DeviceManagementManagedDevices.Read.All
Allows the app to read the properties of devices managed by Microsoft Intune.
Using the Microsoft Graph APIs to configure Intune controls and policies still requires that the Intune service is correctly licensed by the customer.
These permissions aren't supported for personal Microsoft accounts.
Merill's Note
For an app to access data in Microsoft Graph, the user or administrator must grant it the permissions it needs. This article lists all the Microsoft Graph APIs and your tenant data that can be accessed by the application (vendor/developer) if you consent to the
DeviceManagementManagedDevices.Read.Allpermission.If you need to create an audit report of the permissions granted to all the apps in your tenant, you can run the
Export-MsIdAppConsentGrantReportcommand. See How To: Run a quick OAuth app audit of your tenant
| Category | Application | Delegated |
|---|---|---|
| Identifier | 2f51be20-0bb4-4fed-bf7b-db946066c75e | 314874da-47d6-4978-88dc-cf0d37f0bb82 |
| DisplayText | Read Microsoft Intune devices | Read Microsoft Intune devices |
| Description | Allows the app to read the properties of devices managed by Microsoft Intune, without a signed-in user. | Allows the app to read the properties of devices managed by Microsoft Intune. |
| AdminConsentRequired | Yes | Yes |
Graph Methods
→ API supports delegated access (access on behalf of a user)
→ API supports app-only access (access without a user)
| Methods | |
|---|---|
→ API supports delegated access (access on behalf of a user)
→ API supports app-only access (access without a user)
| Methods | |
|---|---|
→ Command supports delegated access (access on behalf of a user)
→ Command supports app-only access (access without a user)
| Commands | |
|---|---|
→ Command supports delegated access (access on behalf of a user)
→ Command supports app-only access (access without a user)
| Commands | |
|---|---|
Resources
Granting this permission allows the calling application to access (and/or update) the following information in your tenant.
- appLogCollectionDownloadDetails
- appLogCollectionRequest
- cloudPCConnectivityIssue
- comanagedDevicesSummary
- comanagementEligibleDevice
- comanagementEligibleDevicesSummary
- detectedApp
- deviceAppManagement
- deviceCategory
- deviceComplianceScriptDeviceState
- deviceComplianceScriptRunSummary
- deviceLocalAdminAccountDetail
- deviceLogCollectionResponse
- deviceManagementScriptAssignment
- deviceManagementScriptDeviceState
- deviceManagementScriptGroupAssignment
- deviceManagementScriptUserState
- malwareStateForWindowsDevice
- managedDevice
- managedDeviceCleanupRule
- managedDeviceOverview
- mobileAppTroubleshootingEvent
- powerliftAppDiagnosticDownloadRequest
- powerliftDownloadRequest
- powerliftIncidentDetail
- powerliftIncidentMetadata
- privilegeManagementElevation
- remoteActionAudit
- tenantAttachRBAC
- user
- userExperienceAnalyticsAnomaly
- userExperienceAnalyticsAnomalyCorrelationGroupOverview
- userExperienceAnalyticsAnomalyDevice
- userExperienceAnalyticsAppHealthApplicationPerformance
- userExperienceAnalyticsAppHealthAppPerformanceByAppVersion
- userExperienceAnalyticsAppHealthAppPerformanceByAppVersionDetails
- userExperienceAnalyticsAppHealthAppPerformanceByAppVersionDeviceId
- userExperienceAnalyticsAppHealthAppPerformanceByOSVersion
- userExperienceAnalyticsAppHealthDeviceModelPerformance
- userExperienceAnalyticsAppHealthDevicePerformance
- userExperienceAnalyticsAppHealthDevicePerformanceDetails
- userExperienceAnalyticsAppHealthOSVersionPerformance
- userExperienceAnalyticsBaseline
- userExperienceAnalyticsBatteryHealthAppImpact
- userExperienceAnalyticsBatteryHealthCapacityDetails
- userExperienceAnalyticsBatteryHealthDeviceAppImpact
- userExperienceAnalyticsBatteryHealthDevicePerformance
- userExperienceAnalyticsBatteryHealthDeviceRuntimeHistory
- userExperienceAnalyticsBatteryHealthModelPerformance
- userExperienceAnalyticsBatteryHealthOsPerformance
- userExperienceAnalyticsBatteryHealthRuntimeDetails
- userExperienceAnalyticsCategory
- userExperienceAnalyticsDevicePerformance
- userExperienceAnalyticsDeviceScope
- userExperienceAnalyticsDeviceScopeSummary
- userExperienceAnalyticsDeviceScores
- userExperienceAnalyticsDeviceStartupHistory
- userExperienceAnalyticsDeviceStartupProcess
- userExperienceAnalyticsDeviceStartupProcessPerformance
- userExperienceAnalyticsDeviceTimelineEvents
- userExperienceAnalyticsDeviceWithoutCloudIdentity
- userExperienceAnalyticsImpactingProcess
- userExperienceAnalyticsMetric
- userExperienceAnalyticsMetricHistory
- userExperienceAnalyticsModelScores
- userExperienceAnalyticsNotAutopilotReadyDevice
- userExperienceAnalyticsOverview
- userExperienceAnalyticsRegressionSummary
- userExperienceAnalyticsRemoteConnection
- userExperienceAnalyticsResourcePerformance
- userExperienceAnalyticsScoreHistory
- intune-devices-userexperienceanalyticssummarizedby
- userExperienceAnalyticsWorkFromAnywhereDevice
- userExperienceAnalyticsWorkFromAnywhereDevicesSummary
- userExperienceAnalyticsWorkFromAnywhereHardwareReadinessMetric
- userExperienceAnalyticsWorkFromAnywhereMetric
- userExperienceAnalyticsWorkFromAnywhereModelPerformance
- windowsDeviceMalwareState
- windowsMalwareInformation
- windowsManagedDevice
- windowsManagementAppHealthState
- windowsProtectionState
- deviceCategory
- deviceManagementCachedReportConfiguration
- deviceManagementExportJob
- deviceManagementReports
- deviceManagementReportSchedule
- deviceAppManagement
- deviceCategory
- mobileAppTroubleshootingEvent
- report
- reportRoot
- user
- appleVppTokenTroubleshootingEvent
- deviceManagementAutopilotEvent
- deviceManagementAutopilotPolicyStatusDetail
- deviceManagementTroubleshootingEvent
- enrollmentTroubleshootingEvent
- managedDeviceSummarizedAppState
- mobileAppIntentAndState
- mobileAppTroubleshootingEvent
- report
- reportRoot
- user
- deviceCompliancePolicySettingStateSummary
- managedDeviceCompliance
- managedDeviceComplianceTrend
- windowsDeviceMalwareState
- windowsProtectionState
Graph reference: appLogCollectionDownloadDetails
| Property | Type | Description |
|---|---|---|
| downloadUrl | String | Download SAS (Shared Access Signature) Url for completed app log request. |
| decryptionKey | String | Decryption key that used to decrypt the log. |
| appLogDecryptionAlgorithm | appLogDecryptionAlgorithm | Decryption algorithm for Content. Default is ASE256. The possible values are: aes256, unknownFutureValue. |
Graph reference: appLogCollectionRequest
| Property | Type | Description |
|---|---|---|
| id | String | The unique Identifier. This is userId_DeviceId_AppId id. |
| status | appLogUploadState | Indicates the status for the app log collection request if it is pending, completed or failed, Default is pending. The possible values are: pending, completed, failed, unknownFutureValue. |
| errorMessage | String | Indicates error message if any during the upload process. |
| customLogFolders | String collection | List of log folders. |
| completedDateTime | DateTimeOffset | Time at which the upload log request reached a completed state if not completed yet NULL will be returned. |
Graph reference: cloudPCConnectivityIssue
| Property | Type | Description |
|---|---|---|
| id | String | The unique identifier of the user experience analytics connectivity issue event entity. |
| deviceId | String | The Intune DeviceId of the device the connection is associated with. |
| errorCode | String | The error code of the connectivity issue. |
| errorDateTime | DateTimeOffset | The time that the connection initiated. The time is shown in ISO 8601 format and Coordinated Universal Time (UTC) time. |
| userId | String | The unique id of user who initialize the connection. |
| errorDescription | String | The detailed description of what went wrong. |
| recommendedAction | String | The recommended action to fix the corresponding error. |
Graph reference: comanagedDevicesSummary
| Property | Type | Description |
|---|---|---|
| inventoryCount | Int32 | Number of devices with Inventory swung-over. This property is read-only. |
| compliancePolicyCount | Int32 | Number of devices with CompliancePolicy swung-over. This property is read-only. |
| resourceAccessCount | Int32 | Number of devices with ResourceAccess swung-over. This property is read-only. |
| configurationSettingsCount | Int32 | Number of devices with ConfigurationSettings swung-over. This property is read-only. |
| windowsUpdateForBusinessCount | Int32 | Number of devices with WindowsUpdateForBusiness swung-over. This property is read-only. |
| endpointProtectionCount | Int32 | Number of devices with EndpointProtection swung-over. This property is read-only. |
| modernAppsCount | Int32 | Number of devices with ModernApps swung-over. This property is read-only. |
| officeAppsCount | Int32 | Number of devices with OfficeApps swung-over. This property is read-only. |
| totalComanagedCount | Int32 | Number of Co-Managed Devices. This property is read-only. |
Graph reference: comanagementEligibleDevice
| Property | Type | Description |
|---|---|---|
| id | String | Unique Id for the device |
| deviceName | String | DeviceName |
| deviceType | deviceType | DeviceType. Possible values are: desktop, windowsRT, winMO6, nokia, windowsPhone, mac, winCE, winEmbedded, iPhone, iPad, iPod, android, iSocConsumer, unix, macMDM, holoLens, surfaceHub, androidForWork, androidEnterprise, windows10x, androidnGMS, chromeOS, linux, visionOS, tvOS, blackberry, palm, unknown, cloudPC. |
| clientRegistrationStatus | deviceRegistrationState | ClientRegistrationStatus. Possible values are: notRegistered, registered, revoked, keyConflict, approvalPending, certificateReset, notRegisteredPendingEnrollment, unknown. |
| ownerType | ownerType | OwnerType. Possible values are: unknown, company, personal. |
| managementAgents | managementAgentType | ManagementAgents. Possible values are: eas, mdm, easMdm, intuneClient, easIntuneClient, configurationManagerClient, configurationManagerClientMdm, configurationManagerClientMdmEas, unknown, jamf, googleCloudDevicePolicyController, microsoft365ManagedMdm, msSense, intuneAosp, google, unknownFutureValue. |
| managementState | managementState | ManagementState. Possible values are: managed, retirePending, retireFailed, wipePending, wipeFailed, unhealthy, deletePending, retireIssued, wipeIssued, wipeCanceled, retireCanceled, discovered, unknownFutureValue. |
| referenceId | String | ReferenceId |
| mdmStatus | String | MDMStatus |
| osVersion | String | OSVersion |
| serialNumber | String | SerialNumber |
| manufacturer | String | Manufacturer |
| model | String | Model |
| osDescription | String | OSDescription |
| entitySource | Int32 | EntitySource |
| userId | String | UserId |
| upn | String | UPN |
| userEmail | String | UserEmail |
| userName | String | UserName |
| status | comanagementEligibleType | ComanagementEligibleStatus. Possible values are: comanaged, eligible, eligibleButNotAzureAdJoined, needsOsUpdate, ineligible, scheduledForEnrollment, unknownFutureValue. |
Graph reference: comanagementEligibleDevicesSummary
| Property | Type | Description |
|---|---|---|
| comanagedCount | Int32 | Count of devices already Co-Managed |
| eligibleCount | Int32 | Count of devices fully eligible for Co-Management |
| scheduledForEnrollmentCount | Int32 | Count of devices scheduled for Co-Management enrollment. Valid values 0 to 9999999 |
| eligibleButNotAzureAdJoinedCount | Int32 | Count of devices eligible for Co-Management but not yet joined to Azure Active Directory |
| needsOsUpdateCount | Int32 | Count of devices that will be eligible for Co-Management after an OS update |
| ineligibleCount | Int32 | Count of devices ineligible for Co-Management |
Graph reference: detectedApp
| Property | Type | Description |
|---|---|---|
| id | String | The unique Identifier for the detected application. This is automatically generated by Intune at the time the application is created. Read-only. |
| displayName | String | Name of the discovered application. Read-only |
| version | String | Version of the discovered application. Read-only |
| sizeInByte | Int64 | Discovered application size in bytes. Read-only |
| deviceCount | Int32 | The number of devices that have installed this application |
| publisher | String | Indicates the publisher of the discovered application. For example: 'Microsoft'. The default value is an empty string. |
| platform | detectedAppPlatformType | Indicates the operating system / platform of the discovered application. Some possible values are Windows, iOS, macOS. The default value is unknown (0). The possible values are: unknown, windows, windowsMobile, windowsHolographic, ios, macOS, chromeOS, androidOSP, androidDeviceAdministrator, androidWorkProfile, androidDedicatedAndFullyManaged, unknownFutureValue. |
Graph reference: deviceAppManagement
| Property | Type | Description |
|---|---|---|
| id | String | Key of the entity. |
Graph reference: deviceCategory
| Property | Type | Description |
|---|---|---|
| id | String | Unique identifier for the device category. Read-only. |
Graph reference: deviceComplianceScriptDeviceState
| Property | Type | Description |
|---|---|---|
| id | String | Key of the device compliance script device state entity. This property is read-only. |
| detectionState | runState | Detection state from the lastest device compliance script execution. Possible values are: unknown, success, fail, scriptError, pending, notApplicable. |
| lastStateUpdateDateTime | DateTimeOffset | The last timestamp of when the device compliance script executed |
| expectedStateUpdateDateTime | DateTimeOffset | The next timestamp of when the device compliance script is expected to execute |
| lastSyncDateTime | DateTimeOffset | The last time that Intune Managment Extension synced with Intune |
| scriptOutput | String | Output of the detection script |
| scriptError | String | Error from the detection script |
Graph reference: deviceComplianceScriptRunSummary
| Property | Type | Description |
|---|---|---|
| id | String | Key of the device compliance script run summary entity. This property is read-only. |
| noIssueDetectedDeviceCount | Int32 | Number of devices for which the detection script did not find an issue and the device is healthy. Valid values -2147483648 to 2147483647 |
| issueDetectedDeviceCount | Int32 | Number of devices for which the detection script found an issue. Valid values -2147483648 to 2147483647 |
| detectionScriptErrorDeviceCount | Int32 | Number of devices on which the detection script execution encountered an error and did not complete. Valid values -2147483648 to 2147483647 |
| detectionScriptPendingDeviceCount | Int32 | Number of devices which have not yet run the latest version of the device compliance script. Valid values -2147483648 to 2147483647 |
| lastScriptRunDateTime | DateTimeOffset | Last run time for the script across all devices |
Graph reference: deviceLocalAdminAccountDetail
| Property | Type | Description |
|---|---|---|
| passwordLastRotationDateTime | DateTimeOffset | The last rotation date and time of the local admin account password. Read-only. |
Graph reference: deviceLogCollectionResponse
| Property | Type | Description |
|---|---|---|
| id | String | The unique identifier in the form of tenantId_deviceId_requestId. |
| status | appLogUploadState | Indicates the status for the app log collection request if it is pending, completed or failed, Default is pending. The possible values are: pending, completed, failed, unknownFutureValue. |
| managedDeviceId | Guid | Indicates Intune device unique identifier. |
| requestedDateTimeUTC | DateTimeOffset | The DateTime of the request. |
| receivedDateTimeUTC | DateTimeOffset | The DateTime the request was received. |
| initiatedByUserPrincipalName | String | The UPN for who initiated the request. |
| expirationDateTimeUTC | DateTimeOffset | The DateTime of the expiration of the logs. |
| sizeInKB | Double | The size of the logs in KB. Valid values -1.79769313486232E+308 to 1.79769313486232E+308 |
| enrolledByUser | String | The User Principal Name (UPN) of the user that enrolled the device. |
Graph reference: deviceManagementScriptAssignment
| Property | Type | Description |
|---|---|---|
| id | String | Key of the device management script group assignment entity. This property is read-only. |
| target | deviceAndAppManagementAssignmentTarget | The Id of the Azure Active Directory group we are targeting the script to. |
Graph reference: deviceManagementScriptDeviceState
| Property | Type | Description |
|---|---|---|
| id | String | Key of the device management script device state entity. This property is read-only. |
| runState | runState | State of latest run of the device management script. Possible values are: unknown, success, fail, scriptError, pending, notApplicable. |
| resultMessage | String | Details of execution output. |
| lastStateUpdateDateTime | DateTimeOffset | Latest time the device management script executes. |
| errorCode | Int32 | Error code corresponding to erroneous execution of the device management script. |
| errorDescription | String | Error description corresponding to erroneous execution of the device management script. |
Graph reference: deviceManagementScriptGroupAssignment
| Property | Type | Description |
|---|---|---|
| id | String | Key of the device management script group assignment entity. This property is read-only. |
| targetGroupId | String | The Id of the Azure Active Directory group we are targeting the script to. |
Graph reference: deviceManagementScriptUserState
| Property | Type | Description |
|---|---|---|
| id | String | Key of the device management script user state entity. This property is read-only. |
| successDeviceCount | Int32 | Success device count for specific user. |
| errorDeviceCount | Int32 | Error device count for specific user. |
| userPrincipalName | String | User principle name of specific user. |
Graph reference: malwareStateForWindowsDevice
| Property | Type | Description |
|---|---|---|
| id | String | The unique Identifier. This is device id. |
| deviceName | String | Indicates the name of the device being evaluated for malware state |
| executionState | windowsMalwareExecutionState | Indicates execution status of the malware. The possible values are: unknown, blocked, allowed, running, notRunning. Defaults to unknown. The possible values are: unknown, blocked, allowed, running, notRunning. |
| threatState | windowsMalwareThreatState | Indicates threat status of the malware. The possible values are: active, actionFailed, manualStepsRequired, fullScanRequired, rebootRequired, remediatedWithNonCriticalFailures, quarantined, removed, cleaned, allowed, noStatusCleared. defaults to noStatusCleared. The possible values are: active, actionFailed, manualStepsRequired, fullScanRequired, rebootRequired, remediatedWithNonCriticalFailures, quarantined, removed, cleaned, allowed, noStatusCleared. |
| initialDetectionDateTime | DateTimeOffset | Initial detection datetime of the malware |
| lastStateChangeDateTime | DateTimeOffset | The last time this particular threat was changed |
| detectionCount | Int32 | Indicates the number of times the malware is detected |
Graph reference: managedDevice
| Property | Type | Description |
|---|---|---|
| id | String | Unique Identifier for the device. This property is read-only. |
| userId | String | Unique Identifier for the user associated with the device. This property is read-only. |
| deviceName | String | Name of the device. This property is read-only. |
| managedDeviceOwnerType | managedDeviceOwnerType | Ownership of the device. Can be 'company' or 'personal'. The possible values are: unknown, company, personal. |
| deviceActionResults | deviceActionResult collection | List of ComplexType deviceActionResult objects. This property is read-only. |
| enrolledDateTime | DateTimeOffset | Enrollment time of the device. Supports $filter operator 'lt' and 'gt'. This property is read-only. |
| lastSyncDateTime | DateTimeOffset | The date and time that the device last completed a successful sync with Intune. Supports $filter operator 'lt' and 'gt'. This property is read-only. |
| operatingSystem | String | Operating system of the device. Windows, iOS, etc. This property is read-only. |
| complianceState | complianceState | Compliance state of the device. Examples: Compliant, Conflict, Error, etc. Default is unknown. Supports $filter operator 'eq' and 'or'. This property is read-only. The possible values are: unknown, compliant, noncompliant, conflict, error, inGracePeriod, configManager. |
| jailBroken | String | Whether the device is jail broken or rooted. Default is an empty string. Supports $filter operator 'eq' and 'or'. This property is read-only. |
| managementAgent | managementAgentType | Management channel of the device. Examples: Intune, EAS, etc. Default is unknown. Supports $filter operator 'eq' and 'or'. This property is read-only. The possible values are: eas, mdm, easMdm, intuneClient, easIntuneClient, configurationManagerClient, configurationManagerClientMdm, configurationManagerClientMdmEas, unknown, jamf, googleCloudDevicePolicyController. |
| osVersion | String | Operating system version of the device. This property is read-only. |
| easActivated | Boolean | Whether the device is Exchange ActiveSync activated. This property is read-only. |
| easDeviceId | String | Exchange ActiveSync Id of the device. This property is read-only. |
| easActivationDateTime | DateTimeOffset | Exchange ActivationSync activation time of the device. This property is read-only. |
| azureADRegistered | Boolean | Whether the device is Azure Active Directory registered. This property is read-only. |
| deviceEnrollmentType | deviceEnrollmentType | Enrollment type of the device. This property is read-only. The possible values are: unknown, userEnrollment, deviceEnrollmentManager, appleBulkWithUser, appleBulkWithoutUser, windowsAzureADJoin, windowsBulkUserless, windowsAutoEnrollment, windowsBulkAzureDomainJoin, windowsCoManagement, windowsAzureADJoinUsingDeviceAuth, appleUserEnrollment, appleUserEnrollmentWithServiceAccount. |
| activationLockBypassCode | String | The code that allows the Activation Lock on managed device to be bypassed. Default, is Null (Non-Default property) for this property when returned as part of managedDevice entity in LIST call. To retrieve actual values GET call needs to be made, with device id and included in select parameter. Supports: $select. $Search is not supported. Read-only. This property is read-only. |
| emailAddress | String | Email(s) for the user associated with the device. This property is read-only. |
| azureADDeviceId | String | The unique identifier for the Azure Active Directory device. Read only. This property is read-only. |
| deviceRegistrationState | deviceRegistrationState | Device registration state. This property is read-only. The possible values are: notRegistered, registered, revoked, keyConflict, approvalPending, certificateReset, notRegisteredPendingEnrollment, unknown. |
| deviceCategoryDisplayName | String | Device category display name. Default is an empty string. Supports $filter operator 'eq' and 'or'. This property is read-only. |
| isSupervised | Boolean | Device supervised status. This property is read-only. |
| exchangeLastSuccessfulSyncDateTime | DateTimeOffset | Last time the device contacted Exchange. This property is read-only. |
| exchangeAccessState | deviceManagementExchangeAccessState | The Access State of the device in Exchange. This property is read-only. The possible values are: none, unknown, allowed, blocked, quarantined. |
| exchangeAccessStateReason | deviceManagementExchangeAccessStateReason | The reason for the device's access state in Exchange. This property is read-only. The possible values are: none, unknown, exchangeGlobalRule, exchangeIndividualRule, exchangeDeviceRule, exchangeUpgrade, exchangeMailboxPolicy, other, compliant, notCompliant, notEnrolled, unknownLocation, mfaRequired, azureADBlockDueToAccessPolicy, compromisedPassword, deviceNotKnownWithManagedApp. |
| remoteAssistanceSessionUrl | String | Url that allows a Remote Assistance session to be established with the device. Default is an empty string. To retrieve actual values GET call needs to be made, with device id and included in select parameter. This property is read-only. |
| remoteAssistanceSessionErrorDetails | String | An error string that identifies issues when creating Remote Assistance session objects. This property is read-only. |
| isEncrypted | Boolean | Device encryption status. This property is read-only. |
| userPrincipalName | String | Device user principal name. This property is read-only. |
| model | String | Model of the device. This property is read-only. |
| manufacturer | String | Manufacturer of the device. This property is read-only. |
| imei | String | IMEI. This property is read-only. |
| complianceGracePeriodExpirationDateTime | DateTimeOffset | The DateTime when device compliance grace period expires. This property is read-only. |
| serialNumber | String | SerialNumber. This property is read-only. |
| phoneNumber | String | Phone number of the device. This property is read-only. |
| androidSecurityPatchLevel | String | Android security patch level. This property is read-only. |
| userDisplayName | String | User display name. This property is read-only. |
| configurationManagerClientEnabledFeatures | configurationManagerClientEnabledFeatures | ConfigrMgr client enabled features. This property is read-only. |
| wiFiMacAddress | String | Wi-Fi MAC. This property is read-only. |
| deviceHealthAttestationState | deviceHealthAttestationState | The device health attestation state. This property is read-only. |
| subscriberCarrier | String | Subscriber Carrier. This property is read-only. |
| meid | String | MEID. This property is read-only. |
| totalStorageSpaceInBytes | Int64 | Total Storage in Bytes. This property is read-only. |
| freeStorageSpaceInBytes | Int64 | Free Storage in Bytes. Default value is 0. Read-only. This property is read-only. |
| managedDeviceName | String | Automatically generated name to identify a device. Can be overwritten to a user friendly name. |
| partnerReportedThreatState | managedDevicePartnerReportedHealthState | Indicates the threat state of a device when a Mobile Threat Defense partner is in use by the account and device. Read Only. This property is read-only. The possible values are: unknown, activated, deactivated, secured, lowSeverity, mediumSeverity, highSeverity, unresponsive, compromised, misconfigured. |
| requireUserEnrollmentApproval | Boolean | Reports if the managed iOS device is user approval enrollment. This property is read-only. |
| managementCertificateExpirationDate | DateTimeOffset | Reports device management certificate expiration date. This property is read-only. |
| iccid | String | Integrated Circuit Card Identifier, it is A SIM card's unique identification number. Default is an empty string. To retrieve actual values GET call needs to be made, with device id and included in select parameter. Supports: $select. $Search is not supported. Read-only. This property is read-only. |
| udid | String | Unique Device Identifier for iOS and macOS devices. Default is an empty string. To retrieve actual values GET call needs to be made, with device id and included in select parameter. Supports: $select. $Search is not supported. Read-only. This property is read-only. |
| notes | String | Notes on the device created by IT Admin. Default is null. To retrieve actual values GET call needs to be made, with device id and included in select parameter. Supports: $select. $Search is not supported. |
| ethernetMacAddress | String | Indicates Ethernet MAC Address of the device. Default, is Null (Non-Default property) for this property when returned as part of managedDevice entity. Individual get call with select query options is needed to retrieve actual values. Example: deviceManagement/managedDevices({managedDeviceId})?$select=ethernetMacAddress Supports: $select. $Search is not supported. Read-only. This property is read-only. |
| physicalMemoryInBytes | Int64 | Total Memory in Bytes. Default is 0. To retrieve actual values GET call needs to be made, with device id and included in select parameter. Supports: $select. Read-only. This property is read-only. |
| enrollmentProfileName | String | Name of the enrollment profile assigned to the device. Default value is empty string, indicating no enrollment profile was assgined. This property is read-only. |
Graph reference: managedDeviceCleanupRule
| Property | Type | Description |
|---|---|---|
| id | String | Indicates the identifier of the device cleanup rule. This id is assigned at the time when the device cleanup rule is created. Read-only. |
| displayName | String | Indicates the display name of the device cleanup rule. |
| description | String | Indicates the description for the device clean up rule. |
| deviceCleanupRulePlatformType | deviceCleanupRulePlatformType | Indicates the managed device platform for which the admin wants to create the device clean up rule. Possible values are: all, androidAOSP, androidDeviceAdministrator, androidDedicatedAndFullyManagedCorporateOwnedWorkProfile, chromeOS, androidPersonallyOwnedWorkProfile, ios, macOS, windows, windowsHolographic, unknownFutureValue, visionOS, tvOS. |
| lastModifiedDateTime | DateTimeOffset | Indicates the date and time when the device cleanup rule was last modified. This property is read-only. |
| deviceInactivityBeforeRetirementInDays | Int32 | Indicates the number of days when the device has not contacted Intune. Valid values 0 to 2147483647 |
Graph reference: managedDeviceOverview
| Property | Type | Description |
|---|---|---|
| id | String | Unique Identifier for the summary |
| enrolledDeviceCount | Int32 | Total enrolled device count. Does not include PC devices managed via Intune PC Agent |
| mdmEnrolledCount | Int32 | The number of devices enrolled in MDM |
| dualEnrolledDeviceCount | Int32 | The number of devices enrolled in both MDM and EAS |
| deviceOperatingSystemSummary | deviceOperatingSystemSummary | Device operating system summary. |
| deviceExchangeAccessStateSummary | deviceExchangeAccessStateSummary | Distribution of Exchange Access State in Intune |
Graph reference: mobileAppTroubleshootingEvent
| Property | Type | Description |
|---|---|---|
| id | String | The GUID for the object |
Graph reference: powerliftAppDiagnosticDownloadRequest
| Property | Type | Description |
|---|---|---|
| powerliftId | String | The unique id for the request that serves as an identifer for the diagnostic to be downloaded. |
| files | String collection | The list of files to download which is associated with the diagnostic. |
Graph reference: powerliftDownloadRequest
| Property | Type | Description |
|---|---|---|
| powerliftId | Guid | The unique id for the request |
| files | String collection | The list of files to download |
Graph reference: powerliftIncidentDetail
| Property | Type | Description | |
|---|---|---|---|
| powerliftId | String | The unique identifier of the app diagnostic. This id is assigned to a diagnostic when it is uploaded to Powerlift. Example: 8520467a-49a9-44a4-8447-8dfb8bec6726 | |
| easyId | String | The unique app diagnostic identifier as a user friendly 8 character hexadecimal string. This id is smaller compared to the powerliftId. Th Example: 8520467A | |
| createdDateTime | DateTimeOffset | The time the app diagnostic was created. The value cannot be modified and is automatically populated when the diagnostic is uploaded. The Timestamp type represents date and time information using ISO 8601 format and is always in UTC time.Example: 2022-04-19T17:24:45.313Z | |
| platformDisplayName | String | The operating system of the device from which diagnostics are collected. Example: iOS | |
| applicationName | String | TThe name of the application for which the diagnostic is collected. Example: com.microsoft.CompanyPortal | No |
| clientApplicationVersion | String | The version of the application for which the diagnostic is collected. Example: 5.2203.1 | |
| locale | String | The locale information of the application for which the diagnostic is collected. Example: en-US | |
| fileNames | String collection | A list of files that are associated with the diagnostic. |
Graph reference: powerliftIncidentMetadata
| Property | Type | Description |
|---|---|---|
| powerliftId | Guid | The unique identifier of the app diagnostic. Example: 8520467a-49a9-44a4-8447-8dfb8bec6726 |
| easyId | String | The unique app diagnostic identifier as a user friendly 8 character hexadecimal string. Example: 8520467A |
| createdAtDateTime | DateTimeOffset | The time the app diagnostic was created. Example: 2022-04-19T17:24:45.313Z |
| platform | String | The device's OS the diagnostic is from. Example: iOS |
| application | String | The name of the application the diagnostic is from. Example: com.microsoft.CompanyPortal |
| clientVersion | String | The version of the application. Example: 5.2203.1 |
| locale | String | The locale information of the application. Example: en-US |
| fileNames | String collection | A list of files that are associated with the diagnostic. |
Graph reference: privilegeManagementElevation
| Property | Type | Description |
|---|---|---|
| id | String | The unique identifier of the managed elevation event. This will be a Guid generated based on the deviceId and eventDateTime. Example: {7C1E0E13-D91F-4411-A164-AB5A330E87C7} |
| deviceId | String | The Intune deviceId. Unique identifier for the managed device. Example: 92ce5047-9553-4731-817f-9b401a999a1b |
| deviceName | String | The name associated with the device in the intune database. Example: JOHNDOE-LAPTOP. |
| eventDateTime | DateTimeOffset | The date and time when the application was elevated. Example:2014-01-01T00:00:00Z |
| elevationType | privilegeManagementElevationType | Indicates the type of elevation on the application. Possible values are undetermined, unmanagedElevation, zeroTouchElevation, userConfirmedElevation, and supportApprovedElevation. Defaults to undetermined. Possible values are: undetermined, unmanagedElevation, zeroTouchElevation, userConfirmedElevation, supportApprovedElevation, unknownFutureValue. |
| filePath | String | The full file path of the application including the filename and file extension. Example: C:\Program Files\vscode.exe |
| upn | String | The User Principal Name of the user who performed the elevation. Example: [email protected] |
| userType | privilegeManagementEndUserType | The type of account performed the elevation on Windows. Possible values are: undetermined, azureAd, hybrid, and local. Defaults to undetermined. Possible values are: undetermined, azureAd, hybrid, local, unknownFutureValue. |
| productName | String | The product name of the application. This value is set by the creator of the application. Example: Visual Studio |
| companyName | String | The company name of the application. This value is set by the creator of the application. Example: Microsoft Corporation |
| fileVersion | String | The version of the application. This value is set by the creator of the application. Example: 6.2211.1035.1000 |
| justification | String | The justification to elevate the application. This is an input by the user when the privilegeManagementElevationType is of type userConfirmedElevation or support approved elevation. This will be null in all other scenarios. The length is capped at 256 char, enforced on the client side. Example: To install debug tool.. |
| hash | String | The sha256 hash of the application. Example: 32c220482c68413fbf8290e3b1e49b0a85901cfcd62ab0738760568a2a6e8a57 |
| internalName | String | The internal name of the application. This value is set by the creator of the application. Example: VS code |
| fileDescription | String | The file description of the application. This value is set by the creator of the application. Example: Editor of multiple coding languages. |
| certificatePayload | String | The certificate payload of the application. This is computed by hashing the certificate information on the client. Example: 32c220482c68413fbf8290e3b1e49b0a85901cfcd62ab0738760568a2a6e8a50 |
| result | Int32 | The result of the elevation action with 0 being success, and everything else being exit code if the elevation was unsuccessful. The value will always be 0 on all unmanaged elevation. Example: 0. Valid values 0 to 2147483647 |
| processType | privilegeManagementProcessType | Indicates the type of process that is elevated. Possible values are undefined, parent and child. Possible values are: undefined, parent, child, unknownFutureValue. |
| ruleId | String | Unique identifier of the rule configured to run the application with elevated access |
| parentProcessName | String | The name of parent process associated with the elevated process. This is always populated for both parent and child process types |
| policyId | String | Unique Identifier of the policy configured to run the application with elevated access |
| policyName | String | The name of the policy configured to run the application in elevated access |
| systemInitiatedElevation | Boolean | To identify if the elevation is initiated by system or user interaction |
Graph reference: remoteActionAudit
| Property | Type | Description |
|---|---|---|
| id | String | Report Id. |
| deviceDisplayName | String | Intune device name. |
| userName | String | [deprecated] Please use InitiatedByUserPrincipalName instead. |
| initiatedByUserPrincipalName | String | User who initiated the device action, format is UPN. |
| action | remoteAction | The action name. Possible values are: unknown, factoryReset, removeCompanyData, resetPasscode, remoteLock, enableLostMode, disableLostMode, locateDevice, rebootNow, recoverPasscode, cleanWindowsDevice, logoutSharedAppleDeviceActiveUser, quickScan, fullScan, windowsDefenderUpdateSignatures, factoryResetKeepEnrollmentData, updateDeviceAccount, automaticRedeployment, shutDown, rotateBitLockerKeys, rotateFileVaultKey, getFileVaultKey, setDeviceName, activateDeviceEsim, deprovision, disable, reenable, moveDeviceToOrganizationalUnit, initiateMobileDeviceManagementKeyRecovery, initiateOnDemandProactiveRemediation, rotateLocalAdminPassword, unknownFutureValue, launchRemoteHelp, revokeAppleVppLicenses, removeDeviceFirmwareConfigurationInterfaceManagement, pauseConfigurationRefresh, initiateDeviceAttestation, changeAssignments, delete, suspendManagedHomeScreen, restoreManagedHomeScreen. |
| requestDateTime | DateTimeOffset | Time when the action was issued, given in UTC. |
| deviceOwnerUserPrincipalName | String | Upn of the device owner. |
| deviceIMEI | String | IMEI of the device. |
| actionState | actionState | Action state. Possible values are: none, pending, canceled, active, done, failed, notSupported. |
| managedDeviceId | String | Action target. |
| deviceActionDetails | keyValuePair_2OfString_String collection | DeviceAction details |
| deviceActionCategory | deviceActionCategory | DeviceAction category. Possible values are: single, bulk. |
| bulkDeviceActionId | String | BulkAction ID |
Graph reference: tenantAttachRBAC
| Property | Type | Description |
|---|---|---|
| id | String | Unique identifier for this entity |
Graph reference: user
| Property | Type | Description |
|---|---|---|
| id | String | Unique identifier of the user. |
Graph reference: userExperienceAnalyticsAnomaly
| Property | Type | Description |
|---|---|---|
| id | String | The unique identifier for the user experience analytics anomaly device object. |
| anomalyId | String | The unique identifier of the anomaly. |
| anomalyName | String | The name of the anomaly. |
| deviceImpactedCount | Int32 | The number of devices impacted by the anomaly. Valid values -2147483648 to 2147483647 |
| severity | userExperienceAnalyticsAnomalySeverity | The severity of the anomaly. Possible values are: high, medium, low, informational or other. Possible values are: high, medium, low, informational, other, unknownFutureValue. |
| state | userExperienceAnalyticsAnomalyState | The state of the anomaly. Possible values are: new, active, disabled, removed or other. Possible values are: new, active, disabled, removed, other, unknownFutureValue. |
| anomalyType | userExperienceAnalyticsAnomalyType | The category of the anomaly. Possible values are: device, application, stopError, driver or other. Possible values are: device, application, stopError, driver, other, unknownFutureValue. |
| anomalyFirstOccurrenceDateTime | DateTimeOffset | Indicates the first occurrence date and time for the anomaly. |
| anomalyLatestOccurrenceDateTime | DateTimeOffset | Indicates the latest occurrence date and time for the anomaly. |
| detectionModelId | String | The unique identifier of the anomaly detection model. |
| issueId | String | The unique identifier of the anomaly detection model. |
| assetName | String | The name of the application or module that caused the anomaly. |
| assetVersion | String | The version of the application or module that caused the anomaly. |
| assetPublisher | String | The publisher of the application or module that caused the anomaly. |
Graph reference: userExperienceAnalyticsAnomalyCorrelationGroupOverview
| Property | Type | Description |
|---|---|---|
| id | String | The unique identifier for the user experience analytics anomaly correlation group overview object. |
| anomalyId | String | The unique identifier of the anomaly. Anomaly details such as name and type can be found in the UserExperienceAnalyticsAnomalySeverityOverview entity. |
| correlationGroupId | String | The unique identifier for the correlation group which will uniquely identify one of the correlation group within an anomaly. The correlation Id can be mapped to the correlation group name by concatinating the correlation group features. Example of correlation group name which is the indicative of concatenated features names are for names, Contoso manufacture 4.4.1 and Windows 11.22621.1485. |
| correlationGroupFeatures | userExperienceAnalyticsAnomalyCorrelationGroupFeature collection | Describes the features of a device that are shared between all devices in a correlation group. |
| correlationGroupPrevalence | userExperienceAnalyticsAnomalyCorrelationGroupPrevalence | The prevalence of the correlation group. Possible values are: high, medium or low. Possible values are: high, medium, low, unknownFutureValue. |
| correlationGroupPrevalencePercentage | Double | The percentage of the devices in the correlation group that are anomalous. Valid values -1.79769313486232E+308 to 1.79769313486232E+308 |
| totalDeviceCount | Int32 | Indicates the total number of devices in the tenant. Valid values -2147483648 to 2147483647 |
| anomalyCorrelationGroupCount | Int32 | Indicates the number of correlation groups in the anomaly. Valid values -2147483648 to 2147483647 |
| correlationGroupDeviceCount | Int32 | Indicates the total number of devices in a correlation group. Valid values -2147483648 to 2147483647 |
| correlationGroupAnomalousDeviceCount | Int32 | Indicates the total number of devices affected by the anomaly in the correlation group. Valid values -2147483648 to 2147483647 |
| correlationGroupAtRiskDeviceCount | Int32 | Indicates the total number of devices at risk in the correlation group. Valid values -2147483648 to 2147483647 |
Graph reference: userExperienceAnalyticsAnomalyDevice
| Property | Type | Description |
|---|---|---|
| id | String | The unique identifier for the user experience analytics anomaly device object. |
| deviceId | String | The unique identifier of the device. |
| deviceName | String | The name of the device. |
| deviceModel | String | The model name of the device. |
| deviceManufacturer | String | The manufacturer name of the device. |
| osName | String | The name of the OS installed on the device. |
| osVersion | String | The OS version installed on the device. |
| anomalyId | String | The unique identifier of the anomaly. |
| anomalyOnDeviceFirstOccurrenceDateTime | DateTimeOffset | Indicates the first occurance date and time for the anomaly on the device. |
| anomalyOnDeviceLatestOccurrenceDateTime | DateTimeOffset | Indicates the latest occurance date and time for the anomaly on the device. |
| correlationGroupId | String | The unique identifier of the correlation group. |
| deviceStatus | userExperienceAnalyticsDeviceStatus | Indicates the device status with respect to the correlation group. At risk devices are devices that share correlation group features but may not yet be affected by an anomaly, such as when a device is experiencing crashes on an application but that application has not been used on the device but is currently installed. This could lead to the device becoming anomalous if the application in question were to be used. Possible values are: anomolous, affected or atRisk. Possible values are: anomalous, affected, atRisk, unknownFutureValue. |
Graph reference: userExperienceAnalyticsAppHealthApplicationPerformance
| Property | Type | Description |
|---|---|---|
| id | String | The unique identifier of the user experience analytics application performance object. Supports: $select, $OrderBy. Read-only. |
| appHangCount | Int32 | The number of hangs for the application. Supports: $select, $OrderBy. Read-only. Valid values -2147483648 to 2147483647 |
| appHealthScore | Double | The health score of the application. Valid values 0 to 100. Supports: $filter, $select, $OrderBy. Read-only. Valid values -1.79769313486232E+308 to 1.79769313486232E+308 |
| appHealthStatus | String | The overall health status of the application. Read-only. |
| allOrgsHealthScore | Double | The median health score of the application across all organizations. Read-only. Valid values -1.79769313486232E+308 to 1.79769313486232E+308 |
| activeDeviceCount | Int32 | The health score of the application. Valid values 0 to 100. Supports: $filter, $select, $OrderBy. Read-only. Valid values -2147483648 to 2147483647 |
| appName | String | The name of the application. The possible values are: outlook.exe, excel.exe. Supports: $select, $OrderBy. Read-only. |
| appDisplayName | String | The friendly name of the application. The possible values are: Outlook, Excel. Supports: $select, $OrderBy. Read-only. |
| appPublisher | String | The publisher of the application. Supports: $select, $OrderBy. Read-only. |
| appUsageDuration | Int32 | The total usage time of the application in minutes. Valid values 0 to 2147483647. Supports: $select, $OrderBy. Read-only. Valid values -2147483648 to 2147483647 |
| appCrashCount | Int32 | The number of crashes for the application. Valid values 0 to 2147483647. Supports: $select, $OrderBy. Read-only. Valid values -2147483648 to 2147483647 |
| meanTimeToFailureInMinutes | Int32 | The mean time to failure for the application in minutes. Valid values 0 to 2147483647. Supports: $select, $OrderBy. Read-only. Valid values -2147483648 to 2147483647 |
Graph reference: userExperienceAnalyticsAppHealthAppPerformanceByAppVersion
| Property | Type | Description |
|---|---|---|
| id | String | The unique identifier of the user experience analytics app performance object. |
| appVersion | String | The version of the application. |
| appName | String | The name of the application. Possible values are: outlook.exe, excel.exe. Supports: $select, $OrderBy. Read-only. |
| appDisplayName | String | The friendly name of the application. Possible values are: Outlook, Excel. Supports: $select, $OrderBy. Read-only. |
| appPublisher | String | The publisher of the application. Supports: $select, $OrderBy. Read-only. |
| appUsageDuration | Int32 | The total usage time of the application in minutes. Valid values 0 to 2147483647. Supports: $select, $OrderBy. Read-only. Valid values -2147483648 to 2147483647 |
| appCrashCount | Int32 | The number of crashes for the application. Valid values 0 to 2147483647. Supports: $select, $OrderBy. Read-only. Valid values -2147483648 to 2147483647 |
| meanTimeToFailureInMinutes | Int32 | The mean time to failure for the application in minutes. Valid values 0 to 2147483647. Supports: $select, $OrderBy. Read-only. Valid values -2147483648 to 2147483647 |
Graph reference: userExperienceAnalyticsAppHealthAppPerformanceByAppVersionDetails
| Property | Type | Description |
|---|---|---|
| id | String | The unique identifier of the user experience analytics application performance by application version details object. Supports: $select, $OrderBy. Read-only. |
| deviceCountWithCrashes | Int32 | The total number of devices that have reported one or more application crashes for this application and version. Valid values 0 to 2147483647. Supports: $select, $OrderBy. Read-only. Valid values -2147483648 to 2147483647 |
| isMostUsedVersion | Boolean | When TRUE, indicates the version of application is the most used version for that application. When FALSE, indicates the version is not the most used version. FALSE by default. Supports: $select, $OrderBy. Read-only. |
| isLatestUsedVersion | Boolean | When TRUE, indicates the version of application is the latest version for that application that is in use. When FALSE, indicates the version is not the latest version. FALSE by default. Supports: $select, $OrderBy. |
| appName | String | The name of the application. |
| appDisplayName | String | The friendly name of the application. |
| appPublisher | String | The publisher of the application. |
| appVersion | String | The version of the application. |
| appCrashCount | Int32 | The number of crashes for the app. Valid values -2147483648 to 2147483647 |
Graph reference: userExperienceAnalyticsAppHealthAppPerformanceByAppVersionDeviceId
| Property | Type | Description |
|---|---|---|
| id | String | The unique identifier of the user experience analytics application performance by application version device id object. Supports: $select, $OrderBy. Read-only. |
| deviceId | String | The Intune device id of the device. Supports: $select, $OrderBy. Read-only. |
| deviceDisplayName | String | The name of the device. Supports: $select, $OrderBy. Read-only. |
| processedDateTime | DateTimeOffset | The date and time when the statistics were last computed. The value cannot be modified and is automatically populated when the statistics are computed. The Timestamp type represents date and time information using ISO 8601 format and is always in UTC time. For example, midnight UTC on Jan 1, 2022 would look like this: '2022-01-01T00:00:00Z'. Returned by default. Read-only. |
| appName | String | The name of the application. |
| appDisplayName | String | The friendly name of the application. |
| appPublisher | String | The publisher of the application. |
| appVersion | String | The version of the application. |
| appCrashCount | Int32 | The number of crashes for the app. Valid values -2147483648 to 2147483647 |
Graph reference: userExperienceAnalyticsAppHealthAppPerformanceByOSVersion
| Property | Type | Description |
|---|---|---|
| id | String | The unique identifier of the user experience analytics application performance by OS version object. Supports: $select, $OrderBy. Read-only. |
| osVersion | String | The OS version of the application. Supports: $select, $OrderBy. Read-only. |
| osBuildNumber | String | The OS build number of the application. Supports: $select, $OrderBy. Read-only. |
| activeDeviceCount | Int32 | The number of devices where the application has been active. Valid values 0 to 2147483647. Supports: $select, $OrderBy. Read-only. Valid values -2147483648 to 2147483647 |
| appName | String | The name of the application. The possible values are: outlook.exe, excel.exe. Supports: $select, $OrderBy. Read-only. |
| appDisplayName | String | The friendly name of the application. The possible values are: Outlook, Excel. Supports: $select, $OrderBy. Read-only. |
| appPublisher | String | The publisher of the application. Supports: $select, $OrderBy. Read-only. |
| appUsageDuration | Int32 | The total usage time of the application in minutes. Valid values 0 to 2147483647. Supports: $select, $OrderBy. Read-only. Valid values -2147483648 to 2147483647 |
| appCrashCount | Int32 | The number of crashes for the application. Valid values 0 to 2147483647. Supports: $select, $OrderBy. Read-only. Valid values -2147483648 to 2147483647 |
| meanTimeToFailureInMinutes | Int32 | The mean time to failure for the application in minutes. Valid values 0 to 2147483647. Supports: $select, $OrderBy. Read-only. Valid values -2147483648 to 2147483647 |
Graph reference: userExperienceAnalyticsAppHealthDeviceModelPerformance
| Property | Type | Description |
|---|---|---|
| id | String | The unique identifier of the user experience analytics device model performance object. Supports: $select, $OrderBy. Read-only. |
| deviceModel | String | The model name of the device. Supports: $select, $OrderBy. Read-only. |
| deviceManufacturer | String | The manufacturer name of the device. Supports: $select, $OrderBy. Read-only. |
| activeDeviceCount | Int32 | The number of active devices for the model. Valid values 0 to 2147483647. Supports: $filter, $select, $OrderBy. Read-only. Valid values -2147483648 to 2147483647 |
| meanTimeToFailureInMinutes | Int32 | The mean time to failure for the application in minutes. Valid values 0 to 2147483647. Supports: $filter, $select, $OrderBy. Read-only. Valid values -2147483648 to 2147483647 |
| modelAppHealthScore | Double | The application health score of the device model. Valid values 0 to 100. Supports: $filter, $select, $OrderBy. Read-only. Valid values -1.79769313486232E+308 to 1.79769313486232E+308 |
| modelAppHealthStatus | String | The overall app health status of the device model. |
| healthStatus | userExperienceAnalyticsHealthState | The health state of the user experience analytics model. The possible values are: unknown, insufficientData, needsAttention, meetingGoals. Unknown by default. Supports: $filter, $select, $OrderBy. Read-only. The possible values are: unknown, insufficientData, needsAttention, meetingGoals, unknownFutureValue. |
Graph reference: userExperienceAnalyticsAppHealthDevicePerformance
| Property | Type | Description |
|---|---|---|
| id | String | The unique identifier of the user experience analytics device performance object. Supports: $select, $OrderBy. Read-only. |
| deviceModel | String | The model name of the device. Supports: $select, $OrderBy. Read-only. |
| deviceManufacturer | String | The manufacturer name of the device. Supports: $select, $OrderBy. Read-only. |
| appCrashCount | Int32 | The number of application crashes for the device. Valid values 0 to 2147483647. Supports: $filter, $select, $OrderBy. Read-only. Valid values -2147483648 to 2147483647 |
| crashedAppCount | Int32 | The number of distinct application crashes for the device. Valid values 0 to 2147483647. Supports: $select, $OrderBy. Read-only. Valid values -2147483648 to 2147483647 |
| appHangCount | Int32 | The number of application hangs for the device. Valid values 0 to 2147483647. Supports: $select, $OrderBy. Read-only. Valid values -2147483648 to 2147483647 |
| processedDateTime | DateTimeOffset | The date and time when the statistics were last computed. The value cannot be modified and is automatically populated when the statistics are computed. The Timestamp type represents date and time information using ISO 8601 format and is always in UTC time. For example, midnight UTC on Jan 1, 2022 would look like this: '2022-01-01T00:00:00Z'. Returned by default. Read-only. |
| meanTimeToFailureInMinutes | Int32 | The mean time to failure for the application in minutes. Valid values 0 to 2147483647. Supports: $filter, $select, $OrderBy. Read-only. Valid values -2147483648 to 2147483647 |
| deviceAppHealthScore | Double | The application health score of the device. Valid values 0 to 100. Supports: $filter, $select, $OrderBy. Read-only. Valid values -1.79769313486232E+308 to 1.79769313486232E+308 |
| deviceAppHealthStatus | String | The overall app health status of the device. |
| healthStatus | userExperienceAnalyticsHealthState | The health state of the user experience analytics device. The possible values are: unknown, insufficientData, needsAttention, meetingGoals. Unknown by default. Supports: $filter, $select, $OrderBy. Read-only. The possible values are: unknown, insufficientData, needsAttention, meetingGoals, unknownFutureValue. |
| deviceId | String | The Intune device id of the device. Supports: $select, $OrderBy. Read-only. |
| deviceDisplayName | String | The name of the device. Supports: $select, $OrderBy. Read-only. |
Graph reference: userExperienceAnalyticsAppHealthDevicePerformanceDetails
| Property | Type | Description |
|---|---|---|
| id | String | The unique identifier of the user experience analytics device performance details object. Supports: $select, $OrderBy. Read-only. |
| eventDateTime | DateTimeOffset | The time the event occurred. The value cannot be modified and is automatically populated when the statistics are computed. The Timestamp type represents date and time information using ISO 8601 format and is always in UTC time. For example, midnight UTC on Jan 1, 2022 would look like this: '2022-01-01T00:00:00Z'. Returned by default. Read-only. |
| eventType | String | The type of the event. Supports: $select, $OrderBy. Read-only. |
| appDisplayName | String | The friendly name of the application for which the event occurred. The possible values are: outlook.exe, excel.exe. Supports: $select, $OrderBy. Read-only. |
| appPublisher | String | The publisher of the application. Supports: $select, $OrderBy. Read-only. |
| appVersion | String | The version of the application. The possible values are: 1.0.0.1, 75.65.23.9. Supports: $select, $OrderBy. Read-only. |
| deviceId | String | The Intune device id of the device. Supports: $select, $OrderBy. Read-only. |
| deviceDisplayName | String | The name of the device. Supports: $select, $OrderBy. Read-only. |
Graph reference: userExperienceAnalyticsAppHealthOSVersionPerformance
| Property | Type | Description |
|---|---|---|
| id | String | The unique identifier of the user experience analytics OS version performance object. Supports: $select, $OrderBy. Read-only. |
| osVersion | String | The OS version installed on the device. Supports: $select, $OrderBy. Read-only. |
| osBuildNumber | String | The OS build number installed on the device. Supports: $select, $OrderBy. Read-only. |
| activeDeviceCount | Int32 | The number of active devices for the OS version. Valid values 0 to 2147483647. Supports: $filter, $select, $OrderBy. Read-only. Valid values -2147483648 to 2147483647 |
| meanTimeToFailureInMinutes | Int32 | The mean time to failure for the application in minutes. Valid values 0 to 2147483647. Supports: $filter, $select, $OrderBy. Read-only. Valid values -2147483648 to 2147483647 |
| osVersionAppHealthScore | Double | The application health score of the OS version. Valid values 0 to 100. Supports: $filter, $select, $OrderBy. Read-only. Valid values -1.79769313486232E+308 to 1.79769313486232E+308 |
| osVersionAppHealthStatus | String | The overall app health status of the OS version. |
Graph reference: userExperienceAnalyticsBaseline
| Property | Type | Description |
|---|---|---|
| id | String | The unique identifier of the user experience analytics baseline. |
| displayName | String | The name of the baseline. |
| overallScore | Int32 | The overall score of the user experience analytics baseline. |
| isBuiltIn | Boolean | When TRUE, indicates the current baseline is the commercial median baseline. When FALSE, indicates it is a custom baseline. FALSE by default. |
| createdDateTime | DateTimeOffset | The date the custom baseline was created. The value cannot be modified and is automatically populated when the baseline is created. The Timestamp type represents date and time information using ISO 8601 format and is always in UTC time. For example, midnight UTC on Jan 1, 2014 would look like this: '2014-01-01T00:00:00Z'. Returned by default. |
Graph reference: userExperienceAnalyticsBatteryHealthAppImpact
| Property | Type | Description |
|---|---|---|
| id | String | The unique identifier of the user experience analytics battery app impact object. |
| activeDevices | Int32 | Number of active devices for using that app over a 14-day period. Valid values 0 to 2147483647 |
| appName | String | App name. Eg: oltk.exe |
| appDisplayName | String | User friendly display name for the app. Eg: Outlook |
| appPublisher | String | App publisher. Eg: Microsoft Corporation |
| isForegroundApp | Boolean | true if the user had active interaction with the app. |
| batteryUsagePercentage | Double | The percent of total battery power used by this application when the device was not plugged into AC power, over 14 days computed across all devices in the tenant. Unit in percentage. Valid values 0 to 1.79769313486232E+308 |
Graph reference: userExperienceAnalyticsBatteryHealthCapacityDetails
| Property | Type | Description |
|---|---|---|
| id | String | The unique identifier of the user experience analytics battery health capacity object. |
| activeDevices | Int32 | Number of active devices within the tenant. Valid values 0 to 2147483647 |
| batteryCapacityGood | Int32 | Number of devices whose battery maximum capacity is greater than 80%. Valid values 0 to 2147483647 |
| batteryCapacityFair | Int32 | Number of devices whose battery maximum capacity is greater than 50% but lesser than 80%. Valid values 0 to 2147483647 |
| batteryCapacityPoor | Int32 | Number of devices whose battery maximum capacity is lesser than 50%. Valid values 0 to 2147483647 |
| lastRefreshedDateTime | DateTimeOffset | Recorded date time of this capacity details instance. |
Graph reference: userExperienceAnalyticsBatteryHealthDeviceAppImpact
| Property | Type | Description |
|---|---|---|
| id | String | The unique identifier of the user experience analytics battery device app impact object. |
| deviceId | String | The unique identifier of the device, Intune DeviceID or SCCM device id. |
| appName | String | App name. Eg: oltk.exe |
| appDisplayName | String | User friendly display name for the app. Eg: Outlook |
| appPublisher | String | App publisher. Eg: Microsoft Corporation |
| isForegroundApp | Boolean | true if the user had active interaction with the app. |
| batteryUsagePercentage | Double | The percent of total battery power used by this application when the device was not plugged into AC power, over 14 days. Unit in percentage. Valid values 0 to 1.79769313486232E+308 |
Graph reference: userExperienceAnalyticsBatteryHealthDevicePerformance
| Property | Type | Description |
|---|---|---|
| id | String | The unique identifier of the user experience analytics battery health device performance object. |
| deviceId | String | The unique identifier of the device, Intune DeviceID. |
| deviceName | String | Device friendly name. |
| model | String | The model name of the device. Deprecated in favor of DeviceModelName. |
| manufacturer | String | The manufacturer name of the device. Deprecated in favor of DeviceManufacturerName. |
| deviceModelName | String | The model name of the device. |
| deviceManufacturerName | String | The manufacturer name of the device. |
| maxCapacityPercentage | Int32 | Ratio of current capacity and design capacity of the battery with the lowest capacity. Unit in percentage and values range from 0-100. Valid values 0 to 2147483647 |
| estimatedRuntimeInMinutes | Int32 | The estimated runtime of the device when the battery is fully charged. Unit in minutes. Valid values 0 to 2147483647 |
| batteryAgeInDays | Int32 | Estimated battery age. Unit in days. Valid values 0 to 2147483647 |
| fullBatteryDrainCount | Int32 | Number of times the battery has been discharged an amount that equals 100% of its capacity, but not necessarily by discharging it from 100% to 0%. Valid values 0 to 2147483647 |
| deviceBatteryCount | Int32 | Number of batteries in a user device. Valid values 0 to 2147483647 |
| deviceBatteriesDetails | userExperienceAnalyticsDeviceBatteryDetail collection | Properties (maxCapacity and cycleCount) related to all batteries of the device. |
| deviceBatteryTags | String collection | Tags for computed information on how battery on the device is behaving. E.g. newbattery, batterycapacityred, designcapacityzero, etc. |
| deviceBatteryHealthScore | Int32 | A weighted average of a device’s maximum capacity score and runtime estimate score. Values range from 0-100. Valid values 0 to 2147483647 |
| healthStatus | userExperienceAnalyticsHealthState | The overall battery health status of the device. Possible values are: unknown, insufficientData, needsAttention, meetingGoals, unknownFutureValue. |
Graph reference: userExperienceAnalyticsBatteryHealthDeviceRuntimeHistory
| Property | Type | Description |
|---|---|---|
| id | String | The unique identifier of the user experience analytics battery health runtime object. |
| deviceId | String | The unique identifier of the device, Intune DeviceID or SCCM device id. |
| runtimeDateTime | String | The datetime for the instance of runtime history. |
| estimatedRuntimeInMinutes | Int32 | The estimated runtime of the device when the battery is fully charged. Unit in minutes. Valid values 0 to 2147483647 |
Graph reference: userExperienceAnalyticsBatteryHealthModelPerformance
| Property | Type | Description |
|---|---|---|
| id | String | The unique identifier of the user experience analytics battery health model performance object. |
| activeDevices | Int32 | Number of active devices for that model. Valid values 0 to 2147483647 |
| model | String | The model name of the device. Deprecated in favor of DeviceModelName. |
| manufacturer | String | Name of the device manufacturer. Deprecated in favor of DeviceManufacturerName. |
| deviceModelName | String | The model name of the device. |
| deviceManufacturerName | String | The manufacturer name of the device. |
| averageMaxCapacityPercentage | Int32 | The mean of the maximum capacity for all devices of a given model. Maximum capacity measures the full charge vs. design capacity for a device’s batteries.. Valid values 0 to 2147483647 |
| averageEstimatedRuntimeInMinutes | Int32 | The mean of the estimated runtimes on full charge for all devices of a given model. Unit in minutes. Valid values 0 to 2147483647 |
| averageBatteryAgeInDays | Int32 | The mean of the battery age for all devices of a given model in a tenant. Unit in days. Valid values 0 to 2147483647 |
| meanFullBatteryDrainCount | Int32 | The mean of number of times the battery has been discharged an amount that equals 100% of its capacity for all devices of a given model in a tenant. Valid values 0 to 2147483647 |
| medianMaxCapacityPercentage | Int32 | The median of the maximum capacity for all devices of a given model. Maximum capacity measures the full charge vs. design capacity for a device’s batteries.. Valid values 0 to 2147483647 |
| medianEstimatedRuntimeInMinutes | Int32 | The median of the estimated runtimes on full charge for all devices of a given model. Unit in minutes. Valid values 0 to 2147483647 |
| medianFullBatteryDrainCount | Int32 | The median of number of times the battery has been discharged an amount that equals 100% of its capacity for all devices of a given model in a tenant. Valid values 0 to 2147483647 |
| modelBatteryHealthScore | Int32 | A weighted average of a model’s maximum capacity score and runtime estimate score. Values range from 0-100. Valid values 0 to 2147483647 |
| modelHealthStatus | userExperienceAnalyticsHealthState | The overall battery health status of a given model in a tenant. Possible values are: unknown, insufficientData, needsAttention, meetingGoals, unknownFutureValue. |
Graph reference: userExperienceAnalyticsBatteryHealthOsPerformance
| Property | Type | Description |
|---|---|---|
| id | String | The unique identifier of the user experience analytics battery health os performance object. |
| activeDevices | Int32 | Number of active devices for that os version. Valid values 0 to 2147483647 |
| osVersion | String | Version of the operating system. |
| osBuildNumber | String | Build number of the operating system. |
| averageMaxCapacityPercentage | Int32 | The mean of the maximum capacity for all devices running a particular operating system version. Maximum capacity measures the full charge vs. design capacity for a device’s batteries.. Valid values 0 to 2147483647 |
| averageEstimatedRuntimeInMinutes | Int32 | The mean of the estimated runtimes on full charge for all devices running a particular operating system version. Unit in minutes. Valid values 0 to 2147483647 |
| averageBatteryAgeInDays | Int32 | The mean of the battery age for all devices running a particular operating system version in a tenant. Unit in days. Valid values 0 to 2147483647 |
| meanFullBatteryDrainCount | Int32 | The mean of number of times the battery has been discharged an amount that equals 100% of its capacity for all devices running a particular operating system version in a tenant. Valid values 0 to 2147483647 |
| medianMaxCapacityPercentage | Int32 | The median of the maximum capacity for all devices running a particular operating system version. Maximum capacity measures the full charge vs. design capacity for a device’s batteries.. Valid values 0 to 2147483647 |
| medianEstimatedRuntimeInMinutes | Int32 | The median of the estimated runtimes on full charge for all devices running a particular operating system version. Unit in minutes. Valid values 0 to 2147483647 |
| medianFullBatteryDrainCount | Int32 | The median of number of times the battery has been discharged an amount that equals 100% of its capacity for all devices running a particular operating system version in a tenant. Valid values 0 to 2147483647 |
| osBatteryHealthScore | Int32 | A weighted average of battery health score across all devices running a particular operating system version. Values range from 0-100. Valid values 0 to 2147483647 |
| osHealthStatus | userExperienceAnalyticsHealthState | The overall battery health status of a given os version in a tenant. Possible values are: unknown, insufficientData, needsAttention, meetingGoals, unknownFutureValue. |
Graph reference: userExperienceAnalyticsBatteryHealthRuntimeDetails
| Property | Type | Description |
|---|---|---|
| id | String | The unique identifier of the user experience analytics battery health runtime object. |
| activeDevices | Int32 | Number of active devices within the tenant. Valid values 0 to 2147483647 |
| batteryRuntimeGood | Int32 | Number of devices whose active runtime is greater than 5 hours. Valid values 0 to 2147483647 |
| batteryRuntimeFair | Int32 | Number of devices whose active runtime is greater than 3 hours but lesser than 5 hours. Valid values 0 to 2147483647 |
| batteryRuntimePoor | Int32 | Number of devices whose active runtime is lesser than 3 hours. Valid values 0 to 2147483647 |
| lastRefreshedDateTime | DateTimeOffset | Recorded date time of this runtime details instance. |
Graph reference: userExperienceAnalyticsCategory
| Property | Type | Description |
|---|---|---|
| id | String | The unique identifier of the user experience analytics category. Read-only. |
| overallScore | Int32 | The overall score of the user experience analytics category. |
| totalDevices | Int32 | The total device count of the user experience analytics category. |
| insights | userExperienceAnalyticsInsight collection | The insights for the category. Read-only. |
| state | userExperienceAnalyticsHealthState | The current health state of the user experience analytics category. The possible values are: unknown, insufficientData, needsAttention, meetingGoals, unknownFutureValue. |
Graph reference: userExperienceAnalyticsDevicePerformance
| Property | Type | Description |
|---|---|---|
| id | String | The unique identifier of the user experience analytics device boot performance device. |
| deviceName | String | The user experience analytics device name. |
| model | String | The user experience analytics device model. |
| manufacturer | String | The user experience analytics device manufacturer. |
| diskType | diskType | The user experience analytics device disk type. The possible values are: unknown, hdd, ssd, unknownFutureValue. |
| operatingSystemVersion | String | The user experience analytics device Operating System version. |
| bootScore | Int32 | The user experience analytics device boot score. |
| coreBootTimeInMs | Int32 | The user experience analytics device core boot time in milliseconds. |
| groupPolicyBootTimeInMs | Int32 | The user experience analytics device group policy boot time in milliseconds. |
| healthStatus | userExperienceAnalyticsHealthState | The health state of the user experience analytics device. The possible values are: unknown, insufficientData, needsAttention, meetingGoals, unknownFutureValue. |
| loginScore | Int32 | The user experience analytics device login score. |
| coreLoginTimeInMs | Int32 | The user experience analytics device core login time in milliseconds. |
| groupPolicyLoginTimeInMs | Int32 | The user experience analytics device group policy login time in milliseconds. |
| deviceCount | Int64 | User experience analytics summarized device count. |
| responsiveDesktopTimeInMs | Int32 | The user experience analytics responsive desktop time in milliseconds. |
| blueScreenCount | Int32 | Number of Blue Screens in the last 30 days. Valid values 0 to 9999999 |
| restartCount | Int32 | Number of Restarts in the last 30 days. Valid values 0 to 9999999 |
| averageBlueScreens | Double | Average (mean) number of Blue Screens per device in the last 30 days. Valid values 0 to 9999999 |
| averageRestarts | Double | Average (mean) number of Restarts per device in the last 30 days. Valid values 0 to 9999999 |
| startupPerformanceScore | Double | The user experience analytics device startup performance score. Valid values -1.79769313486232E+308 to 1.79769313486232E+308 |
| modelStartupPerformanceScore | Double | The user experience analytics model level startup performance score. Valid values -1.79769313486232E+308 to 1.79769313486232E+308 |
Graph reference: userExperienceAnalyticsDeviceScope
| Property | Type | Description |
|---|---|---|
| id | String | The unique identifier for the device scope configuration. |
| deviceScopeName | String | The name of the user experience analytics device Scope configuration. |
| ownerId | String | The unique identifier of the person (admin) who created the device scope configuration. |
| isBuiltIn | Boolean | Indicates whether the device scope configuration is built-in or custom. When TRUE, the device scope configuration is built-in. When FALSE, the device scope configuration is custom. Default value is FALSE. |
| enabled | Boolean | Indicates whether a device scope is enabled or disabled. When TRUE, the device scope is enabled. When FALSE, the device scope is disabled. Default value is FALSE. |
| status | deviceScopeStatus | Indicates the device scope status after the device scope has been enabled. Possible values are: none, computing, insufficientData or completed. Default value is none. Possible values are: none, computing, insufficientData, completed, unknownFutureValue. |
| parameter | deviceScopeParameter | Device scope configuration parameter. It will be extended in future to add more parameter. Eg: device scope parameter can be OS version, Disk Type, Device manufacturer, device model or Scope tag. Default value: scopeTag. Possible values are: none, scopeTag, unknownFutureValue. |
| operator | deviceScopeOperator | Device scope configuration query operator. Possible values are: equals, notEquals, contains, notContains, greaterThan, lessThan. Default value: equals. Possible values are: none, equals, unknownFutureValue. |
| valueObjectId | String | The unique identifier for a user device scope tag Id used for the creation of device scope configuration. |
| value | String | The device scope configuration query clause value. |
| createdDateTime | DateTimeOffset | Indicates the creation date and time for the custom device scope. |
| lastModifiedDateTime | DateTimeOffset | Indicates the last updated date and time for the custom device scope. |
Graph reference: userExperienceAnalyticsDeviceScopeSummary
| Property | Type | Description |
|---|---|---|
| totalDeviceScopes | Int32 | The total number of user experience analytics device scopes. Valid values -2147483648 to 2147483647 |
| totalDeviceScopesEnabled | Int32 | The total number of user experience analytics device scopes that are enabled. Valid values -2147483648 to 2147483647 |
| completedDeviceScopeIds | String collection | A collection of the user experience analytics device scope Unique Identifiers that are enabled and finished recalculating the report metric. |
| insufficientDataDeviceScopeIds | String collection | A collection of user experience analytics device scope Unique Identitfiers that are enabled but there is insufficient data to calculate results. |
Graph reference: userExperienceAnalyticsDeviceScores
| Property | Type | Description |
|---|---|---|
| id | String | The unique identifier of the user experience analytics device score entry. Supports: $select, $OrderBy. Read-only. |
| deviceName | String | The name of the device. Supports: $select, $OrderBy. Read-only. |
| model | String | The model name of the device. Supports: $select, $OrderBy. Read-only. |
| manufacturer | String | The manufacturer name of the device. Examples: Microsoft Corporation, HP, Lenovo. Supports: $select, $OrderBy. Read-only. |
| endpointAnalyticsScore | Double | Indicates a weighted average of the various scores. Valid values range from 0-100. Value -1 means associated score is unavailable. A higher score indicates a healthier device. Read-only. Valid values -1.79769313486232E+308 to 1.79769313486232E+308 |
| startupPerformanceScore | Double | Indicates a weighted average of boot score and logon score used for measuring startup performance. Valid values range from 0-100. Value -1 means associated score is unavailable. A higher score indicates a healthier device. Read-only. Valid values -1.79769313486232E+308 to 1.79769313486232E+308 |
| appReliabilityScore | Double | Indicates a score calculated from application health data to indicate when a device is having problems running one or more applications. Valid values range from 0-100. Value -1 means associated score is unavailable. A higher score indicates a healthier device. Read-only. Valid values -1.79769313486232E+308 to 1.79769313486232E+308 |
| workFromAnywhereScore | Double | Indicates a weighted score of the work from anywhere on a device level. Valid values range from 0-100. Value -1 means associated score is unavailable. A higher score indicates a healthier device. Read-only. Valid values -1.79769313486232E+308 to 1.79769313486232E+308 |
| batteryHealthScore | Double | Indicates a calulated score indicating the health of the device's battery. Valid values range from 0-100. Value -1 means associated score is unavailable. A higher score indicates a healthier device. Read-only. Valid values -1.79769313486232E+308 to 1.79769313486232E+308 |
| healthStatus | userExperienceAnalyticsHealthState | The health status of the device. The possible values are: unknown, insufficientData, needsAttention, meetingGoals. Unknown by default. Supports: $filter, $select, $OrderBy. Read-only. The possible values are: unknown, insufficientData, needsAttention, meetingGoals, unknownFutureValue. |
Graph reference: userExperienceAnalyticsDeviceStartupHistory
| Property | Type | Description |
|---|---|---|
| id | String | The unique identifier of the user experience analytics device startup history. Supports: $select, $OrderBy. Read-only. |
| deviceId | String | The Intune device id of the device. Supports: $select, $OrderBy. Read-only. |
| startTime | DateTimeOffset | The device boot start time. The value cannot be modified and is automatically populated when the device performs a reboot. The Timestamp type represents date and time information using ISO 8601 format and is always in UTC time. For example, midnight UTC on Jan 1, 2022 would look like this: '2022-01-01T00:00:00Z'. Returned by default. Read-only. |
| coreBootTimeInMs | Int32 | The device core boot time in milliseconds. Supports: $select, $OrderBy. Read-only. |
| groupPolicyBootTimeInMs | Int32 | The impact of device group policy client on boot time in milliseconds. Supports: $select, $OrderBy. Read-only. |
| featureUpdateBootTimeInMs | Int32 | The impact of device feature updates on boot time in milliseconds. Supports: $select, $OrderBy. Read-only. |
| totalBootTimeInMs | Int32 | The device total boot time in milliseconds. Supports: $select, $OrderBy. Read-only. |
| groupPolicyLoginTimeInMs | Int32 | The impact of device group policy client on login time in milliseconds. Supports: $select, $OrderBy. Read-only. |
| coreLoginTimeInMs | Int32 | The device core login time in milliseconds. Supports: $select, $OrderBy. Read-only. |
| responsiveDesktopTimeInMs | Int32 | The time for desktop to become responsive during login process in milliseconds. Supports: $select, $OrderBy. Read-only. |
| totalLoginTimeInMs | Int32 | The device total login time in milliseconds. Supports: $select, $OrderBy. Read-only. |
| isFirstLogin | Boolean | When TRUE, indicates the device login is the first login after a reboot. When FALSE, indicates the device login is not the first login after a reboot. Supports: $select, $OrderBy. Read-only. |
| isFeatureUpdate | Boolean | When TRUE, indicates the device boot record is associated with feature updates. When FALSE, indicates the device boot record is not associated with feature updates. Supports: $select, $OrderBy. Read-only. |
| operatingSystemVersion | String | The user experience analytics device boot record's operating system version. Supports: $select, $OrderBy. Read-only. |
| restartCategory | userExperienceAnalyticsOperatingSystemRestartCategory | OS restart category. The possible values are: unknown, restartWithUpdate, restartWithoutUpdate, blueScreen, shutdownWithUpdate, shutdownWithoutUpdate, longPowerButtonPress, bootError, update. Unknown by default. Supports: $select, $OrderBy. Read-only. The possible values are: unknown, restartWithUpdate, restartWithoutUpdate, blueScreen, shutdownWithUpdate, shutdownWithoutUpdate, longPowerButtonPress, bootError, update, unknownFutureValue. |
| restartStopCode | String | OS restart stop code. This shows the bug check code which can be used to look up the blue screen reason. Supports: $select, $OrderBy. Read-only. |
| restartFaultBucket | String | OS restart fault bucket. The fault bucket is used to find additional information about a system crash. Supports: $select, $OrderBy. Read-only. |
Graph reference: userExperienceAnalyticsDeviceStartupProcess
| Property | Type | Description |
|---|---|---|
| id | String | The unique identifier of the user experience analytics device startup process. Supports: $select, $OrderBy. Read-only. |
| managedDeviceId | String | The Intune device id of the device. Supports: $select, $OrderBy. Read-only. |
| processName | String | The name of the process. Examples: outlook, excel. Supports: $select, $OrderBy. Read-only. |
| productName | String | The product name of the process. Examples: Microsoft Outlook, Microsoft Excel. Supports: $select, $OrderBy. Read-only. |
| publisher | String | The publisher of the process. Examples: Microsoft Corporation, Contoso Corp. Supports: $select, $OrderBy. Read-only. |
| startupImpactInMs | Int32 | The impact of startup process on device boot time in milliseconds. Supports: $select, $OrderBy. Read-only. |
Graph reference: userExperienceAnalyticsDeviceStartupProcessPerformance
| Property | Type | Description |
|---|---|---|
| id | String | The unique identifier of the user experience analytics device startup process performance. Supports: $select, $OrderBy. Read-only. |
| processName | String | The name of the startup process. Examples: outlook, excel. Supports: $select, $OrderBy. Read-only. |
| productName | String | The product name of the startup process. Examples: Microsoft Outlook, Microsoft Excel. Supports: $select, $OrderBy. Read-only. |
| publisher | String | The publisher of the startup process. Examples: Microsoft Corporation, Contoso Corp. Supports: $select, $OrderBy. Read-only. |
| deviceCount | Int64 | The count of devices which initiated this process on startup. Supports: $filter, $select, $OrderBy. Read-only. |
| medianImpactInMs | Int64 | The median impact of startup process on device boot time in milliseconds. Supports: $filter, $select, $OrderBy. Read-only. |
| totalImpactInMs | Int64 | The total impact of startup process on device boot time in milliseconds. Supports: $filter, $select, $OrderBy. Read-only. |
Graph reference: userExperienceAnalyticsDeviceTimelineEvents
| Property | Type | Description |
|---|---|---|
| id | String | The unique identifier of the user experience analytics NRT device timeline events object. |
| deviceId | String | The id of the device where the event occurred. |
| eventDateTime | DateTimeOffset | The time the event occured. |
| eventLevel | deviceEventLevel | The severity level of the event enum. The possible values are: none, verbose, information, warning, error ,critical. Default value: none. The possible values are: none, verbose, information, warning, error, critical, unknownFutureValue. |
| eventSource | String | The source of the event. Examples include: Intune, Sccm. |
| eventName | String | The name of the event. Examples include: BootEvent, LogonEvent, AppCrashEvent, AppHangEvent. |
| eventDetails | String | The details provided by the event, format depends on event type. |
| eventAdditionalInformation | String | Placeholder value for future expansion. |
Graph reference: userExperienceAnalyticsDeviceWithoutCloudIdentity
| Property | Type | Description |
|---|---|---|
| id | String | The unique identifier of the user experience analytics tenant attach device. |
| deviceName | String | The tenant attach device's name. |
| azureAdDeviceId | String | Azure Active Directory Device Id |
Graph reference: userExperienceAnalyticsImpactingProcess
| Property | Type | Description |
|---|---|---|
| id | String | The unique identifier of the user experience analytics top impacting process entity. |
| deviceId | String | The unique identifier of the impacted device. |
| category | String | The category of impacting process. |
| processName | String | The process name. |
| description | String | The description of process. |
| publisher | String | The publisher of the process. |
| impactValue | Double | The impact value of the process. Valid values 0 to 1.79769313486232E+308 |
Graph reference: userExperienceAnalyticsMetric
| Property | Type | Description |
|---|---|---|
| id | String | The unique identifier of the user experience analytics metric. |
| value | Double | The value of the user experience analytics metric. |
| unit | String | The unit of the user experience analytics metric. Examples: none, percentage, count, seconds, score. |
Graph reference: userExperienceAnalyticsMetricHistory
| Property | Type | Description |
|---|---|---|
| id | String | The unique identifier of the user experience analytics metric history. |
| deviceId | String | The Intune device id of the device. |
| metricDateTime | DateTimeOffset | The metric date time. The value cannot be modified and is automatically populated when the metric is created. The Timestamp type represents date and time information using ISO 8601 format and is always in UTC time. For example, midnight UTC on Jan 1, 2014 would look like this: '2014-01-01T00:00:00Z'. Returned by default. |
| metricType | String | The user experience analytics metric type. |
Graph reference: userExperienceAnalyticsModelScores
| Property | Type | Description |
|---|---|---|
| id | String | The unique identifier of the user experience analytics model score entry. Supports: $select, $OrderBy. Read-only. |
| model | String | The model name of the device. Supports: $select, $OrderBy. Read-only. |
| manufacturer | String | The manufacturer name of the device. Examples: Microsoft Corporation, HP, Lenovo. Supports: $select, $OrderBy. Read-only. |
| modelDeviceCount | Int64 | Indicates unique devices count of given model in a consolidated report. Supports: $select, $OrderBy. Read-only. Valid values -9.22337203685478E+18 to 9.22337203685478E+18 |
| endpointAnalyticsScore | Double | Indicates a weighted average of the various scores. Valid values range from 0-100. Value -1 means associated score is unavailable. A higher score indicates a healthier device. Read-only. Valid values -1.79769313486232E+308 to 1.79769313486232E+308 |
| startupPerformanceScore | Double | Indicates a weighted average of boot score and logon score used for measuring startup performance. Valid values range from 0-100. Value -1 means associated score is unavailable. A higher score indicates a healthier device. Read-only. Valid values -1.79769313486232E+308 to 1.79769313486232E+308 |
| appReliabilityScore | Double | Indicates a score calculated from application health data to indicate when a device is having problems running one or more applications. Valid values range from 0-100. Value -1 means associated score is unavailable. A higher score indicates a healthier device. Read-only. Valid values -1.79769313486232E+308 to 1.79769313486232E+308 |
| workFromAnywhereScore | Double | Indicates a weighted score of the work from anywhere on a device level. Valid values range from 0-100. Value -1 means associated score is unavailable. A higher score indicates a healthier device. Read-only. Valid values -1.79769313486232E+308 to 1.79769313486232E+308 |
| batteryHealthScore | Double | Indicates a calulated score indicating the health of the device's battery. Valid values range from 0-100. Value -1 means associated score is unavailable. A higher score indicates a healthier device. Read-only. Valid values -1.79769313486232E+308 to 1.79769313486232E+308 |
| healthStatus | userExperienceAnalyticsHealthState | The health status of the device. The possible values are: unknown, insufficientData, needsAttention, meetingGoals. Unknown by default. Supports: $filter, $select, $OrderBy. Read-only. The possible values are: unknown, insufficientData, needsAttention, meetingGoals, unknownFutureValue. |
Graph reference: userExperienceAnalyticsNotAutopilotReadyDevice
| Property | Type | Description |
|---|---|---|
| id | String | The unique identifier of the user experience analytics intune device. |
| deviceName | String | The intune device's name. |
| serialNumber | String | The intune device's serial number. |
| manufacturer | String | The intune device's manufacturer. |
| model | String | The intune device's model. |
| managedBy | String | The intune device's managed by. |
| autoPilotRegistered | Boolean | The intune device's autopilotRegistered. |
| autoPilotProfileAssigned | Boolean | The intune device's autopilotProfileAssigned. |
| azureAdRegistered | Boolean | The intune device's azureAdRegistered. |
| azureAdJoinType | String | The intune device's azure Ad joinType. |
Graph reference: userExperienceAnalyticsOverview
| Property | Type | Description |
|---|---|---|
| id | String | The unique identifier of the user experience analytics overview. Supports: $select, $OrderBy. Read-only. |
| overallScore | Int32 | The user experience analytics overall score. |
| deviceBootPerformanceOverallScore | Int32 | The user experience analytics device boot performance overall score. |
| bestPracticesOverallScore | Int32 | The user experience analytics best practices overall score. |
| workFromAnywhereOverallScore | Int32 | The user experience analytics Work From Anywhere overall score. |
| appHealthOverallScore | Int32 | The user experience analytics app health overall score. |
| resourcePerformanceOverallScore | Int32 | The user experience analytics resource performance overall score. |
| batteryHealthOverallScore | Int32 | The user experience analytics battery health overall score. |
| insights | userExperienceAnalyticsInsight collection | The user experience analytics insights. Read-only. |
| state | userExperienceAnalyticsHealthState | The current health state of the user experience analytics overview. The possible values are: unknown, insufficientData, needsAttention, meetingGoals, unknownFutureValue. |
| deviceBootPerformanceHealthState | userExperienceAnalyticsHealthState | The current health state of the user experience analytics 'BootPerformance' category. The possible values are: unknown, insufficientData, needsAttention, meetingGoals, unknownFutureValue. |
| bestPracticesHealthState | userExperienceAnalyticsHealthState | The current health state of the user experience analytics 'BestPractices' category. The possible values are: unknown, insufficientData, needsAttention, meetingGoals, unknownFutureValue. |
| workFromAnywhereHealthState | userExperienceAnalyticsHealthState | The current health state of the user experience analytics 'WorkFromAnywhere' category. The possible values are: unknown, insufficientData, needsAttention, meetingGoals, unknownFutureValue. |
| appHealthState | userExperienceAnalyticsHealthState | The current health state of the user experience analytics 'BestPractices' category. The possible values are: unknown, insufficientData, needsAttention, meetingGoals, unknownFutureValue. |
| resourcePerformanceHealthState | userExperienceAnalyticsHealthState | The current health state of the user experience analytics 'ResourcePerformance' category. The possible values are: unknown, insufficientData, needsAttention, meetingGoals, unknownFutureValue. |
| batteryHealthState | userExperienceAnalyticsHealthState | The current health state of the user experience analytics 'BatteryHealth' category. The possible values are: unknown, insufficientData, needsAttention, meetingGoals, unknownFutureValue. |
Graph reference: userExperienceAnalyticsRegressionSummary
| Property | Type | Description |
|---|---|---|
| id | String | The unique identifier of the user experience analytics regression summary. |
Graph reference: userExperienceAnalyticsRemoteConnection
| Property | Type | Description |
|---|---|---|
| id | String | The unique identifier of the user experience analytics remote connection entity. |
| deviceId | String | The id of the device. |
| deviceName | String | The name of the device. |
| model | String | The user experience analytics device model. |
| virtualNetwork | String | The user experience analytics virtual network. |
| manufacturer | String | The user experience analytics manufacturer. |
| deviceCount | Int32 | The count of remote connection. Valid values 0 to 2147483647 |
| cloudPcRoundTripTime | Double | The round tip time of Cloud PC Device. Valid values 0 to 1.79769313486232E+308 |
| cloudPcSignInTime | Double | The sign in time of Cloud PC Device. Valid values 0 to 1.79769313486232E+308 |
| remoteSignInTime | Double | The remote sign in time of Cloud PC Device. Valid values 0 to 1.79769313486232E+308 |
| coreBootTime | Double | The core boot time of Cloud PC Device. Valid values 0 to 1.79769313486232E+308 |
| coreSignInTime | Double | The core sign in time of Cloud PC Device. Valid values 0 to 1.79769313486232E+308 |
| cloudPcFailurePercentage | Double | The sign in failure percentage of Cloud PC Device. Valid values 0 to 100 |
| userPrincipalName | String | The user experience analytics userPrincipalName. |
Graph reference: userExperienceAnalyticsResourcePerformance
| Property | Type | Description |
|---|---|---|
| id | String | The unique identifier of the user experience analytics resource performance entity. |
| deviceId | String | The id of the device. |
| deviceName | String | The name of the device. |
| model | String | The user experience analytics device model. |
| deviceCount | Int64 | User experience analytics summarized device count. |
| manufacturer | String | The user experience analytics device manufacturer. |
| cpuSpikeTimePercentage | Double | CPU spike time in percentage. Valid values 0 to 100 |
| ramSpikeTimePercentage | Double | RAM spike time in percentage. Valid values 0 to 100 |
| cpuSpikeTimeScore | Int32 | The user experience analytics device CPU spike time score. Valid values 0 to 100 |
| cpuSpikeTimePercentageThreshold | Double | Threshold of cpuSpikeTimeScore. Valid values 0 to 100 |
| ramSpikeTimeScore | Int32 | The user experience analytics device RAM spike time score. Valid values 0 to 100 |
| ramSpikeTimePercentageThreshold | Double | Threshold of ramSpikeTimeScore. Valid values 0 to 100 |
| deviceResourcePerformanceScore | Int32 | Resource performance score of a specific device. Valid values 0 to 100 |
| averageSpikeTimeScore | Int32 | AverageSpikeTimeScore of a device or a model type. Valid values 0 to 100 |
| machineType | userExperienceAnalyticsMachineType | Helps to identify if device is a physical device or virtual. Possible values are: unknown, physical, virtual, unknownFutureValue. |
| cpuDisplayName | String | The name of the processor on the device, For example, 11th Gen Intel(R) Core(TM) i7. |
| totalProcessorCoreCount | Int32 | The count of cores of the processor of device. Valid values 0 to 512 |
| cpuClockSpeedInMHz | Double | The clock speed of the processor, in MHz. Valid values 0 to 1000000 |
| totalRamInMB | Double | The total RAM of the device, in MB. Valid values 0 to 1000000 |
| diskType | diskType | The type of disk storage used on the device. Possible values are: unknown, hdd, ssd, unknownFutureValue. |
| healthStatus | userExperienceAnalyticsHealthState | The health state of the user experience analytics model. Possible values are: unknown, insufficientData, needsAttention, meetingGoals, unknownFutureValue. |
Graph reference: userExperienceAnalyticsScoreHistory
| Property | Type | Description |
|---|---|---|
| id | String | The unique identifier of the user experience analytics device startup process. Supports: $select, $OrderBy. Read-only. |
| startupDateTime | DateTimeOffset | The device startup date time. The value cannot be modified and is automatically populated. The Timestamp type represents date and time information using ISO 8601 format and is always in UTC time. For example, midnight UTC on Jan 1, 2014 would look like this: '2014-01-01T00:00:00Z'. Returned by default. |
| overallScore | Int32 | User experience analytics overall score. Score will be in the range 0-100, 100 is the ideal score. Valid values 0 to 100 |
| startupScore | Int32 | User experience analytics device startup score. Score will be in the range 0-100, 100 is the ideal score. |
| coreBootScore | Int32 | The user experience analytics device core boot score. Score will be in the range 0-100, 100 is the ideal score. |
| coreSigninScore | Int32 | The User experience analytics device core sign-in score. Score will be in the range 0-100, 100 is the ideal score. |
| recommendedSoftwareScore | Int32 | The User experience analytics device core sign-in score. Score will be in the range 0-100, 100 is the ideal score. |
| appHealthOverallScore | Int32 | The User experience analytics app health overall score. |
| workFromAnywhereScore | Int32 | The User experience analytics work from anywhere score. |
| batteryHealthScore | Int32 | The User experience analytics battery health score. |
| startupTotalDevices | Int32 | The total device count of the user experience analytics category startup performance. |
| recommendedSoftwareTotalDevices | Int32 | The total device count of the user experience analytics category recommended software. |
| appHealthTotalDevices | Int32 | The total device count of the user experience analytics category app health. |
| workFromAnywhereTotalDevices | Int32 | The total device count of the user experience analytics category work from anywhere. |
| batteryHealthTotalDevices | Int32 | The total device count of the user experience analytics category battery health. |
| restartScore | Int32 | Restart score. Score will be in the range 0-100, 100 is the ideal score, 0 indicates excessive restarts. Valid values 0 to 9999999 |
Graph reference: intune-devices-userexperienceanalyticssummarizedby
Graph reference: userExperienceAnalyticsWorkFromAnywhereDevice
| Property | Type | Description |
|---|---|---|
| id | String | The unique identifier of the user experience analytics work from anywhere device. Supports: $select, $OrderBy. Read-only. |
| deviceId | String | The Intune device id of the device. Supports: $select, $OrderBy. Read-only. |
| deviceName | String | The name of the device. Supports: $select, $OrderBy. Read-only. |
| serialNumber | String | The serial number of the device. Supports: $select, $OrderBy. Read-only. |
| manufacturer | String | The manufacturer name of the device. Supports: $select, $OrderBy. Read-only. |
| model | String | The model name of the device. Supports: $select, $OrderBy. Read-only. |
| ownership | String | Ownership of the device. Supports: $select, $OrderBy. Read-only. |
| managedBy | String | The management agent of the device. Supports: $select, $OrderBy. Read-only. |
| autoPilotRegistered | Boolean | When TRUE, indicates the intune device's autopilot is registered. When FALSE, indicates it's not registered. Supports: $select, $OrderBy. Read-only. |
| autoPilotProfileAssigned | Boolean | When TRUE, indicates the intune device's autopilot profile is assigned. When FALSE, indicates it's not Assigned. Supports: $select, $OrderBy. Read-only. |
| azureAdRegistered | Boolean | When TRUE, indicates the device's Azure Active Directory (Azure AD) is registered. When False, indicates it's not registered. Supports: $select, $OrderBy. Read-only. |
| azureAdDeviceId | String | The Azure Active Directory (Azure AD) device Id. Supports: $select, $OrderBy. Read-only. |
| azureAdJoinType | String | The work from anywhere device's Azure Active Directory (Azure AD) join type. Supports: $select, $OrderBy. Read-only. |
| osDescription | String | The OS description of the device. Supports: $select, $OrderBy. Read-only. |
| osVersion | String | The OS version of the device. Supports: $select, $OrderBy. Read-only. |
| tenantAttached | Boolean | When TRUE, indicates the device is Tenant Attached. When FALSE, indicates it's not Tenant Attached. Supports: $select, $OrderBy. Read-only. |
| compliancePolicySetToIntune | Boolean | When TRUE, indicates the device's compliance policy is set to intune. When FALSE, indicates it's not set to intune. Supports: $select, $OrderBy. Read-only. |
| otherWorkloadsSetToIntune | Boolean | When TRUE, indicates the device's other workloads is set to intune. When FALSE, indicates it's not set to intune. Supports: $select, $OrderBy. Read-only. |
| isCloudManagedGatewayEnabled | Boolean | When TRUE, indicates the device's Cloud Management Gateway for Configuration Manager is enabled. When FALSE, indicates it's not enabled. Supports: $select, $OrderBy. Read-only. |
| upgradeEligibility | operatingSystemUpgradeEligibility | The windows upgrade eligibility status of device. The possible values are: upgraded, unknown, notCapable, capable. Unknown by default. Supports: $select, $OrderBy. Read-only. The possible values are: upgraded, unknown, notCapable, capable, unknownFutureValue. |
| ramCheckFailed | Boolean | When TRUE, indicates RAM hardware check failed for device to upgrade to the latest version of windows. When FALSE, indicates the check succeeded. Supports: $select, $OrderBy. Read-only. |
| storageCheckFailed | Boolean | When TRUE, indicates storage hardware check failed for device to upgrade to the latest version of windows. When FALSE, indicates the check succeeded. Supports: $select, $OrderBy. Read-only. |
| processorCoreCountCheckFailed | Boolean | When TRUE, indicates processor hardware core count check failed for device to upgrade to the latest version of windows. When FALSE, indicates the check succeeded. Supports: $select, $OrderBy. Read-only. |
| processorSpeedCheckFailed | Boolean | When TRUE, indicates processor hardware speed check failed for device to upgrade to the latest version of windows. When FALSE, indicates the check succeeded. Supports: $select, $OrderBy. Read-only. |
| tpmCheckFailed | Boolean | When TRUE, indicates Trusted Platform Module (TPM) hardware check failed for device to the latest version of upgrade to windows. When FALSE, indicates the check succeeded. Supports: $select, $OrderBy. Read-only. |
| secureBootCheckFailed | Boolean | When TRUE, indicates secure boot hardware check failed for device to upgrade to the latest version of windows. When FALSE, indicates the check succeeded. Supports: $select, $OrderBy. Read-only. |
| processorFamilyCheckFailed | Boolean | When TRUE, indicates processor hardware family check failed for device to upgrade to the latest version of windows. When FALSE, indicates the check succeeded. Supports: $select, $OrderBy. Read-only. |
| processor64BitCheckFailed | Boolean | When TRUE, indicates processor hardware 64-bit architecture check failed for device to upgrade to the latest version of windows. When FALSE, indicates the check succeeded. Supports: $select, $OrderBy. Read-only. |
| osCheckFailed | Boolean | When TRUE, indicates OS check failed for device to upgrade to the latest version of windows. When FALSE, indicates the check succeeded. Supports: $select, $OrderBy. Read-only. |
| workFromAnywhereScore | Double | Indicates work from anywhere per device overall score. Valid values 0 to 100. Value -1 means associated score is unavailable. Supports: $select, $OrderBy. Read-only. Valid values -1.79769313486232E+308 to 1.79769313486232E+308 |
| windowsScore | Double | Indicates per device windows score. Valid values 0 to 100. Value -1 means associated score is unavailable. Supports: $select, $OrderBy. Read-only. Valid values -1.79769313486232E+308 to 1.79769313486232E+308 |
| cloudManagementScore | Double | Indicates per device cloud management score. Valid values 0 to 100. Value -1 means associated score is unavailable. Supports: $select, $OrderBy. Read-only. Valid values -1.79769313486232E+308 to 1.79769313486232E+308 |
| cloudIdentityScore | Double | Indicates per device cloud identity score. Valid values 0 to 100. Value -1 means associated score is unavailable. Supports: $select, $OrderBy. Read-only. Valid values -1.79769313486232E+308 to 1.79769313486232E+308 |
| cloudProvisioningScore | Double | Indicates per device cloud provisioning score. Valid values 0 to 100. Value -1 means associated score is unavailable. Supports: $select, $OrderBy. Read-only. Valid values -1.79769313486232E+308 to 1.79769313486232E+308 |
| healthStatus | userExperienceAnalyticsHealthState | The health state of the user experience analytics work from anywhere device. The possible values are: unknown, insufficientData, needsAttention, meetingGoals. Unknown by default. Supports: $select, $OrderBy. Read-only. The possible values are: unknown, insufficientData, needsAttention, meetingGoals, unknownFutureValue. |
Graph reference: userExperienceAnalyticsWorkFromAnywhereDevicesSummary
| Property | Type | Description |
|---|---|---|
| autopilotDevicesSummary | userExperienceAnalyticsAutopilotDevicesSummary | The user experience analytics work from anywhere Autopilot devices summary. Read-only. |
| cloudManagementDevicesSummary | userExperienceAnalyticsCloudManagementDevicesSummary | The user experience analytics work from anywhere Cloud management devices summary. Read-only. |
| windows10DevicesSummary | userExperienceAnalyticsWindows10DevicesSummary | The user experience analytics work from anywhere Windows 10 devices summary. Read-only. |
| cloudIdentityDevicesSummary | userExperienceAnalyticsCloudIdentityDevicesSummary | The user experience analytics work from anywhere Cloud Identity devices summary. Read-only. |
| totalDevices | Int32 | The total count of devices. Read-only. Valid values -2147483648 to 2147483647 |
| coManagedDevices | Int32 | Total number of co-managed devices. Read-only. Valid values -2147483648 to 2147483647 |
| intuneDevices | Int32 | The count of intune devices that are not autopilot registerd. Read-only. Valid values -2147483648 to 2147483647 |
| tenantAttachDevices | Int32 | Total count of tenant attach devices. Read-only. Valid values -2147483648 to 2147483647 |
| windows10Devices | Int32 | The count of windows 10 devices. Read-only. Valid values -2147483648 to 2147483647 |
| windows10DevicesWithoutTenantAttach | Int32 | The count of windows 10 devices that are Intune and co-managed. Read-only. Valid values -2147483648 to 2147483647 |
| unsupportedOSversionDevices | Int32 | The count of Windows 10 devices that have unsupported OS versions. Read-only. Valid values -2147483648 to 2147483647 |
| devicesWithoutCloudIdentity | Int32 | The count of devices that are not cloud identity. Read-only. Valid values -2147483648 to 2147483647 |
| devicesNotAutopilotRegistered | Int32 | The count of intune devices that are not autopilot registerd. Read-only. Valid values -2147483648 to 2147483647 |
| devicesWithoutAutopilotProfileAssigned | Int32 | The count of intune devices not autopilot profile assigned. Read-only. Valid values -2147483648 to 2147483647 |
Graph reference: userExperienceAnalyticsWorkFromAnywhereHardwareReadinessMetric
| Property | Type | Description |
|---|---|---|
| id | String | The unique identifier of the user experience analytics hardware readiness metric object. Supports: $select, $OrderBy. Read-only. |
| totalDeviceCount | Int32 | The count of total devices in an organization. Valid values 0 to 2147483647. Supports: $select, $OrderBy. Read-only. Valid values -2147483648 to 2147483647 |
| upgradeEligibleDeviceCount | Int32 | The count of devices in an organization eligible for windows upgrade. Valid values 0 to 2147483647. Supports: $select, $OrderBy. Read-only. Valid values -2147483648 to 2147483647 |
| ramCheckFailedPercentage | Double | The percentage of devices for which RAM hardware check has failed. Valid values 0 to 100. Supports: $select, $OrderBy. Read-only. Valid values -1.79769313486232E+308 to 1.79769313486232E+308 |
| storageCheckFailedPercentage | Double | The percentage of devices for which storage hardware check has failed. Valid values 0 to 100. Supports: $select, $OrderBy. Read-only. Valid values -1.79769313486232E+308 to 1.79769313486232E+308 |
| processorCoreCountCheckFailedPercentage | Double | The percentage of devices for which processor hardware core count check has failed. Valid values 0 to 100. Supports: $select, $OrderBy. Read-only. Valid values -1.79769313486232E+308 to 1.79769313486232E+308 |
| processorSpeedCheckFailedPercentage | Double | The percentage of devices for which processor hardware speed check has failed. Valid values 0 to 100. Supports: $select, $OrderBy. Read-only. Valid values -1.79769313486232E+308 to 1.79769313486232E+308 |
| tpmCheckFailedPercentage | Double | The percentage of devices for which Trusted Platform Module (TPM) hardware check has failed. Valid values 0 to 100. Supports: $select, $OrderBy. Read-only. Valid values -1.79769313486232E+308 to 1.79769313486232E+308 |
| secureBootCheckFailedPercentage | Double | The percentage of devices for which secure boot hardware check has failed. Valid values 0 to 100. Supports: $select, $OrderBy. Read-only. Valid values -1.79769313486232E+308 to 1.79769313486232E+308 |
| processorFamilyCheckFailedPercentage | Double | The percentage of devices for which processor hardware family check has failed. Valid values 0 to 100. Supports: $select, $OrderBy. Read-only. Valid values -1.79769313486232E+308 to 1.79769313486232E+308 |
| processor64BitCheckFailedPercentage | Double | The percentage of devices for which processor hardware 64-bit architecture check has failed. Valid values 0 to 100. Supports: $select, $OrderBy. Read-only. Valid values -1.79769313486232E+308 to 1.79769313486232E+308 |
| osCheckFailedPercentage | Double | The percentage of devices for which OS check has failed. Valid values 0 to 100. Supports: $select, $OrderBy. Read-only. Valid values -1.79769313486232E+308 to 1.79769313486232E+308 |
Graph reference: userExperienceAnalyticsWorkFromAnywhereMetric
| Property | Type | Description |
|---|---|---|
| id | String | The unique identifier of the user experience analytics work from anywhere metric. Read-only. |
Graph reference: userExperienceAnalyticsWorkFromAnywhereModelPerformance
| Property | Type | Description |
|---|---|---|
| id | String | The unique identifier of the work from anywhere model performance object. Supports: $select, $OrderBy. Read-only. |
| model | String | The model name of the device. Supports: $select, $OrderBy. Read-only. |
| manufacturer | String | The manufacturer name of the device. Supports: $select, $OrderBy. Read-only. |
| modelDeviceCount | Int32 | The devices count for the model. Supports: $select, $OrderBy. Read-only. Valid values -2147483648 to 2147483647 |
| workFromAnywhereScore | Double | The work from anywhere score of the device model. Valid values 0 to 100. Value -1 means associated score is unavailable. Supports: $select, $OrderBy. Read-only. Valid values -1.79769313486232E+308 to 1.79769313486232E+308 |
| windowsScore | Double | The window score of the device model. Valid values 0 to 100. Value -1 means associated score is unavailable. Supports: $select, $OrderBy. Read-only. Valid values -1.79769313486232E+308 to 1.79769313486232E+308 |
| cloudManagementScore | Double | The cloud management score of the device model. Valid values 0 to 100. Value -1 means associated score is unavailable. Supports: $select, $OrderBy. Read-only. Valid values -1.79769313486232E+308 to 1.79769313486232E+308 |
| cloudIdentityScore | Double | The cloud identity score of the device model. Valid values 0 to 100. Value -1 means associated score is unavailable. Supports: $select, $OrderBy. Read-only. Valid values -1.79769313486232E+308 to 1.79769313486232E+308 |
| cloudProvisioningScore | Double | The cloud provisioning score of the device model. Valid values 0 to 100. Value -1 means associated score is unavailable. Supports: $select, $OrderBy. Read-only. Valid values -1.79769313486232E+308 to 1.79769313486232E+308 |
| healthStatus | userExperienceAnalyticsHealthState | The health state of the user experience analytics work from anywhere device model. The possible values are: unknown, insufficientData, needsAttention, meetingGoals. Unknown by default. Supports: $select, $OrderBy. Read-only. The possible values are: unknown, insufficientData, needsAttention, meetingGoals, unknownFutureValue. |
Graph reference: windowsDeviceMalwareState
| Property | Type | Description |
|---|---|---|
| id | String | The unique Identifier. This is malware id. |
| displayName | String | Malware name |
| additionalInformationUrl | String | Information URL to learn more about the malware |
| severity | windowsMalwareSeverity | Severity of the malware. The possible values are: unknown, low, moderate, high, severe. |
| executionState | windowsMalwareExecutionState | Execution status of the malware like blocked/executing etc. The possible values are: unknown, blocked, allowed, running, notRunning. |
| state | windowsMalwareState | Current status of the malware like cleaned/quarantined/allowed etc. The possible values are: unknown, detected, cleaned, quarantined, removed, allowed, blocked, cleanFailed, quarantineFailed, removeFailed, allowFailed, abandoned, blockFailed. |
| threatState | windowsMalwareThreatState | Current status of the malware like cleaned/quarantined/allowed etc. The possible values are: active, actionFailed, manualStepsRequired, fullScanRequired, rebootRequired, remediatedWithNonCriticalFailures, quarantined, removed, cleaned, allowed, noStatusCleared. |
| initialDetectionDateTime | DateTimeOffset | Initial detection datetime of the malware |
| lastStateChangeDateTime | DateTimeOffset | The last time this particular threat was changed |
| detectionCount | Int32 | Number of times the malware is detected |
| category | windowsMalwareCategory | Category of the malware. The possible values are: invalid, adware, spyware, passwordStealer, trojanDownloader, worm, backdoor, remoteAccessTrojan, trojan, emailFlooder, keylogger, dialer, monitoringSoftware, browserModifier, cookie, browserPlugin, aolExploit, nuker, securityDisabler, jokeProgram, hostileActiveXControl, softwareBundler, stealthNotifier, settingsModifier, toolBar, remoteControlSoftware, trojanFtp, potentialUnwantedSoftware, icqExploit, trojanTelnet, exploit, filesharingProgram, malwareCreationTool, remote_Control_Software, tool, trojanDenialOfService, trojanDropper, trojanMassMailer, trojanMonitoringSoftware, trojanProxyServer, virus, known, unknown, spp, behavior, vulnerability, policy, enterpriseUnwantedSoftware, ransom, hipsRule. |
Graph reference: windowsMalwareInformation
| Property | Type | Description |
|---|---|---|
| id | String | The unique Identifier. This is malware id. |
| displayName | String | Indicates the name of the malware |
| additionalInformationUrl | String | Indicates an informational URL to learn more about the malware |
| severity | windowsMalwareSeverity | Severity of the malware. The possible values are: unknown, low, moderate, high, severe. default is unknown. The possible values are: unknown, low, moderate, high, severe. |
| category | windowsMalwareCategory | Category of the malware. The possible values are: invalid, adware, spyware, passwordStealer, trojanDownloader, worm, backdoor, remoteAccessTrojan, trojan, emailFlooder, keylogger, dialer, monitoringSoftware, browserModifier, cookie, browserPlugin, aolExploit, nuker, securityDisabler, jokeProgram, hostileActiveXControl, softwareBundler, stealthNotifier, settingsModifier, toolBar, remoteControlSoftware, trojanFtp, potentialUnwantedSoftware, icqExploit, trojanTelnet, exploit, filesharingProgram, malwareCreationTool, remote_Control_Software, tool, trojanDenialOfService, trojanDropper, trojanMassMailer, trojanMonitoringSoftware, trojanProxyServer, virus, known, unknown, spp, behavior, vulnerability, policy, enterpriseUnwantedSoftware, ransom, hipsRule. default value is invalid. The possible values are: invalid, adware, spyware, passwordStealer, trojanDownloader, worm, backdoor, remoteAccessTrojan, trojan, emailFlooder, keylogger, dialer, monitoringSoftware, browserModifier, cookie, browserPlugin, aolExploit, nuker, securityDisabler, jokeProgram, hostileActiveXControl, softwareBundler, stealthNotifier, settingsModifier, toolBar, remoteControlSoftware, trojanFtp, potentialUnwantedSoftware, icqExploit, trojanTelnet, exploit, filesharingProgram, malwareCreationTool, remote_Control_Software, tool, trojanDenialOfService, trojanDropper, trojanMassMailer, trojanMonitoringSoftware, trojanProxyServer, virus, known, unknown, spp, behavior, vulnerability, policy, enterpriseUnwantedSoftware, ransom, hipsRule. |
| lastDetectionDateTime | DateTimeOffset | Indicates the last time the malware was detected in UTC |
Graph reference: windowsManagedDevice
| Property | Type | Description |
|---|---|---|
| id | String | Unique Identifier for the device. This property is read-only. Inherited from managedDevice |
| userId | String | Unique Identifier for the user associated with the device. This property is read-only. Inherited from managedDevice |
| deviceName | String | Name of the device. This property is read-only. Inherited from managedDevice |
| hardwareInformation | hardwareInformation | The hardward details for the device. Includes information such as storage space, manufacturer, serial number, etc. By default most property of this type are set to null/0/false and enum defaults for associated types. To retrieve actual values GET call needs to be made, with device id and included in select parameter. Supports: $select. $Search is not supported. Read-only. This property is read-only. Inherited from managedDevice |
| ownerType | ownerType | Ownership of the device. Possible values are, 'company' or 'personal'. Default is unknown. Supports $filter operator 'eq' and 'or'. Inherited from managedDevice. The possible values are: unknown, company, personal. |
| managedDeviceOwnerType | managedDeviceOwnerType | Ownership of the device. Can be 'company' or 'personal' Inherited from managedDevice. The possible values are: unknown, company, personal. |
| deviceActionResults | deviceActionResult collection | List of ComplexType deviceActionResult objects. This property is read-only. Inherited from managedDevice |
| managementState | managementState | Management state of the device. Examples: Managed, RetirePending, etc. Default is managed. Supports $filter operator 'eq' and 'or'. This property is read-only. Inherited from managedDevice. The possible values are: managed, retirePending, retireFailed, wipePending, wipeFailed, unhealthy, deletePending, retireIssued, wipeIssued, wipeCanceled, retireCanceled, discovered. |
| enrolledDateTime | DateTimeOffset | Enrollment time of the device. Supports $filter operator 'lt' and 'gt'. This property is read-only. Inherited from managedDevice |
| lastSyncDateTime | DateTimeOffset | The date and time that the device last completed a successful sync with Intune. Supports $filter operator 'lt' and 'gt'. This property is read-only. Inherited from managedDevice |
| chassisType | chassisType | Chassis type of the device. This property is read-only. Inherited from managedDevice. The possible values are: unknown, desktop, laptop, worksWorkstation, enterpriseServer, phone, tablet, mobileOther, mobileUnknown. |
| operatingSystem | String | Operating system of the device. Windows, iOS, etc. This property is read-only. Inherited from managedDevice |
| deviceType | deviceType | Platform of the device. Examples: Desktop, WindowsRT, etc. Default is unknown. Supports $filter operator 'eq' and 'or'. This property is read-only. Inherited from managedDevice. The possible values are: desktop, windowsRT, winMO6, nokia, windowsPhone, mac, winCE, winEmbedded, iPhone, iPad, iPod, android, iSocConsumer, unix, macMDM, holoLens, surfaceHub, androidForWork, androidEnterprise, windows10x, androidnGMS, chromeOS, linux, blackberry, palm, unknown, cloudPC. |
| complianceState | complianceState | Compliance state of the device. Examples: Compliant, Conflict, Error, etc. Default is unknown. Supports $filter operator 'eq' and 'or'. This property is read-only. Inherited from managedDevice. The possible values are: unknown, compliant, noncompliant, conflict, error, inGracePeriod, configManager. |
| jailBroken | String | Whether the device is jail broken or rooted. Default is an empty string. Supports $filter operator 'eq' and 'or'. This property is read-only. Inherited from managedDevice |
| managementAgent | managementAgentType | Management channel of the device. Examples: Intune, EAS, etc. Default is unknown. Supports $filter operator 'eq' and 'or'. This property is read-only. Inherited from managedDevice. The possible values are: eas, mdm, easMdm, intuneClient, easIntuneClient, configurationManagerClient, configurationManagerClientMdm, configurationManagerClientMdmEas, unknown, jamf, googleCloudDevicePolicyController, microsoft365ManagedMdm, msSense, intuneAosp, google, unknownFutureValue. |
| osVersion | String | Operating system version of the device. This property is read-only. Inherited from managedDevice |
| easActivated | Boolean | Whether the device is Exchange ActiveSync activated. This property is read-only. Inherited from managedDevice |
| easDeviceId | String | Exchange ActiveSync Id of the device. This property is read-only. Inherited from managedDevice |
| easActivationDateTime | DateTimeOffset | Exchange ActivationSync activation time of the device. This property is read-only. Inherited from managedDevice |
| aadRegistered | Boolean | Whether the device is Azure Active Directory registered. This property is read-only. Inherited from managedDevice |
| azureADRegistered | Boolean | Whether the device is Azure Active Directory registered. This property is read-only. Inherited from managedDevice |
| deviceEnrollmentType | deviceEnrollmentType | Enrollment type of the device. This property is read-only. Inherited from managedDevice. The possible values are: unknown, userEnrollment, deviceEnrollmentManager, appleBulkWithUser, appleBulkWithoutUser, windowsAzureADJoin, windowsBulkUserless, windowsAutoEnrollment, windowsBulkAzureDomainJoin, windowsCoManagement, windowsAzureADJoinUsingDeviceAuth, appleUserEnrollment, appleUserEnrollmentWithServiceAccount, azureAdJoinUsingAzureVmExtension, androidEnterpriseDedicatedDevice, androidEnterpriseFullyManaged, androidEnterpriseCorporateWorkProfile, appleACMEBasicBYOD, appleACMEDEPUserless, appleACMEDEPUDACompanyPortal, appleACMEDEPUDASetupAsstLegacy, appleACMEDEPUDAModernAuth. |
| lostModeState | lostModeState | Indicates if Lost mode is enabled or disabled. This property is read-only. Inherited from managedDevice. The possible values are: disabled, enabled. |
| activationLockBypassCode | String | The code that allows the Activation Lock on managed device to be bypassed. Default, is Null (Non-Default property) for this property when returned as part of managedDevice entity in LIST call. To retrieve actual values GET call needs to be made, with device id and included in select parameter. Supports: $select. $Search is not supported. Read-only. This property is read-only. Inherited from managedDevice |
| emailAddress | String | Email(s) for the user associated with the device. This property is read-only. Inherited from managedDevice |
| azureActiveDirectoryDeviceId | String | The unique identifier for the Azure Active Directory device. Read only. This property is read-only. Inherited from managedDevice |
| azureADDeviceId | String | The unique identifier for the Azure Active Directory device. Read only. This property is read-only. Inherited from managedDevice |
| deviceRegistrationState | deviceRegistrationState | Device registration state. This property is read-only. Inherited from managedDevice. The possible values are: notRegistered, registered, revoked, keyConflict, approvalPending, certificateReset, notRegisteredPendingEnrollment, unknown. |
| deviceCategoryDisplayName | String | Device category display name. Default is an empty string. Supports $filter operator 'eq' and 'or'. This property is read-only. Inherited from managedDevice |
| isSupervised | Boolean | Device supervised status. This property is read-only. Inherited from managedDevice |
| exchangeLastSuccessfulSyncDateTime | DateTimeOffset | Last time the device contacted Exchange. This property is read-only. Inherited from managedDevice |
| exchangeAccessState | deviceManagementExchangeAccessState | The Access State of the device in Exchange. This property is read-only. Inherited from managedDevice. The possible values are: none, unknown, allowed, blocked, quarantined. |
| exchangeAccessStateReason | deviceManagementExchangeAccessStateReason | The reason for the device's access state in Exchange. This property is read-only. Inherited from managedDevice. The possible values are: none, unknown, exchangeGlobalRule, exchangeIndividualRule, exchangeDeviceRule, exchangeUpgrade, exchangeMailboxPolicy, other, compliant, notCompliant, notEnrolled, unknownLocation, mfaRequired, azureADBlockDueToAccessPolicy, compromisedPassword, deviceNotKnownWithManagedApp. |
| remoteAssistanceSessionUrl | String | Url that allows a Remote Assistance session to be established with the device. Default is an empty string. To retrieve actual values GET call needs to be made, with device id and included in select parameter. This property is read-only. Inherited from managedDevice |
| remoteAssistanceSessionErrorDetails | String | An error string that identifies issues when creating Remote Assistance session objects. This property is read-only. Inherited from managedDevice |
| isEncrypted | Boolean | Device encryption status. This property is read-only. Inherited from managedDevice |
| userPrincipalName | String | Device user principal name. This property is read-only. Inherited from managedDevice |
| model | String | Model of the device. This property is read-only. Inherited from managedDevice |
| manufacturer | String | Manufacturer of the device. This property is read-only. Inherited from managedDevice |
| imei | String | IMEI. This property is read-only. Inherited from managedDevice |
| complianceGracePeriodExpirationDateTime | DateTimeOffset | The DateTime when device compliance grace period expires. This property is read-only. Inherited from managedDevice |
| serialNumber | String | SerialNumber. This property is read-only. Inherited from managedDevice |
| phoneNumber | String | Phone number of the device. This property is read-only. Inherited from managedDevice |
| androidSecurityPatchLevel | String | Android security patch level. This property is read-only. Inherited from managedDevice |
| userDisplayName | String | User display name. This property is read-only. Inherited from managedDevice |
| configurationManagerClientEnabledFeatures | configurationManagerClientEnabledFeatures | ConfigrMgr client enabled features. This property is read-only. Inherited from managedDevice |
| wiFiMacAddress | String | Wi-Fi MAC. This property is read-only. Inherited from managedDevice |
| deviceHealthAttestationState | deviceHealthAttestationState | The device health attestation state. This property is read-only. Inherited from managedDevice |
| subscriberCarrier | String | Subscriber Carrier. This property is read-only. Inherited from managedDevice |
| meid | String | MEID. This property is read-only. Inherited from managedDevice |
| totalStorageSpaceInBytes | Int64 | Total Storage in Bytes. This property is read-only. Inherited from managedDevice |
| freeStorageSpaceInBytes | Int64 | Free Storage in Bytes. Default value is 0. Read-only. This property is read-only. Inherited from managedDevice |
| managedDeviceName | String | Automatically generated name to identify a device. Can be overwritten to a user friendly name. Inherited from managedDevice |
| partnerReportedThreatState | managedDevicePartnerReportedHealthState | Indicates the threat state of a device when a Mobile Threat Defense partner is in use by the account and device. Read Only. This property is read-only. Inherited from managedDevice. The possible values are: unknown, activated, deactivated, secured, lowSeverity, mediumSeverity, highSeverity, unresponsive, compromised, misconfigured. |
| retireAfterDateTime | DateTimeOffset | Indicates the time after when a device will be auto retired because of scheduled action. This property is read-only. Inherited from managedDevice |
| usersLoggedOn | loggedOnUser collection | Indicates the last logged on users of a device. This property is read-only. Inherited from managedDevice |
| preferMdmOverGroupPolicyAppliedDateTime | DateTimeOffset | Reports the DateTime the preferMdmOverGroupPolicy setting was set. When set, the Intune MDM settings will override Group Policy settings if there is a conflict. Read Only. This property is read-only. Inherited from managedDevice |
| autopilotEnrolled | Boolean | Reports if the managed device is enrolled via auto-pilot. This property is read-only. Inherited from managedDevice |
| requireUserEnrollmentApproval | Boolean | Reports if the managed iOS device is user approval enrollment. This property is read-only. Inherited from managedDevice |
| managementCertificateExpirationDate | DateTimeOffset | Reports device management certificate expiration date. This property is read-only. Inherited from managedDevice |
| iccid | String | Integrated Circuit Card Identifier, it is A SIM card's unique identification number. Default is an empty string. To retrieve actual values GET call needs to be made, with device id and included in select parameter. Supports: $select. $Search is not supported. Read-only. This property is read-only. Inherited from managedDevice |
| udid | String | Unique Device Identifier for iOS and macOS devices. Default is an empty string. To retrieve actual values GET call needs to be made, with device id and included in select parameter. Supports: $select. $Search is not supported. Read-only. This property is read-only. Inherited from managedDevice |
| roleScopeTagIds | String collection | List of Scope Tag IDs for this Device instance. Inherited from managedDevice |
| windowsActiveMalwareCount | Int32 | Count of active malware for this windows device. Default is 0. To retrieve actual values GET call needs to be made, with device id and included in select parameter. This property is read-only. Inherited from managedDevice |
| windowsRemediatedMalwareCount | Int32 | Count of remediated malware for this windows device. Default is 0. To retrieve actual values GET call needs to be made, with device id and included in select parameter. This property is read-only. Inherited from managedDevice |
| notes | String | Notes on the device created by IT Admin. Default is null. To retrieve actual values GET call needs to be made, with device id and included in select parameter. Supports: $select. $Search is not supported. Inherited from managedDevice |
| configurationManagerClientHealthState | configurationManagerClientHealthState | Configuration manager client health state, valid only for devices managed by MDM/ConfigMgr Agent Inherited from managedDevice |
| configurationManagerClientInformation | configurationManagerClientInformation | Configuration manager client information, valid only for devices managed, duel-managed or tri-managed by ConfigMgr Agent Inherited from managedDevice |
| ethernetMacAddress | String | Indicates Ethernet MAC Address of the device. Default, is Null (Non-Default property) for this property when returned as part of managedDevice entity. Individual get call with select query options is needed to retrieve actual values. Example: deviceManagement/managedDevices({managedDeviceId})?$select=ethernetMacAddress Supports: $select. $Search is not supported. Read-only. This property is read-only. Inherited from managedDevice |
| physicalMemoryInBytes | Int64 | Total Memory in Bytes. Default is 0. To retrieve actual values GET call needs to be made, with device id and included in select parameter. Supports: $select. Read-only. This property is read-only. Inherited from managedDevice |
| processorArchitecture | managedDeviceArchitecture | Processor architecture. This property is read-only. Inherited from managedDevice. The possible values are: unknown, x86, x64, arm, arM64. |
| specificationVersion | String | Specification version. This property is read-only. Inherited from managedDevice |
| joinType | joinType | Device join type Inherited from managedDevice. The possible values are: unknown, azureADJoined, azureADRegistered, hybridAzureADJoined. |
| skuFamily | String | Device sku family Inherited from managedDevice |
| securityPatchLevel | String | This indicates the security patch level of the operating system. These special updates contain important security fixes. For iOS/MacOS they are in (a) format. For android its in 2017-08-07 format. This property is read-only. Inherited from managedDevice |
| skuNumber | Int32 | Device sku number, see also: https://learn.microsoft.com/windows/win32/api/sysinfoapi/nf-sysinfoapi-getproductinfo. Valid values 0 to 2147483647. This property is read-only. Inherited from managedDevice |
| managementFeatures | managedDeviceManagementFeatures | Device management features Inherited from managedDevice. The possible values are: none, microsoftManagedDesktop. |
| chromeOSDeviceInfo | chromeOSDeviceProperty collection | List of properties of the ChromeOS Device. Default is an empty list. To retrieve actual values GET call needs to be made, with device id and included in select parameter. Inherited from managedDevice |
| enrollmentProfileName | String | Name of the enrollment profile assigned to the device. Default value is empty string, indicating no enrollment profile was assgined. This property is read-only. Inherited from managedDevice |
| bootstrapTokenEscrowed | Boolean | Reports if the managed device has an escrowed Bootstrap Token. This is only for macOS devices. To get, include BootstrapTokenEscrowed in the select clause and query with a device id. If FALSE, no bootstrap token is escrowed. If TRUE, the device has escrowed a bootstrap token with Intune. This property is read-only. Inherited from managedDevice |
| deviceFirmwareConfigurationInterfaceManaged | Boolean | Indicates whether the device is DFCI managed. When TRUE the device is DFCI managed. When FALSE, the device is not DFCI managed. The default value is FALSE. Inherited from managedDevice |
| deviceIdentityAttestationDetail | deviceIdentityAttestationDetail | Indicates the attestation status of the managed device. And in which way. Default: Unknown. Inherited from managedDevice |
Graph reference: windowsManagementAppHealthState
| Property | Type | Description |
|---|---|---|
| id | String | Unique Identifier for the Windows management app health state. This property is read-only. |
| healthState | healthState | Windows management app health state. Possible values are: unknown, healthy, unhealthy. |
| installedVersion | String | Windows management app installed version. |
| lastCheckInDateTime | DateTimeOffset | Windows management app last check-in time. |
| deviceName | String | Name of the device on which Windows management app is installed. |
| deviceOSVersion | String | Windows 10 OS version of the device on which Windows management app is installed. |
Graph reference: windowsProtectionState
| Property | Type | Description |
|---|---|---|
| id | String | The unique Identifier for the device protection status object. This is device id of the device |
| malwareProtectionEnabled | Boolean | When TRUE indicates anti malware is enabled when FALSE indicates anti malware is not enabled. |
| deviceState | windowsDeviceHealthState | Indicates device's health state. The possible values are: clean, fullScanPending, rebootPending, manualStepsPending, offlineScanPending, critical. The possible values are: clean, fullScanPending, rebootPending, manualStepsPending, offlineScanPending, critical. |
| realTimeProtectionEnabled | Boolean | When TRUE indicates real time protection is enabled, when FALSE indicates real time protection is not enabled. Defaults to setting on client device. |
| networkInspectionSystemEnabled | Boolean | When TRUE indicates network inspection system enabled, when FALSE indicates network inspection system is not enabled. Defaults to setting on client device. |
| quickScanOverdue | Boolean | When TRUE indicates quick scan is overdue, when FALSE indicates quick scan is not overdue. Defaults to setting on client device. |
| fullScanOverdue | Boolean | When TRUE indicates full scan is overdue, when FALSE indicates full scan is not overdue. Defaults to setting on client device. |
| signatureUpdateOverdue | Boolean | When TRUE indicates signature is out of date, when FALSE indicates signature is not out of date. Defaults to setting on client device. |
| rebootRequired | Boolean | When TRUE indicates reboot is required, when FALSE indicates when TRUE indicates reboot is not required. Defaults to setting on client device. |
| fullScanRequired | Boolean | When TRUE indicates full scan is required, when FALSE indicates full scan is not required. Defaults to setting on client device. |
| engineVersion | String | Current endpoint protection engine's version |
| signatureVersion | String | Current malware definitions version |
| antiMalwareVersion | String | Current anti malware version |
| lastQuickScanDateTime | DateTimeOffset | Last quick scan datetime |
| lastFullScanDateTime | DateTimeOffset | Last quick scan datetime |
| lastQuickScanSignatureVersion | String | Last quick scan signature version |
| lastFullScanSignatureVersion | String | Last full scan signature version |
| lastReportedDateTime | DateTimeOffset | Last device health status reported time |
| productStatus | windowsDefenderProductStatus | Product Status of Windows Defender Antivirus. The possible values are: noStatus, serviceNotRunning, serviceStartedWithoutMalwareProtection, pendingFullScanDueToThreatAction, pendingRebootDueToThreatAction, pendingManualStepsDueToThreatAction, avSignaturesOutOfDate, asSignaturesOutOfDate, noQuickScanHappenedForSpecifiedPeriod, noFullScanHappenedForSpecifiedPeriod, systemInitiatedScanInProgress, systemInitiatedCleanInProgress, samplesPendingSubmission, productRunningInEvaluationMode, productRunningInNonGenuineMode, productExpired, offlineScanRequired, serviceShutdownAsPartOfSystemShutdown, threatRemediationFailedCritically, threatRemediationFailedNonCritically, noStatusFlagsSet, platformOutOfDate, platformUpdateInProgress, platformAboutToBeOutdated, signatureOrPlatformEndOfLifeIsPastOrIsImpending, windowsSModeSignaturesInUseOnNonWin10SInstall. The possible values are: noStatus, serviceNotRunning, serviceStartedWithoutMalwareProtection, pendingFullScanDueToThreatAction, pendingRebootDueToThreatAction, pendingManualStepsDueToThreatAction, avSignaturesOutOfDate, asSignaturesOutOfDate, noQuickScanHappenedForSpecifiedPeriod, noFullScanHappenedForSpecifiedPeriod, systemInitiatedScanInProgress, systemInitiatedCleanInProgress, samplesPendingSubmission, productRunningInEvaluationMode, productRunningInNonGenuineMode, productExpired, offlineScanRequired, serviceShutdownAsPartOfSystemShutdown, threatRemediationFailedCritically, threatRemediationFailedNonCritically, noStatusFlagsSet, platformOutOfDate, platformUpdateInProgress, platformAboutToBeOutdated, signatureOrPlatformEndOfLifeIsPastOrIsImpending, windowsSModeSignaturesInUseOnNonWin10SInstall. |
| isVirtualMachine | Boolean | When TRUE indicates the device is a virtual machine, when FALSE indicates the device is not a virtual machine. Defaults to setting on client device. |
| tamperProtectionEnabled | Boolean | When TRUE indicates the Windows Defender tamper protection feature is enabled, when FALSE indicates the Windows Defender tamper protection feature is not enabled. Defaults to setting on client device. |
Graph reference: deviceCategory
| Property | Type | Description |
|---|---|---|
| id | String | Unique identifier for the device category. Read-only. |
| displayName | String | Display name for the device category. |
| description | String | Optional description for the device category. |
Graph reference: deviceManagementCachedReportConfiguration
| Property | Type | Description |
|---|---|---|
| id | String | Unique identifier for this entity. |
| reportName | String | Name of the report. |
| filter | String | Filters applied on report creation. |
| select | String collection | Columns selected from the report. |
| orderBy | String collection | Ordering of columns in the report. |
| metadata | String | Caller-managed metadata associated with the report. |
| status | deviceManagementReportStatus | Status of the cached report. The possible values are: unknown, notStarted, inProgress, completed, failed. |
| lastRefreshDateTime | DateTimeOffset | Time that the cached report was last refreshed. |
| expirationDateTime | DateTimeOffset | Time that the cached report expires. |
Graph reference: deviceManagementExportJob
| Property | Type | Description |
|---|---|---|
| id | String | Unique identifier for this entity. |
| reportName | String | Name of the report. The maximum length allowed for this property is 2000 characters. |
| filter | String | Filters applied on the report. The maximum length allowed for this property is 2000 characters. |
| select | String collection | Columns selected from the report. The maximum number of allowed columns names is 256. The maximum length allowed for each column name in this property is 1000 characters. |
| format | deviceManagementReportFileFormat | Format of the exported report. Possible values are csv and json. The possible values are: csv, pdf, json, unknownFutureValue. |
| snapshotId | String | A snapshot is an identifiable subset of the dataset represented by the ReportName. A sessionId or CachedReportConfiguration id can be used here. If a sessionId is specified, Filter, Select, and OrderBy are applied to the data represented by the sessionId. Filter, Select, and OrderBy cannot be specified together with a CachedReportConfiguration id. The maximum length allowed for this property is 128 characters. |
| localizationType | deviceManagementExportJobLocalizationType | Configures how the requested export job is localized. Possible values are replaceLocalizableValues and localizedValuesAsAdditionalColumn. The possible values are: localizedValuesAsAdditionalColumn, replaceLocalizableValues. |
| status | deviceManagementReportStatus | Status of the export job. Possible values are unknown, notStarted, inProgress, completed and failed. The possible values are: unknown, notStarted, inProgress, completed, failed. |
| url | String | Temporary location of the exported report. |
| requestDateTime | DateTimeOffset | Time that the exported report was requested. |
| expirationDateTime | DateTimeOffset | Time that the exported report expires. |
Graph reference: deviceManagementReports
| Property | Type | Description |
|---|---|---|
| id | String | Unique identifier for this entity. |
Graph reference: deviceManagementReportSchedule
| Property | Type | Description |
|---|---|---|
| id | String | Unique identifier for this entity |
| reportScheduleName | String | Name of the schedule |
| subject | String | Subject of the scheduled reports that are delivered |
| emails | String collection | Emails to which the scheduled reports are delivered |
| recurrence | deviceManagementScheduledReportRecurrence | Frequency of scheduled report delivery. The possible values are: none, daily, weekly, monthly. |
| startDateTime | DateTimeOffset | Time that the delivery of the scheduled reports starts |
| endDateTime | DateTimeOffset | Time that the delivery of the scheduled reports ends |
| userId | String | The Id of the User who created the report |
| reportName | String | Name of the report |
| filter | String | Filters applied on the report |
| select | String collection | Columns selected from the report |
| orderBy | String collection | Ordering of columns in the report |
| format | deviceManagementReportFileFormat | Format of the scheduled report. The possible values are: csv, pdf. |
Graph reference: deviceAppManagement
| Property | Type | Description |
|---|---|---|
| id | String | Key of the entity. |
| Onboarding | ||
| isEnabledForMicrosoftStoreForBusiness | Boolean | Whether the account is enabled for syncing applications from the Microsoft Store for Business. |
| microsoftStoreForBusinessLanguage | String | The locale information used to sync applications from the Microsoft Store for Business. Cultures that are specific to a country/region. The names of these cultures follow RFC 4646 (Windows Vista and later). The format is |
| microsoftStoreForBusinessLastCompletedApplicationSyncTime | DateTimeOffset | The last time an application sync from the Microsoft Store for Business was completed. |
| microsoftStoreForBusinessLastSuccessfulSyncDateTime | DateTimeOffset | The last time the apps from the Microsoft Store for Business were synced successfully for the account. |
| microsoftStoreForBusinessPortalSelection | microsoftStoreForBusinessPortalSelectionOptions | The end user portal information is used to sync applications from the Microsoft Store for Business to Intune Company Portal. There are three options to pick from ['Company portal only', 'Company portal and private store', 'Private store only']. The possible values are: none, companyPortal, privateStore. |
Graph reference: deviceCategory
| Property | Type | Description |
|---|---|---|
| id | String | Unique identifier for the device category. Read-only. |
| Onboarding | ||
| displayName | String | Display name for the device category. |
| description | String | Optional description for the device category. |
Graph reference: mobileAppTroubleshootingEvent
| Property | Type | Description |
|---|---|---|
| id | String | UUID for the object. |
| Troubleshooting | ||
| additionalInformation | keyValuePair collection | A set of string key and string value pairs which provides additional information on the Troubleshooting event Inherited from deviceManagementTroubleshootingEvent |
| applicationId | String | Intune application identifier. |
| correlationId | String | ID used for tracing the failure in the service. |
| eventDateTime | DateTimeOffset | Time when the event occurred . |
| eventName | String | Event Name corresponding to the Troubleshooting Event. Optional |
| history | mobileAppTroubleshootingHistoryItem collection | Intune Mobile Application Troubleshooting History Item |
| managedDeviceIdentifier | String | Device identifier created or collected by Intune. |
| troubleshootingErrorDetails | deviceManagementTroubleshootingErrorDetails | Object containing detailed information about the error and its remediation. Inherited from deviceManagementTroubleshootingEvent |
| userId | String | Identifier for the user that tried to enroll the device. |
Graph reference: report
| Property | Type | Description |
|---|---|---|
| content | Stream | Report content; details vary by report type. |
Graph reference: reportRoot
| Property | Type | Description |
|---|---|---|
| id | String | The unique identifier for this entity. |
Graph reference: user
| Property | Type | Description |
|---|---|---|
| id | String | Unique identifier of the user. |
| Onboarding | ||
| deviceEnrollmentLimit | Int32 | The limit on the maximum number of devices that the user is permitted to enroll. Allowed values are 5 or 1000. |
Graph reference: appleVppTokenTroubleshootingEvent
| Property | Type | Description |
|---|---|---|
| id | String | UUID for the object Inherited from deviceManagementTroubleshootingEvent |
| eventDateTime | DateTimeOffset | Time when the event occurred . Inherited from deviceManagementTroubleshootingEvent |
| correlationId | String | Id used for tracing the failure in the service. Inherited from deviceManagementTroubleshootingEvent |
| troubleshootingErrorDetails | deviceManagementTroubleshootingErrorDetails | Object containing detailed information about the error and its remediation. Inherited from deviceManagementTroubleshootingEvent |
| eventName | String | Event Name corresponding to the Troubleshooting Event. It is an Optional field Inherited from deviceManagementTroubleshootingEvent |
| additionalInformation | keyValuePair collection | A set of string key and string value pairs which provides additional information on the Troubleshooting event Inherited from deviceManagementTroubleshootingEvent |
| tokenId | String | Apple Volume Purchase Program Token Identifier. |
Graph reference: deviceManagementAutopilotEvent
| Property | Type | Description |
|---|---|---|
| id | String | UUID for the object |
| deviceId | String | Device id associated with the object |
| userId | String | UserId id associated with the object |
| eventDateTime | DateTimeOffset | Time when the event occurred . |
| deviceRegisteredDateTime | DateTimeOffset | Device registration date. |
| enrollmentStartDateTime | DateTimeOffset | Device enrollment start date. |
| enrollmentType | windowsAutopilotEnrollmentType | Enrollment type. Possible values are: unknown, azureADJoinedWithAutopilotProfile, offlineDomainJoined, azureADJoinedUsingDeviceAuthWithAutopilotProfile, azureADJoinedUsingDeviceAuthWithoutAutopilotProfile, azureADJoinedWithOfflineAutopilotProfile, azureADJoinedWithWhiteGlove, offlineDomainJoinedWithWhiteGlove, offlineDomainJoinedWithOfflineAutopilotProfile. |
| deviceSerialNumber | String | Device serial number. |
| managedDeviceName | String | Managed device name. |
| userPrincipalName | String | User principal name used to enroll the device. |
| windowsAutopilotDeploymentProfileDisplayName | String | Autopilot profile name. |
| enrollmentState | enrollmentState | Enrollment state like Enrolled, Failed. Possible values are: unknown, enrolled, pendingReset, failed, notContacted, blocked. |
| windows10EnrollmentCompletionPageConfigurationDisplayName | String | Enrollment Status Page profile name |
| windows10EnrollmentCompletionPageConfigurationId | String | Enrollment Status Page profile ID |
| deploymentState | windowsAutopilotDeploymentState | Deployment state like Success, Failure, InProgress, SuccessWithTimeout. Possible values are: unknown, success, inProgress, failure, successWithTimeout, notAttempted, disabled, successOnRetry. |
| deviceSetupStatus | windowsAutopilotDeploymentState | Deployment status for the enrollment status page’s device setup phase. Possible values are: unknown, success, inProgress, failure, successWithTimeout, notAttempted, disabled, successOnRetry. |
| accountSetupStatus | windowsAutopilotDeploymentState | Deployment status for the enrollment status page’s account setup phase. Possible values are: unknown, success, inProgress, failure, successWithTimeout, notAttempted, disabled, successOnRetry. |
| osVersion | String | Device operating system version. |
| deploymentDuration | Duration | Autopilot deployment duration including enrollment. |
| deploymentTotalDuration | Duration | Total deployment duration from enrollment to Desktop screen. |
| deviceSetupDuration | Duration | Time spent in device ESP. |
| accountSetupDuration | Duration | Time spent in user ESP. |
| deploymentStartDateTime | DateTimeOffset | Deployment start time. |
| deploymentEndDateTime | DateTimeOffset | Deployment end time. |
| enrollmentFailureDetails | String | Enrollment failure details. |
Graph reference: deviceManagementAutopilotPolicyStatusDetail
| Property | Type | Description |
|---|---|---|
| id | String | UUID for the object |
| displayName | String | The friendly name of the policy. |
| policyType | deviceManagementAutopilotPolicyType | The type of policy. The possible values are: unknown, application, appModel, configurationPolicy. |
| complianceStatus | deviceManagementAutopilotPolicyComplianceStatus | The policy compliance or enforcement status. Enforcement status takes precedence if it exists. The possible values are: unknown, compliant, installed, notCompliant, notInstalled, error. |
| trackedOnEnrollmentStatus | Boolean | Indicates if this policy was tracked as part of the autopilot bootstrap enrollment sync session |
| lastReportedDateTime | DateTimeOffset | Timestamp of the reported policy status |
| errorCode | Int32 | The errorode associated with the compliance or enforcement status of the policy. Error code for enforcement status takes precedence if it exists. |
Graph reference: deviceManagementTroubleshootingEvent
| Property | Type | Description |
|---|---|---|
| id | String | UUID for the object |
| eventDateTime | DateTimeOffset | Time when the event occurred . |
| correlationId | String | Id used for tracing the failure in the service. |
Graph reference: enrollmentTroubleshootingEvent
| Property | Type | Description |
|---|---|---|
| id | String | UUID for the object Inherited from deviceManagementTroubleshootingEvent |
| eventDateTime | DateTimeOffset | Time when the event occurred . Inherited from deviceManagementTroubleshootingEvent |
| correlationId | String | Id used for tracing the failure in the service. Inherited from deviceManagementTroubleshootingEvent |
| managedDeviceIdentifier | String | Device identifier created or collected by Intune. |
| operatingSystem | String | Operating System. |
| osVersion | String | OS Version. |
| userId | String | Identifier for the user that tried to enroll the device. |
| deviceId | String | Azure AD device identifier. |
| enrollmentType | deviceEnrollmentType | Type of the enrollment. The possible values are: unknown, userEnrollment, deviceEnrollmentManager, appleBulkWithUser, appleBulkWithoutUser, windowsAzureADJoin, windowsBulkUserless, windowsAutoEnrollment, windowsBulkAzureDomainJoin, windowsCoManagement. |
| failureCategory | deviceEnrollmentFailureReason | Highlevel failure category. The possible values are: unknown, authentication, authorization, accountValidation, userValidation, deviceNotSupported, inMaintenance, badRequest, featureNotSupported, enrollmentRestrictionsEnforced, clientDisconnected, userAbandonment. |
| failureReason | String | Detailed failure reason. |
Graph reference: managedDeviceSummarizedAppState
| Property | Type | Description |
|---|---|---|
| summarizedAppState | deviceManagementScriptRunState | The device management script run state for the device, which summarizes the overall status of apps installation on the devices. If any app installation encounters an error, the state will be marked as fail; otherwise, if any app is pending installation, the state will be marked as pending. All possible values include: unknown, fail, pending, notApplicable. Possible values are: unknown, success, fail, scriptError, pending, notApplicable, unknownFutureValue. |
| deviceId | String | The unique identifier (DeviceId) associated with the device. |
Graph reference: mobileAppIntentAndState
| Property | Type | Description |
|---|---|---|
| id | String | UUID for the object |
| managedDeviceIdentifier | String | Device identifier created or collected by Intune. |
| userId | String | Identifier for the user that tried to enroll the device. |
| mobileAppList | mobileAppIntentAndStateDetail collection | The list of payload intents and states for the tenant. |
Graph reference: mobileAppTroubleshootingEvent
| Property | Type | Description |
|---|---|---|
| id | String | UUID for the object Inherited from deviceManagementTroubleshootingEvent |
| eventDateTime | DateTimeOffset | Time when the event occurred . Inherited from deviceManagementTroubleshootingEvent |
| correlationId | String | Id used for tracing the failure in the service. Inherited from deviceManagementTroubleshootingEvent |
| troubleshootingErrorDetails | deviceManagementTroubleshootingErrorDetails | Object containing detailed information about the error and its remediation. Inherited from deviceManagementTroubleshootingEvent |
| eventName | String | Event Name corresponding to the Troubleshooting Event. It is an Optional field Inherited from deviceManagementTroubleshootingEvent |
| additionalInformation | keyValuePair collection | A set of string key and string value pairs which provides additional information on the Troubleshooting event Inherited from deviceManagementTroubleshootingEvent |
| managedDeviceIdentifier | String | Device identifier created or collected by Intune. |
| deviceId | String | Device identifier created or collected by Intune. |
| userId | String | Identifier for the user that tried to enroll the device. |
| applicationId | String | Intune application identifier. |
| history | mobileAppTroubleshootingHistoryItem collection | Intune Mobile Application Troubleshooting History Item |
Graph reference: report
| Property | Type | Description |
|---|---|---|
| content | Stream | The http content that has the data |
Graph reference: reportRoot
| Property | Type | Description |
|---|---|---|
| id | String | The unique identifier for this entity. |
Graph reference: user
| Property | Type | Description |
|---|---|---|
| id | String | Unique Identifier for the user |
Graph reference: deviceCompliancePolicySettingStateSummary
| Property | Type | Description |
|---|---|---|
| id | String | The unique identifier for this entity. Required. Read-only. |
| conflictDeviceCount | Int32 | The number of devices in a conflict state. Optional. Read-only. |
| errorDeviceCount | Int32 | The number of devices in an error state. Optional. Read-only. |
| failedDeviceCount | Int32 | The number of devices in a failed state. Optional. Read-only. |
| intuneAccountId | String | The identifer for the Microsoft Intune account. Required. Read-only. |
| intuneSettingId | String | The identifier for the Intune setting. Optional. Read-only. |
| lastRefreshedDateTime | DateTimeOffset | Date and time the entity was last updated in the multi-tenant management platform. Optional. Read-only. |
| notApplicableDeviceCount | Int32 | The number of devices in a not applicable state. Optional. Read-only. |
| pendingDeviceCount | Int32 | The number of devices in a pending state. Optional. Read-only. |
| policyType | String | The type for the device compliance policy. Optional. Read-only. |
| settingName | String | The name for the setting within the device compliance policy. Optional. Read-only. |
| succeededDeviceCount | Int32 | The number of devices in a succeeded state. Optional. Read-only. |
| tenantDisplayName | String | The display name for the managed tenant. Required. Read-only. |
| tenantId | String | The Microsoft Entra tenant identifier for the managed tenant. Required. Read-only. |
Graph reference: managedDeviceCompliance
| Property | Type | Description |
|---|---|---|
| complianceStatus | String | Compliance state of the device. This property is read-only. The possible values are: unknown, compliant, noncompliant, conflict, error, inGracePeriod, configManager. Optional. Read-only. |
| deviceType | String | Platform of the device. This property is read-only. The possible values are: desktop, windowsRT, winMO6, nokia, windowsPhone, mac, winCE, winEmbedded, iPhone, iPad, iPod, android, iSocConsumer, unix, macMDM, holoLens, surfaceHub, androidForWork, androidEnterprise, windows10x, androidnGMS, chromeOS, linux, blackberry, palm, unknown, cloudPC. Optional. Read-only. |
| id | String | The unique identity for this entity. Required. Read-only. |
| inGracePeriodUntilDateTime | DateTimeOffset | The date and time when the grace period will expire. Optional. Read-only. |
| lastRefreshedDateTime | DateTimeOffset | Date and time the entity was last updated in the multi-tenant management platform. Optional. Read-only. |
| lastSyncDateTime | DateTimeOffset | The date and time that the device last completed a successful sync with Microsoft Endpoint Manager. Optional. Read-only. |
| managedDeviceId | String | The identifier for the managed device in Microsoft Endpoint Manager. Optional. Read-only. |
| managedDeviceName | String | The display name for the managed device. Optional. Read-only. |
| manufacturer | String | The manufacture for the device. Optional. Read-only. |
| model | String | The model for the device. Optional. Read-only. |
| osDescription | String | The description of the operating system for the managed device. Optional. Read-only. |
| osVersion | String | The version of the operating system for the managed device. Optional. Read-only. |
| ownerType | String | The type of owner for the managed device. Optional. Read-only. |
| tenantDisplayName | String | The display name for the managed tenant. Optional. Read-only. |
| tenantId | String | The Microsoft Entra tenant identifier for the managed tenant. Optional. Read-only. |
Graph reference: managedDeviceComplianceTrend
| Property | Type | Description |
|---|---|---|
| compliantDeviceCount | Int32 | The number of devices with a compliant status. Required. Read-only. |
| configManagerDeviceCount | Int32 | The number of devices manged by Configuration Manager. Required. Read-only. |
| countDateTime | String | The date and time compliance snapshot was performed. Required. Read-only. |
| errorDeviceCount | Int32 | The number of devices with an error status. Required. Read-only. |
| id | String | The unique identifier for this entity. Required. Read-only. |
| inGracePeriodDeviceCount | Int32 | The number of devices that are in a grace period status. Required. Read-only. |
| noncompliantDeviceCount | Int32 | The number of devices that are in a non-compliant status. Required. Read-only. |
| tenantDisplayName | String | The display name for the managed tenant. Optional. Read-only. |
| tenantId | String | The Microsoft Entra tenant identifier for the managed tenant. Optional. Read-only. |
| unknownDeviceCount | Int32 | The number of devices in an unknown status. Required. Read-only. |
Graph reference: windowsDeviceMalwareState
| Property | Type | Description |
|---|---|---|
| additionalInformationUrl | String | The additional information URL for the discovered malware. Optional. Read-only. |
| detectionCount | Int32 | The number of times the piece of malware has been detected. Optional. Read-only. |
| deviceDeleted | Boolean | A flag indicating whether the device has been deleted. Optional. Read-only. |
| id | String | The unique identifier for the device malware state. Required. Read-only. |
| initialDetectionDateTime | DateTimeOffset | The date and time the piece of malware was initially detected. Optional. Read-only. |
| lastRefreshedDateTime | DateTimeOffset | Date and time the entity was last updated in the multi-tenant management platform. Optional. Read-only. |
| lastStateChangeDateTime | DateTimeOffset | The date and time the malware state was last changed. Optional. Read-only. |
| malwareCategory | String | The category for the detected malware. Optional. Read-only. |
| malwareDisplayName | String | The display name for the detected malware. Optional. Read-only. |
| malwareExecutionState | String | The execution state for the detected malware. Optional. Read-only. |
| malwareId | String | The unique identifier for the detected malware. Optional. Read-only. |
| malwareSeverity | String | The severity for the detected malware. Optional. Read-only. |
| malwareThreatState | String | The threat state for the detected malware. Optional. Read-only. |
| managedDeviceId | String | The identifier for the managed device where the malware was detected. Optional. Read-only. |
| managedDeviceName | String | The display name for the managed device where the malware was detected. Optional. Read-only. |
| tenantDisplayName | String | The display name for the managed tenant. Optional. Read-only. |
| tenantId | String | The Microsoft Entra tenant identifier for the managed tenant. Optional. Read-only. |
Graph reference: windowsProtectionState
| Property | Type | Description |
|---|---|---|
| antiMalwareVersion | String | The anti-malware version for the managed device. Optional. Read-only. |
| attentionRequired | Boolean | A flag indicating whether attention is required for the managed device. Optional. Read-only. |
| deviceDeleted | Boolean | A flag indicating whether the managed device has been deleted. Optional. Read-only. |
| devicePropertyRefreshDateTime | DateTimeOffset | The date and time the device property has been refreshed. Optional. Read-only. |
| engineVersion | String | The anti-virus engine version for the managed device. Optional. Read-only. |
| fullScanOverdue | Boolean | A flag indicating whether quick scan is overdue for the managed device. Optional. Read-only. |
| fullScanRequired | Boolean | A flag indicating whether full scan is overdue for the managed device. Optional. Read-only. |
| id | String | The unique identifier for the Windows protection state. Required. Read-only. |
| lastFullScanDateTime | DateTimeOffset | The date and time a full scan was completed. Optional. Read-only. |
| lastFullScanSignatureVersion | String | The version anti-malware version used to perform the last full scan. Optional. Read-only. |
| lastQuickScanDateTime | DateTimeOffset | The date and time a quick scan was completed. Optional. Read-only. |
| lastQuickScanSignatureVersion | String | The version anti-malware version used to perform the last full scan. Optional. Read-only. |
| lastRefreshedDateTime | DateTimeOffset | Date and time the entity was last updated in the multi-tenant management platform. Optional. Read-only. |
| lastReportedDateTime | DateTimeOffset | The date and time the protection state was last reported for the managed device. Optional. Read-only. |
| malwareProtectionEnabled | Boolean | A flag indicating whether malware protection is enabled for the managed device. Optional. Read-only. |
| managedDeviceHealthState | String | The health state for the managed device. Optional. Read-only. |
| managedDeviceId | String | The unique identifier for the managed device. Optional. Read-only. |
| managedDeviceName | String | The display name for the managed device. Optional. Read-only. |
| networkInspectionSystemEnabled | Boolean | A flag indicating whether the network inspection system is enabled. Optional. Read-only. |
| quickScanOverdue | Boolean | A flag indicating weather a quick scan is overdue. Optional. Read-only. |
| realTimeProtectionEnabled | Boolean | A flag indicating whether real time protection is enabled. Optional. Read-only. |
| rebootRequired | Boolean | A flag indicating whether a reboot is required. Optional. Read-only. |
| signatureUpdateOverdue | Boolean | A flag indicating whether an signature update is overdue. Optional. Read-only. |
| signatureVersion | String | The signature version for the managed device. Optional. Read-only. |
| tenantDisplayName | String | The display name for the managed tenant. Optional. Read-only. |
| tenantId | String | The Microsoft Entra tenant identifier for the managed tenant. Optional. Read-only. |