windowsInformationProtection resource type

Note: Using the Microsoft Graph APIs to configure Intune controls and policies still requires that the Intune service is correctly licensed by the customer.

Policy for Windows information protection to configure detailed management settings

Inherits from managedAppPolicy

Methods

Method Return Type Description
List windowsInformationProtections windowsInformationProtection collection List properties and relationships of the windowsInformationProtection objects.
Get windowsInformationProtection windowsInformationProtection Read properties and relationships of the windowsInformationProtection object.
updateTargetedSecurityGroups action None Not yet documented
List mobileAppIdentifierDeployments mobileAppIdentifierDeployment collection Get the mobileAppIdentifierDeployments from the mobileAppIdentifierDeployments navigation property.
Get managedAppPolicyDeploymentSummary managedAppPolicyDeploymentSummary Get the managedAppPolicyDeploymentSummary from the deploymentSummary navigation property.
List windowsInformationProtectionAppLockerFiles windowsInformationProtectionAppLockerFile collection Get the windowsInformationProtectionAppLockerFiles from the allowedAppLockerFiles navigation property.
List windowsInformationProtectionAppLockerFiles windowsInformationProtectionAppLockerFile collection Get the windowsInformationProtectionAppLockerFiles from the exemptAppLockerFiles navigation property.

Properties

Property Type Description
displayName String Policy display name. Inherited from managedAppPolicy
description String The policy's description. Inherited from managedAppPolicy
createdDateTime DateTimeOffset The date and time the policy was created. Inherited from managedAppPolicy
lastModifiedDateTime DateTimeOffset Last time the policy was modified. Inherited from managedAppPolicy
lastModifiedTime DateTimeOffset DEPRECATED: Last time the policy was modified. Inherited from managedAppPolicy
deployedAppCount Int32 Count of apps to which the current policy is deployed. Inherited from managedAppPolicy
id String Key of the entity. Inherited from managedAppPolicy
version String Version of the entity. Inherited from managedAppPolicy
enforcementLevel String WIP enforcement level.See the Enum definition for supported values Possible values are: noProtection, encryptAndAuditOnly, encryptAuditAndPrompt, encryptAuditAndBlock.
enterpriseDomain String Primary enterprise domain
enterpriseProtectedDomainNames windowsInformationProtectionResourceCollection collection List of enterprise domains to be protected
protectionUnderLockConfigRequired Boolean Specifies whether the protection under lock feature (also known as encrypt under pin) should be configured
dataRecoveryCertificate windowsInformationProtectionDataRecoveryCertificate Specifies a recovery certificate that can be used for data recovery of encrypted files. This is the same as the data recovery agent(DRA) certificate for encrypting file system(EFS)
revokeOnUnenrollDisabled Boolean This policy controls whether to revoke the WIP keys when a device unenrolls from the management service. If set to 1 (Don't revoke keys), the keys will not be revoked and the user will continue to have access to protected files after unenrollment. If the keys are not revoked, there will be no revoked file cleanup subsequently.
rightsManagementServicesTemplateId Guid TemplateID GUID to use for RMS encryption. The RMS template allows the IT admin to configure the details about who has access to RMS-protected file and how long they have access
azureRightsManagementServicesAllowed Boolean Specifies whether to allow Azure RMS encryption for WIP
iconsVisible Boolean Determines whether overlays are added to icons for WIP protected files in Explorer and enterprise only app tiles in the Start menu. Starting in Windows 10, version 1703 this setting also configures the visibility of the WIP icon in the title bar of a WIP-protected app
allowedApps windowsInformationProtectionApp collection Allowed applications can access enterprise data and the data handled by those applications are protected with encryption
exemptApps windowsInformationProtectionApp collection Exempt applications can also access enterprise data, but the data handled by those applications are not protected. This is because some critical enterprise applications may have compatibility problems with encrypted data.
enterpriseNetworkDomainNames windowsInformationProtectionResourceCollection collection This is the list of domains that comprise the boundaries of the enterprise. Data from one of these domains that is sent to a device will be considered enterprise data and protected These locations will be considered a safe destination for enterprise data to be shared to
enterpriseCloudResources windowsInformationProtectionCloudResourceCollection collection Contains a list of Enterprise resource domains hosted in the cloud that need to be protected. Connections to these resources are considered enterprise data. If a proxy is paired with a cloud resource, traffic to the cloud resource will be routed through the enterprise network via the denoted proxy server (on Port 80). A proxy server used for this purpose must also be configured using the EnterpriseInternalProxyServers policy
enterpriseIPRanges windowsInformationProtectionIPRangeCollection collection Sets the enterprise IP ranges that define the computers in the enterprise network. Data that comes from those computers will be considered part of the enterprise and protected. These locations will be considered a safe destination for enterprise data to be shared to
enterpriseIPRangesAreAuthoritative Boolean Boolean value that tells the client to accept the configured list and not to use heuristics to attempt to find other subnets. Default is false
enterpriseProxyServers windowsInformationProtectionResourceCollection collection This is a list of proxy servers. Any server not on this list is considered non-enterprise
enterpriseInternalProxyServers windowsInformationProtectionResourceCollection collection This is the comma-separated list of internal proxy servers. For example, "157.54.14.28, 157.54.11.118, 10.202.14.167, 157.53.14.163, 157.69.210.59". These proxies have been configured by the admin to connect to specific resources on the Internet. They are considered to be enterprise network locations. The proxies are only leveraged in configuring the EnterpriseCloudResources policy to force traffic to the matched cloud resources through these proxies
enterpriseProxyServersAreAuthoritative Boolean Boolean value that tells the client to accept the configured list of proxies and not try to detect other work proxies. Default is false
neutralDomainResources windowsInformationProtectionResourceCollection collection List of domain names that can used for work or personal resource
targetedSecurityGroupIds String collection List of security group IDs to which the configuration is deployed

Relationships

Relationship Type Description
mobileAppIdentifierDeployments mobileAppIdentifierDeployment collection List of apps to which the policy is deployed. Inherited from managedAppPolicy
deploymentSummary managedAppPolicyDeploymentSummary Navigation property to deployment summary of the configuration. Inherited from managedAppPolicy
allowedAppLockerFiles windowsInformationProtectionAppLockerFile collection Another way to input allowed and apps through xml files
exemptAppLockerFiles windowsInformationProtectionAppLockerFile collection Another way to input exempt apps through xml files

JSON Representation

Here is a JSON representation of the resource.

{
  "@odata.type": "#microsoft.graph.windowsInformationProtection",
  "displayName": "String",
  "description": "String",
  "createdDateTime": "String (timestamp)",
  "lastModifiedDateTime": "String (timestamp)",
  "lastModifiedTime": "String (timestamp)",
  "deployedAppCount": 1024,
  "id": "String (identifier)",
  "version": "String",
  "enforcementLevel": "String",
  "enterpriseDomain": "String",
  "enterpriseProtectedDomainNames": [
    {
      "@odata.type": "microsoft.graph.windowsInformationProtectionResourceCollection",
      "displayName": "String",
      "resources": [
        "String"
      ]
    }
  ],
  "protectionUnderLockConfigRequired": true,
  "dataRecoveryCertificate": {
    "@odata.type": "microsoft.graph.windowsInformationProtectionDataRecoveryCertificate",
    "subjectName": "String",
    "description": "String",
    "expirationDateTime": "String (timestamp)",
    "certificate": "binary"
  },
  "revokeOnUnenrollDisabled": true,
  "rightsManagementServicesTemplateId": "<Unknown Primitive Type Edm.Guid>",
  "azureRightsManagementServicesAllowed": true,
  "iconsVisible": true,
  "allowedApps": [
    {
      "@odata.type": "microsoft.graph.windowsInformationProtectionStoreApp",
      "displayName": "String",
      "description": "String",
      "publisherName": "String",
      "productName": "String"
    }
  ],
  "exemptApps": [
    {
      "@odata.type": "microsoft.graph.windowsInformationProtectionStoreApp",
      "displayName": "String",
      "description": "String",
      "publisherName": "String",
      "productName": "String"
    }
  ],
  "enterpriseNetworkDomainNames": [
    {
      "@odata.type": "microsoft.graph.windowsInformationProtectionResourceCollection",
      "displayName": "String",
      "resources": [
        "String"
      ]
    }
  ],
  "enterpriseCloudResources": [
    {
      "@odata.type": "microsoft.graph.windowsInformationProtectionCloudResourceCollection",
      "displayName": "String",
      "resources": [
        {
          "@odata.type": "microsoft.graph.windowsInformationProtectionCloudResource",
          "ipAddressOrFQDN": "String",
          "proxy": "String"
        }
      ]
    }
  ],
  "enterpriseIPRanges": [
    {
      "@odata.type": "microsoft.graph.windowsInformationProtectionIPRangeCollection",
      "displayName": "String",
      "ranges": [
        {
          "@odata.type": "microsoft.graph.iPv6Range",
          "lowerAddress": "String",
          "upperAddress": "String"
        }
      ]
    }
  ],
  "enterpriseIPRangesAreAuthoritative": true,
  "enterpriseProxyServers": [
    {
      "@odata.type": "microsoft.graph.windowsInformationProtectionResourceCollection",
      "displayName": "String",
      "resources": [
        "String"
      ]
    }
  ],
  "enterpriseInternalProxyServers": [
    {
      "@odata.type": "microsoft.graph.windowsInformationProtectionResourceCollection",
      "displayName": "String",
      "resources": [
        "String"
      ]
    }
  ],
  "enterpriseProxyServersAreAuthoritative": true,
  "neutralDomainResources": [
    {
      "@odata.type": "microsoft.graph.windowsInformationProtectionResourceCollection",
      "displayName": "String",
      "resources": [
        "String"
      ]
    }
  ],
  "targetedSecurityGroupIds": [
    "String"
  ]
}