managedDevice resource type

Namespace: microsoft.graph

Important: Microsoft Graph APIs under the /beta version are subject to change; production use is not supported.

Note: The Microsoft Graph API for Intune requires an active Intune license for the tenant.

Devices that are managed or pre-enrolled through Intune

Methods

Method Return Type Description
Get managedDevice managedDevice Read properties and relationships of the managedDevice object.
Update managedDevice managedDevice Update the properties of a managedDevice object.
executeAction action bulkManagedDeviceActionResult Not yet documented
enableLostMode action None Enable lost mode
playLostModeSound action None Remote lock
setDeviceName action None Set device name of the device.
rotateFileVaultKey action None Not yet documented
getFileVaultKey function String Not yet documented
createDeviceLogCollectionRequest action deviceLogCollectionResponse Not yet documented
retire action None Retire a device
wipe action None Wipe a device
resetPasscode action None Reset passcode
remoteLock action None Remote lock
requestRemoteAssistance action None Request remote assistance
disableLostMode action None Disable lost mode
locateDevice action None Locate a device
bypassActivationLock action None Bypass activation lock
rebootNow action None Reboot device
shutDown action None Shut down device
recoverPasscode action None Recover passcode
cleanWindowsDevice action None Clean Windows device
logoutSharedAppleDeviceActiveUser action None Logout shared Apple device active user
deleteUserFromSharedAppleDevice action None Delete user from shared Apple device
syncDevice action None Not yet documented
windowsDefenderScan action None Not yet documented
windowsDefenderUpdateSignatures action None Not yet documented
updateWindowsDeviceAccount action None Not yet documented
revokeAppleVppLicenses action None Revoke all Apple Vpp licenses for a device
rotateBitLockerKeys action None Rotate BitLockerKeys
sendCustomNotificationToCompanyPortal action None Not yet documented
triggerConfigurationManagerAction action None Trigger action on ConfigurationManager client

Properties

Property Type Description
id String Unique Identifier for the device. This property is read-only.
userId String Unique Identifier for the user associated with the device. This property is read-only.
deviceName String Name of the device. This property is read-only.
hardwareInformation hardwareInformation The hardward details for the device. Includes information such as storage space, manufacturer, serial number, etc. This property is read-only.
ownerType ownerType Ownership of the device. Can be 'company' or 'personal'. Possible values are: unknown, company, personal.
managedDeviceOwnerType managedDeviceOwnerType Ownership of the device. Can be 'company' or 'personal'. Possible values are: unknown, company, personal.
deviceActionResults deviceActionResult collection List of ComplexType deviceActionResult objects. This property is read-only.
managementState managementState Management state of the device. This property is read-only. Possible values are: managed, retirePending, retireFailed, wipePending, wipeFailed, unhealthy, deletePending, retireIssued, wipeIssued, wipeCanceled, retireCanceled, discovered.
enrolledDateTime DateTimeOffset Enrollment time of the device. This property is read-only.
lastSyncDateTime DateTimeOffset The date and time that the device last completed a successful sync with Intune. This property is read-only.
chassisType chassisType Chassis type of the device. This property is read-only. Possible values are: unknown, desktop, laptop, worksWorkstation, enterpriseServer, phone, tablet, mobileOther, mobileUnknown.
operatingSystem String Operating system of the device. Windows, iOS, etc. This property is read-only.
deviceType deviceType Platform of the device. This property is read-only. Possible values are: desktop, windowsRT, winMO6, nokia, windowsPhone, mac, winCE, winEmbedded, iPhone, iPad, iPod, android, iSocConsumer, unix, macMDM, holoLens, surfaceHub, androidForWork, androidEnterprise, windows10x, androidnGMS, cloudPC, blackberry, palm, unknown.
complianceState complianceState Compliance state of the device. This property is read-only. Possible values are: unknown, compliant, noncompliant, conflict, error, inGracePeriod, configManager.
jailBroken String whether the device is jail broken or rooted. This property is read-only.
managementAgent managementAgentType Management channel of the device. Intune, EAS, etc. This property is read-only. Possible values are: eas, mdm, easMdm, intuneClient, easIntuneClient, configurationManagerClient, configurationManagerClientMdm, configurationManagerClientMdmEas, unknown, jamf, googleCloudDevicePolicyController, microsoft365ManagedMdm, windowsManagementCloudApi.
osVersion String Operating system version of the device. This property is read-only.
easActivated Boolean Whether the device is Exchange ActiveSync activated. This property is read-only.
easDeviceId String Exchange ActiveSync Id of the device. This property is read-only.
easActivationDateTime DateTimeOffset Exchange ActivationSync activation time of the device. This property is read-only.
aadRegistered Boolean Whether the device is Azure Active Directory registered. This property is read-only.
azureADRegistered Boolean Whether the device is Azure Active Directory registered. This property is read-only.
deviceEnrollmentType deviceEnrollmentType Enrollment type of the device. This property is read-only. Possible values are: unknown, userEnrollment, deviceEnrollmentManager, appleBulkWithUser, appleBulkWithoutUser, windowsAzureADJoin, windowsBulkUserless, windowsAutoEnrollment, windowsBulkAzureDomainJoin, windowsCoManagement, appleUserEnrollment, appleUserEnrollmentWithServiceAccount, azureAdJoinUsingAzureVmExtension, androidEnterpriseDedicatedDevice, androidEnterpriseFullyManaged, androidEnterpriseCorporateWorkProfile.
lostModeState lostModeState Indicates if Lost mode is enabled or disabled. This property is read-only. Possible values are: disabled, enabled.
activationLockBypassCode String Code that allows the Activation Lock on a device to be bypassed. This property is read-only.
emailAddress String Email(s) for the user associated with the device. This property is read-only.
azureActiveDirectoryDeviceId String The unique identifier for the Azure Active Directory device. Read only. This property is read-only.
azureADDeviceId String The unique identifier for the Azure Active Directory device. Read only. This property is read-only.
deviceRegistrationState deviceRegistrationState Device registration state. This property is read-only. Possible values are: notRegistered, registered, revoked, keyConflict, approvalPending, certificateReset, notRegisteredPendingEnrollment, unknown.
deviceCategoryDisplayName String Device category display name. This property is read-only.
isSupervised Boolean Device supervised status. This property is read-only.
exchangeLastSuccessfulSyncDateTime DateTimeOffset Last time the device contacted Exchange. This property is read-only.
exchangeAccessState deviceManagementExchangeAccessState The Access State of the device in Exchange. This property is read-only. Possible values are: none, unknown, allowed, blocked, quarantined.
exchangeAccessStateReason deviceManagementExchangeAccessStateReason The reason for the device's access state in Exchange. This property is read-only. Possible values are: none, unknown, exchangeGlobalRule, exchangeIndividualRule, exchangeDeviceRule, exchangeUpgrade, exchangeMailboxPolicy, other, compliant, notCompliant, notEnrolled, unknownLocation, mfaRequired, azureADBlockDueToAccessPolicy, compromisedPassword, deviceNotKnownWithManagedApp.
remoteAssistanceSessionUrl String Url that allows a Remote Assistance session to be established with the device. This property is read-only.
remoteAssistanceSessionErrorDetails String An error string that identifies issues when creating Remote Assistance session objects. This property is read-only.
isEncrypted Boolean Device encryption status. This property is read-only.
userPrincipalName String Device user principal name. This property is read-only.
model String Model of the device. This property is read-only.
manufacturer String Manufacturer of the device. This property is read-only.
imei String IMEI. This property is read-only.
complianceGracePeriodExpirationDateTime DateTimeOffset The DateTime when device compliance grace period expires. This property is read-only.
serialNumber String SerialNumber. This property is read-only.
phoneNumber String Phone number of the device. This property is read-only.
androidSecurityPatchLevel String Android security patch level. This property is read-only.
userDisplayName String User display name. This property is read-only.
configurationManagerClientEnabledFeatures configurationManagerClientEnabledFeatures ConfigrMgr client enabled features. This property is read-only.
wiFiMacAddress String Wi-Fi MAC. This property is read-only.
deviceHealthAttestationState deviceHealthAttestationState The device health attestation state. This property is read-only.
subscriberCarrier String Subscriber Carrier. This property is read-only.
meid String MEID. This property is read-only.
totalStorageSpaceInBytes Int64 Total Storage in Bytes. This property is read-only.
freeStorageSpaceInBytes Int64 Free Storage in Bytes. This property is read-only.
managedDeviceName String Automatically generated name to identify a device. Can be overwritten to a user friendly name.
partnerReportedThreatState managedDevicePartnerReportedHealthState Indicates the threat state of a device when a Mobile Threat Defense partner is in use by the account and device. Read Only. This property is read-only. Possible values are: unknown, activated, deactivated, secured, lowSeverity, mediumSeverity, highSeverity, unresponsive, compromised, misconfigured.
retireAfterDateTime DateTimeOffset Indicates the time after when a device will be auto retired because of scheduled action. This property is read-only.
usersLoggedOn loggedOnUser collection Indicates the last logged on users of a device. This property is read-only.
preferMdmOverGroupPolicyAppliedDateTime DateTimeOffset Reports the DateTime the preferMdmOverGroupPolicy setting was set. When set, the Intune MDM settings will override Group Policy settings if there is a conflict. Read Only. This property is read-only.
autopilotEnrolled Boolean Reports if the managed device is enrolled via auto-pilot. This property is read-only.
requireUserEnrollmentApproval Boolean Reports if the managed iOS device is user approval enrollment. This property is read-only.
managementCertificateExpirationDate DateTimeOffset Reports device management certificate expiration date. This property is read-only.
iccid String Integrated Circuit Card Identifier, it is A SIM card's unique identification number. This property is read-only.
udid String Unique Device Identifier for iOS and macOS devices. This property is read-only.
roleScopeTagIds String collection List of Scope Tag IDs for this Device instance.
windowsActiveMalwareCount Int32 Count of active malware for this windows device. This property is read-only.
windowsRemediatedMalwareCount Int32 Count of remediated malware for this windows device. This property is read-only.
notes String Notes on the device created by IT Admin
configurationManagerClientHealthState configurationManagerClientHealthState Configuration manager client health state, valid only for devices managed by MDM/ConfigMgr Agent
configurationManagerClientInformation configurationManagerClientInformation Configuration manager client information, valid only for devices managed, duel-managed or tri-managed by ConfigMgr Agent
ethernetMacAddress String Ethernet MAC. This property is read-only.
physicalMemoryInBytes Int64 Total Memory in Bytes. This property is read-only.
processorArchitecture managedDeviceArchitecture Processor architecture. This property is read-only. Possible values are: unknown, x86, x64, arm, arM64.
specificationVersion String Specification version. This property is read-only.
joinType joinType Device join type. Possible values are: unknown, azureADJoined, azureADRegistered, hybridAzureADJoined.
skuFamily String Device sku family
skuNumber Int32 Device sku number, see also: https://docs.microsoft.com/windows/win32/api/sysinfoapi/nf-sysinfoapi-getproductinfo. Valid values 0 to 2147483647. This property is read-only.
managementFeatures managedDeviceManagementFeatures Device management features. Possible values are: none, microsoftManagedDesktop.

Relationships

Relationship Type Description
detectedApps detectedApp collection All applications currently installed on the device
deviceCategory deviceCategory Device category
windowsProtectionState windowsProtectionState The device protection status.
users user collection The primary users associated with the managed device.
logCollectionRequests deviceLogCollectionResponse collection List of log collection requests

JSON Representation

Here is a JSON representation of the resource.

{
  "@odata.type": "#microsoft.graph.managedDevice",
  "id": "String (identifier)",
  "userId": "String",
  "deviceName": "String",
  "hardwareInformation": {
    "@odata.type": "microsoft.graph.hardwareInformation",
    "serialNumber": "String",
    "totalStorageSpace": 1024,
    "freeStorageSpace": 1024,
    "imei": "String",
    "meid": "String",
    "manufacturer": "String",
    "model": "String",
    "phoneNumber": "String",
    "subscriberCarrier": "String",
    "cellularTechnology": "String",
    "wifiMac": "String",
    "operatingSystemLanguage": "String",
    "isSupervised": true,
    "isEncrypted": true,
    "batterySerialNumber": "String",
    "batteryHealthPercentage": 1024,
    "batteryChargeCycles": 1024,
    "isSharedDevice": true,
    "sharedDeviceCachedUsers": [
      {
        "@odata.type": "microsoft.graph.sharedAppleDeviceUser",
        "userPrincipalName": "String",
        "dataToSync": true,
        "dataQuota": 1024,
        "dataUsed": 1024
      }
    ],
    "tpmSpecificationVersion": "String",
    "operatingSystemEdition": "String",
    "deviceFullQualifiedDomainName": "String",
    "deviceGuardVirtualizationBasedSecurityHardwareRequirementState": "String",
    "deviceGuardVirtualizationBasedSecurityState": "String",
    "deviceGuardLocalSystemAuthorityCredentialGuardState": "String",
    "osBuildNumber": "String",
    "operatingSystemProductType": 1024
  },
  "ownerType": "String",
  "managedDeviceOwnerType": "String",
  "deviceActionResults": [
    {
      "@odata.type": "microsoft.graph.deviceActionResult",
      "actionName": "String",
      "actionState": "String",
      "startDateTime": "String (timestamp)",
      "lastUpdatedDateTime": "String (timestamp)"
    }
  ],
  "managementState": "String",
  "enrolledDateTime": "String (timestamp)",
  "lastSyncDateTime": "String (timestamp)",
  "chassisType": "String",
  "operatingSystem": "String",
  "deviceType": "String",
  "complianceState": "String",
  "jailBroken": "String",
  "managementAgent": "String",
  "osVersion": "String",
  "easActivated": true,
  "easDeviceId": "String",
  "easActivationDateTime": "String (timestamp)",
  "aadRegistered": true,
  "azureADRegistered": true,
  "deviceEnrollmentType": "String",
  "lostModeState": "String",
  "activationLockBypassCode": "String",
  "emailAddress": "String",
  "azureActiveDirectoryDeviceId": "String",
  "azureADDeviceId": "String",
  "deviceRegistrationState": "String",
  "deviceCategoryDisplayName": "String",
  "isSupervised": true,
  "exchangeLastSuccessfulSyncDateTime": "String (timestamp)",
  "exchangeAccessState": "String",
  "exchangeAccessStateReason": "String",
  "remoteAssistanceSessionUrl": "String",
  "remoteAssistanceSessionErrorDetails": "String",
  "isEncrypted": true,
  "userPrincipalName": "String",
  "model": "String",
  "manufacturer": "String",
  "imei": "String",
  "complianceGracePeriodExpirationDateTime": "String (timestamp)",
  "serialNumber": "String",
  "phoneNumber": "String",
  "androidSecurityPatchLevel": "String",
  "userDisplayName": "String",
  "configurationManagerClientEnabledFeatures": {
    "@odata.type": "microsoft.graph.configurationManagerClientEnabledFeatures",
    "inventory": true,
    "modernApps": true,
    "resourceAccess": true,
    "deviceConfiguration": true,
    "compliancePolicy": true,
    "windowsUpdateForBusiness": true,
    "endpointProtection": true,
    "officeApps": true
  },
  "wiFiMacAddress": "String",
  "deviceHealthAttestationState": {
    "@odata.type": "microsoft.graph.deviceHealthAttestationState",
    "lastUpdateDateTime": "String",
    "contentNamespaceUrl": "String",
    "deviceHealthAttestationStatus": "String",
    "contentVersion": "String",
    "issuedDateTime": "String (timestamp)",
    "attestationIdentityKey": "String",
    "resetCount": 1024,
    "restartCount": 1024,
    "dataExcutionPolicy": "String",
    "bitLockerStatus": "String",
    "bootManagerVersion": "String",
    "codeIntegrityCheckVersion": "String",
    "secureBoot": "String",
    "bootDebugging": "String",
    "operatingSystemKernelDebugging": "String",
    "codeIntegrity": "String",
    "testSigning": "String",
    "safeMode": "String",
    "windowsPE": "String",
    "earlyLaunchAntiMalwareDriverProtection": "String",
    "virtualSecureMode": "String",
    "pcrHashAlgorithm": "String",
    "bootAppSecurityVersion": "String",
    "bootManagerSecurityVersion": "String",
    "tpmVersion": "String",
    "pcr0": "String",
    "secureBootConfigurationPolicyFingerPrint": "String",
    "codeIntegrityPolicy": "String",
    "bootRevisionListInfo": "String",
    "operatingSystemRevListInfo": "String",
    "healthStatusMismatchInfo": "String",
    "healthAttestationSupportedStatus": "String"
  },
  "subscriberCarrier": "String",
  "meid": "String",
  "totalStorageSpaceInBytes": 1024,
  "freeStorageSpaceInBytes": 1024,
  "managedDeviceName": "String",
  "partnerReportedThreatState": "String",
  "retireAfterDateTime": "String (timestamp)",
  "usersLoggedOn": [
    {
      "@odata.type": "microsoft.graph.loggedOnUser",
      "userId": "String",
      "lastLogOnDateTime": "String (timestamp)"
    }
  ],
  "preferMdmOverGroupPolicyAppliedDateTime": "String (timestamp)",
  "autopilotEnrolled": true,
  "requireUserEnrollmentApproval": true,
  "managementCertificateExpirationDate": "String (timestamp)",
  "iccid": "String",
  "udid": "String",
  "roleScopeTagIds": [
    "String"
  ],
  "windowsActiveMalwareCount": 1024,
  "windowsRemediatedMalwareCount": 1024,
  "notes": "String",
  "configurationManagerClientHealthState": {
    "@odata.type": "microsoft.graph.configurationManagerClientHealthState",
    "state": "String",
    "errorCode": 1024,
    "lastSyncDateTime": "String (timestamp)"
  },
  "configurationManagerClientInformation": {
    "@odata.type": "microsoft.graph.configurationManagerClientInformation",
    "clientIdentifier": "String",
    "isBlocked": true
  },
  "ethernetMacAddress": "String",
  "physicalMemoryInBytes": 1024,
  "processorArchitecture": "String",
  "specificationVersion": "String",
  "joinType": "String",
  "skuFamily": "String",
  "skuNumber": 1024,
  "managementFeatures": "String"
}