Update windowsManagedDevice
Namespace: microsoft.graph
Important: Microsoft Graph APIs under the /beta version are subject to change; production use is not supported.
Note: The Microsoft Graph API for Intune requires an active Intune license for the tenant.
Update the properties of a windowsManagedDevice object.
This API is available in the following national cloud deployments.
| Global service | US Government L4 | US Government L5 (DOD) | China operated by 21Vianet |
|---|---|---|---|
| ✅ | ✅ | ✅ | ✅ |
Permissions
One of the following permissions is required to call this API. To learn more, including how to choose permissions, see Permissions.
| Permission type | Permissions (from least to most privileged) |
|---|---|
| Delegated (work or school account) | DeviceManagementConfiguration.ReadWrite.All, DeviceManagementManagedDevices.ReadWrite.All |
| Delegated (personal Microsoft account) | Not supported. |
| Application | DeviceManagementConfiguration.ReadWrite.All, DeviceManagementManagedDevices.ReadWrite.All |
HTTP Request
PATCH /deviceManagement/managedDevices/{managedDeviceId}
PATCH /deviceManagement/comanagedDevices/{managedDeviceId}
PATCH /deviceManagement/deviceHealthScripts/{deviceHealthScriptId}/deviceRunStates/{deviceHealthScriptDeviceStateId}/managedDevice
PATCH /deviceManagement/deviceManagementScripts/{deviceManagementScriptId}/deviceRunStates/{deviceManagementScriptDeviceStateId}/managedDevice
PATCH /deviceManagement/deviceComplianceScripts/{deviceComplianceScriptId}/deviceRunStates/{deviceComplianceScriptDeviceStateId}/managedDevice
PATCH /deviceManagement/deviceManagementScripts/{deviceManagementScriptId}/deviceRunStates/{deviceManagementScriptDeviceStateId}/managedDevice/users/{userId}/managedDevices/{managedDeviceId}
PATCH /deviceManagement/deviceManagementScripts/{deviceManagementScriptId}/deviceRunStates/{deviceManagementScriptDeviceStateId}/managedDevice/detectedApps/{detectedAppId}/managedDevices/{managedDeviceId}
Request headers
| Header | Value |
|---|---|
| Authorization | Bearer {token}. Required. Learn more about authentication and authorization. |
| Accept | application/json |
Request body
In the request body, supply a JSON representation for the windowsManagedDevice object.
The following table shows the properties that are required when you create the windowsManagedDevice.
| Property | Type | Description |
|---|---|---|
| id | String | Unique Identifier for the device. This property is read-only. Inherited from managedDevice |
| userId | String | Unique Identifier for the user associated with the device. This property is read-only. Inherited from managedDevice |
| deviceName | String | Name of the device. This property is read-only. Inherited from managedDevice |
| hardwareInformation | hardwareInformation | The hardward details for the device. Includes information such as storage space, manufacturer, serial number, etc. By default most property of this type are set to null/0/false and enum defaults for associated types. To retrieve actual values GET call needs to be made, with device id and included in select parameter. Supports: $select. $Search is not supported. Read-only. This property is read-only. Inherited from managedDevice |
| ownerType | ownerType | Ownership of the device. Possible values are, 'company' or 'personal'. Default is unknown. Supports $filter operator 'eq' and 'or'. Inherited from managedDevice. Possible values are: unknown, company, personal. |
| managedDeviceOwnerType | managedDeviceOwnerType | Ownership of the device. Can be 'company' or 'personal' Inherited from managedDevice. Possible values are: unknown, company, personal. |
| deviceActionResults | deviceActionResult collection | List of ComplexType deviceActionResult objects. This property is read-only. Inherited from managedDevice |
| managementState | managementState | Management state of the device. Examples: Managed, RetirePending, etc. Default is managed. Supports $filter operator 'eq' and 'or'. This property is read-only. Inherited from managedDevice. Possible values are: managed, retirePending, retireFailed, wipePending, wipeFailed, unhealthy, deletePending, retireIssued, wipeIssued, wipeCanceled, retireCanceled, discovered. |
| enrolledDateTime | DateTimeOffset | Enrollment time of the device. Supports $filter operator 'lt' and 'gt'. This property is read-only. Inherited from managedDevice |
| lastSyncDateTime | DateTimeOffset | The date and time that the device last completed a successful sync with Intune. Supports $filter operator 'lt' and 'gt'. This property is read-only. Inherited from managedDevice |
| chassisType | chassisType | Chassis type of the device. This property is read-only. Inherited from managedDevice. Possible values are: unknown, desktop, laptop, worksWorkstation, enterpriseServer, phone, tablet, mobileOther, mobileUnknown. |
| operatingSystem | String | Operating system of the device. Windows, iOS, etc. This property is read-only. Inherited from managedDevice |
| deviceType | deviceType | Platform of the device. Examples: Desktop, WindowsRT, etc. Default is unknown. Supports $filter operator 'eq' and 'or'. This property is read-only. Inherited from managedDevice. Possible values are: desktop, windowsRT, winMO6, nokia, windowsPhone, mac, winCE, winEmbedded, iPhone, iPad, iPod, android, iSocConsumer, unix, macMDM, holoLens, surfaceHub, androidForWork, androidEnterprise, windows10x, androidnGMS, chromeOS, linux, blackberry, palm, unknown, cloudPC. |
| complianceState | complianceState | Compliance state of the device. Examples: Compliant, Conflict, Error, etc. Default is unknown. Supports $filter operator 'eq' and 'or'. This property is read-only. Inherited from managedDevice. Possible values are: unknown, compliant, noncompliant, conflict, error, inGracePeriod, configManager. |
| jailBroken | String | Whether the device is jail broken or rooted. Default is an empty string. Supports $filter operator 'eq' and 'or'. This property is read-only. Inherited from managedDevice |
| managementAgent | managementAgentType | Management channel of the device. Examples: Intune, EAS, etc. Default is unknown. Supports $filter operator 'eq' and 'or'. This property is read-only. Inherited from managedDevice. Possible values are: eas, mdm, easMdm, intuneClient, easIntuneClient, configurationManagerClient, configurationManagerClientMdm, configurationManagerClientMdmEas, unknown, jamf, googleCloudDevicePolicyController, microsoft365ManagedMdm, msSense, intuneAosp, google, unknownFutureValue. |
| osVersion | String | Operating system version of the device. This property is read-only. Inherited from managedDevice |
| easActivated | Boolean | Whether the device is Exchange ActiveSync activated. This property is read-only. Inherited from managedDevice |
| easDeviceId | String | Exchange ActiveSync Id of the device. This property is read-only. Inherited from managedDevice |
| easActivationDateTime | DateTimeOffset | Exchange ActivationSync activation time of the device. This property is read-only. Inherited from managedDevice |
| aadRegistered | Boolean | Whether the device is Azure Active Directory registered. This property is read-only. Inherited from managedDevice |
| azureADRegistered | Boolean | Whether the device is Azure Active Directory registered. This property is read-only. Inherited from managedDevice |
| deviceEnrollmentType | deviceEnrollmentType | Enrollment type of the device. This property is read-only. Inherited from managedDevice. Possible values are: unknown, userEnrollment, deviceEnrollmentManager, appleBulkWithUser, appleBulkWithoutUser, windowsAzureADJoin, windowsBulkUserless, windowsAutoEnrollment, windowsBulkAzureDomainJoin, windowsCoManagement, windowsAzureADJoinUsingDeviceAuth, appleUserEnrollment, appleUserEnrollmentWithServiceAccount, azureAdJoinUsingAzureVmExtension, androidEnterpriseDedicatedDevice, androidEnterpriseFullyManaged, androidEnterpriseCorporateWorkProfile, appleACMEBasicBYOD, appleACMEDEPUserless, appleACMEDEPUDACompanyPortal, appleACMEDEPUDASetupAsstLegacy, appleACMEDEPUDAModernAuth. |
| lostModeState | lostModeState | Indicates if Lost mode is enabled or disabled. This property is read-only. Inherited from managedDevice. Possible values are: disabled, enabled. |
| activationLockBypassCode | String | The code that allows the Activation Lock on managed device to be bypassed. Default, is Null (Non-Default property) for this property when returned as part of managedDevice entity in LIST call. To retrieve actual values GET call needs to be made, with device id and included in select parameter. Supports: $select. $Search is not supported. Read-only. This property is read-only. Inherited from managedDevice |
| emailAddress | String | Email(s) for the user associated with the device. This property is read-only. Inherited from managedDevice |
| azureActiveDirectoryDeviceId | String | The unique identifier for the Azure Active Directory device. Read only. This property is read-only. Inherited from managedDevice |
| azureADDeviceId | String | The unique identifier for the Azure Active Directory device. Read only. This property is read-only. Inherited from managedDevice |
| deviceRegistrationState | deviceRegistrationState | Device registration state. This property is read-only. Inherited from managedDevice. Possible values are: notRegistered, registered, revoked, keyConflict, approvalPending, certificateReset, notRegisteredPendingEnrollment, unknown. |
| deviceCategoryDisplayName | String | Device category display name. Default is an empty string. Supports $filter operator 'eq' and 'or'. This property is read-only. Inherited from managedDevice |
| isSupervised | Boolean | Device supervised status. This property is read-only. Inherited from managedDevice |
| exchangeLastSuccessfulSyncDateTime | DateTimeOffset | Last time the device contacted Exchange. This property is read-only. Inherited from managedDevice |
| exchangeAccessState | deviceManagementExchangeAccessState | The Access State of the device in Exchange. This property is read-only. Inherited from managedDevice. Possible values are: none, unknown, allowed, blocked, quarantined. |
| exchangeAccessStateReason | deviceManagementExchangeAccessStateReason | The reason for the device's access state in Exchange. This property is read-only. Inherited from managedDevice. Possible values are: none, unknown, exchangeGlobalRule, exchangeIndividualRule, exchangeDeviceRule, exchangeUpgrade, exchangeMailboxPolicy, other, compliant, notCompliant, notEnrolled, unknownLocation, mfaRequired, azureADBlockDueToAccessPolicy, compromisedPassword, deviceNotKnownWithManagedApp. |
| remoteAssistanceSessionUrl | String | Url that allows a Remote Assistance session to be established with the device. Default is an empty string. To retrieve actual values GET call needs to be made, with device id and included in select parameter. This property is read-only. Inherited from managedDevice |
| remoteAssistanceSessionErrorDetails | String | An error string that identifies issues when creating Remote Assistance session objects. This property is read-only. Inherited from managedDevice |
| isEncrypted | Boolean | Device encryption status. This property is read-only. Inherited from managedDevice |
| userPrincipalName | String | Device user principal name. This property is read-only. Inherited from managedDevice |
| model | String | Model of the device. This property is read-only. Inherited from managedDevice |
| manufacturer | String | Manufacturer of the device. This property is read-only. Inherited from managedDevice |
| imei | String | IMEI. This property is read-only. Inherited from managedDevice |
| complianceGracePeriodExpirationDateTime | DateTimeOffset | The DateTime when device compliance grace period expires. This property is read-only. Inherited from managedDevice |
| serialNumber | String | SerialNumber. This property is read-only. Inherited from managedDevice |
| phoneNumber | String | Phone number of the device. This property is read-only. Inherited from managedDevice |
| androidSecurityPatchLevel | String | Android security patch level. This property is read-only. Inherited from managedDevice |
| userDisplayName | String | User display name. This property is read-only. Inherited from managedDevice |
| configurationManagerClientEnabledFeatures | configurationManagerClientEnabledFeatures | ConfigrMgr client enabled features. This property is read-only. Inherited from managedDevice |
| wiFiMacAddress | String | Wi-Fi MAC. This property is read-only. Inherited from managedDevice |
| deviceHealthAttestationState | deviceHealthAttestationState | The device health attestation state. This property is read-only. Inherited from managedDevice |
| subscriberCarrier | String | Subscriber Carrier. This property is read-only. Inherited from managedDevice |
| meid | String | MEID. This property is read-only. Inherited from managedDevice |
| totalStorageSpaceInBytes | Int64 | Total Storage in Bytes. This property is read-only. Inherited from managedDevice |
| freeStorageSpaceInBytes | Int64 | Free Storage in Bytes. Default value is 0. Read-only. This property is read-only. Inherited from managedDevice |
| managedDeviceName | String | Automatically generated name to identify a device. Can be overwritten to a user friendly name. Inherited from managedDevice |
| partnerReportedThreatState | managedDevicePartnerReportedHealthState | Indicates the threat state of a device when a Mobile Threat Defense partner is in use by the account and device. Read Only. This property is read-only. Inherited from managedDevice. Possible values are: unknown, activated, deactivated, secured, lowSeverity, mediumSeverity, highSeverity, unresponsive, compromised, misconfigured. |
| retireAfterDateTime | DateTimeOffset | Indicates the time after when a device will be auto retired because of scheduled action. This property is read-only. Inherited from managedDevice |
| usersLoggedOn | loggedOnUser collection | Indicates the last logged on users of a device. This property is read-only. Inherited from managedDevice |
| preferMdmOverGroupPolicyAppliedDateTime | DateTimeOffset | Reports the DateTime the preferMdmOverGroupPolicy setting was set. When set, the Intune MDM settings will override Group Policy settings if there is a conflict. Read Only. This property is read-only. Inherited from managedDevice |
| autopilotEnrolled | Boolean | Reports if the managed device is enrolled via auto-pilot. This property is read-only. Inherited from managedDevice |
| requireUserEnrollmentApproval | Boolean | Reports if the managed iOS device is user approval enrollment. This property is read-only. Inherited from managedDevice |
| managementCertificateExpirationDate | DateTimeOffset | Reports device management certificate expiration date. This property is read-only. Inherited from managedDevice |
| iccid | String | Integrated Circuit Card Identifier, it is A SIM card's unique identification number. Default is an empty string. To retrieve actual values GET call needs to be made, with device id and included in select parameter. Supports: $select. $Search is not supported. Read-only. This property is read-only. Inherited from managedDevice |
| udid | String | Unique Device Identifier for iOS and macOS devices. Default is an empty string. To retrieve actual values GET call needs to be made, with device id and included in select parameter. Supports: $select. $Search is not supported. Read-only. This property is read-only. Inherited from managedDevice |
| roleScopeTagIds | String collection | List of Scope Tag IDs for this Device instance. Inherited from managedDevice |
| windowsActiveMalwareCount | Int32 | Count of active malware for this windows device. Default is 0. To retrieve actual values GET call needs to be made, with device id and included in select parameter. This property is read-only. Inherited from managedDevice |
| windowsRemediatedMalwareCount | Int32 | Count of remediated malware for this windows device. Default is 0. To retrieve actual values GET call needs to be made, with device id and included in select parameter. This property is read-only. Inherited from managedDevice |
| notes | String | Notes on the device created by IT Admin. Default is null. To retrieve actual values GET call needs to be made, with device id and included in select parameter. Supports: $select. $Search is not supported. Inherited from managedDevice |
| configurationManagerClientHealthState | configurationManagerClientHealthState | Configuration manager client health state, valid only for devices managed by MDM/ConfigMgr Agent Inherited from managedDevice |
| configurationManagerClientInformation | configurationManagerClientInformation | Configuration manager client information, valid only for devices managed, duel-managed or tri-managed by ConfigMgr Agent Inherited from managedDevice |
| ethernetMacAddress | String | Indicates Ethernet MAC Address of the device. Default, is Null (Non-Default property) for this property when returned as part of managedDevice entity. Individual get call with select query options is needed to retrieve actual values. Example: deviceManagement/managedDevices({managedDeviceId})?$select=ethernetMacAddress Supports: $select. $Search is not supported. Read-only. This property is read-only. Inherited from managedDevice |
| physicalMemoryInBytes | Int64 | Total Memory in Bytes. Default is 0. To retrieve actual values GET call needs to be made, with device id and included in select parameter. Supports: $select. Read-only. This property is read-only. Inherited from managedDevice |
| processorArchitecture | managedDeviceArchitecture | Processor architecture. This property is read-only. Inherited from managedDevice. Possible values are: unknown, x86, x64, arm, arM64. |
| specificationVersion | String | Specification version. This property is read-only. Inherited from managedDevice |
| joinType | joinType | Device join type Inherited from managedDevice. Possible values are: unknown, azureADJoined, azureADRegistered, hybridAzureADJoined. |
| skuFamily | String | Device sku family Inherited from managedDevice |
| securityPatchLevel | String | This indicates the security patch level of the operating system. These special updates contain important security fixes. For iOS/MacOS they are in (a) format. For android its in 2017-08-07 format. This property is read-only. Inherited from managedDevice |
| skuNumber | Int32 | Device sku number, see also: https://learn.microsoft.com/windows/win32/api/sysinfoapi/nf-sysinfoapi-getproductinfo. Valid values 0 to 2147483647. This property is read-only. Inherited from managedDevice |
| managementFeatures | managedDeviceManagementFeatures | Device management features Inherited from managedDevice. Possible values are: none, microsoftManagedDesktop. |
| chromeOSDeviceInfo | chromeOSDeviceProperty collection | List of properties of the ChromeOS Device. Default is an empty list. To retrieve actual values GET call needs to be made, with device id and included in select parameter. Inherited from managedDevice |
| enrollmentProfileName | String | Name of the enrollment profile assigned to the device. Default value is empty string, indicating no enrollment profile was assgined. This property is read-only. Inherited from managedDevice |
| bootstrapTokenEscrowed | Boolean | Reports if the managed device has an escrowed Bootstrap Token. This is only for macOS devices. To get, include BootstrapTokenEscrowed in the select clause and query with a device id. If FALSE, no bootstrap token is escrowed. If TRUE, the device has escrowed a bootstrap token with Intune. This property is read-only. Inherited from managedDevice |
| deviceFirmwareConfigurationInterfaceManaged | Boolean | Indicates whether the device is DFCI managed. When TRUE the device is DFCI managed. When FALSE, the device is not DFCI managed. The default value is FALSE. Inherited from managedDevice |
| deviceIdentityAttestationDetail | deviceIdentityAttestationDetail | Indicates the attestation status of the managed device. And in which way. Default: Unknown. Inherited from managedDevice |
Response
If successful, this method returns a 200 OK response code and an updated windowsManagedDevice object in the response body.
Example
Request
Here is an example of the request.
PATCH https://graph.microsoft.com/beta/deviceManagement/managedDevices/{managedDeviceId}
Content-type: application/json
Content-length: 9627
{
"@odata.type": "#microsoft.graph.windowsManagedDevice",
"userId": "User Id value",
"deviceName": "Device Name value",
"hardwareInformation": {
"@odata.type": "microsoft.graph.hardwareInformation",
"serialNumber": "Serial Number value",
"totalStorageSpace": 1,
"freeStorageSpace": 0,
"imei": "Imei value",
"meid": "Meid value",
"manufacturer": "Manufacturer value",
"model": "Model value",
"phoneNumber": "Phone Number value",
"subscriberCarrier": "Subscriber Carrier value",
"cellularTechnology": "Cellular Technology value",
"wifiMac": "Wifi Mac value",
"operatingSystemLanguage": "Operating System Language value",
"isSupervised": true,
"isEncrypted": true,
"batterySerialNumber": "Battery Serial Number value",
"batteryHealthPercentage": 7,
"batteryChargeCycles": 3,
"isSharedDevice": true,
"sharedDeviceCachedUsers": [
{
"@odata.type": "microsoft.graph.sharedAppleDeviceUser",
"userPrincipalName": "User Principal Name value",
"dataToSync": true,
"dataQuota": 9,
"dataUsed": 8
}
],
"tpmSpecificationVersion": "Tpm Specification Version value",
"operatingSystemEdition": "Operating System Edition value",
"deviceFullQualifiedDomainName": "Device Full Qualified Domain Name value",
"deviceGuardVirtualizationBasedSecurityHardwareRequirementState": "secureBootRequired",
"deviceGuardVirtualizationBasedSecurityState": "rebootRequired",
"deviceGuardLocalSystemAuthorityCredentialGuardState": "rebootRequired",
"osBuildNumber": "Os Build Number value",
"operatingSystemProductType": 10,
"ipAddressV4": "Ip Address V4 value",
"subnetAddress": "Subnet Address value",
"esimIdentifier": "Esim Identifier value",
"systemManagementBIOSVersion": "System Management BIOSVersion value",
"tpmManufacturer": "Tpm Manufacturer value",
"tpmVersion": "Tpm Version value",
"wiredIPv4Addresses": [
"Wired IPv4Addresses value"
],
"batteryLevelPercentage": 7.333333333333333,
"residentUsersCount": 2,
"productName": "Product Name value",
"deviceLicensingStatus": "licenseRefreshPending",
"deviceLicensingLastErrorCode": 12,
"deviceLicensingLastErrorDescription": "Device Licensing Last Error Description value"
},
"ownerType": "company",
"managedDeviceOwnerType": "company",
"deviceActionResults": [
{
"@odata.type": "microsoft.graph.deviceActionResult",
"actionName": "Action Name value",
"actionState": "pending",
"startDateTime": "2016-12-31T23:58:46.7156189-08:00",
"lastUpdatedDateTime": "2017-01-01T00:00:56.8321556-08:00"
}
],
"managementState": "retirePending",
"enrolledDateTime": "2016-12-31T23:59:43.797191-08:00",
"lastSyncDateTime": "2017-01-01T00:02:49.3205976-08:00",
"chassisType": "desktop",
"operatingSystem": "Operating System value",
"deviceType": "windowsRT",
"complianceState": "compliant",
"jailBroken": "Jail Broken value",
"managementAgent": "mdm",
"osVersion": "Os Version value",
"easActivated": true,
"easDeviceId": "Eas Device Id value",
"easActivationDateTime": "2016-12-31T23:59:43.4878784-08:00",
"aadRegistered": true,
"azureADRegistered": true,
"deviceEnrollmentType": "userEnrollment",
"lostModeState": "enabled",
"activationLockBypassCode": "Activation Lock Bypass Code value",
"emailAddress": "Email Address value",
"azureActiveDirectoryDeviceId": "Azure Active Directory Device Id value",
"azureADDeviceId": "Azure ADDevice Id value",
"deviceRegistrationState": "registered",
"deviceCategoryDisplayName": "Device Category Display Name value",
"isSupervised": true,
"exchangeLastSuccessfulSyncDateTime": "2017-01-01T00:00:45.8803083-08:00",
"exchangeAccessState": "unknown",
"exchangeAccessStateReason": "unknown",
"remoteAssistanceSessionUrl": "https://example.com/remoteAssistanceSessionUrl/",
"remoteAssistanceSessionErrorDetails": "Remote Assistance Session Error Details value",
"isEncrypted": true,
"userPrincipalName": "User Principal Name value",
"model": "Model value",
"manufacturer": "Manufacturer value",
"imei": "Imei value",
"complianceGracePeriodExpirationDateTime": "2016-12-31T23:56:44.951111-08:00",
"serialNumber": "Serial Number value",
"phoneNumber": "Phone Number value",
"androidSecurityPatchLevel": "Android Security Patch Level value",
"userDisplayName": "User Display Name value",
"configurationManagerClientEnabledFeatures": {
"@odata.type": "microsoft.graph.configurationManagerClientEnabledFeatures",
"inventory": true,
"modernApps": true,
"resourceAccess": true,
"deviceConfiguration": true,
"compliancePolicy": true,
"windowsUpdateForBusiness": true,
"endpointProtection": true,
"officeApps": true
},
"wiFiMacAddress": "Wi Fi Mac Address value",
"deviceHealthAttestationState": {
"@odata.type": "microsoft.graph.deviceHealthAttestationState",
"lastUpdateDateTime": "Last Update Date Time value",
"contentNamespaceUrl": "https://example.com/contentNamespaceUrl/",
"deviceHealthAttestationStatus": "Device Health Attestation Status value",
"contentVersion": "Content Version value",
"issuedDateTime": "2016-12-31T23:58:22.1231038-08:00",
"attestationIdentityKey": "Attestation Identity Key value",
"resetCount": 10,
"restartCount": 12,
"dataExcutionPolicy": "Data Excution Policy value",
"bitLockerStatus": "Bit Locker Status value",
"bootManagerVersion": "Boot Manager Version value",
"codeIntegrityCheckVersion": "Code Integrity Check Version value",
"secureBoot": "Secure Boot value",
"bootDebugging": "Boot Debugging value",
"operatingSystemKernelDebugging": "Operating System Kernel Debugging value",
"codeIntegrity": "Code Integrity value",
"testSigning": "Test Signing value",
"safeMode": "Safe Mode value",
"windowsPE": "Windows PE value",
"earlyLaunchAntiMalwareDriverProtection": "Early Launch Anti Malware Driver Protection value",
"virtualSecureMode": "Virtual Secure Mode value",
"pcrHashAlgorithm": "Pcr Hash Algorithm value",
"bootAppSecurityVersion": "Boot App Security Version value",
"bootManagerSecurityVersion": "Boot Manager Security Version value",
"tpmVersion": "Tpm Version value",
"pcr0": "Pcr0 value",
"secureBootConfigurationPolicyFingerPrint": "Secure Boot Configuration Policy Finger Print value",
"codeIntegrityPolicy": "Code Integrity Policy value",
"bootRevisionListInfo": "Boot Revision List Info value",
"operatingSystemRevListInfo": "Operating System Rev List Info value",
"healthStatusMismatchInfo": "Health Status Mismatch Info value",
"healthAttestationSupportedStatus": "Health Attestation Supported Status value",
"memoryIntegrityProtection": "enabled",
"memoryAccessProtection": "enabled",
"virtualizationBasedSecurity": "enabled",
"firmwareProtection": "systemGuardSecureLaunch",
"systemManagementMode": "level1",
"securedCorePC": "enabled"
},
"subscriberCarrier": "Subscriber Carrier value",
"meid": "Meid value",
"totalStorageSpaceInBytes": 8,
"freeStorageSpaceInBytes": 7,
"managedDeviceName": "Managed Device Name value",
"partnerReportedThreatState": "activated",
"retireAfterDateTime": "2016-12-31T23:57:37.576134-08:00",
"usersLoggedOn": [
{
"@odata.type": "microsoft.graph.loggedOnUser",
"userId": "User Id value",
"lastLogOnDateTime": "2016-12-31T23:58:37.4262708-08:00"
}
],
"preferMdmOverGroupPolicyAppliedDateTime": "2016-12-31T23:57:34.4649887-08:00",
"autopilotEnrolled": true,
"requireUserEnrollmentApproval": true,
"managementCertificateExpirationDate": "2016-12-31T23:57:59.9789653-08:00",
"iccid": "Iccid value",
"udid": "Udid value",
"roleScopeTagIds": [
"Role Scope Tag Ids value"
],
"windowsActiveMalwareCount": 9,
"windowsRemediatedMalwareCount": 13,
"notes": "Notes value",
"configurationManagerClientHealthState": {
"@odata.type": "microsoft.graph.configurationManagerClientHealthState",
"state": "installed",
"errorCode": 9,
"lastSyncDateTime": "2017-01-01T00:02:49.3205976-08:00"
},
"configurationManagerClientInformation": {
"@odata.type": "microsoft.graph.configurationManagerClientInformation",
"clientIdentifier": "Client Identifier value",
"isBlocked": true,
"clientVersion": "Client Version value"
},
"ethernetMacAddress": "Ethernet Mac Address value",
"physicalMemoryInBytes": 5,
"processorArchitecture": "x86",
"specificationVersion": "Specification Version value",
"joinType": "azureADJoined",
"skuFamily": "Sku Family value",
"securityPatchLevel": "Security Patch Level value",
"skuNumber": 9,
"managementFeatures": "microsoftManagedDesktop",
"chromeOSDeviceInfo": [
{
"@odata.type": "microsoft.graph.chromeOSDeviceProperty",
"name": "Name value",
"value": "Value value",
"valueType": "Value Type value",
"updatable": true
}
],
"enrollmentProfileName": "Enrollment Profile Name value",
"bootstrapTokenEscrowed": true,
"deviceFirmwareConfigurationInterfaceManaged": true,
"deviceIdentityAttestationDetail": {
"@odata.type": "microsoft.graph.deviceIdentityAttestationDetail",
"deviceIdentityAttestationStatus": "trusted"
}
}
Response
Here is an example of the response. Note: The response object shown here may be truncated for brevity. All of the properties will be returned from an actual call.
HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 9676
{
"@odata.type": "#microsoft.graph.windowsManagedDevice",
"id": "97842b67-2b67-9784-672b-8497672b8497",
"userId": "User Id value",
"deviceName": "Device Name value",
"hardwareInformation": {
"@odata.type": "microsoft.graph.hardwareInformation",
"serialNumber": "Serial Number value",
"totalStorageSpace": 1,
"freeStorageSpace": 0,
"imei": "Imei value",
"meid": "Meid value",
"manufacturer": "Manufacturer value",
"model": "Model value",
"phoneNumber": "Phone Number value",
"subscriberCarrier": "Subscriber Carrier value",
"cellularTechnology": "Cellular Technology value",
"wifiMac": "Wifi Mac value",
"operatingSystemLanguage": "Operating System Language value",
"isSupervised": true,
"isEncrypted": true,
"batterySerialNumber": "Battery Serial Number value",
"batteryHealthPercentage": 7,
"batteryChargeCycles": 3,
"isSharedDevice": true,
"sharedDeviceCachedUsers": [
{
"@odata.type": "microsoft.graph.sharedAppleDeviceUser",
"userPrincipalName": "User Principal Name value",
"dataToSync": true,
"dataQuota": 9,
"dataUsed": 8
}
],
"tpmSpecificationVersion": "Tpm Specification Version value",
"operatingSystemEdition": "Operating System Edition value",
"deviceFullQualifiedDomainName": "Device Full Qualified Domain Name value",
"deviceGuardVirtualizationBasedSecurityHardwareRequirementState": "secureBootRequired",
"deviceGuardVirtualizationBasedSecurityState": "rebootRequired",
"deviceGuardLocalSystemAuthorityCredentialGuardState": "rebootRequired",
"osBuildNumber": "Os Build Number value",
"operatingSystemProductType": 10,
"ipAddressV4": "Ip Address V4 value",
"subnetAddress": "Subnet Address value",
"esimIdentifier": "Esim Identifier value",
"systemManagementBIOSVersion": "System Management BIOSVersion value",
"tpmManufacturer": "Tpm Manufacturer value",
"tpmVersion": "Tpm Version value",
"wiredIPv4Addresses": [
"Wired IPv4Addresses value"
],
"batteryLevelPercentage": 7.333333333333333,
"residentUsersCount": 2,
"productName": "Product Name value",
"deviceLicensingStatus": "licenseRefreshPending",
"deviceLicensingLastErrorCode": 12,
"deviceLicensingLastErrorDescription": "Device Licensing Last Error Description value"
},
"ownerType": "company",
"managedDeviceOwnerType": "company",
"deviceActionResults": [
{
"@odata.type": "microsoft.graph.deviceActionResult",
"actionName": "Action Name value",
"actionState": "pending",
"startDateTime": "2016-12-31T23:58:46.7156189-08:00",
"lastUpdatedDateTime": "2017-01-01T00:00:56.8321556-08:00"
}
],
"managementState": "retirePending",
"enrolledDateTime": "2016-12-31T23:59:43.797191-08:00",
"lastSyncDateTime": "2017-01-01T00:02:49.3205976-08:00",
"chassisType": "desktop",
"operatingSystem": "Operating System value",
"deviceType": "windowsRT",
"complianceState": "compliant",
"jailBroken": "Jail Broken value",
"managementAgent": "mdm",
"osVersion": "Os Version value",
"easActivated": true,
"easDeviceId": "Eas Device Id value",
"easActivationDateTime": "2016-12-31T23:59:43.4878784-08:00",
"aadRegistered": true,
"azureADRegistered": true,
"deviceEnrollmentType": "userEnrollment",
"lostModeState": "enabled",
"activationLockBypassCode": "Activation Lock Bypass Code value",
"emailAddress": "Email Address value",
"azureActiveDirectoryDeviceId": "Azure Active Directory Device Id value",
"azureADDeviceId": "Azure ADDevice Id value",
"deviceRegistrationState": "registered",
"deviceCategoryDisplayName": "Device Category Display Name value",
"isSupervised": true,
"exchangeLastSuccessfulSyncDateTime": "2017-01-01T00:00:45.8803083-08:00",
"exchangeAccessState": "unknown",
"exchangeAccessStateReason": "unknown",
"remoteAssistanceSessionUrl": "https://example.com/remoteAssistanceSessionUrl/",
"remoteAssistanceSessionErrorDetails": "Remote Assistance Session Error Details value",
"isEncrypted": true,
"userPrincipalName": "User Principal Name value",
"model": "Model value",
"manufacturer": "Manufacturer value",
"imei": "Imei value",
"complianceGracePeriodExpirationDateTime": "2016-12-31T23:56:44.951111-08:00",
"serialNumber": "Serial Number value",
"phoneNumber": "Phone Number value",
"androidSecurityPatchLevel": "Android Security Patch Level value",
"userDisplayName": "User Display Name value",
"configurationManagerClientEnabledFeatures": {
"@odata.type": "microsoft.graph.configurationManagerClientEnabledFeatures",
"inventory": true,
"modernApps": true,
"resourceAccess": true,
"deviceConfiguration": true,
"compliancePolicy": true,
"windowsUpdateForBusiness": true,
"endpointProtection": true,
"officeApps": true
},
"wiFiMacAddress": "Wi Fi Mac Address value",
"deviceHealthAttestationState": {
"@odata.type": "microsoft.graph.deviceHealthAttestationState",
"lastUpdateDateTime": "Last Update Date Time value",
"contentNamespaceUrl": "https://example.com/contentNamespaceUrl/",
"deviceHealthAttestationStatus": "Device Health Attestation Status value",
"contentVersion": "Content Version value",
"issuedDateTime": "2016-12-31T23:58:22.1231038-08:00",
"attestationIdentityKey": "Attestation Identity Key value",
"resetCount": 10,
"restartCount": 12,
"dataExcutionPolicy": "Data Excution Policy value",
"bitLockerStatus": "Bit Locker Status value",
"bootManagerVersion": "Boot Manager Version value",
"codeIntegrityCheckVersion": "Code Integrity Check Version value",
"secureBoot": "Secure Boot value",
"bootDebugging": "Boot Debugging value",
"operatingSystemKernelDebugging": "Operating System Kernel Debugging value",
"codeIntegrity": "Code Integrity value",
"testSigning": "Test Signing value",
"safeMode": "Safe Mode value",
"windowsPE": "Windows PE value",
"earlyLaunchAntiMalwareDriverProtection": "Early Launch Anti Malware Driver Protection value",
"virtualSecureMode": "Virtual Secure Mode value",
"pcrHashAlgorithm": "Pcr Hash Algorithm value",
"bootAppSecurityVersion": "Boot App Security Version value",
"bootManagerSecurityVersion": "Boot Manager Security Version value",
"tpmVersion": "Tpm Version value",
"pcr0": "Pcr0 value",
"secureBootConfigurationPolicyFingerPrint": "Secure Boot Configuration Policy Finger Print value",
"codeIntegrityPolicy": "Code Integrity Policy value",
"bootRevisionListInfo": "Boot Revision List Info value",
"operatingSystemRevListInfo": "Operating System Rev List Info value",
"healthStatusMismatchInfo": "Health Status Mismatch Info value",
"healthAttestationSupportedStatus": "Health Attestation Supported Status value",
"memoryIntegrityProtection": "enabled",
"memoryAccessProtection": "enabled",
"virtualizationBasedSecurity": "enabled",
"firmwareProtection": "systemGuardSecureLaunch",
"systemManagementMode": "level1",
"securedCorePC": "enabled"
},
"subscriberCarrier": "Subscriber Carrier value",
"meid": "Meid value",
"totalStorageSpaceInBytes": 8,
"freeStorageSpaceInBytes": 7,
"managedDeviceName": "Managed Device Name value",
"partnerReportedThreatState": "activated",
"retireAfterDateTime": "2016-12-31T23:57:37.576134-08:00",
"usersLoggedOn": [
{
"@odata.type": "microsoft.graph.loggedOnUser",
"userId": "User Id value",
"lastLogOnDateTime": "2016-12-31T23:58:37.4262708-08:00"
}
],
"preferMdmOverGroupPolicyAppliedDateTime": "2016-12-31T23:57:34.4649887-08:00",
"autopilotEnrolled": true,
"requireUserEnrollmentApproval": true,
"managementCertificateExpirationDate": "2016-12-31T23:57:59.9789653-08:00",
"iccid": "Iccid value",
"udid": "Udid value",
"roleScopeTagIds": [
"Role Scope Tag Ids value"
],
"windowsActiveMalwareCount": 9,
"windowsRemediatedMalwareCount": 13,
"notes": "Notes value",
"configurationManagerClientHealthState": {
"@odata.type": "microsoft.graph.configurationManagerClientHealthState",
"state": "installed",
"errorCode": 9,
"lastSyncDateTime": "2017-01-01T00:02:49.3205976-08:00"
},
"configurationManagerClientInformation": {
"@odata.type": "microsoft.graph.configurationManagerClientInformation",
"clientIdentifier": "Client Identifier value",
"isBlocked": true,
"clientVersion": "Client Version value"
},
"ethernetMacAddress": "Ethernet Mac Address value",
"physicalMemoryInBytes": 5,
"processorArchitecture": "x86",
"specificationVersion": "Specification Version value",
"joinType": "azureADJoined",
"skuFamily": "Sku Family value",
"securityPatchLevel": "Security Patch Level value",
"skuNumber": 9,
"managementFeatures": "microsoftManagedDesktop",
"chromeOSDeviceInfo": [
{
"@odata.type": "microsoft.graph.chromeOSDeviceProperty",
"name": "Name value",
"value": "Value value",
"valueType": "Value Type value",
"updatable": true
}
],
"enrollmentProfileName": "Enrollment Profile Name value",
"bootstrapTokenEscrowed": true,
"deviceFirmwareConfigurationInterfaceManaged": true,
"deviceIdentityAttestationDetail": {
"@odata.type": "microsoft.graph.deviceIdentityAttestationDetail",
"deviceIdentityAttestationStatus": "trusted"
}
}