '2014-01-01T00:00:00Z'. Nullable. Read-only. Supports $orderby. |
| crlDistributionPointUrl | String | URL to find the relevant Certificate Revocation List for this certificate. Read-only. |
| certificationAuthorityIssuerUri | String | The URI of the certification authority that issued the certificate. Read-only. |
| ocspResponderUri | String | The Online Certificate Status Protocol (OCSP) responder URI that can be used to determine certificate status. Read-only. |
| thumbprint | String | Secure Hash Algorithm 1 digest of the certificate that can be used to identify it. Read-only. Supports $select. |
| serialNumber | String | The serial number used to uniquely identify a certificate with its issuing certification authority. Read-only. Supports $select. |
| revocationDateTime | DateTimeOffset | The date and time a certificate was revoked. If the certificate was not revoked, this will be null. The DateTimeOffset type represents date and time information using ISO 8601 format and is always in UTC time. For example, midnight UTC on Jan 1, 2014 would look like this: '2014-01-01T00:00:00Z'. Nullable. Read-only. |
| deviceName | String | Name of the device for which the certificate was created. Read-only. Supports $select. |
| userPrincipalName | String | User principal name of the user for which the certificate was created. Null for userless devices. Nullable. Read-only. Supports $select. |
| deviceId | String | The unique identifier of the managed device for which the certificate was created. This ID is assigned at device enrollment time. Read-only. Supports $select. |
| userId | String | The unique identifier of the user for which the certificate was created. Null for userless devices. This is an Intune user ID. Nullable. Read-only. Supports $select. |
| devicePlatform | String | The platform of the device for which the certificate was created. Possible values are: Android, AndroidForWork, iOS, MacOS, WindowsPhone81, Windows81AndLater, Windows10AndLater, AndroidWorkProfile, Unknown, AndroidAOSP, AndroidMobileApplicationManagement, iOSMobileApplicationManagement. Default value: Unknown. Read-only. Supports $select. |
| keyUsages | String collection | Certificate extensions that define the purpose of the public key contained in a certificate. For example possible values are "Key Encipherment" and "Digital Signature". Read-only. Nullable. |
| extendedKeyUsages | String collection | Certificate extensions that further define the purpose of the public key contained in a certificate. Data is formatted as a comma-separated list of object identifiers (OID). For example a possible value is "1.3.6.1.5.5.7.3.2". Read-only. Nullable. |
Graph reference: intune-cloudpkigraphservice-cloudcertificationauthoritystatus
Graph reference: deviceManagementReports
| Property | Type | Description |
|---|---|---|
| id | String | Required Graph property |
Graph reference: trustChainCertificate
| Property | Type | Description |
|---|---|---|
| displayName | String | The trust chain certificate display name that provides a user-friendly way to identify a certificate in a trust chain. |
| certificate | String | The trust chain certificate in base 64 encoded form. |
Graph reference: advancedThreatProtectionOnboardingDeviceSettingState
| Property | Type | Description |
|---|---|---|
| id | String | Key of the entity |
| platformType | deviceType | Device platform type. Possible values are: desktop, windowsRT, winMO6, nokia, windowsPhone, mac, winCE, winEmbedded, iPhone, iPad, iPod, android, iSocConsumer, unix, macMDM, holoLens, surfaceHub, androidForWork, androidEnterprise, windows10x, androidnGMS, chromeOS, linux, blackberry, palm, unknown, cloudPC. |
| setting | String | The setting class name and property name. |
| settingName | String | The Setting Name that is being reported |
| deviceId | String | The Device Id that is being reported |
| deviceName | String | The Device Name that is being reported |
| userId | String | The user Id that is being reported |
| userEmail | String | The User email address that is being reported |
| userName | String | The User Name that is being reported |
| userPrincipalName | String | The User PrincipalName that is being reported |
| deviceModel | String | The device model that is being reported |
| state | complianceStatus | The compliance state of the setting. Possible values are: unknown, notApplicable, compliant, remediated, nonCompliant, error, conflict, notAssigned. |
| complianceGracePeriodExpirationDateTime | DateTimeOffset | The DateTime when device compliance grace period expires |
Graph reference: advancedThreatProtectionOnboardingStateSummary
| Property | Type | Description |
|---|---|---|
| id | String | Unique Identifier |
| unknownDeviceCount | Int32 | Number of unknown devices |
| notApplicableDeviceCount | Int32 | Number of not applicable devices |
| compliantDeviceCount | Int32 | Number of compliant devices |
| remediatedDeviceCount | Int32 | Number of remediated devices |
| nonCompliantDeviceCount | Int32 | Number of NonCompliant devices |
| errorDeviceCount | Int32 | Number of error devices |
| conflictDeviceCount | Int32 | Number of conflict devices |
| notAssignedDeviceCount | Int32 | Number of not assigned devices |
Graph reference: androidCertificateProfileBase
| Property | Type | Description |
|---|---|---|
| id | String | Key of the entity. Inherited from deviceConfiguration |
| lastModifiedDateTime | DateTimeOffset | DateTime the object was last modified. Inherited from deviceConfiguration |
| roleScopeTagIds | String collection | List of Scope Tags for this Entity instance. Inherited from deviceConfiguration |
| supportsScopeTags | Boolean | Indicates whether or not the underlying Device Configuration supports the assignment of scope tags. Assigning to the ScopeTags property is not allowed when this value is false and entities will not be visible to scoped users. This occurs for Legacy policies created in Silverlight and can be resolved by deleting and recreating the policy in the Azure Portal. This property is read-only. Inherited from deviceConfiguration |
| deviceManagementApplicabilityRuleOsEdition | deviceManagementApplicabilityRuleOsEdition | The OS edition applicability for this Policy. Inherited from deviceConfiguration |
| deviceManagementApplicabilityRuleOsVersion | deviceManagementApplicabilityRuleOsVersion | The OS version applicability rule for this Policy. Inherited from deviceConfiguration |
| deviceManagementApplicabilityRuleDeviceMode | deviceManagementApplicabilityRuleDeviceMode | The device mode applicability rule for this Policy. Inherited from deviceConfiguration |
| createdDateTime | DateTimeOffset | DateTime the object was created. Inherited from deviceConfiguration |
| description | String | Admin provided description of the Device Configuration. Inherited from deviceConfiguration |
| displayName | String | Admin provided name of the device configuration. Inherited from deviceConfiguration |
| version | Int32 | Version of the device configuration. Inherited from deviceConfiguration |
| renewalThresholdPercentage | Int32 | Certificate renewal threshold percentage. Valid values 1 to 99 |
| subjectNameFormat | subjectNameFormat | Certificate Subject Name Format. Possible values are: commonName, commonNameIncludingEmail, commonNameAsEmail, custom, commonNameAsIMEI, commonNameAsSerialNumber, commonNameAsAadDeviceId, commonNameAsIntuneDeviceId, commonNameAsDurableDeviceId. |
| subjectAlternativeNameType | subjectAlternativeNameType | Certificate Subject Alternative Name Type. Possible values are: none, emailAddress, userPrincipalName, customAzureADAttribute, domainNameService, universalResourceIdentifier. |
| certificateValidityPeriodValue | Int32 | Value for the Certificate Validity Period. |
| certificateValidityPeriodScale | certificateValidityPeriodScale | Scale for the Certificate Validity Period. Possible values are: days, months, years. |
| extendedKeyUsages | extendedKeyUsage collection | Extended Key Usage (EKU) settings. This collection can contain a maximum of 500 elements. |
Graph reference: androidCompliancePolicy
| Property | Type | Description |
|---|---|---|
| id | String | Key of the entity. Inherited from deviceCompliancePolicy |
| createdDateTime | DateTimeOffset | DateTime the object was created. Inherited from deviceCompliancePolicy |
| description | String | Admin provided description of the Device Configuration. Inherited from deviceCompliancePolicy |
| lastModifiedDateTime | DateTimeOffset | DateTime the object was last modified. Inherited from deviceCompliancePolicy |
| displayName | String | Admin provided name of the device configuration. Inherited from deviceCompliancePolicy |
| version | Int32 | Version of the device configuration. Inherited from deviceCompliancePolicy |
| passwordRequired | Boolean | Require a password to unlock device. |
| passwordMinimumLength | Int32 | Minimum password length. Valid values 4 to 16 |
| passwordRequiredType | androidRequiredPasswordType | Type of characters in password. Possible values are: deviceDefault, alphabetic, alphanumeric, alphanumericWithSymbols, lowSecurityBiometric, numeric, numericComplex, any. |
| passwordMinutesOfInactivityBeforeLock | Int32 | Minutes of inactivity before a password is required. |
| passwordExpirationDays | Int32 | Number of days before the password expires. Valid values 1 to 365 |
| passwordPreviousPasswordBlockCount | Int32 | Number of previous passwords to block. Valid values 1 to 24 |
| securityPreventInstallAppsFromUnknownSources | Boolean | Require that devices disallow installation of apps from unknown sources. |
| securityDisableUsbDebugging | Boolean | Disable USB debugging on Android devices. |
| securityRequireVerifyApps | Boolean | Require the Android Verify apps feature is turned on. |
| deviceThreatProtectionEnabled | Boolean | Require that devices have enabled device threat protection. |
| deviceThreatProtectionRequiredSecurityLevel | deviceThreatProtectionLevel | Require Mobile Threat Protection minimum risk level to report noncompliance. Possible values are: unavailable, secured, low, medium, high, notSet. |
| securityBlockJailbrokenDevices | Boolean | Devices must not be jailbroken or rooted. |
| osMinimumVersion | String | Minimum Android version. |
| osMaximumVersion | String | Maximum Android version. |
| minAndroidSecurityPatchLevel | String | Minimum Android security patch level. |
| storageRequireEncryption | Boolean | Require encryption on Android devices. |
| securityRequireSafetyNetAttestationBasicIntegrity | Boolean | Require the device to pass the SafetyNet basic integrity check. |
| securityRequireSafetyNetAttestationCertifiedDevice | Boolean | Require the device to pass the SafetyNet certified device check. |
| securityRequireGooglePlayServices | Boolean | Require Google Play Services to be installed and enabled on the device. |
| securityRequireUpToDateSecurityProviders | Boolean | Require the device to have up to date security providers. The device will require Google Play Services to be enabled and up to date. |
| securityRequireCompanyPortalAppIntegrity | Boolean | Require the device to pass the Company Portal client app runtime integrity check. |
Graph reference: androidCustomConfiguration
| Property | Type | Description |
|---|---|---|
| id | String | Key of the entity. Inherited from deviceConfiguration |
| lastModifiedDateTime | DateTimeOffset | DateTime the object was last modified. Inherited from deviceConfiguration |
| createdDateTime | DateTimeOffset | DateTime the object was created. Inherited from deviceConfiguration |
| description | String | Admin provided description of the Device Configuration. Inherited from deviceConfiguration |
| displayName | String | Admin provided name of the device configuration. Inherited from deviceConfiguration |
| version | Int32 | Version of the device configuration. Inherited from deviceConfiguration |
| omaSettings | omaSetting collection | OMA settings. This collection can contain a maximum of 1000 elements. |
Graph reference: androidDeviceOwnerCertificateProfileBase
| Property | Type | Description |
|---|---|---|
| id | String | Key of the entity. Inherited from deviceConfiguration |
| lastModifiedDateTime | DateTimeOffset | DateTime the object was last modified. Inherited from deviceConfiguration |
| roleScopeTagIds | String collection | List of Scope Tags for this Entity instance. Inherited from deviceConfiguration |
| supportsScopeTags | Boolean | Indicates whether or not the underlying Device Configuration supports the assignment of scope tags. Assigning to the ScopeTags property is not allowed when this value is false and entities will not be visible to scoped users. This occurs for Legacy policies created in Silverlight and can be resolved by deleting and recreating the policy in the Azure Portal. This property is read-only. Inherited from deviceConfiguration |
| deviceManagementApplicabilityRuleOsEdition | deviceManagementApplicabilityRuleOsEdition | The OS edition applicability for this Policy. Inherited from deviceConfiguration |
| deviceManagementApplicabilityRuleOsVersion | deviceManagementApplicabilityRuleOsVersion | The OS version applicability rule for this Policy. Inherited from deviceConfiguration |
| deviceManagementApplicabilityRuleDeviceMode | deviceManagementApplicabilityRuleDeviceMode | The device mode applicability rule for this Policy. Inherited from deviceConfiguration |
| createdDateTime | DateTimeOffset | DateTime the object was created. Inherited from deviceConfiguration |
| description | String | Admin provided description of the Device Configuration. Inherited from deviceConfiguration |
| displayName | String | Admin provided name of the device configuration. Inherited from deviceConfiguration |
| version | Int32 | Version of the device configuration. Inherited from deviceConfiguration |
| renewalThresholdPercentage | Int32 | Certificate renewal threshold percentage. Valid values 1 to 99 |
| subjectNameFormat | subjectNameFormat | Certificate Subject Name Format. Possible values are: commonName, commonNameIncludingEmail, commonNameAsEmail, custom, commonNameAsIMEI, commonNameAsSerialNumber, commonNameAsAadDeviceId, commonNameAsIntuneDeviceId, commonNameAsDurableDeviceId. |
| certificateValidityPeriodValue | Int32 | Value for the Certificate Validity Period. |
| certificateValidityPeriodScale | certificateValidityPeriodScale | Scale for the Certificate Validity Period. Possible values are: days, months, years. |
| extendedKeyUsages | extendedKeyUsage collection | Extended Key Usage (EKU) settings. This collection can contain a maximum of 500 elements. |
| subjectAlternativeNameType | subjectAlternativeNameType | Certificate Subject Alternative Name Type. Possible values are: none, emailAddress, userPrincipalName, customAzureADAttribute, domainNameService, universalResourceIdentifier. |
Graph reference: androidDeviceOwnerCompliancePolicy
| Property | Type | Description |
|---|---|---|
| roleScopeTagIds | String collection | List of Scope Tags for this Entity instance. Inherited from deviceCompliancePolicy |
| id | String | Key of the entity. Inherited from deviceCompliancePolicy |
| createdDateTime | DateTimeOffset | DateTime the object was created. Inherited from deviceCompliancePolicy |
| description | String | Admin provided description of the Device Configuration. Inherited from deviceCompliancePolicy |
| lastModifiedDateTime | DateTimeOffset | DateTime the object was last modified. Inherited from deviceCompliancePolicy |
| displayName | String | Admin provided name of the device configuration. Inherited from deviceCompliancePolicy |
| version | Int32 | Version of the device configuration. Inherited from deviceCompliancePolicy |
| deviceThreatProtectionEnabled | Boolean | Indicates whether the policy requires devices have device threat protection enabled. When TRUE, threat protection is enabled. When FALSE, threat protection is not enabled. Default is FALSE. |
| deviceThreatProtectionRequiredSecurityLevel | deviceThreatProtectionLevel | Indicates the minimum mobile threat protection risk level to that results in Intune reporting device noncompliance. Possible values are: unavailable, secured, low, medium, high, notSet. Possible values are: unavailable, secured, low, medium, high, notSet. |
| advancedThreatProtectionRequiredSecurityLevel | deviceThreatProtectionLevel | Indicates the Microsoft Defender for Endpoint (also referred to Microsoft Defender Advanced Threat Protection (MDATP)) minimum risk level to report noncompliance. Possible values are: unavailable, secured, low, medium, high, notSet. Possible values are: unavailable, secured, low, medium, high, notSet. |
| securityBlockJailbrokenDevices | Boolean | Indicates the device should not be rooted. When TRUE, if the device is detected as rooted it will be reported non-compliant. When FALSE, the device is not reported as non-compliant regardless of device rooted state. Default is FALSE. |
| securityRequireSafetyNetAttestationBasicIntegrity | Boolean | Indicates whether the compliance check will validate the Google Play Integrity check. When TRUE, the Google Play integrity basic check must pass to consider the device compliant. When FALSE, the Google Play integrity basic check can pass or fail and the device will be considered compliant. Default is FALSE. |
| securityRequireSafetyNetAttestationCertifiedDevice | Boolean | Indicates whether the compliance check will validate the Google Play Integrity check. When TRUE, the Google Play integrity device check must pass to consider the device compliant. When FALSE, the Google Play integrity device check can pass or fail and the device will be considered compliant. Default is FALSE. |
| osMinimumVersion | String | Indicates the minimum Android version required to mark the device as compliant. For example: "14" |
| osMaximumVersion | String | Indicates the maximum Android version required to mark the device as compliant. For example: "15" |
| minAndroidSecurityPatchLevel | String | Indicates the minimum Android security patch level required to mark the device as compliant. For example: "February 1, 2025" |
| passwordRequired | Boolean | Indicates whether a password is required to unlock the device. When TRUE, there must be a password set that unlocks the device for the device to be marked as compliant. When FALSE, a device is marked as compliant whether or not a password is set as required to unlock the device. Default is FALSE. |
| passwordMinimumLength | Int32 | Indicates the minimum password length required to mark the device as compliant. Valid values are 4 to 16, inclusive. Valid values 4 to 16 |
| passwordMinimumLetterCharacters | Int32 | Indicates the minimum number of letter characters required for device password for the device to be marked compliant. Valid values 1 to 16. |
| passwordMinimumLowerCaseCharacters | Int32 | Indicates the minimum number of lower case characters required for device password for the device to be marked compliant. Valid values 1 to 16. |
| passwordMinimumNonLetterCharacters | Int32 | Indicates the minimum number of non-letter characters required for device password for the device to be marked compliant. Valid values 1 to 16. |
| passwordMinimumNumericCharacters | Int32 | Indicates the minimum number of numeric characters required for device password for the device to be marked compliant. Valid values 1 to 16. |
| passwordMinimumSymbolCharacters | Int32 | Indicates the minimum number of symbol characters required for device password for the device to be marked compliant. Valid values 1 to 16. |
| passwordMinimumUpperCaseCharacters | Int32 | Indicates the minimum number of upper case letter characters required for device password for the device to be marked compliant. Valid values 1 to 16. |
| passwordRequiredType | androidDeviceOwnerRequiredPasswordType | Indicates the password complexity requirement for the device to be marked compliant. Possible values are: deviceDefault, required, numeric, numericComplex, alphabetic, alphanumeric, alphanumericWithSymbols, lowSecurityBiometric, customPassword. Possible values are: deviceDefault, required, numeric, numericComplex, alphabetic, alphanumeric, alphanumericWithSymbols, lowSecurityBiometric, customPassword. |
| passwordMinutesOfInactivityBeforeLock | Int32 | Indicates the number of minutes of inactivity before a password is required. |
| passwordExpirationDays | Int32 | Indicates the number of days before the password expires. Valid values 1 to 365. |
| passwordPreviousPasswordCountToBlock | Int32 | Indicates the number of previous passwords to block. Valid values 1 to 24. |
| storageRequireEncryption | Boolean | Indicates whether encryption on Android devices is required to mark the device as compliant. |
| securityRequireIntuneAppIntegrity | Boolean | Indicates whether Intune application integrity is required to mark the device as compliant. When TRUE, Intune checks that the Intune app installed on fully managed, dedicated, or corporate-owned work profile Android Enterprise enrolled devices, is the one provided by Microsoft from the Managed Google Play store. If the check fails, the device will be reported as non-compliant. Default is FALSE. |
| requireNoPendingSystemUpdates | Boolean | Indicates whether the device has pending security or OS updates and sets the compliance state accordingly. When TRUE, checks if there are any pending system updates on each check in and if there are any pending security or OS version updates (System Updates), the device will be reported as non-compliant. If set to FALSE, then checks for any pending security or OS version updates (System Updates) are done without impact to device compliance state. Default is FALSE. |
| securityRequiredAndroidSafetyNetEvaluationType | androidSafetyNetEvaluationType | Indicates the types of measurements and reference data used to evaluate the device SafetyNet evaluation. Evaluation is completed on the device to assess device integrity based on checks defined by Android and built into the device hardware, for example, compromised OS version or root detection. Possible values are: basic, hardwareBacked, with default value of basic. Possible values are: basic, hardwareBacked. |
Graph reference: androidDeviceOwnerDerivedCredentialAuthenticationConfiguration
| Property | Type | Description |
|---|---|---|
| id | String | Key of the entity. Inherited from deviceConfiguration |
| lastModifiedDateTime | DateTimeOffset | DateTime the object was last modified. Inherited from deviceConfiguration |
| roleScopeTagIds | String collection | List of Scope Tags for this Entity instance. Inherited from deviceConfiguration |
| supportsScopeTags | Boolean | Indicates whether or not the underlying Device Configuration supports the assignment of scope tags. Assigning to the ScopeTags property is not allowed when this value is false and entities will not be visible to scoped users. This occurs for Legacy policies created in Silverlight and can be resolved by deleting and recreating the policy in the Azure Portal. This property is read-only. Inherited from deviceConfiguration |
| deviceManagementApplicabilityRuleOsEdition | deviceManagementApplicabilityRuleOsEdition | The OS edition applicability for this Policy. Inherited from deviceConfiguration |
| deviceManagementApplicabilityRuleOsVersion | deviceManagementApplicabilityRuleOsVersion | The OS version applicability rule for this Policy. Inherited from deviceConfiguration |
| deviceManagementApplicabilityRuleDeviceMode | deviceManagementApplicabilityRuleDeviceMode | The device mode applicability rule for this Policy. Inherited from deviceConfiguration |
| createdDateTime | DateTimeOffset | DateTime the object was created. Inherited from deviceConfiguration |
| description | String | Admin provided description of the Device Configuration. Inherited from deviceConfiguration |
| displayName | String | Admin provided name of the device configuration. Inherited from deviceConfiguration |
| version | Int32 | Version of the device configuration. Inherited from deviceConfiguration |
| certificateAccessType | androidDeviceOwnerCertificateAccessType | Certificate access type. Possible values are: userApproval, specificApps, unknownFutureValue. |
| silentCertificateAccessDetails | androidDeviceOwnerSilentCertificateAccess collection | Certificate access information. This collection can contain a maximum of 50 elements. |
Graph reference: androidDeviceOwnerEnterpriseWiFiConfiguration
| Property | Type | Description |
|---|---|---|
| id | String | Key of the entity. Inherited from deviceConfiguration |
| lastModifiedDateTime | DateTimeOffset | DateTime the object was last modified. Inherited from deviceConfiguration |
| roleScopeTagIds | String collection | List of Scope Tags for this Entity instance. Inherited from deviceConfiguration |
| supportsScopeTags | Boolean | Indicates whether or not the underlying Device Configuration supports the assignment of scope tags. Assigning to the ScopeTags property is not allowed when this value is false and entities will not be visible to scoped users. This occurs for Legacy policies created in Silverlight and can be resolved by deleting and recreating the policy in the Azure Portal. This property is read-only. Inherited from deviceConfiguration |
| deviceManagementApplicabilityRuleOsEdition | deviceManagementApplicabilityRuleOsEdition | The OS edition applicability for this Policy. Inherited from deviceConfiguration |
| deviceManagementApplicabilityRuleOsVersion | deviceManagementApplicabilityRuleOsVersion | The OS version applicability rule for this Policy. Inherited from deviceConfiguration |
| deviceManagementApplicabilityRuleDeviceMode | deviceManagementApplicabilityRuleDeviceMode | The device mode applicability rule for this Policy. Inherited from deviceConfiguration |
| createdDateTime | DateTimeOffset | DateTime the object was created. Inherited from deviceConfiguration |
| description | String | Admin provided description of the Device Configuration. Inherited from deviceConfiguration |
| displayName | String | Admin provided name of the device configuration. Inherited from deviceConfiguration |
| version | Int32 | Version of the device configuration. Inherited from deviceConfiguration |
| networkName | String | Network Name Inherited from androidDeviceOwnerWiFiConfiguration |
| ssid | String | This is the name of the Wi-Fi network that is broadcast to all devices. Inherited from androidDeviceOwnerWiFiConfiguration |
| connectAutomatically | Boolean | Connect automatically when this network is in range. Setting this to true will skip the user prompt and automatically connect the device to Wi-Fi network. Inherited from androidDeviceOwnerWiFiConfiguration |
| connectWhenNetworkNameIsHidden | Boolean | When set to true, this profile forces the device to connect to a network that doesn't broadcast its SSID to all devices. Inherited from androidDeviceOwnerWiFiConfiguration |
| wiFiSecurityType | androidDeviceOwnerWiFiSecurityType | Indicates whether Wi-Fi endpoint uses an EAP based security type. Inherited from androidDeviceOwnerWiFiConfiguration. Possible values are: open, wep, wpaPersonal, wpaEnterprise. |
| preSharedKey | String | This is the pre-shared key for WPA Personal Wi-Fi network. Inherited from androidDeviceOwnerWiFiConfiguration |
| preSharedKeyIsSet | Boolean | This is the pre-shared key for WPA Personal Wi-Fi network. Inherited from androidDeviceOwnerWiFiConfiguration |
| proxySettings | wiFiProxySetting | Specify the proxy setting for Wi-Fi configuration. Possible values include none, manual, and automatic. Inherited from androidDeviceOwnerWiFiConfiguration. Possible values are: none, manual, automatic, unknownFutureValue. |
| proxyManualAddress | String | Specify the proxy server IP address. Android documentation does not specify IPv4 or IPv6. For example: 192.168.1.1. Inherited from androidDeviceOwnerWiFiConfiguration |
| proxyManualPort | Int32 | Specify the proxy server port. Inherited from androidDeviceOwnerWiFiConfiguration |
| proxyAutomaticConfigurationUrl | String | Specify the proxy server configuration script URL. Inherited from androidDeviceOwnerWiFiConfiguration |
| proxyExclusionList | String | List of hosts to exclude using the proxy on connections for. These hosts can use wildcards such as *.example.com. Inherited from androidDeviceOwnerWiFiConfiguration |
| macAddressRandomizationMode | macAddressRandomizationMode | The MAC address randomization mode for Android device Wi-Fi configuration. Possible values include automatic and hardware. Default value is automatic. Inherited from androidDeviceOwnerWiFiConfiguration. Possible values are: automatic, hardware, unknownFutureValue. |
| eapType | androidEapType | Indicates the type of EAP protocol set on the Wi-Fi endpoint (router). Possible values are: eapTls, eapTtls, peap. |
| trustedServerCertificateNames | String collection | Trusted server certificate names when EAP Type is configured to EAP-TLS/TTLS/FAST or PEAP. This is the common name used in the certificates issued by your trusted certificate authority (CA). If you provide this information, you can bypass the dynamic trust dialog that is displayed on end users' devices when they connect to this Wi-Fi network. |
| authenticationMethod | wiFiAuthenticationMethod | Indicates the Authentication Method the client (device) needs to use when the EAP Type is configured to PEAP or EAP-TTLS. Possible values are: certificate, usernameAndPassword, derivedCredential. |
| innerAuthenticationProtocolForEapTtls | nonEapAuthenticationMethodForEapTtlsType | Non-EAP Method for Authentication (Inner Identity) when EAP Type is EAP-TTLS and Authenticationmethod is Username and Password. Possible values are: unencryptedPassword, challengeHandshakeAuthenticationProtocol, microsoftChap, microsoftChapVersionTwo. |
| innerAuthenticationProtocolForPeap | nonEapAuthenticationMethodForPeap | Non-EAP Method for Authentication (Inner Identity) when EAP Type is PEAP and Authenticationmethod is Username and Password. Possible values are: none, microsoftChapVersionTwo. |
| outerIdentityPrivacyTemporaryValue | String | Enable identity privacy (Outer Identity) when EAP Type is configured to EAP-TTLS or PEAP. The String provided here is used to mask the username of individual users when they attempt to connect to Wi-Fi network. |
Graph reference: androidDeviceOwnerGeneralDeviceConfiguration
| Property | Type | Description |
|---|---|---|
| id | String | Key of the entity. Inherited from deviceConfiguration |
| lastModifiedDateTime | DateTimeOffset | DateTime the object was last modified. Inherited from deviceConfiguration |
| roleScopeTagIds | String collection | List of Scope Tags for this Entity instance. Inherited from deviceConfiguration |
| supportsScopeTags | Boolean | Indicates whether or not the underlying Device Configuration supports the assignment of scope tags. Assigning to the ScopeTags property is not allowed when this value is false and entities will not be visible to scoped users. This occurs for Legacy policies created in Silverlight and can be resolved by deleting and recreating the policy in the Azure Portal. This property is read-only. Inherited from deviceConfiguration |
| deviceManagementApplicabilityRuleOsEdition | deviceManagementApplicabilityRuleOsEdition | The OS edition applicability for this Policy. Inherited from deviceConfiguration |
| deviceManagementApplicabilityRuleOsVersion | deviceManagementApplicabilityRuleOsVersion | The OS version applicability rule for this Policy. Inherited from deviceConfiguration |
| deviceManagementApplicabilityRuleDeviceMode | deviceManagementApplicabilityRuleDeviceMode | The device mode applicability rule for this Policy. Inherited from deviceConfiguration |
| createdDateTime | DateTimeOffset | DateTime the object was created. Inherited from deviceConfiguration |
| description | String | Admin provided description of the Device Configuration. Inherited from deviceConfiguration |
| displayName | String | Admin provided name of the device configuration. Inherited from deviceConfiguration |
| version | Int32 | Version of the device configuration. Inherited from deviceConfiguration |
| azureAdSharedDeviceDataClearApps | appListItem collection | A list of managed apps that will have their data cleared during a global sign-out in AAD shared device mode. This collection can contain a maximum of 500 elements. |
| accountsBlockModification | Boolean | Indicates whether or not adding or removing accounts is disabled. |
| appsAllowInstallFromUnknownSources | Boolean | Indicates whether or not the user is allowed to enable to unknown sources setting. |
| appsAutoUpdatePolicy | androidDeviceOwnerAppAutoUpdatePolicyType | Indicates the value of the app auto update policy. Possible values are: notConfigured, userChoice, never, wiFiOnly, always. |
| appsDefaultPermissionPolicy | androidDeviceOwnerDefaultAppPermissionPolicyType | Indicates the permission policy for requests for runtime permissions if one is not defined for the app specifically. Possible values are: deviceDefault, prompt, autoGrant, autoDeny. |
| appsRecommendSkippingFirstUseHints | Boolean | Whether or not to recommend all apps skip any first-time-use hints they may have added. |
| bluetoothBlockConfiguration | Boolean | Indicates whether or not to block a user from configuring bluetooth. |
| bluetoothBlockContactSharing | Boolean | Indicates whether or not to block a user from sharing contacts via bluetooth. |
| cameraBlocked | Boolean | Indicates whether or not to disable the use of the camera. |
| cellularBlockWiFiTethering | Boolean | Indicates whether or not to block Wi-Fi tethering. |
| certificateCredentialConfigurationDisabled | Boolean | Indicates whether or not to block users from any certificate credential configuration. |
| crossProfilePoliciesAllowCopyPaste | Boolean | Indicates whether or not text copied from one profile (personal or work) can be pasted in the other. |
| crossProfilePoliciesAllowDataSharing | androidDeviceOwnerCrossProfileDataSharing | Indicates whether data from one profile (personal or work) can be shared with apps in the other profile. Possible values are: notConfigured, crossProfileDataSharingBlocked, dataSharingFromWorkToPersonalBlocked, crossProfileDataSharingAllowed, unkownFutureValue. |
| crossProfilePoliciesShowWorkContactsInPersonalProfile | Boolean | Indicates whether or not contacts stored in work profile are shown in personal profile contact searches/incoming calls. |
| microsoftLauncherConfigurationEnabled | Boolean | Indicates whether or not to you want configure Microsoft Launcher. |
| microsoftLauncherCustomWallpaperEnabled | Boolean | Indicates whether or not to configure the wallpaper on the targeted devices. |
| microsoftLauncherCustomWallpaperImageUrl | String | Indicates the URL for the image file to use as the wallpaper on the targeted devices. |
| microsoftLauncherCustomWallpaperAllowUserModification | Boolean | Indicates whether or not the user can modify the wallpaper to personalize their device. |
| microsoftLauncherFeedEnabled | Boolean | Indicates whether or not you want to enable the launcher feed on the device. |
| microsoftLauncherFeedAllowUserModification | Boolean | Indicates whether or not the user can modify the launcher feed on the device. |
| microsoftLauncherDockPresenceConfiguration | microsoftLauncherDockPresence | Indicates whether or not you want to configure the device dock. Possible values are: notConfigured, show, hide, disabled. |
| microsoftLauncherDockPresenceAllowUserModification | Boolean | Indicates whether or not the user can modify the device dock configuration on the device. |
| microsoftLauncherSearchBarPlacementConfiguration | microsoftLauncherSearchBarPlacement | Indicates the search bar placement configuration on the device. Possible values are: notConfigured, top, bottom, hide. |
| enrollmentProfile | androidDeviceOwnerEnrollmentProfileType | Indicates which enrollment profile you want to configure. Possible values are: notConfigured, dedicatedDevice, fullyManaged. |
| dataRoamingBlocked | Boolean | Indicates whether or not to block a user from data roaming. |
| dateTimeConfigurationBlocked | Boolean | Indicates whether or not to block the user from manually changing the date or time on the device |
| detailedHelpText | androidDeviceOwnerUserFacingMessage | Represents the customized detailed help text provided to users when they attempt to modify managed settings on their device. |
| deviceOwnerLockScreenMessage | androidDeviceOwnerUserFacingMessage | Represents the customized lock screen message provided to users when they attempt to modify managed settings on their device. |
| securityCommonCriteriaModeEnabled | Boolean | Represents the security common criteria mode enabled provided to users when they attempt to modify managed settings on their device. |
| factoryResetDeviceAdministratorEmails | String collection | List of Google account emails that will be required to authenticate after a device is factory reset before it can be set up. |
| factoryResetBlocked | Boolean | Indicates whether or not the factory reset option in settings is disabled. |
| globalProxy | androidDeviceOwnerGlobalProxy | Proxy is set up directly with host, port and excluded hosts. |
| googleAccountsBlocked | Boolean | Indicates whether or not google accounts will be blocked. |
| kioskCustomizationDeviceSettingsBlocked | Boolean | Indicates whether a user can access the device's Settings app while in Kiosk Mode. |
| kioskCustomizationPowerButtonActionsBlocked | Boolean | Whether the power menu is shown when a user long presses the Power button of a device in Kiosk Mode. |
| kioskCustomizationStatusBar | androidDeviceOwnerKioskCustomizationStatusBar | Indicates whether system info and notifications are disabled in Kiosk Mode. Possible values are: notConfigured, notificationsAndSystemInfoEnabled, systemInfoOnly. |
| kioskCustomizationSystemErrorWarnings | Boolean | Indicates whether system error dialogs for crashed or unresponsive apps are shown in Kiosk Mode. |
| kioskCustomizationSystemNavigation | androidDeviceOwnerKioskCustomizationSystemNavigation | Indicates which navigation features are enabled in Kiosk Mode. Possible values are: notConfigured, navigationEnabled, homeButtonOnly. |
| kioskModeScreenSaverConfigurationEnabled | Boolean | Whether or not to enable screen saver mode or not in Kiosk Mode. |
| kioskModeScreenSaverImageUrl | String | URL for an image that will be the device's screen saver in Kiosk Mode. |
| kioskModeScreenSaverDisplayTimeInSeconds | Int32 | The number of seconds that the device will display the screen saver for in Kiosk Mode. Valid values 0 to 9999999 |
| kioskModeScreenSaverStartDelayInSeconds | Int32 | The number of seconds the device needs to be inactive for before the screen saver is shown in Kiosk Mode. Valid values 1 to 9999999 |
| kioskModeScreenSaverDetectMediaDisabled | Boolean | Whether or not the device screen should show the screen saver if audio/video is playing in Kiosk Mode. |
| kioskModeApps | appListItem collection | A list of managed apps that will be shown when the device is in Kiosk Mode. This collection can contain a maximum of 500 elements. |
| kioskModeWallpaperUrl | String | URL to a publicly accessible image to use for the wallpaper when the device is in Kiosk Mode. |
| kioskModeExitCode | String | Exit code to allow a user to escape from Kiosk Mode when the device is in Kiosk Mode. |
| kioskModeVirtualHomeButtonEnabled | Boolean | Whether or not to display a virtual home button when the device is in Kiosk Mode. |
| kioskModeVirtualHomeButtonType | androidDeviceOwnerVirtualHomeButtonType | Indicates whether the virtual home button is a swipe up home button or a floating home button. Possible values are: notConfigured, swipeUp, floating. |
| kioskModeBluetoothConfigurationEnabled | Boolean | Whether or not to allow a user to configure Bluetooth settings in Kiosk Mode. |
| kioskModeWiFiConfigurationEnabled | Boolean | Whether or not to allow a user to configure Wi-Fi settings in Kiosk Mode. |
| kioskModeFlashlightConfigurationEnabled | Boolean | Whether or not to allow a user to use the flashlight in Kiosk Mode. |
| kioskModeMediaVolumeConfigurationEnabled | Boolean | Whether or not to allow a user to change the media volume in Kiosk Mode. |
| kioskModeShowDeviceInfo | Boolean | Whether or not to allow a user to access basic device information. |
| kioskModeManagedSettingsEntryDisabled | Boolean | Whether or not to display the Managed Settings entry point on the managed home screen in Kiosk Mode. |
| kioskModeDebugMenuEasyAccessEnabled | Boolean | Whether or not to allow a user to easy access to the debug menu in Kiosk Mode. |
| kioskModeShowAppNotificationBadge | Boolean | Whether or not to display application notification badges in Kiosk Mode. |
| kioskModeScreenOrientation | androidDeviceOwnerKioskModeScreenOrientation | Screen orientation configuration for managed home screen in Kiosk Mode. Possible values are: notConfigured, portrait, landscape, autoRotate. |
| kioskModeIconSize | androidDeviceOwnerKioskModeIconSize | Icon size configuration for managed home screen in Kiosk Mode. Possible values are: notConfigured, smallest, small, regular, large, largest. |
| kioskModeFolderIcon | androidDeviceOwnerKioskModeFolderIcon | Folder icon configuration for managed home screen in Kiosk Mode. Possible values are: notConfigured, darkSquare, darkCircle, lightSquare, lightCircle. |
| kioskModeWifiAllowedSsids | String collection | The restricted set of WIFI SSIDs available for the user to configure in Kiosk Mode. This collection can contain a maximum of 500 elements. |
| kioskModeAppOrderEnabled | Boolean | Whether or not to enable app ordering in Kiosk Mode. |
| kioskModeAppsInFolderOrderedByName | Boolean | Whether or not to alphabetize applications within a folder in Kiosk Mode. |
| kioskModeGridHeight | Int32 | Number of rows for Managed Home Screen grid with app ordering enabled in Kiosk Mode. Valid values 1 to 9999999 |
| kioskModeGridWidth | Int32 | Number of columns for Managed Home Screen grid with app ordering enabled in Kiosk Mode. Valid values 1 to 9999999 |
| kioskModeLockHomeScreen | Boolean | Whether or not to lock home screen to the end user in Kiosk Mode. |
| kioskModeManagedFolders | androidDeviceOwnerKioskModeManagedFolder collection | A list of managed folders for a device in Kiosk Mode. This collection can contain a maximum of 500 elements. |
| kioskModeAppPositions | androidDeviceOwnerKioskModeAppPositionItem collection | The ordering of items on Kiosk Mode Managed Home Screen. This collection can contain a maximum of 500 elements. |
| kioskModeManagedHomeScreenAutoSignout | Boolean | Whether or not to automatically sign-out of MHS and Shared device mode applications after inactive for Managed Home Screen. |
| kioskModeManagedHomeScreenInactiveSignOutDelayInSeconds | Int32 | Number of seconds to give user notice before automatically signing them out for Managed Home Screen. Valid values 0 to 9999999 |
| kioskModeManagedHomeScreenInactiveSignOutNoticeInSeconds | Int32 | Number of seconds device is inactive before automatically signing user out for Managed Home Screen. Valid values 0 to 9999999 |
| kioskModeManagedHomeScreenPinComplexity | kioskModeManagedHomeScreenPinComplexity | Complexity of PIN for sign-in session for Managed Home Screen. Possible values are: notConfigured, simple, complex. |
| kioskModeManagedHomeScreenPinRequired | Boolean | Whether or not require user to set a PIN for sign-in session for Managed Home Screen. |
| kioskModeManagedHomeScreenPinRequiredToResume | Boolean | Whether or not required user to enter session PIN if screensaver has appeared for Managed Home Screen. |
| kioskModeManagedHomeScreenSignInBackground | String | Custom URL background for sign-in screen for Managed Home Screen. |
| kioskModeManagedHomeScreenSignInBrandingLogo | String | Custom URL branding logo for sign-in screen and session pin page for Managed Home Screen. |
| kioskModeManagedHomeScreenSignInEnabled | Boolean | Whether or not show sign-in screen for Managed Home Screen. |
| kioskModeUseManagedHomeScreenApp | kioskModeType | Whether or not to use single app kiosk mode or multi-app kiosk mode. Possible values are: notConfigured, singleAppMode, multiAppMode. |
| microphoneForceMute | Boolean | Indicates whether or not to block unmuting the microphone on the device. |
| networkEscapeHatchAllowed | Boolean | Indicates whether or not the device will allow connecting to a temporary network connection at boot time. |
| nfcBlockOutgoingBeam | Boolean | Indicates whether or not to block NFC outgoing beam. |
| passwordBlockKeyguard | Boolean | Indicates whether or not the keyguard is disabled. |
| passwordBlockKeyguardFeatures | androidKeyguardFeature collection | List of device keyguard features to block. This collection can contain a maximum of 11 elements. |
| passwordExpirationDays | Int32 | Indicates the amount of time that a password can be set for before it expires and a new password will be required. Valid values 1 to 365 |
| passwordMinimumLength | Int32 | Indicates the minimum length of the password required on the device. Valid values 4 to 16 |
| passwordMinimumLetterCharacters | Int32 | Indicates the minimum number of letter characters required for device password. Valid values 1 to 16 |
| passwordMinimumLowerCaseCharacters | Int32 | Indicates the minimum number of lower case characters required for device password. Valid values 1 to 16 |
| passwordMinimumNonLetterCharacters | Int32 | Indicates the minimum number of non-letter characters required for device password. Valid values 1 to 16 |
| passwordMinimumNumericCharacters | Int32 | Indicates the minimum number of numeric characters required for device password. Valid values 1 to 16 |
| passwordMinimumSymbolCharacters | Int32 | Indicates the minimum number of symbol characters required for device password. Valid values 1 to 16 |
| passwordMinimumUpperCaseCharacters | Int32 | Indicates the minimum number of upper case letter characters required for device password. Valid values 1 to 16 |
| passwordMinutesOfInactivityBeforeScreenTimeout | Int32 | Minutes of inactivity before the screen times out. |
| passwordPreviousPasswordCountToBlock | Int32 | Indicates the length of password history, where the user will not be able to enter a new password that is the same as any password in the history. Valid values 0 to 24 |
| passwordRequiredType | androidDeviceOwnerRequiredPasswordType | Indicates the minimum password quality required on the device. Possible values are: deviceDefault, required, numeric, numericComplex, alphabetic, alphanumeric, alphanumericWithSymbols, lowSecurityBiometric, customPassword. |
| passwordRequireUnlock | androidDeviceOwnerRequiredPasswordUnlock | Indicates the timeout period after which a device must be unlocked using a form of strong authentication. Possible values are: deviceDefault, daily, unkownFutureValue. |
| passwordSignInFailureCountBeforeFactoryReset | Int32 | Indicates the number of times a user can enter an incorrect password before the device is wiped. Valid values 4 to 11 |
| playStoreMode | androidDeviceOwnerPlayStoreMode | Indicates the Play Store mode of the device. Possible values are: notConfigured, allowList, blockList. |
| screenCaptureBlocked | Boolean | Indicates whether or not to disable the capability to take screenshots. |
| securityDeveloperSettingsEnabled | Boolean | Indicates whether or not the user is allowed to access developer settings like developer options and safe boot on the device. |
| securityRequireVerifyApps | Boolean | Indicates whether or not verify apps is required. |
| shortHelpText | androidDeviceOwnerUserFacingMessage | Represents the customized short help text provided to users when they attempt to modify managed settings on their device. |
| statusBarBlocked | Boolean | Indicates whether or the status bar is disabled, including notifications, quick settings and other screen overlays. |
| stayOnModes | androidDeviceOwnerBatteryPluggedMode collection | List of modes in which the device's display will stay powered-on. This collection can contain a maximum of 4 elements. |
| storageAllowUsb | Boolean | Indicates whether or not to allow USB mass storage. |
| storageBlockExternalMedia | Boolean | Indicates whether or not to block external media. |
| storageBlockUsbFileTransfer | Boolean | Indicates whether or not to block USB file transfer. |
| systemUpdateFreezePeriods | androidDeviceOwnerSystemUpdateFreezePeriod collection | Indicates the annually repeating time periods during which system updates are postponed. This collection can contain a maximum of 500 elements. |
| systemUpdateWindowStartMinutesAfterMidnight | Int32 | Indicates the number of minutes after midnight that the system update window starts. Valid values 0 to 1440 |
| systemUpdateWindowEndMinutesAfterMidnight | Int32 | Indicates the number of minutes after midnight that the system update window ends. Valid values 0 to 1440 |
| systemUpdateInstallType | androidDeviceOwnerSystemUpdateInstallType | The type of system update configuration. Possible values are: deviceDefault, postpone, windowed, automatic. |
| systemWindowsBlocked | Boolean | Whether or not to block Android system prompt windows, like toasts, phone activities, and system alerts. |
| usersBlockAdd | Boolean | Indicates whether or not adding users and profiles is disabled. |
| usersBlockRemove | Boolean | Indicates whether or not to disable removing other users from the device. |
| volumeBlockAdjustment | Boolean | Indicates whether or not adjusting the master volume is disabled. |
| vpnAlwaysOnLockdownMode | Boolean | If an always on VPN package name is specified, whether or not to lock network traffic when that VPN is disconnected. |
| vpnAlwaysOnPackageIdentifier | String | Android app package name for app that will handle an always-on VPN connection. |
| wifiBlockEditConfigurations | Boolean | Indicates whether or not to block the user from editing the wifi connection settings. |
| wifiBlockEditPolicyDefinedConfigurations | Boolean | Indicates whether or not to block the user from editing just the networks defined by the policy. |
| personalProfileAppsAllowInstallFromUnknownSources | Boolean | Indicates whether the user can install apps from unknown sources on the personal profile. |
| personalProfileCameraBlocked | Boolean | Indicates whether to disable the use of the camera on the personal profile. |
| personalProfileScreenCaptureBlocked | Boolean | Indicates whether to disable the capability to take screenshots on the personal profile. |
| personalProfilePlayStoreMode | personalProfilePersonalPlayStoreMode | Used together with PersonalProfilePersonalApplications to control how apps in the personal profile are allowed or blocked. Possible values are: notConfigured, blockedApps, allowedApps. |
| personalProfilePersonalApplications | appListItem collection | Policy applied to applications in the personal profile. This collection can contain a maximum of 500 elements. |
| workProfilePasswordExpirationDays | Int32 | Indicates the number of days that a work profile password can be set before it expires and a new password will be required. Valid values 1 to 365 |
| workProfilePasswordMinimumLength | Int32 | Indicates the minimum length of the work profile password. Valid values 4 to 16 |
| workProfilePasswordMinimumNumericCharacters | Int32 | Indicates the minimum number of numeric characters required for the work profile password. Valid values 1 to 16 |
| workProfilePasswordMinimumNonLetterCharacters | Int32 | Indicates the minimum number of non-letter characters required for the work profile password. Valid values 1 to 16 |
| workProfilePasswordMinimumLetterCharacters | Int32 | Indicates the minimum number of letter characters required for the work profile password. Valid values 1 to 16 |
| workProfilePasswordMinimumLowerCaseCharacters | Int32 | Indicates the minimum number of lower-case characters required for the work profile password. Valid values 1 to 16 |
| workProfilePasswordMinimumUpperCaseCharacters | Int32 | Indicates the minimum number of upper-case letter characters required for the work profile password. Valid values 1 to 16 |
| workProfilePasswordMinimumSymbolCharacters | Int32 | Indicates the minimum number of symbol characters required for the work profile password. Valid values 1 to 16 |
| workProfilePasswordPreviousPasswordCountToBlock | Int32 | Indicates the length of the work profile password history, where the user will not be able to enter a new password that is the same as any password in the history. Valid values 0 to 24 |
| workProfilePasswordSignInFailureCountBeforeFactoryReset | Int32 | Indicates the number of times a user can enter an incorrect work profile password before the device is wiped. Valid values 4 to 11 |
| workProfilePasswordRequiredType | androidDeviceOwnerRequiredPasswordType | Indicates the minimum password quality required on the work profile password. Possible values are: deviceDefault, required, numeric, numericComplex, alphabetic, alphanumeric, alphanumericWithSymbols, lowSecurityBiometric, customPassword. |
| workProfilePasswordRequireUnlock | androidDeviceOwnerRequiredPasswordUnlock | Indicates the timeout period after which a work profile must be unlocked using a form of strong authentication. Possible values are: deviceDefault, daily, unkownFutureValue. |
| locateDeviceUserlessDisabled | Boolean | Indicates whether or not LocateDevice for userless (COSU) devices is disabled. |
| locateDeviceLostModeEnabled | Boolean | Indicates whether or not LocateDevice for devices with lost mode (COBO, COPE) is enabled. |
| androidDeviceOwnerDelegatedScopeAppSettings | androidDeviceOwnerDelegatedScopeAppSetting collection | Specifies the list of managed apps with app details and its associated delegated scope(s). This collection can contain a maximum of 500 elements. |
| shareDeviceLocationDisabled | Boolean | Indicates whether or not location sharing is disabled for fully managed devices (COBO), and corporate owned devices with a work profile (COPE) |
| deviceLocationMode | androidDeviceOwnerLocationMode | Indicates the location setting configuration for fully managed devices (COBO) and corporate owned devices with a work profile (COPE). Possible values are: notConfigured, disabled, unknownFutureValue. |
Graph reference: androidDeviceOwnerImportedPFXCertificateProfile
| Property | Type | Description |
|---|---|---|
| id | String | Key of the entity. Inherited from deviceConfiguration |
| lastModifiedDateTime | DateTimeOffset | DateTime the object was last modified. Inherited from deviceConfiguration |
| roleScopeTagIds | String collection | List of Scope Tags for this Entity instance. Inherited from deviceConfiguration |
| supportsScopeTags | Boolean | Indicates whether or not the underlying Device Configuration supports the assignment of scope tags. Assigning to the ScopeTags property is not allowed when this value is false and entities will not be visible to scoped users. This occurs for Legacy policies created in Silverlight and can be resolved by deleting and recreating the policy in the Azure Portal. This property is read-only. Inherited from deviceConfiguration |
| deviceManagementApplicabilityRuleOsEdition | deviceManagementApplicabilityRuleOsEdition | The OS edition applicability for this Policy. Inherited from deviceConfiguration |
| deviceManagementApplicabilityRuleOsVersion | deviceManagementApplicabilityRuleOsVersion | The OS version applicability rule for this Policy. Inherited from deviceConfiguration |
| deviceManagementApplicabilityRuleDeviceMode | deviceManagementApplicabilityRuleDeviceMode | The device mode applicability rule for this Policy. Inherited from deviceConfiguration |
| createdDateTime | DateTimeOffset | DateTime the object was created. Inherited from deviceConfiguration |
| description | String | Admin provided description of the Device Configuration. Inherited from deviceConfiguration |
| displayName | String | Admin provided name of the device configuration. Inherited from deviceConfiguration |
| version | Int32 | Version of the device configuration. Inherited from deviceConfiguration |
| renewalThresholdPercentage | Int32 | Certificate renewal threshold percentage. Valid values 1 to 99 Inherited from androidDeviceOwnerCertificateProfileBase |
| subjectNameFormat | subjectNameFormat | Certificate Subject Name Format. Inherited from androidDeviceOwnerCertificateProfileBase. Possible values are: commonName, commonNameIncludingEmail, commonNameAsEmail, custom, commonNameAsIMEI, commonNameAsSerialNumber, commonNameAsAadDeviceId, commonNameAsIntuneDeviceId, commonNameAsDurableDeviceId. |
| certificateValidityPeriodValue | Int32 | Value for the Certificate Validity Period. Inherited from androidDeviceOwnerCertificateProfileBase |
| certificateValidityPeriodScale | certificateValidityPeriodScale | Scale for the Certificate Validity Period. Inherited from androidDeviceOwnerCertificateProfileBase. Possible values are: days, months, years. |
| extendedKeyUsages | extendedKeyUsage collection | Extended Key Usage (EKU) settings. This collection can contain a maximum of 500 elements. Inherited from androidDeviceOwnerCertificateProfileBase |
| subjectAlternativeNameType | subjectAlternativeNameType | Certificate Subject Alternative Name Type. Inherited from androidDeviceOwnerCertificateProfileBase. Possible values are: none, emailAddress, userPrincipalName, customAzureADAttribute, domainNameService, universalResourceIdentifier. |
| intendedPurpose | intendedPurpose | Intended Purpose of the Certificate Profile - which could be Unassigned, SmimeEncryption, SmimeSigning etc. Possible values are: unassigned, smimeEncryption, smimeSigning, vpn, wifi. |
| certificateAccessType | androidDeviceOwnerCertificateAccessType | Certificate access type. Possible values are: userApproval, specificApps, unknownFutureValue. |
| silentCertificateAccessDetails | androidDeviceOwnerSilentCertificateAccess collection | Certificate access information. This collection can contain a maximum of 50 elements. |
Graph reference: androidDeviceOwnerPkcsCertificateProfile
| Property | Type | Description |
|---|---|---|
| id | String | Key of the entity. Inherited from deviceConfiguration |
| lastModifiedDateTime | DateTimeOffset | DateTime the object was last modified. Inherited from deviceConfiguration |
| roleScopeTagIds | String collection | List of Scope Tags for this Entity instance. Inherited from deviceConfiguration |
| supportsScopeTags | Boolean | Indicates whether or not the underlying Device Configuration supports the assignment of scope tags. Assigning to the ScopeTags property is not allowed when this value is false and entities will not be visible to scoped users. This occurs for Legacy policies created in Silverlight and can be resolved by deleting and recreating the policy in the Azure Portal. This property is read-only. Inherited from deviceConfiguration |
| deviceManagementApplicabilityRuleOsEdition | deviceManagementApplicabilityRuleOsEdition | The OS edition applicability for this Policy. Inherited from deviceConfiguration |
| deviceManagementApplicabilityRuleOsVersion | deviceManagementApplicabilityRuleOsVersion | The OS version applicability rule for this Policy. Inherited from deviceConfiguration |
| deviceManagementApplicabilityRuleDeviceMode | deviceManagementApplicabilityRuleDeviceMode | The device mode applicability rule for this Policy. Inherited from deviceConfiguration |
| createdDateTime | DateTimeOffset | DateTime the object was created. Inherited from deviceConfiguration |
| description | String | Admin provided description of the Device Configuration. Inherited from deviceConfiguration |
| displayName | String | Admin provided name of the device configuration. Inherited from deviceConfiguration |
| version | Int32 | Version of the device configuration. Inherited from deviceConfiguration |
| renewalThresholdPercentage | Int32 | Certificate renewal threshold percentage. Valid values 1 to 99 Inherited from androidDeviceOwnerCertificateProfileBase |
| subjectNameFormat | subjectNameFormat | Certificate Subject Name Format. Inherited from androidDeviceOwnerCertificateProfileBase. Possible values are: commonName, commonNameIncludingEmail, commonNameAsEmail, custom, commonNameAsIMEI, commonNameAsSerialNumber, commonNameAsAadDeviceId, commonNameAsIntuneDeviceId, commonNameAsDurableDeviceId. |
| certificateValidityPeriodValue | Int32 | Value for the Certificate Validity Period. Inherited from androidDeviceOwnerCertificateProfileBase |
| certificateValidityPeriodScale | certificateValidityPeriodScale | Scale for the Certificate Validity Period. Inherited from androidDeviceOwnerCertificateProfileBase. Possible values are: days, months, years. |
| extendedKeyUsages | extendedKeyUsage collection | Extended Key Usage (EKU) settings. This collection can contain a maximum of 500 elements. Inherited from androidDeviceOwnerCertificateProfileBase |
| subjectAlternativeNameType | subjectAlternativeNameType | Certificate Subject Alternative Name Type. Inherited from androidDeviceOwnerCertificateProfileBase. Possible values are: none, emailAddress, userPrincipalName, customAzureADAttribute, domainNameService, universalResourceIdentifier. |
| certificationAuthority | String | PKCS Certification Authority |
| certificationAuthorityName | String | PKCS Certification Authority Name |
| certificationAuthorityType | deviceManagementCertificationAuthority | Certification authority type. Possible values are: notConfigured, microsoft, digiCert. |
| certificateTemplateName | String | PKCS Certificate Template Name |
| subjectAlternativeNameFormatString | String | Custom String that defines the AAD Attribute. |
| subjectNameFormatString | String | Custom format to use with SubjectNameFormat = Custom. Example: CN={{EmailAddress}},E={{EmailAddress}},OU=Enterprise Users,O=Contoso Corporation,L=Redmond,ST=WA,C=US |
| certificateStore | certificateStore | Target store certificate. Possible values are: user, machine. |
| customSubjectAlternativeNames | customSubjectAlternativeName collection | Custom Subject Alternative Name Settings. This collection can contain a maximum of 500 elements. |
| certificateAccessType | androidDeviceOwnerCertificateAccessType | Certificate access type. Possible values are: userApproval, specificApps, unknownFutureValue. |
| silentCertificateAccessDetails | androidDeviceOwnerSilentCertificateAccess collection | Certificate access information. This collection can contain a maximum of 50 elements. |
Graph reference: androidDeviceOwnerScepCertificateProfile
| Property | Type | Description |
|---|---|---|
| id | String | Key of the entity. Inherited from deviceConfiguration |
| lastModifiedDateTime | DateTimeOffset | DateTime the object was last modified. Inherited from deviceConfiguration |
| roleScopeTagIds | String collection | List of Scope Tags for this Entity instance. Inherited from deviceConfiguration |
| supportsScopeTags | Boolean | Indicates whether or not the underlying Device Configuration supports the assignment of scope tags. Assigning to the ScopeTags property is not allowed when this value is false and entities will not be visible to scoped users. This occurs for Legacy policies created in Silverlight and can be resolved by deleting and recreating the policy in the Azure Portal. This property is read-only. Inherited from deviceConfiguration |
| deviceManagementApplicabilityRuleOsEdition | deviceManagementApplicabilityRuleOsEdition | The OS edition applicability for this Policy. Inherited from deviceConfiguration |
| deviceManagementApplicabilityRuleOsVersion | deviceManagementApplicabilityRuleOsVersion | The OS version applicability rule for this Policy. Inherited from deviceConfiguration |
| deviceManagementApplicabilityRuleDeviceMode | deviceManagementApplicabilityRuleDeviceMode | The device mode applicability rule for this Policy. Inherited from deviceConfiguration |
| createdDateTime | DateTimeOffset | DateTime the object was created. Inherited from deviceConfiguration |
| description | String | Admin provided description of the Device Configuration. Inherited from deviceConfiguration |
| displayName | String | Admin provided name of the device configuration. Inherited from deviceConfiguration |
| version | Int32 | Version of the device configuration. Inherited from deviceConfiguration |
| renewalThresholdPercentage | Int32 | Certificate renewal threshold percentage. Valid values 1 to 99 Inherited from androidDeviceOwnerCertificateProfileBase |
| subjectNameFormat | subjectNameFormat | Certificate Subject Name Format. Inherited from androidDeviceOwnerCertificateProfileBase. Possible values are: commonName, commonNameIncludingEmail, commonNameAsEmail, custom, commonNameAsIMEI, commonNameAsSerialNumber, commonNameAsAadDeviceId, commonNameAsIntuneDeviceId, commonNameAsDurableDeviceId. |
| certificateValidityPeriodValue | Int32 | Value for the Certificate Validity Period. Inherited from androidDeviceOwnerCertificateProfileBase |
| certificateValidityPeriodScale | certificateValidityPeriodScale | Scale for the Certificate Validity Period. Inherited from androidDeviceOwnerCertificateProfileBase. Possible values are: days, months, years. |
| extendedKeyUsages | extendedKeyUsage collection | Extended Key Usage (EKU) settings. This collection can contain a maximum of 500 elements. Inherited from androidDeviceOwnerCertificateProfileBase |
| subjectAlternativeNameType | subjectAlternativeNameType | Certificate Subject Alternative Name Type. Inherited from androidDeviceOwnerCertificateProfileBase. Possible values are: none, emailAddress, userPrincipalName, customAzureADAttribute, domainNameService, universalResourceIdentifier. |
| scepServerUrls | String collection | SCEP Server Url(s) |
| subjectNameFormatString | String | Custom format to use with SubjectNameFormat = Custom. Example: CN={{EmailAddress}},E={{EmailAddress}},OU=Enterprise Users,O=Contoso Corporation,L=Redmond,ST=WA,C=US |
| keyUsage | keyUsages | SCEP Key Usage. Possible values are: keyEncipherment, digitalSignature. |
| keySize | keySize | SCEP Key Size. Possible values are: size1024, size2048, size4096. |
| hashAlgorithm | hashAlgorithms | SCEP Hash Algorithm. Possible values are: sha1, sha2. |
| subjectAlternativeNameFormatString | String | Custom String that defines the AAD Attribute. |
| certificateStore | certificateStore | Target store certificate. Possible values are: user, machine. |
| customSubjectAlternativeNames | customSubjectAlternativeName collection | Custom Subject Alternative Name Settings. This collection can contain a maximum of 500 elements. |
| certificateAccessType | androidDeviceOwnerCertificateAccessType | Certificate access type. Possible values are: userApproval, specificApps, unknownFutureValue. |
| silentCertificateAccessDetails | androidDeviceOwnerSilentCertificateAccess collection | Certificate access information. This collection can contain a maximum of 50 elements. |
Graph reference: androidDeviceOwnerTrustedRootCertificate
| Property | Type | Description |
|---|---|---|
| id | String | Key of the entity. Inherited from deviceConfiguration |
| lastModifiedDateTime | DateTimeOffset | DateTime the object was last modified. Inherited from deviceConfiguration |
| roleScopeTagIds | String collection | List of Scope Tags for this Entity instance. Inherited from deviceConfiguration |
| supportsScopeTags | Boolean | Indicates whether or not the underlying Device Configuration supports the assignment of scope tags. Assigning to the ScopeTags property is not allowed when this value is false and entities will not be visible to scoped users. This occurs for Legacy policies created in Silverlight and can be resolved by deleting and recreating the policy in the Azure Portal. This property is read-only. Inherited from deviceConfiguration |
| deviceManagementApplicabilityRuleOsEdition | deviceManagementApplicabilityRuleOsEdition | The OS edition applicability for this Policy. Inherited from deviceConfiguration |
| deviceManagementApplicabilityRuleOsVersion | deviceManagementApplicabilityRuleOsVersion | The OS version applicability rule for this Policy. Inherited from deviceConfiguration |
| deviceManagementApplicabilityRuleDeviceMode | deviceManagementApplicabilityRuleDeviceMode | The device mode applicability rule for this Policy. Inherited from deviceConfiguration |
| createdDateTime | DateTimeOffset | DateTime the object was created. Inherited from deviceConfiguration |
| description | String | Admin provided description of the Device Configuration. Inherited from deviceConfiguration |
| displayName | String | Admin provided name of the device configuration. Inherited from deviceConfiguration |
| version | Int32 | Version of the device configuration. Inherited from deviceConfiguration |
| trustedRootCertificate | Binary | Trusted Root Certificate |
| certFileName | String | File name to display in UI. |
Graph reference: androidDeviceOwnerVpnConfiguration
| Property | Type | Description |
|---|---|---|
| id | String | Key of the entity. Inherited from deviceConfiguration |
| lastModifiedDateTime | DateTimeOffset | DateTime the object was last modified. Inherited from deviceConfiguration |
| roleScopeTagIds | String collection | List of Scope Tags for this Entity instance. Inherited from deviceConfiguration |
| supportsScopeTags | Boolean | Indicates whether or not the underlying Device Configuration supports the assignment of scope tags. Assigning to the ScopeTags property is not allowed when this value is false and entities will not be visible to scoped users. This occurs for Legacy policies created in Silverlight and can be resolved by deleting and recreating the policy in the Azure Portal. This property is read-only. Inherited from deviceConfiguration |
| deviceManagementApplicabilityRuleOsEdition | deviceManagementApplicabilityRuleOsEdition | The OS edition applicability for this Policy. Inherited from deviceConfiguration |
| deviceManagementApplicabilityRuleOsVersion | deviceManagementApplicabilityRuleOsVersion | The OS version applicability rule for this Policy. Inherited from deviceConfiguration |
| deviceManagementApplicabilityRuleDeviceMode | deviceManagementApplicabilityRuleDeviceMode | The device mode applicability rule for this Policy. Inherited from deviceConfiguration |
| createdDateTime | DateTimeOffset | DateTime the object was created. Inherited from deviceConfiguration |
| description | String | Admin provided description of the Device Configuration. Inherited from deviceConfiguration |
| displayName | String | Admin provided name of the device configuration. Inherited from deviceConfiguration |
| version | Int32 | Version of the device configuration. Inherited from deviceConfiguration |
| authenticationMethod | vpnAuthenticationMethod | Authentication method. Inherited from vpnConfiguration. Possible values are: certificate, usernameAndPassword, sharedSecret, derivedCredential, azureAD. |
| connectionName | String | Connection name displayed to the user. Inherited from vpnConfiguration |
| role | String | Role when connection type is set to Pulse Secure. Inherited from vpnConfiguration |
| realm | String | Realm when connection type is set to Pulse Secure. Inherited from vpnConfiguration |
| servers | vpnServer collection | List of VPN Servers on the network. Make sure end users can access these network locations. This collection can contain a maximum of 500 elements. Inherited from vpnConfiguration |
| connectionType | androidVpnConnectionType | Connection type. Possible values are: ciscoAnyConnect, pulseSecure, f5EdgeClient, dellSonicWallMobileConnect, checkPointCapsuleVpn, citrix, microsoftTunnel, netMotionMobility, microsoftProtect. |
| proxyServer | vpnProxyServer | Proxy server. |
| targetedPackageIds | String collection | Targeted App package IDs. |
| targetedMobileApps | appListItem collection | Targeted mobile apps. This collection can contain a maximum of 500 elements. |
| alwaysOn | Boolean | Whether or not to enable always-on VPN connection. |
| alwaysOnLockdown | Boolean | If always-on VPN connection is enabled, whether or not to lock network traffic when that VPN is disconnected. |
| microsoftTunnelSiteId | String | Microsoft Tunnel site ID. |
| proxyExclusionList | String collection | List of hosts to exclude using the proxy on connections for. These hosts can use wildcards such as *.example.com. |
| customData | keyValue collection | Custom data to define key/value pairs specific to a VPN provider. This collection can contain a maximum of 25 elements. |
| customKeyValueData | keyValuePair collection | Custom data to define key/value pairs specific to a VPN provider. This collection can contain a maximum of 25 elements. |
Graph reference: androidDeviceOwnerWiFiConfiguration
| Property | Type | Description |
|---|---|---|
| id | String | Key of the entity. Inherited from deviceConfiguration |
| lastModifiedDateTime | DateTimeOffset | DateTime the object was last modified. Inherited from deviceConfiguration |
| roleScopeTagIds | String collection | List of Scope Tags for this Entity instance. Inherited from deviceConfiguration |
| supportsScopeTags | Boolean | Indicates whether or not the underlying Device Configuration supports the assignment of scope tags. Assigning to the ScopeTags property is not allowed when this value is false and entities will not be visible to scoped users. This occurs for Legacy policies created in Silverlight and can be resolved by deleting and recreating the policy in the Azure Portal. This property is read-only. Inherited from deviceConfiguration |
| deviceManagementApplicabilityRuleOsEdition | deviceManagementApplicabilityRuleOsEdition | The OS edition applicability for this Policy. Inherited from deviceConfiguration |
| deviceManagementApplicabilityRuleOsVersion | deviceManagementApplicabilityRuleOsVersion | The OS version applicability rule for this Policy. Inherited from deviceConfiguration |
| deviceManagementApplicabilityRuleDeviceMode | deviceManagementApplicabilityRuleDeviceMode | The device mode applicability rule for this Policy. Inherited from deviceConfiguration |
| createdDateTime | DateTimeOffset | DateTime the object was created. Inherited from deviceConfiguration |
| description | String | Admin provided description of the Device Configuration. Inherited from deviceConfiguration |
| displayName | String | Admin provided name of the device configuration. Inherited from deviceConfiguration |
| version | Int32 | Version of the device configuration. Inherited from deviceConfiguration |
| networkName | String | Network Name |
| ssid | String | This is the name of the Wi-Fi network that is broadcast to all devices. |
| connectAutomatically | Boolean | Connect automatically when this network is in range. Setting this to true will skip the user prompt and automatically connect the device to Wi-Fi network. |
| connectWhenNetworkNameIsHidden | Boolean | When set to true, this profile forces the device to connect to a network that doesn't broadcast its SSID to all devices. |
| wiFiSecurityType | androidDeviceOwnerWiFiSecurityType | Indicates whether Wi-Fi endpoint uses an EAP based security type. Possible values are: open, wep, wpaPersonal, wpaEnterprise. |
| preSharedKey | String | This is the pre-shared key for WPA Personal Wi-Fi network. |
| preSharedKeyIsSet | Boolean | This is the pre-shared key for WPA Personal Wi-Fi network. |
| proxySettings | wiFiProxySetting | Specify the proxy setting for Wi-Fi configuration. Possible values include none, manual, and automatic. Possible values are: none, manual, automatic, unknownFutureValue. |
| proxyManualAddress | String | Specify the proxy server IP address. Android documentation does not specify IPv4 or IPv6. For example: 192.168.1.1. |
| proxyManualPort | Int32 | Specify the proxy server port. |
| proxyAutomaticConfigurationUrl | String | Specify the proxy server configuration script URL. |
| proxyExclusionList | String | List of hosts to exclude using the proxy on connections for. These hosts can use wildcards such as *.example.com. |
| macAddressRandomizationMode | macAddressRandomizationMode | The MAC address randomization mode for Android device Wi-Fi configuration. Possible values include automatic and hardware. Default value is automatic. Possible values are: automatic, hardware, unknownFutureValue. |
Graph reference: androidEasEmailProfileConfiguration
| Property | Type | Description |
|---|---|---|
| id | String | Key of the entity. Inherited from deviceConfiguration |
| lastModifiedDateTime | DateTimeOffset | DateTime the object was last modified. Inherited from deviceConfiguration |
| roleScopeTagIds | String collection | List of Scope Tags for this Entity instance. Inherited from deviceConfiguration |
| supportsScopeTags | Boolean | Indicates whether or not the underlying Device Configuration supports the assignment of scope tags. Assigning to the ScopeTags property is not allowed when this value is false and entities will not be visible to scoped users. This occurs for Legacy policies created in Silverlight and can be resolved by deleting and recreating the policy in the Azure Portal. This property is read-only. Inherited from deviceConfiguration |
| deviceManagementApplicabilityRuleOsEdition | deviceManagementApplicabilityRuleOsEdition | The OS edition applicability for this Policy. Inherited from deviceConfiguration |
| deviceManagementApplicabilityRuleOsVersion | deviceManagementApplicabilityRuleOsVersion | The OS version applicability rule for this Policy. Inherited from deviceConfiguration |
| deviceManagementApplicabilityRuleDeviceMode | deviceManagementApplicabilityRuleDeviceMode | The device mode applicability rule for this Policy. Inherited from deviceConfiguration |
| createdDateTime | DateTimeOffset | DateTime the object was created. Inherited from deviceConfiguration |
| description | String | Admin provided description of the Device Configuration. Inherited from deviceConfiguration |
| displayName | String | Admin provided name of the device configuration. Inherited from deviceConfiguration |
| version | Int32 | Version of the device configuration. Inherited from deviceConfiguration |
| accountName | String | Exchange ActiveSync account name, displayed to users as name of EAS (this) profile. |
| authenticationMethod | easAuthenticationMethod | Authentication method for Exchange ActiveSync. Possible values are: usernameAndPassword, certificate, derivedCredential. |
| syncCalendar | Boolean | Toggles syncing the calendar. If set to false calendar is turned off on the device. |
| syncContacts | Boolean | Toggles syncing contacts. If set to false contacts are turned off on the device. |
| syncTasks | Boolean | Toggles syncing tasks. If set to false tasks are turned off on the device. |
| syncNotes | Boolean | Toggles syncing notes. If set to false notes are turned off on the device. |
| durationOfEmailToSync | emailSyncDuration | Duration of time email should be synced to. Possible values are: userDefined, oneDay, threeDays, oneWeek, twoWeeks, oneMonth, unlimited. |
| emailAddressSource | userEmailSource | Email attribute that is picked from AAD and injected into this profile before installing on the device. Possible values are: userPrincipalName, primarySmtpAddress. |
| emailSyncSchedule | emailSyncSchedule | Email sync schedule. Possible values are: userDefined, asMessagesArrive, manual, fifteenMinutes, thirtyMinutes, sixtyMinutes, basedOnMyUsage. |
| hostName | String | Exchange location (URL) that the native mail app connects to. |
| requireSmime | Boolean | Indicates whether or not to use S/MIME certificate. |
| requireSsl | Boolean | Indicates whether or not to use SSL. |
| usernameSource | androidUsernameSource | Username attribute that is picked from AAD and injected into this profile before installing on the device. Possible values are: username, userPrincipalName, samAccountName, primarySmtpAddress. |
| userDomainNameSource | domainNameSource | UserDomainname attribute that is picked from AAD and injected into this profile before installing on the device. Possible values are: fullDomainName, netBiosDomainName. |
| customDomainName | String | Custom domain name value used while generating an email profile before installing on the device. |
Graph reference: androidEnterpriseWiFiConfiguration
| Property | Type | Description |
|---|---|---|
| id | String | Key of the entity. Inherited from deviceConfiguration |
| lastModifiedDateTime | DateTimeOffset | DateTime the object was last modified. Inherited from deviceConfiguration |
| roleScopeTagIds | String collection | List of Scope Tags for this Entity instance. Inherited from deviceConfiguration |
| supportsScopeTags | Boolean | Indicates whether or not the underlying Device Configuration supports the assignment of scope tags. Assigning to the ScopeTags property is not allowed when this value is false and entities will not be visible to scoped users. This occurs for Legacy policies created in Silverlight and can be resolved by deleting and recreating the policy in the Azure Portal. This property is read-only. Inherited from deviceConfiguration |
| deviceManagementApplicabilityRuleOsEdition | deviceManagementApplicabilityRuleOsEdition | The OS edition applicability for this Policy. Inherited from deviceConfiguration |
| deviceManagementApplicabilityRuleOsVersion | deviceManagementApplicabilityRuleOsVersion | The OS version applicability rule for this Policy. Inherited from deviceConfiguration |
| deviceManagementApplicabilityRuleDeviceMode | deviceManagementApplicabilityRuleDeviceMode | The device mode applicability rule for this Policy. Inherited from deviceConfiguration |
| createdDateTime | DateTimeOffset | DateTime the object was created. Inherited from deviceConfiguration |
| description | String | Admin provided description of the Device Configuration. Inherited from deviceConfiguration |
| displayName | String | Admin provided name of the device configuration. Inherited from deviceConfiguration |
| version | Int32 | Version of the device configuration. Inherited from deviceConfiguration |
| networkName | String | Network Name Inherited from androidWiFiConfiguration |
| ssid | String | This is the name of the Wi-Fi network that is broadcast to all devices. Inherited from androidWiFiConfiguration |
| connectAutomatically | Boolean | Connect automatically when this network is in range. Setting this to true will skip the user prompt and automatically connect the device to Wi-Fi network. Inherited from androidWiFiConfiguration |
| connectWhenNetworkNameIsHidden | Boolean | When set to true, this profile forces the device to connect to a network that doesn't broadcast its SSID to all devices. Inherited from androidWiFiConfiguration |
| wiFiSecurityType | androidWiFiSecurityType | Indicates whether Wi-Fi endpoint uses an EAP based security type. Inherited from androidWiFiConfiguration. Possible values are: open, wpaEnterprise, wpa2Enterprise, wep, wpaPersonal, unknownFutureValue. |
| eapType | androidEapType | Indicates the type of EAP protocol set on the Wi-Fi endpoint (router). Possible values are: eapTls, eapTtls, peap. |
| trustedServerCertificateNames | String collection | Trusted server certificate names when EAP Type is configured to EAP-TLS/TTLS/FAST or PEAP. This is the common name used in the certificates issued by your trusted certificate authority (CA). If you provide this information, you can bypass the dynamic trust dialog that is displayed on end users' devices when they connect to this Wi-Fi network. |
| authenticationMethod | wiFiAuthenticationMethod | Indicates the Authentication Method the client (device) needs to use when the EAP Type is configured to PEAP or EAP-TTLS. Possible values are: certificate, usernameAndPassword, derivedCredential. |
| innerAuthenticationProtocolForEapTtls | nonEapAuthenticationMethodForEapTtlsType | Non-EAP Method for Authentication (Inner Identity) when EAP Type is EAP-TTLS and Authenticationmethod is Username and Password. Possible values are: unencryptedPassword, challengeHandshakeAuthenticationProtocol, microsoftChap, microsoftChapVersionTwo. |
| innerAuthenticationProtocolForPeap | nonEapAuthenticationMethodForPeap | Non-EAP Method for Authentication (Inner Identity) when EAP Type is PEAP and Authenticationmethod is Username and Password. Possible values are: none, microsoftChapVersionTwo. |
| outerIdentityPrivacyTemporaryValue | String | Enable identity privacy (Outer Identity) when EAP Type is configured to EAP-TTLS or PEAP. The String provided here is used to mask the username of individual users when they attempt to connect to Wi-Fi network. |
| usernameFormatString | String | Username format string used to build the username to connect to wifi |
| passwordFormatString | String | Password format string used to build the password to connect to wifi |
| preSharedKey | String | PreSharedKey used to build the password to connect to wifi |
Graph reference: androidForWorkCertificateProfileBase
| Property | Type | Description |
|---|---|---|
| id | String | Key of the entity. Inherited from deviceConfiguration |
| lastModifiedDateTime | DateTimeOffset | DateTime the object was last modified. Inherited from deviceConfiguration |
| roleScopeTagIds | String collection | List of Scope Tags for this Entity instance. Inherited from deviceConfiguration |
| supportsScopeTags | Boolean | Indicates whether or not the underlying Device Configuration supports the assignment of scope tags. Assigning to the ScopeTags property is not allowed when this value is false and entities will not be visible to scoped users. This occurs for Legacy policies created in Silverlight and can be resolved by deleting and recreating the policy in the Azure Portal. This property is read-only. Inherited from deviceConfiguration |
| deviceManagementApplicabilityRuleOsEdition | deviceManagementApplicabilityRuleOsEdition | The OS edition applicability for this Policy. Inherited from deviceConfiguration |
| deviceManagementApplicabilityRuleOsVersion | deviceManagementApplicabilityRuleOsVersion | The OS version applicability rule for this Policy. Inherited from deviceConfiguration |
| deviceManagementApplicabilityRuleDeviceMode | deviceManagementApplicabilityRuleDeviceMode | The device mode applicability rule for this Policy. Inherited from deviceConfiguration |
| createdDateTime | DateTimeOffset | DateTime the object was created. Inherited from deviceConfiguration |
| description | String | Admin provided description of the Device Configuration. Inherited from deviceConfiguration |
| displayName | String | Admin provided name of the device configuration. Inherited from deviceConfiguration |
| version | Int32 | Version of the device configuration. Inherited from deviceConfiguration |
| renewalThresholdPercentage | Int32 | Certificate renewal threshold percentage. Valid values 1 to 99 |
| subjectNameFormat | subjectNameFormat | Certificate Subject Name Format. Possible values are: commonName, commonNameIncludingEmail, commonNameAsEmail, custom, commonNameAsIMEI, commonNameAsSerialNumber, commonNameAsAadDeviceId, commonNameAsIntuneDeviceId, commonNameAsDurableDeviceId. |
| certificateValidityPeriodValue | Int32 | Value for the Certificate Validity Period. |
| certificateValidityPeriodScale | certificateValidityPeriodScale | Scale for the Certificate Validity Period. Possible values are: days, months, years. |
| extendedKeyUsages | extendedKeyUsage collection | Extended Key Usage (EKU) settings. This collection can contain a maximum of 500 elements. |
| subjectAlternativeNameType | subjectAlternativeNameType | Certificate Subject Alternative Name Type. Possible values are: none, emailAddress, userPrincipalName, customAzureADAttribute, domainNameService, universalResourceIdentifier. |
Graph reference: androidForWorkCompliancePolicy
| Property | Type | Description |
|---|---|---|
| roleScopeTagIds | String collection | List of Scope Tags for this Entity instance. Inherited from deviceCompliancePolicy |
| id | String | Key of the entity. Inherited from deviceCompliancePolicy |
| createdDateTime | DateTimeOffset | DateTime the object was created. Inherited from deviceCompliancePolicy |
| description | String | Admin provided description of the Device Configuration. Inherited from deviceCompliancePolicy |
| lastModifiedDateTime | DateTimeOffset | DateTime the object was last modified. Inherited from deviceCompliancePolicy |
| displayName | String | Admin provided name of the device configuration. Inherited from deviceCompliancePolicy |
| version | Int32 | Version of the device configuration. Inherited from deviceCompliancePolicy |
| passwordRequired | Boolean | Require a password to unlock device. |
| passwordMinimumLength | Int32 | Minimum password length. Valid values 4 to 16 |
| passwordRequiredType | androidRequiredPasswordType | Type of characters in password. Possible values are: deviceDefault, alphabetic, alphanumeric, alphanumericWithSymbols, lowSecurityBiometric, numeric, numericComplex, any. |
| requiredPasswordComplexity | androidRequiredPasswordComplexity | Indicates the required device password complexity on Android. One of: NONE, LOW, MEDIUM, HIGH. This is a new API targeted to Android API 12+. Possible values are: none, low, medium, high. |
| passwordMinutesOfInactivityBeforeLock | Int32 | Minutes of inactivity before a password is required. |
| passwordExpirationDays | Int32 | Number of days before the password expires. Valid values 1 to 365 |
| passwordPreviousPasswordBlockCount | Int32 | Number of previous passwords to block. Valid values 1 to 24 |
| passwordSignInFailureCountBeforeFactoryReset | Int32 | Number of sign-in failures allowed before factory reset. Valid values 1 to 16 |
| workProfilePasswordExpirationInDays | Int32 | Number of days before the work profile password expires. Valid values 1 to 365 |
| workProfilePasswordMinimumLength | Int32 | Minimum length of work profile password. Valid values 4 to 16 |
| workProfileInactiveBeforeScreenLockInMinutes | Int32 | Minutes of inactivity before the screen times out. |
| workProfilePreviousPasswordBlockCount | Int32 | Number of previous work profile passwords to block. Valid values 0 to 24 |
| workProfilePasswordRequiredType | androidForWorkRequiredPasswordType | Type of work profile password that is required. Possible values are: deviceDefault, lowSecurityBiometric, required, atLeastNumeric, numericComplex, atLeastAlphabetic, atLeastAlphanumeric, alphanumericWithSymbols. |
| workProfileRequiredPasswordComplexity | androidRequiredPasswordComplexity | Indicates the required work profile password complexity on Android. One of: NONE, LOW, MEDIUM, HIGH. This is a new API targeted to Android 12+. Possible values are: none, low, medium, high. |
| workProfileRequirePassword | Boolean | Password is required or not for work profile |
| securityPreventInstallAppsFromUnknownSources | Boolean | Require that devices disallow installation of apps from unknown sources. |
| securityDisableUsbDebugging | Boolean | Disable USB debugging on Android devices. |
| securityRequireVerifyApps | Boolean | Require the Android Verify apps feature is turned on. |
| deviceThreatProtectionEnabled | Boolean | Require that devices have enabled device threat protection. |
| deviceThreatProtectionRequiredSecurityLevel | deviceThreatProtectionLevel | Require Mobile Threat Protection minimum risk level to report noncompliance. Possible values are: unavailable, secured, low, medium, high, notSet. |
| securityBlockJailbrokenDevices | Boolean | Indicates the device should not be rooted. When TRUE, if the device is detected as rooted it will be reported non-compliant. When FALSE, the device is not reported as non-compliant regardless of device rooted state. Default is FALSE. |
| osMinimumVersion | String | Minimum Android version. |
| osMaximumVersion | String | Maximum Android version. |
| minAndroidSecurityPatchLevel | String | Minimum Android security patch level. |
| storageRequireEncryption | Boolean | Require encryption on Android devices. |
| securityRequireSafetyNetAttestationBasicIntegrity | Boolean | Require the device to pass the Play Integrity basic integrity check. |
| securityRequireSafetyNetAttestationCertifiedDevice | Boolean | Require the device to pass the Play Integrity device integrity check. |
| securityRequireGooglePlayServices | Boolean | Require Google Play Services to be installed and enabled on the device. |
| securityRequireUpToDateSecurityProviders | Boolean | Require the device to have up to date security providers. The device will require Google Play Services to be enabled and up to date. |
| securityRequireCompanyPortalAppIntegrity | Boolean | Require the device to pass the Company Portal client app runtime integrity check. |
| securityRequiredAndroidSafetyNetEvaluationType | androidSafetyNetEvaluationType | Require a specific SafetyNet evaluation type for compliance. Possible values are: basic, hardwareBacked. |
Graph reference: androidForWorkCustomConfiguration
| Property | Type | Description |
|---|---|---|
| id | String | Key of the entity. Inherited from deviceConfiguration |
| lastModifiedDateTime | DateTimeOffset | DateTime the object was last modified. Inherited from deviceConfiguration |
| roleScopeTagIds | String collection | List of Scope Tags for this Entity instance. Inherited from deviceConfiguration |
| supportsScopeTags | Boolean | Indicates whether or not the underlying Device Configuration supports the assignment of scope tags. Assigning to the ScopeTags property is not allowed when this value is false and entities will not be visible to scoped users. This occurs for Legacy policies created in Silverlight and can be resolved by deleting and recreating the policy in the Azure Portal. This property is read-only. Inherited from deviceConfiguration |
| deviceManagementApplicabilityRuleOsEdition | deviceManagementApplicabilityRuleOsEdition | The OS edition applicability for this Policy. Inherited from deviceConfiguration |
| deviceManagementApplicabilityRuleOsVersion | deviceManagementApplicabilityRuleOsVersion | The OS version applicability rule for this Policy. Inherited from deviceConfiguration |
| deviceManagementApplicabilityRuleDeviceMode | deviceManagementApplicabilityRuleDeviceMode | The device mode applicability rule for this Policy. Inherited from deviceConfiguration |
| createdDateTime | DateTimeOffset | DateTime the object was created. Inherited from deviceConfiguration |
| description | String | Admin provided description of the Device Configuration. Inherited from deviceConfiguration |
| displayName | String | Admin provided name of the device configuration. Inherited from deviceConfiguration |
| version | Int32 | Version of the device configuration. Inherited from deviceConfiguration |
| omaSettings | omaSetting collection | OMA settings. This collection can contain a maximum of 500 elements. |
Graph reference: androidForWorkEasEmailProfileBase
| Property | Type | Description |
|---|---|---|
| id | String | Key of the entity. Inherited from deviceConfiguration |
| lastModifiedDateTime | DateTimeOffset | DateTime the object was last modified. Inherited from deviceConfiguration |
| roleScopeTagIds | String collection | List of Scope Tags for this Entity instance. Inherited from deviceConfiguration |
| supportsScopeTags | Boolean | Indicates whether or not the underlying Device Configuration supports the assignment of scope tags. Assigning to the ScopeTags property is not allowed when this value is false and entities will not be visible to scoped users. This occurs for Legacy policies created in Silverlight and can be resolved by deleting and recreating the policy in the Azure Portal. This property is read-only. Inherited from deviceConfiguration |
| deviceManagementApplicabilityRuleOsEdition | deviceManagementApplicabilityRuleOsEdition | The OS edition applicability for this Policy. Inherited from deviceConfiguration |
| deviceManagementApplicabilityRuleOsVersion | deviceManagementApplicabilityRuleOsVersion | The OS version applicability rule for this Policy. Inherited from deviceConfiguration |
| deviceManagementApplicabilityRuleDeviceMode | deviceManagementApplicabilityRuleDeviceMode | The device mode applicability rule for this Policy. Inherited from deviceConfiguration |
| createdDateTime | DateTimeOffset | DateTime the object was created. Inherited from deviceConfiguration |
| description | String | Admin provided description of the Device Configuration. Inherited from deviceConfiguration |
| displayName | String | Admin provided name of the device configuration. Inherited from deviceConfiguration |
| version | Int32 | Version of the device configuration. Inherited from deviceConfiguration |
| authenticationMethod | easAuthenticationMethod | Authentication method for Exchange ActiveSync. Possible values are: usernameAndPassword, certificate, derivedCredential. |
| durationOfEmailToSync | emailSyncDuration | Duration of time email should be synced to. Possible values are: userDefined, oneDay, threeDays, oneWeek, twoWeeks, oneMonth, unlimited. |
| emailAddressSource | userEmailSource | Email attribute that is picked from AAD and injected into this profile before installing on the device. Possible values are: userPrincipalName, primarySmtpAddress. |
| hostName | String | Exchange location (URL) that the mail app connects to. |
| requireSsl | Boolean | Indicates whether or not to use SSL. |
| usernameSource | androidUsernameSource | Username attribute that is picked from AAD and injected into this profile before installing on the device. Possible values are: username, userPrincipalName, samAccountName, primarySmtpAddress. |
Graph reference: androidForWorkEnterpriseWiFiConfiguration
| Property | Type | Description |
|---|---|---|
| id | String | Key of the entity. Inherited from deviceConfiguration |
| lastModifiedDateTime | DateTimeOffset | DateTime the object was last modified. Inherited from deviceConfiguration |
| roleScopeTagIds | String collection | List of Scope Tags for this Entity instance. Inherited from deviceConfiguration |
| supportsScopeTags | Boolean | Indicates whether or not the underlying Device Configuration supports the assignment of scope tags. Assigning to the ScopeTags property is not allowed when this value is false and entities will not be visible to scoped users. This occurs for Legacy policies created in Silverlight and can be resolved by deleting and recreating the policy in the Azure Portal. This property is read-only. Inherited from deviceConfiguration |
| deviceManagementApplicabilityRuleOsEdition | deviceManagementApplicabilityRuleOsEdition | The OS edition applicability for this Policy. Inherited from deviceConfiguration |
| deviceManagementApplicabilityRuleOsVersion | deviceManagementApplicabilityRuleOsVersion | The OS version applicability rule for this Policy. Inherited from deviceConfiguration |
| deviceManagementApplicabilityRuleDeviceMode | deviceManagementApplicabilityRuleDeviceMode | The device mode applicability rule for this Policy. Inherited from deviceConfiguration |
| createdDateTime | DateTimeOffset | DateTime the object was created. Inherited from deviceConfiguration |
| description | String | Admin provided description of the Device Configuration. Inherited from deviceConfiguration |
| displayName | String | Admin provided name of the device configuration. Inherited from deviceConfiguration |
| version | Int32 | Version of the device configuration. Inherited from deviceConfiguration |
| networkName | String | Network Name Inherited from androidForWorkWiFiConfiguration |
| ssid | String | This is the name of the Wi-Fi network that is broadcast to all devices. Inherited from androidForWorkWiFiConfiguration |
| connectAutomatically | Boolean | Connect automatically when this network is in range. Setting this to true will skip the user prompt and automatically connect the device to Wi-Fi network. Inherited from androidForWorkWiFiConfiguration |
| connectWhenNetworkNameIsHidden | Boolean | When set to true, this profile forces the device to connect to a network that doesn't broadcast its SSID to all devices. Inherited from androidForWorkWiFiConfiguration |
| wiFiSecurityType | androidWiFiSecurityType | Indicates whether Wi-Fi endpoint uses an EAP based security type. Inherited from androidForWorkWiFiConfiguration. Possible values are: open, wpaEnterprise, wpa2Enterprise, wep, wpaPersonal, unknownFutureValue. |
| eapType | androidEapType | Indicates the type of EAP protocol set on the Wi-Fi endpoint (router). Possible values are: eapTls, eapTtls, peap. |
| trustedServerCertificateNames | String collection | Trusted server certificate names when EAP Type is configured to EAP-TLS/TTLS/FAST or PEAP. This is the common name used in the certificates issued by your trusted certificate authority (CA). If you provide this information, you can bypass the dynamic trust dialog that is displayed on end users' devices when they connect to this Wi-Fi network. |
| authenticationMethod | wiFiAuthenticationMethod | Indicates the Authentication Method the client (device) needs to use when the EAP Type is configured to PEAP or EAP-TTLS. Possible values are: certificate, usernameAndPassword, derivedCredential. |
| innerAuthenticationProtocolForEapTtls | nonEapAuthenticationMethodForEapTtlsType | Non-EAP Method for Authentication (Inner Identity) when EAP Type is EAP-TTLS and Authenticationmethod is Username and Password. Possible values are: unencryptedPassword, challengeHandshakeAuthenticationProtocol, microsoftChap, microsoftChapVersionTwo. |
| innerAuthenticationProtocolForPeap | nonEapAuthenticationMethodForPeap | Non-EAP Method for Authentication (Inner Identity) when EAP Type is PEAP and Authenticationmethod is Username and Password. Possible values are: none, microsoftChapVersionTwo. |
| outerIdentityPrivacyTemporaryValue | String | Enable identity privacy (Outer Identity) when EAP Type is configured to EAP-TTLS or PEAP. The String provided here is used to mask the username of individual users when they attempt to connect to Wi-Fi network. |
Graph reference: androidForWorkGeneralDeviceConfiguration
| Property | Type | Description |
|---|---|---|
| id | String | Key of the entity. Inherited from deviceConfiguration |
| lastModifiedDateTime | DateTimeOffset | DateTime the object was last modified. Inherited from deviceConfiguration |
| roleScopeTagIds | String collection | List of Scope Tags for this Entity instance. Inherited from deviceConfiguration |
| supportsScopeTags | Boolean | Indicates whether or not the underlying Device Configuration supports the assignment of scope tags. Assigning to the ScopeTags property is not allowed when this value is false and entities will not be visible to scoped users. This occurs for Legacy policies created in Silverlight and can be resolved by deleting and recreating the policy in the Azure Portal. This property is read-only. Inherited from deviceConfiguration |
| deviceManagementApplicabilityRuleOsEdition | deviceManagementApplicabilityRuleOsEdition | The OS edition applicability for this Policy. Inherited from deviceConfiguration |
| deviceManagementApplicabilityRuleOsVersion | deviceManagementApplicabilityRuleOsVersion | The OS version applicability rule for this Policy. Inherited from deviceConfiguration |
| deviceManagementApplicabilityRuleDeviceMode | deviceManagementApplicabilityRuleDeviceMode | The device mode applicability rule for this Policy. Inherited from deviceConfiguration |
| createdDateTime | DateTimeOffset | DateTime the object was created. Inherited from deviceConfiguration |
| description | String | Admin provided description of the Device Configuration. Inherited from deviceConfiguration |
| displayName | String | Admin provided name of the device configuration. Inherited from deviceConfiguration |
| version | Int32 | Version of the device configuration. Inherited from deviceConfiguration |
| passwordBlockFaceUnlock | Boolean | Indicates whether or not to block face unlock. |
| passwordBlockFingerprintUnlock | Boolean | Indicates whether or not to block fingerprint unlock. |
| passwordBlockIrisUnlock | Boolean | Indicates whether or not to block iris unlock. |
| passwordBlockTrustAgents | Boolean | Indicates whether or not to block Smart Lock and other trust agents. |
| passwordExpirationDays | Int32 | Number of days before the password expires. Valid values 1 to 365 |
| passwordMinimumLength | Int32 | Minimum length of passwords. Valid values 4 to 16 |
| passwordMinutesOfInactivityBeforeScreenTimeout | Int32 | Minutes of inactivity before the screen times out. |
| passwordPreviousPasswordBlockCount | Int32 | Number of previous passwords to block. Valid values 0 to 24 |
| passwordSignInFailureCountBeforeFactoryReset | Int32 | Number of sign in failures allowed before factory reset. Valid values 1 to 16 |
| passwordRequiredType | androidForWorkRequiredPasswordType | Type of password that is required. Possible values are: deviceDefault, lowSecurityBiometric, required, atLeastNumeric, numericComplex, atLeastAlphabetic, atLeastAlphanumeric, alphanumericWithSymbols. |
| requiredPasswordComplexity | androidRequiredPasswordComplexity | Indicates the required device password complexity on Android. One of: NONE, LOW, MEDIUM, HIGH. This is a new API targeted to Android 12+. Possible values are: none, low, medium, high. |
| workProfileDataSharingType | androidForWorkCrossProfileDataSharingType | Type of data sharing that is allowed. Possible values are: deviceDefault, preventAny, allowPersonalToWork, noRestrictions. |
| workProfileBlockNotificationsWhileDeviceLocked | Boolean | Indicates whether or not to block notifications while device locked. |
| workProfileBlockAddingAccounts | Boolean | Block users from adding/removing accounts in work profile. |
| workProfileBluetoothEnableContactSharing | Boolean | Allow bluetooth devices to access enterprise contacts. |
| workProfileBlockScreenCapture | Boolean | Block screen capture in work profile. |
| workProfileBlockCrossProfileCallerId | Boolean | Block display work profile caller ID in personal profile. |
| workProfileBlockCamera | Boolean | Block work profile camera. |
| workProfileBlockCrossProfileContactsSearch | Boolean | Block work profile contacts availability in personal profile. |
| workProfileBlockCrossProfileCopyPaste | Boolean | Boolean that indicates if the setting disallow cross profile copy/paste is enabled. |
| workProfileDefaultAppPermissionPolicy | androidForWorkDefaultAppPermissionPolicyType | Type of password that is required. Possible values are: deviceDefault, prompt, autoGrant, autoDeny. |
| workProfilePasswordBlockFaceUnlock | Boolean | Indicates whether or not to block face unlock for work profile. |
| workProfilePasswordBlockFingerprintUnlock | Boolean | Indicates whether or not to block fingerprint unlock for work profile. |
| workProfilePasswordBlockIrisUnlock | Boolean | Indicates whether or not to block iris unlock for work profile. |
| workProfilePasswordBlockTrustAgents | Boolean | Indicates whether or not to block Smart Lock and other trust agents for work profile. |
| workProfilePasswordExpirationDays | Int32 | Number of days before the work profile password expires. Valid values 1 to 365 |
| workProfilePasswordMinimumLength | Int32 | Minimum length of work profile password. Valid values 4 to 16 |
| workProfilePasswordMinNumericCharacters | Int32 | Minimum # of numeric characters required in work profile password. Valid values 1 to 10 |
| workProfilePasswordMinNonLetterCharacters | Int32 | Minimum # of non-letter characters required in work profile password. Valid values 1 to 10 |
| workProfilePasswordMinLetterCharacters | Int32 | Minimum # of letter characters required in work profile password. Valid values 1 to 10 |
| workProfilePasswordMinLowerCaseCharacters | Int32 | Minimum # of lower-case characters required in work profile password. Valid values 1 to 10 |
| workProfilePasswordMinUpperCaseCharacters | Int32 | Minimum # of upper-case characters required in work profile password. Valid values 1 to 10 |
| workProfilePasswordMinSymbolCharacters | Int32 | Minimum # of symbols required in work profile password. Valid values 1 to 10 |
| workProfilePasswordMinutesOfInactivityBeforeScreenTimeout | Int32 | Minutes of inactivity before the screen times out. |
| workProfilePasswordPreviousPasswordBlockCount | Int32 | Number of previous work profile passwords to block. Valid values 0 to 24 |
| workProfilePasswordSignInFailureCountBeforeFactoryReset | Int32 | Number of sign in failures allowed before work profile is removed and all corporate data deleted. Valid values 1 to 16 |
| workProfilePasswordRequiredType | androidForWorkRequiredPasswordType | Type of work profile password that is required. Possible values are: deviceDefault, lowSecurityBiometric, required, atLeastNumeric, numericComplex, atLeastAlphabetic, atLeastAlphanumeric, alphanumericWithSymbols. |
| workProfileRequiredPasswordComplexity | androidRequiredPasswordComplexity | Indicates the required work profile password complexity on Android. One of: NONE, LOW, MEDIUM, HIGH. This is a new API targeted to Android 12+. Possible values are: none, low, medium, high. |
| workProfileRequirePassword | Boolean | Password is required or not for work profile |
| securityRequireVerifyApps | Boolean | Require the Android Verify apps feature is turned on. |
| vpnAlwaysOnPackageIdentifier | String | Enable lockdown mode for always-on VPN. |
| vpnEnableAlwaysOnLockdownMode | Boolean | Enable lockdown mode for always-on VPN. |
| workProfileAllowWidgets | Boolean | Allow widgets from work profile apps. |
| workProfileBlockPersonalAppInstallsFromUnknownSources | Boolean | Prevent app installations from unknown sources in the personal profile. |
| workProfileAccountUse | androidWorkProfileAccountUse | Control user's ability to add accounts in work profile including Google accounts. Possible values are: allowAllExceptGoogleAccounts, blockAll, allowAll, unknownFutureValue. |
| allowedGoogleAccountDomains | String collection | Determine domains allow-list for accounts that can be added to work profile. |
| blockUnifiedPasswordForWorkProfile | Boolean | Prevent using unified password for unlocking device and work profile. |
Graph reference: androidForWorkGmailEasConfiguration
| Property | Type | Description |
|---|---|---|
| id | String | Key of the entity. Inherited from deviceConfiguration |
| lastModifiedDateTime | DateTimeOffset | DateTime the object was last modified. Inherited from deviceConfiguration |
| roleScopeTagIds | String collection | List of Scope Tags for this Entity instance. Inherited from deviceConfiguration |
| supportsScopeTags | Boolean | Indicates whether or not the underlying Device Configuration supports the assignment of scope tags. Assigning to the ScopeTags property is not allowed when this value is false and entities will not be visible to scoped users. This occurs for Legacy policies created in Silverlight and can be resolved by deleting and recreating the policy in the Azure Portal. This property is read-only. Inherited from deviceConfiguration |
| deviceManagementApplicabilityRuleOsEdition | deviceManagementApplicabilityRuleOsEdition | The OS edition applicability for this Policy. Inherited from deviceConfiguration |
| deviceManagementApplicabilityRuleOsVersion | deviceManagementApplicabilityRuleOsVersion | The OS version applicability rule for this Policy. Inherited from deviceConfiguration |
| deviceManagementApplicabilityRuleDeviceMode | deviceManagementApplicabilityRuleDeviceMode | The device mode applicability rule for this Policy. Inherited from deviceConfiguration |
| createdDateTime | DateTimeOffset | DateTime the object was created. Inherited from deviceConfiguration |
| description | String | Admin provided description of the Device Configuration. Inherited from deviceConfiguration |
| displayName | String | Admin provided name of the device configuration. Inherited from deviceConfiguration |
| version | Int32 | Version of the device configuration. Inherited from deviceConfiguration |
| authenticationMethod | easAuthenticationMethod | Authentication method for Exchange ActiveSync. Inherited from androidForWorkEasEmailProfileBase. Possible values are: usernameAndPassword, certificate, derivedCredential. |
| durationOfEmailToSync | emailSyncDuration | Duration of time email should be synced to. Inherited from androidForWorkEasEmailProfileBase. Possible values are: userDefined, oneDay, threeDays, oneWeek, twoWeeks, oneMonth, unlimited. |
| emailAddressSource | userEmailSource | Email attribute that is picked from AAD and injected into this profile before installing on the device. Inherited from androidForWorkEasEmailProfileBase. Possible values are: userPrincipalName, primarySmtpAddress. |
| hostName | String | Exchange location (URL) that the mail app connects to. Inherited from androidForWorkEasEmailProfileBase |
| requireSsl | Boolean | Indicates whether or not to use SSL. Inherited from androidForWorkEasEmailProfileBase |
| usernameSource | androidUsernameSource | Username attribute that is picked from AAD and injected into this profile before installing on the device. Inherited from androidForWorkEasEmailProfileBase. Possible values are: username, userPrincipalName, samAccountName, primarySmtpAddress. |
Graph reference: androidForWorkImportedPFXCertificateProfile
| Property | Type | Description |
|---|---|---|
| id | String | Key of the entity. Inherited from deviceConfiguration |
| lastModifiedDateTime | DateTimeOffset | DateTime the object was last modified. Inherited from deviceConfiguration |
| roleScopeTagIds | String collection | List of Scope Tags for this Entity instance. Inherited from deviceConfiguration |
| supportsScopeTags | Boolean | Indicates whether or not the underlying Device Configuration supports the assignment of scope tags. Assigning to the ScopeTags property is not allowed when this value is false and entities will not be visible to scoped users. This occurs for Legacy policies created in Silverlight and can be resolved by deleting and recreating the policy in the Azure Portal. This property is read-only. Inherited from deviceConfiguration |
| deviceManagementApplicabilityRuleOsEdition | deviceManagementApplicabilityRuleOsEdition | The OS edition applicability for this Policy. Inherited from deviceConfiguration |
| deviceManagementApplicabilityRuleOsVersion | deviceManagementApplicabilityRuleOsVersion | The OS version applicability rule for this Policy. Inherited from deviceConfiguration |
| deviceManagementApplicabilityRuleDeviceMode | deviceManagementApplicabilityRuleDeviceMode | The device mode applicability rule for this Policy. Inherited from deviceConfiguration |
| createdDateTime | DateTimeOffset | DateTime the object was created. Inherited from deviceConfiguration |
| description | String | Admin provided description of the Device Configuration. Inherited from deviceConfiguration |
| displayName | String | Admin provided name of the device configuration. Inherited from deviceConfiguration |
| version | Int32 | Version of the device configuration. Inherited from deviceConfiguration |
| renewalThresholdPercentage | Int32 | Certificate renewal threshold percentage. Valid values 1 to 99 Inherited from androidCertificateProfileBase |
| subjectNameFormat | subjectNameFormat | Certificate Subject Name Format. Inherited from androidCertificateProfileBase. Possible values are: commonName, commonNameIncludingEmail, commonNameAsEmail, custom, commonNameAsIMEI, commonNameAsSerialNumber, commonNameAsAadDeviceId, commonNameAsIntuneDeviceId, commonNameAsDurableDeviceId. |
| subjectAlternativeNameType | subjectAlternativeNameType | Certificate Subject Alternative Name Type. Inherited from androidCertificateProfileBase. Possible values are: none, emailAddress, userPrincipalName, customAzureADAttribute, domainNameService, universalResourceIdentifier. |
| certificateValidityPeriodValue | Int32 | Value for the Certificate Validity Period. Inherited from androidCertificateProfileBase |
| certificateValidityPeriodScale | certificateValidityPeriodScale | Scale for the Certificate Validity Period. Inherited from androidCertificateProfileBase. Possible values are: days, months, years. |
| extendedKeyUsages | extendedKeyUsage collection | Extended Key Usage (EKU) settings. This collection can contain a maximum of 500 elements. Inherited from androidCertificateProfileBase |
| intendedPurpose | intendedPurpose | Intended Purpose of the Certificate Profile - which could be Unassigned, SmimeEncryption, SmimeSigning etc. Possible values are: unassigned, smimeEncryption, smimeSigning, vpn, wifi. |
Graph reference: androidForWorkNineWorkEasConfiguration
| Property | Type | Description |
|---|---|---|
| id | String | Key of the entity. Inherited from deviceConfiguration |
| lastModifiedDateTime | DateTimeOffset | DateTime the object was last modified. Inherited from deviceConfiguration |
| roleScopeTagIds | String collection | List of Scope Tags for this Entity instance. Inherited from deviceConfiguration |
| supportsScopeTags | Boolean | Indicates whether or not the underlying Device Configuration supports the assignment of scope tags. Assigning to the ScopeTags property is not allowed when this value is false and entities will not be visible to scoped users. This occurs for Legacy policies created in Silverlight and can be resolved by deleting and recreating the policy in the Azure Portal. This property is read-only. Inherited from deviceConfiguration |
| deviceManagementApplicabilityRuleOsEdition | deviceManagementApplicabilityRuleOsEdition | The OS edition applicability for this Policy. Inherited from deviceConfiguration |
| deviceManagementApplicabilityRuleOsVersion | deviceManagementApplicabilityRuleOsVersion | The OS version applicability rule for this Policy. Inherited from deviceConfiguration |
| deviceManagementApplicabilityRuleDeviceMode | deviceManagementApplicabilityRuleDeviceMode | The device mode applicability rule for this Policy. Inherited from deviceConfiguration |
| createdDateTime | DateTimeOffset | DateTime the object was created. Inherited from deviceConfiguration |
| description | String | Admin provided description of the Device Configuration. Inherited from deviceConfiguration |
| displayName | String | Admin provided name of the device configuration. Inherited from deviceConfiguration |
| version | Int32 | Version of the device configuration. Inherited from deviceConfiguration |
| authenticationMethod | easAuthenticationMethod | Authentication method for Exchange ActiveSync. Inherited from androidForWorkEasEmailProfileBase. Possible values are: usernameAndPassword, certificate, derivedCredential. |
| durationOfEmailToSync | emailSyncDuration | Duration of time email should be synced to. Inherited from androidForWorkEasEmailProfileBase. Possible values are: userDefined, oneDay, threeDays, oneWeek, twoWeeks, oneMonth, unlimited. |
| emailAddressSource | userEmailSource | Email attribute that is picked from AAD and injected into this profile before installing on the device. Inherited from androidForWorkEasEmailProfileBase. Possible values are: userPrincipalName, primarySmtpAddress. |
| hostName | String | Exchange location (URL) that the mail app connects to. Inherited from androidForWorkEasEmailProfileBase |
| requireSsl | Boolean | Indicates whether or not to use SSL. Inherited from androidForWorkEasEmailProfileBase |
| usernameSource | androidUsernameSource | Username attribute that is picked from AAD and injected into this profile before installing on the device. Inherited from androidForWorkEasEmailProfileBase. Possible values are: username, userPrincipalName, samAccountName, primarySmtpAddress. |
| syncCalendar | Boolean | Toggles syncing the calendar. If set to false the calendar is turned off on the device. |
| syncContacts | Boolean | Toggles syncing contacts. If set to false contacts are turned off on the device. |
| syncTasks | Boolean | Toggles syncing tasks. If set to false tasks are turned off on the device. |
Graph reference: androidForWorkPkcsCertificateProfile
| Property | Type | Description |
|---|---|---|
| id | String | Key of the entity. Inherited from deviceConfiguration |
| lastModifiedDateTime | DateTimeOffset | DateTime the object was last modified. Inherited from deviceConfiguration |
| roleScopeTagIds | String collection | List of Scope Tags for this Entity instance. Inherited from deviceConfiguration |
| supportsScopeTags | Boolean | Indicates whether or not the underlying Device Configuration supports the assignment of scope tags. Assigning to the ScopeTags property is not allowed when this value is false and entities will not be visible to scoped users. This occurs for Legacy policies created in Silverlight and can be resolved by deleting and recreating the policy in the Azure Portal. This property is read-only. Inherited from deviceConfiguration |
| deviceManagementApplicabilityRuleOsEdition | deviceManagementApplicabilityRuleOsEdition | The OS edition applicability for this Policy. Inherited from deviceConfiguration |
| deviceManagementApplicabilityRuleOsVersion | deviceManagementApplicabilityRuleOsVersion | The OS version applicability rule for this Policy. Inherited from deviceConfiguration |
| deviceManagementApplicabilityRuleDeviceMode | deviceManagementApplicabilityRuleDeviceMode | The device mode applicability rule for this Policy. Inherited from deviceConfiguration |
| createdDateTime | DateTimeOffset | DateTime the object was created. Inherited from deviceConfiguration |
| description | String | Admin provided description of the Device Configuration. Inherited from deviceConfiguration |
| displayName | String | Admin provided name of the device configuration. Inherited from deviceConfiguration |
| version | Int32 | Version of the device configuration. Inherited from deviceConfiguration |
| renewalThresholdPercentage | Int32 | Certificate renewal threshold percentage. Valid values 1 to 99 Inherited from androidForWorkCertificateProfileBase |
| subjectNameFormat | subjectNameFormat | Certificate Subject Name Format. Inherited from androidForWorkCertificateProfileBase. Possible values are: commonName, commonNameIncludingEmail, commonNameAsEmail, custom, commonNameAsIMEI, commonNameAsSerialNumber, commonNameAsAadDeviceId, commonNameAsIntuneDeviceId, commonNameAsDurableDeviceId. |
| certificateValidityPeriodValue | Int32 | Value for the Certificate Validity Period. Inherited from androidForWorkCertificateProfileBase |
| certificateValidityPeriodScale | certificateValidityPeriodScale | Scale for the Certificate Validity Period. Inherited from androidForWorkCertificateProfileBase. Possible values are: days, months, years. |
| extendedKeyUsages | extendedKeyUsage collection | Extended Key Usage (EKU) settings. This collection can contain a maximum of 500 elements. Inherited from androidForWorkCertificateProfileBase |
| subjectAlternativeNameType | subjectAlternativeNameType | Certificate Subject Alternative Name Type. Inherited from androidForWorkCertificateProfileBase. Possible values are: none, emailAddress, userPrincipalName, customAzureADAttribute, domainNameService, universalResourceIdentifier. |
| certificationAuthority | String | PKCS Certification Authority |
| certificationAuthorityName | String | PKCS Certification Authority Name |
| certificateTemplateName | String | PKCS Certificate Template Name |
| subjectAlternativeNameFormatString | String | Custom String that defines the AAD Attribute. |
Graph reference: androidForWorkScepCertificateProfile
| Property | Type | Description |
|---|---|---|
| id | String | Key of the entity. Inherited from deviceConfiguration |
| lastModifiedDateTime | DateTimeOffset | DateTime the object was last modified. Inherited from deviceConfiguration |
| roleScopeTagIds | String collection | List of Scope Tags for this Entity instance. Inherited from deviceConfiguration |
| supportsScopeTags | Boolean | Indicates whether or not the underlying Device Configuration supports the assignment of scope tags. Assigning to the ScopeTags property is not allowed when this value is false and entities will not be visible to scoped users. This occurs for Legacy policies created in Silverlight and can be resolved by deleting and recreating the policy in the Azure Portal. This property is read-only. Inherited from deviceConfiguration |
| deviceManagementApplicabilityRuleOsEdition | deviceManagementApplicabilityRuleOsEdition | The OS edition applicability for this Policy. Inherited from deviceConfiguration |
| deviceManagementApplicabilityRuleOsVersion | deviceManagementApplicabilityRuleOsVersion | The OS version applicability rule for this Policy. Inherited from deviceConfiguration |
| deviceManagementApplicabilityRuleDeviceMode | deviceManagementApplicabilityRuleDeviceMode | The device mode applicability rule for this Policy. Inherited from deviceConfiguration |
| createdDateTime | DateTimeOffset | DateTime the object was created. Inherited from deviceConfiguration |
| description | String | Admin provided description of the Device Configuration. Inherited from deviceConfiguration |
| displayName | String | Admin provided name of the device configuration. Inherited from deviceConfiguration |
| version | Int32 | Version of the device configuration. Inherited from deviceConfiguration |
| renewalThresholdPercentage | Int32 | Certificate renewal threshold percentage. Valid values 1 to 99 Inherited from androidForWorkCertificateProfileBase |
| subjectNameFormat | subjectNameFormat | Certificate Subject Name Format. Inherited from androidForWorkCertificateProfileBase. Possible values are: commonName, commonNameIncludingEmail, commonNameAsEmail, custom, commonNameAsIMEI, commonNameAsSerialNumber, commonNameAsAadDeviceId, commonNameAsIntuneDeviceId, commonNameAsDurableDeviceId. |
| certificateValidityPeriodValue | Int32 | Value for the Certificate Validity Period. Inherited from androidForWorkCertificateProfileBase |
| certificateValidityPeriodScale | certificateValidityPeriodScale | Scale for the Certificate Validity Period. Inherited from androidForWorkCertificateProfileBase. Possible values are: days, months, years. |
| extendedKeyUsages | extendedKeyUsage collection | Extended Key Usage (EKU) settings. This collection can contain a maximum of 500 elements. Inherited from androidForWorkCertificateProfileBase |
| subjectAlternativeNameType | subjectAlternativeNameType | Certificate Subject Alternative Name Type. Inherited from androidForWorkCertificateProfileBase. Possible values are: none, emailAddress, userPrincipalName, customAzureADAttribute, domainNameService, universalResourceIdentifier. |
| scepServerUrls | String collection | SCEP Server Url(s) |
| subjectNameFormatString | String | Custom format to use with SubjectNameFormat = Custom. Example: CN={{EmailAddress}},E={{EmailAddress}},OU=Enterprise Users,O=Contoso Corporation,L=Redmond,ST=WA,C=US |
| keyUsage | keyUsages | SCEP Key Usage. Possible values are: keyEncipherment, digitalSignature. |
| keySize | keySize | SCEP Key Size. Possible values are: size1024, size2048, size4096. |
| hashAlgorithm | hashAlgorithms | SCEP Hash Algorithm. Possible values are: sha1, sha2. |
| subjectAlternativeNameFormatString | String | Custom String that defines the AAD Attribute. |
| certificateStore | certificateStore | Target store certificate. Possible values are: user, machine. |
| customSubjectAlternativeNames | customSubjectAlternativeName collection | Custom Subject Alternative Name Settings. This collection can contain a maximum of 500 elements. |
Graph reference: androidForWorkTrustedRootCertificate
| Property | Type | Description |
|---|---|---|
| id | String | Key of the entity. Inherited from deviceConfiguration |
| lastModifiedDateTime | DateTimeOffset | DateTime the object was last modified. Inherited from deviceConfiguration |
| roleScopeTagIds | String collection | List of Scope Tags for this Entity instance. Inherited from deviceConfiguration |
| supportsScopeTags | Boolean | Indicates whether or not the underlying Device Configuration supports the assignment of scope tags. Assigning to the ScopeTags property is not allowed when this value is false and entities will not be visible to scoped users. This occurs for Legacy policies created in Silverlight and can be resolved by deleting and recreating the policy in the Azure Portal. This property is read-only. Inherited from deviceConfiguration |
| deviceManagementApplicabilityRuleOsEdition | deviceManagementApplicabilityRuleOsEdition | The OS edition applicability for this Policy. Inherited from deviceConfiguration |
| deviceManagementApplicabilityRuleOsVersion | deviceManagementApplicabilityRuleOsVersion | The OS version applicability rule for this Policy. Inherited from deviceConfiguration |
| deviceManagementApplicabilityRuleDeviceMode | deviceManagementApplicabilityRuleDeviceMode | The device mode applicability rule for this Policy. Inherited from deviceConfiguration |
| createdDateTime | DateTimeOffset | DateTime the object was created. Inherited from deviceConfiguration |
| description | String | Admin provided description of the Device Configuration. Inherited from deviceConfiguration |
| displayName | String | Admin provided name of the device configuration. Inherited from deviceConfiguration |
| version | Int32 | Version of the device configuration. Inherited from deviceConfiguration |
| trustedRootCertificate | Binary | Trusted Root Certificate |
| certFileName | String | File name to display in UI. |
Graph reference: androidForWorkVpnConfiguration
| Property | Type | Description |
|---|---|---|
| id | String | Key of the entity. Inherited from deviceConfiguration |
| lastModifiedDateTime | DateTimeOffset | DateTime the object was last modified. Inherited from deviceConfiguration |
| roleScopeTagIds | String collection | List of Scope Tags for this Entity instance. Inherited from deviceConfiguration |
| supportsScopeTags | Boolean | Indicates whether or not the underlying Device Configuration supports the assignment of scope tags. Assigning to the ScopeTags property is not allowed when this value is false and entities will not be visible to scoped users. This occurs for Legacy policies created in Silverlight and can be resolved by deleting and recreating the policy in the Azure Portal. This property is read-only. Inherited from deviceConfiguration |
| deviceManagementApplicabilityRuleOsEdition | deviceManagementApplicabilityRuleOsEdition | The OS edition applicability for this Policy. Inherited from deviceConfiguration |
| deviceManagementApplicabilityRuleOsVersion | deviceManagementApplicabilityRuleOsVersion | The OS version applicability rule for this Policy. Inherited from deviceConfiguration |
| deviceManagementApplicabilityRuleDeviceMode | deviceManagementApplicabilityRuleDeviceMode | The device mode applicability rule for this Policy. Inherited from deviceConfiguration |
| createdDateTime | DateTimeOffset | DateTime the object was created. Inherited from deviceConfiguration |
| description | String | Admin provided description of the Device Configuration. Inherited from deviceConfiguration |
| displayName | String | Admin provided name of the device configuration. Inherited from deviceConfiguration |
| version | Int32 | Version of the device configuration. Inherited from deviceConfiguration |
| connectionName | String | Connection name displayed to the user. |
| connectionType | androidForWorkVpnConnectionType | Connection type. Possible values are: ciscoAnyConnect, pulseSecure, f5EdgeClient, dellSonicWallMobileConnect, checkPointCapsuleVpn, citrix. |
| role | String | Role when connection type is set to Pulse Secure. |
| realm | String | Realm when connection type is set to Pulse Secure. |
| servers | vpnServer collection | List of VPN Servers on the network. Make sure end users can access these network locations. This collection can contain a maximum of 500 elements. |
| fingerprint | String | Fingerprint is a string that will be used to verify the VPN server can be trusted, which is only applicable when connection type is Check Point Capsule VPN. |
| customData | keyValue collection | Custom data when connection type is set to Citrix. This collection can contain a maximum of 25 elements. |
| customKeyValueData | keyValuePair collection | Custom data when connection type is set to Citrix. This collection can contain a maximum of 25 elements. |
| authenticationMethod | vpnAuthenticationMethod | Authentication method. Possible values are: certificate, usernameAndPassword, sharedSecret, derivedCredential, azureAD. |
Graph reference: androidForWorkWiFiConfiguration
| Property | Type | Description |
|---|---|---|
| id | String | Key of the entity. Inherited from deviceConfiguration |
| lastModifiedDateTime | DateTimeOffset | DateTime the object was last modified. Inherited from deviceConfiguration |
| roleScopeTagIds | String collection | List of Scope Tags for this Entity instance. Inherited from deviceConfiguration |
| supportsScopeTags | Boolean | Indicates whether or not the underlying Device Configuration supports the assignment of scope tags. Assigning to the ScopeTags property is not allowed when this value is false and entities will not be visible to scoped users. This occurs for Legacy policies created in Silverlight and can be resolved by deleting and recreating the policy in the Azure Portal. This property is read-only. Inherited from deviceConfiguration |
| deviceManagementApplicabilityRuleOsEdition | deviceManagementApplicabilityRuleOsEdition | The OS edition applicability for this Policy. Inherited from deviceConfiguration |
| deviceManagementApplicabilityRuleOsVersion | deviceManagementApplicabilityRuleOsVersion | The OS version applicability rule for this Policy. Inherited from deviceConfiguration |
| deviceManagementApplicabilityRuleDeviceMode | deviceManagementApplicabilityRuleDeviceMode | The device mode applicability rule for this Policy. Inherited from deviceConfiguration |
| createdDateTime | DateTimeOffset | DateTime the object was created. Inherited from deviceConfiguration |
| description | String | Admin provided description of the Device Configuration. Inherited from deviceConfiguration |
| displayName | String | Admin provided name of the device configuration. Inherited from deviceConfiguration |
| version | Int32 | Version of the device configuration. Inherited from deviceConfiguration |
| networkName | String | Network Name |
| ssid | String | This is the name of the Wi-Fi network that is broadcast to all devices. |
| connectAutomatically | Boolean | Connect automatically when this network is in range. Setting this to true will skip the user prompt and automatically connect the device to Wi-Fi network. |
| connectWhenNetworkNameIsHidden | Boolean | When set to true, this profile forces the device to connect to a network that doesn't broadcast its SSID to all devices. |
| wiFiSecurityType | androidWiFiSecurityType | Indicates whether Wi-Fi endpoint uses an EAP based security type. Possible values are: open, wpaEnterprise, wpa2Enterprise, wep, wpaPersonal, unknownFutureValue. |
Graph reference: androidGeneralDeviceConfiguration
| Property | Type | Description |
|---|---|---|
| id | String | Key of the entity. Inherited from deviceConfiguration |
| lastModifiedDateTime | DateTimeOffset | DateTime the object was last modified. Inherited from deviceConfiguration |
| createdDateTime | DateTimeOffset | DateTime the object was created. Inherited from deviceConfiguration |
| description | String | Admin provided description of the Device Configuration. Inherited from deviceConfiguration |
| displayName | String | Admin provided name of the device configuration. Inherited from deviceConfiguration |
| version | Int32 | Version of the device configuration. Inherited from deviceConfiguration |
| appsBlockClipboardSharing | Boolean | Indicates whether or not to block clipboard sharing to copy and paste between applications. |
| appsBlockCopyPaste | Boolean | Indicates whether or not to block copy and paste within applications. |
| appsBlockYouTube | Boolean | Indicates whether or not to block the YouTube app. |
| bluetoothBlocked | Boolean | Indicates whether or not to block Bluetooth. |
| cameraBlocked | Boolean | Indicates whether or not to block the use of the camera. |
| cellularBlockDataRoaming | Boolean | Indicates whether or not to block data roaming. |
| cellularBlockMessaging | Boolean | Indicates whether or not to block SMS/MMS messaging. |
| cellularBlockVoiceRoaming | Boolean | Indicates whether or not to block voice roaming. |
| cellularBlockWiFiTethering | Boolean | Indicates whether or not to block syncing Wi-Fi tethering. |
| compliantAppsList | appListItem collection | List of apps in the compliance (either allow list or block list, controlled by CompliantAppListType). This collection can contain a maximum of 10000 elements. |
| compliantAppListType | appListType | Type of list that is in the CompliantAppsList. Possible values are: none, appsInListCompliant, appsNotInListCompliant. |
| diagnosticDataBlockSubmission | Boolean | Indicates whether or not to block diagnostic data submission. |
| locationServicesBlocked | Boolean | Indicates whether or not to block location services. |
| googleAccountBlockAutoSync | Boolean | Indicates whether or not to block Google account auto sync. |
| googlePlayStoreBlocked | Boolean | Indicates whether or not to block the Google Play store. |
| kioskModeBlockSleepButton | Boolean | Indicates whether or not to block the screen sleep button while in Kiosk Mode. |
| kioskModeBlockVolumeButtons | Boolean | Indicates whether or not to block the volume buttons while in Kiosk Mode. |
| kioskModeApps | appListItem collection | A list of apps that will be allowed to run when the device is in Kiosk Mode. This collection can contain a maximum of 500 elements. |
| nfcBlocked | Boolean | Indicates whether or not to block Near-Field Communication. |
| passwordBlockFingerprintUnlock | Boolean | Indicates whether or not to block fingerprint unlock. |
| passwordBlockTrustAgents | Boolean | Indicates whether or not to block Smart Lock and other trust agents. |
| passwordExpirationDays | Int32 | Number of days before the password expires. Valid values 1 to 365 |
| passwordMinimumLength | Int32 | Minimum length of passwords. Valid values 4 to 16 |
| passwordMinutesOfInactivityBeforeScreenTimeout | Int32 | Minutes of inactivity before the screen times out. |
| passwordPreviousPasswordBlockCount | Int32 | Number of previous passwords to block. Valid values 0 to 24 |
| passwordSignInFailureCountBeforeFactoryReset | Int32 | Number of sign in failures allowed before factory reset. Valid values 1 to 16 |
| passwordRequiredType | androidRequiredPasswordType | Type of password that is required. Possible values are: deviceDefault, alphabetic, alphanumeric, alphanumericWithSymbols, lowSecurityBiometric, numeric, numericComplex, any. |
| passwordRequired | Boolean | Indicates whether or not to require a password. |
| powerOffBlocked | Boolean | Indicates whether or not to block powering off the device. |
| factoryResetBlocked | Boolean | Indicates whether or not to block user performing a factory reset. |
| screenCaptureBlocked | Boolean | Indicates whether or not to block screenshots. |
| deviceSharingAllowed | Boolean | Indicates whether or not to allow device sharing mode. |
| storageBlockGoogleBackup | Boolean | Indicates whether or not to block Google Backup. |
| storageBlockRemovableStorage | Boolean | Indicates whether or not to block removable storage usage. |
| storageRequireDeviceEncryption | Boolean | Indicates whether or not to require device encryption. |
| storageRequireRemovableStorageEncryption | Boolean | Indicates whether or not to require removable storage encryption. |
| voiceAssistantBlocked | Boolean | Indicates whether or not to block the use of the Voice Assistant. |
| voiceDialingBlocked | Boolean | Indicates whether or not to block voice dialing. |
| webBrowserBlockPopups | Boolean | Indicates whether or not to block popups within the web browser. |
| webBrowserBlockAutofill | Boolean | Indicates whether or not to block the web browser's auto fill feature. |
| webBrowserBlockJavaScript | Boolean | Indicates whether or not to block JavaScript within the web browser. |
| webBrowserBlocked | Boolean | Indicates whether or not to block the web browser. |
| webBrowserCookieSettings | webBrowserCookieSettings | Cookie settings within the web browser. Possible values are: browserDefault, blockAlways, allowCurrentWebSite, allowFromWebsitesVisited, allowAlways. |
| wiFiBlocked | Boolean | Indicates whether or not to block syncing Wi-Fi. |
| appsInstallAllowList | appListItem collection | List of apps which can be installed on the KNOX device. This collection can contain a maximum of 500 elements. |
| appsLaunchBlockList | appListItem collection | List of apps which are blocked from being launched on the KNOX device. This collection can contain a maximum of 500 elements. |
| appsHideList | appListItem collection | List of apps to be hidden on the KNOX device. This collection can contain a maximum of 500 elements. |
| securityRequireVerifyApps | Boolean | Require the Android Verify apps feature is turned on. |
Graph reference: androidImportedPFXCertificateProfile
| Property | Type | Description |
|---|---|---|
| id | String | Key of the entity. Inherited from deviceConfiguration |
| lastModifiedDateTime | DateTimeOffset | DateTime the object was last modified. Inherited from deviceConfiguration |
| roleScopeTagIds | String collection | List of Scope Tags for this Entity instance. Inherited from deviceConfiguration |
| supportsScopeTags | Boolean | Indicates whether or not the underlying Device Configuration supports the assignment of scope tags. Assigning to the ScopeTags property is not allowed when this value is false and entities will not be visible to scoped users. This occurs for Legacy policies created in Silverlight and can be resolved by deleting and recreating the policy in the Azure Portal. This property is read-only. Inherited from deviceConfiguration |
| deviceManagementApplicabilityRuleOsEdition | deviceManagementApplicabilityRuleOsEdition | The OS edition applicability for this Policy. Inherited from deviceConfiguration |
| deviceManagementApplicabilityRuleOsVersion | deviceManagementApplicabilityRuleOsVersion | The OS version applicability rule for this Policy. Inherited from deviceConfiguration |
| deviceManagementApplicabilityRuleDeviceMode | deviceManagementApplicabilityRuleDeviceMode | The device mode applicability rule for this Policy. Inherited from deviceConfiguration |
| createdDateTime | DateTimeOffset | DateTime the object was created. Inherited from deviceConfiguration |
| description | String | Admin provided description of the Device Configuration. Inherited from deviceConfiguration |
| displayName | String | Admin provided name of the device configuration. Inherited from deviceConfiguration |
| version | Int32 | Version of the device configuration. Inherited from deviceConfiguration |
| renewalThresholdPercentage | Int32 | Certificate renewal threshold percentage. Valid values 1 to 99 Inherited from androidCertificateProfileBase |
| subjectNameFormat | subjectNameFormat | Certificate Subject Name Format. Inherited from androidCertificateProfileBase. Possible values are: commonName, commonNameIncludingEmail, commonNameAsEmail, custom, commonNameAsIMEI, commonNameAsSerialNumber, commonNameAsAadDeviceId, commonNameAsIntuneDeviceId, commonNameAsDurableDeviceId. |
| subjectAlternativeNameType | subjectAlternativeNameType | Certificate Subject Alternative Name Type. Inherited from androidCertificateProfileBase. Possible values are: none, emailAddress, userPrincipalName, customAzureADAttribute, domainNameService, universalResourceIdentifier. |
| certificateValidityPeriodValue | Int32 | Value for the Certificate Validity Period. Inherited from androidCertificateProfileBase |
| certificateValidityPeriodScale | certificateValidityPeriodScale | Scale for the Certificate Validity Period. Inherited from androidCertificateProfileBase. Possible values are: days, months, years. |
| extendedKeyUsages | extendedKeyUsage collection | Extended Key Usage (EKU) settings. This collection can contain a maximum of 500 elements. Inherited from androidCertificateProfileBase |
| intendedPurpose | intendedPurpose | Intended Purpose of the Certificate Profile - which could be Unassigned, SmimeEncryption, SmimeSigning etc. Possible values are: unassigned, smimeEncryption, smimeSigning, vpn, wifi. |
Graph reference: androidOmaCpConfiguration
| Property | Type | Description |
|---|---|---|
| id | String | Key of the entity. Inherited from deviceConfiguration |
| lastModifiedDateTime | DateTimeOffset | DateTime the object was last modified. Inherited from deviceConfiguration |
| roleScopeTagIds | String collection | List of Scope Tags for this Entity instance. Inherited from deviceConfiguration |
| supportsScopeTags | Boolean | Indicates whether or not the underlying Device Configuration supports the assignment of scope tags. Assigning to the ScopeTags property is not allowed when this value is false and entities will not be visible to scoped users. This occurs for Legacy policies created in Silverlight and can be resolved by deleting and recreating the policy in the Azure Portal. This property is read-only. Inherited from deviceConfiguration |
| deviceManagementApplicabilityRuleOsEdition | deviceManagementApplicabilityRuleOsEdition | The OS edition applicability for this Policy. Inherited from deviceConfiguration |
| deviceManagementApplicabilityRuleOsVersion | deviceManagementApplicabilityRuleOsVersion | The OS version applicability rule for this Policy. Inherited from deviceConfiguration |
| deviceManagementApplicabilityRuleDeviceMode | deviceManagementApplicabilityRuleDeviceMode | The device mode applicability rule for this Policy. Inherited from deviceConfiguration |
| createdDateTime | DateTimeOffset | DateTime the object was created. Inherited from deviceConfiguration |
| description | String | Admin provided description of the Device Configuration. Inherited from deviceConfiguration |
| displayName | String | Admin provided name of the device configuration. Inherited from deviceConfiguration |
| version | Int32 | Version of the device configuration. Inherited from deviceConfiguration |
| configurationXml | Binary | Configuration XML that will be applied to the device. When it is read, it only provides a placeholder string since the original data is encrypted and stored. |
Graph reference: androidPkcsCertificateProfile
| Property | Type | Description |
|---|---|---|
| id | String | Key of the entity. Inherited from deviceConfiguration |
| lastModifiedDateTime | DateTimeOffset | DateTime the object was last modified. Inherited from deviceConfiguration |
| roleScopeTagIds | String collection | List of Scope Tags for this Entity instance. Inherited from deviceConfiguration |
| supportsScopeTags | Boolean | Indicates whether or not the underlying Device Configuration supports the assignment of scope tags. Assigning to the ScopeTags property is not allowed when this value is false and entities will not be visible to scoped users. This occurs for Legacy policies created in Silverlight and can be resolved by deleting and recreating the policy in the Azure Portal. This property is read-only. Inherited from deviceConfiguration |
| deviceManagementApplicabilityRuleOsEdition | deviceManagementApplicabilityRuleOsEdition | The OS edition applicability for this Policy. Inherited from deviceConfiguration |
| deviceManagementApplicabilityRuleOsVersion | deviceManagementApplicabilityRuleOsVersion | The OS version applicability rule for this Policy. Inherited from deviceConfiguration |
| deviceManagementApplicabilityRuleDeviceMode | deviceManagementApplicabilityRuleDeviceMode | The device mode applicability rule for this Policy. Inherited from deviceConfiguration |
| createdDateTime | DateTimeOffset | DateTime the object was created. Inherited from deviceConfiguration |
| description | String | Admin provided description of the Device Configuration. Inherited from deviceConfiguration |
| displayName | String | Admin provided name of the device configuration. Inherited from deviceConfiguration |
| version | Int32 | Version of the device configuration. Inherited from deviceConfiguration |
| renewalThresholdPercentage | Int32 | Certificate renewal threshold percentage. Valid values 1 to 99 Inherited from androidCertificateProfileBase |
| subjectNameFormat | subjectNameFormat | Certificate Subject Name Format. Inherited from androidCertificateProfileBase. Possible values are: commonName, commonNameIncludingEmail, commonNameAsEmail, custom, commonNameAsIMEI, commonNameAsSerialNumber, commonNameAsAadDeviceId, commonNameAsIntuneDeviceId, commonNameAsDurableDeviceId. |
| subjectAlternativeNameType | subjectAlternativeNameType | Certificate Subject Alternative Name Type. Inherited from androidCertificateProfileBase. Possible values are: none, emailAddress, userPrincipalName, customAzureADAttribute, domainNameService, universalResourceIdentifier. |
| certificateValidityPeriodValue | Int32 | Value for the Certificate Validity Period. Inherited from androidCertificateProfileBase |
| certificateValidityPeriodScale | certificateValidityPeriodScale | Scale for the Certificate Validity Period. Inherited from androidCertificateProfileBase. Possible values are: days, months, years. |
| extendedKeyUsages | extendedKeyUsage collection | Extended Key Usage (EKU) settings. This collection can contain a maximum of 500 elements. Inherited from androidCertificateProfileBase |
| certificationAuthority | String | PKCS Certification Authority |
| certificationAuthorityName | String | PKCS Certification Authority Name |
| certificateTemplateName | String | PKCS Certificate Template Name |
| subjectAlternativeNameFormatString | String | Custom String that defines the AAD Attribute. |
Graph reference: androidScepCertificateProfile
| Property | Type | Description |
|---|---|---|
| id | String | Key of the entity. Inherited from deviceConfiguration |
| lastModifiedDateTime | DateTimeOffset | DateTime the object was last modified. Inherited from deviceConfiguration |
| roleScopeTagIds | String collection | List of Scope Tags for this Entity instance. Inherited from deviceConfiguration |
| supportsScopeTags | Boolean | Indicates whether or not the underlying Device Configuration supports the assignment of scope tags. Assigning to the ScopeTags property is not allowed when this value is false and entities will not be visible to scoped users. This occurs for Legacy policies created in Silverlight and can be resolved by deleting and recreating the policy in the Azure Portal. This property is read-only. Inherited from deviceConfiguration |
| deviceManagementApplicabilityRuleOsEdition | deviceManagementApplicabilityRuleOsEdition | The OS edition applicability for this Policy. Inherited from deviceConfiguration |
| deviceManagementApplicabilityRuleOsVersion | deviceManagementApplicabilityRuleOsVersion | The OS version applicability rule for this Policy. Inherited from deviceConfiguration |
| deviceManagementApplicabilityRuleDeviceMode | deviceManagementApplicabilityRuleDeviceMode | The device mode applicability rule for this Policy. Inherited from deviceConfiguration |
| createdDateTime | DateTimeOffset | DateTime the object was created. Inherited from deviceConfiguration |
| description | String | Admin provided description of the Device Configuration. Inherited from deviceConfiguration |
| displayName | String | Admin provided name of the device configuration. Inherited from deviceConfiguration |
| version | Int32 | Version of the device configuration. Inherited from deviceConfiguration |
| renewalThresholdPercentage | Int32 | Certificate renewal threshold percentage. Valid values 1 to 99 Inherited from androidCertificateProfileBase |
| subjectNameFormat | subjectNameFormat | Certificate Subject Name Format. Inherited from androidCertificateProfileBase. Possible values are: commonName, commonNameIncludingEmail, commonNameAsEmail, custom, commonNameAsIMEI, commonNameAsSerialNumber, commonNameAsAadDeviceId, commonNameAsIntuneDeviceId, commonNameAsDurableDeviceId. |
| subjectAlternativeNameType | subjectAlternativeNameType | Certificate Subject Alternative Name Type. Inherited from androidCertificateProfileBase. Possible values are: none, emailAddress, userPrincipalName, customAzureADAttribute, domainNameService, universalResourceIdentifier. |
| certificateValidityPeriodValue | Int32 | Value for the Certificate Validity Period. Inherited from androidCertificateProfileBase |
| certificateValidityPeriodScale | certificateValidityPeriodScale | Scale for the Certificate Validity Period. Inherited from androidCertificateProfileBase. Possible values are: days, months, years. |
| extendedKeyUsages | extendedKeyUsage collection | Extended Key Usage (EKU) settings. This collection can contain a maximum of 500 elements. Inherited from androidCertificateProfileBase |
| scepServerUrls | String collection | SCEP Server Url(s) |
| subjectNameFormatString | String | Custom format to use with SubjectNameFormat = Custom. Example: CN={{EmailAddress}},E={{EmailAddress}},OU=Enterprise Users,O=Contoso Corporation,L=Redmond,ST=WA,C=US |
| keyUsage | keyUsages | SCEP Key Usage. Possible values are: keyEncipherment, digitalSignature. |
| keySize | keySize | SCEP Key Size. Possible values are: size1024, size2048, size4096. |
| hashAlgorithm | hashAlgorithms | SCEP Hash Algorithm. Possible values are: sha1, sha2. |
| subjectAlternativeNameFormatString | String | Custom String that defines the AAD Attribute. |
Graph reference: androidTrustedRootCertificate
| Property | Type | Description |
|---|---|---|
| id | String | Key of the entity. Inherited from deviceConfiguration |
| lastModifiedDateTime | DateTimeOffset | DateTime the object was last modified. Inherited from deviceConfiguration |
| roleScopeTagIds | String collection | List of Scope Tags for this Entity instance. Inherited from deviceConfiguration |
| supportsScopeTags | Boolean | Indicates whether or not the underlying Device Configuration supports the assignment of scope tags. Assigning to the ScopeTags property is not allowed when this value is false and entities will not be visible to scoped users. This occurs for Legacy policies created in Silverlight and can be resolved by deleting and recreating the policy in the Azure Portal. This property is read-only. Inherited from deviceConfiguration |
| deviceManagementApplicabilityRuleOsEdition | deviceManagementApplicabilityRuleOsEdition | The OS edition applicability for this Policy. Inherited from deviceConfiguration |
| deviceManagementApplicabilityRuleOsVersion | deviceManagementApplicabilityRuleOsVersion | The OS version applicability rule for this Policy. Inherited from deviceConfiguration |
| deviceManagementApplicabilityRuleDeviceMode | deviceManagementApplicabilityRuleDeviceMode | The device mode applicability rule for this Policy. Inherited from deviceConfiguration |
| createdDateTime | DateTimeOffset | DateTime the object was created. Inherited from deviceConfiguration |
| description | String | Admin provided description of the Device Configuration. Inherited from deviceConfiguration |
| displayName | String | Admin provided name of the device configuration. Inherited from deviceConfiguration |
| version | Int32 | Version of the device configuration. Inherited from deviceConfiguration |
| trustedRootCertificate | Binary | Trusted Root Certificate |
| certFileName | String | File name to display in UI. |
Graph reference: androidVpnConfiguration
| Property | Type | Description |
|---|---|---|
| id | String | Key of the entity. Inherited from deviceConfiguration |
| lastModifiedDateTime | DateTimeOffset | DateTime the object was last modified. Inherited from deviceConfiguration |
| roleScopeTagIds | String collection | List of Scope Tags for this Entity instance. Inherited from deviceConfiguration |
| supportsScopeTags | Boolean | Indicates whether or not the underlying Device Configuration supports the assignment of scope tags. Assigning to the ScopeTags property is not allowed when this value is false and entities will not be visible to scoped users. This occurs for Legacy policies created in Silverlight and can be resolved by deleting and recreating the policy in the Azure Portal. This property is read-only. Inherited from deviceConfiguration |
| deviceManagementApplicabilityRuleOsEdition | deviceManagementApplicabilityRuleOsEdition | The OS edition applicability for this Policy. Inherited from deviceConfiguration |
| deviceManagementApplicabilityRuleOsVersion | deviceManagementApplicabilityRuleOsVersion | The OS version applicability rule for this Policy. Inherited from deviceConfiguration |
| deviceManagementApplicabilityRuleDeviceMode | deviceManagementApplicabilityRuleDeviceMode | The device mode applicability rule for this Policy. Inherited from deviceConfiguration |
| createdDateTime | DateTimeOffset | DateTime the object was created. Inherited from deviceConfiguration |
| description | String | Admin provided description of the Device Configuration. Inherited from deviceConfiguration |
| displayName | String | Admin provided name of the device configuration. Inherited from deviceConfiguration |
| version | Int32 | Version of the device configuration. Inherited from deviceConfiguration |
| connectionName | String | Connection name displayed to the user. |
| connectionType | androidVpnConnectionType | Connection type. Possible values are: ciscoAnyConnect, pulseSecure, f5EdgeClient, dellSonicWallMobileConnect, checkPointCapsuleVpn, citrix, microsoftTunnel, netMotionMobility, microsoftProtect. |
| role | String | Role when connection type is set to Pulse Secure. |
| realm | String | Realm when connection type is set to Pulse Secure. |
| servers | vpnServer collection | List of VPN Servers on the network. Make sure end users can access these network locations. This collection can contain a maximum of 500 elements. |
| fingerprint | String | Fingerprint is a string that will be used to verify the VPN server can be trusted, which is only applicable when connection type is Check Point Capsule VPN. |
| customData | keyValue collection | Custom data when connection type is set to Citrix. This collection can contain a maximum of 25 elements. |
| customKeyValueData | keyValuePair collection | Custom data when connection type is set to Citrix. This collection can contain a maximum of 25 elements. |
| authenticationMethod | vpnAuthenticationMethod | Authentication method. Possible values are: certificate, usernameAndPassword, sharedSecret, derivedCredential, azureAD. |
Graph reference: androidWiFiConfiguration
| Property | Type | Description |
|---|---|---|
| id | String | Key of the entity. Inherited from deviceConfiguration |
| lastModifiedDateTime | DateTimeOffset | DateTime the object was last modified. Inherited from deviceConfiguration |
| roleScopeTagIds | String collection | List of Scope Tags for this Entity instance. Inherited from deviceConfiguration |
| supportsScopeTags | Boolean | Indicates whether or not the underlying Device Configuration supports the assignment of scope tags. Assigning to the ScopeTags property is not allowed when this value is false and entities will not be visible to scoped users. This occurs for Legacy policies created in Silverlight and can be resolved by deleting and recreating the policy in the Azure Portal. This property is read-only. Inherited from deviceConfiguration |
| deviceManagementApplicabilityRuleOsEdition | deviceManagementApplicabilityRuleOsEdition | The OS edition applicability for this Policy. Inherited from deviceConfiguration |
| deviceManagementApplicabilityRuleOsVersion | deviceManagementApplicabilityRuleOsVersion | The OS version applicability rule for this Policy. Inherited from deviceConfiguration |
| deviceManagementApplicabilityRuleDeviceMode | deviceManagementApplicabilityRuleDeviceMode | The device mode applicability rule for this Policy. Inherited from deviceConfiguration |
| createdDateTime | DateTimeOffset | DateTime the object was created. Inherited from deviceConfiguration |
| description | String | Admin provided description of the Device Configuration. Inherited from deviceConfiguration |
| displayName | String | Admin provided name of the device configuration. Inherited from deviceConfiguration |
| version | Int32 | Version of the device configuration. Inherited from deviceConfiguration |
| networkName | String | Network Name |
| ssid | String | This is the name of the Wi-Fi network that is broadcast to all devices. |
| connectAutomatically | Boolean | Connect automatically when this network is in range. Setting this to true will skip the user prompt and automatically connect the device to Wi-Fi network. |
| connectWhenNetworkNameIsHidden | Boolean | When set to true, this profile forces the device to connect to a network that doesn't broadcast its SSID to all devices. |
| wiFiSecurityType | androidWiFiSecurityType | Indicates whether Wi-Fi endpoint uses an EAP based security type. Possible values are: open, wpaEnterprise, wpa2Enterprise, wep, wpaPersonal, unknownFutureValue. |
Graph reference: androidWorkProfileCertificateProfileBase
| Property | Type | Description |
|---|---|---|
| id | String | Key of the entity. Inherited from deviceConfiguration |
| lastModifiedDateTime | DateTimeOffset | DateTime the object was last modified. Inherited from deviceConfiguration |
| roleScopeTagIds | String collection | List of Scope Tags for this Entity instance. Inherited from deviceConfiguration |
| supportsScopeTags | Boolean | Indicates whether or not the underlying Device Configuration supports the assignment of scope tags. Assigning to the ScopeTags property is not allowed when this value is false and entities will not be visible to scoped users. This occurs for Legacy policies created in Silverlight and can be resolved by deleting and recreating the policy in the Azure Portal. This property is read-only. Inherited from deviceConfiguration |
| deviceManagementApplicabilityRuleOsEdition | deviceManagementApplicabilityRuleOsEdition | The OS edition applicability for this Policy. Inherited from deviceConfiguration |
| deviceManagementApplicabilityRuleOsVersion | deviceManagementApplicabilityRuleOsVersion | The OS version applicability rule for this Policy. Inherited from deviceConfiguration |
| deviceManagementApplicabilityRuleDeviceMode | deviceManagementApplicabilityRuleDeviceMode | The device mode applicability rule for this Policy. Inherited from deviceConfiguration |
| createdDateTime | DateTimeOffset | DateTime the object was created. Inherited from deviceConfiguration |
| description | String | Admin provided description of the Device Configuration. Inherited from deviceConfiguration |
| displayName | String | Admin provided name of the device configuration. Inherited from deviceConfiguration |
| version | Int32 | Version of the device configuration. Inherited from deviceConfiguration |
| renewalThresholdPercentage | Int32 | Certificate renewal threshold percentage. Valid values 1 to 99 |
| subjectNameFormat | subjectNameFormat | Certificate Subject Name Format. Possible values are: commonName, commonNameIncludingEmail, commonNameAsEmail, custom, commonNameAsIMEI, commonNameAsSerialNumber, commonNameAsAadDeviceId, commonNameAsIntuneDeviceId, commonNameAsDurableDeviceId. |
| certificateValidityPeriodValue | Int32 | Value for the Certificate Validity Period. |
| certificateValidityPeriodScale | certificateValidityPeriodScale | Scale for the Certificate Validity Period. Possible values are: days, months, years. |
| extendedKeyUsages | extendedKeyUsage collection | Extended Key Usage (EKU) settings. This collection can contain a maximum of 500 elements. |
| subjectAlternativeNameType | subjectAlternativeNameType | Certificate Subject Alternative Name Type. Possible values are: none, emailAddress, userPrincipalName, customAzureADAttribute, domainNameService, universalResourceIdentifier. |
Graph reference: androidWorkProfileCompliancePolicy
| Property | Type | Description |
|---|---|---|
| id | String | Key of the entity. Inherited from deviceCompliancePolicy |
| createdDateTime | DateTimeOffset | DateTime the object was created. Inherited from deviceCompliancePolicy |
| description | String | Admin provided description of the Device Configuration. Inherited from deviceCompliancePolicy |
| lastModifiedDateTime | DateTimeOffset | DateTime the object was last modified. Inherited from deviceCompliancePolicy |
| displayName | String | Admin provided name of the device configuration. Inherited from deviceCompliancePolicy |
| version | Int32 | Version of the device configuration. Inherited from deviceCompliancePolicy |
| passwordRequired | Boolean | Require a password to unlock device. |
| passwordMinimumLength | Int32 | Minimum password length. Valid values 4 to 16 |
| passwordRequiredType | androidRequiredPasswordType | Type of characters in password. Possible values are: deviceDefault, alphabetic, alphanumeric, alphanumericWithSymbols, lowSecurityBiometric, numeric, numericComplex, any. |
| passwordMinutesOfInactivityBeforeLock | Int32 | Minutes of inactivity before a password is required. |
| passwordExpirationDays | Int32 | Number of days before the password expires. Valid values 1 to 365 |
| passwordPreviousPasswordBlockCount | Int32 | Number of previous passwords to block. Valid values 1 to 24 |
| securityPreventInstallAppsFromUnknownSources | Boolean | Require that devices disallow installation of apps from unknown sources. |
| securityDisableUsbDebugging | Boolean | Disable USB debugging on Android devices. |
| securityRequireVerifyApps | Boolean | Require the Android Verify apps feature is turned on. |
| deviceThreatProtectionEnabled | Boolean | Require that devices have enabled device threat protection. |
| deviceThreatProtectionRequiredSecurityLevel | deviceThreatProtectionLevel | Require Mobile Threat Protection minimum risk level to report noncompliance. Possible values are: unavailable, secured, low, medium, high, notSet. |
| securityBlockJailbrokenDevices | Boolean | Devices must not be jailbroken or rooted. |
| osMinimumVersion | String | Minimum Android version. |
| osMaximumVersion | String | Maximum Android version. |
| minAndroidSecurityPatchLevel | String | Minimum Android security patch level. |
| storageRequireEncryption | Boolean | Require encryption on Android devices. |
| securityRequireSafetyNetAttestationBasicIntegrity | Boolean | Require the device to pass the SafetyNet basic integrity check. |
| securityRequireSafetyNetAttestationCertifiedDevice | Boolean | Require the device to pass the SafetyNet certified device check. |
| securityRequireGooglePlayServices | Boolean | Require Google Play Services to be installed and enabled on the device. |
| securityRequireUpToDateSecurityProviders | Boolean | Require the device to have up to date security providers. The device will require Google Play Services to be enabled and up to date. |
| securityRequireCompanyPortalAppIntegrity | Boolean | Require the device to pass the Company Portal client app runtime integrity check. |
Graph reference: androidWorkProfileCustomConfiguration
| Property | Type | Description |
|---|---|---|
| id | String | Key of the entity. Inherited from deviceConfiguration |
| lastModifiedDateTime | DateTimeOffset | DateTime the object was last modified. Inherited from deviceConfiguration |
| createdDateTime | DateTimeOffset | DateTime the object was created. Inherited from deviceConfiguration |
| description | String | Admin provided description of the Device Configuration. Inherited from deviceConfiguration |
| displayName | String | Admin provided name of the device configuration. Inherited from deviceConfiguration |
| version | Int32 | Version of the device configuration. Inherited from deviceConfiguration |
| omaSettings | omaSetting collection | OMA settings. This collection can contain a maximum of 500 elements. |
Graph reference: androidWorkProfileEasEmailProfileBase
| Property | Type | Description |
|---|---|---|
| id | String | Key of the entity. Inherited from deviceConfiguration |
| lastModifiedDateTime | DateTimeOffset | DateTime the object was last modified. Inherited from deviceConfiguration |
| roleScopeTagIds | String collection | List of Scope Tags for this Entity instance. Inherited from deviceConfiguration |
| supportsScopeTags | Boolean | Indicates whether or not the underlying Device Configuration supports the assignment of scope tags. Assigning to the ScopeTags property is not allowed when this value is false and entities will not be visible to scoped users. This occurs for Legacy policies created in Silverlight and can be resolved by deleting and recreating the policy in the Azure Portal. This property is read-only. Inherited from deviceConfiguration |
| deviceManagementApplicabilityRuleOsEdition | deviceManagementApplicabilityRuleOsEdition | The OS edition applicability for this Policy. Inherited from deviceConfiguration |
| deviceManagementApplicabilityRuleOsVersion | deviceManagementApplicabilityRuleOsVersion | The OS version applicability rule for this Policy. Inherited from deviceConfiguration |
| deviceManagementApplicabilityRuleDeviceMode | deviceManagementApplicabilityRuleDeviceMode | The device mode applicability rule for this Policy. Inherited from deviceConfiguration |
| createdDateTime | DateTimeOffset | DateTime the object was created. Inherited from deviceConfiguration |
| description | String | Admin provided description of the Device Configuration. Inherited from deviceConfiguration |
| displayName | String | Admin provided name of the device configuration. Inherited from deviceConfiguration |
| version | Int32 | Version of the device configuration. Inherited from deviceConfiguration |
| authenticationMethod | easAuthenticationMethod | Authentication method for Exchange ActiveSync. Possible values are: usernameAndPassword, certificate, derivedCredential. |
| durationOfEmailToSync | emailSyncDuration | Duration of time email should be synced to. Possible values are: userDefined, oneDay, threeDays, oneWeek, twoWeeks, oneMonth, unlimited. |
| emailAddressSource | userEmailSource | Email attribute that is picked from AAD and injected into this profile before installing on the device. Possible values are: userPrincipalName, primarySmtpAddress. |
| hostName | String | Exchange location (URL) that the mail app connects to. |
| requireSsl | Boolean | Indicates whether or not to use SSL. |
| usernameSource | androidUsernameSource | Username attribute that is picked from AAD and injected into this profile before installing on the device. Possible values are: username, userPrincipalName, samAccountName, primarySmtpAddress. |
Graph reference: androidWorkProfileEnterpriseWiFiConfiguration
| Property | Type | Description |
|---|---|---|
| id | String | Key of the entity. Inherited from deviceConfiguration |
| lastModifiedDateTime | DateTimeOffset | DateTime the object was last modified. Inherited from deviceConfiguration |
| roleScopeTagIds | String collection | List of Scope Tags for this Entity instance. Inherited from deviceConfiguration |
| supportsScopeTags | Boolean | Indicates whether or not the underlying Device Configuration supports the assignment of scope tags. Assigning to the ScopeTags property is not allowed when this value is false and entities will not be visible to scoped users. This occurs for Legacy policies created in Silverlight and can be resolved by deleting and recreating the policy in the Azure Portal. This property is read-only. Inherited from deviceConfiguration |
| deviceManagementApplicabilityRuleOsEdition | deviceManagementApplicabilityRuleOsEdition | The OS edition applicability for this Policy. Inherited from deviceConfiguration |
| deviceManagementApplicabilityRuleOsVersion | deviceManagementApplicabilityRuleOsVersion | The OS version applicability rule for this Policy. Inherited from deviceConfiguration |
| deviceManagementApplicabilityRuleDeviceMode | deviceManagementApplicabilityRuleDeviceMode | The device mode applicability rule for this Policy. Inherited from deviceConfiguration |
| createdDateTime | DateTimeOffset | DateTime the object was created. Inherited from deviceConfiguration |
| description | String | Admin provided description of the Device Configuration. Inherited from deviceConfiguration |
| displayName | String | Admin provided name of the device configuration. Inherited from deviceConfiguration |
| version | Int32 | Version of the device configuration. Inherited from deviceConfiguration |
| networkName | String | The name of the Wi-Fi network. Inherited from androidWorkProfileWiFiConfiguration |
| ssid | String | This is the name of the Wi-Fi network that is broadcast to all devices. Inherited from androidWorkProfileWiFiConfiguration |
| connectAutomatically | Boolean | When set to true, device will connect automatically to the Wi-Fi network when in range, skipping the user prompt. When false, user will need to connect manually through Settings on the Android device. Default value is false. Inherited from androidWorkProfileWiFiConfiguration |
| connectWhenNetworkNameIsHidden | Boolean | When set to true, this profile forces the device to connect to a network that doesn't broadcast its SSID to all devices. When false, device will not automatically connect to hidden networks. Default value is false. Inherited from androidWorkProfileWiFiConfiguration |
| wiFiSecurityType | androidWiFiSecurityType | The possible security types for Android Wi-Fi profiles. Default value Open, indicates no authentication required for the network. The security protocols supported are WEP, WPA and WPA2. WpaEnterprise and Wpa2Enterprise options are available for Enterprise Wi-Fi profiles. Wep and WpaPersonal (supports WPA and WPA2) options are available for Basic Wi-Fi profiles. Inherited from androidWorkProfileWiFiConfiguration. Possible values are: open, wpaEnterprise, wpa2Enterprise, wep, wpaPersonal, unknownFutureValue. |
| preSharedKey | String | Specify the pre-shared key for a WEP or WPA personal Wi-Fi network. Restrictions depend on the value set for wiFiSecurityType. If WEP type security is used, then preSharedKey must be a valid passphrase (5 or 13 characters) or a valid HEX key (10 or 26 hexidecimal characters). If WPA security type is used, then preSharedKey can be any string between 8 and 64 characters long. Inherited from androidWorkProfileWiFiConfiguration |
| preSharedKeyIsSet | Boolean | When set to true, indicates that the pre-shared key is configured. When set to false, indicates that pre-shared key is not configured (any values set for preSharedKey will be ignored). Default value is false. Inherited from androidWorkProfileWiFiConfiguration |
| proxySettings | wiFiProxySetting | Proxy Type for this Wi-Fi connection Inherited from androidWorkProfileWiFiConfiguration. Possible values are: none, manual, automatic, unknownFutureValue. |
| proxyAutomaticConfigurationUrl | String | URL of the proxy server automatic configuration script when automatic configuration is selected. This URL is typically the location of PAC (Proxy Auto Configuration) file. Inherited from androidWorkProfileWiFiConfiguration |
| eapType | androidEapType | Indicates the type of EAP protocol set on the Wi-Fi endpoint (router). Possible values are: eapTls, eapTtls, peap. |
| trustedServerCertificateNames | String collection | Trusted server certificate names when EAP Type is configured to EAP-TLS/TTLS/FAST or PEAP. This is the common name used in the certificates issued by your trusted certificate authority (CA). If you provide this information, you can bypass the dynamic trust dialog that is displayed on end users' devices when they connect to this Wi-Fi network. |
| authenticationMethod | wiFiAuthenticationMethod | Indicates the Authentication Method the client (device) needs to use when the EAP Type is configured to PEAP or EAP-TTLS. Possible values are: certificate, usernameAndPassword, derivedCredential. |
| innerAuthenticationProtocolForEapTtls | nonEapAuthenticationMethodForEapTtlsType | Non-EAP Method for Authentication (Inner Identity) when EAP Type is EAP-TTLS and Authenticationmethod is Username and Password. Possible values are: unencryptedPassword, challengeHandshakeAuthenticationProtocol, microsoftChap, microsoftChapVersionTwo. |
| innerAuthenticationProtocolForPeap | nonEapAuthenticationMethodForPeap | Non-EAP Method for Authentication (Inner Identity) when EAP Type is PEAP and Authenticationmethod is Username and Password. Possible values are: none, microsoftChapVersionTwo. |
| outerIdentityPrivacyTemporaryValue | String | Enable identity privacy (Outer Identity) when EAP Type is configured to EAP-TTLS or PEAP. The String provided here is used to mask the username of individual users when they attempt to connect to Wi-Fi network. |
Graph reference: androidWorkProfileGeneralDeviceConfiguration
| Property | Type | Description |
|---|---|---|
| id | String | Key of the entity. Inherited from deviceConfiguration |
| lastModifiedDateTime | DateTimeOffset | DateTime the object was last modified. Inherited from deviceConfiguration |
| createdDateTime | DateTimeOffset | DateTime the object was created. Inherited from deviceConfiguration |
| description | String | Admin provided description of the Device Configuration. Inherited from deviceConfiguration |
| displayName | String | Admin provided name of the device configuration. Inherited from deviceConfiguration |
| version | Int32 | Version of the device configuration. Inherited from deviceConfiguration |
| passwordBlockFingerprintUnlock | Boolean | Indicates whether or not to block fingerprint unlock. |
| passwordBlockTrustAgents | Boolean | Indicates whether or not to block Smart Lock and other trust agents. |
| passwordExpirationDays | Int32 | Number of days before the password expires. Valid values 1 to 365 |
| passwordMinimumLength | Int32 | Minimum length of passwords. Valid values 4 to 16 |
| passwordMinutesOfInactivityBeforeScreenTimeout | Int32 | Minutes of inactivity before the screen times out. |
| passwordPreviousPasswordBlockCount | Int32 | Number of previous passwords to block. Valid values 0 to 24 |
| passwordSignInFailureCountBeforeFactoryReset | Int32 | Number of sign in failures allowed before factory reset. Valid values 1 to 16 |
| passwordRequiredType | androidWorkProfileRequiredPasswordType | Type of password that is required. Possible values are: deviceDefault, lowSecurityBiometric, required, atLeastNumeric, numericComplex, atLeastAlphabetic, atLeastAlphanumeric, alphanumericWithSymbols. |
| workProfileDataSharingType | androidWorkProfileCrossProfileDataSharingType | Type of data sharing that is allowed. Possible values are: deviceDefault, preventAny, allowPersonalToWork, noRestrictions. |
| workProfileBlockNotificationsWhileDeviceLocked | Boolean | Indicates whether or not to block notifications while device locked. |
| workProfileBlockAddingAccounts | Boolean | Block users from adding/removing accounts in work profile. |
| workProfileBluetoothEnableContactSharing | Boolean | Allow bluetooth devices to access enterprise contacts. |
| workProfileBlockScreenCapture | Boolean | Block screen capture in work profile. |
| workProfileBlockCrossProfileCallerId | Boolean | Block display work profile caller ID in personal profile. |
| workProfileBlockCamera | Boolean | Block work profile camera. |
| workProfileBlockCrossProfileContactsSearch | Boolean | Block work profile contacts availability in personal profile. |
| workProfileBlockCrossProfileCopyPaste | Boolean | Boolean that indicates if the setting disallow cross profile copy/paste is enabled. |
| workProfileDefaultAppPermissionPolicy | androidWorkProfileDefaultAppPermissionPolicyType | Type of password that is required. Possible values are: deviceDefault, prompt, autoGrant, autoDeny. |
| workProfilePasswordBlockFingerprintUnlock | Boolean | Indicates whether or not to block fingerprint unlock for work profile. |
| workProfilePasswordBlockTrustAgents | Boolean | Indicates whether or not to block Smart Lock and other trust agents for work profile. |
| workProfilePasswordExpirationDays | Int32 | Number of days before the work profile password expires. Valid values 1 to 365 |
| workProfilePasswordMinimumLength | Int32 | Minimum length of work profile password. Valid values 4 to 16 |
| workProfilePasswordMinNumericCharacters | Int32 | Minimum # of numeric characters required in work profile password. Valid values 1 to 10 |
| workProfilePasswordMinNonLetterCharacters | Int32 | Minimum # of non-letter characters required in work profile password. Valid values 1 to 10 |
| workProfilePasswordMinLetterCharacters | Int32 | Minimum # of letter characters required in work profile password. Valid values 1 to 10 |
| workProfilePasswordMinLowerCaseCharacters | Int32 | Minimum # of lower-case characters required in work profile password. Valid values 1 to 10 |
| workProfilePasswordMinUpperCaseCharacters | Int32 | Minimum # of upper-case characters required in work profile password. Valid values 1 to 10 |
| workProfilePasswordMinSymbolCharacters | Int32 | Minimum # of symbols required in work profile password. Valid values 1 to 10 |
| workProfilePasswordMinutesOfInactivityBeforeScreenTimeout | Int32 | Minutes of inactivity before the screen times out. |
| workProfilePasswordPreviousPasswordBlockCount | Int32 | Number of previous work profile passwords to block. Valid values 0 to 24 |
| workProfilePasswordSignInFailureCountBeforeFactoryReset | Int32 | Number of sign in failures allowed before work profile is removed and all corporate data deleted. Valid values 1 to 16 |
| workProfilePasswordRequiredType | androidWorkProfileRequiredPasswordType | Type of work profile password that is required. Possible values are: deviceDefault, lowSecurityBiometric, required, atLeastNumeric, numericComplex, atLeastAlphabetic, atLeastAlphanumeric, alphanumericWithSymbols. |
| workProfileRequirePassword | Boolean | Password is required or not for work profile |
| securityRequireVerifyApps | Boolean | Require the Android Verify apps feature is turned on. |
Graph reference: androidWorkProfileGmailEasConfiguration
| Property | Type | Description |
|---|---|---|
| id | String | Key of the entity. Inherited from deviceConfiguration |
| lastModifiedDateTime | DateTimeOffset | DateTime the object was last modified. Inherited from deviceConfiguration |
| roleScopeTagIds | String collection | List of Scope Tags for this Entity instance. Inherited from deviceConfiguration |
| supportsScopeTags | Boolean | Indicates whether or not the underlying Device Configuration supports the assignment of scope tags. Assigning to the ScopeTags property is not allowed when this value is false and entities will not be visible to scoped users. This occurs for Legacy policies created in Silverlight and can be resolved by deleting and recreating the policy in the Azure Portal. This property is read-only. Inherited from deviceConfiguration |
| deviceManagementApplicabilityRuleOsEdition | deviceManagementApplicabilityRuleOsEdition | The OS edition applicability for this Policy. Inherited from deviceConfiguration |
| deviceManagementApplicabilityRuleOsVersion | deviceManagementApplicabilityRuleOsVersion | The OS version applicability rule for this Policy. Inherited from deviceConfiguration |
| deviceManagementApplicabilityRuleDeviceMode | deviceManagementApplicabilityRuleDeviceMode | The device mode applicability rule for this Policy. Inherited from deviceConfiguration |
| createdDateTime | DateTimeOffset | DateTime the object was created. Inherited from deviceConfiguration |
| description | String | Admin provided description of the Device Configuration. Inherited from deviceConfiguration |
| displayName | String | Admin provided name of the device configuration. Inherited from deviceConfiguration |
| version | Int32 | Version of the device configuration. Inherited from deviceConfiguration |
| authenticationMethod | easAuthenticationMethod | Authentication method for Exchange ActiveSync. Inherited from androidWorkProfileEasEmailProfileBase. Possible values are: usernameAndPassword, certificate, derivedCredential. |
| durationOfEmailToSync | emailSyncDuration | Duration of time email should be synced to. Inherited from androidWorkProfileEasEmailProfileBase. Possible values are: userDefined, oneDay, threeDays, oneWeek, twoWeeks, oneMonth, unlimited. |
| emailAddressSource | userEmailSource | Email attribute that is picked from AAD and injected into this profile before installing on the device. Inherited from androidWorkProfileEasEmailProfileBase. Possible values are: userPrincipalName, primarySmtpAddress. |
| hostName | String | Exchange location (URL) that the mail app connects to. Inherited from androidWorkProfileEasEmailProfileBase |
| requireSsl | Boolean | Indicates whether or not to use SSL. Inherited from androidWorkProfileEasEmailProfileBase |
| usernameSource | androidUsernameSource | Username attribute that is picked from AAD and injected into this profile before installing on the device. Inherited from androidWorkProfileEasEmailProfileBase. Possible values are: username, userPrincipalName, samAccountName, primarySmtpAddress. |
Graph reference: androidWorkProfileMigrationConfiguration
| Property | Type | Description |
|---|---|---|
| id | String | Key of the entity. Inherited from deviceConfiguration |
| lastModifiedDateTime | DateTimeOffset | DateTime the object was last modified. Inherited from deviceConfiguration |
| roleScopeTagIds | String collection | List of Scope Tags for this Entity instance. Inherited from deviceConfiguration |
| supportsScopeTags | Boolean | Indicates whether or not the underlying Device Configuration supports the assignment of scope tags. Assigning to the ScopeTags property is not allowed when this value is false and entities will not be visible to scoped users. This occurs for Legacy policies created in Silverlight and can be resolved by deleting and recreating the policy in the Azure Portal. This property is read-only. Inherited from deviceConfiguration |
| deviceManagementApplicabilityRuleOsEdition | deviceManagementApplicabilityRuleOsEdition | The OS edition applicability for this Policy. Inherited from deviceConfiguration |
| deviceManagementApplicabilityRuleOsVersion | deviceManagementApplicabilityRuleOsVersion | The OS version applicability rule for this Policy. Inherited from deviceConfiguration |
| deviceManagementApplicabilityRuleDeviceMode | deviceManagementApplicabilityRuleDeviceMode | The device mode applicability rule for this Policy. Inherited from deviceConfiguration |
| createdDateTime | DateTimeOffset | DateTime the object was created. Inherited from deviceConfiguration |
| description | String | Admin provided description of the Device Configuration. Inherited from deviceConfiguration |
| displayName | String | Admin provided name of the device configuration. Inherited from deviceConfiguration |
| version | Int32 | Version of the device configuration. Inherited from deviceConfiguration |
| disableMigration | Boolean | Indicates whether the devices should be migrated to the Google's AM API. When set to true the devices will be migrated to use Google's AM APIs. When set to false the devices will continue using the old EMM API for management. The default is false. |
Graph reference: androidWorkProfileNineWorkEasConfiguration
| Property | Type | Description |
|---|---|---|
| id | String | Key of the entity. Inherited from deviceConfiguration |
| lastModifiedDateTime | DateTimeOffset | DateTime the object was last modified. Inherited from deviceConfiguration |
| roleScopeTagIds | String collection | List of Scope Tags for this Entity instance. Inherited from deviceConfiguration |
| supportsScopeTags | Boolean | Indicates whether or not the underlying Device Configuration supports the assignment of scope tags. Assigning to the ScopeTags property is not allowed when this value is false and entities will not be visible to scoped users. This occurs for Legacy policies created in Silverlight and can be resolved by deleting and recreating the policy in the Azure Portal. This property is read-only. Inherited from deviceConfiguration |
| deviceManagementApplicabilityRuleOsEdition | deviceManagementApplicabilityRuleOsEdition | The OS edition applicability for this Policy. Inherited from deviceConfiguration |
| deviceManagementApplicabilityRuleOsVersion | deviceManagementApplicabilityRuleOsVersion | The OS version applicability rule for this Policy. Inherited from deviceConfiguration |
| deviceManagementApplicabilityRuleDeviceMode | deviceManagementApplicabilityRuleDeviceMode | The device mode applicability rule for this Policy. Inherited from deviceConfiguration |
| createdDateTime | DateTimeOffset | DateTime the object was created. Inherited from deviceConfiguration |
| description | String | Admin provided description of the Device Configuration. Inherited from deviceConfiguration |
| displayName | String | Admin provided name of the device configuration. Inherited from deviceConfiguration |
| version | Int32 | Version of the device configuration. Inherited from deviceConfiguration |
| authenticationMethod | easAuthenticationMethod | Authentication method for Exchange ActiveSync. Inherited from androidWorkProfileEasEmailProfileBase. Possible values are: usernameAndPassword, certificate, derivedCredential. |
| durationOfEmailToSync | emailSyncDuration | Duration of time email should be synced to. Inherited from androidWorkProfileEasEmailProfileBase. Possible values are: userDefined, oneDay, threeDays, oneWeek, twoWeeks, oneMonth, unlimited. |
| emailAddressSource | userEmailSource | Email attribute that is picked from AAD and injected into this profile before installing on the device. Inherited from androidWorkProfileEasEmailProfileBase. Possible values are: userPrincipalName, primarySmtpAddress. |
| hostName | String | Exchange location (URL) that the mail app connects to. Inherited from androidWorkProfileEasEmailProfileBase |
| requireSsl | Boolean | Indicates whether or not to use SSL. Inherited from androidWorkProfileEasEmailProfileBase |
| usernameSource | androidUsernameSource | Username attribute that is picked from AAD and injected into this profile before installing on the device. Inherited from androidWorkProfileEasEmailProfileBase. Possible values are: username, userPrincipalName, samAccountName, primarySmtpAddress. |
| syncCalendar | Boolean | Toggles syncing the calendar. If set to false the calendar is turned off on the device. |
| syncContacts | Boolean | Toggles syncing contacts. If set to false contacts are turned off on the device. |
| syncTasks | Boolean | Toggles syncing tasks. If set to false tasks are turned off on the device. |
Graph reference: androidWorkProfilePkcsCertificateProfile
| Property | Type | Description |
|---|---|---|
| id | String | Key of the entity. Inherited from deviceConfiguration |
| lastModifiedDateTime | DateTimeOffset | DateTime the object was last modified. Inherited from deviceConfiguration |
| roleScopeTagIds | String collection | List of Scope Tags for this Entity instance. Inherited from deviceConfiguration |
| supportsScopeTags | Boolean | Indicates whether or not the underlying Device Configuration supports the assignment of scope tags. Assigning to the ScopeTags property is not allowed when this value is false and entities will not be visible to scoped users. This occurs for Legacy policies created in Silverlight and can be resolved by deleting and recreating the policy in the Azure Portal. This property is read-only. Inherited from deviceConfiguration |
| deviceManagementApplicabilityRuleOsEdition | deviceManagementApplicabilityRuleOsEdition | The OS edition applicability for this Policy. Inherited from deviceConfiguration |
| deviceManagementApplicabilityRuleOsVersion | deviceManagementApplicabilityRuleOsVersion | The OS version applicability rule for this Policy. Inherited from deviceConfiguration |
| deviceManagementApplicabilityRuleDeviceMode | deviceManagementApplicabilityRuleDeviceMode | The device mode applicability rule for this Policy. Inherited from deviceConfiguration |
| createdDateTime | DateTimeOffset | DateTime the object was created. Inherited from deviceConfiguration |
| description | String | Admin provided description of the Device Configuration. Inherited from deviceConfiguration |
| displayName | String | Admin provided name of the device configuration. Inherited from deviceConfiguration |
| version | Int32 | Version of the device configuration. Inherited from deviceConfiguration |
| renewalThresholdPercentage | Int32 | Certificate renewal threshold percentage. Valid values 1 to 99 Inherited from androidWorkProfileCertificateProfileBase |
| subjectNameFormat | subjectNameFormat | Certificate Subject Name Format. Inherited from androidWorkProfileCertificateProfileBase. Possible values are: commonName, commonNameIncludingEmail, commonNameAsEmail, custom, commonNameAsIMEI, commonNameAsSerialNumber, commonNameAsAadDeviceId, commonNameAsIntuneDeviceId, commonNameAsDurableDeviceId. |
| certificateValidityPeriodValue | Int32 | Value for the Certificate Validity Period. Inherited from androidWorkProfileCertificateProfileBase |
| certificateValidityPeriodScale | certificateValidityPeriodScale | Scale for the Certificate Validity Period. Inherited from androidWorkProfileCertificateProfileBase. Possible values are: days, months, years. |
| extendedKeyUsages | extendedKeyUsage collection | Extended Key Usage (EKU) settings. This collection can contain a maximum of 500 elements. Inherited from androidWorkProfileCertificateProfileBase |
| subjectAlternativeNameType | subjectAlternativeNameType | Certificate Subject Alternative Name Type. Inherited from androidWorkProfileCertificateProfileBase. Possible values are: none, emailAddress, userPrincipalName, customAzureADAttribute, domainNameService, universalResourceIdentifier. |
| certificationAuthority | String | PKCS Certification Authority |
| certificationAuthorityName | String | PKCS Certification Authority Name |
| certificateTemplateName | String | PKCS Certificate Template Name |
| subjectAlternativeNameFormatString | String | Custom String that defines the AAD Attribute. |
| subjectNameFormatString | String | Custom format to use with SubjectNameFormat = Custom. Example: CN={{EmailAddress}},E={{EmailAddress}},OU=Enterprise Users,O=Contoso Corporation,L=Redmond,ST=WA,C=US |
| certificateStore | certificateStore | Target store certificate. Possible values are: user, machine. |
| customSubjectAlternativeNames | customSubjectAlternativeName collection | Custom Subject Alternative Name Settings. This collection can contain a maximum of 500 elements. |
Graph reference: androidWorkProfileScepCertificateProfile
| Property | Type | Description |
|---|---|---|
| id | String | Key of the entity. Inherited from deviceConfiguration |
| lastModifiedDateTime | DateTimeOffset | DateTime the object was last modified. Inherited from deviceConfiguration |
| roleScopeTagIds | String collection | List of Scope Tags for this Entity instance. Inherited from deviceConfiguration |
| supportsScopeTags | Boolean | Indicates whether or not the underlying Device Configuration supports the assignment of scope tags. Assigning to the ScopeTags property is not allowed when this value is false and entities will not be visible to scoped users. This occurs for Legacy policies created in Silverlight and can be resolved by deleting and recreating the policy in the Azure Portal. This property is read-only. Inherited from deviceConfiguration |
| deviceManagementApplicabilityRuleOsEdition | deviceManagementApplicabilityRuleOsEdition | The OS edition applicability for this Policy. Inherited from deviceConfiguration |
| deviceManagementApplicabilityRuleOsVersion | deviceManagementApplicabilityRuleOsVersion | The OS version applicability rule for this Policy. Inherited from deviceConfiguration |
| deviceManagementApplicabilityRuleDeviceMode | deviceManagementApplicabilityRuleDeviceMode | The device mode applicability rule for this Policy. Inherited from deviceConfiguration |
| createdDateTime | DateTimeOffset | DateTime the object was created. Inherited from deviceConfiguration |
| description | String | Admin provided description of the Device Configuration. Inherited from deviceConfiguration |
| displayName | String | Admin provided name of the device configuration. Inherited from deviceConfiguration |
| version | Int32 | Version of the device configuration. Inherited from deviceConfiguration |
| renewalThresholdPercentage | Int32 | Certificate renewal threshold percentage. Valid values 1 to 99 Inherited from androidWorkProfileCertificateProfileBase |
| subjectNameFormat | subjectNameFormat | Certificate Subject Name Format. Inherited from androidWorkProfileCertificateProfileBase. Possible values are: commonName, commonNameIncludingEmail, commonNameAsEmail, custom, commonNameAsIMEI, commonNameAsSerialNumber, commonNameAsAadDeviceId, commonNameAsIntuneDeviceId, commonNameAsDurableDeviceId. |
| certificateValidityPeriodValue | Int32 | Value for the Certificate Validity Period. Inherited from androidWorkProfileCertificateProfileBase |
| certificateValidityPeriodScale | certificateValidityPeriodScale | Scale for the Certificate Validity Period. Inherited from androidWorkProfileCertificateProfileBase. Possible values are: days, months, years. |
| extendedKeyUsages | extendedKeyUsage collection | Extended Key Usage (EKU) settings. This collection can contain a maximum of 500 elements. Inherited from androidWorkProfileCertificateProfileBase |
| subjectAlternativeNameType | subjectAlternativeNameType | Certificate Subject Alternative Name Type. Inherited from androidWorkProfileCertificateProfileBase. Possible values are: none, emailAddress, userPrincipalName, customAzureADAttribute, domainNameService, universalResourceIdentifier. |
| scepServerUrls | String collection | SCEP Server Url(s) |
| subjectNameFormatString | String | Custom format to use with SubjectNameFormat = Custom. Example: CN={{EmailAddress}},E={{EmailAddress}},OU=Enterprise Users,O=Contoso Corporation,L=Redmond,ST=WA,C=US |
| keyUsage | keyUsages | SCEP Key Usage. Possible values are: keyEncipherment, digitalSignature. |
| keySize | keySize | SCEP Key Size. Possible values are: size1024, size2048, size4096. |
| hashAlgorithm | hashAlgorithms | SCEP Hash Algorithm. Possible values are: sha1, sha2. |
| subjectAlternativeNameFormatString | String | Custom String that defines the AAD Attribute. |
| certificateStore | certificateStore | Target store certificate. Possible values are: user, machine. |
| customSubjectAlternativeNames | customSubjectAlternativeName collection | Custom Subject Alternative Name Settings. This collection can contain a maximum of 500 elements. |
Graph reference: androidWorkProfileTrustedRootCertificate
| Property | Type | Description |
|---|---|---|
| id | String | Key of the entity. Inherited from deviceConfiguration |
| lastModifiedDateTime | DateTimeOffset | DateTime the object was last modified. Inherited from deviceConfiguration |
| roleScopeTagIds | String collection | List of Scope Tags for this Entity instance. Inherited from deviceConfiguration |
| supportsScopeTags | Boolean | Indicates whether or not the underlying Device Configuration supports the assignment of scope tags. Assigning to the ScopeTags property is not allowed when this value is false and entities will not be visible to scoped users. This occurs for Legacy policies created in Silverlight and can be resolved by deleting and recreating the policy in the Azure Portal. This property is read-only. Inherited from deviceConfiguration |
| deviceManagementApplicabilityRuleOsEdition | deviceManagementApplicabilityRuleOsEdition | The OS edition applicability for this Policy. Inherited from deviceConfiguration |
| deviceManagementApplicabilityRuleOsVersion | deviceManagementApplicabilityRuleOsVersion | The OS version applicability rule for this Policy. Inherited from deviceConfiguration |
| deviceManagementApplicabilityRuleDeviceMode | deviceManagementApplicabilityRuleDeviceMode | The device mode applicability rule for this Policy. Inherited from deviceConfiguration |
| createdDateTime | DateTimeOffset | DateTime the object was created. Inherited from deviceConfiguration |
| description | String | Admin provided description of the Device Configuration. Inherited from deviceConfiguration |
| displayName | String | Admin provided name of the device configuration. Inherited from deviceConfiguration |
| version | Int32 | Version of the device configuration. Inherited from deviceConfiguration |
| trustedRootCertificate | Binary | Trusted Root Certificate |
| certFileName | String | File name to display in UI. |
Graph reference: androidWorkProfileVpnConfiguration
| Property | Type | Description |
|---|---|---|
| id | String | Key of the entity. Inherited from deviceConfiguration |
| lastModifiedDateTime | DateTimeOffset | DateTime the object was last modified. Inherited from deviceConfiguration |
| roleScopeTagIds | String collection | List of Scope Tags for this Entity instance. Inherited from deviceConfiguration |
| supportsScopeTags | Boolean | Indicates whether or not the underlying Device Configuration supports the assignment of scope tags. Assigning to the ScopeTags property is not allowed when this value is false and entities will not be visible to scoped users. This occurs for Legacy policies created in Silverlight and can be resolved by deleting and recreating the policy in the Azure Portal. This property is read-only. Inherited from deviceConfiguration |
| deviceManagementApplicabilityRuleOsEdition | deviceManagementApplicabilityRuleOsEdition | The OS edition applicability for this Policy. Inherited from deviceConfiguration |
| deviceManagementApplicabilityRuleOsVersion | deviceManagementApplicabilityRuleOsVersion | The OS version applicability rule for this Policy. Inherited from deviceConfiguration |
| deviceManagementApplicabilityRuleDeviceMode | deviceManagementApplicabilityRuleDeviceMode | The device mode applicability rule for this Policy. Inherited from deviceConfiguration |
| createdDateTime | DateTimeOffset | DateTime the object was created. Inherited from deviceConfiguration |
| description | String | Admin provided description of the Device Configuration. Inherited from deviceConfiguration |
| displayName | String | Admin provided name of the device configuration. Inherited from deviceConfiguration |
| version | Int32 | Version of the device configuration. Inherited from deviceConfiguration |
| connectionName | String | Connection name displayed to the user. |
| connectionType | androidWorkProfileVpnConnectionType | Connection type. Possible values are: ciscoAnyConnect, pulseSecure, f5EdgeClient, dellSonicWallMobileConnect, checkPointCapsuleVpn, citrix, paloAltoGlobalProtect, microsoftTunnel, netMotionMobility, microsoftProtect. |
| role | String | Role when connection type is set to Pulse Secure. |
| realm | String | Realm when connection type is set to Pulse Secure. |
| servers | vpnServer collection | List of VPN Servers on the network. Make sure end users can access these network locations. This collection can contain a maximum of 500 elements. |
| fingerprint | String | Fingerprint is a string that will be used to verify the VPN server can be trusted, which is only applicable when connection type is Check Point Capsule VPN. |
| customData | keyValue collection | Custom data when connection type is set to Citrix. This collection can contain a maximum of 25 elements. |
| customKeyValueData | keyValuePair collection | Custom data when connection type is set to Citrix. This collection can contain a maximum of 25 elements. |
| authenticationMethod | vpnAuthenticationMethod | Authentication method. Possible values are: certificate, usernameAndPassword, sharedSecret, derivedCredential, azureAD. |
| proxyServer | vpnProxyServer | Proxy server. |
| targetedPackageIds | String collection | Targeted App package IDs. |
| targetedMobileApps | appListItem collection | Targeted mobile apps. This collection can contain a maximum of 500 elements. |
| alwaysOn | Boolean | Whether or not to enable always-on VPN connection. |
| alwaysOnLockdown | Boolean | If always-on VPN connection is enabled, whether or not to lock network traffic when that VPN is disconnected. |
| microsoftTunnelSiteId | String | Microsoft Tunnel site ID. |
| proxyExclusionList | String collection | List of hosts to exclude using the proxy on connections for. These hosts can use wildcards such as *. |
Graph reference: androidWorkProfileWiFiConfiguration
| Property | Type | Description |
|---|---|---|
| id | String | Key of the entity. Inherited from deviceConfiguration |
| lastModifiedDateTime | DateTimeOffset | DateTime the object was last modified. Inherited from deviceConfiguration |
| roleScopeTagIds | String collection | List of Scope Tags for this Entity instance. Inherited from deviceConfiguration |
| supportsScopeTags | Boolean | Indicates whether or not the underlying Device Configuration supports the assignment of scope tags. Assigning to the ScopeTags property is not allowed when this value is false and entities will not be visible to scoped users. This occurs for Legacy policies created in Silverlight and can be resolved by deleting and recreating the policy in the Azure Portal. This property is read-only. Inherited from deviceConfiguration |
| deviceManagementApplicabilityRuleOsEdition | deviceManagementApplicabilityRuleOsEdition | The OS edition applicability for this Policy. Inherited from deviceConfiguration |
| deviceManagementApplicabilityRuleOsVersion | deviceManagementApplicabilityRuleOsVersion | The OS version applicability rule for this Policy. Inherited from deviceConfiguration |
| deviceManagementApplicabilityRuleDeviceMode | deviceManagementApplicabilityRuleDeviceMode | The device mode applicability rule for this Policy. Inherited from deviceConfiguration |
| createdDateTime | DateTimeOffset | DateTime the object was created. Inherited from deviceConfiguration |
| description | String | Admin provided description of the Device Configuration. Inherited from deviceConfiguration |
| displayName | String | Admin provided name of the device configuration. Inherited from deviceConfiguration |
| version | Int32 | Version of the device configuration. Inherited from deviceConfiguration |
| networkName | String | The name of the Wi-Fi network. |
| ssid | String | This is the name of the Wi-Fi network that is broadcast to all devices. |
| connectAutomatically | Boolean | When set to true, device will connect automatically to the Wi-Fi network when in range, skipping the user prompt. When false, user will need to connect manually through Settings on the Android device. Default value is false. |
| connectWhenNetworkNameIsHidden | Boolean | When set to true, this profile forces the device to connect to a network that doesn't broadcast its SSID to all devices. When false, device will not automatically connect to hidden networks. Default value is false. |
| wiFiSecurityType | androidWiFiSecurityType | The possible security types for Android Wi-Fi profiles. Default value Open, indicates no authentication required for the network. The security protocols supported are WEP, WPA and WPA2. WpaEnterprise and Wpa2Enterprise options are available for Enterprise Wi-Fi profiles. Wep and WpaPersonal (supports WPA and WPA2) options are available for Basic Wi-Fi profiles. Possible values are: open, wpaEnterprise, wpa2Enterprise, wep, wpaPersonal, unknownFutureValue. |
| preSharedKey | String | Specify the pre-shared key for a WEP or WPA personal Wi-Fi network. Restrictions depend on the value set for wiFiSecurityType. If WEP type security is used, then preSharedKey must be a valid passphrase (5 or 13 characters) or a valid HEX key (10 or 26 hexidecimal characters). If WPA security type is used, then preSharedKey can be any string between 8 and 64 characters long. |
| preSharedKeyIsSet | Boolean | When set to true, indicates that the pre-shared key is configured. When set to false, indicates that pre-shared key is not configured (any values set for preSharedKey will be ignored). Default value is false. |
| proxySettings | wiFiProxySetting | Proxy Type for this Wi-Fi connection. Possible values are: none, manual, automatic, unknownFutureValue. |
| proxyAutomaticConfigurationUrl | String | URL of the proxy server automatic configuration script when automatic configuration is selected. This URL is typically the location of PAC (Proxy Auto Configuration) file. |
Graph reference: aospDeviceOwnerCertificateProfileBase
| Property | Type | Description |
|---|---|---|
| id | String | Key of the entity. Inherited from deviceConfiguration |
| lastModifiedDateTime | DateTimeOffset | DateTime the object was last modified. Inherited from deviceConfiguration |
| roleScopeTagIds | String collection | List of Scope Tags for this Entity instance. Inherited from deviceConfiguration |
| supportsScopeTags | Boolean | Indicates whether or not the underlying Device Configuration supports the assignment of scope tags. Assigning to the ScopeTags property is not allowed when this value is false and entities will not be visible to scoped users. This occurs for Legacy policies created in Silverlight and can be resolved by deleting and recreating the policy in the Azure Portal. This property is read-only. Inherited from deviceConfiguration |
| deviceManagementApplicabilityRuleOsEdition | deviceManagementApplicabilityRuleOsEdition | The OS edition applicability for this Policy. Inherited from deviceConfiguration |
| deviceManagementApplicabilityRuleOsVersion | deviceManagementApplicabilityRuleOsVersion | The OS version applicability rule for this Policy. Inherited from deviceConfiguration |
| deviceManagementApplicabilityRuleDeviceMode | deviceManagementApplicabilityRuleDeviceMode | The device mode applicability rule for this Policy. Inherited from deviceConfiguration |
| createdDateTime | DateTimeOffset | DateTime the object was created. Inherited from deviceConfiguration |
| description | String | Admin provided description of the Device Configuration. Inherited from deviceConfiguration |
| displayName | String | Admin provided name of the device configuration. Inherited from deviceConfiguration |
| version | Int32 | Version of the device configuration. Inherited from deviceConfiguration |
| renewalThresholdPercentage | Int32 | Certificate renewal threshold percentage. Valid values 1 to 99 |
| subjectNameFormat | subjectNameFormat | Certificate Subject Name Format. This collection can contain a maximum of 500 elements. Possible values are: commonName, commonNameIncludingEmail, commonNameAsEmail, custom, commonNameAsIMEI, commonNameAsSerialNumber, commonNameAsAadDeviceId, commonNameAsIntuneDeviceId, commonNameAsDurableDeviceId. |
| certificateValidityPeriodValue | Int32 | Value for the Certificate Validity Period. |
| certificateValidityPeriodScale | certificateValidityPeriodScale | Scale for the Certificate Validity Period. Possible values are: days, months, years. |
| extendedKeyUsages | extendedKeyUsage collection | Extended Key Usage (EKU) settings. This collection can contain a maximum of 500 elements. |
| subjectAlternativeNameType | subjectAlternativeNameType | Certificate Subject Alternative Name Type. This collection can contain a maximum of 500 elements. Possible values are: none, emailAddress, userPrincipalName, customAzureADAttribute, domainNameService, universalResourceIdentifier. |
Graph reference: aospDeviceOwnerCompliancePolicy
| Property | Type | Description |
|---|---|---|
| roleScopeTagIds | String collection | List of Scope Tags for this Entity instance. Inherited from deviceCompliancePolicy |
| id | String | Key of the entity. Inherited from deviceCompliancePolicy |
| createdDateTime | DateTimeOffset | DateTime the object was created. Inherited from deviceCompliancePolicy |
| description | String | Admin provided description of the Device Configuration. Inherited from deviceCompliancePolicy |
| lastModifiedDateTime | DateTimeOffset | DateTime the object was last modified. Inherited from deviceCompliancePolicy |
| displayName | String | Admin provided name of the device configuration. Inherited from deviceCompliancePolicy |
| version | Int32 | Version of the device configuration. Inherited from deviceCompliancePolicy |
| osMinimumVersion | String | Minimum Android version. |
| osMaximumVersion | String | Maximum Android version. |
| minAndroidSecurityPatchLevel | String | Minimum Android security patch level. |
| securityBlockJailbrokenDevices | Boolean | Indicates the device should not be rooted. When TRUE, if the device is detected as rooted it will be reported non-compliant. When FALSE, the device is not reported as non-compliant regardless of device rooted state. Default is FALSE. |
| passwordRequired | Boolean | Require a password to unlock device. |
| passwordRequiredType | androidDeviceOwnerRequiredPasswordType | Type of characters in password. Possible values are: deviceDefault, required, numeric, numericComplex, alphabetic, alphanumeric, alphanumericWithSymbols, lowSecurityBiometric, customPassword. |
| passwordMinutesOfInactivityBeforeLock | Int32 | Minutes of inactivity before a password is required. Valid values 1 to 8640 |
| passwordMinimumLength | Int32 | Minimum password length. Valid values 4 to 16 |
| storageRequireEncryption | Boolean | Require encryption on Android devices. |
Graph reference: aospDeviceOwnerDeviceConfiguration
| Property | Type | Description |
|---|---|---|
| id | String | Key of the entity. Inherited from deviceConfiguration |
| lastModifiedDateTime | DateTimeOffset | DateTime the object was last modified. Inherited from deviceConfiguration |
| roleScopeTagIds | String collection | List of Scope Tags for this Entity instance. Inherited from deviceConfiguration |
| supportsScopeTags | Boolean | Indicates whether or not the underlying Device Configuration supports the assignment of scope tags. Assigning to the ScopeTags property is not allowed when this value is false and entities will not be visible to scoped users. This occurs for Legacy policies created in Silverlight and can be resolved by deleting and recreating the policy in the Azure Portal. This property is read-only. Inherited from deviceConfiguration |
| deviceManagementApplicabilityRuleOsEdition | deviceManagementApplicabilityRuleOsEdition | The OS edition applicability for this Policy. Inherited from deviceConfiguration |
| deviceManagementApplicabilityRuleOsVersion | deviceManagementApplicabilityRuleOsVersion | The OS version applicability rule for this Policy. Inherited from deviceConfiguration |
| deviceManagementApplicabilityRuleDeviceMode | deviceManagementApplicabilityRuleDeviceMode | The device mode applicability rule for this Policy. Inherited from deviceConfiguration |
| createdDateTime | DateTimeOffset | DateTime the object was created. Inherited from deviceConfiguration |
| description | String | Admin provided description of the Device Configuration. Inherited from deviceConfiguration |
| displayName | String | Admin provided name of the device configuration. Inherited from deviceConfiguration |
| version | Int32 | Version of the device configuration. Inherited from deviceConfiguration |
| appsBlockInstallFromUnknownSources | Boolean | Indicates whether or not the user is allowed to enable unknown sources setting. When set to true, user is not allowed to enable unknown sources settings. |
| bluetoothBlocked | Boolean | Indicates whether or not to disable the use of bluetooth. When set to true, bluetooth cannot be enabled on the device. |
| bluetoothBlockConfiguration | Boolean | Indicates whether or not to block a user from configuring bluetooth. |
| cameraBlocked | Boolean | Indicates whether or not to disable the use of the camera. |
| factoryResetBlocked | Boolean | Indicates whether or not the factory reset option in settings is disabled. |
| passwordMinimumLength | Int32 | Indicates the minimum length of the password required on the device. Valid values 4 to 16 |
| passwordMinutesOfInactivityBeforeScreenTimeout | Int32 | Minutes of inactivity before the screen times out. |
| passwordRequiredType | androidDeviceOwnerRequiredPasswordType | Indicates the minimum password quality required on the device. Possible values are: deviceDefault, required, numeric, numericComplex, alphabetic, alphanumeric, alphanumericWithSymbols, lowSecurityBiometric, customPassword. |
| passwordSignInFailureCountBeforeFactoryReset | Int32 | Indicates the number of times a user can enter an incorrect password before the device is wiped. Valid values 4 to 11 |
| screenCaptureBlocked | Boolean | Indicates whether or not to disable the capability to take screenshots. |
| securityAllowDebuggingFeatures | Boolean | Indicates whether or not to block the user from enabling debugging features on the device. |
| storageBlockExternalMedia | Boolean | Indicates whether or not to block external media. |
| storageBlockUsbFileTransfer | Boolean | Indicates whether or not to block USB file transfer. |
| wifiBlockEditConfigurations | Boolean | Indicates whether or not to block the user from editing the wifi connection settings. |
Graph reference: aospDeviceOwnerEnterpriseWiFiConfiguration
| Property | Type | Description |
|---|---|---|
| id | String | Key of the entity. Inherited from deviceConfiguration |
| lastModifiedDateTime | DateTimeOffset | DateTime the object was last modified. Inherited from deviceConfiguration |
| roleScopeTagIds | String collection | List of Scope Tags for this Entity instance. Inherited from deviceConfiguration |
| supportsScopeTags | Boolean | Indicates whether or not the underlying Device Configuration supports the assignment of scope tags. Assigning to the ScopeTags property is not allowed when this value is false and entities will not be visible to scoped users. This occurs for Legacy policies created in Silverlight and can be resolved by deleting and recreating the policy in the Azure Portal. This property is read-only. Inherited from deviceConfiguration |
| deviceManagementApplicabilityRuleOsEdition | deviceManagementApplicabilityRuleOsEdition | The OS edition applicability for this Policy. Inherited from deviceConfiguration |
| deviceManagementApplicabilityRuleOsVersion | deviceManagementApplicabilityRuleOsVersion | The OS version applicability rule for this Policy. Inherited from deviceConfiguration |
| deviceManagementApplicabilityRuleDeviceMode | deviceManagementApplicabilityRuleDeviceMode | The device mode applicability rule for this Policy. Inherited from deviceConfiguration |
| createdDateTime | DateTimeOffset | DateTime the object was created. Inherited from deviceConfiguration |
| description | String | Admin provided description of the Device Configuration. Inherited from deviceConfiguration |
| displayName | String | Admin provided name of the device configuration. Inherited from deviceConfiguration |
| version | Int32 | Version of the device configuration. Inherited from deviceConfiguration |
| networkName | String | Network Name Inherited from aospDeviceOwnerWiFiConfiguration |
| ssid | String | This is the name of the Wi-Fi network that is broadcast to all devices. Inherited from aospDeviceOwnerWiFiConfiguration |
| connectAutomatically | Boolean | Connect automatically when this network is in range. Setting this to true will skip the user prompt and automatically connect the device to Wi-Fi network. Inherited from aospDeviceOwnerWiFiConfiguration |
| connectWhenNetworkNameIsHidden | Boolean | When set to true, this profile forces the device to connect to a network that doesn't broadcast its SSID to all devices. Inherited from aospDeviceOwnerWiFiConfiguration |
| wiFiSecurityType | aospDeviceOwnerWiFiSecurityType | Indicates whether Wi-Fi endpoint uses an EAP based security type. Inherited from aospDeviceOwnerWiFiConfiguration. Possible values are: open, wep, wpaPersonal, wpaEnterprise. |
| preSharedKey | String | This is the pre-shared key for WPA Personal Wi-Fi network. Inherited from aospDeviceOwnerWiFiConfiguration |
| preSharedKeyIsSet | Boolean | This is the pre-shared key for WPA Personal Wi-Fi network. Inherited from aospDeviceOwnerWiFiConfiguration |
| proxySetting | wiFiProxySetting | Specify the proxy setting for Wi-Fi configuration. Possible values include none, manual, and automatic. Inherited from aospDeviceOwnerWiFiConfiguration. Possible values are: none, manual, automatic, unknownFutureValue. |
| proxyManualAddress | String | Specify the proxy server IP address. Both IPv4 and IPv6 addresses are supported. For example: 192.168.1.1. Inherited from aospDeviceOwnerWiFiConfiguration |
| proxyManualPort | Int32 | Specify the proxy server port. Inherited from aospDeviceOwnerWiFiConfiguration |
| proxyAutomaticConfigurationUrl | String | Specify the proxy server configuration script URL. Inherited from aospDeviceOwnerWiFiConfiguration |
| proxyExclusionList | String collection | List of hosts to exclude using the proxy on connections for. These hosts can use wildcards such as *.example.com. Inherited from aospDeviceOwnerWiFiConfiguration |
| eapType | androidEapType | Indicates the type of EAP protocol set on the Wi-Fi endpoint (router). Possible values are: eapTls, eapTtls, peap. |
| trustedServerCertificateNames | String collection | Trusted server certificate names when EAP Type is configured to EAP-TLS/TTLS/FAST or PEAP. This is the common name used in the certificates issued by your trusted certificate authority (CA). If you provide this information, you can bypass the dynamic trust dialog that is displayed on end users' devices when they connect to this Wi-Fi network. |
| authenticationMethod | wiFiAuthenticationMethod | Indicates the Authentication Method the client (device) needs to use when the EAP Type is configured to PEAP or EAP-TTLS. Possible values are: certificate, usernameAndPassword, derivedCredential. |
| innerAuthenticationProtocolForEapTtls | nonEapAuthenticationMethodForEapTtlsType | Non-EAP Method for Authentication (Inner Identity) when EAP Type is EAP-TTLS and Authenticationmethod is Username and Password. Possible values are: unencryptedPassword, challengeHandshakeAuthenticationProtocol, microsoftChap, microsoftChapVersionTwo. |
| innerAuthenticationProtocolForPeap | nonEapAuthenticationMethodForPeap | Non-EAP Method for Authentication (Inner Identity) when EAP Type is PEAP and Authenticationmethod is Username and Password. This collection can contain a maximum of 500 elements. Possible values are: none, microsoftChapVersionTwo. |
| outerIdentityPrivacyTemporaryValue | String | Enable identity privacy (Outer Identity) when EAP Type is configured to EAP-TTLS or PEAP. The String provided here is used to mask the username of individual users when they attempt to connect to Wi-Fi network. |
Graph reference: aospDeviceOwnerPkcsCertificateProfile
| Property | Type | Description |
|---|---|---|
| id | String | Key of the entity. Inherited from deviceConfiguration |
| lastModifiedDateTime | DateTimeOffset | DateTime the object was last modified. Inherited from deviceConfiguration |
| roleScopeTagIds | String collection | List of Scope Tags for this Entity instance. Inherited from deviceConfiguration |
| supportsScopeTags | Boolean | Indicates whether or not the underlying Device Configuration supports the assignment of scope tags. Assigning to the ScopeTags property is not allowed when this value is false and entities will not be visible to scoped users. This occurs for Legacy policies created in Silverlight and can be resolved by deleting and recreating the policy in the Azure Portal. This property is read-only. Inherited from deviceConfiguration |
| deviceManagementApplicabilityRuleOsEdition | deviceManagementApplicabilityRuleOsEdition | The OS edition applicability for this Policy. Inherited from deviceConfiguration |
| deviceManagementApplicabilityRuleOsVersion | deviceManagementApplicabilityRuleOsVersion | The OS version applicability rule for this Policy. Inherited from deviceConfiguration |
| deviceManagementApplicabilityRuleDeviceMode | deviceManagementApplicabilityRuleDeviceMode | The device mode applicability rule for this Policy. Inherited from deviceConfiguration |
| createdDateTime | DateTimeOffset | DateTime the object was created. Inherited from deviceConfiguration |
| description | String | Admin provided description of the Device Configuration. Inherited from deviceConfiguration |
| displayName | String | Admin provided name of the device configuration. Inherited from deviceConfiguration |
| version | Int32 | Version of the device configuration. Inherited from deviceConfiguration |
| renewalThresholdPercentage | Int32 | Certificate renewal threshold percentage. Valid values 1 to 99 Inherited from aospDeviceOwnerCertificateProfileBase |
| subjectNameFormat | subjectNameFormat | Certificate Subject Name Format. This collection can contain a maximum of 500 elements. Inherited from aospDeviceOwnerCertificateProfileBase. Possible values are: commonName, commonNameIncludingEmail, commonNameAsEmail, custom, commonNameAsIMEI, commonNameAsSerialNumber, commonNameAsAadDeviceId, commonNameAsIntuneDeviceId, commonNameAsDurableDeviceId. |
| certificateValidityPeriodValue | Int32 | Value for the Certificate Validity Period. Inherited from aospDeviceOwnerCertificateProfileBase |
| certificateValidityPeriodScale | certificateValidityPeriodScale | Scale for the Certificate Validity Period. Inherited from aospDeviceOwnerCertificateProfileBase. Possible values are: days, months, years. |
| extendedKeyUsages | extendedKeyUsage collection | Extended Key Usage (EKU) settings. This collection can contain a maximum of 500 elements. Inherited from aospDeviceOwnerCertificateProfileBase |
| subjectAlternativeNameType | subjectAlternativeNameType | Certificate Subject Alternative Name Type. This collection can contain a maximum of 500 elements. Inherited from aospDeviceOwnerCertificateProfileBase. Possible values are: none, emailAddress, userPrincipalName, customAzureADAttribute, domainNameService, universalResourceIdentifier. |
| certificationAuthority | String | PKCS Certification Authority |
| certificationAuthorityName | String | PKCS Certification Authority Name |
| certificationAuthorityType | deviceManagementCertificationAuthority | Certification authority type. Possible values are: notConfigured, microsoft, digiCert. |
| certificateTemplateName | String | PKCS Certificate Template Name |
| subjectAlternativeNameFormatString | String | Custom String that defines the AAD Attribute. |
| subjectNameFormatString | String | Custom format to use with SubjectNameFormat = Custom. Example: CN={{EmailAddress}},E={{EmailAddress}},OU=Enterprise Users,O=Contoso Corporation,L=Redmond,ST=WA,C=US |
| certificateStore | certificateStore | Target store certificate. Possible values are: user, machine. |
| customSubjectAlternativeNames | customSubjectAlternativeName collection | Custom Subject Alternative Name Settings. This collection can contain a maximum of 500 elements. |
Graph reference: aospDeviceOwnerScepCertificateProfile
| Property | Type | Description |
|---|---|---|
| id | String | Key of the entity. Inherited from deviceConfiguration |
| lastModifiedDateTime | DateTimeOffset | DateTime the object was last modified. Inherited from deviceConfiguration |
| roleScopeTagIds | String collection | List of Scope Tags for this Entity instance. Inherited from deviceConfiguration |
| supportsScopeTags | Boolean | Indicates whether or not the underlying Device Configuration supports the assignment of scope tags. Assigning to the ScopeTags property is not allowed when this value is false and entities will not be visible to scoped users. This occurs for Legacy policies created in Silverlight and can be resolved by deleting and recreating the policy in the Azure Portal. This property is read-only. Inherited from deviceConfiguration |
| deviceManagementApplicabilityRuleOsEdition | deviceManagementApplicabilityRuleOsEdition | The OS edition applicability for this Policy. Inherited from deviceConfiguration |
| deviceManagementApplicabilityRuleOsVersion | deviceManagementApplicabilityRuleOsVersion | The OS version applicability rule for this Policy. Inherited from deviceConfiguration |
| deviceManagementApplicabilityRuleDeviceMode | deviceManagementApplicabilityRuleDeviceMode | The device mode applicability rule for this Policy. Inherited from deviceConfiguration |
| createdDateTime | DateTimeOffset | DateTime the object was created. Inherited from deviceConfiguration |
| description | String | Admin provided description of the Device Configuration. Inherited from deviceConfiguration |
| displayName | String | Admin provided name of the device configuration. Inherited from deviceConfiguration |
| version | Int32 | Version of the device configuration. Inherited from deviceConfiguration |
| renewalThresholdPercentage | Int32 | Certificate renewal threshold percentage. Valid values 1 to 99 Inherited from aospDeviceOwnerCertificateProfileBase |
| subjectNameFormat | subjectNameFormat | Certificate Subject Name Format. This collection can contain a maximum of 500 elements. Inherited from aospDeviceOwnerCertificateProfileBase. Possible values are: commonName, commonNameIncludingEmail, commonNameAsEmail, custom, commonNameAsIMEI, commonNameAsSerialNumber, commonNameAsAadDeviceId, commonNameAsIntuneDeviceId, commonNameAsDurableDeviceId. |
| certificateValidityPeriodValue | Int32 | Value for the Certificate Validity Period. Inherited from aospDeviceOwnerCertificateProfileBase |
| certificateValidityPeriodScale | certificateValidityPeriodScale | Scale for the Certificate Validity Period. Inherited from aospDeviceOwnerCertificateProfileBase. Possible values are: days, months, years. |
| extendedKeyUsages | extendedKeyUsage collection | Extended Key Usage (EKU) settings. This collection can contain a maximum of 500 elements. Inherited from aospDeviceOwnerCertificateProfileBase |
| subjectAlternativeNameType | subjectAlternativeNameType | Certificate Subject Alternative Name Type. This collection can contain a maximum of 500 elements. Inherited from aospDeviceOwnerCertificateProfileBase. Possible values are: none, emailAddress, userPrincipalName, customAzureADAttribute, domainNameService, universalResourceIdentifier. |
| scepServerUrls | String collection | SCEP Server Url(s) |
| subjectNameFormatString | String | Custom format to use with SubjectNameFormat = Custom. Example: CN={{EmailAddress}},E={{EmailAddress}},OU=Enterprise Users,O=Contoso Corporation,L=Redmond,ST=WA,C=US |
| keyUsage | keyUsages | SCEP Key Usage. Possible values are: keyEncipherment, digitalSignature. |
| keySize | keySize | SCEP Key Size. Possible values are: size1024, size2048, size4096. |
| hashAlgorithm | hashAlgorithms | SCEP Hash Algorithm. Possible values are: sha1, sha2. |
| subjectAlternativeNameFormatString | String | Custom String that defines the AAD Attribute. |
| certificateStore | certificateStore | Target store certificate. This collection can contain a maximum of 500 elements. Possible values are: user, machine. |
| customSubjectAlternativeNames | customSubjectAlternativeName collection | Custom Subject Alternative Name Settings. This collection can contain a maximum of 500 elements. |
Graph reference: aospDeviceOwnerTrustedRootCertificate
| Property | Type | Description |
|---|---|---|
| id | String | Key of the entity. Inherited from deviceConfiguration |
| lastModifiedDateTime | DateTimeOffset | DateTime the object was last modified. Inherited from deviceConfiguration |
| roleScopeTagIds | String collection | List of Scope Tags for this Entity instance. Inherited from deviceConfiguration |
| supportsScopeTags | Boolean | Indicates whether or not the underlying Device Configuration supports the assignment of scope tags. Assigning to the ScopeTags property is not allowed when this value is false and entities will not be visible to scoped users. This occurs for Legacy policies created in Silverlight and can be resolved by deleting and recreating the policy in the Azure Portal. This property is read-only. Inherited from deviceConfiguration |
| deviceManagementApplicabilityRuleOsEdition | deviceManagementApplicabilityRuleOsEdition | The OS edition applicability for this Policy. Inherited from deviceConfiguration |
| deviceManagementApplicabilityRuleOsVersion | deviceManagementApplicabilityRuleOsVersion | The OS version applicability rule for this Policy. Inherited from deviceConfiguration |
| deviceManagementApplicabilityRuleDeviceMode | deviceManagementApplicabilityRuleDeviceMode | The device mode applicability rule for this Policy. Inherited from deviceConfiguration |
| createdDateTime | DateTimeOffset | DateTime the object was created. Inherited from deviceConfiguration |
| description | String | Admin provided description of the Device Configuration. Inherited from deviceConfiguration |
| displayName | String | Admin provided name of the device configuration. Inherited from deviceConfiguration |
| version | Int32 | Version of the device configuration. Inherited from deviceConfiguration |
| trustedRootCertificate | Binary | Trusted Root Certificate |
| certFileName | String | File name to display in UI. |
Graph reference: aospDeviceOwnerWiFiConfiguration
| Property | Type | Description |
|---|---|---|
| id | String | Key of the entity. Inherited from deviceConfiguration |
| lastModifiedDateTime | DateTimeOffset | DateTime the object was last modified. Inherited from deviceConfiguration |
| roleScopeTagIds | String collection | List of Scope Tags for this Entity instance. Inherited from deviceConfiguration |
| supportsScopeTags | Boolean | Indicates whether or not the underlying Device Configuration supports the assignment of scope tags. Assigning to the ScopeTags property is not allowed when this value is false and entities will not be visible to scoped users. This occurs for Legacy policies created in Silverlight and can be resolved by deleting and recreating the policy in the Azure Portal. This property is read-only. Inherited from deviceConfiguration |
| deviceManagementApplicabilityRuleOsEdition | deviceManagementApplicabilityRuleOsEdition | The OS edition applicability for this Policy. Inherited from deviceConfiguration |
| deviceManagementApplicabilityRuleOsVersion | deviceManagementApplicabilityRuleOsVersion | The OS version applicability rule for this Policy. Inherited from deviceConfiguration |
| deviceManagementApplicabilityRuleDeviceMode | deviceManagementApplicabilityRuleDeviceMode | The device mode applicability rule for this Policy. Inherited from deviceConfiguration |
| createdDateTime | DateTimeOffset | DateTime the object was created. Inherited from deviceConfiguration |
| description | String | Admin provided description of the Device Configuration. Inherited from deviceConfiguration |
| displayName | String | Admin provided name of the device configuration. Inherited from deviceConfiguration |
| version | Int32 | Version of the device configuration. Inherited from deviceConfiguration |
| networkName | String | Network Name |
| ssid | String | This is the name of the Wi-Fi network that is broadcast to all devices. |
| connectAutomatically | Boolean | Connect automatically when this network is in range. Setting this to true will skip the user prompt and automatically connect the device to Wi-Fi network. |
| connectWhenNetworkNameIsHidden | Boolean | When set to true, this profile forces the device to connect to a network that doesn't broadcast its SSID to all devices. |
| wiFiSecurityType | aospDeviceOwnerWiFiSecurityType | Indicates whether Wi-Fi endpoint uses an EAP based security type. Possible values are: open, wep, wpaPersonal, wpaEnterprise. |
| preSharedKey | String | This is the pre-shared key for WPA Personal Wi-Fi network. |
| preSharedKeyIsSet | Boolean | This is the pre-shared key for WPA Personal Wi-Fi network. |
| proxySetting | wiFiProxySetting | Specify the proxy setting for Wi-Fi configuration. Possible values include none, manual, and automatic. Possible values are: none, manual, automatic, unknownFutureValue. |
| proxyManualAddress | String | Specify the proxy server IP address. Both IPv4 and IPv6 addresses are supported. For example: 192.168.1.1. |
| proxyManualPort | Int32 | Specify the proxy server port. |
| proxyAutomaticConfigurationUrl | String | Specify the proxy server configuration script URL. |
| proxyExclusionList | String collection | List of hosts to exclude using the proxy on connections for. These hosts can use wildcards such as *. |
Graph reference: appleDeviceFeaturesConfigurationBase
| Property | Type | Description |
|---|---|---|
| id | String | Key of the entity. Inherited from deviceConfiguration |
| lastModifiedDateTime | DateTimeOffset | DateTime the object was last modified. Inherited from deviceConfiguration |
| createdDateTime | DateTimeOffset | DateTime the object was created. Inherited from deviceConfiguration |
| description | String | Admin provided description of the Device Configuration. Inherited from deviceConfiguration |
| displayName | String | Admin provided name of the device configuration. Inherited from deviceConfiguration |
| version | Int32 | Version of the device configuration. Inherited from deviceConfiguration |
Graph reference: appleExpeditedCheckinConfigurationBase
| Property | Type | Description |
|---|---|---|
| id | String | Key of the entity. Inherited from deviceConfiguration |
| lastModifiedDateTime | DateTimeOffset | DateTime the object was last modified. Inherited from deviceConfiguration |
| roleScopeTagIds | String collection | List of Scope Tags for this Entity instance. Inherited from deviceConfiguration |
| supportsScopeTags | Boolean | Indicates whether or not the underlying Device Configuration supports the assignment of scope tags. Assigning to the ScopeTags property is not allowed when this value is false and entities will not be visible to scoped users. This occurs for Legacy policies created in Silverlight and can be resolved by deleting and recreating the policy in the Azure Portal. This property is read-only. Inherited from deviceConfiguration |
| deviceManagementApplicabilityRuleOsEdition | deviceManagementApplicabilityRuleOsEdition | The OS edition applicability for this Policy. Inherited from deviceConfiguration |
| deviceManagementApplicabilityRuleOsVersion | deviceManagementApplicabilityRuleOsVersion | The OS version applicability rule for this Policy. Inherited from deviceConfiguration |
| deviceManagementApplicabilityRuleDeviceMode | deviceManagementApplicabilityRuleDeviceMode | The device mode applicability rule for this Policy. Inherited from deviceConfiguration |
| createdDateTime | DateTimeOffset | DateTime the object was created. Inherited from deviceConfiguration |
| description | String | Admin provided description of the Device Configuration. Inherited from deviceConfiguration |
| displayName | String | Admin provided name of the device configuration. Inherited from deviceConfiguration |
| version | Int32 | Version of the device configuration. Inherited from deviceConfiguration |
| enableExpeditedCheckin | Boolean | Gets or sets whether to enable expedited device check-ins. |
Graph reference: appleVpnConfiguration
| Property | Type | Description |
|---|---|---|
| id | String | Key of the entity. Inherited from deviceConfiguration |
| lastModifiedDateTime | DateTimeOffset | DateTime the object was last modified. Inherited from deviceConfiguration |
| roleScopeTagIds | String collection | List of Scope Tags for this Entity instance. Inherited from deviceConfiguration |
| supportsScopeTags | Boolean | Indicates whether or not the underlying Device Configuration supports the assignment of scope tags. Assigning to the ScopeTags property is not allowed when this value is false and entities will not be visible to scoped users. This occurs for Legacy policies created in Silverlight and can be resolved by deleting and recreating the policy in the Azure Portal. This property is read-only. Inherited from deviceConfiguration |
| deviceManagementApplicabilityRuleOsEdition | deviceManagementApplicabilityRuleOsEdition | The OS edition applicability for this Policy. Inherited from deviceConfiguration |
| deviceManagementApplicabilityRuleOsVersion | deviceManagementApplicabilityRuleOsVersion | The OS version applicability rule for this Policy. Inherited from deviceConfiguration |
| deviceManagementApplicabilityRuleDeviceMode | deviceManagementApplicabilityRuleDeviceMode | The device mode applicability rule for this Policy. Inherited from deviceConfiguration |
| createdDateTime | DateTimeOffset | DateTime the object was created. Inherited from deviceConfiguration |
| description | String | Admin provided description of the Device Configuration. Inherited from deviceConfiguration |
| displayName | String | Admin provided name of the device configuration. Inherited from deviceConfiguration |
| version | Int32 | Version of the device configuration. Inherited from deviceConfiguration |
| connectionName | String | Connection name displayed to the user. |
| connectionType | appleVpnConnectionType | Connection type. Possible values are: ciscoAnyConnect, pulseSecure, f5EdgeClient, dellSonicWallMobileConnect, checkPointCapsuleVpn, customVpn, ciscoIPSec, citrix, ciscoAnyConnectV2, paloAltoGlobalProtect, zscalerPrivateAccess, f5Access2018, citrixSso, paloAltoGlobalProtectV2, ikEv2, alwaysOn, microsoftTunnel, netMotionMobility, microsoftProtect. |
| loginGroupOrDomain | String | Login group or domain when connection type is set to Dell SonicWALL Mobile Connection. |
| role | String | Role when connection type is set to Pulse Secure. |
| realm | String | Realm when connection type is set to Pulse Secure. |
| server | vpnServer | VPN Server on the network. Make sure end users can access this network location. |
| identifier | String | Identifier provided by VPN vendor when connection type is set to Custom VPN. For example: Cisco AnyConnect uses an identifier of the form com.cisco.anyconnect.applevpn.plugin |
| customData | keyValue collection | Custom data when connection type is set to Custom VPN. Use this field to enable functionality not supported by Intune, but available in your VPN solution. Contact your VPN vendor to learn how to add these key/value pairs. This collection can contain a maximum of 25 elements. |
| customKeyValueData | keyValuePair collection | Custom data when connection type is set to Custom VPN. Use this field to enable functionality not supported by Intune, but available in your VPN solution. Contact your VPN vendor to learn how to add these key/value pairs. This collection can contain a maximum of 25 elements. |
| enableSplitTunneling | Boolean | Send all network traffic through VPN. |
| authenticationMethod | vpnAuthenticationMethod | Authentication method for this VPN connection. Possible values are: certificate, usernameAndPassword, sharedSecret, derivedCredential, azureAD. |
| enablePerApp | Boolean | Setting this to true creates Per-App VPN payload which can later be associated with Apps that can trigger this VPN conneciton on the end user's iOS device. |
| safariDomains | String collection | Safari domains when this VPN per App setting is enabled. In addition to the apps associated with this VPN, Safari domains specified here will also be able to trigger this VPN connection. |
| onDemandRules | vpnOnDemandRule collection | On-Demand Rules. This collection can contain a maximum of 500 elements. |
| providerType | vpnProviderType | Provider type for per-app VPN. Possible values are: notConfigured, appProxy, packetTunnel. |
| associatedDomains | String collection | Associated Domains |
| excludedDomains | String collection | Domains that are accessed through the public internet instead of through VPN, even when per-app VPN is activated |
| disableOnDemandUserOverride | Boolean | Toggle to prevent user from disabling automatic VPN in the Settings app |
| disconnectOnIdle | Boolean | Whether to disconnect after on-demand connection idles |
| disconnectOnIdleTimerInSeconds | Int32 | The length of time in seconds to wait before disconnecting an on-demand connection. Valid values 0 to 65535 |
| proxyServer | vpnProxyServer | Proxy Server. |
| optInToDeviceIdSharing | Boolean | Opt-In to sharing the device's Id to third-party vpn clients for use during network access control validation. |
Graph reference: cartToClassAssociation
| Property | Type | Description |
|---|---|---|
| id | String | Key of the entity. |
| createdDateTime | DateTimeOffset | DateTime the object was created. |
| lastModifiedDateTime | DateTimeOffset | DateTime the object was last modified. |
| version | Int32 | Version of the CartToClassAssociation. |
| displayName | String | Admin provided name of the device configuration. |
| description | String | Admin provided description of the CartToClassAssociation. |
| deviceCartIds | String collection | Identifiers of device carts to be associated with classes. |
| classroomIds | String collection | Identifiers of classrooms to be associated with device carts. |
Graph reference: defaultDeviceCompliancePolicy
| Property | Type | Description |
|---|---|---|
| roleScopeTagIds | String collection | List of Scope Tags for this Entity instance. Inherited from deviceCompliancePolicy |
| id | String | Key of the entity. Inherited from deviceCompliancePolicy |
| createdDateTime | DateTimeOffset | DateTime the object was created. Inherited from deviceCompliancePolicy |
| description | String | Admin provided description of the Device Configuration. Inherited from deviceCompliancePolicy |
| lastModifiedDateTime | DateTimeOffset | DateTime the object was last modified. Inherited from deviceCompliancePolicy |
| displayName | String | Admin provided name of the device configuration. Inherited from deviceCompliancePolicy |
| version | Int32 | Version of the device configuration. Inherited from deviceCompliancePolicy |
Graph reference: deviceComplianceActionItem
| Property | Type | Description |
|---|---|---|
| id | String | Key of the entity. |
| gracePeriodHours | Int32 | Number of hours to wait till the action will be enforced. Valid values 0 to 8760 |
| actionType | deviceComplianceActionType | What action to take. Possible values are: noAction, notification, block, retire, wipe, removeResourceAccessProfiles, pushNotification. |
| notificationTemplateId | String | What notification Message template to use |
| notificationMessageCCList | String collection | A list of group IDs to speicify who to CC this notification message to. |
Graph reference: deviceComplianceDeviceOverview
| Property | Type | Description |
|---|---|---|
| id | String | Key of the entity. |
| pendingCount | Int32 | Number of pending devices |
| notApplicableCount | Int32 | Number of not applicable devices |
| successCount | Int32 | Number of succeeded devices |
| errorCount | Int32 | Number of error devices |
| failedCount | Int32 | Number of failed devices |
| lastUpdateDateTime | DateTimeOffset | Last update time |
| configurationVersion | Int32 | Version of the policy for that overview |
Graph reference: deviceComplianceDeviceStatus
| Property | Type | Description |
|---|---|---|
| id | String | Key of the entity. |
| deviceDisplayName | String | Device name of the DevicePolicyStatus. |
| userName | String | The User Name that is being reported |
| deviceModel | String | The device model that is being reported |
| complianceGracePeriodExpirationDateTime | DateTimeOffset | The DateTime when device compliance grace period expires |
| status | complianceStatus | Compliance status of the policy report. Possible values are: unknown, notApplicable, compliant, remediated, nonCompliant, error, conflict, notAssigned. |
| lastReportedDateTime | DateTimeOffset | Last modified date time of the policy report. |
| userPrincipalName | String | UserPrincipalName. |
Graph reference: deviceCompliancePolicy
| Property | Type | Description |
|---|---|---|
| id | String | Key of the entity. |
| createdDateTime | DateTimeOffset | DateTime the object was created. |
| description | String | Admin provided description of the Device Configuration. |
| lastModifiedDateTime | DateTimeOffset | DateTime the object was last modified. |
| displayName | String | Admin provided name of the device configuration. |
| version | Int32 | Version of the device configuration. |
Graph reference: deviceCompliancePolicyAssignment
| Property | Type | Description |
|---|---|---|
| id | String | Key of the entity. |
| target | deviceAndAppManagementAssignmentTarget | Target for the compliance policy assignment. |
Graph reference: deviceCompliancePolicyDeviceStateSummary
| Property | Type | Description |
|---|---|---|
| inGracePeriodCount | Int32 | Number of devices that are in grace period |
| configManagerCount | Int32 | Number of devices that have compliance managed by System Center Configuration Manager |
| id | String | Key of the entity. |
| unknownDeviceCount | Int32 | Number of unknown devices |
| notApplicableDeviceCount | Int32 | Number of not applicable devices |
| compliantDeviceCount | Int32 | Number of compliant devices |
| remediatedDeviceCount | Int32 | Number of remediated devices |
| nonCompliantDeviceCount | Int32 | Number of NonCompliant devices |
| errorDeviceCount | Int32 | Number of error devices |
| conflictDeviceCount | Int32 | Number of conflict devices |
Graph reference: deviceCompliancePolicySettingStateSummary
| Property | Type | Description |
|---|---|---|
| id | String | Key of the entity. |
| setting | String | The setting class name and property name. |
| settingName | String | Name of the setting. |
| platformType | policyPlatformType | Setting platform. Possible values are: android, iOS, macOS, windowsPhone81, windows81AndLater, windows10AndLater, androidWorkProfile, all. |
| unknownDeviceCount | Int32 | Number of unknown devices |
| notApplicableDeviceCount | Int32 | Number of not applicable devices |
| compliantDeviceCount | Int32 | Number of compliant devices |
| remediatedDeviceCount | Int32 | Number of remediated devices |
| nonCompliantDeviceCount | Int32 | Number of NonCompliant devices |
| errorDeviceCount | Int32 | Number of error devices |
| conflictDeviceCount | Int32 | Number of conflict devices |
Graph reference: deviceComplianceScheduledActionForRule
| Property | Type | Description |
|---|---|---|
| id | String | Key of the entity. |
| ruleName | String | Name of the rule which this scheduled action applies to. Currently scheduled actions are created per policy instead of per rule, thus RuleName is always set to default value PasswordRequired. |
Graph reference: deviceComplianceSettingState
| Property | Type | Description |
|---|---|---|
| id | String | Key of the entity |
| setting | String | The setting class name and property name. |
| settingName | String | The Setting Name that is being reported |
| deviceId | String | The Device Id that is being reported |
| deviceName | String | The Device Name that is being reported |
| userId | String | The user Id that is being reported |
| userEmail | String | The User email address that is being reported |
| userName | String | The User Name that is being reported |
| userPrincipalName | String | The User PrincipalName that is being reported |
| deviceModel | String | The device model that is being reported |
| state | complianceStatus | The compliance state of the setting. Possible values are: unknown, notApplicable, compliant, remediated, nonCompliant, error, conflict, notAssigned. |
| complianceGracePeriodExpirationDateTime | DateTimeOffset | The DateTime when device compliance grace period expires |
Graph reference: deviceComplianceUserOverview
| Property | Type | Description |
|---|---|---|
| id | String | Key of the entity. |
| pendingCount | Int32 | Number of pending Users |
| notApplicableCount | Int32 | Number of not applicable users |
| successCount | Int32 | Number of succeeded Users |
| errorCount | Int32 | Number of error Users |
| failedCount | Int32 | Number of failed Users |
| lastUpdateDateTime | DateTimeOffset | Last update time |
| configurationVersion | Int32 | Version of the policy for that overview |
Graph reference: deviceComplianceUserStatus
| Property | Type | Description |
|---|---|---|
| id | String | Key of the entity. |
| userDisplayName | String | User name of the DevicePolicyStatus. |
| devicesCount | Int32 | Devices count for that user. |
| status | complianceStatus | Compliance status of the policy report. Possible values are: unknown, notApplicable, compliant, remediated, nonCompliant, error, conflict, notAssigned. |
| lastReportedDateTime | DateTimeOffset | Last modified date time of the policy report. |
| userPrincipalName | String | UserPrincipalName. |
Graph reference: deviceConfiguration
| Property | Type | Description |
|---|---|---|
| id | String | Key of the entity. |
| lastModifiedDateTime | DateTimeOffset | DateTime the object was last modified. |
| createdDateTime | DateTimeOffset | DateTime the object was created. |
| description | String | Admin provided description of the Device Configuration. |
| displayName | String | Admin provided name of the device configuration. |
| version | Int32 | Version of the device configuration. |
Graph reference: deviceConfigurationAssignment
| Property | Type | Description |
|---|---|---|
| id | String | The key of the assignment. |
| target | deviceAndAppManagementAssignmentTarget | The assignment target for the device configuration. |
Graph reference: deviceConfigurationConflictSummary
| Property | Type | Description |
|---|---|---|
| conflictingDeviceConfigurations | settingSource collection | The set of policies in conflict with the given setting |
| id | String | The id for this set of conflicting policies. This id is the ids of all the policies in ConflictingDeviceConfigurations in lexicographical order separated by underscores. |
| contributingSettings | String collection | The set of settings in conflict with the given policies |
| deviceCheckinsImpacted | Int32 | The count of checkins impacted by the conflicting policies and settings |
Graph reference: deviceConfigurationDeviceOverview
| Property | Type | Description |
|---|---|---|
| id | String | Key of the entity. |
| pendingCount | Int32 | Number of pending devices |
| notApplicableCount | Int32 | Number of not applicable devices |
| successCount | Int32 | Number of succeeded devices |
| errorCount | Int32 | Number of error devices |
| failedCount | Int32 | Number of failed devices |
| lastUpdateDateTime | DateTimeOffset | Last update time |
| configurationVersion | Int32 | Version of the policy for that overview |
Graph reference: deviceConfigurationDeviceStateSummary
| Property | Type | Description |
|---|---|---|
| id | String | Key of the entity. |
| unknownDeviceCount | Int32 | Number of unknown devices |
| notApplicableDeviceCount | Int32 | Number of not applicable devices |
| compliantDeviceCount | Int32 | Number of compliant devices |
| remediatedDeviceCount | Int32 | Number of remediated devices |
| nonCompliantDeviceCount | Int32 | Number of NonCompliant devices |
| errorDeviceCount | Int32 | Number of error devices |
| conflictDeviceCount | Int32 | Number of conflict devices |
Graph reference: deviceConfigurationDeviceStatus
| Property | Type | Description |
|---|---|---|
| id | String | Key of the entity. |
| deviceDisplayName | String | Device name of the DevicePolicyStatus. |
| userName | String | The User Name that is being reported |
| deviceModel | String | The device model that is being reported |
| complianceGracePeriodExpirationDateTime | DateTimeOffset | The DateTime when device compliance grace period expires |
| status | complianceStatus | Compliance status of the policy report. Possible values are: unknown, notApplicable, compliant, remediated, nonCompliant, error, conflict, notAssigned. |
| lastReportedDateTime | DateTimeOffset | Last modified date time of the policy report. |
| userPrincipalName | String | UserPrincipalName. |
Graph reference: deviceConfigurationGroupAssignment
| Property | Type | Description |
|---|---|---|
| id | String | Key of the entity. |
| targetGroupId | String | The Id of the AAD group we are targeting the device configuration to. |
| excludeGroup | Boolean | Indicates if this group is should be excluded. Defaults that the group should be included |
Graph reference: deviceConfigurationTargetedUserAndDevice
| Property | Type | Description |
|---|---|---|
| deviceId | String | The id of the device in the checkin. |
| deviceName | String | The name of the device in the checkin. |
| userId | String | The id of the user in the checkin. |
| userDisplayName | String | The display name of the user in the checkin |
| userPrincipalName | String | The UPN of the user in the checkin. |
| lastCheckinDateTime | DateTimeOffset | Last checkin time for this user/device pair. |
Graph reference: deviceConfigurationUserOverview
| Property | Type | Description |
|---|---|---|
| id | String | Key of the entity. |
| pendingCount | Int32 | Number of pending Users |
| notApplicableCount | Int32 | Number of not applicable users |
| successCount | Int32 | Number of succeeded Users |
| errorCount | Int32 | Number of error Users |
| failedCount | Int32 | Number of failed Users |
| lastUpdateDateTime | DateTimeOffset | Last update time |
| configurationVersion | Int32 | Version of the policy for that overview |
Graph reference: deviceConfigurationUserStateSummary
| Property | Type | Description |
|---|---|---|
| id | String | Key of the entity. |
| unknownUserCount | Int32 | Number of unknown users |
| notApplicableUserCount | Int32 | Number of not applicable users |
| compliantUserCount | Int32 | Number of compliant users |
| remediatedUserCount | Int32 | Number of remediated users |
| nonCompliantUserCount | Int32 | Number of NonCompliant users |
| errorUserCount | Int32 | Number of error users |
| conflictUserCount | Int32 | Number of conflict users |
Graph reference: deviceConfigurationUserStatus
| Property | Type | Description |
|---|---|---|
| id | String | Key of the entity. |
| userDisplayName | String | User name of the DevicePolicyStatus. |
| devicesCount | Int32 | Devices count for that user. |
| status | complianceStatus | Compliance status of the policy report. Possible values are: unknown, notApplicable, compliant, remediated, nonCompliant, error, conflict, notAssigned. |
| lastReportedDateTime | DateTimeOffset | Last modified date time of the policy report. |
| userPrincipalName | String | UserPrincipalName. |
Graph reference: deviceManagement
| Property | Type | Description |
|---|---|---|
| id | String | Unique Identifier |
| settings | deviceManagementSettings | Account level settings. |
| intuneAccountId | Guid | Intune Account Id for given tenant |
Graph reference: deviceManagementDerivedCredentialSettings
| Property | Type | Description |
|---|---|---|
| id | String | Unique identifier for the Derived Credential |
Graph reference: easEmailProfileConfigurationBase
| Property | Type | Description |
|---|---|---|
| id | String | Key of the entity. Inherited from deviceConfiguration |
| lastModifiedDateTime | DateTimeOffset | DateTime the object was last modified. Inherited from deviceConfiguration |
| roleScopeTagIds | String collection | List of Scope Tags for this Entity instance. Inherited from deviceConfiguration |
| supportsScopeTags | Boolean | Indicates whether or not the underlying Device Configuration supports the assignment of scope tags. Assigning to the ScopeTags property is not allowed when this value is false and entities will not be visible to scoped users. This occurs for Legacy policies created in Silverlight and can be resolved by deleting and recreating the policy in the Azure Portal. This property is read-only. Inherited from deviceConfiguration |
| deviceManagementApplicabilityRuleOsEdition | deviceManagementApplicabilityRuleOsEdition | The OS edition applicability for this Policy. Inherited from deviceConfiguration |
| deviceManagementApplicabilityRuleOsVersion | deviceManagementApplicabilityRuleOsVersion | The OS version applicability rule for this Policy. Inherited from deviceConfiguration |
| deviceManagementApplicabilityRuleDeviceMode | deviceManagementApplicabilityRuleDeviceMode | The device mode applicability rule for this Policy. Inherited from deviceConfiguration |
| createdDateTime | DateTimeOffset | DateTime the object was created. Inherited from deviceConfiguration |
| description | String | Admin provided description of the Device Configuration. Inherited from deviceConfiguration |
| displayName | String | Admin provided name of the device configuration. Inherited from deviceConfiguration |
| version | Int32 | Version of the device configuration. Inherited from deviceConfiguration |
| usernameSource | userEmailSource | Username attribute that is picked from AAD and injected into this profile before installing on the device. Possible values are: userPrincipalName, primarySmtpAddress. |
| usernameAADSource | usernameSource | Name of the AAD field, that will be used to retrieve UserName for email profile. Possible values are: userPrincipalName, primarySmtpAddress, samAccountName. |
| userDomainNameSource | domainNameSource | UserDomainname attribute that is picked from AAD and injected into this profile before installing on the device. Possible values are: fullDomainName, netBiosDomainName. |
| customDomainName | String | Custom domain name value used while generating an email profile before installing on the device. |
Graph reference: editionUpgradeConfiguration
| Property | Type | Description |
|---|---|---|
| id | String | Key of the entity. Inherited from deviceConfiguration |
| lastModifiedDateTime | DateTimeOffset | DateTime the object was last modified. Inherited from deviceConfiguration |
| createdDateTime | DateTimeOffset | DateTime the object was created. Inherited from deviceConfiguration |
| description | String | Admin provided description of the Device Configuration. Inherited from deviceConfiguration |
| displayName | String | Admin provided name of the device configuration. Inherited from deviceConfiguration |
| version | Int32 | Version of the device configuration. Inherited from deviceConfiguration |
| licenseType | editionUpgradeLicenseType | Edition Upgrade License Type. Possible values are: productKey, licenseFile. |
| targetEdition | windows10EditionType | Edition Upgrade Target Edition. Possible values are: windows10Enterprise, windows10EnterpriseN, windows10Education, windows10EducationN, windows10MobileEnterprise, windows10HolographicEnterprise, windows10Professional, windows10ProfessionalN, windows10ProfessionalEducation, windows10ProfessionalEducationN, windows10ProfessionalWorkstation, windows10ProfessionalWorkstationN. |
| license | String | Edition Upgrade License File Content. |
| productKey | String | Edition Upgrade Product Key. |
Graph reference: endpointPrivilegeManagementProvisioningStatus
| Property | Type | Description |
|---|---|---|
| id | String | A unique identifier represents Intune Account identifier. |
| licenseType | licenseType | Indicates whether tenant has a valid Intune Endpoint Privilege Management license. Possible value are : 0 - notPaid, 1 - paid, 2 - trial. See LicenseType enum for more details. Default notPaid. Possible values are: notPaid, paid, trial, unknownFutureValue. |
| onboardedToMicrosoftManagedPlatform | Boolean | Indicates whether tenant is onboarded to Microsoft Managed Platform - Cloud (MMPC). When set to true, implies tenant is onboarded and when set to false, implies tenant is not onboarded. Default set to false. |
Graph reference: hardwareConfiguration
| Property | Type | Description |
|---|---|---|
| id | String | The unique identifier of the hardware BIOS configuration profile for the enrolled devices. This id is and is autogenerated and assigned when new hardware BIOS configuration profile is created. This distinguishes profiles from each other and cannot be null. Returned by default. Read-Only. |
| version | Int32 | The version of the hardware configuration (E.g. 1, 2, 3 ...). This is incremented after a change to the BIOS configuration profile's settings file name (FileName property), settings file content (ConfigurationFileContent property), or the PerDevicePasswordDisabled property. Read-Only. |
| displayName | String | The name of the hardware BIOS configuration profile. It serves as user-friendly name to identify hardware BIOS configuration profiles. Max length is 150 characters. Required. Read-Only. |
| description | String | The description of the hardware configuration. Use this to provide context, purpose, applications, etc of the BIOS configuration profile for your organization's admins. Max length is 1000 characters. Optional. |
| createdDateTime | DateTimeOffset | The date and time of when the BIOS configuration profile was created. The value cannot be modified and is automatically populated when the device is enrolled. The Timestamp type represents date and time information using ISO 8601 format and is always in UTC time. For example, midnight UTC on Jan 1, 2014 would look like this: '2014-01-01T00:00:00Z'. Returned by default. Read-Only. This property is read-only. |
| lastModifiedDateTime | DateTimeOffset | The date and time of when the BIOS configuration profile was last modified. The value cannot be modified and is automatically populated when the device is enrolled. The Timestamp type represents date and time information using ISO 8601 format and is always in UTC time. For example, midnight UTC on Jan 1, 2014 would look like this: '2014-01-01T00:00:00Z'. Returned by default. Read-Only. Read-Only. This property is read-only. |
| fileName | String | The file name for the BIOS configuration profile's ConfigurationFileContent. Max length is 150 characters. Required. |
| configurationFileContent | Binary | The file content contains custom hardware settings that will be applied to the assigned devices' BIOS. Max allowed file size is 5KB. Represented as bytes. Required. |
| hardwareConfigurationFormat | hardwareConfigurationFormat | The OEM type associated with BIOS configuration profile's custom hardware settings. All devices that adheres to profile must be from the same selected OEM. Possible values are Dell, Surface, and Surface dock. Required. Possible values are: dell, surface, surfaceDock. |
| roleScopeTagIds | String collection | A list of unique Scope Tag IDs associated with the hardware configuration. Optional. |
| perDevicePasswordDisabled | Boolean | When TRUE, indicates whether the policy-assigned devices' passwords are disabled. When FALSE, indicates they are enabled. Default is FALSE. Required. |
Graph reference: hardwareConfigurationAssignment
| Property | Type | Description |
|---|---|---|
| id | String | Key of the hardware configuration group assignment entity. This property is read-only. |
| target | deviceAndAppManagementAssignmentTarget | The Id of the Azure Active Directory group we are targeting the configuration to. |
Graph reference: hardwareConfigurationDeviceState
| Property | Type | Description |
|---|---|---|
| id | String | Key of the hardware configuration script device state entity. This property is read-only. |
| deviceName | String | The name of the device |
| osVersion | String | Operating system version of the device (E.g. 10.0.19042.1165, 10.0.19042.1288 etc.) |
| upn | String | User Principal Name (UPN). |
| internalVersion | Int32 | The Policy internal version |
| lastStateUpdateDateTime | DateTimeOffset | The last timestamp of when the hardware configuration executed |
| configurationState | runState | Configuration state from the lastest hardware configuration execution. Possible values are: unknown, success, fail, scriptError, pending, notApplicable. |
| configurationOutput | String | Output of the hardware configuration execution |
| configurationError | String | Error from the hardware configuration execution |
| assignmentFilterIds | String | A list of identifier strings of different assignment filters applied |
| userId | String | The unique identifier of the Entra user associated with the device for which policy is applied. Read-Only. |
Graph reference: hardwareConfigurationRunSummary
| Property | Type | Description |
|---|---|---|
| id | String | Key of the hardware configuration run summary entity. This property is read-only. |
| successfulDeviceCount | Int32 | Number of devices for which hardware configured without any issue |
| failedDeviceCount | Int32 | Number of devices for which hardware configuration found an issue |
| pendingDeviceCount | Int32 | Number of devices for which hardware configuration is in pending state |
| errorDeviceCount | Int32 | Number of devices for which hardware configuration state is error |
| notApplicableDeviceCount | Int32 | Number of devices for which hardware configuration state is not applicable |
| unknownDeviceCount | Int32 | Number of devices for which hardware configuration state is unknown |
| successfulUserCount | Int32 | Number of users for which hardware configured without any issue |
| failedUserCount | Int32 | Number of users for which hardware configuration found an issue |
| pendingUserCount | Int32 | Number of users for which hardware configuration is in pending state |
| errorUserCount | Int32 | Number of users for which hardware configuration state is error |
| notApplicableUserCount | Int32 | Number of users for which hardware configuration state is not applicable |
| unknownUserCount | Int32 | Number of users for which hardware configuration state is unknown |
| lastRunDateTime | DateTimeOffset | Last run time for the configuration across all devices |
Graph reference: hardwareConfigurationUserState
| Property | Type | Description |
|---|---|---|
| id | String | Key of the hardware configuration script user state entity. This property is read-only. |
| upn | String | User Principal Name (UPN). |
| userEmail | String | User Email address. |
| userName | String | User name |
| lastStateUpdateDateTime | DateTimeOffset | Last timestamp when the hardware configuration executed |
| successfulDeviceCount | Int32 | Success device count for specific user. |
| failedDeviceCount | Int32 | Failed device count for specific user. |
| pendingDeviceCount | Int32 | Pending device count for specific user. |
| errorDeviceCount | Int32 | Error device count for specific user. |
| notApplicableDeviceCount | Int32 | Not applicable device count for specific user. |
| unknownDeviceCount | Int32 | Unknown device count for specific user. |
Graph reference: hardwarePasswordDetail
| Property | Type | Description |
|---|---|---|
| id | String | The unique identifier for the managed device. This ID is assigned at enrollment time. This is different than the Entra device ID, this one is for the managedDevice object itself. Supports: $filter, $select, $top, $OrderBy, $skip. This property is read-only. |
| serialNumber | String | The device serial number as defined by the device manufacturer. Supports: $filter, $select, $top, $OrderBy, $skip. This property is read-only. |
| currentPassword | String | The current device's BIOS password. Supports: $filter, $select, $top, $OrderBy, $skip. This property is read-only. |
| previousPasswords | String collection | The list of all the previous device BIOS passwords. Supports: $filter, $select, $top, $skip. This property is read-only. |
Graph reference: hardwarePasswordInfo
| Property | Type | Description |
|---|---|---|
| id | String | A unique string Id that is based on associated Intune Device Id. This property is read-only. |
| serialNumber | String | Associated device's serial number . This property is read-only. |
| currentPassword | String | Current device password. This property is read-only. |
| previousPasswords | String collection | List of previous device passwords. This property is read-only. |
Graph reference: iosCertificateProfile
| Property | Type | Description |
|---|---|---|
| id | String | Key of the entity. Inherited from deviceConfiguration |
| lastModifiedDateTime | DateTimeOffset | DateTime the object was last modified. Inherited from deviceConfiguration |
| createdDateTime | DateTimeOffset | DateTime the object was created. Inherited from deviceConfiguration |
| description | String | Admin provided description of the Device Configuration. Inherited from deviceConfiguration |
| displayName | String | Admin provided name of the device configuration. Inherited from deviceConfiguration |
| version | Int32 | Version of the device configuration. Inherited from deviceConfiguration |
Graph reference: iosCertificateProfileBase
| Property | Type | Description |
|---|---|---|
| id | String | Key of the entity. Inherited from deviceConfiguration |
| lastModifiedDateTime | DateTimeOffset | DateTime the object was last modified. Inherited from deviceConfiguration |
| roleScopeTagIds | String collection | List of Scope Tags for this Entity instance. Inherited from deviceConfiguration |
| supportsScopeTags | Boolean | Indicates whether or not the underlying Device Configuration supports the assignment of scope tags. Assigning to the ScopeTags property is not allowed when this value is false and entities will not be visible to scoped users. This occurs for Legacy policies created in Silverlight and can be resolved by deleting and recreating the policy in the Azure Portal. This property is read-only. Inherited from deviceConfiguration |
| deviceManagementApplicabilityRuleOsEdition | deviceManagementApplicabilityRuleOsEdition | The OS edition applicability for this Policy. Inherited from deviceConfiguration |
| deviceManagementApplicabilityRuleOsVersion | deviceManagementApplicabilityRuleOsVersion | The OS version applicability rule for this Policy. Inherited from deviceConfiguration |
| deviceManagementApplicabilityRuleDeviceMode | deviceManagementApplicabilityRuleDeviceMode | The device mode applicability rule for this Policy. Inherited from deviceConfiguration |
| createdDateTime | DateTimeOffset | DateTime the object was created. Inherited from deviceConfiguration |
| description | String | Admin provided description of the Device Configuration. Inherited from deviceConfiguration |
| displayName | String | Admin provided name of the device configuration. Inherited from deviceConfiguration |
| version | Int32 | Version of the device configuration. Inherited from deviceConfiguration |
| renewalThresholdPercentage | Int32 | Certificate renewal threshold percentage. Valid values 1 to 99 |
| subjectNameFormat | appleSubjectNameFormat | Certificate Subject Name Format. Possible values are: commonName, commonNameAsEmail, custom, commonNameIncludingEmail, commonNameAsIMEI, commonNameAsSerialNumber. |
| subjectAlternativeNameType | subjectAlternativeNameType | Certificate Subject Alternative Name type. Possible values are: none, emailAddress, userPrincipalName, customAzureADAttribute, domainNameService, universalResourceIdentifier. |
| certificateValidityPeriodValue | Int32 | Value for the Certificate Validity Period. |
| certificateValidityPeriodScale | certificateValidityPeriodScale | Scale for the Certificate Validity Period. Possible values are: days, months, years. |
Graph reference: iosCompliancePolicy
| Property | Type | Description |
|---|---|---|
| id | String | Key of the entity. Inherited from deviceCompliancePolicy |
| createdDateTime | DateTimeOffset | DateTime the object was created. Inherited from deviceCompliancePolicy |
| description | String | Admin provided description of the Device Configuration. Inherited from deviceCompliancePolicy |
| lastModifiedDateTime | DateTimeOffset | DateTime the object was last modified. Inherited from deviceCompliancePolicy |
| displayName | String | Admin provided name of the device configuration. Inherited from deviceCompliancePolicy |
| version | Int32 | Version of the device configuration. Inherited from deviceCompliancePolicy |
| passcodeBlockSimple | Boolean | Indicates whether or not to block simple passcodes. |
| passcodeExpirationDays | Int32 | Number of days before the passcode expires. Valid values 1 to 65535 |
| passcodeMinimumLength | Int32 | Minimum length of passcode. Valid values 4 to 14 |
| passcodeMinutesOfInactivityBeforeLock | Int32 | Minutes of inactivity before a passcode is required. |
| passcodePreviousPasscodeBlockCount | Int32 | Number of previous passcodes to block. Valid values 1 to 24 |
| passcodeMinimumCharacterSetCount | Int32 | The number of character sets required in the password. |
| passcodeRequiredType | requiredPasswordType | The required passcode type. Possible values are: deviceDefault, alphanumeric, numeric. |
| passcodeRequired | Boolean | Indicates whether or not to require a passcode. |
| osMinimumVersion | String | Minimum IOS version. |
| osMaximumVersion | String | Maximum IOS version. |
| securityBlockJailbrokenDevices | Boolean | Devices must not be jailbroken or rooted. |
| deviceThreatProtectionEnabled | Boolean | Require that devices have enabled device threat protection . |
| deviceThreatProtectionRequiredSecurityLevel | deviceThreatProtectionLevel | Require Mobile Threat Protection minimum risk level to report noncompliance. Possible values are: unavailable, secured, low, medium, high, notSet. |
| managedEmailProfileRequired | Boolean | Indicates whether or not to require a managed email profile. |
Graph reference: iosCustomConfiguration
| Property | Type | Description | |
|---|---|---|---|
| id | String | Key of the entity. Inherited from deviceConfiguration | |
| lastModifiedDateTime | DateTimeOffset | DateTime the object was last modified. Inherited from deviceConfiguration | |
| createdDateTime | DateTimeOffset | DateTime the object was created. Inherited from deviceConfiguration | |
| description | String | Admin provided description of the Device Configuration. Inherited from deviceConfiguration | |
| displayName | String | Admin provided name of the device configuration. Inherited from deviceConfiguration | |
| version | Int32 | Version of the device configuration. Inherited from deviceConfiguration | |
| payloadName | String | Name that is displayed to the user. | |
| payloadFileName | String | Payload file name (*.mobileconfig | *.xml). |
| payload | Binary | Payload. (UTF8 encoded byte array) |
Graph reference: iosDerivedCredentialAuthenticationConfiguration
| Property | Type | Description |
|---|---|---|
| id | String | Key of the entity. Inherited from deviceConfiguration |
| lastModifiedDateTime | DateTimeOffset | DateTime the object was last modified. Inherited from deviceConfiguration |
| roleScopeTagIds | String collection | List of Scope Tags for this Entity instance. Inherited from deviceConfiguration |
| supportsScopeTags | Boolean | Indicates whether or not the underlying Device Configuration supports the assignment of scope tags. Assigning to the ScopeTags property is not allowed when this value is false and entities will not be visible to scoped users. This occurs for Legacy policies created in Silverlight and can be resolved by deleting and recreating the policy in the Azure Portal. This property is read-only. Inherited from deviceConfiguration |
| deviceManagementApplicabilityRuleOsEdition | deviceManagementApplicabilityRuleOsEdition | The OS edition applicability for this Policy. Inherited from deviceConfiguration |
| deviceManagementApplicabilityRuleOsVersion | deviceManagementApplicabilityRuleOsVersion | The OS version applicability rule for this Policy. Inherited from deviceConfiguration |
| deviceManagementApplicabilityRuleDeviceMode | deviceManagementApplicabilityRuleDeviceMode | The device mode applicability rule for this Policy. Inherited from deviceConfiguration |
| createdDateTime | DateTimeOffset | DateTime the object was created. Inherited from deviceConfiguration |
| description | String | Admin provided description of the Device Configuration. Inherited from deviceConfiguration |
| displayName | String | Admin provided name of the device configuration. Inherited from deviceConfiguration |
| version | Int32 | Version of the device configuration. Inherited from deviceConfiguration |
Graph reference: iosDeviceFeaturesConfiguration
| Property | Type | Description |
|---|---|---|
| id | String | Key of the entity. Inherited from deviceConfiguration |
| lastModifiedDateTime | DateTimeOffset | DateTime the object was last modified. Inherited from deviceConfiguration |
| createdDateTime | DateTimeOffset | DateTime the object was created. Inherited from deviceConfiguration |
| description | String | Admin provided description of the Device Configuration. Inherited from deviceConfiguration |
| displayName | String | Admin provided name of the device configuration. Inherited from deviceConfiguration |
| version | Int32 | Version of the device configuration. Inherited from deviceConfiguration |
| assetTagTemplate | String | Asset tag information for the device, displayed on the login window and lock screen. |
| lockScreenFootnote | String | A footnote displayed on the login window and lock screen. Available in iOS 9.3.1 and later. |
| homeScreenDockIcons | iosHomeScreenItem collection | A list of app and folders to appear on the Home Screen Dock. This collection can contain a maximum of 500 elements. |
| homeScreenPages | iosHomeScreenPage collection | A list of pages on the Home Screen. This collection can contain a maximum of 500 elements. |
| notificationSettings | iosNotificationSettings collection | Notification settings for each bundle id. Applicable to devices in supervised mode only (iOS 9.3 and later). This collection can contain a maximum of 500 elements. |
Graph reference: iosEasEmailProfileConfiguration
| Property | Type | Description |
|---|---|---|
| id | String | Key of the entity. Inherited from deviceConfiguration |
| lastModifiedDateTime | DateTimeOffset | DateTime the object was last modified. Inherited from deviceConfiguration |
| roleScopeTagIds | String collection | List of Scope Tags for this Entity instance. Inherited from deviceConfiguration |
| supportsScopeTags | Boolean | Indicates whether or not the underlying Device Configuration supports the assignment of scope tags. Assigning to the ScopeTags property is not allowed when this value is false and entities will not be visible to scoped users. This occurs for Legacy policies created in Silverlight and can be resolved by deleting and recreating the policy in the Azure Portal. This property is read-only. Inherited from deviceConfiguration |
| deviceManagementApplicabilityRuleOsEdition | deviceManagementApplicabilityRuleOsEdition | The OS edition applicability for this Policy. Inherited from deviceConfiguration |
| deviceManagementApplicabilityRuleOsVersion | deviceManagementApplicabilityRuleOsVersion | The OS version applicability rule for this Policy. Inherited from deviceConfiguration |
| deviceManagementApplicabilityRuleDeviceMode | deviceManagementApplicabilityRuleDeviceMode | The device mode applicability rule for this Policy. Inherited from deviceConfiguration |
| createdDateTime | DateTimeOffset | DateTime the object was created. Inherited from deviceConfiguration |
| description | String | Admin provided description of the Device Configuration. Inherited from deviceConfiguration |
| displayName | String | Admin provided name of the device configuration. Inherited from deviceConfiguration |
| version | Int32 | Version of the device configuration. Inherited from deviceConfiguration |
| usernameSource | userEmailSource | Username attribute that is picked from AAD and injected into this profile before installing on the device. Inherited from easEmailProfileConfigurationBase. Possible values are: userPrincipalName, primarySmtpAddress. |
| usernameAADSource | usernameSource | Name of the AAD field, that will be used to retrieve UserName for email profile. Inherited from easEmailProfileConfigurationBase. Possible values are: userPrincipalName, primarySmtpAddress, samAccountName. |
| userDomainNameSource | domainNameSource | UserDomainname attribute that is picked from AAD and injected into this profile before installing on the device. Inherited from easEmailProfileConfigurationBase. Possible values are: fullDomainName, netBiosDomainName. |
| customDomainName | String | Custom domain name value used while generating an email profile before installing on the device. Inherited from easEmailProfileConfigurationBase |
| accountName | String | Account name. |
| authenticationMethod | easAuthenticationMethod | Authentication method for this Email profile. Possible values are: usernameAndPassword, certificate, derivedCredential. |
| blockMovingMessagesToOtherEmailAccounts | Boolean | Indicates whether or not to block moving messages to other email accounts. |
| blockSendingEmailFromThirdPartyApps | Boolean | Indicates whether or not to block sending email from third party apps. |
| blockSyncingRecentlyUsedEmailAddresses | Boolean | Indicates whether or not to block syncing recently used email addresses, for instance - when composing new email. |
| durationOfEmailToSync | emailSyncDuration | Duration of time email should be synced back to. . Possible values are: userDefined, oneDay, threeDays, oneWeek, twoWeeks, oneMonth, unlimited. |
| emailAddressSource | userEmailSource | Email attribute that is picked from AAD and injected into this profile before installing on the device. Possible values are: userPrincipalName, primarySmtpAddress. |
| easServices | easServices | Exchange data to sync. Possible values are: none, calendars, contacts, email, notes, reminders. |
| easServicesUserOverrideEnabled | Boolean | Allow users to change sync settings. |
| hostName | String | Exchange location that (URL) that the native mail app connects to. |
| requireSmime | Boolean | Indicates whether or not to use S/MIME certificate. |
| smimeEnablePerMessageSwitch | Boolean | Indicates whether or not to allow unencrypted emails. |
| smimeEncryptByDefaultEnabled | Boolean | If set to true S/MIME encryption is enabled by default. |
| smimeSigningEnabled | Boolean | If set to true S/MIME signing is enabled for this account |
| smimeSigningUserOverrideEnabled | Boolean | If set to true, the user can toggle S/MIME signing on or off. |
| smimeEncryptByDefaultUserOverrideEnabled | Boolean | If set to true, the user can toggle the encryption by default setting. |
| smimeSigningCertificateUserOverrideEnabled | Boolean | If set to true, the user can select the signing identity. |
| smimeEncryptionCertificateUserOverrideEnabled | Boolean | If set to true the user can select the S/MIME encryption identity. |
| requireSsl | Boolean | Indicates whether or not to use SSL. |
| useOAuth | Boolean | Specifies whether the connection should use OAuth for authentication. |
| signingCertificateType | emailCertificateType | Signing Certificate type for this Email profile. Possible values are: none, certificate, derivedCredential. |
| encryptionCertificateType | emailCertificateType | Encryption Certificate type for this Email profile. Possible values are: none, certificate, derivedCredential. |
| perAppVPNProfileId | String | Profile ID of the Per-App VPN policy to be used to access emails from the native Mail client |
Graph reference: iosEducationDeviceConfiguration
| Property | Type | Description |
|---|---|---|
| id | String | Key of the entity. Inherited from deviceConfiguration |
| lastModifiedDateTime | DateTimeOffset | DateTime the object was last modified. Inherited from deviceConfiguration |
| roleScopeTagIds | String collection | List of Scope Tags for this Entity instance. Inherited from deviceConfiguration |
| supportsScopeTags | Boolean | Indicates whether or not the underlying Device Configuration supports the assignment of scope tags. Assigning to the ScopeTags property is not allowed when this value is false and entities will not be visible to scoped users. This occurs for Legacy policies created in Silverlight and can be resolved by deleting and recreating the policy in the Azure Portal. This property is read-only. Inherited from deviceConfiguration |
| deviceManagementApplicabilityRuleOsEdition | deviceManagementApplicabilityRuleOsEdition | The OS edition applicability for this Policy. Inherited from deviceConfiguration |
| deviceManagementApplicabilityRuleOsVersion | deviceManagementApplicabilityRuleOsVersion | The OS version applicability rule for this Policy. Inherited from deviceConfiguration |
| deviceManagementApplicabilityRuleDeviceMode | deviceManagementApplicabilityRuleDeviceMode | The device mode applicability rule for this Policy. Inherited from deviceConfiguration |
| createdDateTime | DateTimeOffset | DateTime the object was created. Inherited from deviceConfiguration |
| description | String | Admin provided description of the Device Configuration. Inherited from deviceConfiguration |
| displayName | String | Admin provided name of the device configuration. Inherited from deviceConfiguration |
| version | Int32 | Version of the device configuration. Inherited from deviceConfiguration |
Graph reference: iosEduDeviceConfiguration
| Property | Type | Description |
|---|---|---|
| id | String | Key of the entity. Inherited from deviceConfiguration |
| lastModifiedDateTime | DateTimeOffset | DateTime the object was last modified. Inherited from deviceConfiguration |
| roleScopeTagIds | String collection | List of Scope Tags for this Entity instance. Inherited from deviceConfiguration |
| supportsScopeTags | Boolean | Indicates whether or not the underlying Device Configuration supports the assignment of scope tags. Assigning to the ScopeTags property is not allowed when this value is false and entities will not be visible to scoped users. This occurs for Legacy policies created in Silverlight and can be resolved by deleting and recreating the policy in the Azure Portal. This property is read-only. Inherited from deviceConfiguration |
| deviceManagementApplicabilityRuleOsEdition | deviceManagementApplicabilityRuleOsEdition | The OS edition applicability for this Policy. Inherited from deviceConfiguration |
| deviceManagementApplicabilityRuleOsVersion | deviceManagementApplicabilityRuleOsVersion | The OS version applicability rule for this Policy. Inherited from deviceConfiguration |
| deviceManagementApplicabilityRuleDeviceMode | deviceManagementApplicabilityRuleDeviceMode | The device mode applicability rule for this Policy. Inherited from deviceConfiguration |
| createdDateTime | DateTimeOffset | DateTime the object was created. Inherited from deviceConfiguration |
| description | String | Admin provided description of the Device Configuration. Inherited from deviceConfiguration |
| displayName | String | Admin provided name of the device configuration. Inherited from deviceConfiguration |
| version | Int32 | Version of the device configuration. Inherited from deviceConfiguration |
| teacherCertificateSettings | iosEduCertificateSettings | The Trusted Root and PFX certificates for Teacher |
| studentCertificateSettings | iosEduCertificateSettings | The Trusted Root and PFX certificates for Student |
| deviceCertificateSettings | iosEduCertificateSettings | The Trusted Root and PFX certificates for Device |
Graph reference: iosEnterpriseWiFiConfiguration
| Property | Type | Description |
|---|---|---|
| id | String | Key of the entity. Inherited from deviceConfiguration |
| lastModifiedDateTime | DateTimeOffset | DateTime the object was last modified. Inherited from deviceConfiguration |
| roleScopeTagIds | String collection | List of Scope Tags for this Entity instance. Inherited from deviceConfiguration |
| supportsScopeTags | Boolean | Indicates whether or not the underlying Device Configuration supports the assignment of scope tags. Assigning to the ScopeTags property is not allowed when this value is false and entities will not be visible to scoped users. This occurs for Legacy policies created in Silverlight and can be resolved by deleting and recreating the policy in the Azure Portal. This property is read-only. Inherited from deviceConfiguration |
| deviceManagementApplicabilityRuleOsEdition | deviceManagementApplicabilityRuleOsEdition | The OS edition applicability for this Policy. Inherited from deviceConfiguration |
| deviceManagementApplicabilityRuleOsVersion | deviceManagementApplicabilityRuleOsVersion | The OS version applicability rule for this Policy. Inherited from deviceConfiguration |
| deviceManagementApplicabilityRuleDeviceMode | deviceManagementApplicabilityRuleDeviceMode | The device mode applicability rule for this Policy. Inherited from deviceConfiguration |
| createdDateTime | DateTimeOffset | DateTime the object was created. Inherited from deviceConfiguration |
| description | String | Admin provided description of the Device Configuration. Inherited from deviceConfiguration |
| displayName | String | Admin provided name of the device configuration. Inherited from deviceConfiguration |
| version | Int32 | Version of the device configuration. Inherited from deviceConfiguration |
| networkName | String | Network Name Inherited from iosWiFiConfiguration |
| ssid | String | This is the name of the Wi-Fi network that is broadcast to all devices. Inherited from iosWiFiConfiguration |
| connectAutomatically | Boolean | Connect automatically when this network is in range. Setting this to true will skip the user prompt and automatically connect the device to Wi-Fi network. Inherited from iosWiFiConfiguration |
| connectWhenNetworkNameIsHidden | Boolean | Connect when the network is not broadcasting its name (SSID). When set to true, this profile forces the device to connect to a network that doesn't broadcast its SSID to all devices. Inherited from iosWiFiConfiguration |
| wiFiSecurityType | wiFiSecurityType | Indicates whether Wi-Fi endpoint uses an EAP based security type. Inherited from iosWiFiConfiguration. Possible values are: open, wpaPersonal, wpaEnterprise, wep, wpa2Personal, wpa2Enterprise. |
| proxySettings | wiFiProxySetting | Proxy Type for this Wi-Fi connection Inherited from iosWiFiConfiguration. Possible values are: none, manual, automatic, unknownFutureValue. |
| proxyManualAddress | String | IP Address or DNS hostname of the proxy server when manual configuration is selected. Inherited from iosWiFiConfiguration |
| proxyManualPort | Int32 | Port of the proxy server when manual configuration is selected. Inherited from iosWiFiConfiguration |
| proxyAutomaticConfigurationUrl | String | URL of the proxy server automatic configuration script when automatic configuration is selected. This URL is typically the location of PAC (Proxy Auto Configuration) file. Inherited from iosWiFiConfiguration |
| disableMacAddressRandomization | Boolean | If set to true, forces devices connecting using this Wi-Fi profile to present their actual Wi-Fi MAC address instead of a random MAC address. Applies to iOS 14 and later. Inherited from iosWiFiConfiguration |
| preSharedKey | String | This is the pre-shared key for WPA Personal Wi-Fi network. Inherited from iosWiFiConfiguration |
| eapType | eapType | Extensible Authentication Protocol (EAP). Indicates the type of EAP protocol set on the Wi-Fi endpoint (router). Possible values are: eapTls, leap, eapSim, eapTtls, peap, eapFast, teap. |
| eapFastConfiguration | eapFastConfiguration | EAP-FAST Configuration Option when EAP-FAST is the selected EAP Type. Possible values are: noProtectedAccessCredential, useProtectedAccessCredential, useProtectedAccessCredentialAndProvision, useProtectedAccessCredentialAndProvisionAnonymously. |
| trustedServerCertificateNames | String collection | Trusted server certificate names when EAP Type is configured to EAP-TLS/TTLS/FAST or PEAP. This is the common name used in the certificates issued by your trusted certificate authority (CA). If you provide this information, you can bypass the dynamic trust dialog that is displayed on end users' devices when they connect to this Wi-Fi network. |
| authenticationMethod | wiFiAuthenticationMethod | Authentication Method when EAP Type is configured to PEAP or EAP-TTLS. Possible values are: certificate, usernameAndPassword, derivedCredential. |
| innerAuthenticationProtocolForEapTtls | nonEapAuthenticationMethodForEapTtlsType | Non-EAP Method for Authentication when EAP Type is EAP-TTLS and Authenticationmethod is Username and Password. Possible values are: unencryptedPassword, challengeHandshakeAuthenticationProtocol, microsoftChap, microsoftChapVersionTwo. |
| outerIdentityPrivacyTemporaryValue | String | Enable identity privacy (Outer Identity) when EAP Type is configured to EAP - TTLS, EAP - FAST or PEAP. This property masks usernames with the text you enter. For example, if you use 'anonymous', each user that authenticates with this Wi-Fi connection using their real username is displayed as 'anonymous'. |
| usernameFormatString | String | Username format string used to build the username to connect to wifi |
| passwordFormatString | String | Password format string used to build the password to connect to wifi |
Graph reference: iosExpeditedCheckinConfiguration
| Property | Type | Description |
|---|---|---|
| id | String | Key of the entity. Inherited from deviceConfiguration |
| lastModifiedDateTime | DateTimeOffset | DateTime the object was last modified. Inherited from deviceConfiguration |
| roleScopeTagIds | String collection | List of Scope Tags for this Entity instance. Inherited from deviceConfiguration |
| supportsScopeTags | Boolean | Indicates whether or not the underlying Device Configuration supports the assignment of scope tags. Assigning to the ScopeTags property is not allowed when this value is false and entities will not be visible to scoped users. This occurs for Legacy policies created in Silverlight and can be resolved by deleting and recreating the policy in the Azure Portal. This property is read-only. Inherited from deviceConfiguration |
| deviceManagementApplicabilityRuleOsEdition | deviceManagementApplicabilityRuleOsEdition | The OS edition applicability for this Policy. Inherited from deviceConfiguration |
| deviceManagementApplicabilityRuleOsVersion | deviceManagementApplicabilityRuleOsVersion | The OS version applicability rule for this Policy. Inherited from deviceConfiguration |
| deviceManagementApplicabilityRuleDeviceMode | deviceManagementApplicabilityRuleDeviceMode | The device mode applicability rule for this Policy. Inherited from deviceConfiguration |
| createdDateTime | DateTimeOffset | DateTime the object was created. Inherited from deviceConfiguration |
| description | String | Admin provided description of the Device Configuration. Inherited from deviceConfiguration |
| displayName | String | Admin provided name of the device configuration. Inherited from deviceConfiguration |
| version | Int32 | Version of the device configuration. Inherited from deviceConfiguration |
| enableExpeditedCheckin | Boolean | Gets or sets whether to enable expedited device check-ins. Inherited from appleExpeditedCheckinConfigurationBase |
Graph reference: iosGeneralDeviceConfiguration
| Property | Type | Description |
|---|---|---|
| id | String | Key of the entity. Inherited from deviceConfiguration |
| lastModifiedDateTime | DateTimeOffset | DateTime the object was last modified. Inherited from deviceConfiguration |
| createdDateTime | DateTimeOffset | DateTime the object was created. Inherited from deviceConfiguration |
| description | String | Admin provided description of the Device Configuration. Inherited from deviceConfiguration |
| displayName | String | Admin provided name of the device configuration. Inherited from deviceConfiguration |
| version | Int32 | Version of the device configuration. Inherited from deviceConfiguration |
| accountBlockModification | Boolean | Indicates whether or not to allow account modification when the device is in supervised mode. |
| activationLockAllowWhenSupervised | Boolean | Indicates whether or not to allow activation lock when the device is in the supervised mode. |
| airDropBlocked | Boolean | Indicates whether or not to allow AirDrop when the device is in supervised mode. |
| airDropForceUnmanagedDropTarget | Boolean | Indicates whether or not to cause AirDrop to be considered an unmanaged drop target (iOS 9.0 and later). |
| airPlayForcePairingPasswordForOutgoingRequests | Boolean | Indicates whether or not to enforce all devices receiving AirPlay requests from this device to use a pairing password. |
| appleWatchBlockPairing | Boolean | Indicates whether or not to allow Apple Watch pairing when the device is in supervised mode (iOS 9.0 and later). |
| appleWatchForceWristDetection | Boolean | Indicates whether or not to force a paired Apple Watch to use Wrist Detection (iOS 8.2 and later). |
| appleNewsBlocked | Boolean | Indicates whether or not to block the user from using News when the device is in supervised mode (iOS 9.0 and later). |
| appsSingleAppModeList | appListItem collection | Gets or sets the list of iOS apps allowed to autonomously enter Single App Mode. Supervised only. iOS 7.0 and later. This collection can contain a maximum of 500 elements. |
| appsVisibilityList | appListItem collection | List of apps in the visibility list (either visible/launchable apps list or hidden/unlaunchable apps list, controlled by AppsVisibilityListType) (iOS 9.3 and later). This collection can contain a maximum of 10000 elements. |
| appsVisibilityListType | appListType | Type of list that is in the AppsVisibilityList. Possible values are: none, appsInListCompliant, appsNotInListCompliant. |
| appStoreBlockAutomaticDownloads | Boolean | Indicates whether or not to block the automatic downloading of apps purchased on other devices when the device is in supervised mode (iOS 9.0 and later). |
| appStoreBlocked | Boolean | Indicates whether or not to block the user from using the App Store. Requires a supervised device for iOS 13 and later. |
| appStoreBlockInAppPurchases | Boolean | Indicates whether or not to block the user from making in app purchases. |
| appStoreBlockUIAppInstallation | Boolean | Indicates whether or not to block the App Store app, not restricting installation through Host apps. Applies to supervised mode only (iOS 9.0 and later). |
| appStoreRequirePassword | Boolean | Indicates whether or not to require a password when using the app store. |
| bluetoothBlockModification | Boolean | Indicates whether or not to allow modification of Bluetooth settings when the device is in supervised mode (iOS 10.0 and later). |
| cameraBlocked | Boolean | Indicates whether or not to block the user from accessing the camera of the device. Requires a supervised device for iOS 13 and later. |
| cellularBlockDataRoaming | Boolean | Indicates whether or not to block data roaming. |
| cellularBlockGlobalBackgroundFetchWhileRoaming | Boolean | Indicates whether or not to block global background fetch while roaming. |
| cellularBlockPerAppDataModification | Boolean | Indicates whether or not to allow changes to cellular app data usage settings when the device is in supervised mode. |
| cellularBlockPersonalHotspot | Boolean | Indicates whether or not to block Personal Hotspot. |
| cellularBlockVoiceRoaming | Boolean | Indicates whether or not to block voice roaming. |
| certificatesBlockUntrustedTlsCertificates | Boolean | Indicates whether or not to block untrusted TLS certificates. |
| classroomAppBlockRemoteScreenObservation | Boolean | Indicates whether or not to allow remote screen observation by Classroom app when the device is in supervised mode (iOS 9.3 and later). |
| classroomAppForceUnpromptedScreenObservation | Boolean | Indicates whether or not to automatically give permission to the teacher of a managed course on the Classroom app to view a student's screen without prompting when the device is in supervised mode. |
| compliantAppsList | appListItem collection | List of apps in the compliance (either allow list or block list, controlled by CompliantAppListType). This collection can contain a maximum of 10000 elements. |
| compliantAppListType | appListType | List that is in the AppComplianceList. Possible values are: none, appsInListCompliant, appsNotInListCompliant. |
| configurationProfileBlockChanges | Boolean | Indicates whether or not to block the user from installing configuration profiles and certificates interactively when the device is in supervised mode. |
| definitionLookupBlocked | Boolean | Indicates whether or not to block definition lookup when the device is in supervised mode (iOS 8.1.3 and later ). |
| deviceBlockEnableRestrictions | Boolean | Indicates whether or not to allow the user to enables restrictions in the device settings when the device is in supervised mode. |
| deviceBlockEraseContentAndSettings | Boolean | Indicates whether or not to allow the use of the 'Erase all content and settings' option on the device when the device is in supervised mode. |
| deviceBlockNameModification | Boolean | Indicates whether or not to allow device name modification when the device is in supervised mode (iOS 9.0 and later). |
| diagnosticDataBlockSubmission | Boolean | Indicates whether or not to block diagnostic data submission. |
| diagnosticDataBlockSubmissionModification | Boolean | Indicates whether or not to allow diagnostics submission settings modification when the device is in supervised mode (iOS 9.3.2 and later). |
| documentsBlockManagedDocumentsInUnmanagedApps | Boolean | Indicates whether or not to block the user from viewing managed documents in unmanaged apps. |
| documentsBlockUnmanagedDocumentsInManagedApps | Boolean | Indicates whether or not to block the user from viewing unmanaged documents in managed apps. |
| emailInDomainSuffixes | String collection | An email address lacking a suffix that matches any of these strings will be considered out-of-domain. |
| enterpriseAppBlockTrust | Boolean | Indicates whether or not to block the user from trusting an enterprise app. |
| enterpriseAppBlockTrustModification | Boolean | [Deprecated] Configuring this setting and setting the value to 'true' has no effect on the device. |
| faceTimeBlocked | Boolean | Indicates whether or not to block the user from using FaceTime. Requires a supervised device for iOS 13 and later. |
| findMyFriendsBlocked | Boolean | Indicates whether or not to block changes to Find My Friends when the device is in supervised mode. |
| gamingBlockGameCenterFriends | Boolean | Indicates whether or not to block the user from having friends in Game Center. Requires a supervised device for iOS 13 and later. |
| gamingBlockMultiplayer | Boolean | Indicates whether or not to block the user from using multiplayer gaming. Requires a supervised device for iOS 13 and later. |
| gameCenterBlocked | Boolean | Indicates whether or not to block the user from using Game Center when the device is in supervised mode. |
| hostPairingBlocked | Boolean | indicates whether or not to allow host pairing to control the devices an iOS device can pair with when the iOS device is in supervised mode. |
| iBooksStoreBlocked | Boolean | Indicates whether or not to block the user from using the iBooks Store when the device is in supervised mode. |
| iBooksStoreBlockErotica | Boolean | Indicates whether or not to block the user from downloading media from the iBookstore that has been tagged as erotica. |
| iCloudBlockActivityContinuation | Boolean | Indicates whether or not to block the user from continuing work they started on iOS device to another iOS or macOS device. |
| iCloudBlockBackup | Boolean | Indicates whether or not to block iCloud backup. Requires a supervised device for iOS 13 and later. |
| iCloudBlockDocumentSync | Boolean | Indicates whether or not to block iCloud document sync. Requires a supervised device for iOS 13 and later. |
| iCloudBlockManagedAppsSync | Boolean | Indicates whether or not to block Managed Apps Cloud Sync. |
| iCloudBlockPhotoLibrary | Boolean | Indicates whether or not to block iCloud Photo Library. |
| iCloudBlockPhotoStreamSync | Boolean | Indicates whether or not to block iCloud Photo Stream Sync. |
| iCloudBlockSharedPhotoStream | Boolean | Indicates whether or not to block Shared Photo Stream. |
| iCloudRequireEncryptedBackup | Boolean | Indicates whether or not to require backups to iCloud be encrypted. |
| iTunesBlockExplicitContent | Boolean | Indicates whether or not to block the user from accessing explicit content in iTunes and the App Store. Requires a supervised device for iOS 13 and later. |
| iTunesBlockMusicService | Boolean | Indicates whether or not to block Music service and revert Music app to classic mode when the device is in supervised mode (iOS 9.3 and later and macOS 10.12 and later). |
| iTunesBlockRadio | Boolean | Indicates whether or not to block the user from using iTunes Radio when the device is in supervised mode (iOS 9.3 and later). |
| keyboardBlockAutoCorrect | Boolean | Indicates whether or not to block keyboard auto-correction when the device is in supervised mode (iOS 8.1.3 and later). |
| keyboardBlockDictation | Boolean | Indicates whether or not to block the user from using dictation input when the device is in supervised mode. |
| keyboardBlockPredictive | Boolean | Indicates whether or not to block predictive keyboards when device is in supervised mode (iOS 8.1.3 and later). |
| keyboardBlockShortcuts | Boolean | Indicates whether or not to block keyboard shortcuts when the device is in supervised mode (iOS 9.0 and later). |
| keyboardBlockSpellCheck | Boolean | Indicates whether or not to block keyboard spell-checking when the device is in supervised mode (iOS 8.1.3 and later). |
| kioskModeAllowAssistiveSpeak | Boolean | Indicates whether or not to allow assistive speak while in kiosk mode. |
| kioskModeAllowAssistiveTouchSettings | Boolean | Indicates whether or not to allow access to the Assistive Touch Settings while in kiosk mode. |
| kioskModeAllowAutoLock | Boolean | Indicates whether or not to allow device auto lock while in kiosk mode. This property's functionality is redundant with the OS default and is deprecated. Use KioskModeBlockAutoLock instead. |
| kioskModeAllowColorInversionSettings | Boolean | Indicates whether or not to allow access to the Color Inversion Settings while in kiosk mode. |
| kioskModeAllowRingerSwitch | Boolean | Indicates whether or not to allow use of the ringer switch while in kiosk mode. This property's functionality is redundant with the OS default and is deprecated. Use KioskModeBlockRingerSwitch instead. |
| kioskModeAllowScreenRotation | Boolean | Indicates whether or not to allow screen rotation while in kiosk mode. This property's functionality is redundant with the OS default and is deprecated. Use KioskModeBlockScreenRotation instead. |
| kioskModeAllowSleepButton | Boolean | Indicates whether or not to allow use of the sleep button while in kiosk mode. This property's functionality is redundant with the OS default and is deprecated. Use KioskModeBlockSleepButton instead. |
| kioskModeAllowTouchscreen | Boolean | Indicates whether or not to allow use of the touchscreen while in kiosk mode. This property's functionality is redundant with the OS default and is deprecated. Use KioskModeBlockTouchscreen instead. |
| kioskModeAllowVoiceOverSettings | Boolean | Indicates whether or not to allow access to the voice over settings while in kiosk mode. |
| kioskModeAllowVolumeButtons | Boolean | Indicates whether or not to allow use of the volume buttons while in kiosk mode. This property's functionality is redundant with the OS default and is deprecated. Use KioskModeBlockVolumeButtons instead. |
| kioskModeAllowZoomSettings | Boolean | Indicates whether or not to allow access to the zoom settings while in kiosk mode. |
| kioskModeAppStoreUrl | String | URL in the app store to the app to use for kiosk mode. Use if KioskModeManagedAppId is not known. |
| kioskModeBuiltInAppId | String | ID for built-in apps to use for kiosk mode. Used when KioskModeManagedAppId and KioskModeAppStoreUrl are not set. |
| kioskModeRequireAssistiveTouch | Boolean | Indicates whether or not to require assistive touch while in kiosk mode. |
| kioskModeRequireColorInversion | Boolean | Indicates whether or not to require color inversion while in kiosk mode. |
| kioskModeRequireMonoAudio | Boolean | Indicates whether or not to require mono audio while in kiosk mode. |
| kioskModeRequireVoiceOver | Boolean | Indicates whether or not to require voice over while in kiosk mode. |
| kioskModeRequireZoom | Boolean | Indicates whether or not to require zoom while in kiosk mode. |
| kioskModeManagedAppId | String | Managed app id of the app to use for kiosk mode. If KioskModeManagedAppId is specified then KioskModeAppStoreUrl will be ignored. |
| lockScreenBlockControlCenter | Boolean | Indicates whether or not to block the user from using control center on the lock screen. |
| lockScreenBlockNotificationView | Boolean | Indicates whether or not to block the user from using the notification view on the lock screen. |
| lockScreenBlockPassbook | Boolean | Indicates whether or not to block the user from using passbook when the device is locked. |
| lockScreenBlockTodayView | Boolean | Indicates whether or not to block the user from using the Today View on the lock screen. |
| mediaContentRatingAustralia | mediaContentRatingAustralia | Media content rating settings for Australia |
| mediaContentRatingCanada | mediaContentRatingCanada | Media content rating settings for Canada |
| mediaContentRatingFrance | mediaContentRatingFrance | Media content rating settings for France |
| mediaContentRatingGermany | mediaContentRatingGermany | Media content rating settings for Germany |
| mediaContentRatingIreland | mediaContentRatingIreland | Media content rating settings for Ireland |
| mediaContentRatingJapan | mediaContentRatingJapan | Media content rating settings for Japan |
| mediaContentRatingNewZealand | mediaContentRatingNewZealand | Media content rating settings for New Zealand |
| mediaContentRatingUnitedKingdom | mediaContentRatingUnitedKingdom | Media content rating settings for United Kingdom |
| mediaContentRatingUnitedStates | mediaContentRatingUnitedStates | Media content rating settings for United States |
| networkUsageRules | iosNetworkUsageRule collection | List of managed apps and the network rules that applies to them. This collection can contain a maximum of 1000 elements. |
| mediaContentRatingApps | ratingAppsType | Media content rating settings for Apps. Possible values are: allAllowed, allBlocked, agesAbove4, agesAbove9, agesAbove12, agesAbove17. |
| messagesBlocked | Boolean | Indicates whether or not to block the user from using the Messages app on the supervised device. |
| notificationsBlockSettingsModification | Boolean | Indicates whether or not to allow notifications settings modification (iOS 9.3 and later). |
| passcodeBlockFingerprintUnlock | Boolean | Indicates whether or not to block fingerprint unlock. |
| passcodeBlockFingerprintModification | Boolean | Block modification of registered Touch ID fingerprints when in supervised mode. |
| passcodeBlockModification | Boolean | Indicates whether or not to allow passcode modification on the supervised device (iOS 9.0 and later). |
| passcodeBlockSimple | Boolean | Indicates whether or not to block simple passcodes. |
| passcodeExpirationDays | Int32 | Number of days before the passcode expires. Valid values 1 to 65535 |
| passcodeMinimumLength | Int32 | Minimum length of passcode. Valid values 4 to 14 |
| passcodeMinutesOfInactivityBeforeLock | Int32 | Minutes of inactivity before a passcode is required. |
| passcodeMinutesOfInactivityBeforeScreenTimeout | Int32 | Minutes of inactivity before the screen times out. |
| passcodeMinimumCharacterSetCount | Int32 | Number of character sets a passcode must contain. Valid values 0 to 4 |
| passcodePreviousPasscodeBlockCount | Int32 | Number of previous passcodes to block. Valid values 1 to 24 |
| passcodeSignInFailureCountBeforeWipe | Int32 | Number of sign in failures allowed before wiping the device. Valid values 2 to 11 |
| passcodeRequiredType | requiredPasswordType | Type of passcode that is required. Possible values are: deviceDefault, alphanumeric, numeric. |
| passcodeRequired | Boolean | Indicates whether or not to require a passcode. |
| podcastsBlocked | Boolean | Indicates whether or not to block the user from using podcasts on the supervised device (iOS 8.0 and later). |
| safariBlockAutofill | Boolean | Indicates whether or not to block the user from using Auto fill in Safari. Requires a supervised device for iOS 13 and later. |
| safariBlockJavaScript | Boolean | Indicates whether or not to block JavaScript in Safari. |
| safariBlockPopups | Boolean | Indicates whether or not to block popups in Safari. |
| safariBlocked | Boolean | Indicates whether or not to block the user from using Safari. Requires a supervised device for iOS 13 and later. |
| safariCookieSettings | webBrowserCookieSettings | Cookie settings for Safari. Possible values are: browserDefault, blockAlways, allowCurrentWebSite, allowFromWebsitesVisited, allowAlways. |
| safariManagedDomains | String collection | URLs matching the patterns listed here will be considered managed. |
| safariPasswordAutoFillDomains | String collection | Users can save passwords in Safari only from URLs matching the patterns listed here. Applies to devices in supervised mode (iOS 9.3 and later). |
| safariRequireFraudWarning | Boolean | Indicates whether or not to require fraud warning in Safari. |
| screenCaptureBlocked | Boolean | Indicates whether or not to block the user from taking Screenshots. |
| siriBlocked | Boolean | Indicates whether or not to block the user from using Siri. |
| siriBlockedWhenLocked | Boolean | Indicates whether or not to block the user from using Siri when locked. |
| siriBlockUserGeneratedContent | Boolean | Indicates whether or not to block Siri from querying user-generated content when used on a supervised device. |
| siriRequireProfanityFilter | Boolean | Indicates whether or not to prevent Siri from dictating, or speaking profane language on supervised device. |
| spotlightBlockInternetResults | Boolean | Indicates whether or not to block Spotlight search from returning internet results on supervised device. |
| voiceDialingBlocked | Boolean | Indicates whether or not to block voice dialing. |
| wallpaperBlockModification | Boolean | Indicates whether or not to allow wallpaper modification on supervised device (iOS 9.0 and later) . |
| wiFiConnectOnlyToConfiguredNetworks | Boolean | Indicates whether or not to force the device to use only Wi-Fi networks from configuration profiles when the device is in supervised mode. Available for devices running iOS and iPadOS versions 14.4 and earlier. Devices running 14.5+ should use the setting, “WiFiConnectToAllowedNetworksOnlyForced. |
Graph reference: iosikEv2VpnConfiguration
| Property | Type | Description |
|---|---|---|
| id | String | Key of the entity. Inherited from deviceConfiguration |
| lastModifiedDateTime | DateTimeOffset | DateTime the object was last modified. Inherited from deviceConfiguration |
| roleScopeTagIds | String collection | List of Scope Tags for this Entity instance. Inherited from deviceConfiguration |
| supportsScopeTags | Boolean | Indicates whether or not the underlying Device Configuration supports the assignment of scope tags. Assigning to the ScopeTags property is not allowed when this value is false and entities will not be visible to scoped users. This occurs for Legacy policies created in Silverlight and can be resolved by deleting and recreating the policy in the Azure Portal. This property is read-only. Inherited from deviceConfiguration |
| deviceManagementApplicabilityRuleOsEdition | deviceManagementApplicabilityRuleOsEdition | The OS edition applicability for this Policy. Inherited from deviceConfiguration |
| deviceManagementApplicabilityRuleOsVersion | deviceManagementApplicabilityRuleOsVersion | The OS version applicability rule for this Policy. Inherited from deviceConfiguration |
| deviceManagementApplicabilityRuleDeviceMode | deviceManagementApplicabilityRuleDeviceMode | The device mode applicability rule for this Policy. Inherited from deviceConfiguration |
| createdDateTime | DateTimeOffset | DateTime the object was created. Inherited from deviceConfiguration |
| description | String | Admin provided description of the Device Configuration. Inherited from deviceConfiguration |
| displayName | String | Admin provided name of the device configuration. Inherited from deviceConfiguration |
| version | Int32 | Version of the device configuration. Inherited from deviceConfiguration |
| connectionName | String | Connection name displayed to the user. Inherited from appleVpnConfiguration |
| connectionType | appleVpnConnectionType | Connection type. Inherited from appleVpnConfiguration. Possible values are: ciscoAnyConnect, pulseSecure, f5EdgeClient, dellSonicWallMobileConnect, checkPointCapsuleVpn, customVpn, ciscoIPSec, citrix, ciscoAnyConnectV2, paloAltoGlobalProtect, zscalerPrivateAccess, f5Access2018, citrixSso, paloAltoGlobalProtectV2, ikEv2, alwaysOn, microsoftTunnel, netMotionMobility, microsoftProtect. |
| loginGroupOrDomain | String | Login group or domain when connection type is set to Dell SonicWALL Mobile Connection. Inherited from appleVpnConfiguration |
| role | String | Role when connection type is set to Pulse Secure. Inherited from appleVpnConfiguration |
| realm | String | Realm when connection type is set to Pulse Secure. Inherited from appleVpnConfiguration |
| server | vpnServer | VPN Server on the network. Make sure end users can access this network location. Inherited from appleVpnConfiguration |
| identifier | String | Identifier provided by VPN vendor when connection type is set to Custom VPN. For example: Cisco AnyConnect uses an identifier of the form com.cisco.anyconnect.applevpn.plugin Inherited from appleVpnConfiguration |
| customData | keyValue collection | Custom data when connection type is set to Custom VPN. Use this field to enable functionality not supported by Intune, but available in your VPN solution. Contact your VPN vendor to learn how to add these key/value pairs. This collection can contain a maximum of 25 elements. Inherited from appleVpnConfiguration |
| customKeyValueData | keyValuePair collection | Custom data when connection type is set to Custom VPN. Use this field to enable functionality not supported by Intune, but available in your VPN solution. Contact your VPN vendor to learn how to add these key/value pairs. This collection can contain a maximum of 25 elements. Inherited from appleVpnConfiguration |
| enableSplitTunneling | Boolean | Send all network traffic through VPN. Inherited from appleVpnConfiguration |
| authenticationMethod | vpnAuthenticationMethod | Authentication method for this VPN connection. Inherited from appleVpnConfiguration. Possible values are: certificate, usernameAndPassword, sharedSecret, derivedCredential, azureAD. |
| enablePerApp | Boolean | Setting this to true creates Per-App VPN payload which can later be associated with Apps that can trigger this VPN conneciton on the end user's iOS device. Inherited from appleVpnConfiguration |
| safariDomains | String collection | Safari domains when this VPN per App setting is enabled. In addition to the apps associated with this VPN, Safari domains specified here will also be able to trigger this VPN connection. Inherited from appleVpnConfiguration |
| onDemandRules | vpnOnDemandRule collection | On-Demand Rules. This collection can contain a maximum of 500 elements. Inherited from appleVpnConfiguration |
| providerType | vpnProviderType | Provider type for per-app VPN. Inherited from appleVpnConfiguration. Possible values are: notConfigured, appProxy, packetTunnel. |
| associatedDomains | String collection | Associated Domains Inherited from appleVpnConfiguration |
| excludedDomains | String collection | Domains that are accessed through the public internet instead of through VPN, even when per-app VPN is activated Inherited from appleVpnConfiguration |
| disableOnDemandUserOverride | Boolean | Toggle to prevent user from disabling automatic VPN in the Settings app Inherited from appleVpnConfiguration |
| disconnectOnIdle | Boolean | Whether to disconnect after on-demand connection idles Inherited from appleVpnConfiguration |
| disconnectOnIdleTimerInSeconds | Int32 | The length of time in seconds to wait before disconnecting an on-demand connection. Valid values 0 to 65535 Inherited from appleVpnConfiguration |
| proxyServer | vpnProxyServer | Proxy Server. Inherited from appleVpnConfiguration |
| optInToDeviceIdSharing | Boolean | Opt-In to sharing the device's Id to third-party vpn clients for use during network access control validation. Inherited from appleVpnConfiguration |
| userDomain | String | Zscaler only. Enter a static domain to pre-populate the login field with in the Zscaler app. If this is left empty, the user's Azure Active Directory domain will be used instead. Inherited from iosVpnConfiguration |
| strictEnforcement | Boolean | Zscaler only. Blocks network traffic until the user signs into Zscaler app. "True" means traffic is blocked. Inherited from iosVpnConfiguration |
| cloudName | String | Zscaler only. Zscaler cloud which the user is assigned to. Inherited from iosVpnConfiguration |
| excludeList | String collection | Zscaler only. List of network addresses which are not sent through the Zscaler cloud. Inherited from iosVpnConfiguration |
| targetedMobileApps | appListItem collection | Targeted mobile apps. This collection can contain a maximum of 500 elements. Inherited from iosVpnConfiguration |
| microsoftTunnelSiteId | String | Microsoft Tunnel site ID. Inherited from iosVpnConfiguration |
| childSecurityAssociationParameters | iosVpnSecurityAssociationParameters | Child Security Association Parameters |
| clientAuthenticationType | vpnClientAuthenticationType | Type of Client Authentication the VPN client will use. Possible values are: userAuthentication, deviceAuthentication. |
| deadPeerDetectionRate | vpnDeadPeerDetectionRate | Determine how often to check if a peer connection is still active. . Possible values are: medium, none, low, high. |
| disableMobilityAndMultihoming | Boolean | Disable MOBIKE |
| disableRedirect | Boolean | Disable Redirect |
| enableCertificateRevocationCheck | Boolean | Enables a best-effort revocation check; server response timeouts will not cause it to fail |
| enableEAP | Boolean | Enables EAP only authentication |
| enablePerfectForwardSecrecy | Boolean | Enable Perfect Forward Secrecy (PFS). |
| enableUseInternalSubnetAttributes | Boolean | Enable Use Internal Subnet Attributes. |
| localIdentifier | vpnLocalIdentifier | Method of identifying the client that is trying to connect via VPN. . Possible values are: deviceFQDN, empty, clientCertificateSubjectName. |
| remoteIdentifier | String | Address of the IKEv2 server. Must be a FQDN, UserFQDN, network address, or ASN1DN |
| securityAssociationParameters | iosVpnSecurityAssociationParameters | Security Association Parameters |
| serverCertificateCommonName | String | Common name of the IKEv2 Server Certificate used in Server Authentication |
| serverCertificateIssuerCommonName | String | Issuer Common name of the IKEv2 Server Certificate issuer used in Authentication |
| serverCertificateType | vpnServerCertificateType | The type of certificate the VPN server will present to the VPN client for authentication. Possible values are: rsa, ecdsa256, ecdsa384, ecdsa521. |
| sharedSecret | String | Used when Shared Secret Authentication is selected |
| tlsMaximumVersion | String | The maximum TLS version to be used with EAP-TLS authentication |
| tlsMinimumVersion | String | The minimum TLS version to be used with EAP-TLS authentication |
| allowDefaultSecurityAssociationParameters | Boolean | Allows the use of security association parameters by setting all parameters to the device's default unless explicitly specified. |
| allowDefaultChildSecurityAssociationParameters | Boolean | Allows the use of child security association parameters by setting all parameters to the device's default unless explicitly specified. |
| alwaysOnConfiguration | appleVpnAlwaysOnConfiguration | AlwaysOn Configuration |
| enableAlwaysOnConfiguration | Boolean | Determines if Always on VPN is enabled |
| mtuSizeInBytes | Int32 | Maximum transmission unit. Valid values 1280 to 1400 |
Graph reference: iosImportedPFXCertificateProfile
| Property | Type | Description |
|---|---|---|
| id | String | Key of the entity. Inherited from deviceConfiguration |
| lastModifiedDateTime | DateTimeOffset | DateTime the object was last modified. Inherited from deviceConfiguration |
| roleScopeTagIds | String collection | List of Scope Tags for this Entity instance. Inherited from deviceConfiguration |
| supportsScopeTags | Boolean | Indicates whether or not the underlying Device Configuration supports the assignment of scope tags. Assigning to the ScopeTags property is not allowed when this value is false and entities will not be visible to scoped users. This occurs for Legacy policies created in Silverlight and can be resolved by deleting and recreating the policy in the Azure Portal. This property is read-only. Inherited from deviceConfiguration |
| deviceManagementApplicabilityRuleOsEdition | deviceManagementApplicabilityRuleOsEdition | The OS edition applicability for this Policy. Inherited from deviceConfiguration |
| deviceManagementApplicabilityRuleOsVersion | deviceManagementApplicabilityRuleOsVersion | The OS version applicability rule for this Policy. Inherited from deviceConfiguration |
| deviceManagementApplicabilityRuleDeviceMode | deviceManagementApplicabilityRuleDeviceMode | The device mode applicability rule for this Policy. Inherited from deviceConfiguration |
| createdDateTime | DateTimeOffset | DateTime the object was created. Inherited from deviceConfiguration |
| description | String | Admin provided description of the Device Configuration. Inherited from deviceConfiguration |
| displayName | String | Admin provided name of the device configuration. Inherited from deviceConfiguration |
| version | Int32 | Version of the device configuration. Inherited from deviceConfiguration |
| intendedPurpose | intendedPurpose | Intended Purpose of the Certificate Profile - which could be Unassigned, SmimeEncryption, SmimeSigning etc. Possible values are: unassigned, smimeEncryption, smimeSigning, vpn, wifi. |
Graph reference: iosPkcsCertificateProfile
| Property | Type | Description |
|---|---|---|
| id | String | Key of the entity. Inherited from deviceConfiguration |
| lastModifiedDateTime | DateTimeOffset | DateTime the object was last modified. Inherited from deviceConfiguration |
| roleScopeTagIds | String collection | List of Scope Tags for this Entity instance. Inherited from deviceConfiguration |
| supportsScopeTags | Boolean | Indicates whether or not the underlying Device Configuration supports the assignment of scope tags. Assigning to the ScopeTags property is not allowed when this value is false and entities will not be visible to scoped users. This occurs for Legacy policies created in Silverlight and can be resolved by deleting and recreating the policy in the Azure Portal. This property is read-only. Inherited from deviceConfiguration |
| deviceManagementApplicabilityRuleOsEdition | deviceManagementApplicabilityRuleOsEdition | The OS edition applicability for this Policy. Inherited from deviceConfiguration |
| deviceManagementApplicabilityRuleOsVersion | deviceManagementApplicabilityRuleOsVersion | The OS version applicability rule for this Policy. Inherited from deviceConfiguration |
| deviceManagementApplicabilityRuleDeviceMode | deviceManagementApplicabilityRuleDeviceMode | The device mode applicability rule for this Policy. Inherited from deviceConfiguration |
| createdDateTime | DateTimeOffset | DateTime the object was created. Inherited from deviceConfiguration |
| description | String | Admin provided description of the Device Configuration. Inherited from deviceConfiguration |
| displayName | String | Admin provided name of the device configuration. Inherited from deviceConfiguration |
| version | Int32 | Version of the device configuration. Inherited from deviceConfiguration |
| renewalThresholdPercentage | Int32 | Certificate renewal threshold percentage. Valid values 1 to 99 Inherited from iosCertificateProfileBase |
| subjectNameFormat | appleSubjectNameFormat | Certificate Subject Name Format. Inherited from iosCertificateProfileBase. Possible values are: commonName, commonNameAsEmail, custom, commonNameIncludingEmail, commonNameAsIMEI, commonNameAsSerialNumber. |
| subjectAlternativeNameType | subjectAlternativeNameType | Certificate Subject Alternative Name type. Inherited from iosCertificateProfileBase. Possible values are: none, emailAddress, userPrincipalName, customAzureADAttribute, domainNameService, universalResourceIdentifier. |
| certificateValidityPeriodValue | Int32 | Value for the Certificate Validity Period. Inherited from iosCertificateProfileBase |
| certificateValidityPeriodScale | certificateValidityPeriodScale | Scale for the Certificate Validity Period. Inherited from iosCertificateProfileBase. Possible values are: days, months, years. |
| certificationAuthority | String | PKCS Certification Authority. |
| certificationAuthorityName | String | PKCS Certification Authority Name. |
| certificateTemplateName | String | PKCS Certificate Template Name. |
| subjectAlternativeNameFormatString | String | Custom String that defines the AAD Attribute. |
| subjectNameFormatString | String | Custom format to use with SubjectNameFormat = Custom. Example: CN={{EmailAddress}},E={{EmailAddress}},OU=Enterprise Users,O=Contoso Corporation,L=Redmond,ST=WA,C=US |
| certificateStore | certificateStore | Target store certificate. Possible values are: user, machine. |
| customSubjectAlternativeNames | customSubjectAlternativeName collection | Custom Subject Alternative Name Settings. This collection can contain a maximum of 500 elements. |
Graph reference: iosScepCertificateProfile
| Property | Type | Description |
|---|---|---|
| id | String | Key of the entity. Inherited from deviceConfiguration |
| lastModifiedDateTime | DateTimeOffset | DateTime the object was last modified. Inherited from deviceConfiguration |
| roleScopeTagIds | String collection | List of Scope Tags for this Entity instance. Inherited from deviceConfiguration |
| supportsScopeTags | Boolean | Indicates whether or not the underlying Device Configuration supports the assignment of scope tags. Assigning to the ScopeTags property is not allowed when this value is false and entities will not be visible to scoped users. This occurs for Legacy policies created in Silverlight and can be resolved by deleting and recreating the policy in the Azure Portal. This property is read-only. Inherited from deviceConfiguration |
| deviceManagementApplicabilityRuleOsEdition | deviceManagementApplicabilityRuleOsEdition | The OS edition applicability for this Policy. Inherited from deviceConfiguration |
| deviceManagementApplicabilityRuleOsVersion | deviceManagementApplicabilityRuleOsVersion | The OS version applicability rule for this Policy. Inherited from deviceConfiguration |
| deviceManagementApplicabilityRuleDeviceMode | deviceManagementApplicabilityRuleDeviceMode | The device mode applicability rule for this Policy. Inherited from deviceConfiguration |
| createdDateTime | DateTimeOffset | DateTime the object was created. Inherited from deviceConfiguration |
| description | String | Admin provided description of the Device Configuration. Inherited from deviceConfiguration |
| displayName | String | Admin provided name of the device configuration. Inherited from deviceConfiguration |
| version | Int32 | Version of the device configuration. Inherited from deviceConfiguration |
| renewalThresholdPercentage | Int32 | Certificate renewal threshold percentage. Valid values 1 to 99 Inherited from iosCertificateProfileBase |
| subjectNameFormat | appleSubjectNameFormat | Certificate Subject Name Format. Inherited from iosCertificateProfileBase. Possible values are: commonName, commonNameAsEmail, custom, commonNameIncludingEmail, commonNameAsIMEI, commonNameAsSerialNumber. |
| subjectAlternativeNameType | subjectAlternativeNameType | Certificate Subject Alternative Name type. Inherited from iosCertificateProfileBase. Possible values are: none, emailAddress, userPrincipalName, customAzureADAttribute, domainNameService, universalResourceIdentifier. |
| certificateValidityPeriodValue | Int32 | Value for the Certificate Validity Period. Inherited from iosCertificateProfileBase |
| certificateValidityPeriodScale | certificateValidityPeriodScale | Scale for the Certificate Validity Period. Inherited from iosCertificateProfileBase. Possible values are: days, months, years. |
| scepServerUrls | String collection | SCEP Server Url(s). |
| subjectNameFormatString | String | Custom format to use with SubjectNameFormat = Custom. Example: CN={{EmailAddress}},E={{EmailAddress}},OU=Enterprise Users,O=Contoso Corporation,L=Redmond,ST=WA,C=US |
| keyUsage | keyUsages | SCEP Key Usage. Possible values are: keyEncipherment, digitalSignature. |
| keySize | keySize | SCEP Key Size. Possible values are: size1024, size2048, size4096. |
| extendedKeyUsages | extendedKeyUsage collection | Extended Key Usage (EKU) settings. This collection can contain a maximum of 500 elements. |
| subjectAlternativeNameFormatString | String | Custom String that defines the AAD Attribute. |
| certificateStore | certificateStore | Target store certificate. Possible values are: user, machine. |
| customSubjectAlternativeNames | customSubjectAlternativeName collection | Custom Subject Alternative Name Settings. The OnPremisesUserPrincipalName variable is support as well as others documented here: https://go.microsoft.com/fwlink/?LinkId=2027630. This collection can contain a maximum of 500 elements. |
Graph reference: iosTrustedRootCertificate
| Property | Type | Description |
|---|---|---|
| id | String | Key of the entity. Inherited from deviceConfiguration |
| lastModifiedDateTime | DateTimeOffset | DateTime the object was last modified. Inherited from deviceConfiguration |
| roleScopeTagIds | String collection | List of Scope Tags for this Entity instance. Inherited from deviceConfiguration |
| supportsScopeTags | Boolean | Indicates whether or not the underlying Device Configuration supports the assignment of scope tags. Assigning to the ScopeTags property is not allowed when this value is false and entities will not be visible to scoped users. This occurs for Legacy policies created in Silverlight and can be resolved by deleting and recreating the policy in the Azure Portal. This property is read-only. Inherited from deviceConfiguration |
| deviceManagementApplicabilityRuleOsEdition | deviceManagementApplicabilityRuleOsEdition | The OS edition applicability for this Policy. Inherited from deviceConfiguration |
| deviceManagementApplicabilityRuleOsVersion | deviceManagementApplicabilityRuleOsVersion | The OS version applicability rule for this Policy. Inherited from deviceConfiguration |
| deviceManagementApplicabilityRuleDeviceMode | deviceManagementApplicabilityRuleDeviceMode | The device mode applicability rule for this Policy. Inherited from deviceConfiguration |
| createdDateTime | DateTimeOffset | DateTime the object was created. Inherited from deviceConfiguration |
| description | String | Admin provided description of the Device Configuration. Inherited from deviceConfiguration |
| displayName | String | Admin provided name of the device configuration. Inherited from deviceConfiguration |
| version | Int32 | Version of the device configuration. Inherited from deviceConfiguration |
| trustedRootCertificate | Binary | Trusted Root Certificate. |
| certFileName | String | File name to display in UI. |
Graph reference: iosUpdateConfiguration
| Property | Type | Description |
|---|---|---|
| id | String | Key of the entity. Inherited from deviceConfiguration |
| lastModifiedDateTime | DateTimeOffset | DateTime the object was last modified. Inherited from deviceConfiguration |
| createdDateTime | DateTimeOffset | DateTime the object was created. Inherited from deviceConfiguration |
| description | String | Admin provided description of the Device Configuration. Inherited from deviceConfiguration |
| displayName | String | Admin provided name of the device configuration. Inherited from deviceConfiguration |
| version | Int32 | Version of the device configuration. Inherited from deviceConfiguration |
| activeHoursStart | TimeOfDay | Active Hours Start (active hours mean the time window when updates install should not happen) |
| activeHoursEnd | TimeOfDay | Active Hours End (active hours mean the time window when updates install should not happen) |
| scheduledInstallDays | dayOfWeek collection | Days in week for which active hours are configured. This collection can contain a maximum of 7 elements. |
| utcTimeOffsetInMinutes | Int32 | UTC Time Offset indicated in minutes |
Graph reference: iosUpdateDeviceStatus
| Property | Type | Description |
|---|---|---|
| id | String | Key of the entity. |
| installStatus | iosUpdatesInstallStatus | The installation status of the policy report. Possible values are: success, available, idle, unknown, downloading, downloadFailed, downloadRequiresComputer, downloadInsufficientSpace, downloadInsufficientPower, downloadInsufficientNetwork, installing, installInsufficientSpace, installInsufficientPower, installPhoneCallInProgress, installFailed, notSupportedOperation, sharedDeviceUserLoggedInError, deviceOsHigherThanDesiredOsVersion. |
| osVersion | String | The device version that is being reported. |
| deviceId | String | The device id that is being reported. |
| userId | String | The User id that is being reported. |
| deviceDisplayName | String | Device name of the DevicePolicyStatus. |
| userName | String | The User Name that is being reported |
| deviceModel | String | The device model that is being reported |
| complianceGracePeriodExpirationDateTime | DateTimeOffset | The DateTime when device compliance grace period expires |
| status | complianceStatus | Compliance status of the policy report. Possible values are: unknown, notApplicable, compliant, remediated, nonCompliant, error, conflict, notAssigned. |
| lastReportedDateTime | DateTimeOffset | Last modified date time of the policy report. |
| userPrincipalName | String | UserPrincipalName. |
Graph reference: iosVpnConfiguration
| Property | Type | Description |
|---|---|---|
| id | String | Key of the entity. Inherited from deviceConfiguration |
| lastModifiedDateTime | DateTimeOffset | DateTime the object was last modified. Inherited from deviceConfiguration |
| roleScopeTagIds | String collection | List of Scope Tags for this Entity instance. Inherited from deviceConfiguration |
| supportsScopeTags | Boolean | Indicates whether or not the underlying Device Configuration supports the assignment of scope tags. Assigning to the ScopeTags property is not allowed when this value is false and entities will not be visible to scoped users. This occurs for Legacy policies created in Silverlight and can be resolved by deleting and recreating the policy in the Azure Portal. This property is read-only. Inherited from deviceConfiguration |
| deviceManagementApplicabilityRuleOsEdition | deviceManagementApplicabilityRuleOsEdition | The OS edition applicability for this Policy. Inherited from deviceConfiguration |
| deviceManagementApplicabilityRuleOsVersion | deviceManagementApplicabilityRuleOsVersion | The OS version applicability rule for this Policy. Inherited from deviceConfiguration |
| deviceManagementApplicabilityRuleDeviceMode | deviceManagementApplicabilityRuleDeviceMode | The device mode applicability rule for this Policy. Inherited from deviceConfiguration |
| createdDateTime | DateTimeOffset | DateTime the object was created. Inherited from deviceConfiguration |
| description | String | Admin provided description of the Device Configuration. Inherited from deviceConfiguration |
| displayName | String | Admin provided name of the device configuration. Inherited from deviceConfiguration |
| version | Int32 | Version of the device configuration. Inherited from deviceConfiguration |
| connectionName | String | Connection name displayed to the user. Inherited from appleVpnConfiguration |
| connectionType | appleVpnConnectionType | Connection type. Inherited from appleVpnConfiguration. Possible values are: ciscoAnyConnect, pulseSecure, f5EdgeClient, dellSonicWallMobileConnect, checkPointCapsuleVpn, customVpn, ciscoIPSec, citrix, ciscoAnyConnectV2, paloAltoGlobalProtect, zscalerPrivateAccess, f5Access2018, citrixSso, paloAltoGlobalProtectV2, ikEv2, alwaysOn, microsoftTunnel, netMotionMobility, microsoftProtect. |
| loginGroupOrDomain | String | Login group or domain when connection type is set to Dell SonicWALL Mobile Connection. Inherited from appleVpnConfiguration |
| role | String | Role when connection type is set to Pulse Secure. Inherited from appleVpnConfiguration |
| realm | String | Realm when connection type is set to Pulse Secure. Inherited from appleVpnConfiguration |
| server | vpnServer | VPN Server on the network. Make sure end users can access this network location. Inherited from appleVpnConfiguration |
| identifier | String | Identifier provided by VPN vendor when connection type is set to Custom VPN. For example: Cisco AnyConnect uses an identifier of the form com.cisco.anyconnect.applevpn.plugin Inherited from appleVpnConfiguration |
| customData | keyValue collection | Custom data when connection type is set to Custom VPN. Use this field to enable functionality not supported by Intune, but available in your VPN solution. Contact your VPN vendor to learn how to add these key/value pairs. This collection can contain a maximum of 25 elements. Inherited from appleVpnConfiguration |
| customKeyValueData | keyValuePair collection | Custom data when connection type is set to Custom VPN. Use this field to enable functionality not supported by Intune, but available in your VPN solution. Contact your VPN vendor to learn how to add these key/value pairs. This collection can contain a maximum of 25 elements. Inherited from appleVpnConfiguration |
| enableSplitTunneling | Boolean | Send all network traffic through VPN. Inherited from appleVpnConfiguration |
| authenticationMethod | vpnAuthenticationMethod | Authentication method for this VPN connection. Inherited from appleVpnConfiguration. Possible values are: certificate, usernameAndPassword, sharedSecret, derivedCredential, azureAD. |
| enablePerApp | Boolean | Setting this to true creates Per-App VPN payload which can later be associated with Apps that can trigger this VPN conneciton on the end user's iOS device. Inherited from appleVpnConfiguration |
| safariDomains | String collection | Safari domains when this VPN per App setting is enabled. In addition to the apps associated with this VPN, Safari domains specified here will also be able to trigger this VPN connection. Inherited from appleVpnConfiguration |
| onDemandRules | vpnOnDemandRule collection | On-Demand Rules. This collection can contain a maximum of 500 elements. Inherited from appleVpnConfiguration |
| providerType | vpnProviderType | Provider type for per-app VPN. Inherited from appleVpnConfiguration. Possible values are: notConfigured, appProxy, packetTunnel. |
| associatedDomains | String collection | Associated Domains Inherited from appleVpnConfiguration |
| excludedDomains | String collection | Domains that are accessed through the public internet instead of through VPN, even when per-app VPN is activated Inherited from appleVpnConfiguration |
| disableOnDemandUserOverride | Boolean | Toggle to prevent user from disabling automatic VPN in the Settings app Inherited from appleVpnConfiguration |
| disconnectOnIdle | Boolean | Whether to disconnect after on-demand connection idles Inherited from appleVpnConfiguration |
| disconnectOnIdleTimerInSeconds | Int32 | The length of time in seconds to wait before disconnecting an on-demand connection. Valid values 0 to 65535 Inherited from appleVpnConfiguration |
| proxyServer | vpnProxyServer | Proxy Server. Inherited from appleVpnConfiguration |
| optInToDeviceIdSharing | Boolean | Opt-In to sharing the device's Id to third-party vpn clients for use during network access control validation. Inherited from appleVpnConfiguration |
| userDomain | String | Zscaler only. Enter a static domain to pre-populate the login field with in the Zscaler app. If this is left empty, the user's Azure Active Directory domain will be used instead. |
| strictEnforcement | Boolean | Zscaler only. Blocks network traffic until the user signs into Zscaler app. "True" means traffic is blocked. |
| cloudName | String | Zscaler only. Zscaler cloud which the user is assigned to. |
| excludeList | String collection | Zscaler only. List of network addresses which are not sent through the Zscaler cloud. |
| targetedMobileApps | appListItem collection | Targeted mobile apps. This collection can contain a maximum of 500 elements. |
| microsoftTunnelSiteId | String | Microsoft Tunnel site ID. |
Graph reference: iosWiFiConfiguration
| Property | Type | Description |
|---|---|---|
| id | String | Key of the entity. Inherited from deviceConfiguration |
| lastModifiedDateTime | DateTimeOffset | DateTime the object was last modified. Inherited from deviceConfiguration |
| roleScopeTagIds | String collection | List of Scope Tags for this Entity instance. Inherited from deviceConfiguration |
| supportsScopeTags | Boolean | Indicates whether or not the underlying Device Configuration supports the assignment of scope tags. Assigning to the ScopeTags property is not allowed when this value is false and entities will not be visible to scoped users. This occurs for Legacy policies created in Silverlight and can be resolved by deleting and recreating the policy in the Azure Portal. This property is read-only. Inherited from deviceConfiguration |
| deviceManagementApplicabilityRuleOsEdition | deviceManagementApplicabilityRuleOsEdition | The OS edition applicability for this Policy. Inherited from deviceConfiguration |
| deviceManagementApplicabilityRuleOsVersion | deviceManagementApplicabilityRuleOsVersion | The OS version applicability rule for this Policy. Inherited from deviceConfiguration |
| deviceManagementApplicabilityRuleDeviceMode | deviceManagementApplicabilityRuleDeviceMode | The device mode applicability rule for this Policy. Inherited from deviceConfiguration |
| createdDateTime | DateTimeOffset | DateTime the object was created. Inherited from deviceConfiguration |
| description | String | Admin provided description of the Device Configuration. Inherited from deviceConfiguration |
| displayName | String | Admin provided name of the device configuration. Inherited from deviceConfiguration |
| version | Int32 | Version of the device configuration. Inherited from deviceConfiguration |
| networkName | String | Network Name |
| ssid | String | This is the name of the Wi-Fi network that is broadcast to all devices. |
| connectAutomatically | Boolean | Connect automatically when this network is in range. Setting this to true will skip the user prompt and automatically connect the device to Wi-Fi network. |
| connectWhenNetworkNameIsHidden | Boolean | Connect when the network is not broadcasting its name (SSID). When set to true, this profile forces the device to connect to a network that doesn't broadcast its SSID to all devices. |
| wiFiSecurityType | wiFiSecurityType | Indicates whether Wi-Fi endpoint uses an EAP based security type. Possible values are: open, wpaPersonal, wpaEnterprise, wep, wpa2Personal, wpa2Enterprise. |
| proxySettings | wiFiProxySetting | Proxy Type for this Wi-Fi connection. Possible values are: none, manual, automatic, unknownFutureValue. |
| proxyManualAddress | String | IP Address or DNS hostname of the proxy server when manual configuration is selected. |
| proxyManualPort | Int32 | Port of the proxy server when manual configuration is selected. |
| proxyAutomaticConfigurationUrl | String | URL of the proxy server automatic configuration script when automatic configuration is selected. This URL is typically the location of PAC (Proxy Auto Configuration) file. |
| disableMacAddressRandomization | Boolean | If set to true, forces devices connecting using this Wi-Fi profile to present their actual Wi-Fi MAC address instead of a random MAC address. Applies to iOS 14 and later. |
| preSharedKey | String | This is the pre-shared key for WPA Personal Wi-Fi network. |
Graph reference: macOSCertificateProfileBase
| Property | Type | Description |
|---|---|---|
| id | String | Key of the entity. Inherited from deviceConfiguration |
| lastModifiedDateTime | DateTimeOffset | DateTime the object was last modified. Inherited from deviceConfiguration |
| roleScopeTagIds | String collection | List of Scope Tags for this Entity instance. Inherited from deviceConfiguration |
| supportsScopeTags | Boolean | Indicates whether or not the underlying Device Configuration supports the assignment of scope tags. Assigning to the ScopeTags property is not allowed when this value is false and entities will not be visible to scoped users. This occurs for Legacy policies created in Silverlight and can be resolved by deleting and recreating the policy in the Azure Portal. This property is read-only. Inherited from deviceConfiguration |
| deviceManagementApplicabilityRuleOsEdition | deviceManagementApplicabilityRuleOsEdition | The OS edition applicability for this Policy. Inherited from deviceConfiguration |
| deviceManagementApplicabilityRuleOsVersion | deviceManagementApplicabilityRuleOsVersion | The OS version applicability rule for this Policy. Inherited from deviceConfiguration |
| deviceManagementApplicabilityRuleDeviceMode | deviceManagementApplicabilityRuleDeviceMode | The device mode applicability rule for this Policy. Inherited from deviceConfiguration |
| createdDateTime | DateTimeOffset | DateTime the object was created. Inherited from deviceConfiguration |
| description | String | Admin provided description of the Device Configuration. Inherited from deviceConfiguration |
| displayName | String | Admin provided name of the device configuration. Inherited from deviceConfiguration |
| version | Int32 | Version of the device configuration. Inherited from deviceConfiguration |
| renewalThresholdPercentage | Int32 | Certificate renewal threshold percentage. |
| subjectNameFormat | appleSubjectNameFormat | Certificate Subject Name Format. Possible values are: commonName, commonNameAsEmail, custom, commonNameIncludingEmail, commonNameAsIMEI, commonNameAsSerialNumber. |
| subjectAlternativeNameType | subjectAlternativeNameType | Certificate Subject Alternative Name Type. Possible values are: none, emailAddress, userPrincipalName, customAzureADAttribute, domainNameService, universalResourceIdentifier. |
| certificateValidityPeriodValue | Int32 | Value for the Certificate Validity Period. |
| certificateValidityPeriodScale | certificateValidityPeriodScale | Scale for the Certificate Validity Period. Possible values are: days, months, years. |
Graph reference: macOSCompliancePolicy
| Property | Type | Description |
|---|---|---|
| id | String | Key of the entity. Inherited from deviceCompliancePolicy |
| createdDateTime | DateTimeOffset | DateTime the object was created. Inherited from deviceCompliancePolicy |
| description | String | Admin provided description of the Device Configuration. Inherited from deviceCompliancePolicy |
| lastModifiedDateTime | DateTimeOffset | DateTime the object was last modified. Inherited from deviceCompliancePolicy |
| displayName | String | Admin provided name of the device configuration. Inherited from deviceCompliancePolicy |
| version | Int32 | Version of the device configuration. Inherited from deviceCompliancePolicy |
| passwordRequired | Boolean | Whether or not to require a password. |
| passwordBlockSimple | Boolean | Indicates whether or not to block simple passwords. |
| passwordExpirationDays | Int32 | Number of days before the password expires. Valid values 1 to 65535 |
| passwordMinimumLength | Int32 | Minimum length of password. Valid values 4 to 14 |
| passwordMinutesOfInactivityBeforeLock | Int32 | Minutes of inactivity before a password is required. |
| passwordPreviousPasswordBlockCount | Int32 | Number of previous passwords to block. Valid values 1 to 24 |
| passwordMinimumCharacterSetCount | Int32 | The number of character sets required in the password. |
| passwordRequiredType | requiredPasswordType | The required password type. Possible values are: deviceDefault, alphanumeric, numeric. |
| osMinimumVersion | String | Minimum MacOS version. |
| osMaximumVersion | String | Maximum MacOS version. |
| systemIntegrityProtectionEnabled | Boolean | Require that devices have enabled system integrity protection. |
| deviceThreatProtectionEnabled | Boolean | Require that devices have enabled device threat protection. |
| deviceThreatProtectionRequiredSecurityLevel | deviceThreatProtectionLevel | Require Mobile Threat Protection minimum risk level to report noncompliance. Possible values are: unavailable, secured, low, medium, high, notSet. |
| storageRequireEncryption | Boolean | Require encryption on Mac OS devices. |
| firewallEnabled | Boolean | Whether the firewall should be enabled or not. |
| firewallBlockAllIncoming | Boolean | Corresponds to the “Block all incoming connections” option. |
| firewallEnableStealthMode | Boolean | Corresponds to “Enable stealth mode.” |
Graph reference: macOSCustomAppConfiguration
| Property | Type | Description | |
|---|---|---|---|
| id | String | Key of the entity. Inherited from deviceConfiguration | |
| lastModifiedDateTime | DateTimeOffset | DateTime the object was last modified. Inherited from deviceConfiguration | |
| roleScopeTagIds | String collection | List of Scope Tags for this Entity instance. Inherited from deviceConfiguration | |
| supportsScopeTags | Boolean | Indicates whether or not the underlying Device Configuration supports the assignment of scope tags. Assigning to the ScopeTags property is not allowed when this value is false and entities will not be visible to scoped users. This occurs for Legacy policies created in Silverlight and can be resolved by deleting and recreating the policy in the Azure Portal. This property is read-only. Inherited from deviceConfiguration | |
| deviceManagementApplicabilityRuleOsEdition | deviceManagementApplicabilityRuleOsEdition | The OS edition applicability for this Policy. Inherited from deviceConfiguration | |
| deviceManagementApplicabilityRuleOsVersion | deviceManagementApplicabilityRuleOsVersion | The OS version applicability rule for this Policy. Inherited from deviceConfiguration | |
| deviceManagementApplicabilityRuleDeviceMode | deviceManagementApplicabilityRuleDeviceMode | The device mode applicability rule for this Policy. Inherited from deviceConfiguration | |
| createdDateTime | DateTimeOffset | DateTime the object was created. Inherited from deviceConfiguration | |
| description | String | Admin provided description of the Device Configuration. Inherited from deviceConfiguration | |
| displayName | String | Admin provided name of the device configuration. Inherited from deviceConfiguration | |
| version | Int32 | Version of the device configuration. Inherited from deviceConfiguration | |
| bundleId | String | Bundle id for targeting. | |
| fileName | String | Configuration file name (*.plist | *.xml). |
| configurationXml | Binary | Configuration xml. (UTF8 encoded byte array) |
Graph reference: macOSCustomConfiguration
| Property | Type | Description | |
|---|---|---|---|
| id | String | Key of the entity. Inherited from deviceConfiguration | |
| lastModifiedDateTime | DateTimeOffset | DateTime the object was last modified. Inherited from deviceConfiguration | |
| createdDateTime | DateTimeOffset | DateTime the object was created. Inherited from deviceConfiguration | |
| description | String | Admin provided description of the Device Configuration. Inherited from deviceConfiguration | |
| displayName | String | Admin provided name of the device configuration. Inherited from deviceConfiguration | |
| version | Int32 | Version of the device configuration. Inherited from deviceConfiguration | |
| payloadName | String | Name that is displayed to the user. | |
| payloadFileName | String | Payload file name (*.mobileconfig | *.xml). |
| payload | Binary | Payload. (UTF8 encoded byte array) |
Graph reference: macOSDeviceFeaturesConfiguration
| Property | Type | Description |
|---|---|---|
| id | String | Key of the entity. Inherited from deviceConfiguration |
| lastModifiedDateTime | DateTimeOffset | DateTime the object was last modified. Inherited from deviceConfiguration |
| createdDateTime | DateTimeOffset | DateTime the object was created. Inherited from deviceConfiguration |
| description | String | Admin provided description of the Device Configuration. Inherited from deviceConfiguration |
| displayName | String | Admin provided name of the device configuration. Inherited from deviceConfiguration |
| version | Int32 | Version of the device configuration. Inherited from deviceConfiguration |
Graph reference: macOSEndpointProtectionConfiguration
| Property | Type | Description |
|---|---|---|
| id | String | Key of the entity. Inherited from deviceConfiguration |
| lastModifiedDateTime | DateTimeOffset | DateTime the object was last modified. Inherited from deviceConfiguration |
| roleScopeTagIds | String collection | List of Scope Tags for this Entity instance. Inherited from deviceConfiguration |
| supportsScopeTags | Boolean | Indicates whether or not the underlying Device Configuration supports the assignment of scope tags. Assigning to the ScopeTags property is not allowed when this value is false and entities will not be visible to scoped users. This occurs for Legacy policies created in Silverlight and can be resolved by deleting and recreating the policy in the Azure Portal. This property is read-only. Inherited from deviceConfiguration |
| deviceManagementApplicabilityRuleOsEdition | deviceManagementApplicabilityRuleOsEdition | The OS edition applicability for this Policy. Inherited from deviceConfiguration |
| deviceManagementApplicabilityRuleOsVersion | deviceManagementApplicabilityRuleOsVersion | The OS version applicability rule for this Policy. Inherited from deviceConfiguration |
| deviceManagementApplicabilityRuleDeviceMode | deviceManagementApplicabilityRuleDeviceMode | The device mode applicability rule for this Policy. Inherited from deviceConfiguration |
| createdDateTime | DateTimeOffset | DateTime the object was created. Inherited from deviceConfiguration |
| description | String | Admin provided description of the Device Configuration. Inherited from deviceConfiguration |
| displayName | String | Admin provided name of the device configuration. Inherited from deviceConfiguration |
| version | Int32 | Version of the device configuration. Inherited from deviceConfiguration |
| gatekeeperAllowedAppSource | macOSGatekeeperAppSources | System and Privacy setting that determines which download locations apps can be run from on a macOS device. Possible values are: notConfigured, macAppStore, macAppStoreAndIdentifiedDevelopers, anywhere. |
| gatekeeperBlockOverride | Boolean | If set to true, the user override for Gatekeeper will be disabled. |
| firewallEnabled | Boolean | Whether the firewall should be enabled or not. |
| firewallBlockAllIncoming | Boolean | Corresponds to the “Block all incoming connections” option. |
| firewallEnableStealthMode | Boolean | Corresponds to “Enable stealth mode.” |
| firewallApplications | macOSFirewallApplication collection | List of applications with firewall settings. Firewall settings for applications not on this list are determined by the user. This collection can contain a maximum of 500 elements. |
| fileVaultEnabled | Boolean | Whether FileVault should be enabled or not. |
| fileVaultSelectedRecoveryKeyTypes | macOSFileVaultRecoveryKeyTypes | Required if FileVault is enabled, determines the type(s) of recovery key to use. . Possible values are: notConfigured, institutionalRecoveryKey, personalRecoveryKey. |
| fileVaultInstitutionalRecoveryKeyCertificate | Binary | Required if selected recovery key type(s) include InstitutionalRecoveryKey. The DER Encoded certificate file used to set an institutional recovery key. |
| fileVaultInstitutionalRecoveryKeyCertificateFileName | String | File name of the institutional recovery key certificate to display in UI. (*.der). |
| fileVaultPersonalRecoveryKeyHelpMessage | String | Required if selected recovery key type(s) include PersonalRecoveryKey. A short message displayed to the user that explains how they can retrieve their personal recovery key. |
| fileVaultAllowDeferralUntilSignOut | Boolean | Optional. If set to true, the user can defer the enabling of FileVault until they sign out. |
| fileVaultNumberOfTimesUserCanIgnore | Int32 | Optional. When using the Defer option, this is the maximum number of times the user can ignore prompts to enable FileVault before FileVault will be required for the user to sign in. If set to -1, it will always prompt to enable FileVault until FileVault is enabled, though it will allow the user to bypass enabling FileVault. Setting this to 0 will disable the feature. |
| fileVaultDisablePromptAtSignOut | Boolean | Optional. When using the Defer option, if set to true, the user is not prompted to enable FileVault at sign-out. |
| fileVaultPersonalRecoveryKeyRotationInMonths | Int32 | Optional. If selected recovery key type(s) include PersonalRecoveryKey, the frequency to rotate that key, in months. |
| fileVaultHidePersonalRecoveryKey | Boolean | Optional. A hidden personal recovery key does not appear on the user's screen during FileVault encryption, reducing the risk of it ending up in the wrong hands. |
| advancedThreatProtectionRealTime | enablement | Determines whether or not to enable real-time protection for Microsoft Defender Advanced Threat Protection on macOS. Possible values are: notConfigured, enabled, disabled. |
| advancedThreatProtectionCloudDelivered | enablement | Determines whether or not to enable cloud-delivered protection for Microsoft Defender Advanced Threat Protection on macOS. Possible values are: notConfigured, enabled, disabled. |
| advancedThreatProtectionAutomaticSampleSubmission | enablement | Determines whether or not to enable automatic file sample submission for Microsoft Defender Advanced Threat Protection on macOS. Possible values are: notConfigured, enabled, disabled. |
| advancedThreatProtectionDiagnosticDataCollection | enablement | Determines whether or not to enable diagnostic and usage data collection for Microsoft Defender Advanced Threat Protection on macOS. Possible values are: notConfigured, enabled, disabled. |
| advancedThreatProtectionExcludedFolders | String collection | A list of paths to folders to exclude from antivirus scanning for Microsoft Defender Advanced Threat Protection on macOS. |
| advancedThreatProtectionExcludedFiles | String collection | A list of paths to files to exclude from antivirus scanning for Microsoft Defender Advanced Threat Protection on macOS. |
| advancedThreatProtectionExcludedExtensions | String collection | A list of file extensions to exclude from antivirus scanning for Microsoft Defender Advanced Threat Protection on macOS. |
| advancedThreatProtectionExcludedProcesses | String collection | A list of process names to exclude from antivirus scanning for Microsoft Defender Advanced Threat Protection on macOS. |
Graph reference: macOSEnterpriseWiFiConfiguration
| Property | Type | Description |
|---|---|---|
| id | String | Key of the entity. Inherited from deviceConfiguration |
| lastModifiedDateTime | DateTimeOffset | DateTime the object was last modified. Inherited from deviceConfiguration |
| roleScopeTagIds | String collection | List of Scope Tags for this Entity instance. Inherited from deviceConfiguration |
| supportsScopeTags | Boolean | Indicates whether or not the underlying Device Configuration supports the assignment of scope tags. Assigning to the ScopeTags property is not allowed when this value is false and entities will not be visible to scoped users. This occurs for Legacy policies created in Silverlight and can be resolved by deleting and recreating the policy in the Azure Portal. This property is read-only. Inherited from deviceConfiguration |
| deviceManagementApplicabilityRuleOsEdition | deviceManagementApplicabilityRuleOsEdition | The OS edition applicability for this Policy. Inherited from deviceConfiguration |
| deviceManagementApplicabilityRuleOsVersion | deviceManagementApplicabilityRuleOsVersion | The OS version applicability rule for this Policy. Inherited from deviceConfiguration |
| deviceManagementApplicabilityRuleDeviceMode | deviceManagementApplicabilityRuleDeviceMode | The device mode applicability rule for this Policy. Inherited from deviceConfiguration |
| createdDateTime | DateTimeOffset | DateTime the object was created. Inherited from deviceConfiguration |
| description | String | Admin provided description of the Device Configuration. Inherited from deviceConfiguration |
| displayName | String | Admin provided name of the device configuration. Inherited from deviceConfiguration |
| version | Int32 | Version of the device configuration. Inherited from deviceConfiguration |
| networkName | String | Network Name Inherited from macOSWiFiConfiguration |
| ssid | String | This is the name of the Wi-Fi network that is broadcast to all devices. Inherited from macOSWiFiConfiguration |
| connectAutomatically | Boolean | Connect automatically when this network is in range. Setting this to true will skip the user prompt and automatically connect the device to Wi-Fi network. Inherited from macOSWiFiConfiguration |
| connectWhenNetworkNameIsHidden | Boolean | Connect when the network is not broadcasting its name (SSID). When set to true, this profile forces the device to connect to a network that doesn't broadcast its SSID to all devices. Inherited from macOSWiFiConfiguration |
| wiFiSecurityType | wiFiSecurityType | Indicates whether Wi-Fi endpoint uses an EAP based security type. Inherited from macOSWiFiConfiguration. Possible values are: open, wpaPersonal, wpaEnterprise, wep, wpa2Personal, wpa2Enterprise. |
| proxySettings | wiFiProxySetting | Proxy Type for this Wi-Fi connection Inherited from macOSWiFiConfiguration. Possible values are: none, manual, automatic, unknownFutureValue. |
| proxyManualAddress | String | IP Address or DNS hostname of the proxy server when manual configuration is selected. Inherited from macOSWiFiConfiguration |
| proxyManualPort | Int32 | Port of the proxy server when manual configuration is selected. Inherited from macOSWiFiConfiguration |
| proxyAutomaticConfigurationUrl | String | URL of the proxy server automatic configuration script when automatic configuration is selected. This URL is typically the location of PAC (Proxy Auto Configuration) file. Inherited from macOSWiFiConfiguration |
| deploymentChannel | appleDeploymentChannel | Indicates the deployment channel type used to deploy the configuration profile. Possible values are deviceChannel, userChannel. Inherited from macOSWiFiConfiguration. Possible values are: deviceChannel, userChannel, unknownFutureValue. |
| preSharedKey | String | This is the pre-shared key for WPA Personal Wi-Fi network. Inherited from macOSWiFiConfiguration |
| eapType | eapType | Extensible Authentication Protocol (EAP). Indicates the type of EAP protocol set on the Wi-Fi endpoint (router). Possible values are: eapTls, leap, eapSim, eapTtls, peap, eapFast, teap. |
| eapFastConfiguration | eapFastConfiguration | EAP-FAST Configuration Option when EAP-FAST is the selected EAP Type. Possible values are: noProtectedAccessCredential, useProtectedAccessCredential, useProtectedAccessCredentialAndProvision, useProtectedAccessCredentialAndProvisionAnonymously. |
| trustedServerCertificateNames | String collection | Trusted server certificate names when EAP Type is configured to EAP-TLS/TTLS/FAST or PEAP. This is the common name used in the certificates issued by your trusted certificate authority (CA). If you provide this information, you can bypass the dynamic trust dialog that is displayed on end users devices when they connect to this Wi-Fi network. |
| authenticationMethod | wiFiAuthenticationMethod | Authentication Method when EAP Type is configured to PEAP or EAP-TTLS. Possible values are: certificate, usernameAndPassword, derivedCredential. |
| innerAuthenticationProtocolForEapTtls | nonEapAuthenticationMethodForEapTtlsType | Non-EAP Method for Authentication (Inner Identity) when EAP Type is EAP-TTLS and Authenticationmethod is Username and Password. Possible values are: unencryptedPassword, challengeHandshakeAuthenticationProtocol, microsoftChap, microsoftChapVersionTwo. |
| outerIdentityPrivacyTemporaryValue | String | Enable identity privacy (Outer Identity) when EAP Type is configured to EAP-TTLS, EAP-FAST or PEAP. This property masks usernames with the text you enter. For example, if you use 'anonymous', each user that authenticates with this Wi-Fi connection using their real username is displayed as 'anonymous'. |
Graph reference: macOSExtensionsConfiguration
| Property | Type | Description |
|---|---|---|
| id | String | Key of the entity. Inherited from deviceConfiguration |
| lastModifiedDateTime | DateTimeOffset | DateTime the object was last modified. Inherited from deviceConfiguration |
| roleScopeTagIds | String collection | List of Scope Tags for this Entity instance. Inherited from deviceConfiguration |
| supportsScopeTags | Boolean | Indicates whether or not the underlying Device Configuration supports the assignment of scope tags. Assigning to the ScopeTags property is not allowed when this value is false and entities will not be visible to scoped users. This occurs for Legacy policies created in Silverlight and can be resolved by deleting and recreating the policy in the Azure Portal. This property is read-only. Inherited from deviceConfiguration |
| deviceManagementApplicabilityRuleOsEdition | deviceManagementApplicabilityRuleOsEdition | The OS edition applicability for this Policy. Inherited from deviceConfiguration |
| deviceManagementApplicabilityRuleOsVersion | deviceManagementApplicabilityRuleOsVersion | The OS version applicability rule for this Policy. Inherited from deviceConfiguration |
| deviceManagementApplicabilityRuleDeviceMode | deviceManagementApplicabilityRuleDeviceMode | The device mode applicability rule for this Policy. Inherited from deviceConfiguration |
| createdDateTime | DateTimeOffset | DateTime the object was created. Inherited from deviceConfiguration |
| description | String | Admin provided description of the Device Configuration. Inherited from deviceConfiguration |
| displayName | String | Admin provided name of the device configuration. Inherited from deviceConfiguration |
| version | Int32 | Version of the device configuration. Inherited from deviceConfiguration |
| kernelExtensionOverridesAllowed | Boolean | If set to true, users can approve additional kernel extensions not explicitly allowed by configurations profiles. |
| kernelExtensionAllowedTeamIdentifiers | String collection | All kernel extensions validly signed by the team identifiers in this list will be allowed to load. |
| kernelExtensionsAllowed | macOSKernelExtension collection | A list of kernel extensions that will be allowed to load. . This collection can contain a maximum of 500 elements. |
| systemExtensionsBlockOverride | Boolean | Gets or sets whether to allow the user to approve additional system extensions not explicitly allowed by configuration profiles. |
| systemExtensionsAllowedTeamIdentifiers | String collection | Gets or sets a list of allowed team identifiers. Any system extension signed with any of the specified team identifiers will be approved. |
| systemExtensionsAllowed | macOSSystemExtension collection | Gets or sets a list of allowed macOS system extensions. This collection can contain a maximum of 500 elements. |
| systemExtensionsAllowedTypes | macOSSystemExtensionTypeMapping collection | Gets or sets a list of allowed macOS system extension types. This collection can contain a maximum of 500 elements. |
Graph reference: macOSGeneralDeviceConfiguration
| Property | Type | Description |
|---|---|---|
| id | String | Key of the entity. Inherited from deviceConfiguration |
| lastModifiedDateTime | DateTimeOffset | DateTime the object was last modified. Inherited from deviceConfiguration |
| createdDateTime | DateTimeOffset | DateTime the object was created. Inherited from deviceConfiguration |
| description | String | Admin provided description of the Device Configuration. Inherited from deviceConfiguration |
| displayName | String | Admin provided name of the device configuration. Inherited from deviceConfiguration |
| version | Int32 | Version of the device configuration. Inherited from deviceConfiguration |
| compliantAppsList | appListItem collection | List of apps in the compliance (either allow list or block list, controlled by CompliantAppListType). This collection can contain a maximum of 10000 elements. |
| compliantAppListType | appListType | List that is in the CompliantAppsList. Possible values are: none, appsInListCompliant, appsNotInListCompliant. |
| emailInDomainSuffixes | String collection | An email address lacking a suffix that matches any of these strings will be considered out-of-domain. |
| passwordBlockSimple | Boolean | Block simple passwords. |
| passwordExpirationDays | Int32 | Number of days before the password expires. |
| passwordMinimumCharacterSetCount | Int32 | Number of character sets a password must contain. Valid values 0 to 4 |
| passwordMinimumLength | Int32 | Minimum length of passwords. |
| passwordMinutesOfInactivityBeforeLock | Int32 | Minutes of inactivity required before a password is required. |
| passwordMinutesOfInactivityBeforeScreenTimeout | Int32 | Minutes of inactivity required before the screen times out. |
| passwordPreviousPasswordBlockCount | Int32 | Number of previous passwords to block. |
| passwordRequiredType | requiredPasswordType | Type of password that is required. Possible values are: deviceDefault, alphanumeric, numeric. |
| passwordRequired | Boolean | Whether or not to require a password. |
Graph reference: macOSImportedPFXCertificateProfile
| Property | Type | Description |
|---|---|---|
| id | String | Key of the entity. Inherited from deviceConfiguration |
| lastModifiedDateTime | DateTimeOffset | DateTime the object was last modified. Inherited from deviceConfiguration |
| roleScopeTagIds | String collection | List of Scope Tags for this Entity instance. Inherited from deviceConfiguration |
| supportsScopeTags | Boolean | Indicates whether or not the underlying Device Configuration supports the assignment of scope tags. Assigning to the ScopeTags property is not allowed when this value is false and entities will not be visible to scoped users. This occurs for Legacy policies created in Silverlight and can be resolved by deleting and recreating the policy in the Azure Portal. This property is read-only. Inherited from deviceConfiguration |
| deviceManagementApplicabilityRuleOsEdition | deviceManagementApplicabilityRuleOsEdition | The OS edition applicability for this Policy. Inherited from deviceConfiguration |
| deviceManagementApplicabilityRuleOsVersion | deviceManagementApplicabilityRuleOsVersion | The OS version applicability rule for this Policy. Inherited from deviceConfiguration |
| deviceManagementApplicabilityRuleDeviceMode | deviceManagementApplicabilityRuleDeviceMode | The device mode applicability rule for this Policy. Inherited from deviceConfiguration |
| createdDateTime | DateTimeOffset | DateTime the object was created. Inherited from deviceConfiguration |
| description | String | Admin provided description of the Device Configuration. Inherited from deviceConfiguration |
| displayName | String | Admin provided name of the device configuration. Inherited from deviceConfiguration |
| version | Int32 | Version of the device configuration. Inherited from deviceConfiguration |
| renewalThresholdPercentage | Int32 | Certificate renewal threshold percentage. Inherited from macOSCertificateProfileBase |
| subjectNameFormat | appleSubjectNameFormat | Certificate Subject Name Format. Inherited from macOSCertificateProfileBase. Possible values are: commonName, commonNameAsEmail, custom, commonNameIncludingEmail, commonNameAsIMEI, commonNameAsSerialNumber. |
| subjectAlternativeNameType | subjectAlternativeNameType | Certificate Subject Alternative Name Type. Inherited from macOSCertificateProfileBase. Possible values are: none, emailAddress, userPrincipalName, customAzureADAttribute, domainNameService, universalResourceIdentifier. |
| certificateValidityPeriodValue | Int32 | Value for the Certificate Validity Period. Inherited from macOSCertificateProfileBase |
| certificateValidityPeriodScale | certificateValidityPeriodScale | Scale for the Certificate Validity Period. Inherited from macOSCertificateProfileBase. Possible values are: days, months, years. |
| intendedPurpose | intendedPurpose | Intended Purpose of the Certificate Profile - which could be Unassigned, SmimeEncryption, SmimeSigning etc. Possible values are: unassigned, smimeEncryption, smimeSigning, vpn, wifi. |
| deploymentChannel | appleDeploymentChannel | Indicates the deployment channel type used to deploy the configuration profile. Possible values are deviceChannel, userChannel. Possible values are: deviceChannel, userChannel, unknownFutureValue. |
Graph reference: macOSPkcsCertificateProfile
| Property | Type | Description |
|---|---|---|
| id | String | Key of the entity. Inherited from deviceConfiguration |
| lastModifiedDateTime | DateTimeOffset | DateTime the object was last modified. Inherited from deviceConfiguration |
| roleScopeTagIds | String collection | List of Scope Tags for this Entity instance. Inherited from deviceConfiguration |
| supportsScopeTags | Boolean | Indicates whether or not the underlying Device Configuration supports the assignment of scope tags. Assigning to the ScopeTags property is not allowed when this value is false and entities will not be visible to scoped users. This occurs for Legacy policies created in Silverlight and can be resolved by deleting and recreating the policy in the Azure Portal. This property is read-only. Inherited from deviceConfiguration |
| deviceManagementApplicabilityRuleOsEdition | deviceManagementApplicabilityRuleOsEdition | The OS edition applicability for this Policy. Inherited from deviceConfiguration |
| deviceManagementApplicabilityRuleOsVersion | deviceManagementApplicabilityRuleOsVersion | The OS version applicability rule for this Policy. Inherited from deviceConfiguration |
| deviceManagementApplicabilityRuleDeviceMode | deviceManagementApplicabilityRuleDeviceMode | The device mode applicability rule for this Policy. Inherited from deviceConfiguration |
| createdDateTime | DateTimeOffset | DateTime the object was created. Inherited from deviceConfiguration |
| description | String | Admin provided description of the Device Configuration. Inherited from deviceConfiguration |
| displayName | String | Admin provided name of the device configuration. Inherited from deviceConfiguration |
| version | Int32 | Version of the device configuration. Inherited from deviceConfiguration |
| renewalThresholdPercentage | Int32 | Certificate renewal threshold percentage. Inherited from macOSCertificateProfileBase |
| subjectNameFormat | appleSubjectNameFormat | Certificate Subject Name Format. Inherited from macOSCertificateProfileBase. Possible values are: commonName, commonNameAsEmail, custom, commonNameIncludingEmail, commonNameAsIMEI, commonNameAsSerialNumber. |
| subjectAlternativeNameType | subjectAlternativeNameType | Certificate Subject Alternative Name Type. Inherited from macOSCertificateProfileBase. Possible values are: none, emailAddress, userPrincipalName, customAzureADAttribute, domainNameService, universalResourceIdentifier. |
| certificateValidityPeriodValue | Int32 | Value for the Certificate Validity Period. Inherited from macOSCertificateProfileBase |
| certificateValidityPeriodScale | certificateValidityPeriodScale | Scale for the Certificate Validity Period. Inherited from macOSCertificateProfileBase. Possible values are: days, months, years. |
| certificationAuthority | String | PKCS certification authority FQDN. |
| certificationAuthorityName | String | PKCS certification authority Name. |
| certificateTemplateName | String | PKCS certificate template name. |
| subjectAlternativeNameFormatString | String | Format string that defines the subject alternative name. |
| subjectNameFormatString | String | Format string that defines the subject name. Example: CN={{EmailAddress}},E={{EmailAddress}},OU=Enterprise Users,O=Contoso Corporation,L=Redmond,ST=WA,C=US |
| certificateStore | certificateStore | Target store certificate. Possible values are: user, machine. |
| customSubjectAlternativeNames | customSubjectAlternativeName collection | Custom Subject Alternative Name Settings. This collection can contain a maximum of 500 elements. |
| allowAllAppsAccess | Boolean | AllowAllAppsAccess setting |
| deploymentChannel | appleDeploymentChannel | Indicates the deployment channel type used to deploy the configuration profile. Possible values are deviceChannel, userChannel. Possible values are: deviceChannel, userChannel, unknownFutureValue. |
Graph reference: macOSScepCertificateProfile
| Property | Type | Description |
|---|---|---|
| id | String | Key of the entity. Inherited from deviceConfiguration |
| lastModifiedDateTime | DateTimeOffset | DateTime the object was last modified. Inherited from deviceConfiguration |
| roleScopeTagIds | String collection | List of Scope Tags for this Entity instance. Inherited from deviceConfiguration |
| supportsScopeTags | Boolean | Indicates whether or not the underlying Device Configuration supports the assignment of scope tags. Assigning to the ScopeTags property is not allowed when this value is false and entities will not be visible to scoped users. This occurs for Legacy policies created in Silverlight and can be resolved by deleting and recreating the policy in the Azure Portal. This property is read-only. Inherited from deviceConfiguration |
| deviceManagementApplicabilityRuleOsEdition | deviceManagementApplicabilityRuleOsEdition | The OS edition applicability for this Policy. Inherited from deviceConfiguration |
| deviceManagementApplicabilityRuleOsVersion | deviceManagementApplicabilityRuleOsVersion | The OS version applicability rule for this Policy. Inherited from deviceConfiguration |
| deviceManagementApplicabilityRuleDeviceMode | deviceManagementApplicabilityRuleDeviceMode | The device mode applicability rule for this Policy. Inherited from deviceConfiguration |
| createdDateTime | DateTimeOffset | DateTime the object was created. Inherited from deviceConfiguration |
| description | String | Admin provided description of the Device Configuration. Inherited from deviceConfiguration |
| displayName | String | Admin provided name of the device configuration. Inherited from deviceConfiguration |
| version | Int32 | Version of the device configuration. Inherited from deviceConfiguration |
| renewalThresholdPercentage | Int32 | Certificate renewal threshold percentage. Inherited from macOSCertificateProfileBase |
| subjectNameFormat | appleSubjectNameFormat | Certificate Subject Name Format. Inherited from macOSCertificateProfileBase. Possible values are: commonName, commonNameAsEmail, custom, commonNameIncludingEmail, commonNameAsIMEI, commonNameAsSerialNumber. |
| subjectAlternativeNameType | subjectAlternativeNameType | Certificate Subject Alternative Name Type. Inherited from macOSCertificateProfileBase. Possible values are: none, emailAddress, userPrincipalName, customAzureADAttribute, domainNameService, universalResourceIdentifier. |
| certificateValidityPeriodValue | Int32 | Value for the Certificate Validity Period. Inherited from macOSCertificateProfileBase |
| certificateValidityPeriodScale | certificateValidityPeriodScale | Scale for the Certificate Validity Period. Inherited from macOSCertificateProfileBase. Possible values are: days, months, years. |
| scepServerUrls | String collection | SCEP Server Url(s). |
| subjectNameFormatString | String | Custom format to use with SubjectNameFormat = Custom. Example: CN={{EmailAddress}},E={{EmailAddress}},OU=Enterprise Users,O=Contoso Corporation,L=Redmond,ST=WA,C=US |
| keyUsage | keyUsages | SCEP Key Usage. Possible values are: keyEncipherment, digitalSignature. |
| keySize | keySize | SCEP Key Size. Possible values are: size1024, size2048, size4096. |
| hashAlgorithm | hashAlgorithms | SCEP Hash Algorithm. Possible values are: sha1, sha2. |
| extendedKeyUsages | extendedKeyUsage collection | Extended Key Usage (EKU) settings. This collection can contain a maximum of 500 elements. |
| subjectAlternativeNameFormatString | String | Custom String that defines the AAD Attribute. |
| certificateStore | certificateStore | Target store certificate. Possible values are: user, machine. |
| customSubjectAlternativeNames | customSubjectAlternativeName collection | Custom Subject Alternative Name Settings. This collection can contain a maximum of 500 elements. |
| allowAllAppsAccess | Boolean | AllowAllAppsAccess setting |
| deploymentChannel | appleDeploymentChannel | Indicates the deployment channel type used to deploy the configuration profile. Possible values are deviceChannel, userChannel. Possible values are: deviceChannel, userChannel, unknownFutureValue. |
Graph reference: macOSSoftwareUpdateAccountSummary
| Property | Type | Description |
|---|---|---|
| id | String | Key of the entity. |
| displayName | String | The name of the report |
| deviceId | String | The device ID. |
| userId | String | The user ID. |
| deviceName | String | The device name. |
| userPrincipalName | String | The user principal name |
| osVersion | String | The OS version. |
| successfulUpdateCount | Int32 | Number of successful updates on the device. |
| failedUpdateCount | Int32 | Number of failed updates on the device. |
| totalUpdateCount | Int32 | Number of total updates on the device. |
| lastUpdatedDateTime | DateTimeOffset | Last date time the report for this device was updated. |
Graph reference: macOSSoftwareUpdateCategorySummary
| Property | Type | Description |
|---|---|---|
| id | String | Key of the entity. |
| displayName | String | The name of the report |
| deviceId | String | The device ID. |
| userId | String | The user ID. |
| updateCategory | macOSSoftwareUpdateCategory | Software update type. Possible values are: critical, configurationDataFile, firmware, other. |
| successfulUpdateCount | Int32 | Number of successful updates on the device |
| failedUpdateCount | Int32 | Number of failed updates on the device |
| totalUpdateCount | Int32 | Number of total updates on the device |
| lastUpdatedDateTime | DateTimeOffset | Last date time the report for this device was updated. |
Graph reference: macOSSoftwareUpdateConfiguration
| Property | Type | Description |
|---|---|---|
| id | String | Key of the entity. Inherited from deviceConfiguration |
| lastModifiedDateTime | DateTimeOffset | DateTime the object was last modified. Inherited from deviceConfiguration |
| roleScopeTagIds | String collection | List of Scope Tags for this Entity instance. Inherited from deviceConfiguration |
| supportsScopeTags | Boolean | Indicates whether or not the underlying Device Configuration supports the assignment of scope tags. Assigning to the ScopeTags property is not allowed when this value is false and entities will not be visible to scoped users. This occurs for Legacy policies created in Silverlight and can be resolved by deleting and recreating the policy in the Azure Portal. This property is read-only. Inherited from deviceConfiguration |
| deviceManagementApplicabilityRuleOsEdition | deviceManagementApplicabilityRuleOsEdition | The OS edition applicability for this Policy. Inherited from deviceConfiguration |
| deviceManagementApplicabilityRuleOsVersion | deviceManagementApplicabilityRuleOsVersion | The OS version applicability rule for this Policy. Inherited from deviceConfiguration |
| deviceManagementApplicabilityRuleDeviceMode | deviceManagementApplicabilityRuleDeviceMode | The device mode applicability rule for this Policy. Inherited from deviceConfiguration |
| createdDateTime | DateTimeOffset | DateTime the object was created. Inherited from deviceConfiguration |
| description | String | Admin provided description of the Device Configuration. Inherited from deviceConfiguration |
| displayName | String | Admin provided name of the device configuration. Inherited from deviceConfiguration |
| version | Int32 | Version of the device configuration. Inherited from deviceConfiguration |
| criticalUpdateBehavior | macOSSoftwareUpdateBehavior | Update behavior for critical updates. Possible values are: notConfigured, default, downloadOnly, installASAP, notifyOnly, installLater. |
| configDataUpdateBehavior | macOSSoftwareUpdateBehavior | Update behavior for configuration data file updates. Possible values are: notConfigured, default, downloadOnly, installASAP, notifyOnly, installLater. |
| firmwareUpdateBehavior | macOSSoftwareUpdateBehavior | Update behavior for firmware updates. Possible values are: notConfigured, default, downloadOnly, installASAP, notifyOnly, installLater. |
| allOtherUpdateBehavior | macOSSoftwareUpdateBehavior | Update behavior for all other updates. Possible values are: notConfigured, default, downloadOnly, installASAP, notifyOnly, installLater. |
| updateScheduleType | macOSSoftwareUpdateScheduleType | Update schedule type. Possible values are: alwaysUpdate, updateDuringTimeWindows, updateOutsideOfTimeWindows. |
| customUpdateTimeWindows | customUpdateTimeWindow collection | Custom Time windows when updates will be allowed or blocked. This collection can contain a maximum of 20 elements. |
| updateTimeWindowUtcOffsetInMinutes | Int32 | Minutes indicating UTC offset for each update time window |
| maxUserDeferralsCount | Int32 | The maximum number of times the system allows the user to postpone an update before it’s installed. Supported values: 0 - 366. Valid values 0 to 365 |
| priority | macOSPriority | The scheduling priority for downloading and preparing the requested update. Default: Low. Possible values: Null, Low, High. Possible values are: low, high, unknownFutureValue. |
Graph reference: macOSSoftwareUpdateStateSummary
| Property | Type | Description |
|---|---|---|
| id | String | Key of the entity. |
| displayName | String | Human readable name of the software update |
| productKey | String | Product key of the software update. |
| updateCategory | macOSSoftwareUpdateCategory | Software update category. Possible values are: critical, configurationDataFile, firmware, other. |
| updateVersion | String | Version of the software update |
| state | macOSSoftwareUpdateState | State of the software update. Possible values are: success, downloading, downloaded, installing, idle, available, scheduled, downloadFailed, downloadInsufficientSpace, downloadInsufficientPower, downloadInsufficientNetwork, installInsufficientSpace, installInsufficientPower, installFailed, commandFailed. |
| lastUpdatedDateTime | DateTimeOffset | Last date time the report for this device and product key was updated. |
Graph reference: macOSTrustedRootCertificate
| Property | Type | Description |
|---|---|---|
| id | String | Key of the entity. Inherited from deviceConfiguration |
| lastModifiedDateTime | DateTimeOffset | DateTime the object was last modified. Inherited from deviceConfiguration |
| roleScopeTagIds | String collection | List of Scope Tags for this Entity instance. Inherited from deviceConfiguration |
| supportsScopeTags | Boolean | Indicates whether or not the underlying Device Configuration supports the assignment of scope tags. Assigning to the ScopeTags property is not allowed when this value is false and entities will not be visible to scoped users. This occurs for Legacy policies created in Silverlight and can be resolved by deleting and recreating the policy in the Azure Portal. This property is read-only. Inherited from deviceConfiguration |
| deviceManagementApplicabilityRuleOsEdition | deviceManagementApplicabilityRuleOsEdition | The OS edition applicability for this Policy. Inherited from deviceConfiguration |
| deviceManagementApplicabilityRuleOsVersion | deviceManagementApplicabilityRuleOsVersion | The OS version applicability rule for this Policy. Inherited from deviceConfiguration |
| deviceManagementApplicabilityRuleDeviceMode | deviceManagementApplicabilityRuleDeviceMode | The device mode applicability rule for this Policy. Inherited from deviceConfiguration |
| createdDateTime | DateTimeOffset | DateTime the object was created. Inherited from deviceConfiguration |
| description | String | Admin provided description of the Device Configuration. Inherited from deviceConfiguration |
| displayName | String | Admin provided name of the device configuration. Inherited from deviceConfiguration |
| version | Int32 | Version of the device configuration. Inherited from deviceConfiguration |
| trustedRootCertificate | Binary | Trusted Root Certificate. |
| certFileName | String | File name to display in UI. |
| deploymentChannel | appleDeploymentChannel | Indicates the deployment channel type used to deploy the configuration profile. Possible values are deviceChannel, userChannel. Possible values are: deviceChannel, userChannel, unknownFutureValue. |
Graph reference: macOSVpnConfiguration
| Property | Type | Description |
|---|---|---|
| id | String | Key of the entity. Inherited from deviceConfiguration |
| lastModifiedDateTime | DateTimeOffset | DateTime the object was last modified. Inherited from deviceConfiguration |
| roleScopeTagIds | String collection | List of Scope Tags for this Entity instance. Inherited from deviceConfiguration |
| supportsScopeTags | Boolean | Indicates whether or not the underlying Device Configuration supports the assignment of scope tags. Assigning to the ScopeTags property is not allowed when this value is false and entities will not be visible to scoped users. This occurs for Legacy policies created in Silverlight and can be resolved by deleting and recreating the policy in the Azure Portal. This property is read-only. Inherited from deviceConfiguration |
| deviceManagementApplicabilityRuleOsEdition | deviceManagementApplicabilityRuleOsEdition | The OS edition applicability for this Policy. Inherited from deviceConfiguration |
| deviceManagementApplicabilityRuleOsVersion | deviceManagementApplicabilityRuleOsVersion | The OS version applicability rule for this Policy. Inherited from deviceConfiguration |
| deviceManagementApplicabilityRuleDeviceMode | deviceManagementApplicabilityRuleDeviceMode | The device mode applicability rule for this Policy. Inherited from deviceConfiguration |
| createdDateTime | DateTimeOffset | DateTime the object was created. Inherited from deviceConfiguration |
| description | String | Admin provided description of the Device Configuration. Inherited from deviceConfiguration |
| displayName | String | Admin provided name of the device configuration. Inherited from deviceConfiguration |
| version | Int32 | Version of the device configuration. Inherited from deviceConfiguration |
| connectionName | String | Connection name displayed to the user. Inherited from appleVpnConfiguration |
| connectionType | appleVpnConnectionType | Connection type. Inherited from appleVpnConfiguration. Possible values are: ciscoAnyConnect, pulseSecure, f5EdgeClient, dellSonicWallMobileConnect, checkPointCapsuleVpn, customVpn, ciscoIPSec, citrix, ciscoAnyConnectV2, paloAltoGlobalProtect, zscalerPrivateAccess, f5Access2018, citrixSso, paloAltoGlobalProtectV2, ikEv2, alwaysOn, microsoftTunnel, netMotionMobility, microsoftProtect. |
| loginGroupOrDomain | String | Login group or domain when connection type is set to Dell SonicWALL Mobile Connection. Inherited from appleVpnConfiguration |
| role | String | Role when connection type is set to Pulse Secure. Inherited from appleVpnConfiguration |
| realm | String | Realm when connection type is set to Pulse Secure. Inherited from appleVpnConfiguration |
| server | vpnServer | VPN Server on the network. Make sure end users can access this network location. Inherited from appleVpnConfiguration |
| identifier | String | Identifier provided by VPN vendor when connection type is set to Custom VPN. For example: Cisco AnyConnect uses an identifier of the form com.cisco.anyconnect.applevpn.plugin Inherited from appleVpnConfiguration |
| customData | keyValue collection | Custom data when connection type is set to Custom VPN. Use this field to enable functionality not supported by Intune, but available in your VPN solution. Contact your VPN vendor to learn how to add these key/value pairs. This collection can contain a maximum of 25 elements. Inherited from appleVpnConfiguration |
| customKeyValueData | keyValuePair collection | Custom data when connection type is set to Custom VPN. Use this field to enable functionality not supported by Intune, but available in your VPN solution. Contact your VPN vendor to learn how to add these key/value pairs. This collection can contain a maximum of 25 elements. Inherited from appleVpnConfiguration |
| enableSplitTunneling | Boolean | Send all network traffic through VPN. Inherited from appleVpnConfiguration |
| authenticationMethod | vpnAuthenticationMethod | Authentication method for this VPN connection. Inherited from appleVpnConfiguration. Possible values are: certificate, usernameAndPassword, sharedSecret, derivedCredential, azureAD. |
| enablePerApp | Boolean | Setting this to true creates Per-App VPN payload which can later be associated with Apps that can trigger this VPN conneciton on the end user's iOS device. Inherited from appleVpnConfiguration |
| safariDomains | String collection | Safari domains when this VPN per App setting is enabled. In addition to the apps associated with this VPN, Safari domains specified here will also be able to trigger this VPN connection. Inherited from appleVpnConfiguration |
| onDemandRules | vpnOnDemandRule collection | On-Demand Rules. This collection can contain a maximum of 500 elements. Inherited from appleVpnConfiguration |
| providerType | vpnProviderType | Provider type for per-app VPN. Inherited from appleVpnConfiguration. Possible values are: notConfigured, appProxy, packetTunnel. |
| associatedDomains | String collection | Associated Domains Inherited from appleVpnConfiguration |
| excludedDomains | String collection | Domains that are accessed through the public internet instead of through VPN, even when per-app VPN is activated Inherited from appleVpnConfiguration |
| disableOnDemandUserOverride | Boolean | Toggle to prevent user from disabling automatic VPN in the Settings app Inherited from appleVpnConfiguration |
| disconnectOnIdle | Boolean | Whether to disconnect after on-demand connection idles Inherited from appleVpnConfiguration |
| disconnectOnIdleTimerInSeconds | Int32 | The length of time in seconds to wait before disconnecting an on-demand connection. Valid values 0 to 65535 Inherited from appleVpnConfiguration |
| proxyServer | vpnProxyServer | Proxy Server. Inherited from appleVpnConfiguration |
| optInToDeviceIdSharing | Boolean | Opt-In to sharing the device's Id to third-party vpn clients for use during network access control validation. Inherited from appleVpnConfiguration |
| deploymentChannel | appleDeploymentChannel | Indicates the deployment channel type used to deploy the configuration profile. Possible values are deviceChannel, userChannel. Possible values are: deviceChannel, userChannel, unknownFutureValue. |
Graph reference: macOSWiFiConfiguration
| Property | Type | Description |
|---|---|---|
| id | String | Key of the entity. Inherited from deviceConfiguration |
| lastModifiedDateTime | DateTimeOffset | DateTime the object was last modified. Inherited from deviceConfiguration |
| roleScopeTagIds | String collection | List of Scope Tags for this Entity instance. Inherited from deviceConfiguration |
| supportsScopeTags | Boolean | Indicates whether or not the underlying Device Configuration supports the assignment of scope tags. Assigning to the ScopeTags property is not allowed when this value is false and entities will not be visible to scoped users. This occurs for Legacy policies created in Silverlight and can be resolved by deleting and recreating the policy in the Azure Portal. This property is read-only. Inherited from deviceConfiguration |
| deviceManagementApplicabilityRuleOsEdition | deviceManagementApplicabilityRuleOsEdition | The OS edition applicability for this Policy. Inherited from deviceConfiguration |
| deviceManagementApplicabilityRuleOsVersion | deviceManagementApplicabilityRuleOsVersion | The OS version applicability rule for this Policy. Inherited from deviceConfiguration |
| deviceManagementApplicabilityRuleDeviceMode | deviceManagementApplicabilityRuleDeviceMode | The device mode applicability rule for this Policy. Inherited from deviceConfiguration |
| createdDateTime | DateTimeOffset | DateTime the object was created. Inherited from deviceConfiguration |
| description | String | Admin provided description of the Device Configuration. Inherited from deviceConfiguration |
| displayName | String | Admin provided name of the device configuration. Inherited from deviceConfiguration |
| version | Int32 | Version of the device configuration. Inherited from deviceConfiguration |
| networkName | String | Network Name |
| ssid | String | This is the name of the Wi-Fi network that is broadcast to all devices. |
| connectAutomatically | Boolean | Connect automatically when this network is in range. Setting this to true will skip the user prompt and automatically connect the device to Wi-Fi network. |
| connectWhenNetworkNameIsHidden | Boolean | Connect when the network is not broadcasting its name (SSID). When set to true, this profile forces the device to connect to a network that doesn't broadcast its SSID to all devices. |
| wiFiSecurityType | wiFiSecurityType | Indicates whether Wi-Fi endpoint uses an EAP based security type. Possible values are: open, wpaPersonal, wpaEnterprise, wep, wpa2Personal, wpa2Enterprise. |
| proxySettings | wiFiProxySetting | Proxy Type for this Wi-Fi connection. Possible values are: none, manual, automatic, unknownFutureValue. |
| proxyManualAddress | String | IP Address or DNS hostname of the proxy server when manual configuration is selected. |
| proxyManualPort | Int32 | Port of the proxy server when manual configuration is selected. |
| proxyAutomaticConfigurationUrl | String | URL of the proxy server automatic configuration script when automatic configuration is selected. This URL is typically the location of PAC (Proxy Auto Configuration) file. |
| deploymentChannel | appleDeploymentChannel | Indicates the deployment channel type used to deploy the configuration profile. Possible values are deviceChannel, userChannel. Possible values are: deviceChannel, userChannel, unknownFutureValue. |
| preSharedKey | String | This is the pre-shared key for WPA Personal Wi-Fi network. |
Graph reference: macOSWiredNetworkConfiguration
| Property | Type | Description |
|---|---|---|
| id | String | Key of the entity. Inherited from deviceConfiguration |
| lastModifiedDateTime | DateTimeOffset | DateTime the object was last modified. Inherited from deviceConfiguration |
| roleScopeTagIds | String collection | List of Scope Tags for this Entity instance. Inherited from deviceConfiguration |
| supportsScopeTags | Boolean | Indicates whether or not the underlying Device Configuration supports the assignment of scope tags. Assigning to the ScopeTags property is not allowed when this value is false and entities will not be visible to scoped users. This occurs for Legacy policies created in Silverlight and can be resolved by deleting and recreating the policy in the Azure Portal. This property is read-only. Inherited from deviceConfiguration |
| deviceManagementApplicabilityRuleOsEdition | deviceManagementApplicabilityRuleOsEdition | The OS edition applicability for this Policy. Inherited from deviceConfiguration |
| deviceManagementApplicabilityRuleOsVersion | deviceManagementApplicabilityRuleOsVersion | The OS version applicability rule for this Policy. Inherited from deviceConfiguration |
| deviceManagementApplicabilityRuleDeviceMode | deviceManagementApplicabilityRuleDeviceMode | The device mode applicability rule for this Policy. Inherited from deviceConfiguration |
| createdDateTime | DateTimeOffset | DateTime the object was created. Inherited from deviceConfiguration |
| description | String | Admin provided description of the Device Configuration. Inherited from deviceConfiguration |
| displayName | String | Admin provided name of the device configuration. Inherited from deviceConfiguration |
| version | Int32 | Version of the device configuration. Inherited from deviceConfiguration |
| networkName | String | Network Name |
| networkInterface | wiredNetworkInterface | Network interface. Possible values are: anyEthernet, firstActiveEthernet, secondActiveEthernet, thirdActiveEthernet, firstEthernet, secondEthernet, thirdEthernet. |
| eapType | eapType | Extensible Authentication Protocol (EAP). Indicates the type of EAP protocol set on the wired network. Possible values are: eapTls, leap, eapSim, eapTtls, peap, eapFast, teap. |
| eapFastConfiguration | eapFastConfiguration | EAP-FAST Configuration Option when EAP-FAST is the selected EAP Type. Possible values are: noProtectedAccessCredential, useProtectedAccessCredential, useProtectedAccessCredentialAndProvision, useProtectedAccessCredentialAndProvisionAnonymously. |
| trustedServerCertificateNames | String collection | Trusted server certificate names when EAP Type is configured to EAP-TLS/TTLS/FAST or PEAP. This is the common name used in the certificates issued by your trusted certificate authority (CA). If you provide this information, you can bypass the dynamic trust dialog that is displayed on end users devices when they connect to this wired network. |
| authenticationMethod | wiFiAuthenticationMethod | Authentication Method when EAP Type is configured to PEAP or EAP-TTLS. Possible values are: certificate, usernameAndPassword, derivedCredential. |
| nonEapAuthenticationMethodForEapTtls | nonEapAuthenticationMethodForEapTtlsType | Non-EAP Method for Authentication (Inner Identity) when EAP Type is EAP-TTLS and Authenticationmethod is Username and Password. Possible values are: unencryptedPassword, challengeHandshakeAuthenticationProtocol, microsoftChap, microsoftChapVersionTwo. |
| enableOuterIdentityPrivacy | String | Enable identity privacy (Outer Identity) when EAP Type is configured to EAP-TTLS, EAP-FAST or PEAP. This property masks usernames with the text you enter. For example, if you use 'anonymous', each user that authenticates with this wired network using their real username is displayed as 'anonymous'. |
| deploymentChannel | appleDeploymentChannel | Indicates the deployment channel type used to deploy the configuration profile. Possible values are deviceChannel, userChannel. Possible values are: deviceChannel, userChannel, unknownFutureValue. |
Graph reference: managedAllDeviceCertificateState
| Property | Type | Description |
|---|---|---|
| id | String | Key of the entity. |
| certificateRevokeStatus | certificateRevocationStatus | Revoke status. Possible values are: none, pending, issued, failed, revoked. |
| certificateRevokeStatusLastChangeDateTime | DateTimeOffset | The time the revoke status was last changed |
| managedDeviceDisplayName | String | Device display name |
| userPrincipalName | String | User principal name |
| certificateExpirationDateTime | DateTimeOffset | Certificate expiry date |
| certificateIssuerName | String | Issuer |
| certificateThumbprint | String | Thumbprint |
| certificateSerialNumber | String | Serial number |
| certificateSubjectName | String | Certificate subject name |
| certificateKeyUsages | Int32 | Key Usage |
| certificateExtendedKeyUsages | String | Enhanced Key Usage |
| certificateIssuanceDateTime | DateTimeOffset | Issuance date |
Graph reference: managedDeviceCertificateState
| Property | Type | Description |
|---|---|---|
| id | String | Key of the entity. |
| devicePlatform | devicePlatformType | Device platform. Possible values are: android, androidForWork, iOS, macOS, windowsPhone81, windows81AndLater, windows10AndLater, androidWorkProfile, unknown, androidAOSP, androidMobileApplicationManagement, iOSMobileApplicationManagement, unknownFutureValue, windowsMobileApplicationManagement. |
| certificateKeyUsage | keyUsages | Key usage. Possible values are: keyEncipherment, digitalSignature. |
| certificateValidityPeriodUnits | certificateValidityPeriodScale | Validity period units. Possible values are: days, months, years. |
| certificateIssuanceState | certificateIssuanceStates | Issuance State. Possible values are: unknown, challengeIssued, challengeIssueFailed, requestCreationFailed, requestSubmitFailed, challengeValidationSucceeded, challengeValidationFailed, issueFailed, issuePending, issued, responseProcessingFailed, responsePending, enrollmentSucceeded, enrollmentNotNeeded, revoked, removedFromCollection, renewVerified, installFailed, installed, deleteFailed, deleted, renewalRequested, requested. |
| certificateKeyStorageProvider | keyStorageProviderOption | Key Storage Provider. Possible values are: useTpmKspOtherwiseUseSoftwareKsp, useTpmKspOtherwiseFail, usePassportForWorkKspOtherwiseFail, useSoftwareKsp. |
| certificateSubjectNameFormat | subjectNameFormat | Subject name format. Possible values are: commonName, commonNameIncludingEmail, commonNameAsEmail, custom, commonNameAsIMEI, commonNameAsSerialNumber, commonNameAsAadDeviceId, commonNameAsIntuneDeviceId, commonNameAsDurableDeviceId. |
| certificateSubjectAlternativeNameFormat | subjectAlternativeNameType | Subject alternative name format. Possible values are: none, emailAddress, userPrincipalName, customAzureADAttribute, domainNameService, universalResourceIdentifier. |
| certificateRevokeStatus | certificateRevocationStatus | Revoke status. Possible values are: none, pending, issued, failed, revoked. |
| certificateProfileDisplayName | String | Certificate profile display name |
| deviceDisplayName | String | Device display name |
| userDisplayName | String | User display name |
| certificateExpirationDateTime | DateTimeOffset | Certificate expiry date |
| certificateLastIssuanceStateChangedDateTime | DateTimeOffset | Last certificate issuance state change |
| lastCertificateStateChangeDateTime | DateTimeOffset | Last certificate issuance state change |
| certificateIssuer | String | Issuer |
| certificateThumbprint | String | Thumbprint |
| certificateSerialNumber | String | Serial number |
| certificateKeyLength | Int32 | Key length |
| certificateEnhancedKeyUsage | String | Extended key usage |
| certificateValidityPeriod | Int32 | Validity period |
| certificateSubjectNameFormatString | String | Subject name format string for custom subject name formats |
| certificateSubjectAlternativeNameFormatString | String | Subject alternative name format string for custom formats |
| certificateIssuanceDateTime | DateTimeOffset | Issuance date |
| certificateErrorCode | Int32 | Error code |
Graph reference: managedDeviceEncryptionState
| Property | Type | Description |
|---|---|---|
| id | String | Key of the entity. |
| userPrincipalName | String | User name |
| deviceType | deviceTypes | Platform of the device. Possible values are: desktop, windowsRT, winMO6, nokia, windowsPhone, mac, winCE, winEmbedded, iPhone, iPad, iPod, android, iSocConsumer, unix, macMDM, holoLens, surfaceHub, androidForWork, androidEnterprise, blackberry, palm, unknown. |
| osVersion | String | Operating system version of the device |
| tpmSpecificationVersion | String | Device TPM Version |
| deviceName | String | Device name |
| encryptionReadinessState | encryptionReadinessState | Encryption readiness state. Possible values are: notReady, ready. |
| encryptionState | encryptionState | Device encryption state. Possible values are: notEncrypted, encrypted. |
| encryptionPolicySettingState | complianceStatus | Encryption policy setting state. Possible values are: unknown, notApplicable, compliant, remediated, nonCompliant, error, conflict, notAssigned. |
| advancedBitLockerStates | advancedBitLockerState | Advanced BitLocker State. Possible values are: success, noUserConsent, osVolumeUnprotected, osVolumeTpmRequired, osVolumeTpmOnlyRequired, osVolumeTpmPinRequired, osVolumeTpmStartupKeyRequired, osVolumeTpmPinStartupKeyRequired, osVolumeEncryptionMethodMismatch, recoveryKeyBackupFailed, fixedDriveNotEncrypted, fixedDriveEncryptionMethodMismatch, loggedOnUserNonAdmin, windowsRecoveryEnvironmentNotConfigured, tpmNotAvailable, tpmNotReady, networkError. |
| fileVaultStates | fileVaultState | FileVault State. Possible values are: success, driveEncryptedByUser, userDeferredEncryption, escrowNotEnabled. |
| policyDetails | encryptionReportPolicyDetails collection | Policy Details |
Graph reference: managementFeatureProjectDetail
| Property | Type | Description |
|---|---|---|
| projectName | String | Flighting V2 project name |
| featureFlights | managementFeatureFlightDetail collection | List containing feature flighting details in the project |
Graph reference: ndesConnector
| Property | Type | Description |
|---|---|---|
| id | String | The key of the NDES Connector. |
| lastConnectionDateTime | DateTimeOffset | Last connection time for the Ndes Connector |
| state | ndesConnectorState | Ndes Connector Status. Possible values are: none, active, inactive. |
| displayName | String | The friendly name of the Ndes Connector. |
| machineName | String | Name of the machine running on-prem certificate connector service. |
| enrolledDateTime | DateTimeOffset | Timestamp when on-prem certificate connector was enrolled in Intune. |
| roleScopeTagIds | String collection | List of Scope Tags for this Entity instance. |
| connectorVersion | String | The build version of the Ndes Connector. |
Graph reference: report
| Property | Type | Description |
|---|---|---|
| content | Stream | Not yet documented |
Graph reference: reportRoot
| Property | Type | Description |
|---|---|---|
| id | String | The unique identifier for this entity. |
Graph reference: restrictedAppsViolation
| Property | Type | Description |
|---|---|---|
| id | String | Unique identifier for the object. Composed from accountId, deviceId, policyId and userId |
| userId | String | User unique identifier, must be Guid |
| userName | String | User name |
| managedDeviceId | String | Managed device unique identifier, must be Guid |
| deviceName | String | Device name |
| deviceConfigurationId | String | Device configuration profile unique identifier, must be Guid |
| deviceConfigurationName | String | Device configuration profile name |
| platformType | policyPlatformType | Platform type. Possible values are: android, androidForWork, iOS, macOS, windowsPhone81, windows81AndLater, windows10AndLater, androidWorkProfile, windows10XProfile, androidAOSP, linux, all. |
| restrictedAppsState | restrictedAppsState | Restricted apps state. Possible values are: prohibitedApps, notApprovedApps. |
| restrictedApps | managedDeviceReportedApp collection | List of violated restricted apps |
Graph reference: retireScheduledManagedDevice
| Property | Type | Description |
|---|---|---|
| id | String | Key of the entity. |
| managedDeviceId | String | Managed DeviceId |
| managedDeviceName | String | Managed Device Name |
| deviceType | deviceType | Managed Device Device Type. Possible values are: desktop, windowsRT, winMO6, nokia, windowsPhone, mac, winCE, winEmbedded, iPhone, iPad, iPod, android, iSocConsumer, unix, macMDM, holoLens, surfaceHub, androidForWork, androidEnterprise, windows10x, androidnGMS, chromeOS, linux, blackberry, palm, unknown, cloudPC. |
| complianceState | complianceStatus | Managed Device ComplianceStatus. Possible values are: unknown, notApplicable, compliant, remediated, nonCompliant, error, conflict, notAssigned. |
| retireAfterDateTime | DateTimeOffset | Managed Device Retire After DateTime |
| managementAgent | managementAgentType | Managed Device ManagementAgentType. Possible values are: eas, mdm, easMdm, intuneClient, easIntuneClient, configurationManagerClient, configurationManagerClientMdm, configurationManagerClientMdmEas, unknown, jamf, googleCloudDevicePolicyController, microsoft365ManagedMdm, msSense, intuneAosp, google, unknownFutureValue. |
| ownerType | managedDeviceOwnerType | Managed Device ManagedDeviceOwnerType. Possible values are: unknown, company, personal. |
| deviceCompliancePolicyName | String | Device Compliance Policy Name |
| deviceCompliancePolicyId | String | Device Compliance PolicyId |
| roleScopeTagIds | String collection | List of Scope Tags for this Entity instance. |
Graph reference: settingStateDeviceSummary
| Property | Type | Description |
|---|---|---|
| id | String | Key of the entity. |
| settingName | String | Name of the setting |
| instancePath | String | Name of the InstancePath for the setting |
| unknownDeviceCount | Int32 | Device Unkown count for the setting |
| notApplicableDeviceCount | Int32 | Device Not Applicable count for the setting |
| compliantDeviceCount | Int32 | Device Compliant count for the setting |
| remediatedDeviceCount | Int32 | Device Compliant count for the setting |
| nonCompliantDeviceCount | Int32 | Device NonCompliant count for the setting |
| errorDeviceCount | Int32 | Device error count for the setting |
| conflictDeviceCount | Int32 | Device conflict error count for the setting |
Graph reference: sharedPCConfiguration
| Property | Type | Description |
|---|---|---|
| id | String | Key of the entity. Inherited from deviceConfiguration |
| lastModifiedDateTime | DateTimeOffset | DateTime the object was last modified. Inherited from deviceConfiguration |
| createdDateTime | DateTimeOffset | DateTime the object was created. Inherited from deviceConfiguration |
| description | String | Admin provided description of the Device Configuration. Inherited from deviceConfiguration |
| displayName | String | Admin provided name of the device configuration. Inherited from deviceConfiguration |
| version | Int32 | Version of the device configuration. Inherited from deviceConfiguration |
| accountManagerPolicy | sharedPCAccountManagerPolicy | Specifies how accounts are managed on a shared PC. Only applies when disableAccountManager is false. |
| allowedAccounts | sharedPCAllowedAccountType | Indicates which type of accounts are allowed to use on a shared PC. Possible values are: guest, domain. |
| allowLocalStorage | Boolean | Specifies whether local storage is allowed on a shared PC. |
| disableAccountManager | Boolean | Disables the account manager for shared PC mode. |
| disableEduPolicies | Boolean | Specifies whether the default shared PC education environment policies should be disabled. For Windows 10 RS2 and later, this policy will be applied without setting Enabled to true. |
| disablePowerPolicies | Boolean | Specifies whether the default shared PC power policies should be disabled. |
| disableSignInOnResume | Boolean | Disables the requirement to sign in whenever the device wakes up from sleep mode. |
| enabled | Boolean | Enables shared PC mode and applies the shared pc policies. |
| idleTimeBeforeSleepInSeconds | Int32 | Specifies the time in seconds that a device must sit idle before the PC goes to sleep. Setting this value to 0 prevents the sleep timeout from occurring. |
| kioskAppDisplayName | String | Specifies the display text for the account shown on the sign-in screen which launches the app specified by SetKioskAppUserModelId. Only applies when KioskAppUserModelId is set. |
| kioskAppUserModelId | String | Specifies the application user model ID of the app to use with assigned access. |
| maintenanceStartTime | TimeOfDay | Specifies the daily start time of maintenance hour. |
Graph reference: softwareUpdateStatusSummary
| Property | Type | Description |
|---|---|---|
| id | String | Key of the entity. |
| displayName | String | The name of the policy. |
| compliantDeviceCount | Int32 | Number of compliant devices. |
| nonCompliantDeviceCount | Int32 | Number of non compliant devices. |
| remediatedDeviceCount | Int32 | Number of remediated devices. |
| errorDeviceCount | Int32 | Number of devices had error. |
| unknownDeviceCount | Int32 | Number of unknown devices. |
| conflictDeviceCount | Int32 | Number of conflict devices. |
| notApplicableDeviceCount | Int32 | Number of not applicable devices. |
| compliantUserCount | Int32 | Number of compliant users. |
| nonCompliantUserCount | Int32 | Number of non compliant users. |
| remediatedUserCount | Int32 | Number of remediated users. |
| errorUserCount | Int32 | Number of users had error. |
| unknownUserCount | Int32 | Number of unknown users. |
| conflictUserCount | Int32 | Number of conflict users. |
| notApplicableUserCount | Int32 | Number of not applicable users. |
Graph reference: unsupportedDeviceConfiguration
| Property | Type | Description |
|---|---|---|
| id | String | Key of the entity. Inherited from deviceConfiguration |
| lastModifiedDateTime | DateTimeOffset | DateTime the object was last modified. Inherited from deviceConfiguration |
| roleScopeTagIds | String collection | List of Scope Tags for this Entity instance. Inherited from deviceConfiguration |
| supportsScopeTags | Boolean | Indicates whether or not the underlying Device Configuration supports the assignment of scope tags. Assigning to the ScopeTags property is not allowed when this value is false and entities will not be visible to scoped users. This occurs for Legacy policies created in Silverlight and can be resolved by deleting and recreating the policy in the Azure Portal. This property is read-only. Inherited from deviceConfiguration |
| deviceManagementApplicabilityRuleOsEdition | deviceManagementApplicabilityRuleOsEdition | The OS edition applicability for this Policy. Inherited from deviceConfiguration |
| deviceManagementApplicabilityRuleOsVersion | deviceManagementApplicabilityRuleOsVersion | The OS version applicability rule for this Policy. Inherited from deviceConfiguration |
| deviceManagementApplicabilityRuleDeviceMode | deviceManagementApplicabilityRuleDeviceMode | The device mode applicability rule for this Policy. Inherited from deviceConfiguration |
| createdDateTime | DateTimeOffset | DateTime the object was created. Inherited from deviceConfiguration |
| description | String | Admin provided description of the Device Configuration. Inherited from deviceConfiguration |
| displayName | String | Admin provided name of the device configuration. Inherited from deviceConfiguration |
| version | Int32 | Version of the device configuration. Inherited from deviceConfiguration |
| originalEntityTypeName | String | The type of entity that would be returned otherwise. |
| details | unsupportedDeviceConfigurationDetail collection | Details describing why the entity is unsupported. This collection can contain a maximum of 1000 elements. |
Graph reference: vpnConfiguration
| Property | Type | Description |
|---|---|---|
| id | String | Key of the entity. Inherited from deviceConfiguration |
| lastModifiedDateTime | DateTimeOffset | DateTime the object was last modified. Inherited from deviceConfiguration |
| roleScopeTagIds | String collection | List of Scope Tags for this Entity instance. Inherited from deviceConfiguration |
| supportsScopeTags | Boolean | Indicates whether or not the underlying Device Configuration supports the assignment of scope tags. Assigning to the ScopeTags property is not allowed when this value is false and entities will not be visible to scoped users. This occurs for Legacy policies created in Silverlight and can be resolved by deleting and recreating the policy in the Azure Portal. This property is read-only. Inherited from deviceConfiguration |
| deviceManagementApplicabilityRuleOsEdition | deviceManagementApplicabilityRuleOsEdition | The OS edition applicability for this Policy. Inherited from deviceConfiguration |
| deviceManagementApplicabilityRuleOsVersion | deviceManagementApplicabilityRuleOsVersion | The OS version applicability rule for this Policy. Inherited from deviceConfiguration |
| deviceManagementApplicabilityRuleDeviceMode | deviceManagementApplicabilityRuleDeviceMode | The device mode applicability rule for this Policy. Inherited from deviceConfiguration |
| createdDateTime | DateTimeOffset | DateTime the object was created. Inherited from deviceConfiguration |
| description | String | Admin provided description of the Device Configuration. Inherited from deviceConfiguration |
| displayName | String | Admin provided name of the device configuration. Inherited from deviceConfiguration |
| version | Int32 | Version of the device configuration. Inherited from deviceConfiguration |
| authenticationMethod | vpnAuthenticationMethod | Authentication method. Possible values are: certificate, usernameAndPassword, sharedSecret, derivedCredential, azureAD. |
| connectionName | String | Connection name displayed to the user. |
| role | String | Role when connection type is set to Pulse Secure. |
| realm | String | Realm when connection type is set to Pulse Secure. |
| servers | vpnServer collection | List of VPN Servers on the network. Make sure end users can access these network locations. This collection can contain a maximum of 500 elements. |
Graph reference: windows10CertificateProfileBase
| Property | Type | Description |
|---|---|---|
| id | String | Key of the entity. Inherited from deviceConfiguration |
| lastModifiedDateTime | DateTimeOffset | DateTime the object was last modified. Inherited from deviceConfiguration |
| roleScopeTagIds | String collection | List of Scope Tags for this Entity instance. Inherited from deviceConfiguration |
| supportsScopeTags | Boolean | Indicates whether or not the underlying Device Configuration supports the assignment of scope tags. Assigning to the ScopeTags property is not allowed when this value is false and entities will not be visible to scoped users. This occurs for Legacy policies created in Silverlight and can be resolved by deleting and recreating the policy in the Azure Portal. This property is read-only. Inherited from deviceConfiguration |
| deviceManagementApplicabilityRuleOsEdition | deviceManagementApplicabilityRuleOsEdition | The OS edition applicability for this Policy. Inherited from deviceConfiguration |
| deviceManagementApplicabilityRuleOsVersion | deviceManagementApplicabilityRuleOsVersion | The OS version applicability rule for this Policy. Inherited from deviceConfiguration |
| deviceManagementApplicabilityRuleDeviceMode | deviceManagementApplicabilityRuleDeviceMode | The device mode applicability rule for this Policy. Inherited from deviceConfiguration |
| createdDateTime | DateTimeOffset | DateTime the object was created. Inherited from deviceConfiguration |
| description | String | Admin provided description of the Device Configuration. Inherited from deviceConfiguration |
| displayName | String | Admin provided name of the device configuration. Inherited from deviceConfiguration |
| version | Int32 | Version of the device configuration. Inherited from deviceConfiguration |
| renewalThresholdPercentage | Int32 | Certificate renewal threshold percentage. Valid values 1 to 99 Inherited from windowsCertificateProfileBase |
| keyStorageProvider | keyStorageProviderOption | Key Storage Provider (KSP) Inherited from windowsCertificateProfileBase. Possible values are: useTpmKspOtherwiseUseSoftwareKsp, useTpmKspOtherwiseFail, usePassportForWorkKspOtherwiseFail, useSoftwareKsp. |
| subjectNameFormat | subjectNameFormat | Certificate Subject Name Format Inherited from windowsCertificateProfileBase. Possible values are: commonName, commonNameIncludingEmail, commonNameAsEmail, custom, commonNameAsIMEI, commonNameAsSerialNumber, commonNameAsAadDeviceId, commonNameAsIntuneDeviceId, commonNameAsDurableDeviceId. |
| subjectAlternativeNameType | subjectAlternativeNameType | Certificate Subject Alternative Name Type Inherited from windowsCertificateProfileBase. Possible values are: none, emailAddress, userPrincipalName, customAzureADAttribute, domainNameService, universalResourceIdentifier. |
| certificateValidityPeriodValue | Int32 | Value for the Certificate Validity Period Inherited from windowsCertificateProfileBase |
| certificateValidityPeriodScale | certificateValidityPeriodScale | Scale for the Certificate Validity Period Inherited from windowsCertificateProfileBase. Possible values are: days, months, years. |
Graph reference: windows10CompliancePolicy
| Property | Type | Description |
|---|---|---|
| id | String | Key of the entity. Inherited from deviceCompliancePolicy |
| createdDateTime | DateTimeOffset | DateTime the object was created. Inherited from deviceCompliancePolicy |
| description | String | Admin provided description of the Device Configuration. Inherited from deviceCompliancePolicy |
| lastModifiedDateTime | DateTimeOffset | DateTime the object was last modified. Inherited from deviceCompliancePolicy |
| displayName | String | Admin provided name of the device configuration. Inherited from deviceCompliancePolicy |
| version | Int32 | Version of the device configuration. Inherited from deviceCompliancePolicy |
| passwordRequired | Boolean | Require a password to unlock Windows device. |
| passwordBlockSimple | Boolean | Indicates whether or not to block simple password. |
| passwordRequiredToUnlockFromIdle | Boolean | Require a password to unlock an idle device. |
| passwordMinutesOfInactivityBeforeLock | Int32 | Minutes of inactivity before a password is required. |
| passwordExpirationDays | Int32 | The password expiration in days. |
| passwordMinimumLength | Int32 | The minimum password length. |
| passwordMinimumCharacterSetCount | Int32 | The number of character sets required in the password. |
| passwordRequiredType | requiredPasswordType | The required password type. Possible values are: deviceDefault, alphanumeric, numeric. |
| passwordPreviousPasswordBlockCount | Int32 | The number of previous passwords to prevent re-use of. |
| requireHealthyDeviceReport | Boolean | Require devices to be reported as healthy by Windows Device Health Attestation. |
| osMinimumVersion | String | Minimum Windows 10 version. |
| osMaximumVersion | String | Maximum Windows 10 version. |
| mobileOsMinimumVersion | String | Minimum Windows Phone version. |
| mobileOsMaximumVersion | String | Maximum Windows Phone version. |
| earlyLaunchAntiMalwareDriverEnabled | Boolean | Require devices to be reported as healthy by Windows Device Health Attestation - early launch antimalware driver is enabled. |
| bitLockerEnabled | Boolean | Require devices to be reported healthy by Windows Device Health Attestation - bit locker is enabled |
| secureBootEnabled | Boolean | Require devices to be reported as healthy by Windows Device Health Attestation - secure boot is enabled. |
| codeIntegrityEnabled | Boolean | Require devices to be reported as healthy by Windows Device Health Attestation. |
| storageRequireEncryption | Boolean | Require encryption on windows devices. |
Graph reference: windows10CustomConfiguration
| Property | Type | Description |
|---|---|---|
| id | String | Key of the entity. Inherited from deviceConfiguration |
| lastModifiedDateTime | DateTimeOffset | DateTime the object was last modified. Inherited from deviceConfiguration |
| createdDateTime | DateTimeOffset | DateTime the object was created. Inherited from deviceConfiguration |
| description | String | Admin provided description of the Device Configuration. Inherited from deviceConfiguration |
| displayName | String | Admin provided name of the device configuration. Inherited from deviceConfiguration |
| version | Int32 | Version of the device configuration. Inherited from deviceConfiguration |
| omaSettings | omaSetting collection | OMA settings. This collection can contain a maximum of 1000 elements. |
Graph reference: windows10DeviceFirmwareConfigurationInterface
| Property | Type | Description |
|---|---|---|
| id | String | Key of the entity. Inherited from deviceConfiguration |
| lastModifiedDateTime | DateTimeOffset | DateTime the object was last modified. Inherited from deviceConfiguration |
| roleScopeTagIds | String collection | List of Scope Tags for this Entity instance. Inherited from deviceConfiguration |
| supportsScopeTags | Boolean | Indicates whether or not the underlying Device Configuration supports the assignment of scope tags. Assigning to the ScopeTags property is not allowed when this value is false and entities will not be visible to scoped users. This occurs for Legacy policies created in Silverlight and can be resolved by deleting and recreating the policy in the Azure Portal. This property is read-only. Inherited from deviceConfiguration |
| deviceManagementApplicabilityRuleOsEdition | deviceManagementApplicabilityRuleOsEdition | The OS edition applicability for this Policy. Inherited from deviceConfiguration |
| deviceManagementApplicabilityRuleOsVersion | deviceManagementApplicabilityRuleOsVersion | The OS version applicability rule for this Policy. Inherited from deviceConfiguration |
| deviceManagementApplicabilityRuleDeviceMode | deviceManagementApplicabilityRuleDeviceMode | The device mode applicability rule for this Policy. Inherited from deviceConfiguration |
| createdDateTime | DateTimeOffset | DateTime the object was created. Inherited from deviceConfiguration |
| description | String | Admin provided description of the Device Configuration. Inherited from deviceConfiguration |
| displayName | String | Admin provided name of the device configuration. Inherited from deviceConfiguration |
| version | Int32 | Version of the device configuration. Inherited from deviceConfiguration |
| changeUefiSettingsPermission | changeUefiSettingsPermission | Defines the permission level granted to users to change UEFI settings. Possible values are: notConfiguredOnly, none. |
| virtualizationOfCpuAndIO | enablement | Defines whether CPU and IO virtualization is enabled. Possible values are: notConfigured, enabled, disabled. |
| cameras | enablement | Defines whether built-in cameras are enabled. Possible values are: notConfigured, enabled, disabled. |
| microphonesAndSpeakers | enablement | Defines whether built-in microphones or speakers are enabled. Possible values are: notConfigured, enabled, disabled. |
| radios | enablement | Defines whether built-in radios e.g. WIFI, NFC, Bluetooth, are enabled. Possible values are: notConfigured, enabled, disabled. |
| bootFromExternalMedia | enablement | Defines whether a user is allowed to boot from external media. Possible values are: notConfigured, enabled, disabled. |
| bootFromBuiltInNetworkAdapters | enablement | Defines whether a user is allowed to boot from built-in network adapters. Possible values are: notConfigured, enabled, disabled. |
| windowsPlatformBinaryTable | enablement | Defines whether a user is allowed to enable Windows Platform Binary Table. Possible values are: notConfigured, enabled, disabled. |
| simultaneousMultiThreading | enablement | Defines whether a user is allowed to enable Simultaneous MultiThreading. Possible values are: notConfigured, enabled, disabled. |
| frontCamera | enablement | Defines whether a user is allowed to enable Front Camera. Possible values are: notConfigured, enabled, disabled. |
| rearCamera | enablement | Defines whether a user is allowed to enable rear camera. Possible values are: notConfigured, enabled, disabled. |
| infraredCamera | enablement | Defines whether a user is allowed to enable Infrared camera. Possible values are: notConfigured, enabled, disabled. |
| microphone | enablement | Defines whether a user is allowed to enable Microphone. Possible values are: notConfigured, enabled, disabled. |
| bluetooth | enablement | Defines whether a user is allowed to enable Bluetooth. Possible values are: notConfigured, enabled, disabled. |
| wirelessWideAreaNetwork | enablement | Defines whether a user is allowed to enable Wireless Wide Area Network. Possible values are: notConfigured, enabled, disabled. |
| nearFieldCommunication | enablement | Defines whether a user is allowed to enable Near Field Communication. Possible values are: notConfigured, enabled, disabled. |
| wiFi | enablement | Defines whether a user is allowed to enable WiFi. Possible values are: notConfigured, enabled, disabled. |
| usbTypeAPort | enablement | Defines whether a user is allowed to enable USB Type A Port. Possible values are: notConfigured, enabled, disabled. |
| sdCard | enablement | Defines whether a user is allowed to enable SD Card Port. Possible values are: notConfigured, enabled, disabled. |
| wakeOnLAN | enablement | Defines whether a user is allowed to enable Wake on LAN. Possible values are: notConfigured, enabled, disabled. |
| wakeOnPower | enablement | Defines whether a user is allowed to enable Wake On Power. Possible values are: notConfigured, enabled, disabled. |
Graph reference: windows10EasEmailProfileConfiguration
| Property | Type | Description |
|---|---|---|
| id | String | Key of the entity. Inherited from deviceConfiguration |
| lastModifiedDateTime | DateTimeOffset | DateTime the object was last modified. Inherited from deviceConfiguration |
| roleScopeTagIds | String collection | List of Scope Tags for this Entity instance. Inherited from deviceConfiguration |
| supportsScopeTags | Boolean | Indicates whether or not the underlying Device Configuration supports the assignment of scope tags. Assigning to the ScopeTags property is not allowed when this value is false and entities will not be visible to scoped users. This occurs for Legacy policies created in Silverlight and can be resolved by deleting and recreating the policy in the Azure Portal. This property is read-only. Inherited from deviceConfiguration |
| deviceManagementApplicabilityRuleOsEdition | deviceManagementApplicabilityRuleOsEdition | The OS edition applicability for this Policy. Inherited from deviceConfiguration |
| deviceManagementApplicabilityRuleOsVersion | deviceManagementApplicabilityRuleOsVersion | The OS version applicability rule for this Policy. Inherited from deviceConfiguration |
| deviceManagementApplicabilityRuleDeviceMode | deviceManagementApplicabilityRuleDeviceMode | The device mode applicability rule for this Policy. Inherited from deviceConfiguration |
| createdDateTime | DateTimeOffset | DateTime the object was created. Inherited from deviceConfiguration |
| description | String | Admin provided description of the Device Configuration. Inherited from deviceConfiguration |
| displayName | String | Admin provided name of the device configuration. Inherited from deviceConfiguration |
| version | Int32 | Version of the device configuration. Inherited from deviceConfiguration |
| usernameSource | userEmailSource | Username attribute that is picked from AAD and injected into this profile before installing on the device. Inherited from easEmailProfileConfigurationBase. Possible values are: userPrincipalName, primarySmtpAddress. |
| usernameAADSource | usernameSource | Name of the AAD field, that will be used to retrieve UserName for email profile. Inherited from easEmailProfileConfigurationBase. Possible values are: userPrincipalName, primarySmtpAddress, samAccountName. |
| userDomainNameSource | domainNameSource | UserDomainname attribute that is picked from AAD and injected into this profile before installing on the device. Inherited from easEmailProfileConfigurationBase. Possible values are: fullDomainName, netBiosDomainName. |
| customDomainName | String | Custom domain name value used while generating an email profile before installing on the device. Inherited from easEmailProfileConfigurationBase |
| accountName | String | Account name. |
| syncCalendar | Boolean | Whether or not to sync the calendar. |
| syncContacts | Boolean | Whether or not to sync contacts. |
| syncTasks | Boolean | Whether or not to sync tasks. |
| durationOfEmailToSync | emailSyncDuration | Duration of email to sync. Possible values are: userDefined, oneDay, threeDays, oneWeek, twoWeeks, oneMonth, unlimited. |
| emailAddressSource | userEmailSource | Email attribute that is picked from AAD and injected into this profile before installing on the device. Possible values are: userPrincipalName, primarySmtpAddress. |
| emailSyncSchedule | emailSyncSchedule | Email sync schedule. Possible values are: userDefined, asMessagesArrive, manual, fifteenMinutes, thirtyMinutes, sixtyMinutes, basedOnMyUsage. |
| hostName | String | Exchange location that (URL) that the native mail app connects to. |
| requireSsl | Boolean | Indicates whether or not to use SSL. |
Graph reference: windows10EndpointProtectionConfiguration
| Property | Type | Description |
|---|---|---|
| id | String | Key of the entity. Inherited from deviceConfiguration |
| lastModifiedDateTime | DateTimeOffset | DateTime the object was last modified. Inherited from deviceConfiguration |
| createdDateTime | DateTimeOffset | DateTime the object was created. Inherited from deviceConfiguration |
| description | String | Admin provided description of the Device Configuration. Inherited from deviceConfiguration |
| displayName | String | Admin provided name of the device configuration. Inherited from deviceConfiguration |
| version | Int32 | Version of the device configuration. Inherited from deviceConfiguration |
| firewallBlockStatefulFTP | Boolean | Blocks stateful FTP connections to the device |
| firewallIdleTimeoutForSecurityAssociationInSeconds | Int32 | Configures the idle timeout for security associations, in seconds, from 300 to 3600 inclusive. This is the period after which security associations will expire and be deleted. Valid values 300 to 3600 |
| firewallPreSharedKeyEncodingMethod | firewallPreSharedKeyEncodingMethodType | Select the preshared key encoding to be used. Possible values are: deviceDefault, none, utF8. |
| firewallIPSecExemptionsAllowNeighborDiscovery | Boolean | Configures IPSec exemptions to allow neighbor discovery IPv6 ICMP type-codes |
| firewallIPSecExemptionsAllowICMP | Boolean | Configures IPSec exemptions to allow ICMP |
| firewallIPSecExemptionsAllowRouterDiscovery | Boolean | Configures IPSec exemptions to allow router discovery IPv6 ICMP type-codes |
| firewallIPSecExemptionsAllowDHCP | Boolean | Configures IPSec exemptions to allow both IPv4 and IPv6 DHCP traffic |
| firewallCertificateRevocationListCheckMethod | firewallCertificateRevocationListCheckMethodType | Specify how the certificate revocation list is to be enforced. Possible values are: deviceDefault, none, attempt, require. |
| firewallMergeKeyingModuleSettings | Boolean | If an authentication set is not fully supported by a keying module, direct the module to ignore only unsupported authentication suites rather than the entire set |
| firewallPacketQueueingMethod | firewallPacketQueueingMethodType | Configures how packet queueing should be applied in the tunnel gateway scenario. Possible values are: deviceDefault, disabled, queueInbound, queueOutbound, queueBoth. |
| firewallProfileDomain | windowsFirewallNetworkProfile | Configures the firewall profile settings for domain networks |
| firewallProfilePublic | windowsFirewallNetworkProfile | Configures the firewall profile settings for public networks |
| firewallProfilePrivate | windowsFirewallNetworkProfile | Configures the firewall profile settings for private networks |
| defenderAttackSurfaceReductionExcludedPaths | String collection | List of exe files and folders to be excluded from attack surface reduction rules |
| defenderGuardedFoldersAllowedAppPaths | String collection | List of paths to exe that are allowed to access protected folders |
| defenderAdditionalGuardedFolders | String collection | List of folder paths to be added to the list of protected folders |
| defenderExploitProtectionXml | Binary | Xml content containing information regarding exploit protection details. |
| defenderExploitProtectionXmlFileName | String | Name of the file from which DefenderExploitProtectionXml was obtained. |
| defenderSecurityCenterBlockExploitProtectionOverride | Boolean | Indicates whether or not to block user from overriding Exploit Protection settings. |
| appLockerApplicationControl | appLockerApplicationControlType | Enables the Admin to choose what types of app to allow on devices. Possible values are: notConfigured, enforceComponentsAndStoreApps, auditComponentsAndStoreApps, enforceComponentsStoreAppsAndSmartlocker, auditComponentsStoreAppsAndSmartlocker. |
| smartScreenEnableInShell | Boolean | Allows IT Admins to configure SmartScreen for Windows. |
| smartScreenBlockOverrideForFiles | Boolean | Allows IT Admins to control whether users can can ignore SmartScreen warnings and run malicious files. |
| applicationGuardEnabled | Boolean | Enable Windows Defender Application Guard |
| applicationGuardBlockFileTransfer | applicationGuardBlockFileTransferType | Block clipboard to transfer image file, text file or neither of them. Possible values are: notConfigured, blockImageAndTextFile, blockImageFile, blockNone, blockTextFile. |
| applicationGuardBlockNonEnterpriseContent | Boolean | Block enterprise sites to load non-enterprise content, such as third party plug-ins |
| applicationGuardAllowPersistence | Boolean | Allow persisting user generated data inside the App Guard Containter (favorites, cookies, web passwords, etc.) |
| applicationGuardForceAuditing | Boolean | Force auditing will persist Windows logs and events to meet security/compliance criteria (sample events are user login-logoff, use of privilege rights, software installation, system changes, etc.) |
| applicationGuardBlockClipboardSharing | applicationGuardBlockClipboardSharingType | Block clipboard to share data from Host to Container, or from Container to Host, or both ways, or neither ways. Possible values are: notConfigured, blockBoth, blockHostToContainer, blockContainerToHost, blockNone. |
| applicationGuardAllowPrintToPDF | Boolean | Allow printing to PDF from Container |
| applicationGuardAllowPrintToXPS | Boolean | Allow printing to XPS from Container |
| applicationGuardAllowPrintToLocalPrinters | Boolean | Allow printing to Local Printers from Container |
| applicationGuardAllowPrintToNetworkPrinters | Boolean | Allow printing to Network Printers from Container |
| bitLockerDisableWarningForOtherDiskEncryption | Boolean | Allows the Admin to disable the warning prompt for other disk encryption on the user machines. |
| bitLockerEnableStorageCardEncryptionOnMobile | Boolean | Allows the admin to require encryption to be turned on using BitLocker. This policy is valid only for a mobile SKU. |
| bitLockerEncryptDevice | Boolean | Allows the admin to require encryption to be turned on using BitLocker. |
| bitLockerRemovableDrivePolicy | bitLockerRemovableDrivePolicy | BitLocker Removable Drive Policy. |
Graph reference: windows10EnterpriseModernAppManagementConfiguration
| Property | Type | Description |
|---|---|---|
| id | String | Key of the entity. Inherited from deviceConfiguration |
| lastModifiedDateTime | DateTimeOffset | DateTime the object was last modified. Inherited from deviceConfiguration |
| createdDateTime | DateTimeOffset | DateTime the object was created. Inherited from deviceConfiguration |
| description | String | Admin provided description of the Device Configuration. Inherited from deviceConfiguration |
| displayName | String | Admin provided name of the device configuration. Inherited from deviceConfiguration |
| version | Int32 | Version of the device configuration. Inherited from deviceConfiguration |
| uninstallBuiltInApps | Boolean | Indicates whether or not to uninstall a fixed list of built-in Windows apps. |
Graph reference: windows10GeneralConfiguration
| Property | Type | Description |
|---|---|---|
| id | String | Key of the entity. Inherited from deviceConfiguration |
| lastModifiedDateTime | DateTimeOffset | DateTime the object was last modified. Inherited from deviceConfiguration |
| createdDateTime | DateTimeOffset | DateTime the object was created. Inherited from deviceConfiguration |
| description | String | Admin provided description of the Device Configuration. Inherited from deviceConfiguration |
| displayName | String | Admin provided name of the device configuration. Inherited from deviceConfiguration |
| version | Int32 | Version of the device configuration. Inherited from deviceConfiguration |
| enterpriseCloudPrintDiscoveryEndPoint | String | Endpoint for discovering cloud printers. |
| enterpriseCloudPrintOAuthAuthority | String | Authentication endpoint for acquiring OAuth tokens. |
| enterpriseCloudPrintOAuthClientIdentifier | String | GUID of a client application authorized to retrieve OAuth tokens from the OAuth Authority. |
| enterpriseCloudPrintResourceIdentifier | String | OAuth resource URI for print service as configured in the Azure portal. |
| enterpriseCloudPrintDiscoveryMaxLimit | Int32 | Maximum number of printers that should be queried from a discovery endpoint. This is a mobile only setting. Valid values 1 to 65535 |
| enterpriseCloudPrintMopriaDiscoveryResourceIdentifier | String | OAuth resource URI for printer discovery service as configured in Azure portal. |
| searchBlockDiacritics | Boolean | Specifies if search can use diacritics. |
| searchDisableAutoLanguageDetection | Boolean | Specifies whether to use automatic language detection when indexing content and properties. |
| searchDisableIndexingEncryptedItems | Boolean | Indicates whether or not to block indexing of WIP-protected items to prevent them from appearing in search results for Cortana or Explorer. |
| searchEnableRemoteQueries | Boolean | Indicates whether or not to block remote queries of this computer’s index. |
| searchDisableIndexerBackoff | Boolean | Indicates whether or not to disable the search indexer backoff feature. |
| searchDisableIndexingRemovableDrive | Boolean | Indicates whether or not to allow users to add locations on removable drives to libraries and to be indexed. |
| searchEnableAutomaticIndexSizeManangement | Boolean | Specifies minimum amount of hard drive space on the same drive as the index location before indexing stops. |
| diagnosticsDataSubmissionMode | diagnosticDataSubmissionMode | Gets or sets a value allowing the device to send diagnostic and usage telemetry data, such as Watson. Possible values are: userDefined, none, basic, enhanced, full. |
| oneDriveDisableFileSync | Boolean | Gets or sets a value allowing IT admins to prevent apps and features from working with files on OneDrive. |
| smartScreenEnableAppInstallControl | Boolean | This property will be deprecated in July 2019 and will be replaced by property SmartScreenAppInstallControl. Allows IT Admins to control whether users are allowed to install apps from places other than the Store. |
| personalizationDesktopImageUrl | String | A http or https Url to a jpg, jpeg or png image that needs to be downloaded and used as the Desktop Image or a file Url to a local image on the file system that needs to used as the Desktop Image. |
| personalizationLockScreenImageUrl | String | A http or https Url to a jpg, jpeg or png image that neeeds to be downloaded and used as the Lock Screen Image or a file Url to a local image on the file system that needs to be used as the Lock Screen Image. |
| bluetoothAllowedServices | String collection | Specify a list of allowed Bluetooth services and profiles in hex formatted strings. |
| bluetoothBlockAdvertising | Boolean | Whether or not to Block the user from using bluetooth advertising. |
| bluetoothBlockDiscoverableMode | Boolean | Whether or not to Block the user from using bluetooth discoverable mode. |
| bluetoothBlockPrePairing | Boolean | Whether or not to block specific bundled Bluetooth peripherals to automatically pair with the host device. |
| edgeBlockAutofill | Boolean | Indicates whether or not to block auto fill. |
| edgeBlocked | Boolean | Indicates whether or not to Block the user from using the Edge browser. |
| edgeCookiePolicy | edgeCookiePolicy | Indicates which cookies to block in the Edge browser. Possible values are: userDefined, allow, blockThirdParty, blockAll. |
| edgeBlockDeveloperTools | Boolean | Indicates whether or not to block developer tools in the Edge browser. |
| edgeBlockSendingDoNotTrackHeader | Boolean | Indicates whether or not to Block the user from sending the do not track header. |
| edgeBlockExtensions | Boolean | Indicates whether or not to block extensions in the Edge browser. |
| edgeBlockInPrivateBrowsing | Boolean | Indicates whether or not to block InPrivate browsing on corporate networks, in the Edge browser. |
| edgeBlockJavaScript | Boolean | Indicates whether or not to Block the user from using JavaScript. |
| edgeBlockPasswordManager | Boolean | Indicates whether or not to Block password manager. |
| edgeBlockAddressBarDropdown | Boolean | Block the address bar dropdown functionality in Microsoft Edge. Disable this settings to minimize network connections from Microsoft Edge to Microsoft services. |
| edgeBlockCompatibilityList | Boolean | Block Microsoft compatibility list in Microsoft Edge. This list from Microsoft helps Edge properly display sites with known compatibility issues. |
| edgeClearBrowsingDataOnExit | Boolean | Clear browsing data on exiting Microsoft Edge. |
| edgeAllowStartPagesModification | Boolean | Allow users to change Start pages on Edge. Use the EdgeHomepageUrls to specify the Start pages that the user would see by default when they open Edge. |
| edgeDisableFirstRunPage | Boolean | Block the Microsoft web page that opens on the first use of Microsoft Edge. This policy allows enterprises, like those enrolled in zero emissions configurations, to block this page. |
| edgeBlockLiveTileDataCollection | Boolean | Block the collection of information by Microsoft for live tile creation when users pin a site to Start from Microsoft Edge. |
| edgeSyncFavoritesWithInternetExplorer | Boolean | Enable favorites sync between Internet Explorer and Microsoft Edge. Additions, deletions, modifications and order changes to favorites are shared between browsers. |
| cellularBlockDataWhenRoaming | Boolean | Whether or not to Block the user from using data over cellular while roaming. |
| cellularBlockVpn | Boolean | Whether or not to Block the user from using VPN over cellular. |
| cellularBlockVpnWhenRoaming | Boolean | Whether or not to Block the user from using VPN when roaming over cellular. |
| defenderRequireRealTimeMonitoring | Boolean | Indicates whether or not to require real time monitoring. |
| defenderRequireBehaviorMonitoring | Boolean | Indicates whether or not to require behavior monitoring. |
| defenderRequireNetworkInspectionSystem | Boolean | Indicates whether or not to require network inspection system. |
| defenderScanDownloads | Boolean | Indicates whether or not to scan downloads. |
| defenderScanScriptsLoadedInInternetExplorer | Boolean | Indicates whether or not to scan scripts loaded in Internet Explorer browser. |
| defenderBlockEndUserAccess | Boolean | Whether or not to block end user access to Defender. |
| defenderSignatureUpdateIntervalInHours | Int32 | The signature update interval in hours. Specify 0 not to check. Valid values 0 to 24 |
| defenderMonitorFileActivity | defenderMonitorFileActivity | Value for monitoring file activity. Possible values are: userDefined, disable, monitorAllFiles, monitorIncomingFilesOnly, monitorOutgoingFilesOnly. |
| defenderDaysBeforeDeletingQuarantinedMalware | Int32 | Number of days before deleting quarantined malware. Valid values 0 to 90 |
| defenderScanMaxCpu | Int32 | Max CPU usage percentage during scan. Valid values 0 to 100 |
| defenderScanArchiveFiles | Boolean | Indicates whether or not to scan archive files. |
| defenderScanIncomingMail | Boolean | Indicates whether or not to scan incoming mail messages. |
| defenderScanRemovableDrivesDuringFullScan | Boolean | Indicates whether or not to scan removable drives during full scan. |
| defenderScanMappedNetworkDrivesDuringFullScan | Boolean | Indicates whether or not to scan mapped network drives during full scan. |
| defenderScanNetworkFiles | Boolean | Indicates whether or not to scan files opened from a network folder. |
| defenderRequireCloudProtection | Boolean | Indicates whether or not to require cloud protection. |
| defenderCloudBlockLevel | defenderCloudBlockLevelType | Specifies the level of cloud-delivered protection. Possible values are: notConfigured, high, highPlus, zeroTolerance. |
| defenderPromptForSampleSubmission | defenderPromptForSampleSubmission | The configuration for how to prompt user for sample submission. Possible values are: userDefined, alwaysPrompt, promptBeforeSendingPersonalData, neverSendData, sendAllDataWithoutPrompting. |
| defenderScheduledQuickScanTime | TimeOfDay | The time to perform a daily quick scan. |
| defenderScanType | defenderScanType | The defender system scan type. Possible values are: userDefined, disabled, quick, full. |
| defenderSystemScanSchedule | weeklySchedule | Defender day of the week for the system scan. Possible values are: userDefined, everyday, sunday, monday, tuesday, wednesday, thursday, friday, saturday. |
| defenderScheduledScanTime | TimeOfDay | The defender time for the system scan. |
| defenderDetectedMalwareActions | defenderDetectedMalwareActions | Gets or sets Defender’s actions to take on detected Malware per threat level. |
| defenderFileExtensionsToExclude | String collection | File extensions to exclude from scans and real time protection. |
| defenderFilesAndFoldersToExclude | String collection | Files and folder to exclude from scans and real time protection. |
| defenderProcessesToExclude | String collection | Processes to exclude from scans and real time protection. |
| lockScreenAllowTimeoutConfiguration | Boolean | Specify whether to show a user-configurable setting to control the screen timeout while on the lock screen of Windows 10 Mobile devices. If this policy is set to Allow, the value set by lockScreenTimeoutInSeconds is ignored. |
| lockScreenBlockActionCenterNotifications | Boolean | Indicates whether or not to block action center notifications over lock screen. |
| lockScreenBlockCortana | Boolean | Indicates whether or not the user can interact with Cortana using speech while the system is locked. |
| lockScreenBlockToastNotifications | Boolean | Indicates whether to allow toast notifications above the device lock screen. |
| lockScreenTimeoutInSeconds | Int32 | Set the duration (in seconds) from the screen locking to the screen turning off for Windows 10 Mobile devices. Supported values are 11-1800. Valid values 11 to 1800 |
| passwordBlockSimple | Boolean | Specify whether PINs or passwords such as "1111" or "1234" are allowed. For Windows 10 desktops, it also controls the use of picture passwords. |
| passwordExpirationDays | Int32 | The password expiration in days. Valid values 0 to 730 |
| passwordMinimumLength | Int32 | The minimum password length. Valid values 4 to 16 |
| passwordMinutesOfInactivityBeforeScreenTimeout | Int32 | The minutes of inactivity before the screen times out. |
| passwordMinimumCharacterSetCount | Int32 | The number of character sets required in the password. |
| passwordPreviousPasswordBlockCount | Int32 | The number of previous passwords to prevent reuse of. Valid values 0 to 50 |
| passwordRequired | Boolean | Indicates whether or not to require the user to have a password. |
| passwordRequireWhenResumeFromIdleState | Boolean | Indicates whether or not to require a password upon resuming from an idle state. |
| passwordRequiredType | requiredPasswordType | The required password type. Possible values are: deviceDefault, alphanumeric, numeric. |
| passwordSignInFailureCountBeforeFactoryReset | Int32 | The number of sign in failures before factory reset. Valid values 0 to 999 |
| privacyAdvertisingId | stateManagementSetting | Enables or disables the use of advertising ID. Added in Windows 10, version 1607. Possible values are: notConfigured, blocked, allowed. |
| privacyAutoAcceptPairingAndConsentPrompts | Boolean | Indicates whether or not to allow the automatic acceptance of the pairing and privacy user consent dialog when launching apps. |
| privacyBlockInputPersonalization | Boolean | Indicates whether or not to block the usage of cloud based speech services for Cortana, Dictation, or Store applications. |
| startBlockUnpinningAppsFromTaskbar | Boolean | Indicates whether or not to block the user from unpinning apps from taskbar. |
| startMenuAppListVisibility | windowsStartMenuAppListVisibilityType | Setting the value of this collapses the app list, removes the app list entirely, or disables the corresponding toggle in the Settings app. Possible values are: userDefined, collapse, remove, disableSettingsApp. |
| startMenuHideChangeAccountSettings | Boolean | Enabling this policy hides the change account setting from appearing in the user tile in the start menu. |
| startMenuHideFrequentlyUsedApps | Boolean | Enabling this policy hides the most used apps from appearing on the start menu and disables the corresponding toggle in the Settings app. |
| startMenuHideHibernate | Boolean | Enabling this policy hides hibernate from appearing in the power button in the start menu. |
| startMenuHideLock | Boolean | Enabling this policy hides lock from appearing in the user tile in the start menu. |
| startMenuHidePowerButton | Boolean | Enabling this policy hides the power button from appearing in the start menu. |
| startMenuHideRecentJumpLists | Boolean | Enabling this policy hides recent jump lists from appearing on the start menu/taskbar and disables the corresponding toggle in the Settings app. |
| startMenuHideRecentlyAddedApps | Boolean | Enabling this policy hides recently added apps from appearing on the start menu and disables the corresponding toggle in the Settings app. |
| startMenuHideRestartOptions | Boolean | Enabling this policy hides “Restart/Update and Restart” from appearing in the power button in the start menu. |
| startMenuHideShutDown | Boolean | Enabling this policy hides shut down/update and shut down from appearing in the power button in the start menu. |
| startMenuHideSignOut | Boolean | Enabling this policy hides sign out from appearing in the user tile in the start menu. |
| startMenuHideSleep | Boolean | Enabling this policy hides sleep from appearing in the power button in the start menu. |
| startMenuHideSwitchAccount | Boolean | Enabling this policy hides switch account from appearing in the user tile in the start menu. |
| startMenuHideUserTile | Boolean | Enabling this policy hides the user tile from appearing in the start menu. |
| startMenuLayoutEdgeAssetsXml | Binary | This policy setting allows you to import Edge assets to be used with startMenuLayoutXml policy. Start layout can contain secondary tile from Edge app which looks for Edge local asset file. Edge local asset would not exist and cause Edge secondary tile to appear empty in this case. This policy only gets applied when startMenuLayoutXml policy is modified. The value should be a UTF-8 Base64 encoded byte array. |
| startMenuLayoutXml | Binary | Allows admins to override the default Start menu layout and prevents the user from changing it. The layout is modified by specifying an XML file based on a layout modification schema. XML needs to be in a UTF8 encoded byte array format. |
| startMenuMode | windowsStartMenuModeType | Allows admins to decide how the Start menu is displayed. Possible values are: userDefined, fullScreen, nonFullScreen. |
| startMenuPinnedFolderDocuments | visibilitySetting | Enforces the visibility (Show/Hide) of the Documents folder shortcut on the Start menu. Possible values are: notConfigured, hide, show. |
| startMenuPinnedFolderDownloads | visibilitySetting | Enforces the visibility (Show/Hide) of the Downloads folder shortcut on the Start menu. Possible values are: notConfigured, hide, show. |
| startMenuPinnedFolderFileExplorer | visibilitySetting | Enforces the visibility (Show/Hide) of the FileExplorer shortcut on the Start menu. Possible values are: notConfigured, hide, show. |
| startMenuPinnedFolderHomeGroup | visibilitySetting | Enforces the visibility (Show/Hide) of the HomeGroup folder shortcut on the Start menu. Possible values are: notConfigured, hide, show. |
| startMenuPinnedFolderMusic | visibilitySetting | Enforces the visibility (Show/Hide) of the Music folder shortcut on the Start menu. Possible values are: notConfigured, hide, show. |
| startMenuPinnedFolderNetwork | visibilitySetting | Enforces the visibility (Show/Hide) of the Network folder shortcut on the Start menu. Possible values are: notConfigured, hide, show. |
| startMenuPinnedFolderPersonalFolder | visibilitySetting | Enforces the visibility (Show/Hide) of the PersonalFolder shortcut on the Start menu. Possible values are: notConfigured, hide, show. |
| startMenuPinnedFolderPictures | visibilitySetting | Enforces the visibility (Show/Hide) of the Pictures folder shortcut on the Start menu. Possible values are: notConfigured, hide, show. |
| startMenuPinnedFolderSettings | visibilitySetting | Enforces the visibility (Show/Hide) of the Settings folder shortcut on the Start menu. Possible values are: notConfigured, hide, show. |
| startMenuPinnedFolderVideos | visibilitySetting | Enforces the visibility (Show/Hide) of the Videos folder shortcut on the Start menu. Possible values are: notConfigured, hide, show. |
| settingsBlockSettingsApp | Boolean | Indicates whether or not to block access to Settings app. |
| settingsBlockSystemPage | Boolean | Indicates whether or not to block access to System in Settings app. |
| settingsBlockDevicesPage | Boolean | Indicates whether or not to block access to Devices in Settings app. |
| settingsBlockNetworkInternetPage | Boolean | Indicates whether or not to block access to Network & Internet in Settings app. |
| settingsBlockPersonalizationPage | Boolean | Indicates whether or not to block access to Personalization in Settings app. |
| settingsBlockAccountsPage | Boolean | Indicates whether or not to block access to Accounts in Settings app. |
| settingsBlockTimeLanguagePage | Boolean | Indicates whether or not to block access to Time & Language in Settings app. |
| settingsBlockEaseOfAccessPage | Boolean | Indicates whether or not to block access to Ease of Access in Settings app. |
| settingsBlockPrivacyPage | Boolean | Indicates whether or not to block access to Privacy in Settings app. |
| settingsBlockUpdateSecurityPage | Boolean | Indicates whether or not to block access to Update & Security in Settings app. |
| settingsBlockAppsPage | Boolean | Indicates whether or not to block access to Apps in Settings app. |
| settingsBlockGamingPage | Boolean | Indicates whether or not to block access to Gaming in Settings app. |
| windowsSpotlightBlockConsumerSpecificFeatures | Boolean | Allows IT admins to block experiences that are typically for consumers only, such as Start suggestions, Membership notifications, Post-OOBE app install and redirect tiles. |
| windowsSpotlightBlocked | Boolean | Allows IT admins to turn off all Windows Spotlight features |
| windowsSpotlightBlockOnActionCenter | Boolean | Block suggestions from Microsoft that show after each OS clean install, upgrade or in an on-going basis to introduce users to what is new or changed |
| windowsSpotlightBlockTailoredExperiences | Boolean | Block personalized content in Windows spotlight based on user’s device usage. |
| windowsSpotlightBlockThirdPartyNotifications | Boolean | Block third party content delivered via Windows Spotlight |
| windowsSpotlightBlockWelcomeExperience | Boolean | Block Windows Spotlight Windows welcome experience |
| windowsSpotlightBlockWindowsTips | Boolean | Allows IT admins to turn off the popup of Windows Tips. |
| windowsSpotlightConfigureOnLockScreen | windowsSpotlightEnablementSettings | Specifies the type of Spotlight. Possible values are: notConfigured, disabled, enabled. |
| networkProxyApplySettingsDeviceWide | Boolean | If set, proxy settings will be applied to all processes and accounts in the device. Otherwise, it will be applied to the user account that’s enrolled into MDM. |
| networkProxyDisableAutoDetect | Boolean | Disable automatic detection of settings. If enabled, the system will try to find the path to a proxy auto-config (PAC) script. |
| networkProxyAutomaticConfigurationUrl | String | Address to the proxy auto-config (PAC) script you want to use. |
| networkProxyServer | windows10NetworkProxyServer | Specifies manual proxy server settings. |
| accountsBlockAddingNonMicrosoftAccountEmail | Boolean | Indicates whether or not to Block the user from adding email accounts to the device that are not associated with a Microsoft account. |
| antiTheftModeBlocked | Boolean | Indicates whether or not to block the user from selecting an AntiTheft mode preference (Windows 10 Mobile only). |
| bluetoothBlocked | Boolean | Whether or not to Block the user from using bluetooth. |
| cameraBlocked | Boolean | Whether or not to Block the user from accessing the camera of the device. |
| connectedDevicesServiceBlocked | Boolean | Whether or not to block Connected Devices Service which enables discovery and connection to other devices, remote messaging, remote app sessions and other cross-device experiences. |
| certificatesBlockManualRootCertificateInstallation | Boolean | Whether or not to Block the user from doing manual root certificate installation. |
| copyPasteBlocked | Boolean | Whether or not to Block the user from using copy paste. |
| cortanaBlocked | Boolean | Whether or not to Block the user from using Cortana. |
| deviceManagementBlockFactoryResetOnMobile | Boolean | Indicates whether or not to Block the user from resetting their phone. |
| deviceManagementBlockManualUnenroll | Boolean | Indicates whether or not to Block the user from doing manual un-enrollment from device management. |
| safeSearchFilter | safeSearchFilterType | Specifies what filter level of safe search is required. Possible values are: userDefined, strict, moderate. |
| edgeBlockPopups | Boolean | Indicates whether or not to block popups. |
| edgeBlockSearchSuggestions | Boolean | Indicates whether or not to block the user from using the search suggestions in the address bar. |
| edgeBlockSendingIntranetTrafficToInternetExplorer | Boolean | Indicates whether or not to switch the intranet traffic from Edge to Internet Explorer. Note: the name of this property is misleading; the property is obsolete, use EdgeSendIntranetTrafficToInternetExplorer instead. |
| edgeSendIntranetTrafficToInternetExplorer | Boolean | Indicates whether or not to switch the intranet traffic from Edge to Internet Explorer. |
| edgeRequireSmartScreen | Boolean | Indicates whether or not to Require the user to use the smart screen filter. |
| edgeEnterpriseModeSiteListLocation | String | Indicates the enterprise mode site list location. Could be a local file, local network or http location. |
| edgeFirstRunUrl | String | The first run URL for when Edge browser is opened for the first time. |
| edgeSearchEngine | edgeSearchEngineBase | Allows IT admins to set a default search engine for MDM-Controlled devices. Users can override this and change their default search engine provided the AllowSearchEngineCustomization policy is not set. |
| edgeHomepageUrls | String collection | The list of URLs for homepages shodwn on MDM-enrolled devices on Edge browser. |
| edgeBlockAccessToAboutFlags | Boolean | Indicates whether or not to prevent access to about flags on Edge browser. |
| smartScreenBlockPromptOverride | Boolean | Indicates whether or not users can override SmartScreen Filter warnings about potentially malicious websites. |
| smartScreenBlockPromptOverrideForFiles | Boolean | Indicates whether or not users can override the SmartScreen Filter warnings about downloading unverified files |
| webRtcBlockLocalhostIpAddress | Boolean | Indicates whether or not user's localhost IP address is displayed while making phone calls using the WebRTC |
| internetSharingBlocked | Boolean | Indicates whether or not to Block the user from using internet sharing. |
| settingsBlockAddProvisioningPackage | Boolean | Indicates whether or not to block the user from installing provisioning packages. |
| settingsBlockRemoveProvisioningPackage | Boolean | Indicates whether or not to block the runtime configuration agent from removing provisioning packages. |
| settingsBlockChangeSystemTime | Boolean | Indicates whether or not to block the user from changing date and time settings. |
| settingsBlockEditDeviceName | Boolean | Indicates whether or not to block the user from editing the device name. |
| settingsBlockChangeRegion | Boolean | Indicates whether or not to block the user from changing the region settings. |
| settingsBlockChangeLanguage | Boolean | Indicates whether or not to block the user from changing the language settings. |
| settingsBlockChangePowerSleep | Boolean | Indicates whether or not to block the user from changing power and sleep settings. |
| locationServicesBlocked | Boolean | Indicates whether or not to Block the user from location services. |
| microsoftAccountBlocked | Boolean | Indicates whether or not to Block a Microsoft account. |
| microsoftAccountBlockSettingsSync | Boolean | Indicates whether or not to Block Microsoft account settings sync. |
| nfcBlocked | Boolean | Indicates whether or not to Block the user from using near field communication. |
| resetProtectionModeBlocked | Boolean | Indicates whether or not to Block the user from reset protection mode. |
| screenCaptureBlocked | Boolean | Indicates whether or not to Block the user from taking Screenshots. |
| storageBlockRemovableStorage | Boolean | Indicates whether or not to Block the user from using removable storage. |
| storageRequireMobileDeviceEncryption | Boolean | Indicating whether or not to require encryption on a mobile device. |
| usbBlocked | Boolean | Indicates whether or not to Block the user from USB connection. |
| voiceRecordingBlocked | Boolean | Indicates whether or not to Block the user from voice recording. |
| wiFiBlockAutomaticConnectHotspots | Boolean | Indicating whether or not to block automatically connecting to Wi-Fi hotspots. Has no impact if Wi-Fi is blocked. |
| wiFiBlocked | Boolean | Indicates whether or not to Block the user from using Wi-Fi. |
| wiFiBlockManualConfiguration | Boolean | Indicates whether or not to Block the user from using Wi-Fi manual configuration. |
| wiFiScanInterval | Int32 | Specify how often devices scan for Wi-Fi networks. Supported values are 1-500, where 100 = default, and 500 = low frequency. Valid values 1 to 500 |
| wirelessDisplayBlockProjectionToThisDevice | Boolean | Indicates whether or not to allow other devices from discovering this PC for projection. |
| wirelessDisplayBlockUserInputFromReceiver | Boolean | Indicates whether or not to allow user input from wireless display receiver. |
| wirelessDisplayRequirePinForPairing | Boolean | Indicates whether or not to require a PIN for new devices to initiate pairing. |
| windowsStoreBlocked | Boolean | Indicates whether or not to Block the user from using the Windows store. |
| appsAllowTrustedAppsSideloading | stateManagementSetting | Indicates whether apps from AppX packages signed with a trusted certificate can be side loaded. Possible values are: notConfigured, blocked, allowed. |
| windowsStoreBlockAutoUpdate | Boolean | Indicates whether or not to block automatic update of apps from Windows Store. |
| developerUnlockSetting | stateManagementSetting | Indicates whether or not to allow developer unlock. Possible values are: notConfigured, blocked, allowed. |
| sharedUserAppDataAllowed | Boolean | Indicates whether or not to block multiple users of the same app to share data. |
| appsBlockWindowsStoreOriginatedApps | Boolean | Indicates whether or not to disable the launch of all apps from Windows Store that came pre-installed or were downloaded. |
| windowsStoreEnablePrivateStoreOnly | Boolean | Indicates whether or not to enable Private Store Only. |
| storageRestrictAppDataToSystemVolume | Boolean | Indicates whether application data is restricted to the system drive. |
| storageRestrictAppInstallToSystemVolume | Boolean | Indicates whether the installation of applications is restricted to the system drive. |
| gameDvrBlocked | Boolean | Indicates whether or not to block DVR and broadcasting. |
| experienceBlockDeviceDiscovery | Boolean | Indicates whether or not to enable device discovery UX. |
| experienceBlockErrorDialogWhenNoSIM | Boolean | Indicates whether or not to allow the error dialog from displaying if no SIM card is detected. |
| experienceBlockTaskSwitcher | Boolean | Indicates whether or not to enable task switching on the device. |
| logonBlockFastUserSwitching | Boolean | Disables the ability to quickly switch between users that are logged on simultaneously without logging off. |
| tenantLockdownRequireNetworkDuringOutOfBoxExperience | Boolean | Whether the device is required to connect to the network. |
Graph reference: windows10ImportedPFXCertificateProfile
| Property | Type | Description |
|---|---|---|
| id | String | Key of the entity. Inherited from deviceConfiguration |
| lastModifiedDateTime | DateTimeOffset | DateTime the object was last modified. Inherited from deviceConfiguration |
| roleScopeTagIds | String collection | List of Scope Tags for this Entity instance. Inherited from deviceConfiguration |
| supportsScopeTags | Boolean | Indicates whether or not the underlying Device Configuration supports the assignment of scope tags. Assigning to the ScopeTags property is not allowed when this value is false and entities will not be visible to scoped users. This occurs for Legacy policies created in Silverlight and can be resolved by deleting and recreating the policy in the Azure Portal. This property is read-only. Inherited from deviceConfiguration |
| deviceManagementApplicabilityRuleOsEdition | deviceManagementApplicabilityRuleOsEdition | The OS edition applicability for this Policy. Inherited from deviceConfiguration |
| deviceManagementApplicabilityRuleOsVersion | deviceManagementApplicabilityRuleOsVersion | The OS version applicability rule for this Policy. Inherited from deviceConfiguration |
| deviceManagementApplicabilityRuleDeviceMode | deviceManagementApplicabilityRuleDeviceMode | The device mode applicability rule for this Policy. Inherited from deviceConfiguration |
| createdDateTime | DateTimeOffset | DateTime the object was created. Inherited from deviceConfiguration |
| description | String | Admin provided description of the Device Configuration. Inherited from deviceConfiguration |
| displayName | String | Admin provided name of the device configuration. Inherited from deviceConfiguration |
| version | Int32 | Version of the device configuration. Inherited from deviceConfiguration |
| renewalThresholdPercentage | Int32 | Certificate renewal threshold percentage. Valid values 1 to 99 Inherited from windowsCertificateProfileBase |
| keyStorageProvider | keyStorageProviderOption | Key Storage Provider (KSP) Inherited from windowsCertificateProfileBase. Possible values are: useTpmKspOtherwiseUseSoftwareKsp, useTpmKspOtherwiseFail, usePassportForWorkKspOtherwiseFail, useSoftwareKsp. |
| subjectNameFormat | subjectNameFormat | Certificate Subject Name Format Inherited from windowsCertificateProfileBase. Possible values are: commonName, commonNameIncludingEmail, commonNameAsEmail, custom, commonNameAsIMEI, commonNameAsSerialNumber, commonNameAsAadDeviceId, commonNameAsIntuneDeviceId, commonNameAsDurableDeviceId. |
| subjectAlternativeNameType | subjectAlternativeNameType | Certificate Subject Alternative Name Type Inherited from windowsCertificateProfileBase. Possible values are: none, emailAddress, userPrincipalName, customAzureADAttribute, domainNameService, universalResourceIdentifier. |
| certificateValidityPeriodValue | Int32 | Value for the Certificate Validity Period Inherited from windowsCertificateProfileBase |
| certificateValidityPeriodScale | certificateValidityPeriodScale | Scale for the Certificate Validity Period Inherited from windowsCertificateProfileBase. Possible values are: days, months, years. |
| intendedPurpose | intendedPurpose | Intended Purpose of the Certificate Profile - which could be Unassigned, SmimeEncryption, SmimeSigning etc. Possible values are: unassigned, smimeEncryption, smimeSigning, vpn, wifi. |
Graph reference: windows10MobileCompliancePolicy
| Property | Type | Description |
|---|---|---|
| id | String | Key of the entity. Inherited from deviceCompliancePolicy |
| createdDateTime | DateTimeOffset | DateTime the object was created. Inherited from deviceCompliancePolicy |
| description | String | Admin provided description of the Device Configuration. Inherited from deviceCompliancePolicy |
| lastModifiedDateTime | DateTimeOffset | DateTime the object was last modified. Inherited from deviceCompliancePolicy |
| displayName | String | Admin provided name of the device configuration. Inherited from deviceCompliancePolicy |
| version | Int32 | Version of the device configuration. Inherited from deviceCompliancePolicy |
| passwordRequired | Boolean | Require a password to unlock Windows Phone device. |
| passwordBlockSimple | Boolean | Whether or not to block syncing the calendar. |
| passwordMinimumLength | Int32 | Minimum password length. Valid values 4 to 16 |
| passwordMinimumCharacterSetCount | Int32 | The number of character sets required in the password. |
| passwordRequiredType | requiredPasswordType | The required password type. Possible values are: deviceDefault, alphanumeric, numeric. |
| passwordPreviousPasswordBlockCount | Int32 | The number of previous passwords to prevent re-use of. |
| passwordExpirationDays | Int32 | Number of days before password expiration. Valid values 1 to 255 |
| passwordMinutesOfInactivityBeforeLock | Int32 | Minutes of inactivity before a password is required. |
| passwordRequireToUnlockFromIdle | Boolean | Require a password to unlock an idle device. |
| osMinimumVersion | String | Minimum Windows Phone version. |
| osMaximumVersion | String | Maximum Windows Phone version. |
| earlyLaunchAntiMalwareDriverEnabled | Boolean | Require devices to be reported as healthy by Windows Device Health Attestation - early launch antimalware driver is enabled. |
| bitLockerEnabled | Boolean | Require devices to be reported healthy by Windows Device Health Attestation - bit locker is enabled |
| secureBootEnabled | Boolean | Require devices to be reported as healthy by Windows Device Health Attestation - secure boot is enabled. |
| codeIntegrityEnabled | Boolean | Require devices to be reported as healthy by Windows Device Health Attestation. |
| storageRequireEncryption | Boolean | Require encryption on windows devices. |
Graph reference: windows10NetworkBoundaryConfiguration
| Property | Type | Description |
|---|---|---|
| id | String | Key of the entity. Inherited from deviceConfiguration |
| lastModifiedDateTime | DateTimeOffset | DateTime the object was last modified. Inherited from deviceConfiguration |
| roleScopeTagIds | String collection | List of Scope Tags for this Entity instance. Inherited from deviceConfiguration |
| supportsScopeTags | Boolean | Indicates whether or not the underlying Device Configuration supports the assignment of scope tags. Assigning to the ScopeTags property is not allowed when this value is false and entities will not be visible to scoped users. This occurs for Legacy policies created in Silverlight and can be resolved by deleting and recreating the policy in the Azure Portal. This property is read-only. Inherited from deviceConfiguration |
| deviceManagementApplicabilityRuleOsEdition | deviceManagementApplicabilityRuleOsEdition | The OS edition applicability for this Policy. Inherited from deviceConfiguration |
| deviceManagementApplicabilityRuleOsVersion | deviceManagementApplicabilityRuleOsVersion | The OS version applicability rule for this Policy. Inherited from deviceConfiguration |
| deviceManagementApplicabilityRuleDeviceMode | deviceManagementApplicabilityRuleDeviceMode | The device mode applicability rule for this Policy. Inherited from deviceConfiguration |
| createdDateTime | DateTimeOffset | DateTime the object was created. Inherited from deviceConfiguration |
| description | String | Admin provided description of the Device Configuration. Inherited from deviceConfiguration |
| displayName | String | Admin provided name of the device configuration. Inherited from deviceConfiguration |
| version | Int32 | Version of the device configuration. Inherited from deviceConfiguration |
| windowsNetworkIsolationPolicy | windowsNetworkIsolationPolicy | Windows Network Isolation Policy |
Graph reference: windows10PFXImportCertificateProfile
| Property | Type | Description |
|---|---|---|
| id | String | Key of the entity. Inherited from deviceConfiguration |
| lastModifiedDateTime | DateTimeOffset | DateTime the object was last modified. Inherited from deviceConfiguration |
| roleScopeTagIds | String collection | List of Scope Tags for this Entity instance. Inherited from deviceConfiguration |
| supportsScopeTags | Boolean | Indicates whether or not the underlying Device Configuration supports the assignment of scope tags. Assigning to the ScopeTags property is not allowed when this value is false and entities will not be visible to scoped users. This occurs for Legacy policies created in Silverlight and can be resolved by deleting and recreating the policy in the Azure Portal. This property is read-only. Inherited from deviceConfiguration |
| deviceManagementApplicabilityRuleOsEdition | deviceManagementApplicabilityRuleOsEdition | The OS edition applicability for this Policy. Inherited from deviceConfiguration |
| deviceManagementApplicabilityRuleOsVersion | deviceManagementApplicabilityRuleOsVersion | The OS version applicability rule for this Policy. Inherited from deviceConfiguration |
| deviceManagementApplicabilityRuleDeviceMode | deviceManagementApplicabilityRuleDeviceMode | The device mode applicability rule for this Policy. Inherited from deviceConfiguration |
| createdDateTime | DateTimeOffset | DateTime the object was created. Inherited from deviceConfiguration |
| description | String | Admin provided description of the Device Configuration. Inherited from deviceConfiguration |
| displayName | String | Admin provided name of the device configuration. Inherited from deviceConfiguration |
| version | Int32 | Version of the device configuration. Inherited from deviceConfiguration |
| keyStorageProvider | keyStorageProviderOption | . Possible values are: useTpmKspOtherwiseUseSoftwareKsp, useTpmKspOtherwiseFail, usePassportForWorkKspOtherwiseFail, useSoftwareKsp. |
Graph reference: windows10PkcsCertificateProfile
| Property | Type | Description |
|---|---|---|
| id | String | Key of the entity. Inherited from deviceConfiguration |
| lastModifiedDateTime | DateTimeOffset | DateTime the object was last modified. Inherited from deviceConfiguration |
| roleScopeTagIds | String collection | List of Scope Tags for this Entity instance. Inherited from deviceConfiguration |
| supportsScopeTags | Boolean | Indicates whether or not the underlying Device Configuration supports the assignment of scope tags. Assigning to the ScopeTags property is not allowed when this value is false and entities will not be visible to scoped users. This occurs for Legacy policies created in Silverlight and can be resolved by deleting and recreating the policy in the Azure Portal. This property is read-only. Inherited from deviceConfiguration |
| deviceManagementApplicabilityRuleOsEdition | deviceManagementApplicabilityRuleOsEdition | The OS edition applicability for this Policy. Inherited from deviceConfiguration |
| deviceManagementApplicabilityRuleOsVersion | deviceManagementApplicabilityRuleOsVersion | The OS version applicability rule for this Policy. Inherited from deviceConfiguration |
| deviceManagementApplicabilityRuleDeviceMode | deviceManagementApplicabilityRuleDeviceMode | The device mode applicability rule for this Policy. Inherited from deviceConfiguration |
| createdDateTime | DateTimeOffset | DateTime the object was created. Inherited from deviceConfiguration |
| description | String | Admin provided description of the Device Configuration. Inherited from deviceConfiguration |
| displayName | String | Admin provided name of the device configuration. Inherited from deviceConfiguration |
| version | Int32 | Version of the device configuration. Inherited from deviceConfiguration |
| renewalThresholdPercentage | Int32 | Certificate renewal threshold percentage. Valid values 1 to 99 Inherited from windowsCertificateProfileBase |
| keyStorageProvider | keyStorageProviderOption | Key Storage Provider (KSP) Inherited from windowsCertificateProfileBase. Possible values are: useTpmKspOtherwiseUseSoftwareKsp, useTpmKspOtherwiseFail, usePassportForWorkKspOtherwiseFail, useSoftwareKsp. |
| subjectNameFormat | subjectNameFormat | Certificate Subject Name Format Inherited from windowsCertificateProfileBase. Possible values are: commonName, commonNameIncludingEmail, commonNameAsEmail, custom, commonNameAsIMEI, commonNameAsSerialNumber, commonNameAsAadDeviceId, commonNameAsIntuneDeviceId, commonNameAsDurableDeviceId. |
| subjectAlternativeNameType | subjectAlternativeNameType | Certificate Subject Alternative Name Type Inherited from windowsCertificateProfileBase. Possible values are: none, emailAddress, userPrincipalName, customAzureADAttribute, domainNameService, universalResourceIdentifier. |
| certificateValidityPeriodValue | Int32 | Value for the Certificate Validity Period Inherited from windowsCertificateProfileBase |
| certificateValidityPeriodScale | certificateValidityPeriodScale | Scale for the Certificate Validity Period Inherited from windowsCertificateProfileBase. Possible values are: days, months, years. |
| certificationAuthority | String | PKCS Certification Authority |
| certificationAuthorityName | String | PKCS Certification Authority Name |
| certificateTemplateName | String | PKCS Certificate Template Name |
| subjectAlternativeNameFormatString | String | Custom String that defines the AAD Attribute. |
| extendedKeyUsages | extendedKeyUsage collection | Extended Key Usage (EKU) settings. This collection can contain a maximum of 500 elements. |
| subjectNameFormatString | String | Custom format to use with SubjectNameFormat = Custom. Example: CN={{EmailAddress}},E={{EmailAddress}},OU=Enterprise Users,O=Contoso Corporation,L=Redmond,ST=WA,C=US |
| certificateStore | certificateStore | Target store certificate. Possible values are: user, machine. |
| customSubjectAlternativeNames | customSubjectAlternativeName collection | Custom Subject Alternative Name Settings. This collection can contain a maximum of 500 elements. |
Graph reference: windows10SecureAssessmentConfiguration
| Property | Type | Description |
|---|---|---|
| id | String | Key of the entity. Inherited from deviceConfiguration |
| lastModifiedDateTime | DateTimeOffset | DateTime the object was last modified. Inherited from deviceConfiguration |
| createdDateTime | DateTimeOffset | DateTime the object was created. Inherited from deviceConfiguration |
| description | String | Admin provided description of the Device Configuration. Inherited from deviceConfiguration |
| displayName | String | Admin provided name of the device configuration. Inherited from deviceConfiguration |
| version | Int32 | Version of the device configuration. Inherited from deviceConfiguration |
| launchUri | String | Url link to an assessment that's automatically loaded when the secure assessment browser is launched. It has to be a valid Url (http[s]://msdn.microsoft.com/). |
| configurationAccount | String | The account used to configure the Windows device for taking the test. The user can be a domain account (domain\user), an AAD account ([email protected]) or a local account (username). |
| allowPrinting | Boolean | Indicates whether or not to allow the app from printing during the test. |
| allowScreenCapture | Boolean | Indicates whether or not to allow screen capture capability during a test. |
| allowTextSuggestion | Boolean | Indicates whether or not to allow text suggestions during the test. |
Graph reference: windows10TeamGeneralConfiguration
| Property | Type | Description |
|---|---|---|
| id | String | Key of the entity. Inherited from deviceConfiguration |
| lastModifiedDateTime | DateTimeOffset | DateTime the object was last modified. Inherited from deviceConfiguration |
| createdDateTime | DateTimeOffset | DateTime the object was created. Inherited from deviceConfiguration |
| description | String | Admin provided description of the Device Configuration. Inherited from deviceConfiguration |
| displayName | String | Admin provided name of the device configuration. Inherited from deviceConfiguration |
| version | Int32 | Version of the device configuration. Inherited from deviceConfiguration |
| azureOperationalInsightsBlockTelemetry | Boolean | Indicates whether or not to Block Azure Operational Insights. |
| azureOperationalInsightsWorkspaceId | String | The Azure Operational Insights workspace id. |
| azureOperationalInsightsWorkspaceKey | String | The Azure Operational Insights Workspace key. |
| connectAppBlockAutoLaunch | Boolean | Specifies whether to automatically launch the Connect app whenever a projection is initiated. |
| maintenanceWindowBlocked | Boolean | Indicates whether or not to Block setting a maintenance window for device updates. |
| maintenanceWindowDurationInHours | Int32 | Maintenance window duration for device updates. Valid values 0 to 5 |
| maintenanceWindowStartTime | TimeOfDay | Maintenance window start time for device updates. |
| miracastChannel | miracastChannel | The channel. Possible values are: userDefined, one, two, three, four, five, six, seven, eight, nine, ten, eleven, thirtySix, forty, fortyFour, fortyEight, oneHundredFortyNine, oneHundredFiftyThree, oneHundredFiftySeven, oneHundredSixtyOne, oneHundredSixtyFive. |
| miracastBlocked | Boolean | Indicates whether or not to Block wireless projection. |
| miracastRequirePin | Boolean | Indicates whether or not to require a pin for wireless projection. |
| settingsBlockMyMeetingsAndFiles | Boolean | Specifies whether to disable the "My meetings and files" feature in the Start menu, which shows the signed-in user's meetings and files from Office 365. |
| settingsBlockSessionResume | Boolean | Specifies whether to allow the ability to resume a session when the session times out. |
| settingsBlockSigninSuggestions | Boolean | Specifies whether to disable auto-populating of the sign-in dialog with invitees from scheduled meetings. |
| settingsDefaultVolume | Int32 | Specifies the default volume value for a new session. Permitted values are 0-100. The default is 45. Valid values 0 to 100 |
| settingsScreenTimeoutInMinutes | Int32 | Specifies the number of minutes until the Hub screen turns off. |
| settingsSessionTimeoutInMinutes | Int32 | Specifies the number of minutes until the session times out. |
| settingsSleepTimeoutInMinutes | Int32 | Specifies the number of minutes until the Hub enters sleep mode. |
| welcomeScreenBlockAutomaticWakeUp | Boolean | Indicates whether or not to Block the welcome screen from waking up automatically when someone enters the room. |
| welcomeScreenBackgroundImageUrl | String | The welcome screen background image URL. The URL must use the HTTPS protocol and return a PNG image. |
| welcomeScreenMeetingInformation | welcomeScreenMeetingInformation | The welcome screen meeting information shown. Possible values are: userDefined, showOrganizerAndTimeOnly, showOrganizerAndTimeAndSubject. |
Graph reference: windows10VpnConfiguration
| Property | Type | Description |
|---|---|---|
| id | String | Key of the entity. Inherited from deviceConfiguration |
| lastModifiedDateTime | DateTimeOffset | DateTime the object was last modified. Inherited from deviceConfiguration |
| roleScopeTagIds | String collection | List of Scope Tags for this Entity instance. Inherited from deviceConfiguration |
| supportsScopeTags | Boolean | Indicates whether or not the underlying Device Configuration supports the assignment of scope tags. Assigning to the ScopeTags property is not allowed when this value is false and entities will not be visible to scoped users. This occurs for Legacy policies created in Silverlight and can be resolved by deleting and recreating the policy in the Azure Portal. This property is read-only. Inherited from deviceConfiguration |
| deviceManagementApplicabilityRuleOsEdition | deviceManagementApplicabilityRuleOsEdition | The OS edition applicability for this Policy. Inherited from deviceConfiguration |
| deviceManagementApplicabilityRuleOsVersion | deviceManagementApplicabilityRuleOsVersion | The OS version applicability rule for this Policy. Inherited from deviceConfiguration |
| deviceManagementApplicabilityRuleDeviceMode | deviceManagementApplicabilityRuleDeviceMode | The device mode applicability rule for this Policy. Inherited from deviceConfiguration |
| createdDateTime | DateTimeOffset | DateTime the object was created. Inherited from deviceConfiguration |
| description | String | Admin provided description of the Device Configuration. Inherited from deviceConfiguration |
| displayName | String | Admin provided name of the device configuration. Inherited from deviceConfiguration |
| version | Int32 | Version of the device configuration. Inherited from deviceConfiguration |
| connectionName | String | Connection name displayed to the user. Inherited from windowsVpnConfiguration |
| servers | vpnServer collection | List of VPN Servers on the network. Make sure end users can access these network locations. This collection can contain a maximum of 500 elements. Inherited from windowsVpnConfiguration |
| customXml | Binary | Custom XML commands that configures the VPN connection. (UTF8 encoded byte array) Inherited from windowsVpnConfiguration |
| profileTarget | windows10VpnProfileTarget | Profile target type. Possible values are: user, device, autoPilotDevice. |
| connectionType | windows10VpnConnectionType | Connection type. Possible values are: pulseSecure, f5EdgeClient, dellSonicWallMobileConnect, checkPointCapsuleVpn, automatic, ikEv2, l2tp, pptp, citrix, paloAltoGlobalProtect, ciscoAnyConnect, unknownFutureValue, microsoftTunnel. |
| enableSplitTunneling | Boolean | Enable split tunneling. |
| enableAlwaysOn | Boolean | Enable Always On mode. |
| enableDeviceTunnel | Boolean | Enable device tunnel. |
| enableDnsRegistration | Boolean | Enable IP address registration with internal DNS. |
| dnsSuffixes | String collection | Specify DNS suffixes to add to the DNS search list to properly route short names. |
| microsoftTunnelSiteId | String | ID of the Microsoft Tunnel site associated with the VPN profile. |
| authenticationMethod | windows10VpnAuthenticationMethod | Authentication method. Possible values are: certificate, usernameAndPassword, customEapXml, derivedCredential. |
| rememberUserCredentials | Boolean | Remember user credentials. |
| enableConditionalAccess | Boolean | Enable conditional access. |
| enableSingleSignOnWithAlternateCertificate | Boolean | Enable single sign-on (SSO) with alternate certificate. |
| singleSignOnEku | extendedKeyUsage | Single sign-on Extended Key Usage (EKU). |
| singleSignOnIssuerHash | String | Single sign-on issuer hash. |
| eapXml | Binary | Extensible Authentication Protocol (EAP) XML. (UTF8 encoded byte array) |
| proxyServer | windows10VpnProxyServer | Proxy Server. |
| associatedApps | windows10AssociatedApps collection | Associated Apps. This collection can contain a maximum of 10000 elements. |
| onlyAssociatedAppsCanUseConnection | Boolean | Only associated Apps can use connection (per-app VPN). |
| windowsInformationProtectionDomain | String | Windows Information Protection (WIP) domain to associate with this connection. |
| trafficRules | vpnTrafficRule collection | Traffic rules. This collection can contain a maximum of 1000 elements. |
| routes | vpnRoute collection | Routes (optional for third-party providers). This collection can contain a maximum of 1000 elements. |
| dnsRules | vpnDnsRule collection | DNS rules. This collection can contain a maximum of 1000 elements. |
| trustedNetworkDomains | String collection | Trusted Network Domains |
| cryptographySuite | cryptographySuite | Cryptography Suite security settings for IKEv2 VPN in Windows10 and above |
Graph reference: windows81CertificateProfileBase
| Property | Type | Description |
|---|---|---|
| id | String | Key of the entity. Inherited from deviceConfiguration |
| lastModifiedDateTime | DateTimeOffset | DateTime the object was last modified. Inherited from deviceConfiguration |
| roleScopeTagIds | String collection | List of Scope Tags for this Entity instance. Inherited from deviceConfiguration |
| supportsScopeTags | Boolean | Indicates whether or not the underlying Device Configuration supports the assignment of scope tags. Assigning to the ScopeTags property is not allowed when this value is false and entities will not be visible to scoped users. This occurs for Legacy policies created in Silverlight and can be resolved by deleting and recreating the policy in the Azure Portal. This property is read-only. Inherited from deviceConfiguration |
| deviceManagementApplicabilityRuleOsEdition | deviceManagementApplicabilityRuleOsEdition | The OS edition applicability for this Policy. Inherited from deviceConfiguration |
| deviceManagementApplicabilityRuleOsVersion | deviceManagementApplicabilityRuleOsVersion | The OS version applicability rule for this Policy. Inherited from deviceConfiguration |
| deviceManagementApplicabilityRuleDeviceMode | deviceManagementApplicabilityRuleDeviceMode | The device mode applicability rule for this Policy. Inherited from deviceConfiguration |
| createdDateTime | DateTimeOffset | DateTime the object was created. Inherited from deviceConfiguration |
| description | String | Admin provided description of the Device Configuration. Inherited from deviceConfiguration |
| displayName | String | Admin provided name of the device configuration. Inherited from deviceConfiguration |
| version | Int32 | Version of the device configuration. Inherited from deviceConfiguration |
| renewalThresholdPercentage | Int32 | Certificate renewal threshold percentage. Valid values 1 to 99 Inherited from windowsCertificateProfileBase |
| keyStorageProvider | keyStorageProviderOption | Key Storage Provider (KSP) Inherited from windowsCertificateProfileBase. Possible values are: useTpmKspOtherwiseUseSoftwareKsp, useTpmKspOtherwiseFail, usePassportForWorkKspOtherwiseFail, useSoftwareKsp. |
| subjectNameFormat | subjectNameFormat | Certificate Subject Name Format Inherited from windowsCertificateProfileBase. Possible values are: commonName, commonNameIncludingEmail, commonNameAsEmail, custom, commonNameAsIMEI, commonNameAsSerialNumber, commonNameAsAadDeviceId, commonNameAsIntuneDeviceId, commonNameAsDurableDeviceId. |
| subjectAlternativeNameType | subjectAlternativeNameType | Certificate Subject Alternative Name Type Inherited from windowsCertificateProfileBase. Possible values are: none, emailAddress, userPrincipalName, customAzureADAttribute, domainNameService, universalResourceIdentifier. |
| certificateValidityPeriodValue | Int32 | Value for the Certificate Validity Period Inherited from windowsCertificateProfileBase |
| certificateValidityPeriodScale | certificateValidityPeriodScale | Scale for the Certificate Validity Period Inherited from windowsCertificateProfileBase. Possible values are: days, months, years. |
| extendedKeyUsages | extendedKeyUsage collection | Extended Key Usage (EKU) settings. This collection can contain a maximum of 500 elements. |
| customSubjectAlternativeNames | customSubjectAlternativeName collection | Custom Subject Alternative Name Settings. This collection can contain a maximum of 500 elements. |
Graph reference: windows81CompliancePolicy
| Property | Type | Description |
|---|---|---|
| id | String | Key of the entity. Inherited from deviceCompliancePolicy |
| createdDateTime | DateTimeOffset | DateTime the object was created. Inherited from deviceCompliancePolicy |
| description | String | Admin provided description of the Device Configuration. Inherited from deviceCompliancePolicy |
| lastModifiedDateTime | DateTimeOffset | DateTime the object was last modified. Inherited from deviceCompliancePolicy |
| displayName | String | Admin provided name of the device configuration. Inherited from deviceCompliancePolicy |
| version | Int32 | Version of the device configuration. Inherited from deviceCompliancePolicy |
| passwordRequired | Boolean | Require a password to unlock Windows device. |
| passwordBlockSimple | Boolean | Indicates whether or not to block simple password. |
| passwordExpirationDays | Int32 | Password expiration in days. |
| passwordMinimumLength | Int32 | The minimum password length. |
| passwordMinutesOfInactivityBeforeLock | Int32 | Minutes of inactivity before a password is required. |
| passwordMinimumCharacterSetCount | Int32 | The number of character sets required in the password. |
| passwordRequiredType | requiredPasswordType | The required password type. Possible values are: deviceDefault, alphanumeric, numeric. |
| passwordPreviousPasswordBlockCount | Int32 | The number of previous passwords to prevent re-use of. Valid values 0 to 24 |
| osMinimumVersion | String | Minimum Windows 8.1 version. |
| osMaximumVersion | String | Maximum Windows 8.1 version. |
| storageRequireEncryption | Boolean | Indicates whether or not to require encryption on a windows 8.1 device. |
Graph reference: windows81GeneralConfiguration
| Property | Type | Description |
|---|---|---|
| id | String | Key of the entity. Inherited from deviceConfiguration |
| lastModifiedDateTime | DateTimeOffset | DateTime the object was last modified. Inherited from deviceConfiguration |
| createdDateTime | DateTimeOffset | DateTime the object was created. Inherited from deviceConfiguration |
| description | String | Admin provided description of the Device Configuration. Inherited from deviceConfiguration |
| displayName | String | Admin provided name of the device configuration. Inherited from deviceConfiguration |
| version | Int32 | Version of the device configuration. Inherited from deviceConfiguration |
| accountsBlockAddingNonMicrosoftAccountEmail | Boolean | Indicates whether or not to Block the user from adding email accounts to the device that are not associated with a Microsoft account. |
| applyOnlyToWindows81 | Boolean | Value indicating whether this policy only applies to Windows 8.1. This property is read-only. |
| browserBlockAutofill | Boolean | Indicates whether or not to block auto fill. |
| browserBlockAutomaticDetectionOfIntranetSites | Boolean | Indicates whether or not to block automatic detection of Intranet sites. |
| browserBlockEnterpriseModeAccess | Boolean | Indicates whether or not to block enterprise mode access. |
| browserBlockJavaScript | Boolean | Indicates whether or not to Block the user from using JavaScript. |
| browserBlockPlugins | Boolean | Indicates whether or not to block plug-ins. |
| browserBlockPopups | Boolean | Indicates whether or not to block popups. |
| browserBlockSendingDoNotTrackHeader | Boolean | Indicates whether or not to Block the user from sending the do not track header. |
| browserBlockSingleWordEntryOnIntranetSites | Boolean | Indicates whether or not to block a single word entry on Intranet sites. |
| browserRequireSmartScreen | Boolean | Indicates whether or not to require the user to use the smart screen filter. |
| browserEnterpriseModeSiteListLocation | String | The enterprise mode site list location. Could be a local file, local network or http location. |
| browserInternetSecurityLevel | internetSiteSecurityLevel | The internet security level. Possible values are: userDefined, medium, mediumHigh, high. |
| browserIntranetSecurityLevel | siteSecurityLevel | The Intranet security level. Possible values are: userDefined, low, mediumLow, medium, mediumHigh, high. |
| browserLoggingReportLocation | String | The logging report location. |
| browserRequireHighSecurityForRestrictedSites | Boolean | Indicates whether or not to require high security for restricted sites. |
| browserRequireFirewall | Boolean | Indicates whether or not to require a firewall. |
| browserRequireFraudWarning | Boolean | Indicates whether or not to require fraud warning. |
| browserTrustedSitesSecurityLevel | siteSecurityLevel | The trusted sites security level. Possible values are: userDefined, low, mediumLow, medium, mediumHigh, high. |
| cellularBlockDataRoaming | Boolean | Indicates whether or not to block data roaming. |
| diagnosticsBlockDataSubmission | Boolean | Indicates whether or not to block diagnostic data submission. |
| passwordBlockPicturePasswordAndPin | Boolean | Indicates whether or not to Block the user from using a pictures password and pin. |
| passwordExpirationDays | Int32 | Password expiration in days. |
| passwordMinimumLength | Int32 | The minimum password length. |
| passwordMinutesOfInactivityBeforeScreenTimeout | Int32 | The minutes of inactivity before the screen times out. |
| passwordMinimumCharacterSetCount | Int32 | The number of character sets required in the password. |
| passwordPreviousPasswordBlockCount | Int32 | The number of previous passwords to prevent re-use of. Valid values 0 to 24 |
| passwordRequiredType | requiredPasswordType | The required password type. Possible values are: deviceDefault, alphanumeric, numeric. |
| passwordSignInFailureCountBeforeFactoryReset | Int32 | The number of sign in failures before factory reset. |
| storageRequireDeviceEncryption | Boolean | Indicates whether or not to require encryption on a mobile device. |
| updatesRequireAutomaticUpdates | Boolean | Indicates whether or not to require automatic updates. |
| userAccountControlSettings | windowsUserAccountControlSettings | The user account control settings. Possible values are: userDefined, alwaysNotify, notifyOnAppChanges, notifyOnAppChangesWithoutDimming, neverNotify. |
| workFoldersUrl | String | The work folders url. |
Graph reference: windows81SCEPCertificateProfile
| Property | Type | Description |
|---|---|---|
| id | String | Key of the entity. Inherited from deviceConfiguration |
| lastModifiedDateTime | DateTimeOffset | DateTime the object was last modified. Inherited from deviceConfiguration |
| roleScopeTagIds | String collection | List of Scope Tags for this Entity instance. Inherited from deviceConfiguration |
| supportsScopeTags | Boolean | Indicates whether or not the underlying Device Configuration supports the assignment of scope tags. Assigning to the ScopeTags property is not allowed when this value is false and entities will not be visible to scoped users. This occurs for Legacy policies created in Silverlight and can be resolved by deleting and recreating the policy in the Azure Portal. This property is read-only. Inherited from deviceConfiguration |
| deviceManagementApplicabilityRuleOsEdition | deviceManagementApplicabilityRuleOsEdition | The OS edition applicability for this Policy. Inherited from deviceConfiguration |
| deviceManagementApplicabilityRuleOsVersion | deviceManagementApplicabilityRuleOsVersion | The OS version applicability rule for this Policy. Inherited from deviceConfiguration |
| deviceManagementApplicabilityRuleDeviceMode | deviceManagementApplicabilityRuleDeviceMode | The device mode applicability rule for this Policy. Inherited from deviceConfiguration |
| createdDateTime | DateTimeOffset | DateTime the object was created. Inherited from deviceConfiguration |
| description | String | Admin provided description of the Device Configuration. Inherited from deviceConfiguration |
| displayName | String | Admin provided name of the device configuration. Inherited from deviceConfiguration |
| version | Int32 | Version of the device configuration. Inherited from deviceConfiguration |
| renewalThresholdPercentage | Int32 | Certificate renewal threshold percentage. Valid values 1 to 99 Inherited from windowsCertificateProfileBase |
| keyStorageProvider | keyStorageProviderOption | Key Storage Provider (KSP) Inherited from windowsCertificateProfileBase. Possible values are: useTpmKspOtherwiseUseSoftwareKsp, useTpmKspOtherwiseFail, usePassportForWorkKspOtherwiseFail, useSoftwareKsp. |
| subjectNameFormat | subjectNameFormat | Certificate Subject Name Format Inherited from windowsCertificateProfileBase. Possible values are: commonName, commonNameIncludingEmail, commonNameAsEmail, custom, commonNameAsIMEI, commonNameAsSerialNumber, commonNameAsAadDeviceId, commonNameAsIntuneDeviceId, commonNameAsDurableDeviceId. |
| subjectAlternativeNameType | subjectAlternativeNameType | Certificate Subject Alternative Name Type Inherited from windowsCertificateProfileBase. Possible values are: none, emailAddress, userPrincipalName, customAzureADAttribute, domainNameService, universalResourceIdentifier. |
| certificateValidityPeriodValue | Int32 | Value for the Certificate Validity Period Inherited from windowsCertificateProfileBase |
| certificateValidityPeriodScale | certificateValidityPeriodScale | Scale for the Certificate Validity Period Inherited from windowsCertificateProfileBase. Possible values are: days, months, years. |
| extendedKeyUsages | extendedKeyUsage collection | Extended Key Usage (EKU) settings. This collection can contain a maximum of 500 elements. Inherited from windows81CertificateProfileBase |
| customSubjectAlternativeNames | customSubjectAlternativeName collection | Custom Subject Alternative Name Settings. This collection can contain a maximum of 500 elements. Inherited from windows81CertificateProfileBase |
| scepServerUrls | String collection | SCEP Server Url(s). |
| subjectNameFormatString | String | Custom format to use with SubjectNameFormat = Custom. Example: CN={{EmailAddress}},E={{EmailAddress}},OU=Enterprise Users,O=Contoso Corporation,L=Redmond,ST=WA,C=US |
| keyUsage | keyUsages | SCEP Key Usage. Possible values are: keyEncipherment, digitalSignature. |
| keySize | keySize | SCEP Key Size. Possible values are: size1024, size2048, size4096. |
| hashAlgorithm | hashAlgorithms | SCEP Hash Algorithm. Possible values are: sha1, sha2. |
| subjectAlternativeNameFormatString | String | Custom String that defines the AAD Attribute. |
| certificateStore | certificateStore | Target store certificate. Possible values are: user, machine. |
Graph reference: windows81TrustedRootCertificate
| Property | Type | Description |
|---|---|---|
| id | String | Key of the entity. Inherited from deviceConfiguration |
| lastModifiedDateTime | DateTimeOffset | DateTime the object was last modified. Inherited from deviceConfiguration |
| roleScopeTagIds | String collection | List of Scope Tags for this Entity instance. Inherited from deviceConfiguration |
| supportsScopeTags | Boolean | Indicates whether or not the underlying Device Configuration supports the assignment of scope tags. Assigning to the ScopeTags property is not allowed when this value is false and entities will not be visible to scoped users. This occurs for Legacy policies created in Silverlight and can be resolved by deleting and recreating the policy in the Azure Portal. This property is read-only. Inherited from deviceConfiguration |
| deviceManagementApplicabilityRuleOsEdition | deviceManagementApplicabilityRuleOsEdition | The OS edition applicability for this Policy. Inherited from deviceConfiguration |
| deviceManagementApplicabilityRuleOsVersion | deviceManagementApplicabilityRuleOsVersion | The OS version applicability rule for this Policy. Inherited from deviceConfiguration |
| deviceManagementApplicabilityRuleDeviceMode | deviceManagementApplicabilityRuleDeviceMode | The device mode applicability rule for this Policy. Inherited from deviceConfiguration |
| createdDateTime | DateTimeOffset | DateTime the object was created. Inherited from deviceConfiguration |
| description | String | Admin provided description of the Device Configuration. Inherited from deviceConfiguration |
| displayName | String | Admin provided name of the device configuration. Inherited from deviceConfiguration |
| version | Int32 | Version of the device configuration. Inherited from deviceConfiguration |
| trustedRootCertificate | Binary | Trusted Root Certificate |
| certFileName | String | File name to display in UI. |
| destinationStore | certificateDestinationStore | Destination store location for the Trusted Root Certificate. Possible values are: computerCertStoreRoot, computerCertStoreIntermediate, userCertStoreIntermediate. |
Graph reference: windows81VpnConfiguration
| Property | Type | Description |
|---|---|---|
| id | String | Key of the entity. Inherited from deviceConfiguration |
| lastModifiedDateTime | DateTimeOffset | DateTime the object was last modified. Inherited from deviceConfiguration |
| roleScopeTagIds | String collection | List of Scope Tags for this Entity instance. Inherited from deviceConfiguration |
| supportsScopeTags | Boolean | Indicates whether or not the underlying Device Configuration supports the assignment of scope tags. Assigning to the ScopeTags property is not allowed when this value is false and entities will not be visible to scoped users. This occurs for Legacy policies created in Silverlight and can be resolved by deleting and recreating the policy in the Azure Portal. This property is read-only. Inherited from deviceConfiguration |
| deviceManagementApplicabilityRuleOsEdition | deviceManagementApplicabilityRuleOsEdition | The OS edition applicability for this Policy. Inherited from deviceConfiguration |
| deviceManagementApplicabilityRuleOsVersion | deviceManagementApplicabilityRuleOsVersion | The OS version applicability rule for this Policy. Inherited from deviceConfiguration |
| deviceManagementApplicabilityRuleDeviceMode | deviceManagementApplicabilityRuleDeviceMode | The device mode applicability rule for this Policy. Inherited from deviceConfiguration |
| createdDateTime | DateTimeOffset | DateTime the object was created. Inherited from deviceConfiguration |
| description | String | Admin provided description of the Device Configuration. Inherited from deviceConfiguration |
| displayName | String | Admin provided name of the device configuration. Inherited from deviceConfiguration |
| version | Int32 | Version of the device configuration. Inherited from deviceConfiguration |
| connectionName | String | Connection name displayed to the user. Inherited from windowsVpnConfiguration |
| servers | vpnServer collection | List of VPN Servers on the network. Make sure end users can access these network locations. This collection can contain a maximum of 500 elements. Inherited from windowsVpnConfiguration |
| customXml | Binary | Custom XML commands that configures the VPN connection. (UTF8 encoded byte array) Inherited from windowsVpnConfiguration |
| applyOnlyToWindows81 | Boolean | Value indicating whether this policy only applies to Windows 8.1. This property is read-only. |
| connectionType | windowsVpnConnectionType | Connection type. Possible values are: pulseSecure, f5EdgeClient, dellSonicWallMobileConnect, checkPointCapsuleVpn. |
| loginGroupOrDomain | String | Login group or domain when connection type is set to Dell SonicWALL Mobile Connection. |
| enableSplitTunneling | Boolean | Enable split tunneling for the VPN. |
| proxyServer | windows81VpnProxyServer | Proxy Server. |
Graph reference: windows81WifiImportConfiguration
| Property | Type | Description |
|---|---|---|
| id | String | Key of the entity. Inherited from deviceConfiguration |
| lastModifiedDateTime | DateTimeOffset | DateTime the object was last modified. Inherited from deviceConfiguration |
| roleScopeTagIds | String collection | List of Scope Tags for this Entity instance. Inherited from deviceConfiguration |
| supportsScopeTags | Boolean | Indicates whether or not the underlying Device Configuration supports the assignment of scope tags. Assigning to the ScopeTags property is not allowed when this value is false and entities will not be visible to scoped users. This occurs for Legacy policies created in Silverlight and can be resolved by deleting and recreating the policy in the Azure Portal. This property is read-only. Inherited from deviceConfiguration |
| deviceManagementApplicabilityRuleOsEdition | deviceManagementApplicabilityRuleOsEdition | The OS edition applicability for this Policy. Inherited from deviceConfiguration |
| deviceManagementApplicabilityRuleOsVersion | deviceManagementApplicabilityRuleOsVersion | The OS version applicability rule for this Policy. Inherited from deviceConfiguration |
| deviceManagementApplicabilityRuleDeviceMode | deviceManagementApplicabilityRuleDeviceMode | The device mode applicability rule for this Policy. Inherited from deviceConfiguration |
| createdDateTime | DateTimeOffset | DateTime the object was created. Inherited from deviceConfiguration |
| description | String | Admin provided description of the Device Configuration. Inherited from deviceConfiguration |
| displayName | String | Admin provided name of the device configuration. Inherited from deviceConfiguration |
| version | Int32 | Version of the device configuration. Inherited from deviceConfiguration |
| payloadFileName | String | Payload file name (*.xml). |
| profileName | String | Profile name displayed in the UI. |
| payload | Binary | Payload. (UTF8 encoded byte array). This is the XML file saved on the device you used to connect to the Wi-Fi endpoint. |
Graph reference: windowsCertificateProfileBase
| Property | Type | Description |
|---|---|---|
| id | String | Key of the entity. Inherited from deviceConfiguration |
| lastModifiedDateTime | DateTimeOffset | DateTime the object was last modified. Inherited from deviceConfiguration |
| roleScopeTagIds | String collection | List of Scope Tags for this Entity instance. Inherited from deviceConfiguration |
| supportsScopeTags | Boolean | Indicates whether or not the underlying Device Configuration supports the assignment of scope tags. Assigning to the ScopeTags property is not allowed when this value is false and entities will not be visible to scoped users. This occurs for Legacy policies created in Silverlight and can be resolved by deleting and recreating the policy in the Azure Portal. This property is read-only. Inherited from deviceConfiguration |
| deviceManagementApplicabilityRuleOsEdition | deviceManagementApplicabilityRuleOsEdition | The OS edition applicability for this Policy. Inherited from deviceConfiguration |
| deviceManagementApplicabilityRuleOsVersion | deviceManagementApplicabilityRuleOsVersion | The OS version applicability rule for this Policy. Inherited from deviceConfiguration |
| deviceManagementApplicabilityRuleDeviceMode | deviceManagementApplicabilityRuleDeviceMode | The device mode applicability rule for this Policy. Inherited from deviceConfiguration |
| createdDateTime | DateTimeOffset | DateTime the object was created. Inherited from deviceConfiguration |
| description | String | Admin provided description of the Device Configuration. Inherited from deviceConfiguration |
| displayName | String | Admin provided name of the device configuration. Inherited from deviceConfiguration |
| version | Int32 | Version of the device configuration. Inherited from deviceConfiguration |
| renewalThresholdPercentage | Int32 | Certificate renewal threshold percentage. Valid values 1 to 99 |
| keyStorageProvider | keyStorageProviderOption | Key Storage Provider (KSP). Possible values are: useTpmKspOtherwiseUseSoftwareKsp, useTpmKspOtherwiseFail, usePassportForWorkKspOtherwiseFail, useSoftwareKsp. |
| subjectNameFormat | subjectNameFormat | Certificate Subject Name Format. Possible values are: commonName, commonNameIncludingEmail, commonNameAsEmail, custom, commonNameAsIMEI, commonNameAsSerialNumber, commonNameAsAadDeviceId, commonNameAsIntuneDeviceId, commonNameAsDurableDeviceId. |
| subjectAlternativeNameType | subjectAlternativeNameType | Certificate Subject Alternative Name Type. Possible values are: none, emailAddress, userPrincipalName, customAzureADAttribute, domainNameService, universalResourceIdentifier. |
| certificateValidityPeriodValue | Int32 | Value for the Certificate Validity Period |
| certificateValidityPeriodScale | certificateValidityPeriodScale | Scale for the Certificate Validity Period. Possible values are: days, months, years. |
Graph reference: windowsDefenderAdvancedThreatProtectionConfiguration
| Property | Type | Description |
|---|---|---|
| id | String | Key of the entity. Inherited from deviceConfiguration |
| lastModifiedDateTime | DateTimeOffset | DateTime the object was last modified. Inherited from deviceConfiguration |
| createdDateTime | DateTimeOffset | DateTime the object was created. Inherited from deviceConfiguration |
| description | String | Admin provided description of the Device Configuration. Inherited from deviceConfiguration |
| displayName | String | Admin provided name of the device configuration. Inherited from deviceConfiguration |
| version | Int32 | Version of the device configuration. Inherited from deviceConfiguration |
| allowSampleSharing | Boolean | Windows Defender AdvancedThreatProtection "Allow Sample Sharing" Rule |
| enableExpeditedTelemetryReporting | Boolean | Expedite Windows Defender Advanced Threat Protection telemetry reporting frequency. |
Graph reference: windowsDeliveryOptimizationConfiguration
| Property | Type | Description |
|---|---|---|
| id | String | Key of the entity. Inherited from deviceConfiguration |
| lastModifiedDateTime | DateTimeOffset | DateTime the object was last modified. Inherited from deviceConfiguration |
| roleScopeTagIds | String collection | List of Scope Tags for this Entity instance. Inherited from deviceConfiguration |
| supportsScopeTags | Boolean | Indicates whether or not the underlying Device Configuration supports the assignment of scope tags. Assigning to the ScopeTags property is not allowed when this value is false and entities will not be visible to scoped users. This occurs for Legacy policies created in Silverlight and can be resolved by deleting and recreating the policy in the Azure Portal. This property is read-only. Inherited from deviceConfiguration |
| deviceManagementApplicabilityRuleOsEdition | deviceManagementApplicabilityRuleOsEdition | The OS edition applicability for this Policy. Inherited from deviceConfiguration |
| deviceManagementApplicabilityRuleOsVersion | deviceManagementApplicabilityRuleOsVersion | The OS version applicability rule for this Policy. Inherited from deviceConfiguration |
| deviceManagementApplicabilityRuleDeviceMode | deviceManagementApplicabilityRuleDeviceMode | The device mode applicability rule for this Policy. Inherited from deviceConfiguration |
| createdDateTime | DateTimeOffset | DateTime the object was created. Inherited from deviceConfiguration |
| description | String | Admin provided description of the Device Configuration. Inherited from deviceConfiguration |
| displayName | String | Admin provided name of the device configuration. Inherited from deviceConfiguration |
| version | Int32 | Version of the device configuration. Inherited from deviceConfiguration |
| deliveryOptimizationMode | windowsDeliveryOptimizationMode | Specifies the download method that delivery optimization can use to manage network bandwidth consumption for large content distribution scenarios. Possible values are: userDefined, httpOnly, httpWithPeeringNat, httpWithPeeringPrivateGroup, httpWithInternetPeering, simpleDownload, bypassMode. |
| restrictPeerSelectionBy | deliveryOptimizationRestrictPeerSelectionByOptions | Specifies to restrict peer selection via selected option. |
Option 1 (Subnet mask) only applies to Delivery Optimization modes Download Mode LAN (1) and Group (2). Possible values are: notConfigured, subnetMask. |
||
| groupIdSource | deliveryOptimizationGroupIdSource | Specifies to restrict peer selection to a specfic source. |
| The options set in this policy only apply to Delivery Optimization mode Group (2) download mode. If Group (2) isn't set as Download mode, this policy will be ignored. For option 3 - DHCP Option ID, the client will query DHCP Option ID 234 and use the returned GUID value as the Group ID. | ||
| bandwidthMode | deliveryOptimizationBandwidth | Specifies foreground and background bandwidth usage using percentages, absolutes, or hours. |
| backgroundDownloadFromHttpDelayInSeconds | Int64 | Specifies number of seconds to delay an HTTP source in a background download that is allowed to use peer-to-peer. Valid values 0 to 4294967295 |
| foregroundDownloadFromHttpDelayInSeconds | Int64 | Specifies number of seconds to delay an HTTP source in a foreground download that is allowed to use peer-to-peer (0-86400). Valid values 0 to 86400 |
| Specifying 0 sets Delivery Optimization to manage this setting using the cloud service. Valid values 0 to 86400 | ||
| minimumRamAllowedToPeerInGigabytes | Int32 | Specifies the minimum RAM size in GB to use Peer Caching (1-100000). Valid values 1 to 100000 |
| minimumDiskSizeAllowedToPeerInGigabytes | Int32 | Specifies the minimum disk size in GB to use Peer Caching (1-100000). Valid values 1 to 100000 |
| Recommended values: 64 GB to 256 GB. Valid values 1 to 100000 | ||
| minimumFileSizeToCacheInMegabytes | Int32 | Specifies the minimum content file size in MB enabled to use Peer Caching (1-100000). Valid values 1 to 100000 |
| Recommended values: 1 MB to 100,000 MB. Valid values 1 to 100000 | ||
| minimumBatteryPercentageAllowedToUpload | Int32 | Specifies the minimum battery percentage to allow the device to upload data (0-100). Valid values 0 to 100 |
| The default value is 0. The value 0 (zero) means "not limited" and the cloud service default value will be used. Valid values 0 to 100 | ||
| modifyCacheLocation | String | Specifies the drive that Delivery Optimization should use for its cache. |
| maximumCacheAgeInDays | Int32 | Specifies the maximum time in days that each file is held in the Delivery Optimization cache after downloading successfully (0-3650). Valid values 0 to 3650 |
| maximumCacheSize | deliveryOptimizationMaxCacheSize | Specifies the maximum cache size that Delivery Optimization either as a percentage or in GB. |
| vpnPeerCaching | enablement | Specifies whether the device is allowed to participate in Peer Caching while connected via VPN to the domain network. Possible values are: notConfigured, enabled, disabled. |
| cacheServerHostNames | String collection | Specifies cache servers host names. |
| cacheServerForegroundDownloadFallbackToHttpDelayInSeconds | Int32 | Specifies number of seconds to delay a fall back from cache servers to an HTTP source for a foreground download. Valid values 0 to 2592000. |
| cacheServerBackgroundDownloadFallbackToHttpDelayInSeconds | Int32 | Specifies number of seconds to delay a fall back from cache servers to an HTTP source for a background download. Valid values 0 to 2592000. |
Graph reference: windowsDomainJoinConfiguration
| Property | Type | Description |
|---|---|---|
| id | String | Key of the entity. Inherited from deviceConfiguration |
| lastModifiedDateTime | DateTimeOffset | DateTime the object was last modified. Inherited from deviceConfiguration |
| roleScopeTagIds | String collection | List of Scope Tags for this Entity instance. Inherited from deviceConfiguration |
| supportsScopeTags | Boolean | Indicates whether or not the underlying Device Configuration supports the assignment of scope tags. Assigning to the ScopeTags property is not allowed when this value is false and entities will not be visible to scoped users. This occurs for Legacy policies created in Silverlight and can be resolved by deleting and recreating the policy in the Azure Portal. This property is read-only. Inherited from deviceConfiguration |
| deviceManagementApplicabilityRuleOsEdition | deviceManagementApplicabilityRuleOsEdition | The OS edition applicability for this Policy. Inherited from deviceConfiguration |
| deviceManagementApplicabilityRuleOsVersion | deviceManagementApplicabilityRuleOsVersion | The OS version applicability rule for this Policy. Inherited from deviceConfiguration |
| deviceManagementApplicabilityRuleDeviceMode | deviceManagementApplicabilityRuleDeviceMode | The device mode applicability rule for this Policy. Inherited from deviceConfiguration |
| createdDateTime | DateTimeOffset | DateTime the object was created. Inherited from deviceConfiguration |
| description | String | Admin provided description of the Device Configuration. Inherited from deviceConfiguration |
| displayName | String | Admin provided name of the device configuration. Inherited from deviceConfiguration |
| version | Int32 | Version of the device configuration. Inherited from deviceConfiguration |
| computerNameStaticPrefix | String | Fixed prefix to be used for computer name. |
| computerNameSuffixRandomCharCount | Int32 | Dynamically generated characters used as suffix for computer name. Valid values 3 to 14 |
| activeDirectoryDomainName | String | Active Directory domain name to join. |
| organizationalUnit | String | Organizational unit (OU) where the computer account will be created. If this parameter is NULL, the well known computer object container will be used as published in the domain. |
Graph reference: windowsHealthMonitoringConfiguration
| Property | Type | Description |
|---|---|---|
| id | String | Key of the entity. Inherited from deviceConfiguration |
| lastModifiedDateTime | DateTimeOffset | DateTime the object was last modified. Inherited from deviceConfiguration |
| roleScopeTagIds | String collection | List of Scope Tags for this Entity instance. Inherited from deviceConfiguration |
| supportsScopeTags | Boolean | Indicates whether or not the underlying Device Configuration supports the assignment of scope tags. Assigning to the ScopeTags property is not allowed when this value is false and entities will not be visible to scoped users. This occurs for Legacy policies created in Silverlight and can be resolved by deleting and recreating the policy in the Azure Portal. This property is read-only. Inherited from deviceConfiguration |
| deviceManagementApplicabilityRuleOsEdition | deviceManagementApplicabilityRuleOsEdition | The OS edition applicability for this Policy. Inherited from deviceConfiguration |
| deviceManagementApplicabilityRuleOsVersion | deviceManagementApplicabilityRuleOsVersion | The OS version applicability rule for this Policy. Inherited from deviceConfiguration |
| deviceManagementApplicabilityRuleDeviceMode | deviceManagementApplicabilityRuleDeviceMode | The device mode applicability rule for this Policy. Inherited from deviceConfiguration |
| createdDateTime | DateTimeOffset | DateTime the object was created. Inherited from deviceConfiguration |
| description | String | Admin provided description of the Device Configuration. Inherited from deviceConfiguration |
| displayName | String | Admin provided name of the device configuration. Inherited from deviceConfiguration |
| version | Int32 | Version of the device configuration. Inherited from deviceConfiguration |
| allowDeviceHealthMonitoring | enablement | Enables device health monitoring on the device. Possible values are: notConfigured, enabled, disabled. |
| configDeviceHealthMonitoringScope | windowsHealthMonitoringScope | Specifies set of events collected from the device where health monitoring is enabled. Possible values are: undefined, healthMonitoring, bootPerformance, windowsUpdates, privilegeManagement. |
| configDeviceHealthMonitoringCustomScope | String | Specifies custom set of events collected from the device where health monitoring is enabled |
Graph reference: windowsIdentityProtectionConfiguration
| Property | Type | Description |
|---|---|---|
| id | String | Key of the entity. Inherited from deviceConfiguration |
| lastModifiedDateTime | DateTimeOffset | DateTime the object was last modified. Inherited from deviceConfiguration |
| roleScopeTagIds | String collection | List of Scope Tags for this Entity instance. Inherited from deviceConfiguration |
| supportsScopeTags | Boolean | Indicates whether or not the underlying Device Configuration supports the assignment of scope tags. Assigning to the ScopeTags property is not allowed when this value is false and entities will not be visible to scoped users. This occurs for Legacy policies created in Silverlight and can be resolved by deleting and recreating the policy in the Azure Portal. This property is read-only. Inherited from deviceConfiguration |
| deviceManagementApplicabilityRuleOsEdition | deviceManagementApplicabilityRuleOsEdition | The OS edition applicability for this Policy. Inherited from deviceConfiguration |
| deviceManagementApplicabilityRuleOsVersion | deviceManagementApplicabilityRuleOsVersion | The OS version applicability rule for this Policy. Inherited from deviceConfiguration |
| deviceManagementApplicabilityRuleDeviceMode | deviceManagementApplicabilityRuleDeviceMode | The device mode applicability rule for this Policy. Inherited from deviceConfiguration |
| createdDateTime | DateTimeOffset | DateTime the object was created. Inherited from deviceConfiguration |
| description | String | Admin provided description of the Device Configuration. Inherited from deviceConfiguration |
| displayName | String | Admin provided name of the device configuration. Inherited from deviceConfiguration |
| version | Int32 | Version of the device configuration. Inherited from deviceConfiguration |
| useSecurityKeyForSignin | Boolean | Boolean value used to enable the Windows Hello security key as a logon credential. |
| enhancedAntiSpoofingForFacialFeaturesEnabled | Boolean | Boolean value used to enable enhanced anti-spoofing for facial feature recognition on Windows Hello face authentication. |
| pinMinimumLength | Int32 | Integer value that sets the minimum number of characters required for the Windows Hello for Business PIN. Valid values are 4 to 127 inclusive and less than or equal to the value set for the maximum PIN. Valid values 4 to 127 |
| pinMaximumLength | Int32 | Integer value that sets the maximum number of characters allowed for the work PIN. Valid values are 4 to 127 inclusive and greater than or equal to the value set for the minimum PIN. Valid values 4 to 127 |
| pinUppercaseCharactersUsage | configurationUsage | This value configures the use of uppercase characters in the Windows Hello for Business PIN. Possible values are: blocked, required, allowed, notConfigured. |
| pinLowercaseCharactersUsage | configurationUsage | This value configures the use of lowercase characters in the Windows Hello for Business PIN. Possible values are: blocked, required, allowed, notConfigured. |
| pinSpecialCharactersUsage | configurationUsage | Controls the ability to use special characters in the Windows Hello for Business PIN. Possible values are: blocked, required, allowed, notConfigured. |
| pinExpirationInDays | Int32 | Integer value specifies the period (in days) that a PIN can be used before the system requires the user to change it. Valid values are 0 to 730 inclusive. Valid values 0 to 730 |
| pinPreviousBlockCount | Int32 | Controls the ability to prevent users from using past PINs. This must be set between 0 and 50, inclusive, and the current PIN of the user is included in that count. If set to 0, previous PINs are not stored. PIN history is not preserved through a PIN reset. Valid values 0 to 50 |
| pinRecoveryEnabled | Boolean | Boolean value that enables a user to change their PIN by using the Windows Hello for Business PIN recovery service. |
| securityDeviceRequired | Boolean | Controls whether to require a Trusted Platform Module (TPM) for provisioning Windows Hello for Business. A TPM provides an additional security benefit in that data stored on it cannot be used on other devices. If set to False, all devices can provision Windows Hello for Business even if there is not a usable TPM. |
| unlockWithBiometricsEnabled | Boolean | Controls the use of biometric gestures, such as face and fingerprint, as an alternative to the Windows Hello for Business PIN. If set to False, biometric gestures are not allowed. Users must still configure a PIN as a backup in case of failures. |
| useCertificatesForOnPremisesAuthEnabled | Boolean | Boolean value that enables Windows Hello for Business to use certificates to authenticate on-premise resources. |
| windowsHelloForBusinessBlocked | Boolean | Boolean value that blocks Windows Hello for Business as a method for signing into Windows. |
Graph reference: windowsKioskConfiguration
| Property | Type | Description |
|---|---|---|
| id | String | Key of the entity. Inherited from deviceConfiguration |
| lastModifiedDateTime | DateTimeOffset | DateTime the object was last modified. Inherited from deviceConfiguration |
| roleScopeTagIds | String collection | List of Scope Tags for this Entity instance. Inherited from deviceConfiguration |
| supportsScopeTags | Boolean | Indicates whether or not the underlying Device Configuration supports the assignment of scope tags. Assigning to the ScopeTags property is not allowed when this value is false and entities will not be visible to scoped users. This occurs for Legacy policies created in Silverlight and can be resolved by deleting and recreating the policy in the Azure Portal. This property is read-only. Inherited from deviceConfiguration |
| deviceManagementApplicabilityRuleOsEdition | deviceManagementApplicabilityRuleOsEdition | The OS edition applicability for this Policy. Inherited from deviceConfiguration |
| deviceManagementApplicabilityRuleOsVersion | deviceManagementApplicabilityRuleOsVersion | The OS version applicability rule for this Policy. Inherited from deviceConfiguration |
| deviceManagementApplicabilityRuleDeviceMode | deviceManagementApplicabilityRuleDeviceMode | The device mode applicability rule for this Policy. Inherited from deviceConfiguration |
| createdDateTime | DateTimeOffset | DateTime the object was created. Inherited from deviceConfiguration |
| description | String | Admin provided description of the Device Configuration. Inherited from deviceConfiguration |
| displayName | String | Admin provided name of the device configuration. Inherited from deviceConfiguration |
| version | Int32 | Version of the device configuration. Inherited from deviceConfiguration |
| kioskProfiles | windowsKioskProfile collection | This policy setting allows to define a list of Kiosk profiles for a Kiosk configuration. This collection can contain a maximum of 3 elements. |
| kioskBrowserDefaultUrl | String | Specify the default URL the browser should navigate to on launch. |
| kioskBrowserEnableHomeButton | Boolean | Enable the kiosk browser's home button. By default, the home button is disabled. |
| kioskBrowserEnableNavigationButtons | Boolean | Enable the kiosk browser's navigation buttons(forward/back). By default, the navigation buttons are disabled. |
| kioskBrowserEnableEndSessionButton | Boolean | Enable the kiosk browser's end session button. By default, the end session button is disabled. |
| kioskBrowserRestartOnIdleTimeInMinutes | Int32 | Specify the number of minutes the session is idle until the kiosk browser restarts in a fresh state. Valid values are 1-1440. Valid values 1 to 1440 |
| kioskBrowserBlockedURLs | String collection | Specify URLs that the kiosk browsers should not navigate to |
| kioskBrowserBlockedUrlExceptions | String collection | Specify URLs that the kiosk browser is allowed to navigate to |
| edgeKioskEnablePublicBrowsing | Boolean | Enable public browsing kiosk mode for the Microsoft Edge browser. The Default is false. |
| windowsKioskForceUpdateSchedule | windowsKioskForceUpdateSchedule | force update schedule for Kiosk devices. |
Graph reference: windowsPhone81CertificateProfileBase
| Property | Type | Description |
|---|---|---|
| id | String | Key of the entity. Inherited from deviceConfiguration |
| lastModifiedDateTime | DateTimeOffset | DateTime the object was last modified. Inherited from deviceConfiguration |
| roleScopeTagIds | String collection | List of Scope Tags for this Entity instance. Inherited from deviceConfiguration |
| supportsScopeTags | Boolean | Indicates whether or not the underlying Device Configuration supports the assignment of scope tags. Assigning to the ScopeTags property is not allowed when this value is false and entities will not be visible to scoped users. This occurs for Legacy policies created in Silverlight and can be resolved by deleting and recreating the policy in the Azure Portal. This property is read-only. Inherited from deviceConfiguration |
| deviceManagementApplicabilityRuleOsEdition | deviceManagementApplicabilityRuleOsEdition | The OS edition applicability for this Policy. Inherited from deviceConfiguration |
| deviceManagementApplicabilityRuleOsVersion | deviceManagementApplicabilityRuleOsVersion | The OS version applicability rule for this Policy. Inherited from deviceConfiguration |
| deviceManagementApplicabilityRuleDeviceMode | deviceManagementApplicabilityRuleDeviceMode | The device mode applicability rule for this Policy. Inherited from deviceConfiguration |
| createdDateTime | DateTimeOffset | DateTime the object was created. Inherited from deviceConfiguration |
| description | String | Admin provided description of the Device Configuration. Inherited from deviceConfiguration |
| displayName | String | Admin provided name of the device configuration. Inherited from deviceConfiguration |
| version | Int32 | Version of the device configuration. Inherited from deviceConfiguration |
| renewalThresholdPercentage | Int32 | Certificate renewal threshold percentage. |
| keyStorageProvider | keyStorageProviderOption | Key Storage Provider (KSP). Possible values are: useTpmKspOtherwiseUseSoftwareKsp, useTpmKspOtherwiseFail, usePassportForWorkKspOtherwiseFail, useSoftwareKsp. |
| subjectNameFormat | subjectNameFormat | Certificate Subject Name Format. Possible values are: commonName, commonNameIncludingEmail, commonNameAsEmail, custom, commonNameAsIMEI, commonNameAsSerialNumber, commonNameAsAadDeviceId, commonNameAsIntuneDeviceId, commonNameAsDurableDeviceId. |
| subjectAlternativeNameType | subjectAlternativeNameType | Certificate Subject Alternative Name Type. Possible values are: none, emailAddress, userPrincipalName, customAzureADAttribute, domainNameService, universalResourceIdentifier. |
| certificateValidityPeriodValue | Int32 | Value for the Certificate Validtiy Period. |
| certificateValidityPeriodScale | certificateValidityPeriodScale | Scale for the Certificate Validity Period. Possible values are: days, months, years. |
| extendedKeyUsages | extendedKeyUsage collection | Extended Key Usage (EKU) settings. This collection can contain a maximum of 500 elements. |
Graph reference: windowsPhone81CompliancePolicy
| Property | Type | Description |
|---|---|---|
| id | String | Key of the entity. Inherited from deviceCompliancePolicy |
| createdDateTime | DateTimeOffset | DateTime the object was created. Inherited from deviceCompliancePolicy |
| description | String | Admin provided description of the Device Configuration. Inherited from deviceCompliancePolicy |
| lastModifiedDateTime | DateTimeOffset | DateTime the object was last modified. Inherited from deviceCompliancePolicy |
| displayName | String | Admin provided name of the device configuration. Inherited from deviceCompliancePolicy |
| version | Int32 | Version of the device configuration. Inherited from deviceCompliancePolicy |
| passwordBlockSimple | Boolean | Whether or not to block syncing the calendar. |
| passwordExpirationDays | Int32 | Number of days before the password expires. |
| passwordMinimumLength | Int32 | Minimum length of passwords. |
| passwordMinutesOfInactivityBeforeLock | Int32 | Minutes of inactivity before a password is required. |
| passwordMinimumCharacterSetCount | Int32 | The number of character sets required in the password. |
| passwordRequiredType | requiredPasswordType | The required password type. Possible values are: deviceDefault, alphanumeric, numeric. |
| passwordPreviousPasswordBlockCount | Int32 | Number of previous passwords to block. Valid values 0 to 24 |
| passwordRequired | Boolean | Whether or not to require a password. |
| osMinimumVersion | String | Minimum Windows Phone version. |
| osMaximumVersion | String | Maximum Windows Phone version. |
| storageRequireEncryption | Boolean | Require encryption on windows phone devices. |
Graph reference: windowsPhone81CustomConfiguration
| Property | Type | Description |
|---|---|---|
| id | String | Key of the entity. Inherited from deviceConfiguration |
| lastModifiedDateTime | DateTimeOffset | DateTime the object was last modified. Inherited from deviceConfiguration |
| createdDateTime | DateTimeOffset | DateTime the object was created. Inherited from deviceConfiguration |
| description | String | Admin provided description of the Device Configuration. Inherited from deviceConfiguration |
| displayName | String | Admin provided name of the device configuration. Inherited from deviceConfiguration |
| version | Int32 | Version of the device configuration. Inherited from deviceConfiguration |
| omaSettings | omaSetting collection | OMA settings. This collection can contain a maximum of 1000 elements. |
Graph reference: windowsPhone81GeneralConfiguration
| Property | Type | Description |
|---|---|---|
| id | String | Key of the entity. Inherited from deviceConfiguration |
| lastModifiedDateTime | DateTimeOffset | DateTime the object was last modified. Inherited from deviceConfiguration |
| createdDateTime | DateTimeOffset | DateTime the object was created. Inherited from deviceConfiguration |
| description | String | Admin provided description of the Device Configuration. Inherited from deviceConfiguration |
| displayName | String | Admin provided name of the device configuration. Inherited from deviceConfiguration |
| version | Int32 | Version of the device configuration. Inherited from deviceConfiguration |
| applyOnlyToWindowsPhone81 | Boolean | Value indicating whether this policy only applies to Windows Phone 8.1. This property is read-only. |
| appsBlockCopyPaste | Boolean | Indicates whether or not to block copy paste. |
| bluetoothBlocked | Boolean | Indicates whether or not to block bluetooth. |
| cameraBlocked | Boolean | Indicates whether or not to block camera. |
| cellularBlockWifiTethering | Boolean | Indicates whether or not to block Wi-Fi tethering. Has no impact if Wi-Fi is blocked. |
| compliantAppsList | appListItem collection | List of apps in the compliance (either allow list or block list, controlled by CompliantAppListType). This collection can contain a maximum of 10000 elements. |
| compliantAppListType | appListType | List that is in the AppComplianceList. Possible values are: none, appsInListCompliant, appsNotInListCompliant. |
| diagnosticDataBlockSubmission | Boolean | Indicates whether or not to block diagnostic data submission. |
| emailBlockAddingAccounts | Boolean | Indicates whether or not to block custom email accounts. |
| locationServicesBlocked | Boolean | Indicates whether or not to block location services. |
| microsoftAccountBlocked | Boolean | Indicates whether or not to block using a Microsoft Account. |
| nfcBlocked | Boolean | Indicates whether or not to block Near-Field Communication. |
| passwordBlockSimple | Boolean | Indicates whether or not to block syncing the calendar. |
| passwordExpirationDays | Int32 | Number of days before the password expires. |
| passwordMinimumLength | Int32 | Minimum length of passwords. |
| passwordMinutesOfInactivityBeforeScreenTimeout | Int32 | Minutes of inactivity before screen timeout. |
| passwordMinimumCharacterSetCount | Int32 | Number of character sets a password must contain. |
| passwordPreviousPasswordBlockCount | Int32 | Number of previous passwords to block. Valid values 0 to 24 |
| passwordSignInFailureCountBeforeFactoryReset | Int32 | Number of sign in failures allowed before factory reset. |
| passwordRequiredType | requiredPasswordType | Password type that is required. Possible values are: deviceDefault, alphanumeric, numeric. |
| passwordRequired | Boolean | Indicates whether or not to require a password. |
| screenCaptureBlocked | Boolean | Indicates whether or not to block screenshots. |
| storageBlockRemovableStorage | Boolean | Indicates whether or not to block removable storage. |
| storageRequireEncryption | Boolean | Indicates whether or not to require encryption. |
| webBrowserBlocked | Boolean | Indicates whether or not to block the web browser. |
| wifiBlocked | Boolean | Indicates whether or not to block Wi-Fi. |
| wifiBlockAutomaticConnectHotspots | Boolean | Indicates whether or not to block automatically connecting to Wi-Fi hotspots. Has no impact if Wi-Fi is blocked. |
| wifiBlockHotspotReporting | Boolean | Indicates whether or not to block Wi-Fi hotspot reporting. Has no impact if Wi-Fi is blocked. |
| windowsStoreBlocked | Boolean | Indicates whether or not to block the Windows Store. |
Graph reference: windowsPhone81ImportedPFXCertificateProfile
| Property | Type | Description |
|---|---|---|
| id | String | Key of the entity. Inherited from deviceConfiguration |
| lastModifiedDateTime | DateTimeOffset | DateTime the object was last modified. Inherited from deviceConfiguration |
| roleScopeTagIds | String collection | List of Scope Tags for this Entity instance. Inherited from deviceConfiguration |
| supportsScopeTags | Boolean | Indicates whether or not the underlying Device Configuration supports the assignment of scope tags. Assigning to the ScopeTags property is not allowed when this value is false and entities will not be visible to scoped users. This occurs for Legacy policies created in Silverlight and can be resolved by deleting and recreating the policy in the Azure Portal. This property is read-only. Inherited from deviceConfiguration |
| deviceManagementApplicabilityRuleOsEdition | deviceManagementApplicabilityRuleOsEdition | The OS edition applicability for this Policy. Inherited from deviceConfiguration |
| deviceManagementApplicabilityRuleOsVersion | deviceManagementApplicabilityRuleOsVersion | The OS version applicability rule for this Policy. Inherited from deviceConfiguration |
| deviceManagementApplicabilityRuleDeviceMode | deviceManagementApplicabilityRuleDeviceMode | The device mode applicability rule for this Policy. Inherited from deviceConfiguration |
| createdDateTime | DateTimeOffset | DateTime the object was created. Inherited from deviceConfiguration |
| description | String | Admin provided description of the Device Configuration. Inherited from deviceConfiguration |
| displayName | String | Admin provided name of the device configuration. Inherited from deviceConfiguration |
| version | Int32 | Version of the device configuration. Inherited from deviceConfiguration |
| renewalThresholdPercentage | Int32 | Certificate renewal threshold percentage. Valid values 1 to 99 Inherited from windowsCertificateProfileBase |
| keyStorageProvider | keyStorageProviderOption | Key Storage Provider (KSP) Inherited from windowsCertificateProfileBase. Possible values are: useTpmKspOtherwiseUseSoftwareKsp, useTpmKspOtherwiseFail, usePassportForWorkKspOtherwiseFail, useSoftwareKsp. |
| subjectNameFormat | subjectNameFormat | Certificate Subject Name Format Inherited from windowsCertificateProfileBase. Possible values are: commonName, commonNameIncludingEmail, commonNameAsEmail, custom, commonNameAsIMEI, commonNameAsSerialNumber, commonNameAsAadDeviceId, commonNameAsIntuneDeviceId, commonNameAsDurableDeviceId. |
| subjectAlternativeNameType | subjectAlternativeNameType | Certificate Subject Alternative Name Type Inherited from windowsCertificateProfileBase. Possible values are: none, emailAddress, userPrincipalName, customAzureADAttribute, domainNameService, universalResourceIdentifier. |
| certificateValidityPeriodValue | Int32 | Value for the Certificate Validity Period Inherited from windowsCertificateProfileBase |
| certificateValidityPeriodScale | certificateValidityPeriodScale | Scale for the Certificate Validity Period Inherited from windowsCertificateProfileBase. Possible values are: days, months, years. |
| intendedPurpose | intendedPurpose | Intended Purpose of the Certificate Profile - which could be Unassigned, SmimeEncryption, SmimeSigning etc. Possible values are: unassigned, smimeEncryption, smimeSigning, vpn, wifi. |
Graph reference: windowsPhone81SCEPCertificateProfile
| Property | Type | Description |
|---|---|---|
| id | String | Key of the entity. Inherited from deviceConfiguration |
| lastModifiedDateTime | DateTimeOffset | DateTime the object was last modified. Inherited from deviceConfiguration |
| roleScopeTagIds | String collection | List of Scope Tags for this Entity instance. Inherited from deviceConfiguration |
| supportsScopeTags | Boolean | Indicates whether or not the underlying Device Configuration supports the assignment of scope tags. Assigning to the ScopeTags property is not allowed when this value is false and entities will not be visible to scoped users. This occurs for Legacy policies created in Silverlight and can be resolved by deleting and recreating the policy in the Azure Portal. This property is read-only. Inherited from deviceConfiguration |
| deviceManagementApplicabilityRuleOsEdition | deviceManagementApplicabilityRuleOsEdition | The OS edition applicability for this Policy. Inherited from deviceConfiguration |
| deviceManagementApplicabilityRuleOsVersion | deviceManagementApplicabilityRuleOsVersion | The OS version applicability rule for this Policy. Inherited from deviceConfiguration |
| deviceManagementApplicabilityRuleDeviceMode | deviceManagementApplicabilityRuleDeviceMode | The device mode applicability rule for this Policy. Inherited from deviceConfiguration |
| createdDateTime | DateTimeOffset | DateTime the object was created. Inherited from deviceConfiguration |
| description | String | Admin provided description of the Device Configuration. Inherited from deviceConfiguration |
| displayName | String | Admin provided name of the device configuration. Inherited from deviceConfiguration |
| version | Int32 | Version of the device configuration. Inherited from deviceConfiguration |
| renewalThresholdPercentage | Int32 | Certificate renewal threshold percentage. Inherited from windowsPhone81CertificateProfileBase |
| keyStorageProvider | keyStorageProviderOption | Key Storage Provider (KSP). Inherited from windowsPhone81CertificateProfileBase. Possible values are: useTpmKspOtherwiseUseSoftwareKsp, useTpmKspOtherwiseFail, usePassportForWorkKspOtherwiseFail, useSoftwareKsp. |
| subjectNameFormat | subjectNameFormat | Certificate Subject Name Format. Inherited from windowsPhone81CertificateProfileBase. Possible values are: commonName, commonNameIncludingEmail, commonNameAsEmail, custom, commonNameAsIMEI, commonNameAsSerialNumber, commonNameAsAadDeviceId, commonNameAsIntuneDeviceId, commonNameAsDurableDeviceId. |
| subjectAlternativeNameType | subjectAlternativeNameType | Certificate Subject Alternative Name Type. Inherited from windowsPhone81CertificateProfileBase. Possible values are: none, emailAddress, userPrincipalName, customAzureADAttribute, domainNameService, universalResourceIdentifier. |
| certificateValidityPeriodValue | Int32 | Value for the Certificate Validtiy Period. Inherited from windowsPhone81CertificateProfileBase |
| certificateValidityPeriodScale | certificateValidityPeriodScale | Scale for the Certificate Validity Period. Inherited from windowsPhone81CertificateProfileBase. Possible values are: days, months, years. |
| extendedKeyUsages | extendedKeyUsage collection | Extended Key Usage (EKU) settings. This collection can contain a maximum of 500 elements. Inherited from windowsPhone81CertificateProfileBase |
| scepServerUrls | String collection | SCEP Server Url(s). |
| subjectNameFormatString | String | Custom format to use with SubjectNameFormat = Custom. Example: CN={{EmailAddress}},E={{EmailAddress}},OU=Enterprise Users,O=Contoso Corporation,L=Redmond,ST=WA,C=US |
| keyUsage | keyUsages | SCEP Key Usage. Possible values are: keyEncipherment, digitalSignature. |
| keySize | keySize | SCEP Key Size. Possible values are: size1024, size2048, size4096. |
| hashAlgorithm | hashAlgorithms | SCEP Hash Algorithm. Possible values are: sha1, sha2. |
| subjectAlternativeNameFormatString | String | Custom String that defines the AAD Attribute. |
Graph reference: windowsPhone81TrustedRootCertificate
| Property | Type | Description |
|---|---|---|
| id | String | Key of the entity. Inherited from deviceConfiguration |
| lastModifiedDateTime | DateTimeOffset | DateTime the object was last modified. Inherited from deviceConfiguration |
| roleScopeTagIds | String collection | List of Scope Tags for this Entity instance. Inherited from deviceConfiguration |
| supportsScopeTags | Boolean | Indicates whether or not the underlying Device Configuration supports the assignment of scope tags. Assigning to the ScopeTags property is not allowed when this value is false and entities will not be visible to scoped users. This occurs for Legacy policies created in Silverlight and can be resolved by deleting and recreating the policy in the Azure Portal. This property is read-only. Inherited from deviceConfiguration |
| deviceManagementApplicabilityRuleOsEdition | deviceManagementApplicabilityRuleOsEdition | The OS edition applicability for this Policy. Inherited from deviceConfiguration |
| deviceManagementApplicabilityRuleOsVersion | deviceManagementApplicabilityRuleOsVersion | The OS version applicability rule for this Policy. Inherited from deviceConfiguration |
| deviceManagementApplicabilityRuleDeviceMode | deviceManagementApplicabilityRuleDeviceMode | The device mode applicability rule for this Policy. Inherited from deviceConfiguration |
| createdDateTime | DateTimeOffset | DateTime the object was created. Inherited from deviceConfiguration |
| description | String | Admin provided description of the Device Configuration. Inherited from deviceConfiguration |
| displayName | String | Admin provided name of the device configuration. Inherited from deviceConfiguration |
| version | Int32 | Version of the device configuration. Inherited from deviceConfiguration |
| trustedRootCertificate | Binary | Trusted Root Certificate |
| certFileName | String | File name to display in UI. |
Graph reference: windowsPhone81VpnConfiguration
| Property | Type | Description |
|---|---|---|
| id | String | Key of the entity. Inherited from deviceConfiguration |
| lastModifiedDateTime | DateTimeOffset | DateTime the object was last modified. Inherited from deviceConfiguration |
| roleScopeTagIds | String collection | List of Scope Tags for this Entity instance. Inherited from deviceConfiguration |
| supportsScopeTags | Boolean | Indicates whether or not the underlying Device Configuration supports the assignment of scope tags. Assigning to the ScopeTags property is not allowed when this value is false and entities will not be visible to scoped users. This occurs for Legacy policies created in Silverlight and can be resolved by deleting and recreating the policy in the Azure Portal. This property is read-only. Inherited from deviceConfiguration |
| deviceManagementApplicabilityRuleOsEdition | deviceManagementApplicabilityRuleOsEdition | The OS edition applicability for this Policy. Inherited from deviceConfiguration |
| deviceManagementApplicabilityRuleOsVersion | deviceManagementApplicabilityRuleOsVersion | The OS version applicability rule for this Policy. Inherited from deviceConfiguration |
| deviceManagementApplicabilityRuleDeviceMode | deviceManagementApplicabilityRuleDeviceMode | The device mode applicability rule for this Policy. Inherited from deviceConfiguration |
| createdDateTime | DateTimeOffset | DateTime the object was created. Inherited from deviceConfiguration |
| description | String | Admin provided description of the Device Configuration. Inherited from deviceConfiguration |
| displayName | String | Admin provided name of the device configuration. Inherited from deviceConfiguration |
| version | Int32 | Version of the device configuration. Inherited from deviceConfiguration |
| connectionName | String | Connection name displayed to the user. Inherited from windowsVpnConfiguration |
| servers | vpnServer collection | List of VPN Servers on the network. Make sure end users can access these network locations. This collection can contain a maximum of 500 elements. Inherited from windowsVpnConfiguration |
| customXml | Binary | Custom XML commands that configures the VPN connection. (UTF8 encoded byte array) Inherited from windowsVpnConfiguration |
| applyOnlyToWindows81 | Boolean | Value indicating whether this policy only applies to Windows 8.1. This property is read-only. Inherited from windows81VpnConfiguration |
| connectionType | windowsVpnConnectionType | Connection type. Inherited from windows81VpnConfiguration. Possible values are: pulseSecure, f5EdgeClient, dellSonicWallMobileConnect, checkPointCapsuleVpn. |
| loginGroupOrDomain | String | Login group or domain when connection type is set to Dell SonicWALL Mobile Connection. Inherited from windows81VpnConfiguration |
| enableSplitTunneling | Boolean | Enable split tunneling for the VPN. Inherited from windows81VpnConfiguration |
| proxyServer | windows81VpnProxyServer | Proxy Server. Inherited from windows81VpnConfiguration |
| bypassVpnOnCompanyWifi | Boolean | Bypass VPN on company Wi-Fi. |
| bypassVpnOnHomeWifi | Boolean | Bypass VPN on home Wi-Fi. |
| authenticationMethod | vpnAuthenticationMethod | Authentication method. Possible values are: certificate, usernameAndPassword, sharedSecret, derivedCredential, azureAD. |
| rememberUserCredentials | Boolean | Remember user credentials. |
| dnsSuffixSearchList | String collection | DNS suffix search list. |
Graph reference: windowsPhoneEASEmailProfileConfiguration
| Property | Type | Description |
|---|---|---|
| id | String | Key of the entity. Inherited from deviceConfiguration |
| lastModifiedDateTime | DateTimeOffset | DateTime the object was last modified. Inherited from deviceConfiguration |
| roleScopeTagIds | String collection | List of Scope Tags for this Entity instance. Inherited from deviceConfiguration |
| supportsScopeTags | Boolean | Indicates whether or not the underlying Device Configuration supports the assignment of scope tags. Assigning to the ScopeTags property is not allowed when this value is false and entities will not be visible to scoped users. This occurs for Legacy policies created in Silverlight and can be resolved by deleting and recreating the policy in the Azure Portal. This property is read-only. Inherited from deviceConfiguration |
| deviceManagementApplicabilityRuleOsEdition | deviceManagementApplicabilityRuleOsEdition | The OS edition applicability for this Policy. Inherited from deviceConfiguration |
| deviceManagementApplicabilityRuleOsVersion | deviceManagementApplicabilityRuleOsVersion | The OS version applicability rule for this Policy. Inherited from deviceConfiguration |
| deviceManagementApplicabilityRuleDeviceMode | deviceManagementApplicabilityRuleDeviceMode | The device mode applicability rule for this Policy. Inherited from deviceConfiguration |
| createdDateTime | DateTimeOffset | DateTime the object was created. Inherited from deviceConfiguration |
| description | String | Admin provided description of the Device Configuration. Inherited from deviceConfiguration |
| displayName | String | Admin provided name of the device configuration. Inherited from deviceConfiguration |
| version | Int32 | Version of the device configuration. Inherited from deviceConfiguration |
| usernameSource | userEmailSource | Username attribute that is picked from AAD and injected into this profile before installing on the device. Inherited from easEmailProfileConfigurationBase. Possible values are: userPrincipalName, primarySmtpAddress. |
| usernameAADSource | usernameSource | Name of the AAD field, that will be used to retrieve UserName for email profile. Inherited from easEmailProfileConfigurationBase. Possible values are: userPrincipalName, primarySmtpAddress, samAccountName. |
| userDomainNameSource | domainNameSource | UserDomainname attribute that is picked from AAD and injected into this profile before installing on the device. Inherited from easEmailProfileConfigurationBase. Possible values are: fullDomainName, netBiosDomainName. |
| customDomainName | String | Custom domain name value used while generating an email profile before installing on the device. Inherited from easEmailProfileConfigurationBase |
| accountName | String | Account name. |
| applyOnlyToWindowsPhone81 | Boolean | Value indicating whether this policy only applies to Windows 8.1. This property is read-only. |
| syncCalendar | Boolean | Whether or not to sync the calendar. |
| syncContacts | Boolean | Whether or not to sync contacts. |
| syncTasks | Boolean | Whether or not to sync tasks. |
| durationOfEmailToSync | emailSyncDuration | Duration of email to sync. Possible values are: userDefined, oneDay, threeDays, oneWeek, twoWeeks, oneMonth, unlimited. |
| emailAddressSource | userEmailSource | Email attribute that is picked from AAD and injected into this profile before installing on the device. Possible values are: userPrincipalName, primarySmtpAddress. |
| emailSyncSchedule | emailSyncSchedule | Email sync schedule. Possible values are: userDefined, asMessagesArrive, manual, fifteenMinutes, thirtyMinutes, sixtyMinutes, basedOnMyUsage. |
| hostName | String | Exchange location that (URL) that the native mail app connects to. |
| requireSsl | Boolean | Indicates whether or not to use SSL. |
Graph reference: windowsPrivacyDataAccessControlItem
| Property | Type | Description |
|---|---|---|
| id | String | The key of WindowsPrivacyDataAccessControlItem. |
| accessLevel | windowsPrivacyDataAccessLevel | This indicates an access level for the privacy data category to which the specified application will be given to. Possible values are: notConfigured, forceAllow, forceDeny, userInControl. |
| dataCategory | windowsPrivacyDataCategory | This indicates a privacy data category to which the specific access control will apply. Possible values are: notConfigured, accountInfo, appsRunInBackground, calendar, callHistory, camera, contacts, diagnosticsInfo, email, location, messaging, microphone, motion, notifications, phone, radios, tasks, syncWithDevices, trustedDevices. |
| appPackageFamilyName | String | The Package Family Name of a Windows app. When set, the access level applies to the specified application. |
| appDisplayName | String | The Package Family Name of a Windows app. When set, the access level applies to the specified application. |
Graph reference: windowsUpdateForBusinessConfiguration
| Property | Type | Description |
|---|---|---|
| id | String | Key of the entity. Inherited from deviceConfiguration |
| lastModifiedDateTime | DateTimeOffset | DateTime the object was last modified. Inherited from deviceConfiguration |
| createdDateTime | DateTimeOffset | DateTime the object was created. Inherited from deviceConfiguration |
| description | String | Admin provided description of the Device Configuration. Inherited from deviceConfiguration |
| displayName | String | Admin provided name of the device configuration. Inherited from deviceConfiguration |
| version | Int32 | Version of the device configuration. Inherited from deviceConfiguration |
| deliveryOptimizationMode | windowsDeliveryOptimizationMode | The Delivery Optimization Mode. Possible values are: UserDefined, HttpOnly, HttpWithPeeringNat, HttpWithPeeringPrivateGroup, HttpWithInternetPeering, SimpleDownload, BypassMode. UserDefined allows the user to set. Returned by default. Query parameters are not supported. Possible values are: userDefined, httpOnly, httpWithPeeringNat, httpWithPeeringPrivateGroup, httpWithInternetPeering, simpleDownload, bypassMode. |
| prereleaseFeatures | prereleaseFeatures | The Pre-Release Features. Possible values are: UserDefined, SettingsOnly, SettingsAndExperimentations, NotAllowed. UserDefined is the default value, no intent. Returned by default. Query parameters are not supported. Possible values are: userDefined, settingsOnly, settingsAndExperimentations, notAllowed. |
| automaticUpdateMode | automaticUpdateMode | The Automatic Update Mode. Possible values are: UserDefined, NotifyDownload, AutoInstallAtMaintenanceTime, AutoInstallAndRebootAtMaintenanceTime, AutoInstallAndRebootAtScheduledTime, AutoInstallAndRebootWithoutEndUserControl, WindowsDefault. UserDefined is the default value, no intent. Returned by default. Query parameters are not supported. Possible values are: userDefined, notifyDownload, autoInstallAtMaintenanceTime, autoInstallAndRebootAtMaintenanceTime, autoInstallAndRebootAtScheduledTime, autoInstallAndRebootWithoutEndUserControl. |
| microsoftUpdateServiceAllowed | Boolean | When TRUE, allows Microsoft Update Service. When FALSE, does not allow Microsoft Update Service. Returned by default. Query parameters are not supported. |
| driversExcluded | Boolean | When TRUE, excludes Windows update Drivers. When FALSE, does not exclude Windows update Drivers. Returned by default. Query parameters are not supported. |
| installationSchedule | windowsUpdateInstallScheduleType | The Installation Schedule. Possible values are: ActiveHoursStart, ActiveHoursEnd, ScheduledInstallDay, ScheduledInstallTime. Returned by default. Query parameters are not supported. |
| qualityUpdatesDeferralPeriodInDays | Int32 | Defer Quality Updates by these many days with valid range from 0 to 30 days. Returned by default. Query parameters are not supported. |
| featureUpdatesDeferralPeriodInDays | Int32 | Defer Feature Updates by these many days with valid range from 0 to 30 days. Returned by default. Query parameters are not supported. |
| qualityUpdatesPaused | Boolean | When TRUE, assigned devices are paused from receiving quality updates for up to 35 days from the time you pause the ring. When FALSE, does not pause Quality Updates. Returned by default. Query parameters are not supported. |
| featureUpdatesPaused | Boolean | When TRUE, assigned devices are paused from receiving feature updates for up to 35 days from the time you pause the ring. When FALSE, does not pause Feature Updates. Returned by default. Query parameters are not supported.s |
| qualityUpdatesPauseExpiryDateTime | DateTimeOffset | The Quality Updates Pause Expiry datetime. This value is 35 days from the time admin paused or extended the pause for the ring. Returned by default. Query parameters are not supported. |
| featureUpdatesPauseExpiryDateTime | DateTimeOffset | The Feature Updates Pause Expiry datetime. This value is 35 days from the time admin paused or extended the pause for the ring. Returned by default. Query parameters are not supported. |
| businessReadyUpdatesOnly | windowsUpdateType | Determines which branch devices will receive their updates from. Possible values are: UserDefined, All, BusinessReadyOnly, WindowsInsiderBuildFast, WindowsInsiderBuildSlow, WindowsInsiderBuildRelease. Returned by default. Query parameters are not supported. Possible values are: userDefined, all, businessReadyOnly, windowsInsiderBuildFast, windowsInsiderBuildSlow, windowsInsiderBuildRelease. |
| skipChecksBeforeRestart | Boolean | When TRUE, skips all checks before restart: Battery level = 40%, User presence, Display Needed, Presentation mode, Full screen mode, phone call state, game mode etc. When FALSE, does not skip all checks before restart. Returned by default. Query parameters are not supported. |
| updateWeeks | windowsUpdateForBusinessUpdateWeeks | Schedule the update installation on the weeks of the month. Possible values are: UserDefined, FirstWeek, SecondWeek, ThirdWeek, FourthWeek, EveryWeek. Returned by default. Query parameters are not supported. Possible values are: userDefined, firstWeek, secondWeek, thirdWeek, fourthWeek, everyWeek, unknownFutureValue. |
| qualityUpdatesPauseStartDate | Date | The Quality Updates Pause start date. This value is the time when the admin paused or extended the pause for the ring. Returned by default. Query parameters are not supported. This property is read-only. |
| featureUpdatesPauseStartDate | Date | The Feature Updates Pause start date. This value is the time when the admin paused or extended the pause for the ring. Returned by default. Query parameters are not supported. This property is read-only. |
| featureUpdatesRollbackWindowInDays | Int32 | The number of days after a Feature Update for which a rollback is valid with valid range from 2 to 60 days. Returned by default. Query parameters are not supported. |
| qualityUpdatesWillBeRolledBack | Boolean | When TRUE, rollback Quality Updates on the next device check in. When FALSE, do not rollback Quality Updates on the next device check in. Returned by default. Query parameters are not supported. |
| featureUpdatesWillBeRolledBack | Boolean | When TRUE, rollback Feature Updates on the next device check in. When FALSE, do not rollback Feature Updates on the next device check in. Returned by default.Query parameters are not supported. |
| qualityUpdatesRollbackStartDateTime | DateTimeOffset | The Quality Updates Rollback Start datetime. This value is the time when the admin rolled back the Quality update for the ring. Returned by default. Query parameters are not supported. |
| featureUpdatesRollbackStartDateTime | DateTimeOffset | The Feature Updates Rollback Start datetime.This value is the time when the admin rolled back the Feature update for the ring.Returned by default.Query parameters are not supported. |
| engagedRestartDeadlineInDays | Int32 | Deadline in days before automatically scheduling and executing a pending restart outside of active hours, with valid range from 2 to 30 days. Returned by default. Query parameters are not supported. |
| engagedRestartSnoozeScheduleInDays | Int32 | Number of days a user can snooze Engaged Restart reminder notifications with valid range from 1 to 3 days. Returned by default. Query parameters are not supported. |
| engagedRestartTransitionScheduleInDays | Int32 | Number of days before transitioning from Auto Restarts scheduled outside of active hours to Engaged Restart, which requires the user to schedule, with valid range from 0 to 30 days. Returned by default. Query parameters are not supported. |
| deadlineForFeatureUpdatesInDays | Int32 | Number of days before feature updates are installed automatically with valid range from 0 to 30 days. Returned by default. Query parameters are not supported. |
| deadlineForQualityUpdatesInDays | Int32 | Number of days before quality updates are installed automatically with valid range from 0 to 30 days. Returned by default. Query parameters are not supported. |
| deadlineGracePeriodInDays | Int32 | Number of days after deadline until restarts occur automatically with valid range from 0 to 7 days. Returned by default. Query parameters are not supported. |
| postponeRebootUntilAfterDeadline | Boolean | When TRUE the device should wait until deadline for rebooting outside of active hours. When FALSE the device should not wait until deadline for rebooting outside of active hours. Returned by default. Query parameters are not supported. |
| autoRestartNotificationDismissal | autoRestartNotificationDismissalMethod | Specify the method by which the auto-restart required notification is dismissed. Possible values are: NotConfigured, Automatic, User. Returned by default. Query parameters are not supported. Possible values are: notConfigured, automatic, user, unknownFutureValue. |
| scheduleRestartWarningInHours | Int32 | Specify the period for auto-restart warning reminder notifications. Supported values: 2, 4, 8, 12 or 24 (hours). Returned by default. Query parameters are not supported. |
| scheduleImminentRestartWarningInMinutes | Int32 | Specify the period for auto-restart imminent warning notifications. Supported values: 15, 30 or 60 (minutes). Returned by default. Query parameters are not supported. |
| userPauseAccess | enablement | Specifies whether to enable end user’s access to pause software updates. Possible values are: NotConfigured, Enabled, Disabled. Returned by default. Query parameters are not supported. Possible values are: notConfigured, enabled, disabled. |
| userWindowsUpdateScanAccess | enablement | Specifies whether to disable user’s access to scan Windows Update. Possible values are: NotConfigured, Enabled, Disabled. Returned by default. Query parameters are not supported. Possible values are: notConfigured, enabled, disabled. |
| updateNotificationLevel | windowsUpdateNotificationDisplayOption | Specifies what Windows Update notifications users see. Possible values are: NotConfigured, DefaultNotifications, RestartWarningsOnly, DisableAllNotifications. Returned by default. Query parameters are not supported. Possible values are: notConfigured, defaultNotifications, restartWarningsOnly, disableAllNotifications, unknownFutureValue. |
| allowWindows11Upgrade | Boolean | When TRUE, allows eligible Windows 10 devices to upgrade to Windows 11. When FALSE, implies the device stays on the existing operating system. Returned by default. Query parameters are not supported. |
Graph reference: windowsVpnConfiguration
| Property | Type | Description |
|---|---|---|
| id | String | Key of the entity. Inherited from deviceConfiguration |
| lastModifiedDateTime | DateTimeOffset | DateTime the object was last modified. Inherited from deviceConfiguration |
| roleScopeTagIds | String collection | List of Scope Tags for this Entity instance. Inherited from deviceConfiguration |
| supportsScopeTags | Boolean | Indicates whether or not the underlying Device Configuration supports the assignment of scope tags. Assigning to the ScopeTags property is not allowed when this value is false and entities will not be visible to scoped users. This occurs for Legacy policies created in Silverlight and can be resolved by deleting and recreating the policy in the Azure Portal. This property is read-only. Inherited from deviceConfiguration |
| deviceManagementApplicabilityRuleOsEdition | deviceManagementApplicabilityRuleOsEdition | The OS edition applicability for this Policy. Inherited from deviceConfiguration |
| deviceManagementApplicabilityRuleOsVersion | deviceManagementApplicabilityRuleOsVersion | The OS version applicability rule for this Policy. Inherited from deviceConfiguration |
| deviceManagementApplicabilityRuleDeviceMode | deviceManagementApplicabilityRuleDeviceMode | The device mode applicability rule for this Policy. Inherited from deviceConfiguration |
| createdDateTime | DateTimeOffset | DateTime the object was created. Inherited from deviceConfiguration |
| description | String | Admin provided description of the Device Configuration. Inherited from deviceConfiguration |
| displayName | String | Admin provided name of the device configuration. Inherited from deviceConfiguration |
| version | Int32 | Version of the device configuration. Inherited from deviceConfiguration |
| connectionName | String | Connection name displayed to the user. |
| servers | vpnServer collection | List of VPN Servers on the network. Make sure end users can access these network locations. This collection can contain a maximum of 500 elements. |
| customXml | Binary | Custom XML commands that configures the VPN connection. (UTF8 encoded byte array) |
Graph reference: windowsWifiConfiguration
| Property | Type | Description |
|---|---|---|
| id | String | Key of the entity. Inherited from deviceConfiguration |
| lastModifiedDateTime | DateTimeOffset | DateTime the object was last modified. Inherited from deviceConfiguration |
| roleScopeTagIds | String collection | List of Scope Tags for this Entity instance. Inherited from deviceConfiguration |
| supportsScopeTags | Boolean | Indicates whether or not the underlying Device Configuration supports the assignment of scope tags. Assigning to the ScopeTags property is not allowed when this value is false and entities will not be visible to scoped users. This occurs for Legacy policies created in Silverlight and can be resolved by deleting and recreating the policy in the Azure Portal. This property is read-only. Inherited from deviceConfiguration |
| deviceManagementApplicabilityRuleOsEdition | deviceManagementApplicabilityRuleOsEdition | The OS edition applicability for this Policy. Inherited from deviceConfiguration |
| deviceManagementApplicabilityRuleOsVersion | deviceManagementApplicabilityRuleOsVersion | The OS version applicability rule for this Policy. Inherited from deviceConfiguration |
| deviceManagementApplicabilityRuleDeviceMode | deviceManagementApplicabilityRuleDeviceMode | The device mode applicability rule for this Policy. Inherited from deviceConfiguration |
| createdDateTime | DateTimeOffset | DateTime the object was created. Inherited from deviceConfiguration |
| description | String | Admin provided description of the Device Configuration. Inherited from deviceConfiguration |
| displayName | String | Admin provided name of the device configuration. Inherited from deviceConfiguration |
| version | Int32 | Version of the device configuration. Inherited from deviceConfiguration |
| preSharedKey | String | This is the pre-shared key for WPA Personal Wi-Fi network. |
| wifiSecurityType | wiFiSecurityType | Specify the Wifi Security Type. Possible values are: open, wpaPersonal, wpaEnterprise, wep, wpa2Personal, wpa2Enterprise. |
| meteredConnectionLimit | meteredConnectionLimitType | Specify the metered connection limit type for the wifi connection. Possible values are: unrestricted, fixed, variable. |
| ssid | String | Specify the SSID of the wifi connection. |
| networkName | String | Specify the network configuration name. |
| connectAutomatically | Boolean | Specify whether the wifi connection should connect automatically when in range. |
| connectToPreferredNetwork | Boolean | Specify whether the wifi connection should connect to more preferred networks when already connected to this one. Requires ConnectAutomatically to be true. |
| connectWhenNetworkNameIsHidden | Boolean | Specify whether the wifi connection should connect automatically even when the SSID is not broadcasting. |
| proxySetting | wiFiProxySetting | Specify the proxy setting for Wi-Fi configuration. Possible values are: none, manual, automatic, unknownFutureValue. |
| proxyManualAddress | String | Specify the IP address for the proxy server. |
| proxyManualPort | Int32 | Specify the port for the proxy server. |
| proxyAutomaticConfigurationUrl | String | Specify the URL for the proxy server configuration script. |
| forceFIPSCompliance | Boolean | Specify whether to force FIPS compliance. |
Graph reference: windowsWifiEnterpriseEAPConfiguration
| Property | Type | Description |
|---|---|---|
| id | String | Key of the entity. Inherited from deviceConfiguration |
| lastModifiedDateTime | DateTimeOffset | DateTime the object was last modified. Inherited from deviceConfiguration |
| roleScopeTagIds | String collection | List of Scope Tags for this Entity instance. Inherited from deviceConfiguration |
| supportsScopeTags | Boolean | Indicates whether or not the underlying Device Configuration supports the assignment of scope tags. Assigning to the ScopeTags property is not allowed when this value is false and entities will not be visible to scoped users. This occurs for Legacy policies created in Silverlight and can be resolved by deleting and recreating the policy in the Azure Portal. This property is read-only. Inherited from deviceConfiguration |
| deviceManagementApplicabilityRuleOsEdition | deviceManagementApplicabilityRuleOsEdition | The OS edition applicability for this Policy. Inherited from deviceConfiguration |
| deviceManagementApplicabilityRuleOsVersion | deviceManagementApplicabilityRuleOsVersion | The OS version applicability rule for this Policy. Inherited from deviceConfiguration |
| deviceManagementApplicabilityRuleDeviceMode | deviceManagementApplicabilityRuleDeviceMode | The device mode applicability rule for this Policy. Inherited from deviceConfiguration |
| createdDateTime | DateTimeOffset | DateTime the object was created. Inherited from deviceConfiguration |
| description | String | Admin provided description of the Device Configuration. Inherited from deviceConfiguration |
| displayName | String | Admin provided name of the device configuration. Inherited from deviceConfiguration |
| version | Int32 | Version of the device configuration. Inherited from deviceConfiguration |
| preSharedKey | String | This is the pre-shared key for WPA Personal Wi-Fi network. Inherited from windowsWifiConfiguration |
| wifiSecurityType | wiFiSecurityType | Specify the Wifi Security Type. Inherited from windowsWifiConfiguration. Possible values are: open, wpaPersonal, wpaEnterprise, wep, wpa2Personal, wpa2Enterprise. |
| meteredConnectionLimit | meteredConnectionLimitType | Specify the metered connection limit type for the wifi connection. Inherited from windowsWifiConfiguration. Possible values are: unrestricted, fixed, variable. |
| ssid | String | Specify the SSID of the wifi connection. Inherited from windowsWifiConfiguration |
| networkName | String | Specify the network configuration name. Inherited from windowsWifiConfiguration |
| connectAutomatically | Boolean | Specify whether the wifi connection should connect automatically when in range. Inherited from windowsWifiConfiguration |
| connectToPreferredNetwork | Boolean | Specify whether the wifi connection should connect to more preferred networks when already connected to this one. Requires ConnectAutomatically to be true. Inherited from windowsWifiConfiguration |
| connectWhenNetworkNameIsHidden | Boolean | Specify whether the wifi connection should connect automatically even when the SSID is not broadcasting. Inherited from windowsWifiConfiguration |
| proxySetting | wiFiProxySetting | Specify the proxy setting for Wi-Fi configuration Inherited from windowsWifiConfiguration. Possible values are: none, manual, automatic, unknownFutureValue. |
| proxyManualAddress | String | Specify the IP address for the proxy server. Inherited from windowsWifiConfiguration |
| proxyManualPort | Int32 | Specify the port for the proxy server. Inherited from windowsWifiConfiguration |
| proxyAutomaticConfigurationUrl | String | Specify the URL for the proxy server configuration script. Inherited from windowsWifiConfiguration |
| forceFIPSCompliance | Boolean | Specify whether to force FIPS compliance. Inherited from windowsWifiConfiguration |
| networkSingleSignOn | networkSingleSignOnType | Specify the network single sign on type. Possible values are: disabled, prelogon, postlogon. |
| maximumAuthenticationTimeoutInSeconds | Int32 | Specify maximum authentication timeout (in seconds). Valid range: 1-120 |
| userBasedVirtualLan | Boolean | Specifiy whether to change the virtual LAN used by the device based on the user’s credentials. Cannot be used when NetworkSingleSignOnType is set to Disabled. |
| promptForAdditionalAuthenticationCredentials | Boolean | Specify whether the wifi connection should prompt for additional authentication credentials. |
| enablePairwiseMasterKeyCaching | Boolean | Specify whether the wifi connection should enable pairwise master key caching. |
| maximumPairwiseMasterKeyCacheTimeInMinutes | Int32 | Specify maximum pairwise master key cache time (in minutes). Valid range: 5-1440 |
| maximumNumberOfPairwiseMasterKeysInCache | Int32 | Specify maximum number of pairwise master keys in cache. Valid range: 1-255 |
| enablePreAuthentication | Boolean | Specify whether pre-authentication should be enabled. |
| maximumPreAuthenticationAttempts | Int32 | Specify maximum pre-authentication attempts. Valid range: 1-16 |
| eapType | eapType | Extensible Authentication Protocol (EAP). Indicates the type of EAP protocol set on the Wi-Fi endpoint (router). Possible values are: eapTls, leap, eapSim, eapTtls, peap, eapFast, teap. |
| trustedServerCertificateNames | String collection | Specify trusted server certificate names. |
| authenticationMethod | wiFiAuthenticationMethod | Specify the authentication method. Possible values are: certificate, usernameAndPassword, derivedCredential. |
| innerAuthenticationProtocolForEAPTTLS | nonEapAuthenticationMethodForEapTtlsType | Specify inner authentication protocol for EAP TTLS. Possible values are: unencryptedPassword, challengeHandshakeAuthenticationProtocol, microsoftChap, microsoftChapVersionTwo. |
| outerIdentityPrivacyTemporaryValue | String | Specify the string to replace usernames for privacy when using EAP TTLS or PEAP. |
| requireCryptographicBinding | Boolean | Specify whether to enable cryptographic binding when EAP type is selected as PEAP. |
| performServerValidation | Boolean | Specify whether to enable verification of server's identity by validating the certificate when EAP type is selected as PEAP. |
| disableUserPromptForServerValidation | Boolean | Specify whether to prevent the user from being prompted to authorize new servers for trusted certification authorities when EAP type is selected as PEAP. |
| authenticationPeriodInSeconds | Int32 | Specify the number of seconds for the client to wait after an authentication attempt before failing. Valid range 1-3600. |
| authenticationRetryDelayPeriodInSeconds | Int32 | Specify the number of seconds between a failed authentication and the next authentication attempt. Valid range 1-3600. |
| eapolStartPeriodInSeconds | Int32 | Specify the number of seconds to wait before sending an EAPOL (Extensible Authentication Protocol over LAN) Start message. Valid range 1-3600. |
| maximumEAPOLStartMessages | Int32 | Specifiy the maximum number of EAPOL (Extensible Authentication Protocol over LAN) Start messages to be sent before returning failure. Valid range 1-100. |
| maximumAuthenticationFailures | Int32 | Specify the maximum authentication failures allowed for a set of credentials. Valid range 1-100. |
| cacheCredentials | Boolean | Specify whether to cache user credentials on the device so that users don’t need to keep entering them each time they connect. |
| authenticationType | wifiAuthenticationType | Specify whether to authenticate the user, the device, either, or to use guest authentication (none). If you’re using certificate authentication, make sure the certificate type matches the authentication type. Possible values are: none, user, machine, machineOrUser, guest. |
Graph reference: windowsWiredNetworkConfiguration
| Property | Type | Description |
|---|---|---|
| id | String | Key of the entity. Inherited from deviceConfiguration |
| lastModifiedDateTime | DateTimeOffset | DateTime the object was last modified. Inherited from deviceConfiguration |
| roleScopeTagIds | String collection | List of Scope Tags for this Entity instance. Inherited from deviceConfiguration |
| supportsScopeTags | Boolean | Indicates whether or not the underlying Device Configuration supports the assignment of scope tags. Assigning to the ScopeTags property is not allowed when this value is false and entities will not be visible to scoped users. This occurs for Legacy policies created in Silverlight and can be resolved by deleting and recreating the policy in the Azure Portal. This property is read-only. Inherited from deviceConfiguration |
| deviceManagementApplicabilityRuleOsEdition | deviceManagementApplicabilityRuleOsEdition | The OS edition applicability for this Policy. Inherited from deviceConfiguration |
| deviceManagementApplicabilityRuleOsVersion | deviceManagementApplicabilityRuleOsVersion | The OS version applicability rule for this Policy. Inherited from deviceConfiguration |
| deviceManagementApplicabilityRuleDeviceMode | deviceManagementApplicabilityRuleDeviceMode | The device mode applicability rule for this Policy. Inherited from deviceConfiguration |
| createdDateTime | DateTimeOffset | DateTime the object was created. Inherited from deviceConfiguration |
| description | String | Admin provided description of the Device Configuration. Inherited from deviceConfiguration |
| displayName | String | Admin provided name of the device configuration. Inherited from deviceConfiguration |
| version | Int32 | Version of the device configuration. Inherited from deviceConfiguration |
| authenticationType | wiredNetworkAuthenticationType | Specify whether to authenticate the user, the device, either, or to use guest authentication (none). If you're using certificate authentication, make sure the certificate type matches the authentication type. Possible values are: none, user, machine, machineOrUser, guest. Possible values are: none, user, machine, machineOrUser, guest, unknownFutureValue. |
| cacheCredentials | Boolean | When TRUE, caches user credentials on the device so that users don't need to keep entering them each time they connect. When FALSE, do not cache credentials. Default value is FALSE. |
| authenticationPeriodInSeconds | Int32 | Specify the number of seconds for the client to wait after an authentication attempt before failing. Valid range 1-3600. |
| authenticationRetryDelayPeriodInSeconds | Int32 | Specify the number of seconds between a failed authentication and the next authentication attempt. Valid range 1-3600. |
| eapolStartPeriodInSeconds | Int32 | Specify the number of seconds to wait before sending an EAPOL (Extensible Authentication Protocol over LAN) Start message. Valid range 1-3600. |
| maximumEAPOLStartMessages | Int32 | Specify the maximum number of EAPOL (Extensible Authentication Protocol over LAN) Start messages to be sent before returning failure. Valid range 1-100. |
| maximumAuthenticationFailures | Int32 | Specify the maximum authentication failures allowed for a set of credentials. Valid range 1-100. |
| enforce8021X | Boolean | When TRUE, the automatic configuration service for wired networks requires the use of 802.1X for port authentication. When FALSE, 802.1X is not required. Default value is FALSE. |
| authenticationBlockPeriodInMinutes | Int32 | Specify the duration for which automatic authentication attempts will be blocked from occuring after a failed authentication attempt. |
| eapType | eapType | Extensible Authentication Protocol (EAP). Indicates the type of EAP protocol set on the Wi-Fi endpoint (router). Possible values are: eapTls, leap, eapSim, eapTtls, peap, eapFast, teap. Possible values are: eapTls, leap, eapSim, eapTtls, peap, eapFast, teap. |
| trustedServerCertificateNames | String collection | Specify trusted server certificate names. |
| authenticationMethod | wiredNetworkAuthenticationMethod | Specify the authentication method. Possible values are: certificate, usernameAndPassword, derivedCredential. Possible values are: certificate, usernameAndPassword, derivedCredential, unknownFutureValue. |
| secondaryAuthenticationMethod | wiredNetworkAuthenticationMethod | Specify the secondary authentication method. Possible values are: certificate, usernameAndPassword, derivedCredential. Possible values are: certificate, usernameAndPassword, derivedCredential, unknownFutureValue. |
| innerAuthenticationProtocolForEAPTTLS | nonEapAuthenticationMethodForEapTtlsType | Specify inner authentication protocol for EAP TTLS. Possible values are: unencryptedPassword, challengeHandshakeAuthenticationProtocol, microsoftChap, microsoftChapVersionTwo. Possible values are: unencryptedPassword, challengeHandshakeAuthenticationProtocol, microsoftChap, microsoftChapVersionTwo. |
| outerIdentityPrivacyTemporaryValue | String | Specify the string to replace usernames for privacy when using EAP TTLS or PEAP. |
| performServerValidation | Boolean | When TRUE, enables verification of server's identity by validating the certificate when EAP type is selected as PEAP. When FALSE, the certificate is not validated. Default value is TRUE. |
| disableUserPromptForServerValidation | Boolean | When TRUE, prevents the user from being prompted to authorize new servers for trusted certification authorities when EAP type is selected as PEAP. When FALSE, does not prevent the user from being prompted. Default value is FALSE. |
| requireCryptographicBinding | Boolean | When TRUE, enables cryptographic binding when EAP type is selected as PEAP. When FALSE, does not enable cryptogrpahic binding. Default value is TRUE. |
| forceFIPSCompliance | Boolean | When TRUE, forces FIPS compliance. When FALSE, does not enable FIPS compliance. Default value is FALSE. |
Graph reference: deviceManagementComplianceActionItem
| Property | Type | Description |
|---|---|---|
| id | String | Key of this setting within the policy which contains it. Automatically generated. |
| gracePeriodHours | Int32 | Number of hours to wait till the action will be enforced. Valid values 0 to 8760 |
| actionType | deviceManagementComplianceActionType | What action to take. Possible values are: noAction, notification, block, retire, wipe, removeResourceAccessProfiles, pushNotification, remoteLock. |
| notificationTemplateId | String | What notification Message template to use |
| notificationMessageCCList | String collection | A list of group IDs to speicify who to CC this notification message to. This collection can contain a maximum of 100 elements. |
Graph reference: deviceManagementCompliancePolicy
| Property | Type | Description |
|---|---|---|
| id | String | Key of the policy document. Automatically generated. |
| name | String | Policy name |
| description | String | Policy description |
| platforms | deviceManagementConfigurationPlatforms | Platforms for this policy. Possible values are: none, android, iOS, macOS, windows10X, windows10, linux, unknownFutureValue, androidEnterprise, aosp, visionOS, tvOS. |
| technologies | deviceManagementConfigurationTechnologies | Technologies for this policy. Possible values are: none, mdm, windows10XManagement, configManager, appleRemoteManagement, microsoftSense, exchangeOnline, mobileApplicationManagement, linuxMdm, extensibility, enrollment, endpointPrivilegeManagement, unknownFutureValue, windowsOsRecovery, android. |
| createdDateTime | DateTimeOffset | Policy creation date and time. This property is read-only. |
| lastModifiedDateTime | DateTimeOffset | Policy last modification date and time. This property is read-only. |
| settingCount | Int32 | Number of settings. This property is read-only. |
| creationSource | String | Policy creation source |
| roleScopeTagIds | String collection | List of Scope Tags for this Entity instance. |
| isAssigned | Boolean | Policy assignment status. This property is read-only. |
Graph reference: deviceManagementComplianceScheduledActionForRule
| Property | Type | Description |
|---|---|---|
| id | String | Key of this setting within the policy which contains it. Automatically generated. |
| ruleName | String | Name of the rule which this scheduled action applies to. |
Graph reference: deviceManagementConfigurationCategory
| Property | Type | Description |
|---|---|---|
| id | String | The unique identifier for the category. |
| description | String | Description of the category. For example: Display |
| categoryDescription | String | Description of the category header in policy summary. |
| helpText | String | Help text of the category. Give more details of the category. |
| name | String | Name of the item |
| displayName | String | Name of the category. For example: Device Lock |
| platforms | deviceManagementConfigurationPlatforms | Platforms types, which settings in the category have. Possible values are: none. android, androidEnterprise, iOs, macOs, windows10X, windows10, aosp, and linux. If this property is not set, or set to none, returns categories in all platforms. Supports: $filters, $select. Read-only. Possible values are: none, android, iOS, macOS, windows10X, windows10, linux, unknownFutureValue, androidEnterprise, aosp, visionOS, tvOS. |
| technologies | deviceManagementConfigurationTechnologies | Technologies types, which settings in the category have. Possible values are: none, mdm, configManager, intuneManagementExtension, thirdParty, documentGateway, appleRemoteManagement, microsoftSense, exchangeOnline, edgeMam, linuxMdm, extensibility, enrollment, endpointPrivilegeManagement. If this property is not set, or set to none, returns categories in all platforms. Supports: $filters, $select. Read-only. Possible values are: none, mdm, windows10XManagement, configManager, appleRemoteManagement, microsoftSense, exchangeOnline, mobileApplicationManagement, linuxMdm, extensibility, enrollment, endpointPrivilegeManagement, unknownFutureValue, windowsOsRecovery, android. |
| settingUsage | deviceManagementConfigurationSettingUsage | Indicates that the category contains settings that are used for compliance, configuration, or reusable settings. Possible values are: configuration, compliance, reusableSetting. Each setting usage has separate API end-point to call. Read-only. Possible values are: none, configuration, compliance, unknownFutureValue, inventory. |
| parentCategoryId | String | Direct parent id of the category. If the category is the root, the parent id is same as its id. |
| rootCategoryId | String | Root id of the category. |
| childCategoryIds | String collection | List of child ids of the category. |
Graph reference: deviceManagementConfigurationChoiceSettingCollectionDefinition
| Property | Type | Description |
|---|---|---|
| applicability | deviceManagementConfigurationSettingApplicability | Details which device setting is applicable on. Supports: $filters. Inherited from deviceManagementConfigurationSettingDefinition |
| accessTypes | deviceManagementConfigurationSettingAccessTypes | Read/write access mode of the setting Inherited from deviceManagementConfigurationSettingDefinition. Possible values are: none, add, copy, delete, get, replace, execute. |
| keywords | String collection | Tokens which to search settings on Inherited from deviceManagementConfigurationSettingDefinition |
| infoUrls | String collection | List of links more info for the setting can be found at. Inherited from deviceManagementConfigurationSettingDefinition |
| occurrence | deviceManagementConfigurationSettingOccurrence | Indicates whether the setting is required or not Inherited from deviceManagementConfigurationSettingDefinition |
| baseUri | String | Base CSP Path Inherited from deviceManagementConfigurationSettingDefinition |
| offsetUri | String | Offset CSP Path from Base Inherited from deviceManagementConfigurationSettingDefinition |
| rootDefinitionId | String | Root setting definition id if the setting is a child setting. Inherited from deviceManagementConfigurationSettingDefinition |
| categoryId | String | Specify category in which the setting is under. Support $filters. Inherited from deviceManagementConfigurationSettingDefinition |
| settingUsage | deviceManagementConfigurationSettingUsage | Indicate setting type for the setting. Possible values are: configuration, compliance, reusableSetting. Each setting usage has separate API end-point to call. Inherited from deviceManagementConfigurationSettingDefinition. Possible values are: none, configuration, compliance, unknownFutureValue, inventory. |
| uxBehavior | deviceManagementConfigurationControlType | Setting control type representation in the UX. Possible values are: default, dropdown, smallTextBox, largeTextBox, toggle, multiheaderGrid, contextPane. Inherited from deviceManagementConfigurationSettingDefinition. Possible values are: default, dropdown, smallTextBox, largeTextBox, toggle, multiheaderGrid, contextPane, unknownFutureValue. |
| visibility | deviceManagementConfigurationSettingVisibility | Setting visibility scope to UX. Possible values are: none, settingsCatalog, template. Inherited from deviceManagementConfigurationSettingDefinition. Possible values are: none, settingsCatalog, template, unknownFutureValue, inventoryCatalog. |
| riskLevel | deviceManagementConfigurationSettingRiskLevel | Setting risklevel. Possible values are: low, medium, high Inherited from deviceManagementConfigurationSettingDefinition. Possible values are: low, medium, high. |
| referredSettingInformationList | deviceManagementConfigurationReferredSettingInformation collection | List of referred setting information. Inherited from deviceManagementConfigurationSettingDefinition |
| id | String | Identifier for item Inherited from deviceManagementConfigurationSettingDefinition |
| description | String | Description of the setting. Inherited from deviceManagementConfigurationSettingDefinition |
| helpText | String | Help text of the setting. Give more details of the setting. Inherited from deviceManagementConfigurationSettingDefinition |
| name | String | Name of the item Inherited from deviceManagementConfigurationSettingDefinition |
| displayName | String | Name of the setting. For example: Allow Toast. Inherited from deviceManagementConfigurationSettingDefinition |
| version | String | Item Version Inherited from deviceManagementConfigurationSettingDefinition |
| options | deviceManagementConfigurationOptionDefinition collection | Options for the setting that can be selected. Inherited from deviceManagementConfigurationChoiceSettingDefinition |
| defaultOptionId | String | Default option for the choice setting. Inherited from deviceManagementConfigurationChoiceSettingDefinition |
| maximumCount | Int32 | Maximum number of choices in the collection. Valid values 1 to 100 |
| minimumCount | Int32 | Minimum number of choices in the collection. Valid values 1 to 100 |
Graph reference: deviceManagementConfigurationChoiceSettingDefinition
| Property | Type | Description |
|---|---|---|
| applicability | deviceManagementConfigurationSettingApplicability | Details which device setting is applicable on. Supports: $filters. Inherited from deviceManagementConfigurationSettingDefinition |
| accessTypes | deviceManagementConfigurationSettingAccessTypes | Read/write access mode of the setting Inherited from deviceManagementConfigurationSettingDefinition. Possible values are: none, add, copy, delete, get, replace, execute. |
| keywords | String collection | Tokens which to search settings on Inherited from deviceManagementConfigurationSettingDefinition |
| infoUrls | String collection | List of links more info for the setting can be found at. Inherited from deviceManagementConfigurationSettingDefinition |
| occurrence | deviceManagementConfigurationSettingOccurrence | Indicates whether the setting is required or not Inherited from deviceManagementConfigurationSettingDefinition |
| baseUri | String | Base CSP Path Inherited from deviceManagementConfigurationSettingDefinition |
| offsetUri | String | Offset CSP Path from Base Inherited from deviceManagementConfigurationSettingDefinition |
| rootDefinitionId | String | Root setting definition id if the setting is a child setting. Inherited from deviceManagementConfigurationSettingDefinition |
| categoryId | String | Specify category in which the setting is under. Support $filters. Inherited from deviceManagementConfigurationSettingDefinition |
| settingUsage | deviceManagementConfigurationSettingUsage | Indicate setting type for the setting. Possible values are: configuration, compliance, reusableSetting. Each setting usage has separate API end-point to call. Inherited from deviceManagementConfigurationSettingDefinition. Possible values are: none, configuration, compliance, unknownFutureValue, inventory. |
| uxBehavior | deviceManagementConfigurationControlType | Setting control type representation in the UX. Possible values are: default, dropdown, smallTextBox, largeTextBox, toggle, multiheaderGrid, contextPane. Inherited from deviceManagementConfigurationSettingDefinition. Possible values are: default, dropdown, smallTextBox, largeTextBox, toggle, multiheaderGrid, contextPane, unknownFutureValue. |
| visibility | deviceManagementConfigurationSettingVisibility | Setting visibility scope to UX. Possible values are: none, settingsCatalog, template. Inherited from deviceManagementConfigurationSettingDefinition. Possible values are: none, settingsCatalog, template, unknownFutureValue, inventoryCatalog. |
| riskLevel | deviceManagementConfigurationSettingRiskLevel | Setting risklevel. Possible values are: low, medium, high Inherited from deviceManagementConfigurationSettingDefinition. Possible values are: low, medium, high. |
| referredSettingInformationList | deviceManagementConfigurationReferredSettingInformation collection | List of referred setting information. Inherited from deviceManagementConfigurationSettingDefinition |
| id | String | Identifier for item Inherited from deviceManagementConfigurationSettingDefinition |
| description | String | Description of the setting. Inherited from deviceManagementConfigurationSettingDefinition |
| helpText | String | Help text of the setting. Give more details of the setting. Inherited from deviceManagementConfigurationSettingDefinition |
| name | String | Name of the item Inherited from deviceManagementConfigurationSettingDefinition |
| displayName | String | Name of the setting. For example: Allow Toast. Inherited from deviceManagementConfigurationSettingDefinition |
| version | String | Item Version Inherited from deviceManagementConfigurationSettingDefinition |
| options | deviceManagementConfigurationOptionDefinition collection | Options for the setting that can be selected. |
| defaultOptionId | String | Default option for the choice setting. |
Graph reference: deviceManagementConfigurationPolicy
| Property | Type | Description |
|---|---|---|
| id | String | Key of the policy document. Automatically generated. |
| name | String | Policy name |
| description | String | Policy description |
| platforms | deviceManagementConfigurationPlatforms | Platforms for this policy. Possible values are: none, android, iOS, macOS, windows10X, windows10, linux, unknownFutureValue, androidEnterprise, aosp. |
| technologies | deviceManagementConfigurationTechnologies | Technologies for this policy. Possible values are: none, mdm, windows10XManagement, configManager, appleRemoteManagement, microsoftSense, exchangeOnline, mobileApplicationManagement, linuxMdm, extensibility, enrollment, endpointPrivilegeManagement, unknownFutureValue, windowsOsRecovery, android. |
| createdDateTime | DateTimeOffset | Policy creation date and time |
| lastModifiedDateTime | DateTimeOffset | Policy last modification date and time |
| settingCount | Int32 | Number of settings |
| creationSource | String | Policy creation source |
| roleScopeTagIds | String collection | List of Scope Tags for this Entity instance. |
| isAssigned | Boolean | Policy assignment status. This property is read-only. |
| templateReference | deviceManagementConfigurationPolicyTemplateReference | Template reference information |
| priorityMetaData | deviceManagementPriorityMetaData | Indicates the priority of each policies that are selected by the admin during enrollment process |
Graph reference: deviceManagementConfigurationPolicyTemplate
| Property | Type | Description |
|---|---|---|
| id | String | Key of the template document, composed of BaseId and Version. Automatically generated. |
| baseId | String | Template base identifier |
| version | Int32 | Template version. Valid values 1 to 2147483647. This property is read-only. |
| displayName | String | Template display name |
| description | String | Template description |
| displayVersion | String | Description of template version |
| lifecycleState | deviceManagementTemplateLifecycleState | Indicate current lifecycle state of template. Possible values are: invalid, draft, active, superseded, deprecated, retired. |
| platforms | deviceManagementConfigurationPlatforms | Platforms for this template. Possible values are: none, android, iOS, macOS, windows10X, windows10, linux, unknownFutureValue, androidEnterprise, aosp, visionOS, tvOS. |
| technologies | deviceManagementConfigurationTechnologies | Technologies for this template. Possible values are: none, mdm, windows10XManagement, configManager, appleRemoteManagement, microsoftSense, exchangeOnline, mobileApplicationManagement, linuxMdm, extensibility, enrollment, endpointPrivilegeManagement, unknownFutureValue, windowsOsRecovery, android. |
| templateFamily | deviceManagementConfigurationTemplateFamily | TemplateFamily for this template. Possible values are: none, endpointSecurityAntivirus, endpointSecurityDiskEncryption, endpointSecurityFirewall, endpointSecurityEndpointDetectionAndResponse, endpointSecurityAttackSurfaceReduction, endpointSecurityAccountProtection, endpointSecurityApplicationControl, endpointSecurityEndpointPrivilegeManagement, enrollmentConfiguration, appQuietTime, baseline, unknownFutureValue, deviceConfigurationScripts, deviceConfigurationPolicies, windowsOsRecoveryPolicies, companyPortal. |
| allowUnmanagedSettings | Boolean | Allow unmanaged setting templates |
| settingTemplateCount | Int32 | Number of setting templates. Valid values 0 to 2147483647. This property is read-only. |
Graph reference: deviceManagementConfigurationRedirectSettingDefinition
| Property | Type | Description |
|---|---|---|
| applicability | deviceManagementConfigurationSettingApplicability | Details which device setting is applicable on. Supports: $filters. Inherited from deviceManagementConfigurationSettingDefinition |
| accessTypes | deviceManagementConfigurationSettingAccessTypes | Read/write access mode of the setting Inherited from deviceManagementConfigurationSettingDefinition. Possible values are: none, add, copy, delete, get, replace, execute. |
| keywords | String collection | Tokens which to search settings on Inherited from deviceManagementConfigurationSettingDefinition |
| infoUrls | String collection | List of links more info for the setting can be found at. Inherited from deviceManagementConfigurationSettingDefinition |
| occurrence | deviceManagementConfigurationSettingOccurrence | Indicates whether the setting is required or not Inherited from deviceManagementConfigurationSettingDefinition |
| baseUri | String | Base CSP Path Inherited from deviceManagementConfigurationSettingDefinition |
| offsetUri | String | Offset CSP Path from Base Inherited from deviceManagementConfigurationSettingDefinition |
| rootDefinitionId | String | Root setting definition id if the setting is a child setting. Inherited from deviceManagementConfigurationSettingDefinition |
| categoryId | String | Specify category in which the setting is under. Support $filters. Inherited from deviceManagementConfigurationSettingDefinition |
| settingUsage | deviceManagementConfigurationSettingUsage | Indicate setting type for the setting. Possible values are: configuration, compliance, reusableSetting. Each setting usage has separate API end-point to call. Inherited from deviceManagementConfigurationSettingDefinition. Possible values are: none, configuration, compliance, unknownFutureValue, inventory. |
| uxBehavior | deviceManagementConfigurationControlType | Setting control type representation in the UX. Possible values are: default, dropdown, smallTextBox, largeTextBox, toggle, multiheaderGrid, contextPane. Inherited from deviceManagementConfigurationSettingDefinition. Possible values are: default, dropdown, smallTextBox, largeTextBox, toggle, multiheaderGrid, contextPane, unknownFutureValue. |
| visibility | deviceManagementConfigurationSettingVisibility | Setting visibility scope to UX. Possible values are: none, settingsCatalog, template. Inherited from deviceManagementConfigurationSettingDefinition. Possible values are: none, settingsCatalog, template, unknownFutureValue, inventoryCatalog. |
| riskLevel | deviceManagementConfigurationSettingRiskLevel | Setting risklevel. Possible values are: low, medium, high Inherited from deviceManagementConfigurationSettingDefinition. Possible values are: low, medium, high. |
| referredSettingInformationList | deviceManagementConfigurationReferredSettingInformation collection | List of referred setting information. Inherited from deviceManagementConfigurationSettingDefinition |
| id | String | Identifier for item Inherited from deviceManagementConfigurationSettingDefinition |
| description | String | Description of the setting. Inherited from deviceManagementConfigurationSettingDefinition |
| helpText | String | Help text of the setting. Give more details of the setting. Inherited from deviceManagementConfigurationSettingDefinition |
| name | String | Name of the item Inherited from deviceManagementConfigurationSettingDefinition |
| displayName | String | Name of the setting. For example: Allow Toast. Inherited from deviceManagementConfigurationSettingDefinition |
| version | String | Item Version Inherited from deviceManagementConfigurationSettingDefinition |
| deepLink | String | A deep link that points to the specific location in the Intune console where feature support must be managed from. |
| redirectMessage | String | A message that explains that clicking the link will redirect the user to a supported page to manage the settings. |
| redirectReason | String | Indicates the reason for redirecting the user to an alternative location in the console. For example: WiFi profiles are not supported in the settings catalog and must be created with a template policy. |
Graph reference: deviceManagementConfigurationSetting
| Property | Type | Description |
|---|---|---|
| id | String | Key of this setting within the policy which contains it. Automatically generated. |
| settingInstance | deviceManagementConfigurationSettingInstance | Setting Instance |
Graph reference: deviceManagementConfigurationSettingDefinition
| Property | Type | Description |
|---|---|---|
| applicability | deviceManagementConfigurationSettingApplicability | Details which device setting is applicable on. Supports: $filters. |
| accessTypes | deviceManagementConfigurationSettingAccessTypes | Read/write access mode of the setting. Possible values are: none, add, copy, delete, get, replace, execute. |
| keywords | String collection | Tokens which to search settings on |
| infoUrls | String collection | List of links more info for the setting can be found at. |
| occurrence | deviceManagementConfigurationSettingOccurrence | Indicates whether the setting is required or not |
| baseUri | String | Base CSP Path |
| offsetUri | String | Offset CSP Path from Base |
| rootDefinitionId | String | Root setting definition id if the setting is a child setting. |
| categoryId | String | Specify category in which the setting is under. Support $filters. |
| settingUsage | deviceManagementConfigurationSettingUsage | Indicate setting type for the setting. Possible values are: configuration, compliance, reusableSetting. Each setting usage has separate API end-point to call. Possible values are: none, configuration, compliance, unknownFutureValue, inventory. |
| uxBehavior | deviceManagementConfigurationControlType | Setting control type representation in the UX. Possible values are: default, dropdown, smallTextBox, largeTextBox, toggle, multiheaderGrid, contextPane. Possible values are: default, dropdown, smallTextBox, largeTextBox, toggle, multiheaderGrid, contextPane, unknownFutureValue. |
| visibility | deviceManagementConfigurationSettingVisibility | Setting visibility scope to UX. Possible values are: none, settingsCatalog, template. Possible values are: none, settingsCatalog, template, unknownFutureValue, inventoryCatalog. |
| riskLevel | deviceManagementConfigurationSettingRiskLevel | Setting risklevel. Possible values are: low, medium, high. Possible values are: low, medium, high. |
| referredSettingInformationList | deviceManagementConfigurationReferredSettingInformation collection | List of referred setting information. |
| id | String | Identifier for item |
| description | String | Description of the setting. |
| helpText | String | Help text of the setting. Give more details of the setting. |
| name | String | Name of the item |
| displayName | String | Name of the setting. For example: Allow Toast. |
| version | String | Item Version |
Graph reference: deviceManagementConfigurationSettingGroupCollectionDefinition
| Property | Type | Description |
|---|---|---|
| applicability | deviceManagementConfigurationSettingApplicability | Details which device setting is applicable on. Supports: $filters. Inherited from deviceManagementConfigurationSettingDefinition |
| accessTypes | deviceManagementConfigurationSettingAccessTypes | Read/write access mode of the setting Inherited from deviceManagementConfigurationSettingDefinition. Possible values are: none, add, copy, delete, get, replace, execute. |
| keywords | String collection | Tokens which to search settings on Inherited from deviceManagementConfigurationSettingDefinition |
| infoUrls | String collection | List of links more info for the setting can be found at. Inherited from deviceManagementConfigurationSettingDefinition |
| occurrence | deviceManagementConfigurationSettingOccurrence | Indicates whether the setting is required or not Inherited from deviceManagementConfigurationSettingDefinition |
| baseUri | String | Base CSP Path Inherited from deviceManagementConfigurationSettingDefinition |
| offsetUri | String | Offset CSP Path from Base Inherited from deviceManagementConfigurationSettingDefinition |
| rootDefinitionId | String | Root setting definition id if the setting is a child setting. Inherited from deviceManagementConfigurationSettingDefinition |
| categoryId | String | Specify category in which the setting is under. Support $filters. Inherited from deviceManagementConfigurationSettingDefinition |
| settingUsage | deviceManagementConfigurationSettingUsage | Indicate setting type for the setting. Possible values are: configuration, compliance, reusableSetting. Each setting usage has separate API end-point to call. Inherited from deviceManagementConfigurationSettingDefinition. Possible values are: none, configuration, compliance, unknownFutureValue, inventory. |
| uxBehavior | deviceManagementConfigurationControlType | Setting control type representation in the UX. Possible values are: default, dropdown, smallTextBox, largeTextBox, toggle, multiheaderGrid, contextPane. Inherited from deviceManagementConfigurationSettingDefinition. Possible values are: default, dropdown, smallTextBox, largeTextBox, toggle, multiheaderGrid, contextPane, unknownFutureValue. |
| visibility | deviceManagementConfigurationSettingVisibility | Setting visibility scope to UX. Possible values are: none, settingsCatalog, template. Inherited from deviceManagementConfigurationSettingDefinition. Possible values are: none, settingsCatalog, template, unknownFutureValue, inventoryCatalog. |
| riskLevel | deviceManagementConfigurationSettingRiskLevel | Setting risklevel. Possible values are: low, medium, high Inherited from deviceManagementConfigurationSettingDefinition. Possible values are: low, medium, high. |
| referredSettingInformationList | deviceManagementConfigurationReferredSettingInformation collection | List of referred setting information. Inherited from deviceManagementConfigurationSettingDefinition |
| id | String | Identifier for item Inherited from deviceManagementConfigurationSettingDefinition |
| description | String | Description of the setting. Inherited from deviceManagementConfigurationSettingDefinition |
| helpText | String | Help text of the setting. Give more details of the setting. Inherited from deviceManagementConfigurationSettingDefinition |
| name | String | Name of the item Inherited from deviceManagementConfigurationSettingDefinition |
| displayName | String | Name of the setting. For example: Allow Toast. Inherited from deviceManagementConfigurationSettingDefinition |
| version | String | Item Version Inherited from deviceManagementConfigurationSettingDefinition |
| childIds | String collection | Dependent child settings to this group of settings. Inherited from deviceManagementConfigurationSettingGroupDefinition |
| dependentOn | deviceManagementConfigurationDependentOn collection | List of Dependencies for the setting group Inherited from deviceManagementConfigurationSettingGroupDefinition |
| dependedOnBy | deviceManagementConfigurationSettingDependedOnBy collection | List of child settings that depend on this setting Inherited from deviceManagementConfigurationSettingGroupDefinition |
| maximumCount | Int32 | Maximum number of setting group count in the collection. Valid values 1 to 100 |
| minimumCount | Int32 | Minimum number of setting group count in the collection. Valid values 1 to 100 |
Graph reference: deviceManagementConfigurationSettingGroupDefinition
| Property | Type | Description |
|---|---|---|
| applicability | deviceManagementConfigurationSettingApplicability | Details which device setting is applicable on. Supports: $filters. Inherited from deviceManagementConfigurationSettingDefinition |
| accessTypes | deviceManagementConfigurationSettingAccessTypes | Read/write access mode of the setting Inherited from deviceManagementConfigurationSettingDefinition. Possible values are: none, add, copy, delete, get, replace, execute. |
| keywords | String collection | Tokens which to search settings on Inherited from deviceManagementConfigurationSettingDefinition |
| infoUrls | String collection | List of links more info for the setting can be found at. Inherited from deviceManagementConfigurationSettingDefinition |
| occurrence | deviceManagementConfigurationSettingOccurrence | Indicates whether the setting is required or not Inherited from deviceManagementConfigurationSettingDefinition |
| baseUri | String | Base CSP Path Inherited from deviceManagementConfigurationSettingDefinition |
| offsetUri | String | Offset CSP Path from Base Inherited from deviceManagementConfigurationSettingDefinition |
| rootDefinitionId | String | Root setting definition id if the setting is a child setting. Inherited from deviceManagementConfigurationSettingDefinition |
| categoryId | String | Specify category in which the setting is under. Support $filters. Inherited from deviceManagementConfigurationSettingDefinition |
| settingUsage | deviceManagementConfigurationSettingUsage | Indicate setting type for the setting. Possible values are: configuration, compliance, reusableSetting. Each setting usage has separate API end-point to call. Inherited from deviceManagementConfigurationSettingDefinition. Possible values are: none, configuration, compliance, unknownFutureValue, inventory. |
| uxBehavior | deviceManagementConfigurationControlType | Setting control type representation in the UX. Possible values are: default, dropdown, smallTextBox, largeTextBox, toggle, multiheaderGrid, contextPane. Inherited from deviceManagementConfigurationSettingDefinition. Possible values are: default, dropdown, smallTextBox, largeTextBox, toggle, multiheaderGrid, contextPane, unknownFutureValue. |
| visibility | deviceManagementConfigurationSettingVisibility | Setting visibility scope to UX. Possible values are: none, settingsCatalog, template. Inherited from deviceManagementConfigurationSettingDefinition. Possible values are: none, settingsCatalog, template, unknownFutureValue, inventoryCatalog. |
| riskLevel | deviceManagementConfigurationSettingRiskLevel | Setting risklevel. Possible values are: low, medium, high Inherited from deviceManagementConfigurationSettingDefinition. Possible values are: low, medium, high. |
| referredSettingInformationList | deviceManagementConfigurationReferredSettingInformation collection | List of referred setting information. Inherited from deviceManagementConfigurationSettingDefinition |
| id | String | Identifier for item Inherited from deviceManagementConfigurationSettingDefinition |
| description | String | Description of the setting. Inherited from deviceManagementConfigurationSettingDefinition |
| helpText | String | Help text of the setting. Give more details of the setting. Inherited from deviceManagementConfigurationSettingDefinition |
| name | String | Name of the item Inherited from deviceManagementConfigurationSettingDefinition |
| displayName | String | Name of the setting. For example: Allow Toast. Inherited from deviceManagementConfigurationSettingDefinition |
| version | String | Item Version Inherited from deviceManagementConfigurationSettingDefinition |
| childIds | String collection | Dependent child settings to this group of settings. |
| dependentOn | deviceManagementConfigurationDependentOn collection | List of Dependencies for the setting group |
| dependedOnBy | deviceManagementConfigurationSettingDependedOnBy collection | List of child settings that depend on this setting |
Graph reference: deviceManagementConfigurationSettingTemplate
| Property | Type | Description |
|---|---|---|
| id | String | Key of this setting template within the policy template which contains it. Automatically generated. |
| settingInstanceTemplate | deviceManagementConfigurationSettingInstanceTemplate | Setting Instance Template |
Graph reference: deviceManagementConfigurationSimpleSettingCollectionDefinition
| Property | Type | Description |
|---|---|---|
| applicability | deviceManagementConfigurationSettingApplicability | Details which device setting is applicable on. Supports: $filters. Inherited from deviceManagementConfigurationSettingDefinition |
| accessTypes | deviceManagementConfigurationSettingAccessTypes | Read/write access mode of the setting Inherited from deviceManagementConfigurationSettingDefinition. Possible values are: none, add, copy, delete, get, replace, execute. |
| keywords | String collection | Tokens which to search settings on Inherited from deviceManagementConfigurationSettingDefinition |
| infoUrls | String collection | List of links more info for the setting can be found at. Inherited from deviceManagementConfigurationSettingDefinition |
| occurrence | deviceManagementConfigurationSettingOccurrence | Indicates whether the setting is required or not Inherited from deviceManagementConfigurationSettingDefinition |
| baseUri | String | Base CSP Path Inherited from deviceManagementConfigurationSettingDefinition |
| offsetUri | String | Offset CSP Path from Base Inherited from deviceManagementConfigurationSettingDefinition |
| rootDefinitionId | String | Root setting definition id if the setting is a child setting. Inherited from deviceManagementConfigurationSettingDefinition |
| categoryId | String | Specify category in which the setting is under. Support $filters. Inherited from deviceManagementConfigurationSettingDefinition |
| settingUsage | deviceManagementConfigurationSettingUsage | Indicate setting type for the setting. Possible values are: configuration, compliance, reusableSetting. Each setting usage has separate API end-point to call. Inherited from deviceManagementConfigurationSettingDefinition. Possible values are: none, configuration, compliance, unknownFutureValue, inventory. |
| uxBehavior | deviceManagementConfigurationControlType | Setting control type representation in the UX. Possible values are: default, dropdown, smallTextBox, largeTextBox, toggle, multiheaderGrid, contextPane. Inherited from deviceManagementConfigurationSettingDefinition. Possible values are: default, dropdown, smallTextBox, largeTextBox, toggle, multiheaderGrid, contextPane, unknownFutureValue. |
| visibility | deviceManagementConfigurationSettingVisibility | Setting visibility scope to UX. Possible values are: none, settingsCatalog, template. Inherited from deviceManagementConfigurationSettingDefinition. Possible values are: none, settingsCatalog, template, unknownFutureValue, inventoryCatalog. |
| riskLevel | deviceManagementConfigurationSettingRiskLevel | Setting risklevel. Possible values are: low, medium, high Inherited from deviceManagementConfigurationSettingDefinition. Possible values are: low, medium, high. |
| referredSettingInformationList | deviceManagementConfigurationReferredSettingInformation collection | List of referred setting information. Inherited from deviceManagementConfigurationSettingDefinition |
| id | String | Identifier for item Inherited from deviceManagementConfigurationSettingDefinition |
| description | String | Description of the setting. Inherited from deviceManagementConfigurationSettingDefinition |
| helpText | String | Help text of the setting. Give more details of the setting. Inherited from deviceManagementConfigurationSettingDefinition |
| name | String | Name of the item Inherited from deviceManagementConfigurationSettingDefinition |
| displayName | String | Name of the setting. For example: Allow Toast. Inherited from deviceManagementConfigurationSettingDefinition |
| version | String | Item Version Inherited from deviceManagementConfigurationSettingDefinition |
| valueDefinition | deviceManagementConfigurationSettingValueDefinition | Definition of the value for this setting. Inherited from deviceManagementConfigurationSimpleSettingDefinition |
| defaultValue | deviceManagementConfigurationSettingValue | Default setting value for this setting. Inherited from deviceManagementConfigurationSimpleSettingDefinition |
| dependentOn | deviceManagementConfigurationDependentOn collection | list of parent settings this setting is dependent on. Inherited from deviceManagementConfigurationSimpleSettingDefinition |
| dependedOnBy | deviceManagementConfigurationSettingDependedOnBy collection | list of child settings that depend on this setting. Inherited from deviceManagementConfigurationSimpleSettingDefinition |
| maximumCount | Int32 | Maximum number of simple settings in the collection. Valid values 1 to 100 |
| minimumCount | Int32 | Minimum number of simple settings in the collection. Valid values 1 to 100 |
Graph reference: deviceManagementConfigurationSimpleSettingDefinition
| Property | Type | Description |
|---|---|---|
| applicability | deviceManagementConfigurationSettingApplicability | Details which device setting is applicable on. Supports: $filters. Inherited from deviceManagementConfigurationSettingDefinition |
| accessTypes | deviceManagementConfigurationSettingAccessTypes | Read/write access mode of the setting Inherited from deviceManagementConfigurationSettingDefinition. Possible values are: none, add, copy, delete, get, replace, execute. |
| keywords | String collection | Tokens which to search settings on Inherited from deviceManagementConfigurationSettingDefinition |
| infoUrls | String collection | List of links more info for the setting can be found at. Inherited from deviceManagementConfigurationSettingDefinition |
| occurrence | deviceManagementConfigurationSettingOccurrence | Indicates whether the setting is required or not Inherited from deviceManagementConfigurationSettingDefinition |
| baseUri | String | Base CSP Path Inherited from deviceManagementConfigurationSettingDefinition |
| offsetUri | String | Offset CSP Path from Base Inherited from deviceManagementConfigurationSettingDefinition |
| rootDefinitionId | String | Root setting definition id if the setting is a child setting. Inherited from deviceManagementConfigurationSettingDefinition |
| categoryId | String | Specify category in which the setting is under. Support $filters. Inherited from deviceManagementConfigurationSettingDefinition |
| settingUsage | deviceManagementConfigurationSettingUsage | Indicate setting type for the setting. Possible values are: configuration, compliance, reusableSetting. Each setting usage has separate API end-point to call. Inherited from deviceManagementConfigurationSettingDefinition. Possible values are: none, configuration, compliance, unknownFutureValue, inventory. |
| uxBehavior | deviceManagementConfigurationControlType | Setting control type representation in the UX. Possible values are: default, dropdown, smallTextBox, largeTextBox, toggle, multiheaderGrid, contextPane. Inherited from deviceManagementConfigurationSettingDefinition. Possible values are: default, dropdown, smallTextBox, largeTextBox, toggle, multiheaderGrid, contextPane, unknownFutureValue. |
| visibility | deviceManagementConfigurationSettingVisibility | Setting visibility scope to UX. Possible values are: none, settingsCatalog, template. Inherited from deviceManagementConfigurationSettingDefinition. Possible values are: none, settingsCatalog, template, unknownFutureValue, inventoryCatalog. |
| riskLevel | deviceManagementConfigurationSettingRiskLevel | Setting risklevel. Possible values are: low, medium, high Inherited from deviceManagementConfigurationSettingDefinition. Possible values are: low, medium, high. |
| referredSettingInformationList | deviceManagementConfigurationReferredSettingInformation collection | List of referred setting information. Inherited from deviceManagementConfigurationSettingDefinition |
| id | String | Identifier for item Inherited from deviceManagementConfigurationSettingDefinition |
| description | String | Description of the setting. Inherited from deviceManagementConfigurationSettingDefinition |
| helpText | String | Help text of the setting. Give more details of the setting. Inherited from deviceManagementConfigurationSettingDefinition |
| name | String | Name of the item Inherited from deviceManagementConfigurationSettingDefinition |
| displayName | String | Name of the setting. For example: Allow Toast. Inherited from deviceManagementConfigurationSettingDefinition |
| version | String | Item Version Inherited from deviceManagementConfigurationSettingDefinition |
| valueDefinition | deviceManagementConfigurationSettingValueDefinition | Definition of the value for this setting. |
| defaultValue | deviceManagementConfigurationSettingValue | Default setting value for this setting. |
| dependentOn | deviceManagementConfigurationDependentOn collection | list of parent settings this setting is dependent on. |
| dependedOnBy | deviceManagementConfigurationSettingDependedOnBy collection | list of child settings that depend on this setting. |
Graph reference: deviceManagementReusablePolicySetting
| Property | Type | Description |
|---|---|---|
| id | String | system generated reusable setting id. |
| displayName | String | reusable setting display name supplied by user. |
| description | String | reusable setting description supplied by user. |
| settingDefinitionId | String | setting definition id associated with this reusable setting. |
| settingInstance | deviceManagementConfigurationSettingInstance | reusable setting configuration instance |
| createdDateTime | DateTimeOffset | reusable setting creation date and time. This property is read-only. |
| lastModifiedDateTime | DateTimeOffset | date and time when reusable setting was last modified. This property is read-only. |
| version | Int32 | version number for reusable setting. Valid values 0 to 2147483647. This property is read-only. |
| referencingConfigurationPolicyCount | Int32 | count of configuration policies referencing the current reusable setting. Valid values 0 to 2147483647. This property is read-only. |
Graph reference: deviceManagementTemplateInsightsDefinition
| Property | Type | Description |
|---|---|---|
| id | String | Key of Templateinsights document. |
| settingInsights | deviceManagementSettingInsightsDefinition collection | Setting insights in a template |
Graph reference: deviceManagementAbstractComplexSettingDefinition
| Property | Type | Description |
|---|---|---|
| id | String | The ID of the setting definition Inherited from deviceManagementSettingDefinition |
| valueType | deviceManangementIntentValueType | The data type of the value Inherited from deviceManagementSettingDefinition. Possible values are: integer, boolean, string, complex, collection, abstractComplex. |
| displayName | String | The setting's display name Inherited from deviceManagementSettingDefinition |
| isTopLevel | Boolean | If the setting is top level, it can be configured without the need to be wrapped in a collection or complex setting Inherited from deviceManagementSettingDefinition |
| description | String | The setting's description Inherited from deviceManagementSettingDefinition |
| placeholderText | String | Placeholder text as an example of valid input Inherited from deviceManagementSettingDefinition |
| documentationUrl | String | Url to setting documentation Inherited from deviceManagementSettingDefinition |
| headerTitle | String | title of the setting header represents a category/section of a setting/settings Inherited from deviceManagementSettingDefinition |
| headerSubtitle | String | subtitle of the setting header for more details about the category/section Inherited from deviceManagementSettingDefinition |
| keywords | String collection | Keywords associated with the setting Inherited from deviceManagementSettingDefinition |
| constraints | deviceManagementConstraint collection | Collection of constraints for the setting value Inherited from deviceManagementSettingDefinition |
| dependencies | deviceManagementSettingDependency collection | Collection of dependencies on other settings Inherited from deviceManagementSettingDefinition |
| implementations | String collection | List of definition IDs for all possible implementations of this abstract complex setting |
Graph reference: deviceManagementAbstractComplexSettingInstance
| Property | Type | Description |
|---|---|---|
| id | String | The setting instance ID Inherited from deviceManagementSettingInstance |
| definitionId | String | The ID of the setting definition for this instance Inherited from deviceManagementSettingInstance |
| valueJson | String | JSON representation of the value Inherited from deviceManagementSettingInstance |
| implementationId | String | The definition ID for the chosen implementation of this complex setting |
Graph reference: deviceManagementBooleanSettingInstance
| Property | Type | Description |
|---|---|---|
| id | String | The setting instance ID Inherited from deviceManagementSettingInstance |
| definitionId | String | The ID of the setting definition for this instance Inherited from deviceManagementSettingInstance |
| valueJson | String | JSON representation of the value Inherited from deviceManagementSettingInstance |
| value | Boolean | The boolean value |
Graph reference: deviceManagementCollectionSettingDefinition
| Property | Type | Description |
|---|---|---|
| id | String | The ID of the setting definition Inherited from deviceManagementSettingDefinition |
| valueType | deviceManangementIntentValueType | The data type of the value Inherited from deviceManagementSettingDefinition. Possible values are: integer, boolean, string, complex, collection, abstractComplex. |
| displayName | String | The setting's display name Inherited from deviceManagementSettingDefinition |
| isTopLevel | Boolean | If the setting is top level, it can be configured without the need to be wrapped in a collection or complex setting Inherited from deviceManagementSettingDefinition |
| description | String | The setting's description Inherited from deviceManagementSettingDefinition |
| placeholderText | String | Placeholder text as an example of valid input Inherited from deviceManagementSettingDefinition |
| documentationUrl | String | Url to setting documentation Inherited from deviceManagementSettingDefinition |
| headerTitle | String | title of the setting header represents a category/section of a setting/settings Inherited from deviceManagementSettingDefinition |
| headerSubtitle | String | subtitle of the setting header for more details about the category/section Inherited from deviceManagementSettingDefinition |
| keywords | String collection | Keywords associated with the setting Inherited from deviceManagementSettingDefinition |
| constraints | deviceManagementConstraint collection | Collection of constraints for the setting value Inherited from deviceManagementSettingDefinition |
| dependencies | deviceManagementSettingDependency collection | Collection of dependencies on other settings Inherited from deviceManagementSettingDefinition |
| elementDefinitionId | String | The Setting Definition ID that describes what each element of the collection looks like |
Graph reference: deviceManagementCollectionSettingInstance
| Property | Type | Description |
|---|---|---|
| id | String | The setting instance ID Inherited from deviceManagementSettingInstance |
| definitionId | String | The ID of the setting definition for this instance Inherited from deviceManagementSettingInstance |
| valueJson | String | JSON representation of the value Inherited from deviceManagementSettingInstance |
Graph reference: deviceManagementComplexSettingDefinition
| Property | Type | Description |
|---|---|---|
| id | String | The ID of the setting definition Inherited from deviceManagementSettingDefinition |
| valueType | deviceManangementIntentValueType | The data type of the value Inherited from deviceManagementSettingDefinition. Possible values are: integer, boolean, string, complex, collection, abstractComplex. |
| displayName | String | The setting's display name Inherited from deviceManagementSettingDefinition |
| isTopLevel | Boolean | If the setting is top level, it can be configured without the need to be wrapped in a collection or complex setting Inherited from deviceManagementSettingDefinition |
| description | String | The setting's description Inherited from deviceManagementSettingDefinition |
| placeholderText | String | Placeholder text as an example of valid input Inherited from deviceManagementSettingDefinition |
| documentationUrl | String | Url to setting documentation Inherited from deviceManagementSettingDefinition |
| headerTitle | String | title of the setting header represents a category/section of a setting/settings Inherited from deviceManagementSettingDefinition |
| headerSubtitle | String | subtitle of the setting header for more details about the category/section Inherited from deviceManagementSettingDefinition |
| keywords | String collection | Keywords associated with the setting Inherited from deviceManagementSettingDefinition |
| constraints | deviceManagementConstraint collection | Collection of constraints for the setting value Inherited from deviceManagementSettingDefinition |
| dependencies | deviceManagementSettingDependency collection | Collection of dependencies on other settings Inherited from deviceManagementSettingDefinition |
| propertyDefinitionIds | String collection | The definitions of each property of the complex setting |
Graph reference: deviceManagementComplexSettingInstance
| Property | Type | Description |
|---|---|---|
| id | String | The setting instance ID Inherited from deviceManagementSettingInstance |
| definitionId | String | The ID of the setting definition for this instance Inherited from deviceManagementSettingInstance |
| valueJson | String | JSON representation of the value Inherited from deviceManagementSettingInstance |
Graph reference: deviceManagementIntegerSettingInstance
| Property | Type | Description |
|---|---|---|
| id | String | The setting instance ID Inherited from deviceManagementSettingInstance |
| definitionId | String | The ID of the setting definition for this instance Inherited from deviceManagementSettingInstance |
| valueJson | String | JSON representation of the value Inherited from deviceManagementSettingInstance |
| value | Int32 | The integer value |
Graph reference: deviceManagementIntent
| Property | Type | Description |
|---|---|---|
| id | String | The intent ID |
| displayName | String | The user given display name |
| description | String | The user given description |
| isAssigned | Boolean | Signifies whether or not the intent is assigned to users |
| isMigratingToConfigurationPolicy | Boolean | Signifies whether or not the intent is being migrated to the configurationPolicies endpoint |
| lastModifiedDateTime | DateTimeOffset | When the intent was last modified |
| templateId | String | The ID of the template this intent was created from (if any) |
| roleScopeTagIds | String collection | List of Scope Tags for this Entity instance. |
Graph reference: deviceManagementIntentAssignment
| Property | Type | Description |
|---|---|---|
| id | String | The assignment ID |
| target | deviceAndAppManagementAssignmentTarget | The assignment target |
Graph reference: deviceManagementIntentCustomizedSetting
| Property | Type | Description |
|---|---|---|
| definitionId | String | The ID of the setting definition for this setting |
| defaultJson | String | JSON representation of the default value from the template |
| customizedJson | String | JSON representation of the customized value, if different from default |
Graph reference: deviceManagementIntentDeviceSettingStateSummary
| Property | Type | Description |
|---|---|---|
| id | String | The ID |
| settingName | String | Name of a setting |
| compliantCount | Int32 | Number of compliant devices |
| conflictCount | Int32 | Number of devices in conflict |
| errorCount | Int32 | Number of error devices |
| nonCompliantCount | Int32 | Number of non compliant devices |
| notApplicableCount | Int32 | Number of not applicable devices |
| remediatedCount | Int32 | Number of remediated devices |
Graph reference: deviceManagementIntentDeviceState
| Property | Type | Description |
|---|---|---|
| id | String | The ID |
| userPrincipalName | String | The user principal name that is being reported on a device |
| userName | String | The user name that is being reported on a device |
| deviceDisplayName | String | Device name that is being reported |
| lastReportedDateTime | DateTimeOffset | Last modified date time of an intent report |
| state | complianceStatus | Device state for an intent. Possible values are: unknown, notApplicable, compliant, remediated, nonCompliant, error, conflict, notAssigned. |
| deviceId | String | Device id that is being reported |
Graph reference: deviceManagementIntentDeviceStateSummary
| Property | Type | Description |
|---|---|---|
| id | String | The ID |
| conflictCount | Int32 | Number of devices in conflict |
| errorCount | Int32 | Number of error devices |
| failedCount | Int32 | Number of failed devices |
| notApplicableCount | Int32 | Number of not applicable devices |
| notApplicablePlatformCount | Int32 | Number of not applicable devices due to mismatch platform and policy |
| successCount | Int32 | Number of succeeded devices |
Graph reference: deviceManagementIntentSettingCategory
| Property | Type | Description |
|---|---|---|
| id | String | The category ID Inherited from deviceManagementSettingCategory |
| displayName | String | The category name Inherited from deviceManagementSettingCategory |
| hasRequiredSetting | Boolean | The category contains top level required setting Inherited from deviceManagementSettingCategory |
Graph reference: deviceManagementIntentUserState
| Property | Type | Description |
|---|---|---|
| id | String | The ID |
| userPrincipalName | String | The user principal name that is being reported on a device |
| userName | String | The user name that is being reported on a device |
| deviceCount | Int32 | Count of Devices that belongs to a user for an intent |
| lastReportedDateTime | DateTimeOffset | Last modified date time of an intent report |
| state | complianceStatus | User state for an intent. Possible values are: unknown, notApplicable, compliant, remediated, nonCompliant, error, conflict, notAssigned. |
Graph reference: deviceManagementIntentUserStateSummary
| Property | Type | Description |
|---|---|---|
| id | String | The ID |
| conflictCount | Int32 | Number of users in conflict |
| errorCount | Int32 | Number of error users |
| failedCount | Int32 | Number of failed users |
| notApplicableCount | Int32 | Number of not applicable users |
| successCount | Int32 | Number of succeeded users |
Graph reference: deviceManagementSettingCategory
| Property | Type | Description |
|---|---|---|
| id | String | The category ID |
| displayName | String | The category name |
| hasRequiredSetting | Boolean | The category contains top level required setting |
Graph reference: deviceManagementSettingComparison
| Property | Type | Description |
|---|---|---|
| id | String | The setting ID |
| displayName | String | The setting's display name |
| definitionId | String | The ID of the setting definition for this instance |
| currentValueJson | String | JSON representation of current intent (or) template setting's value |
| newValueJson | String | JSON representation of new template setting's value |
| comparisonResult | deviceManagementComparisonResult | Setting comparison result. Possible values are: unknown, equal, notEqual, added, removed. |
Graph reference: deviceManagementSettingDefinition
| Property | Type | Description |
|---|---|---|
| id | String | The ID of the setting definition |
| valueType | deviceManangementIntentValueType | The data type of the value. Possible values are: integer, boolean, string, complex, collection, abstractComplex. |
| displayName | String | The setting's display name |
| isTopLevel | Boolean | If the setting is top level, it can be configured without the need to be wrapped in a collection or complex setting |
| description | String | The setting's description |
| placeholderText | String | Placeholder text as an example of valid input |
| documentationUrl | String | Url to setting documentation |
| headerTitle | String | title of the setting header represents a category/section of a setting/settings |
| headerSubtitle | String | subtitle of the setting header for more details about the category/section |
| keywords | String collection | Keywords associated with the setting |
| constraints | deviceManagementConstraint collection | Collection of constraints for the setting value |
| dependencies | deviceManagementSettingDependency collection | Collection of dependencies on other settings |
Graph reference: deviceManagementSettingInstance
| Property | Type | Description |
|---|---|---|
| id | String | The setting instance ID |
| definitionId | String | The ID of the setting definition for this instance |
| valueJson | String | JSON representation of the value |
Graph reference: deviceManagementStringSettingInstance
| Property | Type | Description |
|---|---|---|
| id | String | The setting instance ID Inherited from deviceManagementSettingInstance |
| definitionId | String | The ID of the setting definition for this instance Inherited from deviceManagementSettingInstance |
| valueJson | String | JSON representation of the value Inherited from deviceManagementSettingInstance |
| value | String | The string value |
Graph reference: deviceManagementTemplate
| Property | Type | Description |
|---|---|---|
| id | String | The template ID |
| displayName | String | The template's display name |
| description | String | The template's description |
| versionInfo | String | The template's version information |
| isDeprecated | Boolean | The template is deprecated or not. Intents cannot be created from a deprecated template. |
| intentCount | Int32 | Number of Intents created from this template. |
| templateType | deviceManagementTemplateType | The template's type. Possible values are: securityBaseline, specializedDevices, advancedThreatProtectionSecurityBaseline, deviceConfiguration, custom, securityTemplate, microsoftEdgeSecurityBaseline, microsoftOffice365ProPlusSecurityBaseline, deviceCompliance, deviceConfigurationForOffice365, cloudPC, firewallSharedSettings. |
| platformType | policyPlatformType | The template's platform. Possible values are: android, androidForWork, iOS, macOS, windowsPhone81, windows81AndLater, windows10AndLater, androidWorkProfile, windows10XProfile, all. |
| templateSubtype | deviceManagementTemplateSubtype | The template's subtype. Possible values are: none, firewall, diskEncryption, attackSurfaceReduction, endpointDetectionReponse, accountProtection, antivirus, firewallSharedAppList, firewallSharedIpList, firewallSharedPortlist. |
| publishedDateTime | DateTimeOffset | When the template was published |
Graph reference: deviceManagementTemplateSettingCategory
| Property | Type | Description |
|---|---|---|
| id | String | The category ID Inherited from deviceManagementSettingCategory |
| displayName | String | The category name Inherited from deviceManagementSettingCategory |
| hasRequiredSetting | Boolean | The category contains top level required setting Inherited from deviceManagementSettingCategory |
Graph reference: securityBaselineCategoryStateSummary
| Property | Type | Description |
|---|---|---|
| id | String | Unique identifier of the entity. Inherited from securityBaselineStateSummary |
| secureCount | Int32 | Number of secure devices Inherited from securityBaselineStateSummary |
| notSecureCount | Int32 | Number of not secure devices Inherited from securityBaselineStateSummary |
| unknownCount | Int32 | Number of unknown devices Inherited from securityBaselineStateSummary |
| errorCount | Int32 | Number of error devices Inherited from securityBaselineStateSummary |
| conflictCount | Int32 | Number of conflict devices Inherited from securityBaselineStateSummary |
| notApplicableCount | Int32 | Number of not applicable devices Inherited from securityBaselineStateSummary |
| displayName | String | The category name |
Graph reference: securityBaselineDeviceState
| Property | Type | Description |
|---|---|---|
| id | String | Unique identifier of the entity |
| managedDeviceId | String | Intune device id |
| deviceDisplayName | String | Display name of the device |
| userPrincipalName | String | User Principal Name |
| state | securityBaselineComplianceState | Security baseline compliance state. Possible values are: unknown, secure, notApplicable, notSecure, error, conflict. |
| lastReportedDateTime | DateTimeOffset | Last modified date time of the policy report |
Graph reference: securityBaselineStateSummary
| Property | Type | Description |
|---|---|---|
| id | String | Unique identifier of the entity. |
| secureCount | Int32 | Number of secure devices |
| notSecureCount | Int32 | Number of not secure devices |
| unknownCount | Int32 | Number of unknown devices |
| errorCount | Int32 | Number of error devices |
| conflictCount | Int32 | Number of conflict devices |
| notApplicableCount | Int32 | Number of not applicable devices |
Graph reference: securityBaselineTemplate
| Property | Type | Description |
|---|---|---|
| id | String | The template ID Inherited from deviceManagementTemplate |
| displayName | String | The template's display name Inherited from deviceManagementTemplate |
| description | String | The template's description Inherited from deviceManagementTemplate |
| versionInfo | String | The template's version information Inherited from deviceManagementTemplate |
| isDeprecated | Boolean | The template is deprecated or not. Intents cannot be created from a deprecated template. Inherited from deviceManagementTemplate |
| intentCount | Int32 | Number of Intents created from this template. Inherited from deviceManagementTemplate |
| templateType | deviceManagementTemplateType | The template's type. Inherited from deviceManagementTemplate. Possible values are: securityBaseline, specializedDevices, advancedThreatProtectionSecurityBaseline, deviceConfiguration, custom, securityTemplate, microsoftEdgeSecurityBaseline, microsoftOffice365ProPlusSecurityBaseline, deviceCompliance, deviceConfigurationForOffice365, cloudPC, firewallSharedSettings. |
| platformType | policyPlatformType | The template's platform. Inherited from deviceManagementTemplate. Possible values are: android, androidForWork, iOS, macOS, windowsPhone81, windows81AndLater, windows10AndLater, androidWorkProfile, windows10XProfile, all. |
| templateSubtype | deviceManagementTemplateSubtype | The template's subtype. Inherited from deviceManagementTemplate. Possible values are: none, firewall, diskEncryption, attackSurfaceReduction, endpointDetectionReponse, accountProtection, antivirus, firewallSharedAppList, firewallSharedIpList, firewallSharedPortlist. |
| publishedDateTime | DateTimeOffset | When the template was published Inherited from deviceManagementTemplate |
Graph reference: applePushNotificationCertificate
| Property | Type | Description |
|---|---|---|
| id | String | Unique Identifier for the certificate |
| appleIdentifier | String | Apple Id of the account used to create the MDM push certificate. |
| topicIdentifier | String | Topic Id. |
| lastModifiedDateTime | DateTimeOffset | Last modified date and time for Apple push notification certificate. |
| expirationDateTime | DateTimeOffset | The expiration date and time for Apple push notification certificate. |
| certificateUploadStatus | String | The certificate upload status. |
| certificateUploadFailureReason | String | The reason the certificate upload failed. |
| certificateSerialNumber | String | Certificate serial number. This property is read-only. |
| certificate | String | Not yet documented |
Graph reference: appLogCollectionDownloadDetails
| Property | Type | Description |
|---|---|---|
| downloadUrl | String | Download SAS (Shared Access Signature) Url for completed app log request. |
| decryptionKey | String | Decryption key that used to decrypt the log. |
| appLogDecryptionAlgorithm | appLogDecryptionAlgorithm | Decryption algorithm for Content. Default is ASE256. Possible values are: aes256, unknownFutureValue. |
Graph reference: appLogCollectionRequest
| Property | Type | Description |
|---|---|---|
| id | String | The unique Identifier. This is userId_DeviceId_AppId id. |
| status | appLogUploadState | Indicates the status for the app log collection request if it is pending, completed or failed, Default is pending. Possible values are: pending, completed, failed, unknownFutureValue. |
| errorMessage | String | Indicates error message if any during the upload process. |
| customLogFolders | String collection | List of log folders. |
| completedDateTime | DateTimeOffset | Time at which the upload log request reached a completed state if not completed yet NULL will be returned. |
Graph reference: bulkManagedDeviceActionResult
| Property | Type | Description |
|---|---|---|
| successfulDeviceIds | String collection | Successful devices |
| failedDeviceIds | String collection | Failed devices |
| notFoundDeviceIds | String collection | Not found devices |
| notSupportedDeviceIds | String collection | Not supported devices |
Graph reference: cloudPCConnectivityIssue
| Property | Type | Description |
|---|---|---|
| id | String | The unique identifier of the user experience analytics connectivity issue event entity. |
| deviceId | String | The Intune DeviceId of the device the connection is associated with. |
| errorCode | String | The error code of the connectivity issue. |
| errorDateTime | DateTimeOffset | The time that the connection initiated. The time is shown in ISO 8601 format and Coordinated Universal Time (UTC) time. |
| userId | String | The unique id of user who initialize the connection. |
| errorDescription | String | The detailed description of what went wrong. |
| recommendedAction | String | The recommended action to fix the corresponding error. |
Graph reference: comanagedDevicesSummary
| Property | Type | Description |
|---|---|---|
| inventoryCount | Int32 | Number of devices with Inventory swung-over. This property is read-only. |
| compliancePolicyCount | Int32 | Number of devices with CompliancePolicy swung-over. This property is read-only. |
| resourceAccessCount | Int32 | Number of devices with ResourceAccess swung-over. This property is read-only. |
| configurationSettingsCount | Int32 | Number of devices with ConfigurationSettings swung-over. This property is read-only. |
| windowsUpdateForBusinessCount | Int32 | Number of devices with WindowsUpdateForBusiness swung-over. This property is read-only. |
| endpointProtectionCount | Int32 | Number of devices with EndpointProtection swung-over. This property is read-only. |
| modernAppsCount | Int32 | Number of devices with ModernApps swung-over. This property is read-only. |
| officeAppsCount | Int32 | Number of devices with OfficeApps swung-over. This property is read-only. |
| totalComanagedCount | Int32 | Number of Co-Managed Devices. This property is read-only. |
Graph reference: comanagementEligibleDevice
| Property | Type | Description |
|---|---|---|
| id | String | Unique Id for the device |
| deviceName | String | DeviceName |
| deviceType | deviceType | DeviceType. Possible values are: desktop, windowsRT, winMO6, nokia, windowsPhone, mac, winCE, winEmbedded, iPhone, iPad, iPod, android, iSocConsumer, unix, macMDM, holoLens, surfaceHub, androidForWork, androidEnterprise, windows10x, androidnGMS, chromeOS, linux, visionOS, tvOS, blackberry, palm, unknown, cloudPC. |
| clientRegistrationStatus | deviceRegistrationState | ClientRegistrationStatus. Possible values are: notRegistered, registered, revoked, keyConflict, approvalPending, certificateReset, notRegisteredPendingEnrollment, unknown. |
| ownerType | ownerType | OwnerType. Possible values are: unknown, company, personal. |
| managementAgents | managementAgentType | ManagementAgents. Possible values are: eas, mdm, easMdm, intuneClient, easIntuneClient, configurationManagerClient, configurationManagerClientMdm, configurationManagerClientMdmEas, unknown, jamf, googleCloudDevicePolicyController, microsoft365ManagedMdm, msSense, intuneAosp, google, unknownFutureValue. |
| managementState | managementState | ManagementState. Possible values are: managed, retirePending, retireFailed, wipePending, wipeFailed, unhealthy, deletePending, retireIssued, wipeIssued, wipeCanceled, retireCanceled, discovered. |
| referenceId | String | ReferenceId |
| mdmStatus | String | MDMStatus |
| osVersion | String | OSVersion |
| serialNumber | String | SerialNumber |
| manufacturer | String | Manufacturer |
| model | String | Model |
| osDescription | String | OSDescription |
| entitySource | Int32 | EntitySource |
| userId | String | UserId |
| upn | String | UPN |
| userEmail | String | UserEmail |
| userName | String | UserName |
| status | comanagementEligibleType | ComanagementEligibleStatus. Possible values are: comanaged, eligible, eligibleButNotAzureAdJoined, needsOsUpdate, ineligible, scheduledForEnrollment, unknownFutureValue. |
Graph reference: comanagementEligibleDevicesSummary
| Property | Type | Description |
|---|---|---|
| comanagedCount | Int32 | Count of devices already Co-Managed |
| eligibleCount | Int32 | Count of devices fully eligible for Co-Management |
| scheduledForEnrollmentCount | Int32 | Count of devices scheduled for Co-Management enrollment. Valid values 0 to 9999999 |
| eligibleButNotAzureAdJoinedCount | Int32 | Count of devices eligible for Co-Management but not yet joined to Azure Active Directory |
| needsOsUpdateCount | Int32 | Count of devices that will be eligible for Co-Management after an OS update |
| ineligibleCount | Int32 | Count of devices ineligible for Co-Management |
Graph reference: dataSharingConsent
| Property | Type | Description |
|---|---|---|
| id | String | The data sharing consent Id |
| serviceDisplayName | String | The display name of the service work flow |
| termsUrl | String | The TermsUrl for the data sharing consent |
| granted | Boolean | The granted state for the data sharing consent |
| grantDateTime | DateTimeOffset | The time consent was granted for this account |
| grantedByUpn | String | The Upn of the user that granted consent for this account |
| grantedByUserId | String | The UserId of the user that granted consent for this account |
Graph reference: detectedApp
| Property | Type | Description |
|---|---|---|
| id | String | The unique Identifier for the detected application. This is automatically generated by Intune at the time the application is created. Read-only. |
| displayName | String | Name of the discovered application. Read-only |
| version | String | Version of the discovered application. Read-only |
| sizeInByte | Int64 | Discovered application size in bytes. Read-only |
| deviceCount | Int32 | The number of devices that have installed this application |
| publisher | String | Indicates the publisher of the discovered application. For example: 'Microsoft'. The default value is an empty string. |
| platform | detectedAppPlatformType | Indicates the operating system / platform of the discovered application. Some possible values are Windows, iOS, macOS. The default value is unknown (0). Possible values are: unknown, windows, windowsMobile, windowsHolographic, ios, macOS, chromeOS, androidOSP, androidDeviceAdministrator, androidWorkProfile, androidDedicatedAndFullyManaged, unknownFutureValue. |
Graph reference: deviceAppManagement
| Property | Type | Description |
|---|---|---|
| id | String | Key of the entity. |
Graph reference: deviceAssignmentItem
| Property | Type | Description |
|---|---|---|
| itemId | String | The unique identifier for the application or configuration. ItemId is required property which needs to be set in the action POST request parameter for the DeviceAssignmentItem intended to remove. Max length is 40 |
| itemType | deviceAssignmentItemType | Indicates the application or configuration type. ItemType is required property which needs to be set in the action POST request parameter for the DeviceAssignmentItem intended to remove. Possible values are: application, deviceConfiguration, deviceManagementConfigurationPolicy, mobileAppConfiguration. application itemType is default value. Possible values are: application, deviceConfiguration, deviceManagementConfigurationPolicy, mobileAppConfiguration, unknownFutureValue. |
| itemSubTypeDisplayName | String | Indicates the specific type for the application or configuration. For example, unknown, application, appConfiguration, exploitProtection, bitLocker, deviceControl, microsoftEdgeBaseline, attackSurfaceReductionRulesConfigMgr, endpointDetectionandResponse, windowsUpdateforBusiness, microsoftDefenderFirewallRules, applicationControl, microsoftDefenderAntivirusexclusions, microsoftDefenderAntivirus, wiredNetwork, derivedPersonalIdentityVerificationCredential, windowsHealthMonitoring, extensions, mxProfileZebraOnly, deviceFirmwareConfigurationInterface, deliveryOptimization, identityProtection, kiosk, overrideGroupPolicy, domainJoinPreview, pkcsImportedCertificate, networkBoundary, endpointProtection, microsoftDefenderAtpWindows10Desktop, sharedMultiUserDevice, deviceFeatures, secureAssessmentEducation, wiFiImport, editionUpgradeAndModeSwitch, vpn, custom, softwareUpdates, deviceRestrictionsWindows10Team, email, trustedCertificate, scepCertificate, emailSamsungKnoxOnly, pkcsCertificate, deviceRestrictions, wiFi, settingsCatalog. Read-Only. Returned in the action result. Default value is null. The property value cannot be modified and is automatically populated with the action result. Max length is 200. This property is read-only. |
| itemDisplayName | String | The item displayName name for the application or configuration. Read-Only. Returned in the action result. Default value is null. The property value cannot be modified and is automatically populated with the action result. Max length is 200. This property is read-only. |
| assignmentItemActionIntent | deviceAssignmentItemIntent | Indicates the IT Admin's intent on the application or configuration when executing this action on the managed device. Intent needs to be set as default value remove in the action POST request parameter. For the application or configuration intended to remove through previous actions but not included in current action, its intent will be reported as restore in the action result. Possible values are: remove, restore. remove intent is default value. This property is read-only. Possible values are: remove, restore, unknownFutureValue. |
| assignmentItemActionStatus | deviceAssignmentItemStatus | Indicates the live status for the application or configuration regarding the executed action on the managed device. Read-Only. Returned in the action result. Possible values are: initiated, inProgress, removed, error, succeeded. initiated status is default value. This property is read-only. Possible values are: initiated, inProgress, removed, error, succeeded, unknownFutureValue. |
| intentActionMessage | String | The intent action message for the application or configuration regarding the executed action on the managed device. When the action is on error, this property provides message on the reason of failure. When the action is in progress, this property provides message on what's being processed on the device. Read-Only. Returned in the action result. Can be null. Max length is 1500. This property is read-only. |
| errorCode | Int64 | The error code for the application or configuration regarding the failed executed action on the managed device. Read-Only. Returned in the action result. 0 is default value and indicates no failure. Valid values -9.22337203685478E+18 to 9.22337203685478E+18. This property is read-only. |
| lastActionDateTime | DateTimeOffset | The date and time when the application or configuration was initiated an action execution. Read-Only. Returned in the action result. The property value cannot be modified and is automatically populated when the action is initiated. The Timestamp type represents date and time information using ISO 8601 format and is always in UTC time. For example, midnight UTC on Jan 1, 2025 would look like this: '2025-01-01T00:00:00Z'. This property is read-only. |
| lastModifiedDateTime | DateTimeOffset | The date and time when the application or configuration was last modified because of either action execution or status change. Read-Only. Returned in the action result. The property value cannot be modified and is automatically populated when the action is initiated or the device has a status change. The Timestamp type represents date and time information using ISO 8601 format and is always in UTC time. For example, midnight UTC on Jan 1, 2025 would look like this: '2025-01-01T00:00:00Z'. This property is read-only. |
Graph reference: deviceCategory
| Property | Type | Description |
|---|---|---|
| id | String | Unique identifier for the device category. Read-only. |
Graph reference: deviceComplianceScript
| Property | Type | Description |
|---|---|---|
| id | String | Unique Identifier for the device compliance script |
| publisher | String | Name of the device compliance script publisher |
| version | String | Version of the device compliance script |
| displayName | String | Name of the device compliance script |
| description | String | Description of the device compliance script |
| detectionScriptContent | Binary | The entire content of the detection powershell script |
| createdDateTime | DateTimeOffset | The timestamp of when the device compliance script was created. This property is read-only. |
| lastModifiedDateTime | DateTimeOffset | The timestamp of when the device compliance script was modified. This property is read-only. |
| runAsAccount | runAsAccountType | Indicates the type of execution context. Possible values are: system, user. |
| enforceSignatureCheck | Boolean | Indicate whether the script signature needs be checked |
| runAs32Bit | Boolean | Indicate whether PowerShell script(s) should run as 32-bit |
| roleScopeTagIds | String collection | List of Scope Tag IDs for the device compliance script |
Graph reference: deviceComplianceScriptDeviceState
| Property | Type | Description |
|---|---|---|
| id | String | Key of the device compliance script device state entity. This property is read-only. |
| detectionState | runState | Detection state from the lastest device compliance script execution. Possible values are: unknown, success, fail, scriptError, pending, notApplicable. |
| lastStateUpdateDateTime | DateTimeOffset | The last timestamp of when the device compliance script executed |
| expectedStateUpdateDateTime | DateTimeOffset | The next timestamp of when the device compliance script is expected to execute |
| lastSyncDateTime | DateTimeOffset | The last time that Intune Managment Extension synced with Intune |
| scriptOutput | String | Output of the detection script |
| scriptError | String | Error from the detection script |
Graph reference: deviceComplianceScriptRunSummary
| Property | Type | Description |
|---|---|---|
| id | String | Key of the device compliance script run summary entity. This property is read-only. |
| noIssueDetectedDeviceCount | Int32 | Number of devices for which the detection script did not find an issue and the device is healthy. Valid values -2147483648 to 2147483647 |
| issueDetectedDeviceCount | Int32 | Number of devices for which the detection script found an issue. Valid values -2147483648 to 2147483647 |
| detectionScriptErrorDeviceCount | Int32 | Number of devices on which the detection script execution encountered an error and did not complete. Valid values -2147483648 to 2147483647 |
| detectionScriptPendingDeviceCount | Int32 | Number of devices which have not yet run the latest version of the device compliance script. Valid values -2147483648 to 2147483647 |
| lastScriptRunDateTime | DateTimeOffset | Last run time for the script across all devices |
Graph reference: deviceCustomAttributeShellScript
| Property | Type | Description |
|---|---|---|
| id | String | Unique Identifier for the custom attribute entity. |
| customAttributeName | String | The name of the custom attribute. |
| customAttributeType | deviceCustomAttributeValueType | The expected type of the custom attribute's value. Possible values are: integer, string, dateTime. |
| displayName | String | Name of the device management script. |
| description | String | Optional description for the device management script. |
| scriptContent | Binary | The script content. |
| createdDateTime | DateTimeOffset | The date and time the device management script was created. This property is read-only. |
| lastModifiedDateTime | DateTimeOffset | The date and time the device management script was last modified. This property is read-only. |
| runAsAccount | runAsAccountType | Indicates the type of execution context. Possible values are: system, user. |
| fileName | String | Script file name. |
| roleScopeTagIds | String collection | List of Scope Tag IDs for this PowerShellScript instance. |
Graph reference: deviceHealthScript
| Property | Type | Description |
|---|---|---|
| id | String | Unique Identifier for the device health script |
| publisher | String | Name of the device health script publisher |
| version | String | Version of the device health script |
| displayName | String | Name of the device health script |
| description | String | Description of the device health script |
| detectionScriptContent | Binary | The entire content of the detection powershell script |
| remediationScriptContent | Binary | The entire content of the remediation powershell script |
| createdDateTime | DateTimeOffset | The timestamp of when the device health script was created. This property is read-only. |
| lastModifiedDateTime | DateTimeOffset | The timestamp of when the device health script was modified. This property is read-only. |
| runAsAccount | runAsAccountType | Indicates the type of execution context. Possible values are: system, user. |
| enforceSignatureCheck | Boolean | Indicate whether the script signature needs be checked |
| runAs32Bit | Boolean | Indicate whether PowerShell script(s) should run as 32-bit |
| roleScopeTagIds | String collection | List of Scope Tag IDs for the device health script |
| isGlobalScript | Boolean | Determines if this is Microsoft Proprietary Script. Proprietary scripts are read-only |
| highestAvailableVersion | String | Highest available version for a Microsoft Proprietary script |
| deviceHealthScriptType | deviceHealthScriptType | DeviceHealthScriptType for the script policy. Possible values are: deviceHealthScript, managedInstallerScript. |
| detectionScriptParameters | deviceHealthScriptParameter collection | List of ComplexType DetectionScriptParameters objects. |
| remediationScriptParameters | deviceHealthScriptParameter collection | List of ComplexType RemediationScriptParameters objects. |
Graph reference: deviceHealthScriptAssignment
| Property | Type | Description |
|---|---|---|
| id | String | Key of the device health script assignment entity. This property is read-only. |
| target | deviceAndAppManagementAssignmentTarget | The Azure Active Directory group we are targeting the script to |
| runRemediationScript | Boolean | Determine whether we want to run detection script only or run both detection script and remediation script |
| runSchedule | deviceHealthScriptRunSchedule | Script run schedule for the target group |
Graph reference: deviceHealthScriptDeviceState
| Property | Type | Description |
|---|---|---|
| id | String | Key of the device health script device state entity. This property is read-only. |
| detectionState | runState | Detection state from the lastest device health script execution. Possible values are: unknown, success, fail, scriptError, pending, notApplicable. |
| lastStateUpdateDateTime | DateTimeOffset | The last timestamp of when the device health script executed |
| expectedStateUpdateDateTime | DateTimeOffset | The next timestamp of when the device health script is expected to execute |
| lastSyncDateTime | DateTimeOffset | The last time that Intune Managment Extension synced with Intune |
| preRemediationDetectionScriptOutput | String | Output of the detection script before remediation |
| preRemediationDetectionScriptError | String | Error from the detection script before remediation |
| remediationScriptError | String | Error output of the remediation script |
| postRemediationDetectionScriptOutput | String | Detection script output after remediation |
| postRemediationDetectionScriptError | String | Error from the detection script after remediation |
| remediationState | remediationState | Remediation state from the lastest device health script execution. Possible values are: unknown, skipped, success, remediationFailed, scriptError, unknownFutureValue. |
| assignmentFilterIds | String collection | A list of the assignment filter ids used for health script applicability evaluation |
Graph reference: deviceHealthScriptParameter
| Property | Type | Description |
|---|---|---|
| name | String | The name of the param |
| description | String | The description of the param |
| isRequired | Boolean | Whether the param is required |
| applyDefaultValueWhenNotAssigned | Boolean | Whether Apply DefaultValue When Not Assigned |
Graph reference: deviceHealthScriptPolicyState
| Property | Type | Description |
|---|---|---|
| id | String | Key of the device health script policy state is a concatenation of the MT sideCar policy Id and Intune device Id |
| deviceId | String | The Intune device Id |
| policyId | String | The MT sideCar policy Id |
| deviceName | String | Display name of the device |
| policyName | String | Display name of the device health script |
| userName | String | Name of the user whom ran the device health script |
| osVersion | String | Value of the OS Version in string |
| detectionState | runState | Detection state from the lastest device health script execution. Possible values are: unknown, success, fail, scriptError, pending, notApplicable. |
| lastStateUpdateDateTime | DateTimeOffset | The last timestamp of when the device health script executed |
| expectedStateUpdateDateTime | DateTimeOffset | The next timestamp of when the device health script is expected to execute |
| lastSyncDateTime | DateTimeOffset | The last time that Intune Managment Extension synced with Intune |
| preRemediationDetectionScriptOutput | String | Output of the detection script before remediation |
| preRemediationDetectionScriptError | String | Error from the detection script before remediation |
| remediationScriptError | String | Error output of the remediation script |
| postRemediationDetectionScriptOutput | String | Detection script output after remediation |
| postRemediationDetectionScriptError | String | Error from the detection script after remediation |
| remediationState | remediationState | Remediation state from the lastest device health script execution. Possible values are: unknown, skipped, success, remediationFailed, scriptError, unknownFutureValue. |
| assignmentFilterIds | String collection | A list of the assignment filter ids used for health script applicability evaluation |
Graph reference: deviceHealthScriptRemediationHistory
| Property | Type | Description |
|---|---|---|
| lastModifiedDateTime | DateTimeOffset | The date on which the results history is calculated for the healthscript. |
| historyData | deviceHealthScriptRemediationHistoryData collection | The number of devices remediated by the device health script on the given date. |
Graph reference: deviceHealthScriptRemediationSummary
| Property | Type | Description |
|---|---|---|
| scriptCount | Int32 | The number of device health scripts deployed. |
| remediatedDeviceCount | Int32 | The number of devices remediated by device health scripts. |
Graph reference: deviceHealthScriptRunSchedule
| Property | Type | Description |
|---|---|---|
| interval | Int32 | The x value of every x hours for hourly schedule, every x days for Daily Schedule, every x weeks for weekly schedule, every x months for Monthly Schedule. Valid values 1 to 23 |
Graph reference: deviceHealthScriptRunSummary
| Property | Type | Description |
|---|---|---|
| id | String | Key of the device health script run summary entity. This property is read-only. |
| noIssueDetectedDeviceCount | Int32 | Number of devices for which the detection script did not find an issue and the device is healthy |
| issueDetectedDeviceCount | Int32 | Number of devices for which the detection script found an issue |
| detectionScriptErrorDeviceCount | Int32 | Number of devices on which the detection script execution encountered an error and did not complete |
| detectionScriptPendingDeviceCount | Int32 | Number of devices which have not yet run the latest version of the device health script |
| detectionScriptNotApplicableDeviceCount | Int32 | Number of devices for which the detection script was not applicable |
| issueRemediatedDeviceCount | Int32 | Number of devices for which the remediation script was able to resolve the detected issue |
| remediationSkippedDeviceCount | Int32 | Number of devices for which remediation was skipped |
| issueReoccurredDeviceCount | Int32 | Number of devices for which the remediation script executed successfully but failed to resolve the detected issue |
| remediationScriptErrorDeviceCount | Int32 | Number of devices for which the remediation script execution encountered an error and did not complete |
| lastScriptRunDateTime | DateTimeOffset | Last run time for the script across all devices |
| issueRemediatedCumulativeDeviceCount | Int32 | Number of devices that were remediated over the last 30 days |
Graph reference: intune-devices-devicehealthscripttype
Graph reference: deviceLogCollectionResponse
| Property | Type | Description |
|---|---|---|
| id | String | The unique identifier in the form of tenantId_deviceId_requestId. |
| status | appLogUploadState | Indicates the status for the app log collection request if it is pending, completed or failed, Default is pending. Possible values are: pending, completed, failed, unknownFutureValue. |
| managedDeviceId | Guid | Indicates Intune device unique identifier. |
| requestedDateTimeUTC | DateTimeOffset | The DateTime of the request. |
| receivedDateTimeUTC | DateTimeOffset | The DateTime the request was received. |
| initiatedByUserPrincipalName | String | The UPN for who initiated the request. |
| expirationDateTimeUTC | DateTimeOffset | The DateTime of the expiration of the logs. |
| sizeInKB | Double | The size of the logs in KB. Valid values -1.79769313486232E+308 to 1.79769313486232E+308 |
| enrolledByUser | String | The User Principal Name (UPN) of the user that enrolled the device. |
Graph reference: deviceManagement
| Property | Type | Description |
|---|---|---|
| id | String | Unique Identifier for the device |
| subscriptionState | deviceManagementSubscriptionState | Tenant mobile device management subscription state. Possible values are: pending, active, warning, disabled, deleted, blocked, lockedOut. |
| deviceProtectionOverview | deviceProtectionOverview | Device protection overview. |
| windowsMalwareOverview | windowsMalwareOverview | Malware overview for windows devices. |
| userExperienceAnalyticsSettings | userExperienceAnalyticsSettings | User experience analytics device settings |
Graph reference: deviceManagementScript
| Property | Type | Description |
|---|---|---|
| enforceSignatureCheck | Boolean | Indicate whether the script signature needs be checked. |
| runAs32Bit | Boolean | A value indicating whether the PowerShell script should run as 32-bit |
| id | String | Unique Identifier for the device management script. |
| displayName | String | Name of the device management script. |
| description | String | Optional description for the device management script. |
| scriptContent | Binary | The script content. |
| createdDateTime | DateTimeOffset | The date and time the device management script was created. This property is read-only. |
| lastModifiedDateTime | DateTimeOffset | The date and time the device management script was last modified. This property is read-only. |
| runAsAccount | runAsAccountType | Indicates the type of execution context. Possible values are: system, user. |
| fileName | String | Script file name. |
| roleScopeTagIds | String collection | List of Scope Tag IDs for this PowerShellScript instance. |
Graph reference: deviceManagementScriptAssignment
| Property | Type | Description |
|---|---|---|
| id | String | Key of the device management script group assignment entity. This property is read-only. |
| target | deviceAndAppManagementAssignmentTarget | The Id of the Azure Active Directory group we are targeting the script to. |
Graph reference: deviceManagementScriptDeviceState
| Property | Type | Description |
|---|---|---|
| id | String | Key of the device management script device state entity. This property is read-only. |
| runState | runState | State of latest run of the device management script. Possible values are: unknown, success, fail, scriptError, pending, notApplicable. |
| resultMessage | String | Details of execution output. |
| lastStateUpdateDateTime | DateTimeOffset | Latest time the device management script executes. |
| errorCode | Int32 | Error code corresponding to erroneous execution of the device management script. |
| errorDescription | String | Error description corresponding to erroneous execution of the device management script. |
Graph reference: deviceManagementScriptGroupAssignment
| Property | Type | Description |
|---|---|---|
| id | String | Key of the device management script group assignment entity. This property is read-only. |
| targetGroupId | String | The Id of the Azure Active Directory group we are targeting the script to. |
Graph reference: deviceManagementScriptRunSummary
| Property | Type | Description |
|---|---|---|
| id | String | Key of the device management script run summary entity. This property is read-only. |
| successDeviceCount | Int32 | Success device count. |
| errorDeviceCount | Int32 | Error device count. |
| successUserCount | Int32 | Success user count. |
| errorUserCount | Int32 | Error user count. |
Graph reference: deviceManagementScriptUserState
| Property | Type | Description |
|---|---|---|
| id | String | Key of the device management script user state entity. This property is read-only. |
| successDeviceCount | Int32 | Success device count for specific user. |
| errorDeviceCount | Int32 | Error device count for specific user. |
| userPrincipalName | String | User principle name of specific user. |
Graph reference: deviceScopeActionResult
| Property | Type | Description |
|---|---|---|
| deviceScopeAction | deviceScopeAction | The triggered action name. Possible values are: . |
| deviceScopeId | String | The unique identifier of the device scope the action was triggered on. |
| status | deviceScopeActionStatus | Indicates the status of the attempt device scope action. When succeeded, the action was succeessfully triggered, When failed, the action was failed to trigger. Possible values are: failed, succeeded, unknownFutureValue. |
| failedMessage | String | The message indicates the reason the device scope action failed to trigger. |
Graph reference: deviceShellScript
| Property | Type | Description |
|---|---|---|
| executionFrequency | Duration | The interval for script to run. If not defined the script will run once |
| retryCount | Int32 | Number of times for the script to be retried if it fails |
| blockExecutionNotifications | Boolean | Does not notify the user a script is being executed |
| id | String | Unique Identifier for the device management script. |
| displayName | String | Name of the device management script. |
| description | String | Optional description for the device management script. |
| scriptContent | Binary | The script content. |
| createdDateTime | DateTimeOffset | The date and time the device management script was created. This property is read-only. |
| lastModifiedDateTime | DateTimeOffset | The date and time the device management script was last modified. This property is read-only. |
| runAsAccount | runAsAccountType | Indicates the type of execution context. Possible values are: system, user. |
| fileName | String | Script file name. |
| roleScopeTagIds | String collection | List of Scope Tag IDs for this PowerShellScript instance. |
Graph reference: intune-devices-globaldevicehealthscriptstate
Graph reference: malwareStateForWindowsDevice
| Property | Type | Description |
|---|---|---|
| id | String | The unique Identifier. This is device id. |
| deviceName | String | Indicates the name of the device being evaluated for malware state |
| executionState | windowsMalwareExecutionState | Indicates execution status of the malware. Possible values are: unknown, blocked, allowed, running, notRunning. Defaults to unknown. Possible values are: unknown, blocked, allowed, running, notRunning. |
| threatState | windowsMalwareThreatState | Indicates threat status of the malware. Possible values are: active, actionFailed, manualStepsRequired, fullScanRequired, rebootRequired, remediatedWithNonCriticalFailures, quarantined, removed, cleaned, allowed, noStatusCleared. defaults to noStatusCleared. Possible values are: active, actionFailed, manualStepsRequired, fullScanRequired, rebootRequired, remediatedWithNonCriticalFailures, quarantined, removed, cleaned, allowed, noStatusCleared. |
| initialDetectionDateTime | DateTimeOffset | Initial detection datetime of the malware |
| lastStateChangeDateTime | DateTimeOffset | The last time this particular threat was changed |
| detectionCount | Int32 | Indicates the number of times the malware is detected |
Graph reference: managedDevice
| Property | Type | Description |
|---|---|---|
| id | String | Unique Identifier for the device. This property is read-only. |
| userId | String | Unique Identifier for the user associated with the device. This property is read-only. |
| deviceName | String | Name of the device. This property is read-only. |
| managedDeviceOwnerType | managedDeviceOwnerType | Ownership of the device. Can be 'company' or 'personal'. Possible values are: unknown, company, personal. |
| deviceActionResults | deviceActionResult collection | List of ComplexType deviceActionResult objects. This property is read-only. |
| enrolledDateTime | DateTimeOffset | Enrollment time of the device. Supports $filter operator 'lt' and 'gt'. This property is read-only. |
| lastSyncDateTime | DateTimeOffset | The date and time that the device last completed a successful sync with Intune. Supports $filter operator 'lt' and 'gt'. This property is read-only. |
| operatingSystem | String | Operating system of the device. Windows, iOS, etc. This property is read-only. |
| complianceState | complianceState | Compliance state of the device. Examples: Compliant, Conflict, Error, etc. Default is unknown. Supports $filter operator 'eq' and 'or'. This property is read-only. Possible values are: unknown, compliant, noncompliant, conflict, error, inGracePeriod, configManager. |
| jailBroken | String | Whether the device is jail broken or rooted. Default is an empty string. Supports $filter operator 'eq' and 'or'. This property is read-only. |
| managementAgent | managementAgentType | Management channel of the device. Examples: Intune, EAS, etc. Default is unknown. Supports $filter operator 'eq' and 'or'. This property is read-only. Possible values are: eas, mdm, easMdm, intuneClient, easIntuneClient, configurationManagerClient, configurationManagerClientMdm, configurationManagerClientMdmEas, unknown, jamf, googleCloudDevicePolicyController. |
| osVersion | String | Operating system version of the device. This property is read-only. |
| easActivated | Boolean | Whether the device is Exchange ActiveSync activated. This property is read-only. |
| easDeviceId | String | Exchange ActiveSync Id of the device. This property is read-only. |
| easActivationDateTime | DateTimeOffset | Exchange ActivationSync activation time of the device. This property is read-only. |
| azureADRegistered | Boolean | Whether the device is Azure Active Directory registered. This property is read-only. |
| deviceEnrollmentType | deviceEnrollmentType | Enrollment type of the device. This property is read-only. Possible values are: unknown, userEnrollment, deviceEnrollmentManager, appleBulkWithUser, appleBulkWithoutUser, windowsAzureADJoin, windowsBulkUserless, windowsAutoEnrollment, windowsBulkAzureDomainJoin, windowsCoManagement, windowsAzureADJoinUsingDeviceAuth, appleUserEnrollment, appleUserEnrollmentWithServiceAccount. |
| activationLockBypassCode | String | The code that allows the Activation Lock on managed device to be bypassed. Default, is Null (Non-Default property) for this property when returned as part of managedDevice entity in LIST call. To retrieve actual values GET call needs to be made, with device id and included in select parameter. Supports: $select. $Search is not supported. Read-only. This property is read-only. |
| emailAddress | String | Email(s) for the user associated with the device. This property is read-only. |
| azureADDeviceId | String | The unique identifier for the Azure Active Directory device. Read only. This property is read-only. |
| deviceRegistrationState | deviceRegistrationState | Device registration state. This property is read-only. Possible values are: notRegistered, registered, revoked, keyConflict, approvalPending, certificateReset, notRegisteredPendingEnrollment, unknown. |
| deviceCategoryDisplayName | String | Device category display name. Default is an empty string. Supports $filter operator 'eq' and 'or'. This property is read-only. |
| isSupervised | Boolean | Device supervised status. This property is read-only. |
| exchangeLastSuccessfulSyncDateTime | DateTimeOffset | Last time the device contacted Exchange. This property is read-only. |
| exchangeAccessState | deviceManagementExchangeAccessState | The Access State of the device in Exchange. This property is read-only. Possible values are: none, unknown, allowed, blocked, quarantined. |
| exchangeAccessStateReason | deviceManagementExchangeAccessStateReason | The reason for the device's access state in Exchange. This property is read-only. Possible values are: none, unknown, exchangeGlobalRule, exchangeIndividualRule, exchangeDeviceRule, exchangeUpgrade, exchangeMailboxPolicy, other, compliant, notCompliant, notEnrolled, unknownLocation, mfaRequired, azureADBlockDueToAccessPolicy, compromisedPassword, deviceNotKnownWithManagedApp. |
| remoteAssistanceSessionUrl | String | Url that allows a Remote Assistance session to be established with the device. Default is an empty string. To retrieve actual values GET call needs to be made, with device id and included in select parameter. This property is read-only. |
| remoteAssistanceSessionErrorDetails | String | An error string that identifies issues when creating Remote Assistance session objects. This property is read-only. |
| isEncrypted | Boolean | Device encryption status. This property is read-only. |
| userPrincipalName | String | Device user principal name. This property is read-only. |
| model | String | Model of the device. This property is read-only. |
| manufacturer | String | Manufacturer of the device. This property is read-only. |
| imei | String | IMEI. This property is read-only. |
| complianceGracePeriodExpirationDateTime | DateTimeOffset | The DateTime when device compliance grace period expires. This property is read-only. |
| serialNumber | String | SerialNumber. This property is read-only. |
| phoneNumber | String | Phone number of the device. This property is read-only. |
| androidSecurityPatchLevel | String | Android security patch level. This property is read-only. |
| userDisplayName | String | User display name. This property is read-only. |
| configurationManagerClientEnabledFeatures | configurationManagerClientEnabledFeatures | ConfigrMgr client enabled features. This property is read-only. |
| wiFiMacAddress | String | Wi-Fi MAC. This property is read-only. |
| deviceHealthAttestationState | deviceHealthAttestationState | The device health attestation state. This property is read-only. |
| subscriberCarrier | String | Subscriber Carrier. This property is read-only. |
| meid | String | MEID. This property is read-only. |
| totalStorageSpaceInBytes | Int64 | Total Storage in Bytes. This property is read-only. |
| freeStorageSpaceInBytes | Int64 | Free Storage in Bytes. Default value is 0. Read-only. This property is read-only. |
| managedDeviceName | String | Automatically generated name to identify a device. Can be overwritten to a user friendly name. |
| partnerReportedThreatState | managedDevicePartnerReportedHealthState | Indicates the threat state of a device when a Mobile Threat Defense partner is in use by the account and device. Read Only. This property is read-only. Possible values are: unknown, activated, deactivated, secured, lowSeverity, mediumSeverity, highSeverity, unresponsive, compromised, misconfigured. |
| requireUserEnrollmentApproval | Boolean | Reports if the managed iOS device is user approval enrollment. This property is read-only. |
| managementCertificateExpirationDate | DateTimeOffset | Reports device management certificate expiration date. This property is read-only. |
| iccid | String | Integrated Circuit Card Identifier, it is A SIM card's unique identification number. Default is an empty string. To retrieve actual values GET call needs to be made, with device id and included in select parameter. Supports: $select. $Search is not supported. Read-only. This property is read-only. |
| udid | String | Unique Device Identifier for iOS and macOS devices. Default is an empty string. To retrieve actual values GET call needs to be made, with device id and included in select parameter. Supports: $select. $Search is not supported. Read-only. This property is read-only. |
| notes | String | Notes on the device created by IT Admin. Default is null. To retrieve actual values GET call needs to be made, with device id and included in select parameter. Supports: $select. $Search is not supported. |
| ethernetMacAddress | String | Indicates Ethernet MAC Address of the device. Default, is Null (Non-Default property) for this property when returned as part of managedDevice entity. Individual get call with select query options is needed to retrieve actual values. Example: deviceManagement/managedDevices({managedDeviceId})?$select=ethernetMacAddress Supports: $select. $Search is not supported. Read-only. This property is read-only. |
| physicalMemoryInBytes | Int64 | Total Memory in Bytes. Default is 0. To retrieve actual values GET call needs to be made, with device id and included in select parameter. Supports: $select. Read-only. This property is read-only. |
| enrollmentProfileName | String | Name of the enrollment profile assigned to the device. Default value is empty string, indicating no enrollment profile was assgined. This property is read-only. |
Graph reference: managedDeviceCleanupRule
| Property | Type | Description |
|---|---|---|
| id | String | Indicates the identifier of the device cleanup rule. This id is assigned at the time when the device cleanup rule is created. Read-only. |
| displayName | String | Indicates the display name of the device cleanup rule. |
| description | String | Indicates the description for the device clean up rule. |
| deviceCleanupRulePlatformType | deviceCleanupRulePlatformType | Indicates the managed device platform for which the admin wants to create the device clean up rule. Possible values are: all, androidAOSP, androidDeviceAdministrator, androidDedicatedAndFullyManagedCorporateOwnedWorkProfile, chromeOS, androidPersonallyOwnedWorkProfile, ios, macOS, windows, windowsHolographic, unknownFutureValue. |
| lastModifiedDateTime | DateTimeOffset | Indicates the date and time when the device cleanup rule was last modified. This property is read-only. |
| deviceInactivityBeforeRetirementInDays | Int32 | Indicates the number of days when the device has not contacted Intune. Valid values 0 to 2147483647 |
Graph reference: managedDeviceOverview
| Property | Type | Description |
|---|---|---|
| id | String | Unique Identifier for the summary |
| enrolledDeviceCount | Int32 | Total enrolled device count. Does not include PC devices managed via Intune PC Agent |
| mdmEnrolledCount | Int32 | The number of devices enrolled in MDM |
| dualEnrolledDeviceCount | Int32 | The number of devices enrolled in both MDM and EAS |
| deviceOperatingSystemSummary | deviceOperatingSystemSummary | Device operating system summary. |
| deviceExchangeAccessStateSummary | deviceExchangeAccessStateSummary | Distribution of Exchange Access State in Intune |
Graph reference: intune-devices-manageddeviceremoteaction
Graph reference: mobileAppTroubleshootingEvent
| Property | Type | Description |
|---|---|---|
| id | String | The GUID for the object |
Graph reference: powerliftAppDiagnosticDownloadRequest
| Property | Type | Description |
|---|---|---|
| powerliftId | String | The unique id for the request that serves as an identifer for the diagnostic to be downloaded. |
| files | String collection | The list of files to download which is associated with the diagnostic. |
Graph reference: powerliftDownloadRequest
| Property | Type | Description |
|---|---|---|
| powerliftId | Guid | The unique id for the request |
| files | String collection | The list of files to download |
Graph reference: powerliftIncidentDetail
| Property | Type | Description | |
|---|---|---|---|
| powerliftId | String | The unique identifier of the app diagnostic. This id is assigned to a diagnostic when it is uploaded to Powerlift. Example: 8520467a-49a9-44a4-8447-8dfb8bec6726 | |
| easyId | String | The unique app diagnostic identifier as a user friendly 8 character hexadecimal string. This id is smaller compared to the powerliftId. Th Example: 8520467A | |
| createdDateTime | DateTimeOffset | The time the app diagnostic was created. The value cannot be modified and is automatically populated when the diagnostic is uploaded. The Timestamp type represents date and time information using ISO 8601 format and is always in UTC time.Example: 2022-04-19T17:24:45.313Z | |
| platformDisplayName | String | The operating system of the device from which diagnostics are collected. Example: iOS | |
| applicationName | String | TThe name of the application for which the diagnostic is collected. Example: com.microsoft.CompanyPortal | No |
| clientApplicationVersion | String | The version of the application for which the diagnostic is collected. Example: 5.2203.1 | |
| locale | String | The locale information of the application for which the diagnostic is collected. Example: en-US | |
| fileNames | String collection | A list of files that are associated with the diagnostic. |
Graph reference: powerliftIncidentMetadata
| Property | Type | Description |
|---|---|---|
| powerliftId | Guid | The unique identifier of the app diagnostic. Example: 8520467a-49a9-44a4-8447-8dfb8bec6726 |
| easyId | String | The unique app diagnostic identifier as a user friendly 8 character hexadecimal string. Example: 8520467A |
| createdAtDateTime | DateTimeOffset | The time the app diagnostic was created. Example: 2022-04-19T17:24:45.313Z |
| platform | String | The device's OS the diagnostic is from. Example: iOS |
| application | String | The name of the application the diagnostic is from. Example: com.microsoft.CompanyPortal |
| clientVersion | String | The version of the application. Example: 5.2203.1 |
| locale | String | The locale information of the application. Example: en-US |
| fileNames | String collection | A list of files that are associated with the diagnostic. |
Graph reference: privilegeManagementElevation
| Property | Type | Description |
|---|---|---|
| id | String | The unique identifier of the managed elevation event. This will be a Guid generated based on the deviceId and eventDateTime. Example: {7C1E0E13-D91F-4411-A164-AB5A330E87C7} |
| deviceId | String | The Intune deviceId. Unique identifier for the managed device. Example: 92ce5047-9553-4731-817f-9b401a999a1b |
| deviceName | String | The name associated with the device in the intune database. Example: JOHNDOE-LAPTOP. |
| eventDateTime | DateTimeOffset | The date and time when the application was elevated. Example:2014-01-01T00:00:00Z |
| elevationType | privilegeManagementElevationType | Indicates the type of elevation on the application. Possible values are undetermined, unmanagedElevation, zeroTouchElevation, userConfirmedElevation, and supportApprovedElevation. Defaults to undetermined. Possible values are: undetermined, unmanagedElevation, zeroTouchElevation, userConfirmedElevation, supportApprovedElevation, unknownFutureValue. |
| filePath | String | The full file path of the application including the filename and file extension. Example: C:\Program Files\vscode.exe |
| upn | String | The User Principal Name of the user who performed the elevation. Example: [email protected] |
| userType | privilegeManagementEndUserType | The type of account performed the elevation on Windows. Possible values are: undetermined, azureAd, hybrid, and local. Defaults to undetermined. Possible values are: undetermined, azureAd, hybrid, local, unknownFutureValue. |
| productName | String | The product name of the application. This value is set by the creator of the application. Example: Visual Studio |
| companyName | String | The company name of the application. This value is set by the creator of the application. Example: Microsoft Corporation |
| fileVersion | String | The version of the application. This value is set by the creator of the application. Example: 6.2211.1035.1000 |
| justification | String | The justification to elevate the application. This is an input by the user when the privilegeManagementElevationType is of type userConfirmedElevation or support approved elevation. This will be null in all other scenarios. The length is capped at 256 char, enforced on the client side. Example: To install debug tool.. |
| hash | String | The sha256 hash of the application. Example: 32c220482c68413fbf8290e3b1e49b0a85901cfcd62ab0738760568a2a6e8a57 |
| internalName | String | The internal name of the application. This value is set by the creator of the application. Example: VS code |
| fileDescription | String | The file description of the application. This value is set by the creator of the application. Example: Editor of multiple coding languages. |
| certificatePayload | String | The certificate payload of the application. This is computed by hashing the certificate information on the client. Example: 32c220482c68413fbf8290e3b1e49b0a85901cfcd62ab0738760568a2a6e8a50 |
| result | Int32 | The result of the elevation action with 0 being success, and everything else being exit code if the elevation was unsuccessful. The value will always be 0 on all unmanaged elevation. Example: 0. Valid values 0 to 2147483647 |
| processType | privilegeManagementProcessType | Indicates the type of process that is elevated. Possible values are undefined, parent and child. Possible values are: undefined, parent, child, unknownFutureValue. |
| ruleId | String | Unique identifier of the rule configured to run the application with elevated access |
| parentProcessName | String | The name of parent process associated with the elevated process. This is always populated for both parent and child process types |
| policyId | String | Unique Identifier of the policy configured to run the application with elevated access |
| policyName | String | The name of the policy configured to run the application in elevated access |
| systemInitiatedElevation | Boolean | To identify if the elevation is initiated by system or user interaction |
Graph reference: intune-devices-remediationstate
Graph reference: remoteActionAudit
| Property | Type | Description |
|---|---|---|
| id | String | Report Id. |
| deviceDisplayName | String | Intune device name. |
| userName | String | [deprecated] Please use InitiatedByUserPrincipalName instead. |
| initiatedByUserPrincipalName | String | User who initiated the device action, format is UPN. |
| action | remoteAction | The action name. Possible values are: unknown, factoryReset, removeCompanyData, resetPasscode, remoteLock, enableLostMode, disableLostMode, locateDevice, rebootNow, recoverPasscode, cleanWindowsDevice, logoutSharedAppleDeviceActiveUser, quickScan, fullScan, windowsDefenderUpdateSignatures, factoryResetKeepEnrollmentData, updateDeviceAccount, automaticRedeployment, shutDown, rotateBitLockerKeys, rotateFileVaultKey, getFileVaultKey, setDeviceName, activateDeviceEsim, deprovision, disable, reenable, moveDeviceToOrganizationalUnit, initiateMobileDeviceManagementKeyRecovery, initiateOnDemandProactiveRemediation, rotateLocalAdminPassword, unknownFutureValue, launchRemoteHelp, revokeAppleVppLicenses, removeDeviceFirmwareConfigurationInterfaceManagement, pauseConfigurationRefresh, initiateDeviceAttestation, changeAssignments, delete. |
| requestDateTime | DateTimeOffset | Time when the action was issued, given in UTC. |
| deviceOwnerUserPrincipalName | String | Upn of the device owner. |
| deviceIMEI | String | IMEI of the device. |
| actionState | actionState | Action state. Possible values are: none, pending, canceled, active, done, failed, notSupported. |
| managedDeviceId | String | Action target. |
| deviceActionDetails | keyValuePair_2OfString_String collection | DeviceAction details |
| deviceActionCategory | deviceActionCategory | DeviceAction category. Possible values are: single, bulk. |
| bulkDeviceActionId | String | BulkAction ID |
Graph reference: tenantAttachRBAC
| Property | Type | Description |
|---|---|---|
| id | String | Unique identifier for this entity |
Graph reference: tenantAttachRBACState
| Property | Type | Description |
|---|---|---|
| enabled | Boolean | Indicates whether the tenant is enabled for Tenant Attach with role management. TRUE if enabled, FALSE if the Tenant Attach with rolemanagement is disabled. |
Graph reference: user
| Property | Type | Description |
|---|---|---|
| id | String | Unique identifier of the user. |
Graph reference: userExperienceAnalyticsAnomaly
| Property | Type | Description |
|---|---|---|
| id | String | The unique identifier for the user experience analytics anomaly device object. |
| anomalyId | String | The unique identifier of the anomaly. |
| anomalyName | String | The name of the anomaly. |
| deviceImpactedCount | Int32 | The number of devices impacted by the anomaly. Valid values -2147483648 to 2147483647 |
| severity | userExperienceAnalyticsAnomalySeverity | The severity of the anomaly. Possible values are: high, medium, low, informational or other. Possible values are: high, medium, low, informational, other, unknownFutureValue. |
| state | userExperienceAnalyticsAnomalyState | The state of the anomaly. Possible values are: new, active, disabled, removed or other. Possible values are: new, active, disabled, removed, other, unknownFutureValue. |
| anomalyType | userExperienceAnalyticsAnomalyType | The category of the anomaly. Possible values are: device, application, stopError, driver or other. Possible values are: device, application, stopError, driver, other, unknownFutureValue. |
| anomalyFirstOccurrenceDateTime | DateTimeOffset | Indicates the first occurrence date and time for the anomaly. |
| anomalyLatestOccurrenceDateTime | DateTimeOffset | Indicates the latest occurrence date and time for the anomaly. |
| detectionModelId | String | The unique identifier of the anomaly detection model. |
| issueId | String | The unique identifier of the anomaly detection model. |
| assetName | String | The name of the application or module that caused the anomaly. |
| assetVersion | String | The version of the application or module that caused the anomaly. |
| assetPublisher | String | The publisher of the application or module that caused the anomaly. |
Graph reference: userExperienceAnalyticsAnomalyCorrelationGroupOverview
| Property | Type | Description |
|---|---|---|
| id | String | The unique identifier for the user experience analytics anomaly correlation group overview object. |
| anomalyId | String | The unique identifier of the anomaly. Anomaly details such as name and type can be found in the UserExperienceAnalyticsAnomalySeverityOverview entity. |
| correlationGroupId | String | The unique identifier for the correlation group which will uniquely identify one of the correlation group within an anomaly. The correlation Id can be mapped to the correlation group name by concatinating the correlation group features. Example of correlation group name which is the indicative of concatenated features names are for names, Contoso manufacture 4.4.1 and Windows 11.22621.1485. |
| correlationGroupFeatures | userExperienceAnalyticsAnomalyCorrelationGroupFeature collection | Describes the features of a device that are shared between all devices in a correlation group. |
| correlationGroupPrevalence | userExperienceAnalyticsAnomalyCorrelationGroupPrevalence | The prevalence of the correlation group. Possible values are: high, medium or low. Possible values are: high, medium, low, unknownFutureValue. |
| correlationGroupPrevalencePercentage | Double | The percentage of the devices in the correlation group that are anomalous. Valid values -1.79769313486232E+308 to 1.79769313486232E+308 |
| totalDeviceCount | Int32 | Indicates the total number of devices in the tenant. Valid values -2147483648 to 2147483647 |
| anomalyCorrelationGroupCount | Int32 | Indicates the number of correlation groups in the anomaly. Valid values -2147483648 to 2147483647 |
| correlationGroupDeviceCount | Int32 | Indicates the total number of devices in a correlation group. Valid values -2147483648 to 2147483647 |
| correlationGroupAnomalousDeviceCount | Int32 | Indicates the total number of devices affected by the anomaly in the correlation group. Valid values -2147483648 to 2147483647 |
| correlationGroupAtRiskDeviceCount | Int32 | Indicates the total number of devices at risk in the correlation group. Valid values -2147483648 to 2147483647 |
Graph reference: userExperienceAnalyticsAnomalyDevice
| Property | Type | Description |
|---|---|---|
| id | String | The unique identifier for the user experience analytics anomaly device object. |
| deviceId | String | The unique identifier of the device. |
| deviceName | String | The name of the device. |
| deviceModel | String | The model name of the device. |
| deviceManufacturer | String | The manufacturer name of the device. |
| osName | String | The name of the OS installed on the device. |
| osVersion | String | The OS version installed on the device. |
| anomalyId | String | The unique identifier of the anomaly. |
| anomalyOnDeviceFirstOccurrenceDateTime | DateTimeOffset | Indicates the first occurance date and time for the anomaly on the device. |
| anomalyOnDeviceLatestOccurrenceDateTime | DateTimeOffset | Indicates the latest occurance date and time for the anomaly on the device. |
| correlationGroupId | String | The unique identifier of the correlation group. |
| deviceStatus | userExperienceAnalyticsDeviceStatus | Indicates the device status with respect to the correlation group. At risk devices are devices that share correlation group features but may not yet be affected by an anomaly, such as when a device is experiencing crashes on an application but that application has not been used on the device but is currently installed. This could lead to the device becoming anomalous if the application in question were to be used. Possible values are: anomolous, affected or atRisk. Possible values are: anomalous, affected, atRisk, unknownFutureValue. |
Graph reference: userExperienceAnalyticsAppHealthApplicationPerformance
| Property | Type | Description |
|---|---|---|
| id | String | The unique identifier of the user experience analytics application performance object. Supports: $select, $OrderBy. Read-only. |
| appHangCount | Int32 | The number of hangs for the application. Supports: $select, $OrderBy. Read-only. Valid values -2147483648 to 2147483647 |
| appHealthScore | Double | The health score of the application. Valid values 0 to 100. Supports: $filter, $select, $OrderBy. Read-only. Valid values -1.79769313486232E+308 to 1.79769313486232E+308 |
| appHealthStatus | String | The overall health status of the application. Read-only. |
| allOrgsHealthScore | Double | The median health score of the application across all organizations. Read-only. Valid values -1.79769313486232E+308 to 1.79769313486232E+308 |
| activeDeviceCount | Int32 | The health score of the application. Valid values 0 to 100. Supports: $filter, $select, $OrderBy. Read-only. Valid values -2147483648 to 2147483647 |
| appName | String | The name of the application. Possible values are: outlook.exe, excel.exe. Supports: $select, $OrderBy. Read-only. |
| appDisplayName | String | The friendly name of the application. Possible values are: Outlook, Excel. Supports: $select, $OrderBy. Read-only. |
| appPublisher | String | The publisher of the application. Supports: $select, $OrderBy. Read-only. |
| appUsageDuration | Int32 | The total usage time of the application in minutes. Valid values 0 to 2147483647. Supports: $select, $OrderBy. Read-only. Valid values -2147483648 to 2147483647 |
| appCrashCount | Int32 | The number of crashes for the application. Valid values 0 to 2147483647. Supports: $select, $OrderBy. Read-only. Valid values -2147483648 to 2147483647 |
| meanTimeToFailureInMinutes | Int32 | The mean time to failure for the application in minutes. Valid values 0 to 2147483647. Supports: $select, $OrderBy. Read-only. Valid values -2147483648 to 2147483647 |
Graph reference: userExperienceAnalyticsAppHealthAppPerformanceByAppVersion
| Property | Type | Description |
|---|---|---|
| id | String | The unique identifier of the user experience analytics app performance object. |
| appVersion | String | The version of the application. |
| appName | String | The name of the application. Possible values are: outlook.exe, excel.exe. Supports: $select, $OrderBy. Read-only. |
| appDisplayName | String | The friendly name of the application. Possible values are: Outlook, Excel. Supports: $select, $OrderBy. Read-only. |
| appPublisher | String | The publisher of the application. Supports: $select, $OrderBy. Read-only. |
| appUsageDuration | Int32 | The total usage time of the application in minutes. Valid values 0 to 2147483647. Supports: $select, $OrderBy. Read-only. Valid values -2147483648 to 2147483647 |
| appCrashCount | Int32 | The number of crashes for the application. Valid values 0 to 2147483647. Supports: $select, $OrderBy. Read-only. Valid values -2147483648 to 2147483647 |
| meanTimeToFailureInMinutes | Int32 | The mean time to failure for the application in minutes. Valid values 0 to 2147483647. Supports: $select, $OrderBy. Read-only. Valid values -2147483648 to 2147483647 |
Graph reference: userExperienceAnalyticsAppHealthAppPerformanceByAppVersionDetails
| Property | Type | Description |
|---|---|---|
| id | String | The unique identifier of the user experience analytics application performance by application version details object. Supports: $select, $OrderBy. Read-only. |
| deviceCountWithCrashes | Int32 | The total number of devices that have reported one or more application crashes for this application and version. Valid values 0 to 2147483647. Supports: $select, $OrderBy. Read-only. Valid values -2147483648 to 2147483647 |
| isMostUsedVersion | Boolean | When TRUE, indicates the version of application is the most used version for that application. When FALSE, indicates the version is not the most used version. FALSE by default. Supports: $select, $OrderBy. Read-only. |
| isLatestUsedVersion | Boolean | When TRUE, indicates the version of application is the latest version for that application that is in use. When FALSE, indicates the version is not the latest version. FALSE by default. Supports: $select, $OrderBy. |
| appName | String | The name of the application. |
| appDisplayName | String | The friendly name of the application. |
| appPublisher | String | The publisher of the application. |
| appVersion | String | The version of the application. |
| appCrashCount | Int32 | The number of crashes for the app. Valid values -2147483648 to 2147483647 |
Graph reference: userExperienceAnalyticsAppHealthAppPerformanceByAppVersionDeviceId
| Property | Type | Description |
|---|---|---|
| id | String | The unique identifier of the user experience analytics application performance by application version device id object. Supports: $select, $OrderBy. Read-only. |
| deviceId | String | The Intune device id of the device. Supports: $select, $OrderBy. Read-only. |
| deviceDisplayName | String | The name of the device. Supports: $select, $OrderBy. Read-only. |
| processedDateTime | DateTimeOffset | The date and time when the statistics were last computed. The value cannot be modified and is automatically populated when the statistics are computed. The Timestamp type represents date and time information using ISO 8601 format and is always in UTC time. For example, midnight UTC on Jan 1, 2022 would look like this: '2022-01-01T00:00:00Z'. Returned by default. Read-only. |
| appName | String | The name of the application. |
| appDisplayName | String | The friendly name of the application. |
| appPublisher | String | The publisher of the application. |
| appVersion | String | The version of the application. |
| appCrashCount | Int32 | The number of crashes for the app. Valid values -2147483648 to 2147483647 |
Graph reference: userExperienceAnalyticsAppHealthAppPerformanceByOSVersion
| Property | Type | Description |
|---|---|---|
| id | String | The unique identifier of the user experience analytics application performance by OS version object. Supports: $select, $OrderBy. Read-only. |
| osVersion | String | The OS version of the application. Supports: $select, $OrderBy. Read-only. |
| osBuildNumber | String | The OS build number of the application. Supports: $select, $OrderBy. Read-only. |
| activeDeviceCount | Int32 | The number of devices where the application has been active. Valid values 0 to 2147483647. Supports: $select, $OrderBy. Read-only. Valid values -2147483648 to 2147483647 |
| appName | String | The name of the application. Possible values are: outlook.exe, excel.exe. Supports: $select, $OrderBy. Read-only. |
| appDisplayName | String | The friendly name of the application. Possible values are: Outlook, Excel. Supports: $select, $OrderBy. Read-only. |
| appPublisher | String | The publisher of the application. Supports: $select, $OrderBy. Read-only. |
| appUsageDuration | Int32 | The total usage time of the application in minutes. Valid values 0 to 2147483647. Supports: $select, $OrderBy. Read-only. Valid values -2147483648 to 2147483647 |
| appCrashCount | Int32 | The number of crashes for the application. Valid values 0 to 2147483647. Supports: $select, $OrderBy. Read-only. Valid values -2147483648 to 2147483647 |
| meanTimeToFailureInMinutes | Int32 | The mean time to failure for the application in minutes. Valid values 0 to 2147483647. Supports: $select, $OrderBy. Read-only. Valid values -2147483648 to 2147483647 |
Graph reference: userExperienceAnalyticsAppHealthDeviceModelPerformance
| Property | Type | Description |
|---|---|---|
| id | String | The unique identifier of the user experience analytics device model performance object. Supports: $select, $OrderBy. Read-only. |
| deviceModel | String | The model name of the device. Supports: $select, $OrderBy. Read-only. |
| deviceManufacturer | String | The manufacturer name of the device. Supports: $select, $OrderBy. Read-only. |
| activeDeviceCount | Int32 | The number of active devices for the model. Valid values 0 to 2147483647. Supports: $filter, $select, $OrderBy. Read-only. Valid values -2147483648 to 2147483647 |
| meanTimeToFailureInMinutes | Int32 | The mean time to failure for the application in minutes. Valid values 0 to 2147483647. Supports: $filter, $select, $OrderBy. Read-only. Valid values -2147483648 to 2147483647 |
| modelAppHealthScore | Double | The application health score of the device model. Valid values 0 to 100. Supports: $filter, $select, $OrderBy. Read-only. Valid values -1.79769313486232E+308 to 1.79769313486232E+308 |
| modelAppHealthStatus | String | The overall app health status of the device model. |
| healthStatus | userExperienceAnalyticsHealthState | The health state of the user experience analytics model. Possible values are: unknown, insufficientData, needsAttention, meetingGoals. Unknown by default. Supports: $filter, $select, $OrderBy. Read-only. Possible values are: unknown, insufficientData, needsAttention, meetingGoals, unknownFutureValue. |
Graph reference: userExperienceAnalyticsAppHealthDevicePerformance
| Property | Type | Description |
|---|---|---|
| id | String | The unique identifier of the user experience analytics device performance object. Supports: $select, $OrderBy. Read-only. |
| deviceModel | String | The model name of the device. Supports: $select, $OrderBy. Read-only. |
| deviceManufacturer | String | The manufacturer name of the device. Supports: $select, $OrderBy. Read-only. |
| appCrashCount | Int32 | The number of application crashes for the device. Valid values 0 to 2147483647. Supports: $filter, $select, $OrderBy. Read-only. Valid values -2147483648 to 2147483647 |
| crashedAppCount | Int32 | The number of distinct application crashes for the device. Valid values 0 to 2147483647. Supports: $select, $OrderBy. Read-only. Valid values -2147483648 to 2147483647 |
| appHangCount | Int32 | The number of application hangs for the device. Valid values 0 to 2147483647. Supports: $select, $OrderBy. Read-only. Valid values -2147483648 to 2147483647 |
| processedDateTime | DateTimeOffset | The date and time when the statistics were last computed. The value cannot be modified and is automatically populated when the statistics are computed. The Timestamp type represents date and time information using ISO 8601 format and is always in UTC time. For example, midnight UTC on Jan 1, 2022 would look like this: '2022-01-01T00:00:00Z'. Returned by default. Read-only. |
| meanTimeToFailureInMinutes | Int32 | The mean time to failure for the application in minutes. Valid values 0 to 2147483647. Supports: $filter, $select, $OrderBy. Read-only. Valid values -2147483648 to 2147483647 |
| deviceAppHealthScore | Double | The application health score of the device. Valid values 0 to 100. Supports: $filter, $select, $OrderBy. Read-only. Valid values -1.79769313486232E+308 to 1.79769313486232E+308 |
| deviceAppHealthStatus | String | The overall app health status of the device. |
| healthStatus | userExperienceAnalyticsHealthState | The health state of the user experience analytics device. Possible values are: unknown, insufficientData, needsAttention, meetingGoals. Unknown by default. Supports: $filter, $select, $OrderBy. Read-only. Possible values are: unknown, insufficientData, needsAttention, meetingGoals, unknownFutureValue. |
| deviceId | String | The Intune device id of the device. Supports: $select, $OrderBy. Read-only. |
| deviceDisplayName | String | The name of the device. Supports: $select, $OrderBy. Read-only. |
Graph reference: userExperienceAnalyticsAppHealthDevicePerformanceDetails
| Property | Type | Description |
|---|---|---|
| id | String | The unique identifier of the user experience analytics device performance details object. Supports: $select, $OrderBy. Read-only. |
| eventDateTime | DateTimeOffset | The time the event occurred. The value cannot be modified and is automatically populated when the statistics are computed. The Timestamp type represents date and time information using ISO 8601 format and is always in UTC time. For example, midnight UTC on Jan 1, 2022 would look like this: '2022-01-01T00:00:00Z'. Returned by default. Read-only. |
| eventType | String | The type of the event. Supports: $select, $OrderBy. Read-only. |
| appDisplayName | String | The friendly name of the application for which the event occurred. Possible values are: outlook.exe, excel.exe. Supports: $select, $OrderBy. Read-only. |
| appPublisher | String | The publisher of the application. Supports: $select, $OrderBy. Read-only. |
| appVersion | String | The version of the application. Possible values are: 1.0.0.1, 75.65.23.9. Supports: $select, $OrderBy. Read-only. |
| deviceId | String | The Intune device id of the device. Supports: $select, $OrderBy. Read-only. |
| deviceDisplayName | String | The name of the device. Supports: $select, $OrderBy. Read-only. |
Graph reference: userExperienceAnalyticsAppHealthOSVersionPerformance
| Property | Type | Description |
|---|---|---|
| id | String | The unique identifier of the user experience analytics OS version performance object. Supports: $select, $OrderBy. Read-only. |
| osVersion | String | The OS version installed on the device. Supports: $select, $OrderBy. Read-only. |
| osBuildNumber | String | The OS build number installed on the device. Supports: $select, $OrderBy. Read-only. |
| activeDeviceCount | Int32 | The number of active devices for the OS version. Valid values 0 to 2147483647. Supports: $filter, $select, $OrderBy. Read-only. Valid values -2147483648 to 2147483647 |
| meanTimeToFailureInMinutes | Int32 | The mean time to failure for the application in minutes. Valid values 0 to 2147483647. Supports: $filter, $select, $OrderBy. Read-only. Valid values -2147483648 to 2147483647 |
| osVersionAppHealthScore | Double | The application health score of the OS version. Valid values 0 to 100. Supports: $filter, $select, $OrderBy. Read-only. Valid values -1.79769313486232E+308 to 1.79769313486232E+308 |
| osVersionAppHealthStatus | String | The overall app health status of the OS version. |
Graph reference: userExperienceAnalyticsBaseline
| Property | Type | Description |
|---|---|---|
| id | String | The unique identifier of the user experience analytics baseline. |
| displayName | String | The name of the baseline. |
| overallScore | Int32 | The overall score of the user experience analytics baseline. |
| isBuiltIn | Boolean | When TRUE, indicates the current baseline is the commercial median baseline. When FALSE, indicates it is a custom baseline. FALSE by default. |
| createdDateTime | DateTimeOffset | The date the custom baseline was created. The value cannot be modified and is automatically populated when the baseline is created. The Timestamp type represents date and time information using ISO 8601 format and is always in UTC time. For example, midnight UTC on Jan 1, 2014 would look like this: '2014-01-01T00:00:00Z'. Returned by default. |
Graph reference: userExperienceAnalyticsBatteryHealthAppImpact
| Property | Type | Description |
|---|---|---|
| id | String | The unique identifier of the user experience analytics battery app impact object. |
| activeDevices | Int32 | Number of active devices for using that app over a 14-day period. Valid values 0 to 2147483647 |
| appName | String | App name. Eg: oltk.exe |
| appDisplayName | String | User friendly display name for the app. Eg: Outlook |
| appPublisher | String | App publisher. Eg: Microsoft Corporation |
| isForegroundApp | Boolean | true if the user had active interaction with the app. |
| batteryUsagePercentage | Double | The percent of total battery power used by this application when the device was not plugged into AC power, over 14 days computed across all devices in the tenant. Unit in percentage. Valid values 0 to 1.79769313486232E+308 |
Graph reference: userExperienceAnalyticsBatteryHealthCapacityDetails
| Property | Type | Description |
|---|---|---|
| id | String | The unique identifier of the user experience analytics battery health capacity object. |
| activeDevices | Int32 | Number of active devices within the tenant. Valid values 0 to 2147483647 |
| batteryCapacityGood | Int32 | Number of devices whose battery maximum capacity is greater than 80%. Valid values 0 to 2147483647 |
| batteryCapacityFair | Int32 | Number of devices whose battery maximum capacity is greater than 50% but lesser than 80%. Valid values 0 to 2147483647 |
| batteryCapacityPoor | Int32 | Number of devices whose battery maximum capacity is lesser than 50%. Valid values 0 to 2147483647 |
| lastRefreshedDateTime | DateTimeOffset | Recorded date time of this capacity details instance. |
Graph reference: userExperienceAnalyticsBatteryHealthDeviceAppImpact
| Property | Type | Description |
|---|---|---|
| id | String | The unique identifier of the user experience analytics battery device app impact object. |
| deviceId | String | The unique identifier of the device, Intune DeviceID or SCCM device id. |
| appName | String | App name. Eg: oltk.exe |
| appDisplayName | String | User friendly display name for the app. Eg: Outlook |
| appPublisher | String | App publisher. Eg: Microsoft Corporation |
| isForegroundApp | Boolean | true if the user had active interaction with the app. |
| batteryUsagePercentage | Double | The percent of total battery power used by this application when the device was not plugged into AC power, over 14 days. Unit in percentage. Valid values 0 to 1.79769313486232E+308 |
Graph reference: userExperienceAnalyticsBatteryHealthDevicePerformance
| Property | Type | Description |
|---|---|---|
| id | String | The unique identifier of the user experience analytics battery health device performance object. |
| deviceId | String | The unique identifier of the device, Intune DeviceID. |
| deviceName | String | Device friendly name. |
| model | String | The model name of the device. Deprecated in favor of DeviceModelName. |
| manufacturer | String | The manufacturer name of the device. Deprecated in favor of DeviceManufacturerName. |
| deviceModelName | String | The model name of the device. |
| deviceManufacturerName | String | The manufacturer name of the device. |
| maxCapacityPercentage | Int32 | Ratio of current capacity and design capacity of the battery with the lowest capacity. Unit in percentage and values range from 0-100. Valid values 0 to 2147483647 |
| estimatedRuntimeInMinutes | Int32 | The estimated runtime of the device when the battery is fully charged. Unit in minutes. Valid values 0 to 2147483647 |
| batteryAgeInDays | Int32 | Estimated battery age. Unit in days. Valid values 0 to 2147483647 |
| fullBatteryDrainCount | Int32 | Number of times the battery has been discharged an amount that equals 100% of its capacity, but not necessarily by discharging it from 100% to 0%. Valid values 0 to 2147483647 |
| deviceBatteryCount | Int32 | Number of batteries in a user device. Valid values 0 to 2147483647 |
| deviceBatteriesDetails | userExperienceAnalyticsDeviceBatteryDetail collection | Properties (maxCapacity and cycleCount) related to all batteries of the device. |
| deviceBatteryTags | String collection | Tags for computed information on how battery on the device is behaving. E.g. newbattery, batterycapacityred, designcapacityzero, etc. |
| deviceBatteryHealthScore | Int32 | A weighted average of a device’s maximum capacity score and runtime estimate score. Values range from 0-100. Valid values 0 to 2147483647 |
| healthStatus | userExperienceAnalyticsHealthState | The overall battery health status of the device. Possible values are: unknown, insufficientData, needsAttention, meetingGoals, unknownFutureValue. |
Graph reference: userExperienceAnalyticsBatteryHealthDeviceRuntimeHistory
| Property | Type | Description |
|---|---|---|
| id | String | The unique identifier of the user experience analytics battery health runtime object. |
| deviceId | String | The unique identifier of the device, Intune DeviceID or SCCM device id. |
| runtimeDateTime | String | The datetime for the instance of runtime history. |
| estimatedRuntimeInMinutes | Int32 | The estimated runtime of the device when the battery is fully charged. Unit in minutes. Valid values 0 to 2147483647 |
Graph reference: userExperienceAnalyticsBatteryHealthModelPerformance
| Property | Type | Description |
|---|---|---|
| id | String | The unique identifier of the user experience analytics battery health model performance object. |
| activeDevices | Int32 | Number of active devices for that model. Valid values 0 to 2147483647 |
| model | String | The model name of the device. Deprecated in favor of DeviceModelName. |
| manufacturer | String | Name of the device manufacturer. Deprecated in favor of DeviceManufacturerName. |
| deviceModelName | String | The model name of the device. |
| deviceManufacturerName | String | The manufacturer name of the device. |
| averageMaxCapacityPercentage | Int32 | The mean of the maximum capacity for all devices of a given model. Maximum capacity measures the full charge vs. design capacity for a device’s batteries.. Valid values 0 to 2147483647 |
| averageEstimatedRuntimeInMinutes | Int32 | The mean of the estimated runtimes on full charge for all devices of a given model. Unit in minutes. Valid values 0 to 2147483647 |
| averageBatteryAgeInDays | Int32 | The mean of the battery age for all devices of a given model in a tenant. Unit in days. Valid values 0 to 2147483647 |
| meanFullBatteryDrainCount | Int32 | The mean of number of times the battery has been discharged an amount that equals 100% of its capacity for all devices of a given model in a tenant. Valid values 0 to 2147483647 |
| medianMaxCapacityPercentage | Int32 | The median of the maximum capacity for all devices of a given model. Maximum capacity measures the full charge vs. design capacity for a device’s batteries.. Valid values 0 to 2147483647 |
| medianEstimatedRuntimeInMinutes | Int32 | The median of the estimated runtimes on full charge for all devices of a given model. Unit in minutes. Valid values 0 to 2147483647 |
| medianFullBatteryDrainCount | Int32 | The median of number of times the battery has been discharged an amount that equals 100% of its capacity for all devices of a given model in a tenant. Valid values 0 to 2147483647 |
| modelBatteryHealthScore | Int32 | A weighted average of a model’s maximum capacity score and runtime estimate score. Values range from 0-100. Valid values 0 to 2147483647 |
| modelHealthStatus | userExperienceAnalyticsHealthState | The overall battery health status of a given model in a tenant. Possible values are: unknown, insufficientData, needsAttention, meetingGoals, unknownFutureValue. |
Graph reference: userExperienceAnalyticsBatteryHealthOsPerformance
| Property | Type | Description |
|---|---|---|
| id | String | The unique identifier of the user experience analytics battery health os performance object. |
| activeDevices | Int32 | Number of active devices for that os version. Valid values 0 to 2147483647 |
| osVersion | String | Version of the operating system. |
| osBuildNumber | String | Build number of the operating system. |
| averageMaxCapacityPercentage | Int32 | The mean of the maximum capacity for all devices running a particular operating system version. Maximum capacity measures the full charge vs. design capacity for a device’s batteries.. Valid values 0 to 2147483647 |
| averageEstimatedRuntimeInMinutes | Int32 | The mean of the estimated runtimes on full charge for all devices running a particular operating system version. Unit in minutes. Valid values 0 to 2147483647 |
| averageBatteryAgeInDays | Int32 | The mean of the battery age for all devices running a particular operating system version in a tenant. Unit in days. Valid values 0 to 2147483647 |
| meanFullBatteryDrainCount | Int32 | The mean of number of times the battery has been discharged an amount that equals 100% of its capacity for all devices running a particular operating system version in a tenant. Valid values 0 to 2147483647 |
| medianMaxCapacityPercentage | Int32 | The median of the maximum capacity for all devices running a particular operating system version. Maximum capacity measures the full charge vs. design capacity for a device’s batteries.. Valid values 0 to 2147483647 |
| medianEstimatedRuntimeInMinutes | Int32 | The median of the estimated runtimes on full charge for all devices running a particular operating system version. Unit in minutes. Valid values 0 to 2147483647 |
| medianFullBatteryDrainCount | Int32 | The median of number of times the battery has been discharged an amount that equals 100% of its capacity for all devices running a particular operating system version in a tenant. Valid values 0 to 2147483647 |
| osBatteryHealthScore | Int32 | A weighted average of battery health score across all devices running a particular operating system version. Values range from 0-100. Valid values 0 to 2147483647 |
| osHealthStatus | userExperienceAnalyticsHealthState | The overall battery health status of a given os version in a tenant. Possible values are: unknown, insufficientData, needsAttention, meetingGoals, unknownFutureValue. |
Graph reference: userExperienceAnalyticsBatteryHealthRuntimeDetails
| Property | Type | Description |
|---|---|---|
| id | String | The unique identifier of the user experience analytics battery health runtime object. |
| activeDevices | Int32 | Number of active devices within the tenant. Valid values 0 to 2147483647 |
| batteryRuntimeGood | Int32 | Number of devices whose active runtime is greater than 5 hours. Valid values 0 to 2147483647 |
| batteryRuntimeFair | Int32 | Number of devices whose active runtime is greater than 3 hours but lesser than 5 hours. Valid values 0 to 2147483647 |
| batteryRuntimePoor | Int32 | Number of devices whose active runtime is lesser than 3 hours. Valid values 0 to 2147483647 |
| lastRefreshedDateTime | DateTimeOffset | Recorded date time of this runtime details instance. |
Graph reference: userExperienceAnalyticsCategory
| Property | Type | Description |
|---|---|---|
| id | String | The unique identifier of the user experience analytics category. Read-only. |
| overallScore | Int32 | The overall score of the user experience analytics category. |
| totalDevices | Int32 | The total device count of the user experience analytics category. |
| insights | userExperienceAnalyticsInsight collection | The insights for the category. Read-only. |
| state | userExperienceAnalyticsHealthState | The current health state of the user experience analytics category. Possible values are: unknown, insufficientData, needsAttention, meetingGoals, unknownFutureValue. |
Graph reference: userExperienceAnalyticsDevicePerformance
| Property | Type | Description |
|---|---|---|
| id | String | The unique identifier of the user experience analytics device boot performance device. |
| deviceName | String | The user experience analytics device name. |
| model | String | The user experience analytics device model. |
| manufacturer | String | The user experience analytics device manufacturer. |
| diskType | diskType | The user experience analytics device disk type. Possible values are: unknown, hdd, ssd, unknownFutureValue. |
| operatingSystemVersion | String | The user experience analytics device Operating System version. |
| bootScore | Int32 | The user experience analytics device boot score. |
| coreBootTimeInMs | Int32 | The user experience analytics device core boot time in milliseconds. |
| groupPolicyBootTimeInMs | Int32 | The user experience analytics device group policy boot time in milliseconds. |
| healthStatus | userExperienceAnalyticsHealthState | The health state of the user experience analytics device. Possible values are: unknown, insufficientData, needsAttention, meetingGoals, unknownFutureValue. |
| loginScore | Int32 | The user experience analytics device login score. |
| coreLoginTimeInMs | Int32 | The user experience analytics device core login time in milliseconds. |
| groupPolicyLoginTimeInMs | Int32 | The user experience analytics device group policy login time in milliseconds. |
| deviceCount | Int64 | User experience analytics summarized device count. |
| responsiveDesktopTimeInMs | Int32 | The user experience analytics responsive desktop time in milliseconds. |
| blueScreenCount | Int32 | Number of Blue Screens in the last 30 days. Valid values 0 to 9999999 |
| restartCount | Int32 | Number of Restarts in the last 30 days. Valid values 0 to 9999999 |
| averageBlueScreens | Double | Average (mean) number of Blue Screens per device in the last 30 days. Valid values 0 to 9999999 |
| averageRestarts | Double | Average (mean) number of Restarts per device in the last 30 days. Valid values 0 to 9999999 |
| startupPerformanceScore | Double | The user experience analytics device startup performance score. Valid values -1.79769313486232E+308 to 1.79769313486232E+308 |
| modelStartupPerformanceScore | Double | The user experience analytics model level startup performance score. Valid values -1.79769313486232E+308 to 1.79769313486232E+308 |
Graph reference: userExperienceAnalyticsDeviceScope
| Property | Type | Description |
|---|---|---|
| id | String | The unique identifier for the device scope configuration. |
| deviceScopeName | String | The name of the user experience analytics device Scope configuration. |
| ownerId | String | The unique identifier of the person (admin) who created the device scope configuration. |
| isBuiltIn | Boolean | Indicates whether the device scope configuration is built-in or custom. When TRUE, the device scope configuration is built-in. When FALSE, the device scope configuration is custom. Default value is FALSE. |
| enabled | Boolean | Indicates whether a device scope is enabled or disabled. When TRUE, the device scope is enabled. When FALSE, the device scope is disabled. Default value is FALSE. |
| status | deviceScopeStatus | Indicates the device scope status after the device scope has been enabled. Possible values are: none, computing, insufficientData or completed. Default value is none. Possible values are: none, computing, insufficientData, completed, unknownFutureValue. |
| parameter | deviceScopeParameter | Device scope configuration parameter. It will be extended in future to add more parameter. Eg: device scope parameter can be OS version, Disk Type, Device manufacturer, device model or Scope tag. Default value: scopeTag. Possible values are: none, scopeTag, unknownFutureValue. |
| operator | deviceScopeOperator | Device scope configuration query operator. Possible values are: equals, notEquals, contains, notContains, greaterThan, lessThan. Default value: equals. Possible values are: none, equals, unknownFutureValue. |
| valueObjectId | String | The unique identifier for a user device scope tag Id used for the creation of device scope configuration. |
| value | String | The device scope configuration query clause value. |
| createdDateTime | DateTimeOffset | Indicates the creation date and time for the custom device scope. |
| lastModifiedDateTime | DateTimeOffset | Indicates the last updated date and time for the custom device scope. |
Graph reference: userExperienceAnalyticsDeviceScopeSummary
| Property | Type | Description |
|---|---|---|
| totalDeviceScopes | Int32 | The total number of user experience analytics device scopes. Valid values -2147483648 to 2147483647 |
| totalDeviceScopesEnabled | Int32 | The total number of user experience analytics device scopes that are enabled. Valid values -2147483648 to 2147483647 |
| completedDeviceScopeIds | String collection | A collection of the user experience analytics device scope Unique Identifiers that are enabled and finished recalculating the report metric. |
| insufficientDataDeviceScopeIds | String collection | A collection of user experience analytics device scope Unique Identitfiers that are enabled but there is insufficient data to calculate results. |
Graph reference: userExperienceAnalyticsDeviceScores
| Property | Type | Description |
|---|---|---|
| id | String | The unique identifier of the user experience analytics device score entry. Supports: $select, $OrderBy. Read-only. |
| deviceName | String | The name of the device. Supports: $select, $OrderBy. Read-only. |
| model | String | The model name of the device. Supports: $select, $OrderBy. Read-only. |
| manufacturer | String | The manufacturer name of the device. Examples: Microsoft Corporation, HP, Lenovo. Supports: $select, $OrderBy. Read-only. |
| endpointAnalyticsScore | Double | Indicates a weighted average of the various scores. Valid values range from 0-100. Value -1 means associated score is unavailable. A higher score indicates a healthier device. Read-only. Valid values -1.79769313486232E+308 to 1.79769313486232E+308 |
| startupPerformanceScore | Double | Indicates a weighted average of boot score and logon score used for measuring startup performance. Valid values range from 0-100. Value -1 means associated score is unavailable. A higher score indicates a healthier device. Read-only. Valid values -1.79769313486232E+308 to 1.79769313486232E+308 |
| appReliabilityScore | Double | Indicates a score calculated from application health data to indicate when a device is having problems running one or more applications. Valid values range from 0-100. Value -1 means associated score is unavailable. A higher score indicates a healthier device. Read-only. Valid values -1.79769313486232E+308 to 1.79769313486232E+308 |
| workFromAnywhereScore | Double | Indicates a weighted score of the work from anywhere on a device level. Valid values range from 0-100. Value -1 means associated score is unavailable. A higher score indicates a healthier device. Read-only. Valid values -1.79769313486232E+308 to 1.79769313486232E+308 |
| batteryHealthScore | Double | Indicates a calulated score indicating the health of the device's battery. Valid values range from 0-100. Value -1 means associated score is unavailable. A higher score indicates a healthier device. Read-only. Valid values -1.79769313486232E+308 to 1.79769313486232E+308 |
| healthStatus | userExperienceAnalyticsHealthState | The health status of the device. Possible values are: unknown, insufficientData, needsAttention, meetingGoals. Unknown by default. Supports: $filter, $select, $OrderBy. Read-only. Possible values are: unknown, insufficientData, needsAttention, meetingGoals, unknownFutureValue. |
Graph reference: userExperienceAnalyticsDeviceStartupHistory
| Property | Type | Description |
|---|---|---|
| id | String | The unique identifier of the user experience analytics device startup history. Supports: $select, $OrderBy. Read-only. |
| deviceId | String | The Intune device id of the device. Supports: $select, $OrderBy. Read-only. |
| startTime | DateTimeOffset | The device boot start time. The value cannot be modified and is automatically populated when the device performs a reboot. The Timestamp type represents date and time information using ISO 8601 format and is always in UTC time. For example, midnight UTC on Jan 1, 2022 would look like this: '2022-01-01T00:00:00Z'. Returned by default. Read-only. |
| coreBootTimeInMs | Int32 | The device core boot time in milliseconds. Supports: $select, $OrderBy. Read-only. |
| groupPolicyBootTimeInMs | Int32 | The impact of device group policy client on boot time in milliseconds. Supports: $select, $OrderBy. Read-only. |
| featureUpdateBootTimeInMs | Int32 | The impact of device feature updates on boot time in milliseconds. Supports: $select, $OrderBy. Read-only. |
| totalBootTimeInMs | Int32 | The device total boot time in milliseconds. Supports: $select, $OrderBy. Read-only. |
| groupPolicyLoginTimeInMs | Int32 | The impact of device group policy client on login time in milliseconds. Supports: $select, $OrderBy. Read-only. |
| coreLoginTimeInMs | Int32 | The device core login time in milliseconds. Supports: $select, $OrderBy. Read-only. |
| responsiveDesktopTimeInMs | Int32 | The time for desktop to become responsive during login process in milliseconds. Supports: $select, $OrderBy. Read-only. |
| totalLoginTimeInMs | Int32 | The device total login time in milliseconds. Supports: $select, $OrderBy. Read-only. |
| isFirstLogin | Boolean | When TRUE, indicates the device login is the first login after a reboot. When FALSE, indicates the device login is not the first login after a reboot. Supports: $select, $OrderBy. Read-only. |
| isFeatureUpdate | Boolean | When TRUE, indicates the device boot record is associated with feature updates. When FALSE, indicates the device boot record is not associated with feature updates. Supports: $select, $OrderBy. Read-only. |
| operatingSystemVersion | String | The user experience analytics device boot record's operating system version. Supports: $select, $OrderBy. Read-only. |
| restartCategory | userExperienceAnalyticsOperatingSystemRestartCategory | OS restart category. Possible values are: unknown, restartWithUpdate, restartWithoutUpdate, blueScreen, shutdownWithUpdate, shutdownWithoutUpdate, longPowerButtonPress, bootError, update. Unknown by default. Supports: $select, $OrderBy. Read-only. Possible values are: unknown, restartWithUpdate, restartWithoutUpdate, blueScreen, shutdownWithUpdate, shutdownWithoutUpdate, longPowerButtonPress, bootError, update, unknownFutureValue. |
| restartStopCode | String | OS restart stop code. This shows the bug check code which can be used to look up the blue screen reason. Supports: $select, $OrderBy. Read-only. |
| restartFaultBucket | String | OS restart fault bucket. The fault bucket is used to find additional information about a system crash. Supports: $select, $OrderBy. Read-only. |
Graph reference: userExperienceAnalyticsDeviceStartupProcess
| Property | Type | Description |
|---|---|---|
| id | String | The unique identifier of the user experience analytics device startup process. Supports: $select, $OrderBy. Read-only. |
| managedDeviceId | String | The Intune device id of the device. Supports: $select, $OrderBy. Read-only. |
| processName | String | The name of the process. Examples: outlook, excel. Supports: $select, $OrderBy. Read-only. |
| productName | String | The product name of the process. Examples: Microsoft Outlook, Microsoft Excel. Supports: $select, $OrderBy. Read-only. |
| publisher | String | The publisher of the process. Examples: Microsoft Corporation, Contoso Corp. Supports: $select, $OrderBy. Read-only. |
| startupImpactInMs | Int32 | The impact of startup process on device boot time in milliseconds. Supports: $select, $OrderBy. Read-only. |
Graph reference: userExperienceAnalyticsDeviceStartupProcessPerformance
| Property | Type | Description |
|---|---|---|
| id | String | The unique identifier of the user experience analytics device startup process performance. Supports: $select, $OrderBy. Read-only. |
| processName | String | The name of the startup process. Examples: outlook, excel. Supports: $select, $OrderBy. Read-only. |
| productName | String | The product name of the startup process. Examples: Microsoft Outlook, Microsoft Excel. Supports: $select, $OrderBy. Read-only. |
| publisher | String | The publisher of the startup process. Examples: Microsoft Corporation, Contoso Corp. Supports: $select, $OrderBy. Read-only. |
| deviceCount | Int64 | The count of devices which initiated this process on startup. Supports: $filter, $select, $OrderBy. Read-only. |
| medianImpactInMs | Int64 | The median impact of startup process on device boot time in milliseconds. Supports: $filter, $select, $OrderBy. Read-only. |
| totalImpactInMs | Int64 | The total impact of startup process on device boot time in milliseconds. Supports: $filter, $select, $OrderBy. Read-only. |
Graph reference: userExperienceAnalyticsDeviceTimelineEvents
| Property | Type | Description |
|---|---|---|
| id | String | The unique identifier of the user experience analytics NRT device timeline events object. |
| deviceId | String | The id of the device where the event occurred. |
| eventDateTime | DateTimeOffset | The time the event occured. |
| eventLevel | deviceEventLevel | The severity level of the event enum. Possible values are: none, verbose, information, warning, error ,critical. Default value: none. Possible values are: none, verbose, information, warning, error, critical, unknownFutureValue. |
| eventSource | String | The source of the event. Examples include: Intune, Sccm. |
| eventName | String | The name of the event. Examples include: BootEvent, LogonEvent, AppCrashEvent, AppHangEvent. |
| eventDetails | String | The details provided by the event, format depends on event type. |
| eventAdditionalInformation | String | Placeholder value for future expansion. |
Graph reference: userExperienceAnalyticsDeviceWithoutCloudIdentity
| Property | Type | Description |
|---|---|---|
| id | String | The unique identifier of the user experience analytics tenant attach device. |
| deviceName | String | The tenant attach device's name. |
| azureAdDeviceId | String | Azure Active Directory Device Id |
Graph reference: userExperienceAnalyticsImpactingProcess
| Property | Type | Description |
|---|---|---|
| id | String | The unique identifier of the user experience analytics top impacting process entity. |
| deviceId | String | The unique identifier of the impacted device. |
| category | String | The category of impacting process. |
| processName | String | The process name. |
| description | String | The description of process. |
| publisher | String | The publisher of the process. |
| impactValue | Double | The impact value of the process. Valid values 0 to 1.79769313486232E+308 |
Graph reference: userExperienceAnalyticsMetric
| Property | Type | Description |
|---|---|---|
| id | String | The unique identifier of the user experience analytics metric. |
| value | Double | The value of the user experience analytics metric. |
| unit | String | The unit of the user experience analytics metric. Examples: none, percentage, count, seconds, score. |
Graph reference: userExperienceAnalyticsMetricHistory
| Property | Type | Description |
|---|---|---|
| id | String | The unique identifier of the user experience analytics metric history. |
| deviceId | String | The Intune device id of the device. |
| metricDateTime | DateTimeOffset | The metric date time. The value cannot be modified and is automatically populated when the metric is created. The Timestamp type represents date and time information using ISO 8601 format and is always in UTC time. For example, midnight UTC on Jan 1, 2014 would look like this: '2014-01-01T00:00:00Z'. Returned by default. |
| metricType | String | The user experience analytics metric type. |
Graph reference: userExperienceAnalyticsModelScores
| Property | Type | Description |
|---|---|---|
| id | String | The unique identifier of the user experience analytics model score entry. Supports: $select, $OrderBy. Read-only. |
| model | String | The model name of the device. Supports: $select, $OrderBy. Read-only. |
| manufacturer | String | The manufacturer name of the device. Examples: Microsoft Corporation, HP, Lenovo. Supports: $select, $OrderBy. Read-only. |
| modelDeviceCount | Int64 | Indicates unique devices count of given model in a consolidated report. Supports: $select, $OrderBy. Read-only. Valid values -9.22337203685478E+18 to 9.22337203685478E+18 |
| endpointAnalyticsScore | Double | Indicates a weighted average of the various scores. Valid values range from 0-100. Value -1 means associated score is unavailable. A higher score indicates a healthier device. Read-only. Valid values -1.79769313486232E+308 to 1.79769313486232E+308 |
| startupPerformanceScore | Double | Indicates a weighted average of boot score and logon score used for measuring startup performance. Valid values range from 0-100. Value -1 means associated score is unavailable. A higher score indicates a healthier device. Read-only. Valid values -1.79769313486232E+308 to 1.79769313486232E+308 |
| appReliabilityScore | Double | Indicates a score calculated from application health data to indicate when a device is having problems running one or more applications. Valid values range from 0-100. Value -1 means associated score is unavailable. A higher score indicates a healthier device. Read-only. Valid values -1.79769313486232E+308 to 1.79769313486232E+308 |
| workFromAnywhereScore | Double | Indicates a weighted score of the work from anywhere on a device level. Valid values range from 0-100. Value -1 means associated score is unavailable. A higher score indicates a healthier device. Read-only. Valid values -1.79769313486232E+308 to 1.79769313486232E+308 |
| batteryHealthScore | Double | Indicates a calulated score indicating the health of the device's battery. Valid values range from 0-100. Value -1 means associated score is unavailable. A higher score indicates a healthier device. Read-only. Valid values -1.79769313486232E+308 to 1.79769313486232E+308 |
| healthStatus | userExperienceAnalyticsHealthState | The health status of the device. Possible values are: unknown, insufficientData, needsAttention, meetingGoals. Unknown by default. Supports: $filter, $select, $OrderBy. Read-only. Possible values are: unknown, insufficientData, needsAttention, meetingGoals, unknownFutureValue. |
Graph reference: userExperienceAnalyticsNotAutopilotReadyDevice
| Property | Type | Description |
|---|---|---|
| id | String | The unique identifier of the user experience analytics intune device. |
| deviceName | String | The intune device's name. |
| serialNumber | String | The intune device's serial number. |
| manufacturer | String | The intune device's manufacturer. |
| model | String | The intune device's model. |
| managedBy | String | The intune device's managed by. |
| autoPilotRegistered | Boolean | The intune device's autopilotRegistered. |
| autoPilotProfileAssigned | Boolean | The intune device's autopilotProfileAssigned. |
| azureAdRegistered | Boolean | The intune device's azureAdRegistered. |
| azureAdJoinType | String | The intune device's azure Ad joinType. |
Graph reference: userExperienceAnalyticsOverview
| Property | Type | Description |
|---|---|---|
| id | String | The unique identifier of the user experience analytics overview. Supports: $select, $OrderBy. Read-only. |
| overallScore | Int32 | The user experience analytics overall score. |
| deviceBootPerformanceOverallScore | Int32 | The user experience analytics device boot performance overall score. |
| bestPracticesOverallScore | Int32 | The user experience analytics best practices overall score. |
| workFromAnywhereOverallScore | Int32 | The user experience analytics Work From Anywhere overall score. |
| appHealthOverallScore | Int32 | The user experience analytics app health overall score. |
| resourcePerformanceOverallScore | Int32 | The user experience analytics resource performance overall score. |
| batteryHealthOverallScore | Int32 | The user experience analytics battery health overall score. |
| insights | userExperienceAnalyticsInsight collection | The user experience analytics insights. Read-only. |
| state | userExperienceAnalyticsHealthState | The current health state of the user experience analytics overview. Possible values are: unknown, insufficientData, needsAttention, meetingGoals, unknownFutureValue. |
| deviceBootPerformanceHealthState | userExperienceAnalyticsHealthState | The current health state of the user experience analytics 'BootPerformance' category. Possible values are: unknown, insufficientData, needsAttention, meetingGoals, unknownFutureValue. |
| bestPracticesHealthState | userExperienceAnalyticsHealthState | The current health state of the user experience analytics 'BestPractices' category. Possible values are: unknown, insufficientData, needsAttention, meetingGoals, unknownFutureValue. |
| workFromAnywhereHealthState | userExperienceAnalyticsHealthState | The current health state of the user experience analytics 'WorkFromAnywhere' category. Possible values are: unknown, insufficientData, needsAttention, meetingGoals, unknownFutureValue. |
| appHealthState | userExperienceAnalyticsHealthState | The current health state of the user experience analytics 'BestPractices' category. Possible values are: unknown, insufficientData, needsAttention, meetingGoals, unknownFutureValue. |
| resourcePerformanceHealthState | userExperienceAnalyticsHealthState | The current health state of the user experience analytics 'ResourcePerformance' category. Possible values are: unknown, insufficientData, needsAttention, meetingGoals, unknownFutureValue. |
| batteryHealthState | userExperienceAnalyticsHealthState | The current health state of the user experience analytics 'BatteryHealth' category. Possible values are: unknown, insufficientData, needsAttention, meetingGoals, unknownFutureValue. |
Graph reference: userExperienceAnalyticsRegressionSummary
| Property | Type | Description |
|---|---|---|
| id | String | The unique identifier of the user experience analytics regression summary. |
Graph reference: userExperienceAnalyticsRemoteConnection
| Property | Type | Description |
|---|---|---|
| id | String | The unique identifier of the user experience analytics remote connection entity. |
| deviceId | String | The id of the device. |
| deviceName | String | The name of the device. |
| model | String | The user experience analytics device model. |
| virtualNetwork | String | The user experience analytics virtual network. |
| manufacturer | String | The user experience analytics manufacturer. |
| deviceCount | Int32 | The count of remote connection. Valid values 0 to 2147483647 |
| cloudPcRoundTripTime | Double | The round tip time of Cloud PC Device. Valid values 0 to 1.79769313486232E+308 |
| cloudPcSignInTime | Double | The sign in time of Cloud PC Device. Valid values 0 to 1.79769313486232E+308 |
| remoteSignInTime | Double | The remote sign in time of Cloud PC Device. Valid values 0 to 1.79769313486232E+308 |
| coreBootTime | Double | The core boot time of Cloud PC Device. Valid values 0 to 1.79769313486232E+308 |
| coreSignInTime | Double | The core sign in time of Cloud PC Device. Valid values 0 to 1.79769313486232E+308 |
| cloudPcFailurePercentage | Double | The sign in failure percentage of Cloud PC Device. Valid values 0 to 100 |
| userPrincipalName | String | The user experience analytics userPrincipalName. |
Graph reference: userExperienceAnalyticsResourcePerformance
| Property | Type | Description |
|---|---|---|
| id | String | The unique identifier of the user experience analytics resource performance entity. |
| deviceId | String | The id of the device. |
| deviceName | String | The name of the device. |
| model | String | The user experience analytics device model. |
| deviceCount | Int64 | User experience analytics summarized device count. |
| manufacturer | String | The user experience analytics device manufacturer. |
| cpuSpikeTimePercentage | Double | CPU spike time in percentage. Valid values 0 to 100 |
| ramSpikeTimePercentage | Double | RAM spike time in percentage. Valid values 0 to 100 |
| cpuSpikeTimeScore | Int32 | The user experience analytics device CPU spike time score. Valid values 0 to 100 |
| cpuSpikeTimePercentageThreshold | Double | Threshold of cpuSpikeTimeScore. Valid values 0 to 100 |
| ramSpikeTimeScore | Int32 | The user experience analytics device RAM spike time score. Valid values 0 to 100 |
| ramSpikeTimePercentageThreshold | Double | Threshold of ramSpikeTimeScore. Valid values 0 to 100 |
| deviceResourcePerformanceScore | Int32 | Resource performance score of a specific device. Valid values 0 to 100 |
| averageSpikeTimeScore | Int32 | AverageSpikeTimeScore of a device or a model type. Valid values 0 to 100 |
| machineType | userExperienceAnalyticsMachineType | Helps to identify if device is a physical device or virtual. Possible values are: unknown, physical, virtual, unknownFutureValue. |
| cpuDisplayName | String | The name of the processor on the device, For example, 11th Gen Intel(R) Core(TM) i7. |
| totalProcessorCoreCount | Int32 | The count of cores of the processor of device. Valid values 0 to 512 |
| cpuClockSpeedInMHz | Double | The clock speed of the processor, in MHz. Valid values 0 to 1000000 |
| totalRamInMB | Double | The total RAM of the device, in MB. Valid values 0 to 1000000 |
| diskType | diskType | The type of disk storage used on the device. Possible values are: unknown, hdd, ssd, unknownFutureValue. |
| healthStatus | userExperienceAnalyticsHealthState | The health state of the user experience analytics model. Possible values are: unknown, insufficientData, needsAttention, meetingGoals, unknownFutureValue. |
Graph reference: userExperienceAnalyticsScoreHistory
| Property | Type | Description |
|---|---|---|
| id | String | The unique identifier of the user experience analytics device startup process. Supports: $select, $OrderBy. Read-only. |
| startupDateTime | DateTimeOffset | The device startup date time. The value cannot be modified and is automatically populated. The Timestamp type represents date and time information using ISO 8601 format and is always in UTC time. For example, midnight UTC on Jan 1, 2014 would look like this: '2014-01-01T00:00:00Z'. Returned by default. |
| overallScore | Int32 | User experience analytics overall score. Score will be in the range 0-100, 100 is the ideal score. Valid values 0 to 100 |
| startupScore | Int32 | User experience analytics device startup score. Score will be in the range 0-100, 100 is the ideal score. |
| coreBootScore | Int32 | The user experience analytics device core boot score. Score will be in the range 0-100, 100 is the ideal score. |
| coreSigninScore | Int32 | The User experience analytics device core sign-in score. Score will be in the range 0-100, 100 is the ideal score. |
| recommendedSoftwareScore | Int32 | The User experience analytics device core sign-in score. Score will be in the range 0-100, 100 is the ideal score. |
| appHealthOverallScore | Int32 | The User experience analytics app health overall score. |
| workFromAnywhereScore | Int32 | The User experience analytics work from anywhere score. |
| batteryHealthScore | Int32 | The User experience analytics battery health score. |
| startupTotalDevices | Int32 | The total device count of the user experience analytics category startup performance. |
| recommendedSoftwareTotalDevices | Int32 | The total device count of the user experience analytics category recommended software. |
| appHealthTotalDevices | Int32 | The total device count of the user experience analytics category app health. |
| workFromAnywhereTotalDevices | Int32 | The total device count of the user experience analytics category work from anywhere. |
| batteryHealthTotalDevices | Int32 | The total device count of the user experience analytics category battery health. |
| restartScore | Int32 | Restart score. Score will be in the range 0-100, 100 is the ideal score, 0 indicates excessive restarts. Valid values 0 to 9999999 |
Graph reference: intune-devices-userexperienceanalyticssummarizedby
Graph reference: userExperienceAnalyticsWorkFromAnywhereDevice
| Property | Type | Description |
|---|---|---|
| id | String | The unique identifier of the user experience analytics work from anywhere device. Supports: $select, $OrderBy. Read-only. |
| deviceId | String | The Intune device id of the device. Supports: $select, $OrderBy. Read-only. |
| deviceName | String | The name of the device. Supports: $select, $OrderBy. Read-only. |
| serialNumber | String | The serial number of the device. Supports: $select, $OrderBy. Read-only. |
| manufacturer | String | The manufacturer name of the device. Supports: $select, $OrderBy. Read-only. |
| model | String | The model name of the device. Supports: $select, $OrderBy. Read-only. |
| ownership | String | Ownership of the device. Supports: $select, $OrderBy. Read-only. |
| managedBy | String | The management agent of the device. Supports: $select, $OrderBy. Read-only. |
| autoPilotRegistered | Boolean | When TRUE, indicates the intune device's autopilot is registered. When FALSE, indicates it's not registered. Supports: $select, $OrderBy. Read-only. |
| autoPilotProfileAssigned | Boolean | When TRUE, indicates the intune device's autopilot profile is assigned. When FALSE, indicates it's not Assigned. Supports: $select, $OrderBy. Read-only. |
| azureAdRegistered | Boolean | When TRUE, indicates the device's Azure Active Directory (Azure AD) is registered. When False, indicates it's not registered. Supports: $select, $OrderBy. Read-only. |
| azureAdDeviceId | String | The Azure Active Directory (Azure AD) device Id. Supports: $select, $OrderBy. Read-only. |
| azureAdJoinType | String | The work from anywhere device's Azure Active Directory (Azure AD) join type. Supports: $select, $OrderBy. Read-only. |
| osDescription | String | The OS description of the device. Supports: $select, $OrderBy. Read-only. |
| osVersion | String | The OS version of the device. Supports: $select, $OrderBy. Read-only. |
| tenantAttached | Boolean | When TRUE, indicates the device is Tenant Attached. When FALSE, indicates it's not Tenant Attached. Supports: $select, $OrderBy. Read-only. |
| compliancePolicySetToIntune | Boolean | When TRUE, indicates the device's compliance policy is set to intune. When FALSE, indicates it's not set to intune. Supports: $select, $OrderBy. Read-only. |
| otherWorkloadsSetToIntune | Boolean | When TRUE, indicates the device's other workloads is set to intune. When FALSE, indicates it's not set to intune. Supports: $select, $OrderBy. Read-only. |
| isCloudManagedGatewayEnabled | Boolean | When TRUE, indicates the device's Cloud Management Gateway for Configuration Manager is enabled. When FALSE, indicates it's not enabled. Supports: $select, $OrderBy. Read-only. |
| upgradeEligibility | operatingSystemUpgradeEligibility | The windows upgrade eligibility status of device. Possible values are: upgraded, unknown, notCapable, capable. Unknown by default. Supports: $select, $OrderBy. Read-only. Possible values are: upgraded, unknown, notCapable, capable, unknownFutureValue. |
| ramCheckFailed | Boolean | When TRUE, indicates RAM hardware check failed for device to upgrade to the latest version of windows. When FALSE, indicates the check succeeded. Supports: $select, $OrderBy. Read-only. |
| storageCheckFailed | Boolean | When TRUE, indicates storage hardware check failed for device to upgrade to the latest version of windows. When FALSE, indicates the check succeeded. Supports: $select, $OrderBy. Read-only. |
| processorCoreCountCheckFailed | Boolean | When TRUE, indicates processor hardware core count check failed for device to upgrade to the latest version of windows. When FALSE, indicates the check succeeded. Supports: $select, $OrderBy. Read-only. |
| processorSpeedCheckFailed | Boolean | When TRUE, indicates processor hardware speed check failed for device to upgrade to the latest version of windows. When FALSE, indicates the check succeeded. Supports: $select, $OrderBy. Read-only. |
| tpmCheckFailed | Boolean | When TRUE, indicates Trusted Platform Module (TPM) hardware check failed for device to the latest version of upgrade to windows. When FALSE, indicates the check succeeded. Supports: $select, $OrderBy. Read-only. |
| secureBootCheckFailed | Boolean | When TRUE, indicates secure boot hardware check failed for device to upgrade to the latest version of windows. When FALSE, indicates the check succeeded. Supports: $select, $OrderBy. Read-only. |
| processorFamilyCheckFailed | Boolean | When TRUE, indicates processor hardware family check failed for device to upgrade to the latest version of windows. When FALSE, indicates the check succeeded. Supports: $select, $OrderBy. Read-only. |
| processor64BitCheckFailed | Boolean | When TRUE, indicates processor hardware 64-bit architecture check failed for device to upgrade to the latest version of windows. When FALSE, indicates the check succeeded. Supports: $select, $OrderBy. Read-only. |
| osCheckFailed | Boolean | When TRUE, indicates OS check failed for device to upgrade to the latest version of windows. When FALSE, indicates the check succeeded. Supports: $select, $OrderBy. Read-only. |
| workFromAnywhereScore | Double | Indicates work from anywhere per device overall score. Valid values 0 to 100. Value -1 means associated score is unavailable. Supports: $select, $OrderBy. Read-only. Valid values -1.79769313486232E+308 to 1.79769313486232E+308 |
| windowsScore | Double | Indicates per device windows score. Valid values 0 to 100. Value -1 means associated score is unavailable. Supports: $select, $OrderBy. Read-only. Valid values -1.79769313486232E+308 to 1.79769313486232E+308 |
| cloudManagementScore | Double | Indicates per device cloud management score. Valid values 0 to 100. Value -1 means associated score is unavailable. Supports: $select, $OrderBy. Read-only. Valid values -1.79769313486232E+308 to 1.79769313486232E+308 |
| cloudIdentityScore | Double | Indicates per device cloud identity score. Valid values 0 to 100. Value -1 means associated score is unavailable. Supports: $select, $OrderBy. Read-only. Valid values -1.79769313486232E+308 to 1.79769313486232E+308 |
| cloudProvisioningScore | Double | Indicates per device cloud provisioning score. Valid values 0 to 100. Value -1 means associated score is unavailable. Supports: $select, $OrderBy. Read-only. Valid values -1.79769313486232E+308 to 1.79769313486232E+308 |
| healthStatus | userExperienceAnalyticsHealthState | The health state of the user experience analytics work from anywhere device. Possible values are: unknown, insufficientData, needsAttention, meetingGoals. Unknown by default. Supports: $select, $OrderBy. Read-only. Possible values are: unknown, insufficientData, needsAttention, meetingGoals, unknownFutureValue. |
Graph reference: userExperienceAnalyticsWorkFromAnywhereHardwareReadinessMetric
| Property | Type | Description |
|---|---|---|
| id | String | The unique identifier of the user experience analytics hardware readiness metric object. Supports: $select, $OrderBy. Read-only. |
| totalDeviceCount | Int32 | The count of total devices in an organization. Valid values 0 to 2147483647. Supports: $select, $OrderBy. Read-only. Valid values -2147483648 to 2147483647 |
| upgradeEligibleDeviceCount | Int32 | The count of devices in an organization eligible for windows upgrade. Valid values 0 to 2147483647. Supports: $select, $OrderBy. Read-only. Valid values -2147483648 to 2147483647 |
| ramCheckFailedPercentage | Double | The percentage of devices for which RAM hardware check has failed. Valid values 0 to 100. Supports: $select, $OrderBy. Read-only. Valid values -1.79769313486232E+308 to 1.79769313486232E+308 |
| storageCheckFailedPercentage | Double | The percentage of devices for which storage hardware check has failed. Valid values 0 to 100. Supports: $select, $OrderBy. Read-only. Valid values -1.79769313486232E+308 to 1.79769313486232E+308 |
| processorCoreCountCheckFailedPercentage | Double | The percentage of devices for which processor hardware core count check has failed. Valid values 0 to 100. Supports: $select, $OrderBy. Read-only. Valid values -1.79769313486232E+308 to 1.79769313486232E+308 |
| processorSpeedCheckFailedPercentage | Double | The percentage of devices for which processor hardware speed check has failed. Valid values 0 to 100. Supports: $select, $OrderBy. Read-only. Valid values -1.79769313486232E+308 to 1.79769313486232E+308 |
| tpmCheckFailedPercentage | Double | The percentage of devices for which Trusted Platform Module (TPM) hardware check has failed. Valid values 0 to 100. Supports: $select, $OrderBy. Read-only. Valid values -1.79769313486232E+308 to 1.79769313486232E+308 |
| secureBootCheckFailedPercentage | Double | The percentage of devices for which secure boot hardware check has failed. Valid values 0 to 100. Supports: $select, $OrderBy. Read-only. Valid values -1.79769313486232E+308 to 1.79769313486232E+308 |
| processorFamilyCheckFailedPercentage | Double | The percentage of devices for which processor hardware family check has failed. Valid values 0 to 100. Supports: $select, $OrderBy. Read-only. Valid values -1.79769313486232E+308 to 1.79769313486232E+308 |
| processor64BitCheckFailedPercentage | Double | The percentage of devices for which processor hardware 64-bit architecture check has failed. Valid values 0 to 100. Supports: $select, $OrderBy. Read-only. Valid values -1.79769313486232E+308 to 1.79769313486232E+308 |
| osCheckFailedPercentage | Double | The percentage of devices for which OS check has failed. Valid values 0 to 100. Supports: $select, $OrderBy. Read-only. Valid values -1.79769313486232E+308 to 1.79769313486232E+308 |
Graph reference: userExperienceAnalyticsWorkFromAnywhereMetric
| Property | Type | Description |
|---|---|---|
| id | String | The unique identifier of the user experience analytics work from anywhere metric. Read-only. |
Graph reference: userExperienceAnalyticsWorkFromAnywhereModelPerformance
| Property | Type | Description |
|---|---|---|
| id | String | The unique identifier of the work from anywhere model performance object. Supports: $select, $OrderBy. Read-only. |
| model | String | The model name of the device. Supports: $select, $OrderBy. Read-only. |
| manufacturer | String | The manufacturer name of the device. Supports: $select, $OrderBy. Read-only. |
| modelDeviceCount | Int32 | The devices count for the model. Supports: $select, $OrderBy. Read-only. Valid values -2147483648 to 2147483647 |
| workFromAnywhereScore | Double | The work from anywhere score of the device model. Valid values 0 to 100. Value -1 means associated score is unavailable. Supports: $select, $OrderBy. Read-only. Valid values -1.79769313486232E+308 to 1.79769313486232E+308 |
| windowsScore | Double | The window score of the device model. Valid values 0 to 100. Value -1 means associated score is unavailable. Supports: $select, $OrderBy. Read-only. Valid values -1.79769313486232E+308 to 1.79769313486232E+308 |
| cloudManagementScore | Double | The cloud management score of the device model. Valid values 0 to 100. Value -1 means associated score is unavailable. Supports: $select, $OrderBy. Read-only. Valid values -1.79769313486232E+308 to 1.79769313486232E+308 |
| cloudIdentityScore | Double | The cloud identity score of the device model. Valid values 0 to 100. Value -1 means associated score is unavailable. Supports: $select, $OrderBy. Read-only. Valid values -1.79769313486232E+308 to 1.79769313486232E+308 |
| cloudProvisioningScore | Double | The cloud provisioning score of the device model. Valid values 0 to 100. Value -1 means associated score is unavailable. Supports: $select, $OrderBy. Read-only. Valid values -1.79769313486232E+308 to 1.79769313486232E+308 |
| healthStatus | userExperienceAnalyticsHealthState | The health state of the user experience analytics work from anywhere device model. Possible values are: unknown, insufficientData, needsAttention, meetingGoals. Unknown by default. Supports: $select, $OrderBy. Read-only. Possible values are: unknown, insufficientData, needsAttention, meetingGoals, unknownFutureValue. |
Graph reference: windowsDeviceMalwareState
| Property | Type | Description |
|---|---|---|
| id | String | The unique Identifier. This is malware id. |
| displayName | String | Malware name |
| additionalInformationUrl | String | Information URL to learn more about the malware |
| severity | windowsMalwareSeverity | Severity of the malware. Possible values are: unknown, low, moderate, high, severe. |
| executionState | windowsMalwareExecutionState | Execution status of the malware like blocked/executing etc. Possible values are: unknown, blocked, allowed, running, notRunning. |
| state | windowsMalwareState | Current status of the malware like cleaned/quarantined/allowed etc. Possible values are: unknown, detected, cleaned, quarantined, removed, allowed, blocked, cleanFailed, quarantineFailed, removeFailed, allowFailed, abandoned, blockFailed. |
| threatState | windowsMalwareThreatState | Current status of the malware like cleaned/quarantined/allowed etc. Possible values are: active, actionFailed, manualStepsRequired, fullScanRequired, rebootRequired, remediatedWithNonCriticalFailures, quarantined, removed, cleaned, allowed, noStatusCleared. |
| initialDetectionDateTime | DateTimeOffset | Initial detection datetime of the malware |
| lastStateChangeDateTime | DateTimeOffset | The last time this particular threat was changed |
| detectionCount | Int32 | Number of times the malware is detected |
| category | windowsMalwareCategory | Category of the malware. Possible values are: invalid, adware, spyware, passwordStealer, trojanDownloader, worm, backdoor, remoteAccessTrojan, trojan, emailFlooder, keylogger, dialer, monitoringSoftware, browserModifier, cookie, browserPlugin, aolExploit, nuker, securityDisabler, jokeProgram, hostileActiveXControl, softwareBundler, stealthNotifier, settingsModifier, toolBar, remoteControlSoftware, trojanFtp, potentialUnwantedSoftware, icqExploit, trojanTelnet, exploit, filesharingProgram, malwareCreationTool, remote_Control_Software, tool, trojanDenialOfService, trojanDropper, trojanMassMailer, trojanMonitoringSoftware, trojanProxyServer, virus, known, unknown, spp, behavior, vulnerability, policy, enterpriseUnwantedSoftware, ransom, hipsRule. |
Graph reference: windowsMalwareInformation
| Property | Type | Description |
|---|---|---|
| id | String | The unique Identifier. This is malware id. |
| displayName | String | Indicates the name of the malware |
| additionalInformationUrl | String | Indicates an informational URL to learn more about the malware |
| severity | windowsMalwareSeverity | Severity of the malware. Possible values are: unknown, low, moderate, high, severe. default is unknown. Possible values are: unknown, low, moderate, high, severe. |
| category | windowsMalwareCategory | Category of the malware. Possible values are: invalid, adware, spyware, passwordStealer, trojanDownloader, worm, backdoor, remoteAccessTrojan, trojan, emailFlooder, keylogger, dialer, monitoringSoftware, browserModifier, cookie, browserPlugin, aolExploit, nuker, securityDisabler, jokeProgram, hostileActiveXControl, softwareBundler, stealthNotifier, settingsModifier, toolBar, remoteControlSoftware, trojanFtp, potentialUnwantedSoftware, icqExploit, trojanTelnet, exploit, filesharingProgram, malwareCreationTool, remote_Control_Software, tool, trojanDenialOfService, trojanDropper, trojanMassMailer, trojanMonitoringSoftware, trojanProxyServer, virus, known, unknown, spp, behavior, vulnerability, policy, enterpriseUnwantedSoftware, ransom, hipsRule. default value is invalid. Possible values are: invalid, adware, spyware, passwordStealer, trojanDownloader, worm, backdoor, remoteAccessTrojan, trojan, emailFlooder, keylogger, dialer, monitoringSoftware, browserModifier, cookie, browserPlugin, aolExploit, nuker, securityDisabler, jokeProgram, hostileActiveXControl, softwareBundler, stealthNotifier, settingsModifier, toolBar, remoteControlSoftware, trojanFtp, potentialUnwantedSoftware, icqExploit, trojanTelnet, exploit, filesharingProgram, malwareCreationTool, remote_Control_Software, tool, trojanDenialOfService, trojanDropper, trojanMassMailer, trojanMonitoringSoftware, trojanProxyServer, virus, known, unknown, spp, behavior, vulnerability, policy, enterpriseUnwantedSoftware, ransom, hipsRule. |
| lastDetectionDateTime | DateTimeOffset | Indicates the last time the malware was detected in UTC |
Graph reference: windowsManagedDevice
| Property | Type | Description |
|---|---|---|
| id | String | Unique Identifier for the device. This property is read-only. Inherited from managedDevice |
| userId | String | Unique Identifier for the user associated with the device. This property is read-only. Inherited from managedDevice |
| deviceName | String | Name of the device. This property is read-only. Inherited from managedDevice |
| hardwareInformation | hardwareInformation | The hardward details for the device. Includes information such as storage space, manufacturer, serial number, etc. By default most property of this type are set to null/0/false and enum defaults for associated types. To retrieve actual values GET call needs to be made, with device id and included in select parameter. Supports: $select. $Search is not supported. Read-only. This property is read-only. Inherited from managedDevice |
| ownerType | ownerType | Ownership of the device. Possible values are, 'company' or 'personal'. Default is unknown. Supports $filter operator 'eq' and 'or'. Inherited from managedDevice. Possible values are: unknown, company, personal. |
| managedDeviceOwnerType | managedDeviceOwnerType | Ownership of the device. Can be 'company' or 'personal' Inherited from managedDevice. Possible values are: unknown, company, personal. |
| deviceActionResults | deviceActionResult collection | List of ComplexType deviceActionResult objects. This property is read-only. Inherited from managedDevice |
| managementState | managementState | Management state of the device. Examples: Managed, RetirePending, etc. Default is managed. Supports $filter operator 'eq' and 'or'. This property is read-only. Inherited from managedDevice. Possible values are: managed, retirePending, retireFailed, wipePending, wipeFailed, unhealthy, deletePending, retireIssued, wipeIssued, wipeCanceled, retireCanceled, discovered. |
| enrolledDateTime | DateTimeOffset | Enrollment time of the device. Supports $filter operator 'lt' and 'gt'. This property is read-only. Inherited from managedDevice |
| lastSyncDateTime | DateTimeOffset | The date and time that the device last completed a successful sync with Intune. Supports $filter operator 'lt' and 'gt'. This property is read-only. Inherited from managedDevice |
| chassisType | chassisType | Chassis type of the device. This property is read-only. Inherited from managedDevice. Possible values are: unknown, desktop, laptop, worksWorkstation, enterpriseServer, phone, tablet, mobileOther, mobileUnknown. |
| operatingSystem | String | Operating system of the device. Windows, iOS, etc. This property is read-only. Inherited from managedDevice |
| deviceType | deviceType | Platform of the device. Examples: Desktop, WindowsRT, etc. Default is unknown. Supports $filter operator 'eq' and 'or'. This property is read-only. Inherited from managedDevice. Possible values are: desktop, windowsRT, winMO6, nokia, windowsPhone, mac, winCE, winEmbedded, iPhone, iPad, iPod, android, iSocConsumer, unix, macMDM, holoLens, surfaceHub, androidForWork, androidEnterprise, windows10x, androidnGMS, chromeOS, linux, blackberry, palm, unknown, cloudPC. |
| complianceState | complianceState | Compliance state of the device. Examples: Compliant, Conflict, Error, etc. Default is unknown. Supports $filter operator 'eq' and 'or'. This property is read-only. Inherited from managedDevice. Possible values are: unknown, compliant, noncompliant, conflict, error, inGracePeriod, configManager. |
| jailBroken | String | Whether the device is jail broken or rooted. Default is an empty string. Supports $filter operator 'eq' and 'or'. This property is read-only. Inherited from managedDevice |
| managementAgent | managementAgentType | Management channel of the device. Examples: Intune, EAS, etc. Default is unknown. Supports $filter operator 'eq' and 'or'. This property is read-only. Inherited from managedDevice. Possible values are: eas, mdm, easMdm, intuneClient, easIntuneClient, configurationManagerClient, configurationManagerClientMdm, configurationManagerClientMdmEas, unknown, jamf, googleCloudDevicePolicyController, microsoft365ManagedMdm, msSense, intuneAosp, google, unknownFutureValue. |
| osVersion | String | Operating system version of the device. This property is read-only. Inherited from managedDevice |
| easActivated | Boolean | Whether the device is Exchange ActiveSync activated. This property is read-only. Inherited from managedDevice |
| easDeviceId | String | Exchange ActiveSync Id of the device. This property is read-only. Inherited from managedDevice |
| easActivationDateTime | DateTimeOffset | Exchange ActivationSync activation time of the device. This property is read-only. Inherited from managedDevice |
| aadRegistered | Boolean | Whether the device is Azure Active Directory registered. This property is read-only. Inherited from managedDevice |
| azureADRegistered | Boolean | Whether the device is Azure Active Directory registered. This property is read-only. Inherited from managedDevice |
| deviceEnrollmentType | deviceEnrollmentType | Enrollment type of the device. This property is read-only. Inherited from managedDevice. Possible values are: unknown, userEnrollment, deviceEnrollmentManager, appleBulkWithUser, appleBulkWithoutUser, windowsAzureADJoin, windowsBulkUserless, windowsAutoEnrollment, windowsBulkAzureDomainJoin, windowsCoManagement, windowsAzureADJoinUsingDeviceAuth, appleUserEnrollment, appleUserEnrollmentWithServiceAccount, azureAdJoinUsingAzureVmExtension, androidEnterpriseDedicatedDevice, androidEnterpriseFullyManaged, androidEnterpriseCorporateWorkProfile, appleACMEBasicBYOD, appleACMEDEPUserless, appleACMEDEPUDACompanyPortal, appleACMEDEPUDASetupAsstLegacy, appleACMEDEPUDAModernAuth. |
| lostModeState | lostModeState | Indicates if Lost mode is enabled or disabled. This property is read-only. Inherited from managedDevice. Possible values are: disabled, enabled. |
| activationLockBypassCode | String | The code that allows the Activation Lock on managed device to be bypassed. Default, is Null (Non-Default property) for this property when returned as part of managedDevice entity in LIST call. To retrieve actual values GET call needs to be made, with device id and included in select parameter. Supports: $select. $Search is not supported. Read-only. This property is read-only. Inherited from managedDevice |
| emailAddress | String | Email(s) for the user associated with the device. This property is read-only. Inherited from managedDevice |
| azureActiveDirectoryDeviceId | String | The unique identifier for the Azure Active Directory device. Read only. This property is read-only. Inherited from managedDevice |
| azureADDeviceId | String | The unique identifier for the Azure Active Directory device. Read only. This property is read-only. Inherited from managedDevice |
| deviceRegistrationState | deviceRegistrationState | Device registration state. This property is read-only. Inherited from managedDevice. Possible values are: notRegistered, registered, revoked, keyConflict, approvalPending, certificateReset, notRegisteredPendingEnrollment, unknown. |
| deviceCategoryDisplayName | String | Device category display name. Default is an empty string. Supports $filter operator 'eq' and 'or'. This property is read-only. Inherited from managedDevice |
| isSupervised | Boolean | Device supervised status. This property is read-only. Inherited from managedDevice |
| exchangeLastSuccessfulSyncDateTime | DateTimeOffset | Last time the device contacted Exchange. This property is read-only. Inherited from managedDevice |
| exchangeAccessState | deviceManagementExchangeAccessState | The Access State of the device in Exchange. This property is read-only. Inherited from managedDevice. Possible values are: none, unknown, allowed, blocked, quarantined. |
| exchangeAccessStateReason | deviceManagementExchangeAccessStateReason | The reason for the device's access state in Exchange. This property is read-only. Inherited from managedDevice. Possible values are: none, unknown, exchangeGlobalRule, exchangeIndividualRule, exchangeDeviceRule, exchangeUpgrade, exchangeMailboxPolicy, other, compliant, notCompliant, notEnrolled, unknownLocation, mfaRequired, azureADBlockDueToAccessPolicy, compromisedPassword, deviceNotKnownWithManagedApp. |
| remoteAssistanceSessionUrl | String | Url that allows a Remote Assistance session to be established with the device. Default is an empty string. To retrieve actual values GET call needs to be made, with device id and included in select parameter. This property is read-only. Inherited from managedDevice |
| remoteAssistanceSessionErrorDetails | String | An error string that identifies issues when creating Remote Assistance session objects. This property is read-only. Inherited from managedDevice |
| isEncrypted | Boolean | Device encryption status. This property is read-only. Inherited from managedDevice |
| userPrincipalName | String | Device user principal name. This property is read-only. Inherited from managedDevice |
| model | String | Model of the device. This property is read-only. Inherited from managedDevice |
| manufacturer | String | Manufacturer of the device. This property is read-only. Inherited from managedDevice |
| imei | String | IMEI. This property is read-only. Inherited from managedDevice |
| complianceGracePeriodExpirationDateTime | DateTimeOffset | The DateTime when device compliance grace period expires. This property is read-only. Inherited from managedDevice |
| serialNumber | String | SerialNumber. This property is read-only. Inherited from managedDevice |
| phoneNumber | String | Phone number of the device. This property is read-only. Inherited from managedDevice |
| androidSecurityPatchLevel | String | Android security patch level. This property is read-only. Inherited from managedDevice |
| userDisplayName | String | User display name. This property is read-only. Inherited from managedDevice |
| configurationManagerClientEnabledFeatures | configurationManagerClientEnabledFeatures | ConfigrMgr client enabled features. This property is read-only. Inherited from managedDevice |
| wiFiMacAddress | String | Wi-Fi MAC. This property is read-only. Inherited from managedDevice |
| deviceHealthAttestationState | deviceHealthAttestationState | The device health attestation state. This property is read-only. Inherited from managedDevice |
| subscriberCarrier | String | Subscriber Carrier. This property is read-only. Inherited from managedDevice |
| meid | String | MEID. This property is read-only. Inherited from managedDevice |
| totalStorageSpaceInBytes | Int64 | Total Storage in Bytes. This property is read-only. Inherited from managedDevice |
| freeStorageSpaceInBytes | Int64 | Free Storage in Bytes. Default value is 0. Read-only. This property is read-only. Inherited from managedDevice |
| managedDeviceName | String | Automatically generated name to identify a device. Can be overwritten to a user friendly name. Inherited from managedDevice |
| partnerReportedThreatState | managedDevicePartnerReportedHealthState | Indicates the threat state of a device when a Mobile Threat Defense partner is in use by the account and device. Read Only. This property is read-only. Inherited from managedDevice. Possible values are: unknown, activated, deactivated, secured, lowSeverity, mediumSeverity, highSeverity, unresponsive, compromised, misconfigured. |
| retireAfterDateTime | DateTimeOffset | Indicates the time after when a device will be auto retired because of scheduled action. This property is read-only. Inherited from managedDevice |
| usersLoggedOn | loggedOnUser collection | Indicates the last logged on users of a device. This property is read-only. Inherited from managedDevice |
| preferMdmOverGroupPolicyAppliedDateTime | DateTimeOffset | Reports the DateTime the preferMdmOverGroupPolicy setting was set. When set, the Intune MDM settings will override Group Policy settings if there is a conflict. Read Only. This property is read-only. Inherited from managedDevice |
| autopilotEnrolled | Boolean | Reports if the managed device is enrolled via auto-pilot. This property is read-only. Inherited from managedDevice |
| requireUserEnrollmentApproval | Boolean | Reports if the managed iOS device is user approval enrollment. This property is read-only. Inherited from managedDevice |
| managementCertificateExpirationDate | DateTimeOffset | Reports device management certificate expiration date. This property is read-only. Inherited from managedDevice |
| iccid | String | Integrated Circuit Card Identifier, it is A SIM card's unique identification number. Default is an empty string. To retrieve actual values GET call needs to be made, with device id and included in select parameter. Supports: $select. $Search is not supported. Read-only. This property is read-only. Inherited from managedDevice |
| udid | String | Unique Device Identifier for iOS and macOS devices. Default is an empty string. To retrieve actual values GET call needs to be made, with device id and included in select parameter. Supports: $select. $Search is not supported. Read-only. This property is read-only. Inherited from managedDevice |
| roleScopeTagIds | String collection | List of Scope Tag IDs for this Device instance. Inherited from managedDevice |
| windowsActiveMalwareCount | Int32 | Count of active malware for this windows device. Default is 0. To retrieve actual values GET call needs to be made, with device id and included in select parameter. This property is read-only. Inherited from managedDevice |
| windowsRemediatedMalwareCount | Int32 | Count of remediated malware for this windows device. Default is 0. To retrieve actual values GET call needs to be made, with device id and included in select parameter. This property is read-only. Inherited from managedDevice |
| notes | String | Notes on the device created by IT Admin. Default is null. To retrieve actual values GET call needs to be made, with device id and included in select parameter. Supports: $select. $Search is not supported. Inherited from managedDevice |
| configurationManagerClientHealthState | configurationManagerClientHealthState | Configuration manager client health state, valid only for devices managed by MDM/ConfigMgr Agent Inherited from managedDevice |
| configurationManagerClientInformation | configurationManagerClientInformation | Configuration manager client information, valid only for devices managed, duel-managed or tri-managed by ConfigMgr Agent Inherited from managedDevice |
| ethernetMacAddress | String | Indicates Ethernet MAC Address of the device. Default, is Null (Non-Default property) for this property when returned as part of managedDevice entity. Individual get call with select query options is needed to retrieve actual values. Example: deviceManagement/managedDevices({managedDeviceId})?$select=ethernetMacAddress Supports: $select. $Search is not supported. Read-only. This property is read-only. Inherited from managedDevice |
| physicalMemoryInBytes | Int64 | Total Memory in Bytes. Default is 0. To retrieve actual values GET call needs to be made, with device id and included in select parameter. Supports: $select. Read-only. This property is read-only. Inherited from managedDevice |
| processorArchitecture | managedDeviceArchitecture | Processor architecture. This property is read-only. Inherited from managedDevice. Possible values are: unknown, x86, x64, arm, arM64. |
| specificationVersion | String | Specification version. This property is read-only. Inherited from managedDevice |
| joinType | joinType | Device join type Inherited from managedDevice. Possible values are: unknown, azureADJoined, azureADRegistered, hybridAzureADJoined. |
| skuFamily | String | Device sku family Inherited from managedDevice |
| securityPatchLevel | String | This indicates the security patch level of the operating system. These special updates contain important security fixes. For iOS/MacOS they are in (a) format. For android its in 2017-08-07 format. This property is read-only. Inherited from managedDevice |
| skuNumber | Int32 | Device sku number, see also: https://learn.microsoft.com/windows/win32/api/sysinfoapi/nf-sysinfoapi-getproductinfo. Valid values 0 to 2147483647. This property is read-only. Inherited from managedDevice |
| managementFeatures | managedDeviceManagementFeatures | Device management features Inherited from managedDevice. Possible values are: none, microsoftManagedDesktop. |
| chromeOSDeviceInfo | chromeOSDeviceProperty collection | List of properties of the ChromeOS Device. Default is an empty list. To retrieve actual values GET call needs to be made, with device id and included in select parameter. Inherited from managedDevice |
| enrollmentProfileName | String | Name of the enrollment profile assigned to the device. Default value is empty string, indicating no enrollment profile was assgined. This property is read-only. Inherited from managedDevice |
| bootstrapTokenEscrowed | Boolean | Reports if the managed device has an escrowed Bootstrap Token. This is only for macOS devices. To get, include BootstrapTokenEscrowed in the select clause and query with a device id. If FALSE, no bootstrap token is escrowed. If TRUE, the device has escrowed a bootstrap token with Intune. This property is read-only. Inherited from managedDevice |
| deviceFirmwareConfigurationInterfaceManaged | Boolean | Indicates whether the device is DFCI managed. When TRUE the device is DFCI managed. When FALSE, the device is not DFCI managed. The default value is FALSE. Inherited from managedDevice |
| deviceIdentityAttestationDetail | deviceIdentityAttestationDetail | Indicates the attestation status of the managed device. And in which way. Default: Unknown. Inherited from managedDevice |
Graph reference: windowsManagementApp
| Property | Type | Description |
|---|---|---|
| id | String | Unique Identifier for the Windows management app |
| availableVersion | String | Windows management app available version. |
| managedInstaller | managedInstallerStatus | Managed Installer Status. Possible values are: disabled, enabled. |
| managedInstallerConfiguredDateTime | String | Managed Installer Configured Date Time |
Graph reference: windowsManagementAppHealthState
| Property | Type | Description |
|---|---|---|
| id | String | Unique Identifier for the Windows management app health state. This property is read-only. |
| healthState | healthState | Windows management app health state. Possible values are: unknown, healthy, unhealthy. |
| installedVersion | String | Windows management app installed version. |
| lastCheckInDateTime | DateTimeOffset | Windows management app last check-in time. |
| deviceName | String | Name of the device on which Windows management app is installed. |
| deviceOSVersion | String | Windows 10 OS version of the device on which Windows management app is installed. |
Graph reference: windowsProtectionState
| Property | Type | Description |
|---|---|---|
| id | String | The unique Identifier for the device protection status object. This is device id of the device |
| malwareProtectionEnabled | Boolean | When TRUE indicates anti malware is enabled when FALSE indicates anti malware is not enabled. |
| deviceState | windowsDeviceHealthState | Indicates device's health state. Possible values are: clean, fullScanPending, rebootPending, manualStepsPending, offlineScanPending, critical. Possible values are: clean, fullScanPending, rebootPending, manualStepsPending, offlineScanPending, critical. |
| realTimeProtectionEnabled | Boolean | When TRUE indicates real time protection is enabled, when FALSE indicates real time protection is not enabled. Defaults to setting on client device. |
| networkInspectionSystemEnabled | Boolean | When TRUE indicates network inspection system enabled, when FALSE indicates network inspection system is not enabled. Defaults to setting on client device. |
| quickScanOverdue | Boolean | When TRUE indicates quick scan is overdue, when FALSE indicates quick scan is not overdue. Defaults to setting on client device. |
| fullScanOverdue | Boolean | When TRUE indicates full scan is overdue, when FALSE indicates full scan is not overdue. Defaults to setting on client device. |
| signatureUpdateOverdue | Boolean | When TRUE indicates signature is out of date, when FALSE indicates signature is not out of date. Defaults to setting on client device. |
| rebootRequired | Boolean | When TRUE indicates reboot is required, when FALSE indicates when TRUE indicates reboot is not required. Defaults to setting on client device. |
| fullScanRequired | Boolean | When TRUE indicates full scan is required, when FALSE indicates full scan is not required. Defaults to setting on client device. |
| engineVersion | String | Current endpoint protection engine's version |
| signatureVersion | String | Current malware definitions version |
| antiMalwareVersion | String | Current anti malware version |
| lastQuickScanDateTime | DateTimeOffset | Last quick scan datetime |
| lastFullScanDateTime | DateTimeOffset | Last quick scan datetime |
| lastQuickScanSignatureVersion | String | Last quick scan signature version |
| lastFullScanSignatureVersion | String | Last full scan signature version |
| lastReportedDateTime | DateTimeOffset | Last device health status reported time |
| productStatus | windowsDefenderProductStatus | Product Status of Windows Defender Antivirus. Possible values are: noStatus, serviceNotRunning, serviceStartedWithoutMalwareProtection, pendingFullScanDueToThreatAction, pendingRebootDueToThreatAction, pendingManualStepsDueToThreatAction, avSignaturesOutOfDate, asSignaturesOutOfDate, noQuickScanHappenedForSpecifiedPeriod, noFullScanHappenedForSpecifiedPeriod, systemInitiatedScanInProgress, systemInitiatedCleanInProgress, samplesPendingSubmission, productRunningInEvaluationMode, productRunningInNonGenuineMode, productExpired, offlineScanRequired, serviceShutdownAsPartOfSystemShutdown, threatRemediationFailedCritically, threatRemediationFailedNonCritically, noStatusFlagsSet, platformOutOfDate, platformUpdateInProgress, platformAboutToBeOutdated, signatureOrPlatformEndOfLifeIsPastOrIsImpending, windowsSModeSignaturesInUseOnNonWin10SInstall. Possible values are: noStatus, serviceNotRunning, serviceStartedWithoutMalwareProtection, pendingFullScanDueToThreatAction, pendingRebootDueToThreatAction, pendingManualStepsDueToThreatAction, avSignaturesOutOfDate, asSignaturesOutOfDate, noQuickScanHappenedForSpecifiedPeriod, noFullScanHappenedForSpecifiedPeriod, systemInitiatedScanInProgress, systemInitiatedCleanInProgress, samplesPendingSubmission, productRunningInEvaluationMode, productRunningInNonGenuineMode, productExpired, offlineScanRequired, serviceShutdownAsPartOfSystemShutdown, threatRemediationFailedCritically, threatRemediationFailedNonCritically, noStatusFlagsSet, platformOutOfDate, platformUpdateInProgress, platformAboutToBeOutdated, signatureOrPlatformEndOfLifeIsPastOrIsImpending, windowsSModeSignaturesInUseOnNonWin10SInstall. |
| isVirtualMachine | Boolean | When TRUE indicates the device is a virtual machine, when FALSE indicates the device is not a virtual machine. Defaults to setting on client device. |
| tamperProtectionEnabled | Boolean | When TRUE indicates the Windows Defender tamper protection feature is enabled, when FALSE indicates the Windows Defender tamper protection feature is not enabled. Defaults to setting on client device. |
Graph reference: activeDirectoryWindowsAutopilotDeploymentProfile
| Property | Type | Description |
|---|---|---|
| id | String | Profile Key Inherited from windowsAutopilotDeploymentProfile |
| displayName | String | The display name of the deployment profile. Max allowed length is 200 chars. Returned by default. Supports: $select, $top, $skip, $orderby. $Search and $filter are not supported. Inherited from windowsAutopilotDeploymentProfile |
| description | String | A description of the deployment profile. Max allowed length is 1500 chars. Supports: $select, $top, $skip, $orderBy. $Search and $filter are not supported. Inherited from windowsAutopilotDeploymentProfile |
| language | String | The language code to be used when configuring the device. E.g. en-US. The default value is os-default. Supports: $select, $top, $skip. $Search, $orderBy and $filter are not supported. Read-Only. Starting from May 2024 this property will no longer be supported and will be marked as deprecated. Use locale instead. Inherited from windowsAutopilotDeploymentProfile |
| locale | String | The locale (language) to be used when configuring the device. E.g. en-US. The default value is os-default. Supports: $select, $top, $skip. $Search, $orderBy and $filter are not supported. Inherited from windowsAutopilotDeploymentProfile |
| createdDateTime | DateTimeOffset | The date and time of when the deployment profile was created. The value cannot be modified and is automatically populated when the profile was created. The timestamp type represents date and time information using ISO 8601 format and is always in UTC time. For example, midnight UTC on Jan 1, 2014 would look like this: '2014-01-01T00:00:00Z'. Supports: $select, $top, $skip. $Search, $orderBy and $filter are not supported. Read-Only. Inherited from windowsAutopilotDeploymentProfile |
| lastModifiedDateTime | DateTimeOffset | The date and time of when the deployment profile was last modified. The value cannot be updated manually and is automatically populated when any changes are made to the profile. The Timestamp type represents date and time information using ISO 8601 format and is always in UTC time. For example, midnight UTC on Jan 1, 2014 would look like this: '2014-01-01T00:00:00Z'. Supports: $select, $top, $skip. $Search, $orderBy and $filter are not supported Read-Only. Inherited from windowsAutopilotDeploymentProfile |
| outOfBoxExperienceSettings | outOfBoxExperienceSettings | The Windows Autopilot Deployment Profile settings used by the Autopilot device for out-of-box experience. Supports: $select, $top, $skip. $Search, $orderBy and $filter are not supported. Read-Only. Starting from May 2024 this property will no longer be supported and will be marked as deprecated. Use outOfBoxExperienceSetting instead. Inherited from windowsAutopilotDeploymentProfile |
| outOfBoxExperienceSetting | outOfBoxExperienceSetting | The Windows Autopilot Deployment Profile settings used by the device for the out-of-box experience. Supports: $select, $top, $skip. $Search, $orderBy and $filter are not supported. Inherited from windowsAutopilotDeploymentProfile |
| enrollmentStatusScreenSettings | windowsEnrollmentStatusScreenSettings | Enrollment status screen setting Inherited from windowsAutopilotDeploymentProfile |
| extractHardwareHash | Boolean | Indicates whether the profile supports the extraction of hardware hash values and registration of the device into Windows Autopilot. When TRUE, indicates if hardware extraction and Windows Autopilot registration will happen on the next successful check-in. When FALSE, hardware hash extraction and Windows Autopilot registration will not happen. Default value is FALSE. Supports: $select, $top, $skip. $Search, $orderBy and $filter are not supported. Read-Only. Starting from May 2024 this property will no longer be supported and will be marked as deprecated. Use hardwareHashExtractionEnabled instead. Inherited from windowsAutopilotDeploymentProfile |
| hardwareHashExtractionEnabled | Boolean | Indicates whether the profile supports the extraction of hardware hash values and registration of the device into Windows Autopilot. When TRUE, indicates if hardware extraction and Windows Autopilot registration will happen on the next successful check-in. When FALSE, hardware hash extraction and Windows Autopilot registration will not happen. Default value is FALSE. Supports: $select, $top, $skip. $Search, $orderBy and $filter are not supported. Inherited from windowsAutopilotDeploymentProfile |
| deviceNameTemplate | String | The template used to name the Autopilot device. This can be a custom text and can also contain either the serial number of the device, or a randomly generated number. The total length of the text generated by the template can be no more than 15 characters. Supports: $select, $top, $skip. $Search, $orderBy and $filter are not supported. Inherited from windowsAutopilotDeploymentProfile |
| deviceType | windowsAutopilotDeviceType | The Windows device type that this profile is applicable to. Possible values include windowsPc, holoLens, and virtualMachine. The default is windowsPc. Supports: $select, $top, $skip. $Search, $orderBy and $filter are not supported. Inherited from windowsAutopilotDeploymentProfile. Possible values are: windowsPc, holoLens, surfaceHub2, surfaceHub2S, virtualMachine, unknownFutureValue. |
| enableWhiteGlove | Boolean | Indicates whether the user is allowed to use Windows Autopilot for pre-provisioned deployment mode during Out of Box experience (OOBE). When TRUE, indicates that Windows Autopilot for pre-provisioned deployment mode is allowed. When false, Windows Autopilot for pre-provisioned deployment mode is not allowed. The default is FALSE. Read-Only. Starting from May 2024 this property will no longer be supported and will be marked as deprecated. Use preprovisioningAllowed instead. Inherited from windowsAutopilotDeploymentProfile |
| preprovisioningAllowed | Boolean | Indicates whether the user is allowed to use Windows Autopilot for pre-provisioned deployment mode during Out of Box experience (OOBE). When TRUE, indicates that Windows Autopilot for pre-provisioned deployment mode for OOBE is allowed to be used. When false, Windows Autopilot for pre-provisioned deployment mode for OOBE is not allowed. The default is FALSE. Inherited from windowsAutopilotDeploymentProfile |
| roleScopeTagIds | String collection | List of role scope tags for the deployment profile. Inherited from windowsAutopilotDeploymentProfile |
| managementServiceAppId | String | The Entra management service App ID which gets used during client device-based enrollment discovery. Supports: $select, $top, $skip. $Search, $orderBy and $filter are not supported. Inherited from windowsAutopilotDeploymentProfile |
| hybridAzureADJoinSkipConnectivityCheck | Boolean | The Autopilot Hybrid Azure AD join flow will continue even if it does not establish domain controller connectivity during OOBE. |
Graph reference: appleEnrollmentProfileAssignment
| Property | Type | Description |
|---|---|---|
| id | String | The key of the assignment. |
| target | deviceAndAppManagementAssignmentTarget | The assignment target for the Apple user initiated deployment profile. |
Graph reference: appleUserInitiatedEnrollmentProfile
| Property | Type | Description |
|---|---|---|
| defaultEnrollmentType | appleUserInitiatedEnrollmentType | The default profile enrollment type. Possible values are: unknown, device, user, accountDrivenUserEnrollment, webDeviceEnrollment, unknownFutureValue. |
| availableEnrollmentTypeOptions | appleOwnerTypeEnrollmentType collection | List of available enrollment type options |
| id | String | The GUID for the object |
| displayName | String | Name of the profile |
| description | String | Description of the profile |
| priority | Int32 | Priority, 0 is highest |
| platform | devicePlatformType | The platform of the Device. Possible values are: android, androidForWork, iOS, macOS, windowsPhone81, windows81AndLater, windows10AndLater, androidWorkProfile, unknown, androidAOSP, androidMobileApplicationManagement, iOSMobileApplicationManagement, unknownFutureValue, windowsMobileApplicationManagement. |
| createdDateTime | DateTimeOffset | Profile creation time |
| lastModifiedDateTime | DateTimeOffset | Profile last modified time |
Graph reference: azureADWindowsAutopilotDeploymentProfile
| Property | Type | Description |
|---|---|---|
| id | String | Profile Key Inherited from windowsAutopilotDeploymentProfile |
| displayName | String | The display name of the deployment profile. Max allowed length is 200 chars. Returned by default. Supports: $select, $top, $skip, $orderby. $Search and $filter are not supported. Inherited from windowsAutopilotDeploymentProfile |
| description | String | A description of the deployment profile. Max allowed length is 1500 chars. Supports: $select, $top, $skip, $orderBy. $Search and $filter are not supported. Inherited from windowsAutopilotDeploymentProfile |
| language | String | The language code to be used when configuring the device. E.g. en-US. The default value is os-default. Supports: $select, $top, $skip. $Search, $orderBy and $filter are not supported. Read-Only. Starting from May 2024 this property will no longer be supported and will be marked as deprecated. Use locale instead. Inherited from windowsAutopilotDeploymentProfile |
| locale | String | The locale (language) to be used when configuring the device. E.g. en-US. The default value is os-default. Supports: $select, $top, $skip. $Search, $orderBy and $filter are not supported. Inherited from windowsAutopilotDeploymentProfile |
| createdDateTime | DateTimeOffset | The date and time of when the deployment profile was created. The value cannot be modified and is automatically populated when the profile was created. The timestamp type represents date and time information using ISO 8601 format and is always in UTC time. For example, midnight UTC on Jan 1, 2014 would look like this: '2014-01-01T00:00:00Z'. Supports: $select, $top, $skip. $Search, $orderBy and $filter are not supported. Read-Only. Inherited from windowsAutopilotDeploymentProfile |
| lastModifiedDateTime | DateTimeOffset | The date and time of when the deployment profile was last modified. The value cannot be updated manually and is automatically populated when any changes are made to the profile. The Timestamp type represents date and time information using ISO 8601 format and is always in UTC time. For example, midnight UTC on Jan 1, 2014 would look like this: '2014-01-01T00:00:00Z'. Supports: $select, $top, $skip. $Search, $orderBy and $filter are not supported Read-Only. Inherited from windowsAutopilotDeploymentProfile |
| outOfBoxExperienceSettings | outOfBoxExperienceSettings | The Windows Autopilot Deployment Profile settings used by the Autopilot device for out-of-box experience. Supports: $select, $top, $skip. $Search, $orderBy and $filter are not supported. Read-Only. Starting from May 2024 this property will no longer be supported and will be marked as deprecated. Use outOfBoxExperienceSetting instead. Inherited from windowsAutopilotDeploymentProfile |
| outOfBoxExperienceSetting | outOfBoxExperienceSetting | The Windows Autopilot Deployment Profile settings used by the device for the out-of-box experience. Supports: $select, $top, $skip. $Search, $orderBy and $filter are not supported. Inherited from windowsAutopilotDeploymentProfile |
| enrollmentStatusScreenSettings | windowsEnrollmentStatusScreenSettings | Enrollment status screen setting Inherited from windowsAutopilotDeploymentProfile |
| extractHardwareHash | Boolean | Indicates whether the profile supports the extraction of hardware hash values and registration of the device into Windows Autopilot. When TRUE, indicates if hardware extraction and Windows Autopilot registration will happen on the next successful check-in. When FALSE, hardware hash extraction and Windows Autopilot registration will not happen. Default value is FALSE. Supports: $select, $top, $skip. $Search, $orderBy and $filter are not supported. Read-Only. Starting from May 2024 this property will no longer be supported and will be marked as deprecated. Use hardwareHashExtractionEnabled instead. Inherited from windowsAutopilotDeploymentProfile |
| hardwareHashExtractionEnabled | Boolean | Indicates whether the profile supports the extraction of hardware hash values and registration of the device into Windows Autopilot. When TRUE, indicates if hardware extraction and Windows Autopilot registration will happen on the next successful check-in. When FALSE, hardware hash extraction and Windows Autopilot registration will not happen. Default value is FALSE. Supports: $select, $top, $skip. $Search, $orderBy and $filter are not supported. Inherited from windowsAutopilotDeploymentProfile |
| deviceNameTemplate | String | The template used to name the Autopilot device. This can be a custom text and can also contain either the serial number of the device, or a randomly generated number. The total length of the text generated by the template can be no more than 15 characters. Supports: $select, $top, $skip. $Search, $orderBy and $filter are not supported. Inherited from windowsAutopilotDeploymentProfile |
| deviceType | windowsAutopilotDeviceType | The Windows device type that this profile is applicable to. Possible values include windowsPc, holoLens, and virtualMachine. The default is windowsPc. Supports: $select, $top, $skip. $Search, $orderBy and $filter are not supported. Inherited from windowsAutopilotDeploymentProfile. Possible values are: windowsPc, holoLens, surfaceHub2, surfaceHub2S, virtualMachine, unknownFutureValue. |
| enableWhiteGlove | Boolean | Indicates whether the user is allowed to use Windows Autopilot for pre-provisioned deployment mode during Out of Box experience (OOBE). When TRUE, indicates that Windows Autopilot for pre-provisioned deployment mode is allowed. When false, Windows Autopilot for pre-provisioned deployment mode is not allowed. The default is FALSE. Read-Only. Starting from May 2024 this property will no longer be supported and will be marked as deprecated. Use preprovisioningAllowed instead. Inherited from windowsAutopilotDeploymentProfile |
| preprovisioningAllowed | Boolean | Indicates whether the user is allowed to use Windows Autopilot for pre-provisioned deployment mode during Out of Box experience (OOBE). When TRUE, indicates that Windows Autopilot for pre-provisioned deployment mode for OOBE is allowed to be used. When false, Windows Autopilot for pre-provisioned deployment mode for OOBE is not allowed. The default is FALSE. Inherited from windowsAutopilotDeploymentProfile |
| roleScopeTagIds | String collection | List of role scope tags for the deployment profile. Inherited from windowsAutopilotDeploymentProfile |
| managementServiceAppId | String | The Entra management service App ID which gets used during client device-based enrollment discovery. Supports: $select, $top, $skip. $Search, $orderBy and $filter are not supported. Inherited from windowsAutopilotDeploymentProfile |
Graph reference: deletedWindowsAutopilotDeviceState
| Property | Type | Description |
|---|---|---|
| serialNumber | String | Autopilot Device Serial Number |
| deviceRegistrationId | String | ZTD Device Registration ID . |
| deletionState | windowsAutopilotDeviceDeletionState | Device deletion state. Possible values are: unknown, failed, accepted, error. |
| errorMessage | String | Device deletion error message. |
Graph reference: depEnrollmentBaseProfile
| Property | Type | Description |
|---|---|---|
| id | String | The GUID for the object Inherited from enrollmentProfile |
| displayName | String | Name of the profile Inherited from enrollmentProfile |
| description | String | Description of the profile Inherited from enrollmentProfile |
| requiresUserAuthentication | Boolean | Indicates if the profile requires user authentication Inherited from enrollmentProfile |
| configurationEndpointUrl | String | Configuration endpoint url to use for Enrollment Inherited from enrollmentProfile |
| enableAuthenticationViaCompanyPortal | Boolean | Indicates to authenticate with Apple Setup Assistant instead of Company Portal. Inherited from enrollmentProfile |
| requireCompanyPortalOnSetupAssistantEnrolledDevices | Boolean | Indicates that Company Portal is required on setup assistant enrolled devices Inherited from enrollmentProfile |
| isDefault | Boolean | Indicates if this is the default profile |
| supervisedModeEnabled | Boolean | Supervised mode, True to enable, false otherwise. See https://learn.microsoft.com/intune/deploy-use/enroll-devices-in-microsoft-intune for additional information. |
| supportDepartment | String | Support department information |
| isMandatory | Boolean | Indicates if the profile is mandatory |
| locationDisabled | Boolean | Indicates if Location service setup pane is disabled |
| supportPhoneNumber | String | Support phone number |
| profileRemovalDisabled | Boolean | Indicates if the profile removal option is disabled |
| restoreBlocked | Boolean | Indicates if Restore setup pane is blocked |
| appleIdDisabled | Boolean | Indicates if Apple id setup pane is disabled |
| termsAndConditionsDisabled | Boolean | Indicates if 'Terms and Conditions' setup pane is disabled |
| touchIdDisabled | Boolean | Indicates if touch id setup pane is disabled |
| applePayDisabled | Boolean | Indicates if Apple pay setup pane is disabled |
| siriDisabled | Boolean | Indicates if siri setup pane is disabled |
| diagnosticsDisabled | Boolean | Indicates if diagnostics setup pane is disabled |
| displayToneSetupDisabled | Boolean | Indicates if displaytone setup screen is disabled |
| privacyPaneDisabled | Boolean | Indicates if privacy screen is disabled |
| screenTimeScreenDisabled | Boolean | Indicates if screen timeout setup is disabled |
| deviceNameTemplate | String | Sets a literal or name pattern. |
| configurationWebUrl | Boolean | URL for setup assistant login |
| enabledSkipKeys | String collection | enabledSkipKeys contains all the enabled skip keys as strings |
| enrollmentTimeAzureAdGroupIds | Guid collection | EnrollmentTimeAzureAdGroupIds contains list of enrollment time Azure Group Ids to be associated with profile |
| waitForDeviceConfiguredConfirmation | Boolean | Indicates if the device will need to wait for configured confirmation |
Graph reference: depEnrollmentProfile
| Property | Type | Description |
|---|---|---|
| id | String | The GUID for the object Inherited from enrollmentProfile |
| displayName | String | Name of the profile Inherited from enrollmentProfile |
| description | String | Description of the profile Inherited from enrollmentProfile |
| requiresUserAuthentication | Boolean | Indicates if the profile requires user authentication Inherited from enrollmentProfile |
| configurationEndpointUrl | String | Configuration endpoint url to use for Enrollment Inherited from enrollmentProfile |
| enableAuthenticationViaCompanyPortal | Boolean | Indicates to authenticate with Apple Setup Assistant instead of Company Portal. Inherited from enrollmentProfile |
| requireCompanyPortalOnSetupAssistantEnrolledDevices | Boolean | Indicates that Company Portal is required on setup assistant enrolled devices Inherited from enrollmentProfile |
| isDefault | Boolean | Indicates if this is the default profile |
| supervisedModeEnabled | Boolean | Supervised mode, True to enable, false otherwise. See https://learn.microsoft.com/intune/deploy-use/enroll-devices-in-microsoft-intune for additional information. |
| supportDepartment | String | Support department information |
| passCodeDisabled | Boolean | Indicates if Passcode setup pane is disabled |
| isMandatory | Boolean | Indicates if the profile is mandatory |
| locationDisabled | Boolean | Indicates if Location service setup pane is disabled |
| supportPhoneNumber | String | Support phone number |
| iTunesPairingMode | iTunesPairingMode | Indicates the iTunes pairing mode. Possible values are: disallow, allow, requiresCertificate. |
| profileRemovalDisabled | Boolean | Indicates if the profile removal option is disabled |
| managementCertificates | managementCertificateWithThumbprint collection | Management certificates for Apple Configurator |
| restoreBlocked | Boolean | Indicates if Restore setup pane is blocked |
| restoreFromAndroidDisabled | Boolean | Indicates if Restore from Android is disabled |
| appleIdDisabled | Boolean | Indicates if Apple id setup pane is disabled |
| termsAndConditionsDisabled | Boolean | Indicates if 'Terms and Conditions' setup pane is disabled |
| touchIdDisabled | Boolean | Indicates if touch id setup pane is disabled |
| applePayDisabled | Boolean | Indicates if Apple pay setup pane is disabled |
| zoomDisabled | Boolean | Indicates if zoom setup pane is disabled |
| siriDisabled | Boolean | Indicates if siri setup pane is disabled |
| diagnosticsDisabled | Boolean | Indicates if diagnostics setup pane is disabled |
| macOSRegistrationDisabled | Boolean | Indicates if Mac OS registration is disabled |
| macOSFileVaultDisabled | Boolean | Indicates if Mac OS file vault is disabled |
| awaitDeviceConfiguredConfirmation | Boolean | Indicates if the device will need to wait for configured confirmation |
| sharedIPadMaximumUserCount | Int32 | This specifies the maximum number of users that can use a shared iPad. Only applicable in shared iPad mode. |
| enableSharedIPad | Boolean | This indicates whether the device is to be enrolled in a mode which enables multi user scenarios. Only applicable in shared iPads. |
Graph reference: depIOSEnrollmentProfile
| Property | Type | Description |
|---|---|---|
| id | String | The GUID for the object Inherited from enrollmentProfile |
| displayName | String | Name of the profile Inherited from enrollmentProfile |
| description | String | Description of the profile Inherited from enrollmentProfile |
| requiresUserAuthentication | Boolean | Indicates if the profile requires user authentication Inherited from enrollmentProfile |
| configurationEndpointUrl | String | Configuration endpoint url to use for Enrollment Inherited from enrollmentProfile |
| enableAuthenticationViaCompanyPortal | Boolean | Indicates to authenticate with Apple Setup Assistant instead of Company Portal. Inherited from enrollmentProfile |
| requireCompanyPortalOnSetupAssistantEnrolledDevices | Boolean | Indicates that Company Portal is required on setup assistant enrolled devices Inherited from enrollmentProfile |
| isDefault | Boolean | Indicates if this is the default profile Inherited from depEnrollmentBaseProfile |
| supervisedModeEnabled | Boolean | Supervised mode, True to enable, false otherwise. See https://learn.microsoft.com/intune/deploy-use/enroll-devices-in-microsoft-intune for additional information. Inherited from depEnrollmentBaseProfile |
| supportDepartment | String | Support department information Inherited from depEnrollmentBaseProfile |
| isMandatory | Boolean | Indicates if the profile is mandatory Inherited from depEnrollmentBaseProfile |
| locationDisabled | Boolean | Indicates if Location service setup pane is disabled Inherited from depEnrollmentBaseProfile |
| supportPhoneNumber | String | Support phone number Inherited from depEnrollmentBaseProfile |
| profileRemovalDisabled | Boolean | Indicates if the profile removal option is disabled Inherited from depEnrollmentBaseProfile |
| restoreBlocked | Boolean | Indicates if Restore setup pane is blocked Inherited from depEnrollmentBaseProfile |
| appleIdDisabled | Boolean | Indicates if Apple id setup pane is disabled Inherited from depEnrollmentBaseProfile |
| termsAndConditionsDisabled | Boolean | Indicates if 'Terms and Conditions' setup pane is disabled Inherited from depEnrollmentBaseProfile |
| touchIdDisabled | Boolean | Indicates if touch id setup pane is disabled Inherited from depEnrollmentBaseProfile |
| applePayDisabled | Boolean | Indicates if Apple pay setup pane is disabled Inherited from depEnrollmentBaseProfile |
| siriDisabled | Boolean | Indicates if siri setup pane is disabled Inherited from depEnrollmentBaseProfile |
| diagnosticsDisabled | Boolean | Indicates if diagnostics setup pane is disabled Inherited from depEnrollmentBaseProfile |
| displayToneSetupDisabled | Boolean | Indicates if displaytone setup screen is disabled Inherited from depEnrollmentBaseProfile |
| privacyPaneDisabled | Boolean | Indicates if privacy screen is disabled Inherited from depEnrollmentBaseProfile |
| screenTimeScreenDisabled | Boolean | Indicates if screen timeout setup is disabled Inherited from depEnrollmentBaseProfile |
| deviceNameTemplate | String | Sets a literal or name pattern. Inherited from depEnrollmentBaseProfile |
| configurationWebUrl | Boolean | URL for setup assistant login Inherited from depEnrollmentBaseProfile |
| enabledSkipKeys | String collection | enabledSkipKeys contains all the enabled skip keys as strings Inherited from depEnrollmentBaseProfile |
| enrollmentTimeAzureAdGroupIds | Guid collection | EnrollmentTimeAzureAdGroupIds contains list of enrollment time Azure Group Ids to be associated with profile Inherited from depEnrollmentBaseProfile |
| waitForDeviceConfiguredConfirmation | Boolean | Indicates if the device will need to wait for configured confirmation Inherited from depEnrollmentBaseProfile |
| iTunesPairingMode | iTunesPairingMode | Indicates the iTunes pairing mode. Possible values are: disallow, allow, requiresCertificate. |
| managementCertificates | managementCertificateWithThumbprint collection | Management certificates for Apple Configurator |
| restoreFromAndroidDisabled | Boolean | Indicates if Restore from Android is disabled |
| awaitDeviceConfiguredConfirmation | Boolean | Indicates if the device will need to wait for configured confirmation |
| sharedIPadMaximumUserCount | Int32 | This specifies the maximum number of users that can use a shared iPad. Only applicable in shared iPad mode. |
| enableSharedIPad | Boolean | This indicates whether the device is to be enrolled in a mode which enables multi user scenarios. Only applicable in shared iPads. |
| companyPortalVppTokenId | String | If set, indicates which Vpp token should be used to deploy the Company Portal w/ device licensing. 'enableAuthenticationViaCompanyPortal' must be set in order for this property to be set. |
| enableSingleAppEnrollmentMode | Boolean | Tells the device to enable single app mode and apply app-lock during enrollment. Default is false. 'enableAuthenticationViaCompanyPortal' and 'companyPortalVppTokenId' must be set for this property to be set. |
| homeButtonScreenDisabled | Boolean | Indicates if home button sensitivity screen is disabled |
| iMessageAndFaceTimeScreenDisabled | Boolean | Indicates if iMessage and FaceTime screen is disabled |
| onBoardingScreenDisabled | Boolean | Indicates if onboarding setup screen is disabled |
| simSetupScreenDisabled | Boolean | Indicates if the SIMSetup screen is disabled |
| softwareUpdateScreenDisabled | Boolean | Indicates if the mandatory sofware update screen is disabled |
| watchMigrationScreenDisabled | Boolean | Indicates if the watch migration screen is disabled |
| appearanceScreenDisabled | Boolean | Indicates if Apperance screen is disabled |
| expressLanguageScreenDisabled | Boolean | Indicates if Express Language screen is disabled |
| preferredLanguageScreenDisabled | Boolean | Indicates if Preferred language screen is disabled |
| deviceToDeviceMigrationDisabled | Boolean | Indicates if Device To Device Migration is disabled |
| welcomeScreenDisabled | Boolean | Indicates if Weclome screen is disabled |
| passCodeDisabled | Boolean | Indicates if Passcode setup pane is disabled |
| zoomDisabled | Boolean | Indicates if zoom setup pane is disabled |
| restoreCompletedScreenDisabled | Boolean | Indicates if Weclome screen is disabled |
| updateCompleteScreenDisabled | Boolean | Indicates if Weclome screen is disabled |
| forceTemporarySession | Boolean | Indicates if temporary sessions is enabled |
| temporarySessionTimeoutInSeconds | Int32 | Indicates timeout of temporary session |
| userSessionTimeoutInSeconds | Int32 | Indicates timeout of temporary session |
| passcodeLockGracePeriodInSeconds | Int32 | Indicates timeout before locked screen requires the user to enter the device passocde to unlock it |
| carrierActivationUrl | String | Carrier URL for activating device eSIM. |
| userlessSharedAadModeEnabled | Boolean | Indicates that this apple device is designated to support 'shared device mode' scenarios. This is distinct from the 'shared iPad' scenario. See https://learn.microsoft.com/mem/intune/enrollment/device-enrollment-shared-ios| |
Graph reference: depMacOSEnrollmentProfile
| Property | Type | Description |
|---|---|---|
| id | String | The GUID for the object Inherited from enrollmentProfile |
| displayName | String | Name of the profile Inherited from enrollmentProfile |
| description | String | Description of the profile Inherited from enrollmentProfile |
| requiresUserAuthentication | Boolean | Indicates if the profile requires user authentication Inherited from enrollmentProfile |
| configurationEndpointUrl | String | Configuration endpoint url to use for Enrollment Inherited from enrollmentProfile |
| enableAuthenticationViaCompanyPortal | Boolean | Indicates to authenticate with Apple Setup Assistant instead of Company Portal. Inherited from enrollmentProfile |
| requireCompanyPortalOnSetupAssistantEnrolledDevices | Boolean | Indicates that Company Portal is required on setup assistant enrolled devices Inherited from enrollmentProfile |
| isDefault | Boolean | Indicates if this is the default profile Inherited from depEnrollmentBaseProfile |
| supervisedModeEnabled | Boolean | Supervised mode, True to enable, false otherwise. See https://learn.microsoft.com/intune/deploy-use/enroll-devices-in-microsoft-intune for additional information. Inherited from depEnrollmentBaseProfile |
| supportDepartment | String | Support department information Inherited from depEnrollmentBaseProfile |
| isMandatory | Boolean | Indicates if the profile is mandatory Inherited from depEnrollmentBaseProfile |
| locationDisabled | Boolean | Indicates if Location service setup pane is disabled Inherited from depEnrollmentBaseProfile |
| supportPhoneNumber | String | Support phone number Inherited from depEnrollmentBaseProfile |
| profileRemovalDisabled | Boolean | Indicates if the profile removal option is disabled Inherited from depEnrollmentBaseProfile |
| restoreBlocked | Boolean | Indicates if Restore setup pane is blocked Inherited from depEnrollmentBaseProfile |
| appleIdDisabled | Boolean | Indicates if Apple id setup pane is disabled Inherited from depEnrollmentBaseProfile |
| termsAndConditionsDisabled | Boolean | Indicates if 'Terms and Conditions' setup pane is disabled Inherited from depEnrollmentBaseProfile |
| touchIdDisabled | Boolean | Indicates if touch id setup pane is disabled Inherited from depEnrollmentBaseProfile |
| applePayDisabled | Boolean | Indicates if Apple pay setup pane is disabled Inherited from depEnrollmentBaseProfile |
| siriDisabled | Boolean | Indicates if siri setup pane is disabled Inherited from depEnrollmentBaseProfile |
| diagnosticsDisabled | Boolean | Indicates if diagnostics setup pane is disabled Inherited from depEnrollmentBaseProfile |
| displayToneSetupDisabled | Boolean | Indicates if displaytone setup screen is disabled Inherited from depEnrollmentBaseProfile |
| privacyPaneDisabled | Boolean | Indicates if privacy screen is disabled Inherited from depEnrollmentBaseProfile |
| screenTimeScreenDisabled | Boolean | Indicates if screen timeout setup is disabled Inherited from depEnrollmentBaseProfile |
| deviceNameTemplate | String | Sets a literal or name pattern. Inherited from depEnrollmentBaseProfile |
| configurationWebUrl | Boolean | URL for setup assistant login Inherited from depEnrollmentBaseProfile |
| enabledSkipKeys | String collection | enabledSkipKeys contains all the enabled skip keys as strings Inherited from depEnrollmentBaseProfile |
| enrollmentTimeAzureAdGroupIds | Guid collection | EnrollmentTimeAzureAdGroupIds contains list of enrollment time Azure Group Ids to be associated with profile Inherited from depEnrollmentBaseProfile |
| waitForDeviceConfiguredConfirmation | Boolean | Indicates if the device will need to wait for configured confirmation Inherited from depEnrollmentBaseProfile |
| registrationDisabled | Boolean | Indicates if registration is disabled |
| fileVaultDisabled | Boolean | Indicates if file vault is disabled |
| iCloudDiagnosticsDisabled | Boolean | Indicates if iCloud Analytics screen is disabled |
| passCodeDisabled | Boolean | Indicates if Passcode setup pane is disabled |
| zoomDisabled | Boolean | Indicates if zoom setup pane is disabled |
| iCloudStorageDisabled | Boolean | Indicates if iCloud Documents and Desktop screen is disabled |
| chooseYourLockScreenDisabled | Boolean | Indicates if iCloud Documents and Desktop screen is disabled |
| accessibilityScreenDisabled | Boolean | Indicates if Accessibility screen is disabled |
| autoUnlockWithWatchDisabled | Boolean | Indicates if UnlockWithWatch screen is disabled |
| skipPrimarySetupAccountCreation | Boolean | Indicates whether Setup Assistant will skip the user interface for primary account setup |
| setPrimarySetupAccountAsRegularUser | Boolean | Indicates whether Setup Assistant will set the account as a regular user |
| dontAutoPopulatePrimaryAccountInfo | Boolean | Indicates whether Setup Assistant will auto populate the primary account information |
| primaryAccountFullName | String | Indicates what the full name for the primary account is |
| primaryAccountUserName | String | Indicates what the account name for the primary account is |
| enableRestrictEditing | Boolean | Indicates whether the user will enable blockediting |
| adminAccountUserName | String | Indicates what the user name for the admin account is |
| adminAccountFullName | String | Indicates what the full name for the admin account is |
| adminAccountPassword | String | Indicates what the password for the admin account is |
| hideAdminAccount | Boolean | Indicates whether the admin account should be hidded or not |
| requestRequiresNetworkTether | Boolean | Indicates if the device is network-tethered to run the command |
| autoAdvanceSetupEnabled | Boolean | Indicates if Setup Assistant will automatically advance through its screen |
Graph reference: depOnboardingSetting
| Property | Type | Description |
|---|---|---|
| id | String | UUID for the object |
| appleIdentifier | String | The Apple ID used to obtain the current token. |
| tokenExpirationDateTime | DateTimeOffset | When the token will expire. |
| lastModifiedDateTime | DateTimeOffset | When the service was onboarded. |
| lastSuccessfulSyncDateTime | DateTimeOffset | When the service last syned with Intune |
| lastSyncTriggeredDateTime | DateTimeOffset | When Intune last requested a sync. |
| shareTokenWithSchoolDataSyncService | Boolean | Whether or not the Dep token sharing is enabled with the School Data Sync service. |
| lastSyncErrorCode | Int32 | Error code reported by Apple during last dep sync. |
| tokenType | depTokenType | Gets or sets the Dep Token Type. Possible values are: none, dep, appleSchoolManager. |
| tokenName | String | Friendly Name for Dep Token |
| syncedDeviceCount | Int32 | Gets synced device count |
| dataSharingConsentGranted | Boolean | Consent granted for data sharing with Apple Dep Service |
| roleScopeTagIds | String collection | List of Scope Tags for this Entity instance. |
Graph reference: depTvOSEnrollmentProfile
| Property | Type | Description |
|---|---|---|
| id | String | The GUID for the object Inherited from enrollmentProfile |
| displayName | String | Name of the profile Inherited from enrollmentProfile |
| description | String | Description of the profile Inherited from enrollmentProfile |
| requiresUserAuthentication | Boolean | Indicates if the profile requires user authentication Inherited from enrollmentProfile |
| configurationEndpointUrl | String | Configuration endpoint url to use for Enrollment Inherited from enrollmentProfile |
| enableAuthenticationViaCompanyPortal | Boolean | Indicates to authenticate with Apple Setup Assistant instead of Company Portal. Inherited from enrollmentProfile |
| requireCompanyPortalOnSetupAssistantEnrolledDevices | Boolean | Indicates that Company Portal is required on setup assistant enrolled devices Inherited from enrollmentProfile |
Graph reference: depVisionOSEnrollmentProfile
| Property | Type | Description |
|---|---|---|
| id | String | The GUID for the object Inherited from enrollmentProfile |
| displayName | String | Name of the profile Inherited from enrollmentProfile |
| description | String | Description of the profile Inherited from enrollmentProfile |
| requiresUserAuthentication | Boolean | Indicates if the profile requires user authentication Inherited from enrollmentProfile |
| configurationEndpointUrl | String | Configuration endpoint url to use for Enrollment Inherited from enrollmentProfile |
| enableAuthenticationViaCompanyPortal | Boolean | Indicates to authenticate with Apple Setup Assistant instead of Company Portal. Inherited from enrollmentProfile |
| requireCompanyPortalOnSetupAssistantEnrolledDevices | Boolean | Indicates that Company Portal is required on setup assistant enrolled devices Inherited from enrollmentProfile |
Graph reference: deviceManagement
| Property | Type | Description |
|---|---|---|
| id | String | The GUID for the object. |
Graph reference: enrollmentProfile
| Property | Type | Description |
|---|---|---|
| id | String | The GUID for the object |
| displayName | String | Name of the profile |
| description | String | Description of the profile |
| requiresUserAuthentication | Boolean | Indicates if the profile requires user authentication |
| configurationEndpointUrl | String | Configuration endpoint url to use for Enrollment |
| enableAuthenticationViaCompanyPortal | Boolean | Indicates to authenticate with Apple Setup Assistant instead of Company Portal. |
| requireCompanyPortalOnSetupAssistantEnrolledDevices | Boolean | Indicates that Company Portal is required on setup assistant enrolled devices |
Graph reference: importedAppleDeviceIdentity
| Property | Type | Description |
|---|---|---|
| id | String | Key of the entity. |
| serialNumber | String | Device serial number |
| requestedEnrollmentProfileId | String | Enrollment profile Id admin intends to apply to the device during next enrollment |
| requestedEnrollmentProfileAssignmentDateTime | DateTimeOffset | The time enrollment profile was assigned to the device |
| isSupervised | Boolean | Indicates if the Apple device is supervised. |
| discoverySource | discoverySource | Apple device discovery source. Possible values are: unknown, adminImport, deviceEnrollmentProgram. |
| isDeleted | Boolean | Indicates if the device is deleted from Apple Business Manager |
| createdDateTime | DateTimeOffset | Created Date Time of the device |
| lastContactedDateTime | DateTimeOffset | Last Contacted Date Time of the device |
| description | String | The description of the device |
| enrollmentState | enrollmentState | The state of the device in Intune. Possible values are: unknown, enrolled, pendingReset, failed, notContacted, blocked. |
| platform | platform | The platform of the Device. Possible values are: unknown, ios, android, windows, windowsMobile, macOS, visionOS, tvos, unknownFutureValue. |
Graph reference: importedAppleDeviceIdentityResult
| Property | Type | Description |
|---|---|---|
| id | String | Key of the entity. Inherited from importedAppleDeviceIdentity |
| serialNumber | String | Device serial number Inherited from importedAppleDeviceIdentity |
| requestedEnrollmentProfileId | String | Enrollment profile Id admin intends to apply to the device during next enrollment Inherited from importedAppleDeviceIdentity |
| requestedEnrollmentProfileAssignmentDateTime | DateTimeOffset | The time enrollment profile was assigned to the device Inherited from importedAppleDeviceIdentity |
| isSupervised | Boolean | Indicates if the Apple device is supervised. Inherited from importedAppleDeviceIdentity |
| discoverySource | discoverySource | Apple device discovery source. Inherited from importedAppleDeviceIdentity. Possible values are: unknown, adminImport, deviceEnrollmentProgram. |
| isDeleted | Boolean | Indicates if the device is deleted from Apple Business Manager Inherited from importedAppleDeviceIdentity |
| createdDateTime | DateTimeOffset | Created Date Time of the device Inherited from importedAppleDeviceIdentity |
| lastContactedDateTime | DateTimeOffset | Last Contacted Date Time of the device Inherited from importedAppleDeviceIdentity |
| description | String | The description of the device Inherited from importedAppleDeviceIdentity |
| enrollmentState | enrollmentState | The state of the device in Intune Inherited from importedAppleDeviceIdentity. Possible values are: unknown, enrolled, pendingReset, failed, notContacted, blocked. |
| platform | platform | The platform of the Device. Inherited from importedAppleDeviceIdentity. Possible values are: unknown, ios, android, windows, windowsMobile, macOS, visionOS, tvos, unknownFutureValue. |
| status | Boolean | Status of imported device identity |
Graph reference: importedDeviceIdentity
| Property | Type | Description |
|---|---|---|
| id | String | Id of the imported device identity |
| importedDeviceIdentifier | String | Imported Device Identifier |
| importedDeviceIdentityType | importedDeviceIdentityType | Type of Imported Device Identity. Possible values are: unknown, imei, serialNumber, manufacturerModelSerial. |
| lastModifiedDateTime | DateTimeOffset | Last Modified DateTime of the description |
| createdDateTime | DateTimeOffset | Created Date Time of the device |
| lastContactedDateTime | DateTimeOffset | Last Contacted Date Time of the device |
| description | String | The description of the device |
| enrollmentState | enrollmentState | The state of the device in Intune. Possible values are: unknown, enrolled, pendingReset, failed, notContacted, blocked. |
| platform | platform | The platform of the Device. Possible values are: unknown, ios, android, windows, windowsMobile, macOS, visionOS, tvos, unknownFutureValue. |
Graph reference: importedDeviceIdentityResult
| Property | Type | Description |
|---|---|---|
| id | String | Id of the imported device identity Inherited from importedDeviceIdentity |
| importedDeviceIdentifier | String | Imported Device Identifier Inherited from importedDeviceIdentity |
| importedDeviceIdentityType | importedDeviceIdentityType | Type of Imported Device Identity Inherited from importedDeviceIdentity. Possible values are: unknown, imei, serialNumber, manufacturerModelSerial. |
| lastModifiedDateTime | DateTimeOffset | Last Modified DateTime of the description Inherited from importedDeviceIdentity |
| createdDateTime | DateTimeOffset | Created Date Time of the device Inherited from importedDeviceIdentity |
| lastContactedDateTime | DateTimeOffset | Last Contacted Date Time of the device Inherited from importedDeviceIdentity |
| description | String | The description of the device Inherited from importedDeviceIdentity |
| enrollmentState | enrollmentState | The state of the device in Intune Inherited from importedDeviceIdentity. Possible values are: unknown, enrolled, pendingReset, failed, notContacted, blocked. |
| platform | platform | The platform of the Device. Inherited from importedDeviceIdentity. Possible values are: unknown, ios, android, windows, windowsMobile, macOS, visionOS, tvos, unknownFutureValue. |
| status | Boolean | Status of imported device identity |
Graph reference: importedWindowsAutopilotDeviceIdentity
| Property | Type | Description |
|---|---|---|
| id | String | The GUID for the object |
| groupTag | String | Group Tag of the Windows autopilot device. |
| serialNumber | String | Serial number of the Windows autopilot device. |
| productKey | String | Product Key of the Windows autopilot device. |
| importId | String | The Import Id of the Windows autopilot device. |
| hardwareIdentifier | Binary | Hardware Blob of the Windows autopilot device. |
| state | importedWindowsAutopilotDeviceIdentityState | Current state of the imported device. |
| assignedUserPrincipalName | String | UPN of the user the device will be assigned |
Graph reference: suggestedEnrollmentLimit
| Property | Type | Description |
|---|---|---|
| suggestedDailyLimit | Int32 | The suggested enrollment limit within a day |
Graph reference: windowsAutopilotDeploymentProfile
| Property | Type | Description |
|---|---|---|
| id | String | Profile Key |
| displayName | String | The display name of the deployment profile. Max allowed length is 200 chars. Returned by default. Supports: $select, $top, $skip, $orderby. $Search and $filter are not supported. |
| description | String | A description of the deployment profile. Max allowed length is 1500 chars. Supports: $select, $top, $skip, $orderBy. $Search and $filter are not supported. |
| language | String | The language code to be used when configuring the device. E.g. en-US. The default value is os-default. Supports: $select, $top, $skip. $Search, $orderBy and $filter are not supported. Read-Only. Starting from May 2024 this property will no longer be supported and will be marked as deprecated. Use locale instead. |
| locale | String | The locale (language) to be used when configuring the device. E.g. en-US. The default value is os-default. Supports: $select, $top, $skip. $Search, $orderBy and $filter are not supported. |
| createdDateTime | DateTimeOffset | The date and time of when the deployment profile was created. The value cannot be modified and is automatically populated when the profile was created. The timestamp type represents date and time information using ISO 8601 format and is always in UTC time. For example, midnight UTC on Jan 1, 2014 would look like this: '2014-01-01T00:00:00Z'. Supports: $select, $top, $skip. $Search, $orderBy and $filter are not supported. Read-Only. |
| lastModifiedDateTime | DateTimeOffset | The date and time of when the deployment profile was last modified. The value cannot be updated manually and is automatically populated when any changes are made to the profile. The Timestamp type represents date and time information using ISO 8601 format and is always in UTC time. For example, midnight UTC on Jan 1, 2014 would look like this: '2014-01-01T00:00:00Z'. Supports: $select, $top, $skip. $Search, $orderBy and $filter are not supported Read-Only. |
| outOfBoxExperienceSettings | outOfBoxExperienceSettings | The Windows Autopilot Deployment Profile settings used by the Autopilot device for out-of-box experience. Supports: $select, $top, $skip. $Search, $orderBy and $filter are not supported. Read-Only. Starting from May 2024 this property will no longer be supported and will be marked as deprecated. Use outOfBoxExperienceSetting instead. |
| outOfBoxExperienceSetting | outOfBoxExperienceSetting | The Windows Autopilot Deployment Profile settings used by the device for the out-of-box experience. Supports: $select, $top, $skip. $Search, $orderBy and $filter are not supported. |
| enrollmentStatusScreenSettings | windowsEnrollmentStatusScreenSettings | Enrollment status screen setting |
| extractHardwareHash | Boolean | Indicates whether the profile supports the extraction of hardware hash values and registration of the device into Windows Autopilot. When TRUE, indicates if hardware extraction and Windows Autopilot registration will happen on the next successful check-in. When FALSE, hardware hash extraction and Windows Autopilot registration will not happen. Default value is FALSE. Supports: $select, $top, $skip. $Search, $orderBy and $filter are not supported. Read-Only. Starting from May 2024 this property will no longer be supported and will be marked as deprecated. Use hardwareHashExtractionEnabled instead. |
| hardwareHashExtractionEnabled | Boolean | Indicates whether the profile supports the extraction of hardware hash values and registration of the device into Windows Autopilot. When TRUE, indicates if hardware extraction and Windows Autopilot registration will happen on the next successful check-in. When FALSE, hardware hash extraction and Windows Autopilot registration will not happen. Default value is FALSE. Supports: $select, $top, $skip. $Search, $orderBy and $filter are not supported. |
| deviceNameTemplate | String | The template used to name the Autopilot device. This can be a custom text and can also contain either the serial number of the device, or a randomly generated number. The total length of the text generated by the template can be no more than 15 characters. Supports: $select, $top, $skip. $Search, $orderBy and $filter are not supported. |
| deviceType | windowsAutopilotDeviceType | The Windows device type that this profile is applicable to. Possible values include windowsPc, holoLens, and virtualMachine. The default is windowsPc. Supports: $select, $top, $skip. $Search, $orderBy and $filter are not supported. Possible values are: windowsPc, holoLens, surfaceHub2, surfaceHub2S, virtualMachine, unknownFutureValue. |
| enableWhiteGlove | Boolean | Indicates whether the user is allowed to use Windows Autopilot for pre-provisioned deployment mode during Out of Box experience (OOBE). When TRUE, indicates that Windows Autopilot for pre-provisioned deployment mode is allowed. When false, Windows Autopilot for pre-provisioned deployment mode is not allowed. The default is FALSE. Read-Only. Starting from May 2024 this property will no longer be supported and will be marked as deprecated. Use preprovisioningAllowed instead. |
| preprovisioningAllowed | Boolean | Indicates whether the user is allowed to use Windows Autopilot for pre-provisioned deployment mode during Out of Box experience (OOBE). When TRUE, indicates that Windows Autopilot for pre-provisioned deployment mode for OOBE is allowed to be used. When false, Windows Autopilot for pre-provisioned deployment mode for OOBE is not allowed. The default is FALSE. |
| roleScopeTagIds | String collection | List of role scope tags for the deployment profile. |
| managementServiceAppId | String | The Entra management service App ID which gets used during client device-based enrollment discovery. Supports: $select, $top, $skip. $Search, $orderBy and $filter are not supported. |
Graph reference: windowsAutopilotDeploymentProfileAssignment
| Property | Type | Description |
|---|---|---|
| id | String | The key of the assignment. |
| target | deviceAndAppManagementAssignmentTarget | The assignment target for the Windows Autopilot deployment profile. |
| source | deviceAndAppManagementAssignmentSource | Type of resource used for deployment to a group, direct or parcel/policySet. Possible values are: direct, policySets. |
| sourceId | String | Identifier for resource used for deployment to a group |
Graph reference: windowsAutopilotDeviceIdentity
| Property | Type | Description |
|---|---|---|
| id | String | The GUID for the object |
| groupTag | String | Group Tag of the Windows autopilot device. |
| purchaseOrderIdentifier | String | Purchase Order Identifier of the Windows autopilot device. |
| serialNumber | String | Serial number of the Windows autopilot device. |
| productKey | String | Product Key of the Windows autopilot device. |
| manufacturer | String | Oem manufacturer of the Windows autopilot device. |
| model | String | Model name of the Windows autopilot device. |
| enrollmentState | enrollmentState | Intune enrollment state of the Windows autopilot device. Possible values are: unknown, enrolled, pendingReset, failed, notContacted. |
| lastContactedDateTime | DateTimeOffset | Intune Last Contacted Date Time of the Windows autopilot device. |
| addressableUserName | String | Addressable user name. |
| userPrincipalName | String | User Principal Name. |
| resourceName | String | Resource Name. |
| skuNumber | String | SKU Number |
| systemFamily | String | System Family |
| azureActiveDirectoryDeviceId | String | AAD Device ID - to be deprecated |
| managedDeviceId | String | Managed Device ID |
| displayName | String | Display Name |
Graph reference: windowsAutopilotSettings
| Property | Type | Description |
|---|---|---|
| id | String | The GUID for the object |
| lastSyncDateTime | DateTimeOffset | Last data sync date time with DDS service. |
| lastManualSyncTriggerDateTime | DateTimeOffset | Last data sync date time with DDS service. |
| syncStatus | windowsAutopilotSyncStatus | Indicates the status of sync with Device data sync (DDS) service. Possible values are: unknown, inProgress, completed, failed. |
Graph reference: windowsDomainJoinConfiguration
| Property | Type | Description |
|---|
Graph reference: privilegeManagementElevationRequest
| Property | Type | Description |
|---|---|---|
| id | String | The Unique identifier for elevation requests. This id is assigned at elevation request creation time and is auto generated.For example: 'A482366F-80DA-406F-97DB-E7AAC7DC8BEA'. Returned by default. Read-only |
| requestedByUserId | String | The Azure Active Directory (AAD) identifier of the end user who is requesting this elevation. For example: 'F1A57311-B9EB-45B7-9415-8555E68EDC9E'. Returned by default. Read-only. |
| requestedOnDeviceId | String | The Intune Device Identifier of the managed device used to initiate the elevation request. For example: '90F5F6E8-CA09-4811-97F6-4D0DD532D916'. Returned by default. Read-only. |
| requestedByUserPrincipalName | String | The User Principal Name (UPN) of the end user who requested this elevation. For example: '[email protected]'. Returned by default. Read-only. |
| deviceName | String | The device name used to initiate the elevation request. For example: 'cotonso-laptop'. Returned by default. Read-only. |
| requestCreatedDateTime | DateTimeOffset | The date and time when the elevation request was submitted/created. The value cannot be modified and is automatically populated when the elevation request is submitted/created. The Timestamp type represents date and time information using ISO 8601 format and is always in UTC time. For example, midnight UTC on Jan 1, 2014 would look like this: '2014-01-01T00:00:00Z'. Returned by default. Read-only. |
| requestLastModifiedDateTime | DateTimeOffset | The date and time when the elevation request was either submitted/created or approved/denied. The value cannot be modified and is automatically populated. The Timestamp type represents date and time information using ISO 8601 format and is always in UTC time. For example, midnight UTC on Jan 1, 2014 would look like this: '2014-01-01T00:00:00Z'. Returned by default. Read-only. |
| requestJustification | String | Justification provided by the end user for the elevation request. For example :'Need to elevate to install microsoft word'. Read-only. |
| applicationDetail | elevationRequestApplicationDetail | Details of the application which is being requested to elevate, allowing the admin to understand the identity of the application. It includes file info such as FilePath, FileHash, FilePublisher, and etc. Returned by default. Read-only. |
| status | elevationRequestState | This indicates the current state of the elevation request. Possible values are: 'none', 'pending', 'approved', 'denied' or 'expired'. Defaults to 'none'. Returned by default. Read-only. Possible values are: none, pending, approved, denied, expired, unknownFutureValue, revoked, completed. |
| reviewCompletedByUserId | String | This is the Azure Active Directory (AAD) user id of the administrator who approved or denied the request. For example: 'F1A57311-B9EB-45B7-9415-8555E68EDC9E'. This field would be String.Empty before the request is either approved or denied. Read-only. |
| reviewCompletedByUserPrincipalName | String | This is the User Principal Name (UPN) of the administrator who approved or denied the request. For example: '[email protected]'. This field would be String.Empty before the request is either approved or denied. Read-only. |
| reviewCompletedDateTime | DateTimeOffset | The DateTime for which the request was approved or denied. For example, midnight UTC on August 3rd, 2023 would look like this: '2023-08-03T00:00:00Z'. Read-only. |
| requestExpiryDateTime | DateTimeOffset | Expiration set for the request when it was created, regardless of approved or denied status. For example: '2023-08-03T14:24:22Z'. Returned by default. Returned by default. Read-only. |
| reviewerJustification | String | An optional justification provided by approver at approval or denied time. This field will be String.Empty if approver decides to not provide a justification. For example: 'Run this installer today' |
Graph reference: embeddedSIMActivationCodePool
| Property | Type | Description |
|---|---|---|
| id | String | Unique identifier for the embedded SIM activation code pool. System generated value assigned when created. |
| displayName | String | The admin defined name of the embedded SIM activation code pool. |
| createdDateTime | DateTimeOffset | The time the embedded SIM activation code pool was created. Generated service side. |
| modifiedDateTime | DateTimeOffset | The time the embedded SIM activation code pool was last modified. Updated service side. |
| activationCodes | embeddedSIMActivationCode collection | The activation codes which belong to this pool. This navigation property is used to post activation codes to Intune but cannot be used to read activation codes from Intune. |
| activationCodeCount | Int32 | The total count of activation codes which belong to this pool. |
Graph reference: embeddedSIMActivationCodePoolAssignment
| Property | Type | Description |
|---|---|---|
| id | String | Unique identifier for the embedded SIM activation code pool assignment. System generated value assigned when created. |
| target | deviceAndAppManagementAssignmentTarget | The type of groups targeted by the embedded SIM activation code pool. |
Graph reference: embeddedSIMDeviceState
| Property | Type | Description |
|---|---|---|
| id | String | Unique identifier for the embedded SIM device status. System generated value assigned when created. |
| createdDateTime | DateTimeOffset | The time the embedded SIM device status was created. Generated service side. |
| modifiedDateTime | DateTimeOffset | The time the embedded SIM device status was last modified. Updated service side. |
| lastSyncDateTime | DateTimeOffset | The time the embedded SIM device last checked in. Updated service side. |
| universalIntegratedCircuitCardIdentifier | String | The Universal Integrated Circuit Card Identifier (UICCID) identifying the hardware onto which a profile is to be deployed. |
| deviceName | String | Device name to which the subscription was provisioned e.g. DESKTOP-JOE |
| userName | String | Username which the subscription was provisioned to e.g. [email protected] |
| state | embeddedSIMDeviceStateValue | The state of the profile operation applied to the device. Possible values are: notEvaluated, failed, installing, installed, deleting, error, deleted, removedByUser. |
| stateDetails | String | String description of the provisioning state. |
Graph reference: deviceManagement
| Property | Type | Description |
|---|---|---|
| id | String | Not yet documented |
Graph reference: groupPolicyMigrationReport
| Property | Type | Description |
|---|---|---|
| id | String | |
| groupPolicyObjectId | Guid | The Group Policy Object GUID from GPO Xml content |
| displayName | String | The name of Group Policy Object from the GPO Xml Content |
| ouDistinguishedName | String | The distinguished name of the OU. |
| createdDateTime | DateTimeOffset | The date and time at which the GroupPolicyMigrationReport was created. |
| lastModifiedDateTime | DateTimeOffset | The date and time at which the GroupPolicyMigrationReport was last modified. |
| groupPolicyCreatedDateTime | DateTimeOffset | The date and time at which the GroupPolicyMigrationReport was created. |
| groupPolicyLastModifiedDateTime | DateTimeOffset | The date and time at which the GroupPolicyMigrationReport was last modified. |
| migrationReadiness | groupPolicyMigrationReadiness | The Intune coverage for the associated Group Policy Object file. Possible values are: none, partial, complete, error, notApplicable. |
| targetedInActiveDirectory | Boolean | The Targeted in AD property from GPO Xml Content |
| totalSettingsCount | Int32 | The total number of Group Policy Settings from GPO file. |
| supportedSettingsCount | Int32 | The number of Group Policy Settings supported by Intune. |
| supportedSettingsPercent | Int32 | The Percentage of Group Policy Settings supported by Intune. |
| roleScopeTagIds | String collection | The list of scope tags for the configuration. |
Graph reference: groupPolicyObjectFile
| Property | Type | Description |
|---|---|---|
| id | String | |
| groupPolicyObjectId | Guid | The Group Policy Object GUID from GPO Xml content |
| ouDistinguishedName | String | The distinguished name of the OU. |
| createdDateTime | DateTimeOffset | The date and time at which the GroupPolicy was first uploaded. |
| lastModifiedDateTime | DateTimeOffset | The date and time at which the GroupPolicyObjectFile was last modified. |
| content | String | The Group Policy Object file content. |
| roleScopeTagIds | String collection | The list of scope tags for the configuration. |
Graph reference: groupPolicySettingMapping
| Property | Type | Description |
|---|---|---|
| id | String | |
| parentId | String | Parent Id of the group policy setting. |
| childIdList | String collection | List of Child Ids of the group policy setting. |
| settingName | String | The name of this group policy setting. |
| settingValue | String | The value of this group policy setting. |
| settingValueType | String | The value type of this group policy setting. |
| settingDisplayName | String | The display name of this group policy setting. |
| settingDisplayValue | String | The display value of this group policy setting. |
| settingDisplayValueType | String | The display value type of this group policy setting. |
| settingValueDisplayUnits | String | The display units of this group policy setting value |
| settingCategory | String | The category the group policy setting is in. |
| mdmCspName | String | The CSP name this group policy setting maps to. |
| mdmSettingUri | String | The MDM CSP URI this group policy setting maps to. |
| mdmMinimumOSVersion | Int32 | The minimum OS version this mdm setting supports. |
| settingType | groupPolicySettingType | The setting type (security or admx) of the Group Policy. Possible values are: unknown, policy, account, securityOptions, userRightsAssignment, auditSetting, windowsFirewallSettings, appLockerRuleCollection, dataSourcesSettings, devicesSettings, driveMapSettings, environmentVariables, filesSettings, folderOptions, folders, iniFiles, internetOptions, localUsersAndGroups, networkOptions, networkShares, ntServices, powerOptions, printers, regionalOptionsSettings, registrySettings, scheduledTasks, shortcutSettings, startMenuSettings. |
| isMdmSupported | Boolean | Indicates if the setting is supported by Intune or not |
| mdmSupportedState | mdmSupportedState | Indicates if the setting is supported in Mdm or not. Possible values are: unknown, supported, unsupported, deprecated. |
| settingScope | groupPolicySettingScope | The scope of the setting. Possible values are: unknown, device, user. |
| intuneSettingUriList | String collection | The list of Intune Setting URIs this group policy setting maps to |
| intuneSettingDefinitionId | String | The Intune Setting Definition Id |
| admxSettingDefinitionId | String | Admx Group Policy Id |
Graph reference: unsupportedGroupPolicyExtension
| Property | Type | Description |
|---|---|---|
| id | String | |
| settingScope | groupPolicySettingScope | Setting Scope of the unsupported extension. Possible values are: unknown, device, user. |
| namespaceUrl | String | Namespace Url of the unsupported extension. |
| extensionType | String | ExtensionType of the unsupported extension. |
| nodeName | String | Node name of the unsupported extension. |
Graph reference: deviceManagementReports
| Property | Type | Description |
|---|---|---|
| id | String | Unique identifier for this entity |
Graph reference: groupPolicyCategory
| Property | Type | Description |
|---|---|---|
| displayName | String | The string id of the category's display name |
| isRoot | Boolean | Defines if the category is a root category |
| ingestionSource | ingestionSource | Defines this category's ingestion source (0 - unknown, 1 - custom, 2 - global). Possible values are: unknown, custom, builtIn, unknownFutureValue. |
| id | String | Key of the entity. |
| lastModifiedDateTime | DateTimeOffset | The date and time the entity was last modified. |
Graph reference: groupPolicyConfiguration
| Property | Type | Description |
|---|---|---|
| createdDateTime | DateTimeOffset | The date and time the object was created. |
| displayName | String | User provided name for the resource object. |
| description | String | User provided description for the resource object. |
| roleScopeTagIds | String collection | The list of scope tags for the configuration. |
| policyConfigurationIngestionType | groupPolicyConfigurationIngestionType | Type of definitions configured for this policy. Possible values are: unknown, custom, builtIn, mixed, unknownFutureValue. |
| id | String | Key of the entity. |
| lastModifiedDateTime | DateTimeOffset | The date and time the entity was last modified. |
Graph reference: groupPolicyConfigurationAssignment
| Property | Type | Description |
|---|---|---|
| id | String | Key of the entity. |
| lastModifiedDateTime | DateTimeOffset | The date and time the entity was last modified. |
| target | deviceAndAppManagementAssignmentTarget | The type of groups targeted the group policy configuration. |
Graph reference: groupPolicyDefinition
| Property | Type | Description |
|---|---|---|
| classType | groupPolicyDefinitionClassType | Identifies the type of groups the policy can be applied to. Possible values are: user, machine. |
| displayName | String | The localized policy name. |
| explainText | String | The localized explanation or help text associated with the policy. The default value is empty. |
| categoryPath | String | The localized full category path for the policy. |
| supportedOn | String | Localized string used to specify what operating system or application version is affected by the policy. |
| policyType | groupPolicyType | Specifies the type of group policy. Possible values are: admxBacked, admxIngested. |
| hasRelatedDefinitions | Boolean | Signifies whether or not there are related definitions to this definition |
| groupPolicyCategoryId | Guid | The category id of the parent category |
| minDeviceCspVersion | String | Minimum required CSP version for device configuration in this definition |
| minUserCspVersion | String | Minimum required CSP version for user configuration in this definition |
| version | String | Setting definition version |
| id | String | Key of the entity. |
| lastModifiedDateTime | DateTimeOffset | The date and time the entity was last modified. |
Graph reference: groupPolicyDefinitionFile
| Property | Type | Description |
|---|---|---|
| displayName | String | The localized friendly name of the ADMX file. |
| description | String | The localized description of the policy settings in the ADMX file. The default value is empty. |
| languageCodes | String collection | The supported language codes for the ADMX file. |
| targetPrefix | String | Specifies the logical name that refers to the namespace within the ADMX file. |
| targetNamespace | String | Specifies the URI used to identify the namespace within the ADMX file. |
| policyType | groupPolicyType | Specifies the type of group policy. Possible values are: admxBacked, admxIngested. |
| revision | String | The revision version associated with the file. |
| fileName | String | The file name of the ADMX file without the path. For example: edge.admx |
| id | String | Key of the entity. |
| lastModifiedDateTime | DateTimeOffset | The date and time the entity was last modified. |
Graph reference: groupPolicyDefinitionValue
| Property | Type | Description |
|---|---|---|
| createdDateTime | DateTimeOffset | The date and time the object was created. |
| enabled | Boolean | Enables or disables the associated group policy definition. |
| configurationType | groupPolicyConfigurationType | Specifies how the value should be configured. This can be either as a Policy or as a Preference. Possible values are: policy, preference. |
| id | String | Key of the entity. |
| lastModifiedDateTime | DateTimeOffset | The date and time the entity was last modified. |
Graph reference: groupPolicyOperation
| Property | Type | Description |
|---|---|---|
| operationType | groupPolicyOperationType | The type of group policy operation. Possible values are: none, upload, uploadNewVersion, addLanguageFiles, removeLanguageFiles, updateLanguageFiles, remove. |
| operationStatus | groupPolicyOperationStatus | The group policy operation status. Possible values are: unknown, inProgress, success, failed. |
| statusDetails | String | The group policy operation status detail. |
| id | String | Key of the entity. |
| lastModifiedDateTime | DateTimeOffset | The date and time the entity was last modified. |
Graph reference: groupPolicyPresentation
| Property | Type | Description |
|---|---|---|
| label | String | Localized text label for any presentation entity. The default value is empty. |
| id | String | Key of the entity. |
| lastModifiedDateTime | DateTimeOffset | The date and time the entity was last modified. |
Graph reference: groupPolicyPresentationCheckBox
| Property | Type | Description |
|---|---|---|
| label | String | Localized text label for any presentation entity. The default value is empty. Inherited from groupPolicyPresentation |
| id | String | Key of the entity. Inherited from groupPolicyPresentation |
| lastModifiedDateTime | DateTimeOffset | The date and time the entity was last modified. Inherited from groupPolicyPresentation |
| defaultChecked | Boolean | Default value for the check box. The default value is false. |
Graph reference: groupPolicyPresentationComboBox
| Property | Type | Description |
|---|---|---|
| label | String | Localized text label for any presentation entity. The default value is empty. Inherited from groupPolicyPresentation |
| id | String | Key of the entity. Inherited from groupPolicyPresentation |
| lastModifiedDateTime | DateTimeOffset | The date and time the entity was last modified. Inherited from groupPolicyPresentation |
| defaultValue | String | Localized default string displayed in the combo box. The default value is empty. |
| suggestions | String collection | Localized strings listed in the drop-down list of the combo box. The default value is empty. |
| required | Boolean | Specifies whether a value must be specified for the parameter. The default value is false. |
| maxLength | Int64 | An unsigned integer that specifies the maximum number of text characters for the parameter. The default value is 1023. |
Graph reference: groupPolicyPresentationDecimalTextBox
| Property | Type | Description |
|---|---|---|
| label | String | Localized text label for any presentation entity. The default value is empty. Inherited from groupPolicyPresentation |
| id | String | Key of the entity. Inherited from groupPolicyPresentation |
| lastModifiedDateTime | DateTimeOffset | The date and time the entity was last modified. Inherited from groupPolicyPresentation |
| defaultValue | Int64 | An unsigned integer that specifies the initial value for the decimal text box. The default value is 1. |
| spin | Boolean | If true, create a spin control; otherwise, create a text box for numeric entry. The default value is true. |
| spinStep | Int64 | An unsigned integer that specifies the increment of change for the spin control. The default value is 1. |
| required | Boolean | Requirement to enter a value in the parameter box. The default value is false. |
| minValue | Int64 | An unsigned integer that specifies the minimum allowed value. The default value is 0. |
| maxValue | Int64 | An unsigned integer that specifies the maximum allowed value. The default value is 9999. |
Graph reference: groupPolicyPresentationDropdownList
| Property | Type | Description |
|---|---|---|
| label | String | Localized text label for any presentation entity. The default value is empty. Inherited from groupPolicyPresentation |
| id | String | Key of the entity. Inherited from groupPolicyPresentation |
| lastModifiedDateTime | DateTimeOffset | The date and time the entity was last modified. Inherited from groupPolicyPresentation |
| defaultItem | groupPolicyPresentationDropdownListItem | Localized string value identifying the default choice of the list of items. |
| items | groupPolicyPresentationDropdownListItem collection | Represents a set of localized display names and their associated values. |
| required | Boolean | Requirement to enter a value in the parameter box. The default value is false. |
Graph reference: groupPolicyPresentationListBox
| Property | Type | Description |
|---|---|---|
| label | String | Localized text label for any presentation entity. The default value is empty. Inherited from groupPolicyPresentation |
| id | String | Key of the entity. Inherited from groupPolicyPresentation |
| lastModifiedDateTime | DateTimeOffset | The date and time the entity was last modified. Inherited from groupPolicyPresentation |
| explicitValue | Boolean | If this option is specified true the user must specify the registry subkey value and the registry subkey name. The list box shows two columns, one for the name and one for the data. The default value is false. |
| valuePrefix | String |
Graph reference: groupPolicyPresentationLongDecimalTextBox
| Property | Type | Description |
|---|---|---|
| label | String | Localized text label for any presentation entity. The default value is empty. Inherited from groupPolicyPresentation |
| id | String | Key of the entity. Inherited from groupPolicyPresentation |
| lastModifiedDateTime | DateTimeOffset | The date and time the entity was last modified. Inherited from groupPolicyPresentation |
| defaultValue | Int64 | An unsigned integer that specifies the initial value for the decimal text box. The default value is 1. |
| spin | Boolean | If true, create a spin control; otherwise, create a text box for numeric entry. The default value is true. |
| spinStep | Int64 | An unsigned integer that specifies the increment of change for the spin control. The default value is 1. |
| required | Boolean | Requirement to enter a value in the parameter box. The default value is false. |
| minValue | Int64 | An unsigned long that specifies the minimum allowed value. The default value is 0. |
| maxValue | Int64 | An unsigned long that specifies the maximum allowed value. The default value is 9999. |
Graph reference: groupPolicyPresentationMultiTextBox
| Property | Type | Description |
|---|---|---|
| label | String | Localized text label for any presentation entity. The default value is empty. Inherited from groupPolicyPresentation |
| id | String | Key of the entity. Inherited from groupPolicyPresentation |
| lastModifiedDateTime | DateTimeOffset | The date and time the entity was last modified. Inherited from groupPolicyPresentation |
| required | Boolean | Requirement to enter a value in the text box. Default value is false. |
| maxLength | Int64 | An unsigned integer that specifies the maximum number of text characters. Default value is 1023. |
| maxStrings | Int64 | An unsigned integer that specifies the maximum number of strings. Default value is 0. |
Graph reference: groupPolicyPresentationText
| Property | Type | Description |
|---|---|---|
| label | String | Localized text label for any presentation entity. The default value is empty. Inherited from groupPolicyPresentation |
| id | String | Key of the entity. Inherited from groupPolicyPresentation |
| lastModifiedDateTime | DateTimeOffset | The date and time the entity was last modified. Inherited from groupPolicyPresentation |
Graph reference: groupPolicyPresentationTextBox
| Property | Type | Description |
|---|---|---|
| label | String | Localized text label for any presentation entity. The default value is empty. Inherited from groupPolicyPresentation |
| id | String | Key of the entity. Inherited from groupPolicyPresentation |
| lastModifiedDateTime | DateTimeOffset | The date and time the entity was last modified. Inherited from groupPolicyPresentation |
| defaultValue | String | Localized default string displayed in the text box. The default value is empty. |
| required | Boolean | Requirement to enter a value in the text box. Default value is false. |
| maxLength | Int64 | An unsigned integer that specifies the maximum number of text characters. Default value is 1023. |
Graph reference: groupPolicyPresentationValue
| Property | Type | Description |
|---|---|---|
| lastModifiedDateTime | DateTimeOffset | The date and time the object was last modified. |
| createdDateTime | DateTimeOffset | The date and time the object was created. |
| id | String | Key of the entity. |
Graph reference: groupPolicyPresentationValueBoolean
| Property | Type | Description |
|---|---|---|
| lastModifiedDateTime | DateTimeOffset | The date and time the object was last modified. Inherited from groupPolicyPresentationValue |
| createdDateTime | DateTimeOffset | The date and time the object was created. Inherited from groupPolicyPresentationValue |
| id | String | Key of the entity. Inherited from groupPolicyPresentationValue |
| value | Boolean | An boolean value for the associated presentation. |
Graph reference: groupPolicyPresentationValueDecimal
| Property | Type | Description |
|---|---|---|
| lastModifiedDateTime | DateTimeOffset | The date and time the object was last modified. Inherited from groupPolicyPresentationValue |
| createdDateTime | DateTimeOffset | The date and time the object was created. Inherited from groupPolicyPresentationValue |
| id | String | Key of the entity. Inherited from groupPolicyPresentationValue |
| value | Int64 | An unsigned integer value for the associated presentation. |
Graph reference: groupPolicyPresentationValueList
| Property | Type | Description |
|---|---|---|
| lastModifiedDateTime | DateTimeOffset | The date and time the object was last modified. Inherited from groupPolicyPresentationValue |
| createdDateTime | DateTimeOffset | The date and time the object was created. Inherited from groupPolicyPresentationValue |
| id | String | Key of the entity. Inherited from groupPolicyPresentationValue |
| values | keyValuePair collection | A list of pairs for the associated presentation. |
Graph reference: groupPolicyPresentationValueLongDecimal
| Property | Type | Description |
|---|---|---|
| lastModifiedDateTime | DateTimeOffset | The date and time the object was last modified. Inherited from groupPolicyPresentationValue |
| createdDateTime | DateTimeOffset | The date and time the object was created. Inherited from groupPolicyPresentationValue |
| id | String | Key of the entity. Inherited from groupPolicyPresentationValue |
| value | Int64 | An unsigned long value for the associated presentation. |
Graph reference: groupPolicyPresentationValueMultiText
| Property | Type | Description |
|---|---|---|
| lastModifiedDateTime | DateTimeOffset | The date and time the object was last modified. Inherited from groupPolicyPresentationValue |
| createdDateTime | DateTimeOffset | The date and time the object was created. Inherited from groupPolicyPresentationValue |
| id | String | Key of the entity. Inherited from groupPolicyPresentationValue |
| values | String collection | A collection of non-empty strings for the associated presentation. |
Graph reference: groupPolicyPresentationValueText
| Property | Type | Description |
|---|---|---|
| lastModifiedDateTime | DateTimeOffset | The date and time the object was last modified. Inherited from groupPolicyPresentationValue |
| createdDateTime | DateTimeOffset | The date and time the object was created. Inherited from groupPolicyPresentationValue |
| id | String | Key of the entity. Inherited from groupPolicyPresentationValue |
| value | String | A string value for the associated presentation. |
Graph reference: groupPolicyUploadedCategory
| Property | Type | Description |
|---|---|---|
| displayName | String | The string id of the category's display name Inherited from groupPolicyCategory |
| isRoot | Boolean | Defines if the category is a root category Inherited from groupPolicyCategory |
| ingestionSource | ingestionSource | Defines this category's ingestion source (0 - unknown, 1 - custom, 2 - global) Inherited from groupPolicyCategory. Possible values are: unknown, custom, builtIn, unknownFutureValue. |
| id | String | Key of the entity. Inherited from groupPolicyCategory |
| lastModifiedDateTime | DateTimeOffset | The date and time the entity was last modified. Inherited from groupPolicyCategory |
Graph reference: groupPolicyUploadedDefinition
| Property | Type | Description |
|---|---|---|
| classType | groupPolicyDefinitionClassType | Identifies the type of groups the policy can be applied to. Inherited from groupPolicyDefinition. Possible values are: user, machine. |
| displayName | String | The localized policy name. Inherited from groupPolicyDefinition |
| explainText | String | The localized explanation or help text associated with the policy. The default value is empty. Inherited from groupPolicyDefinition |
| categoryPath | String | The localized full category path for the policy. Inherited from groupPolicyDefinition |
| supportedOn | String | Localized string used to specify what operating system or application version is affected by the policy. Inherited from groupPolicyDefinition |
| policyType | groupPolicyType | Specifies the type of group policy. Inherited from groupPolicyDefinition. Possible values are: admxBacked, admxIngested. |
| hasRelatedDefinitions | Boolean | Signifies whether or not there are related definitions to this definition Inherited from groupPolicyDefinition |
| groupPolicyCategoryId | Guid | The category id of the parent category Inherited from groupPolicyDefinition |
| minDeviceCspVersion | String | Minimum required CSP version for device configuration in this definition Inherited from groupPolicyDefinition |
| minUserCspVersion | String | Minimum required CSP version for user configuration in this definition Inherited from groupPolicyDefinition |
| version | String | Setting definition version Inherited from groupPolicyDefinition |
| id | String | Key of the entity. Inherited from groupPolicyDefinition |
| lastModifiedDateTime | DateTimeOffset | The date and time the entity was last modified. Inherited from groupPolicyDefinition |
Graph reference: groupPolicyUploadedDefinitionFile
| Property | Type | Description |
|---|---|---|
| displayName | String | The localized friendly name of the ADMX file. Inherited from groupPolicyDefinitionFile |
| description | String | The localized description of the policy settings in the ADMX file. The default value is empty. Inherited from groupPolicyDefinitionFile |
| languageCodes | String collection | The supported language codes for the ADMX file. Inherited from groupPolicyDefinitionFile |
| targetPrefix | String | Specifies the logical name that refers to the namespace within the ADMX file. Inherited from groupPolicyDefinitionFile |
| targetNamespace | String | Specifies the URI used to identify the namespace within the ADMX file. Inherited from groupPolicyDefinitionFile |
| policyType | groupPolicyType | Specifies the type of group policy. Inherited from groupPolicyDefinitionFile. Possible values are: admxBacked, admxIngested. |
| revision | String | The revision version associated with the file. Inherited from groupPolicyDefinitionFile |
| fileName | String | The file name of the ADMX file without the path. For example: edge.admx Inherited from groupPolicyDefinitionFile |
| id | String | Key of the entity. Inherited from groupPolicyDefinitionFile |
| lastModifiedDateTime | DateTimeOffset | The date and time the entity was last modified. Inherited from groupPolicyDefinitionFile |
| status | groupPolicyUploadedDefinitionFileStatus | The upload status of the uploaded ADMX file. Possible values are: none, uploadInProgress, available, assigned, removalInProgress, uploadFailed, removalFailed. |
| content | Binary | The contents of the uploaded ADMX file. |
| uploadDateTime | DateTimeOffset | The uploaded time of the uploaded ADMX file. |
| defaultLanguageCode | String | The default language of the uploaded ADMX file. |
| groupPolicyUploadedLanguageFiles | groupPolicyUploadedLanguageFile collection | The list of ADML files associated with the uploaded ADMX file. |
Graph reference: groupPolicyUploadedPresentation
| Property | Type | Description |
|---|---|---|
| label | String | Localized text label for any presentation entity. The default value is empty. Inherited from groupPolicyPresentation |
| id | String | Key of the entity. Inherited from groupPolicyPresentation |
| lastModifiedDateTime | DateTimeOffset | The date and time the entity was last modified. Inherited from groupPolicyPresentation |
Graph reference: androidManagedAppProtection
| Property | Type | Description |
|---|---|---|
| displayName | String | Policy display name. Inherited from managedAppPolicy |
| description | String | The policy's description. Inherited from managedAppPolicy |
| createdDateTime | DateTimeOffset | The date and time the policy was created. Inherited from managedAppPolicy |
| lastModifiedDateTime | DateTimeOffset | Last time the policy was modified. Inherited from managedAppPolicy |
| id | String | Key of the entity. Inherited from managedAppPolicy |
| version | String | Version of the entity. Inherited from managedAppPolicy |
| periodOfflineBeforeAccessCheck | Duration | The period after which access is checked when the device is not connected to the internet. Inherited from managedAppProtection |
| periodOnlineBeforeAccessCheck | Duration | The period after which access is checked when the device is connected to the internet. Inherited from managedAppProtection |
| allowedInboundDataTransferSources | managedAppDataTransferLevel | Sources from which data is allowed to be transferred. Inherited from managedAppProtection. Possible values are: allApps, managedApps, none. |
| allowedOutboundDataTransferDestinations | managedAppDataTransferLevel | Destinations to which data is allowed to be transferred. Inherited from managedAppProtection. Possible values are: allApps, managedApps, none. |
| organizationalCredentialsRequired | Boolean | Indicates whether organizational credentials are required for app use. Inherited from managedAppProtection |
| allowedOutboundClipboardSharingLevel | managedAppClipboardSharingLevel | The level to which the clipboard may be shared between apps on the managed device. Inherited from managedAppProtection. Possible values are: allApps, managedAppsWithPasteIn, managedApps, blocked. |
| dataBackupBlocked | Boolean | Indicates whether the backup of a managed app's data is blocked. Inherited from managedAppProtection |
| deviceComplianceRequired | Boolean | Indicates whether device compliance is required. Inherited from managedAppProtection |
| managedBrowserToOpenLinksRequired | Boolean | Indicates whether internet links should be opened in the managed browser app, or any custom browser specified by CustomBrowserProtocol (for iOS) or CustomBrowserPackageId/CustomBrowserDisplayName (for Android) Inherited from managedAppProtection |
| saveAsBlocked | Boolean | Indicates whether users may use the "Save As" menu item to save a copy of protected files. Inherited from managedAppProtection |
| periodOfflineBeforeWipeIsEnforced | Duration | The amount of time an app is allowed to remain disconnected from the internet before all managed data it is wiped. Inherited from managedAppProtection |
| pinRequired | Boolean | Indicates whether an app-level pin is required. Inherited from managedAppProtection |
| maximumPinRetries | Int32 | Maximum number of incorrect pin retry attempts before the managed app is either blocked or wiped. Inherited from managedAppProtection |
| simplePinBlocked | Boolean | Indicates whether simplePin is blocked. Inherited from managedAppProtection |
| minimumPinLength | Int32 | Minimum pin length required for an app-level pin if PinRequired is set to True Inherited from managedAppProtection |
| pinCharacterSet | managedAppPinCharacterSet | Character set which may be used for an app-level pin if PinRequired is set to True. Inherited from managedAppProtection. Possible values are: numeric, alphanumericAndSymbol. |
| periodBeforePinReset | Duration | TimePeriod before the all-level pin must be reset if PinRequired is set to True. Inherited from managedAppProtection |
| allowedDataStorageLocations | managedAppDataStorageLocation collection | Data storage locations where a user may store managed data. Inherited from managedAppProtection |
| contactSyncBlocked | Boolean | Indicates whether contacts can be synced to the user's device. Inherited from managedAppProtection |
| printBlocked | Boolean | Indicates whether printing is allowed from managed apps. Inherited from managedAppProtection |
| fingerprintBlocked | Boolean | Indicates whether use of the fingerprint reader is allowed in place of a pin if PinRequired is set to True. Inherited from managedAppProtection |
| disableAppPinIfDevicePinIsSet | Boolean | Indicates whether use of the app pin is required if the device pin is set. Inherited from managedAppProtection |
| minimumRequiredOsVersion | String | Versions less than the specified version will block the managed app from accessing company data. Inherited from managedAppProtection |
| minimumWarningOsVersion | String | Versions less than the specified version will result in warning message on the managed app from accessing company data. Inherited from managedAppProtection |
| minimumRequiredAppVersion | String | Versions less than the specified version will block the managed app from accessing company data. Inherited from managedAppProtection |
| minimumWarningAppVersion | String | Versions less than the specified version will result in warning message on the managed app. Inherited from managedAppProtection |
| managedBrowser | managedBrowserType | Indicates in which managed browser(s) that internet links should be opened. When this property is configured, ManagedBrowserToOpenLinksRequired should be true. Inherited from managedAppProtection. Possible values are: notConfigured, microsoftEdge. |
| isAssigned | Boolean | Indicates if the policy is deployed to any inclusion groups or not. Inherited from targetedManagedAppProtection |
| screenCaptureBlocked | Boolean | Indicates whether a managed user can take screen captures of managed apps |
| disableAppEncryptionIfDeviceEncryptionIsEnabled | Boolean | When this setting is enabled, app level encryption is disabled if device level encryption is enabled |
| encryptAppData | Boolean | Indicates whether application data for managed apps should be encrypted |
| deployedAppCount | Int32 | Count of apps to which the current policy is deployed. |
| minimumRequiredPatchVersion | String | Define the oldest required Android security patch level a user can have to gain secure access to the app. |
| minimumWarningPatchVersion | String | Define the oldest recommended Android security patch level a user can have for secure access to the app. |
| customBrowserPackageId | String | Unique identifier of the preferred custom browser to open weblink on Android. When this property is configured, ManagedBrowserToOpenLinksRequired should be true. |
| customBrowserDisplayName | String | Friendly name of the preferred custom browser to open weblink on Android. When this property is configured, ManagedBrowserToOpenLinksRequired should be true. |
Graph reference: androidManagedAppRegistration
| Property | Type | Description |
|---|---|---|
| createdDateTime | DateTimeOffset | Date and time of creation Inherited from managedAppRegistration |
| lastSyncDateTime | DateTimeOffset | Date and time of last the app synced with management service. Inherited from managedAppRegistration |
| applicationVersion | String | App version Inherited from managedAppRegistration |
| managementSdkVersion | String | App management SDK version Inherited from managedAppRegistration |
| platformVersion | String | Operating System version Inherited from managedAppRegistration |
| deviceType | String | Host device type Inherited from managedAppRegistration |
| deviceTag | String | App management SDK generated tag, which helps relate apps hosted on the same device. Not guaranteed to relate apps in all conditions. Inherited from managedAppRegistration |
| deviceName | String | Host device name Inherited from managedAppRegistration |
| flaggedReasons | managedAppFlaggedReason collection | Zero or more reasons an app registration is flagged. E.g. app running on rooted device Inherited from managedAppRegistration |
| userId | String | The user Id to who this app registration belongs. Inherited from managedAppRegistration |
| appIdentifier | mobileAppIdentifier | The app package Identifier Inherited from managedAppRegistration |
| id | String | Key of the entity. Inherited from managedAppRegistration |
| version | String | Version of the entity. Inherited from managedAppRegistration |
Graph reference: defaultManagedAppProtection
| Property | Type | Description |
|---|---|---|
| displayName | String | Policy display name. Inherited from managedAppPolicy |
| description | String | The policy's description. Inherited from managedAppPolicy |
| createdDateTime | DateTimeOffset | The date and time the policy was created. Inherited from managedAppPolicy |
| lastModifiedDateTime | DateTimeOffset | Last time the policy was modified. Inherited from managedAppPolicy |
| id | String | Key of the entity. Inherited from managedAppPolicy |
| version | String | Version of the entity. Inherited from managedAppPolicy |
| periodOfflineBeforeAccessCheck | Duration | The period after which access is checked when the device is not connected to the internet. Inherited from managedAppProtection |
| periodOnlineBeforeAccessCheck | Duration | The period after which access is checked when the device is connected to the internet. Inherited from managedAppProtection |
| allowedInboundDataTransferSources | managedAppDataTransferLevel | Sources from which data is allowed to be transferred. Inherited from managedAppProtection. Possible values are: allApps, managedApps, none. |
| allowedOutboundDataTransferDestinations | managedAppDataTransferLevel | Destinations to which data is allowed to be transferred. Inherited from managedAppProtection. Possible values are: allApps, managedApps, none. |
| organizationalCredentialsRequired | Boolean | Indicates whether organizational credentials are required for app use. Inherited from managedAppProtection |
| allowedOutboundClipboardSharingLevel | managedAppClipboardSharingLevel | The level to which the clipboard may be shared between apps on the managed device. Inherited from managedAppProtection. Possible values are: allApps, managedAppsWithPasteIn, managedApps, blocked. |
| dataBackupBlocked | Boolean | Indicates whether the backup of a managed app's data is blocked. Inherited from managedAppProtection |
| deviceComplianceRequired | Boolean | Indicates whether device compliance is required. Inherited from managedAppProtection |
| managedBrowserToOpenLinksRequired | Boolean | Indicates whether internet links should be opened in the managed browser app, or any custom browser specified by CustomBrowserProtocol (for iOS) or CustomBrowserPackageId/CustomBrowserDisplayName (for Android) Inherited from managedAppProtection |
| saveAsBlocked | Boolean | Indicates whether users may use the "Save As" menu item to save a copy of protected files. Inherited from managedAppProtection |
| periodOfflineBeforeWipeIsEnforced | Duration | The amount of time an app is allowed to remain disconnected from the internet before all managed data it is wiped. Inherited from managedAppProtection |
| pinRequired | Boolean | Indicates whether an app-level pin is required. Inherited from managedAppProtection |
| maximumPinRetries | Int32 | Maximum number of incorrect pin retry attempts before the managed app is either blocked or wiped. Inherited from managedAppProtection |
| simplePinBlocked | Boolean | Indicates whether simplePin is blocked. Inherited from managedAppProtection |
| minimumPinLength | Int32 | Minimum pin length required for an app-level pin if PinRequired is set to True Inherited from managedAppProtection |
| pinCharacterSet | managedAppPinCharacterSet | Character set which may be used for an app-level pin if PinRequired is set to True. Inherited from managedAppProtection. Possible values are: numeric, alphanumericAndSymbol. |
| periodBeforePinReset | Duration | TimePeriod before the all-level pin must be reset if PinRequired is set to True. Inherited from managedAppProtection |
| allowedDataStorageLocations | managedAppDataStorageLocation collection | Data storage locations where a user may store managed data. Inherited from managedAppProtection |
| contactSyncBlocked | Boolean | Indicates whether contacts can be synced to the user's device. Inherited from managedAppProtection |
| printBlocked | Boolean | Indicates whether printing is allowed from managed apps. Inherited from managedAppProtection |
| fingerprintBlocked | Boolean | Indicates whether use of the fingerprint reader is allowed in place of a pin if PinRequired is set to True. Inherited from managedAppProtection |
| disableAppPinIfDevicePinIsSet | Boolean | Indicates whether use of the app pin is required if the device pin is set. Inherited from managedAppProtection |
| minimumRequiredOsVersion | String | Versions less than the specified version will block the managed app from accessing company data. Inherited from managedAppProtection |
| minimumWarningOsVersion | String | Versions less than the specified version will result in warning message on the managed app from accessing company data. Inherited from managedAppProtection |
| minimumRequiredAppVersion | String | Versions less than the specified version will block the managed app from accessing company data. Inherited from managedAppProtection |
| minimumWarningAppVersion | String | Versions less than the specified version will result in warning message on the managed app. Inherited from managedAppProtection |
| managedBrowser | managedBrowserType | Indicates in which managed browser(s) that internet links should be opened. When this property is configured, ManagedBrowserToOpenLinksRequired should be true. Inherited from managedAppProtection. Possible values are: notConfigured, microsoftEdge. |
| appDataEncryptionType | managedAppDataEncryptionType | Type of encryption which should be used for data in a managed app. (iOS Only). Possible values are: useDeviceSettings, afterDeviceRestart, whenDeviceLockedExceptOpenFiles, whenDeviceLocked. |
| screenCaptureBlocked | Boolean | Indicates whether screen capture is blocked. (Android only) |
| encryptAppData | Boolean | Indicates whether managed-app data should be encrypted. (Android only) |
| disableAppEncryptionIfDeviceEncryptionIsEnabled | Boolean | When this setting is enabled, app level encryption is disabled if device level encryption is enabled. (Android only) |
| minimumRequiredSdkVersion | String | Versions less than the specified version will block the managed app from accessing company data. (iOS Only) |
| customSettings | keyValuePair collection | A set of string key and string value pairs to be sent to the affected users, unalterned by this service |
| deployedAppCount | Int32 | Count of apps to which the current policy is deployed. |
| minimumRequiredPatchVersion | String | Define the oldest required Android security patch level a user can have to gain secure access to the app. (Android only) |
| minimumWarningPatchVersion | String | Define the oldest recommended Android security patch level a user can have for secure access to the app. (Android only) |
| faceIdBlocked | Boolean | Indicates whether use of the FaceID is allowed in place of a pin if PinRequired is set to True. (iOS Only) |
Graph reference: deviceManagementConfigurationChoiceSettingCollectionDefinition
| Property | Type | Description |
|---|---|---|
| applicability | deviceManagementConfigurationSettingApplicability | Details which device setting is applicable on Inherited from deviceManagementConfigurationSettingDefinition |
| accessTypes | deviceManagementConfigurationSettingAccessTypes | Read/write access mode of the setting Inherited from deviceManagementConfigurationSettingDefinition. Possible values are: none, add, copy, delete, get, replace, execute. |
| keywords | String collection | Tokens which to search settings on Inherited from deviceManagementConfigurationSettingDefinition |
| infoUrls | String collection | List of links more info for the setting can be found at Inherited from deviceManagementConfigurationSettingDefinition |
| occurrence | deviceManagementConfigurationSettingOccurrence | Indicates whether the setting is required or not Inherited from deviceManagementConfigurationSettingDefinition |
| baseUri | String | Base CSP Path Inherited from deviceManagementConfigurationSettingDefinition |
| offsetUri | String | Offset CSP Path from Base Inherited from deviceManagementConfigurationSettingDefinition |
| rootDefinitionId | String | Root setting definition if the setting is a child setting. Inherited from deviceManagementConfigurationSettingDefinition |
| categoryId | String | Specifies the area group under which the setting is configured in a specified configuration service provider (CSP) Inherited from deviceManagementConfigurationSettingDefinition |
| settingUsage | deviceManagementConfigurationSettingUsage | Setting type, for example, configuration and compliance Inherited from deviceManagementConfigurationSettingDefinition. Possible values are: none, configuration, compliance. |
| uxBehavior | deviceManagementConfigurationControlType | Setting control type representation in the UX Inherited from deviceManagementConfigurationSettingDefinition. Possible values are: default, dropdown, smallTextBox, largeTextBox, toggle, multiheaderGrid, contextPane. |
| visibility | deviceManagementConfigurationSettingVisibility | Setting visibility scope to UX Inherited from deviceManagementConfigurationSettingDefinition. Possible values are: none, settingsCatalog, template. |
| referredSettingInformationList | deviceManagementConfigurationReferredSettingInformation collection | List of referred setting information. Inherited from deviceManagementConfigurationSettingDefinition |
| id | String | Identifier for item Inherited from deviceManagementConfigurationSettingDefinition |
| description | String | Description of the item Inherited from deviceManagementConfigurationSettingDefinition |
| helpText | String | Help text of the item Inherited from deviceManagementConfigurationSettingDefinition |
| name | String | Name of the item Inherited from deviceManagementConfigurationSettingDefinition |
| displayName | String | Display name of the item Inherited from deviceManagementConfigurationSettingDefinition |
| version | String | Item Version Inherited from deviceManagementConfigurationSettingDefinition |
| options | deviceManagementConfigurationOptionDefinition collection | Options for the setting that can be selected Inherited from deviceManagementConfigurationChoiceSettingDefinition |
| defaultOptionId | String | Default option for choice setting Inherited from deviceManagementConfigurationChoiceSettingDefinition |
| maximumCount | Int32 | Maximum number of choices in the collection |
| minimumCount | Int32 | Minimum number of choices in the collection |
Graph reference: deviceManagementConfigurationSetting
| Property | Type | Description |
|---|
Graph reference: deviceManagementConfigurationSettingGroupCollectionDefinition
| Property | Type | Description |
|---|---|---|
| applicability | deviceManagementConfigurationSettingApplicability | Details which device setting is applicable on Inherited from deviceManagementConfigurationSettingDefinition |
| accessTypes | deviceManagementConfigurationSettingAccessTypes | Read/write access mode of the setting Inherited from deviceManagementConfigurationSettingDefinition. Possible values are: none, add, copy, delete, get, replace, execute. |
| keywords | String collection | Tokens which to search settings on Inherited from deviceManagementConfigurationSettingDefinition |
| infoUrls | String collection | List of links more info for the setting can be found at Inherited from deviceManagementConfigurationSettingDefinition |
| occurrence | deviceManagementConfigurationSettingOccurrence | Indicates whether the setting is required or not Inherited from deviceManagementConfigurationSettingDefinition |
| baseUri | String | Base CSP Path Inherited from deviceManagementConfigurationSettingDefinition |
| offsetUri | String | Offset CSP Path from Base Inherited from deviceManagementConfigurationSettingDefinition |
| rootDefinitionId | String | Root setting definition if the setting is a child setting. Inherited from deviceManagementConfigurationSettingDefinition |
| categoryId | String | Specifies the area group under which the setting is configured in a specified configuration service provider (CSP) Inherited from deviceManagementConfigurationSettingDefinition |
| settingUsage | deviceManagementConfigurationSettingUsage | Setting type, for example, configuration and compliance Inherited from deviceManagementConfigurationSettingDefinition. Possible values are: none, configuration, compliance. |
| uxBehavior | deviceManagementConfigurationControlType | Setting control type representation in the UX Inherited from deviceManagementConfigurationSettingDefinition. Possible values are: default, dropdown, smallTextBox, largeTextBox, toggle, multiheaderGrid, contextPane. |
| visibility | deviceManagementConfigurationSettingVisibility | Setting visibility scope to UX Inherited from deviceManagementConfigurationSettingDefinition. Possible values are: none, settingsCatalog, template. |
| referredSettingInformationList | deviceManagementConfigurationReferredSettingInformation collection | List of referred setting information. Inherited from deviceManagementConfigurationSettingDefinition |
| id | String | Identifier for item Inherited from deviceManagementConfigurationSettingDefinition |
| description | String | Description of the item Inherited from deviceManagementConfigurationSettingDefinition |
| helpText | String | Help text of the item Inherited from deviceManagementConfigurationSettingDefinition |
| name | String | Name of the item Inherited from deviceManagementConfigurationSettingDefinition |
| displayName | String | Display name of the item Inherited from deviceManagementConfigurationSettingDefinition |
| version | String | Item Version Inherited from deviceManagementConfigurationSettingDefinition |
| childIds | String collection | Dependent child settings to this group of settings Inherited from deviceManagementConfigurationSettingGroupDefinition |
| dependentOn | deviceManagementConfigurationDependentOn collection | List of Dependencies for the setting group Inherited from deviceManagementConfigurationSettingGroupDefinition |
| dependedOnBy | deviceManagementConfigurationSettingDependedOnBy collection | List of child settings that depend on this setting Inherited from deviceManagementConfigurationSettingGroupDefinition |
| maximumCount | Int32 | Maximum number of setting group count in the collection |
| minimumCount | Int32 | Minimum number of setting group count in the collection |
Graph reference: deviceManagementConfigurationSimpleSettingCollectionDefinition
| Property | Type | Description |
|---|---|---|
| applicability | deviceManagementConfigurationSettingApplicability | Details which device setting is applicable on Inherited from deviceManagementConfigurationSettingDefinition |
| accessTypes | deviceManagementConfigurationSettingAccessTypes | Read/write access mode of the setting Inherited from deviceManagementConfigurationSettingDefinition. Possible values are: none, add, copy, delete, get, replace, execute. |
| keywords | String collection | Tokens which to search settings on Inherited from deviceManagementConfigurationSettingDefinition |
| infoUrls | String collection | List of links more info for the setting can be found at Inherited from deviceManagementConfigurationSettingDefinition |
| occurrence | deviceManagementConfigurationSettingOccurrence | Indicates whether the setting is required or not Inherited from deviceManagementConfigurationSettingDefinition |
| baseUri | String | Base CSP Path Inherited from deviceManagementConfigurationSettingDefinition |
| offsetUri | String | Offset CSP Path from Base Inherited from deviceManagementConfigurationSettingDefinition |
| rootDefinitionId | String | Root setting definition if the setting is a child setting. Inherited from deviceManagementConfigurationSettingDefinition |
| categoryId | String | Specifies the area group under which the setting is configured in a specified configuration service provider (CSP) Inherited from deviceManagementConfigurationSettingDefinition |
| settingUsage | deviceManagementConfigurationSettingUsage | Setting type, for example, configuration and compliance Inherited from deviceManagementConfigurationSettingDefinition. Possible values are: none, configuration, compliance. |
| uxBehavior | deviceManagementConfigurationControlType | Setting control type representation in the UX Inherited from deviceManagementConfigurationSettingDefinition. Possible values are: default, dropdown, smallTextBox, largeTextBox, toggle, multiheaderGrid, contextPane. |
| visibility | deviceManagementConfigurationSettingVisibility | Setting visibility scope to UX Inherited from deviceManagementConfigurationSettingDefinition. Possible values are: none, settingsCatalog, template. |
| referredSettingInformationList | deviceManagementConfigurationReferredSettingInformation collection | List of referred setting information. Inherited from deviceManagementConfigurationSettingDefinition |
| id | String | Identifier for item Inherited from deviceManagementConfigurationSettingDefinition |
| description | String | Description of the item Inherited from deviceManagementConfigurationSettingDefinition |
| helpText | String | Help text of the item Inherited from deviceManagementConfigurationSettingDefinition |
| name | String | Name of the item Inherited from deviceManagementConfigurationSettingDefinition |
| displayName | String | Display name of the item Inherited from deviceManagementConfigurationSettingDefinition |
| version | String | Item Version Inherited from deviceManagementConfigurationSettingDefinition |
| valueDefinition | deviceManagementConfigurationSettingValueDefinition | Definition of the value for this setting Inherited from deviceManagementConfigurationSimpleSettingDefinition |
| defaultValue | deviceManagementConfigurationSettingValue | Default setting value for this setting Inherited from deviceManagementConfigurationSimpleSettingDefinition |
| dependentOn | deviceManagementConfigurationDependentOn collection | list of parent settings this setting is dependent on Inherited from deviceManagementConfigurationSimpleSettingDefinition |
| dependedOnBy | deviceManagementConfigurationSettingDependedOnBy collection | list of child settings that depend on this setting Inherited from deviceManagementConfigurationSimpleSettingDefinition |
| maximumCount | Int32 | Maximum number of simple settings in the collection |
| minimumCount | Int32 | Minimum number of simple settings in the collection |
Graph reference: deviceManagementReports
| Property | Type | Description |
|---|---|---|
| id | String | Unique identifier for this entity |
Graph reference: iosManagedAppProtection
| Property | Type | Description |
|---|---|---|
| displayName | String | Policy display name. Inherited from managedAppPolicy |
| description | String | The policy's description. Inherited from managedAppPolicy |
| createdDateTime | DateTimeOffset | The date and time the policy was created. Inherited from managedAppPolicy |
| lastModifiedDateTime | DateTimeOffset | Last time the policy was modified. Inherited from managedAppPolicy |
| id | String | Key of the entity. Inherited from managedAppPolicy |
| version | String | Version of the entity. Inherited from managedAppPolicy |
| periodOfflineBeforeAccessCheck | Duration | The period after which access is checked when the device is not connected to the internet. Inherited from managedAppProtection |
| periodOnlineBeforeAccessCheck | Duration | The period after which access is checked when the device is connected to the internet. Inherited from managedAppProtection |
| allowedInboundDataTransferSources | managedAppDataTransferLevel | Sources from which data is allowed to be transferred. Inherited from managedAppProtection. Possible values are: allApps, managedApps, none. |
| allowedOutboundDataTransferDestinations | managedAppDataTransferLevel | Destinations to which data is allowed to be transferred. Inherited from managedAppProtection. Possible values are: allApps, managedApps, none. |
| organizationalCredentialsRequired | Boolean | Indicates whether organizational credentials are required for app use. Inherited from managedAppProtection |
| allowedOutboundClipboardSharingLevel | managedAppClipboardSharingLevel | The level to which the clipboard may be shared between apps on the managed device. Inherited from managedAppProtection. Possible values are: allApps, managedAppsWithPasteIn, managedApps, blocked. |
| dataBackupBlocked | Boolean | Indicates whether the backup of a managed app's data is blocked. Inherited from managedAppProtection |
| deviceComplianceRequired | Boolean | Indicates whether device compliance is required. Inherited from managedAppProtection |
| managedBrowserToOpenLinksRequired | Boolean | Indicates whether internet links should be opened in the managed browser app, or any custom browser specified by CustomBrowserProtocol (for iOS) or CustomBrowserPackageId/CustomBrowserDisplayName (for Android) Inherited from managedAppProtection |
| saveAsBlocked | Boolean | Indicates whether users may use the "Save As" menu item to save a copy of protected files. Inherited from managedAppProtection |
| periodOfflineBeforeWipeIsEnforced | Duration | The amount of time an app is allowed to remain disconnected from the internet before all managed data it is wiped. Inherited from managedAppProtection |
| pinRequired | Boolean | Indicates whether an app-level pin is required. Inherited from managedAppProtection |
| maximumPinRetries | Int32 | Maximum number of incorrect pin retry attempts before the managed app is either blocked or wiped. Inherited from managedAppProtection |
| simplePinBlocked | Boolean | Indicates whether simplePin is blocked. Inherited from managedAppProtection |
| minimumPinLength | Int32 | Minimum pin length required for an app-level pin if PinRequired is set to True Inherited from managedAppProtection |
| pinCharacterSet | managedAppPinCharacterSet | Character set which may be used for an app-level pin if PinRequired is set to True. Inherited from managedAppProtection. Possible values are: numeric, alphanumericAndSymbol. |
| periodBeforePinReset | Duration | TimePeriod before the all-level pin must be reset if PinRequired is set to True. Inherited from managedAppProtection |
| allowedDataStorageLocations | managedAppDataStorageLocation collection | Data storage locations where a user may store managed data. Inherited from managedAppProtection |
| contactSyncBlocked | Boolean | Indicates whether contacts can be synced to the user's device. Inherited from managedAppProtection |
| printBlocked | Boolean | Indicates whether printing is allowed from managed apps. Inherited from managedAppProtection |
| fingerprintBlocked | Boolean | Indicates whether use of the fingerprint reader is allowed in place of a pin if PinRequired is set to True. Inherited from managedAppProtection |
| disableAppPinIfDevicePinIsSet | Boolean | Indicates whether use of the app pin is required if the device pin is set. Inherited from managedAppProtection |
| minimumRequiredOsVersion | String | Versions less than the specified version will block the managed app from accessing company data. Inherited from managedAppProtection |
| minimumWarningOsVersion | String | Versions less than the specified version will result in warning message on the managed app from accessing company data. Inherited from managedAppProtection |
| minimumRequiredAppVersion | String | Versions less than the specified version will block the managed app from accessing company data. Inherited from managedAppProtection |
| minimumWarningAppVersion | String | Versions less than the specified version will result in warning message on the managed app. Inherited from managedAppProtection |
| managedBrowser | managedBrowserType | Indicates in which managed browser(s) that internet links should be opened. When this property is configured, ManagedBrowserToOpenLinksRequired should be true. Inherited from managedAppProtection. Possible values are: notConfigured, microsoftEdge. |
| isAssigned | Boolean | Indicates if the policy is deployed to any inclusion groups or not. Inherited from targetedManagedAppProtection |
| appDataEncryptionType | managedAppDataEncryptionType | Type of encryption which should be used for data in a managed app. Possible values are: useDeviceSettings, afterDeviceRestart, whenDeviceLockedExceptOpenFiles, whenDeviceLocked. |
| minimumRequiredSdkVersion | String | Versions less than the specified version will block the managed app from accessing company data. |
| deployedAppCount | Int32 | Count of apps to which the current policy is deployed. |
| faceIdBlocked | Boolean | Indicates whether use of the FaceID is allowed in place of a pin if PinRequired is set to True. |
| customBrowserProtocol | String | A custom browser protocol to open weblink on iOS. When this property is configured, ManagedBrowserToOpenLinksRequired should be true. |
Graph reference: iosManagedAppRegistration
| Property | Type | Description |
|---|---|---|
| createdDateTime | DateTimeOffset | Date and time of creation Inherited from managedAppRegistration |
| lastSyncDateTime | DateTimeOffset | Date and time of last the app synced with management service. Inherited from managedAppRegistration |
| applicationVersion | String | App version Inherited from managedAppRegistration |
| managementSdkVersion | String | App management SDK version Inherited from managedAppRegistration |
| platformVersion | String | Operating System version Inherited from managedAppRegistration |
| deviceType | String | Host device type Inherited from managedAppRegistration |
| deviceTag | String | App management SDK generated tag, which helps relate apps hosted on the same device. Not guaranteed to relate apps in all conditions. Inherited from managedAppRegistration |
| deviceName | String | Host device name Inherited from managedAppRegistration |
| flaggedReasons | managedAppFlaggedReason collection | Zero or more reasons an app registration is flagged. E.g. app running on rooted device Inherited from managedAppRegistration |
| userId | String | The user Id to who this app registration belongs. Inherited from managedAppRegistration |
| appIdentifier | mobileAppIdentifier | The app package Identifier Inherited from managedAppRegistration |
| id | String | Key of the entity. Inherited from managedAppRegistration |
| version | String | Version of the entity. Inherited from managedAppRegistration |
Graph reference: managedAppConfiguration
| Property | Type | Description |
|---|---|---|
| displayName | String | Policy display name. Inherited from managedAppPolicy |
| description | String | The policy's description. Inherited from managedAppPolicy |
| createdDateTime | DateTimeOffset | The date and time the policy was created. Inherited from managedAppPolicy |
| lastModifiedDateTime | DateTimeOffset | Last time the policy was modified. Inherited from managedAppPolicy |
| id | String | Key of the entity. Inherited from managedAppPolicy |
| version | String | Version of the entity. Inherited from managedAppPolicy |
| customSettings | keyValuePair collection | A set of string key and string value pairs to be sent to apps for users to whom the configuration is scoped, unalterned by this service |
Graph reference: managedAppDiagnosticStatus
| Property | Type | Description |
|---|---|---|
| validationName | String | The validation friendly name |
| state | String | The state of the operation |
| mitigationInstruction | String | Instruction on how to mitigate a failed validation |
Graph reference: managedAppLogCollectionRequest
| Property | Type | Description |
|---|---|---|
| id | String | The unique identifier of the managed app log collection request. This id is assigned during request creation time. Read-only. |
| managedAppRegistrationId | String | The unique identifier of the app instance for which diagnostic logs were collected. Read-only. |
| status | String | Indicates the status for the app log collection request - pending, completed or failed. Default is pending. |
| requestedBy | String | The user principal name associated with the request for the managed application log collection. Read-only. |
| requestedByUserPrincipalName | String | The user principal name associated with the request for the managed application log collection. Read-only. |
| requestedDateTime | DateTimeOffset | DateTime of when the log upload request was received. The Timestamp type represents date and time information using ISO 8601 format and is always in UTC time. For example, midnight UTC on Jan 1, 2014 would look like this: '2014-01-01T00:00:00Z'. Returned by default. Read-only. |
| completedDateTime | DateTimeOffset | DateTime of when the log upload request was completed. The Timestamp type represents date and time information using ISO 8601 format and is always in UTC time. For example, midnight UTC on Jan 1, 2014 would look like this: '2014-01-01T00:00:00Z'. Returned by default. Read-only. |
| userLogUploadConsent | managedAppLogUploadConsent | Indicates whether the user associated with the device provided consent for the log collection. The user must consent before the diagnostic logs can be collected. accepted means the user consented. declined means the user declined. unknown is the default value. The Log Collection Request must be completed within 24 hours or it will be abandoned and deleted. Read-only. Possible values are: unknown, declined, accepted, unknownFutureValue. |
| uploadedLogs | managedAppLogUpload collection | The collection of log upload results as reported by each component on the device. Such components can be the application itself, the Mobile Application Management (MAM) SDK, and other on-device components that are requested to upload diagnostic logs. Read-only. |
| version | String | Version of the entity. |
Graph reference: managedAppOperation
| Property | Type | Description |
|---|---|---|
| displayName | String | The operation name. |
| lastModifiedDateTime | DateTimeOffset | The last time the app operation was modified. |
| state | String | The current state of the operation |
| id | String | Key of the entity. |
| version | String | Version of the entity. |
Graph reference: managedAppPolicy
| Property | Type | Description |
|---|---|---|
| displayName | String | Policy display name. |
| description | String | The policy's description. |
| createdDateTime | DateTimeOffset | The date and time the policy was created. |
| lastModifiedDateTime | DateTimeOffset | Last time the policy was modified. |
| id | String | Key of the entity. |
| version | String | Version of the entity. |
Graph reference: managedAppPolicyDeploymentSummary
| Property | Type | Description |
|---|---|---|
| displayName | String | Not yet documented |
| configurationDeployedUserCount | Int32 | Not yet documented |
| lastRefreshTime | DateTimeOffset | Not yet documented |
| configurationDeploymentSummaryPerApp | managedAppPolicyDeploymentSummaryPerApp collection | Not yet documented |
| id | String | Key of the entity. |
| version | String | Version of the entity. |
Graph reference: managedAppProtection
| Property | Type | Description |
|---|---|---|
| displayName | String | Policy display name. Inherited from managedAppPolicy |
| description | String | The policy's description. Inherited from managedAppPolicy |
| createdDateTime | DateTimeOffset | The date and time the policy was created. Inherited from managedAppPolicy |
| lastModifiedDateTime | DateTimeOffset | Last time the policy was modified. Inherited from managedAppPolicy |
| id | String | Key of the entity. Inherited from managedAppPolicy |
| version | String | Version of the entity. Inherited from managedAppPolicy |
| periodOfflineBeforeAccessCheck | Duration | The period after which access is checked when the device is not connected to the internet. |
| periodOnlineBeforeAccessCheck | Duration | The period after which access is checked when the device is connected to the internet. |
| allowedInboundDataTransferSources | managedAppDataTransferLevel | Sources from which data is allowed to be transferred. Possible values are: allApps, managedApps, none. |
| allowedOutboundDataTransferDestinations | managedAppDataTransferLevel | Destinations to which data is allowed to be transferred. Possible values are: allApps, managedApps, none. |
| organizationalCredentialsRequired | Boolean | Indicates whether organizational credentials are required for app use. |
| allowedOutboundClipboardSharingLevel | managedAppClipboardSharingLevel | The level to which the clipboard may be shared between apps on the managed device. Possible values are: allApps, managedAppsWithPasteIn, managedApps, blocked. |
| dataBackupBlocked | Boolean | Indicates whether the backup of a managed app's data is blocked. |
| deviceComplianceRequired | Boolean | Indicates whether device compliance is required. |
| managedBrowserToOpenLinksRequired | Boolean | Indicates whether internet links should be opened in the managed browser app, or any custom browser specified by CustomBrowserProtocol (for iOS) or CustomBrowserPackageId/CustomBrowserDisplayName (for Android) |
| saveAsBlocked | Boolean | Indicates whether users may use the "Save As" menu item to save a copy of protected files. |
| periodOfflineBeforeWipeIsEnforced | Duration | The amount of time an app is allowed to remain disconnected from the internet before all managed data it is wiped. |
| pinRequired | Boolean | Indicates whether an app-level pin is required. |
| maximumPinRetries | Int32 | Maximum number of incorrect pin retry attempts before the managed app is either blocked or wiped. |
| simplePinBlocked | Boolean | Indicates whether simplePin is blocked. |
| minimumPinLength | Int32 | Minimum pin length required for an app-level pin if PinRequired is set to True |
| pinCharacterSet | managedAppPinCharacterSet | Character set which may be used for an app-level pin if PinRequired is set to True. Possible values are: numeric, alphanumericAndSymbol. |
| periodBeforePinReset | Duration | TimePeriod before the all-level pin must be reset if PinRequired is set to True. |
| allowedDataStorageLocations | managedAppDataStorageLocation collection | Data storage locations where a user may store managed data. |
| contactSyncBlocked | Boolean | Indicates whether contacts can be synced to the user's device. |
| printBlocked | Boolean | Indicates whether printing is allowed from managed apps. |
| fingerprintBlocked | Boolean | Indicates whether use of the fingerprint reader is allowed in place of a pin if PinRequired is set to True. |
| disableAppPinIfDevicePinIsSet | Boolean | Indicates whether use of the app pin is required if the device pin is set. |
| minimumRequiredOsVersion | String | Versions less than the specified version will block the managed app from accessing company data. |
| minimumWarningOsVersion | String | Versions less than the specified version will result in warning message on the managed app from accessing company data. |
| minimumRequiredAppVersion | String | Versions less than the specified version will block the managed app from accessing company data. |
| minimumWarningAppVersion | String | Versions less than the specified version will result in warning message on the managed app. |
| managedBrowser | managedBrowserType | Indicates in which managed browser(s) that internet links should be opened. When this property is configured, ManagedBrowserToOpenLinksRequired should be true. Possible values are: notConfigured, microsoftEdge. |
Graph reference: managedAppRegistration
| Property | Type | Description |
|---|---|---|
| createdDateTime | DateTimeOffset | Date and time of creation |
| lastSyncDateTime | DateTimeOffset | Date and time of last the app synced with management service. |
| applicationVersion | String | App version |
| managementSdkVersion | String | App management SDK version |
| platformVersion | String | Operating System version |
| deviceType | String | Host device type |
| deviceTag | String | App management SDK generated tag, which helps relate apps hosted on the same device. Not guaranteed to relate apps in all conditions. |
| deviceName | String | Host device name |
| flaggedReasons | managedAppFlaggedReason collection | Zero or more reasons an app registration is flagged. E.g. app running on rooted device |
| userId | String | The user Id to who this app registration belongs. |
| appIdentifier | mobileAppIdentifier | The app package Identifier |
| id | String | Key of the entity. |
| version | String | Version of the entity. |
Graph reference: managedAppStatus
| Property | Type | Description |
|---|---|---|
| displayName | String | Friendly name of the status report. |
| id | String | Key of the entity. |
| version | String | Version of the entity. |
Graph reference: managedAppStatusRaw
| Property | Type | Description |
|---|---|---|
| displayName | String | Friendly name of the status report. Inherited from managedAppStatus |
| id | String | Key of the entity. Inherited from managedAppStatus |
| version | String | Version of the entity. Inherited from managedAppStatus |
| content | Json | Status report content. |
Graph reference: managedMobileApp
| Property | Type | Description |
|---|---|---|
| mobileAppIdentifier | mobileAppIdentifier | The identifier for an app with it's operating system type. |
| id | String | Key of the entity. |
| version | String | Version of the entity. |
Graph reference: mdmWindowsInformationProtectionPolicy
| Property | Type | Description |
|---|---|---|
| displayName | String | Policy display name. Inherited from managedAppPolicy |
| description | String | The policy's description. Inherited from managedAppPolicy |
| createdDateTime | DateTimeOffset | The date and time the policy was created. Inherited from managedAppPolicy |
| lastModifiedDateTime | DateTimeOffset | Last time the policy was modified. Inherited from managedAppPolicy |
| id | String | Key of the entity. Inherited from managedAppPolicy |
| version | String | Version of the entity. Inherited from managedAppPolicy |
| enforcementLevel | windowsInformationProtectionEnforcementLevel | WIP enforcement level.See the Enum definition for supported values Inherited from windowsInformationProtection. Possible values are: noProtection, encryptAndAuditOnly, encryptAuditAndPrompt, encryptAuditAndBlock. |
| enterpriseDomain | String | Primary enterprise domain Inherited from windowsInformationProtection |
| enterpriseProtectedDomainNames | windowsInformationProtectionResourceCollection collection | List of enterprise domains to be protected Inherited from windowsInformationProtection |
| protectionUnderLockConfigRequired | Boolean | Specifies whether the protection under lock feature (also known as encrypt under pin) should be configured Inherited from windowsInformationProtection |
| dataRecoveryCertificate | windowsInformationProtectionDataRecoveryCertificate | Specifies a recovery certificate that can be used for data recovery of encrypted files. This is the same as the data recovery agent(DRA) certificate for encrypting file system(EFS) Inherited from windowsInformationProtection |
| revokeOnUnenrollDisabled | Boolean | This policy controls whether to revoke the WIP keys when a device unenrolls from the management service. If set to 1 (Don't revoke keys), the keys will not be revoked and the user will continue to have access to protected files after unenrollment. If the keys are not revoked, there will be no revoked file cleanup subsequently. Inherited from windowsInformationProtection |
| rightsManagementServicesTemplateId | Guid | TemplateID GUID to use for RMS encryption. The RMS template allows the IT admin to configure the details about who has access to RMS-protected file and how long they have access Inherited from windowsInformationProtection |
| azureRightsManagementServicesAllowed | Boolean | Specifies whether to allow Azure RMS encryption for WIP Inherited from windowsInformationProtection |
| iconsVisible | Boolean | Determines whether overlays are added to icons for WIP protected files in Explorer and enterprise only app tiles in the Start menu. Starting in Windows 10, version 1703 this setting also configures the visibility of the WIP icon in the title bar of a WIP-protected app Inherited from windowsInformationProtection |
| protectedApps | windowsInformationProtectionApp collection | Protected applications can access enterprise data and the data handled by those applications are protected with encryption Inherited from windowsInformationProtection |
| exemptApps | windowsInformationProtectionApp collection | Exempt applications can also access enterprise data, but the data handled by those applications are not protected. This is because some critical enterprise applications may have compatibility problems with encrypted data. Inherited from windowsInformationProtection |
| enterpriseNetworkDomainNames | windowsInformationProtectionResourceCollection collection | This is the list of domains that comprise the boundaries of the enterprise. Data from one of these domains that is sent to a device will be considered enterprise data and protected These locations will be considered a safe destination for enterprise data to be shared to Inherited from windowsInformationProtection |
| enterpriseProxiedDomains | windowsInformationProtectionProxiedDomainCollection collection | Contains a list of Enterprise resource domains hosted in the cloud that need to be protected. Connections to these resources are considered enterprise data. If a proxy is paired with a cloud resource, traffic to the cloud resource will be routed through the enterprise network via the denoted proxy server (on Port 80). A proxy server used for this purpose must also be configured using the EnterpriseInternalProxyServers policy Inherited from windowsInformationProtection |
| enterpriseIPRanges | windowsInformationProtectionIPRangeCollection collection | Sets the enterprise IP ranges that define the computers in the enterprise network. Data that comes from those computers will be considered part of the enterprise and protected. These locations will be considered a safe destination for enterprise data to be shared to Inherited from windowsInformationProtection |
| enterpriseIPRangesAreAuthoritative | Boolean | Boolean value that tells the client to accept the configured list and not to use heuristics to attempt to find other subnets. Default is false Inherited from windowsInformationProtection |
| enterpriseProxyServers | windowsInformationProtectionResourceCollection collection | This is a list of proxy servers. Any server not on this list is considered non-enterprise Inherited from windowsInformationProtection |
| enterpriseInternalProxyServers | windowsInformationProtectionResourceCollection collection | This is the comma-separated list of internal proxy servers. For example, "157.54.14.28, 157.54.11.118, 10.202.14.167, 157.53.14.163, 157.69.210.59". These proxies have been configured by the admin to connect to specific resources on the Internet. They are considered to be enterprise network locations. The proxies are only leveraged in configuring the EnterpriseProxiedDomains policy to force traffic to the matched domains through these proxies Inherited from windowsInformationProtection |
| enterpriseProxyServersAreAuthoritative | Boolean | Boolean value that tells the client to accept the configured list of proxies and not try to detect other work proxies. Default is false Inherited from windowsInformationProtection |
| neutralDomainResources | windowsInformationProtectionResourceCollection collection | List of domain names that can used for work or personal resource Inherited from windowsInformationProtection |
| indexingEncryptedStoresOrItemsBlocked | Boolean | This switch is for the Windows Search Indexer, to allow or disallow indexing of items Inherited from windowsInformationProtection |
| smbAutoEncryptedFileExtensions | windowsInformationProtectionResourceCollection collection | Specifies a list of file extensions, so that files with these extensions are encrypted when copying from an SMB share within the corporate boundary Inherited from windowsInformationProtection |
| isAssigned | Boolean | Indicates if the policy is deployed to any inclusion groups or not. Inherited from windowsInformationProtection |
Graph reference: targetedManagedAppConfiguration
| Property | Type | Description |
|---|---|---|
| displayName | String | Policy display name. Inherited from managedAppPolicy |
| description | String | The policy's description. Inherited from managedAppPolicy |
| createdDateTime | DateTimeOffset | The date and time the policy was created. Inherited from managedAppPolicy |
| lastModifiedDateTime | DateTimeOffset | Last time the policy was modified. Inherited from managedAppPolicy |
| id | String | Key of the entity. Inherited from managedAppPolicy |
| version | String | Version of the entity. Inherited from managedAppPolicy |
| customSettings | keyValuePair collection | A set of string key and string value pairs to be sent to apps for users to whom the configuration is scoped, unalterned by this service Inherited from managedAppConfiguration |
| deployedAppCount | Int32 | Count of apps to which the current policy is deployed. |
| isAssigned | Boolean | Indicates if the policy is deployed to any inclusion groups or not. |
Graph reference: targetedManagedAppPolicyAssignment
| Property | Type | Description |
|---|---|---|
| id | String | Id |
| target | deviceAndAppManagementAssignmentTarget | Identifier for deployment to a group or app |
Graph reference: targetedManagedAppProtection
| Property | Type | Description |
|---|---|---|
| displayName | String | Policy display name. Inherited from managedAppPolicy |
| description | String | The policy's description. Inherited from managedAppPolicy |
| createdDateTime | DateTimeOffset | The date and time the policy was created. Inherited from managedAppPolicy |
| lastModifiedDateTime | DateTimeOffset | Last time the policy was modified. Inherited from managedAppPolicy |
| id | String | Key of the entity. Inherited from managedAppPolicy |
| version | String | Version of the entity. Inherited from managedAppPolicy |
| periodOfflineBeforeAccessCheck | Duration | The period after which access is checked when the device is not connected to the internet. Inherited from managedAppProtection |
| periodOnlineBeforeAccessCheck | Duration | The period after which access is checked when the device is connected to the internet. Inherited from managedAppProtection |
| allowedInboundDataTransferSources | managedAppDataTransferLevel | Sources from which data is allowed to be transferred. Inherited from managedAppProtection. Possible values are: allApps, managedApps, none. |
| allowedOutboundDataTransferDestinations | managedAppDataTransferLevel | Destinations to which data is allowed to be transferred. Inherited from managedAppProtection. Possible values are: allApps, managedApps, none. |
| organizationalCredentialsRequired | Boolean | Indicates whether organizational credentials are required for app use. Inherited from managedAppProtection |
| allowedOutboundClipboardSharingLevel | managedAppClipboardSharingLevel | The level to which the clipboard may be shared between apps on the managed device. Inherited from managedAppProtection. Possible values are: allApps, managedAppsWithPasteIn, managedApps, blocked. |
| dataBackupBlocked | Boolean | Indicates whether the backup of a managed app's data is blocked. Inherited from managedAppProtection |
| deviceComplianceRequired | Boolean | Indicates whether device compliance is required. Inherited from managedAppProtection |
| managedBrowserToOpenLinksRequired | Boolean | Indicates whether internet links should be opened in the managed browser app, or any custom browser specified by CustomBrowserProtocol (for iOS) or CustomBrowserPackageId/CustomBrowserDisplayName (for Android) Inherited from managedAppProtection |
| saveAsBlocked | Boolean | Indicates whether users may use the "Save As" menu item to save a copy of protected files. Inherited from managedAppProtection |
| periodOfflineBeforeWipeIsEnforced | Duration | The amount of time an app is allowed to remain disconnected from the internet before all managed data it is wiped. Inherited from managedAppProtection |
| pinRequired | Boolean | Indicates whether an app-level pin is required. Inherited from managedAppProtection |
| maximumPinRetries | Int32 | Maximum number of incorrect pin retry attempts before the managed app is either blocked or wiped. Inherited from managedAppProtection |
| simplePinBlocked | Boolean | Indicates whether simplePin is blocked. Inherited from managedAppProtection |
| minimumPinLength | Int32 | Minimum pin length required for an app-level pin if PinRequired is set to True Inherited from managedAppProtection |
| pinCharacterSet | managedAppPinCharacterSet | Character set which may be used for an app-level pin if PinRequired is set to True. Inherited from managedAppProtection. Possible values are: numeric, alphanumericAndSymbol. |
| periodBeforePinReset | Duration | TimePeriod before the all-level pin must be reset if PinRequired is set to True. Inherited from managedAppProtection |
| allowedDataStorageLocations | managedAppDataStorageLocation collection | Data storage locations where a user may store managed data. Inherited from managedAppProtection |
| contactSyncBlocked | Boolean | Indicates whether contacts can be synced to the user's device. Inherited from managedAppProtection |
| printBlocked | Boolean | Indicates whether printing is allowed from managed apps. Inherited from managedAppProtection |
| fingerprintBlocked | Boolean | Indicates whether use of the fingerprint reader is allowed in place of a pin if PinRequired is set to True. Inherited from managedAppProtection |
| disableAppPinIfDevicePinIsSet | Boolean | Indicates whether use of the app pin is required if the device pin is set. Inherited from managedAppProtection |
| minimumRequiredOsVersion | String | Versions less than the specified version will block the managed app from accessing company data. Inherited from managedAppProtection |
| minimumWarningOsVersion | String | Versions less than the specified version will result in warning message on the managed app from accessing company data. Inherited from managedAppProtection |
| minimumRequiredAppVersion | String | Versions less than the specified version will block the managed app from accessing company data. Inherited from managedAppProtection |
| minimumWarningAppVersion | String | Versions less than the specified version will result in warning message on the managed app. Inherited from managedAppProtection |
| managedBrowser | managedBrowserType | Indicates in which managed browser(s) that internet links should be opened. When this property is configured, ManagedBrowserToOpenLinksRequired should be true. Inherited from managedAppProtection. Possible values are: notConfigured, microsoftEdge. |
| isAssigned | Boolean | Indicates if the policy is deployed to any inclusion groups or not. |
Graph reference: user
| Property | Type | Description |
|---|---|---|
| id | String | The user identifier. |
Graph reference: windowsInformationProtection
| Property | Type | Description |
|---|---|---|
| displayName | String | Policy display name. Inherited from managedAppPolicy |
| description | String | The policy's description. Inherited from managedAppPolicy |
| createdDateTime | DateTimeOffset | The date and time the policy was created. Inherited from managedAppPolicy |
| lastModifiedDateTime | DateTimeOffset | Last time the policy was modified. Inherited from managedAppPolicy |
| id | String | Key of the entity. Inherited from managedAppPolicy |
| version | String | Version of the entity. Inherited from managedAppPolicy |
| enforcementLevel | windowsInformationProtectionEnforcementLevel | WIP enforcement level.See the Enum definition for supported values. Possible values are: noProtection, encryptAndAuditOnly, encryptAuditAndPrompt, encryptAuditAndBlock. |
| enterpriseDomain | String | Primary enterprise domain |
| enterpriseProtectedDomainNames | windowsInformationProtectionResourceCollection collection | List of enterprise domains to be protected |
| protectionUnderLockConfigRequired | Boolean | Specifies whether the protection under lock feature (also known as encrypt under pin) should be configured |
| dataRecoveryCertificate | windowsInformationProtectionDataRecoveryCertificate | Specifies a recovery certificate that can be used for data recovery of encrypted files. This is the same as the data recovery agent(DRA) certificate for encrypting file system(EFS) |
| revokeOnUnenrollDisabled | Boolean | This policy controls whether to revoke the WIP keys when a device unenrolls from the management service. If set to 1 (Don't revoke keys), the keys will not be revoked and the user will continue to have access to protected files after unenrollment. If the keys are not revoked, there will be no revoked file cleanup subsequently. |
| rightsManagementServicesTemplateId | Guid | TemplateID GUID to use for RMS encryption. The RMS template allows the IT admin to configure the details about who has access to RMS-protected file and how long they have access |
| azureRightsManagementServicesAllowed | Boolean | Specifies whether to allow Azure RMS encryption for WIP |
| iconsVisible | Boolean | Determines whether overlays are added to icons for WIP protected files in Explorer and enterprise only app tiles in the Start menu. Starting in Windows 10, version 1703 this setting also configures the visibility of the WIP icon in the title bar of a WIP-protected app |
| protectedApps | windowsInformationProtectionApp collection | Protected applications can access enterprise data and the data handled by those applications are protected with encryption |
| exemptApps | windowsInformationProtectionApp collection | Exempt applications can also access enterprise data, but the data handled by those applications are not protected. This is because some critical enterprise applications may have compatibility problems with encrypted data. |
| enterpriseNetworkDomainNames | windowsInformationProtectionResourceCollection collection | This is the list of domains that comprise the boundaries of the enterprise. Data from one of these domains that is sent to a device will be considered enterprise data and protected These locations will be considered a safe destination for enterprise data to be shared to |
| enterpriseProxiedDomains | windowsInformationProtectionProxiedDomainCollection collection | Contains a list of Enterprise resource domains hosted in the cloud that need to be protected. Connections to these resources are considered enterprise data. If a proxy is paired with a cloud resource, traffic to the cloud resource will be routed through the enterprise network via the denoted proxy server (on Port 80). A proxy server used for this purpose must also be configured using the EnterpriseInternalProxyServers policy |
| enterpriseIPRanges | windowsInformationProtectionIPRangeCollection collection | Sets the enterprise IP ranges that define the computers in the enterprise network. Data that comes from those computers will be considered part of the enterprise and protected. These locations will be considered a safe destination for enterprise data to be shared to |
| enterpriseIPRangesAreAuthoritative | Boolean | Boolean value that tells the client to accept the configured list and not to use heuristics to attempt to find other subnets. Default is false |
| enterpriseProxyServers | windowsInformationProtectionResourceCollection collection | This is a list of proxy servers. Any server not on this list is considered non-enterprise |
| enterpriseInternalProxyServers | windowsInformationProtectionResourceCollection collection | This is the comma-separated list of internal proxy servers. For example, "157.54.14.28, 157.54.11.118, 10.202.14.167, 157.53.14.163, 157.69.210.59". These proxies have been configured by the admin to connect to specific resources on the Internet. They are considered to be enterprise network locations. The proxies are only leveraged in configuring the EnterpriseProxiedDomains policy to force traffic to the matched domains through these proxies |
| enterpriseProxyServersAreAuthoritative | Boolean | Boolean value that tells the client to accept the configured list of proxies and not try to detect other work proxies. Default is false |
| neutralDomainResources | windowsInformationProtectionResourceCollection collection | List of domain names that can used for work or personal resource |
| indexingEncryptedStoresOrItemsBlocked | Boolean | This switch is for the Windows Search Indexer, to allow or disallow indexing of items |
| smbAutoEncryptedFileExtensions | windowsInformationProtectionResourceCollection collection | Specifies a list of file extensions, so that files with these extensions are encrypted when copying from an SMB share within the corporate boundary |
| isAssigned | Boolean | Indicates if the policy is deployed to any inclusion groups or not. |
Graph reference: windowsInformationProtectionAppLockerFile
| Property | Type | Description |
|---|---|---|
| displayName | String | The friendly name |
| fileHash | String | SHA256 hash of the file |
| file | Binary | File as a byte array |
| id | String | Key of the entity. |
| version | String | Version of the entity. |
Graph reference: windowsInformationProtectionDeviceRegistration
| Property | Type | Description |
|---|---|---|
| id | String | Key of the entity. |
| userId | String | UserId associated with this device registration record. |
| deviceRegistrationId | String | Device identifier for this device registration record. |
| deviceName | String | Device name. |
| deviceType | String | Device type, for example, Windows laptop VS Windows phone. |
| deviceMacAddress | String | Device Mac address. |
| lastCheckInDateTime | DateTimeOffset | Last checkin time of the device. |
Graph reference: windowsInformationProtectionPolicy
| Property | Type | Description |
|---|---|---|
| displayName | String | Policy display name. Inherited from managedAppPolicy |
| description | String | The policy's description. Inherited from managedAppPolicy |
| createdDateTime | DateTimeOffset | The date and time the policy was created. Inherited from managedAppPolicy |
| lastModifiedDateTime | DateTimeOffset | Last time the policy was modified. Inherited from managedAppPolicy |
| id | String | Key of the entity. Inherited from managedAppPolicy |
| version | String | Version of the entity. Inherited from managedAppPolicy |
| enforcementLevel | windowsInformationProtectionEnforcementLevel | WIP enforcement level.See the Enum definition for supported values Inherited from windowsInformationProtection. Possible values are: noProtection, encryptAndAuditOnly, encryptAuditAndPrompt, encryptAuditAndBlock. |
| enterpriseDomain | String | Primary enterprise domain Inherited from windowsInformationProtection |
| enterpriseProtectedDomainNames | windowsInformationProtectionResourceCollection collection | List of enterprise domains to be protected Inherited from windowsInformationProtection |
| protectionUnderLockConfigRequired | Boolean | Specifies whether the protection under lock feature (also known as encrypt under pin) should be configured Inherited from windowsInformationProtection |
| dataRecoveryCertificate | windowsInformationProtectionDataRecoveryCertificate | Specifies a recovery certificate that can be used for data recovery of encrypted files. This is the same as the data recovery agent(DRA) certificate for encrypting file system(EFS) Inherited from windowsInformationProtection |
| revokeOnUnenrollDisabled | Boolean | This policy controls whether to revoke the WIP keys when a device unenrolls from the management service. If set to 1 (Don't revoke keys), the keys will not be revoked and the user will continue to have access to protected files after unenrollment. If the keys are not revoked, there will be no revoked file cleanup subsequently. Inherited from windowsInformationProtection |
| rightsManagementServicesTemplateId | Guid | TemplateID GUID to use for RMS encryption. The RMS template allows the IT admin to configure the details about who has access to RMS-protected file and how long they have access Inherited from windowsInformationProtection |
| azureRightsManagementServicesAllowed | Boolean | Specifies whether to allow Azure RMS encryption for WIP Inherited from windowsInformationProtection |
| iconsVisible | Boolean | Determines whether overlays are added to icons for WIP protected files in Explorer and enterprise only app tiles in the Start menu. Starting in Windows 10, version 1703 this setting also configures the visibility of the WIP icon in the title bar of a WIP-protected app Inherited from windowsInformationProtection |
| protectedApps | windowsInformationProtectionApp collection | Protected applications can access enterprise data and the data handled by those applications are protected with encryption Inherited from windowsInformationProtection |
| exemptApps | windowsInformationProtectionApp collection | Exempt applications can also access enterprise data, but the data handled by those applications are not protected. This is because some critical enterprise applications may have compatibility problems with encrypted data. Inherited from windowsInformationProtection |
| enterpriseNetworkDomainNames | windowsInformationProtectionResourceCollection collection | This is the list of domains that comprise the boundaries of the enterprise. Data from one of these domains that is sent to a device will be considered enterprise data and protected These locations will be considered a safe destination for enterprise data to be shared to Inherited from windowsInformationProtection |
| enterpriseProxiedDomains | windowsInformationProtectionProxiedDomainCollection collection | Contains a list of Enterprise resource domains hosted in the cloud that need to be protected. Connections to these resources are considered enterprise data. If a proxy is paired with a cloud resource, traffic to the cloud resource will be routed through the enterprise network via the denoted proxy server (on Port 80). A proxy server used for this purpose must also be configured using the EnterpriseInternalProxyServers policy Inherited from windowsInformationProtection |
| enterpriseIPRanges | windowsInformationProtectionIPRangeCollection collection | Sets the enterprise IP ranges that define the computers in the enterprise network. Data that comes from those computers will be considered part of the enterprise and protected. These locations will be considered a safe destination for enterprise data to be shared to Inherited from windowsInformationProtection |
| enterpriseIPRangesAreAuthoritative | Boolean | Boolean value that tells the client to accept the configured list and not to use heuristics to attempt to find other subnets. Default is false Inherited from windowsInformationProtection |
| enterpriseProxyServers | windowsInformationProtectionResourceCollection collection | This is a list of proxy servers. Any server not on this list is considered non-enterprise Inherited from windowsInformationProtection |
| enterpriseInternalProxyServers | windowsInformationProtectionResourceCollection collection | This is the comma-separated list of internal proxy servers. For example, "157.54.14.28, 157.54.11.118, 10.202.14.167, 157.53.14.163, 157.69.210.59". These proxies have been configured by the admin to connect to specific resources on the Internet. They are considered to be enterprise network locations. The proxies are only leveraged in configuring the EnterpriseProxiedDomains policy to force traffic to the matched domains through these proxies Inherited from windowsInformationProtection |
| enterpriseProxyServersAreAuthoritative | Boolean | Boolean value that tells the client to accept the configured list of proxies and not try to detect other work proxies. Default is false Inherited from windowsInformationProtection |
| neutralDomainResources | windowsInformationProtectionResourceCollection collection | List of domain names that can used for work or personal resource Inherited from windowsInformationProtection |
| indexingEncryptedStoresOrItemsBlocked | Boolean | This switch is for the Windows Search Indexer, to allow or disallow indexing of items Inherited from windowsInformationProtection |
| smbAutoEncryptedFileExtensions | windowsInformationProtectionResourceCollection collection | Specifies a list of file extensions, so that files with these extensions are encrypted when copying from an SMB share within the corporate boundary Inherited from windowsInformationProtection |
| isAssigned | Boolean | Indicates if the policy is deployed to any inclusion groups or not. Inherited from windowsInformationProtection |
| revokeOnMdmHandoffDisabled | Boolean | New property in RS2, pending documentation |
| mdmEnrollmentUrl | String | Enrollment url for the MDM |
| windowsHelloForBusinessBlocked | Boolean | Boolean value that sets Windows Hello for Business as a method for signing into Windows. |
| pinMinimumLength | Int32 | Integer value that sets the minimum number of characters required for the PIN. Default value is 4. The lowest number you can configure for this policy setting is 4. The largest number you can configure must be less than the number configured in the Maximum PIN length policy setting or the number 127, whichever is the lowest. |
| pinUppercaseLetters | windowsInformationProtectionPinCharacterRequirements | Integer value that configures the use of uppercase letters in the Windows Hello for Business PIN. Default is NotAllow. Possible values are: notAllow, requireAtLeastOne, allow. |
| pinLowercaseLetters | windowsInformationProtectionPinCharacterRequirements | Integer value that configures the use of lowercase letters in the Windows Hello for Business PIN. Default is NotAllow. Possible values are: notAllow, requireAtLeastOne, allow. |
| pinSpecialCharacters | windowsInformationProtectionPinCharacterRequirements | Integer value that configures the use of special characters in the Windows Hello for Business PIN. Valid special characters for Windows Hello for Business PIN gestures include: ! " # $ % & ' ( ) * + , - . / : ; < = > ? @ [ \ ] ^ _ { | } ~. Default is NotAllow. Possible values are:notAllow, requireAtLeastOne, allow`. |
| pinExpirationDays | Int32 | Integer value specifies the period of time (in days) that a PIN can be used before the system requires the user to change it. The largest number you can configure for this policy setting is 730. The lowest number you can configure for this policy setting is 0. If this policy is set to 0, then the user's PIN will never expire. This node was added in Windows 10, version 1511. Default is 0. |
| numberOfPastPinsRemembered | Int32 | Integer value that specifies the number of past PINs that can be associated to a user account that can't be reused. The largest number you can configure for this policy setting is 50. The lowest number you can configure for this policy setting is 0. If this policy is set to 0, then storage of previous PINs is not required. This node was added in Windows 10, version 1511. Default is 0. |
| passwordMaximumAttemptCount | Int32 | The number of authentication failures allowed before the device will be wiped. A value of 0 disables device wipe functionality. Range is an integer X where 4 <= X <= 16 for desktop and 0 <= X <= 999 for mobile devices. |
| minutesOfInactivityBeforeDeviceLock | Int32 | Specifies the maximum amount of time (in minutes) allowed after the device is idle that will cause the device to become PIN or password locked. Range is an integer X where 0 <= X <= 999. |
| daysWithoutContactBeforeUnenroll | Int32 | Offline interval before app data is wiped (days) |
Graph reference: windowsInformationProtectionWipeAction
| Property | Type | Description |
|---|---|---|
| id | String | Key of the entity. |
| status | actionState | Wipe action status. Possible values are: none, pending, canceled, active, done, failed, notSupported. |
| targetedUserId | String | The UserId being targeted by this wipe action. |
| targetedDeviceRegistrationId | String | The DeviceRegistrationId being targeted by this wipe action. |
| targetedDeviceName | String | Targeted device name. |
| targetedDeviceMacAddress | String | Targeted device Mac address. |
| lastCheckInDateTime | DateTimeOffset | Last checkin time of the device that was targeted by this wipe action. |
Graph reference: windowsManagedAppProtection
| Property | Type | Description |
|---|---|---|
| displayName | String | Policy display name. Inherited from managedAppPolicy |
| description | String | The policy's description. Inherited from managedAppPolicy |
| createdDateTime | DateTimeOffset | The date and time the policy was created. Inherited from managedAppPolicy |
| lastModifiedDateTime | DateTimeOffset | Last time the policy was modified. Inherited from managedAppPolicy |
| roleScopeTagIds | String collection | List of Scope Tags for this Entity instance. Inherited from managedAppPolicy |
| id | String | Key of the entity. Inherited from managedAppPolicy |
| version | String | Version of the entity. Inherited from managedAppPolicy |
| isAssigned | Boolean | When TRUE, indicates that the policy is deployed to some inclusion groups. When FALSE, indicates that the policy is not deployed to any inclusion groups. Default value is FALSE. |
| deployedAppCount | Int32 | Indicates the total number of applications for which the current policy is deployed. |
| printBlocked | Boolean | When TRUE, indicates that printing is blocked from managed apps. When FALSE, indicates that printing is allowed from managed apps. Default value is FALSE. |
| allowedInboundDataTransferSources | windowsManagedAppDataTransferLevel | Indicates the sources from which data is allowed to be transferred. Some possible values are allApps or none. Possible values are: allApps, none. |
| allowedOutboundClipboardSharingLevel | windowsManagedAppClipboardSharingLevel | Indicates the level to which the clipboard may be shared across org & non-org resources. Some possible values are anyDestinationAnySource or none. Possible values are: anyDestinationAnySource, none. |
| allowedOutboundDataTransferDestinations | windowsManagedAppDataTransferLevel | Indicates the destinations to which data is allowed to be transferred. Some possible values are allApps or none. Possible values are: allApps, none. |
| appActionIfUnableToAuthenticateUser | managedAppRemediationAction | If set, it will specify what action to take in the case where the user is unable to checkin because their authentication token is invalid. This happens when the user is deleted or disabled in AAD. Some possible values are block or wipe. If this property is not set, no action will be taken. Possible values are: block, wipe, warn, blockWhenSettingIsSupported. |
| maximumAllowedDeviceThreatLevel | managedAppDeviceThreatLevel | Maximum allowed device threat level, as reported by the Mobile Threat Defense app. Possible values are: notConfigured, secured, low, medium, high. |
| mobileThreatDefenseRemediationAction | managedAppRemediationAction | Determines what action to take if the mobile threat defense threat threshold isn't met. Some possible values are block or wipe. Warn isn't a supported value for this property. Possible values are: block, wipe, warn, blockWhenSettingIsSupported. |
| minimumRequiredSdkVersion | String | Versions less than the specified version will block the managed app from accessing company data. For example: '8.1.0' or '13.1.1'. |
| minimumWipeSdkVersion | String | Versions less than the specified version will wipe the managed app and the associated company data. For example: '8.1.0' or '13.1.1'. |
| minimumRequiredOsVersion | String | Versions less than the specified version will block the managed app from accessing company data. For example: '8.1.0' or '13.1.1'. |
| minimumWarningOsVersion | String | Versions less than the specified version will result in warning message on the managed app from accessing company data. For example: '8.1.0' or '13.1.1'. |
| minimumWipeOsVersion | String | Versions less than the specified version will wipe the managed app and the associated company data. For example: '8.1.0' or '13.1.1'. |
| minimumRequiredAppVersion | String | Versions less than the specified version will block the managed app from accessing company data. For example: '8.1.0' or '13.1.1'. |
| minimumWarningAppVersion | String | Versions less than the specified version will result in warning message on the managed app from accessing company data. For example: '8.1.0' or '13.1.1'. |
| minimumWipeAppVersion | String | Versions less than the specified version will wipe the managed app and the associated company data. For example: '8.1.0' or '13.1.1'. |
| maximumRequiredOsVersion | String | Versions bigger than the specified version will block the managed app from accessing company data. For example: '8.1.0' or '13.1.1'. |
| maximumWarningOsVersion | String | Versions bigger than the specified version will result in warning message on the managed app from accessing company data. For example: '8.1.0' or '13.1.1'. |
| maximumWipeOsVersion | String | Versions bigger than the specified version will wipe the managed app and the associated company data. For example: '8.1.0' or '13.1.1'. |
| periodOfflineBeforeWipeIsEnforced | Duration | The amount of time an app is allowed to remain disconnected from the internet before all managed data it is wiped. For example, P5D indicates that the interval is 5 days in duration. A timespan value of PT0S indicates that managed data will never be wiped when the device is not connected to the internet. |
| periodOfflineBeforeAccessCheck | Duration | The period after which access is checked when the device is not connected to the internet. For example, PT5M indicates that the interval is 5 minutes in duration. A timespan value of PT0S indicates that access will be blocked immediately when the device is not connected to the internet. |
Graph reference: windowsManagedAppRegistration
| Property | Type | Description |
|---|---|---|
| createdDateTime | DateTimeOffset | Date and time of creation Inherited from managedAppRegistration |
| lastSyncDateTime | DateTimeOffset | Date and time of last the app synced with management service. Inherited from managedAppRegistration |
| applicationVersion | String | App version Inherited from managedAppRegistration |
| managementSdkVersion | String | App management SDK version Inherited from managedAppRegistration |
| platformVersion | String | Operating System version Inherited from managedAppRegistration |
| deviceType | String | Host device type Inherited from managedAppRegistration |
| deviceTag | String | App management SDK generated tag, which helps relate apps hosted on the same device. Not guaranteed to relate apps in all conditions. Inherited from managedAppRegistration |
| deviceName | String | Host device name Inherited from managedAppRegistration |
| managedDeviceId | String | The Managed Device identifier of the host device. Value could be empty even when the host device is managed. Inherited from managedAppRegistration |
| azureADDeviceId | String | The Azure Active Directory Device identifier of the host device. Value could be empty even when the host device is Azure Active Directory registered. Inherited from managedAppRegistration |
| deviceModel | String | The device model for the current app registration Inherited from managedAppRegistration |
| deviceManufacturer | String | The device manufacturer for the current app registration Inherited from managedAppRegistration |
| flaggedReasons | managedAppFlaggedReason collection | Zero or more reasons an app registration is flagged. E.g. app running on rooted device Inherited from managedAppRegistration |
| userId | String | The user Id to who this app registration belongs. Inherited from managedAppRegistration |
| appIdentifier | mobileAppIdentifier | The app package Identifier Inherited from managedAppRegistration |
| id | String | Key of the entity. Inherited from managedAppRegistration |
| version | String | Version of the entity. Inherited from managedAppRegistration |
Graph reference: metricTimeSeriesDataPoint
| Property | Type | Description |
|---|---|---|
| dateTime | DateTimeOffset | Time of the metric time series data point |
| value | Int64 | Value of the metric time series data point |
Graph reference: microsoftTunnelConfiguration
| Property | Type | Description |
|---|---|---|
| id | String | The unique identifier for the configuration id. Supports: $delete, $update. $Insert, $skip, $top is not supported. Read-only. |
| displayName | String | The display name for the server configuration. This property is required when a server is created. |
| description | String | The configuration's description (optional) |
| network | String | The IPv4 subnet that will be used to allocate virtual address for the clients |
| ipv6Network | String | The IPv6 subnet that will be used to allocate virtual address for the clients |
| dnsServers | String collection | The DNS servers that will be used by the clients |
| defaultDomainSuffix | String | The Default Domain appendix that will be used by the clients |
| routesInclude | String collection | The routes that will be routed by the server. This property is going to be deprecated with the option of using the new property, 'RouteIncludes'. |
| routesExclude | String collection | Subsets of the routes that will not be routed by the server. This property is going to be deprecated with the option of using the new property, 'RouteExcludes'. |
| routeIncludes | String collection | The routes that will be routed by the server |
| routeExcludes | String collection | Subsets of the routes that will not be routed by the server |
| splitDNS | String collection | The domains that will be resolved using the provided dns servers |
| listenPort | Int32 | The port that both TCP and UPD will listen over on the server |
| advancedSettings | keyValuePair collection | Additional settings that may be applied to the server |
| lastUpdateDateTime | DateTimeOffset | When the configuration was last updated |
| roleScopeTagIds | String collection | List of Scope Tags for this Entity instance |
| disableUdpConnections | Boolean | When DisableUdpConnections is set, the clients and VPN server will not use DTLS connections to transfer data. |
Graph reference: microsoftTunnelHealthThreshold
| Property | Type | Description |
|---|---|---|
| id | String | The unique identifier for the metric name. Supports: $delete, $update. $Insert, $skip, $top is not supported. Read-only. |
| healthyThreshold | Int64 | The threshold for being healthy based on default health status metrics: CPU usage healthy < 50%, Memory usage healthy < 50%, Disk space healthy > 5GB, Latency healthy < 10ms, health metrics can be customized. |
| unhealthyThreshold | Int64 | The threshold for being unhealthy based on default health status metrics: CPU usage unhealthy > 75%, Memory usage unhealthy > 75%, Disk space < 3GB, Latency Unhealthy > 20ms, health metrics can be customized. |
| defaultHealthyThreshold | Int64 | The threshold for being healthy based on default health status metrics: CPU usage healthy < 50%, Memory usage healthy < 50%, Disk space healthy > 5GB, Latency healthy < 10ms, health metrics can be customized. Read-only. |
| defaultUnhealthyThreshold | Int64 | The threshold for being unhealthy based on default health status metrics: CPU usage unhealthy > 75%, Memory usage unhealthy > 75%, Disk space < 3GB, Latency unhealthy > 20ms, health metrics can be customized. Read-only. |
Graph reference: microsoftTunnelServer
| Property | Type | Description |
|---|---|---|
| id | String | The unique identifier for the managed server. This ID is assigned at registration time. Supports: $filter, $select, $top, $skip, $orderby. $search is not supported. Read-only. |
| displayName | String | The display name of the server. It is the same as the host name during registration and can be changed later. Supports: $filter, $select, $top, $skip, $orderby. $search is not supported. Max allowed length is 200 chars. |
| tunnelServerHealthStatus | microsoftTunnelServerHealthStatus | Indicates the server's health Status as of the last evaluation time. Health is evaluated every 60 seconds, and the possible values are: unknown, healthy, unhealthy, warning, offline, upgradeInProgress, upgradeFailed. Supports: $filter, $select, $top, $skip, $orderby. $search is not supported. Read-only. Possible values are: unknown, healthy, unhealthy, warning, offline, upgradeInProgress, upgradeFailed, unknownFutureValue. |
| lastCheckinDateTime | DateTimeOffset | Indicates when the server last checked in. The Timestamp type represents date and time information using ISO 8601 format and is always in UTC time. For example, midnight UTC on Jan 1, 2014 would look like this: '2014-01-01T00:00:00Z'. Supports: $filter, $select, $top, $skip, $orderby. $search is not supported Read-only. |
| agentImageDigest | String | The digest of the current agent image running on this server. Supports: $filter, $select, $top, $skip, $orderby. $search is not supported. Read-only. |
| serverImageDigest | String | The digest of the current server image running on this server. Supports: $filter, $select, $top, $skip, $orderby. $search is not supported. Read-only. |
| deploymentMode | microsoftTunnelDeploymentMode | Microsoft Tunnel server deployment mode. The value is set when the server is registered. Possible values are standaloneRootful, standaloneRootless, podRootful, podRootless. Default value: standaloneRootful. Supports: $filter, $select, $top, $skip, $orderby. $search is not supported. Read-only. Possible values are: standaloneRootful, standaloneRootless, podRootful, podRootless, unknownFutureValue. |
Graph reference: microsoftTunnelServerLogCollectionResponse
| Property | Type | Description |
|---|---|---|
| id | String | The unique identifier for server log collection response. Read-only. |
| status | microsoftTunnelLogCollectionStatus | The status of log collection. Possible values are: pending, completed, failed. Possible values are: pending, completed, failed, unknownFutureValue. |
| startDateTime | DateTimeOffset | The start time of the logs collected |
| endDateTime | DateTimeOffset | The end time of the logs collected |
| sizeInBytes | Int64 | The size of the logs in bytes |
| serverId | String | ID of the server the log collection is requested upon |
| requestDateTime | DateTimeOffset | The time when the log collection was requested |
| expiryDateTime | DateTimeOffset | The time when the log collection is expired |
Graph reference: microsoftTunnelSite
| Property | Type | Description |
|---|---|---|
| id | String | The unique identifier for the site id. $Insert, $skip, $top is not supported. Read-only. |
| displayName | String | The display name for the site. This property is required when a site is created. |
| description | String | The site's description (optional) |
| publicAddress | String | The site's public domain name or IP address |
| upgradeWindowUtcOffsetInMinutes | Int32 | The site's timezone represented as a minute offset from UTC |
| upgradeWindowStartTime | TimeOfDay | The site's upgrade window start time of day |
| upgradeWindowEndTime | TimeOfDay | The site's upgrade window end time of day |
| upgradeAutomatically | Boolean | The site's automatic upgrade setting. True for automatic upgrades, false for manual control |
| upgradeAvailable | Boolean | The site provides the state of when an upgrade is available |
| internalNetworkProbeUrl | String | The site's Internal Network Access Probe URL |
| roleScopeTagIds | String collection | List of Scope Tags for this Entity instance |
Graph reference: deviceManagementDomainJoinConnector
| Property | Type | Description |
|---|---|---|
| id | String | Unique identifier to represent a connector. |
| displayName | String | The connector display name. |
| lastConnectionDateTime | DateTimeOffset | Last time connector contacted Intune. |
| state | deviceManagementDomainJoinConnectorState | The connector state. Possible values are: active, error, inactive. |
| version | String | The version of the connector. |
Graph reference: complianceManagementPartner
| Property | Type | Description |
|---|---|---|
| id | String | Id of the entity |
| lastHeartbeatDateTime | DateTimeOffset | Timestamp of last heartbeat after admin onboarded to the compliance management partner |
| partnerState | deviceManagementPartnerTenantState | Partner state of this tenant. Possible values are: unknown, unavailable, enabled, terminated, rejected, unresponsive. |
| displayName | String | Partner display name |
| macOsOnboarded | Boolean | Partner onboarded for Mac devices. |
| androidOnboarded | Boolean | Partner onboarded for Android devices. |
| iosOnboarded | Boolean | Partner onboarded for ios devices. |
| macOsEnrollmentAssignments | complianceManagementPartnerAssignment collection | User groups which enroll Mac devices through partner. |
| androidEnrollmentAssignments | complianceManagementPartnerAssignment collection | User groups which enroll Android devices through partner. |
| iosEnrollmentAssignments | complianceManagementPartnerAssignment collection | User groups which enroll ios devices through partner. |
Graph reference: deviceAndAppManagementData
| Property | Type | Description |
|---|---|---|
| content | Stream | Not yet documented |
Graph reference: deviceAppManagement
| Property | Type | Description |
|---|---|---|
| id | String | Not yet documented |
| microsoftStoreForBusinessLastSuccessfulSyncDateTime | DateTimeOffset | The last time the apps from the Microsoft Store for Business were synced successfully for the account. |
| isEnabledForMicrosoftStoreForBusiness | Boolean | Whether the account is enabled for syncing applications from the Microsoft Store for Business. |
| microsoftStoreForBusinessLanguage | String | The locale information used to sync applications from the Microsoft Store for Business. Cultures that are specific to a country/region. The names of these cultures follow RFC 4646 (Windows Vista and later). The format is |
| microsoftStoreForBusinessLastCompletedApplicationSyncTime | DateTimeOffset | The last time an application sync from the Microsoft Store for Business was completed. |
Graph reference: deviceCategory
| Property | Type | Description |
|---|---|---|
| id | String | Unique identifier for the device category. Read-only. |
| displayName | String | Display name for the device category. |
| description | String | Optional description for the device category. |
Graph reference: deviceComanagementAuthorityConfiguration
| Property | Type | Description |
|---|---|---|
| id | String | Unique Identifier for the account Inherited from deviceEnrollmentConfiguration |
| displayName | String | The display name of the device enrollment configuration Inherited from deviceEnrollmentConfiguration |
| description | String | The description of the device enrollment configuration Inherited from deviceEnrollmentConfiguration |
| priority | Int32 | Priority is used when a user exists in multiple groups that are assigned enrollment configuration. Users are subject only to the configuration with the lowest priority value. Inherited from deviceEnrollmentConfiguration |
| createdDateTime | DateTimeOffset | Created date time in UTC of the device enrollment configuration Inherited from deviceEnrollmentConfiguration |
| lastModifiedDateTime | DateTimeOffset | Last modified date time in UTC of the device enrollment configuration Inherited from deviceEnrollmentConfiguration |
| version | Int32 | The version of the device enrollment configuration Inherited from deviceEnrollmentConfiguration |
| roleScopeTagIds | String collection | Optional role scope tags for the enrollment restrictions. Inherited from deviceEnrollmentConfiguration |
| deviceEnrollmentConfigurationType | deviceEnrollmentConfigurationType | Support for Enrollment Configuration Type Inherited from deviceEnrollmentConfiguration. Possible values are: unknown, limit, platformRestrictions, windowsHelloForBusiness, defaultLimit, defaultPlatformRestrictions, defaultWindowsHelloForBusiness, defaultWindows10EnrollmentCompletionPageConfiguration, windows10EnrollmentCompletionPageConfiguration, deviceComanagementAuthorityConfiguration, singlePlatformRestriction, unknownFutureValue, enrollmentNotificationsConfiguration, windowsRestore. |
| managedDeviceAuthority | Int32 | CoManagement Authority configuration ManagedDeviceAuthority |
| installConfigurationManagerAgent | Boolean | CoManagement Authority configuration InstallConfigurationManagerAgent |
| configurationManagerAgentCommandLineArgument | String | CoManagement Authority configuration ConfigurationManagerAgentCommandLineArgument |
Graph reference: deviceEnrollmentConfiguration
| Property | Type | Description |
|---|---|---|
| id | String | Unique Identifier for the account |
| displayName | String | The display name of the device enrollment configuration |
| description | String | The description of the device enrollment configuration |
| priority | Int32 | Priority is used when a user exists in multiple groups that are assigned enrollment configuration. Users are subject only to the configuration with the lowest priority value. |
| createdDateTime | DateTimeOffset | Created date time in UTC of the device enrollment configuration |
| lastModifiedDateTime | DateTimeOffset | Last modified date time in UTC of the device enrollment configuration |
| version | Int32 | The version of the device enrollment configuration |
Graph reference: deviceEnrollmentLimitConfiguration
| Property | Type | Description |
|---|---|---|
| id | String | Unique Identifier for the account Inherited from deviceEnrollmentConfiguration |
| displayName | String | The display name of the device enrollment configuration Inherited from deviceEnrollmentConfiguration |
| description | String | The description of the device enrollment configuration Inherited from deviceEnrollmentConfiguration |
| priority | Int32 | Priority is used when a user exists in multiple groups that are assigned enrollment configuration. Users are subject only to the configuration with the lowest priority value. Inherited from deviceEnrollmentConfiguration |
| createdDateTime | DateTimeOffset | Created date time in UTC of the device enrollment configuration Inherited from deviceEnrollmentConfiguration |
| lastModifiedDateTime | DateTimeOffset | Last modified date time in UTC of the device enrollment configuration Inherited from deviceEnrollmentConfiguration |
| version | Int32 | The version of the device enrollment configuration Inherited from deviceEnrollmentConfiguration |
| limit | Int32 | The maximum number of devices that a user can enroll |
Graph reference: deviceEnrollmentNotificationConfiguration
| Property | Type | Description |
|---|---|---|
| id | String | Unique Identifier for the account Inherited from deviceEnrollmentConfiguration |
| displayName | String | The display name of the device enrollment configuration Inherited from deviceEnrollmentConfiguration |
| description | String | The description of the device enrollment configuration Inherited from deviceEnrollmentConfiguration |
| priority | Int32 | Priority is used when a user exists in multiple groups that are assigned enrollment configuration. Users are subject only to the configuration with the lowest priority value. Inherited from deviceEnrollmentConfiguration |
| createdDateTime | DateTimeOffset | Created date time in UTC of the device enrollment configuration Inherited from deviceEnrollmentConfiguration |
| lastModifiedDateTime | DateTimeOffset | Last modified date time in UTC of the device enrollment configuration Inherited from deviceEnrollmentConfiguration |
| version | Int32 | The version of the device enrollment configuration Inherited from deviceEnrollmentConfiguration |
| roleScopeTagIds | String collection | Optional role scope tags for the enrollment restrictions. Inherited from deviceEnrollmentConfiguration |
| deviceEnrollmentConfigurationType | deviceEnrollmentConfigurationType | Support for Enrollment Configuration Type Inherited from deviceEnrollmentConfiguration. Possible values are: unknown, limit, platformRestrictions, windowsHelloForBusiness, defaultLimit, defaultPlatformRestrictions, defaultWindowsHelloForBusiness, defaultWindows10EnrollmentCompletionPageConfiguration, windows10EnrollmentCompletionPageConfiguration, deviceComanagementAuthorityConfiguration, singlePlatformRestriction, unknownFutureValue, enrollmentNotificationsConfiguration, windowsRestore. |
| platformType | enrollmentRestrictionPlatformType | Platform type of the Enrollment Notification. Possible values are: allPlatforms, ios, windows, windowsPhone, android, androidForWork, mac, linux, unknownFutureValue. |
| templateType | enrollmentNotificationTemplateType | Template type of the Enrollment Notification. Possible values are: email, push, unknownFutureValue. |
| notificationMessageTemplateId | Guid | Notification Message Template Id |
| notificationTemplates | String collection | The list of notification data - |
| brandingOptions | enrollmentNotificationBrandingOptions | Branding Options for the Enrollment Notification. Possible values are: none, includeCompanyLogo, includeCompanyName, includeContactInformation, includeCompanyPortalLink, includeDeviceDetails, unknownFutureValue. |
| defaultLocale | String | DefaultLocale for the Enrollment Notification |
Graph reference: deviceEnrollmentPlatformRestrictionConfiguration
| Property | Type | Description |
|---|---|---|
| id | String | Unique Identifier for the account Inherited from deviceEnrollmentConfiguration |
| displayName | String | The display name of the device enrollment configuration Inherited from deviceEnrollmentConfiguration |
| description | String | The description of the device enrollment configuration Inherited from deviceEnrollmentConfiguration |
| priority | Int32 | Priority is used when a user exists in multiple groups that are assigned enrollment configuration. Users are subject only to the configuration with the lowest priority value. Inherited from deviceEnrollmentConfiguration |
| createdDateTime | DateTimeOffset | Created date time in UTC of the device enrollment configuration Inherited from deviceEnrollmentConfiguration |
| lastModifiedDateTime | DateTimeOffset | Last modified date time in UTC of the device enrollment configuration Inherited from deviceEnrollmentConfiguration |
| version | Int32 | The version of the device enrollment configuration Inherited from deviceEnrollmentConfiguration |
| roleScopeTagIds | String collection | Optional role scope tags for the enrollment restrictions. Inherited from deviceEnrollmentConfiguration |
| deviceEnrollmentConfigurationType | deviceEnrollmentConfigurationType | Support for Enrollment Configuration Type Inherited from deviceEnrollmentConfiguration. Possible values are: unknown, limit, platformRestrictions, windowsHelloForBusiness, defaultLimit, defaultPlatformRestrictions, defaultWindowsHelloForBusiness, defaultWindows10EnrollmentCompletionPageConfiguration, windows10EnrollmentCompletionPageConfiguration, deviceComanagementAuthorityConfiguration, singlePlatformRestriction, unknownFutureValue, enrollmentNotificationsConfiguration, windowsRestore. |
| platformRestriction | deviceEnrollmentPlatformRestriction | Restrictions based on platform, platform operating system version, and device ownership |
| platformType | enrollmentRestrictionPlatformType | Type of platform for which this restriction applies. Possible values are: allPlatforms, ios, windows, windowsPhone, android, androidForWork, mac, linux, unknownFutureValue. |
Graph reference: deviceEnrollmentPlatformRestrictionsConfiguration
| Property | Type | Description |
|---|---|---|
| id | String | Unique Identifier for the account Inherited from deviceEnrollmentConfiguration |
| displayName | String | The display name of the device enrollment configuration Inherited from deviceEnrollmentConfiguration |
| description | String | The description of the device enrollment configuration Inherited from deviceEnrollmentConfiguration |
| priority | Int32 | Priority is used when a user exists in multiple groups that are assigned enrollment configuration. Users are subject only to the configuration with the lowest priority value. Inherited from deviceEnrollmentConfiguration |
| createdDateTime | DateTimeOffset | Created date time in UTC of the device enrollment configuration Inherited from deviceEnrollmentConfiguration |
| lastModifiedDateTime | DateTimeOffset | Last modified date time in UTC of the device enrollment configuration Inherited from deviceEnrollmentConfiguration |
| version | Int32 | The version of the device enrollment configuration Inherited from deviceEnrollmentConfiguration |
| iosRestriction | deviceEnrollmentPlatformRestriction | Ios restrictions based on platform, platform operating system version, and device ownership |
| windowsRestriction | deviceEnrollmentPlatformRestriction | Windows restrictions based on platform, platform operating system version, and device ownership |
| windowsMobileRestriction | deviceEnrollmentPlatformRestriction | Windows mobile restrictions based on platform, platform operating system version, and device ownership |
| androidRestriction | deviceEnrollmentPlatformRestriction | Android restrictions based on platform, platform operating system version, and device ownership |
| macOSRestriction | deviceEnrollmentPlatformRestriction | Mac restrictions based on platform, platform operating system version, and device ownership |
Graph reference: deviceEnrollmentWindowsHelloForBusinessConfiguration
| Property | Type | Description |
|---|---|---|
| id | String | Unique Identifier for the account Inherited from deviceEnrollmentConfiguration |
| displayName | String | The display name of the device enrollment configuration Inherited from deviceEnrollmentConfiguration |
| description | String | The description of the device enrollment configuration Inherited from deviceEnrollmentConfiguration |
| priority | Int32 | Priority is used when a user exists in multiple groups that are assigned enrollment configuration. Users are subject only to the configuration with the lowest priority value. Inherited from deviceEnrollmentConfiguration |
| createdDateTime | DateTimeOffset | Created date time in UTC of the device enrollment configuration Inherited from deviceEnrollmentConfiguration |
| lastModifiedDateTime | DateTimeOffset | Last modified date time in UTC of the device enrollment configuration Inherited from deviceEnrollmentConfiguration |
| version | Int32 | The version of the device enrollment configuration Inherited from deviceEnrollmentConfiguration |
| pinMinimumLength | Int32 | Controls the minimum number of characters required for the Windows Hello for Business PIN. This value must be between 4 and 127, inclusive, and less than or equal to the value set for the maximum PIN. |
| pinMaximumLength | Int32 | Controls the maximum number of characters allowed for the Windows Hello for Business PIN. This value must be between 4 and 127, inclusive. This value must be greater than or equal to the value set for the minimum PIN. |
| pinUppercaseCharactersUsage | windowsHelloForBusinessPinUsage | Controls the ability to use uppercase letters in the Windows Hello for Business PIN. Allowed permits the use of uppercase letter(s), whereas Required ensures they are present. If set to Not Allowed, uppercase letters will not be permitted. Possible values are: allowed, required, disallowed. |
| pinLowercaseCharactersUsage | windowsHelloForBusinessPinUsage | Controls the ability to use lowercase letters in the Windows Hello for Business PIN. Allowed permits the use of lowercase letter(s), whereas Required ensures they are present. If set to Not Allowed, lowercase letters will not be permitted. Possible values are: allowed, required, disallowed. |
| pinSpecialCharactersUsage | windowsHelloForBusinessPinUsage | Controls the ability to use special characters in the Windows Hello for Business PIN. Allowed permits the use of special character(s), whereas Required ensures they are present. If set to Not Allowed, special character(s) will not be permitted. Possible values are: allowed, required, disallowed. |
| state | enablement | Controls whether to allow the device to be configured for Windows Hello for Business. If set to disabled, the user cannot provision Windows Hello for Business except on Azure Active Directory joined mobile phones if otherwise required. If set to Not Configured, Intune will not override client defaults. Possible values are: notConfigured, enabled, disabled. |
| securityDeviceRequired | Boolean | Controls whether to require a Trusted Platform Module (TPM) for provisioning Windows Hello for Business. A TPM provides an additional security benefit in that data stored on it cannot be used on other devices. If set to False, all devices can provision Windows Hello for Business even if there is not a usable TPM. |
| unlockWithBiometricsEnabled | Boolean | Controls the use of biometric gestures, such as face and fingerprint, as an alternative to the Windows Hello for Business PIN. If set to False, biometric gestures are not allowed. Users must still configure a PIN as a backup in case of failures. |
| remotePassportEnabled | Boolean | Controls the use of Remote Windows Hello for Business. Remote Windows Hello for Business provides the ability for a portable, registered device to be usable as a companion for desktop authentication. The desktop must be Azure AD joined and the companion device must have a Windows Hello for Business PIN. |
| pinPreviousBlockCount | Int32 | Controls the ability to prevent users from using past PINs. This must be set between 0 and 50, inclusive, and the current PIN of the user is included in that count. If set to 0, previous PINs are not stored. PIN history is not preserved through a PIN reset. |
| pinExpirationInDays | Int32 | Controls the period of time (in days) that a PIN can be used before the system requires the user to change it. This must be set between 0 and 730, inclusive. If set to 0, the user's PIN will never expire |
| enhancedBiometricsState | enablement | Controls the ability to use the anti-spoofing features for facial recognition on devices which support it. If set to disabled, anti-spoofing features are not allowed. If set to Not Configured, the user can choose whether they want to use anti-spoofing. Possible values are: notConfigured, enabled, disabled. |
Graph reference: deviceManagement
| Property | Type | Description |
|---|---|---|
| id | String | Unique identifier for this entity |
| intuneBrand | intuneBrand | intuneBrand contains data which is used in customizing the appearance of the Company Portal applications as well as the end user web portal. |
Graph reference: deviceManagementExchangeConnector
| Property | Type | Description |
|---|---|---|
| id | String | Not yet documented |
| lastSyncDateTime | DateTimeOffset | Last sync time for the Exchange Connector |
| status | deviceManagementExchangeConnectorStatus | Exchange Connector Status. Possible values are: none, connectionPending, connected, disconnected, unknownFutureValue. |
| primarySmtpAddress | String | Email address used to configure the Service To Service Exchange Connector. |
| serverName | String | The name of the Exchange server. |
| connectorServerName | String | The name of the server hosting the Exchange Connector. |
| exchangeConnectorType | deviceManagementExchangeConnectorType | The type of Exchange Connector Configured. Possible values are: onPremises, hosted, serviceToService, dedicated, unknownFutureValue. |
| version | String | The version of the ExchangeConnectorAgent |
| exchangeAlias | String | An alias assigned to the Exchange server |
| exchangeOrganization | String | Exchange Organization to the Exchange server |
Graph reference: deviceManagementExchangeOnPremisesPolicy
| Property | Type | Description |
|---|---|---|
| id | String | |
| notificationContent | Binary | Notification text that will be sent to users quarantined by this policy. This is UTF8 encoded byte array HTML. |
| defaultAccessLevel | deviceManagementExchangeAccessLevel | Default access state in Exchange. This rule applies globally to the entire Exchange organization. Possible values are: none, allow, block, quarantine. |
| accessRules | deviceManagementExchangeAccessRule collection | The list of device access rules in Exchange. The access rules apply globally to the entire Exchange organization |
| knownDeviceClasses | deviceManagementExchangeDeviceClass collection | The list of device classes known to Exchange |
Graph reference: deviceManagementPartner
| Property | Type | Description |
|---|---|---|
| id | String | Id of the entity |
| lastHeartbeatDateTime | DateTimeOffset | Timestamp of last heartbeat after admin enabled option Connect to Device management Partner |
| partnerState | deviceManagementPartnerTenantState | Partner state of this tenant. Possible values are: unknown, unavailable, enabled, terminated, rejected, unresponsive. |
| partnerAppType | deviceManagementPartnerAppType | Partner App type. Possible values are: unknown, singleTenantApp, multiTenantApp. |
| singleTenantAppId | String | Partner Single tenant App id |
| displayName | String | Partner display name |
| isConfigured | Boolean | Whether device management partner is configured or not |
| whenPartnerDevicesWillBeRemovedDateTime | DateTimeOffset | DateTime in UTC when PartnerDevices will be removed |
| whenPartnerDevicesWillBeMarkedAsNonCompliantDateTime | DateTimeOffset | DateTime in UTC when PartnerDevices will be marked as NonCompliant |
| groupsRequiringPartnerEnrollment | deviceManagementPartnerAssignment collection | User groups that specifies whether enrollment is through partner. |
Graph reference: enrollmentConfigurationAssignment
| Property | Type | Description |
|---|---|---|
| id | String | Key of the enrollment configuration assignment |
| target | deviceAndAppManagementAssignmentTarget | Represents an assignment to managed devices in the tenant |
Graph reference: mobileThreatDefenseConnector
| Property | Type | Description |
|---|---|---|
| id | String | Not yet documented |
| lastHeartbeatDateTime | DateTimeOffset | DateTime of last Heartbeat recieved from the Mobile Threat Defense partner |
| partnerState | mobileThreatPartnerTenantState | Mobile Threat Defense partner state for this account. Possible values are: unavailable, available, enabled, unresponsive. |
| androidMobileApplicationManagementEnabled | Boolean | When TRUE, inidicates that data from the Mobile Threat Defense partner can be used during Mobile Application Management (MAM) evaluations for Android devices. When FALSE, inidicates that data from the Mobile Threat Defense partner should not be used during Mobile Application Management (MAM) evaluations for Android devices. Only one partner per platform may be enabled for Mobile Application Management (MAM) evaluation. Default value is FALSE. |
| iosMobileApplicationManagementEnabled | Boolean | When TRUE, inidicates that data from the Mobile Threat Defense partner can be used during Mobile Application Management (MAM) evaluations for IOS devices. When FALSE, inidicates that data from the Mobile Threat Defense partner should not be used during Mobile Application Management (MAM) evaluations for IOS devices. Only one partner per platform may be enabled for Mobile Application Management (MAM) evaluation. Default value is FALSE. |
| androidEnabled | Boolean | For Android, set whether data from the Mobile Threat Defense partner should be used during compliance evaluations |
| iosEnabled | Boolean | For IOS, get or set whether data from the Mobile Threat Defense partner should be used during compliance evaluations |
| windowsEnabled | Boolean | When TRUE, inidicates that data from the Mobile Threat Defense partner can be used during compliance evaluations for Windows. When FALSE, inidicates that data from the Mobile Threat Defense partner should not be used during compliance evaluations for Windows. Default value is FALSE. |
| androidDeviceBlockedOnMissingPartnerData | Boolean | For Android, set whether Intune must receive data from the Mobile Threat Defense partner prior to marking a device compliant |
| iosDeviceBlockedOnMissingPartnerData | Boolean | For IOS, set whether Intune must receive data from the Mobile Threat Defense partner prior to marking a device compliant |
| windowsDeviceBlockedOnMissingPartnerData | Boolean | When TRUE, inidicates that Intune must receive data from the Mobile Threat Defense partner prior to marking a device compliant for Windows. When FALSE, inidicates that Intune may make a device compliant without receiving data from the Mobile Threat Defense partner for Windows. Default value is FALSE. |
| partnerUnsupportedOsVersionBlocked | Boolean | Get or set whether to block devices on the enabled platforms that do not meet the minimum version requirements of the Mobile Threat Defense partner |
| partnerUnresponsivenessThresholdInDays | Int32 | Get or Set days the per tenant tolerance to unresponsiveness for this partner integration |
| allowPartnerToCollectIOSApplicationMetadata | Boolean | When TRUE, indicates the Mobile Threat Defense partner may collect metadata about installed applications from Intune for IOS devices. When FALSE, indicates the Mobile Threat Defense partner may not collect metadata about installed applications from Intune for IOS devices. Default value is FALSE. |
| allowPartnerToCollectIOSPersonalApplicationMetadata | Boolean | When TRUE, indicates the Mobile Threat Defense partner may collect metadata about personally installed applications from Intune for IOS devices. When FALSE, indicates the Mobile Threat Defense partner may not collect metadata about personally installed applications from Intune for IOS devices. Default value is FALSE. |
| microsoftDefenderForEndpointAttachEnabled | Boolean | When TRUE, inidicates that configuration profile management via Microsoft Defender for Endpoint is enabled. When FALSE, inidicates that configuration profile management via Microsoft Defender for Endpoint is disabled. Default value is FALSE. |
Graph reference: onPremisesConditionalAccessSettings
| Property | Type | Description |
|---|---|---|
| id | String | Not yet documented |
| enabled | Boolean | Indicates if on premises conditional access is enabled for this organization |
| includedGroups | Guid collection | User groups that will be targeted by on premises conditional access. All users in these groups will be required to have mobile device managed and compliant for mail access. |
| excludedGroups | Guid collection | User groups that will be exempt by on premises conditional access. All users in these groups will be exempt from the conditional access policy. |
| overrideDefaultRule | Boolean | Override the default access rule when allowing a device to ensure access is granted. |
Graph reference: organization
| Property | Type | Description |
|---|---|---|
| id | String | The GUID for the object. |
| mobileDeviceManagementAuthority | mdmAuthority | Mobile device management authority. Possible values are: unknown, intune, sccm, office365. |
Graph reference: sideLoadingKey
| Property | Type | Description |
|---|---|---|
| id | String | Side Loading Key Unique Id. |
| value | String | Side Loading Key Value, it is 5x5 value, seperated by hiphens. |
| displayName | String | Side Loading Key Name displayed to the ITPro Admins. |
| description | String | Side Loading Key description displayed to the ITPro Admins.. |
| totalActivation | Int32 | Side Loading Key Total Activation displayed to the ITPro Admins. |
| lastUpdatedDateTime | String | Side Loading Key Last Updated Date displayed to the ITPro Admins. |
Graph reference: user
| Property | Type | Description |
|---|---|---|
| id | String | Unique identifier of the user. |
| deviceEnrollmentLimit | Int32 | The limit on the maximum number of devices that the user is permitted to enroll. Allowed values are 5 or 1000. |
Graph reference: vppToken
| Property | Type | Description |
|---|---|---|
| id | String | This is automatically generated when the appleVolumePurchaseProgramToken is created. It is the Key of the entity. |
| organizationName | String | The organization associated with the Apple Volume Purchase Program Token |
| vppTokenAccountType | vppTokenAccountType | The type of volume purchase program which the given Apple Volume Purchase Program Token is associated with. Possible values are: business, education. Possible values are: business, education. |
| appleId | String | The Apple ID associated with the given Apple Volume Purchase Program Token. |
| expirationDateTime | DateTimeOffset | The expiration date time of the Apple Volume Purchase Program Token. |
| lastSyncDateTime | DateTimeOffset | The last time when an application sync was done with the Apple volume purchase program service using the the Apple Volume Purchase Program Token. |
| token | String | The Apple Volume Purchase Program Token string downloaded from the Apple Volume Purchase Program. |
| lastModifiedDateTime | DateTimeOffset | Last modification date time associated with the Apple Volume Purchase Program Token. |
| state | vppTokenState | Current state of the Apple Volume Purchase Program Token. Possible values are: unknown, valid, expired, invalid, assignedToExternalMDM. |
| lastSyncStatus | vppTokenSyncStatus | Current sync status of the last application sync which was triggered using the Apple Volume Purchase Program Token. Possible values are: none, inProgress, completed, failed. |
| automaticallyUpdateApps | Boolean | Whether or not apps for the VPP token will be automatically updated. |
| countryOrRegion | String | The country or region associated with the Apple Volume Purchase Program Token. |
Graph reference: windows10EnrollmentCompletionPageConfiguration
| Property | Type | Description |
|---|---|---|
| id | String | Unique Identifier for the account Inherited from deviceEnrollmentConfiguration |
| displayName | String | The display name of the device enrollment configuration Inherited from deviceEnrollmentConfiguration |
| description | String | The description of the device enrollment configuration Inherited from deviceEnrollmentConfiguration |
| priority | Int32 | Priority is used when a user exists in multiple groups that are assigned enrollment configuration. Users are subject only to the configuration with the lowest priority value. Inherited from deviceEnrollmentConfiguration |
| createdDateTime | DateTimeOffset | Created date time in UTC of the device enrollment configuration Inherited from deviceEnrollmentConfiguration |
| lastModifiedDateTime | DateTimeOffset | Last modified date time in UTC of the device enrollment configuration Inherited from deviceEnrollmentConfiguration |
| version | Int32 | The version of the device enrollment configuration Inherited from deviceEnrollmentConfiguration |
| roleScopeTagIds | String collection | Optional role scope tags for the enrollment restrictions. Inherited from deviceEnrollmentConfiguration |
| deviceEnrollmentConfigurationType | deviceEnrollmentConfigurationType | Support for Enrollment Configuration Type Inherited from deviceEnrollmentConfiguration. Possible values are: unknown, limit, platformRestrictions, windowsHelloForBusiness, defaultLimit, defaultPlatformRestrictions, defaultWindowsHelloForBusiness, defaultWindows10EnrollmentCompletionPageConfiguration, windows10EnrollmentCompletionPageConfiguration, deviceComanagementAuthorityConfiguration, singlePlatformRestriction, unknownFutureValue, enrollmentNotificationsConfiguration, windowsRestore. |
| showInstallationProgress | Boolean | When TRUE, shows installation progress to user. When false, hides installation progress. The default is false. |
| blockDeviceSetupRetryByUser | Boolean | When TRUE, blocks user from retrying the setup on installation failure. When false, user is allowed to retry. The default is false. |
| allowDeviceResetOnInstallFailure | Boolean | When TRUE, allows device reset on installation failure. When false, reset is blocked. The default is false. |
| allowLogCollectionOnInstallFailure | Boolean | When TRUE, allows log collection on installation failure. When false, log collection is not allowed. The default is false. |
| customErrorMessage | String | The custom error message to show upon installation failure. Max length is 10000. example: "Setup could not be completed. Please try again or contact your support person for help." |
| installProgressTimeoutInMinutes | Int32 | The installation progress timeout in minutes. Default is 60 minutes. |
| allowDeviceUseOnInstallFailure | Boolean | When TRUE, allows the user to continue using the device on installation failure. When false, blocks the user on installation failure. The default is false. |
| selectedMobileAppIds | String collection | Selected applications to track the installation status. It is in the form of an array of GUIDs. |
| allowNonBlockingAppInstallation | Boolean | When TRUE, ESP (Enrollment Status Page) installs all required apps targeted during technician phase and ignores any failures for non-blocking apps. When FALSE, ESP fails on any error during app install. The default is false. |
| installQualityUpdates | Boolean | Allows quality updates installation during OOBE |
| trackInstallProgressForAutopilotOnly | Boolean | When TRUE, installation progress is tracked for only Autopilot enrollment scenarios. When false, other scenarios are tracked as well. The default is false. |
| disableUserStatusTrackingAfterFirstUser | Boolean | When TRUE, disables showing installation progress for first user post enrollment. When false, enables showing progress. The default is false. |
Graph reference: windowsRestoreDeviceEnrollmentConfiguration
| Property | Type | Description |
|---|---|---|
| id | String | Unique Identifier for the account Inherited from deviceEnrollmentConfiguration |
| displayName | String | The display name of the device enrollment configuration Inherited from deviceEnrollmentConfiguration |
| description | String | The description of the device enrollment configuration Inherited from deviceEnrollmentConfiguration |
| priority | Int32 | Priority is used when a user exists in multiple groups that are assigned enrollment configuration. Users are subject only to the configuration with the lowest priority value. Inherited from deviceEnrollmentConfiguration |
| createdDateTime | DateTimeOffset | Created date time in UTC of the device enrollment configuration Inherited from deviceEnrollmentConfiguration |
| lastModifiedDateTime | DateTimeOffset | Last modified date time in UTC of the device enrollment configuration Inherited from deviceEnrollmentConfiguration |
| version | Int32 | The version of the device enrollment configuration Inherited from deviceEnrollmentConfiguration |
| roleScopeTagIds | String collection | Optional role scope tags for the enrollment restrictions. Inherited from deviceEnrollmentConfiguration |
| deviceEnrollmentConfigurationType | deviceEnrollmentConfigurationType | Support for Enrollment Configuration Type Inherited from deviceEnrollmentConfiguration. Possible values are: unknown, limit, platformRestrictions, windowsHelloForBusiness, defaultLimit, defaultPlatformRestrictions, defaultWindowsHelloForBusiness, defaultWindows10EnrollmentCompletionPageConfiguration, windows10EnrollmentCompletionPageConfiguration, deviceComanagementAuthorityConfiguration, singlePlatformRestriction, unknownFutureValue, enrollmentNotificationsConfiguration, windowsRestore. |
| state | enablement | Indicates the configuration state of the Windows Restore setting. Possible values are 'notConfigured', 'enabled', and 'disabled'. Default is: notConfigured. This is a tenant level default setting that is not targetable. This property's value is applied during Enrollment. Possible values are: notConfigured, enabled, disabled. |
Graph reference: assignmentFilterEvaluateRequest
| Property | Type | Description |
|---|---|---|
| platform | devicePlatformType | Platform type of the devices on which the Assignment Filter will be applicable. Possible values are: android, androidForWork, iOS, macOS, windowsPhone81, windows81AndLater, windows10AndLater, androidWorkProfile, unknown, androidAOSP, androidMobileApplicationManagement, iOSMobileApplicationManagement, unknownFutureValue, windowsMobileApplicationManagement. |
| rule | String | Rule definition of the Assignment Filter. |
| top | Int32 | Limit of records per request. Default value is 100, if provided less than 0 or greater than 100 |
| skip | Int32 | Number of records to skip. Default value is 0 |
| orderBy | String collection | Order the devices should be sorted in. Default is ascending on device name. |
| search | String | Search keyword applied to scope found devices. |
Graph reference: assignmentFilterState
| Property | Type | Description |
|---|---|---|
| enabled | Boolean | Indicator to if AssignmentFilter is enabled or disabled. |
Graph reference: assignmentFilterStatusDetails
| Property | Type | Description |
|---|---|---|
| managedDeviceId | String | Unique identifier for the device object. |
| payloadId | String | Unique identifier for payload object. |
| userId | String | Unique identifier for UserId object. Can be null |
| deviceProperties | keyValuePair collection | Device properties used for filter evaluation during device check-in time. |
| evalutionSummaries | assignmentFilterEvaluationSummary collection | Evaluation result summaries for each filter associated to device and payload |
Graph reference: assignmentFilterSupportedProperty
| Property | Type | Description |
|---|---|---|
| dataType | String | The data type of the property. |
| isCollection | Boolean | Indicates whether the property is a collection type or not. |
| name | String | Name of the property. |
| propertyRegexConstraint | String | Regex string to do validation on the property value. |
| supportedOperators | assignmentFilterOperator collection | List of all supported operators on this property. |
| supportedValues | String collection | List of all supported values for this property, empty if everything is supported. |
Graph reference: deviceAndAppManagementAssignmentFilter
| Property | Type | Description |
|---|---|---|
| id | String | Key of the Assignment Filter. |
| createdDateTime | DateTimeOffset | The creation time of the assignment filter. The value cannot be modified and is automatically populated during new assignment filter process. The timestamp type represents date and time information using ISO 8601 format and is always in UTC time. For example, midnight UTC on Jan 1, 2014 would look like this: '2014-01-01T00:00:00Z'. |
| lastModifiedDateTime | DateTimeOffset | Last modified time of the Assignment Filter. The timestamp type represents date and time information using ISO 8601 format and is always in UTC time. For example, midnight UTC on Jan 1, 2014 would look like this: '2014-01-01T00:00:00Z' |
| displayName | String | The name of the Assignment Filter. |
| description | String | Optional description of the Assignment Filter. |
| platform | devicePlatformType | Indicates filter is applied to which flatform. Possible values are android,androidForWork,iOS,macOS,windowsPhone81,windows81AndLater,windows10AndLater,androidWorkProfile, unknown, androidAOSP, androidMobileApplicationManagement, iOSMobileApplicationManagement, windowsMobileApplicationManagement. Default filter will be applied to 'unknown'. Possible values are: android, androidForWork, iOS, macOS, windowsPhone81, windows81AndLater, windows10AndLater, androidWorkProfile, unknown, androidAOSP, androidMobileApplicationManagement, iOSMobileApplicationManagement, unknownFutureValue, windowsMobileApplicationManagement. |
| rule | String | Rule definition of the assignment filter. |
| roleScopeTags | String collection | Indicates role scope tags assigned for the assignment filter. |
| payloads | payloadByFilter collection | Indicates associated assignments for a specific filter. |
| assignmentFilterManagementType | assignmentFilterManagementType | Indicates filter is applied to either 'devices' or 'apps' management type. Possible values are devices, apps. Default filter will be applied to 'devices'. Possible values are: devices, apps, unknownFutureValue. |
Graph reference: deviceAppManagement
| Property | Type | Description |
|---|---|---|
| id | String | Key of the entity. |
Graph reference: deviceCompliancePolicyPolicySetItem
| Property | Type | Description |
|---|---|---|
| id | String | Key of the PolicySetItem. Inherited from policySetItem |
| createdDateTime | DateTimeOffset | Creation time of the PolicySetItem. Inherited from policySetItem |
| lastModifiedDateTime | DateTimeOffset | Last modified time of the PolicySetItem. Inherited from policySetItem |
| payloadId | String | PayloadId of the PolicySetItem. Inherited from policySetItem |
| itemType | String | policySetType of the PolicySetItem. Inherited from policySetItem |
| displayName | String | DisplayName of the PolicySetItem. Inherited from policySetItem |
| status | policySetStatus | Status of the PolicySetItem. Inherited from policySetItem. Possible values are: unknown, validating, partialSuccess, success, error, notAssigned. |
| errorCode | errorCode | Error code if any occured. Inherited from policySetItem. Possible values are: noError, unauthorized, notFound, deleted. |
| guidedDeploymentTags | String collection | Tags of the guided deployment Inherited from policySetItem |
Graph reference: deviceConfigurationPolicySetItem
| Property | Type | Description |
|---|---|---|
| id | String | Key of the PolicySetItem. Inherited from policySetItem |
| createdDateTime | DateTimeOffset | Creation time of the PolicySetItem. Inherited from policySetItem |
| lastModifiedDateTime | DateTimeOffset | Last modified time of the PolicySetItem. Inherited from policySetItem |
| payloadId | String | PayloadId of the PolicySetItem. Inherited from policySetItem |
| itemType | String | policySetType of the PolicySetItem. Inherited from policySetItem |
| displayName | String | DisplayName of the PolicySetItem. Inherited from policySetItem |
| status | policySetStatus | Status of the PolicySetItem. Inherited from policySetItem. Possible values are: unknown, validating, partialSuccess, success, error, notAssigned. |
| errorCode | errorCode | Error code if any occured. Inherited from policySetItem. Possible values are: noError, unauthorized, notFound, deleted. |
| guidedDeploymentTags | String collection | Tags of the guided deployment Inherited from policySetItem |
Graph reference: deviceManagement
| Property | Type | Description |
|---|---|---|
| id | String | Key of the entity. |
Graph reference: deviceManagementConfigurationPolicyPolicySetItem
| Property | Type | Description |
|---|---|---|
| id | String | Key of the PolicySetItem. Inherited from policySetItem |
| createdDateTime | DateTimeOffset | Creation time of the PolicySetItem. Inherited from policySetItem |
| lastModifiedDateTime | DateTimeOffset | Last modified time of the PolicySetItem. Inherited from policySetItem |
| payloadId | String | PayloadId of the PolicySetItem. Inherited from policySetItem |
| itemType | String | policySetType of the PolicySetItem. Inherited from policySetItem |
| displayName | String | DisplayName of the PolicySetItem. Inherited from policySetItem |
| status | policySetStatus | Status of the PolicySetItem. Inherited from policySetItem. Possible values are: unknown, validating, partialSuccess, success, error, notAssigned. |
| errorCode | errorCode | Error code if any occured. Inherited from policySetItem. Possible values are: noError, unauthorized, notFound, deleted. |
| guidedDeploymentTags | String collection | Tags of the guided deployment Inherited from policySetItem |
Graph reference: deviceManagementScriptPolicySetItem
| Property | Type | Description |
|---|---|---|
| id | String | Key of the PolicySetItem. Inherited from policySetItem |
| createdDateTime | DateTimeOffset | Creation time of the PolicySetItem. Inherited from policySetItem |
| lastModifiedDateTime | DateTimeOffset | Last modified time of the PolicySetItem. Inherited from policySetItem |
| payloadId | String | PayloadId of the PolicySetItem. Inherited from policySetItem |
| itemType | String | policySetType of the PolicySetItem. Inherited from policySetItem |
| displayName | String | DisplayName of the PolicySetItem. Inherited from policySetItem |
| status | policySetStatus | Status of the PolicySetItem. Inherited from policySetItem. Possible values are: unknown, validating, partialSuccess, success, error, notAssigned. |
| errorCode | errorCode | Error code if any occured. Inherited from policySetItem. Possible values are: noError, unauthorized, notFound, deleted. |
| guidedDeploymentTags | String collection | Tags of the guided deployment Inherited from policySetItem |
Graph reference: intune-policyset-deviceplatformtype
Graph reference: enrollmentRestrictionsConfigurationPolicySetItem
| Property | Type | Description |
|---|---|---|
| id | String | Key of the PolicySetItem. Inherited from policySetItem |
| createdDateTime | DateTimeOffset | Creation time of the PolicySetItem. Inherited from policySetItem |
| lastModifiedDateTime | DateTimeOffset | Last modified time of the PolicySetItem. Inherited from policySetItem |
| payloadId | String | PayloadId of the PolicySetItem. Inherited from policySetItem |
| itemType | String | policySetType of the PolicySetItem. Inherited from policySetItem |
| displayName | String | DisplayName of the PolicySetItem. Inherited from policySetItem |
| status | policySetStatus | Status of the PolicySetItem. Inherited from policySetItem. Possible values are: unknown, validating, partialSuccess, success, error, notAssigned. |
| errorCode | errorCode | Error code if any occured. Inherited from policySetItem. Possible values are: noError, unauthorized, notFound, deleted. |
| guidedDeploymentTags | String collection | Tags of the guided deployment Inherited from policySetItem |
| priority | Int32 | Priority of the EnrollmentRestrictionsConfigurationPolicySetItem. |
| limit | Int32 | Limit of the EnrollmentRestrictionsConfigurationPolicySetItem. |
Graph reference: hasPayloadLinkResultItem
| Property | Type | Description |
|---|---|---|
| payloadId | String | Key of the Payload, In the format of Guid. |
| hasLink | Boolean | Indicate whether a payload has any link or not. |
| error | String | Exception information indicates if check for this item was successful or not.Empty string for no error. |
| sources | deviceAndAppManagementAssignmentSource collection | The reason where the link comes from. |
Graph reference: iosLobAppProvisioningConfigurationPolicySetItem
| Property | Type | Description |
|---|---|---|
| id | String | Key of the PolicySetItem. Inherited from policySetItem |
| createdDateTime | DateTimeOffset | Creation time of the PolicySetItem. Inherited from policySetItem |
| lastModifiedDateTime | DateTimeOffset | Last modified time of the PolicySetItem. Inherited from policySetItem |
| payloadId | String | PayloadId of the PolicySetItem. Inherited from policySetItem |
| itemType | String | policySetType of the PolicySetItem. Inherited from policySetItem |
| displayName | String | DisplayName of the PolicySetItem. Inherited from policySetItem |
| status | policySetStatus | Status of the PolicySetItem. Inherited from policySetItem. Possible values are: unknown, validating, partialSuccess, success, error, notAssigned. |
| errorCode | errorCode | Error code if any occured. Inherited from policySetItem. Possible values are: noError, unauthorized, notFound, deleted. |
| guidedDeploymentTags | String collection | Tags of the guided deployment Inherited from policySetItem |
Graph reference: managedAppProtectionPolicySetItem
| Property | Type | Description |
|---|---|---|
| id | String | Key of the PolicySetItem. Inherited from policySetItem |
| createdDateTime | DateTimeOffset | Creation time of the PolicySetItem. Inherited from policySetItem |
| lastModifiedDateTime | DateTimeOffset | Last modified time of the PolicySetItem. Inherited from policySetItem |
| payloadId | String | PayloadId of the PolicySetItem. Inherited from policySetItem |
| itemType | String | policySetType of the PolicySetItem. Inherited from policySetItem |
| displayName | String | DisplayName of the PolicySetItem. Inherited from policySetItem |
| status | policySetStatus | Status of the PolicySetItem. Inherited from policySetItem. Possible values are: unknown, validating, partialSuccess, success, error, notAssigned. |
| errorCode | errorCode | Error code if any occured. Inherited from policySetItem. Possible values are: noError, unauthorized, notFound, deleted. |
| guidedDeploymentTags | String collection | Tags of the guided deployment Inherited from policySetItem |
| targetedAppManagementLevels | String | TargetedAppManagementLevels of the ManagedAppPolicySetItem. |
Graph reference: managedDeviceMobileAppConfigurationPolicySetItem
| Property | Type | Description |
|---|---|---|
| id | String | Key of the PolicySetItem. Inherited from policySetItem |
| createdDateTime | DateTimeOffset | Creation time of the PolicySetItem. Inherited from policySetItem |
| lastModifiedDateTime | DateTimeOffset | Last modified time of the PolicySetItem. Inherited from policySetItem |
| payloadId | String | PayloadId of the PolicySetItem. Inherited from policySetItem |
| itemType | String | policySetType of the PolicySetItem. Inherited from policySetItem |
| displayName | String | DisplayName of the PolicySetItem. Inherited from policySetItem |
| status | policySetStatus | Status of the PolicySetItem. Inherited from policySetItem. Possible values are: unknown, validating, partialSuccess, success, error, notAssigned. |
| errorCode | errorCode | Error code if any occured. Inherited from policySetItem. Possible values are: noError, unauthorized, notFound, deleted. |
| guidedDeploymentTags | String collection | Tags of the guided deployment Inherited from policySetItem |
Graph reference: mdmWindowsInformationProtectionPolicyPolicySetItem
| Property | Type | Description |
|---|---|---|
| id | String | Key of the PolicySetItem. Inherited from policySetItem |
| createdDateTime | DateTimeOffset | Creation time of the PolicySetItem. Inherited from policySetItem |
| lastModifiedDateTime | DateTimeOffset | Last modified time of the PolicySetItem. Inherited from policySetItem |
| payloadId | String | PayloadId of the PolicySetItem. Inherited from policySetItem |
| itemType | String | policySetType of the PolicySetItem. Inherited from policySetItem |
| displayName | String | DisplayName of the PolicySetItem. Inherited from policySetItem |
| status | policySetStatus | Status of the PolicySetItem. Inherited from policySetItem. Possible values are: unknown, validating, partialSuccess, success, error, notAssigned. |
| errorCode | errorCode | Error code if any occured. Inherited from policySetItem. Possible values are: noError, unauthorized, notFound, deleted. |
| guidedDeploymentTags | String collection | Tags of the guided deployment Inherited from policySetItem |
Graph reference: mobileAppPolicySetItem
| Property | Type | Description |
|---|---|---|
| id | String | Key of the PolicySetItem. Inherited from policySetItem |
| createdDateTime | DateTimeOffset | Creation time of the PolicySetItem. Inherited from policySetItem |
| lastModifiedDateTime | DateTimeOffset | Last modified time of the PolicySetItem. Inherited from policySetItem |
| payloadId | String | PayloadId of the PolicySetItem. Inherited from policySetItem |
| itemType | String | policySetType of the PolicySetItem. Inherited from policySetItem |
| displayName | String | DisplayName of the PolicySetItem. Inherited from policySetItem |
| status | policySetStatus | Status of the PolicySetItem. Inherited from policySetItem. Possible values are: unknown, validating, partialSuccess, success, error, notAssigned. |
| errorCode | errorCode | Error code if any occured. Inherited from policySetItem. Possible values are: noError, unauthorized, notFound, deleted. |
| guidedDeploymentTags | String collection | Tags of the guided deployment Inherited from policySetItem |
| intent | installIntent | Install intent of the MobileAppPolicySetItem. Possible values are: available, required, uninstall, availableWithoutEnrollment. |
| settings | mobileAppAssignmentSettings | Settings of the MobileAppPolicySetItem. |
Graph reference: payloadCompatibleAssignmentFilter
| Property | Type | Description |
|---|---|---|
| id | String | Key of the Assignment Filter. Inherited from deviceAndAppManagementAssignmentFilter |
| createdDateTime | DateTimeOffset | The creation time of the assignment filter. The value cannot be modified and is automatically populated during new assignment filter process. The timestamp type represents date and time information using ISO 8601 format and is always in UTC time. For example, midnight UTC on Jan 1, 2014 would look like this: '2014-01-01T00:00:00Z'. Inherited from deviceAndAppManagementAssignmentFilter |
| lastModifiedDateTime | DateTimeOffset | Last modified time of the Assignment Filter. The timestamp type represents date and time information using ISO 8601 format and is always in UTC time. For example, midnight UTC on Jan 1, 2014 would look like this: '2014-01-01T00:00:00Z' Inherited from deviceAndAppManagementAssignmentFilter |
| displayName | String | The name of the Assignment Filter. Inherited from deviceAndAppManagementAssignmentFilter |
| description | String | Optional description of the Assignment Filter. Inherited from deviceAndAppManagementAssignmentFilter |
| platform | devicePlatformType | Indicates filter is applied to which flatform. Possible values are android,androidForWork,iOS,macOS,windowsPhone81,windows81AndLater,windows10AndLater,androidWorkProfile, unknown, androidAOSP, androidMobileApplicationManagement, iOSMobileApplicationManagement, windowsMobileApplicationManagement. Default filter will be applied to 'unknown'. Inherited from deviceAndAppManagementAssignmentFilter. Possible values are: android, androidForWork, iOS, macOS, windowsPhone81, windows81AndLater, windows10AndLater, androidWorkProfile, unknown, androidAOSP, androidMobileApplicationManagement, iOSMobileApplicationManagement, unknownFutureValue, windowsMobileApplicationManagement. |
| rule | String | Rule definition of the assignment filter. Inherited from deviceAndAppManagementAssignmentFilter |
| roleScopeTags | String collection | Indicates role scope tags assigned for the assignment filter. Inherited from deviceAndAppManagementAssignmentFilter |
| payloads | payloadByFilter collection | Indicates associated assignments for a specific filter. Inherited from deviceAndAppManagementAssignmentFilter |
| assignmentFilterManagementType | assignmentFilterManagementType | Indicates filter is applied to either 'devices' or 'apps' management type. Possible values are devices, apps. Default filter will be applied to 'devices' Inherited from deviceAndAppManagementAssignmentFilter. Possible values are: devices, apps, unknownFutureValue. |
| payloadType | assignmentFilterPayloadType | PayloadType of the Assignment Filter. Possible values are: notSet, enrollmentRestrictions. |
Graph reference: policySet
| Property | Type | Description |
|---|---|---|
| id | String | Key of the PolicySet. |
| createdDateTime | DateTimeOffset | Creation time of the PolicySet. |
| lastModifiedDateTime | DateTimeOffset | Last modified time of the PolicySet. |
| displayName | String | DisplayName of the PolicySet. |
| description | String | Description of the PolicySet. |
| status | policySetStatus | Validation/assignment status of the PolicySet. Possible values are: unknown, validating, partialSuccess, success, error, notAssigned. |
| errorCode | errorCode | Error code if any occured. Possible values are: noError, unauthorized, notFound, deleted. |
| guidedDeploymentTags | String collection | Tags of the guided deployment |
| roleScopeTags | String collection | RoleScopeTags of the PolicySet |
Graph reference: policySetAssignment
| Property | Type | Description |
|---|---|---|
| id | String | Key of the PolicySetAssignment. |
| lastModifiedDateTime | DateTimeOffset | Last modified time of the PolicySetAssignment. |
| target | deviceAndAppManagementAssignmentTarget | The target group of PolicySetAssignment |
Graph reference: policySetItem
| Property | Type | Description |
|---|---|---|
| id | String | Key of the PolicySetItem. |
| createdDateTime | DateTimeOffset | Creation time of the PolicySetItem. |
| lastModifiedDateTime | DateTimeOffset | Last modified time of the PolicySetItem. |
| payloadId | String | PayloadId of the PolicySetItem. |
| itemType | String | policySetType of the PolicySetItem. |
| displayName | String | DisplayName of the PolicySetItem. |
| status | policySetStatus | Status of the PolicySetItem. Possible values are: unknown, validating, partialSuccess, success, error, notAssigned. |
| errorCode | errorCode | Error code if any occured. Possible values are: noError, unauthorized, notFound, deleted. |
| guidedDeploymentTags | String collection | Tags of the guided deployment |
Graph reference: targetedManagedAppConfigurationPolicySetItem
| Property | Type | Description |
|---|---|---|
| id | String | Key of the PolicySetItem. Inherited from policySetItem |
| createdDateTime | DateTimeOffset | Creation time of the PolicySetItem. Inherited from policySetItem |
| lastModifiedDateTime | DateTimeOffset | Last modified time of the PolicySetItem. Inherited from policySetItem |
| payloadId | String | PayloadId of the PolicySetItem. Inherited from policySetItem |
| itemType | String | policySetType of the PolicySetItem. Inherited from policySetItem |
| displayName | String | DisplayName of the PolicySetItem. Inherited from policySetItem |
| status | policySetStatus | Status of the PolicySetItem. Inherited from policySetItem. Possible values are: unknown, validating, partialSuccess, success, error, notAssigned. |
| errorCode | errorCode | Error code if any occured. Inherited from policySetItem. Possible values are: noError, unauthorized, notFound, deleted. |
| guidedDeploymentTags | String collection | Tags of the guided deployment Inherited from policySetItem |
Graph reference: windows10EnrollmentCompletionPageConfigurationPolicySetItem
| Property | Type | Description |
|---|---|---|
| id | String | Key of the PolicySetItem. Inherited from policySetItem |
| createdDateTime | DateTimeOffset | Creation time of the PolicySetItem. Inherited from policySetItem |
| lastModifiedDateTime | DateTimeOffset | Last modified time of the PolicySetItem. Inherited from policySetItem |
| payloadId | String | PayloadId of the PolicySetItem. Inherited from policySetItem |
| itemType | String | policySetType of the PolicySetItem. Inherited from policySetItem |
| displayName | String | DisplayName of the PolicySetItem. Inherited from policySetItem |
| status | policySetStatus | Status of the PolicySetItem. Inherited from policySetItem. Possible values are: unknown, validating, partialSuccess, success, error, notAssigned. |
| errorCode | errorCode | Error code if any occured. Inherited from policySetItem. Possible values are: noError, unauthorized, notFound, deleted. |
| guidedDeploymentTags | String collection | Tags of the guided deployment Inherited from policySetItem |
| priority | Int32 | Priority of the Windows10EnrollmentCompletionPageConfigurationPolicySetItem. |
Graph reference: windowsAutopilotDeploymentProfilePolicySetItem
| Property | Type | Description |
|---|---|---|
| id | String | Key of the PolicySetItem. Inherited from policySetItem |
| createdDateTime | DateTimeOffset | Creation time of the PolicySetItem. Inherited from policySetItem |
| lastModifiedDateTime | DateTimeOffset | Last modified time of the PolicySetItem. Inherited from policySetItem |
| payloadId | String | PayloadId of the PolicySetItem. Inherited from policySetItem |
| itemType | String | policySetType of the PolicySetItem. Inherited from policySetItem |
| displayName | String | DisplayName of the PolicySetItem. Inherited from policySetItem |
| status | policySetStatus | Status of the PolicySetItem. Inherited from policySetItem. Possible values are: unknown, validating, partialSuccess, success, error, notAssigned. |
| errorCode | errorCode | Error code if any occured. Inherited from policySetItem. Possible values are: noError, unauthorized, notFound, deleted. |
| guidedDeploymentTags | String collection | Tags of the guided deployment Inherited from policySetItem |
Graph reference: certificateConnectorDetails
| Property | Type | Description |
|---|---|---|
| id | String | Unique identifier for this set of ConnectorDetails. |
| connectorName | String | Connector name (set during enrollment). |
| machineName | String | Name of the machine hosting this connector service. |
| enrollmentDateTime | DateTimeOffset | Date/time when this connector was enrolled. |
| lastCheckinDateTime | DateTimeOffset | Date/time when this connector last connected to the service. |
| connectorVersion | String | Version of the connector installed. |
Graph reference: certificateConnectorHealthMetricValue
| Property | Type | Description |
|---|---|---|
| dateTime | DateTimeOffset | Timestamp for this metric data-point. |
| successCount | Int64 | Count of successful requests/operations. |
| failureCount | Int64 | Count of failed requests/operations. |
Graph reference: deviceManagement
| Property | Type | Description |
|---|---|---|
| id | String | Not yet documented |
Graph reference: onPremEncryptedPayload
| Property | Type | Description |
|---|---|---|
| tenantId | Guid | |
| userId | Guid | |
| deviceId | Guid | |
| payloadId | Guid | |
| deviceKeyThumbprint | String | |
| cert1PayloadUUID | String | |
| cert2PayloadUUID | String | |
| cert3PayloadUUID | String | |
| plistTemplate | String | |
| encryptedBlob | Binary | |
| payloadVersion | Int32 | |
| status | Int32 | |
| createdTime | DateTimeOffset | |
| lastModifiedTime | DateTimeOffset | |
| eTag | String | |
| isDeleted | Boolean |
Graph reference: pfxRecryptionRequest
| Property | Type | Description |
|---|---|---|
| tenantId | Guid | |
| userId | Guid | |
| deviceId | Guid | |
| profileId | Guid | |
| thumbprint | String | |
| deviceKeyThumbprint | String | |
| status | Int32 | |
| sourceType | Int32 | |
| createdTime | DateTimeOffset | |
| lastModifiedTime | DateTimeOffset | |
| isDeleted | Boolean | |
| eTag | String |
Graph reference: pfxUserCertificate
| Property | Type | Description |
|---|---|---|
| tenantId | Guid | |
| userId | Guid | |
| thumbprint | String | |
| userUpn | String | |
| encryptedPfxBlob | String | |
| encryptedPfxPassword | String | |
| certStartDate | DateTimeOffset | |
| certExpirationDate | DateTimeOffset | |
| providerName | String | |
| encryptionKeyName | String | |
| paddingScheme | Int32 | |
| status | Int32 | |
| intendedPurpose | Int32 | |
| createdTime | DateTimeOffset | |
| isDeleted | Boolean | |
| lastModifiedTime | DateTimeOffset | |
| eTag | String |
Graph reference: timeSeriesParameter
| Property | Type | Description |
|---|---|---|
| metricName | String | The name of the metric for which a time series is requested. |
| startDateTime | DateTimeOffset | Start time of the series being requested. |
| endDateTime | DateTimeOffset | End time of the series being requested. Optional; if not specified, current time is used. |
Graph reference: userPFXCertificate
| Property | Type | Description |
|---|---|---|
| id | String | Unique identifier for the PFX certificate. |
| thumbprint | String | SHA-1 thumbprint of the PFX certificate. |
| intendedPurpose | userPfxIntendedPurpose | Certificate's intended purpose from the point-of-view of deployment. Possible values are: unassigned, smimeEncryption, smimeSigning, vpn, wifi. |
| userPrincipalName | String | User Principal Name of the PFX certificate. |
| startDateTime | DateTimeOffset | Certificate's validity start date/time. |
| expirationDateTime | DateTimeOffset | Certificate's validity expiration date/time. |
| providerName | String | Crypto provider used to encrypt this blob. |
| keyName | String | Name of the key (within the provider) used to encrypt the blob. |
| paddingScheme | userPfxPaddingScheme | Padding scheme used by the provider during encryption/decryption. Possible values are: none, pkcs1, oaepSha1, oaepSha256, oaepSha384, oaepSha512. |
| encryptedPfxBlob | Binary | Encrypted PFX blob. |
| encryptedPfxPassword | String | Encrypted PFX password. |
| createdDateTime | DateTimeOffset | Date/time when this PFX certificate was imported. |
| lastModifiedDateTime | DateTimeOffset | Date/time when this PFX certificate was last modified. |
Graph reference: deviceAndAppManagementAssignedRoleDetail
| Property | Type | Description |
|---|---|---|
| roleDefinitions | deviceAndAppManagementAssignedRoleDefinition collection | A collection of RoleDefinitions represents the various administrative roles that define permissions and access levels within Microsoft Intune. Each RoleDefinition outlines a set of permissions that determine the actions an admin or user can perform in the Intune environment. These permissions can include actions like reading or writing to specific resources, managing device configurations, deploying policies, or handling user data. RoleDefinitions are critical for enforcing role-based access control (RBAC), ensuring that administrators can only interact with the features and data relevant to their responsibilities. RoleDefinitions in Intune can either be built-in roles provided by Microsoft or custom roles created by an organization to tailor access based on specific needs. These definitions are referenced when assigning roles to users or groups, effectively controlling the scope of their administrative privileges. The collection of RoleDefinitions is managed through the Intune console or the Graph API, allowing for scalable role management across large environments. This property is read-only. |
| permissions | String collection | The list of permissions assigned to a specific user based on their associated role definitions. Each permission defines the specific actions the user can perform on Intune resources, such as managing devices, applications, or configurations. Some possible values are: Microsoft.Intune/MobileApps/Read, Microsoft.Intune/DeviceConfigurations/Write, Microsoft.Intune/ManagedDevices/Retire, and Microsoft.Intune/DeviceCompliancePolicies/Assign. This Permissions property provides a comprehensive view of the user's effective access rights, ensuring that they can only perform actions relevant to their assigned roles. This property is read-only. |
Graph reference: deviceAndAppManagementAssignedRoleDetails
| Property | Type | Description |
|---|---|---|
| roleDefinitionIds | String collection | Role Definition IDs for the specifc Role Definitions assigned to a user. This property is read-only. |
| roleAssignmentIds | String collection | Role Assignment IDs for the specifc Role Assignments assigned to a user. This property is read-only. |
Graph reference: deviceAndAppManagementRoleAssignment
| Property | Type | Description |
|---|---|---|
| id | String | Key of the entity. This is read-only and automatically generated. Inherited from roleAssignment |
| displayName | String | The display or friendly name of the role Assignment. Inherited from roleAssignment |
| description | String | Description of the Role Assignment. Inherited from roleAssignment |
| resourceScopes | String collection | List of ids of role scope member security groups. These are IDs from Azure Active Directory. Inherited from roleAssignment |
| members | String collection | The list of ids of role member security groups. These are IDs from Azure Active Directory. |
Graph reference: deviceAndAppManagementRoleDefinition
| Property | Type | Description |
|---|---|---|
| id | String | Key of the entity. This is read-only and automatically generated. Inherited from roleDefinition |
| displayName | String | Display Name of the Role definition. Inherited from roleDefinition |
| description | String | Description of the Role definition. Inherited from roleDefinition |
| rolePermissions | rolePermission collection | List of Role Permissions this role is allowed to perform. These must match the actionName that is defined as part of the rolePermission. Inherited from roleDefinition |
| isBuiltIn | Boolean | Type of Role. Set to True if it is built-in, or set to False if it is a custom role definition. Inherited from roleDefinition |
Graph reference: deviceManagement
| Property | Type | Description |
|---|---|---|
| id | String | Not yet documented |
Graph reference: operationApprovalPolicy
| Property | Type | Description |
|---|---|---|
| id | String | The unique identifier of the policy. This ID is assigned at when the policy is created. Read-only. This property is read-only. |
| displayName | String | Indicates the display name of the policy. Maximum length of the display name is 128 characters. This property is required when the policy is created, and is defined by the IT Admins to identify the policy. |
| description | String | Indicates the description of the policy. Maximum length of the description is 1024 characters. This property is not required, but can be used by the IT Admin to describe the policy. |
| lastModifiedDateTime | DateTimeOffset | Indicates the last DateTime that the policy was modified. The value cannot be modified and is automatically populated whenever values in the request are updated. For example, when the 'policyType' property changes from apps to scripts. The Timestamp type represents date and time information using ISO 8601 format and is always in UTC time. For example, midnight UTC on Jan 1, 2014 would look like this: '2014-01-01T00:00:00Z'. Returned by default. Read-only. This property is read-only. |
| policyType | operationApprovalPolicyType | The policy type for the OperationApprovalPolicy. Possible values are: unknown, app, script, operationApprovalPolicy. Possible values are: unknown, deviceAction, deviceWipe, deviceRetire, deviceRetireNonCompliant, deviceDelete, deviceLock, deviceErase, deviceDisableActivationLock, windowsEnrollment, compliancePolicy, configurationPolicy, appProtectionPolicy, policySet, filter, endpointSecurityPolicy, app, script, role, deviceResetPasscode, unknownFutureValue, operationApprovalPolicy. |
| policyPlatform | operationApprovalPolicyPlatform | Indicates the applicable platform for the policy. Possible values are: notApplicable, androidDeviceAdministrator, androidEnterprise, iOSiPadOS, macOS, windows10AndLater, windows81AndLater, windows10X. Default value is notApplicable. Possible values are: notApplicable, androidDeviceAdministrator, androidEnterprise, iOSiPadOS, macOS, windows10AndLater, windows81AndLater, windows10X, unknownFutureValue. |
| policySet | operationApprovalPolicySet | Indicates areas of the Intune UX that could support MAA UX for the current logged in IT Admin. This property is required, and is defined by the IT Admins in order to correctly show the expected experience. |
| approverGroupIds | String collection | The Microsoft Entra ID (Azure AD) security group IDs for the approvers for the policy. This property is required when the policy is created, and is defined by the IT Admins to define the possible approvers for the policy. |
Graph reference: operationApprovalPolicySet
| Property | Type | Description |
|---|---|---|
| policyType | operationApprovalPolicyType | The policy type for the OperationApprovalPolicy. This property is required when the policy set is created, and uniquely identifies areas of the Intune UX that could support MAA when used in conjection with the policyPlatform property. Possible values are: unknown, app, script, operationApprovalPolicy. Read-only. This property is read-only. Possible values are: unknown, deviceAction, deviceWipe, deviceRetire, deviceRetireNonCompliant, deviceDelete, deviceLock, deviceErase, deviceDisableActivationLock, windowsEnrollment, compliancePolicy, configurationPolicy, appProtectionPolicy, policySet, filter, endpointSecurityPolicy, app, script, role, deviceResetPasscode, unknownFutureValue, operationApprovalPolicy. |
| policyPlatform | operationApprovalPolicyPlatform | The applicable platform(s) for the OperationApprovalPolicy. This property is required when the policy set is created, and uniquely identifies the platform(s) that could support MAA when used in conjection with the policyType property. Possible values are: notApplicable, androidDeviceAdministrator, androidEnterprise, iOSiPadOS, macOS, windows10AndLater, windows81AndLater, windows10X. Read-only. This property is read-only. Possible values are: notApplicable, androidDeviceAdministrator, androidEnterprise, iOSiPadOS, macOS, windows10AndLater, windows81AndLater, windows10X, unknownFutureValue. |
Graph reference: operationApprovalRequest
| Property | Type | Description |
|---|---|---|
| id | String | The unique identifier of the request. This ID is assigned at when the request is created. Read-only. |
| requestDateTime | DateTimeOffset | Indicates the DateTime that the request was made. The value cannot be modified and is automatically populated when the request is created. The Timestamp type represents date and time information using ISO 8601 format and is always in UTC time. For example, midnight UTC on Jan 1, 2014 would look like this: '2014-01-01T00:00:00Z'. Returned by default. Read-only. This property is read-only. |
| expirationDateTime | DateTimeOffset | Indicates the DateTime when any action on the approval request is no longer permitted. The value cannot be modified and is automatically populated when the request is created using expiration offset values defined in the service controllers. The Timestamp type represents date and time information using ISO 8601 format and is always in UTC time. For example, midnight UTC on Jan 1, 2014 would look like this: '2014-01-01T00:00:00Z'. Returned by default. Read-only. This property is read-only. |
| lastModifiedDateTime | DateTimeOffset | Indicates the last DateTime that the request was modified. The value cannot be modified and is automatically populated whenever values in the request are updated. For example, when the 'status' property changes from needsApproval to approved. The Timestamp type represents date and time information using ISO 8601 format and is always in UTC time. For example, midnight UTC on Jan 1, 2014 would look like this: '2014-01-01T00:00:00Z'. Returned by default. Read-only. This property is read-only. |
| requestor | identitySet | The identity of the requestor as an Identity Set. Optionally contains the application ID, the device ID and the User ID. See information about this type here: https://learn.microsoft.com/graph/api/resources/identityset?view=graph-rest-1.0. Read-only. This property is read-only. |
| approver | identitySet | The identity of the approver as an Identity Set. Optionally contains the application ID, the device ID and the User ID. See information about this type here: https://learn.microsoft.com/graph/api/resources/identityset?view=graph-rest-1.0. Read-only. This property is read-only. |
| status | operationApprovalRequestStatus | The current approval status of the request. Possible values are: unknown, needsApproval, approved, rejected, cancelled, completed, expired. Default value is unknown. Read-only. This property is read-only. Possible values are: unknown, needsApproval, approved, rejected, cancelled, completed, expired, unknownFutureValue. |
| requestJustification | String | Indicates the justification for creating the request. Maximum length of justification is 1024 characters. For example: 'Needed for Feb 2023 application baseline updates.' Read-only. This property is read-only. |
| approvalJustification | String | Indicates the justification for approving or rejecting the request. Maximum length of justification is 1024 characters. For example: 'Approved per Change 23423 - needed for Feb 2023 application baseline updates.' Read-only. This property is read-only. |
| requiredOperationApprovalPolicyTypes | operationApprovalPolicyType collection | Indicates the approval policy types required by the request in order for the request to be approved or rejected. Read-only. This property is read-only. |
Graph reference: operationApprovalRequestEntityStatus
| Property | Type | Description |
|---|---|---|
| requestId | String | The unique identifier of the OperationApprovalRequest. This property cannot be modified and is required when the entity status is created. Read-only. This property is read-only. |
| requestExpirationDateTime | DateTimeOffset | Indicates the DateTime when any action on the OperationApprovalRequest is no longer permitted. The value cannot be modified and is automatically populated when the request is created using expiration offset values defined in the service controllers. The Timestamp type represents date and time information using ISO 8601 format and is always in UTC time. For example, midnight UTC on Jan 1, 2014 would look like this: '2014-01-01T00:00:00Z'. Returned by default. Read-only. This property is read-only. |
| requestStatus | operationApprovalRequestStatus | The current approval status of the OperationApprovalRequest. Possible values are: unknown, needsApproval, approved, rejected, cancelled, completed, expired. Default value is unknown. Read-only. This property is read-only. Possible values are: unknown, needsApproval, approved, rejected, cancelled, completed, expired, unknownFutureValue. |
| entityLocked | Boolean | The status of the Entity connected to the OperationApprovalRequest in regard to changes, whether further requests are allowed or if the Entity is locked. When true, a lock is present on the Entity and no approval requests can be currently made for it. When false, the Entity is not locked and approval requests are allowed. Default value is false. Read-only. This property is read-only. |
Graph reference: intune-rbac-operationapprovalsource
Graph reference: rbacApplicationMultiple
| Property | Type | Description |
|---|
Graph reference: resourceOperation
| Property | Type | Description |
|---|---|---|
| id | String | Key of the Resource Operation. Read-only, automatically generated. |
| resourceName | String | Name of the Resource this operation is performed on. |
| actionName | String | Type of action this operation is going to perform. The actionName should be concise and limited to as few words as possible. |
| description | String | Description of the resource operation. The description is used in mouse-over text for the operation when shown in the Azure Portal. |
Graph reference: roleAssignment
| Property | Type | Description |
|---|---|---|
| id | String | Key of the entity. This is read-only and automatically generated. |
| displayName | String | The display or friendly name of the role Assignment. |
| description | String | Description of the Role Assignment. |
| resourceScopes | String collection | List of ids of role scope member security groups. These are IDs from Azure Active Directory. |
Graph reference: roleDefinition
| Property | Type | Description |
|---|---|---|
| id | String | Key of the entity. This is read-only and automatically generated. |
| displayName | String | Display Name of the Role definition. |
| description | String | Description of the Role definition. |
| rolePermissions | rolePermission collection | List of Role Permissions this role is allowed to perform. These must match the actionName that is defined as part of the rolePermission. |
| isBuiltIn | Boolean | Type of Role. Set to True if it is built-in, or set to False if it is a custom role definition. |
Graph reference: roleManagement
| Property | Type | Description |
|---|---|---|
| id | String |
Graph reference: rolePermission
| Property | Type | Description |
|---|---|---|
| resourceActions | resourceAction collection | Resource Actions each containing a set of allowed and not allowed permissions. |
Graph reference: roleScopeTag
| Property | Type | Description |
|---|---|---|
| id | String | Key of the entity. This is read-only and automatically generated. This property is read-only. |
| displayName | String | The display or friendly name of the Role Scope Tag. |
| description | String | Description of the Role Scope Tag. |
| isBuiltIn | Boolean | Description of the Role Scope Tag. This property is read-only. |
| permissions | String collection | Permissions associated with the Role Scope Tag. This property is read-only. |
Graph reference: roleScopeTagAutoAssignment
| Property | Type | Description |
|---|---|---|
| id | String | Key of the entity. This property is read-only. |
| target | deviceAndAppManagementAssignmentTarget | The auto-assignment target for the specific Role Scope Tag. |
Graph reference: deviceManagement
| Property | Type | Description |
|---|---|---|
| id | String | Not yet documented |
Graph reference: deviceManagementReports
| Property | Type | Description |
|---|---|---|
| id | String | The key of the entity |
Graph reference: remoteAssistancePartner
| Property | Type | Description |
|---|---|---|
| id | String | Unique identifier of the partner. |
| displayName | String | Display name of the partner. |
| onboardingUrl | String | URL of the partner's onboarding portal, where an administrator can configure their Remote Assistance service. |
| onboardingStatus | remoteAssistanceOnboardingStatus | A friendly description of the current TeamViewer connector status. Possible values are: notOnboarded, onboarding, onboarded. |
| lastConnectionDateTime | DateTimeOffset | Timestamp of the last request sent to Intune by the TEM partner. |
Graph reference: remoteAssistanceSettings
| Property | Type | Description |
|---|---|---|
| id | String | The remote assistance settings identifier |
| remoteAssistanceState | remoteAssistanceState | The current state of remote assistance for the account. Possible values are: disabled, enabled. This setting is configurable by the admin. Remote assistance settings that have not yet been configured by the admin have a disabled state. Returned by default. Possible values are: disabled, enabled. |
| allowSessionsToUnenrolledDevices | Boolean | Indicates if sessions to unenrolled devices are allowed for the account. This setting is configurable by the admin. Default value is false. |
| blockChat | Boolean | Indicates if sessions to block chat function. This setting is configurable by the admin. Default value is false. |
Graph reference: deviceManagement
| Property | Type | Description |
|---|---|---|
| id | String | Unique identifier for this entity |
Graph reference: deviceManagementCachedReportConfiguration
| Property | Type | Description |
|---|---|---|
| id | String | Unique identifier for this entity. |
| reportName | String | Name of the report. |
| filter | String | Filters applied on report creation. |
| select | String collection | Columns selected from the report. |
| orderBy | String collection | Ordering of columns in the report. |
| metadata | String | Caller-managed metadata associated with the report. |
| status | deviceManagementReportStatus | Status of the cached report. Possible values are: unknown, notStarted, inProgress, completed, failed. |
| lastRefreshDateTime | DateTimeOffset | Time that the cached report was last refreshed. |
| expirationDateTime | DateTimeOffset | Time that the cached report expires. |
Graph reference: deviceManagementExportJob
| Property | Type | Description |
|---|---|---|
| id | String | Unique identifier for this entity |
| reportName | String | Name of the report |
| filter | String | Filters applied on the report |
| select | String collection | Columns selected from the report |
| format | deviceManagementReportFileFormat | Format of the exported report. Possible values are: csv, pdf, json, unknownFutureValue. |
| snapshotId | String | A snapshot is an identifiable subset of the dataset represented by the ReportName. A sessionId or CachedReportConfiguration id can be used here. If a sessionId is specified, Filter, Select, and OrderBy are applied to the data represented by the sessionId. Filter, Select, and OrderBy cannot be specified together with a CachedReportConfiguration id. |
| localizationType | deviceManagementExportJobLocalizationType | Configures how the requested export job is localized. Possible values are: localizedValuesAsAdditionalColumn, replaceLocalizableValues. |
| status | deviceManagementReportStatus | Status of the export job. Possible values are: unknown, notStarted, inProgress, completed, failed. |
| url | String | Temporary location of the exported report |
| requestDateTime | DateTimeOffset | Time that the exported report was requested |
| expirationDateTime | DateTimeOffset | Time that the exported report expires |
Graph reference: deviceManagementReports
| Property | Type | Description |
|---|---|---|
| id | String | Unique identifier for this entity |
Graph reference: deviceManagementReportSchedule
| Property | Type | Description |
|---|---|---|
| id | String | Unique identifier for this entity |
| reportScheduleName | String | Name of the schedule |
| subject | String | Subject of the scheduled reports that are delivered |
| emails | String collection | Emails to which the scheduled reports are delivered |
| recurrence | deviceManagementScheduledReportRecurrence | Frequency of scheduled report delivery. Possible values are: none, daily, weekly, monthly. |
| startDateTime | DateTimeOffset | Time that the delivery of the scheduled reports starts |
| endDateTime | DateTimeOffset | Time that the delivery of the scheduled reports ends |
| userId | String | The Id of the User who created the report |
| reportName | String | Name of the report |
| filter | String | Filters applied on the report |
| select | String collection | Columns selected from the report |
| orderBy | String collection | Ordering of columns in the report |
| format | deviceManagementReportFileFormat | Format of the scheduled report. Possible values are: csv, pdf. |
Graph reference: deviceAndAppManagementAssignmentTarget
Graph reference: deviceCompliancePolicy
| Property | Type | Description |
|---|---|---|
| id | String | Key of the entity. |
| roleScopeTagIds | String collection | List of Scope Tags for this Entity instance. |
| createdDateTime | DateTimeOffset | DateTime the object was created. |
| description | String | Admin provided description of the Device Configuration. |
| lastModifiedDateTime | DateTimeOffset | DateTime the object was last modified. |
| displayName | String | Admin provided name of the device configuration. |
| version | Int32 | Version of the device configuration. |
Graph reference: deviceConfiguration
| Property | Type | Description |
|---|---|---|
| id | String | Key of the entity. |
| lastModifiedDateTime | DateTimeOffset | DateTime the object was last modified. |
| roleScopeTagIds | String collection | List of Scope Tags for this Entity instance. |
| supportsScopeTags | Boolean | Indicates whether or not the underlying Device Configuration supports the assignment of scope tags. Assigning to the ScopeTags property is not allowed when this value is false and entities will not be visible to scoped users. This occurs for Legacy policies created in Silverlight and can be resolved by deleting and recreating the policy in the Azure Portal. This property is read-only. |
| deviceManagementApplicabilityRuleOsEdition | deviceManagementApplicabilityRuleOsEdition | The OS edition applicability for this Policy. |
| deviceManagementApplicabilityRuleOsVersion | deviceManagementApplicabilityRuleOsVersion | The OS version applicability rule for this Policy. |
| deviceManagementApplicabilityRuleDeviceMode | deviceManagementApplicabilityRuleDeviceMode | The device mode applicability rule for this Policy. |
| createdDateTime | DateTimeOffset | DateTime the object was created. |
| description | String | Admin provided description of the Device Configuration. |
| displayName | String | Admin provided name of the device configuration. |
| version | Int32 | Version of the device configuration. |
Graph reference: deviceEnrollmentConfiguration
| Property | Type | Description |
|---|---|---|
| id | String | Unique Identifier for the account |
| displayName | String | The display name of the device enrollment configuration |
| description | String | The description of the device enrollment configuration |
| priority | Int32 | Priority is used when a user exists in multiple groups that are assigned enrollment configuration. Users are subject only to the configuration with the lowest priority value. |
| createdDateTime | DateTimeOffset | Created date time in UTC of the device enrollment configuration |
| lastModifiedDateTime | DateTimeOffset | Last modified date time in UTC of the device enrollment configuration |
| version | Int32 | The version of the device enrollment configuration |
Graph reference: deviceManagement
| Property | Type | Description |
|---|---|---|
| id | String | Unique identifier associated with the device. |
| Device configuration | ||
| intuneAccountId | Guid | Intune Account ID for given tenant |
| legacyPcManangementEnabled | Boolean | The property to enable Non-MDM managed legacy PC management for this account. This property is read-only. |
| maximumDepTokens | Int32 | Maximum number of DEP tokens allowed per-tenant. |
| settings | deviceManagementSettings | Account level settings. |
| Device management | ||
| accountMoveCompletionDateTime | DateTimeOffset | The date & time when tenant data moved between scaleunits. |
| adminConsent | adminConsent | Admin consent information. |
| deviceProtectionOverview | deviceProtectionOverview | Device protection overview. |
| managedDeviceCleanupSettings | managedDeviceCleanupSettings | Device cleanup rule |
| subscriptionState | deviceManagementSubscriptionState | Tenant mobile device management subscription state. Possible values are: pending, active, warning, disabled, deleted, blocked, lockedOut. |
| subscriptions | deviceManagementSubscriptions | Tenant's Subscription. Possible values are: none, intune, office365, intunePremium, intune_EDU, intune_SMB. |
| windowsMalwareOverview | windowsMalwareOverview | Malware overview for windows devices. |
| Group Policy Analytics | ||
| groupPolicyObjectFiles | groupPolicyObjectFile collection | A list of Group Policy Object files uploaded. |
| Onboarding | ||
| intuneBrand | intuneBrand | intuneBrand contains data which is used in customizing the appearance of the Company Portal applications as well as the end user web portal. |
| Odj | ||
| domainJoinConnectors | deviceManagementDomainJoinConnector collection | A list of connector objects. |
Graph reference: deviceManagementConfigurationChoiceSettingDefinition
| Property | Type | Description |
|---|---|---|
| applicability | deviceManagementConfigurationSettingApplicability | Details which device setting is applicable on Inherited from deviceManagementConfigurationSettingDefinition |
| accessTypes | deviceManagementConfigurationSettingAccessTypes | Read/write access mode of the setting Inherited from deviceManagementConfigurationSettingDefinition. Possible values are: none, add, copy, delete, get, replace, execute. |
| keywords | String collection | Tokens which to search settings on Inherited from deviceManagementConfigurationSettingDefinition |
| infoUrls | String collection | List of links more info for the setting can be found at Inherited from deviceManagementConfigurationSettingDefinition |
| occurrence | deviceManagementConfigurationSettingOccurrence | Indicates whether the setting is required or not Inherited from deviceManagementConfigurationSettingDefinition |
| baseUri | String | Base CSP Path Inherited from deviceManagementConfigurationSettingDefinition |
| offsetUri | String | Offset CSP Path from Base Inherited from deviceManagementConfigurationSettingDefinition |
| rootDefinitionId | String | Root setting definition if the setting is a child setting. Inherited from deviceManagementConfigurationSettingDefinition |
| categoryId | String | Specifies the area group under which the setting is configured in a specified configuration service provider (CSP) Inherited from deviceManagementConfigurationSettingDefinition |
| settingUsage | deviceManagementConfigurationSettingUsage | Setting type, for example, configuration and compliance Inherited from deviceManagementConfigurationSettingDefinition. Possible values are: none, configuration, compliance. |
| uxBehavior | deviceManagementConfigurationControlType | Setting control type representation in the UX Inherited from deviceManagementConfigurationSettingDefinition. Possible values are: default, dropdown, smallTextBox, largeTextBox, toggle, multiheaderGrid, contextPane. |
| visibility | deviceManagementConfigurationSettingVisibility | Setting visibility scope to UX Inherited from deviceManagementConfigurationSettingDefinition. Possible values are: none, settingsCatalog, template. |
| referredSettingInformationList | deviceManagementConfigurationReferredSettingInformation collection | List of referred setting information. Inherited from deviceManagementConfigurationSettingDefinition |
| id | String | Identifier for item Inherited from deviceManagementConfigurationSettingDefinition |
| description | String | Description of the item Inherited from deviceManagementConfigurationSettingDefinition |
| helpText | String | Help text of the item Inherited from deviceManagementConfigurationSettingDefinition |
| name | String | Name of the item Inherited from deviceManagementConfigurationSettingDefinition |
| displayName | String | Display name of the item Inherited from deviceManagementConfigurationSettingDefinition |
| version | String | Item Version Inherited from deviceManagementConfigurationSettingDefinition |
| options | deviceManagementConfigurationOptionDefinition collection | Options for the setting that can be selected |
| defaultOptionId | String | Default option for choice setting |
Graph reference: deviceManagementConfigurationRedirectSettingDefinition
| Property | Type | Description |
|---|---|---|
| applicability | deviceManagementConfigurationSettingApplicability | Details which device setting is applicable on Inherited from deviceManagementConfigurationSettingDefinition |
| accessTypes | deviceManagementConfigurationSettingAccessTypes | Read/write access mode of the setting Inherited from deviceManagementConfigurationSettingDefinition. Possible values are: none, add, copy, delete, get, replace, execute. |
| keywords | String collection | Tokens which to search settings on Inherited from deviceManagementConfigurationSettingDefinition |
| infoUrls | String collection | List of links more info for the setting can be found at Inherited from deviceManagementConfigurationSettingDefinition |
| occurrence | deviceManagementConfigurationSettingOccurrence | Indicates whether the setting is required or not Inherited from deviceManagementConfigurationSettingDefinition |
| baseUri | String | Base CSP Path Inherited from deviceManagementConfigurationSettingDefinition |
| offsetUri | String | Offset CSP Path from Base Inherited from deviceManagementConfigurationSettingDefinition |
| rootDefinitionId | String | Root setting definition if the setting is a child setting. Inherited from deviceManagementConfigurationSettingDefinition |
| categoryId | String | Specifies the area group under which the setting is configured in a specified configuration service provider (CSP) Inherited from deviceManagementConfigurationSettingDefinition |
| settingUsage | deviceManagementConfigurationSettingUsage | Setting type, for example, configuration and compliance Inherited from deviceManagementConfigurationSettingDefinition. Possible values are: none, configuration, compliance. |
| uxBehavior | deviceManagementConfigurationControlType | Setting control type representation in the UX Inherited from deviceManagementConfigurationSettingDefinition. Possible values are: default, dropdown, smallTextBox, largeTextBox, toggle, multiheaderGrid, contextPane. |
| visibility | deviceManagementConfigurationSettingVisibility | Setting visibility scope to UX Inherited from deviceManagementConfigurationSettingDefinition. Possible values are: none, settingsCatalog, template. |
| referredSettingInformationList | deviceManagementConfigurationReferredSettingInformation collection | List of referred setting information. Inherited from deviceManagementConfigurationSettingDefinition |
| id | String | Identifier for item Inherited from deviceManagementConfigurationSettingDefinition |
| description | String | Description of the item Inherited from deviceManagementConfigurationSettingDefinition |
| helpText | String | Help text of the item Inherited from deviceManagementConfigurationSettingDefinition |
| name | String | Name of the item Inherited from deviceManagementConfigurationSettingDefinition |
| displayName | String | Display name of the item Inherited from deviceManagementConfigurationSettingDefinition |
| version | String | Item Version Inherited from deviceManagementConfigurationSettingDefinition |
| deepLink | String | A deep link that points to the specific location in the Intune console where feature support must be managed from. |
| redirectMessage | String | A message that explains that clicking the link will redirect the user to a supported page to manage the settings. |
| redirectReason | String | Indicates the reason for redirecting the user to an alternative location in the console. For example: WiFi profiles are not supported in the settings catalog and must be created with a template policy. |
Graph reference: deviceManagementConfigurationSettingDefinition
| Property | Type | Description |
|---|---|---|
| applicability | deviceManagementConfigurationSettingApplicability | Details which device setting is applicable on |
| accessTypes | deviceManagementConfigurationSettingAccessTypes | Read/write access mode of the setting. Possible values are: none, add, copy, delete, get, replace, execute. |
| keywords | String collection | Tokens which to search settings on |
| infoUrls | String collection | List of links more info for the setting can be found at |
| occurrence | deviceManagementConfigurationSettingOccurrence | Indicates whether the setting is required or not |
| baseUri | String | Base CSP Path |
| offsetUri | String | Offset CSP Path from Base |
| rootDefinitionId | String | Root setting definition if the setting is a child setting. |
| categoryId | String | Specifies the area group under which the setting is configured in a specified configuration service provider (CSP) |
| settingUsage | deviceManagementConfigurationSettingUsage | Setting type, for example, configuration and compliance. Possible values are: none, configuration, compliance. |
| uxBehavior | deviceManagementConfigurationControlType | Setting control type representation in the UX. Possible values are: default, dropdown, smallTextBox, largeTextBox, toggle, multiheaderGrid, contextPane. |
| visibility | deviceManagementConfigurationSettingVisibility | Setting visibility scope to UX. Possible values are: none, settingsCatalog, template. |
| referredSettingInformationList | deviceManagementConfigurationReferredSettingInformation collection | List of referred setting information. |
| id | String | Identifier for item |
| description | String | Description of the item |
| helpText | String | Help text of the item |
| name | String | Name of the item |
| displayName | String | Display name of the item |
| version | String | Item Version |
Graph reference: deviceManagementConfigurationSettingGroupDefinition
| Property | Type | Description |
|---|---|---|
| applicability | deviceManagementConfigurationSettingApplicability | Details which device setting is applicable on Inherited from deviceManagementConfigurationSettingDefinition |
| accessTypes | deviceManagementConfigurationSettingAccessTypes | Read/write access mode of the setting Inherited from deviceManagementConfigurationSettingDefinition. Possible values are: none, add, copy, delete, get, replace, execute. |
| keywords | String collection | Tokens which to search settings on Inherited from deviceManagementConfigurationSettingDefinition |
| infoUrls | String collection | List of links more info for the setting can be found at Inherited from deviceManagementConfigurationSettingDefinition |
| occurrence | deviceManagementConfigurationSettingOccurrence | Indicates whether the setting is required or not Inherited from deviceManagementConfigurationSettingDefinition |
| baseUri | String | Base CSP Path Inherited from deviceManagementConfigurationSettingDefinition |
| offsetUri | String | Offset CSP Path from Base Inherited from deviceManagementConfigurationSettingDefinition |
| rootDefinitionId | String | Root setting definition if the setting is a child setting. Inherited from deviceManagementConfigurationSettingDefinition |
| categoryId | String | Specifies the area group under which the setting is configured in a specified configuration service provider (CSP) Inherited from deviceManagementConfigurationSettingDefinition |
| settingUsage | deviceManagementConfigurationSettingUsage | Setting type, for example, configuration and compliance Inherited from deviceManagementConfigurationSettingDefinition. Possible values are: none, configuration, compliance. |
| uxBehavior | deviceManagementConfigurationControlType | Setting control type representation in the UX Inherited from deviceManagementConfigurationSettingDefinition. Possible values are: default, dropdown, smallTextBox, largeTextBox, toggle, multiheaderGrid, contextPane. |
| visibility | deviceManagementConfigurationSettingVisibility | Setting visibility scope to UX Inherited from deviceManagementConfigurationSettingDefinition. Possible values are: none, settingsCatalog, template. |
| referredSettingInformationList | deviceManagementConfigurationReferredSettingInformation collection | List of referred setting information. Inherited from deviceManagementConfigurationSettingDefinition |
| id | String | Identifier for item Inherited from deviceManagementConfigurationSettingDefinition |
| description | String | Description of the item Inherited from deviceManagementConfigurationSettingDefinition |
| helpText | String | Help text of the item Inherited from deviceManagementConfigurationSettingDefinition |
| name | String | Name of the item Inherited from deviceManagementConfigurationSettingDefinition |
| displayName | String | Display name of the item Inherited from deviceManagementConfigurationSettingDefinition |
| version | String | Item Version Inherited from deviceManagementConfigurationSettingDefinition |
| childIds | String collection | Dependent child settings to this group of settings |
| dependentOn | deviceManagementConfigurationDependentOn collection | List of Dependencies for the setting group |
| dependedOnBy | deviceManagementConfigurationSettingDependedOnBy collection | List of child settings that depend on this setting |
Graph reference: deviceManagementConfigurationSimpleSettingDefinition
| Property | Type | Description |
|---|---|---|
| applicability | deviceManagementConfigurationSettingApplicability | Details which device setting is applicable on Inherited from deviceManagementConfigurationSettingDefinition |
| accessTypes | deviceManagementConfigurationSettingAccessTypes | Read/write access mode of the setting Inherited from deviceManagementConfigurationSettingDefinition. Possible values are: none, add, copy, delete, get, replace, execute. |
| keywords | String collection | Tokens which to search settings on Inherited from deviceManagementConfigurationSettingDefinition |
| infoUrls | String collection | List of links more info for the setting can be found at Inherited from deviceManagementConfigurationSettingDefinition |
| occurrence | deviceManagementConfigurationSettingOccurrence | Indicates whether the setting is required or not Inherited from deviceManagementConfigurationSettingDefinition |
| baseUri | String | Base CSP Path Inherited from deviceManagementConfigurationSettingDefinition |
| offsetUri | String | Offset CSP Path from Base Inherited from deviceManagementConfigurationSettingDefinition |
| rootDefinitionId | String | Root setting definition if the setting is a child setting. Inherited from deviceManagementConfigurationSettingDefinition |
| categoryId | String | Specifies the area group under which the setting is configured in a specified configuration service provider (CSP) Inherited from deviceManagementConfigurationSettingDefinition |
| settingUsage | deviceManagementConfigurationSettingUsage | Setting type, for example, configuration and compliance Inherited from deviceManagementConfigurationSettingDefinition. Possible values are: none, configuration, compliance. |
| uxBehavior | deviceManagementConfigurationControlType | Setting control type representation in the UX Inherited from deviceManagementConfigurationSettingDefinition. Possible values are: default, dropdown, smallTextBox, largeTextBox, toggle, multiheaderGrid, contextPane. |
| visibility | deviceManagementConfigurationSettingVisibility | Setting visibility scope to UX Inherited from deviceManagementConfigurationSettingDefinition. Possible values are: none, settingsCatalog, template. |
| referredSettingInformationList | deviceManagementConfigurationReferredSettingInformation collection | List of referred setting information. Inherited from deviceManagementConfigurationSettingDefinition |
| id | String | Identifier for item Inherited from deviceManagementConfigurationSettingDefinition |
| description | String | Description of the item Inherited from deviceManagementConfigurationSettingDefinition |
| helpText | String | Help text of the item Inherited from deviceManagementConfigurationSettingDefinition |
| name | String | Name of the item Inherited from deviceManagementConfigurationSettingDefinition |
| displayName | String | Display name of the item Inherited from deviceManagementConfigurationSettingDefinition |
| version | String | Item Version Inherited from deviceManagementConfigurationSettingDefinition |
| valueDefinition | deviceManagementConfigurationSettingValueDefinition | Definition of the value for this setting |
| defaultValue | deviceManagementConfigurationSettingValue | Default setting value for this setting |
| dependentOn | deviceManagementConfigurationDependentOn collection | list of parent settings this setting is dependent on |
| dependedOnBy | deviceManagementConfigurationSettingDependedOnBy collection | list of child settings that depend on this setting |
Graph reference: deviceManagementDerivedCredentialSettings
| Property | Type | Description |
|---|---|---|
| id | String | Unique identifier for the Derived Credential |
Graph reference: deviceManagementScript
| Property | Type | Description |
|---|---|---|
| id | String | Unique Identifier for the device management script. |
| displayName | String | Name of the device management script. |
| description | String | Optional description for the device management script. |
| scriptContent | Binary | The script content. |
| createdDateTime | DateTimeOffset | The date and time the device management script was created. This property is read-only. |
| lastModifiedDateTime | DateTimeOffset | The date and time the device management script was last modified. This property is read-only. |
| runAsAccount | runAsAccountType | Indicates the type of execution context. Possible values are: system, user. |
| enforceSignatureCheck | Boolean | Indicate whether the script signature needs be checked. |
| fileName | String | Script file name. |
| roleScopeTagIds | String collection | List of Scope Tag IDs for this PowerShellScript instance. |
| runAs32Bit | Boolean | A value indicating whether the PowerShell script should run as 32-bit |
Graph reference: enrollmentTimeDeviceMembershipTarget
| Property | Type | Description |
|---|---|---|
| targetType | enrollmentTimeDeviceMembershipTargetType | The type of the targets that devices will become members of when enrolled with the asociated profile. Possible values are staticSecurityGroup. Default value : unknown. Possible values are: unknown, staticSecurityGroup, unknownFutureValue. |
| targetId | String | The unique identifiers of the targets that devices will become members of when enrolled with the asociated profile. |
Graph reference: enrollmentTimeDeviceMembershipTargetResult
| Property | Type | Description |
|---|---|---|
| validationSucceeded | Boolean | Indicates if validations succeeded for the device membership target. When 'true', the device membership target validation found no issues. When 'false', the device membership target validation found issues. default - false |
| enrollmentTimeDeviceMembershipTargetValidationStatuses | enrollmentTimeDeviceMembershipTargetStatus collection | A list of validation status of the memberships targetted to profile. This collection can contain a maximum of 1 elements. |
Graph reference: keyLongValuePair
| Property | Type | Description |
|---|---|---|
| name | String | Name for this key long value pair |
| value | Int64 | Value for this key long value pair |
Graph reference: mobileApp
| Property | Type | Description |
|---|---|---|
| id | String | Key of the entity. |
| displayName | String | The admin provided or imported title of the app. |
| description | String | The description of the app. |
| publisher | String | The publisher of the app. |
| largeIcon | mimeContent | The large icon, to be displayed in the app details and used for upload of the icon. |
| createdDateTime | DateTimeOffset | The date and time the app was created. |
| lastModifiedDateTime | DateTimeOffset | The date and time the app was last modified. |
| isFeatured | Boolean | The value indicating whether the app is marked as featured by the admin. |
| privacyInformationUrl | String | The privacy statement Url. |
| informationUrl | String | The more information Url. |
| owner | String | The owner of the app. |
| developer | String | The developer of the app. |
| notes | String | Notes for the app. |
| uploadState | Int32 | The upload state. |
| publishingState | mobileAppPublishingState | The publishing state for the app. The app cannot be assigned unless the app is published. Possible values are: notPublished, processing, published. |
| isAssigned | Boolean | The value indicating whether the app is assigned to at least one group. |
| roleScopeTagIds | String collection | List of scope tag ids for this mobile app. |
| dependentAppCount | Int32 | The total number of dependencies the child app has. |
Graph reference: report
| Property | Type | Description |
|---|---|---|
| content | Stream | Report content; details vary by report type. |
Graph reference: reportRoot
| Property | Type | Description |
|---|---|---|
| id | String | The unique identifier for this entity. |
Graph reference: intune-shared-runasaccounttype
Graph reference: intune-shared-runstate
Graph reference: windowsDomainJoinConfiguration
| Property | Type | Description |
|---|---|---|
| id | String | Key of the entity. Inherited from deviceConfiguration |
| Device configuration | ||
| activeDirectoryDomainName | String | Active Directory domain name to join. |
| computerNameStaticPrefix | String | Fixed prefix to be used for computer name. |
| computerNameSuffixRandomCharCount | Int32 | Dynamically generated characters used as suffix for computer name. Valid values 3 to 14 |
| createdDateTime | DateTimeOffset | DateTime the object was created. Inherited from deviceConfiguration |
| description | String | Admin provided description of the Device Configuration. Inherited from deviceConfiguration |
| displayName | String | Admin provided name of the device configuration. Inherited from deviceConfiguration |
| lastModifiedDateTime | DateTimeOffset | DateTime the object was last modified. Inherited from deviceConfiguration |
| organizationalUnit | String | Organizational unit (OU) where the computer account will be created. If this parameter is NULL, the well known computer object container will be used as published in the domain. |
| roleScopeTagIds | String collection | List of Scope Tags for this Entity instance. Inherited from deviceConfiguration |
| supportsScopeTags | Boolean | Indicates whether or not the underlying Device Configuration supports the assignment of scope tags. Assigning to the ScopeTags property is not allowed when this value is false and entities will not be visible to scoped users. This occurs for Legacy policies created in Silverlight and can be resolved by deleting and recreating the policy in the Azure Portal. This property is read-only. Inherited from deviceConfiguration |
| version | Int32 | Version of the device configuration. Inherited from deviceConfiguration |
Graph reference: windowsUpdateState
| Property | Type | Description |
|---|---|---|
| id | String | This is Id of the entity. |
| deviceId | String | The id of the device. |
| userId | String | The id of the user. |
| deviceDisplayName | String | Device display name. |
| userPrincipalName | String | User principal name. |
| status | windowsUpdateStatus | Windows udpate status. Possible values are: upToDate, pendingInstallation, pendingReboot, failed. |
| qualityUpdateVersion | String | The Quality Update Version of the device. |
| featureUpdateVersion | String | The current feature update version of the device. |
| lastScanDateTime | DateTimeOffset | The date time that the Windows Update Agent did a successful scan. |
| lastSyncDateTime | DateTimeOffset | Last date time that the device sync with with Microsoft Intune. |
Graph reference: bulkCatalogItemActionResult
| Property | Type | Description |
|---|---|---|
| successfulIds | String collection | List of catalog item Ids where the action is successful. |
| failedIds | String collection | List of catalog item Ids where the action is failed. |
Graph reference: bulkDriverActionResult
| Property | Type | Description |
|---|---|---|
| successfulDriverIds | String collection | List of driver Ids where the action is successful. |
| failedDriverIds | String collection | List of driver Ids where the action is failed. |
| notFoundDriverIds | String collection | List of driver Ids that are not found. |
Graph reference: intune-softwareupdate-driverapprovalaction
Graph reference: windowsDriverUpdateInventory
| Property | Type | Description |
|---|---|---|
| id | String | The id of the driver. |
| name | String | The name of the driver. |
| version | String | The version of the driver. |
| manufacturer | String | The manufacturer of the driver. |
| releaseDateTime | DateTimeOffset | The release date time of the driver. |
| driverClass | String | The class of the driver. |
| applicableDeviceCount | Int32 | The number of devices for which this driver is applicable. |
| approvalStatus | driverApprovalStatus | The approval status for this driver. Possible values are: needsReview, declined, approved, suspended. |
| category | driverCategory | The category for this driver. Possible values are: recommended, previouslyApproved, other. |
| deployDateTime | DateTimeOffset | The date time when a driver should be deployed if approvalStatus is approved. |
Graph reference: windowsDriverUpdateProfile
| Property | Type | Description |
|---|---|---|
| id | String | The Intune policy id. |
| displayName | String | The display name for the profile. |
| description | String | The description of the profile which is specified by the user. |
| approvalType | driverUpdateProfileApprovalType | Driver update profile approval type. For example, manual or automatic approval. Possible values are: manual, automatic. |
| deviceReporting | Int32 | Number of devices reporting for this profile |
| newUpdates | Int32 | Number of new driver updates available for this profile. |
| deploymentDeferralInDays | Int32 | Deployment deferral settings in days, only applicable when ApprovalType is set to automatic approval. |
| createdDateTime | DateTimeOffset | The date time that the profile was created. |
| lastModifiedDateTime | DateTimeOffset | The date time that the profile was last modified. |
| roleScopeTagIds | String collection | List of Scope Tags for this Driver Update entity. |
| inventorySyncStatus | windowsDriverUpdateProfileInventorySyncStatus | Driver inventory sync status for this profile. |
Graph reference: windowsDriverUpdateProfileAssignment
| Property | Type | Description |
|---|---|---|
| id | String | The Identifier of the entity |
| target | deviceAndAppManagementAssignmentTarget | The assignment target that the driver update profile is assigned to. |
Graph reference: windowsFeatureUpdateCatalogItem
| Property | Type | Description |
|---|---|---|
| id | String | The catalog item id. Inherited from windowsUpdateCatalogItem |
| displayName | String | The display name for the catalog item. Inherited from windowsUpdateCatalogItem |
| releaseDateTime | DateTimeOffset | The date the catalog item was released Inherited from windowsUpdateCatalogItem |
| endOfSupportDate | DateTimeOffset | The last supported date for a catalog item Inherited from windowsUpdateCatalogItem |
| version | String | The feature update version |
Graph reference: windowsFeatureUpdateProfile
| Property | Type | Description |
|---|---|---|
| id | String | The Identifier of the entity. |
| displayName | String | The display name of the profile. |
| description | String | The description of the profile which is specified by the user. |
| featureUpdateVersion | String | The feature update version that will be deployed to the devices targeted by this profile. The version could be any supported version for example 1709, 1803 or 1809 and so on. |
| rolloutSettings | windowsUpdateRolloutSettings | The windows update rollout settings, including offer start date time, offer end date time, and days between each set of offers. |
| createdDateTime | DateTimeOffset | The date time that the profile was created. |
| lastModifiedDateTime | DateTimeOffset | The date time that the profile was last modified. |
| roleScopeTagIds | String collection | List of Scope Tags for this Feature Update entity. |
| deployableContentDisplayName | String | Friendly display name of the quality update profile deployable content |
| endOfSupportDate | DateTimeOffset | The last supported date for a feature update |
| installLatestWindows10OnWindows11IneligibleDevice | Boolean | If true, the latest Microsoft Windows 10 update will be installed on devices ineligible for Microsoft Windows 11 |
| installFeatureUpdatesOptional | Boolean | If true, the Windows 11 update will become optional |
Graph reference: windowsFeatureUpdateProfileAssignment
| Property | Type | Description |
|---|---|---|
| id | String | The Identifier of the entity |
| target | deviceAndAppManagementAssignmentTarget | The assignment target that the feature update profile is assigned to. |
Graph reference: windowsQualityUpdateCatalogItem
| Property | Type | Description |
|---|---|---|
| id | String | The catalog item id. Inherited from windowsUpdateCatalogItem |
| displayName | String | The display name for the catalog item. Inherited from windowsUpdateCatalogItem |
| releaseDateTime | DateTimeOffset | The date the catalog item was released Inherited from windowsUpdateCatalogItem |
| endOfSupportDate | DateTimeOffset | The last supported date for a catalog item Inherited from windowsUpdateCatalogItem |
| kbArticleId | String | Identifies the knowledge base article associated with the Windows quality update catalog item. Read-only |
| classification | windowsQualityUpdateCategory | The category of the Windows quality update. Possible values are: all, security, nonSecurity. Read-only. Possible values are: all, security, nonSecurity. |
| qualityUpdateCadence | windowsQualityUpdateCadence | The publishing cadence of the quality update. Possible values are: monthly, outOfBand. This property cannot be modified and is automatically populated when the catalog is created. Read-only. Possible values are: monthly, outOfBand, unknownFutureValue. |
| isExpeditable | Boolean | When TRUE, indicates that the quality updates qualify for expedition. When FALSE, indicates the quality updates do not quality for expedition. Default value is FALSE. Read-only |
| productRevisions | windowsQualityUpdateCatalogProductRevision collection | The operating system product revisions that are released as part of this quality update. Read-only. |
Graph reference: windowsQualityUpdateCatalogItemPolicyDetail
| Property | Type | Description |
|---|---|---|
| policyId | Guid | Policy Id for this approval intend |
| catalogItemId | Guid | Catalog item id for this approval intend |
| approvalStatus | windowsQualityUpdateApprovalStatus | Approval status for this approval intend. Possible values are: unknown, approved, suspended, unknownFutureValue. |
Graph reference: windowsQualityUpdatePolicy
| Property | Type | Description |
|---|---|---|
| id | String | This id is assigned when creating the profile. Read-only |
| displayName | String | The display name for the policy. Max allowed length is 200 chars. |
| description | String | The description of the policy which is specified by the user. Max allowed length is 1500 chars. |
| createdDateTime | DateTimeOffset | Timestamp of when the profile was created. The value cannot be modified and is automatically populated when the profile is created. The Timestamp type represents date and time information using ISO 8601 format and is always in UTC time. Read-only |
| lastModifiedDateTime | DateTimeOffset | Timestamp of when the profile was modified. The value cannot be modified and is automatically populated when the profile is modified. The Timestamp type represents date and time information using ISO 8601 format and is always in UTC time. Read-only |
| roleScopeTagIds | String collection | List of the scope tag ids for this profile. |
| hotpatchEnabled | Boolean | Indicates if hotpatch is enabled for the tenants. When 'true', tenant can apply quality updates without rebooting their devices. When 'false', tenant devices will receive cold patch associated with Windows quality updates. |
| approvalSettings | windowsQualityUpdateApprovalSetting collection | The list of approval settings for this policy. The maximun number of approval settings supported for one policy is 6. The expected number of approval settings for one policy from UX is 4. |
Graph reference: intune-softwareupdate-windowsqualityupdatepolicyactiontype
Graph reference: windowsQualityUpdatePolicyAssignment
| Property | Type | Description |
|---|---|---|
| id | String | The id for CloudQualityUpdateProfileAssignment entity. This id is assigned when assigning the profile to a group. Read-only |
| target | deviceAndAppManagementAssignmentTarget | The assignment target that the Windows quality update policy is assigned to. |
Graph reference: windowsQualityUpdateProfile
| Property | Type | Description |
|---|---|---|
| id | String | The Intune policy id. |
| displayName | String | The display name for the profile. |
| description | String | The description of the profile which is specified by the user. |
| expeditedUpdateSettings | expeditedWindowsQualityUpdateSettings | Expedited update settings. |
| createdDateTime | DateTimeOffset | The date time that the profile was created. |
| lastModifiedDateTime | DateTimeOffset | The date time that the profile was last modified. |
| roleScopeTagIds | String collection | List of Scope Tags for this Quality Update entity. |
| releaseDateDisplayName | String | Friendly release date to display for a Quality Update release |
| deployableContentDisplayName | String | Friendly display name of the quality update profile deployable content |
Graph reference: windowsQualityUpdateProfileAssignment
| Property | Type | Description |
|---|---|---|
| id | String | The Identifier of the entity |
| target | deviceAndAppManagementAssignmentTarget | The assignment target that the quality update profile is assigned to. |
Graph reference: windowsUpdateCatalogItem
| Property | Type | Description |
|---|---|---|
| id | String | The catalog item id. |
| displayName | String | The display name for the catalog item. |
| releaseDateTime | DateTimeOffset | The date the catalog item was released |
| endOfSupportDate | DateTimeOffset | The last supported date for a catalog item |
Graph reference: appleVppTokenTroubleshootingEvent
| Property | Type | Description |
|---|---|---|
| id | String | UUID for the object Inherited from deviceManagementTroubleshootingEvent |
| eventDateTime | DateTimeOffset | Time when the event occurred . Inherited from deviceManagementTroubleshootingEvent |
| correlationId | String | Id used for tracing the failure in the service. Inherited from deviceManagementTroubleshootingEvent |
| troubleshootingErrorDetails | deviceManagementTroubleshootingErrorDetails | Object containing detailed information about the error and its remediation. Inherited from deviceManagementTroubleshootingEvent |
| eventName | String | Event Name corresponding to the Troubleshooting Event. It is an Optional field Inherited from deviceManagementTroubleshootingEvent |
| additionalInformation | keyValuePair collection | A set of string key and string value pairs which provides additional information on the Troubleshooting event Inherited from deviceManagementTroubleshootingEvent |
| tokenId | String | Apple Volume Purchase Program Token Identifier. |
Graph reference: deviceManagement
| Property | Type | Description |
|---|---|---|
| id | String | Not yet documented |
Graph reference: deviceManagementAutopilotEvent
| Property | Type | Description |
|---|---|---|
| id | String | UUID for the object |
| deviceId | String | Device id associated with the object |
| userId | String | UserId id associated with the object |
| eventDateTime | DateTimeOffset | Time when the event occurred . |
| deviceRegisteredDateTime | DateTimeOffset | Device registration date. |
| enrollmentStartDateTime | DateTimeOffset | Device enrollment start date. |
| enrollmentType | windowsAutopilotEnrollmentType | Enrollment type. Possible values are: unknown, azureADJoinedWithAutopilotProfile, offlineDomainJoined, azureADJoinedUsingDeviceAuthWithAutopilotProfile, azureADJoinedUsingDeviceAuthWithoutAutopilotProfile, azureADJoinedWithOfflineAutopilotProfile, azureADJoinedWithWhiteGlove, offlineDomainJoinedWithWhiteGlove, offlineDomainJoinedWithOfflineAutopilotProfile. |
| deviceSerialNumber | String | Device serial number. |
| managedDeviceName | String | Managed device name. |
| userPrincipalName | String | User principal name used to enroll the device. |
| windowsAutopilotDeploymentProfileDisplayName | String | Autopilot profile name. |
| enrollmentState | enrollmentState | Enrollment state like Enrolled, Failed. Possible values are: unknown, enrolled, pendingReset, failed, notContacted, blocked. |
| windows10EnrollmentCompletionPageConfigurationDisplayName | String | Enrollment Status Page profile name |
| windows10EnrollmentCompletionPageConfigurationId | String | Enrollment Status Page profile ID |
| deploymentState | windowsAutopilotDeploymentState | Deployment state like Success, Failure, InProgress, SuccessWithTimeout. Possible values are: unknown, success, inProgress, failure, successWithTimeout, notAttempted, disabled, successOnRetry. |
| deviceSetupStatus | windowsAutopilotDeploymentState | Deployment status for the enrollment status page’s device setup phase. Possible values are: unknown, success, inProgress, failure, successWithTimeout, notAttempted, disabled, successOnRetry. |
| accountSetupStatus | windowsAutopilotDeploymentState | Deployment status for the enrollment status page’s account setup phase. Possible values are: unknown, success, inProgress, failure, successWithTimeout, notAttempted, disabled, successOnRetry. |
| osVersion | String | Device operating system version. |
| deploymentDuration | Duration | Autopilot deployment duration including enrollment. |
| deploymentTotalDuration | Duration | Total deployment duration from enrollment to Desktop screen. |
| deviceSetupDuration | Duration | Time spent in device ESP. |
| accountSetupDuration | Duration | Time spent in user ESP. |
| deploymentStartDateTime | DateTimeOffset | Deployment start time. |
| deploymentEndDateTime | DateTimeOffset | Deployment end time. |
| enrollmentFailureDetails | String | Enrollment failure details. |
Graph reference: deviceManagementTroubleshootingEvent
| Property | Type | Description |
|---|---|---|
| id | String | UUID for the object |
| eventDateTime | DateTimeOffset | Time when the event occurred . |
| correlationId | String | Id used for tracing the failure in the service. |
Graph reference: enrollmentTroubleshootingEvent
| Property | Type | Description |
|---|---|---|
| id | String | UUID for the object Inherited from deviceManagementTroubleshootingEvent |
| eventDateTime | DateTimeOffset | Time when the event occurred . Inherited from deviceManagementTroubleshootingEvent |
| correlationId | String | Id used for tracing the failure in the service. Inherited from deviceManagementTroubleshootingEvent |
| managedDeviceIdentifier | String | Device identifier created or collected by Intune. |
| operatingSystem | String | Operating System. |
| osVersion | String | OS Version. |
| userId | String | Identifier for the user that tried to enroll the device. |
| deviceId | String | Azure AD device identifier. |
| enrollmentType | deviceEnrollmentType | Type of the enrollment. Possible values are: unknown, userEnrollment, deviceEnrollmentManager, appleBulkWithUser, appleBulkWithoutUser, windowsAzureADJoin, windowsBulkUserless, windowsAutoEnrollment, windowsBulkAzureDomainJoin, windowsCoManagement, windowsAzureADJoinUsingDeviceAuth, appleUserEnrollment, appleUserEnrollmentWithServiceAccount. |
| failureCategory | deviceEnrollmentFailureReason | Highlevel failure category. Possible values are: unknown, authentication, authorization, accountValidation, userValidation, deviceNotSupported, inMaintenance, badRequest, featureNotSupported, enrollmentRestrictionsEnforced, clientDisconnected, userAbandonment. |
| failureReason | String | Detailed failure reason. |
Graph reference: managedDeviceSummarizedAppState
| Property | Type | Description |
|---|---|---|
| summarizedAppState | deviceManagementScriptRunState | The device management script run state for the device, which summarizes the overall status of apps installation on the devices. If any app installation encounters an error, the state will be marked as fail; otherwise, if any app is pending installation, the state will be marked as pending. All possible values include: unknown, fail, pending, notApplicable. Possible values are: unknown, success, fail, scriptError, pending, notApplicable, unknownFutureValue. |
| deviceId | String | The unique identifier (DeviceId) associated with the device. |
Graph reference: mobileAppIntentAndState
| Property | Type | Description |
|---|---|---|
| id | String | UUID for the object |
| managedDeviceIdentifier | String | Device identifier created or collected by Intune. |
| userId | String | Identifier for the user that tried to enroll the device. |
| mobileAppList | mobileAppIntentAndStateDetail collection | The list of payload intents and states for the tenant. |
Graph reference: mobileAppTroubleshootingEvent
| Property | Type | Description |
|---|---|---|
| id | String | UUID for the object Inherited from deviceManagementTroubleshootingEvent |
| eventDateTime | DateTimeOffset | Time when the event occurred . Inherited from deviceManagementTroubleshootingEvent |
| correlationId | String | Id used for tracing the failure in the service. Inherited from deviceManagementTroubleshootingEvent |
| troubleshootingErrorDetails | deviceManagementTroubleshootingErrorDetails | Object containing detailed information about the error and its remediation. Inherited from deviceManagementTroubleshootingEvent |
| eventName | String | Event Name corresponding to the Troubleshooting Event. It is an Optional field Inherited from deviceManagementTroubleshootingEvent |
| additionalInformation | keyValuePair collection | A set of string key and string value pairs which provides additional information on the Troubleshooting event Inherited from deviceManagementTroubleshootingEvent |
| managedDeviceIdentifier | String | Device identifier created or collected by Intune. |
| deviceId | String | Device identifier created or collected by Intune. |
| userId | String | Identifier for the user that tried to enroll the device. |
| applicationId | String | Intune application identifier. |
| history | mobileAppTroubleshootingHistoryItem collection | Intune Mobile Application Troubleshooting History Item |
Graph reference: report
| Property | Type | Description |
|---|---|---|
| content | Stream | Not yet documented |
Graph reference: reportRoot
| Property | Type | Description |
|---|---|---|
| id | String | The unique identifier for this entity. |
Graph reference: user
| Property | Type | Description |
|---|---|---|
| id | String | Unique Identifier for the user |
Graph reference: aggregatedPolicyCompliance
| Property | Type | Description |
|---|---|---|
| compliancePolicyId | String | Identifier for the device compliance policy. Optional. Read-only. |
| compliancePolicyName | String | Name of the device compliance policy. Optional. Read-only. |
| compliancePolicyPlatform | String | Platform for the device compliance policy. Possible values are: android, androidForWork, iOS, macOS, windowsPhone81, windows81AndLater, windows10AndLater, androidWorkProfile, androidAOSP, all. Optional. Read-only. |
| compliancePolicyType | String | The type of compliance policy. Optional. Read-only. |
| id | String | Unique identifier for the aggregate device compliance policy. Required. Read-only |
| lastRefreshedDateTime | DateTimeOffset | Date and time the entity was last updated in the multi-tenant management platform. Optional. Read-only. |
| numberOfCompliantDevices | Int64 | The number of devices that are in a compliant status. Optional. Read-only. |
| numberOfErrorDevices | Int64 | The number of devices that are in an error status. Optional. Read-only. |
| numberOfNonCompliantDevices | Int64 | The number of device that are in a non-compliant status. Optional. Read-only. |
| policyModifiedDateTime | DateTimeOffset | The date and time the device policy was last modified. Optional. Read-only. |
| tenantDisplayName | String | The display name for the managed tenant. Optional. Read-only. |
| tenantId | String | The Microsoft Entra tenant identifier for the managed tenant. Optional. Read-only. |
Graph reference: deviceCompliancePolicySettingStateSummary
| Property | Type | Description |
|---|---|---|
| id | String | The unique identifier for this entity. Required. Read-only. |
| conflictDeviceCount | Int32 | The number of devices in a conflict state. Optional. Read-only. |
| errorDeviceCount | Int32 | The number of devices in an error state. Optional. Read-only. |
| failedDeviceCount | Int32 | The number of devices in a failed state. Optional. Read-only. |
| intuneAccountId | String | The identifer for the Microsoft Intune account. Required. Read-only. |
| intuneSettingId | String | The identifier for the Intune setting. Optional. Read-only. |
| lastRefreshedDateTime | DateTimeOffset | Date and time the entity was last updated in the multi-tenant management platform. Optional. Read-only. |
| notApplicableDeviceCount | Int32 | The number of devices in a not applicable state. Optional. Read-only. |
| pendingDeviceCount | Int32 | The number of devices in a pending state. Optional. Read-only. |
| policyType | String | The type for the device compliance policy. Optional. Read-only. |
| settingName | String | The name for the setting within the device compliance policy. Optional. Read-only. |
| succeededDeviceCount | Int32 | The number of devices in a succeeded state. Optional. Read-only. |
| tenantDisplayName | String | The display name for the managed tenant. Required. Read-only. |
| tenantId | String | The Microsoft Entra tenant identifier for the managed tenant. Required. Read-only. |