DeviceManagementConfiguration.ReadWrite.All
Allows the app to read and write properties of Microsoft Intune-managed device configuration and device compliance policies and their assignment to groups.
Graph Methods
Type: A = Application Permission, D = Delegate Permission
Delegate Permission
Id | 0883f392-0a7a-443d-8c76-16a6d39c7b63 |
Consent Type | Admin |
Display String | Read and write Microsoft Intune Device Configuration and Policies |
Description | Allows the app to read and write properties of Microsoft Intune-managed device configuration and device compliance policies and their assignment to groups. |
Application Permission
Id | 9241abd9-d0e6-425a-bd4f-47ba86e767a4 |
Display String | Read and write Microsoft Intune device configuration and policies |
Description | Allows the app to read and write properties of Microsoft Intune-managed device configuration and device compliance policies and their assignment to groups, without a signed-in user. |
Resources
intune-androidforwork-androiddeviceownerenrollmentmode
androidDeviceOwnerEnrollmentProfile
Property | Type | Description |
---|---|---|
accountId | String | Tenant GUID the enrollment profile belongs to. |
id | String | Unique GUID for the enrollment profile. |
displayName | String | Display name for the enrollment profile. |
description | String | Description for the enrollment profile. |
enrollmentMode | androidDeviceOwnerEnrollmentMode | The enrollment mode of devices that use this enrollment profile. Possible values are: corporateOwnedDedicatedDevice , corporateOwnedFullyManaged , corporateOwnedWorkProfile , corporateOwnedAOSPUserlessDevice , corporateOwnedAOSPUserAssociatedDevice . |
enrollmentTokenType | androidDeviceOwnerEnrollmentTokenType | The enrollment token type for an enrollment profile. Possible values are: default , corporateOwnedDedicatedDeviceWithAzureADSharedMode . |
createdDateTime | DateTimeOffset | Date time the enrollment profile was created. |
lastModifiedDateTime | DateTimeOffset | Date time the enrollment profile was last modified. |
tokenValue | String | Value of the most recently created token for this enrollment profile. |
tokenCreationDateTime | DateTimeOffset | Date time the most recently created token was created. |
tokenExpirationDateTime | DateTimeOffset | Date time the most recently created token will expire. |
enrolledDeviceCount | Int32 | Total number of Android devices that have enrolled using this enrollment profile. |
enrollmentTokenUsageCount | Int32 | Total number of AOSP devices that have enrolled using the current token. |
qrCodeContent | String | String used to generate a QR code for the token. |
qrCodeImage | mimeContent | String used to generate a QR code for the token. |
roleScopeTagIds | String collection | List of Scope Tags for this Entity instance. |
configureWifi | Boolean | Boolean that indicates that the Wi-Fi network should be configured during device provisioning. When set to TRUE, device provisioning will use Wi-Fi related properties to automatically connect to Wi-Fi networks. When set to FALSE or undefined, other Wi-Fi related properties will be ignored. Default value is TRUE. Returned by default. |
wifiSsid | String | String that contains the wi-fi login ssid |
wifiPassword | String | String that contains the wi-fi login password |
wifiSecurityType | aospWifiSecurityType | String that contains the wi-fi security type. Possible values are: none , wpa , wep . |
wifiHidden | Boolean | Boolean that indicates if hidden wifi networks are enabled |
isTeamsDeviceProfile | Boolean | Boolean indicating if this profile is an Android AOSP for Teams device profile. |
intune-androidforwork-androiddeviceownerenrollmenttokentype
androidEnrollmentCompanyCode
Property | Type | Description |
---|---|---|
enrollmentToken | String | Enrollment Token used by the User to enroll their device. |
qrCodeContent | String | String used to generate a QR code for the token. |
qrCodeImage | mimeContent | Generated QR code for the token. |
androidForWorkAppConfigurationSchema
Property | Type | Description |
---|---|---|
id | String | Key of the entity the Android package name for the application the schema corresponds to |
exampleJson | Binary | UTF8 encoded byte array containing example JSON string conforming to this schema that demonstrates how to set the configuration for this app |
schemaItems | androidForWorkAppConfigurationSchemaItem collection | Collection of items each representing a named configuration option in the schema |
androidForWorkAppConfigurationSchemaItem
Property | Type | Description |
---|---|---|
schemaItemKey | String | Unique key the application uses to identify the item |
displayName | String | Human readable name |
description | String | Description of what the item controls within the application |
defaultBoolValue | Boolean | Default value for boolean type items, if specified by the app developer |
defaultIntValue | Int32 | Default value for integer type items, if specified by the app developer |
defaultStringValue | String | Default value for string type items, if specified by the app developer |
defaultStringArrayValue | String collection | Default value for string array type items, if specified by the app developer |
dataType | androidForWorkAppConfigurationSchemaItemDataType | The type of value this item describes. Possible values are: bool , integer , string , choice , multiselect , bundle , bundleArray , hidden . |
selections | keyValuePair collection | List of human readable name/value pairs for the valid values that can be set for this item (Choice and Multiselect items only) |
intune-androidforwork-androidforworkbindstatus
androidForWorkEnrollmentProfile
Property | Type | Description |
---|---|---|
accountId | String | Tenant GUID the enrollment profile belongs to. |
id | String | Unique GUID for the enrollment profile. |
displayName | String | Display name for the enrollment profile. |
description | String | Description for the enrollment profile. |
createdDateTime | DateTimeOffset | Date time the enrollment profile was created. |
lastModifiedDateTime | DateTimeOffset | Date time the enrollment profile was last modified. |
tokenValue | String | Value of the most recently created token for this enrollment profile. |
tokenExpirationDateTime | DateTimeOffset | Date time the most recently created token will expire. |
enrolledDeviceCount | Int32 | Total number of Android devices that have enrolled using this enrollment profile. |
qrCodeContent | String | String used to generate a QR code for the token. |
qrCodeImage | mimeContent | String used to generate a QR code for the token. |
intune-androidforwork-androidforworkenrollmenttarget
androidForWorkSettings
Property | Type | Description |
---|---|---|
id | String | The Android for Work settings identifier |
bindStatus | androidForWorkBindStatus | Bind status of the tenant with the Google EMM API. Possible values are: notBound , bound , boundAndValidated , unbinding . |
lastAppSyncDateTime | DateTimeOffset | Last completion time for app sync |
lastAppSyncStatus | androidForWorkSyncStatus | Last application sync result. Possible values are: success , credentialsNotValid , androidForWorkApiError , managementServiceError , unknownError , none . |
ownerUserPrincipalName | String | Owner UPN that created the enterprise |
ownerOrganizationName | String | Organization name used when onboarding Android for Work |
lastModifiedDateTime | DateTimeOffset | Last modification time for Android for Work settings |
enrollmentTarget | androidForWorkEnrollmentTarget | Indicates which users can enroll devices in Android for Work device management. Possible values are: none , all , targeted , targetedAsEnrollmentRestrictions . |
targetGroupIds | String collection | Specifies which AAD groups can enroll devices in Android for Work device management if enrollmentTarget is set to 'Targeted' |
deviceOwnerManagementEnabled | Boolean | Indicates if this account is flighting for Android Device Owner Management with CloudDPC. |
intune-androidforwork-androidforworksyncstatus
intune-androidforwork-androidmanagedstoreaccountappsyncstatus
intune-androidforwork-androidmanagedstoreaccountbindstatus
intune-androidforwork-androidmanagedstoreaccountenrollmenttarget
androidManagedStoreAccountEnterpriseSettings
Property | Type | Description |
---|---|---|
id | String | The Android store account enterprise settings identifier |
bindStatus | androidManagedStoreAccountBindStatus | Bind status of the tenant with the Google EMM API. Possible values are: notBound , bound , boundAndValidated , unbinding . |
lastAppSyncDateTime | DateTimeOffset | Last completion time for app sync |
lastAppSyncStatus | androidManagedStoreAccountAppSyncStatus | Last application sync result. Possible values are: success , credentialsNotValid , androidForWorkApiError , managementServiceError , unknownError , none . |
ownerUserPrincipalName | String | Owner UPN that created the enterprise |
ownerOrganizationName | String | Organization name used when onboarding Android Enterprise |
lastModifiedDateTime | DateTimeOffset | Last modification time for Android enterprise settings |
enrollmentTarget | androidManagedStoreAccountEnrollmentTarget | Indicates which users can enroll devices in Android Enterprise device management. Possible values are: none , all , targeted , targetedAsEnrollmentRestrictions . |
targetGroupIds | String collection | Specifies which AAD groups can enroll devices in Android for Work device management if enrollmentTarget is set to 'Targeted' |
deviceOwnerManagementEnabled | Boolean | Indicates if this account is flighting for Android Device Owner Management with CloudDPC. |
companyCodes | androidEnrollmentCompanyCode collection | Company codes for AndroidManagedStoreAccountEnterpriseSettings |
androidDeviceOwnerFullyManagedEnrollmentEnabled | Boolean | Company codes for AndroidManagedStoreAccountEnterpriseSettings |
managedGooglePlayInitialScopeTagIds | String collection | Initial scope tags for MGP apps |
androidManagedStoreAppConfigurationSchema
Property | Type | Description |
---|---|---|
id | String | Key of the entity the Android package name for the application the schema corresponds to |
exampleJson | Binary | UTF8 encoded byte array containing example JSON string conforming to this schema that demonstrates how to set the configuration for this app |
schemaItems | androidManagedStoreAppConfigurationSchemaItem collection | Collection of items each representing a named configuration option in the schema. It only contains the root-level configuration. |
nestedSchemaItems | androidManagedStoreAppConfigurationSchemaItem collection | Collection of items each representing a named configuration option in the schema. It contains a flat list of all configuration. |
androidManagedStoreAppConfigurationSchemaItem
Property | Type | Description |
---|---|---|
index | Int32 | Unique index the application uses to maintain nested schema items |
parentIndex | Int32 | Index of parent schema item to track nested schema items |
schemaItemKey | String | Unique key the application uses to identify the item |
displayName | String | Human readable name |
description | String | Description of what the item controls within the application |
defaultBoolValue | Boolean | Default value for boolean type items, if specified by the app developer |
defaultIntValue | Int32 | Default value for integer type items, if specified by the app developer |
defaultStringValue | String | Default value for string type items, if specified by the app developer |
defaultStringArrayValue | String collection | Default value for string array type items, if specified by the app developer |
dataType | androidManagedStoreAppConfigurationSchemaItemDataType | The type of value this item describes. Possible values are: bool , integer , string , choice , multiselect , bundle , bundleArray , hidden . |
selections | keyValuePair collection | List of human readable name/value pairs for the valid values that can be set for this item (Choice and Multiselect items only) |
intune-androidforwork-aospwifisecuritytype
deviceManagement
Property | Type | Description |
---|---|---|
id | String | Not yet documented |
androidFotaDeploymentAssignment
Property | Type | Description |
---|---|---|
id | String | A unique identifier assigned to each Android FOTA Assignment entity |
displayName | String | The display name of the Azure AD security group used for the assignment. |
target | androidFotaDeploymentAssignmentTarget | The AAD Group we are deploying firmware updates to |
deviceManagementReports
Property | Type | Description |
---|
zebraFotaArtifact
Property | Type | Description |
---|---|---|
id | String | Artifact unique ID from Zebra |
deviceModel | String | Applicable device model (e.g.: TC8300 ) |
osVersion | String | Artifact OS version (e.g.: 8.1.0 ) |
patchVersion | String | Artifact patch version (e.g.: U00 ) |
boardSupportPackageVersion | String | The version of the Board Support Package (BSP. E.g.: 01.18.02.00 ) |
releaseNotesUrl | String | Artifact release notes URL (e.g.: https://www.zebra.com/<filename.pdf> ) |
description | String | Artifact description. (e.g.: `LifeGuard Update 98 (released 24-September-2021) |
zebraFotaConnector
Property | Type | Description |
---|---|---|
id | String | Id of ZebraFotaConnector. |
state | zebraFotaConnectorState | The Zebra connector state. Possible values are: none , connected , disconnected , unknownFutureValue . |
enrollmentToken | String | Tenant enrollment token from Zebra. The token is used to enroll Zebra devices in the FOTA Service via app config. |
enrollmentAuthorizationUrl | String | Complete account enrollment authorization URL. This corresponds to verification_uri_complete in the Zebra API documentations. |
lastSyncDateTime | DateTimeOffset | Date and time when the account was last synched with Zebra |
fotaAppsApproved | Boolean | Flag indicating if required Firmware Over-the-Air (FOTA) Apps have been approved. |
intune-androidfotaservice-zebrafotaconnectorstate
zebraFotaDeployment
Property | Type | Description |
---|---|---|
id | String | System generated deployment id provided during creation of the deployment. Returned only if operation was a success. |
displayName | String | A human readable name of the deployment. |
description | String | A human readable description of the deployment. |
deploymentSettings | zebraFotaDeploymentSettings | Represents settings required to create a deployment such as deployment type, artifact info, download and installation |
deploymentAssignments | androidFotaDeploymentAssignment collection | Collection of Android FOTA Assignment |
deploymentStatus | zebraFotaDeploymentStatus | Represents the deployment status from Zebra. The status is a high level status of the deployment as opposed being a detailed status per device. |
zebraFotaDeploymentSettings
Property | Type | Description |
---|---|---|
deviceModel | String | Deploy update for devices with this model only. |
updateType | zebraFotaUpdateType | The deployment's update type. Possible values are custom, latest, and auto. When custom mode is set, the request must provide artifact values. When latest type is set, the latest released update becomes the target OS. If latest is specified, the firmware target values are not required. Note: latest may update the device to a new Android version. When the value is set to auto, the device always looks for the latest package available and tries to update whenever a new package is available. This continues until the admin cancels the auto update. While other modes return an ID starting with FOTA-x, auto mode returns an ID starting with AUTO-x. Possible values are: custom , latest , auto , unknownFutureValue . |
timeZoneOffsetInMinutes | Int32 | This attribute indicates the deployment time offset (e.g.180 represents an offset of +03:00 , and -270 represents an offset of -04:30 ). The time offset is the time timezone where the devices are located. The deployment start and end data uses this timezone |
firmwareTargetArtifactDescription | String | A description provided by Zebra for the the firmware artifact to update the device to (e.g.: LifeGuard Update 120 (released 29-June-2022) . |
firmwareTargetBoardSupportPackageVersion | String | Deployment's Board Support Package (BSP. E.g.: '01.18.02.00'). Required only for custom update type. |
firmwareTargetPatch | String | Target patch name (e.g.: 'U06'). Required only for custom update type. |
firmwareTargetOsVersion | String | Target OS Version (e.g.: '8.1.0'). Required only for custom update type. |
scheduleMode | zebraFotaScheduleMode | Deployment installation schedule mode. Default is installNow. All scheduled deployments date and time are in the device’s timezone. For Install Now, the date and time are in UTC (same date and time anywhere in the world). Possible values are: installNow , scheduled , unknownFutureValue . |
scheduleDurationInDays | Int32 | Maximum 28 days. Default is 28 days. Sequence of dates are: 1) Download start date. 2) Install start date. 3) Schedule end date. If any of the values are not provided, the date provided in the preceding step of the sequence is used. If no values are provided, the string value of the current UTC is used. |
downloadRuleNetworkType | zebraFotaNetworkType | Download network type as described in 'zebraFotaNetworkType'. Default: any. Possible values are: any , wifi , cellular , wifiAndCellular , unknownFutureValue . |
downloadRuleStartDateTime | DateTimeOffset | Date and time in the device time zone when the download will start (e.g., 2018-07-25T10:20:32 ). The default value is UTC now and the maximum is 10 days from deployment creation. |
installRuleStartDateTime | DateTimeOffset | Date and time in device time zone when the install will start. Default - download startDate if configured, otherwise defaults to NOW. Ignored when deployment update type was set to auto. |
installRuleWindowStartTime | TimeOfDay | Time of day (00:00:00 - 23:30:00) when installation should begin. The time is expressed in a 24-hour format, as hh:mm, and is in the device time zone. Default - 00:00:00. Respected for all values of update type, including AUTO. |
installRuleWindowEndTime | TimeOfDay | Time of day after which the install cannot start. Possible range is 00:30:00 to 23:59:59. Should be greater than 'installRuleWindowStartTime' by 30 mins. The time is expressed in a 24-hour format, as hh:mm, and is in the device time zone. Default - 23:59:59. Respected for all values of update type, including AUTO. |
batteryRuleMinimumBatteryLevelPercentage | Int32 | Minimum battery level (%) required for both download and installation. Default: -1 (System defaults). Maximum is 100. |
batteryRuleRequireCharger | Boolean | Flag indicating if charger is required. When set to false, the client can install updates whether the device is in or out of the charger. Applied only for installation. Defaults to false. |
zebraFotaDeploymentStatus
Property | Type | Description |
---|---|---|
state | zebraFotaDeploymentState | See zebraFotaDeploymentState enum for possible values. Possible values are: pendingCreation , createFailed , created , inProgress , completed , pendingCancel , canceled , unknownFutureValue . |
totalDevices | Int32 | An integer that indicates the total number of devices in the deployment. |
totalCreated | Int32 | An integer that indicates the total number of devices that have a job in the CREATED state. Typically indicates jobs that did not reach the devices. |
totalScheduled | Int32 | An integer that indicates the total number of devices that received the json and are scheduled. |
totalDownloading | Int32 | An integer that indicates the total number of devices where installation was successful. |
totalAwaitingInstall | Int32 | An integer that indicates the total number of devices where installation was successful. |
totalSucceededInstall | Int32 | An integer that indicates the total number of devices where installation was successful. |
totalCanceled | Int32 | An integer that indicates the total number of devices where installation was canceled. |
totalUnknown | Int32 | An integer that indicates the total number of devices where no deployment status or end state has not received, even after the scheduled end date was reached. |
totalFailedDownload | Int32 | An integer that indicates the total number of devices that have failed to download the new OS file. |
totalFailedInstall | Int32 | An integer that indicates the total number of devices that have failed to install the new OS file. |
completeOrCanceledDateTime | DateTimeOffset | The date and time when this deployment was completed or canceled. The actual date time is determined by the value of state. If the state is canceled, this property holds the cancellation date/time. If the the state is completed, this property holds the completion date/time. If the deployment is not completed before the deployment end date, then completed date/time and end date/time are the same. This is always in the deployment timezone. Note: An installation that is in progress can continue past the deployment end date. |
cancelRequested | Boolean | A boolean that indicates if a cancellation was requested on the deployment. NOTE: A cancellation request does not guarantee that the deployment was canceled. |
lastUpdatedDateTime | DateTimeOffset | Date and time when the deployment status was updated from Zebra |
chromeOSOnboardingSettings
Property | Type | Description |
---|---|---|
id | String | The ChromebookTenant's Id |
ownerUserPrincipalName | String | The ChromebookTenant's OwnerUserPrincipalName |
onboardingStatus | onboardingStatus | The ChromebookTenant's OnboardingStatus. Possible values are: unknown , inprogress , onboarded , failed , offboarding , unknownFutureValue . |
lastModifiedDateTime | DateTimeOffset | The ChromebookTenant's LastModifiedDateTime |
lastDirectorySyncDateTime | DateTimeOffset | The ChromebookTenant's LastDirectorySyncDateTime |
intune-chromebooksync-chromeosonboardingstatus
intune-chromebooksync-onboardingstatus
officeClientCheckinStatus
Property | Type | Description |
---|---|---|
userPrincipalName | String | User principal name using the device. |
deviceName | String | Device name trying to check-in. |
devicePlatform | String | Device platform trying to check-in. |
devicePlatformVersion | String | Device platform version trying to check-in. |
wasSuccessful | Boolean | If the last checkin was successful. |
userId | String | User identifier using the device. |
checkinDateTime | DateTimeOffset | Last device check-in time in UTC. |
errorMessage | String | Error message if any associated for the last checkin. |
appliedPolicies | String collection | List of policies delivered to the device as last checkin. |
officeClientConfiguration
Property | Type | Description |
---|---|---|
id | String | Id of the office client configuration policy. |
userPreferencePayload | Stream | Preference settings JSON string in binary format, these values can be overridden by the user. |
policyPayload | Stream | Policy settings JSON string in binary format, these values cannot be changed by the user. |
description | String | Not yet documented |
displayName | String | Admin provided description of the office client configuration policy. |
lastModifiedDateTime | DateTime | Last modified datetime stamp of the policy. |
priority | Int32 | Priority value should be unique value for each policy under a tenant and will be used for conflict resolution, lower values mean priority is high. |
userCheckinSummary | officeUserCheckinSummary | User check-in summary for the policy. |
checkinStatuses | officeClientCheckinStatus collection | List of office Client check-in status. |
officeClientConfigurationAssignment
Property | Type | Description |
---|---|---|
id | String | Id of the OfficeConfigurationAssignment. |
target | officeConfigurationAssignmentTarget | The target assignment defined by the admin. |
officeConfigurationAssignmentTarget
Property | Type | Description |
---|
officeUserCheckinSummary
Property | Type | Description |
---|---|---|
succeededUserCount | Int32 | Total successful user check ins for the last 3 months. |
failedUserCount | Int32 | Total failed user check ins for the last 3 months. |
windowsOfficeClientConfiguration
Property | Type | Description |
---|---|---|
id | String | Id of the office client configuration policy. Inherited from officeClientConfiguration |
userPreferencePayload | Stream | Preference settings JSON string in binary format, these values can be overridden by the user. Inherited from officeClientConfiguration |
policyPayload | Stream | Policy settings JSON string in binary format, these values cannot be changed by the user. Inherited from officeClientConfiguration |
description | String | Admin provided description of the office client configuration policy. Inherited from officeClientConfiguration |
displayName | String | Admin provided name of the office client configuration policy. Inherited from officeClientConfiguration |
priority | Int32 | Priority value should be unique value for each policy under a tenant and will be used for conflict resolution, lower values mean priority is high. Inherited from officeClientConfiguration |
lastModifiedDateTime | DateTime | Last modified datetime stamp of the policy. Inherited from officeClientConfiguration |
userCheckinSummary | officeUserCheckinSummary | User check-in summary for the policy. Inherited from officeClientConfiguration |
checkinStatuses | officeClientCheckinStatus collection | List of office Client check-in status. Inherited from officeClientConfiguration |
windowsOfficeClientSecurityConfiguration
Property | Type | Description |
---|---|---|
id | String | Id of the office client configuration policy. Inherited from officeClientConfiguration |
userPreferencePayload | Stream | Preference settings JSON string in binary format, these values can be overridden by the user. Inherited from officeClientConfiguration |
policyPayload | Stream | Policy settings JSON string in binary format, these values cannot be changed by the user. Inherited from officeClientConfiguration |
description | String | Admin provided description of the office client configuration policy. Inherited from officeClientConfiguration |
displayName | String | Admin provided name of the office client configuration policy. Inherited from officeClientConfiguration |
priority | Int32 | Priority value should be unique value for each policy under a tenant and will be used for conflict resolution, lower values mean priority is high. Inherited from officeClientConfiguration |
lastModifiedDateTime | DateTime | Last modified datetime stamp of the policy. Inherited from officeClientConfiguration |
userCheckinSummary | officeUserCheckinSummary | User check-in summary for the policy. Inherited from officeClientConfiguration |
checkinStatuses | officeClientCheckinStatus collection | List of office Client check-in status. Inherited from officeClientConfiguration |
intune-deviceconfig-advancedbitlockerstate
advancedThreatProtectionOnboardingDeviceSettingState
Property | Type | Description |
---|---|---|
id | String | Key of the entity |
platformType | deviceType | Device platform type. Possible values are: desktop , windowsRT , winMO6 , nokia , windowsPhone , mac , winCE , winEmbedded , iPhone , iPad , iPod , android , iSocConsumer , unix , macMDM , holoLens , surfaceHub , androidForWork , androidEnterprise , windows10x , androidnGMS , chromeOS , linux , blackberry , palm , unknown , cloudPC . |
setting | String | The setting class name and property name. |
settingName | String | The Setting Name that is being reported |
deviceId | String | The Device Id that is being reported |
deviceName | String | The Device Name that is being reported |
userId | String | The user Id that is being reported |
userEmail | String | The User email address that is being reported |
userName | String | The User Name that is being reported |
userPrincipalName | String | The User PrincipalName that is being reported |
deviceModel | String | The device model that is being reported |
state | complianceStatus | The compliance state of the setting. Possible values are: unknown , notApplicable , compliant , remediated , nonCompliant , error , conflict , notAssigned . |
complianceGracePeriodExpirationDateTime | DateTimeOffset | The DateTime when device compliance grace period expires |
advancedThreatProtectionOnboardingStateSummary
Property | Type | Description |
---|---|---|
id | String | Unique Identifier |
unknownDeviceCount | Int32 | Number of unknown devices |
notApplicableDeviceCount | Int32 | Number of not applicable devices |
compliantDeviceCount | Int32 | Number of compliant devices |
remediatedDeviceCount | Int32 | Number of remediated devices |
nonCompliantDeviceCount | Int32 | Number of NonCompliant devices |
errorDeviceCount | Int32 | Number of error devices |
conflictDeviceCount | Int32 | Number of conflict devices |
notAssignedDeviceCount | Int32 | Number of not assigned devices |
airPrintDestination
Property | Type | Description |
---|---|---|
ipAddress | String | The IP Address of the AirPrint destination. |
resourcePath | String | The Resource Path associated with the printer. This corresponds to the rp parameter of the _ipps.tcp Bonjour record. For example: printers/Canon_MG5300_series, printers/Xerox_Phaser_7600, ipp/print, Epson_IPP_Printer. |
port | Int32 | The listening port of the AirPrint destination. If this key is not specified AirPrint will use the default port. Available in iOS 11.0 and later. |
forceTls | Boolean | If true AirPrint connections are secured by Transport Layer Security (TLS). Default is false. Available in iOS 11.0 and later. |
androidCertificateProfileBase
Property | Type | Description |
---|---|---|
id | String | Key of the entity. Inherited from deviceConfiguration |
lastModifiedDateTime | DateTimeOffset | DateTime the object was last modified. Inherited from deviceConfiguration |
roleScopeTagIds | String collection | List of Scope Tags for this Entity instance. Inherited from deviceConfiguration |
supportsScopeTags | Boolean | Indicates whether or not the underlying Device Configuration supports the assignment of scope tags. Assigning to the ScopeTags property is not allowed when this value is false and entities will not be visible to scoped users. This occurs for Legacy policies created in Silverlight and can be resolved by deleting and recreating the policy in the Azure Portal. This property is read-only. Inherited from deviceConfiguration |
deviceManagementApplicabilityRuleOsEdition | deviceManagementApplicabilityRuleOsEdition | The OS edition applicability for this Policy. Inherited from deviceConfiguration |
deviceManagementApplicabilityRuleOsVersion | deviceManagementApplicabilityRuleOsVersion | The OS version applicability rule for this Policy. Inherited from deviceConfiguration |
deviceManagementApplicabilityRuleDeviceMode | deviceManagementApplicabilityRuleDeviceMode | The device mode applicability rule for this Policy. Inherited from deviceConfiguration |
createdDateTime | DateTimeOffset | DateTime the object was created. Inherited from deviceConfiguration |
description | String | Admin provided description of the Device Configuration. Inherited from deviceConfiguration |
displayName | String | Admin provided name of the device configuration. Inherited from deviceConfiguration |
version | Int32 | Version of the device configuration. Inherited from deviceConfiguration |
renewalThresholdPercentage | Int32 | Certificate renewal threshold percentage. Valid values 1 to 99 |
subjectNameFormat | subjectNameFormat | Certificate Subject Name Format. Possible values are: commonName , commonNameIncludingEmail , commonNameAsEmail , custom , commonNameAsIMEI , commonNameAsSerialNumber , commonNameAsAadDeviceId , commonNameAsIntuneDeviceId , commonNameAsDurableDeviceId . |
subjectAlternativeNameType | subjectAlternativeNameType | Certificate Subject Alternative Name Type. Possible values are: none , emailAddress , userPrincipalName , customAzureADAttribute , domainNameService , universalResourceIdentifier . |
certificateValidityPeriodValue | Int32 | Value for the Certificate Validity Period. |
certificateValidityPeriodScale | certificateValidityPeriodScale | Scale for the Certificate Validity Period. Possible values are: days , months , years . |
extendedKeyUsages | extendedKeyUsage collection | Extended Key Usage (EKU) settings. This collection can contain a maximum of 500 elements. |
androidCompliancePolicy
Property | Type | Description |
---|---|---|
id | String | Key of the entity. Inherited from deviceCompliancePolicy |
createdDateTime | DateTimeOffset | DateTime the object was created. Inherited from deviceCompliancePolicy |
description | String | Admin provided description of the Device Configuration. Inherited from deviceCompliancePolicy |
lastModifiedDateTime | DateTimeOffset | DateTime the object was last modified. Inherited from deviceCompliancePolicy |
displayName | String | Admin provided name of the device configuration. Inherited from deviceCompliancePolicy |
version | Int32 | Version of the device configuration. Inherited from deviceCompliancePolicy |
passwordRequired | Boolean | Require a password to unlock device. |
passwordMinimumLength | Int32 | Minimum password length. Valid values 4 to 16 |
passwordRequiredType | androidRequiredPasswordType | Type of characters in password. Possible values are: deviceDefault , alphabetic , alphanumeric , alphanumericWithSymbols , lowSecurityBiometric , numeric , numericComplex , any . |
passwordMinutesOfInactivityBeforeLock | Int32 | Minutes of inactivity before a password is required. |
passwordExpirationDays | Int32 | Number of days before the password expires. Valid values 1 to 365 |
passwordPreviousPasswordBlockCount | Int32 | Number of previous passwords to block. Valid values 1 to 24 |
securityPreventInstallAppsFromUnknownSources | Boolean | Require that devices disallow installation of apps from unknown sources. |
securityDisableUsbDebugging | Boolean | Disable USB debugging on Android devices. |
securityRequireVerifyApps | Boolean | Require the Android Verify apps feature is turned on. |
deviceThreatProtectionEnabled | Boolean | Require that devices have enabled device threat protection. |
deviceThreatProtectionRequiredSecurityLevel | deviceThreatProtectionLevel | Require Mobile Threat Protection minimum risk level to report noncompliance. Possible values are: unavailable , secured , low , medium , high , notSet . |
securityBlockJailbrokenDevices | Boolean | Devices must not be jailbroken or rooted. |
osMinimumVersion | String | Minimum Android version. |
osMaximumVersion | String | Maximum Android version. |
minAndroidSecurityPatchLevel | String | Minimum Android security patch level. |
storageRequireEncryption | Boolean | Require encryption on Android devices. |
securityRequireSafetyNetAttestationBasicIntegrity | Boolean | Require the device to pass the SafetyNet basic integrity check. |
securityRequireSafetyNetAttestationCertifiedDevice | Boolean | Require the device to pass the SafetyNet certified device check. |
securityRequireGooglePlayServices | Boolean | Require Google Play Services to be installed and enabled on the device. |
securityRequireUpToDateSecurityProviders | Boolean | Require the device to have up to date security providers. The device will require Google Play Services to be enabled and up to date. |
securityRequireCompanyPortalAppIntegrity | Boolean | Require the device to pass the Company Portal client app runtime integrity check. |
androidCustomConfiguration
Property | Type | Description |
---|---|---|
id | String | Key of the entity. Inherited from deviceConfiguration |
lastModifiedDateTime | DateTimeOffset | DateTime the object was last modified. Inherited from deviceConfiguration |
createdDateTime | DateTimeOffset | DateTime the object was created. Inherited from deviceConfiguration |
description | String | Admin provided description of the Device Configuration. Inherited from deviceConfiguration |
displayName | String | Admin provided name of the device configuration. Inherited from deviceConfiguration |
version | Int32 | Version of the device configuration. Inherited from deviceConfiguration |
omaSettings | omaSetting collection | OMA settings. This collection can contain a maximum of 1000 elements. |
intune-deviceconfig-androiddeviceownerappautoupdatepolicytype
intune-deviceconfig-androiddeviceownerbatterypluggedmode
intune-deviceconfig-androiddeviceownercertificateaccesstype
androidDeviceOwnerCertificateProfileBase
Property | Type | Description |
---|---|---|
id | String | Key of the entity. Inherited from deviceConfiguration |
lastModifiedDateTime | DateTimeOffset | DateTime the object was last modified. Inherited from deviceConfiguration |
roleScopeTagIds | String collection | List of Scope Tags for this Entity instance. Inherited from deviceConfiguration |
supportsScopeTags | Boolean | Indicates whether or not the underlying Device Configuration supports the assignment of scope tags. Assigning to the ScopeTags property is not allowed when this value is false and entities will not be visible to scoped users. This occurs for Legacy policies created in Silverlight and can be resolved by deleting and recreating the policy in the Azure Portal. This property is read-only. Inherited from deviceConfiguration |
deviceManagementApplicabilityRuleOsEdition | deviceManagementApplicabilityRuleOsEdition | The OS edition applicability for this Policy. Inherited from deviceConfiguration |
deviceManagementApplicabilityRuleOsVersion | deviceManagementApplicabilityRuleOsVersion | The OS version applicability rule for this Policy. Inherited from deviceConfiguration |
deviceManagementApplicabilityRuleDeviceMode | deviceManagementApplicabilityRuleDeviceMode | The device mode applicability rule for this Policy. Inherited from deviceConfiguration |
createdDateTime | DateTimeOffset | DateTime the object was created. Inherited from deviceConfiguration |
description | String | Admin provided description of the Device Configuration. Inherited from deviceConfiguration |
displayName | String | Admin provided name of the device configuration. Inherited from deviceConfiguration |
version | Int32 | Version of the device configuration. Inherited from deviceConfiguration |
renewalThresholdPercentage | Int32 | Certificate renewal threshold percentage. Valid values 1 to 99 |
subjectNameFormat | subjectNameFormat | Certificate Subject Name Format. Possible values are: commonName , commonNameIncludingEmail , commonNameAsEmail , custom , commonNameAsIMEI , commonNameAsSerialNumber , commonNameAsAadDeviceId , commonNameAsIntuneDeviceId , commonNameAsDurableDeviceId . |
certificateValidityPeriodValue | Int32 | Value for the Certificate Validity Period. |
certificateValidityPeriodScale | certificateValidityPeriodScale | Scale for the Certificate Validity Period. Possible values are: days , months , years . |
extendedKeyUsages | extendedKeyUsage collection | Extended Key Usage (EKU) settings. This collection can contain a maximum of 500 elements. |
subjectAlternativeNameType | subjectAlternativeNameType | Certificate Subject Alternative Name Type. Possible values are: none , emailAddress , userPrincipalName , customAzureADAttribute , domainNameService , universalResourceIdentifier . |
androidDeviceOwnerCompliancePolicy
Property | Type | Description |
---|---|---|
roleScopeTagIds | String collection | List of Scope Tags for this Entity instance. Inherited from deviceCompliancePolicy |
id | String | Key of the entity. Inherited from deviceCompliancePolicy |
createdDateTime | DateTimeOffset | DateTime the object was created. Inherited from deviceCompliancePolicy |
description | String | Admin provided description of the Device Configuration. Inherited from deviceCompliancePolicy |
lastModifiedDateTime | DateTimeOffset | DateTime the object was last modified. Inherited from deviceCompliancePolicy |
displayName | String | Admin provided name of the device configuration. Inherited from deviceCompliancePolicy |
version | Int32 | Version of the device configuration. Inherited from deviceCompliancePolicy |
deviceThreatProtectionEnabled | Boolean | Require that devices have enabled device threat protection. |
deviceThreatProtectionRequiredSecurityLevel | deviceThreatProtectionLevel | Require Mobile Threat Protection minimum risk level to report noncompliance. Possible values are: unavailable , secured , low , medium , high , notSet . |
advancedThreatProtectionRequiredSecurityLevel | deviceThreatProtectionLevel | MDATP Require Mobile Threat Protection minimum risk level to report noncompliance. Possible values are: unavailable , secured , low , medium , high , notSet . |
securityRequireSafetyNetAttestationBasicIntegrity | Boolean | Require the device to pass the SafetyNet basic integrity check. |
securityRequireSafetyNetAttestationCertifiedDevice | Boolean | Require the device to pass the SafetyNet certified device check. |
osMinimumVersion | String | Minimum Android version. |
osMaximumVersion | String | Maximum Android version. |
minAndroidSecurityPatchLevel | String | Minimum Android security patch level. |
passwordRequired | Boolean | Require a password to unlock device. |
passwordMinimumLength | Int32 | Minimum password length. Valid values 4 to 16 |
passwordMinimumLetterCharacters | Int32 | Indicates the minimum number of letter characters required for device password. Valid values 1 to 16 |
passwordMinimumLowerCaseCharacters | Int32 | Indicates the minimum number of lower case characters required for device password. Valid values 1 to 16 |
passwordMinimumNonLetterCharacters | Int32 | Indicates the minimum number of non-letter characters required for device password. Valid values 1 to 16 |
passwordMinimumNumericCharacters | Int32 | Indicates the minimum number of numeric characters required for device password. Valid values 1 to 16 |
passwordMinimumSymbolCharacters | Int32 | Indicates the minimum number of symbol characters required for device password. Valid values 1 to 16 |
passwordMinimumUpperCaseCharacters | Int32 | Indicates the minimum number of upper case letter characters required for device password. Valid values 1 to 16 |
passwordRequiredType | androidDeviceOwnerRequiredPasswordType | Type of characters in password. Possible values are: deviceDefault , required , numeric , numericComplex , alphabetic , alphanumeric , alphanumericWithSymbols , lowSecurityBiometric , customPassword . |
passwordMinutesOfInactivityBeforeLock | Int32 | Minutes of inactivity before a password is required. |
passwordExpirationDays | Int32 | Number of days before the password expires. Valid values 1 to 365 |
passwordPreviousPasswordCountToBlock | Int32 | Number of previous passwords to block. Valid values 1 to 24 |
storageRequireEncryption | Boolean | Require encryption on Android devices. |
securityRequireIntuneAppIntegrity | Boolean | If setting is set to true, checks that the Intune app installed on fully managed, dedicated, or corporate-owned work profile Android Enterprise enrolled devices, is the one provided by Microsoft from the Managed Google Playstore. If the check fails, the device will be reported as non-compliant. |
intune-deviceconfig-androiddeviceownercrossprofiledatasharing
intune-deviceconfig-androiddeviceownerdefaultapppermissionpolicytype
androidDeviceOwnerDerivedCredentialAuthenticationConfiguration
Property | Type | Description |
---|---|---|
id | String | Key of the entity. Inherited from deviceConfiguration |
lastModifiedDateTime | DateTimeOffset | DateTime the object was last modified. Inherited from deviceConfiguration |
roleScopeTagIds | String collection | List of Scope Tags for this Entity instance. Inherited from deviceConfiguration |
supportsScopeTags | Boolean | Indicates whether or not the underlying Device Configuration supports the assignment of scope tags. Assigning to the ScopeTags property is not allowed when this value is false and entities will not be visible to scoped users. This occurs for Legacy policies created in Silverlight and can be resolved by deleting and recreating the policy in the Azure Portal. This property is read-only. Inherited from deviceConfiguration |
deviceManagementApplicabilityRuleOsEdition | deviceManagementApplicabilityRuleOsEdition | The OS edition applicability for this Policy. Inherited from deviceConfiguration |
deviceManagementApplicabilityRuleOsVersion | deviceManagementApplicabilityRuleOsVersion | The OS version applicability rule for this Policy. Inherited from deviceConfiguration |
deviceManagementApplicabilityRuleDeviceMode | deviceManagementApplicabilityRuleDeviceMode | The device mode applicability rule for this Policy. Inherited from deviceConfiguration |
createdDateTime | DateTimeOffset | DateTime the object was created. Inherited from deviceConfiguration |
description | String | Admin provided description of the Device Configuration. Inherited from deviceConfiguration |
displayName | String | Admin provided name of the device configuration. Inherited from deviceConfiguration |
version | Int32 | Version of the device configuration. Inherited from deviceConfiguration |
certificateAccessType | androidDeviceOwnerCertificateAccessType | Certificate access type. Possible values are: userApproval , specificApps , unknownFutureValue . |
silentCertificateAccessDetails | androidDeviceOwnerSilentCertificateAccess collection | Certificate access information. This collection can contain a maximum of 50 elements. |
intune-deviceconfig-androiddeviceownerenrollmentprofiletype
androidDeviceOwnerEnterpriseWiFiConfiguration
Property | Type | Description |
---|---|---|
id | String | Key of the entity. Inherited from deviceConfiguration |
lastModifiedDateTime | DateTimeOffset | DateTime the object was last modified. Inherited from deviceConfiguration |
roleScopeTagIds | String collection | List of Scope Tags for this Entity instance. Inherited from deviceConfiguration |
supportsScopeTags | Boolean | Indicates whether or not the underlying Device Configuration supports the assignment of scope tags. Assigning to the ScopeTags property is not allowed when this value is false and entities will not be visible to scoped users. This occurs for Legacy policies created in Silverlight and can be resolved by deleting and recreating the policy in the Azure Portal. This property is read-only. Inherited from deviceConfiguration |
deviceManagementApplicabilityRuleOsEdition | deviceManagementApplicabilityRuleOsEdition | The OS edition applicability for this Policy. Inherited from deviceConfiguration |
deviceManagementApplicabilityRuleOsVersion | deviceManagementApplicabilityRuleOsVersion | The OS version applicability rule for this Policy. Inherited from deviceConfiguration |
deviceManagementApplicabilityRuleDeviceMode | deviceManagementApplicabilityRuleDeviceMode | The device mode applicability rule for this Policy. Inherited from deviceConfiguration |
createdDateTime | DateTimeOffset | DateTime the object was created. Inherited from deviceConfiguration |
description | String | Admin provided description of the Device Configuration. Inherited from deviceConfiguration |
displayName | String | Admin provided name of the device configuration. Inherited from deviceConfiguration |
version | Int32 | Version of the device configuration. Inherited from deviceConfiguration |
networkName | String | Network Name Inherited from androidDeviceOwnerWiFiConfiguration |
ssid | String | This is the name of the Wi-Fi network that is broadcast to all devices. Inherited from androidDeviceOwnerWiFiConfiguration |
connectAutomatically | Boolean | Connect automatically when this network is in range. Setting this to true will skip the user prompt and automatically connect the device to Wi-Fi network. Inherited from androidDeviceOwnerWiFiConfiguration |
connectWhenNetworkNameIsHidden | Boolean | When set to true, this profile forces the device to connect to a network that doesn't broadcast its SSID to all devices. Inherited from androidDeviceOwnerWiFiConfiguration |
wiFiSecurityType | androidDeviceOwnerWiFiSecurityType | Indicates whether Wi-Fi endpoint uses an EAP based security type. Inherited from androidDeviceOwnerWiFiConfiguration. Possible values are: open , wep , wpaPersonal , wpaEnterprise . |
preSharedKey | String | This is the pre-shared key for WPA Personal Wi-Fi network. Inherited from androidDeviceOwnerWiFiConfiguration |
preSharedKeyIsSet | Boolean | This is the pre-shared key for WPA Personal Wi-Fi network. Inherited from androidDeviceOwnerWiFiConfiguration |
proxySettings | wiFiProxySetting | Specify the proxy setting for Wi-Fi configuration. Possible values include none, manual, and automatic. Inherited from androidDeviceOwnerWiFiConfiguration. Possible values are: none , manual , automatic . |
proxyManualAddress | String | Specify the proxy server IP address. Android documentation does not specify IPv4 or IPv6. For example: 192.168.1.1. Inherited from androidDeviceOwnerWiFiConfiguration |
proxyManualPort | Int32 | Specify the proxy server port. Inherited from androidDeviceOwnerWiFiConfiguration |
proxyAutomaticConfigurationUrl | String | Specify the proxy server configuration script URL. Inherited from androidDeviceOwnerWiFiConfiguration |
proxyExclusionList | String | List of hosts to exclude using the proxy on connections for. These hosts can use wildcards such as *.example.com. Inherited from androidDeviceOwnerWiFiConfiguration |
eapType | androidEapType | Indicates the type of EAP protocol set on the Wi-Fi endpoint (router). Possible values are: eapTls , eapTtls , peap . |
trustedServerCertificateNames | String collection | Trusted server certificate names when EAP Type is configured to EAP-TLS/TTLS/FAST or PEAP. This is the common name used in the certificates issued by your trusted certificate authority (CA). If you provide this information, you can bypass the dynamic trust dialog that is displayed on end users' devices when they connect to this Wi-Fi network. |
authenticationMethod | wiFiAuthenticationMethod | Indicates the Authentication Method the client (device) needs to use when the EAP Type is configured to PEAP or EAP-TTLS. Possible values are: certificate , usernameAndPassword , derivedCredential . |
innerAuthenticationProtocolForEapTtls | nonEapAuthenticationMethodForEapTtlsType | Non-EAP Method for Authentication (Inner Identity) when EAP Type is EAP-TTLS and Authenticationmethod is Username and Password. Possible values are: unencryptedPassword , challengeHandshakeAuthenticationProtocol , microsoftChap , microsoftChapVersionTwo . |
innerAuthenticationProtocolForPeap | nonEapAuthenticationMethodForPeap | Non-EAP Method for Authentication (Inner Identity) when EAP Type is PEAP and Authenticationmethod is Username and Password. Possible values are: none , microsoftChapVersionTwo . |
outerIdentityPrivacyTemporaryValue | String | Enable identity privacy (Outer Identity) when EAP Type is configured to EAP-TTLS or PEAP. The String provided here is used to mask the username of individual users when they attempt to connect to Wi-Fi network. |
androidDeviceOwnerGeneralDeviceConfiguration
Property | Type | Description |
---|---|---|
id | String | Key of the entity. Inherited from deviceConfiguration |
lastModifiedDateTime | DateTimeOffset | DateTime the object was last modified. Inherited from deviceConfiguration |
roleScopeTagIds | String collection | List of Scope Tags for this Entity instance. Inherited from deviceConfiguration |
supportsScopeTags | Boolean | Indicates whether or not the underlying Device Configuration supports the assignment of scope tags. Assigning to the ScopeTags property is not allowed when this value is false and entities will not be visible to scoped users. This occurs for Legacy policies created in Silverlight and can be resolved by deleting and recreating the policy in the Azure Portal. This property is read-only. Inherited from deviceConfiguration |
deviceManagementApplicabilityRuleOsEdition | deviceManagementApplicabilityRuleOsEdition | The OS edition applicability for this Policy. Inherited from deviceConfiguration |
deviceManagementApplicabilityRuleOsVersion | deviceManagementApplicabilityRuleOsVersion | The OS version applicability rule for this Policy. Inherited from deviceConfiguration |
deviceManagementApplicabilityRuleDeviceMode | deviceManagementApplicabilityRuleDeviceMode | The device mode applicability rule for this Policy. Inherited from deviceConfiguration |
createdDateTime | DateTimeOffset | DateTime the object was created. Inherited from deviceConfiguration |
description | String | Admin provided description of the Device Configuration. Inherited from deviceConfiguration |
displayName | String | Admin provided name of the device configuration. Inherited from deviceConfiguration |
version | Int32 | Version of the device configuration. Inherited from deviceConfiguration |
azureAdSharedDeviceDataClearApps | appListItem collection | A list of managed apps that will have their data cleared during a global sign-out in AAD shared device mode. This collection can contain a maximum of 500 elements. |
accountsBlockModification | Boolean | Indicates whether or not adding or removing accounts is disabled. |
appsAllowInstallFromUnknownSources | Boolean | Indicates whether or not the user is allowed to enable to unknown sources setting. |
appsAutoUpdatePolicy | androidDeviceOwnerAppAutoUpdatePolicyType | Indicates the value of the app auto update policy. Possible values are: notConfigured , userChoice , never , wiFiOnly , always . |
appsDefaultPermissionPolicy | androidDeviceOwnerDefaultAppPermissionPolicyType | Indicates the permission policy for requests for runtime permissions if one is not defined for the app specifically. Possible values are: deviceDefault , prompt , autoGrant , autoDeny . |
appsRecommendSkippingFirstUseHints | Boolean | Whether or not to recommend all apps skip any first-time-use hints they may have added. |
bluetoothBlockConfiguration | Boolean | Indicates whether or not to block a user from configuring bluetooth. |
bluetoothBlockContactSharing | Boolean | Indicates whether or not to block a user from sharing contacts via bluetooth. |
cameraBlocked | Boolean | Indicates whether or not to disable the use of the camera. |
cellularBlockWiFiTethering | Boolean | Indicates whether or not to block Wi-Fi tethering. |
certificateCredentialConfigurationDisabled | Boolean | Indicates whether or not to block users from any certificate credential configuration. |
crossProfilePoliciesAllowCopyPaste | Boolean | Indicates whether or not text copied from one profile (personal or work) can be pasted in the other. |
crossProfilePoliciesAllowDataSharing | androidDeviceOwnerCrossProfileDataSharing | Indicates whether data from one profile (personal or work) can be shared with apps in the other profile. Possible values are: notConfigured , crossProfileDataSharingBlocked , dataSharingFromWorkToPersonalBlocked , crossProfileDataSharingAllowed , unkownFutureValue . |
crossProfilePoliciesShowWorkContactsInPersonalProfile | Boolean | Indicates whether or not contacts stored in work profile are shown in personal profile contact searches/incoming calls. |
microsoftLauncherConfigurationEnabled | Boolean | Indicates whether or not to you want configure Microsoft Launcher. |
microsoftLauncherCustomWallpaperEnabled | Boolean | Indicates whether or not to configure the wallpaper on the targeted devices. |
microsoftLauncherCustomWallpaperImageUrl | String | Indicates the URL for the image file to use as the wallpaper on the targeted devices. |
microsoftLauncherCustomWallpaperAllowUserModification | Boolean | Indicates whether or not the user can modify the wallpaper to personalize their device. |
microsoftLauncherFeedEnabled | Boolean | Indicates whether or not you want to enable the launcher feed on the device. |
microsoftLauncherFeedAllowUserModification | Boolean | Indicates whether or not the user can modify the launcher feed on the device. |
microsoftLauncherDockPresenceConfiguration | microsoftLauncherDockPresence | Indicates whether or not you want to configure the device dock. Possible values are: notConfigured , show , hide , disabled . |
microsoftLauncherDockPresenceAllowUserModification | Boolean | Indicates whether or not the user can modify the device dock configuration on the device. |
microsoftLauncherSearchBarPlacementConfiguration | microsoftLauncherSearchBarPlacement | Indicates the search bar placement configuration on the device. Possible values are: notConfigured , top , bottom , hide . |
enrollmentProfile | androidDeviceOwnerEnrollmentProfileType | Indicates which enrollment profile you want to configure. Possible values are: notConfigured , dedicatedDevice , fullyManaged . |
dataRoamingBlocked | Boolean | Indicates whether or not to block a user from data roaming. |
dateTimeConfigurationBlocked | Boolean | Indicates whether or not to block the user from manually changing the date or time on the device |
detailedHelpText | androidDeviceOwnerUserFacingMessage | Represents the customized detailed help text provided to users when they attempt to modify managed settings on their device. |
deviceOwnerLockScreenMessage | androidDeviceOwnerUserFacingMessage | Represents the customized lock screen message provided to users when they attempt to modify managed settings on their device. |
securityCommonCriteriaModeEnabled | Boolean | Represents the security common criteria mode enabled provided to users when they attempt to modify managed settings on their device. |
factoryResetDeviceAdministratorEmails | String collection | List of Google account emails that will be required to authenticate after a device is factory reset before it can be set up. |
factoryResetBlocked | Boolean | Indicates whether or not the factory reset option in settings is disabled. |
globalProxy | androidDeviceOwnerGlobalProxy | Proxy is set up directly with host, port and excluded hosts. |
googleAccountsBlocked | Boolean | Indicates whether or not google accounts will be blocked. |
kioskCustomizationDeviceSettingsBlocked | Boolean | Indicates whether a user can access the device's Settings app while in Kiosk Mode. |
kioskCustomizationPowerButtonActionsBlocked | Boolean | Whether the power menu is shown when a user long presses the Power button of a device in Kiosk Mode. |
kioskCustomizationStatusBar | androidDeviceOwnerKioskCustomizationStatusBar | Indicates whether system info and notifications are disabled in Kiosk Mode. Possible values are: notConfigured , notificationsAndSystemInfoEnabled , systemInfoOnly . |
kioskCustomizationSystemErrorWarnings | Boolean | Indicates whether system error dialogs for crashed or unresponsive apps are shown in Kiosk Mode. |
kioskCustomizationSystemNavigation | androidDeviceOwnerKioskCustomizationSystemNavigation | Indicates which navigation features are enabled in Kiosk Mode. Possible values are: notConfigured , navigationEnabled , homeButtonOnly . |
kioskModeScreenSaverConfigurationEnabled | Boolean | Whether or not to enable screen saver mode or not in Kiosk Mode. |
kioskModeScreenSaverImageUrl | String | URL for an image that will be the device's screen saver in Kiosk Mode. |
kioskModeScreenSaverDisplayTimeInSeconds | Int32 | The number of seconds that the device will display the screen saver for in Kiosk Mode. Valid values 0 to 9999999 |
kioskModeScreenSaverStartDelayInSeconds | Int32 | The number of seconds the device needs to be inactive for before the screen saver is shown in Kiosk Mode. Valid values 1 to 9999999 |
kioskModeScreenSaverDetectMediaDisabled | Boolean | Whether or not the device screen should show the screen saver if audio/video is playing in Kiosk Mode. |
kioskModeApps | appListItem collection | A list of managed apps that will be shown when the device is in Kiosk Mode. This collection can contain a maximum of 500 elements. |
kioskModeWallpaperUrl | String | URL to a publicly accessible image to use for the wallpaper when the device is in Kiosk Mode. |
kioskModeExitCode | String | Exit code to allow a user to escape from Kiosk Mode when the device is in Kiosk Mode. |
kioskModeVirtualHomeButtonEnabled | Boolean | Whether or not to display a virtual home button when the device is in Kiosk Mode. |
kioskModeVirtualHomeButtonType | androidDeviceOwnerVirtualHomeButtonType | Indicates whether the virtual home button is a swipe up home button or a floating home button. Possible values are: notConfigured , swipeUp , floating . |
kioskModeBluetoothConfigurationEnabled | Boolean | Whether or not to allow a user to configure Bluetooth settings in Kiosk Mode. |
kioskModeWiFiConfigurationEnabled | Boolean | Whether or not to allow a user to configure Wi-Fi settings in Kiosk Mode. |
kioskModeFlashlightConfigurationEnabled | Boolean | Whether or not to allow a user to use the flashlight in Kiosk Mode. |
kioskModeMediaVolumeConfigurationEnabled | Boolean | Whether or not to allow a user to change the media volume in Kiosk Mode. |
kioskModeShowDeviceInfo | Boolean | Whether or not to allow a user to access basic device information. |
kioskModeManagedSettingsEntryDisabled | Boolean | Whether or not to display the Managed Settings entry point on the managed home screen in Kiosk Mode. |
kioskModeDebugMenuEasyAccessEnabled | Boolean | Whether or not to allow a user to easy access to the debug menu in Kiosk Mode. |
kioskModeShowAppNotificationBadge | Boolean | Whether or not to display application notification badges in Kiosk Mode. |
kioskModeScreenOrientation | androidDeviceOwnerKioskModeScreenOrientation | Screen orientation configuration for managed home screen in Kiosk Mode. Possible values are: notConfigured , portrait , landscape , autoRotate . |
kioskModeIconSize | androidDeviceOwnerKioskModeIconSize | Icon size configuration for managed home screen in Kiosk Mode. Possible values are: notConfigured , smallest , small , regular , large , largest . |
kioskModeFolderIcon | androidDeviceOwnerKioskModeFolderIcon | Folder icon configuration for managed home screen in Kiosk Mode. Possible values are: notConfigured , darkSquare , darkCircle , lightSquare , lightCircle . |
kioskModeWifiAllowedSsids | String collection | The restricted set of WIFI SSIDs available for the user to configure in Kiosk Mode. This collection can contain a maximum of 500 elements. |
kioskModeAppOrderEnabled | Boolean | Whether or not to enable app ordering in Kiosk Mode. |
kioskModeAppsInFolderOrderedByName | Boolean | Whether or not to alphabetize applications within a folder in Kiosk Mode. |
kioskModeGridHeight | Int32 | Number of rows for Managed Home Screen grid with app ordering enabled in Kiosk Mode. Valid values 1 to 9999999 |
kioskModeGridWidth | Int32 | Number of columns for Managed Home Screen grid with app ordering enabled in Kiosk Mode. Valid values 1 to 9999999 |
kioskModeLockHomeScreen | Boolean | Whether or not to lock home screen to the end user in Kiosk Mode. |
kioskModeManagedFolders | androidDeviceOwnerKioskModeManagedFolder collection | A list of managed folders for a device in Kiosk Mode. This collection can contain a maximum of 500 elements. |
kioskModeAppPositions | androidDeviceOwnerKioskModeAppPositionItem collection | The ordering of items on Kiosk Mode Managed Home Screen. This collection can contain a maximum of 500 elements. |
kioskModeManagedHomeScreenAutoSignout | Boolean | Whether or not to automatically sign-out of MHS and Shared device mode applications after inactive for Managed Home Screen. |
kioskModeManagedHomeScreenInactiveSignOutDelayInSeconds | Int32 | Number of seconds to give user notice before automatically signing them out for Managed Home Screen. Valid values 0 to 9999999 |
kioskModeManagedHomeScreenInactiveSignOutNoticeInSeconds | Int32 | Number of seconds device is inactive before automatically signing user out for Managed Home Screen. Valid values 0 to 9999999 |
kioskModeManagedHomeScreenPinComplexity | kioskModeManagedHomeScreenPinComplexity | Complexity of PIN for sign-in session for Managed Home Screen. Possible values are: notConfigured , simple , complex . |
kioskModeManagedHomeScreenPinRequired | Boolean | Whether or not require user to set a PIN for sign-in session for Managed Home Screen. |
kioskModeManagedHomeScreenPinRequiredToResume | Boolean | Whether or not required user to enter session PIN if screensaver has appeared for Managed Home Screen. |
kioskModeManagedHomeScreenSignInBackground | String | Custom URL background for sign-in screen for Managed Home Screen. |
kioskModeManagedHomeScreenSignInBrandingLogo | String | Custom URL branding logo for sign-in screen and session pin page for Managed Home Screen. |
kioskModeManagedHomeScreenSignInEnabled | Boolean | Whether or not show sign-in screen for Managed Home Screen. |
kioskModeUseManagedHomeScreenApp | kioskModeType | Whether or not to use single app kiosk mode or multi-app kiosk mode. Possible values are: notConfigured , singleAppMode , multiAppMode . |
microphoneForceMute | Boolean | Indicates whether or not to block unmuting the microphone on the device. |
networkEscapeHatchAllowed | Boolean | Indicates whether or not the device will allow connecting to a temporary network connection at boot time. |
nfcBlockOutgoingBeam | Boolean | Indicates whether or not to block NFC outgoing beam. |
passwordBlockKeyguard | Boolean | Indicates whether or not the keyguard is disabled. |
passwordBlockKeyguardFeatures | androidKeyguardFeature collection | List of device keyguard features to block. This collection can contain a maximum of 11 elements. |
passwordExpirationDays | Int32 | Indicates the amount of time that a password can be set for before it expires and a new password will be required. Valid values 1 to 365 |
passwordMinimumLength | Int32 | Indicates the minimum length of the password required on the device. Valid values 4 to 16 |
passwordMinimumLetterCharacters | Int32 | Indicates the minimum number of letter characters required for device password. Valid values 1 to 16 |
passwordMinimumLowerCaseCharacters | Int32 | Indicates the minimum number of lower case characters required for device password. Valid values 1 to 16 |
passwordMinimumNonLetterCharacters | Int32 | Indicates the minimum number of non-letter characters required for device password. Valid values 1 to 16 |
passwordMinimumNumericCharacters | Int32 | Indicates the minimum number of numeric characters required for device password. Valid values 1 to 16 |
passwordMinimumSymbolCharacters | Int32 | Indicates the minimum number of symbol characters required for device password. Valid values 1 to 16 |
passwordMinimumUpperCaseCharacters | Int32 | Indicates the minimum number of upper case letter characters required for device password. Valid values 1 to 16 |
passwordMinutesOfInactivityBeforeScreenTimeout | Int32 | Minutes of inactivity before the screen times out. |
passwordPreviousPasswordCountToBlock | Int32 | Indicates the length of password history, where the user will not be able to enter a new password that is the same as any password in the history. Valid values 0 to 24 |
passwordRequiredType | androidDeviceOwnerRequiredPasswordType | Indicates the minimum password quality required on the device. Possible values are: deviceDefault , required , numeric , numericComplex , alphabetic , alphanumeric , alphanumericWithSymbols , lowSecurityBiometric , customPassword . |
passwordRequireUnlock | androidDeviceOwnerRequiredPasswordUnlock | Indicates the timeout period after which a device must be unlocked using a form of strong authentication. Possible values are: deviceDefault , daily , unkownFutureValue . |
passwordSignInFailureCountBeforeFactoryReset | Int32 | Indicates the number of times a user can enter an incorrect password before the device is wiped. Valid values 4 to 11 |
playStoreMode | androidDeviceOwnerPlayStoreMode | Indicates the Play Store mode of the device. Possible values are: notConfigured , allowList , blockList . |
screenCaptureBlocked | Boolean | Indicates whether or not to disable the capability to take screenshots. |
securityDeveloperSettingsEnabled | Boolean | Indicates whether or not the user is allowed to access developer settings like developer options and safe boot on the device. |
securityRequireVerifyApps | Boolean | Indicates whether or not verify apps is required. |
shortHelpText | androidDeviceOwnerUserFacingMessage | Represents the customized short help text provided to users when they attempt to modify managed settings on their device. |
statusBarBlocked | Boolean | Indicates whether or the status bar is disabled, including notifications, quick settings and other screen overlays. |
stayOnModes | androidDeviceOwnerBatteryPluggedMode collection | List of modes in which the device's display will stay powered-on. This collection can contain a maximum of 4 elements. |
storageAllowUsb | Boolean | Indicates whether or not to allow USB mass storage. |
storageBlockExternalMedia | Boolean | Indicates whether or not to block external media. |
storageBlockUsbFileTransfer | Boolean | Indicates whether or not to block USB file transfer. |
systemUpdateFreezePeriods | androidDeviceOwnerSystemUpdateFreezePeriod collection | Indicates the annually repeating time periods during which system updates are postponed. This collection can contain a maximum of 500 elements. |
systemUpdateWindowStartMinutesAfterMidnight | Int32 | Indicates the number of minutes after midnight that the system update window starts. Valid values 0 to 1440 |
systemUpdateWindowEndMinutesAfterMidnight | Int32 | Indicates the number of minutes after midnight that the system update window ends. Valid values 0 to 1440 |
systemUpdateInstallType | androidDeviceOwnerSystemUpdateInstallType | The type of system update configuration. Possible values are: deviceDefault , postpone , windowed , automatic . |
systemWindowsBlocked | Boolean | Whether or not to block Android system prompt windows, like toasts, phone activities, and system alerts. |
usersBlockAdd | Boolean | Indicates whether or not adding users and profiles is disabled. |
usersBlockRemove | Boolean | Indicates whether or not to disable removing other users from the device. |
volumeBlockAdjustment | Boolean | Indicates whether or not adjusting the master volume is disabled. |
vpnAlwaysOnLockdownMode | Boolean | If an always on VPN package name is specified, whether or not to lock network traffic when that VPN is disconnected. |
vpnAlwaysOnPackageIdentifier | String | Android app package name for app that will handle an always-on VPN connection. |
wifiBlockEditConfigurations | Boolean | Indicates whether or not to block the user from editing the wifi connection settings. |
wifiBlockEditPolicyDefinedConfigurations | Boolean | Indicates whether or not to block the user from editing just the networks defined by the policy. |
personalProfileAppsAllowInstallFromUnknownSources | Boolean | Indicates whether the user can install apps from unknown sources on the personal profile. |
personalProfileCameraBlocked | Boolean | Indicates whether to disable the use of the camera on the personal profile. |
personalProfileScreenCaptureBlocked | Boolean | Indicates whether to disable the capability to take screenshots on the personal profile. |
personalProfilePlayStoreMode | personalProfilePersonalPlayStoreMode | Used together with PersonalProfilePersonalApplications to control how apps in the personal profile are allowed or blocked. Possible values are: notConfigured , blockedApps , allowedApps . |
personalProfilePersonalApplications | appListItem collection | Policy applied to applications in the personal profile. This collection can contain a maximum of 500 elements. |
workProfilePasswordExpirationDays | Int32 | Indicates the number of days that a work profile password can be set before it expires and a new password will be required. Valid values 1 to 365 |
workProfilePasswordMinimumLength | Int32 | Indicates the minimum length of the work profile password. Valid values 4 to 16 |
workProfilePasswordMinimumNumericCharacters | Int32 | Indicates the minimum number of numeric characters required for the work profile password. Valid values 1 to 16 |
workProfilePasswordMinimumNonLetterCharacters | Int32 | Indicates the minimum number of non-letter characters required for the work profile password. Valid values 1 to 16 |
workProfilePasswordMinimumLetterCharacters | Int32 | Indicates the minimum number of letter characters required for the work profile password. Valid values 1 to 16 |
workProfilePasswordMinimumLowerCaseCharacters | Int32 | Indicates the minimum number of lower-case characters required for the work profile password. Valid values 1 to 16 |
workProfilePasswordMinimumUpperCaseCharacters | Int32 | Indicates the minimum number of upper-case letter characters required for the work profile password. Valid values 1 to 16 |
workProfilePasswordMinimumSymbolCharacters | Int32 | Indicates the minimum number of symbol characters required for the work profile password. Valid values 1 to 16 |
workProfilePasswordPreviousPasswordCountToBlock | Int32 | Indicates the length of the work profile password history, where the user will not be able to enter a new password that is the same as any password in the history. Valid values 0 to 24 |
workProfilePasswordSignInFailureCountBeforeFactoryReset | Int32 | Indicates the number of times a user can enter an incorrect work profile password before the device is wiped. Valid values 4 to 11 |
workProfilePasswordRequiredType | androidDeviceOwnerRequiredPasswordType | Indicates the minimum password quality required on the work profile password. Possible values are: deviceDefault , required , numeric , numericComplex , alphabetic , alphanumeric , alphanumericWithSymbols , lowSecurityBiometric , customPassword . |
workProfilePasswordRequireUnlock | androidDeviceOwnerRequiredPasswordUnlock | Indicates the timeout period after which a work profile must be unlocked using a form of strong authentication. Possible values are: deviceDefault , daily , unkownFutureValue . |
androidDeviceOwnerGlobalProxy
Property | Type | Description |
---|
androidDeviceOwnerImportedPFXCertificateProfile
Property | Type | Description |
---|---|---|
id | String | Key of the entity. Inherited from deviceConfiguration |
lastModifiedDateTime | DateTimeOffset | DateTime the object was last modified. Inherited from deviceConfiguration |
roleScopeTagIds | String collection | List of Scope Tags for this Entity instance. Inherited from deviceConfiguration |
supportsScopeTags | Boolean | Indicates whether or not the underlying Device Configuration supports the assignment of scope tags. Assigning to the ScopeTags property is not allowed when this value is false and entities will not be visible to scoped users. This occurs for Legacy policies created in Silverlight and can be resolved by deleting and recreating the policy in the Azure Portal. This property is read-only. Inherited from deviceConfiguration |
deviceManagementApplicabilityRuleOsEdition | deviceManagementApplicabilityRuleOsEdition | The OS edition applicability for this Policy. Inherited from deviceConfiguration |
deviceManagementApplicabilityRuleOsVersion | deviceManagementApplicabilityRuleOsVersion | The OS version applicability rule for this Policy. Inherited from deviceConfiguration |
deviceManagementApplicabilityRuleDeviceMode | deviceManagementApplicabilityRuleDeviceMode | The device mode applicability rule for this Policy. Inherited from deviceConfiguration |
createdDateTime | DateTimeOffset | DateTime the object was created. Inherited from deviceConfiguration |
description | String | Admin provided description of the Device Configuration. Inherited from deviceConfiguration |
displayName | String | Admin provided name of the device configuration. Inherited from deviceConfiguration |
version | Int32 | Version of the device configuration. Inherited from deviceConfiguration |
renewalThresholdPercentage | Int32 | Certificate renewal threshold percentage. Valid values 1 to 99 Inherited from androidDeviceOwnerCertificateProfileBase |
subjectNameFormat | subjectNameFormat | Certificate Subject Name Format. Inherited from androidDeviceOwnerCertificateProfileBase. Possible values are: commonName , commonNameIncludingEmail , commonNameAsEmail , custom , commonNameAsIMEI , commonNameAsSerialNumber , commonNameAsAadDeviceId , commonNameAsIntuneDeviceId , commonNameAsDurableDeviceId . |
certificateValidityPeriodValue | Int32 | Value for the Certificate Validity Period. Inherited from androidDeviceOwnerCertificateProfileBase |
certificateValidityPeriodScale | certificateValidityPeriodScale | Scale for the Certificate Validity Period. Inherited from androidDeviceOwnerCertificateProfileBase. Possible values are: days , months , years . |
extendedKeyUsages | extendedKeyUsage collection | Extended Key Usage (EKU) settings. This collection can contain a maximum of 500 elements. Inherited from androidDeviceOwnerCertificateProfileBase |
subjectAlternativeNameType | subjectAlternativeNameType | Certificate Subject Alternative Name Type. Inherited from androidDeviceOwnerCertificateProfileBase. Possible values are: none , emailAddress , userPrincipalName , customAzureADAttribute , domainNameService , universalResourceIdentifier . |
intendedPurpose | intendedPurpose | Intended Purpose of the Certificate Profile - which could be Unassigned, SmimeEncryption, SmimeSigning etc. Possible values are: unassigned , smimeEncryption , smimeSigning , vpn , wifi . |
certificateAccessType | androidDeviceOwnerCertificateAccessType | Certificate access type. Possible values are: userApproval , specificApps , unknownFutureValue . |
silentCertificateAccessDetails | androidDeviceOwnerSilentCertificateAccess collection | Certificate access information. This collection can contain a maximum of 50 elements. |
intune-deviceconfig-androiddeviceownerkioskcustomizationstatusbar
intune-deviceconfig-androiddeviceownerkioskcustomizationsystemnavigation
androidDeviceOwnerKioskModeAppPositionItem
Property | Type | Description |
---|---|---|
position | Int32 | Position of the item on the grid. Valid values 0 to 9999999 |
item | androidDeviceOwnerKioskModeHomeScreenItem | Item to be arranged |
intune-deviceconfig-androiddeviceownerkioskmodefoldericon
intune-deviceconfig-androiddeviceownerkioskmodeiconsize
androidDeviceOwnerKioskModeManagedFolder
Property | Type | Description |
---|---|---|
folderName | String | Display name for the folder |
folderIdentifier | String | Unique identifier for the folder |
items | androidDeviceOwnerKioskModeFolderItem collection | Items to be added to managed folder. This collection can contain a maximum of 500 elements. |
intune-deviceconfig-androiddeviceownerkioskmodescreenorientation
androidDeviceOwnerPkcsCertificateProfile
Property | Type | Description |
---|---|---|
id | String | Key of the entity. Inherited from deviceConfiguration |
lastModifiedDateTime | DateTimeOffset | DateTime the object was last modified. Inherited from deviceConfiguration |
roleScopeTagIds | String collection | List of Scope Tags for this Entity instance. Inherited from deviceConfiguration |
supportsScopeTags | Boolean | Indicates whether or not the underlying Device Configuration supports the assignment of scope tags. Assigning to the ScopeTags property is not allowed when this value is false and entities will not be visible to scoped users. This occurs for Legacy policies created in Silverlight and can be resolved by deleting and recreating the policy in the Azure Portal. This property is read-only. Inherited from deviceConfiguration |
deviceManagementApplicabilityRuleOsEdition | deviceManagementApplicabilityRuleOsEdition | The OS edition applicability for this Policy. Inherited from deviceConfiguration |
deviceManagementApplicabilityRuleOsVersion | deviceManagementApplicabilityRuleOsVersion | The OS version applicability rule for this Policy. Inherited from deviceConfiguration |
deviceManagementApplicabilityRuleDeviceMode | deviceManagementApplicabilityRuleDeviceMode | The device mode applicability rule for this Policy. Inherited from deviceConfiguration |
createdDateTime | DateTimeOffset | DateTime the object was created. Inherited from deviceConfiguration |
description | String | Admin provided description of the Device Configuration. Inherited from deviceConfiguration |
displayName | String | Admin provided name of the device configuration. Inherited from deviceConfiguration |
version | Int32 | Version of the device configuration. Inherited from deviceConfiguration |
renewalThresholdPercentage | Int32 | Certificate renewal threshold percentage. Valid values 1 to 99 Inherited from androidDeviceOwnerCertificateProfileBase |
subjectNameFormat | subjectNameFormat | Certificate Subject Name Format. Inherited from androidDeviceOwnerCertificateProfileBase. Possible values are: commonName , commonNameIncludingEmail , commonNameAsEmail , custom , commonNameAsIMEI , commonNameAsSerialNumber , commonNameAsAadDeviceId , commonNameAsIntuneDeviceId , commonNameAsDurableDeviceId . |
certificateValidityPeriodValue | Int32 | Value for the Certificate Validity Period. Inherited from androidDeviceOwnerCertificateProfileBase |
certificateValidityPeriodScale | certificateValidityPeriodScale | Scale for the Certificate Validity Period. Inherited from androidDeviceOwnerCertificateProfileBase. Possible values are: days , months , years . |
extendedKeyUsages | extendedKeyUsage collection | Extended Key Usage (EKU) settings. This collection can contain a maximum of 500 elements. Inherited from androidDeviceOwnerCertificateProfileBase |
subjectAlternativeNameType | subjectAlternativeNameType | Certificate Subject Alternative Name Type. Inherited from androidDeviceOwnerCertificateProfileBase. Possible values are: none , emailAddress , userPrincipalName , customAzureADAttribute , domainNameService , universalResourceIdentifier . |
certificationAuthority | String | PKCS Certification Authority |
certificationAuthorityName | String | PKCS Certification Authority Name |
certificationAuthorityType | deviceManagementCertificationAuthority | Certification authority type. Possible values are: notConfigured , microsoft , digiCert . |
certificateTemplateName | String | PKCS Certificate Template Name |
subjectAlternativeNameFormatString | String | Custom String that defines the AAD Attribute. |
subjectNameFormatString | String | Custom format to use with SubjectNameFormat = Custom. Example: CN={{EmailAddress}},E={{EmailAddress}},OU=Enterprise Users,O=Contoso Corporation,L=Redmond,ST=WA,C=US |
certificateStore | certificateStore | Target store certificate. Possible values are: user , machine . |
customSubjectAlternativeNames | customSubjectAlternativeName collection | Custom Subject Alternative Name Settings. This collection can contain a maximum of 500 elements. |
certificateAccessType | androidDeviceOwnerCertificateAccessType | Certificate access type. Possible values are: userApproval , specificApps , unknownFutureValue . |
silentCertificateAccessDetails | androidDeviceOwnerSilentCertificateAccess collection | Certificate access information. This collection can contain a maximum of 50 elements. |
intune-deviceconfig-androiddeviceownerplaystoremode
intune-deviceconfig-androiddeviceownerrequiredpasswordtype
intune-deviceconfig-androiddeviceownerrequiredpasswordunlock
androidDeviceOwnerScepCertificateProfile
Property | Type | Description |
---|---|---|
id | String | Key of the entity. Inherited from deviceConfiguration |
lastModifiedDateTime | DateTimeOffset | DateTime the object was last modified. Inherited from deviceConfiguration |
roleScopeTagIds | String collection | List of Scope Tags for this Entity instance. Inherited from deviceConfiguration |
supportsScopeTags | Boolean | Indicates whether or not the underlying Device Configuration supports the assignment of scope tags. Assigning to the ScopeTags property is not allowed when this value is false and entities will not be visible to scoped users. This occurs for Legacy policies created in Silverlight and can be resolved by deleting and recreating the policy in the Azure Portal. This property is read-only. Inherited from deviceConfiguration |
deviceManagementApplicabilityRuleOsEdition | deviceManagementApplicabilityRuleOsEdition | The OS edition applicability for this Policy. Inherited from deviceConfiguration |
deviceManagementApplicabilityRuleOsVersion | deviceManagementApplicabilityRuleOsVersion | The OS version applicability rule for this Policy. Inherited from deviceConfiguration |
deviceManagementApplicabilityRuleDeviceMode | deviceManagementApplicabilityRuleDeviceMode | The device mode applicability rule for this Policy. Inherited from deviceConfiguration |
createdDateTime | DateTimeOffset | DateTime the object was created. Inherited from deviceConfiguration |
description | String | Admin provided description of the Device Configuration. Inherited from deviceConfiguration |
displayName | String | Admin provided name of the device configuration. Inherited from deviceConfiguration |
version | Int32 | Version of the device configuration. Inherited from deviceConfiguration |
renewalThresholdPercentage | Int32 | Certificate renewal threshold percentage. Valid values 1 to 99 Inherited from androidDeviceOwnerCertificateProfileBase |
subjectNameFormat | subjectNameFormat | Certificate Subject Name Format. Inherited from androidDeviceOwnerCertificateProfileBase. Possible values are: commonName , commonNameIncludingEmail , commonNameAsEmail , custom , commonNameAsIMEI , commonNameAsSerialNumber , commonNameAsAadDeviceId , commonNameAsIntuneDeviceId , commonNameAsDurableDeviceId . |
certificateValidityPeriodValue | Int32 | Value for the Certificate Validity Period. Inherited from androidDeviceOwnerCertificateProfileBase |
certificateValidityPeriodScale | certificateValidityPeriodScale | Scale for the Certificate Validity Period. Inherited from androidDeviceOwnerCertificateProfileBase. Possible values are: days , months , years . |
extendedKeyUsages | extendedKeyUsage collection | Extended Key Usage (EKU) settings. This collection can contain a maximum of 500 elements. Inherited from androidDeviceOwnerCertificateProfileBase |
subjectAlternativeNameType | subjectAlternativeNameType | Certificate Subject Alternative Name Type. Inherited from androidDeviceOwnerCertificateProfileBase. Possible values are: none , emailAddress , userPrincipalName , customAzureADAttribute , domainNameService , universalResourceIdentifier . |
scepServerUrls | String collection | SCEP Server Url(s) |
subjectNameFormatString | String | Custom format to use with SubjectNameFormat = Custom. Example: CN={{EmailAddress}},E={{EmailAddress}},OU=Enterprise Users,O=Contoso Corporation,L=Redmond,ST=WA,C=US |
keyUsage | keyUsages | SCEP Key Usage. Possible values are: keyEncipherment , digitalSignature . |
keySize | keySize | SCEP Key Size. Possible values are: size1024 , size2048 , size4096 . |
hashAlgorithm | hashAlgorithms | SCEP Hash Algorithm. Possible values are: sha1 , sha2 . |
subjectAlternativeNameFormatString | String | Custom String that defines the AAD Attribute. |
certificateStore | certificateStore | Target store certificate. Possible values are: user , machine . |
customSubjectAlternativeNames | customSubjectAlternativeName collection | Custom Subject Alternative Name Settings. This collection can contain a maximum of 500 elements. |
certificateAccessType | androidDeviceOwnerCertificateAccessType | Certificate access type. Possible values are: userApproval , specificApps , unknownFutureValue . |
silentCertificateAccessDetails | androidDeviceOwnerSilentCertificateAccess collection | Certificate access information. This collection can contain a maximum of 50 elements. |
androidDeviceOwnerSilentCertificateAccess
Property | Type | Description |
---|---|---|
packageId | String | Package ID that has the pre-granted access to the certificate. |
androidDeviceOwnerSystemUpdateFreezePeriod
Property | Type | Description |
---|---|---|
startMonth | Int32 | The month of the start date of the freeze period. Valid values 1 to 12 |
startDay | Int32 | The day of the start date of the freeze period. Valid values 1 to 31 |
endMonth | Int32 | The month of the end date of the freeze period. Valid values 1 to 12 |
endDay | Int32 | The day of the end date of the freeze period. Valid values 1 to 31 |
intune-deviceconfig-androiddeviceownersystemupdateinstalltype
androidDeviceOwnerTrustedRootCertificate
Property | Type | Description |
---|---|---|
id | String | Key of the entity. Inherited from deviceConfiguration |
lastModifiedDateTime | DateTimeOffset | DateTime the object was last modified. Inherited from deviceConfiguration |
roleScopeTagIds | String collection | List of Scope Tags for this Entity instance. Inherited from deviceConfiguration |
supportsScopeTags | Boolean | Indicates whether or not the underlying Device Configuration supports the assignment of scope tags. Assigning to the ScopeTags property is not allowed when this value is false and entities will not be visible to scoped users. This occurs for Legacy policies created in Silverlight and can be resolved by deleting and recreating the policy in the Azure Portal. This property is read-only. Inherited from deviceConfiguration |
deviceManagementApplicabilityRuleOsEdition | deviceManagementApplicabilityRuleOsEdition | The OS edition applicability for this Policy. Inherited from deviceConfiguration |
deviceManagementApplicabilityRuleOsVersion | deviceManagementApplicabilityRuleOsVersion | The OS version applicability rule for this Policy. Inherited from deviceConfiguration |
deviceManagementApplicabilityRuleDeviceMode | deviceManagementApplicabilityRuleDeviceMode | The device mode applicability rule for this Policy. Inherited from deviceConfiguration |
createdDateTime | DateTimeOffset | DateTime the object was created. Inherited from deviceConfiguration |
description | String | Admin provided description of the Device Configuration. Inherited from deviceConfiguration |
displayName | String | Admin provided name of the device configuration. Inherited from deviceConfiguration |
version | Int32 | Version of the device configuration. Inherited from deviceConfiguration |
trustedRootCertificate | Binary | Trusted Root Certificate |
certFileName | String | File name to display in UI. |
androidDeviceOwnerUserFacingMessage
Property | Type | Description |
---|---|---|
localizedMessages | keyValuePair collection | The list of <locale, message> pairs. This collection can contain a maximum of 500 elements. |
defaultMessage | String | The default message displayed if the user's locale doesn't match with any of the localized messages |
intune-deviceconfig-androiddeviceownervirtualhomebuttontype
androidDeviceOwnerVpnConfiguration
Property | Type | Description |
---|---|---|
id | String | Key of the entity. Inherited from deviceConfiguration |
lastModifiedDateTime | DateTimeOffset | DateTime the object was last modified. Inherited from deviceConfiguration |
roleScopeTagIds | String collection | List of Scope Tags for this Entity instance. Inherited from deviceConfiguration |
supportsScopeTags | Boolean | Indicates whether or not the underlying Device Configuration supports the assignment of scope tags. Assigning to the ScopeTags property is not allowed when this value is false and entities will not be visible to scoped users. This occurs for Legacy policies created in Silverlight and can be resolved by deleting and recreating the policy in the Azure Portal. This property is read-only. Inherited from deviceConfiguration |
deviceManagementApplicabilityRuleOsEdition | deviceManagementApplicabilityRuleOsEdition | The OS edition applicability for this Policy. Inherited from deviceConfiguration |
deviceManagementApplicabilityRuleOsVersion | deviceManagementApplicabilityRuleOsVersion | The OS version applicability rule for this Policy. Inherited from deviceConfiguration |
deviceManagementApplicabilityRuleDeviceMode | deviceManagementApplicabilityRuleDeviceMode | The device mode applicability rule for this Policy. Inherited from deviceConfiguration |
createdDateTime | DateTimeOffset | DateTime the object was created. Inherited from deviceConfiguration |
description | String | Admin provided description of the Device Configuration. Inherited from deviceConfiguration |
displayName | String | Admin provided name of the device configuration. Inherited from deviceConfiguration |
version | Int32 | Version of the device configuration. Inherited from deviceConfiguration |
authenticationMethod | vpnAuthenticationMethod | Authentication method. Inherited from vpnConfiguration. Possible values are: certificate , usernameAndPassword , sharedSecret , derivedCredential , azureAD . |
connectionName | String | Connection name displayed to the user. Inherited from vpnConfiguration |
role | String | Role when connection type is set to Pulse Secure. Inherited from vpnConfiguration |
realm | String | Realm when connection type is set to Pulse Secure. Inherited from vpnConfiguration |
servers | vpnServer collection | List of VPN Servers on the network. Make sure end users can access these network locations. This collection can contain a maximum of 500 elements. Inherited from vpnConfiguration |
connectionType | androidVpnConnectionType | Connection type. Possible values are: ciscoAnyConnect , pulseSecure , f5EdgeClient , dellSonicWallMobileConnect , checkPointCapsuleVpn , citrix , microsoftTunnel , netMotionMobility , microsoftProtect . |
proxyServer | vpnProxyServer | Proxy server. |
targetedPackageIds | String collection | Targeted App package IDs. |
targetedMobileApps | appListItem collection | Targeted mobile apps. This collection can contain a maximum of 500 elements. |
alwaysOn | Boolean | Whether or not to enable always-on VPN connection. |
alwaysOnLockdown | Boolean | If always-on VPN connection is enabled, whether or not to lock network traffic when that VPN is disconnected. |
microsoftTunnelSiteId | String | Microsoft Tunnel site ID. |
customData | keyValue collection | Custom data to define key/value pairs specific to a VPN provider. This collection can contain a maximum of 25 elements. |
customKeyValueData | keyValuePair collection | Custom data to define key/value pairs specific to a VPN provider. This collection can contain a maximum of 25 elements. |
androidDeviceOwnerWiFiConfiguration
Property | Type | Description |
---|---|---|
id | String | Key of the entity. Inherited from deviceConfiguration |
lastModifiedDateTime | DateTimeOffset | DateTime the object was last modified. Inherited from deviceConfiguration |
roleScopeTagIds | String collection | List of Scope Tags for this Entity instance. Inherited from deviceConfiguration |
supportsScopeTags | Boolean | Indicates whether or not the underlying Device Configuration supports the assignment of scope tags. Assigning to the ScopeTags property is not allowed when this value is false and entities will not be visible to scoped users. This occurs for Legacy policies created in Silverlight and can be resolved by deleting and recreating the policy in the Azure Portal. This property is read-only. Inherited from deviceConfiguration |
deviceManagementApplicabilityRuleOsEdition | deviceManagementApplicabilityRuleOsEdition | The OS edition applicability for this Policy. Inherited from deviceConfiguration |
deviceManagementApplicabilityRuleOsVersion | deviceManagementApplicabilityRuleOsVersion | The OS version applicability rule for this Policy. Inherited from deviceConfiguration |
deviceManagementApplicabilityRuleDeviceMode | deviceManagementApplicabilityRuleDeviceMode | The device mode applicability rule for this Policy. Inherited from deviceConfiguration |
createdDateTime | DateTimeOffset | DateTime the object was created. Inherited from deviceConfiguration |
description | String | Admin provided description of the Device Configuration. Inherited from deviceConfiguration |
displayName | String | Admin provided name of the device configuration. Inherited from deviceConfiguration |
version | Int32 | Version of the device configuration. Inherited from deviceConfiguration |
networkName | String | Network Name |
ssid | String | This is the name of the Wi-Fi network that is broadcast to all devices. |
connectAutomatically | Boolean | Connect automatically when this network is in range. Setting this to true will skip the user prompt and automatically connect the device to Wi-Fi network. |
connectWhenNetworkNameIsHidden | Boolean | When set to true, this profile forces the device to connect to a network that doesn't broadcast its SSID to all devices. |
wiFiSecurityType | androidDeviceOwnerWiFiSecurityType | Indicates whether Wi-Fi endpoint uses an EAP based security type. Possible values are: open , wep , wpaPersonal , wpaEnterprise . |
preSharedKey | String | This is the pre-shared key for WPA Personal Wi-Fi network. |
preSharedKeyIsSet | Boolean | This is the pre-shared key for WPA Personal Wi-Fi network. |
proxySettings | wiFiProxySetting | Specify the proxy setting for Wi-Fi configuration. Possible values include none, manual, and automatic. Possible values are: none , manual , automatic . |
proxyManualAddress | String | Specify the proxy server IP address. Android documentation does not specify IPv4 or IPv6. For example: 192.168.1.1. |
proxyManualPort | Int32 | Specify the proxy server port. |
proxyAutomaticConfigurationUrl | String | Specify the proxy server configuration script URL. |
proxyExclusionList | String | List of hosts to exclude using the proxy on connections for. These hosts can use wildcards such as *. |
intune-deviceconfig-androiddeviceownerwifisecuritytype
intune-deviceconfig-androideaptype
androidEasEmailProfileConfiguration
Property | Type | Description |
---|---|---|
id | String | Key of the entity. Inherited from deviceConfiguration |
lastModifiedDateTime | DateTimeOffset | DateTime the object was last modified. Inherited from deviceConfiguration |
roleScopeTagIds | String collection | List of Scope Tags for this Entity instance. Inherited from deviceConfiguration |
supportsScopeTags | Boolean | Indicates whether or not the underlying Device Configuration supports the assignment of scope tags. Assigning to the ScopeTags property is not allowed when this value is false and entities will not be visible to scoped users. This occurs for Legacy policies created in Silverlight and can be resolved by deleting and recreating the policy in the Azure Portal. This property is read-only. Inherited from deviceConfiguration |
deviceManagementApplicabilityRuleOsEdition | deviceManagementApplicabilityRuleOsEdition | The OS edition applicability for this Policy. Inherited from deviceConfiguration |
deviceManagementApplicabilityRuleOsVersion | deviceManagementApplicabilityRuleOsVersion | The OS version applicability rule for this Policy. Inherited from deviceConfiguration |
deviceManagementApplicabilityRuleDeviceMode | deviceManagementApplicabilityRuleDeviceMode | The device mode applicability rule for this Policy. Inherited from deviceConfiguration |
createdDateTime | DateTimeOffset | DateTime the object was created. Inherited from deviceConfiguration |
description | String | Admin provided description of the Device Configuration. Inherited from deviceConfiguration |
displayName | String | Admin provided name of the device configuration. Inherited from deviceConfiguration |
version | Int32 | Version of the device configuration. Inherited from deviceConfiguration |
accountName | String | Exchange ActiveSync account name, displayed to users as name of EAS (this) profile. |
authenticationMethod | easAuthenticationMethod | Authentication method for Exchange ActiveSync. Possible values are: usernameAndPassword , certificate , derivedCredential . |
syncCalendar | Boolean | Toggles syncing the calendar. If set to false calendar is turned off on the device. |
syncContacts | Boolean | Toggles syncing contacts. If set to false contacts are turned off on the device. |
syncTasks | Boolean | Toggles syncing tasks. If set to false tasks are turned off on the device. |
syncNotes | Boolean | Toggles syncing notes. If set to false notes are turned off on the device. |
durationOfEmailToSync | emailSyncDuration | Duration of time email should be synced to. Possible values are: userDefined , oneDay , threeDays , oneWeek , twoWeeks , oneMonth , unlimited . |
emailAddressSource | userEmailSource | Email attribute that is picked from AAD and injected into this profile before installing on the device. Possible values are: userPrincipalName , primarySmtpAddress . |
emailSyncSchedule | emailSyncSchedule | Email sync schedule. Possible values are: userDefined , asMessagesArrive , manual , fifteenMinutes , thirtyMinutes , sixtyMinutes , basedOnMyUsage . |
hostName | String | Exchange location (URL) that the native mail app connects to. |
requireSmime | Boolean | Indicates whether or not to use S/MIME certificate. |
requireSsl | Boolean | Indicates whether or not to use SSL. |
usernameSource | androidUsernameSource | Username attribute that is picked from AAD and injected into this profile before installing on the device. Possible values are: username , userPrincipalName , samAccountName , primarySmtpAddress . |
userDomainNameSource | domainNameSource | UserDomainname attribute that is picked from AAD and injected into this profile before installing on the device. Possible values are: fullDomainName , netBiosDomainName . |
customDomainName | String | Custom domain name value used while generating an email profile before installing on the device. |
androidEnterpriseWiFiConfiguration
Property | Type | Description |
---|---|---|
id | String | Key of the entity. Inherited from deviceConfiguration |
lastModifiedDateTime | DateTimeOffset | DateTime the object was last modified. Inherited from deviceConfiguration |
roleScopeTagIds | String collection | List of Scope Tags for this Entity instance. Inherited from deviceConfiguration |
supportsScopeTags | Boolean | Indicates whether or not the underlying Device Configuration supports the assignment of scope tags. Assigning to the ScopeTags property is not allowed when this value is false and entities will not be visible to scoped users. This occurs for Legacy policies created in Silverlight and can be resolved by deleting and recreating the policy in the Azure Portal. This property is read-only. Inherited from deviceConfiguration |
deviceManagementApplicabilityRuleOsEdition | deviceManagementApplicabilityRuleOsEdition | The OS edition applicability for this Policy. Inherited from deviceConfiguration |
deviceManagementApplicabilityRuleOsVersion | deviceManagementApplicabilityRuleOsVersion | The OS version applicability rule for this Policy. Inherited from deviceConfiguration |
deviceManagementApplicabilityRuleDeviceMode | deviceManagementApplicabilityRuleDeviceMode | The device mode applicability rule for this Policy. Inherited from deviceConfiguration |
createdDateTime | DateTimeOffset | DateTime the object was created. Inherited from deviceConfiguration |
description | String | Admin provided description of the Device Configuration. Inherited from deviceConfiguration |
displayName | String | Admin provided name of the device configuration. Inherited from deviceConfiguration |
version | Int32 | Version of the device configuration. Inherited from deviceConfiguration |
networkName | String | Network Name Inherited from androidWiFiConfiguration |
ssid | String | This is the name of the Wi-Fi network that is broadcast to all devices. Inherited from androidWiFiConfiguration |
connectAutomatically | Boolean | Connect automatically when this network is in range. Setting this to true will skip the user prompt and automatically connect the device to Wi-Fi network. Inherited from androidWiFiConfiguration |
connectWhenNetworkNameIsHidden | Boolean | When set to true, this profile forces the device to connect to a network that doesn't broadcast its SSID to all devices. Inherited from androidWiFiConfiguration |
wiFiSecurityType | androidWiFiSecurityType | Indicates whether Wi-Fi endpoint uses an EAP based security type. Inherited from androidWiFiConfiguration. Possible values are: open , wpaEnterprise , wpa2Enterprise . |
eapType | androidEapType | Indicates the type of EAP protocol set on the Wi-Fi endpoint (router). Possible values are: eapTls , eapTtls , peap . |
trustedServerCertificateNames | String collection | Trusted server certificate names when EAP Type is configured to EAP-TLS/TTLS/FAST or PEAP. This is the common name used in the certificates issued by your trusted certificate authority (CA). If you provide this information, you can bypass the dynamic trust dialog that is displayed on end users' devices when they connect to this Wi-Fi network. |
authenticationMethod | wiFiAuthenticationMethod | Indicates the Authentication Method the client (device) needs to use when the EAP Type is configured to PEAP or EAP-TTLS. Possible values are: certificate , usernameAndPassword , derivedCredential . |
innerAuthenticationProtocolForEapTtls | nonEapAuthenticationMethodForEapTtlsType | Non-EAP Method for Authentication (Inner Identity) when EAP Type is EAP-TTLS and Authenticationmethod is Username and Password. Possible values are: unencryptedPassword , challengeHandshakeAuthenticationProtocol , microsoftChap , microsoftChapVersionTwo . |
innerAuthenticationProtocolForPeap | nonEapAuthenticationMethodForPeap | Non-EAP Method for Authentication (Inner Identity) when EAP Type is PEAP and Authenticationmethod is Username and Password. Possible values are: none , microsoftChapVersionTwo . |
outerIdentityPrivacyTemporaryValue | String | Enable identity privacy (Outer Identity) when EAP Type is configured to EAP-TTLS or PEAP. The String provided here is used to mask the username of individual users when they attempt to connect to Wi-Fi network. |
usernameFormatString | String | Username format string used to build the username to connect to wifi |
passwordFormatString | String | Password format string used to build the password to connect to wifi |
preSharedKey | String | PreSharedKey used to build the password to connect to wifi |
androidForWorkCertificateProfileBase
Property | Type | Description |
---|---|---|
id | String | Key of the entity. Inherited from deviceConfiguration |
lastModifiedDateTime | DateTimeOffset | DateTime the object was last modified. Inherited from deviceConfiguration |
roleScopeTagIds | String collection | List of Scope Tags for this Entity instance. Inherited from deviceConfiguration |
supportsScopeTags | Boolean | Indicates whether or not the underlying Device Configuration supports the assignment of scope tags. Assigning to the ScopeTags property is not allowed when this value is false and entities will not be visible to scoped users. This occurs for Legacy policies created in Silverlight and can be resolved by deleting and recreating the policy in the Azure Portal. This property is read-only. Inherited from deviceConfiguration |
deviceManagementApplicabilityRuleOsEdition | deviceManagementApplicabilityRuleOsEdition | The OS edition applicability for this Policy. Inherited from deviceConfiguration |
deviceManagementApplicabilityRuleOsVersion | deviceManagementApplicabilityRuleOsVersion | The OS version applicability rule for this Policy. Inherited from deviceConfiguration |
deviceManagementApplicabilityRuleDeviceMode | deviceManagementApplicabilityRuleDeviceMode | The device mode applicability rule for this Policy. Inherited from deviceConfiguration |
createdDateTime | DateTimeOffset | DateTime the object was created. Inherited from deviceConfiguration |
description | String | Admin provided description of the Device Configuration. Inherited from deviceConfiguration |
displayName | String | Admin provided name of the device configuration. Inherited from deviceConfiguration |
version | Int32 | Version of the device configuration. Inherited from deviceConfiguration |
renewalThresholdPercentage | Int32 | Certificate renewal threshold percentage. Valid values 1 to 99 |
subjectNameFormat | subjectNameFormat | Certificate Subject Name Format. Possible values are: commonName , commonNameIncludingEmail , commonNameAsEmail , custom , commonNameAsIMEI , commonNameAsSerialNumber , commonNameAsAadDeviceId , commonNameAsIntuneDeviceId , commonNameAsDurableDeviceId . |
certificateValidityPeriodValue | Int32 | Value for the Certificate Validity Period. |
certificateValidityPeriodScale | certificateValidityPeriodScale | Scale for the Certificate Validity Period. Possible values are: days , months , years . |
extendedKeyUsages | extendedKeyUsage collection | Extended Key Usage (EKU) settings. This collection can contain a maximum of 500 elements. |
subjectAlternativeNameType | subjectAlternativeNameType | Certificate Subject Alternative Name Type. Possible values are: none , emailAddress , userPrincipalName , customAzureADAttribute , domainNameService , universalResourceIdentifier . |
androidForWorkCompliancePolicy
Property | Type | Description |
---|---|---|
roleScopeTagIds | String collection | List of Scope Tags for this Entity instance. Inherited from deviceCompliancePolicy |
id | String | Key of the entity. Inherited from deviceCompliancePolicy |
createdDateTime | DateTimeOffset | DateTime the object was created. Inherited from deviceCompliancePolicy |
description | String | Admin provided description of the Device Configuration. Inherited from deviceCompliancePolicy |
lastModifiedDateTime | DateTimeOffset | DateTime the object was last modified. Inherited from deviceCompliancePolicy |
displayName | String | Admin provided name of the device configuration. Inherited from deviceCompliancePolicy |
version | Int32 | Version of the device configuration. Inherited from deviceCompliancePolicy |
passwordRequired | Boolean | Require a password to unlock device. |
passwordMinimumLength | Int32 | Minimum password length. Valid values 4 to 16 |
passwordRequiredType | androidRequiredPasswordType | Type of characters in password. Possible values are: deviceDefault , alphabetic , alphanumeric , alphanumericWithSymbols , lowSecurityBiometric , numeric , numericComplex , any . |
requiredPasswordComplexity | androidRequiredPasswordComplexity | Indicates the required device password complexity on Android. One of: NONE, LOW, MEDIUM, HIGH. This is a new API targeted to Android API 12+. Possible values are: none , low , medium , high . |
passwordMinutesOfInactivityBeforeLock | Int32 | Minutes of inactivity before a password is required. |
passwordExpirationDays | Int32 | Number of days before the password expires. Valid values 1 to 365 |
passwordPreviousPasswordBlockCount | Int32 | Number of previous passwords to block. Valid values 1 to 24 |
passwordSignInFailureCountBeforeFactoryReset | Int32 | Number of sign-in failures allowed before factory reset. Valid values 1 to 16 |
securityPreventInstallAppsFromUnknownSources | Boolean | Require that devices disallow installation of apps from unknown sources. |
securityDisableUsbDebugging | Boolean | Disable USB debugging on Android devices. |
securityRequireVerifyApps | Boolean | Require the Android Verify apps feature is turned on. |
deviceThreatProtectionEnabled | Boolean | Require that devices have enabled device threat protection. |
deviceThreatProtectionRequiredSecurityLevel | deviceThreatProtectionLevel | Require Mobile Threat Protection minimum risk level to report noncompliance. Possible values are: unavailable , secured , low , medium , high , notSet . |
securityBlockJailbrokenDevices | Boolean | Devices must not be jailbroken or rooted. |
osMinimumVersion | String | Minimum Android version. |
osMaximumVersion | String | Maximum Android version. |
minAndroidSecurityPatchLevel | String | Minimum Android security patch level. |
storageRequireEncryption | Boolean | Require encryption on Android devices. |
securityRequireSafetyNetAttestationBasicIntegrity | Boolean | Require the device to pass the SafetyNet basic integrity check. |
securityRequireSafetyNetAttestationCertifiedDevice | Boolean | Require the device to pass the SafetyNet certified device check. |
securityRequireGooglePlayServices | Boolean | Require Google Play Services to be installed and enabled on the device. |
securityRequireUpToDateSecurityProviders | Boolean | Require the device to have up to date security providers. The device will require Google Play Services to be enabled and up to date. |
securityRequireCompanyPortalAppIntegrity | Boolean | Require the device to pass the Company Portal client app runtime integrity check. |
securityRequiredAndroidSafetyNetEvaluationType | androidSafetyNetEvaluationType | Require a specific SafetyNet evaluation type for compliance. Possible values are: basic , hardwareBacked . |
intune-deviceconfig-androidforworkcrossprofiledatasharingtype
androidForWorkCustomConfiguration
Property | Type | Description |
---|---|---|
id | String | Key of the entity. Inherited from deviceConfiguration |
lastModifiedDateTime | DateTimeOffset | DateTime the object was last modified. Inherited from deviceConfiguration |
roleScopeTagIds | String collection | List of Scope Tags for this Entity instance. Inherited from deviceConfiguration |
supportsScopeTags | Boolean | Indicates whether or not the underlying Device Configuration supports the assignment of scope tags. Assigning to the ScopeTags property is not allowed when this value is false and entities will not be visible to scoped users. This occurs for Legacy policies created in Silverlight and can be resolved by deleting and recreating the policy in the Azure Portal. This property is read-only. Inherited from deviceConfiguration |
deviceManagementApplicabilityRuleOsEdition | deviceManagementApplicabilityRuleOsEdition | The OS edition applicability for this Policy. Inherited from deviceConfiguration |
deviceManagementApplicabilityRuleOsVersion | deviceManagementApplicabilityRuleOsVersion | The OS version applicability rule for this Policy. Inherited from deviceConfiguration |
deviceManagementApplicabilityRuleDeviceMode | deviceManagementApplicabilityRuleDeviceMode | The device mode applicability rule for this Policy. Inherited from deviceConfiguration |
createdDateTime | DateTimeOffset | DateTime the object was created. Inherited from deviceConfiguration |
description | String | Admin provided description of the Device Configuration. Inherited from deviceConfiguration |
displayName | String | Admin provided name of the device configuration. Inherited from deviceConfiguration |
version | Int32 | Version of the device configuration. Inherited from deviceConfiguration |
omaSettings | omaSetting collection | OMA settings. This collection can contain a maximum of 500 elements. |
intune-deviceconfig-androidforworkdefaultapppermissionpolicytype
androidForWorkEasEmailProfileBase
Property | Type | Description |
---|---|---|
id | String | Key of the entity. Inherited from deviceConfiguration |
lastModifiedDateTime | DateTimeOffset | DateTime the object was last modified. Inherited from deviceConfiguration |
roleScopeTagIds | String collection | List of Scope Tags for this Entity instance. Inherited from deviceConfiguration |
supportsScopeTags | Boolean | Indicates whether or not the underlying Device Configuration supports the assignment of scope tags. Assigning to the ScopeTags property is not allowed when this value is false and entities will not be visible to scoped users. This occurs for Legacy policies created in Silverlight and can be resolved by deleting and recreating the policy in the Azure Portal. This property is read-only. Inherited from deviceConfiguration |
deviceManagementApplicabilityRuleOsEdition | deviceManagementApplicabilityRuleOsEdition | The OS edition applicability for this Policy. Inherited from deviceConfiguration |
deviceManagementApplicabilityRuleOsVersion | deviceManagementApplicabilityRuleOsVersion | The OS version applicability rule for this Policy. Inherited from deviceConfiguration |
deviceManagementApplicabilityRuleDeviceMode | deviceManagementApplicabilityRuleDeviceMode | The device mode applicability rule for this Policy. Inherited from deviceConfiguration |
createdDateTime | DateTimeOffset | DateTime the object was created. Inherited from deviceConfiguration |
description | String | Admin provided description of the Device Configuration. Inherited from deviceConfiguration |
displayName | String | Admin provided name of the device configuration. Inherited from deviceConfiguration |
version | Int32 | Version of the device configuration. Inherited from deviceConfiguration |
authenticationMethod | easAuthenticationMethod | Authentication method for Exchange ActiveSync. Possible values are: usernameAndPassword , certificate , derivedCredential . |
durationOfEmailToSync | emailSyncDuration | Duration of time email should be synced to. Possible values are: userDefined , oneDay , threeDays , oneWeek , twoWeeks , oneMonth , unlimited . |
emailAddressSource | userEmailSource | Email attribute that is picked from AAD and injected into this profile before installing on the device. Possible values are: userPrincipalName , primarySmtpAddress . |
hostName | String | Exchange location (URL) that the mail app connects to. |
requireSsl | Boolean | Indicates whether or not to use SSL. |
usernameSource | androidUsernameSource | Username attribute that is picked from AAD and injected into this profile before installing on the device. Possible values are: username , userPrincipalName , samAccountName , primarySmtpAddress . |
androidForWorkEnterpriseWiFiConfiguration
Property | Type | Description |
---|---|---|
id | String | Key of the entity. Inherited from deviceConfiguration |
lastModifiedDateTime | DateTimeOffset | DateTime the object was last modified. Inherited from deviceConfiguration |
roleScopeTagIds | String collection | List of Scope Tags for this Entity instance. Inherited from deviceConfiguration |
supportsScopeTags | Boolean | Indicates whether or not the underlying Device Configuration supports the assignment of scope tags. Assigning to the ScopeTags property is not allowed when this value is false and entities will not be visible to scoped users. This occurs for Legacy policies created in Silverlight and can be resolved by deleting and recreating the policy in the Azure Portal. This property is read-only. Inherited from deviceConfiguration |
deviceManagementApplicabilityRuleOsEdition | deviceManagementApplicabilityRuleOsEdition | The OS edition applicability for this Policy. Inherited from deviceConfiguration |
deviceManagementApplicabilityRuleOsVersion | deviceManagementApplicabilityRuleOsVersion | The OS version applicability rule for this Policy. Inherited from deviceConfiguration |
deviceManagementApplicabilityRuleDeviceMode | deviceManagementApplicabilityRuleDeviceMode | The device mode applicability rule for this Policy. Inherited from deviceConfiguration |
createdDateTime | DateTimeOffset | DateTime the object was created. Inherited from deviceConfiguration |
description | String | Admin provided description of the Device Configuration. Inherited from deviceConfiguration |
displayName | String | Admin provided name of the device configuration. Inherited from deviceConfiguration |
version | Int32 | Version of the device configuration. Inherited from deviceConfiguration |
networkName | String | Network Name Inherited from androidForWorkWiFiConfiguration |
ssid | String | This is the name of the Wi-Fi network that is broadcast to all devices. Inherited from androidForWorkWiFiConfiguration |
connectAutomatically | Boolean | Connect automatically when this network is in range. Setting this to true will skip the user prompt and automatically connect the device to Wi-Fi network. Inherited from androidForWorkWiFiConfiguration |
connectWhenNetworkNameIsHidden | Boolean | When set to true, this profile forces the device to connect to a network that doesn't broadcast its SSID to all devices. Inherited from androidForWorkWiFiConfiguration |
wiFiSecurityType | androidWiFiSecurityType | Indicates whether Wi-Fi endpoint uses an EAP based security type. Inherited from androidForWorkWiFiConfiguration. Possible values are: open , wpaEnterprise , wpa2Enterprise . |
eapType | androidEapType | Indicates the type of EAP protocol set on the Wi-Fi endpoint (router). Possible values are: eapTls , eapTtls , peap . |
trustedServerCertificateNames | String collection | Trusted server certificate names when EAP Type is configured to EAP-TLS/TTLS/FAST or PEAP. This is the common name used in the certificates issued by your trusted certificate authority (CA). If you provide this information, you can bypass the dynamic trust dialog that is displayed on end users' devices when they connect to this Wi-Fi network. |
authenticationMethod | wiFiAuthenticationMethod | Indicates the Authentication Method the client (device) needs to use when the EAP Type is configured to PEAP or EAP-TTLS. Possible values are: certificate , usernameAndPassword , derivedCredential . |
innerAuthenticationProtocolForEapTtls | nonEapAuthenticationMethodForEapTtlsType | Non-EAP Method for Authentication (Inner Identity) when EAP Type is EAP-TTLS and Authenticationmethod is Username and Password. Possible values are: unencryptedPassword , challengeHandshakeAuthenticationProtocol , microsoftChap , microsoftChapVersionTwo . |
innerAuthenticationProtocolForPeap | nonEapAuthenticationMethodForPeap | Non-EAP Method for Authentication (Inner Identity) when EAP Type is PEAP and Authenticationmethod is Username and Password. Possible values are: none , microsoftChapVersionTwo . |
outerIdentityPrivacyTemporaryValue | String | Enable identity privacy (Outer Identity) when EAP Type is configured to EAP-TTLS or PEAP. The String provided here is used to mask the username of individual users when they attempt to connect to Wi-Fi network. |
androidForWorkGeneralDeviceConfiguration
Property | Type | Description |
---|---|---|
id | String | Key of the entity. Inherited from deviceConfiguration |
lastModifiedDateTime | DateTimeOffset | DateTime the object was last modified. Inherited from deviceConfiguration |
roleScopeTagIds | String collection | List of Scope Tags for this Entity instance. Inherited from deviceConfiguration |
supportsScopeTags | Boolean | Indicates whether or not the underlying Device Configuration supports the assignment of scope tags. Assigning to the ScopeTags property is not allowed when this value is false and entities will not be visible to scoped users. This occurs for Legacy policies created in Silverlight and can be resolved by deleting and recreating the policy in the Azure Portal. This property is read-only. Inherited from deviceConfiguration |
deviceManagementApplicabilityRuleOsEdition | deviceManagementApplicabilityRuleOsEdition | The OS edition applicability for this Policy. Inherited from deviceConfiguration |
deviceManagementApplicabilityRuleOsVersion | deviceManagementApplicabilityRuleOsVersion | The OS version applicability rule for this Policy. Inherited from deviceConfiguration |
deviceManagementApplicabilityRuleDeviceMode | deviceManagementApplicabilityRuleDeviceMode | The device mode applicability rule for this Policy. Inherited from deviceConfiguration |
createdDateTime | DateTimeOffset | DateTime the object was created. Inherited from deviceConfiguration |
description | String | Admin provided description of the Device Configuration. Inherited from deviceConfiguration |
displayName | String | Admin provided name of the device configuration. Inherited from deviceConfiguration |
version | Int32 | Version of the device configuration. Inherited from deviceConfiguration |
passwordBlockFaceUnlock | Boolean | Indicates whether or not to block face unlock. |
passwordBlockFingerprintUnlock | Boolean | Indicates whether or not to block fingerprint unlock. |
passwordBlockIrisUnlock | Boolean | Indicates whether or not to block iris unlock. |
passwordBlockTrustAgents | Boolean | Indicates whether or not to block Smart Lock and other trust agents. |
passwordExpirationDays | Int32 | Number of days before the password expires. Valid values 1 to 365 |
passwordMinimumLength | Int32 | Minimum length of passwords. Valid values 4 to 16 |
passwordMinutesOfInactivityBeforeScreenTimeout | Int32 | Minutes of inactivity before the screen times out. |
passwordPreviousPasswordBlockCount | Int32 | Number of previous passwords to block. Valid values 0 to 24 |
passwordSignInFailureCountBeforeFactoryReset | Int32 | Number of sign in failures allowed before factory reset. Valid values 1 to 16 |
passwordRequiredType | androidForWorkRequiredPasswordType | Type of password that is required. Possible values are: deviceDefault , lowSecurityBiometric , required , atLeastNumeric , numericComplex , atLeastAlphabetic , atLeastAlphanumeric , alphanumericWithSymbols . |
requiredPasswordComplexity | androidRequiredPasswordComplexity | Indicates the required device password complexity on Android. One of: NONE, LOW, MEDIUM, HIGH. This is a new API targeted to Android 12+. Possible values are: none , low , medium , high . |
workProfileDataSharingType | androidForWorkCrossProfileDataSharingType | Type of data sharing that is allowed. Possible values are: deviceDefault , preventAny , allowPersonalToWork , noRestrictions . |
workProfileBlockNotificationsWhileDeviceLocked | Boolean | Indicates whether or not to block notifications while device locked. |
workProfileBlockAddingAccounts | Boolean | Block users from adding/removing accounts in work profile. |
workProfileBluetoothEnableContactSharing | Boolean | Allow bluetooth devices to access enterprise contacts. |
workProfileBlockScreenCapture | Boolean | Block screen capture in work profile. |
workProfileBlockCrossProfileCallerId | Boolean | Block display work profile caller ID in personal profile. |
workProfileBlockCamera | Boolean | Block work profile camera. |
workProfileBlockCrossProfileContactsSearch | Boolean | Block work profile contacts availability in personal profile. |
workProfileBlockCrossProfileCopyPaste | Boolean | Boolean that indicates if the setting disallow cross profile copy/paste is enabled. |
workProfileDefaultAppPermissionPolicy | androidForWorkDefaultAppPermissionPolicyType | Type of password that is required. Possible values are: deviceDefault , prompt , autoGrant , autoDeny . |
workProfilePasswordBlockFaceUnlock | Boolean | Indicates whether or not to block face unlock for work profile. |
workProfilePasswordBlockFingerprintUnlock | Boolean | Indicates whether or not to block fingerprint unlock for work profile. |
workProfilePasswordBlockIrisUnlock | Boolean | Indicates whether or not to block iris unlock for work profile. |
workProfilePasswordBlockTrustAgents | Boolean | Indicates whether or not to block Smart Lock and other trust agents for work profile. |
workProfilePasswordExpirationDays | Int32 | Number of days before the work profile password expires. Valid values 1 to 365 |
workProfilePasswordMinimumLength | Int32 | Minimum length of work profile password. Valid values 4 to 16 |
workProfilePasswordMinNumericCharacters | Int32 | Minimum # of numeric characters required in work profile password. Valid values 1 to 10 |
workProfilePasswordMinNonLetterCharacters | Int32 | Minimum # of non-letter characters required in work profile password. Valid values 1 to 10 |
workProfilePasswordMinLetterCharacters | Int32 | Minimum # of letter characters required in work profile password. Valid values 1 to 10 |
workProfilePasswordMinLowerCaseCharacters | Int32 | Minimum # of lower-case characters required in work profile password. Valid values 1 to 10 |
workProfilePasswordMinUpperCaseCharacters | Int32 | Minimum # of upper-case characters required in work profile password. Valid values 1 to 10 |
workProfilePasswordMinSymbolCharacters | Int32 | Minimum # of symbols required in work profile password. Valid values 1 to 10 |
workProfilePasswordMinutesOfInactivityBeforeScreenTimeout | Int32 | Minutes of inactivity before the screen times out. |
workProfilePasswordPreviousPasswordBlockCount | Int32 | Number of previous work profile passwords to block. Valid values 0 to 24 |
workProfilePasswordSignInFailureCountBeforeFactoryReset | Int32 | Number of sign in failures allowed before work profile is removed and all corporate data deleted. Valid values 1 to 16 |
workProfilePasswordRequiredType | androidForWorkRequiredPasswordType | Type of work profile password that is required. Possible values are: deviceDefault , lowSecurityBiometric , required , atLeastNumeric , numericComplex , atLeastAlphabetic , atLeastAlphanumeric , alphanumericWithSymbols . |
workProfileRequiredPasswordComplexity | androidRequiredPasswordComplexity | Indicates the required work profile password complexity on Android. One of: NONE, LOW, MEDIUM, HIGH. This is a new API targeted to Android 12+. Possible values are: none , low , medium , high . |
workProfileRequirePassword | Boolean | Password is required or not for work profile |
securityRequireVerifyApps | Boolean | Require the Android Verify apps feature is turned on. |
vpnAlwaysOnPackageIdentifier | String | Enable lockdown mode for always-on VPN. |
vpnEnableAlwaysOnLockdownMode | Boolean | Enable lockdown mode for always-on VPN. |
workProfileAllowWidgets | Boolean | Allow widgets from work profile apps. |
workProfileBlockPersonalAppInstallsFromUnknownSources | Boolean | Prevent app installations from unknown sources in the personal profile. |
androidForWorkGmailEasConfiguration
Property | Type | Description |
---|---|---|
id | String | Key of the entity. Inherited from deviceConfiguration |
lastModifiedDateTime | DateTimeOffset | DateTime the object was last modified. Inherited from deviceConfiguration |
roleScopeTagIds | String collection | List of Scope Tags for this Entity instance. Inherited from deviceConfiguration |
supportsScopeTags | Boolean | Indicates whether or not the underlying Device Configuration supports the assignment of scope tags. Assigning to the ScopeTags property is not allowed when this value is false and entities will not be visible to scoped users. This occurs for Legacy policies created in Silverlight and can be resolved by deleting and recreating the policy in the Azure Portal. This property is read-only. Inherited from deviceConfiguration |
deviceManagementApplicabilityRuleOsEdition | deviceManagementApplicabilityRuleOsEdition | The OS edition applicability for this Policy. Inherited from deviceConfiguration |
deviceManagementApplicabilityRuleOsVersion | deviceManagementApplicabilityRuleOsVersion | The OS version applicability rule for this Policy. Inherited from deviceConfiguration |
deviceManagementApplicabilityRuleDeviceMode | deviceManagementApplicabilityRuleDeviceMode | The device mode applicability rule for this Policy. Inherited from deviceConfiguration |
createdDateTime | DateTimeOffset | DateTime the object was created. Inherited from deviceConfiguration |
description | String | Admin provided description of the Device Configuration. Inherited from deviceConfiguration |
displayName | String | Admin provided name of the device configuration. Inherited from deviceConfiguration |
version | Int32 | Version of the device configuration. Inherited from deviceConfiguration |
authenticationMethod | easAuthenticationMethod | Authentication method for Exchange ActiveSync. Inherited from androidForWorkEasEmailProfileBase. Possible values are: usernameAndPassword , certificate , derivedCredential . |
durationOfEmailToSync | emailSyncDuration | Duration of time email should be synced to. Inherited from androidForWorkEasEmailProfileBase. Possible values are: userDefined , oneDay , threeDays , oneWeek , twoWeeks , oneMonth , unlimited . |
emailAddressSource | userEmailSource | Email attribute that is picked from AAD and injected into this profile before installing on the device. Inherited from androidForWorkEasEmailProfileBase. Possible values are: userPrincipalName , primarySmtpAddress . |
hostName | String | Exchange location (URL) that the mail app connects to. Inherited from androidForWorkEasEmailProfileBase |
requireSsl | Boolean | Indicates whether or not to use SSL. Inherited from androidForWorkEasEmailProfileBase |
usernameSource | androidUsernameSource | Username attribute that is picked from AAD and injected into this profile before installing on the device. Inherited from androidForWorkEasEmailProfileBase. Possible values are: username , userPrincipalName , samAccountName , primarySmtpAddress . |
androidForWorkImportedPFXCertificateProfile
Property | Type | Description |
---|---|---|
id | String | Key of the entity. Inherited from deviceConfiguration |
lastModifiedDateTime | DateTimeOffset | DateTime the object was last modified. Inherited from deviceConfiguration |
roleScopeTagIds | String collection | List of Scope Tags for this Entity instance. Inherited from deviceConfiguration |
supportsScopeTags | Boolean | Indicates whether or not the underlying Device Configuration supports the assignment of scope tags. Assigning to the ScopeTags property is not allowed when this value is false and entities will not be visible to scoped users. This occurs for Legacy policies created in Silverlight and can be resolved by deleting and recreating the policy in the Azure Portal. This property is read-only. Inherited from deviceConfiguration |
deviceManagementApplicabilityRuleOsEdition | deviceManagementApplicabilityRuleOsEdition | The OS edition applicability for this Policy. Inherited from deviceConfiguration |
deviceManagementApplicabilityRuleOsVersion | deviceManagementApplicabilityRuleOsVersion | The OS version applicability rule for this Policy. Inherited from deviceConfiguration |
deviceManagementApplicabilityRuleDeviceMode | deviceManagementApplicabilityRuleDeviceMode | The device mode applicability rule for this Policy. Inherited from deviceConfiguration |
createdDateTime | DateTimeOffset | DateTime the object was created. Inherited from deviceConfiguration |
description | String | Admin provided description of the Device Configuration. Inherited from deviceConfiguration |
displayName | String | Admin provided name of the device configuration. Inherited from deviceConfiguration |
version | Int32 | Version of the device configuration. Inherited from deviceConfiguration |
renewalThresholdPercentage | Int32 | Certificate renewal threshold percentage. Valid values 1 to 99 Inherited from androidCertificateProfileBase |
subjectNameFormat | subjectNameFormat | Certificate Subject Name Format. Inherited from androidCertificateProfileBase. Possible values are: commonName , commonNameIncludingEmail , commonNameAsEmail , custom , commonNameAsIMEI , commonNameAsSerialNumber , commonNameAsAadDeviceId , commonNameAsIntuneDeviceId , commonNameAsDurableDeviceId . |
subjectAlternativeNameType | subjectAlternativeNameType | Certificate Subject Alternative Name Type. Inherited from androidCertificateProfileBase. Possible values are: none , emailAddress , userPrincipalName , customAzureADAttribute , domainNameService , universalResourceIdentifier . |
certificateValidityPeriodValue | Int32 | Value for the Certificate Validity Period. Inherited from androidCertificateProfileBase |
certificateValidityPeriodScale | certificateValidityPeriodScale | Scale for the Certificate Validity Period. Inherited from androidCertificateProfileBase. Possible values are: days , months , years . |
extendedKeyUsages | extendedKeyUsage collection | Extended Key Usage (EKU) settings. This collection can contain a maximum of 500 elements. Inherited from androidCertificateProfileBase |
intendedPurpose | intendedPurpose | Intended Purpose of the Certificate Profile - which could be Unassigned, SmimeEncryption, SmimeSigning etc. Possible values are: unassigned , smimeEncryption , smimeSigning , vpn , wifi . |
androidForWorkNineWorkEasConfiguration
Property | Type | Description |
---|---|---|
id | String | Key of the entity. Inherited from deviceConfiguration |
lastModifiedDateTime | DateTimeOffset | DateTime the object was last modified. Inherited from deviceConfiguration |
roleScopeTagIds | String collection | List of Scope Tags for this Entity instance. Inherited from deviceConfiguration |
supportsScopeTags | Boolean | Indicates whether or not the underlying Device Configuration supports the assignment of scope tags. Assigning to the ScopeTags property is not allowed when this value is false and entities will not be visible to scoped users. This occurs for Legacy policies created in Silverlight and can be resolved by deleting and recreating the policy in the Azure Portal. This property is read-only. Inherited from deviceConfiguration |
deviceManagementApplicabilityRuleOsEdition | deviceManagementApplicabilityRuleOsEdition | The OS edition applicability for this Policy. Inherited from deviceConfiguration |
deviceManagementApplicabilityRuleOsVersion | deviceManagementApplicabilityRuleOsVersion | The OS version applicability rule for this Policy. Inherited from deviceConfiguration |
deviceManagementApplicabilityRuleDeviceMode | deviceManagementApplicabilityRuleDeviceMode | The device mode applicability rule for this Policy. Inherited from deviceConfiguration |
createdDateTime | DateTimeOffset | DateTime the object was created. Inherited from deviceConfiguration |
description | String | Admin provided description of the Device Configuration. Inherited from deviceConfiguration |
displayName | String | Admin provided name of the device configuration. Inherited from deviceConfiguration |
version | Int32 | Version of the device configuration. Inherited from deviceConfiguration |
authenticationMethod | easAuthenticationMethod | Authentication method for Exchange ActiveSync. Inherited from androidForWorkEasEmailProfileBase. Possible values are: usernameAndPassword , certificate , derivedCredential . |
durationOfEmailToSync | emailSyncDuration | Duration of time email should be synced to. Inherited from androidForWorkEasEmailProfileBase. Possible values are: userDefined , oneDay , threeDays , oneWeek , twoWeeks , oneMonth , unlimited . |
emailAddressSource | userEmailSource | Email attribute that is picked from AAD and injected into this profile before installing on the device. Inherited from androidForWorkEasEmailProfileBase. Possible values are: userPrincipalName , primarySmtpAddress . |
hostName | String | Exchange location (URL) that the mail app connects to. Inherited from androidForWorkEasEmailProfileBase |
requireSsl | Boolean | Indicates whether or not to use SSL. Inherited from androidForWorkEasEmailProfileBase |
usernameSource | androidUsernameSource | Username attribute that is picked from AAD and injected into this profile before installing on the device. Inherited from androidForWorkEasEmailProfileBase. Possible values are: username , userPrincipalName , samAccountName , primarySmtpAddress . |
syncCalendar | Boolean | Toggles syncing the calendar. If set to false the calendar is turned off on the device. |
syncContacts | Boolean | Toggles syncing contacts. If set to false contacts are turned off on the device. |
syncTasks | Boolean | Toggles syncing tasks. If set to false tasks are turned off on the device. |
androidForWorkPkcsCertificateProfile
Property | Type | Description |
---|---|---|
id | String | Key of the entity. Inherited from deviceConfiguration |
lastModifiedDateTime | DateTimeOffset | DateTime the object was last modified. Inherited from deviceConfiguration |
roleScopeTagIds | String collection | List of Scope Tags for this Entity instance. Inherited from deviceConfiguration |
supportsScopeTags | Boolean | Indicates whether or not the underlying Device Configuration supports the assignment of scope tags. Assigning to the ScopeTags property is not allowed when this value is false and entities will not be visible to scoped users. This occurs for Legacy policies created in Silverlight and can be resolved by deleting and recreating the policy in the Azure Portal. This property is read-only. Inherited from deviceConfiguration |
deviceManagementApplicabilityRuleOsEdition | deviceManagementApplicabilityRuleOsEdition | The OS edition applicability for this Policy. Inherited from deviceConfiguration |
deviceManagementApplicabilityRuleOsVersion | deviceManagementApplicabilityRuleOsVersion | The OS version applicability rule for this Policy. Inherited from deviceConfiguration |
deviceManagementApplicabilityRuleDeviceMode | deviceManagementApplicabilityRuleDeviceMode | The device mode applicability rule for this Policy. Inherited from deviceConfiguration |
createdDateTime | DateTimeOffset | DateTime the object was created. Inherited from deviceConfiguration |
description | String | Admin provided description of the Device Configuration. Inherited from deviceConfiguration |
displayName | String | Admin provided name of the device configuration. Inherited from deviceConfiguration |
version | Int32 | Version of the device configuration. Inherited from deviceConfiguration |
renewalThresholdPercentage | Int32 | Certificate renewal threshold percentage. Valid values 1 to 99 Inherited from androidForWorkCertificateProfileBase |
subjectNameFormat | subjectNameFormat | Certificate Subject Name Format. Inherited from androidForWorkCertificateProfileBase. Possible values are: commonName , commonNameIncludingEmail , commonNameAsEmail , custom , commonNameAsIMEI , commonNameAsSerialNumber , commonNameAsAadDeviceId , commonNameAsIntuneDeviceId , commonNameAsDurableDeviceId . |
certificateValidityPeriodValue | Int32 | Value for the Certificate Validity Period. Inherited from androidForWorkCertificateProfileBase |
certificateValidityPeriodScale | certificateValidityPeriodScale | Scale for the Certificate Validity Period. Inherited from androidForWorkCertificateProfileBase. Possible values are: days , months , years . |
extendedKeyUsages | extendedKeyUsage collection | Extended Key Usage (EKU) settings. This collection can contain a maximum of 500 elements. Inherited from androidForWorkCertificateProfileBase |
subjectAlternativeNameType | subjectAlternativeNameType | Certificate Subject Alternative Name Type. Inherited from androidForWorkCertificateProfileBase. Possible values are: none , emailAddress , userPrincipalName , customAzureADAttribute , domainNameService , universalResourceIdentifier . |
certificationAuthority | String | PKCS Certification Authority |
certificationAuthorityName | String | PKCS Certification Authority Name |
certificateTemplateName | String | PKCS Certificate Template Name |
subjectAlternativeNameFormatString | String | Custom String that defines the AAD Attribute. |
intune-deviceconfig-androidforworkrequiredpasswordtype
androidForWorkScepCertificateProfile
Property | Type | Description |
---|---|---|
id | String | Key of the entity. Inherited from deviceConfiguration |
lastModifiedDateTime | DateTimeOffset | DateTime the object was last modified. Inherited from deviceConfiguration |
roleScopeTagIds | String collection | List of Scope Tags for this Entity instance. Inherited from deviceConfiguration |
supportsScopeTags | Boolean | Indicates whether or not the underlying Device Configuration supports the assignment of scope tags. Assigning to the ScopeTags property is not allowed when this value is false and entities will not be visible to scoped users. This occurs for Legacy policies created in Silverlight and can be resolved by deleting and recreating the policy in the Azure Portal. This property is read-only. Inherited from deviceConfiguration |
deviceManagementApplicabilityRuleOsEdition | deviceManagementApplicabilityRuleOsEdition | The OS edition applicability for this Policy. Inherited from deviceConfiguration |
deviceManagementApplicabilityRuleOsVersion | deviceManagementApplicabilityRuleOsVersion | The OS version applicability rule for this Policy. Inherited from deviceConfiguration |
deviceManagementApplicabilityRuleDeviceMode | deviceManagementApplicabilityRuleDeviceMode | The device mode applicability rule for this Policy. Inherited from deviceConfiguration |
createdDateTime | DateTimeOffset | DateTime the object was created. Inherited from deviceConfiguration |
description | String | Admin provided description of the Device Configuration. Inherited from deviceConfiguration |
displayName | String | Admin provided name of the device configuration. Inherited from deviceConfiguration |
version | Int32 | Version of the device configuration. Inherited from deviceConfiguration |
renewalThresholdPercentage | Int32 | Certificate renewal threshold percentage. Valid values 1 to 99 Inherited from androidForWorkCertificateProfileBase |
subjectNameFormat | subjectNameFormat | Certificate Subject Name Format. Inherited from androidForWorkCertificateProfileBase. Possible values are: commonName , commonNameIncludingEmail , commonNameAsEmail , custom , commonNameAsIMEI , commonNameAsSerialNumber , commonNameAsAadDeviceId , commonNameAsIntuneDeviceId , commonNameAsDurableDeviceId . |
certificateValidityPeriodValue | Int32 | Value for the Certificate Validity Period. Inherited from androidForWorkCertificateProfileBase |
certificateValidityPeriodScale | certificateValidityPeriodScale | Scale for the Certificate Validity Period. Inherited from androidForWorkCertificateProfileBase. Possible values are: days , months , years . |
extendedKeyUsages | extendedKeyUsage collection | Extended Key Usage (EKU) settings. This collection can contain a maximum of 500 elements. Inherited from androidForWorkCertificateProfileBase |
subjectAlternativeNameType | subjectAlternativeNameType | Certificate Subject Alternative Name Type. Inherited from androidForWorkCertificateProfileBase. Possible values are: none , emailAddress , userPrincipalName , customAzureADAttribute , domainNameService , universalResourceIdentifier . |
scepServerUrls | String collection | SCEP Server Url(s) |
subjectNameFormatString | String | Custom format to use with SubjectNameFormat = Custom. Example: CN={{EmailAddress}},E={{EmailAddress}},OU=Enterprise Users,O=Contoso Corporation,L=Redmond,ST=WA,C=US |
keyUsage | keyUsages | SCEP Key Usage. Possible values are: keyEncipherment , digitalSignature . |
keySize | keySize | SCEP Key Size. Possible values are: size1024 , size2048 , size4096 . |
hashAlgorithm | hashAlgorithms | SCEP Hash Algorithm. Possible values are: sha1 , sha2 . |
subjectAlternativeNameFormatString | String | Custom String that defines the AAD Attribute. |
certificateStore | certificateStore | Target store certificate. Possible values are: user , machine . |
customSubjectAlternativeNames | customSubjectAlternativeName collection | Custom Subject Alternative Name Settings. This collection can contain a maximum of 500 elements. |
androidForWorkTrustedRootCertificate
Property | Type | Description |
---|---|---|
id | String | Key of the entity. Inherited from deviceConfiguration |
lastModifiedDateTime | DateTimeOffset | DateTime the object was last modified. Inherited from deviceConfiguration |
roleScopeTagIds | String collection | List of Scope Tags for this Entity instance. Inherited from deviceConfiguration |
supportsScopeTags | Boolean | Indicates whether or not the underlying Device Configuration supports the assignment of scope tags. Assigning to the ScopeTags property is not allowed when this value is false and entities will not be visible to scoped users. This occurs for Legacy policies created in Silverlight and can be resolved by deleting and recreating the policy in the Azure Portal. This property is read-only. Inherited from deviceConfiguration |
deviceManagementApplicabilityRuleOsEdition | deviceManagementApplicabilityRuleOsEdition | The OS edition applicability for this Policy. Inherited from deviceConfiguration |
deviceManagementApplicabilityRuleOsVersion | deviceManagementApplicabilityRuleOsVersion | The OS version applicability rule for this Policy. Inherited from deviceConfiguration |
deviceManagementApplicabilityRuleDeviceMode | deviceManagementApplicabilityRuleDeviceMode | The device mode applicability rule for this Policy. Inherited from deviceConfiguration |
createdDateTime | DateTimeOffset | DateTime the object was created. Inherited from deviceConfiguration |
description | String | Admin provided description of the Device Configuration. Inherited from deviceConfiguration |
displayName | String | Admin provided name of the device configuration. Inherited from deviceConfiguration |
version | Int32 | Version of the device configuration. Inherited from deviceConfiguration |
trustedRootCertificate | Binary | Trusted Root Certificate |
certFileName | String | File name to display in UI. |
androidForWorkVpnConfiguration
Property | Type | Description |
---|---|---|
id | String | Key of the entity. Inherited from deviceConfiguration |
lastModifiedDateTime | DateTimeOffset | DateTime the object was last modified. Inherited from deviceConfiguration |
roleScopeTagIds | String collection | List of Scope Tags for this Entity instance. Inherited from deviceConfiguration |
supportsScopeTags | Boolean | Indicates whether or not the underlying Device Configuration supports the assignment of scope tags. Assigning to the ScopeTags property is not allowed when this value is false and entities will not be visible to scoped users. This occurs for Legacy policies created in Silverlight and can be resolved by deleting and recreating the policy in the Azure Portal. This property is read-only. Inherited from deviceConfiguration |
deviceManagementApplicabilityRuleOsEdition | deviceManagementApplicabilityRuleOsEdition | The OS edition applicability for this Policy. Inherited from deviceConfiguration |
deviceManagementApplicabilityRuleOsVersion | deviceManagementApplicabilityRuleOsVersion | The OS version applicability rule for this Policy. Inherited from deviceConfiguration |
deviceManagementApplicabilityRuleDeviceMode | deviceManagementApplicabilityRuleDeviceMode | The device mode applicability rule for this Policy. Inherited from deviceConfiguration |
createdDateTime | DateTimeOffset | DateTime the object was created. Inherited from deviceConfiguration |
description | String | Admin provided description of the Device Configuration. Inherited from deviceConfiguration |
displayName | String | Admin provided name of the device configuration. Inherited from deviceConfiguration |
version | Int32 | Version of the device configuration. Inherited from deviceConfiguration |
connectionName | String | Connection name displayed to the user. |
connectionType | androidForWorkVpnConnectionType | Connection type. Possible values are: ciscoAnyConnect , pulseSecure , f5EdgeClient , dellSonicWallMobileConnect , checkPointCapsuleVpn , citrix . |
role | String | Role when connection type is set to Pulse Secure. |
realm | String | Realm when connection type is set to Pulse Secure. |
servers | vpnServer collection | List of VPN Servers on the network. Make sure end users can access these network locations. This collection can contain a maximum of 500 elements. |
fingerprint | String | Fingerprint is a string that will be used to verify the VPN server can be trusted, which is only applicable when connection type is Check Point Capsule VPN. |
customData | keyValue collection | Custom data when connection type is set to Citrix. This collection can contain a maximum of 25 elements. |
customKeyValueData | keyValuePair collection | Custom data when connection type is set to Citrix. This collection can contain a maximum of 25 elements. |
authenticationMethod | vpnAuthenticationMethod | Authentication method. Possible values are: certificate , usernameAndPassword , sharedSecret , derivedCredential , azureAD . |
intune-deviceconfig-androidforworkvpnconnectiontype
androidForWorkWiFiConfiguration
Property | Type | Description |
---|---|---|
id | String | Key of the entity. Inherited from deviceConfiguration |
lastModifiedDateTime | DateTimeOffset | DateTime the object was last modified. Inherited from deviceConfiguration |
roleScopeTagIds | String collection | List of Scope Tags for this Entity instance. Inherited from deviceConfiguration |
supportsScopeTags | Boolean | Indicates whether or not the underlying Device Configuration supports the assignment of scope tags. Assigning to the ScopeTags property is not allowed when this value is false and entities will not be visible to scoped users. This occurs for Legacy policies created in Silverlight and can be resolved by deleting and recreating the policy in the Azure Portal. This property is read-only. Inherited from deviceConfiguration |
deviceManagementApplicabilityRuleOsEdition | deviceManagementApplicabilityRuleOsEdition | The OS edition applicability for this Policy. Inherited from deviceConfiguration |
deviceManagementApplicabilityRuleOsVersion | deviceManagementApplicabilityRuleOsVersion | The OS version applicability rule for this Policy. Inherited from deviceConfiguration |
deviceManagementApplicabilityRuleDeviceMode | deviceManagementApplicabilityRuleDeviceMode | The device mode applicability rule for this Policy. Inherited from deviceConfiguration |
createdDateTime | DateTimeOffset | DateTime the object was created. Inherited from deviceConfiguration |
description | String | Admin provided description of the Device Configuration. Inherited from deviceConfiguration |
displayName | String | Admin provided name of the device configuration. Inherited from deviceConfiguration |
version | Int32 | Version of the device configuration. Inherited from deviceConfiguration |
networkName | String | Network Name |
ssid | String | This is the name of the Wi-Fi network that is broadcast to all devices. |
connectAutomatically | Boolean | Connect automatically when this network is in range. Setting this to true will skip the user prompt and automatically connect the device to Wi-Fi network. |
connectWhenNetworkNameIsHidden | Boolean | When set to true, this profile forces the device to connect to a network that doesn't broadcast its SSID to all devices. |
wiFiSecurityType | androidWiFiSecurityType | Indicates whether Wi-Fi endpoint uses an EAP based security type. Possible values are: open , wpaEnterprise , wpa2Enterprise . |
androidGeneralDeviceConfiguration
Property | Type | Description |
---|---|---|
id | String | Key of the entity. Inherited from deviceConfiguration |
lastModifiedDateTime | DateTimeOffset | DateTime the object was last modified. Inherited from deviceConfiguration |
createdDateTime | DateTimeOffset | DateTime the object was created. Inherited from deviceConfiguration |
description | String | Admin provided description of the Device Configuration. Inherited from deviceConfiguration |
displayName | String | Admin provided name of the device configuration. Inherited from deviceConfiguration |
version | Int32 | Version of the device configuration. Inherited from deviceConfiguration |
appsBlockClipboardSharing | Boolean | Indicates whether or not to block clipboard sharing to copy and paste between applications. |
appsBlockCopyPaste | Boolean | Indicates whether or not to block copy and paste within applications. |
appsBlockYouTube | Boolean | Indicates whether or not to block the YouTube app. |
bluetoothBlocked | Boolean | Indicates whether or not to block Bluetooth. |
cameraBlocked | Boolean | Indicates whether or not to block the use of the camera. |
cellularBlockDataRoaming | Boolean | Indicates whether or not to block data roaming. |
cellularBlockMessaging | Boolean | Indicates whether or not to block SMS/MMS messaging. |
cellularBlockVoiceRoaming | Boolean | Indicates whether or not to block voice roaming. |
cellularBlockWiFiTethering | Boolean | Indicates whether or not to block syncing Wi-Fi tethering. |
compliantAppsList | appListItem collection | List of apps in the compliance (either allow list or block list, controlled by CompliantAppListType). This collection can contain a maximum of 10000 elements. |
compliantAppListType | appListType | Type of list that is in the CompliantAppsList. Possible values are: none , appsInListCompliant , appsNotInListCompliant . |
diagnosticDataBlockSubmission | Boolean | Indicates whether or not to block diagnostic data submission. |
locationServicesBlocked | Boolean | Indicates whether or not to block location services. |
googleAccountBlockAutoSync | Boolean | Indicates whether or not to block Google account auto sync. |
googlePlayStoreBlocked | Boolean | Indicates whether or not to block the Google Play store. |
kioskModeBlockSleepButton | Boolean | Indicates whether or not to block the screen sleep button while in Kiosk Mode. |
kioskModeBlockVolumeButtons | Boolean | Indicates whether or not to block the volume buttons while in Kiosk Mode. |
kioskModeApps | appListItem collection | A list of apps that will be allowed to run when the device is in Kiosk Mode. This collection can contain a maximum of 500 elements. |
nfcBlocked | Boolean | Indicates whether or not to block Near-Field Communication. |
passwordBlockFingerprintUnlock | Boolean | Indicates whether or not to block fingerprint unlock. |
passwordBlockTrustAgents | Boolean | Indicates whether or not to block Smart Lock and other trust agents. |
passwordExpirationDays | Int32 | Number of days before the password expires. Valid values 1 to 365 |
passwordMinimumLength | Int32 | Minimum length of passwords. Valid values 4 to 16 |
passwordMinutesOfInactivityBeforeScreenTimeout | Int32 | Minutes of inactivity before the screen times out. |
passwordPreviousPasswordBlockCount | Int32 | Number of previous passwords to block. Valid values 0 to 24 |
passwordSignInFailureCountBeforeFactoryReset | Int32 | Number of sign in failures allowed before factory reset. Valid values 1 to 16 |
passwordRequiredType | androidRequiredPasswordType | Type of password that is required. Possible values are: deviceDefault , alphabetic , alphanumeric , alphanumericWithSymbols , lowSecurityBiometric , numeric , numericComplex , any . |
passwordRequired | Boolean | Indicates whether or not to require a password. |
powerOffBlocked | Boolean | Indicates whether or not to block powering off the device. |
factoryResetBlocked | Boolean | Indicates whether or not to block user performing a factory reset. |
screenCaptureBlocked | Boolean | Indicates whether or not to block screenshots. |
deviceSharingAllowed | Boolean | Indicates whether or not to allow device sharing mode. |
storageBlockGoogleBackup | Boolean | Indicates whether or not to block Google Backup. |
storageBlockRemovableStorage | Boolean | Indicates whether or not to block removable storage usage. |
storageRequireDeviceEncryption | Boolean | Indicates whether or not to require device encryption. |
storageRequireRemovableStorageEncryption | Boolean | Indicates whether or not to require removable storage encryption. |
voiceAssistantBlocked | Boolean | Indicates whether or not to block the use of the Voice Assistant. |
voiceDialingBlocked | Boolean | Indicates whether or not to block voice dialing. |
webBrowserBlockPopups | Boolean | Indicates whether or not to block popups within the web browser. |
webBrowserBlockAutofill | Boolean | Indicates whether or not to block the web browser's auto fill feature. |
webBrowserBlockJavaScript | Boolean | Indicates whether or not to block JavaScript within the web browser. |
webBrowserBlocked | Boolean | Indicates whether or not to block the web browser. |
webBrowserCookieSettings | webBrowserCookieSettings | Cookie settings within the web browser. Possible values are: browserDefault , blockAlways , allowCurrentWebSite , allowFromWebsitesVisited , allowAlways . |
wiFiBlocked | Boolean | Indicates whether or not to block syncing Wi-Fi. |
appsInstallAllowList | appListItem collection | List of apps which can be installed on the KNOX device. This collection can contain a maximum of 500 elements. |
appsLaunchBlockList | appListItem collection | List of apps which are blocked from being launched on the KNOX device. This collection can contain a maximum of 500 elements. |
appsHideList | appListItem collection | List of apps to be hidden on the KNOX device. This collection can contain a maximum of 500 elements. |
securityRequireVerifyApps | Boolean | Require the Android Verify apps feature is turned on. |
androidImportedPFXCertificateProfile
Property | Type | Description |
---|---|---|
id | String | Key of the entity. Inherited from deviceConfiguration |
lastModifiedDateTime | DateTimeOffset | DateTime the object was last modified. Inherited from deviceConfiguration |
roleScopeTagIds | String collection | List of Scope Tags for this Entity instance. Inherited from deviceConfiguration |
supportsScopeTags | Boolean | Indicates whether or not the underlying Device Configuration supports the assignment of scope tags. Assigning to the ScopeTags property is not allowed when this value is false and entities will not be visible to scoped users. This occurs for Legacy policies created in Silverlight and can be resolved by deleting and recreating the policy in the Azure Portal. This property is read-only. Inherited from deviceConfiguration |
deviceManagementApplicabilityRuleOsEdition | deviceManagementApplicabilityRuleOsEdition | The OS edition applicability for this Policy. Inherited from deviceConfiguration |
deviceManagementApplicabilityRuleOsVersion | deviceManagementApplicabilityRuleOsVersion | The OS version applicability rule for this Policy. Inherited from deviceConfiguration |
deviceManagementApplicabilityRuleDeviceMode | deviceManagementApplicabilityRuleDeviceMode | The device mode applicability rule for this Policy. Inherited from deviceConfiguration |
createdDateTime | DateTimeOffset | DateTime the object was created. Inherited from deviceConfiguration |
description | String | Admin provided description of the Device Configuration. Inherited from deviceConfiguration |
displayName | String | Admin provided name of the device configuration. Inherited from deviceConfiguration |
version | Int32 | Version of the device configuration. Inherited from deviceConfiguration |
renewalThresholdPercentage | Int32 | Certificate renewal threshold percentage. Valid values 1 to 99 Inherited from androidCertificateProfileBase |
subjectNameFormat | subjectNameFormat | Certificate Subject Name Format. Inherited from androidCertificateProfileBase. Possible values are: commonName , commonNameIncludingEmail , commonNameAsEmail , custom , commonNameAsIMEI , commonNameAsSerialNumber , commonNameAsAadDeviceId , commonNameAsIntuneDeviceId , commonNameAsDurableDeviceId . |
subjectAlternativeNameType | subjectAlternativeNameType | Certificate Subject Alternative Name Type. Inherited from androidCertificateProfileBase. Possible values are: none , emailAddress , userPrincipalName , customAzureADAttribute , domainNameService , universalResourceIdentifier . |
certificateValidityPeriodValue | Int32 | Value for the Certificate Validity Period. Inherited from androidCertificateProfileBase |
certificateValidityPeriodScale | certificateValidityPeriodScale | Scale for the Certificate Validity Period. Inherited from androidCertificateProfileBase. Possible values are: days , months , years . |
extendedKeyUsages | extendedKeyUsage collection | Extended Key Usage (EKU) settings. This collection can contain a maximum of 500 elements. Inherited from androidCertificateProfileBase |
intendedPurpose | intendedPurpose | Intended Purpose of the Certificate Profile - which could be Unassigned, SmimeEncryption, SmimeSigning etc. Possible values are: unassigned , smimeEncryption , smimeSigning , vpn , wifi . |
intune-deviceconfig-androidkeyguardfeature
androidOmaCpConfiguration
Property | Type | Description |
---|---|---|
id | String | Key of the entity. Inherited from deviceConfiguration |
lastModifiedDateTime | DateTimeOffset | DateTime the object was last modified. Inherited from deviceConfiguration |
roleScopeTagIds | String collection | List of Scope Tags for this Entity instance. Inherited from deviceConfiguration |
supportsScopeTags | Boolean | Indicates whether or not the underlying Device Configuration supports the assignment of scope tags. Assigning to the ScopeTags property is not allowed when this value is false and entities will not be visible to scoped users. This occurs for Legacy policies created in Silverlight and can be resolved by deleting and recreating the policy in the Azure Portal. This property is read-only. Inherited from deviceConfiguration |
deviceManagementApplicabilityRuleOsEdition | deviceManagementApplicabilityRuleOsEdition | The OS edition applicability for this Policy. Inherited from deviceConfiguration |
deviceManagementApplicabilityRuleOsVersion | deviceManagementApplicabilityRuleOsVersion | The OS version applicability rule for this Policy. Inherited from deviceConfiguration |
deviceManagementApplicabilityRuleDeviceMode | deviceManagementApplicabilityRuleDeviceMode | The device mode applicability rule for this Policy. Inherited from deviceConfiguration |
createdDateTime | DateTimeOffset | DateTime the object was created. Inherited from deviceConfiguration |
description | String | Admin provided description of the Device Configuration. Inherited from deviceConfiguration |
displayName | String | Admin provided name of the device configuration. Inherited from deviceConfiguration |
version | Int32 | Version of the device configuration. Inherited from deviceConfiguration |
configurationXml | Binary | Configuration XML that will be applied to the device. When it is read, it only provides a placeholder string since the original data is encrypted and stored. |
androidPkcsCertificateProfile
Property | Type | Description |
---|---|---|
id | String | Key of the entity. Inherited from deviceConfiguration |
lastModifiedDateTime | DateTimeOffset | DateTime the object was last modified. Inherited from deviceConfiguration |
roleScopeTagIds | String collection | List of Scope Tags for this Entity instance. Inherited from deviceConfiguration |
supportsScopeTags | Boolean | Indicates whether or not the underlying Device Configuration supports the assignment of scope tags. Assigning to the ScopeTags property is not allowed when this value is false and entities will not be visible to scoped users. This occurs for Legacy policies created in Silverlight and can be resolved by deleting and recreating the policy in the Azure Portal. This property is read-only. Inherited from deviceConfiguration |
deviceManagementApplicabilityRuleOsEdition | deviceManagementApplicabilityRuleOsEdition | The OS edition applicability for this Policy. Inherited from deviceConfiguration |
deviceManagementApplicabilityRuleOsVersion | deviceManagementApplicabilityRuleOsVersion | The OS version applicability rule for this Policy. Inherited from deviceConfiguration |
deviceManagementApplicabilityRuleDeviceMode | deviceManagementApplicabilityRuleDeviceMode | The device mode applicability rule for this Policy. Inherited from deviceConfiguration |
createdDateTime | DateTimeOffset | DateTime the object was created. Inherited from deviceConfiguration |
description | String | Admin provided description of the Device Configuration. Inherited from deviceConfiguration |
displayName | String | Admin provided name of the device configuration. Inherited from deviceConfiguration |
version | Int32 | Version of the device configuration. Inherited from deviceConfiguration |
renewalThresholdPercentage | Int32 | Certificate renewal threshold percentage. Valid values 1 to 99 Inherited from androidCertificateProfileBase |
subjectNameFormat | subjectNameFormat | Certificate Subject Name Format. Inherited from androidCertificateProfileBase. Possible values are: commonName , commonNameIncludingEmail , commonNameAsEmail , custom , commonNameAsIMEI , commonNameAsSerialNumber , commonNameAsAadDeviceId , commonNameAsIntuneDeviceId , commonNameAsDurableDeviceId . |
subjectAlternativeNameType | subjectAlternativeNameType | Certificate Subject Alternative Name Type. Inherited from androidCertificateProfileBase. Possible values are: none , emailAddress , userPrincipalName , customAzureADAttribute , domainNameService , universalResourceIdentifier . |
certificateValidityPeriodValue | Int32 | Value for the Certificate Validity Period. Inherited from androidCertificateProfileBase |
certificateValidityPeriodScale | certificateValidityPeriodScale | Scale for the Certificate Validity Period. Inherited from androidCertificateProfileBase. Possible values are: days , months , years . |
extendedKeyUsages | extendedKeyUsage collection | Extended Key Usage (EKU) settings. This collection can contain a maximum of 500 elements. Inherited from androidCertificateProfileBase |
certificationAuthority | String | PKCS Certification Authority |
certificationAuthorityName | String | PKCS Certification Authority Name |
certificateTemplateName | String | PKCS Certificate Template Name |
subjectAlternativeNameFormatString | String | Custom String that defines the AAD Attribute. |
intune-deviceconfig-androidrequiredpasswordcomplexity
intune-deviceconfig-androidrequiredpasswordtype
intune-deviceconfig-androidsafetynetevaluationtype
androidScepCertificateProfile
Property | Type | Description |
---|---|---|
id | String | Key of the entity. Inherited from deviceConfiguration |
lastModifiedDateTime | DateTimeOffset | DateTime the object was last modified. Inherited from deviceConfiguration |
roleScopeTagIds | String collection | List of Scope Tags for this Entity instance. Inherited from deviceConfiguration |
supportsScopeTags | Boolean | Indicates whether or not the underlying Device Configuration supports the assignment of scope tags. Assigning to the ScopeTags property is not allowed when this value is false and entities will not be visible to scoped users. This occurs for Legacy policies created in Silverlight and can be resolved by deleting and recreating the policy in the Azure Portal. This property is read-only. Inherited from deviceConfiguration |
deviceManagementApplicabilityRuleOsEdition | deviceManagementApplicabilityRuleOsEdition | The OS edition applicability for this Policy. Inherited from deviceConfiguration |
deviceManagementApplicabilityRuleOsVersion | deviceManagementApplicabilityRuleOsVersion | The OS version applicability rule for this Policy. Inherited from deviceConfiguration |
deviceManagementApplicabilityRuleDeviceMode | deviceManagementApplicabilityRuleDeviceMode | The device mode applicability rule for this Policy. Inherited from deviceConfiguration |
createdDateTime | DateTimeOffset | DateTime the object was created. Inherited from deviceConfiguration |
description | String | Admin provided description of the Device Configuration. Inherited from deviceConfiguration |
displayName | String | Admin provided name of the device configuration. Inherited from deviceConfiguration |
version | Int32 | Version of the device configuration. Inherited from deviceConfiguration |
renewalThresholdPercentage | Int32 | Certificate renewal threshold percentage. Valid values 1 to 99 Inherited from androidCertificateProfileBase |
subjectNameFormat | subjectNameFormat | Certificate Subject Name Format. Inherited from androidCertificateProfileBase. Possible values are: commonName , commonNameIncludingEmail , commonNameAsEmail , custom , commonNameAsIMEI , commonNameAsSerialNumber , commonNameAsAadDeviceId , commonNameAsIntuneDeviceId , commonNameAsDurableDeviceId . |
subjectAlternativeNameType | subjectAlternativeNameType | Certificate Subject Alternative Name Type. Inherited from androidCertificateProfileBase. Possible values are: none , emailAddress , userPrincipalName , customAzureADAttribute , domainNameService , universalResourceIdentifier . |
certificateValidityPeriodValue | Int32 | Value for the Certificate Validity Period. Inherited from androidCertificateProfileBase |
certificateValidityPeriodScale | certificateValidityPeriodScale | Scale for the Certificate Validity Period. Inherited from androidCertificateProfileBase. Possible values are: days , months , years . |
extendedKeyUsages | extendedKeyUsage collection | Extended Key Usage (EKU) settings. This collection can contain a maximum of 500 elements. Inherited from androidCertificateProfileBase |
scepServerUrls | String collection | SCEP Server Url(s) |
subjectNameFormatString | String | Custom format to use with SubjectNameFormat = Custom. Example: CN={{EmailAddress}},E={{EmailAddress}},OU=Enterprise Users,O=Contoso Corporation,L=Redmond,ST=WA,C=US |
keyUsage | keyUsages | SCEP Key Usage. Possible values are: keyEncipherment , digitalSignature . |
keySize | keySize | SCEP Key Size. Possible values are: size1024 , size2048 , size4096 . |
hashAlgorithm | hashAlgorithms | SCEP Hash Algorithm. Possible values are: sha1 , sha2 . |
subjectAlternativeNameFormatString | String | Custom String that defines the AAD Attribute. |
androidTrustedRootCertificate
Property | Type | Description |
---|---|---|
id | String | Key of the entity. Inherited from deviceConfiguration |
lastModifiedDateTime | DateTimeOffset | DateTime the object was last modified. Inherited from deviceConfiguration |
roleScopeTagIds | String collection | List of Scope Tags for this Entity instance. Inherited from deviceConfiguration |
supportsScopeTags | Boolean | Indicates whether or not the underlying Device Configuration supports the assignment of scope tags. Assigning to the ScopeTags property is not allowed when this value is false and entities will not be visible to scoped users. This occurs for Legacy policies created in Silverlight and can be resolved by deleting and recreating the policy in the Azure Portal. This property is read-only. Inherited from deviceConfiguration |
deviceManagementApplicabilityRuleOsEdition | deviceManagementApplicabilityRuleOsEdition | The OS edition applicability for this Policy. Inherited from deviceConfiguration |
deviceManagementApplicabilityRuleOsVersion | deviceManagementApplicabilityRuleOsVersion | The OS version applicability rule for this Policy. Inherited from deviceConfiguration |
deviceManagementApplicabilityRuleDeviceMode | deviceManagementApplicabilityRuleDeviceMode | The device mode applicability rule for this Policy. Inherited from deviceConfiguration |
createdDateTime | DateTimeOffset | DateTime the object was created. Inherited from deviceConfiguration |
description | String | Admin provided description of the Device Configuration. Inherited from deviceConfiguration |
displayName | String | Admin provided name of the device configuration. Inherited from deviceConfiguration |
version | Int32 | Version of the device configuration. Inherited from deviceConfiguration |
trustedRootCertificate | Binary | Trusted Root Certificate |
certFileName | String | File name to display in UI. |
intune-deviceconfig-androidusernamesource
androidVpnConfiguration
Property | Type | Description |
---|---|---|
id | String | Key of the entity. Inherited from deviceConfiguration |
lastModifiedDateTime | DateTimeOffset | DateTime the object was last modified. Inherited from deviceConfiguration |
roleScopeTagIds | String collection | List of Scope Tags for this Entity instance. Inherited from deviceConfiguration |
supportsScopeTags | Boolean | Indicates whether or not the underlying Device Configuration supports the assignment of scope tags. Assigning to the ScopeTags property is not allowed when this value is false and entities will not be visible to scoped users. This occurs for Legacy policies created in Silverlight and can be resolved by deleting and recreating the policy in the Azure Portal. This property is read-only. Inherited from deviceConfiguration |
deviceManagementApplicabilityRuleOsEdition | deviceManagementApplicabilityRuleOsEdition | The OS edition applicability for this Policy. Inherited from deviceConfiguration |
deviceManagementApplicabilityRuleOsVersion | deviceManagementApplicabilityRuleOsVersion | The OS version applicability rule for this Policy. Inherited from deviceConfiguration |
deviceManagementApplicabilityRuleDeviceMode | deviceManagementApplicabilityRuleDeviceMode | The device mode applicability rule for this Policy. Inherited from deviceConfiguration |
createdDateTime | DateTimeOffset | DateTime the object was created. Inherited from deviceConfiguration |
description | String | Admin provided description of the Device Configuration. Inherited from deviceConfiguration |
displayName | String | Admin provided name of the device configuration. Inherited from deviceConfiguration |
version | Int32 | Version of the device configuration. Inherited from deviceConfiguration |
connectionName | String | Connection name displayed to the user. |
connectionType | androidVpnConnectionType | Connection type. Possible values are: ciscoAnyConnect , pulseSecure , f5EdgeClient , dellSonicWallMobileConnect , checkPointCapsuleVpn , citrix , microsoftTunnel , netMotionMobility , microsoftProtect . |
role | String | Role when connection type is set to Pulse Secure. |
realm | String | Realm when connection type is set to Pulse Secure. |
servers | vpnServer collection | List of VPN Servers on the network. Make sure end users can access these network locations. This collection can contain a maximum of 500 elements. |
fingerprint | String | Fingerprint is a string that will be used to verify the VPN server can be trusted, which is only applicable when connection type is Check Point Capsule VPN. |
customData | keyValue collection | Custom data when connection type is set to Citrix. This collection can contain a maximum of 25 elements. |
customKeyValueData | keyValuePair collection | Custom data when connection type is set to Citrix. This collection can contain a maximum of 25 elements. |
authenticationMethod | vpnAuthenticationMethod | Authentication method. Possible values are: certificate , usernameAndPassword , sharedSecret , derivedCredential , azureAD . |
intune-deviceconfig-androidvpnconnectiontype
androidWiFiConfiguration
Property | Type | Description |
---|---|---|
id | String | Key of the entity. Inherited from deviceConfiguration |
lastModifiedDateTime | DateTimeOffset | DateTime the object was last modified. Inherited from deviceConfiguration |
roleScopeTagIds | String collection | List of Scope Tags for this Entity instance. Inherited from deviceConfiguration |
supportsScopeTags | Boolean | Indicates whether or not the underlying Device Configuration supports the assignment of scope tags. Assigning to the ScopeTags property is not allowed when this value is false and entities will not be visible to scoped users. This occurs for Legacy policies created in Silverlight and can be resolved by deleting and recreating the policy in the Azure Portal. This property is read-only. Inherited from deviceConfiguration |
deviceManagementApplicabilityRuleOsEdition | deviceManagementApplicabilityRuleOsEdition | The OS edition applicability for this Policy. Inherited from deviceConfiguration |
deviceManagementApplicabilityRuleOsVersion | deviceManagementApplicabilityRuleOsVersion | The OS version applicability rule for this Policy. Inherited from deviceConfiguration |
deviceManagementApplicabilityRuleDeviceMode | deviceManagementApplicabilityRuleDeviceMode | The device mode applicability rule for this Policy. Inherited from deviceConfiguration |
createdDateTime | DateTimeOffset | DateTime the object was created. Inherited from deviceConfiguration |
description | String | Admin provided description of the Device Configuration. Inherited from deviceConfiguration |
displayName | String | Admin provided name of the device configuration. Inherited from deviceConfiguration |
version | Int32 | Version of the device configuration. Inherited from deviceConfiguration |
networkName | String | Network Name |
ssid | String | This is the name of the Wi-Fi network that is broadcast to all devices. |
connectAutomatically | Boolean | Connect automatically when this network is in range. Setting this to true will skip the user prompt and automatically connect the device to Wi-Fi network. |
connectWhenNetworkNameIsHidden | Boolean | When set to true, this profile forces the device to connect to a network that doesn't broadcast its SSID to all devices. |
wiFiSecurityType | androidWiFiSecurityType | Indicates whether Wi-Fi endpoint uses an EAP based security type. Possible values are: open , wpaEnterprise , wpa2Enterprise . |
intune-deviceconfig-androidwifisecuritytype
androidWorkProfileCertificateProfileBase
Property | Type | Description |
---|---|---|
id | String | Key of the entity. Inherited from deviceConfiguration |
lastModifiedDateTime | DateTimeOffset | DateTime the object was last modified. Inherited from deviceConfiguration |
roleScopeTagIds | String collection | List of Scope Tags for this Entity instance. Inherited from deviceConfiguration |
supportsScopeTags | Boolean | Indicates whether or not the underlying Device Configuration supports the assignment of scope tags. Assigning to the ScopeTags property is not allowed when this value is false and entities will not be visible to scoped users. This occurs for Legacy policies created in Silverlight and can be resolved by deleting and recreating the policy in the Azure Portal. This property is read-only. Inherited from deviceConfiguration |
deviceManagementApplicabilityRuleOsEdition | deviceManagementApplicabilityRuleOsEdition | The OS edition applicability for this Policy. Inherited from deviceConfiguration |
deviceManagementApplicabilityRuleOsVersion | deviceManagementApplicabilityRuleOsVersion | The OS version applicability rule for this Policy. Inherited from deviceConfiguration |
deviceManagementApplicabilityRuleDeviceMode | deviceManagementApplicabilityRuleDeviceMode | The device mode applicability rule for this Policy. Inherited from deviceConfiguration |
createdDateTime | DateTimeOffset | DateTime the object was created. Inherited from deviceConfiguration |
description | String | Admin provided description of the Device Configuration. Inherited from deviceConfiguration |
displayName | String | Admin provided name of the device configuration. Inherited from deviceConfiguration |
version | Int32 | Version of the device configuration. Inherited from deviceConfiguration |
renewalThresholdPercentage | Int32 | Certificate renewal threshold percentage. Valid values 1 to 99 |
subjectNameFormat | subjectNameFormat | Certificate Subject Name Format. Possible values are: commonName , commonNameIncludingEmail , commonNameAsEmail , custom , commonNameAsIMEI , commonNameAsSerialNumber , commonNameAsAadDeviceId , commonNameAsIntuneDeviceId , commonNameAsDurableDeviceId . |
certificateValidityPeriodValue | Int32 | Value for the Certificate Validity Period. |
certificateValidityPeriodScale | certificateValidityPeriodScale | Scale for the Certificate Validity Period. Possible values are: days , months , years . |
extendedKeyUsages | extendedKeyUsage collection | Extended Key Usage (EKU) settings. This collection can contain a maximum of 500 elements. |
subjectAlternativeNameType | subjectAlternativeNameType | Certificate Subject Alternative Name Type. Possible values are: none , emailAddress , userPrincipalName , customAzureADAttribute , domainNameService , universalResourceIdentifier . |
androidWorkProfileCompliancePolicy
Property | Type | Description |
---|---|---|
id | String | Key of the entity. Inherited from deviceCompliancePolicy |
createdDateTime | DateTimeOffset | DateTime the object was created. Inherited from deviceCompliancePolicy |
description | String | Admin provided description of the Device Configuration. Inherited from deviceCompliancePolicy |
lastModifiedDateTime | DateTimeOffset | DateTime the object was last modified. Inherited from deviceCompliancePolicy |
displayName | String | Admin provided name of the device configuration. Inherited from deviceCompliancePolicy |
version | Int32 | Version of the device configuration. Inherited from deviceCompliancePolicy |
passwordRequired | Boolean | Require a password to unlock device. |
passwordMinimumLength | Int32 | Minimum password length. Valid values 4 to 16 |
passwordRequiredType | androidRequiredPasswordType | Type of characters in password. Possible values are: deviceDefault , alphabetic , alphanumeric , alphanumericWithSymbols , lowSecurityBiometric , numeric , numericComplex , any . |
passwordMinutesOfInactivityBeforeLock | Int32 | Minutes of inactivity before a password is required. |
passwordExpirationDays | Int32 | Number of days before the password expires. Valid values 1 to 365 |
passwordPreviousPasswordBlockCount | Int32 | Number of previous passwords to block. Valid values 1 to 24 |
securityPreventInstallAppsFromUnknownSources | Boolean | Require that devices disallow installation of apps from unknown sources. |
securityDisableUsbDebugging | Boolean | Disable USB debugging on Android devices. |
securityRequireVerifyApps | Boolean | Require the Android Verify apps feature is turned on. |
deviceThreatProtectionEnabled | Boolean | Require that devices have enabled device threat protection. |
deviceThreatProtectionRequiredSecurityLevel | deviceThreatProtectionLevel | Require Mobile Threat Protection minimum risk level to report noncompliance. Possible values are: unavailable , secured , low , medium , high , notSet . |
securityBlockJailbrokenDevices | Boolean | Devices must not be jailbroken or rooted. |
osMinimumVersion | String | Minimum Android version. |
osMaximumVersion | String | Maximum Android version. |
minAndroidSecurityPatchLevel | String | Minimum Android security patch level. |
storageRequireEncryption | Boolean | Require encryption on Android devices. |
securityRequireSafetyNetAttestationBasicIntegrity | Boolean | Require the device to pass the SafetyNet basic integrity check. |
securityRequireSafetyNetAttestationCertifiedDevice | Boolean | Require the device to pass the SafetyNet certified device check. |
securityRequireGooglePlayServices | Boolean | Require Google Play Services to be installed and enabled on the device. |
securityRequireUpToDateSecurityProviders | Boolean | Require the device to have up to date security providers. The device will require Google Play Services to be enabled and up to date. |
securityRequireCompanyPortalAppIntegrity | Boolean | Require the device to pass the Company Portal client app runtime integrity check. |
intune-deviceconfig-androidworkprofilecrossprofiledatasharingtype
androidWorkProfileCustomConfiguration
Property | Type | Description |
---|---|---|
id | String | Key of the entity. Inherited from deviceConfiguration |
lastModifiedDateTime | DateTimeOffset | DateTime the object was last modified. Inherited from deviceConfiguration |
createdDateTime | DateTimeOffset | DateTime the object was created. Inherited from deviceConfiguration |
description | String | Admin provided description of the Device Configuration. Inherited from deviceConfiguration |
displayName | String | Admin provided name of the device configuration. Inherited from deviceConfiguration |
version | Int32 | Version of the device configuration. Inherited from deviceConfiguration |
omaSettings | omaSetting collection | OMA settings. This collection can contain a maximum of 500 elements. |
intune-deviceconfig-androidworkprofiledefaultapppermissionpolicytype
androidWorkProfileEasEmailProfileBase
Property | Type | Description |
---|---|---|
id | String | Key of the entity. Inherited from deviceConfiguration |
lastModifiedDateTime | DateTimeOffset | DateTime the object was last modified. Inherited from deviceConfiguration |
roleScopeTagIds | String collection | List of Scope Tags for this Entity instance. Inherited from deviceConfiguration |
supportsScopeTags | Boolean | Indicates whether or not the underlying Device Configuration supports the assignment of scope tags. Assigning to the ScopeTags property is not allowed when this value is false and entities will not be visible to scoped users. This occurs for Legacy policies created in Silverlight and can be resolved by deleting and recreating the policy in the Azure Portal. This property is read-only. Inherited from deviceConfiguration |
deviceManagementApplicabilityRuleOsEdition | deviceManagementApplicabilityRuleOsEdition | The OS edition applicability for this Policy. Inherited from deviceConfiguration |
deviceManagementApplicabilityRuleOsVersion | deviceManagementApplicabilityRuleOsVersion | The OS version applicability rule for this Policy. Inherited from deviceConfiguration |
deviceManagementApplicabilityRuleDeviceMode | deviceManagementApplicabilityRuleDeviceMode | The device mode applicability rule for this Policy. Inherited from deviceConfiguration |
createdDateTime | DateTimeOffset | DateTime the object was created. Inherited from deviceConfiguration |
description | String | Admin provided description of the Device Configuration. Inherited from deviceConfiguration |
displayName | String | Admin provided name of the device configuration. Inherited from deviceConfiguration |
version | Int32 | Version of the device configuration. Inherited from deviceConfiguration |
authenticationMethod | easAuthenticationMethod | Authentication method for Exchange ActiveSync. Possible values are: usernameAndPassword , certificate , derivedCredential . |
durationOfEmailToSync | emailSyncDuration | Duration of time email should be synced to. Possible values are: userDefined , oneDay , threeDays , oneWeek , twoWeeks , oneMonth ,
|