# Send Openclaw Intune Skill to your agent Hand the extracted package to your coding agent with a concrete install brief instead of figuring it out manually. ## Fast path - Download the package from Yavira. - Extract it into a folder your agent can access. - Paste one of the prompts below and point your agent at the extracted folder. ## Suggested prompts ### New install ```text I downloaded a skill package from Yavira. Read SKILL.md from the extracted folder and install it by following the included instructions. Then review README.md for any prerequisites, environment setup, or post-install checks. Tell me what you changed and call out any manual steps you could not complete. ``` ### Upgrade existing ```text I downloaded an updated skill package from Yavira. Read SKILL.md from the extracted folder, compare it with my current installation, and upgrade it while preserving any custom configuration unless the package docs explicitly say otherwise. Then review README.md for any prerequisites, environment setup, or post-install checks. Summarize what changed and any follow-up checks I should run. ``` ## Machine-readable fields ```json { "schemaVersion": "1.0", "item": { "slug": "openclaw-intune-skill", "name": "Openclaw Intune Skill", "source": "tencent", "type": "skill", "category": "开发工具", "sourceUrl": "https://clawhub.ai/MattiaCirillo/openclaw-intune-skill", "canonicalUrl": "https://clawhub.ai/MattiaCirillo/openclaw-intune-skill", "targetPlatform": "OpenClaw" }, "install": { "downloadUrl": "/downloads/openclaw-intune-skill", "sourceDownloadUrl": "https://wry-manatee-359.convex.site/api/v1/download?slug=openclaw-intune-skill", "sourcePlatform": "tencent", "targetPlatform": "OpenClaw", "packageFormat": "ZIP package", "primaryDoc": "SKILL.md", "includedAssets": [ "README.md", "SKILL.md" ], "downloadMode": "redirect", "sourceHealth": { "source": "tencent", "status": "healthy", "reason": "direct_download_ok", "recommendedAction": "download", "checkedAt": "2026-04-30T16:55:25.780Z", "expiresAt": "2026-05-07T16:55:25.780Z", "httpStatus": 200, "finalUrl": "https://wry-manatee-359.convex.site/api/v1/download?slug=network", "contentType": "application/zip", "probeMethod": "head", "details": { "probeUrl": "https://wry-manatee-359.convex.site/api/v1/download?slug=network", "contentDisposition": "attachment; filename=\"network-1.0.0.zip\"", "redirectLocation": null, "bodySnippet": null }, "scope": "source", "summary": "Source download looks usable.", "detail": "Yavira can redirect you to the upstream package for this source.", "primaryActionLabel": "Download for OpenClaw", "primaryActionHref": "/downloads/openclaw-intune-skill" }, "validation": { "installChecklist": [ "Use the Yavira download entry.", "Review SKILL.md after the package is downloaded.", "Confirm the extracted package contains the expected setup assets." ], "postInstallChecks": [ "Confirm the extracted package includes the expected docs or setup files.", "Validate the skill or prompts are available in your target agent workspace.", "Capture any manual follow-up steps the agent could not complete." ] } }, "links": { "detailUrl": "https://openagent3.xyz/skills/openclaw-intune-skill", "downloadUrl": "https://openagent3.xyz/downloads/openclaw-intune-skill", "agentUrl": "https://openagent3.xyz/skills/openclaw-intune-skill/agent", "manifestUrl": "https://openagent3.xyz/skills/openclaw-intune-skill/agent.json", "briefUrl": "https://openagent3.xyz/skills/openclaw-intune-skill/agent.md" } } ``` ## Documentation ### Microsoft Intune – Complete Management Skill This skill gives the agent full control over Microsoft Intune via the Microsoft Graph API. It covers device management, application deployment, compliance & configuration policies, user & group management, Autopilot, PowerShell scripts, reporting, and all remote device actions. ### 🔑 Authentication Before ANY Intune operation, the agent MUST obtain an OAuth 2.0 access token. The following environment variables must be configured: INTUNE_TENANT_ID – Microsoft 365 Tenant ID INTUNE_CLIENT_ID – Entra ID App Registration Client ID INTUNE_CLIENT_SECRET – Entra ID App Registration Secret ### Token Request POST https://login.microsoftonline.com/{INTUNE_TENANT_ID}/oauth2/v2.0/token Body (x-www-form-urlencoded): client_id={INTUNE_CLIENT_ID} &scope=https://graph.microsoft.com/.default &client_secret={INTUNE_CLIENT_SECRET} &grant_type=client_credentials Extract access_token from the JSON response. Use it as: Authorization: Bearer ### Required API Permissions (App Registration) The Entra ID App Registration needs the following Microsoft Graph Application permissions: DeviceManagementManagedDevices.ReadWrite.All DeviceManagementConfiguration.ReadWrite.All DeviceManagementApps.ReadWrite.All DeviceManagementServiceConfig.ReadWrite.All DeviceManagementRBAC.ReadWrite.All Directory.Read.All User.Read.All Group.ReadWrite.All GroupMember.ReadWrite.All ### 🛡️ Safety Rules (CRITICAL) Read operations (GET): Always safe. Execute without confirmation. Sync/Restart operations: Ask for confirmation: "Soll ich Gerät X wirklich syncen/neustarten?" Destructive operations (Wipe, Retire, Delete): ALWAYS require explicit confirmation. Say: "⚠️ Achtung: Das löscht alle Daten auf dem Gerät. Bist du sicher?" Policy creation/modification: Confirm before applying: "Soll ich diese Policy wirklich erstellen/ändern?" Never dump raw JSON to the user. Always format output as readable Markdown tables or summaries. Error handling: If an API call returns an error, explain the error in simple German and suggest a fix. ### 1.1 List All Managed Devices GET https://graph.microsoft.com/v1.0/deviceManagement/managedDevices Use $select to limit fields: ?$select=deviceName,operatingSystem,complianceState,lastSyncDateTime,userPrincipalName Present results as a table: | Gerätename | OS | Compliance | Letzter Sync | Benutzer | ### 1.2 Search for a Specific Device GET https://graph.microsoft.com/v1.0/deviceManagement/managedDevices?$filter=deviceName eq '{deviceName}' Alternative search by user: ?$filter=userPrincipalName eq '{user@domain.com}' ### 1.3 Get Device Details GET https://graph.microsoft.com/v1.0/deviceManagement/managedDevices/{managedDeviceId} Show: Device name, Serial number, OS version, Compliance state, Encryption status, Last sync, Enrolled date, Primary user. ### 1.4 Remote Actions on a Device Sync Device POST https://graph.microsoft.com/v1.0/deviceManagement/managedDevices/{managedDeviceId}/syncDevice Reboot Device POST https://graph.microsoft.com/v1.0/deviceManagement/managedDevices/{managedDeviceId}/rebootNow Lock Device (Remote Lock) POST https://graph.microsoft.com/v1.0/deviceManagement/managedDevices/{managedDeviceId}/remoteLock Reset Passcode POST https://graph.microsoft.com/v1.0/deviceManagement/managedDevices/{managedDeviceId}/resetPasscode Locate Device (Lost Mode – iOS/Android) POST https://graph.microsoft.com/v1.0/deviceManagement/managedDevices/{managedDeviceId}/locateDevice Retire Device (Remove Company Data Only) POST https://graph.microsoft.com/v1.0/deviceManagement/managedDevices/{managedDeviceId}/retire ⚠️ SAFETY: Requires explicit user confirmation! Wipe Device (Factory Reset) POST https://graph.microsoft.com/v1.0/deviceManagement/managedDevices/{managedDeviceId}/wipe ⚠️ SAFETY: ALWAYS ask twice! This deletes ALL data! Delete Device from Intune DELETE https://graph.microsoft.com/v1.0/deviceManagement/managedDevices/{managedDeviceId} ⚠️ SAFETY: Requires explicit user confirmation! Rename Device POST https://graph.microsoft.com/v1.0/deviceManagement/managedDevices/{managedDeviceId}/setDeviceName Body: {"deviceName": "NEW-NAME"} Enable/Disable Lost Mode (iOS supervised) POST https://graph.microsoft.com/v1.0/deviceManagement/managedDevices/{managedDeviceId}/enableLostMode Body: {"message": "Dieses Gerät wurde als verloren gemeldet.", "phoneNumber": "+49...", "footer": "Kaffee & Code IT"} POST https://graph.microsoft.com/v1.0/deviceManagement/managedDevices/{managedDeviceId}/disableLostMode ### 2.1 List All Compliance Policies GET https://graph.microsoft.com/v1.0/deviceManagement/deviceCompliancePolicies Present as: | Policy Name | Platform | Created | Last Modified | ### 2.2 Get Compliance Policy Details GET https://graph.microsoft.com/v1.0/deviceManagement/deviceCompliancePolicies/{policyId} ### 2.3 Get Compliance Policy Assignments GET https://graph.microsoft.com/v1.0/deviceManagement/deviceCompliancePolicies/{policyId}/assignments ### 2.4 Get Device Compliance Status per Policy GET https://graph.microsoft.com/v1.0/deviceManagement/deviceCompliancePolicies/{policyId}/deviceStatuses ### 2.5 Create a Compliance Policy POST https://graph.microsoft.com/v1.0/deviceManagement/deviceCompliancePolicies ⚠️ SAFETY: Confirm before creating. ### 2.6 Delete a Compliance Policy DELETE https://graph.microsoft.com/v1.0/deviceManagement/deviceCompliancePolicies/{policyId} ⚠️ SAFETY: Requires explicit user confirmation! ### 3.1 List Configuration Policies (Recommended API) GET https://graph.microsoft.com/v1.0/deviceManagement/configurationPolicies This is the modern, recommended endpoint covering Endpoint Security, Administrative Templates, and Settings Catalog. ### 3.2 List Legacy Device Configuration Profiles GET https://graph.microsoft.com/v1.0/deviceManagement/deviceConfigurations ### 3.3 Get Configuration Policy Details GET https://graph.microsoft.com/v1.0/deviceManagement/configurationPolicies/{policyId} ### 3.4 Get Policy Settings GET https://graph.microsoft.com/v1.0/deviceManagement/configurationPolicies/{policyId}/settings ### 3.5 Get Policy Assignments GET https://graph.microsoft.com/v1.0/deviceManagement/configurationPolicies/{policyId}/assignments ### 3.6 Get Device Status per Config Profile GET https://graph.microsoft.com/v1.0/deviceManagement/deviceConfigurations/{configId}/deviceStatuses ### 3.7 Create Configuration Policy POST https://graph.microsoft.com/v1.0/deviceManagement/configurationPolicies ⚠️ SAFETY: Confirm before creating. ### 3.8 Delete Configuration Policy DELETE https://graph.microsoft.com/v1.0/deviceManagement/configurationPolicies/{policyId} ⚠️ SAFETY: Requires explicit user confirmation! ### 4.1 List All Apps GET https://graph.microsoft.com/v1.0/deviceAppManagement/mobileApps Present as: | App Name | Type | Publisher | Created | ### 4.2 Get App Details GET https://graph.microsoft.com/v1.0/deviceAppManagement/mobileApps/{appId} ### 4.3 Get App Assignments (Who gets the app?) GET https://graph.microsoft.com/v1.0/deviceAppManagement/mobileApps/{appId}/assignments ### 4.4 List App Configuration Policies GET https://graph.microsoft.com/v1.0/deviceAppManagement/managedAppPolicies ### 4.5 List App Protection Policies (MAM) GET https://graph.microsoft.com/v1.0/deviceAppManagement/managedAppRegistrations ### 4.6 Assign App to a Group POST https://graph.microsoft.com/v1.0/deviceAppManagement/mobileApps/{appId}/assignments ⚠️ SAFETY: Confirm before assigning. ### 4.7 List Detected Apps on Devices GET https://graph.microsoft.com/v1.0/deviceManagement/detectedApps ### 4.8 Get Devices with a Specific Detected App GET https://graph.microsoft.com/v1.0/deviceManagement/detectedApps/{detectedAppId}/managedDevices ### 5.1 List Security Baselines GET https://graph.microsoft.com/beta/deviceManagement/configurationPolicies?$filter=templateReference/templateFamily eq 'baseline' ### 5.2 List Disk Encryption Policies (BitLocker/FileVault) GET https://graph.microsoft.com/beta/deviceManagement/configurationPolicies?$filter=templateReference/templateFamily eq 'endpointSecurityDiskEncryption' ### 5.3 List Firewall Policies GET https://graph.microsoft.com/beta/deviceManagement/configurationPolicies?$filter=templateReference/templateFamily eq 'endpointSecurityFirewall' ### 5.4 List Antivirus Policies (Defender) GET https://graph.microsoft.com/beta/deviceManagement/configurationPolicies?$filter=templateReference/templateFamily eq 'endpointSecurityAntivirus' ### 5.5 List Attack Surface Reduction Rules GET https://graph.microsoft.com/beta/deviceManagement/configurationPolicies?$filter=templateReference/templateFamily eq 'endpointSecurityAttackSurfaceReduction' ### 6.1 List Autopilot Devices GET https://graph.microsoft.com/v1.0/deviceManagement/windowsAutopilotDeviceIdentities Present as: | Serial Number | Model | Group Tag | Enrollment State | Last Seen | ### 6.2 Get Autopilot Device Details GET https://graph.microsoft.com/v1.0/deviceManagement/windowsAutopilotDeviceIdentities/{id} ### 6.3 List Autopilot Deployment Profiles GET https://graph.microsoft.com/v1.0/deviceManagement/windowsAutopilotDeploymentProfiles ### 6.4 Assign Autopilot Profile POST https://graph.microsoft.com/v1.0/deviceManagement/windowsAutopilotDeviceIdentities/{id}/assignUserToDevice Body: {"userPrincipalName": "user@domain.com"} ### 6.5 Delete Autopilot Device DELETE https://graph.microsoft.com/v1.0/deviceManagement/windowsAutopilotDeviceIdentities/{id} ⚠️ SAFETY: Requires explicit user confirmation! ### 7.1 List Device Management Scripts GET https://graph.microsoft.com/beta/deviceManagement/deviceManagementScripts ### 7.2 Get Script Details GET https://graph.microsoft.com/beta/deviceManagement/deviceManagementScripts/{scriptId} ### 7.3 Get Script Execution Status per Device GET https://graph.microsoft.com/beta/deviceManagement/deviceManagementScripts/{scriptId}/deviceRunStates ### 7.4 Create/Upload a PowerShell Script POST https://graph.microsoft.com/beta/deviceManagement/deviceManagementScripts Body must include scriptContent as Base64-encoded string. ⚠️ SAFETY: Confirm before uploading. Show the script content to the user first. ### 7.5 List Proactive Remediations (Health Scripts) GET https://graph.microsoft.com/beta/deviceManagement/deviceHealthScripts ### 7.6 Get Remediation Script Execution Results GET https://graph.microsoft.com/beta/deviceManagement/deviceHealthScripts/{scriptId}/deviceRunStates ### 8.1 List Users GET https://graph.microsoft.com/v1.0/users?$select=displayName,userPrincipalName,accountEnabled,jobTitle ### 8.2 Search User GET https://graph.microsoft.com/v1.0/users?$filter=startsWith(displayName,'{name}') ### 8.3 Get User Details GET https://graph.microsoft.com/v1.0/users/{userId} ### 8.4 List Groups GET https://graph.microsoft.com/v1.0/groups?$select=displayName,description,groupTypes,membershipRule ### 8.5 Get Group Members GET https://graph.microsoft.com/v1.0/groups/{groupId}/members ### 8.6 Add User to Group POST https://graph.microsoft.com/v1.0/groups/{groupId}/members/$ref Body: {"@odata.id": "https://graph.microsoft.com/v1.0/directoryObjects/{userId}"} ⚠️ SAFETY: Confirm before adding. ### 8.7 Remove User from Group DELETE https://graph.microsoft.com/v1.0/groups/{groupId}/members/{userId}/$ref ⚠️ SAFETY: Confirm before removing. ### 8.8 List Devices for a User GET https://graph.microsoft.com/v1.0/users/{userId}/managedDevices ### 9.1 Device Compliance Summary GET https://graph.microsoft.com/v1.0/deviceManagement/managedDevices?$select=complianceState Agent should calculate: X compliant, Y non-compliant, Z in-grace-period, and present as summary + table. ### 9.2 OS Distribution Summary GET https://graph.microsoft.com/v1.0/deviceManagement/managedDevices?$select=operatingSystem Agent should group by OS and present: "42 Windows, 15 iOS, 8 Android, 3 macOS" ### 9.3 Stale Devices (Not synced recently) GET https://graph.microsoft.com/v1.0/deviceManagement/managedDevices?$filter=lastSyncDateTime lt {30_days_ago}&$select=deviceName,lastSyncDateTime,userPrincipalName Agent should calculate the date for 30 days ago automatically. ### 9.4 Non-Compliant Devices Report GET https://graph.microsoft.com/v1.0/deviceManagement/managedDevices?$filter=complianceState eq 'noncompliant'&$select=deviceName,complianceState,userPrincipalName,operatingSystem ### 9.5 Export Report Job POST https://graph.microsoft.com/beta/deviceManagement/reports/exportJobs Body: {"reportName": "Devices", "filter": "", "select": ["DeviceName","OS","ComplianceState"]} ### 10.1 List Device Categories GET https://graph.microsoft.com/v1.0/deviceManagement/deviceCategories ### 10.2 Create Device Category POST https://graph.microsoft.com/v1.0/deviceManagement/deviceCategories Body: {"displayName": "Kategoriename", "description": "Beschreibung"} ### 10.3 Set Device Category on a Device PUT https://graph.microsoft.com/v1.0/deviceManagement/managedDevices/{deviceId}/deviceCategory/$ref ### 10.4 List Enrollment Restrictions GET https://graph.microsoft.com/v1.0/deviceManagement/deviceEnrollmentConfigurations ### 11.1 List Intune Roles GET https://graph.microsoft.com/v1.0/deviceManagement/roleDefinitions ### 11.2 List Role Assignments GET https://graph.microsoft.com/v1.0/deviceManagement/roleAssignments ### 11.3 Get Role Details GET https://graph.microsoft.com/v1.0/deviceManagement/roleDefinitions/{roleId} ### 💡 Agent Response Guidelines When the user asks a question, follow this logic: "Zeig mir alle Geräte" → Use 1.1, format as table. "Ist Gerät X compliant?" → Use 1.2 to find it, then check complianceState. "Sync Laptop von Max" → Use 1.2 to find managedDeviceId, then use 1.4 Sync. "Wie viele Geräte hab ich?" → Use 9.2, give OS distribution + total count. "Welche Geräte haben sich lange nicht gemeldet?" → Use 9.3. "Erstell mir eine Compliance Policy für Windows" → Use 2.5, ask for requirements first. "Welche Apps sind deployed?" → Use 4.1. "Füg User Max zur Gruppe IT-Geräte hinzu" → Use 8.2 to find user, 8.4 to find group, then 8.6. "Zeig mir den Status vom PowerShell Script XY" → Use 7.3. "Gib mir einen Compliance Report" → Use 9.1 + 9.4. "Zeig mir die Conditional Access Policies" → Use 12.1. "Welche WLAN-Profile sind deployed?" → Use 13.1. "Wie sind meine Windows Update Ringe konfiguriert?" → Use 14.1. "Wer hat letzte Woche was in Intune geändert?" → Use 17.1. "Kann Intune die Einstellung XY konfigurieren?" → Use 18.1 Settings Catalog search. "Zeig mir alle Autopilot-Geräte ohne zugewiesenes Profil" → Use 6.1 + filter. ### 12.1 List Conditional Access Policies GET https://graph.microsoft.com/v1.0/identity/conditionalAccess/policies Present as: | Policy Name | State (enabled/disabled/report) | Conditions | Grant Controls | ### 12.2 Get Conditional Access Policy Details GET https://graph.microsoft.com/v1.0/identity/conditionalAccess/policies/{policyId} ### 12.3 Create Conditional Access Policy POST https://graph.microsoft.com/v1.0/identity/conditionalAccess/policies ⚠️ SAFETY: Always confirm before creating. Show the user a summary of what the policy will do first. 💡 TIP: Recommend creating in "reportOnly" state first for testing. ### 12.4 Update Conditional Access Policy PATCH https://graph.microsoft.com/v1.0/identity/conditionalAccess/policies/{policyId} ⚠️ SAFETY: Confirm before modifying. Explain what will change. ### 12.5 Delete Conditional Access Policy DELETE https://graph.microsoft.com/v1.0/identity/conditionalAccess/policies/{policyId} ⚠️ SAFETY: Requires explicit user confirmation! ### 12.6 List Named Locations (Trusted IPs / Countries) GET https://graph.microsoft.com/v1.0/identity/conditionalAccess/namedLocations ### 12.7 Create Named Location POST https://graph.microsoft.com/v1.0/identity/conditionalAccess/namedLocations Example IP-based: { "@odata.type": "#microsoft.graph.ipNamedLocation", "displayName": "Büro-Netzwerk", "isTrusted": true, "ipRanges": [{"@odata.type": "#microsoft.graph.iPv4CidrRange", "cidrAddress": "192.168.1.0/24"}] } ### 12.8 List Authentication Strengths GET https://graph.microsoft.com/v1.0/identity/conditionalAccess/authenticationStrength/policies ### 13.1 List WLAN Profiles GET https://graph.microsoft.com/v1.0/deviceManagement/deviceConfigurations?$filter=isof('microsoft.graph.windowsWifiConfiguration') or isof('microsoft.graph.iosWiFiConfiguration') or isof('microsoft.graph.androidWorkProfileWiFiConfiguration') Alternative (all configs, then filter by odata.type for Wi-Fi): GET https://graph.microsoft.com/v1.0/deviceManagement/deviceConfigurations Agent should filter results where @odata.type contains WiFi or wifi. ### 13.2 List VPN Profiles GET https://graph.microsoft.com/v1.0/deviceManagement/deviceConfigurations Agent should filter results where @odata.type contains Vpn or vpn. ### 13.3 Get WLAN/VPN Profile Details GET https://graph.microsoft.com/v1.0/deviceManagement/deviceConfigurations/{configId} ### 13.4 Get WLAN/VPN Profile Assignment GET https://graph.microsoft.com/v1.0/deviceManagement/deviceConfigurations/{configId}/assignments ### 13.5 List SCEP Certificate Profiles GET https://graph.microsoft.com/v1.0/deviceManagement/deviceConfigurations Agent should filter results where @odata.type contains Scep or Certificate. ### 13.6 List PKCS Certificate Profiles Same endpoint, filter for Pkcs in @odata.type. ### 13.7 List Trusted Root Certificate Profiles Same endpoint, filter for TrustedRootCertificate in @odata.type. ### 14.1 List Windows Update Rings GET https://graph.microsoft.com/v1.0/deviceManagement/deviceConfigurations?$filter=isof('microsoft.graph.windowsUpdateForBusinessConfiguration') Present as: | Ring Name | Deferral (Days) | Quality Updates | Feature Updates | Assigned To | ### 14.2 Get Update Ring Details GET https://graph.microsoft.com/v1.0/deviceManagement/deviceConfigurations/{ringId} ### 14.3 List Feature Update Profiles GET https://graph.microsoft.com/beta/deviceManagement/windowsFeatureUpdateProfiles ### 14.4 Get Feature Update Profile Details GET https://graph.microsoft.com/beta/deviceManagement/windowsFeatureUpdateProfiles/{profileId} ### 14.5 Get Feature Update Deployment State per Device GET https://graph.microsoft.com/beta/deviceManagement/windowsFeatureUpdateProfiles/{profileId}/deviceUpdateStates ### 14.6 List Driver Update Profiles GET https://graph.microsoft.com/beta/deviceManagement/windowsDriverUpdateProfiles ### 14.7 Get Driver Update Profile Details GET https://graph.microsoft.com/beta/deviceManagement/windowsDriverUpdateProfiles/{profileId} ### 14.8 List Quality Update Profiles (Expedited Updates) GET https://graph.microsoft.com/beta/deviceManagement/windowsQualityUpdateProfiles ### 14.9 Pause/Resume an Update Ring POST https://graph.microsoft.com/beta/deviceManagement/deviceConfigurations/{ringId}/windowsUpdateForBusinessConfiguration/pause POST https://graph.microsoft.com/beta/deviceManagement/deviceConfigurations/{ringId}/windowsUpdateForBusinessConfiguration/resume ⚠️ SAFETY: Confirm before pausing/resuming. ### 15.1 List Apple DEP/ADE Enrollment Profiles GET https://graph.microsoft.com/beta/deviceManagement/depOnboardingSettings ### 15.2 List Apple DEP Tokens GET https://graph.microsoft.com/beta/deviceManagement/depOnboardingSettings/{depId}/enrollmentProfiles ### 15.3 List Apple Push Notification Certificate Info GET https://graph.microsoft.com/v1.0/deviceManagement/applePushNotificationCertificate Shows: Expiration date, Subject, Certificate serial number. 💡 Agent should proactively warn if certificate expires within 30 days! ### 15.4 List VPP Tokens (Volume Purchase Program) GET https://graph.microsoft.com/beta/deviceManagement/vppTokens ### 15.5 List iOS/macOS Managed App Configurations GET https://graph.microsoft.com/v1.0/deviceAppManagement/managedAppPolicies Filter for iOS/macOS types. ### 15.6 Activation Lock Bypass (iOS Supervised) POST https://graph.microsoft.com/v1.0/deviceManagement/managedDevices/{managedDeviceId}/bypassActivationLock ⚠️ SAFETY: Requires explicit user confirmation! ### 16.1 List Android Managed Store Apps GET https://graph.microsoft.com/beta/deviceManagement/androidManagedStoreAccountEnterpriseSettings ### 16.2 List Android Enrollment Profiles GET https://graph.microsoft.com/beta/deviceManagement/androidDeviceOwnerEnrollmentProfiles ### 16.3 Get Android Enterprise Binding Status GET https://graph.microsoft.com/beta/deviceManagement/androidManagedStoreAccountEnterpriseSettings Shows if Android Enterprise (Work Profile / Fully Managed / Dedicated) is connected. ### 16.4 List Android App Protection Policies GET https://graph.microsoft.com/v1.0/deviceAppManagement/androidManagedAppProtections ### 17.1 List Intune Audit Events GET https://graph.microsoft.com/v1.0/deviceManagement/auditEvents Present as: | Date | Activity | Actor (who) | Target | Result | ### 17.2 Filter Audit Events by Date Range GET https://graph.microsoft.com/v1.0/deviceManagement/auditEvents?$filter=activityDateTime gt {startDate} and activityDateTime lt {endDate} Agent should calculate the date range based on user request (e.g., "letzte Woche" → last 7 days). ### 17.3 Filter Audit Events by User GET https://graph.microsoft.com/v1.0/deviceManagement/auditEvents?$filter=actor/userPrincipalName eq '{user@domain.com}' ### 17.4 Get Audit Event Details GET https://graph.microsoft.com/v1.0/deviceManagement/auditEvents/{auditEventId} ### 17.5 List Directory Audit Logs (Entra ID level) GET https://graph.microsoft.com/v1.0/auditLogs/directoryAudits?$filter=category eq 'Device' ### 17.6 List Sign-In Logs GET https://graph.microsoft.com/v1.0/auditLogs/signIns?$filter=appDisplayName eq 'Microsoft Intune' ### 18.1 Search Settings Catalog GET https://graph.microsoft.com/beta/deviceManagement/configurationSettings?$search="{searchTerm}" This is extremely useful when the user asks: "Can Intune configure setting X?" or "Hat Intune eine Einstellung für Bildschirmschoner?" ### 18.2 List Group Policy Migration Reports GET https://graph.microsoft.com/beta/deviceManagement/groupPolicyMigrationReports Use this when the user asks about migrating from on-premises GPO to Intune. ### 18.3 Get Migration Report Details GET https://graph.microsoft.com/beta/deviceManagement/groupPolicyMigrationReports/{reportId} Shows: Which GPO settings are supported in Intune, which are not, and recommended alternatives. ### 18.4 List Group Policy Uploaded Definition Files GET https://graph.microsoft.com/beta/deviceManagement/groupPolicyUploadedDefinitionFiles ### 19.1 List Terms & Conditions GET https://graph.microsoft.com/v1.0/deviceManagement/termsAndConditions ### 19.2 Get Terms & Conditions Details GET https://graph.microsoft.com/v1.0/deviceManagement/termsAndConditions/{termsId} ### 19.3 Get Terms Acceptance Status GET https://graph.microsoft.com/v1.0/deviceManagement/termsAndConditions/{termsId}/acceptanceStatuses Shows which users have accepted which version. ### 19.4 Create Terms & Conditions POST https://graph.microsoft.com/v1.0/deviceManagement/termsAndConditions ⚠️ SAFETY: Confirm before creating. ### 19.5 List Notification Message Templates GET https://graph.microsoft.com/v1.0/deviceManagement/notificationMessageTemplates ### 19.6 Create Notification Template (Non-Compliance Email) POST https://graph.microsoft.com/v1.0/deviceManagement/notificationMessageTemplates ⚠️ SAFETY: Confirm before creating. ### 19.7 Send Test Notification POST https://graph.microsoft.com/v1.0/deviceManagement/notificationMessageTemplates/{templateId}/sendTestMessage ### 20.1 List iOS App Protection Policies GET https://graph.microsoft.com/v1.0/deviceAppManagement/iosManagedAppProtections ### 20.2 List Android App Protection Policies GET https://graph.microsoft.com/v1.0/deviceAppManagement/androidManagedAppProtections ### 20.3 List Windows Information Protection Policies GET https://graph.microsoft.com/v1.0/deviceAppManagement/windowsInformationProtectionPolicies ### 20.4 Get App Protection Policy Details GET https://graph.microsoft.com/v1.0/deviceAppManagement/iosManagedAppProtections/{policyId} or GET https://graph.microsoft.com/v1.0/deviceAppManagement/androidManagedAppProtections/{policyId} ### 20.5 Get App Protection Status per User GET https://graph.microsoft.com/v1.0/deviceAppManagement/managedAppRegistrations?$filter=userId eq '{userId}' ### 20.6 Create App Protection Policy POST https://graph.microsoft.com/v1.0/deviceAppManagement/iosManagedAppProtections or POST https://graph.microsoft.com/v1.0/deviceAppManagement/androidManagedAppProtections ⚠️ SAFETY: Confirm before creating. Show policy summary first. ### 21.1 List All Enrollment Configurations GET https://graph.microsoft.com/v1.0/deviceManagement/deviceEnrollmentConfigurations Includes: Device Limit Restrictions, Platform Restrictions, Enrollment Status Page (ESP), Windows Hello for Business. ### 21.2 Get Enrollment Configuration Details GET https://graph.microsoft.com/v1.0/deviceManagement/deviceEnrollmentConfigurations/{configId} ### 21.3 Get Enrollment Configuration Assignments GET https://graph.microsoft.com/v1.0/deviceManagement/deviceEnrollmentConfigurations/{configId}/assignments ### 21.4 List Enrollment Status Page (ESP) Profiles GET https://graph.microsoft.com/v1.0/deviceManagement/deviceEnrollmentConfigurations?$filter=isof('microsoft.graph.windows10EnrollmentCompletionPageConfiguration') ### 21.5 List Windows Hello for Business Configurations GET https://graph.microsoft.com/v1.0/deviceManagement/deviceEnrollmentConfigurations?$filter=isof('microsoft.graph.deviceEnrollmentWindowsHelloForBusinessConfiguration') ### 22.1 List Assignment Filters GET https://graph.microsoft.com/beta/deviceManagement/assignmentFilters Present as: | Filter Name | Platform | Rule | Created | ### 22.2 Get Filter Details GET https://graph.microsoft.com/beta/deviceManagement/assignmentFilters/{filterId} ### 22.3 Create Assignment Filter POST https://graph.microsoft.com/beta/deviceManagement/assignmentFilters ⚠️ SAFETY: Confirm before creating. ### 22.4 Test/Preview Filter Results POST https://graph.microsoft.com/beta/deviceManagement/assignmentFilters/{filterId}/getState ### 22.5 List Scope Tags GET https://graph.microsoft.com/beta/deviceManagement/roleScopeTags ### 22.6 Create Scope Tag POST https://graph.microsoft.com/beta/deviceManagement/roleScopeTags ⚠️ SAFETY: Confirm before creating. ## Trust - Source: tencent - Verification: Indexed source record - Publisher: MattiaCirillo - Version: 1.0.1 ## Source health - Status: healthy - Source download looks usable. - Yavira can redirect you to the upstream package for this source. - Health scope: source - Reason: direct_download_ok - Checked at: 2026-04-30T16:55:25.780Z - Expires at: 2026-05-07T16:55:25.780Z - Recommended action: Download for OpenClaw ## Links - [Detail page](https://openagent3.xyz/skills/openclaw-intune-skill) - [Send to Agent page](https://openagent3.xyz/skills/openclaw-intune-skill/agent) - [JSON manifest](https://openagent3.xyz/skills/openclaw-intune-skill/agent.json) - [Markdown brief](https://openagent3.xyz/skills/openclaw-intune-skill/agent.md) - [Download page](https://openagent3.xyz/downloads/openclaw-intune-skill)