Microsoft

Microsoft Intune API

APIs for managing devices, apps, and compliance policies through Microsoft Graph for enterprise mobility management.

GitHub OpenAPI

Documentation

📖
Documentation
https://learn.microsoft.com/en-us/graph/intune-concept-overview
📖
APIReference
https://learn.microsoft.com/en-us/graph/api/resources/intune-graph-overview
📖
Authentication
https://learn.microsoft.com/en-us/intune/intune-service/developer/intune-graph-apis

Specifications

OpenAPI
https://raw.githubusercontent.com/api-evangelist/microsoft/refs/heads/main/openapi/microsoft-intune-openapi.yml

Schemas & Data

📊
JSONSchema
https://raw.githubusercontent.com/api-evangelist/microsoft/refs/heads/main/json-schema/microsoft-managed-device-schema.json

Other Resources

🔗
SDKs
https://learn.microsoft.com/en-us/intune/intune-service/developer/app-sdk-get-started
🔗
NaftikoCapability
https://raw.githubusercontent.com/api-evangelist/microsoft/refs/heads/main/capabilities/intune-device-compliance.yaml
🔗
NaftikoCapability
https://raw.githubusercontent.com/api-evangelist/microsoft/refs/heads/main/capabilities/intune-device-configuration.yaml
🔗
NaftikoCapability
https://raw.githubusercontent.com/api-evangelist/microsoft/refs/heads/main/capabilities/intune-managed-devices.yaml
🔗
NaftikoCapability
https://raw.githubusercontent.com/api-evangelist/microsoft/refs/heads/main/capabilities/intune-mobile-apps.yaml

OpenAPI Specification

microsoft-intune-openapi.yml Raw ↑ 
openapi: 3.1.0
info:
  title: Microsoft Intune API
  description: >-
    APIs for managing devices, apps, and compliance policies through Microsoft
    Graph for enterprise mobility and endpoint management.
  version: '1.0'
  contact:
    name: Microsoft Intune Support
    url: https://learn.microsoft.com/en-us/graph/intune-concept-overview
  termsOfService: https://www.microsoft.com/en-us/legal/terms-of-use
externalDocs:
  description: Intune Graph API Overview
  url: https://learn.microsoft.com/en-us/graph/intune-concept-overview
servers:
  - url: https://graph.microsoft.com/v1.0
    description: Microsoft Graph v1.0
tags:
  - name: Device Compliance
    description: Manage compliance policies
  - name: Device Configuration
    description: Manage device configuration profiles
  - name: Managed Devices
    description: Manage enrolled devices
  - name: Mobile Apps
    description: Manage mobile applications
security:
  - oauth2: []
paths:
  /deviceManagement/managedDevices:
    get:
      operationId: listManagedDevices
      summary: Microsoft List managed devices
      description: List properties and relationships of managed device objects.
      tags:
        - Managed Devices
      parameters:
        - $ref: '#/components/parameters/select'
        - $ref: '#/components/parameters/filter'
        - $ref: '#/components/parameters/top'
        - $ref: '#/components/parameters/orderby'
      responses:
        '200':
          description: List of managed devices
          content:
            application/json:
              schema:
                type: object
                properties:
                  '@odata.context':
                    type: string
                  value:
                    type: array
                    items:
                      $ref: '#/components/schemas/ManagedDevice'
        '401':
          description: Unauthorized
  /deviceManagement/managedDevices/{managedDeviceId}:
    get:
      operationId: getManagedDevice
      summary: Microsoft Get a managed device
      description: Read properties of a managed device object.
      tags:
        - Managed Devices
      parameters:
        - name: managedDeviceId
          in: path
          required: true
          description: Managed device unique identifier
          schema:
            type: string
        - $ref: '#/components/parameters/select'
      responses:
        '200':
          description: Managed device details
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/ManagedDevice'
        '401':
          description: Unauthorized
        '404':
          description: Device not found
  /deviceManagement/managedDevices/{managedDeviceId}/wipe:
    post:
      operationId: wipeManagedDevice
      summary: Microsoft Wipe a managed device
      description: Wipe a device, removing all data and resetting to factory defaults.
      tags:
        - Managed Devices
      parameters:
        - name: managedDeviceId
          in: path
          required: true
          schema:
            type: string
      responses:
        '204':
          description: Wipe initiated
        '401':
          description: Unauthorized
        '404':
          description: Device not found
  /deviceManagement/managedDevices/{managedDeviceId}/retire:
    post:
      operationId: retireManagedDevice
      summary: Microsoft Retire a managed device
      description: Retire a device, removing managed data while keeping personal data.
      tags:
        - Managed Devices
      parameters:
        - name: managedDeviceId
          in: path
          required: true
          schema:
            type: string
      responses:
        '204':
          description: Retire initiated
        '401':
          description: Unauthorized
  /deviceManagement/deviceCompliancePolicies:
    get:
      operationId: listCompliancePolicies
      summary: Microsoft List compliance policies
      description: List properties and relationships of device compliance policy objects.
      tags:
        - Device Compliance
      parameters:
        - $ref: '#/components/parameters/select'
        - $ref: '#/components/parameters/filter'
        - $ref: '#/components/parameters/top'
      responses:
        '200':
          description: List of compliance policies
          content:
            application/json:
              schema:
                type: object
                properties:
                  value:
                    type: array
                    items:
                      $ref: '#/components/schemas/DeviceCompliancePolicy'
        '401':
          description: Unauthorized
  /deviceAppManagement/mobileApps:
    get:
      operationId: listMobileApps
      summary: Microsoft List mobile apps
      description: List properties and relationships of mobile app objects.
      tags:
        - Mobile Apps
      parameters:
        - $ref: '#/components/parameters/select'
        - $ref: '#/components/parameters/filter'
        - $ref: '#/components/parameters/top'
      responses:
        '200':
          description: List of mobile apps
          content:
            application/json:
              schema:
                type: object
                properties:
                  value:
                    type: array
                    items:
                      $ref: '#/components/schemas/MobileApp'
        '401':
          description: Unauthorized
  /deviceManagement/deviceConfigurations:
    get:
      operationId: listDeviceConfigurations
      summary: Microsoft List device configurations
      description: List properties and relationships of device configuration objects.
      tags:
        - Device Configuration
      parameters:
        - $ref: '#/components/parameters/select'
        - $ref: '#/components/parameters/filter'
        - $ref: '#/components/parameters/top'
      responses:
        '200':
          description: List of device configurations
          content:
            application/json:
              schema:
                type: object
                properties:
                  value:
                    type: array
                    items:
                      $ref: '#/components/schemas/DeviceConfiguration'
        '401':
          description: Unauthorized
components:
  securitySchemes:
    oauth2:
      type: oauth2
      description: Microsoft Entra ID OAuth 2.0
      flows:
        clientCredentials:
          tokenUrl: https://login.microsoftonline.com/{tenantId}/oauth2/v2.0/token
          scopes:
            DeviceManagementManagedDevices.Read.All: Read managed devices
            DeviceManagementManagedDevices.ReadWrite.All: Read and write managed devices
            DeviceManagementApps.Read.All: Read mobile apps
            DeviceManagementConfiguration.Read.All: Read device configurations
  parameters:
    select:
      name: $select
      in: query
      schema:
        type: string
    filter:
      name: $filter
      in: query
      schema:
        type: string
    top:
      name: $top
      in: query
      schema:
        type: integer
    orderby:
      name: $orderby
      in: query
      schema:
        type: string
  schemas:
    ManagedDevice:
      type: object
      properties:
        id:
          type: string
        deviceName:
          type: string
        managedDeviceOwnerType:
          type: string
          enum:
            - unknown
            - company
            - personal
        operatingSystem:
          type: string
        osVersion:
          type: string
        complianceState:
          type: string
          enum:
            - unknown
            - compliant
            - noncompliant
            - conflict
            - error
            - inGracePeriod
            - configManager
        model:
          type: string
        manufacturer:
          type: string
        serialNumber:
          type: string
        userPrincipalName:
          type: string
        userDisplayName:
          type: string
        emailAddress:
          type: string
        lastSyncDateTime:
          type: string
          format: date-time
        enrolledDateTime:
          type: string
          format: date-time
        managementAgent:
          type: string
          enum:
            - eas
            - mdm
            - easMdm
            - intuneClient
            - easIntuneClient
            - configurationManagerClient
            - unknown
        isEncrypted:
          type: boolean
        isSupervised:
          type: boolean
        jailBroken:
          type: string
    DeviceCompliancePolicy:
      type: object
      properties:
        id:
          type: string
        displayName:
          type: string
        description:
          type: string
        createdDateTime:
          type: string
          format: date-time
        lastModifiedDateTime:
          type: string
          format: date-time
        version:
          type: integer
    MobileApp:
      type: object
      properties:
        id:
          type: string
        displayName:
          type: string
        description:
          type: string
        publisher:
          type: string
        createdDateTime:
          type: string
          format: date-time
        lastModifiedDateTime:
          type: string
          format: date-time
        isFeatured:
          type: boolean
        publishingState:
          type: string
          enum:
            - notPublished
            - processing
            - published
    DeviceConfiguration:
      type: object
      properties:
        id:
          type: string
        displayName:
          type: string
        description:
          type: string
        createdDateTime:
          type: string
          format: date-time
        lastModifiedDateTime:
          type: string
          format: date-time
        version:
          type: integer