DeviceManagementServiceConfig.Read.All
Allows the app to read Microsoft Intune service properties including device enrollment and third party service connection configuration.
Graph Methods
Type: A = Application Permission, D = Delegate Permission
Delegate Permission
| Id | 8696daa5-bce5-4b2e-83f9-51b6defc4e1e |
| Consent Type | Admin |
| Display String | Read Microsoft Intune configuration |
| Description | Allows the app to read Microsoft Intune service properties including device enrollment and third party service connection configuration. |
Application Permission
| Id | 06a5fe6d-c49d-46a7-b082-56b1b14103c7 |
| Display String | Read Microsoft Intune configuration |
| Description | Allows the app to read Microsoft Intune service properties including device enrollment and third party service connection configuration, without a signed-in user. |
Resources
deviceManagement
| Property | Type | Description |
|---|---|---|
| id | String | Not yet documented |
termsAndConditions
| Property | Type | Description |
|---|---|---|
| id | String | Unique identifier of the T&C policy. |
| createdDateTime | DateTimeOffset | DateTime the object was created. |
| lastModifiedDateTime | DateTimeOffset | DateTime the object was last modified. |
| displayName | String | Administrator-supplied name for the T&C policy. |
| description | String | Administrator-supplied description of the T&C policy. |
| title | String | Administrator-supplied title of the terms and conditions. This is shown to the user on prompts to accept the T&C policy. |
| bodyText | String | Administrator-supplied body text of the terms and conditions, typically the terms themselves. This is shown to the user on prompts to accept the T&C policy. |
| acceptanceStatement | String | Administrator-supplied explanation of the terms and conditions, typically describing what it means to accept the terms and conditions set out in the T&C policy. This is shown to the user on prompts to accept the T&C policy. |
| version | Int32 | Integer indicating the current version of the terms. Incremented when an administrator makes a change to the terms and wishes to require users to re-accept the modified T&C policy. |
termsAndConditionsAcceptanceStatus
| Property | Type | Description |
|---|---|---|
| id | String | Unique identifier of the entity. |
| userDisplayName | String | Display name of the user whose acceptance the entity represents. |
| acceptedVersion | Int32 | Most recent version number of the T&C accepted by the user. |
| acceptedDateTime | DateTimeOffset | DateTime when the terms were last accepted by the user. |
| userPrincipalName | String | The userPrincipalName of the User that accepted the term. |
termsAndConditionsAssignment
| Property | Type | Description |
|---|---|---|
| id | String | Unique identifier of the entity. |
| target | deviceAndAppManagementAssignmentTarget | Assignment target that the T&C policy is assigned to. |
termsAndConditionsGroupAssignment
| Property | Type | Description |
|---|---|---|
| id | String | Unique identifier of the entity. |
| targetGroupId | String | Unique identifier of a group that the T&C policy is assigned to. |
activeDirectoryWindowsAutopilotDeploymentProfile
| Property | Type | Description |
|---|---|---|
| id | String | Profile Key Inherited from windowsAutopilotDeploymentProfile |
| displayName | String | Name of the profile Inherited from windowsAutopilotDeploymentProfile |
| description | String | Description of the profile Inherited from windowsAutopilotDeploymentProfile |
| language | String | Language configured on the device Inherited from windowsAutopilotDeploymentProfile |
| createdDateTime | DateTimeOffset | Profile creation time Inherited from windowsAutopilotDeploymentProfile |
| lastModifiedDateTime | DateTimeOffset | Profile last modified time Inherited from windowsAutopilotDeploymentProfile |
| outOfBoxExperienceSettings | outOfBoxExperienceSettings | Out of box experience setting Inherited from windowsAutopilotDeploymentProfile |
| enrollmentStatusScreenSettings | windowsEnrollmentStatusScreenSettings | Enrollment status screen setting Inherited from windowsAutopilotDeploymentProfile |
| extractHardwareHash | Boolean | HardwareHash Extraction for the profile Inherited from windowsAutopilotDeploymentProfile |
| deviceNameTemplate | String | The template used to name the AutoPilot Device. This can be a custom text and can also contain either the serial number of the device, or a randomly generated number. The total length of the text generated by the template can be no more than 15 characters. Inherited from windowsAutopilotDeploymentProfile |
| deviceType | windowsAutopilotDeviceType | The AutoPilot device type that this profile is applicable to. Inherited from windowsAutopilotDeploymentProfile. Possible values are: windowsPc, surfaceHub2, holoLens, surfaceHub2S, virtualMachine, unknownFutureValue. |
| enableWhiteGlove | Boolean | Enable Autopilot White Glove for the profile. Inherited from windowsAutopilotDeploymentProfile |
| roleScopeTagIds | String collection | Scope tags for the profile. Inherited from windowsAutopilotDeploymentProfile |
| managementServiceAppId | String | AzureAD management app ID used during client device-based enrollment discovery Inherited from windowsAutopilotDeploymentProfile |
| hybridAzureADJoinSkipConnectivityCheck | Boolean | The Autopilot Hybrid Azure AD join flow will continue even if it does not establish domain controller connectivity during OOBE. |
appleEnrollmentProfileAssignment
| Property | Type | Description |
|---|---|---|
| id | String | The key of the assignment. |
| target | deviceAndAppManagementAssignmentTarget | The assignment target for the Apple user initiated deployment profile. |
appleUserInitiatedEnrollmentProfile
| Property | Type | Description |
|---|---|---|
| defaultEnrollmentType | appleUserInitiatedEnrollmentType | The default profile enrollment type. Possible values are: unknown, device, user. |
| availableEnrollmentTypeOptions | appleOwnerTypeEnrollmentType collection | List of available enrollment type options |
| id | String | The GUID for the object |
| displayName | String | Name of the profile |
| description | String | Description of the profile |
| priority | Int32 | Priority, 0 is highest |
| platform | devicePlatformType | The platform of the Device. Possible values are: android, androidForWork, iOS, macOS, windowsPhone81, windows81AndLater, windows10AndLater, androidWorkProfile, unknown, androidAOSP. |
| createdDateTime | DateTimeOffset | Profile creation time |
| lastModifiedDateTime | DateTimeOffset | Profile last modified time |
azureADWindowsAutopilotDeploymentProfile
| Property | Type | Description |
|---|---|---|
| id | String | Profile Key Inherited from windowsAutopilotDeploymentProfile |
| displayName | String | Name of the profile Inherited from windowsAutopilotDeploymentProfile |
| description | String | Description of the profile Inherited from windowsAutopilotDeploymentProfile |
| language | String | Language configured on the device Inherited from windowsAutopilotDeploymentProfile |
| createdDateTime | DateTimeOffset | Profile creation time Inherited from windowsAutopilotDeploymentProfile |
| lastModifiedDateTime | DateTimeOffset | Profile last modified time Inherited from windowsAutopilotDeploymentProfile |
| outOfBoxExperienceSettings | outOfBoxExperienceSettings | Out of box experience setting Inherited from windowsAutopilotDeploymentProfile |
| enrollmentStatusScreenSettings | windowsEnrollmentStatusScreenSettings | Enrollment status screen setting Inherited from windowsAutopilotDeploymentProfile |
| extractHardwareHash | Boolean | HardwareHash Extraction for the profile Inherited from windowsAutopilotDeploymentProfile |
| deviceNameTemplate | String | The template used to name the AutoPilot Device. This can be a custom text and can also contain either the serial number of the device, or a randomly generated number. The total length of the text generated by the template can be no more than 15 characters. Inherited from windowsAutopilotDeploymentProfile |
| deviceType | windowsAutopilotDeviceType | The AutoPilot device type that this profile is applicable to. Inherited from windowsAutopilotDeploymentProfile. Possible values are: windowsPc, surfaceHub2, holoLens, surfaceHub2S, virtualMachine, unknownFutureValue. |
| enableWhiteGlove | Boolean | Enable Autopilot White Glove for the profile. Inherited from windowsAutopilotDeploymentProfile |
| roleScopeTagIds | String collection | Scope tags for the profile. Inherited from windowsAutopilotDeploymentProfile |
| managementServiceAppId | String | AzureAD management app ID used during client device-based enrollment discovery Inherited from windowsAutopilotDeploymentProfile |
depEnrollmentBaseProfile
| Property | Type | Description |
|---|---|---|
| id | String | The GUID for the object Inherited from enrollmentProfile |
| displayName | String | Name of the profile Inherited from enrollmentProfile |
| description | String | Description of the profile Inherited from enrollmentProfile |
| requiresUserAuthentication | Boolean | Indicates if the profile requires user authentication Inherited from enrollmentProfile |
| configurationEndpointUrl | String | Configuration endpoint url to use for Enrollment Inherited from enrollmentProfile |
| enableAuthenticationViaCompanyPortal | Boolean | Indicates to authenticate with Apple Setup Assistant instead of Company Portal. Inherited from enrollmentProfile |
| requireCompanyPortalOnSetupAssistantEnrolledDevices | Boolean | Indicates that Company Portal is required on setup assistant enrolled devices Inherited from enrollmentProfile |
| isDefault | Boolean | Indicates if this is the default profile |
| supervisedModeEnabled | Boolean | Supervised mode, True to enable, false otherwise. See https://learn.microsoft.com/en-us/intune/deploy-use/enroll-devices-in-microsoft-intune for additional information. |
| supportDepartment | String | Support department information |
| isMandatory | Boolean | Indicates if the profile is mandatory |
| locationDisabled | Boolean | Indicates if Location service setup pane is disabled |
| supportPhoneNumber | String | Support phone number |
| profileRemovalDisabled | Boolean | Indicates if the profile removal option is disabled |
| restoreBlocked | Boolean | Indicates if Restore setup pane is blocked |
| appleIdDisabled | Boolean | Indicates if Apple id setup pane is disabled |
| termsAndConditionsDisabled | Boolean | Indicates if 'Terms and Conditions' setup pane is disabled |
| touchIdDisabled | Boolean | Indicates if touch id setup pane is disabled |
| applePayDisabled | Boolean | Indicates if Apple pay setup pane is disabled |
| siriDisabled | Boolean | Indicates if siri setup pane is disabled |
| diagnosticsDisabled | Boolean | Indicates if diagnostics setup pane is disabled |
| displayToneSetupDisabled | Boolean | Indicates if displaytone setup screen is disabled |
| privacyPaneDisabled | Boolean | Indicates if privacy screen is disabled |
| screenTimeScreenDisabled | Boolean | Indicates if screen timeout setup is disabled |
| deviceNameTemplate | String | Sets a literal or name pattern. |
| configurationWebUrl | Boolean | URL for setup assistant login |
| enabledSkipKeys | String collection | enabledSkipKeys contains all the enabled skip keys as strings |
depEnrollmentProfile
| Property | Type | Description |
|---|---|---|
| id | String | The GUID for the object Inherited from enrollmentProfile |
| displayName | String | Name of the profile Inherited from enrollmentProfile |
| description | String | Description of the profile Inherited from enrollmentProfile |
| requiresUserAuthentication | Boolean | Indicates if the profile requires user authentication Inherited from enrollmentProfile |
| configurationEndpointUrl | String | Configuration endpoint url to use for Enrollment Inherited from enrollmentProfile |
| enableAuthenticationViaCompanyPortal | Boolean | Indicates to authenticate with Apple Setup Assistant instead of Company Portal. Inherited from enrollmentProfile |
| requireCompanyPortalOnSetupAssistantEnrolledDevices | Boolean | Indicates that Company Portal is required on setup assistant enrolled devices Inherited from enrollmentProfile |
| isDefault | Boolean | Indicates if this is the default profile |
| supervisedModeEnabled | Boolean | Supervised mode, True to enable, false otherwise. See https://learn.microsoft.com/en-us/intune/deploy-use/enroll-devices-in-microsoft-intune for additional information. |
| supportDepartment | String | Support department information |
| passCodeDisabled | Boolean | Indicates if Passcode setup pane is disabled |
| isMandatory | Boolean | Indicates if the profile is mandatory |
| locationDisabled | Boolean | Indicates if Location service setup pane is disabled |
| supportPhoneNumber | String | Support phone number |
| iTunesPairingMode | iTunesPairingMode | Indicates the iTunes pairing mode. Possible values are: disallow, allow, requiresCertificate. |
| profileRemovalDisabled | Boolean | Indicates if the profile removal option is disabled |
| managementCertificates | managementCertificateWithThumbprint collection | Management certificates for Apple Configurator |
| restoreBlocked | Boolean | Indicates if Restore setup pane is blocked |
| restoreFromAndroidDisabled | Boolean | Indicates if Restore from Android is disabled |
| appleIdDisabled | Boolean | Indicates if Apple id setup pane is disabled |
| termsAndConditionsDisabled | Boolean | Indicates if 'Terms and Conditions' setup pane is disabled |
| touchIdDisabled | Boolean | Indicates if touch id setup pane is disabled |
| applePayDisabled | Boolean | Indicates if Apple pay setup pane is disabled |
| zoomDisabled | Boolean | Indicates if zoom setup pane is disabled |
| siriDisabled | Boolean | Indicates if siri setup pane is disabled |
| diagnosticsDisabled | Boolean | Indicates if diagnostics setup pane is disabled |
| macOSRegistrationDisabled | Boolean | Indicates if Mac OS registration is disabled |
| macOSFileVaultDisabled | Boolean | Indicates if Mac OS file vault is disabled |
| awaitDeviceConfiguredConfirmation | Boolean | Indicates if the device will need to wait for configured confirmation |
| sharedIPadMaximumUserCount | Int32 | This specifies the maximum number of users that can use a shared iPad. Only applicable in shared iPad mode. |
| enableSharedIPad | Boolean | This indicates whether the device is to be enrolled in a mode which enables multi user scenarios. Only applicable in shared iPads. |
depIOSEnrollmentProfile
| Property | Type | Description |
|---|---|---|
| id | String | The GUID for the object Inherited from enrollmentProfile |
| displayName | String | Name of the profile Inherited from enrollmentProfile |
| description | String | Description of the profile Inherited from enrollmentProfile |
| requiresUserAuthentication | Boolean | Indicates if the profile requires user authentication Inherited from enrollmentProfile |
| configurationEndpointUrl | String | Configuration endpoint url to use for Enrollment Inherited from enrollmentProfile |
| enableAuthenticationViaCompanyPortal | Boolean | Indicates to authenticate with Apple Setup Assistant instead of Company Portal. Inherited from enrollmentProfile |
| requireCompanyPortalOnSetupAssistantEnrolledDevices | Boolean | Indicates that Company Portal is required on setup assistant enrolled devices Inherited from enrollmentProfile |
| isDefault | Boolean | Indicates if this is the default profile Inherited from depEnrollmentBaseProfile |
| supervisedModeEnabled | Boolean | Supervised mode, True to enable, false otherwise. See https://learn.microsoft.com/en-us/intune/deploy-use/enroll-devices-in-microsoft-intune for additional information. Inherited from depEnrollmentBaseProfile |
| supportDepartment | String | Support department information Inherited from depEnrollmentBaseProfile |
| isMandatory | Boolean | Indicates if the profile is mandatory Inherited from depEnrollmentBaseProfile |
| locationDisabled | Boolean | Indicates if Location service setup pane is disabled Inherited from depEnrollmentBaseProfile |
| supportPhoneNumber | String | Support phone number Inherited from depEnrollmentBaseProfile |
| profileRemovalDisabled | Boolean | Indicates if the profile removal option is disabled Inherited from depEnrollmentBaseProfile |
| restoreBlocked | Boolean | Indicates if Restore setup pane is blocked Inherited from depEnrollmentBaseProfile |
| appleIdDisabled | Boolean | Indicates if Apple id setup pane is disabled Inherited from depEnrollmentBaseProfile |
| termsAndConditionsDisabled | Boolean | Indicates if 'Terms and Conditions' setup pane is disabled Inherited from depEnrollmentBaseProfile |
| touchIdDisabled | Boolean | Indicates if touch id setup pane is disabled Inherited from depEnrollmentBaseProfile |
| applePayDisabled | Boolean | Indicates if Apple pay setup pane is disabled Inherited from depEnrollmentBaseProfile |
| siriDisabled | Boolean | Indicates if siri setup pane is disabled Inherited from depEnrollmentBaseProfile |
| diagnosticsDisabled | Boolean | Indicates if diagnostics setup pane is disabled Inherited from depEnrollmentBaseProfile |
| displayToneSetupDisabled | Boolean | Indicates if displaytone setup screen is disabled Inherited from depEnrollmentBaseProfile |
| privacyPaneDisabled | Boolean | Indicates if privacy screen is disabled Inherited from depEnrollmentBaseProfile |
| screenTimeScreenDisabled | Boolean | Indicates if screen timeout setup is disabled Inherited from depEnrollmentBaseProfile |
| deviceNameTemplate | String | Sets a literal or name pattern. Inherited from depEnrollmentBaseProfile |
| configurationWebUrl | Boolean | URL for setup assistant login Inherited from depEnrollmentBaseProfile |
| enabledSkipKeys | String collection | enabledSkipKeys contains all the enabled skip keys as strings Inherited from depEnrollmentBaseProfile |
| iTunesPairingMode | iTunesPairingMode | Indicates the iTunes pairing mode. Possible values are: disallow, allow, requiresCertificate. |
| managementCertificates | managementCertificateWithThumbprint collection | Management certificates for Apple Configurator |
| restoreFromAndroidDisabled | Boolean | Indicates if Restore from Android is disabled |
| awaitDeviceConfiguredConfirmation | Boolean | Indicates if the device will need to wait for configured confirmation |
| sharedIPadMaximumUserCount | Int32 | This specifies the maximum number of users that can use a shared iPad. Only applicable in shared iPad mode. |
| enableSharedIPad | Boolean | This indicates whether the device is to be enrolled in a mode which enables multi user scenarios. Only applicable in shared iPads. |
| companyPortalVppTokenId | String | If set, indicates which Vpp token should be used to deploy the Company Portal w/ device licensing. 'enableAuthenticationViaCompanyPortal' must be set in order for this property to be set. |
| enableSingleAppEnrollmentMode | Boolean | Tells the device to enable single app mode and apply app-lock during enrollment. Default is false. 'enableAuthenticationViaCompanyPortal' and 'companyPortalVppTokenId' must be set for this property to be set. |
| homeButtonScreenDisabled | Boolean | Indicates if home button sensitivity screen is disabled |
| iMessageAndFaceTimeScreenDisabled | Boolean | Indicates if iMessage and FaceTime screen is disabled |
| onBoardingScreenDisabled | Boolean | Indicates if onboarding setup screen is disabled |
| simSetupScreenDisabled | Boolean | Indicates if the SIMSetup screen is disabled |
| softwareUpdateScreenDisabled | Boolean | Indicates if the mandatory sofware update screen is disabled |
| watchMigrationScreenDisabled | Boolean | Indicates if the watch migration screen is disabled |
| appearanceScreenDisabled | Boolean | Indicates if Apperance screen is disabled |
| expressLanguageScreenDisabled | Boolean | Indicates if Express Language screen is disabled |
| preferredLanguageScreenDisabled | Boolean | Indicates if Preferred language screen is disabled |
| deviceToDeviceMigrationDisabled | Boolean | Indicates if Device To Device Migration is disabled |
| welcomeScreenDisabled | Boolean | Indicates if Weclome screen is disabled |
| passCodeDisabled | Boolean | Indicates if Passcode setup pane is disabled |
| zoomDisabled | Boolean | Indicates if zoom setup pane is disabled |
| restoreCompletedScreenDisabled | Boolean | Indicates if Weclome screen is disabled |
| updateCompleteScreenDisabled | Boolean | Indicates if Weclome screen is disabled |
| forceTemporarySession | Boolean | Indicates if temporary sessions is enabled |
| temporarySessionTimeoutInSeconds | Int32 | Indicates timeout of temporary session |
| userSessionTimeoutInSeconds | Int32 | Indicates timeout of temporary session |
| passcodeLockGracePeriodInSeconds | Int32 | Indicates timeout before locked screen requires the user to enter the device passocde to unlock it |
| carrierActivationUrl | String | Carrier URL for activating device eSIM. |
| userlessSharedAadModeEnabled | Boolean | Indicates that this apple device is designated to support 'shared device mode' scenarios. This is distinct from the 'shared iPad' scenario. See https://learn.microsoft.com/en-us/mem/intune/enrollment/device-enrollment-shared-ios| |
depMacOSEnrollmentProfile
| Property | Type | Description |
|---|---|---|
| id | String | The GUID for the object Inherited from enrollmentProfile |
| displayName | String | Name of the profile Inherited from enrollmentProfile |
| description | String | Description of the profile Inherited from enrollmentProfile |
| requiresUserAuthentication | Boolean | Indicates if the profile requires user authentication Inherited from enrollmentProfile |
| configurationEndpointUrl | String | Configuration endpoint url to use for Enrollment Inherited from enrollmentProfile |
| enableAuthenticationViaCompanyPortal | Boolean | Indicates to authenticate with Apple Setup Assistant instead of Company Portal. Inherited from enrollmentProfile |
| requireCompanyPortalOnSetupAssistantEnrolledDevices | Boolean | Indicates that Company Portal is required on setup assistant enrolled devices Inherited from enrollmentProfile |
| isDefault | Boolean | Indicates if this is the default profile Inherited from depEnrollmentBaseProfile |
| supervisedModeEnabled | Boolean | Supervised mode, True to enable, false otherwise. See https://learn.microsoft.com/en-us/intune/deploy-use/enroll-devices-in-microsoft-intune for additional information. Inherited from depEnrollmentBaseProfile |
| supportDepartment | String | Support department information Inherited from depEnrollmentBaseProfile |
| isMandatory | Boolean | Indicates if the profile is mandatory Inherited from depEnrollmentBaseProfile |
| locationDisabled | Boolean | Indicates if Location service setup pane is disabled Inherited from depEnrollmentBaseProfile |
| supportPhoneNumber | String | Support phone number Inherited from depEnrollmentBaseProfile |
| profileRemovalDisabled | Boolean | Indicates if the profile removal option is disabled Inherited from depEnrollmentBaseProfile |
| restoreBlocked | Boolean | Indicates if Restore setup pane is blocked Inherited from depEnrollmentBaseProfile |
| appleIdDisabled | Boolean | Indicates if Apple id setup pane is disabled Inherited from depEnrollmentBaseProfile |
| termsAndConditionsDisabled | Boolean | Indicates if 'Terms and Conditions' setup pane is disabled Inherited from depEnrollmentBaseProfile |
| touchIdDisabled | Boolean | Indicates if touch id setup pane is disabled Inherited from depEnrollmentBaseProfile |
| applePayDisabled | Boolean | Indicates if Apple pay setup pane is disabled Inherited from depEnrollmentBaseProfile |
| siriDisabled | Boolean | Indicates if siri setup pane is disabled Inherited from depEnrollmentBaseProfile |
| diagnosticsDisabled | Boolean | Indicates if diagnostics setup pane is disabled Inherited from depEnrollmentBaseProfile |
| displayToneSetupDisabled | Boolean | Indicates if displaytone setup screen is disabled Inherited from depEnrollmentBaseProfile |
| privacyPaneDisabled | Boolean | Indicates if privacy screen is disabled Inherited from depEnrollmentBaseProfile |
| screenTimeScreenDisabled | Boolean | Indicates if screen timeout setup is disabled Inherited from depEnrollmentBaseProfile |
| deviceNameTemplate | String | Sets a literal or name pattern. Inherited from depEnrollmentBaseProfile |
| configurationWebUrl | Boolean | URL for setup assistant login Inherited from depEnrollmentBaseProfile |
| enabledSkipKeys | String collection | enabledSkipKeys contains all the enabled skip keys as strings Inherited from depEnrollmentBaseProfile |
| registrationDisabled | Boolean | Indicates if registration is disabled |
| fileVaultDisabled | Boolean | Indicates if file vault is disabled |
| iCloudDiagnosticsDisabled | Boolean | Indicates if iCloud Analytics screen is disabled |
| passCodeDisabled | Boolean | Indicates if Passcode setup pane is disabled |
| zoomDisabled | Boolean | Indicates if zoom setup pane is disabled |
| iCloudStorageDisabled | Boolean | Indicates if iCloud Documents and Desktop screen is disabled |
| chooseYourLockScreenDisabled | Boolean | Indicates if iCloud Documents and Desktop screen is disabled |
| accessibilityScreenDisabled | Boolean | Indicates if Accessibility screen is disabled |
| autoUnlockWithWatchDisabled | Boolean | Indicates if UnlockWithWatch screen is disabled |
| dontAutoPopulatePrimaryAccountInfo | Boolean | Indicates whether Setup Assistant will auto populate the primary account information |
| lockPrimaryAccountInfo | Boolean | Indicates whether the primary account information will be locked |
| managedLocalUserShortName | Boolean | Indicates whether or not this is the short name of the local account to manage |
| primaryAccountFullName | String | Indicates what the full name for the primary account is |
| primaryAccountUserName | String | Indicates what the account name for the primary account is |
| requestRequiresNetworkTether | Boolean | Indicates if the device is network-tethered to run the command |
| setPrimarySetupAccountAsRegularUser | Boolean | Indicates whether Setup Assistant will set the account as a regular user |
| skipPrimarySetupAccountCreation | Boolean | Indicates whether Setup Assistant will skip the user interface for primary account setup |
| isLocalPrimaryAccount | Boolean | Indicates whether the profile is a local account |
| isPrimaryUser | Boolean | Indicates whether the profile is a primary user |
| primaryUser | String | Indicates who the primary user of the profile is |
| primaryUserFullName | String | Indicates who the primary user of the profile is |
| prefillAccountInfo | Boolean | Indicates whether the user will prefill their account info |
| enableRestrictEditing | Boolean | Indicates whether the user will enable blockediting |
depOnboardingSetting
| Property | Type | Description |
|---|---|---|
| id | String | UUID for the object |
| appleIdentifier | String | The Apple ID used to obtain the current token. |
| tokenExpirationDateTime | DateTimeOffset | When the token will expire. |
| lastModifiedDateTime | DateTimeOffset | When the service was onboarded. |
| lastSuccessfulSyncDateTime | DateTimeOffset | When the service last syned with Intune |
| lastSyncTriggeredDateTime | DateTimeOffset | When Intune last requested a sync. |
| shareTokenWithSchoolDataSyncService | Boolean | Whether or not the Dep token sharing is enabled with the School Data Sync service. |
| lastSyncErrorCode | Int32 | Error code reported by Apple during last dep sync. |
| tokenType | depTokenType | Gets or sets the Dep Token Type. Possible values are: none, dep, appleSchoolManager. |
| tokenName | String | Friendly Name for Dep Token |
| syncedDeviceCount | Int32 | Gets synced device count |
| dataSharingConsentGranted | Boolean | Consent granted for data sharing with Apple Dep Service |
| roleScopeTagIds | String collection | List of Scope Tags for this Entity instance. |
deviceManagement
| Property | Type | Description |
|---|---|---|
| id | String | The GUID for the object. |
enrollmentProfile
| Property | Type | Description |
|---|---|---|
| id | String | The GUID for the object |
| displayName | String | Name of the profile |
| description | String | Description of the profile |
| requiresUserAuthentication | Boolean | Indicates if the profile requires user authentication |
| configurationEndpointUrl | String | Configuration endpoint url to use for Enrollment |
| enableAuthenticationViaCompanyPortal | Boolean | Indicates to authenticate with Apple Setup Assistant instead of Company Portal. |
| requireCompanyPortalOnSetupAssistantEnrolledDevices | Boolean | Indicates that Company Portal is required on setup assistant enrolled devices |
importedAppleDeviceIdentity
| Property | Type | Description |
|---|---|---|
| id | String | Key of the entity. |
| serialNumber | String | Device serial number |
| requestedEnrollmentProfileId | String | Enrollment profile Id admin intends to apply to the device during next enrollment |
| requestedEnrollmentProfileAssignmentDateTime | DateTimeOffset | The time enrollment profile was assigned to the device |
| isSupervised | Boolean | Indicates if the Apple device is supervised. More information is at: https://support.apple.com/en-us/HT202837| |
| discoverySource | discoverySource | Apple device discovery source. Possible values are: unknown, adminImport, deviceEnrollmentProgram. |
| isDeleted | Boolean | Indicates if the device is deleted from Apple Business Manager |
| createdDateTime | DateTimeOffset | Created Date Time of the device |
| lastContactedDateTime | DateTimeOffset | Last Contacted Date Time of the device |
| description | String | The description of the device |
| enrollmentState | enrollmentState | The state of the device in Intune. Possible values are: unknown, enrolled, pendingReset, failed, notContacted, blocked. |
| platform | platform | The platform of the Device. Possible values are: unknown, ios, android, windows, windowsMobile, macOS. |
importedAppleDeviceIdentityResult
| Property | Type | Description |
|---|---|---|
| id | String | Key of the entity. Inherited from importedAppleDeviceIdentity |
| serialNumber | String | Device serial number Inherited from importedAppleDeviceIdentity |
| requestedEnrollmentProfileId | String | Enrollment profile Id admin intends to apply to the device during next enrollment Inherited from importedAppleDeviceIdentity |
| requestedEnrollmentProfileAssignmentDateTime | DateTimeOffset | The time enrollment profile was assigned to the device Inherited from importedAppleDeviceIdentity |
| isSupervised | Boolean | Indicates if the Apple device is supervised. More information is at: https://support.apple.com/en-us/HT202837 Inherited from importedAppleDeviceIdentity |
| discoverySource | discoverySource | Apple device discovery source. Inherited from importedAppleDeviceIdentity. Possible values are: unknown, adminImport, deviceEnrollmentProgram. |
| isDeleted | Boolean | Indicates if the device is deleted from Apple Business Manager Inherited from importedAppleDeviceIdentity |
| createdDateTime | DateTimeOffset | Created Date Time of the device Inherited from importedAppleDeviceIdentity |
| lastContactedDateTime | DateTimeOffset | Last Contacted Date Time of the device Inherited from importedAppleDeviceIdentity |
| description | String | The description of the device Inherited from importedAppleDeviceIdentity |
| enrollmentState | enrollmentState | The state of the device in Intune Inherited from importedAppleDeviceIdentity. Possible values are: unknown, enrolled, pendingReset, failed, notContacted, blocked. |
| platform | platform | The platform of the Device. Inherited from importedAppleDeviceIdentity. Possible values are: unknown, ios, android, windows, windowsMobile, macOS. |
| status | Boolean | Status of imported device identity |
importedDeviceIdentity
| Property | Type | Description |
|---|---|---|
| id | String | Id of the imported device identity |
| importedDeviceIdentifier | String | Imported Device Identifier |
| importedDeviceIdentityType | importedDeviceIdentityType | Type of Imported Device Identity. Possible values are: unknown, imei, serialNumber. |
| lastModifiedDateTime | DateTimeOffset | Last Modified DateTime of the description |
| createdDateTime | DateTimeOffset | Created Date Time of the device |
| lastContactedDateTime | DateTimeOffset | Last Contacted Date Time of the device |
| description | String | The description of the device |
| enrollmentState | enrollmentState | The state of the device in Intune. Possible values are: unknown, enrolled, pendingReset, failed, notContacted, blocked. |
| platform | platform | The platform of the Device. Possible values are: unknown, ios, android, windows, windowsMobile, macOS. |
importedDeviceIdentityResult
| Property | Type | Description |
|---|---|---|
| id | String | Id of the imported device identity Inherited from importedDeviceIdentity |
| importedDeviceIdentifier | String | Imported Device Identifier Inherited from importedDeviceIdentity |
| importedDeviceIdentityType | importedDeviceIdentityType | Type of Imported Device Identity Inherited from importedDeviceIdentity. Possible values are: unknown, imei, serialNumber. |
| lastModifiedDateTime | DateTimeOffset | Last Modified DateTime of the description Inherited from importedDeviceIdentity |
| createdDateTime | DateTimeOffset | Created Date Time of the device Inherited from importedDeviceIdentity |
| lastContactedDateTime | DateTimeOffset | Last Contacted Date Time of the device Inherited from importedDeviceIdentity |
| description | String | The description of the device Inherited from importedDeviceIdentity |
| enrollmentState | enrollmentState | The state of the device in Intune Inherited from importedDeviceIdentity. Possible values are: unknown, enrolled, pendingReset, failed, notContacted, blocked. |
| platform | platform | The platform of the Device. Inherited from importedDeviceIdentity. Possible values are: unknown, ios, android, windows, windowsMobile, macOS. |
| status | Boolean | Status of imported device identity |
importedWindowsAutopilotDeviceIdentity
| Property | Type | Description |
|---|---|---|
| id | String | The GUID for the object |
| groupTag | String | Group Tag of the Windows autopilot device. |
| serialNumber | String | Serial number of the Windows autopilot device. |
| productKey | String | Product Key of the Windows autopilot device. |
| importId | String | The Import Id of the Windows autopilot device. |
| hardwareIdentifier | Binary | Hardware Blob of the Windows autopilot device. |
| state | importedWindowsAutopilotDeviceIdentityState | Current state of the imported device. |
| assignedUserPrincipalName | String | UPN of the user the device will be assigned |
suggestedEnrollmentLimit
| Property | Type | Description |
|---|---|---|
| suggestedDailyLimit | Int32 | The suggested enrollment limit within a day |
windowsAutopilotDeploymentProfileAssignment
| Property | Type | Description |
|---|---|---|
| id | String | The key of the assignment. |
| target | deviceAndAppManagementAssignmentTarget | The assignment target for the Windows Autopilot deployment profile. |
| source | deviceAndAppManagementAssignmentSource | Type of resource used for deployment to a group, direct or parcel/policySet. Possible values are: direct, policySets. |
| sourceId | String | Identifier for resource used for deployment to a group |
windowsAutopilotDeviceIdentity
| Property | Type | Description |
|---|---|---|
| id | String | The GUID for the object |
| groupTag | String | Group Tag of the Windows autopilot device. |
| purchaseOrderIdentifier | String | Purchase Order Identifier of the Windows autopilot device. |
| serialNumber | String | Serial number of the Windows autopilot device. |
| productKey | String | Product Key of the Windows autopilot device. |
| manufacturer | String | Oem manufacturer of the Windows autopilot device. |
| model | String | Model name of the Windows autopilot device. |
| enrollmentState | enrollmentState | Intune enrollment state of the Windows autopilot device. Possible values are: unknown, enrolled, pendingReset, failed, notContacted. |
| lastContactedDateTime | DateTimeOffset | Intune Last Contacted Date Time of the Windows autopilot device. |
| addressableUserName | String | Addressable user name. |
| userPrincipalName | String | User Principal Name. |
| resourceName | String | Resource Name. |
| skuNumber | String | SKU Number |
| systemFamily | String | System Family |
| azureActiveDirectoryDeviceId | String | AAD Device ID - to be deprecated |
| managedDeviceId | String | Managed Device ID |
| displayName | String | Display Name |
windowsAutopilotSettings
| Property | Type | Description |
|---|---|---|
| id | String | The GUID for the object |
| lastSyncDateTime | DateTimeOffset | Last data sync date time with DDS service. |
| lastManualSyncTriggerDateTime | DateTimeOffset | Last data sync date time with DDS service. |
| syncStatus | windowsAutopilotSyncStatus | Indicates the status of sync with Device data sync (DDS) service. Possible values are: unknown, inProgress, completed, failed. |
deviceManagement
| Property | Type | Description |
|---|---|---|
| id | String | Not yet documented |
localizedNotificationMessage
| Property | Type | Description |
|---|---|---|
| id | String | Key of the entity. |
| lastModifiedDateTime | DateTimeOffset | DateTime the object was last modified. |
| locale | String | The Locale for which this message is destined. |
| subject | String | The Message Template Subject. |
| messageTemplate | String | The Message Template content. |
| isDefault | Boolean | Flag to indicate whether or not this is the default locale for language fallback. This flag can only be set. To unset, set this property to true on another Localized Notification Message. |
notificationMessageTemplate
| Property | Type | Description |
|---|---|---|
| id | String | Key of the entity. |
| lastModifiedDateTime | DateTimeOffset | DateTime the object was last modified. |
| displayName | String | Display name for the Notification Message Template. |
| defaultLocale | String | The default locale to fallback onto when the requested locale is not available. |
| brandingOptions | notificationTemplateBrandingOptions | The Message Template Branding Options. Branding is defined in the Intune Admin Console. Possible values are: none, includeCompanyLogo, includeCompanyName, includeContactInformation, includeCompanyPortalLink, includeDeviceDetails. |
complianceManagementPartner
| Property | Type | Description |
|---|---|---|
| id | String | Id of the entity |
| lastHeartbeatDateTime | DateTimeOffset | Timestamp of last heartbeat after admin onboarded to the compliance management partner |
| partnerState | deviceManagementPartnerTenantState | Partner state of this tenant. Possible values are: unknown, unavailable, enabled, terminated, rejected, unresponsive. |
| displayName | String | Partner display name |
| macOsOnboarded | Boolean | Partner onboarded for Mac devices. |
| androidOnboarded | Boolean | Partner onboarded for Android devices. |
| iosOnboarded | Boolean | Partner onboarded for ios devices. |
| macOsEnrollmentAssignments | complianceManagementPartnerAssignment collection | User groups which enroll Mac devices through partner. |
| androidEnrollmentAssignments | complianceManagementPartnerAssignment collection | User groups which enroll Android devices through partner. |
| iosEnrollmentAssignments | complianceManagementPartnerAssignment collection | User groups which enroll ios devices through partner. |
deviceComanagementAuthorityConfiguration
| Property | Type | Description |
|---|---|---|
| id | String | Unique Identifier for the account Inherited from deviceEnrollmentConfiguration |
| displayName | String | The display name of the device enrollment configuration Inherited from deviceEnrollmentConfiguration |
| description | String | The description of the device enrollment configuration Inherited from deviceEnrollmentConfiguration |
| priority | Int32 | Priority is used when a user exists in multiple groups that are assigned enrollment configuration. Users are subject only to the configuration with the lowest priority value. Inherited from deviceEnrollmentConfiguration |
| createdDateTime | DateTimeOffset | Created date time in UTC of the device enrollment configuration Inherited from deviceEnrollmentConfiguration |
| lastModifiedDateTime | DateTimeOffset | Last modified date time in UTC of the device enrollment configuration Inherited from deviceEnrollmentConfiguration |
| version | Int32 | The version of the device enrollment configuration Inherited from deviceEnrollmentConfiguration |
| roleScopeTagIds | String collection | Optional role scope tags for the enrollment restrictions. Inherited from deviceEnrollmentConfiguration |
| deviceEnrollmentConfigurationType | deviceEnrollmentConfigurationType | Support for Enrollment Configuration Type Inherited from deviceEnrollmentConfiguration. Possible values are: unknown, limit, platformRestrictions, windowsHelloForBusiness, defaultLimit, defaultPlatformRestrictions, defaultWindowsHelloForBusiness, defaultWindows10EnrollmentCompletionPageConfiguration, windows10EnrollmentCompletionPageConfiguration, deviceComanagementAuthorityConfiguration, singlePlatformRestriction, unknownFutureValue, enrollmentNotificationsConfiguration. |
| managedDeviceAuthority | Int32 | CoManagement Authority configuration ManagedDeviceAuthority |
| installConfigurationManagerAgent | Boolean | CoManagement Authority configuration InstallConfigurationManagerAgent |
| configurationManagerAgentCommandLineArgument | String | CoManagement Authority configuration ConfigurationManagerAgentCommandLineArgument |
deviceEnrollmentConfiguration
| Property | Type | Description |
|---|---|---|
| id | String | Unique Identifier for the account |
| displayName | String | The display name of the device enrollment configuration |
| description | String | The description of the device enrollment configuration |
| priority | Int32 | Priority is used when a user exists in multiple groups that are assigned enrollment configuration. Users are subject only to the configuration with the lowest priority value. |
| createdDateTime | DateTimeOffset | Created date time in UTC of the device enrollment configuration |
| lastModifiedDateTime | DateTimeOffset | Last modified date time in UTC of the device enrollment configuration |
| version | Int32 | The version of the device enrollment configuration |
deviceEnrollmentLimitConfiguration
| Property | Type | Description |
|---|---|---|
| id | String | Unique Identifier for the account Inherited from deviceEnrollmentConfiguration |
| displayName | String | The display name of the device enrollment configuration Inherited from deviceEnrollmentConfiguration |
| description | String | The description of the device enrollment configuration Inherited from deviceEnrollmentConfiguration |
| priority | Int32 | Priority is used when a user exists in multiple groups that are assigned enrollment configuration. Users are subject only to the configuration with the lowest priority value. Inherited from deviceEnrollmentConfiguration |
| createdDateTime | DateTimeOffset | Created date time in UTC of the device enrollment configuration Inherited from deviceEnrollmentConfiguration |
| lastModifiedDateTime | DateTimeOffset | Last modified date time in UTC of the device enrollment configuration Inherited from deviceEnrollmentConfiguration |
| version | Int32 | The version of the device enrollment configuration Inherited from deviceEnrollmentConfiguration |
| limit | Int32 | The maximum number of devices that a user can enroll |
deviceEnrollmentNotificationConfiguration
| Property | Type | Description |
|---|---|---|
| id | String | Unique Identifier for the account Inherited from deviceEnrollmentConfiguration |
| displayName | String | The display name of the device enrollment configuration Inherited from deviceEnrollmentConfiguration |
| description | String | The description of the device enrollment configuration Inherited from deviceEnrollmentConfiguration |
| priority | Int32 | Priority is used when a user exists in multiple groups that are assigned enrollment configuration. Users are subject only to the configuration with the lowest priority value. Inherited from deviceEnrollmentConfiguration |
| createdDateTime | DateTimeOffset | Created date time in UTC of the device enrollment configuration Inherited from deviceEnrollmentConfiguration |
| lastModifiedDateTime | DateTimeOffset | Last modified date time in UTC of the device enrollment configuration Inherited from deviceEnrollmentConfiguration |
| version | Int32 | The version of the device enrollment configuration Inherited from deviceEnrollmentConfiguration |
| roleScopeTagIds | String collection | Optional role scope tags for the enrollment restrictions. Inherited from deviceEnrollmentConfiguration |
| deviceEnrollmentConfigurationType | deviceEnrollmentConfigurationType | Support for Enrollment Configuration Type Inherited from deviceEnrollmentConfiguration. Possible values are: unknown, limit, platformRestrictions, windowsHelloForBusiness, defaultLimit, defaultPlatformRestrictions, defaultWindowsHelloForBusiness, defaultWindows10EnrollmentCompletionPageConfiguration, windows10EnrollmentCompletionPageConfiguration, deviceComanagementAuthorityConfiguration, singlePlatformRestriction, unknownFutureValue, enrollmentNotificationsConfiguration. |
| platformType | enrollmentRestrictionPlatformType | Platform type of the Enrollment Notification. Possible values are: allPlatforms, ios, windows, windowsPhone, android, androidForWork, mac, linux, unknownFutureValue. |
| templateType | enrollmentNotificationTemplateType | Template type of the Enrollment Notification. Possible values are: email, push, unknownFutureValue. |
| notificationMessageTemplateId | Guid | Notification Message Template Id |
| notificationTemplates | String collection | The list of notification data - |
| brandingOptions | enrollmentNotificationBrandingOptions | Branding Options for the Enrollment Notification. Possible values are: none, includeCompanyLogo, includeCompanyName, includeContactInformation, includeCompanyPortalLink, includeDeviceDetails, unknownFutureValue. |
| defaultLocale | String | DefaultLocale for the Enrollment Notification |
deviceEnrollmentPlatformRestrictionConfiguration
| Property | Type | Description |
|---|---|---|
| id | String | Unique Identifier for the account Inherited from deviceEnrollmentConfiguration |
| displayName | String | The display name of the device enrollment configuration Inherited from deviceEnrollmentConfiguration |
| description | String | The description of the device enrollment configuration Inherited from deviceEnrollmentConfiguration |
| priority | Int32 | Priority is used when a user exists in multiple groups that are assigned enrollment configuration. Users are subject only to the configuration with the lowest priority value. Inherited from deviceEnrollmentConfiguration |
| createdDateTime | DateTimeOffset | Created date time in UTC of the device enrollment configuration Inherited from deviceEnrollmentConfiguration |
| lastModifiedDateTime | DateTimeOffset | Last modified date time in UTC of the device enrollment configuration Inherited from deviceEnrollmentConfiguration |
| version | Int32 | The version of the device enrollment configuration Inherited from deviceEnrollmentConfiguration |
| roleScopeTagIds | String collection | Optional role scope tags for the enrollment restrictions. Inherited from deviceEnrollmentConfiguration |
| deviceEnrollmentConfigurationType | deviceEnrollmentConfigurationType | Support for Enrollment Configuration Type Inherited from deviceEnrollmentConfiguration. Possible values are: unknown, limit, platformRestrictions, windowsHelloForBusiness, defaultLimit, defaultPlatformRestrictions, defaultWindowsHelloForBusiness, defaultWindows10EnrollmentCompletionPageConfiguration, windows10EnrollmentCompletionPageConfiguration, deviceComanagementAuthorityConfiguration, singlePlatformRestriction, unknownFutureValue, enrollmentNotificationsConfiguration. |
| platformRestriction | deviceEnrollmentPlatformRestriction | Restrictions based on platform, platform operating system version, and device ownership |
| platformType | enrollmentRestrictionPlatformType | Type of platform for which this restriction applies. Possible values are: allPlatforms, ios, windows, windowsPhone, android, androidForWork, mac, linux, unknownFutureValue. |
deviceEnrollmentPlatformRestrictionsConfiguration
| Property | Type | Description |
|---|---|---|
| id | String | Unique Identifier for the account Inherited from deviceEnrollmentConfiguration |
| displayName | String | The display name of the device enrollment configuration Inherited from deviceEnrollmentConfiguration |
| description | String | The description of the device enrollment configuration Inherited from deviceEnrollmentConfiguration |
| priority | Int32 | Priority is used when a user exists in multiple groups that are assigned enrollment configuration. Users are subject only to the configuration with the lowest priority value. Inherited from deviceEnrollmentConfiguration |
| createdDateTime | DateTimeOffset | Created date time in UTC of the device enrollment configuration Inherited from deviceEnrollmentConfiguration |
| lastModifiedDateTime | DateTimeOffset | Last modified date time in UTC of the device enrollment configuration Inherited from deviceEnrollmentConfiguration |
| version | Int32 | The version of the device enrollment configuration Inherited from deviceEnrollmentConfiguration |
| iosRestriction | deviceEnrollmentPlatformRestriction | Ios restrictions based on platform, platform operating system version, and device ownership |
| windowsRestriction | deviceEnrollmentPlatformRestriction | Windows restrictions based on platform, platform operating system version, and device ownership |
| windowsMobileRestriction | deviceEnrollmentPlatformRestriction | Windows mobile restrictions based on platform, platform operating system version, and device ownership |
| androidRestriction | deviceEnrollmentPlatformRestriction | Android restrictions based on platform, platform operating system version, and device ownership |
| macOSRestriction | deviceEnrollmentPlatformRestriction | Mac restrictions based on platform, platform operating system version, and device ownership |
deviceEnrollmentWindowsHelloForBusinessConfiguration
| Property | Type | Description |
|---|---|---|
| id | String | Unique Identifier for the account Inherited from deviceEnrollmentConfiguration |
| displayName | String | The display name of the device enrollment configuration Inherited from deviceEnrollmentConfiguration |
| description | String | The description of the device enrollment configuration Inherited from deviceEnrollmentConfiguration |
| priority | Int32 | Priority is used when a user exists in multiple groups that are assigned enrollment configuration. Users are subject only to the configuration with the lowest priority value. Inherited from deviceEnrollmentConfiguration |
| createdDateTime | DateTimeOffset | Created date time in UTC of the device enrollment configuration Inherited from deviceEnrollmentConfiguration |
| lastModifiedDateTime | DateTimeOffset | Last modified date time in UTC of the device enrollment configuration Inherited from deviceEnrollmentConfiguration |
| version | Int32 | The version of the device enrollment configuration Inherited from deviceEnrollmentConfiguration |
| pinMinimumLength | Int32 | Controls the minimum number of characters required for the Windows Hello for Business PIN. This value must be between 4 and 127, inclusive, and less than or equal to the value set for the maximum PIN. |
| pinMaximumLength | Int32 | Controls the maximum number of characters allowed for the Windows Hello for Business PIN. This value must be between 4 and 127, inclusive. This value must be greater than or equal to the value set for the minimum PIN. |
| pinUppercaseCharactersUsage | windowsHelloForBusinessPinUsage | Controls the ability to use uppercase letters in the Windows Hello for Business PIN. Allowed permits the use of uppercase letter(s), whereas Required ensures they are present. If set to Not Allowed, uppercase letters will not be permitted. Possible values are: allowed, required, disallowed. |
| pinLowercaseCharactersUsage | windowsHelloForBusinessPinUsage | Controls the ability to use lowercase letters in the Windows Hello for Business PIN. Allowed permits the use of lowercase letter(s), whereas Required ensures they are present. If set to Not Allowed, lowercase letters will not be permitted. Possible values are: allowed, required, disallowed. |
| pinSpecialCharactersUsage | windowsHelloForBusinessPinUsage | Controls the ability to use special characters in the Windows Hello for Business PIN. Allowed permits the use of special character(s), whereas Required ensures they are present. If set to Not Allowed, special character(s) will not be permitted. Possible values are: allowed, required, disallowed. |
| state | enablement | Controls whether to allow the device to be configured for Windows Hello for Business. If set to disabled, the user cannot provision Windows Hello for Business except on Azure Active Directory joined mobile phones if otherwise required. If set to Not Configured, Intune will not override client defaults. Possible values are: notConfigured, enabled, disabled. |
| securityDeviceRequired | Boolean | Controls whether to require a Trusted Platform Module (TPM) for provisioning Windows Hello for Business. A TPM provides an additional security benefit in that data stored on it cannot be used on other devices. If set to False, all devices can provision Windows Hello for Business even if there is not a usable TPM. |
| unlockWithBiometricsEnabled | Boolean | Controls the use of biometric gestures, such as face and fingerprint, as an alternative to the Windows Hello for Business PIN. If set to False, biometric gestures are not allowed. Users must still configure a PIN as a backup in case of failures. |
| remotePassportEnabled | Boolean | Controls the use of Remote Windows Hello for Business. Remote Windows Hello for Business provides the ability for a portable, registered device to be usable as a companion for desktop authentication. The desktop must be Azure AD joined and the companion device must have a Windows Hello for Business PIN. |
| pinPreviousBlockCount | Int32 | Controls the ability to prevent users from using past PINs. This must be set between 0 and 50, inclusive, and the current PIN of the user is included in that count. If set to 0, previous PINs are not stored. PIN history is not preserved through a PIN reset. |
| pinExpirationInDays | Int32 | Controls the period of time (in days) that a PIN can be used before the system requires the user to change it. This must be set between 0 and 730, inclusive. If set to 0, the user's PIN will never expire |
| enhancedBiometricsState | enablement | Controls the ability to use the anti-spoofing features for facial recognition on devices which support it. If set to disabled, anti-spoofing features are not allowed. If set to Not Configured, the user can choose whether they want to use anti-spoofing. Possible values are: notConfigured, enabled, disabled. |
deviceManagement
| Property | Type | Description |
|---|---|---|
| id | String | Unique identifier for this entity |
| intuneBrand | intuneBrand | intuneBrand contains data which is used in customizing the appearance of the Company Portal applications as well as the end user web portal. |
deviceManagementExchangeConnector
| Property | Type | Description |
|---|---|---|
| id | String | Not yet documented |
| lastSyncDateTime | DateTimeOffset | Last sync time for the Exchange Connector |
| status | deviceManagementExchangeConnectorStatus | Exchange Connector Status. Possible values are: none, connectionPending, connected, disconnected. |
| primarySmtpAddress | String | Email address used to configure the Service To Service Exchange Connector. |
| serverName | String | The name of the Exchange server. |
| connectorServerName | String | The name of the server hosting the Exchange Connector. |
| exchangeConnectorType | deviceManagementExchangeConnectorType | The type of Exchange Connector Configured. Possible values are: onPremises, hosted, serviceToService, dedicated. |
| version | String | The version of the ExchangeConnectorAgent |
| exchangeAlias | String | An alias assigned to the Exchange server |
| exchangeOrganization | String | Exchange Organization to the Exchange server |
deviceManagementExchangeOnPremisesPolicy
| Property | Type | Description |
|---|---|---|
| id | String | Not yet documented |
| notificationContent | Binary | Notification text that will be sent to users quarantined by this policy. This is UTF8 encoded byte array HTML. |
| defaultAccessLevel | deviceManagementExchangeAccessLevel | Default access state in Exchange. This rule applies globally to the entire Exchange organization. Possible values are: none, allow, block, quarantine. |
| accessRules | deviceManagementExchangeAccessRule collection | The list of device access rules in Exchange. The access rules apply globally to the entire Exchange organization |
| knownDeviceClasses | deviceManagementExchangeDeviceClass collection | The list of device classes known to Exchange |
deviceManagementPartner
| Property | Type | Description |
|---|---|---|
| id | String | Id of the entity |
| lastHeartbeatDateTime | DateTimeOffset | Timestamp of last heartbeat after admin enabled option Connect to Device management Partner |
| partnerState | deviceManagementPartnerTenantState | Partner state of this tenant. Possible values are: unknown, unavailable, enabled, terminated, rejected, unresponsive. |
| partnerAppType | deviceManagementPartnerAppType | Partner App type. Possible values are: unknown, singleTenantApp, multiTenantApp. |
| singleTenantAppId | String | Partner Single tenant App id |
| displayName | String | Partner display name |
| isConfigured | Boolean | Whether device management partner is configured or not |
| whenPartnerDevicesWillBeRemovedDateTime | DateTimeOffset | DateTime in UTC when PartnerDevices will be removed |
| whenPartnerDevicesWillBeMarkedAsNonCompliantDateTime | DateTimeOffset | DateTime in UTC when PartnerDevices will be marked as NonCompliant |
enrollmentConfigurationAssignment
| Property | Type | Description |
|---|---|---|
| id | String | Key of the enrollment configuration assignment |
| target | deviceAndAppManagementAssignmentTarget | Represents an assignment to managed devices in the tenant |
mobileThreatDefenseConnector
| Property | Type | Description |
|---|---|---|
| id | String | Not yet documented |
| lastHeartbeatDateTime | DateTimeOffset | DateTime of last Heartbeat recieved from the Data Sync Partner |
| partnerState | mobileThreatPartnerTenantState | Data Sync Partner state for this account. Possible values are: unavailable, available, enabled, unresponsive. |
| androidEnabled | Boolean | For Android, set whether data from the data sync partner should be used during compliance evaluations |
| iosEnabled | Boolean | For IOS, get or set whether data from the data sync partner should be used during compliance evaluations |
| androidDeviceBlockedOnMissingPartnerData | Boolean | For Android, set whether Intune must receive data from the data sync partner prior to marking a device compliant |
| iosDeviceBlockedOnMissingPartnerData | Boolean | For IOS, set whether Intune must receive data from the data sync partner prior to marking a device compliant |
| partnerUnsupportedOsVersionBlocked | Boolean | Get or set whether to block devices on the enabled platforms that do not meet the minimum version requirements of the Data Sync Partner |
| partnerUnresponsivenessThresholdInDays | Int32 | Get or Set days the per tenant tolerance to unresponsiveness for this partner integration |
onPremisesConditionalAccessSettings
| Property | Type | Description |
|---|---|---|
| id | String | Not yet documented |
| enabled | Boolean | Indicates if on premises conditional access is enabled for this organization |
| includedGroups | Guid collection | User groups that will be targeted by on premises conditional access. All users in these groups will be required to have mobile device managed and compliant for mail access. |
| excludedGroups | Guid collection | User groups that will be exempt by on premises conditional access. All users in these groups will be exempt from the conditional access policy. |
| overrideDefaultRule | Boolean | Override the default access rule when allowing a device to ensure access is granted. |
organization
| Property | Type | Description |
|---|---|---|
| id | String | The GUID for the object. |
| mobileDeviceManagementAuthority | mdmAuthority | Mobile device management authority. Possible values are: unknown, intune, sccm, office365. |
sideLoadingKey
| Property | Type | Description |
|---|---|---|
| id | String | Side Loading Key Unique Id. |
| value | String | Side Loading Key Value, it is 5x5 value, seperated by hiphens. |
| displayName | String | Side Loading Key Name displayed to the ITPro Admins. |
| description | String | Side Loading Key description displayed to the ITPro Admins.. |
| totalActivation | Int32 | Side Loading Key Total Activation displayed to the ITPro Admins. |
| lastUpdatedDateTime | String | Side Loading Key Last Updated Date displayed to the ITPro Admins. |
user
| Property | Type | Description |
|---|---|---|
| id | String | Unique identifier of the user. |
| deviceEnrollmentLimit | Int32 | The limit on the maximum number of devices that the user is permitted to enroll. Allowed values are 5 or 1000. |
vppToken
| Property | Type | Description |
|---|---|---|
| id | String | This is automatically generated when the appleVolumePurchaseProgramToken is created. It is the Key of the entity. |
| organizationName | String | The organization associated with the Apple Volume Purchase Program Token |
| vppTokenAccountType | vppTokenAccountType | The type of volume purchase program which the given Apple Volume Purchase Program Token is associated with. Possible values are: business, education. Possible values are: business, education. |
| appleId | String | The apple Id associated with the given Apple Volume Purchase Program Token. |
| expirationDateTime | DateTimeOffset | The expiration date time of the Apple Volume Purchase Program Token. |
| lastSyncDateTime | DateTimeOffset | The last time when an application sync was done with the Apple volume purchase program service using the the Apple Volume Purchase Program Token. |
| token | String | The Apple Volume Purchase Program Token string downloaded from the Apple Volume Purchase Program. |
| lastModifiedDateTime | DateTimeOffset | Last modification date time associated with the Apple Volume Purchase Program Token. |
| state | vppTokenState | Current state of the Apple Volume Purchase Program Token. Possible values are: unknown, valid, expired, invalid, assignedToExternalMDM. Possible values are: unknown, valid, expired, invalid, assignedToExternalMDM. |
| lastSyncStatus | vppTokenSyncStatus | Current sync status of the last application sync which was triggered using the Apple Volume Purchase Program Token. Possible values are: none, inProgress, completed, failed. Possible values are: none, inProgress, completed, failed. |
| automaticallyUpdateApps | Boolean | Whether or not apps for the VPP token will be automatically updated. |
| countryOrRegion | String | Whether or not apps for the VPP token will be automatically updated. |
windows10EnrollmentCompletionPageConfiguration
| Property | Type | Description |
|---|---|---|
| id | String | Unique Identifier for the account Inherited from deviceEnrollmentConfiguration |
| displayName | String | The display name of the device enrollment configuration Inherited from deviceEnrollmentConfiguration |
| description | String | The description of the device enrollment configuration Inherited from deviceEnrollmentConfiguration |
| priority | Int32 | Priority is used when a user exists in multiple groups that are assigned enrollment configuration. Users are subject only to the configuration with the lowest priority value. Inherited from deviceEnrollmentConfiguration |
| createdDateTime | DateTimeOffset | Created date time in UTC of the device enrollment configuration Inherited from deviceEnrollmentConfiguration |
| lastModifiedDateTime | DateTimeOffset | Last modified date time in UTC of the device enrollment configuration Inherited from deviceEnrollmentConfiguration |
| version | Int32 | The version of the device enrollment configuration Inherited from deviceEnrollmentConfiguration |
| roleScopeTagIds | String collection | Optional role scope tags for the enrollment restrictions. Inherited from deviceEnrollmentConfiguration |
| deviceEnrollmentConfigurationType | deviceEnrollmentConfigurationType | Support for Enrollment Configuration Type Inherited from deviceEnrollmentConfiguration. Possible values are: unknown, limit, platformRestrictions, windowsHelloForBusiness, defaultLimit, defaultPlatformRestrictions, defaultWindowsHelloForBusiness, defaultWindows10EnrollmentCompletionPageConfiguration, windows10EnrollmentCompletionPageConfiguration, deviceComanagementAuthorityConfiguration, singlePlatformRestriction, unknownFutureValue, enrollmentNotificationsConfiguration. |
| showInstallationProgress | Boolean | Show or hide installation progress to user |
| blockDeviceSetupRetryByUser | Boolean | Allow the user to retry the setup on installation failure |
| allowDeviceResetOnInstallFailure | Boolean | Allow or block device reset on installation failure |
| allowLogCollectionOnInstallFailure | Boolean | Allow or block log collection on installation failure |
| customErrorMessage | String | Set custom error message to show upon installation failure |
| installProgressTimeoutInMinutes | Int32 | Set installation progress timeout in minutes |
| allowDeviceUseOnInstallFailure | Boolean | Allow the user to continue using the device on installation failure |
| selectedMobileAppIds | String collection | Selected applications to track the installation status |
| allowNonBlockingAppInstallation | Boolean | Install all required apps as non blocking apps during white glove |
| installQualityUpdates | Boolean | Allows quality updates installation during OOBE |
| trackInstallProgressForAutopilotOnly | Boolean | Only show installation progress for Autopilot enrollment scenarios |
| disableUserStatusTrackingAfterFirstUser | Boolean | Only show installation progress for first user post enrollment |
hasPayloadLinkResultItem
| Property | Type | Description |
|---|---|---|
| payloadId | String | Key of the Payload, In the format of Guid. |
| hasLink | Boolean | Indicate whether a payload has any link or not. |
| error | String | Exception information indicates if check for this item was successful or not.Empty string for no error. |
| sources | deviceAndAppManagementAssignmentSource collection | The reason where the link comes from. |
deviceManagementResourceAccessProfileAssignment
| Property | Type | Description |
|---|---|---|
| id | String | Unique identifier for the Assignments |
| intent | deviceManagementResourceAccessProfileIntent | The assignment intent for the resource access profile. Possible values are: apply, remove. |
| target | deviceAndAppManagementAssignmentTarget | The assignment target for the resource access profile. |
| sourceId | String | The identifier of the source of the assignment. |
deviceManagementResourceAccessProfileBase
| Property | Type | Description |
|---|---|---|
| id | String | Profile identifier |
| version | Int32 | Version of the profile |
| displayName | String | Profile display name |
| description | String | Profile description |
| creationDateTime | DateTimeOffset | DateTime profile was created |
| lastModifiedDateTime | DateTimeOffset | DateTime profile was last modified |
| roleScopeTagIds | String collection | Scope Tags |
windows10XCertificateProfile
| Property | Type | Description |
|---|---|---|
| id | String | Profile identifier Inherited from deviceManagementResourceAccessProfileBase |
| version | Int32 | Version of the profile Inherited from deviceManagementResourceAccessProfileBase |
| displayName | String | Profile display name Inherited from deviceManagementResourceAccessProfileBase |
| description | String | Profile description Inherited from deviceManagementResourceAccessProfileBase |
| creationDateTime | DateTimeOffset | DateTime profile was created Inherited from deviceManagementResourceAccessProfileBase |
| lastModifiedDateTime | DateTimeOffset | DateTime profile was last modified Inherited from deviceManagementResourceAccessProfileBase |
| roleScopeTagIds | String collection | Scope Tags Inherited from deviceManagementResourceAccessProfileBase |
windows10XSCEPCertificateProfile
| Property | Type | Description |
|---|---|---|
| id | String | Profile identifier Inherited from deviceManagementResourceAccessProfileBase |
| version | Int32 | Version of the profile Inherited from deviceManagementResourceAccessProfileBase |
| displayName | String | Profile display name Inherited from deviceManagementResourceAccessProfileBase |
| description | String | Profile description Inherited from deviceManagementResourceAccessProfileBase |
| creationDateTime | DateTimeOffset | DateTime profile was created Inherited from deviceManagementResourceAccessProfileBase |
| lastModifiedDateTime | DateTimeOffset | DateTime profile was last modified Inherited from deviceManagementResourceAccessProfileBase |
| roleScopeTagIds | String collection | Scope Tags Inherited from deviceManagementResourceAccessProfileBase |
| certificateStore | certificateStore | Target store certificate. Possible values are: user, machine. |
| certificateValidityPeriodScale | certificateValidityPeriodScale | Scale for the Certificate Validity Period. Possible values are: days, months, years. |
| certificateValidityPeriodValue | Int32 | Value for the Certificate Validity Period |
| extendedKeyUsages | extendedKeyUsage collection | Extended Key Usage (EKU) settings. |
| hashAlgorithm | hashAlgorithms collection | SCEP Hash Algorithm. |
| keySize | keySize | SCEP Key Size. Possible values are: size1024, size2048, size4096. |
| keyStorageProvider | keyStorageProviderOption | Key Storage Provider (KSP). Possible values are: useTpmKspOtherwiseUseSoftwareKsp, useTpmKspOtherwiseFail, usePassportForWorkKspOtherwiseFail, useSoftwareKsp. |
| keyUsage | keyUsages | SCEP Key Usage. Possible values are: keyEncipherment, digitalSignature. |
| renewalThresholdPercentage | Int32 | Certificate renewal threshold percentage |
| rootCertificateId | Guid | Trusted Root Certificate ID |
| scepServerUrls | String collection | SCEP Server Url(s). |
| subjectAlternativeNameFormats | windows10XCustomSubjectAlternativeName collection | Custom AAD Attributes. |
| subjectNameFormatString | String | Custom format to use with SubjectNameFormat = Custom. Example: CN={{EmailAddress}},E={{EmailAddress}},OU=Enterprise Users,O=Contoso Corporation,L=Redmond,ST=WA,C=US |
windows10XTrustedRootCertificate
| Property | Type | Description |
|---|---|---|
| id | String | Profile identifier Inherited from deviceManagementResourceAccessProfileBase |
| version | Int32 | Version of the profile Inherited from deviceManagementResourceAccessProfileBase |
| displayName | String | Profile display name Inherited from deviceManagementResourceAccessProfileBase |
| description | String | Profile description Inherited from deviceManagementResourceAccessProfileBase |
| creationDateTime | DateTimeOffset | DateTime profile was created Inherited from deviceManagementResourceAccessProfileBase |
| lastModifiedDateTime | DateTimeOffset | DateTime profile was last modified Inherited from deviceManagementResourceAccessProfileBase |
| roleScopeTagIds | String collection | Scope Tags Inherited from deviceManagementResourceAccessProfileBase |
| trustedRootCertificate | Binary | Trusted Root Certificate |
| certFileName | String | File name to display in UI. |
| destinationStore | certificateDestinationStore | Destination store location for the Trusted Root Certificate. Possible values are: computerCertStoreRoot, computerCertStoreIntermediate, userCertStoreIntermediate. |
windows10XVpnConfiguration
| Property | Type | Description |
|---|---|---|
| id | String | Profile identifier Inherited from deviceManagementResourceAccessProfileBase |
| version | Int32 | Version of the profile Inherited from deviceManagementResourceAccessProfileBase |
| displayName | String | Profile display name Inherited from deviceManagementResourceAccessProfileBase |
| description | String | Profile description Inherited from deviceManagementResourceAccessProfileBase |
| creationDateTime | DateTimeOffset | DateTime profile was created Inherited from deviceManagementResourceAccessProfileBase |
| lastModifiedDateTime | DateTimeOffset | DateTime profile was last modified Inherited from deviceManagementResourceAccessProfileBase |
| roleScopeTagIds | String collection | Scope Tags Inherited from deviceManagementResourceAccessProfileBase |
| authenticationCertificateId | Guid | ID to the Authentication Certificate |
| customXmlFileName | String | Custom Xml file name. |
| customXml | Binary | Custom XML commands that configures the VPN connection. (UTF8 byte encoding) |
windows10XWifiConfiguration
| Property | Type | Description |
|---|---|---|
| id | String | Profile identifier Inherited from deviceManagementResourceAccessProfileBase |
| version | Int32 | Version of the profile Inherited from deviceManagementResourceAccessProfileBase |
| displayName | String | Profile display name Inherited from deviceManagementResourceAccessProfileBase |
| description | String | Profile description Inherited from deviceManagementResourceAccessProfileBase |
| creationDateTime | DateTimeOffset | DateTime profile was created Inherited from deviceManagementResourceAccessProfileBase |
| lastModifiedDateTime | DateTimeOffset | DateTime profile was last modified Inherited from deviceManagementResourceAccessProfileBase |
| roleScopeTagIds | String collection | Scope Tags Inherited from deviceManagementResourceAccessProfileBase |
| authenticationCertificateId | Guid | ID to the Authentication Certificate |
| customXmlFileName | String | Custom Xml file name. |
| customXml | Binary | Custom XML commands that configures the VPN connection. (UTF8 byte encoding) |
intune-remoteassistance-allowedremoteassistanceactions
createRemoteHelpSessionResponse
| Property | Type | Description |
|---|---|---|
| sessionKey | String | The unique identifier for a session |
| sessionType | allowedRemoteAssistanceActions | Remote Help Session Type. Possible values are: viewScreen, takeFullControl, elevation, unattended, unknownFutureValue. |
deviceManagement
| Property | Type | Description |
|---|---|---|
| id | String | Not yet documented |
deviceManagementReports
| Property | Type | Description |
|---|---|---|
| id | String | The key of the entity |
remoteAssistancePartner
| Property | Type | Description |
|---|---|---|
| id | String | Unique identifier of the partner. |
| displayName | String | Display name of the partner. |
| onboardingUrl | String | URL of the partner's onboarding portal, where an administrator can configure their Remote Assistance service. |
| onboardingStatus | remoteAssistanceOnboardingStatus | A friendly description of the current TeamViewer connector status. Possible values are: notOnboarded, onboarding, onboarded. |
| lastConnectionDateTime | DateTimeOffset | Timestamp of the last request sent to Intune by the TEM partner. |
remoteAssistanceReporting
| Property | Type | Description |
|---|---|---|
| id | String | The unique identifier for a session and for each sessions's reporting payload |
| startDateTime | DateTimeOffset | Start time for the session |
| endDateTime | DateTimeOffset | End time for the session |
| remoteAssistanceSessionType | remoteAssistanceSessionType | Type of the remote assistance session that was held. Possible values are: viewOnly, fullControl, elevation. Possible values are: viewOnly, fullControl, elevation, unattended. |
| helperEmail | String | Login email used by the helper to establish the session |
| helperTenantId | String | Tenant id for the helper |
| helperFirstName | String | Helper's first name |
| helperLastName | String | Helper's last name |
| helperOs | String | Helper's operating system |
| helperDeviceAadId | String | Helper's device AAD Id |
| helperDeviceName | String | Helper's device name |
| helperEnrollmentState | enrollmentState | Intune enrollment state of the helper's device. Possible values are: unknown, enrolled, pendingReset, failed, notContacted, blocked. Possible values are: unknown, enrolled, pendingReset, failed, notContacted, blocked. |
| sharerEmail | String | Login email used by the sharer to establish the session |
| sharerTenantId | String | Tenant id for the sharer |
| sharerFirstName | String | Sharer's first name |
| sharerLastName | String | Sharer's last name |
| sharerDeviceAadId | String | Sharer's device AAD Id |
| sharerDeviceName | String | Sharer's device name |
| sharerOs | String | Sharer's operating system |
| sharerEnrollmentState | enrollmentState | Intune enrollment state of the sharer's device. Possible values are: unknown, enrolled, pendingReset, failed, notContacted, blocked. Possible values are: unknown, enrolled, pendingReset, failed, notContacted, blocked. |
| sharerDeviceSerialNumber | String | Sharer device serial number |
remoteAssistanceSettings
| Property | Type | Description |
|---|---|---|
| id | String | The remote assistance settings identifier |
| remoteAssistanceState | remoteAssistanceState | The current state of remote assistance for the account. Possible values are: disabled, enabled. This setting is configurable by the admin. Remote assistance settings that have not yet been configured by the admin have a disabled state. Returned by default. Possible values are: disabled, enabled. |
| allowSessionsToUnenrolledDevices | Boolean | Indicates if sessions to unenrolled devices are allowed for the account. This setting is configurable by the admin. Default value is false. |
| blockChat | Boolean | Indicates if sessions to block chat function. This setting is configurable by the admin. Default value is false. |
requestRemoteHelpSessionAccessResponse
| Property | Type | Description |
|---|---|---|
| sessionKey | String | The unique identifier for a session |
| sessionType | allowedRemoteAssistanceActions | Remote Help Session Type. Possible values are: viewScreen, takeFullControl, elevation, unattended, unknownFutureValue. |
| pubSubEncryptionKey | String | The unique identifier for encrypting client messages sent to PubSub |
| pubSubEncryption | String | AES encryption Initialization Vector for encrypting client messages sent to PubSub |
retrieveRemoteHelpSessionResponse
| Property | Type | Description |
|---|---|---|
| sessionKey | String | The unique identifier for a session |
| acsHelperUserToken | String | Helper ACS User Token |
| acsHelperUserId | String | Helper ACS User Id |
| acsSharerUserId | String | Sharer ACS User Id |
| acsGroupId | String | ACS Group Id |
| sessionType | allowedRemoteAssistanceActions | Remote Help Session Type. Possible values are: viewScreen, takeFullControl, elevation, unattended, unknownFutureValue. |
| deviceName | String | Android Device Name |
| pubSubGroupId | String | Azure Pubsub Group Id |
| pubSubHelperAccessUri | String | Azure Pubsub Group Id |
| sessionExpirationDateTime | DateTimeOffset | Azure Pubsub Session Expiration Date Time. |
deviceEnrollmentConfiguration
| Property | Type | Description |
|---|---|---|
| id | String | Unique Identifier for the account |
| displayName | String | The display name of the device enrollment configuration |
| description | String | The description of the device enrollment configuration |
| priority | Int32 | Priority is used when a user exists in multiple groups that are assigned enrollment configuration. Users are subject only to the configuration with the lowest priority value. |
| createdDateTime | DateTimeOffset | Created date time in UTC of the device enrollment configuration |
| lastModifiedDateTime | DateTimeOffset | Last modified date time in UTC of the device enrollment configuration |
| version | Int32 | The version of the device enrollment configuration |
deviceManagementDerivedCredentialSettings
| Property | Type | Description |
|---|---|---|
| id | String | Unique identifier for the Derived Credential |
user
| Property | Type | Description |
|---|---|---|
| id | String | Unique identifier of the user. |
| Onboarding | ||
| deviceEnrollmentLimit | Int32 | The limit on the maximum number of devices that the user is permitted to enroll. Allowed values are 5 or 1000. |
windowsAutopilotDeploymentProfile
| Property | Type | Description |
|---|---|---|
| id | String | Profile Key |
| displayName | String | Name of the profile |
| description | String | Description of the profile |
| language | String | Language configured on the device |
| createdDateTime | DateTimeOffset | Profile creation time |
| lastModifiedDateTime | DateTimeOffset | Profile last modified time |
| outOfBoxExperienceSettings | outOfBoxExperienceSettings | Out of box experience setting |
| enrollmentStatusScreenSettings | windowsEnrollmentStatusScreenSettings | Enrollment status screen setting |
| extractHardwareHash | Boolean | HardwareHash Extraction for the profile |
| deviceNameTemplate | String | The template used to name the AutoPilot Device. This can be a custom text and can also contain either the serial number of the device, or a randomly generated number. The total length of the text generated by the template can be no more than 15 characters. |
| deviceType | windowsAutopilotDeviceType | The AutoPilot device type that this profile is applicable to. Possible values are: windowsPc, surfaceHub2. |
| enableWhiteGlove | Boolean | Enable Autopilot White Glove for the profile. |
| roleScopeTagIds | String collection | Scope tags for the profile. |
windowsDomainJoinConfiguration
| Property | Type | Description |
|---|---|---|
| id | String | Key of the entity. Inherited from deviceConfiguration |
| Device configuration | ||
| activeDirectoryDomainName | String | Active Directory domain name to join. |
| computerNameStaticPrefix | String | Fixed prefix to be used for computer name. |
| computerNameSuffixRandomCharCount | Int32 | Dynamically generated characters used as suffix for computer name. Valid values 3 to 14 |
| createdDateTime | DateTimeOffset | DateTime the object was created. Inherited from deviceConfiguration |
| description | String | Admin provided description of the Device Configuration. Inherited from deviceConfiguration |
| displayName | String | Admin provided name of the device configuration. Inherited from deviceConfiguration |
| lastModifiedDateTime | DateTimeOffset | DateTime the object was last modified. Inherited from deviceConfiguration |
| organizationalUnit | String | Organizational unit (OU) where the computer account will be created. If this parameter is NULL, the well known computer object container will be used as published in the domain. |
| roleScopeTagIds | String collection | List of Scope Tags for this Entity instance. Inherited from deviceConfiguration |
| supportsScopeTags | Boolean | Indicates whether or not the underlying Device Configuration supports the assignment of scope tags. Assigning to the ScopeTags property is not allowed when this value is false and entities will not be visible to scoped users. This occurs for Legacy policies created in Silverlight and can be resolved by deleting and recreating the policy in the Azure Portal. This property is read-only. Inherited from deviceConfiguration |
| version | Int32 | Version of the device configuration. Inherited from deviceConfiguration |
deviceManagement
| Property | Type | Description |
|---|---|---|
| id | String | Not yet documented |
telecomExpenseManagementPartner
| Property | Type | Description |
|---|---|---|
| id | String | Unique identifier of the TEM partner. |
| displayName | String | Display name of the TEM partner. |
| url | String | URL of the TEM partner's administrative control panel, where an administrator can configure their TEM service. |
| appAuthorized | Boolean | Whether the partner's AAD app has been authorized to access Intune. |
| enabled | Boolean | Whether Intune's connection to the TEM service is currently enabled or disabled. |
| lastConnectionDateTime | DateTimeOffset | Timestamp of the last request sent to Intune by the TEM partner. |