deviceManagementExchangeOnPremisesPolicy resource type

Important: APIs under the / beta version in Microsoft Graph are in preview and are subject to change. Use of these APIs in production applications is not supported.

Note: Using the Microsoft Graph APIs to configure Intune controls and policies still requires that the Intune service is correctly licensed by the customer.

Singleton entity which represents the Exchange OnPremises policy configured for a tenant.


Method Return Type Description
Get deviceManagementExchangeOnPremisesPolicy deviceManagementExchangeOnPremisesPolicy Read properties and relationships of the deviceManagementExchangeOnPremisesPolicy object.
Update deviceManagementExchangeOnPremisesPolicy deviceManagementExchangeOnPremisesPolicy Update the properties of a deviceManagementExchangeOnPremisesPolicy object.


Property Type Description
id String Not yet documented
notificationContent Binary Notification text that will be sent to users quarantined by this policy. This is UTF8 encoded byte array HTML.
defaultAccessLevel deviceManagementExchangeAccessLevel Default access state in Exchange. This rule applies globally to the entire Exchange organization. Possible values are: none, allow, block, quarantine.
accessRules deviceManagementExchangeAccessRule collection The list of device access rules in Exchange. The access rules apply globally to the entire Exchange organization
knownDeviceClasses deviceManagementExchangeDeviceClass collection The list of device classes known to Exchange


Relationship Type Description
conditionalAccessSettings onPremisesConditionalAccessSettings The Exchange on premises conditional access settings. On premises conditional access will require devices to be both enrolled and compliant for mail access

JSON Representation

Here is a JSON representation of the resource.

  "@odata.type": "#microsoft.graph.deviceManagementExchangeOnPremisesPolicy",
  "id": "String (identifier)",
  "notificationContent": "binary",
  "defaultAccessLevel": "String",
  "accessRules": [
      "@odata.type": "microsoft.graph.deviceManagementExchangeAccessRule",
      "deviceClass": {
        "@odata.type": "microsoft.graph.deviceManagementExchangeDeviceClass",
        "name": "String",
        "type": "String"
      "accessLevel": "String"
  "knownDeviceClasses": [
      "@odata.type": "microsoft.graph.deviceManagementExchangeDeviceClass",
      "name": "String",
      "type": "String"