Create macOSGeneralDeviceConfiguration

Important: APIs under the /beta version in Microsoft Graph are in preview and are subject to change. Use of these APIs in production applications is not supported.

Note: Using the Microsoft Graph APIs to configure Intune controls and policies still requires that the Intune service is correctly licensed by the customer.

Create a new macOSGeneralDeviceConfiguration object.

Prerequisites

One of the following permissions is required to call this API. To learn more, including how to choose permissions, see Permissions.

Permission type Permissions (from most to least privileged)
Delegated (work or school account) DeviceManagementConfiguration.ReadWrite.All
Delegated (personal Microsoft account) Not supported.
Application Not supported.

HTTP Request

POST /deviceManagement/deviceConfigurations
POST /deviceManagement/deviceConfigurations/{deviceConfigurationId}/microsoft.graph.windowsDomainJoinConfiguration/networkAccessConfigurations

Request headers

Header Value
Authorization Bearer <token> Required.
Accept application/json

Request body

In the request body, supply a JSON representation for the macOSGeneralDeviceConfiguration object.

The following table shows the properties that are required when you create the macOSGeneralDeviceConfiguration.

Property Type Description
id String Key of the entity. Inherited from deviceConfiguration
lastModifiedDateTime DateTimeOffset DateTime the object was last modified. Inherited from deviceConfiguration
roleScopeTagIds String collection List of Scope Tags for this Entity instance. Inherited from deviceConfiguration
supportsScopeTags Boolean Indicates whether or not the underlying Device Configuration supports the assignment of scope tags. Assigning to the ScopeTags property is not allowed when this value is false and entities will not be visible to scoped users. This occurs for Legacy policies created in Silverlight and can be resolved by deleting and recreating the policy in the Azure Portal. This property is read-only. Inherited from deviceConfiguration
createdDateTime DateTimeOffset DateTime the object was created. Inherited from deviceConfiguration
description String Admin provided description of the Device Configuration. Inherited from deviceConfiguration
displayName String Admin provided name of the device configuration. Inherited from deviceConfiguration
version Int32 Version of the device configuration. Inherited from deviceConfiguration
compliantAppsList appListItem collection List of apps in the compliance (either allow list or block list, controlled by CompliantAppListType). This collection can contain a maximum of 10000 elements.
compliantAppListType appListType List that is in the CompliantAppsList. Possible values are: none, appsInListCompliant, appsNotInListCompliant.
emailInDomainSuffixes String collection An email address lacking a suffix that matches any of these strings will be considered out-of-domain.
passwordBlockSimple Boolean Block simple passwords.
passwordExpirationDays Int32 Number of days before the password expires.
passwordMinimumCharacterSetCount Int32 Number of character sets a password must contain. Valid values 0 to 4
passwordMinimumLength Int32 Minimum length of passwords.
passwordMinutesOfInactivityBeforeLock Int32 Minutes of inactivity required before a password is required.
passwordMinutesOfInactivityBeforeScreenTimeout Int32 Minutes of inactivity required before the screen times out.
passwordPreviousPasswordBlockCount Int32 Number of previous passwords to block.
passwordRequiredType requiredPasswordType Type of password that is required. Possible values are: deviceDefault, alphanumeric, numeric.
passwordRequired Boolean Whether or not to require a password.
keychainBlockCloudSync Boolean Indicates whether or not iCloud keychain synchronization is blocked (macOS 10.12 and later).
airPrintBlocked Boolean Indicates whether or not AirPrint is blocked (macOS 10.12 and later).
airPrintForceTrustedTLS Boolean Indicates if trusted certificates are required for TLS printing communication (macOS 10.13 and later).
airPrintBlockiBeaconDiscovery Boolean Indicates whether or not iBeacon discovery of AirPrint printers is blocked. This prevents spurious AirPrint Bluetooth beacons from phishing for network traffic (macOS 10.3 and later).
safariBlockAutofill Boolean Indicates whether or not to block the user from using Auto fill in Safari.
cameraBlocked Boolean Indicates whether or not to block the user from accessing the camera of the device.
iTunesBlockMusicService Boolean Indicates whether or not to block Music service and revert Music app to classic mode.
spotlightBlockInternetResults Boolean Indicates whether or not to block Spotlight from returning any results from an Internet search.
keyboardBlockDictation Boolean Indicates whether or not to block the user from using dictation input.
definitionLookupBlocked Boolean Indicates whether or not to block definition lookup.
appleWatchBlockAutoUnlock Boolean Indicates whether or to block users from unlocking their Mac with Apple Watch.
iTunesBlockFileSharing Boolean Indicates whether or not to block files from being transferred using iTunes.
iCloudBlockDocumentSync Boolean Indicates whether or not to block iCloud document sync.
iCloudBlockMail Boolean Indicates whether or not to block iCloud from syncing mail.
iCloudBlockAddressBook Boolean Indicates whether or not to block iCloud from syncing contacts.
iCloudBlockCalendar Boolean Indicates whether or not to block iCloud from syncing calendars.
iCloudBlockReminders Boolean Indicates whether or not to block iCloud from syncing reminders.
iCloudBlockBookmarks Boolean Indicates whether or not to block iCloud from syncing bookmarks.
iCloudBlockNotes Boolean Indicates whether or not to block iCloud from syncing notes.
airDropBlocked Boolean Indicates whether or not to allow AirDrop.
passwordBlockModification Boolean Indicates whether or not to allow passcode modification.
passwordBlockFingerprintUnlock Boolean Indicates whether or not to block fingerprint unlock.

Response

If successful, this method returns a 201 Created response code and a macOSGeneralDeviceConfiguration object in the response body.

Example

Request

Here is an example of the request.

POST https://graph.microsoft.com/beta/deviceManagement/deviceConfigurations
Content-type: application/json
Content-length: 1817

{
  "@odata.type": "#microsoft.graph.macOSGeneralDeviceConfiguration",
  "lastModifiedDateTime": "2017-01-01T00:00:35.1329464-08:00",
  "roleScopeTagIds": [
    "Role Scope Tag Ids value"
  ],
  "supportsScopeTags": true,
  "description": "Description value",
  "displayName": "Display Name value",
  "version": 7,
  "compliantAppsList": [
    {
      "@odata.type": "microsoft.graph.appListItem",
      "name": "Name value",
      "publisher": "Publisher value",
      "appStoreUrl": "https://example.com/appStoreUrl/",
      "appId": "App Id value"
    }
  ],
  "compliantAppListType": "appsInListCompliant",
  "emailInDomainSuffixes": [
    "Email In Domain Suffixes value"
  ],
  "passwordBlockSimple": true,
  "passwordExpirationDays": 6,
  "passwordMinimumCharacterSetCount": 0,
  "passwordMinimumLength": 5,
  "passwordMinutesOfInactivityBeforeLock": 5,
  "passwordMinutesOfInactivityBeforeScreenTimeout": 14,
  "passwordPreviousPasswordBlockCount": 2,
  "passwordRequiredType": "alphanumeric",
  "passwordRequired": true,
  "keychainBlockCloudSync": true,
  "airPrintBlocked": true,
  "airPrintForceTrustedTLS": true,
  "airPrintBlockiBeaconDiscovery": true,
  "safariBlockAutofill": true,
  "cameraBlocked": true,
  "iTunesBlockMusicService": true,
  "spotlightBlockInternetResults": true,
  "keyboardBlockDictation": true,
  "definitionLookupBlocked": true,
  "appleWatchBlockAutoUnlock": true,
  "iTunesBlockFileSharing": true,
  "iCloudBlockDocumentSync": true,
  "iCloudBlockMail": true,
  "iCloudBlockAddressBook": true,
  "iCloudBlockCalendar": true,
  "iCloudBlockReminders": true,
  "iCloudBlockBookmarks": true,
  "iCloudBlockNotes": true,
  "airDropBlocked": true,
  "passwordBlockModification": true,
  "passwordBlockFingerprintUnlock": true
}

Response

Here is an example of the response. Note: The response object shown here may be truncated for brevity. All of the properties will be returned from an actual call.

HTTP/1.1 201 Created
Content-Type: application/json
Content-Length: 1925

{
  "@odata.type": "#microsoft.graph.macOSGeneralDeviceConfiguration",
  "id": "dc356aee-6aee-dc35-ee6a-35dcee6a35dc",
  "lastModifiedDateTime": "2017-01-01T00:00:35.1329464-08:00",
  "roleScopeTagIds": [
    "Role Scope Tag Ids value"
  ],
  "supportsScopeTags": true,
  "createdDateTime": "2017-01-01T00:02:43.5775965-08:00",
  "description": "Description value",
  "displayName": "Display Name value",
  "version": 7,
  "compliantAppsList": [
    {
      "@odata.type": "microsoft.graph.appListItem",
      "name": "Name value",
      "publisher": "Publisher value",
      "appStoreUrl": "https://example.com/appStoreUrl/",
      "appId": "App Id value"
    }
  ],
  "compliantAppListType": "appsInListCompliant",
  "emailInDomainSuffixes": [
    "Email In Domain Suffixes value"
  ],
  "passwordBlockSimple": true,
  "passwordExpirationDays": 6,
  "passwordMinimumCharacterSetCount": 0,
  "passwordMinimumLength": 5,
  "passwordMinutesOfInactivityBeforeLock": 5,
  "passwordMinutesOfInactivityBeforeScreenTimeout": 14,
  "passwordPreviousPasswordBlockCount": 2,
  "passwordRequiredType": "alphanumeric",
  "passwordRequired": true,
  "keychainBlockCloudSync": true,
  "airPrintBlocked": true,
  "airPrintForceTrustedTLS": true,
  "airPrintBlockiBeaconDiscovery": true,
  "safariBlockAutofill": true,
  "cameraBlocked": true,
  "iTunesBlockMusicService": true,
  "spotlightBlockInternetResults": true,
  "keyboardBlockDictation": true,
  "definitionLookupBlocked": true,
  "appleWatchBlockAutoUnlock": true,
  "iTunesBlockFileSharing": true,
  "iCloudBlockDocumentSync": true,
  "iCloudBlockMail": true,
  "iCloudBlockAddressBook": true,
  "iCloudBlockCalendar": true,
  "iCloudBlockReminders": true,
  "iCloudBlockBookmarks": true,
  "iCloudBlockNotes": true,
  "airDropBlocked": true,
  "passwordBlockModification": true,
  "passwordBlockFingerprintUnlock": true
}