Show / Hide Table of Contents

DeviceManagementConfiguration.Read.All

Allows the app to read properties of Microsoft Intune-managed device configuration and device compliance policies and their assignment to groups.

Graph Methods

Type: A = Application Permission, D = Delegate Permission

Ver Type Method
V1 A,D DELETE /deviceManagement/deviceComplianceScripts/{deviceComplianceScriptId}/assignments/{deviceHealthScriptAssignmentId}
V1 A,D DELETE /deviceManagement/deviceHealthScripts/{deviceHealthScriptId}
V1 A,D DELETE /deviceManagement/deviceHealthScripts/{deviceHealthScriptId}/assignments/{deviceHealthScriptAssignmentId}
V1 A,D DELETE /deviceManagement/deviceHealthScripts/{deviceHealthScriptId}/deviceRunStates/{deviceHealthScriptDeviceStateId}
V1 A,D GET ** Collection URI for microsoft.management.services.api.appVulnerabilityManagedDevice not found
V1 A,D GET ** Collection URI for microsoft.management.services.api.appVulnerabilityMobileApp not found
V1 A,D GET ** Collection URI for microsoft.management.services.api.vulnerableManagedDevice not found
V1 A,D GET ** Entity URI for microsoft.management.services.api.appVulnerabilityManagedDevice not found
V1 A,D GET ** Entity URI for microsoft.management.services.api.appVulnerabilityMobileApp not found
V1 A,D GET ** Entity URI for microsoft.management.services.api.vulnerableManagedDevice not found
V1 A,D GET /CreateRemoteHelpSessionResponse
V1 A,D GET /CreateRemoteHelpSessionResponse/{CreateRemoteHelpSessionResponseId}
V1 A,D GET /deviceAppManagement
V1 A,D GET /deviceAppManagement/androidManagedAppProtections/{androidManagedAppProtectionId}/apps
V1 A,D GET /deviceAppManagement/androidManagedAppProtections/{androidManagedAppProtectionId}/apps/{managedMobileAppId}
V1 A,D GET /deviceAppManagement/androidManagedAppProtections/{androidManagedAppProtectionId}/assignments
V1 A,D GET /deviceAppManagement/androidManagedAppProtections/{androidManagedAppProtectionId}/assignments/{targetedManagedAppPolicyAssignmentId}
V1 A,D GET /deviceAppManagement/androidManagedAppProtections/{androidManagedAppProtectionId}/deploymentSummary
V1 A,D GET /deviceAppManagement/defaultManagedAppProtections
V1 A,D GET /deviceAppManagement/defaultManagedAppProtections/{defaultManagedAppProtectionId}
V1 A,D GET /deviceAppManagement/defaultManagedAppProtections/{defaultManagedAppProtectionId}/apps
V1 A,D GET /deviceAppManagement/defaultManagedAppProtections/{defaultManagedAppProtectionId}/apps/{managedMobileAppId}
V1 A,D GET /deviceAppManagement/defaultManagedAppProtections/{defaultManagedAppProtectionId}/deploymentSummary
V1 A,D GET /deviceAppManagement/deviceAppManagementTasks
V1 A,D GET /deviceAppManagement/deviceAppManagementTasks/{deviceAppManagementTaskId}
V1 A,D GET /deviceAppManagement/iosManagedAppProtections/{iosManagedAppProtectionId}/apps
V1 A,D GET /deviceAppManagement/iosManagedAppProtections/{iosManagedAppProtectionId}/apps/{managedMobileAppId}
V1 A,D GET /deviceAppManagement/iosManagedAppProtections/{iosManagedAppProtectionId}/assignments
V1 A,D GET /deviceAppManagement/iosManagedAppProtections/{iosManagedAppProtectionId}/assignments/{targetedManagedAppPolicyAssignmentId}
V1 A,D GET /deviceAppManagement/iosManagedAppProtections/{iosManagedAppProtectionId}/deploymentSummary
V1 A,D GET /deviceAppManagement/managedAppPolicies
V1 A,D GET /deviceAppManagement/managedAppPolicies/{managedAppPolicyId}
V1 A,D GET /deviceAppManagement/managedAppRegistrations
V1 A,D GET /deviceAppManagement/managedAppRegistrations/{managedAppRegistrationId}
V1 A,D GET /deviceAppManagement/managedAppRegistrations/{managedAppRegistrationId}/appliedPolicies
V1 A,D GET /deviceAppManagement/managedAppRegistrations/{managedAppRegistrationId}/appliedPolicies/{managedAppPolicyId}
V1 A,D GET /deviceAppManagement/managedAppRegistrations/{managedAppRegistrationId}/intendedPolicies
V1 A,D GET /deviceAppManagement/managedAppRegistrations/{managedAppRegistrationId}/intendedPolicies/{managedAppPolicyId}
V1 A,D GET /deviceAppManagement/managedAppRegistrations/{managedAppRegistrationId}/operations
V1 A,D GET /deviceAppManagement/managedAppRegistrations/{managedAppRegistrationId}/operations/{managedAppOperationId}
V1 A,D GET /deviceAppManagement/managedAppRegistrations/getUserIdsWithFlaggedAppRegistration
V1 A,D GET /deviceAppManagement/managedAppStatuses
V1 A,D GET /deviceAppManagement/managedAppStatuses/{managedAppStatusId}
V1 A,D GET /deviceAppManagement/mdmWindowsInformationProtectionPolicies/{mdmWindowsInformationProtectionPolicyId}/assignments
V1 A,D GET /deviceAppManagement/mdmWindowsInformationProtectionPolicies/{mdmWindowsInformationProtectionPolicyId}/assignments/{targetedManagedAppPolicyAssignmentId}
V1 A,D GET /deviceAppManagement/mdmWindowsInformationProtectionPolicies/{mdmWindowsInformationProtectionPolicyId}/exemptAppLockerFiles
V1 A,D GET /deviceAppManagement/mdmWindowsInformationProtectionPolicies/{mdmWindowsInformationProtectionPolicyId}/exemptAppLockerFiles/{windowsInformationProtectionAppLockerFileId}
V1 A,D GET /deviceAppManagement/mdmWindowsInformationProtectionPolicies/{mdmWindowsInformationProtectionPolicyId}/protectedAppLockerFiles
V1 A,D GET /deviceAppManagement/mdmWindowsInformationProtectionPolicies/{mdmWindowsInformationProtectionPolicyId}/protectedAppLockerFiles/{windowsInformationProtectionAppLockerFileId}
V1 A,D GET /deviceAppManagement/policySets
V1 A,D GET /deviceAppManagement/policySets/{policySetId}
V1 A,D GET /deviceAppManagement/policySets/{policySetId}/assignments
V1 A,D GET /deviceAppManagement/policySets/{policySetId}/assignments/{policySetAssignmentId}
V1 A,D GET /deviceAppManagement/policySets/{policySetId}/items
V1 A,D GET /deviceAppManagement/policySets/{policySetId}/items/{policySetItemId}
V1 A,D GET /deviceAppManagement/sideLoadingKeys
V1 A,D GET /deviceAppManagement/sideLoadingKeys/{sideLoadingKeyId}
V1 A,D GET /deviceAppManagement/targetedManagedAppConfigurations/{targetedManagedAppConfigurationId}/apps
V1 A,D GET /deviceAppManagement/targetedManagedAppConfigurations/{targetedManagedAppConfigurationId}/apps/{managedMobileAppId}
V1 A,D GET /deviceAppManagement/targetedManagedAppConfigurations/{targetedManagedAppConfigurationId}/assignments
V1 A,D GET /deviceAppManagement/targetedManagedAppConfigurations/{targetedManagedAppConfigurationId}/assignments/{targetedManagedAppPolicyAssignmentId}
V1 A,D GET /deviceAppManagement/targetedManagedAppConfigurations/{targetedManagedAppConfigurationId}/deploymentSummary
V1 A,D GET /deviceAppManagement/vppTokens
V1 A,D GET /deviceAppManagement/vppTokens/{vppTokenId}
V1 A,D GET /deviceAppManagement/vppTokens/getLicensesForApp
V1 A,D GET /deviceAppManagement/windowsInformationProtectionDeviceRegistrations
V1 A,D GET /deviceAppManagement/windowsInformationProtectionDeviceRegistrations/{windowsInformationProtectionDeviceRegistrationId}
V1 A,D GET /deviceAppManagement/windowsInformationProtectionPolicies
V1 A,D GET /deviceAppManagement/windowsInformationProtectionPolicies/{windowsInformationProtectionPolicyId}
V1 A,D GET /deviceAppManagement/windowsInformationProtectionPolicies/{windowsInformationProtectionPolicyId}/assignments
V1 A,D GET /deviceAppManagement/windowsInformationProtectionPolicies/{windowsInformationProtectionPolicyId}/assignments/{targetedManagedAppPolicyAssignmentId}
V1 A,D GET /deviceAppManagement/windowsInformationProtectionPolicies/{windowsInformationProtectionPolicyId}/exemptAppLockerFiles
V1 A,D GET /deviceAppManagement/windowsInformationProtectionPolicies/{windowsInformationProtectionPolicyId}/exemptAppLockerFiles/{windowsInformationProtectionAppLockerFileId}
V1 A,D GET /deviceAppManagement/windowsInformationProtectionPolicies/{windowsInformationProtectionPolicyId}/protectedAppLockerFiles
V1 A,D GET /deviceAppManagement/windowsInformationProtectionPolicies/{windowsInformationProtectionPolicyId}/protectedAppLockerFiles/{windowsInformationProtectionAppLockerFileId}
V1 A,D GET /deviceAppManagement/windowsInformationProtectionWipeActions
V1 A,D GET /deviceAppManagement/windowsInformationProtectionWipeActions/{windowsInformationProtectionWipeActionId}
V1 A,D GET /deviceAppManagement/windowsManagedAppProtections
V1 A,D GET /deviceAppManagement/windowsManagedAppProtections/{windowsManagedAppProtectionId}
V1 A,D GET /deviceAppManagement/windowsManagedAppProtections/{windowsManagedAppProtectionId}/apps
V1 A,D GET /deviceAppManagement/windowsManagedAppProtections/{windowsManagedAppProtectionId}/apps/{managedMobileAppId}
V1 A,D GET /deviceAppManagement/windowsManagedAppProtections/{windowsManagedAppProtectionId}/assignments
V1 A,D GET /deviceAppManagement/windowsManagedAppProtections/{windowsManagedAppProtectionId}/assignments/{targetedManagedAppPolicyAssignmentId}
V1 A,D GET /deviceAppManagement/windowsManagementApp
V1 A,D GET /deviceAppManagement/windowsManagementApp/healthStates
V1 A,D GET /deviceAppManagement/windowsManagementApp/healthStates/{windowsManagementAppHealthStateId}
V1 A,D GET /deviceManagement
V1 A,D GET /deviceManagement/advancedThreatProtectionOnboardingStateSummary
V1 A,D GET /deviceManagement/advancedThreatProtectionOnboardingStateSummary/advancedThreatProtectionOnboardingDeviceSettingStates
V1 A,D GET /deviceManagement/advancedThreatProtectionOnboardingStateSummary/advancedThreatProtectionOnboardingDeviceSettingStates/{advancedThreatProtectionOnboardingDeviceSettingStateId}
V1 A,D GET /deviceManagement/androidDeviceOwnerEnrollmentProfiles
V1 A,D GET /deviceManagement/androidDeviceOwnerEnrollmentProfiles/{androidDeviceOwnerEnrollmentProfileId}
V1 A,D GET /deviceManagement/androidForWorkAppConfigurationSchemas
V1 A,D GET /deviceManagement/androidForWorkAppConfigurationSchemas/{androidForWorkAppConfigurationSchemaId}
V1 A,D GET /deviceManagement/androidForWorkEnrollmentProfiles
V1 A,D GET /deviceManagement/androidForWorkEnrollmentProfiles/{androidForWorkEnrollmentProfileId}
V1 A,D GET /deviceManagement/androidForWorkSettings
V1 A,D GET /deviceManagement/androidManagedStoreAccountEnterpriseSettings
V1 A,D GET /deviceManagement/androidManagedStoreAppConfigurationSchemas
V1 A,D GET /deviceManagement/androidManagedStoreAppConfigurationSchemas/{androidManagedStoreAppConfigurationSchemaId}
V1 A,D GET /deviceManagement/applePushNotificationCertificate
V1 A,D GET /deviceManagement/assignmentFilters
V1 A,D GET /deviceManagement/assignmentFilters/{deviceAndAppManagementAssignmentFilterId}
V1 A,D GET /deviceManagement/assignmentFilters/{deviceAndAppManagementAssignmentFilterId}/getSupportedProperties
V1 A,D GET /deviceManagement/assignmentFilters/getPlatformSupportedProperties
V1 A,D GET /deviceManagement/assignmentFilters/getState
V1 A,D GET /deviceManagement/cartToClassAssociations
V1 A,D GET /deviceManagement/cartToClassAssociations/{cartToClassAssociationId}
V1 A,D GET /deviceManagement/categories
V1 A,D GET /deviceManagement/categories/{deviceManagementSettingCategoryId}
V1 A,D GET /deviceManagement/categories/{deviceManagementSettingCategoryId}/settingDefinitions
V1 A,D GET /deviceManagement/categories/{deviceManagementSettingCategoryId}/settingDefinitions/{deviceManagementSettingDefinitionId}
V1 A,D GET /deviceManagement/certificateConnectorDetails
V1 A,D GET /deviceManagement/certificateConnectorDetails/{certificateConnectorDetailsId}
V1 A,D GET /deviceManagement/chromeOSOnboardingSettings
V1 A,D GET /deviceManagement/chromeOSOnboardingSettings/{chromeOSOnboardingSettingsId}
V1 A,D GET /deviceManagement/cloudPCConnectivityIssues
V1 A,D GET /deviceManagement/cloudPCConnectivityIssues/{cloudPCConnectivityIssueId}
V1 A,D GET /deviceManagement/comanagedDevices
V1 A,D GET /deviceManagement/comanagedDevices/{managedDeviceId}
V1 A,D GET /deviceManagement/comanagedDevices/{managedDeviceId}/getFileVaultKey
V1 A,D GET /deviceManagement/comanagedDevices/{managedDeviceId}/getOemWarranty
V1 A,D GET /deviceManagement/comanagedDevices/appDiagnostics
V1 A,D GET /deviceManagement/comanagementEligibleDevices
V1 A,D GET /deviceManagement/comanagementEligibleDevices/{comanagementEligibleDeviceId}
V1 A,D GET /deviceManagement/complianceCategories
V1 A,D GET /deviceManagement/complianceCategories/{deviceManagementConfigurationCategoryId}
V1 A,D GET /deviceManagement/complianceManagementPartners
V1 A,D GET /deviceManagement/complianceManagementPartners/{complianceManagementPartnerId}
V1 A,D GET /deviceManagement/compliancePolicies
V1 A,D GET /deviceManagement/compliancePolicies/{deviceManagementCompliancePolicyId}
V1 A,D GET /deviceManagement/compliancePolicies/{deviceManagementCompliancePolicyId}/assignments
V1 A,D GET /deviceManagement/compliancePolicies/{deviceManagementCompliancePolicyId}/assignments/{deviceManagementConfigurationPolicyAssignmentId}
V1 A,D GET /deviceManagement/compliancePolicies/{deviceManagementCompliancePolicyId}/scheduledActionsForRule
V1 A,D GET /deviceManagement/compliancePolicies/{deviceManagementCompliancePolicyId}/scheduledActionsForRule/{deviceManagementComplianceScheduledActionForRuleId}
V1 A,D GET /deviceManagement/compliancePolicies/{deviceManagementCompliancePolicyId}/scheduledActionsForRule/{deviceManagementComplianceScheduledActionForRuleId}/scheduledActionConfigurations
V1 A,D GET /deviceManagement/compliancePolicies/{deviceManagementCompliancePolicyId}/scheduledActionsForRule/{deviceManagementComplianceScheduledActionForRuleId}/scheduledActionConfigurations/{deviceManagementComplianceActionItemId}
V1 A,D GET /deviceManagement/compliancePolicies/{deviceManagementCompliancePolicyId}/settings
V1 A,D GET /deviceManagement/compliancePolicies/{deviceManagementCompliancePolicyId}/settings/{deviceManagementConfigurationSettingId}
V1 A,D GET /deviceManagement/complianceSettings
V1 A,D GET /deviceManagement/complianceSettings/{deviceManagementConfigurationSettingDefinitionId}
V1 A,D GET /deviceManagement/conditionalAccessSettings
V1 A,D GET /deviceManagement/configManagerCollections
V1 A,D GET /deviceManagement/configManagerCollections/{configManagerCollectionId}
V1 A,D GET /deviceManagement/configManagerCollections/getPolicySummary
V1 A,D GET /deviceManagement/configurationCategories
V1 A,D GET /deviceManagement/configurationCategories/{deviceManagementConfigurationCategoryId}
V1 A,D GET /deviceManagement/configurationPolicies
V1 A,D GET /deviceManagement/configurationPolicies/{deviceManagementConfigurationPolicyId}
V1 A,D GET /deviceManagement/configurationPolicies/{deviceManagementConfigurationPolicyId}/assignments
V1 A,D GET /deviceManagement/configurationPolicies/{deviceManagementConfigurationPolicyId}/assignments/{deviceManagementConfigurationPolicyAssignmentId}
V1 A,D GET /deviceManagement/configurationPolicies/{deviceManagementConfigurationPolicyId}/settings
V1 A,D GET /deviceManagement/configurationPolicies/{deviceManagementConfigurationPolicyId}/settings/{deviceManagementConfigurationSettingId}
V1 A,D GET /deviceManagement/configurationPolicies/{deviceManagementConfigurationPolicyId}/settings/{deviceManagementConfigurationSettingId}/settingDefinitions
V1 A,D GET /deviceManagement/configurationPolicies/{deviceManagementConfigurationPolicyId}/settings/{deviceManagementConfigurationSettingId}/settingDefinitions/{deviceManagementConfigurationSettingDefinitionId}
V1 A,D GET /deviceManagement/configurationPolicyTemplates
V1 A,D GET /deviceManagement/configurationPolicyTemplates/{deviceManagementConfigurationPolicyTemplateId}
V1 A,D GET /deviceManagement/configurationPolicyTemplates/{deviceManagementConfigurationPolicyTemplateId}/settingTemplates
V1 A,D GET /deviceManagement/configurationPolicyTemplates/{deviceManagementConfigurationPolicyTemplateId}/settingTemplates/{deviceManagementConfigurationSettingTemplateId}
V1 A,D GET /deviceManagement/configurationPolicyTemplates/{deviceManagementConfigurationPolicyTemplateId}/settingTemplates/{deviceManagementConfigurationSettingTemplateId}/settingDefinitions
V1 A,D GET /deviceManagement/configurationPolicyTemplates/{deviceManagementConfigurationPolicyTemplateId}/settingTemplates/{deviceManagementConfigurationSettingTemplateId}/settingDefinitions/{deviceManagementConfigurationSettingDefinitionId}
V1 A,D GET /deviceManagement/configurationSettings
V1 A,D GET /deviceManagement/configurationSettings/{deviceManagementConfigurationSettingDefinitionId}
V1 A,D GET /deviceManagement/dataSharingConsents
V1 A,D GET /deviceManagement/dataSharingConsents/{dataSharingConsentId}
V1 GET /deviceManagement/derivedCredentials/{deviceManagementDerivedCredentialSettingsId}
V1 A,D GET /deviceManagement/detectedApps
V1 A,D GET /deviceManagement/detectedApps/{detectedAppId}
V1 A,D GET /deviceManagement/deviceCategories
V1 A,D GET /deviceManagement/deviceCategories/{deviceCategoryId}
V1 A,D GET /deviceManagement/deviceCompliancePolicies
V1 A,D GET /deviceManagement/deviceCompliancePolicies/{deviceCompliancePolicyId}
V1 A,D GET /deviceManagement/deviceCompliancePolicies/{deviceCompliancePolicyId}/assignments
V1 A,D GET /deviceManagement/deviceCompliancePolicies/{deviceCompliancePolicyId}/assignments/{deviceCompliancePolicyAssignmentId}
V1 A,D GET /deviceManagement/deviceCompliancePolicies/{deviceCompliancePolicyId}/deviceSettingStateSummaries
V1 A,D GET /deviceManagement/deviceCompliancePolicies/{deviceCompliancePolicyId}/deviceSettingStateSummaries/{settingStateDeviceSummaryId}
V1 A,D GET /deviceManagement/deviceCompliancePolicies/{deviceCompliancePolicyId}/deviceStatuses
V1 A,D GET /deviceManagement/deviceCompliancePolicies/{deviceCompliancePolicyId}/deviceStatuses/{deviceComplianceDeviceStatusId}
V1 A,D GET /deviceManagement/deviceCompliancePolicies/{deviceCompliancePolicyId}/deviceStatusOverview
V1 A,D GET /deviceManagement/deviceCompliancePolicies/{deviceCompliancePolicyId}/scheduledActionsForRule
V1 A,D GET /deviceManagement/deviceCompliancePolicies/{deviceCompliancePolicyId}/scheduledActionsForRule/{deviceComplianceScheduledActionForRuleId}
V1 A,D GET /deviceManagement/deviceCompliancePolicies/{deviceCompliancePolicyId}/scheduledActionsForRule/{deviceComplianceScheduledActionForRuleId}/scheduledActionConfigurations
V1 A,D GET /deviceManagement/deviceCompliancePolicies/{deviceCompliancePolicyId}/scheduledActionsForRule/{deviceComplianceScheduledActionForRuleId}/scheduledActionConfigurations/{deviceComplianceActionItemId}
V1 A,D GET /deviceManagement/deviceCompliancePolicies/{deviceCompliancePolicyId}/userStatuses
V1 A,D GET /deviceManagement/deviceCompliancePolicies/{deviceCompliancePolicyId}/userStatuses/{deviceComplianceUserStatusId}
V1 A,D GET /deviceManagement/deviceCompliancePolicies/{deviceCompliancePolicyId}/userStatusOverview
V1 A,D GET /deviceManagement/deviceCompliancePolicies/getDevicesScheduledToRetire
V1 A,D GET /deviceManagement/deviceCompliancePolicyDeviceStateSummary
V1 A,D GET /deviceManagement/deviceCompliancePolicySettingStateSummaries
V1 A,D GET /deviceManagement/deviceCompliancePolicySettingStateSummaries/{deviceCompliancePolicySettingStateSummaryId}
V1 A,D GET /deviceManagement/deviceCompliancePolicySettingStateSummaries/{deviceCompliancePolicySettingStateSummaryId}/deviceComplianceSettingStates
V1 A,D GET /deviceManagement/deviceCompliancePolicySettingStateSummaries/{deviceCompliancePolicySettingStateSummaryId}/deviceComplianceSettingStates/{deviceComplianceSettingStateId}
V1 A,D GET /deviceManagement/deviceComplianceScripts
V1 A,D GET /deviceManagement/deviceComplianceScripts/{deviceComplianceScriptId}
V1 A,D GET /deviceManagement/deviceComplianceScripts/{deviceComplianceScriptId}/assignments
V1 A,D GET /deviceManagement/deviceComplianceScripts/{deviceComplianceScriptId}/assignments/{deviceHealthScriptAssignmentId}
V1 A,D GET /deviceManagement/deviceComplianceScripts/{deviceComplianceScriptId}/deviceRunStates
V1 A,D GET /deviceManagement/deviceComplianceScripts/{deviceComplianceScriptId}/deviceRunStates/{deviceComplianceScriptDeviceStateId}
V1 A,D GET /deviceManagement/deviceComplianceScripts/{deviceComplianceScriptId}/deviceRunStates/{deviceComplianceScriptDeviceStateId}/managedDevice
V1 A,D GET /deviceManagement/deviceComplianceScripts/{deviceComplianceScriptId}/deviceRunStates/{deviceComplianceScriptDeviceStateId}/managedDevice/getFileVaultKey
V1 A,D GET /deviceManagement/deviceComplianceScripts/{deviceComplianceScriptId}/deviceRunStates/{deviceComplianceScriptDeviceStateId}/managedDevice/getOemWarranty
V1 A,D GET /deviceManagement/deviceComplianceScripts/{deviceComplianceScriptId}/runSummary
V1 A,D GET /deviceManagement/deviceConfigurationConflictSummary
V1 A,D GET /deviceManagement/deviceConfigurationConflictSummary/{deviceConfigurationConflictSummaryId}
V1 A,D GET /deviceManagement/deviceConfigurationDeviceStateSummaries
V1 A,D GET /deviceManagement/deviceConfigurationRestrictedAppsViolations
V1 A,D GET /deviceManagement/deviceConfigurationRestrictedAppsViolations/{restrictedAppsViolationId}
V1 A,D GET /deviceManagement/deviceConfigurations
V1 A,D GET /deviceManagement/deviceConfigurations/{deviceConfigurationId}
V1 A,D GET /deviceManagement/deviceConfigurations/{deviceConfigurationId}/assignments
V1 A,D GET /deviceManagement/deviceConfigurations/{deviceConfigurationId}/assignments/{deviceConfigurationAssignmentId}
V1 GET /deviceManagement/deviceConfigurations/{deviceConfigurationId}/derivedCredentialSettings
V1 A,D GET /deviceManagement/deviceConfigurations/{deviceConfigurationId}/deviceSettingStateSummaries
V1 A,D GET /deviceManagement/deviceConfigurations/{deviceConfigurationId}/deviceSettingStateSummaries/{settingStateDeviceSummaryId}
V1 A,D GET /deviceManagement/deviceConfigurations/{deviceConfigurationId}/deviceStatuses
V1 A,D GET /deviceManagement/deviceConfigurations/{deviceConfigurationId}/deviceStatuses/{deviceConfigurationDeviceStatusId}
V1 A,D GET /deviceManagement/deviceConfigurations/{deviceConfigurationId}/deviceStatusOverview
V1 A,D GET /deviceManagement/deviceConfigurations/{deviceConfigurationId}/getOmaSettingPlainTextValue
V1 A,D GET /deviceManagement/deviceConfigurations/{deviceConfigurationId}/groupAssignments
V1 A,D GET /deviceManagement/deviceConfigurations/{deviceConfigurationId}/groupAssignments/{deviceConfigurationGroupAssignmentId}
V1 A,D GET /deviceManagement/deviceConfigurations/{deviceConfigurationId}/groupAssignments/{deviceConfigurationGroupAssignmentId}/deviceConfiguration
V1 A,D GET /deviceManagement/deviceConfigurations/{deviceConfigurationId}/groupAssignments/{deviceConfigurationGroupAssignmentId}/deviceConfiguration/getOmaSettingPlainTextValue
V1 A,D GET /deviceManagement/deviceConfigurations/{deviceConfigurationId}/identityCertificate
V1 A,D GET /deviceManagement/deviceConfigurations/{deviceConfigurationId}/identityCertificate/assignments
V1 A,D GET /deviceManagement/deviceConfigurations/{deviceConfigurationId}/identityCertificate/assignments/{deviceConfigurationAssignmentId}
V1 A,D GET /deviceManagement/deviceConfigurations/{deviceConfigurationId}/identityCertificate/deviceSettingStateSummaries
V1 A,D GET /deviceManagement/deviceConfigurations/{deviceConfigurationId}/identityCertificate/deviceSettingStateSummaries/{settingStateDeviceSummaryId}
V1 A,D GET /deviceManagement/deviceConfigurations/{deviceConfigurationId}/identityCertificate/deviceStatuses
V1 A,D GET /deviceManagement/deviceConfigurations/{deviceConfigurationId}/identityCertificate/deviceStatuses/{deviceConfigurationDeviceStatusId}
V1 A,D GET /deviceManagement/deviceConfigurations/{deviceConfigurationId}/identityCertificate/deviceStatusOverview
V1 A,D GET /deviceManagement/deviceConfigurations/{deviceConfigurationId}/identityCertificate/groupAssignments
V1 A,D GET /deviceManagement/deviceConfigurations/{deviceConfigurationId}/identityCertificate/groupAssignments/{deviceConfigurationGroupAssignmentId}
V1 A,D GET /deviceManagement/deviceConfigurations/{deviceConfigurationId}/identityCertificate/microsoft.graph.androidForWorkPkcsCertificateProfile/managedDeviceCertificateStates
V1 A,D GET /deviceManagement/deviceConfigurations/{deviceConfigurationId}/identityCertificate/microsoft.graph.androidForWorkPkcsCertificateProfile/managedDeviceCertificateStates/{managedDeviceCertificateStateId}
V1 A,D GET /deviceManagement/deviceConfigurations/{deviceConfigurationId}/identityCertificate/microsoft.graph.androidForWorkScepCertificateProfile/managedDeviceCertificateStates
V1 A,D GET /deviceManagement/deviceConfigurations/{deviceConfigurationId}/identityCertificate/microsoft.graph.androidForWorkScepCertificateProfile/managedDeviceCertificateStates/{managedDeviceCertificateStateId}
V1 A,D GET /deviceManagement/deviceConfigurations/{deviceConfigurationId}/identityCertificate/rootCertificate
V1 A,D GET /deviceManagement/deviceConfigurations/{deviceConfigurationId}/identityCertificate/rootCertificate/assignments
V1 A,D GET /deviceManagement/deviceConfigurations/{deviceConfigurationId}/identityCertificate/rootCertificate/assignments/{deviceConfigurationAssignmentId}
V1 A,D GET /deviceManagement/deviceConfigurations/{deviceConfigurationId}/identityCertificate/rootCertificate/deviceSettingStateSummaries
V1 A,D GET /deviceManagement/deviceConfigurations/{deviceConfigurationId}/identityCertificate/rootCertificate/deviceSettingStateSummaries/{settingStateDeviceSummaryId}
V1 A,D GET /deviceManagement/deviceConfigurations/{deviceConfigurationId}/identityCertificate/rootCertificate/deviceStatuses
V1 A,D GET /deviceManagement/deviceConfigurations/{deviceConfigurationId}/identityCertificate/rootCertificate/deviceStatuses/{deviceConfigurationDeviceStatusId}
V1 A,D GET /deviceManagement/deviceConfigurations/{deviceConfigurationId}/identityCertificate/rootCertificate/deviceStatusOverview
V1 A,D GET /deviceManagement/deviceConfigurations/{deviceConfigurationId}/identityCertificate/rootCertificate/groupAssignments
V1 A,D GET /deviceManagement/deviceConfigurations/{deviceConfigurationId}/identityCertificate/rootCertificate/groupAssignments/{deviceConfigurationGroupAssignmentId}
V1 A,D GET /deviceManagement/deviceConfigurations/{deviceConfigurationId}/identityCertificate/rootCertificate/userStatuses
V1 A,D GET /deviceManagement/deviceConfigurations/{deviceConfigurationId}/identityCertificate/rootCertificate/userStatuses/{deviceConfigurationUserStatusId}
V1 A,D GET /deviceManagement/deviceConfigurations/{deviceConfigurationId}/identityCertificate/rootCertificate/userStatusOverview
V1 A,D GET /deviceManagement/deviceConfigurations/{deviceConfigurationId}/identityCertificate/userStatuses
V1 A,D GET /deviceManagement/deviceConfigurations/{deviceConfigurationId}/identityCertificate/userStatuses/{deviceConfigurationUserStatusId}
V1 A,D GET /deviceManagement/deviceConfigurations/{deviceConfigurationId}/identityCertificate/userStatusOverview
V1 A,D GET /deviceManagement/deviceConfigurations/{deviceConfigurationId}/microsoft.graph.androidCertificateProfileBase/rootCertificate
V1 A,D GET /deviceManagement/deviceConfigurations/{deviceConfigurationId}/microsoft.graph.androidDeviceOwnerCertificateProfileBase/rootCertificate
V1 A,D GET /deviceManagement/deviceConfigurations/{deviceConfigurationId}/microsoft.graph.androidDeviceOwnerEnterpriseWiFiConfiguration/identityCertificateForClientAuthentication
V1 A,D GET /deviceManagement/deviceConfigurations/{deviceConfigurationId}/microsoft.graph.androidDeviceOwnerEnterpriseWiFiConfiguration/rootCertificateForServerValidation
V1 A,D GET /deviceManagement/deviceConfigurations/{deviceConfigurationId}/microsoft.graph.androidDeviceOwnerImportedPFXCertificateProfile/managedDeviceCertificateStates
V1 A,D GET /deviceManagement/deviceConfigurations/{deviceConfigurationId}/microsoft.graph.androidDeviceOwnerImportedPFXCertificateProfile/managedDeviceCertificateStates/{managedDeviceCertificateStateId}
V1 A,D GET /deviceManagement/deviceConfigurations/{deviceConfigurationId}/microsoft.graph.androidDeviceOwnerPkcsCertificateProfile/managedDeviceCertificateStates
V1 A,D GET /deviceManagement/deviceConfigurations/{deviceConfigurationId}/microsoft.graph.androidDeviceOwnerPkcsCertificateProfile/managedDeviceCertificateStates/{managedDeviceCertificateStateId}
V1 A,D GET /deviceManagement/deviceConfigurations/{deviceConfigurationId}/microsoft.graph.androidDeviceOwnerScepCertificateProfile/managedDeviceCertificateStates
V1 A,D GET /deviceManagement/deviceConfigurations/{deviceConfigurationId}/microsoft.graph.androidDeviceOwnerScepCertificateProfile/managedDeviceCertificateStates/{managedDeviceCertificateStateId}
V1 A,D GET /deviceManagement/deviceConfigurations/{deviceConfigurationId}/microsoft.graph.androidDeviceOwnerVpnConfiguration/identityCertificate
V1 A,D GET /deviceManagement/deviceConfigurations/{deviceConfigurationId}/microsoft.graph.androidEasEmailProfileConfiguration/identityCertificate
V1 A,D GET /deviceManagement/deviceConfigurations/{deviceConfigurationId}/microsoft.graph.androidEasEmailProfileConfiguration/smimeSigningCertificate
V1 A,D GET /deviceManagement/deviceConfigurations/{deviceConfigurationId}/microsoft.graph.androidEnterpriseWiFiConfiguration/identityCertificateForClientAuthentication
V1 A,D GET /deviceManagement/deviceConfigurations/{deviceConfigurationId}/microsoft.graph.androidEnterpriseWiFiConfiguration/rootCertificateForServerValidation
V1 A,D GET /deviceManagement/deviceConfigurations/{deviceConfigurationId}/microsoft.graph.androidForWorkEasEmailProfileBase/identityCertificate
V1 A,D GET /deviceManagement/deviceConfigurations/{deviceConfigurationId}/microsoft.graph.androidForWorkEnterpriseWiFiConfiguration/identityCertificateForClientAuthentication
V1 A,D GET /deviceManagement/deviceConfigurations/{deviceConfigurationId}/microsoft.graph.androidForWorkEnterpriseWiFiConfiguration/rootCertificateForServerValidation
V1 A,D GET /deviceManagement/deviceConfigurations/{deviceConfigurationId}/microsoft.graph.androidForWorkImportedPFXCertificateProfile/managedDeviceCertificateStates
V1 A,D GET /deviceManagement/deviceConfigurations/{deviceConfigurationId}/microsoft.graph.androidForWorkImportedPFXCertificateProfile/managedDeviceCertificateStates/{managedDeviceCertificateStateId}
V1 A,D GET /deviceManagement/deviceConfigurations/{deviceConfigurationId}/microsoft.graph.androidForWorkVpnConfiguration/identityCertificate
V1 A,D GET /deviceManagement/deviceConfigurations/{deviceConfigurationId}/microsoft.graph.androidImportedPFXCertificateProfile/managedDeviceCertificateStates
V1 A,D GET /deviceManagement/deviceConfigurations/{deviceConfigurationId}/microsoft.graph.androidImportedPFXCertificateProfile/managedDeviceCertificateStates/{managedDeviceCertificateStateId}
V1 A,D GET /deviceManagement/deviceConfigurations/{deviceConfigurationId}/microsoft.graph.androidPkcsCertificateProfile/managedDeviceCertificateStates
V1 A,D GET /deviceManagement/deviceConfigurations/{deviceConfigurationId}/microsoft.graph.androidPkcsCertificateProfile/managedDeviceCertificateStates/{managedDeviceCertificateStateId}
V1 A,D GET /deviceManagement/deviceConfigurations/{deviceConfigurationId}/microsoft.graph.androidScepCertificateProfile/managedDeviceCertificateStates
V1 A,D GET /deviceManagement/deviceConfigurations/{deviceConfigurationId}/microsoft.graph.androidScepCertificateProfile/managedDeviceCertificateStates/{managedDeviceCertificateStateId}
V1 A,D GET /deviceManagement/deviceConfigurations/{deviceConfigurationId}/microsoft.graph.androidVpnConfiguration/identityCertificate
V1 A,D GET /deviceManagement/deviceConfigurations/{deviceConfigurationId}/microsoft.graph.androidWorkProfileCertificateProfileBase/rootCertificate
V1 A,D GET /deviceManagement/deviceConfigurations/{deviceConfigurationId}/microsoft.graph.androidWorkProfileEasEmailProfileBase/identityCertificate
V1 A,D GET /deviceManagement/deviceConfigurations/{deviceConfigurationId}/microsoft.graph.androidWorkProfileEnterpriseWiFiConfiguration/identityCertificateForClientAuthentication
V1 A,D GET /deviceManagement/deviceConfigurations/{deviceConfigurationId}/microsoft.graph.androidWorkProfileEnterpriseWiFiConfiguration/rootCertificateForServerValidation
V1 A,D GET /deviceManagement/deviceConfigurations/{deviceConfigurationId}/microsoft.graph.androidWorkProfilePkcsCertificateProfile/managedDeviceCertificateStates
V1 A,D GET /deviceManagement/deviceConfigurations/{deviceConfigurationId}/microsoft.graph.androidWorkProfilePkcsCertificateProfile/managedDeviceCertificateStates/{managedDeviceCertificateStateId}
V1 A,D GET /deviceManagement/deviceConfigurations/{deviceConfigurationId}/microsoft.graph.androidWorkProfileScepCertificateProfile/managedDeviceCertificateStates
V1 A,D GET /deviceManagement/deviceConfigurations/{deviceConfigurationId}/microsoft.graph.androidWorkProfileScepCertificateProfile/managedDeviceCertificateStates/{managedDeviceCertificateStateId}
V1 A,D GET /deviceManagement/deviceConfigurations/{deviceConfigurationId}/microsoft.graph.androidWorkProfileVpnConfiguration/identityCertificate
V1 A,D GET /deviceManagement/deviceConfigurations/{deviceConfigurationId}/microsoft.graph.aospDeviceOwnerCertificateProfileBase/rootCertificate
V1 A,D GET /deviceManagement/deviceConfigurations/{deviceConfigurationId}/microsoft.graph.aospDeviceOwnerEnterpriseWiFiConfiguration/identityCertificateForClientAuthentication
V1 A,D GET /deviceManagement/deviceConfigurations/{deviceConfigurationId}/microsoft.graph.aospDeviceOwnerEnterpriseWiFiConfiguration/rootCertificateForServerValidation
V1 A,D GET /deviceManagement/deviceConfigurations/{deviceConfigurationId}/microsoft.graph.aospDeviceOwnerPkcsCertificateProfile/managedDeviceCertificateStates
V1 A,D GET /deviceManagement/deviceConfigurations/{deviceConfigurationId}/microsoft.graph.aospDeviceOwnerPkcsCertificateProfile/managedDeviceCertificateStates/{managedDeviceCertificateStateId}
V1 A,D GET /deviceManagement/deviceConfigurations/{deviceConfigurationId}/microsoft.graph.aospDeviceOwnerScepCertificateProfile/managedDeviceCertificateStates
V1 A,D GET /deviceManagement/deviceConfigurations/{deviceConfigurationId}/microsoft.graph.aospDeviceOwnerScepCertificateProfile/managedDeviceCertificateStates/{managedDeviceCertificateStateId}
V1 GET /deviceManagement/deviceConfigurations/{deviceConfigurationId}/microsoft.graph.iosDerivedCredentialAuthenticationConfiguration/derivedCredentialSettings
V1 A,D GET /deviceManagement/deviceConfigurations/{deviceConfigurationId}/microsoft.graph.iosDeviceFeaturesConfiguration/identityCertificateForClientAuthentication
V1 A,D GET /deviceManagement/deviceConfigurations/{deviceConfigurationId}/microsoft.graph.iosDeviceFeaturesConfiguration/singleSignOnExtensionPkinitCertificate
V1 GET /deviceManagement/deviceConfigurations/{deviceConfigurationId}/microsoft.graph.iosEasEmailProfileConfiguration/derivedCredentialSettings
V1 A,D GET /deviceManagement/deviceConfigurations/{deviceConfigurationId}/microsoft.graph.iosEasEmailProfileConfiguration/identityCertificate
V1 A,D GET /deviceManagement/deviceConfigurations/{deviceConfigurationId}/microsoft.graph.iosEasEmailProfileConfiguration/smimeEncryptionCertificate
V1 A,D GET /deviceManagement/deviceConfigurations/{deviceConfigurationId}/microsoft.graph.iosEasEmailProfileConfiguration/smimeSigningCertificate
V1 GET /deviceManagement/deviceConfigurations/{deviceConfigurationId}/microsoft.graph.iosEnterpriseWiFiConfiguration/derivedCredentialSettings
V1 A,D GET /deviceManagement/deviceConfigurations/{deviceConfigurationId}/microsoft.graph.iosEnterpriseWiFiConfiguration/identityCertificateForClientAuthentication
V1 A,D GET /deviceManagement/deviceConfigurations/{deviceConfigurationId}/microsoft.graph.iosEnterpriseWiFiConfiguration/rootCertificatesForServerValidation
V1 A,D GET /deviceManagement/deviceConfigurations/{deviceConfigurationId}/microsoft.graph.iosEnterpriseWiFiConfiguration/rootCertificatesForServerValidation/{iosTrustedRootCertificateId}
V1 A,D GET /deviceManagement/deviceConfigurations/{deviceConfigurationId}/microsoft.graph.iosImportedPFXCertificateProfile/managedDeviceCertificateStates
V1 A,D GET /deviceManagement/deviceConfigurations/{deviceConfigurationId}/microsoft.graph.iosImportedPFXCertificateProfile/managedDeviceCertificateStates/{managedDeviceCertificateStateId}
V1 A,D GET /deviceManagement/deviceConfigurations/{deviceConfigurationId}/microsoft.graph.iosPkcsCertificateProfile/managedDeviceCertificateStates
V1 A,D GET /deviceManagement/deviceConfigurations/{deviceConfigurationId}/microsoft.graph.iosPkcsCertificateProfile/managedDeviceCertificateStates/{managedDeviceCertificateStateId}
V1 A,D GET /deviceManagement/deviceConfigurations/{deviceConfigurationId}/microsoft.graph.iosScepCertificateProfile/managedDeviceCertificateStates
V1 A,D GET /deviceManagement/deviceConfigurations/{deviceConfigurationId}/microsoft.graph.iosScepCertificateProfile/managedDeviceCertificateStates/{managedDeviceCertificateStateId}
V1 A,D GET /deviceManagement/deviceConfigurations/{deviceConfigurationId}/microsoft.graph.iosScepCertificateProfile/rootCertificate
V1 A,D GET /deviceManagement/deviceConfigurations/{deviceConfigurationId}/microsoft.graph.iosScepCertificateProfile/rootCertificate/assignments
V1 A,D GET /deviceManagement/deviceConfigurations/{deviceConfigurationId}/microsoft.graph.iosScepCertificateProfile/rootCertificate/assignments/{deviceConfigurationAssignmentId}
V1 A,D GET /deviceManagement/deviceConfigurations/{deviceConfigurationId}/microsoft.graph.iosScepCertificateProfile/rootCertificate/deviceSettingStateSummaries
V1 A,D GET /deviceManagement/deviceConfigurations/{deviceConfigurationId}/microsoft.graph.iosScepCertificateProfile/rootCertificate/deviceSettingStateSummaries/{settingStateDeviceSummaryId}
V1 A,D GET /deviceManagement/deviceConfigurations/{deviceConfigurationId}/microsoft.graph.iosScepCertificateProfile/rootCertificate/deviceStatuses
V1 A,D GET /deviceManagement/deviceConfigurations/{deviceConfigurationId}/microsoft.graph.iosScepCertificateProfile/rootCertificate/deviceStatuses/{deviceConfigurationDeviceStatusId}
V1 A,D GET /deviceManagement/deviceConfigurations/{deviceConfigurationId}/microsoft.graph.iosScepCertificateProfile/rootCertificate/deviceStatusOverview
V1 A,D GET /deviceManagement/deviceConfigurations/{deviceConfigurationId}/microsoft.graph.iosScepCertificateProfile/rootCertificate/groupAssignments
V1 A,D GET /deviceManagement/deviceConfigurations/{deviceConfigurationId}/microsoft.graph.iosScepCertificateProfile/rootCertificate/groupAssignments/{deviceConfigurationGroupAssignmentId}
V1 A,D GET /deviceManagement/deviceConfigurations/{deviceConfigurationId}/microsoft.graph.iosScepCertificateProfile/rootCertificate/userStatuses
V1 A,D GET /deviceManagement/deviceConfigurations/{deviceConfigurationId}/microsoft.graph.iosScepCertificateProfile/rootCertificate/userStatuses/{deviceConfigurationUserStatusId}
V1 A,D GET /deviceManagement/deviceConfigurations/{deviceConfigurationId}/microsoft.graph.iosScepCertificateProfile/rootCertificate/userStatusOverview
V1 GET /deviceManagement/deviceConfigurations/{deviceConfigurationId}/microsoft.graph.iosVpnConfiguration/derivedCredentialSettings
V1 A,D GET /deviceManagement/deviceConfigurations/{deviceConfigurationId}/microsoft.graph.iosVpnConfiguration/identityCertificate
V1 A,D GET /deviceManagement/deviceConfigurations/{deviceConfigurationId}/microsoft.graph.macOSDeviceFeaturesConfiguration/singleSignOnExtensionPkinitCertificate
V1 A,D GET /deviceManagement/deviceConfigurations/{deviceConfigurationId}/microsoft.graph.macOSEnterpriseWiFiConfiguration/identityCertificateForClientAuthentication
V1 A,D GET /deviceManagement/deviceConfigurations/{deviceConfigurationId}/microsoft.graph.macOSEnterpriseWiFiConfiguration/rootCertificateForServerValidation
V1 A,D GET /deviceManagement/deviceConfigurations/{deviceConfigurationId}/microsoft.graph.macOSEnterpriseWiFiConfiguration/rootCertificatesForServerValidation
V1 A,D GET /deviceManagement/deviceConfigurations/{deviceConfigurationId}/microsoft.graph.macOSEnterpriseWiFiConfiguration/rootCertificatesForServerValidation/{macOSTrustedRootCertificateId}
V1 A,D GET /deviceManagement/deviceConfigurations/{deviceConfigurationId}/microsoft.graph.macOSVpnConfiguration/identityCertificate
V1 A,D GET /deviceManagement/deviceConfigurations/{deviceConfigurationId}/microsoft.graph.macOSWiredNetworkConfiguration/identityCertificateForClientAuthentication
V1 A,D GET /deviceManagement/deviceConfigurations/{deviceConfigurationId}/microsoft.graph.macOSWiredNetworkConfiguration/identityCertificateForClientAuthentication/assignments
V1 A,D GET /deviceManagement/deviceConfigurations/{deviceConfigurationId}/microsoft.graph.macOSWiredNetworkConfiguration/identityCertificateForClientAuthentication/assignments/{deviceConfigurationAssignmentId}
V1 A,D GET /deviceManagement/deviceConfigurations/{deviceConfigurationId}/microsoft.graph.macOSWiredNetworkConfiguration/identityCertificateForClientAuthentication/deviceSettingStateSummaries
V1 A,D GET /deviceManagement/deviceConfigurations/{deviceConfigurationId}/microsoft.graph.macOSWiredNetworkConfiguration/identityCertificateForClientAuthentication/deviceSettingStateSummaries/{settingStateDeviceSummaryId}
V1 A,D GET /deviceManagement/deviceConfigurations/{deviceConfigurationId}/microsoft.graph.macOSWiredNetworkConfiguration/identityCertificateForClientAuthentication/deviceStatuses
V1 A,D GET /deviceManagement/deviceConfigurations/{deviceConfigurationId}/microsoft.graph.macOSWiredNetworkConfiguration/identityCertificateForClientAuthentication/deviceStatuses/{deviceConfigurationDeviceStatusId}
V1 A,D GET /deviceManagement/deviceConfigurations/{deviceConfigurationId}/microsoft.graph.macOSWiredNetworkConfiguration/identityCertificateForClientAuthentication/deviceStatusOverview
V1 A,D GET /deviceManagement/deviceConfigurations/{deviceConfigurationId}/microsoft.graph.macOSWiredNetworkConfiguration/identityCertificateForClientAuthentication/groupAssignments
V1 A,D GET /deviceManagement/deviceConfigurations/{deviceConfigurationId}/microsoft.graph.macOSWiredNetworkConfiguration/identityCertificateForClientAuthentication/groupAssignments/{deviceConfigurationGroupAssignmentId}
V1 A,D GET /deviceManagement/deviceConfigurations/{deviceConfigurationId}/microsoft.graph.macOSWiredNetworkConfiguration/identityCertificateForClientAuthentication/microsoft.graph.macOSImportedPFXCertificateProfile/managedDeviceCertificateStates
V1 A,D GET /deviceManagement/deviceConfigurations/{deviceConfigurationId}/microsoft.graph.macOSWiredNetworkConfiguration/identityCertificateForClientAuthentication/microsoft.graph.macOSImportedPFXCertificateProfile/managedDeviceCertificateStates/{managedDeviceCertificateStateId}
V1 A,D GET /deviceManagement/deviceConfigurations/{deviceConfigurationId}/microsoft.graph.macOSWiredNetworkConfiguration/identityCertificateForClientAuthentication/microsoft.graph.macOSPkcsCertificateProfile/managedDeviceCertificateStates
V1 A,D GET /deviceManagement/deviceConfigurations/{deviceConfigurationId}/microsoft.graph.macOSWiredNetworkConfiguration/identityCertificateForClientAuthentication/microsoft.graph.macOSPkcsCertificateProfile/managedDeviceCertificateStates/{managedDeviceCertificateStateId}
V1 A,D GET /deviceManagement/deviceConfigurations/{deviceConfigurationId}/microsoft.graph.macOSWiredNetworkConfiguration/identityCertificateForClientAuthentication/microsoft.graph.macOSScepCertificateProfile/managedDeviceCertificateStates
V1 A,D GET /deviceManagement/deviceConfigurations/{deviceConfigurationId}/microsoft.graph.macOSWiredNetworkConfiguration/identityCertificateForClientAuthentication/microsoft.graph.macOSScepCertificateProfile/managedDeviceCertificateStates/{managedDeviceCertificateStateId}
V1 A,D GET /deviceManagement/deviceConfigurations/{deviceConfigurationId}/microsoft.graph.macOSWiredNetworkConfiguration/identityCertificateForClientAuthentication/microsoft.graph.macOSScepCertificateProfile/rootCertificate
V1 A,D GET /deviceManagement/deviceConfigurations/{deviceConfigurationId}/microsoft.graph.macOSWiredNetworkConfiguration/identityCertificateForClientAuthentication/userStatuses
V1 A,D GET /deviceManagement/deviceConfigurations/{deviceConfigurationId}/microsoft.graph.macOSWiredNetworkConfiguration/identityCertificateForClientAuthentication/userStatuses/{deviceConfigurationUserStatusId}
V1 A,D GET /deviceManagement/deviceConfigurations/{deviceConfigurationId}/microsoft.graph.macOSWiredNetworkConfiguration/identityCertificateForClientAuthentication/userStatusOverview
V1 A,D GET /deviceManagement/deviceConfigurations/{deviceConfigurationId}/microsoft.graph.macOSWiredNetworkConfiguration/rootCertificateForServerValidation
V1 A,D GET /deviceManagement/deviceConfigurations/{deviceConfigurationId}/microsoft.graph.macOSWiredNetworkConfiguration/rootCertificateForServerValidation/assignments
V1 A,D GET /deviceManagement/deviceConfigurations/{deviceConfigurationId}/microsoft.graph.macOSWiredNetworkConfiguration/rootCertificateForServerValidation/assignments/{deviceConfigurationAssignmentId}
V1 A,D GET /deviceManagement/deviceConfigurations/{deviceConfigurationId}/microsoft.graph.macOSWiredNetworkConfiguration/rootCertificateForServerValidation/deviceSettingStateSummaries
V1 A,D GET /deviceManagement/deviceConfigurations/{deviceConfigurationId}/microsoft.graph.macOSWiredNetworkConfiguration/rootCertificateForServerValidation/deviceSettingStateSummaries/{settingStateDeviceSummaryId}
V1 A,D GET /deviceManagement/deviceConfigurations/{deviceConfigurationId}/microsoft.graph.macOSWiredNetworkConfiguration/rootCertificateForServerValidation/deviceStatuses
V1 A,D GET /deviceManagement/deviceConfigurations/{deviceConfigurationId}/microsoft.graph.macOSWiredNetworkConfiguration/rootCertificateForServerValidation/deviceStatuses/{deviceConfigurationDeviceStatusId}
V1 A,D GET /deviceManagement/deviceConfigurations/{deviceConfigurationId}/microsoft.graph.macOSWiredNetworkConfiguration/rootCertificateForServerValidation/deviceStatusOverview
V1 A,D GET /deviceManagement/deviceConfigurations/{deviceConfigurationId}/microsoft.graph.macOSWiredNetworkConfiguration/rootCertificateForServerValidation/groupAssignments
V1 A,D GET /deviceManagement/deviceConfigurations/{deviceConfigurationId}/microsoft.graph.macOSWiredNetworkConfiguration/rootCertificateForServerValidation/groupAssignments/{deviceConfigurationGroupAssignmentId}
V1 A,D GET /deviceManagement/deviceConfigurations/{deviceConfigurationId}/microsoft.graph.macOSWiredNetworkConfiguration/rootCertificateForServerValidation/userStatuses
V1 A,D GET /deviceManagement/deviceConfigurations/{deviceConfigurationId}/microsoft.graph.macOSWiredNetworkConfiguration/rootCertificateForServerValidation/userStatuses/{deviceConfigurationUserStatusId}
V1 A,D GET /deviceManagement/deviceConfigurations/{deviceConfigurationId}/microsoft.graph.macOSWiredNetworkConfiguration/rootCertificateForServerValidation/userStatusOverview
V1 A,D GET /deviceManagement/deviceConfigurations/{deviceConfigurationId}/microsoft.graph.windows10GeneralConfiguration/privacyAccessControls
V1 A,D GET /deviceManagement/deviceConfigurations/{deviceConfigurationId}/microsoft.graph.windows10GeneralConfiguration/privacyAccessControls/{windowsPrivacyDataAccessControlItemId}
V1 A,D GET /deviceManagement/deviceConfigurations/{deviceConfigurationId}/microsoft.graph.windows10VpnConfiguration/identityCertificate
V1 A,D GET /deviceManagement/deviceConfigurations/{deviceConfigurationId}/microsoft.graph.windowsDomainJoinConfiguration/networkAccessConfigurations
V1 A,D GET /deviceManagement/deviceConfigurations/{deviceConfigurationId}/microsoft.graph.windowsDomainJoinConfiguration/networkAccessConfigurations/{deviceConfigurationId}
V1 A,D GET /deviceManagement/deviceConfigurations/{deviceConfigurationId}/microsoft.graph.windowsDomainJoinConfiguration/networkAccessConfigurations/{deviceConfigurationId}/getOmaSettingPlainTextValue
V1 A,D GET /deviceManagement/deviceConfigurations/{deviceConfigurationId}/microsoft.graph.windowsPhone81VpnConfiguration/identityCertificate
V1 A,D GET /deviceManagement/deviceConfigurations/{deviceConfigurationId}/microsoft.graph.windowsPhone81VpnConfiguration/identityCertificate/assignments
V1 A,D GET /deviceManagement/deviceConfigurations/{deviceConfigurationId}/microsoft.graph.windowsPhone81VpnConfiguration/identityCertificate/assignments/{deviceConfigurationAssignmentId}
V1 A,D GET /deviceManagement/deviceConfigurations/{deviceConfigurationId}/microsoft.graph.windowsPhone81VpnConfiguration/identityCertificate/deviceSettingStateSummaries
V1 A,D GET /deviceManagement/deviceConfigurations/{deviceConfigurationId}/microsoft.graph.windowsPhone81VpnConfiguration/identityCertificate/deviceSettingStateSummaries/{settingStateDeviceSummaryId}
V1 A,D GET /deviceManagement/deviceConfigurations/{deviceConfigurationId}/microsoft.graph.windowsPhone81VpnConfiguration/identityCertificate/deviceStatuses
V1 A,D GET /deviceManagement/deviceConfigurations/{deviceConfigurationId}/microsoft.graph.windowsPhone81VpnConfiguration/identityCertificate/deviceStatuses/{deviceConfigurationDeviceStatusId}
V1 A,D GET /deviceManagement/deviceConfigurations/{deviceConfigurationId}/microsoft.graph.windowsPhone81VpnConfiguration/identityCertificate/deviceStatusOverview
V1 A,D GET /deviceManagement/deviceConfigurations/{deviceConfigurationId}/microsoft.graph.windowsPhone81VpnConfiguration/identityCertificate/groupAssignments
V1 A,D GET /deviceManagement/deviceConfigurations/{deviceConfigurationId}/microsoft.graph.windowsPhone81VpnConfiguration/identityCertificate/groupAssignments/{deviceConfigurationGroupAssignmentId}
V1 A,D GET /deviceManagement/deviceConfigurations/{deviceConfigurationId}/microsoft.graph.windowsPhone81VpnConfiguration/identityCertificate/microsoft.graph.windowsPhone81SCEPCertificateProfile/managedDeviceCertificateStates
V1 A,D GET /deviceManagement/deviceConfigurations/{deviceConfigurationId}/microsoft.graph.windowsPhone81VpnConfiguration/identityCertificate/microsoft.graph.windowsPhone81SCEPCertificateProfile/managedDeviceCertificateStates/{managedDeviceCertificateStateId}
V1 A,D GET /deviceManagement/deviceConfigurations/{deviceConfigurationId}/microsoft.graph.windowsPhone81VpnConfiguration/identityCertificate/microsoft.graph.windowsPhone81SCEPCertificateProfile/rootCertificate
V1 A,D GET /deviceManagement/deviceConfigurations/{deviceConfigurationId}/microsoft.graph.windowsPhone81VpnConfiguration/identityCertificate/userStatuses
V1 A,D GET /deviceManagement/deviceConfigurations/{deviceConfigurationId}/microsoft.graph.windowsPhone81VpnConfiguration/identityCertificate/userStatuses/{deviceConfigurationUserStatusId}
V1 A,D GET /deviceManagement/deviceConfigurations/{deviceConfigurationId}/microsoft.graph.windowsPhone81VpnConfiguration/identityCertificate/userStatusOverview
V1 GET /deviceManagement/deviceConfigurations/{deviceConfigurationId}/microsoft.graph.windowsUpdateForBusinessConfiguration/deviceUpdateStates
V1 GET /deviceManagement/deviceConfigurations/{deviceConfigurationId}/microsoft.graph.windowsUpdateForBusinessConfiguration/deviceUpdateStates/{windowsUpdateStateId}
V1 A,D GET /deviceManagement/deviceConfigurations/{deviceConfigurationId}/microsoft.graph.windowsWifiEnterpriseEAPConfiguration/identityCertificateForClientAuthentication
V1 A,D GET /deviceManagement/deviceConfigurations/{deviceConfigurationId}/microsoft.graph.windowsWifiEnterpriseEAPConfiguration/identityCertificateForClientAuthentication/assignments
V1 A,D GET /deviceManagement/deviceConfigurations/{deviceConfigurationId}/microsoft.graph.windowsWifiEnterpriseEAPConfiguration/identityCertificateForClientAuthentication/assignments/{deviceConfigurationAssignmentId}
V1 A,D GET /deviceManagement/deviceConfigurations/{deviceConfigurationId}/microsoft.graph.windowsWifiEnterpriseEAPConfiguration/identityCertificateForClientAuthentication/deviceSettingStateSummaries
V1 A,D GET /deviceManagement/deviceConfigurations/{deviceConfigurationId}/microsoft.graph.windowsWifiEnterpriseEAPConfiguration/identityCertificateForClientAuthentication/deviceSettingStateSummaries/{settingStateDeviceSummaryId}
V1 A,D GET /deviceManagement/deviceConfigurations/{deviceConfigurationId}/microsoft.graph.windowsWifiEnterpriseEAPConfiguration/identityCertificateForClientAuthentication/deviceStatuses
V1 A,D GET /deviceManagement/deviceConfigurations/{deviceConfigurationId}/microsoft.graph.windowsWifiEnterpriseEAPConfiguration/identityCertificateForClientAuthentication/deviceStatuses/{deviceConfigurationDeviceStatusId}
V1 A,D GET /deviceManagement/deviceConfigurations/{deviceConfigurationId}/microsoft.graph.windowsWifiEnterpriseEAPConfiguration/identityCertificateForClientAuthentication/deviceStatusOverview
V1 A,D GET /deviceManagement/deviceConfigurations/{deviceConfigurationId}/microsoft.graph.windowsWifiEnterpriseEAPConfiguration/identityCertificateForClientAuthentication/groupAssignments
V1 A,D GET /deviceManagement/deviceConfigurations/{deviceConfigurationId}/microsoft.graph.windowsWifiEnterpriseEAPConfiguration/identityCertificateForClientAuthentication/groupAssignments/{deviceConfigurationGroupAssignmentId}
V1 A,D GET /deviceManagement/deviceConfigurations/{deviceConfigurationId}/microsoft.graph.windowsWifiEnterpriseEAPConfiguration/identityCertificateForClientAuthentication/microsoft.graph.windows10ImportedPFXCertificateProfile/managedDeviceCertificateStates
V1 A,D GET /deviceManagement/deviceConfigurations/{deviceConfigurationId}/microsoft.graph.windowsWifiEnterpriseEAPConfiguration/identityCertificateForClientAuthentication/microsoft.graph.windows10ImportedPFXCertificateProfile/managedDeviceCertificateStates/{managedDeviceCertificateStateId}
V1 A,D GET /deviceManagement/deviceConfigurations/{deviceConfigurationId}/microsoft.graph.windowsWifiEnterpriseEAPConfiguration/identityCertificateForClientAuthentication/microsoft.graph.windows10PkcsCertificateProfile/managedDeviceCertificateStates
V1 A,D GET /deviceManagement/deviceConfigurations/{deviceConfigurationId}/microsoft.graph.windowsWifiEnterpriseEAPConfiguration/identityCertificateForClientAuthentication/microsoft.graph.windows10PkcsCertificateProfile/managedDeviceCertificateStates/{managedDeviceCertificateStateId}
V1 A,D GET /deviceManagement/deviceConfigurations/{deviceConfigurationId}/microsoft.graph.windowsWifiEnterpriseEAPConfiguration/identityCertificateForClientAuthentication/microsoft.graph.windows81SCEPCertificateProfile/managedDeviceCertificateStates
V1 A,D GET /deviceManagement/deviceConfigurations/{deviceConfigurationId}/microsoft.graph.windowsWifiEnterpriseEAPConfiguration/identityCertificateForClientAuthentication/microsoft.graph.windows81SCEPCertificateProfile/managedDeviceCertificateStates/{managedDeviceCertificateStateId}
V1 A,D GET /deviceManagement/deviceConfigurations/{deviceConfigurationId}/microsoft.graph.windowsWifiEnterpriseEAPConfiguration/identityCertificateForClientAuthentication/microsoft.graph.windows81SCEPCertificateProfile/rootCertificate
V1 A,D GET /deviceManagement/deviceConfigurations/{deviceConfigurationId}/microsoft.graph.windowsWifiEnterpriseEAPConfiguration/identityCertificateForClientAuthentication/microsoft.graph.windowsPhone81ImportedPFXCertificateProfile/managedDeviceCertificateStates
V1 A,D GET /deviceManagement/deviceConfigurations/{deviceConfigurationId}/microsoft.graph.windowsWifiEnterpriseEAPConfiguration/identityCertificateForClientAuthentication/microsoft.graph.windowsPhone81ImportedPFXCertificateProfile/managedDeviceCertificateStates/{managedDeviceCertificateStateId}
V1 A,D GET /deviceManagement/deviceConfigurations/{deviceConfigurationId}/microsoft.graph.windowsWifiEnterpriseEAPConfiguration/identityCertificateForClientAuthentication/userStatuses
V1 A,D GET /deviceManagement/deviceConfigurations/{deviceConfigurationId}/microsoft.graph.windowsWifiEnterpriseEAPConfiguration/identityCertificateForClientAuthentication/userStatuses/{deviceConfigurationUserStatusId}
V1 A,D GET /deviceManagement/deviceConfigurations/{deviceConfigurationId}/microsoft.graph.windowsWifiEnterpriseEAPConfiguration/identityCertificateForClientAuthentication/userStatusOverview
V1 A,D GET /deviceManagement/deviceConfigurations/{deviceConfigurationId}/microsoft.graph.windowsWifiEnterpriseEAPConfiguration/rootCertificateForClientValidation
V1 A,D GET /deviceManagement/deviceConfigurations/{deviceConfigurationId}/microsoft.graph.windowsWifiEnterpriseEAPConfiguration/rootCertificatesForServerValidation
V1 A,D GET /deviceManagement/deviceConfigurations/{deviceConfigurationId}/microsoft.graph.windowsWifiEnterpriseEAPConfiguration/rootCertificatesForServerValidation/{windows81TrustedRootCertificateId}
V1 A,D GET /deviceManagement/deviceConfigurations/{deviceConfigurationId}/microsoft.graph.windowsWifiEnterpriseEAPConfiguration/rootCertificatesForServerValidation/{windows81TrustedRootCertificateId}/assignments
V1 A,D GET /deviceManagement/deviceConfigurations/{deviceConfigurationId}/microsoft.graph.windowsWifiEnterpriseEAPConfiguration/rootCertificatesForServerValidation/{windows81TrustedRootCertificateId}/assignments/{deviceConfigurationAssignmentId}
V1 A,D GET /deviceManagement/deviceConfigurations/{deviceConfigurationId}/microsoft.graph.windowsWifiEnterpriseEAPConfiguration/rootCertificatesForServerValidation/{windows81TrustedRootCertificateId}/deviceSettingStateSummaries
V1 A,D GET /deviceManagement/deviceConfigurations/{deviceConfigurationId}/microsoft.graph.windowsWifiEnterpriseEAPConfiguration/rootCertificatesForServerValidation/{windows81TrustedRootCertificateId}/deviceSettingStateSummaries/{settingStateDeviceSummaryId}
V1 A,D GET /deviceManagement/deviceConfigurations/{deviceConfigurationId}/microsoft.graph.windowsWifiEnterpriseEAPConfiguration/rootCertificatesForServerValidation/{windows81TrustedRootCertificateId}/deviceStatuses
V1 A,D GET /deviceManagement/deviceConfigurations/{deviceConfigurationId}/microsoft.graph.windowsWifiEnterpriseEAPConfiguration/rootCertificatesForServerValidation/{windows81TrustedRootCertificateId}/deviceStatuses/{deviceConfigurationDeviceStatusId}
V1 A,D GET /deviceManagement/deviceConfigurations/{deviceConfigurationId}/microsoft.graph.windowsWifiEnterpriseEAPConfiguration/rootCertificatesForServerValidation/{windows81TrustedRootCertificateId}/deviceStatusOverview
V1 A,D GET /deviceManagement/deviceConfigurations/{deviceConfigurationId}/microsoft.graph.windowsWifiEnterpriseEAPConfiguration/rootCertificatesForServerValidation/{windows81TrustedRootCertificateId}/groupAssignments
V1 A,D GET /deviceManagement/deviceConfigurations/{deviceConfigurationId}/microsoft.graph.windowsWifiEnterpriseEAPConfiguration/rootCertificatesForServerValidation/{windows81TrustedRootCertificateId}/groupAssignments/{deviceConfigurationGroupAssignmentId}
V1 A,D GET /deviceManagement/deviceConfigurations/{deviceConfigurationId}/microsoft.graph.windowsWifiEnterpriseEAPConfiguration/rootCertificatesForServerValidation/{windows81TrustedRootCertificateId}/userStatuses
V1 A,D GET /deviceManagement/deviceConfigurations/{deviceConfigurationId}/microsoft.graph.windowsWifiEnterpriseEAPConfiguration/rootCertificatesForServerValidation/{windows81TrustedRootCertificateId}/userStatuses/{deviceConfigurationUserStatusId}
V1 A,D GET /deviceManagement/deviceConfigurations/{deviceConfigurationId}/microsoft.graph.windowsWifiEnterpriseEAPConfiguration/rootCertificatesForServerValidation/{windows81TrustedRootCertificateId}/userStatusOverview
V1 A,D GET /deviceManagement/deviceConfigurations/{deviceConfigurationId}/microsoft.graph.windowsWiredNetworkConfiguration/identityCertificateForClientAuthentication
V1 A,D GET /deviceManagement/deviceConfigurations/{deviceConfigurationId}/microsoft.graph.windowsWiredNetworkConfiguration/rootCertificateForClientValidation
V1 A,D GET /deviceManagement/deviceConfigurations/{deviceConfigurationId}/microsoft.graph.windowsWiredNetworkConfiguration/rootCertificatesForServerValidation
V1 A,D GET /deviceManagement/deviceConfigurations/{deviceConfigurationId}/microsoft.graph.windowsWiredNetworkConfiguration/rootCertificatesForServerValidation/{windows81TrustedRootCertificateId}
V1 A,D GET /deviceManagement/deviceConfigurations/{deviceConfigurationId}/microsoft.graph.windowsWiredNetworkConfiguration/secondaryIdentityCertificateForClientAuthentication
V1 A,D GET /deviceManagement/deviceConfigurations/{deviceConfigurationId}/microsoft.graph.windowsWiredNetworkConfiguration/secondaryRootCertificateForClientValidation
V1 A,D GET /deviceManagement/deviceConfigurations/{deviceConfigurationId}/rootCertificate
V1 A,D GET /deviceManagement/deviceConfigurations/{deviceConfigurationId}/rootCertificate/assignments
V1 A,D GET /deviceManagement/deviceConfigurations/{deviceConfigurationId}/rootCertificate/assignments/{deviceConfigurationAssignmentId}
V1 A,D GET /deviceManagement/deviceConfigurations/{deviceConfigurationId}/rootCertificate/deviceSettingStateSummaries
V1 A,D GET /deviceManagement/deviceConfigurations/{deviceConfigurationId}/rootCertificate/deviceSettingStateSummaries/{settingStateDeviceSummaryId}
V1 A,D GET /deviceManagement/deviceConfigurations/{deviceConfigurationId}/rootCertificate/deviceStatuses
V1 A,D GET /deviceManagement/deviceConfigurations/{deviceConfigurationId}/rootCertificate/deviceStatuses/{deviceConfigurationDeviceStatusId}
V1 A,D GET /deviceManagement/deviceConfigurations/{deviceConfigurationId}/rootCertificate/deviceStatusOverview
V1 A,D GET /deviceManagement/deviceConfigurations/{deviceConfigurationId}/rootCertificate/groupAssignments
V1 A,D GET /deviceManagement/deviceConfigurations/{deviceConfigurationId}/rootCertificate/groupAssignments/{deviceConfigurationGroupAssignmentId}
V1 A,D GET /deviceManagement/deviceConfigurations/{deviceConfigurationId}/rootCertificate/userStatuses
V1 A,D GET /deviceManagement/deviceConfigurations/{deviceConfigurationId}/rootCertificate/userStatuses/{deviceConfigurationUserStatusId}
V1 A,D GET /deviceManagement/deviceConfigurations/{deviceConfigurationId}/rootCertificate/userStatusOverview
V1 A,D GET /deviceManagement/deviceConfigurations/{deviceConfigurationId}/userStatuses
V1 A,D GET /deviceManagement/deviceConfigurations/{deviceConfigurationId}/userStatuses/{deviceConfigurationUserStatusId}
V1 A,D GET /deviceManagement/deviceConfigurations/{deviceConfigurationId}/userStatusOverview
V1 A,D GET /deviceManagement/deviceConfigurationsAllManagedDeviceCertificateStates
V1 A,D GET /deviceManagement/deviceConfigurationsAllManagedDeviceCertificateStates/{managedAllDeviceCertificateStateId}
V1 A,D GET /deviceManagement/deviceConfigurationUserStateSummaries
V1 A,D GET /deviceManagement/deviceCustomAttributeShellScripts
V1 A,D GET /deviceManagement/deviceCustomAttributeShellScripts/{deviceCustomAttributeShellScriptId}
V1 A,D GET /deviceManagement/deviceCustomAttributeShellScripts/{deviceCustomAttributeShellScriptId}/assignments
V1 A,D GET /deviceManagement/deviceCustomAttributeShellScripts/{deviceCustomAttributeShellScriptId}/assignments/{deviceManagementScriptAssignmentId}
V1 A,D GET /deviceManagement/deviceCustomAttributeShellScripts/{deviceCustomAttributeShellScriptId}/deviceRunStates
V1 A,D GET /deviceManagement/deviceCustomAttributeShellScripts/{deviceCustomAttributeShellScriptId}/deviceRunStates/{deviceManagementScriptDeviceStateId}
V1 A,D GET /deviceManagement/deviceCustomAttributeShellScripts/{deviceCustomAttributeShellScriptId}/groupAssignments
V1 A,D GET /deviceManagement/deviceCustomAttributeShellScripts/{deviceCustomAttributeShellScriptId}/groupAssignments/{deviceManagementScriptGroupAssignmentId}
V1 A,D GET /deviceManagement/deviceCustomAttributeShellScripts/{deviceCustomAttributeShellScriptId}/runSummary
V1 A,D GET /deviceManagement/deviceCustomAttributeShellScripts/{deviceCustomAttributeShellScriptId}/userRunStates
V1 A,D GET /deviceManagement/deviceCustomAttributeShellScripts/{deviceCustomAttributeShellScriptId}/userRunStates/{deviceManagementScriptUserStateId}
V1 A,D GET /deviceManagement/deviceEnrollmentConfigurations
V1 A,D GET /deviceManagement/deviceEnrollmentConfigurations/{deviceEnrollmentConfigurationId}
V1 A,D GET /deviceManagement/deviceEnrollmentConfigurations/{deviceEnrollmentConfigurationId}/assignments
V1 A,D GET /deviceManagement/deviceEnrollmentConfigurations/{deviceEnrollmentConfigurationId}/assignments/{enrollmentConfigurationAssignmentId}
V1 A,D GET /deviceManagement/deviceHealthScripts
V1 A,D GET /deviceManagement/deviceHealthScripts/{deviceHealthScriptId}
V1 A,D GET /deviceManagement/deviceHealthScripts/{deviceHealthScriptId}/assignments
V1 A,D GET /deviceManagement/deviceHealthScripts/{deviceHealthScriptId}/assignments/{deviceHealthScriptAssignmentId}
V1 A,D GET /deviceManagement/deviceHealthScripts/{deviceHealthScriptId}/deviceRunStates
V1 A,D GET /deviceManagement/deviceHealthScripts/{deviceHealthScriptId}/deviceRunStates/{deviceHealthScriptDeviceStateId}
V1 A,D GET /deviceManagement/deviceHealthScripts/{deviceHealthScriptId}/deviceRunStates/{deviceHealthScriptDeviceStateId}/managedDevice
V1 A,D GET /deviceManagement/deviceHealthScripts/{deviceHealthScriptId}/deviceRunStates/{deviceHealthScriptDeviceStateId}/managedDevice/getFileVaultKey
V1 A,D GET /deviceManagement/deviceHealthScripts/{deviceHealthScriptId}/deviceRunStates/{deviceHealthScriptDeviceStateId}/managedDevice/getOemWarranty
V1 A,D GET /deviceManagement/deviceHealthScripts/{deviceHealthScriptId}/getRemediationHistory
V1 A,D GET /deviceManagement/deviceHealthScripts/{deviceHealthScriptId}/runSummary
V1 A,D GET /deviceManagement/deviceHealthScripts/areGlobalScriptsAvailable
V1 A,D GET /deviceManagement/deviceHealthScripts/getRemediationSummary
V1 A,D GET /deviceManagement/deviceManagementPartners
V1 A,D GET /deviceManagement/deviceManagementPartners/{deviceManagementPartnerId}
V1 GET /deviceManagement/deviceManagementScripts
V1 GET /deviceManagement/deviceManagementScripts/{deviceManagementScriptId}
V1 A,D GET /deviceManagement/deviceManagementScripts/{deviceManagementScriptId}/assignments
V1 A,D GET /deviceManagement/deviceManagementScripts/{deviceManagementScriptId}/assignments/{deviceManagementScriptAssignmentId}
V1 A,D GET /deviceManagement/deviceManagementScripts/{deviceManagementScriptId}/deviceRunStates
V1 A,D GET /deviceManagement/deviceManagementScripts/{deviceManagementScriptId}/deviceRunStates/{deviceManagementScriptDeviceStateId}
V1 A,D GET /deviceManagement/deviceManagementScripts/{deviceManagementScriptId}/deviceRunStates/{deviceManagementScriptDeviceStateId}/managedDevice
V1 A,D GET /deviceManagement/deviceManagementScripts/{deviceManagementScriptId}/deviceRunStates/{deviceManagementScriptDeviceStateId}/managedDevice/detectedApps
V1 A,D GET /deviceManagement/deviceManagementScripts/{deviceManagementScriptId}/deviceRunStates/{deviceManagementScriptDeviceStateId}/managedDevice/detectedApps/{detectedAppId}
V1 A,D GET /deviceManagement/deviceManagementScripts/{deviceManagementScriptId}/deviceRunStates/{deviceManagementScriptDeviceStateId}/managedDevice/detectedApps/{detectedAppId}/managedDevices
V1 A,D GET /deviceManagement/deviceManagementScripts/{deviceManagementScriptId}/deviceRunStates/{deviceManagementScriptDeviceStateId}/managedDevice/detectedApps/{detectedAppId}/managedDevices/{managedDeviceId}
V1 A,D GET /deviceManagement/deviceManagementScripts/{deviceManagementScriptId}/deviceRunStates/{deviceManagementScriptDeviceStateId}/managedDevice/detectedApps/{detectedAppId}/managedDevices/{managedDeviceId}/getFileVaultKey
V1 A,D GET /deviceManagement/deviceManagementScripts/{deviceManagementScriptId}/deviceRunStates/{deviceManagementScriptDeviceStateId}/managedDevice/detectedApps/{detectedAppId}/managedDevices/{managedDeviceId}/getOemWarranty
V1 A,D GET /deviceManagement/deviceManagementScripts/{deviceManagementScriptId}/deviceRunStates/{deviceManagementScriptDeviceStateId}/managedDevice/detectedApps/{detectedAppId}/managedDevices/appDiagnostics
V1 A,D GET /deviceManagement/deviceManagementScripts/{deviceManagementScriptId}/deviceRunStates/{deviceManagementScriptDeviceStateId}/managedDevice/getFileVaultKey
V1 A,D GET /deviceManagement/deviceManagementScripts/{deviceManagementScriptId}/deviceRunStates/{deviceManagementScriptDeviceStateId}/managedDevice/getOemWarranty
V1 A,D GET /deviceManagement/deviceManagementScripts/{deviceManagementScriptId}/deviceRunStates/{deviceManagementScriptDeviceStateId}/managedDevice/logCollectionRequests
V1 A,D GET /deviceManagement/deviceManagementScripts/{deviceManagementScriptId}/deviceRunStates/{deviceManagementScriptDeviceStateId}/managedDevice/logCollectionRequests/{deviceLogCollectionResponseId}
V1 A,D GET /deviceManagement/deviceManagementScripts/{deviceManagementScriptId}/deviceRunStates/{deviceManagementScriptDeviceStateId}/managedDevice/users/{userId}/managedDevices
V1 A,D GET /deviceManagement/deviceManagementScripts/{deviceManagementScriptId}/deviceRunStates/{deviceManagementScriptDeviceStateId}/managedDevice/users/{userId}/managedDevices/{managedDeviceId}
V1 A,D GET /deviceManagement/deviceManagementScripts/{deviceManagementScriptId}/deviceRunStates/{deviceManagementScriptDeviceStateId}/managedDevice/users/{userId}/managedDevices/{managedDeviceId}/getFileVaultKey
V1 A,D GET /deviceManagement/deviceManagementScripts/{deviceManagementScriptId}/deviceRunStates/{deviceManagementScriptDeviceStateId}/managedDevice/users/{userId}/managedDevices/{managedDeviceId}/getOemWarranty
V1 A,D GET /deviceManagement/deviceManagementScripts/{deviceManagementScriptId}/deviceRunStates/{deviceManagementScriptDeviceStateId}/managedDevice/users/{userId}/managedDevices/appDiagnostics
V1 A,D GET /deviceManagement/deviceManagementScripts/{deviceManagementScriptId}/deviceRunStates/{deviceManagementScriptDeviceStateId}/managedDevice/windowsProtectionState
V1 A,D GET /deviceManagement/deviceManagementScripts/{deviceManagementScriptId}/deviceRunStates/{deviceManagementScriptDeviceStateId}/managedDevice/windowsProtectionState/detectedMalwareState
V1 A,D GET /deviceManagement/deviceManagementScripts/{deviceManagementScriptId}/deviceRunStates/{deviceManagementScriptDeviceStateId}/managedDevice/windowsProtectionState/detectedMalwareState/{windowsDeviceMalwareStateId}
V1 A,D GET /deviceManagement/deviceManagementScripts/{deviceManagementScriptId}/groupAssignments
V1 A,D GET /deviceManagement/deviceManagementScripts/{deviceManagementScriptId}/groupAssignments/{deviceManagementScriptGroupAssignmentId}
V1 A,D GET /deviceManagement/deviceManagementScripts/{deviceManagementScriptId}/runSummary
V1 A,D GET /deviceManagement/deviceManagementScripts/{deviceManagementScriptId}/userRunStates
V1 A,D GET /deviceManagement/deviceManagementScripts/{deviceManagementScriptId}/userRunStates/{deviceManagementScriptUserStateId}
V1 A,D GET /deviceManagement/deviceManagementScripts/{deviceManagementScriptId}/userRunStates/{deviceManagementScriptUserStateId}/deviceRunStates
V1 A,D GET /deviceManagement/deviceManagementScripts/{deviceManagementScriptId}/userRunStates/{deviceManagementScriptUserStateId}/deviceRunStates/{deviceManagementScriptDeviceStateId}
V1 A,D GET /deviceManagement/deviceShellScripts
V1 A,D GET /deviceManagement/deviceShellScripts/{deviceShellScriptId}
V1 A,D GET /deviceManagement/deviceShellScripts/{deviceShellScriptId}/assignments
V1 A,D GET /deviceManagement/deviceShellScripts/{deviceShellScriptId}/assignments/{deviceManagementScriptAssignmentId}
V1 A,D GET /deviceManagement/deviceShellScripts/{deviceShellScriptId}/deviceRunStates
V1 A,D GET /deviceManagement/deviceShellScripts/{deviceShellScriptId}/deviceRunStates/{deviceManagementScriptDeviceStateId}
V1 A,D GET /deviceManagement/deviceShellScripts/{deviceShellScriptId}/groupAssignments
V1 A,D GET /deviceManagement/deviceShellScripts/{deviceShellScriptId}/groupAssignments/{deviceManagementScriptGroupAssignmentId}
V1 A,D GET /deviceManagement/deviceShellScripts/{deviceShellScriptId}/runSummary
V1 A,D GET /deviceManagement/deviceShellScripts/{deviceShellScriptId}/userRunStates
V1 A,D GET /deviceManagement/deviceShellScripts/{deviceShellScriptId}/userRunStates/{deviceManagementScriptUserStateId}
V1 A,D GET /deviceManagement/domainJoinConnectors
V1 A,D GET /deviceManagement/domainJoinConnectors/{deviceManagementDomainJoinConnectorId}
V1 A,D GET /deviceManagement/embeddedSIMActivationCodePools
V1 A,D GET /deviceManagement/embeddedSIMActivationCodePools/{embeddedSIMActivationCodePoolId}
V1 A,D GET /deviceManagement/embeddedSIMActivationCodePools/{embeddedSIMActivationCodePoolId}/assignments
V1 A,D GET /deviceManagement/embeddedSIMActivationCodePools/{embeddedSIMActivationCodePoolId}/assignments/{embeddedSIMActivationCodePoolAssignmentId}
V1 A,D GET /deviceManagement/embeddedSIMActivationCodePools/{embeddedSIMActivationCodePoolId}/deviceStates
V1 A,D GET /deviceManagement/embeddedSIMActivationCodePools/{embeddedSIMActivationCodePoolId}/deviceStates/{embeddedSIMDeviceStateId}
V1 A,D GET /deviceManagement/exchangeConnectors
V1 A,D GET /deviceManagement/exchangeConnectors/{deviceManagementExchangeConnectorId}
V1 A,D GET /deviceManagement/exchangeOnPremisesPolicies/{deviceManagementExchangeOnPremisesPolicyId}
V1 A,D GET /deviceManagement/exchangeOnPremisesPolicy
V1 A,D GET /deviceManagement/exchangeOnPremisesPolicy/conditionalAccessSettings
V1 A,D GET /deviceManagement/getAllowedRemoteAssistanceActions
V1 A,D GET /deviceManagement/getAssignedRoleDetails
V1 A,D GET /deviceManagement/getComanagedDevicesSummary
V1 A,D GET /deviceManagement/getComanagementEligibleDevicesSummary
V1 A,D GET /deviceManagement/groupPolicyCategories
V1 A,D GET /deviceManagement/groupPolicyCategories/{groupPolicyCategoryId}
V1 A,D GET /deviceManagement/groupPolicyConfigurations
V1 A,D GET /deviceManagement/groupPolicyConfigurations/{groupPolicyConfigurationId}
V1 A,D GET /deviceManagement/groupPolicyConfigurations/{groupPolicyConfigurationId}/assignments
V1 A,D GET /deviceManagement/groupPolicyConfigurations/{groupPolicyConfigurationId}/assignments/{groupPolicyConfigurationAssignmentId}
V1 A,D GET /deviceManagement/groupPolicyConfigurations/{groupPolicyConfigurationId}/definitionValues
V1 A,D GET /deviceManagement/groupPolicyConfigurations/{groupPolicyConfigurationId}/definitionValues/{groupPolicyDefinitionValueId}
V1 A,D GET /deviceManagement/groupPolicyConfigurations/{groupPolicyConfigurationId}/definitionValues/{groupPolicyDefinitionValueId}/definition
V1 A,D GET /deviceManagement/groupPolicyConfigurations/{groupPolicyConfigurationId}/definitionValues/{groupPolicyDefinitionValueId}/presentationValues
V1 A,D GET /deviceManagement/groupPolicyConfigurations/{groupPolicyConfigurationId}/definitionValues/{groupPolicyDefinitionValueId}/presentationValues/{groupPolicyPresentationValueId}
V1 A,D GET /deviceManagement/groupPolicyConfigurations/{groupPolicyConfigurationId}/definitionValues/{groupPolicyDefinitionValueId}/presentationValues/{groupPolicyPresentationValueId}/definitionValue
V1 A,D GET /deviceManagement/groupPolicyConfigurations/{groupPolicyConfigurationId}/definitionValues/{groupPolicyDefinitionValueId}/presentationValues/{groupPolicyPresentationValueId}/presentation
V1 A,D GET /deviceManagement/groupPolicyConfigurations/{groupPolicyConfigurationId}/definitionValues/{groupPolicyDefinitionValueId}/presentationValues/{groupPolicyPresentationValueId}/presentation/definition
V1 A,D GET /deviceManagement/groupPolicyConfigurations/{groupPolicyConfigurationId}/definitionValues/{groupPolicyDefinitionValueId}/presentationValues/{groupPolicyPresentationValueId}/presentation/definition/category
V1 A,D GET /deviceManagement/groupPolicyConfigurations/{groupPolicyConfigurationId}/definitionValues/{groupPolicyDefinitionValueId}/presentationValues/{groupPolicyPresentationValueId}/presentation/definition/category/children
V1 A,D GET /deviceManagement/groupPolicyConfigurations/{groupPolicyConfigurationId}/definitionValues/{groupPolicyDefinitionValueId}/presentationValues/{groupPolicyPresentationValueId}/presentation/definition/category/children/{groupPolicyCategoryId}
V1 A,D GET /deviceManagement/groupPolicyConfigurations/{groupPolicyConfigurationId}/definitionValues/{groupPolicyDefinitionValueId}/presentationValues/{groupPolicyPresentationValueId}/presentation/definition/category/definitionFile
V1 A,D GET /deviceManagement/groupPolicyConfigurations/{groupPolicyConfigurationId}/definitionValues/{groupPolicyDefinitionValueId}/presentationValues/{groupPolicyPresentationValueId}/presentation/definition/category/definitions
V1 A,D GET /deviceManagement/groupPolicyConfigurations/{groupPolicyConfigurationId}/definitionValues/{groupPolicyDefinitionValueId}/presentationValues/{groupPolicyPresentationValueId}/presentation/definition/category/definitions/{groupPolicyDefinitionId}
V1 A,D GET /deviceManagement/groupPolicyConfigurations/{groupPolicyConfigurationId}/definitionValues/{groupPolicyDefinitionValueId}/presentationValues/{groupPolicyPresentationValueId}/presentation/definition/category/parent
V1 A,D GET /deviceManagement/groupPolicyConfigurations/{groupPolicyConfigurationId}/definitionValues/{groupPolicyDefinitionValueId}/presentationValues/{groupPolicyPresentationValueId}/presentation/definition/definitionFile
V1 A,D GET /deviceManagement/groupPolicyConfigurations/{groupPolicyConfigurationId}/definitionValues/{groupPolicyDefinitionValueId}/presentationValues/{groupPolicyPresentationValueId}/presentation/definition/definitionFile/definitions
V1 A,D GET /deviceManagement/groupPolicyConfigurations/{groupPolicyConfigurationId}/definitionValues/{groupPolicyDefinitionValueId}/presentationValues/{groupPolicyPresentationValueId}/presentation/definition/definitionFile/definitions/{groupPolicyDefinitionId}
V1 A,D GET /deviceManagement/groupPolicyConfigurations/{groupPolicyConfigurationId}/definitionValues/{groupPolicyDefinitionValueId}/presentationValues/{groupPolicyPresentationValueId}/presentation/definition/definitionFile/microsoft.graph.groupPolicyUploadedDefinitionFile/groupPolicyOperations
V1 A,D GET /deviceManagement/groupPolicyConfigurations/{groupPolicyConfigurationId}/definitionValues/{groupPolicyDefinitionValueId}/presentationValues/{groupPolicyPresentationValueId}/presentation/definition/definitionFile/microsoft.graph.groupPolicyUploadedDefinitionFile/groupPolicyOperations/{groupPolicyOperationId}
V1 A,D GET /deviceManagement/groupPolicyConfigurations/{groupPolicyConfigurationId}/definitionValues/{groupPolicyDefinitionValueId}/presentationValues/{groupPolicyPresentationValueId}/presentation/definition/nextVersionDefinition
V1 A,D GET /deviceManagement/groupPolicyConfigurations/{groupPolicyConfigurationId}/definitionValues/{groupPolicyDefinitionValueId}/presentationValues/{groupPolicyPresentationValueId}/presentation/definition/presentations
V1 A,D GET /deviceManagement/groupPolicyConfigurations/{groupPolicyConfigurationId}/definitionValues/{groupPolicyDefinitionValueId}/presentationValues/{groupPolicyPresentationValueId}/presentation/definition/presentations/{groupPolicyPresentationId}
V1 A,D GET /deviceManagement/groupPolicyConfigurations/{groupPolicyConfigurationId}/definitionValues/{groupPolicyDefinitionValueId}/presentationValues/{groupPolicyPresentationValueId}/presentation/definition/previousVersionDefinition
V1 A,D GET /deviceManagement/groupPolicyDefinitionFiles/{groupPolicyDefinitionFileId}
V1 A,D GET /deviceManagement/groupPolicyDefinitions
V1 A,D GET /deviceManagement/groupPolicyDefinitions/{groupPolicyDefinitionId}
V1 A,D GET /deviceManagement/groupPolicyMigrationReports
V1 A,D GET /deviceManagement/groupPolicyMigrationReports/{groupPolicyMigrationReportId}
V1 A,D GET /deviceManagement/groupPolicyMigrationReports/{groupPolicyMigrationReportId}/groupPolicySettingMappings
V1 A,D GET /deviceManagement/groupPolicyMigrationReports/{groupPolicyMigrationReportId}/groupPolicySettingMappings/{groupPolicySettingMappingId}
V1 A,D GET /deviceManagement/groupPolicyMigrationReports/{groupPolicyMigrationReportId}/unsupportedGroupPolicyExtensions
V1 A,D GET /deviceManagement/groupPolicyMigrationReports/{groupPolicyMigrationReportId}/unsupportedGroupPolicyExtensions/{unsupportedGroupPolicyExtensionId}
V1 A,D GET /deviceManagement/groupPolicyObjectFiles
V1 A,D GET /deviceManagement/groupPolicyObjectFiles/{groupPolicyObjectFileId}
V1 A,D GET /deviceManagement/groupPolicyUploadedDefinitionFiles
V1 A,D GET /deviceManagement/groupPolicyUploadedDefinitionFiles/{groupPolicyUploadedDefinitionFileId}
V1 A,D GET /deviceManagement/hardwareConfigurations
V1 A,D GET /deviceManagement/hardwareConfigurations/{hardwareConfigurationId}
V1 A,D GET /deviceManagement/hardwareConfigurations/{hardwareConfigurationId}/assignments
V1 A,D GET /deviceManagement/hardwareConfigurations/{hardwareConfigurationId}/assignments/{hardwareConfigurationAssignmentId}
V1 A,D GET /deviceManagement/hardwareConfigurations/{hardwareConfigurationId}/deviceRunStates
V1 A,D GET /deviceManagement/hardwareConfigurations/{hardwareConfigurationId}/deviceRunStates/{hardwareConfigurationDeviceStateId}
V1 A,D GET /deviceManagement/hardwareConfigurations/{hardwareConfigurationId}/runSummary
V1 A,D GET /deviceManagement/hardwareConfigurations/{hardwareConfigurationId}/userRunStates
V1 A,D GET /deviceManagement/hardwareConfigurations/{hardwareConfigurationId}/userRunStates/{hardwareConfigurationUserStateId}
V1 A,D GET /deviceManagement/hardwarePasswordInfo
V1 A,D GET /deviceManagement/hardwarePasswordInfo/{hardwarePasswordInfoId}
V1 A,D GET /deviceManagement/intents
V1 A,D GET /deviceManagement/intents/{deviceManagementIntentId}
V1 A,D GET /deviceManagement/intents/{deviceManagementIntentId}/assignments
V1 A,D GET /deviceManagement/intents/{deviceManagementIntentId}/assignments/{deviceManagementIntentAssignmentId}
V1 A,D GET /deviceManagement/intents/{deviceManagementIntentId}/categories
V1 A,D GET /deviceManagement/intents/{deviceManagementIntentId}/categories/{deviceManagementIntentSettingCategoryId}
V1 A,D GET /deviceManagement/intents/{deviceManagementIntentId}/categories/{deviceManagementIntentSettingCategoryId}/settingDefinitions
V1 A,D GET /deviceManagement/intents/{deviceManagementIntentId}/categories/{deviceManagementIntentSettingCategoryId}/settingDefinitions/{deviceManagementSettingDefinitionId}
V1 A,D GET /deviceManagement/intents/{deviceManagementIntentId}/categories/{deviceManagementIntentSettingCategoryId}/settings
V1 A,D GET /deviceManagement/intents/{deviceManagementIntentId}/categories/{deviceManagementIntentSettingCategoryId}/settings/{deviceManagementSettingInstanceId}
V1 A,D GET /deviceManagement/intents/{deviceManagementIntentId}/compare
V1 A,D GET /deviceManagement/intents/{deviceManagementIntentId}/deviceSettingStateSummaries
V1 A,D GET /deviceManagement/intents/{deviceManagementIntentId}/deviceSettingStateSummaries/{deviceManagementIntentDeviceSettingStateSummaryId}
V1 A,D GET /deviceManagement/intents/{deviceManagementIntentId}/deviceStates
V1 A,D GET /deviceManagement/intents/{deviceManagementIntentId}/deviceStates/{deviceManagementIntentDeviceStateId}
V1 A,D GET /deviceManagement/intents/{deviceManagementIntentId}/deviceStateSummary
V1 A,D GET /deviceManagement/intents/{deviceManagementIntentId}/settings
V1 A,D GET /deviceManagement/intents/{deviceManagementIntentId}/settings/{deviceManagementSettingInstanceId}
V1 A,D GET /deviceManagement/intents/{deviceManagementIntentId}/userStates
V1 A,D GET /deviceManagement/intents/{deviceManagementIntentId}/userStates/{deviceManagementIntentUserStateId}
V1 A,D GET /deviceManagement/intents/{deviceManagementIntentId}/userStateSummary
V1 A,D GET /deviceManagement/iosUpdateStatuses
V1 A,D GET /deviceManagement/iosUpdateStatuses/{iosUpdateDeviceStatusId}
V1 A,D GET /deviceManagement/macOSSoftwareUpdateAccountSummaries
V1 A,D GET /deviceManagement/macOSSoftwareUpdateAccountSummaries/{macOSSoftwareUpdateAccountSummaryId}
V1 A,D GET /deviceManagement/macOSSoftwareUpdateAccountSummaries/{macOSSoftwareUpdateAccountSummaryId}/categorySummaries
V1 A,D GET /deviceManagement/macOSSoftwareUpdateAccountSummaries/{macOSSoftwareUpdateAccountSummaryId}/categorySummaries/{macOSSoftwareUpdateCategorySummaryId}
V1 A,D GET /deviceManagement/macOSSoftwareUpdateAccountSummaries/{macOSSoftwareUpdateAccountSummaryId}/categorySummaries/{macOSSoftwareUpdateCategorySummaryId}/updateStateSummaries
V1 A,D GET /deviceManagement/macOSSoftwareUpdateAccountSummaries/{macOSSoftwareUpdateAccountSummaryId}/categorySummaries/{macOSSoftwareUpdateCategorySummaryId}/updateStateSummaries/{macOSSoftwareUpdateStateSummaryId}
V1 A,D GET /deviceManagement/managedDeviceEncryptionStates
V1 A,D GET /deviceManagement/managedDeviceEncryptionStates/{managedDeviceEncryptionStateId}
V1 A,D GET /deviceManagement/managedDeviceOverview
V1 A,D GET /deviceManagement/managedDevices
V1 A,D GET /deviceManagement/managedDevices/{managedDeviceId}
V1 A,D GET /deviceManagement/managedDevices/{managedDeviceId}/getFileVaultKey
V1 A,D GET /deviceManagement/managedDevices/{managedDeviceId}/getOemWarranty
V1 A,D GET /deviceManagement/managedDevices/appDiagnostics
V1 A,D GET /deviceManagement/managementConditions
V1 A,D GET /deviceManagement/managementConditions/{managementConditionId}
V1 A,D GET /deviceManagement/managementConditions/{managementConditionId}/managementConditionStatements
V1 A,D GET /deviceManagement/managementConditions/{managementConditionId}/managementConditionStatements/{managementConditionStatementId}
V1 A,D GET /deviceManagement/managementConditions/{managementConditionId}/managementConditionStatements/{managementConditionStatementId}/getManagementConditionStatementExpressionString
V1 A,D GET /deviceManagement/managementConditions/{managementConditionId}/managementConditionStatements/{managementConditionStatementId}/managementConditions
V1 A,D GET /deviceManagement/managementConditions/{managementConditionId}/managementConditionStatements/{managementConditionStatementId}/managementConditions/{managementConditionId}
V1 A,D GET /deviceManagement/managementConditions/{managementConditionId}/managementConditionStatements/{managementConditionStatementId}/managementConditions/getManagementConditionsForPlatform
V1 A,D GET /deviceManagement/managementConditions/{managementConditionId}/managementConditionStatements/getManagementConditionStatementsForPlatform
V1 A,D GET /deviceManagement/managementConditions/getManagementConditionsForPlatform
V1 A,D GET /deviceManagement/managementConditionStatements
V1 A,D GET /deviceManagement/managementConditionStatements/{managementConditionStatementId}
V1 A,D GET /deviceManagement/managementConditionStatements/{managementConditionStatementId}/getManagementConditionStatementExpressionString
V1 A,D GET /deviceManagement/managementConditionStatements/getManagementConditionStatementsForPlatform
V1 A,D GET /deviceManagement/microsoftTunnelConfigurations
V1 A,D GET /deviceManagement/microsoftTunnelConfigurations/{microsoftTunnelConfigurationId}
V1 A,D GET /deviceManagement/microsoftTunnelHealthThresholds
V1 A,D GET /deviceManagement/microsoftTunnelHealthThresholds/{microsoftTunnelHealthThresholdId}
V1 A,D GET /deviceManagement/microsoftTunnelServerLogCollectionResponses
V1 A,D GET /deviceManagement/microsoftTunnelServerLogCollectionResponses/{microsoftTunnelServerLogCollectionResponseId}
V1 A,D GET /deviceManagement/microsoftTunnelSites
V1 A,D GET /deviceManagement/microsoftTunnelSites/{microsoftTunnelSiteId}
V1 A,D GET /deviceManagement/microsoftTunnelSites/{microsoftTunnelSiteId}/microsoftTunnelConfiguration
V1 A,D GET /deviceManagement/microsoftTunnelSites/{microsoftTunnelSiteId}/microsoftTunnelServers
V1 A,D GET /deviceManagement/microsoftTunnelSites/{microsoftTunnelSiteId}/microsoftTunnelServers/{microsoftTunnelServerId}
V1 A,D GET /deviceManagement/mobileAppTroubleshootingEvents/{mobileAppTroubleshootingEventId}/appLogCollectionRequests
V1 A,D GET /deviceManagement/mobileAppTroubleshootingEvents/{mobileAppTroubleshootingEventId}/appLogCollectionRequests/{appLogCollectionRequestId}
V1 A,D GET /deviceManagement/mobileThreatDefenseConnectors
V1 A,D GET /deviceManagement/mobileThreatDefenseConnectors/{mobileThreatDefenseConnectorId}
V1 A,D GET /deviceManagement/ndesConnectors
V1 A,D GET /deviceManagement/ndesConnectors/{ndesConnectorId}
V1 A,D GET /deviceManagement/oemWarrantyInformationOnboarding
V1 A,D GET /deviceManagement/oemWarrantyInformationOnboarding/{oemWarrantyInformationOnboardingId}
V1 A,D GET /deviceManagement/operationApprovalPolicies
V1 A,D GET /deviceManagement/operationApprovalPolicies/{operationApprovalPolicyId}
V1 A,D GET /deviceManagement/operationApprovalPolicies/getApprovableOperations
V1 A,D GET /deviceManagement/operationApprovalPolicies/getOperationsAllowedApproval
V1 A,D GET /deviceManagement/operationApprovalPolicies/getOperationsRequiringApproval
V1 A,D GET /deviceManagement/operationApprovalRequests
V1 A,D GET /deviceManagement/operationApprovalRequests/{operationApprovalRequestId}
V1 A,D GET /deviceManagement/operationApprovalRequests/getMyRequestById
V1 A,D GET /deviceManagement/operationApprovalRequests/getMyRequests
V1 A,D GET /deviceManagement/remoteActionAudits
V1 A,D GET /deviceManagement/remoteActionAudits/{remoteActionAuditId}
V1 A,D GET /deviceManagement/remoteAssistancePartners
V1 A,D GET /deviceManagement/remoteAssistancePartners/{remoteAssistancePartnerId}
V1 A,D GET /deviceManagement/remoteAssistanceSettings
V1 A,D GET /deviceManagement/reports
V1 A,D GET /deviceManagement/reports/cachedReportConfigurations
V1 A,D GET /deviceManagement/reports/cachedReportConfigurations/{deviceManagementCachedReportConfigurationId}
V1 A,D GET /deviceManagement/reports/exportJobs
V1 A,D GET /deviceManagement/reports/exportJobs/{deviceManagementExportJobId}
V1 A,D GET /deviceManagement/reports/reportSchedules
V1 A,D GET /deviceManagement/reports/reportSchedules/{deviceManagementReportScheduleId}
V1 A,D GET /deviceManagement/resourceOperations
V1 A,D GET /deviceManagement/resourceOperations/{resourceOperationId}
V1 A,D GET /deviceManagement/resourceOperations/{resourceOperationId}/getScopesForUser
V1 A,D GET /deviceManagement/reusablePolicySettings
V1 A,D GET /deviceManagement/reusablePolicySettings/{deviceManagementReusablePolicySettingId}
V1 A,D GET /deviceManagement/reusablePolicySettings/{deviceManagementReusablePolicySettingId}/referencingConfigurationPolicies
V1 A,D GET /deviceManagement/reusablePolicySettings/{deviceManagementReusablePolicySettingId}/referencingConfigurationPolicies/{deviceManagementConfigurationPolicyId}
V1 A,D GET /deviceManagement/reusableSettings
V1 A,D GET /deviceManagement/reusableSettings/{deviceManagementConfigurationSettingDefinitionId}
V1 A,D GET /deviceManagement/roleAssignments
V1 A,D GET /deviceManagement/roleAssignments/{deviceAndAppManagementRoleAssignmentId}
V1 A,D GET /deviceManagement/roleDefinitions
V1 A,D GET /deviceManagement/roleDefinitions/{roleDefinitionId}
V1 A,D GET /deviceManagement/roleDefinitions/{roleDefinitionId}/roleAssignments
V1 A,D GET /deviceManagement/roleDefinitions/{roleDefinitionId}/roleAssignments/{roleAssignmentId}
V1 A,D GET /deviceManagement/roleDefinitions/{roleDefinitionId}/roleAssignments/{roleAssignmentId}/microsoft.graph.deviceAndAppManagementRoleAssignment/roleScopeTags
V1 A,D GET /deviceManagement/roleDefinitions/{roleDefinitionId}/roleAssignments/{roleAssignmentId}/microsoft.graph.deviceAndAppManagementRoleAssignment/roleScopeTags/{roleScopeTagId}
V1 A,D GET /deviceManagement/roleDefinitions/{roleDefinitionId}/roleAssignments/{roleAssignmentId}/microsoft.graph.deviceAndAppManagementRoleAssignment/roleScopeTags/{roleScopeTagId}/assignments
V1 A,D GET /deviceManagement/roleDefinitions/{roleDefinitionId}/roleAssignments/{roleAssignmentId}/microsoft.graph.deviceAndAppManagementRoleAssignment/roleScopeTags/{roleScopeTagId}/assignments/{roleScopeTagAutoAssignmentId}
V1 A,D GET /deviceManagement/roleDefinitions/{roleDefinitionId}/roleAssignments/{roleAssignmentId}/microsoft.graph.deviceAndAppManagementRoleAssignment/roleScopeTags/hasCustomRoleScopeTag
V1 A,D GET /deviceManagement/roleDefinitions/{roleDefinitionId}/roleAssignments/{roleAssignmentId}/roleDefinition
V1 A,D GET /deviceManagement/roleScopeTags
V1 A,D GET /deviceManagement/roleScopeTags/{roleScopeTagId}
V1 A,D GET /deviceManagement/roleScopeTags/hasCustomRoleScopeTag
V1 A,D GET /deviceManagement/scopedForResource
V1 A,D GET /deviceManagement/settingDefinitions
V1 A,D GET /deviceManagement/settingDefinitions/{deviceManagementSettingDefinitionId}
V1 A,D GET /deviceManagement/softwareUpdateStatusSummary
V1 A,D GET /deviceManagement/templates
V1 A,D GET /deviceManagement/templates/{deviceManagementTemplateId}
V1 A,D GET /deviceManagement/templates/{deviceManagementTemplateId}/categories
V1 A,D GET /deviceManagement/templates/{deviceManagementTemplateId}/categories/{deviceManagementTemplateSettingCategoryId}
V1 A,D GET /deviceManagement/templates/{deviceManagementTemplateId}/categories/{deviceManagementTemplateSettingCategoryId}/recommendedSettings
V1 A,D GET /deviceManagement/templates/{deviceManagementTemplateId}/categories/{deviceManagementTemplateSettingCategoryId}/recommendedSettings/{deviceManagementSettingInstanceId}
V1 A,D GET /deviceManagement/templates/{deviceManagementTemplateId}/categories/{deviceManagementTemplateSettingCategoryId}/settingDefinitions
V1 A,D GET /deviceManagement/templates/{deviceManagementTemplateId}/categories/{deviceManagementTemplateSettingCategoryId}/settingDefinitions/{deviceManagementSettingDefinitionId}
V1 A,D GET /deviceManagement/templates/{deviceManagementTemplateId}/compare
V1 A,D GET /deviceManagement/templates/{deviceManagementTemplateId}/microsoft.graph.securityBaselineTemplate/categoryDeviceStateSummaries
V1 A,D GET /deviceManagement/templates/{deviceManagementTemplateId}/microsoft.graph.securityBaselineTemplate/categoryDeviceStateSummaries/{securityBaselineCategoryStateSummaryId}
V1 A,D GET /deviceManagement/templates/{deviceManagementTemplateId}/microsoft.graph.securityBaselineTemplate/deviceStates
V1 A,D GET /deviceManagement/templates/{deviceManagementTemplateId}/microsoft.graph.securityBaselineTemplate/deviceStates/{securityBaselineDeviceStateId}
V1 A,D GET /deviceManagement/templates/{deviceManagementTemplateId}/microsoft.graph.securityBaselineTemplate/deviceStateSummary
V1 A,D GET /deviceManagement/templates/{deviceManagementTemplateId}/migratableTo
V1 A,D GET /deviceManagement/templates/{deviceManagementTemplateId}/migratableTo/{deviceManagementTemplateId}
V1 A,D GET /deviceManagement/templates/{deviceManagementTemplateId}/migratableTo/{deviceManagementTemplateId}/compare
V1 A,D GET /deviceManagement/templates/{deviceManagementTemplateId}/settings
V1 A,D GET /deviceManagement/templates/{deviceManagementTemplateId}/settings/{deviceManagementSettingInstanceId}
V1 A,D GET /deviceManagement/templateSettings
V1 A,D GET /deviceManagement/templateSettings/{deviceManagementConfigurationSettingTemplateId}
V1 A,D GET /deviceManagement/tenantAttachRBAC
V1 A,D GET /deviceManagement/tenantAttachRBAC/getState
V1 A,D GET /deviceManagement/userExperienceAnalyticsAnomaly
V1 A,D GET /deviceManagement/userExperienceAnalyticsAnomaly/{userExperienceAnalyticsAnomalyId}
V1 A,D GET /deviceManagement/userExperienceAnalyticsAnomalyDevice
V1 A,D GET /deviceManagement/userExperienceAnalyticsAnomalyDevice/{userExperienceAnalyticsAnomalyDeviceId}
V1 A,D GET /deviceManagement/userExperienceAnalyticsAppHealthApplicationPerformance
V1 A,D GET /deviceManagement/userExperienceAnalyticsAppHealthApplicationPerformance/{userExperienceAnalyticsAppHealthApplicationPerformanceId}
V1 A,D GET /deviceManagement/userExperienceAnalyticsAppHealthApplicationPerformanceByAppVersion
V1 A,D GET /deviceManagement/userExperienceAnalyticsAppHealthApplicationPerformanceByAppVersion/{userExperienceAnalyticsAppHealthAppPerformanceByAppVersionId}
V1 A,D GET /deviceManagement/userExperienceAnalyticsAppHealthApplicationPerformanceByAppVersionDetails
V1 A,D GET /deviceManagement/userExperienceAnalyticsAppHealthApplicationPerformanceByAppVersionDetails/{userExperienceAnalyticsAppHealthAppPerformanceByAppVersionDetailsId}
V1 A,D GET /deviceManagement/userExperienceAnalyticsAppHealthApplicationPerformanceByAppVersionDeviceId
V1 A,D GET /deviceManagement/userExperienceAnalyticsAppHealthApplicationPerformanceByAppVersionDeviceId/{userExperienceAnalyticsAppHealthAppPerformanceByAppVersionDeviceIdId}
V1 A,D GET /deviceManagement/userExperienceAnalyticsAppHealthApplicationPerformanceByOSVersion
V1 A,D GET /deviceManagement/userExperienceAnalyticsAppHealthApplicationPerformanceByOSVersion/{userExperienceAnalyticsAppHealthAppPerformanceByOSVersionId}
V1 A,D GET /deviceManagement/userExperienceAnalyticsAppHealthDeviceModelPerformance
V1 A,D GET /deviceManagement/userExperienceAnalyticsAppHealthDeviceModelPerformance/{userExperienceAnalyticsAppHealthDeviceModelPerformanceId}
V1 A,D GET /deviceManagement/userExperienceAnalyticsAppHealthDevicePerformance
V1 A,D GET /deviceManagement/userExperienceAnalyticsAppHealthDevicePerformance/{userExperienceAnalyticsAppHealthDevicePerformanceId}
V1 A,D GET /deviceManagement/userExperienceAnalyticsAppHealthDevicePerformanceDetails
V1 A,D GET /deviceManagement/userExperienceAnalyticsAppHealthDevicePerformanceDetails/{userExperienceAnalyticsAppHealthDevicePerformanceDetailsId}
V1 A,D GET /deviceManagement/userExperienceAnalyticsAppHealthOSVersionPerformance
V1 A,D GET /deviceManagement/userExperienceAnalyticsAppHealthOSVersionPerformance/{userExperienceAnalyticsAppHealthOSVersionPerformanceId}
V1 A,D GET /deviceManagement/userExperienceAnalyticsAppHealthOverview
V1 A,D GET /deviceManagement/userExperienceAnalyticsBaselines
V1 A,D GET /deviceManagement/userExperienceAnalyticsBaselines/{userExperienceAnalyticsBaselineId}
V1 A,D GET /deviceManagement/userExperienceAnalyticsBaselines/{userExperienceAnalyticsBaselineId}/appHealthMetrics
V1 A,D GET /deviceManagement/userExperienceAnalyticsBaselines/{userExperienceAnalyticsBaselineId}/batteryHealthMetrics
V1 A,D GET /deviceManagement/userExperienceAnalyticsBaselines/{userExperienceAnalyticsBaselineId}/bestPracticesMetrics
V1 A,D GET /deviceManagement/userExperienceAnalyticsBaselines/{userExperienceAnalyticsBaselineId}/deviceBootPerformanceMetrics
V1 A,D GET /deviceManagement/userExperienceAnalyticsBaselines/{userExperienceAnalyticsBaselineId}/deviceBootPerformanceMetrics/metricValues
V1 A,D GET /deviceManagement/userExperienceAnalyticsBaselines/{userExperienceAnalyticsBaselineId}/deviceBootPerformanceMetrics/metricValues/{userExperienceAnalyticsMetricId}
V1 A,D GET /deviceManagement/userExperienceAnalyticsBaselines/{userExperienceAnalyticsBaselineId}/rebootAnalyticsMetrics
V1 A,D GET /deviceManagement/userExperienceAnalyticsBaselines/{userExperienceAnalyticsBaselineId}/resourcePerformanceMetrics
V1 A,D GET /deviceManagement/userExperienceAnalyticsBaselines/{userExperienceAnalyticsBaselineId}/workFromAnywhereMetrics
V1 A,D GET /deviceManagement/userExperienceAnalyticsBatteryHealthAppImpact
V1 A,D GET /deviceManagement/userExperienceAnalyticsBatteryHealthAppImpact/{userExperienceAnalyticsBatteryHealthAppImpactId}
V1 A,D GET /deviceManagement/userExperienceAnalyticsBatteryHealthCapacityDetails
V1 A,D GET /deviceManagement/userExperienceAnalyticsBatteryHealthDeviceAppImpact
V1 A,D GET /deviceManagement/userExperienceAnalyticsBatteryHealthDeviceAppImpact/{userExperienceAnalyticsBatteryHealthDeviceAppImpactId}
V1 A,D GET /deviceManagement/userExperienceAnalyticsBatteryHealthDevicePerformance
V1 A,D GET /deviceManagement/userExperienceAnalyticsBatteryHealthDevicePerformance/{userExperienceAnalyticsBatteryHealthDevicePerformanceId}
V1 A,D GET /deviceManagement/userExperienceAnalyticsBatteryHealthDeviceRuntimeHistory
V1 A,D GET /deviceManagement/userExperienceAnalyticsBatteryHealthDeviceRuntimeHistory/{userExperienceAnalyticsBatteryHealthDeviceRuntimeHistoryId}
V1 A,D GET /deviceManagement/userExperienceAnalyticsBatteryHealthModelPerformance
V1 A,D GET /deviceManagement/userExperienceAnalyticsBatteryHealthModelPerformance/{userExperienceAnalyticsBatteryHealthModelPerformanceId}
V1 A,D GET /deviceManagement/userExperienceAnalyticsBatteryHealthOsPerformance
V1 A,D GET /deviceManagement/userExperienceAnalyticsBatteryHealthOsPerformance/{userExperienceAnalyticsBatteryHealthOsPerformanceId}
V1 A,D GET /deviceManagement/userExperienceAnalyticsBatteryHealthRuntimeDetails
V1 A,D GET /deviceManagement/userExperienceAnalyticsCategories/{userExperienceAnalyticsCategoryId}
V1 A,D GET /deviceManagement/userExperienceAnalyticsDeviceMetricHistory
V1 A,D GET /deviceManagement/userExperienceAnalyticsDeviceMetricHistory/{userExperienceAnalyticsMetricHistoryId}
V1 A,D GET /deviceManagement/userExperienceAnalyticsDevicePerformance
V1 A,D GET /deviceManagement/userExperienceAnalyticsDevicePerformance/{userExperienceAnalyticsDevicePerformanceId}
V1 A,D GET /deviceManagement/userExperienceAnalyticsDevicePerformance/summarizeDevicePerformanceDevices
V1 A,D GET /deviceManagement/userExperienceAnalyticsDeviceScope
V1 A,D GET /deviceManagement/userExperienceAnalyticsDeviceScopes
V1 A,D GET /deviceManagement/userExperienceAnalyticsDeviceScopes/{userExperienceAnalyticsDeviceScopeId}
V1 A,D GET /deviceManagement/userExperienceAnalyticsDeviceScores
V1 A,D GET /deviceManagement/userExperienceAnalyticsDeviceScores/{userExperienceAnalyticsDeviceScoresId}
V1 A,D GET /deviceManagement/userExperienceAnalyticsDeviceStartupHistory
V1 A,D GET /deviceManagement/userExperienceAnalyticsDeviceStartupHistory/{userExperienceAnalyticsDeviceStartupHistoryId}
V1 A,D GET /deviceManagement/userExperienceAnalyticsDeviceStartupProcesses
V1 A,D GET /deviceManagement/userExperienceAnalyticsDeviceStartupProcesses/{userExperienceAnalyticsDeviceStartupProcessId}
V1 A,D GET /deviceManagement/userExperienceAnalyticsDeviceStartupProcessPerformance
V1 A,D GET /deviceManagement/userExperienceAnalyticsDeviceStartupProcessPerformance/{userExperienceAnalyticsDeviceStartupProcessPerformanceId}
V1 A,D GET /deviceManagement/userExperienceAnalyticsDevicesWithoutCloudIdentity
V1 A,D GET /deviceManagement/userExperienceAnalyticsDevicesWithoutCloudIdentity/{userExperienceAnalyticsDeviceWithoutCloudIdentityId}
V1 A,D GET /deviceManagement/userExperienceAnalyticsDeviceTimelineEvents
V1 A,D GET /deviceManagement/userExperienceAnalyticsDeviceTimelineEvents/{userExperienceAnalyticsDeviceTimelineEventsId}
V1 A,D GET /deviceManagement/userExperienceAnalyticsImpactingProcess
V1 A,D GET /deviceManagement/userExperienceAnalyticsImpactingProcess/{userExperienceAnalyticsImpactingProcessId}
V1 A,D GET /deviceManagement/userExperienceAnalyticsMetricHistory
V1 A,D GET /deviceManagement/userExperienceAnalyticsMetricHistory/{userExperienceAnalyticsMetricHistoryId}
V1 A,D GET /deviceManagement/userExperienceAnalyticsMetricHistory/{userExperienceAnalyticsMetricHistoryId}/userExperienceAnalyticsMetric
V1 A,D GET /deviceManagement/userExperienceAnalyticsModelScores
V1 A,D GET /deviceManagement/userExperienceAnalyticsModelScores/{userExperienceAnalyticsModelScoresId}
V1 A,D GET /deviceManagement/userExperienceAnalyticsNotAutopilotReadyDevice
V1 A,D GET /deviceManagement/userExperienceAnalyticsNotAutopilotReadyDevice/{userExperienceAnalyticsNotAutopilotReadyDeviceId}
V1 A,D GET /deviceManagement/userExperienceAnalyticsOverview
V1 A,D GET /deviceManagement/userExperienceAnalyticsRegressionSummary
V1 A,D GET /deviceManagement/userExperienceAnalyticsRegressionSummary/summarizeDeviceRegressionPerformance
V1 A,D GET /deviceManagement/userExperienceAnalyticsRemoteConnection
V1 A,D GET /deviceManagement/userExperienceAnalyticsRemoteConnection/{userExperienceAnalyticsRemoteConnectionId}
V1 A,D GET /deviceManagement/userExperienceAnalyticsResourcePerformance
V1 A,D GET /deviceManagement/userExperienceAnalyticsResourcePerformance/{userExperienceAnalyticsResourcePerformanceId}
V1 A,D GET /deviceManagement/userExperienceAnalyticsScoreHistory
V1 A,D GET /deviceManagement/userExperienceAnalyticsScoreHistory/{userExperienceAnalyticsScoreHistoryId}
V1 A,D GET /deviceManagement/userExperienceAnalyticsSummarizedDeviceScopes
V1 A,D GET /deviceManagement/userExperienceAnalyticsWorkFromAnywhereHardwareReadinessMetric
V1 A,D GET /deviceManagement/userExperienceAnalyticsWorkFromAnywhereMetrics
V1 A,D GET /deviceManagement/userExperienceAnalyticsWorkFromAnywhereMetrics/{userExperienceAnalyticsWorkFromAnywhereMetricId}
V1 A,D GET /deviceManagement/userExperienceAnalyticsWorkFromAnywhereMetrics/{userExperienceAnalyticsWorkFromAnywhereMetricId}/metricDevices
V1 A,D GET /deviceManagement/userExperienceAnalyticsWorkFromAnywhereMetrics/{userExperienceAnalyticsWorkFromAnywhereMetricId}/metricDevices/{userExperienceAnalyticsWorkFromAnywhereDeviceId}
V1 A,D GET /deviceManagement/userExperienceAnalyticsWorkFromAnywhereModelPerformance
V1 A,D GET /deviceManagement/userExperienceAnalyticsWorkFromAnywhereModelPerformance/{userExperienceAnalyticsWorkFromAnywhereModelPerformanceId}
V1 A,D GET /deviceManagement/userPfxCertificates
V1 A,D GET /deviceManagement/userPfxCertificates/{userPFXCertificateId}
V1 A,D GET /deviceManagement/windowsDriverUpdateProfiles
V1 A,D GET /deviceManagement/windowsDriverUpdateProfiles/{windowsDriverUpdateProfileId}
V1 A,D GET /deviceManagement/windowsDriverUpdateProfiles/{windowsDriverUpdateProfileId}/assignments
V1 A,D GET /deviceManagement/windowsDriverUpdateProfiles/{windowsDriverUpdateProfileId}/assignments/{windowsDriverUpdateProfileAssignmentId}
V1 A,D GET /deviceManagement/windowsDriverUpdateProfiles/{windowsDriverUpdateProfileId}/driverInventories
V1 A,D GET /deviceManagement/windowsDriverUpdateProfiles/{windowsDriverUpdateProfileId}/driverInventories/{windowsDriverUpdateInventoryId}
V1 A,D GET /deviceManagement/windowsFeatureUpdateProfiles
V1 A,D GET /deviceManagement/windowsFeatureUpdateProfiles/{windowsFeatureUpdateProfileId}
V1 A,D GET /deviceManagement/windowsFeatureUpdateProfiles/{windowsFeatureUpdateProfileId}/assignments
V1 A,D GET /deviceManagement/windowsFeatureUpdateProfiles/{windowsFeatureUpdateProfileId}/assignments/{windowsFeatureUpdateProfileAssignmentId}
V1 A,D GET /deviceManagement/windowsMalwareInformation
V1 A,D GET /deviceManagement/windowsMalwareInformation/{windowsMalwareInformationId}
V1 A,D GET /deviceManagement/windowsMalwareInformation/{windowsMalwareInformationId}/deviceMalwareStates
V1 A,D GET /deviceManagement/windowsMalwareInformation/{windowsMalwareInformationId}/deviceMalwareStates/{malwareStateForWindowsDeviceId}
V1 A,D GET /deviceManagement/windowsQualityUpdateProfiles
V1 A,D GET /deviceManagement/windowsQualityUpdateProfiles/{windowsQualityUpdateProfileId}
V1 A,D GET /deviceManagement/windowsQualityUpdateProfiles/{windowsQualityUpdateProfileId}/assignments
V1 A,D GET /deviceManagement/windowsQualityUpdateProfiles/{windowsQualityUpdateProfileId}/assignments/{windowsQualityUpdateProfileAssignmentId}
V1 A,D GET /deviceManagement/windowsUpdateCatalogItems
V1 A,D GET /deviceManagement/windowsUpdateCatalogItems/{windowsUpdateCatalogItemId}
V1 A,D GET /deviceManagement/zebraFotaArtifacts
V1 A,D GET /deviceManagement/zebraFotaArtifacts/{zebraFotaArtifactId}
V1 A,D GET /deviceManagement/zebraFotaConnector
V1 A,D GET /deviceManagement/zebraFotaDeployments
V1 A,D GET /deviceManagement/zebraFotaDeployments/{zebraFotaDeploymentId}
V1 A,D GET /officeConfiguration/clientConfigurations
V1 A,D GET /officeConfiguration/clientConfigurations/{key}
V1 A,D GET /onPremEncryptedPayloads
V1 A,D GET /onPremEncryptedPayloads/{onPremEncryptedPayloadsId}
V1 A,D GET /organization
V1 A,D GET /organization/{organizationId}
V1 A,D GET /pfxRecryptionRequests
V1 A,D GET /pfxRecryptionRequests/{pfxRecryptionRequestsId}
V1 A,D GET /pfxUserCertificates
V1 A,D GET /pfxUserCertificates/{pfxUserCertificatesId}
V1 A,D GET /RemoteHelpSessionRetrieveResponse
V1 A,D GET /RemoteHelpSessionRetrieveResponse/{RemoteHelpSessionRetrieveResponseId}
V1 A,D GET /reports
V1 A,D GET /reports/deviceConfigurationDeviceActivity
V1 A,D GET /reports/deviceConfigurationUserActivity
V1 A,D GET /RequestRemoteHelpSessionAccessResponse
V1 A,D GET /RequestRemoteHelpSessionAccessResponse/{RequestRemoteHelpSessionAccessResponseId}
V1 A,D GET /roleManagement
V1 A,D GET /roleManagement/deviceManagement
V1 D GET /tenantRelationships/managedTenants/aggregatedPolicyCompliances
V1 D GET /tenantRelationships/managedTenants/deviceCompliancePolicySettingStateSummaries/{deviceCompliancePolicySettingStateSummaryId}
V1 A,D GET /users
V1 A,D GET /users/{usersId}
V1 A,D GET /users/{usersId}/isManagedAppUserBlocked
V1 A,D GET /users/getManagedAppBlockedUsers
V1 A,D PATCH /deviceManagement/deviceComplianceScripts/{deviceComplianceScriptId}/assignments/{deviceHealthScriptAssignmentId}
V1 A,D PATCH /deviceManagement/deviceHealthScripts/{deviceHealthScriptId}
V1 A,D PATCH /deviceManagement/deviceHealthScripts/{deviceHealthScriptId}/assignments/{deviceHealthScriptAssignmentId}
V1 A,D PATCH /deviceManagement/deviceHealthScripts/{deviceHealthScriptId}/deviceRunStates/{deviceHealthScriptDeviceStateId}
V1 A,D PATCH /deviceManagement/deviceHealthScripts/{deviceHealthScriptId}/runSummary
V1 A,D POST /deviceAppManagement/policySets/getPolicySets
V1 A,D POST /deviceAppManagement/windowsManagementApp/setAsManagedInstaller
V1 A,D POST /deviceManagement/assignmentFilters/enable
V1 A,D POST /deviceManagement/certificateConnectorDetails/{certificateConnectorDetailsId}/getHealthMetrics
V1 A,D POST /deviceManagement/certificateConnectorDetails/{certificateConnectorDetailsId}/getHealthMetricTimeSeries
V1 A,D POST /deviceManagement/chromeOSOnboardingSettings/connect
V1 A,D POST /deviceManagement/comanagedDevices/{managedDeviceId}/activateDeviceEsim
V1 A,D POST /deviceManagement/comanagedDevices/{managedDeviceId}/deprovision
V1 A,D POST /deviceManagement/comanagedDevices/{managedDeviceId}/disable
V1 A,D POST /deviceManagement/comanagedDevices/{managedDeviceId}/enrollNowAction
V1 A,D POST /deviceManagement/comanagedDevices/{managedDeviceId}/initiateMobileDeviceManagementKeyRecovery
V1 A,D POST /deviceManagement/comanagedDevices/{managedDeviceId}/reenable
V1 A,D POST /deviceManagement/comanagedDevices/{managedDeviceId}/removeDeviceFirmwareConfigurationInterfaceManagement
V1 A,D POST /deviceManagement/comanagedDevices/downloadAppDiagnostics
V1 A,D POST /deviceManagement/comanagedDevices/executeAction
V1 A,D POST /deviceManagement/comanagedDevices/moveDevicesToOU
V1 A,D POST /deviceManagement/compliancePolicies/{deviceManagementCompliancePolicyId}/setScheduledActions
V1 A,D POST /deviceManagement/configurationPolicies/{deviceManagementConfigurationPolicyId}/reorder
V1 A,D POST /deviceManagement/deviceCompliancePolicies/getNoncompliantDevicesToRetire
V1 POST /deviceManagement/deviceCompliancePolicies/hasPayloadLinks
V1 POST /deviceManagement/deviceCompliancePolicies/refreshDeviceComplianceReportSummarization
V1 A,D POST /deviceManagement/deviceComplianceScripts/{deviceComplianceScriptId}/assignments
V1 A,D POST /deviceManagement/deviceComplianceScripts/{deviceComplianceScriptId}/deviceRunStates/{deviceComplianceScriptDeviceStateId}/managedDevice/activateDeviceEsim
V1 A,D POST /deviceManagement/deviceComplianceScripts/{deviceComplianceScriptId}/deviceRunStates/{deviceComplianceScriptDeviceStateId}/managedDevice/deprovision
V1 A,D POST /deviceManagement/deviceComplianceScripts/{deviceComplianceScriptId}/deviceRunStates/{deviceComplianceScriptDeviceStateId}/managedDevice/disable
V1 A,D POST /deviceManagement/deviceComplianceScripts/{deviceComplianceScriptId}/deviceRunStates/{deviceComplianceScriptDeviceStateId}/managedDevice/enrollNowAction
V1 A,D POST /deviceManagement/deviceComplianceScripts/{deviceComplianceScriptId}/deviceRunStates/{deviceComplianceScriptDeviceStateId}/managedDevice/initiateMobileDeviceManagementKeyRecovery
V1 A,D POST /deviceManagement/deviceComplianceScripts/{deviceComplianceScriptId}/deviceRunStates/{deviceComplianceScriptDeviceStateId}/managedDevice/reenable
V1 A,D POST /deviceManagement/deviceComplianceScripts/{deviceComplianceScriptId}/deviceRunStates/{deviceComplianceScriptDeviceStateId}/managedDevice/removeDeviceFirmwareConfigurationInterfaceManagement
V1 POST /deviceManagement/deviceConfigurations/{deviceConfigurationId}/assignedAccessMultiModeProfiles
V1 POST /deviceManagement/deviceConfigurations/{deviceConfigurationId}/groupAssignments/{deviceConfigurationGroupAssignmentId}/deviceConfiguration/assignedAccessMultiModeProfiles
V1 POST /deviceManagement/deviceConfigurations/{deviceConfigurationId}/microsoft.graph.windowsDomainJoinConfiguration/networkAccessConfigurations/{deviceConfigurationId}/assignedAccessMultiModeProfiles
V1 POST /deviceManagement/deviceConfigurations/{deviceConfigurationId}/microsoft.graph.windowsDomainJoinConfiguration/networkAccessConfigurations/getTargetedUsersAndDevices
V1 POST /deviceManagement/deviceConfigurations/getTargetedUsersAndDevices
V1 POST /deviceManagement/deviceConfigurations/hasPayloadLinks
V1 A,D POST /deviceManagement/deviceEnrollmentConfigurations/createEnrollmentNotificationConfiguration
V1 A,D POST /deviceManagement/deviceHealthScripts
V1 A,D POST /deviceManagement/deviceHealthScripts/{deviceHealthScriptId}/assign
V1 A,D POST /deviceManagement/deviceHealthScripts/{deviceHealthScriptId}/assignments
V1 A,D POST /deviceManagement/deviceHealthScripts/{deviceHealthScriptId}/deviceRunStates
V1 A,D POST /deviceManagement/deviceHealthScripts/{deviceHealthScriptId}/deviceRunStates/{deviceHealthScriptDeviceStateId}/managedDevice/activateDeviceEsim
V1 A,D POST /deviceManagement/deviceHealthScripts/{deviceHealthScriptId}/deviceRunStates/{deviceHealthScriptDeviceStateId}/managedDevice/deprovision
V1 A,D POST /deviceManagement/deviceHealthScripts/{deviceHealthScriptId}/deviceRunStates/{deviceHealthScriptDeviceStateId}/managedDevice/disable
V1 A,D POST /deviceManagement/deviceHealthScripts/{deviceHealthScriptId}/deviceRunStates/{deviceHealthScriptDeviceStateId}/managedDevice/enrollNowAction
V1 A,D POST /deviceManagement/deviceHealthScripts/{deviceHealthScriptId}/deviceRunStates/{deviceHealthScriptDeviceStateId}/managedDevice/initiateMobileDeviceManagementKeyRecovery
V1 A,D POST /deviceManagement/deviceHealthScripts/{deviceHealthScriptId}/deviceRunStates/{deviceHealthScriptDeviceStateId}/managedDevice/reenable
V1 A,D POST /deviceManagement/deviceHealthScripts/{deviceHealthScriptId}/deviceRunStates/{deviceHealthScriptDeviceStateId}/managedDevice/removeDeviceFirmwareConfigurationInterfaceManagement
V1 A,D POST /deviceManagement/deviceHealthScripts/{deviceHealthScriptId}/getGlobalScriptHighestAvailableVersion
V1 A,D POST /deviceManagement/deviceHealthScripts/{deviceHealthScriptId}/updateGlobalScript
V1 A,D POST /deviceManagement/deviceHealthScripts/enableGlobalScripts
V1 A,D POST /deviceManagement/deviceManagementPartners/{deviceManagementPartnerId}/terminate
V1 A,D POST /deviceManagement/deviceManagementScripts/{deviceManagementScriptId}/deviceRunStates/{deviceManagementScriptDeviceStateId}/managedDevice/activateDeviceEsim
V1 A,D POST /deviceManagement/deviceManagementScripts/{deviceManagementScriptId}/deviceRunStates/{deviceManagementScriptDeviceStateId}/managedDevice/deprovision
V1 A,D POST /deviceManagement/deviceManagementScripts/{deviceManagementScriptId}/deviceRunStates/{deviceManagementScriptDeviceStateId}/managedDevice/detectedApps/{detectedAppId}/managedDevices/{managedDeviceId}/activateDeviceEsim
V1 A,D POST /deviceManagement/deviceManagementScripts/{deviceManagementScriptId}/deviceRunStates/{deviceManagementScriptDeviceStateId}/managedDevice/detectedApps/{detectedAppId}/managedDevices/{managedDeviceId}/deprovision
V1 A,D POST /deviceManagement/deviceManagementScripts/{deviceManagementScriptId}/deviceRunStates/{deviceManagementScriptDeviceStateId}/managedDevice/detectedApps/{detectedAppId}/managedDevices/{managedDeviceId}/disable
V1 A,D POST /deviceManagement/deviceManagementScripts/{deviceManagementScriptId}/deviceRunStates/{deviceManagementScriptDeviceStateId}/managedDevice/detectedApps/{detectedAppId}/managedDevices/{managedDeviceId}/enrollNowAction
V1 A,D POST /deviceManagement/deviceManagementScripts/{deviceManagementScriptId}/deviceRunStates/{deviceManagementScriptDeviceStateId}/managedDevice/detectedApps/{detectedAppId}/managedDevices/{managedDeviceId}/initiateMobileDeviceManagementKeyRecovery
V1 A,D POST /deviceManagement/deviceManagementScripts/{deviceManagementScriptId}/deviceRunStates/{deviceManagementScriptDeviceStateId}/managedDevice/detectedApps/{detectedAppId}/managedDevices/{managedDeviceId}/reenable
V1 A,D POST /deviceManagement/deviceManagementScripts/{deviceManagementScriptId}/deviceRunStates/{deviceManagementScriptDeviceStateId}/managedDevice/detectedApps/{detectedAppId}/managedDevices/{managedDeviceId}/removeDeviceFirmwareConfigurationInterfaceManagement
V1 A,D POST /deviceManagement/deviceManagementScripts/{deviceManagementScriptId}/deviceRunStates/{deviceManagementScriptDeviceStateId}/managedDevice/detectedApps/{detectedAppId}/managedDevices/downloadAppDiagnostics
V1 A,D POST /deviceManagement/deviceManagementScripts/{deviceManagementScriptId}/deviceRunStates/{deviceManagementScriptDeviceStateId}/managedDevice/detectedApps/{detectedAppId}/managedDevices/executeAction
V1 A,D POST /deviceManagement/deviceManagementScripts/{deviceManagementScriptId}/deviceRunStates/{deviceManagementScriptDeviceStateId}/managedDevice/detectedApps/{detectedAppId}/managedDevices/moveDevicesToOU
V1 A,D POST /deviceManagement/deviceManagementScripts/{deviceManagementScriptId}/deviceRunStates/{deviceManagementScriptDeviceStateId}/managedDevice/disable
V1 A,D POST /deviceManagement/deviceManagementScripts/{deviceManagementScriptId}/deviceRunStates/{deviceManagementScriptDeviceStateId}/managedDevice/enrollNowAction
V1 A,D POST /deviceManagement/deviceManagementScripts/{deviceManagementScriptId}/deviceRunStates/{deviceManagementScriptDeviceStateId}/managedDevice/initiateMobileDeviceManagementKeyRecovery
V1 A,D POST /deviceManagement/deviceManagementScripts/{deviceManagementScriptId}/deviceRunStates/{deviceManagementScriptDeviceStateId}/managedDevice/logCollectionRequests/{deviceLogCollectionResponseId}/createDownloadUrl
V1 A,D POST /deviceManagement/deviceManagementScripts/{deviceManagementScriptId}/deviceRunStates/{deviceManagementScriptDeviceStateId}/managedDevice/reenable
V1 A,D POST /deviceManagement/deviceManagementScripts/{deviceManagementScriptId}/deviceRunStates/{deviceManagementScriptDeviceStateId}/managedDevice/removeDeviceFirmwareConfigurationInterfaceManagement
V1 A,D POST /deviceManagement/deviceManagementScripts/{deviceManagementScriptId}/deviceRunStates/{deviceManagementScriptDeviceStateId}/managedDevice/users/{userId}/managedDevices/{managedDeviceId}/activateDeviceEsim
V1 A,D POST /deviceManagement/deviceManagementScripts/{deviceManagementScriptId}/deviceRunStates/{deviceManagementScriptDeviceStateId}/managedDevice/users/{userId}/managedDevices/{managedDeviceId}/deprovision
V1 A,D POST /deviceManagement/deviceManagementScripts/{deviceManagementScriptId}/deviceRunStates/{deviceManagementScriptDeviceStateId}/managedDevice/users/{userId}/managedDevices/{managedDeviceId}/disable
V1 A,D POST /deviceManagement/deviceManagementScripts/{deviceManagementScriptId}/deviceRunStates/{deviceManagementScriptDeviceStateId}/managedDevice/users/{userId}/managedDevices/{managedDeviceId}/enrollNowAction
V1 A,D POST /deviceManagement/deviceManagementScripts/{deviceManagementScriptId}/deviceRunStates/{deviceManagementScriptDeviceStateId}/managedDevice/users/{userId}/managedDevices/{managedDeviceId}/initiateMobileDeviceManagementKeyRecovery
V1 A,D POST /deviceManagement/deviceManagementScripts/{deviceManagementScriptId}/deviceRunStates/{deviceManagementScriptDeviceStateId}/managedDevice/users/{userId}/managedDevices/{managedDeviceId}/reenable
V1 A,D POST /deviceManagement/deviceManagementScripts/{deviceManagementScriptId}/deviceRunStates/{deviceManagementScriptDeviceStateId}/managedDevice/users/{userId}/managedDevices/{managedDeviceId}/removeDeviceFirmwareConfigurationInterfaceManagement
V1 A,D POST /deviceManagement/deviceManagementScripts/{deviceManagementScriptId}/deviceRunStates/{deviceManagementScriptDeviceStateId}/managedDevice/users/{userId}/managedDevices/downloadAppDiagnostics
V1 A,D POST /deviceManagement/deviceManagementScripts/{deviceManagementScriptId}/deviceRunStates/{deviceManagementScriptDeviceStateId}/managedDevice/users/{userId}/managedDevices/executeAction
V1 A,D POST /deviceManagement/deviceManagementScripts/{deviceManagementScriptId}/deviceRunStates/{deviceManagementScriptDeviceStateId}/managedDevice/users/{userId}/managedDevices/moveDevicesToOU
V1 POST /deviceManagement/deviceManagementScripts/hasPayloadLinks
V1 A,D POST /deviceManagement/enableAndroidDeviceAdministratorEnrollment
V1 A,D POST /deviceManagement/evaluateAssignmentFilter
V1 A,D POST /deviceManagement/getAssignmentFiltersStatusDetails
V1 A,D POST /deviceManagement/groupPolicyMigrationReports/{groupPolicyMigrationReportId}/updateScopeTags
V1 A,D POST /deviceManagement/hardwareConfigurations/{hardwareConfigurationId}/assignHardwareConfiguration
V1 A,D POST /deviceManagement/managedDevices/{managedDeviceId}/activateDeviceEsim
V1 A,D POST /deviceManagement/managedDevices/{managedDeviceId}/deprovision
V1 A,D POST /deviceManagement/managedDevices/{managedDeviceId}/disable
V1 A,D POST /deviceManagement/managedDevices/{managedDeviceId}/enrollNowAction
V1 A,D POST /deviceManagement/managedDevices/{managedDeviceId}/initiateMobileDeviceManagementKeyRecovery
V1 A,D POST /deviceManagement/managedDevices/{managedDeviceId}/reenable
V1 A,D POST /deviceManagement/managedDevices/{managedDeviceId}/removeDeviceFirmwareConfigurationInterfaceManagement
V1 A,D POST /deviceManagement/managedDevices/downloadAppDiagnostics
V1 A,D POST /deviceManagement/managedDevices/executeAction
V1 A,D POST /deviceManagement/managedDevices/moveDevicesToOU
V1 A,D POST /deviceManagement/microsoftTunnelServerLogCollectionResponses/{microsoftTunnelServerLogCollectionResponseId}/createDownloadUrl
V1 A,D POST /deviceManagement/microsoftTunnelServerLogCollectionResponses/{microsoftTunnelServerLogCollectionResponseId}/generateDownloadUrl
V1 A,D POST /deviceManagement/microsoftTunnelSites/{microsoftTunnelSiteId}/microsoftTunnelServers/{microsoftTunnelServerId}/createServerLogCollectionRequest
V1 A,D POST /deviceManagement/microsoftTunnelSites/{microsoftTunnelSiteId}/microsoftTunnelServers/{microsoftTunnelServerId}/generateServerLogCollectionRequest
V1 A,D POST /deviceManagement/microsoftTunnelSites/{microsoftTunnelSiteId}/microsoftTunnelServers/{microsoftTunnelServerId}/getHealthMetrics
V1 A,D POST /deviceManagement/microsoftTunnelSites/{microsoftTunnelSiteId}/microsoftTunnelServers/{microsoftTunnelServerId}/getHealthMetricTimeSeries
V1 A,D POST /deviceManagement/microsoftTunnelSites/{microsoftTunnelSiteId}/requestUpgrade
V1 A,D POST /deviceManagement/mobileAppTroubleshootingEvents/{mobileAppTroubleshootingEventId}/appLogCollectionRequests/{appLogCollectionRequestId}/createDownloadUrl
V1 A,D POST /deviceManagement/oemWarrantyInformationOnboarding/{oemWarrantyInformationOnboardingId}/disable
V1 A,D POST /deviceManagement/oemWarrantyInformationOnboarding/{oemWarrantyInformationOnboardingId}/enable
V1 A,D POST /deviceManagement/operationApprovalRequests/{operationApprovalRequestId}/approve
V1 A,D POST /deviceManagement/operationApprovalRequests/{operationApprovalRequestId}/cancelApproval
V1 A,D POST /deviceManagement/operationApprovalRequests/{operationApprovalRequestId}/reject
V1 A,D POST /deviceManagement/operationApprovalRequests/cancelMyRequest
V1 A,D POST /deviceManagement/operationApprovalRequests/getRequestStatus
V1 A,D POST /deviceManagement/reportRemoteAssistance
V1 A,D POST /deviceManagement/reports/getCachedReport
V1 A,D POST /deviceManagement/reports/getCompliancePolicyNonComplianceReport
V1 A,D POST /deviceManagement/reports/getCompliancePolicyNonComplianceSummaryReport
V1 A,D POST /deviceManagement/reports/getComplianceSettingNonComplianceReport
V1 A,D POST /deviceManagement/reports/getConfigurationPolicyNonComplianceReport
V1 A,D POST /deviceManagement/reports/getConfigurationPolicyNonComplianceSummaryReport
V1 A,D POST /deviceManagement/reports/getConfigurationSettingNonComplianceReport
V1 A,D POST /deviceManagement/reports/getDeviceManagementIntentPerSettingContributingProfiles
V1 A,D POST /deviceManagement/reports/getDeviceManagementIntentSettingsReport
V1 A,D POST /deviceManagement/reports/getDeviceNonComplianceReport
V1 A,D POST /deviceManagement/reports/getDevicesWithoutCompliancePolicyReport
V1 A,D POST /deviceManagement/reports/getGroupPolicySettingsDeviceSettingsReport
V1 A,D POST /deviceManagement/reports/getHistoricalReport
V1 A,D POST /deviceManagement/reports/getMobileApplicationManagementAppConfigurationReport
V1 A,D POST /deviceManagement/reports/getMobileApplicationManagementAppRegistrationSummaryReport
V1 A,D POST /deviceManagement/reports/getNoncompliantDevicesAndSettingsReport
V1 A,D POST /deviceManagement/reports/getPolicyNonComplianceMetadata
V1 A,D POST /deviceManagement/reports/getPolicyNonComplianceReport
V1 A,D POST /deviceManagement/reports/getPolicyNonComplianceSummaryReport
V1 A,D POST /deviceManagement/reports/getRemoteAssistanceMonitorActiveSessionsReport
V1 A,D POST /deviceManagement/reports/getRemoteAssistanceMonitorAvgSessionTimeReport
V1 A,D POST /deviceManagement/reports/getRemoteAssistanceMonitorTotalSessionsReport
V1 A,D POST /deviceManagement/reports/getRemoteAssistanceSessionsReport
V1 A,D POST /deviceManagement/reports/getReportFilters
V1 A,D POST /deviceManagement/reports/getSettingNonComplianceReport
V1 A,D POST /deviceManagement/reports/getZebraFotaDeploymentReport
V1 A,D POST /deviceManagement/reusablePolicySettings/{deviceManagementReusablePolicySettingId}/clone
V1 A,D POST /deviceManagement/reusablePolicySettings/{deviceManagementReusablePolicySettingId}/referencingConfigurationPolicies/{deviceManagementConfigurationPolicyId}/reorder
V1 A,D POST /deviceManagement/roleDefinitions/{roleDefinitionId}/roleAssignments/{roleAssignmentId}/microsoft.graph.deviceAndAppManagementRoleAssignment/roleScopeTags/getRoleScopeTagsById
V1 A,D POST /deviceManagement/roleScopeTags/getRoleScopeTagsById
V1 A,D POST /deviceManagement/tenantAttachRBAC/enable
V1 A,D POST /deviceManagement/userExperienceAnalyticsDeviceScope/triggerDeviceScopeAction
V1 A,D POST /deviceManagement/userExperienceAnalyticsDeviceScopes/{userExperienceAnalyticsDeviceScopeId}/triggerDeviceScopeAction
V1 A,D POST /deviceManagement/windowsDriverUpdateProfiles/{windowsDriverUpdateProfileId}/executeAction
V1 A,D POST /deviceManagement/windowsDriverUpdateProfiles/{windowsDriverUpdateProfileId}/syncInventory
V1 A,D POST /deviceManagement/zebraFotaConnector/approveFotaApps
V1 A,D POST /deviceManagement/zebraFotaConnector/connect
V1 A,D POST /deviceManagement/zebraFotaConnector/hasActiveDeployments
V1 A,D POST /deviceManagement/zebraFotaDeployments/{zebraFotaDeploymentId}/cancel
V1 A,D POST /users/{usersId}/wipeManagedAppRegistrationsByAzureAdDeviceId

Delegate Permission

Id f1493658-876a-4c87-8fa7-edb559b3476a
Consent Type Admin
Display String Read Microsoft Intune Device Configuration and Policies
Description Allows the app to read properties of Microsoft Intune-managed device configuration and device compliance policies and their assignment to groups.

Application Permission

Id dc377aa6-52d8-4e23-b271-2a7ae04cedf3
Display String Read Microsoft Intune device configuration and policies
Description Allows the app to read properties of Microsoft Intune-managed device configuration and device compliance policies and their assignment to groups, without a signed-in user.

Resources

androidDeviceOwnerEnrollmentProfile

Property Type Description
accountId String Tenant GUID the enrollment profile belongs to.
id String Unique GUID for the enrollment profile.
displayName String Display name for the enrollment profile.
description String Description for the enrollment profile.
enrollmentMode androidDeviceOwnerEnrollmentMode The enrollment mode of devices that use this enrollment profile. Possible values are: corporateOwnedDedicatedDevice, corporateOwnedFullyManaged, corporateOwnedWorkProfile, corporateOwnedAOSPUserlessDevice, corporateOwnedAOSPUserAssociatedDevice.
enrollmentTokenType androidDeviceOwnerEnrollmentTokenType The enrollment token type for an enrollment profile. Possible values are: default, corporateOwnedDedicatedDeviceWithAzureADSharedMode.
createdDateTime DateTimeOffset Date time the enrollment profile was created.
lastModifiedDateTime DateTimeOffset Date time the enrollment profile was last modified.
tokenValue String Value of the most recently created token for this enrollment profile.
tokenCreationDateTime DateTimeOffset Date time the most recently created token was created.
tokenExpirationDateTime DateTimeOffset Date time the most recently created token will expire.
enrolledDeviceCount Int32 Total number of Android devices that have enrolled using this enrollment profile.
enrollmentTokenUsageCount Int32 Total number of AOSP devices that have enrolled using the current token.
qrCodeContent String String used to generate a QR code for the token.
qrCodeImage mimeContent String used to generate a QR code for the token.
roleScopeTagIds String collection List of Scope Tags for this Entity instance.
configureWifi Boolean Boolean that indicates that the Wi-Fi network should be configured during device provisioning. When set to TRUE, device provisioning will use Wi-Fi related properties to automatically connect to Wi-Fi networks. When set to FALSE or undefined, other Wi-Fi related properties will be ignored. Default value is TRUE. Returned by default.
wifiSsid String String that contains the wi-fi login ssid
wifiPassword String String that contains the wi-fi login password
wifiSecurityType aospWifiSecurityType String that contains the wi-fi security type. Possible values are: none, wpa, wep.
wifiHidden Boolean Boolean that indicates if hidden wifi networks are enabled
isTeamsDeviceProfile Boolean Boolean indicating if this profile is an Android AOSP for Teams device profile.

androidForWorkAppConfigurationSchema

Property Type Description
id String Key of the entity the Android package name for the application the schema corresponds to
exampleJson Binary UTF8 encoded byte array containing example JSON string conforming to this schema that demonstrates how to set the configuration for this app
schemaItems androidForWorkAppConfigurationSchemaItem collection Collection of items each representing a named configuration option in the schema

androidForWorkEnrollmentProfile

Property Type Description
accountId String Tenant GUID the enrollment profile belongs to.
id String Unique GUID for the enrollment profile.
displayName String Display name for the enrollment profile.
description String Description for the enrollment profile.
createdDateTime DateTimeOffset Date time the enrollment profile was created.
lastModifiedDateTime DateTimeOffset Date time the enrollment profile was last modified.
tokenValue String Value of the most recently created token for this enrollment profile.
tokenExpirationDateTime DateTimeOffset Date time the most recently created token will expire.
enrolledDeviceCount Int32 Total number of Android devices that have enrolled using this enrollment profile.
qrCodeContent String String used to generate a QR code for the token.
qrCodeImage mimeContent String used to generate a QR code for the token.

androidForWorkSettings

Property Type Description
id String The Android for Work settings identifier
bindStatus androidForWorkBindStatus Bind status of the tenant with the Google EMM API. Possible values are: notBound, bound, boundAndValidated, unbinding.
lastAppSyncDateTime DateTimeOffset Last completion time for app sync
lastAppSyncStatus androidForWorkSyncStatus Last application sync result. Possible values are: success, credentialsNotValid, androidForWorkApiError, managementServiceError, unknownError, none.
ownerUserPrincipalName String Owner UPN that created the enterprise
ownerOrganizationName String Organization name used when onboarding Android for Work
lastModifiedDateTime DateTimeOffset Last modification time for Android for Work settings
enrollmentTarget androidForWorkEnrollmentTarget Indicates which users can enroll devices in Android for Work device management. Possible values are: none, all, targeted, targetedAsEnrollmentRestrictions.
targetGroupIds String collection Specifies which AAD groups can enroll devices in Android for Work device management if enrollmentTarget is set to 'Targeted'
deviceOwnerManagementEnabled Boolean Indicates if this account is flighting for Android Device Owner Management with CloudDPC.

androidManagedStoreAccountEnterpriseSettings

Property Type Description
id String The Android store account enterprise settings identifier
bindStatus androidManagedStoreAccountBindStatus Bind status of the tenant with the Google EMM API. Possible values are: notBound, bound, boundAndValidated, unbinding.
lastAppSyncDateTime DateTimeOffset Last completion time for app sync
lastAppSyncStatus androidManagedStoreAccountAppSyncStatus Last application sync result. Possible values are: success, credentialsNotValid, androidForWorkApiError, managementServiceError, unknownError, none.
ownerUserPrincipalName String Owner UPN that created the enterprise
ownerOrganizationName String Organization name used when onboarding Android Enterprise
lastModifiedDateTime DateTimeOffset Last modification time for Android enterprise settings
enrollmentTarget androidManagedStoreAccountEnrollmentTarget Indicates which users can enroll devices in Android Enterprise device management. Possible values are: none, all, targeted, targetedAsEnrollmentRestrictions.
targetGroupIds String collection Specifies which AAD groups can enroll devices in Android for Work device management if enrollmentTarget is set to 'Targeted'
deviceOwnerManagementEnabled Boolean Indicates if this account is flighting for Android Device Owner Management with CloudDPC.
companyCodes androidEnrollmentCompanyCode collection Company codes for AndroidManagedStoreAccountEnterpriseSettings
androidDeviceOwnerFullyManagedEnrollmentEnabled Boolean Company codes for AndroidManagedStoreAccountEnterpriseSettings
managedGooglePlayInitialScopeTagIds String collection Initial scope tags for MGP apps

androidManagedStoreAppConfigurationSchema

Property Type Description
id String Key of the entity the Android package name for the application the schema corresponds to
exampleJson Binary UTF8 encoded byte array containing example JSON string conforming to this schema that demonstrates how to set the configuration for this app
schemaItems androidManagedStoreAppConfigurationSchemaItem collection Collection of items each representing a named configuration option in the schema. It only contains the root-level configuration.
nestedSchemaItems androidManagedStoreAppConfigurationSchemaItem collection Collection of items each representing a named configuration option in the schema. It contains a flat list of all configuration.

deviceManagement

Property Type Description
id String Not yet documented

deviceManagementReports

Property Type Description

zebraFotaArtifact

Property Type Description
id String Artifact unique ID from Zebra
deviceModel String Applicable device model (e.g.: TC8300)
osVersion String Artifact OS version (e.g.: 8.1.0)
patchVersion String Artifact patch version (e.g.: U00)
boardSupportPackageVersion String The version of the Board Support Package (BSP. E.g.: 01.18.02.00)
releaseNotesUrl String Artifact release notes URL (e.g.: https://www.zebra.com/<filename.pdf>)
description String Artifact description. (e.g.: `LifeGuard Update 98 (released 24-September-2021)

zebraFotaConnector

Property Type Description
id String Id of ZebraFotaConnector.
state zebraFotaConnectorState The Zebra connector state. Possible values are: none, connected, disconnected, unknownFutureValue.
enrollmentToken String Tenant enrollment token from Zebra. The token is used to enroll Zebra devices in the FOTA Service via app config.
enrollmentAuthorizationUrl String Complete account enrollment authorization URL. This corresponds to verification_uri_complete in the Zebra API documentations.
lastSyncDateTime DateTimeOffset Date and time when the account was last synched with Zebra
fotaAppsApproved Boolean Flag indicating if required Firmware Over-the-Air (FOTA) Apps have been approved.

zebraFotaDeployment

Property Type Description
id String System generated deployment id provided during creation of the deployment. Returned only if operation was a success.
displayName String A human readable name of the deployment.
description String A human readable description of the deployment.
deploymentSettings zebraFotaDeploymentSettings Represents settings required to create a deployment such as deployment type, artifact info, download and installation
deploymentAssignments androidFotaDeploymentAssignment collection Collection of Android FOTA Assignment
deploymentStatus zebraFotaDeploymentStatus Represents the deployment status from Zebra. The status is a high level status of the deployment as opposed being a detailed status per device.

chromeOSOnboardingSettings

Property Type Description
id String The ChromebookTenant's Id
ownerUserPrincipalName String The ChromebookTenant's OwnerUserPrincipalName
onboardingStatus onboardingStatus The ChromebookTenant's OnboardingStatus. Possible values are: unknown, inprogress, onboarded, failed, offboarding, unknownFutureValue.
lastModifiedDateTime DateTimeOffset The ChromebookTenant's LastModifiedDateTime
lastDirectorySyncDateTime DateTimeOffset The ChromebookTenant's LastDirectorySyncDateTime

intune-chromebooksync-chromeosonboardingstatus

officeClientConfiguration

Property Type Description
id String Id of the office client configuration policy.
userPreferencePayload Stream Preference settings JSON string in binary format, these values can be overridden by the user.
policyPayload Stream Policy settings JSON string in binary format, these values cannot be changed by the user.
description String Not yet documented
displayName String Admin provided description of the office client configuration policy.
lastModifiedDateTime DateTime Last modified datetime stamp of the policy.
priority Int32 Priority value should be unique value for each policy under a tenant and will be used for conflict resolution, lower values mean priority is high.
userCheckinSummary officeUserCheckinSummary User check-in summary for the policy.
checkinStatuses officeClientCheckinStatus collection List of office Client check-in status.

windowsOfficeClientConfiguration

Property Type Description
id String Id of the office client configuration policy. Inherited from officeClientConfiguration
userPreferencePayload Stream Preference settings JSON string in binary format, these values can be overridden by the user. Inherited from officeClientConfiguration
policyPayload Stream Policy settings JSON string in binary format, these values cannot be changed by the user. Inherited from officeClientConfiguration
description String Admin provided description of the office client configuration policy. Inherited from officeClientConfiguration
displayName String Admin provided name of the office client configuration policy. Inherited from officeClientConfiguration
priority Int32 Priority value should be unique value for each policy under a tenant and will be used for conflict resolution, lower values mean priority is high. Inherited from officeClientConfiguration
lastModifiedDateTime DateTime Last modified datetime stamp of the policy. Inherited from officeClientConfiguration
userCheckinSummary officeUserCheckinSummary User check-in summary for the policy. Inherited from officeClientConfiguration
checkinStatuses officeClientCheckinStatus collection List of office Client check-in status. Inherited from officeClientConfiguration

windowsOfficeClientSecurityConfiguration

Property Type Description
id String Id of the office client configuration policy. Inherited from officeClientConfiguration
userPreferencePayload Stream Preference settings JSON string in binary format, these values can be overridden by the user. Inherited from officeClientConfiguration
policyPayload Stream Policy settings JSON string in binary format, these values cannot be changed by the user. Inherited from officeClientConfiguration
description String Admin provided description of the office client configuration policy. Inherited from officeClientConfiguration
displayName String Admin provided name of the office client configuration policy. Inherited from officeClientConfiguration
priority Int32 Priority value should be unique value for each policy under a tenant and will be used for conflict resolution, lower values mean priority is high. Inherited from officeClientConfiguration
lastModifiedDateTime DateTime Last modified datetime stamp of the policy. Inherited from officeClientConfiguration
userCheckinSummary officeUserCheckinSummary User check-in summary for the policy. Inherited from officeClientConfiguration
checkinStatuses officeClientCheckinStatus collection List of office Client check-in status. Inherited from officeClientConfiguration

advancedThreatProtectionOnboardingDeviceSettingState

Property Type Description
id String Key of the entity
platformType deviceType Device platform type. Possible values are: desktop, windowsRT, winMO6, nokia, windowsPhone, mac, winCE, winEmbedded, iPhone, iPad, iPod, android, iSocConsumer, unix, macMDM, holoLens, surfaceHub, androidForWork, androidEnterprise, windows10x, androidnGMS, chromeOS, linux, blackberry, palm, unknown, cloudPC.
setting String The setting class name and property name.
settingName String The Setting Name that is being reported
deviceId String The Device Id that is being reported
deviceName String The Device Name that is being reported
userId String The user Id that is being reported
userEmail String The User email address that is being reported
userName String The User Name that is being reported
userPrincipalName String The User PrincipalName that is being reported
deviceModel String The device model that is being reported
state complianceStatus The compliance state of the setting. Possible values are: unknown, notApplicable, compliant, remediated, nonCompliant, error, conflict, notAssigned.
complianceGracePeriodExpirationDateTime DateTimeOffset The DateTime when device compliance grace period expires

advancedThreatProtectionOnboardingStateSummary

Property Type Description
id String Unique Identifier
unknownDeviceCount Int32 Number of unknown devices
notApplicableDeviceCount Int32 Number of not applicable devices
compliantDeviceCount Int32 Number of compliant devices
remediatedDeviceCount Int32 Number of remediated devices
nonCompliantDeviceCount Int32 Number of NonCompliant devices
errorDeviceCount Int32 Number of error devices
conflictDeviceCount Int32 Number of conflict devices
notAssignedDeviceCount Int32 Number of not assigned devices

androidCertificateProfileBase

Property Type Description
id String Key of the entity. Inherited from deviceConfiguration
lastModifiedDateTime DateTimeOffset DateTime the object was last modified. Inherited from deviceConfiguration
roleScopeTagIds String collection List of Scope Tags for this Entity instance. Inherited from deviceConfiguration
supportsScopeTags Boolean Indicates whether or not the underlying Device Configuration supports the assignment of scope tags. Assigning to the ScopeTags property is not allowed when this value is false and entities will not be visible to scoped users. This occurs for Legacy policies created in Silverlight and can be resolved by deleting and recreating the policy in the Azure Portal. This property is read-only. Inherited from deviceConfiguration
deviceManagementApplicabilityRuleOsEdition deviceManagementApplicabilityRuleOsEdition The OS edition applicability for this Policy. Inherited from deviceConfiguration
deviceManagementApplicabilityRuleOsVersion deviceManagementApplicabilityRuleOsVersion The OS version applicability rule for this Policy. Inherited from deviceConfiguration
deviceManagementApplicabilityRuleDeviceMode deviceManagementApplicabilityRuleDeviceMode The device mode applicability rule for this Policy. Inherited from deviceConfiguration
createdDateTime DateTimeOffset DateTime the object was created. Inherited from deviceConfiguration
description String Admin provided description of the Device Configuration. Inherited from deviceConfiguration
displayName String Admin provided name of the device configuration. Inherited from deviceConfiguration
version Int32 Version of the device configuration. Inherited from deviceConfiguration
renewalThresholdPercentage Int32 Certificate renewal threshold percentage. Valid values 1 to 99
subjectNameFormat subjectNameFormat Certificate Subject Name Format. Possible values are: commonName, commonNameIncludingEmail, commonNameAsEmail, custom, commonNameAsIMEI, commonNameAsSerialNumber, commonNameAsAadDeviceId, commonNameAsIntuneDeviceId, commonNameAsDurableDeviceId.
subjectAlternativeNameType subjectAlternativeNameType Certificate Subject Alternative Name Type. Possible values are: none, emailAddress, userPrincipalName, customAzureADAttribute, domainNameService, universalResourceIdentifier.
certificateValidityPeriodValue Int32 Value for the Certificate Validity Period.
certificateValidityPeriodScale certificateValidityPeriodScale Scale for the Certificate Validity Period. Possible values are: days, months, years.
extendedKeyUsages extendedKeyUsage collection Extended Key Usage (EKU) settings. This collection can contain a maximum of 500 elements.

androidCompliancePolicy

Property Type Description
id String Key of the entity. Inherited from deviceCompliancePolicy
createdDateTime DateTimeOffset DateTime the object was created. Inherited from deviceCompliancePolicy
description String Admin provided description of the Device Configuration. Inherited from deviceCompliancePolicy
lastModifiedDateTime DateTimeOffset DateTime the object was last modified. Inherited from deviceCompliancePolicy
displayName String Admin provided name of the device configuration. Inherited from deviceCompliancePolicy
version Int32 Version of the device configuration. Inherited from deviceCompliancePolicy
passwordRequired Boolean Require a password to unlock device.
passwordMinimumLength Int32 Minimum password length. Valid values 4 to 16
passwordRequiredType androidRequiredPasswordType Type of characters in password. Possible values are: deviceDefault, alphabetic, alphanumeric, alphanumericWithSymbols, lowSecurityBiometric, numeric, numericComplex, any.
passwordMinutesOfInactivityBeforeLock Int32 Minutes of inactivity before a password is required.
passwordExpirationDays Int32 Number of days before the password expires. Valid values 1 to 365
passwordPreviousPasswordBlockCount Int32 Number of previous passwords to block. Valid values 1 to 24
securityPreventInstallAppsFromUnknownSources Boolean Require that devices disallow installation of apps from unknown sources.
securityDisableUsbDebugging Boolean Disable USB debugging on Android devices.
securityRequireVerifyApps Boolean Require the Android Verify apps feature is turned on.
deviceThreatProtectionEnabled Boolean Require that devices have enabled device threat protection.
deviceThreatProtectionRequiredSecurityLevel deviceThreatProtectionLevel Require Mobile Threat Protection minimum risk level to report noncompliance. Possible values are: unavailable, secured, low, medium, high, notSet.
securityBlockJailbrokenDevices Boolean Devices must not be jailbroken or rooted.
osMinimumVersion String Minimum Android version.
osMaximumVersion String Maximum Android version.
minAndroidSecurityPatchLevel String Minimum Android security patch level.
storageRequireEncryption Boolean Require encryption on Android devices.
securityRequireSafetyNetAttestationBasicIntegrity Boolean Require the device to pass the SafetyNet basic integrity check.
securityRequireSafetyNetAttestationCertifiedDevice Boolean Require the device to pass the SafetyNet certified device check.
securityRequireGooglePlayServices Boolean Require Google Play Services to be installed and enabled on the device.
securityRequireUpToDateSecurityProviders Boolean Require the device to have up to date security providers. The device will require Google Play Services to be enabled and up to date.
securityRequireCompanyPortalAppIntegrity Boolean Require the device to pass the Company Portal client app runtime integrity check.

androidCustomConfiguration

Property Type Description
id String Key of the entity. Inherited from deviceConfiguration
lastModifiedDateTime DateTimeOffset DateTime the object was last modified. Inherited from deviceConfiguration
createdDateTime DateTimeOffset DateTime the object was created. Inherited from deviceConfiguration
description String Admin provided description of the Device Configuration. Inherited from deviceConfiguration
displayName String Admin provided name of the device configuration. Inherited from deviceConfiguration
version Int32 Version of the device configuration. Inherited from deviceConfiguration
omaSettings omaSetting collection OMA settings. This collection can contain a maximum of 1000 elements.

androidDeviceOwnerCertificateProfileBase

Property Type Description
id String Key of the entity. Inherited from deviceConfiguration
lastModifiedDateTime DateTimeOffset DateTime the object was last modified. Inherited from deviceConfiguration
roleScopeTagIds String collection List of Scope Tags for this Entity instance. Inherited from deviceConfiguration
supportsScopeTags Boolean Indicates whether or not the underlying Device Configuration supports the assignment of scope tags. Assigning to the ScopeTags property is not allowed when this value is false and entities will not be visible to scoped users. This occurs for Legacy policies created in Silverlight and can be resolved by deleting and recreating the policy in the Azure Portal. This property is read-only. Inherited from deviceConfiguration
deviceManagementApplicabilityRuleOsEdition deviceManagementApplicabilityRuleOsEdition The OS edition applicability for this Policy. Inherited from deviceConfiguration
deviceManagementApplicabilityRuleOsVersion deviceManagementApplicabilityRuleOsVersion The OS version applicability rule for this Policy. Inherited from deviceConfiguration
deviceManagementApplicabilityRuleDeviceMode deviceManagementApplicabilityRuleDeviceMode The device mode applicability rule for this Policy. Inherited from deviceConfiguration
createdDateTime DateTimeOffset DateTime the object was created. Inherited from deviceConfiguration
description String Admin provided description of the Device Configuration. Inherited from deviceConfiguration
displayName String Admin provided name of the device configuration. Inherited from deviceConfiguration
version Int32 Version of the device configuration. Inherited from deviceConfiguration
renewalThresholdPercentage Int32 Certificate renewal threshold percentage. Valid values 1 to 99
subjectNameFormat subjectNameFormat Certificate Subject Name Format. Possible values are: commonName, commonNameIncludingEmail, commonNameAsEmail, custom, commonNameAsIMEI, commonNameAsSerialNumber, commonNameAsAadDeviceId, commonNameAsIntuneDeviceId, commonNameAsDurableDeviceId.
certificateValidityPeriodValue Int32 Value for the Certificate Validity Period.
certificateValidityPeriodScale certificateValidityPeriodScale Scale for the Certificate Validity Period. Possible values are: days, months, years.
extendedKeyUsages extendedKeyUsage collection Extended Key Usage (EKU) settings. This collection can contain a maximum of 500 elements.
subjectAlternativeNameType subjectAlternativeNameType Certificate Subject Alternative Name Type. Possible values are: none, emailAddress, userPrincipalName, customAzureADAttribute, domainNameService, universalResourceIdentifier.

androidDeviceOwnerCompliancePolicy

Property Type Description
roleScopeTagIds String collection List of Scope Tags for this Entity instance. Inherited from deviceCompliancePolicy
id String Key of the entity. Inherited from deviceCompliancePolicy
createdDateTime DateTimeOffset DateTime the object was created. Inherited from deviceCompliancePolicy
description String Admin provided description of the Device Configuration. Inherited from deviceCompliancePolicy
lastModifiedDateTime DateTimeOffset DateTime the object was last modified. Inherited from deviceCompliancePolicy
displayName String Admin provided name of the device configuration. Inherited from deviceCompliancePolicy
version Int32 Version of the device configuration. Inherited from deviceCompliancePolicy
deviceThreatProtectionEnabled Boolean Require that devices have enabled device threat protection.
deviceThreatProtectionRequiredSecurityLevel deviceThreatProtectionLevel Require Mobile Threat Protection minimum risk level to report noncompliance. Possible values are: unavailable, secured, low, medium, high, notSet.
advancedThreatProtectionRequiredSecurityLevel deviceThreatProtectionLevel MDATP Require Mobile Threat Protection minimum risk level to report noncompliance. Possible values are: unavailable, secured, low, medium, high, notSet.
securityRequireSafetyNetAttestationBasicIntegrity Boolean Require the device to pass the SafetyNet basic integrity check.
securityRequireSafetyNetAttestationCertifiedDevice Boolean Require the device to pass the SafetyNet certified device check.
osMinimumVersion String Minimum Android version.
osMaximumVersion String Maximum Android version.
minAndroidSecurityPatchLevel String Minimum Android security patch level.
passwordRequired Boolean Require a password to unlock device.
passwordMinimumLength Int32 Minimum password length. Valid values 4 to 16
passwordMinimumLetterCharacters Int32 Indicates the minimum number of letter characters required for device password. Valid values 1 to 16
passwordMinimumLowerCaseCharacters Int32 Indicates the minimum number of lower case characters required for device password. Valid values 1 to 16
passwordMinimumNonLetterCharacters Int32 Indicates the minimum number of non-letter characters required for device password. Valid values 1 to 16
passwordMinimumNumericCharacters Int32 Indicates the minimum number of numeric characters required for device password. Valid values 1 to 16
passwordMinimumSymbolCharacters Int32 Indicates the minimum number of symbol characters required for device password. Valid values 1 to 16
passwordMinimumUpperCaseCharacters Int32 Indicates the minimum number of upper case letter characters required for device password. Valid values 1 to 16
passwordRequiredType androidDeviceOwnerRequiredPasswordType Type of characters in password. Possible values are: deviceDefault, required, numeric, numericComplex, alphabetic, alphanumeric, alphanumericWithSymbols, lowSecurityBiometric, customPassword.
passwordMinutesOfInactivityBeforeLock Int32 Minutes of inactivity before a password is required.
passwordExpirationDays Int32 Number of days before the password expires. Valid values 1 to 365
passwordPreviousPasswordCountToBlock Int32 Number of previous passwords to block. Valid values 1 to 24
storageRequireEncryption Boolean Require encryption on Android devices.
securityRequireIntuneAppIntegrity Boolean If setting is set to true, checks that the Intune app installed on fully managed, dedicated, or corporate-owned work profile Android Enterprise enrolled devices, is the one provided by Microsoft from the Managed Google Playstore. If the check fails, the device will be reported as non-compliant.

androidDeviceOwnerDerivedCredentialAuthenticationConfiguration

Property Type Description
id String Key of the entity. Inherited from deviceConfiguration
lastModifiedDateTime DateTimeOffset DateTime the object was last modified. Inherited from deviceConfiguration
roleScopeTagIds String collection List of Scope Tags for this Entity instance. Inherited from deviceConfiguration
supportsScopeTags Boolean Indicates whether or not the underlying Device Configuration supports the assignment of scope tags. Assigning to the ScopeTags property is not allowed when this value is false and entities will not be visible to scoped users. This occurs for Legacy policies created in Silverlight and can be resolved by deleting and recreating the policy in the Azure Portal. This property is read-only. Inherited from deviceConfiguration
deviceManagementApplicabilityRuleOsEdition deviceManagementApplicabilityRuleOsEdition The OS edition applicability for this Policy. Inherited from deviceConfiguration
deviceManagementApplicabilityRuleOsVersion deviceManagementApplicabilityRuleOsVersion The OS version applicability rule for this Policy. Inherited from deviceConfiguration
deviceManagementApplicabilityRuleDeviceMode deviceManagementApplicabilityRuleDeviceMode The device mode applicability rule for this Policy. Inherited from deviceConfiguration
createdDateTime DateTimeOffset DateTime the object was created. Inherited from deviceConfiguration
description String Admin provided description of the Device Configuration. Inherited from deviceConfiguration
displayName String Admin provided name of the device configuration. Inherited from deviceConfiguration
version Int32 Version of the device configuration. Inherited from deviceConfiguration
certificateAccessType androidDeviceOwnerCertificateAccessType Certificate access type. Possible values are: userApproval, specificApps, unknownFutureValue.
silentCertificateAccessDetails androidDeviceOwnerSilentCertificateAccess collection Certificate access information. This collection can contain a maximum of 50 elements.

androidDeviceOwnerEnterpriseWiFiConfiguration

Property Type Description
id String Key of the entity. Inherited from deviceConfiguration
lastModifiedDateTime DateTimeOffset DateTime the object was last modified. Inherited from deviceConfiguration
roleScopeTagIds String collection List of Scope Tags for this Entity instance. Inherited from deviceConfiguration
supportsScopeTags Boolean Indicates whether or not the underlying Device Configuration supports the assignment of scope tags. Assigning to the ScopeTags property is not allowed when this value is false and entities will not be visible to scoped users. This occurs for Legacy policies created in Silverlight and can be resolved by deleting and recreating the policy in the Azure Portal. This property is read-only. Inherited from deviceConfiguration
deviceManagementApplicabilityRuleOsEdition deviceManagementApplicabilityRuleOsEdition The OS edition applicability for this Policy. Inherited from deviceConfiguration
deviceManagementApplicabilityRuleOsVersion deviceManagementApplicabilityRuleOsVersion The OS version applicability rule for this Policy. Inherited from deviceConfiguration
deviceManagementApplicabilityRuleDeviceMode deviceManagementApplicabilityRuleDeviceMode The device mode applicability rule for this Policy. Inherited from deviceConfiguration
createdDateTime DateTimeOffset DateTime the object was created. Inherited from deviceConfiguration
description String Admin provided description of the Device Configuration. Inherited from deviceConfiguration
displayName String Admin provided name of the device configuration. Inherited from deviceConfiguration
version Int32 Version of the device configuration. Inherited from deviceConfiguration
networkName String Network Name Inherited from androidDeviceOwnerWiFiConfiguration
ssid String This is the name of the Wi-Fi network that is broadcast to all devices. Inherited from androidDeviceOwnerWiFiConfiguration
connectAutomatically Boolean Connect automatically when this network is in range. Setting this to true will skip the user prompt and automatically connect the device to Wi-Fi network. Inherited from androidDeviceOwnerWiFiConfiguration
connectWhenNetworkNameIsHidden Boolean When set to true, this profile forces the device to connect to a network that doesn't broadcast its SSID to all devices. Inherited from androidDeviceOwnerWiFiConfiguration
wiFiSecurityType androidDeviceOwnerWiFiSecurityType Indicates whether Wi-Fi endpoint uses an EAP based security type. Inherited from androidDeviceOwnerWiFiConfiguration. Possible values are: open, wep, wpaPersonal, wpaEnterprise.
preSharedKey String This is the pre-shared key for WPA Personal Wi-Fi network. Inherited from androidDeviceOwnerWiFiConfiguration
preSharedKeyIsSet Boolean This is the pre-shared key for WPA Personal Wi-Fi network. Inherited from androidDeviceOwnerWiFiConfiguration
proxySettings wiFiProxySetting Specify the proxy setting for Wi-Fi configuration. Possible values include none, manual, and automatic. Inherited from androidDeviceOwnerWiFiConfiguration. Possible values are: none, manual, automatic.
proxyManualAddress String Specify the proxy server IP address. Android documentation does not specify IPv4 or IPv6. For example: 192.168.1.1. Inherited from androidDeviceOwnerWiFiConfiguration
proxyManualPort Int32 Specify the proxy server port. Inherited from androidDeviceOwnerWiFiConfiguration
proxyAutomaticConfigurationUrl String Specify the proxy server configuration script URL. Inherited from androidDeviceOwnerWiFiConfiguration
proxyExclusionList String List of hosts to exclude using the proxy on connections for. These hosts can use wildcards such as *.example.com. Inherited from androidDeviceOwnerWiFiConfiguration
eapType androidEapType Indicates the type of EAP protocol set on the Wi-Fi endpoint (router). Possible values are: eapTls, eapTtls, peap.
trustedServerCertificateNames String collection Trusted server certificate names when EAP Type is configured to EAP-TLS/TTLS/FAST or PEAP. This is the common name used in the certificates issued by your trusted certificate authority (CA). If you provide this information, you can bypass the dynamic trust dialog that is displayed on end users' devices when they connect to this Wi-Fi network.
authenticationMethod wiFiAuthenticationMethod Indicates the Authentication Method the client (device) needs to use when the EAP Type is configured to PEAP or EAP-TTLS. Possible values are: certificate, usernameAndPassword, derivedCredential.
innerAuthenticationProtocolForEapTtls nonEapAuthenticationMethodForEapTtlsType Non-EAP Method for Authentication (Inner Identity) when EAP Type is EAP-TTLS and Authenticationmethod is Username and Password. Possible values are: unencryptedPassword, challengeHandshakeAuthenticationProtocol, microsoftChap, microsoftChapVersionTwo.
innerAuthenticationProtocolForPeap nonEapAuthenticationMethodForPeap Non-EAP Method for Authentication (Inner Identity) when EAP Type is PEAP and Authenticationmethod is Username and Password. Possible values are: none, microsoftChapVersionTwo.
outerIdentityPrivacyTemporaryValue String Enable identity privacy (Outer Identity) when EAP Type is configured to EAP-TTLS or PEAP. The String provided here is used to mask the username of individual users when they attempt to connect to Wi-Fi network.

androidDeviceOwnerGeneralDeviceConfiguration

Property Type Description
id String Key of the entity. Inherited from deviceConfiguration
lastModifiedDateTime DateTimeOffset DateTime the object was last modified. Inherited from deviceConfiguration
roleScopeTagIds String collection List of Scope Tags for this Entity instance. Inherited from deviceConfiguration
supportsScopeTags Boolean Indicates whether or not the underlying Device Configuration supports the assignment of scope tags. Assigning to the ScopeTags property is not allowed when this value is false and entities will not be visible to scoped users. This occurs for Legacy policies created in Silverlight and can be resolved by deleting and recreating the policy in the Azure Portal. This property is read-only. Inherited from deviceConfiguration
deviceManagementApplicabilityRuleOsEdition deviceManagementApplicabilityRuleOsEdition The OS edition applicability for this Policy. Inherited from deviceConfiguration
deviceManagementApplicabilityRuleOsVersion deviceManagementApplicabilityRuleOsVersion The OS version applicability rule for this Policy. Inherited from deviceConfiguration
deviceManagementApplicabilityRuleDeviceMode deviceManagementApplicabilityRuleDeviceMode The device mode applicability rule for this Policy. Inherited from deviceConfiguration
createdDateTime DateTimeOffset DateTime the object was created. Inherited from deviceConfiguration
description String Admin provided description of the Device Configuration. Inherited from deviceConfiguration
displayName String Admin provided name of the device configuration. Inherited from deviceConfiguration
version Int32 Version of the device configuration. Inherited from deviceConfiguration
azureAdSharedDeviceDataClearApps appListItem collection A list of managed apps that will have their data cleared during a global sign-out in AAD shared device mode. This collection can contain a maximum of 500 elements.
accountsBlockModification Boolean Indicates whether or not adding or removing accounts is disabled.
appsAllowInstallFromUnknownSources Boolean Indicates whether or not the user is allowed to enable to unknown sources setting.
appsAutoUpdatePolicy androidDeviceOwnerAppAutoUpdatePolicyType Indicates the value of the app auto update policy. Possible values are: notConfigured, userChoice, never, wiFiOnly, always.
appsDefaultPermissionPolicy androidDeviceOwnerDefaultAppPermissionPolicyType Indicates the permission policy for requests for runtime permissions if one is not defined for the app specifically. Possible values are: deviceDefault, prompt, autoGrant, autoDeny.
appsRecommendSkippingFirstUseHints Boolean Whether or not to recommend all apps skip any first-time-use hints they may have added.
bluetoothBlockConfiguration Boolean Indicates whether or not to block a user from configuring bluetooth.
bluetoothBlockContactSharing Boolean Indicates whether or not to block a user from sharing contacts via bluetooth.
cameraBlocked Boolean Indicates whether or not to disable the use of the camera.
cellularBlockWiFiTethering Boolean Indicates whether or not to block Wi-Fi tethering.
certificateCredentialConfigurationDisabled Boolean Indicates whether or not to block users from any certificate credential configuration.
crossProfilePoliciesAllowCopyPaste Boolean Indicates whether or not text copied from one profile (personal or work) can be pasted in the other.
crossProfilePoliciesAllowDataSharing androidDeviceOwnerCrossProfileDataSharing Indicates whether data from one profile (personal or work) can be shared with apps in the other profile. Possible values are: notConfigured, crossProfileDataSharingBlocked, dataSharingFromWorkToPersonalBlocked, crossProfileDataSharingAllowed, unkownFutureValue.
crossProfilePoliciesShowWorkContactsInPersonalProfile Boolean Indicates whether or not contacts stored in work profile are shown in personal profile contact searches/incoming calls.
microsoftLauncherConfigurationEnabled Boolean Indicates whether or not to you want configure Microsoft Launcher.
microsoftLauncherCustomWallpaperEnabled Boolean Indicates whether or not to configure the wallpaper on the targeted devices.
microsoftLauncherCustomWallpaperImageUrl String Indicates the URL for the image file to use as the wallpaper on the targeted devices.
microsoftLauncherCustomWallpaperAllowUserModification Boolean Indicates whether or not the user can modify the wallpaper to personalize their device.
microsoftLauncherFeedEnabled Boolean Indicates whether or not you want to enable the launcher feed on the device.
microsoftLauncherFeedAllowUserModification Boolean Indicates whether or not the user can modify the launcher feed on the device.
microsoftLauncherDockPresenceConfiguration microsoftLauncherDockPresence Indicates whether or not you want to configure the device dock. Possible values are: notConfigured, show, hide, disabled.
microsoftLauncherDockPresenceAllowUserModification Boolean Indicates whether or not the user can modify the device dock configuration on the device.
microsoftLauncherSearchBarPlacementConfiguration microsoftLauncherSearchBarPlacement Indicates the search bar placement configuration on the device. Possible values are: notConfigured, top, bottom, hide.
enrollmentProfile androidDeviceOwnerEnrollmentProfileType Indicates which enrollment profile you want to configure. Possible values are: notConfigured, dedicatedDevice, fullyManaged.
dataRoamingBlocked Boolean Indicates whether or not to block a user from data roaming.
dateTimeConfigurationBlocked Boolean Indicates whether or not to block the user from manually changing the date or time on the device
detailedHelpText androidDeviceOwnerUserFacingMessage Represents the customized detailed help text provided to users when they attempt to modify managed settings on their device.
deviceOwnerLockScreenMessage androidDeviceOwnerUserFacingMessage Represents the customized lock screen message provided to users when they attempt to modify managed settings on their device.
securityCommonCriteriaModeEnabled Boolean Represents the security common criteria mode enabled provided to users when they attempt to modify managed settings on their device.
factoryResetDeviceAdministratorEmails String collection List of Google account emails that will be required to authenticate after a device is factory reset before it can be set up.
factoryResetBlocked Boolean Indicates whether or not the factory reset option in settings is disabled.
globalProxy androidDeviceOwnerGlobalProxy Proxy is set up directly with host, port and excluded hosts.
googleAccountsBlocked Boolean Indicates whether or not google accounts will be blocked.
kioskCustomizationDeviceSettingsBlocked Boolean Indicates whether a user can access the device's Settings app while in Kiosk Mode.
kioskCustomizationPowerButtonActionsBlocked Boolean Whether the power menu is shown when a user long presses the Power button of a device in Kiosk Mode.
kioskCustomizationStatusBar androidDeviceOwnerKioskCustomizationStatusBar Indicates whether system info and notifications are disabled in Kiosk Mode. Possible values are: notConfigured, notificationsAndSystemInfoEnabled, systemInfoOnly.
kioskCustomizationSystemErrorWarnings Boolean Indicates whether system error dialogs for crashed or unresponsive apps are shown in Kiosk Mode.
kioskCustomizationSystemNavigation androidDeviceOwnerKioskCustomizationSystemNavigation Indicates which navigation features are enabled in Kiosk Mode. Possible values are: notConfigured, navigationEnabled, homeButtonOnly.
kioskModeScreenSaverConfigurationEnabled Boolean Whether or not to enable screen saver mode or not in Kiosk Mode.
kioskModeScreenSaverImageUrl String URL for an image that will be the device's screen saver in Kiosk Mode.
kioskModeScreenSaverDisplayTimeInSeconds Int32 The number of seconds that the device will display the screen saver for in Kiosk Mode. Valid values 0 to 9999999
kioskModeScreenSaverStartDelayInSeconds Int32 The number of seconds the device needs to be inactive for before the screen saver is shown in Kiosk Mode. Valid values 1 to 9999999
kioskModeScreenSaverDetectMediaDisabled Boolean Whether or not the device screen should show the screen saver if audio/video is playing in Kiosk Mode.
kioskModeApps appListItem collection A list of managed apps that will be shown when the device is in Kiosk Mode. This collection can contain a maximum of 500 elements.
kioskModeWallpaperUrl String URL to a publicly accessible image to use for the wallpaper when the device is in Kiosk Mode.
kioskModeExitCode String Exit code to allow a user to escape from Kiosk Mode when the device is in Kiosk Mode.
kioskModeVirtualHomeButtonEnabled Boolean Whether or not to display a virtual home button when the device is in Kiosk Mode.
kioskModeVirtualHomeButtonType androidDeviceOwnerVirtualHomeButtonType Indicates whether the virtual home button is a swipe up home button or a floating home button. Possible values are: notConfigured, swipeUp, floating.
kioskModeBluetoothConfigurationEnabled Boolean Whether or not to allow a user to configure Bluetooth settings in Kiosk Mode.
kioskModeWiFiConfigurationEnabled Boolean Whether or not to allow a user to configure Wi-Fi settings in Kiosk Mode.
kioskModeFlashlightConfigurationEnabled Boolean Whether or not to allow a user to use the flashlight in Kiosk Mode.
kioskModeMediaVolumeConfigurationEnabled Boolean Whether or not to allow a user to change the media volume in Kiosk Mode.
kioskModeShowDeviceInfo Boolean Whether or not to allow a user to access basic device information.
kioskModeManagedSettingsEntryDisabled Boolean Whether or not to display the Managed Settings entry point on the managed home screen in Kiosk Mode.
kioskModeDebugMenuEasyAccessEnabled Boolean Whether or not to allow a user to easy access to the debug menu in Kiosk Mode.
kioskModeShowAppNotificationBadge Boolean Whether or not to display application notification badges in Kiosk Mode.
kioskModeScreenOrientation androidDeviceOwnerKioskModeScreenOrientation Screen orientation configuration for managed home screen in Kiosk Mode. Possible values are: notConfigured, portrait, landscape, autoRotate.
kioskModeIconSize androidDeviceOwnerKioskModeIconSize Icon size configuration for managed home screen in Kiosk Mode. Possible values are: notConfigured, smallest, small, regular, large, largest.
kioskModeFolderIcon androidDeviceOwnerKioskModeFolderIcon Folder icon configuration for managed home screen in Kiosk Mode. Possible values are: notConfigured, darkSquare, darkCircle, lightSquare, lightCircle.
kioskModeWifiAllowedSsids String collection The restricted set of WIFI SSIDs available for the user to configure in Kiosk Mode. This collection can contain a maximum of 500 elements.
kioskModeAppOrderEnabled Boolean Whether or not to enable app ordering in Kiosk Mode.
kioskModeAppsInFolderOrderedByName Boolean Whether or not to alphabetize applications within a folder in Kiosk Mode.
kioskModeGridHeight Int32 Number of rows for Managed Home Screen grid with app ordering enabled in Kiosk Mode. Valid values 1 to 9999999
kioskModeGridWidth Int32 Number of columns for Managed Home Screen grid with app ordering enabled in Kiosk Mode. Valid values 1 to 9999999
kioskModeLockHomeScreen Boolean Whether or not to lock home screen to the end user in Kiosk Mode.
kioskModeManagedFolders androidDeviceOwnerKioskModeManagedFolder collection A list of managed folders for a device in Kiosk Mode. This collection can contain a maximum of 500 elements.
kioskModeAppPositions androidDeviceOwnerKioskModeAppPositionItem collection The ordering of items on Kiosk Mode Managed Home Screen. This collection can contain a maximum of 500 elements.
kioskModeManagedHomeScreenAutoSignout Boolean Whether or not to automatically sign-out of MHS and Shared device mode applications after inactive for Managed Home Screen.
kioskModeManagedHomeScreenInactiveSignOutDelayInSeconds Int32 Number of seconds to give user notice before automatically signing them out for Managed Home Screen. Valid values 0 to 9999999
kioskModeManagedHomeScreenInactiveSignOutNoticeInSeconds Int32 Number of seconds device is inactive before automatically signing user out for Managed Home Screen. Valid values 0 to 9999999
kioskModeManagedHomeScreenPinComplexity kioskModeManagedHomeScreenPinComplexity Complexity of PIN for sign-in session for Managed Home Screen. Possible values are: notConfigured, simple, complex.
kioskModeManagedHomeScreenPinRequired Boolean Whether or not require user to set a PIN for sign-in session for Managed Home Screen.
kioskModeManagedHomeScreenPinRequiredToResume Boolean Whether or not required user to enter session PIN if screensaver has appeared for Managed Home Screen.
kioskModeManagedHomeScreenSignInBackground String Custom URL background for sign-in screen for Managed Home Screen.
kioskModeManagedHomeScreenSignInBrandingLogo String Custom URL branding logo for sign-in screen and session pin page for Managed Home Screen.
kioskModeManagedHomeScreenSignInEnabled Boolean Whether or not show sign-in screen for Managed Home Screen.
kioskModeUseManagedHomeScreenApp kioskModeType Whether or not to use single app kiosk mode or multi-app kiosk mode. Possible values are: notConfigured, singleAppMode, multiAppMode.
microphoneForceMute Boolean Indicates whether or not to block unmuting the microphone on the device.
networkEscapeHatchAllowed Boolean Indicates whether or not the device will allow connecting to a temporary network connection at boot time.
nfcBlockOutgoingBeam Boolean Indicates whether or not to block NFC outgoing beam.
passwordBlockKeyguard Boolean Indicates whether or not the keyguard is disabled.
passwordBlockKeyguardFeatures androidKeyguardFeature collection List of device keyguard features to block. This collection can contain a maximum of 11 elements.
passwordExpirationDays Int32 Indicates the amount of time that a password can be set for before it expires and a new password will be required. Valid values 1 to 365
passwordMinimumLength Int32 Indicates the minimum length of the password required on the device. Valid values 4 to 16
passwordMinimumLetterCharacters Int32 Indicates the minimum number of letter characters required for device password. Valid values 1 to 16
passwordMinimumLowerCaseCharacters Int32 Indicates the minimum number of lower case characters required for device password. Valid values 1 to 16
passwordMinimumNonLetterCharacters Int32 Indicates the minimum number of non-letter characters required for device password. Valid values 1 to 16
passwordMinimumNumericCharacters Int32 Indicates the minimum number of numeric characters required for device password. Valid values 1 to 16
passwordMinimumSymbolCharacters Int32 Indicates the minimum number of symbol characters required for device password. Valid values 1 to 16
passwordMinimumUpperCaseCharacters Int32 Indicates the minimum number of upper case letter characters required for device password. Valid values 1 to 16
passwordMinutesOfInactivityBeforeScreenTimeout Int32 Minutes of inactivity before the screen times out.
passwordPreviousPasswordCountToBlock Int32 Indicates the length of password history, where the user will not be able to enter a new password that is the same as any password in the history. Valid values 0 to 24
passwordRequiredType androidDeviceOwnerRequiredPasswordType Indicates the minimum password quality required on the device. Possible values are: deviceDefault, required, numeric, numericComplex, alphabetic, alphanumeric, alphanumericWithSymbols, lowSecurityBiometric, customPassword.
passwordRequireUnlock androidDeviceOwnerRequiredPasswordUnlock Indicates the timeout period after which a device must be unlocked using a form of strong authentication. Possible values are: deviceDefault, daily, unkownFutureValue.
passwordSignInFailureCountBeforeFactoryReset Int32 Indicates the number of times a user can enter an incorrect password before the device is wiped. Valid values 4 to 11
playStoreMode androidDeviceOwnerPlayStoreMode Indicates the Play Store mode of the device. Possible values are: notConfigured, allowList, blockList.
screenCaptureBlocked Boolean Indicates whether or not to disable the capability to take screenshots.
securityDeveloperSettingsEnabled Boolean Indicates whether or not the user is allowed to access developer settings like developer options and safe boot on the device.
securityRequireVerifyApps Boolean Indicates whether or not verify apps is required.
shortHelpText androidDeviceOwnerUserFacingMessage Represents the customized short help text provided to users when they attempt to modify managed settings on their device.
statusBarBlocked Boolean Indicates whether or the status bar is disabled, including notifications, quick settings and other screen overlays.
stayOnModes androidDeviceOwnerBatteryPluggedMode collection List of modes in which the device's display will stay powered-on. This collection can contain a maximum of 4 elements.
storageAllowUsb Boolean Indicates whether or not to allow USB mass storage.
storageBlockExternalMedia Boolean Indicates whether or not to block external media.
storageBlockUsbFileTransfer Boolean Indicates whether or not to block USB file transfer.
systemUpdateFreezePeriods androidDeviceOwnerSystemUpdateFreezePeriod collection Indicates the annually repeating time periods during which system updates are postponed. This collection can contain a maximum of 500 elements.
systemUpdateWindowStartMinutesAfterMidnight Int32 Indicates the number of minutes after midnight that the system update window starts. Valid values 0 to 1440
systemUpdateWindowEndMinutesAfterMidnight Int32 Indicates the number of minutes after midnight that the system update window ends. Valid values 0 to 1440
systemUpdateInstallType androidDeviceOwnerSystemUpdateInstallType The type of system update configuration. Possible values are: deviceDefault, postpone, windowed, automatic.
systemWindowsBlocked Boolean Whether or not to block Android system prompt windows, like toasts, phone activities, and system alerts.
usersBlockAdd Boolean Indicates whether or not adding users and profiles is disabled.
usersBlockRemove Boolean Indicates whether or not to disable removing other users from the device.
volumeBlockAdjustment Boolean Indicates whether or not adjusting the master volume is disabled.
vpnAlwaysOnLockdownMode Boolean If an always on VPN package name is specified, whether or not to lock network traffic when that VPN is disconnected.
vpnAlwaysOnPackageIdentifier String Android app package name for app that will handle an always-on VPN connection.
wifiBlockEditConfigurations Boolean Indicates whether or not to block the user from editing the wifi connection settings.
wifiBlockEditPolicyDefinedConfigurations Boolean Indicates whether or not to block the user from editing just the networks defined by the policy.
personalProfileAppsAllowInstallFromUnknownSources Boolean Indicates whether the user can install apps from unknown sources on the personal profile.
personalProfileCameraBlocked Boolean Indicates whether to disable the use of the camera on the personal profile.
personalProfileScreenCaptureBlocked Boolean Indicates whether to disable the capability to take screenshots on the personal profile.
personalProfilePlayStoreMode personalProfilePersonalPlayStoreMode Used together with PersonalProfilePersonalApplications to control how apps in the personal profile are allowed or blocked. Possible values are: notConfigured, blockedApps, allowedApps.
personalProfilePersonalApplications appListItem collection Policy applied to applications in the personal profile. This collection can contain a maximum of 500 elements.
workProfilePasswordExpirationDays Int32 Indicates the number of days that a work profile password can be set before it expires and a new password will be required. Valid values 1 to 365
workProfilePasswordMinimumLength Int32 Indicates the minimum length of the work profile password. Valid values 4 to 16
workProfilePasswordMinimumNumericCharacters Int32 Indicates the minimum number of numeric characters required for the work profile password. Valid values 1 to 16
workProfilePasswordMinimumNonLetterCharacters Int32 Indicates the minimum number of non-letter characters required for the work profile password. Valid values 1 to 16
workProfilePasswordMinimumLetterCharacters Int32 Indicates the minimum number of letter characters required for the work profile password. Valid values 1 to 16
workProfilePasswordMinimumLowerCaseCharacters Int32 Indicates the minimum number of lower-case characters required for the work profile password. Valid values 1 to 16
workProfilePasswordMinimumUpperCaseCharacters Int32 Indicates the minimum number of upper-case letter characters required for the work profile password. Valid values 1 to 16
workProfilePasswordMinimumSymbolCharacters Int32 Indicates the minimum number of symbol characters required for the work profile password. Valid values 1 to 16
workProfilePasswordPreviousPasswordCountToBlock Int32 Indicates the length of the work profile password history, where the user will not be able to enter a new password that is the same as any password in the history. Valid values 0 to 24
workProfilePasswordSignInFailureCountBeforeFactoryReset Int32 Indicates the number of times a user can enter an incorrect work profile password before the device is wiped. Valid values 4 to 11
workProfilePasswordRequiredType androidDeviceOwnerRequiredPasswordType Indicates the minimum password quality required on the work profile password. Possible values are: deviceDefault, required, numeric, numericComplex, alphabetic, alphanumeric, alphanumericWithSymbols, lowSecurityBiometric, customPassword.
workProfilePasswordRequireUnlock androidDeviceOwnerRequiredPasswordUnlock Indicates the timeout period after which a work profile must be unlocked using a form of strong authentication. Possible values are: deviceDefault, daily, unkownFutureValue.

androidDeviceOwnerImportedPFXCertificateProfile

Property Type Description
id String Key of the entity. Inherited from deviceConfiguration
lastModifiedDateTime DateTimeOffset DateTime the object was last modified. Inherited from deviceConfiguration
roleScopeTagIds String collection List of Scope Tags for this Entity instance. Inherited from deviceConfiguration
supportsScopeTags Boolean Indicates whether or not the underlying Device Configuration supports the assignment of scope tags. Assigning to the ScopeTags property is not allowed when this value is false and entities will not be visible to scoped users. This occurs for Legacy policies created in Silverlight and can be resolved by deleting and recreating the policy in the Azure Portal. This property is read-only. Inherited from deviceConfiguration
deviceManagementApplicabilityRuleOsEdition deviceManagementApplicabilityRuleOsEdition The OS edition applicability for this Policy. Inherited from deviceConfiguration
deviceManagementApplicabilityRuleOsVersion deviceManagementApplicabilityRuleOsVersion The OS version applicability rule for this Policy. Inherited from deviceConfiguration
deviceManagementApplicabilityRuleDeviceMode deviceManagementApplicabilityRuleDeviceMode The device mode applicability rule for this Policy. Inherited from deviceConfiguration
createdDateTime DateTimeOffset DateTime the object was created. Inherited from deviceConfiguration
description String Admin provided description of the Device Configuration. Inherited from deviceConfiguration
displayName String Admin provided name of the device configuration. Inherited from deviceConfiguration
version Int32 Version of the device configuration. Inherited from deviceConfiguration
renewalThresholdPercentage Int32 Certificate renewal threshold percentage. Valid values 1 to 99 Inherited from androidDeviceOwnerCertificateProfileBase
subjectNameFormat subjectNameFormat Certificate Subject Name Format. Inherited from androidDeviceOwnerCertificateProfileBase. Possible values are: commonName, commonNameIncludingEmail, commonNameAsEmail, custom, commonNameAsIMEI, commonNameAsSerialNumber, commonNameAsAadDeviceId, commonNameAsIntuneDeviceId, commonNameAsDurableDeviceId.
certificateValidityPeriodValue Int32 Value for the Certificate Validity Period. Inherited from androidDeviceOwnerCertificateProfileBase
certificateValidityPeriodScale certificateValidityPeriodScale Scale for the Certificate Validity Period. Inherited from androidDeviceOwnerCertificateProfileBase. Possible values are: days, months, years.
extendedKeyUsages extendedKeyUsage collection Extended Key Usage (EKU) settings. This collection can contain a maximum of 500 elements. Inherited from androidDeviceOwnerCertificateProfileBase
subjectAlternativeNameType subjectAlternativeNameType Certificate Subject Alternative Name Type. Inherited from androidDeviceOwnerCertificateProfileBase. Possible values are: none, emailAddress, userPrincipalName, customAzureADAttribute, domainNameService, universalResourceIdentifier.
intendedPurpose intendedPurpose Intended Purpose of the Certificate Profile - which could be Unassigned, SmimeEncryption, SmimeSigning etc. Possible values are: unassigned, smimeEncryption, smimeSigning, vpn, wifi.
certificateAccessType androidDeviceOwnerCertificateAccessType Certificate access type. Possible values are: userApproval, specificApps, unknownFutureValue.
silentCertificateAccessDetails androidDeviceOwnerSilentCertificateAccess collection Certificate access information. This collection can contain a maximum of 50 elements.

androidDeviceOwnerPkcsCertificateProfile

Property Type Description
id String Key of the entity. Inherited from deviceConfiguration
lastModifiedDateTime DateTimeOffset DateTime the object was last modified. Inherited from deviceConfiguration
roleScopeTagIds String collection List of Scope Tags for this Entity instance. Inherited from deviceConfiguration
supportsScopeTags Boolean Indicates whether or not the underlying Device Configuration supports the assignment of scope tags. Assigning to the ScopeTags property is not allowed when this value is false and entities will not be visible to scoped users. This occurs for Legacy policies created in Silverlight and can be resolved by deleting and recreating the policy in the Azure Portal. This property is read-only. Inherited from deviceConfiguration
deviceManagementApplicabilityRuleOsEdition deviceManagementApplicabilityRuleOsEdition The OS edition applicability for this Policy. Inherited from deviceConfiguration
deviceManagementApplicabilityRuleOsVersion deviceManagementApplicabilityRuleOsVersion The OS version applicability rule for this Policy. Inherited from deviceConfiguration
deviceManagementApplicabilityRuleDeviceMode deviceManagementApplicabilityRuleDeviceMode The device mode applicability rule for this Policy. Inherited from deviceConfiguration
createdDateTime DateTimeOffset DateTime the object was created. Inherited from deviceConfiguration
description String Admin provided description of the Device Configuration. Inherited from deviceConfiguration
displayName String Admin provided name of the device configuration. Inherited from deviceConfiguration
version Int32 Version of the device configuration. Inherited from deviceConfiguration
renewalThresholdPercentage Int32 Certificate renewal threshold percentage. Valid values 1 to 99 Inherited from androidDeviceOwnerCertificateProfileBase
subjectNameFormat subjectNameFormat Certificate Subject Name Format. Inherited from androidDeviceOwnerCertificateProfileBase. Possible values are: commonName, commonNameIncludingEmail, commonNameAsEmail, custom, commonNameAsIMEI, commonNameAsSerialNumber, commonNameAsAadDeviceId, commonNameAsIntuneDeviceId, commonNameAsDurableDeviceId.
certificateValidityPeriodValue Int32 Value for the Certificate Validity Period. Inherited from androidDeviceOwnerCertificateProfileBase
certificateValidityPeriodScale certificateValidityPeriodScale Scale for the Certificate Validity Period. Inherited from androidDeviceOwnerCertificateProfileBase. Possible values are: days, months, years.
extendedKeyUsages extendedKeyUsage collection Extended Key Usage (EKU) settings. This collection can contain a maximum of 500 elements. Inherited from androidDeviceOwnerCertificateProfileBase
subjectAlternativeNameType subjectAlternativeNameType Certificate Subject Alternative Name Type. Inherited from androidDeviceOwnerCertificateProfileBase. Possible values are: none, emailAddress, userPrincipalName, customAzureADAttribute, domainNameService, universalResourceIdentifier.
certificationAuthority String PKCS Certification Authority
certificationAuthorityName String PKCS Certification Authority Name
certificationAuthorityType deviceManagementCertificationAuthority Certification authority type. Possible values are: notConfigured, microsoft, digiCert.
certificateTemplateName String PKCS Certificate Template Name
subjectAlternativeNameFormatString String Custom String that defines the AAD Attribute.
subjectNameFormatString String Custom format to use with SubjectNameFormat = Custom. Example: CN={{EmailAddress}},E={{EmailAddress}},OU=Enterprise Users,O=Contoso Corporation,L=Redmond,ST=WA,C=US
certificateStore certificateStore Target store certificate. Possible values are: user, machine.
customSubjectAlternativeNames customSubjectAlternativeName collection Custom Subject Alternative Name Settings. This collection can contain a maximum of 500 elements.
certificateAccessType androidDeviceOwnerCertificateAccessType Certificate access type. Possible values are: userApproval, specificApps, unknownFutureValue.
silentCertificateAccessDetails androidDeviceOwnerSilentCertificateAccess collection Certificate access information. This collection can contain a maximum of 50 elements.

androidDeviceOwnerScepCertificateProfile

Property Type Description
id String Key of the entity. Inherited from deviceConfiguration
lastModifiedDateTime DateTimeOffset DateTime the object was last modified. Inherited from deviceConfiguration
roleScopeTagIds String collection List of Scope Tags for this Entity instance. Inherited from deviceConfiguration
supportsScopeTags Boolean Indicates whether or not the underlying Device Configuration supports the assignment of scope tags. Assigning to the ScopeTags property is not allowed when this value is false and entities will not be visible to scoped users. This occurs for Legacy policies created in Silverlight and can be resolved by deleting and recreating the policy in the Azure Portal. This property is read-only. Inherited from deviceConfiguration
deviceManagementApplicabilityRuleOsEdition deviceManagementApplicabilityRuleOsEdition The OS edition applicability for this Policy. Inherited from deviceConfiguration
deviceManagementApplicabilityRuleOsVersion deviceManagementApplicabilityRuleOsVersion The OS version applicability rule for this Policy. Inherited from deviceConfiguration
deviceManagementApplicabilityRuleDeviceMode deviceManagementApplicabilityRuleDeviceMode The device mode applicability rule for this Policy. Inherited from deviceConfiguration
createdDateTime DateTimeOffset DateTime the object was created. Inherited from deviceConfiguration
description String Admin provided description of the Device Configuration. Inherited from deviceConfiguration
displayName String Admin provided name of the device configuration. Inherited from deviceConfiguration
version Int32 Version of the device configuration. Inherited from deviceConfiguration
renewalThresholdPercentage Int32 Certificate renewal threshold percentage. Valid values 1 to 99 Inherited from androidDeviceOwnerCertificateProfileBase
subjectNameFormat subjectNameFormat Certificate Subject Name Format. Inherited from androidDeviceOwnerCertificateProfileBase. Possible values are: commonName, commonNameIncludingEmail, commonNameAsEmail, custom, commonNameAsIMEI, commonNameAsSerialNumber, commonNameAsAadDeviceId, commonNameAsIntuneDeviceId, commonNameAsDurableDeviceId.
certificateValidityPeriodValue Int32 Value for the Certificate Validity Period. Inherited from androidDeviceOwnerCertificateProfileBase
certificateValidityPeriodScale certificateValidityPeriodScale Scale for the Certificate Validity Period. Inherited from androidDeviceOwnerCertificateProfileBase. Possible values are: days, months, years.
extendedKeyUsages extendedKeyUsage collection Extended Key Usage (EKU) settings. This collection can contain a maximum of 500 elements. Inherited from androidDeviceOwnerCertificateProfileBase
subjectAlternativeNameType subjectAlternativeNameType Certificate Subject Alternative Name Type. Inherited from androidDeviceOwnerCertificateProfileBase. Possible values are: none, emailAddress, userPrincipalName, customAzureADAttribute, domainNameService, universalResourceIdentifier.
scepServerUrls String collection SCEP Server Url(s)
subjectNameFormatString String Custom format to use with SubjectNameFormat = Custom. Example: CN={{EmailAddress}},E={{EmailAddress}},OU=Enterprise Users,O=Contoso Corporation,L=Redmond,ST=WA,C=US
keyUsage keyUsages SCEP Key Usage. Possible values are: keyEncipherment, digitalSignature.
keySize keySize SCEP Key Size. Possible values are: size1024, size2048, size4096.
hashAlgorithm hashAlgorithms SCEP Hash Algorithm. Possible values are: sha1, sha2.
subjectAlternativeNameFormatString String Custom String that defines the AAD Attribute.
certificateStore certificateStore Target store certificate. Possible values are: user, machine.
customSubjectAlternativeNames customSubjectAlternativeName collection Custom Subject Alternative Name Settings. This collection can contain a maximum of 500 elements.
certificateAccessType androidDeviceOwnerCertificateAccessType Certificate access type. Possible values are: userApproval, specificApps, unknownFutureValue.
silentCertificateAccessDetails androidDeviceOwnerSilentCertificateAccess collection Certificate access information. This collection can contain a maximum of 50 elements.

androidDeviceOwnerTrustedRootCertificate

Property Type Description
id String Key of the entity. Inherited from deviceConfiguration
lastModifiedDateTime DateTimeOffset DateTime the object was last modified. Inherited from deviceConfiguration
roleScopeTagIds String collection List of Scope Tags for this Entity instance. Inherited from deviceConfiguration
supportsScopeTags Boolean Indicates whether or not the underlying Device Configuration supports the assignment of scope tags. Assigning to the ScopeTags property is not allowed when this value is false and entities will not be visible to scoped users. This occurs for Legacy policies created in Silverlight and can be resolved by deleting and recreating the policy in the Azure Portal. This property is read-only. Inherited from deviceConfiguration
deviceManagementApplicabilityRuleOsEdition deviceManagementApplicabilityRuleOsEdition The OS edition applicability for this Policy. Inherited from deviceConfiguration
deviceManagementApplicabilityRuleOsVersion deviceManagementApplicabilityRuleOsVersion The OS version applicability rule for this Policy. Inherited from deviceConfiguration
deviceManagementApplicabilityRuleDeviceMode deviceManagementApplicabilityRuleDeviceMode The device mode applicability rule for this Policy. Inherited from deviceConfiguration
createdDateTime DateTimeOffset DateTime the object was created. Inherited from deviceConfiguration
description String Admin provided description of the Device Configuration. Inherited from deviceConfiguration
displayName String Admin provided name of the device configuration. Inherited from deviceConfiguration
version Int32 Version of the device configuration. Inherited from deviceConfiguration
trustedRootCertificate Binary Trusted Root Certificate
certFileName String File name to display in UI.

androidDeviceOwnerVpnConfiguration

Property Type Description
id String Key of the entity. Inherited from deviceConfiguration
lastModifiedDateTime DateTimeOffset DateTime the object was last modified. Inherited from deviceConfiguration
roleScopeTagIds String collection List of Scope Tags for this Entity instance. Inherited from deviceConfiguration
supportsScopeTags Boolean Indicates whether or not the underlying Device Configuration supports the assignment of scope tags. Assigning to the ScopeTags property is not allowed when this value is false and entities will not be visible to scoped users. This occurs for Legacy policies created in Silverlight and can be resolved by deleting and recreating the policy in the Azure Portal. This property is read-only. Inherited from deviceConfiguration
deviceManagementApplicabilityRuleOsEdition deviceManagementApplicabilityRuleOsEdition The OS edition applicability for this Policy. Inherited from deviceConfiguration
deviceManagementApplicabilityRuleOsVersion deviceManagementApplicabilityRuleOsVersion The OS version applicability rule for this Policy. Inherited from deviceConfiguration
deviceManagementApplicabilityRuleDeviceMode deviceManagementApplicabilityRuleDeviceMode The device mode applicability rule for this Policy. Inherited from deviceConfiguration
createdDateTime DateTimeOffset DateTime the object was created. Inherited from deviceConfiguration
description String Admin provided description of the Device Configuration. Inherited from deviceConfiguration
displayName String Admin provided name of the device configuration. Inherited from deviceConfiguration
version Int32 Version of the device configuration. Inherited from deviceConfiguration
authenticationMethod vpnAuthenticationMethod Authentication method. Inherited from vpnConfiguration. Possible values are: certificate, usernameAndPassword, sharedSecret, derivedCredential, azureAD.
connectionName String Connection name displayed to the user. Inherited from vpnConfiguration
role String Role when connection type is set to Pulse Secure. Inherited from vpnConfiguration
realm String Realm when connection type is set to Pulse Secure. Inherited from vpnConfiguration
servers vpnServer collection List of VPN Servers on the network. Make sure end users can access these network locations. This collection can contain a maximum of 500 elements. Inherited from vpnConfiguration
connectionType androidVpnConnectionType Connection type. Possible values are: ciscoAnyConnect, pulseSecure, f5EdgeClient, dellSonicWallMobileConnect, checkPointCapsuleVpn, citrix, microsoftTunnel, netMotionMobility, microsoftProtect.
proxyServer vpnProxyServer Proxy server.
targetedPackageIds String collection Targeted App package IDs.
targetedMobileApps appListItem collection Targeted mobile apps. This collection can contain a maximum of 500 elements.
alwaysOn Boolean Whether or not to enable always-on VPN connection.
alwaysOnLockdown Boolean If always-on VPN connection is enabled, whether or not to lock network traffic when that VPN is disconnected.
microsoftTunnelSiteId String Microsoft Tunnel site ID.
customData keyValue collection Custom data to define key/value pairs specific to a VPN provider. This collection can contain a maximum of 25 elements.
customKeyValueData keyValuePair collection Custom data to define key/value pairs specific to a VPN provider. This collection can contain a maximum of 25 elements.

androidDeviceOwnerWiFiConfiguration

Property Type Description
id String Key of the entity. Inherited from deviceConfiguration
lastModifiedDateTime DateTimeOffset DateTime the object was last modified. Inherited from deviceConfiguration
roleScopeTagIds String collection List of Scope Tags for this Entity instance. Inherited from deviceConfiguration
supportsScopeTags Boolean Indicates whether or not the underlying Device Configuration supports the assignment of scope tags. Assigning to the ScopeTags property is not allowed when this value is false and entities will not be visible to scoped users. This occurs for Legacy policies created in Silverlight and can be resolved by deleting and recreating the policy in the Azure Portal. This property is read-only. Inherited from deviceConfiguration
deviceManagementApplicabilityRuleOsEdition deviceManagementApplicabilityRuleOsEdition The OS edition applicability for this Policy. Inherited from deviceConfiguration
deviceManagementApplicabilityRuleOsVersion deviceManagementApplicabilityRuleOsVersion The OS version applicability rule for this Policy. Inherited from deviceConfiguration
deviceManagementApplicabilityRuleDeviceMode deviceManagementApplicabilityRuleDeviceMode The device mode applicability rule for this Policy. Inherited from deviceConfiguration
createdDateTime DateTimeOffset DateTime the object was created. Inherited from deviceConfiguration
description String Admin provided description of the Device Configuration. Inherited from deviceConfiguration
displayName String Admin provided name of the device configuration. Inherited from deviceConfiguration
version Int32 Version of the device configuration. Inherited from deviceConfiguration
networkName String Network Name
ssid String This is the name of the Wi-Fi network that is broadcast to all devices.
connectAutomatically Boolean Connect automatically when this network is in range. Setting this to true will skip the user prompt and automatically connect the device to Wi-Fi network.
connectWhenNetworkNameIsHidden Boolean When set to true, this profile forces the device to connect to a network that doesn't broadcast its SSID to all devices.
wiFiSecurityType androidDeviceOwnerWiFiSecurityType Indicates whether Wi-Fi endpoint uses an EAP based security type. Possible values are: open, wep, wpaPersonal, wpaEnterprise.
preSharedKey String This is the pre-shared key for WPA Personal Wi-Fi network.
preSharedKeyIsSet Boolean This is the pre-shared key for WPA Personal Wi-Fi network.
proxySettings wiFiProxySetting Specify the proxy setting for Wi-Fi configuration. Possible values include none, manual, and automatic. Possible values are: none, manual, automatic.
proxyManualAddress String Specify the proxy server IP address. Android documentation does not specify IPv4 or IPv6. For example: 192.168.1.1.
proxyManualPort Int32 Specify the proxy server port.
proxyAutomaticConfigurationUrl String Specify the proxy server configuration script URL.
proxyExclusionList String List of hosts to exclude using the proxy on connections for. These hosts can use wildcards such as *.

androidEasEmailProfileConfiguration

Property Type Description
id String Key of the entity. Inherited from deviceConfiguration
lastModifiedDateTime DateTimeOffset DateTime the object was last modified. Inherited from deviceConfiguration
roleScopeTagIds String collection List of Scope Tags for this Entity instance. Inherited from deviceConfiguration
supportsScopeTags Boolean Indicates whether or not the underlying Device Configuration supports the assignment of scope tags. Assigning to the ScopeTags property is not allowed when this value is false and entities will not be visible to scoped users. This occurs for Legacy policies created in Silverlight and can be resolved by deleting and recreating the policy in the Azure Portal. This property is read-only. Inherited from deviceConfiguration
deviceManagementApplicabilityRuleOsEdition deviceManagementApplicabilityRuleOsEdition The OS edition applicability for this Policy. Inherited from deviceConfiguration
deviceManagementApplicabilityRuleOsVersion deviceManagementApplicabilityRuleOsVersion The OS version applicability rule for this Policy. Inherited from deviceConfiguration
deviceManagementApplicabilityRuleDeviceMode deviceManagementApplicabilityRuleDeviceMode The device mode applicability rule for this Policy. Inherited from deviceConfiguration
createdDateTime DateTimeOffset DateTime the object was created. Inherited from deviceConfiguration
description String Admin provided description of the Device Configuration. Inherited from deviceConfiguration
displayName String Admin provided name of the device configuration. Inherited from deviceConfiguration
version Int32 Version of the device configuration. Inherited from deviceConfiguration
accountName String Exchange ActiveSync account name, displayed to users as name of EAS (this) profile.
authenticationMethod easAuthenticationMethod Authentication method for Exchange ActiveSync. Possible values are: usernameAndPassword, certificate, derivedCredential.
syncCalendar Boolean Toggles syncing the calendar. If set to false calendar is turned off on the device.
syncContacts Boolean Toggles syncing contacts. If set to false contacts are turned off on the device.
syncTasks Boolean Toggles syncing tasks. If set to false tasks are turned off on the device.
syncNotes Boolean Toggles syncing notes. If set to false notes are turned off on the device.
durationOfEmailToSync emailSyncDuration Duration of time email should be synced to. Possible values are: userDefined, oneDay, threeDays, oneWeek, twoWeeks, oneMonth, unlimited.
emailAddressSource userEmailSource Email attribute that is picked from AAD and injected into this profile before installing on the device. Possible values are: userPrincipalName, primarySmtpAddress.
emailSyncSchedule emailSyncSchedule Email sync schedule. Possible values are: userDefined, asMessagesArrive, manual, fifteenMinutes, thirtyMinutes, sixtyMinutes, basedOnMyUsage.
hostName String Exchange location (URL) that the native mail app connects to.
requireSmime Boolean Indicates whether or not to use S/MIME certificate.
requireSsl Boolean Indicates whether or not to use SSL.
usernameSource androidUsernameSource Username attribute that is picked from AAD and injected into this profile before installing on the device. Possible values are: username, userPrincipalName, samAccountName, primarySmtpAddress.
userDomainNameSource domainNameSource UserDomainname attribute that is picked from AAD and injected into this profile before installing on the device. Possible values are: fullDomainName, netBiosDomainName.
customDomainName String Custom domain name value used while generating an email profile before installing on the device.

androidEnterpriseWiFiConfiguration

Property Type Description
id String Key of the entity. Inherited from deviceConfiguration
lastModifiedDateTime DateTimeOffset DateTime the object was last modified. Inherited from deviceConfiguration
roleScopeTagIds String collection List of Scope Tags for this Entity instance. Inherited from deviceConfiguration
supportsScopeTags Boolean Indicates whether or not the underlying Device Configuration supports the assignment of scope tags. Assigning to the ScopeTags property is not allowed when this value is false and entities will not be visible to scoped users. This occurs for Legacy policies created in Silverlight and can be resolved by deleting and recreating the policy in the Azure Portal. This property is read-only. Inherited from deviceConfiguration
deviceManagementApplicabilityRuleOsEdition deviceManagementApplicabilityRuleOsEdition The OS edition applicability for this Policy. Inherited from deviceConfiguration
deviceManagementApplicabilityRuleOsVersion deviceManagementApplicabilityRuleOsVersion The OS version applicability rule for this Policy. Inherited from deviceConfiguration
deviceManagementApplicabilityRuleDeviceMode deviceManagementApplicabilityRuleDeviceMode The device mode applicability rule for this Policy. Inherited from deviceConfiguration
createdDateTime DateTimeOffset DateTime the object was created. Inherited from deviceConfiguration
description String Admin provided description of the Device Configuration. Inherited from deviceConfiguration
displayName String Admin provided name of the device configuration. Inherited from deviceConfiguration
version Int32 Version of the device configuration. Inherited from deviceConfiguration
networkName String Network Name Inherited from androidWiFiConfiguration
ssid String This is the name of the Wi-Fi network that is broadcast to all devices. Inherited from androidWiFiConfiguration
connectAutomatically Boolean Connect automatically when this network is in range. Setting this to true will skip the user prompt and automatically connect the device to Wi-Fi network. Inherited from androidWiFiConfiguration
connectWhenNetworkNameIsHidden Boolean When set to true, this profile forces the device to connect to a network that doesn't broadcast its SSID to all devices. Inherited from androidWiFiConfiguration
wiFiSecurityType androidWiFiSecurityType Indicates whether Wi-Fi endpoint uses an EAP based security type. Inherited from androidWiFiConfiguration. Possible values are: open, wpaEnterprise, wpa2Enterprise.
eapType androidEapType Indicates the type of EAP protocol set on the Wi-Fi endpoint (router). Possible values are: eapTls, eapTtls, peap.
trustedServerCertificateNames String collection Trusted server certificate names when EAP Type is configured to EAP-TLS/TTLS/FAST or PEAP. This is the common name used in the certificates issued by your trusted certificate authority (CA). If you provide this information, you can bypass the dynamic trust dialog that is displayed on end users' devices when they connect to this Wi-Fi network.
authenticationMethod wiFiAuthenticationMethod Indicates the Authentication Method the client (device) needs to use when the EAP Type is configured to PEAP or EAP-TTLS. Possible values are: certificate, usernameAndPassword, derivedCredential.
innerAuthenticationProtocolForEapTtls nonEapAuthenticationMethodForEapTtlsType Non-EAP Method for Authentication (Inner Identity) when EAP Type is EAP-TTLS and Authenticationmethod is Username and Password. Possible values are: unencryptedPassword, challengeHandshakeAuthenticationProtocol, microsoftChap, microsoftChapVersionTwo.
innerAuthenticationProtocolForPeap nonEapAuthenticationMethodForPeap Non-EAP Method for Authentication (Inner Identity) when EAP Type is PEAP and Authenticationmethod is Username and Password. Possible values are: none, microsoftChapVersionTwo.
outerIdentityPrivacyTemporaryValue String Enable identity privacy (Outer Identity) when EAP Type is configured to EAP-TTLS or PEAP. The String provided here is used to mask the username of individual users when they attempt to connect to Wi-Fi network.
usernameFormatString String Username format string used to build the username to connect to wifi
passwordFormatString String Password format string used to build the password to connect to wifi
preSharedKey String PreSharedKey used to build the password to connect to wifi

androidForWorkCertificateProfileBase

Property Type Description
id String Key of the entity. Inherited from deviceConfiguration
lastModifiedDateTime DateTimeOffset DateTime the object was last modified. Inherited from deviceConfiguration
roleScopeTagIds String collection List of Scope Tags for this Entity instance. Inherited from deviceConfiguration
supportsScopeTags Boolean Indicates whether or not the underlying Device Configuration supports the assignment of scope tags. Assigning to the ScopeTags property is not allowed when this value is false and entities will not be visible to scoped users. This occurs for Legacy policies created in Silverlight and can be resolved by deleting and recreating the policy in the Azure Portal. This property is read-only. Inherited from deviceConfiguration
deviceManagementApplicabilityRuleOsEdition deviceManagementApplicabilityRuleOsEdition The OS edition applicability for this Policy. Inherited from deviceConfiguration
deviceManagementApplicabilityRuleOsVersion deviceManagementApplicabilityRuleOsVersion The OS version applicability rule for this Policy. Inherited from deviceConfiguration
deviceManagementApplicabilityRuleDeviceMode deviceManagementApplicabilityRuleDeviceMode The device mode applicability rule for this Policy. Inherited from deviceConfiguration
createdDateTime DateTimeOffset DateTime the object was created. Inherited from deviceConfiguration
description String Admin provided description of the Device Configuration. Inherited from deviceConfiguration
displayName String Admin provided name of the device configuration. Inherited from deviceConfiguration
version Int32 Version of the device configuration. Inherited from deviceConfiguration
renewalThresholdPercentage Int32 Certificate renewal threshold percentage. Valid values 1 to 99
subjectNameFormat subjectNameFormat Certificate Subject Name Format. Possible values are: commonName, commonNameIncludingEmail, commonNameAsEmail, custom, commonNameAsIMEI, commonNameAsSerialNumber, commonNameAsAadDeviceId, commonNameAsIntuneDeviceId, commonNameAsDurableDeviceId.
certificateValidityPeriodValue Int32 Value for the Certificate Validity Period.
certificateValidityPeriodScale certificateValidityPeriodScale Scale for the Certificate Validity Period. Possible values are: days, months, years.
extendedKeyUsages extendedKeyUsage collection Extended Key Usage (EKU) settings. This collection can contain a maximum of 500 elements.
subjectAlternativeNameType subjectAlternativeNameType Certificate Subject Alternative Name Type. Possible values are: none, emailAddress, userPrincipalName, customAzureADAttribute, domainNameService, universalResourceIdentifier.

androidForWorkCompliancePolicy

Property Type Description
roleScopeTagIds String collection List of Scope Tags for this Entity instance. Inherited from deviceCompliancePolicy
id String Key of the entity. Inherited from deviceCompliancePolicy
createdDateTime DateTimeOffset DateTime the object was created. Inherited from deviceCompliancePolicy
description String Admin provided description of the Device Configuration. Inherited from deviceCompliancePolicy
lastModifiedDateTime DateTimeOffset DateTime the object was last modified. Inherited from deviceCompliancePolicy
displayName String Admin provided name of the device configuration. Inherited from deviceCompliancePolicy
version Int32 Version of the device configuration. Inherited from deviceCompliancePolicy
passwordRequired Boolean Require a password to unlock device.
passwordMinimumLength Int32 Minimum password length. Valid values 4 to 16
passwordRequiredType androidRequiredPasswordType Type of characters in password. Possible values are: deviceDefault, alphabetic, alphanumeric, alphanumericWithSymbols, lowSecurityBiometric, numeric, numericComplex, any.
requiredPasswordComplexity androidRequiredPasswordComplexity Indicates the required device password complexity on Android. One of: NONE, LOW, MEDIUM, HIGH. This is a new API targeted to Android API 12+. Possible values are: none, low, medium, high.
passwordMinutesOfInactivityBeforeLock Int32 Minutes of inactivity before a password is required.
passwordExpirationDays Int32 Number of days before the password expires. Valid values 1 to 365
passwordPreviousPasswordBlockCount Int32 Number of previous passwords to block. Valid values 1 to 24
passwordSignInFailureCountBeforeFactoryReset Int32 Number of sign-in failures allowed before factory reset. Valid values 1 to 16
securityPreventInstallAppsFromUnknownSources Boolean Require that devices disallow installation of apps from unknown sources.
securityDisableUsbDebugging Boolean Disable USB debugging on Android devices.
securityRequireVerifyApps Boolean Require the Android Verify apps feature is turned on.
deviceThreatProtectionEnabled Boolean Require that devices have enabled device threat protection.
deviceThreatProtectionRequiredSecurityLevel deviceThreatProtectionLevel Require Mobile Threat Protection minimum risk level to report noncompliance. Possible values are: unavailable, secured, low, medium, high, notSet.
securityBlockJailbrokenDevices Boolean Devices must not be jailbroken or rooted.
osMinimumVersion String Minimum Android version.
osMaximumVersion String Maximum Android version.
minAndroidSecurityPatchLevel String Minimum Android security patch level.
storageRequireEncryption Boolean Require encryption on Android devices.
securityRequireSafetyNetAttestationBasicIntegrity Boolean Require the device to pass the SafetyNet basic integrity check.
securityRequireSafetyNetAttestationCertifiedDevice Boolean Require the device to pass the SafetyNet certified device check.
securityRequireGooglePlayServices Boolean Require Google Play Services to be installed and enabled on the device.
securityRequireUpToDateSecurityProviders Boolean Require the device to have up to date security providers. The device will require Google Play Services to be enabled and up to date.
securityRequireCompanyPortalAppIntegrity Boolean Require the device to pass the Company Portal client app runtime integrity check.
securityRequiredAndroidSafetyNetEvaluationType androidSafetyNetEvaluationType Require a specific SafetyNet evaluation type for compliance. Possible values are: basic, hardwareBacked.

androidForWorkCustomConfiguration

Property Type Description
id String Key of the entity. Inherited from deviceConfiguration
lastModifiedDateTime DateTimeOffset DateTime the object was last modified. Inherited from deviceConfiguration
roleScopeTagIds String collection List of Scope Tags for this Entity instance. Inherited from deviceConfiguration
supportsScopeTags Boolean Indicates whether or not the underlying Device Configuration supports the assignment of scope tags. Assigning to the ScopeTags property is not allowed when this value is false and entities will not be visible to scoped users. This occurs for Legacy policies created in Silverlight and can be resolved by deleting and recreating the policy in the Azure Portal. This property is read-only. Inherited from deviceConfiguration
deviceManagementApplicabilityRuleOsEdition deviceManagementApplicabilityRuleOsEdition The OS edition applicability for this Policy. Inherited from deviceConfiguration
deviceManagementApplicabilityRuleOsVersion deviceManagementApplicabilityRuleOsVersion The OS version applicability rule for this Policy. Inherited from deviceConfiguration
deviceManagementApplicabilityRuleDeviceMode deviceManagementApplicabilityRuleDeviceMode The device mode applicability rule for this Policy. Inherited from deviceConfiguration
createdDateTime DateTimeOffset DateTime the object was created. Inherited from deviceConfiguration
description String Admin provided description of the Device Configuration. Inherited from deviceConfiguration
displayName String Admin provided name of the device configuration. Inherited from deviceConfiguration
version Int32 Version of the device configuration. Inherited from deviceConfiguration
omaSettings omaSetting collection OMA settings. This collection can contain a maximum of 500 elements.

androidForWorkEasEmailProfileBase

Property Type Description
id String Key of the entity. Inherited from deviceConfiguration
lastModifiedDateTime DateTimeOffset DateTime the object was last modified. Inherited from deviceConfiguration
roleScopeTagIds String collection List of Scope Tags for this Entity instance. Inherited from deviceConfiguration
supportsScopeTags Boolean Indicates whether or not the underlying Device Configuration supports the assignment of scope tags. Assigning to the ScopeTags property is not allowed when this value is false and entities will not be visible to scoped users. This occurs for Legacy policies created in Silverlight and can be resolved by deleting and recreating the policy in the Azure Portal. This property is read-only. Inherited from deviceConfiguration
deviceManagementApplicabilityRuleOsEdition deviceManagementApplicabilityRuleOsEdition The OS edition applicability for this Policy. Inherited from deviceConfiguration
deviceManagementApplicabilityRuleOsVersion deviceManagementApplicabilityRuleOsVersion The OS version applicability rule for this Policy. Inherited from deviceConfiguration
deviceManagementApplicabilityRuleDeviceMode deviceManagementApplicabilityRuleDeviceMode The device mode applicability rule for this Policy. Inherited from deviceConfiguration
createdDateTime DateTimeOffset DateTime the object was created. Inherited from deviceConfiguration
description String Admin provided description of the Device Configuration. Inherited from deviceConfiguration
displayName String Admin provided name of the device configuration. Inherited from deviceConfiguration
version Int32 Version of the device configuration. Inherited from deviceConfiguration
authenticationMethod easAuthenticationMethod Authentication method for Exchange ActiveSync. Possible values are: usernameAndPassword, certificate, derivedCredential.
durationOfEmailToSync emailSyncDuration Duration of time email should be synced to. Possible values are: userDefined, oneDay, threeDays, oneWeek, twoWeeks, oneMonth, unlimited.
emailAddressSource userEmailSource Email attribute that is picked from AAD and injected into this profile before installing on the device. Possible values are: userPrincipalName, primarySmtpAddress.
hostName String Exchange location (URL) that the mail app connects to.
requireSsl Boolean Indicates whether or not to use SSL.
usernameSource androidUsernameSource Username attribute that is picked from AAD and injected into this profile before installing on the device. Possible values are: username, userPrincipalName, samAccountName, primarySmtpAddress.

androidForWorkEnterpriseWiFiConfiguration

Property Type Description
id String Key of the entity. Inherited from deviceConfiguration
lastModifiedDateTime DateTimeOffset DateTime the object was last modified. Inherited from deviceConfiguration
roleScopeTagIds String collection List of Scope Tags for this Entity instance. Inherited from deviceConfiguration
supportsScopeTags Boolean Indicates whether or not the underlying Device Configuration supports the assignment of scope tags. Assigning to the ScopeTags property is not allowed when this value is false and entities will not be visible to scoped users. This occurs for Legacy policies created in Silverlight and can be resolved by deleting and recreating the policy in the Azure Portal. This property is read-only. Inherited from deviceConfiguration
deviceManagementApplicabilityRuleOsEdition deviceManagementApplicabilityRuleOsEdition The OS edition applicability for this Policy. Inherited from deviceConfiguration
deviceManagementApplicabilityRuleOsVersion deviceManagementApplicabilityRuleOsVersion The OS version applicability rule for this Policy. Inherited from deviceConfiguration
deviceManagementApplicabilityRuleDeviceMode deviceManagementApplicabilityRuleDeviceMode The device mode applicability rule for this Policy. Inherited from deviceConfiguration
createdDateTime DateTimeOffset DateTime the object was created. Inherited from deviceConfiguration
description String Admin provided description of the Device Configuration. Inherited from deviceConfiguration
displayName String Admin provided name of the device configuration. Inherited from deviceConfiguration
version Int32 Version of the device configuration. Inherited from deviceConfiguration
networkName String Network Name Inherited from androidForWorkWiFiConfiguration
ssid String This is the name of the Wi-Fi network that is broadcast to all devices. Inherited from androidForWorkWiFiConfiguration
connectAutomatically Boolean Connect automatically when this network is in range. Setting this to true will skip the user prompt and automatically connect the device to Wi-Fi network. Inherited from androidForWorkWiFiConfiguration
connectWhenNetworkNameIsHidden Boolean When set to true, this profile forces the device to connect to a network that doesn't broadcast its SSID to all devices. Inherited from androidForWorkWiFiConfiguration
wiFiSecurityType androidWiFiSecurityType Indicates whether Wi-Fi endpoint uses an EAP based security type. Inherited from androidForWorkWiFiConfiguration. Possible values are: open, wpaEnterprise, wpa2Enterprise.
eapType androidEapType Indicates the type of EAP protocol set on the Wi-Fi endpoint (router). Possible values are: eapTls, eapTtls, peap.
trustedServerCertificateNames String collection Trusted server certificate names when EAP Type is configured to EAP-TLS/TTLS/FAST or PEAP. This is the common name used in the certificates issued by your trusted certificate authority (CA). If you provide this information, you can bypass the dynamic trust dialog that is displayed on end users' devices when they connect to this Wi-Fi network.
authenticationMethod wiFiAuthenticationMethod Indicates the Authentication Method the client (device) needs to use when the EAP Type is configured to PEAP or EAP-TTLS. Possible values are: certificate, usernameAndPassword, derivedCredential.
innerAuthenticationProtocolForEapTtls nonEapAuthenticationMethodForEapTtlsType Non-EAP Method for Authentication (Inner Identity) when EAP Type is EAP-TTLS and Authenticationmethod is Username and Password. Possible values are: unencryptedPassword, challengeHandshakeAuthenticationProtocol, microsoftChap, microsoftChapVersionTwo.
innerAuthenticationProtocolForPeap nonEapAuthenticationMethodForPeap Non-EAP Method for Authentication (Inner Identity) when EAP Type is PEAP and Authenticationmethod is Username and Password. Possible values are: none, microsoftChapVersionTwo.
outerIdentityPrivacyTemporaryValue String Enable identity privacy (Outer Identity) when EAP Type is configured to EAP-TTLS or PEAP. The String provided here is used to mask the username of individual users when they attempt to connect to Wi-Fi network.

androidForWorkGeneralDeviceConfiguration

Property Type Description
id String Key of the entity. Inherited from deviceConfiguration
lastModifiedDateTime DateTimeOffset DateTime the object was last modified. Inherited from deviceConfiguration
roleScopeTagIds String collection List of Scope Tags for this Entity instance. Inherited from deviceConfiguration
supportsScopeTags Boolean Indicates whether or not the underlying Device Configuration supports the assignment of scope tags. Assigning to the ScopeTags property is not allowed when this value is false and entities will not be visible to scoped users. This occurs for Legacy policies created in Silverlight and can be resolved by deleting and recreating the policy in the Azure Portal. This property is read-only. Inherited from deviceConfiguration
deviceManagementApplicabilityRuleOsEdition deviceManagementApplicabilityRuleOsEdition The OS edition applicability for this Policy. Inherited from deviceConfiguration
deviceManagementApplicabilityRuleOsVersion deviceManagementApplicabilityRuleOsVersion The OS version applicability rule for this Policy. Inherited from deviceConfiguration
deviceManagementApplicabilityRuleDeviceMode deviceManagementApplicabilityRuleDeviceMode The device mode applicability rule for this Policy. Inherited from deviceConfiguration
createdDateTime DateTimeOffset DateTime the object was created. Inherited from deviceConfiguration
description String Admin provided description of the Device Configuration. Inherited from deviceConfiguration
displayName String Admin provided name of the device configuration. Inherited from deviceConfiguration
version Int32 Version of the device configuration. Inherited from deviceConfiguration
passwordBlockFaceUnlock Boolean Indicates whether or not to block face unlock.
passwordBlockFingerprintUnlock Boolean Indicates whether or not to block fingerprint unlock.
passwordBlockIrisUnlock Boolean Indicates whether or not to block iris unlock.
passwordBlockTrustAgents Boolean Indicates whether or not to block Smart Lock and other trust agents.
passwordExpirationDays Int32 Number of days before the password expires. Valid values 1 to 365
passwordMinimumLength Int32 Minimum length of passwords. Valid values 4 to 16
passwordMinutesOfInactivityBeforeScreenTimeout Int32 Minutes of inactivity before the screen times out.
passwordPreviousPasswordBlockCount Int32 Number of previous passwords to block. Valid values 0 to 24
passwordSignInFailureCountBeforeFactoryReset Int32 Number of sign in failures allowed before factory reset. Valid values 1 to 16
passwordRequiredType androidForWorkRequiredPasswordType Type of password that is required. Possible values are: deviceDefault, lowSecurityBiometric, required, atLeastNumeric, numericComplex, atLeastAlphabetic, atLeastAlphanumeric, alphanumericWithSymbols.
requiredPasswordComplexity androidRequiredPasswordComplexity Indicates the required device password complexity on Android. One of: NONE, LOW, MEDIUM, HIGH. This is a new API targeted to Android 12+. Possible values are: none, low, medium, high.
workProfileDataSharingType androidForWorkCrossProfileDataSharingType Type of data sharing that is allowed. Possible values are: deviceDefault, preventAny, allowPersonalToWork, noRestrictions.
workProfileBlockNotificationsWhileDeviceLocked Boolean Indicates whether or not to block notifications while device locked.
workProfileBlockAddingAccounts Boolean Block users from adding/removing accounts in work profile.
workProfileBluetoothEnableContactSharing Boolean Allow bluetooth devices to access enterprise contacts.
workProfileBlockScreenCapture Boolean Block screen capture in work profile.
workProfileBlockCrossProfileCallerId Boolean Block display work profile caller ID in personal profile.
workProfileBlockCamera Boolean Block work profile camera.
workProfileBlockCrossProfileContactsSearch Boolean Block work profile contacts availability in personal profile.
workProfileBlockCrossProfileCopyPaste Boolean Boolean that indicates if the setting disallow cross profile copy/paste is enabled.
workProfileDefaultAppPermissionPolicy androidForWorkDefaultAppPermissionPolicyType Type of password that is required. Possible values are: deviceDefault, prompt, autoGrant, autoDeny.
workProfilePasswordBlockFaceUnlock Boolean Indicates whether or not to block face unlock for work profile.
workProfilePasswordBlockFingerprintUnlock Boolean Indicates whether or not to block fingerprint unlock for work profile.
workProfilePasswordBlockIrisUnlock Boolean Indicates whether or not to block iris unlock for work profile.
workProfilePasswordBlockTrustAgents Boolean Indicates whether or not to block Smart Lock and other trust agents for work profile.
workProfilePasswordExpirationDays Int32 Number of days before the work profile password expires. Valid values 1 to 365
workProfilePasswordMinimumLength Int32 Minimum length of work profile password. Valid values 4 to 16
workProfilePasswordMinNumericCharacters Int32 Minimum # of numeric characters required in work profile password. Valid values 1 to 10
workProfilePasswordMinNonLetterCharacters Int32 Minimum # of non-letter characters required in work profile password. Valid values 1 to 10
workProfilePasswordMinLetterCharacters Int32 Minimum # of letter characters required in work profile password. Valid values 1 to 10
workProfilePasswordMinLowerCaseCharacters Int32 Minimum # of lower-case characters required in work profile password. Valid values 1 to 10
workProfilePasswordMinUpperCaseCharacters Int32 Minimum # of upper-case characters required in work profile password. Valid values 1 to 10
workProfilePasswordMinSymbolCharacters Int32 Minimum # of symbols required in work profile password. Valid values 1 to 10
workProfilePasswordMinutesOfInactivityBeforeScreenTimeout Int32 Minutes of inactivity before the screen times out.
workProfilePasswordPreviousPasswordBlockCount Int32 Number of previous work profile passwords to block. Valid values 0 to 24
workProfilePasswordSignInFailureCountBeforeFactoryReset Int32 Number of sign in failures allowed before work profile is removed and all corporate data deleted. Valid values 1 to 16
workProfilePasswordRequiredType androidForWorkRequiredPasswordType Type of work profile password that is required. Possible values are: deviceDefault, lowSecurityBiometric, required, atLeastNumeric, numericComplex, atLeastAlphabetic, atLeastAlphanumeric, alphanumericWithSymbols.
workProfileRequiredPasswordComplexity androidRequiredPasswordComplexity Indicates the required work profile password complexity on Android. One of: NONE, LOW, MEDIUM, HIGH. This is a new API targeted to Android 12+. Possible values are: none, low, medium, high.
workProfileRequirePassword Boolean Password is required or not for work profile
securityRequireVerifyApps Boolean Require the Android Verify apps feature is turned on.
vpnAlwaysOnPackageIdentifier String Enable lockdown mode for always-on VPN.
vpnEnableAlwaysOnLockdownMode Boolean Enable lockdown mode for always-on VPN.
workProfileAllowWidgets Boolean Allow widgets from work profile apps.
workProfileBlockPersonalAppInstallsFromUnknownSources Boolean Prevent app installations from unknown sources in the personal profile.

androidForWorkGmailEasConfiguration

Property Type Description
id String Key of the entity. Inherited from deviceConfiguration
lastModifiedDateTime DateTimeOffset DateTime the object was last modified. Inherited from deviceConfiguration
roleScopeTagIds String collection List of Scope Tags for this Entity instance. Inherited from deviceConfiguration
supportsScopeTags Boolean Indicates whether or not the underlying Device Configuration supports the assignment of scope tags. Assigning to the ScopeTags property is not allowed when this value is false and entities will not be visible to scoped users. This occurs for Legacy policies created in Silverlight and can be resolved by deleting and recreating the policy in the Azure Portal. This property is read-only. Inherited from deviceConfiguration
deviceManagementApplicabilityRuleOsEdition deviceManagementApplicabilityRuleOsEdition The OS edition applicability for this Policy. Inherited from deviceConfiguration
deviceManagementApplicabilityRuleOsVersion deviceManagementApplicabilityRuleOsVersion The OS version applicability rule for this Policy. Inherited from deviceConfiguration
deviceManagementApplicabilityRuleDeviceMode deviceManagementApplicabilityRuleDeviceMode The device mode applicability rule for this Policy. Inherited from deviceConfiguration
createdDateTime DateTimeOffset DateTime the object was created. Inherited from deviceConfiguration
description String Admin provided description of the Device Configuration. Inherited from deviceConfiguration
displayName String Admin provided name of the device configuration. Inherited from deviceConfiguration
version Int32 Version of the device configuration. Inherited from deviceConfiguration
authenticationMethod easAuthenticationMethod Authentication method for Exchange ActiveSync. Inherited from androidForWorkEasEmailProfileBase. Possible values are: usernameAndPassword, certificate, derivedCredential.
durationOfEmailToSync emailSyncDuration Duration of time email should be synced to. Inherited from androidForWorkEasEmailProfileBase. Possible values are: userDefined, oneDay, threeDays, oneWeek, twoWeeks, oneMonth, unlimited.
emailAddressSource userEmailSource Email attribute that is picked from AAD and injected into this profile before installing on the device. Inherited from androidForWorkEasEmailProfileBase. Possible values are: userPrincipalName, primarySmtpAddress.
hostName String Exchange location (URL) that the mail app connects to. Inherited from androidForWorkEasEmailProfileBase
requireSsl Boolean Indicates whether or not to use SSL. Inherited from androidForWorkEasEmailProfileBase
usernameSource androidUsernameSource Username attribute that is picked from AAD and injected into this profile before installing on the device. Inherited from androidForWorkEasEmailProfileBase. Possible values are: username, userPrincipalName, samAccountName, primarySmtpAddress.

androidForWorkImportedPFXCertificateProfile

Property Type Description
id String Key of the entity. Inherited from deviceConfiguration
lastModifiedDateTime DateTimeOffset DateTime the object was last modified. Inherited from deviceConfiguration
roleScopeTagIds String collection List of Scope Tags for this Entity instance. Inherited from deviceConfiguration
supportsScopeTags Boolean Indicates whether or not the underlying Device Configuration supports the assignment of scope tags. Assigning to the ScopeTags property is not allowed when this value is false and entities will not be visible to scoped users. This occurs for Legacy policies created in Silverlight and can be resolved by deleting and recreating the policy in the Azure Portal. This property is read-only. Inherited from deviceConfiguration
deviceManagementApplicabilityRuleOsEdition deviceManagementApplicabilityRuleOsEdition The OS edition applicability for this Policy. Inherited from deviceConfiguration
deviceManagementApplicabilityRuleOsVersion deviceManagementApplicabilityRuleOsVersion The OS version applicability rule for this Policy. Inherited from deviceConfiguration
deviceManagementApplicabilityRuleDeviceMode deviceManagementApplicabilityRuleDeviceMode The device mode applicability rule for this Policy. Inherited from deviceConfiguration
createdDateTime DateTimeOffset DateTime the object was created. Inherited from deviceConfiguration
description String Admin provided description of the Device Configuration. Inherited from deviceConfiguration
displayName String Admin provided name of the device configuration. Inherited from deviceConfiguration
version Int32 Version of the device configuration. Inherited from deviceConfiguration
renewalThresholdPercentage Int32 Certificate renewal threshold percentage. Valid values 1 to 99 Inherited from androidCertificateProfileBase
subjectNameFormat subjectNameFormat Certificate Subject Name Format. Inherited from androidCertificateProfileBase. Possible values are: commonName, commonNameIncludingEmail, commonNameAsEmail, custom, commonNameAsIMEI, commonNameAsSerialNumber, commonNameAsAadDeviceId, commonNameAsIntuneDeviceId, commonNameAsDurableDeviceId.
subjectAlternativeNameType subjectAlternativeNameType Certificate Subject Alternative Name Type. Inherited from androidCertificateProfileBase. Possible values are: none, emailAddress, userPrincipalName, customAzureADAttribute, domainNameService, universalResourceIdentifier.
certificateValidityPeriodValue Int32 Value for the Certificate Validity Period. Inherited from androidCertificateProfileBase
certificateValidityPeriodScale certificateValidityPeriodScale Scale for the Certificate Validity Period. Inherited from androidCertificateProfileBase. Possible values are: days, months, years.
extendedKeyUsages extendedKeyUsage collection Extended Key Usage (EKU) settings. This collection can contain a maximum of 500 elements. Inherited from androidCertificateProfileBase
intendedPurpose intendedPurpose Intended Purpose of the Certificate Profile - which could be Unassigned, SmimeEncryption, SmimeSigning etc. Possible values are: unassigned, smimeEncryption, smimeSigning, vpn, wifi.

androidForWorkNineWorkEasConfiguration

Property Type Description
id String Key of the entity. Inherited from deviceConfiguration
lastModifiedDateTime DateTimeOffset DateTime the object was last modified. Inherited from deviceConfiguration
roleScopeTagIds String collection List of Scope Tags for this Entity instance. Inherited from deviceConfiguration
supportsScopeTags Boolean Indicates whether or not the underlying Device Configuration supports the assignment of scope tags. Assigning to the ScopeTags property is not allowed when this value is false and entities will not be visible to scoped users. This occurs for Legacy policies created in Silverlight and can be resolved by deleting and recreating the policy in the Azure Portal. This property is read-only. Inherited from deviceConfiguration
deviceManagementApplicabilityRuleOsEdition deviceManagementApplicabilityRuleOsEdition The OS edition applicability for this Policy. Inherited from deviceConfiguration
deviceManagementApplicabilityRuleOsVersion deviceManagementApplicabilityRuleOsVersion The OS version applicability rule for this Policy. Inherited from deviceConfiguration
deviceManagementApplicabilityRuleDeviceMode deviceManagementApplicabilityRuleDeviceMode The device mode applicability rule for this Policy. Inherited from deviceConfiguration
createdDateTime DateTimeOffset DateTime the object was created. Inherited from deviceConfiguration
description String Admin provided description of the Device Configuration. Inherited from deviceConfiguration
displayName String Admin provided name of the device configuration. Inherited from deviceConfiguration
version Int32 Version of the device configuration. Inherited from deviceConfiguration
authenticationMethod easAuthenticationMethod Authentication method for Exchange ActiveSync. Inherited from androidForWorkEasEmailProfileBase. Possible values are: usernameAndPassword, certificate, derivedCredential.
durationOfEmailToSync emailSyncDuration Duration of time email should be synced to. Inherited from androidForWorkEasEmailProfileBase. Possible values are: userDefined, oneDay, threeDays, oneWeek, twoWeeks, oneMonth, unlimited.
emailAddressSource userEmailSource Email attribute that is picked from AAD and injected into this profile before installing on the device. Inherited from androidForWorkEasEmailProfileBase. Possible values are: userPrincipalName, primarySmtpAddress.
hostName String Exchange location (URL) that the mail app connects to. Inherited from androidForWorkEasEmailProfileBase
requireSsl Boolean Indicates whether or not to use SSL. Inherited from androidForWorkEasEmailProfileBase
usernameSource androidUsernameSource Username attribute that is picked from AAD and injected into this profile before installing on the device. Inherited from androidForWorkEasEmailProfileBase. Possible values are: username, userPrincipalName, samAccountName, primarySmtpAddress.
syncCalendar Boolean Toggles syncing the calendar. If set to false the calendar is turned off on the device.
syncContacts Boolean Toggles syncing contacts. If set to false contacts are turned off on the device.
syncTasks Boolean Toggles syncing tasks. If set to false tasks are turned off on the device.

androidForWorkPkcsCertificateProfile

Property Type Description
id String Key of the entity. Inherited from deviceConfiguration
lastModifiedDateTime DateTimeOffset DateTime the object was last modified. Inherited from deviceConfiguration
roleScopeTagIds String collection List of Scope Tags for this Entity instance. Inherited from deviceConfiguration
supportsScopeTags Boolean Indicates whether or not the underlying Device Configuration supports the assignment of scope tags. Assigning to the ScopeTags property is not allowed when this value is false and entities will not be visible to scoped users. This occurs for Legacy policies created in Silverlight and can be resolved by deleting and recreating the policy in the Azure Portal. This property is read-only. Inherited from deviceConfiguration
deviceManagementApplicabilityRuleOsEdition deviceManagementApplicabilityRuleOsEdition The OS edition applicability for this Policy. Inherited from deviceConfiguration
deviceManagementApplicabilityRuleOsVersion deviceManagementApplicabilityRuleOsVersion The OS version applicability rule for this Policy. Inherited from deviceConfiguration
deviceManagementApplicabilityRuleDeviceMode deviceManagementApplicabilityRuleDeviceMode The device mode applicability rule for this Policy. Inherited from deviceConfiguration
createdDateTime DateTimeOffset DateTime the object was created. Inherited from deviceConfiguration
description String Admin provided description of the Device Configuration. Inherited from deviceConfiguration
displayName String Admin provided name of the device configuration. Inherited from deviceConfiguration
version Int32 Version of the device configuration. Inherited from deviceConfiguration
renewalThresholdPercentage Int32 Certificate renewal threshold percentage. Valid values 1 to 99 Inherited from androidForWorkCertificateProfileBase
subjectNameFormat subjectNameFormat Certificate Subject Name Format. Inherited from androidForWorkCertificateProfileBase. Possible values are: commonName, commonNameIncludingEmail, commonNameAsEmail, custom, commonNameAsIMEI, commonNameAsSerialNumber, commonNameAsAadDeviceId, commonNameAsIntuneDeviceId, commonNameAsDurableDeviceId.
certificateValidityPeriodValue Int32 Value for the Certificate Validity Period. Inherited from androidForWorkCertificateProfileBase
certificateValidityPeriodScale certificateValidityPeriodScale Scale for the Certificate Validity Period. Inherited from androidForWorkCertificateProfileBase. Possible values are: days, months, years.
extendedKeyUsages extendedKeyUsage collection Extended Key Usage (EKU) settings. This collection can contain a maximum of 500 elements. Inherited from androidForWorkCertificateProfileBase
subjectAlternativeNameType subjectAlternativeNameType Certificate Subject Alternative Name Type. Inherited from androidForWorkCertificateProfileBase. Possible values are: none, emailAddress, userPrincipalName, customAzureADAttribute, domainNameService, universalResourceIdentifier.
certificationAuthority String PKCS Certification Authority
certificationAuthorityName String PKCS Certification Authority Name
certificateTemplateName String PKCS Certificate Template Name
subjectAlternativeNameFormatString String Custom String that defines the AAD Attribute.

androidForWorkScepCertificateProfile

Property Type Description
id String Key of the entity. Inherited from deviceConfiguration
lastModifiedDateTime DateTimeOffset DateTime the object was last modified. Inherited from deviceConfiguration
roleScopeTagIds String collection List of Scope Tags for this Entity instance. Inherited from deviceConfiguration
supportsScopeTags Boolean Indicates whether or not the underlying Device Configuration supports the assignment of scope tags. Assigning to the ScopeTags property is not allowed when this value is false and entities will not be visible to scoped users. This occurs for Legacy policies created in Silverlight and can be resolved by deleting and recreating the policy in the Azure Portal. This property is read-only. Inherited from deviceConfiguration
deviceManagementApplicabilityRuleOsEdition deviceManagementApplicabilityRuleOsEdition The OS edition applicability for this Policy. Inherited from deviceConfiguration
deviceManagementApplicabilityRuleOsVersion deviceManagementApplicabilityRuleOsVersion The OS version applicability rule for this Policy. Inherited from deviceConfiguration
deviceManagementApplicabilityRuleDeviceMode deviceManagementApplicabilityRuleDeviceMode The device mode applicability rule for this Policy. Inherited from deviceConfiguration
createdDateTime DateTimeOffset DateTime the object was created. Inherited from deviceConfiguration
description String Admin provided description of the Device Configuration. Inherited from deviceConfiguration
displayName String Admin provided name of the device configuration. Inherited from deviceConfiguration
version Int32 Version of the device configuration. Inherited from deviceConfiguration
renewalThresholdPercentage Int32 Certificate renewal threshold percentage. Valid values 1 to 99 Inherited from androidForWorkCertificateProfileBase
subjectNameFormat subjectNameFormat Certificate Subject Name Format. Inherited from androidForWorkCertificateProfileBase. Possible values are: commonName, commonNameIncludingEmail, commonNameAsEmail, custom, commonNameAsIMEI, commonNameAsSerialNumber, commonNameAsAadDeviceId, commonNameAsIntuneDeviceId, commonNameAsDurableDeviceId.
certificateValidityPeriodValue Int32 Value for the Certificate Validity Period. Inherited from androidForWorkCertificateProfileBase
certificateValidityPeriodScale certificateValidityPeriodScale Scale for the Certificate Validity Period. Inherited from androidForWorkCertificateProfileBase. Possible values are: days, months, years.
extendedKeyUsages extendedKeyUsage collection Extended Key Usage (EKU) settings. This collection can contain a maximum of 500 elements. Inherited from androidForWorkCertificateProfileBase
subjectAlternativeNameType subjectAlternativeNameType Certificate Subject Alternative Name Type. Inherited from androidForWorkCertificateProfileBase. Possible values are: none, emailAddress, userPrincipalName, customAzureADAttribute, domainNameService, universalResourceIdentifier.
scepServerUrls String collection SCEP Server Url(s)
subjectNameFormatString String Custom format to use with SubjectNameFormat = Custom. Example: CN={{EmailAddress}},E={{EmailAddress}},OU=Enterprise Users,O=Contoso Corporation,L=Redmond,ST=WA,C=US
keyUsage keyUsages SCEP Key Usage. Possible values are: keyEncipherment, digitalSignature.
keySize keySize SCEP Key Size. Possible values are: size1024, size2048, size4096.
hashAlgorithm hashAlgorithms SCEP Hash Algorithm. Possible values are: sha1, sha2.
subjectAlternativeNameFormatString String Custom String that defines the AAD Attribute.
certificateStore certificateStore Target store certificate. Possible values are: user, machine.
customSubjectAlternativeNames customSubjectAlternativeName collection Custom Subject Alternative Name Settings. This collection can contain a maximum of 500 elements.

androidForWorkTrustedRootCertificate

Property Type Description
id String Key of the entity. Inherited from deviceConfiguration
lastModifiedDateTime DateTimeOffset DateTime the object was last modified. Inherited from deviceConfiguration
roleScopeTagIds String collection List of Scope Tags for this Entity instance. Inherited from deviceConfiguration
supportsScopeTags Boolean Indicates whether or not the underlying Device Configuration supports the assignment of scope tags. Assigning to the ScopeTags property is not allowed when this value is false and entities will not be visible to scoped users. This occurs for Legacy policies created in Silverlight and can be resolved by deleting and recreating the policy in the Azure Portal. This property is read-only. Inherited from deviceConfiguration
deviceManagementApplicabilityRuleOsEdition deviceManagementApplicabilityRuleOsEdition The OS edition applicability for this Policy. Inherited from deviceConfiguration
deviceManagementApplicabilityRuleOsVersion deviceManagementApplicabilityRuleOsVersion The OS version applicability rule for this Policy. Inherited from deviceConfiguration
deviceManagementApplicabilityRuleDeviceMode deviceManagementApplicabilityRuleDeviceMode The device mode applicability rule for this Policy. Inherited from deviceConfiguration
createdDateTime DateTimeOffset DateTime the object was created. Inherited from deviceConfiguration
description String Admin provided description of the Device Configuration. Inherited from deviceConfiguration
displayName String Admin provided name of the device configuration. Inherited from deviceConfiguration
version Int32 Version of the device configuration. Inherited from deviceConfiguration
trustedRootCertificate Binary Trusted Root Certificate
certFileName String File name to display in UI.

androidForWorkVpnConfiguration

Property Type Description
id String Key of the entity. Inherited from deviceConfiguration
lastModifiedDateTime DateTimeOffset DateTime the object was last modified. Inherited from deviceConfiguration
roleScopeTagIds String collection List of Scope Tags for this Entity instance. Inherited from deviceConfiguration
supportsScopeTags Boolean Indicates whether or not the underlying Device Configuration supports the assignment of scope tags. Assigning to the ScopeTags property is not allowed when this value is false and entities will not be visible to scoped users. This occurs for Legacy policies created in Silverlight and can be resolved by deleting and recreating the policy in the Azure Portal. This property is read-only. Inherited from deviceConfiguration
deviceManagementApplicabilityRuleOsEdition deviceManagementApplicabilityRuleOsEdition The OS edition applicability for this Policy. Inherited from deviceConfiguration
deviceManagementApplicabilityRuleOsVersion deviceManagementApplicabilityRuleOsVersion The OS version applicability rule for this Policy. Inherited from deviceConfiguration
deviceManagementApplicabilityRuleDeviceMode deviceManagementApplicabilityRuleDeviceMode The device mode applicability rule for this Policy. Inherited from deviceConfiguration
createdDateTime DateTimeOffset DateTime the object was created. Inherited from deviceConfiguration
description String Admin provided description of the Device Configuration. Inherited from deviceConfiguration
displayName String Admin provided name of the device configuration. Inherited from deviceConfiguration
version Int32 Version of the device configuration. Inherited from deviceConfiguration
connectionName String Connection name displayed to the user.
connectionType androidForWorkVpnConnectionType Connection type. Possible values are: ciscoAnyConnect, pulseSecure, f5EdgeClient, dellSonicWallMobileConnect, checkPointCapsuleVpn, citrix.
role String Role when connection type is set to Pulse Secure.
realm String Realm when connection type is set to Pulse Secure.
servers vpnServer collection List of VPN Servers on the network. Make sure end users can access these network locations. This collection can contain a maximum of 500 elements.
fingerprint String Fingerprint is a string that will be used to verify the VPN server can be trusted, which is only applicable when connection type is Check Point Capsule VPN.
customData keyValue collection Custom data when connection type is set to Citrix. This collection can contain a maximum of 25 elements.
customKeyValueData keyValuePair collection Custom data when connection type is set to Citrix. This collection can contain a maximum of 25 elements.
authenticationMethod vpnAuthenticationMethod Authentication method. Possible values are: certificate, usernameAndPassword, sharedSecret, derivedCredential, azureAD.

androidForWorkWiFiConfiguration

Property Type Description
id String Key of the entity. Inherited from deviceConfiguration
lastModifiedDateTime DateTimeOffset DateTime the object was last modified. Inherited from deviceConfiguration
roleScopeTagIds String collection List of Scope Tags for this Entity instance. Inherited from deviceConfiguration
supportsScopeTags Boolean Indicates whether or not the underlying Device Configuration supports the assignment of scope tags. Assigning to the ScopeTags property is not allowed when this value is false and entities will not be visible to scoped users. This occurs for Legacy policies created in Silverlight and can be resolved by deleting and recreating the policy in the Azure Portal. This property is read-only. Inherited from deviceConfiguration
deviceManagementApplicabilityRuleOsEdition deviceManagementApplicabilityRuleOsEdition The OS edition applicability for this Policy. Inherited from deviceConfiguration
deviceManagementApplicabilityRuleOsVersion deviceManagementApplicabilityRuleOsVersion The OS version applicability rule for this Policy. Inherited from deviceConfiguration
deviceManagementApplicabilityRuleDeviceMode deviceManagementApplicabilityRuleDeviceMode The device mode applicability rule for this Policy. Inherited from deviceConfiguration
createdDateTime DateTimeOffset DateTime the object was created. Inherited from deviceConfiguration
description String Admin provided description of the Device Configuration. Inherited from deviceConfiguration
displayName String Admin provided name of the device configuration. Inherited from deviceConfiguration
version Int32 Version of the device configuration. Inherited from deviceConfiguration
networkName String Network Name
ssid String This is the name of the Wi-Fi network that is broadcast to all devices.
connectAutomatically Boolean Connect automatically when this network is in range. Setting this to true will skip the user prompt and automatically connect the device to Wi-Fi network.
connectWhenNetworkNameIsHidden Boolean When set to true, this profile forces the device to connect to a network that doesn't broadcast its SSID to all devices.
wiFiSecurityType androidWiFiSecurityType Indicates whether Wi-Fi endpoint uses an EAP based security type. Possible values are: open, wpaEnterprise, wpa2Enterprise.

androidGeneralDeviceConfiguration

Property Type Description
id String Key of the entity. Inherited from deviceConfiguration
lastModifiedDateTime DateTimeOffset DateTime the object was last modified. Inherited from deviceConfiguration
createdDateTime DateTimeOffset DateTime the object was created. Inherited from deviceConfiguration
description String Admin provided description of the Device Configuration. Inherited from deviceConfiguration
displayName String Admin provided name of the device configuration. Inherited from deviceConfiguration
version Int32 Version of the device configuration. Inherited from deviceConfiguration
appsBlockClipboardSharing Boolean Indicates whether or not to block clipboard sharing to copy and paste between applications.
appsBlockCopyPaste Boolean Indicates whether or not to block copy and paste within applications.
appsBlockYouTube Boolean Indicates whether or not to block the YouTube app.
bluetoothBlocked Boolean Indicates whether or not to block Bluetooth.
cameraBlocked Boolean Indicates whether or not to block the use of the camera.
cellularBlockDataRoaming Boolean Indicates whether or not to block data roaming.
cellularBlockMessaging Boolean Indicates whether or not to block SMS/MMS messaging.
cellularBlockVoiceRoaming Boolean Indicates whether or not to block voice roaming.
cellularBlockWiFiTethering Boolean Indicates whether or not to block syncing Wi-Fi tethering.
compliantAppsList appListItem collection List of apps in the compliance (either allow list or block list, controlled by CompliantAppListType). This collection can contain a maximum of 10000 elements.
compliantAppListType appListType Type of list that is in the CompliantAppsList. Possible values are: none, appsInListCompliant, appsNotInListCompliant.
diagnosticDataBlockSubmission Boolean Indicates whether or not to block diagnostic data submission.
locationServicesBlocked Boolean Indicates whether or not to block location services.
googleAccountBlockAutoSync Boolean Indicates whether or not to block Google account auto sync.
googlePlayStoreBlocked Boolean Indicates whether or not to block the Google Play store.
kioskModeBlockSleepButton Boolean Indicates whether or not to block the screen sleep button while in Kiosk Mode.
kioskModeBlockVolumeButtons Boolean Indicates whether or not to block the volume buttons while in Kiosk Mode.
kioskModeApps appListItem collection A list of apps that will be allowed to run when the device is in Kiosk Mode. This collection can contain a maximum of 500 elements.
nfcBlocked Boolean Indicates whether or not to block Near-Field Communication.
passwordBlockFingerprintUnlock Boolean Indicates whether or not to block fingerprint unlock.
passwordBlockTrustAgents Boolean Indicates whether or not to block Smart Lock and other trust agents.
passwordExpirationDays Int32 Number of days before the password expires. Valid values 1 to 365
passwordMinimumLength Int32 Minimum length of passwords. Valid values 4 to 16
passwordMinutesOfInactivityBeforeScreenTimeout Int32 Minutes of inactivity before the screen times out.
passwordPreviousPasswordBlockCount Int32 Number of previous passwords to block. Valid values 0 to 24
passwordSignInFailureCountBeforeFactoryReset Int32 Number of sign in failures allowed before factory reset. Valid values 1 to 16
passwordRequiredType androidRequiredPasswordType Type of password that is required. Possible values are: deviceDefault, alphabetic, alphanumeric, alphanumericWithSymbols, lowSecurityBiometric, numeric, numericComplex, any.
passwordRequired Boolean Indicates whether or not to require a password.
powerOffBlocked Boolean Indicates whether or not to block powering off the device.
factoryResetBlocked Boolean Indicates whether or not to block user performing a factory reset.
screenCaptureBlocked Boolean Indicates whether or not to block screenshots.
deviceSharingAllowed Boolean Indicates whether or not to allow device sharing mode.
storageBlockGoogleBackup Boolean Indicates whether or not to block Google Backup.
storageBlockRemovableStorage Boolean Indicates whether or not to block removable storage usage.
storageRequireDeviceEncryption Boolean Indicates whether or not to require device encryption.
storageRequireRemovableStorageEncryption Boolean Indicates whether or not to require removable storage encryption.
voiceAssistantBlocked Boolean Indicates whether or not to block the use of the Voice Assistant.
voiceDialingBlocked Boolean Indicates whether or not to block voice dialing.
webBrowserBlockPopups Boolean Indicates whether or not to block popups within the web browser.
webBrowserBlockAutofill Boolean Indicates whether or not to block the web browser's auto fill feature.
webBrowserBlockJavaScript Boolean Indicates whether or not to block JavaScript within the web browser.
webBrowserBlocked Boolean Indicates whether or not to block the web browser.
webBrowserCookieSettings webBrowserCookieSettings Cookie settings within the web browser. Possible values are: browserDefault, blockAlways, allowCurrentWebSite, allowFromWebsitesVisited, allowAlways.
wiFiBlocked Boolean Indicates whether or not to block syncing Wi-Fi.
appsInstallAllowList appListItem collection List of apps which can be installed on the KNOX device. This collection can contain a maximum of 500 elements.
appsLaunchBlockList appListItem collection List of apps which are blocked from being launched on the KNOX device. This collection can contain a maximum of 500 elements.
appsHideList appListItem collection List of apps to be hidden on the KNOX device. This collection can contain a maximum of 500 elements.
securityRequireVerifyApps Boolean Require the Android Verify apps feature is turned on.

androidImportedPFXCertificateProfile

Property Type Description
id String Key of the entity. Inherited from deviceConfiguration
lastModifiedDateTime DateTimeOffset DateTime the object was last modified. Inherited from deviceConfiguration
roleScopeTagIds String collection List of Scope Tags for this Entity instance. Inherited from deviceConfiguration
supportsScopeTags Boolean Indicates whether or not the underlying Device Configuration supports the assignment of scope tags. Assigning to the ScopeTags property is not allowed when this value is false and entities will not be visible to scoped users. This occurs for Legacy policies created in Silverlight and can be resolved by deleting and recreating the policy in the Azure Portal. This property is read-only. Inherited from deviceConfiguration
deviceManagementApplicabilityRuleOsEdition deviceManagementApplicabilityRuleOsEdition The OS edition applicability for this Policy. Inherited from deviceConfiguration
deviceManagementApplicabilityRuleOsVersion deviceManagementApplicabilityRuleOsVersion The OS version applicability rule for this Policy. Inherited from deviceConfiguration
deviceManagementApplicabilityRuleDeviceMode deviceManagementApplicabilityRuleDeviceMode The device mode applicability rule for this Policy. Inherited from deviceConfiguration
createdDateTime DateTimeOffset DateTime the object was created. Inherited from deviceConfiguration
description String Admin provided description of the Device Configuration. Inherited from deviceConfiguration
displayName String Admin provided name of the device configuration. Inherited from deviceConfiguration
version Int32 Version of the device configuration. Inherited from deviceConfiguration
renewalThresholdPercentage Int32 Certificate renewal threshold percentage. Valid values 1 to 99 Inherited from androidCertificateProfileBase
subjectNameFormat subjectNameFormat Certificate Subject Name Format. Inherited from androidCertificateProfileBase. Possible values are: commonName, commonNameIncludingEmail, commonNameAsEmail, custom, commonNameAsIMEI, commonNameAsSerialNumber, commonNameAsAadDeviceId, commonNameAsIntuneDeviceId, commonNameAsDurableDeviceId.
subjectAlternativeNameType subjectAlternativeNameType Certificate Subject Alternative Name Type. Inherited from androidCertificateProfileBase. Possible values are: none, emailAddress, userPrincipalName, customAzureADAttribute, domainNameService, universalResourceIdentifier.
certificateValidityPeriodValue Int32 Value for the Certificate Validity Period. Inherited from androidCertificateProfileBase
certificateValidityPeriodScale certificateValidityPeriodScale Scale for the Certificate Validity Period. Inherited from androidCertificateProfileBase. Possible values are: days, months, years.
extendedKeyUsages extendedKeyUsage collection Extended Key Usage (EKU) settings. This collection can contain a maximum of 500 elements. Inherited from androidCertificateProfileBase
intendedPurpose intendedPurpose Intended Purpose of the Certificate Profile - which could be Unassigned, SmimeEncryption, SmimeSigning etc. Possible values are: unassigned, smimeEncryption, smimeSigning, vpn, wifi.

androidOmaCpConfiguration

Property Type Description
id String Key of the entity. Inherited from deviceConfiguration
lastModifiedDateTime DateTimeOffset DateTime the object was last modified. Inherited from deviceConfiguration
roleScopeTagIds String collection List of Scope Tags for this Entity instance. Inherited from deviceConfiguration
supportsScopeTags Boolean Indicates whether or not the underlying Device Configuration supports the assignment of scope tags. Assigning to the ScopeTags property is not allowed when this value is false and entities will not be visible to scoped users. This occurs for Legacy policies created in Silverlight and can be resolved by deleting and recreating the policy in the Azure Portal. This property is read-only. Inherited from deviceConfiguration
deviceManagementApplicabilityRuleOsEdition deviceManagementApplicabilityRuleOsEdition The OS edition applicability for this Policy. Inherited from deviceConfiguration
deviceManagementApplicabilityRuleOsVersion deviceManagementApplicabilityRuleOsVersion The OS version applicability rule for this Policy. Inherited from deviceConfiguration
deviceManagementApplicabilityRuleDeviceMode deviceManagementApplicabilityRuleDeviceMode The device mode applicability rule for this Policy. Inherited from deviceConfiguration
createdDateTime DateTimeOffset DateTime the object was created. Inherited from deviceConfiguration
description String Admin provided description of the Device Configuration. Inherited from deviceConfiguration
displayName String Admin provided name of the device configuration. Inherited from deviceConfiguration
version Int32 Version of the device configuration. Inherited from deviceConfiguration
configurationXml Binary Configuration XML that will be applied to the device. When it is read, it only provides a placeholder string since the original data is encrypted and stored.

androidPkcsCertificateProfile

Property Type Description
id String Key of the entity. Inherited from deviceConfiguration
lastModifiedDateTime DateTimeOffset DateTime the object was last modified. Inherited from deviceConfiguration
roleScopeTagIds String collection List of Scope Tags for this Entity instance. Inherited from deviceConfiguration
supportsScopeTags Boolean Indicates whether or not the underlying Device Configuration supports the assignment of scope tags. Assigning to the ScopeTags property is not allowed when this value is false and entities will not be visible to scoped users. This occurs for Legacy policies created in Silverlight and can be resolved by deleting and recreating the policy in the Azure Portal. This property is read-only. Inherited from deviceConfiguration
deviceManagementApplicabilityRuleOsEdition deviceManagementApplicabilityRuleOsEdition The OS edition applicability for this Policy. Inherited from deviceConfiguration
deviceManagementApplicabilityRuleOsVersion deviceManagementApplicabilityRuleOsVersion The OS version applicability rule for this Policy. Inherited from deviceConfiguration
deviceManagementApplicabilityRuleDeviceMode deviceManagementApplicabilityRuleDeviceMode The device mode applicability rule for this Policy. Inherited from deviceConfiguration
createdDateTime DateTimeOffset DateTime the object was created. Inherited from deviceConfiguration
description String Admin provided description of the Device Configuration. Inherited from deviceConfiguration
displayName String Admin provided name of the device configuration. Inherited from deviceConfiguration
version Int32 Version of the device configuration. Inherited from deviceConfiguration
renewalThresholdPercentage Int32 Certificate renewal threshold percentage. Valid values 1 to 99 Inherited from androidCertificateProfileBase
subjectNameFormat subjectNameFormat Certificate Subject Name Format. Inherited from androidCertificateProfileBase. Possible values are: commonName, commonNameIncludingEmail, commonNameAsEmail, custom, commonNameAsIMEI, commonNameAsSerialNumber, commonNameAsAadDeviceId, commonNameAsIntuneDeviceId, commonNameAsDurableDeviceId.
subjectAlternativeNameType subjectAlternativeNameType Certificate Subject Alternative Name Type. Inherited from androidCertificateProfileBase. Possible values are: none, emailAddress, userPrincipalName, customAzureADAttribute, domainNameService, universalResourceIdentifier.
certificateValidityPeriodValue Int32 Value for the Certificate Validity Period. Inherited from androidCertificateProfileBase
certificateValidityPeriodScale certificateValidityPeriodScale Scale for the Certificate Validity Period. Inherited from androidCertificateProfileBase. Possible values are: days, months, years.
extendedKeyUsages extendedKeyUsage collection Extended Key Usage (EKU) settings. This collection can contain a maximum of 500 elements. Inherited from androidCertificateProfileBase
certificationAuthority String PKCS Certification Authority
certificationAuthorityName String PKCS Certification Authority Name
certificateTemplateName String PKCS Certificate Template Name
subjectAlternativeNameFormatString String Custom String that defines the AAD Attribute.

androidScepCertificateProfile

Property Type Description
id String Key of the entity. Inherited from deviceConfiguration
lastModifiedDateTime DateTimeOffset DateTime the object was last modified. Inherited from deviceConfiguration
roleScopeTagIds String collection List of Scope Tags for this Entity instance. Inherited from deviceConfiguration
supportsScopeTags Boolean Indicates whether or not the underlying Device Configuration supports the assignment of scope tags. Assigning to the ScopeTags property is not allowed when this value is false and entities will not be visible to scoped users. This occurs for Legacy policies created in Silverlight and can be resolved by deleting and recreating the policy in the Azure Portal. This property is read-only. Inherited from deviceConfiguration
deviceManagementApplicabilityRuleOsEdition deviceManagementApplicabilityRuleOsEdition The OS edition applicability for this Policy. Inherited from deviceConfiguration
deviceManagementApplicabilityRuleOsVersion deviceManagementApplicabilityRuleOsVersion The OS version applicability rule for this Policy. Inherited from deviceConfiguration
deviceManagementApplicabilityRuleDeviceMode deviceManagementApplicabilityRuleDeviceMode The device mode applicability rule for this Policy. Inherited from deviceConfiguration
createdDateTime DateTimeOffset DateTime the object was created. Inherited from deviceConfiguration
description String Admin provided description of the Device Configuration. Inherited from deviceConfiguration
displayName String Admin provided name of the device configuration. Inherited from deviceConfiguration
version Int32 Version of the device configuration. Inherited from deviceConfiguration
renewalThresholdPercentage Int32 Certificate renewal threshold percentage. Valid values 1 to 99 Inherited from androidCertificateProfileBase
subjectNameFormat subjectNameFormat Certificate Subject Name Format. Inherited from androidCertificateProfileBase. Possible values are: commonName, commonNameIncludingEmail, commonNameAsEmail, custom, commonNameAsIMEI, commonNameAsSerialNumber, commonNameAsAadDeviceId, commonNameAsIntuneDeviceId, commonNameAsDurableDeviceId.
subjectAlternativeNameType subjectAlternativeNameType Certificate Subject Alternative Name Type. Inherited from androidCertificateProfileBase. Possible values are: none, emailAddress, userPrincipalName, customAzureADAttribute, domainNameService, universalResourceIdentifier.
certificateValidityPeriodValue Int32 Value for the Certificate Validity Period. Inherited from androidCertificateProfileBase
certificateValidityPeriodScale certificateValidityPeriodScale Scale for the Certificate Validity Period. Inherited from androidCertificateProfileBase. Possible values are: days, months, years.
extendedKeyUsages extendedKeyUsage collection Extended Key Usage (EKU) settings. This collection can contain a maximum of 500 elements. Inherited from androidCertificateProfileBase
scepServerUrls String collection SCEP Server Url(s)
subjectNameFormatString String Custom format to use with SubjectNameFormat = Custom. Example: CN={{EmailAddress}},E={{EmailAddress}},OU=Enterprise Users,O=Contoso Corporation,L=Redmond,ST=WA,C=US
keyUsage keyUsages SCEP Key Usage. Possible values are: keyEncipherment, digitalSignature.
keySize keySize SCEP Key Size. Possible values are: size1024, size2048, size4096.
hashAlgorithm hashAlgorithms SCEP Hash Algorithm. Possible values are: sha1, sha2.
subjectAlternativeNameFormatString String Custom String that defines the AAD Attribute.

androidTrustedRootCertificate

Property Type Description
id String Key of the entity. Inherited from deviceConfiguration
lastModifiedDateTime DateTimeOffset DateTime the object was last modified. Inherited from deviceConfiguration
roleScopeTagIds String collection List of Scope Tags for this Entity instance. Inherited from deviceConfiguration
supportsScopeTags Boolean Indicates whether or not the underlying Device Configuration supports the assignment of scope tags. Assigning to the ScopeTags property is not allowed when this value is false and entities will not be visible to scoped users. This occurs for Legacy policies created in Silverlight and can be resolved by deleting and recreating the policy in the Azure Portal. This property is read-only. Inherited from deviceConfiguration
deviceManagementApplicabilityRuleOsEdition deviceManagementApplicabilityRuleOsEdition The OS edition applicability for this Policy. Inherited from deviceConfiguration
deviceManagementApplicabilityRuleOsVersion deviceManagementApplicabilityRuleOsVersion The OS version applicability rule for this Policy. Inherited from deviceConfiguration
deviceManagementApplicabilityRuleDeviceMode deviceManagementApplicabilityRuleDeviceMode The device mode applicability rule for this Policy. Inherited from deviceConfiguration
createdDateTime DateTimeOffset DateTime the object was created. Inherited from deviceConfiguration
description String Admin provided description of the Device Configuration. Inherited from deviceConfiguration
displayName String Admin provided name of the device configuration. Inherited from deviceConfiguration
version Int32 Version of the device configuration. Inherited from deviceConfiguration
trustedRootCertificate Binary Trusted Root Certificate
certFileName String File name to display in UI.

androidVpnConfiguration

Property Type Description
id String Key of the entity. Inherited from deviceConfiguration
lastModifiedDateTime DateTimeOffset DateTime the object was last modified. Inherited from deviceConfiguration
roleScopeTagIds String collection List of Scope Tags for this Entity instance. Inherited from deviceConfiguration
supportsScopeTags Boolean Indicates whether or not the underlying Device Configuration supports the assignment of scope tags. Assigning to the ScopeTags property is not allowed when this value is false and entities will not be visible to scoped users. This occurs for Legacy policies created in Silverlight and can be resolved by deleting and recreating the policy in the Azure Portal. This property is read-only. Inherited from deviceConfiguration
deviceManagementApplicabilityRuleOsEdition deviceManagementApplicabilityRuleOsEdition The OS edition applicability for this Policy. Inherited from deviceConfiguration
deviceManagementApplicabilityRuleOsVersion deviceManagementApplicabilityRuleOsVersion The OS version applicability rule for this Policy. Inherited from deviceConfiguration
deviceManagementApplicabilityRuleDeviceMode deviceManagementApplicabilityRuleDeviceMode The device mode applicability rule for this Policy. Inherited from deviceConfiguration
createdDateTime DateTimeOffset DateTime the object was created. Inherited from deviceConfiguration
description String Admin provided description of the Device Configuration. Inherited from deviceConfiguration
displayName String Admin provided name of the device configuration. Inherited from deviceConfiguration
version Int32 Version of the device configuration. Inherited from deviceConfiguration
connectionName String Connection name displayed to the user.
connectionType androidVpnConnectionType Connection type. Possible values are: ciscoAnyConnect, pulseSecure, f5EdgeClient, dellSonicWallMobileConnect, checkPointCapsuleVpn, citrix, microsoftTunnel, netMotionMobility, microsoftProtect.
role String Role when connection type is set to Pulse Secure.
realm String Realm when connection type is set to Pulse Secure.
servers vpnServer collection List of VPN Servers on the network. Make sure end users can access these network locations. This collection can contain a maximum of 500 elements.
fingerprint String Fingerprint is a string that will be used to verify the VPN server can be trusted, which is only applicable when connection type is Check Point Capsule VPN.
customData keyValue collection Custom data when connection type is set to Citrix. This collection can contain a maximum of 25 elements.
customKeyValueData keyValuePair collection Custom data when connection type is set to Citrix. This collection can contain a maximum of 25 elements.
authenticationMethod vpnAuthenticationMethod Authentication method. Possible values are: certificate, usernameAndPassword, sharedSecret, derivedCredential, azureAD.

androidWiFiConfiguration

Property Type Description
id String Key of the entity. Inherited from deviceConfiguration
lastModifiedDateTime DateTimeOffset DateTime the object was last modified. Inherited from deviceConfiguration
roleScopeTagIds String collection List of Scope Tags for this Entity instance. Inherited from deviceConfiguration
supportsScopeTags Boolean Indicates whether or not the underlying Device Configuration supports the assignment of scope tags. Assigning to the ScopeTags property is not allowed when this value is false and entities will not be visible to scoped users. This occurs for Legacy policies created in Silverlight and can be resolved by deleting and recreating the policy in the Azure Portal. This property is read-only. Inherited from deviceConfiguration
deviceManagementApplicabilityRuleOsEdition deviceManagementApplicabilityRuleOsEdition The OS edition applicability for this Policy. Inherited from deviceConfiguration
deviceManagementApplicabilityRuleOsVersion deviceManagementApplicabilityRuleOsVersion The OS version applicability rule for this Policy. Inherited from deviceConfiguration
deviceManagementApplicabilityRuleDeviceMode deviceManagementApplicabilityRuleDeviceMode The device mode applicability rule for this Policy. Inherited from deviceConfiguration
createdDateTime DateTimeOffset DateTime the object was created. Inherited from deviceConfiguration
description String Admin provided description of the Device Configuration. Inherited from deviceConfiguration
displayName String Admin provided name of the device configuration. Inherited from deviceConfiguration
version Int32 Version of the device configuration. Inherited from deviceConfiguration
networkName String Network Name
ssid String This is the name of the Wi-Fi network that is broadcast to all devices.
connectAutomatically Boolean Connect automatically when this network is in range. Setting this to true will skip the user prompt and automatically connect the device to Wi-Fi network.
connectWhenNetworkNameIsHidden Boolean When set to true, this profile forces the device to connect to a network that doesn't broadcast its SSID to all devices.
wiFiSecurityType androidWiFiSecurityType Indicates whether Wi-Fi endpoint uses an EAP based security type. Possible values are: open, wpaEnterprise, wpa2Enterprise.

androidWorkProfileCertificateProfileBase

Property Type Description
id String Key of the entity. Inherited from deviceConfiguration
lastModifiedDateTime DateTimeOffset DateTime the object was last modified. Inherited from deviceConfiguration
roleScopeTagIds String collection List of Scope Tags for this Entity instance. Inherited from deviceConfiguration
supportsScopeTags Boolean Indicates whether or not the underlying Device Configuration supports the assignment of scope tags. Assigning to the ScopeTags property is not allowed when this value is false and entities will not be visible to scoped users. This occurs for Legacy policies created in Silverlight and can be resolved by deleting and recreating the policy in the Azure Portal. This property is read-only. Inherited from deviceConfiguration
deviceManagementApplicabilityRuleOsEdition deviceManagementApplicabilityRuleOsEdition The OS edition applicability for this Policy. Inherited from deviceConfiguration
deviceManagementApplicabilityRuleOsVersion deviceManagementApplicabilityRuleOsVersion The OS version applicability rule for this Policy. Inherited from deviceConfiguration
deviceManagementApplicabilityRuleDeviceMode deviceManagementApplicabilityRuleDeviceMode The device mode applicability rule for this Policy. Inherited from deviceConfiguration
createdDateTime DateTimeOffset DateTime the object was created. Inherited from deviceConfiguration
description String Admin provided description of the Device Configuration. Inherited from deviceConfiguration
displayName String Admin provided name of the device configuration. Inherited from deviceConfiguration
version Int32 Version of the device configuration. Inherited from deviceConfiguration
renewalThresholdPercentage Int32 Certificate renewal threshold percentage. Valid values 1 to 99
subjectNameFormat subjectNameFormat Certificate Subject Name Format. Possible values are: commonName, commonNameIncludingEmail, commonNameAsEmail, custom, commonNameAsIMEI, commonNameAsSerialNumber, commonNameAsAadDeviceId, commonNameAsIntuneDeviceId, commonNameAsDurableDeviceId.
certificateValidityPeriodValue Int32 Value for the Certificate Validity Period.
certificateValidityPeriodScale certificateValidityPeriodScale Scale for the Certificate Validity Period. Possible values are: days, months, years.
extendedKeyUsages extendedKeyUsage collection Extended Key Usage (EKU) settings. This collection can contain a maximum of 500 elements.
subjectAlternativeNameType subjectAlternativeNameType Certificate Subject Alternative Name Type. Possible values are: none, emailAddress, userPrincipalName, customAzureADAttribute, domainNameService, universalResourceIdentifier.

androidWorkProfileCompliancePolicy

Property Type Description
id String Key of the entity. Inherited from deviceCompliancePolicy
createdDateTime DateTimeOffset DateTime the object was created. Inherited from deviceCompliancePolicy
description String Admin provided description of the Device Configuration. Inherited from deviceCompliancePolicy
lastModifiedDateTime DateTimeOffset DateTime the object was last modified. Inherited from deviceCompliancePolicy
displayName String Admin provided name of the device configuration. Inherited from deviceCompliancePolicy
version Int32 Version of the device configuration. Inherited from deviceCompliancePolicy
passwordRequired Boolean Require a password to unlock device.
passwordMinimumLength Int32 Minimum password length. Valid values 4 to 16
passwordRequiredType androidRequiredPasswordType Type of characters in password. Possible values are: deviceDefault, alphabetic, alphanumeric, alphanumericWithSymbols, lowSecurityBiometric, numeric, numericComplex, any.
passwordMinutesOfInactivityBeforeLock Int32 Minutes of inactivity before a password is required.
passwordExpirationDays Int32 Number of days before the password expires. Valid values 1 to 365
passwordPreviousPasswordBlockCount Int32 Number of previous passwords to block. Valid values 1 to 24
securityPreventInstallAppsFromUnknownSources Boolean Require that devices disallow installation of apps from unknown sources.
securityDisableUsbDebugging Boolean Disable USB debugging on Android devices.
securityRequireVerifyApps Boolean Require the Android Verify apps feature is turned on.
deviceThreatProtectionEnabled Boolean Require that devices have enabled device threat protection.
deviceThreatProtectionRequiredSecurityLevel deviceThreatProtectionLevel Require Mobile Threat Protection minimum risk level to report noncompliance. Possible values are: unavailable, secured, low, medium, high, notSet.
securityBlockJailbrokenDevices Boolean Devices must not be jailbroken or rooted.
osMinimumVersion String Minimum Android version.
osMaximumVersion String Maximum Android version.
minAndroidSecurityPatchLevel String Minimum Android security patch level.
storageRequireEncryption Boolean Require encryption on Android devices.
securityRequireSafetyNetAttestationBasicIntegrity Boolean Require the device to pass the SafetyNet basic integrity check.
securityRequireSafetyNetAttestationCertifiedDevice Boolean Require the device to pass the SafetyNet certified device check.
securityRequireGooglePlayServices Boolean Require Google Play Services to be installed and enabled on the device.
securityRequireUpToDateSecurityProviders Boolean Require the device to have up to date security providers. The device will require Google Play Services to be enabled and up to date.
securityRequireCompanyPortalAppIntegrity Boolean Require the device to pass the Company Portal client app runtime integrity check.

androidWorkProfileCustomConfiguration

Property Type Description
id String Key of the entity. Inherited from deviceConfiguration
lastModifiedDateTime DateTimeOffset DateTime the object was last modified. Inherited from deviceConfiguration
createdDateTime DateTimeOffset DateTime the object was created. Inherited from deviceConfiguration
description String Admin provided description of the Device Configuration. Inherited from deviceConfiguration
displayName String Admin provided name of the device configuration. Inherited from deviceConfiguration
version Int32 Version of the device configuration. Inherited from deviceConfiguration
omaSettings omaSetting collection OMA settings. This collection can contain a maximum of 500 elements.

androidWorkProfileEasEmailProfileBase

Property Type Description
id String Key of the entity. Inherited from deviceConfiguration
lastModifiedDateTime DateTimeOffset DateTime the object was last modified. Inherited from deviceConfiguration
roleScopeTagIds String collection List of Scope Tags for this Entity instance. Inherited from deviceConfiguration
supportsScopeTags Boolean Indicates whether or not the underlying Device Configuration supports the assignment of scope tags. Assigning to the ScopeTags property is not allowed when this value is false and entities will not be visible to scoped users. This occurs for Legacy policies created in Silverlight and can be resolved by deleting and recreating the policy in the Azure Portal. This property is read-only. Inherited from deviceConfiguration
deviceManagementApplicabilityRuleOsEdition deviceManagementApplicabilityRuleOsEdition The OS edition applicability for this Policy. Inherited from deviceConfiguration
deviceManagementApplicabilityRuleOsVersion deviceManagementApplicabilityRuleOsVersion The OS version applicability rule for this Policy. Inherited from deviceConfiguration
deviceManagementApplicabilityRuleDeviceMode deviceManagementApplicabilityRuleDeviceMode The device mode applicability rule for this Policy. Inherited from deviceConfiguration
createdDateTime DateTimeOffset DateTime the object was created. Inherited from deviceConfiguration
description String Admin provided description of the Device Configuration. Inherited from deviceConfiguration
displayName String Admin provided name of the device configuration. Inherited from deviceConfiguration
version Int32 Version of the device configuration. Inherited from deviceConfiguration
authenticationMethod easAuthenticationMethod Authentication method for Exchange ActiveSync. Possible values are: usernameAndPassword, certificate, derivedCredential.
durationOfEmailToSync emailSyncDuration Duration of time email should be synced to. Possible values are: userDefined, oneDay, threeDays, oneWeek, twoWeeks, oneMonth, unlimited.
emailAddressSource userEmailSource Email attribute that is picked from AAD and injected into this profile before installing on the device. Possible values are: userPrincipalName, primarySmtpAddress.
hostName String Exchange location (URL) that the mail app connects to.
requireSsl Boolean Indicates whether or not to use SSL.
usernameSource androidUsernameSource Username attribute that is picked from AAD and injected into this profile before installing on the device. Possible values are: username, userPrincipalName, samAccountName, primarySmtpAddress.

androidWorkProfileEnterpriseWiFiConfiguration

Property Type Description
id String Key of the entity. Inherited from deviceConfiguration
lastModifiedDateTime DateTimeOffset DateTime the object was last modified. Inherited from deviceConfiguration
roleScopeTagIds String collection List of Scope Tags for this Entity instance. Inherited from deviceConfiguration
supportsScopeTags Boolean Indicates whether or not the underlying Device Configuration supports the assignment of scope tags. Assigning to the ScopeTags property is not allowed when this value is false and entities will not be visible to scoped users. This occurs for Legacy policies created in Silverlight and can be resolved by deleting and recreating the policy in the Azure Portal. This property is read-only. Inherited from deviceConfiguration
deviceManagementApplicabilityRuleOsEdition deviceManagementApplicabilityRuleOsEdition The OS edition applicability for this Policy. Inherited from deviceConfiguration
deviceManagementApplicabilityRuleOsVersion deviceManagementApplicabilityRuleOsVersion The OS version applicability rule for this Policy. Inherited from deviceConfiguration
deviceManagementApplicabilityRuleDeviceMode deviceManagementApplicabilityRuleDeviceMode The device mode applicability rule for this Policy. Inherited from deviceConfiguration
createdDateTime DateTimeOffset DateTime the object was created. Inherited from deviceConfiguration
description String Admin provided description of the Device Configuration. Inherited from deviceConfiguration
displayName String Admin provided name of the device configuration. Inherited from deviceConfiguration
version Int32 Version of the device configuration. Inherited from deviceConfiguration
networkName String Network Name Inherited from androidWorkProfileWiFiConfiguration
ssid String This is the name of the Wi-Fi network that is broadcast to all devices. Inherited from androidWorkProfileWiFiConfiguration
connectAutomatically Boolean Connect automatically when this network is in range. Setting this to true will skip the user prompt and automatically connect the device to Wi-Fi network. Inherited from androidWorkProfileWiFiConfiguration
connectWhenNetworkNameIsHidden Boolean When set to true, this profile forces the device to connect to a network that doesn't broadcast its SSID to all devices. Inherited from androidWorkProfileWiFiConfiguration
wiFiSecurityType androidWiFiSecurityType Indicates whether Wi-Fi endpoint uses an EAP based security type. Inherited from androidWorkProfileWiFiConfiguration. Possible values are: open, wpaEnterprise, wpa2Enterprise.
eapType androidEapType Indicates the type of EAP protocol set on the Wi-Fi endpoint (router). Possible values are: eapTls, eapTtls, peap.
trustedServerCertificateNames String collection Trusted server certificate names when EAP Type is configured to EAP-TLS/TTLS/FAST or PEAP. This is the common name used in the certificates issued by your trusted certificate authority (CA). If you provide this information, you can bypass the dynamic trust dialog that is displayed on end users' devices when they connect to this Wi-Fi network.
authenticationMethod wiFiAuthenticationMethod Indicates the Authentication Method the client (device) needs to use when the EAP Type is configured to PEAP or EAP-TTLS. Possible values are: certificate, usernameAndPassword, derivedCredential.
innerAuthenticationProtocolForEapTtls nonEapAuthenticationMethodForEapTtlsType Non-EAP Method for Authentication (Inner Identity) when EAP Type is EAP-TTLS and Authenticationmethod is Username and Password. Possible values are: unencryptedPassword, challengeHandshakeAuthenticationProtocol, microsoftChap, microsoftChapVersionTwo.
innerAuthenticationProtocolForPeap nonEapAuthenticationMethodForPeap Non-EAP Method for Authentication (Inner Identity) when EAP Type is PEAP and Authenticationmethod is Username and Password. Possible values are: none, microsoftChapVersionTwo.
outerIdentityPrivacyTemporaryValue String Enable identity privacy (Outer Identity) when EAP Type is configured to EAP-TTLS or PEAP. The String provided here is used to mask the username of individual users when they attempt to connect to Wi-Fi network.
proxySettings wiFiProxySetting Proxy Type for this Wi-Fi connection. Possible values are: none, manual, automatic.
proxyAutomaticConfigurationUrl String URL of the proxy server automatic configuration script when automatic configuration is selected. This URL is typically the location of PAC (Proxy Auto Configuration) file.

androidWorkProfileGeneralDeviceConfiguration

Property Type Description
id String Key of the entity. Inherited from deviceConfiguration
lastModifiedDateTime DateTimeOffset DateTime the object was last modified. Inherited from deviceConfiguration
createdDateTime DateTimeOffset DateTime the object was created. Inherited from deviceConfiguration
description String Admin provided description of the Device Configuration. Inherited from deviceConfiguration
displayName String Admin provided name of the device configuration. Inherited from deviceConfiguration
version Int32 Version of the device configuration. Inherited from deviceConfiguration
passwordBlockFingerprintUnlock Boolean Indicates whether or not to block fingerprint unlock.
passwordBlockTrustAgents Boolean Indicates whether or not to block Smart Lock and other trust agents.
passwordExpirationDays Int32 Number of days before the password expires. Valid values 1 to 365
passwordMinimumLength Int32 Minimum length of passwords. Valid values 4 to 16
passwordMinutesOfInactivityBeforeScreenTimeout Int32 Minutes of inactivity before the screen times out.
passwordPreviousPasswordBlockCount Int32 Number of previous passwords to block. Valid values 0 to 24
passwordSignInFailureCountBeforeFactoryReset Int32 Number of sign in failures allowed before factory reset. Valid values 1 to 16
passwordRequiredType androidWorkProfileRequiredPasswordType Type of password that is required. Possible values are: deviceDefault, lowSecurityBiometric, required, atLeastNumeric, numericComplex, atLeastAlphabetic, atLeastAlphanumeric, alphanumericWithSymbols.
workProfileDataSharingType androidWorkProfileCrossProfileDataSharingType Type of data sharing that is allowed. Possible values are: deviceDefault, preventAny, allowPersonalToWork, noRestrictions.
workProfileBlockNotificationsWhileDeviceLocked Boolean Indicates whether or not to block notifications while device locked.
workProfileBlockAddingAccounts Boolean Block users from adding/removing accounts in work profile.
workProfileBluetoothEnableContactSharing Boolean Allow bluetooth devices to access enterprise contacts.
workProfileBlockScreenCapture Boolean Block screen capture in work profile.
workProfileBlockCrossProfileCallerId Boolean Block display work profile caller ID in personal profile.
workProfileBlockCamera Boolean Block work profile camera.
workProfileBlockCrossProfileContactsSearch Boolean Block work profile contacts availability in personal profile.
workProfileBlockCrossProfileCopyPaste Boolean Boolean that indicates if the setting disallow cross profile copy/paste is enabled.
workProfileDefaultAppPermissionPolicy androidWorkProfileDefaultAppPermissionPolicyType Type of password that is required. Possible values are: deviceDefault, prompt, autoGrant, autoDeny.
workProfilePasswordBlockFingerprintUnlock Boolean Indicates whether or not to block fingerprint unlock for work profile.
workProfilePasswordBlockTrustAgents Boolean Indicates whether or not to block Smart Lock and other trust agents for work profile.
workProfilePasswordExpirationDays Int32 Number of days before the work profile password expires. Valid values 1 to 365
workProfilePasswordMinimumLength Int32 Minimum length of work profile password. Valid values 4 to 16
workProfilePasswordMinNumericCharacters Int32 Minimum # of numeric characters required in work profile password. Valid values 1 to 10
workProfilePasswordMinNonLetterCharacters Int32 Minimum # of non-letter characters required in work profile password. Valid values 1 to 10
workProfilePasswordMinLetterCharacters Int32 Minimum # of letter characters required in work profile password. Valid values 1 to 10
workProfilePasswordMinLowerCaseCharacters Int32 Minimum # of lower-case characters required in work profile password. Valid values 1 to 10
workProfilePasswordMinUpperCaseCharacters Int32 Minimum # of upper-case characters required in work profile password. Valid values 1 to 10
workProfilePasswordMinSymbolCharacters Int32 Minimum # of symbols required in work profile password. Valid values 1 to 10
workProfilePasswordMinutesOfInactivityBeforeScreenTimeout Int32 Minutes of inactivity before the screen times out.
workProfilePasswordPreviousPasswordBlockCount Int32 Number of previous work profile passwords to block. Valid values 0 to 24
workProfilePasswordSignInFailureCountBeforeFactoryReset Int32 Number of sign in failures allowed before work profile is removed and all corporate data deleted. Valid values 1 to 16
workProfilePasswordRequiredType androidWorkProfileRequiredPasswordType Type of work profile password that is required. Possible values are: deviceDefault, lowSecurityBiometric, required, atLeastNumeric, numericComplex, atLeastAlphabetic, atLeastAlphanumeric, alphanumericWithSymbols.
workProfileRequirePassword Boolean Password is required or not for work profile
securityRequireVerifyApps Boolean Require the Android Verify apps feature is turned on.

androidWorkProfileGmailEasConfiguration

Property Type Description
id String Key of the entity. Inherited from deviceConfiguration
lastModifiedDateTime DateTimeOffset DateTime the object was last modified. Inherited from deviceConfiguration
roleScopeTagIds String collection List of Scope Tags for this Entity instance. Inherited from deviceConfiguration
supportsScopeTags Boolean Indicates whether or not the underlying Device Configuration supports the assignment of scope tags. Assigning to the ScopeTags property is not allowed when this value is false and entities will not be visible to scoped users. This occurs for Legacy policies created in Silverlight and can be resolved by deleting and recreating the policy in the Azure Portal. This property is read-only. Inherited from deviceConfiguration
deviceManagementApplicabilityRuleOsEdition deviceManagementApplicabilityRuleOsEdition The OS edition applicability for this Policy. Inherited from deviceConfiguration
deviceManagementApplicabilityRuleOsVersion deviceManagementApplicabilityRuleOsVersion The OS version applicability rule for this Policy. Inherited from deviceConfiguration
deviceManagementApplicabilityRuleDeviceMode deviceManagementApplicabilityRuleDeviceMode The device mode applicability rule for this Policy. Inherited from deviceConfiguration
createdDateTime DateTimeOffset DateTime the object was created. Inherited from deviceConfiguration
description String Admin provided description of the Device Configuration. Inherited from deviceConfiguration
displayName String Admin provided name of the device configuration. Inherited from deviceConfiguration
version Int32 Version of the device configuration. Inherited from deviceConfiguration
authenticationMethod easAuthenticationMethod Authentication method for Exchange ActiveSync. Inherited from androidWorkProfileEasEmailProfileBase. Possible values are: usernameAndPassword, certificate, derivedCredential.
durationOfEmailToSync emailSyncDuration Duration of time email should be synced to. Inherited from androidWorkProfileEasEmailProfileBase. Possible values are: userDefined, oneDay, threeDays, oneWeek, twoWeeks, oneMonth, unlimited.
emailAddressSource userEmailSource Email attribute that is picked from AAD and injected into this profile before installing on the device. Inherited from androidWorkProfileEasEmailProfileBase. Possible values are: userPrincipalName, primarySmtpAddress.
hostName String Exchange location (URL) that the mail app connects to. Inherited from androidWorkProfileEasEmailProfileBase
requireSsl Boolean Indicates whether or not to use SSL. Inherited from androidWorkProfileEasEmailProfileBase
usernameSource androidUsernameSource Username attribute that is picked from AAD and injected into this profile before installing on the device. Inherited from androidWorkProfileEasEmailProfileBase. Possible values are: username, userPrincipalName, samAccountName, primarySmtpAddress.

androidWorkProfileNineWorkEasConfiguration

Property Type Description
id String Key of the entity. Inherited from deviceConfiguration
lastModifiedDateTime DateTimeOffset DateTime the object was last modified. Inherited from deviceConfiguration
roleScopeTagIds String collection List of Scope Tags for this Entity instance. Inherited from deviceConfiguration
supportsScopeTags Boolean Indicates whether or not the underlying Device Configuration supports the assignment of scope tags. Assigning to the ScopeTags property is not allowed when this value is false and entities will not be visible to scoped users. This occurs for Legacy policies created in Silverlight and can be resolved by deleting and recreating the policy in the Azure Portal. This property is read-only. Inherited from deviceConfiguration
deviceManagementApplicabilityRuleOsEdition deviceManagementApplicabilityRuleOsEdition The OS edition applicability for this Policy. Inherited from deviceConfiguration
deviceManagementApplicabilityRuleOsVersion deviceManagementApplicabilityRuleOsVersion The OS version applicability rule for this Policy. Inherited from deviceConfiguration
deviceManagementApplicabilityRuleDeviceMode deviceManagementApplicabilityRuleDeviceMode The device mode applicability rule for this Policy. Inherited from deviceConfiguration
createdDateTime DateTimeOffset DateTime the object was created. Inherited from deviceConfiguration
description String Admin provided description of the Device Configuration. Inherited from deviceConfiguration
displayName String Admin provided name of the device configuration. Inherited from deviceConfiguration
version Int32 Version of the device configuration. Inherited from deviceConfiguration
authenticationMethod easAuthenticationMethod Authentication method for Exchange ActiveSync. Inherited from androidWorkProfileEasEmailProfileBase. Possible values are: usernameAndPassword, certificate, derivedCredential.
durationOfEmailToSync emailSyncDuration Duration of time email should be synced to. Inherited from androidWorkProfileEasEmailProfileBase. Possible values are: userDefined, oneDay, threeDays, oneWeek, twoWeeks, oneMonth, unlimited.
emailAddressSource userEmailSource Email attribute that is picked from AAD and injected into this profile before installing on the device. Inherited from androidWorkProfileEasEmailProfileBase. Possible values are: userPrincipalName, primarySmtpAddress.
hostName String Exchange location (URL) that the mail app connects to. Inherited from androidWorkProfileEasEmailProfileBase
requireSsl Boolean Indicates whether or not to use SSL. Inherited from androidWorkProfileEasEmailProfileBase
usernameSource androidUsernameSource Username attribute that is picked from AAD and injected into this profile before installing on the device. Inherited from androidWorkProfileEasEmailProfileBase. Possible values are: username, userPrincipalName, samAccountName, primarySmtpAddress.
syncCalendar Boolean Toggles syncing the calendar. If set to false the calendar is turned off on the device.
syncContacts Boolean Toggles syncing contacts. If set to false contacts are turned off on the device.
syncTasks Boolean Toggles syncing tasks. If set to false tasks are turned off on the device.

androidWorkProfilePkcsCertificateProfile

Property Type Description
id String Key of the entity. Inherited from deviceConfiguration
lastModifiedDateTime DateTimeOffset DateTime the object was last modified. Inherited from deviceConfiguration
roleScopeTagIds String collection List of Scope Tags for this Entity instance. Inherited from deviceConfiguration
supportsScopeTags Boolean Indicates whether or not the underlying Device Configuration supports the assignment of scope tags. Assigning to the ScopeTags property is not allowed when this value is false and entities will not be visible to scoped users. This occurs for Legacy policies created in Silverlight and can be resolved by deleting and recreating the policy in the Azure Portal. This property is read-only. Inherited from deviceConfiguration
deviceManagementApplicabilityRuleOsEdition deviceManagementApplicabilityRuleOsEdition The OS edition applicability for this Policy. Inherited from deviceConfiguration
deviceManagementApplicabilityRuleOsVersion deviceManagementApplicabilityRuleOsVersion The OS version applicability rule for this Policy. Inherited from deviceConfiguration
deviceManagementApplicabilityRuleDeviceMode deviceManagementApplicabilityRuleDeviceMode The device mode applicability rule for this Policy. Inherited from deviceConfiguration
createdDateTime DateTimeOffset DateTime the object was created. Inherited from deviceConfiguration
description String Admin provided description of the Device Configuration. Inherited from deviceConfiguration
displayName String Admin provided name of the device configuration. Inherited from deviceConfiguration
version Int32 Version of the device configuration. Inherited from deviceConfiguration
renewalThresholdPercentage Int32 Certificate renewal threshold percentage. Valid values 1 to 99 Inherited from androidWorkProfileCertificateProfileBase
subjectNameFormat subjectNameFormat Certificate Subject Name Format. Inherited from androidWorkProfileCertificateProfileBase. Possible values are: commonName, commonNameIncludingEmail, commonNameAsEmail, custom, commonNameAsIMEI, commonNameAsSerialNumber, commonNameAsAadDeviceId, commonNameAsIntuneDeviceId, commonNameAsDurableDeviceId.
certificateValidityPeriodValue Int32 Value for the Certificate Validity Period. Inherited from androidWorkProfileCertificateProfileBase
certificateValidityPeriodScale certificateValidityPeriodScale Scale for the Certificate Validity Period. Inherited from androidWorkProfileCertificateProfileBase. Possible values are: days, months, years.
extendedKeyUsages extendedKeyUsage collection Extended Key Usage (EKU) settings. This collection can contain a maximum of 500 elements. Inherited from androidWorkProfileCertificateProfileBase
subjectAlternativeNameType subjectAlternativeNameType Certificate Subject Alternative Name Type. Inherited from androidWorkProfileCertificateProfileBase. Possible values are: none, emailAddress, userPrincipalName, customAzureADAttribute, domainNameService, universalResourceIdentifier.
certificationAuthority String PKCS Certification Authority
certificationAuthorityName String PKCS Certification Authority Name
certificateTemplateName String PKCS Certificate Template Name
subjectAlternativeNameFormatString String Custom String that defines the AAD Attribute.
subjectNameFormatString String Custom format to use with SubjectNameFormat = Custom. Example: CN={{EmailAddress}},E={{EmailAddress}},OU=Enterprise Users,O=Contoso Corporation,L=Redmond,ST=WA,C=US
certificateStore certificateStore Target store certificate. Possible values are: user, machine.
customSubjectAlternativeNames customSubjectAlternativeName collection Custom Subject Alternative Name Settings. This collection can contain a maximum of 500 elements.

androidWorkProfileScepCertificateProfile

Property Type Description
id String Key of the entity. Inherited from deviceConfiguration
lastModifiedDateTime DateTimeOffset DateTime the object was last modified. Inherited from deviceConfiguration
roleScopeTagIds String collection List of Scope Tags for this Entity instance. Inherited from deviceConfiguration
supportsScopeTags Boolean Indicates whether or not the underlying Device Configuration supports the assignment of scope tags. Assigning to the ScopeTags property is not allowed when this value is false and entities will not be visible to scoped users. This occurs for Legacy policies created in Silverlight and can be resolved by deleting and recreating the policy in the Azure Portal. This property is read-only. Inherited from deviceConfiguration
deviceManagementApplicabilityRuleOsEdition deviceManagementApplicabilityRuleOsEdition The OS edition applicability for this Policy. Inherited from deviceConfiguration
deviceManagementApplicabilityRuleOsVersion deviceManagementApplicabilityRuleOsVersion The OS version applicability rule for this Policy. Inherited from deviceConfiguration
deviceManagementApplicabilityRuleDeviceMode deviceManagementApplicabilityRuleDeviceMode The device mode applicability rule for this Policy. Inherited from deviceConfiguration
createdDateTime DateTimeOffset DateTime the object was created. Inherited from deviceConfiguration
description String Admin provided description of the Device Configuration. Inherited from deviceConfiguration
displayName String Admin provided name of the device configuration. Inherited from deviceConfiguration
version Int32 Version of the device configuration. Inherited from deviceConfiguration
renewalThresholdPercentage Int32 Certificate renewal threshold percentage. Valid values 1 to 99 Inherited from androidWorkProfileCertificateProfileBase
subjectNameFormat subjectNameFormat Certificate Subject Name Format. Inherited from androidWorkProfileCertificateProfileBase. Possible values are: commonName, commonNameIncludingEmail, commonNameAsEmail, custom, commonNameAsIMEI, commonNameAsSerialNumber, commonNameAsAadDeviceId, commonNameAsIntuneDeviceId, commonNameAsDurableDeviceId.
certificateValidityPeriodValue Int32 Value for the Certificate Validity Period. Inherited from androidWorkProfileCertificateProfileBase
certificateValidityPeriodScale certificateValidityPeriodScale Scale for the Certificate Validity Period. Inherited from androidWorkProfileCertificateProfileBase. Possible values are: days, months, years.
extendedKeyUsages extendedKeyUsage collection Extended Key Usage (EKU) settings. This collection can contain a maximum of 500 elements. Inherited from androidWorkProfileCertificateProfileBase
subjectAlternativeNameType subjectAlternativeNameType Certificate Subject Alternative Name Type. Inherited from androidWorkProfileCertificateProfileBase. Possible values are: none, emailAddress, userPrincipalName, customAzureADAttribute, domainNameService, universalResourceIdentifier.
scepServerUrls String collection SCEP Server Url(s)
subjectNameFormatString String Custom format to use with SubjectNameFormat = Custom. Example: CN={{EmailAddress}},E={{EmailAddress}},OU=Enterprise Users,O=Contoso Corporation,L=Redmond,ST=WA,C=US
keyUsage keyUsages SCEP Key Usage. Possible values are: keyEncipherment, digitalSignature.
keySize keySize SCEP Key Size. Possible values are: size1024, size2048, size4096.
hashAlgorithm hashAlgorithms SCEP Hash Algorithm. Possible values are: sha1, sha2.
subjectAlternativeNameFormatString String Custom String that defines the AAD Attribute.
certificateStore certificateStore Target store certificate. Possible values are: user, machine.
customSubjectAlternativeNames customSubjectAlternativeName collection Custom Subject Alternative Name Settings. This collection can contain a maximum of 500 elements.

androidWorkProfileTrustedRootCertificate

Property Type Description
id String Key of the entity. Inherited from deviceConfiguration
lastModifiedDateTime DateTimeOffset DateTime the object was last modified. Inherited from deviceConfiguration
roleScopeTagIds String collection List of Scope Tags for this Entity instance. Inherited from deviceConfiguration
supportsScopeTags Boolean Indicates whether or not the underlying Device Configuration supports the assignment of scope tags. Assigning to the ScopeTags property is not allowed when this value is false and entities will not be visible to scoped users. This occurs for Legacy policies created in Silverlight and can be resolved by deleting and recreating the policy in the Azure Portal. This property is read-only. Inherited from deviceConfiguration
deviceManagementApplicabilityRuleOsEdition deviceManagementApplicabilityRuleOsEdition The OS edition applicability for this Policy. Inherited from deviceConfiguration
deviceManagementApplicabilityRuleOsVersion deviceManagementApplicabilityRuleOsVersion The OS version applicability rule for this Policy. Inherited from deviceConfiguration
deviceManagementApplicabilityRuleDeviceMode deviceManagementApplicabilityRuleDeviceMode The device mode applicability rule for this Policy. Inherited from deviceConfiguration
createdDateTime DateTimeOffset DateTime the object was created. Inherited from deviceConfiguration
description String Admin provided description of the Device Configuration. Inherited from deviceConfiguration
displayName String Admin provided name of the device configuration. Inherited from deviceConfiguration
version Int32 Version of the device configuration. Inherited from deviceConfiguration
trustedRootCertificate Binary Trusted Root Certificate
certFileName String File name to display in UI.

androidWorkProfileVpnConfiguration

Property Type Description
id String Key of the entity. Inherited from deviceConfiguration
lastModifiedDateTime DateTimeOffset DateTime the object was last modified. Inherited from deviceConfiguration
roleScopeTagIds String collection List of Scope Tags for this Entity instance. Inherited from deviceConfiguration
supportsScopeTags Boolean Indicates whether or not the underlying Device Configuration supports the assignment of scope tags. Assigning to the ScopeTags property is not allowed when this value is false and entities will not be visible to scoped users. This occurs for Legacy policies created in Silverlight and can be resolved by deleting and recreating the policy in the Azure Portal. This property is read-only. Inherited from deviceConfiguration
deviceManagementApplicabilityRuleOsEdition deviceManagementApplicabilityRuleOsEdition The OS edition applicability for this Policy. Inherited from deviceConfiguration
deviceManagementApplicabilityRuleOsVersion deviceManagementApplicabilityRuleOsVersion The OS version applicability rule for this Policy. Inherited from deviceConfiguration
deviceManagementApplicabilityRuleDeviceMode deviceManagementApplicabilityRuleDeviceMode The device mode applicability rule for this Policy. Inherited from deviceConfiguration
createdDateTime DateTimeOffset DateTime the object was created. Inherited from deviceConfiguration
description String Admin provided description of the Device Configuration. Inherited from deviceConfiguration
displayName String Admin provided name of the device configuration. Inherited from deviceConfiguration
version Int32 Version of the device configuration. Inherited from deviceConfiguration
connectionName String Connection name displayed to the user.
connectionType androidWorkProfileVpnConnectionType Connection type. Possible values are: ciscoAnyConnect, pulseSecure, f5EdgeClient, dellSonicWallMobileConnect, checkPointCapsuleVpn, citrix, paloAltoGlobalProtect, microsoftTunnel, netMotionMobility, microsoftProtect.
role String Role when connection type is set to Pulse Secure.
realm String Realm when connection type is set to Pulse Secure.
servers vpnServer collection List of VPN Servers on the network. Make sure end users can access these network locations. This collection can contain a maximum of 500 elements.
fingerprint String Fingerprint is a string that will be used to verify the VPN server can be trusted, which is only applicable when connection type is Check Point Capsule VPN.
customData keyValue collection Custom data when connection type is set to Citrix. This collection can contain a maximum of 25 elements.
customKeyValueData keyValuePair collection Custom data when connection type is set to Citrix. This collection can contain a maximum of 25 elements.
authenticationMethod vpnAuthenticationMethod Authentication method. Possible values are: certificate, usernameAndPassword, sharedSecret, derivedCredential, azureAD.
proxyServer vpnProxyServer Proxy server.
targetedPackageIds String collection Targeted App package IDs.
targetedMobileApps appListItem collection Targeted mobile apps. This collection can contain a maximum of 500 elements.
alwaysOn Boolean Whether or not to enable always-on VPN connection.
alwaysOnLockdown Boolean If always-on VPN connection is enabled, whether or not to lock network traffic when that VPN is disconnected.
microsoftTunnelSiteId String Microsoft Tunnel site ID.

androidWorkProfileWiFiConfiguration

Property Type Description
id String Key of the entity. Inherited from deviceConfiguration
lastModifiedDateTime DateTimeOffset DateTime the object was last modified. Inherited from deviceConfiguration
roleScopeTagIds String collection List of Scope Tags for this Entity instance. Inherited from deviceConfiguration
supportsScopeTags Boolean Indicates whether or not the underlying Device Configuration supports the assignment of scope tags. Assigning to the ScopeTags property is not allowed when this value is false and entities will not be visible to scoped users. This occurs for Legacy policies created in Silverlight and can be resolved by deleting and recreating the policy in the Azure Portal. This property is read-only. Inherited from deviceConfiguration
deviceManagementApplicabilityRuleOsEdition deviceManagementApplicabilityRuleOsEdition The OS edition applicability for this Policy. Inherited from deviceConfiguration
deviceManagementApplicabilityRuleOsVersion deviceManagementApplicabilityRuleOsVersion The OS version applicability rule for this Policy. Inherited from deviceConfiguration
deviceManagementApplicabilityRuleDeviceMode deviceManagementApplicabilityRuleDeviceMode The device mode applicability rule for this Policy. Inherited from deviceConfiguration
createdDateTime DateTimeOffset DateTime the object was created. Inherited from deviceConfiguration
description String Admin provided description of the Device Configuration. Inherited from deviceConfiguration
displayName String Admin provided name of the device configuration. Inherited from deviceConfiguration
version Int32 Version of the device configuration. Inherited from deviceConfiguration
networkName String Network Name
ssid String This is the name of the Wi-Fi network that is broadcast to all devices.
connectAutomatically Boolean Connect automatically when this network is in range. Setting this to true will skip the user prompt and automatically connect the device to Wi-Fi network.
connectWhenNetworkNameIsHidden Boolean When set to true, this profile forces the device to connect to a network that doesn't broadcast its SSID to all devices.
wiFiSecurityType androidWiFiSecurityType Indicates whether Wi-Fi endpoint uses an EAP based security type. Possible values are: open, wpaEnterprise, wpa2Enterprise.

aospDeviceOwnerCertificateProfileBase

Property Type Description
id String Key of the entity. Inherited from deviceConfiguration
lastModifiedDateTime DateTimeOffset DateTime the object was last modified. Inherited from deviceConfiguration
roleScopeTagIds String collection List of Scope Tags for this Entity instance. Inherited from deviceConfiguration
supportsScopeTags Boolean Indicates whether or not the underlying Device Configuration supports the assignment of scope tags. Assigning to the ScopeTags property is not allowed when this value is false and entities will not be visible to scoped users. This occurs for Legacy policies created in Silverlight and can be resolved by deleting and recreating the policy in the Azure Portal. This property is read-only. Inherited from deviceConfiguration
deviceManagementApplicabilityRuleOsEdition deviceManagementApplicabilityRuleOsEdition The OS edition applicability for this Policy. Inherited from deviceConfiguration
deviceManagementApplicabilityRuleOsVersion deviceManagementApplicabilityRuleOsVersion The OS version applicability rule for this Policy. Inherited from deviceConfiguration
deviceManagementApplicabilityRuleDeviceMode deviceManagementApplicabilityRuleDeviceMode The device mode applicability rule for this Policy. Inherited from deviceConfiguration
createdDateTime DateTimeOffset DateTime the object was created. Inherited from deviceConfiguration
description String Admin provided description of the Device Configuration. Inherited from deviceConfiguration
displayName String Admin provided name of the device configuration. Inherited from deviceConfiguration
version Int32 Version of the device configuration. Inherited from deviceConfiguration
renewalThresholdPercentage Int32 Certificate renewal threshold percentage. Valid values 1 to 99
subjectNameFormat subjectNameFormat Certificate Subject Name Format. This collection can contain a maximum of 500 elements. Possible values are: commonName, commonNameIncludingEmail, commonNameAsEmail, custom, commonNameAsIMEI, commonNameAsSerialNumber, commonNameAsAadDeviceId, commonNameAsIntuneDeviceId, commonNameAsDurableDeviceId.
certificateValidityPeriodValue Int32 Value for the Certificate Validity Period.
certificateValidityPeriodScale certificateValidityPeriodScale Scale for the Certificate Validity Period. Possible values are: days, months, years.
extendedKeyUsages extendedKeyUsage collection Extended Key Usage (EKU) settings. This collection can contain a maximum of 500 elements.
subjectAlternativeNameType subjectAlternativeNameType Certificate Subject Alternative Name Type. This collection can contain a maximum of 500 elements. Possible values are: none, emailAddress, userPrincipalName, customAzureADAttribute, domainNameService, universalResourceIdentifier.

aospDeviceOwnerCompliancePolicy

Property Type Description
roleScopeTagIds String collection List of Scope Tags for this Entity instance. Inherited from deviceCompliancePolicy
id String Key of the entity. Inherited from deviceCompliancePolicy
createdDateTime DateTimeOffset DateTime the object was created. Inherited from deviceCompliancePolicy
description String Admin provided description of the Device Configuration. Inherited from deviceCompliancePolicy
lastModifiedDateTime DateTimeOffset DateTime the object was last modified. Inherited from deviceCompliancePolicy
displayName String Admin provided name of the device configuration. Inherited from deviceCompliancePolicy
version Int32 Version of the device configuration. Inherited from deviceCompliancePolicy
osMinimumVersion String Minimum Android version.
osMaximumVersion String Maximum Android version.
minAndroidSecurityPatchLevel String Minimum Android security patch level.
securityBlockJailbrokenDevices Boolean Devices must not be jailbroken or rooted.
passwordRequired Boolean Require a password to unlock device.
passwordRequiredType androidDeviceOwnerRequiredPasswordType Type of characters in password. Possible values are: deviceDefault, required, numeric, numericComplex, alphabetic, alphanumeric, alphanumericWithSymbols, lowSecurityBiometric, customPassword.
passwordMinutesOfInactivityBeforeLock Int32 Minutes of inactivity before a password is required. Valid values 1 to 8640
passwordMinimumLength Int32 Minimum password length. Valid values 4 to 16
storageRequireEncryption Boolean Require encryption on Android devices.

aospDeviceOwnerDeviceConfiguration

Property Type Description
id String Key of the entity. Inherited from deviceConfiguration
lastModifiedDateTime DateTimeOffset DateTime the object was last modified. Inherited from deviceConfiguration
roleScopeTagIds String collection List of Scope Tags for this Entity instance. Inherited from deviceConfiguration
supportsScopeTags Boolean Indicates whether or not the underlying Device Configuration supports the assignment of scope tags. Assigning to the ScopeTags property is not allowed when this value is false and entities will not be visible to scoped users. This occurs for Legacy policies created in Silverlight and can be resolved by deleting and recreating the policy in the Azure Portal. This property is read-only. Inherited from deviceConfiguration
deviceManagementApplicabilityRuleOsEdition deviceManagementApplicabilityRuleOsEdition The OS edition applicability for this Policy. Inherited from deviceConfiguration
deviceManagementApplicabilityRuleOsVersion deviceManagementApplicabilityRuleOsVersion The OS version applicability rule for this Policy. Inherited from deviceConfiguration
deviceManagementApplicabilityRuleDeviceMode deviceManagementApplicabilityRuleDeviceMode The device mode applicability rule for this Policy. Inherited from deviceConfiguration
createdDateTime DateTimeOffset DateTime the object was created. Inherited from deviceConfiguration
description String Admin provided description of the Device Configuration. Inherited from deviceConfiguration
displayName String Admin provided name of the device configuration. Inherited from deviceConfiguration
version Int32 Version of the device configuration. Inherited from deviceConfiguration
appsBlockInstallFromUnknownSources Boolean Indicates whether or not the user is allowed to enable unknown sources setting. When set to true, user is not allowed to enable unknown sources settings.
bluetoothBlocked Boolean Indicates whether or not to disable the use of bluetooth. When set to true, bluetooth cannot be enabled on the device.
bluetoothBlockConfiguration Boolean Indicates whether or not to block a user from configuring bluetooth.
cameraBlocked Boolean Indicates whether or not to disable the use of the camera.
factoryResetBlocked Boolean Indicates whether or not the factory reset option in settings is disabled.
passwordMinimumLength Int32 Indicates the minimum length of the password required on the device. Valid values 4 to 16
passwordMinutesOfInactivityBeforeScreenTimeout Int32 Minutes of inactivity before the screen times out.
passwordRequiredType androidDeviceOwnerRequiredPasswordType Indicates the minimum password quality required on the device. Possible values are: deviceDefault, required, numeric, numericComplex, alphabetic, alphanumeric, alphanumericWithSymbols, lowSecurityBiometric, customPassword.
passwordSignInFailureCountBeforeFactoryReset Int32 Indicates the number of times a user can enter an incorrect password before the device is wiped. Valid values 4 to 11
screenCaptureBlocked Boolean Indicates whether or not to disable the capability to take screenshots.
securityAllowDebuggingFeatures Boolean Indicates whether or not to block the user from enabling debugging features on the device.
storageBlockExternalMedia Boolean Indicates whether or not to block external media.
storageBlockUsbFileTransfer Boolean Indicates whether or not to block USB file transfer.
wifiBlockEditConfigurations Boolean Indicates whether or not to block the user from editing the wifi connection settings.

aospDeviceOwnerEnterpriseWiFiConfiguration

Property Type Description
id String Key of the entity. Inherited from deviceConfiguration
lastModifiedDateTime DateTimeOffset DateTime the object was last modified. Inherited from deviceConfiguration
roleScopeTagIds String collection List of Scope Tags for this Entity instance. Inherited from deviceConfiguration
supportsScopeTags Boolean Indicates whether or not the underlying Device Configuration supports the assignment of scope tags. Assigning to the ScopeTags property is not allowed when this value is false and entities will not be visible to scoped users. This occurs for Legacy policies created in Silverlight and can be resolved by deleting and recreating the policy in the Azure Portal. This property is read-only. Inherited from deviceConfiguration
deviceManagementApplicabilityRuleOsEdition deviceManagementApplicabilityRuleOsEdition The OS edition applicability for this Policy. Inherited from deviceConfiguration
deviceManagementApplicabilityRuleOsVersion deviceManagementApplicabilityRuleOsVersion The OS version applicability rule for this Policy. Inherited from deviceConfiguration
deviceManagementApplicabilityRuleDeviceMode deviceManagementApplicabilityRuleDeviceMode The device mode applicability rule for this Policy. Inherited from deviceConfiguration
createdDateTime DateTimeOffset DateTime the object was created. Inherited from deviceConfiguration
description String Admin provided description of the Device Configuration. Inherited from deviceConfiguration
displayName String Admin provided name of the device configuration. Inherited from deviceConfiguration
version Int32 Version of the device configuration. Inherited from deviceConfiguration
networkName String Network Name Inherited from aospDeviceOwnerWiFiConfiguration
ssid String This is the name of the Wi-Fi network that is broadcast to all devices. Inherited from aospDeviceOwnerWiFiConfiguration
connectAutomatically Boolean Connect automatically when this network is in range. Setting this to true will skip the user prompt and automatically connect the device to Wi-Fi network. Inherited from aospDeviceOwnerWiFiConfiguration
connectWhenNetworkNameIsHidden Boolean When set to true, this profile forces the device to connect to a network that doesn't broadcast its SSID to all devices. Inherited from aospDeviceOwnerWiFiConfiguration
wiFiSecurityType aospDeviceOwnerWiFiSecurityType Indicates whether Wi-Fi endpoint uses an EAP based security type. Inherited from aospDeviceOwnerWiFiConfiguration. Possible values are: open, wep, wpaPersonal, wpaEnterprise.
preSharedKey String This is the pre-shared key for WPA Personal Wi-Fi network. Inherited from aospDeviceOwnerWiFiConfiguration
preSharedKeyIsSet Boolean This is the pre-shared key for WPA Personal Wi-Fi network. Inherited from aospDeviceOwnerWiFiConfiguration
eapType androidEapType Indicates the type of EAP protocol set on the Wi-Fi endpoint (router). Possible values are: eapTls, eapTtls, peap.
trustedServerCertificateNames String collection Trusted server certificate names when EAP Type is configured to EAP-TLS/TTLS/FAST or PEAP. This is the common name used in the certificates issued by your trusted certificate authority (CA). If you provide this information, you can bypass the dynamic trust dialog that is displayed on end users' devices when they connect to this Wi-Fi network.
authenticationMethod wiFiAuthenticationMethod Indicates the Authentication Method the client (device) needs to use when the EAP Type is configured to PEAP or EAP-TTLS. Possible values are: certificate, usernameAndPassword, derivedCredential.
innerAuthenticationProtocolForEapTtls nonEapAuthenticationMethodForEapTtlsType Non-EAP Method for Authentication (Inner Identity) when EAP Type is EAP-TTLS and Authenticationmethod is Username and Password. Possible values are: unencryptedPassword, challengeHandshakeAuthenticationProtocol, microsoftChap, microsoftChapVersionTwo.
innerAuthenticationProtocolForPeap nonEapAuthenticationMethodForPeap Non-EAP Method for Authentication (Inner Identity) when EAP Type is PEAP and Authenticationmethod is Username and Password. This collection can contain a maximum of 500 elements. Possible values are: none, microsoftChapVersionTwo.
outerIdentityPrivacyTemporaryValue String Enable identity privacy (Outer Identity) when EAP Type is configured to EAP-TTLS or PEAP. The String provided here is used to mask the username of individual users when they attempt to connect to Wi-Fi network.

aospDeviceOwnerPkcsCertificateProfile

Property Type Description
id String Key of the entity. Inherited from deviceConfiguration
lastModifiedDateTime DateTimeOffset DateTime the object was last modified. Inherited from deviceConfiguration
roleScopeTagIds String collection List of Scope Tags for this Entity instance. Inherited from deviceConfiguration
supportsScopeTags Boolean Indicates whether or not the underlying Device Configuration supports the assignment of scope tags. Assigning to the ScopeTags property is not allowed when this value is false and entities will not be visible to scoped users. This occurs for Legacy policies created in Silverlight and can be resolved by deleting and recreating the policy in the Azure Portal. This property is read-only. Inherited from deviceConfiguration
deviceManagementApplicabilityRuleOsEdition deviceManagementApplicabilityRuleOsEdition The OS edition applicability for this Policy. Inherited from deviceConfiguration
deviceManagementApplicabilityRuleOsVersion deviceManagementApplicabilityRuleOsVersion The OS version applicability rule for this Policy. Inherited from deviceConfiguration
deviceManagementApplicabilityRuleDeviceMode deviceManagementApplicabilityRuleDeviceMode The device mode applicability rule for this Policy. Inherited from deviceConfiguration
createdDateTime DateTimeOffset DateTime the object was created. Inherited from deviceConfiguration
description String Admin provided description of the Device Configuration. Inherited from deviceConfiguration
displayName String Admin provided name of the device configuration. Inherited from deviceConfiguration
version Int32 Version of the device configuration. Inherited from deviceConfiguration
renewalThresholdPercentage Int32 Certificate renewal threshold percentage. Valid values 1 to 99 Inherited from aospDeviceOwnerCertificateProfileBase
subjectNameFormat subjectNameFormat Certificate Subject Name Format. This collection can contain a maximum of 500 elements. Inherited from aospDeviceOwnerCertificateProfileBase. Possible values are: commonName, commonNameIncludingEmail, commonNameAsEmail, custom, commonNameAsIMEI, commonNameAsSerialNumber, commonNameAsAadDeviceId, commonNameAsIntuneDeviceId, commonNameAsDurableDeviceId.
certificateValidityPeriodValue Int32 Value for the Certificate Validity Period. Inherited from aospDeviceOwnerCertificateProfileBase
certificateValidityPeriodScale certificateValidityPeriodScale Scale for the Certificate Validity Period. Inherited from aospDeviceOwnerCertificateProfileBase. Possible values are: days, months, years.
extendedKeyUsages extendedKeyUsage collection Extended Key Usage (EKU) settings. This collection can contain a maximum of 500 elements. Inherited from aospDeviceOwnerCertificateProfileBase
subjectAlternativeNameType subjectAlternativeNameType Certificate Subject Alternative Name Type. This collection can contain a maximum of 500 elements. Inherited from aospDeviceOwnerCertificateProfileBase. Possible values are: none, emailAddress, userPrincipalName, customAzureADAttribute, domainNameService, universalResourceIdentifier.
certificationAuthority String PKCS Certification Authority
certificationAuthorityName String PKCS Certification Authority Name
certificationAuthorityType deviceManagementCertificationAuthority Certification authority type. Possible values are: notConfigured, microsoft, digiCert.
certificateTemplateName String PKCS Certificate Template Name
subjectAlternativeNameFormatString String Custom String that defines the AAD Attribute.
subjectNameFormatString String Custom format to use with SubjectNameFormat = Custom. Example: CN={{EmailAddress}},E={{EmailAddress}},OU=Enterprise Users,O=Contoso Corporation,L=Redmond,ST=WA,C=US
certificateStore certificateStore Target store certificate. Possible values are: user, machine.
customSubjectAlternativeNames customSubjectAlternativeName collection Custom Subject Alternative Name Settings. This collection can contain a maximum of 500 elements.

aospDeviceOwnerScepCertificateProfile

Property Type Description
id String Key of the entity. Inherited from deviceConfiguration
lastModifiedDateTime DateTimeOffset DateTime the object was last modified. Inherited from deviceConfiguration
roleScopeTagIds String collection List of Scope Tags for this Entity instance. Inherited from deviceConfiguration
supportsScopeTags Boolean Indicates whether or not the underlying Device Configuration supports the assignment of scope tags. Assigning to the ScopeTags property is not allowed when this value is false and entities will not be visible to scoped users. This occurs for Legacy policies created in Silverlight and can be resolved by deleting and recreating the policy in the Azure Portal. This property is read-only. Inherited from deviceConfiguration
deviceManagementApplicabilityRuleOsEdition deviceManagementApplicabilityRuleOsEdition The OS edition applicability for this Policy. Inherited from deviceConfiguration
deviceManagementApplicabilityRuleOsVersion deviceManagementApplicabilityRuleOsVersion The OS version applicability rule for this Policy. Inherited from deviceConfiguration
deviceManagementApplicabilityRuleDeviceMode deviceManagementApplicabilityRuleDeviceMode The device mode applicability rule for this Policy. Inherited from deviceConfiguration
createdDateTime DateTimeOffset DateTime the object was created. Inherited from deviceConfiguration
description String Admin provided description of the Device Configuration. Inherited from deviceConfiguration
displayName String Admin provided name of the device configuration. Inherited from deviceConfiguration
version Int32 Version of the device configuration. Inherited from deviceConfiguration
renewalThresholdPercentage Int32 Certificate renewal threshold percentage. Valid values 1 to 99 Inherited from aospDeviceOwnerCertificateProfileBase
subjectNameFormat subjectNameFormat Certificate Subject Name Format. This collection can contain a maximum of 500 elements. Inherited from aospDeviceOwnerCertificateProfileBase. Possible values are: commonName, commonNameIncludingEmail, commonNameAsEmail, custom, commonNameAsIMEI, commonNameAsSerialNumber, commonNameAsAadDeviceId, commonNameAsIntuneDeviceId, commonNameAsDurableDeviceId.
certificateValidityPeriodValue Int32 Value for the Certificate Validity Period. Inherited from aospDeviceOwnerCertificateProfileBase
certificateValidityPeriodScale certificateValidityPeriodScale Scale for the Certificate Validity Period. Inherited from aospDeviceOwnerCertificateProfileBase. Possible values are: days, months, years.
extendedKeyUsages extendedKeyUsage collection Extended Key Usage (EKU) settings. This collection can contain a maximum of 500 elements. Inherited from aospDeviceOwnerCertificateProfileBase
subjectAlternativeNameType subjectAlternativeNameType Certificate Subject Alternative Name Type. This collection can contain a maximum of 500 elements. Inherited from aospDeviceOwnerCertificateProfileBase. Possible values are: none, emailAddress, userPrincipalName, customAzureADAttribute, domainNameService, universalResourceIdentifier.
scepServerUrls String collection SCEP Server Url(s)
subjectNameFormatString String Custom format to use with SubjectNameFormat = Custom. Example: CN={{EmailAddress}},E={{EmailAddress}},OU=Enterprise Users,O=Contoso Corporation,L=Redmond,ST=WA,C=US
keyUsage keyUsages SCEP Key Usage. Possible values are: keyEncipherment, digitalSignature.
keySize keySize SCEP Key Size. Possible values are: size1024, size2048, size4096.
hashAlgorithm hashAlgorithms SCEP Hash Algorithm. Possible values are: sha1, sha2.
subjectAlternativeNameFormatString String Custom String that defines the AAD Attribute.
certificateStore certificateStore Target store certificate. This collection can contain a maximum of 500 elements. Possible values are: user, machine.
customSubjectAlternativeNames customSubjectAlternativeName collection Custom Subject Alternative Name Settings. This collection can contain a maximum of 500 elements.

aospDeviceOwnerTrustedRootCertificate

Property Type Description
id String Key of the entity. Inherited from deviceConfiguration
lastModifiedDateTime DateTimeOffset DateTime the object was last modified. Inherited from deviceConfiguration
roleScopeTagIds String collection List of Scope Tags for this Entity instance. Inherited from deviceConfiguration
supportsScopeTags Boolean Indicates whether or not the underlying Device Configuration supports the assignment of scope tags. Assigning to the ScopeTags property is not allowed when this value is false and entities will not be visible to scoped users. This occurs for Legacy policies created in Silverlight and can be resolved by deleting and recreating the policy in the Azure Portal. This property is read-only. Inherited from deviceConfiguration
deviceManagementApplicabilityRuleOsEdition deviceManagementApplicabilityRuleOsEdition The OS edition applicability for this Policy. Inherited from deviceConfiguration
deviceManagementApplicabilityRuleOsVersion deviceManagementApplicabilityRuleOsVersion The OS version applicability rule for this Policy. Inherited from deviceConfiguration
deviceManagementApplicabilityRuleDeviceMode deviceManagementApplicabilityRuleDeviceMode The device mode applicability rule for this Policy. Inherited from deviceConfiguration
createdDateTime DateTimeOffset DateTime the object was created. Inherited from deviceConfiguration
description String Admin provided description of the Device Configuration. Inherited from deviceConfiguration
displayName String Admin provided name of the device configuration. Inherited from deviceConfiguration
version Int32 Version of the device configuration. Inherited from deviceConfiguration
trustedRootCertificate Binary Trusted Root Certificate
certFileName String File name to display in UI.

aospDeviceOwnerWiFiConfiguration

Property Type Description
id String Key of the entity. Inherited from deviceConfiguration
lastModifiedDateTime DateTimeOffset DateTime the object was last modified. Inherited from deviceConfiguration
roleScopeTagIds String collection List of Scope Tags for this Entity instance. Inherited from deviceConfiguration
supportsScopeTags Boolean Indicates whether or not the underlying Device Configuration supports the assignment of scope tags. Assigning to the ScopeTags property is not allowed when this value is false and entities will not be visible to scoped users. This occurs for Legacy policies created in Silverlight and can be resolved by deleting and recreating the policy in the Azure Portal. This property is read-only. Inherited from deviceConfiguration
deviceManagementApplicabilityRuleOsEdition deviceManagementApplicabilityRuleOsEdition The OS edition applicability for this Policy. Inherited from deviceConfiguration
deviceManagementApplicabilityRuleOsVersion deviceManagementApplicabilityRuleOsVersion The OS version applicability rule for this Policy. Inherited from deviceConfiguration
deviceManagementApplicabilityRuleDeviceMode deviceManagementApplicabilityRuleDeviceMode The device mode applicability rule for this Policy. Inherited from deviceConfiguration
createdDateTime DateTimeOffset DateTime the object was created. Inherited from deviceConfiguration
description String Admin provided description of the Device Configuration. Inherited from deviceConfiguration
displayName String Admin provided name of the device configuration. Inherited from deviceConfiguration
version Int32 Version of the device configuration. Inherited from deviceConfiguration
networkName String Network Name
ssid String This is the name of the Wi-Fi network that is broadcast to all devices.
connectAutomatically Boolean Connect automatically when this network is in range. Setting this to true will skip the user prompt and automatically connect the device to Wi-Fi network.
connectWhenNetworkNameIsHidden Boolean When set to true, this profile forces the device to connect to a network that doesn't broadcast its SSID to all devices.
wiFiSecurityType aospDeviceOwnerWiFiSecurityType Indicates whether Wi-Fi endpoint uses an EAP based security type. Possible values are: open, wep, wpaPersonal, wpaEnterprise.
preSharedKey String This is the pre-shared key for WPA Personal Wi-Fi network.
preSharedKeyIsSet Boolean This is the pre-shared key for WPA Personal Wi-Fi network.

appleDeviceFeaturesConfigurationBase

Property Type Description
id String Key of the entity. Inherited from deviceConfiguration
lastModifiedDateTime DateTimeOffset DateTime the object was last modified. Inherited from deviceConfiguration
createdDateTime DateTimeOffset DateTime the object was created. Inherited from deviceConfiguration
description String Admin provided description of the Device Configuration. Inherited from deviceConfiguration
displayName String Admin provided name of the device configuration. Inherited from deviceConfiguration
version Int32 Version of the device configuration. Inherited from deviceConfiguration

appleExpeditedCheckinConfigurationBase

Property Type Description
id String Key of the entity. Inherited from deviceConfiguration
lastModifiedDateTime DateTimeOffset DateTime the object was last modified. Inherited from deviceConfiguration
roleScopeTagIds String collection List of Scope Tags for this Entity instance. Inherited from deviceConfiguration
supportsScopeTags Boolean Indicates whether or not the underlying Device Configuration supports the assignment of scope tags. Assigning to the ScopeTags property is not allowed when this value is false and entities will not be visible to scoped users. This occurs for Legacy policies created in Silverlight and can be resolved by deleting and recreating the policy in the Azure Portal. This property is read-only. Inherited from deviceConfiguration
deviceManagementApplicabilityRuleOsEdition deviceManagementApplicabilityRuleOsEdition The OS edition applicability for this Policy. Inherited from deviceConfiguration
deviceManagementApplicabilityRuleOsVersion deviceManagementApplicabilityRuleOsVersion The OS version applicability rule for this Policy. Inherited from deviceConfiguration
deviceManagementApplicabilityRuleDeviceMode deviceManagementApplicabilityRuleDeviceMode The device mode applicability rule for this Policy. Inherited from deviceConfiguration
createdDateTime DateTimeOffset DateTime the object was created. Inherited from deviceConfiguration
description String Admin provided description of the Device Configuration. Inherited from deviceConfiguration
displayName String Admin provided name of the device configuration. Inherited from deviceConfiguration
version Int32 Version of the device configuration. Inherited from deviceConfiguration
enableExpeditedCheckin Boolean Gets or sets whether to enable expedited device check-ins.

appleVpnConfiguration

Property Type Description
id String Key of the entity. Inherited from deviceConfiguration
lastModifiedDateTime DateTimeOffset DateTime the object was last modified. Inherited from deviceConfiguration
roleScopeTagIds String collection List of Scope Tags for this Entity instance. Inherited from deviceConfiguration
supportsScopeTags Boolean Indicates whether or not the underlying Device Configuration supports the assignment of scope tags. Assigning to the ScopeTags property is not allowed when this value is false and entities will not be visible to scoped users. This occurs for Legacy policies created in Silverlight and can be resolved by deleting and recreating the policy in the Azure Portal. This property is read-only. Inherited from deviceConfiguration
deviceManagementApplicabilityRuleOsEdition deviceManagementApplicabilityRuleOsEdition The OS edition applicability for this Policy. Inherited from deviceConfiguration
deviceManagementApplicabilityRuleOsVersion deviceManagementApplicabilityRuleOsVersion The OS version applicability rule for this Policy. Inherited from deviceConfiguration
deviceManagementApplicabilityRuleDeviceMode deviceManagementApplicabilityRuleDeviceMode The device mode applicability rule for this Policy. Inherited from deviceConfiguration
createdDateTime DateTimeOffset DateTime the object was created. Inherited from deviceConfiguration
description String Admin provided description of the Device Configuration. Inherited from deviceConfiguration
displayName String Admin provided name of the device configuration. Inherited from deviceConfiguration
version Int32 Version of the device configuration. Inherited from deviceConfiguration
connectionName String Connection name displayed to the user.
connectionType appleVpnConnectionType Connection type. Possible values are: ciscoAnyConnect, pulseSecure, f5EdgeClient, dellSonicWallMobileConnect, checkPointCapsuleVpn, customVpn, ciscoIPSec, citrix, ciscoAnyConnectV2, paloAltoGlobalProtect, zscalerPrivateAccess, f5Access2018, citrixSso, paloAltoGlobalProtectV2, ikEv2, alwaysOn, microsoftTunnel, netMotionMobility, microsoftProtect.
loginGroupOrDomain String Login group or domain when connection type is set to Dell SonicWALL Mobile Connection.
role String Role when connection type is set to Pulse Secure.
realm String Realm when connection type is set to Pulse Secure.
server vpnServer VPN Server on the network. Make sure end users can access this network location.
identifier String Identifier provided by VPN vendor when connection type is set to Custom VPN. For example: Cisco AnyConnect uses an identifier of the form com.cisco.anyconnect.applevpn.plugin
customData keyValue collection Custom data when connection type is set to Custom VPN. Use this field to enable functionality not supported by Intune, but available in your VPN solution. Contact your VPN vendor to learn how to add these key/value pairs. This collection can contain a maximum of 25 elements.
customKeyValueData keyValuePair collection Custom data when connection type is set to Custom VPN. Use this field to enable functionality not supported by Intune, but available in your VPN solution. Contact your VPN vendor to learn how to add these key/value pairs. This collection can contain a maximum of 25 elements.
enableSplitTunneling Boolean Send all network traffic through VPN.
authenticationMethod vpnAuthenticationMethod Authentication method for this VPN connection. Possible values are: certificate, usernameAndPassword, sharedSecret, derivedCredential, azureAD.
enablePerApp Boolean Setting this to true creates Per-App VPN payload which can later be associated with Apps that can trigger this VPN conneciton on the end user's iOS device.
safariDomains String collection Safari domains when this VPN per App setting is enabled. In addition to the apps associated with this VPN, Safari domains specified here will also be able to trigger this VPN connection.
onDemandRules vpnOnDemandRule collection On-Demand Rules. This collection can contain a maximum of 500 elements.
providerType vpnProviderType Provider type for per-app VPN. Possible values are: notConfigured, appProxy, packetTunnel.
associatedDomains String collection Associated Domains
excludedDomains String collection Domains that are accessed through the public internet instead of through VPN, even when per-app VPN is activated
disableOnDemandUserOverride Boolean Toggle to prevent user from disabling automatic VPN in the Settings app
disconnectOnIdle Boolean Whether to disconnect after on-demand connection idles
disconnectOnIdleTimerInSeconds Int32 The length of time in seconds to wait before disconnecting an on-demand connection. Valid values 0 to 65535
proxyServer vpnProxyServer Proxy Server.
optInToDeviceIdSharing Boolean Opt-In to sharing the device's Id to third-party vpn clients for use during network access control validation.

cartToClassAssociation

Property Type Description
id String Key of the entity.
createdDateTime DateTimeOffset DateTime the object was created.
lastModifiedDateTime DateTimeOffset DateTime the object was last modified.
version Int32 Version of the CartToClassAssociation.
displayName String Admin provided name of the device configuration.
description String Admin provided description of the CartToClassAssociation.
deviceCartIds String collection Identifiers of device carts to be associated with classes.
classroomIds String collection Identifiers of classrooms to be associated with device carts.

defaultDeviceCompliancePolicy

Property Type Description
roleScopeTagIds String collection List of Scope Tags for this Entity instance. Inherited from deviceCompliancePolicy
id String Key of the entity. Inherited from deviceCompliancePolicy
createdDateTime DateTimeOffset DateTime the object was created. Inherited from deviceCompliancePolicy
description String Admin provided description of the Device Configuration. Inherited from deviceCompliancePolicy
lastModifiedDateTime DateTimeOffset DateTime the object was last modified. Inherited from deviceCompliancePolicy
displayName String Admin provided name of the device configuration. Inherited from deviceCompliancePolicy
version Int32 Version of the device configuration. Inherited from deviceCompliancePolicy

deviceComplianceActionItem

Property Type Description
id String Key of the entity.
gracePeriodHours Int32 Number of hours to wait till the action will be enforced. Valid values 0 to 8760
actionType deviceComplianceActionType What action to take. Possible values are: noAction, notification, block, retire, wipe, removeResourceAccessProfiles, pushNotification.
notificationTemplateId String What notification Message template to use
notificationMessageCCList String collection A list of group IDs to speicify who to CC this notification message to.

deviceComplianceDeviceOverview

Property Type Description
id String Key of the entity.
pendingCount Int32 Number of pending devices
notApplicableCount Int32 Number of not applicable devices
successCount Int32 Number of succeeded devices
errorCount Int32 Number of error devices
failedCount Int32 Number of failed devices
lastUpdateDateTime DateTimeOffset Last update time
configurationVersion Int32 Version of the policy for that overview

deviceComplianceDeviceStatus

Property Type Description
id String Key of the entity.
deviceDisplayName String Device name of the DevicePolicyStatus.
userName String The User Name that is being reported
deviceModel String The device model that is being reported
complianceGracePeriodExpirationDateTime DateTimeOffset The DateTime when device compliance grace period expires
status complianceStatus Compliance status of the policy report. Possible values are: unknown, notApplicable, compliant, remediated, nonCompliant, error, conflict, notAssigned.
lastReportedDateTime DateTimeOffset Last modified date time of the policy report.
userPrincipalName String UserPrincipalName.

deviceCompliancePolicy

Property Type Description
id String Key of the entity.
createdDateTime DateTimeOffset DateTime the object was created.
description String Admin provided description of the Device Configuration.
lastModifiedDateTime DateTimeOffset DateTime the object was last modified.
displayName String Admin provided name of the device configuration.
version Int32 Version of the device configuration.

deviceCompliancePolicyAssignment

Property Type Description
id String Key of the entity.
target deviceAndAppManagementAssignmentTarget Target for the compliance policy assignment.

deviceCompliancePolicyDeviceStateSummary

Property Type Description
inGracePeriodCount Int32 Number of devices that are in grace period
configManagerCount Int32 Number of devices that have compliance managed by System Center Configuration Manager
id String Key of the entity.
unknownDeviceCount Int32 Number of unknown devices
notApplicableDeviceCount Int32 Number of not applicable devices
compliantDeviceCount Int32 Number of compliant devices
remediatedDeviceCount Int32 Number of remediated devices
nonCompliantDeviceCount Int32 Number of NonCompliant devices
errorDeviceCount Int32 Number of error devices
conflictDeviceCount Int32 Number of conflict devices

deviceCompliancePolicySettingStateSummary

Property Type Description
id String Key of the entity.
setting String The setting class name and property name.
settingName String Name of the setting.
platformType policyPlatformType Setting platform. Possible values are: android, iOS, macOS, windowsPhone81, windows81AndLater, windows10AndLater, androidWorkProfile, all.
unknownDeviceCount Int32 Number of unknown devices
notApplicableDeviceCount Int32 Number of not applicable devices
compliantDeviceCount Int32 Number of compliant devices
remediatedDeviceCount Int32 Number of remediated devices
nonCompliantDeviceCount Int32 Number of NonCompliant devices
errorDeviceCount Int32 Number of error devices
conflictDeviceCount Int32 Number of conflict devices

deviceComplianceScheduledActionForRule

Property Type Description
id String Key of the entity.
ruleName String Name of the rule which this scheduled action applies to. Currently scheduled actions are created per policy instead of per rule, thus RuleName is always set to default value PasswordRequired.

deviceComplianceSettingState

Property Type Description
id String Key of the entity
setting String The setting class name and property name.
settingName String The Setting Name that is being reported
deviceId String The Device Id that is being reported
deviceName String The Device Name that is being reported
userId String The user Id that is being reported
userEmail String The User email address that is being reported
userName String The User Name that is being reported
userPrincipalName String The User PrincipalName that is being reported
deviceModel String The device model that is being reported
state complianceStatus The compliance state of the setting. Possible values are: unknown, notApplicable, compliant, remediated, nonCompliant, error, conflict, notAssigned.
complianceGracePeriodExpirationDateTime DateTimeOffset The DateTime when device compliance grace period expires

deviceComplianceUserOverview

Property Type Description
id String Key of the entity.
pendingCount Int32 Number of pending Users
notApplicableCount Int32 Number of not applicable users
successCount Int32 Number of succeeded Users
errorCount Int32 Number of error Users
failedCount Int32 Number of failed Users
lastUpdateDateTime DateTimeOffset Last update time
configurationVersion Int32 Version of the policy for that overview

deviceComplianceUserStatus

Property Type Description
id String Key of the entity.
userDisplayName String User name of the DevicePolicyStatus.
devicesCount Int32 Devices count for that user.
status complianceStatus Compliance status of the policy report. Possible values are: unknown, notApplicable, compliant, remediated, nonCompliant, error, conflict, notAssigned.
lastReportedDateTime DateTimeOffset Last modified date time of the policy report.
userPrincipalName String UserPrincipalName.

deviceConfiguration

Property Type Description
id String Key of the entity.
lastModifiedDateTime DateTimeOffset DateTime the object was last modified.
createdDateTime DateTimeOffset DateTime the object was created.
description String Admin provided description of the Device Configuration.
displayName String Admin provided name of the device configuration.
version Int32 Version of the device configuration.

deviceConfigurationAssignment

Property Type Description
id String The key of the assignment.
target deviceAndAppManagementAssignmentTarget The assignment target for the device configuration.

deviceConfigurationConflictSummary

Property Type Description
conflictingDeviceConfigurations settingSource collection The set of policies in conflict with the given setting
id String The id for this set of conflicting policies. This id is the ids of all the policies in ConflictingDeviceConfigurations in lexicographical order separated by underscores.
contributingSettings String collection The set of settings in conflict with the given policies
deviceCheckinsImpacted Int32 The count of checkins impacted by the conflicting policies and settings

deviceConfigurationDeviceOverview

Property Type Description
id String Key of the entity.
pendingCount Int32 Number of pending devices
notApplicableCount Int32 Number of not applicable devices
successCount Int32 Number of succeeded devices
errorCount Int32 Number of error devices
failedCount Int32 Number of failed devices
lastUpdateDateTime DateTimeOffset Last update time
configurationVersion Int32 Version of the policy for that overview

deviceConfigurationDeviceStateSummary

Property Type Description
id String Key of the entity.
unknownDeviceCount Int32 Number of unknown devices
notApplicableDeviceCount Int32 Number of not applicable devices
compliantDeviceCount Int32 Number of compliant devices
remediatedDeviceCount Int32 Number of remediated devices
nonCompliantDeviceCount Int32 Number of NonCompliant devices
errorDeviceCount Int32 Number of error devices
conflictDeviceCount Int32 Number of conflict devices

deviceConfigurationDeviceStatus

Property Type Description
id String Key of the entity.
deviceDisplayName String Device name of the DevicePolicyStatus.
userName String The User Name that is being reported
deviceModel String The device model that is being reported
complianceGracePeriodExpirationDateTime DateTimeOffset The DateTime when device compliance grace period expires
status complianceStatus Compliance status of the policy report. Possible values are: unknown, notApplicable, compliant, remediated, nonCompliant, error, conflict, notAssigned.
lastReportedDateTime DateTimeOffset Last modified date time of the policy report.
userPrincipalName String UserPrincipalName.

deviceConfigurationGroupAssignment

Property Type Description
id String Key of the entity.
targetGroupId String The Id of the AAD group we are targeting the device configuration to.
excludeGroup Boolean Indicates if this group is should be excluded. Defaults that the group should be included

deviceConfigurationTargetedUserAndDevice

Property Type Description
deviceId String The id of the device in the checkin.
deviceName String The name of the device in the checkin.
userId String The id of the user in the checkin.
userDisplayName String The display name of the user in the checkin
userPrincipalName String The UPN of the user in the checkin.
lastCheckinDateTime DateTimeOffset Last checkin time for this user/device pair.

deviceConfigurationUserOverview

Property Type Description
id String Key of the entity.
pendingCount Int32 Number of pending Users
notApplicableCount Int32 Number of not applicable users
successCount Int32 Number of succeeded Users
errorCount Int32 Number of error Users
failedCount Int32 Number of failed Users
lastUpdateDateTime DateTimeOffset Last update time
configurationVersion Int32 Version of the policy for that overview

deviceConfigurationUserStateSummary

Property Type Description
id String Key of the entity.
unknownUserCount Int32 Number of unknown users
notApplicableUserCount Int32 Number of not applicable users
compliantUserCount Int32 Number of compliant users
remediatedUserCount Int32 Number of remediated users
nonCompliantUserCount Int32 Number of NonCompliant users
errorUserCount Int32 Number of error users
conflictUserCount Int32 Number of conflict users

deviceConfigurationUserStatus

Property Type Description
id String Key of the entity.
userDisplayName String User name of the DevicePolicyStatus.
devicesCount Int32 Devices count for that user.
status complianceStatus Compliance status of the policy report. Possible values are: unknown, notApplicable, compliant, remediated, nonCompliant, error, conflict, notAssigned.
lastReportedDateTime DateTimeOffset Last modified date time of the policy report.
userPrincipalName String UserPrincipalName.

deviceManagement

Property Type Description
id String Unique Identifier
settings deviceManagementSettings Account level settings.
intuneAccountId Guid Intune Account Id for given tenant

easEmailProfileConfigurationBase

Property Type Description
id String Key of the entity. Inherited from deviceConfiguration
lastModifiedDateTime DateTimeOffset DateTime the object was last modified. Inherited from deviceConfiguration
roleScopeTagIds String collection List of Scope Tags for this Entity instance. Inherited from deviceConfiguration
supportsScopeTags Boolean Indicates whether or not the underlying Device Configuration supports the assignment of scope tags. Assigning to the ScopeTags property is not allowed when this value is false and entities will not be visible to scoped users. This occurs for Legacy policies created in Silverlight and can be resolved by deleting and recreating the policy in the Azure Portal. This property is read-only. Inherited from deviceConfiguration
deviceManagementApplicabilityRuleOsEdition deviceManagementApplicabilityRuleOsEdition The OS edition applicability for this Policy. Inherited from deviceConfiguration
deviceManagementApplicabilityRuleOsVersion deviceManagementApplicabilityRuleOsVersion The OS version applicability rule for this Policy. Inherited from deviceConfiguration
deviceManagementApplicabilityRuleDeviceMode deviceManagementApplicabilityRuleDeviceMode The device mode applicability rule for this Policy. Inherited from deviceConfiguration
createdDateTime DateTimeOffset DateTime the object was created. Inherited from deviceConfiguration
description String Admin provided description of the Device Configuration. Inherited from deviceConfiguration
displayName String Admin provided name of the device configuration. Inherited from deviceConfiguration
version Int32 Version of the device configuration. Inherited from deviceConfiguration
usernameSource userEmailSource Username attribute that is picked from AAD and injected into this profile before installing on the device. Possible values are: userPrincipalName, primarySmtpAddress.
usernameAADSource usernameSource Name of the AAD field, that will be used to retrieve UserName for email profile. Possible values are: userPrincipalName, primarySmtpAddress, samAccountName.
userDomainNameSource domainNameSource UserDomainname attribute that is picked from AAD and injected into this profile before installing on the device. Possible values are: fullDomainName, netBiosDomainName.
customDomainName String Custom domain name value used while generating an email profile before installing on the device.

editionUpgradeConfiguration

Property Type Description
id String Key of the entity. Inherited from deviceConfiguration
lastModifiedDateTime DateTimeOffset DateTime the object was last modified. Inherited from deviceConfiguration
createdDateTime DateTimeOffset DateTime the object was created. Inherited from deviceConfiguration
description String Admin provided description of the Device Configuration. Inherited from deviceConfiguration
displayName String Admin provided name of the device configuration. Inherited from deviceConfiguration
version Int32 Version of the device configuration. Inherited from deviceConfiguration
licenseType editionUpgradeLicenseType Edition Upgrade License Type. Possible values are: productKey, licenseFile.
targetEdition windows10EditionType Edition Upgrade Target Edition. Possible values are: windows10Enterprise, windows10EnterpriseN, windows10Education, windows10EducationN, windows10MobileEnterprise, windows10HolographicEnterprise, windows10Professional, windows10ProfessionalN, windows10ProfessionalEducation, windows10ProfessionalEducationN, windows10ProfessionalWorkstation, windows10ProfessionalWorkstationN.
license String Edition Upgrade License File Content.
productKey String Edition Upgrade Product Key.

hardwareConfiguration

Property Type Description
id String Unique Identifier for the hardware configuration
version Int32 Version of the hardware configuration (E.g. 1, 2, 3 ...)
displayName String Name of the hardware configuration
description String Description of the hardware configuration
createdDateTime DateTimeOffset Timestamp of when the hardware configuration was created. This property is read-only.
lastModifiedDateTime DateTimeOffset Timestamp of when the hardware configuration was modified. This property is read-only.
fileName String File name of the hardware configuration
configurationFileContent Binary File content of the hardware configuration
hardwareConfigurationFormat hardwareConfigurationFormat Oem type of the hardware configuration (E.g. DELL, HP, Surface and SurfaceDock). Possible values are: dell, surface, surfaceDock.
roleScopeTagIds String collection List of Scope Tag IDs for the hardware configuration
perDevicePasswordDisabled Boolean A value indicating whether per devcive pasword disabled

hardwareConfigurationAssignment

Property Type Description
id String Key of the hardware configuration group assignment entity. This property is read-only.
target deviceAndAppManagementAssignmentTarget The Id of the Azure Active Directory group we are targeting the configuration to.

hardwareConfigurationDeviceState

Property Type Description
id String Key of the hardware configuration script device state entity. This property is read-only.
deviceName String The name of the device
osVersion String Operating system version of the device (E.g. 10.0.19042.1165, 10.0.19042.1288 etc.)
upn String User Principal Name (UPN).
internalVersion Int32 The Policy internal version
lastStateUpdateDateTime DateTimeOffset The last timestamp of when the hardware configuration executed
configurationState runState Configuration state from the lastest hardware configuration execution. Possible values are: unknown, success, fail, scriptError, pending, notApplicable.
configurationOutput String Output of the hardware configuration execution
configurationError String Error from the hardware configuration execution

hardwareConfigurationRunSummary

Property Type Description
id String Key of the hardware configuration run summary entity. This property is read-only.
successfulDeviceCount Int32 Number of devices for which hardware configured without any issue
failedDeviceCount Int32 Number of devices for which hardware configuration found an issue
pendingDeviceCount Int32 Number of devices for which hardware configuration is in pending state
errorDeviceCount Int32 Number of devices for which hardware configuration state is error
notApplicableDeviceCount Int32 Number of devices for which hardware configuration state is not applicable
unknownDeviceCount Int32 Number of devices for which hardware configuration state is unknown
successfulUserCount Int32 Number of users for which hardware configured without any issue
failedUserCount Int32 Number of users for which hardware configuration found an issue
pendingUserCount Int32 Number of users for which hardware configuration is in pending state
errorUserCount Int32 Number of users for which hardware configuration state is error
notApplicableUserCount Int32 Number of users for which hardware configuration state is not applicable
unknownUserCount Int32 Number of users for which hardware configuration state is unknown
lastRunDateTime DateTimeOffset Last run time for the configuration across all devices

hardwareConfigurationUserState

Property Type Description
id String Key of the hardware configuration script user state entity. This property is read-only.
upn String User Principal Name (UPN).
userEmail String User Email address.
userName String User name
lastStateUpdateDateTime DateTimeOffset Last timestamp when the hardware configuration executed
successfulDeviceCount Int32 Success device count for specific user.
failedDeviceCount Int32 Failed device count for specific user.
pendingDeviceCount Int32 Pending device count for specific user.
errorDeviceCount Int32 Error device count for specific user.
notApplicableDeviceCount Int32 Not applicable device count for specific user.
unknownDeviceCount Int32 Unknown device count for specific user.

hardwarePasswordInfo

Property Type Description
id String Unique Identifier for the hardware password info
serialNumber String Device serial number
currentPassword String Current device password
previousPasswords String collection List of previous device passwords

iosCertificateProfile

Property Type Description
id String Key of the entity. Inherited from deviceConfiguration
lastModifiedDateTime DateTimeOffset DateTime the object was last modified. Inherited from deviceConfiguration
createdDateTime DateTimeOffset DateTime the object was created. Inherited from deviceConfiguration
description String Admin provided description of the Device Configuration. Inherited from deviceConfiguration
displayName String Admin provided name of the device configuration. Inherited from deviceConfiguration
version Int32 Version of the device configuration. Inherited from deviceConfiguration

iosCertificateProfileBase

Property Type Description
id String Key of the entity. Inherited from deviceConfiguration
lastModifiedDateTime DateTimeOffset DateTime the object was last modified. Inherited from deviceConfiguration
roleScopeTagIds String collection List of Scope Tags for this Entity instance. Inherited from deviceConfiguration
supportsScopeTags Boolean Indicates whether or not the underlying Device Configuration supports the assignment of scope tags. Assigning to the ScopeTags property is not allowed when this value is false and entities will not be visible to scoped users. This occurs for Legacy policies created in Silverlight and can be resolved by deleting and recreating the policy in the Azure Portal. This property is read-only. Inherited from deviceConfiguration
deviceManagementApplicabilityRuleOsEdition deviceManagementApplicabilityRuleOsEdition The OS edition applicability for this Policy. Inherited from deviceConfiguration
deviceManagementApplicabilityRuleOsVersion deviceManagementApplicabilityRuleOsVersion The OS version applicability rule for this Policy. Inherited from deviceConfiguration
deviceManagementApplicabilityRuleDeviceMode deviceManagementApplicabilityRuleDeviceMode The device mode applicability rule for this Policy. Inherited from deviceConfiguration
createdDateTime DateTimeOffset DateTime the object was created. Inherited from deviceConfiguration
description String Admin provided description of the Device Configuration. Inherited from deviceConfiguration
displayName String Admin provided name of the device configuration. Inherited from deviceConfiguration
version Int32 Version of the device configuration. Inherited from deviceConfiguration
renewalThresholdPercentage Int32 Certificate renewal threshold percentage. Valid values 1 to 99
subjectNameFormat appleSubjectNameFormat Certificate Subject Name Format. Possible values are: commonName, commonNameAsEmail, custom, commonNameIncludingEmail, commonNameAsIMEI, commonNameAsSerialNumber.
subjectAlternativeNameType subjectAlternativeNameType Certificate Subject Alternative Name type. Possible values are: none, emailAddress, userPrincipalName, customAzureADAttribute, domainNameService, universalResourceIdentifier.
certificateValidityPeriodValue Int32 Value for the Certificate Validity Period.
certificateValidityPeriodScale certificateValidityPeriodScale Scale for the Certificate Validity Period. Possible values are: days, months, years.

iosCompliancePolicy

Property Type Description
id String Key of the entity. Inherited from deviceCompliancePolicy
createdDateTime DateTimeOffset DateTime the object was created. Inherited from deviceCompliancePolicy
description String Admin provided description of the Device Configuration. Inherited from deviceCompliancePolicy
lastModifiedDateTime DateTimeOffset DateTime the object was last modified. Inherited from deviceCompliancePolicy
displayName String Admin provided name of the device configuration. Inherited from deviceCompliancePolicy
version Int32 Version of the device configuration. Inherited from deviceCompliancePolicy
passcodeBlockSimple Boolean Indicates whether or not to block simple passcodes.
passcodeExpirationDays Int32 Number of days before the passcode expires. Valid values 1 to 65535
passcodeMinimumLength Int32 Minimum length of passcode. Valid values 4 to 14
passcodeMinutesOfInactivityBeforeLock Int32 Minutes of inactivity before a passcode is required.
passcodePreviousPasscodeBlockCount Int32 Number of previous passcodes to block. Valid values 1 to 24
passcodeMinimumCharacterSetCount Int32 The number of character sets required in the password.
passcodeRequiredType requiredPasswordType The required passcode type. Possible values are: deviceDefault, alphanumeric, numeric.
passcodeRequired Boolean Indicates whether or not to require a passcode.
osMinimumVersion String Minimum IOS version.
osMaximumVersion String Maximum IOS version.
securityBlockJailbrokenDevices Boolean Devices must not be jailbroken or rooted.
deviceThreatProtectionEnabled Boolean Require that devices have enabled device threat protection .
deviceThreatProtectionRequiredSecurityLevel deviceThreatProtectionLevel Require Mobile Threat Protection minimum risk level to report noncompliance. Possible values are: unavailable, secured, low, medium, high, notSet.
managedEmailProfileRequired Boolean Indicates whether or not to require a managed email profile.

iosCustomConfiguration

Property Type Description
id String Key of the entity. Inherited from deviceConfiguration
lastModifiedDateTime DateTimeOffset DateTime the object was last modified. Inherited from deviceConfiguration
createdDateTime DateTimeOffset DateTime the object was created. Inherited from deviceConfiguration
description String Admin provided description of the Device Configuration. Inherited from deviceConfiguration
displayName String Admin provided name of the device configuration. Inherited from deviceConfiguration
version Int32 Version of the device configuration. Inherited from deviceConfiguration
payloadName String Name that is displayed to the user.
payloadFileName String Payload file name (*.mobileconfig *.xml).
payload Binary Payload. (UTF8 encoded byte array)

iosDerivedCredentialAuthenticationConfiguration

Property Type Description
id String Key of the entity. Inherited from deviceConfiguration
lastModifiedDateTime DateTimeOffset DateTime the object was last modified. Inherited from deviceConfiguration
roleScopeTagIds String collection List of Scope Tags for this Entity instance. Inherited from deviceConfiguration
supportsScopeTags Boolean Indicates whether or not the underlying Device Configuration supports the assignment of scope tags. Assigning to the ScopeTags property is not allowed when this value is false and entities will not be visible to scoped users. This occurs for Legacy policies created in Silverlight and can be resolved by deleting and recreating the policy in the Azure Portal. This property is read-only. Inherited from deviceConfiguration
deviceManagementApplicabilityRuleOsEdition deviceManagementApplicabilityRuleOsEdition The OS edition applicability for this Policy. Inherited from deviceConfiguration
deviceManagementApplicabilityRuleOsVersion deviceManagementApplicabilityRuleOsVersion The OS version applicability rule for this Policy. Inherited from deviceConfiguration
deviceManagementApplicabilityRuleDeviceMode deviceManagementApplicabilityRuleDeviceMode The device mode applicability rule for this Policy. Inherited from deviceConfiguration
createdDateTime DateTimeOffset DateTime the object was created. Inherited from deviceConfiguration
description String Admin provided description of the Device Configuration. Inherited from deviceConfiguration
displayName String Admin provided name of the device configuration. Inherited from deviceConfiguration
version Int32 Version of the device configuration. Inherited from deviceConfiguration

iosDeviceFeaturesConfiguration

Property Type Description
id String Key of the entity. Inherited from deviceConfiguration
lastModifiedDateTime DateTimeOffset DateTime the object was last modified. Inherited from deviceConfiguration
createdDateTime DateTimeOffset DateTime the object was created. Inherited from deviceConfiguration
description String Admin provided description of the Device Configuration. Inherited from deviceConfiguration
displayName String Admin provided name of the device configuration. Inherited from deviceConfiguration
version Int32 Version of the device configuration. Inherited from deviceConfiguration
assetTagTemplate String Asset tag information for the device, displayed on the login window and lock screen.
lockScreenFootnote String A footnote displayed on the login window and lock screen. Available in iOS 9.3.1 and later.
homeScreenDockIcons iosHomeScreenItem collection A list of app and folders to appear on the Home Screen Dock. This collection can contain a maximum of 500 elements.
homeScreenPages iosHomeScreenPage collection A list of pages on the Home Screen. This collection can contain a maximum of 500 elements.
notificationSettings iosNotificationSettings collection Notification settings for each bundle id. Applicable to devices in supervised mode only (iOS 9.3 and later). This collection can contain a maximum of 500 elements.

iosEasEmailProfileConfiguration

Property Type Description
id String Key of the entity. Inherited from deviceConfiguration
lastModifiedDateTime DateTimeOffset DateTime the object was last modified. Inherited from deviceConfiguration
roleScopeTagIds String collection List of Scope Tags for this Entity instance. Inherited from deviceConfiguration
supportsScopeTags Boolean Indicates whether or not the underlying Device Configuration supports the assignment of scope tags. Assigning to the ScopeTags property is not allowed when this value is false and entities will not be visible to scoped users. This occurs for Legacy policies created in Silverlight and can be resolved by deleting and recreating the policy in the Azure Portal. This property is read-only. Inherited from deviceConfiguration
deviceManagementApplicabilityRuleOsEdition deviceManagementApplicabilityRuleOsEdition The OS edition applicability for this Policy. Inherited from deviceConfiguration
deviceManagementApplicabilityRuleOsVersion deviceManagementApplicabilityRuleOsVersion The OS version applicability rule for this Policy. Inherited from deviceConfiguration
deviceManagementApplicabilityRuleDeviceMode deviceManagementApplicabilityRuleDeviceMode The device mode applicability rule for this Policy. Inherited from deviceConfiguration
createdDateTime DateTimeOffset DateTime the object was created. Inherited from deviceConfiguration
description String Admin provided description of the Device Configuration. Inherited from deviceConfiguration
displayName String Admin provided name of the device configuration. Inherited from deviceConfiguration
version Int32 Version of the device configuration. Inherited from deviceConfiguration
usernameSource userEmailSource Username attribute that is picked from AAD and injected into this profile before installing on the device. Inherited from easEmailProfileConfigurationBase. Possible values are: userPrincipalName, primarySmtpAddress.
usernameAADSource usernameSource Name of the AAD field, that will be used to retrieve UserName for email profile. Inherited from easEmailProfileConfigurationBase. Possible values are: userPrincipalName, primarySmtpAddress, samAccountName.
userDomainNameSource domainNameSource UserDomainname attribute that is picked from AAD and injected into this profile before installing on the device. Inherited from easEmailProfileConfigurationBase. Possible values are: fullDomainName, netBiosDomainName.
customDomainName String Custom domain name value used while generating an email profile before installing on the device. Inherited from easEmailProfileConfigurationBase
accountName String Account name.
authenticationMethod easAuthenticationMethod Authentication method for this Email profile. Possible values are: usernameAndPassword, certificate, derivedCredential.
blockMovingMessagesToOtherEmailAccounts Boolean Indicates whether or not to block moving messages to other email accounts.
blockSendingEmailFromThirdPartyApps Boolean Indicates whether or not to block sending email from third party apps.
blockSyncingRecentlyUsedEmailAddresses Boolean Indicates whether or not to block syncing recently used email addresses, for instance - when composing new email.
durationOfEmailToSync emailSyncDuration Duration of time email should be synced back to. . Possible values are: userDefined, oneDay, threeDays, oneWeek, twoWeeks, oneMonth, unlimited.
emailAddressSource userEmailSource Email attribute that is picked from AAD and injected into this profile before installing on the device. Possible values are: userPrincipalName, primarySmtpAddress.
easServices easServices Exchange data to sync. Possible values are: none, calendars, contacts, email, notes, reminders.
easServicesUserOverrideEnabled Boolean Allow users to change sync settings.
hostName String Exchange location that (URL) that the native mail app connects to.
requireSmime Boolean Indicates whether or not to use S/MIME certificate.
smimeEnablePerMessageSwitch Boolean Indicates whether or not to allow unencrypted emails.
smimeEncryptByDefaultEnabled Boolean If set to true S/MIME encryption is enabled by default.
smimeSigningEnabled Boolean If set to true S/MIME signing is enabled for this account
smimeSigningUserOverrideEnabled Boolean If set to true, the user can toggle S/MIME signing on or off.
smimeEncryptByDefaultUserOverrideEnabled Boolean If set to true, the user can toggle the encryption by default setting.
smimeSigningCertificateUserOverrideEnabled Boolean If set to true, the user can select the signing identity.
smimeEncryptionCertificateUserOverrideEnabled Boolean If set to true the user can select the S/MIME encryption identity.
requireSsl Boolean Indicates whether or not to use SSL.
useOAuth Boolean Specifies whether the connection should use OAuth for authentication.
signingCertificateType emailCertificateType Signing Certificate type for this Email profile. Possible values are: none, certificate, derivedCredential.
encryptionCertificateType emailCertificateType Encryption Certificate type for this Email profile. Possible values are: none, certificate, derivedCredential.
perAppVPNProfileId String Profile ID of the Per-App VPN policy to be used to access emails from the native Mail client

iosEducationDeviceConfiguration

Property Type Description
id String Key of the entity. Inherited from deviceConfiguration
lastModifiedDateTime DateTimeOffset DateTime the object was last modified. Inherited from deviceConfiguration
roleScopeTagIds String collection List of Scope Tags for this Entity instance. Inherited from deviceConfiguration
supportsScopeTags Boolean Indicates whether or not the underlying Device Configuration supports the assignment of scope tags. Assigning to the ScopeTags property is not allowed when this value is false and entities will not be visible to scoped users. This occurs for Legacy policies created in Silverlight and can be resolved by deleting and recreating the policy in the Azure Portal. This property is read-only. Inherited from deviceConfiguration
deviceManagementApplicabilityRuleOsEdition deviceManagementApplicabilityRuleOsEdition The OS edition applicability for this Policy. Inherited from deviceConfiguration
deviceManagementApplicabilityRuleOsVersion deviceManagementApplicabilityRuleOsVersion The OS version applicability rule for this Policy. Inherited from deviceConfiguration
deviceManagementApplicabilityRuleDeviceMode deviceManagementApplicabilityRuleDeviceMode The device mode applicability rule for this Policy. Inherited from deviceConfiguration
createdDateTime DateTimeOffset DateTime the object was created. Inherited from deviceConfiguration
description String Admin provided description of the Device Configuration. Inherited from deviceConfiguration
displayName String Admin provided name of the device configuration. Inherited from deviceConfiguration
version Int32 Version of the device configuration. Inherited from deviceConfiguration

iosEduDeviceConfiguration

Property Type Description
id String Key of the entity. Inherited from deviceConfiguration
lastModifiedDateTime DateTimeOffset DateTime the object was last modified. Inherited from deviceConfiguration
roleScopeTagIds String collection List of Scope Tags for this Entity instance. Inherited from deviceConfiguration
supportsScopeTags Boolean Indicates whether or not the underlying Device Configuration supports the assignment of scope tags. Assigning to the ScopeTags property is not allowed when this value is false and entities will not be visible to scoped users. This occurs for Legacy policies created in Silverlight and can be resolved by deleting and recreating the policy in the Azure Portal. This property is read-only. Inherited from deviceConfiguration
deviceManagementApplicabilityRuleOsEdition deviceManagementApplicabilityRuleOsEdition The OS edition applicability for this Policy. Inherited from deviceConfiguration
deviceManagementApplicabilityRuleOsVersion deviceManagementApplicabilityRuleOsVersion The OS version applicability rule for this Policy. Inherited from deviceConfiguration
deviceManagementApplicabilityRuleDeviceMode deviceManagementApplicabilityRuleDeviceMode The device mode applicability rule for this Policy. Inherited from deviceConfiguration
createdDateTime DateTimeOffset DateTime the object was created. Inherited from deviceConfiguration
description String Admin provided description of the Device Configuration. Inherited from deviceConfiguration
displayName String Admin provided name of the device configuration. Inherited from deviceConfiguration
version Int32 Version of the device configuration. Inherited from deviceConfiguration
teacherCertificateSettings iosEduCertificateSettings The Trusted Root and PFX certificates for Teacher
studentCertificateSettings iosEduCertificateSettings The Trusted Root and PFX certificates for Student
deviceCertificateSettings iosEduCertificateSettings The Trusted Root and PFX certificates for Device

iosEnterpriseWiFiConfiguration

Property Type Description
id String Key of the entity. Inherited from deviceConfiguration
lastModifiedDateTime DateTimeOffset DateTime the object was last modified. Inherited from deviceConfiguration
roleScopeTagIds String collection List of Scope Tags for this Entity instance. Inherited from deviceConfiguration
supportsScopeTags Boolean Indicates whether or not the underlying Device Configuration supports the assignment of scope tags. Assigning to the ScopeTags property is not allowed when this value is false and entities will not be visible to scoped users. This occurs for Legacy policies created in Silverlight and can be resolved by deleting and recreating the policy in the Azure Portal. This property is read-only. Inherited from deviceConfiguration
deviceManagementApplicabilityRuleOsEdition deviceManagementApplicabilityRuleOsEdition The OS edition applicability for this Policy. Inherited from deviceConfiguration
deviceManagementApplicabilityRuleOsVersion deviceManagementApplicabilityRuleOsVersion The OS version applicability rule for this Policy. Inherited from deviceConfiguration
deviceManagementApplicabilityRuleDeviceMode deviceManagementApplicabilityRuleDeviceMode The device mode applicability rule for this Policy. Inherited from deviceConfiguration
createdDateTime DateTimeOffset DateTime the object was created. Inherited from deviceConfiguration
description String Admin provided description of the Device Configuration. Inherited from deviceConfiguration
displayName String Admin provided name of the device configuration. Inherited from deviceConfiguration
version Int32 Version of the device configuration. Inherited from deviceConfiguration
networkName String Network Name Inherited from iosWiFiConfiguration
ssid String This is the name of the Wi-Fi network that is broadcast to all devices. Inherited from iosWiFiConfiguration
connectAutomatically Boolean Connect automatically when this network is in range. Setting this to true will skip the user prompt and automatically connect the device to Wi-Fi network. Inherited from iosWiFiConfiguration
connectWhenNetworkNameIsHidden Boolean Connect when the network is not broadcasting its name (SSID). When set to true, this profile forces the device to connect to a network that doesn't broadcast its SSID to all devices. Inherited from iosWiFiConfiguration
wiFiSecurityType wiFiSecurityType Indicates whether Wi-Fi endpoint uses an EAP based security type. Inherited from iosWiFiConfiguration. Possible values are: open, wpaPersonal, wpaEnterprise, wep, wpa2Personal, wpa2Enterprise.
proxySettings wiFiProxySetting Proxy Type for this Wi-Fi connection Inherited from iosWiFiConfiguration. Possible values are: none, manual, automatic.
proxyManualAddress String IP Address or DNS hostname of the proxy server when manual configuration is selected. Inherited from iosWiFiConfiguration
proxyManualPort Int32 Port of the proxy server when manual configuration is selected. Inherited from iosWiFiConfiguration
proxyAutomaticConfigurationUrl String URL of the proxy server automatic configuration script when automatic configuration is selected. This URL is typically the location of PAC (Proxy Auto Configuration) file. Inherited from iosWiFiConfiguration
disableMacAddressRandomization Boolean If set to true, forces devices connecting using this Wi-Fi profile to present their actual Wi-Fi MAC address instead of a random MAC address. Applies to iOS 14 and later. Inherited from iosWiFiConfiguration
preSharedKey String This is the pre-shared key for WPA Personal Wi-Fi network. Inherited from iosWiFiConfiguration
eapType eapType Extensible Authentication Protocol (EAP). Indicates the type of EAP protocol set on the Wi-Fi endpoint (router). Possible values are: eapTls, leap, eapSim, eapTtls, peap, eapFast, teap.
eapFastConfiguration eapFastConfiguration EAP-FAST Configuration Option when EAP-FAST is the selected EAP Type. Possible values are: noProtectedAccessCredential, useProtectedAccessCredential, useProtectedAccessCredentialAndProvision, useProtectedAccessCredentialAndProvisionAnonymously.
trustedServerCertificateNames String collection Trusted server certificate names when EAP Type is configured to EAP-TLS/TTLS/FAST or PEAP. This is the common name used in the certificates issued by your trusted certificate authority (CA). If you provide this information, you can bypass the dynamic trust dialog that is displayed on end users' devices when they connect to this Wi-Fi network.
authenticationMethod wiFiAuthenticationMethod Authentication Method when EAP Type is configured to PEAP or EAP-TTLS. Possible values are: certificate, usernameAndPassword, derivedCredential.
innerAuthenticationProtocolForEapTtls nonEapAuthenticationMethodForEapTtlsType Non-EAP Method for Authentication when EAP Type is EAP-TTLS and Authenticationmethod is Username and Password. Possible values are: unencryptedPassword, challengeHandshakeAuthenticationProtocol, microsoftChap, microsoftChapVersionTwo.
outerIdentityPrivacyTemporaryValue String Enable identity privacy (Outer Identity) when EAP Type is configured to EAP - TTLS, EAP - FAST or PEAP. This property masks usernames with the text you enter. For example, if you use 'anonymous', each user that authenticates with this Wi-Fi connection using their real username is displayed as 'anonymous'.
usernameFormatString String Username format string used to build the username to connect to wifi
passwordFormatString String Password format string used to build the password to connect to wifi

iosExpeditedCheckinConfiguration

Property Type Description
id String Key of the entity. Inherited from deviceConfiguration
lastModifiedDateTime DateTimeOffset DateTime the object was last modified. Inherited from deviceConfiguration
roleScopeTagIds String collection List of Scope Tags for this Entity instance. Inherited from deviceConfiguration
supportsScopeTags Boolean Indicates whether or not the underlying Device Configuration supports the assignment of scope tags. Assigning to the ScopeTags property is not allowed when this value is false and entities will not be visible to scoped users. This occurs for Legacy policies created in Silverlight and can be resolved by deleting and recreating the policy in the Azure Portal. This property is read-only. Inherited from deviceConfiguration
deviceManagementApplicabilityRuleOsEdition deviceManagementApplicabilityRuleOsEdition The OS edition applicability for this Policy. Inherited from deviceConfiguration
deviceManagementApplicabilityRuleOsVersion deviceManagementApplicabilityRuleOsVersion The OS version applicability rule for this Policy. Inherited from deviceConfiguration
deviceManagementApplicabilityRuleDeviceMode deviceManagementApplicabilityRuleDeviceMode The device mode applicability rule for this Policy. Inherited from deviceConfiguration
createdDateTime DateTimeOffset DateTime the object was created. Inherited from deviceConfiguration
description String Admin provided description of the Device Configuration. Inherited from deviceConfiguration
displayName String Admin provided name of the device configuration. Inherited from deviceConfiguration
version Int32 Version of the device configuration. Inherited from deviceConfiguration
enableExpeditedCheckin Boolean Gets or sets whether to enable expedited device check-ins. Inherited from appleExpeditedCheckinConfigurationBase

iosGeneralDeviceConfiguration

Property Type Description
id String Key of the entity. Inherited from deviceConfiguration
lastModifiedDateTime DateTimeOffset DateTime the object was last modified. Inherited from deviceConfiguration
createdDateTime DateTimeOffset DateTime the object was created. Inherited from deviceConfiguration
description String Admin provided description of the Device Configuration. Inherited from deviceConfiguration
displayName String Admin provided name of the device configuration. Inherited from deviceConfiguration
version Int32 Version of the device configuration. Inherited from deviceConfiguration
accountBlockModification Boolean Indicates whether or not to allow account modification when the device is in supervised mode.
activationLockAllowWhenSupervised Boolean Indicates whether or not to allow activation lock when the device is in the supervised mode.
airDropBlocked Boolean Indicates whether or not to allow AirDrop when the device is in supervised mode.
airDropForceUnmanagedDropTarget Boolean Indicates whether or not to cause AirDrop to be considered an unmanaged drop target (iOS 9.0 and later).
airPlayForcePairingPasswordForOutgoingRequests Boolean Indicates whether or not to enforce all devices receiving AirPlay requests from this device to use a pairing password.
appleWatchBlockPairing Boolean Indicates whether or not to allow Apple Watch pairing when the device is in supervised mode (iOS 9.0 and later).
appleWatchForceWristDetection Boolean Indicates whether or not to force a paired Apple Watch to use Wrist Detection (iOS 8.2 and later).
appleNewsBlocked Boolean Indicates whether or not to block the user from using News when the device is in supervised mode (iOS 9.0 and later).
appsSingleAppModeList appListItem collection Gets or sets the list of iOS apps allowed to autonomously enter Single App Mode. Supervised only. iOS 7.0 and later. This collection can contain a maximum of 500 elements.
appsVisibilityList appListItem collection List of apps in the visibility list (either visible/launchable apps list or hidden/unlaunchable apps list, controlled by AppsVisibilityListType) (iOS 9.3 and later). This collection can contain a maximum of 10000 elements.
appsVisibilityListType appListType Type of list that is in the AppsVisibilityList. Possible values are: none, appsInListCompliant, appsNotInListCompliant.
appStoreBlockAutomaticDownloads Boolean Indicates whether or not to block the automatic downloading of apps purchased on other devices when the device is in supervised mode (iOS 9.0 and later).
appStoreBlocked Boolean Indicates whether or not to block the user from using the App Store. Requires a supervised device for iOS 13 and later.
appStoreBlockInAppPurchases Boolean Indicates whether or not to block the user from making in app purchases.
appStoreBlockUIAppInstallation Boolean Indicates whether or not to block the App Store app, not restricting installation through Host apps. Applies to supervised mode only (iOS 9.0 and later).
appStoreRequirePassword Boolean Indicates whether or not to require a password when using the app store.
bluetoothBlockModification Boolean Indicates whether or not to allow modification of Bluetooth settings when the device is in supervised mode (iOS 10.0 and later).
cameraBlocked Boolean Indicates whether or not to block the user from accessing the camera of the device. Requires a supervised device for iOS 13 and later.
cellularBlockDataRoaming Boolean Indicates whether or not to block data roaming.
cellularBlockGlobalBackgroundFetchWhileRoaming Boolean Indicates whether or not to block global background fetch while roaming.
cellularBlockPerAppDataModification Boolean Indicates whether or not to allow changes to cellular app data usage settings when the device is in supervised mode.
cellularBlockPersonalHotspot Boolean Indicates whether or not to block Personal Hotspot.
cellularBlockVoiceRoaming Boolean Indicates whether or not to block voice roaming.
certificatesBlockUntrustedTlsCertificates Boolean Indicates whether or not to block untrusted TLS certificates.
classroomAppBlockRemoteScreenObservation Boolean Indicates whether or not to allow remote screen observation by Classroom app when the device is in supervised mode (iOS 9.3 and later).
classroomAppForceUnpromptedScreenObservation Boolean Indicates whether or not to automatically give permission to the teacher of a managed course on the Classroom app to view a student's screen without prompting when the device is in supervised mode.
compliantAppsList appListItem collection List of apps in the compliance (either allow list or block list, controlled by CompliantAppListType). This collection can contain a maximum of 10000 elements.
compliantAppListType appListType List that is in the AppComplianceList. Possible values are: none, appsInListCompliant, appsNotInListCompliant.
configurationProfileBlockChanges Boolean Indicates whether or not to block the user from installing configuration profiles and certificates interactively when the device is in supervised mode.
definitionLookupBlocked Boolean Indicates whether or not to block definition lookup when the device is in supervised mode (iOS 8.1.3 and later ).
deviceBlockEnableRestrictions Boolean Indicates whether or not to allow the user to enables restrictions in the device settings when the device is in supervised mode.
deviceBlockEraseContentAndSettings Boolean Indicates whether or not to allow the use of the 'Erase all content and settings' option on the device when the device is in supervised mode.
deviceBlockNameModification Boolean Indicates whether or not to allow device name modification when the device is in supervised mode (iOS 9.0 and later).
diagnosticDataBlockSubmission Boolean Indicates whether or not to block diagnostic data submission.
diagnosticDataBlockSubmissionModification Boolean Indicates whether or not to allow diagnostics submission settings modification when the device is in supervised mode (iOS 9.3.2 and later).
documentsBlockManagedDocumentsInUnmanagedApps Boolean Indicates whether or not to block the user from viewing managed documents in unmanaged apps.
documentsBlockUnmanagedDocumentsInManagedApps Boolean Indicates whether or not to block the user from viewing unmanaged documents in managed apps.
emailInDomainSuffixes String collection An email address lacking a suffix that matches any of these strings will be considered out-of-domain.
enterpriseAppBlockTrust Boolean Indicates whether or not to block the user from trusting an enterprise app.
enterpriseAppBlockTrustModification Boolean [Deprecated] Configuring this setting and setting the value to 'true' has no effect on the device.
faceTimeBlocked Boolean Indicates whether or not to block the user from using FaceTime. Requires a supervised device for iOS 13 and later.
findMyFriendsBlocked Boolean Indicates whether or not to block changes to Find My Friends when the device is in supervised mode.
gamingBlockGameCenterFriends Boolean Indicates whether or not to block the user from having friends in Game Center. Requires a supervised device for iOS 13 and later.
gamingBlockMultiplayer Boolean Indicates whether or not to block the user from using multiplayer gaming. Requires a supervised device for iOS 13 and later.
gameCenterBlocked Boolean Indicates whether or not to block the user from using Game Center when the device is in supervised mode.
hostPairingBlocked Boolean indicates whether or not to allow host pairing to control the devices an iOS device can pair with when the iOS device is in supervised mode.
iBooksStoreBlocked Boolean Indicates whether or not to block the user from using the iBooks Store when the device is in supervised mode.
iBooksStoreBlockErotica Boolean Indicates whether or not to block the user from downloading media from the iBookstore that has been tagged as erotica.
iCloudBlockActivityContinuation Boolean Indicates whether or not to block the user from continuing work they started on iOS device to another iOS or macOS device.
iCloudBlockBackup Boolean Indicates whether or not to block iCloud backup. Requires a supervised device for iOS 13 and later.
iCloudBlockDocumentSync Boolean Indicates whether or not to block iCloud document sync. Requires a supervised device for iOS 13 and later.
iCloudBlockManagedAppsSync Boolean Indicates whether or not to block Managed Apps Cloud Sync.
iCloudBlockPhotoLibrary Boolean Indicates whether or not to block iCloud Photo Library.
iCloudBlockPhotoStreamSync Boolean Indicates whether or not to block iCloud Photo Stream Sync.
iCloudBlockSharedPhotoStream Boolean Indicates whether or not to block Shared Photo Stream.
iCloudRequireEncryptedBackup Boolean Indicates whether or not to require backups to iCloud be encrypted.
iTunesBlockExplicitContent Boolean Indicates whether or not to block the user from accessing explicit content in iTunes and the App Store. Requires a supervised device for iOS 13 and later.
iTunesBlockMusicService Boolean Indicates whether or not to block Music service and revert Music app to classic mode when the device is in supervised mode (iOS 9.3 and later and macOS 10.12 and later).
iTunesBlockRadio Boolean Indicates whether or not to block the user from using iTunes Radio when the device is in supervised mode (iOS 9.3 and later).
keyboardBlockAutoCorrect Boolean Indicates whether or not to block keyboard auto-correction when the device is in supervised mode (iOS 8.1.3 and later).
keyboardBlockDictation Boolean Indicates whether or not to block the user from using dictation input when the device is in supervised mode.
keyboardBlockPredictive Boolean Indicates whether or not to block predictive keyboards when device is in supervised mode (iOS 8.1.3 and later).
keyboardBlockShortcuts Boolean Indicates whether or not to block keyboard shortcuts when the device is in supervised mode (iOS 9.0 and later).
keyboardBlockSpellCheck Boolean Indicates whether or not to block keyboard spell-checking when the device is in supervised mode (iOS 8.1.3 and later).
kioskModeAllowAssistiveSpeak Boolean Indicates whether or not to allow assistive speak while in kiosk mode.
kioskModeAllowAssistiveTouchSettings Boolean Indicates whether or not to allow access to the Assistive Touch Settings while in kiosk mode.
kioskModeAllowAutoLock Boolean Indicates whether or not to allow device auto lock while in kiosk mode. This property's functionality is redundant with the OS default and is deprecated. Use KioskModeBlockAutoLock instead.
kioskModeAllowColorInversionSettings Boolean Indicates whether or not to allow access to the Color Inversion Settings while in kiosk mode.
kioskModeAllowRingerSwitch Boolean Indicates whether or not to allow use of the ringer switch while in kiosk mode. This property's functionality is redundant with the OS default and is deprecated. Use KioskModeBlockRingerSwitch instead.
kioskModeAllowScreenRotation Boolean Indicates whether or not to allow screen rotation while in kiosk mode. This property's functionality is redundant with the OS default and is deprecated. Use KioskModeBlockScreenRotation instead.
kioskModeAllowSleepButton Boolean Indicates whether or not to allow use of the sleep button while in kiosk mode. This property's functionality is redundant with the OS default and is deprecated. Use KioskModeBlockSleepButton instead.
kioskModeAllowTouchscreen Boolean Indicates whether or not to allow use of the touchscreen while in kiosk mode. This property's functionality is redundant with the OS default and is deprecated. Use KioskModeBlockTouchscreen instead.
kioskModeAllowVoiceOverSettings Boolean Indicates whether or not to allow access to the voice over settings while in kiosk mode.
kioskModeAllowVolumeButtons Boolean Indicates whether or not to allow use of the volume buttons while in kiosk mode. This property's functionality is redundant with the OS default and is deprecated. Use KioskModeBlockVolumeButtons instead.
kioskModeAllowZoomSettings Boolean Indicates whether or not to allow access to the zoom settings while in kiosk mode.
kioskModeAppStoreUrl String URL in the app store to the app to use for kiosk mode. Use if KioskModeManagedAppId is not known.
kioskModeBuiltInAppId String ID for built-in apps to use for kiosk mode. Used when KioskModeManagedAppId and KioskModeAppStoreUrl are not set.
kioskModeRequireAssistiveTouch Boolean Indicates whether or not to require assistive touch while in kiosk mode.
kioskModeRequireColorInversion Boolean Indicates whether or not to require color inversion while in kiosk mode.
kioskModeRequireMonoAudio Boolean Indicates whether or not to require mono audio while in kiosk mode.
kioskModeRequireVoiceOver Boolean Indicates whether or not to require voice over while in kiosk mode.
kioskModeRequireZoom Boolean Indicates whether or not to require zoom while in kiosk mode.
kioskModeManagedAppId String Managed app id of the app to use for kiosk mode. If KioskModeManagedAppId is specified then KioskModeAppStoreUrl will be ignored.
lockScreenBlockControlCenter Boolean Indicates whether or not to block the user from using control center on the lock screen.
lockScreenBlockNotificationView Boolean Indicates whether or not to block the user from using the notification view on the lock screen.
lockScreenBlockPassbook Boolean Indicates whether or not to block the user from using passbook when the device is locked.
lockScreenBlockTodayView Boolean Indicates whether or not to block the user from using the Today View on the lock screen.
mediaContentRatingAustralia mediaContentRatingAustralia Media content rating settings for Australia
mediaContentRatingCanada mediaContentRatingCanada Media content rating settings for Canada
mediaContentRatingFrance mediaContentRatingFrance Media content rating settings for France
mediaContentRatingGermany mediaContentRatingGermany Media content rating settings for Germany
mediaContentRatingIreland mediaContentRatingIreland Media content rating settings for Ireland
mediaContentRatingJapan mediaContentRatingJapan Media content rating settings for Japan
mediaContentRatingNewZealand mediaContentRatingNewZealand Media content rating settings for New Zealand
mediaContentRatingUnitedKingdom mediaContentRatingUnitedKingdom Media content rating settings for United Kingdom
mediaContentRatingUnitedStates mediaContentRatingUnitedStates Media content rating settings for United States
networkUsageRules iosNetworkUsageRule collection List of managed apps and the network rules that applies to them. This collection can contain a maximum of 1000 elements.
mediaContentRatingApps ratingAppsType Media content rating settings for Apps. Possible values are: allAllowed, allBlocked, agesAbove4, agesAbove9, agesAbove12, agesAbove17.
messagesBlocked Boolean Indicates whether or not to block the user from using the Messages app on the supervised device.
notificationsBlockSettingsModification Boolean Indicates whether or not to allow notifications settings modification (iOS 9.3 and later).
passcodeBlockFingerprintUnlock Boolean Indicates whether or not to block fingerprint unlock.
passcodeBlockFingerprintModification Boolean Block modification of registered Touch ID fingerprints when in supervised mode.
passcodeBlockModification Boolean Indicates whether or not to allow passcode modification on the supervised device (iOS 9.0 and later).
passcodeBlockSimple Boolean Indicates whether or not to block simple passcodes.
passcodeExpirationDays Int32 Number of days before the passcode expires. Valid values 1 to 65535
passcodeMinimumLength Int32 Minimum length of passcode. Valid values 4 to 14
passcodeMinutesOfInactivityBeforeLock Int32 Minutes of inactivity before a passcode is required.
passcodeMinutesOfInactivityBeforeScreenTimeout Int32 Minutes of inactivity before the screen times out.
passcodeMinimumCharacterSetCount Int32 Number of character sets a passcode must contain. Valid values 0 to 4
passcodePreviousPasscodeBlockCount Int32 Number of previous passcodes to block. Valid values 1 to 24
passcodeSignInFailureCountBeforeWipe Int32 Number of sign in failures allowed before wiping the device. Valid values 2 to 11
passcodeRequiredType requiredPasswordType Type of passcode that is required. Possible values are: deviceDefault, alphanumeric, numeric.
passcodeRequired Boolean Indicates whether or not to require a passcode.
podcastsBlocked Boolean Indicates whether or not to block the user from using podcasts on the supervised device (iOS 8.0 and later).
safariBlockAutofill Boolean Indicates whether or not to block the user from using Auto fill in Safari. Requires a supervised device for iOS 13 and later.
safariBlockJavaScript Boolean Indicates whether or not to block JavaScript in Safari.
safariBlockPopups Boolean Indicates whether or not to block popups in Safari.
safariBlocked Boolean Indicates whether or not to block the user from using Safari. Requires a supervised device for iOS 13 and later.
safariCookieSettings webBrowserCookieSettings Cookie settings for Safari. Possible values are: browserDefault, blockAlways, allowCurrentWebSite, allowFromWebsitesVisited, allowAlways.
safariManagedDomains String collection URLs matching the patterns listed here will be considered managed.
safariPasswordAutoFillDomains String collection Users can save passwords in Safari only from URLs matching the patterns listed here. Applies to devices in supervised mode (iOS 9.3 and later).
safariRequireFraudWarning Boolean Indicates whether or not to require fraud warning in Safari.
screenCaptureBlocked Boolean Indicates whether or not to block the user from taking Screenshots.
siriBlocked Boolean Indicates whether or not to block the user from using Siri.
siriBlockedWhenLocked Boolean Indicates whether or not to block the user from using Siri when locked.
siriBlockUserGeneratedContent Boolean Indicates whether or not to block Siri from querying user-generated content when used on a supervised device.
siriRequireProfanityFilter Boolean Indicates whether or not to prevent Siri from dictating, or speaking profane language on supervised device.
spotlightBlockInternetResults Boolean Indicates whether or not to block Spotlight search from returning internet results on supervised device.
voiceDialingBlocked Boolean Indicates whether or not to block voice dialing.
wallpaperBlockModification Boolean Indicates whether or not to allow wallpaper modification on supervised device (iOS 9.0 and later) .
wiFiConnectOnlyToConfiguredNetworks Boolean Indicates whether or not to force the device to use only Wi-Fi networks from configuration profiles when the device is in supervised mode. Available for devices running iOS and iPadOS versions 14.4 and earlier. Devices running 14.5+ should use the setting, “WiFiConnectToAllowedNetworksOnlyForced.

iosikEv2VpnConfiguration

Property Type Description
id String Key of the entity. Inherited from deviceConfiguration
lastModifiedDateTime DateTimeOffset DateTime the object was last modified. Inherited from deviceConfiguration
roleScopeTagIds String collection List of Scope Tags for this Entity instance. Inherited from deviceConfiguration
supportsScopeTags Boolean Indicates whether or not the underlying Device Configuration supports the assignment of scope tags. Assigning to the ScopeTags property is not allowed when this value is false and entities will not be visible to scoped users. This occurs for Legacy policies created in Silverlight and can be resolved by deleting and recreating the policy in the Azure Portal. This property is read-only. Inherited from deviceConfiguration
deviceManagementApplicabilityRuleOsEdition deviceManagementApplicabilityRuleOsEdition The OS edition applicability for this Policy. Inherited from deviceConfiguration
deviceManagementApplicabilityRuleOsVersion deviceManagementApplicabilityRuleOsVersion The OS version applicability rule for this Policy. Inherited from deviceConfiguration
deviceManagementApplicabilityRuleDeviceMode deviceManagementApplicabilityRuleDeviceMode The device mode applicability rule for this Policy. Inherited from deviceConfiguration
createdDateTime DateTimeOffset DateTime the object was created. Inherited from deviceConfiguration
description String Admin provided description of the Device Configuration. Inherited from deviceConfiguration
displayName String Admin provided name of the device configuration. Inherited from deviceConfiguration
version Int32 Version of the device configuration. Inherited from deviceConfiguration
connectionName String Connection name displayed to the user. Inherited from appleVpnConfiguration
connectionType appleVpnConnectionType Connection type. Inherited from appleVpnConfiguration. Possible values are: ciscoAnyConnect, pulseSecure, f5EdgeClient, dellSonicWallMobileConnect, checkPointCapsuleVpn, customVpn, ciscoIPSec, citrix, ciscoAnyConnectV2, paloAltoGlobalProtect, zscalerPrivateAccess, f5Access2018, citrixSso, paloAltoGlobalProtectV2, ikEv2, alwaysOn, microsoftTunnel, netMotionMobility, microsoftProtect.
loginGroupOrDomain String Login group or domain when connection type is set to Dell SonicWALL Mobile Connection. Inherited from appleVpnConfiguration
role String Role when connection type is set to Pulse Secure. Inherited from appleVpnConfiguration
realm String Realm when connection type is set to Pulse Secure. Inherited from appleVpnConfiguration
server vpnServer VPN Server on the network. Make sure end users can access this network location. Inherited from appleVpnConfiguration
identifier String Identifier provided by VPN vendor when connection type is set to Custom VPN. For example: Cisco AnyConnect uses an identifier of the form com.cisco.anyconnect.applevpn.plugin Inherited from appleVpnConfiguration
customData keyValue collection Custom data when connection type is set to Custom VPN. Use this field to enable functionality not supported by Intune, but available in your VPN solution. Contact your VPN vendor to learn how to add these key/value pairs. This collection can contain a maximum of 25 elements. Inherited from appleVpnConfiguration
customKeyValueData keyValuePair collection Custom data when connection type is set to Custom VPN. Use this field to enable functionality not supported by Intune, but available in your VPN solution. Contact your VPN vendor to learn how to add these key/value pairs. This collection can contain a maximum of 25 elements. Inherited from appleVpnConfiguration
enableSplitTunneling Boolean Send all network traffic through VPN. Inherited from appleVpnConfiguration
authenticationMethod vpnAuthenticationMethod Authentication method for this VPN connection. Inherited from appleVpnConfiguration. Possible values are: certificate, usernameAndPassword, sharedSecret, derivedCredential, azureAD.
enablePerApp Boolean Setting this to true creates Per-App VPN payload which can later be associated with Apps that can trigger this VPN conneciton on the end user's iOS device. Inherited from appleVpnConfiguration
safariDomains String collection Safari domains when this VPN per App setting is enabled. In addition to the apps associated with this VPN, Safari domains specified here will also be able to trigger this VPN connection. Inherited from appleVpnConfiguration
onDemandRules vpnOnDemandRule collection On-Demand Rules. This collection can contain a maximum of 500 elements. Inherited from appleVpnConfiguration
providerType vpnProviderType Provider type for per-app VPN. Inherited from appleVpnConfiguration. Possible values are: notConfigured, appProxy, packetTunnel.
associatedDomains String collection Associated Domains Inherited from appleVpnConfiguration
excludedDomains String collection Domains that are accessed through the public internet instead of through VPN, even when per-app VPN is activated Inherited from appleVpnConfiguration
disableOnDemandUserOverride Boolean Toggle to prevent user from disabling automatic VPN in the Settings app Inherited from appleVpnConfiguration
disconnectOnIdle Boolean Whether to disconnect after on-demand connection idles Inherited from appleVpnConfiguration
disconnectOnIdleTimerInSeconds Int32 The length of time in seconds to wait before disconnecting an on-demand connection. Valid values 0 to 65535 Inherited from appleVpnConfiguration
proxyServer vpnProxyServer Proxy Server. Inherited from appleVpnConfiguration
optInToDeviceIdSharing Boolean Opt-In to sharing the device's Id to third-party vpn clients for use during network access control validation. Inherited from appleVpnConfiguration
userDomain String Zscaler only. Enter a static domain to pre-populate the login field with in the Zscaler app. If this is left empty, the user's Azure Active Directory domain will be used instead. Inherited from iosVpnConfiguration
strictEnforcement Boolean Zscaler only. Blocks network traffic until the user signs into Zscaler app. "True" means traffic is blocked. Inherited from iosVpnConfiguration
cloudName String Zscaler only. Zscaler cloud which the user is assigned to. Inherited from iosVpnConfiguration
excludeList String collection Zscaler only. List of network addresses which are not sent through the Zscaler cloud. Inherited from iosVpnConfiguration
targetedMobileApps appListItem collection Targeted mobile apps. This collection can contain a maximum of 500 elements. Inherited from iosVpnConfiguration
microsoftTunnelSiteId String Microsoft Tunnel site ID. Inherited from iosVpnConfiguration
childSecurityAssociationParameters iosVpnSecurityAssociationParameters Child Security Association Parameters
clientAuthenticationType vpnClientAuthenticationType Type of Client Authentication the VPN client will use. Possible values are: userAuthentication, deviceAuthentication.
deadPeerDetectionRate vpnDeadPeerDetectionRate Determine how often to check if a peer connection is still active. . Possible values are: medium, none, low, high.
disableMobilityAndMultihoming Boolean Disable MOBIKE
disableRedirect Boolean Disable Redirect
enableCertificateRevocationCheck Boolean Enables a best-effort revocation check; server response timeouts will not cause it to fail
enableEAP Boolean Enables EAP only authentication
enablePerfectForwardSecrecy Boolean Enable Perfect Forward Secrecy (PFS).
enableUseInternalSubnetAttributes Boolean Enable Use Internal Subnet Attributes.
localIdentifier vpnLocalIdentifier Method of identifying the client that is trying to connect via VPN. . Possible values are: deviceFQDN, empty, clientCertificateSubjectName.
remoteIdentifier String Address of the IKEv2 server. Must be a FQDN, UserFQDN, network address, or ASN1DN
securityAssociationParameters iosVpnSecurityAssociationParameters Security Association Parameters
serverCertificateCommonName String Common name of the IKEv2 Server Certificate used in Server Authentication
serverCertificateIssuerCommonName String Issuer Common name of the IKEv2 Server Certificate issuer used in Authentication
serverCertificateType vpnServerCertificateType The type of certificate the VPN server will present to the VPN client for authentication. Possible values are: rsa, ecdsa256, ecdsa384, ecdsa521.
sharedSecret String Used when Shared Secret Authentication is selected
tlsMaximumVersion String The maximum TLS version to be used with EAP-TLS authentication
tlsMinimumVersion String The minimum TLS version to be used with EAP-TLS authentication
allowDefaultSecurityAssociationParameters Boolean Allows the use of security association parameters by setting all parameters to the device's default unless explicitly specified.
allowDefaultChildSecurityAssociationParameters Boolean Allows the use of child security association parameters by setting all parameters to the device's default unless explicitly specified.
alwaysOnConfiguration appleVpnAlwaysOnConfiguration AlwaysOn Configuration
enableAlwaysOnConfiguration Boolean Determines if Always on VPN is enabled
mtuSizeInBytes Int32 Maximum transmission unit. Valid values 1280 to 1400

iosImportedPFXCertificateProfile

Property Type Description
id String Key of the entity. Inherited from deviceConfiguration
lastModifiedDateTime DateTimeOffset DateTime the object was last modified. Inherited from deviceConfiguration
roleScopeTagIds String collection List of Scope Tags for this Entity instance. Inherited from deviceConfiguration
supportsScopeTags Boolean Indicates whether or not the underlying Device Configuration supports the assignment of scope tags. Assigning to the ScopeTags property is not allowed when this value is false and entities will not be visible to scoped users. This occurs for Legacy policies created in Silverlight and can be resolved by deleting and recreating the policy in the Azure Portal. This property is read-only. Inherited from deviceConfiguration
deviceManagementApplicabilityRuleOsEdition deviceManagementApplicabilityRuleOsEdition The OS edition applicability for this Policy. Inherited from deviceConfiguration
deviceManagementApplicabilityRuleOsVersion deviceManagementApplicabilityRuleOsVersion The OS version applicability rule for this Policy. Inherited from deviceConfiguration
deviceManagementApplicabilityRuleDeviceMode deviceManagementApplicabilityRuleDeviceMode The device mode applicability rule for this Policy. Inherited from deviceConfiguration
createdDateTime DateTimeOffset DateTime the object was created. Inherited from deviceConfiguration
description String Admin provided description of the Device Configuration. Inherited from deviceConfiguration
displayName String Admin provided name of the device configuration. Inherited from deviceConfiguration
version Int32 Version of the device configuration. Inherited from deviceConfiguration
intendedPurpose intendedPurpose Intended Purpose of the Certificate Profile - which could be Unassigned, SmimeEncryption, SmimeSigning etc. Possible values are: unassigned, smimeEncryption, smimeSigning, vpn, wifi.

iosPkcsCertificateProfile

Property Type Description
id String Key of the entity. Inherited from deviceConfiguration
lastModifiedDateTime DateTimeOffset DateTime the object was last modified. Inherited from deviceConfiguration
roleScopeTagIds String collection List of Scope Tags for this Entity instance. Inherited from deviceConfiguration
supportsScopeTags Boolean Indicates whether or not the underlying Device Configuration supports the assignment of scope tags. Assigning to the ScopeTags property is not allowed when this value is false and entities will not be visible to scoped users. This occurs for Legacy policies created in Silverlight and can be resolved by deleting and recreating the policy in the Azure Portal. This property is read-only. Inherited from deviceConfiguration
deviceManagementApplicabilityRuleOsEdition deviceManagementApplicabilityRuleOsEdition The OS edition applicability for this Policy. Inherited from deviceConfiguration
deviceManagementApplicabilityRuleOsVersion deviceManagementApplicabilityRuleOsVersion The OS version applicability rule for this Policy. Inherited from deviceConfiguration
deviceManagementApplicabilityRuleDeviceMode deviceManagementApplicabilityRuleDeviceMode The device mode applicability rule for this Policy. Inherited from deviceConfiguration
createdDateTime DateTimeOffset DateTime the object was created. Inherited from deviceConfiguration
description String Admin provided description of the Device Configuration. Inherited from deviceConfiguration
displayName String Admin provided name of the device configuration. Inherited from deviceConfiguration
version Int32 Version of the device configuration. Inherited from deviceConfiguration
renewalThresholdPercentage Int32 Certificate renewal threshold percentage. Valid values 1 to 99 Inherited from iosCertificateProfileBase
subjectNameFormat appleSubjectNameFormat Certificate Subject Name Format. Inherited from iosCertificateProfileBase. Possible values are: commonName, commonNameAsEmail, custom, commonNameIncludingEmail, commonNameAsIMEI, commonNameAsSerialNumber.
subjectAlternativeNameType subjectAlternativeNameType Certificate Subject Alternative Name type. Inherited from iosCertificateProfileBase. Possible values are: none, emailAddress, userPrincipalName, customAzureADAttribute, domainNameService, universalResourceIdentifier.
certificateValidityPeriodValue Int32 Value for the Certificate Validity Period. Inherited from iosCertificateProfileBase
certificateValidityPeriodScale certificateValidityPeriodScale Scale for the Certificate Validity Period. Inherited from iosCertificateProfileBase. Possible values are: days, months, years.
certificationAuthority String PKCS Certification Authority.
certificationAuthorityName String PKCS Certification Authority Name.
certificateTemplateName String PKCS Certificate Template Name.
subjectAlternativeNameFormatString String Custom String that defines the AAD Attribute.
subjectNameFormatString String Custom format to use with SubjectNameFormat = Custom. Example: CN={{EmailAddress}},E={{EmailAddress}},OU=Enterprise Users,O=Contoso Corporation,L=Redmond,ST=WA,C=US
certificateStore certificateStore Target store certificate. Possible values are: user, machine.
customSubjectAlternativeNames customSubjectAlternativeName collection Custom Subject Alternative Name Settings. This collection can contain a maximum of 500 elements.

iosScepCertificateProfile

Property Type Description
id String Key of the entity. Inherited from deviceConfiguration
lastModifiedDateTime DateTimeOffset DateTime the object was last modified. Inherited from deviceConfiguration
roleScopeTagIds String collection List of Scope Tags for this Entity instance. Inherited from deviceConfiguration
supportsScopeTags Boolean Indicates whether or not the underlying Device Configuration supports the assignment of scope tags. Assigning to the ScopeTags property is not allowed when this value is false and entities will not be visible to scoped users. This occurs for Legacy policies created in Silverlight and can be resolved by deleting and recreating the policy in the Azure Portal. This property is read-only. Inherited from deviceConfiguration
deviceManagementApplicabilityRuleOsEdition deviceManagementApplicabilityRuleOsEdition The OS edition applicability for this Policy. Inherited from deviceConfiguration
deviceManagementApplicabilityRuleOsVersion deviceManagementApplicabilityRuleOsVersion The OS version applicability rule for this Policy. Inherited from deviceConfiguration
deviceManagementApplicabilityRuleDeviceMode deviceManagementApplicabilityRuleDeviceMode The device mode applicability rule for this Policy. Inherited from deviceConfiguration
createdDateTime DateTimeOffset DateTime the object was created. Inherited from deviceConfiguration
description String Admin provided description of the Device Configuration. Inherited from deviceConfiguration
displayName String Admin provided name of the device configuration. Inherited from deviceConfiguration
version Int32 Version of the device configuration. Inherited from deviceConfiguration
renewalThresholdPercentage Int32 Certificate renewal threshold percentage. Valid values 1 to 99 Inherited from iosCertificateProfileBase
subjectNameFormat appleSubjectNameFormat Certificate Subject Name Format. Inherited from iosCertificateProfileBase. Possible values are: commonName, commonNameAsEmail, custom, commonNameIncludingEmail, commonNameAsIMEI, commonNameAsSerialNumber.
subjectAlternativeNameType subjectAlternativeNameType Certificate Subject Alternative Name type. Inherited from iosCertificateProfileBase. Possible values are: none, emailAddress, userPrincipalName, customAzureADAttribute, domainNameService, universalResourceIdentifier.
certificateValidityPeriodValue Int32 Value for the Certificate Validity Period. Inherited from iosCertificateProfileBase
certificateValidityPeriodScale certificateValidityPeriodScale Scale for the Certificate Validity Period. Inherited from iosCertificateProfileBase. Possible values are: days, months, years.
scepServerUrls String collection SCEP Server Url(s).
subjectNameFormatString String Custom format to use with SubjectNameFormat = Custom. Example: CN={{EmailAddress}},E={{EmailAddress}},OU=Enterprise Users,O=Contoso Corporation,L=Redmond,ST=WA,C=US
keyUsage keyUsages SCEP Key Usage. Possible values are: keyEncipherment, digitalSignature.
keySize keySize SCEP Key Size. Possible values are: size1024, size2048, size4096.
extendedKeyUsages extendedKeyUsage collection Extended Key Usage (EKU) settings. This collection can contain a maximum of 500 elements.
subjectAlternativeNameFormatString String Custom String that defines the AAD Attribute.
certificateStore certificateStore Target store certificate. Possible values are: user, machine.
customSubjectAlternativeNames customSubjectAlternativeName collection Custom Subject Alternative Name Settings. The OnPremisesUserPrincipalName variable is support as well as others documented here: https://go.microsoft.com/fwlink/?LinkId=2027630. This collection can contain a maximum of 500 elements.

iosTrustedRootCertificate

Property Type Description
id String Key of the entity. Inherited from deviceConfiguration
lastModifiedDateTime DateTimeOffset DateTime the object was last modified. Inherited from deviceConfiguration
roleScopeTagIds String collection List of Scope Tags for this Entity instance. Inherited from deviceConfiguration
supportsScopeTags Boolean Indicates whether or not the underlying Device Configuration supports the assignment of scope tags. Assigning to the ScopeTags property is not allowed when this value is false and entities will not be visible to scoped users. This occurs for Legacy policies created in Silverlight and can be resolved by deleting and recreating the policy in the Azure Portal. This property is read-only. Inherited from deviceConfiguration
deviceManagementApplicabilityRuleOsEdition deviceManagementApplicabilityRuleOsEdition The OS edition applicability for this Policy. Inherited from deviceConfiguration
deviceManagementApplicabilityRuleOsVersion deviceManagementApplicabilityRuleOsVersion The OS version applicability rule for this Policy. Inherited from deviceConfiguration
deviceManagementApplicabilityRuleDeviceMode deviceManagementApplicabilityRuleDeviceMode The device mode applicability rule for this Policy. Inherited from deviceConfiguration
createdDateTime DateTimeOffset DateTime the object was created. Inherited from deviceConfiguration
description String Admin provided description of the Device Configuration. Inherited from deviceConfiguration
displayName String Admin provided name of the device configuration. Inherited from deviceConfiguration
version Int32 Version of the device configuration. Inherited from deviceConfiguration
trustedRootCertificate Binary Trusted Root Certificate.
certFileName String File name to display in UI.

iosUpdateConfiguration

Property Type Description
id String Key of the entity. Inherited from deviceConfiguration
lastModifiedDateTime DateTimeOffset DateTime the object was last modified. Inherited from deviceConfiguration
createdDateTime DateTimeOffset DateTime the object was created. Inherited from deviceConfiguration
description String Admin provided description of the Device Configuration. Inherited from deviceConfiguration
displayName String Admin provided name of the device configuration. Inherited from deviceConfiguration
version Int32 Version of the device configuration. Inherited from deviceConfiguration
activeHoursStart TimeOfDay Active Hours Start (active hours mean the time window when updates install should not happen)
activeHoursEnd TimeOfDay Active Hours End (active hours mean the time window when updates install should not happen)
scheduledInstallDays dayOfWeek collection Days in week for which active hours are configured. This collection can contain a maximum of 7 elements.
utcTimeOffsetInMinutes Int32 UTC Time Offset indicated in minutes

iosUpdateDeviceStatus

Property Type Description
id String Key of the entity.
installStatus iosUpdatesInstallStatus The installation status of the policy report. Possible values are: success, available, idle, unknown, downloading, downloadFailed, downloadRequiresComputer, downloadInsufficientSpace, downloadInsufficientPower, downloadInsufficientNetwork, installing, installInsufficientSpace, installInsufficientPower, installPhoneCallInProgress, installFailed, notSupportedOperation, sharedDeviceUserLoggedInError, deviceOsHigherThanDesiredOsVersion.
osVersion String The device version that is being reported.
deviceId String The device id that is being reported.
userId String The User id that is being reported.
deviceDisplayName String Device name of the DevicePolicyStatus.
userName String The User Name that is being reported
deviceModel String The device model that is being reported
complianceGracePeriodExpirationDateTime DateTimeOffset The DateTime when device compliance grace period expires
status complianceStatus Compliance status of the policy report. Possible values are: unknown, notApplicable, compliant, remediated, nonCompliant, error, conflict, notAssigned.
lastReportedDateTime DateTimeOffset Last modified date time of the policy report.
userPrincipalName String UserPrincipalName.

iosVpnConfiguration

Property Type Description
id String Key of the entity. Inherited from deviceConfiguration
lastModifiedDateTime DateTimeOffset DateTime the object was last modified. Inherited from deviceConfiguration
roleScopeTagIds String collection List of Scope Tags for this Entity instance. Inherited from deviceConfiguration
supportsScopeTags Boolean Indicates whether or not the underlying Device Configuration supports the assignment of scope tags. Assigning to the ScopeTags property is not allowed when this value is false and entities will not be visible to scoped users. This occurs for Legacy policies created in Silverlight and can be resolved by deleting and recreating the policy in the Azure Portal. This property is read-only. Inherited from deviceConfiguration
deviceManagementApplicabilityRuleOsEdition deviceManagementApplicabilityRuleOsEdition The OS edition applicability for this Policy. Inherited from deviceConfiguration
deviceManagementApplicabilityRuleOsVersion deviceManagementApplicabilityRuleOsVersion The OS version applicability rule for this Policy. Inherited from deviceConfiguration
deviceManagementApplicabilityRuleDeviceMode deviceManagementApplicabilityRuleDeviceMode The device mode applicability rule for this Policy. Inherited from deviceConfiguration
createdDateTime DateTimeOffset DateTime the object was created. Inherited from deviceConfiguration
description String Admin provided description of the Device Configuration. Inherited from deviceConfiguration
displayName String Admin provided name of the device configuration. Inherited from deviceConfiguration
version Int32 Version of the device configuration. Inherited from deviceConfiguration
connectionName String Connection name displayed to the user. Inherited from appleVpnConfiguration
connectionType appleVpnConnectionType Connection type. Inherited from appleVpnConfiguration. Possible values are: ciscoAnyConnect, pulseSecure, f5EdgeClient, dellSonicWallMobileConnect, checkPointCapsuleVpn, customVpn, ciscoIPSec, citrix, ciscoAnyConnectV2, paloAltoGlobalProtect, zscalerPrivateAccess, f5Access2018, citrixSso, paloAltoGlobalProtectV2, ikEv2, alwaysOn, microsoftTunnel, netMotionMobility, microsoftProtect.
loginGroupOrDomain String Login group or domain when connection type is set to Dell SonicWALL Mobile Connection. Inherited from appleVpnConfiguration
role String Role when connection type is set to Pulse Secure. Inherited from appleVpnConfiguration
realm String Realm when connection type is set to Pulse Secure. Inherited from appleVpnConfiguration
server vpnServer VPN Server on the network. Make sure end users can access this network location. Inherited from appleVpnConfiguration
identifier String Identifier provided by VPN vendor when connection type is set to Custom VPN. For example: Cisco AnyConnect uses an identifier of the form com.cisco.anyconnect.applevpn.plugin Inherited from appleVpnConfiguration
customData keyValue collection Custom data when connection type is set to Custom VPN. Use this field to enable functionality not supported by Intune, but available in your VPN solution. Contact your VPN vendor to learn how to add these key/value pairs. This collection can contain a maximum of 25 elements. Inherited from appleVpnConfiguration
customKeyValueData keyValuePair collection Custom data when connection type is set to Custom VPN. Use this field to enable functionality not supported by Intune, but available in your VPN solution. Contact your VPN vendor to learn how to add these key/value pairs. This collection can contain a maximum of 25 elements. Inherited from appleVpnConfiguration
enableSplitTunneling Boolean Send all network traffic through VPN. Inherited from appleVpnConfiguration
authenticationMethod vpnAuthenticationMethod Authentication method for this VPN connection. Inherited from appleVpnConfiguration. Possible values are: certificate, usernameAndPassword, sharedSecret, derivedCredential, azureAD.
enablePerApp Boolean Setting this to true creates Per-App VPN payload which can later be associated with Apps that can trigger this VPN conneciton on the end user's iOS device. Inherited from appleVpnConfiguration
safariDomains String collection Safari domains when this VPN per App setting is enabled. In addition to the apps associated with this VPN, Safari domains specified here will also be able to trigger this VPN connection. Inherited from appleVpnConfiguration
onDemandRules vpnOnDemandRule collection On-Demand Rules. This collection can contain a maximum of 500 elements. Inherited from appleVpnConfiguration
providerType vpnProviderType Provider type for per-app VPN. Inherited from appleVpnConfiguration. Possible values are: notConfigured, appProxy, packetTunnel.
associatedDomains String collection Associated Domains Inherited from appleVpnConfiguration
excludedDomains String collection Domains that are accessed through the public internet instead of through VPN, even when per-app VPN is activated Inherited from appleVpnConfiguration
disableOnDemandUserOverride Boolean Toggle to prevent user from disabling automatic VPN in the Settings app Inherited from appleVpnConfiguration
disconnectOnIdle Boolean Whether to disconnect after on-demand connection idles Inherited from appleVpnConfiguration
disconnectOnIdleTimerInSeconds Int32 The length of time in seconds to wait before disconnecting an on-demand connection. Valid values 0 to 65535 Inherited from appleVpnConfiguration
proxyServer vpnProxyServer Proxy Server. Inherited from appleVpnConfiguration
optInToDeviceIdSharing Boolean Opt-In to sharing the device's Id to third-party vpn clients for use during network access control validation. Inherited from appleVpnConfiguration
userDomain String Zscaler only. Enter a static domain to pre-populate the login field with in the Zscaler app. If this is left empty, the user's Azure Active Directory domain will be used instead.
strictEnforcement Boolean Zscaler only. Blocks network traffic until the user signs into Zscaler app. "True" means traffic is blocked.
cloudName String Zscaler only. Zscaler cloud which the user is assigned to.
excludeList String collection Zscaler only. List of network addresses which are not sent through the Zscaler cloud.
targetedMobileApps appListItem collection Targeted mobile apps. This collection can contain a maximum of 500 elements.
microsoftTunnelSiteId String Microsoft Tunnel site ID.

iosWiFiConfiguration

Property Type Description
id String Key of the entity. Inherited from deviceConfiguration
lastModifiedDateTime DateTimeOffset DateTime the object was last modified. Inherited from deviceConfiguration
roleScopeTagIds String collection List of Scope Tags for this Entity instance. Inherited from deviceConfiguration
supportsScopeTags Boolean Indicates whether or not the underlying Device Configuration supports the assignment of scope tags. Assigning to the ScopeTags property is not allowed when this value is false and entities will not be visible to scoped users. This occurs for Legacy policies created in Silverlight and can be resolved by deleting and recreating the policy in the Azure Portal. This property is read-only. Inherited from deviceConfiguration
deviceManagementApplicabilityRuleOsEdition deviceManagementApplicabilityRuleOsEdition The OS edition applicability for this Policy. Inherited from deviceConfiguration
deviceManagementApplicabilityRuleOsVersion deviceManagementApplicabilityRuleOsVersion The OS version applicability rule for this Policy. Inherited from deviceConfiguration
deviceManagementApplicabilityRuleDeviceMode deviceManagementApplicabilityRuleDeviceMode The device mode applicability rule for this Policy. Inherited from deviceConfiguration
createdDateTime DateTimeOffset DateTime the object was created. Inherited from deviceConfiguration
description String Admin provided description of the Device Configuration. Inherited from deviceConfiguration
displayName String Admin provided name of the device configuration. Inherited from deviceConfiguration
version Int32 Version of the device configuration. Inherited from deviceConfiguration
networkName String Network Name
ssid String This is the name of the Wi-Fi network that is broadcast to all devices.
connectAutomatically Boolean Connect automatically when this network is in range. Setting this to true will skip the user prompt and automatically connect the device to Wi-Fi network.
connectWhenNetworkNameIsHidden Boolean Connect when the network is not broadcasting its name (SSID). When set to true, this profile forces the device to connect to a network that doesn't broadcast its SSID to all devices.
wiFiSecurityType wiFiSecurityType Indicates whether Wi-Fi endpoint uses an EAP based security type. Possible values are: open, wpaPersonal, wpaEnterprise, wep, wpa2Personal, wpa2Enterprise.
proxySettings wiFiProxySetting Proxy Type for this Wi-Fi connection. Possible values are: none, manual, automatic.
proxyManualAddress String IP Address or DNS hostname of the proxy server when manual configuration is selected.
proxyManualPort Int32 Port of the proxy server when manual configuration is selected.
proxyAutomaticConfigurationUrl String URL of the proxy server automatic configuration script when automatic configuration is selected. This URL is typically the location of PAC (Proxy Auto Configuration) file.
disableMacAddressRandomization Boolean If set to true, forces devices connecting using this Wi-Fi profile to present their actual Wi-Fi MAC address instead of a random MAC address. Applies to iOS 14 and later.
preSharedKey String This is the pre-shared key for WPA Personal Wi-Fi network.

macOSCertificateProfileBase

Property Type Description
id String Key of the entity. Inherited from deviceConfiguration
lastModifiedDateTime DateTimeOffset DateTime the object was last modified. Inherited from deviceConfiguration
roleScopeTagIds String collection List of Scope Tags for this Entity instance. Inherited from deviceConfiguration
supportsScopeTags Boolean Indicates whether or not the underlying Device Configuration supports the assignment of scope tags. Assigning to the ScopeTags property is not allowed when this value is false and entities will not be visible to scoped users. This occurs for Legacy policies created in Silverlight and can be resolved by deleting and recreating the policy in the Azure Portal. This property is read-only. Inherited from deviceConfiguration
deviceManagementApplicabilityRuleOsEdition deviceManagementApplicabilityRuleOsEdition The OS edition applicability for this Policy. Inherited from deviceConfiguration
deviceManagementApplicabilityRuleOsVersion deviceManagementApplicabilityRuleOsVersion The OS version applicability rule for this Policy. Inherited from deviceConfiguration
deviceManagementApplicabilityRuleDeviceMode deviceManagementApplicabilityRuleDeviceMode The device mode applicability rule for this Policy. Inherited from deviceConfiguration
createdDateTime DateTimeOffset DateTime the object was created. Inherited from deviceConfiguration
description String Admin provided description of the Device Configuration. Inherited from deviceConfiguration
displayName String Admin provided name of the device configuration. Inherited from deviceConfiguration
version Int32 Version of the device configuration. Inherited from deviceConfiguration
renewalThresholdPercentage Int32 Certificate renewal threshold percentage.
subjectNameFormat appleSubjectNameFormat Certificate Subject Name Format. Possible values are: commonName, commonNameAsEmail, custom, commonNameIncludingEmail, commonNameAsIMEI, commonNameAsSerialNumber.
subjectAlternativeNameType subjectAlternativeNameType Certificate Subject Alternative Name Type. Possible values are: none, emailAddress, userPrincipalName, customAzureADAttribute, domainNameService, universalResourceIdentifier.
certificateValidityPeriodValue Int32 Value for the Certificate Validity Period.
certificateValidityPeriodScale certificateValidityPeriodScale Scale for the Certificate Validity Period. Possible values are: days, months, years.

macOSCompliancePolicy

Property Type Description
id String Key of the entity. Inherited from deviceCompliancePolicy
createdDateTime DateTimeOffset DateTime the object was created. Inherited from deviceCompliancePolicy
description String Admin provided description of the Device Configuration. Inherited from deviceCompliancePolicy
lastModifiedDateTime DateTimeOffset DateTime the object was last modified. Inherited from deviceCompliancePolicy
displayName String Admin provided name of the device configuration. Inherited from deviceCompliancePolicy
version Int32 Version of the device configuration. Inherited from deviceCompliancePolicy
passwordRequired Boolean Whether or not to require a password.
passwordBlockSimple Boolean Indicates whether or not to block simple passwords.
passwordExpirationDays Int32 Number of days before the password expires. Valid values 1 to 65535
passwordMinimumLength Int32 Minimum length of password. Valid values 4 to 14
passwordMinutesOfInactivityBeforeLock Int32 Minutes of inactivity before a password is required.
passwordPreviousPasswordBlockCount Int32 Number of previous passwords to block. Valid values 1 to 24
passwordMinimumCharacterSetCount Int32 The number of character sets required in the password.
passwordRequiredType requiredPasswordType The required password type. Possible values are: deviceDefault, alphanumeric, numeric.
osMinimumVersion String Minimum MacOS version.
osMaximumVersion String Maximum MacOS version.
systemIntegrityProtectionEnabled Boolean Require that devices have enabled system integrity protection.
deviceThreatProtectionEnabled Boolean Require that devices have enabled device threat protection.
deviceThreatProtectionRequiredSecurityLevel deviceThreatProtectionLevel Require Mobile Threat Protection minimum risk level to report noncompliance. Possible values are: unavailable, secured, low, medium, high, notSet.
storageRequireEncryption Boolean Require encryption on Mac OS devices.
firewallEnabled Boolean Whether the firewall should be enabled or not.
firewallBlockAllIncoming Boolean Corresponds to the “Block all incoming connections” option.
firewallEnableStealthMode Boolean Corresponds to “Enable stealth mode.”

macOSCustomAppConfiguration

Property Type Description
id String Key of the entity. Inherited from deviceConfiguration
lastModifiedDateTime DateTimeOffset DateTime the object was last modified. Inherited from deviceConfiguration
roleScopeTagIds String collection List of Scope Tags for this Entity instance. Inherited from deviceConfiguration
supportsScopeTags Boolean Indicates whether or not the underlying Device Configuration supports the assignment of scope tags. Assigning to the ScopeTags property is not allowed when this value is false and entities will not be visible to scoped users. This occurs for Legacy policies created in Silverlight and can be resolved by deleting and recreating the policy in the Azure Portal. This property is read-only. Inherited from deviceConfiguration
deviceManagementApplicabilityRuleOsEdition deviceManagementApplicabilityRuleOsEdition The OS edition applicability for this Policy. Inherited from deviceConfiguration
deviceManagementApplicabilityRuleOsVersion deviceManagementApplicabilityRuleOsVersion The OS version applicability rule for this Policy. Inherited from deviceConfiguration
deviceManagementApplicabilityRuleDeviceMode deviceManagementApplicabilityRuleDeviceMode The device mode applicability rule for this Policy. Inherited from deviceConfiguration
createdDateTime DateTimeOffset DateTime the object was created. Inherited from deviceConfiguration
description String Admin provided description of the Device Configuration. Inherited from deviceConfiguration
displayName String Admin provided name of the device configuration. Inherited from deviceConfiguration
version Int32 Version of the device configuration. Inherited from deviceConfiguration
bundleId String Bundle id for targeting.
fileName String Configuration file name (*.plist *.xml).
configurationXml Binary Configuration xml. (UTF8 encoded byte array)

macOSCustomConfiguration

Property Type Description
id String Key of the entity. Inherited from deviceConfiguration
lastModifiedDateTime DateTimeOffset DateTime the object was last modified. Inherited from deviceConfiguration
createdDateTime DateTimeOffset DateTime the object was created. Inherited from deviceConfiguration
description String Admin provided description of the Device Configuration. Inherited from deviceConfiguration
displayName String Admin provided name of the device configuration. Inherited from deviceConfiguration
version Int32 Version of the device configuration. Inherited from deviceConfiguration
payloadName String Name that is displayed to the user.
payloadFileName String Payload file name (*.mobileconfig *.xml).
payload Binary Payload. (UTF8 encoded byte array)

macOSDeviceFeaturesConfiguration

Property Type Description
id String Key of the entity. Inherited from deviceConfiguration
lastModifiedDateTime DateTimeOffset DateTime the object was last modified. Inherited from deviceConfiguration
createdDateTime DateTimeOffset DateTime the object was created. Inherited from deviceConfiguration
description String Admin provided description of the Device Configuration. Inherited from deviceConfiguration
displayName String Admin provided name of the device configuration. Inherited from deviceConfiguration
version Int32 Version of the device configuration. Inherited from deviceConfiguration

macOSEndpointProtectionConfiguration

Property Type Description
id String Key of the entity. Inherited from deviceConfiguration
lastModifiedDateTime DateTimeOffset DateTime the object was last modified. Inherited from deviceConfiguration
roleScopeTagIds String collection List of Scope Tags for this Entity instance. Inherited from deviceConfiguration
supportsScopeTags Boolean Indicates whether or not the underlying Device Configuration supports the assignment of scope tags. Assigning to the ScopeTags property is not allowed when this value is false and entities will not be visible to scoped users. This occurs for Legacy policies created in Silverlight and can be resolved by deleting and recreating the policy in the Azure Portal. This property is read-only. Inherited from deviceConfiguration
deviceManagementApplicabilityRuleOsEdition deviceManagementApplicabilityRuleOsEdition The OS edition applicability for this Policy. Inherited from deviceConfiguration
deviceManagementApplicabilityRuleOsVersion deviceManagementApplicabilityRuleOsVersion The OS version applicability rule for this Policy. Inherited from deviceConfiguration
deviceManagementApplicabilityRuleDeviceMode deviceManagementApplicabilityRuleDeviceMode The device mode applicability rule for this Policy. Inherited from deviceConfiguration
createdDateTime DateTimeOffset DateTime the object was created. Inherited from deviceConfiguration
description String Admin provided description of the Device Configuration. Inherited from deviceConfiguration
displayName String Admin provided name of the device configuration. Inherited from deviceConfiguration
version Int32 Version of the device configuration. Inherited from deviceConfiguration
gatekeeperAllowedAppSource macOSGatekeeperAppSources System and Privacy setting that determines which download locations apps can be run from on a macOS device. Possible values are: notConfigured, macAppStore, macAppStoreAndIdentifiedDevelopers, anywhere.
gatekeeperBlockOverride Boolean If set to true, the user override for Gatekeeper will be disabled.
firewallEnabled Boolean Whether the firewall should be enabled or not.
firewallBlockAllIncoming Boolean Corresponds to the “Block all incoming connections” option.
firewallEnableStealthMode Boolean Corresponds to “Enable stealth mode.”
firewallApplications macOSFirewallApplication collection List of applications with firewall settings. Firewall settings for applications not on this list are determined by the user. This collection can contain a maximum of 500 elements.
fileVaultEnabled Boolean Whether FileVault should be enabled or not.
fileVaultSelectedRecoveryKeyTypes macOSFileVaultRecoveryKeyTypes Required if FileVault is enabled, determines the type(s) of recovery key to use. . Possible values are: notConfigured, institutionalRecoveryKey, personalRecoveryKey.
fileVaultInstitutionalRecoveryKeyCertificate Binary Required if selected recovery key type(s) include InstitutionalRecoveryKey. The DER Encoded certificate file used to set an institutional recovery key.
fileVaultInstitutionalRecoveryKeyCertificateFileName String File name of the institutional recovery key certificate to display in UI. (*.der).
fileVaultPersonalRecoveryKeyHelpMessage String Required if selected recovery key type(s) include PersonalRecoveryKey. A short message displayed to the user that explains how they can retrieve their personal recovery key.
fileVaultAllowDeferralUntilSignOut Boolean Optional. If set to true, the user can defer the enabling of FileVault until they sign out.
fileVaultNumberOfTimesUserCanIgnore Int32 Optional. When using the Defer option, this is the maximum number of times the user can ignore prompts to enable FileVault before FileVault will be required for the user to sign in. If set to -1, it will always prompt to enable FileVault until FileVault is enabled, though it will allow the user to bypass enabling FileVault. Setting this to 0 will disable the feature.
fileVaultDisablePromptAtSignOut Boolean Optional. When using the Defer option, if set to true, the user is not prompted to enable FileVault at sign-out.
fileVaultPersonalRecoveryKeyRotationInMonths Int32 Optional. If selected recovery key type(s) include PersonalRecoveryKey, the frequency to rotate that key, in months.
fileVaultHidePersonalRecoveryKey Boolean Optional. A hidden personal recovery key does not appear on the user's screen during FileVault encryption, reducing the risk of it ending up in the wrong hands.
advancedThreatProtectionRealTime enablement Determines whether or not to enable real-time protection for Microsoft Defender Advanced Threat Protection on macOS. Possible values are: notConfigured, enabled, disabled.
advancedThreatProtectionCloudDelivered enablement Determines whether or not to enable cloud-delivered protection for Microsoft Defender Advanced Threat Protection on macOS. Possible values are: notConfigured, enabled, disabled.
advancedThreatProtectionAutomaticSampleSubmission enablement Determines whether or not to enable automatic file sample submission for Microsoft Defender Advanced Threat Protection on macOS. Possible values are: notConfigured, enabled, disabled.
advancedThreatProtectionDiagnosticDataCollection enablement Determines whether or not to enable diagnostic and usage data collection for Microsoft Defender Advanced Threat Protection on macOS. Possible values are: notConfigured, enabled, disabled.
advancedThreatProtectionExcludedFolders String collection A list of paths to folders to exclude from antivirus scanning for Microsoft Defender Advanced Threat Protection on macOS.
advancedThreatProtectionExcludedFiles String collection A list of paths to files to exclude from antivirus scanning for Microsoft Defender Advanced Threat Protection on macOS.
advancedThreatProtectionExcludedExtensions String collection A list of file extensions to exclude from antivirus scanning for Microsoft Defender Advanced Threat Protection on macOS.
advancedThreatProtectionExcludedProcesses String collection A list of process names to exclude from antivirus scanning for Microsoft Defender Advanced Threat Protection on macOS.

macOSEnterpriseWiFiConfiguration

Property Type Description
id String Key of the entity. Inherited from deviceConfiguration
lastModifiedDateTime DateTimeOffset DateTime the object was last modified. Inherited from deviceConfiguration
roleScopeTagIds String collection List of Scope Tags for this Entity instance. Inherited from deviceConfiguration
supportsScopeTags Boolean Indicates whether or not the underlying Device Configuration supports the assignment of scope tags. Assigning to the ScopeTags property is not allowed when this value is false and entities will not be visible to scoped users. This occurs for Legacy policies created in Silverlight and can be resolved by deleting and recreating the policy in the Azure Portal. This property is read-only. Inherited from deviceConfiguration
deviceManagementApplicabilityRuleOsEdition deviceManagementApplicabilityRuleOsEdition The OS edition applicability for this Policy. Inherited from deviceConfiguration
deviceManagementApplicabilityRuleOsVersion deviceManagementApplicabilityRuleOsVersion The OS version applicability rule for this Policy. Inherited from deviceConfiguration
deviceManagementApplicabilityRuleDeviceMode deviceManagementApplicabilityRuleDeviceMode The device mode applicability rule for this Policy. Inherited from deviceConfiguration
createdDateTime DateTimeOffset DateTime the object was created. Inherited from deviceConfiguration
description String Admin provided description of the Device Configuration. Inherited from deviceConfiguration
displayName String Admin provided name of the device configuration. Inherited from deviceConfiguration
version Int32 Version of the device configuration. Inherited from deviceConfiguration
networkName String Network Name Inherited from macOSWiFiConfiguration
ssid String This is the name of the Wi-Fi network that is broadcast to all devices. Inherited from macOSWiFiConfiguration
connectAutomatically Boolean Connect automatically when this network is in range. Setting this to true will skip the user prompt and automatically connect the device to Wi-Fi network. Inherited from macOSWiFiConfiguration
connectWhenNetworkNameIsHidden Boolean Connect when the network is not broadcasting its name (SSID). When set to true, this profile forces the device to connect to a network that doesn't broadcast its SSID to all devices. Inherited from macOSWiFiConfiguration
wiFiSecurityType wiFiSecurityType Indicates whether Wi-Fi endpoint uses an EAP based security type. Inherited from macOSWiFiConfiguration. Possible values are: open, wpaPersonal, wpaEnterprise, wep, wpa2Personal, wpa2Enterprise.
proxySettings wiFiProxySetting Proxy Type for this Wi-Fi connection Inherited from macOSWiFiConfiguration. Possible values are: none, manual, automatic.
proxyManualAddress String IP Address or DNS hostname of the proxy server when manual configuration is selected. Inherited from macOSWiFiConfiguration
proxyManualPort Int32 Port of the proxy server when manual configuration is selected. Inherited from macOSWiFiConfiguration
proxyAutomaticConfigurationUrl String URL of the proxy server automatic configuration script when automatic configuration is selected. This URL is typically the location of PAC (Proxy Auto Configuration) file. Inherited from macOSWiFiConfiguration
preSharedKey String This is the pre-shared key for WPA Personal Wi-Fi network. Inherited from macOSWiFiConfiguration
eapType eapType Extensible Authentication Protocol (EAP). Indicates the type of EAP protocol set on the Wi-Fi endpoint (router). Possible values are: eapTls, leap, eapSim, eapTtls, peap, eapFast, teap.
eapFastConfiguration eapFastConfiguration EAP-FAST Configuration Option when EAP-FAST is the selected EAP Type. Possible values are: noProtectedAccessCredential, useProtectedAccessCredential, useProtectedAccessCredentialAndProvision, useProtectedAccessCredentialAndProvisionAnonymously.
trustedServerCertificateNames String collection Trusted server certificate names when EAP Type is configured to EAP-TLS/TTLS/FAST or PEAP. This is the common name used in the certificates issued by your trusted certificate authority (CA). If you provide this information, you can bypass the dynamic trust dialog that is displayed on end users devices when they connect to this Wi-Fi network.
authenticationMethod wiFiAuthenticationMethod Authentication Method when EAP Type is configured to PEAP or EAP-TTLS. Possible values are: certificate, usernameAndPassword, derivedCredential.
innerAuthenticationProtocolForEapTtls nonEapAuthenticationMethodForEapTtlsType Non-EAP Method for Authentication (Inner Identity) when EAP Type is EAP-TTLS and Authenticationmethod is Username and Password. Possible values are: unencryptedPassword, challengeHandshakeAuthenticationProtocol, microsoftChap, microsoftChapVersionTwo.
outerIdentityPrivacyTemporaryValue String Enable identity privacy (Outer Identity) when EAP Type is configured to EAP-TTLS, EAP-FAST or PEAP. This property masks usernames with the text you enter. For example, if you use 'anonymous', each user that authenticates with this Wi-Fi connection using their real username is displayed as 'anonymous'.

macOSExtensionsConfiguration

Property Type Description
id String Key of the entity. Inherited from deviceConfiguration
lastModifiedDateTime DateTimeOffset DateTime the object was last modified. Inherited from deviceConfiguration
roleScopeTagIds String collection List of Scope Tags for this Entity instance. Inherited from deviceConfiguration
supportsScopeTags Boolean Indicates whether or not the underlying Device Configuration supports the assignment of scope tags. Assigning to the ScopeTags property is not allowed when this value is false and entities will not be visible to scoped users. This occurs for Legacy policies created in Silverlight and can be resolved by deleting and recreating the policy in the Azure Portal. This property is read-only. Inherited from deviceConfiguration
deviceManagementApplicabilityRuleOsEdition deviceManagementApplicabilityRuleOsEdition The OS edition applicability for this Policy. Inherited from deviceConfiguration
deviceManagementApplicabilityRuleOsVersion deviceManagementApplicabilityRuleOsVersion The OS version applicability rule for this Policy. Inherited from deviceConfiguration
deviceManagementApplicabilityRuleDeviceMode deviceManagementApplicabilityRuleDeviceMode The device mode applicability rule for this Policy. Inherited from deviceConfiguration
createdDateTime DateTimeOffset DateTime the object was created. Inherited from deviceConfiguration
description String Admin provided description of the Device Configuration. Inherited from deviceConfiguration
displayName String Admin provided name of the device configuration. Inherited from deviceConfiguration
version Int32 Version of the device configuration. Inherited from deviceConfiguration
kernelExtensionOverridesAllowed Boolean If set to true, users can approve additional kernel extensions not explicitly allowed by configurations profiles.
kernelExtensionAllowedTeamIdentifiers String collection All kernel extensions validly signed by the team identifiers in this list will be allowed to load.
kernelExtensionsAllowed macOSKernelExtension collection A list of kernel extensions that will be allowed to load. . This collection can contain a maximum of 500 elements.
systemExtensionsBlockOverride Boolean Gets or sets whether to allow the user to approve additional system extensions not explicitly allowed by configuration profiles.
systemExtensionsAllowedTeamIdentifiers String collection Gets or sets a list of allowed team identifiers. Any system extension signed with any of the specified team identifiers will be approved.
systemExtensionsAllowed macOSSystemExtension collection Gets or sets a list of allowed macOS system extensions. This collection can contain a maximum of 500 elements.
systemExtensionsAllowedTypes macOSSystemExtensionTypeMapping collection Gets or sets a list of allowed macOS system extension types. This collection can contain a maximum of 500 elements.

macOSGeneralDeviceConfiguration

Property Type Description
id String Key of the entity. Inherited from deviceConfiguration
lastModifiedDateTime DateTimeOffset DateTime the object was last modified. Inherited from deviceConfiguration
createdDateTime DateTimeOffset DateTime the object was created. Inherited from deviceConfiguration
description String Admin provided description of the Device Configuration. Inherited from deviceConfiguration
displayName String Admin provided name of the device configuration. Inherited from deviceConfiguration
version Int32 Version of the device configuration. Inherited from deviceConfiguration
compliantAppsList appListItem collection List of apps in the compliance (either allow list or block list, controlled by CompliantAppListType). This collection can contain a maximum of 10000 elements.
compliantAppListType appListType List that is in the CompliantAppsList. Possible values are: none, appsInListCompliant, appsNotInListCompliant.
emailInDomainSuffixes String collection An email address lacking a suffix that matches any of these strings will be considered out-of-domain.
passwordBlockSimple Boolean Block simple passwords.
passwordExpirationDays Int32 Number of days before the password expires.
passwordMinimumCharacterSetCount Int32 Number of character sets a password must contain. Valid values 0 to 4
passwordMinimumLength Int32 Minimum length of passwords.
passwordMinutesOfInactivityBeforeLock Int32 Minutes of inactivity required before a password is required.
passwordMinutesOfInactivityBeforeScreenTimeout Int32 Minutes of inactivity required before the screen times out.
passwordPreviousPasswordBlockCount Int32 Number of previous passwords to block.
passwordRequiredType requiredPasswordType Type of password that is required. Possible values are: deviceDefault, alphanumeric, numeric.
passwordRequired Boolean Whether or not to require a password.

macOSImportedPFXCertificateProfile

Property Type Description
id String Key of the entity. Inherited from deviceConfiguration
lastModifiedDateTime DateTimeOffset DateTime the object was last modified. Inherited from deviceConfiguration
roleScopeTagIds String collection List of Scope Tags for this Entity instance. Inherited from deviceConfiguration
supportsScopeTags Boolean Indicates whether or not the underlying Device Configuration supports the assignment of scope tags. Assigning to the ScopeTags property is not allowed when this value is false and entities will not be visible to scoped users. This occurs for Legacy policies created in Silverlight and can be resolved by deleting and recreating the policy in the Azure Portal. This property is read-only. Inherited from deviceConfiguration
deviceManagementApplicabilityRuleOsEdition deviceManagementApplicabilityRuleOsEdition The OS edition applicability for this Policy. Inherited from deviceConfiguration
deviceManagementApplicabilityRuleOsVersion deviceManagementApplicabilityRuleOsVersion The OS version applicability rule for this Policy. Inherited from deviceConfiguration
deviceManagementApplicabilityRuleDeviceMode deviceManagementApplicabilityRuleDeviceMode The device mode applicability rule for this Policy. Inherited from deviceConfiguration
createdDateTime DateTimeOffset DateTime the object was created. Inherited from deviceConfiguration
description String Admin provided description of the Device Configuration. Inherited from deviceConfiguration
displayName String Admin provided name of the device configuration. Inherited from deviceConfiguration
version Int32 Version of the device configuration. Inherited from deviceConfiguration
renewalThresholdPercentage Int32 Certificate renewal threshold percentage. Inherited from macOSCertificateProfileBase
subjectNameFormat appleSubjectNameFormat Certificate Subject Name Format. Inherited from macOSCertificateProfileBase. Possible values are: commonName, commonNameAsEmail, custom, commonNameIncludingEmail, commonNameAsIMEI, commonNameAsSerialNumber.
subjectAlternativeNameType subjectAlternativeNameType Certificate Subject Alternative Name Type. Inherited from macOSCertificateProfileBase. Possible values are: none, emailAddress, userPrincipalName, customAzureADAttribute, domainNameService, universalResourceIdentifier.
certificateValidityPeriodValue Int32 Value for the Certificate Validity Period. Inherited from macOSCertificateProfileBase
certificateValidityPeriodScale certificateValidityPeriodScale Scale for the Certificate Validity Period. Inherited from macOSCertificateProfileBase. Possible values are: days, months, years.
intendedPurpose intendedPurpose Intended Purpose of the Certificate Profile - which could be Unassigned, SmimeEncryption, SmimeSigning etc. Possible values are: unassigned, smimeEncryption, smimeSigning, vpn, wifi.

macOSPkcsCertificateProfile

Property Type Description
id String Key of the entity. Inherited from deviceConfiguration
lastModifiedDateTime DateTimeOffset DateTime the object was last modified. Inherited from deviceConfiguration
roleScopeTagIds String collection List of Scope Tags for this Entity instance. Inherited from deviceConfiguration
supportsScopeTags Boolean Indicates whether or not the underlying Device Configuration supports the assignment of scope tags. Assigning to the ScopeTags property is not allowed when this value is false and entities will not be visible to scoped users. This occurs for Legacy policies created in Silverlight and can be resolved by deleting and recreating the policy in the Azure Portal. This property is read-only. Inherited from deviceConfiguration
deviceManagementApplicabilityRuleOsEdition deviceManagementApplicabilityRuleOsEdition The OS edition applicability for this Policy. Inherited from deviceConfiguration
deviceManagementApplicabilityRuleOsVersion deviceManagementApplicabilityRuleOsVersion The OS version applicability rule for this Policy. Inherited from deviceConfiguration
deviceManagementApplicabilityRuleDeviceMode deviceManagementApplicabilityRuleDeviceMode The device mode applicability rule for this Policy. Inherited from deviceConfiguration
createdDateTime DateTimeOffset DateTime the object was created. Inherited from deviceConfiguration
description String Admin provided description of the Device Configuration. Inherited from deviceConfiguration
displayName String Admin provided name of the device configuration. Inherited from deviceConfiguration
version Int32 Version of the device configuration. Inherited from deviceConfiguration
renewalThresholdPercentage Int32 Certificate renewal threshold percentage. Inherited from macOSCertificateProfileBase
subjectNameFormat appleSubjectNameFormat Certificate Subject Name Format. Inherited from macOSCertificateProfileBase. Possible values are: commonName, commonNameAsEmail, custom, commonNameIncludingEmail, commonNameAsIMEI, commonNameAsSerialNumber.
subjectAlternativeNameType subjectAlternativeNameType Certificate Subject Alternative Name Type. Inherited from macOSCertificateProfileBase. Possible values are: none, emailAddress, userPrincipalName, customAzureADAttribute, domainNameService, universalResourceIdentifier.
certificateValidityPeriodValue Int32 Value for the Certificate Validity Period. Inherited from macOSCertificateProfileBase
certificateValidityPeriodScale certificateValidityPeriodScale Scale for the Certificate Validity Period. Inherited from macOSCertificateProfileBase. Possible values are: days, months, years.
certificationAuthority String PKCS certification authority FQDN.
certificationAuthorityName String PKCS certification authority Name.
certificateTemplateName String PKCS certificate template name.
subjectAlternativeNameFormatString String Format string that defines the subject alternative name.
subjectNameFormatString String Format string that defines the subject name. Example: CN={{EmailAddress}},E={{EmailAddress}},OU=Enterprise Users,O=Contoso Corporation,L=Redmond,ST=WA,C=US
certificateStore certificateStore Target store certificate. Possible values are: user, machine.
customSubjectAlternativeNames customSubjectAlternativeName collection Custom Subject Alternative Name Settings. This collection can contain a maximum of 500 elements.
allowAllAppsAccess Boolean AllowAllAppsAccess setting

macOSScepCertificateProfile

Property Type Description
id String Key of the entity. Inherited from deviceConfiguration
lastModifiedDateTime DateTimeOffset DateTime the object was last modified. Inherited from deviceConfiguration
roleScopeTagIds String collection List of Scope Tags for this Entity instance. Inherited from deviceConfiguration
supportsScopeTags Boolean Indicates whether or not the underlying Device Configuration supports the assignment of scope tags. Assigning to the ScopeTags property is not allowed when this value is false and entities will not be visible to scoped users. This occurs for Legacy policies created in Silverlight and can be resolved by deleting and recreating the policy in the Azure Portal. This property is read-only. Inherited from deviceConfiguration
deviceManagementApplicabilityRuleOsEdition deviceManagementApplicabilityRuleOsEdition The OS edition applicability for this Policy. Inherited from deviceConfiguration
deviceManagementApplicabilityRuleOsVersion deviceManagementApplicabilityRuleOsVersion The OS version applicability rule for this Policy. Inherited from deviceConfiguration
deviceManagementApplicabilityRuleDeviceMode deviceManagementApplicabilityRuleDeviceMode The device mode applicability rule for this Policy. Inherited from deviceConfiguration
createdDateTime DateTimeOffset DateTime the object was created. Inherited from deviceConfiguration
description String Admin provided description of the Device Configuration. Inherited from deviceConfiguration
displayName String Admin provided name of the device configuration. Inherited from deviceConfiguration
version Int32 Version of the device configuration. Inherited from deviceConfiguration
renewalThresholdPercentage Int32 Certificate renewal threshold percentage. Inherited from macOSCertificateProfileBase
subjectNameFormat appleSubjectNameFormat Certificate Subject Name Format. Inherited from macOSCertificateProfileBase. Possible values are: commonName, commonNameAsEmail, custom, commonNameIncludingEmail, commonNameAsIMEI, commonNameAsSerialNumber.
subjectAlternativeNameType subjectAlternativeNameType Certificate Subject Alternative Name Type. Inherited from macOSCertificateProfileBase. Possible values are: none, emailAddress, userPrincipalName, customAzureADAttribute, domainNameService, universalResourceIdentifier.
certificateValidityPeriodValue Int32 Value for the Certificate Validity Period. Inherited from macOSCertificateProfileBase
certificateValidityPeriodScale certificateValidityPeriodScale Scale for the Certificate Validity Period. Inherited from macOSCertificateProfileBase. Possible values are: days, months, years.
scepServerUrls String collection SCEP Server Url(s).
subjectNameFormatString String Custom format to use with SubjectNameFormat = Custom. Example: CN={{EmailAddress}},E={{EmailAddress}},OU=Enterprise Users,O=Contoso Corporation,L=Redmond,ST=WA,C=US
keyUsage keyUsages SCEP Key Usage. Possible values are: keyEncipherment, digitalSignature.
keySize keySize SCEP Key Size. Possible values are: size1024, size2048, size4096.
hashAlgorithm hashAlgorithms SCEP Hash Algorithm. Possible values are: sha1, sha2.
extendedKeyUsages extendedKeyUsage collection Extended Key Usage (EKU) settings. This collection can contain a maximum of 500 elements.
subjectAlternativeNameFormatString String Custom String that defines the AAD Attribute.
certificateStore certificateStore Target store certificate. Possible values are: user, machine.
customSubjectAlternativeNames customSubjectAlternativeName collection Custom Subject Alternative Name Settings. This collection can contain a maximum of 500 elements.
allowAllAppsAccess Boolean AllowAllAppsAccess setting

macOSSoftwareUpdateAccountSummary