Create androidForWorkGeneralDeviceConfiguration

Important: APIs under the /beta version in Microsoft Graph are in preview and are subject to change. Use of these APIs in production applications is not supported.

Note: Using the Microsoft Graph APIs to configure Intune controls and policies still requires that the Intune service is correctly licensed by the customer.

Create a new androidForWorkGeneralDeviceConfiguration object.

Prerequisites

One of the following permissions is required to call this API. To learn more, including how to choose permissions, see Permissions.

Permission type Permissions (from most to least privileged)
Delegated (work or school account) DeviceManagementConfiguration.ReadWrite.All
Delegated (personal Microsoft account) Not supported.
Application Not supported.

HTTP Request

POST /deviceManagement/deviceConfigurations
POST /deviceManagement/deviceConfigurations/{deviceConfigurationId}/microsoft.graph.windowsDomainJoinConfiguration/networkAccessConfigurations

Request headers

Header Value
Authorization Bearer <token> Required.
Accept application/json

Request body

In the request body, supply a JSON representation for the androidForWorkGeneralDeviceConfiguration object.

The following table shows the properties that are required when you create the androidForWorkGeneralDeviceConfiguration.

Property Type Description
id String Key of the entity. Inherited from deviceConfiguration
lastModifiedDateTime DateTimeOffset DateTime the object was last modified. Inherited from deviceConfiguration
roleScopeTagIds String collection List of Scope Tags for this Entity instance. Inherited from deviceConfiguration
supportsScopeTags Boolean Indicates whether or not the underlying Device Configuration supports the assignment of scope tags. Assigning to the ScopeTags property is not allowed when this value is false and entities will not be visible to scoped users. This occurs for Legacy policies created in Silverlight and can be resolved by deleting and recreating the policy in the Azure Portal. This property is read-only. Inherited from deviceConfiguration
createdDateTime DateTimeOffset DateTime the object was created. Inherited from deviceConfiguration
description String Admin provided description of the Device Configuration. Inherited from deviceConfiguration
displayName String Admin provided name of the device configuration. Inherited from deviceConfiguration
version Int32 Version of the device configuration. Inherited from deviceConfiguration
passwordBlockFingerprintUnlock Boolean Indicates whether or not to block fingerprint unlock.
passwordBlockTrustAgents Boolean Indicates whether or not to block Smart Lock and other trust agents.
passwordExpirationDays Int32 Number of days before the password expires. Valid values 1 to 365
passwordMinimumLength Int32 Minimum length of passwords. Valid values 4 to 16
passwordMinutesOfInactivityBeforeScreenTimeout Int32 Minutes of inactivity before the screen times out.
passwordPreviousPasswordBlockCount Int32 Number of previous passwords to block. Valid values 0 to 24
passwordSignInFailureCountBeforeFactoryReset Int32 Number of sign in failures allowed before factory reset. Valid values 4 to 11
passwordRequiredType androidForWorkRequiredPasswordType Type of password that is required. Possible values are: deviceDefault, lowSecurityBiometric, required, atLeastNumeric, numericComplex, atLeastAlphabetic, atLeastAlphanumeric, alphanumericWithSymbols.
workProfileDataSharingType androidForWorkCrossProfileDataSharingType Type of data sharing that is allowed. Possible values are: deviceDefault, preventAny, allowPersonalToWork, noRestrictions.
workProfileBlockNotificationsWhileDeviceLocked Boolean Indicates whether or not to block notifications while device locked.
workProfileBlockAddingAccounts Boolean Block users from adding/removing accounts in work profile.
workProfileBluetoothEnableContactSharing Boolean Allow bluetooth devices to access enterprise contacts.
workProfileBlockScreenCapture Boolean Block screen capture in work profile.
workProfileBlockCrossProfileCallerId Boolean Block display work profile caller ID in personal profile.
workProfileBlockCamera Boolean Block work profile camera.
workProfileBlockCrossProfileContactsSearch Boolean Block work profile contacts availability in personal profile.
workProfileBlockCrossProfileCopyPaste Boolean Boolean that indicates if the setting disallow cross profile copy/paste is enabled.
workProfileDefaultAppPermissionPolicy androidForWorkDefaultAppPermissionPolicyType Type of password that is required. Possible values are: deviceDefault, prompt, autoGrant, autoDeny.
workProfilePasswordBlockFingerprintUnlock Boolean Indicates whether or not to block fingerprint unlock for work profile.
workProfilePasswordBlockTrustAgents Boolean Indicates whether or not to block Smart Lock and other trust agents for work profile.
workProfilePasswordExpirationDays Int32 Number of days before the work profile password expires. Valid values 1 to 365
workProfilePasswordMinimumLength Int32 Minimum length of work profile password. Valid values 4 to 16
workProfilePasswordMinNumericCharacters Int32 Minimum # of numeric characters required in work profile password. Valid values 1 to 10
workProfilePasswordMinNonLetterCharacters Int32 Minimum # of non-letter characters required in work profile password. Valid values 1 to 10
workProfilePasswordMinLetterCharacters Int32 Minimum # of letter characters required in work profile password. Valid values 1 to 10
workProfilePasswordMinLowerCaseCharacters Int32 Minimum # of lower-case characters required in work profile password. Valid values 1 to 10
workProfilePasswordMinUpperCaseCharacters Int32 Minimum # of upper-case characters required in work profile password. Valid values 1 to 10
workProfilePasswordMinSymbolCharacters Int32 Minimum # of symbols required in work profile password. Valid values 1 to 10
workProfilePasswordMinutesOfInactivityBeforeScreenTimeout Int32 Minutes of inactivity before the screen times out.
workProfilePasswordPreviousPasswordBlockCount Int32 Number of previous work profile passwords to block. Valid values 0 to 24
workProfilePasswordSignInFailureCountBeforeFactoryReset Int32 Number of sign in failures allowed before work profile is removed and all corporate data deleted. Valid values 4 to 11
workProfilePasswordRequiredType androidForWorkRequiredPasswordType Type of work profile password that is required. Possible values are: deviceDefault, lowSecurityBiometric, required, atLeastNumeric, numericComplex, atLeastAlphabetic, atLeastAlphanumeric, alphanumericWithSymbols.
workProfileRequirePassword Boolean Password is required or not for work profile
securityRequireVerifyApps Boolean Require the Android Verify apps feature is turned on.
vpnAlwaysOnPackageIdentifier String Enable lockdown mode for always-on VPN.
vpnEnableAlwaysOnLockdownMode Boolean Enable lockdown mode for always-on VPN.

Response

If successful, this method returns a 201 Created response code and a androidForWorkGeneralDeviceConfiguration object in the response body.

Example

Request

Here is an example of the request.

POST https://graph.microsoft.com/beta/deviceManagement/deviceConfigurations
Content-type: application/json
Content-length: 2102

{
  "@odata.type": "#microsoft.graph.androidForWorkGeneralDeviceConfiguration",
  "lastModifiedDateTime": "2017-01-01T00:00:35.1329464-08:00",
  "roleScopeTagIds": [
    "Role Scope Tag Ids value"
  ],
  "supportsScopeTags": true,
  "description": "Description value",
  "displayName": "Display Name value",
  "version": 7,
  "passwordBlockFingerprintUnlock": true,
  "passwordBlockTrustAgents": true,
  "passwordExpirationDays": 6,
  "passwordMinimumLength": 5,
  "passwordMinutesOfInactivityBeforeScreenTimeout": 14,
  "passwordPreviousPasswordBlockCount": 2,
  "passwordSignInFailureCountBeforeFactoryReset": 12,
  "passwordRequiredType": "lowSecurityBiometric",
  "workProfileDataSharingType": "preventAny",
  "workProfileBlockNotificationsWhileDeviceLocked": true,
  "workProfileBlockAddingAccounts": true,
  "workProfileBluetoothEnableContactSharing": true,
  "workProfileBlockScreenCapture": true,
  "workProfileBlockCrossProfileCallerId": true,
  "workProfileBlockCamera": true,
  "workProfileBlockCrossProfileContactsSearch": true,
  "workProfileBlockCrossProfileCopyPaste": true,
  "workProfileDefaultAppPermissionPolicy": "prompt",
  "workProfilePasswordBlockFingerprintUnlock": true,
  "workProfilePasswordBlockTrustAgents": true,
  "workProfilePasswordExpirationDays": 1,
  "workProfilePasswordMinimumLength": 0,
  "workProfilePasswordMinNumericCharacters": 7,
  "workProfilePasswordMinNonLetterCharacters": 9,
  "workProfilePasswordMinLetterCharacters": 6,
  "workProfilePasswordMinLowerCaseCharacters": 9,
  "workProfilePasswordMinUpperCaseCharacters": 9,
  "workProfilePasswordMinSymbolCharacters": 6,
  "workProfilePasswordMinutesOfInactivityBeforeScreenTimeout": 9,
  "workProfilePasswordPreviousPasswordBlockCount": 13,
  "workProfilePasswordSignInFailureCountBeforeFactoryReset": 7,
  "workProfilePasswordRequiredType": "lowSecurityBiometric",
  "workProfileRequirePassword": true,
  "securityRequireVerifyApps": true,
  "vpnAlwaysOnPackageIdentifier": "Vpn Always On Package Identifier value",
  "vpnEnableAlwaysOnLockdownMode": true
}

Response

Here is an example of the response. Note: The response object shown here may be truncated for brevity. All of the properties will be returned from an actual call.

HTTP/1.1 201 Created
Content-Type: application/json
Content-Length: 2210

{
  "@odata.type": "#microsoft.graph.androidForWorkGeneralDeviceConfiguration",
  "id": "a931a366-a366-a931-66a3-31a966a331a9",
  "lastModifiedDateTime": "2017-01-01T00:00:35.1329464-08:00",
  "roleScopeTagIds": [
    "Role Scope Tag Ids value"
  ],
  "supportsScopeTags": true,
  "createdDateTime": "2017-01-01T00:02:43.5775965-08:00",
  "description": "Description value",
  "displayName": "Display Name value",
  "version": 7,
  "passwordBlockFingerprintUnlock": true,
  "passwordBlockTrustAgents": true,
  "passwordExpirationDays": 6,
  "passwordMinimumLength": 5,
  "passwordMinutesOfInactivityBeforeScreenTimeout": 14,
  "passwordPreviousPasswordBlockCount": 2,
  "passwordSignInFailureCountBeforeFactoryReset": 12,
  "passwordRequiredType": "lowSecurityBiometric",
  "workProfileDataSharingType": "preventAny",
  "workProfileBlockNotificationsWhileDeviceLocked": true,
  "workProfileBlockAddingAccounts": true,
  "workProfileBluetoothEnableContactSharing": true,
  "workProfileBlockScreenCapture": true,
  "workProfileBlockCrossProfileCallerId": true,
  "workProfileBlockCamera": true,
  "workProfileBlockCrossProfileContactsSearch": true,
  "workProfileBlockCrossProfileCopyPaste": true,
  "workProfileDefaultAppPermissionPolicy": "prompt",
  "workProfilePasswordBlockFingerprintUnlock": true,
  "workProfilePasswordBlockTrustAgents": true,
  "workProfilePasswordExpirationDays": 1,
  "workProfilePasswordMinimumLength": 0,
  "workProfilePasswordMinNumericCharacters": 7,
  "workProfilePasswordMinNonLetterCharacters": 9,
  "workProfilePasswordMinLetterCharacters": 6,
  "workProfilePasswordMinLowerCaseCharacters": 9,
  "workProfilePasswordMinUpperCaseCharacters": 9,
  "workProfilePasswordMinSymbolCharacters": 6,
  "workProfilePasswordMinutesOfInactivityBeforeScreenTimeout": 9,
  "workProfilePasswordPreviousPasswordBlockCount": 13,
  "workProfilePasswordSignInFailureCountBeforeFactoryReset": 7,
  "workProfilePasswordRequiredType": "lowSecurityBiometric",
  "workProfileRequirePassword": true,
  "securityRequireVerifyApps": true,
  "vpnAlwaysOnPackageIdentifier": "Vpn Always On Package Identifier value",
  "vpnEnableAlwaysOnLockdownMode": true
}