Update macOSGeneralDeviceConfiguration
Namespace: microsoft.graph
Important: Microsoft Graph APIs under the /beta version are subject to change; production use is not supported.
Note: The Microsoft Graph API for Intune requires an active Intune license for the tenant.
Update the properties of a macOSGeneralDeviceConfiguration object.
This API is available in the following national cloud deployments.
| Global service | US Government L4 | US Government L5 (DOD) | China operated by 21Vianet |
|---|---|---|---|
| ✅ | ✅ | ✅ | ✅ |
Permissions
One of the following permissions is required to call this API. To learn more, including how to choose permissions, see Permissions.
| Permission type | Permissions (from least to most privileged) |
|---|---|
| Delegated (work or school account) | DeviceManagementConfiguration.ReadWrite.All |
| Delegated (personal Microsoft account) | Not supported. |
| Application | DeviceManagementConfiguration.ReadWrite.All |
HTTP Request
PATCH /deviceManagement/deviceConfigurations/{deviceConfigurationId}
PATCH /deviceManagement/deviceConfigurations/{deviceConfigurationId}/groupAssignments/{deviceConfigurationGroupAssignmentId}/deviceConfiguration
PATCH /deviceManagement/deviceConfigurations/{deviceConfigurationId}/microsoft.graph.windowsDomainJoinConfiguration/networkAccessConfigurations/{deviceConfigurationId}
Request headers
| Header | Value |
|---|---|
| Authorization | Bearer {token}. Required. Learn more about authentication and authorization. |
| Accept | application/json |
Request body
In the request body, supply a JSON representation for the macOSGeneralDeviceConfiguration object.
The following table shows the properties that are required when you create the macOSGeneralDeviceConfiguration.
| Property | Type | Description |
|---|---|---|
| id | String | Key of the entity. Inherited from deviceConfiguration |
| lastModifiedDateTime | DateTimeOffset | DateTime the object was last modified. Inherited from deviceConfiguration |
| roleScopeTagIds | String collection | List of Scope Tags for this Entity instance. Inherited from deviceConfiguration |
| supportsScopeTags | Boolean | Indicates whether or not the underlying Device Configuration supports the assignment of scope tags. Assigning to the ScopeTags property is not allowed when this value is false and entities will not be visible to scoped users. This occurs for Legacy policies created in Silverlight and can be resolved by deleting and recreating the policy in the Azure Portal. This property is read-only. Inherited from deviceConfiguration |
| deviceManagementApplicabilityRuleOsEdition | deviceManagementApplicabilityRuleOsEdition | The OS edition applicability for this Policy. Inherited from deviceConfiguration |
| deviceManagementApplicabilityRuleOsVersion | deviceManagementApplicabilityRuleOsVersion | The OS version applicability rule for this Policy. Inherited from deviceConfiguration |
| deviceManagementApplicabilityRuleDeviceMode | deviceManagementApplicabilityRuleDeviceMode | The device mode applicability rule for this Policy. Inherited from deviceConfiguration |
| createdDateTime | DateTimeOffset | DateTime the object was created. Inherited from deviceConfiguration |
| description | String | Admin provided description of the Device Configuration. Inherited from deviceConfiguration |
| displayName | String | Admin provided name of the device configuration. Inherited from deviceConfiguration |
| version | Int32 | Version of the device configuration. Inherited from deviceConfiguration |
| compliantAppsList | appListItem collection | List of apps in the compliance (either allow list or block list, controlled by CompliantAppListType). This collection can contain a maximum of 10000 elements. |
| compliantAppListType | appListType | List that is in the CompliantAppsList. Possible values are: none, appsInListCompliant, appsNotInListCompliant. |
| emailInDomainSuffixes | String collection | An email address lacking a suffix that matches any of these strings will be considered out-of-domain. |
| passwordBlockSimple | Boolean | Block simple passwords. |
| passwordExpirationDays | Int32 | Number of days before the password expires. |
| passwordMinimumCharacterSetCount | Int32 | Number of character sets a password must contain. Valid values 0 to 4 |
| passwordMinimumLength | Int32 | Minimum length of passwords. |
| passwordMinutesOfInactivityBeforeLock | Int32 | Minutes of inactivity required before a password is required. |
| passwordMinutesOfInactivityBeforeScreenTimeout | Int32 | Minutes of inactivity required before the screen times out. |
| passwordPreviousPasswordBlockCount | Int32 | Number of previous passwords to block. |
| passwordRequiredType | requiredPasswordType | Type of password that is required. Possible values are: deviceDefault, alphanumeric, numeric. |
| passwordRequired | Boolean | Whether or not to require a password. |
| passwordMaximumAttemptCount | Int32 | The number of allowed failed attempts to enter the passcode at the device's lock screen. Valid values 2 to 11 |
| passwordMinutesUntilFailedLoginReset | Int32 | The number of minutes before the login is reset after the maximum number of unsuccessful login attempts is reached. |
| keychainBlockCloudSync | Boolean | Indicates whether or not iCloud keychain synchronization is blocked (macOS 10.12 and later). |
| safariBlockAutofill | Boolean | Indicates whether or not to block the user from using Auto fill in Safari. |
| cameraBlocked | Boolean | Indicates whether or not to block the user from accessing the camera of the device. |
| iTunesBlockMusicService | Boolean | Indicates whether or not to block Music service and revert Music app to classic mode. |
| spotlightBlockInternetResults | Boolean | Indicates whether or not to block Spotlight from returning any results from an Internet search. |
| keyboardBlockDictation | Boolean | Indicates whether or not to block the user from using dictation input. |
| definitionLookupBlocked | Boolean | Indicates whether or not to block definition lookup. |
| appleWatchBlockAutoUnlock | Boolean | Indicates whether or to block users from unlocking their Mac with Apple Watch. |
| iTunesBlockFileSharing | Boolean | Indicates whether or not to block files from being transferred using iTunes. |
| iCloudBlockDocumentSync | Boolean | Indicates whether or not to block iCloud document sync. |
| iCloudBlockMail | Boolean | Indicates whether or not to block iCloud from syncing mail. |
| iCloudBlockAddressBook | Boolean | Indicates whether or not to block iCloud from syncing contacts. |
| iCloudBlockCalendar | Boolean | Indicates whether or not to block iCloud from syncing calendars. |
| iCloudBlockReminders | Boolean | Indicates whether or not to block iCloud from syncing reminders. |
| iCloudBlockBookmarks | Boolean | Indicates whether or not to block iCloud from syncing bookmarks. |
| iCloudBlockNotes | Boolean | Indicates whether or not to block iCloud from syncing notes. |
| airDropBlocked | Boolean | Indicates whether or not to allow AirDrop. |
| passwordBlockModification | Boolean | Indicates whether or not to allow passcode modification. |
| passwordBlockFingerprintUnlock | Boolean | Indicates whether or not to block fingerprint unlock. |
| passwordBlockAutoFill | Boolean | Indicates whether or not to block the AutoFill Passwords feature. |
| passwordBlockProximityRequests | Boolean | Indicates whether or not to block requesting passwords from nearby devices. |
| passwordBlockAirDropSharing | Boolean | Indicates whether or not to block sharing passwords with the AirDrop passwords feature. |
| softwareUpdatesEnforcedDelayInDays | Int32 | Sets how many days a software update will be delyed for a supervised device. Valid values 0 to 90 |
| updateDelayPolicy | macOSSoftwareUpdateDelayPolicy | Determines whether to delay OS and/or app updates for macOS. Possible values are: none, delayOSUpdateVisibility, delayAppUpdateVisibility, unknownFutureValue, delayMajorOsUpdateVisibility. |
| contentCachingBlocked | Boolean | Indicates whether or not to allow content caching. |
| iCloudBlockPhotoLibrary | Boolean | Indicates whether or not to block iCloud Photo Library. |
| screenCaptureBlocked | Boolean | Indicates whether or not to block the user from taking Screenshots. |
| classroomAppBlockRemoteScreenObservation | Boolean | Indicates whether or not to allow remote screen observation by Classroom app. Requires MDM enrollment via Apple School Manager or Apple Business Manager. |
| classroomAppForceUnpromptedScreenObservation | Boolean | Indicates whether or not to automatically give permission to the teacher of a managed course on the Classroom app to view a student's screen without prompting. Requires MDM enrollment via Apple School Manager or Apple Business Manager. |
| classroomForceAutomaticallyJoinClasses | Boolean | Indicates whether or not to automatically give permission to the teacher's requests, without prompting the student. Requires MDM enrollment via Apple School Manager or Apple Business Manager. |
| classroomForceRequestPermissionToLeaveClasses | Boolean | Indicates whether a student enrolled in an unmanaged course via Classroom will be required to request permission from the teacher when attempting to leave the course. Requires MDM enrollment via Apple School Manager or Apple Business Manager. |
| classroomForceUnpromptedAppAndDeviceLock | Boolean | Indicates whether or not to allow the teacher to lock apps or the device without prompting the student. Requires MDM enrollment via Apple School Manager or Apple Business Manager. |
| iCloudBlockActivityContinuation | Boolean | Indicates whether or not to block the user from continuing work that they started on a MacOS device on another iOS or MacOS device (MacOS 10.15 or later). |
| privacyAccessControls | macOSPrivacyAccessControlItem collection | List of privacy preference policy controls. This collection can contain a maximum of 10000 elements. |
| addingGameCenterFriendsBlocked | Boolean | Yes prevents users from adding friends to Game Center. Available for devices running macOS versions 10.13 and later. |
| gameCenterBlocked | Boolean | Yes disables Game Center, and the Game Center icon is removed from the Home screen. Available for devices running macOS versions 10.13 and later. |
| multiplayerGamingBlocked | Boolean | TRUE prevents multiplayer gaming when using Game Center. FALSE allows multiplayer gaming when using Game Center. Available for devices running macOS versions 10.13 and later. |
| wallpaperModificationBlocked | Boolean | TRUE prevents the wallpaper from being changed. FALSE allows the wallpaper to be changed. Available for devices running macOS versions 10.13 and later. |
| eraseContentAndSettingsBlocked | Boolean | TRUE disables the reset option on supervised devices. FALSE enables the reset option on supervised devices. Available for devices running macOS versions 12.0 and later. |
| softwareUpdateMajorOSDeferredInstallDelayInDays | Int32 | Specify the number of days (1-90) to delay visibility of major OS software updates. Available for devices running macOS versions 11.3 and later. Valid values 0 to 90 |
| softwareUpdateMinorOSDeferredInstallDelayInDays | Int32 | Specify the number of days (1-90) to delay visibility of minor OS software updates. Available for devices running macOS versions 11.3 and later. Valid values 0 to 90 |
| softwareUpdateNonOSDeferredInstallDelayInDays | Int32 | Specify the number of days (1-90) to delay visibility of non-OS software updates. Available for devices running macOS versions 11.3 and later. Valid values 0 to 90 |
| touchIdTimeoutInHours | Int32 | Maximum hours after which the user must enter their password to unlock the device instead of using Touch ID. Available for devices running macOS 12 and later. Valid values 0 to 2147483647 |
| iCloudPrivateRelayBlocked | Boolean | iCloud private relay is an iCloud+ service that prevents networks and servers from monitoring a person's activity across the internet. By blocking iCloud private relay, Apple will not encrypt the traffic leaving the device. Available for devices running macOS 12 and later. |
| iCloudDesktopAndDocumentsBlocked | Boolean | When TRUE the synchronization of cloud desktop and documents is blocked. When FALSE, synchronization of the cloud desktop and documents are allowed. Available for devices running macOS 10.12.4 and later. |
| activationLockWhenSupervisedAllowed | Boolean | When TRUE, activation lock is allowed when the devices is in the supervised mode. When FALSE, activation lock is not allowed. Default is false. |
Response
If successful, this method returns a 200 OK response code and an updated macOSGeneralDeviceConfiguration object in the response body.
Example
Request
Here is an example of the request.
PATCH https://graph.microsoft.com/beta/deviceManagement/deviceConfigurations/{deviceConfigurationId}
Content-type: application/json
Content-length: 5062
{
"@odata.type": "#microsoft.graph.macOSGeneralDeviceConfiguration",
"roleScopeTagIds": [
"Role Scope Tag Ids value"
],
"supportsScopeTags": true,
"deviceManagementApplicabilityRuleOsEdition": {
"@odata.type": "microsoft.graph.deviceManagementApplicabilityRuleOsEdition",
"osEditionTypes": [
"windows10EnterpriseN"
],
"name": "Name value",
"ruleType": "exclude"
},
"deviceManagementApplicabilityRuleOsVersion": {
"@odata.type": "microsoft.graph.deviceManagementApplicabilityRuleOsVersion",
"minOSVersion": "Min OSVersion value",
"maxOSVersion": "Max OSVersion value",
"name": "Name value",
"ruleType": "exclude"
},
"deviceManagementApplicabilityRuleDeviceMode": {
"@odata.type": "microsoft.graph.deviceManagementApplicabilityRuleDeviceMode",
"deviceMode": "sModeConfiguration",
"name": "Name value",
"ruleType": "exclude"
},
"description": "Description value",
"displayName": "Display Name value",
"version": 7,
"compliantAppsList": [
{
"@odata.type": "microsoft.graph.appListItem",
"name": "Name value",
"publisher": "Publisher value",
"appStoreUrl": "https://example.com/appStoreUrl/",
"appId": "App Id value"
}
],
"compliantAppListType": "appsInListCompliant",
"emailInDomainSuffixes": [
"Email In Domain Suffixes value"
],
"passwordBlockSimple": true,
"passwordExpirationDays": 6,
"passwordMinimumCharacterSetCount": 0,
"passwordMinimumLength": 5,
"passwordMinutesOfInactivityBeforeLock": 5,
"passwordMinutesOfInactivityBeforeScreenTimeout": 14,
"passwordPreviousPasswordBlockCount": 2,
"passwordRequiredType": "alphanumeric",
"passwordRequired": true,
"passwordMaximumAttemptCount": 11,
"passwordMinutesUntilFailedLoginReset": 4,
"keychainBlockCloudSync": true,
"safariBlockAutofill": true,
"cameraBlocked": true,
"iTunesBlockMusicService": true,
"spotlightBlockInternetResults": true,
"keyboardBlockDictation": true,
"definitionLookupBlocked": true,
"appleWatchBlockAutoUnlock": true,
"iTunesBlockFileSharing": true,
"iCloudBlockDocumentSync": true,
"iCloudBlockMail": true,
"iCloudBlockAddressBook": true,
"iCloudBlockCalendar": true,
"iCloudBlockReminders": true,
"iCloudBlockBookmarks": true,
"iCloudBlockNotes": true,
"airDropBlocked": true,
"passwordBlockModification": true,
"passwordBlockFingerprintUnlock": true,
"passwordBlockAutoFill": true,
"passwordBlockProximityRequests": true,
"passwordBlockAirDropSharing": true,
"softwareUpdatesEnforcedDelayInDays": 2,
"updateDelayPolicy": "delayOSUpdateVisibility",
"contentCachingBlocked": true,
"iCloudBlockPhotoLibrary": true,
"screenCaptureBlocked": true,
"classroomAppBlockRemoteScreenObservation": true,
"classroomAppForceUnpromptedScreenObservation": true,
"classroomForceAutomaticallyJoinClasses": true,
"classroomForceRequestPermissionToLeaveClasses": true,
"classroomForceUnpromptedAppAndDeviceLock": true,
"iCloudBlockActivityContinuation": true,
"privacyAccessControls": [
{
"@odata.type": "microsoft.graph.macOSPrivacyAccessControlItem",
"displayName": "Display Name value",
"identifier": "Identifier value",
"identifierType": "path",
"codeRequirement": "Code Requirement value",
"staticCodeValidation": true,
"blockCamera": true,
"blockMicrophone": true,
"blockScreenCapture": true,
"blockListenEvent": true,
"speechRecognition": "enabled",
"accessibility": "enabled",
"addressBook": "enabled",
"calendar": "enabled",
"reminders": "enabled",
"photos": "enabled",
"mediaLibrary": "enabled",
"fileProviderPresence": "enabled",
"systemPolicyAllFiles": "enabled",
"systemPolicySystemAdminFiles": "enabled",
"systemPolicyDesktopFolder": "enabled",
"systemPolicyDocumentsFolder": "enabled",
"systemPolicyDownloadsFolder": "enabled",
"systemPolicyNetworkVolumes": "enabled",
"systemPolicyRemovableVolumes": "enabled",
"postEvent": "enabled",
"appleEventsAllowedReceivers": [
{
"@odata.type": "microsoft.graph.macOSAppleEventReceiver",
"codeRequirement": "Code Requirement value",
"identifier": "Identifier value",
"identifierType": "path",
"allowed": true
}
]
}
],
"addingGameCenterFriendsBlocked": true,
"gameCenterBlocked": true,
"multiplayerGamingBlocked": true,
"wallpaperModificationBlocked": true,
"eraseContentAndSettingsBlocked": true,
"softwareUpdateMajorOSDeferredInstallDelayInDays": 15,
"softwareUpdateMinorOSDeferredInstallDelayInDays": 15,
"softwareUpdateNonOSDeferredInstallDelayInDays": 13,
"touchIdTimeoutInHours": 5,
"iCloudPrivateRelayBlocked": true,
"iCloudDesktopAndDocumentsBlocked": true,
"activationLockWhenSupervisedAllowed": true
}
Response
Here is an example of the response. Note: The response object shown here may be truncated for brevity. All of the properties will be returned from an actual call.
HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 5234
{
"@odata.type": "#microsoft.graph.macOSGeneralDeviceConfiguration",
"id": "dc356aee-6aee-dc35-ee6a-35dcee6a35dc",
"lastModifiedDateTime": "2017-01-01T00:00:35.1329464-08:00",
"roleScopeTagIds": [
"Role Scope Tag Ids value"
],
"supportsScopeTags": true,
"deviceManagementApplicabilityRuleOsEdition": {
"@odata.type": "microsoft.graph.deviceManagementApplicabilityRuleOsEdition",
"osEditionTypes": [
"windows10EnterpriseN"
],
"name": "Name value",
"ruleType": "exclude"
},
"deviceManagementApplicabilityRuleOsVersion": {
"@odata.type": "microsoft.graph.deviceManagementApplicabilityRuleOsVersion",
"minOSVersion": "Min OSVersion value",
"maxOSVersion": "Max OSVersion value",
"name": "Name value",
"ruleType": "exclude"
},
"deviceManagementApplicabilityRuleDeviceMode": {
"@odata.type": "microsoft.graph.deviceManagementApplicabilityRuleDeviceMode",
"deviceMode": "sModeConfiguration",
"name": "Name value",
"ruleType": "exclude"
},
"createdDateTime": "2017-01-01T00:02:43.5775965-08:00",
"description": "Description value",
"displayName": "Display Name value",
"version": 7,
"compliantAppsList": [
{
"@odata.type": "microsoft.graph.appListItem",
"name": "Name value",
"publisher": "Publisher value",
"appStoreUrl": "https://example.com/appStoreUrl/",
"appId": "App Id value"
}
],
"compliantAppListType": "appsInListCompliant",
"emailInDomainSuffixes": [
"Email In Domain Suffixes value"
],
"passwordBlockSimple": true,
"passwordExpirationDays": 6,
"passwordMinimumCharacterSetCount": 0,
"passwordMinimumLength": 5,
"passwordMinutesOfInactivityBeforeLock": 5,
"passwordMinutesOfInactivityBeforeScreenTimeout": 14,
"passwordPreviousPasswordBlockCount": 2,
"passwordRequiredType": "alphanumeric",
"passwordRequired": true,
"passwordMaximumAttemptCount": 11,
"passwordMinutesUntilFailedLoginReset": 4,
"keychainBlockCloudSync": true,
"safariBlockAutofill": true,
"cameraBlocked": true,
"iTunesBlockMusicService": true,
"spotlightBlockInternetResults": true,
"keyboardBlockDictation": true,
"definitionLookupBlocked": true,
"appleWatchBlockAutoUnlock": true,
"iTunesBlockFileSharing": true,
"iCloudBlockDocumentSync": true,
"iCloudBlockMail": true,
"iCloudBlockAddressBook": true,
"iCloudBlockCalendar": true,
"iCloudBlockReminders": true,
"iCloudBlockBookmarks": true,
"iCloudBlockNotes": true,
"airDropBlocked": true,
"passwordBlockModification": true,
"passwordBlockFingerprintUnlock": true,
"passwordBlockAutoFill": true,
"passwordBlockProximityRequests": true,
"passwordBlockAirDropSharing": true,
"softwareUpdatesEnforcedDelayInDays": 2,
"updateDelayPolicy": "delayOSUpdateVisibility",
"contentCachingBlocked": true,
"iCloudBlockPhotoLibrary": true,
"screenCaptureBlocked": true,
"classroomAppBlockRemoteScreenObservation": true,
"classroomAppForceUnpromptedScreenObservation": true,
"classroomForceAutomaticallyJoinClasses": true,
"classroomForceRequestPermissionToLeaveClasses": true,
"classroomForceUnpromptedAppAndDeviceLock": true,
"iCloudBlockActivityContinuation": true,
"privacyAccessControls": [
{
"@odata.type": "microsoft.graph.macOSPrivacyAccessControlItem",
"displayName": "Display Name value",
"identifier": "Identifier value",
"identifierType": "path",
"codeRequirement": "Code Requirement value",
"staticCodeValidation": true,
"blockCamera": true,
"blockMicrophone": true,
"blockScreenCapture": true,
"blockListenEvent": true,
"speechRecognition": "enabled",
"accessibility": "enabled",
"addressBook": "enabled",
"calendar": "enabled",
"reminders": "enabled",
"photos": "enabled",
"mediaLibrary": "enabled",
"fileProviderPresence": "enabled",
"systemPolicyAllFiles": "enabled",
"systemPolicySystemAdminFiles": "enabled",
"systemPolicyDesktopFolder": "enabled",
"systemPolicyDocumentsFolder": "enabled",
"systemPolicyDownloadsFolder": "enabled",
"systemPolicyNetworkVolumes": "enabled",
"systemPolicyRemovableVolumes": "enabled",
"postEvent": "enabled",
"appleEventsAllowedReceivers": [
{
"@odata.type": "microsoft.graph.macOSAppleEventReceiver",
"codeRequirement": "Code Requirement value",
"identifier": "Identifier value",
"identifierType": "path",
"allowed": true
}
]
}
],
"addingGameCenterFriendsBlocked": true,
"gameCenterBlocked": true,
"multiplayerGamingBlocked": true,
"wallpaperModificationBlocked": true,
"eraseContentAndSettingsBlocked": true,
"softwareUpdateMajorOSDeferredInstallDelayInDays": 15,
"softwareUpdateMinorOSDeferredInstallDelayInDays": 15,
"softwareUpdateNonOSDeferredInstallDelayInDays": 13,
"touchIdTimeoutInHours": 5,
"iCloudPrivateRelayBlocked": true,
"iCloudDesktopAndDocumentsBlocked": true,
"activationLockWhenSupervisedAllowed": true
}
Feedback
Coming soon: Throughout 2024 we will be phasing out GitHub Issues as the feedback mechanism for content and replacing it with a new feedback system. For more information see: https://aka.ms/ContentUserFeedback.
Submit and view feedback for