Create androidCompliancePolicy
Article 08/01/2024
13 contributors
Feedback
In this article
Namespace: microsoft.graph
Note: The Microsoft Graph API for Intune requires an active Intune license for the tenant.
Create a new androidCompliancePolicy object.
This API is available in the following national cloud deployments .
Global service
US Government L4
US Government L5 (DOD)
China operated by 21Vianet
✅
✅
✅
✅
Permissions
One of the following permissions is required to call this API. To learn more, including how to choose permissions, see Permissions .
Permission type
Permissions (from least to most privileged)
Delegated (work or school account)
DeviceManagementConfiguration.ReadWrite.All
Delegated (personal Microsoft account)
Not supported.
Application
DeviceManagementConfiguration.ReadWrite.All
HTTP Request
POST /deviceManagement/deviceCompliancePolicies
Request body
In the request body, supply a JSON representation for the androidCompliancePolicy object.
The following table shows the properties that are required when you create the androidCompliancePolicy.
Property
Type
Description
id
String
Key of the entity. Inherited from deviceCompliancePolicy
createdDateTime
DateTimeOffset
DateTime the object was created. Inherited from deviceCompliancePolicy
description
String
Admin provided description of the Device Configuration. Inherited from deviceCompliancePolicy
lastModifiedDateTime
DateTimeOffset
DateTime the object was last modified. Inherited from deviceCompliancePolicy
displayName
String
Admin provided name of the device configuration. Inherited from deviceCompliancePolicy
version
Int32
Version of the device configuration. Inherited from deviceCompliancePolicy
passwordRequired
Boolean
Require a password to unlock device.
passwordMinimumLength
Int32
Minimum password length. Valid values 4 to 16
passwordRequiredType
androidRequiredPasswordType Type of characters in password. Possible values are: deviceDefault, alphabetic, alphanumeric, alphanumericWithSymbols, lowSecurityBiometric, numeric, numericComplex, any.
passwordMinutesOfInactivityBeforeLock
Int32
Minutes of inactivity before a password is required.
passwordExpirationDays
Int32
Number of days before the password expires. Valid values 1 to 365
passwordPreviousPasswordBlockCount
Int32
Number of previous passwords to block. Valid values 1 to 24
securityPreventInstallAppsFromUnknownSources
Boolean
Require that devices disallow installation of apps from unknown sources.
securityDisableUsbDebugging
Boolean
Disable USB debugging on Android devices.
securityRequireVerifyApps
Boolean
Require the Android Verify apps feature is turned on.
deviceThreatProtectionEnabled
Boolean
Require that devices have enabled device threat protection.
deviceThreatProtectionRequiredSecurityLevel
deviceThreatProtectionLevel Require Mobile Threat Protection minimum risk level to report noncompliance. Possible values are: unavailable, secured, low, medium, high, notSet.
securityBlockJailbrokenDevices
Boolean
Devices must not be jailbroken or rooted.
osMinimumVersion
String
Minimum Android version.
osMaximumVersion
String
Maximum Android version.
minAndroidSecurityPatchLevel
String
Minimum Android security patch level.
storageRequireEncryption
Boolean
Require encryption on Android devices.
securityRequireSafetyNetAttestationBasicIntegrity
Boolean
Require the device to pass the SafetyNet basic integrity check.
securityRequireSafetyNetAttestationCertifiedDevice
Boolean
Require the device to pass the SafetyNet certified device check.
securityRequireGooglePlayServices
Boolean
Require Google Play Services to be installed and enabled on the device.
securityRequireUpToDateSecurityProviders
Boolean
Require the device to have up to date security providers. The device will require Google Play Services to be enabled and up to date.
securityRequireCompanyPortalAppIntegrity
Boolean
Require the device to pass the Company Portal client app runtime integrity check.
Response
If successful, this method returns a 201 Created response code and a androidCompliancePolicy object in the response body.
Example
Request
Here is an example of the request.
POST https://graph.microsoft.com/v1.0/deviceManagement/deviceCompliancePolicies
Content-type: application/json
Content-length: 1159
{
"@odata.type": "#microsoft.graph.androidCompliancePolicy",
"description": "Description value",
"displayName": "Display Name value",
"version": 7,
"passwordRequired": true,
"passwordMinimumLength": 5,
"passwordRequiredType": "alphabetic",
"passwordMinutesOfInactivityBeforeLock": 5,
"passwordExpirationDays": 6,
"passwordPreviousPasswordBlockCount": 2,
"securityPreventInstallAppsFromUnknownSources": true,
"securityDisableUsbDebugging": true,
"securityRequireVerifyApps": true,
"deviceThreatProtectionEnabled": true,
"deviceThreatProtectionRequiredSecurityLevel": "secured",
"securityBlockJailbrokenDevices": true,
"osMinimumVersion": "Os Minimum Version value",
"osMaximumVersion": "Os Maximum Version value",
"minAndroidSecurityPatchLevel": "Min Android Security Patch Level value",
"storageRequireEncryption": true,
"securityRequireSafetyNetAttestationBasicIntegrity": true,
"securityRequireSafetyNetAttestationCertifiedDevice": true,
"securityRequireGooglePlayServices": true,
"securityRequireUpToDateSecurityProviders": true,
"securityRequireCompanyPortalAppIntegrity": true
}
// Code snippets are only available for the latest version. Current version is 5.x
// Dependencies
using Microsoft.Graph.Models;
var requestBody = new AndroidCompliancePolicy
{
OdataType = "#microsoft.graph.androidCompliancePolicy",
Description = "Description value",
DisplayName = "Display Name value",
Version = 7,
PasswordRequired = true,
PasswordMinimumLength = 5,
PasswordRequiredType = AndroidRequiredPasswordType.Alphabetic,
PasswordMinutesOfInactivityBeforeLock = 5,
PasswordExpirationDays = 6,
PasswordPreviousPasswordBlockCount = 2,
SecurityPreventInstallAppsFromUnknownSources = true,
SecurityDisableUsbDebugging = true,
SecurityRequireVerifyApps = true,
DeviceThreatProtectionEnabled = true,
DeviceThreatProtectionRequiredSecurityLevel = DeviceThreatProtectionLevel.Secured,
SecurityBlockJailbrokenDevices = true,
OsMinimumVersion = "Os Minimum Version value",
OsMaximumVersion = "Os Maximum Version value",
MinAndroidSecurityPatchLevel = "Min Android Security Patch Level value",
StorageRequireEncryption = true,
SecurityRequireSafetyNetAttestationBasicIntegrity = true,
SecurityRequireSafetyNetAttestationCertifiedDevice = true,
SecurityRequireGooglePlayServices = true,
SecurityRequireUpToDateSecurityProviders = true,
SecurityRequireCompanyPortalAppIntegrity = true,
};
// To initialize your graphClient, see https://zcusa.951200.xyz/en-us/graph/sdks/create-client?from=snippets&tabs=csharp
var result = await graphClient.DeviceManagement.DeviceCompliancePolicies.PostAsync(requestBody);
For details about how to add the SDK to your project and create an authProvider instance, see the SDK documentation .
mgc device-management device-compliance-policies create --body '{\
"@odata.type": "#microsoft.graph.androidCompliancePolicy",\
"description": "Description value",\
"displayName": "Display Name value",\
"version": 7,\
"passwordRequired": true,\
"passwordMinimumLength": 5,\
"passwordRequiredType": "alphabetic",\
"passwordMinutesOfInactivityBeforeLock": 5,\
"passwordExpirationDays": 6,\
"passwordPreviousPasswordBlockCount": 2,\
"securityPreventInstallAppsFromUnknownSources": true,\
"securityDisableUsbDebugging": true,\
"securityRequireVerifyApps": true,\
"deviceThreatProtectionEnabled": true,\
"deviceThreatProtectionRequiredSecurityLevel": "secured",\
"securityBlockJailbrokenDevices": true,\
"osMinimumVersion": "Os Minimum Version value",\
"osMaximumVersion": "Os Maximum Version value",\
"minAndroidSecurityPatchLevel": "Min Android Security Patch Level value",\
"storageRequireEncryption": true,\
"securityRequireSafetyNetAttestationBasicIntegrity": true,\
"securityRequireSafetyNetAttestationCertifiedDevice": true,\
"securityRequireGooglePlayServices": true,\
"securityRequireUpToDateSecurityProviders": true,\
"securityRequireCompanyPortalAppIntegrity": true\
}\
'
For details about how to add the SDK to your project and create an authProvider instance, see the SDK documentation .
// Code snippets are only available for the latest major version. Current major version is $v1.*
// Dependencies
import (
"context"
msgraphsdk "github.com/microsoftgraph/msgraph-sdk-go"
graphmodels "github.com/microsoftgraph/msgraph-sdk-go/models"
//other-imports
)
requestBody := graphmodels.NewDeviceCompliancePolicy()
description := "Description value"
requestBody.SetDescription(&description)
displayName := "Display Name value"
requestBody.SetDisplayName(&displayName)
version := int32(7)
requestBody.SetVersion(&version)
passwordRequired := true
requestBody.SetPasswordRequired(&passwordRequired)
passwordMinimumLength := int32(5)
requestBody.SetPasswordMinimumLength(&passwordMinimumLength)
passwordRequiredType := graphmodels.ALPHABETIC_ANDROIDREQUIREDPASSWORDTYPE
requestBody.SetPasswordRequiredType(&passwordRequiredType)
passwordMinutesOfInactivityBeforeLock := int32(5)
requestBody.SetPasswordMinutesOfInactivityBeforeLock(&passwordMinutesOfInactivityBeforeLock)
passwordExpirationDays := int32(6)
requestBody.SetPasswordExpirationDays(&passwordExpirationDays)
passwordPreviousPasswordBlockCount := int32(2)
requestBody.SetPasswordPreviousPasswordBlockCount(&passwordPreviousPasswordBlockCount)
securityPreventInstallAppsFromUnknownSources := true
requestBody.SetSecurityPreventInstallAppsFromUnknownSources(&securityPreventInstallAppsFromUnknownSources)
securityDisableUsbDebugging := true
requestBody.SetSecurityDisableUsbDebugging(&securityDisableUsbDebugging)
securityRequireVerifyApps := true
requestBody.SetSecurityRequireVerifyApps(&securityRequireVerifyApps)
deviceThreatProtectionEnabled := true
requestBody.SetDeviceThreatProtectionEnabled(&deviceThreatProtectionEnabled)
deviceThreatProtectionRequiredSecurityLevel := graphmodels.SECURED_DEVICETHREATPROTECTIONLEVEL
requestBody.SetDeviceThreatProtectionRequiredSecurityLevel(&deviceThreatProtectionRequiredSecurityLevel)
securityBlockJailbrokenDevices := true
requestBody.SetSecurityBlockJailbrokenDevices(&securityBlockJailbrokenDevices)
osMinimumVersion := "Os Minimum Version value"
requestBody.SetOsMinimumVersion(&osMinimumVersion)
osMaximumVersion := "Os Maximum Version value"
requestBody.SetOsMaximumVersion(&osMaximumVersion)
minAndroidSecurityPatchLevel := "Min Android Security Patch Level value"
requestBody.SetMinAndroidSecurityPatchLevel(&minAndroidSecurityPatchLevel)
storageRequireEncryption := true
requestBody.SetStorageRequireEncryption(&storageRequireEncryption)
securityRequireSafetyNetAttestationBasicIntegrity := true
requestBody.SetSecurityRequireSafetyNetAttestationBasicIntegrity(&securityRequireSafetyNetAttestationBasicIntegrity)
securityRequireSafetyNetAttestationCertifiedDevice := true
requestBody.SetSecurityRequireSafetyNetAttestationCertifiedDevice(&securityRequireSafetyNetAttestationCertifiedDevice)
securityRequireGooglePlayServices := true
requestBody.SetSecurityRequireGooglePlayServices(&securityRequireGooglePlayServices)
securityRequireUpToDateSecurityProviders := true
requestBody.SetSecurityRequireUpToDateSecurityProviders(&securityRequireUpToDateSecurityProviders)
securityRequireCompanyPortalAppIntegrity := true
requestBody.SetSecurityRequireCompanyPortalAppIntegrity(&securityRequireCompanyPortalAppIntegrity)
// To initialize your graphClient, see https://zcusa.951200.xyz/en-us/graph/sdks/create-client?from=snippets&tabs=go
deviceCompliancePolicies, err := graphClient.DeviceManagement().DeviceCompliancePolicies().Post(context.Background(), requestBody, nil)
For details about how to add the SDK to your project and create an authProvider instance, see the SDK documentation .
// Code snippets are only available for the latest version. Current version is 6.x
GraphServiceClient graphClient = new GraphServiceClient(requestAdapter);
AndroidCompliancePolicy deviceCompliancePolicy = new AndroidCompliancePolicy();
deviceCompliancePolicy.setOdataType("#microsoft.graph.androidCompliancePolicy");
deviceCompliancePolicy.setDescription("Description value");
deviceCompliancePolicy.setDisplayName("Display Name value");
deviceCompliancePolicy.setVersion(7);
deviceCompliancePolicy.setPasswordRequired(true);
deviceCompliancePolicy.setPasswordMinimumLength(5);
deviceCompliancePolicy.setPasswordRequiredType(AndroidRequiredPasswordType.Alphabetic);
deviceCompliancePolicy.setPasswordMinutesOfInactivityBeforeLock(5);
deviceCompliancePolicy.setPasswordExpirationDays(6);
deviceCompliancePolicy.setPasswordPreviousPasswordBlockCount(2);
deviceCompliancePolicy.setSecurityPreventInstallAppsFromUnknownSources(true);
deviceCompliancePolicy.setSecurityDisableUsbDebugging(true);
deviceCompliancePolicy.setSecurityRequireVerifyApps(true);
deviceCompliancePolicy.setDeviceThreatProtectionEnabled(true);
deviceCompliancePolicy.setDeviceThreatProtectionRequiredSecurityLevel(DeviceThreatProtectionLevel.Secured);
deviceCompliancePolicy.setSecurityBlockJailbrokenDevices(true);
deviceCompliancePolicy.setOsMinimumVersion("Os Minimum Version value");
deviceCompliancePolicy.setOsMaximumVersion("Os Maximum Version value");
deviceCompliancePolicy.setMinAndroidSecurityPatchLevel("Min Android Security Patch Level value");
deviceCompliancePolicy.setStorageRequireEncryption(true);
deviceCompliancePolicy.setSecurityRequireSafetyNetAttestationBasicIntegrity(true);
deviceCompliancePolicy.setSecurityRequireSafetyNetAttestationCertifiedDevice(true);
deviceCompliancePolicy.setSecurityRequireGooglePlayServices(true);
deviceCompliancePolicy.setSecurityRequireUpToDateSecurityProviders(true);
deviceCompliancePolicy.setSecurityRequireCompanyPortalAppIntegrity(true);
DeviceCompliancePolicy result = graphClient.deviceManagement().deviceCompliancePolicies().post(deviceCompliancePolicy);
For details about how to add the SDK to your project and create an authProvider instance, see the SDK documentation .
const options = {
authProvider,
};
const client = Client.init(options);
const deviceCompliancePolicy = {
'@odata.type': '#microsoft.graph.androidCompliancePolicy',
description: 'Description value',
displayName: 'Display Name value',
version: 7,
passwordRequired: true,
passwordMinimumLength: 5,
passwordRequiredType: 'alphabetic',
passwordMinutesOfInactivityBeforeLock: 5,
passwordExpirationDays: 6,
passwordPreviousPasswordBlockCount: 2,
securityPreventInstallAppsFromUnknownSources: true,
securityDisableUsbDebugging: true,
securityRequireVerifyApps: true,
deviceThreatProtectionEnabled: true,
deviceThreatProtectionRequiredSecurityLevel: 'secured',
securityBlockJailbrokenDevices: true,
osMinimumVersion: 'Os Minimum Version value',
osMaximumVersion: 'Os Maximum Version value',
minAndroidSecurityPatchLevel: 'Min Android Security Patch Level value',
storageRequireEncryption: true,
securityRequireSafetyNetAttestationBasicIntegrity: true,
securityRequireSafetyNetAttestationCertifiedDevice: true,
securityRequireGooglePlayServices: true,
securityRequireUpToDateSecurityProviders: true,
securityRequireCompanyPortalAppIntegrity: true
};
await client.api('/deviceManagement/deviceCompliancePolicies')
.post(deviceCompliancePolicy);
For details about how to add the SDK to your project and create an authProvider instance, see the SDK documentation .
<?php
use Microsoft\Graph\GraphServiceClient;
use Microsoft\Graph\Generated\Models\AndroidCompliancePolicy;
use Microsoft\Graph\Generated\Models\AndroidRequiredPasswordType;
use Microsoft\Graph\Generated\Models\DeviceThreatProtectionLevel;
$graphServiceClient = new GraphServiceClient($tokenRequestContext, $scopes);
$requestBody = new AndroidCompliancePolicy();
$requestBody->setOdataType('#microsoft.graph.androidCompliancePolicy');
$requestBody->setDescription('Description value');
$requestBody->setDisplayName('Display Name value');
$requestBody->setVersion(7);
$requestBody->setPasswordRequired(true);
$requestBody->setPasswordMinimumLength(5);
$requestBody->setPasswordRequiredType(new AndroidRequiredPasswordType('alphabetic'));
$requestBody->setPasswordMinutesOfInactivityBeforeLock(5);
$requestBody->setPasswordExpirationDays(6);
$requestBody->setPasswordPreviousPasswordBlockCount(2);
$requestBody->setSecurityPreventInstallAppsFromUnknownSources(true);
$requestBody->setSecurityDisableUsbDebugging(true);
$requestBody->setSecurityRequireVerifyApps(true);
$requestBody->setDeviceThreatProtectionEnabled(true);
$requestBody->setDeviceThreatProtectionRequiredSecurityLevel(new DeviceThreatProtectionLevel('secured'));
$requestBody->setSecurityBlockJailbrokenDevices(true);
$requestBody->setOsMinimumVersion('Os Minimum Version value');
$requestBody->setOsMaximumVersion('Os Maximum Version value');
$requestBody->setMinAndroidSecurityPatchLevel('Min Android Security Patch Level value');
$requestBody->setStorageRequireEncryption(true);
$requestBody->setSecurityRequireSafetyNetAttestationBasicIntegrity(true);
$requestBody->setSecurityRequireSafetyNetAttestationCertifiedDevice(true);
$requestBody->setSecurityRequireGooglePlayServices(true);
$requestBody->setSecurityRequireUpToDateSecurityProviders(true);
$requestBody->setSecurityRequireCompanyPortalAppIntegrity(true);
$result = $graphServiceClient->deviceManagement()->deviceCompliancePolicies()->post($requestBody)->wait();
For details about how to add the SDK to your project and create an authProvider instance, see the SDK documentation .
Import-Module Microsoft.Graph.DeviceManagement
$params = @{
"@odata.type" = "#microsoft.graph.androidCompliancePolicy"
description = "Description value"
displayName = "Display Name value"
version = 7
passwordRequired = $true
passwordMinimumLength =
passwordRequiredType = "alphabetic"
passwordMinutesOfInactivityBeforeLock =
passwordExpirationDays =
passwordPreviousPasswordBlockCount =
securityPreventInstallAppsFromUnknownSources = $true
securityDisableUsbDebugging = $true
securityRequireVerifyApps = $true
deviceThreatProtectionEnabled = $true
deviceThreatProtectionRequiredSecurityLevel = "secured"
securityBlockJailbrokenDevices = $true
osMinimumVersion = "Os Minimum Version value"
osMaximumVersion = "Os Maximum Version value"
minAndroidSecurityPatchLevel = "Min Android Security Patch Level value"
storageRequireEncryption = $true
securityRequireSafetyNetAttestationBasicIntegrity = $true
securityRequireSafetyNetAttestationCertifiedDevice = $true
securityRequireGooglePlayServices = $true
securityRequireUpToDateSecurityProviders = $true
securityRequireCompanyPortalAppIntegrity = $true
}
New-MgDeviceManagementDeviceCompliancePolicy -BodyParameter $params
For details about how to add the SDK to your project and create an authProvider instance, see the SDK documentation .
# Code snippets are only available for the latest version. Current version is 1.x
from msgraph import GraphServiceClient
from msgraph.generated.models.android_compliance_policy import AndroidCompliancePolicy
from msgraph.generated.models.android_required_password_type import AndroidRequiredPasswordType
from msgraph.generated.models.device_threat_protection_level import DeviceThreatProtectionLevel
# To initialize your graph_client, see https://zcusa.951200.xyz/en-us/graph/sdks/create-client?from=snippets&tabs=python
request_body = AndroidCompliancePolicy(
odata_type = "#microsoft.graph.androidCompliancePolicy",
description = "Description value",
display_name = "Display Name value",
version = 7,
password_required = True,
password_minimum_length = 5,
password_required_type = AndroidRequiredPasswordType.Alphabetic,
password_minutes_of_inactivity_before_lock = 5,
password_expiration_days = 6,
password_previous_password_block_count = 2,
security_prevent_install_apps_from_unknown_sources = True,
security_disable_usb_debugging = True,
security_require_verify_apps = True,
device_threat_protection_enabled = True,
device_threat_protection_required_security_level = DeviceThreatProtectionLevel.Secured,
security_block_jailbroken_devices = True,
os_minimum_version = "Os Minimum Version value",
os_maximum_version = "Os Maximum Version value",
min_android_security_patch_level = "Min Android Security Patch Level value",
storage_require_encryption = True,
security_require_safety_net_attestation_basic_integrity = True,
security_require_safety_net_attestation_certified_device = True,
security_require_google_play_services = True,
security_require_up_to_date_security_providers = True,
security_require_company_portal_app_integrity = True,
)
result = await graph_client.device_management.device_compliance_policies.post(request_body)
For details about how to add the SDK to your project and create an authProvider instance, see the SDK documentation .
Response
Here is an example of the response. Note: The response object shown here may be truncated for brevity. All of the properties will be returned from an actual call.
HTTP/1.1 201 Created
Content-Type: application/json
Content-Length: 1331
{
"@odata.type": "#microsoft.graph.androidCompliancePolicy",
"id": "752c820f-820f-752c-0f82-2c750f822c75",
"createdDateTime": "2017-01-01T00:02:43.5775965-08:00",
"description": "Description value",
"lastModifiedDateTime": "2017-01-01T00:00:35.1329464-08:00",
"displayName": "Display Name value",
"version": 7,
"passwordRequired": true,
"passwordMinimumLength": 5,
"passwordRequiredType": "alphabetic",
"passwordMinutesOfInactivityBeforeLock": 5,
"passwordExpirationDays": 6,
"passwordPreviousPasswordBlockCount": 2,
"securityPreventInstallAppsFromUnknownSources": true,
"securityDisableUsbDebugging": true,
"securityRequireVerifyApps": true,
"deviceThreatProtectionEnabled": true,
"deviceThreatProtectionRequiredSecurityLevel": "secured",
"securityBlockJailbrokenDevices": true,
"osMinimumVersion": "Os Minimum Version value",
"osMaximumVersion": "Os Maximum Version value",
"minAndroidSecurityPatchLevel": "Min Android Security Patch Level value",
"storageRequireEncryption": true,
"securityRequireSafetyNetAttestationBasicIntegrity": true,
"securityRequireSafetyNetAttestationCertifiedDevice": true,
"securityRequireGooglePlayServices": true,
"securityRequireUpToDateSecurityProviders": true,
"securityRequireCompanyPortalAppIntegrity": true
}