Microsoft 365
Visualize Microsoft 365 services, groups, and users, and monitor changes through queries and alerts.
- Installation
- Authorization
- Data Model
- Types
- Release Notes
Installation
To use this integration, you must have:
- An organizational Active Directory tenant to target for ingestion. The integration does not support the use of other tenant types.
- An account in the tenant you want to target for ingestion that has global administrator access. You will log in with this account to grant the JupiterOne application API permissions that can read data across all users (admin consent).
Configuration in JupiterOne
To install the Microsoft 365 integration in JupiterOne, navigate to the Integrations tab in JupiterOne and select Microsoft 365. Click New Instance to begin configuring your integration, providing the following:
-
The Account Name used to identify the Microsoft 365 account in JupiterOne. Ingested entities will have this value stored in
tag.AccountNamewhen theAccountNametoggle is enabled. -
Description to assist in identifying the integration instance, if desired.
-
Polling Interval that you feel is sufficient for your monitoring needs. You may leave this as
DISABLEDand manually execute the integration. -
Include Advanced Device Details queries for and includes device properties:
physicalMemoryInBytes,iccidandethernetMacAddresswhen available. Ingestion duration may increase due to additional API requests.
Data Volume Configuration
Control how much data is ingested from Microsoft 365 to manage storage and processing.
Data Filtering Options
| Field | Type | Description | Default |
|---|---|---|---|
| Included Vulnerability Severities | Multi-select | Select vulnerability severities to ingest | Low, Medium, High, Critical |
Available severity options:
- Unknown
- Informational
- Low (default)
- Medium (default)
- High (default)
- Critical (default)
How it affects data volume: Filtering by severity reduces the number of vulnerability entities ingested. By default, Low, Medium, High, and Critical severity vulnerabilities are imported. Disabling lower severities will reduce data volume.
Additional Options
| Field | Type | Description | Default |
|---|---|---|---|
| Include Advanced Device Details | Boolean | Enables ingestion of additional device properties (memory, ICCID, MAC) | false |
How it affects data volume: Enabling advanced device details increases the number of API requests and may extend ingestion duration, but adds more granular device information.
Click Create after you have provided all the values.
When prompted, click Begin Authorization.
You are then directed to the Microsoft identity platform where you must log in as a global administrator of the organizational Active Directory tenant you intend to integrate with.
You must select an account belonging to an organizational tenant. When you are already logged into an account, the badge icons indicate the nature of the tenant the account belongs to. Do not select a personal account.
Review the requested permissions (described below) and grant consent. Once you proceed through the authorization, you will have successfully completed the integration setup process.
Granted permissions
DeviceManagementApps.Read.All- Read Microsoft Intune apps
- Needed for creating
Applicationentities
DeviceManagementConfiguration.Read.All- Read Microsoft Intune device configuration and policies
- Needed for creating
ConfigurationandControlPolicyentities
DeviceManagementManagedDevices.Read.All- Read Microsoft Intune devices
- Needed for creating
DeviceandHostAgententities
Organization.Read.All- Read organization information
- Needed for creating the
Accountentity
APIConnectors.Read.All- Read API connectors for authentication flows
- Needed for enriching the
Accountentity with Intune subscription information
DeviceManagementServiceConfig.Read.All- Read Microsoft Intune configuration
- Also needed for enriching the
Accountentity with Intune subscription information
Directory.Read.All- Read directory data
- Needed for creating
User,Group, andGroupUserentities
AuditLog.Read.All- OPTIONAL
- If provided on a B2C or premium tenant, the integragration will include
singInActivityin theUserentity.
Next steps
Now that your integration instance has been configured, it will begin running on the polling interval you provided, populating data within JupiterOne. Continue on to our Instance management guide to learn more about working with and editing integration instances.
Entities
The following entities are created:
| Resources | Entity _type | Entity _class |
|---|---|---|
| [AD] Account | microsoft_365_account | Account |
| [AD] Group | azure_user_group | UserGroup |
| [AD] Group Member | azure_group_member | User |
| [AD] User | azure_user | User |
| Autopilot Device Identity | intune_autopilot_device_identity | Device |
| Compliance Policy | intune_compliance_policy | Configuration, ControlPolicy |
| Detected Application | intune_detected_application | Application |
| Device Configuration | intune_device_configuration | Configuration, ControlPolicy |
| Device Health Script | intune_device_health_script | Configuration, ControlPolicy |
| Group Policy Configuration | intune_group_policy_configuration | Configuration, ControlPolicy |
| Intune Host Agent | intune_host_agent | HostAgent |
| Managed Application | intune_managed_application | Application |
| Managed Device | user_endpoint | Device, Host |
| Managed Device | workstation | Device, Host |
| Managed Device | laptop | Device, Host |
| Managed Device | desktop | Device, Host |
| Managed Device | server | Host |
| Managed Device | server | Device, Host |
| Managed Device | smartphone | Device, Host |
| Noncompliance Finding | intune_noncompliance_finding | Finding |
| Settings Catalog Policy | intune_settings_catalog_policy | Configuration, ControlPolicy |
Relationships
The following relationships are created:
Source Entity _type | Relationship _class | Target Entity _type |
|---|---|---|
azure_user | HAS | user_endpoint |
azure_user | HAS | workstation |
azure_user | HAS | laptop |
azure_user | HAS | desktop |
azure_user | HAS | computer |
azure_user | HAS | server |
azure_user | HAS | smartphone |
azure_user | USES | user_endpoint |
azure_user | USES | workstation |
azure_user | USES | laptop |
azure_user | USES | desktop |
azure_user | USES | computer |
azure_user | USES | server |
azure_user | USES | smartphone |
azure_user_group | HAS | azure_user |
azure_user_group | HAS | azure_user_group |
azure_user_group | HAS | azure_group_member |
computer | HAS | intune_noncompliance_finding |
computer | ASSIGNED | intune_managed_application |
computer | INSTALLED | intune_detected_application |
desktop | HAS | intune_noncompliance_finding |
desktop | ASSIGNED | intune_managed_application |
desktop | INSTALLED | intune_detected_application |
intune_autopilot_device_identity | ASSIGNED | azure_user |
intune_compliance_policy | IDENTIFIED | intune_noncompliance_finding |
intune_device_configuration | IDENTIFIED | intune_noncompliance_finding |
intune_host_agent | MANAGES | user_endpoint |
intune_host_agent | MANAGES | workstation |
intune_host_agent | MANAGES | laptop |
intune_host_agent | MANAGES | desktop |
intune_host_agent | MANAGES | computer |
intune_host_agent | MANAGES | server |
intune_host_agent | MANAGES | smartphone |
intune_host_agent | ASSIGNED | intune_compliance_policy |
intune_host_agent | ASSIGNED | intune_device_configuration |
intune_host_agent | ASSIGNED | intune_settings_catalog_policy |
intune_host_agent | ASSIGNED | intune_group_policy_configuration |
intune_host_agent | ASSIGNED | intune_device_health_script |
laptop | HAS | intune_noncompliance_finding |
laptop | ASSIGNED | intune_managed_application |
laptop | INSTALLED | intune_detected_application |
microsoft_365_account | HAS | azure_user |
microsoft_365_account | HAS | azure_user_group |
server | HAS | intune_noncompliance_finding |
server | ASSIGNED | intune_managed_application |
server | INSTALLED | intune_detected_application |
smartphone | HAS | intune_noncompliance_finding |
smartphone | ASSIGNED | intune_managed_application |
smartphone | INSTALLED | intune_detected_application |
user_endpoint | HAS | intune_noncompliance_finding |
user_endpoint | ASSIGNED | intune_managed_application |
user_endpoint | INSTALLED | intune_detected_application |
workstation | HAS | intune_noncompliance_finding |
workstation | ASSIGNED | intune_managed_application |
workstation | INSTALLED | intune_detected_application |
Azure Group Member
azure_group_member inherits from User
Azure User
azure_user inherits from User
| Property | Type | Description | Specifications |
|---|---|---|---|
accountEnabled * | boolean | ||
givenName | string | null | ||
jobTitle | string | null | ||
mail | string | The SMTP address for the user | |
mobilePhone | string | null | ||
officeLocation | string | null | ||
preferredLanguage | string | null | ||
surname | string | null | ||
usageLocation | string | null | ||
userPrincipalName | string | null | ||
userType | string | null |
Azure User Group
azure_user_group inherits from UserGroup
| Property | Type | Description | Specifications |
|---|---|---|---|
isMailEnabled * | boolean | ||
isSecurityEnabled * | boolean | ||
mail | string | null | ||
mailEnabled * | boolean | Please use isMailEnabled instead | deprecated: true |
mailNickname | string | null | ||
renewedOn | number | ||
securityEnabled * | boolean | Please use isSecurityEnabled instead | deprecated: true |
Desktop
desktop inherits from Device, Host
Intune Autopilot Device Identity
intune_autopilot_device_identity inherits from Device
| Property | Type | Description | Specifications |
|---|---|---|---|
addressableUserName | string | null | ||
azureAdDeviceId | string | null | ||
deploymentProfileAssignedDateTime | number | ||
deploymentProfileAssignmentDetailedStatus | string | Any of: nonehardwareRequirementsNotMetsurfaceHubProfileNotSupportedholoLensProfileNotSupportedwindowsPcProfileNotSupportedsurfaceHub2SProfileNotSupportedunknownFutureValue | |
deploymentProfileAssignmentStatus | string | Any of: unknownassignedInSyncassignedOutOfSyncassignedUnkownSyncStatenotAssignedpendingfailed | |
deviceFriendlyName | string | null | ||
enrollmentState | string | Any of: unknownenrolledpendingResetfailednotContactedblocked | |
groupTag | string | null | ||
lastContactedDateTime | number | ||
managedDeviceId | string | null | ||
productKey | string | null | ||
purchaseOrderIdentifier | string | null | ||
skuNumber | string | null | ||
userPrincipalName | string | null |
Intune Compliance Policy
intune_compliance_policy inherits from Configuration, ControlPolicy
| Property | Type | Description | Specifications |
|---|---|---|---|
appLockerApplicationControl | string | null | AppLocker application control mode. Example values: notConfigured, enforceComponentsAndStoreApps, auditComponentsAndStoreApps, enforceComponentsStoreAppsAndSmartlocker, auditComponentsStoreAppsAndSmartlocker. | |
bitlockerRemovableDriveEncryptionMethod | string | null | Encryption algorithm applied to removable drives. Example values: aesCbc128, aesCbc256, xtsAes128, xtsAes256. | |
bitlockerSystemDriveEncryptionMethod | string | null | Encryption algorithm applied to the operating-system drive. Example values: aesCbc128, aesCbc256, xtsAes128, xtsAes256. | |
category * | string | const: compliance | |
defenderCloudBlockLevel | string | null | Microsoft Defender cloud-block level. Example values: notConfigured, high, highPlus, zeroTolerance. | |
diagnosticsDataSubmissionMode | string | null | Telemetry/diagnostics data submission level. Example values: userDefined, none, basic, enhanced, full. | |
firewallDomainFirewallState | string | null | Domain-profile firewall state. Possible values: enabled, disabled, notConfigured, allowed, blocked (tri/quad-state, not boolean). | |
firewallPrivateFirewallState | string | null | Private-profile firewall state. Possible values: enabled, disabled, notConfigured, allowed, blocked (tri/quad-state, not boolean). | |
firewallPublicFirewallState | string | null | Public-profile firewall state. Possible values: enabled, disabled, notConfigured, allowed, blocked (tri/quad-state, not boolean). | |
function * | string | const: endpoint-compliance | |
isActiveFirewallRequired | boolean | null | Whether an active firewall (any profile) is required for compliance. | |
isAntiSpywareRequired | boolean | null | Whether an anti-spyware product must be installed and active for compliance. | |
isAntivirusRequired | boolean | null | Whether an antivirus product (any vendor) must be installed and active for compliance. | |
isApplicationGuardEnabled | boolean | null | Whether Windows Defender Application Guard is enabled. | |
isAppStoreBlocked | boolean | null | Whether the platform App Store is blocked entirely (no app install/update from the store). | |
isAppStoreRequirePassword | boolean | null | Whether the App Store is required to prompt for a password before every purchase / install. | |
isBitlockerEncryptDevice | boolean | null | Whether BitLocker disk encryption is required on the device. | |
isBitlockerRemovableDriveBlockCrossOrganizationWriteAccess | boolean | null | Whether the device blocks write access to BitLocker-encrypted drives that were encrypted by another organization. | |
isBitlockerRemovableDriveRequireEncryptionForWriteAccess | boolean | null | Whether the device blocks write access to removable drives that are not BitLocker-encrypted. | |
isBluetoothBlocked | boolean | null | Whether Bluetooth is blocked. | |
isCameraBlocked | boolean | null | Whether the device camera is blocked. | |
isCertificatesBlockUntrustedTlsCertificates | boolean | null | Whether the device is blocked from accepting untrusted TLS certificates. | |
isCodeIntegrityEnabled | boolean | null | Whether Windows code integrity (HVCI) is required. | |
isCommercialDataSharingDisabled | boolean | null | Whether sharing of commercial telemetry data with Microsoft is disabled. | |
isDefenderEnabled | boolean | null | Whether Microsoft Defender must be enabled (compliance gate). | |
isDefenderRequireBehaviorMonitoring | boolean | null | Whether Microsoft Defender behavior monitoring is required. | |
isDefenderRequireCloudProtection | boolean | null | Whether Microsoft Defender cloud-delivered protection is required. | |
isDefenderRequireRealTimeMonitoring | boolean | null | Whether Microsoft Defender real-time monitoring is required. | |
isDefenderSecurityCenterBlockExploitProtectionOverride | boolean | null | Whether users are blocked from overriding the configured exploit-protection settings via the Defender Security Center. | |
isEdgeRequireSmartScreen | boolean | null | Whether Microsoft Edge is required to have SmartScreen enabled. | |
isFileVaultEnabled | boolean | null | Whether FileVault disk encryption is required on macOS. | |
isFirewallDomainInboundConnectionsBlocked | boolean | null | Whether inbound connections are blocked on the Domain firewall profile. | |
isFirewallDomainIncomingTrafficBlocked | boolean | null | Whether incoming traffic is blocked on the Domain firewall profile. | |
isFirewallDomainOutboundConnectionsBlocked | boolean | null | Whether outbound connections are blocked on the Domain firewall profile. | |
isFirewallDomainStealthModeBlocked | boolean | null | Whether stealth mode is blocked on the Domain firewall profile. | |
isFirewallPrivateInboundConnectionsBlocked | boolean | null | Whether inbound connections are blocked on the Private firewall profile. | |
isFirewallPrivateIncomingTrafficBlocked | boolean | null | Whether incoming traffic is blocked on the Private firewall profile. | |
isFirewallPrivateOutboundConnectionsBlocked | boolean | null | Whether outbound connections are blocked on the Private firewall profile. | |
isFirewallPrivateStealthModeBlocked | boolean | null | Whether stealth mode is blocked on the Private firewall profile. | |
isFirewallPublicInboundConnectionsBlocked | boolean | null | Whether inbound connections are blocked on the Public firewall profile. | |
isFirewallPublicIncomingTrafficBlocked | boolean | null | Whether incoming traffic is blocked on the Public firewall profile. | |
isFirewallPublicOutboundConnectionsBlocked | boolean | null | Whether outbound connections are blocked on the Public firewall profile. | |
isFirewallPublicStealthModeBlocked | boolean | null | Whether stealth mode is blocked on the Public firewall profile. | |
isHealthyDeviceReportRequired | boolean | null | Whether a recent Windows Health Attestation report is required for compliance. | |
isICloudRequireEncryptedBackup | boolean | null | Whether iCloud backups must be encrypted (iOS). | |
isLocationServicesBlocked | boolean | null | Whether device location services are blocked. | |
isMicrophoneBlocked | boolean | null | Whether the device microphone (or voice recording) is blocked. | |
isMicrosoftAccountBlocked | boolean | null | Whether sign-in with personal Microsoft accounts is blocked on the device. | |
isOneDriveDisableFileSync | boolean | null | Whether OneDrive file-sync is disabled on the device. | |
isPasswordBlockFingerprint | boolean | null | Whether fingerprint unlock (biometric) is blocked. | |
isPasswordBlockSimple | boolean | null | Whether simple passwords (e.g. repeating or sequential characters such as 1234, aaaa) are blocked. | |
isPasswordBlockSmartCard | boolean | null | Whether smart-card sign-in is blocked. | |
isPasswordRequired | boolean | null | Whether the device or user must set a password/passcode to unlock the device. | |
isSafariRequireFraudWarning | boolean | null | Whether Safari is required to show fraudulent-website warnings (iOS). | |
isScreenCaptureBlocked | boolean | null | Whether screen capture / screenshots are blocked. | |
isSecureBootEnabled | boolean | null | Whether UEFI Secure Boot is required to be enabled. | |
isSignatureOutOfDateRequired | boolean | null | Whether the policy requires AV signatures to be up to date for the device to be considered compliant. | |
isSiriBlockedWhenLocked | boolean | null | Whether Siri is blocked from being invoked while the device is locked (iOS). | |
isSmartScreenBlockOverrideForFiles | boolean | null | Whether users are blocked from overriding SmartScreen warnings for files. | |
isSmartScreenEnableInShell | boolean | null | Whether Windows SmartScreen is enabled in the shell (file open / download warnings). | |
isStorageRequireDeviceEncryption | boolean | null | Whether device storage (full-disk) encryption is required, regardless of provider (BitLocker on Windows, FileVault on macOS, native on mobile). | |
isTpmRequired | boolean | null | Whether a Trusted Platform Module (TPM) is required for compliance. | |
isUsbBlocked | boolean | null | Whether USB connections / mass-storage are blocked. | |
omaSettingCount | number | null | Number of OMA-URI custom settings present on the policy (Windows custom configurations only). | |
omaUris | array | null | List of OMA-URI paths configured by the policy (e.g. ./Vendor/MSFT/BitLocker/...). Useful for grepping which OMA-URIs are managed without inspecting the per-setting values. | |
osMaximumVersion | string | null | Maximum operating-system version the device may run to be considered compliant. | |
osMinimumVersion | string | null | Minimum operating-system version the device must run to be considered compliant. | |
passwordExpirationDays | number | null | Number of days after which the password must be changed. A value of 0 typically means no expiration. | |
passwordMinimumCharacterSetCount | number | null | Minimum number of distinct character sets (uppercase, lowercase, digits, symbols) the password must include. | |
passwordMinimumLength | number | null | Minimum number of characters required in the password/passcode. | |
passwordMinutesOfInactivityBeforeLock | number | null | Minutes of idle time before the device locks automatically. | |
passwordMinutesOfInactivityBeforeScreenTimeout | number | null | Minutes of idle time before the screen times out (display sleep). | |
passwordPreviousPasswordBlockCount | number | null | Number of previous passwords the user is blocked from reusing. | |
passwordRequiredType | string | null | The complexity class the password must satisfy. Example values: deviceDefault, alphanumeric, numeric, alphabetic, alphanumericWithSymbols. | |
passwordSignInFailureCountBeforeFactoryReset | number | null | Number of consecutive failed sign-in attempts that triggers an automatic factory reset of the device. | |
policyType | string | Examples: iosCompliancePolicy | |
version | number |
Intune Detected Application
intune_detected_application inherits from Application
| Property | Type | Description | Specifications |
|---|---|---|---|
sizeInByte | number | ||
version | string | null |
Intune Device Configuration
intune_device_configuration inherits from Configuration, ControlPolicy
| Property | Type | Description | Specifications |
|---|---|---|---|
appLockerApplicationControl | string | null | AppLocker application control mode. Example values: notConfigured, enforceComponentsAndStoreApps, auditComponentsAndStoreApps, enforceComponentsStoreAppsAndSmartlocker, auditComponentsStoreAppsAndSmartlocker. | |
bitlockerRemovableDriveEncryptionMethod | string | null | Encryption algorithm applied to removable drives. Example values: aesCbc128, aesCbc256, xtsAes128, xtsAes256. | |
bitlockerSystemDriveEncryptionMethod | string | null | Encryption algorithm applied to the operating-system drive. Example values: aesCbc128, aesCbc256, xtsAes128, xtsAes256. | |
category * | string | const: config | |
configurationType | string | Examples: iosCustomConfiguration, windows10GeneralConfiguration, iosWiFiConfiguration | |
defenderCloudBlockLevel | string | null | Microsoft Defender cloud-block level. Example values: notConfigured, high, highPlus, zeroTolerance. | |
diagnosticsDataSubmissionMode | string | null | Telemetry/diagnostics data submission level. Example values: userDefined, none, basic, enhanced, full. | |
firewallDomainFirewallState | string | null | Domain-profile firewall state. Possible values: enabled, disabled, notConfigured, allowed, blocked (tri/quad-state, not boolean). | |
firewallPrivateFirewallState | string | null | Private-profile firewall state. Possible values: enabled, disabled, notConfigured, allowed, blocked (tri/quad-state, not boolean). | |
firewallPublicFirewallState | string | null | Public-profile firewall state. Possible values: enabled, disabled, notConfigured, allowed, blocked (tri/quad-state, not boolean). | |
function * | string | const: endpoint-configuration | |
isActiveFirewallRequired | boolean | null | Whether an active firewall (any profile) is required for compliance. | |
isAntiSpywareRequired | boolean | null | Whether an anti-spyware product must be installed and active for compliance. | |
isAntivirusRequired | boolean | null | Whether an antivirus product (any vendor) must be installed and active for compliance. | |
isApplicationGuardEnabled | boolean | null | Whether Windows Defender Application Guard is enabled. | |
isAppStoreBlocked | boolean | null | Whether the platform App Store is blocked entirely (no app install/update from the store). | |
isAppStoreRequirePassword | boolean | null | Whether the App Store is required to prompt for a password before every purchase / install. | |
isBitlockerEncryptDevice | boolean | null | Whether BitLocker disk encryption is required on the device. | |
isBitlockerRemovableDriveBlockCrossOrganizationWriteAccess | boolean | null | Whether the device blocks write access to BitLocker-encrypted drives that were encrypted by another organization. | |
isBitlockerRemovableDriveRequireEncryptionForWriteAccess | boolean | null | Whether the device blocks write access to removable drives that are not BitLocker-encrypted. | |
isBluetoothBlocked | boolean | null | Whether Bluetooth is blocked. | |
isCameraBlocked | boolean | null | Whether the device camera is blocked. | |
isCertificatesBlockUntrustedTlsCertificates | boolean | null | Whether the device is blocked from accepting untrusted TLS certificates. | |
isCodeIntegrityEnabled | boolean | null | Whether Windows code integrity (HVCI) is required. | |
isCommercialDataSharingDisabled | boolean | null | Whether sharing of commercial telemetry data with Microsoft is disabled. | |
isDefenderEnabled | boolean | null | Whether Microsoft Defender must be enabled (compliance gate). | |
isDefenderRequireBehaviorMonitoring | boolean | null | Whether Microsoft Defender behavior monitoring is required. | |
isDefenderRequireCloudProtection | boolean | null | Whether Microsoft Defender cloud-delivered protection is required. | |
isDefenderRequireRealTimeMonitoring | boolean | null | Whether Microsoft Defender real-time monitoring is required. | |
isDefenderSecurityCenterBlockExploitProtectionOverride | boolean | null | Whether users are blocked from overriding the configured exploit-protection settings via the Defender Security Center. | |
isEdgeRequireSmartScreen | boolean | null | Whether Microsoft Edge is required to have SmartScreen enabled. | |
isFileVaultEnabled | boolean | null | Whether FileVault disk encryption is required on macOS. | |
isFirewallDomainInboundConnectionsBlocked | boolean | null | Whether inbound connections are blocked on the Domain firewall profile. | |
isFirewallDomainIncomingTrafficBlocked | boolean | null | Whether incoming traffic is blocked on the Domain firewall profile. | |
isFirewallDomainOutboundConnectionsBlocked | boolean | null | Whether outbound connections are blocked on the Domain firewall profile. | |
isFirewallDomainStealthModeBlocked | boolean | null | Whether stealth mode is blocked on the Domain firewall profile. | |
isFirewallPrivateInboundConnectionsBlocked | boolean | null | Whether inbound connections are blocked on the Private firewall profile. | |
isFirewallPrivateIncomingTrafficBlocked | boolean | null | Whether incoming traffic is blocked on the Private firewall profile. | |
isFirewallPrivateOutboundConnectionsBlocked | boolean | null | Whether outbound connections are blocked on the Private firewall profile. | |
isFirewallPrivateStealthModeBlocked | boolean | null | Whether stealth mode is blocked on the Private firewall profile. | |
isFirewallPublicInboundConnectionsBlocked | boolean | null | Whether inbound connections are blocked on the Public firewall profile. | |
isFirewallPublicIncomingTrafficBlocked | boolean | null | Whether incoming traffic is blocked on the Public firewall profile. | |
isFirewallPublicOutboundConnectionsBlocked | boolean | null | Whether outbound connections are blocked on the Public firewall profile. | |
isFirewallPublicStealthModeBlocked | boolean | null | Whether stealth mode is blocked on the Public firewall profile. | |
isHealthyDeviceReportRequired | boolean | null | Whether a recent Windows Health Attestation report is required for compliance. | |
isICloudRequireEncryptedBackup | boolean | null | Whether iCloud backups must be encrypted (iOS). | |
isLocationServicesBlocked | boolean | null | Whether device location services are blocked. | |
isMicrophoneBlocked | boolean | null | Whether the device microphone (or voice recording) is blocked. | |
isMicrosoftAccountBlocked | boolean | null | Whether sign-in with personal Microsoft accounts is blocked on the device. | |
isOneDriveDisableFileSync | boolean | null | Whether OneDrive file-sync is disabled on the device. | |
isPasswordBlockFingerprint | boolean | null | Whether fingerprint unlock (biometric) is blocked. | |
isPasswordBlockSimple | boolean | null | Whether simple passwords (e.g. repeating or sequential characters such as 1234, aaaa) are blocked. | |
isPasswordBlockSmartCard | boolean | null | Whether smart-card sign-in is blocked. | |
isPasswordRequired | boolean | null | Whether the device or user must set a password/passcode to unlock the device. | |
isSafariRequireFraudWarning | boolean | null | Whether Safari is required to show fraudulent-website warnings (iOS). | |
isScreenCaptureBlocked | boolean | null | Whether screen capture / screenshots are blocked. | |
isSecureBootEnabled | boolean | null | Whether UEFI Secure Boot is required to be enabled. | |
isSignatureOutOfDateRequired | boolean | null | Whether the policy requires AV signatures to be up to date for the device to be considered compliant. | |
isSiriBlockedWhenLocked | boolean | null | Whether Siri is blocked from being invoked while the device is locked (iOS). | |
isSmartScreenBlockOverrideForFiles | boolean | null | Whether users are blocked from overriding SmartScreen warnings for files. | |
isSmartScreenEnableInShell | boolean | null | Whether Windows SmartScreen is enabled in the shell (file open / download warnings). | |
isStorageRequireDeviceEncryption | boolean | null | Whether device storage (full-disk) encryption is required, regardless of provider (BitLocker on Windows, FileVault on macOS, native on mobile). | |
isTpmRequired | boolean | null | Whether a Trusted Platform Module (TPM) is required for compliance. | |
isUsbBlocked | boolean | null | Whether USB connections / mass-storage are blocked. | |
omaSettingCount | number | null | Number of OMA-URI custom settings present on the policy (Windows custom configurations only). | |
omaUris | array | null | List of OMA-URI paths configured by the policy (e.g. ./Vendor/MSFT/BitLocker/...). Useful for grepping which OMA-URIs are managed without inspecting the per-setting values. | |
osMaximumVersion | string | null | Maximum operating-system version the device may run to be considered compliant. | |
osMinimumVersion | string | null | Minimum operating-system version the device must run to be considered compliant. | |
passwordExpirationDays | number | null | Number of days after which the password must be changed. A value of 0 typically means no expiration. | |
passwordMinimumCharacterSetCount | number | null | Minimum number of distinct character sets (uppercase, lowercase, digits, symbols) the password must include. | |
passwordMinimumLength | number | null | Minimum number of characters required in the password/passcode. | |
passwordMinutesOfInactivityBeforeLock | number | null | Minutes of idle time before the device locks automatically. | |
passwordMinutesOfInactivityBeforeScreenTimeout | number | null | Minutes of idle time before the screen times out (display sleep). | |
passwordPreviousPasswordBlockCount | number | null | Number of previous passwords the user is blocked from reusing. | |
passwordRequiredType | string | null | The complexity class the password must satisfy. Example values: deviceDefault, alphanumeric, numeric, alphabetic, alphanumericWithSymbols. | |
passwordSignInFailureCountBeforeFactoryReset | number | null | Number of consecutive failed sign-in attempts that triggers an automatic factory reset of the device. | |
version | number |
Intune Device Health Script
intune_device_health_script inherits from Configuration, ControlPolicy
| Property | Type | Description | Specifications |
|---|---|---|---|
category * | string | const: config | |
detectionScriptParameterCount | number | null | Number of parameters defined on the detection script. The parameter values themselves are intentionally not surfaced. | |
deviceHealthScriptType | string | null | Microsoft-assigned type discriminator for the health script. Example values: deviceHealthScript, managedInstallerScript. | |
function * | string | const: endpoint-configuration | |
isGlobalScript | boolean | null | Whether this is a Microsoft-published global script (visible to all tenants) vs a tenant-authored script. | |
isRunAs32Bit | boolean | null | Whether the script is executed as a 32-bit process (vs the native 64-bit PowerShell host) on 64-bit Windows. | |
isSignatureCheckEnforced | boolean | null | Whether the script must be code-signed and validated against an Intune-configured signing certificate before the device will execute it. | |
publisher | string | null | Publisher of the Device Health Script (Proactive Remediation). For Microsoft-shipped scripts, this is typically Microsoft; for custom scripts, the org that authored them. | |
remediationScriptParameterCount | number | null | Number of parameters defined on the remediation script. The parameter values themselves are intentionally not surfaced. | |
roleScopeTagIds | array | null | Intune RBAC scope tag IDs associated with this Device Health Script. Used to limit which administrators can view/edit the script. | |
runAsAccount | string | null | Account context the script runs under on the endpoint. Example values: system, user. | |
version | string | null | Version string declared by the script author for this Device Health Script. |
Intune Group Policy Configuration
intune_group_policy_configuration inherits from Configuration, ControlPolicy
| Property | Type | Description | Specifications |
|---|---|---|---|
appLockerApplicationControl | string | null | AppLocker application control mode. Example values: notConfigured, enforceComponentsAndStoreApps, auditComponentsAndStoreApps, enforceComponentsStoreAppsAndSmartlocker, auditComponentsStoreAppsAndSmartlocker. | |
bitlockerRemovableDriveEncryptionMethod | string | null | Encryption algorithm applied to removable drives. Example values: aesCbc128, aesCbc256, xtsAes128, xtsAes256. | |
bitlockerSystemDriveEncryptionMethod | string | null | Encryption algorithm applied to the operating-system drive. Example values: aesCbc128, aesCbc256, xtsAes128, xtsAes256. | |
category * | string | const: config | |
defenderCloudBlockLevel | string | null | Microsoft Defender cloud-block level. Example values: notConfigured, high, highPlus, zeroTolerance. | |
definitionValueCount | number | null | Number of ADMX definitionValue settings configured by this Group Policy configuration. Each definitionValue corresponds to one Group Policy setting that has been set. | |
diagnosticsDataSubmissionMode | string | null | Telemetry/diagnostics data submission level. Example values: userDefined, none, basic, enhanced, full. | |
firewallDomainFirewallState | string | null | Domain-profile firewall state. Possible values: enabled, disabled, notConfigured, allowed, blocked (tri/quad-state, not boolean). | |
firewallPrivateFirewallState | string | null | Private-profile firewall state. Possible values: enabled, disabled, notConfigured, allowed, blocked (tri/quad-state, not boolean). | |
firewallPublicFirewallState | string | null | Public-profile firewall state. Possible values: enabled, disabled, notConfigured, allowed, blocked (tri/quad-state, not boolean). | |
function * | string | const: endpoint-configuration | |
isActiveFirewallRequired | boolean | null | Whether an active firewall (any profile) is required for compliance. | |
isAntiSpywareRequired | boolean | null | Whether an anti-spyware product must be installed and active for compliance. | |
isAntivirusRequired | boolean | null | Whether an antivirus product (any vendor) must be installed and active for compliance. | |
isApplicationGuardEnabled | boolean | null | Whether Windows Defender Application Guard is enabled. | |
isAppStoreBlocked | boolean | null | Whether the platform App Store is blocked entirely (no app install/update from the store). | |
isAppStoreRequirePassword | boolean | null | Whether the App Store is required to prompt for a password before every purchase / install. | |
isBitlockerEncryptDevice | boolean | null | Whether BitLocker disk encryption is required on the device. | |
isBitlockerRemovableDriveBlockCrossOrganizationWriteAccess | boolean | null | Whether the device blocks write access to BitLocker-encrypted drives that were encrypted by another organization. | |
isBitlockerRemovableDriveRequireEncryptionForWriteAccess | boolean | null | Whether the device blocks write access to removable drives that are not BitLocker-encrypted. | |
isBluetoothBlocked | boolean | null | Whether Bluetooth is blocked. | |
isCameraBlocked | boolean | null | Whether the device camera is blocked. | |
isCertificatesBlockUntrustedTlsCertificates | boolean | null | Whether the device is blocked from accepting untrusted TLS certificates. | |
isCodeIntegrityEnabled | boolean | null | Whether Windows code integrity (HVCI) is required. | |
isCommercialDataSharingDisabled | boolean | null | Whether sharing of commercial telemetry data with Microsoft is disabled. | |
isDefenderEnabled | boolean | null | Whether Microsoft Defender must be enabled (compliance gate). | |
isDefenderRequireBehaviorMonitoring | boolean | null | Whether Microsoft Defender behavior monitoring is required. | |
isDefenderRequireCloudProtection | boolean | null | Whether Microsoft Defender cloud-delivered protection is required. | |
isDefenderRequireRealTimeMonitoring | boolean | null | Whether Microsoft Defender real-time monitoring is required. | |
isDefenderSecurityCenterBlockExploitProtectionOverride | boolean | null | Whether users are blocked from overriding the configured exploit-protection settings via the Defender Security Center. | |
isEdgeRequireSmartScreen | boolean | null | Whether Microsoft Edge is required to have SmartScreen enabled. | |
isFileVaultEnabled | boolean | null | Whether FileVault disk encryption is required on macOS. | |
isFirewallDomainInboundConnectionsBlocked | boolean | null | Whether inbound connections are blocked on the Domain firewall profile. | |
isFirewallDomainIncomingTrafficBlocked | boolean | null | Whether incoming traffic is blocked on the Domain firewall profile. | |
isFirewallDomainOutboundConnectionsBlocked | boolean | null | Whether outbound connections are blocked on the Domain firewall profile. | |
isFirewallDomainStealthModeBlocked | boolean | null | Whether stealth mode is blocked on the Domain firewall profile. | |
isFirewallPrivateInboundConnectionsBlocked | boolean | null | Whether inbound connections are blocked on the Private firewall profile. | |
isFirewallPrivateIncomingTrafficBlocked | boolean | null | Whether incoming traffic is blocked on the Private firewall profile. | |
isFirewallPrivateOutboundConnectionsBlocked | boolean | null | Whether outbound connections are blocked on the Private firewall profile. | |
isFirewallPrivateStealthModeBlocked | boolean | null | Whether stealth mode is blocked on the Private firewall profile. | |
isFirewallPublicInboundConnectionsBlocked | boolean | null | Whether inbound connections are blocked on the Public firewall profile. | |
isFirewallPublicIncomingTrafficBlocked | boolean | null | Whether incoming traffic is blocked on the Public firewall profile. | |
isFirewallPublicOutboundConnectionsBlocked | boolean | null | Whether outbound connections are blocked on the Public firewall profile. | |
isFirewallPublicStealthModeBlocked | boolean | null | Whether stealth mode is blocked on the Public firewall profile. | |
isHealthyDeviceReportRequired | boolean | null | Whether a recent Windows Health Attestation report is required for compliance. | |
isICloudRequireEncryptedBackup | boolean | null | Whether iCloud backups must be encrypted (iOS). | |
isLocationServicesBlocked | boolean | null | Whether device location services are blocked. | |
isMicrophoneBlocked | boolean | null | Whether the device microphone (or voice recording) is blocked. | |
isMicrosoftAccountBlocked | boolean | null | Whether sign-in with personal Microsoft accounts is blocked on the device. | |
isOneDriveDisableFileSync | boolean | null | Whether OneDrive file-sync is disabled on the device. | |
isPasswordBlockFingerprint | boolean | null | Whether fingerprint unlock (biometric) is blocked. | |
isPasswordBlockSimple | boolean | null | Whether simple passwords (e.g. repeating or sequential characters such as 1234, aaaa) are blocked. | |
isPasswordBlockSmartCard | boolean | null | Whether smart-card sign-in is blocked. | |
isPasswordRequired | boolean | null | Whether the device or user must set a password/passcode to unlock the device. | |
isSafariRequireFraudWarning | boolean | null | Whether Safari is required to show fraudulent-website warnings (iOS). | |
isScreenCaptureBlocked | boolean | null | Whether screen capture / screenshots are blocked. | |
isSecureBootEnabled | boolean | null | Whether UEFI Secure Boot is required to be enabled. | |
isSignatureOutOfDateRequired | boolean | null | Whether the policy requires AV signatures to be up to date for the device to be considered compliant. | |
isSiriBlockedWhenLocked | boolean | null | Whether Siri is blocked from being invoked while the device is locked (iOS). | |
isSmartScreenBlockOverrideForFiles | boolean | null | Whether users are blocked from overriding SmartScreen warnings for files. | |
isSmartScreenEnableInShell | boolean | null | Whether Windows SmartScreen is enabled in the shell (file open / download warnings). | |
isStorageRequireDeviceEncryption | boolean | null | Whether device storage (full-disk) encryption is required, regardless of provider (BitLocker on Windows, FileVault on macOS, native on mobile). | |
isTpmRequired | boolean | null | Whether a Trusted Platform Module (TPM) is required for compliance. | |
isUsbBlocked | boolean | null | Whether USB connections / mass-storage are blocked. | |
omaSettingCount | number | null | Number of OMA-URI custom settings present on the policy (Windows custom configurations only). | |
omaUris | array | null | List of OMA-URI paths configured by the policy (e.g. ./Vendor/MSFT/BitLocker/...). Useful for grepping which OMA-URIs are managed without inspecting the per-setting values. | |
osMaximumVersion | string | null | Maximum operating-system version the device may run to be considered compliant. | |
osMinimumVersion | string | null | Minimum operating-system version the device must run to be considered compliant. | |
passwordExpirationDays | number | null | Number of days after which the password must be changed. A value of 0 typically means no expiration. | |
passwordMinimumCharacterSetCount | number | null | Minimum number of distinct character sets (uppercase, lowercase, digits, symbols) the password must include. | |
passwordMinimumLength | number | null | Minimum number of characters required in the password/passcode. | |
passwordMinutesOfInactivityBeforeLock | number | null | Minutes of idle time before the device locks automatically. | |
passwordMinutesOfInactivityBeforeScreenTimeout | number | null | Minutes of idle time before the screen times out (display sleep). | |
passwordPreviousPasswordBlockCount | number | null | Number of previous passwords the user is blocked from reusing. | |
passwordRequiredType | string | null | The complexity class the password must satisfy. Example values: deviceDefault, alphanumeric, numeric, alphabetic, alphanumericWithSymbols. | |
passwordSignInFailureCountBeforeFactoryReset | number | null | Number of consecutive failed sign-in attempts that triggers an automatic factory reset of the device. | |
policyConfigurationIngestionType | string | null | How the Group Policy configuration was authored or imported. Example values: unknown, builtIn, custom, mixed. | |
roleScopeTagIds | array | null | Intune RBAC scope tag IDs associated with this Group Policy configuration. Used to limit which administrators can view/edit the policy. |
Intune Host Agent
intune_host_agent inherits from HostAgent
| Property | Type | Description | Specifications |
|---|---|---|---|
complianceState | string | Any of: unknowncompliantnoncompliantconflicterrorinGracePeriodconfigManager | |
compliant | boolean | Please use isCompliant instead | deprecated: true |
isCompliant | boolean | ||
managementAgent | string | Management channel of the device. Examples: eas, mdm, easMdm, intuneClient, easIntuneClient, jamf, googleCloudDevicePolicyController | |
registrationState | string | Any of: notRegisteredregisteredrevokedkeyConflictapprovalPendingcertificateResetnotRegisteredPendingEnrollmentunknown | |
state | string | Any of: managedretirePendingretireFailedwipePendingwipeFailedunhealthydeletePendingretireIssuedwipeIssuedwipeCanceledretireCanceleddiscovered |
Intune Managed Application
intune_managed_application inherits from Application
| Property | Type | Description | Specifications |
|---|---|---|---|
committedContentVersion | string | null | ||
developer | string | null | Most often the same as the owner | |
featured | boolean | Please use isFeatured instead | deprecated: true |
informationURL | string | null | ||
isFeatured | boolean | Indicates that this app is being featured on the Company Portal | |
isPublished * | boolean | ||
lastUpdatedOn | number | ||
packageId | string | null | ||
privacyInformationURL | string | null | ||
publisher | string | null | ||
version | string | null |
Intune Noncompliance Finding
intune_noncompliance_finding inherits from Finding
| Property | Type | Description | Specifications |
|---|---|---|---|
category * | string | const: endpoint | |
id | string | ||
lastProcessedOn | number | ||
lastTestedOn | number | ||
lastUpdatedOn | number | ||
status | string | Any of: unknownnotApplicablecompliantremediatednonComplianterrorconflictnotAssigned |
Intune Settings Catalog Policy
intune_settings_catalog_policy inherits from Configuration, ControlPolicy
| Property | Type | Description | Specifications |
|---|---|---|---|
appLockerApplicationControl | string | null | AppLocker application control mode. Example values: notConfigured, enforceComponentsAndStoreApps, auditComponentsAndStoreApps, enforceComponentsStoreAppsAndSmartlocker, auditComponentsStoreAppsAndSmartlocker. | |
bitlockerRemovableDriveEncryptionMethod | string | null | Encryption algorithm applied to removable drives. Example values: aesCbc128, aesCbc256, xtsAes128, xtsAes256. | |
bitlockerSystemDriveEncryptionMethod | string | null | Encryption algorithm applied to the operating-system drive. Example values: aesCbc128, aesCbc256, xtsAes128, xtsAes256. | |
category * | string | const: config | |
creationSource | string | null | How the policy was created (e.g. via the Settings Catalog UI, imported template, or via the API). | |
defenderCloudBlockLevel | string | null | Microsoft Defender cloud-block level. Example values: notConfigured, high, highPlus, zeroTolerance. | |
diagnosticsDataSubmissionMode | string | null | Telemetry/diagnostics data submission level. Example values: userDefined, none, basic, enhanced, full. | |
firewallDomainFirewallState | string | null | Domain-profile firewall state. Possible values: enabled, disabled, notConfigured, allowed, blocked (tri/quad-state, not boolean). | |
firewallPrivateFirewallState | string | null | Private-profile firewall state. Possible values: enabled, disabled, notConfigured, allowed, blocked (tri/quad-state, not boolean). | |
firewallPublicFirewallState | string | null | Public-profile firewall state. Possible values: enabled, disabled, notConfigured, allowed, blocked (tri/quad-state, not boolean). | |
function * | string | const: endpoint-configuration | |
isActiveFirewallRequired | boolean | null | Whether an active firewall (any profile) is required for compliance. | |
isAntiSpywareRequired | boolean | null | Whether an anti-spyware product must be installed and active for compliance. | |
isAntivirusRequired | boolean | null | Whether an antivirus product (any vendor) must be installed and active for compliance. | |
isApplicationGuardEnabled | boolean | null | Whether Windows Defender Application Guard is enabled. | |
isAppStoreBlocked | boolean | null | Whether the platform App Store is blocked entirely (no app install/update from the store). | |
isAppStoreRequirePassword | boolean | null | Whether the App Store is required to prompt for a password before every purchase / install. | |
isAssigned | boolean | null | Whether the policy currently has at least one assignment defined in Intune. | |
isBitlockerEncryptDevice | boolean | null | Whether BitLocker disk encryption is required on the device. | |
isBitlockerRemovableDriveBlockCrossOrganizationWriteAccess | boolean | null | Whether the device blocks write access to BitLocker-encrypted drives that were encrypted by another organization. | |
isBitlockerRemovableDriveRequireEncryptionForWriteAccess | boolean | null | Whether the device blocks write access to removable drives that are not BitLocker-encrypted. | |
isBluetoothBlocked | boolean | null | Whether Bluetooth is blocked. | |
isCameraBlocked | boolean | null | Whether the device camera is blocked. | |
isCertificatesBlockUntrustedTlsCertificates | boolean | null | Whether the device is blocked from accepting untrusted TLS certificates. | |
isCodeIntegrityEnabled | boolean | null | Whether Windows code integrity (HVCI) is required. | |
isCommercialDataSharingDisabled | boolean | null | Whether sharing of commercial telemetry data with Microsoft is disabled. | |
isDefenderEnabled | boolean | null | Whether Microsoft Defender must be enabled (compliance gate). | |
isDefenderRequireBehaviorMonitoring | boolean | null | Whether Microsoft Defender behavior monitoring is required. | |
isDefenderRequireCloudProtection | boolean | null | Whether Microsoft Defender cloud-delivered protection is required. | |
isDefenderRequireRealTimeMonitoring | boolean | null | Whether Microsoft Defender real-time monitoring is required. | |
isDefenderSecurityCenterBlockExploitProtectionOverride | boolean | null | Whether users are blocked from overriding the configured exploit-protection settings via the Defender Security Center. | |
isEdgeRequireSmartScreen | boolean | null | Whether Microsoft Edge is required to have SmartScreen enabled. | |
isFileVaultEnabled | boolean | null | Whether FileVault disk encryption is required on macOS. | |
isFirewallDomainInboundConnectionsBlocked | boolean | null | Whether inbound connections are blocked on the Domain firewall profile. | |
isFirewallDomainIncomingTrafficBlocked | boolean | null | Whether incoming traffic is blocked on the Domain firewall profile. | |
isFirewallDomainOutboundConnectionsBlocked | boolean | null | Whether outbound connections are blocked on the Domain firewall profile. | |
isFirewallDomainStealthModeBlocked | boolean | null | Whether stealth mode is blocked on the Domain firewall profile. | |
isFirewallPrivateInboundConnectionsBlocked | boolean | null | Whether inbound connections are blocked on the Private firewall profile. | |
isFirewallPrivateIncomingTrafficBlocked | boolean | null | Whether incoming traffic is blocked on the Private firewall profile. | |
isFirewallPrivateOutboundConnectionsBlocked | boolean | null | Whether outbound connections are blocked on the Private firewall profile. | |
isFirewallPrivateStealthModeBlocked | boolean | null | Whether stealth mode is blocked on the Private firewall profile. | |
isFirewallPublicInboundConnectionsBlocked | boolean | null | Whether inbound connections are blocked on the Public firewall profile. | |
isFirewallPublicIncomingTrafficBlocked | boolean | null | Whether incoming traffic is blocked on the Public firewall profile. | |
isFirewallPublicOutboundConnectionsBlocked | boolean | null | Whether outbound connections are blocked on the Public firewall profile. | |
isFirewallPublicStealthModeBlocked | boolean | null | Whether stealth mode is blocked on the Public firewall profile. | |
isHealthyDeviceReportRequired | boolean | null | Whether a recent Windows Health Attestation report is required for compliance. | |
isICloudRequireEncryptedBackup | boolean | null | Whether iCloud backups must be encrypted (iOS). | |
isLocationServicesBlocked | boolean | null | Whether device location services are blocked. | |
isMicrophoneBlocked | boolean | null | Whether the device microphone (or voice recording) is blocked. | |
isMicrosoftAccountBlocked | boolean | null | Whether sign-in with personal Microsoft accounts is blocked on the device. | |
isOneDriveDisableFileSync | boolean | null | Whether OneDrive file-sync is disabled on the device. | |
isPasswordBlockFingerprint | boolean | null | Whether fingerprint unlock (biometric) is blocked. | |
isPasswordBlockSimple | boolean | null | Whether simple passwords (e.g. repeating or sequential characters such as 1234, aaaa) are blocked. | |
isPasswordBlockSmartCard | boolean | null | Whether smart-card sign-in is blocked. | |
isPasswordRequired | boolean | null | Whether the device or user must set a password/passcode to unlock the device. | |
isSafariRequireFraudWarning | boolean | null | Whether Safari is required to show fraudulent-website warnings (iOS). | |
isScreenCaptureBlocked | boolean | null | Whether screen capture / screenshots are blocked. | |
isSecureBootEnabled | boolean | null | Whether UEFI Secure Boot is required to be enabled. | |
isSignatureOutOfDateRequired | boolean | null | Whether the policy requires AV signatures to be up to date for the device to be considered compliant. | |
isSiriBlockedWhenLocked | boolean | null | Whether Siri is blocked from being invoked while the device is locked (iOS). | |
isSmartScreenBlockOverrideForFiles | boolean | null | Whether users are blocked from overriding SmartScreen warnings for files. | |
isSmartScreenEnableInShell | boolean | null | Whether Windows SmartScreen is enabled in the shell (file open / download warnings). | |
isStorageRequireDeviceEncryption | boolean | null | Whether device storage (full-disk) encryption is required, regardless of provider (BitLocker on Windows, FileVault on macOS, native on mobile). | |
isTpmRequired | boolean | null | Whether a Trusted Platform Module (TPM) is required for compliance. | |
isUsbBlocked | boolean | null | Whether USB connections / mass-storage are blocked. | |
omaSettingCount | number | null | Number of OMA-URI custom settings present on the policy (Windows custom configurations only). | |
omaUris | array | null | List of OMA-URI paths configured by the policy (e.g. ./Vendor/MSFT/BitLocker/...). Useful for grepping which OMA-URIs are managed without inspecting the per-setting values. | |
osMaximumVersion | string | null | Maximum operating-system version the device may run to be considered compliant. | |
osMinimumVersion | string | null | Minimum operating-system version the device must run to be considered compliant. | |
passwordExpirationDays | number | null | Number of days after which the password must be changed. A value of 0 typically means no expiration. | |
passwordMinimumCharacterSetCount | number | null | Minimum number of distinct character sets (uppercase, lowercase, digits, symbols) the password must include. | |
passwordMinimumLength | number | null | Minimum number of characters required in the password/passcode. | |
passwordMinutesOfInactivityBeforeLock | number | null | Minutes of idle time before the device locks automatically. | |
passwordMinutesOfInactivityBeforeScreenTimeout | number | null | Minutes of idle time before the screen times out (display sleep). | |
passwordPreviousPasswordBlockCount | number | null | Number of previous passwords the user is blocked from reusing. | |
passwordRequiredType | string | null | The complexity class the password must satisfy. Example values: deviceDefault, alphanumeric, numeric, alphabetic, alphanumericWithSymbols. | |
passwordSignInFailureCountBeforeFactoryReset | number | null | Number of consecutive failed sign-in attempts that triggers an automatic factory reset of the device. | |
platforms | string | null | Platforms the Settings Catalog policy targets. Example values: windows10, macOS, iOS, android, androidEnterprise. | |
priority | number | null | Priority assigned to this policy by Intune for conflict resolution. Lower numeric values typically indicate higher priority. | |
roleScopeTagIds | array | null | Intune RBAC scope tag IDs associated with this policy. Used to limit which administrators can view/edit the policy. | |
settingCount | number | null | Number of settings configured by this Settings Catalog policy. | |
technologies | string | null | Comma-separated list of management technologies the policy applies through. Example values: mdm, windows10XManagement, configManager, microsoftSense. | |
templateDisplayName | string | null | Display name of the Settings Catalog template this policy was instantiated from, when applicable. | |
templateDisplayVersion | string | null | Display version of the Settings Catalog template this policy was instantiated from, when applicable. | |
templateFamily | string | null | Template family the policy was derived from, when applicable. Example values: endpointSecurityAntivirus, endpointSecurityDiskEncryption, endpointSecurityFirewall. | |
templateId | string | null | Microsoft identifier of the Settings Catalog template this policy was instantiated from, when applicable. |
Laptop
laptop inherits from Device, Host
Microsoft 365 Account
microsoft_365_account inherits from Account
| Property | Type | Description | Specifications |
|---|---|---|---|
defaultDomain | string | ||
intuneAccountId | string | ||
intuneSubscriptionState | string | ||
mobileDeviceManagementAuthority | string | ||
organizationName | string | null | ||
verifiedDomains | array of strings |
Server
server inherits from Host
Server
server inherits from Device, Host
| Property | Type | Description | Specifications |
|---|---|---|---|
aadDeviceId | string | ||
assetTag | array of strings | ||
BYOD | boolean | ||
deviceCategoryDisplayName | string | ||
deviceName | string | ||
deviceType | string | ||
easDeviceId | string | ||
encrypted | boolean | ||
enrolledDateTime | number | ||
ethernetMacAddress | string | ||
freeStorageSpace | string | ||
freeStorageSpaceInBytes | number | ||
hardwareManufacturer | string | ||
hardwareModel | string | ||
hardwareSerial | string | ||
hardwareVendor | string | ||
hardwareVersion | string | ||
iccid | string | ||
id | string | ||
imei | string | ||
ipAddress | string | ||
jailBroken | string | ||
lastSyncDateTime | number | ||
lastUpdateDateTime | number | ||
macAddress | array of strings | ||
managed | boolean | ||
meid | string | ||
name | string | ||
ownerType | string | ||
phoneNumber | string | ||
physical | boolean | ||
processorArchitecture | string | ||
serialNumber | string | ||
supervised | boolean | ||
totalPhysicalMemory | string | ||
totalPhysicalMemoryInBytes | number | ||
totalStorageSpace | string | ||
totalStorageSpaceInBytes | number | ||
udid | string | ||
userDisplayName | string | ||
userEmails | array of strings | ||
userId | string | ||
username | string | ||
version | string | ||
wifiMacAddress | string |
Smartphone
smartphone inherits from Device, Host
User Endpoint
user_endpoint inherits from Device, Host
Workstation
workstation inherits from Device, Host
Release Notes
- 2026-04-08 — Improved OS type and detail accuracy for Microsoft 365 Intune managed device entities.
- 2026-02-12 — Added raw data properties to Windows Autopilot device identity entities, including deployment profile assignment timestamps and last contact time.
- 2025-10-21 — Added Windows Autopilot device identity ingestion, exposing enrollment state, deployment profile assignment, and last contact time.
- 2025-07-01 — Added direct group membership relationships for Microsoft 365 group members when the user exists in JupiterOne, improving relationship accuracy over mapped relationships.