Update macOSGeneralDeviceConfiguration

Important: Microsoft Graph APIs under the /beta version are subject to change; production use is not supported.

Note: The Microsoft Graph API for Intune requires an active Intune license for the tenant.

Update the properties of a macOSGeneralDeviceConfiguration object.

Prerequisites

One of the following permissions is required to call this API. To learn more, including how to choose permissions, see Permissions.

Permission type Permissions (from most to least privileged)
Delegated (work or school account) DeviceManagementConfiguration.ReadWrite.All
Delegated (personal Microsoft account) Not supported.
Application DeviceManagementConfiguration.ReadWrite.All

HTTP Request

PATCH /deviceManagement/deviceConfigurations/{deviceConfigurationId}
PATCH /deviceManagement/deviceConfigurations/{deviceConfigurationId}/groupAssignments/{deviceConfigurationGroupAssignmentId}/deviceConfiguration
PATCH /deviceManagement/deviceConfigurations/{deviceConfigurationId}/microsoft.graph.windowsDomainJoinConfiguration/networkAccessConfigurations/{deviceConfigurationId}

Request headers

Header Value
Authorization Bearer <token> Required.
Accept application/json

Request body

In the request body, supply a JSON representation for the macOSGeneralDeviceConfiguration object.

The following table shows the properties that are required when you create the macOSGeneralDeviceConfiguration.

Property Type Description
id String Key of the entity. Inherited from deviceConfiguration
lastModifiedDateTime DateTimeOffset DateTime the object was last modified. Inherited from deviceConfiguration
roleScopeTagIds String collection List of Scope Tags for this Entity instance. Inherited from deviceConfiguration
supportsScopeTags Boolean Indicates whether or not the underlying Device Configuration supports the assignment of scope tags. Assigning to the ScopeTags property is not allowed when this value is false and entities will not be visible to scoped users. This occurs for Legacy policies created in Silverlight and can be resolved by deleting and recreating the policy in the Azure Portal. This property is read-only. Inherited from deviceConfiguration
deviceManagementApplicabilityRuleOsEdition deviceManagementApplicabilityRuleOsEdition The OS edition applicability for this Policy. Inherited from deviceConfiguration
deviceManagementApplicabilityRuleOsVersion deviceManagementApplicabilityRuleOsVersion The OS version applicability rule for this Policy. Inherited from deviceConfiguration
deviceManagementApplicabilityRuleDeviceMode deviceManagementApplicabilityRuleDeviceMode The device mode applicability rule for this Policy. Inherited from deviceConfiguration
createdDateTime DateTimeOffset DateTime the object was created. Inherited from deviceConfiguration
description String Admin provided description of the Device Configuration. Inherited from deviceConfiguration
displayName String Admin provided name of the device configuration. Inherited from deviceConfiguration
version Int32 Version of the device configuration. Inherited from deviceConfiguration
compliantAppsList appListItem collection List of apps in the compliance (either allow list or block list, controlled by CompliantAppListType). This collection can contain a maximum of 10000 elements.
compliantAppListType appListType List that is in the CompliantAppsList. Possible values are: none, appsInListCompliant, appsNotInListCompliant.
emailInDomainSuffixes String collection An email address lacking a suffix that matches any of these strings will be considered out-of-domain.
passwordBlockSimple Boolean Block simple passwords.
passwordExpirationDays Int32 Number of days before the password expires.
passwordMinimumCharacterSetCount Int32 Number of character sets a password must contain. Valid values 0 to 4
passwordMinimumLength Int32 Minimum length of passwords.
passwordMinutesOfInactivityBeforeLock Int32 Minutes of inactivity required before a password is required.
passwordMinutesOfInactivityBeforeScreenTimeout Int32 Minutes of inactivity required before the screen times out.
passwordPreviousPasswordBlockCount Int32 Number of previous passwords to block.
passwordRequiredType requiredPasswordType Type of password that is required. Possible values are: deviceDefault, alphanumeric, numeric.
passwordRequired Boolean Whether or not to require a password.
keychainBlockCloudSync Boolean Indicates whether or not iCloud keychain synchronization is blocked (macOS 10.12 and later).
airPrintBlocked Boolean Indicates whether or not AirPrint is blocked (macOS 10.12 and later).
airPrintForceTrustedTLS Boolean Indicates if trusted certificates are required for TLS printing communication (macOS 10.13 and later).
airPrintBlockiBeaconDiscovery Boolean Indicates whether or not iBeacon discovery of AirPrint printers is blocked. This prevents spurious AirPrint Bluetooth beacons from phishing for network traffic (macOS 10.3 and later).
safariBlockAutofill Boolean Indicates whether or not to block the user from using Auto fill in Safari.
cameraBlocked Boolean Indicates whether or not to block the user from accessing the camera of the device.
iTunesBlockMusicService Boolean Indicates whether or not to block Music service and revert Music app to classic mode.
spotlightBlockInternetResults Boolean Indicates whether or not to block Spotlight from returning any results from an Internet search.
keyboardBlockDictation Boolean Indicates whether or not to block the user from using dictation input.
definitionLookupBlocked Boolean Indicates whether or not to block definition lookup.
appleWatchBlockAutoUnlock Boolean Indicates whether or to block users from unlocking their Mac with Apple Watch.
iTunesBlockFileSharing Boolean Indicates whether or not to block files from being transferred using iTunes.
iCloudBlockDocumentSync Boolean Indicates whether or not to block iCloud document sync.
iCloudBlockMail Boolean Indicates whether or not to block iCloud from syncing mail.
iCloudBlockAddressBook Boolean Indicates whether or not to block iCloud from syncing contacts.
iCloudBlockCalendar Boolean Indicates whether or not to block iCloud from syncing calendars.
iCloudBlockReminders Boolean Indicates whether or not to block iCloud from syncing reminders.
iCloudBlockBookmarks Boolean Indicates whether or not to block iCloud from syncing bookmarks.
iCloudBlockNotes Boolean Indicates whether or not to block iCloud from syncing notes.
airDropBlocked Boolean Indicates whether or not to allow AirDrop.
passwordBlockModification Boolean Indicates whether or not to allow passcode modification.
passwordBlockFingerprintUnlock Boolean Indicates whether or not to block fingerprint unlock.
passwordBlockAutoFill Boolean Indicates whether or not to block the AutoFill Passwords feature.
passwordBlockProximityRequests Boolean Indicates whether or not to block requesting passwords from nearby devices.
passwordBlockAirDropSharing Boolean Indicates whether or not to block sharing passwords with the AirDrop passwords feature.
softwareUpdatesEnforcedDelayInDays Int32 Sets how many days a software update will be delyed for a supervised device. Valid values 0 to 90
softwareUpdatesForceDelayed Boolean Indicates whether or not to delay user visibility of software updates when the device is in supervised mode.
contentCachingBlocked Boolean Indicates whether or not to allow content caching.
iCloudBlockPhotoLibrary Boolean Indicates whether or not to block iCloud Photo Library.
screenCaptureBlocked Boolean Indicates whether or not to block the user from taking Screenshots.
classroomAppBlockRemoteScreenObservation Boolean Indicates whether or not to allow remote screen observation by Classroom app. Requires MDM enrollment via Apple School Manager or Apple Business Manager.
classroomAppForceUnpromptedScreenObservation Boolean Indicates whether or not to automatically give permission to the teacher of a managed course on the Classroom app to view a student's screen without prompting. Requires MDM enrollment via Apple School Manager or Apple Business Manager.
classroomForceAutomaticallyJoinClasses Boolean Indicates whether or not to automatically give permission to the teacher's requests, without prompting the student. Requires MDM enrollment via Apple School Manager or Apple Business Manager.
classroomForceRequestPermissionToLeaveClasses Boolean Indicates whether a student enrolled in an unmanaged course via Classroom will be required to request permission from the teacher when attempting to leave the course. Requires MDM enrollment via Apple School Manager or Apple Business Manager.
classroomForceUnpromptedAppAndDeviceLock Boolean Indicates whether or not to allow the teacher to lock apps or the device without prompting the student. Requires MDM enrollment via Apple School Manager or Apple Business Manager.
iCloudBlockActivityContinuation Boolean Indicates whether or not to block the user from continuing work that they started on a MacOS device on another iOS or MacOS device (MacOS 10.15 or later).

Response

If successful, this method returns a 200 OK response code and an updated macOSGeneralDeviceConfiguration object in the response body.

Example

Request

Here is an example of the request.

PATCH https://graph.microsoft.com/beta/deviceManagement/deviceConfigurations/{deviceConfigurationId}
Content-type: application/json
Content-length: 3146

{
  "@odata.type": "#microsoft.graph.macOSGeneralDeviceConfiguration",
  "roleScopeTagIds": [
    "Role Scope Tag Ids value"
  ],
  "supportsScopeTags": true,
  "deviceManagementApplicabilityRuleOsEdition": {
    "@odata.type": "microsoft.graph.deviceManagementApplicabilityRuleOsEdition",
    "osEditionTypes": [
      "windows10EnterpriseN"
    ],
    "name": "Name value",
    "ruleType": "exclude"
  },
  "deviceManagementApplicabilityRuleOsVersion": {
    "@odata.type": "microsoft.graph.deviceManagementApplicabilityRuleOsVersion",
    "minOSVersion": "Min OSVersion value",
    "maxOSVersion": "Max OSVersion value",
    "name": "Name value",
    "ruleType": "exclude"
  },
  "deviceManagementApplicabilityRuleDeviceMode": {
    "@odata.type": "microsoft.graph.deviceManagementApplicabilityRuleDeviceMode",
    "deviceMode": "sModeConfiguration",
    "name": "Name value",
    "ruleType": "exclude"
  },
  "description": "Description value",
  "displayName": "Display Name value",
  "version": 7,
  "compliantAppsList": [
    {
      "@odata.type": "microsoft.graph.appListItem",
      "name": "Name value",
      "publisher": "Publisher value",
      "appStoreUrl": "https://example.com/appStoreUrl/",
      "appId": "App Id value"
    }
  ],
  "compliantAppListType": "appsInListCompliant",
  "emailInDomainSuffixes": [
    "Email In Domain Suffixes value"
  ],
  "passwordBlockSimple": true,
  "passwordExpirationDays": 6,
  "passwordMinimumCharacterSetCount": 0,
  "passwordMinimumLength": 5,
  "passwordMinutesOfInactivityBeforeLock": 5,
  "passwordMinutesOfInactivityBeforeScreenTimeout": 14,
  "passwordPreviousPasswordBlockCount": 2,
  "passwordRequiredType": "alphanumeric",
  "passwordRequired": true,
  "keychainBlockCloudSync": true,
  "airPrintBlocked": true,
  "airPrintForceTrustedTLS": true,
  "airPrintBlockiBeaconDiscovery": true,
  "safariBlockAutofill": true,
  "cameraBlocked": true,
  "iTunesBlockMusicService": true,
  "spotlightBlockInternetResults": true,
  "keyboardBlockDictation": true,
  "definitionLookupBlocked": true,
  "appleWatchBlockAutoUnlock": true,
  "iTunesBlockFileSharing": true,
  "iCloudBlockDocumentSync": true,
  "iCloudBlockMail": true,
  "iCloudBlockAddressBook": true,
  "iCloudBlockCalendar": true,
  "iCloudBlockReminders": true,
  "iCloudBlockBookmarks": true,
  "iCloudBlockNotes": true,
  "airDropBlocked": true,
  "passwordBlockModification": true,
  "passwordBlockFingerprintUnlock": true,
  "passwordBlockAutoFill": true,
  "passwordBlockProximityRequests": true,
  "passwordBlockAirDropSharing": true,
  "softwareUpdatesEnforcedDelayInDays": 2,
  "softwareUpdatesForceDelayed": true,
  "contentCachingBlocked": true,
  "iCloudBlockPhotoLibrary": true,
  "screenCaptureBlocked": true,
  "classroomAppBlockRemoteScreenObservation": true,
  "classroomAppForceUnpromptedScreenObservation": true,
  "classroomForceAutomaticallyJoinClasses": true,
  "classroomForceRequestPermissionToLeaveClasses": true,
  "classroomForceUnpromptedAppAndDeviceLock": true,
  "iCloudBlockActivityContinuation": true
}

Response

Here is an example of the response. Note: The response object shown here may be truncated for brevity. All of the properties will be returned from an actual call.

HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 3318

{
  "@odata.type": "#microsoft.graph.macOSGeneralDeviceConfiguration",
  "id": "dc356aee-6aee-dc35-ee6a-35dcee6a35dc",
  "lastModifiedDateTime": "2017-01-01T00:00:35.1329464-08:00",
  "roleScopeTagIds": [
    "Role Scope Tag Ids value"
  ],
  "supportsScopeTags": true,
  "deviceManagementApplicabilityRuleOsEdition": {
    "@odata.type": "microsoft.graph.deviceManagementApplicabilityRuleOsEdition",
    "osEditionTypes": [
      "windows10EnterpriseN"
    ],
    "name": "Name value",
    "ruleType": "exclude"
  },
  "deviceManagementApplicabilityRuleOsVersion": {
    "@odata.type": "microsoft.graph.deviceManagementApplicabilityRuleOsVersion",
    "minOSVersion": "Min OSVersion value",
    "maxOSVersion": "Max OSVersion value",
    "name": "Name value",
    "ruleType": "exclude"
  },
  "deviceManagementApplicabilityRuleDeviceMode": {
    "@odata.type": "microsoft.graph.deviceManagementApplicabilityRuleDeviceMode",
    "deviceMode": "sModeConfiguration",
    "name": "Name value",
    "ruleType": "exclude"
  },
  "createdDateTime": "2017-01-01T00:02:43.5775965-08:00",
  "description": "Description value",
  "displayName": "Display Name value",
  "version": 7,
  "compliantAppsList": [
    {
      "@odata.type": "microsoft.graph.appListItem",
      "name": "Name value",
      "publisher": "Publisher value",
      "appStoreUrl": "https://example.com/appStoreUrl/",
      "appId": "App Id value"
    }
  ],
  "compliantAppListType": "appsInListCompliant",
  "emailInDomainSuffixes": [
    "Email In Domain Suffixes value"
  ],
  "passwordBlockSimple": true,
  "passwordExpirationDays": 6,
  "passwordMinimumCharacterSetCount": 0,
  "passwordMinimumLength": 5,
  "passwordMinutesOfInactivityBeforeLock": 5,
  "passwordMinutesOfInactivityBeforeScreenTimeout": 14,
  "passwordPreviousPasswordBlockCount": 2,
  "passwordRequiredType": "alphanumeric",
  "passwordRequired": true,
  "keychainBlockCloudSync": true,
  "airPrintBlocked": true,
  "airPrintForceTrustedTLS": true,
  "airPrintBlockiBeaconDiscovery": true,
  "safariBlockAutofill": true,
  "cameraBlocked": true,
  "iTunesBlockMusicService": true,
  "spotlightBlockInternetResults": true,
  "keyboardBlockDictation": true,
  "definitionLookupBlocked": true,
  "appleWatchBlockAutoUnlock": true,
  "iTunesBlockFileSharing": true,
  "iCloudBlockDocumentSync": true,
  "iCloudBlockMail": true,
  "iCloudBlockAddressBook": true,
  "iCloudBlockCalendar": true,
  "iCloudBlockReminders": true,
  "iCloudBlockBookmarks": true,
  "iCloudBlockNotes": true,
  "airDropBlocked": true,
  "passwordBlockModification": true,
  "passwordBlockFingerprintUnlock": true,
  "passwordBlockAutoFill": true,
  "passwordBlockProximityRequests": true,
  "passwordBlockAirDropSharing": true,
  "softwareUpdatesEnforcedDelayInDays": 2,
  "softwareUpdatesForceDelayed": true,
  "contentCachingBlocked": true,
  "iCloudBlockPhotoLibrary": true,
  "screenCaptureBlocked": true,
  "classroomAppBlockRemoteScreenObservation": true,
  "classroomAppForceUnpromptedScreenObservation": true,
  "classroomForceAutomaticallyJoinClasses": true,
  "classroomForceRequestPermissionToLeaveClasses": true,
  "classroomForceUnpromptedAppAndDeviceLock": true,
  "iCloudBlockActivityContinuation": true
}