windows10EndpointProtectionConfiguration resource type

Note: The Microsoft Graph API for Intune requires an active Intune license for the tenant.

This topic provides descriptions of the declared methods, properties and relationships exposed by the Windows10EndpointProtectionConfiguration resource.

Inherits from deviceConfiguration

Methods

Method Return Type Description
List windows10EndpointProtectionConfigurations windows10EndpointProtectionConfiguration collection List properties and relationships of the windows10EndpointProtectionConfiguration objects.
Get windows10EndpointProtectionConfiguration windows10EndpointProtectionConfiguration Read properties and relationships of the windows10EndpointProtectionConfiguration object.
Create windows10EndpointProtectionConfiguration windows10EndpointProtectionConfiguration Create a new windows10EndpointProtectionConfiguration object.
Delete windows10EndpointProtectionConfiguration None Deletes a windows10EndpointProtectionConfiguration.
Update windows10EndpointProtectionConfiguration windows10EndpointProtectionConfiguration Update the properties of a windows10EndpointProtectionConfiguration object.

Properties

Property Type Description
id String Key of the entity. Inherited from deviceConfiguration
lastModifiedDateTime DateTimeOffset DateTime the object was last modified. Inherited from deviceConfiguration
createdDateTime DateTimeOffset DateTime the object was created. Inherited from deviceConfiguration
description String Admin provided description of the Device Configuration. Inherited from deviceConfiguration
displayName String Admin provided name of the device configuration. Inherited from deviceConfiguration
version Int32 Version of the device configuration. Inherited from deviceConfiguration
firewallBlockStatefulFTP Boolean Blocks stateful FTP connections to the device
firewallIdleTimeoutForSecurityAssociationInSeconds Int32 Configures the idle timeout for security associations, in seconds, from 300 to 3600 inclusive. This is the period after which security associations will expire and be deleted. Valid values 300 to 3600
firewallPreSharedKeyEncodingMethod firewallPreSharedKeyEncodingMethodType Select the preshared key encoding to be used. Possible values are: deviceDefault, none, utF8.
firewallIPSecExemptionsAllowNeighborDiscovery Boolean Configures IPSec exemptions to allow neighbor discovery IPv6 ICMP type-codes
firewallIPSecExemptionsAllowICMP Boolean Configures IPSec exemptions to allow ICMP
firewallIPSecExemptionsAllowRouterDiscovery Boolean Configures IPSec exemptions to allow router discovery IPv6 ICMP type-codes
firewallIPSecExemptionsAllowDHCP Boolean Configures IPSec exemptions to allow both IPv4 and IPv6 DHCP traffic
firewallCertificateRevocationListCheckMethod firewallCertificateRevocationListCheckMethodType Specify how the certificate revocation list is to be enforced. Possible values are: deviceDefault, none, attempt, require.
firewallMergeKeyingModuleSettings Boolean If an authentication set is not fully supported by a keying module, direct the module to ignore only unsupported authentication suites rather than the entire set
firewallPacketQueueingMethod firewallPacketQueueingMethodType Configures how packet queueing should be applied in the tunnel gateway scenario. Possible values are: deviceDefault, disabled, queueInbound, queueOutbound, queueBoth.
firewallProfileDomain windowsFirewallNetworkProfile Configures the firewall profile settings for domain networks
firewallProfilePublic windowsFirewallNetworkProfile Configures the firewall profile settings for public networks
firewallProfilePrivate windowsFirewallNetworkProfile Configures the firewall profile settings for private networks
defenderAttackSurfaceReductionExcludedPaths String collection List of exe files and folders to be excluded from attack surface reduction rules
defenderGuardedFoldersAllowedAppPaths String collection List of paths to exe that are allowed to access protected folders
defenderAdditionalGuardedFolders String collection List of folder paths to be added to the list of protected folders
defenderExploitProtectionXml Binary Xml content containing information regarding exploit protection details.
defenderExploitProtectionXmlFileName String Name of the file from which DefenderExploitProtectionXml was obtained.
defenderSecurityCenterBlockExploitProtectionOverride Boolean Indicates whether or not to block user from overriding Exploit Protection settings.
appLockerApplicationControl appLockerApplicationControlType Enables the Admin to choose what types of app to allow on devices. Possible values are: notConfigured, enforceComponentsAndStoreApps, auditComponentsAndStoreApps, enforceComponentsStoreAppsAndSmartlocker, auditComponentsStoreAppsAndSmartlocker.
smartScreenEnableInShell Boolean Allows IT Admins to configure SmartScreen for Windows.
smartScreenBlockOverrideForFiles Boolean Allows IT Admins to control whether users can ignore SmartScreen warnings and run malicious files.
applicationGuardEnabled Boolean Enable Windows Defender Application Guard
applicationGuardBlockFileTransfer applicationGuardBlockFileTransferType Block clipboard to transfer image file, text file or neither of them. Possible values are: notConfigured, blockImageAndTextFile, blockImageFile, blockNone, blockTextFile.
applicationGuardBlockNonEnterpriseContent Boolean Block enterprise sites to load non-enterprise content, such as third party plug-ins
applicationGuardAllowPersistence Boolean Allow persisting user generated data inside the App Guard Containter (favorites, cookies, web passwords, etc.)
applicationGuardForceAuditing Boolean Force auditing will persist Windows logs and events to meet security/compliance criteria (sample events are user login-logoff, use of privilege rights, software installation, system changes, etc.)
applicationGuardBlockClipboardSharing applicationGuardBlockClipboardSharingType Block clipboard to share data from Host to Container, or from Container to Host, or both ways, or neither ways. Possible values are: notConfigured, blockBoth, blockHostToContainer, blockContainerToHost, blockNone.
applicationGuardAllowPrintToPDF Boolean Allow printing to PDF from Container
applicationGuardAllowPrintToXPS Boolean Allow printing to XPS from Container
applicationGuardAllowPrintToLocalPrinters Boolean Allow printing to Local Printers from Container
applicationGuardAllowPrintToNetworkPrinters Boolean Allow printing to Network Printers from Container
bitLockerDisableWarningForOtherDiskEncryption Boolean Allows the Admin to disable the warning prompt for other disk encryption on the user machines.
bitLockerEnableStorageCardEncryptionOnMobile Boolean Allows the admin to require encryption to be turned on using BitLocker. This policy is valid only for a mobile SKU.
bitLockerEncryptDevice Boolean Allows the admin to require encryption to be turned on using BitLocker.
bitLockerRemovableDrivePolicy bitLockerRemovableDrivePolicy BitLocker Removable Drive Policy.

Relationships

Relationship Type Description
assignments deviceConfigurationAssignment collection The list of assignments for the device configuration profile. Inherited from deviceConfiguration
deviceStatuses deviceConfigurationDeviceStatus collection Device configuration installation status by device. Inherited from deviceConfiguration
userStatuses deviceConfigurationUserStatus collection Device configuration installation status by user. Inherited from deviceConfiguration
deviceStatusOverview deviceConfigurationDeviceOverview Device Configuration devices status overview Inherited from deviceConfiguration
userStatusOverview deviceConfigurationUserOverview Device Configuration users status overview Inherited from deviceConfiguration
deviceSettingStateSummaries settingStateDeviceSummary collection Device Configuration Setting State Device Summary Inherited from deviceConfiguration

JSON Representation

Here is a JSON representation of the resource.

{
  "@odata.type": "#microsoft.graph.windows10EndpointProtectionConfiguration",
  "id": "String (identifier)",
  "lastModifiedDateTime": "String (timestamp)",
  "createdDateTime": "String (timestamp)",
  "description": "String",
  "displayName": "String",
  "version": 1024,
  "firewallBlockStatefulFTP": true,
  "firewallIdleTimeoutForSecurityAssociationInSeconds": 1024,
  "firewallPreSharedKeyEncodingMethod": "String",
  "firewallIPSecExemptionsAllowNeighborDiscovery": true,
  "firewallIPSecExemptionsAllowICMP": true,
  "firewallIPSecExemptionsAllowRouterDiscovery": true,
  "firewallIPSecExemptionsAllowDHCP": true,
  "firewallCertificateRevocationListCheckMethod": "String",
  "firewallMergeKeyingModuleSettings": true,
  "firewallPacketQueueingMethod": "String",
  "firewallProfileDomain": {
    "@odata.type": "microsoft.graph.windowsFirewallNetworkProfile",
    "firewallEnabled": "String",
    "stealthModeBlocked": true,
    "incomingTrafficBlocked": true,
    "unicastResponsesToMulticastBroadcastsBlocked": true,
    "inboundNotificationsBlocked": true,
    "authorizedApplicationRulesFromGroupPolicyMerged": true,
    "globalPortRulesFromGroupPolicyMerged": true,
    "connectionSecurityRulesFromGroupPolicyMerged": true,
    "outboundConnectionsBlocked": true,
    "inboundConnectionsBlocked": true,
    "securedPacketExemptionAllowed": true,
    "policyRulesFromGroupPolicyMerged": true
  },
  "firewallProfilePublic": {
    "@odata.type": "microsoft.graph.windowsFirewallNetworkProfile",
    "firewallEnabled": "String",
    "stealthModeBlocked": true,
    "incomingTrafficBlocked": true,
    "unicastResponsesToMulticastBroadcastsBlocked": true,
    "inboundNotificationsBlocked": true,
    "authorizedApplicationRulesFromGroupPolicyMerged": true,
    "globalPortRulesFromGroupPolicyMerged": true,
    "connectionSecurityRulesFromGroupPolicyMerged": true,
    "outboundConnectionsBlocked": true,
    "inboundConnectionsBlocked": true,
    "securedPacketExemptionAllowed": true,
    "policyRulesFromGroupPolicyMerged": true
  },
  "firewallProfilePrivate": {
    "@odata.type": "microsoft.graph.windowsFirewallNetworkProfile",
    "firewallEnabled": "String",
    "stealthModeBlocked": true,
    "incomingTrafficBlocked": true,
    "unicastResponsesToMulticastBroadcastsBlocked": true,
    "inboundNotificationsBlocked": true,
    "authorizedApplicationRulesFromGroupPolicyMerged": true,
    "globalPortRulesFromGroupPolicyMerged": true,
    "connectionSecurityRulesFromGroupPolicyMerged": true,
    "outboundConnectionsBlocked": true,
    "inboundConnectionsBlocked": true,
    "securedPacketExemptionAllowed": true,
    "policyRulesFromGroupPolicyMerged": true
  },
  "defenderAttackSurfaceReductionExcludedPaths": [
    "String"
  ],
  "defenderGuardedFoldersAllowedAppPaths": [
    "String"
  ],
  "defenderAdditionalGuardedFolders": [
    "String"
  ],
  "defenderExploitProtectionXml": "binary",
  "defenderExploitProtectionXmlFileName": "String",
  "defenderSecurityCenterBlockExploitProtectionOverride": true,
  "appLockerApplicationControl": "String",
  "smartScreenEnableInShell": true,
  "smartScreenBlockOverrideForFiles": true,
  "applicationGuardEnabled": true,
  "applicationGuardBlockFileTransfer": "String",
  "applicationGuardBlockNonEnterpriseContent": true,
  "applicationGuardAllowPersistence": true,
  "applicationGuardForceAuditing": true,
  "applicationGuardBlockClipboardSharing": "String",
  "applicationGuardAllowPrintToPDF": true,
  "applicationGuardAllowPrintToXPS": true,
  "applicationGuardAllowPrintToLocalPrinters": true,
  "applicationGuardAllowPrintToNetworkPrinters": true,
  "bitLockerDisableWarningForOtherDiskEncryption": true,
  "bitLockerEnableStorageCardEncryptionOnMobile": true,
  "bitLockerEncryptDevice": true,
  "bitLockerRemovableDrivePolicy": {
    "@odata.type": "microsoft.graph.bitLockerRemovableDrivePolicy",
    "encryptionMethod": "String",
    "requireEncryptionForWriteAccess": true,
    "blockCrossOrganizationWriteAccess": true
  }
}