Create windows10CompliancePolicy

Namespace: microsoft.graph

Note: The Microsoft Graph API for Intune requires an active Intune license for the tenant.

Create a new windows10CompliancePolicy object.

This API is available in the following national cloud deployments.

Global service	US Government L4	US Government L5 (DOD)	China operated by 21Vianet
✅	✅	✅	✅

Permissions

One of the following permissions is required to call this API. To learn more, including how to choose permissions, see Permissions.

Permission type	Permissions (from least to most privileged)
Delegated (work or school account)	DeviceManagementConfiguration.ReadWrite.All
Delegated (personal Microsoft account)	Not supported.
Application	DeviceManagementConfiguration.ReadWrite.All

HTTP Request

POST /deviceManagement/deviceCompliancePolicies

Request headers

Header	Value
Authorization	Bearer {token}. Required. Learn more about authentication and authorization.
Accept	application/json

Request body

In the request body, supply a JSON representation for the windows10CompliancePolicy object.

The following table shows the properties that are required when you create the windows10CompliancePolicy.

Property	Type	Description
id	String	Key of the entity. Inherited from deviceCompliancePolicy
createdDateTime	DateTimeOffset	DateTime the object was created. Inherited from deviceCompliancePolicy
description	String	Admin provided description of the Device Configuration. Inherited from deviceCompliancePolicy
lastModifiedDateTime	DateTimeOffset	DateTime the object was last modified. Inherited from deviceCompliancePolicy
displayName	String	Admin provided name of the device configuration. Inherited from deviceCompliancePolicy
version	Int32	Version of the device configuration. Inherited from deviceCompliancePolicy
passwordRequired	Boolean	Require a password to unlock Windows device.
passwordBlockSimple	Boolean	Indicates whether or not to block simple password.
passwordRequiredToUnlockFromIdle	Boolean	Require a password to unlock an idle device.
passwordMinutesOfInactivityBeforeLock	Int32	Minutes of inactivity before a password is required.
passwordExpirationDays	Int32	The password expiration in days.
passwordMinimumLength	Int32	The minimum password length.
passwordMinimumCharacterSetCount	Int32	The number of character sets required in the password.
passwordRequiredType	requiredPasswordType	The required password type. Possible values are: deviceDefault, alphanumeric, numeric.
passwordPreviousPasswordBlockCount	Int32	The number of previous passwords to prevent re-use of.
requireHealthyDeviceReport	Boolean	Require devices to be reported as healthy by Windows Device Health Attestation.
osMinimumVersion	String	Minimum Windows 10 version.
osMaximumVersion	String	Maximum Windows 10 version.
mobileOsMinimumVersion	String	Minimum Windows Phone version.
mobileOsMaximumVersion	String	Maximum Windows Phone version.
earlyLaunchAntiMalwareDriverEnabled	Boolean	Require devices to be reported as healthy by Windows Device Health Attestation - early launch antimalware driver is enabled.
bitLockerEnabled	Boolean	Require devices to be reported healthy by Windows Device Health Attestation - bit locker is enabled
secureBootEnabled	Boolean	Require devices to be reported as healthy by Windows Device Health Attestation - secure boot is enabled.
codeIntegrityEnabled	Boolean	Require devices to be reported as healthy by Windows Device Health Attestation.
storageRequireEncryption	Boolean	Require encryption on windows devices.

Response

If successful, this method returns a 201 Created response code and a windows10CompliancePolicy object in the response body.

Example

Request

Here is an example of the request.

HTTP

POST https://graph.microsoft.com/v1.0/deviceManagement/deviceCompliancePolicies
Content-type: application/json
Content-length: 954

{
  "@odata.type": "#microsoft.graph.windows10CompliancePolicy",
  "description": "Description value",
  "displayName": "Display Name value",
  "version": 7,
  "passwordRequired": true,
  "passwordBlockSimple": true,
  "passwordRequiredToUnlockFromIdle": true,
  "passwordMinutesOfInactivityBeforeLock": 5,
  "passwordExpirationDays": 6,
  "passwordMinimumLength": 5,
  "passwordMinimumCharacterSetCount": 0,
  "passwordRequiredType": "alphanumeric",
  "passwordPreviousPasswordBlockCount": 2,
  "requireHealthyDeviceReport": true,
  "osMinimumVersion": "Os Minimum Version value",
  "osMaximumVersion": "Os Maximum Version value",
  "mobileOsMinimumVersion": "Mobile Os Minimum Version value",
  "mobileOsMaximumVersion": "Mobile Os Maximum Version value",
  "earlyLaunchAntiMalwareDriverEnabled": true,
  "bitLockerEnabled": true,
  "secureBootEnabled": true,
  "codeIntegrityEnabled": true,
  "storageRequireEncryption": true
}

C#

// Code snippets are only available for the latest version. Current version is 5.x

// Dependencies
using Microsoft.Graph.Models;

var requestBody = new Windows10CompliancePolicy
{
	OdataType = "#microsoft.graph.windows10CompliancePolicy",
	Description = "Description value",
	DisplayName = "Display Name value",
	Version = 7,
	PasswordRequired = true,
	PasswordBlockSimple = true,
	PasswordRequiredToUnlockFromIdle = true,
	PasswordMinutesOfInactivityBeforeLock = 5,
	PasswordExpirationDays = 6,
	PasswordMinimumLength = 5,
	PasswordMinimumCharacterSetCount = 0,
	PasswordRequiredType = RequiredPasswordType.Alphanumeric,
	PasswordPreviousPasswordBlockCount = 2,
	RequireHealthyDeviceReport = true,
	OsMinimumVersion = "Os Minimum Version value",
	OsMaximumVersion = "Os Maximum Version value",
	MobileOsMinimumVersion = "Mobile Os Minimum Version value",
	MobileOsMaximumVersion = "Mobile Os Maximum Version value",
	EarlyLaunchAntiMalwareDriverEnabled = true,
	BitLockerEnabled = true,
	SecureBootEnabled = true,
	CodeIntegrityEnabled = true,
	StorageRequireEncryption = true,
};

// To initialize your graphClient, see https://learn.microsoft.com/en-us/graph/sdks/create-client?from=snippets&tabs=csharp
var result = await graphClient.DeviceManagement.DeviceCompliancePolicies.PostAsync(requestBody);

For details about how to add the SDK to your project and create an authProvider instance, see the SDK documentation.

CLI

mgc device-management device-compliance-policies create --body '{\
  "@odata.type": "#microsoft.graph.windows10CompliancePolicy",\
  "description": "Description value",\
  "displayName": "Display Name value",\
  "version": 7,\
  "passwordRequired": true,\
  "passwordBlockSimple": true,\
  "passwordRequiredToUnlockFromIdle": true,\
  "passwordMinutesOfInactivityBeforeLock": 5,\
  "passwordExpirationDays": 6,\
  "passwordMinimumLength": 5,\
  "passwordMinimumCharacterSetCount": 0,\
  "passwordRequiredType": "alphanumeric",\
  "passwordPreviousPasswordBlockCount": 2,\
  "requireHealthyDeviceReport": true,\
  "osMinimumVersion": "Os Minimum Version value",\
  "osMaximumVersion": "Os Maximum Version value",\
  "mobileOsMinimumVersion": "Mobile Os Minimum Version value",\
  "mobileOsMaximumVersion": "Mobile Os Maximum Version value",\
  "earlyLaunchAntiMalwareDriverEnabled": true,\
  "bitLockerEnabled": true,\
  "secureBootEnabled": true,\
  "codeIntegrityEnabled": true,\
  "storageRequireEncryption": true\
}\
'

For details about how to add the SDK to your project and create an authProvider instance, see the SDK documentation.

Go

// Code snippets are only available for the latest major version. Current major version is $v1.*

// Dependencies
import (
	  "context"
	  msgraphsdk "github.com/microsoftgraph/msgraph-sdk-go"
	  graphmodels "github.com/microsoftgraph/msgraph-sdk-go/models"
	  //other-imports
)

requestBody := graphmodels.NewDeviceCompliancePolicy()
description := "Description value"
requestBody.SetDescription(&description) 
displayName := "Display Name value"
requestBody.SetDisplayName(&displayName) 
version := int32(7)
requestBody.SetVersion(&version) 
passwordRequired := true
requestBody.SetPasswordRequired(&passwordRequired) 
passwordBlockSimple := true
requestBody.SetPasswordBlockSimple(&passwordBlockSimple) 
passwordRequiredToUnlockFromIdle := true
requestBody.SetPasswordRequiredToUnlockFromIdle(&passwordRequiredToUnlockFromIdle) 
passwordMinutesOfInactivityBeforeLock := int32(5)
requestBody.SetPasswordMinutesOfInactivityBeforeLock(&passwordMinutesOfInactivityBeforeLock) 
passwordExpirationDays := int32(6)
requestBody.SetPasswordExpirationDays(&passwordExpirationDays) 
passwordMinimumLength := int32(5)
requestBody.SetPasswordMinimumLength(&passwordMinimumLength) 
passwordMinimumCharacterSetCount := int32(0)
requestBody.SetPasswordMinimumCharacterSetCount(&passwordMinimumCharacterSetCount) 
passwordRequiredType := graphmodels.ALPHANUMERIC_REQUIREDPASSWORDTYPE 
requestBody.SetPasswordRequiredType(&passwordRequiredType) 
passwordPreviousPasswordBlockCount := int32(2)
requestBody.SetPasswordPreviousPasswordBlockCount(&passwordPreviousPasswordBlockCount) 
requireHealthyDeviceReport := true
requestBody.SetRequireHealthyDeviceReport(&requireHealthyDeviceReport) 
osMinimumVersion := "Os Minimum Version value"
requestBody.SetOsMinimumVersion(&osMinimumVersion) 
osMaximumVersion := "Os Maximum Version value"
requestBody.SetOsMaximumVersion(&osMaximumVersion) 
mobileOsMinimumVersion := "Mobile Os Minimum Version value"
requestBody.SetMobileOsMinimumVersion(&mobileOsMinimumVersion) 
mobileOsMaximumVersion := "Mobile Os Maximum Version value"
requestBody.SetMobileOsMaximumVersion(&mobileOsMaximumVersion) 
earlyLaunchAntiMalwareDriverEnabled := true
requestBody.SetEarlyLaunchAntiMalwareDriverEnabled(&earlyLaunchAntiMalwareDriverEnabled) 
bitLockerEnabled := true
requestBody.SetBitLockerEnabled(&bitLockerEnabled) 
secureBootEnabled := true
requestBody.SetSecureBootEnabled(&secureBootEnabled) 
codeIntegrityEnabled := true
requestBody.SetCodeIntegrityEnabled(&codeIntegrityEnabled) 
storageRequireEncryption := true
requestBody.SetStorageRequireEncryption(&storageRequireEncryption) 

// To initialize your graphClient, see https://learn.microsoft.com/en-us/graph/sdks/create-client?from=snippets&tabs=go
deviceCompliancePolicies, err := graphClient.DeviceManagement().DeviceCompliancePolicies().Post(context.Background(), requestBody, nil)

For details about how to add the SDK to your project and create an authProvider instance, see the SDK documentation.

Java

// Code snippets are only available for the latest version. Current version is 6.x

GraphServiceClient graphClient = new GraphServiceClient(requestAdapter);

Windows10CompliancePolicy deviceCompliancePolicy = new Windows10CompliancePolicy();
deviceCompliancePolicy.setOdataType("#microsoft.graph.windows10CompliancePolicy");
deviceCompliancePolicy.setDescription("Description value");
deviceCompliancePolicy.setDisplayName("Display Name value");
deviceCompliancePolicy.setVersion(7);
deviceCompliancePolicy.setPasswordRequired(true);
deviceCompliancePolicy.setPasswordBlockSimple(true);
deviceCompliancePolicy.setPasswordRequiredToUnlockFromIdle(true);
deviceCompliancePolicy.setPasswordMinutesOfInactivityBeforeLock(5);
deviceCompliancePolicy.setPasswordExpirationDays(6);
deviceCompliancePolicy.setPasswordMinimumLength(5);
deviceCompliancePolicy.setPasswordMinimumCharacterSetCount(0);
deviceCompliancePolicy.setPasswordRequiredType(RequiredPasswordType.Alphanumeric);
deviceCompliancePolicy.setPasswordPreviousPasswordBlockCount(2);
deviceCompliancePolicy.setRequireHealthyDeviceReport(true);
deviceCompliancePolicy.setOsMinimumVersion("Os Minimum Version value");
deviceCompliancePolicy.setOsMaximumVersion("Os Maximum Version value");
deviceCompliancePolicy.setMobileOsMinimumVersion("Mobile Os Minimum Version value");
deviceCompliancePolicy.setMobileOsMaximumVersion("Mobile Os Maximum Version value");
deviceCompliancePolicy.setEarlyLaunchAntiMalwareDriverEnabled(true);
deviceCompliancePolicy.setBitLockerEnabled(true);
deviceCompliancePolicy.setSecureBootEnabled(true);
deviceCompliancePolicy.setCodeIntegrityEnabled(true);
deviceCompliancePolicy.setStorageRequireEncryption(true);
DeviceCompliancePolicy result = graphClient.deviceManagement().deviceCompliancePolicies().post(deviceCompliancePolicy);

For details about how to add the SDK to your project and create an authProvider instance, see the SDK documentation.

JavaScript

const options = {
	authProvider,
};

const client = Client.init(options);

const deviceCompliancePolicy = {
  '@odata.type': '#microsoft.graph.windows10CompliancePolicy',
  description: 'Description value',
  displayName: 'Display Name value',
  version: 7,
  passwordRequired: true,
  passwordBlockSimple: true,
  passwordRequiredToUnlockFromIdle: true,
  passwordMinutesOfInactivityBeforeLock: 5,
  passwordExpirationDays: 6,
  passwordMinimumLength: 5,
  passwordMinimumCharacterSetCount: 0,
  passwordRequiredType: 'alphanumeric',
  passwordPreviousPasswordBlockCount: 2,
  requireHealthyDeviceReport: true,
  osMinimumVersion: 'Os Minimum Version value',
  osMaximumVersion: 'Os Maximum Version value',
  mobileOsMinimumVersion: 'Mobile Os Minimum Version value',
  mobileOsMaximumVersion: 'Mobile Os Maximum Version value',
  earlyLaunchAntiMalwareDriverEnabled: true,
  bitLockerEnabled: true,
  secureBootEnabled: true,
  codeIntegrityEnabled: true,
  storageRequireEncryption: true
};

await client.api('/deviceManagement/deviceCompliancePolicies')
	.post(deviceCompliancePolicy);

For details about how to add the SDK to your project and create an authProvider instance, see the SDK documentation.

PHP

<?php
use Microsoft\Graph\GraphServiceClient;
use Microsoft\Graph\Generated\Models\Windows10CompliancePolicy;
use Microsoft\Graph\Generated\Models\RequiredPasswordType;


$graphServiceClient = new GraphServiceClient($tokenRequestContext, $scopes);

$requestBody = new Windows10CompliancePolicy();
$requestBody->setOdataType('#microsoft.graph.windows10CompliancePolicy');
$requestBody->setDescription('Description value');
$requestBody->setDisplayName('Display Name value');
$requestBody->setVersion(7);
$requestBody->setPasswordRequired(true);
$requestBody->setPasswordBlockSimple(true);
$requestBody->setPasswordRequiredToUnlockFromIdle(true);
$requestBody->setPasswordMinutesOfInactivityBeforeLock(5);
$requestBody->setPasswordExpirationDays(6);
$requestBody->setPasswordMinimumLength(5);
$requestBody->setPasswordMinimumCharacterSetCount(0);
$requestBody->setPasswordRequiredType(new RequiredPasswordType('alphanumeric'));
$requestBody->setPasswordPreviousPasswordBlockCount(2);
$requestBody->setRequireHealthyDeviceReport(true);
$requestBody->setOsMinimumVersion('Os Minimum Version value');
$requestBody->setOsMaximumVersion('Os Maximum Version value');
$requestBody->setMobileOsMinimumVersion('Mobile Os Minimum Version value');
$requestBody->setMobileOsMaximumVersion('Mobile Os Maximum Version value');
$requestBody->setEarlyLaunchAntiMalwareDriverEnabled(true);
$requestBody->setBitLockerEnabled(true);
$requestBody->setSecureBootEnabled(true);
$requestBody->setCodeIntegrityEnabled(true);
$requestBody->setStorageRequireEncryption(true);

$result = $graphServiceClient->deviceManagement()->deviceCompliancePolicies()->post($requestBody)->wait();

For details about how to add the SDK to your project and create an authProvider instance, see the SDK documentation.

PowerShell

Import-Module Microsoft.Graph.DeviceManagement

$params = @{
	"@odata.type" = "#microsoft.graph.windows10CompliancePolicy"
	description = "Description value"
	displayName = "Display Name value"
	version = 7
	passwordRequired = $true
	passwordBlockSimple = $true
	passwordRequiredToUnlockFromIdle = $true
	passwordMinutesOfInactivityBeforeLock = 
	passwordExpirationDays = 
	passwordMinimumLength = 
	passwordMinimumCharacterSetCount = 
	passwordRequiredType = "alphanumeric"
	passwordPreviousPasswordBlockCount = 
	requireHealthyDeviceReport = $true
	osMinimumVersion = "Os Minimum Version value"
	osMaximumVersion = "Os Maximum Version value"
	mobileOsMinimumVersion = "Mobile Os Minimum Version value"
	mobileOsMaximumVersion = "Mobile Os Maximum Version value"
	earlyLaunchAntiMalwareDriverEnabled = $true
	bitLockerEnabled = $true
	secureBootEnabled = $true
	codeIntegrityEnabled = $true
	storageRequireEncryption = $true
}

New-MgDeviceManagementDeviceCompliancePolicy -BodyParameter $params

For details about how to add the SDK to your project and create an authProvider instance, see the SDK documentation.

Python

# Code snippets are only available for the latest version. Current version is 1.x
from msgraph import GraphServiceClient
from msgraph.generated.models.windows10_compliance_policy import Windows10CompliancePolicy
from msgraph.generated.models.required_password_type import RequiredPasswordType
# To initialize your graph_client, see https://learn.microsoft.com/en-us/graph/sdks/create-client?from=snippets&tabs=python
request_body = Windows10CompliancePolicy(
	odata_type = "#microsoft.graph.windows10CompliancePolicy",
	description = "Description value",
	display_name = "Display Name value",
	version = 7,
	password_required = True,
	password_block_simple = True,
	password_required_to_unlock_from_idle = True,
	password_minutes_of_inactivity_before_lock = 5,
	password_expiration_days = 6,
	password_minimum_length = 5,
	password_minimum_character_set_count = 0,
	password_required_type = RequiredPasswordType.Alphanumeric,
	password_previous_password_block_count = 2,
	require_healthy_device_report = True,
	os_minimum_version = "Os Minimum Version value",
	os_maximum_version = "Os Maximum Version value",
	mobile_os_minimum_version = "Mobile Os Minimum Version value",
	mobile_os_maximum_version = "Mobile Os Maximum Version value",
	early_launch_anti_malware_driver_enabled = True,
	bit_locker_enabled = True,
	secure_boot_enabled = True,
	code_integrity_enabled = True,
	storage_require_encryption = True,
)

result = await graph_client.device_management.device_compliance_policies.post(request_body)

For details about how to add the SDK to your project and create an authProvider instance, see the SDK documentation.

Response

Here is an example of the response. Note: The response object shown here may be truncated for brevity. All of the properties will be returned from an actual call.

HTTP/1.1 201 Created
Content-Type: application/json
Content-Length: 1126

{
  "@odata.type": "#microsoft.graph.windows10CompliancePolicy",
  "id": "2919ae62-ae62-2919-62ae-192962ae1929",
  "createdDateTime": "2017-01-01T00:02:43.5775965-08:00",
  "description": "Description value",
  "lastModifiedDateTime": "2017-01-01T00:00:35.1329464-08:00",
  "displayName": "Display Name value",
  "version": 7,
  "passwordRequired": true,
  "passwordBlockSimple": true,
  "passwordRequiredToUnlockFromIdle": true,
  "passwordMinutesOfInactivityBeforeLock": 5,
  "passwordExpirationDays": 6,
  "passwordMinimumLength": 5,
  "passwordMinimumCharacterSetCount": 0,
  "passwordRequiredType": "alphanumeric",
  "passwordPreviousPasswordBlockCount": 2,
  "requireHealthyDeviceReport": true,
  "osMinimumVersion": "Os Minimum Version value",
  "osMaximumVersion": "Os Maximum Version value",
  "mobileOsMinimumVersion": "Mobile Os Minimum Version value",
  "mobileOsMaximumVersion": "Mobile Os Maximum Version value",
  "earlyLaunchAntiMalwareDriverEnabled": true,
  "bitLockerEnabled": true,
  "secureBootEnabled": true,
  "codeIntegrityEnabled": true,
  "storageRequireEncryption": true
}