windowsManagedDevice resource type

Important: Microsoft Graph APIs under the /beta version are subject to change; production use is not supported.

Note: The Microsoft Graph API for Intune requires an active Intune license for the tenant.

Windows devices that are managed or pre-enrolled through Intune

Inherits from managedDevice

Methods

Method Return Type Description
List windowsManagedDevices windowsManagedDevice collection List properties and relationships of the windowsManagedDevice objects.
Get windowsManagedDevice windowsManagedDevice Read properties and relationships of the windowsManagedDevice object.
Create windowsManagedDevice windowsManagedDevice Create a new windowsManagedDevice object.
Delete windowsManagedDevice None Deletes a windowsManagedDevice.
Update windowsManagedDevice windowsManagedDevice Update the properties of a windowsManagedDevice object.

Properties

Property Type Description
id String Unique Identifier for the device Inherited from managedDevice
userId String Unique Identifier for the user associated with the device Inherited from managedDevice
deviceName String Name of the device Inherited from managedDevice
hardwareInformation hardwareInformation The hardward details for the device. Includes information such as storage space, manufacturer, serial number, etc. Inherited from managedDevice
ownerType ownerType Ownership of the device. Can be 'company' or 'personal' Inherited from managedDevice. Possible values are: unknown, company, personal.
managedDeviceOwnerType managedDeviceOwnerType Ownership of the device. Can be 'company' or 'personal' Inherited from managedDevice. Possible values are: unknown, company, personal.
deviceActionResults deviceActionResult collection List of ComplexType deviceActionResult objects. Inherited from managedDevice
managementState managementState Management state of the device. Inherited from managedDevice. Possible values are: managed, retirePending, retireFailed, wipePending, wipeFailed, unhealthy, deletePending, retireIssued, wipeIssued, wipeCanceled, retireCanceled, discovered.
enrolledDateTime DateTimeOffset Enrollment time of the device. Inherited from managedDevice
lastSyncDateTime DateTimeOffset The date and time that the device last completed a successful sync with Intune. Inherited from managedDevice
chassisType chassisType Chassis type of the device. Inherited from managedDevice. Possible values are: unknown, desktop, laptop, worksWorkstation, enterpriseServer, phone, tablet, mobileOther, mobileUnknown.
operatingSystem String Operating system of the device. Windows, iOS, etc. Inherited from managedDevice
deviceType deviceType Platform of the device. Inherited from managedDevice. Possible values are: desktop, windowsRT, winMO6, nokia, windowsPhone, mac, winCE, winEmbedded, iPhone, iPad, iPod, android, iSocConsumer, unix, macMDM, holoLens, surfaceHub, androidForWork, androidEnterprise, blackberry, palm, unknown.
complianceState complianceState Compliance state of the device. Inherited from managedDevice. Possible values are: unknown, compliant, noncompliant, conflict, error, inGracePeriod, configManager.
jailBroken String whether the device is jail broken or rooted. Inherited from managedDevice
managementAgent managementAgentType Management channel of the device. Intune, EAS, etc. Inherited from managedDevice. Possible values are: eas, mdm, easMdm, intuneClient, easIntuneClient, configurationManagerClient, configurationManagerClientMdm, configurationManagerClientMdmEas, unknown, jamf, googleCloudDevicePolicyController, microsoft365ManagedMdm.
osVersion String Operating system version of the device. Inherited from managedDevice
easActivated Boolean Whether the device is Exchange ActiveSync activated. Inherited from managedDevice
easDeviceId String Exchange ActiveSync Id of the device. Inherited from managedDevice
easActivationDateTime DateTimeOffset Exchange ActivationSync activation time of the device. Inherited from managedDevice
aadRegistered Boolean Whether the device is Azure Active Directory registered. Inherited from managedDevice
azureADRegistered Boolean Whether the device is Azure Active Directory registered. Inherited from managedDevice
deviceEnrollmentType deviceEnrollmentType Enrollment type of the device. Inherited from managedDevice. Possible values are: unknown, userEnrollment, deviceEnrollmentManager, appleBulkWithUser, appleBulkWithoutUser, windowsAzureADJoin, windowsBulkUserless, windowsAutoEnrollment, windowsBulkAzureDomainJoin, windowsCoManagement.
lostModeState lostModeState Indicates if Lost mode is enabled or disabled Inherited from managedDevice. Possible values are: disabled, enabled.
activationLockBypassCode String Code that allows the Activation Lock on a device to be bypassed. Inherited from managedDevice
emailAddress String Email(s) for the user associated with the device Inherited from managedDevice
azureActiveDirectoryDeviceId String The unique identifier for the Azure Active Directory device. Read only. Inherited from managedDevice
azureADDeviceId String The unique identifier for the Azure Active Directory device. Read only. Inherited from managedDevice
deviceRegistrationState deviceRegistrationState Device registration state. Inherited from managedDevice. Possible values are: notRegistered, registered, revoked, keyConflict, approvalPending, certificateReset, notRegisteredPendingEnrollment, unknown.
deviceCategoryDisplayName String Device category display name Inherited from managedDevice
isSupervised Boolean Device supervised status Inherited from managedDevice
exchangeLastSuccessfulSyncDateTime DateTimeOffset Last time the device contacted Exchange. Inherited from managedDevice
exchangeAccessState deviceManagementExchangeAccessState The Access State of the device in Exchange. Inherited from managedDevice. Possible values are: none, unknown, allowed, blocked, quarantined.
exchangeAccessStateReason deviceManagementExchangeAccessStateReason The reason for the device's access state in Exchange. Inherited from managedDevice. Possible values are: none, unknown, exchangeGlobalRule, exchangeIndividualRule, exchangeDeviceRule, exchangeUpgrade, exchangeMailboxPolicy, other, compliant, notCompliant, notEnrolled, unknownLocation, mfaRequired, azureADBlockDueToAccessPolicy, compromisedPassword, deviceNotKnownWithManagedApp.
remoteAssistanceSessionUrl String Url that allows a Remote Assistance session to be established with the device. Inherited from managedDevice
remoteAssistanceSessionErrorDetails String An error string that identifies issues when creating Remote Assistance session objects. Inherited from managedDevice
isEncrypted Boolean Device encryption status Inherited from managedDevice
userPrincipalName String Device user principal name Inherited from managedDevice
model String Model of the device Inherited from managedDevice
manufacturer String Manufacturer of the device Inherited from managedDevice
imei String IMEI Inherited from managedDevice
complianceGracePeriodExpirationDateTime DateTimeOffset The DateTime when device compliance grace period expires Inherited from managedDevice
serialNumber String SerialNumber Inherited from managedDevice
phoneNumber String Phone number of the device Inherited from managedDevice
androidSecurityPatchLevel String Android security patch level Inherited from managedDevice
userDisplayName String User display name Inherited from managedDevice
configurationManagerClientEnabledFeatures configurationManagerClientEnabledFeatures ConfigrMgr client enabled features Inherited from managedDevice
wiFiMacAddress String Wi-Fi MAC Inherited from managedDevice
deviceHealthAttestationState deviceHealthAttestationState The device health attestation state. Inherited from managedDevice
subscriberCarrier String Subscriber Carrier Inherited from managedDevice
meid String MEID Inherited from managedDevice
totalStorageSpaceInBytes Int64 Total Storage in Bytes Inherited from managedDevice
freeStorageSpaceInBytes Int64 Free Storage in Bytes Inherited from managedDevice
managedDeviceName String Automatically generated name to identify a device. Can be overwritten to a user friendly name. Inherited from managedDevice
partnerReportedThreatState managedDevicePartnerReportedHealthState Indicates the threat state of a device when a Mobile Threat Defense partner is in use by the account and device. Read Only. Inherited from managedDevice. Possible values are: unknown, activated, deactivated, secured, lowSeverity, mediumSeverity, highSeverity, unresponsive, compromised, misconfigured.
retireAfterDateTime DateTimeOffset Indicates the time after when a device will be auto retired because of scheduled action. Inherited from managedDevice
usersLoggedOn loggedOnUser collection Indicates the last logged on users of a device Inherited from managedDevice
preferMdmOverGroupPolicyAppliedDateTime DateTimeOffset Reports the DateTime the preferMdmOverGroupPolicy setting was set. When set, the Intune MDM settings will override Group Policy settings if there is a conflict. Read Only. Inherited from managedDevice
autopilotEnrolled Boolean Reports if the managed device is enrolled via auto-pilot. Inherited from managedDevice
requireUserEnrollmentApproval Boolean Reports if the managed iOS device is user approval enrollment. Inherited from managedDevice
managementCertificateExpirationDate DateTimeOffset Reports device management certificate expiration date Inherited from managedDevice
iccid String Integrated Circuit Card Identifier, it is A SIM card's unique identification number. Inherited from managedDevice
udid String Unique Device Identifier for iOS and macOS devices. Inherited from managedDevice
roleScopeTagIds String collection List of Scope Tag IDs for this Device instance. Inherited from managedDevice
windowsActiveMalwareCount Int32 Count of active malware for this windows device Inherited from managedDevice
windowsRemediatedMalwareCount Int32 Count of remediated malware for this windows device Inherited from managedDevice
notes String Notes on the device created by IT Admin Inherited from managedDevice
configurationManagerClientHealthState configurationManagerClientHealthState Configuration manager client health state, valid only for devices managed by MDM/ConfigMgr Agent Inherited from managedDevice
configurationManagerClientInformation configurationManagerClientInformation Configuration manager client information, valid only for devices managed, duel-managed or tri-managed by ConfigMgr Agent Inherited from managedDevice

Relationships

Relationship Type Description
detectedApps detectedApp collection All applications currently installed on the device Inherited from managedDevice
deviceCategory deviceCategory Device category Inherited from managedDevice
windowsProtectionState windowsProtectionState The device protection status. Inherited from managedDevice
users user collection The primary users associated with the managed device. Inherited from managedDevice

JSON Representation

Here is a JSON representation of the resource.

{
  "@odata.type": "#microsoft.graph.windowsManagedDevice",
  "id": "String (identifier)",
  "userId": "String",
  "deviceName": "String",
  "hardwareInformation": {
    "@odata.type": "microsoft.graph.hardwareInformation",
    "serialNumber": "String",
    "totalStorageSpace": 1024,
    "freeStorageSpace": 1024,
    "imei": "String",
    "meid": "String",
    "manufacturer": "String",
    "model": "String",
    "phoneNumber": "String",
    "subscriberCarrier": "String",
    "cellularTechnology": "String",
    "wifiMac": "String",
    "operatingSystemLanguage": "String",
    "isSupervised": true,
    "isEncrypted": true,
    "isSharedDevice": true,
    "sharedDeviceCachedUsers": [
      {
        "@odata.type": "microsoft.graph.sharedAppleDeviceUser",
        "userPrincipalName": "String",
        "dataToSync": true,
        "dataQuota": 1024,
        "dataUsed": 1024
      }
    ],
    "tpmSpecificationVersion": "String",
    "operatingSystemEdition": "String",
    "deviceFullQualifiedDomainName": "String",
    "deviceGuardVirtualizationBasedSecurityHardwareRequirementState": "String",
    "deviceGuardVirtualizationBasedSecurityState": "String",
    "deviceGuardLocalSystemAuthorityCredentialGuardState": "String",
    "osBuildNumber": "String"
  },
  "ownerType": "String",
  "managedDeviceOwnerType": "String",
  "deviceActionResults": [
    {
      "@odata.type": "microsoft.graph.deviceActionResult",
      "actionName": "String",
      "actionState": "String",
      "startDateTime": "String (timestamp)",
      "lastUpdatedDateTime": "String (timestamp)"
    }
  ],
  "managementState": "String",
  "enrolledDateTime": "String (timestamp)",
  "lastSyncDateTime": "String (timestamp)",
  "chassisType": "String",
  "operatingSystem": "String",
  "deviceType": "String",
  "complianceState": "String",
  "jailBroken": "String",
  "managementAgent": "String",
  "osVersion": "String",
  "easActivated": true,
  "easDeviceId": "String",
  "easActivationDateTime": "String (timestamp)",
  "aadRegistered": true,
  "azureADRegistered": true,
  "deviceEnrollmentType": "String",
  "lostModeState": "String",
  "activationLockBypassCode": "String",
  "emailAddress": "String",
  "azureActiveDirectoryDeviceId": "String",
  "azureADDeviceId": "String",
  "deviceRegistrationState": "String",
  "deviceCategoryDisplayName": "String",
  "isSupervised": true,
  "exchangeLastSuccessfulSyncDateTime": "String (timestamp)",
  "exchangeAccessState": "String",
  "exchangeAccessStateReason": "String",
  "remoteAssistanceSessionUrl": "String",
  "remoteAssistanceSessionErrorDetails": "String",
  "isEncrypted": true,
  "userPrincipalName": "String",
  "model": "String",
  "manufacturer": "String",
  "imei": "String",
  "complianceGracePeriodExpirationDateTime": "String (timestamp)",
  "serialNumber": "String",
  "phoneNumber": "String",
  "androidSecurityPatchLevel": "String",
  "userDisplayName": "String",
  "configurationManagerClientEnabledFeatures": {
    "@odata.type": "microsoft.graph.configurationManagerClientEnabledFeatures",
    "inventory": true,
    "modernApps": true,
    "resourceAccess": true,
    "deviceConfiguration": true,
    "compliancePolicy": true,
    "windowsUpdateForBusiness": true,
    "endpointProtection": true,
    "officeApps": true
  },
  "wiFiMacAddress": "String",
  "deviceHealthAttestationState": {
    "@odata.type": "microsoft.graph.deviceHealthAttestationState",
    "lastUpdateDateTime": "String",
    "contentNamespaceUrl": "String",
    "deviceHealthAttestationStatus": "String",
    "contentVersion": "String",
    "issuedDateTime": "String (timestamp)",
    "attestationIdentityKey": "String",
    "resetCount": 1024,
    "restartCount": 1024,
    "dataExcutionPolicy": "String",
    "bitLockerStatus": "String",
    "bootManagerVersion": "String",
    "codeIntegrityCheckVersion": "String",
    "secureBoot": "String",
    "bootDebugging": "String",
    "operatingSystemKernelDebugging": "String",
    "codeIntegrity": "String",
    "testSigning": "String",
    "safeMode": "String",
    "windowsPE": "String",
    "earlyLaunchAntiMalwareDriverProtection": "String",
    "virtualSecureMode": "String",
    "pcrHashAlgorithm": "String",
    "bootAppSecurityVersion": "String",
    "bootManagerSecurityVersion": "String",
    "tpmVersion": "String",
    "pcr0": "String",
    "secureBootConfigurationPolicyFingerPrint": "String",
    "codeIntegrityPolicy": "String",
    "bootRevisionListInfo": "String",
    "operatingSystemRevListInfo": "String",
    "healthStatusMismatchInfo": "String",
    "healthAttestationSupportedStatus": "String"
  },
  "subscriberCarrier": "String",
  "meid": "String",
  "totalStorageSpaceInBytes": 1024,
  "freeStorageSpaceInBytes": 1024,
  "managedDeviceName": "String",
  "partnerReportedThreatState": "String",
  "retireAfterDateTime": "String (timestamp)",
  "usersLoggedOn": [
    {
      "@odata.type": "microsoft.graph.loggedOnUser",
      "userId": "String",
      "lastLogOnDateTime": "String (timestamp)"
    }
  ],
  "preferMdmOverGroupPolicyAppliedDateTime": "String (timestamp)",
  "autopilotEnrolled": true,
  "requireUserEnrollmentApproval": true,
  "managementCertificateExpirationDate": "String (timestamp)",
  "iccid": "String",
  "udid": "String",
  "roleScopeTagIds": [
    "String"
  ],
  "windowsActiveMalwareCount": 1024,
  "windowsRemediatedMalwareCount": 1024,
  "notes": "String",
  "configurationManagerClientHealthState": {
    "@odata.type": "microsoft.graph.configurationManagerClientHealthState",
    "state": "String",
    "errorCode": 1024,
    "lastSyncDateTime": "String (timestamp)"
  },
  "configurationManagerClientInformation": {
    "@odata.type": "microsoft.graph.configurationManagerClientInformation",
    "clientIdentifier": "String"
  }
}