Microsoft Intune Component
Use the Microsoft Intune component to manage users, devices, and applications.
Component key: ms-intune
Description
Microsoft Intune is a cloud-based service that focuses on device management and application management. This component allows you to manage users, devices, groups, mobile applications, and device compliance policies within Microsoft Intune.
API Documentation
This component was built using the Microsoft Graph REST API v1.0.
Connections
OAuth 2.0
To connect to Microsoft Intune using OAuth 2.0, create an app registration in Microsoft Entra.
Prerequisites
- A Microsoft account with administrative access to Microsoft Entra (formerly Azure AD)
Setup Steps
- Navigate to the Microsoft Entra admin center and go to Identity > Applications > App registrations, then select New registration.
- Configure the app registration:
- Set Supported account types to Accounts in any organizational directory (Any Azure AD directory - Multitenant) to allow users from different organizations to authenticate.
- Under Redirect URI, select Web as the platform and enter:
https://oauth2.prismatic.io/callback - Select Register to complete the initial setup.
- Navigate to Certificates & Secrets and create a new Client Secret. Copy the Value immediately (it will not be shown again).
- Navigate to the Overview page and copy the Application (client) ID.
- Navigate to API Permissions and select Add a permission:
- Select Microsoft Graph
- Select Delegated permissions
- Under DeviceManagementManagedDevices, add the required permissions such as DeviceManagementManagedDevices.PrivilegedOperations.All and DeviceManagementManagedDevices.Read.All
- Add any additional permissions required by the integration
For more information on available permissions, refer to the Microsoft Graph permissions reference.
Configure the Connection
- Enter the Application (client) ID as the Client ID
- Enter the Client Secret value copied earlier
- Use the default Authorize URL:
https://login.microsoftonline.com/common/oauth2/v2.0/authorize - For Token URL, replace common with the Tenant ID when authenticating to a specific tenant:
- Default:
https://login.microsoftonline.com/common/oauth2/v2.0/token - With Tenant ID:
https://login.microsoftonline.com/abf988bf-86f1-41af-91ab-2d7cd011db46/oauth2/v2.0/token
- Default:
Some actions require tenant-specific authentication. Replace the common portion of the Token URL with the specific Tenant ID when connecting to a particular organization.
| Input | Notes | Example |
|---|---|---|
| Authorize URL | The OAuth 2.0 Authorization URL for Microsoft Intune. For multi-tenant apps, use /common. For single-tenant apps, replace /common with your tenant ID. | https://login.microsoftonline.com/common/oauth2/v2.0/authorize |
| Client ID | Application (client) ID from your App Registration in the Azure Portal. Navigate to Azure Active Directory > App registrations > [Your App] to find this value. Learn more | 12345678-1234-1234-1234-123456789abc |
| Client Secret | Client secret value from your App Registration in the Azure Portal. Navigate to Azure Active Directory > App registrations > [Your App] > Certificates & secrets to generate a new secret. Learn more | |
| Scopes | Space-separated list of Microsoft Graph API permission scopes. Common scopes include DeviceManagementManagedDevices, DeviceManagementApps, Directory, Group, User permissions. Learn more | DeviceManagementManagedDevices.PrivilegedOperations.All DeviceManagementApps.ReadWrite.All DeviceManagementManagedDevices.ReadWrite.All Group.ReadWrite.All Domain.ReadWrite.All User.ReadWrite.All Directory.ReadWrite.All AuditLog.Read.All DeviceManagementConfiguration.ReadWrite.All offline_access |
| Token URL | The OAuth 2.0 Token URL for Microsoft Intune. For multi-tenant apps, use /common. For single-tenant apps, replace /common with your tenant ID. | https://login.microsoftonline.com/common/oauth2/v2.0/token |
OAuth 2.0 Client Credentials
To connect to Microsoft Intune using the OAuth 2.0 Client Credentials flow, create an app registration in Microsoft Entra. The client credentials flow is used for server-to-server authentication where the application acts on its own behalf rather than on behalf of a specific user.
Prerequisites
- A Microsoft account with administrative access to Microsoft Entra (formerly Azure AD)
- Admin consent privileges to grant application-level permissions
Setup Steps
- Navigate to the Microsoft Entra admin center and go to Identity > Applications > App registrations, then select New registration.
- Configure the app registration:
- Set Supported account types to Accounts in any organizational directory (Any Azure AD directory - Multitenant) to allow authentication across different organizations.
- Under Redirect URI, select Web as the platform and enter:
https://oauth2.prismatic.io/callback - Select Register to complete the initial setup.
- Navigate to Certificates & Secrets and create a new Client Secret. Copy the Value immediately (it will not be shown again).
- Navigate to the Overview page and copy the Application (client) ID.
- Navigate to API Permissions and select Add a permission:
- Select Microsoft Graph
- Select Application permissions
- Add all permissions required for the intended use case
- After adding all required permissions, select Grant admin consent to authorize the application to use these permissions. This step is required for the client credentials flow to function properly.
For more information on application vs delegated permissions, refer to the Microsoft Graph permissions reference.
Configure the Connection
- Enter the Application (client) ID as the Client ID
- Enter the Client Secret value copied earlier
- Use the default Authorize URL:
https://login.microsoftonline.com/common/oauth2/v2.0/authorize - For Token URL, replace common with the specific Tenant ID (required for client credentials flow):
- Default format:
https://login.microsoftonline.com/common/oauth2/v2.0/token - With Tenant ID:
https://login.microsoftonline.com/abf988bf-86f1-41af-91ab-2d7cd011db46/oauth2/v2.0/token
- Default format:
- Use the default scope:
https://graph.microsoft.com/.default
The client credentials flow requires a tenant-specific Token URL. Replace common with the actual Tenant ID for all actions using this connection type.
| Input | Notes | Example |
|---|---|---|
| Client ID | Application (client) ID from your App Registration in the Azure Portal. Navigate to Azure Active Directory > App registrations > [Your App] to find this value. Learn more | 12345678-1234-1234-1234-123456789abc |
| Client Secret | Client secret value from your App Registration in the Azure Portal. Navigate to Azure Active Directory > App registrations > [Your App] > Certificates & secrets to generate a new secret. Learn more | |
| Scopes | The scope for Microsoft Graph API access. For client credentials flow, use https://graph.microsoft.com/.default to request all permissions configured in your app registration. Learn more | https://graph.microsoft.com/.default |
| Token URL | The OAuth 2.0 Token URL for Microsoft Intune. <strong>Important:</strong> Replace <YOUR_TENANT_ID> with your Azure AD tenant ID. Find your tenant ID in Azure Portal > Azure Active Directory > Overview. | https://login.microsoftonline.com/**<YOUR_TENANT_ID>**/oauth2/v2.0/token |
Triggers
Resource Trigger
Get notified to this flow when the specified resource changes. | key: resourceTrigger
| Input | Notes | Example |
|---|---|---|
| Change Type | The type of change that will trigger notifications. Select one or more change types to monitor. | |
| Connection | The Microsoft Intune connection to use. | |
| Expiration Date Time | The date and time when the webhook subscription expires in UTC format (ISO 8601). The maximum duration varies by resource type. Learn more | 2025-12-31T23:59:59.0000000Z |
| Resource | The Microsoft Graph resource path to monitor for changes (e.g., users, groups, devices/managedDevices). Learn more | users |
The Resource Trigger monitors Microsoft Intune resources for changes using Microsoft Graph change notifications. When a monitored resource is created, updated, or deleted, Microsoft Graph sends a notification to this trigger.
Automatic Subscription Management
This trigger uses lifecycle webhook handlers to automatically manage Microsoft Graph subscriptions:
- On Deploy: When the integration is deployed, subscriptions are automatically created for the selected resource and change types
- On Delete: When the instance is deleted, all subscriptions associated with the webhook URL are automatically removed
Branches
This trigger uses two branches to handle different types of incoming requests:
| Branch | Description |
|---|---|
| Notification | Receives actual change notifications when the monitored resource changes |
| URL Validation | Handles Microsoft Graph validation requests when subscriptions are created |
When a subscription is created, Microsoft Graph sends a validation request containing a validationToken query parameter. The trigger automatically responds with the validation token to complete the subscription setup.
Configuration
| Input | Description |
|---|---|
| Resource | The Microsoft Graph resource to monitor (e.g., users, groups, devices) |
| Change Type | The types of changes to monitor. Multiple selections allowed: created, updated, deleted |
| Expiration Date Time | Optional. When the subscription expires. Defaults to 29 days for users and groups |
Supported Resources
Common resources that can be monitored include:
users- User accountsgroups- Security and Microsoft 365 groupsdevices- Managed devicesapplications- Registered applicationsdeviceManagement/managedDevices- Intune managed devices
For a complete list of supported resources, refer to the Microsoft Graph change notifications documentation.
Example Notification Payload
When a monitored resource changes, Microsoft Graph sends a notification in this format:
{
"value": [
{
"changeType": "updated",
"clientState": null,
"resource": "Users/87d349ed-44d7-43e1-9a83-5f2406dee5bd",
"resourceData": {
"@odata.type": "#Microsoft.Graph.User",
"@odata.id": "Users/87d349ed-44d7-43e1-9a83-5f2406dee5bd",
"id": "87d349ed-44d7-43e1-9a83-5f2406dee5bd"
},
"subscriptionId": "7f105c7d-2dc5-4530-97cd-4e7ae6534c07",
"subscriptionExpirationDateTime": "2025-01-15T18:23:45.9356913Z",
"tenantId": "84bd8158-6d4d-4958-8b9f-9d6445542f55"
}
]
}
Data Sources
Select Detected App
Select a detected app from the list of detected apps | key: selectDetectedApp | type: picklist
| Input | Notes | Example |
|---|---|---|
| Connection | The Microsoft Intune connection to use. |
{
"result": [
{
"label": "Display Name value",
"key": "caf60db6-0db6-caf6-b60d-f6cab60df6ca"
}
]
}
Select Group
Select a group app from the list of groups | key: selectGroup | type: picklist
| Input | Notes | Example |
|---|---|---|
| Connection | The Microsoft Intune connection to use. |
{
"result": [
{
"label": "Display Name value",
"key": "0177548a-548a-0177-8a54-77018a547701"
}
]
}
Select Group Member
Select a member of a security or Microsoft 365 group. | key: selectMember | type: picklist
| Input | Notes | Example |
|---|---|---|
| Connection | The Microsoft Intune connection to use. | |
| Group Id | The unique identifier of a MS365 or Security group. | a1b2c3d4-e5f6-7890-abcd-ef1234567890 |
Select Managed Device
Select a managed device from the list of managed devices | key: selectManagedDevice | type: picklist
| Input | Notes | Example |
|---|---|---|
| Connection | The Microsoft Intune connection to use. |
{
"result": [
{
"label": "Device Name value",
"key": "705c034c-034c-705c-4c03-5c704c035c70"
}
]
}
Select Mobile App
Select a mobile app from the list of mobile apps | key: selectMobileApp | type: picklist
| Input | Notes | Example |
|---|---|---|
| Connection | The Microsoft Intune connection to use. |
{
"result": [
{
"label": "Display Name value",
"key": "0177548a-548a-0177-8a54-77018a547701"
}
]
}
Select Mobile App Assignment
Select a mobile app assignment from the list of mobile apps assignments | key: selectMobileAppAssignment | type: picklist
| Input | Notes | Example |
|---|---|---|
| Connection | The Microsoft Intune connection to use. | |
| Mobile App Id | Unique identifier for the mobile app (UUID format). | a1b2c3d4-e5f6-7890-abcd-ef1234567890 |
{
"result": [
{
"label": "required",
"key": "591620b7-20b7-5916-b720-1659b7201659"
}
]
}
Actions
Add Group Member
Add a single member to a security or Microsoft 365 group. | key: addMemberToGroup
| Input | Notes | Example |
|---|---|---|
| Connection | The Microsoft Intune connection to use. | |
| Group Id | The unique identifier of a MS365 or Security group. | a1b2c3d4-e5f6-7890-abcd-ef1234567890 |
| Member Id | The unique identifier of a member (UUID format). | a1b2c3d4-e5f6-7890-abcd-ef1234567890 |
{
"data": {
"message": "Sucessfully added member(s) to group."
}
}
Add Group Members
Add members to a security or Microsoft 365 group. | key: addMembersToGroup
| Input | Notes | Example |
|---|---|---|
| Connection | The Microsoft Intune connection to use. | |
| Group Id | The unique identifier of a MS365 or Security group. | a1b2c3d4-e5f6-7890-abcd-ef1234567890 |
| Dynamic Member Ids | Array of member unique identifiers (UUIDs). You must fill either this input or the member IDs input. | |
| Member Ids | Comma-separated list of member unique identifiers (UUIDs). You must fill either this input or the Dynamic member IDs input. | a1b2c3d4-e5f6-7890-abcd-ef1234567890,b2c3d4e5-f678-9012-3456-789012345678 |
{
"data": {
"message": "Sucessfully added member(s) to group."
}
}
Assign Device Compliance Policy
Assign a device compliance policy by ID. | key: assignDeviceCompliancePolicy
| Input | Notes | Example |
|---|---|---|
| Assign Id | The unique identifier for the policy assignment. | 705c034c-034c-705c-4c03-5c704c035c70 |
| Collection Id | The unique identifier for the Configuration Manager target collection. | 705c034c-034c-705c-4c03-5c704c035c70 |
| Connection | The Microsoft Intune connection to use. | |
| Device Compliance Policy Id | Unique Identifier for the device to assign the compliance policy. | 705c034c-034c-705c-4c03-5c704c035c70 |
| Target | The device compliance policy assignment target type (e.g., configurationManagerCollectionAssignmentTarget, groupAssignmentTarget). | microsoft.graph.configurationManagerCollectionAssignmentTarget |
{
"data": {
"value": [
{
"@odata.type": "#microsoft.graph.deviceCompliancePolicyAssignment",
"id": "92dc3fef-3fef-92dc-ef3f-dc92ef3fdc92",
"target": {
"@odata.type": "microsoft.graph.configurationManagerCollectionAssignmentTarget",
"collectionId": "Collection Id value"
}
}
]
}
}
Assign Mobile App
Assign a mobile app to a group. | key: assignMobileApp
| Input | Notes | Example |
|---|---|---|
| Connection | The Microsoft Intune connection to use. | |
| Group Id | The unique identifier of the group to assign the app to (UUID format). | a1b2c3d4-e5f6-7890-abcd-ef1234567890 |
| Intent | The intent of the assignment for the managed app. A 'Required' option will force the app to be installed on the device. An 'Available' option will make the app available for the user to install. An 'Uninstall' option will remove the app from the device. An 'Available Without Enrollment' option will make the app available for the user to install without enrolling the device. | available |
| Mobile App Id | Unique Identifier for the mobile app to assign. | a1b2c3d4-e5f6-7890-abcd-ef1234567890 |
| Settings | The mobile app assignment settings type. The value depends on the app platform (e.g., windowsUniversalAppXAppAssignmentSettings, iosLobAppAssignmentSettings). | microsoft.graph.windowsUniversalAppXAppAssignmentSettings |
| Target | The mobile app assignment target type. Common values include allLicensedUsersAssignmentTarget, groupAssignmentTarget, allDevicesAssignmentTarget. | microsoft.graph.allLicensedUsersAssignmentTarget |
{
"data": "Action successfully completed."
}
Create Group
Create a group. | key: createGroup
| Input | Notes | Example |
|---|---|---|
| Assigned Labels | The list of sensitivity label pairs (label ID, label name) associated with a group | |
| Body Fields | Additional JSON properties to include in the request body. These will be merged with other input values. | |
| Connection | The Microsoft Intune connection to use. | |
| Description | A description for the group. | Self help community for library |
| Display Name | The name to display in the address book for the group. | Library Assist |
| Mail Enabled | When true, creates a mail-enabled group that can receive email messages. | false |
| Mail Nickname | The mail alias for the group, unique for Microsoft 365 groups in the organization. | library |
| Security Enabled | When true, creates a security group. Security groups are used to control access to resources. | false |
| Visibility | Specifies the visibility of the group. Possible values are Private, Public, or Hiddenmembership. | Public |
{
"data": {
"@odata.context": "https://graph.microsoft.com/v1.0/$metadata#groups/$entity",
"id": "02bd9fd6-8f93-4758-87c3-1fb73740a315",
"deletedDateTime": null,
"classification": null,
"createdDateTime": "2017-07-31T18:56:16Z",
"description": "Welcome to the HR Taskforce team.",
"displayName": "HR Taskforce",
"expirationDateTime": null,
"groupTypes": [
"Unified"
],
"isAssignableToRole": null,
"mail": "HRTaskforce@contoso.com",
"mailEnabled": true,
"mailNickname": "HRTaskforce",
"membershipRule": null,
"membershipRuleProcessingState": null,
"onPremisesDomainName": null,
"onPremisesLastSyncDateTime": null,
"onPremisesNetBiosName": null,
"onPremisesSamAccountName": null,
"onPremisesSecurityIdentifier": null,
"onPremisesSyncEnabled": null,
"preferredDataLocation": null,
"preferredLanguage": null,
"proxyAddresses": [
"SMTP:HRTaskforce@contoso.com",
"SPO:SPO_896cf652-b200-4b74-8111-c013f64406cf@SPO_dcd219dd-bc68-4b9b-bf0b-4a33a796be35"
],
"renewedDateTime": "2020-01-24T19:01:14Z",
"resourceBehaviorOptions": [],
"resourceProvisioningOptions": [
"Team"
],
"securityEnabled": false,
"securityIdentifier": "S-1-12-1-45981654-1196986259-3072312199-363020343",
"serviceProvisioningErrors": [],
"theme": null,
"visibility": "Private",
"onPremisesProvisioningErrors": []
}
}
Create Managed App
Create a new App object. | key: createManagedApp
| Input | Notes | Example |
|---|---|---|
| Connection | The Microsoft Intune connection to use. | |
| Description | A description of the app that helps users understand what it is and what they can do with it. This description will be visible in Company Portal. | This is an Office Suite app. |
| Developer | The name of the company or individual that developed the app. This information will be visible in the admin center. | Microsoft |
| Display Name | The name for the app. This name will be visible in the Intune apps list and to users in the Company Portal. | Office Suite App |
| Information URL | A link to a website or documentation with more information about the app. This URL will be visible to users in Company Portal. | https://example.com/info |
| Is Featured | When true, displays this as a featured app in the Company Portal. Featured apps are prominently placed so users can quickly access them. | false |
| Icon Image Type | The MIME type of the app icon image (e.g., image/png, image/jpeg). This field is required if the Icon Image Data is provided. | image/png |
| Icon Image Data | The base64-encoded image data for the app icon. This field is required if the Icon Image Type is provided. | dmFsdWU= |
| Notes | Additional notes about the app for documentation purposes. Notes will be visible in the admin center. | This app is used by the sales team. |
| OData App Type | The OData type of the app to create (e.g., #microsoft.graph.officeSuiteApp, #microsoft.graph.win32LobApp). This depends on the platform of the app. Learn more | #microsoft.graph.officeSuiteApp |
| Owner | The name of the person in your organization who manages licensing or is the point-of-contact for this app. This name will be visible in the admin center. | John Doe |
| Privacy Information URL | A link to the app's privacy policy and terms. This URL will be visible to users in Company Portal. | https://example.com/privacy |
| Publisher | The name of the developer or company that distributes the app. This information will be visible to users in Company Portal. | Microsoft |
| Specific Platform Properties | The specific properties for the app to be created, generic properties like '@odata.type', 'displayName', 'description', etc. are alredy covered by the other inputs. This input should be a JSON object with the specific properties for the app to be created. Check the Microsoft Graph API documentation for the correct properties for the app type you are creating. Documentation for an Office Suite app can be found here https://learn.microsoft.com/en-us/graph/api/intune-apps-officesuiteapp-create?view=graph-rest-beta |
{
"data": {
"@odata.type": "#microsoft.graph.officeSuiteApp",
"id": "9b263b46-3b46-9b26-463b-269b463b269b",
"displayName": "Display Name value",
"description": "Description value",
"publisher": "Publisher value",
"largeIcon": {
"@odata.type": "microsoft.graph.mimeContent",
"type": "Type value",
"value": "dmFsdWU="
},
"createdDateTime": "2017-01-01T00:02:43.5775965-08:00",
"lastModifiedDateTime": "2017-01-01T00:00:35.1329464-08:00",
"isFeatured": true,
"privacyInformationUrl": "https://example.com/privacyInformationUrl/",
"informationUrl": "https://example.com/informationUrl/",
"owner": "Owner value",
"developer": "Developer value",
"notes": "Notes value",
"uploadState": 11,
"publishingState": "processing",
"isAssigned": true,
"roleScopeTagIds": [
"Role Scope Tag Ids value"
],
"dependentAppCount": 1,
"supersedingAppCount": 3,
"supersededAppCount": 2,
"autoAcceptEula": true,
"productIds": [
"o365BusinessRetail"
],
"excludedApps": {
"@odata.type": "microsoft.graph.excludedApps",
"access": true,
"bing": true,
"excel": true,
"groove": true,
"infoPath": true,
"lync": true,
"oneDrive": true,
"oneNote": true,
"outlook": true,
"powerPoint": true,
"publisher": true,
"sharePointDesigner": true,
"teams": true,
"visio": true,
"word": true
},
"useSharedComputerActivation": true,
"updateChannel": "current",
"officeSuiteAppDefaultFileFormat": "officeOpenXMLFormat",
"officePlatformArchitecture": "x86",
"localesToInstall": [
"Locales To Install value"
],
"installProgressDisplayLevel": "full",
"shouldUninstallOlderVersionsOfOffice": true,
"targetVersion": "Target Version value",
"updateVersion": "Update Version value",
"officeConfigurationXml": "b2ZmaWNlQ29uZmlndXJhdGlvblhtbA=="
}
}
Create Mobile App Assignment
Create a mobile app assignment. | key: createMobileAppAssignment
| Input | Notes | Example |
|---|---|---|
| Connection | The Microsoft Intune connection to use. | |
| Intent | The intent of the assignment for the managed app. A 'Required' option will force the app to be installed on the device. An 'Available' option will make the app available for the user to install. An 'Uninstall' option will remove the app from the device. An 'Available Without Enrollment' option will make the app available for the user to install without enrolling the device. | available |
| Mobile App Id | The ID of the mobile app to create the assignment for. | a1b2c3d4-e5f6-7890-abcd-ef1234567890 |
| Settings | The mobile app assignment settings type. The value depends on the app platform (e.g., windowsUniversalAppXAppAssignmentSettings, iosLobAppAssignmentSettings). | microsoft.graph.windowsUniversalAppXAppAssignmentSettings |
| Target | The mobile app assignment target type. Common values include allLicensedUsersAssignmentTarget, groupAssignmentTarget, allDevicesAssignmentTarget. | microsoft.graph.allLicensedUsersAssignmentTarget |
{
"data": {
"@odata.type": "#microsoft.graph.mobileAppAssignment",
"id": "591620b7-20b7-5916-b720-1659b7201659",
"intent": "required",
"target": {
"@odata.type": "microsoft.graph.allLicensedUsersAssignmentTarget"
},
"settings": {
"@odata.type": "microsoft.graph.windowsUniversalAppXAppAssignmentSettings",
"useDeviceContext": true
}
}
}
Create Subscription
Create a subscription. | key: createSubscription
| Input | Notes | Example |
|---|---|---|
| Body Fields | Additional JSON properties to include in the request body. These will be merged with other input values. | |
| Change Type | The type of change that will trigger notifications. Select one or more change types to monitor. | |
| Connection | The Microsoft Intune connection to use. | |
| Expiration Date Time | The date and time when the webhook subscription expires in UTC format (ISO 8601). The maximum duration varies by resource type. Learn more | 2025-12-31T23:59:59.0000000Z |
| Lifecycle Notification URL | The URL endpoint that receives lifecycle notifications (subscriptionRemoved, reauthorizationRequired, missed notifications). Required for Teams resources if the expirationDateTime value is more than 1 hour from now. | https://example.com/lifecycle |
| Notification URL | The URL endpoint that will receive webhook notifications when changes occur. | https://example.com/webhook |
| Resource | The Microsoft Graph resource path to monitor for changes (e.g., users, groups, devices/managedDevices). Learn more | users |
{
"data": [
{
"id": "7f105c7d-2dc5-4530-97cd-4e7ae6534c07",
"resource": "me/messages",
"applicationId": "string",
"changeType": "created,updated",
"clientState": "secretClientValue",
"notificationUrl": "https://webhook.azurewebsites.net/api/send/myNotifyClient",
"lifecycleNotificationUrl": "https://webhook.azurewebsites.net/api/send/lifecycleNotifications",
"expirationDateTime": "2016-11-20T18:23:45.9356913Z",
"creatorId": "string",
"latestSupportedTlsVersion": "v1_2",
"encryptionCertificate": "",
"encryptionCertificateId": "",
"includeResourceData": false,
"notificationContentType": "application/json"
}
]
}
Create User
Create a new user. | key: createUser
| Input | Notes | Example |
|---|---|---|
| Account Enabled | When true, enables the user account. When false, the account is disabled and the user cannot sign in. | true |
| Additional Properties | Additional properties that are not covered by the other inputs. This should be a JSON object and will be merged with the other inputs. You can get additional properties from the Microsoft Graph API documentation https://learn.microsoft.com/en-us/graph/api/resources/user?view=graph-rest-1.0#json-representation | |
| Connection | The Microsoft Intune connection to use. | |
| Display Name | The display name of the user. | John Doe |
| Domain | The domain for the user. This must be an existing verified domain in your tenant. Use the 'List Domains' action to retrieve available domains. | contoso.onmicrosoft.com |
| Force Change Password Next Sign In | When true, forces the user to change their password on next sign in. | true |
| Password | The password for the user account. Must meet your organization's password complexity requirements. | |
| User Principal Name | The user principal name (username) for the user. This will be combined with the domain to create the full user principal name (e.g., john.doe@contoso.com). | john.doe |
{
"data": {
"@odata.context": "https://graph.microsoft.com/v1.0/$metadata#users/$entity",
"id": "87d349ed-44d7-43e1-9a83-5f2406dee5bd",
"businessPhones": [],
"displayName": "Adele Vance",
"givenName": "Adele",
"jobTitle": "Product Marketing Manager",
"mail": "AdeleV@contoso.com",
"mobilePhone": "+1 425 555 0109",
"officeLocation": "18/2111",
"preferredLanguage": "en-US",
"surname": "Vance",
"userPrincipalName": "AdeleV@contoso.com"
}
}
Delete Group
Delete a single group. | key: deleteGroup
| Input | Notes | Example |
|---|---|---|
| Connection | The Microsoft Intune connection to use. | |
| Group Id | The ID of the group delete. | a1b2c3d4-e5f6-7890-abcd-ef1234567890 |
{
"data": "Action successfully completed."
}
Delete Group Member
Delete a member from a security or Microsoft 365 group. | key: deleteMemberFromGroup
| Input | Notes | Example |
|---|---|---|
| Connection | The Microsoft Intune connection to use. | |
| Group Id | The unique identifier of the group to assign the app to (UUID format). | a1b2c3d4-e5f6-7890-abcd-ef1234567890 |
| Member Id | The unique identifier of a member (UUID format). | a1b2c3d4-e5f6-7890-abcd-ef1234567890 |
{
"data": "Successfully deleted member from group."
}
Delete Managed App
Deletes an App. | key: deleteManagedApp
| Input | Notes | Example |
|---|---|---|
| Connection | The Microsoft Intune connection to use. | |
| Mobile App ID | The ID of the app to delete. | e0741df2-bae3-4649-9599-c47026da1234 |
{
"data": {}
}
Delete Managed Device
Deletes a Managed Device. | key: deleteManagedDevice
| Input | Notes | Example |
|---|---|---|
| Connection | The Microsoft Intune connection to use. | |
| Managed Device Id | Unique Identifier for the device to delete. | 705c034c-034c-705c-4c03-5c704c035c70 |
{
"data": {}
}
Delete Mobile App Assignment
Delete a single mobile app assignment. | key: deleteMobileAppAssignment
| Input | Notes | Example |
|---|---|---|
| Connection | The Microsoft Intune connection to use. | |
| Mobile App Assignment Id | The ID of the mobile app assignment to delete. | 0177548a-548a-0177-8a54-77018a547701 |
| Mobile App Id | The ID of the mobile app to delete the assignment from. | a1b2c3d4-e5f6-7890-abcd-ef1234567890 |
{
"data": "Action successfully completed."
}
Delete Subscription by Id
Delete a single subscription by its ID. | key: deleteSubscription
| Input | Notes | Example |
|---|---|---|
| Connection | The Microsoft Intune connection to use. | |
| Subscription ID | The ID of the subscription to delete. | a1b2c3d4-e5f6-7890-abcd-ef1234567890 |
{
"data": "Action successfully completed."
}
Delete Subscriptions from an Endpoint
Delete all subscriptions from an endpoint. | key: deleteAllSubscription
| Input | Notes | Example |
|---|---|---|
| Connection | The Microsoft Intune connection to use. | |
| Notification URL | The URL from which to delete all subscriptions. | https://example.com/webhook |
{
"data": [
"7f105c7d-2dc5-4530-97cd-4e7ae6534c07",
"0fc0d6db-0073-42e5-a186-853da75fb308"
]
}
Delete User
Deletes a User. | key: deleteUser
| Input | Notes | Example |
|---|---|---|
| Connection | The Microsoft Intune connection to use. | |
| User Id | Unique Identifier for the user to delete. This can be the user's id or userPrincipalName. | d36894ae-94ae-d368-ae94-68d3ae9468d3 |
{
"data": {}
}
Get Detected App
Read properties and relationships of the Detected Apps object. | key: getDetectedApp
| Input | Notes | Example |
|---|---|---|
| Connection | The Microsoft Intune connection to use. | |
| Detected App Id | Unique Identifier for the detected app to retrieve. | caf60db6-0db6-caf6-b60d-f6cab60df6ca |
{
"data": {
"@odata.type": "#microsoft.graph.detectedApp",
"id": "caf60db6-0db6-caf6-b60d-f6cab60df6ca",
"displayName": "Display Name value",
"version": "Version value",
"sizeInByte": 10,
"deviceCount": 11,
"publisher": "Publisher value",
"platform": "windows"
}
}
Get Device Compliance Policy
Get a device compliance policy by ID. | key: getDeviceCompliancePolicy
| Input | Notes | Example |
|---|---|---|
| Connection | The Microsoft Intune connection to use. | |
| Device Compliance Policy Id | Unique Identifier for the device compliance policy to retrieve. | 705c034c-034c-705c-4c03-5c704c035c70 |
{
"data": {
"@odata.type": "#microsoft.graph.deviceCompliancePolicy",
"id": "4214b716-b716-4214-16b7-144216b71442",
"createdDateTime": "2017-01-01T00:02:43.5775965-08:00",
"description": "Description value",
"lastModifiedDateTime": "2017-01-01T00:00:35.1329464-08:00",
"displayName": "Display Name value",
"version": 7
}
}
Get Device Compliance Policy Setting State Summary
Retrieve a device compliance policy setting state summary by its ID. | key: getDeviceCompliancePolicySettingStateSummary
| Input | Notes | Example |
|---|---|---|
| Connection | The Microsoft Intune connection to use. | |
| Device Compliance Policy Setting State Summary Id | Unique Identifier for the device compliance policy setting state summary to retrieve. | 705c034c-034c-705c-4c03-5c704c035c70 |
{
"data": {
"data": {
"@odata.type": "#microsoft.graph.deviceCompliancePolicySettingStateSummary",
"id": "7474d6d5-d6d5-7474-d5d6-7474d5d67474",
"setting": "Setting value",
"settingName": "Setting Name value",
"platformType": "iOS",
"unknownDeviceCount": 2,
"notApplicableDeviceCount": 8,
"compliantDeviceCount": 4,
"remediatedDeviceCount": 5,
"nonCompliantDeviceCount": 7,
"errorDeviceCount": 0,
"conflictDeviceCount": 3
}
}
}
Get Device Configuration
Get the device configurations. | key: getDeviceConfigurations
| Input | Notes | Example |
|---|---|---|
| Connection | The Microsoft Intune connection to use. | |
| Device Configuration Id | Unique Identifier for the device to retrieve. | 705c034c-034c-705c-4c03-5c704c035c70 |
{
"data": {
"@odata.type": "#microsoft.graph.deviceConfiguration",
"id": "34977265-7265-3497-6572-973465729734",
"lastModifiedDateTime": "2017-01-01T00:00:35.1329464-08:00",
"createdDateTime": "2017-01-01T00:02:43.5775965-08:00",
"description": "Description value",
"displayName": "Display Name value",
"version": 7
}
}
Get Directory Audit
Get a specific Microsoft Entra audit log item. | key: getDirectoyAudit
| Input | Notes | Example |
|---|---|---|
| Connection | The Microsoft Intune connection to use. | |
| Microsoft Entra Id | The unique identifier for the Microsoft Entra audit log item to retrieve. | 705c034c-034c-705c-4c03-5c704c035c70 |
{
"data": {
"@odata.context": "https://graph.microsoft.com/v1.0/$metadata#auditlogs/directoryaudits",
"value": [
{
"id": "id",
"category": "UserManagement",
"correlationId": "da159bfb-54fa-4092-8a38-6e1fa7870e30",
"result": "success",
"resultReason": "Successfully added member to group",
"activityDisplayName": "Add member to group",
"activityDateTime": "2018-01-09T21:20:02.7215374Z",
"loggedByService": "Core Directory",
"initiatedBy": {
"user": {
"id": "728309ae-1a37-4937-9afe-e35d964db09b",
"displayName": "Audry Oliver",
"userPrincipalName": "bob@wingtiptoysonline.com",
"ipAddress": "127.0.0.1"
},
"app": null
},
"targetResource": [
{
"id": "ef7e527d-6c92-4234-8c6d-cf6fdfb57f95",
"displayName": "Example.com",
"Type": "Group",
"modifiedProperties": [
{
"displayName": "Action Client Name",
"oldValue": null,
"newValue": "DirectorySync"
}
],
"groupType": "unifiedGroups"
},
{
"id": "1f0e98f5-3161-4c6b-9b50-d488572f2bb7",
"displayName": null,
"Type": "User",
"modifiedProperties": [],
"userPrincipalName": "example@contoso.com"
}
],
"additionalDetails": [
{
"key": "Additional Detail Name",
"value": "Additional Detail Value"
}
]
}
]
}
}
Get Group
Retrieve a single group. | key: getGroup
| Input | Notes | Example |
|---|---|---|
| Connection | The Microsoft Intune connection to use. | |
| Group Id | The ID of the group retrieve. | a1b2c3d4-e5f6-7890-abcd-ef1234567890 |
{
"data": {
"@odata.context": "https://graph.microsoft.com/v1.0/$metadata#groups/$entity",
"id": "02bd9fd6-8f93-4758-87c3-1fb73740a315",
"deletedDateTime": null,
"classification": null,
"createdDateTime": "2017-07-31T18:56:16Z",
"description": "Welcome to the HR Taskforce team.",
"displayName": "HR Taskforce",
"expirationDateTime": null,
"groupTypes": [
"Unified"
],
"isAssignableToRole": null,
"mail": "HRTaskforce@contoso.com",
"mailEnabled": true,
"mailNickname": "HRTaskforce",
"membershipRule": null,
"membershipRuleProcessingState": null,
"onPremisesDomainName": null,
"onPremisesLastSyncDateTime": null,
"onPremisesNetBiosName": null,
"onPremisesSamAccountName": null,
"onPremisesSecurityIdentifier": null,
"onPremisesSyncEnabled": null,
"preferredDataLocation": null,
"preferredLanguage": null,
"proxyAddresses": [
"SMTP:HRTaskforce@contoso.com",
"SPO:SPO_896cf652-b200-4b74-8111-c013f64406cf@SPO_dcd219dd-bc68-4b9b-bf0b-4a33a796be35"
],
"renewedDateTime": "2020-01-24T19:01:14Z",
"resourceBehaviorOptions": [],
"resourceProvisioningOptions": [
"Team"
],
"securityEnabled": false,
"securityIdentifier": "S-1-12-1-45981654-1196986259-3072312199-363020343",
"serviceProvisioningErrors": [],
"theme": null,
"visibility": "Private",
"onPremisesProvisioningErrors": []
}
}
Get Managed App
Read properties and relationships of an App object. | key: getManagedApp
| Input | Notes | Example |
|---|---|---|
| App Id | The unique identifier of a managed app. You can get this from the 'List Managed Apps' action. | caf60db6-0db6-caf6-b60d-f6cab60df6ca |
| Connection | The Microsoft Intune connection to use. |
{
"data": {
"@odata.type": "#microsoft.graph.mobileApp",
"id": "0177548a-548a-0177-8a54-77018a547701",
"displayName": "Display Name value",
"description": "Description value",
"publisher": "Publisher value",
"largeIcon": {
"@odata.type": "microsoft.graph.mimeContent",
"type": "Type value",
"value": "dmFsdWU="
},
"createdDateTime": "2017-01-01T00:02:43.5775965-08:00",
"lastModifiedDateTime": "2017-01-01T00:00:35.1329464-08:00",
"isFeatured": true,
"privacyInformationUrl": "https://example.com/privacyInformationUrl/",
"informationUrl": "https://example.com/informationUrl/",
"owner": "Owner value",
"developer": "Developer value",
"notes": "Notes value",
"publishingState": "processing"
}
}
Get Managed Device
Read properties and relationships of the Managed Device object. | key: getManagedDevice
| Input | Notes | Example |
|---|---|---|
| Connection | The Microsoft Intune connection to use. | |
| Managed Device Id | Unique Identifier for the device to retrieve. | 705c034c-034c-705c-4c03-5c704c035c70 |
{
"data": {
"@odata.type": "#microsoft.graph.managedDevice",
"id": "705c034c-034c-705c-4c03-5c704c035c70",
"userId": "User Id value",
"deviceName": "Device Name value",
"managedDeviceOwnerType": "company",
"deviceActionResults": [
{
"@odata.type": "microsoft.graph.deviceActionResult",
"actionName": "Action Name value",
"actionState": "pending",
"startDateTime": "2016-12-31T23:58:46.7156189-08:00",
"lastUpdatedDateTime": "2017-01-01T00:00:56.8321556-08:00"
}
],
"enrolledDateTime": "2016-12-31T23:59:43.797191-08:00",
"lastSyncDateTime": "2017-01-01T00:02:49.3205976-08:00",
"operatingSystem": "Operating System value",
"complianceState": "compliant",
"jailBroken": "Jail Broken value",
"managementAgent": "mdm",
"osVersion": "Os Version value",
"easActivated": true,
"easDeviceId": "Eas Device Id value",
"easActivationDateTime": "2016-12-31T23:59:43.4878784-08:00",
"azureADRegistered": true,
"deviceEnrollmentType": "userEnrollment",
"activationLockBypassCode": "Activation Lock Bypass Code value",
"emailAddress": "Email Address value",
"azureADDeviceId": "Azure ADDevice Id value",
"deviceRegistrationState": "registered",
"deviceCategoryDisplayName": "Device Category Display Name value",
"isSupervised": true,
"exchangeLastSuccessfulSyncDateTime": "2017-01-01T00:00:45.8803083-08:00",
"exchangeAccessState": "unknown",
"exchangeAccessStateReason": "unknown",
"remoteAssistanceSessionUrl": "https://example.com/remoteAssistanceSessionUrl/",
"remoteAssistanceSessionErrorDetails": "Remote Assistance Session Error Details value",
"isEncrypted": true,
"userPrincipalName": "User Principal Name value",
"model": "Model value",
"manufacturer": "Manufacturer value",
"imei": "Imei value",
"complianceGracePeriodExpirationDateTime": "2016-12-31T23:56:44.951111-08:00",
"serialNumber": "Serial Number value",
"phoneNumber": "Phone Number value",
"androidSecurityPatchLevel": "Android Security Patch Level value",
"userDisplayName": "User Display Name value",
"configurationManagerClientEnabledFeatures": {
"@odata.type": "microsoft.graph.configurationManagerClientEnabledFeatures",
"inventory": true,
"modernApps": true,
"resourceAccess": true,
"deviceConfiguration": true,
"compliancePolicy": true,
"windowsUpdateForBusiness": true
},
"wiFiMacAddress": "Wi Fi Mac Address value",
"deviceHealthAttestationState": {
"@odata.type": "microsoft.graph.deviceHealthAttestationState",
"lastUpdateDateTime": "Last Update Date Time value",
"contentNamespaceUrl": "https://example.com/contentNamespaceUrl/",
"deviceHealthAttestationStatus": "Device Health Attestation Status value",
"contentVersion": "Content Version value",
"issuedDateTime": "2016-12-31T23:58:22.1231038-08:00",
"attestationIdentityKey": "Attestation Identity Key value",
"resetCount": 10,
"restartCount": 12,
"dataExcutionPolicy": "Data Excution Policy value",
"bitLockerStatus": "Bit Locker Status value",
"bootManagerVersion": "Boot Manager Version value",
"codeIntegrityCheckVersion": "Code Integrity Check Version value",
"secureBoot": "Secure Boot value",
"bootDebugging": "Boot Debugging value",
"operatingSystemKernelDebugging": "Operating System Kernel Debugging value",
"codeIntegrity": "Code Integrity value",
"testSigning": "Test Signing value",
"safeMode": "Safe Mode value",
"windowsPE": "Windows PE value",
"earlyLaunchAntiMalwareDriverProtection": "Early Launch Anti Malware Driver Protection value",
"virtualSecureMode": "Virtual Secure Mode value",
"pcrHashAlgorithm": "Pcr Hash Algorithm value",
"bootAppSecurityVersion": "Boot App Security Version value",
"bootManagerSecurityVersion": "Boot Manager Security Version value",
"tpmVersion": "Tpm Version value",
"pcr0": "Pcr0 value",
"secureBootConfigurationPolicyFingerPrint": "Secure Boot Configuration Policy Finger Print value",
"codeIntegrityPolicy": "Code Integrity Policy value",
"bootRevisionListInfo": "Boot Revision List Info value",
"operatingSystemRevListInfo": "Operating System Rev List Info value",
"healthStatusMismatchInfo": "Health Status Mismatch Info value",
"healthAttestationSupportedStatus": "Health Attestation Supported Status value"
},
"subscriberCarrier": "Subscriber Carrier value",
"meid": "Meid value",
"totalStorageSpaceInBytes": 8,
"freeStorageSpaceInBytes": 7,
"managedDeviceName": "Managed Device Name value",
"partnerReportedThreatState": "activated",
"requireUserEnrollmentApproval": true,
"managementCertificateExpirationDate": "2016-12-31T23:57:59.9789653-08:00",
"iccid": "Iccid value",
"udid": "Udid value",
"notes": "Notes value",
"ethernetMacAddress": "Ethernet Mac Address value",
"physicalMemoryInBytes": 5,
"enrollmentProfileName": "Enrollment Profile Name value"
}
}
Get Mobile App
Retrieve a single mobile app. | key: getMobileApp
| Input | Notes | Example |
|---|---|---|
| Connection | The Microsoft Intune connection to use. | |
| Mobile App Id | Unique identifier for the mobile app (UUID format). | a1b2c3d4-e5f6-7890-abcd-ef1234567890 |
{
"data": {
"@odata.type": "#microsoft.graph.mobileApp",
"id": "0177548a-548a-0177-8a54-77018a547701",
"displayName": "Display Name value",
"description": "Description value",
"publisher": "Publisher value",
"largeIcon": {
"@odata.type": "microsoft.graph.mimeContent",
"type": "Type value",
"value": "dmFsdWU="
},
"createdDateTime": "2017-01-01T00:02:43.5775965-08:00",
"lastModifiedDateTime": "2017-01-01T00:00:35.1329464-08:00",
"isFeatured": true,
"privacyInformationUrl": "https://example.com/privacyInformationUrl/",
"informationUrl": "https://example.com/informationUrl/",
"owner": "Owner value",
"developer": "Developer value",
"notes": "Notes value",
"publishingState": "processing"
}
}
Get Mobile App Assignment
Retrieve a single mobile app assignment. | key: getMobileAppAssignment
| Input | Notes | Example |
|---|---|---|
| Connection | The Microsoft Intune connection to use. | |
| Mobile App Assignment Id | Unique Identifier for the mobile app assignment to get. | 0177548a-548a-0177-8a54-77018a547701 |
| Mobile App Id | Unique identifier for the mobile app (UUID format). | a1b2c3d4-e5f6-7890-abcd-ef1234567890 |
{
"data": {
"@odata.type": "#microsoft.graph.mobileAppAssignment",
"id": "591620b7-20b7-5916-b720-1659b7201659",
"intent": "required",
"target": {
"@odata.type": "microsoft.graph.allLicensedUsersAssignmentTarget"
},
"settings": {
"@odata.type": "microsoft.graph.windowsUniversalAppXAppAssignmentSettings",
"useDeviceContext": true
}
}
}
Get Subscription
Retrieve a single subscription. | key: getSubscription
| Input | Notes | Example |
|---|---|---|
| Connection | The Microsoft Intune connection to use. | |
| Subscription ID | The unique identifier of the subscription (UUID format). | a1b2c3d4-e5f6-7890-abcd-ef1234567890 |
{
"data": [
{
"id": "7f105c7d-2dc5-4530-97cd-4e7ae6534c07",
"resource": "me/messages",
"applicationId": "string",
"changeType": "created,updated",
"clientState": "secretClientValue",
"notificationUrl": "https://webhook.azurewebsites.net/api/send/myNotifyClient",
"lifecycleNotificationUrl": "https://webhook.azurewebsites.net/api/send/lifecycleNotifications",
"expirationDateTime": "2016-11-20T18:23:45.9356913Z",
"creatorId": "string",
"latestSupportedTlsVersion": "v1_2",
"encryptionCertificate": "",
"encryptionCertificateId": "",
"includeResourceData": false,
"notificationContentType": "application/json"
}
]
}
Get User
Read properties and relationships of the User object. | key: getUser
| Input | Notes | Example |
|---|---|---|
| Select | Comma-separated list of properties to include in the response. Reduces payload size. | id,displayName,mail |
| Connection | The Microsoft Intune connection to use. | |
| User Id | Unique Identifier for the user to get. This can be the user's id or userPrincipalName. | d36894ae-94ae-d368-ae94-68d3ae9468d3 |
{
"data": {
"businessPhones": [
"+1 425 555 0109"
],
"displayName": "Adele Vance",
"givenName": "Adele",
"jobTitle": "Retail Manager",
"mail": "AdeleV@contoso.com",
"mobilePhone": "+1 425 555 0109",
"officeLocation": "18/2111",
"preferredLanguage": "en-US",
"surname": "Vance",
"userPrincipalName": "AdeleV@contoso.com",
"id": "87d349ed-44d7-43e1-9a83-5f2406dee5bd"
}
}
List Detected Apps
List properties and relationships of the Detected Apps objects. | key: listDetectedApps
| Input | Notes | Example |
|---|---|---|
| Count | When true, retrieves the total count of matching resources. | false |
| Expand | Comma-separated list of relationships to expand and include in the response. | members,owners |
| Filter | OData filter expression to filter results. Supports operators like eq, ne, startswith, contains. | startswith(givenName,'J') |
| Format | Response format. Typically 'json' for JSON output. | json |
| Order By | Property to sort results by. Add 'asc' or 'desc' suffix for sort direction. | displayName desc |
| Search | Returns results based on search criteria. Use format 'property:value' for specific searches. | displayName:Marketing |
| Select | Comma-separated list of properties to include in the response. Reduces payload size. | id,displayName,mail |
| Skip | Number of results to skip. Use with $top for manual pagination. | 100 |
| Skip Token | Token from a previous response's @odata.nextLink to retrieve the next page of results. | X%274453707402000100000017... |
| Top | Maximum number of results to return per page. | 50 |
| Connection | The Microsoft Intune connection to use. |
{
"data": {
"value": [
{
"@odata.type": "#microsoft.graph.detectedApp",
"id": "caf60db6-0db6-caf6-b60d-f6cab60df6ca",
"displayName": "Display Name value",
"version": "Version value",
"sizeInByte": 10,
"deviceCount": 11,
"publisher": "Publisher value",
"platform": "windows"
}
]
}
}
List Device Compliance Policies
List all device compliance policies. | key: listDeviceCompliancePolicies
| Input | Notes | Example |
|---|---|---|
| Connection | The Microsoft Intune connection to use. |
{
"data": {
"value": [
{
"@odata.type": "#microsoft.graph.deviceCompliancePolicy",
"id": "4214b716-b716-4214-16b7-144216b71442",
"createdDateTime": "2017-01-01T00:02:43.5775965-08:00",
"description": "Description value",
"lastModifiedDateTime": "2017-01-01T00:00:35.1329464-08:00",
"displayName": "Display Name value",
"version": 7
}
]
}
}
List Device Compliance Policy Setting State Summaries
Retrieve a list of device compliance policy setting state summaries. | key: listDeviceCompliancePolicySettingStateSummaries
| Input | Notes | Example |
|---|---|---|
| Connection | The Microsoft Intune connection to use. |
{
"data": {
"data": {
"value": [
{
"@odata.type": "#microsoft.graph.deviceCompliancePolicySettingStateSummary",
"id": "7474d6d5-d6d5-7474-d5d6-7474d5d67474",
"setting": "Setting value",
"settingName": "Setting Name value",
"platformType": "iOS",
"unknownDeviceCount": 2,
"notApplicableDeviceCount": 8,
"compliantDeviceCount": 4,
"remediatedDeviceCount": 5,
"nonCompliantDeviceCount": 7,
"errorDeviceCount": 0,
"conflictDeviceCount": 3
}
]
}
}
}
List Device Configurations
List all device configurations. | key: listDeviceConfigurations
| Input | Notes | Example |
|---|---|---|
| Connection | The Microsoft Intune connection to use. |
{
"data": {
"value": [
{
"@odata.type": "#microsoft.graph.deviceConfiguration",
"id": "34977265-7265-3497-6572-973465729734",
"lastModifiedDateTime": "2017-01-01T00:00:35.1329464-08:00",
"createdDateTime": "2017-01-01T00:02:43.5775965-08:00",
"description": "Description value",
"displayName": "Display Name value",
"version": 7
}
]
}
}
List Directory Audits
Retrieve a list of directory audits. | key: listDirectoryAudits
| Input | Notes | Example |
|---|---|---|
| Filter | OData filter expression to filter results. Supports operators like eq, ne, startswith, contains. | startswith(givenName,'J') |
| Order By | Property to sort results by. Add 'asc' or 'desc' suffix for sort direction. | displayName desc |
| Skip Token | Token from a previous response's @odata.nextLink to retrieve the next page of results. | X%274453707402000100000017... |
| Top | Maximum number of results to return per page. | 50 |
| Connection | The Microsoft Intune connection to use. | |
| Fetch All | When true, fetches all pages of results using pagination. | false |
{
"data": {
"@odata.context": "https://graph.microsoft.com/v1.0/$metadata#auditlogs/directoryaudits",
"value": [
{
"id": "id",
"category": "UserManagement",
"correlationId": "da159bfb-54fa-4092-8a38-6e1fa7870e30",
"result": "success",
"resultReason": "Successfully added member to group",
"activityDisplayName": "Add member to group",
"activityDateTime": "2018-01-09T21:20:02.7215374Z",
"loggedByService": "Core Directory",
"initiatedBy": {
"user": {
"id": "728309ae-1a37-4937-9afe-e35d964db09b",
"displayName": "Audry Oliver",
"userPrincipalName": "bob@wingtiptoysonline.com",
"ipAddress": "127.0.0.1"
},
"app": null
},
"targetResources": [
{
"id": "ef7e527d-6c92-4234-8c6d-cf6fdfb57f95",
"displayName": "Example.com",
"Type": "Group",
"modifiedProperties": [
{
"displayName": "Action Client Name",
"oldValue": null,
"newValue": "DirectorySync"
}
],
"groupType": "unifiedGroups"
},
{
"id": "1f0e98f5-3161-4c6b-9b50-d488572f2bb7",
"displayName": null,
"Type": "User",
"modifiedProperties": [],
"userPrincipalName": "bob@contoso.com"
}
],
"additionalDetails": [
{
"key": "Additional Detail Name",
"value": "Additional Detail Value"
}
]
}
]
}
}
List Domains
Retrieve a list of domain objects. | key: listDomains
| Input | Notes | Example |
|---|---|---|
| Count | When true, retrieves the total count of matching resources. | false |
| Expand | Comma-separated list of relationships to expand and include in the response. | members,owners |
| Filter | OData filter expression to filter results. Supports operators like eq, ne, startswith, contains. | startswith(givenName,'J') |
| Format | Response format. Typically 'json' for JSON output. | json |
| Order By | Property to sort results by. Add 'asc' or 'desc' suffix for sort direction. | displayName desc |
| Search | Returns results based on search criteria. Use format 'property:value' for specific searches. | displayName:Marketing |
| Select | Comma-separated list of properties to include in the response. Reduces payload size. | id,displayName,mail |
| Skip | Number of results to skip. Use with $top for manual pagination. | 100 |
| Skip Token | Token from a previous response's @odata.nextLink to retrieve the next page of results. | X%274453707402000100000017... |
| Top | Maximum number of results to return per page. | 50 |
| Connection | The Microsoft Intune connection to use. |
{
"data": {
"value": [
{
"authenticationType": "authenticationType-value",
"availabilityStatus": "availabilityStatus-value",
"isAdminManaged": true,
"isDefault": true,
"isInitial": true,
"isRoot": true,
"id": "contoso.com",
"supportedServices": [
"Email",
"OfficeCommunicationsOnline"
]
}
]
}
}
List Group Members
List all members of a security or Microsoft 365 group. | key: listMembersFromGroup
| Input | Notes | Example |
|---|---|---|
| Count | When true, retrieves the total count of matching resources. | false |
| Expand | Comma-separated list of relationships to expand and include in the response. | members,owners |
| Filter | OData filter expression to filter results. Supports operators like eq, ne, startswith, contains. | startswith(givenName,'J') |
| Search | Returns results based on search criteria. Use format 'property:value' for specific searches. | displayName:Marketing |
| Select | Comma-separated list of properties to include in the response. Reduces payload size. | id,displayName,mail |
| Top | Maximum number of results to return per page. | 50 |
| Connection | The Microsoft Intune connection to use. | |
| Group Id | The unique identifier of a MS365 or Security group. | a1b2c3d4-e5f6-7890-abcd-ef1234567890 |
{
"data": {
"@odata.context": "https://graph.microsoft.com/v1.0/$metadata#directoryObjects",
"value": [
{
"id": "11111111-2222-3333-4444-555555555555",
"mail": "user1@contoso.com"
}
]
}
}
List Groups
List all groups. | key: listGroups
| Input | Notes | Example |
|---|---|---|
| Count | When true, retrieves the total count of matching resources. | false |
| Expand | Comma-separated list of relationships to expand and include in the response. | members,owners |
| Filter | OData filter expression to filter results. Supports operators like eq, ne, startswith, contains. | startswith(givenName,'J') |
| Order By | Property to sort results by. Add 'asc' or 'desc' suffix for sort direction. | displayName desc |
| Search | Returns results based on search criteria. Use format 'property:value' for specific searches. | displayName:Marketing |
| Select | Comma-separated list of properties to include in the response. Reduces payload size. | id,displayName,mail |
| Top | Maximum number of results to return per page. | 50 |
| Connection | The Microsoft Intune connection to use. | |
| Fetch All | When true, fetches all pages of results using pagination. | false |
{
"data": {
"@odata.context": "https://graph.microsoft.com/v1.0/$metadata#groups",
"value": [
{
"id": "45b7d2e7-b882-4a80-ba97-10b7a63b8fa4",
"deletedDateTime": null,
"classification": null,
"createdDateTime": "2018-12-22T02:21:05Z",
"description": "Self help community for golf",
"displayName": "Golf Assist",
"expirationDateTime": null,
"groupTypes": [
"Unified"
],
"isAssignableToRole": null,
"mail": "golfassist@contoso.com",
"mailEnabled": true,
"mailNickname": "golfassist",
"membershipRule": null,
"membershipRuleProcessingState": null,
"onPremisesLastSyncDateTime": null,
"onPremisesSecurityIdentifier": null,
"onPremisesSyncEnabled": null,
"preferredDataLocation": "CAN",
"preferredLanguage": null,
"proxyAddresses": [
"smtp:golfassist@contoso.com",
"SMTP:golfassist@contoso.com"
],
"renewedDateTime": "2018-12-22T02:21:05Z",
"resourceBehaviorOptions": [],
"resourceProvisioningOptions": [],
"securityEnabled": false,
"theme": null,
"visibility": "Public",
"onPremisesProvisioningErrors": []
},
{
"id": "d7797254-3084-44d0-99c9-a3b5ab149538",
"deletedDateTime": null,
"classification": null,
"createdDateTime": "2018-11-19T20:29:40Z",
"description": "Talk about golf",
"displayName": "Golf Discussion",
"expirationDateTime": null,
"groupTypes": [],
"isAssignableToRole": null,
"mail": "golftalk@contoso.com",
"mailEnabled": true,
"mailNickname": "golftalk",
"membershipRule": null,
"membershipRuleProcessingState": null,
"onPremisesLastSyncDateTime": null,
"onPremisesSecurityIdentifier": null,
"onPremisesSyncEnabled": null,
"preferredDataLocation": "CAN",
"preferredLanguage": null,
"proxyAddresses": [
"smtp:golftalk@contoso.com",
"SMTP:golftalk@contoso.com"
],
"renewedDateTime": "2018-11-19T20:29:40Z",
"resourceBehaviorOptions": [],
"resourceProvisioningOptions": [],
"securityEnabled": false,
"serviceProvisioningErrors": [],
"theme": null,
"visibility": null,
"onPremisesProvisioningErrors": []
}
]
}
}
List Managed Apps
List all managed apps in Intune. | key: listManagedApps
| Input | Notes | Example |
|---|---|---|
| Count | When true, retrieves the total count of matching resources. | false |
| Expand | Comma-separated list of relationships to expand and include in the response. | members,owners |
| Filter | OData filter expression to filter results. Supports operators like eq, ne, startswith, contains. | startswith(givenName,'J') |
| Format | Response format. Typically 'json' for JSON output. | json |
| Order By | Property to sort results by. Add 'asc' or 'desc' suffix for sort direction. | displayName desc |
| Search | Returns results based on search criteria. Use format 'property:value' for specific searches. | displayName:Marketing |
| Select | Comma-separated list of properties to include in the response. Reduces payload size. | id,displayName,mail |
| Skip | Number of results to skip. Use with $top for manual pagination. | 100 |
| Skip Token | Token from a previous response's @odata.nextLink to retrieve the next page of results. | X%274453707402000100000017... |
| Top | Maximum number of results to return per page. | 50 |
| Connection | The Microsoft Intune connection to use. |
{
"data": {
"value": [
{
"@odata.type": "#microsoft.graph.webApp",
"id": "4bdc5d30-5d30-4bdc-305d-dc4b305ddc4b",
"displayName": "Display Name value",
"description": "Description value",
"publisher": "Publisher value",
"largeIcon": {
"@odata.type": "microsoft.graph.mimeContent",
"type": "Type value",
"value": "dmFsdWU="
},
"createdDateTime": "2017-01-01T00:02:43.5775965-08:00",
"lastModifiedDateTime": "2017-01-01T00:00:35.1329464-08:00",
"isFeatured": true,
"privacyInformationUrl": "https://example.com/privacyInformationUrl/",
"informationUrl": "https://example.com/informationUrl/",
"owner": "Owner value",
"developer": "Developer value",
"notes": "Notes value",
"publishingState": "processing",
"appUrl": "https://example.com/appUrl/",
"useManagedBrowser": true
}
]
}
}
List Managed Devices
List properties and relationships of the Managed Device objects. | key: listManagedDevices
| Input | Notes | Example |
|---|---|---|
| Count | When true, retrieves the total count of matching resources. | false |
| Expand | Comma-separated list of relationships to expand and include in the response. | members,owners |
| Filter | OData filter expression to filter results. Supports operators like eq, ne, startswith, contains. | startswith(givenName,'J') |
| Format | Response format. Typically 'json' for JSON output. | json |
| Order By | Property to sort results by. Add 'asc' or 'desc' suffix for sort direction. | displayName desc |
| Search | Returns results based on search criteria. Use format 'property:value' for specific searches. | displayName:Marketing |
| Select | Comma-separated list of properties to include in the response. Reduces payload size. | id,displayName,mail |
| Skip | Number of results to skip. Use with $top for manual pagination. | 100 |
| Skip Token | Token from a previous response's @odata.nextLink to retrieve the next page of results. | X%274453707402000100000017... |
| Top | Maximum number of results to return per page. | 50 |
| Connection | The Microsoft Intune connection to use. |
{
"data": {
"value": [
{
"@odata.type": "#microsoft.graph.managedDevice",
"id": "705c034c-034c-705c-4c03-5c704c035c70",
"userId": "User Id value",
"deviceName": "Device Name value",
"managedDeviceOwnerType": "company",
"deviceActionResults": [
{
"@odata.type": "microsoft.graph.deviceActionResult",
"actionName": "Action Name value",
"actionState": "pending",
"startDateTime": "2016-12-31T23:58:46.7156189-08:00",
"lastUpdatedDateTime": "2017-01-01T00:00:56.8321556-08:00"
}
],
"enrolledDateTime": "2016-12-31T23:59:43.797191-08:00",
"lastSyncDateTime": "2017-01-01T00:02:49.3205976-08:00",
"operatingSystem": "Operating System value",
"complianceState": "compliant",
"jailBroken": "Jail Broken value",
"managementAgent": "mdm",
"osVersion": "Os Version value",
"easActivated": true,
"easDeviceId": "Eas Device Id value",
"easActivationDateTime": "2016-12-31T23:59:43.4878784-08:00",
"azureADRegistered": true,
"deviceEnrollmentType": "userEnrollment",
"activationLockBypassCode": "Activation Lock Bypass Code value",
"emailAddress": "Email Address value",
"azureADDeviceId": "Azure ADDevice Id value",
"deviceRegistrationState": "registered",
"deviceCategoryDisplayName": "Device Category Display Name value",
"isSupervised": true,
"exchangeLastSuccessfulSyncDateTime": "2017-01-01T00:00:45.8803083-08:00",
"exchangeAccessState": "unknown",
"exchangeAccessStateReason": "unknown",
"remoteAssistanceSessionUrl": "https://example.com/remoteAssistanceSessionUrl/",
"remoteAssistanceSessionErrorDetails": "Remote Assistance Session Error Details value",
"isEncrypted": true,
"userPrincipalName": "User Principal Name value",
"model": "Model value",
"manufacturer": "Manufacturer value",
"imei": "Imei value",
"complianceGracePeriodExpirationDateTime": "2016-12-31T23:56:44.951111-08:00",
"serialNumber": "Serial Number value",
"phoneNumber": "Phone Number value",
"androidSecurityPatchLevel": "Android Security Patch Level value",
"userDisplayName": "User Display Name value",
"configurationManagerClientEnabledFeatures": {
"@odata.type": "microsoft.graph.configurationManagerClientEnabledFeatures",
"inventory": true,
"modernApps": true,
"resourceAccess": true,
"deviceConfiguration": true,
"compliancePolicy": true,
"windowsUpdateForBusiness": true
},
"wiFiMacAddress": "Wi Fi Mac Address value",
"deviceHealthAttestationState": {
"@odata.type": "microsoft.graph.deviceHealthAttestationState",
"lastUpdateDateTime": "Last Update Date Time value",
"contentNamespaceUrl": "https://example.com/contentNamespaceUrl/",
"deviceHealthAttestationStatus": "Device Health Attestation Status value",
"contentVersion": "Content Version value",
"issuedDateTime": "2016-12-31T23:58:22.1231038-08:00",
"attestationIdentityKey": "Attestation Identity Key value",
"resetCount": 10,
"restartCount": 12,
"dataExcutionPolicy": "Data Excution Policy value",
"bitLockerStatus": "Bit Locker Status value",
"bootManagerVersion": "Boot Manager Version value",
"codeIntegrityCheckVersion": "Code Integrity Check Version value",
"secureBoot": "Secure Boot value",
"bootDebugging": "Boot Debugging value",
"operatingSystemKernelDebugging": "Operating System Kernel Debugging value",
"codeIntegrity": "Code Integrity value",
"testSigning": "Test Signing value",
"safeMode": "Safe Mode value",
"windowsPE": "Windows PE value",
"earlyLaunchAntiMalwareDriverProtection": "Early Launch Anti Malware Driver Protection value",
"virtualSecureMode": "Virtual Secure Mode value",
"pcrHashAlgorithm": "Pcr Hash Algorithm value",
"bootAppSecurityVersion": "Boot App Security Version value",
"bootManagerSecurityVersion": "Boot Manager Security Version value",
"tpmVersion": "Tpm Version value",
"pcr0": "Pcr0 value",
"secureBootConfigurationPolicyFingerPrint": "Secure Boot Configuration Policy Finger Print value",
"codeIntegrityPolicy": "Code Integrity Policy value",
"bootRevisionListInfo": "Boot Revision List Info value",
"operatingSystemRevListInfo": "Operating System Rev List Info value",
"healthStatusMismatchInfo": "Health Status Mismatch Info value",
"healthAttestationSupportedStatus": "Health Attestation Supported Status value"
},
"subscriberCarrier": "Subscriber Carrier value",
"meid": "Meid value",
"totalStorageSpaceInBytes": 8,
"freeStorageSpaceInBytes": 7,
"managedDeviceName": "Managed Device Name value",
"partnerReportedThreatState": "activated",
"requireUserEnrollmentApproval": true,
"managementCertificateExpirationDate": "2016-12-31T23:57:59.9789653-08:00",
"iccid": "Iccid value",
"udid": "Udid value",
"notes": "Notes value",
"ethernetMacAddress": "Ethernet Mac Address value",
"physicalMemoryInBytes": 5,
"enrollmentProfileName": "Enrollment Profile Name value"
}
]
}
}
List Mobile App Assignments
List all assignments for a mobile app. | key: listMobileAppAssignments
| Input | Notes | Example |
|---|---|---|
| Count | When true, retrieves the total count of matching resources. | false |
| Expand | Comma-separated list of relationships to expand and include in the response. | members,owners |
| Filter | OData filter expression to filter results. Supports operators like eq, ne, startswith, contains. | startswith(givenName,'J') |
| Format | Response format. Typically 'json' for JSON output. | json |
| Order By | Property to sort results by. Add 'asc' or 'desc' suffix for sort direction. | displayName desc |
| Search | Returns results based on search criteria. Use format 'property:value' for specific searches. | displayName:Marketing |
| Select | Comma-separated list of properties to include in the response. Reduces payload size. | id,displayName,mail |
| Skip | Number of results to skip. Use with $top for manual pagination. | 100 |
| Skip Token | Token from a previous response's @odata.nextLink to retrieve the next page of results. | X%274453707402000100000017... |
| Top | Maximum number of results to return per page. | 50 |
| Connection | The Microsoft Intune connection to use. | |
| Fetch All | When true, fetches all pages of results using pagination. | false |
| Mobile App Id | Unique identifier for the mobile app (UUID format). | a1b2c3d4-e5f6-7890-abcd-ef1234567890 |
{
"data": {
"value": [
{
"@odata.type": "#microsoft.graph.mobileAppAssignment",
"id": "591620b7-20b7-5916-b720-1659b7201659",
"intent": "required",
"target": {
"@odata.type": "microsoft.graph.allLicensedUsersAssignmentTarget"
},
"settings": {
"@odata.type": "microsoft.graph.windowsUniversalAppXAppAssignmentSettings",
"useDeviceContext": true
}
}
]
}
}
List Mobile Apps
Retrieve a list of mobile apps. | key: listMobileApps
| Input | Notes | Example |
|---|---|---|
| Count | When true, retrieves the total count of matching resources. | false |
| Expand | Comma-separated list of relationships to expand and include in the response. | members,owners |
| Filter | OData filter expression to filter results. Supports operators like eq, ne, startswith, contains. | startswith(givenName,'J') |
| Format | Response format. Typically 'json' for JSON output. | json |
| Order By | Property to sort results by. Add 'asc' or 'desc' suffix for sort direction. | displayName desc |
| Search | Returns results based on search criteria. Use format 'property:value' for specific searches. | displayName:Marketing |
| Select | Comma-separated list of properties to include in the response. Reduces payload size. | id,displayName,mail |
| Skip | Number of results to skip. Use with $top for manual pagination. | 100 |
| Skip Token | Token from a previous response's @odata.nextLink to retrieve the next page of results. | X%274453707402000100000017... |
| Top | Maximum number of results to return per page. | 50 |
| Connection | The Microsoft Intune connection to use. | |
| Fetch All | When true, fetches all pages of results using pagination. | false |
{
"data": {
"value": [
{
"@odata.type": "#microsoft.graph.mobileApp",
"id": "0177548a-548a-0177-8a54-77018a547701",
"displayName": "Display Name value",
"description": "Description value",
"publisher": "Publisher value",
"largeIcon": {
"@odata.type": "microsoft.graph.mimeContent",
"type": "Type value",
"value": "dmFsdWU="
},
"createdDateTime": "2017-01-01T00:02:43.5775965-08:00",
"lastModifiedDateTime": "2017-01-01T00:00:35.1329464-08:00",
"isFeatured": true,
"privacyInformationUrl": "https://example.com/privacyInformationUrl/",
"informationUrl": "https://example.com/informationUrl/",
"owner": "Owner value",
"developer": "Developer value",
"notes": "Notes value",
"publishingState": "processing"
}
]
}
}
List Software Update Status Summary
List the status summary of a software update. | key: listSoftwareUpdateStatusSummary
| Input | Notes | Example |
|---|---|---|
| Expand | Comma-separated list of relationships to expand and include in the response. | members,owners |
| Format | Response format. Typically 'json' for JSON output. | json |
| Search | Returns results based on search criteria. Use format 'property:value' for specific searches. | displayName:Marketing |
| Select | Comma-separated list of properties to include in the response. Reduces payload size. | id,displayName,mail |
| Skip Token | Token from a previous response's @odata.nextLink to retrieve the next page of results. | X%274453707402000100000017... |
| Connection | The Microsoft Intune connection to use. | |
| Fetch All | When true, fetches all pages of results using pagination. | false |
{
"data": {
"data": {
"@odata.type": "#microsoft.graph.detectedApp",
"id": "caf60db6-0db6-caf6-b60d-f6cab60df6ca",
"displayName": "Display Name value",
"version": "Version value",
"sizeInByte": 10,
"deviceCount": 11,
"publisher": "Publisher value",
"platform": "windows"
}
}
}
List Subscriptions
List all Subscriptions. | key: listSubscriptions
| Input | Notes | Example |
|---|---|---|
| Skip Token | Token from a previous response's @odata.nextLink to retrieve the next page of results. | X%274453707402000100000017... |
| Connection | The Microsoft Intune connection to use. | |
| Fetch All | When true, fetches all pages of results using pagination. | false |
{
"data": {
"@odata.context": "https://graph.microsoft.com/v1.0/$metadata#subscriptions",
"value": [
{
"id": "0fc0d6db-0073-42e5-a186-853da75fb308",
"resource": "Users",
"applicationId": "24d3b144-21ae-4080-943f-7067b395b913",
"changeType": "updated,deleted",
"clientState": null,
"notificationUrl": "https://webhookappexample.azurewebsites.net/api/notifications",
"lifecycleNotificationUrl": "https://webhook.azurewebsites.net/api/send/lifecycleNotifications",
"expirationDateTime": "2018-03-12T05:00:00Z",
"creatorId": "8ee44408-0679-472c-bc2a-692812af3437",
"latestSupportedTlsVersion": "v1_2",
"encryptionCertificate": "",
"encryptionCertificateId": "",
"includeResourceData": false,
"notificationContentType": "application/json"
}
]
}
}
List Users
Retrieve a list of user objects. | key: listUsers
| Input | Notes | Example |
|---|---|---|
| Count | When true, retrieves the total count of matching resources. | false |
| Expand | Comma-separated list of relationships to expand and include in the response. | members,owners |
| Filter | OData filter expression to filter results. Supports operators like eq, ne, startswith, contains. | startswith(givenName,'J') |
| Format | Response format. Typically 'json' for JSON output. | json |
| Order By | Property to sort results by. Add 'asc' or 'desc' suffix for sort direction. | displayName desc |
| Search | Returns results based on search criteria. Use format 'property:value' for specific searches. | displayName:Marketing |
| Select | Comma-separated list of properties to include in the response. Reduces payload size. | id,displayName,mail |
| Skip | Number of results to skip. Use with $top for manual pagination. | 100 |
| Skip Token | Token from a previous response's @odata.nextLink to retrieve the next page of results. | X%274453707402000100000017... |
| Top | Maximum number of results to return per page. | 50 |
| Connection | The Microsoft Intune connection to use. |
{
"data": {
"@odata.context": "https://graph.microsoft.com/v1.0/$metadata#users",
"value": [
{
"businessPhones": [],
"displayName": "Conf Room Adams",
"givenName": null,
"jobTitle": null,
"mail": "Adams@contoso.com",
"mobilePhone": null,
"officeLocation": null,
"preferredLanguage": null,
"surname": null,
"userPrincipalName": "Adams@contoso.com",
"id": "6ea91a8d-e32e-41a1-b7bd-d2d185eed0e0"
},
{
"businessPhones": [
"425-555-0100"
],
"displayName": "MOD Administrator",
"givenName": "MOD",
"jobTitle": null,
"mail": null,
"mobilePhone": "425-555-0101",
"officeLocation": null,
"preferredLanguage": "en-US",
"surname": "Administrator",
"userPrincipalName": "admin@contoso.com",
"id": "4562bcc8-c436-4f95-b7c0-4f8ce89dca5e"
}
]
}
}
Raw Request
Send raw HTTP request to Microsoft Intune API | key: rawRequest
| Input | Notes | Example |
|---|---|---|
| API Version | The version of the API to use. | |
| Connection | The Microsoft Intune connection to use. | |
| Data | The HTTP body payload to send to the URL. | {"exampleKey": "Example Data"} |
| Debug Request | Enable this to log the request and response | false |
| File Data | File Data to be sent as a multipart form upload. | [{key: "example.txt", value: "My File Contents"}] |
| File Data File Names | File names to apply to the file data inputs. Keys must match the file data keys above. | |
| Form Data | The Form Data to be sent as a multipart form upload. | [{"key": "Example Key", "value": new Buffer("Hello World")}] |
| Header | A list of headers to send with the request. | User-Agent: curl/7.64.1 |
| Max Retry Count | The maximum number of retries to attempt. Specify 0 for no retries. | 0 |
| Method | The HTTP method to use. | |
| Query Parameter | A list of query parameters to send with the request. This is the portion at the end of the URL similar to ?key1=value1&key2=value2. | |
| Response Type | The type of data you expect in the response. You can request json, text, or binary data. | json |
| Retry On All Errors | If true, retries on all erroneous responses regardless of type. This is helpful when retrying after HTTP 429 or other 3xx or 4xx errors. Otherwise, only retries on HTTP 5xx and network errors. | false |
| Retry Delay (ms) | The delay in milliseconds between retries. This is used when 'Use Exponential Backoff' is disabled. | 0 |
| Timeout | The maximum time that a client will await a response to its request | 2000 |
| URL | Input the path only (/deviceManagement/detectedApps), The base URL is already included (https://graph.microsoft.com/v1.0). For example, to connect to https://graph.microsoft.com/v1.0/deviceManagement/detectedApps, only /deviceManagement/detectedApps is entered in this field. e.g. /deviceManagement/detectedApps | /sobjects/Account |
| Use Exponential Backoff | Specifies whether to use a pre-defined exponential backoff strategy for retries. When enabled, 'Retry Delay (ms)' is ignored. | false |
Reprocess User License Assignment
Reprocess all group-based license assignments for the user. | key: reprocessUserLicenseAssignment
| Input | Notes | Example |
|---|---|---|
| Connection | The Microsoft Intune connection to use. | |
| User Id | Unique Identifier for the user to reprocess the license assignment. This can be the user's id or userPrincipalName. | d36894ae-94ae-d368-ae94-68d3ae9468d3 |
{
"data": {
"accountEnabled": true,
"assignedLicenses": [
{
"disabledPlans": [
"11b0131d-43c8-4bbb-b2c8-e80f9a50834a"
],
"skuId": "skuId-value"
}
],
"assignedPlans": [
{
"assignedDateTime": "2016-10-19T10:37:00Z",
"capabilityStatus": "capabilityStatus-value",
"service": "service-value",
"servicePlanId": "bea13e0c-3828-4daa-a392-28af7ff61a0f"
}
],
"businessPhones": [
"businessPhones-value"
],
"city": "city-value",
"companyName": "companyName-value"
}
}
Retire Managed Device
Retire a device from Intune management upon employee offboarding. | key: retireDevice
| Input | Notes | Example |
|---|---|---|
| Connection | The Microsoft Intune connection to use. | |
| Managed Device Id | Unique Identifier for the device to retire. | a1b2c3d4-e5f6-7890-abcd-ef1234567890 |
{
"data": "Action successfully completed."
}
Update Group
Update a single group. | key: updateGroup
| Input | Notes | Example |
|---|---|---|
| Assigned Labels | The list of sensitivity label pairs (label ID, label name) associated with a group | |
| Body Fields | Additional JSON properties to include in the request body. These will be merged with other input values. | |
| Connection | The Microsoft Intune connection to use. | |
| Description | A description for the group. | Self help community for library |
| Display Name | The name to display in the address book for the group. | Library Assist |
| Group Id | The ID of the group update. | a1b2c3d4-e5f6-7890-abcd-ef1234567890 |
| Mail Nickname | The mail alias for the group, unique for Microsoft 365 groups in the organization. | library |
| Security Enabled | Set to true for mail-enabled groups. If Not Set the input will not be included in the request. | |
| Visibility | Specifies the visibility of the group. Possible values are Private, Public, or Hiddenmembership. | Public |
{
"data": "Action successfully completed."
}
Update Managed App
Update an App object. | key: updateManagedApp
| Input | Notes | Example |
|---|---|---|
| Connection | The Microsoft Intune connection to use. | |
| Description | Update the description to help your device users understand what the app is and/or what they can do in the app. This comments will be visible to them in Company Portal. | This is an Office Suite app. |
| Developer | Update the developer of the app. This information will be visible to users in Company Portal. | Microsoft |
| Display Name | Update the name for the app. This name will be visible in the Intune apps list and to users in the Company Portal. | Office Suite App |
| Information URL | Update the URL that links to more information about the app. This URL will be visible to users in Company Portal. | https://example.com/informationUrl/ |
| Is Featured | Update whether the app is featured. Featured apps are displayed prominently in the Company Portal. | false |
| Icon Image Type | Update the type of the Icon image. This field is required if the Icon Image Data is provided. | image/png |
| Icon Image Data | Update the base64 encoded image data for the Icon image. This field is required if the Icon Image Type is provided. | dmFsdWU= |
| Mobile App ID | The ID of the app to update. | e0741df2-bae3-4649-9599-c47026da1234 |
| Notes | Update any notes about the app. This information will be visible to people signed into the admin center. | An example note. |
| OData App Type | The type of app to update. This depends on the platform of the app. Check the Microsoft Graph API documentation for the correct type. Documentation for an Office Suite app can be found here https://learn.microsoft.com/en-us/graph/api/intune-apps-officesuiteapp-update?view=graph-rest-beta | #microsoft.graph.officeSuiteApp |
| Owner | Update the name of the person or company that owns the app. This information will be visible to people signed into the admin center. | John Doe |
| Privacy Information URL | Update the URL that links to the privacy information for the app. The privacy information URL will be visible to users in Company Portal. | https://example.com/privacyInformationUrl/ |
| Publisher | Update the name of the developer or company that distributes the app. This information will be visible to users in Company Portal. | Microsoft |
| Specific Platform Properties | The specific properties for the app to be updated, generic properties like '@odata.type', 'displayName', 'description', etc. are alredy covered by the other inputs. This input should be a JSON object with the specific properties for the app to be updated. Check the Microsoft Graph API documentation for the correct properties for the app type you are updating. Documentation for an Office Suite app can be found here https://learn.microsoft.com/en-us/graph/api/intune-apps-officesuiteapp-update?view=graph-rest-beta |
{
"data": {
"@odata.type": "#microsoft.graph.officeSuiteApp",
"id": "9b263b46-3b46-9b26-463b-269b463b269b",
"displayName": "Display Name value",
"description": "Description value",
"publisher": "Publisher value",
"largeIcon": {
"@odata.type": "microsoft.graph.mimeContent",
"type": "Type value",
"value": "dmFsdWU="
},
"createdDateTime": "2017-01-01T00:02:43.5775965-08:00",
"lastModifiedDateTime": "2017-01-01T00:00:35.1329464-08:00",
"isFeatured": true,
"privacyInformationUrl": "https://example.com/privacyInformationUrl/",
"informationUrl": "https://example.com/informationUrl/",
"owner": "Owner value",
"developer": "Developer value",
"notes": "Notes value",
"uploadState": 11,
"publishingState": "processing",
"isAssigned": true,
"roleScopeTagIds": [
"Role Scope Tag Ids value"
],
"dependentAppCount": 1,
"supersedingAppCount": 3,
"supersededAppCount": 2,
"autoAcceptEula": true,
"productIds": [
"o365BusinessRetail"
],
"excludedApps": {
"@odata.type": "microsoft.graph.excludedApps",
"access": true,
"bing": true,
"excel": true,
"groove": true,
"infoPath": true,
"lync": true,
"oneDrive": true,
"oneNote": true,
"outlook": true,
"powerPoint": true,
"publisher": true,
"sharePointDesigner": true,
"teams": true,
"visio": true,
"word": true
},
"useSharedComputerActivation": true,
"updateChannel": "current",
"officeSuiteAppDefaultFileFormat": "officeOpenXMLFormat",
"officePlatformArchitecture": "x86",
"localesToInstall": [
"Locales To Install value"
],
"installProgressDisplayLevel": "full",
"shouldUninstallOlderVersionsOfOffice": true,
"targetVersion": "Target Version value",
"updateVersion": "Update Version value",
"officeConfigurationXml": "b2ZmaWNlQ29uZmlndXJhdGlvblhtbA=="
}
}
Update Managed Device
Update the properties of a Managed Device object. | key: updateManagedDevice
| Input | Notes | Example |
|---|---|---|
| Connection | The Microsoft Intune connection to use. | |
| Extra Fields | Additional fields to update on the device. This is an object that can contain any additional fields that might not be covered by the other inputs. | |
| Managed Device Id | Unique identifier for the managed device to update (UUID format). | a1b2c3d4-e5f6-7890-abcd-ef1234567890 |
| Managed Device Name | Update the device name to make it easier to identify. | John-Laptop |
| Notes | Additional notes about the device for documentation purposes. | Device issued to John Doe in Marketing department |
{
"data": {}
}
Update Mobile App Assignment
Update a mobile app assignment. | key: updateMobileAppAssignment
| Input | Notes | Example |
|---|---|---|
| Connection | The Microsoft Intune connection to use. | |
| Intent | The intent of the assignment for the managed app. A 'Required' option will force the app to be installed on the device. An 'Available' option will make the app available for the user to install. An 'Uninstall' option will remove the app from the device. An 'Available Without Enrollment' option will make the app available for the user to install without enrolling the device. | available |
| Mobile App Assignment Id | The ID of the mobile app assignment to update. | 0177548a-548a-0177-8a54-77018a547701 |
| Mobile App Id | The ID of the mobile app to update the assignment from. | a1b2c3d4-e5f6-7890-abcd-ef1234567890 |
| Settings | The mobile app assignment settings type. The value depends on the app platform (e.g., windowsUniversalAppXAppAssignmentSettings, iosLobAppAssignmentSettings). | microsoft.graph.windowsUniversalAppXAppAssignmentSettings |
| Target | The mobile app assignment target type. Common values include allLicensedUsersAssignmentTarget, groupAssignmentTarget, allDevicesAssignmentTarget. | microsoft.graph.allLicensedUsersAssignmentTarget |
{
"data": {
"@odata.type": "#microsoft.graph.mobileAppAssignment",
"id": "591620b7-20b7-5916-b720-1659b7201659",
"intent": "required",
"target": {
"@odata.type": "microsoft.graph.allLicensedUsersAssignmentTarget"
},
"settings": {
"@odata.type": "microsoft.graph.windowsUniversalAppXAppAssignmentSettings",
"useDeviceContext": true
}
}
}
Update Software Update Status Summary
Update the status summary of a software update. | key: updateSoftwareUpdateStatusSummary
| Input | Notes | Example |
|---|---|---|
| Compliant Device Count | The number of devices that are compliant with the software update. | 1 |
| Compliant User Count | The number of users that are compliant with the software update. | 1 |
| Conflict Device Count | The number of devices that have a conflict with the software update. | 1 |
| Conflict User Count | The number of users that have a conflict with the software update. | 1 |
| Connection | The Microsoft Intune connection to use. | |
| Display Name | The display name of the software update status summary. | Software Update Status Summary |
| Error Device Count | The number of devices that have an error with the software update. | 1 |
| Error User Count | The number of users that have an error with the software update. | 1 |
| Non-Compliant Device Count | The number of devices that are not compliant with the software update. | 1 |
| Non-Compliant User Count | The number of users that are not compliant with the software update. | 1 |
| Not Applicable Device Count | The number of devices that are not applicable for the software update. | 1 |
| Not Applicable User Count | The number of users that are not applicable for the software update. | 1 |
| Remediated Device Count | The number of devices that have been remediated. | 1 |
| Remediated User Count | The number of users that have been remediated. | 1 |
| Unknown Device Count | The number of devices that have an unknown status with the software update. | 1 |
| Unknown User Count | The number of users that have an unknown status with the software update. | 1 |
{
"data": {
"@odata.type": "#microsoft.graph.softwareUpdateStatusSummary",
"id": "4f71421f-421f-4f71-1f42-714f1f42714f",
"displayName": "Display Name value",
"compliantDeviceCount": 4,
"nonCompliantDeviceCount": 7,
"remediatedDeviceCount": 5,
"errorDeviceCount": 0,
"unknownDeviceCount": 2,
"conflictDeviceCount": 3,
"notApplicableDeviceCount": 8,
"compliantUserCount": 2,
"nonCompliantUserCount": 5,
"remediatedUserCount": 3,
"errorUserCount": 14,
"unknownUserCount": 0,
"conflictUserCount": 1,
"notApplicableUserCount": 6
}
}
Update Subscription
Update a single subscription. | key: updateSubscription
| Input | Notes | Example |
|---|---|---|
| Connection | The Microsoft Intune connection to use. | |
| Expiration Date Time | The date and time when the webhook subscription expires in UTC format (ISO 8601). The maximum duration varies by resource type. Learn more | 2025-12-31T23:59:59.0000000Z |
| Notification URL | The URL endpoint that will receive webhook notifications when changes occur. | https://example.com/webhook |
| Subscription ID | The ID of the subscription to update. | a1b2c3d4-e5f6-7890-abcd-ef1234567890 |
{
"data": [
{
"id": "7f105c7d-2dc5-4530-97cd-4e7ae6534c07",
"resource": "me/messages",
"applicationId": "string",
"changeType": "created,updated",
"clientState": "secretClientValue",
"notificationUrl": "https://webhook.azurewebsites.net/api/send/myNotifyClient",
"lifecycleNotificationUrl": "https://webhook.azurewebsites.net/api/send/lifecycleNotifications",
"expirationDateTime": "2016-11-20T18:23:45.9356913Z",
"creatorId": "string",
"latestSupportedTlsVersion": "v1_2",
"encryptionCertificate": "",
"encryptionCertificateId": "",
"includeResourceData": false,
"notificationContentType": "application/json"
}
]
}
Update User
Update the properties of a User object. | key: updateUser
| Input | Notes | Example |
|---|---|---|
| Account Enabled | When true, enables the user account. When false, the account is disabled and the user cannot sign in. | true |
| Additional Properties | Additional properties to update that are not covered by the other inputs. This should be a JSON object and will be merged with the other inputs. You can get additional properties from the Microsoft Graph API documentation https://learn.microsoft.com/en-us/graph/api/resources/user?view=graph-rest-1.0#json-representation | |
| Connection | The Microsoft Intune connection to use. | |
| Display Name | The display name of the user. | John Doe |
| Domain | The updated domain for the user. This must be an existing verified domain in your tenant. Use the 'List Domains' action to retrieve available domains. Required if 'User Principal Name' input is provided. | contoso.onmicrosoft.com |
| First Name | The updated first name of the user. | John |
| Job Title | The updated job title of the user. | Software Engineer |
| Last Name | The updated last name of the user. | Doe |
| User Id | Unique identifier for the user to update. This can be the user's ID (UUID format) or userPrincipalName (email format). | a1b2c3d4-e5f6-7890-abcd-ef1234567890 |
| User Principal Name | The updated user principal name (username) for the user. This will be combined with the domain to create the full user principal name. Required if 'Domain' input is provided. | john.doe |
{
"data": {}
}
Wipe Device
Remotely wipe a compromised or lost device. | key: wipeDevice
| Input | Notes | Example |
|---|---|---|
| Connection | The Microsoft Intune connection to use. | |
| Managed Device Id | Unique Identifier for the device to wipe. | a1b2c3d4-e5f6-7890-abcd-ef1234567890 |
{
"data": {
"keepEnrollmentData": true,
"keepUserData": true,
"macOsUnlockCode": "Mac Os Unlock Code value",
"persistEsimDataPlan": true
}
}
Changelog
2025-12-09
Fixed an issue related to Add Group Member action to correctly add members to groups
2025-10-17
Enhanced webhook trigger reliability with automatic subscription renewal and cleanup of orphaned webhooks
2025-07-11
Added group member management actions:
- Add Group Member - Add a single member to a Microsoft Intune group
- Add Group Members - Add multiple members to a group in bulk
2025-05-15
Added Client Credentials connection type for server-to-server authentication with Microsoft Intune