Working with Intune in Microsoft Graph  

Important: APIs under the /beta version in Microsoft Graph are in preview and are subject to change. Use of these APIs in production applications is not supported.

Note: Using the Microsoft Graph APIs to configure Intune controls and policies still requires that the Intune service is correctly licensed by the customer.

The Microsoft Graph API for Intune enables programmatic access to Intune information for your tenant; the API performs the same Intune operations as those available through the Azure Portal.  

For mobile device management (MDM) scenarios, the Microsoft Graph API for Intune supports standalone deployments; Intune hybrid deployments are not supported.

Using the Microsoft Graph API for Intune

Intune provides data into Microsoft Graph in the same way as other cloud services do, with rich entity information and relationship navigation. Use Microsoft Graph to combine information from other services and Intune to build rich cross-service applications for IT professionals or end users.     

The following example shows how you can determine whether an application is installed on a user's device: 

  1. Get from Azure Active Directory a list of devices registered to a user: 

    https://graph.microsoft.com/beta/users/{user}/ownedDevices 

  2. Then view the list of applications for your tenant: 

    https://graph.microsoft.com/beta/deviceAppManagement/mobileApps  

  3. Take the ID from the application and determine the installation state for the application (and therefore user):

    https://graph.microsoft.com/beta/deviceAppManagement/mobileApps/{id}/deviceStatuses/

Using Microsoft Graph permissions

Microsof Graph controls access to resources via permissions. As a developer, you must specify the permissions you need to access Intune resources. Typically, you specify the permissions in the Azure Active Directory portal. For more information, see Microsoft Graph permissions reference.

Next Steps