DeviceManagementConfiguration.Read.All
Allows the app to read properties of Microsoft Intune-managed device configuration and device compliance policies and their assignment to groups.
Graph Methods
Type: A = Application Permission, D = Delegate Permission
Delegate Permission
Id | f1493658-876a-4c87-8fa7-edb559b3476a |
Consent Type | Admin |
Display String | Read Microsoft Intune Device Configuration and Policies |
Description | Allows the app to read properties of Microsoft Intune-managed device configuration and device compliance policies and their assignment to groups. |
Application Permission
Id | dc377aa6-52d8-4e23-b271-2a7ae04cedf3 |
Display String | Read Microsoft Intune device configuration and policies |
Description | Allows the app to read properties of Microsoft Intune-managed device configuration and device compliance policies and their assignment to groups, without a signed-in user. |
Resources
intune-androidforwork-androiddeviceownerenrollmentmode
androidDeviceOwnerEnrollmentProfile
Property | Type | Description |
---|---|---|
accountId | String | Tenant GUID the enrollment profile belongs to. |
id | String | Unique GUID for the enrollment profile. |
displayName | String | Display name for the enrollment profile. |
description | String | Description for the enrollment profile. |
enrollmentMode | androidDeviceOwnerEnrollmentMode | The enrollment mode of devices that use this enrollment profile. Possible values are: corporateOwnedDedicatedDevice , corporateOwnedFullyManaged , corporateOwnedWorkProfile , corporateOwnedAOSPUserlessDevice , corporateOwnedAOSPUserAssociatedDevice . |
enrollmentTokenType | androidDeviceOwnerEnrollmentTokenType | The enrollment token type for an enrollment profile. Possible values are: default , corporateOwnedDedicatedDeviceWithAzureADSharedMode . |
createdDateTime | DateTimeOffset | Date time the enrollment profile was created. |
lastModifiedDateTime | DateTimeOffset | Date time the enrollment profile was last modified. |
tokenValue | String | Value of the most recently created token for this enrollment profile. |
tokenCreationDateTime | DateTimeOffset | Date time the most recently created token was created. |
tokenExpirationDateTime | DateTimeOffset | Date time the most recently created token will expire. |
enrolledDeviceCount | Int32 | Total number of Android devices that have enrolled using this enrollment profile. |
enrollmentTokenUsageCount | Int32 | Total number of AOSP devices that have enrolled using the current token. |
qrCodeContent | String | String used to generate a QR code for the token. |
qrCodeImage | mimeContent | String used to generate a QR code for the token. |
roleScopeTagIds | String collection | List of Scope Tags for this Entity instance. |
configureWifi | Boolean | Boolean that indicates that the Wi-Fi network should be configured during device provisioning. When set to TRUE, device provisioning will use Wi-Fi related properties to automatically connect to Wi-Fi networks. When set to FALSE or undefined, other Wi-Fi related properties will be ignored. Default value is TRUE. Returned by default. |
wifiSsid | String | String that contains the wi-fi login ssid |
wifiPassword | String | String that contains the wi-fi login password |
wifiSecurityType | aospWifiSecurityType | String that contains the wi-fi security type. Possible values are: none , wpa , wep . |
wifiHidden | Boolean | Boolean that indicates if hidden wifi networks are enabled |
isTeamsDeviceProfile | Boolean | Boolean indicating if this profile is an Android AOSP for Teams device profile. |
androidForWorkAppConfigurationSchema
Property | Type | Description |
---|---|---|
id | String | Key of the entity the Android package name for the application the schema corresponds to |
exampleJson | Binary | UTF8 encoded byte array containing example JSON string conforming to this schema that demonstrates how to set the configuration for this app |
schemaItems | androidForWorkAppConfigurationSchemaItem collection | Collection of items each representing a named configuration option in the schema |
androidForWorkEnrollmentProfile
Property | Type | Description |
---|---|---|
accountId | String | Tenant GUID the enrollment profile belongs to. |
id | String | Unique GUID for the enrollment profile. |
displayName | String | Display name for the enrollment profile. |
description | String | Description for the enrollment profile. |
createdDateTime | DateTimeOffset | Date time the enrollment profile was created. |
lastModifiedDateTime | DateTimeOffset | Date time the enrollment profile was last modified. |
tokenValue | String | Value of the most recently created token for this enrollment profile. |
tokenExpirationDateTime | DateTimeOffset | Date time the most recently created token will expire. |
enrolledDeviceCount | Int32 | Total number of Android devices that have enrolled using this enrollment profile. |
qrCodeContent | String | String used to generate a QR code for the token. |
qrCodeImage | mimeContent | String used to generate a QR code for the token. |
androidForWorkSettings
Property | Type | Description |
---|---|---|
id | String | The Android for Work settings identifier |
bindStatus | androidForWorkBindStatus | Bind status of the tenant with the Google EMM API. Possible values are: notBound , bound , boundAndValidated , unbinding . |
lastAppSyncDateTime | DateTimeOffset | Last completion time for app sync |
lastAppSyncStatus | androidForWorkSyncStatus | Last application sync result. Possible values are: success , credentialsNotValid , androidForWorkApiError , managementServiceError , unknownError , none . |
ownerUserPrincipalName | String | Owner UPN that created the enterprise |
ownerOrganizationName | String | Organization name used when onboarding Android for Work |
lastModifiedDateTime | DateTimeOffset | Last modification time for Android for Work settings |
enrollmentTarget | androidForWorkEnrollmentTarget | Indicates which users can enroll devices in Android for Work device management. Possible values are: none , all , targeted , targetedAsEnrollmentRestrictions . |
targetGroupIds | String collection | Specifies which AAD groups can enroll devices in Android for Work device management if enrollmentTarget is set to 'Targeted' |
deviceOwnerManagementEnabled | Boolean | Indicates if this account is flighting for Android Device Owner Management with CloudDPC. |
androidManagedStoreAccountEnterpriseSettings
Property | Type | Description |
---|---|---|
id | String | The Android store account enterprise settings identifier |
bindStatus | androidManagedStoreAccountBindStatus | Bind status of the tenant with the Google EMM API. Possible values are: notBound , bound , boundAndValidated , unbinding . |
lastAppSyncDateTime | DateTimeOffset | Last completion time for app sync |
lastAppSyncStatus | androidManagedStoreAccountAppSyncStatus | Last application sync result. Possible values are: success , credentialsNotValid , androidForWorkApiError , managementServiceError , unknownError , none . |
ownerUserPrincipalName | String | Owner UPN that created the enterprise |
ownerOrganizationName | String | Organization name used when onboarding Android Enterprise |
lastModifiedDateTime | DateTimeOffset | Last modification time for Android enterprise settings |
enrollmentTarget | androidManagedStoreAccountEnrollmentTarget | Indicates which users can enroll devices in Android Enterprise device management. Possible values are: none , all , targeted , targetedAsEnrollmentRestrictions . |
targetGroupIds | String collection | Specifies which AAD groups can enroll devices in Android for Work device management if enrollmentTarget is set to 'Targeted' |
deviceOwnerManagementEnabled | Boolean | Indicates if this account is flighting for Android Device Owner Management with CloudDPC. |
companyCodes | androidEnrollmentCompanyCode collection | Company codes for AndroidManagedStoreAccountEnterpriseSettings |
androidDeviceOwnerFullyManagedEnrollmentEnabled | Boolean | Company codes for AndroidManagedStoreAccountEnterpriseSettings |
managedGooglePlayInitialScopeTagIds | String collection | Initial scope tags for MGP apps |
androidManagedStoreAppConfigurationSchema
Property | Type | Description |
---|---|---|
id | String | Key of the entity the Android package name for the application the schema corresponds to |
exampleJson | Binary | UTF8 encoded byte array containing example JSON string conforming to this schema that demonstrates how to set the configuration for this app |
schemaItems | androidManagedStoreAppConfigurationSchemaItem collection | Collection of items each representing a named configuration option in the schema. It only contains the root-level configuration. |
nestedSchemaItems | androidManagedStoreAppConfigurationSchemaItem collection | Collection of items each representing a named configuration option in the schema. It contains a flat list of all configuration. |
deviceManagement
Property | Type | Description |
---|---|---|
id | String | Not yet documented |
enrollmentProfileForNonGmsTeamsDevice
Property | Type | Description |
---|---|---|
accountId | String | Tenant GUID the enrollment profile belongs to. |
profileId | String | Unique GUID for the enrollment profile. |
tokenExpirationDateTime | DateTimeOffset | Date time the most recently created token will expire. |
encryptedProvisioningPackageExtras | encryptedProvisioningPackageExtras | Encrypted base-64 string that contains the provisioning package extras |
deviceManagementReports
Property | Type | Description |
---|
zebraFotaArtifact
Property | Type | Description |
---|---|---|
id | String | Artifact unique ID from Zebra |
deviceModel | String | Applicable device model (e.g.: TC8300 ) |
osVersion | String | Artifact OS version (e.g.: 8.1.0 ) |
patchVersion | String | Artifact patch version (e.g.: U00 ) |
boardSupportPackageVersion | String | The version of the Board Support Package (BSP. E.g.: 01.18.02.00 ) |
releaseNotesUrl | String | Artifact release notes URL (e.g.: https://www.zebra.com/<filename.pdf> ) |
description | String | Artifact description. (e.g.: `LifeGuard Update 98 (released 24-September-2021) |
zebraFotaConnector
Property | Type | Description |
---|---|---|
id | String | Id of ZebraFotaConnector. |
state | ** Unknown Type microsoft.intune.core.msGraph.zebraFotaConnectorState ** |
The Zebra connector state. |
enrollmentToken | String | Tenant enrollment token from Zebra. The token is used to enroll Zebra devices in the FOTA Service via app config. |
enrollmentAuthorizationUrl | String | Complete account enrollment authorization URL. This corresponds to verification_uri_complete in the Zebra API documentations. |
lastSyncDateTime | DateTimeOffset | Date and time when the account was last synched with Zebra |
fotaAppsApproved | Boolean | Flag indicating if required Firmware Over-the-Air (FOTA) Apps have been approved. |
zebraFotaDeployment
Property | Type | Description |
---|---|---|
id | String | System generated deployment id provided during creation of the deployment. Returned only if operation was a success. |
displayName | String | A human readable name of the deployment. |
description | String | A human readable description of the deployment. |
deploymentSettings | ** Unknown Type microsoft.intune.core.msGraph.zebraFotaDeploymentSettings ** |
Represents settings required to create a deployment such as deployment type, artifact info, download and installation |
deploymentAssignments | ** Unknown Type microsoft.intune.core.msGraph.androidFotaDeploymentAssignment ** collection |
Collection of Android FOTA Assignment |
deploymentStatus | ** Unknown Type microsoft.intune.core.msGraph.zebraFotaDeploymentStatus ** |
Represents the deployment status from Zebra. The status is a high level status of the deployment as opposed being a detailed status per device. |
roleScopeTagIds | String collection | List of Scope Tags for this Entity instance |
androidForWorkApp
Property | Type | Description |
---|---|---|
id | String | Key of the entity. Inherited from mobileApp |
displayName | String | The admin provided or imported title of the app. Inherited from mobileApp |
description | String | The description of the app. Inherited from mobileApp |
publisher | String | The publisher of the app. Inherited from mobileApp |
largeIcon | mimeContent | The large icon, to be displayed in the app details and used for upload of the icon. Inherited from mobileApp |
createdDateTime | DateTimeOffset | The date and time the app was created. Inherited from mobileApp |
lastModifiedDateTime | DateTimeOffset | The date and time the app was last modified. Inherited from mobileApp |
isFeatured | Boolean | The value indicating whether the app is marked as featured by the admin. Inherited from mobileApp |
privacyInformationUrl | String | The privacy statement Url. Inherited from mobileApp |
informationUrl | String | The more information Url. Inherited from mobileApp |
owner | String | The owner of the app. Inherited from mobileApp |
developer | String | The developer of the app. Inherited from mobileApp |
notes | String | Notes for the app. Inherited from mobileApp |
uploadState | Int32 | The upload state. Possible values are: 0 - Not Ready , 1 - Ready , 2 - Processing . Inherited from mobileApp |
publishingState | mobileAppPublishingState | The publishing state for the app. The app cannot be assigned unless the app is published. Inherited from mobileApp. Possible values are: notPublished , processing , published . |
isAssigned | Boolean | The value indicating whether the app is assigned to at least one group. Inherited from mobileApp |
roleScopeTagIds | String collection | List of scope tag ids for this mobile app. Inherited from mobileApp |
dependentAppCount | Int32 | The total number of dependencies the child app has. Inherited from mobileApp |
supersedingAppCount | Int32 | The total number of apps this app directly or indirectly supersedes. Inherited from mobileApp |
supersededAppCount | Int32 | The total number of apps this app is directly or indirectly superseded by. Inherited from mobileApp |
packageId | String | The package identifier. |
appIdentifier | String | The Identity Name. |
usedLicenseCount | Int32 | The number of VPP licenses in use. |
totalLicenseCount | Int32 | The total number of VPP licenses. |
appStoreUrl | String | The Play for Work Store app URL. |
androidForWorkMobileAppConfiguration
Property | Type | Description |
---|---|---|
id | String | Key of the entity. Inherited from managedDeviceMobileAppConfiguration |
targetedMobileApps | String collection | the associated app. Inherited from managedDeviceMobileAppConfiguration |
roleScopeTagIds | String collection | List of Scope Tags for this App configuration entity. Inherited from managedDeviceMobileAppConfiguration |
createdDateTime | DateTimeOffset | DateTime the object was created. Inherited from managedDeviceMobileAppConfiguration |
description | String | Admin provided description of the Device Configuration. Inherited from managedDeviceMobileAppConfiguration |
lastModifiedDateTime | DateTimeOffset | DateTime the object was last modified. Inherited from managedDeviceMobileAppConfiguration |
displayName | String | Admin provided name of the device configuration. Inherited from managedDeviceMobileAppConfiguration |
version | Int32 | Version of the device configuration. Inherited from managedDeviceMobileAppConfiguration |
packageId | String | Android For Work app configuration package id. |
payloadJson | String | Android For Work app configuration JSON payload. |
permissionActions | androidPermissionAction collection | List of Android app permissions and corresponding permission actions. |
profileApplicability | androidProfileApplicability | Android Enterprise profile applicability (AndroidWorkProfile, DeviceOwner, or default (applies to both)). Possible values are: default , androidWorkProfile , androidDeviceOwner . |
connectedAppsEnabled | Boolean | Setting to specify whether to allow ConnectedApps experience for this app. |
androidLobApp
Property | Type | Description |
---|---|---|
id | String | Key of the entity. Inherited from mobileApp |
displayName | String | The admin provided or imported title of the app. Inherited from mobileApp |
description | String | The description of the app. Inherited from mobileApp |
publisher | String | The publisher of the app. Inherited from mobileApp |
largeIcon | mimeContent | The large icon, to be displayed in the app details and used for upload of the icon. Inherited from mobileApp |
createdDateTime | DateTimeOffset | The date and time the app was created. Inherited from mobileApp |
lastModifiedDateTime | DateTimeOffset | The date and time the app was last modified. Inherited from mobileApp |
isFeatured | Boolean | The value indicating whether the app is marked as featured by the admin. Inherited from mobileApp |
privacyInformationUrl | String | The privacy statement Url. Inherited from mobileApp |
informationUrl | String | The more information Url. Inherited from mobileApp |
owner | String | The owner of the app. Inherited from mobileApp |
developer | String | The developer of the app. Inherited from mobileApp |
notes | String | Notes for the app. Inherited from mobileApp |
publishingState | mobileAppPublishingState | The publishing state for the app. The app cannot be assigned unless the app is published. Inherited from mobileApp. Possible values are: notPublished , processing , published . |
committedContentVersion | String | The internal committed content version. Inherited from mobileLobApp |
fileName | String | The name of the main Lob application file. Inherited from mobileLobApp |
size | Int64 | The total size, including all uploaded files. Inherited from mobileLobApp |
packageId | String | The package identifier. |
minimumSupportedOperatingSystem | androidMinimumOperatingSystem | The value for the minimum applicable operating system. |
versionName | String | The version name of Android Line of Business (LoB) app. |
versionCode | String | The version code of Android Line of Business (LoB) app. |
androidManagedStoreApp
Property | Type | Description |
---|---|---|
id | String | Key of the entity. Inherited from mobileApp |
displayName | String | The admin provided or imported title of the app. Inherited from mobileApp |
description | String | The description of the app. Inherited from mobileApp |
publisher | String | The publisher of the app. Inherited from mobileApp |
largeIcon | mimeContent | The large icon, to be displayed in the app details and used for upload of the icon. Inherited from mobileApp |
createdDateTime | DateTimeOffset | The date and time the app was created. Inherited from mobileApp |
lastModifiedDateTime | DateTimeOffset | The date and time the app was last modified. Inherited from mobileApp |
isFeatured | Boolean | The value indicating whether the app is marked as featured by the admin. Inherited from mobileApp |
privacyInformationUrl | String | The privacy statement Url. Inherited from mobileApp |
informationUrl | String | The more information Url. Inherited from mobileApp |
owner | String | The owner of the app. Inherited from mobileApp |
developer | String | The developer of the app. Inherited from mobileApp |
notes | String | Notes for the app. Inherited from mobileApp |
uploadState | Int32 | The upload state. Possible values are: 0 - Not Ready , 1 - Ready , 2 - Processing . Inherited from mobileApp |
publishingState | mobileAppPublishingState | The publishing state for the app. The app cannot be assigned unless the app is published. Inherited from mobileApp. Possible values are: notPublished , processing , published . |
isAssigned | Boolean | The value indicating whether the app is assigned to at least one group. Inherited from mobileApp |
roleScopeTagIds | String collection | List of scope tag ids for this mobile app. Inherited from mobileApp |
dependentAppCount | Int32 | The total number of dependencies the child app has. Inherited from mobileApp |
supersedingAppCount | Int32 | The total number of apps this app directly or indirectly supersedes. Inherited from mobileApp |
supersededAppCount | Int32 | The total number of apps this app is directly or indirectly superseded by. Inherited from mobileApp |
packageId | String | The package identifier. |
appIdentifier | String | The Identity Name. |
usedLicenseCount | Int32 | The number of VPP licenses in use. |
totalLicenseCount | Int32 | The total number of VPP licenses. |
appStoreUrl | String | The Play for Work Store app URL. |
isPrivate | Boolean | Indicates whether the app is only available to a given enterprise's users. |
isSystemApp | Boolean | Indicates whether the app is a preinstalled system app. |
appTracks | androidManagedStoreAppTrack collection | The tracks that are visible to this enterprise. |
supportsOemConfig | Boolean | Whether this app supports OEMConfig policy. |
androidManagedStoreAppConfiguration
Property | Type | Description |
---|---|---|
id | String | Key of the entity. Inherited from managedDeviceMobileAppConfiguration |
targetedMobileApps | String collection | the associated app. Inherited from managedDeviceMobileAppConfiguration |
roleScopeTagIds | String collection | List of Scope Tags for this App configuration entity. Inherited from managedDeviceMobileAppConfiguration |
createdDateTime | DateTimeOffset | DateTime the object was created. Inherited from managedDeviceMobileAppConfiguration |
description | String | Admin provided description of the Device Configuration. Inherited from managedDeviceMobileAppConfiguration |
lastModifiedDateTime | DateTimeOffset | DateTime the object was last modified. Inherited from managedDeviceMobileAppConfiguration |
displayName | String | Admin provided name of the device configuration. Inherited from managedDeviceMobileAppConfiguration |
version | Int32 | Version of the device configuration. Inherited from managedDeviceMobileAppConfiguration |
packageId | String | Android Enterprise app configuration package id. |
payloadJson | String | Android Enterprise app configuration JSON payload. |
permissionActions | androidPermissionAction collection | List of Android app permissions and corresponding permission actions. |
appSupportsOemConfig | Boolean | Whether or not this AppConfig is an OEMConfig policy. |
profileApplicability | androidProfileApplicability | Android Enterprise profile applicability (AndroidWorkProfile, DeviceOwner, or default (applies to both)). Possible values are: default , androidWorkProfile , androidDeviceOwner . |
connectedAppsEnabled | Boolean | Setting to specify whether to allow ConnectedApps experience for this app. |
androidManagedStoreWebApp
Property | Type | Description |
---|---|---|
id | String | Key of the entity. Inherited from mobileApp |
displayName | String | The admin provided or imported title of the app. Inherited from mobileApp |
description | String | The description of the app. Inherited from mobileApp |
publisher | String | The publisher of the app. Inherited from mobileApp |
largeIcon | mimeContent | The large icon, to be displayed in the app details and used for upload of the icon. Inherited from mobileApp |
createdDateTime | DateTimeOffset | The date and time the app was created. Inherited from mobileApp |
lastModifiedDateTime | DateTimeOffset | The date and time the app was last modified. Inherited from mobileApp |
isFeatured | Boolean | The value indicating whether the app is marked as featured by the admin. Inherited from mobileApp |
privacyInformationUrl | String | The privacy statement Url. Inherited from mobileApp |
informationUrl | String | The more information Url. Inherited from mobileApp |
owner | String | The owner of the app. Inherited from mobileApp |
developer | String | The developer of the app. Inherited from mobileApp |
notes | String | Notes for the app. Inherited from mobileApp |
uploadState | Int32 | The upload state. Possible values are: 0 - Not Ready , 1 - Ready , 2 - Processing . Inherited from mobileApp |
publishingState | mobileAppPublishingState | The publishing state for the app. The app cannot be assigned unless the app is published. Inherited from mobileApp. Possible values are: notPublished , processing , published . |
isAssigned | Boolean | The value indicating whether the app is assigned to at least one group. Inherited from mobileApp |
roleScopeTagIds | String collection | List of scope tag ids for this mobile app. Inherited from mobileApp |
dependentAppCount | Int32 | The total number of dependencies the child app has. Inherited from mobileApp |
supersedingAppCount | Int32 | The total number of apps this app directly or indirectly supersedes. Inherited from mobileApp |
supersededAppCount | Int32 | The total number of apps this app is directly or indirectly superseded by. Inherited from mobileApp |
packageId | String | The package identifier. Inherited from androidManagedStoreApp |
appIdentifier | String | The Identity Name. Inherited from androidManagedStoreApp |
usedLicenseCount | Int32 | The number of VPP licenses in use. Inherited from androidManagedStoreApp |
totalLicenseCount | Int32 | The total number of VPP licenses. Inherited from androidManagedStoreApp |
appStoreUrl | String | The Play for Work Store app URL. Inherited from androidManagedStoreApp |
isPrivate | Boolean | Indicates whether the app is only available to a given enterprise's users. Inherited from androidManagedStoreApp |
isSystemApp | Boolean | Indicates whether the app is a preinstalled system app. Inherited from androidManagedStoreApp |
appTracks | androidManagedStoreAppTrack collection | The tracks that are visible to this enterprise. Inherited from androidManagedStoreApp |
supportsOemConfig | Boolean | Whether this app supports OEMConfig policy. Inherited from androidManagedStoreApp |
androidStoreApp
Property | Type | Description |
---|---|---|
id | String | Key of the entity. Inherited from mobileApp |
displayName | String | The admin provided or imported title of the app. Inherited from mobileApp |
description | String | The description of the app. Inherited from mobileApp |
publisher | String | The publisher of the app. Inherited from mobileApp |
largeIcon | mimeContent | The large icon, to be displayed in the app details and used for upload of the icon. Inherited from mobileApp |
createdDateTime | DateTimeOffset | The date and time the app was created. Inherited from mobileApp |
lastModifiedDateTime | DateTimeOffset | The date and time the app was last modified. Inherited from mobileApp |
isFeatured | Boolean | The value indicating whether the app is marked as featured by the admin. Inherited from mobileApp |
privacyInformationUrl | String | The privacy statement Url. Inherited from mobileApp |
informationUrl | String | The more information Url. Inherited from mobileApp |
owner | String | The owner of the app. Inherited from mobileApp |
developer | String | The developer of the app. Inherited from mobileApp |
notes | String | Notes for the app. Inherited from mobileApp |
publishingState | mobileAppPublishingState | The publishing state for the app. The app cannot be assigned unless the app is published. Inherited from mobileApp. Possible values are: notPublished , processing , published . |
packageId | String | The package identifier. |
appStoreUrl | String | The Android app store URL. |
minimumSupportedOperatingSystem | androidMinimumOperatingSystem | The value for the minimum applicable operating system. |
enterpriseCodeSigningCertificate
Property | Type | Description |
---|---|---|
id | String | The unique identifier of the certificate, assigned upon creation. Supports: $filter, $select, $top, $OrderBy, $skip. $Search is not supported. Read-only. |
content | Binary | The Windows Enterprise Code-Signing Certificate in the raw data format. Set to null once certificate has been uploaded and other properties have been populated. |
status | certificateStatus | Whether the Certificate Status Provisioned or not Provisioned. Possible values are: notProvisioned, provisioned. Default is notProvisioned. Uploading a valid cert file through the Intune admin console will automatically populate this value in the HTTP response. Supports: $filter, $select, $top, $OrderBy, $skip. $Search is not supported. Possible values are: notProvisioned , provisioned . |
subjectName | String | The subject name for the cert. This might contain information such as country (C), state or province (S), locality (L), common name of the cert (CN), organization (O), and organizational unit (OU). Uploading a valid cert file through the Intune admin console will automatically populate this value in the HTTP response. Supports: $filter, $select, $top, $OrderBy, $skip. $Search is not supported. |
subject | String | The subject value for the cert. This might contain information such as country (C), state or province (S), locality (L), common name of the cert (CN), organization (O), and organizational unit (OU). Uploading a valid cert file through the Intune admin console will automatically populate this value in the HTTP response. Supports: $filter, $select, $top, $OrderBy, $skip. $Search is not supported. |
issuerName | String | The issuer name for the cert. This might contain information such as country (C), state or province (S), locality (L), common name of the cert (CN), organization (O), and organizational unit (OU). Uploading a valid cert file through the Intune admin console will automatically populate this value in the HTTP response. Supports: $filter, $select, $top, $OrderBy, $skip. $Search is not supported. |
issuer | String | The issuer value for the cert. This might contain information such as country (C), state or province (S), locality (L), common name of the cert (CN), organization (O), and organizational unit (OU). Uploading a valid cert file through the Intune admin console will automatically populate this value in the HTTP response. Supports: $filter, $select, $top, $OrderBy, $skip. $Search is not supported. |
expirationDateTime | DateTimeOffset | The cert expiration date and time (using ISO 8601 format, in UTC time). Uploading a valid cert file through the Intune admin console will automatically populate this value in the HTTP response. Supports: $filter, $select, $top, $OrderBy, $skip. $Search is not supported. |
uploadDateTime | DateTimeOffset | The date time of CodeSigning Cert when it is uploaded (using ISO 8601 format, in UTC time). Uploading a valid cert file through the Intune admin console will automatically populate this value in the HTTP response. Supports: $filter, $select, $top, $OrderBy, $skip. $Search is not supported. |
iosiPadOSWebClip
Property | Type | Description |
---|---|---|
id | String | Key of the entity. Inherited from mobileApp |
displayName | String | The admin provided or imported title of the app. Inherited from mobileApp |
description | String | The description of the app. Inherited from mobileApp |
publisher | String | The publisher of the app. Inherited from mobileApp |
largeIcon | mimeContent | The large icon, to be displayed in the app details and used for upload of the icon. Inherited from mobileApp |
createdDateTime | DateTimeOffset | The date and time the app was created. Inherited from mobileApp |
lastModifiedDateTime | DateTimeOffset | The date and time the app was last modified. Inherited from mobileApp |
isFeatured | Boolean | The value indicating whether the app is marked as featured by the admin. Inherited from mobileApp |
privacyInformationUrl | String | The privacy statement Url. Inherited from mobileApp |
informationUrl | String | The more information Url. Inherited from mobileApp |
owner | String | The owner of the app. Inherited from mobileApp |
developer | String | The developer of the app. Inherited from mobileApp |
notes | String | Notes for the app. Inherited from mobileApp |
publishingState | mobileAppPublishingState | The publishing state for the app. The app cannot be assigned unless the app is published. Inherited from mobileApp. Possible values are: notPublished , processing , published . |
appUrl | String | Indicates iOS/iPadOS web clip app URL. Example: "https://www.contoso.com" |
useManagedBrowser | Boolean | Whether or not to use managed browser. When TRUE, the app will be required to be opened in Microsoft Edge. When FALSE, the app will not be required to be opened in Microsoft Edge. By default, this property is set to FALSE. |
iosLobApp
Property | Type | Description |
---|---|---|
id | String | Key of the entity. Inherited from mobileApp |
displayName | String | The admin provided or imported title of the app. Inherited from mobileApp |
description | String | The description of the app. Inherited from mobileApp |
publisher | String | The publisher of the app. Inherited from mobileApp |
largeIcon | mimeContent | The large icon, to be displayed in the app details and used for upload of the icon. Inherited from mobileApp |
createdDateTime | DateTimeOffset | The date and time the app was created. Inherited from mobileApp |
lastModifiedDateTime | DateTimeOffset | The date and time the app was last modified. Inherited from mobileApp |
isFeatured | Boolean | The value indicating whether the app is marked as featured by the admin. Inherited from mobileApp |
privacyInformationUrl | String | The privacy statement Url. Inherited from mobileApp |
informationUrl | String | The more information Url. Inherited from mobileApp |
owner | String | The owner of the app. Inherited from mobileApp |
developer | String | The developer of the app. Inherited from mobileApp |
notes | String | Notes for the app. Inherited from mobileApp |
publishingState | mobileAppPublishingState | The publishing state for the app. The app cannot be assigned unless the app is published. Inherited from mobileApp. Possible values are: notPublished , processing , published . |
committedContentVersion | String | The internal committed content version. Inherited from mobileLobApp |
fileName | String | The name of the main Lob application file. Inherited from mobileLobApp |
size | Int64 | The total size, including all uploaded files. Inherited from mobileLobApp |
bundleId | String | The Identity Name. |
applicableDeviceType | iosDeviceType | The iOS architecture for which this app can run on. |
minimumSupportedOperatingSystem | iosMinimumOperatingSystem | The value for the minimum applicable operating system. |
expirationDateTime | DateTimeOffset | The expiration time. |
versionNumber | String | The version number of iOS Line of Business (LoB) app. |
buildNumber | String | The build number of iOS Line of Business (LoB) app. |
iosLobAppProvisioningConfigurationAssignment
Property | Type | Description |
---|---|---|
id | String | Key of the entity. |
target | deviceAndAppManagementAssignmentTarget | The target group assignment defined by the admin. |
iosMobileAppConfiguration
Property | Type | Description |
---|---|---|
id | String | Key of the entity. Inherited from managedDeviceMobileAppConfiguration |
targetedMobileApps | String collection | the associated app. Inherited from managedDeviceMobileAppConfiguration |
createdDateTime | DateTimeOffset | DateTime the object was created. Inherited from managedDeviceMobileAppConfiguration |
description | String | Admin provided description of the Device Configuration. Inherited from managedDeviceMobileAppConfiguration |
lastModifiedDateTime | DateTimeOffset | DateTime the object was last modified. Inherited from managedDeviceMobileAppConfiguration |
displayName | String | Admin provided name of the device configuration. Inherited from managedDeviceMobileAppConfiguration |
version | Int32 | Version of the device configuration. Inherited from managedDeviceMobileAppConfiguration |
encodedSettingXml | Binary | mdm app configuration Base64 binary. |
settings | appConfigurationSettingItem collection | app configuration setting items. |
iosStoreApp
Property | Type | Description |
---|---|---|
id | String | Key of the entity. Inherited from mobileApp |
displayName | String | The admin provided or imported title of the app. Inherited from mobileApp |
description | String | The description of the app. Inherited from mobileApp |
publisher | String | The publisher of the app. Inherited from mobileApp |
largeIcon | mimeContent | The large icon, to be displayed in the app details and used for upload of the icon. Inherited from mobileApp |
createdDateTime | DateTimeOffset | The date and time the app was created. Inherited from mobileApp |
lastModifiedDateTime | DateTimeOffset | The date and time the app was last modified. Inherited from mobileApp |
isFeatured | Boolean | The value indicating whether the app is marked as featured by the admin. Inherited from mobileApp |
privacyInformationUrl | String | The privacy statement Url. Inherited from mobileApp |
informationUrl | String | The more information Url. Inherited from mobileApp |
owner | String | The owner of the app. Inherited from mobileApp |
developer | String | The developer of the app. Inherited from mobileApp |
notes | String | Notes for the app. Inherited from mobileApp |
publishingState | mobileAppPublishingState | The publishing state for the app. The app cannot be assigned unless the app is published. Inherited from mobileApp. Possible values are: notPublished , processing , published . |
bundleId | String | The Identity Name. |
appStoreUrl | String | The Apple App Store URL |
applicableDeviceType | iosDeviceType | The iOS architecture for which this app can run on. |
minimumSupportedOperatingSystem | iosMinimumOperatingSystem | The value for the minimum applicable operating system. |
iosVppApp
Property | Type | Description |
---|---|---|
id | String | Key of the entity. Inherited from mobileApp |
displayName | String | The admin provided or imported title of the app. Inherited from mobileApp |
description | String | The description of the app. Inherited from mobileApp |
publisher | String | The publisher of the app. Inherited from mobileApp |
largeIcon | mimeContent | The large icon, to be displayed in the app details and used for upload of the icon. Inherited from mobileApp |
createdDateTime | DateTimeOffset | The date and time the app was created. Inherited from mobileApp |
lastModifiedDateTime | DateTimeOffset | The date and time the app was last modified. Inherited from mobileApp |
isFeatured | Boolean | The value indicating whether the app is marked as featured by the admin. Inherited from mobileApp |
privacyInformationUrl | String | The privacy statement Url. Inherited from mobileApp |
informationUrl | String | The more information Url. Inherited from mobileApp |
owner | String | The owner of the app. Inherited from mobileApp |
developer | String | The developer of the app. Inherited from mobileApp |
notes | String | Notes for the app. Inherited from mobileApp |
publishingState | mobileAppPublishingState | The publishing state for the app. The app cannot be assigned unless the app is published. Inherited from mobileApp. Possible values are: notPublished , processing , published . |
usedLicenseCount | Int32 | The number of VPP licenses in use. |
totalLicenseCount | Int32 | The total number of VPP licenses. |
releaseDateTime | DateTimeOffset | The VPP application release date and time. |
appStoreUrl | String | The store URL. |
licensingType | vppLicensingType | The supported License Type. |
applicableDeviceType | iosDeviceType | The applicable iOS Device Type. |
vppTokenOrganizationName | String | The organization associated with the Apple Volume Purchase Program Token |
vppTokenAccountType | vppTokenAccountType | The type of volume purchase program which the given Apple Volume Purchase Program Token is associated with. Possible values are: business , education . Possible values are: business , education . |
vppTokenAppleId | String | The Apple Id associated with the given Apple Volume Purchase Program Token. |
bundleId | String | The Identity Name. |
iosVppAppAssignedDeviceLicense
Property | Type | Description |
---|---|---|
id | String | Key of the entity. Inherited from iosVppAppAssignedLicense |
userEmailAddress | String | The user email address. Inherited from iosVppAppAssignedLicense |
userId | String | The user ID. Inherited from iosVppAppAssignedLicense |
userName | String | The user name. Inherited from iosVppAppAssignedLicense |
userPrincipalName | String | The user principal name. Inherited from iosVppAppAssignedLicense |
managedDeviceId | String | The managed device ID. |
deviceName | String | The device name. |
iosVppAppAssignedLicense
Property | Type | Description |
---|---|---|
id | String | Key of the entity. |
userEmailAddress | String | The user email address. |
userId | String | The user ID. |
userName | String | The user name. |
userPrincipalName | String | The user principal name. |
iosVppAppAssignedUserLicense
Property | Type | Description |
---|---|---|
id | String | Key of the entity. Inherited from iosVppAppAssignedLicense |
userEmailAddress | String | The user email address. Inherited from iosVppAppAssignedLicense |
userId | String | The user ID. Inherited from iosVppAppAssignedLicense |
userName | String | The user name. Inherited from iosVppAppAssignedLicense |
userPrincipalName | String | The user principal name. Inherited from iosVppAppAssignedLicense |
macOSDmgApp
Property | Type | Description |
---|---|---|
id | String | Key of the entity. Inherited from mobileApp |
displayName | String | The admin provided or imported title of the app. Inherited from mobileApp |
description | String | The description of the app. Inherited from mobileApp |
publisher | String | The publisher of the app. Inherited from mobileApp |
largeIcon | mimeContent | The large icon, to be displayed in the app details and used for upload of the icon. Inherited from mobileApp |
createdDateTime | DateTimeOffset | The date and time the app was created. Inherited from mobileApp |
lastModifiedDateTime | DateTimeOffset | The date and time the app was last modified. Inherited from mobileApp |
isFeatured | Boolean | The value indicating whether the app is marked as featured by the admin. Inherited from mobileApp |
privacyInformationUrl | String | The privacy statement Url. Inherited from mobileApp |
informationUrl | String | The more information Url. Inherited from mobileApp |
owner | String | The owner of the app. Inherited from mobileApp |
developer | String | The developer of the app. Inherited from mobileApp |
notes | String | Notes for the app. Inherited from mobileApp |
uploadState | Int32 | The upload state. Possible values are: 0 - Not Ready , 1 - Ready , 2 - Processing . Inherited from mobileApp |
publishingState | mobileAppPublishingState | The publishing state for the app. The app cannot be assigned unless the app is published. Inherited from mobileApp. Possible values are: notPublished , processing , published . |
isAssigned | Boolean | The value indicating whether the app is assigned to at least one group. Inherited from mobileApp |
roleScopeTagIds | String collection | List of scope tag ids for this mobile app. Inherited from mobileApp |
dependentAppCount | Int32 | The total number of dependencies the child app has. Inherited from mobileApp |
supersedingAppCount | Int32 | The total number of apps this app directly or indirectly supersedes. Inherited from mobileApp |
supersededAppCount | Int32 | The total number of apps this app is directly or indirectly superseded by. Inherited from mobileApp |
committedContentVersion | String | The internal committed content version. Inherited from mobileLobApp |
fileName | String | The name of the main Lob application file. Inherited from mobileLobApp |
size | Int64 | The total size, including all uploaded files. Inherited from mobileLobApp |
primaryBundleId | String | The bundleId of the primary .app in the DMG (Apple Disk Image). This maps to the CFBundleIdentifier in the app's bundle configuration. |
primaryBundleVersion | String | The version of the primary .app in the DMG (Apple Disk Image). This maps to the CFBundleShortVersion in the app's bundle configuration. |
includedApps | macOSIncludedApp collection | The list of .apps expected to be installed by the DMG (Apple Disk Image) |
ignoreVersionDetection | Boolean | When TRUE, indicates that the app's version will NOT be used to detect if the app is installed on a device. When FALSE, indicates that the app's version will be used to detect if the app is installed on a device. Set this to true for apps that use a self update feature. The default value is FALSE. |
minimumSupportedOperatingSystem | macOSMinimumOperatingSystem | ComplexType macOSMinimumOperatingSystem that indicates the minimum operating system applicable for the application. |
macOSLobApp
Property | Type | Description |
---|---|---|
id | String | Key of the entity. Inherited from mobileApp |
displayName | String | The admin provided or imported title of the app. Inherited from mobileApp |
description | String | The description of the app. Inherited from mobileApp |
publisher | String | The publisher of the app. Inherited from mobileApp |
largeIcon | mimeContent | The large icon, to be displayed in the app details and used for upload of the icon. Inherited from mobileApp |
createdDateTime | DateTimeOffset | The date and time the app was created. Inherited from mobileApp |
lastModifiedDateTime | DateTimeOffset | The date and time the app was last modified. Inherited from mobileApp |
isFeatured | Boolean | The value indicating whether the app is marked as featured by the admin. Inherited from mobileApp |
privacyInformationUrl | String | The privacy statement Url. Inherited from mobileApp |
informationUrl | String | The more information Url. Inherited from mobileApp |
owner | String | The owner of the app. Inherited from mobileApp |
developer | String | The developer of the app. Inherited from mobileApp |
notes | String | Notes for the app. Inherited from mobileApp |
publishingState | mobileAppPublishingState | The publishing state for the app. The app cannot be assigned unless the app is published. Inherited from mobileApp. Possible values are: notPublished , processing , published . |
committedContentVersion | String | The internal committed content version. Inherited from mobileLobApp |
fileName | String | The name of the main Lob application file. Inherited from mobileLobApp |
size | Int64 | The total size, including all uploaded files. Inherited from mobileLobApp |
bundleId | String | The primary bundleId of the package. |
minimumSupportedOperatingSystem | macOSMinimumOperatingSystem | ComplexType macOSMinimumOperatingSystem that indicates the minimum operating system applicable for the application. |
buildNumber | String | The build number of the package. This should match the package CFBundleShortVersionString of the .pkg file. |
versionNumber | String | The version number of the package. This should match the package CFBundleVersion in the packageinfo file. |
childApps | macOSLobChildApp collection | List of ComplexType macOSLobChildApp objects. Represents the apps expected to be installed by the package. |
md5HashChunkSize | Int32 | The chunk size for MD5 hash. This is '0' or empty if the package was uploaded directly. If the Intune App Wrapping Tool is used to create a .intunemac, this value can be found inside the Detection.xml file. |
md5Hash | String collection | The MD5 hash codes. This is empty if the package was uploaded directly. If the Intune App Wrapping Tool is used to create a .intunemac, this value can be found inside the Detection.xml file. |
ignoreVersionDetection | Boolean | When TRUE, indicates that the app's version will NOT be used to detect if the app is installed on a device. When FALSE, indicates that the app's version will be used to detect if the app is installed on a device. Set this to true for apps that use a self update feature. |
installAsManaged | Boolean | When TRUE, indicates that the app will be installed as managed (requires macOS 11.0 and other managed package restrictions). When FALSE, indicates that the app will be installed as unmanaged. |
macOSMdatpApp
Property | Type | Description |
---|---|---|
id | String | Key of the entity. Inherited from mobileApp |
displayName | String | The admin provided or imported title of the app. Inherited from mobileApp |
description | String | The description of the app. Inherited from mobileApp |
publisher | String | The publisher of the app. Inherited from mobileApp |
largeIcon | mimeContent | The large icon, to be displayed in the app details and used for upload of the icon. Inherited from mobileApp |
createdDateTime | DateTimeOffset | The date and time the app was created. Inherited from mobileApp |
lastModifiedDateTime | DateTimeOffset | The date and time the app was last modified. Inherited from mobileApp |
isFeatured | Boolean | The value indicating whether the app is marked as featured by the admin. Inherited from mobileApp |
privacyInformationUrl | String | The privacy statement Url. Inherited from mobileApp |
informationUrl | String | The more information Url. Inherited from mobileApp |
owner | String | The owner of the app. Inherited from mobileApp |
developer | String | The developer of the app. Inherited from mobileApp |
notes | String | Notes for the app. Inherited from mobileApp |
uploadState | Int32 | The upload state. Possible values are: 0 - Not Ready , 1 - Ready , 2 - Processing . Inherited from mobileApp |
publishingState | mobileAppPublishingState | The publishing state for the app. The app cannot be assigned unless the app is published. Inherited from mobileApp. Possible values are: notPublished , processing , published . |
isAssigned | Boolean | The value indicating whether the app is assigned to at least one group. Inherited from mobileApp |
roleScopeTagIds | String collection | List of scope tag ids for this mobile app. Inherited from mobileApp |
dependentAppCount | Int32 | The total number of dependencies the child app has. Inherited from mobileApp |
supersedingAppCount | Int32 | The total number of apps this app directly or indirectly supersedes. Inherited from mobileApp |
supersededAppCount | Int32 | The total number of apps this app is directly or indirectly superseded by. Inherited from mobileApp |
macOSMicrosoftDefenderApp
Property | Type | Description |
---|---|---|
id | String | Key of the entity. Inherited from mobileApp |
displayName | String | The admin provided or imported title of the app. Inherited from mobileApp |
description | String | The description of the app. Inherited from mobileApp |
publisher | String | The publisher of the app. Inherited from mobileApp |
largeIcon | mimeContent | The large icon, to be displayed in the app details and used for upload of the icon. Inherited from mobileApp |
createdDateTime | DateTimeOffset | The date and time the app was created. Inherited from mobileApp |
lastModifiedDateTime | DateTimeOffset | The date and time the app was last modified. Inherited from mobileApp |
isFeatured | Boolean | The value indicating whether the app is marked as featured by the admin. Inherited from mobileApp |
privacyInformationUrl | String | The privacy statement Url. Inherited from mobileApp |
informationUrl | String | The more information Url. Inherited from mobileApp |
owner | String | The owner of the app. Inherited from mobileApp |
developer | String | The developer of the app. Inherited from mobileApp |
notes | String | Notes for the app. Inherited from mobileApp |
publishingState | mobileAppPublishingState | The publishing state for the app. The app cannot be assigned unless the app is published. Inherited from mobileApp. Possible values are: notPublished , processing , published . |
macOSMicrosoftEdgeApp
Property | Type | Description |
---|---|---|
id | String | Key of the entity. Inherited from mobileApp |
displayName | String | The admin provided or imported title of the app. Inherited from mobileApp |
description | String | The description of the app. Inherited from mobileApp |
publisher | String | The publisher of the app. Inherited from mobileApp |
largeIcon | mimeContent | The large icon, to be displayed in the app details and used for upload of the icon. Inherited from mobileApp |
createdDateTime | DateTimeOffset | The date and time the app was created. Inherited from mobileApp |
lastModifiedDateTime | DateTimeOffset | The date and time the app was last modified. Inherited from mobileApp |
isFeatured | Boolean | The value indicating whether the app is marked as featured by the admin. Inherited from mobileApp |
privacyInformationUrl | String | The privacy statement Url. Inherited from mobileApp |
informationUrl | String | The more information Url. Inherited from mobileApp |
owner | String | The owner of the app. Inherited from mobileApp |
developer | String | The developer of the app. Inherited from mobileApp |
notes | String | Notes for the app. Inherited from mobileApp |
publishingState | mobileAppPublishingState | The publishing state for the app. The app cannot be assigned unless the app is published. Inherited from mobileApp. Possible values are: notPublished , processing , published . |
channel | microsoftEdgeChannel | The channel to install on target devices. Possible values are: dev , beta , stable , unknownFutureValue . |
macOSOfficeSuiteApp
Property | Type | Description |
---|---|---|
id | String | Key of the entity. Inherited from mobileApp |
displayName | String | The admin provided or imported title of the app. Inherited from mobileApp |
description | String | The description of the app. Inherited from mobileApp |
publisher | String | The publisher of the app. Inherited from mobileApp |
largeIcon | mimeContent | The large icon, to be displayed in the app details and used for upload of the icon. Inherited from mobileApp |
createdDateTime | DateTimeOffset | The date and time the app was created. Inherited from mobileApp |
lastModifiedDateTime | DateTimeOffset | The date and time the app was last modified. Inherited from mobileApp |
isFeatured | Boolean | The value indicating whether the app is marked as featured by the admin. Inherited from mobileApp |
privacyInformationUrl | String | The privacy statement Url. Inherited from mobileApp |
informationUrl | String | The more information Url. Inherited from mobileApp |
owner | String | The owner of the app. Inherited from mobileApp |
developer | String | The developer of the app. Inherited from mobileApp |
notes | String | Notes for the app. Inherited from mobileApp |
publishingState | mobileAppPublishingState | The publishing state for the app. The app cannot be assigned unless the app is published. Inherited from mobileApp. Possible values are: notPublished , processing , published . |
macOSPkgApp
Property | Type | Description |
---|---|---|
id | String | Key of the entity. Inherited from mobileApp |
displayName | String | The admin provided or imported title of the app. Inherited from mobileApp |
description | String | The description of the app. Inherited from mobileApp |
publisher | String | The publisher of the app. Inherited from mobileApp |
largeIcon | mimeContent | The large icon, to be displayed in the app details and used for upload of the icon. Inherited from mobileApp |
createdDateTime | DateTimeOffset | The date and time the app was created. Inherited from mobileApp |
lastModifiedDateTime | DateTimeOffset | The date and time the app was last modified. Inherited from mobileApp |
isFeatured | Boolean | The value indicating whether the app is marked as featured by the admin. Inherited from mobileApp |
privacyInformationUrl | String | The privacy statement Url. Inherited from mobileApp |
informationUrl | String | The more information Url. Inherited from mobileApp |
owner | String | The owner of the app. Inherited from mobileApp |
developer | String | The developer of the app. Inherited from mobileApp |
notes | String | Notes for the app. Inherited from mobileApp |
uploadState | Int32 | The upload state. Possible values are: 0 - Not Ready , 1 - Ready , 2 - Processing . Inherited from mobileApp |
publishingState | mobileAppPublishingState | The publishing state for the app. The app cannot be assigned unless the app is published. Inherited from mobileApp. Possible values are: notPublished , processing , published . |
isAssigned | Boolean | The value indicating whether the app is assigned to at least one group. Inherited from mobileApp |
roleScopeTagIds | String collection | List of scope tag ids for this mobile app. Inherited from mobileApp |
dependentAppCount | Int32 | The total number of dependencies the child app has. Inherited from mobileApp |
supersedingAppCount | Int32 | The total number of apps this app directly or indirectly supersedes. Inherited from mobileApp |
supersededAppCount | Int32 | The total number of apps this app is directly or indirectly superseded by. Inherited from mobileApp |
committedContentVersion | String | The internal committed content version. Inherited from mobileLobApp |
fileName | String | The name of the main Lob application file. Inherited from mobileLobApp |
size | Int64 | The total size, including all uploaded files. Inherited from mobileLobApp |
primaryBundleId | String | The primary CFBundleIdentifier of the .pkg. |
primaryBundleVersion | String | The primary CFBundleVersion of the .pkg. |
includedApps | macOSIncludedApp collection | The list of apps expected to be installed by the .pkg. |
ignoreVersionDetection | Boolean | A value indicating whether the app's version will be used to detect the app after it is installed on a device. Set this to true for apps that use a self-update feature. Set this to false to install the app when it is not already installed on the device, or if the deploying app's version number does not match the version that's already installed on the device. The default value is false. |
minimumSupportedOperatingSystem | macOSMinimumOperatingSystem | The value for the minimum applicable operating system. |
macOsVppApp
Property | Type | Description |
---|---|---|
id | String | Key of the entity. Inherited from mobileApp |
displayName | String | The admin provided or imported title of the app. Inherited from mobileApp |
description | String | The description of the app. Inherited from mobileApp |
publisher | String | The publisher of the app. Inherited from mobileApp |
largeIcon | mimeContent | The large icon, to be displayed in the app details and used for upload of the icon. Inherited from mobileApp |
createdDateTime | DateTimeOffset | The date and time the app was created. Inherited from mobileApp |
lastModifiedDateTime | DateTimeOffset | The date and time the app was last modified. Inherited from mobileApp |
isFeatured | Boolean | The value indicating whether the app is marked as featured by the admin. Inherited from mobileApp |
privacyInformationUrl | String | The privacy statement Url. Inherited from mobileApp |
informationUrl | String | The more information Url. Inherited from mobileApp |
owner | String | The owner of the app. Inherited from mobileApp |
developer | String | The developer of the app. Inherited from mobileApp |
notes | String | Notes for the app. Inherited from mobileApp |
uploadState | Int32 | The upload state. Possible values are: 0 - Not Ready , 1 - Ready , 2 - Processing . Inherited from mobileApp |
publishingState | mobileAppPublishingState | The publishing state for the app. The app cannot be assigned unless the app is published. Inherited from mobileApp. Possible values are: notPublished , processing , published . |
isAssigned | Boolean | The value indicating whether the app is assigned to at least one group. Inherited from mobileApp |
roleScopeTagIds | String collection | List of scope tag ids for this mobile app. Inherited from mobileApp |
dependentAppCount | Int32 | The total number of dependencies the child app has. Inherited from mobileApp |
supersedingAppCount | Int32 | The total number of apps this app directly or indirectly supersedes. Inherited from mobileApp |
supersededAppCount | Int32 | The total number of apps this app is directly or indirectly superseded by. Inherited from mobileApp |
usedLicenseCount | Int32 | The number of VPP licenses in use. |
totalLicenseCount | Int32 | The total number of VPP licenses. |
releaseDateTime | DateTimeOffset | The VPP application release date and time. |
appStoreUrl | String | The store URL. |
licensingType | vppLicensingType | The supported License Type. |
vppTokenOrganizationName | String | The organization associated with the Apple Volume Purchase Program Token |
vppTokenAccountType | vppTokenAccountType | The type of volume purchase program which the given Apple Volume Purchase Program Token is associated with. Possible values are: business , education . Possible values are: business , education . |
vppTokenAppleId | String | The Apple Id associated with the given Apple Volume Purchase Program Token. |
bundleId | String | The Identity Name. |
vppTokenId | String | Identifier of the VPP token associated with this app. |
revokeLicenseActionResults | macOsVppAppRevokeLicensesActionResult collection | Results of revoke license actions on this app. |
macOsVppAppAssignedLicense
Property | Type | Description |
---|---|---|
id | String | Key of the entity. |
userEmailAddress | String | The user email address. |
userId | String | The user ID. |
userName | String | The user name. |
userPrincipalName | String | The user principal name. |
macOSWebClip
Property | Type | Description |
---|---|---|
id | String | Key of the entity. Inherited from mobileApp |
displayName | String | The admin provided or imported title of the app. Inherited from mobileApp |
description | String | The description of the app. Inherited from mobileApp |
publisher | String | The publisher of the app. Inherited from mobileApp |
largeIcon | mimeContent | The large icon, to be displayed in the app details and used for upload of the icon. Inherited from mobileApp |
createdDateTime | DateTimeOffset | The date and time the app was created. Inherited from mobileApp |
lastModifiedDateTime | DateTimeOffset | The date and time the app was last modified. Inherited from mobileApp |
isFeatured | Boolean | The value indicating whether the app is marked as featured by the admin. Inherited from mobileApp |
privacyInformationUrl | String | The privacy statement Url. Inherited from mobileApp |
informationUrl | String | The more information Url. Inherited from mobileApp |
owner | String | The owner of the app. Inherited from mobileApp |
developer | String | The developer of the app. Inherited from mobileApp |
notes | String | Notes for the app. Inherited from mobileApp |
uploadState | Int32 | The upload state. Possible values are: 0 - Not Ready , 1 - Ready , 2 - Processing . Inherited from mobileApp |
publishingState | mobileAppPublishingState | The publishing state for the app. The app cannot be assigned unless the app is published. Inherited from mobileApp. Possible values are: notPublished , processing , published . |
isAssigned | Boolean | The value indicating whether the app is assigned to at least one group. Inherited from mobileApp |
roleScopeTagIds | String collection | List of scope tag ids for this mobile app. Inherited from mobileApp |
dependentAppCount | Int32 | The total number of dependencies the child app has. Inherited from mobileApp |
supersedingAppCount | Int32 | The total number of apps this app directly or indirectly supersedes. Inherited from mobileApp |
supersededAppCount | Int32 | The total number of apps this app is directly or indirectly superseded by. Inherited from mobileApp |
appUrl | String | The web app URL starting with http:// or https://, such as https://learn.microsoft.com/mem/.| |
fullScreenEnabled | Boolean | Whether or not to open the web clip as a full-screen web app. Defaults to false. If TRUE, opens the web clip as a full-screen web app. If FALSE, the web clip opens inside of another app. |
preComposedIconEnabled | Boolean | Whether or not the icon for the app is precomosed. Defaults to false. If TRUE, prevents SpringBoard from adding "shine" to the icon. If FALSE, SpringBoard can add "shine". |
managedAndroidLobApp
Property | Type | Description |
---|---|---|
id | String | Key of the entity. Inherited from mobileApp |
displayName | String | The admin provided or imported title of the app. Inherited from mobileApp |
description | String | The description of the app. Inherited from mobileApp |
publisher | String | The publisher of the app. Inherited from mobileApp |
largeIcon | mimeContent | The large icon, to be displayed in the app details and used for upload of the icon. Inherited from mobileApp |
createdDateTime | DateTimeOffset | The date and time the app was created. Inherited from mobileApp |
lastModifiedDateTime | DateTimeOffset | The date and time the app was last modified. Inherited from mobileApp |
isFeatured | Boolean | The value indicating whether the app is marked as featured by the admin. Inherited from mobileApp |
privacyInformationUrl | String | The privacy statement Url. Inherited from mobileApp |
informationUrl | String | The more information Url. Inherited from mobileApp |
owner | String | The owner of the app. Inherited from mobileApp |
developer | String | The developer of the app. Inherited from mobileApp |
notes | String | Notes for the app. Inherited from mobileApp |
publishingState | mobileAppPublishingState | The publishing state for the app. The app cannot be assigned unless the app is published. Inherited from mobileApp. Possible values are: notPublished , processing , published . |
appAvailability | managedAppAvailability | The Application's availability. Inherited from managedApp. Possible values are: global , lineOfBusiness . |
version | String | The Application's version. Inherited from managedApp |
committedContentVersion | String | The internal committed content version. Inherited from managedMobileLobApp |
fileName | String | The name of the main Lob application file. Inherited from managedMobileLobApp |
size | Int64 | The total size, including all uploaded files. Inherited from managedMobileLobApp |
packageId | String | The package identifier. |
minimumSupportedOperatingSystem | androidMinimumOperatingSystem | The value for the minimum applicable operating system. |
versionName | String | The version name of managed Android Line of Business (LoB) app. |
versionCode | String | The version code of managed Android Line of Business (LoB) app. |
managedAndroidStoreApp
Property | Type | Description |
---|---|---|
id | String | Key of the entity. Inherited from mobileApp |
displayName | String | The admin provided or imported title of the app. Inherited from mobileApp |
description | String | The description of the app. Inherited from mobileApp |
publisher | String | The publisher of the app. Inherited from mobileApp |
largeIcon | mimeContent | The large icon, to be displayed in the app details and used for upload of the icon. Inherited from mobileApp |
createdDateTime | DateTimeOffset | The date and time the app was created. Inherited from mobileApp |
lastModifiedDateTime | DateTimeOffset | The date and time the app was last modified. Inherited from mobileApp |
isFeatured | Boolean | The value indicating whether the app is marked as featured by the admin. Inherited from mobileApp |
privacyInformationUrl | String | The privacy statement Url. Inherited from mobileApp |
informationUrl | String | The more information Url. Inherited from mobileApp |
owner | String | The owner of the app. Inherited from mobileApp |
developer | String | The developer of the app. Inherited from mobileApp |
notes | String | Notes for the app. Inherited from mobileApp |
publishingState | mobileAppPublishingState | The publishing state for the app. The app cannot be assigned unless the app is published. Inherited from mobileApp. Possible values are: notPublished , processing , published . |
appAvailability | managedAppAvailability | The Application's availability. Inherited from managedApp. Possible values are: global , lineOfBusiness . |
version | String | The Application's version. Inherited from managedApp |
packageId | String | The app's package ID. |
appStoreUrl | String | The Android AppStoreUrl. |
minimumSupportedOperatingSystem | androidMinimumOperatingSystem | The value for the minimum supported operating system. |
managedApp
Property | Type | Description |
---|---|---|
id | String | Key of the entity. Inherited from mobileApp |
displayName | String | The admin provided or imported title of the app. Inherited from mobileApp |
description | String | The description of the app. Inherited from mobileApp |
publisher | String | The publisher of the app. Inherited from mobileApp |
largeIcon | mimeContent | The large icon, to be displayed in the app details and used for upload of the icon. Inherited from mobileApp |
createdDateTime | DateTimeOffset | The date and time the app was created. Inherited from mobileApp |
lastModifiedDateTime | DateTimeOffset | The date and time the app was last modified. Inherited from mobileApp |
isFeatured | Boolean | The value indicating whether the app is marked as featured by the admin. Inherited from mobileApp |
privacyInformationUrl | String | The privacy statement Url. Inherited from mobileApp |
informationUrl | String | The more information Url. Inherited from mobileApp |
owner | String | The owner of the app. Inherited from mobileApp |
developer | String | The developer of the app. Inherited from mobileApp |
notes | String | Notes for the app. Inherited from mobileApp |
publishingState | mobileAppPublishingState | The publishing state for the app. The app cannot be assigned unless the app is published. Inherited from mobileApp. Possible values are: notPublished , processing , published . |
appAvailability | managedAppAvailability | The Application's availability. Possible values are: global , lineOfBusiness . |
version | String | The Application's version. |
managedDeviceMobileAppConfiguration
Property | Type | Description |
---|---|---|
id | String | Key of the entity. |
targetedMobileApps | String collection | the associated app. |
createdDateTime | DateTimeOffset | DateTime the object was created. |
description | String | Admin provided description of the Device Configuration. |
lastModifiedDateTime | DateTimeOffset | DateTime the object was last modified. |
displayName | String | Admin provided name of the device configuration. |
version | Int32 | Version of the device configuration. |
managedDeviceMobileAppConfigurationAssignment
Property | Type | Description |
---|---|---|
id | String | Unique identifier of the entity. |
target | deviceAndAppManagementAssignmentTarget | Assignment target that the T&C policy is assigned to. |
managedDeviceMobileAppConfigurationDeviceStatus
Property | Type | Description |
---|---|---|
id | String | Key of the entity. |
deviceDisplayName | String | Device name of the DevicePolicyStatus. |
userName | String | The User Name that is being reported |
deviceModel | String | The device model that is being reported |
complianceGracePeriodExpirationDateTime | DateTimeOffset | The DateTime when device compliance grace period expires |
status | complianceStatus | Compliance status of the policy report. Possible values are: unknown , notApplicable , compliant , remediated , nonCompliant , error , conflict , notAssigned . |
lastReportedDateTime | DateTimeOffset | Last modified date time of the policy report. |
userPrincipalName | String | UserPrincipalName. |
managedDeviceMobileAppConfigurationDeviceSummary
Property | Type | Description |
---|---|---|
id | String | Key of the entity. |
pendingCount | Int32 | Number of pending devices |
notApplicableCount | Int32 | Number of not applicable devices |
successCount | Int32 | Number of succeeded devices |
errorCount | Int32 | Number of error devices |
failedCount | Int32 | Number of failed devices |
lastUpdateDateTime | DateTimeOffset | Last update time |
configurationVersion | Int32 | Version of the policy for that overview |
managedDeviceMobileAppConfigurationUserStatus
Property | Type | Description |
---|---|---|
id | String | Key of the entity. |
userDisplayName | String | User name of the DevicePolicyStatus. |
devicesCount | Int32 | Devices count for that user. |
status | complianceStatus | Compliance status of the policy report. Possible values are: unknown , notApplicable , compliant , remediated , nonCompliant , error , conflict , notAssigned . |
lastReportedDateTime | DateTimeOffset | Last modified date time of the policy report. |
userPrincipalName | String | UserPrincipalName. |
managedDeviceMobileAppConfigurationUserSummary
Property | Type | Description |
---|---|---|
id | String | Key of the entity. |
pendingCount | Int32 | Number of pending Users |
notApplicableCount | Int32 | Number of not applicable users |
successCount | Int32 | Number of succeeded Users |
errorCount | Int32 | Number of error Users |
failedCount | Int32 | Number of failed Users |
lastUpdateDateTime | DateTimeOffset | Last update time |
configurationVersion | Int32 | Version of the policy for that overview |
managedIOSLobApp
Property | Type | Description |
---|---|---|
id | String | Key of the entity. Inherited from mobileApp |
displayName | String | The admin provided or imported title of the app. Inherited from mobileApp |
description | String | The description of the app. Inherited from mobileApp |
publisher | String | The publisher of the app. Inherited from mobileApp |
largeIcon | mimeContent | The large icon, to be displayed in the app details and used for upload of the icon. Inherited from mobileApp |
createdDateTime | DateTimeOffset | The date and time the app was created. Inherited from mobileApp |
lastModifiedDateTime | DateTimeOffset | The date and time the app was last modified. Inherited from mobileApp |
isFeatured | Boolean | The value indicating whether the app is marked as featured by the admin. Inherited from mobileApp |
privacyInformationUrl | String | The privacy statement Url. Inherited from mobileApp |
informationUrl | String | The more information Url. Inherited from mobileApp |
owner | String | The owner of the app. Inherited from mobileApp |
developer | String | The developer of the app. Inherited from mobileApp |
notes | String | Notes for the app. Inherited from mobileApp |
publishingState | mobileAppPublishingState | The publishing state for the app. The app cannot be assigned unless the app is published. Inherited from mobileApp. Possible values are: notPublished , processing , published . |
appAvailability | managedAppAvailability | The Application's availability. Inherited from managedApp. Possible values are: global , lineOfBusiness . |
version | String | The Application's version. Inherited from managedApp |
committedContentVersion | String | The internal committed content version. Inherited from managedMobileLobApp |
fileName | String | The name of the main Lob application file. Inherited from managedMobileLobApp |
size | Int64 | The total size, including all uploaded files. Inherited from managedMobileLobApp |
bundleId | String | The Identity Name. |
applicableDeviceType | iosDeviceType | The iOS architecture for which this app can run on. |
minimumSupportedOperatingSystem | iosMinimumOperatingSystem | The value for the minimum applicable operating system. |
expirationDateTime | DateTimeOffset | The expiration time. |
versionNumber | String | The version number of managed iOS Line of Business (LoB) app. |
buildNumber | String | The build number of managed iOS Line of Business (LoB) app. |
managedIOSStoreApp
Property | Type | Description |
---|---|---|
id | String | Key of the entity. Inherited from mobileApp |
displayName | String | The admin provided or imported title of the app. Inherited from mobileApp |
description | String | The description of the app. Inherited from mobileApp |
publisher | String | The publisher of the app. Inherited from mobileApp |
largeIcon | mimeContent | The large icon, to be displayed in the app details and used for upload of the icon. Inherited from mobileApp |
createdDateTime | DateTimeOffset | The date and time the app was created. Inherited from mobileApp |
lastModifiedDateTime | DateTimeOffset | The date and time the app was last modified. Inherited from mobileApp |
isFeatured | Boolean | The value indicating whether the app is marked as featured by the admin. Inherited from mobileApp |
privacyInformationUrl | String | The privacy statement Url. Inherited from mobileApp |
informationUrl | String | The more information Url. Inherited from mobileApp |
owner | String | The owner of the app. Inherited from mobileApp |
developer | String | The developer of the app. Inherited from mobileApp |
notes | String | Notes for the app. Inherited from mobileApp |
publishingState | mobileAppPublishingState | The publishing state for the app. The app cannot be assigned unless the app is published. Inherited from mobileApp. Possible values are: notPublished , processing , published . |
appAvailability | managedAppAvailability | The Application's availability. Inherited from managedApp. Possible values are: global , lineOfBusiness . |
version | String | The Application's version. Inherited from managedApp |
bundleId | String | The app's Bundle ID. |
appStoreUrl | String | The Apple AppStoreUrl. |
applicableDeviceType | iosDeviceType | The iOS architecture for which this app can run on. |
minimumSupportedOperatingSystem | iosMinimumOperatingSystem | The value for the minimum supported operating system. |
managedMobileLobApp
Property | Type | Description |
---|---|---|
id | String | Key of the entity. Inherited from mobileApp |
displayName | String | The admin provided or imported title of the app. Inherited from mobileApp |
description | String | The description of the app. Inherited from mobileApp |
publisher | String | The publisher of the app. Inherited from mobileApp |
largeIcon | mimeContent | The large icon, to be displayed in the app details and used for upload of the icon. Inherited from mobileApp |
createdDateTime | DateTimeOffset | The date and time the app was created. Inherited from mobileApp |
lastModifiedDateTime | DateTimeOffset | The date and time the app was last modified. Inherited from mobileApp |
isFeatured | Boolean | The value indicating whether the app is marked as featured by the admin. Inherited from mobileApp |
privacyInformationUrl | String | The privacy statement Url. Inherited from mobileApp |
informationUrl | String | The more information Url. Inherited from mobileApp |
owner | String | The owner of the app. Inherited from mobileApp |
developer | String | The developer of the app. Inherited from mobileApp |
notes | String | Notes for the app. Inherited from mobileApp |
publishingState | mobileAppPublishingState | The publishing state for the app. The app cannot be assigned unless the app is published. Inherited from mobileApp. Possible values are: notPublished , processing , published . |
appAvailability | managedAppAvailability | The Application's availability. Inherited from managedApp. Possible values are: global , lineOfBusiness . |
version | String | The Application's version. Inherited from managedApp |
committedContentVersion | String | The internal committed content version. |
fileName | String | The name of the main Lob application file. |
size | Int64 | The total size, including all uploaded files. |
microsoftStoreForBusinessApp
Property | Type | Description |
---|---|---|
id | String | Key of the entity. Inherited from mobileApp |
displayName | String | The admin provided or imported title of the app. Inherited from mobileApp |
description | String | The description of the app. Inherited from mobileApp |
publisher | String | The publisher of the app. Inherited from mobileApp |
largeIcon | mimeContent | The large icon, to be displayed in the app details and used for upload of the icon. Inherited from mobileApp |
createdDateTime | DateTimeOffset | The date and time the app was created. Inherited from mobileApp |
lastModifiedDateTime | DateTimeOffset | The date and time the app was last modified. Inherited from mobileApp |
isFeatured | Boolean | The value indicating whether the app is marked as featured by the admin. Inherited from mobileApp |
privacyInformationUrl | String | The privacy statement Url. Inherited from mobileApp |
informationUrl | String | The more information Url. Inherited from mobileApp |
owner | String | The owner of the app. Inherited from mobileApp |
developer | String | The developer of the app. Inherited from mobileApp |
notes | String | Notes for the app. Inherited from mobileApp |
publishingState | mobileAppPublishingState | The publishing state for the app. The app cannot be assigned unless the app is published. Inherited from mobileApp. Possible values are: notPublished , processing , published . |
usedLicenseCount | Int32 | The number of Microsoft Store for Business licenses in use. |
totalLicenseCount | Int32 | The total number of Microsoft Store for Business licenses. |
productKey | String | The app product key |
licenseType | microsoftStoreForBusinessLicenseType | The app license type. Possible values are: offline , online . |
packageIdentityName | String | The app package identifier |
microsoftStoreForBusinessContainedApp
Property | Type | Description |
---|---|---|
id | String | Key of the entity. Inherited from mobileContainedApp |
appUserModelId | String | The app user model ID of the contained app of a MicrosoftStoreForBusinessApp. |
mobileAppAssignment
Property | Type | Description |
---|---|---|
id | String | Key of the entity. |
intent | installIntent | The install intent defined by the admin. Possible values are: available , required , uninstall , availableWithoutEnrollment . |
target | deviceAndAppManagementAssignmentTarget | The target group assignment defined by the admin. |
settings | mobileAppAssignmentSettings | The settings for target assignment defined by the admin. |
mobileAppCategory
Property | Type | Description |
---|---|---|
id | String | The key of the entity. |
displayName | String | The name of the app category. |
lastModifiedDateTime | DateTimeOffset | The date and time the mobileAppCategory was last modified. |
mobileAppContent
Property | Type | Description |
---|---|---|
id | String | The app content version. |
mobileAppContentFile
Property | Type | Description |
---|---|---|
azureStorageUri | String | The Azure Storage URI. |
isCommitted | Boolean | A value indicating whether the file is committed. |
id | String | The File Id. |
createdDateTime | DateTimeOffset | The time the file was created. |
name | String | the file name. |
size | Int64 | The size of the file prior to encryption. |
sizeEncrypted | Int64 | The size of the file after encryption. |
azureStorageUriExpirationDateTime | DateTimeOffset | The time the Azure storage Uri expires. |
manifest | Binary | The manifest information. |
uploadState | mobileAppContentFileUploadState | The state of the current upload request. Possible values are: success , transientError , error , unknown , azureStorageUriRequestSuccess , azureStorageUriRequestPending , azureStorageUriRequestFailed , azureStorageUriRequestTimedOut , azureStorageUriRenewalSuccess , azureStorageUriRenewalPending , azureStorageUriRenewalFailed , azureStorageUriRenewalTimedOut , commitFileSuccess , commitFilePending , commitFileFailed , commitFileTimedOut . |
mobileAppDependency
Property | Type | Description |
---|---|---|
id | String | The relationship entity id. Inherited from mobileAppRelationship |
targetId | String | The target mobile app's app id. Inherited from mobileAppRelationship |
targetDisplayName | String | The target mobile app's display name. Inherited from mobileAppRelationship |
targetDisplayVersion | String | The target mobile app's display version. Inherited from mobileAppRelationship |
targetPublisher | String | The target mobile app's publisher. Inherited from mobileAppRelationship |
targetType | mobileAppRelationshipType | The type of relationship indicating whether the target is a parent or child. Inherited from mobileAppRelationship. Possible values are: child , parent . |
dependencyType | mobileAppDependencyType | The type of dependency relationship between the parent and child apps. Possible values are: detect , autoInstall . |
dependentAppCount | Int32 | The total number of apps that directly or indirectly depend on the parent app. |
dependsOnAppCount | Int32 | The total number of apps the child app directly or indirectly depends on. |
mobileAppProvisioningConfigGroupAssignment
Property | Type | Description |
---|---|---|
targetGroupId | String | The ID of the AAD group in which the app provisioning configuration is being targeted. |
id | String | Key of the entity. |
mobileAppPublishingConstraints
Property | Type | Description |
---|---|---|
win32LobAppConstraints | win32LobAppPublishingConstraints | Contains properties for Win32 LOB app publishing constraints. |
mobileAppRelationship
Property | Type | Description |
---|---|---|
id | String | The relationship entity id. |
targetId | String | The target mobile app's app id. |
targetDisplayName | String | The target mobile app's display name. |
targetDisplayVersion | String | The target mobile app's display version. |
targetPublisher | String | The target mobile app's publisher. |
targetType | mobileAppRelationshipType | The type of relationship indicating whether the target is a parent or child. Possible values are: child , parent . |
mobileAppSupersedence
Property | Type | Description |
---|---|---|
id | String | The relationship entity id. Inherited from mobileAppRelationship |
targetId | String | The target mobile app's app id. Inherited from mobileAppRelationship |
targetDisplayName | String | The target mobile app's display name. Inherited from mobileAppRelationship |
targetDisplayVersion | String | The target mobile app's display version. Inherited from mobileAppRelationship |
targetPublisher | String | The target mobile app's publisher. Inherited from mobileAppRelationship |
targetType | mobileAppRelationshipType | The type of relationship indicating whether the target is a parent or child. Inherited from mobileAppRelationship. Possible values are: child , parent . |
supersedenceType | mobileAppSupersedenceType | The supersedence relationship type between the parent and child apps. Possible values are: update , replace . |
supersededAppCount | Int32 | The total number of apps directly or indirectly superseded by the child app. |
supersedingAppCount | Int32 | The total number of apps directly or indirectly superseding the parent app. |
mobileContainedApp
Property | Type | Description |
---|---|---|
id | String | Key of the entity. |
mobileLobApp
Property | Type | Description |
---|---|---|
id | String | Key of the entity. Inherited from mobileApp |
displayName | String | The admin provided or imported title of the app. Inherited from mobileApp |
description | String | The description of the app. Inherited from mobileApp |
publisher | String | The publisher of the app. Inherited from mobileApp |
largeIcon | mimeContent | The large icon, to be displayed in the app details and used for upload of the icon. Inherited from mobileApp |
createdDateTime | DateTimeOffset | The date and time the app was created. Inherited from mobileApp |
lastModifiedDateTime | DateTimeOffset | The date and time the app was last modified. Inherited from mobileApp |
isFeatured | Boolean | The value indicating whether the app is marked as featured by the admin. Inherited from mobileApp |
privacyInformationUrl | String | The privacy statement Url. Inherited from mobileApp |
informationUrl | String | The more information Url. Inherited from mobileApp |
owner | String | The owner of the app. Inherited from mobileApp |
developer | String | The developer of the app. Inherited from mobileApp |
notes | String | Notes for the app. Inherited from mobileApp |
publishingState | mobileAppPublishingState | The publishing state for the app. The app cannot be assigned unless the app is published. Inherited from mobileApp. Possible values are: notPublished , processing , published . |
committedContentVersion | String | The internal committed content version. |
fileName | String | The name of the main Lob application file. |
size | Int64 | The total size, including all uploaded files. |
officeSuiteApp
Property | Type | Description |
---|---|---|
id | String | Key of the entity. Inherited from mobileApp |
displayName | String | The admin provided or imported title of the app. Inherited from mobileApp |
description | String | The description of the app. Inherited from mobileApp |
publisher | String | The publisher of the app. Inherited from mobileApp |
largeIcon | mimeContent | The large icon, to be displayed in the app details and used for upload of the icon. Inherited from mobileApp |
createdDateTime | DateTimeOffset | The date and time the app was created. Inherited from mobileApp |
lastModifiedDateTime | DateTimeOffset | The date and time the app was last modified. Inherited from mobileApp |
isFeatured | Boolean | The value indicating whether the app is marked as featured by the admin. Inherited from mobileApp |
privacyInformationUrl | String | The privacy statement Url. Inherited from mobileApp |
informationUrl | String | The more information Url. Inherited from mobileApp |
owner | String | The owner of the app. Inherited from mobileApp |
developer | String | The developer of the app. Inherited from mobileApp |
notes | String | Notes for the app. Inherited from mobileApp |
uploadState | Int32 | The upload state. Possible values are: 0 - Not Ready , 1 - Ready , 2 - Processing . Inherited from mobileApp |
publishingState | mobileAppPublishingState | The publishing state for the app. The app cannot be assigned unless the app is published. Inherited from mobileApp. Possible values are: notPublished , processing , published . |
isAssigned | Boolean | The value indicating whether the app is assigned to at least one group. Inherited from mobileApp |
roleScopeTagIds | String collection | List of scope tag ids for this mobile app. Inherited from mobileApp |
dependentAppCount | Int32 | The total number of dependencies the child app has. Inherited from mobileApp |
supersedingAppCount | Int32 | The total number of apps this app directly or indirectly supersedes. Inherited from mobileApp |
supersededAppCount | Int32 | The total number of apps this app is directly or indirectly superseded by. Inherited from mobileApp |
autoAcceptEula | Boolean | The value to accept the EULA automatically on the enduser's device. |
productIds | officeProductId collection | The Product Ids that represent the Office365 Suite SKU. |
excludedApps | excludedApps | The property to represent the apps which are excluded from the selected Office365 Product Id. |
useSharedComputerActivation | Boolean | The property to represent that whether the shared computer activation is used not for Office365 app suite. |
updateChannel | officeUpdateChannel | The property to represent the Office365 Update Channel. Possible values are: none , current , deferred , firstReleaseCurrent , firstReleaseDeferred , monthlyEnterprise . |
officeSuiteAppDefaultFileFormat | officeSuiteDefaultFileFormatType | The property to represent the Office365 default file format type. Possible values are: notConfigured , officeOpenXMLFormat , officeOpenDocumentFormat , unknownFutureValue . |
officePlatformArchitecture | windowsArchitecture | The property to represent the Office365 app suite version. Possible values are: none , x86 , x64 , arm , neutral , arm64 . |
localesToInstall | String collection | The property to represent the locales which are installed when the apps from Office365 is installed. It uses standard RFC 6033. Ref: https://technet.microsoft.com/library/cc179219(v=office.16).aspx| |
installProgressDisplayLevel | officeSuiteInstallProgressDisplayLevel | To specify the level of display for the Installation Progress Setup UI on the Device. Possible values are: none , full . |
shouldUninstallOlderVersionsOfOffice | Boolean | The property to determine whether to uninstall existing Office MSI if an Office365 app suite is deployed to the device or not. |
targetVersion | String | The property to represent the specific target version for the Office365 app suite that should be remained deployed on the devices. |
updateVersion | String | The property to represent the update version in which the specific target version is available for the Office365 app suite. |
officeConfigurationXml | Binary | The property to represent the XML configuration file that can be specified for Office ProPlus Apps. Takes precedence over all other properties. When present, the XML configuration file will be used to create the app. |
symantecCodeSigningCertificate
Property | Type | Description |
---|---|---|
id | String | The key of the entity. |
content | Binary | The Windows Symantec Code-Signing Certificate in the raw data format. |
status | certificateStatus | The Cert Status Provisioned or not Provisioned. Possible values are: notProvisioned , provisioned . |
password | String | The Password required for .pfx file. |
subjectName | String | The Subject Name for the cert. |
subject | String | The Subject value for the cert. |
issuerName | String | The Issuer Name for the cert. |
issuer | String | The Issuer value for the cert. |
expirationDateTime | DateTimeOffset | The Cert Expiration Date. |
uploadDateTime | DateTimeOffset | The Type of the CodeSigning Cert as Symantec Cert. |
webApp
Property | Type | Description |
---|---|---|
id | String | Key of the entity. Inherited from mobileApp |
displayName | String | The admin provided or imported title of the app. Inherited from mobileApp |
description | String | The description of the app. Inherited from mobileApp |
publisher | String | The publisher of the app. Inherited from mobileApp |
largeIcon | mimeContent | The large icon, to be displayed in the app details and used for upload of the icon. Inherited from mobileApp |
createdDateTime | DateTimeOffset | The date and time the app was created. Inherited from mobileApp |
lastModifiedDateTime | DateTimeOffset | The date and time the app was last modified. Inherited from mobileApp |
isFeatured | Boolean | The value indicating whether the app is marked as featured by the admin. Inherited from mobileApp |
privacyInformationUrl | String | The privacy statement Url. Inherited from mobileApp |
informationUrl | String | The more information Url. Inherited from mobileApp |
owner | String | The owner of the app. Inherited from mobileApp |
developer | String | The developer of the app. Inherited from mobileApp |
notes | String | Notes for the app. Inherited from mobileApp |
publishingState | mobileAppPublishingState | The publishing state for the app. The app cannot be assigned unless the app is published. Inherited from mobileApp. Possible values are: notPublished , processing , published . |
appUrl | String | The web app URL. This property cannot be PATCHed. |
useManagedBrowser | Boolean | Whether or not to use managed browser. This property is only applicable for Android and IOS. |
win32LobApp
Property | Type | Description |
---|---|---|
id | String | Key of the entity. Inherited from mobileApp |
displayName | String | The admin provided or imported title of the app. Inherited from mobileApp |
description | String | The description of the app. Inherited from mobileApp |
publisher | String | The publisher of the app. Inherited from mobileApp |
largeIcon | mimeContent | The large icon, to be displayed in the app details and used for upload of the icon. Inherited from mobileApp |
createdDateTime | DateTimeOffset | The date and time the app was created. Inherited from mobileApp |
lastModifiedDateTime | DateTimeOffset | The date and time the app was last modified. Inherited from mobileApp |
isFeatured | Boolean | The value indicating whether the app is marked as featured by the admin. Inherited from mobileApp |
privacyInformationUrl | String | The privacy statement Url. Inherited from mobileApp |
informationUrl | String | The more information Url. Inherited from mobileApp |
owner | String | The owner of the app. Inherited from mobileApp |
developer | String | The developer of the app. Inherited from mobileApp |
notes | String | Notes for the app. Inherited from mobileApp |
publishingState | mobileAppPublishingState | The publishing state for the app. The app cannot be assigned unless the app is published. Inherited from mobileApp. Possible values are: notPublished , processing , published . |
committedContentVersion | String | The internal committed content version. Inherited from mobileLobApp |
fileName | String | The name of the main Lob application file. Inherited from mobileLobApp |
size | Int64 | The total size, including all uploaded files. Inherited from mobileLobApp |
installCommandLine | String | The command line to install this app |
uninstallCommandLine | String | The command line to uninstall this app |
applicableArchitectures | windowsArchitecture | The Windows architecture(s) for which this app can run on. Possible values are: none , x86 , x64 , arm , neutral . |
minimumFreeDiskSpaceInMB | Int32 | The value for the minimum free disk space which is required to install this app. |
minimumMemoryInMB | Int32 | The value for the minimum physical memory which is required to install this app. |
minimumNumberOfProcessors | Int32 | The value for the minimum number of processors which is required to install this app. |
minimumCpuSpeedInMHz | Int32 | The value for the minimum CPU speed which is required to install this app. |
rules | win32LobAppRule collection | The detection and requirement rules for this app. |
installExperience | win32LobAppInstallExperience | The install experience for this app. |
returnCodes | win32LobAppReturnCode collection | The return codes for post installation behavior. |
msiInformation | win32LobAppMsiInformation | The MSI details if this Win32 app is an MSI app. |
setupFilePath | String | The relative path of the setup file in the encrypted Win32LobApp package. |
minimumSupportedWindowsRelease | String | The value for the minimum supported windows release. |
windowsAppX
Property | Type | Description |
---|---|---|
id | String | Key of the entity. Inherited from mobileApp |
displayName | String | The admin provided or imported title of the app. Inherited from mobileApp |
description | String | The description of the app. Inherited from mobileApp |
publisher | String | The publisher of the app. Inherited from mobileApp |
largeIcon | mimeContent | The large icon, to be displayed in the app details and used for upload of the icon. Inherited from mobileApp |
createdDateTime | DateTimeOffset | The date and time the app was created. Inherited from mobileApp |
lastModifiedDateTime | DateTimeOffset | The date and time the app was last modified. Inherited from mobileApp |
isFeatured | Boolean | The value indicating whether the app is marked as featured by the admin. Inherited from mobileApp |
privacyInformationUrl | String | The privacy statement Url. Inherited from mobileApp |
informationUrl | String | The more information Url. Inherited from mobileApp |
owner | String | The owner of the app. Inherited from mobileApp |
developer | String | The developer of the app. Inherited from mobileApp |
notes | String | Notes for the app. Inherited from mobileApp |
publishingState | mobileAppPublishingState | The publishing state for the app. The app cannot be assigned unless the app is published. Inherited from mobileApp. Possible values are: notPublished , processing , published . |
committedContentVersion | String | The internal committed content version. Inherited from mobileLobApp |
fileName | String | The name of the main Lob application file. Inherited from mobileLobApp |
size | Int64 | The total size, including all uploaded files. Inherited from mobileLobApp |
applicableArchitectures | windowsArchitecture | The Windows architecture(s) on which this app can run. Possible values are: none , x86 , x64 , arm , neutral ; default value is none . Possible values are: none , x86 , x64 , arm , neutral . |
identityName | String | The identity name of the uploaded app package. For example: "Contoso.DemoApp". |
identityPublisherHash | String | The identity publisher hash of the uploaded app package. This is the hash of the publisher from the manifest. For example: "AB82CD0XYZ". |
identityResourceIdentifier | String | The identity resource identifier of the uploaded app package. For example: "TestResourceId". |
isBundle | Boolean | When TRUE, indicates that the app is a bundle. When FALSE, indicates that the app is not a bundle. By default, property is set to FALSE. |
minimumSupportedOperatingSystem | windowsMinimumOperatingSystem | The value for the minimum applicable operating system. Valid values for a WindowsAppX app include v8_0 , v8_1 and v10_0 . If the app is a bundle, the minimum supported OS has to be at least v8_1 . |
identityVersion | String | The identity version of the uploaded app package. For example: "1.0.0.0". |
windowsMicrosoftEdgeApp
Property | Type | Description |
---|---|---|
id | String | Key of the entity. Inherited from mobileApp |
displayName | String | The admin provided or imported title of the app. Inherited from mobileApp |
description | String | The description of the app. Inherited from mobileApp |
publisher | String | The publisher of the app. Inherited from mobileApp |
largeIcon | mimeContent | The large icon, to be displayed in the app details and used for upload of the icon. Inherited from mobileApp |
createdDateTime | DateTimeOffset | The date and time the app was created. Inherited from mobileApp |
lastModifiedDateTime | DateTimeOffset | The date and time the app was last modified. Inherited from mobileApp |
isFeatured | Boolean | The value indicating whether the app is marked as featured by the admin. Inherited from mobileApp |
privacyInformationUrl | String | The privacy statement Url. Inherited from mobileApp |
informationUrl | String | The more information Url. Inherited from mobileApp |
owner | String | The owner of the app. Inherited from mobileApp |
developer | String | The developer of the app. Inherited from mobileApp |
notes | String | Notes for the app. Inherited from mobileApp |
publishingState | mobileAppPublishingState | The publishing state for the app. The app cannot be assigned unless the app is published. Inherited from mobileApp. Possible values are: notPublished , processing , published . |
channel | microsoftEdgeChannel | The channel to install on target devices. The possible values are dev, beta, and stable. By default, this property is set to dev. Possible values are: dev , beta , stable , unknownFutureValue . |
displayLanguageLocale | String | The language locale to use when the Edge app displays text to the user. |
windowsMobileMSI
Property | Type | Description |
---|---|---|
id | String | Key of the entity. Inherited from mobileApp |
displayName | String | The admin provided or imported title of the app. Inherited from mobileApp |
description | String | The description of the app. Inherited from mobileApp |
publisher | String | The publisher of the app. Inherited from mobileApp |
largeIcon | mimeContent | The large icon, to be displayed in the app details and used for upload of the icon. Inherited from mobileApp |
createdDateTime | DateTimeOffset | The date and time the app was created. Inherited from mobileApp |
lastModifiedDateTime | DateTimeOffset | The date and time the app was last modified. Inherited from mobileApp |
isFeatured | Boolean | The value indicating whether the app is marked as featured by the admin. Inherited from mobileApp |
privacyInformationUrl | String | The privacy statement Url. Inherited from mobileApp |
informationUrl | String | The more information Url. Inherited from mobileApp |
owner | String | The owner of the app. Inherited from mobileApp |
developer | String | The developer of the app. Inherited from mobileApp |
notes | String | Notes for the app. Inherited from mobileApp |
publishingState | mobileAppPublishingState | The publishing state for the app. The app cannot be assigned unless the app is published. Inherited from mobileApp. Possible values are: notPublished , processing , published . |
committedContentVersion | String | The internal committed content version. Inherited from mobileLobApp |
fileName | String | The name of the main Lob application file. Inherited from mobileLobApp |
size | Int64 | The total size, including all uploaded files. Inherited from mobileLobApp |
commandLine | String | The command line. |
productCode | String | The product code. |
productVersion | String | The product version of Windows Mobile MSI Line of Business (LoB) app. |
ignoreVersionDetection | Boolean | A boolean to control whether the app's version will be used to detect the app after it is installed on a device. Set this to true for Windows Mobile MSI Line of Business (LoB) apps that use a self update feature. |
windowsPhone81AppX
Property | Type | Description |
---|---|---|
id | String | Key of the entity. Inherited from mobileApp |
displayName | String | The admin provided or imported title of the app. Inherited from mobileApp |
description | String | The description of the app. Inherited from mobileApp |
publisher | String | The publisher of the app. Inherited from mobileApp |
largeIcon | mimeContent | The large icon, to be displayed in the app details and used for upload of the icon. Inherited from mobileApp |
createdDateTime | DateTimeOffset | The date and time the app was created. Inherited from mobileApp |
lastModifiedDateTime | DateTimeOffset | The date and time the app was last modified. Inherited from mobileApp |
isFeatured | Boolean | The value indicating whether the app is marked as featured by the admin. Inherited from mobileApp |
privacyInformationUrl | String | The privacy statement Url. Inherited from mobileApp |
informationUrl | String | The more information Url. Inherited from mobileApp |
owner | String | The owner of the app. Inherited from mobileApp |
developer | String | The developer of the app. Inherited from mobileApp |
notes | String | Notes for the app. Inherited from mobileApp |
uploadState | Int32 | The upload state. Possible values are: 0 - Not Ready , 1 - Ready , 2 - Processing . Inherited from mobileApp |
publishingState | mobileAppPublishingState | The publishing state for the app. The app cannot be assigned unless the app is published. Inherited from mobileApp. Possible values are: notPublished , processing , published . |
isAssigned | Boolean | The value indicating whether the app is assigned to at least one group. Inherited from mobileApp |
roleScopeTagIds | String collection | List of scope tag ids for this mobile app. Inherited from mobileApp |
dependentAppCount | Int32 | The total number of dependencies the child app has. Inherited from mobileApp |
supersedingAppCount | Int32 | The total number of apps this app directly or indirectly supersedes. Inherited from mobileApp |
supersededAppCount | Int32 | The total number of apps this app is directly or indirectly superseded by. Inherited from mobileApp |
committedContentVersion | String | The internal committed content version. Inherited from mobileLobApp |
fileName | String | The name of the main Lob application file. Inherited from mobileLobApp |
size | Int64 | The total size, including all uploaded files. Inherited from mobileLobApp |
applicableArchitectures | windowsArchitecture | The Windows architecture(s) for which this app can run on. Possible values are: none , x86 , x64 , arm , neutral , arm64 . |
identityName | String | The Identity Name. |
identityPublisherHash | String | The Identity Publisher Hash. |
identityResourceIdentifier | String | The Identity Resource Identifier. |
minimumSupportedOperatingSystem | windowsMinimumOperatingSystem | The value for the minimum applicable operating system. |
phoneProductIdentifier | String | The Phone Product Identifier. |
phonePublisherId | String | The Phone Publisher Id. |
identityVersion | String | The identity version. |
windowsPhone81AppXBundle
Property | Type | Description |
---|---|---|
id | String | Key of the entity. Inherited from mobileApp |
displayName | String | The admin provided or imported title of the app. Inherited from mobileApp |
description | String | The description of the app. Inherited from mobileApp |
publisher | String | The publisher of the app. Inherited from mobileApp |
largeIcon | mimeContent | The large icon, to be displayed in the app details and used for upload of the icon. Inherited from mobileApp |
createdDateTime | DateTimeOffset | The date and time the app was created. Inherited from mobileApp |
lastModifiedDateTime | DateTimeOffset | The date and time the app was last modified. Inherited from mobileApp |
isFeatured | Boolean | The value indicating whether the app is marked as featured by the admin. Inherited from mobileApp |
privacyInformationUrl | String | The privacy statement Url. Inherited from mobileApp |
informationUrl | String | The more information Url. Inherited from mobileApp |
owner | String | The owner of the app. Inherited from mobileApp |
developer | String | The developer of the app. Inherited from mobileApp |
notes | String | Notes for the app. Inherited from mobileApp |
uploadState | Int32 | The upload state. Possible values are: 0 - Not Ready , 1 - Ready , 2 - Processing . Inherited from mobileApp |
publishingState | mobileAppPublishingState | The publishing state for the app. The app cannot be assigned unless the app is published. Inherited from mobileApp. Possible values are: notPublished , processing , published . |
isAssigned | Boolean | The value indicating whether the app is assigned to at least one group. Inherited from mobileApp |
roleScopeTagIds | String collection | List of scope tag ids for this mobile app. Inherited from mobileApp |
dependentAppCount | Int32 | The total number of dependencies the child app has. Inherited from mobileApp |
supersedingAppCount | Int32 | The total number of apps this app directly or indirectly supersedes. Inherited from mobileApp |
supersededAppCount | Int32 | The total number of apps this app is directly or indirectly superseded by. Inherited from mobileApp |
committedContentVersion | String | The internal committed content version. Inherited from mobileLobApp |
fileName | String | The name of the main Lob application file. Inherited from mobileLobApp |
size | Int64 | The total size, including all uploaded files. Inherited from mobileLobApp |
applicableArchitectures | windowsArchitecture | The Windows architecture(s) for which this app can run on. Inherited from windowsPhone81AppX. Possible values are: none , x86 , x64 , arm , neutral , arm64 . |
identityName | String | The Identity Name. Inherited from windowsPhone81AppX |
identityPublisherHash | String | The Identity Publisher Hash. Inherited from windowsPhone81AppX |
identityResourceIdentifier | String | The Identity Resource Identifier. Inherited from windowsPhone81AppX |
minimumSupportedOperatingSystem | windowsMinimumOperatingSystem | The value for the minimum applicable operating system. Inherited from windowsPhone81AppX |
phoneProductIdentifier | String | The Phone Product Identifier. Inherited from windowsPhone81AppX |
phonePublisherId | String | The Phone Publisher Id. Inherited from windowsPhone81AppX |
identityVersion | String | The identity version. Inherited from windowsPhone81AppX |
appXPackageInformationList | windowsPackageInformation collection | The list of AppX Package Information. |
windowsPhone81StoreApp
Property | Type | Description |
---|---|---|
id | String | Key of the entity. Inherited from mobileApp |
displayName | String | The admin provided or imported title of the app. Inherited from mobileApp |
description | String | The description of the app. Inherited from mobileApp |
publisher | String | The publisher of the app. Inherited from mobileApp |
largeIcon | mimeContent | The large icon, to be displayed in the app details and used for upload of the icon. Inherited from mobileApp |
createdDateTime | DateTimeOffset | The date and time the app was created. Inherited from mobileApp |
lastModifiedDateTime | DateTimeOffset | The date and time the app was last modified. Inherited from mobileApp |
isFeatured | Boolean | The value indicating whether the app is marked as featured by the admin. Inherited from mobileApp |
privacyInformationUrl | String | The privacy statement Url. Inherited from mobileApp |
informationUrl | String | The more information Url. Inherited from mobileApp |
owner | String | The owner of the app. Inherited from mobileApp |
developer | String | The developer of the app. Inherited from mobileApp |
notes | String | Notes for the app. Inherited from mobileApp |
uploadState | Int32 | The upload state. Possible values are: 0 - Not Ready , 1 - Ready , 2 - Processing . Inherited from mobileApp |
publishingState | mobileAppPublishingState | The publishing state for the app. The app cannot be assigned unless the app is published. Inherited from mobileApp. Possible values are: notPublished , processing , published . |
isAssigned | Boolean | The value indicating whether the app is assigned to at least one group. Inherited from mobileApp |
roleScopeTagIds | String collection | List of scope tag ids for this mobile app. Inherited from mobileApp |
dependentAppCount | Int32 | The total number of dependencies the child app has. Inherited from mobileApp |
supersedingAppCount | Int32 | The total number of apps this app directly or indirectly supersedes. Inherited from mobileApp |
supersededAppCount | Int32 | The total number of apps this app is directly or indirectly superseded by. Inherited from mobileApp |
appStoreUrl | String | The Windows Phone 8.1 app store URL. |
windowsPhoneXAP
Property | Type | Description |
---|---|---|
id | String | Key of the entity. Inherited from mobileApp |
displayName | String | The admin provided or imported title of the app. Inherited from mobileApp |
description | String | The description of the app. Inherited from mobileApp |
publisher | String | The publisher of the app. Inherited from mobileApp |
largeIcon | mimeContent | The large icon, to be displayed in the app details and used for upload of the icon. Inherited from mobileApp |
createdDateTime | DateTimeOffset | The date and time the app was created. Inherited from mobileApp |
lastModifiedDateTime | DateTimeOffset | The date and time the app was last modified. Inherited from mobileApp |
isFeatured | Boolean | The value indicating whether the app is marked as featured by the admin. Inherited from mobileApp |
privacyInformationUrl | String | The privacy statement Url. Inherited from mobileApp |
informationUrl | String | The more information Url. Inherited from mobileApp |
owner | String | The owner of the app. Inherited from mobileApp |
developer | String | The developer of the app. Inherited from mobileApp |
notes | String | Notes for the app. Inherited from mobileApp |
uploadState | Int32 | The upload state. Possible values are: 0 - Not Ready , 1 - Ready , 2 - Processing . Inherited from mobileApp |
publishingState | mobileAppPublishingState | The publishing state for the app. The app cannot be assigned unless the app is published. Inherited from mobileApp. Possible values are: notPublished , processing , published . |
isAssigned | Boolean | The value indicating whether the app is assigned to at least one group. Inherited from mobileApp |
roleScopeTagIds | String collection | List of scope tag ids for this mobile app. Inherited from mobileApp |
dependentAppCount | Int32 | The total number of dependencies the child app has. Inherited from mobileApp |
supersedingAppCount | Int32 | The total number of apps this app directly or indirectly supersedes. Inherited from mobileApp |
supersededAppCount | Int32 | The total number of apps this app is directly or indirectly superseded by. Inherited from mobileApp |
committedContentVersion | String | The internal committed content version. Inherited from mobileLobApp |
fileName | String | The name of the main Lob application file. Inherited from mobileLobApp |
size | Int64 | The total size, including all uploaded files. Inherited from mobileLobApp |
minimumSupportedOperatingSystem | windowsMinimumOperatingSystem | The value for the minimum applicable operating system. |
productIdentifier | String | The Product Identifier. |
identityVersion | String | The identity version. |
windowsStoreApp
Property | Type | Description |
---|---|---|
id | String | Key of the entity. Inherited from mobileApp |
displayName | String | The admin provided or imported title of the app. Inherited from mobileApp |
description | String | The description of the app. Inherited from mobileApp |
publisher | String | The publisher of the app. Inherited from mobileApp |
largeIcon | mimeContent | The large icon, to be displayed in the app details and used for upload of the icon. Inherited from mobileApp |
createdDateTime | DateTimeOffset | The date and time the app was created. Inherited from mobileApp |
lastModifiedDateTime | DateTimeOffset | The date and time the app was last modified. Inherited from mobileApp |
isFeatured | Boolean | The value indicating whether the app is marked as featured by the admin. Inherited from mobileApp |
privacyInformationUrl | String | The privacy statement Url. Inherited from mobileApp |
informationUrl | String | The more information Url. Inherited from mobileApp |
owner | String | The owner of the app. Inherited from mobileApp |
developer | String | The developer of the app. Inherited from mobileApp |
notes | String | Notes for the app. Inherited from mobileApp |
uploadState | Int32 | The upload state. Possible values are: 0 - Not Ready , 1 - Ready , 2 - Processing . Inherited from mobileApp |
publishingState | mobileAppPublishingState | The publishing state for the app. The app cannot be assigned unless the app is published. Inherited from mobileApp. Possible values are: notPublished , processing , published . |
isAssigned | Boolean | The value indicating whether the app is assigned to at least one group. Inherited from mobileApp |
roleScopeTagIds | String collection | List of scope tag ids for this mobile app. Inherited from mobileApp |
dependentAppCount | Int32 | The total number of dependencies the child app has. Inherited from mobileApp |
supersedingAppCount | Int32 | The total number of apps this app directly or indirectly supersedes. Inherited from mobileApp |
supersededAppCount | Int32 | The total number of apps this app is directly or indirectly superseded by. Inherited from mobileApp |
appStoreUrl | String | The Windows app store URL. |
windowsUniversalAppX
Property | Type | Description |
---|---|---|
id | String | Key of the entity. Inherited from mobileApp |
displayName | String | The admin provided or imported title of the app. Inherited from mobileApp |
description | String | The description of the app. Inherited from mobileApp |
publisher | String | The publisher of the app. Inherited from mobileApp |
largeIcon | mimeContent | The large icon, to be displayed in the app details and used for upload of the icon. Inherited from mobileApp |
createdDateTime | DateTimeOffset | The date and time the app was created. Inherited from mobileApp |
lastModifiedDateTime | DateTimeOffset | The date and time the app was last modified. Inherited from mobileApp |
isFeatured | Boolean | The value indicating whether the app is marked as featured by the admin. Inherited from mobileApp |
privacyInformationUrl | String | The privacy statement Url. Inherited from mobileApp |
informationUrl | String | The more information Url. Inherited from mobileApp |
owner | String | The owner of the app. Inherited from mobileApp |
developer | String | The developer of the app. Inherited from mobileApp |
notes | String | Notes for the app. Inherited from mobileApp |
publishingState | mobileAppPublishingState | The publishing state for the app. The app cannot be assigned unless the app is published. Inherited from mobileApp. Possible values are: notPublished , processing , published . |
committedContentVersion | String | The internal committed content version. Inherited from mobileLobApp |
fileName | String | The name of the main Lob application file. Inherited from mobileLobApp |
size | Int64 | The total size, including all uploaded files. Inherited from mobileLobApp |
applicableArchitectures | windowsArchitecture | The Windows architecture(s) for which this app can run on. Possible values are: none , x86 , x64 , arm , neutral . |
applicableDeviceTypes | windowsDeviceType | The Windows device type(s) for which this app can run on. Possible values are: none , desktop , mobile , holographic , team . |
identityName | String | The Identity Name. |
identityPublisherHash | String | The Identity Publisher Hash. |
identityResourceIdentifier | String | The Identity Resource Identifier. |
isBundle | Boolean | Whether or not the app is a bundle. |
minimumSupportedOperatingSystem | windowsMinimumOperatingSystem | The value for the minimum applicable operating system. |
identityVersion | String | The identity version. |
windowsUniversalAppXContainedApp
Property | Type | Description |
---|---|---|
id | String | Key of the entity. Inherited from mobileContainedApp |
appUserModelId | String | The app user model ID of the contained app of a WindowsUniversalAppX app. |
windowsWebApp
Property | Type | Description |
---|---|---|
id | String | Key of the entity. Inherited from mobileApp |
displayName | String | The admin provided or imported title of the app. Inherited from mobileApp |
description | String | The description of the app. Inherited from mobileApp |
publisher | String | The publisher of the app. Inherited from mobileApp |
largeIcon | mimeContent | The large icon, to be displayed in the app details and used for upload of the icon. Inherited from mobileApp |
createdDateTime | DateTimeOffset | The date and time the app was created. Inherited from mobileApp |
lastModifiedDateTime | DateTimeOffset | The date and time the app was last modified. Inherited from mobileApp |
isFeatured | Boolean | The value indicating whether the app is marked as featured by the admin. Inherited from mobileApp |
privacyInformationUrl | String | The privacy statement Url. Inherited from mobileApp |
informationUrl | String | The more information Url. Inherited from mobileApp |
owner | String | The owner of the app. Inherited from mobileApp |
developer | String | The developer of the app. Inherited from mobileApp |
notes | String | Notes for the app. Inherited from mobileApp |
publishingState | mobileAppPublishingState | The publishing state for the app. The app cannot be assigned unless the app is published. Inherited from mobileApp. Possible values are: notPublished , processing , published . |
appUrl | String | Indicates the Windows web app URL. Example: "https://www.contoso.com" |
winGetApp
Property | Type | Description |
---|---|---|
id | String | Key of the entity. Inherited from mobileApp |
displayName | String | The admin provided or imported title of the app. Inherited from mobileApp |
description | String | The description of the app. Inherited from mobileApp |
publisher | String | The publisher of the app. Inherited from mobileApp |
largeIcon | mimeContent | The large icon, to be displayed in the app details and used for upload of the icon. Inherited from mobileApp |
createdDateTime | DateTimeOffset | The date and time the app was created. Inherited from mobileApp |
lastModifiedDateTime | DateTimeOffset | The date and time the app was last modified. Inherited from mobileApp |
isFeatured | Boolean | The value indicating whether the app is marked as featured by the admin. Inherited from mobileApp |
privacyInformationUrl | String | The privacy statement Url. Inherited from mobileApp |
informationUrl | String | The more information Url. Inherited from mobileApp |
owner | String | The owner of the app. Inherited from mobileApp |
developer | String | The developer of the app. Inherited from mobileApp |
notes | String | Notes for the app. Inherited from mobileApp |
uploadState | Int32 | The upload state. Possible values are: 0 - Not Ready , 1 - Ready , 2 - Processing . Inherited from mobileApp |
publishingState | mobileAppPublishingState | The publishing state for the app. The app cannot be assigned unless the app is published. Inherited from mobileApp. Possible values are: notPublished , processing , published . |
isAssigned | Boolean | The value indicating whether the app is assigned to at least one group. Inherited from mobileApp |
roleScopeTagIds | String collection | List of scope tag ids for this mobile app. Inherited from mobileApp |
dependentAppCount | Int32 | The total number of dependencies the child app has. Inherited from mobileApp |
supersedingAppCount | Int32 | The total number of apps this app directly or indirectly supersedes. Inherited from mobileApp |
supersededAppCount | Int32 | The total number of apps this app is directly or indirectly superseded by. Inherited from mobileApp |
manifestHash | String | Hash of package metadata properties used to validate that the application matches the metadata in the source repository. |
packageIdentifier | String | The PackageIdentifier from the WinGet source repository REST API. This also maps to the Id when using the WinGet client command line application. Required at creation time, cannot be modified on existing objects. |
installExperience | winGetAppInstallExperience | The install experience settings associated with this application, which are used to ensure the desired install experiences on the target device are taken into account. This includes the account type (System or User) that actions should be run as on target devices. Required at creation time. |
chromeOSOnboardingSettings
Property | Type | Description |
---|---|---|
id | String | The ChromebookTenant's Id |
ownerUserPrincipalName | String | The ChromebookTenant's OwnerUserPrincipalName |
onboardingStatus | onboardingStatus | The ChromebookTenant's OnboardingStatus. Possible values are: unknown , inprogress , onboarded , failed , offboarding , unknownFutureValue . |
lastModifiedDateTime | DateTimeOffset | The ChromebookTenant's LastModifiedDateTime |
lastDirectorySyncDateTime | DateTimeOffset | The ChromebookTenant's LastDirectorySyncDateTime |
intune-chromebooksync-chromeosonboardingstatus
advancedThreatProtectionOnboardingDeviceSettingState
Property | Type | Description |
---|---|---|
id | String | Key of the entity |
platformType | deviceType | Device platform type. Possible values are: desktop , windowsRT , winMO6 , nokia , windowsPhone , mac , winCE , winEmbedded , iPhone , iPad , iPod , android , iSocConsumer , unix , macMDM , holoLens , surfaceHub , androidForWork , androidEnterprise , windows10x , androidnGMS , chromeOS , linux , blackberry , palm , unknown , cloudPC . |
setting | String | The setting class name and property name. |
settingName | String | The Setting Name that is being reported |
deviceId | String | The Device Id that is being reported |
deviceName | String | The Device Name that is being reported |
userId | String | The user Id that is being reported |
userEmail | String | The User email address that is being reported |
userName | String | The User Name that is being reported |
userPrincipalName | String | The User PrincipalName that is being reported |
deviceModel | String | The device model that is being reported |
state | complianceStatus | The compliance state of the setting. Possible values are: unknown , notApplicable , compliant , remediated , nonCompliant , error , conflict , notAssigned . |
complianceGracePeriodExpirationDateTime | DateTimeOffset | The DateTime when device compliance grace period expires |
advancedThreatProtectionOnboardingStateSummary
Property | Type | Description |
---|---|---|
id | String | Unique Identifier |
unknownDeviceCount | Int32 | Number of unknown devices |
notApplicableDeviceCount | Int32 | Number of not applicable devices |
compliantDeviceCount | Int32 | Number of compliant devices |
remediatedDeviceCount | Int32 | Number of remediated devices |
nonCompliantDeviceCount | Int32 | Number of NonCompliant devices |
errorDeviceCount | Int32 | Number of error devices |
conflictDeviceCount | Int32 | Number of conflict devices |
notAssignedDeviceCount | Int32 | Number of not assigned devices |
androidCertificateProfileBase
Property | Type | Description |
---|---|---|
id | String | Key of the entity. Inherited from deviceConfiguration |
lastModifiedDateTime | DateTimeOffset | DateTime the object was last modified. Inherited from deviceConfiguration |
roleScopeTagIds | String collection | List of Scope Tags for this Entity instance. Inherited from deviceConfiguration |
supportsScopeTags | Boolean | Indicates whether or not the underlying Device Configuration supports the assignment of scope tags. Assigning to the ScopeTags property is not allowed when this value is false and entities will not be visible to scoped users. This occurs for Legacy policies created in Silverlight and can be resolved by deleting and recreating the policy in the Azure Portal. This property is read-only. Inherited from deviceConfiguration |
deviceManagementApplicabilityRuleOsEdition | deviceManagementApplicabilityRuleOsEdition | The OS edition applicability for this Policy. Inherited from deviceConfiguration |
deviceManagementApplicabilityRuleOsVersion | deviceManagementApplicabilityRuleOsVersion | The OS version applicability rule for this Policy. Inherited from deviceConfiguration |
deviceManagementApplicabilityRuleDeviceMode | deviceManagementApplicabilityRuleDeviceMode | The device mode applicability rule for this Policy. Inherited from deviceConfiguration |
createdDateTime | DateTimeOffset | DateTime the object was created. Inherited from deviceConfiguration |
description | String | Admin provided description of the Device Configuration. Inherited from deviceConfiguration |
displayName | String | Admin provided name of the device configuration. Inherited from deviceConfiguration |
version | Int32 | Version of the device configuration. Inherited from deviceConfiguration |
renewalThresholdPercentage | Int32 | Certificate renewal threshold percentage. Valid values 1 to 99 |
subjectNameFormat | subjectNameFormat | Certificate Subject Name Format. Possible values are: commonName , commonNameIncludingEmail , commonNameAsEmail , custom , commonNameAsIMEI , commonNameAsSerialNumber , commonNameAsAadDeviceId , commonNameAsIntuneDeviceId , commonNameAsDurableDeviceId . |
subjectAlternativeNameType | subjectAlternativeNameType | Certificate Subject Alternative Name Type. Possible values are: none , emailAddress , userPrincipalName , customAzureADAttribute , domainNameService , universalResourceIdentifier . |
certificateValidityPeriodValue | Int32 | Value for the Certificate Validity Period. |
certificateValidityPeriodScale | certificateValidityPeriodScale | Scale for the Certificate Validity Period. Possible values are: days , months , years . |
extendedKeyUsages | extendedKeyUsage collection | Extended Key Usage (EKU) settings. This collection can contain a maximum of 500 elements. |
androidCompliancePolicy
Property | Type | Description |
---|---|---|
id | String | Key of the entity. Inherited from deviceCompliancePolicy |
createdDateTime | DateTimeOffset | DateTime the object was created. Inherited from deviceCompliancePolicy |
description | String | Admin provided description of the Device Configuration. Inherited from deviceCompliancePolicy |
lastModifiedDateTime | DateTimeOffset | DateTime the object was last modified. Inherited from deviceCompliancePolicy |
displayName | String | Admin provided name of the device configuration. Inherited from deviceCompliancePolicy |
version | Int32 | Version of the device configuration. Inherited from deviceCompliancePolicy |
passwordRequired | Boolean | Require a password to unlock device. |
passwordMinimumLength | Int32 | Minimum password length. Valid values 4 to 16 |
passwordRequiredType | androidRequiredPasswordType | Type of characters in password. Possible values are: deviceDefault , alphabetic , alphanumeric , alphanumericWithSymbols , lowSecurityBiometric , numeric , numericComplex , any . |
passwordMinutesOfInactivityBeforeLock | Int32 | Minutes of inactivity before a password is required. |
passwordExpirationDays | Int32 | Number of days before the password expires. Valid values 1 to 365 |
passwordPreviousPasswordBlockCount | Int32 | Number of previous passwords to block. Valid values 1 to 24 |
securityPreventInstallAppsFromUnknownSources | Boolean | Require that devices disallow installation of apps from unknown sources. |
securityDisableUsbDebugging | Boolean | Disable USB debugging on Android devices. |
securityRequireVerifyApps | Boolean | Require the Android Verify apps feature is turned on. |
deviceThreatProtectionEnabled | Boolean | Require that devices have enabled device threat protection. |
deviceThreatProtectionRequiredSecurityLevel | deviceThreatProtectionLevel | Require Mobile Threat Protection minimum risk level to report noncompliance. Possible values are: unavailable , secured , low , medium , high , notSet . |
securityBlockJailbrokenDevices | Boolean | Devices must not be jailbroken or rooted. |
osMinimumVersion | String | Minimum Android version. |
osMaximumVersion | String | Maximum Android version. |
minAndroidSecurityPatchLevel | String | Minimum Android security patch level. |
storageRequireEncryption | Boolean | Require encryption on Android devices. |
securityRequireSafetyNetAttestationBasicIntegrity | Boolean | Require the device to pass the SafetyNet basic integrity check. |
securityRequireSafetyNetAttestationCertifiedDevice | Boolean | Require the device to pass the SafetyNet certified device check. |
securityRequireGooglePlayServices | Boolean | Require Google Play Services to be installed and enabled on the device. |
securityRequireUpToDateSecurityProviders | Boolean | Require the device to have up to date security providers. The device will require Google Play Services to be enabled and up to date. |
securityRequireCompanyPortalAppIntegrity | Boolean | Require the device to pass the Company Portal client app runtime integrity check. |
androidCustomConfiguration
Property | Type | Description |
---|---|---|
id | String | Key of the entity. Inherited from deviceConfiguration |
lastModifiedDateTime | DateTimeOffset | DateTime the object was last modified. Inherited from deviceConfiguration |
createdDateTime | DateTimeOffset | DateTime the object was created. Inherited from deviceConfiguration |
description | String | Admin provided description of the Device Configuration. Inherited from deviceConfiguration |
displayName | String | Admin provided name of the device configuration. Inherited from deviceConfiguration |
version | Int32 | Version of the device configuration. Inherited from deviceConfiguration |
omaSettings | omaSetting collection | OMA settings. This collection can contain a maximum of 1000 elements. |
androidDeviceOwnerCertificateProfileBase
Property | Type | Description |
---|---|---|
id | String | Key of the entity. Inherited from deviceConfiguration |
lastModifiedDateTime | DateTimeOffset | DateTime the object was last modified. Inherited from deviceConfiguration |
roleScopeTagIds | String collection | List of Scope Tags for this Entity instance. Inherited from deviceConfiguration |
supportsScopeTags | Boolean | Indicates whether or not the underlying Device Configuration supports the assignment of scope tags. Assigning to the ScopeTags property is not allowed when this value is false and entities will not be visible to scoped users. This occurs for Legacy policies created in Silverlight and can be resolved by deleting and recreating the policy in the Azure Portal. This property is read-only. Inherited from deviceConfiguration |
deviceManagementApplicabilityRuleOsEdition | deviceManagementApplicabilityRuleOsEdition | The OS edition applicability for this Policy. Inherited from deviceConfiguration |
deviceManagementApplicabilityRuleOsVersion | deviceManagementApplicabilityRuleOsVersion | The OS version applicability rule for this Policy. Inherited from deviceConfiguration |
deviceManagementApplicabilityRuleDeviceMode | deviceManagementApplicabilityRuleDeviceMode | The device mode applicability rule for this Policy. Inherited from deviceConfiguration |
createdDateTime | DateTimeOffset | DateTime the object was created. Inherited from deviceConfiguration |
description | String | Admin provided description of the Device Configuration. Inherited from deviceConfiguration |
displayName | String | Admin provided name of the device configuration. Inherited from deviceConfiguration |
version | Int32 | Version of the device configuration. Inherited from deviceConfiguration |
renewalThresholdPercentage | Int32 | Certificate renewal threshold percentage. Valid values 1 to 99 |
subjectNameFormat | subjectNameFormat | Certificate Subject Name Format. Possible values are: commonName , commonNameIncludingEmail , commonNameAsEmail , custom , commonNameAsIMEI , commonNameAsSerialNumber , commonNameAsAadDeviceId , commonNameAsIntuneDeviceId , commonNameAsDurableDeviceId . |
certificateValidityPeriodValue | Int32 | Value for the Certificate Validity Period. |
certificateValidityPeriodScale | certificateValidityPeriodScale | Scale for the Certificate Validity Period. Possible values are: days , months , years . |
extendedKeyUsages | extendedKeyUsage collection | Extended Key Usage (EKU) settings. This collection can contain a maximum of 500 elements. |
subjectAlternativeNameType | subjectAlternativeNameType | Certificate Subject Alternative Name Type. Possible values are: none , emailAddress , userPrincipalName , customAzureADAttribute , domainNameService , universalResourceIdentifier . |
androidDeviceOwnerCompliancePolicy
Property | Type | Description |
---|---|---|
roleScopeTagIds | String collection | List of Scope Tags for this Entity instance. Inherited from deviceCompliancePolicy |
id | String | Key of the entity. Inherited from deviceCompliancePolicy |
createdDateTime | DateTimeOffset | DateTime the object was created. Inherited from deviceCompliancePolicy |
description | String | Admin provided description of the Device Configuration. Inherited from deviceCompliancePolicy |
lastModifiedDateTime | DateTimeOffset | DateTime the object was last modified. Inherited from deviceCompliancePolicy |
displayName | String | Admin provided name of the device configuration. Inherited from deviceCompliancePolicy |
version | Int32 | Version of the device configuration. Inherited from deviceCompliancePolicy |
deviceThreatProtectionEnabled | Boolean | Require that devices have enabled device threat protection. |
deviceThreatProtectionRequiredSecurityLevel | deviceThreatProtectionLevel | Require Mobile Threat Protection minimum risk level to report noncompliance. Possible values are: unavailable , secured , low , medium , high , notSet . |
advancedThreatProtectionRequiredSecurityLevel | deviceThreatProtectionLevel | MDATP Require Mobile Threat Protection minimum risk level to report noncompliance. Possible values are: unavailable , secured , low , medium , high , notSet . |
securityRequireSafetyNetAttestationBasicIntegrity | Boolean | Require the device to pass the SafetyNet basic integrity check. |
securityRequireSafetyNetAttestationCertifiedDevice | Boolean | Require the device to pass the SafetyNet certified device check. |
osMinimumVersion | String | Minimum Android version. |
osMaximumVersion | String | Maximum Android version. |
minAndroidSecurityPatchLevel | String | Minimum Android security patch level. |
passwordRequired | Boolean | Require a password to unlock device. |
passwordMinimumLength | Int32 | Minimum password length. Valid values 4 to 16 |
passwordMinimumLetterCharacters | Int32 | Indicates the minimum number of letter characters required for device password. Valid values 1 to 16 |
passwordMinimumLowerCaseCharacters | Int32 | Indicates the minimum number of lower case characters required for device password. Valid values 1 to 16 |
passwordMinimumNonLetterCharacters | Int32 | Indicates the minimum number of non-letter characters required for device password. Valid values 1 to 16 |
passwordMinimumNumericCharacters | Int32 | Indicates the minimum number of numeric characters required for device password. Valid values 1 to 16 |
passwordMinimumSymbolCharacters | Int32 | Indicates the minimum number of symbol characters required for device password. Valid values 1 to 16 |
passwordMinimumUpperCaseCharacters | Int32 | Indicates the minimum number of upper case letter characters required for device password. Valid values 1 to 16 |
passwordRequiredType | androidDeviceOwnerRequiredPasswordType | Type of characters in password. Possible values are: deviceDefault , required , numeric , numericComplex , alphabetic , alphanumeric , alphanumericWithSymbols , lowSecurityBiometric , customPassword . |
passwordMinutesOfInactivityBeforeLock | Int32 | Minutes of inactivity before a password is required. |
passwordExpirationDays | Int32 | Number of days before the password expires. Valid values 1 to 365 |
passwordPreviousPasswordCountToBlock | Int32 | Number of previous passwords to block. Valid values 1 to 24 |
storageRequireEncryption | Boolean | Require encryption on Android devices. |
securityRequireIntuneAppIntegrity | Boolean | If setting is set to true, checks that the Intune app installed on fully managed, dedicated, or corporate-owned work profile Android Enterprise enrolled devices, is the one provided by Microsoft from the Managed Google Playstore. If the check fails, the device will be reported as non-compliant. |
androidDeviceOwnerDerivedCredentialAuthenticationConfiguration
Property | Type | Description |
---|---|---|
id | String | Key of the entity. Inherited from deviceConfiguration |
lastModifiedDateTime | DateTimeOffset | DateTime the object was last modified. Inherited from deviceConfiguration |
roleScopeTagIds | String collection | List of Scope Tags for this Entity instance. Inherited from deviceConfiguration |
supportsScopeTags | Boolean | Indicates whether or not the underlying Device Configuration supports the assignment of scope tags. Assigning to the ScopeTags property is not allowed when this value is false and entities will not be visible to scoped users. This occurs for Legacy policies created in Silverlight and can be resolved by deleting and recreating the policy in the Azure Portal. This property is read-only. Inherited from deviceConfiguration |
deviceManagementApplicabilityRuleOsEdition | deviceManagementApplicabilityRuleOsEdition | The OS edition applicability for this Policy. Inherited from deviceConfiguration |
deviceManagementApplicabilityRuleOsVersion | deviceManagementApplicabilityRuleOsVersion | The OS version applicability rule for this Policy. Inherited from deviceConfiguration |
deviceManagementApplicabilityRuleDeviceMode | deviceManagementApplicabilityRuleDeviceMode | The device mode applicability rule for this Policy. Inherited from deviceConfiguration |
createdDateTime | DateTimeOffset | DateTime the object was created. Inherited from deviceConfiguration |
description | String | Admin provided description of the Device Configuration. Inherited from deviceConfiguration |
displayName | String | Admin provided name of the device configuration. Inherited from deviceConfiguration |
version | Int32 | Version of the device configuration. Inherited from deviceConfiguration |
certificateAccessType | androidDeviceOwnerCertificateAccessType | Certificate access type. Possible values are: userApproval , specificApps , unknownFutureValue . |
silentCertificateAccessDetails | androidDeviceOwnerSilentCertificateAccess collection | Certificate access information. This collection can contain a maximum of 50 elements. |
androidDeviceOwnerEnterpriseWiFiConfiguration
Property | Type | Description |
---|---|---|
id | String | Key of the entity. Inherited from deviceConfiguration |
lastModifiedDateTime | DateTimeOffset | DateTime the object was last modified. Inherited from deviceConfiguration |
roleScopeTagIds | String collection | List of Scope Tags for this Entity instance. Inherited from deviceConfiguration |
supportsScopeTags | Boolean | Indicates whether or not the underlying Device Configuration supports the assignment of scope tags. Assigning to the ScopeTags property is not allowed when this value is false and entities will not be visible to scoped users. This occurs for Legacy policies created in Silverlight and can be resolved by deleting and recreating the policy in the Azure Portal. This property is read-only. Inherited from deviceConfiguration |
deviceManagementApplicabilityRuleOsEdition | deviceManagementApplicabilityRuleOsEdition | The OS edition applicability for this Policy. Inherited from deviceConfiguration |
deviceManagementApplicabilityRuleOsVersion | deviceManagementApplicabilityRuleOsVersion | The OS version applicability rule for this Policy. Inherited from deviceConfiguration |
deviceManagementApplicabilityRuleDeviceMode | deviceManagementApplicabilityRuleDeviceMode | The device mode applicability rule for this Policy. Inherited from deviceConfiguration |
createdDateTime | DateTimeOffset | DateTime the object was created. Inherited from deviceConfiguration |
description | String | Admin provided description of the Device Configuration. Inherited from deviceConfiguration |
displayName | String | Admin provided name of the device configuration. Inherited from deviceConfiguration |
version | Int32 | Version of the device configuration. Inherited from deviceConfiguration |
networkName | String | Network Name Inherited from androidDeviceOwnerWiFiConfiguration |
ssid | String | This is the name of the Wi-Fi network that is broadcast to all devices. Inherited from androidDeviceOwnerWiFiConfiguration |
connectAutomatically | Boolean | Connect automatically when this network is in range. Setting this to true will skip the user prompt and automatically connect the device to Wi-Fi network. Inherited from androidDeviceOwnerWiFiConfiguration |
connectWhenNetworkNameIsHidden | Boolean | When set to true, this profile forces the device to connect to a network that doesn't broadcast its SSID to all devices. Inherited from androidDeviceOwnerWiFiConfiguration |
wiFiSecurityType | androidDeviceOwnerWiFiSecurityType | Indicates whether Wi-Fi endpoint uses an EAP based security type. Inherited from androidDeviceOwnerWiFiConfiguration. Possible values are: open , wep , wpaPersonal , wpaEnterprise . |
preSharedKey | String | This is the pre-shared key for WPA Personal Wi-Fi network. Inherited from androidDeviceOwnerWiFiConfiguration |
preSharedKeyIsSet | Boolean | This is the pre-shared key for WPA Personal Wi-Fi network. Inherited from androidDeviceOwnerWiFiConfiguration |
proxySettings | wiFiProxySetting | Specify the proxy setting for Wi-Fi configuration. Possible values include none, manual, and automatic. Inherited from androidDeviceOwnerWiFiConfiguration. Possible values are: none , manual , automatic . |
proxyManualAddress | String | Specify the proxy server IP address. Android documentation does not specify IPv4 or IPv6. For example: 192.168.1.1. Inherited from androidDeviceOwnerWiFiConfiguration |
proxyManualPort | Int32 | Specify the proxy server port. Inherited from androidDeviceOwnerWiFiConfiguration |
proxyAutomaticConfigurationUrl | String | Specify the proxy server configuration script URL. Inherited from androidDeviceOwnerWiFiConfiguration |
proxyExclusionList | String | List of hosts to exclude using the proxy on connections for. These hosts can use wildcards such as *.example.com. Inherited from androidDeviceOwnerWiFiConfiguration |
eapType | androidEapType | Indicates the type of EAP protocol set on the Wi-Fi endpoint (router). Possible values are: eapTls , eapTtls , peap . |
trustedServerCertificateNames | String collection | Trusted server certificate names when EAP Type is configured to EAP-TLS/TTLS/FAST or PEAP. This is the common name used in the certificates issued by your trusted certificate authority (CA). If you provide this information, you can bypass the dynamic trust dialog that is displayed on end users' devices when they connect to this Wi-Fi network. |
authenticationMethod | wiFiAuthenticationMethod | Indicates the Authentication Method the client (device) needs to use when the EAP Type is configured to PEAP or EAP-TTLS. Possible values are: certificate , usernameAndPassword , derivedCredential . |
innerAuthenticationProtocolForEapTtls | nonEapAuthenticationMethodForEapTtlsType | Non-EAP Method for Authentication (Inner Identity) when EAP Type is EAP-TTLS and Authenticationmethod is Username and Password. Possible values are: unencryptedPassword , challengeHandshakeAuthenticationProtocol , microsoftChap , microsoftChapVersionTwo . |
innerAuthenticationProtocolForPeap | nonEapAuthenticationMethodForPeap | Non-EAP Method for Authentication (Inner Identity) when EAP Type is PEAP and Authenticationmethod is Username and Password. Possible values are: none , microsoftChapVersionTwo . |
outerIdentityPrivacyTemporaryValue | String | Enable identity privacy (Outer Identity) when EAP Type is configured to EAP-TTLS or PEAP. The String provided here is used to mask the username of individual users when they attempt to connect to Wi-Fi network. |
androidDeviceOwnerGeneralDeviceConfiguration
Property | Type | Description |
---|---|---|
id | String | Key of the entity. Inherited from deviceConfiguration |
lastModifiedDateTime | DateTimeOffset | DateTime the object was last modified. Inherited from deviceConfiguration |
roleScopeTagIds | String collection | List of Scope Tags for this Entity instance. Inherited from deviceConfiguration |
supportsScopeTags | Boolean | Indicates whether or not the underlying Device Configuration supports the assignment of scope tags. Assigning to the ScopeTags property is not allowed when this value is false and entities will not be visible to scoped users. This occurs for Legacy policies created in Silverlight and can be resolved by deleting and recreating the policy in the Azure Portal. This property is read-only. Inherited from deviceConfiguration |
deviceManagementApplicabilityRuleOsEdition | deviceManagementApplicabilityRuleOsEdition | The OS edition applicability for this Policy. Inherited from deviceConfiguration |
deviceManagementApplicabilityRuleOsVersion | deviceManagementApplicabilityRuleOsVersion | The OS version applicability rule for this Policy. Inherited from deviceConfiguration |
deviceManagementApplicabilityRuleDeviceMode | deviceManagementApplicabilityRuleDeviceMode | The device mode applicability rule for this Policy. Inherited from deviceConfiguration |
createdDateTime | DateTimeOffset | DateTime the object was created. Inherited from deviceConfiguration |
description | String | Admin provided description of the Device Configuration. Inherited from deviceConfiguration |
displayName | String | Admin provided name of the device configuration. Inherited from deviceConfiguration |
version | Int32 | Version of the device configuration. Inherited from deviceConfiguration |
azureAdSharedDeviceDataClearApps | appListItem collection | A list of managed apps that will have their data cleared during a global sign-out in AAD shared device mode. This collection can contain a maximum of 500 elements. |
accountsBlockModification | Boolean | Indicates whether or not adding or removing accounts is disabled. |
appsAllowInstallFromUnknownSources | Boolean | Indicates whether or not the user is allowed to enable to unknown sources setting. |
appsAutoUpdatePolicy | androidDeviceOwnerAppAutoUpdatePolicyType | Indicates the value of the app auto update policy. Possible values are: notConfigured , userChoice , never , wiFiOnly , always . |
appsDefaultPermissionPolicy | androidDeviceOwnerDefaultAppPermissionPolicyType | Indicates the permission policy for requests for runtime permissions if one is not defined for the app specifically. Possible values are: deviceDefault , prompt , autoGrant , autoDeny . |
appsRecommendSkippingFirstUseHints | Boolean | Whether or not to recommend all apps skip any first-time-use hints they may have added. |
bluetoothBlockConfiguration | Boolean | Indicates whether or not to block a user from configuring bluetooth. |
bluetoothBlockContactSharing | Boolean | Indicates whether or not to block a user from sharing contacts via bluetooth. |
cameraBlocked | Boolean | Indicates whether or not to disable the use of the camera. |
cellularBlockWiFiTethering | Boolean | Indicates whether or not to block Wi-Fi tethering. |
certificateCredentialConfigurationDisabled | Boolean | Indicates whether or not to block users from any certificate credential configuration. |
crossProfilePoliciesAllowCopyPaste | Boolean | Indicates whether or not text copied from one profile (personal or work) can be pasted in the other. |
crossProfilePoliciesAllowDataSharing | androidDeviceOwnerCrossProfileDataSharing | Indicates whether data from one profile (personal or work) can be shared with apps in the other profile. Possible values are: notConfigured , crossProfileDataSharingBlocked , dataSharingFromWorkToPersonalBlocked , crossProfileDataSharingAllowed , unkownFutureValue . |
crossProfilePoliciesShowWorkContactsInPersonalProfile | Boolean | Indicates whether or not contacts stored in work profile are shown in personal profile contact searches/incoming calls. |
microsoftLauncherConfigurationEnabled | Boolean | Indicates whether or not to you want configure Microsoft Launcher. |
microsoftLauncherCustomWallpaperEnabled | Boolean | Indicates whether or not to configure the wallpaper on the targeted devices. |
microsoftLauncherCustomWallpaperImageUrl | String | Indicates the URL for the image file to use as the wallpaper on the targeted devices. |
microsoftLauncherCustomWallpaperAllowUserModification | Boolean | Indicates whether or not the user can modify the wallpaper to personalize their device. |
microsoftLauncherFeedEnabled | Boolean | Indicates whether or not you want to enable the launcher feed on the device. |
microsoftLauncherFeedAllowUserModification | Boolean | Indicates whether or not the user can modify the launcher feed on the device. |
microsoftLauncherDockPresenceConfiguration | microsoftLauncherDockPresence | Indicates whether or not you want to configure the device dock. Possible values are: notConfigured , show , hide , disabled . |
microsoftLauncherDockPresenceAllowUserModification | Boolean | Indicates whether or not the user can modify the device dock configuration on the device. |
microsoftLauncherSearchBarPlacementConfiguration | microsoftLauncherSearchBarPlacement | Indicates the search bar placement configuration on the device. Possible values are: notConfigured , top , bottom , hide . |
enrollmentProfile | androidDeviceOwnerEnrollmentProfileType | Indicates which enrollment profile you want to configure. Possible values are: notConfigured , dedicatedDevice , fullyManaged . |
dataRoamingBlocked | Boolean | Indicates whether or not to block a user from data roaming. |
dateTimeConfigurationBlocked | Boolean | Indicates whether or not to block the user from manually changing the date or time on the device |
detailedHelpText | androidDeviceOwnerUserFacingMessage | Represents the customized detailed help text provided to users when they attempt to modify managed settings on their device. |
deviceOwnerLockScreenMessage | androidDeviceOwnerUserFacingMessage | Represents the customized lock screen message provided to users when they attempt to modify managed settings on their device. |
securityCommonCriteriaModeEnabled | Boolean | Represents the security common criteria mode enabled provided to users when they attempt to modify managed settings on their device. |
factoryResetDeviceAdministratorEmails | String collection | List of Google account emails that will be required to authenticate after a device is factory reset before it can be set up. |
factoryResetBlocked | Boolean | Indicates whether or not the factory reset option in settings is disabled. |
globalProxy | androidDeviceOwnerGlobalProxy | Proxy is set up directly with host, port and excluded hosts. |
googleAccountsBlocked | Boolean | Indicates whether or not google accounts will be blocked. |
kioskCustomizationDeviceSettingsBlocked | Boolean | Indicates whether a user can access the device's Settings app while in Kiosk Mode. |
kioskCustomizationPowerButtonActionsBlocked | Boolean | Whether the power menu is shown when a user long presses the Power button of a device in Kiosk Mode. |
kioskCustomizationStatusBar | androidDeviceOwnerKioskCustomizationStatusBar | Indicates whether system info and notifications are disabled in Kiosk Mode. Possible values are: notConfigured , notificationsAndSystemInfoEnabled , systemInfoOnly . |
kioskCustomizationSystemErrorWarnings | Boolean | Indicates whether system error dialogs for crashed or unresponsive apps are shown in Kiosk Mode. |
kioskCustomizationSystemNavigation | androidDeviceOwnerKioskCustomizationSystemNavigation | Indicates which navigation features are enabled in Kiosk Mode. Possible values are: notConfigured , navigationEnabled , homeButtonOnly . |
kioskModeScreenSaverConfigurationEnabled | Boolean | Whether or not to enable screen saver mode or not in Kiosk Mode. |
kioskModeScreenSaverImageUrl | String | URL for an image that will be the device's screen saver in Kiosk Mode. |
kioskModeScreenSaverDisplayTimeInSeconds | Int32 | The number of seconds that the device will display the screen saver for in Kiosk Mode. Valid values 0 to 9999999 |
kioskModeScreenSaverStartDelayInSeconds | Int32 | The number of seconds the device needs to be inactive for before the screen saver is shown in Kiosk Mode. Valid values 1 to 9999999 |
kioskModeScreenSaverDetectMediaDisabled | Boolean | Whether or not the device screen should show the screen saver if audio/video is playing in Kiosk Mode. |
kioskModeApps | appListItem collection | A list of managed apps that will be shown when the device is in Kiosk Mode. This collection can contain a maximum of 500 elements. |
kioskModeWallpaperUrl | String | URL to a publicly accessible image to use for the wallpaper when the device is in Kiosk Mode. |
kioskModeExitCode | String | Exit code to allow a user to escape from Kiosk Mode when the device is in Kiosk Mode. |
kioskModeVirtualHomeButtonEnabled | Boolean | Whether or not to display a virtual home button when the device is in Kiosk Mode. |
kioskModeVirtualHomeButtonType | androidDeviceOwnerVirtualHomeButtonType | Indicates whether the virtual home button is a swipe up home button or a floating home button. Possible values are: notConfigured , swipeUp , floating . |
kioskModeBluetoothConfigurationEnabled | Boolean | Whether or not to allow a user to configure Bluetooth settings in Kiosk Mode. |
kioskModeWiFiConfigurationEnabled | Boolean | Whether or not to allow a user to configure Wi-Fi settings in Kiosk Mode. |
kioskModeFlashlightConfigurationEnabled | Boolean | Whether or not to allow a user to use the flashlight in Kiosk Mode. |
kioskModeMediaVolumeConfigurationEnabled | Boolean | Whether or not to allow a user to change the media volume in Kiosk Mode. |
kioskModeShowDeviceInfo | Boolean | Whether or not to allow a user to access basic device information. |
kioskModeManagedSettingsEntryDisabled | Boolean | Whether or not to display the Managed Settings entry point on the managed home screen in Kiosk Mode. |
kioskModeDebugMenuEasyAccessEnabled | Boolean | Whether or not to allow a user to easy access to the debug menu in Kiosk Mode. |
kioskModeShowAppNotificationBadge | Boolean | Whether or not to display application notification badges in Kiosk Mode. |
kioskModeScreenOrientation | androidDeviceOwnerKioskModeScreenOrientation | Screen orientation configuration for managed home screen in Kiosk Mode. Possible values are: notConfigured , portrait , landscape , autoRotate . |
kioskModeIconSize | androidDeviceOwnerKioskModeIconSize | Icon size configuration for managed home screen in Kiosk Mode. Possible values are: notConfigured , smallest , small , regular , large , largest . |
kioskModeFolderIcon | androidDeviceOwnerKioskModeFolderIcon | Folder icon configuration for managed home screen in Kiosk Mode. Possible values are: notConfigured , darkSquare , darkCircle , lightSquare , lightCircle . |
kioskModeWifiAllowedSsids | String collection | The restricted set of WIFI SSIDs available for the user to configure in Kiosk Mode. This collection can contain a maximum of 500 elements. |
kioskModeAppOrderEnabled | Boolean | Whether or not to enable app ordering in Kiosk Mode. |
kioskModeAppsInFolderOrderedByName | Boolean | Whether or not to alphabetize applications within a folder in Kiosk Mode. |
kioskModeGridHeight | Int32 | Number of rows for Managed Home Screen grid with app ordering enabled in Kiosk Mode. Valid values 1 to 9999999 |
kioskModeGridWidth | Int32 | Number of columns for Managed Home Screen grid with app ordering enabled in Kiosk Mode. Valid values 1 to 9999999 |
kioskModeLockHomeScreen | Boolean | Whether or not to lock home screen to the end user in Kiosk Mode. |
kioskModeManagedFolders | androidDeviceOwnerKioskModeManagedFolder collection | A list of managed folders for a device in Kiosk Mode. This collection can contain a maximum of 500 elements. |
kioskModeAppPositions | androidDeviceOwnerKioskModeAppPositionItem collection | The ordering of items on Kiosk Mode Managed Home Screen. This collection can contain a maximum of 500 elements. |
kioskModeManagedHomeScreenAutoSignout | Boolean | Whether or not to automatically sign-out of MHS and Shared device mode applications after inactive for Managed Home Screen. |
kioskModeManagedHomeScreenInactiveSignOutDelayInSeconds | Int32 | Number of seconds to give user notice before automatically signing them out for Managed Home Screen. Valid values 0 to 9999999 |
kioskModeManagedHomeScreenInactiveSignOutNoticeInSeconds | Int32 | Number of seconds device is inactive before automatically signing user out for Managed Home Screen. Valid values 0 to 9999999 |
kioskModeManagedHomeScreenPinComplexity | kioskModeManagedHomeScreenPinComplexity | Complexity of PIN for sign-in session for Managed Home Screen. Possible values are: notConfigured , simple , complex . |
kioskModeManagedHomeScreenPinRequired | Boolean | Whether or not require user to set a PIN for sign-in session for Managed Home Screen. |
kioskModeManagedHomeScreenPinRequiredToResume | Boolean | Whether or not required user to enter session PIN if screensaver has appeared for Managed Home Screen. |
kioskModeManagedHomeScreenSignInBackground | String | Custom URL background for sign-in screen for Managed Home Screen. |
kioskModeManagedHomeScreenSignInBrandingLogo | String | Custom URL branding logo for sign-in screen and session pin page for Managed Home Screen. |
kioskModeManagedHomeScreenSignInEnabled | Boolean | Whether or not show sign-in screen for Managed Home Screen. |
kioskModeUseManagedHomeScreenApp | kioskModeType | Whether or not to use single app kiosk mode or multi-app kiosk mode. Possible values are: notConfigured , singleAppMode , multiAppMode . |
microphoneForceMute | Boolean | Indicates whether or not to block unmuting the microphone on the device. |
networkEscapeHatchAllowed | Boolean | Indicates whether or not the device will allow connecting to a temporary network connection at boot time. |
nfcBlockOutgoingBeam | Boolean | Indicates whether or not to block NFC outgoing beam. |
passwordBlockKeyguard | Boolean | Indicates whether or not the keyguard is disabled. |
passwordBlockKeyguardFeatures | androidKeyguardFeature collection | List of device keyguard features to block. This collection can contain a maximum of 11 elements. |
passwordExpirationDays | Int32 | Indicates the amount of time that a password can be set for before it expires and a new password will be required. Valid values 1 to 365 |
passwordMinimumLength | Int32 | Indicates the minimum length of the password required on the device. Valid values 4 to 16 |
passwordMinimumLetterCharacters | Int32 | Indicates the minimum number of letter characters required for device password. Valid values 1 to 16 |
passwordMinimumLowerCaseCharacters | Int32 | Indicates the minimum number of lower case characters required for device password. Valid values 1 to 16 |
passwordMinimumNonLetterCharacters | Int32 | Indicates the minimum number of non-letter characters required for device password. Valid values 1 to 16 |
passwordMinimumNumericCharacters | Int32 | Indicates the minimum number of numeric characters required for device password. Valid values 1 to 16 |
passwordMinimumSymbolCharacters | Int32 | Indicates the minimum number of symbol characters required for device password. Valid values 1 to 16 |
passwordMinimumUpperCaseCharacters | Int32 | Indicates the minimum number of upper case letter characters required for device password. Valid values 1 to 16 |
passwordMinutesOfInactivityBeforeScreenTimeout | Int32 | Minutes of inactivity before the screen times out. |
passwordPreviousPasswordCountToBlock | Int32 | Indicates the length of password history, where the user will not be able to enter a new password that is the same as any password in the history. Valid values 0 to 24 |
passwordRequiredType | androidDeviceOwnerRequiredPasswordType | Indicates the minimum password quality required on the device. Possible values are: deviceDefault , required , numeric , numericComplex , alphabetic , alphanumeric , alphanumericWithSymbols , lowSecurityBiometric , customPassword . |
passwordRequireUnlock | androidDeviceOwnerRequiredPasswordUnlock | Indicates the timeout period after which a device must be unlocked using a form of strong authentication. Possible values are: deviceDefault , daily , unkownFutureValue . |
passwordSignInFailureCountBeforeFactoryReset | Int32 | Indicates the number of times a user can enter an incorrect password before the device is wiped. Valid values 4 to 11 |
playStoreMode | androidDeviceOwnerPlayStoreMode | Indicates the Play Store mode of the device. Possible values are: notConfigured , allowList , blockList . |
screenCaptureBlocked | Boolean | Indicates whether or not to disable the capability to take screenshots. |
securityDeveloperSettingsEnabled | Boolean | Indicates whether or not the user is allowed to access developer settings like developer options and safe boot on the device. |
securityRequireVerifyApps | Boolean | Indicates whether or not verify apps is required. |
shortHelpText | androidDeviceOwnerUserFacingMessage | Represents the customized short help text provided to users when they attempt to modify managed settings on their device. |
statusBarBlocked | Boolean | Indicates whether or the status bar is disabled, including notifications, quick settings and other screen overlays. |
stayOnModes | androidDeviceOwnerBatteryPluggedMode collection | List of modes in which the device's display will stay powered-on. This collection can contain a maximum of 4 elements. |
storageAllowUsb | Boolean | Indicates whether or not to allow USB mass storage. |
storageBlockExternalMedia | Boolean | Indicates whether or not to block external media. |
storageBlockUsbFileTransfer | Boolean | Indicates whether or not to block USB file transfer. |
systemUpdateFreezePeriods | androidDeviceOwnerSystemUpdateFreezePeriod collection | Indicates the annually repeating time periods during which system updates are postponed. This collection can contain a maximum of 500 elements. |
systemUpdateWindowStartMinutesAfterMidnight | Int32 | Indicates the number of minutes after midnight that the system update window starts. Valid values 0 to 1440 |
systemUpdateWindowEndMinutesAfterMidnight | Int32 | Indicates the number of minutes after midnight that the system update window ends. Valid values 0 to 1440 |
systemUpdateInstallType | androidDeviceOwnerSystemUpdateInstallType | The type of system update configuration. Possible values are: deviceDefault , postpone , windowed , automatic . |
systemWindowsBlocked | Boolean | Whether or not to block Android system prompt windows, like toasts, phone activities, and system alerts. |
usersBlockAdd | Boolean | Indicates whether or not adding users and profiles is disabled. |
usersBlockRemove | Boolean | Indicates whether or not to disable removing other users from the device. |
volumeBlockAdjustment | Boolean | Indicates whether or not adjusting the master volume is disabled. |
vpnAlwaysOnLockdownMode | Boolean | If an always on VPN package name is specified, whether or not to lock network traffic when that VPN is disconnected. |
vpnAlwaysOnPackageIdentifier | String | Android app package name for app that will handle an always-on VPN connection. |
wifiBlockEditConfigurations | Boolean | Indicates whether or not to block the user from editing the wifi connection settings. |
wifiBlockEditPolicyDefinedConfigurations | Boolean | Indicates whether or not to block the user from editing just the networks defined by the policy. |
personalProfileAppsAllowInstallFromUnknownSources | Boolean | Indicates whether the user can install apps from unknown sources on the personal profile. |
personalProfileCameraBlocked | Boolean | Indicates whether to disable the use of the camera on the personal profile. |
personalProfileScreenCaptureBlocked | Boolean | Indicates whether to disable the capability to take screenshots on the personal profile. |
personalProfilePlayStoreMode | personalProfilePersonalPlayStoreMode | Used together with PersonalProfilePersonalApplications to control how apps in the personal profile are allowed or blocked. Possible values are: notConfigured , blockedApps , allowedApps . |
personalProfilePersonalApplications | appListItem collection | Policy applied to applications in the personal profile. This collection can contain a maximum of 500 elements. |
workProfilePasswordExpirationDays | Int32 | Indicates the number of days that a work profile password can be set before it expires and a new password will be required. Valid values 1 to 365 |
workProfilePasswordMinimumLength | Int32 | Indicates the minimum length of the work profile password. Valid values 4 to 16 |
workProfilePasswordMinimumNumericCharacters | Int32 | Indicates the minimum number of numeric characters required for the work profile password. Valid values 1 to 16 |
workProfilePasswordMinimumNonLetterCharacters | Int32 | Indicates the minimum number of non-letter characters required for the work profile password. Valid values 1 to 16 |
workProfilePasswordMinimumLetterCharacters | Int32 | Indicates the minimum number of letter characters required for the work profile password. Valid values 1 to 16 |
workProfilePasswordMinimumLowerCaseCharacters | Int32 | Indicates the minimum number of lower-case characters required for the work profile password. Valid values 1 to 16 |
workProfilePasswordMinimumUpperCaseCharacters | Int32 | Indicates the minimum number of upper-case letter characters required for the work profile password. Valid values 1 to 16 |
workProfilePasswordMinimumSymbolCharacters | Int32 | Indicates the minimum number of symbol characters required for the work profile password. Valid values 1 to 16 |
workProfilePasswordPreviousPasswordCountToBlock | Int32 | Indicates the length of the work profile password history, where the user will not be able to enter a new password that is the same as any password in the history. Valid values 0 to 24 |
workProfilePasswordSignInFailureCountBeforeFactoryReset | Int32 | Indicates the number of times a user can enter an incorrect work profile password before the device is wiped. Valid values 4 to 11 |
workProfilePasswordRequiredType | androidDeviceOwnerRequiredPasswordType | Indicates the minimum password quality required on the work profile password. Possible values are: deviceDefault , required , numeric , numericComplex , alphabetic , alphanumeric , alphanumericWithSymbols , lowSecurityBiometric , customPassword . |
workProfilePasswordRequireUnlock | androidDeviceOwnerRequiredPasswordUnlock | Indicates the timeout period after which a work profile must be unlocked using a form of strong authentication. Possible values are: deviceDefault , daily , unkownFutureValue . |
locateDeviceUserlessDisabled | Boolean | Indicates whether or not LocateDevice for userless (COSU) devices is disabled. |
locateDeviceLostModeEnabled | Boolean | Indicates whether or not LocateDevice for devices with lost mode (COBO, COPE) is enabled. |
androidDeviceOwnerDelegatedScopeAppSettings | androidDeviceOwnerDelegatedScopeAppSetting collection | Specifies the list of managed apps with app details and its associated delegated scope(s). This collection can contain a maximum of 500 elements. |
androidDeviceOwnerImportedPFXCertificateProfile
Property | Type | Description |
---|---|---|
id | String | Key of the entity. Inherited from deviceConfiguration |
lastModifiedDateTime | DateTimeOffset | DateTime the object was last modified. Inherited from deviceConfiguration |
roleScopeTagIds | String collection | List of Scope Tags for this Entity instance. Inherited from deviceConfiguration |
supportsScopeTags | Boolean | Indicates whether or not the underlying Device Configuration supports the assignment of scope tags. Assigning to the ScopeTags property is not allowed when this value is false and entities will not be visible to scoped users. This occurs for Legacy policies created in Silverlight and can be resolved by deleting and recreating the policy in the Azure Portal. This property is read-only. Inherited from deviceConfiguration |
deviceManagementApplicabilityRuleOsEdition | deviceManagementApplicabilityRuleOsEdition | The OS edition applicability for this Policy. Inherited from deviceConfiguration |
deviceManagementApplicabilityRuleOsVersion | deviceManagementApplicabilityRuleOsVersion | The OS version applicability rule for this Policy. Inherited from deviceConfiguration |
deviceManagementApplicabilityRuleDeviceMode | deviceManagementApplicabilityRuleDeviceMode | The device mode applicability rule for this Policy. Inherited from deviceConfiguration |
createdDateTime | DateTimeOffset | DateTime the object was created. Inherited from deviceConfiguration |
description | String | Admin provided description of the Device Configuration. Inherited from deviceConfiguration |
displayName | String | Admin provided name of the device configuration. Inherited from deviceConfiguration |
version | Int32 | Version of the device configuration. Inherited from deviceConfiguration |
renewalThresholdPercentage | Int32 | Certificate renewal threshold percentage. Valid values 1 to 99 Inherited from androidDeviceOwnerCertificateProfileBase |
subjectNameFormat | subjectNameFormat | Certificate Subject Name Format. Inherited from androidDeviceOwnerCertificateProfileBase. Possible values are: commonName , commonNameIncludingEmail , commonNameAsEmail , custom , commonNameAsIMEI , commonNameAsSerialNumber , commonNameAsAadDeviceId , commonNameAsIntuneDeviceId , commonNameAsDurableDeviceId . |
certificateValidityPeriodValue | Int32 | Value for the Certificate Validity Period. Inherited from androidDeviceOwnerCertificateProfileBase |
certificateValidityPeriodScale | certificateValidityPeriodScale | Scale for the Certificate Validity Period. Inherited from androidDeviceOwnerCertificateProfileBase. Possible values are: days , months , years . |
extendedKeyUsages | extendedKeyUsage collection | Extended Key Usage (EKU) settings. This collection can contain a maximum of 500 elements. Inherited from androidDeviceOwnerCertificateProfileBase |
subjectAlternativeNameType | subjectAlternativeNameType | Certificate Subject Alternative Name Type. Inherited from androidDeviceOwnerCertificateProfileBase. Possible values are: none , emailAddress , userPrincipalName , customAzureADAttribute , domainNameService , universalResourceIdentifier . |
intendedPurpose | intendedPurpose | Intended Purpose of the Certificate Profile - which could be Unassigned, SmimeEncryption, SmimeSigning etc. Possible values are: unassigned , smimeEncryption , smimeSigning , vpn , wifi . |
certificateAccessType | androidDeviceOwnerCertificateAccessType | Certificate access type. Possible values are: userApproval , specificApps , unknownFutureValue . |
silentCertificateAccessDetails | androidDeviceOwnerSilentCertificateAccess collection | Certificate access information. This collection can contain a maximum of 50 elements. |
androidDeviceOwnerPkcsCertificateProfile
Property | Type | Description |
---|---|---|
id | String | Key of the entity. Inherited from deviceConfiguration |
lastModifiedDateTime | DateTimeOffset | DateTime the object was last modified. Inherited from deviceConfiguration |
roleScopeTagIds | String collection | List of Scope Tags for this Entity instance. Inherited from deviceConfiguration |
supportsScopeTags | Boolean | Indicates whether or not the underlying Device Configuration supports the assignment of scope tags. Assigning to the ScopeTags property is not allowed when this value is false and entities will not be visible to scoped users. This occurs for Legacy policies created in Silverlight and can be resolved by deleting and recreating the policy in the Azure Portal. This property is read-only. Inherited from deviceConfiguration |
deviceManagementApplicabilityRuleOsEdition | deviceManagementApplicabilityRuleOsEdition | The OS edition applicability for this Policy. Inherited from deviceConfiguration |
deviceManagementApplicabilityRuleOsVersion | deviceManagementApplicabilityRuleOsVersion | The OS version applicability rule for this Policy. Inherited from deviceConfiguration |
deviceManagementApplicabilityRuleDeviceMode | deviceManagementApplicabilityRuleDeviceMode | The device mode applicability rule for this Policy. Inherited from deviceConfiguration |
createdDateTime | DateTimeOffset | DateTime the object was created. Inherited from deviceConfiguration |
description | String | Admin provided description of the Device Configuration. Inherited from deviceConfiguration |
displayName | String | Admin provided name of the device configuration. Inherited from deviceConfiguration |
version | Int32 | Version of the device configuration. Inherited from deviceConfiguration |
renewalThresholdPercentage | Int32 | Certificate renewal threshold percentage. Valid values 1 to 99 Inherited from androidDeviceOwnerCertificateProfileBase |
subjectNameFormat | subjectNameFormat | Certificate Subject Name Format. Inherited from androidDeviceOwnerCertificateProfileBase. Possible values are: commonName , commonNameIncludingEmail , commonNameAsEmail , custom , commonNameAsIMEI , commonNameAsSerialNumber , commonNameAsAadDeviceId , commonNameAsIntuneDeviceId , commonNameAsDurableDeviceId . |
certificateValidityPeriodValue | Int32 | Value for the Certificate Validity Period. Inherited from androidDeviceOwnerCertificateProfileBase |
certificateValidityPeriodScale | certificateValidityPeriodScale | Scale for the Certificate Validity Period. Inherited from androidDeviceOwnerCertificateProfileBase. Possible values are: days , months , years . |
extendedKeyUsages | extendedKeyUsage collection | Extended Key Usage (EKU) settings. This collection can contain a maximum of 500 elements. Inherited from androidDeviceOwnerCertificateProfileBase |
subjectAlternativeNameType | subjectAlternativeNameType | Certificate Subject Alternative Name Type. Inherited from androidDeviceOwnerCertificateProfileBase. Possible values are: none , emailAddress , userPrincipalName , customAzureADAttribute , domainNameService , universalResourceIdentifier . |
certificationAuthority | String | PKCS Certification Authority |
certificationAuthorityName | String | PKCS Certification Authority Name |
certificationAuthorityType | deviceManagementCertificationAuthority | Certification authority type. Possible values are: notConfigured , microsoft , digiCert . |
certificateTemplateName | String | PKCS Certificate Template Name |
subjectAlternativeNameFormatString | String | Custom String that defines the AAD Attribute. |
subjectNameFormatString | String | Custom format to use with SubjectNameFormat = Custom. Example: CN={{EmailAddress}},E={{EmailAddress}},OU=Enterprise Users,O=Contoso Corporation,L=Redmond,ST=WA,C=US |
certificateStore | certificateStore | Target store certificate. Possible values are: user , machine . |
customSubjectAlternativeNames | customSubjectAlternativeName collection | Custom Subject Alternative Name Settings. This collection can contain a maximum of 500 elements. |
certificateAccessType | androidDeviceOwnerCertificateAccessType | Certificate access type. Possible values are: userApproval , specificApps , unknownFutureValue . |
silentCertificateAccessDetails | androidDeviceOwnerSilentCertificateAccess collection | Certificate access information. This collection can contain a maximum of 50 elements. |
androidDeviceOwnerScepCertificateProfile
Property | Type | Description |
---|---|---|
id | String | Key of the entity. Inherited from deviceConfiguration |
lastModifiedDateTime | DateTimeOffset | DateTime the object was last modified. Inherited from deviceConfiguration |
roleScopeTagIds | String collection | List of Scope Tags for this Entity instance. Inherited from deviceConfiguration |
supportsScopeTags | Boolean | Indicates whether or not the underlying Device Configuration supports the assignment of scope tags. Assigning to the ScopeTags property is not allowed when this value is false and entities will not be visible to scoped users. This occurs for Legacy policies created in Silverlight and can be resolved by deleting and recreating the policy in the Azure Portal. This property is read-only. Inherited from deviceConfiguration |
deviceManagementApplicabilityRuleOsEdition | deviceManagementApplicabilityRuleOsEdition | The OS edition applicability for this Policy. Inherited from deviceConfiguration |
deviceManagementApplicabilityRuleOsVersion | deviceManagementApplicabilityRuleOsVersion | The OS version applicability rule for this Policy. Inherited from deviceConfiguration |
deviceManagementApplicabilityRuleDeviceMode | deviceManagementApplicabilityRuleDeviceMode | The device mode applicability rule for this Policy. Inherited from deviceConfiguration |
createdDateTime | DateTimeOffset | DateTime the object was created. Inherited from deviceConfiguration |
description | String | Admin provided description of the Device Configuration. Inherited from deviceConfiguration |
displayName | String | Admin provided name of the device configuration. Inherited from deviceConfiguration |
version | Int32 | Version of the device configuration. Inherited from deviceConfiguration |
renewalThresholdPercentage | Int32 | Certificate renewal threshold percentage. Valid values 1 to 99 Inherited from androidDeviceOwnerCertificateProfileBase |
subjectNameFormat | subjectNameFormat | Certificate Subject Name Format. Inherited from androidDeviceOwnerCertificateProfileBase. Possible values are: commonName , commonNameIncludingEmail , commonNameAsEmail , custom , commonNameAsIMEI , commonNameAsSerialNumber , commonNameAsAadDeviceId , commonNameAsIntuneDeviceId , commonNameAsDurableDeviceId . |
certificateValidityPeriodValue | Int32 | Value for the Certificate Validity Period. Inherited from androidDeviceOwnerCertificateProfileBase |
certificateValidityPeriodScale | certificateValidityPeriodScale | Scale for the Certificate Validity Period. Inherited from androidDeviceOwnerCertificateProfileBase. Possible values are: days , months , years . |
extendedKeyUsages | extendedKeyUsage collection | Extended Key Usage (EKU) settings. This collection can contain a maximum of 500 elements. Inherited from androidDeviceOwnerCertificateProfileBase |
subjectAlternativeNameType | subjectAlternativeNameType | Certificate Subject Alternative Name Type. Inherited from androidDeviceOwnerCertificateProfileBase. Possible values are: none , emailAddress , userPrincipalName , customAzureADAttribute , domainNameService , universalResourceIdentifier . |
scepServerUrls | String collection | SCEP Server Url(s) |
subjectNameFormatString | String | Custom format to use with SubjectNameFormat = Custom. Example: CN={{EmailAddress}},E={{EmailAddress}},OU=Enterprise Users,O=Contoso Corporation,L=Redmond,ST=WA,C=US |
keyUsage | keyUsages | SCEP Key Usage. Possible values are: keyEncipherment , digitalSignature . |
keySize | keySize | SCEP Key Size. Possible values are: size1024 , size2048 , size4096 . |
hashAlgorithm | hashAlgorithms | SCEP Hash Algorithm. Possible values are: sha1 , sha2 . |
subjectAlternativeNameFormatString | String | Custom String that defines the AAD Attribute. |
certificateStore | certificateStore | Target store certificate. Possible values are: user , machine . |
customSubjectAlternativeNames | customSubjectAlternativeName collection | Custom Subject Alternative Name Settings. This collection can contain a maximum of 500 elements. |
certificateAccessType | androidDeviceOwnerCertificateAccessType | Certificate access type. Possible values are: userApproval , specificApps , unknownFutureValue . |
silentCertificateAccessDetails | androidDeviceOwnerSilentCertificateAccess collection | Certificate access information. This collection can contain a maximum of 50 elements. |
androidDeviceOwnerTrustedRootCertificate
Property | Type | Description |
---|---|---|
id | String | Key of the entity. Inherited from deviceConfiguration |
lastModifiedDateTime | DateTimeOffset | DateTime the object was last modified. Inherited from deviceConfiguration |
roleScopeTagIds | String collection | List of Scope Tags for this Entity instance. Inherited from deviceConfiguration |
supportsScopeTags | Boolean | Indicates whether or not the underlying Device Configuration supports the assignment of scope tags. Assigning to the ScopeTags property is not allowed when this value is false and entities will not be visible to scoped users. This occurs for Legacy policies created in Silverlight and can be resolved by deleting and recreating the policy in the Azure Portal. This property is read-only. Inherited from deviceConfiguration |
deviceManagementApplicabilityRuleOsEdition | deviceManagementApplicabilityRuleOsEdition | The OS edition applicability for this Policy. Inherited from deviceConfiguration |
deviceManagementApplicabilityRuleOsVersion | deviceManagementApplicabilityRuleOsVersion | The OS version applicability rule for this Policy. Inherited from deviceConfiguration |
deviceManagementApplicabilityRuleDeviceMode | deviceManagementApplicabilityRuleDeviceMode | The device mode applicability rule for this Policy. Inherited from deviceConfiguration |
createdDateTime | DateTimeOffset | DateTime the object was created. Inherited from deviceConfiguration |
description | String | Admin provided description of the Device Configuration. Inherited from deviceConfiguration |
displayName | String | Admin provided name of the device configuration. Inherited from deviceConfiguration |
version | Int32 | Version of the device configuration. Inherited from deviceConfiguration |
trustedRootCertificate | Binary | Trusted Root Certificate |
certFileName | String | File name to display in UI. |
androidDeviceOwnerVpnConfiguration
Property | Type | Description |
---|---|---|
id | String | Key of the entity. Inherited from deviceConfiguration |
lastModifiedDateTime | DateTimeOffset | DateTime the object was last modified. Inherited from deviceConfiguration |
roleScopeTagIds | String collection | List of Scope Tags for this Entity instance. Inherited from deviceConfiguration |
supportsScopeTags | Boolean | Indicates whether or not the underlying Device Configuration supports the assignment of scope tags. Assigning to the ScopeTags property is not allowed when this value is false and entities will not be visible to scoped users. This occurs for Legacy policies created in Silverlight and can be resolved by deleting and recreating the policy in the Azure Portal. This property is read-only. Inherited from deviceConfiguration |
deviceManagementApplicabilityRuleOsEdition | deviceManagementApplicabilityRuleOsEdition | The OS edition applicability for this Policy. Inherited from deviceConfiguration |
deviceManagementApplicabilityRuleOsVersion | deviceManagementApplicabilityRuleOsVersion | The OS version applicability rule for this Policy. Inherited from deviceConfiguration |
deviceManagementApplicabilityRuleDeviceMode | deviceManagementApplicabilityRuleDeviceMode | The device mode applicability rule for this Policy. Inherited from deviceConfiguration |
createdDateTime | DateTimeOffset | DateTime the object was created. Inherited from deviceConfiguration |
description | String | Admin provided description of the Device Configuration. Inherited from deviceConfiguration |
displayName | String | Admin provided name of the device configuration. Inherited from deviceConfiguration |
version | Int32 | Version of the device configuration. Inherited from deviceConfiguration |
authenticationMethod | vpnAuthenticationMethod | Authentication method. Inherited from vpnConfiguration. Possible values are: certificate , usernameAndPassword , sharedSecret , derivedCredential , azureAD . |
connectionName | String | Connection name displayed to the user. Inherited from vpnConfiguration |
role | String | Role when connection type is set to Pulse Secure. Inherited from vpnConfiguration |
realm | String | Realm when connection type is set to Pulse Secure. Inherited from vpnConfiguration |
servers | vpnServer collection | List of VPN Servers on the network. Make sure end users can access these network locations. This collection can contain a maximum of 500 elements. Inherited from vpnConfiguration |
connectionType | androidVpnConnectionType | Connection type. Possible values are: ciscoAnyConnect , pulseSecure , f5EdgeClient , dellSonicWallMobileConnect , checkPointCapsuleVpn , citrix , microsoftTunnel , netMotionMobility , microsoftProtect . |
proxyServer | vpnProxyServer | Proxy server. |
targetedPackageIds | String collection | Targeted App package IDs. |
targetedMobileApps | appListItem collection | Targeted mobile apps. This collection can contain a maximum of 500 elements. |
alwaysOn | Boolean | Whether or not to enable always-on VPN connection. |
alwaysOnLockdown | Boolean | If always-on VPN connection is enabled, whether or not to lock network traffic when that VPN is disconnected. |
microsoftTunnelSiteId | String | Microsoft Tunnel site ID. |
proxyExclusionList | String collection | List of hosts to exclude using the proxy on connections for. These hosts can use wildcards such as *.example.com. |
customData | keyValue collection | Custom data to define key/value pairs specific to a VPN provider. This collection can contain a maximum of 25 elements. |
customKeyValueData | keyValuePair collection | Custom data to define key/value pairs specific to a VPN provider. This collection can contain a maximum of 25 elements. |
androidDeviceOwnerWiFiConfiguration
Property | Type | Description |
---|---|---|
id | String | Key of the entity. Inherited from deviceConfiguration |
lastModifiedDateTime | DateTimeOffset | DateTime the object was last modified. Inherited from deviceConfiguration |
roleScopeTagIds | String collection | List of Scope Tags for this Entity instance. Inherited from deviceConfiguration |
supportsScopeTags | Boolean | Indicates whether or not the underlying Device Configuration supports the assignment of scope tags. Assigning to the ScopeTags property is not allowed when this value is false and entities will not be visible to scoped users. This occurs for Legacy policies created in Silverlight and can be resolved by deleting and recreating the policy in the Azure Portal. This property is read-only. Inherited from deviceConfiguration |
deviceManagementApplicabilityRuleOsEdition | deviceManagementApplicabilityRuleOsEdition | The OS edition applicability for this Policy. Inherited from deviceConfiguration |
deviceManagementApplicabilityRuleOsVersion | deviceManagementApplicabilityRuleOsVersion | The OS version applicability rule for this Policy. Inherited from deviceConfiguration |
deviceManagementApplicabilityRuleDeviceMode | deviceManagementApplicabilityRuleDeviceMode | The device mode applicability rule for this Policy. Inherited from deviceConfiguration |
createdDateTime | DateTimeOffset | DateTime the object was created. Inherited from deviceConfiguration |
description | String | Admin provided description of the Device Configuration. Inherited from deviceConfiguration |
displayName | String | Admin provided name of the device configuration. Inherited from deviceConfiguration |
version | Int32 | Version of the device configuration. Inherited from deviceConfiguration |
networkName | String | Network Name |
ssid | String | This is the name of the Wi-Fi network that is broadcast to all devices. |
connectAutomatically | Boolean | Connect automatically when this network is in range. Setting this to true will skip the user prompt and automatically connect the device to Wi-Fi network. |
connectWhenNetworkNameIsHidden | Boolean | When set to true, this profile forces the device to connect to a network that doesn't broadcast its SSID to all devices. |
wiFiSecurityType | androidDeviceOwnerWiFiSecurityType | Indicates whether Wi-Fi endpoint uses an EAP based security type. Possible values are: open , wep , wpaPersonal , wpaEnterprise . |
preSharedKey | String | This is the pre-shared key for WPA Personal Wi-Fi network. |
preSharedKeyIsSet | Boolean | This is the pre-shared key for WPA Personal Wi-Fi network. |
proxySettings | wiFiProxySetting | Specify the proxy setting for Wi-Fi configuration. Possible values include none, manual, and automatic. Possible values are: none , manual , automatic . |
proxyManualAddress | String | Specify the proxy server IP address. Android documentation does not specify IPv4 or IPv6. For example: 192.168.1.1. |
proxyManualPort | Int32 | Specify the proxy server port. |
proxyAutomaticConfigurationUrl | String | Specify the proxy server configuration script URL. |
proxyExclusionList | String | List of hosts to exclude using the proxy on connections for. These hosts can use wildcards such as *. |
androidEasEmailProfileConfiguration
Property | Type | Description |
---|---|---|
id | String | Key of the entity. Inherited from deviceConfiguration |
lastModifiedDateTime | DateTimeOffset | DateTime the object was last modified. Inherited from deviceConfiguration |
roleScopeTagIds | String collection | List of Scope Tags for this Entity instance. Inherited from deviceConfiguration |
supportsScopeTags | Boolean | Indicates whether or not the underlying Device Configuration supports the assignment of scope tags. Assigning to the ScopeTags property is not allowed when this value is false and entities will not be visible to scoped users. This occurs for Legacy policies created in Silverlight and can be resolved by deleting and recreating the policy in the Azure Portal. This property is read-only. Inherited from deviceConfiguration |
deviceManagementApplicabilityRuleOsEdition | deviceManagementApplicabilityRuleOsEdition | The OS edition applicability for this Policy. Inherited from deviceConfiguration |
deviceManagementApplicabilityRuleOsVersion | deviceManagementApplicabilityRuleOsVersion | The OS version applicability rule for this Policy. Inherited from deviceConfiguration |
deviceManagementApplicabilityRuleDeviceMode | deviceManagementApplicabilityRuleDeviceMode | The device mode applicability rule for this Policy. Inherited from deviceConfiguration |
createdDateTime | DateTimeOffset | DateTime the object was created. Inherited from deviceConfiguration |
description | String | Admin provided description of the Device Configuration. Inherited from deviceConfiguration |
displayName | String | Admin provided name of the device configuration. Inherited from deviceConfiguration |
version | Int32 | Version of the device configuration. Inherited from deviceConfiguration |
accountName | String | Exchange ActiveSync account name, displayed to users as name of EAS (this) profile. |
authenticationMethod | easAuthenticationMethod | Authentication method for Exchange ActiveSync. Possible values are: usernameAndPassword , certificate , derivedCredential . |
syncCalendar | Boolean | Toggles syncing the calendar. If set to false calendar is turned off on the device. |
syncContacts | Boolean | Toggles syncing contacts. If set to false contacts are turned off on the device. |
syncTasks | Boolean | Toggles syncing tasks. If set to false tasks are turned off on the device. |
syncNotes | Boolean | Toggles syncing notes. If set to false notes are turned off on the device. |
durationOfEmailToSync | emailSyncDuration | Duration of time email should be synced to. Possible values are: userDefined , oneDay , threeDays , oneWeek , twoWeeks , oneMonth , unlimited . |
emailAddressSource | userEmailSource | Email attribute that is picked from AAD and injected into this profile before installing on the device. Possible values are: userPrincipalName , primarySmtpAddress . |
emailSyncSchedule | emailSyncSchedule | Email sync schedule. Possible values are: userDefined , asMessagesArrive , manual , fifteenMinutes , thirtyMinutes , sixtyMinutes , basedOnMyUsage . |
hostName | String | Exchange location (URL) that the native mail app connects to. |
requireSmime | Boolean | Indicates whether or not to use S/MIME certificate. |
requireSsl | Boolean | Indicates whether or not to use SSL. |
usernameSource | androidUsernameSource | Username attribute that is picked from AAD and injected into this profile before installing on the device. Possible values are: username , userPrincipalName , samAccountName , primarySmtpAddress . |
userDomainNameSource | domainNameSource | UserDomainname attribute that is picked from AAD and injected into this profile before installing on the device. Possible values are: fullDomainName , netBiosDomainName . |
customDomainName | String | Custom domain name value used while generating an email profile before installing on the device. |
androidEnterpriseWiFiConfiguration
Property | Type | Description |
---|---|---|
id | String | Key of the entity. Inherited from deviceConfiguration |
lastModifiedDateTime | DateTimeOffset | DateTime the object was last modified. Inherited from deviceConfiguration |
roleScopeTagIds | String collection | List of Scope Tags for this Entity instance. Inherited from deviceConfiguration |
supportsScopeTags | Boolean | Indicates whether or not the underlying Device Configuration supports the assignment of scope tags. Assigning to the ScopeTags property is not allowed when this value is false and entities will not be visible to scoped users. This occurs for Legacy policies created in Silverlight and can be resolved by deleting and recreating the policy in the Azure Portal. This property is read-only. Inherited from deviceConfiguration |
deviceManagementApplicabilityRuleOsEdition | deviceManagementApplicabilityRuleOsEdition | The OS edition applicability for this Policy. Inherited from deviceConfiguration |
deviceManagementApplicabilityRuleOsVersion | deviceManagementApplicabilityRuleOsVersion | The OS version applicability rule for this Policy. Inherited from deviceConfiguration |
deviceManagementApplicabilityRuleDeviceMode | deviceManagementApplicabilityRuleDeviceMode | The device mode applicability rule for this Policy. Inherited from deviceConfiguration |
createdDateTime | DateTimeOffset | DateTime the object was created. Inherited from deviceConfiguration |
description | String | Admin provided description of the Device Configuration. Inherited from deviceConfiguration |
displayName | String | Admin provided name of the device configuration. Inherited from deviceConfiguration |
version | Int32 | Version of the device configuration. Inherited from deviceConfiguration |
networkName | String | Network Name Inherited from androidWiFiConfiguration |
ssid | String | This is the name of the Wi-Fi network that is broadcast to all devices. Inherited from androidWiFiConfiguration |
connectAutomatically | Boolean | Connect automatically when this network is in range. Setting this to true will skip the user prompt and automatically connect the device to Wi-Fi network. Inherited from androidWiFiConfiguration |
connectWhenNetworkNameIsHidden | Boolean | When set to true, this profile forces the device to connect to a network that doesn't broadcast its SSID to all devices. Inherited from androidWiFiConfiguration |
wiFiSecurityType | androidWiFiSecurityType | Indicates whether Wi-Fi endpoint uses an EAP based security type. Inherited from androidWiFiConfiguration. Possible values are: open , wpaEnterprise , wpa2Enterprise . |
eapType | androidEapType | Indicates the type of EAP protocol set on the Wi-Fi endpoint (router). Possible values are: eapTls , eapTtls , peap . |
trustedServerCertificateNames | String collection | Trusted server certificate names when EAP Type is configured to EAP-TLS/TTLS/FAST or PEAP. This is the common name used in the certificates issued by your trusted certificate authority (CA). If you provide this information, you can bypass the dynamic trust dialog that is displayed on end users' devices when they connect to this Wi-Fi network. |
authenticationMethod | wiFiAuthenticationMethod | Indicates the Authentication Method the client (device) needs to use when the EAP Type is configured to PEAP or EAP-TTLS. Possible values are: certificate , usernameAndPassword , derivedCredential . |
innerAuthenticationProtocolForEapTtls | nonEapAuthenticationMethodForEapTtlsType | Non-EAP Method for Authentication (Inner Identity) when EAP Type is EAP-TTLS and Authenticationmethod is Username and Password. Possible values are: unencryptedPassword , challengeHandshakeAuthenticationProtocol , microsoftChap , microsoftChapVersionTwo . |
innerAuthenticationProtocolForPeap | nonEapAuthenticationMethodForPeap | Non-EAP Method for Authentication (Inner Identity) when EAP Type is PEAP and Authenticationmethod is Username and Password. Possible values are: none , microsoftChapVersionTwo . |
outerIdentityPrivacyTemporaryValue | String | Enable identity privacy (Outer Identity) when EAP Type is configured to EAP-TTLS or PEAP. The String provided here is used to mask the username of individual users when they attempt to connect to Wi-Fi network. |
usernameFormatString | String | Username format string used to build the username to connect to wifi |
passwordFormatString | String | Password format string used to build the password to connect to wifi |
preSharedKey | String | PreSharedKey used to build the password to connect to wifi |
androidForWorkCertificateProfileBase
Property | Type | Description |
---|---|---|
id | String | Key of the entity. Inherited from deviceConfiguration |
lastModifiedDateTime | DateTimeOffset | DateTime the object was last modified. Inherited from deviceConfiguration |
roleScopeTagIds | String collection | List of Scope Tags for this Entity instance. Inherited from deviceConfiguration |
supportsScopeTags | Boolean | Indicates whether or not the underlying Device Configuration supports the assignment of scope tags. Assigning to the ScopeTags property is not allowed when this value is false and entities will not be visible to scoped users. This occurs for Legacy policies created in Silverlight and can be resolved by deleting and recreating the policy in the Azure Portal. This property is read-only. Inherited from deviceConfiguration |
deviceManagementApplicabilityRuleOsEdition | deviceManagementApplicabilityRuleOsEdition | The OS edition applicability for this Policy. Inherited from deviceConfiguration |
deviceManagementApplicabilityRuleOsVersion | deviceManagementApplicabilityRuleOsVersion | The OS version applicability rule for this Policy. Inherited from deviceConfiguration |
deviceManagementApplicabilityRuleDeviceMode | deviceManagementApplicabilityRuleDeviceMode | The device mode applicability rule for this Policy. Inherited from deviceConfiguration |
createdDateTime | DateTimeOffset | DateTime the object was created. Inherited from deviceConfiguration |
description | String | Admin provided description of the Device Configuration. Inherited from deviceConfiguration |
displayName | String | Admin provided name of the device configuration. Inherited from deviceConfiguration |
version | Int32 | Version of the device configuration. Inherited from deviceConfiguration |
renewalThresholdPercentage | Int32 | Certificate renewal threshold percentage. Valid values 1 to 99 |
subjectNameFormat | subjectNameFormat | Certificate Subject Name Format. Possible values are: commonName , commonNameIncludingEmail , commonNameAsEmail , custom , commonNameAsIMEI , commonNameAsSerialNumber , commonNameAsAadDeviceId , commonNameAsIntuneDeviceId , commonNameAsDurableDeviceId . |
certificateValidityPeriodValue | Int32 | Value for the Certificate Validity Period. |
certificateValidityPeriodScale | certificateValidityPeriodScale | Scale for the Certificate Validity Period. Possible values are: days , months , years . |
extendedKeyUsages | extendedKeyUsage collection | Extended Key Usage (EKU) settings. This collection can contain a maximum of 500 elements. |
subjectAlternativeNameType | subjectAlternativeNameType | Certificate Subject Alternative Name Type. Possible values are: none , emailAddress , userPrincipalName , customAzureADAttribute , domainNameService , universalResourceIdentifier . |
androidForWorkCompliancePolicy
Property | Type | Description |
---|---|---|
roleScopeTagIds | String collection | List of Scope Tags for this Entity instance. Inherited from deviceCompliancePolicy |
id | String | Key of the entity. Inherited from deviceCompliancePolicy |
createdDateTime | DateTimeOffset | DateTime the object was created. Inherited from deviceCompliancePolicy |
description | String | Admin provided description of the Device Configuration. Inherited from deviceCompliancePolicy |
lastModifiedDateTime | DateTimeOffset | DateTime the object was last modified. Inherited from deviceCompliancePolicy |
displayName | String | Admin provided name of the device configuration. Inherited from deviceCompliancePolicy |
version | Int32 | Version of the device configuration. Inherited from deviceCompliancePolicy |
passwordRequired | Boolean | Require a password to unlock device. |
passwordMinimumLength | Int32 | Minimum password length. Valid values 4 to 16 |
passwordRequiredType | androidRequiredPasswordType | Type of characters in password. Possible values are: deviceDefault , alphabetic , alphanumeric , alphanumericWithSymbols , lowSecurityBiometric , numeric , numericComplex , any . |
requiredPasswordComplexity | androidRequiredPasswordComplexity | Indicates the required device password complexity on Android. One of: NONE, LOW, MEDIUM, HIGH. This is a new API targeted to Android API 12+. Possible values are: none , low , medium , high . |
passwordMinutesOfInactivityBeforeLock | Int32 | Minutes of inactivity before a password is required. |
passwordExpirationDays | Int32 | Number of days before the password expires. Valid values 1 to 365 |
passwordPreviousPasswordBlockCount | Int32 | Number of previous passwords to block. Valid values 1 to 24 |
passwordSignInFailureCountBeforeFactoryReset | Int32 | Number of sign-in failures allowed before factory reset. Valid values 1 to 16 |
securityPreventInstallAppsFromUnknownSources | Boolean | Require that devices disallow installation of apps from unknown sources. |
securityDisableUsbDebugging | Boolean | Disable USB debugging on Android devices. |
securityRequireVerifyApps | Boolean | Require the Android Verify apps feature is turned on. |
deviceThreatProtectionEnabled | Boolean | Require that devices have enabled device threat protection. |
deviceThreatProtectionRequiredSecurityLevel | deviceThreatProtectionLevel | Require Mobile Threat Protection minimum risk level to report noncompliance. Possible values are: unavailable , secured , low , medium , high , notSet . |
securityBlockJailbrokenDevices | Boolean | Devices must not be jailbroken or rooted. |
osMinimumVersion | String | Minimum Android version. |
osMaximumVersion | String | Maximum Android version. |
minAndroidSecurityPatchLevel | String | Minimum Android security patch level. |
storageRequireEncryption | Boolean | Require encryption on Android devices. |
securityRequireSafetyNetAttestationBasicIntegrity | Boolean | Require the device to pass the SafetyNet basic integrity check. |
securityRequireSafetyNetAttestationCertifiedDevice | Boolean | Require the device to pass the SafetyNet certified device check. |
securityRequireGooglePlayServices | Boolean | Require Google Play Services to be installed and enabled on the device. |
securityRequireUpToDateSecurityProviders | Boolean | Require the device to have up to date security providers. The device will require Google Play Services to be enabled and up to date. |
securityRequireCompanyPortalAppIntegrity | Boolean | Require the device to pass the Company Portal client app runtime integrity check. |
securityRequiredAndroidSafetyNetEvaluationType | androidSafetyNetEvaluationType | Require a specific SafetyNet evaluation type for compliance. Possible values are: basic , hardwareBacked . |
androidForWorkCustomConfiguration
Property | Type | Description |
---|---|---|
id | String | Key of the entity. Inherited from deviceConfiguration |
lastModifiedDateTime | DateTimeOffset | DateTime the object was last modified. Inherited from deviceConfiguration |
roleScopeTagIds | String collection | List of Scope Tags for this Entity instance. Inherited from deviceConfiguration |
supportsScopeTags | Boolean | Indicates whether or not the underlying Device Configuration supports the assignment of scope tags. Assigning to the ScopeTags property is not allowed when this value is false and entities will not be visible to scoped users. This occurs for Legacy policies created in Silverlight and can be resolved by deleting and recreating the policy in the Azure Portal. This property is read-only. Inherited from deviceConfiguration |
deviceManagementApplicabilityRuleOsEdition | deviceManagementApplicabilityRuleOsEdition | The OS edition applicability for this Policy. Inherited from deviceConfiguration |
deviceManagementApplicabilityRuleOsVersion | deviceManagementApplicabilityRuleOsVersion | The OS version applicability rule for this Policy. Inherited from deviceConfiguration |
deviceManagementApplicabilityRuleDeviceMode | deviceManagementApplicabilityRuleDeviceMode | The device mode applicability rule for this Policy. Inherited from deviceConfiguration |
createdDateTime | DateTimeOffset | DateTime the object was created. Inherited from deviceConfiguration |
description | String | Admin provided description of the Device Configuration. Inherited from deviceConfiguration |
displayName | String | Admin provided name of the device configuration. Inherited from deviceConfiguration |
version | Int32 | Version of the device configuration. Inherited from deviceConfiguration |
omaSettings | omaSetting collection | OMA settings. This collection can contain a maximum of 500 elements. |
androidForWorkEasEmailProfileBase
Property | Type | Description |
---|---|---|
id | String | Key of the entity. Inherited from deviceConfiguration |
lastModifiedDateTime | DateTimeOffset | DateTime the object was last modified. Inherited from deviceConfiguration |
roleScopeTagIds | String collection | List of Scope Tags for this Entity instance. Inherited from deviceConfiguration |
supportsScopeTags | Boolean | Indicates whether or not the underlying Device Configuration supports the assignment of scope tags. Assigning to the ScopeTags property is not allowed when this value is false and entities will not be visible to scoped users. This occurs for Legacy policies created in Silverlight and can be resolved by deleting and recreating the policy in the Azure Portal. This property is read-only. Inherited from deviceConfiguration |
deviceManagementApplicabilityRuleOsEdition | deviceManagementApplicabilityRuleOsEdition | The OS edition applicability for this Policy. Inherited from deviceConfiguration |
deviceManagementApplicabilityRuleOsVersion | deviceManagementApplicabilityRuleOsVersion | The OS version applicability rule for this Policy. Inherited from deviceConfiguration |
deviceManagementApplicabilityRuleDeviceMode | deviceManagementApplicabilityRuleDeviceMode | The device mode applicability rule for this Policy. Inherited from deviceConfiguration |
createdDateTime | DateTimeOffset | DateTime the object was created. Inherited from deviceConfiguration |
description | String | Admin provided description of the Device Configuration. Inherited from deviceConfiguration |
displayName | String | Admin provided name of the device configuration. Inherited from deviceConfiguration |
version | Int32 | Version of the device configuration. Inherited from deviceConfiguration |
authenticationMethod | easAuthenticationMethod | Authentication method for Exchange ActiveSync. Possible values are: usernameAndPassword , certificate , derivedCredential . |
durationOfEmailToSync | emailSyncDuration | Duration of time email should be synced to. Possible values are: userDefined , oneDay , threeDays , oneWeek , twoWeeks , oneMonth , unlimited . |
emailAddressSource | userEmailSource | Email attribute that is picked from AAD and injected into this profile before installing on the device. Possible values are: userPrincipalName , primarySmtpAddress . |
hostName | String | Exchange location (URL) that the mail app connects to. |
requireSsl | Boolean | Indicates whether or not to use SSL. |
usernameSource | androidUsernameSource | Username attribute that is picked from AAD and injected into this profile before installing on the device. Possible values are: username , userPrincipalName , samAccountName , primarySmtpAddress . |
androidForWorkEnterpriseWiFiConfiguration
Property | Type | Description |
---|---|---|
id | String | Key of the entity. Inherited from deviceConfiguration |
lastModifiedDateTime | DateTimeOffset | DateTime the object was last modified. Inherited from deviceConfiguration |
roleScopeTagIds | String collection | List of Scope Tags for this Entity instance. Inherited from deviceConfiguration |
supportsScopeTags | Boolean | Indicates whether or not the underlying Device Configuration supports the assignment of scope tags. Assigning to the ScopeTags property is not allowed when this value is false and entities will not be visible to scoped users. This occurs for Legacy policies created in Silverlight and can be resolved by deleting and recreating the policy in the Azure Portal. This property is read-only. Inherited from deviceConfiguration |
deviceManagementApplicabilityRuleOsEdition | deviceManagementApplicabilityRuleOsEdition | The OS edition applicability for this Policy. Inherited from deviceConfiguration |
deviceManagementApplicabilityRuleOsVersion | deviceManagementApplicabilityRuleOsVersion | The OS version applicability rule for this Policy. Inherited from deviceConfiguration |
deviceManagementApplicabilityRuleDeviceMode | deviceManagementApplicabilityRuleDeviceMode | The device mode applicability rule for this Policy. Inherited from deviceConfiguration |
createdDateTime | DateTimeOffset | DateTime the object was created. Inherited from deviceConfiguration |
description | String | Admin provided description of the Device Configuration. Inherited from deviceConfiguration |
displayName | String | Admin provided name of the device configuration. Inherited from deviceConfiguration |
version | Int32 | Version of the device configuration. Inherited from deviceConfiguration |
networkName | String | Network Name Inherited from androidForWorkWiFiConfiguration |
ssid | String | This is the name of the Wi-Fi network that is broadcast to all devices. Inherited from androidForWorkWiFiConfiguration |
connectAutomatically | Boolean | Connect automatically when this network is in range. Setting this to true will skip the user prompt and automatically connect the device to Wi-Fi network. Inherited from androidForWorkWiFiConfiguration |
connectWhenNetworkNameIsHidden | Boolean | When set to true, this profile forces the device to connect to a network that doesn't broadcast its SSID to all devices. Inherited from androidForWorkWiFiConfiguration |
wiFiSecurityType | androidWiFiSecurityType | Indicates whether Wi-Fi endpoint uses an EAP based security type. Inherited from androidForWorkWiFiConfiguration. Possible values are: open , wpaEnterprise , wpa2Enterprise . |
eapType | androidEapType | Indicates the type of EAP protocol set on the Wi-Fi endpoint (router). Possible values are: eapTls , eapTtls , peap . |
trustedServerCertificateNames | String collection | Trusted server certificate names when EAP Type is configured to EAP-TLS/TTLS/FAST or PEAP. This is the common name used in the certificates issued by your trusted certificate authority (CA). If you provide this information, you can bypass the dynamic trust dialog that is displayed on end users' devices when they connect to this Wi-Fi network. |
authenticationMethod | wiFiAuthenticationMethod | Indicates the Authentication Method the client (device) needs to use when the EAP Type is configured to PEAP or EAP-TTLS. Possible values are: certificate , usernameAndPassword , derivedCredential . |
innerAuthenticationProtocolForEapTtls | nonEapAuthenticationMethodForEapTtlsType | Non-EAP Method for Authentication (Inner Identity) when EAP Type is EAP-TTLS and Authenticationmethod is Username and Password. Possible values are: unencryptedPassword , challengeHandshakeAuthenticationProtocol , microsoftChap , microsoftChapVersionTwo . |
innerAuthenticationProtocolForPeap | nonEapAuthenticationMethodForPeap | Non-EAP Method for Authentication (Inner Identity) when EAP Type is PEAP and Authenticationmethod is Username and Password. Possible values are: none , microsoftChapVersionTwo . |
outerIdentityPrivacyTemporaryValue | String | Enable identity privacy (Outer Identity) when EAP Type is configured to EAP-TTLS or PEAP. The String provided here is used to mask the username of individual users when they attempt to connect to Wi-Fi network. |
androidForWorkGeneralDeviceConfiguration
Property | Type | Description |
---|---|---|
id | String | Key of the entity. Inherited from deviceConfiguration |
lastModifiedDateTime | DateTimeOffset | DateTime the object was last modified. Inherited from deviceConfiguration |
roleScopeTagIds | String collection | List of Scope Tags for this Entity instance. Inherited from deviceConfiguration |
supportsScopeTags | Boolean | Indicates whether or not the underlying Device Configuration supports the assignment of scope tags. Assigning to the ScopeTags property is not allowed when this value is false and entities will not be visible to scoped users. This occurs for Legacy policies created in Silverlight and can be resolved by deleting and recreating the policy in the Azure Portal. This property is read-only. Inherited from deviceConfiguration |
deviceManagementApplicabilityRuleOsEdition | deviceManagementApplicabilityRuleOsEdition | The OS edition applicability for this Policy. Inherited from deviceConfiguration |
deviceManagementApplicabilityRuleOsVersion | deviceManagementApplicabilityRuleOsVersion | The OS version applicability rule for this Policy. Inherited from deviceConfiguration |
deviceManagementApplicabilityRuleDeviceMode | deviceManagementApplicabilityRuleDeviceMode | The device mode applicability rule for this Policy. Inherited from deviceConfiguration |
createdDateTime | DateTimeOffset | DateTime the object was created. Inherited from deviceConfiguration |
description | String | Admin provided description of the Device Configuration. Inherited from deviceConfiguration |
displayName | String | Admin provided name of the device configuration. Inherited from deviceConfiguration |
version | Int32 | Version of the device configuration. Inherited from deviceConfiguration |
passwordBlockFaceUnlock | Boolean | Indicates whether or not to block face unlock. |
passwordBlockFingerprintUnlock | Boolean | Indicates whether or not to block fingerprint unlock. |
passwordBlockIrisUnlock | Boolean | Indicates whether or not to block iris unlock. |
passwordBlockTrustAgents | Boolean | Indicates whether or not to block Smart Lock and other trust agents. |
passwordExpirationDays | Int32 | Number of days before the password expires. Valid values 1 to 365 |
passwordMinimumLength | Int32 | Minimum length of passwords. Valid values 4 to 16 |
passwordMinutesOfInactivityBeforeScreenTimeout | Int32 | Minutes of inactivity before the screen times out. |
passwordPreviousPasswordBlockCount | Int32 | Number of previous passwords to block. Valid values 0 to 24 |
passwordSignInFailureCountBeforeFactoryReset | Int32 | Number of sign in failures allowed before factory reset. Valid values 1 to 16 |
passwordRequiredType | androidForWorkRequiredPasswordType | Type of password that is required. Possible values are: deviceDefault , lowSecurityBiometric , required , atLeastNumeric , numericComplex , atLeastAlphabetic , atLeastAlphanumeric , alphanumericWithSymbols . |
requiredPasswordComplexity | androidRequiredPasswordComplexity | Indicates the required device password complexity on Android. One of: NONE, LOW, MEDIUM, HIGH. This is a new API targeted to Android 12+. Possible values are: none , low , medium , high . |
workProfileDataSharingType | androidForWorkCrossProfileDataSharingType | Type of data sharing that is allowed. Possible values are: deviceDefault , preventAny , allowPersonalToWork , noRestrictions . |
workProfileBlockNotificationsWhileDeviceLocked | Boolean | Indicates whether or not to block notifications while device locked. |
workProfileBlockAddingAccounts | Boolean | Block users from adding/removing accounts in work profile. |
workProfileBluetoothEnableContactSharing | Boolean | Allow bluetooth devices to access enterprise contacts. |
workProfileBlockScreenCapture | Boolean | Block screen capture in work profile. |
workProfileBlockCrossProfileCallerId | Boolean | Block display work profile caller ID in personal profile. |
workProfileBlockCamera | Boolean | Block work profile camera. |
workProfileBlockCrossProfileContactsSearch | Boolean | Block work profile contacts availability in personal profile. |
workProfileBlockCrossProfileCopyPaste | Boolean | Boolean that indicates if the setting disallow cross profile copy/paste is enabled. |
workProfileDefaultAppPermissionPolicy | androidForWorkDefaultAppPermissionPolicyType | Type of password that is required. Possible values are: deviceDefault , prompt , autoGrant , autoDeny . |
workProfilePasswordBlockFaceUnlock | Boolean | Indicates whether or not to block face unlock for work profile. |
workProfilePasswordBlockFingerprintUnlock | Boolean | Indicates whether or not to block fingerprint unlock for work profile. |
workProfilePasswordBlockIrisUnlock | Boolean | Indicates whether or not to block iris unlock for work profile. |
workProfilePasswordBlockTrustAgents | Boolean | Indicates whether or not to block Smart Lock and other trust agents for work profile. |
workProfilePasswordExpirationDays | Int32 | Number of days before the work profile password expires. Valid values 1 to 365 |
workProfilePasswordMinimumLength | Int32 | Minimum length of work profile password. Valid values 4 to 16 |
workProfilePasswordMinNumericCharacters | Int32 | Minimum # of numeric characters required in work profile password. Valid values 1 to 10 |
workProfilePasswordMinNonLetterCharacters | Int32 | Minimum # of non-letter characters required in work profile password. Valid values 1 to 10 |
workProfilePasswordMinLetterCharacters | Int32 | Minimum # of letter characters required in work profile password. Valid values 1 to 10 |
workProfilePasswordMinLowerCaseCharacters | Int32 | Minimum # of lower-case characters required in work profile password. Valid values 1 to 10 |
workProfilePasswordMinUpperCaseCharacters | Int32 | Minimum # of upper-case characters required in work profile password. Valid values 1 to 10 |
workProfilePasswordMinSymbolCharacters | Int32 | Minimum # of symbols required in work profile password. Valid values 1 to 10 |
workProfilePasswordMinutesOfInactivityBeforeScreenTimeout | Int32 | Minutes of inactivity before the screen times out. |
workProfilePasswordPreviousPasswordBlockCount | Int32 | Number of previous work profile passwords to block. Valid values 0 to 24 |
workProfilePasswordSignInFailureCountBeforeFactoryReset | Int32 | Number of sign in failures allowed before work profile is removed and all corporate data deleted. Valid values 1 to 16 |
workProfilePasswordRequiredType | androidForWorkRequiredPasswordType | Type of work profile password that is required. Possible values are: deviceDefault , lowSecurityBiometric , required , atLeastNumeric , numericComplex , atLeastAlphabetic , atLeastAlphanumeric , alphanumericWithSymbols . |
workProfileRequiredPasswordComplexity | androidRequiredPasswordComplexity | Indicates the required work profile password complexity on Android. One of: NONE, LOW, MEDIUM, HIGH. This is a new API targeted to Android 12+. Possible values are: none , low , medium , high . |
workProfileRequirePassword | Boolean | Password is required or not for work profile |
securityRequireVerifyApps | Boolean | Require the Android Verify apps feature is turned on. |
vpnAlwaysOnPackageIdentifier | String | Enable lockdown mode for always-on VPN. |
vpnEnableAlwaysOnLockdownMode | Boolean | Enable lockdown mode for always-on VPN. |
workProfileAllowWidgets | Boolean | Allow widgets from work profile apps. |
workProfileBlockPersonalAppInstallsFromUnknownSources | Boolean | Prevent app installations from unknown sources in the personal profile. |
workProfileAccountUse | androidWorkProfileAccountUse | Control user's ability to add accounts in work profile including Google accounts. Possible values are: allowAllExceptGoogleAccounts , blockAll , allowAll , unknownFutureValue . |
allowedGoogleAccountDomains | String collection | Determine domains allow-list for accounts that can be added to work profile. |
blockUnifiedPasswordForWorkProfile | Boolean | Prevent using unified password for unlocking device and work profile. |
androidForWorkGmailEasConfiguration
Property | Type | Description |
---|---|---|
id | String | Key of the entity. Inherited from deviceConfiguration |
lastModifiedDateTime | DateTimeOffset | DateTime the object was last modified. Inherited from deviceConfiguration |
roleScopeTagIds | String collection | List of Scope Tags for this Entity instance. Inherited from deviceConfiguration |
supportsScopeTags | Boolean | Indicates whether or not the underlying Device Configuration supports the assignment of scope tags. Assigning to the ScopeTags property is not allowed when this value is false and entities will not be visible to scoped users. This occurs for Legacy policies created in Silverlight and can be resolved by deleting and recreating the policy in the Azure Portal. This property is read-only. Inherited from deviceConfiguration |
deviceManagementApplicabilityRuleOsEdition | deviceManagementApplicabilityRuleOsEdition | The OS edition applicability for this Policy. Inherited from deviceConfiguration |
deviceManagementApplicabilityRuleOsVersion | deviceManagementApplicabilityRuleOsVersion | The OS version applicability rule for this Policy. Inherited from deviceConfiguration |
deviceManagementApplicabilityRuleDeviceMode | deviceManagementApplicabilityRuleDeviceMode | The device mode applicability rule for this Policy. Inherited from deviceConfiguration |
createdDateTime | DateTimeOffset | DateTime the object was created. Inherited from deviceConfiguration |
description | String | Admin provided description of the Device Configuration. Inherited from deviceConfiguration |
displayName | String | Admin provided name of the device configuration. Inherited from deviceConfiguration |
version | Int32 | Version of the device configuration. Inherited from deviceConfiguration |
authenticationMethod | easAuthenticationMethod | Authentication method for Exchange ActiveSync. Inherited from androidForWorkEasEmailProfileBase. Possible values are: usernameAndPassword , certificate , derivedCredential . |
durationOfEmailToSync | emailSyncDuration | Duration of time email should be synced to. Inherited from androidForWorkEasEmailProfileBase. Possible values are: userDefined , oneDay , threeDays , oneWeek , twoWeeks , oneMonth , unlimited . |
emailAddressSource | userEmailSource | Email attribute that is picked from AAD and injected into this profile before installing on the device. Inherited from androidForWorkEasEmailProfileBase. Possible values are: userPrincipalName , primarySmtpAddress . |
hostName | String | Exchange location (URL) that the mail app connects to. Inherited from androidForWorkEasEmailProfileBase |
requireSsl | Boolean | Indicates whether or not to use SSL. Inherited from androidForWorkEasEmailProfileBase |
usernameSource | androidUsernameSource | Username attribute that is picked from AAD and injected into this profile before installing on the device. Inherited from androidForWorkEasEmailProfileBase. Possible values are: username , userPrincipalName , samAccountName , primarySmtpAddress . |
androidForWorkImportedPFXCertificateProfile
Property | Type | Description |
---|---|---|
id | String | Key of the entity. Inherited from deviceConfiguration |
lastModifiedDateTime | DateTimeOffset | DateTime the object was last modified. Inherited from deviceConfiguration |
roleScopeTagIds | String collection | List of Scope Tags for this Entity instance. Inherited from deviceConfiguration |
supportsScopeTags | Boolean | Indicates whether or not the underlying Device Configuration supports the assignment of scope tags. Assigning to the ScopeTags property is not allowed when this value is false and entities will not be visible to scoped users. This occurs for Legacy policies created in Silverlight and can be resolved by deleting and recreating the policy in the Azure Portal. This property is read-only. Inherited from deviceConfiguration |
deviceManagementApplicabilityRuleOsEdition | deviceManagementApplicabilityRuleOsEdition | The OS edition applicability for this Policy. Inherited from deviceConfiguration |
deviceManagementApplicabilityRuleOsVersion | deviceManagementApplicabilityRuleOsVersion | The OS version applicability rule for this Policy. Inherited from deviceConfiguration |
deviceManagementApplicabilityRuleDeviceMode | deviceManagementApplicabilityRuleDeviceMode | The device mode applicability rule for this Policy. Inherited from deviceConfiguration |
createdDateTime | DateTimeOffset | DateTime the object was created. Inherited from deviceConfiguration |
description | String | Admin provided description of the Device Configuration. Inherited from deviceConfiguration |
displayName | String | Admin provided name of the device configuration. Inherited from deviceConfiguration |
version | Int32 | Version of the device configuration. Inherited from deviceConfiguration |
renewalThresholdPercentage | Int32 | Certificate renewal threshold percentage. Valid values 1 to 99 Inherited from androidCertificateProfileBase |
subjectNameFormat | subjectNameFormat | Certificate Subject Name Format. Inherited from androidCertificateProfileBase. Possible values are: commonName , commonNameIncludingEmail , commonNameAsEmail , custom , commonNameAsIMEI , commonNameAsSerialNumber , commonNameAsAadDeviceId , commonNameAsIntuneDeviceId , commonNameAsDurableDeviceId . |
subjectAlternativeNameType | subjectAlternativeNameType | Certificate Subject Alternative Name Type. Inherited from androidCertificateProfileBase. Possible values are: none , emailAddress , userPrincipalName , customAzureADAttribute , domainNameService , universalResourceIdentifier . |
certificateValidityPeriodValue | Int32 | Value for the Certificate Validity Period. Inherited from androidCertificateProfileBase |
certificateValidityPeriodScale | certificateValidityPeriodScale | Scale for the Certificate Validity Period. Inherited from androidCertificateProfileBase. Possible values are: days , months , years . |
extendedKeyUsages | extendedKeyUsage collection | Extended Key Usage (EKU) settings. This collection can contain a maximum of 500 elements. Inherited from androidCertificateProfileBase |
intendedPurpose | intendedPurpose | Intended Purpose of the Certificate Profile - which could be Unassigned, SmimeEncryption, SmimeSigning etc. Possible values are: unassigned , smimeEncryption , smimeSigning , vpn , wifi . |
androidForWorkNineWorkEasConfiguration
Property | Type | Description |
---|---|---|
id | String | Key of the entity. Inherited from deviceConfiguration |
lastModifiedDateTime | DateTimeOffset | DateTime the object was last modified. Inherited from deviceConfiguration |
roleScopeTagIds | String collection | List of Scope Tags for this Entity instance. Inherited from deviceConfiguration |
supportsScopeTags | Boolean | Indicates whether or not the underlying Device Configuration supports the assignment of scope tags. Assigning to the ScopeTags property is not allowed when this value is false and entities will not be visible to scoped users. This occurs for Legacy policies created in Silverlight and can be resolved by deleting and recreating the policy in the Azure Portal. This property is read-only. Inherited from deviceConfiguration |
deviceManagementApplicabilityRuleOsEdition | deviceManagementApplicabilityRuleOsEdition | The OS edition applicability for this Policy. Inherited from deviceConfiguration |
deviceManagementApplicabilityRuleOsVersion | deviceManagementApplicabilityRuleOsVersion | The OS version applicability rule for this Policy. Inherited from deviceConfiguration |
deviceManagementApplicabilityRuleDeviceMode | deviceManagementApplicabilityRuleDeviceMode | The device mode applicability rule for this Policy. Inherited from deviceConfiguration |
createdDateTime | DateTimeOffset | DateTime the object was created. Inherited from deviceConfiguration |
description | String | Admin provided description of the Device Configuration. Inherited from deviceConfiguration |
displayName | String | Admin provided name of the device configuration. Inherited from deviceConfiguration |
version | Int32 | Version of the device configuration. Inherited from deviceConfiguration |
authenticationMethod | easAuthenticationMethod | Authentication method for Exchange ActiveSync. Inherited from androidForWorkEasEmailProfileBase. Possible values are: usernameAndPassword , certificate , derivedCredential . |
durationOfEmailToSync | emailSyncDuration | Duration of time email should be synced to. Inherited from androidForWorkEasEmailProfileBase. Possible values are: userDefined , oneDay , threeDays , oneWeek , twoWeeks , oneMonth , unlimited . |
emailAddressSource | userEmailSource | Email attribute that is picked from AAD and injected into this profile before installing on the device. Inherited from androidForWorkEasEmailProfileBase. Possible values are: userPrincipalName , primarySmtpAddress . |
hostName | String | Exchange location (URL) that the mail app connects to. Inherited from androidForWorkEasEmailProfileBase |
requireSsl | Boolean | Indicates whether or not to use SSL. Inherited from androidForWorkEasEmailProfileBase |
usernameSource | androidUsernameSource | Username attribute that is picked from AAD and injected into this profile before installing on the device. Inherited from androidForWorkEasEmailProfileBase. Possible values are: username , userPrincipalName , samAccountName , primarySmtpAddress . |
syncCalendar | Boolean | Toggles syncing the calendar. If set to false the calendar is turned off on the device. |
syncContacts | Boolean | Toggles syncing contacts. If set to false contacts are turned off on the device. |
syncTasks | Boolean | Toggles syncing tasks. If set to false tasks are turned off on the device. |
androidForWorkPkcsCertificateProfile
Property | Type | Description |
---|---|---|
id | String | Key of the entity. Inherited from deviceConfiguration |
lastModifiedDateTime | DateTimeOffset | DateTime the object was last modified. Inherited from deviceConfiguration |
roleScopeTagIds | String collection | List of Scope Tags for this Entity instance. Inherited from deviceConfiguration |
supportsScopeTags | Boolean | Indicates whether or not the underlying Device Configuration supports the assignment of scope tags. Assigning to the ScopeTags property is not allowed when this value is false and entities will not be visible to scoped users. This occurs for Legacy policies created in Silverlight and can be resolved by deleting and recreating the policy in the Azure Portal. This property is read-only. Inherited from deviceConfiguration |
deviceManagementApplicabilityRuleOsEdition | deviceManagementApplicabilityRuleOsEdition | The OS edition applicability for this Policy. Inherited from deviceConfiguration |
deviceManagementApplicabilityRuleOsVersion | deviceManagementApplicabilityRuleOsVersion | The OS version applicability rule for this Policy. Inherited from deviceConfiguration |
deviceManagementApplicabilityRuleDeviceMode | deviceManagementApplicabilityRuleDeviceMode | The device mode applicability rule for this Policy. Inherited from deviceConfiguration |
createdDateTime | DateTimeOffset | DateTime the object was created. Inherited from deviceConfiguration |
description | String | Admin provided description of the Device Configuration. Inherited from deviceConfiguration |
displayName | String | Admin provided name of the device configuration. Inherited from deviceConfiguration |
version | Int32 | Version of the device configuration. Inherited from deviceConfiguration |
renewalThresholdPercentage | Int32 | Certificate renewal threshold percentage. Valid values 1 to 99 Inherited from androidForWorkCertificateProfileBase |
subjectNameFormat | subjectNameFormat | Certificate Subject Name Format. Inherited from androidForWorkCertificateProfileBase. Possible values are: commonName , commonNameIncludingEmail , commonNameAsEmail , custom , commonNameAsIMEI , commonNameAsSerialNumber , commonNameAsAadDeviceId , commonNameAsIntuneDeviceId , commonNameAsDurableDeviceId . |
certificateValidityPeriodValue | Int32 | Value for the Certificate Validity Period. Inherited from androidForWorkCertificateProfileBase |
certificateValidityPeriodScale | certificateValidityPeriodScale | Scale for the Certificate Validity Period. Inherited from androidForWorkCertificateProfileBase. Possible values are: days , months , years . |
extendedKeyUsages | extendedKeyUsage collection | Extended Key Usage (EKU) settings. This collection can contain a maximum of 500 elements. Inherited from androidForWorkCertificateProfileBase |
subjectAlternativeNameType | subjectAlternativeNameType | Certificate Subject Alternative Name Type. Inherited from androidForWorkCertificateProfileBase. Possible values are: none , emailAddress , userPrincipalName , customAzureADAttribute , domainNameService , universalResourceIdentifier . |
certificationAuthority | String | PKCS Certification Authority |
certificationAuthorityName | String | PKCS Certification Authority Name |
certificateTemplateName | String | PKCS Certificate Template Name |
subjectAlternativeNameFormatString | String | Custom String that defines the AAD Attribute. |
androidForWorkScepCertificateProfile
Property | Type | Description |
---|---|---|
id | String | Key of the entity. Inherited from deviceConfiguration |
lastModifiedDateTime | DateTimeOffset | DateTime the object was last modified. Inherited from deviceConfiguration |
roleScopeTagIds | String collection | List of Scope Tags for this Entity instance. Inherited from deviceConfiguration |
supportsScopeTags | Boolean | Indicates whether or not the underlying Device Configuration supports the assignment of scope tags. Assigning to the ScopeTags property is not allowed when this value is false and entities will not be visible to scoped users. This occurs for Legacy policies created in Silverlight and can be resolved by deleting and recreating the policy in the Azure Portal. This property is read-only. Inherited from deviceConfiguration |
deviceManagementApplicabilityRuleOsEdition | deviceManagementApplicabilityRuleOsEdition | The OS edition applicability for this Policy. Inherited from deviceConfiguration |
deviceManagementApplicabilityRuleOsVersion | deviceManagementApplicabilityRuleOsVersion | The OS version applicability rule for this Policy. Inherited from deviceConfiguration |
deviceManagementApplicabilityRuleDeviceMode | deviceManagementApplicabilityRuleDeviceMode | The device mode applicability rule for this Policy. Inherited from deviceConfiguration |
createdDateTime | DateTimeOffset | DateTime the object was created. Inherited from deviceConfiguration |
description | String | Admin provided description of the Device Configuration. Inherited from deviceConfiguration |
displayName | String | Admin provided name of the device configuration. Inherited from deviceConfiguration |
version | Int32 | Version of the device configuration. Inherited from deviceConfiguration |
renewalThresholdPercentage | Int32 | Certificate renewal threshold percentage. Valid values 1 to 99 Inherited from androidForWorkCertificateProfileBase |
subjectNameFormat | subjectNameFormat | Certificate Subject Name Format. Inherited from androidForWorkCertificateProfileBase. Possible values are: commonName , commonNameIncludingEmail , commonNameAsEmail , custom , commonNameAsIMEI , commonNameAsSerialNumber , commonNameAsAadDeviceId , commonNameAsIntuneDeviceId , commonNameAsDurableDeviceId . |
certificateValidityPeriodValue | Int32 | Value for the Certificate Validity Period. Inherited from androidForWorkCertificateProfileBase |
certificateValidityPeriodScale | certificateValidityPeriodScale | Scale for the Certificate Validity Period. Inherited from androidForWorkCertificateProfileBase. Possible values are: days , months , years . |
extendedKeyUsages | extendedKeyUsage collection | Extended Key Usage (EKU) settings. This collection can contain a maximum of 500 elements. Inherited from androidForWorkCertificateProfileBase |
subjectAlternativeNameType | subjectAlternativeNameType | Certificate Subject Alternative Name Type. Inherited from androidForWorkCertificateProfileBase. Possible values are: none , emailAddress , userPrincipalName , customAzureADAttribute , domainNameService , universalResourceIdentifier . |
scepServerUrls | String collection | SCEP Server Url(s) |
subjectNameFormatString | String | Custom format to use with SubjectNameFormat = Custom. Example: CN={{EmailAddress}},E={{EmailAddress}},OU=Enterprise Users,O=Contoso Corporation,L=Redmond,ST=WA,C=US |
keyUsage | keyUsages | SCEP Key Usage. Possible values are: keyEncipherment , digitalSignature . |
keySize | keySize | SCEP Key Size. Possible values are: size1024 , size2048 , size4096 . |
hashAlgorithm | hashAlgorithms | SCEP Hash Algorithm. Possible values are: sha1 , sha2 . |
subjectAlternativeNameFormatString | String | Custom String that defines the AAD Attribute. |
certificateStore | certificateStore | Target store certificate. Possible values are: user , machine . |
customSubjectAlternativeNames | customSubjectAlternativeName collection | Custom Subject Alternative Name Settings. This collection can contain a maximum of 500 elements. |
androidForWorkTrustedRootCertificate
Property | Type | Description |
---|---|---|
id | String | Key of the entity. Inherited from deviceConfiguration |
lastModifiedDateTime | DateTimeOffset | DateTime the object was last modified. Inherited from deviceConfiguration |
roleScopeTagIds | String collection | List of Scope Tags for this Entity instance. Inherited from deviceConfiguration |
supportsScopeTags | Boolean | Indicates whether or not the underlying Device Configuration supports the assignment of scope tags. Assigning to the ScopeTags property is not allowed when this value is false and entities will not be visible to scoped users. This occurs for Legacy policies created in Silverlight and can be resolved by deleting and recreating the policy in the Azure Portal. This property is read-only. Inherited from deviceConfiguration |
deviceManagementApplicabilityRuleOsEdition | deviceManagementApplicabilityRuleOsEdition | The OS edition applicability for this Policy. Inherited from deviceConfiguration |
deviceManagementApplicabilityRuleOsVersion | deviceManagementApplicabilityRuleOsVersion | The OS version applicability rule for this Policy. Inherited from deviceConfiguration |
deviceManagementApplicabilityRuleDeviceMode | deviceManagementApplicabilityRuleDeviceMode | The device mode applicability rule for this Policy. Inherited from deviceConfiguration |
createdDateTime | DateTimeOffset | DateTime the object was created. Inherited from deviceConfiguration |
description | String | Admin provided description of the Device Configuration. Inherited from deviceConfiguration |
displayName | String | Admin provided name of the device configuration. Inherited from deviceConfiguration |
version | Int32 | Version of the device configuration. Inherited from deviceConfiguration |
trustedRootCertificate | Binary | Trusted Root Certificate |
certFileName | String | File name to display in UI. |
androidForWorkVpnConfiguration
Property | Type | Description |
---|---|---|
id | String | Key of the entity. Inherited from deviceConfiguration |
lastModifiedDateTime | DateTimeOffset | DateTime the object was last modified. Inherited from deviceConfiguration |
roleScopeTagIds | String collection | List of Scope Tags for this Entity instance. Inherited from deviceConfiguration |
supportsScopeTags | Boolean | Indicates whether or not the underlying Device Configuration supports the assignment of scope tags. Assigning to the ScopeTags property is not allowed when this value is false and entities will not be visible to scoped users. This occurs for Legacy policies created in Silverlight and can be resolved by deleting and recreating the policy in the Azure Portal. This property is read-only. Inherited from deviceConfiguration |
deviceManagementApplicabilityRuleOsEdition | deviceManagementApplicabilityRuleOsEdition | The OS edition applicability for this Policy. Inherited from deviceConfiguration |
deviceManagementApplicabilityRuleOsVersion | deviceManagementApplicabilityRuleOsVersion | The OS version applicability rule for this Policy. Inherited from deviceConfiguration |
deviceManagementApplicabilityRuleDeviceMode | deviceManagementApplicabilityRuleDeviceMode | The device mode applicability rule for this Policy. Inherited from deviceConfiguration |
createdDateTime | DateTimeOffset | DateTime the object was created. Inherited from deviceConfiguration |
description | String | Admin provided description of the Device Configuration. Inherited from deviceConfiguration |
displayName | String | Admin provided name of the device configuration. Inherited from deviceConfiguration |
version | Int32 | Version of the device configuration. Inherited from deviceConfiguration |
connectionName | String | Connection name displayed to the user. |
connectionType | androidForWorkVpnConnectionType | Connection type. Possible values are: ciscoAnyConnect , pulseSecure , f5EdgeClient , dellSonicWallMobileConnect , checkPointCapsuleVpn , citrix . |
role | String | Role when connection type is set to Pulse Secure. |
realm | String | Realm when connection type is set to Pulse Secure. |
servers | vpnServer collection | List of VPN Servers on the network. Make sure end users can access these network locations. This collection can contain a maximum of 500 elements. |
fingerprint | String | Fingerprint is a string that will be used to verify the VPN server can be trusted, which is only applicable when connection type is Check Point Capsule VPN. |
customData | keyValue collection | Custom data when connection type is set to Citrix. This collection can contain a maximum of 25 elements. |
customKeyValueData | keyValuePair collection | Custom data when connection type is set to Citrix. This collection can contain a maximum of 25 elements. |
authenticationMethod | vpnAuthenticationMethod | Authentication method. Possible values are: certificate , usernameAndPassword , sharedSecret , derivedCredential , azureAD . |
androidForWorkWiFiConfiguration
Property | Type | Description |
---|---|---|
id | String | Key of the entity. Inherited from deviceConfiguration |
lastModifiedDateTime | DateTimeOffset | DateTime the object was last modified. Inherited from deviceConfiguration |
roleScopeTagIds | String collection | List of Scope Tags for this Entity instance. Inherited from deviceConfiguration |
supportsScopeTags | Boolean | Indicates whether or not the underlying Device Configuration supports the assignment of scope tags. Assigning to the ScopeTags property is not allowed when this value is false and entities will not be visible to scoped users. This occurs for Legacy policies created in Silverlight and can be resolved by deleting and recreating the policy in the Azure Portal. This property is read-only. Inherited from deviceConfiguration |
deviceManagementApplicabilityRuleOsEdition | deviceManagementApplicabilityRuleOsEdition | The OS edition applicability for this Policy. Inherited from deviceConfiguration |
deviceManagementApplicabilityRuleOsVersion | deviceManagementApplicabilityRuleOsVersion | The OS version applicability rule for this Policy. Inherited from deviceConfiguration |
deviceManagementApplicabilityRuleDeviceMode | deviceManagementApplicabilityRuleDeviceMode | The device mode applicability rule for this Policy. Inherited from deviceConfiguration |
createdDateTime | DateTimeOffset | DateTime the object was created. Inherited from deviceConfiguration |
description | String | Admin provided description of the Device Configuration. Inherited from deviceConfiguration |
displayName | String | Admin provided name of the device configuration. Inherited from deviceConfiguration |
version | Int32 | Version of the device configuration. Inherited from deviceConfiguration |
networkName | String | Network Name |
ssid | String | This is the name of the Wi-Fi network that is broadcast to all devices. |
connectAutomatically | Boolean | Connect automatically when this network is in range. Setting this to true will skip the user prompt and automatically connect the device to Wi-Fi network. |
connectWhenNetworkNameIsHidden | Boolean | When set to true, this profile forces the device to connect to a network that doesn't broadcast its SSID to all devices. |
wiFiSecurityType | androidWiFiSecurityType | Indicates whether Wi-Fi endpoint uses an EAP based security type. Possible values are: open , wpaEnterprise , wpa2Enterprise . |
androidGeneralDeviceConfiguration
Property | Type | Description |
---|---|---|
id | String | Key of the entity. Inherited from deviceConfiguration |
lastModifiedDateTime | DateTimeOffset | DateTime the object was last modified. Inherited from deviceConfiguration |
createdDateTime | DateTimeOffset | DateTime the object was created. Inherited from deviceConfiguration |
description | String | Admin provided description of the Device Configuration. Inherited from deviceConfiguration |
displayName | String | Admin provided name of the device configuration. Inherited from deviceConfiguration |
version | Int32 | Version of the device configuration. Inherited from deviceConfiguration |
appsBlockClipboardSharing | Boolean | Indicates whether or not to block clipboard sharing to copy and paste between applications. |
appsBlockCopyPaste | Boolean | Indicates whether or not to block copy and paste within applications. |
appsBlockYouTube | Boolean | Indicates whether or not to block the YouTube app. |
bluetoothBlocked | Boolean | Indicates whether or not to block Bluetooth. |
cameraBlocked | Boolean | Indicates whether or not to block the use of the camera. |
cellularBlockDataRoaming | Boolean | Indicates whether or not to block data roaming. |
cellularBlockMessaging | Boolean | Indicates whether or not to block SMS/MMS messaging. |
cellularBlockVoiceRoaming | Boolean | Indicates whether or not to block voice roaming. |
cellularBlockWiFiTethering | Boolean | Indicates whether or not to block syncing Wi-Fi tethering. |
compliantAppsList | appListItem collection | List of apps in the compliance (either allow list or block list, controlled by CompliantAppListType). This collection can contain a maximum of 10000 elements. |
compliantAppListType | appListType | Type of list that is in the CompliantAppsList. Possible values are: none , appsInListCompliant , appsNotInListCompliant . |
diagnosticDataBlockSubmission | Boolean | Indicates whether or not to block diagnostic data submission. |
locationServicesBlocked | Boolean | Indicates whether or not to block location services. |
googleAccountBlockAutoSync | Boolean | Indicates whether or not to block Google account auto sync. |
googlePlayStoreBlocked | Boolean | Indicates whether or not to block the Google Play store. |
kioskModeBlockSleepButton | Boolean | Indicates whether or not to block the screen sleep button while in Kiosk Mode. |
kioskModeBlockVolumeButtons | Boolean | Indicates whether or not to block the volume buttons while in Kiosk Mode. |
kioskModeApps | appListItem collection | A list of apps that will be allowed to run when the device is in Kiosk Mode. This collection can contain a maximum of 500 elements. |
nfcBlocked | Boolean | Indicates whether or not to block Near-Field Communication. |
passwordBlockFingerprintUnlock | Boolean | Indicates whether or not to block fingerprint unlock. |
passwordBlockTrustAgents | Boolean | Indicates whether or not to block Smart Lock and other trust agents. |
passwordExpirationDays | Int32 | Number of days before the password expires. Valid values 1 to 365 |
passwordMinimumLength | Int32 | Minimum length of passwords. Valid values 4 to 16 |
passwordMinutesOfInactivityBeforeScreenTimeout | Int32 | Minutes of inactivity before the screen times out. |
passwordPreviousPasswordBlockCount | Int32 | Number of previous passwords to block. Valid values 0 to 24 |
passwordSignInFailureCountBeforeFactoryReset | Int32 | Number of sign in failures allowed before factory reset. Valid values 1 to 16 |
passwordRequiredType | androidRequiredPasswordType | Type of password that is required. Possible values are: deviceDefault , alphabetic , alphanumeric , alphanumericWithSymbols , lowSecurityBiometric , numeric , numericComplex , any . |
passwordRequired | Boolean | Indicates whether or not to require a password. |
powerOffBlocked | Boolean | Indicates whether or not to block powering off the device. |
factoryResetBlocked | Boolean | Indicates whether or not to block user performing a factory reset. |
screenCaptureBlocked | Boolean | Indicates whether or not to block screenshots. |
deviceSharingAllowed | Boolean | Indicates whether or not to allow device sharing mode. |
storageBlockGoogleBackup | Boolean | Indicates whether or not to block Google Backup. |
storageBlockRemovableStorage | Boolean | Indicates whether or not to block removable storage usage. |
storageRequireDeviceEncryption | Boolean | Indicates whether or not to require device encryption. |
storageRequireRemovableStorageEncryption | Boolean | Indicates whether or not to require removable storage encryption. |
voiceAssistantBlocked | Boolean | Indicates whether or not to block the use of the Voice Assistant. |
voiceDialingBlocked | Boolean | Indicates whether or not to block voice dialing. |
webBrowserBlockPopups | Boolean | Indicates whether or not to block popups within the web browser. |
webBrowserBlockAutofill | Boolean | Indicates whether or not to block the web browser's auto fill feature. |
webBrowserBlockJavaScript | Boolean | Indicates whether or not to block JavaScript within the web browser. |
webBrowserBlocked | Boolean | Indicates whether or not to block the web browser. |
webBrowserCookieSettings | webBrowserCookieSettings | Cookie settings within the web browser. Possible values are: browserDefault , blockAlways , allowCurrentWebSite , allowFromWebsitesVisited , allowAlways . |
wiFiBlocked | Boolean | Indicates whether or not to block syncing Wi-Fi. |
appsInstallAllowList | appListItem collection | List of apps which can be installed on the KNOX device. This collection can contain a maximum of 500 elements. |
appsLaunchBlockList | appListItem collection | List of apps which are blocked from being launched on the KNOX device. This collection can contain a maximum of 500 elements. |
appsHideList | appListItem collection | List of apps to be hidden on the KNOX device. This collection can contain a maximum of 500 elements. |
securityRequireVerifyApps | Boolean | Require the Android Verify apps feature is turned on. |
androidImportedPFXCertificateProfile
Property | Type | Description |
---|---|---|
id | String | Key of the entity. Inherited from deviceConfiguration |
lastModifiedDateTime | DateTimeOffset | DateTime the object was last modified. Inherited from deviceConfiguration |
roleScopeTagIds | String collection | List of Scope Tags for this Entity instance. Inherited from deviceConfiguration |
supportsScopeTags | Boolean | Indicates whether or not the underlying Device Configuration supports the assignment of scope tags. Assigning to the ScopeTags property is not allowed when this value is false and entities will not be visible to scoped users. This occurs for Legacy policies created in Silverlight and can be resolved by deleting and recreating the policy in the Azure Portal. This property is read-only. Inherited from deviceConfiguration |
deviceManagementApplicabilityRuleOsEdition | deviceManagementApplicabilityRuleOsEdition | The OS edition applicability for this Policy. Inherited from deviceConfiguration |
deviceManagementApplicabilityRuleOsVersion | deviceManagementApplicabilityRuleOsVersion | The OS version applicability rule for this Policy. Inherited from deviceConfiguration |
deviceManagementApplicabilityRuleDeviceMode | deviceManagementApplicabilityRuleDeviceMode | The device mode applicability rule for this Policy. Inherited from deviceConfiguration |
createdDateTime | DateTimeOffset | DateTime the object was created. Inherited from deviceConfiguration |
description | String | Admin provided description of the Device Configuration. Inherited from deviceConfiguration |
displayName | String | Admin provided name of the device configuration. Inherited from deviceConfiguration |
version | Int32 | Version of the device configuration. Inherited from deviceConfiguration |
renewalThresholdPercentage | Int32 | Certificate renewal threshold percentage. Valid values 1 to 99 Inherited from androidCertificateProfileBase |
subjectNameFormat | subjectNameFormat | Certificate Subject Name Format. Inherited from androidCertificateProfileBase. Possible values are: commonName , commonNameIncludingEmail , commonNameAsEmail , custom , commonNameAsIMEI , commonNameAsSerialNumber , commonNameAsAadDeviceId , commonNameAsIntuneDeviceId , commonNameAsDurableDeviceId . |
subjectAlternativeNameType | subjectAlternativeNameType | Certificate Subject Alternative Name Type. Inherited from androidCertificateProfileBase. Possible values are: none , emailAddress , userPrincipalName , customAzureADAttribute , domainNameService , universalResourceIdentifier . |
certificateValidityPeriodValue | Int32 | Value for the Certificate Validity Period. Inherited from androidCertificateProfileBase |
certificateValidityPeriodScale | certificateValidityPeriodScale | Scale for the Certificate Validity Period. Inherited from androidCertificateProfileBase. Possible values are: days , months , years . |
extendedKeyUsages | extendedKeyUsage collection | Extended Key Usage (EKU) settings. This collection can contain a maximum of 500 elements. Inherited from androidCertificateProfileBase |
intendedPurpose | intendedPurpose | Intended Purpose of the Certificate Profile - which could be Unassigned, SmimeEncryption, SmimeSigning etc. Possible values are: unassigned , smimeEncryption , smimeSigning , vpn , wifi . |
androidOmaCpConfiguration
Property | Type | Description |
---|---|---|
id | String | Key of the entity. Inherited from deviceConfiguration |
lastModifiedDateTime | DateTimeOffset | DateTime the object was last modified. Inherited from deviceConfiguration |
roleScopeTagIds | String collection | List of Scope Tags for this Entity instance. Inherited from deviceConfiguration |
supportsScopeTags | Boolean | Indicates whether or not the underlying Device Configuration supports the assignment of scope tags. Assigning to the ScopeTags property is not allowed when this value is false and entities will not be visible to scoped users. This occurs for Legacy policies created in Silverlight and can be resolved by deleting and recreating the policy in the Azure Portal. This property is read-only. Inherited from deviceConfiguration |
deviceManagementApplicabilityRuleOsEdition | deviceManagementApplicabilityRuleOsEdition | The OS edition applicability for this Policy. Inherited from deviceConfiguration |
deviceManagementApplicabilityRuleOsVersion | deviceManagementApplicabilityRuleOsVersion | The OS version applicability rule for this Policy. Inherited from deviceConfiguration |
deviceManagementApplicabilityRuleDeviceMode | deviceManagementApplicabilityRuleDeviceMode | The device mode applicability rule for this Policy. Inherited from deviceConfiguration |
createdDateTime | DateTimeOffset | DateTime the object was created. Inherited from deviceConfiguration |
description | String | Admin provided description of the Device Configuration. Inherited from deviceConfiguration |
displayName | String | Admin provided name of the device configuration. Inherited from deviceConfiguration |
version | Int32 | Version of the device configuration. Inherited from deviceConfiguration |
configurationXml | Binary | Configuration XML that will be applied to the device. When it is read, it only provides a placeholder string since the original data is encrypted and stored. |
androidPkcsCertificateProfile
Property | Type | Description |
---|---|---|
id | String | Key of the entity. Inherited from deviceConfiguration |
lastModifiedDateTime | DateTimeOffset | DateTime the object was last modified. Inherited from deviceConfiguration |
roleScopeTagIds | String collection | List of Scope Tags for this Entity instance. Inherited from deviceConfiguration |
supportsScopeTags | Boolean | Indicates whether or not the underlying Device Configuration supports the assignment of scope tags. Assigning to the ScopeTags property is not allowed when this value is false and entities will not be visible to scoped users. This occurs for Legacy policies created in Silverlight and can be resolved by deleting and recreating the policy in the Azure Portal. This property is read-only. Inherited from deviceConfiguration |
deviceManagementApplicabilityRuleOsEdition | deviceManagementApplicabilityRuleOsEdition | The OS edition applicability for this Policy. Inherited from deviceConfiguration |
deviceManagementApplicabilityRuleOsVersion | deviceManagementApplicabilityRuleOsVersion | The OS version applicability rule for this Policy. Inherited from deviceConfiguration |
deviceManagementApplicabilityRuleDeviceMode | deviceManagementApplicabilityRuleDeviceMode | The device mode applicability rule for this Policy. Inherited from deviceConfiguration |
createdDateTime | DateTimeOffset | DateTime the object was created. Inherited from deviceConfiguration |
description | String | Admin provided description of the Device Configuration. Inherited from deviceConfiguration |
displayName | String | Admin provided name of the device configuration. Inherited from deviceConfiguration |
version | Int32 | Version of the device configuration. Inherited from deviceConfiguration |
renewalThresholdPercentage | Int32 | Certificate renewal threshold percentage. Valid values 1 to 99 Inherited from androidCertificateProfileBase |
subjectNameFormat | subjectNameFormat | Certificate Subject Name Format. Inherited from androidCertificateProfileBase. Possible values are: commonName , commonNameIncludingEmail , commonNameAsEmail , custom , commonNameAsIMEI , commonNameAsSerialNumber , commonNameAsAadDeviceId , commonNameAsIntuneDeviceId , commonNameAsDurableDeviceId . |
subjectAlternativeNameType | subjectAlternativeNameType | Certificate Subject Alternative Name Type. Inherited from androidCertificateProfileBase. Possible values are: none , emailAddress , userPrincipalName , customAzureADAttribute , domainNameService , universalResourceIdentifier . |
certificateValidityPeriodValue | Int32 | Value for the Certificate Validity Period. Inherited from androidCertificateProfileBase |
certificateValidityPeriodScale | certificateValidityPeriodScale | Scale for the Certificate Validity Period. Inherited from androidCertificateProfileBase. Possible values are: days , months , years . |
extendedKeyUsages | extendedKeyUsage collection | Extended Key Usage (EKU) settings. This collection can contain a maximum of 500 elements. Inherited from androidCertificateProfileBase |
certificationAuthority | String | PKCS Certification Authority |
certificationAuthorityName | String | PKCS Certification Authority Name |
certificateTemplateName | String | PKCS Certificate Template Name |
subjectAlternativeNameFormatString | String | Custom String that defines the AAD Attribute. |
androidScepCertificateProfile
Property | Type | Description |
---|---|---|
id | String | Key of the entity. Inherited from deviceConfiguration |
lastModifiedDateTime | DateTimeOffset | DateTime the object was last modified. Inherited from deviceConfiguration |
roleScopeTagIds | String collection | List of Scope Tags for this Entity instance. Inherited from deviceConfiguration |
supportsScopeTags | Boolean | Indicates whether or not the underlying Device Configuration supports the assignment of scope tags. Assigning to the ScopeTags property is not allowed when this value is false and entities will not be visible to scoped users. This occurs for Legacy policies created in Silverlight and can be resolved by deleting and recreating the policy in the Azure Portal. This property is read-only. Inherited from deviceConfiguration |
deviceManagementApplicabilityRuleOsEdition | deviceManagementApplicabilityRuleOsEdition | The OS edition applicability for this Policy. Inherited from deviceConfiguration |
deviceManagementApplicabilityRuleOsVersion | deviceManagementApplicabilityRuleOsVersion | The OS version applicability rule for this Policy. Inherited from deviceConfiguration |
deviceManagementApplicabilityRuleDeviceMode | deviceManagementApplicabilityRuleDeviceMode | The device mode applicability rule for this Policy. Inherited from deviceConfiguration |
createdDateTime | DateTimeOffset | DateTime the object was created. Inherited from deviceConfiguration |
description | String | Admin provided description of the Device Configuration. Inherited from deviceConfiguration |
displayName | String | Admin provided name of the device configuration. Inherited from deviceConfiguration |
version | Int32 | Version of the device configuration. Inherited from deviceConfiguration |
renewalThresholdPercentage | Int32 | Certificate renewal threshold percentage. Valid values 1 to 99 Inherited from androidCertificateProfileBase |
subjectNameFormat | subjectNameFormat | Certificate Subject Name Format. Inherited from androidCertificateProfileBase. Possible values are: commonName , commonNameIncludingEmail , commonNameAsEmail , custom , commonNameAsIMEI , commonNameAsSerialNumber , commonNameAsAadDeviceId , commonNameAsIntuneDeviceId , commonNameAsDurableDeviceId . |
subjectAlternativeNameType | subjectAlternativeNameType | Certificate Subject Alternative Name Type. Inherited from androidCertificateProfileBase. Possible values are: none , emailAddress , userPrincipalName , customAzureADAttribute , domainNameService , universalResourceIdentifier . |
certificateValidityPeriodValue | Int32 | Value for the Certificate Validity Period. Inherited from androidCertificateProfileBase |
certificateValidityPeriodScale | certificateValidityPeriodScale | Scale for the Certificate Validity Period. Inherited from androidCertificateProfileBase. Possible values are: days , months , years . |
extendedKeyUsages | extendedKeyUsage collection | Extended Key Usage (EKU) settings. This collection can contain a maximum of 500 elements. Inherited from androidCertificateProfileBase |
scepServerUrls | String collection | SCEP Server Url(s) |
subjectNameFormatString | String | Custom format to use with SubjectNameFormat = Custom. Example: CN={{EmailAddress}},E={{EmailAddress}},OU=Enterprise Users,O=Contoso Corporation,L=Redmond,ST=WA,C=US |
keyUsage | keyUsages | SCEP Key Usage. Possible values are: keyEncipherment , digitalSignature . |
keySize | keySize | SCEP Key Size. Possible values are: size1024 , size2048 , size4096 . |
hashAlgorithm | hashAlgorithms | SCEP Hash Algorithm. Possible values are: sha1 , sha2 . |
subjectAlternativeNameFormatString | String | Custom String that defines the AAD Attribute. |
androidTrustedRootCertificate
Property | Type | Description |
---|---|---|
id | String | Key of the entity. Inherited from deviceConfiguration |
lastModifiedDateTime | DateTimeOffset | DateTime the object was last modified. Inherited from deviceConfiguration |
roleScopeTagIds | String collection | List of Scope Tags for this Entity instance. Inherited from deviceConfiguration |
supportsScopeTags | Boolean | Indicates whether or not the underlying Device Configuration supports the assignment of scope tags. Assigning to the ScopeTags property is not allowed when this value is false and entities will not be visible to scoped users. This occurs for Legacy policies created in Silverlight and can be resolved by deleting and recreating the policy in the Azure Portal. This property is read-only. Inherited from deviceConfiguration |
deviceManagementApplicabilityRuleOsEdition | deviceManagementApplicabilityRuleOsEdition | The OS edition applicability for this Policy. Inherited from deviceConfiguration |
deviceManagementApplicabilityRuleOsVersion | deviceManagementApplicabilityRuleOsVersion | The OS version applicability rule for this Policy. Inherited from deviceConfiguration |
deviceManagementApplicabilityRuleDeviceMode | deviceManagementApplicabilityRuleDeviceMode | The device mode applicability rule for this Policy. Inherited from deviceConfiguration |
createdDateTime | DateTimeOffset | DateTime the object was created. Inherited from deviceConfiguration |
description | String | Admin provided description of the Device Configuration. Inherited from deviceConfiguration |
displayName | String | Admin provided name of the device configuration. Inherited from deviceConfiguration |
version | Int32 | Version of the device configuration. Inherited from deviceConfiguration |
trustedRootCertificate | Binary | Trusted Root Certificate |
certFileName | String | File name to display in UI. |
androidVpnConfiguration
Property | Type | Description |
---|---|---|
id | String | Key of the entity. Inherited from deviceConfiguration |
lastModifiedDateTime | DateTimeOffset | DateTime the object was last modified. Inherited from deviceConfiguration |
roleScopeTagIds | String collection | List of Scope Tags for this Entity instance. Inherited from deviceConfiguration |
supportsScopeTags | Boolean | Indicates whether or not the underlying Device Configuration supports the assignment of scope tags. Assigning to the ScopeTags property is not allowed when this value is false and entities will not be visible to scoped users. This occurs for Legacy policies created in Silverlight and can be resolved by deleting and recreating the policy in the Azure Portal. This property is read-only. Inherited from deviceConfiguration |
deviceManagementApplicabilityRuleOsEdition | deviceManagementApplicabilityRuleOsEdition | The OS edition applicability for this Policy. Inherited from deviceConfiguration |
deviceManagementApplicabilityRuleOsVersion | deviceManagementApplicabilityRuleOsVersion | The OS version applicability rule for this Policy. Inherited from deviceConfiguration |
deviceManagementApplicabilityRuleDeviceMode | deviceManagementApplicabilityRuleDeviceMode | The device mode applicability rule for this Policy. Inherited from deviceConfiguration |
createdDateTime | DateTimeOffset | DateTime the object was created. Inherited from deviceConfiguration |
description | String | Admin provided description of the Device Configuration. Inherited from deviceConfiguration |
displayName | String | Admin provided name of the device configuration. Inherited from deviceConfiguration |
version | Int32 | Version of the device configuration. Inherited from deviceConfiguration |
connectionName | String | Connection name displayed to the user. |
connectionType | androidVpnConnectionType | Connection type. Possible values are: ciscoAnyConnect , pulseSecure , f5EdgeClient , dellSonicWallMobileConnect , checkPointCapsuleVpn , citrix , microsoftTunnel , netMotionMobility , microsoftProtect . |
role | String | Role when connection type is set to Pulse Secure. |
realm | String | Realm when connection type is set to Pulse Secure. |
servers | vpnServer collection | List of VPN Servers on the network. Make sure end users can access these network locations. This collection can contain a maximum of 500 elements. |
fingerprint | String | Fingerprint is a string that will be used to verify the VPN server can be trusted, which is only applicable when connection type is Check Point Capsule VPN. |
customData | keyValue collection | Custom data when connection type is set to Citrix. This collection can contain a maximum of 25 elements. |
customKeyValueData | keyValuePair collection | Custom data when connection type is set to Citrix. This collection can contain a maximum of 25 elements. |
authenticationMethod | vpnAuthenticationMethod | Authentication method. Possible values are: certificate , usernameAndPassword , sharedSecret , derivedCredential , azureAD . |
androidWiFiConfiguration
Property | Type | Description |
---|---|---|
id | String | Key of the entity. Inherited from deviceConfiguration |
lastModifiedDateTime | DateTimeOffset | DateTime the object was last modified. Inherited from deviceConfiguration |
roleScopeTagIds | String collection | List of Scope Tags for this Entity instance. Inherited from deviceConfiguration |
supportsScopeTags | Boolean | Indicates whether or not the underlying Device Configuration supports the assignment of scope tags. Assigning to the ScopeTags property is not allowed when this value is false and entities will not be visible to scoped users. This occurs for Legacy policies created in Silverlight and can be resolved by deleting and recreating the policy in the Azure Portal. This property is read-only. Inherited from deviceConfiguration |
deviceManagementApplicabilityRuleOsEdition | deviceManagementApplicabilityRuleOsEdition | The OS edition applicability for this Policy. Inherited from deviceConfiguration |
deviceManagementApplicabilityRuleOsVersion | deviceManagementApplicabilityRuleOsVersion | The OS version applicability rule for this Policy. Inherited from deviceConfiguration |
deviceManagementApplicabilityRuleDeviceMode | deviceManagementApplicabilityRuleDeviceMode | The device mode applicability rule for this Policy. Inherited from deviceConfiguration |
createdDateTime | DateTimeOffset | DateTime the object was created. Inherited from deviceConfiguration |
description | String | Admin provided description of the Device Configuration. Inherited from deviceConfiguration |
displayName | String | Admin provided name of the device configuration. Inherited from deviceConfiguration |
version | Int32 | Version of the device configuration. Inherited from deviceConfiguration |
networkName | String | Network Name |
ssid | String | This is the name of the Wi-Fi network that is broadcast to all devices. |
connectAutomatically | Boolean | Connect automatically when this network is in range. Setting this to true will skip the user prompt and automatically connect the device to Wi-Fi network. |
connectWhenNetworkNameIsHidden | Boolean | When set to true, this profile forces the device to connect to a network that doesn't broadcast its SSID to all devices. |
wiFiSecurityType | androidWiFiSecurityType | Indicates whether Wi-Fi endpoint uses an EAP based security type. Possible values are: open , wpaEnterprise , wpa2Enterprise . |
androidWorkProfileCertificateProfileBase
Property | Type | Description |
---|---|---|
id | String | Key of the entity. Inherited from deviceConfiguration |
lastModifiedDateTime | DateTimeOffset | DateTime the object was last modified. Inherited from deviceConfiguration |
roleScopeTagIds | String collection | List of Scope Tags for this Entity instance. Inherited from deviceConfiguration |
supportsScopeTags | Boolean | Indicates whether or not the underlying Device Configuration supports the assignment of scope tags. Assigning to the ScopeTags property is not allowed when this value is false and entities will not be visible to scoped users. This occurs for Legacy policies created in Silverlight and can be resolved by deleting and recreating the policy in the Azure Portal. This property is read-only. Inherited from deviceConfiguration |
deviceManagementApplicabilityRuleOsEdition | deviceManagementApplicabilityRuleOsEdition | The OS edition applicability for this Policy. Inherited from deviceConfiguration |
deviceManagementApplicabilityRuleOsVersion | deviceManagementApplicabilityRuleOsVersion | The OS version applicability rule for this Policy. Inherited from deviceConfiguration |
deviceManagementApplicabilityRuleDeviceMode | deviceManagementApplicabilityRuleDeviceMode | The device mode applicability rule for this Policy. Inherited from deviceConfiguration |
createdDateTime | DateTimeOffset | DateTime the object was created. Inherited from deviceConfiguration |
description | String | Admin provided description of the Device Configuration. Inherited from deviceConfiguration |
displayName | String | Admin provided name of the device configuration. Inherited from deviceConfiguration |
version | Int32 | Version of the device configuration. Inherited from deviceConfiguration |
renewalThresholdPercentage | Int32 | Certificate renewal threshold percentage. Valid values 1 to 99 |
subjectNameFormat | subjectNameFormat | Certificate Subject Name Format. Possible values are: commonName , commonNameIncludingEmail , commonNameAsEmail , custom , commonNameAsIMEI , commonNameAsSerialNumber , commonNameAsAadDeviceId , commonNameAsIntuneDeviceId , commonNameAsDurableDeviceId . |
certificateValidityPeriodValue | Int32 | Value for the Certificate Validity Period. |
certificateValidityPeriodScale | certificateValidityPeriodScale | Scale for the Certificate Validity Period. Possible values are: days , months , years . |
extendedKeyUsages | extendedKeyUsage collection | Extended Key Usage (EKU) settings. This collection can contain a maximum of 500 elements. |
subjectAlternativeNameType | subjectAlternativeNameType | Certificate Subject Alternative Name Type. Possible values are: none , emailAddress , userPrincipalName , customAzureADAttribute , domainNameService , universalResourceIdentifier . |
androidWorkProfileCompliancePolicy
Property | Type | Description |
---|---|---|
id | String | Key of the entity. Inherited from deviceCompliancePolicy |
createdDateTime | DateTimeOffset | DateTime the object was created. Inherited from deviceCompliancePolicy |
description | String | Admin provided description of the Device Configuration. Inherited from deviceCompliancePolicy |
lastModifiedDateTime | DateTimeOffset | DateTime the object was last modified. Inherited from deviceCompliancePolicy |
displayName | String | Admin provided name of the device configuration. Inherited from deviceCompliancePolicy |
version | Int32 | Version of the device configuration. Inherited from deviceCompliancePolicy |
passwordRequired | Boolean | Require a password to unlock device. |
passwordMinimumLength | Int32 | Minimum password length. Valid values 4 to 16 |
passwordRequiredType | androidRequiredPasswordType | Type of characters in password. Possible values are: deviceDefault , alphabetic , alphanumeric , alphanumericWithSymbols , lowSecurityBiometric , numeric , numericComplex , any . |
passwordMinutesOfInactivityBeforeLock | Int32 | Minutes of inactivity before a password is required. |
passwordExpirationDays | Int32 | Number of days before the password expires. Valid values 1 to 365 |
passwordPreviousPasswordBlockCount | Int32 | Number of previous passwords to block. Valid values 1 to 24 |
securityPreventInstallAppsFromUnknownSources | Boolean | Require that devices disallow installation of apps from unknown sources. |
securityDisableUsbDebugging | Boolean | Disable USB debugging on Android devices. |
securityRequireVerifyApps | Boolean | Require the Android Verify apps feature is turned on. |
deviceThreatProtectionEnabled | Boolean | Require that devices have enabled device threat protection. |
deviceThreatProtectionRequiredSecurityLevel | deviceThreatProtectionLevel | Require Mobile Threat Protection minimum risk level to report noncompliance. Possible values are: unavailable , secured , low , medium , high , notSet . |
securityBlockJailbrokenDevices | Boolean | Devices must not be jailbroken or rooted. |
osMinimumVersion | String | Minimum Android version. |
osMaximumVersion | String | Maximum Android version. |
minAndroidSecurityPatchLevel | String | Minimum Android security patch level. |
storageRequireEncryption | Boolean | Require encryption on Android devices. |
securityRequireSafetyNetAttestationBasicIntegrity | Boolean | Require the device to pass the SafetyNet basic integrity check. |
securityRequireSafetyNetAttestationCertifiedDevice | Boolean | Require the device to pass the SafetyNet certified device check. |
securityRequireGooglePlayServices | Boolean | Require Google Play Services to be installed and enabled on the device. |
securityRequireUpToDateSecurityProviders | Boolean | Require the device to have up to date security providers. The device will require Google Play Services to be enabled and up to date. |
securityRequireCompanyPortalAppIntegrity | Boolean | Require the device to pass the Company Portal client app runtime integrity check. |
androidWorkProfileCustomConfiguration
Property | Type | Description |
---|---|---|
id | String | Key of the entity. Inherited from deviceConfiguration |
lastModifiedDateTime | DateTimeOffset | DateTime the object was last modified. Inherited from deviceConfiguration |
createdDateTime | DateTimeOffset | DateTime the object was created. Inherited from deviceConfiguration |
description | String | Admin provided description of the Device Configuration. Inherited from deviceConfiguration |
displayName | String | Admin provided name of the device configuration. Inherited from deviceConfiguration |
version | Int32 | Version of the device configuration. Inherited from deviceConfiguration |
omaSettings | omaSetting collection | OMA settings. This collection can contain a maximum of 500 elements. |
androidWorkProfileEasEmailProfileBase
Property | Type | Description |
---|---|---|
id | String | Key of the entity. Inherited from deviceConfiguration |
lastModifiedDateTime | DateTimeOffset | DateTime the object was last modified. Inherited from deviceConfiguration |
roleScopeTagIds | String collection | List of Scope Tags for this Entity instance. Inherited from deviceConfiguration |
supportsScopeTags | Boolean | Indicates whether or not the underlying Device Configuration supports the assignment of scope tags. Assigning to the ScopeTags property is not allowed when this value is false and entities will not be visible to scoped users. This occurs for Legacy policies created in Silverlight and can be resolved by deleting and recreating the policy in the Azure Portal. This property is read-only. Inherited from deviceConfiguration |
deviceManagementApplicabilityRuleOsEdition | deviceManagementApplicabilityRuleOsEdition | The OS edition applicability for this Policy. Inherited from deviceConfiguration |
deviceManagementApplicabilityRuleOsVersion | deviceManagementApplicabilityRuleOsVersion | The OS version applicability rule for this Policy. Inherited from deviceConfiguration |
deviceManagementApplicabilityRuleDeviceMode | deviceManagementApplicabilityRuleDeviceMode | The device mode applicability rule for this Policy. Inherited from deviceConfiguration |
createdDateTime | DateTimeOffset | DateTime the object was created. Inherited from deviceConfiguration |
description | String | Admin provided description of the Device Configuration. Inherited from deviceConfiguration |
displayName | String | Admin provided name of the device configuration. Inherited from deviceConfiguration |
version | Int32 | Version of the device configuration. Inherited from deviceConfiguration |
authenticationMethod | easAuthenticationMethod | Authentication method for Exchange ActiveSync. Possible values are: usernameAndPassword , certificate , derivedCredential . |
durationOfEmailToSync | emailSyncDuration | Duration of time email should be synced to. Possible values are: userDefined , oneDay , threeDays , oneWeek , twoWeeks , oneMonth , unlimited . |
emailAddressSource | userEmailSource | Email attribute that is picked from AAD and injected into this profile before installing on the device. Possible values are: userPrincipalName , primarySmtpAddress . |
hostName | String | Exchange location (URL) that the mail app connects to. |
requireSsl | Boolean | Indicates whether or not to use SSL. |
usernameSource | androidUsernameSource | Username attribute that is picked from AAD and injected into this profile before installing on the device. Possible values are: username , userPrincipalName , samAccountName , primarySmtpAddress . |
androidWorkProfileEnterpriseWiFiConfiguration
Property | Type | Description |
---|---|---|
id | String | Key of the entity. Inherited from deviceConfiguration |
lastModifiedDateTime | DateTimeOffset | DateTime the object was last modified. Inherited from deviceConfiguration |
roleScopeTagIds | String collection | List of Scope Tags for this Entity instance. Inherited from deviceConfiguration |
supportsScopeTags | Boolean | Indicates whether or not the underlying Device Configuration supports the assignment of scope tags. Assigning to the ScopeTags property is not allowed when this value is false and entities will not be visible to scoped users. This occurs for Legacy policies created in Silverlight and can be resolved by deleting and recreating the policy in the Azure Portal. This property is read-only. Inherited from deviceConfiguration |
deviceManagementApplicabilityRuleOsEdition | deviceManagementApplicabilityRuleOsEdition | The OS edition applicability for this Policy. Inherited from deviceConfiguration |
deviceManagementApplicabilityRuleOsVersion | deviceManagementApplicabilityRuleOsVersion | The OS version applicability rule for this Policy. Inherited from deviceConfiguration |
deviceManagementApplicabilityRuleDeviceMode | deviceManagementApplicabilityRuleDeviceMode | The device mode applicability rule for this Policy. Inherited from deviceConfiguration |
createdDateTime | DateTimeOffset | DateTime the object was created. Inherited from deviceConfiguration |
description | String | Admin provided description of the Device Configuration. Inherited from deviceConfiguration |
displayName | String | Admin provided name of the device configuration. Inherited from deviceConfiguration |
version | Int32 | Version of the device configuration. Inherited from deviceConfiguration |
networkName | String | Network Name Inherited from androidWorkProfileWiFiConfiguration |
ssid | String | This is the name of the Wi-Fi network that is broadcast to all devices. Inherited from androidWorkProfileWiFiConfiguration |
connectAutomatically | Boolean | Connect automatically when this network is in range. Setting this to true will skip the user prompt and automatically connect the device to Wi-Fi network. Inherited from androidWorkProfileWiFiConfiguration |
connectWhenNetworkNameIsHidden | Boolean | When set to true, this profile forces the device to connect to a network that doesn't broadcast its SSID to all devices. Inherited from androidWorkProfileWiFiConfiguration |
wiFiSecurityType | androidWiFiSecurityType | Indicates whether Wi-Fi endpoint uses an EAP based security type. Inherited from androidWorkProfileWiFiConfiguration. Possible values are: open , wpaEnterprise , wpa2Enterprise . |
eapType | androidEapType | Indicates the type of EAP protocol set on the Wi-Fi endpoint (router). Possible values are: eapTls , eapTtls , peap . |
trustedServerCertificateNames | String collection | Trusted server certificate names when EAP Type is configured to EAP-TLS/TTLS/FAST or PEAP. This is the common name used in the certificates issued by your trusted certificate authority (CA). If you provide this information, you can bypass the dynamic trust dialog that is displayed on end users' devices when they connect to this Wi-Fi network. |
authenticationMethod | wiFiAuthenticationMethod | Indicates the Authentication Method the client (device) needs to use when the EAP Type is configured to PEAP or EAP-TTLS. Possible values are: certificate , usernameAndPassword , derivedCredential . |
innerAuthenticationProtocolForEapTtls | nonEapAuthenticationMethodForEapTtlsType | Non-EAP Method for Authentication (Inner Identity) when EAP Type is EAP-TTLS and Authenticationmethod is Username and Password. Possible values are: unencryptedPassword , challengeHandshakeAuthenticationProtocol , microsoftChap , microsoftChapVersionTwo . |
innerAuthenticationProtocolForPeap | nonEapAuthenticationMethodForPeap | Non-EAP Method for Authentication (Inner Identity) when EAP Type is PEAP and Authenticationmethod is Username and Password. Possible values are: none , microsoftChapVersionTwo . |
outerIdentityPrivacyTemporaryValue | String | Enable identity privacy (Outer Identity) when EAP Type is configured to EAP-TTLS or PEAP. The String provided here is used to mask the username of individual users when they attempt to connect to Wi-Fi network. |
proxySettings | wiFiProxySetting | Proxy Type for this Wi-Fi connection. Possible values are: none , manual , automatic . |
proxyAutomaticConfigurationUrl | String | URL of the proxy server automatic configuration script when automatic configuration is selected. This URL is typically the location of PAC (Proxy Auto Configuration) file. |
androidWorkProfileGeneralDeviceConfiguration
Property | Type | Description |
---|---|---|
id | String | Key of the entity. Inherited from deviceConfiguration |
lastModifiedDateTime | DateTimeOffset | DateTime the object was last modified. Inherited from deviceConfiguration |
createdDateTime | DateTimeOffset | DateTime the object was created. Inherited from deviceConfiguration |
description | String | Admin provided description of the Device Configuration. Inherited from deviceConfiguration |
displayName | String | Admin provided name of the device configuration. Inherited from deviceConfiguration |
version | Int32 | Version of the device configuration. Inherited from deviceConfiguration |
passwordBlockFingerprintUnlock | Boolean | Indicates whether or not to block fingerprint unlock. |
passwordBlockTrustAgents | Boolean | Indicates whether or not to block Smart Lock and other trust agents. |
passwordExpirationDays | Int32 | Number of days before the password expires. Valid values 1 to 365 |
passwordMinimumLength | Int32 | Minimum length of passwords. Valid values 4 to 16 |
passwordMinutesOfInactivityBeforeScreenTimeout | Int32 | Minutes of inactivity before the screen times out. |
passwordPreviousPasswordBlockCount | Int32 | Number of previous passwords to block. Valid values 0 to 24 |
passwordSignInFailureCountBeforeFactoryReset | Int32 | Number of sign in failures allowed before factory reset. Valid values 1 to 16 |
passwordRequiredType | androidWorkProfileRequiredPasswordType | Type of password that is required. Possible values are: deviceDefault , lowSecurityBiometric , required , atLeastNumeric , numericComplex , atLeastAlphabetic , atLeastAlphanumeric , alphanumericWithSymbols . |
workProfileDataSharingType | androidWorkProfileCrossProfileDataSharingType | Type of data sharing that is allowed. Possible values are: deviceDefault , preventAny , allowPersonalToWork , noRestrictions . |
workProfileBlockNotificationsWhileDeviceLocked | Boolean | Indicates whether or not to block notifications while device locked. |
workProfileBlockAddingAccounts | Boolean | Block users from adding/removing accounts in work profile. |
workProfileBluetoothEnableContactSharing | Boolean | Allow bluetooth devices to access enterprise contacts. |
workProfileBlockScreenCapture | Boolean | Block screen capture in work profile. |
workProfileBlockCrossProfileCallerId | Boolean | Block display work profile caller ID in personal profile. |
workProfileBlockCamera | Boolean | Block work profile camera. |
workProfileBlockCrossProfileContactsSearch | Boolean | Block work profile contacts availability in personal profile. |
workProfileBlockCrossProfileCopyPaste | Boolean | Boolean that indicates if the setting disallow cross profile copy/paste is enabled. |
workProfileDefaultAppPermissionPolicy | androidWorkProfileDefaultAppPermissionPolicyType | Type of password that is required. Possible values are: deviceDefault , prompt , autoGrant , autoDeny . |
workProfilePasswordBlockFingerprintUnlock | Boolean | Indicates whether or not to block fingerprint unlock for work profile. |
workProfilePasswordBlockTrustAgents | Boolean | Indicates whether or not to block Smart Lock and other trust agents for work profile. |
workProfilePasswordExpirationDays | Int32 | Number of days before the work profile password expires. Valid values 1 to 365 |
workProfilePasswordMinimumLength | Int32 | Minimum length of work profile password. Valid values 4 to 16 |
workProfilePasswordMinNumericCharacters | Int32 | Minimum # of numeric characters required in work profile password. Valid values 1 to 10 |
workProfilePasswordMinNonLetterCharacters | Int32 | Minimum # of non-letter characters required in work profile password. Valid values 1 to 10 |
workProfilePasswordMinLetterCharacters | Int32 | Minimum # of letter characters required in work profile password. Valid values 1 to 10 |
workProfilePasswordMinLowerCaseCharacters | Int32 | Minimum # of lower-case characters required in work profile password. Valid values 1 to 10 |
workProfilePasswordMinUpperCaseCharacters | Int32 | Minimum # of upper-case characters required in work profile password. Valid values 1 to 10 |
workProfilePasswordMinSymbolCharacters | Int32 | Minimum # of symbols required in work profile password. Valid values 1 to 10 |
workProfilePasswordMinutesOfInactivityBeforeScreenTimeout | Int32 | Minutes of inactivity before the screen times out. |
workProfilePasswordPreviousPasswordBlockCount | Int32 | Number of previous work profile passwords to block. Valid values 0 to 24 |
workProfilePasswordSignInFailureCountBeforeFactoryReset | Int32 | Number of sign in failures allowed before work profile is removed and all corporate data deleted. Valid values 1 to 16 |
workProfilePasswordRequiredType | androidWorkProfileRequiredPasswordType | Type of work profile password that is required. Possible values are: deviceDefault , lowSecurityBiometric , required , atLeastNumeric , numericComplex , atLeastAlphabetic , atLeastAlphanumeric , alphanumericWithSymbols . |
workProfileRequirePassword | Boolean | Password is required or not for work profile |
securityRequireVerifyApps | Boolean | Require the Android Verify apps feature is turned on. |
androidWorkProfileGmailEasConfiguration
Property | Type | Description |
---|---|---|
id | String | Key of the entity. Inherited from deviceConfiguration |
lastModifiedDateTime | DateTimeOffset | DateTime the object was last modified. Inherited from deviceConfiguration |
roleScopeTagIds | String collection | List of Scope Tags for this Entity instance. Inherited from deviceConfiguration |
supportsScopeTags | Boolean | Indicates whether or not the underlying Device Configuration supports the assignment of scope tags. Assigning to the ScopeTags property is not allowed when this value is false and entities will not be visible to scoped users. This occurs for Legacy policies created in Silverlight and can be resolved by deleting and recreating the policy in the Azure Portal. This property is read-only. Inherited from deviceConfiguration |
deviceManagementApplicabilityRuleOsEdition | deviceManagementApplicabilityRuleOsEdition | The OS edition applicability for this Policy. Inherited from deviceConfiguration |
deviceManagementApplicabilityRuleOsVersion | deviceManagementApplicabilityRuleOsVersion | The OS version applicability rule for this Policy. Inherited from deviceConfiguration |
deviceManagementApplicabilityRuleDeviceMode | deviceManagementApplicabilityRuleDeviceMode | The device mode applicability rule for this Policy. Inherited from deviceConfiguration |
createdDateTime | DateTimeOffset | DateTime the object was created. Inherited from deviceConfiguration |
description | String | Admin provided description of the Device Configuration. Inherited from deviceConfiguration |
displayName | String | Admin provided name of the device configuration. Inherited from deviceConfiguration |
version | Int32 | Version of the device configuration. Inherited from deviceConfiguration |
authenticationMethod | easAuthenticationMethod | Authentication method for Exchange ActiveSync. Inherited from androidWorkProfileEasEmailProfileBase. Possible values are: usernameAndPassword , certificate , derivedCredential . |
durationOfEmailToSync | emailSyncDuration | Duration of time email should be synced to. Inherited from androidWorkProfileEasEmailProfileBase. Possible values are: userDefined , oneDay , threeDays , oneWeek , twoWeeks , oneMonth , unlimited . |
emailAddressSource | userEmailSource | Email attribute that is picked from AAD and injected into this profile before installing on the device. Inherited from androidWorkProfileEasEmailProfileBase. Possible values are: userPrincipalName , primarySmtpAddress . |
hostName | String | Exchange location (URL) that the mail app connects to. Inherited from androidWorkProfileEasEmailProfileBase |
requireSsl | Boolean | Indicates whether or not to use SSL. Inherited from androidWorkProfileEasEmailProfileBase |
usernameSource | androidUsernameSource | Username attribute that is picked from AAD and injected into this profile before installing on the device. Inherited from androidWorkProfileEasEmailProfileBase. Possible values are: username , userPrincipalName , samAccountName , primarySmtpAddress . |
androidWorkProfileNineWorkEasConfiguration
Property | Type | Description |
---|---|---|
id | String | Key of the entity. Inherited from deviceConfiguration |
lastModifiedDateTime | DateTimeOffset | DateTime the object was last modified. Inherited from deviceConfiguration |
roleScopeTagIds | String collection | List of Scope Tags for this Entity instance. Inherited from deviceConfiguration |
supportsScopeTags | Boolean | Indicates whether or not the underlying Device Configuration supports the assignment of scope tags. Assigning to the ScopeTags property is not allowed when this value is false and entities will not be visible to scoped users. This occurs for Legacy policies created in Silverlight and can be resolved by deleting and recreating the policy in the Azure Portal. This property is read-only. Inherited from deviceConfiguration |
deviceManagementApplicabilityRuleOsEdition | deviceManagementApplicabilityRuleOsEdition | The OS edition applicability for this Policy. Inherited from deviceConfiguration |
deviceManagementApplicabilityRuleOsVersion | deviceManagementApplicabilityRuleOsVersion | The OS version applicability rule for this Policy. Inherited from deviceConfiguration |
deviceManagementApplicabilityRuleDeviceMode | deviceManagementApplicabilityRuleDeviceMode | The device mode applicability rule for this Policy. Inherited from deviceConfiguration |
createdDateTime | DateTimeOffset | DateTime the object was created. Inherited from deviceConfiguration |
description | String | Admin provided description of the Device Configuration. Inherited from deviceConfiguration |
displayName | String | Admin provided name of the device configuration. Inherited from deviceConfiguration |
version | Int32 | Version of the device configuration. Inherited from deviceConfiguration |
authenticationMethod | easAuthenticationMethod | Authentication method for Exchange ActiveSync. Inherited from androidWorkProfileEasEmailProfileBase. Possible values are: usernameAndPassword , certificate , derivedCredential . |
durationOfEmailToSync | emailSyncDuration | Duration of time email should be synced to. Inherited from androidWorkProfileEasEmailProfileBase. Possible values are: userDefined , oneDay , threeDays , oneWeek , twoWeeks , oneMonth , unlimited . |
emailAddressSource | userEmailSource | Email attribute that is picked from AAD and injected into this profile before installing on the device. Inherited from androidWorkProfileEasEmailProfileBase. Possible values are: userPrincipalName , primarySmtpAddress . |
hostName | String | Exchange location (URL) that the mail app connects to. Inherited from androidWorkProfileEasEmailProfileBase |
requireSsl | Boolean | Indicates whether or not to use SSL. Inherited from androidWorkProfileEasEmailProfileBase |
usernameSource | androidUsernameSource | Username attribute that is picked from AAD and injected into this profile before installing on the device. Inherited from androidWorkProfileEasEmailProfileBase. Possible values are: username , userPrincipalName , samAccountName , primarySmtpAddress . |
syncCalendar | Boolean | Toggles syncing the calendar. If set to false the calendar is turned off on the device. |
syncContacts | Boolean | Toggles syncing contacts. If set to false contacts are turned off on the device. |
syncTasks | Boolean | Toggles syncing tasks. If set to false tasks are turned off on the device. |
androidWorkProfilePkcsCertificateProfile
Property | Type | Description |
---|---|---|
id | String | Key of the entity. Inherited from deviceConfiguration |
lastModifiedDateTime | DateTimeOffset | DateTime the object was last modified. Inherited from deviceConfiguration |
roleScopeTagIds | String collection | List of Scope Tags for this Entity instance. Inherited from deviceConfiguration |
supportsScopeTags | Boolean | Indicates whether or not the underlying Device Configuration supports the assignment of scope tags. Assigning to the ScopeTags property is not allowed when this value is false and entities will not be visible to scoped users. This occurs for Legacy policies created in Silverlight and can be resolved by deleting and recreating the policy in the Azure Portal. This property is read-only. Inherited from deviceConfiguration |
deviceManagementApplicabilityRuleOsEdition | deviceManagementApplicabilityRuleOsEdition | The OS edition applicability for this Policy. Inherited from deviceConfiguration |
deviceManagementApplicabilityRuleOsVersion | deviceManagementApplicabilityRuleOsVersion | The OS version applicability rule for this Policy. Inherited from deviceConfiguration |
deviceManagementApplicabilityRuleDeviceMode | deviceManagementApplicabilityRuleDeviceMode | The device mode applicability rule for this Policy. Inherited from deviceConfiguration |
createdDateTime | DateTimeOffset | DateTime the object was created. Inherited from deviceConfiguration |
description | String | Admin provided description of the Device Configuration. Inherited from deviceConfiguration |
displayName | String | Admin provided name of the device configuration. Inherited from deviceConfiguration |
version | Int32 | Version of the device configuration. Inherited from deviceConfiguration |
renewalThresholdPercentage | Int32 | Certificate renewal threshold percentage. Valid values 1 to 99 Inherited from androidWorkProfileCertificateProfileBase |
subjectNameFormat | subjectNameFormat | Certificate Subject Name Format. Inherited from androidWorkProfileCertificateProfileBase. Possible values are: commonName , commonNameIncludingEmail , commonNameAsEmail , custom , commonNameAsIMEI , commonNameAsSerialNumber , commonNameAsAadDeviceId , commonNameAsIntuneDeviceId , commonNameAsDurableDeviceId . |
certificateValidityPeriodValue | Int32 | Value for the Certificate Validity Period. Inherited from androidWorkProfileCertificateProfileBase |
certificateValidityPeriodScale | certificateValidityPeriodScale | Scale for the Certificate Validity Period. Inherited from androidWorkProfileCertificateProfileBase. Possible values are: days , months , years . |
extendedKeyUsages | extendedKeyUsage collection | Extended Key Usage (EKU) settings. This collection can contain a maximum of 500 elements. Inherited from androidWorkProfileCertificateProfileBase |
subjectAlternativeNameType | subjectAlternativeNameType | Certificate Subject Alternative Name Type. Inherited from androidWorkProfileCertificateProfileBase. Possible values are: none , emailAddress , userPrincipalName , customAzureADAttribute , domainNameService , universalResourceIdentifier . |
certificationAuthority | String | PKCS Certification Authority |
certificationAuthorityName | String | PKCS Certification Authority Name |
certificateTemplateName | String | PKCS Certificate Template Name |
subjectAlternativeNameFormatString | String | Custom String that defines the AAD Attribute. |
subjectNameFormatString | String | Custom format to use with SubjectNameFormat = Custom. Example: CN={{EmailAddress}},E={{EmailAddress}},OU=Enterprise Users,O=Contoso Corporation,L=Redmond,ST=WA,C=US |
certificateStore | certificateStore | Target store certificate. Possible values are: user , machine . |
customSubjectAlternativeNames | customSubjectAlternativeName collection | Custom Subject Alternative Name Settings. This collection can contain a maximum of 500 elements. |
androidWorkProfileScepCertificateProfile
Property | Type | Description |
---|---|---|
id | String | Key of the entity. Inherited from deviceConfiguration |
lastModifiedDateTime | DateTimeOffset | DateTime the object was last modified. Inherited from deviceConfiguration |
roleScopeTagIds | String collection | List of Scope Tags for this Entity instance. Inherited from deviceConfiguration |
supportsScopeTags | Boolean | Indicates whether or not the underlying Device Configuration supports the assignment of scope tags. Assigning to the ScopeTags property is not allowed when this value is false and entities will not be visible to scoped users. This occurs for Legacy policies created in Silverlight and can be resolved by deleting and recreating the policy in the Azure Portal. This property is read-only. Inherited from deviceConfiguration |
deviceManagementApplicabilityRuleOsEdition | deviceManagementApplicabilityRuleOsEdition | The OS edition applicability for this Policy. Inherited from deviceConfiguration |
deviceManagementApplicabilityRuleOsVersion | deviceManagementApplicabilityRuleOsVersion | The OS version applicability rule for this Policy. Inherited from deviceConfiguration |
deviceManagementApplicabilityRuleDeviceMode | deviceManagementApplicabilityRuleDeviceMode | The device mode applicability rule for this Policy. Inherited from deviceConfiguration |
createdDateTime | DateTimeOffset | DateTime the object was created. Inherited from deviceConfiguration |
description | String | Admin provided description of the Device Configuration. Inherited from deviceConfiguration |
displayName | String | Admin provided name of the device configuration. Inherited from deviceConfiguration |
version | Int32 | Version of the device configuration. Inherited from deviceConfiguration |
renewalThresholdPercentage | Int32 | Certificate renewal threshold percentage. Valid values 1 to 99 Inherited from androidWorkProfileCertificateProfileBase |
subjectNameFormat | subjectNameFormat | Certificate Subject Name Format. Inherited from androidWorkProfileCertificateProfileBase. Possible values are: commonName , commonNameIncludingEmail , commonNameAsEmail , custom , commonNameAsIMEI , commonNameAsSerialNumber , commonNameAsAadDeviceId , commonNameAsIntuneDeviceId , commonNameAsDurableDeviceId . |
certificateValidityPeriodValue | Int32 | Value for the Certificate Validity Period. Inherited from androidWorkProfileCertificateProfileBase |
certificateValidityPeriodScale | certificateValidityPeriodScale | Scale for the Certificate Validity Period. Inherited from androidWorkProfileCertificateProfileBase. Possible values are: days , months , years . |
extendedKeyUsages | extendedKeyUsage collection | Extended Key Usage (EKU) settings. This collection can contain a maximum of 500 elements. Inherited from androidWorkProfileCertificateProfileBase |
subjectAlternativeNameType | subjectAlternativeNameType | Certificate Subject Alternative Name Type. Inherited from androidWorkProfileCertificateProfileBase. Possible values are: none , emailAddress , userPrincipalName , customAzureADAttribute , domainNameService , universalResourceIdentifier . |
scepServerUrls | String collection | SCEP Server Url(s) |
subjectNameFormatString | String | Custom format to use with SubjectNameFormat = Custom. Example: CN={{EmailAddress}},E={{EmailAddress}},OU=Enterprise Users,O=Contoso Corporation,L=Redmond,ST=WA,C=US |
keyUsage | keyUsages | SCEP Key Usage. Possible values are: keyEncipherment , digitalSignature . |
keySize | keySize | SCEP Key Size. Possible values are: size1024 , size2048 , size4096 . |
hashAlgorithm | hashAlgorithms | SCEP Hash Algorithm. Possible values are: sha1 , sha2 . |
subjectAlternativeNameFormatString | String | Custom String that defines the AAD Attribute. |
certificateStore | certificateStore | Target store certificate. Possible values are: user , machine . |
customSubjectAlternativeNames | customSubjectAlternativeName collection | Custom Subject Alternative Name Settings. This collection can contain a maximum of 500 elements. |
androidWorkProfileTrustedRootCertificate
Property | Type | Description |
---|---|---|
id | String | Key of the entity. Inherited from deviceConfiguration |
lastModifiedDateTime | DateTimeOffset | DateTime the object was last modified. Inherited from deviceConfiguration |
roleScopeTagIds | String collection | List of Scope Tags for this Entity instance. Inherited from deviceConfiguration |
supportsScopeTags | Boolean | Indicates whether or not the underlying Device Configuration supports the assignment of scope tags. Assigning to the ScopeTags property is not allowed when this value is false and entities will not be visible to scoped users. This occurs for Legacy policies created in Silverlight and can be resolved by deleting and recreating the policy in the Azure Portal. This property is read-only. Inherited from deviceConfiguration |
deviceManagementApplicabilityRuleOsEdition | deviceManagementApplicabilityRuleOsEdition | The OS edition applicability for this Policy. Inherited from deviceConfiguration |
deviceManagementApplicabilityRuleOsVersion | deviceManagementApplicabilityRuleOsVersion | The OS version applicability rule for this Policy. Inherited from deviceConfiguration |
deviceManagementApplicabilityRuleDeviceMode | deviceManagementApplicabilityRuleDeviceMode | The device mode applicability rule for this Policy. Inherited from deviceConfiguration |
createdDateTime | DateTimeOffset | DateTime the object was created. Inherited from deviceConfiguration |
description | String | Admin provided description of the Device Configuration. Inherited from deviceConfiguration |
displayName | String | Admin provided name of the device configuration. Inherited from deviceConfiguration |
version | Int32 | Version of the device configuration. Inherited from deviceConfiguration |
trustedRootCertificate | Binary | Trusted Root Certificate |
certFileName | String | File name to display in UI. |
androidWorkProfileVpnConfiguration
Property | Type | Description |
---|---|---|
id | String | Key of the entity. Inherited from deviceConfiguration |
lastModifiedDateTime | DateTimeOffset | DateTime the object was last modified. Inherited from deviceConfiguration |
roleScopeTagIds | String collection | List of Scope Tags for this Entity instance. Inherited from deviceConfiguration |
supportsScopeTags | Boolean | Indicates whether or not the underlying Device Configuration supports the assignment of scope tags. Assigning to the ScopeTags property is not allowed when this value is false and entities will not be visible to scoped users. This occurs for Legacy policies created in Silverlight and can be resolved by deleting and recreating the policy in the Azure Portal. This property is read-only. Inherited from deviceConfiguration |
deviceManagementApplicabilityRuleOsEdition | deviceManagementApplicabilityRuleOsEdition | The OS edition applicability for this Policy. Inherited from deviceConfiguration |
deviceManagementApplicabilityRuleOsVersion | deviceManagementApplicabilityRuleOsVersion | The OS version applicability rule for this Policy. Inherited from deviceConfiguration |
deviceManagementApplicabilityRuleDeviceMode | deviceManagementApplicabilityRuleDeviceMode | The device mode applicability rule for this Policy. Inherited from deviceConfiguration |
createdDateTime | DateTimeOffset | DateTime the object was created. Inherited from deviceConfiguration |
description | String | Admin provided description of the Device Configuration. Inherited from deviceConfiguration |
displayName | String | Admin provided name of the device configuration. Inherited from deviceConfiguration |
version | Int32 | Version of the device configuration. Inherited from deviceConfiguration |
connectionName | String | Connection name displayed to the user. |
connectionType | androidWorkProfileVpnConnectionType | Connection type. Possible values are: ciscoAnyConnect , pulseSecure , f5EdgeClient , dellSonicWallMobileConnect , checkPointCapsuleVpn , citrix , paloAltoGlobalProtect , microsoftTunnel , netMotionMobility , microsoftProtect . |
role | String | Role when connection type is set to Pulse Secure. |
realm | String | Realm when connection type is set to Pulse Secure. |
servers | vpnServer collection | List of VPN Servers on the network. Make sure end users can access these network locations. This collection can contain a maximum of 500 elements. |
fingerprint | String | Fingerprint is a string that will be used to verify the VPN server can be trusted, which is only applicable when connection type is Check Point Capsule VPN. |
customData | keyValue collection | Custom data when connection type is set to Citrix. This collection can contain a maximum of 25 elements. |
customKeyValueData | keyValuePair collection | Custom data when connection type is set to Citrix. This collection can contain a maximum of 25 elements. |
authenticationMethod | vpnAuthenticationMethod | Authentication method. Possible values are: certificate , usernameAndPassword , sharedSecret , derivedCredential , azureAD . |
proxyServer | vpnProxyServer | Proxy server. |
targetedPackageIds | String collection | Targeted App package IDs. |
targetedMobileApps | appListItem collection | Targeted mobile apps. This collection can contain a maximum of 500 elements. |
alwaysOn | Boolean | Whether or not to enable always-on VPN connection. |
alwaysOnLockdown | Boolean | If always-on VPN connection is enabled, whether or not to lock network traffic when that VPN is disconnected. |
microsoftTunnelSiteId | String | Microsoft Tunnel site ID. |
proxyExclusionList | String collection | List of hosts to exclude using the proxy on connections for. These hosts can use wildcards such as *. |
androidWorkProfileWiFiConfiguration
Property | Type | Description |
---|---|---|
id | String | Key of the entity. Inherited from deviceConfiguration |
lastModifiedDateTime | DateTimeOffset | DateTime the object was last modified. Inherited from deviceConfiguration |
roleScopeTagIds | String collection | List of Scope Tags for this Entity instance. Inherited from deviceConfiguration |
supportsScopeTags | Boolean | Indicates whether or not the underlying Device Configuration supports the assignment of scope tags. Assigning to the ScopeTags property is not allowed when this value is false and entities will not be visible to scoped users. This occurs for Legacy policies created in Silverlight and can be resolved by deleting and recreating the policy in the Azure Portal. This property is read-only. Inherited from deviceConfiguration |
deviceManagementApplicabilityRuleOsEdition | deviceManagementApplicabilityRuleOsEdition | The OS edition applicability for this Policy. Inherited from deviceConfiguration |
deviceManagementApplicabilityRuleOsVersion | deviceManagementApplicabilityRuleOsVersion | The OS version applicability rule for this Policy. Inherited from deviceConfiguration |
deviceManagementApplicabilityRuleDeviceMode | deviceManagementApplicabilityRuleDeviceMode | The device mode applicability rule for this Policy. Inherited from deviceConfiguration |
createdDateTime | DateTimeOffset | DateTime the object was created. Inherited from deviceConfiguration |
description | String | Admin provided description of the Device Configuration. Inherited from deviceConfiguration |
displayName | String | Admin provided name of the device configuration. Inherited from deviceConfiguration |
version | Int32 | Version of the device configuration. Inherited from deviceConfiguration |
networkName | String | Network Name |
ssid | String | This is the name of the Wi-Fi network that is broadcast to all devices. |
connectAutomatically | Boolean | Connect automatically when this network is in range. Setting this to true will skip the user prompt and automatically connect the device to Wi-Fi network. |
connectWhenNetworkNameIsHidden | Boolean | When set to true, this profile forces the device to connect to a network that doesn't broadcast its SSID to all devices. |
wiFiSecurityType | androidWiFiSecurityType | Indicates whether Wi-Fi endpoint uses an EAP based security type. Possible values are: open , wpaEnterprise , wpa2Enterprise . |
aospDeviceOwnerCertificateProfileBase
Property | Type | Description |
---|---|---|
id | String | Key of the entity. Inherited from deviceConfiguration |
lastModifiedDateTime | DateTimeOffset | DateTime the object was last modified. Inherited from deviceConfiguration |
roleScopeTagIds | String collection | List of Scope Tags for this Entity instance. Inherited from deviceConfiguration |
supportsScopeTags | Boolean | Indicates whether or not the underlying Device Configuration supports the assignment of scope tags. Assigning to the ScopeTags property is not allowed when this value is false and entities will not be visible to scoped users. This occurs for Legacy policies created in Silverlight and can be resolved by deleting and recreating the policy in the Azure Portal. This property is read-only. Inherited from deviceConfiguration |
deviceManagementApplicabilityRuleOsEdition | deviceManagementApplicabilityRuleOsEdition | The OS edition applicability for this Policy. Inherited from deviceConfiguration |
deviceManagementApplicabilityRuleOsVersion | deviceManagementApplicabilityRuleOsVersion | The OS version applicability rule for this Policy. Inherited from deviceConfiguration |
deviceManagementApplicabilityRuleDeviceMode | deviceManagementApplicabilityRuleDeviceMode | The device mode applicability rule for this Policy. Inherited from deviceConfiguration |
createdDateTime | DateTimeOffset | DateTime the object was created. Inherited from deviceConfiguration |
description | String | Admin provided description of the Device Configuration. Inherited from deviceConfiguration |
displayName | String | Admin provided name of the device configuration. Inherited from deviceConfiguration |
version | Int32 | Version of the device configuration. Inherited from deviceConfiguration |
renewalThresholdPercentage | Int32 | Certificate renewal threshold percentage. Valid values 1 to 99 |
subjectNameFormat | subjectNameFormat | Certificate Subject Name Format. This collection can contain a maximum of 500 elements. Possible values are: commonName , commonNameIncludingEmail , commonNameAsEmail , custom , commonNameAsIMEI , commonNameAsSerialNumber , commonNameAsAadDeviceId , commonNameAsIntuneDeviceId , commonNameAsDurableDeviceId . |
certificateValidityPeriodValue | Int32 | Value for the Certificate Validity Period. |
certificateValidityPeriodScale | certificateValidityPeriodScale | Scale for the Certificate Validity Period. Possible values are: days , months , years . |
extendedKeyUsages | extendedKeyUsage collection | Extended Key Usage (EKU) settings. This collection can contain a maximum of 500 elements. |
subjectAlternativeNameType | subjectAlternativeNameType | Certificate Subject Alternative Name Type. This collection can contain a maximum of 500 elements. Possible values are: none , emailAddress , userPrincipalName , customAzureADAttribute , domainNameService , universalResourceIdentifier . |
aospDeviceOwnerCompliancePolicy
Property | Type | Description |
---|---|---|
roleScopeTagIds | String collection | List of Scope Tags for this Entity instance. Inherited from deviceCompliancePolicy |
id | String | Key of the entity. Inherited from deviceCompliancePolicy |
createdDateTime | DateTimeOffset | DateTime the object was created. Inherited from deviceCompliancePolicy |
description | String | Admin provided description of the Device Configuration. Inherited from deviceCompliancePolicy |
lastModifiedDateTime | DateTimeOffset | DateTime the object was last modified. Inherited from deviceCompliancePolicy |
displayName | String | Admin provided name of the device configuration. Inherited from deviceCompliancePolicy |
version | Int32 | Version of the device configuration. Inherited from deviceCompliancePolicy |
osMinimumVersion | String | Minimum Android version. |
osMaximumVersion | String | Maximum Android version. |
minAndroidSecurityPatchLevel | String | Minimum Android security patch level. |
securityBlockJailbrokenDevices | Boolean | Devices must not be jailbroken or rooted. |
passwordRequired | Boolean | Require a password to unlock device. |
passwordRequiredType | androidDeviceOwnerRequiredPasswordType | Type of characters in password. Possible values are: deviceDefault , required , numeric , numericComplex , alphabetic , alphanumeric , alphanumericWithSymbols , lowSecurityBiometric , customPassword . |
passwordMinutesOfInactivityBeforeLock | Int32 | Minutes of inactivity before a password is required. Valid values 1 to 8640 |
passwordMinimumLength | Int32 | Minimum password length. Valid values 4 to 16 |
storageRequireEncryption | Boolean | Require encryption on Android devices. |
aospDeviceOwnerDeviceConfiguration
Property | Type | Description |
---|---|---|
id | String | Key of the entity. Inherited from deviceConfiguration |
lastModifiedDateTime | DateTimeOffset | DateTime the object was last modified. Inherited from deviceConfiguration |
roleScopeTagIds | String collection | List of Scope Tags for this Entity instance. Inherited from deviceConfiguration |
supportsScopeTags | Boolean | Indicates whether or not the underlying Device Configuration supports the assignment of scope tags. Assigning to the ScopeTags property is not allowed when this value is false and entities will not be visible to scoped users. This occurs for Legacy policies created in Silverlight and can be resolved by deleting and recreating the policy in the Azure Portal. This property is read-only. Inherited from deviceConfiguration |
deviceManagementApplicabilityRuleOsEdition | deviceManagementApplicabilityRuleOsEdition | The OS edition applicability for this Policy. Inherited from deviceConfiguration |
deviceManagementApplicabilityRuleOsVersion | deviceManagementApplicabilityRuleOsVersion | The OS version applicability rule for this Policy. Inherited from deviceConfiguration |
deviceManagementApplicabilityRuleDeviceMode | deviceManagementApplicabilityRuleDeviceMode | The device mode applicability rule for this Policy. Inherited from deviceConfiguration |
createdDateTime | DateTimeOffset | DateTime the object was created. Inherited from deviceConfiguration |
description | String | Admin provided description of the Device Configuration. Inherited from deviceConfiguration |
displayName | String | Admin provided name of the device configuration. Inherited from deviceConfiguration |
version | Int32 | Version of the device configuration. Inherited from deviceConfiguration |
appsBlockInstallFromUnknownSources | Boolean | Indicates whether or not the user is allowed to enable unknown sources setting. When set to true, user is not allowed to enable unknown sources settings. |
bluetoothBlocked | Boolean | Indicates whether or not to disable the use of bluetooth. When set to true, bluetooth cannot be enabled on the device. |
bluetoothBlockConfiguration | Boolean | Indicates whether or not to block a user from configuring bluetooth. |
cameraBlocked | Boolean | Indicates whether or not to disable the use of the camera. |
factoryResetBlocked | Boolean | Indicates whether or not the factory reset option in settings is disabled. |
passwordMinimumLength | Int32 | Indicates the minimum length of the password required on the device. Valid values 4 to 16 |
passwordMinutesOfInactivityBeforeScreenTimeout | Int32 | Minutes of inactivity before the screen times out. |
passwordRequiredType | androidDeviceOwnerRequiredPasswordType | Indicates the minimum password quality required on the device. Possible values are: deviceDefault , required , numeric , numericComplex , alphabetic , alphanumeric , alphanumericWithSymbols , lowSecurityBiometric , customPassword . |
passwordSignInFailureCountBeforeFactoryReset | Int32 | Indicates the number of times a user can enter an incorrect password before the device is wiped. Valid values 4 to 11 |
screenCaptureBlocked | Boolean | Indicates whether or not to disable the capability to take screenshots. |
securityAllowDebuggingFeatures | Boolean | Indicates whether or not to block the user from enabling debugging features on the device. |
storageBlockExternalMedia | Boolean | Indicates whether or not to block external media. |
storageBlockUsbFileTransfer | Boolean | Indicates whether or not to block USB file transfer. |
wifiBlockEditConfigurations | Boolean | Indicates whether or not to block the user from editing the wifi connection settings. |
aospDeviceOwnerEnterpriseWiFiConfiguration
Property | Type | Description |
---|---|---|
id | String | Key of the entity. Inherited from deviceConfiguration |
lastModifiedDateTime | DateTimeOffset | DateTime the object was last modified. Inherited from deviceConfiguration |
roleScopeTagIds | String collection | List of Scope Tags for this Entity instance. Inherited from deviceConfiguration |
supportsScopeTags | Boolean | Indicates whether or not the underlying Device Configuration supports the assignment of scope tags. Assigning to the ScopeTags property is not allowed when this value is false and entities will not be visible to scoped users. This occurs for Legacy policies created in Silverlight and can be resolved by deleting and recreating the policy in the Azure Portal. This property is read-only. Inherited from deviceConfiguration |
deviceManagementApplicabilityRuleOsEdition | deviceManagementApplicabilityRuleOsEdition | The OS edition applicability for this Policy. Inherited from deviceConfiguration |
deviceManagementApplicabilityRuleOsVersion | deviceManagementApplicabilityRuleOsVersion | The OS version applicability rule for this Policy. Inherited from deviceConfiguration |
deviceManagementApplicabilityRuleDeviceMode | deviceManagementApplicabilityRuleDeviceMode | The device mode applicability rule for this Policy. Inherited from deviceConfiguration |
createdDateTime | DateTimeOffset | DateTime the object was created. Inherited from deviceConfiguration |
description | String | Admin provided description of the Device Configuration. Inherited from deviceConfiguration |
displayName | String | Admin provided name of the device configuration. Inherited from deviceConfiguration |
version | Int32 | Version of the device configuration. Inherited from deviceConfiguration |
networkName | String | Network Name Inherited from aospDeviceOwnerWiFiConfiguration |
ssid | String | This is the name of the Wi-Fi network that is broadcast to all devices. Inherited from aospDeviceOwnerWiFiConfiguration |
connectAutomatically | Boolean | Connect automatically when this network is in range. Setting this to true will skip the user prompt and automatically connect the device to Wi-Fi network. Inherited from aospDeviceOwnerWiFiConfiguration |
connectWhenNetworkNameIsHidden | Boolean | When set to true, this profile forces the device to connect to a network that doesn't broadcast its SSID to all devices. Inherited from aospDeviceOwnerWiFiConfiguration |
wiFiSecurityType | aospDeviceOwnerWiFiSecurityType | Indicates whether Wi-Fi endpoint uses an EAP based security type. Inherited from aospDeviceOwnerWiFiConfiguration. Possible values are: open , wep , wpaPersonal , wpaEnterprise . |
preSharedKey | String | This is the pre-shared key for WPA Personal Wi-Fi network. Inherited from aospDeviceOwnerWiFiConfiguration |
preSharedKeyIsSet | Boolean | This is the pre-shared key for WPA Personal Wi-Fi network. Inherited from aospDeviceOwnerWiFiConfiguration |
eapType | androidEapType | Indicates the type of EAP protocol set on the Wi-Fi endpoint (router). Possible values are: eapTls , eapTtls , peap . |
trustedServerCertificateNames | String collection | Trusted server certificate names when EAP Type is configured to EAP-TLS/TTLS/FAST or PEAP. This is the common name used in the certificates issued by your trusted certificate authority (CA). If you provide this information, you can bypass the dynamic trust dialog that is displayed on end users' devices when they connect to this Wi-Fi network. |
authenticationMethod | wiFiAuthenticationMethod | Indicates the Authentication Method the client (device) needs to use when the EAP Type is configured to PEAP or EAP-TTLS. Possible values are: certificate , usernameAndPassword , derivedCredential . |
innerAuthenticationProtocolForEapTtls | nonEapAuthenticationMethodForEapTtlsType | Non-EAP Method for Authentication (Inner Identity) when EAP Type is EAP-TTLS and Authenticationmethod is Username and Password. Possible values are: unencryptedPassword , challengeHandshakeAuthenticationProtocol , microsoftChap , microsoftChapVersionTwo . |
innerAuthenticationProtocolForPeap | nonEapAuthenticationMethodForPeap | Non-EAP Method for Authentication (Inner Identity) when EAP Type is PEAP and Authenticationmethod is Username and Password. This collection can contain a maximum of 500 elements. Possible values are: none , microsoftChapVersionTwo . |
outerIdentityPrivacyTemporaryValue | String | Enable identity privacy (Outer Identity) when EAP Type is configured to EAP-TTLS or PEAP. The String provided here is used to mask the username of individual users when they attempt to connect to Wi-Fi network. |
aospDeviceOwnerPkcsCertificateProfile
Property | Type | Description |
---|---|---|
id | String | Key of the entity. Inherited from deviceConfiguration |
lastModifiedDateTime | DateTimeOffset | DateTime the object was last modified. Inherited from deviceConfiguration |
roleScopeTagIds | String collection | List of Scope Tags for this Entity instance. Inherited from deviceConfiguration |
supportsScopeTags | Boolean | Indicates whether or not the underlying Device Configuration supports the assignment of scope tags. Assigning to the ScopeTags property is not allowed when this value is false and entities will not be visible to scoped users. This occurs for Legacy policies created in Silverlight and can be resolved by deleting and recreating the policy in the Azure Portal. This property is read-only. Inherited from deviceConfiguration |
deviceManagementApplicabilityRuleOsEdition | deviceManagementApplicabilityRuleOsEdition | The OS edition applicability for this Policy. Inherited from deviceConfiguration |
deviceManagementApplicabilityRuleOsVersion | deviceManagementApplicabilityRuleOsVersion | The OS version applicability rule for this Policy. Inherited from deviceConfiguration |
deviceManagementApplicabilityRuleDeviceMode | deviceManagementApplicabilityRuleDeviceMode | The device mode applicability rule for this Policy. Inherited from deviceConfiguration |
createdDateTime | DateTimeOffset | DateTime the object was created. Inherited from deviceConfiguration |
description | String | Admin provided description of the Device Configuration. Inherited from deviceConfiguration |
displayName | String | Admin provided name of the device configuration. Inherited from deviceConfiguration |
version | Int32 | Version of the device configuration. Inherited from deviceConfiguration |
renewalThresholdPercentage | Int32 | Certificate renewal threshold percentage. Valid values 1 to 99 Inherited from aospDeviceOwnerCertificateProfileBase |
subjectNameFormat | subjectNameFormat | Certificate Subject Name Format. This collection can contain a maximum of 500 elements. Inherited from aospDeviceOwnerCertificateProfileBase. Possible values are: commonName , commonNameIncludingEmail , commonNameAsEmail , custom , commonNameAsIMEI , commonNameAsSerialNumber , commonNameAsAadDeviceId , commonNameAsIntuneDeviceId , commonNameAsDurableDeviceId . |
certificateValidityPeriodValue | Int32 | Value for the Certificate Validity Period. Inherited from aospDeviceOwnerCertificateProfileBase |
certificateValidityPeriodScale | certificateValidityPeriodScale | Scale for the Certificate Validity Period. Inherited from aospDeviceOwnerCertificateProfileBase. Possible values are: days , months , years . |
extendedKeyUsages | extendedKeyUsage collection | Extended Key Usage (EKU) settings. This collection can contain a maximum of 500 elements. Inherited from aospDeviceOwnerCertificateProfileBase |
subjectAlternativeNameType | subjectAlternativeNameType | Certificate Subject Alternative Name Type. This collection can contain a maximum of 500 elements. Inherited from aospDeviceOwnerCertificateProfileBase. Possible values are: none , emailAddress , userPrincipalName , customAzureADAttribute , domainNameService , universalResourceIdentifier . |
certificationAuthority | String | PKCS Certification Authority |
certificationAuthorityName | String | PKCS Certification Authority Name |
certificationAuthorityType | deviceManagementCertificationAuthority | Certification authority type. Possible values are: notConfigured , microsoft , digiCert . |
certificateTemplateName | String | PKCS Certificate Template Name |
subjectAlternativeNameFormatString | String | Custom String that defines the AAD Attribute. |
subjectNameFormatString | String | Custom format to use with SubjectNameFormat = Custom. Example: CN={{EmailAddress}},E={{EmailAddress}},OU=Enterprise Users,O=Contoso Corporation,L=Redmond,ST=WA,C=US |
certificateStore | certificateStore | Target store certificate. Possible values are: user , machine . |
customSubjectAlternativeNames | customSubjectAlternativeName collection | Custom Subject Alternative Name Settings. This collection can contain a maximum of 500 elements. |
aospDeviceOwnerScepCertificateProfile
Property | Type | Description |
---|---|---|
id | String | Key of the entity. Inherited from deviceConfiguration |
lastModifiedDateTime | DateTimeOffset | DateTime the object was last modified. Inherited from deviceConfiguration |
roleScopeTagIds | String collection | List of Scope Tags for this Entity instance. Inherited from deviceConfiguration |
supportsScopeTags | Boolean | Indicates whether or not the underlying Device Configuration supports the assignment of scope tags. Assigning to the ScopeTags property is not allowed when this value is false and entities will not be visible to scoped users. This occurs for Legacy policies created in Silverlight and can be resolved by deleting and recreating the policy in the Azure Portal. This property is read-only. Inherited from deviceConfiguration |
deviceManagementApplicabilityRuleOsEdition | deviceManagementApplicabilityRuleOsEdition | The OS edition applicability for this Policy. Inherited from deviceConfiguration |
deviceManagementApplicabilityRuleOsVersion | deviceManagementApplicabilityRuleOsVersion | The OS version applicability rule for this Policy. Inherited from deviceConfiguration |
deviceManagementApplicabilityRuleDeviceMode | deviceManagementApplicabilityRuleDeviceMode | The device mode applicability rule for this Policy. Inherited from deviceConfiguration |
createdDateTime | DateTimeOffset | DateTime the object was created. Inherited from deviceConfiguration |
description | String | Admin provided description of the Device Configuration. Inherited from deviceConfiguration |
displayName | String | Admin provided name of the device configuration. Inherited from deviceConfiguration |
version | Int32 | Version of the device configuration. Inherited from deviceConfiguration |
renewalThresholdPercentage | Int32 | Certificate renewal threshold percentage. Valid values 1 to 99 Inherited from aospDeviceOwnerCertificateProfileBase |
subjectNameFormat | subjectNameFormat | Certificate Subject Name Format. This collection can contain a maximum of 500 elements. Inherited from aospDeviceOwnerCertificateProfileBase. Possible values are: commonName , commonNameIncludingEmail , commonNameAsEmail , custom , commonNameAsIMEI , commonNameAsSerialNumber , commonNameAsAadDeviceId , commonNameAsIntuneDeviceId , commonNameAsDurableDeviceId . |
certificateValidityPeriodValue | Int32 | Value for the Certificate Validity Period. Inherited from aospDeviceOwnerCertificateProfileBase |
certificateValidityPeriodScale | certificateValidityPeriodScale | Scale for the Certificate Validity Period. Inherited from aospDeviceOwnerCertificateProfileBase. Possible values are: days , months , years . |
extendedKeyUsages | extendedKeyUsage collection | Extended Key Usage (EKU) settings. This collection can contain a maximum of 500 elements. Inherited from aospDeviceOwnerCertificateProfileBase |
subjectAlternativeNameType | subjectAlternativeNameType | Certificate Subject Alternative Name Type. This collection can contain a maximum of 500 elements. Inherited from aospDeviceOwnerCertificateProfileBase. Possible values are: none , emailAddress , userPrincipalName , customAzureADAttribute , domainNameService , universalResourceIdentifier . |
scepServerUrls | String collection | SCEP Server Url(s) |
subjectNameFormatString | String | Custom format to use with SubjectNameFormat = Custom. Example: CN={{EmailAddress}},E={{EmailAddress}},OU=Enterprise Users,O=Contoso Corporation,L=Redmond,ST=WA,C=US |
keyUsage | keyUsages | SCEP Key Usage. Possible values are: keyEncipherment , digitalSignature . |
keySize | keySize | SCEP Key Size. Possible values are: size1024 , size2048 , size4096 . |
hashAlgorithm | hashAlgorithms | SCEP Hash Algorithm. Possible values are: sha1 , sha2 . |
subjectAlternativeNameFormatString | String | Custom String that defines the AAD Attribute. |
certificateStore | certificateStore | Target store certificate. This collection can contain a maximum of 500 elements. Possible values are: user , machine . |
customSubjectAlternativeNames | customSubjectAlternativeName collection | Custom Subject Alternative Name Settings. This collection can contain a maximum of 500 elements. |
aospDeviceOwnerTrustedRootCertificate
Property | Type | Description |
---|---|---|
id | String | Key of the entity. Inherited from deviceConfiguration |
lastModifiedDateTime | DateTimeOffset | DateTime the object was last modified. Inherited from deviceConfiguration |
roleScopeTagIds | String collection | List of Scope Tags for this Entity instance. Inherited from deviceConfiguration |
supportsScopeTags | Boolean | Indicates whether or not the underlying Device Configuration supports the assignment of scope tags. Assigning to the ScopeTags property is not allowed when this value is false and entities will not be visible to scoped users. This occurs for Legacy policies created in Silverlight and can be resolved by deleting and recreating the policy in the Azure Portal. This property is read-only. Inherited from deviceConfiguration |
deviceManagementApplicabilityRuleOsEdition | deviceManagementApplicabilityRuleOsEdition | The OS edition applicability for this Policy. Inherited from deviceConfiguration |
deviceManagementApplicabilityRuleOsVersion | deviceManagementApplicabilityRuleOsVersion | The OS version applicability rule for this Policy. Inherited from deviceConfiguration |
deviceManagementApplicabilityRuleDeviceMode | deviceManagementApplicabilityRuleDeviceMode | The device mode applicability rule for this Policy. Inherited from deviceConfiguration |
createdDateTime | DateTimeOffset | DateTime the object was created. Inherited from deviceConfiguration |
description | String | Admin provided description of the Device Configuration. Inherited from deviceConfiguration |
displayName | String | Admin provided name of the device configuration. Inherited from deviceConfiguration |
version | Int32 | Version of the device configuration. Inherited from deviceConfiguration |
trustedRootCertificate | Binary | Trusted Root Certificate |
certFileName | String | File name to display in UI. |
aospDeviceOwnerWiFiConfiguration
Property | Type | Description |
---|---|---|
id | String | Key of the entity. Inherited from deviceConfiguration |
lastModifiedDateTime | DateTimeOffset | DateTime the object was last modified. Inherited from deviceConfiguration |
roleScopeTagIds | String collection | List of Scope Tags for this Entity instance. Inherited from deviceConfiguration |
supportsScopeTags | Boolean | Indicates whether or not the underlying Device Configuration supports the assignment of scope tags. Assigning to the ScopeTags property is not allowed when this value is false and entities will not be visible to scoped users. This occurs for Legacy policies created in Silverlight and can be resolved by deleting and recreating the policy in the Azure Portal. This property is read-only. Inherited from deviceConfiguration |
deviceManagementApplicabilityRuleOsEdition | deviceManagementApplicabilityRuleOsEdition | The OS edition applicability for this Policy. Inherited from deviceConfiguration |
deviceManagementApplicabilityRuleOsVersion | deviceManagementApplicabilityRuleOsVersion | The OS version applicability rule for this Policy. Inherited from deviceConfiguration |
deviceManagementApplicabilityRuleDeviceMode | deviceManagementApplicabilityRuleDeviceMode | The device mode applicability rule for this Policy. Inherited from deviceConfiguration |
createdDateTime | DateTimeOffset | DateTime the object was created. Inherited from deviceConfiguration |
description | String | Admin provided description of the Device Configuration. Inherited from deviceConfiguration |
displayName | String | Admin provided name of the device configuration. Inherited from deviceConfiguration |
version | Int32 | Version of the device configuration. Inherited from deviceConfiguration |
networkName | String | Network Name |
ssid | String | This is the name of the Wi-Fi network that is broadcast to all devices. |
connectAutomatically | Boolean | Connect automatically when this network is in range. Setting this to true will skip the user prompt and automatically connect the device to Wi-Fi network. |
connectWhenNetworkNameIsHidden | Boolean | When set to true, this profile forces the device to connect to a network that doesn't broadcast its SSID to all devices. |
wiFiSecurityType | aospDeviceOwnerWiFiSecurityType | Indicates whether Wi-Fi endpoint uses an EAP based security type. Possible values are: open , wep , wpaPersonal , wpaEnterprise . |
preSharedKey | String | This is the pre-shared key for WPA Personal Wi-Fi network. |
preSharedKeyIsSet | Boolean | This is the pre-shared key for WPA Personal Wi-Fi network. |
appleDeviceFeaturesConfigurationBase
Property | Type | Description |
---|---|---|
id | String | Key of the entity. Inherited from deviceConfiguration |
lastModifiedDateTime | DateTimeOffset | DateTime the object was last modified. Inherited from deviceConfiguration |
createdDateTime | DateTimeOffset | DateTime the object was created. Inherited from deviceConfiguration |
description | String | Admin provided description of the Device Configuration. Inherited from deviceConfiguration |
displayName | String | Admin provided name of the device configuration. Inherited from deviceConfiguration |
version | Int32 | Version of the device configuration. Inherited from deviceConfiguration |
appleExpeditedCheckinConfigurationBase
Property | Type | Description |
---|---|---|
id | String | Key of the entity. Inherited from deviceConfiguration |
lastModifiedDateTime | DateTimeOffset | DateTime the object was last modified. Inherited from deviceConfiguration |
roleScopeTagIds | String collection | List of Scope Tags for this Entity instance. Inherited from deviceConfiguration |
supportsScopeTags | Boolean | Indicates whether or not the underlying Device Configuration supports the assignment of scope tags. Assigning to the ScopeTags property is not allowed when this value is false and entities will not be visible to scoped users. This occurs for Legacy policies created in Silverlight and can be resolved by deleting and recreating the policy in the Azure Portal. This property is read-only. Inherited from deviceConfiguration |
deviceManagementApplicabilityRuleOsEdition | deviceManagementApplicabilityRuleOsEdition | The OS edition applicability for this Policy. Inherited from deviceConfiguration |
deviceManagementApplicabilityRuleOsVersion | deviceManagementApplicabilityRuleOsVersion | The OS version applicability rule for this Policy. Inherited from deviceConfiguration |
deviceManagementApplicabilityRuleDeviceMode | deviceManagementApplicabilityRuleDeviceMode | The device mode applicability rule for this Policy. Inherited from deviceConfiguration |
createdDateTime | DateTimeOffset | DateTime the object was created. Inherited from deviceConfiguration |
description | String | Admin provided description of the Device Configuration. Inherited from deviceConfiguration |
displayName | String | Admin provided name of the device configuration. Inherited from deviceConfiguration |
version | Int32 | Version of the device configuration. Inherited from deviceConfiguration |
enableExpeditedCheckin | Boolean | Gets or sets whether to enable expedited device check-ins. |
appleVpnConfiguration
Property | Type | Description |
---|---|---|
id | String | Key of the entity. Inherited from deviceConfiguration |
lastModifiedDateTime | DateTimeOffset | DateTime the object was last modified. Inherited from deviceConfiguration |
roleScopeTagIds | String collection | List of Scope Tags for this Entity instance. Inherited from deviceConfiguration |
supportsScopeTags | Boolean | Indicates whether or not the underlying Device Configuration supports the assignment of scope tags. Assigning to the ScopeTags property is not allowed when this value is false and entities will not be visible to scoped users. This occurs for Legacy policies created in Silverlight and can be resolved by deleting and recreating the policy in the Azure Portal. This property is read-only. Inherited from deviceConfiguration |
deviceManagementApplicabilityRuleOsEdition | deviceManagementApplicabilityRuleOsEdition | The OS edition applicability for this Policy. Inherited from deviceConfiguration |
deviceManagementApplicabilityRuleOsVersion | deviceManagementApplicabilityRuleOsVersion | The OS version applicability rule for this Policy. Inherited from deviceConfiguration |
deviceManagementApplicabilityRuleDeviceMode | deviceManagementApplicabilityRuleDeviceMode | The device mode applicability rule for this Policy. Inherited from deviceConfiguration |
createdDateTime | DateTimeOffset | DateTime the object was created. Inherited from deviceConfiguration |
description | String | Admin provided description of the Device Configuration. Inherited from deviceConfiguration |
displayName | String | Admin provided name of the device configuration. Inherited from deviceConfiguration |
version | Int32 | Version of the device configuration. Inherited from deviceConfiguration |
connectionName | String | Connection name displayed to the user. |
connectionType | appleVpnConnectionType | Connection type. Possible values are: ciscoAnyConnect , pulseSecure , f5EdgeClient , dellSonicWallMobileConnect , checkPointCapsuleVpn , customVpn , ciscoIPSec , citrix , ciscoAnyConnectV2 , paloAltoGlobalProtect , zscalerPrivateAccess , f5Access2018 , citrixSso , paloAltoGlobalProtectV2 , ikEv2 , alwaysOn , microsoftTunnel , netMotionMobility , microsoftProtect . |
loginGroupOrDomain | String | Login group or domain when connection type is set to Dell SonicWALL Mobile Connection. |
role | String | Role when connection type is set to Pulse Secure. |
realm | String | Realm when connection type is set to Pulse Secure. |
server | vpnServer | VPN Server on the network. Make sure end users can access this network location. |
identifier | String | Identifier provided by VPN vendor when connection type is set to Custom VPN. For example: Cisco AnyConnect uses an identifier of the form com.cisco.anyconnect.applevpn.plugin |
customData | keyValue collection | Custom data when connection type is set to Custom VPN. Use this field to enable functionality not supported by Intune, but available in your VPN solution. Contact your VPN vendor to learn how to add these key/value pairs. This collection can contain a maximum of 25 elements. |
customKeyValueData | keyValuePair collection | Custom data when connection type is set to Custom VPN. Use this field to enable functionality not supported by Intune, but available in your VPN solution. Contact your VPN vendor to learn how to add these key/value pairs. This collection can contain a maximum of 25 elements. |
enableSplitTunneling | Boolean | Send all network traffic through VPN. |
authenticationMethod | vpnAuthenticationMethod | Authentication method for this VPN connection. Possible values are: certificate , usernameAndPassword , sharedSecret , derivedCredential , azureAD . |
enablePerApp | Boolean | Setting this to true creates Per-App VPN payload which can later be associated with Apps that can trigger this VPN conneciton on the end user's iOS device. |
safariDomains | String collection | Safari domains when this VPN per App setting is enabled. In addition to the apps associated with this VPN, Safari domains specified here will also be able to trigger this VPN connection. |
onDemandRules | vpnOnDemandRule collection | On-Demand Rules. This collection can contain a maximum of 500 elements. |
providerType | vpnProviderType | Provider type for per-app VPN. Possible values are: notConfigured , appProxy , packetTunnel . |
associatedDomains | String collection | Associated Domains |
excludedDomains | String collection | Domains that are accessed through the public internet instead of through VPN, even when per-app VPN is activated |
disableOnDemandUserOverride | Boolean | Toggle to prevent user from disabling automatic VPN in the Settings app |
disconnectOnIdle | Boolean | Whether to disconnect after on-demand connection idles |
disconnectOnIdleTimerInSeconds | Int32 | The length of time in seconds to wait before disconnecting an on-demand connection. Valid values 0 to 65535 |
proxyServer | vpnProxyServer | Proxy Server. |
optInToDeviceIdSharing | Boolean | Opt-In to sharing the device's Id to third-party vpn clients for use during network access control validation. |
cartToClassAssociation
Property | Type | Description |
---|---|---|
id | String | Key of the entity. |
createdDateTime | DateTimeOffset | DateTime the object was created. |
lastModifiedDateTime | DateTimeOffset | DateTime the object was last modified. |
version | Int32 | Version of the CartToClassAssociation. |
displayName | String | Admin provided name of the device configuration. |
description | String | Admin provided description of the CartToClassAssociation. |
deviceCartIds | String collection | Identifiers of device carts to be associated with classes. |
classroomIds | String collection | Identifiers of classrooms to be associated with device carts. |
defaultDeviceCompliancePolicy
Property | Type | Description |
---|---|---|
roleScopeTagIds | String collection | List of Scope Tags for this Entity instance. Inherited from deviceCompliancePolicy |
id | String | Key of the entity. Inherited from deviceCompliancePolicy |
createdDateTime | DateTimeOffset | DateTime the object was created. Inherited from deviceCompliancePolicy |
description | String | Admin provided description of the Device Configuration. Inherited from deviceCompliancePolicy |
lastModifiedDateTime | DateTimeOffset | DateTime the object was last modified. Inherited from deviceCompliancePolicy |
displayName | String | Admin provided name of the device configuration. Inherited from deviceCompliancePolicy |
version | Int32 | Version of the device configuration. Inherited from deviceCompliancePolicy |
deviceComplianceActionItem
Property | Type | Description |
---|---|---|
id | String | Key of the entity. |
gracePeriodHours | Int32 | Number of hours to wait till the action will be enforced. Valid values 0 to 8760 |
actionType | deviceComplianceActionType | What action to take. Possible values are: noAction , notification , block , retire , wipe , removeResourceAccessProfiles , pushNotification . |
notificationTemplateId | String | What notification Message template to use |
notificationMessageCCList | String collection | A list of group IDs to speicify who to CC this notification message to. |
deviceComplianceDeviceOverview
Property | Type | Description |
---|---|---|
id | String | Key of the entity. |
pendingCount | Int32 | Number of pending devices |
notApplicableCount | Int32 | Number of not applicable devices |
successCount | Int32 | Number of succeeded devices |
errorCount | Int32 | Number of error devices |
failedCount | Int32 | Number of failed devices |
lastUpdateDateTime | DateTimeOffset | Last update time |
configurationVersion | Int32 | Version of the policy for that overview |
deviceComplianceDeviceStatus
Property | Type | Description |
---|---|---|
id | String | Key of the entity. |
deviceDisplayName | String | Device name of the DevicePolicyStatus. |
userName | String | The User Name that is being reported |
deviceModel | String | The device model that is being reported |
complianceGracePeriodExpirationDateTime | DateTimeOffset | The DateTime when device compliance grace period expires |
status | complianceStatus | Compliance status of the policy report. Possible values are: unknown , notApplicable , compliant , remediated , nonCompliant , error , conflict , notAssigned . |
lastReportedDateTime | DateTimeOffset | Last modified date time of the policy report. |
userPrincipalName | String | UserPrincipalName. |
deviceCompliancePolicy
Property | Type | Description |
---|---|---|
id | String | Key of the entity. |
createdDateTime | DateTimeOffset | DateTime the object was created. |
description | String | Admin provided description of the Device Configuration. |
lastModifiedDateTime | DateTimeOffset | DateTime the object was last modified. |
displayName | String | Admin provided name of the device configuration. |
version | Int32 | Version of the device configuration. |
deviceCompliancePolicyAssignment
Property | Type | Description |
---|---|---|
id | String | Key of the entity. |
target | deviceAndAppManagementAssignmentTarget | Target for the compliance policy assignment. |
deviceCompliancePolicyDeviceStateSummary
Property | Type | Description |
---|---|---|
inGracePeriodCount | Int32 | Number of devices that are in grace period |
configManagerCount | Int32 | Number of devices that have compliance managed by System Center Configuration Manager |
id | String | Key of the entity. |
unknownDeviceCount | Int32 | Number of unknown devices |
notApplicableDeviceCount | Int32 | Number of not applicable devices |
compliantDeviceCount | Int32 | Number of compliant devices |
remediatedDeviceCount | Int32 | Number of remediated devices |
nonCompliantDeviceCount | Int32 | Number of NonCompliant devices |
errorDeviceCount | Int32 | Number of error devices |
conflictDeviceCount | Int32 | Number of conflict devices |
deviceCompliancePolicySettingStateSummary
Property | Type | Description |
---|---|---|
id | String | Key of the entity. |
setting | String | The setting class name and property name. |
settingName | String | Name of the setting. |
platformType | policyPlatformType | Setting platform. Possible values are: android , iOS , macOS , windowsPhone81 , windows81AndLater , windows10AndLater , androidWorkProfile , all . |
unknownDeviceCount | Int32 | Number of unknown devices |
notApplicableDeviceCount | Int32 | Number of not applicable devices |
compliantDeviceCount | Int32 | Number of compliant devices |
remediatedDeviceCount | Int32 | Number of remediated devices |
nonCompliantDeviceCount | Int32 | Number of NonCompliant devices |
errorDeviceCount | Int32 | Number of error devices |
conflictDeviceCount | Int32 | Number of conflict devices |
deviceComplianceScheduledActionForRule
Property | Type | Description |
---|---|---|
id | String | Key of the entity. |
ruleName | String | Name of the rule which this scheduled action applies to. Currently scheduled actions are created per policy instead of per rule, thus RuleName is always set to default value PasswordRequired. |
deviceComplianceSettingState
Property | Type | Description |
---|---|---|
id | String | Key of the entity |
setting | String | The setting class name and property name. |
settingName | String | The Setting Name that is being reported |
deviceId | String | The Device Id that is being reported |
deviceName | String | The Device Name that is being reported |
userId | String | The user Id that is being reported |
userEmail | String | The User email address that is being reported |
userName | String | The User Name that is being reported |
userPrincipalName | String | The User PrincipalName that is being reported |
deviceModel | String | The device model that is being reported |
state | complianceStatus | The compliance state of the setting. Possible values are: unknown , notApplicable , compliant , remediated , nonCompliant , error , conflict , notAssigned . |
complianceGracePeriodExpirationDateTime | DateTimeOffset | The DateTime when device compliance grace period expires |
deviceComplianceUserOverview
Property | Type | Description |
---|---|---|
id | String | Key of the entity. |
pendingCount | Int32 | Number of pending Users |
notApplicableCount | Int32 | Number of not applicable users |
successCount | Int32 | Number of succeeded Users |
errorCount | Int32 | Number of error Users |
failedCount | Int32 | Number of failed Users |
lastUpdateDateTime | DateTimeOffset | Last update time |
configurationVersion | Int32 | Version of the policy for that overview |
deviceComplianceUserStatus
Property | Type | Description |
---|---|---|
id | String | Key of the entity. |
userDisplayName | String | User name of the DevicePolicyStatus. |
devicesCount | Int32 | Devices count for that user. |
status | complianceStatus | Compliance status of the policy report. Possible values are: unknown , notApplicable , compliant , remediated , nonCompliant , error , conflict , notAssigned . |
lastReportedDateTime | DateTimeOffset | Last modified date time of the policy report. |
userPrincipalName | String | UserPrincipalName. |
deviceConfiguration
Property | Type | Description |
---|---|---|
id | String | Key of the entity. |
lastModifiedDateTime | DateTimeOffset | DateTime the object was last modified. |
createdDateTime | DateTimeOffset | DateTime the object was created. |
description | String | Admin provided description of the Device Configuration. |
displayName | String | Admin provided name of the device configuration. |
version | Int32 | Version of the device configuration. |
deviceConfigurationAssignment
Property | Type | Description |
---|---|---|
id | String | The key of the assignment. |
target | deviceAndAppManagementAssignmentTarget | The assignment target for the device configuration. |
deviceConfigurationConflictSummary
Property | Type | Description |
---|---|---|
conflictingDeviceConfigurations | settingSource collection | The set of policies in conflict with the given setting |
id | String | The id for this set of conflicting policies. This id is the ids of all the policies in ConflictingDeviceConfigurations in lexicographical order separated by underscores. |
contributingSettings | String collection | The set of settings in conflict with the given policies |
deviceCheckinsImpacted | Int32 | The count of checkins impacted by the conflicting policies and settings |
deviceConfigurationDeviceOverview
Property | Type | Description |
---|---|---|
id | String | Key of the entity. |
pendingCount | Int32 | Number of pending devices |
notApplicableCount | Int32 | Number of not applicable devices |
successCount | Int32 | Number of succeeded devices |
errorCount | Int32 | Number of error devices |
failedCount | Int32 | Number of failed devices |
lastUpdateDateTime | DateTimeOffset | Last update time |
configurationVersion | Int32 | Version of the policy for that overview |
deviceConfigurationDeviceStateSummary
Property | Type | Description |
---|---|---|
id | String | Key of the entity. |
unknownDeviceCount | Int32 | Number of unknown devices |
notApplicableDeviceCount | Int32 | Number of not applicable devices |
compliantDeviceCount | Int32 | Number of compliant devices |
remediatedDeviceCount | Int32 | Number of remediated devices |
nonCompliantDeviceCount | Int32 | Number of NonCompliant devices |
errorDeviceCount | Int32 | Number of error devices |
conflictDeviceCount | Int32 | Number of conflict devices |
deviceConfigurationDeviceStatus
Property | Type | Description |
---|---|---|
id | String | Key of the entity. |
deviceDisplayName | String | Device name of the DevicePolicyStatus. |
userName | String | The User Name that is being reported |
deviceModel | String | The device model that is being reported |
complianceGracePeriodExpirationDateTime | DateTimeOffset | The DateTime when device compliance grace period expires |
status | complianceStatus | Compliance status of the policy report. Possible values are: unknown , notApplicable , compliant , remediated , nonCompliant , error , conflict , notAssigned . |
lastReportedDateTime | DateTimeOffset | Last modified date time of the policy report. |
userPrincipalName | String | UserPrincipalName. |
deviceConfigurationGroupAssignment
Property | Type | Description |
---|---|---|
id | String | Key of the entity. |
targetGroupId | String | The Id of the AAD group we are targeting the device configuration to. |
excludeGroup | Boolean | Indicates if this group is should be excluded. Defaults that the group should be included |
deviceConfigurationTargetedUserAndDevice
Property | Type | Description |
---|---|---|
deviceId | String | The id of the device in the checkin. |
deviceName | String | The name of the device in the checkin. |
userId | String | The id of the user in the checkin. |
userDisplayName | String | The display name of the user in the checkin |
userPrincipalName | String | The UPN of the user in the checkin. |
lastCheckinDateTime | DateTimeOffset | Last checkin time for this user/device pair. |
deviceConfigurationUserOverview
Property | Type | Description |
---|---|---|
id | String | Key of the entity. |
pendingCount | Int32 | Number of pending Users |
notApplicableCount | Int32 | Number of not applicable users |
successCount | Int32 | Number of succeeded Users |
errorCount | Int32 | Number of error Users |
failedCount | Int32 | Number of failed Users |
lastUpdateDateTime | DateTimeOffset | Last update time |
configurationVersion | Int32 | Version of the policy for that overview |
deviceConfigurationUserStateSummary
Property | Type | Description |
---|---|---|
id | String | Key of the entity. |
unknownUserCount | Int32 | Number of unknown users |
notApplicableUserCount | Int32 | Number of not applicable users |
compliantUserCount | Int32 | Number of compliant users |
remediatedUserCount | Int32 | Number of remediated users |
nonCompliantUserCount | Int32 | Number of NonCompliant users |
errorUserCount | Int32 | Number of error users |
conflictUserCount | Int32 | Number of conflict users |
deviceConfigurationUserStatus
Property | Type | Description |
---|---|---|
id | String | Key of the entity. |
userDisplayName | String | User name of the DevicePolicyStatus. |
devicesCount | Int32 | Devices count for that user. |
status | complianceStatus | Compliance status of the policy report. Possible values are: unknown , notApplicable , compliant , remediated , nonCompliant , error , conflict , notAssigned . |
lastReportedDateTime | DateTimeOffset | Last modified date time of the policy report. |
userPrincipalName | String | UserPrincipalName. |
deviceManagement
Property | Type | Description |
---|---|---|
id | String | Unique Identifier |
settings | deviceManagementSettings | Account level settings. |
intuneAccountId | Guid | Intune Account Id for given tenant |
easEmailProfileConfigurationBase
Property | Type | Description |
---|---|---|
id | String | Key of the entity. Inherited from deviceConfiguration |
lastModifiedDateTime | DateTimeOffset | DateTime the object was last modified. Inherited from deviceConfiguration |
roleScopeTagIds | String collection | List of Scope Tags for this Entity instance. Inherited from deviceConfiguration |
supportsScopeTags | Boolean | Indicates whether or not the underlying Device Configuration supports the assignment of scope tags. Assigning to the ScopeTags property is not allowed when this value is false and entities will not be visible to scoped users. This occurs for Legacy policies created in Silverlight and can be resolved by deleting and recreating the policy in the Azure Portal. This property is read-only. Inherited from deviceConfiguration |
deviceManagementApplicabilityRuleOsEdition | deviceManagementApplicabilityRuleOsEdition | The OS edition applicability for this Policy. Inherited from deviceConfiguration |
deviceManagementApplicabilityRuleOsVersion | deviceManagementApplicabilityRuleOsVersion | The OS version applicability rule for this Policy. Inherited from deviceConfiguration |
deviceManagementApplicabilityRuleDeviceMode | deviceManagementApplicabilityRuleDeviceMode | The device mode applicability rule for this Policy. Inherited from deviceConfiguration |
createdDateTime | DateTimeOffset | DateTime the object was created. Inherited from deviceConfiguration |
description | String | Admin provided description of the Device Configuration. Inherited from deviceConfiguration |
displayName | String | Admin provided name of the device configuration. Inherited from deviceConfiguration |
version | Int32 | Version of the device configuration. Inherited from deviceConfiguration |
usernameSource | userEmailSource | Username attribute that is picked from AAD and injected into this profile before installing on the device. Possible values are: userPrincipalName , primarySmtpAddress . |
usernameAADSource | usernameSource | Name of the AAD field, that will be used to retrieve UserName for email profile. Possible values are: userPrincipalName , primarySmtpAddress , samAccountName . |
userDomainNameSource | domainNameSource | UserDomainname attribute that is picked from AAD and injected into this profile before installing on the device. Possible values are: fullDomainName , netBiosDomainName . |
customDomainName | String | Custom domain name value used while generating an email profile before installing on the device. |
editionUpgradeConfiguration
Property | Type | Description |
---|---|---|
id | String | Key of the entity. Inherited from deviceConfiguration |
lastModifiedDateTime | DateTimeOffset | DateTime the object was last modified. Inherited from deviceConfiguration |
createdDateTime | DateTimeOffset | DateTime the object was created. Inherited from deviceConfiguration |
description | String | Admin provided description of the Device Configuration. Inherited from deviceConfiguration |
displayName | String | Admin provided name of the device configuration. Inherited from deviceConfiguration |
version | Int32 | Version of the device configuration. Inherited from deviceConfiguration |
licenseType | editionUpgradeLicenseType | Edition Upgrade License Type. Possible values are: productKey , licenseFile . |
targetEdition | windows10EditionType | Edition Upgrade Target Edition. Possible values are: windows10Enterprise , windows10EnterpriseN , windows10Education , windows10EducationN , windows10MobileEnterprise , windows10HolographicEnterprise , windows10Professional , windows10ProfessionalN , windows10ProfessionalEducation , windows10ProfessionalEducationN , windows10ProfessionalWorkstation , windows10ProfessionalWorkstationN . |
license | String | Edition Upgrade License File Content. |
productKey | String | Edition Upgrade Product Key. |
hardwareConfiguration
Property | Type | Description |
---|---|---|
id | String | Unique Identifier for the hardware configuration |
version | Int32 | Version of the hardware configuration (E.g. 1, 2, 3 ...) |
displayName | String | Name of the hardware configuration |
description | String | Description of the hardware configuration |
createdDateTime | DateTimeOffset | Timestamp of when the hardware configuration was created. This property is read-only. |
lastModifiedDateTime | DateTimeOffset | Timestamp of when the hardware configuration was modified. This property is read-only. |
fileName | String | File name of the hardware configuration |
configurationFileContent | Binary | File content of the hardware configuration |
hardwareConfigurationFormat | hardwareConfigurationFormat | Oem type of the hardware configuration (E.g. DELL, HP, Surface and SurfaceDock). Possible values are: dell , surface , surfaceDock . |
roleScopeTagIds | String collection | List of Scope Tag IDs for the hardware configuration |
perDevicePasswordDisabled | Boolean | A value indicating whether per devcive pasword disabled |
hardwareConfigurationAssignment
Property | Type | Description |
---|---|---|
id | String | Key of the hardware configuration group assignment entity. This property is read-only. |
target | deviceAndAppManagementAssignmentTarget | The Id of the Azure Active Directory group we are targeting the configuration to. |
hardwareConfigurationDeviceState
Property | Type | Description |
---|---|---|
id | String | Key of the hardware configuration script device state entity. This property is read-only. |
deviceName | String | The name of the device |
osVersion | String | Operating system version of the device (E.g. 10.0.19042.1165, 10.0.19042.1288 etc.) |
upn | String | User Principal Name (UPN). |
internalVersion | Int32 | The Policy internal version |
lastStateUpdateDateTime | DateTimeOffset | The last timestamp of when the hardware configuration executed |
configurationState | runState | Configuration state from the lastest hardware configuration execution. Possible values are: unknown , success , fail , scriptError , pending , notApplicable . |
configurationOutput | String | Output of the hardware configuration execution |
configurationError | String | Error from the hardware configuration execution |
hardwareConfigurationRunSummary
Property | Type | Description |
---|---|---|
id | String | Key of the hardware configuration run summary entity. This property is read-only. |
successfulDeviceCount | Int32 | Number of devices for which hardware configured without any issue |
failedDeviceCount | Int32 | Number of devices for which hardware configuration found an issue |
pendingDeviceCount | Int32 | Number of devices for which hardware configuration is in pending state |
errorDeviceCount | Int32 | Number of devices for which hardware configuration state is error |
notApplicableDeviceCount | Int32 | Number of devices for which hardware configuration state is not applicable |
unknownDeviceCount | Int32 | Number of devices for which hardware configuration state is unknown |
successfulUserCount | Int32 | Number of users for which hardware configured without any issue |
failedUserCount | Int32 | Number of users for which hardware configuration found an issue |
pendingUserCount | Int32 | Number of users for which hardware configuration is in pending state |
errorUserCount | Int32 | Number of users for which hardware configuration state is error |
notApplicableUserCount | Int32 | Number of users for which hardware configuration state is not applicable |
unknownUserCount | Int32 | Number of users for which hardware configuration state is unknown |
lastRunDateTime | DateTimeOffset | Last run time for the configuration across all devices |
hardwareConfigurationUserState
Property | Type | Description |
---|---|---|
id | String | Key of the hardware configuration script user state entity. This property is read-only. |
upn | String | User Principal Name (UPN). |
userEmail | String | User Email address. |
userName | String | User name |
lastStateUpdateDateTime | DateTimeOffset | Last timestamp when the hardware configuration executed |
successfulDeviceCount | Int32 | Success device count for specific user. |
failedDeviceCount | Int32 | Failed device count for specific user. |
pendingDeviceCount | Int32 | Pending device count for specific user. |
errorDeviceCount | Int32 | Error device count for specific user. |
notApplicableDeviceCount | Int32 | Not applicable device count for specific user. |
unknownDeviceCount | Int32 | Unknown device count for specific user. |
hardwarePasswordInfo
Property | Type | Description |
---|---|---|
id | String | Unique Identifier for the hardware password info |
serialNumber | String | Device serial number |
currentPassword | String | Current device password |
previousPasswords | String collection | List of previous device passwords |
iosCertificateProfile
Property | Type | Description |
---|---|---|
id | String | Key of the entity. Inherited from deviceConfiguration |
lastModifiedDateTime | DateTimeOffset | DateTime the object was last modified. Inherited from deviceConfiguration |
createdDateTime | DateTimeOffset | DateTime the object was created. Inherited from deviceConfiguration |
description | String | Admin provided description of the Device Configuration. Inherited from deviceConfiguration |
displayName | String | Admin provided name of the device configuration. Inherited from deviceConfiguration |
version | Int32 | Version of the device configuration. Inherited from deviceConfiguration |
iosCertificateProfileBase
Property | Type | Description |
---|---|---|
id | String | Key of the entity. Inherited from deviceConfiguration |
lastModifiedDateTime | DateTimeOffset | DateTime the object was last modified. Inherited from deviceConfiguration |
roleScopeTagIds | String collection | List of Scope Tags for this Entity instance. Inherited from deviceConfiguration |
supportsScopeTags | Boolean | Indicates whether or not the underlying Device Configuration supports the assignment of scope tags. Assigning to the ScopeTags property is not allowed when this value is false and entities will not be visible to scoped users. This occurs for Legacy policies created in Silverlight and can be resolved by deleting and recreating the policy in the Azure Portal. This property is read-only. Inherited from deviceConfiguration |
deviceManagementApplicabilityRuleOsEdition | deviceManagementApplicabilityRuleOsEdition | The OS edition applicability for this Policy. Inherited from deviceConfiguration |
deviceManagementApplicabilityRuleOsVersion | deviceManagementApplicabilityRuleOsVersion | The OS version applicability rule for this Policy. Inherited from deviceConfiguration |
deviceManagementApplicabilityRuleDeviceMode | deviceManagementApplicabilityRuleDeviceMode | The device mode applicability rule for this Policy. Inherited from deviceConfiguration |
createdDateTime | DateTimeOffset | DateTime the object was created. Inherited from deviceConfiguration |
description | String | Admin provided description of the Device Configuration. Inherited from deviceConfiguration |
displayName | String | Admin provided name of the device configuration. Inherited from deviceConfiguration |
version | Int32 | Version of the device configuration. Inherited from deviceConfiguration |
renewalThresholdPercentage | Int32 | Certificate renewal threshold percentage. Valid values 1 to 99 |
subjectNameFormat | appleSubjectNameFormat | Certificate Subject Name Format. Possible values are: commonName , commonNameAsEmail , custom , commonNameIncludingEmail , commonNameAsIMEI , commonNameAsSerialNumber . |
subjectAlternativeNameType | subjectAlternativeNameType | Certificate Subject Alternative Name type. Possible values are: none , emailAddress , userPrincipalName , customAzureADAttribute , domainNameService , universalResourceIdentifier . |
certificateValidityPeriodValue | Int32 | Value for the Certificate Validity Period. |
certificateValidityPeriodScale | certificateValidityPeriodScale | Scale for the Certificate Validity Period. Possible values are: days , months , years . |
iosCompliancePolicy
Property | Type | Description |
---|---|---|
id | String | Key of the entity. Inherited from deviceCompliancePolicy |
createdDateTime | DateTimeOffset | DateTime the object was created. Inherited from deviceCompliancePolicy |
description | String | Admin provided description of the Device Configuration. Inherited from deviceCompliancePolicy |
lastModifiedDateTime | DateTimeOffset | DateTime the object was last modified. Inherited from deviceCompliancePolicy |
displayName | String | Admin provided name of the device configuration. Inherited from deviceCompliancePolicy |
version | Int32 | Version of the device configuration. Inherited from deviceCompliancePolicy |
passcodeBlockSimple | Boolean | Indicates whether or not to block simple passcodes. |
passcodeExpirationDays | Int32 | Number of days before the passcode expires. Valid values 1 to 65535 |
passcodeMinimumLength | Int32 | Minimum length of passcode. Valid values 4 to 14 |
passcodeMinutesOfInactivityBeforeLock | Int32 | Minutes of inactivity before a passcode is required. |
passcodePreviousPasscodeBlockCount | Int32 | Number of previous passcodes to block. Valid values 1 to 24 |
passcodeMinimumCharacterSetCount | Int32 | The number of character sets required in the password. |
passcodeRequiredType | requiredPasswordType | The required passcode type. Possible values are: deviceDefault , alphanumeric , numeric . |
passcodeRequired | Boolean | Indicates whether or not to require a passcode. |
osMinimumVersion | String | Minimum IOS version. |
osMaximumVersion | String | Maximum IOS version. |
securityBlockJailbrokenDevices | Boolean | Devices must not be jailbroken or rooted. |
deviceThreatProtectionEnabled | Boolean | Require that devices have enabled device threat protection . |
deviceThreatProtectionRequiredSecurityLevel | deviceThreatProtectionLevel | Require Mobile Threat Protection minimum risk level to report noncompliance. Possible values are: unavailable , secured , low , medium , high , notSet . |
managedEmailProfileRequired | Boolean | Indicates whether or not to require a managed email profile. |
iosCustomConfiguration
Property | Type | Description | |
---|---|---|---|
id | String | Key of the entity. Inherited from deviceConfiguration | |
lastModifiedDateTime | DateTimeOffset | DateTime the object was last modified. Inherited from deviceConfiguration | |
createdDateTime | DateTimeOffset | DateTime the object was created. Inherited from deviceConfiguration | |
description | String | Admin provided description of the Device Configuration. Inherited from deviceConfiguration | |
displayName | String | Admin provided name of the device configuration. Inherited from deviceConfiguration | |
version | Int32 | Version of the device configuration. Inherited from deviceConfiguration | |
payloadName | String | Name that is displayed to the user. | |
payloadFileName | String | Payload file name (*.mobileconfig | *.xml). |
payload | Binary | Payload. (UTF8 encoded byte array) |
iosDerivedCredentialAuthenticationConfiguration
Property | Type | Description |
---|---|---|
id | String | Key of the entity. Inherited from deviceConfiguration |
lastModifiedDateTime | DateTimeOffset | DateTime the object was last modified. Inherited from deviceConfiguration |
roleScopeTagIds | String collection | List of Scope Tags for this Entity instance. Inherited from deviceConfiguration |
supportsScopeTags | Boolean | Indicates whether or not the underlying Device Configuration supports the assignment of scope tags. Assigning to the ScopeTags property is not allowed when this value is false and entities will not be visible to scoped users. This occurs for Legacy policies created in Silverlight and can be resolved by deleting and recreating the policy in the Azure Portal. This property is read-only. Inherited from deviceConfiguration |
deviceManagementApplicabilityRuleOsEdition | deviceManagementApplicabilityRuleOsEdition | The OS edition applicability for this Policy. Inherited from deviceConfiguration |
deviceManagementApplicabilityRuleOsVersion | deviceManagementApplicabilityRuleOsVersion | The OS version applicability rule for this Policy. Inherited from deviceConfiguration |
deviceManagementApplicabilityRuleDeviceMode | deviceManagementApplicabilityRuleDeviceMode | The device mode applicability rule for this Policy. Inherited from deviceConfiguration |
createdDateTime | DateTimeOffset | DateTime the object was created. Inherited from deviceConfiguration |
description | String | Admin provided description of the Device Configuration. Inherited from deviceConfiguration |
displayName | String | Admin provided name of the device configuration. Inherited from deviceConfiguration |
version | Int32 | Version of the device configuration. Inherited from deviceConfiguration |
iosDeviceFeaturesConfiguration
Property | Type | Description |
---|---|---|
id | String | Key of the entity. Inherited from deviceConfiguration |
lastModifiedDateTime | DateTimeOffset | DateTime the object was last modified. Inherited from deviceConfiguration |
createdDateTime | DateTimeOffset | DateTime the object was created. Inherited from deviceConfiguration |
description | String | Admin provided description of the Device Configuration. Inherited from deviceConfiguration |
displayName | String | Admin provided name of the device configuration. Inherited from deviceConfiguration |
version | Int32 | Version of the device configuration. Inherited from deviceConfiguration |
assetTagTemplate | String | Asset tag information for the device, displayed on the login window and lock screen. |
lockScreenFootnote | String | A footnote displayed on the login window and lock screen. Available in iOS 9.3.1 and later. |
homeScreenDockIcons | iosHomeScreenItem collection | A list of app and folders to appear on the Home Screen Dock. This collection can contain a maximum of 500 elements. |
homeScreenPages | iosHomeScreenPage collection | A list of pages on the Home Screen. This collection can contain a maximum of 500 elements. |
notificationSettings | iosNotificationSettings collection | Notification settings for each bundle id. Applicable to devices in supervised mode only (iOS 9.3 and later). This collection can contain a maximum of 500 elements. |
iosEasEmailProfileConfiguration
Property | Type | Description |
---|---|---|
id | String | Key of the entity. Inherited from deviceConfiguration |
lastModifiedDateTime | DateTimeOffset | DateTime the object was last modified. Inherited from deviceConfiguration |
roleScopeTagIds | String collection | List of Scope Tags for this Entity instance. Inherited from deviceConfiguration |
supportsScopeTags | Boolean | Indicates whether or not the underlying Device Configuration supports the assignment of scope tags. Assigning to the ScopeTags property is not allowed when this value is false and entities will not be visible to scoped users. This occurs for Legacy policies created in Silverlight and can be resolved by deleting and recreating the policy in the Azure Portal. This property is read-only. Inherited from deviceConfiguration |
deviceManagementApplicabilityRuleOsEdition | deviceManagementApplicabilityRuleOsEdition | The OS edition applicability for this Policy. Inherited from deviceConfiguration |
deviceManagementApplicabilityRuleOsVersion | deviceManagementApplicabilityRuleOsVersion | The OS version applicability rule for this Policy. Inherited from deviceConfiguration |
deviceManagementApplicabilityRuleDeviceMode | deviceManagementApplicabilityRuleDeviceMode | The device mode applicability rule for this Policy. Inherited from deviceConfiguration |
createdDateTime | DateTimeOffset | DateTime the object was created. Inherited from deviceConfiguration |
description | String | Admin provided description of the Device Configuration. Inherited from deviceConfiguration |
displayName | String | Admin provided name of the device configuration. Inherited from deviceConfiguration |
version | Int32 | Version of the device configuration. Inherited from deviceConfiguration |
usernameSource | userEmailSource | Username attribute that is picked from AAD and injected into this profile before installing on the device. Inherited from easEmailProfileConfigurationBase. Possible values are: userPrincipalName , primarySmtpAddress . |
usernameAADSource | usernameSource | Name of the AAD field, that will be used to retrieve UserName for email profile. Inherited from easEmailProfileConfigurationBase. Possible values are: userPrincipalName , primarySmtpAddress , samAccountName . |
userDomainNameSource | domainNameSource | UserDomainname attribute that is picked from AAD and injected into this profile before installing on the device. Inherited from easEmailProfileConfigurationBase. Possible values are: fullDomainName , netBiosDomainName . |
customDomainName | String | Custom domain name value used while generating an email profile before installing on the device. Inherited from easEmailProfileConfigurationBase |
accountName | String | Account name. |
authenticationMethod | easAuthenticationMethod | Authentication method for this Email profile. Possible values are: usernameAndPassword , certificate , derivedCredential . |
blockMovingMessagesToOtherEmailAccounts | Boolean | Indicates whether or not to block moving messages to other email accounts. |
blockSendingEmailFromThirdPartyApps | Boolean | Indicates whether or not to block sending email from third party apps. |
blockSyncingRecentlyUsedEmailAddresses | Boolean | Indicates whether or not to block syncing recently used email addresses, for instance - when composing new email. |
durationOfEmailToSync | emailSyncDuration | Duration of time email should be synced back to. . Possible values are: userDefined , oneDay , threeDays , oneWeek , twoWeeks , oneMonth , unlimited . |
emailAddressSource | userEmailSource | Email attribute that is picked from AAD and injected into this profile before installing on the device. Possible values are: userPrincipalName , primarySmtpAddress . |
easServices | easServices | Exchange data to sync. Possible values are: none , calendars , contacts , email , notes , reminders . |
easServicesUserOverrideEnabled | Boolean | Allow users to change sync settings. |
hostName | String | Exchange location that (URL) that the native mail app connects to. |
requireSmime | Boolean | Indicates whether or not to use S/MIME certificate. |
smimeEnablePerMessageSwitch | Boolean | Indicates whether or not to allow unencrypted emails. |
smimeEncryptByDefaultEnabled | Boolean | If set to true S/MIME encryption is enabled by default. |
smimeSigningEnabled | Boolean | If set to true S/MIME signing is enabled for this account |
smimeSigningUserOverrideEnabled | Boolean | If set to true, the user can toggle S/MIME signing on or off. |
smimeEncryptByDefaultUserOverrideEnabled | Boolean | If set to true, the user can toggle the encryption by default setting. |
smimeSigningCertificateUserOverrideEnabled | Boolean | If set to true, the user can select the signing identity. |
smimeEncryptionCertificateUserOverrideEnabled | Boolean | If set to true the user can select the S/MIME encryption identity. |
requireSsl | Boolean | Indicates whether or not to use SSL. |
useOAuth | Boolean | Specifies whether the connection should use OAuth for authentication. |
signingCertificateType | emailCertificateType | Signing Certificate type for this Email profile. Possible values are: none , certificate , derivedCredential . |
encryptionCertificateType | emailCertificateType | Encryption Certificate type for this Email profile. Possible values are: none , certificate , derivedCredential . |
perAppVPNProfileId | String | Profile ID of the Per-App VPN policy to be used to access emails from the native Mail client |
iosEducationDeviceConfiguration
Property | Type | Description |
---|---|---|
id | String | Key of the entity. Inherited from deviceConfiguration |
lastModifiedDateTime | DateTimeOffset | DateTime the object was last modified. Inherited from deviceConfiguration |
roleScopeTagIds | String collection | List of Scope Tags for this Entity instance. Inherited from deviceConfiguration |
supportsScopeTags | Boolean | Indicates whether or not the underlying Device Configuration supports the assignment of scope tags. Assigning to the ScopeTags property is not allowed when this value is false and entities will not be visible to scoped users. This occurs for Legacy policies created in Silverlight and can be resolved by deleting and recreating the policy in the Azure Portal. This property is read-only. Inherited from deviceConfiguration |
deviceManagementApplicabilityRuleOsEdition | deviceManagementApplicabilityRuleOsEdition | The OS edition applicability for this Policy. Inherited from deviceConfiguration |
deviceManagementApplicabilityRuleOsVersion | deviceManagementApplicabilityRuleOsVersion | The OS version applicability rule for this Policy. Inherited from deviceConfiguration |
deviceManagementApplicabilityRuleDeviceMode | deviceManagementApplicabilityRuleDeviceMode | The device mode applicability rule for this Policy. Inherited from deviceConfiguration |
createdDateTime | DateTimeOffset | DateTime the object was created. Inherited from deviceConfiguration |
description | String | Admin provided description of the Device Configuration. Inherited from deviceConfiguration |
displayName | String | Admin provided name of the device configuration. Inherited from deviceConfiguration |
version | Int32 | Version of the device configuration. Inherited from deviceConfiguration |
iosEduDeviceConfiguration
Property | Type | Description |
---|---|---|
id | String | Key of the entity. Inherited from deviceConfiguration |
lastModifiedDateTime | DateTimeOffset | DateTime the object was last modified. Inherited from deviceConfiguration |
roleScopeTagIds | String collection | List of Scope Tags for this Entity instance. Inherited from deviceConfiguration |
supportsScopeTags | Boolean | Indicates whether or not the underlying Device Configuration supports the assignment of scope tags. Assigning to the ScopeTags property is not allowed when this value is false and entities will not be visible to scoped users. This occurs for Legacy policies created in Silverlight and can be resolved by deleting and recreating the policy in the Azure Portal. This property is read-only. Inherited from deviceConfiguration |
deviceManagementApplicabilityRuleOsEdition | deviceManagementApplicabilityRuleOsEdition | The OS edition applicability for this Policy. Inherited from deviceConfiguration |
deviceManagementApplicabilityRuleOsVersion | deviceManagementApplicabilityRuleOsVersion | The OS version applicability rule for this Policy. Inherited from deviceConfiguration |
deviceManagementApplicabilityRuleDeviceMode | deviceManagementApplicabilityRuleDeviceMode | The device mode applicability rule for this Policy. Inherited from deviceConfiguration |
createdDateTime | DateTimeOffset | DateTime the object was created. Inherited from deviceConfiguration |
description | String | Admin provided description of the Device Configuration. Inherited from deviceConfiguration |
displayName | String | Admin provided name of the device configuration. Inherited from deviceConfiguration |
version | Int32 | Version of the device configuration. Inherited from deviceConfiguration |
teacherCertificateSettings | iosEduCertificateSettings | The Trusted Root and PFX certificates for Teacher |
studentCertificateSettings | iosEduCertificateSettings | The Trusted Root and PFX certificates for Student |
deviceCertificateSettings | iosEduCertificateSettings | The Trusted Root and PFX certificates for Device |
iosEnterpriseWiFiConfiguration
Property | Type | Description |
---|---|---|
id | String | Key of the entity. Inherited from deviceConfiguration |
lastModifiedDateTime | DateTimeOffset | DateTime the object was last modified. Inherited from deviceConfiguration |
roleScopeTagIds | String collection | List of Scope Tags for this Entity instance. Inherited from deviceConfiguration |
supportsScopeTags | Boolean | Indicates whether or not the underlying Device Configuration supports the assignment of scope tags. Assigning to the ScopeTags property is not allowed when this value is false and entities will not be visible to scoped users. This occurs for Legacy policies created in Silverlight and can be resolved by deleting and recreating the policy in the Azure Portal. This property is read-only. Inherited from deviceConfiguration |
deviceManagementApplicabilityRuleOsEdition | deviceManagementApplicabilityRuleOsEdition | The OS edition applicability for this Policy. Inherited from deviceConfiguration |
deviceManagementApplicabilityRuleOsVersion | deviceManagementApplicabilityRuleOsVersion | The OS version applicability rule for this Policy. Inherited from deviceConfiguration |
deviceManagementApplicabilityRuleDeviceMode | deviceManagementApplicabilityRuleDeviceMode | The device mode applicability rule for this Policy. Inherited from deviceConfiguration |
createdDateTime | DateTimeOffset | DateTime the object was created. Inherited from deviceConfiguration |
description | String | Admin provided description of the Device Configuration. Inherited from deviceConfiguration |
displayName | String | Admin provided name of the device configuration. Inherited from deviceConfiguration |
version | Int32 | Version of the device configuration. Inherited from deviceConfiguration |
networkName | String | Network Name Inherited from iosWiFiConfiguration |
ssid | String | This is the name of the Wi-Fi network that is broadcast to all devices. Inherited from iosWiFiConfiguration |
connectAutomatically | Boolean | Connect automatically when this network is in range. Setting this to true will skip the user prompt and automatically connect the device to Wi-Fi network. Inherited from iosWiFiConfiguration |
connectWhenNetworkNameIsHidden | Boolean | Connect when the network is not broadcasting its name (SSID). When set to true, this profile forces the device to connect to a network that doesn't broadcast its SSID to all devices. Inherited from iosWiFiConfiguration |
wiFiSecurityType | wiFiSecurityType | Indicates whether Wi-Fi endpoint uses an EAP based security type. Inherited from iosWiFiConfiguration. Possible values are: open , wpaPersonal , wpaEnterprise , wep , wpa2Personal , wpa2Enterprise . |
proxySettings | wiFiProxySetting | Proxy Type for this Wi-Fi connection Inherited from iosWiFiConfiguration. Possible values are: none , manual , automatic . |
proxyManualAddress | String | IP Address or DNS hostname of the proxy server when manual configuration is selected. Inherited from iosWiFiConfiguration |
proxyManualPort | Int32 | Port of the proxy server when manual configuration is selected. Inherited from iosWiFiConfiguration |
proxyAutomaticConfigurationUrl | String | URL of the proxy server automatic configuration script when automatic configuration is selected. This URL is typically the location of PAC (Proxy Auto Configuration) file. Inherited from iosWiFiConfiguration |
disableMacAddressRandomization | Boolean | If set to true, forces devices connecting using this Wi-Fi profile to present their actual Wi-Fi MAC address instead of a random MAC address. Applies to iOS 14 and later. Inherited from iosWiFiConfiguration |
preSharedKey | String | This is the pre-shared key for WPA Personal Wi-Fi network. Inherited from iosWiFiConfiguration |
eapType | eapType | Extensible Authentication Protocol (EAP). Indicates the type of EAP protocol set on the Wi-Fi endpoint (router). Possible values are: eapTls , leap , eapSim , eapTtls , peap , eapFast , teap . |
eapFastConfiguration | eapFastConfiguration | EAP-FAST Configuration Option when EAP-FAST is the selected EAP Type. Possible values are: noProtectedAccessCredential , useProtectedAccessCredential , useProtectedAccessCredentialAndProvision , useProtectedAccessCredentialAndProvisionAnonymously . |
trustedServerCertificateNames | String collection | Trusted server certificate names when EAP Type is configured to EAP-TLS/TTLS/FAST or PEAP. This is the common name used in the certificates issued by your trusted certificate authority (CA). If you provide this information, you can bypass the dynamic trust dialog that is displayed on end users' devices when they connect to this Wi-Fi network. |
authenticationMethod | wiFiAuthenticationMethod | Authentication Method when EAP Type is configured to PEAP or EAP-TTLS. Possible values are: certificate , usernameAndPassword , derivedCredential . |
innerAuthenticationProtocolForEapTtls | nonEapAuthenticationMethodForEapTtlsType | Non-EAP Method for Authentication when EAP Type is EAP-TTLS and Authenticationmethod is Username and Password. Possible values are: unencryptedPassword , challengeHandshakeAuthenticationProtocol , microsoftChap , microsoftChapVersionTwo . |
outerIdentityPrivacyTemporaryValue | String | Enable identity privacy (Outer Identity) when EAP Type is configured to EAP - TTLS, EAP - FAST or PEAP. This property masks usernames with the text you enter. For example, if you use 'anonymous', each user that authenticates with this Wi-Fi connection using their real username is displayed as 'anonymous'. |
usernameFormatString | String | Username format string used to build the username to connect to wifi |
passwordFormatString | String | Password format string used to build the password to connect to wifi |
iosExpeditedCheckinConfiguration
Property | Type | Description |
---|---|---|
id | String | Key of the entity. Inherited from deviceConfiguration |
lastModifiedDateTime | DateTimeOffset | DateTime the object was last modified. Inherited from deviceConfiguration |
roleScopeTagIds | String collection | List of Scope Tags for this Entity instance. Inherited from deviceConfiguration |
supportsScopeTags | Boolean | Indicates whether or not the underlying Device Configuration supports the assignment of scope tags. Assigning to the ScopeTags property is not allowed when this value is false and entities will not be visible to scoped users. This occurs for Legacy policies created in Silverlight and can be resolved by deleting and recreating the policy in the Azure Portal. This property is read-only. Inherited from deviceConfiguration |
deviceManagementApplicabilityRuleOsEdition | deviceManagementApplicabilityRuleOsEdition | The OS edition applicability for this Policy. Inherited from deviceConfiguration |
deviceManagementApplicabilityRuleOsVersion | deviceManagementApplicabilityRuleOsVersion | The OS version applicability rule for this Policy. Inherited from deviceConfiguration |
deviceManagementApplicabilityRuleDeviceMode | deviceManagementApplicabilityRuleDeviceMode | The device mode applicability rule for this Policy. Inherited from deviceConfiguration |
createdDateTime | DateTimeOffset | DateTime the object was created. Inherited from deviceConfiguration |
description | String | Admin provided description of the Device Configuration. Inherited from deviceConfiguration |
displayName | String | Admin provided name of the device configuration. Inherited from deviceConfiguration |
version | Int32 | Version of the device configuration. Inherited from deviceConfiguration |
enableExpeditedCheckin | Boolean | Gets or sets whether to enable expedited device check-ins. Inherited from appleExpeditedCheckinConfigurationBase |
iosGeneralDeviceConfiguration
Property | Type | Description |
---|---|---|
id | String | Key of the entity. Inherited from deviceConfiguration |
lastModifiedDateTime | DateTimeOffset | DateTime the object was last modified. Inherited from deviceConfiguration |
createdDateTime | DateTimeOffset | DateTime the object was created. Inherited from deviceConfiguration |
description | String | Admin provided description of the Device Configuration. Inherited from deviceConfiguration |
displayName | String | Admin provided name of the device configuration. Inherited from deviceConfiguration |
version | Int32 | Version of the device configuration. Inherited from deviceConfiguration |
accountBlockModification | Boolean | Indicates whether or not to allow account modification when the device is in supervised mode. |
activationLockAllowWhenSupervised | Boolean | Indicates whether or not to allow activation lock when the device is in the supervised mode. |
airDropBlocked | Boolean | Indicates whether or not to allow AirDrop when the device is in supervised mode. |
airDropForceUnmanagedDropTarget | Boolean | Indicates whether or not to cause AirDrop to be considered an unmanaged drop target (iOS 9.0 and later). |
airPlayForcePairingPasswordForOutgoingRequests | Boolean | Indicates whether or not to enforce all devices receiving AirPlay requests from this device to use a pairing password. |
appleWatchBlockPairing | Boolean | Indicates whether or not to allow Apple Watch pairing when the device is in supervised mode (iOS 9.0 and later). |
appleWatchForceWristDetection | Boolean | Indicates whether or not to force a paired Apple Watch to use Wrist Detection (iOS 8.2 and later). |
appleNewsBlocked | Boolean | Indicates whether or not to block the user from using News when the device is in supervised mode (iOS 9.0 and later). |
appsSingleAppModeList | appListItem collection | Gets or sets the list of iOS apps allowed to autonomously enter Single App Mode. Supervised only. iOS 7.0 and later. This collection can contain a maximum of 500 elements. |
appsVisibilityList | appListItem collection | List of apps in the visibility list (either visible/launchable apps list or hidden/unlaunchable apps list, controlled by AppsVisibilityListType) (iOS 9.3 and later). This collection can contain a maximum of 10000 elements. |
appsVisibilityListType | appListType | Type of list that is in the AppsVisibilityList. Possible values are: none , appsInListCompliant , appsNotInListCompliant . |
appStoreBlockAutomaticDownloads | Boolean | Indicates whether or not to block the automatic downloading of apps purchased on other devices when the device is in supervised mode (iOS 9.0 and later). |
appStoreBlocked | Boolean | Indicates whether or not to block the user from using the App Store. Requires a supervised device for iOS 13 and later. |
appStoreBlockInAppPurchases | Boolean | Indicates whether or not to block the user from making in app purchases. |
appStoreBlockUIAppInstallation | Boolean | Indicates whether or not to block the App Store app, not restricting installation through Host apps. Applies to supervised mode only (iOS 9.0 and later). |
appStoreRequirePassword | Boolean | Indicates whether or not to require a password when using the app store. |
bluetoothBlockModification | Boolean | Indicates whether or not to allow modification of Bluetooth settings when the device is in supervised mode (iOS 10.0 and later). |
cameraBlocked | Boolean | Indicates whether or not to block the user from accessing the camera of the device. Requires a supervised device for iOS 13 and later. |
cellularBlockDataRoaming | Boolean | Indicates whether or not to block data roaming. |
cellularBlockGlobalBackgroundFetchWhileRoaming | Boolean | Indicates whether or not to block global background fetch while roaming. |
cellularBlockPerAppDataModification | Boolean | Indicates whether or not to allow changes to cellular app data usage settings when the device is in supervised mode. |
cellularBlockPersonalHotspot | Boolean | Indicates whether or not to block Personal Hotspot. |
cellularBlockVoiceRoaming | Boolean | Indicates whether or not to block voice roaming. |
certificatesBlockUntrustedTlsCertificates | Boolean | Indicates whether or not to block untrusted TLS certificates. |
classroomAppBlockRemoteScreenObservation | Boolean | Indicates whether or not to allow remote screen observation by Classroom app when the device is in supervised mode (iOS 9.3 and later). |
classroomAppForceUnpromptedScreenObservation | Boolean | Indicates whether or not to automatically give permission to the teacher of a managed course on the Classroom app to view a student's screen without prompting when the device is in supervised mode. |
compliantAppsList | appListItem collection | List of apps in the compliance (either allow list or block list, controlled by CompliantAppListType). This collection can contain a maximum of 10000 elements. |
compliantAppListType | appListType | List that is in the AppComplianceList. Possible values are: none , appsInListCompliant , appsNotInListCompliant . |
configurationProfileBlockChanges | Boolean | Indicates whether or not to block the user from installing configuration profiles and certificates interactively when the device is in supervised mode. |
definitionLookupBlocked | Boolean | Indicates whether or not to block definition lookup when the device is in supervised mode (iOS 8.1.3 and later ). |
deviceBlockEnableRestrictions | Boolean | Indicates whether or not to allow the user to enables restrictions in the device settings when the device is in supervised mode. |
deviceBlockEraseContentAndSettings | Boolean | Indicates whether or not to allow the use of the 'Erase all content and settings' option on the device when the device is in supervised mode. |
deviceBlockNameModification | Boolean | Indicates whether or not to allow device name modification when the device is in supervised mode (iOS 9.0 and later). |
diagnosticDataBlockSubmission | Boolean | Indicates whether or not to block diagnostic data submission. |
diagnosticDataBlockSubmissionModification | Boolean | Indicates whether or not to allow diagnostics submission settings modification when the device is in supervised mode (iOS 9.3.2 and later). |
documentsBlockManagedDocumentsInUnmanagedApps | Boolean | Indicates whether or not to block the user from viewing managed documents in unmanaged apps. |
documentsBlockUnmanagedDocumentsInManagedApps | Boolean | Indicates whether or not to block the user from viewing unmanaged documents in managed apps. |
emailInDomainSuffixes | String collection | An email address lacking a suffix that matches any of these strings will be considered out-of-domain. |
enterpriseAppBlockTrust | Boolean | Indicates whether or not to block the user from trusting an enterprise app. |
enterpriseAppBlockTrustModification | Boolean | [Deprecated] Configuring this setting and setting the value to 'true' has no effect on the device. |
faceTimeBlocked | Boolean | Indicates whether or not to block the user from using FaceTime. Requires a supervised device for iOS 13 and later. |
findMyFriendsBlocked | Boolean | Indicates whether or not to block changes to Find My Friends when the device is in supervised mode. |
gamingBlockGameCenterFriends | Boolean | Indicates whether or not to block the user from having friends in Game Center. Requires a supervised device for iOS 13 and later. |
gamingBlockMultiplayer | Boolean | Indicates whether or not to block the user from using multiplayer gaming. Requires a supervised device for iOS 13 and later. |
gameCenterBlocked | Boolean | Indicates whether or not to block the user from using Game Center when the device is in supervised mode. |
hostPairingBlocked | Boolean | indicates whether or not to allow host pairing to control the devices an iOS device can pair with when the iOS device is in supervised mode. |
iBooksStoreBlocked | Boolean | Indicates whether or not to block the user from using the iBooks Store when the device is in supervised mode. |
iBooksStoreBlockErotica | Boolean | Indicates whether or not to block the user from downloading media from the iBookstore that has been tagged as erotica. |
iCloudBlockActivityContinuation | Boolean | Indicates whether or not to block the user from continuing work they started on iOS device to another iOS or macOS device. |
iCloudBlockBackup | Boolean | Indicates whether or not to block iCloud backup. Requires a supervised device for iOS 13 and later. |
iCloudBlockDocumentSync | Boolean | Indicates whether or not to block iCloud document sync. Requires a supervised device for iOS 13 and later. |
iCloudBlockManagedAppsSync | Boolean | Indicates whether or not to block Managed Apps Cloud Sync. |
iCloudBlockPhotoLibrary | Boolean | Indicates whether or not to block iCloud Photo Library. |
iCloudBlockPhotoStreamSync | Boolean | Indicates whether or not to block iCloud Photo Stream Sync. |
iCloudBlockSharedPhotoStream | Boolean | Indicates whether or not to block Shared Photo Stream. |
iCloudRequireEncryptedBackup | Boolean | Indicates whether or not to require backups to iCloud be encrypted. |
iTunesBlockExplicitContent | Boolean | Indicates whether or not to block the user from accessing explicit content in iTunes and the App Store. Requires a supervised device for iOS 13 and later. |
iTunesBlockMusicService | Boolean | Indicates whether or not to block Music service and revert Music app to classic mode when the device is in supervised mode (iOS 9.3 and later and macOS 10.12 and later). |
iTunesBlockRadio | Boolean | Indicates whether or not to block the user from using iTunes Radio when the device is in supervised mode (iOS 9.3 and later). |
keyboardBlockAutoCorrect | Boolean | Indicates whether or not to block keyboard auto-correction when the device is in supervised mode (iOS 8.1.3 and later). |
keyboardBlockDictation | Boolean | Indicates whether or not to block the user from using dictation input when the device is in supervised mode. |
keyboardBlockPredictive | Boolean | Indicates whether or not to block predictive keyboards when device is in supervised mode (iOS 8.1.3 and later). |
keyboardBlockShortcuts | Boolean | Indicates whether or not to block keyboard shortcuts when the device is in supervised mode (iOS 9.0 and later). |
keyboardBlockSpellCheck | Boolean | Indicates whether or not to block keyboard spell-checking when the device is in supervised mode (iOS 8.1.3 and later). |
kioskModeAllowAssistiveSpeak | Boolean | Indicates whether or not to allow assistive speak while in kiosk mode. |
kioskModeAllowAssistiveTouchSettings | Boolean | Indicates whether or not to allow access to the Assistive Touch Settings while in kiosk mode. |
kioskModeAllowAutoLock | Boolean | Indicates whether or not to allow device auto lock while in kiosk mode. This property's functionality is redundant with the OS default and is deprecated. Use KioskModeBlockAutoLock instead. |
kioskModeAllowColorInversionSettings | Boolean | Indicates whether or not to allow access to the Color Inversion Settings while in kiosk mode. |
kioskModeAllowRingerSwitch | Boolean | Indicates whether or not to allow use of the ringer switch while in kiosk mode. This property's functionality is redundant with the OS default and is deprecated. Use KioskModeBlockRingerSwitch instead. |
kioskModeAllowScreenRotation | Boolean | Indicates whether or not to allow screen rotation while in kiosk mode. This property's functionality is redundant with the OS default and is deprecated. Use KioskModeBlockScreenRotation instead. |
kioskModeAllowSleepButton | Boolean | Indicates whether or not to allow use of the sleep button while in kiosk mode. This property's functionality is redundant with the OS default and is deprecated. Use KioskModeBlockSleepButton instead. |
kioskModeAllowTouchscreen | Boolean | Indicates whether or not to allow use of the touchscreen while in kiosk mode. This property's functionality is redundant with the OS default and is deprecated. Use KioskModeBlockTouchscreen instead. |
kioskModeAllowVoiceOverSettings | Boolean | Indicates whether or not to allow access to the voice over settings while in kiosk mode. |
kioskModeAllowVolumeButtons | Boolean | Indicates whether or not to allow use of the volume buttons while in kiosk mode. This property's functionality is redundant with the OS default and is deprecated. Use KioskModeBlockVolumeButtons instead. |
kioskModeAllowZoomSettings | Boolean | Indicates whether or not to allow access to the zoom settings while in kiosk mode. |
kioskModeAppStoreUrl | String | URL in the app store to the app to use for kiosk mode. Use if KioskModeManagedAppId is not known. |
kioskModeBuiltInAppId | String | ID for built-in apps to use for kiosk mode. Used when KioskModeManagedAppId and KioskModeAppStoreUrl are not set. |
kioskModeRequireAssistiveTouch | Boolean | Indicates whether or not to require assistive touch while in kiosk mode. |
kioskModeRequireColorInversion | Boolean | Indicates whether or not to require color inversion while in kiosk mode. |
kioskModeRequireMonoAudio | Boolean | Indicates whether or not to require mono audio while in kiosk mode. |
kioskModeRequireVoiceOver | Boolean | Indicates whether or not to require voice over while in kiosk mode. |
kioskModeRequireZoom | Boolean | Indicates whether or not to require zoom while in kiosk mode. |
kioskModeManagedAppId | String | Managed app id of the app to use for kiosk mode. If KioskModeManagedAppId is specified then KioskModeAppStoreUrl will be ignored. |
lockScreenBlockControlCenter | Boolean | Indicates whether or not to block the user from using control center on the lock screen. |
lockScreenBlockNotificationView | Boolean | Indicates whether or not to block the user from using the notification view on the lock screen. |
lockScreenBlockPassbook | Boolean | Indicates whether or not to block the user from using passbook when the device is locked. |
lockScreenBlockTodayView | Boolean | Indicates whether or not to block the user from using the Today View on the lock screen. |
mediaContentRatingAustralia | mediaContentRatingAustralia | Media content rating settings for Australia |
mediaContentRatingCanada | mediaContentRatingCanada | Media content rating settings for Canada |
mediaContentRatingFrance | mediaContentRatingFrance | Media content rating settings for France |
mediaContentRatingGermany | mediaContentRatingGermany | Media content rating settings for Germany |
mediaContentRatingIreland | mediaContentRatingIreland | Media content rating settings for Ireland |
mediaContentRatingJapan | mediaContentRatingJapan | Media content rating settings for Japan |
mediaContentRatingNewZealand | mediaContentRatingNewZealand | Media content rating settings for New Zealand |
mediaContentRatingUnitedKingdom | mediaContentRatingUnitedKingdom | Media content rating settings for United Kingdom |
mediaContentRatingUnitedStates | mediaContentRatingUnitedStates | Media content rating settings for United States |
networkUsageRules | iosNetworkUsageRule collection | List of managed apps and the network rules that applies to them. This collection can contain a maximum of 1000 elements. |
mediaContentRatingApps | ratingAppsType | Media content rating settings for Apps. Possible values are: allAllowed , allBlocked , agesAbove4 , agesAbove9 , agesAbove12 , agesAbove17 . |
messagesBlocked | Boolean | Indicates whether or not to block the user from using the Messages app on the supervised device. |
notificationsBlockSettingsModification | Boolean | Indicates whether or not to allow notifications settings modification (iOS 9.3 and later). |
passcodeBlockFingerprintUnlock | Boolean | Indicates whether or not to block fingerprint unlock. |
passcodeBlockFingerprintModification | Boolean | Block modification of registered Touch ID fingerprints when in supervised mode. |
passcodeBlockModification | Boolean | Indicates whether or not to allow passcode modification on the supervised device (iOS 9.0 and later). |
passcodeBlockSimple | Boolean | Indicates whether or not to block simple passcodes. |
passcodeExpirationDays | Int32 | Number of days before the passcode expires. Valid values 1 to 65535 |
passcodeMinimumLength | Int32 | Minimum length of passcode. Valid values 4 to 14 |
passcodeMinutesOfInactivityBeforeLock | Int32 | Minutes of inactivity before a passcode is required. |
passcodeMinutesOfInactivityBeforeScreenTimeout | Int32 | Minutes of inactivity before the screen times out. |
passcodeMinimumCharacterSetCount | Int32 | Number of character sets a passcode must contain. Valid values 0 to 4 |
passcodePreviousPasscodeBlockCount | Int32 | Number of previous passcodes to block. Valid values 1 to 24 |
passcodeSignInFailureCountBeforeWipe | Int32 | Number of sign in failures allowed before wiping the device. Valid values 2 to 11 |
passcodeRequiredType | requiredPasswordType | Type of passcode that is required. Possible values are: deviceDefault , alphanumeric , numeric . |
passcodeRequired | Boolean | Indicates whether or not to require a passcode. |
podcastsBlocked | Boolean | Indicates whether or not to block the user from using podcasts on the supervised device (iOS 8.0 and later). |
safariBlockAutofill | Boolean | Indicates whether or not to block the user from using Auto fill in Safari. Requires a supervised device for iOS 13 and later. |
safariBlockJavaScript | Boolean | Indicates whether or not to block JavaScript in Safari. |
safariBlockPopups | Boolean | Indicates whether or not to block popups in Safari. |
safariBlocked | Boolean | Indicates whether or not to block the user from using Safari. Requires a supervised device for iOS 13 and later. |
safariCookieSettings | webBrowserCookieSettings | Cookie settings for Safari. Possible values are: browserDefault , blockAlways , allowCurrentWebSite , allowFromWebsitesVisited , allowAlways . |
safariManagedDomains | String collection | URLs matching the patterns listed here will be considered managed. |
safariPasswordAutoFillDomains | String collection | Users can save passwords in Safari only from URLs matching the patterns listed here. Applies to devices in supervised mode (iOS 9.3 and later). |
safariRequireFraudWarning | Boolean | Indicates whether or not to require fraud warning in Safari. |
screenCaptureBlocked | Boolean | Indicates whether or not to block the user from taking Screenshots. |
siriBlocked | Boolean | Indicates whether or not to block the user from using Siri. |
siriBlockedWhenLocked | Boolean | Indicates whether or not to block the user from using Siri when locked. |
siriBlockUserGeneratedContent | Boolean | Indicates whether or not to block Siri from querying user-generated content when used on a supervised device. |
siriRequireProfanityFilter | Boolean | Indicates whether or not to prevent Siri from dictating, or speaking profane language on supervised device. |
spotlightBlockInternetResults | Boolean | Indicates whether or not to block Spotlight search from returning internet results on supervised device. |
voiceDialingBlocked | Boolean | Indicates whether or not to block voice dialing. |
wallpaperBlockModification | Boolean | Indicates whether or not to allow wallpaper modification on supervised device (iOS 9.0 and later) . |
wiFiConnectOnlyToConfiguredNetworks | Boolean | Indicates whether or not to force the device to use only Wi-Fi networks from configuration profiles when the device is in supervised mode. Available for devices running iOS and iPadOS versions 14.4 and earlier. Devices running 14.5+ should use the setting, “WiFiConnectToAllowedNetworksOnlyForced. |
iosikEv2VpnConfiguration
Property | Type | Description |
---|---|---|
id | String | Key of the entity. Inherited from deviceConfiguration |
lastModifiedDateTime | DateTimeOffset | DateTime the object was last modified. Inherited from deviceConfiguration |
roleScopeTagIds | String collection | List of Scope Tags for this Entity instance. Inherited from deviceConfiguration |
supportsScopeTags | Boolean | Indicates whether or not the underlying Device Configuration supports the assignment of scope tags. Assigning to the ScopeTags property is not allowed when this value is false and entities will not be visible to scoped users. This occurs for Legacy policies created in Silverlight and can be resolved by deleting and recreating the policy in the Azure Portal. This property is read-only. Inherited from deviceConfiguration |
deviceManagementApplicabilityRuleOsEdition | deviceManagementApplicabilityRuleOsEdition | The OS edition applicability for this Policy. Inherited from deviceConfiguration |
deviceManagementApplicabilityRuleOsVersion | deviceManagementApplicabilityRuleOsVersion | The OS version applicability rule for this Policy. Inherited from deviceConfiguration |
deviceManagementApplicabilityRuleDeviceMode | deviceManagementApplicabilityRuleDeviceMode | The device mode applicability rule for this Policy. Inherited from deviceConfiguration |
createdDateTime | DateTimeOffset | DateTime the object was created. Inherited from deviceConfiguration |
description | String | Admin provided description of the Device Configuration. Inherited from deviceConfiguration |
displayName | String | Admin provided name of the device configuration. Inherited from deviceConfiguration |
version | Int32 | Version of the device configuration. Inherited from deviceConfiguration |
connectionName | String | Connection name displayed to the user. Inherited from appleVpnConfiguration |
connectionType | appleVpnConnectionType | Connection type. Inherited from appleVpnConfiguration. Possible values are: ciscoAnyConnect , pulseSecure , f5EdgeClient , dellSonicWallMobileConnect , checkPointCapsuleVpn , customVpn , ciscoIPSec , citrix , ciscoAnyConnectV2 , paloAltoGlobalProtect , zscalerPrivateAccess , f5Access2018 , citrixSso , paloAltoGlobalProtectV2 , ikEv2 , alwaysOn , microsoftTunnel , netMotionMobility , microsoftProtect . |
loginGroupOrDomain | String | Login group or domain when connection type is set to Dell SonicWALL Mobile Connection. Inherited from appleVpnConfiguration |
role | String | Role when connection type is set to Pulse Secure. Inherited from appleVpnConfiguration |
realm | String | Realm when connection type is set to Pulse Secure. Inherited from appleVpnConfiguration |
server | vpnServer | VPN Server on the network. Make sure end users can access this network location. Inherited from appleVpnConfiguration |
identifier | String | Identifier provided by VPN vendor when connection type is set to Custom VPN. For example: Cisco AnyConnect uses an identifier of the form com.cisco.anyconnect.applevpn.plugin Inherited from appleVpnConfiguration |
customData | keyValue collection | Custom data when connection type is set to Custom VPN. Use this field to enable functionality not supported by Intune, but available in your VPN solution. Contact your VPN vendor to learn how to add these key/value pairs. This collection can contain a maximum of 25 elements. Inherited from appleVpnConfiguration |
customKeyValueData | keyValuePair collection | Custom data when connection type is set to Custom VPN. Use this field to enable functionality not supported by Intune, but available in your VPN solution. Contact your VPN vendor to learn how to add these key/value pairs. This collection can contain a maximum of 25 elements. Inherited from appleVpnConfiguration |
enableSplitTunneling | Boolean | Send all network traffic through VPN. Inherited from appleVpnConfiguration |
authenticationMethod | vpnAuthenticationMethod | Authentication method for this VPN connection. Inherited from appleVpnConfiguration. Possible values are: certificate , usernameAndPassword , sharedSecret , derivedCredential , azureAD . |
enablePerApp | Boolean | Setting this to true creates Per-App VPN payload which can later be associated with Apps that can trigger this VPN conneciton on the end user's iOS device. Inherited from appleVpnConfiguration |
safariDomains | String collection | Safari domains when this VPN per App setting is enabled. In addition to the apps associated with this VPN, Safari domains specified here will also be able to trigger this VPN connection. Inherited from appleVpnConfiguration |
onDemandRules | vpnOnDemandRule collection | On-Demand Rules. This collection can contain a maximum of 500 elements. Inherited from appleVpnConfiguration |
providerType | vpnProviderType | Provider type for per-app VPN. Inherited from appleVpnConfiguration. Possible values are: notConfigured , appProxy , packetTunnel . |
associatedDomains | String collection | Associated Domains Inherited from appleVpnConfiguration |
excludedDomains | String collection | Domains that are accessed through the public internet instead of through VPN, even when per-app VPN is activated Inherited from appleVpnConfiguration |
disableOnDemandUserOverride | Boolean | Toggle to prevent user from disabling automatic VPN in the Settings app Inherited from appleVpnConfiguration |
disconnectOnIdle | Boolean | Whether to disconnect after on-demand connection idles Inherited from appleVpnConfiguration |
disconnectOnIdleTimerInSeconds | Int32 | The length of time in seconds to wait before disconnecting an on-demand connection. Valid values 0 to 65535 Inherited from appleVpnConfiguration |
proxyServer | vpnProxyServer | Proxy Server. Inherited from appleVpnConfiguration |
optInToDeviceIdSharing | Boolean | Opt-In to sharing the device's Id to third-party vpn clients for use during network access control validation. Inherited from appleVpnConfiguration |
userDomain | String | Zscaler only. Enter a static domain to pre-populate the login field with in the Zscaler app. If this is left empty, the user's Azure Active Directory domain will be used instead. Inherited from iosVpnConfiguration |
strictEnforcement | Boolean | Zscaler only. Blocks network traffic until the user signs into Zscaler app. "True" means traffic is blocked. Inherited from iosVpnConfiguration |
cloudName | String | Zscaler only. Zscaler cloud which the user is assigned to. Inherited from iosVpnConfiguration |
excludeList | String collection | Zscaler only. List of network addresses which are not sent through the Zscaler cloud. Inherited from iosVpnConfiguration |
targetedMobileApps | appListItem collection | Targeted mobile apps. This collection can contain a maximum of 500 elements. Inherited from iosVpnConfiguration |
microsoftTunnelSiteId | String | Microsoft Tunnel site ID. Inherited from iosVpnConfiguration |
childSecurityAssociationParameters | iosVpnSecurityAssociationParameters | Child Security Association Parameters |
clientAuthenticationType | vpnClientAuthenticationType | Type of Client Authentication the VPN client will use. Possible values are: userAuthentication , deviceAuthentication . |
deadPeerDetectionRate | vpnDeadPeerDetectionRate | Determine how often to check if a peer connection is still active. . Possible values are: medium , none , low , high . |
disableMobilityAndMultihoming | Boolean | Disable MOBIKE |
disableRedirect | Boolean | Disable Redirect |
enableCertificateRevocationCheck | Boolean | Enables a best-effort revocation check; server response timeouts will not cause it to fail |
enableEAP | Boolean | Enables EAP only authentication |
enablePerfectForwardSecrecy | Boolean | Enable Perfect Forward Secrecy (PFS). |
enableUseInternalSubnetAttributes | Boolean | Enable Use Internal Subnet Attributes. |
localIdentifier | vpnLocalIdentifier | Method of identifying the client that is trying to connect via VPN. . Possible values are: deviceFQDN , empty , clientCertificateSubjectName . |
remoteIdentifier | String | Address of the IKEv2 server. Must be a FQDN, UserFQDN, network address, or ASN1DN |
securityAssociationParameters | iosVpnSecurityAssociationParameters | Security Association Parameters |
serverCertificateCommonName | String | Common name of the IKEv2 Server Certificate used in Server Authentication |
serverCertificateIssuerCommonName | String | Issuer Common name of the IKEv2 Server Certificate issuer used in Authentication |
serverCertificateType | vpnServerCertificateType | The type of certificate the VPN server will present to the VPN client for authentication. Possible values are: rsa , ecdsa256 , ecdsa384 , ecdsa521 . |
sharedSecret | String | Used when Shared Secret Authentication is selected |
tlsMaximumVersion | String | The maximum TLS version to be used with EAP-TLS authentication |
tlsMinimumVersion | String | The minimum TLS version to be used with EAP-TLS authentication |
allowDefaultSecurityAssociationParameters | Boolean | Allows the use of security association parameters by setting all parameters to the device's default unless explicitly specified. |
allowDefaultChildSecurityAssociationParameters | Boolean | Allows the use of child security association parameters by setting all parameters to the device's default unless explicitly specified. |
alwaysOnConfiguration | appleVpnAlwaysOnConfiguration | AlwaysOn Configuration |
enableAlwaysOnConfiguration | Boolean | Determines if Always on VPN is enabled |
mtuSizeInBytes | Int32 | Maximum transmission unit. Valid values 1280 to 1400 |
iosImportedPFXCertificateProfile
Property | Type | Description |
---|---|---|
id | String | Key of the entity. Inherited from deviceConfiguration |
lastModifiedDateTime | DateTimeOffset | DateTime the object was last modified. Inherited from deviceConfiguration |
roleScopeTagIds | String collection | List of Scope Tags for this Entity instance. Inherited from deviceConfiguration |
supportsScopeTags | Boolean | Indicates whether or not the underlying Device Configuration supports the assignment of scope tags. Assigning to the ScopeTags property is not allowed when this value is false and entities will not be visible to scoped users. This occurs for Legacy policies created in Silverlight and can be resolved by deleting and recreating the policy in the Azure Portal. This property is read-only. Inherited from deviceConfiguration |
deviceManagementApplicabilityRuleOsEdition | deviceManagementApplicabilityRuleOsEdition | The OS edition applicability for this Policy. Inherited from deviceConfiguration |
deviceManagementApplicabilityRuleOsVersion | deviceManagementApplicabilityRuleOsVersion | The OS version applicability rule for this Policy. Inherited from deviceConfiguration |
deviceManagementApplicabilityRuleDeviceMode | deviceManagementApplicabilityRuleDeviceMode | The device mode applicability rule for this Policy. Inherited from deviceConfiguration |
createdDateTime | DateTimeOffset | DateTime the object was created. Inherited from deviceConfiguration |
description | String | Admin provided description of the Device Configuration. Inherited from deviceConfiguration |
displayName | String | Admin provided name of the device configuration. Inherited from deviceConfiguration |
version | Int32 | Version of the device configuration. Inherited from deviceConfiguration |
intendedPurpose | intendedPurpose | Intended Purpose of the Certificate Profile - which could be Unassigned, SmimeEncryption, SmimeSigning etc. Possible values are: unassigned , smimeEncryption , smimeSigning , vpn , wifi . |
iosPkcsCertificateProfile
Property | Type | Description |
---|---|---|
id | String | Key of the entity. Inherited from deviceConfiguration |
lastModifiedDateTime | DateTimeOffset | DateTime the object was last modified. Inherited from deviceConfiguration |
roleScopeTagIds | String collection | List of Scope Tags for this Entity instance. Inherited from deviceConfiguration |
supportsScopeTags | Boolean | Indicates whether or not the underlying Device Configuration supports the assignment of scope tags. Assigning to the ScopeTags property is not allowed when this value is false and entities will not be visible to scoped users. This occurs for Legacy policies created in Silverlight and can be resolved by deleting and recreating the policy in the Azure Portal. This property is read-only. Inherited from deviceConfiguration |
deviceManagementApplicabilityRuleOsEdition | deviceManagementApplicabilityRuleOsEdition | The OS edition applicability for this Policy. Inherited from deviceConfiguration |
deviceManagementApplicabilityRuleOsVersion | deviceManagementApplicabilityRuleOsVersion | The OS version applicability rule for this Policy. Inherited from deviceConfiguration |
deviceManagementApplicabilityRuleDeviceMode | deviceManagementApplicabilityRuleDeviceMode | The device mode applicability rule for this Policy. Inherited from deviceConfiguration |
createdDateTime | DateTimeOffset | DateTime the object was created. Inherited from deviceConfiguration |
description | String | Admin provided description of the Device Configuration. Inherited from deviceConfiguration |
displayName | String | Admin provided name of the device configuration. Inherited from deviceConfiguration |
version | Int32 | Version of the device configuration. Inherited from deviceConfiguration |
renewalThresholdPercentage | Int32 | Certificate renewal threshold percentage. Valid values 1 to 99 Inherited from iosCertificateProfileBase |
subjectNameFormat | appleSubjectNameFormat | Certificate Subject Name Format. Inherited from iosCertificateProfileBase. Possible values are: commonName , commonNameAsEmail , custom , commonNameIncludingEmail , commonNameAsIMEI , commonNameAsSerialNumber . |
subjectAlternativeNameType | subjectAlternativeNameType | Certificate Subject Alternative Name type. Inherited from iosCertificateProfileBase. Possible values are: none , emailAddress , userPrincipalName , customAzureADAttribute , domainNameService , universalResourceIdentifier . |
certificateValidityPeriodValue | Int32 | Value for the Certificate Validity Period. Inherited from iosCertificateProfileBase |
certificateValidityPeriodScale | certificateValidityPeriodScale | Scale for the Certificate Validity Period. Inherited from iosCertificateProfileBase. Possible values are: days , months , years . |
certificationAuthority | String | PKCS Certification Authority. |
certificationAuthorityName | String | PKCS Certification Authority Name. |
certificateTemplateName | String | PKCS Certificate Template Name. |
subjectAlternativeNameFormatString | String | Custom String that defines the AAD Attribute. |
subjectNameFormatString | String | Custom format to use with SubjectNameFormat = Custom. Example: CN={{EmailAddress}},E={{EmailAddress}},OU=Enterprise Users,O=Contoso Corporation,L=Redmond,ST=WA,C=US |
certificateStore | certificateStore | Target store certificate. Possible values are: user , machine . |
customSubjectAlternativeNames | customSubjectAlternativeName collection | Custom Subject Alternative Name Settings. This collection can contain a maximum of 500 elements. |
iosScepCertificateProfile
Property | Type | Description |
---|---|---|
id | String | Key of the entity. Inherited from deviceConfiguration |
lastModifiedDateTime | DateTimeOffset | DateTime the object was last modified. Inherited from deviceConfiguration |
roleScopeTagIds | String collection | List of Scope Tags for this Entity instance. Inherited from deviceConfiguration |
supportsScopeTags | Boolean | Indicates whether or not the underlying Device Configuration supports the assignment of scope tags. Assigning to the ScopeTags property is not allowed when this value is false and entities will not be visible to scoped users. This occurs for Legacy policies created in Silverlight and can be resolved by deleting and recreating the policy in the Azure Portal. This property is read-only. Inherited from deviceConfiguration |
deviceManagementApplicabilityRuleOsEdition | deviceManagementApplicabilityRuleOsEdition | The OS edition applicability for this Policy. Inherited from deviceConfiguration |
deviceManagementApplicabilityRuleOsVersion | deviceManagementApplicabilityRuleOsVersion | The OS version applicability rule for this Policy. Inherited from deviceConfiguration |
deviceManagementApplicabilityRuleDeviceMode | deviceManagementApplicabilityRuleDeviceMode | The device mode applicability rule for this Policy. Inherited from deviceConfiguration |
createdDateTime | DateTimeOffset | DateTime the object was created. Inherited from deviceConfiguration |
description | String | Admin provided description of the Device Configuration. Inherited from deviceConfiguration |
displayName | String | Admin provided name of the device configuration. Inherited from deviceConfiguration |
version | Int32 | Version of the device configuration. Inherited from deviceConfiguration |
renewalThresholdPercentage | Int32 | Certificate renewal threshold percentage. Valid values 1 to 99 Inherited from iosCertificateProfileBase |
subjectNameFormat | appleSubjectNameFormat | Certificate Subject Name Format. Inherited from iosCertificateProfileBase. Possible values are: commonName , commonNameAsEmail , custom , commonNameIncludingEmail , commonNameAsIMEI , commonNameAsSerialNumber . |
subjectAlternativeNameType | subjectAlternativeNameType | Certificate Subject Alternative Name type. Inherited from iosCertificateProfileBase. Possible values are: none , emailAddress , userPrincipalName , customAzureADAttribute , domainNameService , universalResourceIdentifier . |
certificateValidityPeriodValue | Int32 | Value for the Certificate Validity Period. Inherited from iosCertificateProfileBase |
certificateValidityPeriodScale | certificateValidityPeriodScale | Scale for the Certificate Validity Period. Inherited from iosCertificateProfileBase. Possible values are: days , months , years . |
scepServerUrls | String collection | SCEP Server Url(s). |
subjectNameFormatString | String | Custom format to use with SubjectNameFormat = Custom. Example: CN={{EmailAddress}},E={{EmailAddress}},OU=Enterprise Users,O=Contoso Corporation,L=Redmond,ST=WA,C=US |
keyUsage | keyUsages | SCEP Key Usage. Possible values are: keyEncipherment , digitalSignature . |
keySize | keySize | SCEP Key Size. Possible values are: size1024 , size2048 , size4096 . |
extendedKeyUsages | extendedKeyUsage collection | Extended Key Usage (EKU) settings. This collection can contain a maximum of 500 elements. |
subjectAlternativeNameFormatString | String | Custom String that defines the AAD Attribute. |
certificateStore | certificateStore | Target store certificate. Possible values are: user , machine . |
customSubjectAlternativeNames | customSubjectAlternativeName collection | Custom Subject Alternative Name Settings. The OnPremisesUserPrincipalName variable is support as well as others documented here: https://go.microsoft.com/fwlink/?LinkId=2027630. This collection can contain a maximum of 500 elements. |
iosTrustedRootCertificate
Property | Type | Description |
---|---|---|
id | String | Key of the entity. Inherited from deviceConfiguration |
lastModifiedDateTime | DateTimeOffset | DateTime the object was last modified. Inherited from deviceConfiguration |
roleScopeTagIds | String collection | List of Scope Tags for this Entity instance. Inherited from deviceConfiguration |
supportsScopeTags | Boolean | Indicates whether or not the underlying Device Configuration supports the assignment of scope tags. Assigning to the ScopeTags property is not allowed when this value is false and entities will not be visible to scoped users. This occurs for Legacy policies created in Silverlight and can be resolved by deleting and recreating the policy in the Azure Portal. This property is read-only. Inherited from deviceConfiguration |
deviceManagementApplicabilityRuleOsEdition | deviceManagementApplicabilityRuleOsEdition | The OS edition applicability for this Policy. Inherited from deviceConfiguration |
deviceManagementApplicabilityRuleOsVersion | deviceManagementApplicabilityRuleOsVersion | The OS version applicability rule for this Policy. Inherited from deviceConfiguration |
deviceManagementApplicabilityRuleDeviceMode | deviceManagementApplicabilityRuleDeviceMode | The device mode applicability rule for this Policy. Inherited from deviceConfiguration |
createdDateTime | DateTimeOffset | DateTime the object was created. Inherited from deviceConfiguration |
description | String | Admin provided description of the Device Configuration. Inherited from deviceConfiguration |
displayName | String | Admin provided name of the device configuration. Inherited from deviceConfiguration |
version | Int32 | Version of the device configuration. Inherited from deviceConfiguration |
trustedRootCertificate | Binary | Trusted Root Certificate. |
certFileName | String | File name to display in UI. |
iosUpdateConfiguration
Property | Type | Description |
---|---|---|
id | String | Key of the entity. Inherited from deviceConfiguration |
lastModifiedDateTime | DateTimeOffset | DateTime the object was last modified. Inherited from deviceConfiguration |
createdDateTime | DateTimeOffset | DateTime the object was created. Inherited from deviceConfiguration |
description | String | Admin provided description of the Device Configuration. Inherited from deviceConfiguration |
displayName | String | Admin provided name of the device configuration. Inherited from deviceConfiguration |
version | Int32 | Version of the device configuration. Inherited from deviceConfiguration |
activeHoursStart | TimeOfDay | Active Hours Start (active hours mean the time window when updates install should not happen) |
activeHoursEnd | TimeOfDay | Active Hours End (active hours mean the time window when updates install should not happen) |
scheduledInstallDays | dayOfWeek collection | Days in week for which active hours are configured. This collection can contain a maximum of 7 elements. |
utcTimeOffsetInMinutes | Int32 | UTC Time Offset indicated in minutes |
iosUpdateDeviceStatus
Property | Type | Description |
---|---|---|
id | String | Key of the entity. |
installStatus | iosUpdatesInstallStatus | The installation status of the policy report. Possible values are: success , available , idle , unknown , downloading , downloadFailed , downloadRequiresComputer , downloadInsufficientSpace , downloadInsufficientPower , downloadInsufficientNetwork , installing , installInsufficientSpace , installInsufficientPower , installPhoneCallInProgress , installFailed , notSupportedOperation , sharedDeviceUserLoggedInError , deviceOsHigherThanDesiredOsVersion . |
osVersion | String | The device version that is being reported. |
deviceId | String | The device id that is being reported. |
userId | String | The User id that is being reported. |
deviceDisplayName | String | Device name of the DevicePolicyStatus. |
userName | String | The User Name that is being reported |
deviceModel | String | The device model that is being reported |
complianceGracePeriodExpirationDateTime | DateTimeOffset | The DateTime when device compliance grace period expires |
status | complianceStatus | Compliance status of the policy report. Possible values are: unknown , notApplicable , compliant , remediated , nonCompliant , error , conflict , notAssigned . |
lastReportedDateTime | DateTimeOffset | Last modified date time of the policy report. |
userPrincipalName | String | UserPrincipalName. |
iosVpnConfiguration
Property | Type | Description |
---|---|---|
id | String | Key of the entity. Inherited from deviceConfiguration |
lastModifiedDateTime | DateTimeOffset | DateTime the object was last modified. Inherited from deviceConfiguration |
roleScopeTagIds | String collection | List of Scope Tags for this Entity instance. Inherited from deviceConfiguration |
supportsScopeTags | Boolean | Indicates whether or not the underlying Device Configuration supports the assignment of scope tags. Assigning to the ScopeTags property is not allowed when this value is false and entities will not be visible to scoped users. This occurs for Legacy policies created in Silverlight and can be resolved by deleting and recreating the policy in the Azure Portal. This property is read-only. Inherited from deviceConfiguration |
deviceManagementApplicabilityRuleOsEdition | deviceManagementApplicabilityRuleOsEdition | The OS edition applicability for this Policy. Inherited from deviceConfiguration |
deviceManagementApplicabilityRuleOsVersion | deviceManagementApplicabilityRuleOsVersion | The OS version applicability rule for this Policy. Inherited from deviceConfiguration |
deviceManagementApplicabilityRuleDeviceMode | deviceManagementApplicabilityRuleDeviceMode | The device mode applicability rule for this Policy. Inherited from deviceConfiguration |
createdDateTime | DateTimeOffset | DateTime the object was created. Inherited from deviceConfiguration |
description | String | Admin provided description of the Device Configuration. Inherited from deviceConfiguration |
displayName | String | Admin provided name of the device configuration. Inherited from deviceConfiguration |
version | Int32 | Version of the device configuration. Inherited from deviceConfiguration |
connectionName | String | Connection name displayed to the user. Inherited from appleVpnConfiguration |
connectionType | appleVpnConnectionType | Connection type. Inherited from appleVpnConfiguration. Possible values are: ciscoAnyConnect , pulseSecure , f5EdgeClient , dellSonicWallMobileConnect , checkPointCapsuleVpn , customVpn , ciscoIPSec , citrix , ciscoAnyConnectV2 , paloAltoGlobalProtect , zscalerPrivateAccess , f5Access2018 , citrixSso , paloAltoGlobalProtectV2 , ikEv2 , alwaysOn , microsoftTunnel , netMotionMobility , microsoftProtect . |
loginGroupOrDomain | String | Login group or domain when connection type is set to Dell SonicWALL Mobile Connection. Inherited from appleVpnConfiguration |
role | String | Role when connection type is set to Pulse Secure. Inherited from appleVpnConfiguration |
realm | String | Realm when connection type is set to Pulse Secure. Inherited from appleVpnConfiguration |
server | vpnServer | VPN Server on the network. Make sure end users can access this network location. Inherited from appleVpnConfiguration |
identifier | String | Identifier provided by VPN vendor when connection type is set to Custom VPN. For example: Cisco AnyConnect uses an identifier of the form com.cisco.anyconnect.applevpn.plugin Inherited from appleVpnConfiguration |
customData | keyValue collection | Custom data when connection type is set to Custom VPN. Use this field to enable functionality not supported by Intune, but available in your VPN solution. Contact your VPN vendor to learn how to add these key/value pairs. This collection can contain a maximum of 25 elements. Inherited from appleVpnConfiguration |
customKeyValueData | keyValuePair collection | Custom data when connection type is set to Custom VPN. Use this field to enable functionality not supported by Intune, but available in your VPN solution. Contact your VPN vendor to learn how to add these key/value pairs. This collection can contain a maximum of 25 elements. Inherited from appleVpnConfiguration |
enableSplitTunneling | Boolean | Send all network traffic through VPN. Inherited from appleVpnConfiguration |
authenticationMethod | vpnAuthenticationMethod | Authentication method for this VPN connection. Inherited from appleVpnConfiguration. Possible values are: certificate , usernameAndPassword , sharedSecret , derivedCredential , azureAD . |
enablePerApp | Boolean | Setting this to true creates Per-App VPN payload which can later be associated with Apps that can trigger this VPN conneciton on the end user's iOS device. Inherited from appleVpnConfiguration |
safariDomains | String collection | Safari domains when this VPN per App setting is enabled. In addition to the apps associated with this VPN, Safari domains specified here will also be able to trigger this VPN connection. Inherited from appleVpnConfiguration |
onDemandRules | vpnOnDemandRule collection | On-Demand Rules. This collection can contain a maximum of 500 elements. Inherited from appleVpnConfiguration |
providerType | vpnProviderType | Provider type for per-app VPN. Inherited from appleVpnConfiguration. Possible values are: notConfigured , appProxy , packetTunnel . |
associatedDomains | String collection | Associated Domains Inherited from appleVpnConfiguration |
excludedDomains | String collection | Domains that are accessed through the public internet instead of through VPN, even when per-app VPN is activated Inherited from appleVpnConfiguration |
disableOnDemandUserOverride | Boolean | Toggle to prevent user from disabling automatic VPN in the Settings app Inherited from appleVpnConfiguration |
disconnectOnIdle | Boolean | Whether to disconnect after on-demand connection idles Inherited from appleVpnConfiguration |
disconnectOnIdleTimerInSeconds | Int32 | The length of time in seconds to wait before disconnecting an on-demand connection. Valid values 0 to 65535 Inherited from appleVpnConfiguration |
proxyServer | vpnProxyServer | Proxy Server. Inherited from appleVpnConfiguration |
optInToDeviceIdSharing | Boolean | Opt-In to sharing the device's Id to third-party vpn clients for use during network access control validation. Inherited from appleVpnConfiguration |
userDomain | String | Zscaler only. Enter a static domain to pre-populate the login field with in the Zscaler app. If this is left empty, the user's Azure Active Directory domain will be used instead. |
strictEnforcement | Boolean | Zscaler only. Blocks network traffic until the user signs into Zscaler app. "True" means traffic is blocked. |
cloudName | String | Zscaler only. Zscaler cloud which the user is assigned to. |
excludeList | String collection | Zscaler only. List of network addresses which are not sent through the Zscaler cloud. |
targetedMobileApps | appListItem collection | Targeted mobile apps. This collection can contain a maximum of 500 elements. |
microsoftTunnelSiteId | String | Microsoft Tunnel site ID. |
iosWiFiConfiguration
Property | Type | Description |
---|---|---|
id | String | Key of the entity. Inherited from deviceConfiguration |
lastModifiedDateTime | DateTimeOffset | DateTime the object was last modified. Inherited from deviceConfiguration |
roleScopeTagIds | String collection | List of Scope Tags for this Entity instance. Inherited from deviceConfiguration |
supportsScopeTags | Boolean | Indicates whether or not the underlying Device Configuration supports the assignment of scope tags. Assigning to the ScopeTags property is not allowed when this value is false and entities will not be visible to scoped users. This occurs for Legacy policies created in Silverlight and can be resolved by deleting and recreating the policy in the Azure Portal. This property is read-only. Inherited from deviceConfiguration |
deviceManagementApplicabilityRuleOsEdition | deviceManagementApplicabilityRuleOsEdition | The OS edition applicability for this Policy. Inherited from deviceConfiguration |
deviceManagementApplicabilityRuleOsVersion | deviceManagementApplicabilityRuleOsVersion | The OS version applicability rule for this Policy. Inherited from deviceConfiguration |
deviceManagementApplicabilityRuleDeviceMode | deviceManagementApplicabilityRuleDeviceMode | The device mode applicability rule for this Policy. Inherited from deviceConfiguration |
createdDateTime | DateTimeOffset | DateTime the object was created. Inherited from deviceConfiguration |
description | String | Admin provided description of the Device Configuration. Inherited from deviceConfiguration |
displayName | String | Admin provided name of the device configuration. Inherited from deviceConfiguration |
version | Int32 | Version of the device configuration. Inherited from deviceConfiguration |
networkName | String | Network Name |
ssid | String | This is the name of the Wi-Fi network that is broadcast to all devices. |
connectAutomatically | Boolean | Connect automatically when this network is in range. Setting this to true will skip the user prompt and automatically connect the device to Wi-Fi network. |
connectWhenNetworkNameIsHidden | Boolean | Connect when the network is not broadcasting its name (SSID). When set to true, this profile forces the device to connect to a network that doesn't broadcast its SSID to all devices. |
wiFiSecurityType | wiFiSecurityType | Indicates whether Wi-Fi endpoint uses an EAP based security type. Possible values are: open , wpaPersonal , wpaEnterprise , wep , wpa2Personal , wpa2Enterprise . |
proxySettings | wiFiProxySetting | Proxy Type for this Wi-Fi connection. Possible values are: none , manual , automatic . |
proxyManualAddress | String | IP Address or DNS hostname of the proxy server when manual configuration is selected. |
proxyManualPort | Int32 | Port of the proxy server when manual configuration is selected. |
proxyAutomaticConfigurationUrl | String | URL of the proxy server automatic configuration script when automatic configuration is selected. This URL is typically the location of PAC (Proxy Auto Configuration) file. |
disableMacAddressRandomization | Boolean | If set to true, forces devices connecting using this Wi-Fi profile to present their actual Wi-Fi MAC address instead of a random MAC address. Applies to iOS 14 and later. |
preSharedKey | String | This is the pre-shared key for WPA Personal Wi-Fi network. |
macOSCertificateProfileBase
Property | Type | Description |
---|---|---|
id | String | Key of the entity. Inherited from deviceConfiguration |
lastModifiedDateTime | DateTimeOffset | DateTime the object was last modified. Inherited from deviceConfiguration |
roleScopeTagIds | String collection | List of Scope Tags for this Entity instance. Inherited from deviceConfiguration |
supportsScopeTags | Boolean | Indicates whether or not the underlying Device Configuration supports the assignment of scope tags. Assigning to the ScopeTags property is not allowed when this value is false and entities will not be visible to scoped users. This occurs for Legacy policies created in Silverlight and can be resolved by deleting and recreating the policy in the Azure Portal. This property is read-only. Inherited from deviceConfiguration |
deviceManagementApplicabilityRuleOsEdition | deviceManagementApplicabilityRuleOsEdition | The OS edition applicability for this Policy. Inherited from deviceConfiguration |
deviceManagementApplicabilityRuleOsVersion | deviceManagementApplicabilityRuleOsVersion | The OS version applicability rule for this Policy. Inherited from deviceConfiguration |
deviceManagementApplicabilityRuleDeviceMode | deviceManagementApplicabilityRuleDeviceMode | The device mode applicability rule for this Policy. Inherited from deviceConfiguration |
createdDateTime | DateTimeOffset | DateTime the object was created. Inherited from deviceConfiguration |
description | String | Admin provided description of the Device Configuration. Inherited from deviceConfiguration |
displayName | String | Admin provided name of the device configuration. Inherited from deviceConfiguration |
version | Int32 | Version of the device configuration. Inherited from deviceConfiguration |
renewalThresholdPercentage | Int32 | Certificate renewal threshold percentage. |
subjectNameFormat | appleSubjectNameFormat | Certificate Subject Name Format. Possible values are: commonName , commonNameAsEmail , custom , commonNameIncludingEmail , commonNameAsIMEI , commonNameAsSerialNumber . |
subjectAlternativeNameType | subjectAlternativeNameType | Certificate Subject Alternative Name Type. Possible values are: none , emailAddress , userPrincipalName , customAzureADAttribute , domainNameService , universalResourceIdentifier . |
certificateValidityPeriodValue | Int32 | Value for the Certificate Validity Period. |
certificateValidityPeriodScale | certificateValidityPeriodScale | Scale for the Certificate Validity Period. Possible values are: days , months , years . |
macOSCompliancePolicy
Property | Type | Description |
---|---|---|
id | String | Key of the entity. Inherited from deviceCompliancePolicy |
createdDateTime | DateTimeOffset | DateTime the object was created. Inherited from deviceCompliancePolicy |
description | String | Admin provided description of the Device Configuration. Inherited from deviceCompliancePolicy |
lastModifiedDateTime | DateTimeOffset | DateTime the object was last modified. Inherited from deviceCompliancePolicy |
displayName | String | Admin provided name of the device configuration. Inherited from deviceCompliancePolicy |
version | Int32 | Version of the device configuration. Inherited from deviceCompliancePolicy |
passwordRequired | Boolean | Whether or not to require a password. |
passwordBlockSimple | Boolean | Indicates whether or not to block simple passwords. |
passwordExpirationDays | Int32 | Number of days before the password expires. Valid values 1 to 65535 |
passwordMinimumLength | Int32 | Minimum length of password. Valid values 4 to 14 |
passwordMinutesOfInactivityBeforeLock | Int32 | Minutes of inactivity before a password is required. |
passwordPreviousPasswordBlockCount | Int32 | Number of previous passwords to block. Valid values 1 to 24 |
passwordMinimumCharacterSetCount | Int32 | The number of character sets required in the password. |
passwordRequiredType | requiredPasswordType | The required password type. Possible values are: deviceDefault , alphanumeric , numeric . |
osMinimumVersion | String | Minimum MacOS version. |
osMaximumVersion | String | Maximum MacOS version. |
systemIntegrityProtectionEnabled | Boolean | Require that devices have enabled system integrity protection. |
deviceThreatProtectionEnabled | Boolean | Require that devices have enabled device threat protection. |
deviceThreatProtectionRequiredSecurityLevel | deviceThreatProtectionLevel | Require Mobile Threat Protection minimum risk level to report noncompliance. Possible values are: unavailable , secured , low , medium , high , notSet . |
storageRequireEncryption | Boolean | Require encryption on Mac OS devices. |
firewallEnabled | Boolean | Whether the firewall should be enabled or not. |
firewallBlockAllIncoming | Boolean | Corresponds to the “Block all incoming connections” option. |
firewallEnableStealthMode | Boolean | Corresponds to “Enable stealth mode.” |
macOSCustomAppConfiguration
Property | Type | Description | |
---|---|---|---|
id | String | Key of the entity. Inherited from deviceConfiguration | |
lastModifiedDateTime | DateTimeOffset | DateTime the object was last modified. Inherited from deviceConfiguration | |
roleScopeTagIds | String collection | List of Scope Tags for this Entity instance. Inherited from deviceConfiguration | |
supportsScopeTags | Boolean | Indicates whether or not the underlying Device Configuration supports the assignment of scope tags. Assigning to the ScopeTags property is not allowed when this value is false and entities will not be visible to scoped users. This occurs for Legacy policies created in Silverlight and can be resolved by deleting and recreating the policy in the Azure Portal. This property is read-only. Inherited from deviceConfiguration | |
deviceManagementApplicabilityRuleOsEdition | deviceManagementApplicabilityRuleOsEdition | The OS edition applicability for this Policy. Inherited from deviceConfiguration | |
deviceManagementApplicabilityRuleOsVersion | deviceManagementApplicabilityRuleOsVersion | The OS version applicability rule for this Policy. Inherited from deviceConfiguration | |
deviceManagementApplicabilityRuleDeviceMode | deviceManagementApplicabilityRuleDeviceMode | The device mode applicability rule for this Policy. Inherited from deviceConfiguration | |
createdDateTime | DateTimeOffset | DateTime the object was created. Inherited from deviceConfiguration | |
description | String | Admin provided description of the Device Configuration. Inherited from deviceConfiguration | |
displayName | String | Admin provided name of the device configuration. Inherited from deviceConfiguration | |
version | Int32 | Version of the device configuration. Inherited from deviceConfiguration | |
bundleId | String | Bundle id for targeting. | |
fileName | String | Configuration file name (*.plist | *.xml). |
configurationXml | Binary | Configuration xml. (UTF8 encoded byte array) |
macOSCustomConfiguration
Property | Type | Description | |
---|---|---|---|
id | String | Key of the entity. Inherited from deviceConfiguration | |
lastModifiedDateTime | DateTimeOffset | DateTime the object was last modified. Inherited from deviceConfiguration | |
createdDateTime | DateTimeOffset | DateTime the object was created. Inherited from deviceConfiguration | |
description | String | Admin provided description of the Device Configuration. Inherited from deviceConfiguration | |
displayName | String | Admin provided name of the device configuration. Inherited from deviceConfiguration | |
version | Int32 | Version of the device configuration. Inherited from deviceConfiguration | |
payloadName | String | Name that is displayed to the user. | |
payloadFileName | String | Payload file name (*.mobileconfig | *.xml). |
payload | Binary | Payload. (UTF8 encoded byte array) |
macOSDeviceFeaturesConfiguration
Property | Type | Description |
---|---|---|
id | String | Key of the entity. Inherited from deviceConfiguration |
lastModifiedDateTime | DateTimeOffset | DateTime the object was last modified. Inherited from deviceConfiguration |
createdDateTime | DateTimeOffset | DateTime the object was created. Inherited from deviceConfiguration |
description | String | Admin provided description of the Device Configuration. Inherited from deviceConfiguration |
displayName | String | Admin provided name of the device configuration. Inherited from deviceConfiguration |
version | Int32 | Version of the device configuration. Inherited from deviceConfiguration |
macOSEndpointProtectionConfiguration
Property | Type | Description |
---|---|---|
id | String | Key of the entity. Inherited from deviceConfiguration |
lastModifiedDateTime | DateTimeOffset | DateTime the object was last modified. Inherited from deviceConfiguration |
roleScopeTagIds | String collection | List of Scope Tags for this Entity instance. Inherited from deviceConfiguration |
supportsScopeTags | Boolean | Indicates whether or not the underlying Device Configuration supports the assignment of scope tags. Assigning to the ScopeTags property is not allowed when this value is false and entities will not be visible to scoped users. This occurs for Legacy policies created in Silverlight and can be resolved by deleting and recreating the policy in the Azure Portal. This property is read-only. Inherited from deviceConfiguration |
deviceManagementApplicabilityRuleOsEdition | deviceManagementApplicabilityRuleOsEdition | The OS edition applicability for this Policy. Inherited from deviceConfiguration |
deviceManagementApplicabilityRuleOsVersion | deviceManagementApplicabilityRuleOsVersion | The OS version applicability rule for this Policy. Inherited from deviceConfiguration |
deviceManagementApplicabilityRuleDeviceMode | deviceManagementApplicabilityRuleDeviceMode | The device mode applicability rule for this Policy. Inherited from deviceConfiguration |
createdDateTime | DateTimeOffset | DateTime the object was created. Inherited from deviceConfiguration |
description | String | Admin provided description of the Device Configuration. Inherited from deviceConfiguration |
displayName | String | Admin provided name of the device configuration. Inherited from deviceConfiguration |
version | Int32 | Version of the device configuration. Inherited from deviceConfiguration |
gatekeeperAllowedAppSource | macOSGatekeeperAppSources | System and Privacy setting that determines which download locations apps can be run from on a macOS device. Possible values are: notConfigured , macAppStore , macAppStoreAndIdentifiedDevelopers , anywhere . |
gatekeeperBlockOverride | Boolean | If set to true, the user override for Gatekeeper will be disabled. |
firewallEnabled | Boolean | Whether the firewall should be enabled or not. |
firewallBlockAllIncoming | Boolean | Corresponds to the “Block all incoming connections” option. |
firewallEnableStealthMode | Boolean | Corresponds to “Enable stealth mode.” |
firewallApplications | macOSFirewallApplication collection | List of applications with firewall settings. Firewall settings for applications not on this list are determined by the user. This collection can contain a maximum of 500 elements. |
fileVaultEnabled | Boolean | Whether FileVault should be enabled or not. |
fileVaultSelectedRecoveryKeyTypes | macOSFileVaultRecoveryKeyTypes | Required if FileVault is enabled, determines the type(s) of recovery key to use. . Possible values are: notConfigured , institutionalRecoveryKey , personalRecoveryKey . |
fileVaultInstitutionalRecoveryKeyCertificate | Binary | Required if selected recovery key type(s) include InstitutionalRecoveryKey. The DER Encoded certificate file used to set an institutional recovery key. |
fileVaultInstitutionalRecoveryKeyCertificateFileName | String | File name of the institutional recovery key certificate to display in UI. (*.der). |
fileVaultPersonalRecoveryKeyHelpMessage | String | Required if selected recovery key type(s) include PersonalRecoveryKey. A short message displayed to the user that explains how they can retrieve their personal recovery key. |
fileVaultAllowDeferralUntilSignOut | Boolean | Optional. If set to true, the user can defer the enabling of FileVault until they sign out. |
fileVaultNumberOfTimesUserCanIgnore | Int32 | Optional. When using the Defer option, this is the maximum number of times the user can ignore prompts to enable FileVault before FileVault will be required for the user to sign in. If set to -1, it will always prompt to enable FileVault until FileVault is enabled, though it will allow the user to bypass enabling FileVault. Setting this to 0 will disable the feature. |
fileVaultDisablePromptAtSignOut | Boolean | Optional. When using the Defer option, if set to true, the user is not prompted to enable FileVault at sign-out. |
fileVaultPersonalRecoveryKeyRotationInMonths | Int32 | Optional. If selected recovery key type(s) include PersonalRecoveryKey, the frequency to rotate that key, in months. |
fileVaultHidePersonalRecoveryKey | Boolean | Optional. A hidden personal recovery key does not appear on the user's screen during FileVault encryption, reducing the risk of it ending up in the wrong hands. |
advancedThreatProtectionRealTime | enablement | Determines whether or not to enable real-time protection for Microsoft Defender Advanced Threat Protection on macOS. Possible values are: notConfigured , enabled , disabled . |
advancedThreatProtectionCloudDelivered | enablement | Determines whether or not to enable cloud-delivered protection for Microsoft Defender Advanced Threat Protection on macOS. Possible values are: notConfigured , enabled , disabled . |
advancedThreatProtectionAutomaticSampleSubmission | enablement | Determines whether or not to enable automatic file sample submission for Microsoft Defender Advanced Threat Protection on macOS. Possible values are: notConfigured , enabled , disabled . |
advancedThreatProtectionDiagnosticDataCollection | enablement | Determines whether or not to enable diagnostic and usage data collection for Microsoft Defender Advanced Threat Protection on macOS. Possible values are: notConfigured , enabled , disabled . |
advancedThreatProtectionExcludedFolders | String collection | A list of paths to folders to exclude from antivirus scanning for Microsoft Defender Advanced Threat Protection on macOS. |
advancedThreatProtectionExcludedFiles | String collection | A list of paths to files to exclude from antivirus scanning for Microsoft Defender Advanced Threat Protection on macOS. |
advancedThreatProtectionExcludedExtensions | String collection | A list of file extensions to exclude from antivirus scanning for Microsoft Defender Advanced Threat Protection on macOS. |
advancedThreatProtectionExcludedProcesses | String collection | A list of process names to exclude from antivirus scanning for Microsoft Defender Advanced Threat Protection on macOS. |
macOSEnterpriseWiFiConfiguration
Property | Type | Description |
---|---|---|
id | String | Key of the entity. Inherited from deviceConfiguration |
lastModifiedDateTime | DateTimeOffset | DateTime the object was last modified. Inherited from deviceConfiguration |
roleScopeTagIds | String collection | List of Scope Tags for this Entity instance. Inherited from deviceConfiguration |
supportsScopeTags | Boolean | Indicates whether or not the underlying Device Configuration supports the assignment of scope tags. Assigning to the ScopeTags property is not allowed when this value is false and entities will not be visible to scoped users. This occurs for Legacy policies created in Silverlight and can be resolved by deleting and recreating the policy in the Azure Portal. This property is read-only. Inherited from deviceConfiguration |
deviceManagementApplicabilityRuleOsEdition | deviceManagementApplicabilityRuleOsEdition | The OS edition applicability for this Policy. Inherited from deviceConfiguration |
deviceManagementApplicabilityRuleOsVersion | deviceManagementApplicabilityRuleOsVersion | The OS version applicability rule for this Policy. Inherited from deviceConfiguration |
deviceManagementApplicabilityRuleDeviceMode | deviceManagementApplicabilityRuleDeviceMode | The device mode applicability rule for this Policy. Inherited from deviceConfiguration |
createdDateTime | DateTimeOffset | DateTime the object was created. Inherited from deviceConfiguration |
description | String | Admin provided description of the Device Configuration. Inherited from deviceConfiguration |
displayName | String | Admin provided name of the device configuration. Inherited from deviceConfiguration |
version | Int32 | Version of the device configuration. Inherited from deviceConfiguration |
networkName | String | Network Name Inherited from macOSWiFiConfiguration |
ssid | String | This is the name of the Wi-Fi network that is broadcast to all devices. Inherited from macOSWiFiConfiguration |
connectAutomatically | Boolean | Connect automatically when this network is in range. Setting this to true will skip the user prompt and automatically connect the device to Wi-Fi network. Inherited from macOSWiFiConfiguration |
connectWhenNetworkNameIsHidden | Boolean | Connect when the network is not broadcasting its name (SSID). When set to true, this profile forces the device to connect to a network that doesn't broadcast its SSID to all devices. Inherited from macOSWiFiConfiguration |
wiFiSecurityType | wiFiSecurityType | Indicates whether Wi-Fi endpoint uses an EAP based security type. Inherited from macOSWiFiConfiguration. Possible values are: open , wpaPersonal , wpaEnterprise , wep , wpa2Personal , wpa2Enterprise . |
proxySettings | wiFiProxySetting | Proxy Type for this Wi-Fi connection Inherited from macOSWiFiConfiguration. Possible values are: none , manual , automatic . |
proxyManualAddress | String | IP Address or DNS hostname of the proxy server when manual configuration is selected. Inherited from macOSWiFiConfiguration |
proxyManualPort | Int32 | Port of the proxy server when manual configuration is selected. Inherited from macOSWiFiConfiguration |
proxyAutomaticConfigurationUrl | String | URL of the proxy server automatic configuration script when automatic configuration is selected. This URL is typically the location of PAC (Proxy Auto Configuration) file. Inherited from macOSWiFiConfiguration |
preSharedKey | String | This is the pre-shared key for WPA Personal Wi-Fi network. Inherited from macOSWiFiConfiguration |
eapType | eapType | Extensible Authentication Protocol (EAP). Indicates the type of EAP protocol set on the Wi-Fi endpoint (router). Possible values are: eapTls , leap , eapSim , eapTtls , peap , eapFast , teap . |
eapFastConfiguration | eapFastConfiguration | EAP-FAST Configuration Option when EAP-FAST is the selected EAP Type. Possible values are: noProtectedAccessCredential , useProtectedAccessCredential , useProtectedAccessCredentialAndProvision , useProtectedAccessCredentialAndProvisionAnonymously . |
trustedServerCertificateNames | String collection | Trusted server certificate names when EAP Type is configured to EAP-TLS/TTLS/FAST or PEAP. This is the common name used in the certificates issued by your trusted certificate authority (CA). If you provide this information, you can bypass the dynamic trust dialog that is displayed on end users devices when they connect to this Wi-Fi network. |
authenticationMethod | wiFiAuthenticationMethod | Authentication Method when EAP Type is configured to PEAP or EAP-TTLS. Possible values are: certificate , usernameAndPassword , derivedCredential . |
innerAuthenticationProtocolForEapTtls | nonEapAuthenticationMethodForEapTtlsType | Non-EAP Method for Authentication (Inner Identity) when EAP Type is EAP-TTLS and Authenticationmethod is Username and Password. Possible values are: unencryptedPassword , challengeHandshakeAuthenticationProtocol , microsoftChap , microsoftChapVersionTwo . |
outerIdentityPrivacyTemporaryValue | String | Enable identity privacy (Outer Identity) when EAP Type is configured to EAP-TTLS, EAP-FAST or PEAP. This property masks usernames with the text you enter. For example, if you use 'anonymous', each user that authenticates with this Wi-Fi connection using their real username is displayed as 'anonymous'. |
macOSExtensionsConfiguration
Property | Type | Description |
---|---|---|
id | String | Key of the entity. Inherited from deviceConfiguration |
lastModifiedDateTime | DateTimeOffset | DateTime the object was last modified. Inherited from deviceConfiguration |
roleScopeTagIds | String collection | List of Scope Tags for this Entity instance. Inherited from deviceConfiguration |
supportsScopeTags | Boolean | Indicates whether or not the underlying Device Configuration supports the assignment of scope tags. Assigning to the ScopeTags property is not allowed when this value is false and entities will not be visible to scoped users. This occurs for Legacy policies created in Silverlight and can be resolved by deleting and recreating the policy in the Azure Portal. This property is read-only. Inherited from deviceConfiguration |
deviceManagementApplicabilityRuleOsEdition | deviceManagementApplicabilityRuleOsEdition | The OS edition applicability for this Policy. Inherited from deviceConfiguration |
deviceManagementApplicabilityRuleOsVersion | deviceManagementApplicabilityRuleOsVersion | The OS version applicability rule for this Policy. Inherited from deviceConfiguration |
deviceManagementApplicabilityRuleDeviceMode | deviceManagementApplicabilityRuleDeviceMode | The device mode applicability rule for this Policy. Inherited from deviceConfiguration |
createdDateTime | DateTimeOffset | DateTime the object was created. Inherited from deviceConfiguration |
description | String | Admin provided description of the Device Configuration. Inherited from deviceConfiguration |
displayName | String | Admin provided name of the device configuration. Inherited from deviceConfiguration |
version | Int32 | Version of the device configuration. Inherited from deviceConfiguration |
kernelExtensionOverridesAllowed | Boolean | If set to true, users can approve additional kernel extensions not explicitly allowed by configurations profiles. |
kernelExtensionAllowedTeamIdentifiers | String collection | All kernel extensions validly signed by the team identifiers in this list will be allowed to load. |
kernelExtensionsAllowed | macOSKernelExtension collection | A list of kernel extensions that will be allowed to load. . This collection can contain a maximum of 500 elements. |
systemExtensionsBlockOverride | Boolean | Gets or sets whether to allow the user to approve additional system extensions not explicitly allowed by configuration profiles. |
systemExtensionsAllowedTeamIdentifiers | String collection | Gets or sets a list of allowed team identifiers. Any system extension signed with any of the specified team identifiers will be approved. |
systemExtensionsAllowed | macOSSystemExtension collection | Gets or sets a list of allowed macOS system extensions. This collection can contain a maximum of 500 elements. |
systemExtensionsAllowedTypes | macOSSystemExtensionTypeMapping collection | Gets or sets a list of allowed macOS system extension types. This collection can contain a maximum of 500 elements. |
macOSGeneralDeviceConfiguration
Property | Type | Description |
---|---|---|
id | String | Key of the entity. Inherited from deviceConfiguration |
lastModifiedDateTime | DateTimeOffset | DateTime the object was last modified. Inherited from deviceConfiguration |
createdDateTime | DateTimeOffset | DateTime the object was created. Inherited from deviceConfiguration |
description | String | Admin provided description of the Device Configuration. Inherited from deviceConfiguration |
displayName | String | Admin provided name of the device configuration. Inherited from deviceConfiguration |
version | Int32 | Version of the device configuration. Inherited from deviceConfiguration |
compliantAppsList | appListItem collection | List of apps in the compliance (either allow list or block list, controlled by CompliantAppListType). This collection can contain a maximum of 10000 elements. |
compliantAppListType | appListType | List that is in the CompliantAppsList. Possible values are: none , appsInListCompliant , appsNotInListCompliant . |
emailInDomainSuffixes | String collection | An email address lacking a suffix that matches any of these strings will be considered out-of-domain. |
passwordBlockSimple | Boolean | Block simple passwords. |
passwordExpirationDays | Int32 | Number of days before the password expires. |
passwordMinimumCharacterSetCount | Int32 | Number of character sets a password must contain. Valid values 0 to 4 |
passwordMinimumLength | Int32 | Minimum length of passwords. |
passwordMinutesOfInactivityBeforeLock | Int32 | Minutes of inactivity required before a password is required. |
passwordMinutesOfInactivityBeforeScreenTimeout | Int32 | Minutes of inactivity required before the screen times out. |
passwordPreviousPasswordBlockCount | Int32 | Number of previous passwords to block. |
passwordRequiredType | requiredPasswordType | Type of password that is required. Possible values are: deviceDefault , alphanumeric , numeric . |
passwordRequired | Boolean | Whether or not to require a password. |
macOSImportedPFXCertificateProfile
Property | Type | Description |
---|---|---|
id | String | Key of the entity. Inherited from deviceConfiguration |
lastModifiedDateTime | DateTimeOffset | DateTime the object was last modified. Inherited from deviceConfiguration |
roleScopeTagIds | String collection | List of Scope Tags for this Entity instance. Inherited from deviceConfiguration |
supportsScopeTags | Boolean | Indicates whether or not the underlying Device Configuration supports the assignment of scope tags. Assigning to the ScopeTags property is not allowed when this value is false and entities will not be visible to scoped users. This occurs for Legacy policies created in Silverlight and can be resolved by deleting and recreating the policy in the Azure Portal. This property is read-only. Inherited from deviceConfiguration |
deviceManagementApplicabilityRuleOsEdition | deviceManagementApplicabilityRuleOsEdition | The OS edition applicability for this Policy. Inherited from deviceConfiguration |
deviceManagementApplicabilityRuleOsVersion | deviceManagementApplicabilityRuleOsVersion | The OS version applicability rule for this Policy. Inherited from deviceConfiguration |
deviceManagementApplicabilityRuleDeviceMode | deviceManagementApplicabilityRuleDeviceMode | The device mode applicability rule for this Policy. Inherited from deviceConfiguration |
createdDateTime | DateTimeOffset | DateTime the object was created. Inherited from deviceConfiguration |
description | String | Admin provided description of the Device Configuration. Inherited from deviceConfiguration |
displayName | String | Admin provided name of the device configuration. Inherited from deviceConfiguration |
version | Int32 | Version of the device configuration. Inherited from deviceConfiguration |
renewalThresholdPercentage | Int32 | Certificate renewal threshold percentage. Inherited from macOSCertificateProfileBase |
subjectNameFormat | appleSubjectNameFormat | Certificate Subject Name Format. Inherited from macOSCertificateProfileBase. Possible values are: commonName , commonNameAsEmail , custom , commonNameIncludingEmail , commonNameAsIMEI , commonNameAsSerialNumber . |
subjectAlternativeNameType | subjectAlternativeNameType | Certificate Subject Alternative Name Type. Inherited from macOSCertificateProfileBase. Possible values are: none , emailAddress , userPrincipalName , customAzureADAttribute , domainNameService , universalResourceIdentifier . |
certificateValidityPeriodValue | Int32 | Value for the Certificate Validity Period. Inherited from macOSCertificateProfileBase |
certificateValidityPeriodScale | certificateValidityPeriodScale | Scale for the Certificate Validity Period. Inherited from macOSCertificateProfileBase. Possible values are: days , months , years . |
intendedPurpose | intendedPurpose | Intended Purpose of the Certificate Profile - which could be Unassigned, SmimeEncryption, SmimeSigning etc. Possible values are: unassigned , smimeEncryption , smimeSigning , vpn , wifi . |
macOSPkcsCertificateProfile
Property | Type | Description |
---|---|---|
id | String | Key of the entity. Inherited from deviceConfiguration |
lastModifiedDateTime | DateTimeOffset | DateTime the object was last modified. Inherited from deviceConfiguration |
roleScopeTagIds | String collection | List of Scope Tags for this Entity instance. Inherited from deviceConfiguration |
supportsScopeTags | Boolean | Indicates whether or not the underlying Device Configuration supports the assignment of scope tags. Assigning to the ScopeTags property is not allowed when this value is false and entities will not be visible to scoped users. This occurs for Legacy policies created in Silverlight and can be resolved by deleting and recreating the policy in the Azure Portal. This property is read-only. Inherited from deviceConfiguration |
deviceManagementApplicabilityRuleOsEdition | deviceManagementApplicabilityRuleOsEdition | The OS edition applicability for this Policy. Inherited from deviceConfiguration |
deviceManagementApplicabilityRuleOsVersion | deviceManagementApplicabilityRuleOsVersion | The OS version applicability rule for this Policy. Inherited from deviceConfiguration |
deviceManagementApplicabilityRuleDeviceMode | deviceManagementApplicabilityRuleDeviceMode | The device mode applicability rule for this Policy. Inherited from deviceConfiguration |
createdDateTime | DateTimeOffset | DateTime the object was created. Inherited from deviceConfiguration |
description | String | Admin provided description of the Device Configuration. Inherited from deviceConfiguration |
displayName | String | Admin provided name of the device configuration. Inherited from deviceConfiguration |
version | Int32 | Version of the device configuration. Inherited from deviceConfiguration |
renewalThresholdPercentage | Int32 | Certificate renewal threshold percentage. Inherited from macOSCertificateProfileBase |
subjectNameFormat | appleSubjectNameFormat | Certificate Subject Name Format. Inherited from macOSCertificateProfileBase. Possible values are: commonName , commonNameAsEmail , custom , commonNameIncludingEmail , commonNameAsIMEI , commonNameAsSerialNumber . |
subjectAlternativeNameType | subjectAlternativeNameType | Certificate Subject Alternative Name Type. Inherited from macOSCertificateProfileBase. Possible values are: none , emailAddress , userPrincipalName , customAzureADAttribute , domainNameService , universalResourceIdentifier . |
certificateValidityPeriodValue | Int32 | Value for the Certificate Validity Period. Inherited from macOSCertificateProfileBase |
certificateValidityPeriodScale | certificateValidityPeriodScale | Scale for the Certificate Validity Period. Inherited from macOSCertificateProfileBase. Possible values are: days , months , years . |
certificationAuthority | String | PKCS certification authority FQDN. |
certificationAuthorityName | String | PKCS certification authority Name. |
certificateTemplateName | String | PKCS certificate template name. |
subjectAlternativeNameFormatString | String | Format string that defines the subject alternative name. |
subjectNameFormatString | String | Format string that defines the subject name. Example: CN={{EmailAddress}},E={{EmailAddress}},OU=Enterprise Users,O=Contoso Corporation,L=Redmond,ST=WA,C=US |
certificateStore | certificateStore | Target store certificate. Possible values are: user , machine . |
customSubjectAlternativeNames | customSubjectAlternativeName collection | Custom Subject Alternative Name Settings. This collection can contain a maximum of 500 elements. |
allowAllAppsAccess | Boolean | AllowAllAppsAccess setting |
macOSScepCertificateProfile
Property | Type | Description |
---|---|---|
id | String | Key of the entity. Inherited from deviceConfiguration |
lastModifiedDateTime | DateTimeOffset | DateTime the object was last modified. Inherited from deviceConfiguration |
roleScopeTagIds | String collection | List of Scope Tags for this Entity instance. Inherited from deviceConfiguration |
supportsScopeTags | Boolean | Indicates whether or not the underlying Device Configuration supports the assignment of scope tags. Assigning to the ScopeTags property is not allowed when this value is false and entities will not be visible to scoped users. This occurs for Legacy policies created in Silverlight and can be resolved by deleting and recreating the policy in the Azure Portal. This property is read-only. Inherited from deviceConfiguration |
deviceManagementApplicabilityRuleOsEdition | deviceManagementApplicabilityRuleOsEdition | The OS edition applicability for this Policy. Inherited from deviceConfiguration |
deviceManagementApplicabilityRuleOsVersion | deviceManagementApplicabilityRuleOsVersion | The OS version applicability rule for this Policy. Inherited from deviceConfiguration |
deviceManagementApplicabilityRuleDeviceMode | deviceManagementApplicabilityRuleDeviceMode | The device mode applicability rule for this Policy. Inherited from deviceConfiguration |
createdDateTime | DateTimeOffset | DateTime the object was created. Inherited from deviceConfiguration |
description | String | Admin provided description of the Device Configuration. Inherited from deviceConfiguration |
displayName | String | Admin provided name of the device configuration. Inherited from deviceConfiguration |
version | Int32 | Version of the device configuration. Inherited from deviceConfiguration |
renewalThresholdPercentage | Int32 | Certificate renewal threshold percentage. Inherited from macOSCertificateProfileBase |
subjectNameFormat | appleSubjectNameFormat | Certificate Subject Name Format. Inherited from macOSCertificateProfileBase. Possible values are: commonName , commonNameAsEmail , custom , commonNameIncludingEmail , commonNameAsIMEI , commonNameAsSerialNumber . |
subjectAlternativeNameType | subjectAlternativeNameType | Certificate Subject Alternative Name Type. Inherited from macOSCertificateProfileBase. Possible values are: none , emailAddress , userPrincipalName , customAzureADAttribute , domainNameService , universalResourceIdentifier . |
certificateValidityPeriodValue | Int32 | Value for the Certificate Validity Period. Inherited from macOSCertificateProfileBase |
certificateValidityPeriodScale | certificateValidityPeriodScale | Scale for the Certificate Validity Period. Inherited from macOSCertificateProfileBase. Possible values are: days , months , years . |
scepServerUrls | String collection | SCEP Server Url(s). |
subjectNameFormatString | String | Custom format to use with SubjectNameFormat = Custom. Example: CN={{EmailAddress}},E={{EmailAddress}},OU=Enterprise Users,O=Contoso Corporation,L=Redmond,ST=WA,C=US |
keyUsage | keyUsages | SCEP Key Usage. Possible values are: keyEncipherment , digitalSignature . |
keySize | keySize | SCEP Key Size. Possible values are: size1024 , size2048 , size4096 . |
hashAlgorithm | hashAlgorithms | SCEP Hash Algorithm. Possible values are: sha1 , sha2 . |
extendedKeyUsages | extendedKeyUsage collection | Extended Key Usage (EKU) settings. This collection can contain a maximum of 500 elements. |
subjectAlternativeNameFormatString | String | Custom String that defines the AAD Attribute. |
certificateStore | certificateStore | Target store certificate. Possible values are: user , machine . |
customSubjectAlternativeNames | customSubjectAlternativeName collection | Custom Subject Alternative Name Settings. This collection can contain a maximum of 500 elements. |
allowAllAppsAccess | Boolean | AllowAllAppsAccess setting |
macOSSoftwareUpdateAccountSummary
Property | Type | Description |
---|---|---|
id | String | Key of the entity. |
displayName | String | The name of the report |
deviceId | String | The device ID. |
userId | String | The user ID. |
deviceName | String | The device name. |
userPrincipalName | String | The user principal name |
osVersion | String | The OS version. |
successfulUpdateCount | Int32 | Number of successful updates on the device. |
failedUpdateCount | Int32 | Number of failed updates on the device. |
totalUpdateCount | Int32 | Number of total updates on the device. |
lastUpdatedDateTime | DateTimeOffset | Last date time the report for this device was updated. |
macOSSoftwareUpdateCategorySummary
Property | Type | Description |
---|---|---|
id | String | Key of the entity. |
displayName | String | The name of the report |
deviceId | String | The device ID. |
userId | String | The user ID. |
updateCategory | macOSSoftwareUpdateCategory | Software update type. Possible values are: critical , configurationDataFile , firmware , other . |
successfulUpdateCount | Int32 | Number of successful updates on the device |
failedUpdateCount | Int32 | Number of failed updates on the device |
totalUpdateCount | Int32 | Number of total updates on the device |
lastUpdatedDateTime | DateTimeOffset | Last date time the report for this device was updated. |
macOSSoftwareUpdateConfiguration
Property | Type | Description |
---|---|---|
id | String | Key of the entity. Inherited from deviceConfiguration |
lastModifiedDateTime | DateTimeOffset | DateTime the object was last modified. Inherited from deviceConfiguration |
roleScopeTagIds | String collection | List of Scope Tags for this Entity instance. Inherited from deviceConfiguration |
supportsScopeTags | Boolean | Indicates whether or not the underlying Device Configuration supports the assignment of scope tags. Assigning to the ScopeTags property is not allowed when this value is false and entities will not be visible to scoped users. This occurs for Legacy policies created in Silverlight and can be resolved by deleting and recreating the policy in the Azure Portal. This property is read-only. Inherited from deviceConfiguration |
deviceManagementApplicabilityRuleOsEdition | deviceManagementApplicabilityRuleOsEdition | The OS edition applicability for this Policy. Inherited from deviceConfiguration |
deviceManagementApplicabilityRuleOsVersion | deviceManagementApplicabilityRuleOsVersion | The OS version applicability rule for this Policy. Inherited from deviceConfiguration |
deviceManagementApplicabilityRuleDeviceMode | deviceManagementApplicabilityRuleDeviceMode | The device mode applicability rule for this Policy. Inherited from deviceConfiguration |
createdDateTime | DateTimeOffset | DateTime the object was created. Inherited from deviceConfiguration |
description | String | Admin provided description of the Device Configuration. Inherited from deviceConfiguration |
displayName | String | Admin provided name of the device configuration. Inherited from deviceConfiguration |
version | Int32 | Version of the device configuration. Inherited from deviceConfiguration |
criticalUpdateBehavior | macOSSoftwareUpdateBehavior | Update behavior for critical updates. Possible values are: notConfigured , default , downloadOnly , installASAP , notifyOnly , installLater . |
configDataUpdateBehavior | macOSSoftwareUpdateBehavior | Update behavior for configuration data file updates. Possible values are: notConfigured , default , downloadOnly , installASAP , notifyOnly , installLater . |
firmwareUpdateBehavior | macOSSoftwareUpdateBehavior | Update behavior for firmware updates. Possible values are: notConfigured , default , downloadOnly , installASAP , notifyOnly , installLater . |
allOtherUpdateBehavior | macOSSoftwareUpdateBehavior | Update behavior for all other updates. Possible values are: notConfigured , default , downloadOnly , installASAP , notifyOnly , installLater . |
updateScheduleType | macOSSoftwareUpdateScheduleType | Update schedule type. Possible values are: alwaysUpdate , updateDuringTimeWindows , updateOutsideOfTimeWindows . |
customUpdateTimeWindows | customUpdateTimeWindow collection | Custom Time windows when updates will be allowed or blocked. This collection can contain a maximum of 20 elements. |
updateTimeWindowUtcOffsetInMinutes | Int32 | Minutes indicating UTC offset for each update time window |
maxUserDeferralsCount | Int32 | The maximum number of times the system allows the user to postpone an update before it’s installed. Supported values: 0 - 366. Valid values 0 to 365 |
priority | macOSPriority | The scheduling priority for downloading and preparing the requested update. Default: Low. Possible values: Null, Low, High. Possible values are: low , high , unknownFutureValue . |
macOSSoftwareUpdateStateSummary
Property | Type | Description |
---|---|---|
id | String | Key of the entity. |
displayName | String | Human readable name of the software update |
productKey | String | Product key of the software update. |
updateCategory | macOSSoftwareUpdateCategory | Software update category. Possible values are: critical , configurationDataFile , firmware , other . |
updateVersion | String | Version of the software update |
state | macOSSoftwareUpdateState | State of the software update. Possible values are: success , downloading , downloaded , installing , idle , available , scheduled , downloadFailed , downloadInsufficientSpace , downloadInsufficientPower , downloadInsufficientNetwork , installInsufficientSpace , installInsufficientPower , installFailed , commandFailed . |
lastUpdatedDateTime | DateTimeOffset | Last date time the report for this device and product key was updated. |
macOSTrustedRootCertificate
Property | Type | Description |
---|---|---|
id | String | Key of the entity. Inherited from deviceConfiguration |
lastModifiedDateTime | DateTimeOffset | DateTime the object was last modified. Inherited from deviceConfiguration |
roleScopeTagIds | String collection | List of Scope Tags for this Entity instance. Inherited from deviceConfiguration |
supportsScopeTags | Boolean | Indicates whether or not the underlying Device Configuration supports the assignment of scope tags. Assigning to the ScopeTags property is not allowed when this value is false and entities will not be visible to scoped users. This occurs for Legacy policies created in Silverlight and can be resolved by deleting and recreating the policy in the Azure Portal. This property is read-only. Inherited from deviceConfiguration |
deviceManagementApplicabilityRuleOsEdition | deviceManagementApplicabilityRuleOsEdition | The OS edition applicability for this Policy. Inherited from deviceConfiguration |
deviceManagementApplicabilityRuleOsVersion | deviceManagementApplicabilityRuleOsVersion | The OS version applicability rule for this Policy. Inherited from deviceConfiguration |
deviceManagementApplicabilityRuleDeviceMode | deviceManagementApplicabilityRuleDeviceMode | The device mode applicability rule for this Policy. Inherited from deviceConfiguration |
createdDateTime | DateTimeOffset | DateTime the object was created. Inherited from deviceConfiguration |
description | String | Admin provided description of the Device Configuration. Inherited from deviceConfiguration |
displayName | String | Admin provided name of the device configuration. Inherited from deviceConfiguration |
version | Int32 | Version of the device configuration. Inherited from deviceConfiguration |
trustedRootCertificate | Binary | Trusted Root Certificate. |
certFileName | String | File name to display in UI. |
macOSVpnConfiguration
Property | Type | Description |
---|---|---|
id | String | Key of the entity. Inherited from deviceConfiguration |
lastModifiedDateTime | DateTimeOffset | DateTime the object was last modified. Inherited from deviceConfiguration |
roleScopeTagIds | String collection | List of Scope Tags for this Entity instance. Inherited from deviceConfiguration |
supportsScopeTags | Boolean | Indicates whether or not the underlying Device Configuration supports the assignment of scope tags. Assigning to the ScopeTags property is not allowed when this value is false and entities will not be visible to scoped users. This occurs for Legacy policies created in Silverlight and can be resolved by deleting and recreating the policy in the Azure Portal. This property is read-only. Inherited from deviceConfiguration |
deviceManagementApplicabilityRuleOsEdition | deviceManagementApplicabilityRuleOsEdition | The OS edition applicability for this Policy. Inherited from deviceConfiguration |
deviceManagementApplicabilityRuleOsVersion | deviceManagementApplicabilityRuleOsVersion | The OS version applicability rule for this Policy. Inherited from deviceConfiguration |
deviceManagementApplicabilityRuleDeviceMode | deviceManagementApplicabilityRuleDeviceMode | The device mode applicability rule for this Policy. Inherited from deviceConfiguration |
createdDateTime | DateTimeOffset | DateTime the object was created. Inherited from deviceConfiguration |
description | String | Admin provided description of the Device Configuration. Inherited from deviceConfiguration |
displayName | String | Admin provided name of the device configuration. Inherited from deviceConfiguration |
version | Int32 | Version of the device configuration. Inherited from deviceConfiguration |
connectionName | String | Connection name displayed to the user. Inherited from appleVpnConfiguration |
connectionType | appleVpnConnectionType | Connection type. Inherited from appleVpnConfiguration. Possible values are: ciscoAnyConnect , pulseSecure , f5EdgeClient , dellSonicWallMobileConnect , checkPointCapsuleVpn , customVpn , ciscoIPSec , citrix , ciscoAnyConnectV2 , paloAltoGlobalProtect , zscalerPrivateAccess , f5Access2018 , citrixSso , paloAltoGlobalProtectV2 , ikEv2 , alwaysOn , microsoftTunnel , netMotionMobility , microsoftProtect . |
loginGroupOrDomain | String | Login group or domain when connection type is set to Dell SonicWALL Mobile Connection. Inherited from appleVpnConfiguration |
role | String | Role when connection type is set to Pulse Secure. Inherited from appleVpnConfiguration |
realm | String | Realm when connection type is set to Pulse Secure. Inherited from appleVpnConfiguration |
server | vpnServer | VPN Server on the network. Make sure end users can access this network location. Inherited from appleVpnConfiguration |
identifier | String | Identifier provided by VPN vendor when connection type is set to Custom VPN. For example: Cisco AnyConnect uses an identifier of the form com.cisco.anyconnect.applevpn.plugin Inherited from appleVpnConfiguration |
customData | keyValue collection | Custom data when connection type is set to Custom VPN. Use this field to enable functionality not supported by Intune, but available in your VPN solution. Contact your VPN vendor to learn how to add these key/value pairs. This collection can contain a maximum of 25 elements. Inherited from appleVpnConfiguration |
customKeyValueData | keyValuePair collection | Custom data when connection type is set to Custom VPN. Use this field to enable functionality not supported by Intune, but available in your VPN solution. Contact your VPN vendor to learn how to add these key/value pairs. This collection can contain a maximum of 25 elements. Inherited from appleVpnConfiguration |
enableSplitTunneling | Boolean | Send all network traffic through VPN. Inherited from appleVpnConfiguration |
authenticationMethod | vpnAuthenticationMethod | Authentication method for this VPN connection. Inherited from appleVpnConfiguration. Possible values are: certificate , usernameAndPassword , sharedSecret , derivedCredential , azureAD . |
enablePerApp | Boolean | Setting this to true creates Per-App VPN payload which can later be associated with Apps that can trigger this VPN conneciton on the end user's iOS device. Inherited from appleVpnConfiguration |
safariDomains | String collection | Safari domains when this VPN per App setting is enabled. In addition to the apps associated with this VPN, Safari domains specified here will also be able to trigger this VPN connection. Inherited from appleVpnConfiguration |
onDemandRules | vpnOnDemandRule collection | On-Demand Rules. This collection can contain a maximum of 500 elements. Inherited from appleVpnConfiguration |
providerType | vpnProviderType | Provider type for per-app VPN. Inherited from appleVpnConfiguration. Possible values are: notConfigured , appProxy , packetTunnel . |
associatedDomains | String collection | Associated Domains Inherited from appleVpnConfiguration |
excludedDomains | String collection | Domains that are accessed through the public internet instead of through VPN, even when per-app VPN is activated Inherited from appleVpnConfiguration |
disableOnDemandUserOverride | Boolean | Toggle to prevent user from disabling automatic VPN in the Settings app Inherited from appleVpnConfiguration |
disconnectOnIdle | Boolean | Whether to disconnect after on-demand connection idles Inherited from appleVpnConfiguration |
disconnectOnIdleTimerInSeconds | Int32 | The length of time in seconds to wait before disconnecting an on-demand connection. Valid values 0 to 65535 Inherited from appleVpnConfiguration |
proxyServer | vpnProxyServer | Proxy Server. Inherited from appleVpnConfiguration |
optInToDeviceIdSharing | Boolean | Opt-In to sharing the device's Id to third-party vpn clients for use during network access control validation. Inherited from appleVpnConfiguration |
macOSWiFiConfiguration
Property | Type | Description |
---|---|---|
id | String | Key of the entity. Inherited from deviceConfiguration |
lastModifiedDateTime | DateTimeOffset | DateTime the object was last modified. Inherited from deviceConfiguration |
roleScopeTagIds | String collection | List of Scope Tags for this Entity instance. Inherited from deviceConfiguration |
supportsScopeTags | Boolean | Indicates whether or not the underlying Device Configuration supports the assignment of scope tags. Assigning to the ScopeTags property is not allowed when this value is false and entities will not be visible to scoped users. This occurs for Legacy policies created in Silverlight and can be resolved by deleting and recreating the policy in the Azure Portal. This property is read-only. Inherited from deviceConfiguration |
deviceManagementApplicabilityRuleOsEdition | deviceManagementApplicabilityRuleOsEdition | The OS edition applicability for this Policy. Inherited from deviceConfiguration |
deviceManagementApplicabilityRuleOsVersion | deviceManagementApplicabilityRuleOsVersion | The OS version applicability rule for this Policy. Inherited from deviceConfiguration |
deviceManagementApplicabilityRuleDeviceMode | deviceManagementApplicabilityRuleDeviceMode | The device mode applicability rule for this Policy. Inherited from deviceConfiguration |
createdDateTime | DateTimeOffset | DateTime the object was created. Inherited from deviceConfiguration |
description | String | Admin provided description of the Device Configuration. Inherited from deviceConfiguration |
displayName | String | Admin provided name of the device configuration. Inherited from deviceConfiguration |
version | Int32 | Version of the device configuration. Inherited from deviceConfiguration |
networkName | String | Network Name |
ssid | String | This is the name of the Wi-Fi network that is broadcast to all devices. |
connectAutomatically | Boolean | Connect automatically when this network is in range. Setting this to true will skip the user prompt and automatically connect the device to Wi-Fi network. |
connectWhenNetworkNameIsHidden | Boolean | Connect when the network is not broadcasting its name (SSID). When set to true, this profile forces the device to connect to a network that doesn't broadcast its SSID to all devices. |
wiFiSecurityType | wiFiSecurityType | Indicates whether Wi-Fi endpoint uses an EAP based security type. Possible values are: open , wpaPersonal , wpaEnterprise , wep , wpa2Personal , wpa2Enterprise . |
proxySettings | wiFiProxySetting | Proxy Type for this Wi-Fi connection. Possible values are: none , manual , automatic . |
proxyManualAddress | String | IP Address or DNS hostname of the proxy server when manual configuration is selected. |
proxyManualPort | Int32 | Port of the proxy server when manual configuration is selected. |
proxyAutomaticConfigurationUrl | String | URL of the proxy server automatic configuration script when automatic configuration is selected. This URL is typically the location of PAC (Proxy Auto Configuration) file. |
preSharedKey | String | This is the pre-shared key for WPA Personal Wi-Fi network. |
macOSWiredNetworkConfiguration
Property | Type | Description |
---|---|---|
id | String | Key of the entity. Inherited from deviceConfiguration |
lastModifiedDateTime | DateTimeOffset | DateTime the object was last modified. Inherited from deviceConfiguration |
roleScopeTagIds | String collection | List of Scope Tags for this Entity instance. Inherited from deviceConfiguration |
supportsScopeTags | Boolean | Indicates whether or not the underlying Device Configuration supports the assignment of scope tags. Assigning to the ScopeTags property is not allowed when this value is false and entities will not be visible to scoped users. This occurs for Legacy policies created in Silverlight and can be resolved by deleting and recreating the policy in the Azure Portal. This property is read-only. Inherited from deviceConfiguration |
deviceManagementApplicabilityRuleOsEdition | deviceManagementApplicabilityRuleOsEdition | The OS edition applicability for this Policy. Inherited from deviceConfiguration |
deviceManagementApplicabilityRuleOsVersion | deviceManagementApplicabilityRuleOsVersion | The OS version applicability rule for this Policy. Inherited from deviceConfiguration |
deviceManagementApplicabilityRuleDeviceMode | deviceManagementApplicabilityRuleDeviceMode | The device mode applicability rule for this Policy. Inherited from deviceConfiguration |
createdDateTime | DateTimeOffset | DateTime the object was created. Inherited from deviceConfiguration |
description | String | Admin provided description of the Device Configuration. Inherited from deviceConfiguration |
displayName | String | Admin provided name of the device configuration. Inherited from deviceConfiguration |
version | Int32 | Version of the device configuration. Inherited from deviceConfiguration |
networkName | String | Network Name |
networkInterface | wiredNetworkInterface | Network interface. Possible values are: anyEthernet , firstActiveEthernet , secondActiveEthernet , thirdActiveEthernet , firstEthernet , secondEthernet , thirdEthernet . |
eapType | eapType | Extensible Authentication Protocol (EAP). Indicates the type of EAP protocol set on the wired network. Possible values are: eapTls , leap , eapSim , eapTtls , peap , eapFast , teap . |
eapFastConfiguration | eapFastConfiguration | EAP-FAST Configuration Option when EAP-FAST is the selected EAP Type. Possible values are: noProtectedAccessCredential , useProtectedAccessCredential , useProtectedAccessCredentialAndProvision , useProtectedAccessCredentialAndProvisionAnonymously . |
trustedServerCertificateNames | String collection | Trusted server certificate names when EAP Type is configured to EAP-TLS/TTLS/FAST or PEAP. This is the common name used in the certificates issued by your trusted certificate authority (CA). If you provide this information, you can bypass the dynamic trust dialog that is displayed on end users devices when they connect to this wired network. |
authenticationMethod | wiFiAuthenticationMethod | Authentication Method when EAP Type is configured to PEAP or EAP-TTLS. Possible values are: certificate , usernameAndPassword , derivedCredential . |
nonEapAuthenticationMethodForEapTtls | nonEapAuthenticationMethodForEapTtlsType | Non-EAP Method for Authentication (Inner Identity) when EAP Type is EAP-TTLS and Authenticationmethod is Username and Password. Possible values are: unencryptedPassword , challengeHandshakeAuthenticationProtocol , microsoftChap , microsoftChapVersionTwo . |
enableOuterIdentityPrivacy | String | Enable identity privacy (Outer Identity) when EAP Type is configured to EAP-TTLS, EAP-FAST or PEAP. This property masks usernames with the text you enter. For example, if you use 'anonymous', each user that authenticates with this wired network using their real username is displayed as 'anonymous'. |
managedAllDeviceCertificateState
Property | Type | Description |
---|---|---|
id | String | Key of the entity. |
certificateRevokeStatus | certificateRevocationStatus | Revoke status. Possible values are: none , pending , issued , failed , revoked . |
certificateRevokeStatusLastChangeDateTime | DateTimeOffset | The time the revoke status was last changed |
managedDeviceDisplayName | String | Device display name |
userPrincipalName | String | User principal name |
certificateExpirationDateTime | DateTimeOffset | Certificate expiry date |
certificateIssuerName | String | Issuer |
certificateThumbprint | String | Thumbprint |
certificateSerialNumber | String | Serial number |
certificateSubjectName | String | Certificate subject name |
certificateKeyUsages | Int32 | Key Usage |
certificateExtendedKeyUsages | String | Enhanced Key Usage |
certificateIssuanceDateTime | DateTimeOffset | Issuance date |
managedDeviceCertificateState
Property | Type | Description |
---|---|---|
id | String | Key of the entity. |
devicePlatform | devicePlatformType | Device platform. Possible values are: android , androidForWork , iOS , macOS , windowsPhone81 , windows81AndLater , windows10AndLater , androidWorkProfile , unknown , androidAOSP , androidMobileApplicationManagement , iOSMobileApplicationManagement , unknownFutureValue . |
certificateKeyUsage | keyUsages | Key usage. Possible values are: keyEncipherment , digitalSignature . |
certificateValidityPeriodUnits | certificateValidityPeriodScale | Validity period units. Possible values are: days , months , years . |
certificateIssuanceState | certificateIssuanceStates | Issuance State. Possible values are: unknown , challengeIssued , challengeIssueFailed , requestCreationFailed , requestSubmitFailed , challengeValidationSucceeded , challengeValidationFailed , issueFailed , issuePending , issued , responseProcessingFailed , responsePending , enrollmentSucceeded , enrollmentNotNeeded , revoked , removedFromCollection , renewVerified , installFailed , installed , deleteFailed , deleted , renewalRequested , requested . |
certificateKeyStorageProvider | keyStorageProviderOption | Key Storage Provider. Possible values are: useTpmKspOtherwiseUseSoftwareKsp , useTpmKspOtherwiseFail , usePassportForWorkKspOtherwiseFail , useSoftwareKsp . |
certificateSubjectNameFormat | subjectNameFormat | Subject name format. Possible values are: commonName , commonNameIncludingEmail , commonNameAsEmail , custom , commonNameAsIMEI , commonNameAsSerialNumber , commonNameAsAadDeviceId , commonNameAsIntuneDeviceId , commonNameAsDurableDeviceId . |
certificateSubjectAlternativeNameFormat | subjectAlternativeNameType | Subject alternative name format. Possible values are: none , emailAddress , userPrincipalName , customAzureADAttribute , domainNameService , universalResourceIdentifier . |
certificateRevokeStatus | certificateRevocationStatus | Revoke status. Possible values are: none , pending , issued , failed , revoked . |
certificateProfileDisplayName | String | Certificate profile display name |
deviceDisplayName | String | Device display name |
userDisplayName | String | User display name |
certificateExpirationDateTime | DateTimeOffset | Certificate expiry date |
certificateLastIssuanceStateChangedDateTime | DateTimeOffset | Last certificate issuance state change |
lastCertificateStateChangeDateTime | DateTimeOffset | Last certificate issuance state change |
certificateIssuer | String | Issuer |
certificateThumbprint | String | Thumbprint |
certificateSerialNumber | String | Serial number |
certificateKeyLength | Int32 | Key length |
certificateEnhancedKeyUsage | String | Extended key usage |
certificateValidityPeriod | Int32 | Validity period |
certificateSubjectNameFormatString | String | Subject name format string for custom subject name formats |
certificateSubjectAlternativeNameFormatString | String | Subject alternative name format string for custom formats |
certificateIssuanceDateTime | DateTimeOffset | Issuance date |
certificateErrorCode | Int32 | Error code |
managedDeviceEncryptionState
Property | Type | Description |
---|---|---|
id | String | Key of the entity. |
userPrincipalName | String | User name |
deviceType | deviceTypes | Platform of the device. Possible values are: desktop , windowsRT , winMO6 , nokia , windowsPhone , mac , winCE , winEmbedded , iPhone , iPad , iPod , android , iSocConsumer , unix , macMDM , holoLens , surfaceHub , androidForWork , androidEnterprise , blackberry , palm , unknown . |
osVersion | String | Operating system version of the device |
tpmSpecificationVersion | String | Device TPM Version |
deviceName | String | Device name |
encryptionReadinessState | encryptionReadinessState | Encryption readiness state. Possible values are: notReady , ready . |
encryptionState | encryptionState | Device encryption state. Possible values are: notEncrypted , encrypted . |
encryptionPolicySettingState | complianceStatus | Encryption policy setting state. Possible values are: unknown , notApplicable , compliant , remediated , nonCompliant , error , conflict , notAssigned . |
advancedBitLockerStates | advancedBitLockerState | Advanced BitLocker State. Possible values are: success , noUserConsent , osVolumeUnprotected , osVolumeTpmRequired , osVolumeTpmOnlyRequired , osVolumeTpmPinRequired , osVolumeTpmStartupKeyRequired , osVolumeTpmPinStartupKeyRequired , osVolumeEncryptionMethodMismatch , recoveryKeyBackupFailed , fixedDriveNotEncrypted , fixedDriveEncryptionMethodMismatch , loggedOnUserNonAdmin , windowsRecoveryEnvironmentNotConfigured , tpmNotAvailable , tpmNotReady , networkError . |
fileVaultStates | fileVaultState | FileVault State. Possible values are: success , driveEncryptedByUser , userDeferredEncryption , escrowNotEnabled . |
policyDetails | encryptionReportPolicyDetails collection | Policy Details |
ndesConnector
Property | Type | Description |
---|---|---|
id | String | The key of the NDES Connector. |
lastConnectionDateTime | DateTimeOffset | Last connection time for the Ndes Connector |
state | ndesConnectorState | Ndes Connector Status. Possible values are: none , active , inactive . |
displayName | String | The friendly name of the Ndes Connector. |
machineName | String | Name of the machine running on-prem certificate connector service. |
enrolledDateTime | DateTimeOffset | Timestamp when on-prem certificate connector was enrolled in Intune. |
roleScopeTagIds | String collection | List of Scope Tags for this Entity instance. |
connectorVersion | String | The build version of the Ndes Connector. |
report
Property | Type | Description |
---|---|---|
content | Stream | Not yet documented |
reportRoot
Property | Type | Description |
---|---|---|
id | String | The unique identifier for this entity. |
restrictedAppsViolation
Property | Type | Description |
---|---|---|
id | String | Unique identifier for the object. Composed from accountId, deviceId, policyId and userId |
userId | String | User unique identifier, must be Guid |
userName | String | User name |
managedDeviceId | String | Managed device unique identifier, must be Guid |
deviceName | String | Device name |
deviceConfigurationId | String | Device configuration profile unique identifier, must be Guid |
deviceConfigurationName | String | Device configuration profile name |
platformType | policyPlatformType | Platform type. Possible values are: android , androidForWork , iOS , macOS , windowsPhone81 , windows81AndLater , windows10AndLater , androidWorkProfile , windows10XProfile , androidAOSP , all . |
restrictedAppsState | restrictedAppsState | Restricted apps state. Possible values are: prohibitedApps , notApprovedApps . |
restrictedApps | managedDeviceReportedApp collection | List of violated restricted apps |
retireScheduledManagedDevice
Property | Type | Description |
---|---|---|
id | String | Key of the entity. |
managedDeviceId | String | Managed DeviceId |
managedDeviceName | String | Managed Device Name |
deviceType | deviceType | Managed Device Device Type. Possible values are: desktop , windowsRT , winMO6 , nokia , windowsPhone , mac , winCE , winEmbedded , iPhone , iPad , iPod , android , iSocConsumer , unix , macMDM , holoLens , surfaceHub , androidForWork , androidEnterprise , windows10x , androidnGMS , chromeOS , linux , blackberry , palm , unknown , cloudPC . |
complianceState | complianceStatus | Managed Device ComplianceStatus. Possible values are: unknown , notApplicable , compliant , remediated , nonCompliant , error , conflict , notAssigned . |
retireAfterDateTime | DateTimeOffset | Managed Device Retire After DateTime |
managementAgent | managementAgentType | Managed Device ManagementAgentType. Possible values are: eas , mdm , easMdm , intuneClient , easIntuneClient , configurationManagerClient , configurationManagerClientMdm , configurationManagerClientMdmEas , unknown , jamf , googleCloudDevicePolicyController , microsoft365ManagedMdm , msSense , intuneAosp . |
ownerType | managedDeviceOwnerType | Managed Device ManagedDeviceOwnerType. Possible values are: unknown , company , personal . |
deviceCompliancePolicyName | String | Device Compliance Policy Name |
deviceCompliancePolicyId | String | Device Compliance PolicyId |
roleScopeTagIds | String collection | List of Scope Tags for this Entity instance. |
settingStateDeviceSummary
Property | Type | Description |
---|---|---|
id | String | Key of the entity. |
settingName | String | Name of the setting |
instancePath | String | Name of the InstancePath for the setting |
unknownDeviceCount | Int32 | Device Unkown count for the setting |
notApplicableDeviceCount | Int32 | Device Not Applicable count for the setting |
compliantDeviceCount | Int32 | Device Compliant count for the setting |
remediatedDeviceCount | Int32 | Device Compliant count for the setting |
nonCompliantDeviceCount | Int32 | Device NonCompliant count for the setting |
errorDeviceCount | Int32 | Device error count for the setting |
conflictDeviceCount | Int32 | Device conflict error count for the setting |
sharedPCConfiguration
Property | Type | Description |
---|---|---|
id | String | Key of the entity. Inherited from deviceConfiguration |
lastModifiedDateTime | DateTimeOffset | DateTime the object was last modified. Inherited from deviceConfiguration |
createdDateTime | DateTimeOffset | DateTime the object was created. Inherited from deviceConfiguration |
description | String | Admin provided description of the Device Configuration. Inherited from deviceConfiguration |
displayName | String | Admin provided name of the device configuration. Inherited from deviceConfiguration |
version | Int32 | Version of the device configuration. Inherited from deviceConfiguration |
accountManagerPolicy | sharedPCAccountManagerPolicy | Specifies how accounts are managed on a shared PC. Only applies when disableAccountManager is false. |
allowedAccounts | sharedPCAllowedAccountType | Indicates which type of accounts are allowed to use on a shared PC. Possible values are: guest , domain . |
allowLocalStorage | Boolean | Specifies whether local storage is allowed on a shared PC. |
disableAccountManager | Boolean | Disables the account manager for shared PC mode. |
disableEduPolicies | Boolean | Specifies whether the default shared PC education environment policies should be disabled. For Windows 10 RS2 and later, this policy will be applied without setting Enabled to true. |
disablePowerPolicies | Boolean | Specifies whether the default shared PC power policies should be disabled. |
disableSignInOnResume | Boolean | Disables the requirement to sign in whenever the device wakes up from sleep mode. |
enabled | Boolean | Enables shared PC mode and applies the shared pc policies. |
idleTimeBeforeSleepInSeconds | Int32 | Specifies the time in seconds that a device must sit idle before the PC goes to sleep. Setting this value to 0 prevents the sleep timeout from occurring. |
kioskAppDisplayName | String | Specifies the display text for the account shown on the sign-in screen which launches the app specified by SetKioskAppUserModelId. Only applies when KioskAppUserModelId is set. |
kioskAppUserModelId | String | Specifies the application user model ID of the app to use with assigned access. |
maintenanceStartTime | TimeOfDay | Specifies the daily start time of maintenance hour. |
softwareUpdateStatusSummary
Property | Type | Description |
---|---|---|
id | String | Key of the entity. |
displayName | String | The name of the policy. |
compliantDeviceCount | Int32 | Number of compliant devices. |
nonCompliantDeviceCount | Int32 | Number of non compliant devices. |
remediatedDeviceCount | Int32 | Number of remediated devices. |
errorDeviceCount | Int32 | Number of devices had error. |
unknownDeviceCount | Int32 | Number of unknown devices. |
conflictDeviceCount | Int32 | Number of conflict devices. |
notApplicableDeviceCount | Int32 | Number of not applicable devices. |
compliantUserCount | Int32 | Number of compliant users. |
nonCompliantUserCount | Int32 | Number of non compliant users. |
remediatedUserCount | Int32 | Number of remediated users. |
errorUserCount | Int32 | Number of users had error. |
unknownUserCount | Int32 | Number of unknown users. |
conflictUserCount | Int32 | Number of conflict users. |
notApplicableUserCount | Int32 | Number of not applicable users. |
unsupportedDeviceConfiguration
Property | Type | Description |
---|---|---|
id | String | Key of the entity. Inherited from deviceConfiguration |
lastModifiedDateTime | DateTimeOffset | DateTime the object was last modified. Inherited from deviceConfiguration |
roleScopeTagIds | String collection | List of Scope Tags for this Entity instance. Inherited from deviceConfiguration |
supportsScopeTags | Boolean | Indicates whether or not the underlying Device Configuration supports the assignment of scope tags. Assigning to the ScopeTags property is not allowed when this value is false and entities will not be visible to scoped users. This occurs for Legacy policies created in Silverlight and can be resolved by deleting and recreating the policy in the Azure Portal. This property is read-only. Inherited from deviceConfiguration |
deviceManagementApplicabilityRuleOsEdition | deviceManagementApplicabilityRuleOsEdition | The OS edition applicability for this Policy. Inherited from deviceConfiguration |
deviceManagementApplicabilityRuleOsVersion | deviceManagementApplicabilityRuleOsVersion | The OS version applicability rule for this Policy. Inherited from deviceConfiguration |
deviceManagementApplicabilityRuleDeviceMode | deviceManagementApplicabilityRuleDeviceMode | The device mode applicability rule for this Policy. Inherited from deviceConfiguration |
createdDateTime | DateTimeOffset | DateTime the object was created. Inherited from deviceConfiguration |
description | String | Admin provided description of the Device Configuration. Inherited from deviceConfiguration |
displayName | String | Admin provided name of the device configuration. Inherited from deviceConfiguration |
version | Int32 | Version of the device configuration. Inherited from deviceConfiguration |
originalEntityTypeName | String | The type of entity that would be returned otherwise. |
details | unsupportedDeviceConfigurationDetail collection | Details describing why the entity is unsupported. This collection can contain a maximum of 1000 elements. |
vpnConfiguration
Property | Type | Description |
---|---|---|
id | String | Key of the entity. Inherited from deviceConfiguration |
lastModifiedDateTime | DateTimeOffset | DateTime the object was last modified. Inherited from deviceConfiguration |
roleScopeTagIds | String collection | List of Scope Tags for this Entity instance. Inherited from deviceConfiguration |
supportsScopeTags | Boolean | Indicates whether or not the underlying Device Configuration supports the assignment of scope tags. Assigning to the ScopeTags property is not allowed when this value is false and entities will not be visible to scoped users. This occurs for Legacy policies created in Silverlight and can be resolved by deleting and recreating the policy in the Azure Portal. This property is read-only. Inherited from deviceConfiguration |
deviceManagementApplicabilityRuleOsEdition | deviceManagementApplicabilityRuleOsEdition | The OS edition applicability for this Policy. Inherited from deviceConfiguration |
deviceManagementApplicabilityRuleOsVersion | deviceManagementApplicabilityRuleOsVersion | The OS version applicability rule for this Policy. Inherited from deviceConfiguration |
deviceManagementApplicabilityRuleDeviceMode | deviceManagementApplicabilityRuleDeviceMode | The device mode applicability rule for this Policy. Inherited from deviceConfiguration |
createdDateTime | DateTimeOffset | DateTime the object was created. Inherited from deviceConfiguration |
description | String | Admin provided description of the Device Configuration. Inherited from deviceConfiguration |
displayName | String | Admin provided name of the device configuration. Inherited from deviceConfiguration |
version | Int32 | Version of the device configuration. Inherited from deviceConfiguration |
authenticationMethod | vpnAuthenticationMethod | Authentication method. Possible values are: certificate , usernameAndPassword , sharedSecret , derivedCredential , azureAD . |
connectionName | String | Connection name displayed to the user. |
role | String | Role when connection type is set to Pulse Secure. |
realm | String | Realm when connection type is set to Pulse Secure. |
servers | vpnServer collection | List of VPN Servers on the network. Make sure end users can access these network locations. This collection can contain a maximum of 500 elements. |
windows10CertificateProfileBase
Property | Type | Description |
---|---|---|
id | String | Key of the entity. Inherited from deviceConfiguration |
lastModifiedDateTime | DateTimeOffset | DateTime the object was last modified. Inherited from deviceConfiguration |
roleScopeTagIds | String collection | List of Scope Tags for this Entity instance. Inherited from deviceConfiguration |
supportsScopeTags | Boolean | Indicates whether or not the underlying Device Configuration supports the assignment of scope tags. Assigning to the ScopeTags property is not allowed when this value is false and entities will not be visible to scoped users. This occurs for Legacy policies created in Silverlight and can be resolved by deleting and recreating the policy in the Azure Portal. This property is read-only. Inherited from deviceConfiguration |
deviceManagementApplicabilityRuleOsEdition | deviceManagementApplicabilityRuleOsEdition | The OS edition applicability for this Policy. Inherited from deviceConfiguration |
deviceManagementApplicabilityRuleOsVersion | deviceManagementApplicabilityRuleOsVersion | The OS version applicability rule for this Policy. Inherited from deviceConfiguration |
deviceManagementApplicabilityRuleDeviceMode | deviceManagementApplicabilityRuleDeviceMode | The device mode applicability rule for this Policy. Inherited from deviceConfiguration |
createdDateTime | DateTimeOffset | DateTime the object was created. Inherited from deviceConfiguration |
description | String | Admin provided description of the Device Configuration. Inherited from deviceConfiguration |
displayName | String | Admin provided name of the device configuration. Inherited from deviceConfiguration |
version | Int32 | Version of the device configuration. Inherited from deviceConfiguration |
renewalThresholdPercentage | Int32 | Certificate renewal threshold percentage. Valid values 1 to 99 Inherited from windowsCertificateProfileBase |
keyStorageProvider | keyStorageProviderOption | Key Storage Provider (KSP) Inherited from windowsCertificateProfileBase. Possible values are: useTpmKspOtherwiseUseSoftwareKsp , useTpmKspOtherwiseFail , usePassportForWorkKspOtherwiseFail , useSoftwareKsp . |
subjectNameFormat | subjectNameFormat | Certificate Subject Name Format Inherited from windowsCertificateProfileBase. Possible values are: commonName , commonNameIncludingEmail , commonNameAsEmail , custom , commonNameAsIMEI , commonNameAsSerialNumber , commonNameAsAadDeviceId , commonNameAsIntuneDeviceId , commonNameAsDurableDeviceId . |
subjectAlternativeNameType | subjectAlternativeNameType | Certificate Subject Alternative Name Type Inherited from windowsCertificateProfileBase. Possible values are: none , emailAddress , userPrincipalName , customAzureADAttribute , domainNameService , universalResourceIdentifier . |
certificateValidityPeriodValue | Int32 | Value for the Certificate Validity Period Inherited from windowsCertificateProfileBase |
certificateValidityPeriodScale | certificateValidityPeriodScale | Scale for the Certificate Validity Period Inherited from windowsCertificateProfileBase. Possible values are: days , months , years . |
windows10CompliancePolicy
Property | Type | Description |
---|---|---|
id | String | Key of the entity. Inherited from deviceCompliancePolicy |
createdDateTime | DateTimeOffset | DateTime the object was created. Inherited from deviceCompliancePolicy |
description | String | Admin provided description of the Device Configuration. Inherited from deviceCompliancePolicy |
lastModifiedDateTime | DateTimeOffset | DateTime the object was last modified. Inherited from deviceCompliancePolicy |
displayName | String | Admin provided name of the device configuration. Inherited from deviceCompliancePolicy |
version | Int32 | Version of the device configuration. Inherited from deviceCompliancePolicy |
passwordRequired | Boolean | Require a password to unlock Windows device. |
passwordBlockSimple | Boolean | Indicates whether or not to block simple password. |
passwordRequiredToUnlockFromIdle | Boolean | Require a password to unlock an idle device. |
passwordMinutesOfInactivityBeforeLock | Int32 | Minutes of inactivity before a password is required. |
passwordExpirationDays | Int32 | The password expiration in days. |
passwordMinimumLength | Int32 | The minimum password length. |
passwordMinimumCharacterSetCount | Int32 | The number of character sets required in the password. |
passwordRequiredType | requiredPasswordType | The required password type. Possible values are: deviceDefault , alphanumeric , numeric . |
passwordPreviousPasswordBlockCount | Int32 | The number of previous passwords to prevent re-use of. |
requireHealthyDeviceReport | Boolean | Require devices to be reported as healthy by Windows Device Health Attestation. |
osMinimumVersion | String | Minimum Windows 10 version. |
osMaximumVersion | String | Maximum Windows 10 version. |
mobileOsMinimumVersion | String | Minimum Windows Phone version. |
mobileOsMaximumVersion | String | Maximum Windows Phone version. |
earlyLaunchAntiMalwareDriverEnabled | Boolean | Require devices to be reported as healthy by Windows Device Health Attestation - early launch antimalware driver is enabled. |
bitLockerEnabled | Boolean | Require devices to be reported healthy by Windows Device Health Attestation - bit locker is enabled |
secureBootEnabled | Boolean | Require devices to be reported as healthy by Windows Device Health Attestation - secure boot is enabled. |
codeIntegrityEnabled | Boolean | Require devices to be reported as healthy by Windows Device Health Attestation. |
storageRequireEncryption | Boolean | Require encryption on windows devices. |
windows10CustomConfiguration
Property | Type | Description |
---|---|---|
id | String | Key of the entity. Inherited from deviceConfiguration |
lastModifiedDateTime | DateTimeOffset | DateTime the object was last modified. Inherited from deviceConfiguration |
createdDateTime | DateTimeOffset | DateTime the object was created. Inherited from deviceConfiguration |
description | String | Admin provided description of the Device Configuration. Inherited from deviceConfiguration |
displayName | String | Admin provided name of the device configuration. Inherited from deviceConfiguration |
version | Int32 | Version of the device configuration. Inherited from deviceConfiguration |
omaSettings | omaSetting collection | OMA settings. This collection can contain a maximum of 1000 elements. |
windows10DeviceFirmwareConfigurationInterface
Property | Type | Description |
---|---|---|
id | String | Key of the entity. Inherited from deviceConfiguration |
lastModifiedDateTime | DateTimeOffset | DateTime the object was last modified. Inherited from deviceConfiguration |
roleScopeTagIds | String collection | List of Scope Tags for this Entity instance. Inherited from deviceConfiguration |
supportsScopeTags | Boolean | Indicates whether or not the underlying Device Configuration supports the assignment of scope tags. Assigning to the ScopeTags property is not allowed when this value is false and entities will not be visible to scoped users. This occurs for Legacy policies created in Silverlight and can be resolved by deleting and recreating the policy in the Azure Portal. This property is read-only. Inherited from deviceConfiguration |
deviceManagementApplicabilityRuleOsEdition | deviceManagementApplicabilityRuleOsEdition | The OS edition applicability for this Policy. Inherited from deviceConfiguration |
deviceManagementApplicabilityRuleOsVersion | deviceManagementApplicabilityRuleOsVersion | The OS version applicability rule for this Policy. Inherited from deviceConfiguration |
deviceManagementApplicabilityRuleDeviceMode | deviceManagementApplicabilityRuleDeviceMode | The device mode applicability rule for this Policy. Inherited from deviceConfiguration |
createdDateTime | DateTimeOffset | DateTime the object was created. Inherited from deviceConfiguration |
description | String | Admin provided description of the Device Configuration. Inherited from deviceConfiguration |
displayName | String | Admin provided name of the device configuration. Inherited from deviceConfiguration |
version | Int32 | Version of the device configuration. Inherited from deviceConfiguration |
changeUefiSettingsPermission | changeUefiSettingsPermission | Defines the permission level granted to users to change UEFI settings. Possible values are: notConfiguredOnly , none . |
virtualizationOfCpuAndIO | enablement | Defines whether CPU and IO virtualization is enabled. Possible values are: notConfigured , enabled , disabled . |
cameras | enablement | Defines whether built-in cameras are enabled. Possible values are: notConfigured , enabled , disabled . |
microphonesAndSpeakers | enablement | Defines whether built-in microphones or speakers are enabled. Possible values are: notConfigured , enabled , disabled . |
radios | enablement | Defines whether built-in radios e.g. WIFI, NFC, Bluetooth, are enabled. Possible values are: notConfigured , enabled , disabled . |
bootFromExternalMedia | enablement | Defines whether a user is allowed to boot from external media. Possible values are: notConfigured , enabled , disabled . |
bootFromBuiltInNetworkAdapters | enablement | Defines whether a user is allowed to boot from built-in network adapters. Possible values are: notConfigured , enabled , disabled . |
windowsPlatformBinaryTable | enablement | Defines whether a user is allowed to enable Windows Platform Binary Table. Possible values are: notConfigured , enabled , disabled . |
simultaneousMultiThreading | enablement | Defines whether a user is allowed to enable Simultaneous MultiThreading. Possible values are: notConfigured , enabled , disabled . |
frontCamera | enablement | Defines whether a user is allowed to enable Front Camera. Possible values are: notConfigured , enabled , disabled . |
rearCamera | enablement | Defines whether a user is allowed to enable rear camera. Possible values are: notConfigured , enabled , disabled . |
infraredCamera | enablement | Defines whether a user is allowed to enable Infrared camera. Possible values are: notConfigured , enabled , disabled . |
microphone | enablement | Defines whether a user is allowed to enable Microphone. Possible values are: notConfigured , enabled , disabled . |
bluetooth | enablement | Defines whether a user is allowed to enable Bluetooth. Possible values are: notConfigured , enabled , disabled . |
wirelessWideAreaNetwork | enablement | Defines whether a user is allowed to enable Wireless Wide Area Network. Possible values are: notConfigured , enabled , disabled . |
nearFieldCommunication | enablement | Defines whether a user is allowed to enable Near Field Communication. Possible values are: notConfigured , enabled , disabled . |
wiFi | enablement | Defines whether a user is allowed to enable WiFi. Possible values are: notConfigured , enabled , disabled . |
usbTypeAPort | enablement | Defines whether a user is allowed to enable USB Type A Port. Possible values are: notConfigured , enabled , disabled . |
sdCard | enablement | Defines whether a user is allowed to enable SD Card Port. Possible values are: notConfigured , enabled , disabled . |
wakeOnLAN | enablement | Defines whether a user is allowed to enable Wake on LAN. Possible values are: notConfigured , enabled , disabled . |
wakeOnPower | enablement | Defines whether a user is allowed to enable Wake On Power. Possible values are: notConfigured , enabled , disabled . |
windows10EasEmailProfileConfiguration
Property | Type | Description |
---|---|---|
id | String | Key of the entity. Inherited from deviceConfiguration |
lastModifiedDateTime | DateTimeOffset | DateTime the object was last modified. Inherited from deviceConfiguration |
roleScopeTagIds | String collection | List of Scope Tags for this Entity instance. Inherited from deviceConfiguration |
supportsScopeTags | Boolean | Indicates whether or not the underlying Device Configuration supports the assignment of scope tags. Assigning to the ScopeTags property is not allowed when this value is false and entities will not be visible to scoped users. This occurs for Legacy policies created in Silverlight and can be resolved by deleting and recreating the policy in the Azure Portal. This property is read-only. Inherited from deviceConfiguration |
deviceManagementApplicabilityRuleOsEdition | deviceManagementApplicabilityRuleOsEdition | The OS edition applicability for this Policy. Inherited from deviceConfiguration |
deviceManagementApplicabilityRuleOsVersion | deviceManagementApplicabilityRuleOsVersion | The OS version applicability rule for this Policy. Inherited from deviceConfiguration |
deviceManagementApplicabilityRuleDeviceMode | deviceManagementApplicabilityRuleDeviceMode | The device mode applicability rule for this Policy. Inherited from deviceConfiguration |
createdDateTime | DateTimeOffset | DateTime the object was created. Inherited from deviceConfiguration |
description | String | Admin provided description of the Device Configuration. Inherited from deviceConfiguration |
displayName | String | Admin provided name of the device configuration. Inherited from deviceConfiguration |
version | Int32 | Version of the device configuration. Inherited from deviceConfiguration |
usernameSource | userEmailSource | Username attribute that is picked from AAD and injected into this profile before installing on the device. Inherited from easEmailProfileConfigurationBase. Possible values are: userPrincipalName , primarySmtpAddress . |
usernameAADSource | usernameSource | Name of the AAD field, that will be used to retrieve UserName for email profile. Inherited from easEmailProfileConfigurationBase. Possible values are: userPrincipalName , primarySmtpAddress , samAccountName . |
userDomainNameSource | domainNameSource | UserDomainname attribute that is picked from AAD and injected into this profile before installing on the device. Inherited from easEmailProfileConfigurationBase. Possible values are: fullDomainName , netBiosDomainName . |
customDomainName | String | Custom domain name value used while generating an email profile before installing on the device. Inherited from easEmailProfileConfigurationBase |
accountName | String | Account name. |
syncCalendar | Boolean | Whether or not to sync the calendar. |
syncContacts | Boolean | Whether or not to sync contacts. |
syncTasks | Boolean | Whether or not to sync tasks. |
durationOfEmailToSync | emailSyncDuration | Duration of email to sync. Possible values are: userDefined , oneDay , threeDays , oneWeek , twoWeeks , oneMonth , unlimited . |
emailAddressSource | userEmailSource | Email attribute that is picked from AAD and injected into this profile before installing on the device. Possible values are: userPrincipalName , primarySmtpAddress . |
emailSyncSchedule | emailSyncSchedule | Email sync schedule. Possible values are: userDefined , asMessagesArrive , manual , fifteenMinutes , thirtyMinutes , sixtyMinutes , basedOnMyUsage . |
hostName | String | Exchange location that (URL) that the native mail app connects to. |
requireSsl | Boolean | Indicates whether or not to use SSL. |
windows10EndpointProtectionConfiguration
Property | Type | Description |
---|---|---|
id | String | Key of the entity. Inherited from deviceConfiguration |
lastModifiedDateTime | DateTimeOffset | DateTime the object was last modified. Inherited from deviceConfiguration |
createdDateTime | DateTimeOffset | DateTime the object was created. Inherited from deviceConfiguration |
description | String | Admin provided description of the Device Configuration. Inherited from deviceConfiguration |
displayName | String | Admin provided name of the device configuration. Inherited from deviceConfiguration |
version | Int32 | Version of the device configuration. Inherited from deviceConfiguration |
firewallBlockStatefulFTP | Boolean | Blocks stateful FTP connections to the device |
firewallIdleTimeoutForSecurityAssociationInSeconds | Int32 | Configures the idle timeout for security associations, in seconds, from 300 to 3600 inclusive. This is the period after which security associations will expire and be deleted. Valid values 300 to 3600 |
firewallPreSharedKeyEncodingMethod | firewallPreSharedKeyEncodingMethodType | Select the preshared key encoding to be used. Possible values are: deviceDefault , none , utF8 . |
firewallIPSecExemptionsAllowNeighborDiscovery | Boolean | Configures IPSec exemptions to allow neighbor discovery IPv6 ICMP type-codes |
firewallIPSecExemptionsAllowICMP | Boolean | Configures IPSec exemptions to allow ICMP |
firewallIPSecExemptionsAllowRouterDiscovery | Boolean | Configures IPSec exemptions to allow router discovery IPv6 ICMP type-codes |
firewallIPSecExemptionsAllowDHCP | Boolean | Configures IPSec exemptions to allow both IPv4 and IPv6 DHCP traffic |
firewallCertificateRevocationListCheckMethod | firewallCertificateRevocationListCheckMethodType | Specify how the certificate revocation list is to be enforced. Possible values are: deviceDefault , none , attempt , require . |
firewallMergeKeyingModuleSettings | Boolean | If an authentication set is not fully supported by a keying module, direct the module to ignore only unsupported authentication suites rather than the entire set |
firewallPacketQueueingMethod | firewallPacketQueueingMethodType | Configures how packet queueing should be applied in the tunnel gateway scenario. Possible values are: deviceDefault , disabled , queueInbound , queueOutbound , queueBoth . |
firewallProfileDomain | windowsFirewallNetworkProfile | Configures the firewall profile settings for domain networks |
firewallProfilePublic | windowsFirewallNetworkProfile | Configures the firewall profile settings for public networks |
firewallProfilePrivate | windowsFirewallNetworkProfile | Configures the firewall profile settings for private networks |
defenderAttackSurfaceReductionExcludedPaths | String collection | List of exe files and folders to be excluded from attack surface reduction rules |
defenderGuardedFoldersAllowedAppPaths | String collection | List of paths to exe that are allowed to access protected folders |
defenderAdditionalGuardedFolders | String collection | List of folder paths to be added to the list of protected folders |
defenderExploitProtectionXml | Binary | Xml content containing information regarding exploit protection details. |
defenderExploitProtectionXmlFileName | String | Name of the file from which DefenderExploitProtectionXml was obtained. |
defenderSecurityCenterBlockExploitProtectionOverride | Boolean | Indicates whether or not to block user from overriding Exploit Protection settings. |
appLockerApplicationControl | appLockerApplicationControlType | Enables the Admin to choose what types of app to allow on devices. Possible values are: notConfigured , enforceComponentsAndStoreApps , auditComponentsAndStoreApps , enforceComponentsStoreAppsAndSmartlocker , auditComponentsStoreAppsAndSmartlocker . |
smartScreenEnableInShell | Boolean | Allows IT Admins to configure SmartScreen for Windows. |
smartScreenBlockOverrideForFiles | Boolean | Allows IT Admins to control whether users can can ignore SmartScreen warnings and run malicious files. |
applicationGuardEnabled | Boolean | Enable Windows Defender Application Guard |
applicationGuardBlockFileTransfer | applicationGuardBlockFileTransferType | Block clipboard to transfer image file, text file or neither of them. Possible values are: notConfigured , blockImageAndTextFile , blockImageFile , blockNone , blockTextFile . |
applicationGuardBlockNonEnterpriseContent | Boolean | Block enterprise sites to load non-enterprise content, such as third party plug-ins |
applicationGuardAllowPersistence | Boolean | Allow persisting user generated data inside the App Guard Containter (favorites, cookies, web passwords, etc.) |
applicationGuardForceAuditing | Boolean | Force auditing will persist Windows logs and events to meet security/compliance criteria (sample events are user login-logoff, use of privilege rights, software installation, system changes, etc.) |
applicationGuardBlockClipboardSharing | applicationGuardBlockClipboardSharingType | Block clipboard to share data from Host to Container, or from Container to Host, or both ways, or neither ways. Possible values are: notConfigured , blockBoth , blockHostToContainer , blockContainerToHost , blockNone . |
applicationGuardAllowPrintToPDF | Boolean | Allow printing to PDF from Container |
applicationGuardAllowPrintToXPS | Boolean | Allow printing to XPS from Container |
applicationGuardAllowPrintToLocalPrinters | Boolean | Allow printing to Local Printers from Container |
applicationGuardAllowPrintToNetworkPrinters | Boolean | Allow printing to Network Printers from Container |
bitLockerDisableWarningForOtherDiskEncryption | Boolean | Allows the Admin to disable the warning prompt for other disk encryption on the user machines. |
bitLockerEnableStorageCardEncryptionOnMobile | Boolean | Allows the admin to require encryption to be turned on using BitLocker. This policy is valid only for a mobile SKU. |
bitLockerEncryptDevice | Boolean | Allows the admin to require encryption to be turned on using BitLocker. |
bitLockerRemovableDrivePolicy | bitLockerRemovableDrivePolicy | BitLocker Removable Drive Policy. |
windows10EnterpriseModernAppManagementConfiguration
Property | Type | Description |
---|---|---|
id | String | Key of the entity. Inherited from deviceConfiguration |
lastModifiedDateTime | DateTimeOffset | DateTime the object was last modified. Inherited from deviceConfiguration |
createdDateTime | DateTimeOffset | DateTime the object was created. Inherited from deviceConfiguration |
description | String | Admin provided description of the Device Configuration. Inherited from deviceConfiguration |
displayName | String | Admin provided name of the device configuration. Inherited from deviceConfiguration |
version | Int32 | Version of the device configuration. Inherited from deviceConfiguration |
uninstallBuiltInApps | Boolean | Indicates whether or not to uninstall a fixed list of built-in Windows apps. |
windows10GeneralConfiguration
Property | Type | Description |
---|---|---|
id | String | Key of the entity. Inherited from deviceConfiguration |
lastModifiedDateTime | DateTimeOffset | DateTime the object was last modified. Inherited from deviceConfiguration |
createdDateTime | DateTimeOffset | DateTime the object was created. Inherited from deviceConfiguration |
description | String | Admin provided description of the Device Configuration. Inherited from deviceConfiguration |
displayName | String | Admin provided name of the device configuration. Inherited from deviceConfiguration |
version | Int32 | Version of the device configuration. Inherited from deviceConfiguration |
enterpriseCloudPrintDiscoveryEndPoint | String | Endpoint for discovering cloud printers. |
enterpriseCloudPrintOAuthAuthority | String | Authentication endpoint for acquiring OAuth tokens. |
enterpriseCloudPrintOAuthClientIdentifier | String | GUID of a client application authorized to retrieve OAuth tokens from the OAuth Authority. |
enterpriseCloudPrintResourceIdentifier | String | OAuth resource URI for print service as configured in the Azure portal. |
enterpriseCloudPrintDiscoveryMaxLimit | Int32 | Maximum number of printers that should be queried from a discovery endpoint. This is a mobile only setting. Valid values 1 to 65535 |
enterpriseCloudPrintMopriaDiscoveryResourceIdentifier | String | OAuth resource URI for printer discovery service as configured in Azure portal. |
searchBlockDiacritics | Boolean | Specifies if search can use diacritics. |
searchDisableAutoLanguageDetection | Boolean | Specifies whether to use automatic language detection when indexing content and properties. |
searchDisableIndexingEncryptedItems | Boolean | Indicates whether or not to block indexing of WIP-protected items to prevent them from appearing in search results for Cortana or Explorer. |
searchEnableRemoteQueries | Boolean | Indicates whether or not to block remote queries of this computer’s index. |
searchDisableIndexerBackoff | Boolean | Indicates whether or not to disable the search indexer backoff feature. |
searchDisableIndexingRemovableDrive | Boolean | Indicates whether or not to allow users to add locations on removable drives to libraries and to be indexed. |
searchEnableAutomaticIndexSizeManangement | Boolean | Specifies minimum amount of hard drive space on the same drive as the index location before indexing stops. |
diagnosticsDataSubmissionMode | diagnosticDataSubmissionMode | Gets or sets a value allowing the device to send diagnostic and usage telemetry data, such as Watson. Possible values are: userDefined , none , basic , enhanced , full . |
oneDriveDisableFileSync | Boolean | Gets or sets a value allowing IT admins to prevent apps and features from working with files on OneDrive. |
smartScreenEnableAppInstallControl | Boolean | This property will be deprecated in July 2019 and will be replaced by property SmartScreenAppInstallControl. Allows IT Admins to control whether users are allowed to install apps from places other than the Store. |
personalizationDesktopImageUrl | String | A http or https Url to a jpg, jpeg or png image that needs to be downloaded and used as the Desktop Image or a file Url to a local image on the file system that needs to used as the Desktop Image. |
personalizationLockScreenImageUrl | String | A http or https Url to a jpg, jpeg or png image that neeeds to be downloaded and used as the Lock Screen Image or a file Url to a local image on the file system that needs to be used as the Lock Screen Image. |
bluetoothAllowedServices | String collection | Specify a list of allowed Bluetooth services and profiles in hex formatted strings. |
bluetoothBlockAdvertising | Boolean | Whether or not to Block the user from using bluetooth advertising. |
bluetoothBlockDiscoverableMode | Boolean | Whether or not to Block the user from using bluetooth discoverable mode. |
bluetoothBlockPrePairing | Boolean | Whether or not to block specific bundled Bluetooth peripherals to automatically pair with the host device. |
edgeBlockAutofill | Boolean | Indicates whether or not to block auto fill. |
edgeBlocked | Boolean | Indicates whether or not to Block the user from using the Edge browser. |
edgeCookiePolicy | edgeCookiePolicy | Indicates which cookies to block in the Edge browser. Possible values are: userDefined , allow , blockThirdParty , blockAll . |
edgeBlockDeveloperTools | Boolean | Indicates whether or not to block developer tools in the Edge browser. |
edgeBlockSendingDoNotTrackHeader | Boolean | Indicates whether or not to Block the user from sending the do not track header. |
edgeBlockExtensions | Boolean | Indicates whether or not to block extensions in the Edge browser. |
edgeBlockInPrivateBrowsing | Boolean | Indicates whether or not to block InPrivate browsing on corporate networks, in the Edge browser. |
edgeBlockJavaScript | Boolean | Indicates whether or not to Block the user from using JavaScript. |
edgeBlockPasswordManager | Boolean | Indicates whether or not to Block password manager. |
edgeBlockAddressBarDropdown | Boolean | Block the address bar dropdown functionality in Microsoft Edge. Disable this settings to minimize network connections from Microsoft Edge to Microsoft services. |
edgeBlockCompatibilityList | Boolean | Block Microsoft compatibility list in Microsoft Edge. This list from Microsoft helps Edge properly display sites with known compatibility issues. |
edgeClearBrowsingDataOnExit | Boolean | Clear browsing data on exiting Microsoft Edge. |
edgeAllowStartPagesModification | Boolean | Allow users to change Start pages on Edge. Use the EdgeHomepageUrls to specify the Start pages that the user would see by default when they open Edge. |
edgeDisableFirstRunPage | Boolean | Block the Microsoft web page that opens on the first use of Microsoft Edge. This policy allows enterprises, like those enrolled in zero emissions configurations, to block this page. |
edgeBlockLiveTileDataCollection | Boolean | Block the collection of information by Microsoft for live tile creation when users pin a site to Start from Microsoft Edge. |
edgeSyncFavoritesWithInternetExplorer | Boolean | Enable favorites sync between Internet Explorer and Microsoft Edge. Additions, deletions, modifications and order changes to favorites are shared between browsers. |
cellularBlockDataWhenRoaming | Boolean | Whether or not to Block the user from using data over cellular while roaming. |
cellularBlockVpn | Boolean | Whether or not to Block the user from using VPN over cellular. |
cellularBlockVpnWhenRoaming | Boolean | Whether or not to Block the user from using VPN when roaming over cellular. |
defenderRequireRealTimeMonitoring | Boolean | Indicates whether or not to require real time monitoring. |
defenderRequireBehaviorMonitoring | Boolean | Indicates whether or not to require behavior monitoring. |
defenderRequireNetworkInspectionSystem | Boolean | Indicates whether or not to require network inspection system. |
defenderScanDownloads | Boolean | Indicates whether or not to scan downloads. |
defenderScanScriptsLoadedInInternetExplorer | Boolean | Indicates whether or not to scan scripts loaded in Internet Explorer browser. |
defenderBlockEndUserAccess | Boolean | Whether or not to block end user access to Defender. |
defenderSignatureUpdateIntervalInHours | Int32 | The signature update interval in hours. Specify 0 not to check. Valid values 0 to 24 |
defenderMonitorFileActivity | defenderMonitorFileActivity | Value for monitoring file activity. Possible values are: userDefined , disable , monitorAllFiles , monitorIncomingFilesOnly , monitorOutgoingFilesOnly . |
defenderDaysBeforeDeletingQuarantinedMalware | Int32 | Number of days before deleting quarantined malware. Valid values 0 to 90 |
defenderScanMaxCpu | Int32 | Max CPU usage percentage during scan. Valid values 0 to 100 |
defenderScanArchiveFiles | Boolean | Indicates whether or not to scan archive files. |
defenderScanIncomingMail | Boolean | Indicates whether or not to scan incoming mail messages. |
defenderScanRemovableDrivesDuringFullScan | Boolean | Indicates whether or not to scan removable drives during full scan. |
defenderScanMappedNetworkDrivesDuringFullScan | Boolean | Indicates whether or not to scan mapped network drives during full scan. |
defenderScanNetworkFiles | Boolean | Indicates whether or not to scan files opened from a network folder. |
defenderRequireCloudProtection | Boolean | Indicates whether or not to require cloud protection. |
defenderCloudBlockLevel | defenderCloudBlockLevelType | Specifies the level of cloud-delivered protection. Possible values are: notConfigured , high , highPlus , zeroTolerance . |
defenderPromptForSampleSubmission | defenderPromptForSampleSubmission | The configuration for how to prompt user for sample submission. Possible values are: userDefined , alwaysPrompt , promptBeforeSendingPersonalData , neverSendData , sendAllDataWithoutPrompting . |
defenderScheduledQuickScanTime | TimeOfDay | The time to perform a daily quick scan. |
defenderScanType | defenderScanType | The defender system scan type. Possible values are: userDefined , disabled , quick , full . |
defenderSystemScanSchedule | weeklySchedule | Defender day of the week for the system scan. Possible values are: userDefined , everyday , sunday , monday , tuesday , wednesday , thursday , friday , saturday . |
defenderScheduledScanTime | TimeOfDay | The defender time for the system scan. |
defenderDetectedMalwareActions | defenderDetectedMalwareActions | Gets or sets Defender’s actions to take on detected Malware per threat level. |
defenderFileExtensionsToExclude | String collection | File extensions to exclude from scans and real time protection. |
defenderFilesAndFoldersToExclude | String collection | Files and folder to exclude from scans and real time protection. |
defenderProcessesToExclude | String collection | Processes to exclude from scans and real time protection. |
lockScreenAllowTimeoutConfiguration | Boolean | Specify whether to show a user-configurable setting to control the screen timeout while on the lock screen of Windows 10 Mobile devices. If this policy is set to Allow, the value set by lockScreenTimeoutInSeconds is ignored. |
lockScreenBlockActionCenterNotifications | Boolean | Indicates whether or not to block action center notifications over lock screen. |
lockScreenBlockCortana | Boolean | Indicates whether or not the user can interact with Cortana using speech while the system is locked. |
lockScreenBlockToastNotifications | Boolean | Indicates whether to allow toast notifications above the device lock screen. |
lockScreenTimeoutInSeconds | Int32 | Set the duration (in seconds) from the screen locking to the screen turning off for Windows 10 Mobile devices. Supported values are 11-1800. Valid values 11 to 1800 |
passwordBlockSimple | Boolean | Specify whether PINs or passwords such as "1111" or "1234" are allowed. For Windows 10 desktops, it also controls the use of picture passwords. |
passwordExpirationDays | Int32 | The password expiration in days. Valid values 0 to 730 |
passwordMinimumLength | Int32 | The minimum password length. Valid values 4 to 16 |
passwordMinutesOfInactivityBeforeScreenTimeout | Int32 | The minutes of inactivity before the screen times out. |
passwordMinimumCharacterSetCount | Int32 | The number of character sets required in the password. |
passwordPreviousPasswordBlockCount | Int32 | The number of previous passwords to prevent reuse of. Valid values 0 to 50 |
passwordRequired | Boolean | Indicates whether or not to require the user to have a password. |
passwordRequireWhenResumeFromIdleState | Boolean | Indicates whether or not to require a password upon resuming from an idle state. |
passwordRequiredType | requiredPasswordType | The required password type. Possible values are: deviceDefault , alphanumeric , numeric . |
passwordSignInFailureCountBeforeFactoryReset | Int32 | The number of sign in failures before factory reset. Valid values 0 to 999 |
privacyAdvertisingId | stateManagementSetting | Enables or disables the use of advertising ID. Added in Windows 10, version 1607. Possible values are: notConfigured , blocked , allowed . |
privacyAutoAcceptPairingAndConsentPrompts | Boolean | Indicates whether or not to allow the automatic acceptance of the pairing and privacy user consent dialog when launching apps. |
privacyBlockInputPersonalization | Boolean | Indicates whether or not to block the usage of cloud based speech services for Cortana, Dictation, or Store applications. |
startBlockUnpinningAppsFromTaskbar | Boolean | Indicates whether or not to block the user from unpinning apps from taskbar. |
startMenuAppListVisibility | windowsStartMenuAppListVisibilityType | Setting the value of this collapses the app list, removes the app list entirely, or disables the corresponding toggle in the Settings app. Possible values are: userDefined , collapse , remove , disableSettingsApp . |
startMenuHideChangeAccountSettings | Boolean | Enabling this policy hides the change account setting from appearing in the user tile in the start menu. |
startMenuHideFrequentlyUsedApps | Boolean | Enabling this policy hides the most used apps from appearing on the start menu and disables the corresponding toggle in the Settings app. |
startMenuHideHibernate | Boolean | Enabling this policy hides hibernate from appearing in the power button in the start menu. |
startMenuHideLock | Boolean | Enabling this policy hides lock from appearing in the user tile in the start menu. |
startMenuHidePowerButton | Boolean | Enabling this policy hides the power button from appearing in the start menu. |
startMenuHideRecentJumpLists | Boolean | Enabling this policy hides recent jump lists from appearing on the start menu/taskbar and disables the corresponding toggle in the Settings app. |
startMenuHideRecentlyAddedApps | Boolean | Enabling this policy hides recently added apps from appearing on the start menu and disables the corresponding toggle in the Settings app. |
startMenuHideRestartOptions | Boolean | Enabling this policy hides “Restart/Update and Restart” from appearing in the power button in the start menu. |
startMenuHideShutDown | Boolean | Enabling this policy hides shut down/update and shut down from appearing in the power button in the start menu. |
startMenuHideSignOut | Boolean | Enabling this policy hides sign out from appearing in the user tile in the start menu. |
startMenuHideSleep | Boolean | Enabling this policy hides sleep from appearing in the power button in the start menu. |
startMenuHideSwitchAccount | Boolean | Enabling this policy hides switch account from appearing in the user tile in the start menu. |
startMenuHideUserTile | Boolean | Enabling this policy hides the user tile from appearing in the start menu. |
startMenuLayoutEdgeAssetsXml | Binary | This policy setting allows you to import Edge assets to be used with startMenuLayoutXml policy. Start layout can contain secondary tile from Edge app which looks for Edge local asset file. Edge local asset would not exist and cause Edge secondary tile to appear empty in this case. This policy only gets applied when startMenuLayoutXml policy is modified. The value should be a UTF-8 Base64 encoded byte array. |
startMenuLayoutXml | Binary | Allows admins to override the default Start menu layout and prevents the user from changing it. The layout is modified by specifying an XML file based on a layout modification schema. XML needs to be in a UTF8 encoded byte array format. |
startMenuMode | windowsStartMenuModeType | Allows admins to decide how the Start menu is displayed. Possible values are: userDefined , fullScreen , nonFullScreen . |
startMenuPinnedFolderDocuments | visibilitySetting | Enforces the visibility (Show/Hide) of the Documents folder shortcut on the Start menu. Possible values are: notConfigured , hide , show . |
startMenuPinnedFolderDownloads | visibilitySetting | Enforces the visibility (Show/Hide) of the Downloads folder shortcut on the Start menu. Possible values are: notConfigured , hide , show . |
startMenuPinnedFolderFileExplorer | visibilitySetting | Enforces the visibility (Show/Hide) of the FileExplorer shortcut on the Start menu. Possible values are: notConfigured , hide , show . |
startMenuPinnedFolderHomeGroup | visibilitySetting | Enforces the visibility (Show/Hide) of the HomeGroup folder shortcut on the Start menu. Possible values are: notConfigured , hide , show . |
startMenuPinnedFolderMusic | visibilitySetting | Enforces the visibility (Show/Hide) of the Music folder shortcut on the Start menu. Possible values are: notConfigured , hide , show . |
startMenuPinnedFolderNetwork | visibilitySetting | Enforces the visibility (Show/Hide) of the Network folder shortcut on the Start menu. Possible values are: notConfigured , hide , show . |
startMenuPinnedFolderPersonalFolder | visibilitySetting | Enforces the visibility (Show/Hide) of the PersonalFolder shortcut on the Start menu. Possible values are: notConfigured , hide , show . |
startMenuPinnedFolderPictures | visibilitySetting | Enforces the visibility (Show/Hide) of the Pictures folder shortcut on the Start menu. Possible values are: notConfigured , hide , show . |
startMenuPinnedFolderSettings | visibilitySetting | Enforces the visibility (Show/Hide) of the Settings folder shortcut on the Start menu. Possible values are: notConfigured , hide , show . |
startMenuPinnedFolderVideos | visibilitySetting | Enforces the visibility (Show/Hide) of the Videos folder shortcut on the Start menu. Possible values are: notConfigured , hide , show . |
settingsBlockSettingsApp | Boolean | Indicates whether or not to block access to Settings app. |
settingsBlockSystemPage | Boolean | Indicates whether or not to block access to System in Settings app. |
settingsBlockDevicesPage | Boolean | Indicates whether or not to block access to Devices in Settings app. |
settingsBlockNetworkInternetPage | Boolean | Indicates whether or not to block access to Network & Internet in Settings app. |
settingsBlockPersonalizationPage | Boolean | Indicates whether or not to block access to Personalization in Settings app. |
settingsBlockAccountsPage | Boolean | Indicates whether or not to block access to Accounts in Settings app. |
settingsBlockTimeLanguagePage | Boolean | Indicates whether or not to block access to Time & Language in Settings app. |
settingsBlockEaseOfAccessPage | Boolean | Indicates whether or not to block access to Ease of Access in Settings app. |
settingsBlockPrivacyPage | Boolean | Indicates whether or not to block access to Privacy in Settings app. |
settingsBlockUpdateSecurityPage | Boolean | Indicates whether or not to block access to Update & Security in Settings app. |
settingsBlockAppsPage | Boolean | Indicates whether or not to block access to Apps in Settings app. |
settingsBlockGamingPage | Boolean | Indicates whether or not to block access to Gaming in Settings app. |
windowsSpotlightBlockConsumerSpecificFeatures | Boolean | Allows IT admins to block experiences that are typically for consumers only, such as Start suggestions, Membership notifications, Post-OOBE app install and redirect tiles. |
windowsSpotlightBlocked | Boolean | Allows IT admins to turn off all Windows Spotlight features |
windowsSpotlightBlockOnActionCenter | Boolean | Block suggestions from Microsoft that show after each OS clean install, upgrade or in an on-going basis to introduce users to what is new or changed |
windowsSpotlightBlockTailoredExperiences | Boolean | Block personalized content in Windows spotlight based on user’s device usage. |
windowsSpotlightBlockThirdPartyNotifications | Boolean | Block third party content delivered via Windows Spotlight |
windowsSpotlightBlockWelcomeExperience | Boolean | Block Windows Spotlight Windows welcome experience |
windowsSpotlightBlockWindowsTips | Boolean | Allows IT admins to turn off the popup of Windows Tips. |
windowsSpotlightConfigureOnLockScreen | windowsSpotlightEnablementSettings | Specifies the type of Spotlight. Possible values are: notConfigured , disabled , enabled . |
networkProxyApplySettingsDeviceWide | Boolean | If set, proxy settings will be applied to all processes and accounts in the device. Otherwise, it will be applied to the user account that’s enrolled into MDM. |
networkProxyDisableAutoDetect | Boolean | Disable automatic detection of settings. If enabled, the system will try to find the path to a proxy auto-config (PAC) script. |
networkProxyAutomaticConfigurationUrl | String | Address to the proxy auto-config (PAC) script you want to use. |
networkProxyServer | windows10NetworkProxyServer | Specifies manual proxy server settings. |
accountsBlockAddingNonMicrosoftAccountEmail | Boolean | Indicates whether or not to Block the user from adding email accounts to the device that are not associated with a Microsoft account. |
antiTheftModeBlocked | Boolean | Indicates whether or not to block the user from selecting an AntiTheft mode preference (Windows 10 Mobile only). |
bluetoothBlocked | Boolean | Whether or not to Block the user from using bluetooth. |
cameraBlocked | Boolean | Whether or not to Block the user from accessing the camera of the device. |
connectedDevicesServiceBlocked | Boolean | Whether or not to block Connected Devices Service which enables discovery and connection to other devices, remote messaging, remote app sessions and other cross-device experiences. |
certificatesBlockManualRootCertificateInstallation | Boolean | Whether or not to Block the user from doing manual root certificate installation. |
copyPasteBlocked | Boolean | Whether or not to Block the user from using copy paste. |
cortanaBlocked | Boolean | Whether or not to Block the user from using Cortana. |
deviceManagementBlockFactoryResetOnMobile | Boolean | Indicates whether or not to Block the user from resetting their phone. |
deviceManagementBlockManualUnenroll | Boolean | Indicates whether or not to Block the user from doing manual un-enrollment from device management. |
safeSearchFilter | safeSearchFilterType | Specifies what filter level of safe search is required. Possible values are: userDefined , strict , moderate . |
edgeBlockPopups | Boolean | Indicates whether or not to block popups. |
edgeBlockSearchSuggestions | Boolean | Indicates whether or not to block the user from using the search suggestions in the address bar. |
edgeBlockSendingIntranetTrafficToInternetExplorer | Boolean | Indicates whether or not to switch the intranet traffic from Edge to Internet Explorer. Note: the name of this property is misleading; the property is obsolete, use EdgeSendIntranetTrafficToInternetExplorer instead. |
edgeSendIntranetTrafficToInternetExplorer | Boolean | Indicates whether or not to switch the intranet traffic from Edge to Internet Explorer. |
edgeRequireSmartScreen | Boolean | Indicates whether or not to Require the user to use the smart screen filter. |
edgeEnterpriseModeSiteListLocation | String | Indicates the enterprise mode site list location. Could be a local file, local network or http location. |
edgeFirstRunUrl | String | The first run URL for when Edge browser is opened for the first time. |
edgeSearchEngine | edgeSearchEngineBase | Allows IT admins to set a default search engine for MDM-Controlled devices. Users can override this and change their default search engine provided the AllowSearchEngineCustomization policy is not set. |
edgeHomepageUrls | String collection | The list of URLs for homepages shodwn on MDM-enrolled devices on Edge browser. |
edgeBlockAccessToAboutFlags | Boolean | Indicates whether or not to prevent access to about flags on Edge browser. |
smartScreenBlockPromptOverride | Boolean | Indicates whether or not users can override SmartScreen Filter warnings about potentially malicious websites. |
smartScreenBlockPromptOverrideForFiles | Boolean | Indicates whether or not users can override the SmartScreen Filter warnings about downloading unverified files |
webRtcBlockLocalhostIpAddress | Boolean | Indicates whether or not user's localhost IP address is displayed while making phone calls using the WebRTC |
internetSharingBlocked | Boolean | Indicates whether or not to Block the user from using internet sharing. |
settingsBlockAddProvisioningPackage | Boolean | Indicates whether or not to block the user from installing provisioning packages. |
settingsBlockRemoveProvisioningPackage | Boolean | Indicates whether or not to block the runtime configuration agent from removing provisioning packages. |
settingsBlockChangeSystemTime | Boolean | Indicates whether or not to block the user from changing date and time settings. |
settingsBlockEditDeviceName | Boolean | Indicates whether or not to block the user from editing the device name. |
settingsBlockChangeRegion | Boolean | Indicates whether or not to block the user from changing the region settings. |
settingsBlockChangeLanguage | Boolean | Indicates whether or not to block the user from changing the language settings. |
settingsBlockChangePowerSleep | Boolean | Indicates whether or not to block the user from changing power and sleep settings. |
locationServicesBlocked | Boolean | Indicates whether or not to Block the user from location services. |
microsoftAccountBlocked | Boolean | Indicates whether or not to Block a Microsoft account. |
microsoftAccountBlockSettingsSync | Boolean | Indicates whether or not to Block Microsoft account settings sync. |
nfcBlocked | Boolean | Indicates whether or not to Block the user from using near field communication. |
resetProtectionModeBlocked | Boolean | Indicates whether or not to Block the user from reset protection mode. |
screenCaptureBlocked | Boolean | Indicates whether or not to Block the user from taking Screenshots. |
storageBlockRemovableStorage | Boolean | Indicates whether or not to Block the user from using removable storage. |
storageRequireMobileDeviceEncryption | Boolean | Indicating whether or not to require encryption on a mobile device. |
usbBlocked | Boolean | Indicates whether or not to Block the user from USB connection. |
voiceRecordingBlocked | Boolean | Indicates whether or not to Block the user from voice recording. |
wiFiBlockAutomaticConnectHotspots | Boolean | Indicating whether or not to block automatically connecting to Wi-Fi hotspots. Has no impact if Wi-Fi is blocked. |
wiFiBlocked | Boolean | Indicates whether or not to Block the user from using Wi-Fi. |
wiFiBlockManualConfiguration | Boolean | Indicates whether or not to Block the user from using Wi-Fi manual configuration. |
wiFiScanInterval | Int32 | Specify how often devices scan for Wi-Fi networks. Supported values are 1-500, where 100 = default, and 500 = low frequency. Valid values 1 to 500 |
wirelessDisplayBlockProjectionToThisDevice | Boolean | Indicates whether or not to allow other devices from discovering this PC for projection. |
wirelessDisplayBlockUserInputFromReceiver | Boolean | Indicates whether or not to allow user input from wireless display receiver. |
wirelessDisplayRequirePinForPairing | Boolean | Indicates whether or not to require a PIN for new devices to initiate pairing. |
windowsStoreBlocked | Boolean | Indicates whether or not to Block the user from using the Windows store. |
appsAllowTrustedAppsSideloading | stateManagementSetting | Indicates whether apps from AppX packages signed with a trusted certificate can be side loaded. Possible values are: notConfigured , blocked , allowed . |
windowsStoreBlockAutoUpdate | Boolean | Indicates whether or not to block automatic update of apps from Windows Store. |
developerUnlockSetting | stateManagementSetting | Indicates whether or not to allow developer unlock. Possible values are: notConfigured , blocked , allowed . |
sharedUserAppDataAllowed | Boolean | Indicates whether or not to block multiple users of the same app to share data. |
appsBlockWindowsStoreOriginatedApps | Boolean | Indicates whether or not to disable the launch of all apps from Windows Store that came pre-installed or were downloaded. |
windowsStoreEnablePrivateStoreOnly | Boolean | Indicates whether or not to enable Private Store Only. |
storageRestrictAppDataToSystemVolume | Boolean | Indicates whether application data is restricted to the system drive. |
storageRestrictAppInstallToSystemVolume | Boolean | Indicates whether the installation of applications is restricted to the system drive. |
gameDvrBlocked | Boolean | Indicates whether or not to block DVR and broadcasting. |
experienceBlockDeviceDiscovery | Boolean | Indicates whether or not to enable device discovery UX. |
experienceBlockErrorDialogWhenNoSIM | Boolean | Indicates whether or not to allow the error dialog from displaying if no SIM card is detected. |
experienceBlockTaskSwitcher | Boolean | Indicates whether or not to enable task switching on the device. |
logonBlockFastUserSwitching | Boolean | Disables the ability to quickly switch between users that are logged on simultaneously without logging off. |
tenantLockdownRequireNetworkDuringOutOfBoxExperience | Boolean | Whether the device is required to connect to the network. |
windows10ImportedPFXCertificateProfile
Property | Type | Description |
---|---|---|
id | String | Key of the entity. Inherited from deviceConfiguration |
lastModifiedDateTime | DateTimeOffset | DateTime the object was last modified. Inherited from deviceConfiguration |
roleScopeTagIds | String collection | List of Scope Tags for this Entity instance. Inherited from deviceConfiguration |
supportsScopeTags | Boolean | Indicates whether or not the underlying Device Configuration supports the assignment of scope tags. Assigning to the ScopeTags property is not allowed when this value is false and entities will not be visible to scoped users. This occurs for Legacy policies created in Silverlight and can be resolved by deleting and recreating the policy in the Azure Portal. This property is read-only. Inherited from deviceConfiguration |
deviceManagementApplicabilityRuleOsEdition | deviceManagementApplicabilityRuleOsEdition | The OS edition applicability for this Policy. Inherited from deviceConfiguration |
deviceManagementApplicabilityRuleOsVersion | deviceManagementApplicabilityRuleOsVersion | The OS version applicability rule for this Policy. Inherited from deviceConfiguration |
deviceManagementApplicabilityRuleDeviceMode | deviceManagementApplicabilityRuleDeviceMode | The device mode applicability rule for this Policy. Inherited from deviceConfiguration |
createdDateTime | DateTimeOffset | DateTime the object was created. Inherited from deviceConfiguration |
description | String | Admin provided description of the Device Configuration. Inherited from deviceConfiguration |
displayName | String | Admin provided name of the device configuration. Inherited from deviceConfiguration |
version | Int32 | Version of the device configuration. Inherited from deviceConfiguration |
renewalThresholdPercentage | Int32 | Certificate renewal threshold percentage. Valid values 1 to 99 Inherited from windowsCertificateProfileBase |
keyStorageProvider | keyStorageProviderOption | Key Storage Provider (KSP) Inherited from windowsCertificateProfileBase. Possible values are: useTpmKspOtherwiseUseSoftwareKsp , useTpmKspOtherwiseFail , usePassportForWorkKspOtherwiseFail , useSoftwareKsp . |
subjectNameFormat | subjectNameFormat | Certificate Subject Name Format Inherited from windowsCertificateProfileBase. Possible values are: commonName , commonNameIncludingEmail , commonNameAsEmail , custom , commonNameAsIMEI , commonNameAsSerialNumber , commonNameAsAadDeviceId , commonNameAsIntuneDeviceId , commonNameAsDurableDeviceId . |
subjectAlternativeNameType | subjectAlternativeNameType | Certificate Subject Alternative Name Type Inherited from windowsCertificateProfileBase. Possible values are: none , emailAddress , userPrincipalName , customAzureADAttribute , domainNameService , universalResourceIdentifier . |
certificateValidityPeriodValue | Int32 | Value for the Certificate Validity Period Inherited from windowsCertificateProfileBase |
certificateValidityPeriodScale | certificateValidityPeriodScale | Scale for the Certificate Validity Period Inherited from windowsCertificateProfileBase. Possible values are: days , months , years . |
intendedPurpose | intendedPurpose | Intended Purpose of the Certificate Profile - which could be Unassigned, SmimeEncryption, SmimeSigning etc. Possible values are: unassigned , smimeEncryption , smimeSigning , vpn , wifi . |
windows10MobileCompliancePolicy
Property | Type | Description |
---|---|---|
id | String | Key of the entity. Inherited from deviceCompliancePolicy |
createdDateTime | DateTimeOffset | DateTime the object was created. Inherited from deviceCompliancePolicy |
description | String | Admin provided description of the Device Configuration. Inherited from deviceCompliancePolicy |
lastModifiedDateTime | DateTimeOffset | DateTime the object was last modified. Inherited from deviceCompliancePolicy |
displayName | String | Admin provided name of the device configuration. Inherited from deviceCompliancePolicy |
version | Int32 | Version of the device configuration. Inherited from deviceCompliancePolicy |
passwordRequired | Boolean | Require a password to unlock Windows Phone device. |
passwordBlockSimple | Boolean | Whether or not to block syncing the calendar. |
passwordMinimumLength | Int32 | Minimum password length. Valid values 4 to 16 |
passwordMinimumCharacterSetCount | Int32 | The number of character sets required in the password. |
passwordRequiredType | requiredPasswordType | The required password type. Possible values are: deviceDefault , alphanumeric , numeric . |
passwordPreviousPasswordBlockCount | Int32 | The number of previous passwords to prevent re-use of. |
passwordExpirationDays | Int32 | Number of days before password expiration. Valid values 1 to 255 |
passwordMinutesOfInactivityBeforeLock | Int32 | Minutes of inactivity before a password is required. |
passwordRequireToUnlockFromIdle | Boolean | Require a password to unlock an idle device. |
osMinimumVersion | String | Minimum Windows Phone version. |
osMaximumVersion | String | Maximum Windows Phone version. |
earlyLaunchAntiMalwareDriverEnabled | Boolean | Require devices to be reported as healthy by Windows Device Health Attestation - early launch antimalware driver is enabled. |
bitLockerEnabled | Boolean | Require devices to be reported healthy by Windows Device Health Attestation - bit locker is enabled |
secureBootEnabled | Boolean | Require devices to be reported as healthy by Windows Device Health Attestation - secure boot is enabled. |
codeIntegrityEnabled | Boolean | Require devices to be reported as healthy by Windows Device Health Attestation. |
storageRequireEncryption | Boolean | Require encryption on windows devices. |
windows10NetworkBoundaryConfiguration
Property | Type | Description |
---|---|---|
id | String | Key of the entity. Inherited from deviceConfiguration |
lastModifiedDateTime | DateTimeOffset | DateTime the object was last modified. Inherited from deviceConfiguration |
roleScopeTagIds | String collection | List of Scope Tags for this Entity instance. Inherited from deviceConfiguration |
supportsScopeTags | Boolean | Indicates whether or not the underlying Device Configuration supports the assignment of scope tags. Assigning to the ScopeTags property is not allowed when this value is false and entities will not be visible to scoped users. This occurs for Legacy policies created in Silverlight and can be resolved by deleting and recreating the policy in the Azure Portal. This property is read-only. Inherited from deviceConfiguration |
deviceManagementApplicabilityRuleOsEdition | deviceManagementApplicabilityRuleOsEdition | The OS edition applicability for this Policy. Inherited from deviceConfiguration |
deviceManagementApplicabilityRuleOsVersion | deviceManagementApplicabilityRuleOsVersion | The OS version applicability rule for this Policy. Inherited from deviceConfiguration |
deviceManagementApplicabilityRuleDeviceMode | deviceManagementApplicabilityRuleDeviceMode | The device mode applicability rule for this Policy. Inherited from deviceConfiguration |
createdDateTime | DateTimeOffset | DateTime the object was created. Inherited from deviceConfiguration |
description | String | Admin provided description of the Device Configuration. Inherited from deviceConfiguration |
displayName | String | Admin provided name of the device configuration. Inherited from deviceConfiguration |
version | Int32 | Version of the device configuration. Inherited from deviceConfiguration |
windowsNetworkIsolationPolicy | windowsNetworkIsolationPolicy | Windows Network Isolation Policy |
windows10PFXImportCertificateProfile
Property | Type | Description |
---|---|---|
id | String | Key of the entity. Inherited from deviceConfiguration |
lastModifiedDateTime | DateTimeOffset | DateTime the object was last modified. Inherited from deviceConfiguration |
roleScopeTagIds | String collection | List of Scope Tags for this Entity instance. Inherited from deviceConfiguration |
supportsScopeTags | Boolean | Indicates whether or not the underlying Device Configuration supports the assignment of scope tags. Assigning to the ScopeTags property is not allowed when this value is false and entities will not be visible to scoped users. This occurs for Legacy policies created in Silverlight and can be resolved by deleting and recreating the policy in the Azure Portal. This property is read-only. Inherited from deviceConfiguration |
deviceManagementApplicabilityRuleOsEdition | deviceManagementApplicabilityRuleOsEdition | The OS edition applicability for this Policy. Inherited from deviceConfiguration |
deviceManagementApplicabilityRuleOsVersion | deviceManagementApplicabilityRuleOsVersion | The OS version applicability rule for this Policy. Inherited from deviceConfiguration |
deviceManagementApplicabilityRuleDeviceMode | deviceManagementApplicabilityRuleDeviceMode | The device mode applicability rule for this Policy. Inherited from deviceConfiguration |
createdDateTime | DateTimeOffset | DateTime the object was created. Inherited from deviceConfiguration |
description | String | Admin provided description of the Device Configuration. Inherited from deviceConfiguration |
displayName | String | Admin provided name of the device configuration. Inherited from deviceConfiguration |
version | Int32 | Version of the device configuration. Inherited from deviceConfiguration |
keyStorageProvider | keyStorageProviderOption | Not yet documented. Possible values are: useTpmKspOtherwiseUseSoftwareKsp , useTpmKspOtherwiseFail , usePassportForWorkKspOtherwiseFail , useSoftwareKsp . |
windows10PkcsCertificateProfile
Property | Type | Description |
---|---|---|
id | String | Key of the entity. Inherited from deviceConfiguration |
lastModifiedDateTime | DateTimeOffset | DateTime the object was last modified. Inherited from deviceConfiguration |
roleScopeTagIds | String collection | List of Scope Tags for this Entity instance. Inherited from deviceConfiguration |
supportsScopeTags | Boolean | Indicates whether or not the underlying Device Configuration supports the assignment of scope tags. Assigning to the ScopeTags property is not allowed when this value is false and entities will not be visible to scoped users. This occurs for Legacy policies created in Silverlight and can be resolved by deleting and recreating the policy in the Azure Portal. This property is read-only. Inherited from deviceConfiguration |
deviceManagementApplicabilityRuleOsEdition | deviceManagementApplicabilityRuleOsEdition | The OS edition applicability for this Policy. Inherited from deviceConfiguration |
deviceManagementApplicabilityRuleOsVersion | deviceManagementApplicabilityRuleOsVersion | The OS version applicability rule for this Policy. Inherited from deviceConfiguration |
deviceManagementApplicabilityRuleDeviceMode | deviceManagementApplicabilityRuleDeviceMode | The device mode applicability rule for this Policy. Inherited from deviceConfiguration |
createdDateTime | DateTimeOffset | DateTime the object was created. Inherited from deviceConfiguration |
description | String | Admin provided description of the Device Configuration. Inherited from deviceConfiguration |
displayName | String | Admin provided name of the device configuration. Inherited from deviceConfiguration |
version | Int32 | Version of the device configuration. Inherited from deviceConfiguration |
renewalThresholdPercentage | Int32 | Certificate renewal threshold percentage. Valid values 1 to 99 Inherited from windowsCertificateProfileBase |
keyStorageProvider | keyStorageProviderOption | Key Storage Provider (KSP) Inherited from windowsCertificateProfileBase. Possible values are: useTpmKspOtherwiseUseSoftwareKsp , useTpmKspOtherwiseFail , usePassportForWorkKspOtherwiseFail , useSoftwareKsp . |
subjectNameFormat | subjectNameFormat | Certificate Subject Name Format Inherited from windowsCertificateProfileBase. Possible values are: commonName , commonNameIncludingEmail , commonNameAsEmail , custom , commonNameAsIMEI , commonNameAsSerialNumber , commonNameAsAadDeviceId , commonNameAsIntuneDeviceId , commonNameAsDurableDeviceId . |
subjectAlternativeNameType | subjectAlternativeNameType | Certificate Subject Alternative Name Type Inherited from windowsCertificateProfileBase. Possible values are: none , emailAddress , userPrincipalName , customAzureADAttribute , domainNameService , universalResourceIdentifier . |
certificateValidityPeriodValue | Int32 | Value for the Certificate Validity Period Inherited from windowsCertificateProfileBase |
certificateValidityPeriodScale | certificateValidityPeriodScale | Scale for the Certificate Validity Period Inherited from windowsCertificateProfileBase. Possible values are: days , months , years . |
certificationAuthority | String | PKCS Certification Authority |
certificationAuthorityName | String | PKCS Certification Authority Name |
certificateTemplateName | String | PKCS Certificate Template Name |
subjectAlternativeNameFormatString | String | Custom String that defines the AAD Attribute. |
extendedKeyUsages | extendedKeyUsage collection | Extended Key Usage (EKU) settings. This collection can contain a maximum of 500 elements. |
subjectNameFormatString | String | Custom format to use with SubjectNameFormat = Custom. Example: CN={{EmailAddress}},E={{EmailAddress}},OU=Enterprise Users,O=Contoso Corporation,L=Redmond,ST=WA,C=US |
certificateStore | certificateStore | Target store certificate. Possible values are: user , machine . |
customSubjectAlternativeNames | customSubjectAlternativeName collection | Custom Subject Alternative Name Settings. This collection can contain a maximum of 500 elements. |
windows10SecureAssessmentConfiguration
Property | Type | Description |
---|---|---|
id | String | Key of the entity. Inherited from deviceConfiguration |
lastModifiedDateTime | DateTimeOffset | DateTime the object was last modified. Inherited from deviceConfiguration |
createdDateTime | DateTimeOffset | DateTime the object was created. Inherited from deviceConfiguration |
description | String | Admin provided description of the Device Configuration. Inherited from deviceConfiguration |
displayName | String | Admin provided name of the device configuration. Inherited from deviceConfiguration |
version | Int32 | Version of the device configuration. Inherited from deviceConfiguration |
launchUri | String | Url link to an assessment that's automatically loaded when the secure assessment browser is launched. It has to be a valid Url (http[s]://msdn.microsoft.com/). |
configurationAccount | String | The account used to configure the Windows device for taking the test. The user can be a domain account (domain\user), an AAD account ([email protected]) or a local account (username). |
allowPrinting | Boolean | Indicates whether or not to allow the app from printing during the test. |
allowScreenCapture | Boolean | Indicates whether or not to allow screen capture capability during a test. |
allowTextSuggestion | Boolean | Indicates whether or not to allow text suggestions during the test. |
windows10TeamGeneralConfiguration
Property | Type | Description |
---|---|---|
id | String | Key of the entity. Inherited from deviceConfiguration |
lastModifiedDateTime | DateTimeOffset | DateTime the object was last modified. Inherited from deviceConfiguration |
createdDateTime | DateTimeOffset | DateTime the object was created. Inherited from deviceConfiguration |
description | String | Admin provided description of the Device Configuration. Inherited from deviceConfiguration |
displayName | String | Admin provided name of the device configuration. Inherited from deviceConfiguration |
version | Int32 | Version of the device configuration. Inherited from deviceConfiguration |
azureOperationalInsightsBlockTelemetry | Boolean | Indicates whether or not to Block Azure Operational Insights. |
azureOperationalInsightsWorkspaceId | String | The Azure Operational Insights workspace id. |
azureOperationalInsightsWorkspaceKey | String | The Azure Operational Insights Workspace key. |
connectAppBlockAutoLaunch | Boolean | Specifies whether to automatically launch the Connect app whenever a projection is initiated. |
maintenanceWindowBlocked | Boolean | Indicates whether or not to Block setting a maintenance window for device updates. |
maintenanceWindowDurationInHours | Int32 | Maintenance window duration for device updates. Valid values 0 to 5 |
maintenanceWindowStartTime | TimeOfDay | Maintenance window start time for device updates. |
miracastChannel | miracastChannel | The channel. Possible values are: userDefined , one , two , three , four , five , six , seven , eight , nine , ten , eleven , thirtySix , forty , fortyFour , fortyEight , oneHundredFortyNine , oneHundredFiftyThree , oneHundredFiftySeven , oneHundredSixtyOne , oneHundredSixtyFive . |
miracastBlocked | Boolean | Indicates whether or not to Block wireless projection. |
miracastRequirePin | Boolean | Indicates whether or not to require a pin for wireless projection. |
settingsBlockMyMeetingsAndFiles | Boolean | Specifies whether to disable the "My meetings and files" feature in the Start menu, which shows the signed-in user's meetings and files from Office 365. |
settingsBlockSessionResume | Boolean | Specifies whether to allow the ability to resume a session when the session times out. |
settingsBlockSigninSuggestions | Boolean | Specifies whether to disable auto-populating of the sign-in dialog with invitees from scheduled meetings. |
settingsDefaultVolume | Int32 | Specifies the default volume value for a new session. Permitted values are 0-100. The default is 45. Valid values 0 to 100 |
settingsScreenTimeoutInMinutes | Int32 | Specifies the number of minutes until the Hub screen turns off. |
settingsSessionTimeoutInMinutes | Int32 | Specifies the number of minutes until the session times out. |
settingsSleepTimeoutInMinutes | Int32 | Specifies the number of minutes until the Hub enters sleep mode. |
welcomeScreenBlockAutomaticWakeUp | Boolean | Indicates whether or not to Block the welcome screen from waking up automatically when someone enters the room. |
welcomeScreenBackgroundImageUrl | String | The welcome screen background image URL. The URL must use the HTTPS protocol and return a PNG image. |
welcomeScreenMeetingInformation | welcomeScreenMeetingInformation | The welcome screen meeting information shown. Possible values are: userDefined , showOrganizerAndTimeOnly , showOrganizerAndTimeAndSubject . |
windows10VpnConfiguration
Property | Type | Description |
---|---|---|
id | String | Key of the entity. Inherited from deviceConfiguration |
lastModifiedDateTime | DateTimeOffset | DateTime the object was last modified. Inherited from deviceConfiguration |
roleScopeTagIds | String collection | List of Scope Tags for this Entity instance. Inherited from deviceConfiguration |
supportsScopeTags | Boolean | Indicates whether or not the underlying Device Configuration supports the assignment of scope tags. Assigning to the ScopeTags property is not allowed when this value is false and entities will not be visible to scoped users. This occurs for Legacy policies created in Silverlight and can be resolved by deleting and recreating the policy in the Azure Portal. This property is read-only. Inherited from deviceConfiguration |
deviceManagementApplicabilityRuleOsEdition | deviceManagementApplicabilityRuleOsEdition | The OS edition applicability for this Policy. Inherited from deviceConfiguration |
deviceManagementApplicabilityRuleOsVersion | deviceManagementApplicabilityRuleOsVersion | The OS version applicability rule for this Policy. Inherited from deviceConfiguration |
deviceManagementApplicabilityRuleDeviceMode | deviceManagementApplicabilityRuleDeviceMode | The device mode applicability rule for this Policy. Inherited from deviceConfiguration |
createdDateTime | DateTimeOffset | DateTime the object was created. Inherited from deviceConfiguration |
description | String | Admin provided description of the Device Configuration. Inherited from deviceConfiguration |
displayName | String | Admin provided name of the device configuration. Inherited from deviceConfiguration |
version | Int32 | Version of the device configuration. Inherited from deviceConfiguration |
connectionName | String | Connection name displayed to the user. Inherited from windowsVpnConfiguration |
servers | vpnServer collection | List of VPN Servers on the network. Make sure end users can access these network locations. This collection can contain a maximum of 500 elements. Inherited from windowsVpnConfiguration |
customXml | Binary | Custom XML commands that configures the VPN connection. (UTF8 encoded byte array) Inherited from windowsVpnConfiguration |
profileTarget | windows10VpnProfileTarget | Profile target type. Possible values are: user , device , autoPilotDevice . |
connectionType | windows10VpnConnectionType | Connection type. Possible values are: pulseSecure , f5EdgeClient , dellSonicWallMobileConnect , checkPointCapsuleVpn , automatic , ikEv2 , l2tp , pptp , citrix , paloAltoGlobalProtect , ciscoAnyConnect , unknownFutureValue , microsoftTunnel . |
enableSplitTunneling | Boolean | Enable split tunneling. |
enableAlwaysOn | Boolean | Enable Always On mode. |
enableDeviceTunnel | Boolean | Enable device tunnel. |
enableDnsRegistration | Boolean | Enable IP address registration with internal DNS. |
dnsSuffixes | String collection | Specify DNS suffixes to add to the DNS search list to properly route short names. |
microsoftTunnelSiteId | String | ID of the Microsoft Tunnel site associated with the VPN profile. |
authenticationMethod | windows10VpnAuthenticationMethod | Authentication method. Possible values are: certificate , usernameAndPassword , customEapXml , derivedCredential . |
rememberUserCredentials | Boolean | Remember user credentials. |
enableConditionalAccess | Boolean | Enable conditional access. |
enableSingleSignOnWithAlternateCertificate | Boolean | Enable single sign-on (SSO) with alternate certificate. |
singleSignOnEku | extendedKeyUsage | Single sign-on Extended Key Usage (EKU). |
singleSignOnIssuerHash | String | Single sign-on issuer hash. |
eapXml | Binary | Extensible Authentication Protocol (EAP) XML. (UTF8 encoded byte array) |
proxyServer | windows10VpnProxyServer | Proxy Server. |
associatedApps | windows10AssociatedApps collection | Associated Apps. This collection can contain a maximum of 10000 elements. |
onlyAssociatedAppsCanUseConnection | Boolean | Only associated Apps can use connection (per-app VPN). |
windowsInformationProtectionDomain | String | Windows Information Protection (WIP) domain to associate with this connection. |
trafficRules | vpnTrafficRule collection | Traffic rules. This collection can contain a maximum of 1000 elements. |
routes | vpnRoute collection | Routes (optional for third-party providers). This collection can contain a maximum of 1000 elements. |
dnsRules | vpnDnsRule collection | DNS rules. This collection can contain a maximum of 1000 elements. |
trustedNetworkDomains | String collection | Trusted Network Domains |
cryptographySuite | cryptographySuite | Cryptography Suite security settings for IKEv2 VPN in Windows10 and above |
windows81CertificateProfileBase
Property | Type | Description |
---|---|---|
id | String | Key of the entity. Inherited from deviceConfiguration |
lastModifiedDateTime | DateTimeOffset | DateTime the object was last modified. Inherited from deviceConfiguration |
roleScopeTagIds | String collection | List of Scope Tags for this Entity instance. Inherited from deviceConfiguration |
supportsScopeTags | Boolean | Indicates whether or not the underlying Device Configuration supports the assignment of scope tags. Assigning to the ScopeTags property is not allowed when this value is false and entities will not be visible to scoped users. This occurs for Legacy policies created in Silverlight and can be resolved by deleting and recreating the policy in the Azure Portal. This property is read-only. Inherited from deviceConfiguration |
deviceManagementApplicabilityRuleOsEdition | deviceManagementApplicabilityRuleOsEdition | The OS edition applicability for this Policy. Inherited from deviceConfiguration |
deviceManagementApplicabilityRuleOsVersion | deviceManagementApplicabilityRuleOsVersion | The OS version applicability rule for this Policy. Inherited from deviceConfiguration |
deviceManagementApplicabilityRuleDeviceMode | deviceManagementApplicabilityRuleDeviceMode | The device mode applicability rule for this Policy. Inherited from deviceConfiguration |
createdDateTime | DateTimeOffset | DateTime the object was created. Inherited from deviceConfiguration |
description | String | Admin provided description of the Device Configuration. Inherited from deviceConfiguration |
displayName | String | Admin provided name of the device configuration. Inherited from deviceConfiguration |
version | Int32 | Version of the device configuration. Inherited from deviceConfiguration |
renewalThresholdPercentage | Int32 | Certificate renewal threshold percentage. Valid values 1 to 99 Inherited from windowsCertificateProfileBase |
keyStorageProvider | keyStorageProviderOption | Key Storage Provider (KSP) Inherited from windowsCertificateProfileBase. Possible values are: useTpmKspOtherwiseUseSoftwareKsp , useTpmKspOtherwiseFail , usePassportForWorkKspOtherwiseFail , useSoftwareKsp . |
subjectNameFormat | subjectNameFormat | Certificate Subject Name Format Inherited from windowsCertificateProfileBase. Possible values are: commonName , commonNameIncludingEmail , commonNameAsEmail , custom , commonNameAsIMEI , commonNameAsSerialNumber , commonNameAsAadDeviceId , commonNameAsIntuneDeviceId , commonNameAsDurableDeviceId . |
subjectAlternativeNameType | subjectAlternativeNameType | Certificate Subject Alternative Name Type Inherited from windowsCertificateProfileBase. Possible values are: none , emailAddress , userPrincipalName , customAzureADAttribute , domainNameService , universalResourceIdentifier . |
certificateValidityPeriodValue | Int32 | Value for the Certificate Validity Period Inherited from windowsCertificateProfileBase |
certificateValidityPeriodScale | certificateValidityPeriodScale | Scale for the Certificate Validity Period Inherited from windowsCertificateProfileBase. Possible values are: days , months , years . |
extendedKeyUsages | extendedKeyUsage collection | Extended Key Usage (EKU) settings. This collection can contain a maximum of 500 elements. |
customSubjectAlternativeNames | customSubjectAlternativeName collection | Custom Subject Alternative Name Settings. This collection can contain a maximum of 500 elements. |
windows81CompliancePolicy
Property | Type | Description |
---|---|---|
id | String | Key of the entity. Inherited from deviceCompliancePolicy |
createdDateTime | DateTimeOffset | DateTime the object was created. Inherited from deviceCompliancePolicy |
description | String | Admin provided description of the Device Configuration. Inherited from deviceCompliancePolicy |
lastModifiedDateTime | DateTimeOffset | DateTime the object was last modified. Inherited from deviceCompliancePolicy |
displayName | String | Admin provided name of the device configuration. Inherited from deviceCompliancePolicy |
version | Int32 | Version of the device configuration. Inherited from deviceCompliancePolicy |
passwordRequired | Boolean | Require a password to unlock Windows device. |
passwordBlockSimple | Boolean | Indicates whether or not to block simple password. |
passwordExpirationDays | Int32 | Password expiration in days. |
passwordMinimumLength | Int32 | The minimum password length. |
passwordMinutesOfInactivityBeforeLock | Int32 | Minutes of inactivity before a password is required. |
passwordMinimumCharacterSetCount | Int32 | The number of character sets required in the password. |
passwordRequiredType | requiredPasswordType | The required password type. Possible values are: deviceDefault , alphanumeric , numeric . |
passwordPreviousPasswordBlockCount | Int32 | The number of previous passwords to prevent re-use of. Valid values 0 to 24 |
osMinimumVersion | String | Minimum Windows 8.1 version. |
osMaximumVersion | String | Maximum Windows 8.1 version. |
storageRequireEncryption | Boolean | Indicates whether or not to require encryption on a windows 8.1 device. |
windows81GeneralConfiguration
Property | Type | Description |
---|---|---|
id | String | Key of the entity. Inherited from deviceConfiguration |
lastModifiedDateTime | DateTimeOffset | DateTime the object was last modified. Inherited from deviceConfiguration |
createdDateTime | DateTimeOffset | DateTime the object was created. Inherited from deviceConfiguration |
description | String | Admin provided description of the Device Configuration. Inherited from deviceConfiguration |
displayName | String | Admin provided name of the device configuration. Inherited from deviceConfiguration |
version | Int32 | Version of the device configuration. Inherited from deviceConfiguration |
accountsBlockAddingNonMicrosoftAccountEmail | Boolean | Indicates whether or not to Block the user from adding email accounts to the device that are not associated with a Microsoft account. |
applyOnlyToWindows81 | Boolean | Value indicating whether this policy only applies to Windows 8.1. This property is read-only. |
browserBlockAutofill | Boolean | Indicates whether or not to block auto fill. |
browserBlockAutomaticDetectionOfIntranetSites | Boolean | Indicates whether or not to block automatic detection of Intranet sites. |
browserBlockEnterpriseModeAccess | Boolean | Indicates whether or not to block enterprise mode access. |
browserBlockJavaScript | Boolean | Indicates whether or not to Block the user from using JavaScript. |
browserBlockPlugins | Boolean | Indicates whether or not to block plug-ins. |
browserBlockPopups | Boolean | Indicates whether or not to block popups. |
browserBlockSendingDoNotTrackHeader | Boolean | Indicates whether or not to Block the user from sending the do not track header. |
browserBlockSingleWordEntryOnIntranetSites | Boolean | Indicates whether or not to block a single word entry on Intranet sites. |
browserRequireSmartScreen | Boolean | Indicates whether or not to require the user to use the smart screen filter. |
browserEnterpriseModeSiteListLocation | String | The enterprise mode site list location. Could be a local file, local network or http location. |
browserInternetSecurityLevel | internetSiteSecurityLevel | The internet security level. Possible values are: userDefined , medium , mediumHigh , high . |
browserIntranetSecurityLevel | siteSecurityLevel | The Intranet security level. Possible values are: userDefined , low , mediumLow , medium , mediumHigh , high . |
browserLoggingReportLocation | String | The logging report location. |
browserRequireHighSecurityForRestrictedSites | Boolean | Indicates whether or not to require high security for restricted sites. |
browserRequireFirewall | Boolean | Indicates whether or not to require a firewall. |
browserRequireFraudWarning | Boolean | Indicates whether or not to require fraud warning. |
browserTrustedSitesSecurityLevel | siteSecurityLevel | The trusted sites security level. Possible values are: userDefined , low , mediumLow , medium , mediumHigh , high . |
cellularBlockDataRoaming | Boolean | Indicates whether or not to block data roaming. |
diagnosticsBlockDataSubmission | Boolean | Indicates whether or not to block diagnostic data submission. |
passwordBlockPicturePasswordAndPin | Boolean | Indicates whether or not to Block the user from using a pictures password and pin. |
passwordExpirationDays | Int32 | Password expiration in days. |
passwordMinimumLength | Int32 | The minimum password length. |
passwordMinutesOfInactivityBeforeScreenTimeout | Int32 | The minutes of inactivity before the screen times out. |
passwordMinimumCharacterSetCount | Int32 | The number of character sets required in the password. |
passwordPreviousPasswordBlockCount | Int32 | The number of previous passwords to prevent re-use of. Valid values 0 to 24 |
passwordRequiredType | requiredPasswordType | The required password type. Possible values are: deviceDefault , alphanumeric , numeric . |
passwordSignInFailureCountBeforeFactoryReset | Int32 | The number of sign in failures before factory reset. |
storageRequireDeviceEncryption | Boolean | Indicates whether or not to require encryption on a mobile device. |
updatesRequireAutomaticUpdates | Boolean | Indicates whether or not to require automatic updates. |
userAccountControlSettings | windowsUserAccountControlSettings | The user account control settings. Possible values are: userDefined , alwaysNotify , notifyOnAppChanges , notifyOnAppChangesWithoutDimming , neverNotify . |
workFoldersUrl | String | The work folders url. |
windows81SCEPCertificateProfile
Property | Type | Description |
---|---|---|
id | String | Key of the entity. Inherited from deviceConfiguration |
lastModifiedDateTime | DateTimeOffset | DateTime the object was last modified. Inherited from deviceConfiguration |
roleScopeTagIds | String collection | List of Scope Tags for this Entity instance. Inherited from deviceConfiguration |
supportsScopeTags | Boolean | Indicates whether or not the underlying Device Configuration supports the assignment of scope tags. Assigning to the ScopeTags property is not allowed when this value is false and entities will not be visible to scoped users. This occurs for Legacy policies created in Silverlight and can be resolved by deleting and recreating the policy in the Azure Portal. This property is read-only. Inherited from deviceConfiguration |
deviceManagementApplicabilityRuleOsEdition | deviceManagementApplicabilityRuleOsEdition | The OS edition applicability for this Policy. Inherited from deviceConfiguration |
deviceManagementApplicabilityRuleOsVersion | deviceManagementApplicabilityRuleOsVersion | The OS version applicability rule for this Policy. Inherited from deviceConfiguration |
deviceManagementApplicabilityRuleDeviceMode | deviceManagementApplicabilityRuleDeviceMode | The device mode applicability rule for this Policy. Inherited from deviceConfiguration |
createdDateTime | DateTimeOffset | DateTime the object was created. Inherited from deviceConfiguration |
description | String | Admin provided description of the Device Configuration. Inherited from deviceConfiguration |
displayName | String | Admin provided name of the device configuration. Inherited from deviceConfiguration |
version | Int32 | Version of the device configuration. Inherited from deviceConfiguration |
renewalThresholdPercentage | Int32 | Certificate renewal threshold percentage. Valid values 1 to 99 Inherited from windowsCertificateProfileBase |
keyStorageProvider | keyStorageProviderOption | Key Storage Provider (KSP) Inherited from windowsCertificateProfileBase. Possible values are: useTpmKspOtherwiseUseSoftwareKsp , useTpmKspOtherwiseFail , usePassportForWorkKspOtherwiseFail , useSoftwareKsp . |
subjectNameFormat | subjectNameFormat | Certificate Subject Name Format Inherited from windowsCertificateProfileBase. Possible values are: commonName , commonNameIncludingEmail , commonNameAsEmail , custom , commonNameAsIMEI , commonNameAsSerialNumber , commonNameAsAadDeviceId , commonNameAsIntuneDeviceId , commonNameAsDurableDeviceId . |
subjectAlternativeNameType | subjectAlternativeNameType | Certificate Subject Alternative Name Type Inherited from windowsCertificateProfileBase. Possible values are: none , emailAddress , userPrincipalName , customAzureADAttribute , domainNameService , universalResourceIdentifier . |
certificateValidityPeriodValue | Int32 | Value for the Certificate Validity Period Inherited from windowsCertificateProfileBase |
certificateValidityPeriodScale | certificateValidityPeriodScale | Scale for the Certificate Validity Period Inherited from windowsCertificateProfileBase. Possible values are: days , months , years . |
extendedKeyUsages | extendedKeyUsage collection | Extended Key Usage (EKU) settings. This collection can contain a maximum of 500 elements. Inherited from windows81CertificateProfileBase |
customSubjectAlternativeNames | customSubjectAlternativeName collection | Custom Subject Alternative Name Settings. This collection can contain a maximum of 500 elements. Inherited from windows81CertificateProfileBase |
scepServerUrls | String collection | SCEP Server Url(s). |
subjectNameFormatString | String | Custom format to use with SubjectNameFormat = Custom. Example: CN={{EmailAddress}},E={{EmailAddress}},OU=Enterprise Users,O=Contoso Corporation,L=Redmond,ST=WA,C=US |
keyUsage | keyUsages | SCEP Key Usage. Possible values are: keyEncipherment , digitalSignature . |
keySize | keySize | SCEP Key Size. Possible values are: size1024 , size2048 , size4096 . |
hashAlgorithm | hashAlgorithms | SCEP Hash Algorithm. Possible values are: sha1 , sha2 . |
subjectAlternativeNameFormatString | String | Custom String that defines the AAD Attribute. |
certificateStore | certificateStore | Target store certificate. Possible values are: user , machine . |
windows81TrustedRootCertificate
Property | Type | Description |
---|---|---|
id | String | Key of the entity. Inherited from deviceConfiguration |
lastModifiedDateTime | DateTimeOffset | DateTime the object was last modified. Inherited from deviceConfiguration |
roleScopeTagIds | String collection | List of Scope Tags for this Entity instance. Inherited from deviceConfiguration |
supportsScopeTags | Boolean | Indicates whether or not the underlying Device Configuration supports the assignment of scope tags. Assigning to the ScopeTags property is not allowed when this value is false and entities will not be visible to scoped users. This occurs for Legacy policies created in Silverlight and can be resolved by deleting and recreating the policy in the Azure Portal. This property is read-only. Inherited from deviceConfiguration |
deviceManagementApplicabilityRuleOsEdition | deviceManagementApplicabilityRuleOsEdition | The OS edition applicability for this Policy. Inherited from deviceConfiguration |
deviceManagementApplicabilityRuleOsVersion | deviceManagementApplicabilityRuleOsVersion | The OS version applicability rule for this Policy. Inherited from deviceConfiguration |
deviceManagementApplicabilityRuleDeviceMode | deviceManagementApplicabilityRuleDeviceMode | The device mode applicability rule for this Policy. Inherited from deviceConfiguration |
createdDateTime | DateTimeOffset | DateTime the object was created. Inherited from deviceConfiguration |
description | String | Admin provided description of the Device Configuration. Inherited from deviceConfiguration |
displayName | String | Admin provided name of the device configuration. Inherited from deviceConfiguration |
version | Int32 | Version of the device configuration. Inherited from deviceConfiguration |
trustedRootCertificate | Binary | Trusted Root Certificate |
certFileName | String | File name to display in UI. |
destinationStore | certificateDestinationStore | Destination store location for the Trusted Root Certificate. Possible values are: computerCertStoreRoot , computerCertStoreIntermediate , userCertStoreIntermediate . |
windows81VpnConfiguration
Property | Type | Description |
---|---|---|
id | String | Key of the entity. Inherited from deviceConfiguration |
lastModifiedDateTime | DateTimeOffset | DateTime the object was last modified. Inherited from deviceConfiguration |
roleScopeTagIds | String collection | List of Scope Tags for this Entity instance. Inherited from deviceConfiguration |
supportsScopeTags | Boolean | Indicates whether or not the underlying Device Configuration supports the assignment of scope tags. Assigning to the ScopeTags property is not allowed when this value is false and entities will not be visible to scoped users. This occurs for Legacy policies created in Silverlight and can be resolved by deleting and recreating the policy in the Azure Portal. This property is read-only. Inherited from deviceConfiguration |
deviceManagementApplicabilityRuleOsEdition | deviceManagementApplicabilityRuleOsEdition | The OS edition applicability for this Policy. Inherited from deviceConfiguration |
deviceManagementApplicabilityRuleOsVersion | deviceManagementApplicabilityRuleOsVersion | The OS version applicability rule for this Policy. Inherited from deviceConfiguration |
deviceManagementApplicabilityRuleDeviceMode | deviceManagementApplicabilityRuleDeviceMode | The device mode applicability rule for this Policy. Inherited from deviceConfiguration |
createdDateTime | DateTimeOffset | DateTime the object was created. Inherited from deviceConfiguration |
description | String | Admin provided description of the Device Configuration. Inherited from deviceConfiguration |
displayName | String | Admin provided name of the device configuration. Inherited from deviceConfiguration |
version | Int32 | Version of the device configuration. Inherited from deviceConfiguration |
connectionName | String | Connection name displayed to the user. Inherited from windowsVpnConfiguration |
servers | vpnServer collection | List of VPN Servers on the network. Make sure end users can access these network locations. This collection can contain a maximum of 500 elements. Inherited from windowsVpnConfiguration |
customXml | Binary | Custom XML commands that configures the VPN connection. (UTF8 encoded byte array) Inherited from windowsVpnConfiguration |
applyOnlyToWindows81 | Boolean | Value indicating whether this policy only applies to Windows 8.1. This property is read-only. |
connectionType | windowsVpnConnectionType | Connection type. Possible values are: pulseSecure , f5EdgeClient , dellSonicWallMobileConnect , checkPointCapsuleVpn . |
loginGroupOrDomain | String | Login group or domain when connection type is set to Dell SonicWALL Mobile Connection. |
enableSplitTunneling | Boolean | Enable split tunneling for the VPN. |
proxyServer | windows81VpnProxyServer | Proxy Server. |
windows81WifiImportConfiguration
Property | Type | Description |
---|---|---|
id | String | Key of the entity. Inherited from deviceConfiguration |
lastModifiedDateTime | DateTimeOffset | DateTime the object was last modified. Inherited from deviceConfiguration |
roleScopeTagIds | String collection | List of Scope Tags for this Entity instance. Inherited from deviceConfiguration |
supportsScopeTags | Boolean | Indicates whether or not the underlying Device Configuration supports the assignment of scope tags. Assigning to the ScopeTags property is not allowed when this value is false and entities will not be visible to scoped users. This occurs for Legacy policies created in Silverlight and can be resolved by deleting and recreating the policy in the Azure Portal. This property is read-only. Inherited from deviceConfiguration |
deviceManagementApplicabilityRuleOsEdition | deviceManagementApplicabilityRuleOsEdition | The OS edition applicability for this Policy. Inherited from deviceConfiguration |
deviceManagementApplicabilityRuleOsVersion | deviceManagementApplicabilityRuleOsVersion | The OS version applicability rule for this Policy. Inherited from deviceConfiguration |
deviceManagementApplicabilityRuleDeviceMode | deviceManagementApplicabilityRuleDeviceMode | The device mode applicability rule for this Policy. Inherited from deviceConfiguration |
createdDateTime | DateTimeOffset | DateTime the object was created. Inherited from deviceConfiguration |
description | String | Admin provided description of the Device Configuration. Inherited from deviceConfiguration |
displayName | String | Admin provided name of the device configuration. Inherited from deviceConfiguration |
version | Int32 | Version of the device configuration. Inherited from deviceConfiguration |
payloadFileName | String | Payload file name (*.xml). |
profileName | String | Profile name displayed in the UI. |
payload | Binary | Payload. (UTF8 encoded byte array). This is the XML file saved on the device you used to connect to the Wi-Fi endpoint. |
windowsCertificateProfileBase
Property | Type | Description |
---|---|---|
id | String | Key of the entity. Inherited from deviceConfiguration |
lastModifiedDateTime | DateTimeOffset | DateTime the object was last modified. Inherited from deviceConfiguration |
roleScopeTagIds | String collection | List of Scope Tags for this Entity instance. Inherited from deviceConfiguration |
supportsScopeTags | Boolean | Indicates whether or not the underlying Device Configuration supports the assignment of scope tags. Assigning to the ScopeTags property is not allowed when this value is false and entities will not be visible to scoped users. This occurs for Legacy policies created in Silverlight and can be resolved by deleting and recreating the policy in the Azure Portal. This property is read-only. Inherited from deviceConfiguration |
deviceManagementApplicabilityRuleOsEdition | deviceManagementApplicabilityRuleOsEdition | The OS edition applicability for this Policy. Inherited from deviceConfiguration |
deviceManagementApplicabilityRuleOsVersion | deviceManagementApplicabilityRuleOsVersion | The OS version applicability rule for this Policy. Inherited from deviceConfiguration |
deviceManagementApplicabilityRuleDeviceMode | deviceManagementApplicabilityRuleDeviceMode | The device mode applicability rule for this Policy. Inherited from deviceConfiguration |
createdDateTime | DateTimeOffset | DateTime the object was created. Inherited from deviceConfiguration |
description | String | Admin provided description of the Device Configuration. Inherited from deviceConfiguration |
displayName | String | Admin provided name of the device configuration. Inherited from deviceConfiguration |
version | Int32 | Version of the device configuration. Inherited from deviceConfiguration |
renewalThresholdPercentage | Int32 | Certificate renewal threshold percentage. Valid values 1 to 99 |
keyStorageProvider | keyStorageProviderOption | Key Storage Provider (KSP). Possible values are: useTpmKspOtherwiseUseSoftwareKsp , useTpmKspOtherwiseFail , usePassportForWorkKspOtherwiseFail , useSoftwareKsp . |
subjectNameFormat | subjectNameFormat | Certificate Subject Name Format. Possible values are: commonName , commonNameIncludingEmail , commonNameAsEmail , custom , commonNameAsIMEI , commonNameAsSerialNumber , commonNameAsAadDeviceId , commonNameAsIntuneDeviceId , commonNameAsDurableDeviceId . |
subjectAlternativeNameType | subjectAlternativeNameType | Certificate Subject Alternative Name Type. Possible values are: none , emailAddress , userPrincipalName , customAzureADAttribute , domainNameService , universalResourceIdentifier . |
certificateValidityPeriodValue | Int32 | Value for the Certificate Validity Period |
certificateValidityPeriodScale | certificateValidityPeriodScale | Scale for the Certificate Validity Period. Possible values are: days , months , years . |
windowsDefenderAdvancedThreatProtectionConfiguration
Property | Type | Description |
---|---|---|
id | String | Key of the entity. Inherited from deviceConfiguration |
lastModifiedDateTime | DateTimeOffset | DateTime the object was last modified. Inherited from deviceConfiguration |
createdDateTime | DateTimeOffset | DateTime the object was created. Inherited from deviceConfiguration |
description | String | Admin provided description of the Device Configuration. Inherited from deviceConfiguration |
displayName | String | Admin provided name of the device configuration. Inherited from deviceConfiguration |
version | Int32 | Version of the device configuration. Inherited from deviceConfiguration |
allowSampleSharing | Boolean | Windows Defender AdvancedThreatProtection "Allow Sample Sharing" Rule |
enableExpeditedTelemetryReporting | Boolean | Expedite Windows Defender Advanced Threat Protection telemetry reporting frequency. |
windowsDeliveryOptimizationConfiguration
Property | Type | Description |
---|---|---|
id | String | Key of the entity. Inherited from deviceConfiguration |
lastModifiedDateTime | DateTimeOffset | DateTime the object was last modified. Inherited from deviceConfiguration |
roleScopeTagIds | String collection | List of Scope Tags for this Entity instance. Inherited from deviceConfiguration |
supportsScopeTags | Boolean | Indicates whether or not the underlying Device Configuration supports the assignment of scope tags. Assigning to the ScopeTags property is not allowed when this value is false and entities will not be visible to scoped users. This occurs for Legacy policies created in Silverlight and can be resolved by deleting and recreating the policy in the Azure Portal. This property is read-only. Inherited from deviceConfiguration |
deviceManagementApplicabilityRuleOsEdition | deviceManagementApplicabilityRuleOsEdition | The OS edition applicability for this Policy. Inherited from deviceConfiguration |
deviceManagementApplicabilityRuleOsVersion | deviceManagementApplicabilityRuleOsVersion | The OS version applicability rule for this Policy. Inherited from deviceConfiguration |
deviceManagementApplicabilityRuleDeviceMode | deviceManagementApplicabilityRuleDeviceMode | The device mode applicability rule for this Policy. Inherited from deviceConfiguration |
createdDateTime | DateTimeOffset | DateTime the object was created. Inherited from deviceConfiguration |
description | String | Admin provided description of the Device Configuration. Inherited from deviceConfiguration |
displayName | String | Admin provided name of the device configuration. Inherited from deviceConfiguration |
version | Int32 | Version of the device configuration. Inherited from deviceConfiguration |
deliveryOptimizationMode | windowsDeliveryOptimizationMode | Specifies the download method that delivery optimization can use to manage network bandwidth consumption for large content distribution scenarios. Possible values are: userDefined , httpOnly , httpWithPeeringNat , httpWithPeeringPrivateGroup , httpWithInternetPeering , simpleDownload , bypassMode . |
restrictPeerSelectionBy | deliveryOptimizationRestrictPeerSelectionByOptions | Specifies to restrict peer selection via selected option. |
Option 1 (Subnet mask) only applies to Delivery Optimization modes Download Mode LAN (1) and Group (2). Possible values are: notConfigured , subnetMask . |
||
groupIdSource | deliveryOptimizationGroupIdSource | Specifies to restrict peer selection to a specfic source. |
The options set in this policy only apply to Delivery Optimization mode Group (2) download mode. If Group (2) isn't set as Download mode, this policy will be ignored. For option 3 - DHCP Option ID, the client will query DHCP Option ID 234 and use the returned GUID value as the Group ID. | ||
bandwidthMode | deliveryOptimizationBandwidth | Specifies foreground and background bandwidth usage using percentages, absolutes, or hours. |
backgroundDownloadFromHttpDelayInSeconds | Int64 | Specifies number of seconds to delay an HTTP source in a background download that is allowed to use peer-to-peer. Valid values 0 to 4294967295 |
foregroundDownloadFromHttpDelayInSeconds | Int64 | Specifies number of seconds to delay an HTTP source in a foreground download that is allowed to use peer-to-peer (0-86400). Valid values 0 to 86400 |
Specifying 0 sets Delivery Optimization to manage this setting using the cloud service. Valid values 0 to 86400 | ||
minimumRamAllowedToPeerInGigabytes | Int32 | Specifies the minimum RAM size in GB to use Peer Caching (1-100000). Valid values 1 to 100000 |
minimumDiskSizeAllowedToPeerInGigabytes | Int32 | Specifies the minimum disk size in GB to use Peer Caching (1-100000). Valid values 1 to 100000 |
Recommended values: 64 GB to 256 GB. Valid values 1 to 100000 | ||
minimumFileSizeToCacheInMegabytes | Int32 | Specifies the minimum content file size in MB enabled to use Peer Caching (1-100000). Valid values 1 to 100000 |
Recommended values: 1 MB to 100,000 MB. Valid values 1 to 100000 | ||
minimumBatteryPercentageAllowedToUpload | Int32 | Specifies the minimum battery percentage to allow the device to upload data (0-100). Valid values 0 to 100 |
The default value is 0. The value 0 (zero) means "not limited" and the cloud service default value will be used. Valid values 0 to 100 | ||
modifyCacheLocation | String | Specifies the drive that Delivery Optimization should use for its cache. |
maximumCacheAgeInDays | Int32 | Specifies the maximum time in days that each file is held in the Delivery Optimization cache after downloading successfully (0-3650). Valid values 0 to 3650 |
maximumCacheSize | deliveryOptimizationMaxCacheSize | Specifies the maximum cache size that Delivery Optimization either as a percentage or in GB. |
vpnPeerCaching | enablement | Specifies whether the device is allowed to participate in Peer Caching while connected via VPN to the domain network. Possible values are: notConfigured , enabled , disabled . |
cacheServerHostNames | String collection | Specifies cache servers host names. |
cacheServerForegroundDownloadFallbackToHttpDelayInSeconds | Int32 | Specifies number of seconds to delay a fall back from cache servers to an HTTP source for a foreground download. Valid values 0 to 2592000. |
cacheServerBackgroundDownloadFallbackToHttpDelayInSeconds | Int32 | Specifies number of seconds to delay a fall back from cache servers to an HTTP source for a background download. Valid values 0 to 2592000. |
windowsHealthMonitoringConfiguration
Property | Type | Description |
---|---|---|
id | String | Key of the entity. Inherited from deviceConfiguration |
lastModifiedDateTime | DateTimeOffset | DateTime the object was last modified. Inherited from deviceConfiguration |
roleScopeTagIds | String collection | List of Scope Tags for this Entity instance. Inherited from deviceConfiguration |
supportsScopeTags | Boolean | Indicates whether or not the underlying Device Configuration supports the assignment of scope tags. Assigning to the ScopeTags property is not allowed when this value is false and entities will not be visible to scoped users. This occurs for Legacy policies created in Silverlight and can be resolved by deleting and recreating the policy in the Azure Portal. This property is read-only. Inherited from deviceConfiguration |
deviceManagementApplicabilityRuleOsEdition | deviceManagementApplicabilityRuleOsEdition | The OS edition applicability for this Policy. Inherited from deviceConfiguration |
deviceManagementApplicabilityRuleOsVersion | deviceManagementApplicabilityRuleOsVersion | The OS version applicability rule for this Policy. Inherited from deviceConfiguration |
deviceManagementApplicabilityRuleDeviceMode | deviceManagementApplicabilityRuleDeviceMode | The device mode applicability rule for this Policy. Inherited from deviceConfiguration |
createdDateTime | DateTimeOffset | DateTime the object was created. Inherited from deviceConfiguration |
description | String | Admin provided description of the Device Configuration. Inherited from deviceConfiguration |
displayName | String | Admin provided name of the device configuration. Inherited from deviceConfiguration |
version | Int32 | Version of the device configuration. Inherited from deviceConfiguration |
allowDeviceHealthMonitoring | enablement | Enables device health monitoring on the device. Possible values are: notConfigured , enabled , disabled . |
configDeviceHealthMonitoringScope | windowsHealthMonitoringScope | Specifies set of events collected from the device where health monitoring is enabled. Possible values are: undefined , healthMonitoring , bootPerformance , windowsUpdates , privilegeManagement . |
configDeviceHealthMonitoringCustomScope | String | Specifies custom set of events collected from the device where health monitoring is enabled |
windowsIdentityProtectionConfiguration
Property | Type | Description |
---|---|---|
id | String | Key of the entity. Inherited from deviceConfiguration |
lastModifiedDateTime | DateTimeOffset | DateTime the object was last modified. Inherited from deviceConfiguration |
roleScopeTagIds | String collection | List of Scope Tags for this Entity instance. Inherited from deviceConfiguration |
supportsScopeTags | Boolean | Indicates whether or not the underlying Device Configuration supports the assignment of scope tags. Assigning to the ScopeTags property is not allowed when this value is false and entities will not be visible to scoped users. This occurs for Legacy policies created in Silverlight and can be resolved by deleting and recreating the policy in the Azure Portal. This property is read-only. Inherited from deviceConfiguration |
deviceManagementApplicabilityRuleOsEdition | deviceManagementApplicabilityRuleOsEdition | The OS edition applicability for this Policy. Inherited from deviceConfiguration |
deviceManagementApplicabilityRuleOsVersion | deviceManagementApplicabilityRuleOsVersion | The OS version applicability rule for this Policy. Inherited from deviceConfiguration |
deviceManagementApplicabilityRuleDeviceMode | deviceManagementApplicabilityRuleDeviceMode | The device mode applicability rule for this Policy. Inherited from deviceConfiguration |
createdDateTime | DateTimeOffset | DateTime the object was created. Inherited from deviceConfiguration |
description | String | Admin provided description of the Device Configuration. Inherited from deviceConfiguration |
displayName | String | Admin provided name of the device configuration. Inherited from deviceConfiguration |
version | Int32 | Version of the device configuration. Inherited from deviceConfiguration |
useSecurityKeyForSignin | Boolean | Boolean value used to enable the Windows Hello security key as a logon credential. |
enhancedAntiSpoofingForFacialFeaturesEnabled | Boolean | Boolean value used to enable enhanced anti-spoofing for facial feature recognition on Windows Hello face authentication. |
pinMinimumLength | Int32 | Integer value that sets the minimum number of characters required for the Windows Hello for Business PIN. Valid values are 4 to 127 inclusive and less than or equal to the value set for the maximum PIN. Valid values 4 to 127 |
pinMaximumLength | Int32 | Integer value that sets the maximum number of characters allowed for the work PIN. Valid values are 4 to 127 inclusive and greater than or equal to the value set for the minimum PIN. Valid values 4 to 127 |
pinUppercaseCharactersUsage | configurationUsage | This value configures the use of uppercase characters in the Windows Hello for Business PIN. Possible values are: blocked , required , allowed , notConfigured . |
pinLowercaseCharactersUsage | configurationUsage | This value configures the use of lowercase characters in the Windows Hello for Business PIN. Possible values are: blocked , required , allowed , notConfigured . |
pinSpecialCharactersUsage | configurationUsage | Controls the ability to use special characters in the Windows Hello for Business PIN. Possible values are: blocked , required , allowed , notConfigured . |
pinExpirationInDays | Int32 | Integer value specifies the period (in days) that a PIN can be used before the system requires the user to change it. Valid values are 0 to 730 inclusive. Valid values 0 to 730 |
pinPreviousBlockCount | Int32 | Controls the ability to prevent users from using past PINs. This must be set between 0 and 50, inclusive, and the current PIN of the user is included in that count. If set to 0, previous PINs are not stored. PIN history is not preserved through a PIN reset. Valid values 0 to 50 |
pinRecoveryEnabled | Boolean | Boolean value that enables a user to change their PIN by using the Windows Hello for Business PIN recovery service. |
securityDeviceRequired | Boolean | Controls whether to require a Trusted Platform Module (TPM) for provisioning Windows Hello for Business. A TPM provides an additional security benefit in that data stored on it cannot be used on other devices. If set to False, all devices can provision Windows Hello for Business even if there is not a usable TPM. |
unlockWithBiometricsEnabled | Boolean | Controls the use of biometric gestures, such as face and fingerprint, as an alternative to the Windows Hello for Business PIN. If set to False, biometric gestures are not allowed. Users must still configure a PIN as a backup in case of failures. |
useCertificatesForOnPremisesAuthEnabled | Boolean | Boolean value that enables Windows Hello for Business to use certificates to authenticate on-premise resources. |
windowsHelloForBusinessBlocked | Boolean | Boolean value that blocks Windows Hello for Business as a method for signing into Windows. |
windowsKioskConfiguration
Property | Type | Description |
---|---|---|
id | String | Key of the entity. Inherited from deviceConfiguration |
lastModifiedDateTime | DateTimeOffset | DateTime the object was last modified. Inherited from deviceConfiguration |
roleScopeTagIds | String collection | List of Scope Tags for this Entity instance. Inherited from deviceConfiguration |
supportsScopeTags | Boolean | Indicates whether or not the underlying Device Configuration supports the assignment of scope tags. Assigning to the ScopeTags property is not allowed when this value is false and entities will not be visible to scoped users. This occurs for Legacy policies created in Silverlight and can be resolved by deleting and recreating the policy in the Azure Portal. This property is read-only. Inherited from deviceConfiguration |
deviceManagementApplicabilityRuleOsEdition | deviceManagementApplicabilityRuleOsEdition | The OS edition applicability for this Policy. Inherited from deviceConfiguration |
deviceManagementApplicabilityRuleOsVersion | deviceManagementApplicabilityRuleOsVersion | The OS version applicability rule for this Policy. Inherited from deviceConfiguration |
deviceManagementApplicabilityRuleDeviceMode | deviceManagementApplicabilityRuleDeviceMode | The device mode applicability rule for this Policy. Inherited from deviceConfiguration |
createdDateTime | DateTimeOffset | DateTime the object was created. Inherited from deviceConfiguration |
description | String | Admin provided description of the Device Configuration. Inherited from deviceConfiguration |
displayName | String | Admin provided name of the device configuration. Inherited from deviceConfiguration |
version | Int32 | Version of the device configuration. Inherited from deviceConfiguration |
kioskProfiles | windowsKioskProfile collection | This policy setting allows to define a list of Kiosk profiles for a Kiosk configuration. This collection can contain a maximum of 3 elements. |
kioskBrowserDefaultUrl | String | Specify the default URL the browser should navigate to on launch. |
kioskBrowserEnableHomeButton | Boolean | Enable the kiosk browser's home button. By default, the home button is disabled. |
kioskBrowserEnableNavigationButtons | Boolean | Enable the kiosk browser's navigation buttons(forward/back). By default, the navigation buttons are disabled. |
kioskBrowserEnableEndSessionButton | Boolean | Enable the kiosk browser's end session button. By default, the end session button is disabled. |
kioskBrowserRestartOnIdleTimeInMinutes | Int32 | Specify the number of minutes the session is idle until the kiosk browser restarts in a fresh state. Valid values are 1-1440. Valid values 1 to 1440 |
kioskBrowserBlockedURLs | String collection | Specify URLs that the kiosk browsers should not navigate to |
kioskBrowserBlockedUrlExceptions | String collection | Specify URLs that the kiosk browser is allowed to navigate to |
edgeKioskEnablePublicBrowsing | Boolean | Enable public browsing kiosk mode for the Microsoft Edge browser. The Default is false. |
windowsKioskForceUpdateSchedule | windowsKioskForceUpdateSchedule | force update schedule for Kiosk devices. |
windowsPhone81CertificateProfileBase
Property | Type | Description |
---|---|---|
id | String | Key of the entity. Inherited from deviceConfiguration |
lastModifiedDateTime | DateTimeOffset | DateTime the object was last modified. Inherited from deviceConfiguration |
roleScopeTagIds | String collection | List of Scope Tags for this Entity instance. Inherited from deviceConfiguration |
supportsScopeTags | Boolean | Indicates whether or not the underlying Device Configuration supports the assignment of scope tags. Assigning to the ScopeTags property is not allowed when this value is false and entities will not be visible to scoped users. This occurs for Legacy policies created in Silverlight and can be resolved by deleting and recreating the policy in the Azure Portal. This property is read-only. Inherited from deviceConfiguration |
deviceManagementApplicabilityRuleOsEdition | deviceManagementApplicabilityRuleOsEdition | The OS edition applicability for this Policy. Inherited from deviceConfiguration |
deviceManagementApplicabilityRuleOsVersion | deviceManagementApplicabilityRuleOsVersion | The OS version applicability rule for this Policy. Inherited from deviceConfiguration |
deviceManagementApplicabilityRuleDeviceMode | deviceManagementApplicabilityRuleDeviceMode | The device mode applicability rule for this Policy. Inherited from deviceConfiguration |
createdDateTime | DateTimeOffset | DateTime the object was created. Inherited from deviceConfiguration |
description | String | Admin provided description of the Device Configuration. Inherited from deviceConfiguration |
displayName | String | Admin provided name of the device configuration. Inherited from deviceConfiguration |
version | Int32 | Version of the device configuration. Inherited from deviceConfiguration |
renewalThresholdPercentage | Int32 | Certificate renewal threshold percentage. |
keyStorageProvider | keyStorageProviderOption | Key Storage Provider (KSP). Possible values are: useTpmKspOtherwiseUseSoftwareKsp , useTpmKspOtherwiseFail , usePassportForWorkKspOtherwiseFail , useSoftwareKsp . |
subjectNameFormat | subjectNameFormat | Certificate Subject Name Format. Possible values are: commonName , commonNameIncludingEmail , commonNameAsEmail , custom , commonNameAsIMEI , commonNameAsSerialNumber , commonNameAsAadDeviceId , commonNameAsIntuneDeviceId , commonNameAsDurableDeviceId . |
subjectAlternativeNameType | subjectAlternativeNameType | Certificate Subject Alternative Name Type. Possible values are: none , emailAddress , userPrincipalName , customAzureADAttribute , domainNameService , universalResourceIdentifier . |
certificateValidityPeriodValue | Int32 | Value for the Certificate Validtiy Period. |
certificateValidityPeriodScale | certificateValidityPeriodScale | Scale for the Certificate Validity Period. Possible values are: days , months , years . |
extendedKeyUsages | extendedKeyUsage collection | Extended Key Usage (EKU) settings. This collection can contain a maximum of 500 elements. |
windowsPhone81CompliancePolicy
Property | Type | Description |
---|---|---|
id | String | Key of the entity. Inherited from deviceCompliancePolicy |
createdDateTime | DateTimeOffset | DateTime the object was created. Inherited from deviceCompliancePolicy |
description | String | Admin provided description of the Device Configuration. Inherited from deviceCompliancePolicy |
lastModifiedDateTime | DateTimeOffset | DateTime the object was last modified. Inherited from deviceCompliancePolicy |
displayName | String | Admin provided name of the device configuration. Inherited from deviceCompliancePolicy |
version | Int32 | Version of the device configuration. Inherited from deviceCompliancePolicy |
passwordBlockSimple | Boolean | Whether or not to block syncing the calendar. |
passwordExpirationDays | Int32 | Number of days before the password expires. |
passwordMinimumLength | Int32 | Minimum length of passwords. |
passwordMinutesOfInactivityBeforeLock | Int32 | Minutes of inactivity before a password is required. |
passwordMinimumCharacterSetCount | Int32 | The number of character sets required in the password. |
passwordRequiredType | requiredPasswordType | The required password type. Possible values are: deviceDefault , alphanumeric , numeric . |
passwordPreviousPasswordBlockCount | Int32 | Number of previous passwords to block. Valid values 0 to 24 |
passwordRequired | Boolean | Whether or not to require a password. |
osMinimumVersion | String | Minimum Windows Phone version. |
osMaximumVersion | String | Maximum Windows Phone version. |
storageRequireEncryption | Boolean | Require encryption on windows phone devices. |
windowsPhone81CustomConfiguration
Property | Type | Description |
---|---|---|
id | String | Key of the entity. Inherited from deviceConfiguration |
lastModifiedDateTime | DateTimeOffset | DateTime the object was last modified. Inherited from deviceConfiguration |
createdDateTime | DateTimeOffset | DateTime the object was created. Inherited from deviceConfiguration |
description | String | Admin provided description of the Device Configuration. Inherited from deviceConfiguration |
displayName | String | Admin provided name of the device configuration. Inherited from deviceConfiguration |
version | Int32 | Version of the device configuration. Inherited from deviceConfiguration |
omaSettings | omaSetting collection | OMA settings. This collection can contain a maximum of 1000 elements. |
windowsPhone81GeneralConfiguration
Property | Type | Description |
---|---|---|
id | String | Key of the entity. Inherited from deviceConfiguration |
lastModifiedDateTime | DateTimeOffset | DateTime the object was last modified. Inherited from deviceConfiguration |
createdDateTime | DateTimeOffset | DateTime the object was created. Inherited from deviceConfiguration |
description | String | Admin provided description of the Device Configuration. Inherited from deviceConfiguration |
displayName | String | Admin provided name of the device configuration. Inherited from deviceConfiguration |
version | Int32 | Version of the device configuration. Inherited from deviceConfiguration |
applyOnlyToWindowsPhone81 | Boolean | Value indicating whether this policy only applies to Windows Phone 8.1. This property is read-only. |
appsBlockCopyPaste | Boolean | Indicates whether or not to block copy paste. |
bluetoothBlocked | Boolean | Indicates whether or not to block bluetooth. |
cameraBlocked | Boolean | Indicates whether or not to block camera. |
cellularBlockWifiTethering | Boolean | Indicates whether or not to block Wi-Fi tethering. Has no impact if Wi-Fi is blocked. |
compliantAppsList | appListItem collection | List of apps in the compliance (either allow list or block list, controlled by CompliantAppListType). This collection can contain a maximum of 10000 elements. |
compliantAppListType | appListType | List that is in the AppComplianceList. Possible values are: none , appsInListCompliant , appsNotInListCompliant . |
diagnosticDataBlockSubmission | Boolean | Indicates whether or not to block diagnostic data submission. |
emailBlockAddingAccounts | Boolean | Indicates whether or not to block custom email accounts. |
locationServicesBlocked | Boolean | Indicates whether or not to block location services. |
microsoftAccountBlocked | Boolean | Indicates whether or not to block using a Microsoft Account. |
nfcBlocked | Boolean | Indicates whether or not to block Near-Field Communication. |
passwordBlockSimple | Boolean | Indicates whether or not to block syncing the calendar. |
passwordExpirationDays | Int32 | Number of days before the password expires. |
passwordMinimumLength | Int32 | Minimum length of passwords. |
passwordMinutesOfInactivityBeforeScreenTimeout | Int32 | Minutes of inactivity before screen timeout. |
passwordMinimumCharacterSetCount | Int32 | Number of character sets a password must contain. |
passwordPreviousPasswordBlockCount | Int32 | Number of previous passwords to block. Valid values 0 to 24 |
passwordSignInFailureCountBeforeFactoryReset | Int32 | Number of sign in failures allowed before factory reset. |
passwordRequiredType | requiredPasswordType | Password type that is required. Possible values are: deviceDefault , alphanumeric , numeric . |
passwordRequired | Boolean | Indicates whether or not to require a password. |
screenCaptureBlocked | Boolean | Indicates whether or not to block screenshots. |
storageBlockRemovableStorage | Boolean | Indicates whether or not to block removable storage. |
storageRequireEncryption | Boolean | Indicates whether or not to require encryption. |
webBrowserBlocked | Boolean | Indicates whether or not to block the web browser. |
wifiBlocked | Boolean | Indicates whether or not to block Wi-Fi. |
wifiBlockAutomaticConnectHotspots | Boolean | Indicates whether or not to block automatically connecting to Wi-Fi hotspots. Has no impact if Wi-Fi is blocked. |
wifiBlockHotspotReporting | Boolean | Indicates whether or not to block Wi-Fi hotspot reporting. Has no impact if Wi-Fi is blocked. |
windowsStoreBlocked | Boolean | Indicates whether or not to block the Windows Store. |
windowsPhone81ImportedPFXCertificateProfile
Property | Type | Description |
---|---|---|
id | String | Key of the entity. Inherited from deviceConfiguration |
lastModifiedDateTime | DateTimeOffset | DateTime the object was last modified. Inherited from deviceConfiguration |
roleScopeTagIds | String collection | List of Scope Tags for this Entity instance. Inherited from deviceConfiguration |
supportsScopeTags | Boolean | Indicates whether or not the underlying Device Configuration supports the assignment of scope tags. Assigning to the ScopeTags property is not allowed when this value is false and entities will not be visible to scoped users. This occurs for Legacy policies created in Silverlight and can be resolved by deleting and recreating the policy in the Azure Portal. This property is read-only. Inherited from deviceConfiguration |
deviceManagementApplicabilityRuleOsEdition | deviceManagementApplicabilityRuleOsEdition | The OS edition applicability for this Policy. Inherited from deviceConfiguration |
deviceManagementApplicabilityRuleOsVersion | deviceManagementApplicabilityRuleOsVersion | The OS version applicability rule for this Policy. Inherited from deviceConfiguration |
deviceManagementApplicabilityRuleDeviceMode | deviceManagementApplicabilityRuleDeviceMode | The device mode applicability rule for this Policy. Inherited from deviceConfiguration |
createdDateTime | DateTimeOffset | DateTime the object was created. Inherited from deviceConfiguration |
description | String | Admin provided description of the Device Configuration. Inherited from deviceConfiguration |
displayName | String | Admin provided name of the device configuration. Inherited from deviceConfiguration |
version | Int32 | Version of the device configuration. Inherited from deviceConfiguration |
renewalThresholdPercentage | Int32 | Certificate renewal threshold percentage. Valid values 1 to 99 Inherited from windowsCertificateProfileBase |
keyStorageProvider | keyStorageProviderOption | Key Storage Provider (KSP) Inherited from windowsCertificateProfileBase. Possible values are: useTpmKspOtherwiseUseSoftwareKsp , useTpmKspOtherwiseFail , usePassportForWorkKspOtherwiseFail , useSoftwareKsp . |
subjectNameFormat | subjectNameFormat | Certificate Subject Name Format Inherited from windowsCertificateProfileBase. Possible values are: commonName , commonNameIncludingEmail , commonNameAsEmail , custom , commonNameAsIMEI , commonNameAsSerialNumber , commonNameAsAadDeviceId , commonNameAsIntuneDeviceId , commonNameAsDurableDeviceId . |
subjectAlternativeNameType | subjectAlternativeNameType | Certificate Subject Alternative Name Type Inherited from windowsCertificateProfileBase. Possible values are: none , emailAddress , userPrincipalName , customAzureADAttribute , domainNameService , universalResourceIdentifier . |
certificateValidityPeriodValue | Int32 | Value for the Certificate Validity Period Inherited from windowsCertificateProfileBase |
certificateValidityPeriodScale | certificateValidityPeriodScale | Scale for the Certificate Validity Period Inherited from windowsCertificateProfileBase. Possible values are: days , months , years . |
intendedPurpose | intendedPurpose | Intended Purpose of the Certificate Profile - which could be Unassigned, SmimeEncryption, SmimeSigning etc. Possible values are: unassigned , smimeEncryption , smimeSigning , vpn , wifi . |
windowsPhone81SCEPCertificateProfile
Property | Type | Description |
---|---|---|
id | String | Key of the entity. Inherited from deviceConfiguration |
lastModifiedDateTime | DateTimeOffset | DateTime the object was last modified. Inherited from deviceConfiguration |
roleScopeTagIds | String collection | List of Scope Tags for this Entity instance. Inherited from deviceConfiguration |
supportsScopeTags | Boolean | Indicates whether or not the underlying Device Configuration supports the assignment of scope tags. Assigning to the ScopeTags property is not allowed when this value is false and entities will not be visible to scoped users. This occurs for Legacy policies created in Silverlight and can be resolved by deleting and recreating the policy in the Azure Portal. This property is read-only. Inherited from deviceConfiguration |
deviceManagementApplicabilityRuleOsEdition | deviceManagementApplicabilityRuleOsEdition | The OS edition applicability for this Policy. Inherited from deviceConfiguration |
deviceManagementApplicabilityRuleOsVersion | deviceManagementApplicabilityRuleOsVersion | The OS version applicability rule for this Policy. Inherited from deviceConfiguration |
deviceManagementApplicabilityRuleDeviceMode | deviceManagementApplicabilityRuleDeviceMode | The device mode applicability rule for this Policy. Inherited from deviceConfiguration |
createdDateTime | DateTimeOffset | DateTime the object was created. Inherited from deviceConfiguration |
description | String | Admin provided description of the Device Configuration. Inherited from deviceConfiguration |
displayName | String | Admin provided name of the device configuration. Inherited from deviceConfiguration |
version | Int32 | Version of the device configuration. Inherited from deviceConfiguration |
renewalThresholdPercentage | Int32 | Certificate renewal threshold percentage. Inherited from windowsPhone81CertificateProfileBase |
keyStorageProvider | keyStorageProviderOption | Key Storage Provider (KSP). Inherited from windowsPhone81CertificateProfileBase. Possible values are: useTpmKspOtherwiseUseSoftwareKsp , useTpmKspOtherwiseFail , usePassportForWorkKspOtherwiseFail , useSoftwareKsp . |
subjectNameFormat | subjectNameFormat | Certificate Subject Name Format. Inherited from windowsPhone81CertificateProfileBase. Possible values are: commonName , commonNameIncludingEmail , commonNameAsEmail , custom , commonNameAsIMEI , commonNameAsSerialNumber , commonNameAsAadDeviceId , commonNameAsIntuneDeviceId , commonNameAsDurableDeviceId . |
subjectAlternativeNameType | subjectAlternativeNameType | Certificate Subject Alternative Name Type. Inherited from windowsPhone81CertificateProfileBase. Possible values are: none , emailAddress , userPrincipalName , customAzureADAttribute , domainNameService , universalResourceIdentifier . |
certificateValidityPeriodValue | Int32 | Value for the Certificate Validtiy Period. Inherited from windowsPhone81CertificateProfileBase |
certificateValidityPeriodScale | certificateValidityPeriodScale | Scale for the Certificate Validity Period. Inherited from windowsPhone81CertificateProfileBase. Possible values are: days , months , years . |
extendedKeyUsages | extendedKeyUsage collection | Extended Key Usage (EKU) settings. This collection can contain a maximum of 500 elements. Inherited from windowsPhone81CertificateProfileBase |
scepServerUrls | String collection | SCEP Server Url(s). |
subjectNameFormatString | String | Custom format to use with SubjectNameFormat = Custom. Example: CN={{EmailAddress}},E={{EmailAddress}},OU=Enterprise Users,O=Contoso Corporation,L=Redmond,ST=WA,C=US |
keyUsage | keyUsages | SCEP Key Usage. Possible values are: keyEncipherment , digitalSignature . |
keySize | keySize | SCEP Key Size. Possible values are: size1024 , size2048 , size4096 . |
hashAlgorithm | hashAlgorithms | SCEP Hash Algorithm. Possible values are: sha1 , sha2 . |
subjectAlternativeNameFormatString | String | Custom String that defines the AAD Attribute. |
windowsPhone81TrustedRootCertificate
Property | Type | Description |
---|---|---|
id | String | Key of the entity. Inherited from deviceConfiguration |
lastModifiedDateTime | DateTimeOffset | DateTime the object was last modified. Inherited from deviceConfiguration |
roleScopeTagIds | String collection | List of Scope Tags for this Entity instance. Inherited from deviceConfiguration |
supportsScopeTags | Boolean | Indicates whether or not the underlying Device Configuration supports the assignment of scope tags. Assigning to the ScopeTags property is not allowed when this value is false and entities will not be visible to scoped users. This occurs for Legacy policies created in Silverlight and can be resolved by deleting and recreating the policy in the Azure Portal. This property is read-only. Inherited from deviceConfiguration |
deviceManagementApplicabilityRuleOsEdition | deviceManagementApplicabilityRuleOsEdition | The OS edition applicability for this Policy. Inherited from deviceConfiguration |
deviceManagementApplicabilityRuleOsVersion | deviceManagementApplicabilityRuleOsVersion | The OS version applicability rule for this Policy. Inherited from deviceConfiguration |
deviceManagementApplicabilityRuleDeviceMode | deviceManagementApplicabilityRuleDeviceMode | The device mode applicability rule for this Policy. Inherited from deviceConfiguration |
createdDateTime | DateTimeOffset | DateTime the object was created. Inherited from deviceConfiguration |
description | String | Admin provided description of the Device Configuration. Inherited from deviceConfiguration |
displayName | String | Admin provided name of the device configuration. Inherited from deviceConfiguration |
version | Int32 | Version of the device configuration. Inherited from deviceConfiguration |
trustedRootCertificate | Binary | Trusted Root Certificate |
certFileName | String | File name to display in UI. |
windowsPhone81VpnConfiguration
Property | Type | Description |
---|---|---|
id | String | Key of the entity. Inherited from deviceConfiguration |
lastModifiedDateTime | DateTimeOffset | DateTime the object was last modified. Inherited from deviceConfiguration |
roleScopeTagIds | String collection | List of Scope Tags for this Entity instance. Inherited from deviceConfiguration |
supportsScopeTags | Boolean | Indicates whether or not the underlying Device Configuration supports the assignment of scope tags. Assigning to the ScopeTags property is not allowed when this value is false and entities will not be visible to scoped users. This occurs for Legacy policies created in Silverlight and can be resolved by deleting and recreating the policy in the Azure Portal. This property is read-only. Inherited from deviceConfiguration |
deviceManagementApplicabilityRuleOsEdition | deviceManagementApplicabilityRuleOsEdition | The OS edition applicability for this Policy. Inherited from deviceConfiguration |
deviceManagementApplicabilityRuleOsVersion | deviceManagementApplicabilityRuleOsVersion | The OS version applicability rule for this Policy. Inherited from deviceConfiguration |
deviceManagementApplicabilityRuleDeviceMode | deviceManagementApplicabilityRuleDeviceMode | The device mode applicability rule for this Policy. Inherited from deviceConfiguration |
createdDateTime | DateTimeOffset | DateTime the object was created. Inherited from deviceConfiguration |
description | String | Admin provided description of the Device Configuration. Inherited from deviceConfiguration |
displayName | String | Admin provided name of the device configuration. Inherited from deviceConfiguration |
version | Int32 | Version of the device configuration. Inherited from deviceConfiguration |
connectionName | String | Connection name displayed to the user. Inherited from windowsVpnConfiguration |
servers | vpnServer collection | List of VPN Servers on the network. Make sure end users can access these network locations. This collection can contain a maximum of 500 elements. Inherited from windowsVpnConfiguration |
customXml | Binary | Custom XML commands that configures the VPN connection. (UTF8 encoded byte array) Inherited from windowsVpnConfiguration |
applyOnlyToWindows81 | Boolean | Value indicating whether this policy only applies to Windows 8.1. This property is read-only. Inherited from windows81VpnConfiguration |
connectionType | windowsVpnConnectionType | Connection type. Inherited from windows81VpnConfiguration. Possible values are: pulseSecure , f5EdgeClient , dellSonicWallMobileConnect , checkPointCapsuleVpn . |
loginGroupOrDomain | String | Login group or domain when connection type is set to Dell SonicWALL Mobile Connection. Inherited from windows81VpnConfiguration |
enableSplitTunneling | Boolean | Enable split tunneling for the VPN. Inherited from windows81VpnConfiguration |
proxyServer | windows81VpnProxyServer | Proxy Server. Inherited from windows81VpnConfiguration |
bypassVpnOnCompanyWifi | Boolean | Bypass VPN on company Wi-Fi. |
bypassVpnOnHomeWifi | Boolean | Bypass VPN on home Wi-Fi. |
authenticationMethod | vpnAuthenticationMethod | Authentication method. Possible values are: certificate , usernameAndPassword , sharedSecret , derivedCredential , azureAD . |
rememberUserCredentials | Boolean | Remember user credentials. |
dnsSuffixSearchList | String collection | DNS suffix search list. |
windowsPhoneEASEmailProfileConfiguration
Property | Type | Description |
---|---|---|
id | String | Key of the entity. Inherited from deviceConfiguration |
lastModifiedDateTime | DateTimeOffset | DateTime the object was last modified. Inherited from deviceConfiguration |
roleScopeTagIds | String collection | List of Scope Tags for this Entity instance. Inherited from deviceConfiguration |
supportsScopeTags | Boolean | Indicates whether or not the underlying Device Configuration supports the assignment of scope tags. Assigning to the ScopeTags property is not allowed when this value is false and entities will not be visible to scoped users. This occurs for Legacy policies created in Silverlight and can be resolved by deleting and recreating the policy in the Azure Portal. This property is read-only. Inherited from deviceConfiguration |
deviceManagementApplicabilityRuleOsEdition | deviceManagementApplicabilityRuleOsEdition | The OS edition applicability for this Policy. Inherited from deviceConfiguration |
deviceManagementApplicabilityRuleOsVersion | deviceManagementApplicabilityRuleOsVersion | The OS version applicability rule for this Policy. Inherited from deviceConfiguration |
deviceManagementApplicabilityRuleDeviceMode | deviceManagementApplicabilityRuleDeviceMode | The device mode applicability rule for this Policy. Inherited from deviceConfiguration |
createdDateTime | DateTimeOffset | DateTime the object was created. Inherited from deviceConfiguration |
description | String | Admin provided description of the Device Configuration. Inherited from deviceConfiguration |
displayName | String | Admin provided name of the device configuration. Inherited from deviceConfiguration |
version | Int32 | Version of the device configuration. Inherited from deviceConfiguration |
usernameSource | userEmailSource | Username attribute that is picked from AAD and injected into this profile before installing on the device. Inherited from easEmailProfileConfigurationBase. Possible values are: userPrincipalName , primarySmtpAddress . |
usernameAADSource | usernameSource | Name of the AAD field, that will be used to retrieve UserName for email profile. Inherited from easEmailProfileConfigurationBase. Possible values are: userPrincipalName , primarySmtpAddress , samAccountName . |
userDomainNameSource | domainNameSource | UserDomainname attribute that is picked from AAD and injected into this profile before installing on the device. Inherited from easEmailProfileConfigurationBase. Possible values are: fullDomainName , netBiosDomainName . |
customDomainName | String | Custom domain name value used while generating an email profile before installing on the device. Inherited from easEmailProfileConfigurationBase |
accountName | String | Account name. |
applyOnlyToWindowsPhone81 | Boolean | Value indicating whether this policy only applies to Windows 8.1. This property is read-only. |
syncCalendar | Boolean | Whether or not to sync the calendar. |
syncContacts | Boolean | Whether or not to sync contacts. |
syncTasks | Boolean | Whether or not to sync tasks. |
durationOfEmailToSync | emailSyncDuration | Duration of email to sync. Possible values are: userDefined , oneDay , threeDays , oneWeek , twoWeeks , oneMonth , unlimited . |
emailAddressSource | userEmailSource | Email attribute that is picked from AAD and injected into this profile before installing on the device. Possible values are: userPrincipalName , primarySmtpAddress . |
emailSyncSchedule | emailSyncSchedule | Email sync schedule. Possible values are: userDefined , asMessagesArrive , manual , fifteenMinutes , thirtyMinutes , sixtyMinutes , basedOnMyUsage . |
hostName | String | Exchange location that (URL) that the native mail app connects to. |
requireSsl | Boolean | Indicates whether or not to use SSL. |
windowsPrivacyDataAccessControlItem
Property | Type | Description |
---|---|---|
id | String | The key of WindowsPrivacyDataAccessControlItem. |
accessLevel | windowsPrivacyDataAccessLevel | This indicates an access level for the privacy data category to which the specified application will be given to. Possible values are: notConfigured , forceAllow , forceDeny , userInControl . |
dataCategory | windowsPrivacyDataCategory | This indicates a privacy data category to which the specific access control will apply. Possible values are: notConfigured , accountInfo , appsRunInBackground , calendar , callHistory , camera , contacts , diagnosticsInfo , email , location , messaging , microphone , motion , notifications , phone , radios , tasks , syncWithDevices , trustedDevices . |
appPackageFamilyName | String | The Package Family Name of a Windows app. When set, the access level applies to the specified application. |
appDisplayName | String | The Package Family Name of a Windows app. When set, the access level applies to the specified application. |
windowsUpdateForBusinessConfiguration
Property | Type | Description |
---|---|---|
id | String | Key of the entity. Inherited from deviceConfiguration |
lastModifiedDateTime | DateTimeOffset | DateTime the object was last modified. Inherited from deviceConfiguration |
createdDateTime | DateTimeOffset | DateTime the object was created. Inherited from deviceConfiguration |
description | String | Admin provided description of the Device Configuration. Inherited from deviceConfiguration |
displayName | String | Admin provided name of the device configuration. Inherited from deviceConfiguration |
version | Int32 | Version of the device configuration. Inherited from deviceConfiguration |
deliveryOptimizationMode | windowsDeliveryOptimizationMode | The Delivery Optimization Mode. Possible values are: UserDefined, HttpOnly, HttpWithPeeringNat, HttpWithPeeringPrivateGroup, HttpWithInternetPeering, SimpleDownload, BypassMode. UserDefined allows the user to set. Returned by default. Query parameters are not supported. Possible values are: userDefined , httpOnly , httpWithPeeringNat , httpWithPeeringPrivateGroup , httpWithInternetPeering , simpleDownload , bypassMode . |
prereleaseFeatures | prereleaseFeatures | The Pre-Release Features. Possible values are: UserDefined, SettingsOnly, SettingsAndExperimentations, NotAllowed. UserDefined is the default value, no intent. Returned by default. Query parameters are not supported. Possible values are: userDefined , settingsOnly , settingsAndExperimentations , notAllowed . |
automaticUpdateMode | automaticUpdateMode | The Automatic Update Mode. Possible values are: UserDefined, NotifyDownload, AutoInstallAtMaintenanceTime, AutoInstallAndRebootAtMaintenanceTime, AutoInstallAndRebootAtScheduledTime, AutoInstallAndRebootWithoutEndUserControl, WindowsDefault. UserDefined is the default value, no intent. Returned by default. Query parameters are not supported. Possible values are: userDefined , notifyDownload , autoInstallAtMaintenanceTime , autoInstallAndRebootAtMaintenanceTime , autoInstallAndRebootAtScheduledTime , autoInstallAndRebootWithoutEndUserControl . |
microsoftUpdateServiceAllowed | Boolean | When TRUE, allows Microsoft Update Service. When FALSE, does not allow Microsoft Update Service. Returned by default. Query parameters are not supported. |
driversExcluded | Boolean | When TRUE, excludes Windows update Drivers. When FALSE, does not exclude Windows update Drivers. Returned by default. Query parameters are not supported. |
installationSchedule | windowsUpdateInstallScheduleType | The Installation Schedule. Possible values are: ActiveHoursStart, ActiveHoursEnd, ScheduledInstallDay, ScheduledInstallTime. Returned by default. Query parameters are not supported. |
qualityUpdatesDeferralPeriodInDays | Int32 | Defer Quality Updates by these many days with valid range from 0 to 30 days. Returned by default. Query parameters are not supported. |
featureUpdatesDeferralPeriodInDays | Int32 | Defer Feature Updates by these many days with valid range from 0 to 30 days. Returned by default. Query parameters are not supported. |
qualityUpdatesPaused | Boolean | When TRUE, assigned devices are paused from receiving quality updates for up to 35 days from the time you pause the ring. When FALSE, does not pause Quality Updates. Returned by default. Query parameters are not supported. |
featureUpdatesPaused | Boolean | When TRUE, assigned devices are paused from receiving feature updates for up to 35 days from the time you pause the ring. When FALSE, does not pause Feature Updates. Returned by default. Query parameters are not supported.s |
qualityUpdatesPauseExpiryDateTime | DateTimeOffset | The Quality Updates Pause Expiry datetime. This value is 35 days from the time admin paused or extended the pause for the ring. Returned by default. Query parameters are not supported. |
featureUpdatesPauseExpiryDateTime | DateTimeOffset | The Feature Updates Pause Expiry datetime. This value is 35 days from the time admin paused or extended the pause for the ring. Returned by default. Query parameters are not supported. |
businessReadyUpdatesOnly | windowsUpdateType | Determines which branch devices will receive their updates from. Possible values are: UserDefined, All, BusinessReadyOnly, WindowsInsiderBuildFast, WindowsInsiderBuildSlow, WindowsInsiderBuildRelease. Returned by default. Query parameters are not supported. Possible values are: userDefined , all , businessReadyOnly , windowsInsiderBuildFast , windowsInsiderBuildSlow , windowsInsiderBuildRelease . |
skipChecksBeforeRestart | Boolean | When TRUE, skips all checks before restart: Battery level = 40%, User presence, Display Needed, Presentation mode, Full screen mode, phone call state, game mode etc. When FALSE, does not skip all checks before restart. Returned by default. Query parameters are not supported. |
updateWeeks | windowsUpdateForBusinessUpdateWeeks | Schedule the update installation on the weeks of the month. Possible values are: UserDefined, FirstWeek, SecondWeek, ThirdWeek, FourthWeek, EveryWeek. Returned by default. Query parameters are not supported. Possible values are: userDefined , firstWeek , secondWeek , thirdWeek , fourthWeek , everyWeek , unknownFutureValue . |
qualityUpdatesPauseStartDate | Date | The Quality Updates Pause start date. This value is the time when the admin paused or extended the pause for the ring. Returned by default. Query parameters are not supported. This property is read-only. |
featureUpdatesPauseStartDate | Date | The Feature Updates Pause start date. This value is the time when the admin paused or extended the pause for the ring. Returned by default. Query parameters are not supported. This property is read-only. |
featureUpdatesRollbackWindowInDays | Int32 | The number of days after a Feature Update for which a rollback is valid with valid range from 2 to 60 days. Returned by default. Query parameters are not supported. |
qualityUpdatesWillBeRolledBack | Boolean | When TRUE, rollback Quality Updates on the next device check in. When FALSE, do not rollback Quality Updates on the next device check in. Returned by default. Query parameters are not supported. |
featureUpdatesWillBeRolledBack | Boolean | When TRUE, rollback Feature Updates on the next device check in. When FALSE, do not rollback Feature Updates on the next device check in. Returned by default.Query parameters are not supported. |
qualityUpdatesRollbackStartDateTime | DateTimeOffset | The Quality Updates Rollback Start datetime. This value is the time when the admin rolled back the Quality update for the ring. Returned by default. Query parameters are not supported. |
featureUpdatesRollbackStartDateTime | DateTimeOffset | The Feature Updates Rollback Start datetime.This value is the time when the admin rolled back the Feature update for the ring.Returned by default.Query parameters are not supported. |
engagedRestartDeadlineInDays | Int32 | Deadline in days before automatically scheduling and executing a pending restart outside of active hours, with valid range from 2 to 30 days. Returned by default. Query parameters are not supported. |
engagedRestartSnoozeScheduleInDays | Int32 | Number of days a user can snooze Engaged Restart reminder notifications with valid range from 1 to 3 days. Returned by default. Query parameters are not supported. |
engagedRestartTransitionScheduleInDays | Int32 | Number of days before transitioning from Auto Restarts scheduled outside of active hours to Engaged Restart, which requires the user to schedule, with valid range from 0 to 30 days. Returned by default. Query parameters are not supported. |
deadlineForFeatureUpdatesInDays | Int32 | Number of days before feature updates are installed automatically with valid range from 0 to 30 days. Returned by default. Query parameters are not supported. |
deadlineForQualityUpdatesInDays | Int32 | Number of days before quality updates are installed automatically with valid range from 0 to 30 days. Returned by default. Query parameters are not supported. |
deadlineGracePeriodInDays | Int32 | Number of days after deadline until restarts occur automatically with valid range from 0 to 7 days. Returned by default. Query parameters are not supported. |
postponeRebootUntilAfterDeadline | Boolean | When TRUE the device should wait until deadline for rebooting outside of active hours. When FALSE the device should not wait until deadline for rebooting outside of active hours. Returned by default. Query parameters are not supported. |
autoRestartNotificationDismissal | autoRestartNotificationDismissalMethod | Specify the method by which the auto-restart required notification is dismissed. Possible values are: NotConfigured, Automatic, User. Returned by default. Query parameters are not supported. Possible values are: notConfigured , automatic , user , unknownFutureValue . |
scheduleRestartWarningInHours | Int32 | Specify the period for auto-restart warning reminder notifications. Supported values: 2, 4, 8, 12 or 24 (hours). Returned by default. Query parameters are not supported. |
scheduleImminentRestartWarningInMinutes | Int32 | Specify the period for auto-restart imminent warning notifications. Supported values: 15, 30 or 60 (minutes). Returned by default. Query parameters are not supported. |
userPauseAccess | enablement | Specifies whether to enable end user’s access to pause software updates. Possible values are: NotConfigured, Enabled, Disabled. Returned by default. Query parameters are not supported. Possible values are: notConfigured , enabled , disabled . |
userWindowsUpdateScanAccess | enablement | Specifies whether to disable user’s access to scan Windows Update. Possible values are: NotConfigured, Enabled, Disabled. Returned by default. Query parameters are not supported. Possible values are: notConfigured , enabled , disabled . |
updateNotificationLevel | windowsUpdateNotificationDisplayOption | Specifies what Windows Update notifications users see. Possible values are: NotConfigured, DefaultNotifications, RestartWarningsOnly, DisableAllNotifications. Returned by default. Query parameters are not supported. Possible values are: notConfigured , defaultNotifications , restartWarningsOnly , disableAllNotifications , unknownFutureValue . |
allowWindows11Upgrade | Boolean | When TRUE, allows eligible Windows 10 devices to upgrade to Windows 11. When FALSE, implies the device stays on the existing operating system. Returned by default. Query parameters are not supported. |
windowsVpnConfiguration
Property | Type | Description |
---|---|---|
id | String | Key of the entity. Inherited from deviceConfiguration |
lastModifiedDateTime | DateTimeOffset | DateTime the object was last modified. Inherited from deviceConfiguration |
roleScopeTagIds | String collection | List of Scope Tags for this Entity instance. Inherited from deviceConfiguration |
supportsScopeTags | Boolean | Indicates whether or not the underlying Device Configuration supports the assignment of scope tags. Assigning to the ScopeTags property is not allowed when this value is false and entities will not be visible to scoped users. This occurs for Legacy policies created in Silverlight and can be resolved by deleting and recreating the policy in the Azure Portal. This property is read-only. Inherited from deviceConfiguration |
deviceManagementApplicabilityRuleOsEdition | deviceManagementApplicabilityRuleOsEdition | The OS edition applicability for this Policy. Inherited from deviceConfiguration |
deviceManagementApplicabilityRuleOsVersion | deviceManagementApplicabilityRuleOsVersion | The OS version applicability rule for this Policy. Inherited from deviceConfiguration |
deviceManagementApplicabilityRuleDeviceMode | deviceManagementApplicabilityRuleDeviceMode | The device mode applicability rule for this Policy. Inherited from deviceConfiguration |
createdDateTime | DateTimeOffset | DateTime the object was created. Inherited from deviceConfiguration |
description | String | Admin provided description of the Device Configuration. Inherited from deviceConfiguration |
displayName | String | Admin provided name of the device configuration. Inherited from deviceConfiguration |
version | Int32 | Version of the device configuration. Inherited from deviceConfiguration |
connectionName | String | Connection name displayed to the user. |
servers | vpnServer collection | List of VPN Servers on the network. Make sure end users can access these network locations. This collection can contain a maximum of 500 elements. |
customXml | Binary | Custom XML commands that configures the VPN connection. (UTF8 encoded byte array) |
windowsWifiConfiguration
Property | Type | Description |
---|---|---|
id | String | Key of the entity. Inherited from deviceConfiguration |
lastModifiedDateTime | DateTimeOffset | DateTime the object was last modified. Inherited from deviceConfiguration |
roleScopeTagIds | String collection | List of Scope Tags for this Entity instance. Inherited from deviceConfiguration |
supportsScopeTags | Boolean | Indicates whether or not the underlying Device Configuration supports the assignment of scope tags. Assigning to the ScopeTags property is not allowed when this value is false and entities will not be visible to scoped users. This occurs for Legacy policies created in Silverlight and can be resolved by deleting and recreating the policy in the Azure Portal. This property is read-only. Inherited from deviceConfiguration |
deviceManagementApplicabilityRuleOsEdition | deviceManagementApplicabilityRuleOsEdition | The OS edition applicability for this Policy. Inherited from deviceConfiguration |
deviceManagementApplicabilityRuleOsVersion | deviceManagementApplicabilityRuleOsVersion | The OS version applicability rule for this Policy. Inherited from deviceConfiguration |
deviceManagementApplicabilityRuleDeviceMode | deviceManagementApplicabilityRuleDeviceMode | The device mode applicability rule for this Policy. Inherited from deviceConfiguration |
createdDateTime | DateTimeOffset | DateTime the object was created. Inherited from deviceConfiguration |
description | String | Admin provided description of the Device Configuration. Inherited from deviceConfiguration |
displayName | String | Admin provided name of the device configuration. Inherited from deviceConfiguration |
version | Int32 | Version of the device configuration. Inherited from deviceConfiguration |
preSharedKey | String | This is the pre-shared key for WPA Personal Wi-Fi network. |
wifiSecurityType | wiFiSecurityType | Specify the Wifi Security Type. Possible values are: open , wpaPersonal , wpaEnterprise , wep , wpa2Personal , wpa2Enterprise . |
meteredConnectionLimit | meteredConnectionLimitType | Specify the metered connection limit type for the wifi connection. Possible values are: unrestricted , fixed , variable . |
ssid | String | Specify the SSID of the wifi connection. |
networkName | String | Specify the network configuration name. |
connectAutomatically | Boolean | Specify whether the wifi connection should connect automatically when in range. |
connectToPreferredNetwork | Boolean | Specify whether the wifi connection should connect to more preferred networks when already connected to this one. Requires ConnectAutomatically to be true. |
connectWhenNetworkNameIsHidden | Boolean | Specify whether the wifi connection should connect automatically even when the SSID is not broadcasting. |
proxySetting | wiFiProxySetting | Specify the proxy setting for Wi-Fi configuration. Possible values are: none , manual , automatic . |
proxyManualAddress | String | Specify the IP address for the proxy server. |
proxyManualPort | Int32 | Specify the port for the proxy server. |
proxyAutomaticConfigurationUrl | String | Specify the URL for the proxy server configuration script. |
forceFIPSCompliance | Boolean | Specify whether to force FIPS compliance. |
windowsWifiEnterpriseEAPConfiguration
Property | Type | Description |
---|---|---|
id | String | Key of the entity. Inherited from deviceConfiguration |
lastModifiedDateTime | DateTimeOffset | DateTime the object was last modified. Inherited from deviceConfiguration |
roleScopeTagIds | String collection | List of Scope Tags for this Entity instance. Inherited from deviceConfiguration |
supportsScopeTags | Boolean | Indicates whether or not the underlying Device Configuration supports the assignment of scope tags. Assigning to the ScopeTags property is not allowed when this value is false and entities will not be visible to scoped users. This occurs for Legacy policies created in Silverlight and can be resolved by deleting and recreating the policy in the Azure Portal. This property is read-only. Inherited from deviceConfiguration |
deviceManagementApplicabilityRuleOsEdition | deviceManagementApplicabilityRuleOsEdition | The OS edition applicability for this Policy. Inherited from deviceConfiguration |
deviceManagementApplicabilityRuleOsVersion | deviceManagementApplicabilityRuleOsVersion | The OS version applicability rule for this Policy. Inherited from deviceConfiguration |
deviceManagementApplicabilityRuleDeviceMode | deviceManagementApplicabilityRuleDeviceMode | The device mode applicability rule for this Policy. Inherited from deviceConfiguration |
createdDateTime | DateTimeOffset | DateTime the object was created. Inherited from deviceConfiguration |
description | String | Admin provided description of the Device Configuration. Inherited from deviceConfiguration |
displayName | String | Admin provided name of the device configuration. Inherited from deviceConfiguration |
version | Int32 | Version of the device configuration. Inherited from deviceConfiguration |
preSharedKey | String | This is the pre-shared key for WPA Personal Wi-Fi network. Inherited from windowsWifiConfiguration |
wifiSecurityType | wiFiSecurityType | Specify the Wifi Security Type. Inherited from windowsWifiConfiguration. Possible values are: open , wpaPersonal , wpaEnterprise , wep , wpa2Personal , wpa2Enterprise . |
meteredConnectionLimit | meteredConnectionLimitType | Specify the metered connection limit type for the wifi connection. Inherited from windowsWifiConfiguration. Possible values are: unrestricted , fixed , variable . |
ssid | String | Specify the SSID of the wifi connection. Inherited from windowsWifiConfiguration |
networkName | String | Specify the network configuration name. Inherited from windowsWifiConfiguration |
connectAutomatically | Boolean | Specify whether the wifi connection should connect automatically when in range. Inherited from windowsWifiConfiguration |
connectToPreferredNetwork | Boolean | Specify whether the wifi connection should connect to more preferred networks when already connected to this one. Requires ConnectAutomatically to be true. Inherited from windowsWifiConfiguration |
connectWhenNetworkNameIsHidden | Boolean | Specify whether the wifi connection should connect automatically even when the SSID is not broadcasting. Inherited from windowsWifiConfiguration |
proxySetting | wiFiProxySetting | Specify the proxy setting for Wi-Fi configuration Inherited from windowsWifiConfiguration. Possible values are: none , manual , automatic . |
proxyManualAddress | String | Specify the IP address for the proxy server. Inherited from windowsWifiConfiguration |
proxyManualPort | Int32 | Specify the port for the proxy server. Inherited from windowsWifiConfiguration |
proxyAutomaticConfigurationUrl | String | Specify the URL for the proxy server configuration script. Inherited from windowsWifiConfiguration |
forceFIPSCompliance | Boolean | Specify whether to force FIPS compliance. Inherited from windowsWifiConfiguration |
networkSingleSignOn | networkSingleSignOnType | Specify the network single sign on type. Possible values are: disabled , prelogon , postlogon . |
maximumAuthenticationTimeoutInSeconds | Int32 | Specify maximum authentication timeout (in seconds). Valid range: 1-120 |
userBasedVirtualLan | Boolean | Specifiy whether to change the virtual LAN used by the device based on the user’s credentials. Cannot be used when NetworkSingleSignOnType is set to Disabled. |
promptForAdditionalAuthenticationCredentials | Boolean | Specify whether the wifi connection should prompt for additional authentication credentials. |
enablePairwiseMasterKeyCaching | Boolean | Specify whether the wifi connection should enable pairwise master key caching. |
maximumPairwiseMasterKeyCacheTimeInMinutes | Int32 | Specify maximum pairwise master key cache time (in minutes). Valid range: 5-1440 |
maximumNumberOfPairwiseMasterKeysInCache | Int32 | Specify maximum number of pairwise master keys in cache. Valid range: 1-255 |
enablePreAuthentication | Boolean | Specify whether pre-authentication should be enabled. |
maximumPreAuthenticationAttempts | Int32 | Specify maximum pre-authentication attempts. Valid range: 1-16 |
eapType | eapType | Extensible Authentication Protocol (EAP). Indicates the type of EAP protocol set on the Wi-Fi endpoint (router). Possible values are: eapTls , leap , eapSim , eapTtls , peap , eapFast , teap . |
trustedServerCertificateNames | String collection | Specify trusted server certificate names. |
authenticationMethod | wiFiAuthenticationMethod | Specify the authentication method. Possible values are: certificate , usernameAndPassword , derivedCredential . |
innerAuthenticationProtocolForEAPTTLS | nonEapAuthenticationMethodForEapTtlsType | Specify inner authentication protocol for EAP TTLS. Possible values are: unencryptedPassword , challengeHandshakeAuthenticationProtocol , microsoftChap , microsoftChapVersionTwo . |
outerIdentityPrivacyTemporaryValue | String | Specify the string to replace usernames for privacy when using EAP TTLS or PEAP. |
requireCryptographicBinding | Boolean | Specify whether to enable cryptographic binding when EAP type is selected as PEAP. |
performServerValidation | Boolean | Specify whether to enable verification of server's identity by validating the certificate when EAP type is selected as PEAP. |
disableUserPromptForServerValidation | Boolean | Specify whether to prevent the user from being prompted to authorize new servers for trusted certification authorities when EAP type is selected as PEAP. |
authenticationPeriodInSeconds | Int32 | Specify the number of seconds for the client to wait after an authentication attempt before failing. Valid range 1-3600. |
authenticationRetryDelayPeriodInSeconds | Int32 | Specify the number of seconds between a failed authentication and the next authentication attempt. Valid range 1-3600. |
eapolStartPeriodInSeconds | Int32 | Specify the number of seconds to wait before sending an EAPOL (Extensible Authentication Protocol over LAN) Start message. Valid range 1-3600. |
maximumEAPOLStartMessages | Int32 | Specifiy the maximum number of EAPOL (Extensible Authentication Protocol over LAN) Start messages to be sent before returning failure. Valid range 1-100. |
maximumAuthenticationFailures | Int32 | Specify the maximum authentication failures allowed for a set of credentials. Valid range 1-100. |
cacheCredentials | Boolean | Specify whether to cache user credentials on the device so that users don’t need to keep entering them each time they connect. |
authenticationType | wifiAuthenticationType | Specify whether to authenticate the user, the device, either, or to use guest authentication (none). If you’re using certificate authentication, make sure the certificate type matches the authentication type. Possible values are: none , user , machine , machineOrUser , guest . |
windowsWiredNetworkConfiguration
Property | Type | Description |
---|---|---|
id | String | Key of the entity. Inherited from deviceConfiguration |
lastModifiedDateTime | DateTimeOffset | DateTime the object was last modified. Inherited from deviceConfiguration |
roleScopeTagIds | String collection | List of Scope Tags for this Entity instance. Inherited from deviceConfiguration |
supportsScopeTags | Boolean | Indicates whether or not the underlying Device Configuration supports the assignment of scope tags. Assigning to the ScopeTags property is not allowed when this value is false and entities will not be visible to scoped users. This occurs for Legacy policies created in Silverlight and can be resolved by deleting and recreating the policy in the Azure Portal. This property is read-only. Inherited from deviceConfiguration |
deviceManagementApplicabilityRuleOsEdition | deviceManagementApplicabilityRuleOsEdition | The OS edition applicability for this Policy. Inherited from deviceConfiguration |
deviceManagementApplicabilityRuleOsVersion | deviceManagementApplicabilityRuleOsVersion | The OS version applicability rule for this Policy. Inherited from deviceConfiguration |
deviceManagementApplicabilityRuleDeviceMode | deviceManagementApplicabilityRuleDeviceMode | The device mode applicability rule for this Policy. Inherited from deviceConfiguration |
createdDateTime | DateTimeOffset | DateTime the object was created. Inherited from deviceConfiguration |
description | String | Admin provided description of the Device Configuration. Inherited from deviceConfiguration |
displayName | String | Admin provided name of the device configuration. Inherited from deviceConfiguration |
version | Int32 | Version of the device configuration. Inherited from deviceConfiguration |
authenticationType | wiredNetworkAuthenticationType | Specify whether to authenticate the user, the device, either, or to use guest authentication (none). If you're using certificate authentication, make sure the certificate type matches the authentication type. Possible values are: none , user , machine , machineOrUser , guest . Possible values are: none , user , machine , machineOrUser , guest , unknownFutureValue . |
cacheCredentials | Boolean | When TRUE, caches user credentials on the device so that users don't need to keep entering them each time they connect. When FALSE, do not cache credentials. Default value is FALSE. |
authenticationPeriodInSeconds | Int32 | Specify the number of seconds for the client to wait after an authentication attempt before failing. Valid range 1-3600. |
authenticationRetryDelayPeriodInSeconds | Int32 | Specify the number of seconds between a failed authentication and the next authentication attempt. Valid range 1-3600. |
eapolStartPeriodInSeconds | Int32 | Specify the number of seconds to wait before sending an EAPOL (Extensible Authentication Protocol over LAN) Start message. Valid range 1-3600. |
maximumEAPOLStartMessages | Int32 | Specify the maximum number of EAPOL (Extensible Authentication Protocol over LAN) Start messages to be sent before returning failure. Valid range 1-100. |
maximumAuthenticationFailures | Int32 | Specify the maximum authentication failures allowed for a set of credentials. Valid range 1-100. |
enforce8021X | Boolean | When TRUE, the automatic configuration service for wired networks requires the use of 802.1X for port authentication. When FALSE, 802.1X is not required. Default value is FALSE. |
authenticationBlockPeriodInMinutes | Int32 | Specify the duration for which automatic authentication attempts will be blocked from occuring after a failed authentication attempt. |
eapType | eapType | Extensible Authentication Protocol (EAP). Indicates the type of EAP protocol set on the Wi-Fi endpoint (router). Possible values are: eapTls , leap , eapSim , eapTtls , peap , eapFast , teap . Possible values are: eapTls , leap , eapSim , eapTtls , peap , eapFast , teap . |
trustedServerCertificateNames | String collection | Specify trusted server certificate names. |
authenticationMethod | wiredNetworkAuthenticationMethod | Specify the authentication method. Possible values are: certificate , usernameAndPassword , derivedCredential . Possible values are: certificate , usernameAndPassword , derivedCredential , unknownFutureValue . |
secondaryAuthenticationMethod | wiredNetworkAuthenticationMethod | Specify the secondary authentication method. Possible values are: certificate , usernameAndPassword , derivedCredential . Possible values are: certificate , usernameAndPassword , derivedCredential , unknownFutureValue . |
innerAuthenticationProtocolForEAPTTLS | nonEapAuthenticationMethodForEapTtlsType | Specify inner authentication protocol for EAP TTLS. Possible values are: unencryptedPassword , challengeHandshakeAuthenticationProtocol , microsoftChap , microsoftChapVersionTwo . Possible values are: unencryptedPassword , challengeHandshakeAuthenticationProtocol , microsoftChap , microsoftChapVersionTwo . |
outerIdentityPrivacyTemporaryValue | String | Specify the string to replace usernames for privacy when using EAP TTLS or PEAP. |
performServerValidation | Boolean | When TRUE, enables verification of server's identity by validating the certificate when EAP type is selected as PEAP. When FALSE, the certificate is not validated. Default value is TRUE. |
disableUserPromptForServerValidation | Boolean | When TRUE, prevents the user from being prompted to authorize new servers for trusted certification authorities when EAP type is selected as PEAP. When FALSE, does not prevent the user from being prompted. Default value is FALSE. |
requireCryptographicBinding | Boolean | When TRUE, enables cryptographic binding when EAP type is selected as PEAP. When FALSE, does not enable cryptogrpahic binding. Default value is TRUE. |
forceFIPSCompliance | Boolean | When TRUE, forces FIPS compliance. When FALSE, does not enable FIPS compliance. Default value is FALSE. |
deviceManagementComplianceActionItem
Property | Type | Description |
---|---|---|
id | String | Key of this setting within the policy which contains it. Automatically generated. |
gracePeriodHours | Int32 | Number of hours to wait till the action will be enforced. Valid values 0 to 8760 |
actionType | deviceManagementComplianceActionType | What action to take. Possible values are: noAction , notification , block , retire , wipe , removeResourceAccessProfiles , pushNotification , remoteLock . |
notificationTemplateId | String | What notification Message template to use |
notificationMessageCCList | String collection | A list of group IDs to speicify who to CC this notification message to. This collection can contain a maximum of 100 elements. |
deviceManagementCompliancePolicy
Property | Type | Description |
---|---|---|
id | String | Key of the policy document. Automatically generated. |
name | String | Policy name |
description | String | Policy description |
platforms | deviceManagementConfigurationPlatforms | Platforms for this policy. Possible values are: none , android , iOS , macOS , windows10X , windows10 , linux , unknownFutureValue . |
technologies | deviceManagementConfigurationTechnologies | Technologies for this policy. Possible values are: none , mdm , windows10XManagement , configManager , appleRemoteManagement , microsoftSense , exchangeOnline , mobileApplicationManagement , linuxMdm , enrollment , endpointPrivilegeManagement , unknownFutureValue . |
createdDateTime | DateTimeOffset | Policy creation date and time. This property is read-only. |
lastModifiedDateTime | DateTimeOffset | Policy last modification date and time. This property is read-only. |
settingCount | Int32 | Number of settings. This property is read-only. |
creationSource | String | Policy creation source |
roleScopeTagIds | String collection | List of Scope Tags for this Entity instance. |
isAssigned | Boolean | Policy assignment status. This property is read-only. |
deviceManagementComplianceScheduledActionForRule
Property | Type | Description |
---|---|---|
id | String | Key of this setting within the policy which contains it. Automatically generated. |
ruleName | String | Name of the rule which this scheduled action applies to. |
deviceManagementConfigurationCategory
Property | Type | Description |
---|---|---|
id | String | The unique identifier for the category. |
description | String | Description of the category. For example: Display |
categoryDescription | String | Description of the category header in policy summary. |
helpText | String | Help text of the category. Give more details of the category. |
name | String | Name of the item |
displayName | String | Name of the category. For example: Device Lock |
platforms | deviceManagementConfigurationPlatforms | Platforms types, which settings in the category have. Possible values are: none. android, androidEnterprise, iOs, macOs, windows10X, windows10, aosp, and linux. If this property is not set, or set to none, returns categories in all platforms. Supports: $filters, $select. Read-only. Possible values are: none , android , iOS , macOS , windows10X , windows10 , linux , unknownFutureValue . |
technologies | deviceManagementConfigurationTechnologies | Technologies types, which settings in the category have. Possible values are: none, mdm, configManager, intuneManagementExtension, thirdParty, documentGateway, appleRemoteManagement, microsoftSense, exchangeOnline, edgeMam, linuxMdm, extensibility, enrollment, endpointPrivilegeManagement. If this property is not set, or set to none, returns categories in all platforms. Supports: $filters, $select. Read-only. Possible values are: none , mdm , windows10XManagement , configManager , appleRemoteManagement , microsoftSense , exchangeOnline , mobileApplicationManagement , linuxMdm , enrollment , endpointPrivilegeManagement , unknownFutureValue . |
settingUsage | deviceManagementConfigurationSettingUsage | Indicates that the category contains settings that are used for compliance, configuration, or reusable settings. Possible values are: configuration, compliance, reusableSetting. Each setting usage has separate API end-point to call. Read-only. Possible values are: none , configuration , compliance , unknownFutureValue . |
parentCategoryId | String | Direct parent id of the category. If the category is the root, the parent id is same as its id. |
rootCategoryId | String | Root id of the category. |
childCategoryIds | String collection | List of child ids of the category. |
deviceManagementConfigurationChoiceSettingCollectionDefinition
Property | Type | Description |
---|---|---|
applicability | deviceManagementConfigurationSettingApplicability | Details which device setting is applicable on. Supports: $filters. Inherited from deviceManagementConfigurationSettingDefinition |
accessTypes | deviceManagementConfigurationSettingAccessTypes | Read/write access mode of the setting Inherited from deviceManagementConfigurationSettingDefinition. Possible values are: none , add , copy , delete , get , replace , execute . |
keywords | String collection | Tokens which to search settings on Inherited from deviceManagementConfigurationSettingDefinition |
infoUrls | String collection | List of links more info for the setting can be found at. Inherited from deviceManagementConfigurationSettingDefinition |
occurrence | deviceManagementConfigurationSettingOccurrence | Indicates whether the setting is required or not Inherited from deviceManagementConfigurationSettingDefinition |
baseUri | String | Base CSP Path Inherited from deviceManagementConfigurationSettingDefinition |
offsetUri | String | Offset CSP Path from Base Inherited from deviceManagementConfigurationSettingDefinition |
rootDefinitionId | String | Root setting definition id if the setting is a child setting. Inherited from deviceManagementConfigurationSettingDefinition |
categoryId | String | Specify category in which the setting is under. Support $filters. Inherited from deviceManagementConfigurationSettingDefinition |
settingUsage | deviceManagementConfigurationSettingUsage | Indicate setting type for the setting. Possible values are: configuration, compliance, reusableSetting. Each setting usage has separate API end-point to call. Inherited from deviceManagementConfigurationSettingDefinition. Possible values are: none , configuration , compliance , unknownFutureValue . |
uxBehavior | deviceManagementConfigurationControlType | Setting control type representation in the UX. Possible values are: default, dropdown, smallTextBox, largeTextBox, toggle, multiheaderGrid, contextPane. Inherited from deviceManagementConfigurationSettingDefinition. Possible values are: default , dropdown , smallTextBox , largeTextBox , toggle , multiheaderGrid , contextPane , unknownFutureValue . |
visibility | deviceManagementConfigurationSettingVisibility | Setting visibility scope to UX. Possible values are: none, settingsCatalog, template. Inherited from deviceManagementConfigurationSettingDefinition. Possible values are: none , settingsCatalog , template , unknownFutureValue . |
referredSettingInformationList | deviceManagementConfigurationReferredSettingInformation collection | List of referred setting information. Inherited from deviceManagementConfigurationSettingDefinition |
id | String | Identifier for item Inherited from deviceManagementConfigurationSettingDefinition |
description | String | Description of the setting. Inherited from deviceManagementConfigurationSettingDefinition |
helpText | String | Help text of the setting. Give more details of the setting. Inherited from deviceManagementConfigurationSettingDefinition |
name | String | Name of the item Inherited from deviceManagementConfigurationSettingDefinition |
displayName | String | Name of the setting. For example: Allow Toast. Inherited from deviceManagementConfigurationSettingDefinition |
version | String | Item Version Inherited from deviceManagementConfigurationSettingDefinition |
options | deviceManagementConfigurationOptionDefinition collection | Options for the setting that can be selected. Inherited from deviceManagementConfigurationChoiceSettingDefinition |
defaultOptionId | String | Default option for the choice setting. Inherited from deviceManagementConfigurationChoiceSettingDefinition |
maximumCount | Int32 | Maximum number of choices in the collection. Valid values 1 to 100 |
minimumCount | Int32 | Minimum number of choices in the collection. Valid values 1 to 100 |
deviceManagementConfigurationChoiceSettingDefinition
Property | Type | Description |
---|---|---|
applicability | deviceManagementConfigurationSettingApplicability | Details which device setting is applicable on. Supports: $filters. Inherited from deviceManagementConfigurationSettingDefinition |
accessTypes | deviceManagementConfigurationSettingAccessTypes | Read/write access mode of the setting Inherited from deviceManagementConfigurationSettingDefinition. Possible values are: none , add , copy , delete , get , replace , execute . |
keywords | String collection | Tokens which to search settings on Inherited from deviceManagementConfigurationSettingDefinition |
infoUrls | String collection | List of links more info for the setting can be found at. Inherited from deviceManagementConfigurationSettingDefinition |
occurrence | deviceManagementConfigurationSettingOccurrence | Indicates whether the setting is required or not Inherited from deviceManagementConfigurationSettingDefinition |
baseUri | String | Base CSP Path Inherited from deviceManagementConfigurationSettingDefinition |
offsetUri | String | Offset CSP Path from Base Inherited from deviceManagementConfigurationSettingDefinition |
rootDefinitionId | String | Root setting definition id if the setting is a child setting. Inherited from deviceManagementConfigurationSettingDefinition |
categoryId | String | Specify category in which the setting is under. Support $filters. Inherited from deviceManagementConfigurationSettingDefinition |
settingUsage | deviceManagementConfigurationSettingUsage | Indicate setting type for the setting. Possible values are: configuration, compliance, reusableSetting. Each setting usage has separate API end-point to call. Inherited from deviceManagementConfigurationSettingDefinition. Possible values are: none , configuration , compliance , unknownFutureValue . |
uxBehavior | deviceManagementConfigurationControlType | Setting control type representation in the UX. Possible values are: default, dropdown, smallTextBox, largeTextBox, toggle, multiheaderGrid, contextPane. Inherited from deviceManagementConfigurationSettingDefinition. Possible values are: default , dropdown , smallTextBox , largeTextBox , toggle , multiheaderGrid , contextPane , unknownFutureValue . |
visibility | deviceManagementConfigurationSettingVisibility | Setting visibility scope to UX. Possible values are: none, settingsCatalog, template. Inherited from deviceManagementConfigurationSettingDefinition. Possible values are: none , settingsCatalog , template , unknownFutureValue . |
referredSettingInformationList | deviceManagementConfigurationReferredSettingInformation collection | List of referred setting information. Inherited from deviceManagementConfigurationSettingDefinition |
id | String | Identifier for item Inherited from deviceManagementConfigurationSettingDefinition |
description | String | Description of the setting. Inherited from deviceManagementConfigurationSettingDefinition |
helpText | String | Help text of the setting. Give more details of the setting. Inherited from deviceManagementConfigurationSettingDefinition |
name | String | Name of the item Inherited from deviceManagementConfigurationSettingDefinition |
displayName | String | Name of the setting. For example: Allow Toast. Inherited from deviceManagementConfigurationSettingDefinition |
version | String | Item Version Inherited from deviceManagementConfigurationSettingDefinition |
options | deviceManagementConfigurationOptionDefinition collection | Options for the setting that can be selected. |
defaultOptionId | String | Default option for the choice setting. |
deviceManagementConfigurationPolicy
Property | Type | Description |
---|---|---|
id | String | Key of the policy document. Automatically generated. |
name | String | Policy name |
description | String | Policy description |
platforms | deviceManagementConfigurationPlatforms | Platforms for this policy. Possible values are: none , android , iOS , macOS , windows10X , windows10 , linux , unknownFutureValue . |
technologies | deviceManagementConfigurationTechnologies | Technologies for this policy. Possible values are: none , mdm , windows10XManagement , configManager , appleRemoteManagement , microsoftSense , exchangeOnline , mobileApplicationManagement , linuxMdm , enrollment , endpointPrivilegeManagement , unknownFutureValue . |
createdDateTime | DateTimeOffset | Policy creation date and time |
lastModifiedDateTime | DateTimeOffset | Policy last modification date and time |
settingCount | Int32 | Number of settings |
creationSource | String | Policy creation source |
roleScopeTagIds | String collection | List of Scope Tags for this Entity instance. |
isAssigned | Boolean | Policy assignment status. This property is read-only. |
templateReference | deviceManagementConfigurationPolicyTemplateReference | Template reference information |
priorityMetaData | deviceManagementPriorityMetaData | Indicates the priority of each policies that are selected by the admin during enrollment process |
deviceManagementConfigurationPolicyAssignment
Property | Type | Description |
---|---|---|
id | String | The key of the assignment. |
target | deviceAndAppManagementAssignmentTarget | The assignment target for the DeviceManagementConfigurationPolicy. |
source | deviceAndAppManagementAssignmentSource | The assignment source for the device compliance policy, direct or parcel/policySet. Possible values are: direct , policySets . |
sourceId | String | The identifier of the source of the assignment. |
deviceManagementConfigurationPolicyTemplate
Property | Type | Description |
---|---|---|
id | String | Key of the template document, composed of BaseId and Version. Automatically generated. |
baseId | String | Template base identifier |
version | Int32 | Template version. Valid values 1 to 2147483647. This property is read-only. |
displayName | String | Template display name |
description | String | Template description |
displayVersion | String | Description of template version |
lifecycleState | deviceManagementTemplateLifecycleState | Indicate current lifecycle state of template. Possible values are: invalid , draft , active , superseded , deprecated , retired . |
platforms | deviceManagementConfigurationPlatforms | Platforms for this template. Possible values are: none , android , iOS , macOS , windows10X , windows10 , linux , unknownFutureValue . |
technologies | deviceManagementConfigurationTechnologies | Technologies for this template. Possible values are: none , mdm , windows10XManagement , configManager , appleRemoteManagement , microsoftSense , exchangeOnline , mobileApplicationManagement , linuxMdm , enrollment , endpointPrivilegeManagement , unknownFutureValue . |
templateFamily | deviceManagementConfigurationTemplateFamily | TemplateFamily for this template. Possible values are: none , endpointSecurityAntivirus , endpointSecurityDiskEncryption , endpointSecurityFirewall , endpointSecurityEndpointDetectionAndResponse , endpointSecurityAttackSurfaceReduction , endpointSecurityAccountProtection , endpointSecurityApplicationControl , endpointSecurityEndpointPrivilegeManagement , enrollmentConfiguration , appQuietTime , baseline , unknownFutureValue , deviceConfigurationScripts , deviceConfigurationPolicies . |
allowUnmanagedSettings | Boolean | Allow unmanaged setting templates |
settingTemplateCount | Int32 | Number of setting templates. Valid values 0 to 2147483647. This property is read-only. |
deviceManagementConfigurationRedirectSettingDefinition
Property | Type | Description |
---|---|---|
applicability | deviceManagementConfigurationSettingApplicability | Details which device setting is applicable on. Supports: $filters. Inherited from deviceManagementConfigurationSettingDefinition |
accessTypes | deviceManagementConfigurationSettingAccessTypes | Read/write access mode of the setting Inherited from deviceManagementConfigurationSettingDefinition. Possible values are: none , add , copy , delete , get , replace , execute . |
keywords | String collection | Tokens which to search settings on Inherited from deviceManagementConfigurationSettingDefinition |
infoUrls | String collection | List of links more info for the setting can be found at. Inherited from deviceManagementConfigurationSettingDefinition |
occurrence | deviceManagementConfigurationSettingOccurrence | Indicates whether the setting is required or not Inherited from deviceManagementConfigurationSettingDefinition |
baseUri | String | Base CSP Path Inherited from deviceManagementConfigurationSettingDefinition |
offsetUri | String | Offset CSP Path from Base Inherited from deviceManagementConfigurationSettingDefinition |
rootDefinitionId | String | Root setting definition id if the setting is a child setting. Inherited from deviceManagementConfigurationSettingDefinition |
categoryId | String | Specify category in which the setting is under. Support $filters. Inherited from deviceManagementConfigurationSettingDefinition |
settingUsage | deviceManagementConfigurationSettingUsage | Indicate setting type for the setting. Possible values are: configuration, compliance, reusableSetting. Each setting usage has separate API end-point to call. Inherited from deviceManagementConfigurationSettingDefinition. Possible values are: none , configuration , compliance , unknownFutureValue . |
uxBehavior | deviceManagementConfigurationControlType | Setting control type representation in the UX. Possible values are: default, dropdown, smallTextBox, largeTextBox, toggle, multiheaderGrid, contextPane. Inherited from deviceManagementConfigurationSettingDefinition. Possible values are: default , dropdown , smallTextBox , largeTextBox , toggle , multiheaderGrid , contextPane , unknownFutureValue . |
visibility | deviceManagementConfigurationSettingVisibility | Setting visibility scope to UX. Possible values are: none, settingsCatalog, template. Inherited from deviceManagementConfigurationSettingDefinition. Possible values are: none , settingsCatalog , template , unknownFutureValue . |
referredSettingInformationList | deviceManagementConfigurationReferredSettingInformation collection | List of referred setting information. Inherited from deviceManagementConfigurationSettingDefinition |
id | String | Identifier for item Inherited from deviceManagementConfigurationSettingDefinition |
description | String | Description of the setting. Inherited from deviceManagementConfigurationSettingDefinition |
helpText | String | Help text of the setting. Give more details of the setting. Inherited from deviceManagementConfigurationSettingDefinition |
name | String | Name of the item Inherited from deviceManagementConfigurationSettingDefinition |
displayName | String | Name of the setting. For example: Allow Toast. Inherited from deviceManagementConfigurationSettingDefinition |
version | String | Item Version Inherited from deviceManagementConfigurationSettingDefinition |
deepLink | String | A deep link that points to the specific location in the Intune console where feature support must be managed from. |
redirectMessage | String | A message that explains that clicking the link will redirect the user to a supported page to manage the settings. |
redirectReason | String | Indicates the reason for redirecting the user to an alternative location in the console. For example: WiFi profiles are not supported in the settings catalog and must be created with a template policy. |
deviceManagementConfigurationSetting
Property | Type | Description |
---|---|---|
id | String | Key of this setting within the policy which contains it. Automatically generated. |
settingInstance | deviceManagementConfigurationSettingInstance | Setting Instance |
deviceManagementConfigurationSettingDefinition
Property | Type | Description |
---|---|---|
applicability | deviceManagementConfigurationSettingApplicability | Details which device setting is applicable on. Supports: $filters. |
accessTypes | deviceManagementConfigurationSettingAccessTypes | Read/write access mode of the setting. Possible values are: none , add , copy , delete , get , replace , execute . |
keywords | String collection | Tokens which to search settings on |
infoUrls | String collection | List of links more info for the setting can be found at. |
occurrence | deviceManagementConfigurationSettingOccurrence | Indicates whether the setting is required or not |
baseUri | String | Base CSP Path |
offsetUri | String | Offset CSP Path from Base |
rootDefinitionId | String | Root setting definition id if the setting is a child setting. |
categoryId | String | Specify category in which the setting is under. Support $filters. |
settingUsage | deviceManagementConfigurationSettingUsage | Indicate setting type for the setting. Possible values are: configuration, compliance, reusableSetting. Each setting usage has separate API end-point to call. Possible values are: none , configuration , compliance , unknownFutureValue . |
uxBehavior | deviceManagementConfigurationControlType | Setting control type representation in the UX. Possible values are: default, dropdown, smallTextBox, largeTextBox, toggle, multiheaderGrid, contextPane. Possible values are: default , dropdown , smallTextBox , largeTextBox , toggle , multiheaderGrid , contextPane , unknownFutureValue . |
visibility | deviceManagementConfigurationSettingVisibility | Setting visibility scope to UX. Possible values are: none, settingsCatalog, template. Possible values are: none , settingsCatalog , template , unknownFutureValue . |
referredSettingInformationList | deviceManagementConfigurationReferredSettingInformation collection | List of referred setting information. |
id | String | Identifier for item |
description | String | Description of the setting. |
helpText | String | Help text of the setting. Give more details of the setting. |
name | String | Name of the item |
displayName | String | Name of the setting. For example: Allow Toast. |
version | String | Item Version |
deviceManagementConfigurationSettingGroupCollectionDefinition
Property | Type | Description |
---|---|---|
applicability | deviceManagementConfigurationSettingApplicability | Details which device setting is applicable on. Supports: $filters. Inherited from deviceManagementConfigurationSettingDefinition |
accessTypes | deviceManagementConfigurationSettingAccessTypes | Read/write access mode of the setting Inherited from deviceManagementConfigurationSettingDefinition. Possible values are: none , add , copy , delete , get , replace , execute . |
keywords | String collection | Tokens which to search settings on Inherited from deviceManagementConfigurationSettingDefinition |
infoUrls | String collection | List of links more info for the setting can be found at. Inherited from deviceManagementConfigurationSettingDefinition |
occurrence | deviceManagementConfigurationSettingOccurrence | Indicates whether the setting is required or not Inherited from deviceManagementConfigurationSettingDefinition |
baseUri | String | Base CSP Path Inherited from deviceManagementConfigurationSettingDefinition |
offsetUri | String | Offset CSP Path from Base Inherited from deviceManagementConfigurationSettingDefinition |
rootDefinitionId | String | Root setting definition id if the setting is a child setting. Inherited from deviceManagementConfigurationSettingDefinition |
categoryId | String | Specify category in which the setting is under. Support $filters. Inherited from deviceManagementConfigurationSettingDefinition |
settingUsage | deviceManagementConfigurationSettingUsage | Indicate setting type for the setting. Possible values are: configuration, compliance, reusableSetting. Each setting usage has separate API end-point to call. Inherited from deviceManagementConfigurationSettingDefinition. Possible values are: none , configuration , compliance , unknownFutureValue . |
uxBehavior | deviceManagementConfigurationControlType | Setting control type representation in the UX. Possible values are: default, dropdown, smallTextBox, largeTextBox, toggle, multiheaderGrid, contextPane. Inherited from deviceManagementConfigurationSettingDefinition. Possible values are: default , dropdown , smallTextBox , largeTextBox , toggle , multiheaderGrid , contextPane , unknownFutureValue . |
visibility | deviceManagementConfigurationSettingVisibility | Setting visibility scope to UX. Possible values are: none, settingsCatalog, template. Inherited from deviceManagementConfigurationSettingDefinition. Possible values are: none , settingsCatalog , template , unknownFutureValue . |
referredSettingInformationList | deviceManagementConfigurationReferredSettingInformation collection | List of referred setting information. Inherited from deviceManagementConfigurationSettingDefinition |
id | String | Identifier for item Inherited from deviceManagementConfigurationSettingDefinition |
description | String | Description of the setting. Inherited from deviceManagementConfigurationSettingDefinition |
helpText | String | Help text of the setting. Give more details of the setting. Inherited from deviceManagementConfigurationSettingDefinition |
name | String | Name of the item Inherited from deviceManagementConfigurationSettingDefinition |
displayName | String | Name of the setting. For example: Allow Toast. Inherited from deviceManagementConfigurationSettingDefinition |
version | String | Item Version Inherited from deviceManagementConfigurationSettingDefinition |
childIds | String collection | Dependent child settings to this group of settings. Inherited from deviceManagementConfigurationSettingGroupDefinition |
dependentOn | deviceManagementConfigurationDependentOn collection | List of Dependencies for the setting group Inherited from deviceManagementConfigurationSettingGroupDefinition |
dependedOnBy | deviceManagementConfigurationSettingDependedOnBy collection | List of child settings that depend on this setting Inherited from deviceManagementConfigurationSettingGroupDefinition |
maximumCount | Int32 | Maximum number of setting group count in the collection. Valid values 1 to 100 |
minimumCount | Int32 | Minimum number of setting group count in the collection. Valid values 1 to 100 |
deviceManagementConfigurationSettingGroupDefinition
Property | Type | Description |
---|---|---|
applicability | deviceManagementConfigurationSettingApplicability | Details which device setting is applicable on. Supports: $filters. Inherited from deviceManagementConfigurationSettingDefinition |
accessTypes | deviceManagementConfigurationSettingAccessTypes | Read/write access mode of the setting Inherited from deviceManagementConfigurationSettingDefinition. Possible values are: none , add , copy , delete , get , replace , execute . |
keywords | String collection | Tokens which to search settings on Inherited from deviceManagementConfigurationSettingDefinition |
infoUrls | String collection | List of links more info for the setting can be found at. Inherited from deviceManagementConfigurationSettingDefinition |
occurrence | deviceManagementConfigurationSettingOccurrence | Indicates whether the setting is required or not Inherited from deviceManagementConfigurationSettingDefinition |
baseUri | String | Base CSP Path Inherited from deviceManagementConfigurationSettingDefinition |
offsetUri | String | Offset CSP Path from Base Inherited from deviceManagementConfigurationSettingDefinition |
rootDefinitionId | String | Root setting definition id if the setting is a child setting. Inherited from deviceManagementConfigurationSettingDefinition |
categoryId | String | Specify category in which the setting is under. Support $filters. Inherited from deviceManagementConfigurationSettingDefinition |
settingUsage | deviceManagementConfigurationSettingUsage | Indicate setting type for the setting. Possible values are: configuration, compliance, reusableSetting. Each setting usage has separate API end-point to call. Inherited from deviceManagementConfigurationSettingDefinition. Possible values are: none , configuration , compliance , unknownFutureValue . |
uxBehavior | deviceManagementConfigurationControlType | Setting control type representation in the UX. Possible values are: default, dropdown, smallTextBox, largeTextBox, toggle, multiheaderGrid, contextPane. Inherited from deviceManagementConfigurationSettingDefinition. Possible values are: default , dropdown , smallTextBox , largeTextBox , toggle , multiheaderGrid , contextPane , unknownFutureValue . |
visibility | deviceManagementConfigurationSettingVisibility | Setting visibility scope to UX. Possible values are: none, settingsCatalog, template. Inherited from deviceManagementConfigurationSettingDefinition. Possible values are: none , settingsCatalog , template , unknownFutureValue . |
referredSettingInformationList | deviceManagementConfigurationReferredSettingInformation collection | List of referred setting information. Inherited from deviceManagementConfigurationSettingDefinition |
id | String | Identifier for item Inherited from deviceManagementConfigurationSettingDefinition |
description | String | Description of the setting. Inherited from deviceManagementConfigurationSettingDefinition |
helpText | String | Help text of the setting. Give more details of the setting. Inherited from deviceManagementConfigurationSettingDefinition |
name | String | Name of the item Inherited from deviceManagementConfigurationSettingDefinition |
displayName | String | Name of the setting. For example: Allow Toast. Inherited from deviceManagementConfigurationSettingDefinition |
version | String | Item Version Inherited from deviceManagementConfigurationSettingDefinition |
childIds | String collection | Dependent child settings to this group of settings. |
dependentOn | deviceManagementConfigurationDependentOn collection | List of Dependencies for the setting group |
dependedOnBy | deviceManagementConfigurationSettingDependedOnBy collection | List of child settings that depend on this setting |
deviceManagementConfigurationSettingTemplate
Property | Type | Description |
---|---|---|
id | String | Key of this setting template within the policy template which contains it. Automatically generated. |
settingInstanceTemplate | deviceManagementConfigurationSettingInstanceTemplate | Setting Instance Template |
deviceManagementConfigurationSimpleSettingCollectionDefinition
Property | Type | Description |
---|---|---|
applicability | deviceManagementConfigurationSettingApplicability | Details which device setting is applicable on. Supports: $filters. Inherited from deviceManagementConfigurationSettingDefinition |
accessTypes | deviceManagementConfigurationSettingAccessTypes | Read/write access mode of the setting Inherited from deviceManagementConfigurationSettingDefinition. Possible values are: none , add , copy , delete , get , replace , execute . |
keywords | String collection | Tokens which to search settings on Inherited from deviceManagementConfigurationSettingDefinition |
infoUrls | String collection | List of links more info for the setting can be found at. Inherited from deviceManagementConfigurationSettingDefinition |
occurrence | deviceManagementConfigurationSettingOccurrence | Indicates whether the setting is required or not Inherited from deviceManagementConfigurationSettingDefinition |
baseUri | String | Base CSP Path Inherited from deviceManagementConfigurationSettingDefinition |
offsetUri | String | Offset CSP Path from Base Inherited from deviceManagementConfigurationSettingDefinition |
rootDefinitionId | String | Root setting definition id if the setting is a child setting. Inherited from deviceManagementConfigurationSettingDefinition |
categoryId | String | Specify category in which the setting is under. Support $filters. Inherited from deviceManagementConfigurationSettingDefinition |
settingUsage | deviceManagementConfigurationSettingUsage | Indicate setting type for the setting. Possible values are: configuration, compliance, reusableSetting. Each setting usage has separate API end-point to call. Inherited from deviceManagementConfigurationSettingDefinition. Possible values are: none , configuration , compliance , unknownFutureValue . |
uxBehavior | deviceManagementConfigurationControlType | Setting control type representation in the UX. Possible values are: default, dropdown, smallTextBox, largeTextBox, toggle, multiheaderGrid, contextPane. Inherited from deviceManagementConfigurationSettingDefinition. Possible values are: default , dropdown , smallTextBox , largeTextBox , toggle , multiheaderGrid , contextPane , unknownFutureValue . |
visibility | deviceManagementConfigurationSettingVisibility | Setting visibility scope to UX. Possible values are: none, settingsCatalog, template. Inherited from deviceManagementConfigurationSettingDefinition. Possible values are: none , settingsCatalog , template , unknownFutureValue . |
referredSettingInformationList | deviceManagementConfigurationReferredSettingInformation collection | List of referred setting information. Inherited from deviceManagementConfigurationSettingDefinition |
id | String | Identifier for item Inherited from deviceManagementConfigurationSettingDefinition |
description | String | Description of the setting. Inherited from deviceManagementConfigurationSettingDefinition |
helpText | String | Help text of the setting. Give more details of the setting. Inherited from deviceManagementConfigurationSettingDefinition |
name | String | Name of the item Inherited from deviceManagementConfigurationSettingDefinition |
displayName | String | Name of the setting. For example: Allow Toast. Inherited from deviceManagementConfigurationSettingDefinition |
version | String | Item Version Inherited from deviceManagementConfigurationSettingDefinition |
valueDefinition | deviceManagementConfigurationSettingValueDefinition | Definition of the value for this setting. Inherited from deviceManagementConfigurationSimpleSettingDefinition |
defaultValue | deviceManagementConfigurationSettingValue | Default setting value for this setting. Inherited from deviceManagementConfigurationSimpleSettingDefinition |
dependentOn | deviceManagementConfigurationDependentOn collection | list of parent settings this setting is dependent on. Inherited from deviceManagementConfigurationSimpleSettingDefinition |
dependedOnBy | deviceManagementConfigurationSettingDependedOnBy collection | list of child settings that depend on this setting. Inherited from deviceManagementConfigurationSimpleSettingDefinition |
maximumCount | Int32 | Maximum number of simple settings in the collection. Valid values 1 to 100 |
minimumCount | Int32 | Minimum number of simple settings in the collection. Valid values 1 to 100 |
deviceManagementConfigurationSimpleSettingDefinition
Property | Type | Description |
---|---|---|
applicability | deviceManagementConfigurationSettingApplicability | Details which device setting is applicable on. Supports: $filters. Inherited from deviceManagementConfigurationSettingDefinition |
accessTypes | deviceManagementConfigurationSettingAccessTypes | Read/write access mode of the setting Inherited from deviceManagementConfigurationSettingDefinition. Possible values are: none , add , copy , delete , get , replace , execute . |
keywords | String collection | Tokens which to search settings on Inherited from deviceManagementConfigurationSettingDefinition |
infoUrls | String collection | List of links more info for the setting can be found at. Inherited from deviceManagementConfigurationSettingDefinition |
occurrence | deviceManagementConfigurationSettingOccurrence | Indicates whether the setting is required or not Inherited from deviceManagementConfigurationSettingDefinition |
baseUri | String | Base CSP Path Inherited from deviceManagementConfigurationSettingDefinition |
offsetUri | String | Offset CSP Path from Base Inherited from deviceManagementConfigurationSettingDefinition |
rootDefinitionId | String | Root setting definition id if the setting is a child setting. Inherited from deviceManagementConfigurationSettingDefinition |
categoryId | String | Specify category in which the setting is under. Support $filters. Inherited from deviceManagementConfigurationSettingDefinition |
settingUsage | deviceManagementConfigurationSettingUsage | Indicate setting type for the setting. Possible values are: configuration, compliance, reusableSetting. Each setting usage has separate API end-point to call. Inherited from deviceManagementConfigurationSettingDefinition. Possible values are: none , configuration , compliance , unknownFutureValue . |
uxBehavior | deviceManagementConfigurationControlType | Setting control type representation in the UX. Possible values are: default, dropdown, smallTextBox, largeTextBox, toggle, multiheaderGrid, contextPane. Inherited from deviceManagementConfigurationSettingDefinition. Possible values are: default , dropdown , smallTextBox , largeTextBox , toggle , multiheaderGrid , contextPane , unknownFutureValue . |
visibility | deviceManagementConfigurationSettingVisibility | Setting visibility scope to UX. Possible values are: none, settingsCatalog, template. Inherited from deviceManagementConfigurationSettingDefinition. Possible values are: none , settingsCatalog , template , unknownFutureValue . |
referredSettingInformationList | deviceManagementConfigurationReferredSettingInformation collection | List of referred setting information. Inherited from deviceManagementConfigurationSettingDefinition |
id | String | Identifier for item Inherited from deviceManagementConfigurationSettingDefinition |
description | String | Description of the setting. Inherited from deviceManagementConfigurationSettingDefinition |
helpText | String | Help text of the setting. Give more details of the setting. Inherited from deviceManagementConfigurationSettingDefinition |
name | String | Name of the item Inherited from deviceManagementConfigurationSettingDefinition |
displayName | String | Name of the setting. For example: Allow Toast. Inherited from deviceManagementConfigurationSettingDefinition |
version | String | Item Version Inherited from deviceManagementConfigurationSettingDefinition |
valueDefinition | deviceManagementConfigurationSettingValueDefinition | Definition of the value for this setting. |
defaultValue | deviceManagementConfigurationSettingValue | Default setting value for this setting. |
dependentOn | deviceManagementConfigurationDependentOn collection | list of parent settings this setting is dependent on. |
dependedOnBy | deviceManagementConfigurationSettingDependedOnBy collection | list of child settings that depend on this setting. |
deviceManagementReusablePolicySetting
Property | Type | Description |
---|---|---|
id | String | system generated reusable setting id. |
displayName | String | reusable setting display name supplied by user. |
description | String | reusable setting description supplied by user. |
settingDefinitionId | String | setting definition id associated with this reusable setting. |
settingInstance | deviceManagementConfigurationSettingInstance | reusable setting configuration instance |
createdDateTime | DateTimeOffset | reusable setting creation date and time. This property is read-only. |
lastModifiedDateTime | DateTimeOffset | date and time when reusable setting was last modified. This property is read-only. |
version | Int32 | version number for reusable setting. Valid values 0 to 2147483647. This property is read-only. |
referencingConfigurationPolicyCount | Int32 | count of configuration policies referencing the current reusable setting. Valid values 0 to 2147483647. This property is read-only. |
deviceManagementTemplateInsightsDefinition
Property | Type | Description |
---|---|---|
id | String | Key of Templateinsights document. |
settingInsights | deviceManagementSettingInsightsDefinition collection | Setting insights in a template |
deviceManagementAbstractComplexSettingDefinition
Property | Type | Description |
---|---|---|
id | String | The ID of the setting definition Inherited from deviceManagementSettingDefinition |
valueType | deviceManangementIntentValueType | The data type of the value Inherited from deviceManagementSettingDefinition. Possible values are: integer , boolean , string , complex , collection , abstractComplex . |
displayName | String | The setting's display name Inherited from deviceManagementSettingDefinition |
isTopLevel | Boolean | If the setting is top level, it can be configured without the need to be wrapped in a collection or complex setting Inherited from deviceManagementSettingDefinition |
description | String | The setting's description Inherited from deviceManagementSettingDefinition |
placeholderText | String | Placeholder text as an example of valid input Inherited from deviceManagementSettingDefinition |
documentationUrl | String | Url to setting documentation Inherited from deviceManagementSettingDefinition |
headerTitle | String | title of the setting header represents a category/section of a setting/settings Inherited from deviceManagementSettingDefinition |
headerSubtitle | String | subtitle of the setting header for more details about the category/section Inherited from deviceManagementSettingDefinition |
keywords | String collection | Keywords associated with the setting Inherited from deviceManagementSettingDefinition |
constraints | deviceManagementConstraint collection | Collection of constraints for the setting value Inherited from deviceManagementSettingDefinition |
dependencies | deviceManagementSettingDependency collection | Collection of dependencies on other settings Inherited from deviceManagementSettingDefinition |
implementations | String collection | List of definition IDs for all possible implementations of this abstract complex setting |
deviceManagementAbstractComplexSettingInstance
Property | Type | Description |
---|---|---|
id | String | The setting instance ID Inherited from deviceManagementSettingInstance |
definitionId | String | The ID of the setting definition for this instance Inherited from deviceManagementSettingInstance |
valueJson | String | JSON representation of the value Inherited from deviceManagementSettingInstance |
implementationId | String | The definition ID for the chosen implementation of this complex setting |
deviceManagementBooleanSettingInstance
Property | Type | Description |
---|---|---|
id | String | The setting instance ID Inherited from deviceManagementSettingInstance |
definitionId | String | The ID of the setting definition for this instance Inherited from deviceManagementSettingInstance |
valueJson | String | JSON representation of the value Inherited from deviceManagementSettingInstance |
value | Boolean | The boolean value |
deviceManagementCollectionSettingDefinition
Property | Type | Description |
---|---|---|
id | String | The ID of the setting definition Inherited from deviceManagementSettingDefinition |
valueType | deviceManangementIntentValueType | The data type of the value Inherited from deviceManagementSettingDefinition. Possible values are: integer , boolean , string , complex , collection , abstractComplex . |
displayName | String | The setting's display name Inherited from deviceManagementSettingDefinition |
isTopLevel | Boolean | If the setting is top level, it can be configured without the need to be wrapped in a collection or complex setting Inherited from deviceManagementSettingDefinition |
description | String | The setting's description Inherited from deviceManagementSettingDefinition |
placeholderText | String | Placeholder text as an example of valid input Inherited from deviceManagementSettingDefinition |
documentationUrl | String | Url to setting documentation Inherited from deviceManagementSettingDefinition |
headerTitle | String | title of the setting header represents a category/section of a setting/settings Inherited from deviceManagementSettingDefinition |
headerSubtitle | String | subtitle of the setting header for more details about the category/section Inherited from deviceManagementSettingDefinition |
keywords | String collection | Keywords associated with the setting Inherited from deviceManagementSettingDefinition |
constraints | deviceManagementConstraint collection | Collection of constraints for the setting value Inherited from deviceManagementSettingDefinition |
dependencies | deviceManagementSettingDependency collection | Collection of dependencies on other settings Inherited from deviceManagementSettingDefinition |
elementDefinitionId | String | The Setting Definition ID that describes what each element of the collection looks like |
deviceManagementCollectionSettingInstance
Property | Type | Description |
---|---|---|
id | String | The setting instance ID Inherited from deviceManagementSettingInstance |
definitionId | String | The ID of the setting definition for this instance Inherited from deviceManagementSettingInstance |
valueJson | String | JSON representation of the value Inherited from deviceManagementSettingInstance |
deviceManagementComplexSettingDefinition
Property | Type | Description |
---|---|---|
id | String | The ID of the setting definition Inherited from deviceManagementSettingDefinition |
valueType | deviceManangementIntentValueType | The data type of the value Inherited from deviceManagementSettingDefinition. Possible values are: integer , boolean , string , complex , collection , abstractComplex . |
displayName | String | The setting's display name Inherited from deviceManagementSettingDefinition |
isTopLevel | Boolean | If the setting is top level, it can be configured without the need to be wrapped in a collection or complex setting Inherited from deviceManagementSettingDefinition |
description | String | The setting's description Inherited from deviceManagementSettingDefinition |
placeholderText | String | Placeholder text as an example of valid input Inherited from deviceManagementSettingDefinition |
documentationUrl | String | Url to setting documentation Inherited from deviceManagementSettingDefinition |
headerTitle | String | title of the setting header represents a category/section of a setting/settings Inherited from deviceManagementSettingDefinition |
headerSubtitle | String | subtitle of the setting header for more details about the category/section Inherited from deviceManagementSettingDefinition |
keywords | String collection | Keywords associated with the setting Inherited from deviceManagementSettingDefinition |
constraints | deviceManagementConstraint collection | Collection of constraints for the setting value Inherited from deviceManagementSettingDefinition |
dependencies | deviceManagementSettingDependency collection | Collection of dependencies on other settings Inherited from deviceManagementSettingDefinition |
propertyDefinitionIds | String collection | The definitions of each property of the complex setting |
deviceManagementComplexSettingInstance
Property | Type | Description |
---|---|---|
id | String | The setting instance ID Inherited from deviceManagementSettingInstance |
definitionId | String | The ID of the setting definition for this instance Inherited from deviceManagementSettingInstance |
valueJson | String | JSON representation of the value Inherited from deviceManagementSettingInstance |
deviceManagementIntegerSettingInstance
Property | Type | Description |
---|---|---|
id | String | The setting instance ID Inherited from deviceManagementSettingInstance |
definitionId | String | The ID of the setting definition for this instance Inherited from deviceManagementSettingInstance |
valueJson | String | JSON representation of the value Inherited from deviceManagementSettingInstance |
value | Int32 | The integer value |
deviceManagementIntent
Property | Type | Description |
---|---|---|
id | String | The intent ID |
displayName | String | The user given display name |
description | String | The user given description |
isAssigned | Boolean | Signifies whether or not the intent is assigned to users |
isMigratingToConfigurationPolicy | Boolean | Signifies whether or not the intent is being migrated to the configurationPolicies endpoint |
lastModifiedDateTime | DateTimeOffset | When the intent was last modified |
templateId | String | The ID of the template this intent was created from (if any) |
roleScopeTagIds | String collection | List of Scope Tags for this Entity instance. |
deviceManagementIntentAssignment
Property | Type | Description |
---|---|---|
id | String | The assignment ID |
target | deviceAndAppManagementAssignmentTarget | The assignment target |
deviceManagementIntentCustomizedSetting
Property | Type | Description |
---|---|---|
definitionId | String | The ID of the setting definition for this setting |
defaultJson | String | JSON representation of the default value from the template |
customizedJson | String | JSON representation of the customized value, if different from default |
deviceManagementIntentDeviceSettingStateSummary
Property | Type | Description |
---|---|---|
id | String | The ID |
settingName | String | Name of a setting |
compliantCount | Int32 | Number of compliant devices |
conflictCount | Int32 | Number of devices in conflict |
errorCount | Int32 | Number of error devices |
nonCompliantCount | Int32 | Number of non compliant devices |
notApplicableCount | Int32 | Number of not applicable devices |
remediatedCount | Int32 | Number of remediated devices |
deviceManagementIntentDeviceState
Property | Type | Description |
---|---|---|
id | String | The ID |
userPrincipalName | String | The user principal name that is being reported on a device |
userName | String | The user name that is being reported on a device |
deviceDisplayName | String | Device name that is being reported |
lastReportedDateTime | DateTimeOffset | Last modified date time of an intent report |
state | complianceStatus | Device state for an intent. Possible values are: unknown , notApplicable , compliant , remediated , nonCompliant , error , conflict , notAssigned . |
deviceId | String | Device id that is being reported |
deviceManagementIntentDeviceStateSummary
Property | Type | Description |
---|---|---|
id | String | The ID |
conflictCount | Int32 | Number of devices in conflict |
errorCount | Int32 | Number of error devices |
failedCount | Int32 | Number of failed devices |
notApplicableCount | Int32 | Number of not applicable devices |
notApplicablePlatformCount | Int32 | Number of not applicable devices due to mismatch platform and policy |
successCount | Int32 | Number of succeeded devices |
deviceManagementIntentSettingCategory
Property | Type | Description |
---|---|---|
id | String | The category ID Inherited from deviceManagementSettingCategory |
displayName | String | The category name Inherited from deviceManagementSettingCategory |
hasRequiredSetting | Boolean | The category contains top level required setting Inherited from deviceManagementSettingCategory |
deviceManagementIntentUserState
Property | Type | Description |
---|---|---|
id | String | The ID |
userPrincipalName | String | The user principal name that is being reported on a device |
userName | String | The user name that is being reported on a device |
deviceCount | Int32 | Count of Devices that belongs to a user for an intent |
lastReportedDateTime | DateTimeOffset | Last modified date time of an intent report |
state | complianceStatus | User state for an intent. Possible values are: unknown , notApplicable , compliant , remediated , nonCompliant , error , conflict , notAssigned . |
deviceManagementIntentUserStateSummary
Property | Type | Description |
---|---|---|
id | String | The ID |
conflictCount | Int32 | Number of users in conflict |
errorCount | Int32 | Number of error users |
failedCount | Int32 | Number of failed users |
notApplicableCount | Int32 | Number of not applicable users |
successCount | Int32 | Number of succeeded users |
deviceManagementSettingCategory
Property | Type | Description |
---|---|---|
id | String | The category ID |
displayName | String | The category name |
hasRequiredSetting | Boolean | The category contains top level required setting |
deviceManagementSettingComparison
Property | Type | Description |
---|---|---|
id | String | The setting ID |
displayName | String | The setting's display name |
definitionId | String | The ID of the setting definition for this instance |
currentValueJson | String | JSON representation of current intent (or) template setting's value |
newValueJson | String | JSON representation of new template setting's value |
comparisonResult | deviceManagementComparisonResult | Setting comparison result. Possible values are: unknown , equal , notEqual , added , removed . |
deviceManagementSettingDefinition
Property | Type | Description |
---|---|---|
id | String | The ID of the setting definition |
valueType | deviceManangementIntentValueType | The data type of the value. Possible values are: integer , boolean , string , complex , collection , abstractComplex . |
displayName | String | The setting's display name |
isTopLevel | Boolean | If the setting is top level, it can be configured without the need to be wrapped in a collection or complex setting |
description | String | The setting's description |
placeholderText | String | Placeholder text as an example of valid input |
documentationUrl | String | Url to setting documentation |
headerTitle | String | title of the setting header represents a category/section of a setting/settings |
headerSubtitle | String | subtitle of the setting header for more details about the category/section |
keywords | String collection | Keywords associated with the setting |
constraints | deviceManagementConstraint collection | Collection of constraints for the setting value |
dependencies | deviceManagementSettingDependency collection | Collection of dependencies on other settings |
deviceManagementSettingInstance
Property | Type | Description |
---|---|---|
id | String | The setting instance ID |
definitionId | String | The ID of the setting definition for this instance |
valueJson | String | JSON representation of the value |
deviceManagementStringSettingInstance
Property | Type | Description |
---|---|---|
id | String | The setting instance ID Inherited from deviceManagementSettingInstance |
definitionId | String | The ID of the setting definition for this instance Inherited from deviceManagementSettingInstance |
valueJson | String | JSON representation of the value Inherited from deviceManagementSettingInstance |
value | String | The string value |
deviceManagementTemplate
Property | Type | Description |
---|---|---|
id | String | The template ID |
displayName | String | The template's display name |
description | String | The template's description |
versionInfo | String | The template's version information |
isDeprecated | Boolean | The template is deprecated or not. Intents cannot be created from a deprecated template. |
intentCount | Int32 | Number of Intents created from this template. |
templateType | deviceManagementTemplateType | The template's type. Possible values are: securityBaseline , specializedDevices , advancedThreatProtectionSecurityBaseline , deviceConfiguration , custom , securityTemplate , microsoftEdgeSecurityBaseline , microsoftOffice365ProPlusSecurityBaseline , deviceCompliance , deviceConfigurationForOffice365 , cloudPC , firewallSharedSettings . |
platformType | policyPlatformType | The template's platform. Possible values are: android , androidForWork , iOS , macOS , windowsPhone81 , windows81AndLater , windows10AndLater , androidWorkProfile , windows10XProfile , all . |
templateSubtype | deviceManagementTemplateSubtype | The template's subtype. Possible values are: none , firewall , diskEncryption , attackSurfaceReduction , endpointDetectionReponse , accountProtection , antivirus , firewallSharedAppList , firewallSharedIpList , firewallSharedPortlist . |
publishedDateTime | DateTimeOffset | When the template was published |
deviceManagementTemplateSettingCategory
Property | Type | Description |
---|---|---|
id | String | The category ID Inherited from deviceManagementSettingCategory |
displayName | String | The category name Inherited from deviceManagementSettingCategory |
hasRequiredSetting | Boolean | The category contains top level required setting Inherited from deviceManagementSettingCategory |
securityBaselineCategoryStateSummary
Property | Type | Description |
---|---|---|
id | String | Unique identifier of the entity. Inherited from securityBaselineStateSummary |
secureCount | Int32 | Number of secure devices Inherited from securityBaselineStateSummary |
notSecureCount | Int32 | Number of not secure devices Inherited from securityBaselineStateSummary |
unknownCount | Int32 | Number of unknown devices Inherited from securityBaselineStateSummary |
errorCount | Int32 | Number of error devices Inherited from securityBaselineStateSummary |
conflictCount | Int32 | Number of conflict devices Inherited from securityBaselineStateSummary |
notApplicableCount | Int32 | Number of not applicable devices Inherited from securityBaselineStateSummary |
displayName | String | The category name |
securityBaselineDeviceState
Property | Type | Description |
---|---|---|
id | String | Unique identifier of the entity |
managedDeviceId | String | Intune device id |
deviceDisplayName | String | Display name of the device |
userPrincipalName | String | User Principal Name |
state | securityBaselineComplianceState | Security baseline compliance state. Possible values are: unknown , secure , notApplicable , notSecure , error , conflict . |
lastReportedDateTime | DateTimeOffset | Last modified date time of the policy report |
securityBaselineStateSummary
Property | Type | Description |
---|---|---|
id | String | Unique identifier of the entity. |
secureCount | Int32 | Number of secure devices |
notSecureCount | Int32 | Number of not secure devices |
unknownCount | Int32 | Number of unknown devices |
errorCount | Int32 | Number of error devices |
conflictCount | Int32 | Number of conflict devices |
notApplicableCount | Int32 | Number of not applicable devices |
securityBaselineTemplate
Property | Type | Description |
---|---|---|
id | String | The template ID Inherited from deviceManagementTemplate |
displayName | String | The template's display name Inherited from deviceManagementTemplate |
description | String | The template's description Inherited from deviceManagementTemplate |
versionInfo | String | The template's version information Inherited from deviceManagementTemplate |
isDeprecated | Boolean | The template is deprecated or not. Intents cannot be created from a deprecated template. Inherited from deviceManagementTemplate |
intentCount | Int32 | Number of Intents created from this template. Inherited from deviceManagementTemplate |
templateType | deviceManagementTemplateType | The template's type. Inherited from deviceManagementTemplate. Possible values are: securityBaseline , specializedDevices , advancedThreatProtectionSecurityBaseline , deviceConfiguration , custom , securityTemplate , microsoftEdgeSecurityBaseline , microsoftOffice365ProPlusSecurityBaseline , deviceCompliance , deviceConfigurationForOffice365 , cloudPC , firewallSharedSettings . |
platformType | policyPlatformType | The template's platform. Inherited from deviceManagementTemplate. Possible values are: android , androidForWork , iOS , macOS , windowsPhone81 , windows81AndLater , windows10AndLater , androidWorkProfile , windows10XProfile , all . |
templateSubtype | deviceManagementTemplateSubtype | The template's subtype. Inherited from deviceManagementTemplate. Possible values are: none , firewall , diskEncryption , attackSurfaceReduction , endpointDetectionReponse , accountProtection , antivirus , firewallSharedAppList , firewallSharedIpList , firewallSharedPortlist . |
publishedDateTime | DateTimeOffset | When the template was published Inherited from deviceManagementTemplate |
applePushNotificationCertificate
Property | Type | Description |
---|---|---|
id | String | Unique Identifier for the certificate |
appleIdentifier | String | Apple Id of the account used to create the MDM push certificate. |
topicIdentifier | String | Topic Id. |
lastModifiedDateTime | DateTimeOffset | Last modified date and time for Apple push notification certificate. |
expirationDateTime | DateTimeOffset | The expiration date and time for Apple push notification certificate. |
certificateUploadStatus | String | The certificate upload status. |
certificateUploadFailureReason | String | The reason the certificate upload failed. |
certificateSerialNumber | String | Certificate serial number. This property is read-only. |
certificate | String | Not yet documented |
appLogCollectionDownloadDetails
Property | Type | Description |
---|---|---|
downloadUrl | String | Download SAS (Shared Access Signature) Url for completed app log request. |
decryptionKey | String | Decryption key that used to decrypt the log. |
appLogDecryptionAlgorithm | appLogDecryptionAlgorithm | Decryption algorithm for Content. Default is ASE256. Possible values are: aes256 , unknownFutureValue . |
appLogCollectionRequest
Property | Type | Description |
---|---|---|
id | String | The unique Identifier. This is userId_DeviceId_AppId id. |
status | appLogUploadState | Indicates the status for the app log collection request if it is pending, completed or failed, Default is pending. Possible values are: pending , completed , failed , unknownFutureValue . |
errorMessage | String | Indicates error message if any during the upload process. |
customLogFolders | String collection | List of log folders. |
completedDateTime | DateTimeOffset | Time at which the upload log request reached a completed state if not completed yet NULL will be returned. |
bulkManagedDeviceActionResult
Property | Type | Description |
---|---|---|
successfulDeviceIds | String collection | Successful devices |
failedDeviceIds | String collection | Failed devices |
notFoundDeviceIds | String collection | Not found devices |
notSupportedDeviceIds | String collection | Not supported devices |
cloudPCConnectivityIssue
Property | Type | Description |
---|---|---|
id | String | The unique identifier of the user experience analytics connectivity issue event entity. |
deviceId | String | The Intune DeviceId of the device the connection is associated with. |
errorCode | String | The error code of the connectivity issue. |
errorDateTime | DateTimeOffset | The time that the connection initiated. The time is shown in ISO 8601 format and Coordinated Universal Time (UTC) time. |
userId | String | The unique id of user who initialize the connection. |
errorDescription | String | The detailed description of what went wrong. |
recommendedAction | String | The recommended action to fix the corresponding error. |
comanagedDevicesSummary
Property | Type | Description |
---|---|---|
inventoryCount | Int32 | Number of devices with Inventory swung-over. This property is read-only. |
compliancePolicyCount | Int32 | Number of devices with CompliancePolicy swung-over. This property is read-only. |
resourceAccessCount | Int32 | Number of devices with ResourceAccess swung-over. This property is read-only. |
configurationSettingsCount | Int32 | Number of devices with ConfigurationSettings swung-over. This property is read-only. |
windowsUpdateForBusinessCount | Int32 | Number of devices with WindowsUpdateForBusiness swung-over. This property is read-only. |
endpointProtectionCount | Int32 | Number of devices with EndpointProtection swung-over. This property is read-only. |
modernAppsCount | Int32 | Number of devices with ModernApps swung-over. This property is read-only. |
officeAppsCount | Int32 | Number of devices with OfficeApps swung-over. This property is read-only. |
totalComanagedCount | Int32 | Number of Co-Managed Devices. This property is read-only. |
comanagementEligibleDevice
Property | Type | Description |
---|---|---|
id | String | Unique Id for the device |
deviceName | String | DeviceName |
deviceType | deviceType | DeviceType. Possible values are: desktop , windowsRT , winMO6 , nokia , windowsPhone , mac , winCE , winEmbedded , iPhone , iPad , iPod , android , iSocConsumer , unix , macMDM , holoLens , surfaceHub , androidForWork , androidEnterprise , windows10x , androidnGMS , chromeOS , linux , blackberry , palm , unknown , cloudPC . |
clientRegistrationStatus | deviceRegistrationState | ClientRegistrationStatus. Possible values are: notRegistered , registered , revoked , keyConflict , approvalPending , certificateReset , notRegisteredPendingEnrollment , unknown . |
ownerType | ownerType | OwnerType. Possible values are: unknown , company , personal . |
managementAgents | managementAgentType | ManagementAgents. Possible values are: eas , mdm , easMdm , intuneClient , easIntuneClient , configurationManagerClient , configurationManagerClientMdm , configurationManagerClientMdmEas , unknown , jamf , googleCloudDevicePolicyController , microsoft365ManagedMdm , msSense , intuneAosp . |
managementState | managementState | ManagementState. Possible values are: managed , retirePending , retireFailed , wipePending , wipeFailed , unhealthy , deletePending , retireIssued , wipeIssued , wipeCanceled , retireCanceled , discovered . |
referenceId | String | ReferenceId |
mdmStatus | String | MDMStatus |
osVersion | String | OSVersion |
serialNumber | String | SerialNumber |
manufacturer | String | Manufacturer |
model | String | Model |
osDescription | String | OSDescription |
entitySource | Int32 | EntitySource |
userId | String | UserId |
upn | String | UPN |
userEmail | String | UserEmail |
userName | String | UserName |
status | comanagementEligibleType | ComanagementEligibleStatus. Possible values are: comanaged , eligible , eligibleButNotAzureAdJoined , needsOsUpdate , ineligible , scheduledForEnrollment , unknownFutureValue . |
comanagementEligibleDevicesSummary
Property | Type | Description |
---|---|---|
comanagedCount | Int32 | Count of devices already Co-Managed |
eligibleCount | Int32 | Count of devices fully eligible for Co-Management |
scheduledForEnrollmentCount | Int32 | Count of devices scheduled for Co-Management enrollment. Valid values 0 to 9999999 |
eligibleButNotAzureAdJoinedCount | Int32 | Count of devices eligible for Co-Management but not yet joined to Azure Active Directory |
needsOsUpdateCount | Int32 | Count of devices that will be eligible for Co-Management after an OS update |
ineligibleCount | Int32 | Count of devices ineligible for Co-Management |
dataSharingConsent
Property | Type | Description |
---|---|---|
id | String | The data sharing consent Id |
serviceDisplayName | String | The display name of the service work flow |
termsUrl | String | The TermsUrl for the data sharing consent |
granted | Boolean | The granted state for the data sharing consent |
grantDateTime | DateTimeOffset | The time consent was granted for this account |
grantedByUpn | String | The Upn of the user that granted consent for this account |
grantedByUserId | String | The UserId of the user that granted consent for this account |
detectedApp
Property | Type | Description |
---|---|---|
id | String | The unique Identifier for the detected application. This is automatically generated by Intune at the time the application is created. Read-only. |
displayName | String | Name of the discovered application. Read-only |
version | String | Version of the discovered application. Read-only |
sizeInByte | Int64 | Discovered application size in bytes. Read-only |
deviceCount | Int32 | The number of devices that have installed this application |
publisher | String | Indicates the publisher of the discovered application. For example: 'Microsoft'. The default value is an empty string. |
platform | detectedAppPlatformType | Indicates the operating system / platform of the discovered application. Some possible values are Windows, iOS, macOS. The default value is unknown (0). Possible values are: unknown , windows , windowsMobile , windowsHolographic , ios , macOS , chromeOS , androidOSP , androidDeviceAdministrator , androidWorkProfile , androidDedicatedAndFullyManaged , unknownFutureValue . |
deviceComplianceScript
Property | Type | Description |
---|---|---|
id | String | Unique Identifier for the device compliance script |
publisher | String | Name of the device compliance script publisher |
version | String | Version of the device compliance script |
displayName | String | Name of the device compliance script |
description | String | Description of the device compliance script |
detectionScriptContent | Binary | The entire content of the detection powershell script |
createdDateTime | DateTimeOffset | The timestamp of when the device compliance script was created. This property is read-only. |
lastModifiedDateTime | DateTimeOffset | The timestamp of when the device compliance script was modified. This property is read-only. |
runAsAccount | runAsAccountType | Indicates the type of execution context. Possible values are: system , user . |
enforceSignatureCheck | Boolean | Indicate whether the script signature needs be checked |
runAs32Bit | Boolean | Indicate whether PowerShell script(s) should run as 32-bit |
roleScopeTagIds | String collection | List of Scope Tag IDs for the device compliance script |
deviceComplianceScriptDeviceState
Property | Type | Description |
---|---|---|
id | String | Key of the device compliance script device state entity. This property is read-only. |
detectionState | runState | Detection state from the lastest device compliance script execution. Possible values are: unknown , success , fail , scriptError , pending , notApplicable . |
lastStateUpdateDateTime | DateTimeOffset | The last timestamp of when the device compliance script executed |
expectedStateUpdateDateTime | DateTimeOffset | The next timestamp of when the device compliance script is expected to execute |
lastSyncDateTime | DateTimeOffset | The last time that Intune Managment Extension synced with Intune |
scriptOutput | String | Output of the detection script |
scriptError | String | Error from the detection script |
deviceComplianceScriptRunSummary
Property | Type | Description |
---|---|---|
id | String | Key of the device compliance script run summary entity. This property is read-only. |
noIssueDetectedDeviceCount | Int32 | Number of devices for which the detection script did not find an issue and the device is healthy. Valid values -2147483648 to 2147483647 |
issueDetectedDeviceCount | Int32 | Number of devices for which the detection script found an issue. Valid values -2147483648 to 2147483647 |
detectionScriptErrorDeviceCount | Int32 | Number of devices on which the detection script execution encountered an error and did not complete. Valid values -2147483648 to 2147483647 |
detectionScriptPendingDeviceCount | Int32 | Number of devices which have not yet run the latest version of the device compliance script. Valid values -2147483648 to 2147483647 |
lastScriptRunDateTime | DateTimeOffset | Last run time for the script across all devices |
deviceCustomAttributeShellScript
Property | Type | Description |
---|---|---|
id | String | Unique Identifier for the custom attribute entity. |
customAttributeName | String | The name of the custom attribute. |
customAttributeType | deviceCustomAttributeValueType | The expected type of the custom attribute's value. Possible values are: integer , string , dateTime . |
displayName | String | Name of the device management script. |
description | String | Optional description for the device management script. |
scriptContent | Binary | The script content. |
createdDateTime | DateTimeOffset | The date and time the device management script was created. This property is read-only. |
lastModifiedDateTime | DateTimeOffset | The date and time the device management script was last modified. This property is read-only. |
runAsAccount | runAsAccountType | Indicates the type of execution context. Possible values are: system , user . |
fileName | String | Script file name. |
roleScopeTagIds | String collection | List of Scope Tag IDs for this PowerShellScript instance. |
deviceHealthScript
Property | Type | Description |
---|---|---|
id | String | Unique Identifier for the device health script |
publisher | String | Name of the device health script publisher |
version | String | Version of the device health script |
displayName | String | Name of the device health script |
description | String | Description of the device health script |
detectionScriptContent | Binary | The entire content of the detection powershell script |
remediationScriptContent | Binary | The entire content of the remediation powershell script |
createdDateTime | DateTimeOffset | The timestamp of when the device health script was created. This property is read-only. |
lastModifiedDateTime | DateTimeOffset | The timestamp of when the device health script was modified. This property is read-only. |
runAsAccount | runAsAccountType | Indicates the type of execution context. Possible values are: system , user . |
enforceSignatureCheck | Boolean | Indicate whether the script signature needs be checked |
runAs32Bit | Boolean | Indicate whether PowerShell script(s) should run as 32-bit |
roleScopeTagIds | String collection | List of Scope Tag IDs for the device health script |
isGlobalScript | Boolean | Determines if this is Microsoft Proprietary Script. Proprietary scripts are read-only |
highestAvailableVersion | String | Highest available version for a Microsoft Proprietary script |
deviceHealthScriptType | deviceHealthScriptType | DeviceHealthScriptType for the script policy. Possible values are: deviceHealthScript , managedInstallerScript . |
detectionScriptParameters | deviceHealthScriptParameter collection | List of ComplexType DetectionScriptParameters objects. |
remediationScriptParameters | deviceHealthScriptParameter collection | List of ComplexType RemediationScriptParameters objects. |
deviceHealthScriptAssignment
Property | Type | Description |
---|---|---|
id | String | Key of the device health script assignment entity. This property is read-only. |
target | deviceAndAppManagementAssignmentTarget | The Azure Active Directory group we are targeting the script to |
runRemediationScript | Boolean | Determine whether we want to run detection script only or run both detection script and remediation script |
runSchedule | deviceHealthScriptRunSchedule | Script run schedule for the target group |
deviceHealthScriptDeviceState
Property | Type | Description |
---|---|---|
id | String | Key of the device health script device state entity. This property is read-only. |
detectionState | runState | Detection state from the lastest device health script execution. Possible values are: unknown , success , fail , scriptError , pending , notApplicable . |
lastStateUpdateDateTime | DateTimeOffset | The last timestamp of when the device health script executed |
expectedStateUpdateDateTime | DateTimeOffset | The next timestamp of when the device health script is expected to execute |
lastSyncDateTime | DateTimeOffset | The last time that Intune Managment Extension synced with Intune |
preRemediationDetectionScriptOutput | String | Output of the detection script before remediation |
preRemediationDetectionScriptError | String | Error from the detection script before remediation |
remediationScriptError | String | Error output of the remediation script |
postRemediationDetectionScriptOutput | String | Detection script output after remediation |
postRemediationDetectionScriptError | String | Error from the detection script after remediation |
remediationState | remediationState | Remediation state from the lastest device health script execution. Possible values are: unknown , skipped , success , remediationFailed , scriptError , unknownFutureValue . |
assignmentFilterIds | String collection | A list of the assignment filter ids used for health script applicability evaluation |
deviceHealthScriptParameter
Property | Type | Description |
---|---|---|
name | String | The name of the param |
description | String | The description of the param |
isRequired | Boolean | Whether the param is required |
applyDefaultValueWhenNotAssigned | Boolean | Whether Apply DefaultValue When Not Assigned |
deviceHealthScriptPolicyState
Property | Type | Description |
---|---|---|
id | String | Key of the device health script policy state is a concatenation of the MT sideCar policy Id and Intune device Id |
deviceId | String | The Intune device Id |
policyId | String | The MT sideCar policy Id |
deviceName | String | Display name of the device |
policyName | String | Display name of the device health script |
userName | String | Name of the user whom ran the device health script |
osVersion | String | Value of the OS Version in string |
detectionState | runState | Detection state from the lastest device health script execution. Possible values are: unknown , success , fail , scriptError , pending , notApplicable . |
lastStateUpdateDateTime | DateTimeOffset | The last timestamp of when the device health script executed |
expectedStateUpdateDateTime | DateTimeOffset | The next timestamp of when the device health script is expected to execute |
lastSyncDateTime | DateTimeOffset | The last time that Intune Managment Extension synced with Intune |
preRemediationDetectionScriptOutput | String | Output of the detection script before remediation |
preRemediationDetectionScriptError | String | Error from the detection script before remediation |
remediationScriptError | String | Error output of the remediation script |
postRemediationDetectionScriptOutput | String | Detection script output after remediation |
postRemediationDetectionScriptError | String | Error from the detection script after remediation |
remediationState | remediationState | Remediation state from the lastest device health script execution. Possible values are: unknown , skipped , success , remediationFailed , scriptError , unknownFutureValue . |
assignmentFilterIds | String collection | A list of the assignment filter ids used for health script applicability evaluation |
deviceHealthScriptRemediationHistory
Property | Type | Description |
---|---|---|
lastModifiedDateTime | DateTimeOffset | The date on which the results history is calculated for the healthscript. |
historyData | deviceHealthScriptRemediationHistoryData collection | The number of devices remediated by the device health script on the given date. |
deviceHealthScriptRemediationSummary
Property | Type | Description |
---|---|---|
scriptCount | Int32 | The number of device health scripts deployed. |
remediatedDeviceCount | Int32 | The number of devices remediated by device health scripts. |
deviceHealthScriptRunSchedule
Property | Type | Description |
---|---|---|
interval | Int32 | The x value of every x hours for hourly schedule, every x days for Daily Schedule, every x weeks for weekly schedule, every x months for Monthly Schedule. Valid values 1 to 23 |
deviceHealthScriptRunSummary
Property | Type | Description |
---|---|---|
id | String | Key of the device health script run summary entity. This property is read-only. |
noIssueDetectedDeviceCount | Int32 | Number of devices for which the detection script did not find an issue and the device is healthy |
issueDetectedDeviceCount | Int32 | Number of devices for which the detection script found an issue |
detectionScriptErrorDeviceCount | Int32 | Number of devices on which the detection script execution encountered an error and did not complete |
detectionScriptPendingDeviceCount | Int32 | Number of devices which have not yet run the latest version of the device health script |
detectionScriptNotApplicableDeviceCount | Int32 | Number of devices for which the detection script was not applicable |
issueRemediatedDeviceCount | Int32 | Number of devices for which the remediation script was able to resolve the detected issue |
remediationSkippedDeviceCount | Int32 | Number of devices for which remediation was skipped |
issueReoccurredDeviceCount | Int32 | Number of devices for which the remediation script executed successfully but failed to resolve the detected issue |
remediationScriptErrorDeviceCount | Int32 | Number of devices for which the remediation script execution encountered an error and did not complete |
lastScriptRunDateTime | DateTimeOffset | Last run time for the script across all devices |
issueRemediatedCumulativeDeviceCount | Int32 | Number of devices that were remediated over the last 30 days |
intune-devices-devicehealthscripttype
deviceLogCollectionResponse
Property | Type | Description |
---|---|---|
id | String | The unique identifier in the form of tenantId_deviceId_requestId. |
status | appLogUploadState | Indicates the status for the app log collection request if it is pending, completed or failed, Default is pending. Possible values are: pending , completed , failed , unknownFutureValue . |
managedDeviceId | Guid | Indicates Intune device unique identifier. |
requestedDateTimeUTC | DateTimeOffset | The DateTime of the request. |
receivedDateTimeUTC | DateTimeOffset | The DateTime the request was received. |
initiatedByUserPrincipalName | String | The UPN for who initiated the request. |
expirationDateTimeUTC | DateTimeOffset | The DateTime of the expiration of the logs. |
sizeInKB | Double | The size of the logs in KB. Valid values -1.79769313486232E+308 to 1.79769313486232E+308 |
enrolledByUser | String | The User Principal Name (UPN) of the user that enrolled the device. |
deviceManagementScriptAssignment
Property | Type | Description |
---|---|---|
id | String | Key of the device management script group assignment entity. This property is read-only. |
target | deviceAndAppManagementAssignmentTarget | The Id of the Azure Active Directory group we are targeting the script to. |
deviceManagementScriptDeviceState
Property | Type | Description |
---|---|---|
id | String | Key of the device management script device state entity. This property is read-only. |
runState | runState | State of latest run of the device management script. Possible values are: unknown , success , fail , scriptError , pending , notApplicable . |
resultMessage | String | Details of execution output. |
lastStateUpdateDateTime | DateTimeOffset | Latest time the device management script executes. |
errorCode | Int32 | Error code corresponding to erroneous execution of the device management script. |
errorDescription | String | Error description corresponding to erroneous execution of the device management script. |
deviceManagementScriptGroupAssignment
Property | Type | Description |
---|---|---|
id | String | Key of the device management script group assignment entity. This property is read-only. |
targetGroupId | String | The Id of the Azure Active Directory group we are targeting the script to. |
deviceManagementScriptRunSummary
Property | Type | Description |
---|---|---|
id | String | Key of the device management script run summary entity. This property is read-only. |
successDeviceCount | Int32 | Success device count. |
errorDeviceCount | Int32 | Error device count. |
successUserCount | Int32 | Success user count. |
errorUserCount | Int32 | Error user count. |
deviceManagementScriptUserState
Property | Type | Description |
---|---|---|
id | String | Key of the device management script user state entity. This property is read-only. |
successDeviceCount | Int32 | Success device count for specific user. |
errorDeviceCount | Int32 | Error device count for specific user. |
userPrincipalName | String | User principle name of specific user. |
deviceScopeActionResult
Property | Type | Description |
---|---|---|
deviceScopeAction | deviceScopeAction | The triggered action name. Possible values are: . |
deviceScopeId | String | The unique identifier of the device scope the action was triggered on. |
status | deviceScopeActionStatus | Indicates the status of the attempt device scope action. When succeeded, the action was succeessfully triggered, When failed, the action was failed to trigger. Possible values are: failed , succeeded , unknownFutureValue . |
failedMessage | String | The message indicates the reason the device scope action failed to trigger. |
deviceShellScript
Property | Type | Description |
---|---|---|
executionFrequency | Duration | The interval for script to run. If not defined the script will run once |
retryCount | Int32 | Number of times for the script to be retried if it fails |
blockExecutionNotifications | Boolean | Does not notify the user a script is being executed |
id | String | Unique Identifier for the device management script. |
displayName | String | Name of the device management script. |
description | String | Optional description for the device management script. |
scriptContent | Binary | The script content. |
createdDateTime | DateTimeOffset | The date and time the device management script was created. This property is read-only. |
lastModifiedDateTime | DateTimeOffset | The date and time the device management script was last modified. This property is read-only. |
runAsAccount | runAsAccountType | Indicates the type of execution context. Possible values are: system , user . |
fileName | String | Script file name. |
roleScopeTagIds | String collection | List of Scope Tag IDs for this PowerShellScript instance. |
intune-devices-globaldevicehealthscriptstate
malwareStateForWindowsDevice
Property | Type | Description |
---|---|---|
id | String | The unique Identifier. This is device id. |
deviceName | String | Indicates the name of the device being evaluated for malware state |
executionState | windowsMalwareExecutionState | Indicates execution status of the malware. Possible values are: unknown, blocked, allowed, running, notRunning. Defaults to unknown. Possible values are: unknown , blocked , allowed , running , notRunning . |
threatState | windowsMalwareThreatState | Indicates threat status of the malware. Possible values are: active, actionFailed, manualStepsRequired, fullScanRequired, rebootRequired, remediatedWithNonCriticalFailures, quarantined, removed, cleaned, allowed, noStatusCleared. defaults to noStatusCleared. Possible values are: active , actionFailed , manualStepsRequired , fullScanRequired , rebootRequired , remediatedWithNonCriticalFailures , quarantined , removed , cleaned , allowed , noStatusCleared . |
initialDetectionDateTime | DateTimeOffset | Initial detection datetime of the malware |
lastStateChangeDateTime | DateTimeOffset | The last time this particular threat was changed |
detectionCount | Int32 | Indicates the number of times the malware is detected |
managedDevice
Property | Type | Description |
---|---|---|
id | String | Unique Identifier for the device. This property is read-only. |
userId | String | Unique Identifier for the user associated with the device. This property is read-only. |
deviceName | String | Name of the device. This property is read-only. |
managedDeviceOwnerType | managedDeviceOwnerType | Ownership of the device. Can be 'company' or 'personal'. Possible values are: unknown , company , personal . |
deviceActionResults | deviceActionResult collection | List of ComplexType deviceActionResult objects. This property is read-only. |
enrolledDateTime | DateTimeOffset | Enrollment time of the device. Supports $filter operator 'lt' and 'gt'. This property is read-only. |
lastSyncDateTime | DateTimeOffset | The date and time that the device last completed a successful sync with Intune. Supports $filter operator 'lt' and 'gt'. This property is read-only. |
operatingSystem | String | Operating system of the device. Windows, iOS, etc. This property is read-only. |
complianceState | complianceState | Compliance state of the device. Examples: Compliant, Conflict, Error, etc. Default is unknown. Supports $filter operator 'eq' and 'or'. This property is read-only. Possible values are: unknown , compliant , noncompliant , conflict , error , inGracePeriod , configManager . |
jailBroken | String | Whether the device is jail broken or rooted. Default is an empty string. Supports $filter operator 'eq' and 'or'. This property is read-only. |
managementAgent | managementAgentType | Management channel of the device. Examples: Intune, EAS, etc. Default is unknown. Supports $filter operator 'eq' and 'or'. This property is read-only. Possible values are: eas , mdm , easMdm , intuneClient , easIntuneClient , configurationManagerClient , configurationManagerClientMdm , configurationManagerClientMdmEas , unknown , jamf , googleCloudDevicePolicyController . |
osVersion | String | Operating system version of the device. This property is read-only. |
easActivated | Boolean | Whether the device is Exchange ActiveSync activated. This property is read-only. |
easDeviceId | String | Exchange ActiveSync Id of the device. This property is read-only. |
easActivationDateTime | DateTimeOffset | Exchange ActivationSync activation time of the device. This property is read-only. |
azureADRegistered | Boolean | Whether the device is Azure Active Directory registered. This property is read-only. |
deviceEnrollmentType | deviceEnrollmentType | Enrollment type of the device. This property is read-only. Possible values are: unknown , userEnrollment , deviceEnrollmentManager , appleBulkWithUser , appleBulkWithoutUser , windowsAzureADJoin , windowsBulkUserless , windowsAutoEnrollment , windowsBulkAzureDomainJoin , windowsCoManagement , windowsAzureADJoinUsingDeviceAuth , appleUserEnrollment , appleUserEnrollmentWithServiceAccount . |
activationLockBypassCode | String | The code that allows the Activation Lock on managed device to be bypassed. Default, is Null (Non-Default property) for this property when returned as part of managedDevice entity in LIST call. To retrieve actual values GET call needs to be made, with device id and included in select parameter. Supports: $select. $Search is not supported. Read-only. This property is read-only. |
emailAddress | String | Email(s) for the user associated with the device. This property is read-only. |
azureADDeviceId | String | The unique identifier for the Azure Active Directory device. Read only. This property is read-only. |
deviceRegistrationState | deviceRegistrationState | Device registration state. This property is read-only. Possible values are: notRegistered , registered , revoked , keyConflict , approvalPending , certificateReset , notRegisteredPendingEnrollment , unknown . |
deviceCategoryDisplayName | String | Device category display name. Default is an empty string. Supports $filter operator 'eq' and 'or'. This property is read-only. |
isSupervised | Boolean | Device supervised status. This property is read-only. |
exchangeLastSuccessfulSyncDateTime | DateTimeOffset | Last time the device contacted Exchange. This property is read-only. |
exchangeAccessState | deviceManagementExchangeAccessState | The Access State of the device in Exchange. This property is read-only. Possible values are: none , unknown , allowed , blocked , quarantined . |
exchangeAccessStateReason | deviceManagementExchangeAccessStateReason | The reason for the device's access state in Exchange. This property is read-only. Possible values are: none , unknown , exchangeGlobalRule , exchangeIndividualRule , exchangeDeviceRule , exchangeUpgrade , exchangeMailboxPolicy , other , compliant , notCompliant , notEnrolled , unknownLocation , mfaRequired , azureADBlockDueToAccessPolicy , compromisedPassword , deviceNotKnownWithManagedApp . |
remoteAssistanceSessionUrl | String | Url that allows a Remote Assistance session to be established with the device. Default is an empty string. To retrieve actual values GET call needs to be made, with device id and included in select parameter. This property is read-only. |
remoteAssistanceSessionErrorDetails | String | An error string that identifies issues when creating Remote Assistance session objects. This property is read-only. |
isEncrypted | Boolean | Device encryption status. This property is read-only. |
userPrincipalName | String | Device user principal name. This property is read-only. |
model | String | Model of the device. This property is read-only. |
manufacturer | String | Manufacturer of the device. This property is read-only. |
imei | String | IMEI. This property is read-only. |
complianceGracePeriodExpirationDateTime | DateTimeOffset | The DateTime when device compliance grace period expires. This property is read-only. |
serialNumber | String | SerialNumber. This property is read-only. |
phoneNumber | String | Phone number of the device. This property is read-only. |
androidSecurityPatchLevel | String | Android security patch level. This property is read-only. |
userDisplayName | String | User display name. This property is read-only. |
configurationManagerClientEnabledFeatures | configurationManagerClientEnabledFeatures | ConfigrMgr client enabled features. This property is read-only. |
wiFiMacAddress | String | Wi-Fi MAC. This property is read-only. |
deviceHealthAttestationState | deviceHealthAttestationState | The device health attestation state. This property is read-only. |
subscriberCarrier | String | Subscriber Carrier. This property is read-only. |
meid | String | MEID. This property is read-only. |
totalStorageSpaceInBytes | Int64 | Total Storage in Bytes. This property is read-only. |
freeStorageSpaceInBytes | Int64 | Free Storage in Bytes. Default value is 0. Read-only. This property is read-only. |
managedDeviceName | String | Automatically generated name to identify a device. Can be overwritten to a user friendly name. |
partnerReportedThreatState | managedDevicePartnerReportedHealthState | Indicates the threat state of a device when a Mobile Threat Defense partner is in use by the account and device. Read Only. This property is read-only. Possible values are: unknown , activated , deactivated , secured , lowSeverity , mediumSeverity , highSeverity , unresponsive , compromised , misconfigured . |
requireUserEnrollmentApproval | Boolean | Reports if the managed iOS device is user approval enrollment. This property is read-only. |
managementCertificateExpirationDate | DateTimeOffset | Reports device management certificate expiration date. This property is read-only. |
iccid | String | Integrated Circuit Card Identifier, it is A SIM card's unique identification number. Default is an empty string. To retrieve actual values GET call needs to be made, with device id and included in select parameter. Supports: $select. $Search is not supported. Read-only. This property is read-only. |
udid | String | Unique Device Identifier for iOS and macOS devices. Default is an empty string. To retrieve actual values GET call needs to be made, with device id and included in select parameter. Supports: $select. $Search is not supported. Read-only. This property is read-only. |
notes | String | Notes on the device created by IT Admin. Default is null. To retrieve actual values GET call needs to be made, with device id and included in select parameter. Supports: $select. $Search is not supported. |
ethernetMacAddress | String | Indicates Ethernet MAC Address of the device. Default, is Null (Non-Default property) for this property when returned as part of managedDevice entity. Individual get call with select query options is needed to retrieve actual values. Example: deviceManagement/managedDevices({managedDeviceId})?$select=ethernetMacAddress Supports: $select. $Search is not supported. Read-only. This property is read-only. |
physicalMemoryInBytes | Int64 | Total Memory in Bytes. Default is 0. To retrieve actual values GET call needs to be made, with device id and included in select parameter. Supports: $select. Read-only. This property is read-only. |
managedDeviceOverview
Property | Type | Description |
---|---|---|
id | String | Unique Identifier for the summary |
enrolledDeviceCount | Int32 | Total enrolled device count. Does not include PC devices managed via Intune PC Agent |
mdmEnrolledCount | Int32 | The number of devices enrolled in MDM |
dualEnrolledDeviceCount | Int32 | The number of devices enrolled in both MDM and EAS |
deviceOperatingSystemSummary | deviceOperatingSystemSummary | Device operating system summary. |
deviceExchangeAccessStateSummary | deviceExchangeAccessStateSummary | Distribution of Exchange Access State in Intune |
intune-devices-manageddeviceremoteaction
powerliftDownloadRequest
Property | Type | Description |
---|---|---|
powerliftId | Guid | The unique id for the request |
files | String collection | The list of files to download |
powerliftIncidentMetadata
Property | Type | Description |
---|---|---|
powerliftId | Guid | The unique identifier of the app diagnostic. Example: 8520467a-49a9-44a4-8447-8dfb8bec6726 |
easyId | String | The unique app diagnostic identifier as a user friendly 8 character hexadecimal string. Example: 8520467A |
createdAtDateTime | DateTimeOffset | The time the app diagnostic was created. Example: 2022-04-19T17:24:45.313Z |
platform | String | The device's OS the diagnostic is from. Example: iOS |
application | String | The name of the application the diagnostic is from. Example: com.microsoft.CompanyPortal |
clientVersion | String | The version of the application. Example: 5.2203.1 |
locale | String | The locale information of the application. Example: en-US |
fileNames | String collection | A list of files that are associated with the diagnostic. |
intune-devices-remediationstate
remoteActionAudit
Property | Type | Description |
---|---|---|
id | String | Report Id. |
deviceDisplayName | String | Intune device name. |
userName | String | [deprecated] Please use InitiatedByUserPrincipalName instead. |
initiatedByUserPrincipalName | String | User who initiated the device action, format is UPN. |
action | remoteAction | The action name. Possible values are: unknown , factoryReset , removeCompanyData , resetPasscode , remoteLock , enableLostMode , disableLostMode , locateDevice , rebootNow , recoverPasscode , cleanWindowsDevice , logoutSharedAppleDeviceActiveUser , quickScan , fullScan , windowsDefenderUpdateSignatures , factoryResetKeepEnrollmentData , updateDeviceAccount , automaticRedeployment , shutDown , rotateBitLockerKeys , rotateFileVaultKey , getFileVaultKey , setDeviceName , activateDeviceEsim , deprovision , disable , reenable , moveDeviceToOrganizationalUnit , initiateMobileDeviceManagementKeyRecovery , initiateOnDemandProactiveRemediation , rotateLocalAdminPassword , unknownFutureValue , launchRemoteHelp , revokeAppleVppLicenses , removeDeviceFirmwareConfigurationInterfaceManagement . |
requestDateTime | DateTimeOffset | Time when the action was issued, given in UTC. |
deviceOwnerUserPrincipalName | String | Upn of the device owner. |
deviceIMEI | String | IMEI of the device. |
actionState | actionState | Action state. Possible values are: none , pending , canceled , active , done , failed , notSupported . |
managedDeviceId | String | Action target. |
tenantAttachRBAC
Property | Type | Description |
---|---|---|
id | String | Unique identifier for this entity |
tenantAttachRBACState
Property | Type | Description |
---|---|---|
enabled | Boolean | Indicates whether the tenant is enabled for Tenant Attach with role management. TRUE if enabled, FALSE if the Tenant Attach with rolemanagement is disabled. |
userExperienceAnalyticsAnomaly
Property | Type | Description |
---|---|---|
id | String | The unique identifier for the user experience analytics anomaly device object. |
anomalyId | String | The unique identifier of the anomaly. |
anomalyName | String | The name of the anomaly. |
deviceImpactedCount | Int32 | The number of devices impacted by the anomaly. Valid values -2147483648 to 2147483647 |
severity | userExperienceAnalyticsAnomalySeverity | The severity of the anomaly. Possible values are: high, medium, low, informational or other. Possible values are: high , medium , low , informational , other , unknownFutureValue . |
state | userExperienceAnalyticsAnomalyState | The state of the anomaly. Possible values are: new, active, disabled, removed or other. Possible values are: new , active , disabled , removed , other , unknownFutureValue . |
anomalyType | userExperienceAnalyticsAnomalyType | The category of the anomaly. Possible values are: device, application, stopError, driver or other. Possible values are: device , application , stopError , driver , other , unknownFutureValue . |
anomalyFirstOccurrenceDateTime | DateTimeOffset | Indicates the first occurrence date and time for the anomaly. |
anomalyLatestOccurrenceDateTime | DateTimeOffset | Indicates the latest occurrence date and time for the anomaly. |
detectionModelId | String | The unique identifier of the anomaly detection model. |
issueId | String | The unique identifier of the anomaly detection model. |
assetName | String | The name of the application or module that caused the anomaly. |
assetVersion | String | The version of the application or module that caused the anomaly. |
assetPublisher | String | The publisher of the application or module that caused the anomaly. |
userExperienceAnalyticsAnomalyCorrelationGroupOverview
Property | Type | Description |
---|---|---|
id | String | The unique identifier for the user experience analytics anomaly correlation group overview object. |
anomalyId | String | The unique identifier of the anomaly. Anomaly details such as name and type can be found in the UserExperienceAnalyticsAnomalySeverityOverview entity. |
correlationGroupId | String | The unique identifier for the correlation group which will uniquely identify one of the correlation group within an anomaly. The correlation Id can be mapped to the correlation group name by concatinating the correlation group features. Example of correlation group name which is the indicative of concatenated features names are for names, Contoso manufacture 4.4.1 and Windows 11.22621.1485. |
correlationGroupFeatures | userExperienceAnalyticsAnomalyCorrelationGroupFeature collection | Describes the features of a device that are shared between all devices in a correlation group. |
correlationGroupPrevalence | userExperienceAnalyticsAnomalyCorrelationGroupPrevalence | The prevalence of the correlation group. Possible values are: high, medium or low. Possible values are: high , medium , low , unknownFutureValue . |
correlationGroupPrevalencePercentage | Double | The percentage of the devices in the correlation group that are anomalous. Valid values -1.79769313486232E+308 to 1.79769313486232E+308 |
totalDeviceCount | Int32 | Indicates the total number of devices in the tenant. Valid values -2147483648 to 2147483647 |
anomalyCorrelationGroupCount | Int32 | Indicates the number of correlation groups in the anomaly. Valid values -2147483648 to 2147483647 |
correlationGroupDeviceCount | Int32 | Indicates the total number of devices in a correlation group. Valid values -2147483648 to 2147483647 |
correlationGroupAnomalousDeviceCount | Int32 | Indicates the total number of devices affected by the anomaly in the correlation group. Valid values -2147483648 to 2147483647 |
correlationGroupAtRiskDeviceCount | Int32 | Indicates the total number of devices at risk in the correlation group. Valid values -2147483648 to 2147483647 |
userExperienceAnalyticsAnomalyDevice
Property | Type | Description |
---|---|---|
id | String | The unique identifier for the user experience analytics anomaly device object. |
deviceId | String | The unique identifier of the device. |
deviceName | String | The name of the device. |
deviceModel | String | The model name of the device. |
deviceManufacturer | String | The manufacturer name of the device. |
osName | String | The name of the OS installed on the device. |
osVersion | String | The OS version installed on the device. |
anomalyId | String | The unique identifier of the anomaly. |
anomalyOnDeviceFirstOccurrenceDateTime | DateTimeOffset | Indicates the first occurance date and time for the anomaly on the device. |
anomalyOnDeviceLatestOccurrenceDateTime | DateTimeOffset | Indicates the latest occurance date and time for the anomaly on the device. |
correlationGroupId | String | The unique identifier of the correlation group. |
deviceStatus | userExperienceAnalyticsDeviceStatus | Indicates the device status with respect to the correlation group. At risk devices are devices that share correlation group features but may not yet be affected by an anomaly, such as when a device is experiencing crashes on an application but that application has not been used on the device but is currently installed. This could lead to the device becoming anomalous if the application in question were to be used. Possible values are: anomolous, affected or atRisk. Possible values are: anomalous , affected , atRisk , unknownFutureValue . |
userExperienceAnalyticsAppHealthApplicationPerformance
Property | Type | Description |
---|---|---|
id | String | The unique identifier of the user experience analytics application performance object. Supports: $select, $OrderBy. Read-only. |
appHangCount | Int32 | The number of hangs for the application. Supports: $select, $OrderBy. Read-only. Valid values -2147483648 to 2147483647 |
appHealthScore | Double | The health score of the application. Valid values 0 to 100. Supports: $filter, $select, $OrderBy. Read-only. Valid values -1.79769313486232E+308 to 1.79769313486232E+308 |
appHealthStatus | String | The overall health status of the application. Read-only. |
allOrgsHealthScore | Double | The median health score of the application across all organizations. Read-only. Valid values -1.79769313486232E+308 to 1.79769313486232E+308 |
activeDeviceCount | Int32 | The health score of the application. Valid values 0 to 100. Supports: $filter, $select, $OrderBy. Read-only. Valid values -2147483648 to 2147483647 |
appName | String | The name of the application. Possible values are: outlook.exe, excel.exe. Supports: $select, $OrderBy. Read-only. |
appDisplayName | String | The friendly name of the application. Possible values are: Outlook, Excel. Supports: $select, $OrderBy. Read-only. |
appPublisher | String | The publisher of the application. Supports: $select, $OrderBy. Read-only. |
appUsageDuration | Int32 | The total usage time of the application in minutes. Valid values 0 to 2147483647. Supports: $select, $OrderBy. Read-only. Valid values -2147483648 to 2147483647 |
appCrashCount | Int32 | The number of crashes for the application. Valid values 0 to 2147483647. Supports: $select, $OrderBy. Read-only. Valid values -2147483648 to 2147483647 |
meanTimeToFailureInMinutes | Int32 | The mean time to failure for the application in minutes. Valid values 0 to 2147483647. Supports: $select, $OrderBy. Read-only. Valid values -2147483648 to 2147483647 |
userExperienceAnalyticsAppHealthAppPerformanceByAppVersion
Property | Type | Description |
---|---|---|
id | String | The unique identifier of the user experience analytics app performance object. |
appVersion | String | The version of the application. |
appName | String | The name of the application. Possible values are: outlook.exe, excel.exe. Supports: $select, $OrderBy. Read-only. |
appDisplayName | String | The friendly name of the application. Possible values are: Outlook, Excel. Supports: $select, $OrderBy. Read-only. |
appPublisher | String | The publisher of the application. Supports: $select, $OrderBy. Read-only. |
appUsageDuration | Int32 | The total usage time of the application in minutes. Valid values 0 to 2147483647. Supports: $select, $OrderBy. Read-only. Valid values -2147483648 to 2147483647 |
appCrashCount | Int32 | The number of crashes for the application. Valid values 0 to 2147483647. Supports: $select, $OrderBy. Read-only. Valid values -2147483648 to 2147483647 |
meanTimeToFailureInMinutes | Int32 | The mean time to failure for the application in minutes. Valid values 0 to 2147483647. Supports: $select, $OrderBy. Read-only. Valid values -2147483648 to 2147483647 |
userExperienceAnalyticsAppHealthAppPerformanceByAppVersionDetails
Property | Type | Description |
---|---|---|
id | String | The unique identifier of the user experience analytics application performance by application version details object. Supports: $select, $OrderBy. Read-only. |
deviceCountWithCrashes | Int32 | The total number of devices that have reported one or more application crashes for this application and version. Valid values 0 to 2147483647. Supports: $select, $OrderBy. Read-only. Valid values -2147483648 to 2147483647 |
isMostUsedVersion | Boolean | When TRUE, indicates the version of application is the most used version for that application. When FALSE, indicates the version is not the most used version. FALSE by default. Supports: $select, $OrderBy. Read-only. |
isLatestUsedVersion | Boolean | When TRUE, indicates the version of application is the latest version for that application that is in use. When FALSE, indicates the version is not the latest version. FALSE by default. Supports: $select, $OrderBy. |
appName | String | The name of the application. |
appDisplayName | String | The friendly name of the application. |
appPublisher | String | The publisher of the application. |
appVersion | String | The version of the application. |
appCrashCount | Int32 | The number of crashes for the app. Valid values -2147483648 to 2147483647 |
userExperienceAnalyticsAppHealthAppPerformanceByAppVersionDeviceId
Property | Type | Description |
---|---|---|
id | String | The unique identifier of the user experience analytics application performance by application version device id object. Supports: $select, $OrderBy. Read-only. |
deviceId | String | The Intune device id of the device. Supports: $select, $OrderBy. Read-only. |
deviceDisplayName | String | The name of the device. Supports: $select, $OrderBy. Read-only. |
processedDateTime | DateTimeOffset | The date and time when the statistics were last computed. The value cannot be modified and is automatically populated when the statistics are computed. The Timestamp type represents date and time information using ISO 8601 format and is always in UTC time. For example, midnight UTC on Jan 1, 2022 would look like this: '2022-01-01T00:00:00Z'. Returned by default. Read-only. |
appName | String | The name of the application. |
appDisplayName | String | The friendly name of the application. |
appPublisher | String | The publisher of the application. |
appVersion | String | The version of the application. |
appCrashCount | Int32 | The number of crashes for the app. Valid values -2147483648 to 2147483647 |
userExperienceAnalyticsAppHealthAppPerformanceByOSVersion
Property | Type | Description |
---|---|---|
id | String | The unique identifier of the user experience analytics application performance by OS version object. Supports: $select, $OrderBy. Read-only. |
osVersion | String | The OS version of the application. Supports: $select, $OrderBy. Read-only. |
osBuildNumber | String | The OS build number of the application. Supports: $select, $OrderBy. Read-only. |
activeDeviceCount | Int32 | The number of devices where the application has been active. Valid values 0 to 2147483647. Supports: $select, $OrderBy. Read-only. Valid values -2147483648 to 2147483647 |
appName | String | The name of the application. Possible values are: outlook.exe, excel.exe. Supports: $select, $OrderBy. Read-only. |
appDisplayName | String | The friendly name of the application. Possible values are: Outlook, Excel. Supports: $select, $OrderBy. Read-only. |
appPublisher | String | The publisher of the application. Supports: $select, $OrderBy. Read-only. |
appUsageDuration | Int32 | The total usage time of the application in minutes. Valid values 0 to 2147483647. Supports: $select, $OrderBy. Read-only. Valid values -2147483648 to 2147483647 |
appCrashCount | Int32 | The number of crashes for the application. Valid values 0 to 2147483647. Supports: $select, $OrderBy. Read-only. Valid values -2147483648 to 2147483647 |
meanTimeToFailureInMinutes | Int32 | The mean time to failure for the application in minutes. Valid values 0 to 2147483647. Supports: $select, $OrderBy. Read-only. Valid values -2147483648 to 2147483647 |
userExperienceAnalyticsAppHealthDeviceModelPerformance
Property | Type | Description |
---|---|---|
id | String | The unique identifier of the user experience analytics device model performance object. Supports: $select, $OrderBy. Read-only. |
deviceModel | String | The model name of the device. Supports: $select, $OrderBy. Read-only. |
deviceManufacturer | String | The manufacturer name of the device. Supports: $select, $OrderBy. Read-only. |
activeDeviceCount | Int32 | The number of active devices for the model. Valid values 0 to 2147483647. Supports: $filter, $select, $OrderBy. Read-only. Valid values -2147483648 to 2147483647 |
meanTimeToFailureInMinutes | Int32 | The mean time to failure for the application in minutes. Valid values 0 to 2147483647. Supports: $filter, $select, $OrderBy. Read-only. Valid values -2147483648 to 2147483647 |
modelAppHealthScore | Double | The application health score of the device model. Valid values 0 to 100. Supports: $filter, $select, $OrderBy. Read-only. Valid values -1.79769313486232E+308 to 1.79769313486232E+308 |
modelAppHealthStatus | String | The overall app health status of the device model. |
healthStatus | userExperienceAnalyticsHealthState | The health state of the user experience analytics model. Possible values are: unknown, insufficientData, needsAttention, meetingGoals. Unknown by default. Supports: $filter, $select, $OrderBy. Read-only. Possible values are: unknown , insufficientData , needsAttention , meetingGoals , unknownFutureValue . |
userExperienceAnalyticsAppHealthDevicePerformance
Property | Type | Description |
---|---|---|
id | String | The unique identifier of the user experience analytics device performance object. Supports: $select, $OrderBy. Read-only. |
deviceModel | String | The model name of the device. Supports: $select, $OrderBy. Read-only. |
deviceManufacturer | String | The manufacturer name of the device. Supports: $select, $OrderBy. Read-only. |
appCrashCount | Int32 | The number of application crashes for the device. Valid values 0 to 2147483647. Supports: $filter, $select, $OrderBy. Read-only. Valid values -2147483648 to 2147483647 |
crashedAppCount | Int32 | The number of distinct application crashes for the device. Valid values 0 to 2147483647. Supports: $select, $OrderBy. Read-only. Valid values -2147483648 to 2147483647 |
appHangCount | Int32 | The number of application hangs for the device. Valid values 0 to 2147483647. Supports: $select, $OrderBy. Read-only. Valid values -2147483648 to 2147483647 |
processedDateTime | DateTimeOffset | The date and time when the statistics were last computed. The value cannot be modified and is automatically populated when the statistics are computed. The Timestamp type represents date and time information using ISO 8601 format and is always in UTC time. For example, midnight UTC on Jan 1, 2022 would look like this: '2022-01-01T00:00:00Z'. Returned by default. Read-only. |
meanTimeToFailureInMinutes | Int32 | The mean time to failure for the application in minutes. Valid values 0 to 2147483647. Supports: $filter, $select, $OrderBy. Read-only. Valid values -2147483648 to 2147483647 |
deviceAppHealthScore | Double | The application health score of the device. Valid values 0 to 100. Supports: $filter, $select, $OrderBy. Read-only. Valid values -1.79769313486232E+308 to 1.79769313486232E+308 |
deviceAppHealthStatus | String | The overall app health status of the device. |
healthStatus | userExperienceAnalyticsHealthState | The health state of the user experience analytics device. Possible values are: unknown, insufficientData, needsAttention, meetingGoals. Unknown by default. Supports: $filter, $select, $OrderBy. Read-only. Possible values are: unknown , insufficientData , needsAttention , meetingGoals , unknownFutureValue . |
deviceId | String | The Intune device id of the device. Supports: $select, $OrderBy. Read-only. |
deviceDisplayName | String | The name of the device. Supports: $select, $OrderBy. Read-only. |
userExperienceAnalyticsAppHealthDevicePerformanceDetails
Property | Type | Description |
---|---|---|
id | String | The unique identifier of the user experience analytics device performance details object. Supports: $select, $OrderBy. Read-only. |
eventDateTime | DateTimeOffset | The time the event occurred. The value cannot be modified and is automatically populated when the statistics are computed. The Timestamp type represents date and time information using ISO 8601 format and is always in UTC time. For example, midnight UTC on Jan 1, 2022 would look like this: '2022-01-01T00:00:00Z'. Returned by default. Read-only. |
eventType | String | The type of the event. Supports: $select, $OrderBy. Read-only. |
appDisplayName | String | The friendly name of the application for which the event occurred. Possible values are: outlook.exe, excel.exe. Supports: $select, $OrderBy. Read-only. |
appPublisher | String | The publisher of the application. Supports: $select, $OrderBy. Read-only. |
appVersion | String | The version of the application. Possible values are: 1.0.0.1, 75.65.23.9. Supports: $select, $OrderBy. Read-only. |
deviceId | String | The Intune device id of the device. Supports: $select, $OrderBy. Read-only. |
deviceDisplayName | String | The name of the device. Supports: $select, $OrderBy. Read-only. |
userExperienceAnalyticsAppHealthOSVersionPerformance
Property | Type | Description |
---|---|---|
id | String | The unique identifier of the user experience analytics OS version performance object. Supports: $select, $OrderBy. Read-only. |
osVersion | String | The OS version installed on the device. Supports: $select, $OrderBy. Read-only. |
osBuildNumber | String | The OS build number installed on the device. Supports: $select, $OrderBy. Read-only. |
activeDeviceCount | Int32 | The number of active devices for the OS version. Valid values 0 to 2147483647. Supports: $filter, $select, $OrderBy. Read-only. Valid values -2147483648 to 2147483647 |
meanTimeToFailureInMinutes | Int32 | The mean time to failure for the application in minutes. Valid values 0 to 2147483647. Supports: $filter, $select, $OrderBy. Read-only. Valid values -2147483648 to 2147483647 |
osVersionAppHealthScore | Double | The application health score of the OS version. Valid values 0 to 100. Supports: $filter, $select, $OrderBy. Read-only. Valid values -1.79769313486232E+308 to 1.79769313486232E+308 |
osVersionAppHealthStatus | String | The overall app health status of the OS version. |
userExperienceAnalyticsBaseline
Property | Type | Description |
---|---|---|
id | String | The unique identifier of the user experience analytics baseline. |
displayName | String | The name of the baseline. |
overallScore | Int32 | The overall score of the user experience analytics baseline. |
isBuiltIn | Boolean | When TRUE, indicates the current baseline is the commercial median baseline. When FALSE, indicates it is a custom baseline. FALSE by default. |
createdDateTime | DateTimeOffset | The date the custom baseline was created. The value cannot be modified and is automatically populated when the baseline is created. The Timestamp type represents date and time information using ISO 8601 format and is always in UTC time. For example, midnight UTC on Jan 1, 2014 would look like this: '2014-01-01T00:00:00Z'. Returned by default. |
userExperienceAnalyticsBatteryHealthAppImpact
Property | Type | Description |
---|---|---|
id | String | The unique identifier of the user experience analytics battery app impact object. |
activeDevices | Int32 | Number of active devices for using that app over a 14-day period. Valid values 0 to 2147483647 |
appName | String | App name. Eg: oltk.exe |
appDisplayName | String | User friendly display name for the app. Eg: Outlook |
appPublisher | String | App publisher. Eg: Microsoft Corporation |
isForegroundApp | Boolean | true if the user had active interaction with the app. |
batteryUsagePercentage | Double | The percent of total battery power used by this application when the device was not plugged into AC power, over 14 days computed across all devices in the tenant. Unit in percentage. Valid values 0 to 1.79769313486232E+308 |
userExperienceAnalyticsBatteryHealthCapacityDetails
Property | Type | Description |
---|---|---|
id | String | The unique identifier of the user experience analytics battery health capacity object. |
activeDevices | Int32 | Number of active devices within the tenant. Valid values 0 to 2147483647 |
batteryCapacityGood | Int32 | Number of devices whose battery maximum capacity is greater than 80%. Valid values 0 to 2147483647 |
batteryCapacityFair | Int32 | Number of devices whose battery maximum capacity is greater than 50% but lesser than 80%. Valid values 0 to 2147483647 |
batteryCapacityPoor | Int32 | Number of devices whose battery maximum capacity is lesser than 50%. Valid values 0 to 2147483647 |
lastRefreshedDateTime | DateTimeOffset | Recorded date time of this capacity details instance. |
userExperienceAnalyticsBatteryHealthDeviceAppImpact
Property | Type | Description |
---|---|---|
id | String | The unique identifier of the user experience analytics battery device app impact object. |
deviceId | String | The unique identifier of the device, Intune DeviceID or SCCM device id. |
appName | String | App name. Eg: oltk.exe |
appDisplayName | String | User friendly display name for the app. Eg: Outlook |
appPublisher | String | App publisher. Eg: Microsoft Corporation |
isForegroundApp | Boolean | true if the user had active interaction with the app. |
batteryUsagePercentage | Double | The percent of total battery power used by this application when the device was not plugged into AC power, over 14 days. Unit in percentage. Valid values 0 to 1.79769313486232E+308 |
userExperienceAnalyticsBatteryHealthDevicePerformance
Property | Type | Description |
---|---|---|
id | String | The unique identifier of the user experience analytics battery health device performance object. |
deviceId | String | The unique identifier of the device, Intune DeviceID. |
deviceName | String | Device friendly name. |
model | String | The model name of the device. |
manufacturer | String | The manufacturer name of the device. |
maxCapacityPercentage | Int32 | Ratio of current capacity and design capacity of the battery with the lowest capacity. Unit in percentage and values range from 0-100. Valid values 0 to 2147483647 |
estimatedRuntimeInMinutes | Int32 | The estimated runtime of the device when the battery is fully charged. Unit in minutes. Valid values 0 to 2147483647 |
batteryAgeInDays | Int32 | Estimated battery age. Unit in days. Valid values 0 to 2147483647 |
fullBatteryDrainCount | Int32 | Number of times the battery has been discharged an amount that equals 100% of its capacity, but not necessarily by discharging it from 100% to 0%. Valid values 0 to 2147483647 |
deviceBatteryCount | Int32 | Number of batteries in a user device. Valid values 1 to 2147483647 |
deviceBatteryHealthScore | Int32 | A weighted average of a device’s maximum capacity score and runtime estimate score. Values range from 0-100. Valid values 0 to 2147483647 |
healthStatus | userExperienceAnalyticsHealthState | The overall battery health status of the device. Possible values are: unknown , insufficientData , needsAttention , meetingGoals , unknownFutureValue . |
userExperienceAnalyticsBatteryHealthDeviceRuntimeHistory
Property | Type | Description |
---|---|---|
id | String | The unique identifier of the user experience analytics battery health runtime object. |
deviceId | String | The unique identifier of the device, Intune DeviceID or SCCM device id. |
runtimeDateTime | String | The datetime for the instance of runtime history. |
estimatedRuntimeInMinutes | Int32 | The estimated runtime of the device when the battery is fully charged. Unit in minutes. Valid values 0 to 2147483647 |
userExperienceAnalyticsBatteryHealthModelPerformance
Property | Type | Description |
---|---|---|
id | String | The unique identifier of the user experience analytics battery health model performance object. |
activeDevices | Int32 | Number of active devices for that model. Valid values 0 to 2147483647 |
model | String | The model name of the device. |
manufacturer | String | Name of the device manufacturer. |
averageMaxCapacityPercentage | Int32 | The mean of the maximum capacity for all devices of a given model. Maximum capacity measures the full charge vs. design capacity for a device’s batteries.. Valid values 0 to 2147483647 |
averageEstimatedRuntimeInMinutes | Int32 | The mean of the estimated runtimes on full charge for all devices of a given model. Unit in minutes. Valid values 0 to 2147483647 |
averageBatteryAgeInDays | Int32 | The mean of the battery age for all devices of a given model in a tenant. Unit in days. Valid values 0 to 2147483647 |
meanFullBatteryDrainCount | Int32 | The mean of number of times the battery has been discharged an amount that equals 100% of its capacity for all devices of a given model in a tenant. Valid values 0 to 2147483647 |
medianMaxCapacityPercentage | Int32 | The median of the maximum capacity for all devices of a given model. Maximum capacity measures the full charge vs. design capacity for a device’s batteries.. Valid values 0 to 2147483647 |
medianEstimatedRuntimeInMinutes | Int32 | The median of the estimated runtimes on full charge for all devices of a given model. Unit in minutes. Valid values 0 to 2147483647 |
medianFullBatteryDrainCount | Int32 | The median of number of times the battery has been discharged an amount that equals 100% of its capacity for all devices of a given model in a tenant. Valid values 0 to 2147483647 |
modelBatteryHealthScore | Int32 | A weighted average of a model’s maximum capacity score and runtime estimate score. Values range from 0-100. Valid values 0 to 2147483647 |
modelHealthStatus | userExperienceAnalyticsHealthState | The overall battery health status of a given model in a tenant. Possible values are: unknown , insufficientData , needsAttention , meetingGoals , unknownFutureValue . |
userExperienceAnalyticsBatteryHealthOsPerformance
Property | Type | Description |
---|---|---|
id | String | The unique identifier of the user experience analytics battery health os performance object. |
activeDevices | Int32 | Number of active devices for that os version. Valid values 0 to 2147483647 |
osVersion | String | Version of the operating system. |
osBuildNumber | String | Build number of the operating system. |
averageMaxCapacityPercentage | Int32 | The mean of the maximum capacity for all devices running a particular operating system version. Maximum capacity measures the full charge vs. design capacity for a device’s batteries.. Valid values 0 to 2147483647 |
averageEstimatedRuntimeInMinutes | Int32 | The mean of the estimated runtimes on full charge for all devices running a particular operating system version. Unit in minutes. Valid values 0 to 2147483647 |
averageBatteryAgeInDays | Int32 | The mean of the battery age for all devices running a particular operating system version in a tenant. Unit in days. Valid values 0 to 2147483647 |
meanFullBatteryDrainCount | Int32 | The mean of number of times the battery has been discharged an amount that equals 100% of its capacity for all devices running a particular operating system version in a tenant. Valid values 0 to 2147483647 |
medianMaxCapacityPercentage | Int32 | The median of the maximum capacity for all devices running a particular operating system version. Maximum capacity measures the full charge vs. design capacity for a device’s batteries.. Valid values 0 to 2147483647 |
medianEstimatedRuntimeInMinutes | Int32 | The median of the estimated runtimes on full charge for all devices running a particular operating system version. Unit in minutes. Valid values 0 to 2147483647 |
medianFullBatteryDrainCount | Int32 | The median of number of times the battery has been discharged an amount that equals 100% of its capacity for all devices running a particular operating system version in a tenant. Valid values 0 to 2147483647 |
osBatteryHealthScore | Int32 | A weighted average of battery health score across all devices running a particular operating system version. Values range from 0-100. Valid values 0 to 2147483647 |
osHealthStatus | userExperienceAnalyticsHealthState | The overall battery health status of a given os version in a tenant. Possible values are: unknown , insufficientData , needsAttention , meetingGoals , unknownFutureValue . |
userExperienceAnalyticsBatteryHealthRuntimeDetails
Property | Type | Description |
---|---|---|
id | String | The unique identifier of the user experience analytics battery health runtime object. |
activeDevices | Int32 | Number of active devices within the tenant. Valid values 0 to 2147483647 |
batteryRuntimeGood | Int32 | Number of devices whose active runtime is greater than 5 hours. Valid values 0 to 2147483647 |
batteryRuntimeFair | Int32 | Number of devices whose active runtime is greater than 3 hours but lesser than 5 hours. Valid values 0 to 2147483647 |
batteryRuntimePoor | Int32 | Number of devices whose active runtime is lesser than 3 hours. Valid values 0 to 2147483647 |
lastRefreshedDateTime | DateTimeOffset | Recorded date time of this runtime details instance. |
userExperienceAnalyticsCategory
Property | Type | Description |
---|---|---|
id | String | The unique identifier of the user experience analytics category. Read-only. |
overallScore | Int32 | The overall score of the user experience analytics category. |
totalDevices | Int32 | The total device count of the user experience analytics category. |
insights | userExperienceAnalyticsInsight collection | The insights for the category. Read-only. |
state | userExperienceAnalyticsHealthState | The current health state of the user experience analytics category. Possible values are: unknown , insufficientData , needsAttention , meetingGoals , unknownFutureValue . |
userExperienceAnalyticsDevicePerformance
Property | Type | Description |
---|---|---|
id | String | The unique identifier of the user experience analytics device boot performance device. |
deviceName | String | The user experience analytics device name. |
model | String | The user experience analytics device model. |
manufacturer | String | The user experience analytics device manufacturer. |
diskType | diskType | The user experience analytics device disk type. Possible values are: unknown , hdd , ssd , unknownFutureValue . |
operatingSystemVersion | String | The user experience analytics device Operating System version. |
bootScore | Int32 | The user experience analytics device boot score. |
coreBootTimeInMs | Int32 | The user experience analytics device core boot time in milliseconds. |
groupPolicyBootTimeInMs | Int32 | The user experience analytics device group policy boot time in milliseconds. |
healthStatus | userExperienceAnalyticsHealthState | The health state of the user experience analytics device. Possible values are: unknown , insufficientData , needsAttention , meetingGoals , unknownFutureValue . |
loginScore | Int32 | The user experience analytics device login score. |
coreLoginTimeInMs | Int32 | The user experience analytics device core login time in milliseconds. |
groupPolicyLoginTimeInMs | Int32 | The user experience analytics device group policy login time in milliseconds. |
deviceCount | Int64 | User experience analytics summarized device count. |
responsiveDesktopTimeInMs | Int32 | The user experience analytics responsive desktop time in milliseconds. |
blueScreenCount | Int32 | Number of Blue Screens in the last 30 days. Valid values 0 to 9999999 |
restartCount | Int32 | Number of Restarts in the last 30 days. Valid values 0 to 9999999 |
averageBlueScreens | Double | Average (mean) number of Blue Screens per device in the last 30 days. Valid values 0 to 9999999 |
averageRestarts | Double | Average (mean) number of Restarts per device in the last 30 days. Valid values 0 to 9999999 |
startupPerformanceScore | Double | The user experience analytics device startup performance score. Valid values -1.79769313486232E+308 to 1.79769313486232E+308 |
modelStartupPerformanceScore | Double | The user experience analytics model level startup performance score. Valid values -1.79769313486232E+308 to 1.79769313486232E+308 |
userExperienceAnalyticsDeviceScope
Property | Type | Description |
---|---|---|
id | String | The unique identifier for the device scope configuration. |
deviceScopeName | String | The name of the user experience analytics device Scope configuration. |
ownerId | String | The unique identifier of the person (admin) who created the device scope configuration. |
isBuiltIn | Boolean | Indicates whether the device scope configuration is built-in or custom. When TRUE, the device scope configuration is built-in. When FALSE, the device scope configuration is custom. Default value is FALSE. |
enabled | Boolean | Indicates whether a device scope is enabled or disabled. When TRUE, the device scope is enabled. When FALSE, the device scope is disabled. Default value is FALSE. |
status | deviceScopeStatus | Indicates the device scope status after the device scope has been enabled. Possible values are: none, computing, insufficientData or completed. Default value is none. Possible values are: none , computing , insufficientData , completed , unknownFutureValue . |
parameter | deviceScopeParameter | Device scope configuration parameter. It will be extended in future to add more parameter. Eg: device scope parameter can be OS version, Disk Type, Device manufacturer, device model or Scope tag. Default value: scopeTag. Possible values are: none , scopeTag , unknownFutureValue . |
operator | deviceScopeOperator | Device scope configuration query operator. Possible values are: equals, notEquals, contains, notContains, greaterThan, lessThan. Default value: equals. Possible values are: none , equals , unknownFutureValue . |
valueObjectId | String | The unique identifier for a user device scope tag Id used for the creation of device scope configuration. |
value | String | The device scope configuration query clause value. |
createdDateTime | DateTimeOffset | Indicates the creation date and time for the custom device scope. |
lastModifiedDateTime | DateTimeOffset | Indicates the last updated date and time for the custom device scope. |
userExperienceAnalyticsDeviceScopeSummary
Property | Type | Description |
---|---|---|
totalDeviceScopes | Int32 | The total number of user experience analytics device scopes. Valid values -2147483648 to 2147483647 |
totalDeviceScopesEnabled | Int32 | The total number of user experience analytics device scopes that are enabled. Valid values -2147483648 to 2147483647 |
completedDeviceScopeIds | String collection | A collection of the user experience analytics device scope Unique Identifiers that are enabled and finished recalculating the report metric. |
insufficientDataDeviceScopeIds | String collection | A collection of user experience analytics device scope Unique Identitfiers that are enabled but there is insufficient data to calculate results. |
userExperienceAnalyticsDeviceScores
Property | Type | Description |
---|---|---|
id | String | The unique identifier of the user experience analytics device score entry. Supports: $select, $OrderBy. Read-only. |
deviceName | String | The name of the device. Supports: $select, $OrderBy. Read-only. |
model | String | The model name of the device. Supports: $select, $OrderBy. Read-only. |
manufacturer | String | The manufacturer name of the device. Examples: Microsoft Corporation, HP, Lenovo. Supports: $select, $OrderBy. Read-only. |
endpointAnalyticsScore | Double | Indicates a weighted average of the various scores. Valid values range from 0-100. Value -1 means associated score is unavailable. A higher score indicates a healthier device. Read-only. Valid values -1.79769313486232E+308 to 1.79769313486232E+308 |
startupPerformanceScore | Double | Indicates a weighted average of boot score and logon score used for measuring startup performance. Valid values range from 0-100. Value -1 means associated score is unavailable. A higher score indicates a healthier device. Read-only. Valid values -1.79769313486232E+308 to 1.79769313486232E+308 |
appReliabilityScore | Double | Indicates a score calculated from application health data to indicate when a device is having problems running one or more applications. Valid values range from 0-100. Value -1 means associated score is unavailable. A higher score indicates a healthier device. Read-only. Valid values -1.79769313486232E+308 to 1.79769313486232E+308 |
workFromAnywhereScore | Double | Indicates a weighted score of the work from anywhere on a device level. Valid values range from 0-100. Value -1 means associated score is unavailable. A higher score indicates a healthier device. Read-only. Valid values -1.79769313486232E+308 to 1.79769313486232E+308 |
batteryHealthScore | Double | Indicates a calulated score indicating the health of the device's battery. Valid values range from 0-100. Value -1 means associated score is unavailable. A higher score indicates a healthier device. Read-only. Valid values -1.79769313486232E+308 to 1.79769313486232E+308 |
healthStatus | userExperienceAnalyticsHealthState | The health status of the device. Possible values are: unknown, insufficientData, needsAttention, meetingGoals. Unknown by default. Supports: $filter, $select, $OrderBy. Read-only. Possible values are: unknown , insufficientData , needsAttention , meetingGoals , unknownFutureValue . |
userExperienceAnalyticsDeviceStartupHistory
Property | Type | Description |
---|---|---|
id | String | The unique identifier of the user experience analytics device startup history. Supports: $select, $OrderBy. Read-only. |
deviceId | String | The Intune device id of the device. Supports: $select, $OrderBy. Read-only. |
startTime | DateTimeOffset | The device boot start time. The value cannot be modified and is automatically populated when the device performs a reboot. The Timestamp type represents date and time information using ISO 8601 format and is always in UTC time. For example, midnight UTC on Jan 1, 2022 would look like this: '2022-01-01T00:00:00Z'. Returned by default. Read-only. |
coreBootTimeInMs | Int32 | The device core boot time in milliseconds. Supports: $select, $OrderBy. Read-only. |
groupPolicyBootTimeInMs | Int32 | The impact of device group policy client on boot time in milliseconds. Supports: $select, $OrderBy. Read-only. |
featureUpdateBootTimeInMs | Int32 | The impact of device feature updates on boot time in milliseconds. Supports: $select, $OrderBy. Read-only. |
totalBootTimeInMs | Int32 | The device total boot time in milliseconds. Supports: $select, $OrderBy. Read-only. |
groupPolicyLoginTimeInMs | Int32 | The impact of device group policy client on login time in milliseconds. Supports: $select, $OrderBy. Read-only. |
coreLoginTimeInMs | Int32 | The device core login time in milliseconds. Supports: $select, $OrderBy. Read-only. |
responsiveDesktopTimeInMs | Int32 | The time for desktop to become responsive during login process in milliseconds. Supports: $select, $OrderBy. Read-only. |
totalLoginTimeInMs | Int32 | The device total login time in milliseconds. Supports: $select, $OrderBy. Read-only. |
isFirstLogin | Boolean | When TRUE, indicates the device login is the first login after a reboot. When FALSE, indicates the device login is not the first login after a reboot. Supports: $select, $OrderBy. Read-only. |
isFeatureUpdate | Boolean | When TRUE, indicates the device boot record is associated with feature updates. When FALSE, indicates the device boot record is not associated with feature updates. Supports: $select, $OrderBy. Read-only. |
operatingSystemVersion | String | The user experience analytics device boot record's operating system version. Supports: $select, $OrderBy. Read-only. |
restartCategory | userExperienceAnalyticsOperatingSystemRestartCategory | OS restart category. Possible values are: unknown, restartWithUpdate, restartWithoutUpdate, blueScreen, shutdownWithUpdate, shutdownWithoutUpdate, longPowerButtonPress, bootError, update. Unknown by default. Supports: $select, $OrderBy. Read-only. Possible values are: unknown , restartWithUpdate , restartWithoutUpdate , blueScreen , shutdownWithUpdate , shutdownWithoutUpdate , longPowerButtonPress , bootError , update , unknownFutureValue . |
restartStopCode | String | OS restart stop code. This shows the bug check code which can be used to look up the blue screen reason. Supports: $select, $OrderBy. Read-only. |
restartFaultBucket | String | OS restart fault bucket. The fault bucket is used to find additional information about a system crash. Supports: $select, $OrderBy. Read-only. |
userExperienceAnalyticsDeviceStartupProcess
Property | Type | Description |
---|---|---|
id | String | The unique identifier of the user experience analytics device startup process. Supports: $select, $OrderBy. Read-only. |
managedDeviceId | String | The Intune device id of the device. Supports: $select, $OrderBy. Read-only. |
processName | String | The name of the process. Examples: outlook, excel. Supports: $select, $OrderBy. Read-only. |
productName | String | The product name of the process. Examples: Microsoft Outlook, Microsoft Excel. Supports: $select, $OrderBy. Read-only. |
publisher | String | The publisher of the process. Examples: Microsoft Corporation, Contoso Corp. Supports: $select, $OrderBy. Read-only. |
startupImpactInMs | Int32 | The impact of startup process on device boot time in milliseconds. Supports: $select, $OrderBy. Read-only. |
userExperienceAnalyticsDeviceStartupProcessPerformance
Property | Type | Description |
---|---|---|
id | String | The unique identifier of the user experience analytics device startup process performance. Supports: $select, $OrderBy. Read-only. |
processName | String | The name of the startup process. Examples: outlook, excel. Supports: $select, $OrderBy. Read-only. |
productName | String | The product name of the startup process. Examples: Microsoft Outlook, Microsoft Excel. Supports: $select, $OrderBy. Read-only. |
publisher | String | The publisher of the startup process. Examples: Microsoft Corporation, Contoso Corp. Supports: $select, $OrderBy. Read-only. |
deviceCount | Int64 | The count of devices which initiated this process on startup. Supports: $filter, $select, $OrderBy. Read-only. |
medianImpactInMs | Int64 | The median impact of startup process on device boot time in milliseconds. Supports: $filter, $select, $OrderBy. Read-only. |
totalImpactInMs | Int64 | The total impact of startup process on device boot time in milliseconds. Supports: $filter, $select, $OrderBy. Read-only. |
userExperienceAnalyticsDeviceTimelineEvents
Property | Type | Description |
---|---|---|
id | String | The unique identifier of the user experience analytics NRT device timeline events object. |
deviceId | String | The id of the device where the event occurred. |
eventDateTime | DateTimeOffset | The time the event occured. |
eventLevel | deviceEventLevel | The severity level of the event enum. Possible values are: none , verbose , information , warning , error ,critical . Default value: none . Possible values are: none , verbose , information , warning , error , critical , unknownFutureValue . |
eventSource | String | The source of the event. Examples include: Intune, Sccm. |
eventName | String | The name of the event. Examples include: BootEvent, LogonEvent, AppCrashEvent, AppHangEvent. |
eventDetails | String | The details provided by the event, format depends on event type. |
eventAdditionalInformation | String | Placeholder value for future expansion. |
userExperienceAnalyticsDeviceWithoutCloudIdentity
Property | Type | Description |
---|---|---|
id | String | The unique identifier of the user experience analytics tenant attach device. |
deviceName | String | The tenant attach device's name. |
azureAdDeviceId | String | Azure Active Directory Device Id |
userExperienceAnalyticsImpactingProcess
Property | Type | Description |
---|---|---|
id | String | The unique identifier of the user experience analytics top impacting process entity. |
deviceId | String | The unique identifier of the impacted device. |
category | String | The category of impacting process. |
processName | String | The process name. |
description | String | The description of process. |
publisher | String | The publisher of the process. |
impactValue | Double | The impact value of the process. Valid values 0 to 1.79769313486232E+308 |
userExperienceAnalyticsMetric
Property | Type | Description |
---|---|---|
id | String | The unique identifier of the user experience analytics metric. |
value | Double | The value of the user experience analytics metric. |
unit | String | The unit of the user experience analytics metric. Examples: none, percentage, count, seconds, score. |
userExperienceAnalyticsMetricHistory
Property | Type | Description |
---|---|---|
id | String | The unique identifier of the user experience analytics metric history. |
deviceId | String | The Intune device id of the device. |
metricDateTime | DateTimeOffset | The metric date time. The value cannot be modified and is automatically populated when the metric is created. The Timestamp type represents date and time information using ISO 8601 format and is always in UTC time. For example, midnight UTC on Jan 1, 2014 would look like this: '2014-01-01T00:00:00Z'. Returned by default. |
metricType | String | The user experience analytics metric type. |
userExperienceAnalyticsModelScores
Property | Type | Description |
---|---|---|
id | String | The unique identifier of the user experience analytics model score entry. Supports: $select, $OrderBy. Read-only. |
model | String | The model name of the device. Supports: $select, $OrderBy. Read-only. |
manufacturer | String | The manufacturer name of the device. Examples: Microsoft Corporation, HP, Lenovo. Supports: $select, $OrderBy. Read-only. |
modelDeviceCount | Int64 | Indicates unique devices count of given model in a consolidated report. Supports: $select, $OrderBy. Read-only. Valid values -9.22337203685478E+18 to 9.22337203685478E+18 |
endpointAnalyticsScore | Double | Indicates a weighted average of the various scores. Valid values range from 0-100. Value -1 means associated score is unavailable. A higher score indicates a healthier device. Read-only. Valid values -1.79769313486232E+308 to 1.79769313486232E+308 |
startupPerformanceScore | Double | Indicates a weighted average of boot score and logon score used for measuring startup performance. Valid values range from 0-100. Value -1 means associated score is unavailable. A higher score indicates a healthier device. Read-only. Valid values -1.79769313486232E+308 to 1.79769313486232E+308 |
appReliabilityScore | Double | Indicates a score calculated from application health data to indicate when a device is having problems running one or more applications. Valid values range from 0-100. Value -1 means associated score is unavailable. A higher score indicates a healthier device. Read-only. Valid values -1.79769313486232E+308 to 1.79769313486232E+308 |
workFromAnywhereScore | Double | Indicates a weighted score of the work from anywhere on a device level. Valid values range from 0-100. Value -1 means associated score is unavailable. A higher score indicates a healthier device. Read-only. Valid values -1.79769313486232E+308 to 1.79769313486232E+308 |
batteryHealthScore | Double | Indicates a calulated score indicating the health of the device's battery. Valid values range from 0-100. Value -1 means associated score is unavailable. A higher score indicates a healthier device. Read-only. Valid values -1.79769313486232E+308 to 1.79769313486232E+308 |
healthStatus | userExperienceAnalyticsHealthState | The health status of the device. Possible values are: unknown, insufficientData, needsAttention, meetingGoals. Unknown by default. Supports: $filter, $select, $OrderBy. Read-only. Possible values are: unknown , insufficientData , needsAttention , meetingGoals , unknownFutureValue . |
userExperienceAnalyticsNotAutopilotReadyDevice
Property | Type | Description |
---|---|---|
id | String | The unique identifier of the user experience analytics intune device. |
deviceName | String | The intune device's name. |
serialNumber | String | The intune device's serial number. |
manufacturer | String | The intune device's manufacturer. |
model | String | The intune device's model. |
managedBy | String | The intune device's managed by. |
autoPilotRegistered | Boolean | The intune device's autopilotRegistered. |
autoPilotProfileAssigned | Boolean | The intune device's autopilotProfileAssigned. |
azureAdRegistered | Boolean | The intune device's azureAdRegistered. |
azureAdJoinType | String | The intune device's azure Ad joinType. |
userExperienceAnalyticsOverview
Property | Type | Description |
---|---|---|
id | String | The unique identifier of the user experience analytics overview. Supports: $select, $OrderBy. Read-only. |
overallScore | Int32 | The user experience analytics overall score. |
deviceBootPerformanceOverallScore | Int32 | The user experience analytics device boot performance overall score. |
bestPracticesOverallScore | Int32 | The user experience analytics best practices overall score. |
workFromAnywhereOverallScore | Int32 | The user experience analytics Work From Anywhere overall score. |
appHealthOverallScore | Int32 | The user experience analytics app health overall score. |
resourcePerformanceOverallScore | Int32 | The user experience analytics resource performance overall score. |
batteryHealthOverallScore | Int32 | The user experience analytics battery health overall score. |
insights | userExperienceAnalyticsInsight collection | The user experience analytics insights. Read-only. |
state | userExperienceAnalyticsHealthState | The current health state of the user experience analytics overview. Possible values are: unknown , insufficientData , needsAttention , meetingGoals , unknownFutureValue . |
deviceBootPerformanceHealthState | userExperienceAnalyticsHealthState | The current health state of the user experience analytics 'BootPerformance' category. Possible values are: unknown , insufficientData , needsAttention , meetingGoals , unknownFutureValue . |
bestPracticesHealthState | userExperienceAnalyticsHealthState | The current health state of the user experience analytics 'BestPractices' category. Possible values are: unknown , insufficientData , needsAttention , meetingGoals , unknownFutureValue . |
workFromAnywhereHealthState | userExperienceAnalyticsHealthState | The current health state of the user experience analytics 'WorkFromAnywhere' category. Possible values are: unknown , insufficientData , needsAttention , meetingGoals , unknownFutureValue . |
appHealthState | userExperienceAnalyticsHealthState | The current health state of the user experience analytics 'BestPractices' category. Possible values are: unknown , insufficientData , needsAttention , meetingGoals , unknownFutureValue . |
resourcePerformanceHealthState | userExperienceAnalyticsHealthState | The current health state of the user experience analytics 'ResourcePerformance' category. Possible values are: unknown , insufficientData , needsAttention , meetingGoals , unknownFutureValue . |
batteryHealthState | userExperienceAnalyticsHealthState | The current health state of the user experience analytics 'BatteryHealth' category. Possible values are: unknown , insufficientData , needsAttention , meetingGoals , unknownFutureValue . |
userExperienceAnalyticsRegressionSummary
Property | Type | Description |
---|---|---|
id | String | The unique identifier of the user experience analytics regression summary. |
userExperienceAnalyticsRemoteConnection
Property | Type | Description |
---|---|---|
id | String | The unique identifier of the user experience analytics remote connection entity. |
deviceId | String | The id of the device. |
deviceName | String | The name of the device. |
model | String | The user experience analytics device model. |
virtualNetwork | String | The user experience analytics virtual network. |
manufacturer | String | The user experience analytics manufacturer. |
deviceCount | Int32 | The count of remote connection. Valid values 0 to 2147483647 |
cloudPcRoundTripTime | Double | The round tip time of Cloud PC Device. Valid values 0 to 1.79769313486232E+308 |
cloudPcSignInTime | Double | The sign in time of Cloud PC Device. Valid values 0 to 1.79769313486232E+308 |
remoteSignInTime | Double | The remote sign in time of Cloud PC Device. Valid values 0 to 1.79769313486232E+308 |
coreBootTime | Double | The core boot time of Cloud PC Device. Valid values 0 to 1.79769313486232E+308 |
coreSignInTime | Double | The core sign in time of Cloud PC Device. Valid values 0 to 1.79769313486232E+308 |
cloudPcFailurePercentage | Double | The sign in failure percentage of Cloud PC Device. Valid values 0 to 100 |
userPrincipalName | String | The user experience analytics userPrincipalName. |
userExperienceAnalyticsResourcePerformance
Property | Type | Description |
---|---|---|
id | String | The unique identifier of the user experience analytics resource performance entity. |
deviceId | String | The id of the device. |
deviceName | String | The name of the device. |
model | String | The user experience analytics device model. |
deviceCount | Int64 | User experience analytics summarized device count. |
manufacturer | String | The user experience analytics device manufacturer. |
cpuSpikeTimePercentage | Double | CPU spike time in percentage. Valid values 0 to 100 |
ramSpikeTimePercentage | Double | RAM spike time in percentage. Valid values 0 to 100 |
cpuSpikeTimeScore | Int32 | The user experience analytics device CPU spike time score. Valid values 0 to 100 |
cpuSpikeTimePercentageThreshold | Double | Threshold of cpuSpikeTimeScore. Valid values 0 to 100 |
ramSpikeTimeScore | Int32 | The user experience analytics device RAM spike time score. Valid values 0 to 100 |
ramSpikeTimePercentageThreshold | Double | Threshold of ramSpikeTimeScore. Valid values 0 to 100 |
deviceResourcePerformanceScore | Int32 | Resource performance score of a specific device. Valid values 0 to 100 |
averageSpikeTimeScore | Int32 | AverageSpikeTimeScore of a device or a model type. Valid values 0 to 100 |
userExperienceAnalyticsScoreHistory
Property | Type | Description |
---|---|---|
id | String | The unique identifier of the user experience analytics device startup process. Supports: $select, $OrderBy. Read-only. |
startupDateTime | DateTimeOffset | The device startup date time. The value cannot be modified and is automatically populated. The Timestamp type represents date and time information using ISO 8601 format and is always in UTC time. For example, midnight UTC on Jan 1, 2014 would look like this: '2014-01-01T00:00:00Z'. Returned by default. |
overallScore | Int32 | User experience analytics overall score. Score will be in the range 0-100, 100 is the ideal score. Valid values 0 to 100 |
startupScore | Int32 | User experience analytics device startup score. Score will be in the range 0-100, 100 is the ideal score. |
coreBootScore | Int32 | The user experience analytics device core boot score. Score will be in the range 0-100, 100 is the ideal score. |
coreSigninScore | Int32 | The User experience analytics device core sign-in score. Score will be in the range 0-100, 100 is the ideal score. |
recommendedSoftwareScore | Int32 | The User experience analytics device core sign-in score. Score will be in the range 0-100, 100 is the ideal score. |
appHealthOverallScore | Int32 | The User experience analytics app health overall score. |
workFromAnywhereScore | Int32 | The User experience analytics work from anywhere score. |
batteryHealthScore | Int32 | The User experience analytics battery health score. |
startupTotalDevices | Int32 | The total device count of the user experience analytics category startup performance. |
recommendedSoftwareTotalDevices | Int32 | The total device count of the user experience analytics category recommended software. |
appHealthTotalDevices | Int32 | The total device count of the user experience analytics category app health. |
workFromAnywhereTotalDevices | Int32 | The total device count of the user experience analytics category work from anywhere. |
batteryHealthTotalDevices | Int32 | The total device count of the user experience analytics category battery health. |
restartScore | Int32 | Restart score. Score will be in the range 0-100, 100 is the ideal score, 0 indicates excessive restarts. Valid values 0 to 9999999 |
intune-devices-userexperienceanalyticssummarizedby
userExperienceAnalyticsWorkFromAnywhereDevice
Property | Type | Description |
---|---|---|
id | String | The unique identifier of the user experience analytics work from anywhere device. Supports: $select, $OrderBy. Read-only. |
deviceId | String | The Intune device id of the device. Supports: $select, $OrderBy. Read-only. |
deviceName | String | The name of the device. Supports: $select, $OrderBy. Read-only. |
serialNumber | String | The serial number of the device. Supports: $select, $OrderBy. Read-only. |
manufacturer | String | The manufacturer name of the device. Supports: $select, $OrderBy. Read-only. |
model | String | The model name of the device. Supports: $select, $OrderBy. Read-only. |
ownership | String | Ownership of the device. Supports: $select, $OrderBy. Read-only. |
managedBy | String | The management agent of the device. Supports: $select, $OrderBy. Read-only. |
autoPilotRegistered | Boolean | When TRUE, indicates the intune device's autopilot is registered. When FALSE, indicates it's not registered. Supports: $select, $OrderBy. Read-only. |
autoPilotProfileAssigned | Boolean | When TRUE, indicates the intune device's autopilot profile is assigned. When FALSE, indicates it's not Assigned. Supports: $select, $OrderBy. Read-only. |
azureAdRegistered | Boolean | When TRUE, indicates the device's Azure Active Directory (Azure AD) is registered. When False, indicates it's not registered. Supports: $select, $OrderBy. Read-only. |
azureAdDeviceId | String | The Azure Active Directory (Azure AD) device Id. Supports: $select, $OrderBy. Read-only. |
azureAdJoinType | String | The work from anywhere device's Azure Active Directory (Azure AD) join type. Supports: $select, $OrderBy. Read-only. |
osDescription | String | The OS description of the device. Supports: $select, $OrderBy. Read-only. |
osVersion | String | The OS version of the device. Supports: $select, $OrderBy. Read-only. |
tenantAttached | Boolean | When TRUE, indicates the device is Tenant Attached. When FALSE, indicates it's not Tenant Attached. Supports: $select, $OrderBy. Read-only. |
compliancePolicySetToIntune | Boolean | When TRUE, indicates the device's compliance policy is set to intune. When FALSE, indicates it's not set to intune. Supports: $select, $OrderBy. Read-only. |
otherWorkloadsSetToIntune | Boolean | When TRUE, indicates the device's other workloads is set to intune. When FALSE, indicates it's not set to intune. Supports: $select, $OrderBy. Read-only. |
isCloudManagedGatewayEnabled | Boolean | When TRUE, indicates the device's Cloud Management Gateway for Configuration Manager is enabled. When FALSE, indicates it's not enabled. Supports: $select, $OrderBy. Read-only. |
upgradeEligibility | operatingSystemUpgradeEligibility | The windows upgrade eligibility status of device. Possible values are: upgraded, unknown, notCapable, capable. Unknown by default. Supports: $select, $OrderBy. Read-only. Possible values are: upgraded , unknown , notCapable , capable , unknownFutureValue . |
ramCheckFailed | Boolean | When TRUE, indicates RAM hardware check failed for device to upgrade to the latest version of windows. When FALSE, indicates the check succeeded. Supports: $select, $OrderBy. Read-only. |
storageCheckFailed | Boolean | When TRUE, indicates storage hardware check failed for device to upgrade to the latest version of windows. When FALSE, indicates the check succeeded. Supports: $select, $OrderBy. Read-only. |
processorCoreCountCheckFailed | Boolean | When TRUE, indicates processor hardware core count check failed for device to upgrade to the latest version of windows. When FALSE, indicates the check succeeded. Supports: $select, $OrderBy. Read-only. |
processorSpeedCheckFailed | Boolean | When TRUE, indicates processor hardware speed check failed for device to upgrade to the latest version of windows. When FALSE, indicates the check succeeded. Supports: $select, $OrderBy. Read-only. |
tpmCheckFailed | Boolean | When TRUE, indicates Trusted Platform Module (TPM) hardware check failed for device to the latest version of upgrade to windows. When FALSE, indicates the check succeeded. Supports: $select, $OrderBy. Read-only. |
secureBootCheckFailed | Boolean | When TRUE, indicates secure boot hardware check failed for device to upgrade to the latest version of windows. When FALSE, indicates the check succeeded. Supports: $select, $OrderBy. Read-only. |
processorFamilyCheckFailed | Boolean | When TRUE, indicates processor hardware family check failed for device to upgrade to the latest version of windows. When FALSE, indicates the check succeeded. Supports: $select, $OrderBy. Read-only. |
processor64BitCheckFailed | Boolean | When TRUE, indicates processor hardware 64-bit architecture check failed for device to upgrade to the latest version of windows. When FALSE, indicates the check succeeded. Supports: $select, $OrderBy. Read-only. |
osCheckFailed | Boolean | When TRUE, indicates OS check failed for device to upgrade to the latest version of windows. When FALSE, indicates the check succeeded. Supports: $select, $OrderBy. Read-only. |
workFromAnywhereScore | Double | Indicates work from anywhere per device overall score. Valid values 0 to 100. Value -1 means associated score is unavailable. Supports: $select, $OrderBy. Read-only. Valid values -1.79769313486232E+308 to 1.79769313486232E+308 |
windowsScore | Double | Indicates per device windows score. Valid values 0 to 100. Value -1 means associated score is unavailable. Supports: $select, $OrderBy. Read-only. Valid values -1.79769313486232E+308 to 1.79769313486232E+308 |
cloudManagementScore | Double | Indicates per device cloud management score. Valid values 0 to 100. Value -1 means associated score is unavailable. Supports: $select, $OrderBy. Read-only. Valid values -1.79769313486232E+308 to 1.79769313486232E+308 |
cloudIdentityScore | Double | Indicates per device cloud identity score. Valid values 0 to 100. Value -1 means associated score is unavailable. Supports: $select, $OrderBy. Read-only. Valid values -1.79769313486232E+308 to 1.79769313486232E+308 |
cloudProvisioningScore | Double | Indicates per device cloud provisioning score. Valid values 0 to 100. Value -1 means associated score is unavailable. Supports: $select, $OrderBy. Read-only. Valid values -1.79769313486232E+308 to 1.79769313486232E+308 |
healthStatus | userExperienceAnalyticsHealthState | The health state of the user experience analytics work from anywhere device. Possible values are: unknown, insufficientData, needsAttention, meetingGoals. Unknown by default. Supports: $select, $OrderBy. Read-only. Possible values are: unknown , insufficientData , needsAttention , meetingGoals , unknownFutureValue . |
userExperienceAnalyticsWorkFromAnywhereHardwareReadinessMetric
Property | Type | Description |
---|---|---|
id | String | The unique identifier of the user experience analytics hardware readiness metric object. Supports: $select, $OrderBy. Read-only. |
totalDeviceCount | Int32 | The count of total devices in an organization. Valid values 0 to 2147483647. Supports: $select, $OrderBy. Read-only. Valid values -2147483648 to 2147483647 |
upgradeEligibleDeviceCount | Int32 | The count of devices in an organization eligible for windows upgrade. Valid values 0 to 2147483647. Supports: $select, $OrderBy. Read-only. Valid values -2147483648 to 2147483647 |
ramCheckFailedPercentage | Double | The percentage of devices for which RAM hardware check has failed. Valid values 0 to 100. Supports: $select, $OrderBy. Read-only. Valid values -1.79769313486232E+308 to 1.79769313486232E+308 |
storageCheckFailedPercentage | Double | The percentage of devices for which storage hardware check has failed. Valid values 0 to 100. Supports: $select, $OrderBy. Read-only. Valid values -1.79769313486232E+308 to 1.79769313486232E+308 |
processorCoreCountCheckFailedPercentage | Double | The percentage of devices for which processor hardware core count check has failed. Valid values 0 to 100. Supports: $select, $OrderBy. Read-only. Valid values -1.79769313486232E+308 to 1.79769313486232E+308 |
processorSpeedCheckFailedPercentage | Double | The percentage of devices for which processor hardware speed check has failed. Valid values 0 to 100. Supports: $select, $OrderBy. Read-only. Valid values -1.79769313486232E+308 to 1.79769313486232E+308 |
tpmCheckFailedPercentage | Double | The percentage of devices for which Trusted Platform Module (TPM) hardware check has failed. Valid values 0 to 100. Supports: $select, $OrderBy. Read-only. Valid values -1.79769313486232E+308 to 1.79769313486232E+308 |
secureBootCheckFailedPercentage | Double | The percentage of devices for which secure boot hardware check has failed. Valid values 0 to 100. Supports: $select, $OrderBy. Read-only. Valid values -1.79769313486232E+308 to 1.79769313486232E+308 |
processorFamilyCheckFailedPercentage | Double | The percentage of devices for which processor hardware family check has failed. Valid values 0 to 100. Supports: $select, $OrderBy. Read-only. Valid values -1.79769313486232E+308 to 1.79769313486232E+308 |
processor64BitCheckFailedPercentage | Double | The percentage of devices for which processor hardware 64-bit architecture check has failed. Valid values 0 to 100. Supports: $select, $OrderBy. Read-only. Valid values -1.79769313486232E+308 to 1.79769313486232E+308 |
osCheckFailedPercentage | Double | The percentage of devices for which OS check has failed. Valid values 0 to 100. Supports: $select, $OrderBy. Read-only. Valid values -1.79769313486232E+308 to 1.79769313486232E+308 |
userExperienceAnalyticsWorkFromAnywhereMetric
Property | Type | Description |
---|---|---|
id | String | The unique identifier of the user experience analytics work from anywhere metric. Read-only. |
userExperienceAnalyticsWorkFromAnywhereModelPerformance
Property | Type | Description |
---|---|---|
id | String | The unique identifier of the work from anywhere model performance object. Supports: $select, $OrderBy. Read-only. |
model | String | The model name of the device. Supports: $select, $OrderBy. Read-only. |
manufacturer | String | The manufacturer name of the device. Supports: $select, $OrderBy. Read-only. |
modelDeviceCount | Int32 | The devices count for the model. Supports: $select, $OrderBy. Read-only. Valid values -2147483648 to 2147483647 |
workFromAnywhereScore | Double | The work from anywhere score of the device model. Valid values 0 to 100. Value -1 means associated score is unavailable. Supports: $select, $OrderBy. Read-only. Valid values -1.79769313486232E+308 to 1.79769313486232E+308 |
windowsScore | Double | The window score of the device model. Valid values 0 to 100. Value -1 means associated score is unavailable. Supports: $select, $OrderBy. Read-only. Valid values -1.79769313486232E+308 to 1.79769313486232E+308 |
cloudManagementScore | Double | The cloud management score of the device model. Valid values 0 to 100. Value -1 means associated score is unavailable. Supports: $select, $OrderBy. Read-only. Valid values -1.79769313486232E+308 to 1.79769313486232E+308 |
cloudIdentityScore | Double | The cloud identity score of the device model. Valid values 0 to 100. Value -1 means associated score is unavailable. Supports: $select, $OrderBy. Read-only. Valid values -1.79769313486232E+308 to 1.79769313486232E+308 |
cloudProvisioningScore | Double | The cloud provisioning score of the device model. Valid values 0 to 100. Value -1 means associated score is unavailable. Supports: $select, $OrderBy. Read-only. Valid values -1.79769313486232E+308 to 1.79769313486232E+308 |
healthStatus | userExperienceAnalyticsHealthState | The health state of the user experience analytics work from anywhere device model. Possible values are: unknown, insufficientData, needsAttention, meetingGoals. Unknown by default. Supports: $select, $OrderBy. Read-only. Possible values are: unknown , insufficientData , needsAttention , meetingGoals , unknownFutureValue . |
windowsDeviceMalwareState
Property | Type | Description |
---|---|---|
id | String | The unique Identifier. This is malware id. |
displayName | String | Malware name |
additionalInformationUrl | String | Information URL to learn more about the malware |
severity | windowsMalwareSeverity | Severity of the malware. Possible values are: unknown , low , moderate , high , severe . |
executionState | windowsMalwareExecutionState | Execution status of the malware like blocked/executing etc. Possible values are: unknown , blocked , allowed , running , notRunning . |
state | windowsMalwareState | Current status of the malware like cleaned/quarantined/allowed etc. Possible values are: unknown , detected , cleaned , quarantined , removed , allowed , blocked , cleanFailed , quarantineFailed , removeFailed , allowFailed , abandoned , blockFailed . |
threatState | windowsMalwareThreatState | Current status of the malware like cleaned/quarantined/allowed etc. Possible values are: active , actionFailed , manualStepsRequired , fullScanRequired , rebootRequired , remediatedWithNonCriticalFailures , quarantined , removed , cleaned , allowed , noStatusCleared . |
initialDetectionDateTime | DateTimeOffset | Initial detection datetime of the malware |
lastStateChangeDateTime | DateTimeOffset | The last time this particular threat was changed |
detectionCount | Int32 | Number of times the malware is detected |
category | windowsMalwareCategory | Category of the malware. Possible values are: invalid , adware , spyware , passwordStealer , trojanDownloader , worm , backdoor , remoteAccessTrojan , trojan , emailFlooder , keylogger , dialer , monitoringSoftware , browserModifier , cookie , browserPlugin , aolExploit , nuker , securityDisabler , jokeProgram , hostileActiveXControl , softwareBundler , stealthNotifier , settingsModifier , toolBar , remoteControlSoftware , trojanFtp , potentialUnwantedSoftware , icqExploit , trojanTelnet , exploit , filesharingProgram , malwareCreationTool , remote_Control_Software , tool , trojanDenialOfService , trojanDropper , trojanMassMailer , trojanMonitoringSoftware , trojanProxyServer , virus , known , unknown , spp , behavior , vulnerability , policy , enterpriseUnwantedSoftware , ransom , hipsRule . |
windowsMalwareInformation
Property | Type | Description |
---|---|---|
id | String | The unique Identifier. This is malware id. |
displayName | String | Indicates the name of the malware |
additionalInformationUrl | String | Indicates an informational URL to learn more about the malware |
severity | windowsMalwareSeverity | Severity of the malware. Possible values are: unknown, low, moderate, high, severe. default is unknown. Possible values are: unknown , low , moderate , high , severe . |
category | windowsMalwareCategory | Category of the malware. Possible values are: invalid, adware, spyware, passwordStealer, trojanDownloader, worm, backdoor, remoteAccessTrojan, trojan, emailFlooder, keylogger, dialer, monitoringSoftware, browserModifier, cookie, browserPlugin, aolExploit, nuker, securityDisabler, jokeProgram, hostileActiveXControl, softwareBundler, stealthNotifier, settingsModifier, toolBar, remoteControlSoftware, trojanFtp, potentialUnwantedSoftware, icqExploit, trojanTelnet, exploit, filesharingProgram, malwareCreationTool, remote_Control_Software, tool, trojanDenialOfService, trojanDropper, trojanMassMailer, trojanMonitoringSoftware, trojanProxyServer, virus, known, unknown, spp, behavior, vulnerability, policy, enterpriseUnwantedSoftware, ransom, hipsRule. default value is invalid. Possible values are: invalid , adware , spyware , passwordStealer , trojanDownloader , worm , backdoor , remoteAccessTrojan , trojan , emailFlooder , keylogger , dialer , monitoringSoftware , browserModifier , cookie , browserPlugin , aolExploit , nuker , securityDisabler , jokeProgram , hostileActiveXControl , softwareBundler , stealthNotifier , settingsModifier , toolBar , remoteControlSoftware , trojanFtp , potentialUnwantedSoftware , icqExploit , trojanTelnet , exploit , filesharingProgram , malwareCreationTool , remote_Control_Software , tool , trojanDenialOfService , trojanDropper , trojanMassMailer , trojanMonitoringSoftware , trojanProxyServer , virus , known , unknown , spp , behavior , vulnerability , policy , enterpriseUnwantedSoftware , ransom , hipsRule . |
lastDetectionDateTime | DateTimeOffset | Indicates the last time the malware was detected in UTC |
windowsManagedDevice
Property | Type | Description |
---|---|---|
id | String | Unique Identifier for the device. This property is read-only. Inherited from managedDevice |
userId | String | Unique Identifier for the user associated with the device. This property is read-only. Inherited from managedDevice |
deviceName | String | Name of the device. This property is read-only. Inherited from managedDevice |
hardwareInformation | hardwareInformation | The hardward details for the device. Includes information such as storage space, manufacturer, serial number, etc. By default most property of this type are set to null/0/false and enum defaults for associated types. To retrieve actual values GET call needs to be made, with device id and included in select parameter. Supports: $select. $Search is not supported. Read-only. This property is read-only. Inherited from managedDevice |
ownerType | ownerType | Ownership of the device. Possible values are, 'company' or 'personal'. Default is unknown. Supports $filter operator 'eq' and 'or'. Inherited from managedDevice. Possible values are: unknown , company , personal . |
managedDeviceOwnerType | managedDeviceOwnerType | Ownership of the device. Can be 'company' or 'personal' Inherited from managedDevice. Possible values are: unknown , company , personal . |
deviceActionResults | deviceActionResult collection | List of ComplexType deviceActionResult objects. This property is read-only. Inherited from managedDevice |
managementState | managementState | Management state of the device. Examples: Managed, RetirePending, etc. Default is managed. Supports $filter operator 'eq' and 'or'. This property is read-only. Inherited from managedDevice. Possible values are: managed , retirePending , retireFailed , wipePending , wipeFailed , unhealthy , deletePending , retireIssued , wipeIssued , wipeCanceled , retireCanceled , discovered . |
enrolledDateTime | DateTimeOffset | Enrollment time of the device. Supports $filter operator 'lt' and 'gt'. This property is read-only. Inherited from managedDevice |
lastSyncDateTime | DateTimeOffset | The date and time that the device last completed a successful sync with Intune. Supports $filter operator 'lt' and 'gt'. This property is read-only. Inherited from managedDevice |
chassisType | chassisType | Chassis type of the device. This property is read-only. Inherited from managedDevice. Possible values are: unknown , desktop , laptop , worksWorkstation , enterpriseServer , phone , tablet , mobileOther , mobileUnknown . |
operatingSystem | String | Operating system of the device. Windows, iOS, etc. This property is read-only. Inherited from managedDevice |
deviceType | deviceType | Platform of the device. Examples: Desktop, WindowsRT, etc. Default is unknown. Supports $filter operator 'eq' and 'or'. This property is read-only. Inherited from managedDevice. Possible values are: desktop , windowsRT , winMO6 , nokia , windowsPhone , mac , winCE , winEmbedded , iPhone , iPad , iPod , android , iSocConsumer , unix , macMDM , holoLens , surfaceHub , androidForWork , androidEnterprise , windows10x , androidnGMS , chromeOS , linux , blackberry , palm , unknown , cloudPC . |
complianceState | complianceState | Compliance state of the device. Examples: Compliant, Conflict, Error, etc. Default is unknown. Supports $filter operator 'eq' and 'or'. This property is read-only. Inherited from managedDevice. Possible values are: unknown , compliant , noncompliant , conflict , error , inGracePeriod , configManager . |
jailBroken | String | Whether the device is jail broken or rooted. Default is an empty string. Supports $filter operator 'eq' and 'or'. This property is read-only. Inherited from managedDevice |
managementAgent | managementAgentType | Management channel of the device. Examples: Intune, EAS, etc. Default is unknown. Supports $filter operator 'eq' and 'or'. This property is read-only. Inherited from managedDevice. Possible values are: eas , mdm , easMdm , intuneClient , easIntuneClient , configurationManagerClient , configurationManagerClientMdm , configurationManagerClientMdmEas , unknown , jamf , googleCloudDevicePolicyController , microsoft365ManagedMdm , msSense , intuneAosp . |
osVersion | String | Operating system version of the device. This property is read-only. Inherited from managedDevice |
easActivated | Boolean | Whether the device is Exchange ActiveSync activated. This property is read-only. Inherited from managedDevice |
easDeviceId | String | Exchange ActiveSync Id of the device. This property is read-only. Inherited from managedDevice |
easActivationDateTime | DateTimeOffset | Exchange ActivationSync activation time of the device. This property is read-only. Inherited from managedDevice |
aadRegistered | Boolean | Whether the device is Azure Active Directory registered. This property is read-only. Inherited from managedDevice |
azureADRegistered | Boolean | Whether the device is Azure Active Directory registered. This property is read-only. Inherited from managedDevice |
deviceEnrollmentType | deviceEnrollmentType | Enrollment type of the device. This property is read-only. Inherited from managedDevice. Possible values are: unknown , userEnrollment , deviceEnrollmentManager , appleBulkWithUser , appleBulkWithoutUser , windowsAzureADJoin , windowsBulkUserless , windowsAutoEnrollment , windowsBulkAzureDomainJoin , windowsCoManagement , windowsAzureADJoinUsingDeviceAuth , appleUserEnrollment , appleUserEnrollmentWithServiceAccount , azureAdJoinUsingAzureVmExtension , androidEnterpriseDedicatedDevice , androidEnterpriseFullyManaged , androidEnterpriseCorporateWorkProfile . |
lostModeState | lostModeState | Indicates if Lost mode is enabled or disabled. This property is read-only. Inherited from managedDevice. Possible values are: disabled , enabled . |
activationLockBypassCode | String | The code that allows the Activation Lock on managed device to be bypassed. Default, is Null (Non-Default property) for this property when returned as part of managedDevice entity in LIST call. To retrieve actual values GET call needs to be made, with device id and included in select parameter. Supports: $select. $Search is not supported. Read-only. This property is read-only. Inherited from managedDevice |
emailAddress | String | Email(s) for the user associated with the device. This property is read-only. Inherited from managedDevice |
azureActiveDirectoryDeviceId | String | The unique identifier for the Azure Active Directory device. Read only. This property is read-only. Inherited from managedDevice |
azureADDeviceId | String | The unique identifier for the Azure Active Directory device. Read only. This property is read-only. Inherited from managedDevice |
deviceRegistrationState | deviceRegistrationState | Device registration state. This property is read-only. Inherited from managedDevice. Possible values are: notRegistered , registered , revoked , keyConflict , approvalPending , certificateReset , notRegisteredPendingEnrollment , unknown . |
deviceCategoryDisplayName | String | Device category display name. Default is an empty string. Supports $filter operator 'eq' and 'or'. This property is read-only. Inherited from managedDevice |
isSupervised | Boolean | Device supervised status. This property is read-only. Inherited from managedDevice |
exchangeLastSuccessfulSyncDateTime | DateTimeOffset | Last time the device contacted Exchange. This property is read-only. Inherited from managedDevice |
exchangeAccessState | deviceManagementExchangeAccessState | The Access State of the device in Exchange. This property is read-only. Inherited from managedDevice. Possible values are: none , unknown , allowed , blocked , quarantined . |
exchangeAccessStateReason | deviceManagementExchangeAccessStateReason | The reason for the device's access state in Exchange. This property is read-only. Inherited from managedDevice. Possible values are: none , unknown , exchangeGlobalRule , exchangeIndividualRule , exchangeDeviceRule , exchangeUpgrade , exchangeMailboxPolicy , other , compliant , notCompliant , notEnrolled , unknownLocation , mfaRequired , azureADBlockDueToAccessPolicy , compromisedPassword , deviceNotKnownWithManagedApp . |
remoteAssistanceSessionUrl | String | Url that allows a Remote Assistance session to be established with the device. Default is an empty string. To retrieve actual values GET call needs to be made, with device id and included in select parameter. This property is read-only. Inherited from managedDevice |
remoteAssistanceSessionErrorDetails | String | An error string that identifies issues when creating Remote Assistance session objects. This property is read-only. Inherited from managedDevice |
isEncrypted | Boolean | Device encryption status. This property is read-only. Inherited from managedDevice |
userPrincipalName | String | Device user principal name. This property is read-only. Inherited from managedDevice |
model | String | Model of the device. This property is read-only. Inherited from managedDevice |
manufacturer | String | Manufacturer of the device. This property is read-only. Inherited from managedDevice |
imei | String | IMEI. This property is read-only. Inherited from managedDevice |
complianceGracePeriodExpirationDateTime | DateTimeOffset | The DateTime when device compliance grace period expires. This property is read-only. Inherited from managedDevice |
serialNumber | String | SerialNumber. This property is read-only. Inherited from managedDevice |
phoneNumber | String | Phone number of the device. This property is read-only. Inherited from managedDevice |
androidSecurityPatchLevel | String | Android security patch level. This property is read-only. Inherited from managedDevice |
userDisplayName | String | User display name. This property is read-only. Inherited from managedDevice |
configurationManagerClientEnabledFeatures | configurationManagerClientEnabledFeatures | ConfigrMgr client enabled features. This property is read-only. Inherited from managedDevice |
wiFiMacAddress | String | Wi-Fi MAC. This property is read-only. Inherited from managedDevice |
deviceHealthAttestationState | deviceHealthAttestationState | The device health attestation state. This property is read-only. Inherited from managedDevice |
subscriberCarrier | String | Subscriber Carrier. This property is read-only. Inherited from managedDevice |
meid | String | MEID. This property is read-only. Inherited from managedDevice |
totalStorageSpaceInBytes | Int64 | Total Storage in Bytes. This property is read-only. Inherited from managedDevice |
freeStorageSpaceInBytes | Int64 | Free Storage in Bytes. Default value is 0. Read-only. This property is read-only. Inherited from managedDevice |
managedDeviceName | String | Automatically generated name to identify a device. Can be overwritten to a user friendly name. Inherited from managedDevice |
partnerReportedThreatState | managedDevicePartnerReportedHealthState | Indicates the threat state of a device when a Mobile Threat Defense partner is in use by the account and device. Read Only. This property is read-only. Inherited from managedDevice. Possible values are: unknown , activated , deactivated , secured , lowSeverity , mediumSeverity , highSeverity , unresponsive , compromised , misconfigured . |
retireAfterDateTime | DateTimeOffset | Indicates the time after when a device will be auto retired because of scheduled action. This property is read-only. Inherited from managedDevice |
usersLoggedOn | loggedOnUser collection | Indicates the last logged on users of a device. This property is read-only. Inherited from managedDevice |
preferMdmOverGroupPolicyAppliedDateTime | DateTimeOffset | Reports the DateTime the preferMdmOverGroupPolicy setting was set. When set, the Intune MDM settings will override Group Policy settings if there is a conflict. Read Only. This property is read-only. Inherited from managedDevice |
autopilotEnrolled | Boolean | Reports if the managed device is enrolled via auto-pilot. This property is read-only. Inherited from managedDevice |
requireUserEnrollmentApproval | Boolean | Reports if the managed iOS device is user approval enrollment. This property is read-only. Inherited from managedDevice |
managementCertificateExpirationDate | DateTimeOffset | Reports device management certificate expiration date. This property is read-only. Inherited from managedDevice |
iccid | String | Integrated Circuit Card Identifier, it is A SIM card's unique identification number. Default is an empty string. To retrieve actual values GET call needs to be made, with device id and included in select parameter. Supports: $select. $Search is not supported. Read-only. This property is read-only. Inherited from managedDevice |
udid | String | Unique Device Identifier for iOS and macOS devices. Default is an empty string. To retrieve actual values GET call needs to be made, with device id and included in select parameter. Supports: $select. $Search is not supported. Read-only. This property is read-only. Inherited from managedDevice |
roleScopeTagIds | String collection | List of Scope Tag IDs for this Device instance. Inherited from managedDevice |
windowsActiveMalwareCount | Int32 | Count of active malware for this windows device. Default is 0. To retrieve actual values GET call needs to be made, with device id and included in select parameter. This property is read-only. Inherited from managedDevice |
windowsRemediatedMalwareCount | Int32 | Count of remediated malware for this windows device. Default is 0. To retrieve actual values GET call needs to be made, with device id and included in select parameter. This property is read-only. Inherited from managedDevice |
notes | String | Notes on the device created by IT Admin. Default is null. To retrieve actual values GET call needs to be made, with device id and included in select parameter. Supports: $select. $Search is not supported. Inherited from managedDevice |
configurationManagerClientHealthState | configurationManagerClientHealthState | Configuration manager client health state, valid only for devices managed by MDM/ConfigMgr Agent Inherited from managedDevice |
configurationManagerClientInformation | configurationManagerClientInformation | Configuration manager client information, valid only for devices managed, duel-managed or tri-managed by ConfigMgr Agent Inherited from managedDevice |
ethernetMacAddress | String | Indicates Ethernet MAC Address of the device. Default, is Null (Non-Default property) for this property when returned as part of managedDevice entity. Individual get call with select query options is needed to retrieve actual values. Example: deviceManagement/managedDevices({managedDeviceId})?$select=ethernetMacAddress Supports: $select. $Search is not supported. Read-only. This property is read-only. Inherited from managedDevice |
physicalMemoryInBytes | Int64 | Total Memory in Bytes. Default is 0. To retrieve actual values GET call needs to be made, with device id and included in select parameter. Supports: $select. Read-only. This property is read-only. Inherited from managedDevice |
processorArchitecture | managedDeviceArchitecture | Processor architecture. This property is read-only. Inherited from managedDevice. Possible values are: unknown , x86 , x64 , arm , arM64 . |
specificationVersion | String | Specification version. This property is read-only. Inherited from managedDevice |
joinType | joinType | Device join type Inherited from managedDevice. Possible values are: unknown , azureADJoined , azureADRegistered , hybridAzureADJoined . |
skuFamily | String | Device sku family Inherited from managedDevice |
securityPatchLevel | String | This indicates the security patch level of the operating system. These special updates contain important security fixes. For iOS/MacOS they are in (a) format. For android its in 2017-08-07 format. This property is read-only. Inherited from managedDevice |
skuNumber | Int32 | Device sku number, see also: https://learn.microsoft.com/windows/win32/api/sysinfoapi/nf-sysinfoapi-getproductinfo. Valid values 0 to 2147483647. This property is read-only. Inherited from managedDevice |
managementFeatures | managedDeviceManagementFeatures | Device management features Inherited from managedDevice. Possible values are: none , microsoftManagedDesktop . |
chromeOSDeviceInfo | chromeOSDeviceProperty collection | List of properties of the ChromeOS Device. Default is an empty list. To retrieve actual values GET call needs to be made, with device id and included in select parameter. Inherited from managedDevice |
enrollmentProfileName | String | Name of the enrollment profile assigned to the device. Default value is empty string, indicating no enrollment profile was assgined. This property is read-only. Inherited from managedDevice |
bootstrapTokenEscrowed | Boolean | Reports if the managed device has an escrowed Bootstrap Token. This is only for macOS devices. To get, include BootstrapTokenEscrowed in the select clause and query with a device id. If FALSE, no bootstrap token is escrowed. If TRUE, the device has escrowed a bootstrap token with Intune. This property is read-only. Inherited from managedDevice |
deviceFirmwareConfigurationInterfaceManaged | Boolean | Indicates whether the device is DFCI managed. When TRUE the device is DFCI managed. When FALSE, the device is not DFCI managed. The default value is FALSE. Inherited from managedDevice |
windowsManagementApp
Property | Type | Description |
---|---|---|
id | String | Unique Identifier for the Windows management app |
availableVersion | String | Windows management app available version. |
managedInstaller | managedInstallerStatus | Managed Installer Status. Possible values are: disabled , enabled . |
managedInstallerConfiguredDateTime | String | Managed Installer Configured Date Time |
windowsManagementAppHealthState
Property | Type | Description |
---|---|---|
id | String | Unique Identifier for the Windows management app health state. This property is read-only. |
healthState | healthState | Windows management app health state. Possible values are: unknown , healthy , unhealthy . |
installedVersion | String | Windows management app installed version. |
lastCheckInDateTime | DateTimeOffset | Windows management app last check-in time. |
deviceName | String | Name of the device on which Windows management app is installed. |
deviceOSVersion | String | Windows 10 OS version of the device on which Windows management app is installed. |
windowsProtectionState
Property | Type | Description |
---|---|---|
id | String | The unique Identifier for the device protection status object. This is device id of the device |
malwareProtectionEnabled | Boolean | When TRUE indicates anti malware is enabled when FALSE indicates anti malware is not enabled. |
deviceState | windowsDeviceHealthState | Indicates device's health state. Possible values are: clean, fullScanPending, rebootPending, manualStepsPending, offlineScanPending, critical. Possible values are: clean , fullScanPending , rebootPending , manualStepsPending , offlineScanPending , critical . |
realTimeProtectionEnabled | Boolean | When TRUE indicates real time protection is enabled, when FALSE indicates real time protection is not enabled. Defaults to setting on client device. |
networkInspectionSystemEnabled | Boolean | When TRUE indicates network inspection system enabled, when FALSE indicates network inspection system is not enabled. Defaults to setting on client device. |
quickScanOverdue | Boolean | When TRUE indicates quick scan is overdue, when FALSE indicates quick scan is not overdue. Defaults to setting on client device. |
fullScanOverdue | Boolean | When TRUE indicates full scan is overdue, when FALSE indicates full scan is not overdue. Defaults to setting on client device. |
signatureUpdateOverdue | Boolean | When TRUE indicates signature is out of date, when FALSE indicates signature is not out of date. Defaults to setting on client device. |
rebootRequired | Boolean | When TRUE indicates reboot is required, when FALSE indicates when TRUE indicates reboot is not required. Defaults to setting on client device. |
fullScanRequired | Boolean | When TRUE indicates full scan is required, when FALSE indicates full scan is not required. Defaults to setting on client device. |
engineVersion | String | Current endpoint protection engine's version |
signatureVersion | String | Current malware definitions version |
antiMalwareVersion | String | Current anti malware version |
lastQuickScanDateTime | DateTimeOffset | Last quick scan datetime |
lastFullScanDateTime | DateTimeOffset | Last quick scan datetime |
lastQuickScanSignatureVersion | String | Last quick scan signature version |
lastFullScanSignatureVersion | String | Last full scan signature version |
lastReportedDateTime | DateTimeOffset | Last device health status reported time |
productStatus | windowsDefenderProductStatus | Product Status of Windows Defender Antivirus. Possible values are: noStatus, serviceNotRunning, serviceStartedWithoutMalwareProtection, pendingFullScanDueToThreatAction, pendingRebootDueToThreatAction, pendingManualStepsDueToThreatAction, avSignaturesOutOfDate, asSignaturesOutOfDate, noQuickScanHappenedForSpecifiedPeriod, noFullScanHappenedForSpecifiedPeriod, systemInitiatedScanInProgress, systemInitiatedCleanInProgress, samplesPendingSubmission, productRunningInEvaluationMode, productRunningInNonGenuineMode, productExpired, offlineScanRequired, serviceShutdownAsPartOfSystemShutdown, threatRemediationFailedCritically, threatRemediationFailedNonCritically, noStatusFlagsSet, platformOutOfDate, platformUpdateInProgress, platformAboutToBeOutdated, signatureOrPlatformEndOfLifeIsPastOrIsImpending, windowsSModeSignaturesInUseOnNonWin10SInstall. Possible values are: noStatus , serviceNotRunning , serviceStartedWithoutMalwareProtection , pendingFullScanDueToThreatAction , pendingRebootDueToThreatAction , pendingManualStepsDueToThreatAction , avSignaturesOutOfDate , asSignaturesOutOfDate , noQuickScanHappenedForSpecifiedPeriod , noFullScanHappenedForSpecifiedPeriod , systemInitiatedScanInProgress , systemInitiatedCleanInProgress , samplesPendingSubmission , productRunningInEvaluationMode , productRunningInNonGenuineMode , productExpired , offlineScanRequired , serviceShutdownAsPartOfSystemShutdown , threatRemediationFailedCritically , threatRemediationFailedNonCritically , noStatusFlagsSet , platformOutOfDate , platformUpdateInProgress , platformAboutToBeOutdated , signatureOrPlatformEndOfLifeIsPastOrIsImpending , windowsSModeSignaturesInUseOnNonWin10SInstall . |
isVirtualMachine | Boolean | When TRUE indicates the device is a virtual machine, when FALSE indicates the device is not a virtual machine. Defaults to setting on client device. |
tamperProtectionEnabled | Boolean | When TRUE indicates the Windows Defender tamper protection feature is enabled, when FALSE indicates the Windows Defender tamper protection feature is not enabled. Defaults to setting on client device. |
activeDirectoryWindowsAutopilotDeploymentProfile
Property | Type | Description |
---|---|---|
id | String | Profile Key Inherited from windowsAutopilotDeploymentProfile |
displayName | String | Name of the profile Inherited from windowsAutopilotDeploymentProfile |
description | String | Description of the profile Inherited from windowsAutopilotDeploymentProfile |
language | String | Language configured on the device Inherited from windowsAutopilotDeploymentProfile |
createdDateTime | DateTimeOffset | Profile creation time Inherited from windowsAutopilotDeploymentProfile |
lastModifiedDateTime | DateTimeOffset | Profile last modified time Inherited from windowsAutopilotDeploymentProfile |
outOfBoxExperienceSettings | outOfBoxExperienceSettings | Out of box experience setting Inherited from windowsAutopilotDeploymentProfile |
enrollmentStatusScreenSettings | windowsEnrollmentStatusScreenSettings | Enrollment status screen setting Inherited from windowsAutopilotDeploymentProfile |
extractHardwareHash | Boolean | HardwareHash Extraction for the profile Inherited from windowsAutopilotDeploymentProfile |
deviceNameTemplate | String | The template used to name the AutoPilot Device. This can be a custom text and can also contain either the serial number of the device, or a randomly generated number. The total length of the text generated by the template can be no more than 15 characters. Inherited from windowsAutopilotDeploymentProfile |
deviceType | windowsAutopilotDeviceType | The AutoPilot device type that this profile is applicable to. Inherited from windowsAutopilotDeploymentProfile. Possible values are: windowsPc , surfaceHub2 , holoLens , surfaceHub2S , virtualMachine , unknownFutureValue . |
enableWhiteGlove | Boolean | Enable Autopilot White Glove for the profile. Inherited from windowsAutopilotDeploymentProfile |
roleScopeTagIds | String collection | Scope tags for the profile. Inherited from windowsAutopilotDeploymentProfile |
managementServiceAppId | String | AzureAD management app ID used during client device-based enrollment discovery Inherited from windowsAutopilotDeploymentProfile |
hybridAzureADJoinSkipConnectivityCheck | Boolean | The Autopilot Hybrid Azure AD join flow will continue even if it does not establish domain controller connectivity during OOBE. |
appleEnrollmentProfileAssignment
Property | Type | Description |
---|---|---|
id | String | The key of the assignment. |
target | deviceAndAppManagementAssignmentTarget | The assignment target for the Apple user initiated deployment profile. |
appleUserInitiatedEnrollmentProfile
Property | Type | Description |
---|---|---|
defaultEnrollmentType | appleUserInitiatedEnrollmentType | The default profile enrollment type. Possible values are: unknown , device , user , accountDrivenUserEnrollment , webDeviceEnrollment , unknownFutureValue . |
availableEnrollmentTypeOptions | appleOwnerTypeEnrollmentType collection | List of available enrollment type options |
id | String | The GUID for the object |
displayName | String | Name of the profile |
description | String | Description of the profile |
priority | Int32 | Priority, 0 is highest |
platform | devicePlatformType | The platform of the Device. Possible values are: android , androidForWork , iOS , macOS , windowsPhone81 , windows81AndLater , windows10AndLater , androidWorkProfile , unknown , androidAOSP . |
createdDateTime | DateTimeOffset | Profile creation time |
lastModifiedDateTime | DateTimeOffset | Profile last modified time |
azureADWindowsAutopilotDeploymentProfile
Property | Type | Description |
---|---|---|
id | String | Profile Key Inherited from windowsAutopilotDeploymentProfile |
displayName | String | Name of the profile Inherited from windowsAutopilotDeploymentProfile |
description | String | Description of the profile Inherited from windowsAutopilotDeploymentProfile |
language | String | Language configured on the device Inherited from windowsAutopilotDeploymentProfile |
createdDateTime | DateTimeOffset | Profile creation time Inherited from windowsAutopilotDeploymentProfile |
lastModifiedDateTime | DateTimeOffset | Profile last modified time Inherited from windowsAutopilotDeploymentProfile |
outOfBoxExperienceSettings | outOfBoxExperienceSettings | Out of box experience setting Inherited from windowsAutopilotDeploymentProfile |
enrollmentStatusScreenSettings | windowsEnrollmentStatusScreenSettings | Enrollment status screen setting Inherited from windowsAutopilotDeploymentProfile |
extractHardwareHash | Boolean | HardwareHash Extraction for the profile Inherited from windowsAutopilotDeploymentProfile |
deviceNameTemplate | String | The template used to name the AutoPilot Device. This can be a custom text and can also contain either the serial number of the device, or a randomly generated number. The total length of the text generated by the template can be no more than 15 characters. Inherited from windowsAutopilotDeploymentProfile |
deviceType | windowsAutopilotDeviceType | The AutoPilot device type that this profile is applicable to. Inherited from windowsAutopilotDeploymentProfile. Possible values are: windowsPc , surfaceHub2 , holoLens , surfaceHub2S , virtualMachine , unknownFutureValue . |
enableWhiteGlove | Boolean | Enable Autopilot White Glove for the profile. Inherited from windowsAutopilotDeploymentProfile |
roleScopeTagIds | String collection | Scope tags for the profile. Inherited from windowsAutopilotDeploymentProfile |
managementServiceAppId | String | AzureAD management app ID used during client device-based enrollment discovery Inherited from windowsAutopilotDeploymentProfile |
deletedWindowsAutopilotDeviceState
Property | Type | Description |
---|---|---|
serialNumber | String | Autopilot Device Serial Number |
deviceRegistrationId | String | ZTD Device Registration ID . |
deletionState | windowsAutopilotDeviceDeletionState | Device deletion state. Possible values are: unknown , failed , accepted , error . |
errorMessage | String | Device deletion error message. |
depEnrollmentBaseProfile
Property | Type | Description |
---|---|---|
id | String | The GUID for the object Inherited from enrollmentProfile |
displayName | String | Name of the profile Inherited from enrollmentProfile |
description | String | Description of the profile Inherited from enrollmentProfile |
requiresUserAuthentication | Boolean | Indicates if the profile requires user authentication Inherited from enrollmentProfile |
configurationEndpointUrl | String | Configuration endpoint url to use for Enrollment Inherited from enrollmentProfile |
enableAuthenticationViaCompanyPortal | Boolean | Indicates to authenticate with Apple Setup Assistant instead of Company Portal. Inherited from enrollmentProfile |
requireCompanyPortalOnSetupAssistantEnrolledDevices | Boolean | Indicates that Company Portal is required on setup assistant enrolled devices Inherited from enrollmentProfile |
isDefault | Boolean | Indicates if this is the default profile |
supervisedModeEnabled | Boolean | Supervised mode, True to enable, false otherwise. See https://learn.microsoft.com/intune/deploy-use/enroll-devices-in-microsoft-intune for additional information. |
supportDepartment | String | Support department information |
isMandatory | Boolean | Indicates if the profile is mandatory |
locationDisabled | Boolean | Indicates if Location service setup pane is disabled |
supportPhoneNumber | String | Support phone number |
profileRemovalDisabled | Boolean | Indicates if the profile removal option is disabled |
restoreBlocked | Boolean | Indicates if Restore setup pane is blocked |
appleIdDisabled | Boolean | Indicates if Apple id setup pane is disabled |
termsAndConditionsDisabled | Boolean | Indicates if 'Terms and Conditions' setup pane is disabled |
touchIdDisabled | Boolean | Indicates if touch id setup pane is disabled |
applePayDisabled | Boolean | Indicates if Apple pay setup pane is disabled |
siriDisabled | Boolean | Indicates if siri setup pane is disabled |
diagnosticsDisabled | Boolean | Indicates if diagnostics setup pane is disabled |
displayToneSetupDisabled | Boolean | Indicates if displaytone setup screen is disabled |
privacyPaneDisabled | Boolean | Indicates if privacy screen is disabled |
screenTimeScreenDisabled | Boolean | Indicates if screen timeout setup is disabled |
deviceNameTemplate | String | Sets a literal or name pattern. |
configurationWebUrl | Boolean | URL for setup assistant login |
enabledSkipKeys | String collection | enabledSkipKeys contains all the enabled skip keys as strings |
enrollmentTimeAzureAdGroupIds | Guid collection | EnrollmentTimeAzureAdGroupIds contains list of enrollment time Azure Group Ids to be associated with profile |
depEnrollmentProfile
Property | Type | Description |
---|---|---|
id | String | The GUID for the object Inherited from enrollmentProfile |
displayName | String | Name of the profile Inherited from enrollmentProfile |
description | String | Description of the profile Inherited from enrollmentProfile |
requiresUserAuthentication | Boolean | Indicates if the profile requires user authentication Inherited from enrollmentProfile |
configurationEndpointUrl | String | Configuration endpoint url to use for Enrollment Inherited from enrollmentProfile |
enableAuthenticationViaCompanyPortal | Boolean | Indicates to authenticate with Apple Setup Assistant instead of Company Portal. Inherited from enrollmentProfile |
requireCompanyPortalOnSetupAssistantEnrolledDevices | Boolean | Indicates that Company Portal is required on setup assistant enrolled devices Inherited from enrollmentProfile |
isDefault | Boolean | Indicates if this is the default profile |
supervisedModeEnabled | Boolean | Supervised mode, True to enable, false otherwise. See https://learn.microsoft.com/intune/deploy-use/enroll-devices-in-microsoft-intune for additional information. |
supportDepartment | String | Support department information |
passCodeDisabled | Boolean | Indicates if Passcode setup pane is disabled |
isMandatory | Boolean | Indicates if the profile is mandatory |
locationDisabled | Boolean | Indicates if Location service setup pane is disabled |
supportPhoneNumber | String | Support phone number |
iTunesPairingMode | iTunesPairingMode | Indicates the iTunes pairing mode. Possible values are: disallow , allow , requiresCertificate . |
profileRemovalDisabled | Boolean | Indicates if the profile removal option is disabled |
managementCertificates | managementCertificateWithThumbprint collection | Management certificates for Apple Configurator |
restoreBlocked | Boolean | Indicates if Restore setup pane is blocked |
restoreFromAndroidDisabled | Boolean | Indicates if Restore from Android is disabled |
appleIdDisabled | Boolean | Indicates if Apple id setup pane is disabled |
termsAndConditionsDisabled | Boolean | Indicates if 'Terms and Conditions' setup pane is disabled |
touchIdDisabled | Boolean | Indicates if touch id setup pane is disabled |
applePayDisabled | Boolean | Indicates if Apple pay setup pane is disabled |
zoomDisabled | Boolean | Indicates if zoom setup pane is disabled |
siriDisabled | Boolean | Indicates if siri setup pane is disabled |
diagnosticsDisabled | Boolean | Indicates if diagnostics setup pane is disabled |
macOSRegistrationDisabled | Boolean | Indicates if Mac OS registration is disabled |
macOSFileVaultDisabled | Boolean | Indicates if Mac OS file vault is disabled |
awaitDeviceConfiguredConfirmation | Boolean | Indicates if the device will need to wait for configured confirmation |
sharedIPadMaximumUserCount | Int32 | This specifies the maximum number of users that can use a shared iPad. Only applicable in shared iPad mode. |
enableSharedIPad | Boolean | This indicates whether the device is to be enrolled in a mode which enables multi user scenarios. Only applicable in shared iPads. |
depIOSEnrollmentProfile
Property | Type | Description |
---|---|---|
id | String | The GUID for the object Inherited from enrollmentProfile |
displayName | String | Name of the profile Inherited from enrollmentProfile |
description | String | Description of the profile Inherited from enrollmentProfile |
requiresUserAuthentication | Boolean | Indicates if the profile requires user authentication Inherited from enrollmentProfile |
configurationEndpointUrl | String | Configuration endpoint url to use for Enrollment Inherited from enrollmentProfile |
enableAuthenticationViaCompanyPortal | Boolean | Indicates to authenticate with Apple Setup Assistant instead of Company Portal. Inherited from enrollmentProfile |
requireCompanyPortalOnSetupAssistantEnrolledDevices | Boolean | Indicates that Company Portal is required on setup assistant enrolled devices Inherited from enrollmentProfile |
isDefault | Boolean | Indicates if this is the default profile Inherited from depEnrollmentBaseProfile |
supervisedModeEnabled | Boolean | Supervised mode, True to enable, false otherwise. See https://learn.microsoft.com/intune/deploy-use/enroll-devices-in-microsoft-intune for additional information. Inherited from depEnrollmentBaseProfile |
supportDepartment | String | Support department information Inherited from depEnrollmentBaseProfile |
isMandatory | Boolean | Indicates if the profile is mandatory Inherited from depEnrollmentBaseProfile |
locationDisabled | Boolean | Indicates if Location service setup pane is disabled Inherited from depEnrollmentBaseProfile |
supportPhoneNumber | String | Support phone number Inherited from depEnrollmentBaseProfile |
profileRemovalDisabled | Boolean | Indicates if the profile removal option is disabled Inherited from depEnrollmentBaseProfile |
restoreBlocked | Boolean | Indicates if Restore setup pane is blocked Inherited from depEnrollmentBaseProfile |
appleIdDisabled | Boolean | Indicates if Apple id setup pane is disabled Inherited from depEnrollmentBaseProfile |
termsAndConditionsDisabled | Boolean | Indicates if 'Terms and Conditions' setup pane is disabled Inherited from depEnrollmentBaseProfile |
touchIdDisabled | Boolean | Indicates if touch id setup pane is disabled Inherited from depEnrollmentBaseProfile |
applePayDisabled | Boolean | Indicates if Apple pay setup pane is disabled Inherited from depEnrollmentBaseProfile |
siriDisabled | Boolean | Indicates if siri setup pane is disabled Inherited from depEnrollmentBaseProfile |
diagnosticsDisabled | Boolean | Indicates if diagnostics setup pane is disabled Inherited from depEnrollmentBaseProfile |
displayToneSetupDisabled | Boolean | Indicates if displaytone setup screen is disabled Inherited from depEnrollmentBaseProfile |
privacyPaneDisabled | Boolean | Indicates if privacy screen is disabled Inherited from depEnrollmentBaseProfile |
screenTimeScreenDisabled | Boolean | Indicates if screen timeout setup is disabled Inherited from depEnrollmentBaseProfile |
deviceNameTemplate | String | Sets a literal or name pattern. Inherited from depEnrollmentBaseProfile |
configurationWebUrl | Boolean | URL for setup assistant login Inherited from depEnrollmentBaseProfile |
enabledSkipKeys | String collection | enabledSkipKeys contains all the enabled skip keys as strings Inherited from depEnrollmentBaseProfile |
enrollmentTimeAzureAdGroupIds | Guid collection | EnrollmentTimeAzureAdGroupIds contains list of enrollment time Azure Group Ids to be associated with profile Inherited from depEnrollmentBaseProfile |
iTunesPairingMode | iTunesPairingMode | Indicates the iTunes pairing mode. Possible values are: disallow , allow , requiresCertificate . |
managementCertificates | managementCertificateWithThumbprint collection | Management certificates for Apple Configurator |
restoreFromAndroidDisabled | Boolean | Indicates if Restore from Android is disabled |
awaitDeviceConfiguredConfirmation | Boolean | Indicates if the device will need to wait for configured confirmation |
sharedIPadMaximumUserCount | Int32 | This specifies the maximum number of users that can use a shared iPad. Only applicable in shared iPad mode. |
enableSharedIPad | Boolean | This indicates whether the device is to be enrolled in a mode which enables multi user scenarios. Only applicable in shared iPads. |
companyPortalVppTokenId | String | If set, indicates which Vpp token should be used to deploy the Company Portal w/ device licensing. 'enableAuthenticationViaCompanyPortal' must be set in order for this property to be set. |
enableSingleAppEnrollmentMode | Boolean | Tells the device to enable single app mode and apply app-lock during enrollment. Default is false. 'enableAuthenticationViaCompanyPortal' and 'companyPortalVppTokenId' must be set for this property to be set. |
homeButtonScreenDisabled | Boolean | Indicates if home button sensitivity screen is disabled |
iMessageAndFaceTimeScreenDisabled | Boolean | Indicates if iMessage and FaceTime screen is disabled |
onBoardingScreenDisabled | Boolean | Indicates if onboarding setup screen is disabled |
simSetupScreenDisabled | Boolean | Indicates if the SIMSetup screen is disabled |
softwareUpdateScreenDisabled | Boolean | Indicates if the mandatory sofware update screen is disabled |
watchMigrationScreenDisabled | Boolean | Indicates if the watch migration screen is disabled |
appearanceScreenDisabled | Boolean | Indicates if Apperance screen is disabled |
expressLanguageScreenDisabled | Boolean | Indicates if Express Language screen is disabled |
preferredLanguageScreenDisabled | Boolean | Indicates if Preferred language screen is disabled |
deviceToDeviceMigrationDisabled | Boolean | Indicates if Device To Device Migration is disabled |
welcomeScreenDisabled | Boolean | Indicates if Weclome screen is disabled |
passCodeDisabled | Boolean | Indicates if Passcode setup pane is disabled |
zoomDisabled | Boolean | Indicates if zoom setup pane is disabled |
restoreCompletedScreenDisabled | Boolean | Indicates if Weclome screen is disabled |
updateCompleteScreenDisabled | Boolean | Indicates if Weclome screen is disabled |
forceTemporarySession | Boolean | Indicates if temporary sessions is enabled |
temporarySessionTimeoutInSeconds | Int32 | Indicates timeout of temporary session |
userSessionTimeoutInSeconds | Int32 | Indicates timeout of temporary session |
passcodeLockGracePeriodInSeconds | Int32 | Indicates timeout before locked screen requires the user to enter the device passocde to unlock it |
carrierActivationUrl | String | Carrier URL for activating device eSIM. |
userlessSharedAadModeEnabled | Boolean | Indicates that this apple device is designated to support 'shared device mode' scenarios. This is distinct from the 'shared iPad' scenario. See https://learn.microsoft.com/mem/intune/enrollment/device-enrollment-shared-ios| |
depMacOSEnrollmentProfile
Property | Type | Description |
---|---|---|
id | String | The GUID for the object Inherited from enrollmentProfile |
displayName | String | Name of the profile Inherited from enrollmentProfile |
description | String | Description of the profile Inherited from enrollmentProfile |
requiresUserAuthentication | Boolean | Indicates if the profile requires user authentication Inherited from enrollmentProfile |
configurationEndpointUrl | String | Configuration endpoint url to use for Enrollment Inherited from enrollmentProfile |
enableAuthenticationViaCompanyPortal | Boolean | Indicates to authenticate with Apple Setup Assistant instead of Company Portal. Inherited from enrollmentProfile |
requireCompanyPortalOnSetupAssistantEnrolledDevices | Boolean | Indicates that Company Portal is required on setup assistant enrolled devices Inherited from enrollmentProfile |
isDefault | Boolean | Indicates if this is the default profile Inherited from depEnrollmentBaseProfile |
supervisedModeEnabled | Boolean | Supervised mode, True to enable, false otherwise. See https://learn.microsoft.com/intune/deploy-use/enroll-devices-in-microsoft-intune for additional information. Inherited from depEnrollmentBaseProfile |
supportDepartment | String | Support department information Inherited from depEnrollmentBaseProfile |
isMandatory | Boolean | Indicates if the profile is mandatory Inherited from depEnrollmentBaseProfile |
locationDisabled | Boolean | Indicates if Location service setup pane is disabled Inherited from depEnrollmentBaseProfile |
supportPhoneNumber | String | Support phone number Inherited from depEnrollmentBaseProfile |
profileRemovalDisabled | Boolean | Indicates if the profile removal option is disabled Inherited from depEnrollmentBaseProfile |
restoreBlocked | Boolean | Indicates if Restore setup pane is blocked Inherited from depEnrollmentBaseProfile |
appleIdDisabled | Boolean | Indicates if Apple id setup pane is disabled Inherited from depEnrollmentBaseProfile |
termsAndConditionsDisabled | Boolean | Indicates if 'Terms and Conditions' setup pane is disabled Inherited from depEnrollmentBaseProfile |
touchIdDisabled | Boolean | Indicates if touch id setup pane is disabled Inherited from depEnrollmentBaseProfile |
applePayDisabled | Boolean | Indicates if Apple pay setup pane is disabled Inherited from depEnrollmentBaseProfile |
siriDisabled | Boolean | Indicates if siri setup pane is disabled Inherited from depEnrollmentBaseProfile |
diagnosticsDisabled | Boolean | Indicates if diagnostics setup pane is disabled Inherited from depEnrollmentBaseProfile |
displayToneSetupDisabled | Boolean | Indicates if displaytone setup screen is disabled Inherited from depEnrollmentBaseProfile |
privacyPaneDisabled | Boolean | Indicates if privacy screen is disabled Inherited from depEnrollmentBaseProfile |
screenTimeScreenDisabled | Boolean | Indicates if screen timeout setup is disabled Inherited from depEnrollmentBaseProfile |
deviceNameTemplate | String | Sets a literal or name pattern. Inherited from depEnrollmentBaseProfile |
configurationWebUrl | Boolean | URL for setup assistant login Inherited from depEnrollmentBaseProfile |
enabledSkipKeys | String collection | enabledSkipKeys contains all the enabled skip keys as strings Inherited from depEnrollmentBaseProfile |
enrollmentTimeAzureAdGroupIds | Guid collection | EnrollmentTimeAzureAdGroupIds contains list of enrollment time Azure Group Ids to be associated with profile Inherited from depEnrollmentBaseProfile |
registrationDisabled | Boolean | Indicates if registration is disabled |
fileVaultDisabled | Boolean | Indicates if file vault is disabled |
iCloudDiagnosticsDisabled | Boolean | Indicates if iCloud Analytics screen is disabled |
passCodeDisabled | Boolean | Indicates if Passcode setup pane is disabled |
zoomDisabled | Boolean | Indicates if zoom setup pane is disabled |
iCloudStorageDisabled | Boolean | Indicates if iCloud Documents and Desktop screen is disabled |
chooseYourLockScreenDisabled | Boolean | Indicates if iCloud Documents and Desktop screen is disabled |
accessibilityScreenDisabled | Boolean | Indicates if Accessibility screen is disabled |
autoUnlockWithWatchDisabled | Boolean | Indicates if UnlockWithWatch screen is disabled |
skipPrimarySetupAccountCreation | Boolean | Indicates whether Setup Assistant will skip the user interface for primary account setup |
setPrimarySetupAccountAsRegularUser | Boolean | Indicates whether Setup Assistant will set the account as a regular user |
dontAutoPopulatePrimaryAccountInfo | Boolean | Indicates whether Setup Assistant will auto populate the primary account information |
primaryAccountFullName | String | Indicates what the full name for the primary account is |
primaryAccountUserName | String | Indicates what the account name for the primary account is |
enableRestrictEditing | Boolean | Indicates whether the user will enable blockediting |
adminAccountUserName | String | Indicates what the user name for the admin account is |
adminAccountFullName | String | Indicates what the full name for the admin account is |
adminAccountPassword | String | Indicates what the password for the admin account is |
hideAdminAccount | Boolean | Indicates whether the admin account should be hidded or not |
requestRequiresNetworkTether | Boolean | Indicates if the device is network-tethered to run the command |
autoAdvanceSetupEnabled | Boolean | Indicates if Setup Assistant will automatically advance through its screen |
depOnboardingSetting
Property | Type | Description |
---|---|---|
id | String | UUID for the object |
appleIdentifier | String | The Apple ID used to obtain the current token. |
tokenExpirationDateTime | DateTimeOffset | When the token will expire. |
lastModifiedDateTime | DateTimeOffset | When the service was onboarded. |
lastSuccessfulSyncDateTime | DateTimeOffset | When the service last syned with Intune |
lastSyncTriggeredDateTime | DateTimeOffset | When Intune last requested a sync. |
shareTokenWithSchoolDataSyncService | Boolean | Whether or not the Dep token sharing is enabled with the School Data Sync service. |
lastSyncErrorCode | Int32 | Error code reported by Apple during last dep sync. |
tokenType | depTokenType | Gets or sets the Dep Token Type. Possible values are: none , dep , appleSchoolManager . |
tokenName | String | Friendly Name for Dep Token |
syncedDeviceCount | Int32 | Gets synced device count |
dataSharingConsentGranted | Boolean | Consent granted for data sharing with Apple Dep Service |
roleScopeTagIds | String collection | List of Scope Tags for this Entity instance. |
enrollmentProfile
Property | Type | Description |
---|---|---|
id | String | The GUID for the object |
displayName | String | Name of the profile |
description | String | Description of the profile |
requiresUserAuthentication | Boolean | Indicates if the profile requires user authentication |
configurationEndpointUrl | String | Configuration endpoint url to use for Enrollment |
enableAuthenticationViaCompanyPortal | Boolean | Indicates to authenticate with Apple Setup Assistant instead of Company Portal. |
requireCompanyPortalOnSetupAssistantEnrolledDevices | Boolean | Indicates that Company Portal is required on setup assistant enrolled devices |
importedAppleDeviceIdentity
Property | Type | Description |
---|---|---|
id | String | Key of the entity. |
serialNumber | String | Device serial number |
requestedEnrollmentProfileId | String | Enrollment profile Id admin intends to apply to the device during next enrollment |
requestedEnrollmentProfileAssignmentDateTime | DateTimeOffset | The time enrollment profile was assigned to the device |
isSupervised | Boolean | Indicates if the Apple device is supervised. More information is at: https://support.apple.com/en-us/HT202837| |
discoverySource | discoverySource | Apple device discovery source. Possible values are: unknown , adminImport , deviceEnrollmentProgram . |
isDeleted | Boolean | Indicates if the device is deleted from Apple Business Manager |
createdDateTime | DateTimeOffset | Created Date Time of the device |
lastContactedDateTime | DateTimeOffset | Last Contacted Date Time of the device |
description | String | The description of the device |
enrollmentState | enrollmentState | The state of the device in Intune. Possible values are: unknown , enrolled , pendingReset , failed , notContacted , blocked . |
platform | platform | The platform of the Device. Possible values are: unknown , ios , android , windows , windowsMobile , macOS . |
importedAppleDeviceIdentityResult
Property | Type | Description |
---|---|---|
id | String | Key of the entity. Inherited from importedAppleDeviceIdentity |
serialNumber | String | Device serial number Inherited from importedAppleDeviceIdentity |
requestedEnrollmentProfileId | String | Enrollment profile Id admin intends to apply to the device during next enrollment Inherited from importedAppleDeviceIdentity |
requestedEnrollmentProfileAssignmentDateTime | DateTimeOffset | The time enrollment profile was assigned to the device Inherited from importedAppleDeviceIdentity |
isSupervised | Boolean | Indicates if the Apple device is supervised. More information is at: https://support.apple.com/en-us/HT202837 Inherited from importedAppleDeviceIdentity |
discoverySource | discoverySource | Apple device discovery source. Inherited from importedAppleDeviceIdentity. Possible values are: unknown , adminImport , deviceEnrollmentProgram . |
isDeleted | Boolean | Indicates if the device is deleted from Apple Business Manager Inherited from importedAppleDeviceIdentity |
createdDateTime | DateTimeOffset | Created Date Time of the device Inherited from importedAppleDeviceIdentity |
lastContactedDateTime | DateTimeOffset | Last Contacted Date Time of the device Inherited from importedAppleDeviceIdentity |
description | String | The description of the device Inherited from importedAppleDeviceIdentity |
enrollmentState | enrollmentState | The state of the device in Intune Inherited from importedAppleDeviceIdentity. Possible values are: unknown , enrolled , pendingReset , failed , notContacted , blocked . |
platform | platform | The platform of the Device. Inherited from importedAppleDeviceIdentity. Possible values are: unknown , ios , android , windows , windowsMobile , macOS . |
status | Boolean | Status of imported device identity |
importedDeviceIdentity
Property | Type | Description |
---|---|---|
id | String | Id of the imported device identity |
importedDeviceIdentifier | String | Imported Device Identifier |
importedDeviceIdentityType | importedDeviceIdentityType | Type of Imported Device Identity. Possible values are: unknown , imei , serialNumber . |
lastModifiedDateTime | DateTimeOffset | Last Modified DateTime of the description |
createdDateTime | DateTimeOffset | Created Date Time of the device |
lastContactedDateTime | DateTimeOffset | Last Contacted Date Time of the device |
description | String | The description of the device |
enrollmentState | enrollmentState | The state of the device in Intune. Possible values are: unknown , enrolled , pendingReset , failed , notContacted , blocked . |
platform | platform | The platform of the Device. Possible values are: unknown , ios , android , windows , windowsMobile , macOS . |
importedDeviceIdentityResult
Property | Type | Description |
---|---|---|
id | String | Id of the imported device identity Inherited from importedDeviceIdentity |
importedDeviceIdentifier | String | Imported Device Identifier Inherited from importedDeviceIdentity |
importedDeviceIdentityType | importedDeviceIdentityType | Type of Imported Device Identity Inherited from importedDeviceIdentity. Possible values are: unknown , imei , serialNumber . |
lastModifiedDateTime | DateTimeOffset | Last Modified DateTime of the description Inherited from importedDeviceIdentity |
createdDateTime | DateTimeOffset | Created Date Time of the device Inherited from importedDeviceIdentity |
lastContactedDateTime | DateTimeOffset | Last Contacted Date Time of the device Inherited from importedDeviceIdentity |
description | String | The description of the device Inherited from importedDeviceIdentity |
enrollmentState | enrollmentState | The state of the device in Intune Inherited from importedDeviceIdentity. Possible values are: unknown , enrolled , pendingReset , failed , notContacted , blocked . |
platform | platform | The platform of the Device. Inherited from importedDeviceIdentity. Possible values are: unknown , ios , android , windows , windowsMobile , macOS . |
status | Boolean | Status of imported device identity |
importedWindowsAutopilotDeviceIdentity
Property | Type | Description |
---|---|---|
id | String | The GUID for the object |
groupTag | String | Group Tag of the Windows autopilot device. |
serialNumber | String | Serial number of the Windows autopilot device. |
productKey | String | Product Key of the Windows autopilot device. |
importId | String | The Import Id of the Windows autopilot device. |
hardwareIdentifier | Binary | Hardware Blob of the Windows autopilot device. |
state | importedWindowsAutopilotDeviceIdentityState | Current state of the imported device. |
assignedUserPrincipalName | String | UPN of the user the device will be assigned |
suggestedEnrollmentLimit
Property | Type | Description |
---|---|---|
suggestedDailyLimit | Int32 | The suggested enrollment limit within a day |
windowsAutopilotDeploymentProfileAssignment
Property | Type | Description |
---|---|---|
id | String | The key of the assignment. |
target | deviceAndAppManagementAssignmentTarget | The assignment target for the Windows Autopilot deployment profile. |
source | deviceAndAppManagementAssignmentSource | Type of resource used for deployment to a group, direct or parcel/policySet. Possible values are: direct , policySets . |
sourceId | String | Identifier for resource used for deployment to a group |
windowsAutopilotDeviceIdentity
Property | Type | Description |
---|---|---|
id | String | The GUID for the object |
groupTag | String | Group Tag of the Windows autopilot device. |
purchaseOrderIdentifier | String | Purchase Order Identifier of the Windows autopilot device. |
serialNumber | String | Serial number of the Windows autopilot device. |
productKey | String | Product Key of the Windows autopilot device. |
manufacturer | String | Oem manufacturer of the Windows autopilot device. |
model | String | Model name of the Windows autopilot device. |
enrollmentState | enrollmentState | Intune enrollment state of the Windows autopilot device. Possible values are: unknown , enrolled , pendingReset , failed , notContacted . |
lastContactedDateTime | DateTimeOffset | Intune Last Contacted Date Time of the Windows autopilot device. |
addressableUserName | String | Addressable user name. |
userPrincipalName | String | User Principal Name. |
resourceName | String | Resource Name. |
skuNumber | String | SKU Number |
systemFamily | String | System Family |
azureActiveDirectoryDeviceId | String | AAD Device ID - to be deprecated |
managedDeviceId | String | Managed Device ID |
displayName | String | Display Name |
windowsAutopilotSettings
Property | Type | Description |
---|---|---|
id | String | The GUID for the object |
lastSyncDateTime | DateTimeOffset | Last data sync date time with DDS service. |
lastManualSyncTriggerDateTime | DateTimeOffset | Last data sync date time with DDS service. |
syncStatus | windowsAutopilotSyncStatus | Indicates the status of sync with Device data sync (DDS) service. Possible values are: unknown , inProgress , completed , failed . |
embeddedSIMActivationCodePool
Property | Type | Description |
---|---|---|
id | String | Unique identifier for the embedded SIM activation code pool. System generated value assigned when created. |
displayName | String | The admin defined name of the embedded SIM activation code pool. |
createdDateTime | DateTimeOffset | The time the embedded SIM activation code pool was created. Generated service side. |
modifiedDateTime | DateTimeOffset | The time the embedded SIM activation code pool was last modified. Updated service side. |
activationCodes | embeddedSIMActivationCode collection | The activation codes which belong to this pool. This navigation property is used to post activation codes to Intune but cannot be used to read activation codes from Intune. |
activationCodeCount | Int32 | The total count of activation codes which belong to this pool. |
embeddedSIMActivationCodePoolAssignment
Property | Type | Description |
---|---|---|
id | String | Unique identifier for the embedded SIM activation code pool assignment. System generated value assigned when created. |
target | deviceAndAppManagementAssignmentTarget | The type of groups targeted by the embedded SIM activation code pool. |
embeddedSIMDeviceState
Property | Type | Description |
---|---|---|
id | String | Unique identifier for the embedded SIM device status. System generated value assigned when created. |
createdDateTime | DateTimeOffset | The time the embedded SIM device status was created. Generated service side. |
modifiedDateTime | DateTimeOffset | The time the embedded SIM device status was last modified. Updated service side. |
lastSyncDateTime | DateTimeOffset | The time the embedded SIM device last checked in. Updated service side. |
universalIntegratedCircuitCardIdentifier | String | The Universal Integrated Circuit Card Identifier (UICCID) identifying the hardware onto which a profile is to be deployed. |
deviceName | String | Device name to which the subscription was provisioned e.g. DESKTOP-JOE |
userName | String | Username which the subscription was provisioned to e.g. [email protected] |
state | embeddedSIMDeviceStateValue | The state of the profile operation applied to the device. Possible values are: notEvaluated , failed , installing , installed , deleting , error , deleted , removedByUser . |
stateDetails | String | String description of the provisioning state. |
deviceManagement
Property | Type | Description |
---|---|---|
id | String | Not yet documented |
groupPolicyMigrationReport
Property | Type | Description |
---|---|---|
id | String | Not yet documented |
groupPolicyObjectId | Guid | The Group Policy Object GUID from GPO Xml content |
displayName | String | The name of Group Policy Object from the GPO Xml Content |
ouDistinguishedName | String | The distinguished name of the OU. |
createdDateTime | DateTimeOffset | The date and time at which the GroupPolicyMigrationReport was created. |
lastModifiedDateTime | DateTimeOffset | The date and time at which the GroupPolicyMigrationReport was last modified. |
groupPolicyCreatedDateTime | DateTimeOffset | The date and time at which the GroupPolicyMigrationReport was created. |
groupPolicyLastModifiedDateTime | DateTimeOffset | The date and time at which the GroupPolicyMigrationReport was last modified. |
migrationReadiness | groupPolicyMigrationReadiness | The Intune coverage for the associated Group Policy Object file. Possible values are: none , partial , complete , error , notApplicable . |
targetedInActiveDirectory | Boolean | The Targeted in AD property from GPO Xml Content |
totalSettingsCount | Int32 | The total number of Group Policy Settings from GPO file. |
supportedSettingsCount | Int32 | The number of Group Policy Settings supported by Intune. |
supportedSettingsPercent | Int32 | The Percentage of Group Policy Settings supported by Intune. |
roleScopeTagIds | String collection | The list of scope tags for the configuration. |
groupPolicyObjectFile
Property | Type | Description |
---|---|---|
id | String | Not yet documented |
groupPolicyObjectId | Guid | The Group Policy Object GUID from GPO Xml content |
ouDistinguishedName | String | The distinguished name of the OU. |
createdDateTime | DateTimeOffset | The date and time at which the GroupPolicy was first uploaded. |
lastModifiedDateTime | DateTimeOffset | The date and time at which the GroupPolicyObjectFile was last modified. |
content | String | The Group Policy Object file content. |
roleScopeTagIds | String collection | The list of scope tags for the configuration. |
groupPolicySettingMapping
Property | Type | Description |
---|---|---|
id | String | Not yet documented |
parentId | String | Parent Id of the group policy setting. |
childIdList | String collection | List of Child Ids of the group policy setting. |
settingName | String | The name of this group policy setting. |
settingValue | String | The value of this group policy setting. |
settingValueType | String | The value type of this group policy setting. |
settingDisplayName | String | The display name of this group policy setting. |
settingDisplayValue | String | The display value of this group policy setting. |
settingDisplayValueType | String | The display value type of this group policy setting. |
settingValueDisplayUnits | String | The display units of this group policy setting value |
settingCategory | String | The category the group policy setting is in. |
mdmCspName | String | The CSP name this group policy setting maps to. |
mdmSettingUri | String | The MDM CSP URI this group policy setting maps to. |
mdmMinimumOSVersion | Int32 | The minimum OS version this mdm setting supports. |
settingType | groupPolicySettingType | The setting type (security or admx) of the Group Policy. Possible values are: unknown , policy , account , securityOptions , userRightsAssignment , auditSetting , windowsFirewallSettings , appLockerRuleCollection , dataSourcesSettings , devicesSettings , driveMapSettings , environmentVariables , filesSettings , folderOptions , folders , iniFiles , internetOptions , localUsersAndGroups , networkOptions , networkShares , ntServices , powerOptions , printers , regionalOptionsSettings , registrySettings , scheduledTasks , shortcutSettings , startMenuSettings . |
isMdmSupported | Boolean | Indicates if the setting is supported by Intune or not |
mdmSupportedState | mdmSupportedState | Indicates if the setting is supported in Mdm or not. Possible values are: unknown , supported , unsupported , deprecated . |
settingScope | groupPolicySettingScope | The scope of the setting. Possible values are: unknown , device , user . |
intuneSettingUriList | String collection | The list of Intune Setting URIs this group policy setting maps to |
intuneSettingDefinitionId | String | The Intune Setting Definition Id |
admxSettingDefinitionId | String | Admx Group Policy Id |
unsupportedGroupPolicyExtension
Property | Type | Description |
---|---|---|
id | String | Not yet documented |
settingScope | groupPolicySettingScope | Setting Scope of the unsupported extension. Possible values are: unknown , device , user . |
namespaceUrl | String | Namespace Url of the unsupported extension. |
extensionType | String | ExtensionType of the unsupported extension. |
nodeName | String | Node name of the unsupported extension. |
deviceManagementReports
Property | Type | Description |
---|---|---|
id | String | Unique identifier for this entity |
groupPolicyCategory
Property | Type | Description |
---|---|---|
displayName | String | The string id of the category's display name |
isRoot | Boolean | Defines if the category is a root category |
ingestionSource | ingestionSource | Defines this category's ingestion source (0 - unknown, 1 - custom, 2 - global). Possible values are: unknown , custom , builtIn , unknownFutureValue . |
id | String | Key of the entity. |
lastModifiedDateTime | DateTimeOffset | The date and time the entity was last modified. |
groupPolicyConfiguration
Property | Type | Description |
---|---|---|
createdDateTime | DateTimeOffset | The date and time the object was created. |
displayName | String | User provided name for the resource object. |
description | String | User provided description for the resource object. |
roleScopeTagIds | String collection | The list of scope tags for the configuration. |
policyConfigurationIngestionType | groupPolicyConfigurationIngestionType | Type of definitions configured for this policy. Possible values are: unknown , custom , builtIn , mixed , unknownFutureValue . |
id | String | Key of the entity. |
lastModifiedDateTime | DateTimeOffset | The date and time the entity was last modified. |
groupPolicyConfigurationAssignment
Property | Type | Description |
---|---|---|
id | String | Key of the entity. |
lastModifiedDateTime | DateTimeOffset | The date and time the entity was last modified. |
target | deviceAndAppManagementAssignmentTarget | The type of groups targeted the group policy configuration. |
groupPolicyDefinition
Property | Type | Description |
---|---|---|
classType | groupPolicyDefinitionClassType | Identifies the type of groups the policy can be applied to. Possible values are: user , machine . |
displayName | String | The localized policy name. |
explainText | String | The localized explanation or help text associated with the policy. The default value is empty. |
categoryPath | String | The localized full category path for the policy. |
supportedOn | String | Localized string used to specify what operating system or application version is affected by the policy. |
policyType | groupPolicyType | Specifies the type of group policy. Possible values are: admxBacked , admxIngested . |
hasRelatedDefinitions | Boolean | Signifies whether or not there are related definitions to this definition |
groupPolicyCategoryId | Guid | The category id of the parent category |
minDeviceCspVersion | String | Minimum required CSP version for device configuration in this definition |
minUserCspVersion | String | Minimum required CSP version for user configuration in this definition |
version | String | Setting definition version |
id | String | Key of the entity. |
lastModifiedDateTime | DateTimeOffset | The date and time the entity was last modified. |
groupPolicyDefinitionFile
Property | Type | Description |
---|---|---|
displayName | String | The localized friendly name of the ADMX file. |
description | String | The localized description of the policy settings in the ADMX file. The default value is empty. |
languageCodes | String collection | The supported language codes for the ADMX file. |
targetPrefix | String | Specifies the logical name that refers to the namespace within the ADMX file. |
targetNamespace | String | Specifies the URI used to identify the namespace within the ADMX file. |
policyType | groupPolicyType | Specifies the type of group policy. Possible values are: admxBacked , admxIngested . |
revision | String | The revision version associated with the file. |
fileName | String | The file name of the ADMX file without the path. For example: edge.admx |
id | String | Key of the entity. |
lastModifiedDateTime | DateTimeOffset | The date and time the entity was last modified. |
groupPolicyDefinitionValue
Property | Type | Description |
---|---|---|
createdDateTime | DateTimeOffset | The date and time the object was created. |
enabled | Boolean | Enables or disables the associated group policy definition. |
configurationType | groupPolicyConfigurationType | Specifies how the value should be configured. This can be either as a Policy or as a Preference. Possible values are: policy , preference . |
id | String | Key of the entity. |
lastModifiedDateTime | DateTimeOffset | The date and time the entity was last modified. |
groupPolicyOperation
Property | Type | Description |
---|---|---|
operationType | groupPolicyOperationType | The type of group policy operation. Possible values are: none , upload , uploadNewVersion , addLanguageFiles , removeLanguageFiles , updateLanguageFiles , remove . |
operationStatus | groupPolicyOperationStatus | The group policy operation status. Possible values are: unknown , inProgress , success , failed . |
statusDetails | String | The group policy operation status detail. |
id | String | Key of the entity. |
lastModifiedDateTime | DateTimeOffset | The date and time the entity was last modified. |
groupPolicyPresentation
Property | Type | Description |
---|---|---|
label | String | Localized text label for any presentation entity. The default value is empty. |
id | String | Key of the entity. |
lastModifiedDateTime | DateTimeOffset | The date and time the entity was last modified. |
groupPolicyPresentationCheckBox
Property | Type | Description |
---|---|---|
label | String | Localized text label for any presentation entity. The default value is empty. Inherited from groupPolicyPresentation |
id | String | Key of the entity. Inherited from groupPolicyPresentation |
lastModifiedDateTime | DateTimeOffset | The date and time the entity was last modified. Inherited from groupPolicyPresentation |
defaultChecked | Boolean | Default value for the check box. The default value is false. |
groupPolicyPresentationComboBox
Property | Type | Description |
---|---|---|
label | String | Localized text label for any presentation entity. The default value is empty. Inherited from groupPolicyPresentation |
id | String | Key of the entity. Inherited from groupPolicyPresentation |
lastModifiedDateTime | DateTimeOffset | The date and time the entity was last modified. Inherited from groupPolicyPresentation |
defaultValue | String | Localized default string displayed in the combo box. The default value is empty. |
suggestions | String collection | Localized strings listed in the drop-down list of the combo box. The default value is empty. |
required | Boolean | Specifies whether a value must be specified for the parameter. The default value is false. |
maxLength | Int64 | An unsigned integer that specifies the maximum number of text characters for the parameter. The default value is 1023. |
groupPolicyPresentationDecimalTextBox
Property | Type | Description |
---|---|---|
label | String | Localized text label for any presentation entity. The default value is empty. Inherited from groupPolicyPresentation |
id | String | Key of the entity. Inherited from groupPolicyPresentation |
lastModifiedDateTime | DateTimeOffset | The date and time the entity was last modified. Inherited from groupPolicyPresentation |
defaultValue | Int64 | An unsigned integer that specifies the initial value for the decimal text box. The default value is 1. |
spin | Boolean | If true, create a spin control; otherwise, create a text box for numeric entry. The default value is true. |
spinStep | Int64 | An unsigned integer that specifies the increment of change for the spin control. The default value is 1. |
required | Boolean | Requirement to enter a value in the parameter box. The default value is false. |
minValue | Int64 | An unsigned integer that specifies the minimum allowed value. The default value is 0. |
maxValue | Int64 | An unsigned integer that specifies the maximum allowed value. The default value is 9999. |
groupPolicyPresentationDropdownList
Property | Type | Description |
---|---|---|
label | String | Localized text label for any presentation entity. The default value is empty. Inherited from groupPolicyPresentation |
id | String | Key of the entity. Inherited from groupPolicyPresentation |
lastModifiedDateTime | DateTimeOffset | The date and time the entity was last modified. Inherited from groupPolicyPresentation |
defaultItem | groupPolicyPresentationDropdownListItem | Localized string value identifying the default choice of the list of items. |
items | groupPolicyPresentationDropdownListItem collection | Represents a set of localized display names and their associated values. |
required | Boolean | Requirement to enter a value in the parameter box. The default value is false. |
groupPolicyPresentationListBox
Property | Type | Description |
---|---|---|
label | String | Localized text label for any presentation entity. The default value is empty. Inherited from groupPolicyPresentation |
id | String | Key of the entity. Inherited from groupPolicyPresentation |
lastModifiedDateTime | DateTimeOffset | The date and time the entity was last modified. Inherited from groupPolicyPresentation |
explicitValue | Boolean | If this option is specified true the user must specify the registry subkey value and the registry subkey name. The list box shows two columns, one for the name and one for the data. The default value is false. |
valuePrefix | String | Not yet documented |
groupPolicyPresentationLongDecimalTextBox
Property | Type | Description |
---|---|---|
label | String | Localized text label for any presentation entity. The default value is empty. Inherited from groupPolicyPresentation |
id | String | Key of the entity. Inherited from groupPolicyPresentation |
lastModifiedDateTime | DateTimeOffset | The date and time the entity was last modified. Inherited from groupPolicyPresentation |
defaultValue | Int64 | An unsigned integer that specifies the initial value for the decimal text box. The default value is 1. |
spin | Boolean | If true, create a spin control; otherwise, create a text box for numeric entry. The default value is true. |
spinStep | Int64 | An unsigned integer that specifies the increment of change for the spin control. The default value is 1. |
required | Boolean | Requirement to enter a value in the parameter box. The default value is false. |
minValue | Int64 | An unsigned long that specifies the minimum allowed value. The default value is 0. |
maxValue | Int64 | An unsigned long that specifies the maximum allowed value. The default value is 9999. |
groupPolicyPresentationMultiTextBox
Property | Type | Description |
---|---|---|
label | String | Localized text label for any presentation entity. The default value is empty. Inherited from groupPolicyPresentation |
id | String | Key of the entity. Inherited from groupPolicyPresentation |
lastModifiedDateTime | DateTimeOffset | The date and time the entity was last modified. Inherited from groupPolicyPresentation |
required | Boolean | Requirement to enter a value in the text box. Default value is false. |
maxLength | Int64 | An unsigned integer that specifies the maximum number of text characters. Default value is 1023. |
maxStrings | Int64 | An unsigned integer that specifies the maximum number of strings. Default value is 0. |
groupPolicyPresentationText
Property | Type | Description |
---|---|---|
label | String | Localized text label for any presentation entity. The default value is empty. Inherited from groupPolicyPresentation |
id | String | Key of the entity. Inherited from groupPolicyPresentation |
lastModifiedDateTime | DateTimeOffset | The date and time the entity was last modified. Inherited from groupPolicyPresentation |
groupPolicyPresentationTextBox
Property | Type | Description |
---|---|---|
label | String | Localized text label for any presentation entity. The default value is empty. Inherited from groupPolicyPresentation |
id | String | Key of the entity. Inherited from groupPolicyPresentation |
lastModifiedDateTime | DateTimeOffset | The date and time the entity was last modified. Inherited from groupPolicyPresentation |
defaultValue | String | Localized default string displayed in the text box. The default value is empty. |
required | Boolean | Requirement to enter a value in the text box. Default value is false. |
maxLength | Int64 | An unsigned integer that specifies the maximum number of text characters. Default value is 1023. |
groupPolicyPresentationValue
Property | Type | Description |
---|---|---|
lastModifiedDateTime | DateTimeOffset | The date and time the object was last modified. |
createdDateTime | DateTimeOffset | The date and time the object was created. |
id | String | Key of the entity. |
groupPolicyPresentationValueBoolean
Property | Type | Description |
---|---|---|
lastModifiedDateTime | DateTimeOffset | The date and time the object was last modified. Inherited from groupPolicyPresentationValue |
createdDateTime | DateTimeOffset | The date and time the object was created. Inherited from groupPolicyPresentationValue |
id | String | Key of the entity. Inherited from groupPolicyPresentationValue |
value | Boolean | An boolean value for the associated presentation. |
groupPolicyPresentationValueDecimal
Property | Type | Description |
---|---|---|
lastModifiedDateTime | DateTimeOffset | The date and time the object was last modified. Inherited from groupPolicyPresentationValue |
createdDateTime | DateTimeOffset | The date and time the object was created. Inherited from groupPolicyPresentationValue |
id | String | Key of the entity. Inherited from groupPolicyPresentationValue |
value | Int64 | An unsigned integer value for the associated presentation. |
groupPolicyPresentationValueList
Property | Type | Description |
---|---|---|
lastModifiedDateTime | DateTimeOffset | The date and time the object was last modified. Inherited from groupPolicyPresentationValue |
createdDateTime | DateTimeOffset | The date and time the object was created. Inherited from groupPolicyPresentationValue |
id | String | Key of the entity. Inherited from groupPolicyPresentationValue |
values | keyValuePair collection | A list of pairs for the associated presentation. |
groupPolicyPresentationValueLongDecimal
Property | Type | Description |
---|---|---|
lastModifiedDateTime | DateTimeOffset | The date and time the object was last modified. Inherited from groupPolicyPresentationValue |
createdDateTime | DateTimeOffset | The date and time the object was created. Inherited from groupPolicyPresentationValue |
id | String | Key of the entity. Inherited from groupPolicyPresentationValue |
value | Int64 | An unsigned long value for the associated presentation. |
groupPolicyPresentationValueMultiText
Property | Type | Description |
---|---|---|
lastModifiedDateTime | DateTimeOffset | The date and time the object was last modified. Inherited from groupPolicyPresentationValue |
createdDateTime | DateTimeOffset | The date and time the object was created. Inherited from groupPolicyPresentationValue |
id | String | Key of the entity. Inherited from groupPolicyPresentationValue |
values | String collection | A collection of non-empty strings for the associated presentation. |
groupPolicyPresentationValueText
Property | Type | Description |
---|---|---|
lastModifiedDateTime | DateTimeOffset | The date and time the object was last modified. Inherited from groupPolicyPresentationValue |
createdDateTime | DateTimeOffset | The date and time the object was created. Inherited from groupPolicyPresentationValue |
id | String | Key of the entity. Inherited from groupPolicyPresentationValue |
value | String | A string value for the associated presentation. |
groupPolicyUploadedCategory
Property | Type | Description |
---|---|---|
displayName | String | The string id of the category's display name Inherited from groupPolicyCategory |
isRoot | Boolean | Defines if the category is a root category Inherited from groupPolicyCategory |
ingestionSource | ingestionSource | Defines this category's ingestion source (0 - unknown, 1 - custom, 2 - global) Inherited from groupPolicyCategory. Possible values are: unknown , custom , builtIn , unknownFutureValue . |
id | String | Key of the entity. Inherited from groupPolicyCategory |
lastModifiedDateTime | DateTimeOffset | The date and time the entity was last modified. Inherited from groupPolicyCategory |
groupPolicyUploadedDefinition
Property | Type | Description |
---|---|---|
classType | groupPolicyDefinitionClassType | Identifies the type of groups the policy can be applied to. Inherited from groupPolicyDefinition. Possible values are: user , machine . |
displayName | String | The localized policy name. Inherited from groupPolicyDefinition |
explainText | String | The localized explanation or help text associated with the policy. The default value is empty. Inherited from groupPolicyDefinition |
categoryPath | String | The localized full category path for the policy. Inherited from groupPolicyDefinition |
supportedOn | String | Localized string used to specify what operating system or application version is affected by the policy. Inherited from groupPolicyDefinition |
policyType | groupPolicyType | Specifies the type of group policy. Inherited from groupPolicyDefinition. Possible values are: admxBacked , admxIngested . |
hasRelatedDefinitions | Boolean | Signifies whether or not there are related definitions to this definition Inherited from groupPolicyDefinition |
groupPolicyCategoryId | Guid | The category id of the parent category Inherited from groupPolicyDefinition |
minDeviceCspVersion | String | Minimum required CSP version for device configuration in this definition Inherited from groupPolicyDefinition |
minUserCspVersion | String | Minimum required CSP version for user configuration in this definition Inherited from groupPolicyDefinition |
version | String | Setting definition version Inherited from groupPolicyDefinition |
id | String | Key of the entity. Inherited from groupPolicyDefinition |
lastModifiedDateTime | DateTimeOffset | The date and time the entity was last modified. Inherited from groupPolicyDefinition |
groupPolicyUploadedDefinitionFile
Property | Type | Description |
---|---|---|
displayName | String | The localized friendly name of the ADMX file. Inherited from groupPolicyDefinitionFile |
description | String | The localized description of the policy settings in the ADMX file. The default value is empty. Inherited from groupPolicyDefinitionFile |
languageCodes | String collection | The supported language codes for the ADMX file. Inherited from groupPolicyDefinitionFile |
targetPrefix | String | Specifies the logical name that refers to the namespace within the ADMX file. Inherited from groupPolicyDefinitionFile |
targetNamespace | String | Specifies the URI used to identify the namespace within the ADMX file. Inherited from groupPolicyDefinitionFile |
policyType | groupPolicyType | Specifies the type of group policy. Inherited from groupPolicyDefinitionFile. Possible values are: admxBacked , admxIngested . |
revision | String | The revision version associated with the file. Inherited from groupPolicyDefinitionFile |
fileName | String | The file name of the ADMX file without the path. For example: edge.admx Inherited from groupPolicyDefinitionFile |
id | String | Key of the entity. Inherited from groupPolicyDefinitionFile |
lastModifiedDateTime | DateTimeOffset | The date and time the entity was last modified. Inherited from groupPolicyDefinitionFile |
status | groupPolicyUploadedDefinitionFileStatus | The upload status of the uploaded ADMX file. Possible values are: none , uploadInProgress , available , assigned , removalInProgress , uploadFailed , removalFailed . |
content | Binary | The contents of the uploaded ADMX file. |
uploadDateTime | DateTimeOffset | The uploaded time of the uploaded ADMX file. |
defaultLanguageCode | String | The default language of the uploaded ADMX file. |
groupPolicyUploadedLanguageFiles | groupPolicyUploadedLanguageFile collection | The list of ADML files associated with the uploaded ADMX file. |
groupPolicyUploadedPresentation
Property | Type | Description |
---|---|---|
label | String | Localized text label for any presentation entity. The default value is empty. Inherited from groupPolicyPresentation |
id | String | Key of the entity. Inherited from groupPolicyPresentation |
lastModifiedDateTime | DateTimeOffset | The date and time the entity was last modified. Inherited from groupPolicyPresentation |
androidManagedAppRegistration
Property | Type | Description |
---|---|---|
createdDateTime | DateTimeOffset | Date and time of creation Inherited from managedAppRegistration |
lastSyncDateTime | DateTimeOffset | Date and time of last the app synced with management service. Inherited from managedAppRegistration |
applicationVersion | String | App version Inherited from managedAppRegistration |
managementSdkVersion | String | App management SDK version Inherited from managedAppRegistration |
platformVersion | String | Operating System version Inherited from managedAppRegistration |
deviceType | String | Host device type Inherited from managedAppRegistration |
deviceTag | String | App management SDK generated tag, which helps relate apps hosted on the same device. Not guaranteed to relate apps in all conditions. Inherited from managedAppRegistration |
deviceName | String | Host device name Inherited from managedAppRegistration |
flaggedReasons | managedAppFlaggedReason collection | Zero or more reasons an app registration is flagged. E.g. app running on rooted device Inherited from managedAppRegistration |
userId | String | The user Id to who this app registration belongs. Inherited from managedAppRegistration |
appIdentifier | mobileAppIdentifier | The app package Identifier Inherited from managedAppRegistration |
id | String | Key of the entity. Inherited from managedAppRegistration |
version | String | Version of the entity. Inherited from managedAppRegistration |
defaultManagedAppProtection
Property | Type | Description |
---|---|---|
displayName | String | Policy display name. Inherited from managedAppPolicy |
description | String | The policy's description. Inherited from managedAppPolicy |
createdDateTime | DateTimeOffset | The date and time the policy was created. Inherited from managedAppPolicy |
lastModifiedDateTime | DateTimeOffset | Last time the policy was modified. Inherited from managedAppPolicy |
id | String | Key of the entity. Inherited from managedAppPolicy |
version | String | Version of the entity. Inherited from managedAppPolicy |
periodOfflineBeforeAccessCheck | Duration | The period after which access is checked when the device is not connected to the internet. Inherited from managedAppProtection |
periodOnlineBeforeAccessCheck | Duration | The period after which access is checked when the device is connected to the internet. Inherited from managedAppProtection |
allowedInboundDataTransferSources | managedAppDataTransferLevel | Sources from which data is allowed to be transferred. Inherited from managedAppProtection. Possible values are: allApps , managedApps , none . |
allowedOutboundDataTransferDestinations | managedAppDataTransferLevel | Destinations to which data is allowed to be transferred. Inherited from managedAppProtection. Possible values are: allApps , managedApps , none . |
organizationalCredentialsRequired | Boolean | Indicates whether organizational credentials are required for app use. Inherited from managedAppProtection |
allowedOutboundClipboardSharingLevel | managedAppClipboardSharingLevel | The level to which the clipboard may be shared between apps on the managed device. Inherited from managedAppProtection. Possible values are: allApps , managedAppsWithPasteIn , managedApps , blocked . |
dataBackupBlocked | Boolean | Indicates whether the backup of a managed app's data is blocked. Inherited from managedAppProtection |
deviceComplianceRequired | Boolean | Indicates whether device compliance is required. Inherited from managedAppProtection |
managedBrowserToOpenLinksRequired | Boolean | Indicates whether internet links should be opened in the managed browser app, or any custom browser specified by CustomBrowserProtocol (for iOS) or CustomBrowserPackageId/CustomBrowserDisplayName (for Android) Inherited from managedAppProtection |
saveAsBlocked | Boolean | Indicates whether users may use the "Save As" menu item to save a copy of protected files. Inherited from managedAppProtection |
periodOfflineBeforeWipeIsEnforced | Duration | The amount of time an app is allowed to remain disconnected from the internet before all managed data it is wiped. Inherited from managedAppProtection |
pinRequired | Boolean | Indicates whether an app-level pin is required. Inherited from managedAppProtection |
maximumPinRetries | Int32 | Maximum number of incorrect pin retry attempts before the managed app is either blocked or wiped. Inherited from managedAppProtection |
simplePinBlocked | Boolean | Indicates whether simplePin is blocked. Inherited from managedAppProtection |
minimumPinLength | Int32 | Minimum pin length required for an app-level pin if PinRequired is set to True Inherited from managedAppProtection |
pinCharacterSet | managedAppPinCharacterSet | Character set which may be used for an app-level pin if PinRequired is set to True. Inherited from managedAppProtection. Possible values are: numeric , alphanumericAndSymbol . |
periodBeforePinReset | Duration | TimePeriod before the all-level pin must be reset if PinRequired is set to True. Inherited from managedAppProtection |
allowedDataStorageLocations | managedAppDataStorageLocation collection | Data storage locations where a user may store managed data. Inherited from managedAppProtection |
contactSyncBlocked | Boolean | Indicates whether contacts can be synced to the user's device. Inherited from managedAppProtection |
printBlocked | Boolean | Indicates whether printing is allowed from managed apps. Inherited from managedAppProtection |
fingerprintBlocked | Boolean | Indicates whether use of the fingerprint reader is allowed in place of a pin if PinRequired is set to True. Inherited from managedAppProtection |
disableAppPinIfDevicePinIsSet | Boolean | Indicates whether use of the app pin is required if the device pin is set. Inherited from managedAppProtection |
minimumRequiredOsVersion | String | Versions less than the specified version will block the managed app from accessing company data. Inherited from managedAppProtection |
minimumWarningOsVersion | String | Versions less than the specified version will result in warning message on the managed app from accessing company data. Inherited from managedAppProtection |
minimumRequiredAppVersion | String | Versions less than the specified version will block the managed app from accessing company data. Inherited from managedAppProtection |
minimumWarningAppVersion | String | Versions less than the specified version will result in warning message on the managed app. Inherited from managedAppProtection |
managedBrowser | managedBrowserType | Indicates in which managed browser(s) that internet links should be opened. When this property is configured, ManagedBrowserToOpenLinksRequired should be true. Inherited from managedAppProtection. Possible values are: notConfigured , microsoftEdge . |
appDataEncryptionType | managedAppDataEncryptionType | Type of encryption which should be used for data in a managed app. (iOS Only). Possible values are: useDeviceSettings , afterDeviceRestart , whenDeviceLockedExceptOpenFiles , whenDeviceLocked . |
screenCaptureBlocked | Boolean | Indicates whether screen capture is blocked. (Android only) |
encryptAppData | Boolean | Indicates whether managed-app data should be encrypted. (Android only) |
disableAppEncryptionIfDeviceEncryptionIsEnabled | Boolean | When this setting is enabled, app level encryption is disabled if device level encryption is enabled. (Android only) |
minimumRequiredSdkVersion | String | Versions less than the specified version will block the managed app from accessing company data. (iOS Only) |
customSettings | keyValuePair collection | A set of string key and string value pairs to be sent to the affected users, unalterned by this service |
deployedAppCount | Int32 | Count of apps to which the current policy is deployed. |
minimumRequiredPatchVersion | String | Define the oldest required Android security patch level a user can have to gain secure access to the app. (Android only) |
minimumWarningPatchVersion | String | Define the oldest recommended Android security patch level a user can have for secure access to the app. (Android only) |
faceIdBlocked | Boolean | Indicates whether use of the FaceID is allowed in place of a pin if PinRequired is set to True. (iOS Only) |
deviceManagementConfigurationChoiceSettingCollectionDefinition
Property | Type | Description |
---|---|---|
applicability | deviceManagementConfigurationSettingApplicability | Details which device setting is applicable on Inherited from deviceManagementConfigurationSettingDefinition |
accessTypes | deviceManagementConfigurationSettingAccessTypes | Read/write access mode of the setting Inherited from deviceManagementConfigurationSettingDefinition. Possible values are: none , add , copy , delete , get , replace , execute . |
keywords | String collection | Tokens which to search settings on Inherited from deviceManagementConfigurationSettingDefinition |
infoUrls | String collection | List of links more info for the setting can be found at Inherited from deviceManagementConfigurationSettingDefinition |
occurrence | deviceManagementConfigurationSettingOccurrence | Indicates whether the setting is required or not Inherited from deviceManagementConfigurationSettingDefinition |
baseUri | String | Base CSP Path Inherited from deviceManagementConfigurationSettingDefinition |
offsetUri | String | Offset CSP Path from Base Inherited from deviceManagementConfigurationSettingDefinition |
rootDefinitionId | String | Root setting definition if the setting is a child setting. Inherited from deviceManagementConfigurationSettingDefinition |
categoryId | String | Specifies the area group under which the setting is configured in a specified configuration service provider (CSP) Inherited from deviceManagementConfigurationSettingDefinition |
settingUsage | deviceManagementConfigurationSettingUsage | Setting type, for example, configuration and compliance Inherited from deviceManagementConfigurationSettingDefinition. Possible values are: none , configuration , compliance . |
uxBehavior | deviceManagementConfigurationControlType | Setting control type representation in the UX Inherited from deviceManagementConfigurationSettingDefinition. Possible values are: default , dropdown , smallTextBox , largeTextBox , toggle , multiheaderGrid , contextPane . |
visibility | deviceManagementConfigurationSettingVisibility | Setting visibility scope to UX Inherited from deviceManagementConfigurationSettingDefinition. Possible values are: none , settingsCatalog , template . |
referredSettingInformationList | deviceManagementConfigurationReferredSettingInformation collection | List of referred setting information. Inherited from deviceManagementConfigurationSettingDefinition |
id | String | Identifier for item Inherited from deviceManagementConfigurationSettingDefinition |
description | String | Description of the item Inherited from deviceManagementConfigurationSettingDefinition |
helpText | String | Help text of the item Inherited from deviceManagementConfigurationSettingDefinition |
name | String | Name of the item Inherited from deviceManagementConfigurationSettingDefinition |
displayName | String | Display name of the item Inherited from deviceManagementConfigurationSettingDefinition |
version | String | Item Version Inherited from deviceManagementConfigurationSettingDefinition |
options | deviceManagementConfigurationOptionDefinition collection | Options for the setting that can be selected Inherited from deviceManagementConfigurationChoiceSettingDefinition |
defaultOptionId | String | Default option for choice setting Inherited from deviceManagementConfigurationChoiceSettingDefinition |
maximumCount | Int32 | Maximum number of choices in the collection |
minimumCount | Int32 | Minimum number of choices in the collection |
deviceManagementConfigurationSetting
Property | Type | Description |
---|
deviceManagementConfigurationSettingGroupCollectionDefinition
Property | Type | Description |
---|---|---|
applicability | deviceManagementConfigurationSettingApplicability | Details which device setting is applicable on Inherited from deviceManagementConfigurationSettingDefinition |
accessTypes | deviceManagementConfigurationSettingAccessTypes | Read/write access mode of the setting Inherited from deviceManagementConfigurationSettingDefinition. Possible values are: none , add , copy , delete , get , replace , execute . |
keywords | String collection | Tokens which to search settings on Inherited from deviceManagementConfigurationSettingDefinition |
infoUrls | String collection | List of links more info for the setting can be found at Inherited from deviceManagementConfigurationSettingDefinition |
occurrence | deviceManagementConfigurationSettingOccurrence | Indicates whether the setting is required or not Inherited from deviceManagementConfigurationSettingDefinition |
baseUri | String | Base CSP Path Inherited from deviceManagementConfigurationSettingDefinition |
offsetUri | String | Offset CSP Path from Base Inherited from deviceManagementConfigurationSettingDefinition |
rootDefinitionId | String | Root setting definition if the setting is a child setting. Inherited from deviceManagementConfigurationSettingDefinition |
categoryId | String | Specifies the area group under which the setting is configured in a specified configuration service provider (CSP) Inherited from deviceManagementConfigurationSettingDefinition |
settingUsage | deviceManagementConfigurationSettingUsage | Setting type, for example, configuration and compliance Inherited from deviceManagementConfigurationSettingDefinition. Possible values are: none , configuration , compliance . |
uxBehavior | deviceManagementConfigurationControlType | Setting control type representation in the UX Inherited from deviceManagementConfigurationSettingDefinition. Possible values are: default , dropdown , smallTextBox , largeTextBox , toggle , multiheaderGrid , contextPane . |
visibility | deviceManagementConfigurationSettingVisibility | Setting visibility scope to UX Inherited from deviceManagementConfigurationSettingDefinition. Possible values are: none , settingsCatalog , template . |
referredSettingInformationList | deviceManagementConfigurationReferredSettingInformation collection | List of referred setting information. Inherited from deviceManagementConfigurationSettingDefinition |
id | String | Identifier for item Inherited from deviceManagementConfigurationSettingDefinition |
description | String | Description of the item Inherited from deviceManagementConfigurationSettingDefinition |
helpText | String | Help text of the item Inherited from deviceManagementConfigurationSettingDefinition |
name | String | Name of the item Inherited from deviceManagementConfigurationSettingDefinition |
displayName | String | Display name of the item Inherited from deviceManagementConfigurationSettingDefinition |
version | String | Item Version Inherited from deviceManagementConfigurationSettingDefinition |
childIds | String collection | Dependent child settings to this group of settings Inherited from deviceManagementConfigurationSettingGroupDefinition |
dependentOn | deviceManagementConfigurationDependentOn collection | List of Dependencies for the setting group Inherited from deviceManagementConfigurationSettingGroupDefinition |
dependedOnBy | deviceManagementConfigurationSettingDependedOnBy collection | List of child settings that depend on this setting Inherited from deviceManagementConfigurationSettingGroupDefinition |
maximumCount | Int32 | Maximum number of setting group count in the collection |
minimumCount | Int32 | Minimum number of setting group count in the collection |
deviceManagementConfigurationSimpleSettingCollectionDefinition
Property | Type | Description |
---|---|---|
applicability | deviceManagementConfigurationSettingApplicability | Details which device setting is applicable on Inherited from deviceManagementConfigurationSettingDefinition |
accessTypes | deviceManagementConfigurationSettingAccessTypes | Read/write access mode of the setting Inherited from deviceManagementConfigurationSettingDefinition. Possible values are: none , add , copy , delete , get , replace , execute . |
keywords | String collection | Tokens which to search settings on Inherited from deviceManagementConfigurationSettingDefinition |
infoUrls | String collection | List of links more info for the setting can be found at Inherited from deviceManagementConfigurationSettingDefinition |
occurrence | deviceManagementConfigurationSettingOccurrence | Indicates whether the setting is required or not Inherited from deviceManagementConfigurationSettingDefinition |
baseUri | String | Base CSP Path Inherited from deviceManagementConfigurationSettingDefinition |
offsetUri | String | Offset CSP Path from Base Inherited from deviceManagementConfigurationSettingDefinition |
rootDefinitionId | String | Root setting definition if the setting is a child setting. Inherited from deviceManagementConfigurationSettingDefinition |
categoryId | String | Specifies the area group under which the setting is configured in a specified configuration service provider (CSP) Inherited from deviceManagementConfigurationSettingDefinition |
settingUsage | deviceManagementConfigurationSettingUsage | Setting type, for example, configuration and compliance Inherited from deviceManagementConfigurationSettingDefinition. Possible values are: none , configuration , compliance . |
uxBehavior | deviceManagementConfigurationControlType | Setting control type representation in the UX Inherited from deviceManagementConfigurationSettingDefinition. Possible values are: default , dropdown , smallTextBox , largeTextBox , toggle , multiheaderGrid , contextPane . |
visibility | deviceManagementConfigurationSettingVisibility | Setting visibility scope to UX Inherited from deviceManagementConfigurationSettingDefinition. Possible values are: none , settingsCatalog , template . |
referredSettingInformationList | deviceManagementConfigurationReferredSettingInformation collection | List of referred setting information. Inherited from deviceManagementConfigurationSettingDefinition |
id | String | Identifier for item Inherited from deviceManagementConfigurationSettingDefinition |
description | String | Description of the item Inherited from deviceManagementConfigurationSettingDefinition |
helpText | String | Help text of the item Inherited from deviceManagementConfigurationSettingDefinition |
name | String | Name of the item Inherited from deviceManagementConfigurationSettingDefinition |
displayName | String | Display name of the item Inherited from deviceManagementConfigurationSettingDefinition |
version | String | Item Version Inherited from deviceManagementConfigurationSettingDefinition |
valueDefinition | deviceManagementConfigurationSettingValueDefinition | Definition of the value for this setting Inherited from deviceManagementConfigurationSimpleSettingDefinition |
defaultValue | deviceManagementConfigurationSettingValue | Default setting value for this setting Inherited from deviceManagementConfigurationSimpleSettingDefinition |
dependentOn | deviceManagementConfigurationDependentOn collection | list of parent settings this setting is dependent on Inherited from deviceManagementConfigurationSimpleSettingDefinition |
dependedOnBy | deviceManagementConfigurationSettingDependedOnBy collection | list of child settings that depend on this setting Inherited from deviceManagementConfigurationSimpleSettingDefinition |
maximumCount | Int32 | Maximum number of simple settings in the collection |
minimumCount | Int32 | Minimum number of simple settings in the collection |
deviceManagementReports
Property | Type | Description |
---|---|---|
id | String | Unique identifier for this entity |
iosManagedAppRegistration
Property | Type | Description |
---|---|---|
createdDateTime | DateTimeOffset | Date and time of creation Inherited from managedAppRegistration |
lastSyncDateTime | DateTimeOffset | Date and time of last the app synced with management service. Inherited from managedAppRegistration |
applicationVersion | String | App version Inherited from managedAppRegistration |
managementSdkVersion | String | App management SDK version Inherited from managedAppRegistration |
platformVersion | String | Operating System version Inherited from managedAppRegistration |
deviceType | String | Host device type Inherited from managedAppRegistration |
deviceTag | String | App management SDK generated tag, which helps relate apps hosted on the same device. Not guaranteed to relate apps in all conditions. Inherited from managedAppRegistration |
deviceName | String | Host device name Inherited from managedAppRegistration |
flaggedReasons | managedAppFlaggedReason collection | Zero or more reasons an app registration is flagged. E.g. app running on rooted device Inherited from managedAppRegistration |
userId | String | The user Id to who this app registration belongs. Inherited from managedAppRegistration |
appIdentifier | mobileAppIdentifier | The app package Identifier Inherited from managedAppRegistration |
id | String | Key of the entity. Inherited from managedAppRegistration |
version | String | Version of the entity. Inherited from managedAppRegistration |
managedAppConfiguration
Property | Type | Description |
---|---|---|
displayName | String | Policy display name. Inherited from managedAppPolicy |
description | String | The policy's description. Inherited from managedAppPolicy |
createdDateTime | DateTimeOffset | The date and time the policy was created. Inherited from managedAppPolicy |
lastModifiedDateTime | DateTimeOffset | Last time the policy was modified. Inherited from managedAppPolicy |
id | String | Key of the entity. Inherited from managedAppPolicy |
version | String | Version of the entity. Inherited from managedAppPolicy |
customSettings | keyValuePair collection | A set of string key and string value pairs to be sent to apps for users to whom the configuration is scoped, unalterned by this service |
managedAppOperation
Property | Type | Description |
---|---|---|
displayName | String | The operation name. |
lastModifiedDateTime | DateTimeOffset | The last time the app operation was modified. |
state | String | The current state of the operation |
id | String | Key of the entity. |
version | String | Version of the entity. |
managedAppPolicy
Property | Type | Description |
---|---|---|
displayName | String | Policy display name. |
description | String | The policy's description. |
createdDateTime | DateTimeOffset | The date and time the policy was created. |
lastModifiedDateTime | DateTimeOffset | Last time the policy was modified. |
id | String | Key of the entity. |
version | String | Version of the entity. |
managedAppPolicyDeploymentSummary
Property | Type | Description |
---|---|---|
displayName | String | Not yet documented |
configurationDeployedUserCount | Int32 | Not yet documented |
lastRefreshTime | DateTimeOffset | Not yet documented |
configurationDeploymentSummaryPerApp | managedAppPolicyDeploymentSummaryPerApp collection | Not yet documented |
id | String | Key of the entity. |
version | String | Version of the entity. |
managedAppProtection
Property | Type | Description |
---|---|---|
displayName | String | Policy display name. Inherited from managedAppPolicy |
description | String | The policy's description. Inherited from managedAppPolicy |
createdDateTime | DateTimeOffset | The date and time the policy was created. Inherited from managedAppPolicy |
lastModifiedDateTime | DateTimeOffset | Last time the policy was modified. Inherited from managedAppPolicy |
id | String | Key of the entity. Inherited from managedAppPolicy |
version | String | Version of the entity. Inherited from managedAppPolicy |
periodOfflineBeforeAccessCheck | Duration | The period after which access is checked when the device is not connected to the internet. |
periodOnlineBeforeAccessCheck | Duration | The period after which access is checked when the device is connected to the internet. |
allowedInboundDataTransferSources | managedAppDataTransferLevel | Sources from which data is allowed to be transferred. Possible values are: allApps , managedApps , none . |
allowedOutboundDataTransferDestinations | managedAppDataTransferLevel | Destinations to which data is allowed to be transferred. Possible values are: allApps , managedApps , none . |
organizationalCredentialsRequired | Boolean | Indicates whether organizational credentials are required for app use. |
allowedOutboundClipboardSharingLevel | managedAppClipboardSharingLevel | The level to which the clipboard may be shared between apps on the managed device. Possible values are: allApps , managedAppsWithPasteIn , managedApps , blocked . |
dataBackupBlocked | Boolean | Indicates whether the backup of a managed app's data is blocked. |
deviceComplianceRequired | Boolean | Indicates whether device compliance is required. |
managedBrowserToOpenLinksRequired | Boolean | Indicates whether internet links should be opened in the managed browser app, or any custom browser specified by CustomBrowserProtocol (for iOS) or CustomBrowserPackageId/CustomBrowserDisplayName (for Android) |
saveAsBlocked | Boolean | Indicates whether users may use the "Save As" menu item to save a copy of protected files. |
periodOfflineBeforeWipeIsEnforced | Duration | The amount of time an app is allowed to remain disconnected from the internet before all managed data it is wiped. |
pinRequired | Boolean | Indicates whether an app-level pin is required. |
maximumPinRetries | Int32 | Maximum number of incorrect pin retry attempts before the managed app is either blocked or wiped. |
simplePinBlocked | Boolean | Indicates whether simplePin is blocked. |
minimumPinLength | Int32 | Minimum pin length required for an app-level pin if PinRequired is set to True |
pinCharacterSet | managedAppPinCharacterSet | Character set which may be used for an app-level pin if PinRequired is set to True. Possible values are: numeric , alphanumericAndSymbol . |
periodBeforePinReset | Duration | TimePeriod before the all-level pin must be reset if PinRequired is set to True. |
allowedDataStorageLocations | managedAppDataStorageLocation collection | Data storage locations where a user may store managed data. |
contactSyncBlocked | Boolean | Indicates whether contacts can be synced to the user's device. |
printBlocked | Boolean | Indicates whether printing is allowed from managed apps. |
fingerprintBlocked | Boolean | Indicates whether use of the fingerprint reader is allowed in place of a pin if PinRequired is set to True. |
disableAppPinIfDevicePinIsSet | Boolean | Indicates whether use of the app pin is required if the device pin is set. |
minimumRequiredOsVersion | String | Versions less than the specified version will block the managed app from accessing company data. |
minimumWarningOsVersion | String | Versions less than the specified version will result in warning message on the managed app from accessing company data. |
minimumRequiredAppVersion | String | Versions less than the specified version will block the managed app from accessing company data. |
minimumWarningAppVersion | String | Versions less than the specified version will result in warning message on the managed app. |
managedBrowser | managedBrowserType | Indicates in which managed browser(s) that internet links should be opened. When this property is configured, ManagedBrowserToOpenLinksRequired should be true. Possible values are: notConfigured , microsoftEdge . |
managedAppRegistration
Property | Type | Description |
---|---|---|
createdDateTime | DateTimeOffset | Date and time of creation |
lastSyncDateTime | DateTimeOffset | Date and time of last the app synced with management service. |
applicationVersion | String | App version |
managementSdkVersion | String | App management SDK version |
platformVersion | String | Operating System version |
deviceType | String | Host device type |
deviceTag | String | App management SDK generated tag, which helps relate apps hosted on the same device. Not guaranteed to relate apps in all conditions. |
deviceName | String | Host device name |
flaggedReasons | managedAppFlaggedReason collection | Zero or more reasons an app registration is flagged. E.g. app running on rooted device |
userId | String | The user Id to who this app registration belongs. |
appIdentifier | mobileAppIdentifier | The app package Identifier |
id | String | Key of the entity. |
version | String | Version of the entity. |
managedAppStatus
Property | Type | Description |
---|---|---|
displayName | String | Friendly name of the status report. |
id | String | Key of the entity. |
version | String | Version of the entity. |
managedAppStatusRaw
Property | Type | Description |
---|---|---|
displayName | String | Friendly name of the status report. Inherited from managedAppStatus |
id | String | Key of the entity. Inherited from managedAppStatus |
version | String | Version of the entity. Inherited from managedAppStatus |
content | Json | Status report content. |
managedMobileApp
Property | Type | Description |
---|---|---|
mobileAppIdentifier | mobileAppIdentifier | The identifier for an app with it's operating system type. |
id | String | Key of the entity. |
version | String | Version of the entity. |
targetedManagedAppPolicyAssignment
Property | Type | Description |
---|---|---|
id | String | Id |
target | deviceAndAppManagementAssignmentTarget | Identifier for deployment to a group or app |
targetedManagedAppProtection
Property | Type | Description |
---|---|---|
displayName | String | Policy display name. Inherited from managedAppPolicy |
description | String | The policy's description. Inherited from managedAppPolicy |
createdDateTime | DateTimeOffset | The date and time the policy was created. Inherited from managedAppPolicy |
lastModifiedDateTime | DateTimeOffset | Last time the policy was modified. Inherited from managedAppPolicy |
id | String | Key of the entity. Inherited from managedAppPolicy |
version | String | Version of the entity. Inherited from managedAppPolicy |
periodOfflineBeforeAccessCheck | Duration | The period after which access is checked when the device is not connected to the internet. Inherited from managedAppProtection |
periodOnlineBeforeAccessCheck | Duration | The period after which access is checked when the device is connected to the internet. Inherited from managedAppProtection |
allowedInboundDataTransferSources | managedAppDataTransferLevel | Sources from which data is allowed to be transferred. Inherited from managedAppProtection. Possible values are: allApps , managedApps , none . |
allowedOutboundDataTransferDestinations | managedAppDataTransferLevel | Destinations to which data is allowed to be transferred. Inherited from managedAppProtection. Possible values are: allApps , managedApps , none . |
organizationalCredentialsRequired | Boolean | Indicates whether organizational credentials are required for app use. Inherited from managedAppProtection |
allowedOutboundClipboardSharingLevel | managedAppClipboardSharingLevel | The level to which the clipboard may be shared between apps on the managed device. Inherited from managedAppProtection. Possible values are: allApps , managedAppsWithPasteIn , managedApps , blocked . |
dataBackupBlocked | Boolean | Indicates whether the backup of a managed app's data is blocked. Inherited from managedAppProtection |
deviceComplianceRequired | Boolean | Indicates whether device compliance is required. Inherited from managedAppProtection |
managedBrowserToOpenLinksRequired | Boolean | Indicates whether internet links should be opened in the managed browser app, or any custom browser specified by CustomBrowserProtocol (for iOS) or CustomBrowserPackageId/CustomBrowserDisplayName (for Android) Inherited from managedAppProtection |
saveAsBlocked | Boolean | Indicates whether users may use the "Save As" menu item to save a copy of protected files. Inherited from managedAppProtection |
periodOfflineBeforeWipeIsEnforced | Duration | The amount of time an app is allowed to remain disconnected from the internet before all managed data it is wiped. Inherited from managedAppProtection |
pinRequired | Boolean | Indicates whether an app-level pin is required. Inherited from managedAppProtection |
maximumPinRetries | Int32 | Maximum number of incorrect pin retry attempts before the managed app is either blocked or wiped. Inherited from managedAppProtection |
simplePinBlocked | Boolean | Indicates whether simplePin is blocked. Inherited from managedAppProtection |
minimumPinLength | Int32 | Minimum pin length required for an app-level pin if PinRequired is set to True Inherited from managedAppProtection |
pinCharacterSet | managedAppPinCharacterSet | Character set which may be used for an app-level pin if PinRequired is set to True. Inherited from managedAppProtection. Possible values are: numeric , alphanumericAndSymbol . |
periodBeforePinReset | Duration | TimePeriod before the all-level pin must be reset if PinRequired is set to True. Inherited from managedAppProtection |
allowedDataStorageLocations | managedAppDataStorageLocation collection | Data storage locations where a user may store managed data. Inherited from managedAppProtection |
contactSyncBlocked | Boolean | Indicates whether contacts can be synced to the user's device. Inherited from managedAppProtection |
printBlocked | Boolean | Indicates whether printing is allowed from managed apps. Inherited from managedAppProtection |
fingerprintBlocked | Boolean | Indicates whether use of the fingerprint reader is allowed in place of a pin if PinRequired is set to True. Inherited from managedAppProtection |
disableAppPinIfDevicePinIsSet | Boolean | Indicates whether use of the app pin is required if the device pin is set. Inherited from managedAppProtection |
minimumRequiredOsVersion | String | Versions less than the specified version will block the managed app from accessing company data. Inherited from managedAppProtection |
minimumWarningOsVersion | String | Versions less than the specified version will result in warning message on the managed app from accessing company data. Inherited from managedAppProtection |
minimumRequiredAppVersion | String | Versions less than the specified version will block the managed app from accessing company data. Inherited from managedAppProtection |
minimumWarningAppVersion | String | Versions less than the specified version will result in warning message on the managed app. Inherited from managedAppProtection |
managedBrowser | managedBrowserType | Indicates in which managed browser(s) that internet links should be opened. When this property is configured, ManagedBrowserToOpenLinksRequired should be true. Inherited from managedAppProtection. Possible values are: notConfigured , microsoftEdge . |
isAssigned | Boolean | Indicates if the policy is deployed to any inclusion groups or not. |
windowsInformationProtection
Property | Type | Description |
---|---|---|
displayName | String | Policy display name. Inherited from managedAppPolicy |
description | String | The policy's description. Inherited from managedAppPolicy |
createdDateTime | DateTimeOffset | The date and time the policy was created. Inherited from managedAppPolicy |
lastModifiedDateTime | DateTimeOffset | Last time the policy was modified. Inherited from managedAppPolicy |
id | String | Key of the entity. Inherited from managedAppPolicy |
version | String | Version of the entity. Inherited from managedAppPolicy |
enforcementLevel | windowsInformationProtectionEnforcementLevel | WIP enforcement level.See the Enum definition for supported values. Possible values are: noProtection , encryptAndAuditOnly , encryptAuditAndPrompt , encryptAuditAndBlock . |
enterpriseDomain | String | Primary enterprise domain |
enterpriseProtectedDomainNames | windowsInformationProtectionResourceCollection collection | List of enterprise domains to be protected |
protectionUnderLockConfigRequired | Boolean | Specifies whether the protection under lock feature (also known as encrypt under pin) should be configured |
dataRecoveryCertificate | windowsInformationProtectionDataRecoveryCertificate | Specifies a recovery certificate that can be used for data recovery of encrypted files. This is the same as the data recovery agent(DRA) certificate for encrypting file system(EFS) |
revokeOnUnenrollDisabled | Boolean | This policy controls whether to revoke the WIP keys when a device unenrolls from the management service. If set to 1 (Don't revoke keys), the keys will not be revoked and the user will continue to have access to protected files after unenrollment. If the keys are not revoked, there will be no revoked file cleanup subsequently. |
rightsManagementServicesTemplateId | Guid | TemplateID GUID to use for RMS encryption. The RMS template allows the IT admin to configure the details about who has access to RMS-protected file and how long they have access |
azureRightsManagementServicesAllowed | Boolean | Specifies whether to allow Azure RMS encryption for WIP |
iconsVisible | Boolean | Determines whether overlays are added to icons for WIP protected files in Explorer and enterprise only app tiles in the Start menu. Starting in Windows 10, version 1703 this setting also configures the visibility of the WIP icon in the title bar of a WIP-protected app |
protectedApps | windowsInformationProtectionApp collection | Protected applications can access enterprise data and the data handled by those applications are protected with encryption |
exemptApps | windowsInformationProtectionApp collection | Exempt applications can also access enterprise data, but the data handled by those applications are not protected. This is because some critical enterprise applications may have compatibility problems with encrypted data. |
enterpriseNetworkDomainNames | windowsInformationProtectionResourceCollection collection | This is the list of domains that comprise the boundaries of the enterprise. Data from one of these domains that is sent to a device will be considered enterprise data and protected These locations will be considered a safe destination for enterprise data to be shared to |
enterpriseProxiedDomains | windowsInformationProtectionProxiedDomainCollection collection | Contains a list of Enterprise resource domains hosted in the cloud that need to be protected. Connections to these resources are considered enterprise data. If a proxy is paired with a cloud resource, traffic to the cloud resource will be routed through the enterprise network via the denoted proxy server (on Port 80). A proxy server used for this purpose must also be configured using the EnterpriseInternalProxyServers policy |
enterpriseIPRanges | windowsInformationProtectionIPRangeCollection collection | Sets the enterprise IP ranges that define the computers in the enterprise network. Data that comes from those computers will be considered part of the enterprise and protected. These locations will be considered a safe destination for enterprise data to be shared to |
enterpriseIPRangesAreAuthoritative | Boolean | Boolean value that tells the client to accept the configured list and not to use heuristics to attempt to find other subnets. Default is false |
enterpriseProxyServers | windowsInformationProtectionResourceCollection collection | This is a list of proxy servers. Any server not on this list is considered non-enterprise |
enterpriseInternalProxyServers | windowsInformationProtectionResourceCollection collection | This is the comma-separated list of internal proxy servers. For example, "157.54.14.28, 157.54.11.118, 10.202.14.167, 157.53.14.163, 157.69.210.59". These proxies have been configured by the admin to connect to specific resources on the Internet. They are considered to be enterprise network locations. The proxies are only leveraged in configuring the EnterpriseProxiedDomains policy to force traffic to the matched domains through these proxies |
enterpriseProxyServersAreAuthoritative | Boolean | Boolean value that tells the client to accept the configured list of proxies and not try to detect other work proxies. Default is false |
neutralDomainResources | windowsInformationProtectionResourceCollection collection | List of domain names that can used for work or personal resource |
indexingEncryptedStoresOrItemsBlocked | Boolean | This switch is for the Windows Search Indexer, to allow or disallow indexing of items |
smbAutoEncryptedFileExtensions | windowsInformationProtectionResourceCollection collection | Specifies a list of file extensions, so that files with these extensions are encrypted when copying from an SMB share within the corporate boundary |
isAssigned | Boolean | Indicates if the policy is deployed to any inclusion groups or not. |
windowsInformationProtectionAppLockerFile
Property | Type | Description |
---|---|---|
displayName | String | The friendly name |
fileHash | String | SHA256 hash of the file |
file | Binary | File as a byte array |
id | String | Key of the entity. |
version | String | Version of the entity. |
windowsInformationProtectionDeviceRegistration
Property | Type | Description |
---|---|---|
id | String | Key of the entity. |
userId | String | UserId associated with this device registration record. |
deviceRegistrationId | String | Device identifier for this device registration record. |
deviceName | String | Device name. |
deviceType | String | Device type, for example, Windows laptop VS Windows phone. |
deviceMacAddress | String | Device Mac address. |
lastCheckInDateTime | DateTimeOffset | Last checkin time of the device. |
windowsInformationProtectionPolicy
Property | Type | Description |
---|---|---|
displayName | String | Policy display name. Inherited from managedAppPolicy |
description | String | The policy's description. Inherited from managedAppPolicy |
createdDateTime | DateTimeOffset | The date and time the policy was created. Inherited from managedAppPolicy |
lastModifiedDateTime | DateTimeOffset | Last time the policy was modified. Inherited from managedAppPolicy |
id | String | Key of the entity. Inherited from managedAppPolicy |
version | String | Version of the entity. Inherited from managedAppPolicy |
enforcementLevel | windowsInformationProtectionEnforcementLevel | WIP enforcement level.See the Enum definition for supported values Inherited from windowsInformationProtection. Possible values are: noProtection , encryptAndAuditOnly , encryptAuditAndPrompt , encryptAuditAndBlock . |
enterpriseDomain | String | Primary enterprise domain Inherited from windowsInformationProtection |
enterpriseProtectedDomainNames | windowsInformationProtectionResourceCollection collection | List of enterprise domains to be protected Inherited from windowsInformationProtection |
protectionUnderLockConfigRequired | Boolean | Specifies whether the protection under lock feature (also known as encrypt under pin) should be configured Inherited from windowsInformationProtection |
dataRecoveryCertificate | windowsInformationProtectionDataRecoveryCertificate | Specifies a recovery certificate that can be used for data recovery of encrypted files. This is the same as the data recovery agent(DRA) certificate for encrypting file system(EFS) Inherited from windowsInformationProtection |
revokeOnUnenrollDisabled | Boolean | This policy controls whether to revoke the WIP keys when a device unenrolls from the management service. If set to 1 (Don't revoke keys), the keys will not be revoked and the user will continue to have access to protected files after unenrollment. If the keys are not revoked, there will be no revoked file cleanup subsequently. Inherited from windowsInformationProtection |
rightsManagementServicesTemplateId | Guid | TemplateID GUID to use for RMS encryption. The RMS template allows the IT admin to configure the details about who has access to RMS-protected file and how long they have access Inherited from windowsInformationProtection |
azureRightsManagementServicesAllowed | Boolean | Specifies whether to allow Azure RMS encryption for WIP Inherited from windowsInformationProtection |
iconsVisible | Boolean | Determines whether overlays are added to icons for WIP protected files in Explorer and enterprise only app tiles in the Start menu. Starting in Windows 10, version 1703 this setting also configures the visibility of the WIP icon in the title bar of a WIP-protected app Inherited from windowsInformationProtection |
protectedApps | windowsInformationProtectionApp collection | Protected applications can access enterprise data and the data handled by those applications are protected with encryption Inherited from windowsInformationProtection |
exemptApps | windowsInformationProtectionApp collection | Exempt applications can also access enterprise data, but the data handled by those applications are not protected. This is because some critical enterprise applications may have compatibility problems with encrypted data. Inherited from windowsInformationProtection |
enterpriseNetworkDomainNames | windowsInformationProtectionResourceCollection collection | This is the list of domains that comprise the boundaries of the enterprise. Data from one of these domains that is sent to a device will be considered enterprise data and protected These locations will be considered a safe destination for enterprise data to be shared to Inherited from windowsInformationProtection |
enterpriseProxiedDomains | windowsInformationProtectionProxiedDomainCollection collection | Contains a list of Enterprise resource domains hosted in the cloud that need to be protected. Connections to these resources are considered enterprise data. If a proxy is paired with a cloud resource, traffic to the cloud resource will be routed through the enterprise network via the denoted proxy server (on Port 80). A proxy server used for this purpose must also be configured using the EnterpriseInternalProxyServers policy Inherited from windowsInformationProtection |
enterpriseIPRanges | windowsInformationProtectionIPRangeCollection collection | Sets the enterprise IP ranges that define the computers in the enterprise network. Data that comes from those computers will be considered part of the enterprise and protected. These locations will be considered a safe destination for enterprise data to be shared to Inherited from windowsInformationProtection |
enterpriseIPRangesAreAuthoritative | Boolean | Boolean value that tells the client to accept the configured list and not to use heuristics to attempt to find other subnets. Default is false Inherited from windowsInformationProtection |
enterpriseProxyServers | windowsInformationProtectionResourceCollection collection | This is a list of proxy servers. Any server not on this list is considered non-enterprise Inherited from windowsInformationProtection |
enterpriseInternalProxyServers | windowsInformationProtectionResourceCollection collection | This is the comma-separated list of internal proxy servers. For example, "157.54.14.28, 157.54.11.118, 10.202.14.167, 157.53.14.163, 157.69.210.59". These proxies have been configured by the admin to connect to specific resources on the Internet. They are considered to be enterprise network locations. The proxies are only leveraged in configuring the EnterpriseProxiedDomains policy to force traffic to the matched domains through these proxies Inherited from windowsInformationProtection |
enterpriseProxyServersAreAuthoritative | Boolean | Boolean value that tells the client to accept the configured list of proxies and not try to detect other work proxies. Default is false Inherited from windowsInformationProtection |
neutralDomainResources | windowsInformationProtectionResourceCollection collection | List of domain names that can used for work or personal resource Inherited from windowsInformationProtection |
indexingEncryptedStoresOrItemsBlocked | Boolean | This switch is for the Windows Search Indexer, to allow or disallow indexing of items Inherited from windowsInformationProtection |
smbAutoEncryptedFileExtensions | windowsInformationProtectionResourceCollection collection | Specifies a list of file extensions, so that files with these extensions are encrypted when copying from an SMB share within the corporate boundary Inherited from windowsInformationProtection |
isAssigned | Boolean | Indicates if the policy is deployed to any inclusion groups or not. Inherited from windowsInformationProtection |
revokeOnMdmHandoffDisabled | Boolean | New property in RS2, pending documentation |
mdmEnrollmentUrl | String | Enrollment url for the MDM |
windowsHelloForBusinessBlocked | Boolean | Boolean value that sets Windows Hello for Business as a method for signing into Windows. |
pinMinimumLength | Int32 | Integer value that sets the minimum number of characters required for the PIN. Default value is 4. The lowest number you can configure for this policy setting is 4. The largest number you can configure must be less than the number configured in the Maximum PIN length policy setting or the number 127, whichever is the lowest. |
pinUppercaseLetters | windowsInformationProtectionPinCharacterRequirements | Integer value that configures the use of uppercase letters in the Windows Hello for Business PIN. Default is NotAllow. Possible values are: notAllow , requireAtLeastOne , allow . |
pinLowercaseLetters | windowsInformationProtectionPinCharacterRequirements | Integer value that configures the use of lowercase letters in the Windows Hello for Business PIN. Default is NotAllow. Possible values are: notAllow , requireAtLeastOne , allow . |
pinSpecialCharacters | windowsInformationProtectionPinCharacterRequirements | Integer value that configures the use of special characters in the Windows Hello for Business PIN. Valid special characters for Windows Hello for Business PIN gestures include: ! " # $ % & ' ( ) * + , - . / : ; < = > ? @ [ \ ] ^ _ { | } ~. Default is NotAllow. Possible values are: notAllow, requireAtLeastOne, allow`. |
pinExpirationDays | Int32 | Integer value specifies the period of time (in days) that a PIN can be used before the system requires the user to change it. The largest number you can configure for this policy setting is 730. The lowest number you can configure for this policy setting is 0. If this policy is set to 0, then the user's PIN will never expire. This node was added in Windows 10, version 1511. Default is 0. |
numberOfPastPinsRemembered | Int32 | Integer value that specifies the number of past PINs that can be associated to a user account that can't be reused. The largest number you can configure for this policy setting is 50. The lowest number you can configure for this policy setting is 0. If this policy is set to 0, then storage of previous PINs is not required. This node was added in Windows 10, version 1511. Default is 0. |
passwordMaximumAttemptCount | Int32 | The number of authentication failures allowed before the device will be wiped. A value of 0 disables device wipe functionality. Range is an integer X where 4 <= X <= 16 for desktop and 0 <= X <= 999 for mobile devices. |
minutesOfInactivityBeforeDeviceLock | Int32 | Specifies the maximum amount of time (in minutes) allowed after the device is idle that will cause the device to become PIN or password locked. Range is an integer X where 0 <= X <= 999. |
daysWithoutContactBeforeUnenroll | Int32 | Offline interval before app data is wiped (days) |
windowsInformationProtectionWipeAction
Property | Type | Description |
---|---|---|
id | String | Key of the entity. |
status | actionState | Wipe action status. Possible values are: none , pending , canceled , active , done , failed , notSupported . |
targetedUserId | String | The UserId being targeted by this wipe action. |
targetedDeviceRegistrationId | String | The DeviceRegistrationId being targeted by this wipe action. |
targetedDeviceName | String | Targeted device name. |
targetedDeviceMacAddress | String | Targeted device Mac address. |
lastCheckInDateTime | DateTimeOffset | Last checkin time of the device that was targeted by this wipe action. |
windowsManagedAppProtection
Property | Type | Description |
---|---|---|
displayName | String | Policy display name. Inherited from managedAppPolicy |
description | String | The policy's description. Inherited from managedAppPolicy |
createdDateTime | DateTimeOffset | The date and time the policy was created. Inherited from managedAppPolicy |
lastModifiedDateTime | DateTimeOffset | Last time the policy was modified. Inherited from managedAppPolicy |
roleScopeTagIds | String collection | List of Scope Tags for this Entity instance. Inherited from managedAppPolicy |
id | String | Key of the entity. Inherited from managedAppPolicy |
version | String | Version of the entity. Inherited from managedAppPolicy |
isAssigned | Boolean | When TRUE, indicates that the policy is deployed to some inclusion groups. When FALSE, indicates that the policy is not deployed to any inclusion groups. Default value is FALSE. |
deployedAppCount | Int32 | Indicates the total number of applications for which the current policy is deployed. |
printBlocked | Boolean | When TRUE, indicates that printing is blocked from managed apps. When FALSE, indicates that printing is allowed from managed apps. Default value is FALSE. |
allowedInboundDataTransferSources | windowsManagedAppDataTransferLevel | Indicates the sources from which data is allowed to be transferred. Some possible values are allApps or none. Possible values are: allApps , none . |
allowedOutboundClipboardSharingLevel | windowsManagedAppClipboardSharingLevel | Indicates the level to which the clipboard may be shared across org & non-org resources. Some possible values are anyDestinationAnySource or none. Possible values are: anyDestinationAnySource , none . |
allowedOutboundDataTransferDestinations | windowsManagedAppDataTransferLevel | Indicates the destinations to which data is allowed to be transferred. Some possible values are allApps or none. Possible values are: allApps , none . |
appActionIfUnableToAuthenticateUser | managedAppRemediationAction | If set, it will specify what action to take in the case where the user is unable to checkin because their authentication token is invalid. This happens when the user is deleted or disabled in AAD. Some possible values are block or wipe. If this property is not set, no action will be taken. Possible values are: block , wipe , warn . |
maximumAllowedDeviceThreatLevel | managedAppDeviceThreatLevel | Maximum allowed device threat level, as reported by the Mobile Threat Defense app. Possible values are: notConfigured , secured , low , medium , high . |
mobileThreatDefenseRemediationAction | managedAppRemediationAction | Determines what action to take if the mobile threat defense threat threshold isn't met. Some possible values are block or wipe. Warn isn't a supported value for this property. Possible values are: block , wipe , warn . |
minimumRequiredSdkVersion | String | Versions less than the specified version will block the managed app from accessing company data. For example: '8.1.0' or '13.1.1'. |
minimumWipeSdkVersion | String | Versions less than the specified version will wipe the managed app and the associated company data. For example: '8.1.0' or '13.1.1'. |
minimumRequiredOsVersion | String | Versions less than the specified version will block the managed app from accessing company data. For example: '8.1.0' or '13.1.1'. |
minimumWarningOsVersion | String | Versions less than the specified version will result in warning message on the managed app from accessing company data. For example: '8.1.0' or '13.1.1'. |
minimumWipeOsVersion | String | Versions less than the specified version will wipe the managed app and the associated company data. For example: '8.1.0' or '13.1.1'. |
minimumRequiredAppVersion | String | Versions less than the specified version will block the managed app from accessing company data. For example: '8.1.0' or '13.1.1'. |
minimumWarningAppVersion | String | Versions less than the specified version will result in warning message on the managed app from accessing company data. For example: '8.1.0' or '13.1.1'. |
minimumWipeAppVersion | String | Versions less than the specified version will wipe the managed app and the associated company data. For example: '8.1.0' or '13.1.1'. |
maximumRequiredOsVersion | String | Versions bigger than the specified version will block the managed app from accessing company data. For example: '8.1.0' or '13.1.1'. |
maximumWarningOsVersion | String | Versions bigger than the specified version will result in warning message on the managed app from accessing company data. For example: '8.1.0' or '13.1.1'. |
maximumWipeOsVersion | String | Versions bigger than the specified version will wipe the managed app and the associated company data. For example: '8.1.0' or '13.1.1'. |
periodOfflineBeforeWipeIsEnforced | Duration | The amount of time an app is allowed to remain disconnected from the internet before all managed data it is wiped. For example, P5D indicates that the interval is 5 days in duration. A timespan value of PT0S indicates that managed data will never be wiped when the device is not connected to the internet. |
periodOfflineBeforeAccessCheck | Duration | The period after which access is checked when the device is not connected to the internet. For example, PT5M indicates that the interval is 5 minutes in duration. A timespan value of PT0S indicates that access will be blocked immediately when the device is not connected to the internet. |
deviceManagement
Property | Type | Description |
---|---|---|
id | String | Not yet documented |
metricTimeSeriesDataPoint
Property | Type | Description |
---|---|---|
dateTime | DateTimeOffset | Time of the metric time series data point |
value | Int64 | Value of the metric time series data point |
microsoftTunnelConfiguration
Property | Type | Description |
---|---|---|
id | String | The unique identifier for the configuration id. Supports: $delete, $update. $Insert, $skip, $top is not supported. Read-only. |
displayName | String | The display name for the server configuration. This property is required when a server is created. |
description | String | The configuration's description (optional) |
network | String | The subnet that will be used to allocate virtual address for the clients |
dnsServers | String collection | The DNS servers that will be used by the clients |
defaultDomainSuffix | String | The Default Domain appendix that will be used by the clients |
routeIncludes | String collection | The routes that will be routed by the server |
routeExcludes | String collection | Subsets of the routes that will not be routed by the server |
splitDNS | String collection | The domains that will be resolved using the provided dns servers |
listenPort | Int32 | The port that both TCP and UPD will listen over on the server |
advancedSettings | keyValuePair collection | Additional settings that may be applied to the server |
lastUpdateDateTime | DateTimeOffset | When the configuration was last updated |
roleScopeTagIds | String collection | List of Scope Tags for this Entity instance |
disableUdpConnections | Boolean | When DisableUdpConnections is set, the clients and VPN server will not use DTLS connections to transfer data. |
microsoftTunnelHealthThreshold
Property | Type | Description |
---|---|---|
id | String | The unique identifier for the metric name. Supports: $delete, $update. $Insert, $skip, $top is not supported. Read-only. |
healthyThreshold | Int64 | The threshold for being healthy based on default health status metrics: CPU usage healthy < 50%, Memory usage healthy < 50%, Disk space healthy > 5GB, Latency healthy < 10ms, health metrics can be customized. |
unhealthyThreshold | Int64 | The threshold for being unhealthy based on default health status metrics: CPU usage unhealthy > 75%, Memory usage unhealthy > 75%, Disk space < 3GB, Latency Unhealthy > 20ms, health metrics can be customized. |
defaultHealthyThreshold | Int64 | The threshold for being healthy based on default health status metrics: CPU usage healthy < 50%, Memory usage healthy < 50%, Disk space healthy > 5GB, Latency healthy < 10ms, health metrics can be customized. Read-only. |
defaultUnhealthyThreshold | Int64 | The threshold for being unhealthy based on default health status metrics: CPU usage unhealthy > 75%, Memory usage unhealthy > 75%, Disk space < 3GB, Latency unhealthy > 20ms, health metrics can be customized. Read-only. |
microsoftTunnelServer
Property | Type | Description |
---|---|---|
id | String | The unique identifier for the managed server. This id is assigned at enrollment time. Supports: $delete. $Update, $insert, $skip, $top is not supported. Read-only. |
displayName | String | The display name for the server. This property is required when a server is created and cannot be cleared during updates. |
tunnelServerHealthStatus | microsoftTunnelServerHealthStatus | Indicates the server's health Status as of the last evaluation time. Health is evaluated every 60 seconds, and the possible values are: unknown, healthy, unhealthy, warning, offline, upgradeInProgress, upgradeFailed. Possible values are: unknown , healthy , unhealthy , warning , offline , upgradeInProgress , upgradeFailed , unknownFutureValue . |
lastCheckinDateTime | DateTimeOffset | Indicates when the server last checked in |
agentImageDigest | String | The digest of the current agent image running on this server |
serverImageDigest | String | The digest of the current server image running on this server |
microsoftTunnelServerLogCollectionResponse
Property | Type | Description |
---|---|---|
id | String | The unique identifier for server log collection response. Read-only. |
status | microsoftTunnelLogCollectionStatus | The status of log collection. Possible values are: pending, completed, failed. Possible values are: pending , completed , failed , unknownFutureValue . |
startDateTime | DateTimeOffset | The start time of the logs collected |
endDateTime | DateTimeOffset | The end time of the logs collected |
sizeInBytes | Int64 | The size of the logs in bytes |
serverId | String | ID of the server the log collection is requested upon |
requestDateTime | DateTimeOffset | The time when the log collection was requested |
expiryDateTime | DateTimeOffset | The time when the log collection is expired |
microsoftTunnelSite
Property | Type | Description |
---|---|---|
id | String | The unique identifier for the site id. $Insert, $skip, $top is not supported. Read-only. |
displayName | String | The display name for the site. This property is required when a site is created. |
description | String | The site's description (optional) |
publicAddress | String | The site's public domain name or IP address |
upgradeWindowUtcOffsetInMinutes | Int32 | The site's timezone represented as a minute offset from UTC |
upgradeWindowStartTime | TimeOfDay | The site's upgrade window start time of day |
upgradeWindowEndTime | TimeOfDay | The site's upgrade window end time of day |
upgradeAutomatically | Boolean | The site's automatic upgrade setting. True for automatic upgrades, false for manual control |
upgradeAvailable | Boolean | The site provides the state of when an upgrade is available |
internalNetworkProbeUrl | String | The site's Internal Network Access Probe URL |
roleScopeTagIds | String collection | List of Scope Tags for this Entity instance |
deviceManagementDomainJoinConnector
Property | Type | Description |
---|---|---|
id | String | Unique identifier to represent a connector. |
displayName | String | The connector display name. |
lastConnectionDateTime | DateTimeOffset | Last time connector contacted Intune. |
state | deviceManagementDomainJoinConnectorState | The connector state. Possible values are: active , error , inactive . |
version | String | The version of the connector. |
complianceManagementPartner
Property | Type | Description |
---|---|---|
id | String | Id of the entity |
lastHeartbeatDateTime | DateTimeOffset | Timestamp of last heartbeat after admin onboarded to the compliance management partner |
partnerState | deviceManagementPartnerTenantState | Partner state of this tenant. Possible values are: unknown , unavailable , enabled , terminated , rejected , unresponsive . |
displayName | String | Partner display name |
macOsOnboarded | Boolean | Partner onboarded for Mac devices. |
androidOnboarded | Boolean | Partner onboarded for Android devices. |
iosOnboarded | Boolean | Partner onboarded for ios devices. |
macOsEnrollmentAssignments | complianceManagementPartnerAssignment collection | User groups which enroll Mac devices through partner. |
androidEnrollmentAssignments | complianceManagementPartnerAssignment collection | User groups which enroll Android devices through partner. |
iosEnrollmentAssignments | complianceManagementPartnerAssignment collection | User groups which enroll ios devices through partner. |
deviceAndAppManagementData
Property | Type | Description |
---|---|---|
content | Stream | Not yet documented |
deviceAppManagement
Property | Type | Description |
---|---|---|
id | String | Not yet documented |
microsoftStoreForBusinessLastSuccessfulSyncDateTime | DateTimeOffset | The last time the apps from the Microsoft Store for Business were synced successfully for the account. |
isEnabledForMicrosoftStoreForBusiness | Boolean | Whether the account is enabled for syncing applications from the Microsoft Store for Business. |
microsoftStoreForBusinessLanguage | String | The locale information used to sync applications from the Microsoft Store for Business. Cultures that are specific to a country/region. The names of these cultures follow RFC 4646 (Windows Vista and later). The format is |
microsoftStoreForBusinessLastCompletedApplicationSyncTime | DateTimeOffset | The last time an application sync from the Microsoft Store for Business was completed. |
deviceCategory
Property | Type | Description |
---|---|---|
id | String | Unique identifier for the device category. Read-only. |
displayName | String | Display name for the device category. |
description | String | Optional description for the device category. |
deviceComanagementAuthorityConfiguration
Property | Type | Description |
---|---|---|
id | String | Unique Identifier for the account Inherited from deviceEnrollmentConfiguration |
displayName | String | The display name of the device enrollment configuration Inherited from deviceEnrollmentConfiguration |
description | String | The description of the device enrollment configuration Inherited from deviceEnrollmentConfiguration |
priority | Int32 | Priority is used when a user exists in multiple groups that are assigned enrollment configuration. Users are subject only to the configuration with the lowest priority value. Inherited from deviceEnrollmentConfiguration |
createdDateTime | DateTimeOffset | Created date time in UTC of the device enrollment configuration Inherited from deviceEnrollmentConfiguration |
lastModifiedDateTime | DateTimeOffset | Last modified date time in UTC of the device enrollment configuration Inherited from deviceEnrollmentConfiguration |
version | Int32 | The version of the device enrollment configuration Inherited from deviceEnrollmentConfiguration |
roleScopeTagIds | String collection | Optional role scope tags for the enrollment restrictions. Inherited from deviceEnrollmentConfiguration |
deviceEnrollmentConfigurationType | deviceEnrollmentConfigurationType | Support for Enrollment Configuration Type Inherited from deviceEnrollmentConfiguration. Possible values are: unknown , limit , platformRestrictions , windowsHelloForBusiness , defaultLimit , defaultPlatformRestrictions , defaultWindowsHelloForBusiness , defaultWindows10EnrollmentCompletionPageConfiguration , windows10EnrollmentCompletionPageConfiguration , deviceComanagementAuthorityConfiguration , singlePlatformRestriction , unknownFutureValue , enrollmentNotificationsConfiguration . |
managedDeviceAuthority | Int32 | CoManagement Authority configuration ManagedDeviceAuthority |
installConfigurationManagerAgent | Boolean | CoManagement Authority configuration InstallConfigurationManagerAgent |
configurationManagerAgentCommandLineArgument | String | CoManagement Authority configuration ConfigurationManagerAgentCommandLineArgument |
deviceEnrollmentConfiguration
Property | Type | Description |
---|---|---|
id | String | Unique Identifier for the account |
displayName | String | The display name of the device enrollment configuration |
description | String | The description of the device enrollment configuration |
priority | Int32 | Priority is used when a user exists in multiple groups that are assigned enrollment configuration. Users are subject only to the configuration with the lowest priority value. |
createdDateTime | DateTimeOffset | Created date time in UTC of the device enrollment configuration |
lastModifiedDateTime | DateTimeOffset | Last modified date time in UTC of the device enrollment configuration |
version | Int32 | The version of the device enrollment configuration |
deviceEnrollmentLimitConfiguration
Property | Type | Description |
---|---|---|
id | String | Unique Identifier for the account Inherited from deviceEnrollmentConfiguration |
displayName | String | The display name of the device enrollment configuration Inherited from deviceEnrollmentConfiguration |
description | String | The description of the device enrollment configuration Inherited from deviceEnrollmentConfiguration |
priority | Int32 | Priority is used when a user exists in multiple groups that are assigned enrollment configuration. Users are subject only to the configuration with the lowest priority value. Inherited from deviceEnrollmentConfiguration |
createdDateTime | DateTimeOffset | Created date time in UTC of the device enrollment configuration Inherited from deviceEnrollmentConfiguration |
lastModifiedDateTime | DateTimeOffset | Last modified date time in UTC of the device enrollment configuration Inherited from deviceEnrollmentConfiguration |
version | Int32 | The version of the device enrollment configuration Inherited from deviceEnrollmentConfiguration |
limit | Int32 | The maximum number of devices that a user can enroll |
deviceEnrollmentNotificationConfiguration
Property | Type | Description |
---|---|---|
id | String | Unique Identifier for the account Inherited from deviceEnrollmentConfiguration |
displayName | String | The display name of the device enrollment configuration Inherited from deviceEnrollmentConfiguration |
description | String | The description of the device enrollment configuration Inherited from deviceEnrollmentConfiguration |
priority | Int32 | Priority is used when a user exists in multiple groups that are assigned enrollment configuration. Users are subject only to the configuration with the lowest priority value. Inherited from deviceEnrollmentConfiguration |
createdDateTime | DateTimeOffset | Created date time in UTC of the device enrollment configuration Inherited from deviceEnrollmentConfiguration |
lastModifiedDateTime | DateTimeOffset | Last modified date time in UTC of the device enrollment configuration Inherited from deviceEnrollmentConfiguration |
version | Int32 | The version of the device enrollment configuration Inherited from deviceEnrollmentConfiguration |
roleScopeTagIds | String collection | Optional role scope tags for the enrollment restrictions. Inherited from deviceEnrollmentConfiguration |
deviceEnrollmentConfigurationType | deviceEnrollmentConfigurationType | Support for Enrollment Configuration Type Inherited from deviceEnrollmentConfiguration. Possible values are: unknown , limit , platformRestrictions , windowsHelloForBusiness , defaultLimit , defaultPlatformRestrictions , defaultWindowsHelloForBusiness , defaultWindows10EnrollmentCompletionPageConfiguration , windows10EnrollmentCompletionPageConfiguration , deviceComanagementAuthorityConfiguration , singlePlatformRestriction , unknownFutureValue , enrollmentNotificationsConfiguration . |
platformType | enrollmentRestrictionPlatformType | Platform type of the Enrollment Notification. Possible values are: allPlatforms , ios , windows , windowsPhone , android , androidForWork , mac , linux , unknownFutureValue . |
templateType | enrollmentNotificationTemplateType | Template type of the Enrollment Notification. Possible values are: email , push , unknownFutureValue . |
notificationMessageTemplateId | Guid | Notification Message Template Id |
notificationTemplates | String collection | The list of notification data - |
brandingOptions | enrollmentNotificationBrandingOptions | Branding Options for the Enrollment Notification. Possible values are: none , includeCompanyLogo , includeCompanyName , includeContactInformation , includeCompanyPortalLink , includeDeviceDetails , unknownFutureValue . |
defaultLocale | String | DefaultLocale for the Enrollment Notification |
deviceEnrollmentPlatformRestrictionConfiguration
Property | Type | Description |
---|---|---|
id | String | Unique Identifier for the account Inherited from deviceEnrollmentConfiguration |
displayName | String | The display name of the device enrollment configuration Inherited from deviceEnrollmentConfiguration |
description | String | The description of the device enrollment configuration Inherited from deviceEnrollmentConfiguration |
priority | Int32 | Priority is used when a user exists in multiple groups that are assigned enrollment configuration. Users are subject only to the configuration with the lowest priority value. Inherited from deviceEnrollmentConfiguration |
createdDateTime | DateTimeOffset | Created date time in UTC of the device enrollment configuration Inherited from deviceEnrollmentConfiguration |
lastModifiedDateTime | DateTimeOffset | Last modified date time in UTC of the device enrollment configuration Inherited from deviceEnrollmentConfiguration |
version | Int32 | The version of the device enrollment configuration Inherited from deviceEnrollmentConfiguration |
roleScopeTagIds | String collection | Optional role scope tags for the enrollment restrictions. Inherited from deviceEnrollmentConfiguration |
deviceEnrollmentConfigurationType | deviceEnrollmentConfigurationType | Support for Enrollment Configuration Type Inherited from deviceEnrollmentConfiguration. Possible values are: unknown , limit , platformRestrictions , windowsHelloForBusiness , defaultLimit , defaultPlatformRestrictions , defaultWindowsHelloForBusiness , defaultWindows10EnrollmentCompletionPageConfiguration , windows10EnrollmentCompletionPageConfiguration , deviceComanagementAuthorityConfiguration , singlePlatformRestriction , unknownFutureValue , enrollmentNotificationsConfiguration . |
platformRestriction | deviceEnrollmentPlatformRestriction | Restrictions based on platform, platform operating system version, and device ownership |
platformType | enrollmentRestrictionPlatformType | Type of platform for which this restriction applies. Possible values are: allPlatforms , ios , windows , windowsPhone , android , androidForWork , mac , linux , unknownFutureValue . |
deviceEnrollmentPlatformRestrictionsConfiguration
Property | Type | Description |
---|---|---|
id | String | Unique Identifier for the account Inherited from deviceEnrollmentConfiguration |
displayName | String | The display name of the device enrollment configuration Inherited from deviceEnrollmentConfiguration |
description | String | The description of the device enrollment configuration Inherited from deviceEnrollmentConfiguration |
priority | Int32 | Priority is used when a user exists in multiple groups that are assigned enrollment configuration. Users are subject only to the configuration with the lowest priority value. Inherited from deviceEnrollmentConfiguration |
createdDateTime | DateTimeOffset | Created date time in UTC of the device enrollment configuration Inherited from deviceEnrollmentConfiguration |
lastModifiedDateTime | DateTimeOffset | Last modified date time in UTC of the device enrollment configuration Inherited from deviceEnrollmentConfiguration |
version | Int32 | The version of the device enrollment configuration Inherited from deviceEnrollmentConfiguration |
iosRestriction | deviceEnrollmentPlatformRestriction | Ios restrictions based on platform, platform operating system version, and device ownership |
windowsRestriction | deviceEnrollmentPlatformRestriction | Windows restrictions based on platform, platform operating system version, and device ownership |
windowsMobileRestriction | deviceEnrollmentPlatformRestriction | Windows mobile restrictions based on platform, platform operating system version, and device ownership |
androidRestriction | deviceEnrollmentPlatformRestriction | Android restrictions based on platform, platform operating system version, and device ownership |
macOSRestriction | deviceEnrollmentPlatformRestriction | Mac restrictions based on platform, platform operating system version, and device ownership |
deviceEnrollmentWindowsHelloForBusinessConfiguration
Property | Type | Description |
---|---|---|
id | String | Unique Identifier for the account Inherited from deviceEnrollmentConfiguration |
displayName | String | The display name of the device enrollment configuration Inherited from deviceEnrollmentConfiguration |
description | String | The description of the device enrollment configuration Inherited from deviceEnrollmentConfiguration |
priority | Int32 | Priority is used when a user exists in multiple groups that are assigned enrollment configuration. Users are subject only to the configuration with the lowest priority value. Inherited from deviceEnrollmentConfiguration |
createdDateTime | DateTimeOffset | Created date time in UTC of the device enrollment configuration Inherited from deviceEnrollmentConfiguration |
lastModifiedDateTime | DateTimeOffset | Last modified date time in UTC of the device enrollment configuration Inherited from deviceEnrollmentConfiguration |
version | Int32 | The version of the device enrollment configuration Inherited from deviceEnrollmentConfiguration |
pinMinimumLength | Int32 | Controls the minimum number of characters required for the Windows Hello for Business PIN. This value must be between 4 and 127, inclusive, and less than or equal to the value set for the maximum PIN. |
pinMaximumLength | Int32 | Controls the maximum number of characters allowed for the Windows Hello for Business PIN. This value must be between 4 and 127, inclusive. This value must be greater than or equal to the value set for the minimum PIN. |
pinUppercaseCharactersUsage | windowsHelloForBusinessPinUsage | Controls the ability to use uppercase letters in the Windows Hello for Business PIN. Allowed permits the use of uppercase letter(s), whereas Required ensures they are present. If set to Not Allowed, uppercase letters will not be permitted. Possible values are: allowed , required , disallowed . |
pinLowercaseCharactersUsage | windowsHelloForBusinessPinUsage | Controls the ability to use lowercase letters in the Windows Hello for Business PIN. Allowed permits the use of lowercase letter(s), whereas Required ensures they are present. If set to Not Allowed, lowercase letters will not be permitted. Possible values are: allowed , required , disallowed . |
pinSpecialCharactersUsage | windowsHelloForBusinessPinUsage | Controls the ability to use special characters in the Windows Hello for Business PIN. Allowed permits the use of special character(s), whereas Required ensures they are present. If set to Not Allowed, special character(s) will not be permitted. Possible values are: allowed , required , disallowed . |
state | enablement | Controls whether to allow the device to be configured for Windows Hello for Business. If set to disabled, the user cannot provision Windows Hello for Business except on Azure Active Directory joined mobile phones if otherwise required. If set to Not Configured, Intune will not override client defaults. Possible values are: notConfigured , enabled , disabled . |
securityDeviceRequired | Boolean | Controls whether to require a Trusted Platform Module (TPM) for provisioning Windows Hello for Business. A TPM provides an additional security benefit in that data stored on it cannot be used on other devices. If set to False, all devices can provision Windows Hello for Business even if there is not a usable TPM. |
unlockWithBiometricsEnabled | Boolean | Controls the use of biometric gestures, such as face and fingerprint, as an alternative to the Windows Hello for Business PIN. If set to False, biometric gestures are not allowed. Users must still configure a PIN as a backup in case of failures. |
remotePassportEnabled | Boolean | Controls the use of Remote Windows Hello for Business. Remote Windows Hello for Business provides the ability for a portable, registered device to be usable as a companion for desktop authentication. The desktop must be Azure AD joined and the companion device must have a Windows Hello for Business PIN. |
pinPreviousBlockCount | Int32 | Controls the ability to prevent users from using past PINs. This must be set between 0 and 50, inclusive, and the current PIN of the user is included in that count. If set to 0, previous PINs are not stored. PIN history is not preserved through a PIN reset. |
pinExpirationInDays | Int32 | Controls the period of time (in days) that a PIN can be used before the system requires the user to change it. This must be set between 0 and 730, inclusive. If set to 0, the user's PIN will never expire |
enhancedBiometricsState | enablement | Controls the ability to use the anti-spoofing features for facial recognition on devices which support it. If set to disabled, anti-spoofing features are not allowed. If set to Not Configured, the user can choose whether they want to use anti-spoofing. Possible values are: notConfigured , enabled , disabled . |
deviceManagement
Property | Type | Description |
---|---|---|
id | String | Unique identifier for this entity |
intuneBrand | intuneBrand | intuneBrand contains data which is used in customizing the appearance of the Company Portal applications as well as the end user web portal. |
deviceManagementExchangeConnector
Property | Type | Description |
---|---|---|
id | String | Not yet documented |
lastSyncDateTime | DateTimeOffset | Last sync time for the Exchange Connector |
status | deviceManagementExchangeConnectorStatus | Exchange Connector Status. Possible values are: none , connectionPending , connected , disconnected , unknownFutureValue . |
primarySmtpAddress | String | Email address used to configure the Service To Service Exchange Connector. |
serverName | String | The name of the Exchange server. |
connectorServerName | String | The name of the server hosting the Exchange Connector. |
exchangeConnectorType | deviceManagementExchangeConnectorType | The type of Exchange Connector Configured. Possible values are: onPremises , hosted , serviceToService , dedicated , unknownFutureValue . |
version | String | The version of the ExchangeConnectorAgent |
exchangeAlias | String | An alias assigned to the Exchange server |
exchangeOrganization | String | Exchange Organization to the Exchange server |
deviceManagementExchangeOnPremisesPolicy
Property | Type | Description |
---|---|---|
id | String | Not yet documented |
notificationContent | Binary | Notification text that will be sent to users quarantined by this policy. This is UTF8 encoded byte array HTML. |
defaultAccessLevel | deviceManagementExchangeAccessLevel | Default access state in Exchange. This rule applies globally to the entire Exchange organization. Possible values are: none , allow , block , quarantine . |
accessRules | deviceManagementExchangeAccessRule collection | The list of device access rules in Exchange. The access rules apply globally to the entire Exchange organization |
knownDeviceClasses | deviceManagementExchangeDeviceClass collection | The list of device classes known to Exchange |
deviceManagementPartner
Property | Type | Description |
---|---|---|
id | String | Id of the entity |
lastHeartbeatDateTime | DateTimeOffset | Timestamp of last heartbeat after admin enabled option Connect to Device management Partner |
partnerState | deviceManagementPartnerTenantState | Partner state of this tenant. Possible values are: unknown , unavailable , enabled , terminated , rejected , unresponsive . |
partnerAppType | deviceManagementPartnerAppType | Partner App type. Possible values are: unknown , singleTenantApp , multiTenantApp . |
singleTenantAppId | String | Partner Single tenant App id |
displayName | String | Partner display name |
isConfigured | Boolean | Whether device management partner is configured or not |
whenPartnerDevicesWillBeRemovedDateTime | DateTimeOffset | DateTime in UTC when PartnerDevices will be removed |
whenPartnerDevicesWillBeMarkedAsNonCompliantDateTime | DateTimeOffset | DateTime in UTC when PartnerDevices will be marked as NonCompliant |
groupsRequiringPartnerEnrollment | deviceManagementPartnerAssignment collection | User groups that specifies whether enrollment is through partner. |
enrollmentConfigurationAssignment
Property | Type | Description |
---|---|---|
id | String | Key of the enrollment configuration assignment |
target | deviceAndAppManagementAssignmentTarget | Represents an assignment to managed devices in the tenant |
mobileThreatDefenseConnector
Property | Type | Description |
---|---|---|
id | String | Not yet documented |
lastHeartbeatDateTime | DateTimeOffset | DateTime of last Heartbeat recieved from the Mobile Threat Defense partner |
partnerState | mobileThreatPartnerTenantState | Mobile Threat Defense partner state for this account. Possible values are: unavailable , available , enabled , unresponsive . |
androidMobileApplicationManagementEnabled | Boolean | When TRUE, inidicates that data from the Mobile Threat Defense partner can be used during Mobile Application Management (MAM) evaluations for Android devices. When FALSE, inidicates that data from the Mobile Threat Defense partner should not be used during Mobile Application Management (MAM) evaluations for Android devices. Only one partner per platform may be enabled for Mobile Application Management (MAM) evaluation. Default value is FALSE. |
iosMobileApplicationManagementEnabled | Boolean | When TRUE, inidicates that data from the Mobile Threat Defense partner can be used during Mobile Application Management (MAM) evaluations for IOS devices. When FALSE, inidicates that data from the Mobile Threat Defense partner should not be used during Mobile Application Management (MAM) evaluations for IOS devices. Only one partner per platform may be enabled for Mobile Application Management (MAM) evaluation. Default value is FALSE. |
androidEnabled | Boolean | For Android, set whether data from the Mobile Threat Defense partner should be used during compliance evaluations |
iosEnabled | Boolean | For IOS, get or set whether data from the Mobile Threat Defense partner should be used during compliance evaluations |
windowsEnabled | Boolean | When TRUE, inidicates that data from the Mobile Threat Defense partner can be used during compliance evaluations for Windows. When FALSE, inidicates that data from the Mobile Threat Defense partner should not be used during compliance evaluations for Windows. Default value is FALSE. |
androidDeviceBlockedOnMissingPartnerData | Boolean | For Android, set whether Intune must receive data from the Mobile Threat Defense partner prior to marking a device compliant |
iosDeviceBlockedOnMissingPartnerData | Boolean | For IOS, set whether Intune must receive data from the Mobile Threat Defense partner prior to marking a device compliant |
windowsDeviceBlockedOnMissingPartnerData | Boolean | When TRUE, inidicates that Intune must receive data from the Mobile Threat Defense partner prior to marking a device compliant for Windows. When FALSE, inidicates that Intune may make a device compliant without receiving data from the Mobile Threat Defense partner for Windows. Default value is FALSE. |
partnerUnsupportedOsVersionBlocked | Boolean | Get or set whether to block devices on the enabled platforms that do not meet the minimum version requirements of the Mobile Threat Defense partner |
partnerUnresponsivenessThresholdInDays | Int32 | Get or Set days the per tenant tolerance to unresponsiveness for this partner integration |
allowPartnerToCollectIOSApplicationMetadata | Boolean | When TRUE, indicates the Mobile Threat Defense partner may collect metadata about installed applications from Intune for IOS devices. When FALSE, indicates the Mobile Threat Defense partner may not collect metadata about installed applications from Intune for IOS devices. Default value is FALSE. |
allowPartnerToCollectIOSPersonalApplicationMetadata | Boolean | When TRUE, indicates the Mobile Threat Defense partner may collect metadata about personally installed applications from Intune for IOS devices. When FALSE, indicates the Mobile Threat Defense partner may not collect metadata about personally installed applications from Intune for IOS devices. Default value is FALSE. |
microsoftDefenderForEndpointAttachEnabled | Boolean | When TRUE, inidicates that configuration profile management via Microsoft Defender for Endpoint is enabled. When FALSE, inidicates that configuration profile management via Microsoft Defender for Endpoint is disabled. Default value is FALSE. |
onPremisesConditionalAccessSettings
Property | Type | Description |
---|---|---|
id | String | Not yet documented |
enabled | Boolean | Indicates if on premises conditional access is enabled for this organization |
includedGroups | Guid collection | User groups that will be targeted by on premises conditional access. All users in these groups will be required to have mobile device managed and compliant for mail access. |
excludedGroups | Guid collection | User groups that will be exempt by on premises conditional access. All users in these groups will be exempt from the conditional access policy. |
overrideDefaultRule | Boolean | Override the default access rule when allowing a device to ensure access is granted. |
organization
Property | Type | Description |
---|---|---|
id | String | The GUID for the object. |
mobileDeviceManagementAuthority | mdmAuthority | Mobile device management authority. Possible values are: unknown , intune , sccm , office365 . |
sideLoadingKey
Property | Type | Description |
---|---|---|
id | String | Side Loading Key Unique Id. |
value | String | Side Loading Key Value, it is 5x5 value, seperated by hiphens. |
displayName | String | Side Loading Key Name displayed to the ITPro Admins. |
description | String | Side Loading Key description displayed to the ITPro Admins.. |
totalActivation | Int32 | Side Loading Key Total Activation displayed to the ITPro Admins. |
lastUpdatedDateTime | String | Side Loading Key Last Updated Date displayed to the ITPro Admins. |
user
Property | Type | Description |
---|---|---|
id | String | Unique identifier of the user. |
deviceEnrollmentLimit | Int32 | The limit on the maximum number of devices that the user is permitted to enroll. Allowed values are 5 or 1000. |
vppToken
Property | Type | Description |
---|---|---|
id | String | This is automatically generated when the appleVolumePurchaseProgramToken is created. It is the Key of the entity. |
organizationName | String | The organization associated with the Apple Volume Purchase Program Token |
vppTokenAccountType | vppTokenAccountType | The type of volume purchase program which the given Apple Volume Purchase Program Token is associated with. Possible values are: business , education . Possible values are: business , education . |
appleId | String | The apple Id associated with the given Apple Volume Purchase Program Token. |
expirationDateTime | DateTimeOffset | The expiration date time of the Apple Volume Purchase Program Token. |
lastSyncDateTime | DateTimeOffset | The last time when an application sync was done with the Apple volume purchase program service using the the Apple Volume Purchase Program Token. |
token | String | The Apple Volume Purchase Program Token string downloaded from the Apple Volume Purchase Program. |
lastModifiedDateTime | DateTimeOffset | Last modification date time associated with the Apple Volume Purchase Program Token. |
state | vppTokenState | Current state of the Apple Volume Purchase Program Token. Possible values are: unknown , valid , expired , invalid , assignedToExternalMDM . Possible values are: unknown , valid , expired , invalid , assignedToExternalMDM . |
lastSyncStatus | vppTokenSyncStatus | Current sync status of the last application sync which was triggered using the Apple Volume Purchase Program Token. Possible values are: none , inProgress , completed , failed . Possible values are: none , inProgress , completed , failed . |
automaticallyUpdateApps | Boolean | Whether or not apps for the VPP token will be automatically updated. |
countryOrRegion | String | Whether or not apps for the VPP token will be automatically updated. |
windows10EnrollmentCompletionPageConfiguration
Property | Type | Description |
---|---|---|
id | String | Unique Identifier for the account Inherited from deviceEnrollmentConfiguration |
displayName | String | The display name of the device enrollment configuration Inherited from deviceEnrollmentConfiguration |
description | String | The description of the device enrollment configuration Inherited from deviceEnrollmentConfiguration |
priority | Int32 | Priority is used when a user exists in multiple groups that are assigned enrollment configuration. Users are subject only to the configuration with the lowest priority value. Inherited from deviceEnrollmentConfiguration |
createdDateTime | DateTimeOffset | Created date time in UTC of the device enrollment configuration Inherited from deviceEnrollmentConfiguration |
lastModifiedDateTime | DateTimeOffset | Last modified date time in UTC of the device enrollment configuration Inherited from deviceEnrollmentConfiguration |
version | Int32 | The version of the device enrollment configuration Inherited from deviceEnrollmentConfiguration |
roleScopeTagIds | String collection | Optional role scope tags for the enrollment restrictions. Inherited from deviceEnrollmentConfiguration |
deviceEnrollmentConfigurationType | deviceEnrollmentConfigurationType | Support for Enrollment Configuration Type Inherited from deviceEnrollmentConfiguration. Possible values are: unknown , limit , platformRestrictions , windowsHelloForBusiness , defaultLimit , defaultPlatformRestrictions , defaultWindowsHelloForBusiness , defaultWindows10EnrollmentCompletionPageConfiguration , windows10EnrollmentCompletionPageConfiguration , deviceComanagementAuthorityConfiguration , singlePlatformRestriction , unknownFutureValue , enrollmentNotificationsConfiguration . |
showInstallationProgress | Boolean | Show or hide installation progress to user |
blockDeviceSetupRetryByUser | Boolean | Allow the user to retry the setup on installation failure |
allowDeviceResetOnInstallFailure | Boolean | Allow or block device reset on installation failure |
allowLogCollectionOnInstallFailure | Boolean | Allow or block log collection on installation failure |
customErrorMessage | String | Set custom error message to show upon installation failure |
installProgressTimeoutInMinutes | Int32 | Set installation progress timeout in minutes |
allowDeviceUseOnInstallFailure | Boolean | Allow the user to continue using the device on installation failure |
selectedMobileAppIds | String collection | Selected applications to track the installation status |
allowNonBlockingAppInstallation | Boolean | Install all required apps as non blocking apps during white glove |
installQualityUpdates | Boolean | Allows quality updates installation during OOBE |
trackInstallProgressForAutopilotOnly | Boolean | Only show installation progress for Autopilot enrollment scenarios |
disableUserStatusTrackingAfterFirstUser | Boolean | Only show installation progress for first user post enrollment |
appVulnerabilityManagedDevice
Property | Type | Description |
---|---|---|
id | String | The entity key, and AAD device ID. |
managedDeviceId | String | The Intune managed device ID. |
displayName | String | The device name. |
lastSyncDateTime | DateTimeOffset | The created date. |
appVulnerabilityMobileApp
Property | Type | Description |
---|---|---|
id | String | The entity key. |
mobileAppId | String | The Intune mobile app ID. |
displayName | String | The device name. |
createdDateTime | DateTimeOffset | The created date. |
lastModifiedDateTime | DateTimeOffset | The last modified date. |
mobileAppType | String | The app type. |
version | String | The app version. |
appVulnerabilityTask
Property | Type | Description |
---|---|---|
id | String | The entity key. Inherited from deviceAppManagementTask |
displayName | String | The name. Inherited from deviceAppManagementTask |
description | String | The description. Inherited from deviceAppManagementTask |
createdDateTime | DateTimeOffset | The created date. Inherited from deviceAppManagementTask |
dueDateTime | DateTimeOffset | The due date. Inherited from deviceAppManagementTask |
category | deviceAppManagementTaskCategory | The category. Inherited from deviceAppManagementTask. Possible values are: unknown , advancedThreatProtection . |
priority | deviceAppManagementTaskPriority | The priority. Inherited from deviceAppManagementTask. Possible values are: none , high , low . |
creator | String | The email address of the creator. Inherited from deviceAppManagementTask |
creatorNotes | String | Notes from the creator. Inherited from deviceAppManagementTask |
assignedTo | String | The name or email of the admin this task is assigned to. Inherited from deviceAppManagementTask |
status | deviceAppManagementTaskStatus | The status. Inherited from deviceAppManagementTask. Possible values are: unknown , pending , active , completed , rejected . |
appName | String | The app name. |
appPublisher | String | The app publisher. |
appVersion | String | The app version. |
mitigationType | appVulnerabilityTaskMitigationType | The mitigation type. Possible values are: unknown , update , uninstall , securityConfiguration . |
insights | String | Information about the mitigation. |
managedDeviceCount | Int32 | The number of vulnerable devices. |
mobileAppCount | Int32 | The number of vulnerable mobile apps. |
remediation | String | The remediation steps. |
configManagerCollection
Property | Type | Description |
---|---|---|
id | String | The key for the ConfigManager Collection. |
displayName | String | The DisplayName. |
collectionIdentifier | String | The collection identifier in SCCM. |
hierarchyName | String | The HierarchyName. |
hierarchyIdentifier | String | The Hierarchy Identifier. |
createdDateTime | DateTimeOffset | The created date. |
lastModifiedDateTime | DateTimeOffset | The last modified date. |
configManagerPolicySummary
Property | Type | Description |
---|---|---|
targetedDeviceCount | Int32 | The number of devices targeted by the policy. |
compliantDeviceCount | Int32 | The number of devices evaluated to be compliant by the policy. |
nonCompliantDeviceCount | Int32 | The number of devices evaluated to be noncompliant by the policy. |
failedDeviceCount | Int32 | The number of devices that failed to be evaluated by the policy. |
pendingDeviceCount | Int32 | The number of devices that have acknowledged the policy but are pending evaluation. |
enforcedDeviceCount | Int32 | The number of devices that have have been remediated by the policy. |
deviceAppManagementTask
Property | Type | Description |
---|---|---|
id | String | The entity key. |
displayName | String | The name. |
description | String | The description. |
createdDateTime | DateTimeOffset | The created date. |
dueDateTime | DateTimeOffset | The due date. |
category | deviceAppManagementTaskCategory | The category. Possible values are: unknown , advancedThreatProtection . |
priority | deviceAppManagementTaskPriority | The priority. Possible values are: none , high , low . |
creator | String | The email address of the creator. |
creatorNotes | String | Notes from the creator. |
assignedTo | String | The name or email of the admin this task is assigned to. |
status | deviceAppManagementTaskStatus | The status. Possible values are: unknown , pending , active , completed , rejected . |
securityConfigurationTask
Property | Type | Description |
---|---|---|
id | String | The entity key. Inherited from deviceAppManagementTask |
displayName | String | The name. Inherited from deviceAppManagementTask |
description | String | The description. Inherited from deviceAppManagementTask |
createdDateTime | DateTimeOffset | The created date. Inherited from deviceAppManagementTask |
dueDateTime | DateTimeOffset | The due date. Inherited from deviceAppManagementTask |
category | deviceAppManagementTaskCategory | The category. Inherited from deviceAppManagementTask. Possible values are: unknown , advancedThreatProtection . |
priority | deviceAppManagementTaskPriority | The priority. Inherited from deviceAppManagementTask. Possible values are: none , high , low . |
creator | String | The email address of the creator. Inherited from deviceAppManagementTask |
creatorNotes | String | Notes from the creator. Inherited from deviceAppManagementTask |
assignedTo | String | The name or email of the admin this task is assigned to. Inherited from deviceAppManagementTask |
status | deviceAppManagementTaskStatus | The status. Inherited from deviceAppManagementTask. Possible values are: unknown , pending , active , completed , rejected . |
endpointSecurityPolicy | endpointSecurityConfigurationType | The endpoint security policy type. Possible values are: unknown , antivirus , diskEncryption , firewall , endpointDetectionAndResponse , attackSurfaceReduction , accountProtection . |
applicablePlatform | endpointSecurityConfigurationApplicablePlatform | The applicable platform. Possible values are: unknown , macOS , windows10AndLater , windows10AndWindowsServer . |
endpointSecurityPolicyProfile | endpointSecurityConfigurationProfileType | The endpoint security policy profile. Possible values are: unknown , antivirus , windowsSecurity , bitLocker , fileVault , firewall , firewallRules , endpointDetectionAndResponse , deviceControl , appAndBrowserIsolation , exploitProtection , webProtection , applicationControl , attackSurfaceReductionRules , accountProtection . |
insights | String | Information about the mitigation. |
managedDeviceCount | Int32 | The number of vulnerable devices. Valid values 0 to 65536 |
intendedSettings | keyValuePair collection | The intended settings and their values. |
unmanagedDeviceDiscoveryTask
Property | Type | Description |
---|---|---|
id | String | The entity key. Inherited from deviceAppManagementTask |
displayName | String | The name. Inherited from deviceAppManagementTask |
description | String | The description. Inherited from deviceAppManagementTask |
createdDateTime | DateTimeOffset | The created date. Inherited from deviceAppManagementTask |
dueDateTime | DateTimeOffset | The due date. Inherited from deviceAppManagementTask |
category | deviceAppManagementTaskCategory | The category. Inherited from deviceAppManagementTask. Possible values are: unknown , advancedThreatProtection . |
priority | deviceAppManagementTaskPriority | The priority. Inherited from deviceAppManagementTask. Possible values are: none , high , low . |
creator | String | The email address of the creator. Inherited from deviceAppManagementTask |
creatorNotes | String | Notes from the creator. Inherited from deviceAppManagementTask |
assignedTo | String | The name or email of the admin this task is assigned to. Inherited from deviceAppManagementTask |
status | deviceAppManagementTaskStatus | The status. Inherited from deviceAppManagementTask. Possible values are: unknown , pending , active , completed , rejected . |
unmanagedDevices | unmanagedDevice collection | Unmanaged devices discovered in the network. |
vulnerableManagedDevice
Property | Type | Description |
---|---|---|
id | String | The entity key, and AAD device ID. |
managedDeviceId | String | The Intune managed device ID. |
displayName | String | The device name. |
lastSyncDateTime | DateTimeOffset | The last sync date. |
assignmentFilterEvaluateRequest
Property | Type | Description |
---|---|---|
platform | devicePlatformType | Platform type of the devices on which the Assignment Filter will be applicable. Possible values are: android , androidForWork , iOS , macOS , windowsPhone81 , windows81AndLater , windows10AndLater , androidWorkProfile , unknown , androidAOSP , androidMobileApplicationManagement , iOSMobileApplicationManagement , unknownFutureValue . |
rule | String | Rule definition of the Assignment Filter. |
top | Int32 | Limit of records per request. Default value is 100, if provided less than 0 or greater than 100 |
skip | Int32 | Number of records to skip. Default value is 0 |
orderBy | String collection | Order the devices should be sorted in. Default is ascending on device name. |
search | String | Search keyword applied to scope found devices. |
assignmentFilterState
Property | Type | Description |
---|---|---|
enabled | Boolean | Indicator to if AssignmentFilter is enabled or disabled. |
assignmentFilterStatusDetails
Property | Type | Description |
---|---|---|
managedDeviceId | String | Unique identifier for the device object. |
payloadId | String | Unique identifier for payload object. |
userId | String | Unique identifier for UserId object. Can be null |
deviceProperties | keyValuePair collection | Device properties used for filter evaluation during device check-in time. |
evalutionSummaries | assignmentFilterEvaluationSummary collection | Evaluation result summaries for each filter associated to device and payload |
assignmentFilterSupportedProperty
Property | Type | Description |
---|---|---|
dataType | String | The data type of the property. |
isCollection | Boolean | Indicates whether the property is a collection type or not. |
name | String | Name of the property. |
propertyRegexConstraint | String | Regex string to do validation on the property value. |
supportedOperators | assignmentFilterOperator collection | List of all supported operators on this property. |
supportedValues | String collection | List of all supported values for this property, empty if everything is supported. |
deviceAndAppManagementAssignmentFilter
Property | Type | Description |
---|---|---|
id | String | Key of the Assignment Filter. |
createdDateTime | DateTimeOffset | The creation time of the assignment filter. The value cannot be modified and is automatically populated during new assignment filter process. The timestamp type represents date and time information using ISO 8601 format and is always in UTC time. For example, midnight UTC on Jan 1, 2014 would look like this: '2014-01-01T00:00:00Z'. |
lastModifiedDateTime | DateTimeOffset | Last modified time of the Assignment Filter. The timestamp type represents date and time information using ISO 8601 format and is always in UTC time. For example, midnight UTC on Jan 1, 2014 would look like this: '2014-01-01T00:00:00Z' |
displayName | String | The name of the Assignment Filter. |
description | String | Optional description of the Assignment Filter. |
platform | devicePlatformType | Indicates filter is applied to which flatform. Possible values are android,androidForWork,iOS,macOS,windowsPhone81,windows81AndLater,windows10AndLater,androidWorkProfile, unknown, androidAOSP,androidMobileApplicationManagement, iOSMobileApplicationManagement. Default filter will be applied to 'unknown'. Possible values are: android , androidForWork , iOS , macOS , windowsPhone81 , windows81AndLater , windows10AndLater , androidWorkProfile , unknown , androidAOSP , androidMobileApplicationManagement , iOSMobileApplicationManagement , unknownFutureValue . |
rule | String | Rule definition of the assignment filter. |
roleScopeTags | String collection | Indicates role scope tags assigned for the assignment filter. |
payloads | payloadByFilter collection | Indicates associated assignments for a specific filter. |
assignmentFilterManagementType | assignmentFilterManagementType | Indicates filter is applied to either 'devices' or 'apps' management type. Possible values are devices, apps. Default filter will be applied to 'devices'. Possible values are: devices , apps , unknownFutureValue . |
deviceAppManagement
Property | Type | Description |
---|---|---|
id | String | Key of the entity. |
deviceCompliancePolicyPolicySetItem
Property | Type | Description |
---|---|---|
id | String | Key of the PolicySetItem. Inherited from policySetItem |
createdDateTime | DateTimeOffset | Creation time of the PolicySetItem. Inherited from policySetItem |
lastModifiedDateTime | DateTimeOffset | Last modified time of the PolicySetItem. Inherited from policySetItem |
payloadId | String | PayloadId of the PolicySetItem. Inherited from policySetItem |
itemType | String | policySetType of the PolicySetItem. Inherited from policySetItem |
displayName | String | DisplayName of the PolicySetItem. Inherited from policySetItem |
status | policySetStatus | Status of the PolicySetItem. Inherited from policySetItem. Possible values are: unknown , validating , partialSuccess , success , error , notAssigned . |
errorCode | errorCode | Error code if any occured. Inherited from policySetItem. Possible values are: noError , unauthorized , notFound , deleted . |
guidedDeploymentTags | String collection | Tags of the guided deployment Inherited from policySetItem |
deviceConfigurationPolicySetItem
Property | Type | Description |
---|---|---|
id | String | Key of the PolicySetItem. Inherited from policySetItem |
createdDateTime | DateTimeOffset | Creation time of the PolicySetItem. Inherited from policySetItem |
lastModifiedDateTime | DateTimeOffset | Last modified time of the PolicySetItem. Inherited from policySetItem |
payloadId | String | PayloadId of the PolicySetItem. Inherited from policySetItem |
itemType | String | policySetType of the PolicySetItem. Inherited from policySetItem |
displayName | String | DisplayName of the PolicySetItem. Inherited from policySetItem |
status | policySetStatus | Status of the PolicySetItem. Inherited from policySetItem. Possible values are: unknown , validating , partialSuccess , success , error , notAssigned . |
errorCode | errorCode | Error code if any occured. Inherited from policySetItem. Possible values are: noError , unauthorized , notFound , deleted . |
guidedDeploymentTags | String collection | Tags of the guided deployment Inherited from policySetItem |
deviceManagement
Property | Type | Description |
---|---|---|
id | String | Key of the entity. |
deviceManagementConfigurationPolicyPolicySetItem
Property | Type | Description |
---|---|---|
id | String | Key of the PolicySetItem. Inherited from policySetItem |
createdDateTime | DateTimeOffset | Creation time of the PolicySetItem. Inherited from policySetItem |
lastModifiedDateTime | DateTimeOffset | Last modified time of the PolicySetItem. Inherited from policySetItem |
payloadId | String | PayloadId of the PolicySetItem. Inherited from policySetItem |
itemType | String | policySetType of the PolicySetItem. Inherited from policySetItem |
displayName | String | DisplayName of the PolicySetItem. Inherited from policySetItem |
status | policySetStatus | Status of the PolicySetItem. Inherited from policySetItem. Possible values are: unknown , validating , partialSuccess , success , error , notAssigned . |
errorCode | errorCode | Error code if any occured. Inherited from policySetItem. Possible values are: noError , unauthorized , notFound , deleted . |
guidedDeploymentTags | String collection | Tags of the guided deployment Inherited from policySetItem |
deviceManagementScriptPolicySetItem
Property | Type | Description |
---|---|---|
id | String | Key of the PolicySetItem. Inherited from policySetItem |
createdDateTime | DateTimeOffset | Creation time of the PolicySetItem. Inherited from policySetItem |
lastModifiedDateTime | DateTimeOffset | Last modified time of the PolicySetItem. Inherited from policySetItem |
payloadId | String | PayloadId of the PolicySetItem. Inherited from policySetItem |
itemType | String | policySetType of the PolicySetItem. Inherited from policySetItem |
displayName | String | DisplayName of the PolicySetItem. Inherited from policySetItem |
status | policySetStatus | Status of the PolicySetItem. Inherited from policySetItem. Possible values are: unknown , validating , partialSuccess , success , error , notAssigned . |
errorCode | errorCode | Error code if any occured. Inherited from policySetItem. Possible values are: noError , unauthorized , notFound , deleted . |
guidedDeploymentTags | String collection | Tags of the guided deployment Inherited from policySetItem |
intune-policyset-deviceplatformtype
enrollmentRestrictionsConfigurationPolicySetItem
Property | Type | Description |
---|---|---|
id | String | Key of the PolicySetItem. Inherited from policySetItem |
createdDateTime | DateTimeOffset | Creation time of the PolicySetItem. Inherited from policySetItem |
lastModifiedDateTime | DateTimeOffset | Last modified time of the PolicySetItem. Inherited from policySetItem |
payloadId | String | PayloadId of the PolicySetItem. Inherited from policySetItem |
itemType | String | policySetType of the PolicySetItem. Inherited from policySetItem |
displayName | String | DisplayName of the PolicySetItem. Inherited from policySetItem |
status | policySetStatus | Status of the PolicySetItem. Inherited from policySetItem. Possible values are: unknown , validating , partialSuccess , success , error , notAssigned . |
errorCode | errorCode | Error code if any occured. Inherited from policySetItem. Possible values are: noError , unauthorized , notFound , deleted . |
guidedDeploymentTags | String collection | Tags of the guided deployment Inherited from policySetItem |
priority | Int32 | Priority of the EnrollmentRestrictionsConfigurationPolicySetItem. |
limit | Int32 | Limit of the EnrollmentRestrictionsConfigurationPolicySetItem. |
hasPayloadLinkResultItem
Property | Type | Description |
---|---|---|
payloadId | String | Key of the Payload, In the format of Guid. |
hasLink | Boolean | Indicate whether a payload has any link or not. |
error | String | Exception information indicates if check for this item was successful or not.Empty string for no error. |
sources | deviceAndAppManagementAssignmentSource collection | The reason where the link comes from. |
iosLobAppProvisioningConfigurationPolicySetItem
Property | Type | Description |
---|---|---|
id | String | Key of the PolicySetItem. Inherited from policySetItem |
createdDateTime | DateTimeOffset | Creation time of the PolicySetItem. Inherited from policySetItem |
lastModifiedDateTime | DateTimeOffset | Last modified time of the PolicySetItem. Inherited from policySetItem |
payloadId | String | PayloadId of the PolicySetItem. Inherited from policySetItem |
itemType | String | policySetType of the PolicySetItem. Inherited from policySetItem |
displayName | String | DisplayName of the PolicySetItem. Inherited from policySetItem |
status | policySetStatus | Status of the PolicySetItem. Inherited from policySetItem. Possible values are: unknown , validating , partialSuccess , success , error , notAssigned . |
errorCode | errorCode | Error code if any occured. Inherited from policySetItem. Possible values are: noError , unauthorized , notFound , deleted . |
guidedDeploymentTags | String collection | Tags of the guided deployment Inherited from policySetItem |
managedAppProtectionPolicySetItem
Property | Type | Description |
---|---|---|
id | String | Key of the PolicySetItem. Inherited from policySetItem |
createdDateTime | DateTimeOffset | Creation time of the PolicySetItem. Inherited from policySetItem |
lastModifiedDateTime | DateTimeOffset | Last modified time of the PolicySetItem. Inherited from policySetItem |
payloadId | String | PayloadId of the PolicySetItem. Inherited from policySetItem |
itemType | String | policySetType of the PolicySetItem. Inherited from policySetItem |
displayName | String | DisplayName of the PolicySetItem. Inherited from policySetItem |
status | policySetStatus | Status of the PolicySetItem. Inherited from policySetItem. Possible values are: unknown , validating , partialSuccess , success , error , notAssigned . |
errorCode | errorCode | Error code if any occured. Inherited from policySetItem. Possible values are: noError , unauthorized , notFound , deleted . |
guidedDeploymentTags | String collection | Tags of the guided deployment Inherited from policySetItem |
targetedAppManagementLevels | String | TargetedAppManagementLevels of the ManagedAppPolicySetItem. |
managedDeviceMobileAppConfigurationPolicySetItem
Property | Type | Description |
---|---|---|
id | String | Key of the PolicySetItem. Inherited from policySetItem |
createdDateTime | DateTimeOffset | Creation time of the PolicySetItem. Inherited from policySetItem |
lastModifiedDateTime | DateTimeOffset | Last modified time of the PolicySetItem. Inherited from policySetItem |
payloadId | String | PayloadId of the PolicySetItem. Inherited from policySetItem |
itemType | String | policySetType of the PolicySetItem. Inherited from policySetItem |
displayName | String | DisplayName of the PolicySetItem. Inherited from policySetItem |
status | policySetStatus | Status of the PolicySetItem. Inherited from policySetItem. Possible values are: unknown , validating , partialSuccess , success , error , notAssigned . |
errorCode | errorCode | Error code if any occured. Inherited from policySetItem. Possible values are: noError , unauthorized , notFound , deleted . |
guidedDeploymentTags | String collection | Tags of the guided deployment Inherited from policySetItem |
mdmWindowsInformationProtectionPolicyPolicySetItem
Property | Type | Description |
---|---|---|
id | String | Key of the PolicySetItem. Inherited from policySetItem |
createdDateTime | DateTimeOffset | Creation time of the PolicySetItem. Inherited from policySetItem |
lastModifiedDateTime | DateTimeOffset | Last modified time of the PolicySetItem. Inherited from policySetItem |
payloadId | String | PayloadId of the PolicySetItem. Inherited from policySetItem |
itemType | String | policySetType of the PolicySetItem. Inherited from policySetItem |
displayName | String | DisplayName of the PolicySetItem. Inherited from policySetItem |
status | policySetStatus | Status of the PolicySetItem. Inherited from policySetItem. Possible values are: unknown , validating , partialSuccess , success , error , notAssigned . |
errorCode | errorCode | Error code if any occured. Inherited from policySetItem. Possible values are: noError , unauthorized , notFound , deleted . |
guidedDeploymentTags | String collection | Tags of the guided deployment Inherited from policySetItem |
mobileAppPolicySetItem
Property | Type | Description |
---|---|---|
id | String | Key of the PolicySetItem. Inherited from policySetItem |
createdDateTime | DateTimeOffset | Creation time of the PolicySetItem. Inherited from policySetItem |
lastModifiedDateTime | DateTimeOffset | Last modified time of the PolicySetItem. Inherited from policySetItem |
payloadId | String | PayloadId of the PolicySetItem. Inherited from policySetItem |
itemType | String | policySetType of the PolicySetItem. Inherited from policySetItem |
displayName | String | DisplayName of the PolicySetItem. Inherited from policySetItem |
status | policySetStatus | Status of the PolicySetItem. Inherited from policySetItem. Possible values are: unknown , validating , partialSuccess , success , error , notAssigned . |
errorCode | errorCode | Error code if any occured. Inherited from policySetItem. Possible values are: noError , unauthorized , notFound , deleted . |
guidedDeploymentTags | String collection | Tags of the guided deployment Inherited from policySetItem |
intent | installIntent | Install intent of the MobileAppPolicySetItem. Possible values are: available , required , uninstall , availableWithoutEnrollment . |
settings | mobileAppAssignmentSettings | Settings of the MobileAppPolicySetItem. |
payloadCompatibleAssignmentFilter
Property | Type | Description |
---|---|---|
id | String | Key of the Assignment Filter. Inherited from deviceAndAppManagementAssignmentFilter |
createdDateTime | DateTimeOffset | The creation time of the assignment filter. The value cannot be modified and is automatically populated during new assignment filter process. The timestamp type represents date and time information using ISO 8601 format and is always in UTC time. For example, midnight UTC on Jan 1, 2014 would look like this: '2014-01-01T00:00:00Z'. Inherited from deviceAndAppManagementAssignmentFilter |
lastModifiedDateTime | DateTimeOffset | Last modified time of the Assignment Filter. The timestamp type represents date and time information using ISO 8601 format and is always in UTC time. For example, midnight UTC on Jan 1, 2014 would look like this: '2014-01-01T00:00:00Z' Inherited from deviceAndAppManagementAssignmentFilter |
displayName | String | The name of the Assignment Filter. Inherited from deviceAndAppManagementAssignmentFilter |
description | String | Optional description of the Assignment Filter. Inherited from deviceAndAppManagementAssignmentFilter |
platform | devicePlatformType | Indicates filter is applied to which flatform. Possible values are android,androidForWork,iOS,macOS,windowsPhone81,windows81AndLater,windows10AndLater,androidWorkProfile, unknown, androidAOSP,androidMobileApplicationManagement, iOSMobileApplicationManagement. Default filter will be applied to 'unknown'. Inherited from deviceAndAppManagementAssignmentFilter. Possible values are: android , androidForWork , iOS , macOS , windowsPhone81 , windows81AndLater , windows10AndLater , androidWorkProfile , unknown , androidAOSP , androidMobileApplicationManagement , iOSMobileApplicationManagement , unknownFutureValue . |
rule | String | Rule definition of the assignment filter. Inherited from deviceAndAppManagementAssignmentFilter |
roleScopeTags | String collection | Indicates role scope tags assigned for the assignment filter. Inherited from deviceAndAppManagementAssignmentFilter |
payloads | payloadByFilter collection | Indicates associated assignments for a specific filter. Inherited from deviceAndAppManagementAssignmentFilter |
assignmentFilterManagementType | assignmentFilterManagementType | Indicates filter is applied to either 'devices' or 'apps' management type. Possible values are devices, apps. Default filter will be applied to 'devices' Inherited from deviceAndAppManagementAssignmentFilter. Possible values are: devices , apps , unknownFutureValue . |
payloadType | assignmentFilterPayloadType | PayloadType of the Assignment Filter. Possible values are: notSet , enrollmentRestrictions . |
policySet
Property | Type | Description |
---|---|---|
id | String | Key of the PolicySet. |
createdDateTime | DateTimeOffset | Creation time of the PolicySet. |
lastModifiedDateTime | DateTimeOffset | Last modified time of the PolicySet. |
displayName | String | DisplayName of the PolicySet. |
description | String | Description of the PolicySet. |
status | policySetStatus | Validation/assignment status of the PolicySet. Possible values are: unknown , validating , partialSuccess , success , error , notAssigned . |
errorCode | errorCode | Error code if any occured. Possible values are: noError , unauthorized , notFound , deleted . |
guidedDeploymentTags | String collection | Tags of the guided deployment |
roleScopeTags | String collection | RoleScopeTags of the PolicySet |
policySetAssignment
Property | Type | Description |
---|---|---|
id | String | Key of the PolicySetAssignment. |
lastModifiedDateTime | DateTimeOffset | Last modified time of the PolicySetAssignment. |
target | deviceAndAppManagementAssignmentTarget | The target group of PolicySetAssignment |
policySetItem
Property | Type | Description |
---|---|---|
id | String | Key of the PolicySetItem. |
createdDateTime | DateTimeOffset | Creation time of the PolicySetItem. |
lastModifiedDateTime | DateTimeOffset | Last modified time of the PolicySetItem. |
payloadId | String | PayloadId of the PolicySetItem. |
itemType | String | policySetType of the PolicySetItem. |
displayName | String | DisplayName of the PolicySetItem. |
status | policySetStatus | Status of the PolicySetItem. Possible values are: unknown , validating , partialSuccess , success , error , notAssigned . |
errorCode | errorCode | Error code if any occured. Possible values are: noError , unauthorized , notFound , deleted . |
guidedDeploymentTags | String collection | Tags of the guided deployment |
targetedManagedAppConfigurationPolicySetItem
Property | Type | Description |
---|---|---|
id | String | Key of the PolicySetItem. Inherited from policySetItem |
createdDateTime | DateTimeOffset | Creation time of the PolicySetItem. Inherited from policySetItem |
lastModifiedDateTime | DateTimeOffset | Last modified time of the PolicySetItem. Inherited from policySetItem |
payloadId | String | PayloadId of the PolicySetItem. Inherited from policySetItem |
itemType | String | policySetType of the PolicySetItem. Inherited from policySetItem |
displayName | String | DisplayName of the PolicySetItem. Inherited from policySetItem |
status | policySetStatus | Status of the PolicySetItem. Inherited from policySetItem. Possible values are: unknown , validating , partialSuccess , success , error , notAssigned . |
errorCode | errorCode | Error code if any occured. Inherited from policySetItem. Possible values are: noError , unauthorized , notFound , deleted . |
guidedDeploymentTags | String collection | Tags of the guided deployment Inherited from policySetItem |
windows10EnrollmentCompletionPageConfigurationPolicySetItem
Property | Type | Description |
---|---|---|
id | String | Key of the PolicySetItem. Inherited from policySetItem |
createdDateTime | DateTimeOffset | Creation time of the PolicySetItem. Inherited from policySetItem |
lastModifiedDateTime | DateTimeOffset | Last modified time of the PolicySetItem. Inherited from policySetItem |
payloadId | String | PayloadId of the PolicySetItem. Inherited from policySetItem |
itemType | String | policySetType of the PolicySetItem. Inherited from policySetItem |
displayName | String | DisplayName of the PolicySetItem. Inherited from policySetItem |
status | policySetStatus | Status of the PolicySetItem. Inherited from policySetItem. Possible values are: unknown , validating , partialSuccess , success , error , notAssigned . |
errorCode | errorCode | Error code if any occured. Inherited from policySetItem. Possible values are: noError , unauthorized , notFound , deleted . |
guidedDeploymentTags | String collection | Tags of the guided deployment Inherited from policySetItem |
priority | Int32 | Priority of the Windows10EnrollmentCompletionPageConfigurationPolicySetItem. |
windowsAutopilotDeploymentProfilePolicySetItem
Property | Type | Description |
---|---|---|
id | String | Key of the PolicySetItem. Inherited from policySetItem |
createdDateTime | DateTimeOffset | Creation time of the PolicySetItem. Inherited from policySetItem |
lastModifiedDateTime | DateTimeOffset | Last modified time of the PolicySetItem. Inherited from policySetItem |
payloadId | String | PayloadId of the PolicySetItem. Inherited from policySetItem |
itemType | String | policySetType of the PolicySetItem. Inherited from policySetItem |
displayName | String | DisplayName of the PolicySetItem. Inherited from policySetItem |
status | policySetStatus | Status of the PolicySetItem. Inherited from policySetItem. Possible values are: unknown , validating , partialSuccess , success , error , notAssigned . |
errorCode | errorCode | Error code if any occured. Inherited from policySetItem. Possible values are: noError , unauthorized , notFound , deleted . |
guidedDeploymentTags | String collection | Tags of the guided deployment Inherited from policySetItem |
certificateConnectorDetails
Property | Type | Description |
---|---|---|
id | String | Unique identifier for this set of ConnectorDetails. |
connectorName | String | Connector name (set during enrollment). |
machineName | String | Name of the machine hosting this connector service. |
enrollmentDateTime | DateTimeOffset | Date/time when this connector was enrolled. |
lastCheckinDateTime | DateTimeOffset | Date/time when this connector last connected to the service. |
connectorVersion | String | Version of the connector installed. |
certificateConnectorHealthMetricValue
Property | Type | Description |
---|---|---|
dateTime | DateTimeOffset | Timestamp for this metric data-point. |
successCount | Int64 | Count of successful requests/operations. |
failureCount | Int64 | Count of failed requests/operations. |
deviceManagement
Property | Type | Description |
---|---|---|
id | String | Not yet documented |
onPremEncryptedPayload
Property | Type | Description |
---|---|---|
tenantId | Guid | Not yet documented |
userId | Guid | Not yet documented |
deviceId | Guid | Not yet documented |
payloadId | Guid | Not yet documented |
deviceKeyThumbprint | String | Not yet documented |
cert1PayloadUUID | String | Not yet documented |
cert2PayloadUUID | String | Not yet documented |
cert3PayloadUUID | String | Not yet documented |
plistTemplate | String | Not yet documented |
encryptedBlob | Binary | Not yet documented |
payloadVersion | Int32 | Not yet documented |
status | Int32 | Not yet documented |
createdTime | DateTimeOffset | Not yet documented |
lastModifiedTime | DateTimeOffset | Not yet documented |
eTag | String | Not yet documented |
isDeleted | Boolean | Not yet documented |
pfxRecryptionRequest
Property | Type | Description |
---|---|---|
tenantId | Guid | Not yet documented |
userId | Guid | Not yet documented |
deviceId | Guid | Not yet documented |
profileId | Guid | Not yet documented |
thumbprint | String | Not yet documented |
deviceKeyThumbprint | String | Not yet documented |
status | Int32 | Not yet documented |
sourceType | Int32 | Not yet documented |
createdTime | DateTimeOffset | Not yet documented |
lastModifiedTime | DateTimeOffset | Not yet documented |
isDeleted | Boolean | Not yet documented |
eTag | String | Not yet documented |
pfxUserCertificate
Property | Type | Description |
---|---|---|
tenantId | Guid | Not yet documented |
userId | Guid | Not yet documented |
thumbprint | String | Not yet documented |
userUpn | String | Not yet documented |
encryptedPfxBlob | String | Not yet documented |
encryptedPfxPassword | String | Not yet documented |
certStartDate | DateTimeOffset | Not yet documented |
certExpirationDate | DateTimeOffset | Not yet documented |
providerName | String | Not yet documented |
encryptionKeyName | String | Not yet documented |
paddingScheme | Int32 | Not yet documented |
status | Int32 | Not yet documented |
intendedPurpose | Int32 | Not yet documented |
createdTime | DateTimeOffset | Not yet documented |
isDeleted | Boolean | Not yet documented |
lastModifiedTime | DateTimeOffset | Not yet documented |
eTag | String | Not yet documented |
timeSeriesParameter
Property | Type | Description |
---|---|---|
metricName | String | The name of the metric for which a time series is requested. |
startDateTime | DateTimeOffset | Start time of the series being requested. |
endDateTime | DateTimeOffset | End time of the series being requested. Optional; if not specified, current time is used. |
userPFXCertificate
Property | Type | Description |
---|---|---|
id | String | Unique identifier for the PFX certificate. |
thumbprint | String | SHA-1 thumbprint of the PFX certificate. |
intendedPurpose | userPfxIntendedPurpose | Certificate's intended purpose from the point-of-view of deployment. Possible values are: unassigned , smimeEncryption , smimeSigning , vpn , wifi . |
userPrincipalName | String | User Principal Name of the PFX certificate. |
startDateTime | DateTimeOffset | Certificate's validity start date/time. |
expirationDateTime | DateTimeOffset | Certificate's validity expiration date/time. |
providerName | String | Crypto provider used to encrypt this blob. |
keyName | String | Name of the key (within the provider) used to encrypt the blob. |
paddingScheme | userPfxPaddingScheme | Padding scheme used by the provider during encryption/decryption. Possible values are: none , pkcs1 , oaepSha1 , oaepSha256 , oaepSha384 , oaepSha512 . |
encryptedPfxBlob | Binary | Encrypted PFX blob. |
encryptedPfxPassword | String | Encrypted PFX password. |
createdDateTime | DateTimeOffset | Date/time when this PFX certificate was imported. |
lastModifiedDateTime | DateTimeOffset | Date/time when this PFX certificate was last modified. |
deviceAndAppManagementAssignedRoleDetails
Property | Type | Description |
---|---|---|
roleDefinitionIds | String collection | Role Definition IDs for the specifc Role Definitions assigned to a user. This property is read-only. |
roleAssignmentIds | String collection | Role Assignment IDs for the specifc Role Assignments assigned to a user. This property is read-only. |
deviceAndAppManagementRoleAssignment
Property | Type | Description |
---|---|---|
id | String | Key of the entity. This is read-only and automatically generated. Inherited from roleAssignment |
displayName | String | The display or friendly name of the role Assignment. Inherited from roleAssignment |
description | String | Description of the Role Assignment. Inherited from roleAssignment |
resourceScopes | String collection | List of ids of role scope member security groups. These are IDs from Azure Active Directory. Inherited from roleAssignment |
members | String collection | The list of ids of role member security groups. These are IDs from Azure Active Directory. |
deviceAndAppManagementRoleDefinition
Property | Type | Description |
---|---|---|
id | String | Key of the entity. This is read-only and automatically generated. Inherited from roleDefinition |
displayName | String | Display Name of the Role definition. Inherited from roleDefinition |
description | String | Description of the Role definition. Inherited from roleDefinition |
rolePermissions | rolePermission collection | List of Role Permissions this role is allowed to perform. These must match the actionName that is defined as part of the rolePermission. Inherited from roleDefinition |
isBuiltIn | Boolean | Type of Role. Set to True if it is built-in, or set to False if it is a custom role definition. Inherited from roleDefinition |
operationApprovalPolicy
Property | Type | Description |
---|---|---|
id | String | The ID of the OperationApprovalPolicy. This property is read-only. |
displayName | String | The display name of this OperationApprovalPolicy |
description | String | The description of this OperationApprovalPolicy |
lastModifiedDateTime | DateTimeOffset | The last modified date and time of this OperationApprovalPolicy. This property is read-only. |
policyType | operationApprovalPolicyType | The policy type for this OperationApprovalPolicy. Possible values are: deviceActions , deviceWipe , deviceRetire , deviceRetireNonCompliant , deviceDelete , deviceLock , deviceErase , deviceDisableActivationLock , windowsEnrollment , compliancePolicies , configurationPolicies , appProtectionPolicies , policySets , filters , endpointSecurity , apps , scripts , roles , deviceResetPasscode , unknownFutureValue . |
approverGroupIds | String collection | The group IDs for the approvers for this OperationApprovalPolicy |
operationApprovalPolicySet
Property | Type | Description |
---|---|---|
policyType | operationApprovalPolicyType | The policy type for this OperationApprovalPolicy. This property is read-only. Possible values are: deviceActions , deviceWipe , deviceRetire , deviceRetireNonCompliant , deviceDelete , deviceLock , deviceErase , deviceDisableActivationLock , windowsEnrollment , compliancePolicies , configurationPolicies , appProtectionPolicies , policySets , filters , endpointSecurity , apps , scripts , roles , deviceResetPasscode , unknownFutureValue . |
policyPlatform | operationApprovalPolicyPlatform | The applicable platform(s) for this OperationApprovalPolicy. This property is read-only. Possible values are: notApplicable , androidDeviceAdministrator , androidEnterprise , iOSiPadOS , macOS , windows10AndLater , windows81AndLater , windows10X . |
operationApprovalRequest
Property | Type | Description |
---|---|---|
id | String | The ID of the Entity |
requestDateTime | DateTimeOffset | The DateTime of the request. This property is read-only. |
expirationDateTime | DateTimeOffset | The DateTime at which actions upon the request are no longer permitted. This property is read-only. |
lastModifiedDateTime | DateTimeOffset | Last modified DateTime. This property is read-only. |
requestor | identitySet | The identity of the requestor. This property is read-only. |
approver | identitySet | The identity of the approver. This property is read-only. |
status | operationApprovalRequestStatus | The current approval request status. This property is read-only. Possible values are: unknown , needsApproval , approved , rejected , cancelled , completed , expired , unknownFutureValue . |
requestJustification | String | The request justification. This property is read-only. |
approvalJustification | String | The justification for the approval of the request. This property is read-only. |
operationApprovalPolicies | String | The operational approval policies used in the request. This property is read-only. |
operationApprovalRequestEntityStatus
Property | Type | Description |
---|---|---|
requestId | String | The ID of the OperationApprovalRequest for this Entity. This property is read-only. |
requestExpirationDateTime | DateTimeOffset | The DateTime at which actions upon the request are no longer permitted. This property is read-only. |
requestStatus | operationApprovalRequestStatus | The current approval request status. This property is read-only. Possible values are: unknown , needsApproval , approved , rejected , cancelled , completed , expired , unknownFutureValue . |
entityLocked | Boolean | The status of the Entity in regard to changes, whether further requests are allowed or the Entity is locked. This property is read-only. |
rbacApplicationMultiple
Property | Type | Description |
---|---|---|
id | String | Not yet documented |
resourceOperation
Property | Type | Description |
---|---|---|
id | String | Key of the Resource Operation. Read-only, automatically generated. |
resourceName | String | Name of the Resource this operation is performed on. |
actionName | String | Type of action this operation is going to perform. The actionName should be concise and limited to as few words as possible. |
description | String | Description of the resource operation. The description is used in mouse-over text for the operation when shown in the Azure Portal. |
roleAssignment
Property | Type | Description |
---|---|---|
id | String | Key of the entity. This is read-only and automatically generated. |
displayName | String | The display or friendly name of the role Assignment. |
description | String | Description of the Role Assignment. |
resourceScopes | String collection | List of ids of role scope member security groups. These are IDs from Azure Active Directory. |
roleDefinition
Property | Type | Description |
---|---|---|
id | String | Key of the entity. This is read-only and automatically generated. |
displayName | String | Display Name of the Role definition. |
description | String | Description of the Role definition. |
rolePermissions | rolePermission collection | List of Role Permissions this role is allowed to perform. These must match the actionName that is defined as part of the rolePermission. |
isBuiltIn | Boolean | Type of Role. Set to True if it is built-in, or set to False if it is a custom role definition. |
roleManagement
Property | Type | Description |
---|---|---|
id | String | Not yet documented |
roleScopeTag
Property | Type | Description |
---|---|---|
id | String | Key of the entity. This is read-only and automatically generated. This property is read-only. |
displayName | String | The display or friendly name of the Role Scope Tag. |
description | String | Description of the Role Scope Tag. |
isBuiltIn | Boolean | Description of the Role Scope Tag. This property is read-only. |
roleScopeTagAutoAssignment
Property | Type | Description |
---|---|---|
id | String | Key of the entity. This property is read-only. |
target | deviceAndAppManagementAssignmentTarget | The auto-assignment target for the specific Role Scope Tag. |
intune-remoteassistance-allowedremoteassistanceactions
createRemoteHelpSessionResponse
Property | Type | Description |
---|---|---|
sessionKey | String | The unique identifier for a session |
sessionType | allowedRemoteAssistanceActions | Remote Help Session Type. Possible values are: viewScreen , takeFullControl , elevation , unattended , unknownFutureValue . |
deviceManagementReports
Property | Type | Description |
---|---|---|
id | String | The key of the entity |
extendRemoteHelpSessionResponse
Property | Type | Description |
---|---|---|
sessionKey | String | The unique identifier for a session |
acsHelperUserToken | String | Helper ACS User Token |
pubSubHelperAccessUri | String | Azure Pubsub Group Id |
sessionExpirationDateTime | DateTimeOffset | Azure Pubsub Session Expiration Date Time. |
remoteAssistancePartner
Property | Type | Description |
---|---|---|
id | String | Unique identifier of the partner. |
displayName | String | Display name of the partner. |
onboardingUrl | String | URL of the partner's onboarding portal, where an administrator can configure their Remote Assistance service. |
onboardingStatus | remoteAssistanceOnboardingStatus | A friendly description of the current TeamViewer connector status. Possible values are: notOnboarded , onboarding , onboarded . |
lastConnectionDateTime | DateTimeOffset | Timestamp of the last request sent to Intune by the TEM partner. |
remoteAssistanceReporting
Property | Type | Description |
---|---|---|
id | String | The unique identifier for a session and for each sessions's reporting payload |
startDateTime | DateTimeOffset | Start time for the session |
endDateTime | DateTimeOffset | End time for the session |
remoteAssistanceSessionType | remoteAssistanceSessionType | Type of the remote assistance session that was held. Possible values are: viewOnly , fullControl , elevation . Possible values are: viewOnly , fullControl , elevation , unattended . |
helperEmail | String | Login email used by the helper to establish the session |
helperTenantId | String | Tenant id for the helper |
helperUserId | String | Helper's id |
helperFirstName | String | Helper's first name |
helperLastName | String | Helper's last name |
helperOs | String | Helper's operating system |
deviceId | String | Intune Device ID |
helperDeviceAadId | String | Helper's device AAD Id |
helperDeviceName | String | Helper's device name |
helperEnrollmentState | enrollmentState | Intune enrollment state of the helper's device. Possible values are: unknown , enrolled , pendingReset , failed , notContacted , blocked . Possible values are: unknown , enrolled , pendingReset , failed , notContacted , blocked . |
sharerEmail | String | Login email used by the sharer to establish the session |
sharerTenantId | String | Tenant id for the sharer |
sharerFirstName | String | Sharer's first name |
sharerLastName | String | Sharer's last name |
sharerDeviceAadId | String | Sharer's device AAD Id |
sharerDeviceName | String | Sharer's device name |
sharerOs | String | Sharer's operating system |
sharerEnrollmentState | enrollmentState | Intune enrollment state of the sharer's device. Possible values are: unknown , enrolled , pendingReset , failed , notContacted , blocked . Possible values are: unknown , enrolled , pendingReset , failed , notContacted , blocked . |
sharerDeviceSerialNumber | String | Sharer device serial number |
remoteAssistanceSettings
Property | Type | Description |
---|---|---|
id | String | The remote assistance settings identifier |
remoteAssistanceState | remoteAssistanceState | The current state of remote assistance for the account. Possible values are: disabled, enabled. This setting is configurable by the admin. Remote assistance settings that have not yet been configured by the admin have a disabled state. Returned by default. Possible values are: disabled , enabled . |
allowSessionsToUnenrolledDevices | Boolean | Indicates if sessions to unenrolled devices are allowed for the account. This setting is configurable by the admin. Default value is false. |
blockChat | Boolean | Indicates if sessions to block chat function. This setting is configurable by the admin. Default value is false. |
requestRemoteHelpSessionAccessResponse
Property | Type | Description |
---|---|---|
sessionKey | String | The unique identifier for a session |
sessionType | allowedRemoteAssistanceActions | Remote Help Session Type. Possible values are: viewScreen , takeFullControl , elevation , unattended , unknownFutureValue . |
pubSubEncryptionKey | String | The unique identifier for encrypting client messages sent to PubSub |
pubSubEncryption | String | AES encryption Initialization Vector for encrypting client messages sent to PubSub |
retrieveRemoteHelpSessionResponse
Property | Type | Description |
---|---|---|
sessionKey | String | The unique identifier for a session |
acsHelperUserToken | String | Helper ACS User Token |
acsHelperUserId | String | Helper ACS User Id |
acsSharerUserId | String | Sharer ACS User Id |
acsGroupId | String | ACS Group Id |
sessionType | allowedRemoteAssistanceActions | Remote Help Session Type. Possible values are: viewScreen , takeFullControl , elevation , unattended , unknownFutureValue . |
deviceName | String | Android Device Name |
pubSubGroupId | String | Azure Pubsub Group Id |
pubSubHelperAccessUri | String | Azure Pubsub Group Id |
sessionExpirationDateTime | DateTimeOffset | Azure Pubsub Session Expiration Date Time. |
deviceManagement
Property | Type | Description |
---|---|---|
id | String | Unique identifier for this entity |
deviceManagementCachedReportConfiguration
Property | Type | Description |
---|---|---|
id | String | Unique identifier for this entity |
reportName | String | Name of the report. This property is read-only. |
filter | String | Filters applied on report creation. |
select | String collection | Columns selected from the report |
orderBy | String collection | Ordering of columns in the report |
metadata | String | Caller-managed metadata associated with the report |
status | deviceManagementReportStatus | Status of the cached report. This property is read-only. Possible values are: unknown , notStarted , inProgress , completed , failed . |
lastRefreshDateTime | DateTimeOffset | Time that the cached report was last refreshed. This property is read-only. |
expirationDateTime | DateTimeOffset | Time that the cached report expires. This property is read-only. |
deviceManagementExportJob
Property | Type | Description |
---|---|---|
id | String | Unique identifier for this entity |
reportName | String | Name of the report |
filter | String | Filters applied on the report |
select | String collection | Columns selected from the report |
format | deviceManagementReportFileFormat | Format of the exported report. Possible values are: csv , pdf , json , unknownFutureValue . |
snapshotId | String | A snapshot is an identifiable subset of the dataset represented by the ReportName. A sessionId or CachedReportConfiguration id can be used here. If a sessionId is specified, Filter, Select, and OrderBy are applied to the data represented by the sessionId. Filter, Select, and OrderBy cannot be specified together with a CachedReportConfiguration id. |
localizationType | deviceManagementExportJobLocalizationType | Configures how the requested export job is localized. Possible values are: localizedValuesAsAdditionalColumn , replaceLocalizableValues . |
status | deviceManagementReportStatus | Status of the export job. Possible values are: unknown , notStarted , inProgress , completed , failed . |
url | String | Temporary location of the exported report |
requestDateTime | DateTimeOffset | Time that the exported report was requested |
expirationDateTime | DateTimeOffset | Time that the exported report expires |
deviceManagementReports
Property | Type | Description |
---|---|---|
id | String | Unique identifier for this entity |
deviceManagementReportSchedule
Property | Type | Description |
---|---|---|
id | String | Unique identifier for this entity |
reportScheduleName | String | Name of the schedule |
subject | String | Subject of the scheduled reports that are delivered |
emails | String collection | Emails to which the scheduled reports are delivered |
recurrence | deviceManagementScheduledReportRecurrence | Frequency of scheduled report delivery. Possible values are: none , daily , weekly , monthly . |
startDateTime | DateTimeOffset | Time that the delivery of the scheduled reports starts |
endDateTime | DateTimeOffset | Time that the delivery of the scheduled reports ends |
userId | String | The Id of the User who created the report |
reportName | String | Name of the report |
filter | String | Filters applied on the report |
select | String collection | Columns selected from the report |
orderBy | String collection | Ordering of columns in the report |
format | deviceManagementReportFileFormat | Format of the scheduled report. Possible values are: csv , pdf . |
deviceAndAppManagementAssignmentTarget
Property | Type | Description |
---|
deviceCompliancePolicy
Property | Type | Description |
---|---|---|
id | String | Key of the entity. |
roleScopeTagIds | String collection | List of Scope Tags for this Entity instance. |
createdDateTime | DateTimeOffset | DateTime the object was created. |
description | String | Admin provided description of the Device Configuration. |
lastModifiedDateTime | DateTimeOffset | DateTime the object was last modified. |
displayName | String | Admin provided name of the device configuration. |
version | Int32 | Version of the device configuration. |
deviceConfiguration
Property | Type | Description |
---|---|---|
id | String | Key of the entity. |
lastModifiedDateTime | DateTimeOffset | DateTime the object was last modified. |
roleScopeTagIds | String collection | List of Scope Tags for this Entity instance. |
supportsScopeTags | Boolean | Indicates whether or not the underlying Device Configuration supports the assignment of scope tags. Assigning to the ScopeTags property is not allowed when this value is false and entities will not be visible to scoped users. This occurs for Legacy policies created in Silverlight and can be resolved by deleting and recreating the policy in the Azure Portal. This property is read-only. |
deviceManagementApplicabilityRuleOsEdition | deviceManagementApplicabilityRuleOsEdition | The OS edition applicability for this Policy. |
deviceManagementApplicabilityRuleOsVersion | deviceManagementApplicabilityRuleOsVersion | The OS version applicability rule for this Policy. |
deviceManagementApplicabilityRuleDeviceMode | deviceManagementApplicabilityRuleDeviceMode | The device mode applicability rule for this Policy. |
createdDateTime | DateTimeOffset | DateTime the object was created. |
description | String | Admin provided description of the Device Configuration. |
displayName | String | Admin provided name of the device configuration. |
version | Int32 | Version of the device configuration. |
deviceEnrollmentConfiguration
Property | Type | Description |
---|---|---|
id | String | Unique Identifier for the account |
displayName | String | The display name of the device enrollment configuration |
description | String | The description of the device enrollment configuration |
priority | Int32 | Priority is used when a user exists in multiple groups that are assigned enrollment configuration. Users are subject only to the configuration with the lowest priority value. |
createdDateTime | DateTimeOffset | Created date time in UTC of the device enrollment configuration |
lastModifiedDateTime | DateTimeOffset | Last modified date time in UTC of the device enrollment configuration |
version | Int32 | The version of the device enrollment configuration |
deviceManagementConfigurationChoiceSettingDefinition
Property | Type | Description |
---|---|---|
applicability | deviceManagementConfigurationSettingApplicability | Details which device setting is applicable on Inherited from deviceManagementConfigurationSettingDefinition |
accessTypes | deviceManagementConfigurationSettingAccessTypes | Read/write access mode of the setting Inherited from deviceManagementConfigurationSettingDefinition. Possible values are: none , add , copy , delete , get , replace , execute . |
keywords | String collection | Tokens which to search settings on Inherited from deviceManagementConfigurationSettingDefinition |
infoUrls | String collection | List of links more info for the setting can be found at Inherited from deviceManagementConfigurationSettingDefinition |
occurrence | deviceManagementConfigurationSettingOccurrence | Indicates whether the setting is required or not Inherited from deviceManagementConfigurationSettingDefinition |
baseUri | String | Base CSP Path Inherited from deviceManagementConfigurationSettingDefinition |
offsetUri | String | Offset CSP Path from Base Inherited from deviceManagementConfigurationSettingDefinition |
rootDefinitionId | String | Root setting definition if the setting is a child setting. Inherited from deviceManagementConfigurationSettingDefinition |
categoryId | String | Specifies the area group under which the setting is configured in a specified configuration service provider (CSP) Inherited from deviceManagementConfigurationSettingDefinition |
settingUsage | deviceManagementConfigurationSettingUsage | Setting type, for example, configuration and compliance Inherited from deviceManagementConfigurationSettingDefinition. Possible values are: none , configuration , compliance . |
uxBehavior | deviceManagementConfigurationControlType | Setting control type representation in the UX Inherited from deviceManagementConfigurationSettingDefinition. Possible values are: default , dropdown , smallTextBox , largeTextBox , toggle , multiheaderGrid , contextPane . |
visibility | deviceManagementConfigurationSettingVisibility | Setting visibility scope to UX Inherited from deviceManagementConfigurationSettingDefinition. Possible values are: none , settingsCatalog , template . |
referredSettingInformationList | deviceManagementConfigurationReferredSettingInformation collection | List of referred setting information. Inherited from deviceManagementConfigurationSettingDefinition |
id | String | Identifier for item Inherited from deviceManagementConfigurationSettingDefinition |
description | String | Description of the item Inherited from deviceManagementConfigurationSettingDefinition |
helpText | String | Help text of the item Inherited from deviceManagementConfigurationSettingDefinition |
name | String | Name of the item Inherited from deviceManagementConfigurationSettingDefinition |
displayName | String | Display name of the item Inherited from deviceManagementConfigurationSettingDefinition |
version | String | Item Version Inherited from deviceManagementConfigurationSettingDefinition |
options | deviceManagementConfigurationOptionDefinition collection | Options for the setting that can be selected |
defaultOptionId | String | Default option for choice setting |
deviceManagementConfigurationRedirectSettingDefinition
Property | Type | Description |
---|---|---|
applicability | deviceManagementConfigurationSettingApplicability | Details which device setting is applicable on Inherited from deviceManagementConfigurationSettingDefinition |
accessTypes | deviceManagementConfigurationSettingAccessTypes | Read/write access mode of the setting Inherited from deviceManagementConfigurationSettingDefinition. Possible values are: none , add , copy , delete , get , replace , execute . |
keywords | String collection | Tokens which to search settings on Inherited from deviceManagementConfigurationSettingDefinition |
infoUrls | String collection | List of links more info for the setting can be found at Inherited from deviceManagementConfigurationSettingDefinition |
occurrence | deviceManagementConfigurationSettingOccurrence | Indicates whether the setting is required or not Inherited from deviceManagementConfigurationSettingDefinition |
baseUri | String | Base CSP Path Inherited from deviceManagementConfigurationSettingDefinition |
offsetUri | String | Offset CSP Path from Base Inherited from deviceManagementConfigurationSettingDefinition |
rootDefinitionId | String | Root setting definition if the setting is a child setting. Inherited from deviceManagementConfigurationSettingDefinition |
categoryId | String | Specifies the area group under which the setting is configured in a specified configuration service provider (CSP) Inherited from deviceManagementConfigurationSettingDefinition |
settingUsage | deviceManagementConfigurationSettingUsage | Setting type, for example, configuration and compliance Inherited from deviceManagementConfigurationSettingDefinition. Possible values are: none , configuration , compliance . |
uxBehavior | deviceManagementConfigurationControlType | Setting control type representation in the UX Inherited from deviceManagementConfigurationSettingDefinition. Possible values are: default , dropdown , smallTextBox , largeTextBox , toggle , multiheaderGrid , contextPane . |
visibility | deviceManagementConfigurationSettingVisibility | Setting visibility scope to UX Inherited from deviceManagementConfigurationSettingDefinition. Possible values are: none , settingsCatalog , template . |
referredSettingInformationList | deviceManagementConfigurationReferredSettingInformation collection | List of referred setting information. Inherited from deviceManagementConfigurationSettingDefinition |
id | String | Identifier for item Inherited from deviceManagementConfigurationSettingDefinition |
description | String | Description of the item Inherited from deviceManagementConfigurationSettingDefinition |
helpText | String | Help text of the item Inherited from deviceManagementConfigurationSettingDefinition |
name | String | Name of the item Inherited from deviceManagementConfigurationSettingDefinition |
displayName | String | Display name of the item Inherited from deviceManagementConfigurationSettingDefinition |
version | String | Item Version Inherited from deviceManagementConfigurationSettingDefinition |
deepLink | String | A deep link that points to the specific location in the Intune console where feature support must be managed from. |
redirectMessage | String | A message that explains that clicking the link will redirect the user to a supported page to manage the settings. |
redirectReason | String | Indicates the reason for redirecting the user to an alternative location in the console. For example: WiFi profiles are not supported in the settings catalog and must be created with a template policy. |
deviceManagementConfigurationSettingDefinition
Property | Type | Description |
---|---|---|
applicability | deviceManagementConfigurationSettingApplicability | Details which device setting is applicable on |
accessTypes | deviceManagementConfigurationSettingAccessTypes | Read/write access mode of the setting. Possible values are: none , add , copy , delete , get , replace , execute . |
keywords | String collection | Tokens which to search settings on |
infoUrls | String collection | List of links more info for the setting can be found at |
occurrence | deviceManagementConfigurationSettingOccurrence | Indicates whether the setting is required or not |
baseUri | String | Base CSP Path |
offsetUri | String | Offset CSP Path from Base |
rootDefinitionId | String | Root setting definition if the setting is a child setting. |
categoryId | String | Specifies the area group under which the setting is configured in a specified configuration service provider (CSP) |
settingUsage | deviceManagementConfigurationSettingUsage | Setting type, for example, configuration and compliance. Possible values are: none , configuration , compliance . |
uxBehavior | deviceManagementConfigurationControlType | Setting control type representation in the UX. Possible values are: default , dropdown , smallTextBox , largeTextBox , toggle , multiheaderGrid , contextPane . |
visibility | deviceManagementConfigurationSettingVisibility | Setting visibility scope to UX. Possible values are: none , settingsCatalog , template . |
referredSettingInformationList | deviceManagementConfigurationReferredSettingInformation collection | List of referred setting information. |
id | String | Identifier for item |
description | String | Description of the item |
helpText | String | Help text of the item |
name | String | Name of the item |
displayName | String | Display name of the item |
version | String | Item Version |
deviceManagementConfigurationSettingGroupDefinition
Property | Type | Description |
---|---|---|
applicability | deviceManagementConfigurationSettingApplicability | Details which device setting is applicable on Inherited from deviceManagementConfigurationSettingDefinition |
accessTypes | deviceManagementConfigurationSettingAccessTypes | Read/write access mode of the setting Inherited from deviceManagementConfigurationSettingDefinition. Possible values are: none , add , copy , delete , get , replace , execute . |
keywords | String collection | Tokens which to search settings on Inherited from deviceManagementConfigurationSettingDefinition |
infoUrls | String collection | List of links more info for the setting can be found at Inherited from deviceManagementConfigurationSettingDefinition |
occurrence | deviceManagementConfigurationSettingOccurrence | Indicates whether the setting is required or not Inherited from deviceManagementConfigurationSettingDefinition |
baseUri | String | Base CSP Path Inherited from deviceManagementConfigurationSettingDefinition |
offsetUri | String | Offset CSP Path from Base Inherited from deviceManagementConfigurationSettingDefinition |
rootDefinitionId | String | Root setting definition if the setting is a child setting. Inherited from deviceManagementConfigurationSettingDefinition |
categoryId | String | Specifies the area group under which the setting is configured in a specified configuration service provider (CSP) Inherited from deviceManagementConfigurationSettingDefinition |
settingUsage | deviceManagementConfigurationSettingUsage | Setting type, for example, configuration and compliance Inherited from deviceManagementConfigurationSettingDefinition. Possible values are: none , configuration , compliance . |
uxBehavior | deviceManagementConfigurationControlType | Setting control type representation in the UX Inherited from deviceManagementConfigurationSettingDefinition. Possible values are: default , dropdown , smallTextBox , largeTextBox , toggle , multiheaderGrid , contextPane . |
visibility | deviceManagementConfigurationSettingVisibility | Setting visibility scope to UX Inherited from deviceManagementConfigurationSettingDefinition. Possible values are: none , settingsCatalog , template . |
referredSettingInformationList | deviceManagementConfigurationReferredSettingInformation collection | List of referred setting information. Inherited from deviceManagementConfigurationSettingDefinition |
id | String | Identifier for item Inherited from deviceManagementConfigurationSettingDefinition |
description | String | Description of the item Inherited from deviceManagementConfigurationSettingDefinition |
helpText | String | Help text of the item Inherited from deviceManagementConfigurationSettingDefinition |
name | String | Name of the item Inherited from deviceManagementConfigurationSettingDefinition |
displayName | String | Display name of the item Inherited from deviceManagementConfigurationSettingDefinition |
version | String | Item Version Inherited from deviceManagementConfigurationSettingDefinition |
childIds | String collection | Dependent child settings to this group of settings |
dependentOn | deviceManagementConfigurationDependentOn collection | List of Dependencies for the setting group |
dependedOnBy | deviceManagementConfigurationSettingDependedOnBy collection | List of child settings that depend on this setting |
deviceManagementConfigurationSimpleSettingDefinition
Property | Type | Description |
---|---|---|
applicability | deviceManagementConfigurationSettingApplicability | Details which device setting is applicable on Inherited from deviceManagementConfigurationSettingDefinition |
accessTypes | deviceManagementConfigurationSettingAccessTypes | Read/write access mode of the setting Inherited from deviceManagementConfigurationSettingDefinition. Possible values are: none , add , copy , delete , get , replace , execute . |
keywords | String collection | Tokens which to search settings on Inherited from deviceManagementConfigurationSettingDefinition |
infoUrls | String collection | List of links more info for the setting can be found at Inherited from deviceManagementConfigurationSettingDefinition |
occurrence | deviceManagementConfigurationSettingOccurrence | Indicates whether the setting is required or not Inherited from deviceManagementConfigurationSettingDefinition |
baseUri | String | Base CSP Path Inherited from deviceManagementConfigurationSettingDefinition |
offsetUri | String | Offset CSP Path from Base Inherited from deviceManagementConfigurationSettingDefinition |
rootDefinitionId | String | Root setting definition if the setting is a child setting. Inherited from deviceManagementConfigurationSettingDefinition |
categoryId | String | Specifies the area group under which the setting is configured in a specified configuration service provider (CSP) Inherited from deviceManagementConfigurationSettingDefinition |
settingUsage | deviceManagementConfigurationSettingUsage | Setting type, for example, configuration and compliance Inherited from deviceManagementConfigurationSettingDefinition. Possible values are: none , configuration , compliance . |
uxBehavior | deviceManagementConfigurationControlType | Setting control type representation in the UX Inherited from deviceManagementConfigurationSettingDefinition. Possible values are: default , dropdown , smallTextBox , largeTextBox , toggle , multiheaderGrid , contextPane . |
visibility | deviceManagementConfigurationSettingVisibility | Setting visibility scope to UX Inherited from deviceManagementConfigurationSettingDefinition. Possible values are: none , settingsCatalog , template . |
referredSettingInformationList | deviceManagementConfigurationReferredSettingInformation collection | List of referred setting information. Inherited from deviceManagementConfigurationSettingDefinition |
id | String | Identifier for item Inherited from deviceManagementConfigurationSettingDefinition |
description | String | Description of the item Inherited from deviceManagementConfigurationSettingDefinition |
helpText | String | Help text of the item Inherited from deviceManagementConfigurationSettingDefinition |
name | String | Name of the item Inherited from deviceManagementConfigurationSettingDefinition |
displayName | String | Display name of the item Inherited from deviceManagementConfigurationSettingDefinition |
version | String | Item Version Inherited from deviceManagementConfigurationSettingDefinition |
valueDefinition | deviceManagementConfigurationSettingValueDefinition | Definition of the value for this setting |
defaultValue | deviceManagementConfigurationSettingValue | Default setting value for this setting |
dependentOn | deviceManagementConfigurationDependentOn collection | list of parent settings this setting is dependent on |
dependedOnBy | deviceManagementConfigurationSettingDependedOnBy collection | list of child settings that depend on this setting |
deviceManagementDerivedCredentialSettings
Property | Type | Description |
---|---|---|
id | String | Unique identifier for the Derived Credential |
deviceManagementScript
Property | Type | Description |
---|---|---|
id | String | Unique Identifier for the device management script. |
displayName | String | Name of the device management script. |
description | String | Optional description for the device management script. |
scriptContent | Binary | The script content. |
createdDateTime | DateTimeOffset | The date and time the device management script was created. This property is read-only. |
lastModifiedDateTime | DateTimeOffset | The date and time the device management script was last modified. This property is read-only. |
runAsAccount | runAsAccountType | Indicates the type of execution context. Possible values are: system , user . |
enforceSignatureCheck | Boolean | Indicate whether the script signature needs be checked. |
fileName | String | Script file name. |
roleScopeTagIds | String collection | List of Scope Tag IDs for this PowerShellScript instance. |
runAs32Bit | Boolean | A value indicating whether the PowerShell script should run as 32-bit |
keyLongValuePair
Property | Type | Description |
---|---|---|
name | String | Name for this key long value pair |
value | Int64 | Value for this key long value pair |
mobileApp
Property | Type | Description |
---|---|---|
id | String | Key of the entity. |
displayName | String | The admin provided or imported title of the app. |
description | String | The description of the app. |
publisher | String | The publisher of the app. |
largeIcon | mimeContent | The large icon, to be displayed in the app details and used for upload of the icon. |
createdDateTime | DateTimeOffset | The date and time the app was created. |
lastModifiedDateTime | DateTimeOffset | The date and time the app was last modified. |
isFeatured | Boolean | The value indicating whether the app is marked as featured by the admin. |
privacyInformationUrl | String | The privacy statement Url. |
informationUrl | String | The more information Url. |
owner | String | The owner of the app. |
developer | String | The developer of the app. |
notes | String | Notes for the app. |
uploadState | Int32 | The upload state. |
publishingState | mobileAppPublishingState | The publishing state for the app. The app cannot be assigned unless the app is published. Possible values are: notPublished , processing , published . |
isAssigned | Boolean | The value indicating whether the app is assigned to at least one group. |
roleScopeTagIds | String collection | List of scope tag ids for this mobile app. |
dependentAppCount | Int32 | The total number of dependencies the child app has. |
report
Property | Type | Description |
---|---|---|
content | Stream | Report content; details vary by report type. |
reportRoot
Property | Type | Description |
---|---|---|
id | String | The unique identifier for this entity. |
intune-shared-runasaccounttype
intune-shared-runstate
windowsDomainJoinConfiguration
Property | Type | Description |
---|---|---|
id | String | Key of the entity. Inherited from deviceConfiguration |
Device configuration | ||
activeDirectoryDomainName | String | Active Directory domain name to join. |
computerNameStaticPrefix | String | Fixed prefix to be used for computer name. |
computerNameSuffixRandomCharCount | Int32 | Dynamically generated characters used as suffix for computer name. Valid values 3 to 14 |
createdDateTime | DateTimeOffset | DateTime the object was created. Inherited from deviceConfiguration |
description | String | Admin provided description of the Device Configuration. Inherited from deviceConfiguration |
displayName | String | Admin provided name of the device configuration. Inherited from deviceConfiguration |
lastModifiedDateTime | DateTimeOffset | DateTime the object was last modified. Inherited from deviceConfiguration |
organizationalUnit | String | Organizational unit (OU) where the computer account will be created. If this parameter is NULL, the well known computer object container will be used as published in the domain. |
roleScopeTagIds | String collection | List of Scope Tags for this Entity instance. Inherited from deviceConfiguration |
supportsScopeTags | Boolean | Indicates whether or not the underlying Device Configuration supports the assignment of scope tags. Assigning to the ScopeTags property is not allowed when this value is false and entities will not be visible to scoped users. This occurs for Legacy policies created in Silverlight and can be resolved by deleting and recreating the policy in the Azure Portal. This property is read-only. Inherited from deviceConfiguration |
version | Int32 | Version of the device configuration. Inherited from deviceConfiguration |
windowsUpdateState
Property | Type | Description |
---|---|---|
id | String | This is Id of the entity. |
deviceId | String | The id of the device. |
userId | String | The id of the user. |
deviceDisplayName | String | Device display name. |
userPrincipalName | String | User principal name. |
status | windowsUpdateStatus | Windows udpate status. Possible values are: upToDate , pendingInstallation , pendingReboot , failed . |
qualityUpdateVersion | String | The Quality Update Version of the device. |
featureUpdateVersion | String | The current feature update version of the device. |
lastScanDateTime | DateTimeOffset | The date time that the Windows Update Agent did a successful scan. |
lastSyncDateTime | DateTimeOffset | Last date time that the device sync with with Microsoft Intune. |
bulkDriverActionResult
Property | Type | Description |
---|---|---|
successfulDriverIds | String collection | List of driver Ids where the action is successful. |
failedDriverIds | String collection | List of driver Ids where the action is failed. |
notFoundDriverIds | String collection | List of driver Ids that are not found. |
intune-softwareupdate-driverapprovalaction
windowsDriverUpdateInventory
Property | Type | Description |
---|---|---|
id | String | The id of the driver. |
name | String | The name of the driver. |
version | String | The version of the driver. |
manufacturer | String | The manufacturer of the driver. |
releaseDateTime | DateTimeOffset | The release date time of the driver. |
driverClass | String | The class of the driver. |
applicableDeviceCount | Int32 | The number of devices for which this driver is applicable. |
approvalStatus | driverApprovalStatus | The approval status for this driver. Possible values are: needsReview , declined , approved , suspended . |
category | driverCategory | The category for this driver. Possible values are: recommended , previouslyApproved , other . |
deployDateTime | DateTimeOffset | The date time when a driver should be deployed if approvalStatus is approved. |
windowsDriverUpdateProfile
Property | Type | Description |
---|---|---|
id | String | The Intune policy id. |
displayName | String | The display name for the profile. |
description | String | The description of the profile which is specified by the user. |
approvalType | driverUpdateProfileApprovalType | Driver update profile approval type. For example, manual or automatic approval. Possible values are: manual , automatic . |
deviceReporting | Int32 | Number of devices reporting for this profile |
newUpdates | Int32 | Number of new driver updates available for this profile. |
deploymentDeferralInDays | Int32 | Deployment deferral settings in days, only applicable when ApprovalType is set to automatic approval. |
createdDateTime | DateTimeOffset | The date time that the profile was created. |
lastModifiedDateTime | DateTimeOffset | The date time that the profile was last modified. |
roleScopeTagIds | String collection | List of Scope Tags for this Driver Update entity. |
inventorySyncStatus | windowsDriverUpdateProfileInventorySyncStatus | Driver inventory sync status for this profile. |
windowsDriverUpdateProfileAssignment
Property | Type | Description |
---|---|---|
id | String | The Identifier of the entity |
target | deviceAndAppManagementAssignmentTarget | The assignment target that the driver update profile is assigned to. |
windowsFeatureUpdateCatalogItem
Property | Type | Description |
---|---|---|
id | String | The catalog item id. Inherited from windowsUpdateCatalogItem |
displayName | String | The display name for the catalog item. Inherited from windowsUpdateCatalogItem |
releaseDateTime | DateTimeOffset | The date the catalog item was released Inherited from windowsUpdateCatalogItem |
endOfSupportDate | DateTimeOffset | The last supported date for a catalog item Inherited from windowsUpdateCatalogItem |
version | String | The feature update version |
windowsFeatureUpdateProfile
Property | Type | Description |
---|---|---|
id | String | The Identifier of the entity. |
displayName | String | The display name of the profile. |
description | String | The description of the profile which is specified by the user. |
featureUpdateVersion | String | The feature update version that will be deployed to the devices targeted by this profile. The version could be any supported version for example 1709, 1803 or 1809 and so on. |
rolloutSettings | windowsUpdateRolloutSettings | The windows update rollout settings, including offer start date time, offer end date time, and days between each set of offers. |
createdDateTime | DateTimeOffset | The date time that the profile was created. |
lastModifiedDateTime | DateTimeOffset | The date time that the profile was last modified. |
roleScopeTagIds | String collection | List of Scope Tags for this Feature Update entity. |
deployableContentDisplayName | String | Friendly display name of the quality update profile deployable content |
endOfSupportDate | DateTimeOffset | The last supported date for a feature update |
windowsFeatureUpdateProfileAssignment
Property | Type | Description |
---|---|---|
id | String | The Identifier of the entity |
target | deviceAndAppManagementAssignmentTarget | The assignment target that the feature update profile is assigned to. |
windowsQualityUpdateCatalogItem
Property | Type | Description |
---|---|---|
id | String | The catalog item id. Inherited from windowsUpdateCatalogItem |
displayName | String | The display name for the catalog item. Inherited from windowsUpdateCatalogItem |
releaseDateTime | DateTimeOffset | The date the catalog item was released Inherited from windowsUpdateCatalogItem |
endOfSupportDate | DateTimeOffset | The last supported date for a catalog item Inherited from windowsUpdateCatalogItem |
kbArticleId | String | Knowledge base article id |
classification | windowsQualityUpdateClassification | Classification of the quality update. Possible values are: all , security , nonSecurity . |
isExpeditable | Boolean | Flag indicating if update qualifies for expedite |
windowsQualityUpdateProfile
Property | Type | Description |
---|---|---|
id | String | The Intune policy id. |
displayName | String | The display name for the profile. |
description | String | The description of the profile which is specified by the user. |
expeditedUpdateSettings | expeditedWindowsQualityUpdateSettings | Expedited update settings. |
createdDateTime | DateTimeOffset | The date time that the profile was created. |
lastModifiedDateTime | DateTimeOffset | The date time that the profile was last modified. |
roleScopeTagIds | String collection | List of Scope Tags for this Quality Update entity. |
releaseDateDisplayName | String | Friendly release date to display for a Quality Update release |
deployableContentDisplayName | String | Friendly display name of the quality update profile deployable content |
windowsQualityUpdateProfileAssignment
Property | Type | Description |
---|---|---|
id | String | The Identifier of the entity |
target | deviceAndAppManagementAssignmentTarget | The assignment target that the quality update profile is assigned to. |
windowsUpdateCatalogItem
Property | Type | Description |
---|---|---|
id | String | The catalog item id. |
displayName | String | The display name for the catalog item. |
releaseDateTime | DateTimeOffset | The date the catalog item was released |
endOfSupportDate | DateTimeOffset | The last supported date for a catalog item |