Edit

deviceManagement resource type

  • Article

Namespace: microsoft.graph

Important: Microsoft Graph APIs under the /beta version are subject to change; production use is not supported.

Note: The Microsoft Graph API for Intune requires an active Intune license for the tenant.

Singleton entity that acts as a container for all device management functionality.

Methods

Method Return Type Description
Get deviceManagement deviceManagement Read properties and relationships of the deviceManagement object.
Update deviceManagement deviceManagement Update the properties of a deviceManagement object.
enableUnlicensedAdminstrators action None Upon enabling, users assigned as administrators via Role Assignment Memberships will no longer require an assigned Intune license. You are limited to 350 unlicensed direct members for each AAD security group in a role assignment, but you can assign multiple AAD security groups to a role if you need to support more than 350 unlicensed administrators. Licensed administrators will continue to function as-is in that transitive memberships apply and are not subject to the 350 member limit.
enableLegacyPcManagement action None
enableAndroidDeviceAdministratorEnrollment action None
enableEndpointPrivilegeManagement action None Triggers onboarding of tenant to Microsoft Managed Platform - Cloud (MMP-C).

Properties

Property Type Description
id String Unique Identifier
settings deviceManagementSettings Account level settings.
maximumDepTokens Int32 Maximum number of dep tokens allowed per-tenant.
intuneAccountId Guid Intune Account Id for given tenant
lastReportAggregationDateTime DateTimeOffset The last modified time of reporting for this account. This property is read-only.
deviceComplianceReportSummarizationDateTime DateTimeOffset The last requested time of device compliance reporting for this account. This property is read-only.
legacyPcManangementEnabled Boolean The property to enable Non-MDM managed legacy PC management for this account. This property is read-only.
unlicensedAdminstratorsEnabled Boolean When enabled, users assigned as administrators via Role Assignment Memberships do not require an assigned Intune license. Prior to this, only Intune licensed users were granted permissions with an Intune role unless they were assigned a role via Azure Active Directory. You are limited to 350 unlicensed direct members for each AAD security group in a role assignment, but you can assign multiple AAD security groups to a role if you need to support more than 350 unlicensed administrators. Licensed administrators are unaffected, do not have to be direct members, nor does the 350 member limit apply. This property is read-only.

Relationships

Relationship Type Description
deviceConfigurations deviceConfiguration collection The device configurations.
deviceCompliancePolicies deviceCompliancePolicy collection The device compliance policies.
softwareUpdateStatusSummary softwareUpdateStatusSummary The software update status summary.
deviceCompliancePolicyDeviceStateSummary deviceCompliancePolicyDeviceStateSummary The device compliance state summary for this account.
deviceCompliancePolicySettingStateSummaries deviceCompliancePolicySettingStateSummary collection The summary states of compliance policy settings for this account.
advancedThreatProtectionOnboardingStateSummary advancedThreatProtectionOnboardingStateSummary The summary state of ATP onboarding state for this account.
deviceConfigurationDeviceStateSummaries deviceConfigurationDeviceStateSummary The device configuration device state summary for this account.
deviceConfigurationUserStateSummaries deviceConfigurationUserStateSummary The device configuration user state summary for this account.
cartToClassAssociations cartToClassAssociation collection The Cart To Class Associations.
iosUpdateStatuses iosUpdateDeviceStatus collection The IOS software update installation statuses for this account.
ndesConnectors ndesConnector collection The collection of Ndes connectors for this account.
deviceConfigurationRestrictedAppsViolations restrictedAppsViolation collection Restricted apps violations for this account.
managedDeviceEncryptionStates managedDeviceEncryptionState collection Encryption report for devices in this account
deviceConfigurationConflictSummary deviceConfigurationConflictSummary collection Summary of policies in conflict state for this account.
deviceConfigurationsAllManagedDeviceCertificateStates managedAllDeviceCertificateState collection Summary of all certificates for all devices.
macOSSoftwareUpdateAccountSummaries macOSSoftwareUpdateAccountSummary collection The MacOS software update account summaries for this account.
hardwareConfigurations hardwareConfiguration collection The hardware configurations for this account.
hardwarePasswordInfo hardwarePasswordInfo collection The hardware password info for this account.

JSON Representation

Here is a JSON representation of the resource.

{
  "@odata.type": "#microsoft.graph.deviceManagement",
  "id": "String (identifier)",
  "settings": {
    "@odata.type": "microsoft.graph.deviceManagementSettings",
    "deviceComplianceCheckinThresholdDays": 1024,
    "isScheduledActionEnabled": true,
    "secureByDefault": true,
    "enhancedJailBreak": true,
    "deviceInactivityBeforeRetirementInDay": 1024,
    "derivedCredentialProvider": "String",
    "derivedCredentialUrl": "String",
    "androidDeviceAdministratorEnrollmentEnabled": true,
    "ignoreDevicesForUnsupportedSettingsEnabled": true,
    "enableLogCollection": true,
    "enableAutopilotDiagnostics": true,
    "enableEnhancedTroubleshootingExperience": true,
    "enableDeviceGroupMembershipReport": true,
    "m365AppDiagnosticsEnabled": true
  },
  "maximumDepTokens": 1024,
  "intuneAccountId": "Guid",
  "lastReportAggregationDateTime": "String (timestamp)",
  "deviceComplianceReportSummarizationDateTime": "String (timestamp)",
  "legacyPcManangementEnabled": true,
  "unlicensedAdminstratorsEnabled": true
}