Microsoft Graph API bug in device compliance policies for iOS devices - device lock timeout settings

Dancing Strawberry 101 Reputation points
2021-03-19T19:50:48.687+00:00

Not sure if this is the right place to post this, please direct me to the appropriate place if it isn't.

I'm using a Microsoft 365 E5 developer account.

Found what looks like a bug while using the graph explorer; getting Device Compliance Policy data via this graph api call:

https://graph.microsoft.com/v1.0/deviceManagement/deviceCompliancePolicies

Looking at an iOS compliance policy I set up on the Endpoint Manager admin center:
79715-image.png

And then looking at the corresponding retrieved properties from the graph api:

79755-image.png

I believe the setting "Maximum minutes of inactivity until screen locks" should correspond to the key "passcodeMinutesOfInactivityBeforeLock", but instead the key is crossed with the setting "Maximum minutes after screen lock before password is required" with the value 5; there's a subtle difference. And there does not exist a second key-value pair corresponding to the other password setting with the value 1, as shown on the endpoint manager screenshot.

I guess my question is, can this get fixed asap? Thanks!

Microsoft Graph
Microsoft Graph
A Microsoft programmability model that exposes REST APIs and client libraries to access data on Microsoft 365 services.
11,337 questions
Microsoft Intune
Microsoft Intune
A Microsoft cloud-based management solution that offers mobile device management, mobile application management, and PC management capabilities.
4,699 questions
{count} votes

Accepted answer
  1. Danstan Onyango 3,816 Reputation points Microsoft Employee
    2021-03-24T19:08:33.203+00:00

    This works as expected. Try calling the beta API which has the other field too and you will see the difference. See below

     {
            "@odata.context": "https://graph.microsoft.com/beta/$metadata#deviceManagement/deviceCompliancePolicies",
            "value": [
                {
                    "@odata.type": "#microsoft.graph.iosCompliancePolicy",
                    "roleScopeTagIds": [
                        "0"
                    ],
                    ...
                    "passcodeBlockSimple": false,
                    "passcodeExpirationDays": 60,
                    "passcodeMinimumLength": 8,
                    "passcodeMinutesOfInactivityBeforeLock": 5,
                    "passcodeMinutesOfInactivityBeforeScreenTimeout": 1,
                    ...
                }
            ]
        }
    

0 additional answers

Sort by: Most helpful