Requirements
- Target platform
- OpenClaw
- Install method
- Manual import
- Extraction
- Extract archive
- Prerequisites
- OpenClaw
- Primary doc
- SKILL.md
Tencent SkillHub · Developer Tools
Openclaw Intune Skill
A comprehensive skill enabling OpenClaw agents to fully manage Microsoft Intune via the Graph API. Covers devices, apps, policies, compliance, users, groups,...
skill openclawclawhub Free
A comprehensive skill enabling OpenClaw agents to fully manage Microsoft Intune via the Graph API. Covers devices, apps, policies, compliance, users, groups,...
⬇ 0 downloads ★ 0 stars Unverified but indexed
Install for OpenClaw
Quick setup
- Download the package from Yavira.
- Extract the archive and review SKILL.md first.
- Import or place the package into your OpenClaw setup.
Package facts
- Download mode
- Yavira redirect
- Package format
- ZIP package
- Source platform
- Tencent SkillHub
- What's included
- README.md, SKILL.md
Validation
- Use the Yavira download entry.
- Review SKILL.md after the package is downloaded.
- Confirm the extracted package contains the expected setup assets.
Install with your agent
Agent handoff
Hand the extracted package to your coding agent with a concrete install brief instead of figuring it out manually.
- Download the package from Yavira.
- Extract it into a folder your agent can access.
- Paste one of the prompts below and point your agent at the extracted folder.
New install
I downloaded a skill package from Yavira. Read SKILL.md from the extracted folder and install it by following the included instructions. Then review README.md for any prerequisites, environment setup, or post-install checks. Tell me what you changed and call out any manual steps you could not complete.
Upgrade existing
I downloaded an updated skill package from Yavira. Read SKILL.md from the extracted folder, compare it with my current installation, and upgrade it while preserving any custom configuration unless the package docs explicitly say otherwise. Then review README.md for any prerequisites, environment setup, or post-install checks. Summarize what changed and any follow-up checks I should run.
Trust & source
Release facts
- Source
- Tencent SkillHub
- Verification
- Indexed source record
- Version
- 1.0.1
Provenance
- Publisher
- MattiaCirillo
- Source page
- View original listing
- Canonical URL
- Open canonical page
Documentation
Microsoft Intune – Complete Management Skill
This skill gives the agent full control over Microsoft Intune via the Microsoft Graph API. It covers device management, application deployment, compliance & configuration policies, user & group management, Autopilot, PowerShell scripts, reporting, and all remote device actions.
🔑 Authentication
Before ANY Intune operation, the agent MUST obtain an OAuth 2.0 access token. The following environment variables must be configured: INTUNE_TENANT_ID – Microsoft 365 Tenant ID INTUNE_CLIENT_ID – Entra ID App Registration Client ID INTUNE_CLIENT_SECRET – Entra ID App Registration Secret
Token Request
POST https://login.microsoftonline.com/{INTUNE_TENANT_ID}/oauth2/v2.0/token Body (x-www-form-urlencoded): client_id={INTUNE_CLIENT_ID} &scope=https://graph.microsoft.com/.default &client_secret={INTUNE_CLIENT_SECRET} &grant_type=client_credentials Extract access_token from the JSON response. Use it as: Authorization: Bearer <access_token>
Required API Permissions (App Registration)
The Entra ID App Registration needs the following Microsoft Graph Application permissions: DeviceManagementManagedDevices.ReadWrite.All DeviceManagementConfiguration.ReadWrite.All DeviceManagementApps.ReadWrite.All DeviceManagementServiceConfig.ReadWrite.All DeviceManagementRBAC.ReadWrite.All Directory.Read.All User.Read.All Group.ReadWrite.All GroupMember.ReadWrite.All
🛡️ Safety Rules (CRITICAL)
Read operations (GET): Always safe. Execute without confirmation. Sync/Restart operations: Ask for confirmation: "Soll ich Gerät X wirklich syncen/neustarten?" Destructive operations (Wipe, Retire, Delete): ALWAYS require explicit confirmation. Say: "⚠️ Achtung: Das löscht alle Daten auf dem Gerät. Bist du sicher?" Policy creation/modification: Confirm before applying: "Soll ich diese Policy wirklich erstellen/ändern?" Never dump raw JSON to the user. Always format output as readable Markdown tables or summaries. Error handling: If an API call returns an error, explain the error in simple German and suggest a fix.
1.1 List All Managed Devices
GET https://graph.microsoft.com/v1.0/deviceManagement/managedDevices Use $select to limit fields: ?$select=deviceName,operatingSystem,complianceState,lastSyncDateTime,userPrincipalName Present results as a table: | Gerätename | OS | Compliance | Letzter Sync | Benutzer |
1.2 Search for a Specific Device
GET https://graph.microsoft.com/v1.0/deviceManagement/managedDevices?$filter=deviceName eq '{deviceName}' Alternative search by user: ?$filter=userPrincipalName eq '{user@domain.com}'
1.3 Get Device Details
GET https://graph.microsoft.com/v1.0/deviceManagement/managedDevices/{managedDeviceId} Show: Device name, Serial number, OS version, Compliance state, Encryption status, Last sync, Enrolled date, Primary user.
1.4 Remote Actions on a Device
Sync Device POST https://graph.microsoft.com/v1.0/deviceManagement/managedDevices/{managedDeviceId}/syncDevice Reboot Device POST https://graph.microsoft.com/v1.0/deviceManagement/managedDevices/{managedDeviceId}/rebootNow Lock Device (Remote Lock) POST https://graph.microsoft.com/v1.0/deviceManagement/managedDevices/{managedDeviceId}/remoteLock Reset Passcode POST https://graph.microsoft.com/v1.0/deviceManagement/managedDevices/{managedDeviceId}/resetPasscode Locate Device (Lost Mode – iOS/Android) POST https://graph.microsoft.com/v1.0/deviceManagement/managedDevices/{managedDeviceId}/locateDevice Retire Device (Remove Company Data Only) POST https://graph.microsoft.com/v1.0/deviceManagement/managedDevices/{managedDeviceId}/retire ⚠️ SAFETY: Requires explicit user confirmation! Wipe Device (Factory Reset) POST https://graph.microsoft.com/v1.0/deviceManagement/managedDevices/{managedDeviceId}/wipe ⚠️ SAFETY: ALWAYS ask twice! This deletes ALL data! Delete Device from Intune DELETE https://graph.microsoft.com/v1.0/deviceManagement/managedDevices/{managedDeviceId} ⚠️ SAFETY: Requires explicit user confirmation! Rename Device POST https://graph.microsoft.com/v1.0/deviceManagement/managedDevices/{managedDeviceId}/setDeviceName Body: {"deviceName": "NEW-NAME"} Enable/Disable Lost Mode (iOS supervised) POST https://graph.microsoft.com/v1.0/deviceManagement/managedDevices/{managedDeviceId}/enableLostMode Body: {"message": "Dieses Gerät wurde als verloren gemeldet.", "phoneNumber": "+49...", "footer": "Kaffee & Code IT"} POST https://graph.microsoft.com/v1.0/deviceManagement/managedDevices/{managedDeviceId}/disableLostMode
2.1 List All Compliance Policies
GET https://graph.microsoft.com/v1.0/deviceManagement/deviceCompliancePolicies Present as: | Policy Name | Platform | Created | Last Modified |
2.2 Get Compliance Policy Details
GET https://graph.microsoft.com/v1.0/deviceManagement/deviceCompliancePolicies/{policyId}
2.3 Get Compliance Policy Assignments
GET https://graph.microsoft.com/v1.0/deviceManagement/deviceCompliancePolicies/{policyId}/assignments
2.4 Get Device Compliance Status per Policy
GET https://graph.microsoft.com/v1.0/deviceManagement/deviceCompliancePolicies/{policyId}/deviceStatuses
2.5 Create a Compliance Policy
POST https://graph.microsoft.com/v1.0/deviceManagement/deviceCompliancePolicies ⚠️ SAFETY: Confirm before creating.
2.6 Delete a Compliance Policy
DELETE https://graph.microsoft.com/v1.0/deviceManagement/deviceCompliancePolicies/{policyId} ⚠️ SAFETY: Requires explicit user confirmation!
3.1 List Configuration Policies (Recommended API)
GET https://graph.microsoft.com/v1.0/deviceManagement/configurationPolicies This is the modern, recommended endpoint covering Endpoint Security, Administrative Templates, and Settings Catalog.
3.2 List Legacy Device Configuration Profiles
GET https://graph.microsoft.com/v1.0/deviceManagement/deviceConfigurations
3.3 Get Configuration Policy Details
GET https://graph.microsoft.com/v1.0/deviceManagement/configurationPolicies/{policyId}
3.4 Get Policy Settings
GET https://graph.microsoft.com/v1.0/deviceManagement/configurationPolicies/{policyId}/settings
3.5 Get Policy Assignments
GET https://graph.microsoft.com/v1.0/deviceManagement/configurationPolicies/{policyId}/assignments
3.6 Get Device Status per Config Profile
GET https://graph.microsoft.com/v1.0/deviceManagement/deviceConfigurations/{configId}/deviceStatuses
3.7 Create Configuration Policy
POST https://graph.microsoft.com/v1.0/deviceManagement/configurationPolicies ⚠️ SAFETY: Confirm before creating.
3.8 Delete Configuration Policy
DELETE https://graph.microsoft.com/v1.0/deviceManagement/configurationPolicies/{policyId} ⚠️ SAFETY: Requires explicit user confirmation!
4.1 List All Apps
GET https://graph.microsoft.com/v1.0/deviceAppManagement/mobileApps Present as: | App Name | Type | Publisher | Created |
4.2 Get App Details
GET https://graph.microsoft.com/v1.0/deviceAppManagement/mobileApps/{appId}
4.3 Get App Assignments (Who gets the app?)
GET https://graph.microsoft.com/v1.0/deviceAppManagement/mobileApps/{appId}/assignments
4.4 List App Configuration Policies
GET https://graph.microsoft.com/v1.0/deviceAppManagement/managedAppPolicies
4.5 List App Protection Policies (MAM)
GET https://graph.microsoft.com/v1.0/deviceAppManagement/managedAppRegistrations
4.6 Assign App to a Group
POST https://graph.microsoft.com/v1.0/deviceAppManagement/mobileApps/{appId}/assignments ⚠️ SAFETY: Confirm before assigning.
4.7 List Detected Apps on Devices
GET https://graph.microsoft.com/v1.0/deviceManagement/detectedApps
4.8 Get Devices with a Specific Detected App
GET https://graph.microsoft.com/v1.0/deviceManagement/detectedApps/{detectedAppId}/managedDevices
5.1 List Security Baselines
GET https://graph.microsoft.com/beta/deviceManagement/configurationPolicies?$filter=templateReference/templateFamily eq 'baseline'
5.2 List Disk Encryption Policies (BitLocker/FileVault)
GET https://graph.microsoft.com/beta/deviceManagement/configurationPolicies?$filter=templateReference/templateFamily eq 'endpointSecurityDiskEncryption'
5.3 List Firewall Policies
GET https://graph.microsoft.com/beta/deviceManagement/configurationPolicies?$filter=templateReference/templateFamily eq 'endpointSecurityFirewall'
5.4 List Antivirus Policies (Defender)
GET https://graph.microsoft.com/beta/deviceManagement/configurationPolicies?$filter=templateReference/templateFamily eq 'endpointSecurityAntivirus'
5.5 List Attack Surface Reduction Rules
GET https://graph.microsoft.com/beta/deviceManagement/configurationPolicies?$filter=templateReference/templateFamily eq 'endpointSecurityAttackSurfaceReduction'
6.1 List Autopilot Devices
GET https://graph.microsoft.com/v1.0/deviceManagement/windowsAutopilotDeviceIdentities Present as: | Serial Number | Model | Group Tag | Enrollment State | Last Seen |
6.2 Get Autopilot Device Details
GET https://graph.microsoft.com/v1.0/deviceManagement/windowsAutopilotDeviceIdentities/{id}
6.3 List Autopilot Deployment Profiles
GET https://graph.microsoft.com/v1.0/deviceManagement/windowsAutopilotDeploymentProfiles
6.4 Assign Autopilot Profile
POST https://graph.microsoft.com/v1.0/deviceManagement/windowsAutopilotDeviceIdentities/{id}/assignUserToDevice Body: {"userPrincipalName": "user@domain.com"}
6.5 Delete Autopilot Device
DELETE https://graph.microsoft.com/v1.0/deviceManagement/windowsAutopilotDeviceIdentities/{id} ⚠️ SAFETY: Requires explicit user confirmation!
7.1 List Device Management Scripts
GET https://graph.microsoft.com/beta/deviceManagement/deviceManagementScripts
7.2 Get Script Details
GET https://graph.microsoft.com/beta/deviceManagement/deviceManagementScripts/{scriptId}
7.3 Get Script Execution Status per Device
GET https://graph.microsoft.com/beta/deviceManagement/deviceManagementScripts/{scriptId}/deviceRunStates
7.4 Create/Upload a PowerShell Script
POST https://graph.microsoft.com/beta/deviceManagement/deviceManagementScripts Body must include scriptContent as Base64-encoded string. ⚠️ SAFETY: Confirm before uploading. Show the script content to the user first.
7.5 List Proactive Remediations (Health Scripts)
GET https://graph.microsoft.com/beta/deviceManagement/deviceHealthScripts
7.6 Get Remediation Script Execution Results
GET https://graph.microsoft.com/beta/deviceManagement/deviceHealthScripts/{scriptId}/deviceRunStates
8.1 List Users
GET https://graph.microsoft.com/v1.0/users?$select=displayName,userPrincipalName,accountEnabled,jobTitle
8.2 Search User
GET https://graph.microsoft.com/v1.0/users?$filter=startsWith(displayName,'{name}')
8.3 Get User Details
GET https://graph.microsoft.com/v1.0/users/{userId}
8.4 List Groups
GET https://graph.microsoft.com/v1.0/groups?$select=displayName,description,groupTypes,membershipRule
8.5 Get Group Members
GET https://graph.microsoft.com/v1.0/groups/{groupId}/members
8.6 Add User to Group
POST https://graph.microsoft.com/v1.0/groups/{groupId}/members/$ref Body: {"@odata.id": "https://graph.microsoft.com/v1.0/directoryObjects/{userId}"} ⚠️ SAFETY: Confirm before adding.
8.7 Remove User from Group
DELETE https://graph.microsoft.com/v1.0/groups/{groupId}/members/{userId}/$ref ⚠️ SAFETY: Confirm before removing.
8.8 List Devices for a User
GET https://graph.microsoft.com/v1.0/users/{userId}/managedDevices
9.1 Device Compliance Summary
GET https://graph.microsoft.com/v1.0/deviceManagement/managedDevices?$select=complianceState Agent should calculate: X compliant, Y non-compliant, Z in-grace-period, and present as summary + table.
9.2 OS Distribution Summary
GET https://graph.microsoft.com/v1.0/deviceManagement/managedDevices?$select=operatingSystem Agent should group by OS and present: "42 Windows, 15 iOS, 8 Android, 3 macOS"
9.3 Stale Devices (Not synced recently)
GET https://graph.microsoft.com/v1.0/deviceManagement/managedDevices?$filter=lastSyncDateTime lt {30_days_ago}&$select=deviceName,lastSyncDateTime,userPrincipalName Agent should calculate the date for 30 days ago automatically.
9.4 Non-Compliant Devices Report
GET https://graph.microsoft.com/v1.0/deviceManagement/managedDevices?$filter=complianceState eq 'noncompliant'&$select=deviceName,complianceState,userPrincipalName,operatingSystem
9.5 Export Report Job
POST https://graph.microsoft.com/beta/deviceManagement/reports/exportJobs Body: {"reportName": "Devices", "filter": "", "select": ["DeviceName","OS","ComplianceState"]}
10.1 List Device Categories
GET https://graph.microsoft.com/v1.0/deviceManagement/deviceCategories
10.2 Create Device Category
POST https://graph.microsoft.com/v1.0/deviceManagement/deviceCategories Body: {"displayName": "Kategoriename", "description": "Beschreibung"}
10.3 Set Device Category on a Device
PUT https://graph.microsoft.com/v1.0/deviceManagement/managedDevices/{deviceId}/deviceCategory/$ref
10.4 List Enrollment Restrictions
GET https://graph.microsoft.com/v1.0/deviceManagement/deviceEnrollmentConfigurations
11.1 List Intune Roles
GET https://graph.microsoft.com/v1.0/deviceManagement/roleDefinitions
11.2 List Role Assignments
GET https://graph.microsoft.com/v1.0/deviceManagement/roleAssignments
11.3 Get Role Details
GET https://graph.microsoft.com/v1.0/deviceManagement/roleDefinitions/{roleId}
💡 Agent Response Guidelines
When the user asks a question, follow this logic: "Zeig mir alle Geräte" → Use 1.1, format as table. "Ist Gerät X compliant?" → Use 1.2 to find it, then check complianceState. "Sync Laptop von Max" → Use 1.2 to find managedDeviceId, then use 1.4 Sync. "Wie viele Geräte hab ich?" → Use 9.2, give OS distribution + total count. "Welche Geräte haben sich lange nicht gemeldet?" → Use 9.3. "Erstell mir eine Compliance Policy für Windows" → Use 2.5, ask for requirements first. "Welche Apps sind deployed?" → Use 4.1. "Füg User Max zur Gruppe IT-Geräte hinzu" → Use 8.2 to find user, 8.4 to find group, then 8.6. "Zeig mir den Status vom PowerShell Script XY" → Use 7.3. "Gib mir einen Compliance Report" → Use 9.1 + 9.4. "Zeig mir die Conditional Access Policies" → Use 12.1. "Welche WLAN-Profile sind deployed?" → Use 13.1. "Wie sind meine Windows Update Ringe konfiguriert?" → Use 14.1. "Wer hat letzte Woche was in Intune geändert?" → Use 17.1. "Kann Intune die Einstellung XY konfigurieren?" → Use 18.1 Settings Catalog search. "Zeig mir alle Autopilot-Geräte ohne zugewiesenes Profil" → Use 6.1 + filter.
12.1 List Conditional Access Policies
GET https://graph.microsoft.com/v1.0/identity/conditionalAccess/policies Present as: | Policy Name | State (enabled/disabled/report) | Conditions | Grant Controls |
12.2 Get Conditional Access Policy Details
GET https://graph.microsoft.com/v1.0/identity/conditionalAccess/policies/{policyId}
12.3 Create Conditional Access Policy
POST https://graph.microsoft.com/v1.0/identity/conditionalAccess/policies ⚠️ SAFETY: Always confirm before creating. Show the user a summary of what the policy will do first. 💡 TIP: Recommend creating in "reportOnly" state first for testing.
12.4 Update Conditional Access Policy
PATCH https://graph.microsoft.com/v1.0/identity/conditionalAccess/policies/{policyId} ⚠️ SAFETY: Confirm before modifying. Explain what will change.
12.5 Delete Conditional Access Policy
DELETE https://graph.microsoft.com/v1.0/identity/conditionalAccess/policies/{policyId} ⚠️ SAFETY: Requires explicit user confirmation!
12.6 List Named Locations (Trusted IPs / Countries)
GET https://graph.microsoft.com/v1.0/identity/conditionalAccess/namedLocations
12.7 Create Named Location
POST https://graph.microsoft.com/v1.0/identity/conditionalAccess/namedLocations Example IP-based: { "@odata.type": "#microsoft.graph.ipNamedLocation", "displayName": "Büro-Netzwerk", "isTrusted": true, "ipRanges": [{"@odata.type": "#microsoft.graph.iPv4CidrRange", "cidrAddress": "192.168.1.0/24"}] }
12.8 List Authentication Strengths
GET https://graph.microsoft.com/v1.0/identity/conditionalAccess/authenticationStrength/policies
13.1 List WLAN Profiles
GET https://graph.microsoft.com/v1.0/deviceManagement/deviceConfigurations?$filter=isof('microsoft.graph.windowsWifiConfiguration') or isof('microsoft.graph.iosWiFiConfiguration') or isof('microsoft.graph.androidWorkProfileWiFiConfiguration') Alternative (all configs, then filter by odata.type for Wi-Fi): GET https://graph.microsoft.com/v1.0/deviceManagement/deviceConfigurations Agent should filter results where @odata.type contains WiFi or wifi.
13.2 List VPN Profiles
GET https://graph.microsoft.com/v1.0/deviceManagement/deviceConfigurations Agent should filter results where @odata.type contains Vpn or vpn.
13.3 Get WLAN/VPN Profile Details
GET https://graph.microsoft.com/v1.0/deviceManagement/deviceConfigurations/{configId}
13.4 Get WLAN/VPN Profile Assignment
GET https://graph.microsoft.com/v1.0/deviceManagement/deviceConfigurations/{configId}/assignments
13.5 List SCEP Certificate Profiles
GET https://graph.microsoft.com/v1.0/deviceManagement/deviceConfigurations Agent should filter results where @odata.type contains Scep or Certificate.
13.6 List PKCS Certificate Profiles
Same endpoint, filter for Pkcs in @odata.type.
13.7 List Trusted Root Certificate Profiles
Same endpoint, filter for TrustedRootCertificate in @odata.type.
14.1 List Windows Update Rings
GET https://graph.microsoft.com/v1.0/deviceManagement/deviceConfigurations?$filter=isof('microsoft.graph.windowsUpdateForBusinessConfiguration') Present as: | Ring Name | Deferral (Days) | Quality Updates | Feature Updates | Assigned To |
14.2 Get Update Ring Details
GET https://graph.microsoft.com/v1.0/deviceManagement/deviceConfigurations/{ringId}
14.3 List Feature Update Profiles
GET https://graph.microsoft.com/beta/deviceManagement/windowsFeatureUpdateProfiles
14.4 Get Feature Update Profile Details
GET https://graph.microsoft.com/beta/deviceManagement/windowsFeatureUpdateProfiles/{profileId}
14.5 Get Feature Update Deployment State per Device
GET https://graph.microsoft.com/beta/deviceManagement/windowsFeatureUpdateProfiles/{profileId}/deviceUpdateStates
14.6 List Driver Update Profiles
GET https://graph.microsoft.com/beta/deviceManagement/windowsDriverUpdateProfiles
14.7 Get Driver Update Profile Details
GET https://graph.microsoft.com/beta/deviceManagement/windowsDriverUpdateProfiles/{profileId}
14.8 List Quality Update Profiles (Expedited Updates)
GET https://graph.microsoft.com/beta/deviceManagement/windowsQualityUpdateProfiles
14.9 Pause/Resume an Update Ring
POST https://graph.microsoft.com/beta/deviceManagement/deviceConfigurations/{ringId}/windowsUpdateForBusinessConfiguration/pause POST https://graph.microsoft.com/beta/deviceManagement/deviceConfigurations/{ringId}/windowsUpdateForBusinessConfiguration/resume ⚠️ SAFETY: Confirm before pausing/resuming.
15.1 List Apple DEP/ADE Enrollment Profiles
GET https://graph.microsoft.com/beta/deviceManagement/depOnboardingSettings
15.2 List Apple DEP Tokens
GET https://graph.microsoft.com/beta/deviceManagement/depOnboardingSettings/{depId}/enrollmentProfiles
15.3 List Apple Push Notification Certificate Info
GET https://graph.microsoft.com/v1.0/deviceManagement/applePushNotificationCertificate Shows: Expiration date, Subject, Certificate serial number. 💡 Agent should proactively warn if certificate expires within 30 days!
15.4 List VPP Tokens (Volume Purchase Program)
GET https://graph.microsoft.com/beta/deviceManagement/vppTokens
15.5 List iOS/macOS Managed App Configurations
GET https://graph.microsoft.com/v1.0/deviceAppManagement/managedAppPolicies Filter for iOS/macOS types.
15.6 Activation Lock Bypass (iOS Supervised)
POST https://graph.microsoft.com/v1.0/deviceManagement/managedDevices/{managedDeviceId}/bypassActivationLock ⚠️ SAFETY: Requires explicit user confirmation!
16.1 List Android Managed Store Apps
GET https://graph.microsoft.com/beta/deviceManagement/androidManagedStoreAccountEnterpriseSettings
16.2 List Android Enrollment Profiles
GET https://graph.microsoft.com/beta/deviceManagement/androidDeviceOwnerEnrollmentProfiles
16.3 Get Android Enterprise Binding Status
GET https://graph.microsoft.com/beta/deviceManagement/androidManagedStoreAccountEnterpriseSettings Shows if Android Enterprise (Work Profile / Fully Managed / Dedicated) is connected.
16.4 List Android App Protection Policies
GET https://graph.microsoft.com/v1.0/deviceAppManagement/androidManagedAppProtections
17.1 List Intune Audit Events
GET https://graph.microsoft.com/v1.0/deviceManagement/auditEvents Present as: | Date | Activity | Actor (who) | Target | Result |
17.2 Filter Audit Events by Date Range
GET https://graph.microsoft.com/v1.0/deviceManagement/auditEvents?$filter=activityDateTime gt {startDate} and activityDateTime lt {endDate} Agent should calculate the date range based on user request (e.g., "letzte Woche" → last 7 days).
17.3 Filter Audit Events by User
GET https://graph.microsoft.com/v1.0/deviceManagement/auditEvents?$filter=actor/userPrincipalName eq '{user@domain.com}'
17.4 Get Audit Event Details
GET https://graph.microsoft.com/v1.0/deviceManagement/auditEvents/{auditEventId}
17.5 List Directory Audit Logs (Entra ID level)
GET https://graph.microsoft.com/v1.0/auditLogs/directoryAudits?$filter=category eq 'Device'
17.6 List Sign-In Logs
GET https://graph.microsoft.com/v1.0/auditLogs/signIns?$filter=appDisplayName eq 'Microsoft Intune'
18.1 Search Settings Catalog
GET https://graph.microsoft.com/beta/deviceManagement/configurationSettings?$search="{searchTerm}" This is extremely useful when the user asks: "Can Intune configure setting X?" or "Hat Intune eine Einstellung für Bildschirmschoner?"
18.2 List Group Policy Migration Reports
GET https://graph.microsoft.com/beta/deviceManagement/groupPolicyMigrationReports Use this when the user asks about migrating from on-premises GPO to Intune.
18.3 Get Migration Report Details
GET https://graph.microsoft.com/beta/deviceManagement/groupPolicyMigrationReports/{reportId} Shows: Which GPO settings are supported in Intune, which are not, and recommended alternatives.
18.4 List Group Policy Uploaded Definition Files
GET https://graph.microsoft.com/beta/deviceManagement/groupPolicyUploadedDefinitionFiles
19.1 List Terms & Conditions
GET https://graph.microsoft.com/v1.0/deviceManagement/termsAndConditions
19.2 Get Terms & Conditions Details
GET https://graph.microsoft.com/v1.0/deviceManagement/termsAndConditions/{termsId}
19.3 Get Terms Acceptance Status
GET https://graph.microsoft.com/v1.0/deviceManagement/termsAndConditions/{termsId}/acceptanceStatuses Shows which users have accepted which version.
19.4 Create Terms & Conditions
POST https://graph.microsoft.com/v1.0/deviceManagement/termsAndConditions ⚠️ SAFETY: Confirm before creating.
19.5 List Notification Message Templates
GET https://graph.microsoft.com/v1.0/deviceManagement/notificationMessageTemplates
19.6 Create Notification Template (Non-Compliance Email)
POST https://graph.microsoft.com/v1.0/deviceManagement/notificationMessageTemplates ⚠️ SAFETY: Confirm before creating.
19.7 Send Test Notification
POST https://graph.microsoft.com/v1.0/deviceManagement/notificationMessageTemplates/{templateId}/sendTestMessage
20.1 List iOS App Protection Policies
GET https://graph.microsoft.com/v1.0/deviceAppManagement/iosManagedAppProtections
20.2 List Android App Protection Policies
GET https://graph.microsoft.com/v1.0/deviceAppManagement/androidManagedAppProtections
20.3 List Windows Information Protection Policies
GET https://graph.microsoft.com/v1.0/deviceAppManagement/windowsInformationProtectionPolicies
20.4 Get App Protection Policy Details
GET https://graph.microsoft.com/v1.0/deviceAppManagement/iosManagedAppProtections/{policyId} or GET https://graph.microsoft.com/v1.0/deviceAppManagement/androidManagedAppProtections/{policyId}
20.5 Get App Protection Status per User
GET https://graph.microsoft.com/v1.0/deviceAppManagement/managedAppRegistrations?$filter=userId eq '{userId}'
20.6 Create App Protection Policy
POST https://graph.microsoft.com/v1.0/deviceAppManagement/iosManagedAppProtections or POST https://graph.microsoft.com/v1.0/deviceAppManagement/androidManagedAppProtections ⚠️ SAFETY: Confirm before creating. Show policy summary first.
21.1 List All Enrollment Configurations
GET https://graph.microsoft.com/v1.0/deviceManagement/deviceEnrollmentConfigurations Includes: Device Limit Restrictions, Platform Restrictions, Enrollment Status Page (ESP), Windows Hello for Business.
21.2 Get Enrollment Configuration Details
GET https://graph.microsoft.com/v1.0/deviceManagement/deviceEnrollmentConfigurations/{configId}
21.3 Get Enrollment Configuration Assignments
GET https://graph.microsoft.com/v1.0/deviceManagement/deviceEnrollmentConfigurations/{configId}/assignments
21.4 List Enrollment Status Page (ESP) Profiles
GET https://graph.microsoft.com/v1.0/deviceManagement/deviceEnrollmentConfigurations?$filter=isof('microsoft.graph.windows10EnrollmentCompletionPageConfiguration')
21.5 List Windows Hello for Business Configurations
GET https://graph.microsoft.com/v1.0/deviceManagement/deviceEnrollmentConfigurations?$filter=isof('microsoft.graph.deviceEnrollmentWindowsHelloForBusinessConfiguration')
22.1 List Assignment Filters
GET https://graph.microsoft.com/beta/deviceManagement/assignmentFilters Present as: | Filter Name | Platform | Rule | Created |
22.2 Get Filter Details
GET https://graph.microsoft.com/beta/deviceManagement/assignmentFilters/{filterId}
22.3 Create Assignment Filter
POST https://graph.microsoft.com/beta/deviceManagement/assignmentFilters ⚠️ SAFETY: Confirm before creating.
22.4 Test/Preview Filter Results
POST https://graph.microsoft.com/beta/deviceManagement/assignmentFilters/{filterId}/getState
22.5 List Scope Tags
GET https://graph.microsoft.com/beta/deviceManagement/roleScopeTags
22.6 Create Scope Tag
POST https://graph.microsoft.com/beta/deviceManagement/roleScopeTags ⚠️ SAFETY: Confirm before creating.
Category context
Code helpers, APIs, CLIs, browser automation, testing, and developer operations.
Source: Tencent SkillHub
Largest current source with strong distribution and engagement signals.
Package contents
Included in package
2 Docs
- SKILL.md
- README.md