Update-MgDeviceAppManagement
Update the properties of a deviceAppManagement object.
Note
To view the beta release of this cmdlet, view Update-MgBetaDeviceAppManagement
Syntax
UpdateExpanded (Default)
Update-MgDeviceAppManagement
[-ResponseHeadersVariable <string>]
[-AdditionalProperties <hashtable>]
[-AndroidManagedAppProtections <IMicrosoftGraphAndroidManagedAppProtection[]>]
[-DefaultManagedAppProtections <IMicrosoftGraphDefaultManagedAppProtection[]>]
[-Id <string>]
[-IosManagedAppProtections <IMicrosoftGraphIosManagedAppProtection[]>]
[-IsEnabledForMicrosoftStoreForBusiness]
[-ManagedAppPolicies <IMicrosoftGraphManagedAppPolicy[]>]
[-ManagedAppRegistrations <IMicrosoftGraphManagedAppRegistration[]>]
[-ManagedAppStatuses <IMicrosoftGraphManagedAppStatus[]>]
[-ManagedEBooks <IMicrosoftGraphManagedEBook[]>]
[-MdmWindowsInformationProtectionPolicies <IMicrosoftGraphMdmWindowsInformationProtectionPolicy[]>]
[-MicrosoftStoreForBusinessLanguage <string>]
[-MicrosoftStoreForBusinessLastCompletedApplicationSyncTime <datetime>]
[-MicrosoftStoreForBusinessLastSuccessfulSyncDateTime <datetime>]
[-MobileAppCategories <IMicrosoftGraphMobileAppCategory[]>]
[-MobileAppConfigurations <IMicrosoftGraphManagedDeviceMobileAppConfiguration[]>]
[-MobileAppRelationships <IMicrosoftGraphMobileAppRelationship[]>]
[-MobileApps <IMicrosoftGraphMobileApp[]>]
[-TargetedManagedAppConfigurations <IMicrosoftGraphTargetedManagedAppConfiguration[]>]
[-VppTokens <IMicrosoftGraphVppToken[]>]
[-WindowsInformationProtectionPolicies <IMicrosoftGraphWindowsInformationProtectionPolicy[]>]
[-Break]
[-Headers <IDictionary>]
[-HttpPipelineAppend <SendAsyncStep[]>]
[-HttpPipelinePrepend <SendAsyncStep[]>]
[-Proxy <uri>]
[-ProxyCredential <pscredential>]
[-ProxyUseDefaultCredentials]
[-WhatIf]
[-Confirm]
[<CommonParameters>]
Update
Update-MgDeviceAppManagement
-BodyParameter <IMicrosoftGraphDeviceAppManagement>
[-ResponseHeadersVariable <string>]
[-Break]
[-Headers <IDictionary>]
[-HttpPipelineAppend <SendAsyncStep[]>]
[-HttpPipelinePrepend <SendAsyncStep[]>]
[-Proxy <uri>]
[-ProxyCredential <pscredential>]
[-ProxyUseDefaultCredentials]
[-WhatIf]
[-Confirm]
[<CommonParameters>]
Description
Update the properties of a deviceAppManagement object.
Permissions
| Permission type | Permissions (from least to most privileged) |
|---|---|
| Delegated (work or school account) | DeviceManagementApps.ReadWrite.All, DeviceManagementConfiguration.ReadWrite.All, |
| Delegated (personal Microsoft account) | Not supported |
| Application | DeviceManagementApps.ReadWrite.All, DeviceManagementConfiguration.ReadWrite.All, |
Examples
Example 1: Code snippet
Import-Module Microsoft.Graph.Devices.CorporateManagement
$params = @{
"@odata.type" = "#microsoft.graph.deviceAppManagement"
}
Update-MgDeviceAppManagement -BodyParameter $params
This example shows how to use the Update-MgDeviceAppManagement Cmdlet.
Parameters
-AdditionalProperties
Additional Parameters
Parameter properties
| Type: | System.Collections.Hashtable |
| Supports wildcards: | False |
| DontShow: | False |
Parameter sets
UpdateExpanded
| Position: | Named |
| Mandatory: | False |
| Value from pipeline: | False |
| Value from pipeline by property name: | False |
| Value from remaining arguments: | False |
-AndroidManagedAppProtections
Android managed app policies. To construct, see NOTES section for ANDROIDMANAGEDAPPPROTECTIONS properties and create a hash table.
Parameter properties
| Type: | Microsoft.Graph.PowerShell.Models.IMicrosoftGraphAndroidManagedAppProtection[] |
| Supports wildcards: | False |
| DontShow: | False |
Parameter sets
UpdateExpanded
| Position: | Named |
| Mandatory: | False |
| Value from pipeline: | False |
| Value from pipeline by property name: | False |
| Value from remaining arguments: | False |
-BodyParameter
Singleton entity that acts as a container for all device app management functionality. To construct, see NOTES section for BODYPARAMETER properties and create a hash table.
Parameter properties
| Type: | Microsoft.Graph.PowerShell.Models.IMicrosoftGraphDeviceAppManagement |
| Supports wildcards: | False |
| DontShow: | False |
Parameter sets
Update
| Position: | Named |
| Mandatory: | True |
| Value from pipeline: | True |
| Value from pipeline by property name: | False |
| Value from remaining arguments: | False |
-Break
Wait for .NET debugger to attach
Parameter properties
| Type: | System.Management.Automation.SwitchParameter |
| Default value: | False |
| Supports wildcards: | False |
| DontShow: | False |
Parameter sets
(All)
| Position: | Named |
| Mandatory: | False |
| Value from pipeline: | False |
| Value from pipeline by property name: | False |
| Value from remaining arguments: | False |
-Confirm
Prompts you for confirmation before running the cmdlet.
Parameter properties
| Type: | System.Management.Automation.SwitchParameter |
| Supports wildcards: | False |
| DontShow: | False |
| Aliases: | cf |
Parameter sets
(All)
| Position: | Named |
| Mandatory: | False |
| Value from pipeline: | False |
| Value from pipeline by property name: | False |
| Value from remaining arguments: | False |
-DefaultManagedAppProtections
Default managed app policies. To construct, see NOTES section for DEFAULTMANAGEDAPPPROTECTIONS properties and create a hash table.
Parameter properties
| Type: | Microsoft.Graph.PowerShell.Models.IMicrosoftGraphDefaultManagedAppProtection[] |
| Supports wildcards: | False |
| DontShow: | False |
Parameter sets
UpdateExpanded
| Position: | Named |
| Mandatory: | False |
| Value from pipeline: | False |
| Value from pipeline by property name: | False |
| Value from remaining arguments: | False |
-Headers
Optional headers that will be added to the request.
Parameter properties
| Type: | System.Collections.IDictionary |
| Supports wildcards: | False |
| DontShow: | False |
Parameter sets
(All)
| Position: | Named |
| Mandatory: | False |
| Value from pipeline: | True |
| Value from pipeline by property name: | False |
| Value from remaining arguments: | False |
-HttpPipelineAppend
SendAsync Pipeline Steps to be appended to the front of the pipeline
Parameter properties
| Type: | Microsoft.Graph.PowerShell.Runtime.SendAsyncStep[] |
| Supports wildcards: | False |
| DontShow: | False |
Parameter sets
(All)
| Position: | Named |
| Mandatory: | False |
| Value from pipeline: | False |
| Value from pipeline by property name: | False |
| Value from remaining arguments: | False |
-HttpPipelinePrepend
SendAsync Pipeline Steps to be prepended to the front of the pipeline
Parameter properties
| Type: | Microsoft.Graph.PowerShell.Runtime.SendAsyncStep[] |
| Supports wildcards: | False |
| DontShow: | False |
Parameter sets
(All)
| Position: | Named |
| Mandatory: | False |
| Value from pipeline: | False |
| Value from pipeline by property name: | False |
| Value from remaining arguments: | False |
-Id
The unique identifier for an entity. Read-only.
Parameter properties
| Type: | System.String |
| Supports wildcards: | False |
| DontShow: | False |
Parameter sets
UpdateExpanded
| Position: | Named |
| Mandatory: | False |
| Value from pipeline: | False |
| Value from pipeline by property name: | False |
| Value from remaining arguments: | False |
-IosManagedAppProtections
iOS managed app policies. To construct, see NOTES section for IOSMANAGEDAPPPROTECTIONS properties and create a hash table.
Parameter properties
| Type: | Microsoft.Graph.PowerShell.Models.IMicrosoftGraphIosManagedAppProtection[] |
| Supports wildcards: | False |
| DontShow: | False |
Parameter sets
UpdateExpanded
| Position: | Named |
| Mandatory: | False |
| Value from pipeline: | False |
| Value from pipeline by property name: | False |
| Value from remaining arguments: | False |
-IsEnabledForMicrosoftStoreForBusiness
Whether the account is enabled for syncing applications from the Microsoft Store for Business.
Parameter properties
| Type: | System.Management.Automation.SwitchParameter |
| Default value: | False |
| Supports wildcards: | False |
| DontShow: | False |
Parameter sets
UpdateExpanded
| Position: | Named |
| Mandatory: | False |
| Value from pipeline: | False |
| Value from pipeline by property name: | False |
| Value from remaining arguments: | False |
-ManagedAppPolicies
Managed app policies. To construct, see NOTES section for MANAGEDAPPPOLICIES properties and create a hash table.
Parameter properties
| Type: | Microsoft.Graph.PowerShell.Models.IMicrosoftGraphManagedAppPolicy[] |
| Supports wildcards: | False |
| DontShow: | False |
Parameter sets
UpdateExpanded
| Position: | Named |
| Mandatory: | False |
| Value from pipeline: | False |
| Value from pipeline by property name: | False |
| Value from remaining arguments: | False |
-ManagedAppRegistrations
The managed app registrations. To construct, see NOTES section for MANAGEDAPPREGISTRATIONS properties and create a hash table.
Parameter properties
| Type: | Microsoft.Graph.PowerShell.Models.IMicrosoftGraphManagedAppRegistration[] |
| Supports wildcards: | False |
| DontShow: | False |
Parameter sets
UpdateExpanded
| Position: | Named |
| Mandatory: | False |
| Value from pipeline: | False |
| Value from pipeline by property name: | False |
| Value from remaining arguments: | False |
-ManagedAppStatuses
The managed app statuses. To construct, see NOTES section for MANAGEDAPPSTATUSES properties and create a hash table.
Parameter properties
| Type: | Microsoft.Graph.PowerShell.Models.IMicrosoftGraphManagedAppStatus[] |
| Supports wildcards: | False |
| DontShow: | False |
Parameter sets
UpdateExpanded
| Position: | Named |
| Mandatory: | False |
| Value from pipeline: | False |
| Value from pipeline by property name: | False |
| Value from remaining arguments: | False |
-ManagedEBooks
The Managed eBook. To construct, see NOTES section for MANAGEDEBOOKS properties and create a hash table.
Parameter properties
| Type: | Microsoft.Graph.PowerShell.Models.IMicrosoftGraphManagedEBook[] |
| Supports wildcards: | False |
| DontShow: | False |
Parameter sets
UpdateExpanded
| Position: | Named |
| Mandatory: | False |
| Value from pipeline: | False |
| Value from pipeline by property name: | False |
| Value from remaining arguments: | False |
-MdmWindowsInformationProtectionPolicies
Windows information protection for apps running on devices which are MDM enrolled. To construct, see NOTES section for MDMWINDOWSINFORMATIONPROTECTIONPOLICIES properties and create a hash table.
Parameter properties
| Type: | Microsoft.Graph.PowerShell.Models.IMicrosoftGraphMdmWindowsInformationProtectionPolicy[] |
| Supports wildcards: | False |
| DontShow: | False |
Parameter sets
UpdateExpanded
| Position: | Named |
| Mandatory: | False |
| Value from pipeline: | False |
| Value from pipeline by property name: | False |
| Value from remaining arguments: | False |
-MicrosoftStoreForBusinessLanguage
The locale information used to sync applications from the Microsoft Store for Business. Cultures that are specific to a country/region. The names of these cultures follow RFC 4646 (Windows Vista and later). The format is -<country/regioncode2>, where is a lowercase two-letter code derived from ISO 639-1 and <country/regioncode2> is an uppercase two-letter code derived from ISO 3166. For example, en-US for English (United States) is a specific culture.
Parameter properties
| Type: | System.String |
| Supports wildcards: | False |
| DontShow: | False |
Parameter sets
UpdateExpanded
| Position: | Named |
| Mandatory: | False |
| Value from pipeline: | False |
| Value from pipeline by property name: | False |
| Value from remaining arguments: | False |
-MicrosoftStoreForBusinessLastCompletedApplicationSyncTime
The last time an application sync from the Microsoft Store for Business was completed.
Parameter properties
| Type: | System.DateTime |
| Supports wildcards: | False |
| DontShow: | False |
Parameter sets
UpdateExpanded
| Position: | Named |
| Mandatory: | False |
| Value from pipeline: | False |
| Value from pipeline by property name: | False |
| Value from remaining arguments: | False |
-MicrosoftStoreForBusinessLastSuccessfulSyncDateTime
The last time the apps from the Microsoft Store for Business were synced successfully for the account.
Parameter properties
| Type: | System.DateTime |
| Supports wildcards: | False |
| DontShow: | False |
Parameter sets
UpdateExpanded
| Position: | Named |
| Mandatory: | False |
| Value from pipeline: | False |
| Value from pipeline by property name: | False |
| Value from remaining arguments: | False |
-MobileAppCategories
The mobile app categories. To construct, see NOTES section for MOBILEAPPCATEGORIES properties and create a hash table.
Parameter properties
| Type: | Microsoft.Graph.PowerShell.Models.IMicrosoftGraphMobileAppCategory[] |
| Supports wildcards: | False |
| DontShow: | False |
Parameter sets
UpdateExpanded
| Position: | Named |
| Mandatory: | False |
| Value from pipeline: | False |
| Value from pipeline by property name: | False |
| Value from remaining arguments: | False |
-MobileAppConfigurations
The Managed Device Mobile Application Configurations. To construct, see NOTES section for MOBILEAPPCONFIGURATIONS properties and create a hash table.
Parameter properties
| Type: | Microsoft.Graph.PowerShell.Models.IMicrosoftGraphManagedDeviceMobileAppConfiguration[] |
| Supports wildcards: | False |
| DontShow: | False |
Parameter sets
UpdateExpanded
| Position: | Named |
| Mandatory: | False |
| Value from pipeline: | False |
| Value from pipeline by property name: | False |
| Value from remaining arguments: | False |
-MobileAppRelationships
The mobile app relationship represents the dependency or supersedence relationship between two Intune mobile LOB applications. To construct, see NOTES section for MOBILEAPPRELATIONSHIPS properties and create a hash table.
Parameter properties
| Type: | Microsoft.Graph.PowerShell.Models.IMicrosoftGraphMobileAppRelationship[] |
| Supports wildcards: | False |
| DontShow: | False |
Parameter sets
UpdateExpanded
| Position: | Named |
| Mandatory: | False |
| Value from pipeline: | False |
| Value from pipeline by property name: | False |
| Value from remaining arguments: | False |
-MobileApps
The mobile apps. To construct, see NOTES section for MOBILEAPPS properties and create a hash table.
Parameter properties
| Type: | Microsoft.Graph.PowerShell.Models.IMicrosoftGraphMobileApp[] |
| Supports wildcards: | False |
| DontShow: | False |
Parameter sets
UpdateExpanded
| Position: | Named |
| Mandatory: | False |
| Value from pipeline: | False |
| Value from pipeline by property name: | False |
| Value from remaining arguments: | False |
-Proxy
The URI for the proxy server to use
Parameter properties
| Type: | System.Uri |
| Supports wildcards: | False |
| DontShow: | False |
Parameter sets
(All)
| Position: | Named |
| Mandatory: | False |
| Value from pipeline: | False |
| Value from pipeline by property name: | False |
| Value from remaining arguments: | False |
-ProxyCredential
Credentials for a proxy server to use for the remote call
Parameter properties
| Type: | System.Management.Automation.PSCredential |
| Supports wildcards: | False |
| DontShow: | False |
Parameter sets
(All)
| Position: | Named |
| Mandatory: | False |
| Value from pipeline: | False |
| Value from pipeline by property name: | False |
| Value from remaining arguments: | False |
-ProxyUseDefaultCredentials
Use the default credentials for the proxy
Parameter properties
| Type: | System.Management.Automation.SwitchParameter |
| Default value: | False |
| Supports wildcards: | False |
| DontShow: | False |
Parameter sets
(All)
| Position: | Named |
| Mandatory: | False |
| Value from pipeline: | False |
| Value from pipeline by property name: | False |
| Value from remaining arguments: | False |
-ResponseHeadersVariable
Optional Response Headers Variable.
Parameter properties
| Type: | System.String |
| Supports wildcards: | False |
| DontShow: | False |
| Aliases: | RHV |
Parameter sets
(All)
| Position: | Named |
| Mandatory: | False |
| Value from pipeline: | False |
| Value from pipeline by property name: | False |
| Value from remaining arguments: | False |
-TargetedManagedAppConfigurations
Targeted managed app configurations. To construct, see NOTES section for TARGETEDMANAGEDAPPCONFIGURATIONS properties and create a hash table.
Parameter properties
| Type: | Microsoft.Graph.PowerShell.Models.IMicrosoftGraphTargetedManagedAppConfiguration[] |
| Supports wildcards: | False |
| DontShow: | False |
Parameter sets
UpdateExpanded
| Position: | Named |
| Mandatory: | False |
| Value from pipeline: | False |
| Value from pipeline by property name: | False |
| Value from remaining arguments: | False |
-VppTokens
List of Vpp tokens for this organization. To construct, see NOTES section for VPPTOKENS properties and create a hash table.
Parameter properties
| Type: | Microsoft.Graph.PowerShell.Models.IMicrosoftGraphVppToken[] |
| Supports wildcards: | False |
| DontShow: | False |
Parameter sets
UpdateExpanded
| Position: | Named |
| Mandatory: | False |
| Value from pipeline: | False |
| Value from pipeline by property name: | False |
| Value from remaining arguments: | False |
-WhatIf
Runs the command in a mode that only reports what would happen without performing the actions.
Parameter properties
| Type: | System.Management.Automation.SwitchParameter |
| Supports wildcards: | False |
| DontShow: | False |
| Aliases: | wi |
Parameter sets
(All)
| Position: | Named |
| Mandatory: | False |
| Value from pipeline: | False |
| Value from pipeline by property name: | False |
| Value from remaining arguments: | False |
-WindowsInformationProtectionPolicies
Windows information protection for apps running on devices which are not MDM enrolled. To construct, see NOTES section for WINDOWSINFORMATIONPROTECTIONPOLICIES properties and create a hash table.
Parameter properties
| Type: | Microsoft.Graph.PowerShell.Models.IMicrosoftGraphWindowsInformationProtectionPolicy[] |
| Supports wildcards: | False |
| DontShow: | False |
Parameter sets
UpdateExpanded
| Position: | Named |
| Mandatory: | False |
| Value from pipeline: | False |
| Value from pipeline by property name: | False |
| Value from remaining arguments: | False |
CommonParameters
This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutBuffer, -OutVariable, -PipelineVariable, -ProgressAction, -Verbose, -WarningAction, and -WarningVariable. For more information, see about_CommonParameters.
Inputs
Microsoft.Graph.PowerShell.Models.IMicrosoftGraphDeviceAppManagement
{{ Fill in the Description }}
System.Collections.IDictionary
{{ Fill in the Description }}
Outputs
Microsoft.Graph.PowerShell.Models.IMicrosoftGraphDeviceAppManagement
{{ Fill in the Description }}
Notes
COMPLEX PARAMETER PROPERTIES
To create the parameters described below, construct a hash table containing the appropriate properties. For information on hash tables, run Get-Help about_Hash_Tables.
ANDROIDMANAGEDAPPPROTECTIONS <IMicrosoftGraphAndroidManagedAppProtection[]>: Android managed app policies. [Assignments <IMicrosoftGraphTargetedManagedAppPolicyAssignment[]>]: Navigation property to list of inclusion and exclusion groups to which the policy is deployed. [Id <String>]: The unique identifier for an entity. Read-only. [Target <IMicrosoftGraphDeviceAndAppManagementAssignmentTarget>]: Base type for assignment targets. [(Any) <Object>]: This indicates any property can be added to this object. [IsAssigned <Boolean?>]: Indicates if the policy is deployed to any inclusion groups or not. [AllowedDataStorageLocations <ManagedAppDataStorageLocation[]>]: Data storage locations where a user may store managed data. [AllowedInboundDataTransferSources <ManagedAppDataTransferLevel?>]: Data can be transferred from/to these classes of apps [AllowedOutboundClipboardSharingLevel <ManagedAppClipboardSharingLevel?>]: Represents the level to which the device's clipboard may be shared between apps [AllowedOutboundDataTransferDestinations <ManagedAppDataTransferLevel?>]: Data can be transferred from/to these classes of apps [ContactSyncBlocked <Boolean?>]: Indicates whether contacts can be synced to the user's device. [DataBackupBlocked <Boolean?>]: Indicates whether the backup of a managed app's data is blocked. [DeviceComplianceRequired <Boolean?>]: Indicates whether device compliance is required. [DisableAppPinIfDevicePinIsSet <Boolean?>]: Indicates whether use of the app pin is required if the device pin is set. [FingerprintBlocked <Boolean?>]: Indicates whether use of the fingerprint reader is allowed in place of a pin if PinRequired is set to True. [ManagedBrowser <ManagedBrowserType?>]: Type of managed browser [ManagedBrowserToOpenLinksRequired <Boolean?>]: Indicates whether internet links should be opened in the managed browser app, or any custom browser specified by CustomBrowserProtocol (for iOS) or CustomBrowserPackageId/CustomBrowserDisplayName (for Android) [MaximumPinRetries <Int32?>]: Maximum number of incorrect pin retry attempts before the managed app is either blocked or wiped. Valid values 1 to 65535 [MinimumPinLength <Int32?>]: Minimum pin length required for an app-level pin if PinRequired is set to True [MinimumRequiredAppVersion <String>]: Versions less than the specified version will block the managed app from accessing company data. [MinimumRequiredOSVersion <String>]: Versions less than the specified version will block the managed app from accessing company data. [MinimumWarningAppVersion <String>]: Versions less than the specified version will result in warning message on the managed app. [MinimumWarningOSVersion <String>]: Versions less than the specified version will result in warning message on the managed app from accessing company data. [OrganizationalCredentialsRequired <Boolean?>]: Indicates whether organizational credentials are required for app use. [PeriodBeforePinReset <TimeSpan?>]: TimePeriod before the all-level pin must be reset if PinRequired is set to True. [PeriodOfflineBeforeAccessCheck <TimeSpan?>]: The period after which access is checked when the device is not connected to the internet. [PeriodOfflineBeforeWipeIsEnforced <TimeSpan?>]: The amount of time an app is allowed to remain disconnected from the internet before all managed data it is wiped. [PeriodOnlineBeforeAccessCheck <TimeSpan?>]: The period after which access is checked when the device is connected to the internet. [PinCharacterSet <ManagedAppPinCharacterSet?>]: Character set which is to be used for a user's app PIN [PinRequired <Boolean?>]: Indicates whether an app-level pin is required. [PrintBlocked <Boolean?>]: Indicates whether printing is allowed from managed apps. [SaveAsBlocked <Boolean?>]: Indicates whether users may use the 'Save As' menu item to save a copy of protected files. [SimplePinBlocked <Boolean?>]: Indicates whether simplePin is blocked. [CreatedDateTime <DateTime?>]: The date and time the policy was created. [Description <String>]: The policy's description. [DisplayName <String>]: Policy display name. [LastModifiedDateTime <DateTime?>]: Last time the policy was modified. [Version <String>]: Version of the entity. [Id <String>]: The unique identifier for an entity. Read-only. [Apps <IMicrosoftGraphManagedMobileApp[]>]: List of apps to which the policy is deployed. [Id <String>]: The unique identifier for an entity. Read-only. [MobileAppIdentifier <IMicrosoftGraphMobileAppIdentifier>]: The identifier for a mobile app. [(Any) <Object>]: This indicates any property can be added to this object. [Version <String>]: Version of the entity. [CustomBrowserDisplayName <String>]: Friendly name of the preferred custom browser to open weblink on Android. When this property is configured, ManagedBrowserToOpenLinksRequired should be true. [CustomBrowserPackageId <String>]: Unique identifier of the preferred custom browser to open weblink on Android. When this property is configured, ManagedBrowserToOpenLinksRequired should be true. [DeployedAppCount <Int32?>]: Count of apps to which the current policy is deployed. [DeploymentSummary <IMicrosoftGraphManagedAppPolicyDeploymentSummary>]: The ManagedAppEntity is the base entity type for all other entity types under app management workflow. [(Any) <Object>]: This indicates any property can be added to this object. [Id <String>]: The unique identifier for an entity. Read-only. [ConfigurationDeployedUserCount <Int32?>]: [ConfigurationDeploymentSummaryPerApp <IMicrosoftGraphManagedAppPolicyDeploymentSummaryPerApp[]>]: [ConfigurationAppliedUserCount <Int32?>]: Number of users the policy is applied. [MobileAppIdentifier <IMicrosoftGraphMobileAppIdentifier>]: The identifier for a mobile app. [DisplayName <String>]: [LastRefreshTime <DateTime?>]: [Version <String>]: Version of the entity. [DisableAppEncryptionIfDeviceEncryptionIsEnabled <Boolean?>]: When this setting is enabled, app level encryption is disabled if device level encryption is enabled [EncryptAppData <Boolean?>]: Indicates whether application data for managed apps should be encrypted [MinimumRequiredPatchVersion <String>]: Define the oldest required Android security patch level a user can have to gain secure access to the app. [MinimumWarningPatchVersion <String>]: Define the oldest recommended Android security patch level a user can have for secure access to the app. [ScreenCaptureBlocked <Boolean?>]: Indicates whether a managed user can take screen captures of managed apps
BODYPARAMETER <IMicrosoftGraphDeviceAppManagement>: Singleton entity that acts as a container for all device app management functionality.
[(Any) <Object>]: This indicates any property can be added to this object.
[Id <String>]: The unique identifier for an entity.
Read-only.
[AndroidManagedAppProtections <IMicrosoftGraphAndroidManagedAppProtection[]>]: Android managed app policies.
[Assignments <IMicrosoftGraphTargetedManagedAppPolicyAssignment[]>]: Navigation property to list of inclusion and exclusion groups to which the policy is deployed.
[Id <String>]: The unique identifier for an entity.
Read-only.
[Target <IMicrosoftGraphDeviceAndAppManagementAssignmentTarget>]: Base type for assignment targets.
[(Any) <Object>]: This indicates any property can be added to this object.
[IsAssigned <Boolean?>]: Indicates if the policy is deployed to any inclusion groups or not.
[AllowedDataStorageLocations <ManagedAppDataStorageLocation[]>]: Data storage locations where a user may store managed data.
[AllowedInboundDataTransferSources <ManagedAppDataTransferLevel?>]: Data can be transferred from/to these classes of apps
[AllowedOutboundClipboardSharingLevel <ManagedAppClipboardSharingLevel?>]: Represents the level to which the device's clipboard may be shared between apps
[AllowedOutboundDataTransferDestinations <ManagedAppDataTransferLevel?>]: Data can be transferred from/to these classes of apps
[ContactSyncBlocked <Boolean?>]: Indicates whether contacts can be synced to the user's device.
[DataBackupBlocked <Boolean?>]: Indicates whether the backup of a managed app's data is blocked.
[DeviceComplianceRequired <Boolean?>]: Indicates whether device compliance is required.
[DisableAppPinIfDevicePinIsSet <Boolean?>]: Indicates whether use of the app pin is required if the device pin is set.
[FingerprintBlocked <Boolean?>]: Indicates whether use of the fingerprint reader is allowed in place of a pin if PinRequired is set to True.
[ManagedBrowser <ManagedBrowserType?>]: Type of managed browser
[ManagedBrowserToOpenLinksRequired <Boolean?>]: Indicates whether internet links should be opened in the managed browser app, or any custom browser specified by CustomBrowserProtocol (for iOS) or CustomBrowserPackageId/CustomBrowserDisplayName (for Android)
[MaximumPinRetries <Int32?>]: Maximum number of incorrect pin retry attempts before the managed app is either blocked or wiped.
Valid values 1 to 65535
[MinimumPinLength <Int32?>]: Minimum pin length required for an app-level pin if PinRequired is set to True
[MinimumRequiredAppVersion <String>]: Versions less than the specified version will block the managed app from accessing company data.
[MinimumRequiredOSVersion <String>]: Versions less than the specified version will block the managed app from accessing company data.
[MinimumWarningAppVersion <String>]: Versions less than the specified version will result in warning message on the managed app.
[MinimumWarningOSVersion <String>]: Versions less than the specified version will result in warning message on the managed app from accessing company data.
[OrganizationalCredentialsRequired <Boolean?>]: Indicates whether organizational credentials are required for app use.
[PeriodBeforePinReset <TimeSpan?>]: TimePeriod before the all-level pin must be reset if PinRequired is set to True.
[PeriodOfflineBeforeAccessCheck <TimeSpan?>]: The period after which access is checked when the device is not connected to the internet.
[PeriodOfflineBeforeWipeIsEnforced <TimeSpan?>]: The amount of time an app is allowed to remain disconnected from the internet before all managed data it is wiped.
[PeriodOnlineBeforeAccessCheck <TimeSpan?>]: The period after which access is checked when the device is connected to the internet.
[PinCharacterSet <ManagedAppPinCharacterSet?>]: Character set which is to be used for a user's app PIN
[PinRequired <Boolean?>]: Indicates whether an app-level pin is required.
[PrintBlocked <Boolean?>]: Indicates whether printing is allowed from managed apps.
[SaveAsBlocked <Boolean?>]: Indicates whether users may use the 'Save As' menu item to save a copy of protected files.
[SimplePinBlocked <Boolean?>]: Indicates whether simplePin is blocked.
[CreatedDateTime <DateTime?>]: The date and time the policy was created.
[Description <String>]: The policy's description.
[DisplayName <String>]: Policy display name.
[LastModifiedDateTime <DateTime?>]: Last time the policy was modified.
[Version <String>]: Version of the entity.
[Id <String>]: The unique identifier for an entity.
Read-only.
[Apps <IMicrosoftGraphManagedMobileApp[]>]: List of apps to which the policy is deployed.
[Id <String>]: The unique identifier for an entity.
Read-only.
[MobileAppIdentifier <IMicrosoftGraphMobileAppIdentifier>]: The identifier for a mobile app.
[(Any) <Object>]: This indicates any property can be added to this object.
[Version <String>]: Version of the entity.
[CustomBrowserDisplayName <String>]: Friendly name of the preferred custom browser to open weblink on Android.
When this property is configured, ManagedBrowserToOpenLinksRequired should be true.
[CustomBrowserPackageId <String>]: Unique identifier of the preferred custom browser to open weblink on Android.
When this property is configured, ManagedBrowserToOpenLinksRequired should be true.
[DeployedAppCount <Int32?>]: Count of apps to which the current policy is deployed.
[DeploymentSummary <IMicrosoftGraphManagedAppPolicyDeploymentSummary>]: The ManagedAppEntity is the base entity type for all other entity types under app management workflow.
[(Any) <Object>]: This indicates any property can be added to this object.
[Id <String>]: The unique identifier for an entity.
Read-only.
[ConfigurationDeployedUserCount <Int32?>]:
[ConfigurationDeploymentSummaryPerApp <IMicrosoftGraphManagedAppPolicyDeploymentSummaryPerApp[]>]:
[ConfigurationAppliedUserCount <Int32?>]: Number of users the policy is applied.
[MobileAppIdentifier <IMicrosoftGraphMobileAppIdentifier>]: The identifier for a mobile app.
[DisplayName <String>]:
[LastRefreshTime <DateTime?>]:
[Version <String>]: Version of the entity.
[DisableAppEncryptionIfDeviceEncryptionIsEnabled <Boolean?>]: When this setting is enabled, app level encryption is disabled if device level encryption is enabled
[EncryptAppData <Boolean?>]: Indicates whether application data for managed apps should be encrypted
[MinimumRequiredPatchVersion <String>]: Define the oldest required Android security patch level a user can have to gain secure access to the app.
[MinimumWarningPatchVersion <String>]: Define the oldest recommended Android security patch level a user can have for secure access to the app.
[ScreenCaptureBlocked <Boolean?>]: Indicates whether a managed user can take screen captures of managed apps
[DefaultManagedAppProtections <IMicrosoftGraphDefaultManagedAppProtection[]>]: Default managed app policies.
[AllowedDataStorageLocations <ManagedAppDataStorageLocation[]>]: Data storage locations where a user may store managed data.
[AllowedInboundDataTransferSources <ManagedAppDataTransferLevel?>]: Data can be transferred from/to these classes of apps
[AllowedOutboundClipboardSharingLevel <ManagedAppClipboardSharingLevel?>]: Represents the level to which the device's clipboard may be shared between apps
[AllowedOutboundDataTransferDestinations <ManagedAppDataTransferLevel?>]: Data can be transferred from/to these classes of apps
[ContactSyncBlocked <Boolean?>]: Indicates whether contacts can be synced to the user's device.
[DataBackupBlocked <Boolean?>]: Indicates whether the backup of a managed app's data is blocked.
[DeviceComplianceRequired <Boolean?>]: Indicates whether device compliance is required.
[DisableAppPinIfDevicePinIsSet <Boolean?>]: Indicates whether use of the app pin is required if the device pin is set.
[FingerprintBlocked <Boolean?>]: Indicates whether use of the fingerprint reader is allowed in place of a pin if PinRequired is set to True.
[ManagedBrowser <ManagedBrowserType?>]: Type of managed browser
[ManagedBrowserToOpenLinksRequired <Boolean?>]: Indicates whether internet links should be opened in the managed browser app, or any custom browser specified by CustomBrowserProtocol (for iOS) or CustomBrowserPackageId/CustomBrowserDisplayName (for Android)
[MaximumPinRetries <Int32?>]: Maximum number of incorrect pin retry attempts before the managed app is either blocked or wiped.
Valid values 1 to 65535
[MinimumPinLength <Int32?>]: Minimum pin length required for an app-level pin if PinRequired is set to True
[MinimumRequiredAppVersion <String>]: Versions less than the specified version will block the managed app from accessing company data.
[MinimumRequiredOSVersion <String>]: Versions less than the specified version will block the managed app from accessing company data.
[MinimumWarningAppVersion <String>]: Versions less than the specified version will result in warning message on the managed app.
[MinimumWarningOSVersion <String>]: Versions less than the specified version will result in warning message on the managed app from accessing company data.
[OrganizationalCredentialsRequired <Boolean?>]: Indicates whether organizational credentials are required for app use.
[PeriodBeforePinReset <TimeSpan?>]: TimePeriod before the all-level pin must be reset if PinRequired is set to True.
[PeriodOfflineBeforeAccessCheck <TimeSpan?>]: The period after which access is checked when the device is not connected to the internet.
[PeriodOfflineBeforeWipeIsEnforced <TimeSpan?>]: The amount of time an app is allowed to remain disconnected from the internet before all managed data it is wiped.
[PeriodOnlineBeforeAccessCheck <TimeSpan?>]: The period after which access is checked when the device is connected to the internet.
[PinCharacterSet <ManagedAppPinCharacterSet?>]: Character set which is to be used for a user's app PIN
[PinRequired <Boolean?>]: Indicates whether an app-level pin is required.
[PrintBlocked <Boolean?>]: Indicates whether printing is allowed from managed apps.
[SaveAsBlocked <Boolean?>]: Indicates whether users may use the 'Save As' menu item to save a copy of protected files.
[SimplePinBlocked <Boolean?>]: Indicates whether simplePin is blocked.
[CreatedDateTime <DateTime?>]: The date and time the policy was created.
[Description <String>]: The policy's description.
[DisplayName <String>]: Policy display name.
[LastModifiedDateTime <DateTime?>]: Last time the policy was modified.
[Version <String>]: Version of the entity.
[Id <String>]: The unique identifier for an entity.
Read-only.
[AppDataEncryptionType <ManagedAppDataEncryptionType?>]: Represents the level to which app data is encrypted for managed apps
[Apps <IMicrosoftGraphManagedMobileApp[]>]: List of apps to which the policy is deployed.
[CustomSettings <IMicrosoftGraphKeyValuePair[]>]: A set of string key and string value pairs to be sent to the affected users, unalterned by this service
[Name <String>]: Name for this key-value pair
[Value <String>]: Value for this key-value pair
[DeployedAppCount <Int32?>]: Count of apps to which the current policy is deployed.
[DeploymentSummary <IMicrosoftGraphManagedAppPolicyDeploymentSummary>]: The ManagedAppEntity is the base entity type for all other entity types under app management workflow.
[DisableAppEncryptionIfDeviceEncryptionIsEnabled <Boolean?>]: When this setting is enabled, app level encryption is disabled if device level encryption is enabled.
(Android only)
[EncryptAppData <Boolean?>]: Indicates whether managed-app data should be encrypted.
(Android only)
[FaceIdBlocked <Boolean?>]: Indicates whether use of the FaceID is allowed in place of a pin if PinRequired is set to True.
(iOS Only)
[MinimumRequiredPatchVersion <String>]: Define the oldest required Android security patch level a user can have to gain secure access to the app.
(Android only)
[MinimumRequiredSdkVersion <String>]: Versions less than the specified version will block the managed app from accessing company data.
(iOS Only)
[MinimumWarningPatchVersion <String>]: Define the oldest recommended Android security patch level a user can have for secure access to the app.
(Android only)
[ScreenCaptureBlocked <Boolean?>]: Indicates whether screen capture is blocked.
(Android only)
[IosManagedAppProtections <IMicrosoftGraphIosManagedAppProtection[]>]: iOS managed app policies.
[Assignments <IMicrosoftGraphTargetedManagedAppPolicyAssignment[]>]: Navigation property to list of inclusion and exclusion groups to which the policy is deployed.
[IsAssigned <Boolean?>]: Indicates if the policy is deployed to any inclusion groups or not.
[AllowedDataStorageLocations <ManagedAppDataStorageLocation[]>]: Data storage locations where a user may store managed data.
[AllowedInboundDataTransferSources <ManagedAppDataTransferLevel?>]: Data can be transferred from/to these classes of apps
[AllowedOutboundClipboardSharingLevel <ManagedAppClipboardSharingLevel?>]: Represents the level to which the device's clipboard may be shared between apps
[AllowedOutboundDataTransferDestinations <ManagedAppDataTransferLevel?>]: Data can be transferred from/to these classes of apps
[ContactSyncBlocked <Boolean?>]: Indicates whether contacts can be synced to the user's device.
[DataBackupBlocked <Boolean?>]: Indicates whether the backup of a managed app's data is blocked.
[DeviceComplianceRequired <Boolean?>]: Indicates whether device compliance is required.
[DisableAppPinIfDevicePinIsSet <Boolean?>]: Indicates whether use of the app pin is required if the device pin is set.
[FingerprintBlocked <Boolean?>]: Indicates whether use of the fingerprint reader is allowed in place of a pin if PinRequired is set to True.
[ManagedBrowser <ManagedBrowserType?>]: Type of managed browser
[ManagedBrowserToOpenLinksRequired <Boolean?>]: Indicates whether internet links should be opened in the managed browser app, or any custom browser specified by CustomBrowserProtocol (for iOS) or CustomBrowserPackageId/CustomBrowserDisplayName (for Android)
[MaximumPinRetries <Int32?>]: Maximum number of incorrect pin retry attempts before the managed app is either blocked or wiped.
Valid values 1 to 65535
[MinimumPinLength <Int32?>]: Minimum pin length required for an app-level pin if PinRequired is set to True
[MinimumRequiredAppVersion <String>]: Versions less than the specified version will block the managed app from accessing company data.
[MinimumRequiredOSVersion <String>]: Versions less than the specified version will block the managed app from accessing company data.
[MinimumWarningAppVersion <String>]: Versions less than the specified version will result in warning message on the managed app.
[MinimumWarningOSVersion <String>]: Versions less than the specified version will result in warning message on the managed app from accessing company data.
[OrganizationalCredentialsRequired <Boolean?>]: Indicates whether organizational credentials are required for app use.
[PeriodBeforePinReset <TimeSpan?>]: TimePeriod before the all-level pin must be reset if PinRequired is set to True.
[PeriodOfflineBeforeAccessCheck <TimeSpan?>]: The period after which access is checked when the device is not connected to the internet.
[PeriodOfflineBeforeWipeIsEnforced <TimeSpan?>]: The amount of time an app is allowed to remain disconnected from the internet before all managed data it is wiped.
[PeriodOnlineBeforeAccessCheck <TimeSpan?>]: The period after which access is checked when the device is connected to the internet.
[PinCharacterSet <ManagedAppPinCharacterSet?>]: Character set which is to be used for a user's app PIN
[PinRequired <Boolean?>]: Indicates whether an app-level pin is required.
[PrintBlocked <Boolean?>]: Indicates whether printing is allowed from managed apps.
[SaveAsBlocked <Boolean?>]: Indicates whether users may use the 'Save As' menu item to save a copy of protected files.
[SimplePinBlocked <Boolean?>]: Indicates whether simplePin is blocked.
[CreatedDateTime <DateTime?>]: The date and time the policy was created.
[Description <String>]: The policy's description.
[DisplayName <String>]: Policy display name.
[LastModifiedDateTime <DateTime?>]: Last time the policy was modified.
[Version <String>]: Version of the entity.
[Id <String>]: The unique identifier for an entity.
Read-only.
[AppDataEncryptionType <ManagedAppDataEncryptionType?>]: Represents the level to which app data is encrypted for managed apps
[Apps <IMicrosoftGraphManagedMobileApp[]>]: List of apps to which the policy is deployed.
[CustomBrowserProtocol <String>]: A custom browser protocol to open weblink on iOS.
When this property is configured, ManagedBrowserToOpenLinksRequired should be true.
[DeployedAppCount <Int32?>]: Count of apps to which the current policy is deployed.
[DeploymentSummary <IMicrosoftGraphManagedAppPolicyDeploymentSummary>]: The ManagedAppEntity is the base entity type for all other entity types under app management workflow.
[FaceIdBlocked <Boolean?>]: Indicates whether use of the FaceID is allowed in place of a pin if PinRequired is set to True.
[MinimumRequiredSdkVersion <String>]: Versions less than the specified version will block the managed app from accessing company data.
[IsEnabledForMicrosoftStoreForBusiness <Boolean?>]: Whether the account is enabled for syncing applications from the Microsoft Store for Business.
[ManagedAppPolicies <IMicrosoftGraphManagedAppPolicy[]>]: Managed app policies.
[Id <String>]: The unique identifier for an entity.
Read-only.
[CreatedDateTime <DateTime?>]: The date and time the policy was created.
[Description <String>]: The policy's description.
[DisplayName <String>]: Policy display name.
[LastModifiedDateTime <DateTime?>]: Last time the policy was modified.
[Version <String>]: Version of the entity.
[ManagedAppRegistrations <IMicrosoftGraphManagedAppRegistration[]>]: The managed app registrations.
[Id <String>]: The unique identifier for an entity.
Read-only.
[AppIdentifier <IMicrosoftGraphMobileAppIdentifier>]: The identifier for a mobile app.
[ApplicationVersion <String>]: App version
[AppliedPolicies <IMicrosoftGraphManagedAppPolicy[]>]: Zero or more policys already applied on the registered app when it last synchronized with managment service.
[CreatedDateTime <DateTime?>]: Date and time of creation
[DeviceName <String>]: Host device name
[DeviceTag <String>]: App management SDK generated tag, which helps relate apps hosted on the same device.
Not guaranteed to relate apps in all conditions.
[DeviceType <String>]: Host device type
[FlaggedReasons <ManagedAppFlaggedReason[]>]: Zero or more reasons an app registration is flagged.
E.g.
app running on rooted device
[IntendedPolicies <IMicrosoftGraphManagedAppPolicy[]>]: Zero or more policies admin intended for the app as of now.
[LastSyncDateTime <DateTime?>]: Date and time of last the app synced with management service.
[ManagementSdkVersion <String>]: App management SDK version
[Operations <IMicrosoftGraphManagedAppOperation[]>]: Zero or more long running operations triggered on the app registration.
[Id <String>]: The unique identifier for an entity.
Read-only.
[DisplayName <String>]: The operation name.
[LastModifiedDateTime <DateTime?>]: The last time the app operation was modified.
[State <String>]: The current state of the operation
[Version <String>]: Version of the entity.
[PlatformVersion <String>]: Operating System version
[UserId <String>]: The user Id to who this app registration belongs.
[Version <String>]: Version of the entity.
[ManagedAppStatuses <IMicrosoftGraphManagedAppStatus[]>]: The managed app statuses.
[Id <String>]: The unique identifier for an entity.
Read-only.
[DisplayName <String>]: Friendly name of the status report.
[Version <String>]: Version of the entity.
[ManagedEBooks <IMicrosoftGraphManagedEBook[]>]: The Managed eBook.
[Id <String>]: The unique identifier for an entity.
Read-only.
[Assignments <IMicrosoftGraphManagedEBookAssignment[]>]: The list of assignments for this eBook.
[Id <String>]: The unique identifier for an entity.
Read-only.
[InstallIntent <InstallIntent?>]: Possible values for the install intent chosen by the admin.
[Target <IMicrosoftGraphDeviceAndAppManagementAssignmentTarget>]: Base type for assignment targets.
[CreatedDateTime <DateTime?>]: The date and time when the eBook file was created.
[Description <String>]: Description.
[DeviceStates <IMicrosoftGraphDeviceInstallState[]>]: The list of installation states for this eBook.
[Id <String>]: The unique identifier for an entity.
Read-only.
[DeviceId <String>]: Device Id.
[DeviceName <String>]: Device name.
[ErrorCode <String>]: The error code for install failures.
[InstallState <InstallState?>]: Possible values for install state.
[LastSyncDateTime <DateTime?>]: Last sync date and time.
[OSDescription <String>]: OS Description.
[OSVersion <String>]: OS Version.
[UserName <String>]: Device User Name.
[DisplayName <String>]: Name of the eBook.
[InformationUrl <String>]: The more information Url.
[InstallSummary <IMicrosoftGraphEBookInstallSummary>]: Contains properties for the installation summary of a book for a device.
[(Any) <Object>]: This indicates any property can be added to this object.
[Id <String>]: The unique identifier for an entity.
Read-only.
[FailedDeviceCount <Int32?>]: Number of Devices that have failed to install this book.
[FailedUserCount <Int32?>]: Number of Users that have 1 or more device that failed to install this book.
[InstalledDeviceCount <Int32?>]: Number of Devices that have successfully installed this book.
[InstalledUserCount <Int32?>]: Number of Users whose devices have all succeeded to install this book.
[NotInstalledDeviceCount <Int32?>]: Number of Devices that does not have this book installed.
[NotInstalledUserCount <Int32?>]: Number of Users that did not install this book.
[LargeCover <IMicrosoftGraphMimeContent>]: Contains properties for a generic mime content.
[(Any) <Object>]: This indicates any property can be added to this object.
[Type <String>]: Indicates the content mime type.
[Value <Byte[]>]: The byte array that contains the actual content.
[LastModifiedDateTime <DateTime?>]: The date and time when the eBook was last modified.
[PrivacyInformationUrl <String>]: The privacy statement Url.
[PublishedDateTime <DateTime?>]: The date and time when the eBook was published.
[Publisher <String>]: Publisher.
[UserStateSummary <IMicrosoftGraphUserInstallStateSummary[]>]: The list of installation states for this eBook.
[Id <String>]: The unique identifier for an entity.
Read-only.
[DeviceStates <IMicrosoftGraphDeviceInstallState[]>]: The install state of the eBook.
[FailedDeviceCount <Int32?>]: Failed Device Count.
[InstalledDeviceCount <Int32?>]: Installed Device Count.
[NotInstalledDeviceCount <Int32?>]: Not installed device count.
[UserName <String>]: User name.
[MdmWindowsInformationProtectionPolicies <IMicrosoftGraphMdmWindowsInformationProtectionPolicy[]>]: Windows information protection for apps running on devices which are MDM enrolled.
[Assignments <IMicrosoftGraphTargetedManagedAppPolicyAssignment[]>]: Navigation property to list of security groups targeted for policy.
[AzureRightsManagementServicesAllowed <Boolean?>]: Specifies whether to allow Azure RMS encryption for WIP
[DataRecoveryCertificate <IMicrosoftGraphWindowsInformationProtectionDataRecoveryCertificate>]: Windows Information Protection DataRecoveryCertificate
[(Any) <Object>]: This indicates any property can be added to this object.
[Certificate <Byte[]>]: Data recovery Certificate
[Description <String>]: Data recovery Certificate description
[ExpirationDateTime <DateTime?>]: Data recovery Certificate expiration datetime
[SubjectName <String>]: Data recovery Certificate subject name
[EnforcementLevel <WindowsInformationProtectionEnforcementLevel?>]: Possible values for WIP Protection enforcement levels
[EnterpriseDomain <String>]: Primary enterprise domain
[EnterpriseIPRanges <IMicrosoftGraphWindowsInformationProtectionIPRangeCollection[]>]: Sets the enterprise IP ranges that define the computers in the enterprise network.
Data that comes from those computers will be considered part of the enterprise and protected.
These locations will be considered a safe destination for enterprise data to be shared to
[DisplayName <String>]: Display name
[Ranges <IMicrosoftGraphIPRange[]>]: Collection of ip ranges
[EnterpriseIPRangesAreAuthoritative <Boolean?>]: Boolean value that tells the client to accept the configured list and not to use heuristics to attempt to find other subnets.
Default is false
[EnterpriseInternalProxyServers <IMicrosoftGraphWindowsInformationProtectionResourceCollection[]>]: This is the comma-separated list of internal proxy servers.
For example, '157.54.14.28, 157.54.11.118, 10.202.14.167, 157.53.14.163, 157.69.210.59'.
These proxies have been configured by the admin to connect to specific resources on the Internet.
They are considered to be enterprise network locations.
The proxies are only leveraged in configuring the EnterpriseProxiedDomains policy to force traffic to the matched domains through these proxies
[DisplayName <String>]: Display name
[Resources <String[]>]: Collection of resources
[EnterpriseNetworkDomainNames <IMicrosoftGraphWindowsInformationProtectionResourceCollection[]>]: This is the list of domains that comprise the boundaries of the enterprise.
Data from one of these domains that is sent to a device will be considered enterprise data and protected These locations will be considered a safe destination for enterprise data to be shared to
[EnterpriseProtectedDomainNames <IMicrosoftGraphWindowsInformationProtectionResourceCollection[]>]: List of enterprise domains to be protected
[EnterpriseProxiedDomains <IMicrosoftGraphWindowsInformationProtectionProxiedDomainCollection[]>]: Contains a list of Enterprise resource domains hosted in the cloud that need to be protected.
Connections to these resources are considered enterprise data.
If a proxy is paired with a cloud resource, traffic to the cloud resource will be routed through the enterprise network via the denoted proxy server (on Port 80).
A proxy server used for this purpose must also be configured using the EnterpriseInternalProxyServers policy
[DisplayName <String>]: Display name
[ProxiedDomains <IMicrosoftGraphProxiedDomain[]>]: Collection of proxied domains
[IPAddressOrFqdn <String>]: The IP address or FQDN
[Proxy <String>]: Proxy IP or FQDN
[EnterpriseProxyServers <IMicrosoftGraphWindowsInformationProtectionResourceCollection[]>]: This is a list of proxy servers.
Any server not on this list is considered non-enterprise
[EnterpriseProxyServersAreAuthoritative <Boolean?>]: Boolean value that tells the client to accept the configured list of proxies and not try to detect other work proxies.
Default is false
[ExemptAppLockerFiles <IMicrosoftGraphWindowsInformationProtectionAppLockerFile[]>]: Another way to input exempt apps through xml files
[Id <String>]: The unique identifier for an entity.
Read-only.
[DisplayName <String>]: The friendly name
[File <Byte[]>]: File as a byte array
[FileHash <String>]: SHA256 hash of the file
[Version <String>]: Version of the entity.
[ExemptApps <IMicrosoftGraphWindowsInformationProtectionApp[]>]: Exempt applications can also access enterprise data, but the data handled by those applications are not protected.
This is because some critical enterprise applications may have compatibility problems with encrypted data.
[Denied <Boolean?>]: If true, app is denied protection or exemption.
[Description <String>]: The app's description.
[DisplayName <String>]: App display name.
[ProductName <String>]: The product name.
[PublisherName <String>]: The publisher name
[IconsVisible <Boolean?>]: Determines whether overlays are added to icons for WIP protected files in Explorer and enterprise only app tiles in the Start menu.
Starting in Windows 10, version 1703 this setting also configures the visibility of the WIP icon in the title bar of a WIP-protected app
[IndexingEncryptedStoresOrItemsBlocked <Boolean?>]: This switch is for the Windows Search Indexer, to allow or disallow indexing of items
[IsAssigned <Boolean?>]: Indicates if the policy is deployed to any inclusion groups or not.
[NeutralDomainResources <IMicrosoftGraphWindowsInformationProtectionResourceCollection[]>]: List of domain names that can used for work or personal resource
[ProtectedAppLockerFiles <IMicrosoftGraphWindowsInformationProtectionAppLockerFile[]>]: Another way to input protected apps through xml files
[ProtectedApps <IMicrosoftGraphWindowsInformationProtectionApp[]>]: Protected applications can access enterprise data and the data handled by those applications are protected with encryption
[ProtectionUnderLockConfigRequired <Boolean?>]: Specifies whether the protection under lock feature (also known as encrypt under pin) should be configured
[RevokeOnUnenrollDisabled <Boolean?>]: This policy controls whether to revoke the WIP keys when a device unenrolls from the management service.
If set to 1 (Don't revoke keys), the keys will not be revoked and the user will continue to have access to protected files after unenrollment.
If the keys are not revoked, there will be no revoked file cleanup subsequently.
[RightsManagementServicesTemplateId <String>]: TemplateID GUID to use for RMS encryption.
The RMS template allows the IT admin to configure the details about who has access to RMS-protected file and how long they have access
[SmbAutoEncryptedFileExtensions <IMicrosoftGraphWindowsInformationProtectionResourceCollection[]>]: Specifies a list of file extensions, so that files with these extensions are encrypted when copying from an SMB share within the corporate boundary
[CreatedDateTime <DateTime?>]: The date and time the policy was created.
[Description <String>]: The policy's description.
[DisplayName <String>]: Policy display name.
[LastModifiedDateTime <DateTime?>]: Last time the policy was modified.
[Version <String>]: Version of the entity.
[Id <String>]: The unique identifier for an entity.
Read-only.
[MicrosoftStoreForBusinessLanguage <String>]: The locale information used to sync applications from the Microsoft Store for Business.
Cultures that are specific to a country/region.
The names of these cultures follow RFC 4646 (Windows Vista and later).
The format is -<country/regioncode2>, where is a lowercase two-letter code derived from ISO 639-1 and <country/regioncode2> is an uppercase two-letter code derived from ISO 3166.
For example, en-US for English (United States) is a specific culture.
[MicrosoftStoreForBusinessLastCompletedApplicationSyncTime <DateTime?>]: The last time an application sync from the Microsoft Store for Business was completed.
[MicrosoftStoreForBusinessLastSuccessfulSyncDateTime <DateTime?>]: The last time the apps from the Microsoft Store for Business were synced successfully for the account.
[MobileAppCategories <IMicrosoftGraphMobileAppCategory[]>]: The mobile app categories.
[Id <String>]: The unique identifier for an entity.
Read-only.
[DisplayName <String>]: The name of the app category.
[MobileAppConfigurations <IMicrosoftGraphManagedDeviceMobileAppConfiguration[]>]: The Managed Device Mobile Application Configurations.
[Id <String>]: The unique identifier for an entity.
Read-only.
[Assignments <IMicrosoftGraphManagedDeviceMobileAppConfigurationAssignment[]>]: The list of group assignemenets for app configration.
[Id <String>]: The unique identifier for an entity.
Read-only.
[Target <IMicrosoftGraphDeviceAndAppManagementAssignmentTarget>]: Base type for assignment targets.
[CreatedDateTime <DateTime?>]: DateTime the object was created.
[Description <String>]: Admin provided description of the Device Configuration.
[DeviceStatusSummary <IMicrosoftGraphManagedDeviceMobileAppConfigurationDeviceSummary>]: Contains properties, inherited properties and actions for an MDM mobile app configuration device status summary.
[(Any) <Object>]: This indicates any property can be added to this object.
[Id <String>]: The unique identifier for an entity.
Read-only.
[ConfigurationVersion <Int32?>]: Version of the policy for that overview
[ErrorCount <Int32?>]: Number of error devices
[FailedCount <Int32?>]: Number of failed devices
[LastUpdateDateTime <DateTime?>]: Last update time
[NotApplicableCount <Int32?>]: Number of not applicable devices
[PendingCount <Int32?>]: Number of pending devices
[SuccessCount <Int32?>]: Number of succeeded devices
[DeviceStatuses <IMicrosoftGraphManagedDeviceMobileAppConfigurationDeviceStatus[]>]: List of ManagedDeviceMobileAppConfigurationDeviceStatus.
[Id <String>]: The unique identifier for an entity.
Read-only.
[ComplianceGracePeriodExpirationDateTime <DateTime?>]: The DateTime when device compliance grace period expires
[DeviceDisplayName <String>]: Device name of the DevicePolicyStatus.
[DeviceModel <String>]: The device model that is being reported
[LastReportedDateTime <DateTime?>]: Last modified date time of the policy report.
[Status <String>]: complianceStatus
[UserName <String>]: The User Name that is being reported
[UserPrincipalName <String>]: UserPrincipalName.
[DisplayName <String>]: Admin provided name of the device configuration.
[LastModifiedDateTime <DateTime?>]: DateTime the object was last modified.
[TargetedMobileApps <String[]>]: the associated app.
[UserStatusSummary <IMicrosoftGraphManagedDeviceMobileAppConfigurationUserSummary>]: Contains properties, inherited properties and actions for an MDM mobile app configuration user status summary.
[(Any) <Object>]: This indicates any property can be added to this object.
[Id <String>]: The unique identifier for an entity.
Read-only.
[ConfigurationVersion <Int32?>]: Version of the policy for that overview
[ErrorCount <Int32?>]: Number of error Users
[FailedCount <Int32?>]: Number of failed Users
[LastUpdateDateTime <DateTime?>]: Last update time
[NotApplicableCount <Int32?>]: Number of not applicable users
[PendingCount <Int32?>]: Number of pending Users
[SuccessCount <Int32?>]: Number of succeeded Users
[UserStatuses <IMicrosoftGraphManagedDeviceMobileAppConfigurationUserStatus[]>]: List of ManagedDeviceMobileAppConfigurationUserStatus.
[Id <String>]: The unique identifier for an entity.
Read-only.
[DevicesCount <Int32?>]: Devices count for that user.
[LastReportedDateTime <DateTime?>]: Last modified date time of the policy report.
[Status <String>]: complianceStatus
[UserDisplayName <String>]: User name of the DevicePolicyStatus.
[UserPrincipalName <String>]: UserPrincipalName.
[Version <Int32?>]: Version of the device configuration.
[MobileAppRelationships <IMicrosoftGraphMobileAppRelationship[]>]: The mobile app relationship represents the dependency or supersedence relationship between two Intune mobile LOB applications.
[Id <String>]: The unique identifier for an entity.
Read-only.
[TargetId <String>]: The unique app identifier of the target of the mobile app relationship entity.
For example: 2dbc75b9-e993-4e4d-a071-91ac5a218672.
Read-Only.
Returned by default.
Supports: $select.
Does not support $search, $filter, $orderBy.
[MobileApps <IMicrosoftGraphMobileApp[]>]: The mobile apps.
[Id <String>]: The unique identifier for an entity.
Read-only.
[Assignments <IMicrosoftGraphMobileAppAssignment[]>]: The list of group assignments for this mobile app.
[Id <String>]: The unique identifier for an entity.
Read-only.
[Intent <InstallIntent?>]: Possible values for the install intent chosen by the admin.
[Settings <IMicrosoftGraphMobileAppAssignmentSettings>]: Abstract class to contain properties used to assign a mobile app to a group.
[(Any) <Object>]: This indicates any property can be added to this object.
[Target <IMicrosoftGraphDeviceAndAppManagementAssignmentTarget>]: Base type for assignment targets.
[Categories <IMicrosoftGraphMobileAppCategory[]>]: The list of categories for this app.
[Description <String>]: The description of the app.
[Developer <String>]: The developer of the app.
[DisplayName <String>]: The admin provided or imported title of the app.
[InformationUrl <String>]: The more information Url.
[IsFeatured <Boolean?>]: The value indicating whether the app is marked as featured by the admin.
[LargeIcon <IMicrosoftGraphMimeContent>]: Contains properties for a generic mime content.
[Notes <String>]: Notes for the app.
[Owner <String>]: The owner of the app.
[PrivacyInformationUrl <String>]: The privacy statement Url.
[Publisher <String>]: The publisher of the app.
[PublishingState <MobileAppPublishingState?>]: Indicates the publishing state of an app.
[TargetedManagedAppConfigurations <IMicrosoftGraphTargetedManagedAppConfiguration[]>]: Targeted managed app configurations.
[CustomSettings <IMicrosoftGraphKeyValuePair[]>]: A set of string key and string value pairs to be sent to apps for users to whom the configuration is scoped, unalterned by this service
[CreatedDateTime <DateTime?>]: The date and time the policy was created.
[Description <String>]: The policy's description.
[DisplayName <String>]: Policy display name.
[LastModifiedDateTime <DateTime?>]: Last time the policy was modified.
[Version <String>]: Version of the entity.
[Id <String>]: The unique identifier for an entity.
Read-only.
[Apps <IMicrosoftGraphManagedMobileApp[]>]: List of apps to which the policy is deployed.
[Assignments <IMicrosoftGraphTargetedManagedAppPolicyAssignment[]>]: Navigation property to list of inclusion and exclusion groups to which the policy is deployed.
[DeployedAppCount <Int32?>]: Count of apps to which the current policy is deployed.
[DeploymentSummary <IMicrosoftGraphManagedAppPolicyDeploymentSummary>]: The ManagedAppEntity is the base entity type for all other entity types under app management workflow.
[IsAssigned <Boolean?>]: Indicates if the policy is deployed to any inclusion groups or not.
[VppTokens <IMicrosoftGraphVppToken[]>]: List of Vpp tokens for this organization.
[Id <String>]: The unique identifier for an entity.
Read-only.
[AppleId <String>]: The apple Id associated with the given Apple Volume Purchase Program Token.
[AutomaticallyUpdateApps <Boolean?>]: Whether or not apps for the VPP token will be automatically updated.
[CountryOrRegion <String>]: Whether or not apps for the VPP token will be automatically updated.
[ExpirationDateTime <DateTime?>]: The expiration date time of the Apple Volume Purchase Program Token.
[LastModifiedDateTime <DateTime?>]: Last modification date time associated with the Apple Volume Purchase Program Token.
[LastSyncDateTime <DateTime?>]: The last time when an application sync was done with the Apple volume purchase program service using the the Apple Volume Purchase Program Token.
[LastSyncStatus <VppTokenSyncStatus?>]: Possible sync statuses associated with an Apple Volume Purchase Program token.
[OrganizationName <String>]: The organization associated with the Apple Volume Purchase Program Token
[State <VppTokenState?>]: Possible states associated with an Apple Volume Purchase Program token.
[Token <String>]: The Apple Volume Purchase Program Token string downloaded from the Apple Volume Purchase Program.
[VppTokenAccountType <VppTokenAccountType?>]: Possible types of an Apple Volume Purchase Program token.
[WindowsInformationProtectionPolicies <IMicrosoftGraphWindowsInformationProtectionPolicy[]>]: Windows information protection for apps running on devices which are not MDM enrolled.
[Assignments <IMicrosoftGraphTargetedManagedAppPolicyAssignment[]>]: Navigation property to list of security groups targeted for policy.
[AzureRightsManagementServicesAllowed <Boolean?>]: Specifies whether to allow Azure RMS encryption for WIP
[DataRecoveryCertificate <IMicrosoftGraphWindowsInformationProtectionDataRecoveryCertificate>]: Windows Information Protection DataRecoveryCertificate
[EnforcementLevel <WindowsInformationProtectionEnforcementLevel?>]: Possible values for WIP Protection enforcement levels
[EnterpriseDomain <String>]: Primary enterprise domain
[EnterpriseIPRanges <IMicrosoftGraphWindowsInformationProtectionIPRangeCollection[]>]: Sets the enterprise IP ranges that define the computers in the enterprise network.
Data that comes from those computers will be considered part of the enterprise and protected.
These locations will be considered a safe destination for enterprise data to be shared to
[EnterpriseIPRangesAreAuthoritative <Boolean?>]: Boolean value that tells the client to accept the configured list and not to use heuristics to attempt to find other subnets.
Default is false
[EnterpriseInternalProxyServers <IMicrosoftGraphWindowsInformationProtectionResourceCollection[]>]: This is the comma-separated list of internal proxy servers.
For example, '157.54.14.28, 157.54.11.118, 10.202.14.167, 157.53.14.163, 157.69.210.59'.
These proxies have been configured by the admin to connect to specific resources on the Internet.
They are considered to be enterprise network locations.
The proxies are only leveraged in configuring the EnterpriseProxiedDomains policy to force traffic to the matched domains through these proxies
[EnterpriseNetworkDomainNames <IMicrosoftGraphWindowsInformationProtectionResourceCollection[]>]: This is the list of domains that comprise the boundaries of the enterprise.
Data from one of these domains that is sent to a device will be considered enterprise data and protected These locations will be considered a safe destination for enterprise data to be shared to
[EnterpriseProtectedDomainNames <IMicrosoftGraphWindowsInformationProtectionResourceCollection[]>]: List of enterprise domains to be protected
[EnterpriseProxiedDomains <IMicrosoftGraphWindowsInformationProtectionProxiedDomainCollection[]>]: Contains a list of Enterprise resource domains hosted in the cloud that need to be protected.
Connections to these resources are considered enterprise data.
If a proxy is paired with a cloud resource, traffic to the cloud resource will be routed through the enterprise network via the denoted proxy server (on Port 80).
A proxy server used for this purpose must also be configured using the EnterpriseInternalProxyServers policy
[EnterpriseProxyServers <IMicrosoftGraphWindowsInformationProtectionResourceCollection[]>]: This is a list of proxy servers.
Any server not on this list is considered non-enterprise
[EnterpriseProxyServersAreAuthoritative <Boolean?>]: Boolean value that tells the client to accept the configured list of proxies and not try to detect other work proxies.
Default is false
[ExemptAppLockerFiles <IMicrosoftGraphWindowsInformationProtectionAppLockerFile[]>]: Another way to input exempt apps through xml files
[ExemptApps <IMicrosoftGraphWindowsInformationProtectionApp[]>]: Exempt applications can also access enterprise data, but the data handled by those applications are not protected.
This is because some critical enterprise applications may have compatibility problems with encrypted data.
[IconsVisible <Boolean?>]: Determines whether overlays are added to icons for WIP protected files in Explorer and enterprise only app tiles in the Start menu.
Starting in Windows 10, version 1703 this setting also configures the visibility of the WIP icon in the title bar of a WIP-protected app
[IndexingEncryptedStoresOrItemsBlocked <Boolean?>]: This switch is for the Windows Search Indexer, to allow or disallow indexing of items
[IsAssigned <Boolean?>]: Indicates if the policy is deployed to any inclusion groups or not.
[NeutralDomainResources <IMicrosoftGraphWindowsInformationProtectionResourceCollection[]>]: List of domain names that can used for work or personal resource
[ProtectedAppLockerFiles <IMicrosoftGraphWindowsInformationProtectionAppLockerFile[]>]: Another way to input protected apps through xml files
[ProtectedApps <IMicrosoftGraphWindowsInformationProtectionApp[]>]: Protected applications can access enterprise data and the data handled by those applications are protected with encryption
[ProtectionUnderLockConfigRequired <Boolean?>]: Specifies whether the protection under lock feature (also known as encrypt under pin) should be configured
[RevokeOnUnenrollDisabled <Boolean?>]: This policy controls whether to revoke the WIP keys when a device unenrolls from the management service.
If set to 1 (Don't revoke keys), the keys will not be revoked and the user will continue to have access to protected files after unenrollment.
If the keys are not revoked, there will be no revoked file cleanup subsequently.
[RightsManagementServicesTemplateId <String>]: TemplateID GUID to use for RMS encryption.
The RMS template allows the IT admin to configure the details about who has access to RMS-protected file and how long they have access
[SmbAutoEncryptedFileExtensions <IMicrosoftGraphWindowsInformationProtectionResourceCollection[]>]: Specifies a list of file extensions, so that files with these extensions are encrypted when copying from an SMB share within the corporate boundary
[CreatedDateTime <DateTime?>]: The date and time the policy was created.
[Description <String>]: The policy's description.
[DisplayName <String>]: Policy display name.
[LastModifiedDateTime <DateTime?>]: Last time the policy was modified.
[Version <String>]: Version of the entity.
[Id <String>]: The unique identifier for an entity.
Read-only.
[DaysWithoutContactBeforeUnenroll <Int32?>]: Offline interval before app data is wiped (days) .
Valid values 0 to 999
[MdmEnrollmentUrl <String>]: Enrollment url for the MDM
[MinutesOfInactivityBeforeDeviceLock <Int32?>]: Specifies the maximum amount of time (in minutes) allowed after the device is idle that will cause the device to become PIN or password locked.
Range is an integer X where 0 <= X <= 999.
Valid values 0 to 999
[NumberOfPastPinsRemembered <Int32?>]: Integer value that specifies the number of past PINs that can be associated to a user account that can't be reused.
The largest number you can configure for this policy setting is 50.
The lowest number you can configure for this policy setting is 0.
If this policy is set to 0, then storage of previous PINs is not required.
This node was added in Windows 10, version 1511.
Default is 0.
Valid values 0 to 50
[PasswordMaximumAttemptCount <Int32?>]: The number of authentication failures allowed before the device will be wiped.
A value of 0 disables device wipe functionality.
Range is an integer X where 4 <= X <= 16 for desktop and 0 <= X <= 999 for mobile devices.
Valid values 0 to 999
[PinExpirationDays <Int32?>]: Integer value specifies the period of time (in days) that a PIN can be used before the system requires the user to change it.
The largest number you can configure for this policy setting is 730.
The lowest number you can configure for this policy setting is 0.
If this policy is set to 0, then the user's PIN will never expire.
This node was added in Windows 10, version 1511.
Default is 0.
Valid values 0 to 730
[PinLowercaseLetters <WindowsInformationProtectionPinCharacterRequirements?>]: Pin Character Requirements
[PinMinimumLength <Int32?>]: Integer value that sets the minimum number of characters required for the PIN.
Default value is 4.
The lowest number you can configure for this policy setting is 4.
The largest number you can configure must be less than the number configured in the Maximum PIN length policy setting or the number 127, whichever is the lowest.
Valid values 0 to 127
[PinSpecialCharacters <WindowsInformationProtectionPinCharacterRequirements?>]: Pin Character Requirements
[PinUppercaseLetters <WindowsInformationProtectionPinCharacterRequirements?>]: Pin Character Requirements
[RevokeOnMdmHandoffDisabled <Boolean?>]: New property in RS2, pending documentation
[WindowsHelloForBusinessBlocked <Boolean?>]: Boolean value that sets Windows Hello for Business as a method for signing into Windows.
DEFAULTMANAGEDAPPPROTECTIONS <IMicrosoftGraphDefaultManagedAppProtection[]>: Default managed app policies. [AllowedDataStorageLocations <ManagedAppDataStorageLocation[]>]: Data storage locations where a user may store managed data. [AllowedInboundDataTransferSources <ManagedAppDataTransferLevel?>]: Data can be transferred from/to these classes of apps [AllowedOutboundClipboardSharingLevel <ManagedAppClipboardSharingLevel?>]: Represents the level to which the device's clipboard may be shared between apps [AllowedOutboundDataTransferDestinations <ManagedAppDataTransferLevel?>]: Data can be transferred from/to these classes of apps [ContactSyncBlocked <Boolean?>]: Indicates whether contacts can be synced to the user's device. [DataBackupBlocked <Boolean?>]: Indicates whether the backup of a managed app's data is blocked. [DeviceComplianceRequired <Boolean?>]: Indicates whether device compliance is required. [DisableAppPinIfDevicePinIsSet <Boolean?>]: Indicates whether use of the app pin is required if the device pin is set. [FingerprintBlocked <Boolean?>]: Indicates whether use of the fingerprint reader is allowed in place of a pin if PinRequired is set to True. [ManagedBrowser <ManagedBrowserType?>]: Type of managed browser [ManagedBrowserToOpenLinksRequired <Boolean?>]: Indicates whether internet links should be opened in the managed browser app, or any custom browser specified by CustomBrowserProtocol (for iOS) or CustomBrowserPackageId/CustomBrowserDisplayName (for Android) [MaximumPinRetries <Int32?>]: Maximum number of incorrect pin retry attempts before the managed app is either blocked or wiped. Valid values 1 to 65535 [MinimumPinLength <Int32?>]: Minimum pin length required for an app-level pin if PinRequired is set to True [MinimumRequiredAppVersion <String>]: Versions less than the specified version will block the managed app from accessing company data. [MinimumRequiredOSVersion <String>]: Versions less than the specified version will block the managed app from accessing company data. [MinimumWarningAppVersion <String>]: Versions less than the specified version will result in warning message on the managed app. [MinimumWarningOSVersion <String>]: Versions less than the specified version will result in warning message on the managed app from accessing company data. [OrganizationalCredentialsRequired <Boolean?>]: Indicates whether organizational credentials are required for app use. [PeriodBeforePinReset <TimeSpan?>]: TimePeriod before the all-level pin must be reset if PinRequired is set to True. [PeriodOfflineBeforeAccessCheck <TimeSpan?>]: The period after which access is checked when the device is not connected to the internet. [PeriodOfflineBeforeWipeIsEnforced <TimeSpan?>]: The amount of time an app is allowed to remain disconnected from the internet before all managed data it is wiped. [PeriodOnlineBeforeAccessCheck <TimeSpan?>]: The period after which access is checked when the device is connected to the internet. [PinCharacterSet <ManagedAppPinCharacterSet?>]: Character set which is to be used for a user's app PIN [PinRequired <Boolean?>]: Indicates whether an app-level pin is required. [PrintBlocked <Boolean?>]: Indicates whether printing is allowed from managed apps. [SaveAsBlocked <Boolean?>]: Indicates whether users may use the 'Save As' menu item to save a copy of protected files. [SimplePinBlocked <Boolean?>]: Indicates whether simplePin is blocked. [CreatedDateTime <DateTime?>]: The date and time the policy was created. [Description <String>]: The policy's description. [DisplayName <String>]: Policy display name. [LastModifiedDateTime <DateTime?>]: Last time the policy was modified. [Version <String>]: Version of the entity. [Id <String>]: The unique identifier for an entity. Read-only. [AppDataEncryptionType <ManagedAppDataEncryptionType?>]: Represents the level to which app data is encrypted for managed apps [Apps <IMicrosoftGraphManagedMobileApp[]>]: List of apps to which the policy is deployed. [Id <String>]: The unique identifier for an entity. Read-only. [MobileAppIdentifier <IMicrosoftGraphMobileAppIdentifier>]: The identifier for a mobile app. [(Any) <Object>]: This indicates any property can be added to this object. [Version <String>]: Version of the entity. [CustomSettings <IMicrosoftGraphKeyValuePair[]>]: A set of string key and string value pairs to be sent to the affected users, unalterned by this service [Name <String>]: Name for this key-value pair [Value <String>]: Value for this key-value pair [DeployedAppCount <Int32?>]: Count of apps to which the current policy is deployed. [DeploymentSummary <IMicrosoftGraphManagedAppPolicyDeploymentSummary>]: The ManagedAppEntity is the base entity type for all other entity types under app management workflow. [(Any) <Object>]: This indicates any property can be added to this object. [Id <String>]: The unique identifier for an entity. Read-only. [ConfigurationDeployedUserCount <Int32?>]: [ConfigurationDeploymentSummaryPerApp <IMicrosoftGraphManagedAppPolicyDeploymentSummaryPerApp[]>]: [ConfigurationAppliedUserCount <Int32?>]: Number of users the policy is applied. [MobileAppIdentifier <IMicrosoftGraphMobileAppIdentifier>]: The identifier for a mobile app. [DisplayName <String>]: [LastRefreshTime <DateTime?>]: [Version <String>]: Version of the entity. [DisableAppEncryptionIfDeviceEncryptionIsEnabled <Boolean?>]: When this setting is enabled, app level encryption is disabled if device level encryption is enabled. (Android only) [EncryptAppData <Boolean?>]: Indicates whether managed-app data should be encrypted. (Android only) [FaceIdBlocked <Boolean?>]: Indicates whether use of the FaceID is allowed in place of a pin if PinRequired is set to True. (iOS Only) [MinimumRequiredPatchVersion <String>]: Define the oldest required Android security patch level a user can have to gain secure access to the app. (Android only) [MinimumRequiredSdkVersion <String>]: Versions less than the specified version will block the managed app from accessing company data. (iOS Only) [MinimumWarningPatchVersion <String>]: Define the oldest recommended Android security patch level a user can have for secure access to the app. (Android only) [ScreenCaptureBlocked <Boolean?>]: Indicates whether screen capture is blocked. (Android only)
IOSMANAGEDAPPPROTECTIONS <IMicrosoftGraphIosManagedAppProtection[]>: iOS managed app policies. [Assignments <IMicrosoftGraphTargetedManagedAppPolicyAssignment[]>]: Navigation property to list of inclusion and exclusion groups to which the policy is deployed. [Id <String>]: The unique identifier for an entity. Read-only. [Target <IMicrosoftGraphDeviceAndAppManagementAssignmentTarget>]: Base type for assignment targets. [(Any) <Object>]: This indicates any property can be added to this object. [IsAssigned <Boolean?>]: Indicates if the policy is deployed to any inclusion groups or not. [AllowedDataStorageLocations <ManagedAppDataStorageLocation[]>]: Data storage locations where a user may store managed data. [AllowedInboundDataTransferSources <ManagedAppDataTransferLevel?>]: Data can be transferred from/to these classes of apps [AllowedOutboundClipboardSharingLevel <ManagedAppClipboardSharingLevel?>]: Represents the level to which the device's clipboard may be shared between apps [AllowedOutboundDataTransferDestinations <ManagedAppDataTransferLevel?>]: Data can be transferred from/to these classes of apps [ContactSyncBlocked <Boolean?>]: Indicates whether contacts can be synced to the user's device. [DataBackupBlocked <Boolean?>]: Indicates whether the backup of a managed app's data is blocked. [DeviceComplianceRequired <Boolean?>]: Indicates whether device compliance is required. [DisableAppPinIfDevicePinIsSet <Boolean?>]: Indicates whether use of the app pin is required if the device pin is set. [FingerprintBlocked <Boolean?>]: Indicates whether use of the fingerprint reader is allowed in place of a pin if PinRequired is set to True. [ManagedBrowser <ManagedBrowserType?>]: Type of managed browser [ManagedBrowserToOpenLinksRequired <Boolean?>]: Indicates whether internet links should be opened in the managed browser app, or any custom browser specified by CustomBrowserProtocol (for iOS) or CustomBrowserPackageId/CustomBrowserDisplayName (for Android) [MaximumPinRetries <Int32?>]: Maximum number of incorrect pin retry attempts before the managed app is either blocked or wiped. Valid values 1 to 65535 [MinimumPinLength <Int32?>]: Minimum pin length required for an app-level pin if PinRequired is set to True [MinimumRequiredAppVersion <String>]: Versions less than the specified version will block the managed app from accessing company data. [MinimumRequiredOSVersion <String>]: Versions less than the specified version will block the managed app from accessing company data. [MinimumWarningAppVersion <String>]: Versions less than the specified version will result in warning message on the managed app. [MinimumWarningOSVersion <String>]: Versions less than the specified version will result in warning message on the managed app from accessing company data. [OrganizationalCredentialsRequired <Boolean?>]: Indicates whether organizational credentials are required for app use. [PeriodBeforePinReset <TimeSpan?>]: TimePeriod before the all-level pin must be reset if PinRequired is set to True. [PeriodOfflineBeforeAccessCheck <TimeSpan?>]: The period after which access is checked when the device is not connected to the internet. [PeriodOfflineBeforeWipeIsEnforced <TimeSpan?>]: The amount of time an app is allowed to remain disconnected from the internet before all managed data it is wiped. [PeriodOnlineBeforeAccessCheck <TimeSpan?>]: The period after which access is checked when the device is connected to the internet. [PinCharacterSet <ManagedAppPinCharacterSet?>]: Character set which is to be used for a user's app PIN [PinRequired <Boolean?>]: Indicates whether an app-level pin is required. [PrintBlocked <Boolean?>]: Indicates whether printing is allowed from managed apps. [SaveAsBlocked <Boolean?>]: Indicates whether users may use the 'Save As' menu item to save a copy of protected files. [SimplePinBlocked <Boolean?>]: Indicates whether simplePin is blocked. [CreatedDateTime <DateTime?>]: The date and time the policy was created. [Description <String>]: The policy's description. [DisplayName <String>]: Policy display name. [LastModifiedDateTime <DateTime?>]: Last time the policy was modified. [Version <String>]: Version of the entity. [Id <String>]: The unique identifier for an entity. Read-only. [AppDataEncryptionType <ManagedAppDataEncryptionType?>]: Represents the level to which app data is encrypted for managed apps [Apps <IMicrosoftGraphManagedMobileApp[]>]: List of apps to which the policy is deployed. [Id <String>]: The unique identifier for an entity. Read-only. [MobileAppIdentifier <IMicrosoftGraphMobileAppIdentifier>]: The identifier for a mobile app. [(Any) <Object>]: This indicates any property can be added to this object. [Version <String>]: Version of the entity. [CustomBrowserProtocol <String>]: A custom browser protocol to open weblink on iOS. When this property is configured, ManagedBrowserToOpenLinksRequired should be true. [DeployedAppCount <Int32?>]: Count of apps to which the current policy is deployed. [DeploymentSummary <IMicrosoftGraphManagedAppPolicyDeploymentSummary>]: The ManagedAppEntity is the base entity type for all other entity types under app management workflow. [(Any) <Object>]: This indicates any property can be added to this object. [Id <String>]: The unique identifier for an entity. Read-only. [ConfigurationDeployedUserCount <Int32?>]: [ConfigurationDeploymentSummaryPerApp <IMicrosoftGraphManagedAppPolicyDeploymentSummaryPerApp[]>]: [ConfigurationAppliedUserCount <Int32?>]: Number of users the policy is applied. [MobileAppIdentifier <IMicrosoftGraphMobileAppIdentifier>]: The identifier for a mobile app. [DisplayName <String>]: [LastRefreshTime <DateTime?>]: [Version <String>]: Version of the entity. [FaceIdBlocked <Boolean?>]: Indicates whether use of the FaceID is allowed in place of a pin if PinRequired is set to True. [MinimumRequiredSdkVersion <String>]: Versions less than the specified version will block the managed app from accessing company data.
MANAGEDAPPPOLICIES <IMicrosoftGraphManagedAppPolicy[]>: Managed app policies. [Id <String>]: The unique identifier for an entity. Read-only. [CreatedDateTime <DateTime?>]: The date and time the policy was created. [Description <String>]: The policy's description. [DisplayName <String>]: Policy display name. [LastModifiedDateTime <DateTime?>]: Last time the policy was modified. [Version <String>]: Version of the entity.
MANAGEDAPPREGISTRATIONS <IMicrosoftGraphManagedAppRegistration[]>: The managed app registrations. [Id <String>]: The unique identifier for an entity. Read-only. [AppIdentifier <IMicrosoftGraphMobileAppIdentifier>]: The identifier for a mobile app. [(Any) <Object>]: This indicates any property can be added to this object. [ApplicationVersion <String>]: App version [AppliedPolicies <IMicrosoftGraphManagedAppPolicy[]>]: Zero or more policys already applied on the registered app when it last synchronized with managment service. [Id <String>]: The unique identifier for an entity. Read-only. [CreatedDateTime <DateTime?>]: The date and time the policy was created. [Description <String>]: The policy's description. [DisplayName <String>]: Policy display name. [LastModifiedDateTime <DateTime?>]: Last time the policy was modified. [Version <String>]: Version of the entity. [CreatedDateTime <DateTime?>]: Date and time of creation [DeviceName <String>]: Host device name [DeviceTag <String>]: App management SDK generated tag, which helps relate apps hosted on the same device. Not guaranteed to relate apps in all conditions. [DeviceType <String>]: Host device type [FlaggedReasons <ManagedAppFlaggedReason[]>]: Zero or more reasons an app registration is flagged. E.g. app running on rooted device [IntendedPolicies <IMicrosoftGraphManagedAppPolicy[]>]: Zero or more policies admin intended for the app as of now. [LastSyncDateTime <DateTime?>]: Date and time of last the app synced with management service. [ManagementSdkVersion <String>]: App management SDK version [Operations <IMicrosoftGraphManagedAppOperation[]>]: Zero or more long running operations triggered on the app registration. [Id <String>]: The unique identifier for an entity. Read-only. [DisplayName <String>]: The operation name. [LastModifiedDateTime <DateTime?>]: The last time the app operation was modified. [State <String>]: The current state of the operation [Version <String>]: Version of the entity. [PlatformVersion <String>]: Operating System version [UserId <String>]: The user Id to who this app registration belongs. [Version <String>]: Version of the entity.
MANAGEDAPPSTATUSES <IMicrosoftGraphManagedAppStatus[]>: The managed app statuses. [Id <String>]: The unique identifier for an entity. Read-only. [DisplayName <String>]: Friendly name of the status report. [Version <String>]: Version of the entity.
MANAGEDEBOOKS <IMicrosoftGraphManagedEBook[]>: The Managed eBook. [Id <String>]: The unique identifier for an entity. Read-only. [Assignments <IMicrosoftGraphManagedEBookAssignment[]>]: The list of assignments for this eBook. [Id <String>]: The unique identifier for an entity. Read-only. [InstallIntent <InstallIntent?>]: Possible values for the install intent chosen by the admin. [Target <IMicrosoftGraphDeviceAndAppManagementAssignmentTarget>]: Base type for assignment targets. [(Any) <Object>]: This indicates any property can be added to this object. [CreatedDateTime <DateTime?>]: The date and time when the eBook file was created. [Description <String>]: Description. [DeviceStates <IMicrosoftGraphDeviceInstallState[]>]: The list of installation states for this eBook. [Id <String>]: The unique identifier for an entity. Read-only. [DeviceId <String>]: Device Id. [DeviceName <String>]: Device name. [ErrorCode <String>]: The error code for install failures. [InstallState <InstallState?>]: Possible values for install state. [LastSyncDateTime <DateTime?>]: Last sync date and time. [OSDescription <String>]: OS Description. [OSVersion <String>]: OS Version. [UserName <String>]: Device User Name. [DisplayName <String>]: Name of the eBook. [InformationUrl <String>]: The more information Url. [InstallSummary <IMicrosoftGraphEBookInstallSummary>]: Contains properties for the installation summary of a book for a device. [(Any) <Object>]: This indicates any property can be added to this object. [Id <String>]: The unique identifier for an entity. Read-only. [FailedDeviceCount <Int32?>]: Number of Devices that have failed to install this book. [FailedUserCount <Int32?>]: Number of Users that have 1 or more device that failed to install this book. [InstalledDeviceCount <Int32?>]: Number of Devices that have successfully installed this book. [InstalledUserCount <Int32?>]: Number of Users whose devices have all succeeded to install this book. [NotInstalledDeviceCount <Int32?>]: Number of Devices that does not have this book installed. [NotInstalledUserCount <Int32?>]: Number of Users that did not install this book. [LargeCover <IMicrosoftGraphMimeContent>]: Contains properties for a generic mime content. [(Any) <Object>]: This indicates any property can be added to this object. [Type <String>]: Indicates the content mime type. [Value <Byte[]>]: The byte array that contains the actual content. [LastModifiedDateTime <DateTime?>]: The date and time when the eBook was last modified. [PrivacyInformationUrl <String>]: The privacy statement Url. [PublishedDateTime <DateTime?>]: The date and time when the eBook was published. [Publisher <String>]: Publisher. [UserStateSummary <IMicrosoftGraphUserInstallStateSummary[]>]: The list of installation states for this eBook. [Id <String>]: The unique identifier for an entity. Read-only. [DeviceStates <IMicrosoftGraphDeviceInstallState[]>]: The install state of the eBook. [FailedDeviceCount <Int32?>]: Failed Device Count. [InstalledDeviceCount <Int32?>]: Installed Device Count. [NotInstalledDeviceCount <Int32?>]: Not installed device count. [UserName <String>]: User name.
MDMWINDOWSINFORMATIONPROTECTIONPOLICIES <IMicrosoftGraphMdmWindowsInformationProtectionPolicy[]>: Windows information protection for apps running on devices which are MDM enrolled. [Assignments <IMicrosoftGraphTargetedManagedAppPolicyAssignment[]>]: Navigation property to list of security groups targeted for policy. [Id <String>]: The unique identifier for an entity. Read-only. [Target <IMicrosoftGraphDeviceAndAppManagementAssignmentTarget>]: Base type for assignment targets. [(Any) <Object>]: This indicates any property can be added to this object. [AzureRightsManagementServicesAllowed <Boolean?>]: Specifies whether to allow Azure RMS encryption for WIP [DataRecoveryCertificate <IMicrosoftGraphWindowsInformationProtectionDataRecoveryCertificate>]: Windows Information Protection DataRecoveryCertificate [(Any) <Object>]: This indicates any property can be added to this object. [Certificate <Byte[]>]: Data recovery Certificate [Description <String>]: Data recovery Certificate description [ExpirationDateTime <DateTime?>]: Data recovery Certificate expiration datetime [SubjectName <String>]: Data recovery Certificate subject name [EnforcementLevel <WindowsInformationProtectionEnforcementLevel?>]: Possible values for WIP Protection enforcement levels [EnterpriseDomain <String>]: Primary enterprise domain [EnterpriseIPRanges <IMicrosoftGraphWindowsInformationProtectionIPRangeCollection[]>]: Sets the enterprise IP ranges that define the computers in the enterprise network. Data that comes from those computers will be considered part of the enterprise and protected. These locations will be considered a safe destination for enterprise data to be shared to [DisplayName <String>]: Display name [Ranges <IMicrosoftGraphIPRange[]>]: Collection of ip ranges [EnterpriseIPRangesAreAuthoritative <Boolean?>]: Boolean value that tells the client to accept the configured list and not to use heuristics to attempt to find other subnets. Default is false [EnterpriseInternalProxyServers <IMicrosoftGraphWindowsInformationProtectionResourceCollection[]>]: This is the comma-separated list of internal proxy servers. For example, '157.54.14.28, 157.54.11.118, 10.202.14.167, 157.53.14.163, 157.69.210.59'. These proxies have been configured by the admin to connect to specific resources on the Internet. They are considered to be enterprise network locations. The proxies are only leveraged in configuring the EnterpriseProxiedDomains policy to force traffic to the matched domains through these proxies [DisplayName <String>]: Display name [Resources <String[]>]: Collection of resources [EnterpriseNetworkDomainNames <IMicrosoftGraphWindowsInformationProtectionResourceCollection[]>]: This is the list of domains that comprise the boundaries of the enterprise. Data from one of these domains that is sent to a device will be considered enterprise data and protected These locations will be considered a safe destination for enterprise data to be shared to [EnterpriseProtectedDomainNames <IMicrosoftGraphWindowsInformationProtectionResourceCollection[]>]: List of enterprise domains to be protected [EnterpriseProxiedDomains <IMicrosoftGraphWindowsInformationProtectionProxiedDomainCollection[]>]: Contains a list of Enterprise resource domains hosted in the cloud that need to be protected. Connections to these resources are considered enterprise data. If a proxy is paired with a cloud resource, traffic to the cloud resource will be routed through the enterprise network via the denoted proxy server (on Port 80). A proxy server used for this purpose must also be configured using the EnterpriseInternalProxyServers policy [DisplayName <String>]: Display name [ProxiedDomains <IMicrosoftGraphProxiedDomain[]>]: Collection of proxied domains [IPAddressOrFqdn <String>]: The IP address or FQDN [Proxy <String>]: Proxy IP or FQDN [EnterpriseProxyServers <IMicrosoftGraphWindowsInformationProtectionResourceCollection[]>]: This is a list of proxy servers. Any server not on this list is considered non-enterprise [EnterpriseProxyServersAreAuthoritative <Boolean?>]: Boolean value that tells the client to accept the configured list of proxies and not try to detect other work proxies. Default is false [ExemptAppLockerFiles <IMicrosoftGraphWindowsInformationProtectionAppLockerFile[]>]: Another way to input exempt apps through xml files [Id <String>]: The unique identifier for an entity. Read-only. [DisplayName <String>]: The friendly name [File <Byte[]>]: File as a byte array [FileHash <String>]: SHA256 hash of the file [Version <String>]: Version of the entity. [ExemptApps <IMicrosoftGraphWindowsInformationProtectionApp[]>]: Exempt applications can also access enterprise data, but the data handled by those applications are not protected. This is because some critical enterprise applications may have compatibility problems with encrypted data. [Denied <Boolean?>]: If true, app is denied protection or exemption. [Description <String>]: The app's description. [DisplayName <String>]: App display name. [ProductName <String>]: The product name. [PublisherName <String>]: The publisher name [IconsVisible <Boolean?>]: Determines whether overlays are added to icons for WIP protected files in Explorer and enterprise only app tiles in the Start menu. Starting in Windows 10, version 1703 this setting also configures the visibility of the WIP icon in the title bar of a WIP-protected app [IndexingEncryptedStoresOrItemsBlocked <Boolean?>]: This switch is for the Windows Search Indexer, to allow or disallow indexing of items [IsAssigned <Boolean?>]: Indicates if the policy is deployed to any inclusion groups or not. [NeutralDomainResources <IMicrosoftGraphWindowsInformationProtectionResourceCollection[]>]: List of domain names that can used for work or personal resource [ProtectedAppLockerFiles <IMicrosoftGraphWindowsInformationProtectionAppLockerFile[]>]: Another way to input protected apps through xml files [ProtectedApps <IMicrosoftGraphWindowsInformationProtectionApp[]>]: Protected applications can access enterprise data and the data handled by those applications are protected with encryption [ProtectionUnderLockConfigRequired <Boolean?>]: Specifies whether the protection under lock feature (also known as encrypt under pin) should be configured [RevokeOnUnenrollDisabled <Boolean?>]: This policy controls whether to revoke the WIP keys when a device unenrolls from the management service. If set to 1 (Don't revoke keys), the keys will not be revoked and the user will continue to have access to protected files after unenrollment. If the keys are not revoked, there will be no revoked file cleanup subsequently. [RightsManagementServicesTemplateId <String>]: TemplateID GUID to use for RMS encryption. The RMS template allows the IT admin to configure the details about who has access to RMS-protected file and how long they have access [SmbAutoEncryptedFileExtensions <IMicrosoftGraphWindowsInformationProtectionResourceCollection[]>]: Specifies a list of file extensions, so that files with these extensions are encrypted when copying from an SMB share within the corporate boundary [CreatedDateTime <DateTime?>]: The date and time the policy was created. [Description <String>]: The policy's description. [DisplayName <String>]: Policy display name. [LastModifiedDateTime <DateTime?>]: Last time the policy was modified. [Version <String>]: Version of the entity. [Id <String>]: The unique identifier for an entity. Read-only.
MOBILEAPPCATEGORIES <IMicrosoftGraphMobileAppCategory[]>: The mobile app categories. [Id <String>]: The unique identifier for an entity. Read-only. [DisplayName <String>]: The name of the app category.
MOBILEAPPCONFIGURATIONS <IMicrosoftGraphManagedDeviceMobileAppConfiguration[]>: The Managed Device Mobile Application Configurations. [Id <String>]: The unique identifier for an entity. Read-only. [Assignments <IMicrosoftGraphManagedDeviceMobileAppConfigurationAssignment[]>]: The list of group assignemenets for app configration. [Id <String>]: The unique identifier for an entity. Read-only. [Target <IMicrosoftGraphDeviceAndAppManagementAssignmentTarget>]: Base type for assignment targets. [(Any) <Object>]: This indicates any property can be added to this object. [CreatedDateTime <DateTime?>]: DateTime the object was created. [Description <String>]: Admin provided description of the Device Configuration. [DeviceStatusSummary <IMicrosoftGraphManagedDeviceMobileAppConfigurationDeviceSummary>]: Contains properties, inherited properties and actions for an MDM mobile app configuration device status summary. [(Any) <Object>]: This indicates any property can be added to this object. [Id <String>]: The unique identifier for an entity. Read-only. [ConfigurationVersion <Int32?>]: Version of the policy for that overview [ErrorCount <Int32?>]: Number of error devices [FailedCount <Int32?>]: Number of failed devices [LastUpdateDateTime <DateTime?>]: Last update time [NotApplicableCount <Int32?>]: Number of not applicable devices [PendingCount <Int32?>]: Number of pending devices [SuccessCount <Int32?>]: Number of succeeded devices [DeviceStatuses <IMicrosoftGraphManagedDeviceMobileAppConfigurationDeviceStatus[]>]: List of ManagedDeviceMobileAppConfigurationDeviceStatus. [Id <String>]: The unique identifier for an entity. Read-only. [ComplianceGracePeriodExpirationDateTime <DateTime?>]: The DateTime when device compliance grace period expires [DeviceDisplayName <String>]: Device name of the DevicePolicyStatus. [DeviceModel <String>]: The device model that is being reported [LastReportedDateTime <DateTime?>]: Last modified date time of the policy report. [Status <String>]: complianceStatus [UserName <String>]: The User Name that is being reported [UserPrincipalName <String>]: UserPrincipalName. [DisplayName <String>]: Admin provided name of the device configuration. [LastModifiedDateTime <DateTime?>]: DateTime the object was last modified. [TargetedMobileApps <String[]>]: the associated app. [UserStatusSummary <IMicrosoftGraphManagedDeviceMobileAppConfigurationUserSummary>]: Contains properties, inherited properties and actions for an MDM mobile app configuration user status summary. [(Any) <Object>]: This indicates any property can be added to this object. [Id <String>]: The unique identifier for an entity. Read-only. [ConfigurationVersion <Int32?>]: Version of the policy for that overview [ErrorCount <Int32?>]: Number of error Users [FailedCount <Int32?>]: Number of failed Users [LastUpdateDateTime <DateTime?>]: Last update time [NotApplicableCount <Int32?>]: Number of not applicable users [PendingCount <Int32?>]: Number of pending Users [SuccessCount <Int32?>]: Number of succeeded Users [UserStatuses <IMicrosoftGraphManagedDeviceMobileAppConfigurationUserStatus[]>]: List of ManagedDeviceMobileAppConfigurationUserStatus. [Id <String>]: The unique identifier for an entity. Read-only. [DevicesCount <Int32?>]: Devices count for that user. [LastReportedDateTime <DateTime?>]: Last modified date time of the policy report. [Status <String>]: complianceStatus [UserDisplayName <String>]: User name of the DevicePolicyStatus. [UserPrincipalName <String>]: UserPrincipalName. [Version <Int32?>]: Version of the device configuration.
MOBILEAPPRELATIONSHIPS <IMicrosoftGraphMobileAppRelationship[]>: The mobile app relationship represents the dependency or supersedence relationship between two Intune mobile LOB applications. [Id <String>]: The unique identifier for an entity. Read-only. [TargetId <String>]: The unique app identifier of the target of the mobile app relationship entity. For example: 2dbc75b9-e993-4e4d-a071-91ac5a218672. Read-Only. Returned by default. Supports: $select. Does not support $search, $filter, $orderBy.
MOBILEAPPS <IMicrosoftGraphMobileApp[]>: The mobile apps. [Id <String>]: The unique identifier for an entity. Read-only. [Assignments <IMicrosoftGraphMobileAppAssignment[]>]: The list of group assignments for this mobile app. [Id <String>]: The unique identifier for an entity. Read-only. [Intent <InstallIntent?>]: Possible values for the install intent chosen by the admin. [Settings <IMicrosoftGraphMobileAppAssignmentSettings>]: Abstract class to contain properties used to assign a mobile app to a group. [(Any) <Object>]: This indicates any property can be added to this object. [Target <IMicrosoftGraphDeviceAndAppManagementAssignmentTarget>]: Base type for assignment targets. [(Any) <Object>]: This indicates any property can be added to this object. [Categories <IMicrosoftGraphMobileAppCategory[]>]: The list of categories for this app. [Id <String>]: The unique identifier for an entity. Read-only. [DisplayName <String>]: The name of the app category. [Description <String>]: The description of the app. [Developer <String>]: The developer of the app. [DisplayName <String>]: The admin provided or imported title of the app. [InformationUrl <String>]: The more information Url. [IsFeatured <Boolean?>]: The value indicating whether the app is marked as featured by the admin. [LargeIcon <IMicrosoftGraphMimeContent>]: Contains properties for a generic mime content. [(Any) <Object>]: This indicates any property can be added to this object. [Type <String>]: Indicates the content mime type. [Value <Byte[]>]: The byte array that contains the actual content. [Notes <String>]: Notes for the app. [Owner <String>]: The owner of the app. [PrivacyInformationUrl <String>]: The privacy statement Url. [Publisher <String>]: The publisher of the app. [PublishingState <MobileAppPublishingState?>]: Indicates the publishing state of an app.
TARGETEDMANAGEDAPPCONFIGURATIONS <IMicrosoftGraphTargetedManagedAppConfiguration[]>: Targeted managed app configurations. [CustomSettings <IMicrosoftGraphKeyValuePair[]>]: A set of string key and string value pairs to be sent to apps for users to whom the configuration is scoped, unalterned by this service [Name <String>]: Name for this key-value pair [Value <String>]: Value for this key-value pair [CreatedDateTime <DateTime?>]: The date and time the policy was created. [Description <String>]: The policy's description. [DisplayName <String>]: Policy display name. [LastModifiedDateTime <DateTime?>]: Last time the policy was modified. [Version <String>]: Version of the entity. [Id <String>]: The unique identifier for an entity. Read-only. [Apps <IMicrosoftGraphManagedMobileApp[]>]: List of apps to which the policy is deployed. [Id <String>]: The unique identifier for an entity. Read-only. [MobileAppIdentifier <IMicrosoftGraphMobileAppIdentifier>]: The identifier for a mobile app. [(Any) <Object>]: This indicates any property can be added to this object. [Version <String>]: Version of the entity. [Assignments <IMicrosoftGraphTargetedManagedAppPolicyAssignment[]>]: Navigation property to list of inclusion and exclusion groups to which the policy is deployed. [Id <String>]: The unique identifier for an entity. Read-only. [Target <IMicrosoftGraphDeviceAndAppManagementAssignmentTarget>]: Base type for assignment targets. [(Any) <Object>]: This indicates any property can be added to this object. [DeployedAppCount <Int32?>]: Count of apps to which the current policy is deployed. [DeploymentSummary <IMicrosoftGraphManagedAppPolicyDeploymentSummary>]: The ManagedAppEntity is the base entity type for all other entity types under app management workflow. [(Any) <Object>]: This indicates any property can be added to this object. [Id <String>]: The unique identifier for an entity. Read-only. [ConfigurationDeployedUserCount <Int32?>]: [ConfigurationDeploymentSummaryPerApp <IMicrosoftGraphManagedAppPolicyDeploymentSummaryPerApp[]>]: [ConfigurationAppliedUserCount <Int32?>]: Number of users the policy is applied. [MobileAppIdentifier <IMicrosoftGraphMobileAppIdentifier>]: The identifier for a mobile app. [DisplayName <String>]: [LastRefreshTime <DateTime?>]: [Version <String>]: Version of the entity. [IsAssigned <Boolean?>]: Indicates if the policy is deployed to any inclusion groups or not.
VPPTOKENS <IMicrosoftGraphVppToken[]>: List of Vpp tokens for this organization. [Id <String>]: The unique identifier for an entity. Read-only. [AppleId <String>]: The apple Id associated with the given Apple Volume Purchase Program Token. [AutomaticallyUpdateApps <Boolean?>]: Whether or not apps for the VPP token will be automatically updated. [CountryOrRegion <String>]: Whether or not apps for the VPP token will be automatically updated. [ExpirationDateTime <DateTime?>]: The expiration date time of the Apple Volume Purchase Program Token. [LastModifiedDateTime <DateTime?>]: Last modification date time associated with the Apple Volume Purchase Program Token. [LastSyncDateTime <DateTime?>]: The last time when an application sync was done with the Apple volume purchase program service using the the Apple Volume Purchase Program Token. [LastSyncStatus <VppTokenSyncStatus?>]: Possible sync statuses associated with an Apple Volume Purchase Program token. [OrganizationName <String>]: The organization associated with the Apple Volume Purchase Program Token [State <VppTokenState?>]: Possible states associated with an Apple Volume Purchase Program token. [Token <String>]: The Apple Volume Purchase Program Token string downloaded from the Apple Volume Purchase Program. [VppTokenAccountType <VppTokenAccountType?>]: Possible types of an Apple Volume Purchase Program token.
WINDOWSINFORMATIONPROTECTIONPOLICIES <IMicrosoftGraphWindowsInformationProtectionPolicy[]>: Windows information protection for apps running on devices which are not MDM enrolled. [Assignments <IMicrosoftGraphTargetedManagedAppPolicyAssignment[]>]: Navigation property to list of security groups targeted for policy. [Id <String>]: The unique identifier for an entity. Read-only. [Target <IMicrosoftGraphDeviceAndAppManagementAssignmentTarget>]: Base type for assignment targets. [(Any) <Object>]: This indicates any property can be added to this object. [AzureRightsManagementServicesAllowed <Boolean?>]: Specifies whether to allow Azure RMS encryption for WIP [DataRecoveryCertificate <IMicrosoftGraphWindowsInformationProtectionDataRecoveryCertificate>]: Windows Information Protection DataRecoveryCertificate [(Any) <Object>]: This indicates any property can be added to this object. [Certificate <Byte[]>]: Data recovery Certificate [Description <String>]: Data recovery Certificate description [ExpirationDateTime <DateTime?>]: Data recovery Certificate expiration datetime [SubjectName <String>]: Data recovery Certificate subject name [EnforcementLevel <WindowsInformationProtectionEnforcementLevel?>]: Possible values for WIP Protection enforcement levels [EnterpriseDomain <String>]: Primary enterprise domain [EnterpriseIPRanges <IMicrosoftGraphWindowsInformationProtectionIPRangeCollection[]>]: Sets the enterprise IP ranges that define the computers in the enterprise network. Data that comes from those computers will be considered part of the enterprise and protected. These locations will be considered a safe destination for enterprise data to be shared to [DisplayName <String>]: Display name [Ranges <IMicrosoftGraphIPRange[]>]: Collection of ip ranges [EnterpriseIPRangesAreAuthoritative <Boolean?>]: Boolean value that tells the client to accept the configured list and not to use heuristics to attempt to find other subnets. Default is false [EnterpriseInternalProxyServers <IMicrosoftGraphWindowsInformationProtectionResourceCollection[]>]: This is the comma-separated list of internal proxy servers. For example, '157.54.14.28, 157.54.11.118, 10.202.14.167, 157.53.14.163, 157.69.210.59'. These proxies have been configured by the admin to connect to specific resources on the Internet. They are considered to be enterprise network locations. The proxies are only leveraged in configuring the EnterpriseProxiedDomains policy to force traffic to the matched domains through these proxies [DisplayName <String>]: Display name [Resources <String[]>]: Collection of resources [EnterpriseNetworkDomainNames <IMicrosoftGraphWindowsInformationProtectionResourceCollection[]>]: This is the list of domains that comprise the boundaries of the enterprise. Data from one of these domains that is sent to a device will be considered enterprise data and protected These locations will be considered a safe destination for enterprise data to be shared to [EnterpriseProtectedDomainNames <IMicrosoftGraphWindowsInformationProtectionResourceCollection[]>]: List of enterprise domains to be protected [EnterpriseProxiedDomains <IMicrosoftGraphWindowsInformationProtectionProxiedDomainCollection[]>]: Contains a list of Enterprise resource domains hosted in the cloud that need to be protected. Connections to these resources are considered enterprise data. If a proxy is paired with a cloud resource, traffic to the cloud resource will be routed through the enterprise network via the denoted proxy server (on Port 80). A proxy server used for this purpose must also be configured using the EnterpriseInternalProxyServers policy [DisplayName <String>]: Display name [ProxiedDomains <IMicrosoftGraphProxiedDomain[]>]: Collection of proxied domains [IPAddressOrFqdn <String>]: The IP address or FQDN [Proxy <String>]: Proxy IP or FQDN [EnterpriseProxyServers <IMicrosoftGraphWindowsInformationProtectionResourceCollection[]>]: This is a list of proxy servers. Any server not on this list is considered non-enterprise [EnterpriseProxyServersAreAuthoritative <Boolean?>]: Boolean value that tells the client to accept the configured list of proxies and not try to detect other work proxies. Default is false [ExemptAppLockerFiles <IMicrosoftGraphWindowsInformationProtectionAppLockerFile[]>]: Another way to input exempt apps through xml files [Id <String>]: The unique identifier for an entity. Read-only. [DisplayName <String>]: The friendly name [File <Byte[]>]: File as a byte array [FileHash <String>]: SHA256 hash of the file [Version <String>]: Version of the entity. [ExemptApps <IMicrosoftGraphWindowsInformationProtectionApp[]>]: Exempt applications can also access enterprise data, but the data handled by those applications are not protected. This is because some critical enterprise applications may have compatibility problems with encrypted data. [Denied <Boolean?>]: If true, app is denied protection or exemption. [Description <String>]: The app's description. [DisplayName <String>]: App display name. [ProductName <String>]: The product name. [PublisherName <String>]: The publisher name [IconsVisible <Boolean?>]: Determines whether overlays are added to icons for WIP protected files in Explorer and enterprise only app tiles in the Start menu. Starting in Windows 10, version 1703 this setting also configures the visibility of the WIP icon in the title bar of a WIP-protected app [IndexingEncryptedStoresOrItemsBlocked <Boolean?>]: This switch is for the Windows Search Indexer, to allow or disallow indexing of items [IsAssigned <Boolean?>]: Indicates if the policy is deployed to any inclusion groups or not. [NeutralDomainResources <IMicrosoftGraphWindowsInformationProtectionResourceCollection[]>]: List of domain names that can used for work or personal resource [ProtectedAppLockerFiles <IMicrosoftGraphWindowsInformationProtectionAppLockerFile[]>]: Another way to input protected apps through xml files [ProtectedApps <IMicrosoftGraphWindowsInformationProtectionApp[]>]: Protected applications can access enterprise data and the data handled by those applications are protected with encryption [ProtectionUnderLockConfigRequired <Boolean?>]: Specifies whether the protection under lock feature (also known as encrypt under pin) should be configured [RevokeOnUnenrollDisabled <Boolean?>]: This policy controls whether to revoke the WIP keys when a device unenrolls from the management service. If set to 1 (Don't revoke keys), the keys will not be revoked and the user will continue to have access to protected files after unenrollment. If the keys are not revoked, there will be no revoked file cleanup subsequently. [RightsManagementServicesTemplateId <String>]: TemplateID GUID to use for RMS encryption. The RMS template allows the IT admin to configure the details about who has access to RMS-protected file and how long they have access [SmbAutoEncryptedFileExtensions <IMicrosoftGraphWindowsInformationProtectionResourceCollection[]>]: Specifies a list of file extensions, so that files with these extensions are encrypted when copying from an SMB share within the corporate boundary [CreatedDateTime <DateTime?>]: The date and time the policy was created. [Description <String>]: The policy's description. [DisplayName <String>]: Policy display name. [LastModifiedDateTime <DateTime?>]: Last time the policy was modified. [Version <String>]: Version of the entity. [Id <String>]: The unique identifier for an entity. Read-only. [DaysWithoutContactBeforeUnenroll <Int32?>]: Offline interval before app data is wiped (days) . Valid values 0 to 999 [MdmEnrollmentUrl <String>]: Enrollment url for the MDM [MinutesOfInactivityBeforeDeviceLock <Int32?>]: Specifies the maximum amount of time (in minutes) allowed after the device is idle that will cause the device to become PIN or password locked. Range is an integer X where 0 <= X <= 999. Valid values 0 to 999 [NumberOfPastPinsRemembered <Int32?>]: Integer value that specifies the number of past PINs that can be associated to a user account that can't be reused. The largest number you can configure for this policy setting is 50. The lowest number you can configure for this policy setting is 0. If this policy is set to 0, then storage of previous PINs is not required. This node was added in Windows 10, version 1511. Default is 0. Valid values 0 to 50 [PasswordMaximumAttemptCount <Int32?>]: The number of authentication failures allowed before the device will be wiped. A value of 0 disables device wipe functionality. Range is an integer X where 4 <= X <= 16 for desktop and 0 <= X <= 999 for mobile devices. Valid values 0 to 999 [PinExpirationDays <Int32?>]: Integer value specifies the period of time (in days) that a PIN can be used before the system requires the user to change it. The largest number you can configure for this policy setting is 730. The lowest number you can configure for this policy setting is 0. If this policy is set to 0, then the user's PIN will never expire. This node was added in Windows 10, version 1511. Default is 0. Valid values 0 to 730 [PinLowercaseLetters <WindowsInformationProtectionPinCharacterRequirements?>]: Pin Character Requirements [PinMinimumLength <Int32?>]: Integer value that sets the minimum number of characters required for the PIN. Default value is 4. The lowest number you can configure for this policy setting is 4. The largest number you can configure must be less than the number configured in the Maximum PIN length policy setting or the number 127, whichever is the lowest. Valid values 0 to 127 [PinSpecialCharacters <WindowsInformationProtectionPinCharacterRequirements?>]: Pin Character Requirements [PinUppercaseLetters <WindowsInformationProtectionPinCharacterRequirements?>]: Pin Character Requirements [RevokeOnMdmHandoffDisabled <Boolean?>]: New property in RS2, pending documentation [WindowsHelloForBusinessBlocked <Boolean?>]: Boolean value that sets Windows Hello for Business as a method for signing into Windows.