Create depIOSEnrollmentProfile
Namespace: microsoft.graph
Important: Microsoft Graph APIs under the /beta version are subject to change; production use is not supported.
Note: The Microsoft Graph API for Intune requires an active Intune license for the tenant.
Create a new depIOSEnrollmentProfile object.
This API is available in the following national cloud deployments.
Global service | US Government L4 | US Government L5 (DOD) | China operated by 21Vianet |
---|---|---|---|
✅ | ✅ | ✅ | ✅ |
One of the following permissions is required to call this API. To learn more, including how to choose permissions, see Permissions.
Permission type | Permissions (from least to most privileged) |
---|---|
Delegated (work or school account) | DeviceManagementServiceConfig.ReadWrite.All, DeviceManagementConfiguration.ReadWrite.All |
Delegated (personal Microsoft account) | Not supported. |
Application | DeviceManagementServiceConfig.ReadWrite.All, DeviceManagementConfiguration.ReadWrite.All |
POST /deviceManagement/depOnboardingSettings/{depOnboardingSettingId}/enrollmentProfiles
Header | Value |
---|---|
Authorization | Bearer {token}. Required. Learn more about authentication and authorization. |
Accept | application/json |
In the request body, supply a JSON representation for the depIOSEnrollmentProfile object.
The following table shows the properties that are required when you create the depIOSEnrollmentProfile.
Property | Type | Description |
---|---|---|
id | String | The GUID for the object Inherited from enrollmentProfile |
displayName | String | Name of the profile Inherited from enrollmentProfile |
description | String | Description of the profile Inherited from enrollmentProfile |
requiresUserAuthentication | Boolean | Indicates if the profile requires user authentication Inherited from enrollmentProfile |
configurationEndpointUrl | String | Configuration endpoint url to use for Enrollment Inherited from enrollmentProfile |
enableAuthenticationViaCompanyPortal | Boolean | Indicates to authenticate with Apple Setup Assistant instead of Company Portal. Inherited from enrollmentProfile |
requireCompanyPortalOnSetupAssistantEnrolledDevices | Boolean | Indicates that Company Portal is required on setup assistant enrolled devices Inherited from enrollmentProfile |
isDefault | Boolean | Indicates if this is the default profile Inherited from depEnrollmentBaseProfile |
supervisedModeEnabled | Boolean | Supervised mode, True to enable, false otherwise. See https://learn.microsoft.com/intune/deploy-use/enroll-devices-in-microsoft-intune for additional information. Inherited from depEnrollmentBaseProfile |
supportDepartment | String | Support department information Inherited from depEnrollmentBaseProfile |
isMandatory | Boolean | Indicates if the profile is mandatory Inherited from depEnrollmentBaseProfile |
locationDisabled | Boolean | Indicates if Location service setup pane is disabled Inherited from depEnrollmentBaseProfile |
supportPhoneNumber | String | Support phone number Inherited from depEnrollmentBaseProfile |
profileRemovalDisabled | Boolean | Indicates if the profile removal option is disabled Inherited from depEnrollmentBaseProfile |
restoreBlocked | Boolean | Indicates if Restore setup pane is blocked Inherited from depEnrollmentBaseProfile |
appleIdDisabled | Boolean | Indicates if Apple id setup pane is disabled Inherited from depEnrollmentBaseProfile |
termsAndConditionsDisabled | Boolean | Indicates if 'Terms and Conditions' setup pane is disabled Inherited from depEnrollmentBaseProfile |
touchIdDisabled | Boolean | Indicates if touch id setup pane is disabled Inherited from depEnrollmentBaseProfile |
applePayDisabled | Boolean | Indicates if Apple pay setup pane is disabled Inherited from depEnrollmentBaseProfile |
siriDisabled | Boolean | Indicates if siri setup pane is disabled Inherited from depEnrollmentBaseProfile |
diagnosticsDisabled | Boolean | Indicates if diagnostics setup pane is disabled Inherited from depEnrollmentBaseProfile |
displayToneSetupDisabled | Boolean | Indicates if displaytone setup screen is disabled Inherited from depEnrollmentBaseProfile |
privacyPaneDisabled | Boolean | Indicates if privacy screen is disabled Inherited from depEnrollmentBaseProfile |
screenTimeScreenDisabled | Boolean | Indicates if screen timeout setup is disabled Inherited from depEnrollmentBaseProfile |
deviceNameTemplate | String | Sets a literal or name pattern. Inherited from depEnrollmentBaseProfile |
configurationWebUrl | Boolean | URL for setup assistant login Inherited from depEnrollmentBaseProfile |
enabledSkipKeys | String collection | enabledSkipKeys contains all the enabled skip keys as strings Inherited from depEnrollmentBaseProfile |
enrollmentTimeAzureAdGroupIds | Guid collection | EnrollmentTimeAzureAdGroupIds contains list of enrollment time Azure Group Ids to be associated with profile Inherited from depEnrollmentBaseProfile |
waitForDeviceConfiguredConfirmation | Boolean | Indicates if the device will need to wait for configured confirmation Inherited from depEnrollmentBaseProfile |
iTunesPairingMode | iTunesPairingMode | Indicates the iTunes pairing mode. Possible values are: disallow , allow , requiresCertificate . |
managementCertificates | managementCertificateWithThumbprint collection | Management certificates for Apple Configurator |
restoreFromAndroidDisabled | Boolean | Indicates if Restore from Android is disabled |
awaitDeviceConfiguredConfirmation | Boolean | Indicates if the device will need to wait for configured confirmation |
sharedIPadMaximumUserCount | Int32 | This specifies the maximum number of users that can use a shared iPad. Only applicable in shared iPad mode. |
enableSharedIPad | Boolean | This indicates whether the device is to be enrolled in a mode which enables multi user scenarios. Only applicable in shared iPads. |
companyPortalVppTokenId | String | If set, indicates which Vpp token should be used to deploy the Company Portal w/ device licensing. 'enableAuthenticationViaCompanyPortal' must be set in order for this property to be set. |
enableSingleAppEnrollmentMode | Boolean | Tells the device to enable single app mode and apply app-lock during enrollment. Default is false. 'enableAuthenticationViaCompanyPortal' and 'companyPortalVppTokenId' must be set for this property to be set. |
homeButtonScreenDisabled | Boolean | Indicates if home button sensitivity screen is disabled |
iMessageAndFaceTimeScreenDisabled | Boolean | Indicates if iMessage and FaceTime screen is disabled |
onBoardingScreenDisabled | Boolean | Indicates if onboarding setup screen is disabled |
simSetupScreenDisabled | Boolean | Indicates if the SIMSetup screen is disabled |
softwareUpdateScreenDisabled | Boolean | Indicates if the mandatory sofware update screen is disabled |
watchMigrationScreenDisabled | Boolean | Indicates if the watch migration screen is disabled |
appearanceScreenDisabled | Boolean | Indicates if Apperance screen is disabled |
expressLanguageScreenDisabled | Boolean | Indicates if Express Language screen is disabled |
preferredLanguageScreenDisabled | Boolean | Indicates if Preferred language screen is disabled |
deviceToDeviceMigrationDisabled | Boolean | Indicates if Device To Device Migration is disabled |
welcomeScreenDisabled | Boolean | Indicates if Weclome screen is disabled |
passCodeDisabled | Boolean | Indicates if Passcode setup pane is disabled |
zoomDisabled | Boolean | Indicates if zoom setup pane is disabled |
restoreCompletedScreenDisabled | Boolean | Indicates if Weclome screen is disabled |
updateCompleteScreenDisabled | Boolean | Indicates if Weclome screen is disabled |
forceTemporarySession | Boolean | Indicates if temporary sessions is enabled |
temporarySessionTimeoutInSeconds | Int32 | Indicates timeout of temporary session |
userSessionTimeoutInSeconds | Int32 | Indicates timeout of temporary session |
passcodeLockGracePeriodInSeconds | Int32 | Indicates timeout before locked screen requires the user to enter the device passocde to unlock it |
carrierActivationUrl | String | Carrier URL for activating device eSIM. |
userlessSharedAadModeEnabled | Boolean | Indicates that this apple device is designated to support 'shared device mode' scenarios. This is distinct from the 'shared iPad' scenario. See https://learn.microsoft.com/mem/intune/enrollment/device-enrollment-shared-ios| |
If successful, this method returns a 201 Created
response code and a depIOSEnrollmentProfile object in the response body.
Here is an example of the request.
POST https://graph.microsoft.com/beta/deviceManagement/depOnboardingSettings/{depOnboardingSettingId}/enrollmentProfiles
Content-type: application/json
Content-length: 2574
{
"@odata.type": "#microsoft.graph.depIOSEnrollmentProfile",
"displayName": "Display Name value",
"description": "Description value",
"requiresUserAuthentication": true,
"configurationEndpointUrl": "https://example.com/configurationEndpointUrl/",
"enableAuthenticationViaCompanyPortal": true,
"requireCompanyPortalOnSetupAssistantEnrolledDevices": true,
"isDefault": true,
"supervisedModeEnabled": true,
"supportDepartment": "Support Department value",
"isMandatory": true,
"locationDisabled": true,
"supportPhoneNumber": "Support Phone Number value",
"profileRemovalDisabled": true,
"restoreBlocked": true,
"appleIdDisabled": true,
"termsAndConditionsDisabled": true,
"touchIdDisabled": true,
"applePayDisabled": true,
"siriDisabled": true,
"diagnosticsDisabled": true,
"displayToneSetupDisabled": true,
"privacyPaneDisabled": true,
"screenTimeScreenDisabled": true,
"deviceNameTemplate": "Device Name Template value",
"configurationWebUrl": true,
"enabledSkipKeys": [
"Enabled Skip Keys value"
],
"enrollmentTimeAzureAdGroupIds": [
"7f64eb6c-eb6c-7f64-6ceb-647f6ceb647f"
],
"waitForDeviceConfiguredConfirmation": true,
"iTunesPairingMode": "allow",
"managementCertificates": [
{
"@odata.type": "microsoft.graph.managementCertificateWithThumbprint",
"thumbprint": "Thumbprint value",
"certificate": "Certificate value"
}
],
"restoreFromAndroidDisabled": true,
"awaitDeviceConfiguredConfirmation": true,
"sharedIPadMaximumUserCount": 10,
"enableSharedIPad": true,
"companyPortalVppTokenId": "Company Portal Vpp Token Id value",
"enableSingleAppEnrollmentMode": true,
"homeButtonScreenDisabled": true,
"iMessageAndFaceTimeScreenDisabled": true,
"onBoardingScreenDisabled": true,
"simSetupScreenDisabled": true,
"softwareUpdateScreenDisabled": true,
"watchMigrationScreenDisabled": true,
"appearanceScreenDisabled": true,
"expressLanguageScreenDisabled": true,
"preferredLanguageScreenDisabled": true,
"deviceToDeviceMigrationDisabled": true,
"welcomeScreenDisabled": true,
"passCodeDisabled": true,
"zoomDisabled": true,
"restoreCompletedScreenDisabled": true,
"updateCompleteScreenDisabled": true,
"forceTemporarySession": true,
"temporarySessionTimeoutInSeconds": 0,
"userSessionTimeoutInSeconds": 11,
"passcodeLockGracePeriodInSeconds": 0,
"carrierActivationUrl": "https://example.com/carrierActivationUrl/",
"userlessSharedAadModeEnabled": true
}
Here is an example of the response. Note: The response object shown here may be truncated for brevity. All of the properties will be returned from an actual call.
HTTP/1.1 201 Created
Content-Type: application/json
Content-Length: 2623
{
"@odata.type": "#microsoft.graph.depIOSEnrollmentProfile",
"id": "1ec10a60-0a60-1ec1-600a-c11e600ac11e",
"displayName": "Display Name value",
"description": "Description value",
"requiresUserAuthentication": true,
"configurationEndpointUrl": "https://example.com/configurationEndpointUrl/",
"enableAuthenticationViaCompanyPortal": true,
"requireCompanyPortalOnSetupAssistantEnrolledDevices": true,
"isDefault": true,
"supervisedModeEnabled": true,
"supportDepartment": "Support Department value",
"isMandatory": true,
"locationDisabled": true,
"supportPhoneNumber": "Support Phone Number value",
"profileRemovalDisabled": true,
"restoreBlocked": true,
"appleIdDisabled": true,
"termsAndConditionsDisabled": true,
"touchIdDisabled": true,
"applePayDisabled": true,
"siriDisabled": true,
"diagnosticsDisabled": true,
"displayToneSetupDisabled": true,
"privacyPaneDisabled": true,
"screenTimeScreenDisabled": true,
"deviceNameTemplate": "Device Name Template value",
"configurationWebUrl": true,
"enabledSkipKeys": [
"Enabled Skip Keys value"
],
"enrollmentTimeAzureAdGroupIds": [
"7f64eb6c-eb6c-7f64-6ceb-647f6ceb647f"
],
"waitForDeviceConfiguredConfirmation": true,
"iTunesPairingMode": "allow",
"managementCertificates": [
{
"@odata.type": "microsoft.graph.managementCertificateWithThumbprint",
"thumbprint": "Thumbprint value",
"certificate": "Certificate value"
}
],
"restoreFromAndroidDisabled": true,
"awaitDeviceConfiguredConfirmation": true,
"sharedIPadMaximumUserCount": 10,
"enableSharedIPad": true,
"companyPortalVppTokenId": "Company Portal Vpp Token Id value",
"enableSingleAppEnrollmentMode": true,
"homeButtonScreenDisabled": true,
"iMessageAndFaceTimeScreenDisabled": true,
"onBoardingScreenDisabled": true,
"simSetupScreenDisabled": true,
"softwareUpdateScreenDisabled": true,
"watchMigrationScreenDisabled": true,
"appearanceScreenDisabled": true,
"expressLanguageScreenDisabled": true,
"preferredLanguageScreenDisabled": true,
"deviceToDeviceMigrationDisabled": true,
"welcomeScreenDisabled": true,
"passCodeDisabled": true,
"zoomDisabled": true,
"restoreCompletedScreenDisabled": true,
"updateCompleteScreenDisabled": true,
"forceTemporarySession": true,
"temporarySessionTimeoutInSeconds": 0,
"userSessionTimeoutInSeconds": 11,
"passcodeLockGracePeriodInSeconds": 0,
"carrierActivationUrl": "https://example.com/carrierActivationUrl/",
"userlessSharedAadModeEnabled": true
}