Create deviceComplianceScript

Namespace: microsoft.graph

Important: Microsoft Graph APIs under the /beta version are subject to change; production use is not supported.

Note: The Microsoft Graph API for Intune requires an active Intune license for the tenant.

Create a new deviceComplianceScript object.

This API is available in the following national cloud deployments.

Global service US Government L4 US Government L5 (DOD) China operated by 21Vianet

Permissions

One of the following permissions is required to call this API. To learn more, including how to choose permissions, see Permissions.

Permission type Permissions (from least to most privileged)
Delegated (work or school account) DeviceManagementConfiguration.ReadWrite.All, DeviceManagementManagedDevices.ReadWrite.All
Delegated (personal Microsoft account) Not supported.
Application DeviceManagementConfiguration.ReadWrite.All, DeviceManagementManagedDevices.ReadWrite.All

HTTP Request

POST /deviceManagement/deviceComplianceScripts

Request headers

Header Value
Authorization Bearer {token}. Required. Learn more about authentication and authorization.
Accept application/json

Request body

In the request body, supply a JSON representation for the deviceComplianceScript object.

The following table shows the properties that are required when you create the deviceComplianceScript.

Property Type Description
id String Unique Identifier for the device compliance script
publisher String Name of the device compliance script publisher
version String Version of the device compliance script
displayName String Name of the device compliance script
description String Description of the device compliance script
detectionScriptContent Binary The entire content of the detection powershell script
createdDateTime DateTimeOffset The timestamp of when the device compliance script was created. This property is read-only.
lastModifiedDateTime DateTimeOffset The timestamp of when the device compliance script was modified. This property is read-only.
runAsAccount runAsAccountType Indicates the type of execution context. Possible values are: system, user.
enforceSignatureCheck Boolean Indicate whether the script signature needs be checked
runAs32Bit Boolean Indicate whether PowerShell script(s) should run as 32-bit
roleScopeTagIds String collection List of Scope Tag IDs for the device compliance script

Response

If successful, this method returns a 201 Created response code and a deviceComplianceScript object in the response body.

Example

Request

Here is an example of the request.

POST https://graph.microsoft.com/beta/deviceManagement/deviceComplianceScripts
Content-type: application/json
Content-length: 420

{
  "@odata.type": "#microsoft.graph.deviceComplianceScript",
  "publisher": "Publisher value",
  "version": "Version value",
  "displayName": "Display Name value",
  "description": "Description value",
  "detectionScriptContent": "ZGV0ZWN0aW9uU2NyaXB0Q29udGVudA==",
  "runAsAccount": "user",
  "enforceSignatureCheck": true,
  "runAs32Bit": true,
  "roleScopeTagIds": [
    "Role Scope Tag Ids value"
  ]
}

Response

Here is an example of the response. Note: The response object shown here may be truncated for brevity. All of the properties will be returned from an actual call.

HTTP/1.1 201 Created
Content-Type: application/json
Content-Length: 592

{
  "@odata.type": "#microsoft.graph.deviceComplianceScript",
  "id": "14e72a7b-2a7b-14e7-7b2a-e7147b2ae714",
  "publisher": "Publisher value",
  "version": "Version value",
  "displayName": "Display Name value",
  "description": "Description value",
  "detectionScriptContent": "ZGV0ZWN0aW9uU2NyaXB0Q29udGVudA==",
  "createdDateTime": "2017-01-01T00:02:43.5775965-08:00",
  "lastModifiedDateTime": "2017-01-01T00:00:35.1329464-08:00",
  "runAsAccount": "user",
  "enforceSignatureCheck": true,
  "runAs32Bit": true,
  "roleScopeTagIds": [
    "Role Scope Tag Ids value"
  ]
}