Working with Intune in Microsoft Graph
Note: Using the Microsoft Graph APIs to configure Intune controls and policies still requires that the Intune service is correctly licensed by the customer.
The Microsoft Graph API for Intune enables programmatic access to Intune information for your tenant; the API performs the same Intune operations as those available through the Azure Portal.
For mobile device management (MDM) scenarios, the Microsoft Graph API for Intune supports standalone deployments; Intune hybrid deployments are not supported.
Using the Microsoft Graph API for Intune
Intune provides data into the Microsoft Graph API in the same way as other cloud services do, with rich entity information and relationship navigation. Use the Microsoft Graph API to combine information from other services and Intune to build rich cross-service applications for IT professionals or end users.
The following example shows how you can determine whether an application is installed on a user's device:
Get from Azure Active Directory a list of devices registered to a user:
Then view the list of applications for your tenant:
Take the ID from the application and determine the installation state for the application (and therefore user):
Accessing the Microsoft Graph API for Intune
Intune supports both delegated permissions and application permissions. Delegated permissions are supported for both read and write operations. Application permissions are currently supported for read operations only. Delegated and application permissions support both single tenant applications, as well as multi-tenant applications. For more information about the permissions available through Microsoft Graph, see Microsoft Graph permissions reference.
The Microsoft Graph API controls access to resources via permissions. As a developer, you must specify the permissions you need to access Intune resources. Typically, you specify the permissions in the Azure Active Directory portal. For more information, see Microsoft Graph permissions reference.