Update deviceManagement
Namespace: microsoft.graph
Important: APIs under the /beta version in Microsoft Graph are subject to change. Use of these APIs in production applications is not supported.
Note: The Microsoft Graph API for Intune requires an active Intune license for the tenant.
Update the properties of a deviceManagement object.
## Permissions
One of the following permissions is required to call this API. To learn more, including how to choose permissions, see Permissions.
Note that the permission vary according to workflow.
| Permission type (by workflow) | Permissions (from most to least privileged) |
|---|---|
| Delegated (work or school account) | |
| Android for Work | DeviceManagementConfiguration.ReadWrite.All |
| Auditing | DeviceManagementApps.ReadWrite.All |
| Company terms | DeviceManagementServiceConfig.ReadWrite.All |
| Device configuration | DeviceManagementConfiguration.ReadWrite.All |
| Device intent | DeviceManagementConfiguration.ReadWrite.All |
| Device management | DeviceManagementManagedDevices.ReadWrite.All |
| Electronic SIM | DeviceManagementConfiguration.ReadWrite.All |
| Enrollment | DeviceManagementServiceConfig.ReadWrite.All |
| Fencing | DeviceManagementConfiguration.ReadWrite.All |
| Notification | DeviceManagementServiceConfig.ReadWrite.All |
| Odj | DeviceManagementServiceConfig.ReadWrite.All |
| Onboarding | DeviceManagementServiceConfig.ReadWrite.All |
| Policy Set | DeviceManagementServiceConfig.ReadWrite.All |
| Role-based access control (RBAC) | DeviceManagementRBAC.ReadWrite.All |
| Remote access | DeviceManagementConfiguration.Read.All |
| Remote assistance | DeviceManagementServiceConfig.ReadWrite.All |
| Software Update | DeviceManagementServiceConfig.ReadWrite.All |
| Telecom expense management | DeviceManagementServiceConfig.ReadWrite.All |
| Troublehooting | DeviceManagementManagedDevices.ReadWrite.All |
| Windows Information Protection | DeviceManagementApps.ReadWrite.All |
| Delegated (personal Microsoft account) | Not supported. |
| Application | |
| Android for Work | DeviceManagementConfiguration.ReadWrite.All |
| Auditing | DeviceManagementApps.ReadWrite.All |
| Company terms | DeviceManagementServiceConfig.ReadWrite.All |
| Device configuration | DeviceManagementConfiguration.ReadWrite.All |
| Device intent | DeviceManagementConfiguration.ReadWrite.All |
| Device management | DeviceManagementManagedDevices.ReadWrite.All |
| Electronic SIM | DeviceManagementConfiguration.ReadWrite.All |
| Enrollment | DeviceManagementServiceConfig.ReadWrite.All |
| Fencing | DeviceManagementConfiguration.ReadWrite.All |
| Notification | DeviceManagementServiceConfig.ReadWrite.All |
| Odj | DeviceManagementServiceConfig.ReadWrite.All |
| Onboarding | DeviceManagementServiceConfig.ReadWrite.All |
| Policy Set | DeviceManagementServiceConfig.ReadWrite.All |
| Role-based access control (RBAC) | DeviceManagementRBAC.ReadWrite.All |
| Remote access | DeviceManagementConfiguration.Read.All |
| Remote assistance | DeviceManagementServiceConfig.ReadWrite.All |
| Software Update | DeviceManagementServiceConfig.ReadWrite.All |
| Telecom expense management | DeviceManagementServiceConfig.ReadWrite.All |
| Troublehooting | DeviceManagementManagedDevices.ReadWrite.All |
| Windows Information Protection | DeviceManagementApps.ReadWrite.All |
This API is available in the following national cloud deployments.
| Global service | US Government L4 | US Government L5 (DOD) | China operated by 21Vianet |
|---|---|---|---|
| ✅ | ✅ | ✅ | ✅ |
HTTP Request
PATCH /deviceManagement
Request headers
| Header | Value |
|---|---|
| Authorization | Bearer {token}. Required. Learn more about authentication and authorization. |
| Accept | application/json |
Request body
In the request body, supply a JSON representation for the deviceManagement object.
The following table shows the properties that are required when you create the deviceManagement.
| Property | Type | Description |
|---|---|---|
| id | String | Unique identifier for the device. |
| Device configuration | ||
| intuneAccountId | GUID | Intune Account ID for given tenant |
| legacyPcManangementEnabled | Boolean | The property to enable Non-MDM managed legacy PC management for this account. This property is read-only. |
| maximumDepTokens | Int32 | Maximum number of DEP tokens allowed per-tenant. |
| settings | deviceManagementSettings | Account level settings. |
| Device management | ||
| accountMoveCompletionDateTime | DateTimeOffset | The date & time when tenant data moved between scaleunits. |
| adminConsent | adminConsent | Admin consent information. |
| deviceProtectionOverview | deviceProtectionOverview | Device protection overview. |
| managedDeviceCleanupSettings | managedDeviceCleanupSettings | Device cleanup rule |
| subscriptionState | deviceManagementSubscriptionState | Tenant mobile device management subscription state. Possible values are: pending, active, warning, disabled, deleted, blocked, lockedOut. |
| subscriptions | deviceManagementSubscriptions | Tenant's Subscription. Possible values are: none, intune, office365, intunePremium, intune_EDU, intune_SMB. |
| windowsMalwareOverview | windowsMalwareOverview | Malware overview for windows devices. |
| Onboarding | ||
| intuneBrand | intuneBrand | intuneBrand contains data which is used in customizing the appearance of the Company Portal applications as well as the end user web portal. |
Request body property support varies according to workflow.
Response
If successful, this method returns a 200 OK response code and an updated deviceManagement object in the response body.
Example
Request
Here is an example of a request following the device management workflow:
PATCH https://graph.microsoft.com/beta/deviceManagement
Content-type: application/json
Content-length: 751
{
"subscriptionState": "active",
"subscriptions": "intune",
"adminConsent": {
"@odata.type": "microsoft.graph.adminConsent",
"shareAPNSData": "granted"
},
"deviceProtectionOverview": {
"@odata.type": "microsoft.graph.deviceProtectionOverview",
"totalReportedDeviceCount": 8,
"inactiveThreatAgentDeviceCount": 14,
"unknownStateThreatAgentDeviceCount": 2,
"pendingSignatureUpdateDeviceCount": 1,
"cleanDeviceCount": 0,
"pendingFullScanDeviceCount": 10,
"pendingRestartDeviceCount": 9,
"pendingManualStepsDeviceCount": 13,
"pendingOfflineScanDeviceCount": 13,
"criticalFailuresDeviceCount": 11
},
"accountMoveCompletionDateTime": "2017-01-01T00:01:17.9006709-08:00"
}
Response
Here is an example of the response.
Note: The response object shown here may be truncated for brevity. Returned properties vary according to workflow and context.
HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 855
{
"@odata.type": "#microsoft.graph.deviceManagement",
"id": "0b283420-3420-0b28-2034-280b2034280b",
"subscriptionState": "active",
"subscriptions": "intune",
"adminConsent": {
"@odata.type": "microsoft.graph.adminConsent",
"shareAPNSData": "granted"
},
"deviceProtectionOverview": {
"@odata.type": "microsoft.graph.deviceProtectionOverview",
"totalReportedDeviceCount": 8,
"inactiveThreatAgentDeviceCount": 14,
"unknownStateThreatAgentDeviceCount": 2,
"pendingSignatureUpdateDeviceCount": 1,
"cleanDeviceCount": 0,
"pendingFullScanDeviceCount": 10,
"pendingRestartDeviceCount": 9,
"pendingManualStepsDeviceCount": 13,
"pendingOfflineScanDeviceCount": 13,
"criticalFailuresDeviceCount": 11
},
"accountMoveCompletionDateTime": "2017-01-01T00:01:17.9006709-08:00"
}