Intune backup and documentation 
Tenant: Build
Document updated on: 20/07/2024 19:08:25
- Intune
- Entra
[back to top] Description: 1810
| setting | value |
|---|---|
| Odata type | #microsoft.graph.windows10CompliancePolicy |
| Role Scope Tag Ids | Default |
| Display Name | Demo |
| Password Required | False |
| Password Block Simple | False |
| Password Required To Unlock From Idle | False |
| Password Minutes Of Inactivity Before Lock | |
| Password Expiration Days | |
| Password Minimum Length | |
| Password Minimum Character Set Count | |
| Password Required Type | deviceDefault |
| Password Previous Password Block Count | |
| Require Healthy Device Report | False |
| Os Minimum Version | |
| Os Maximum Version | |
| Mobile Os Minimum Version | |
| Mobile Os Maximum Version | |
| Early Launch Anti Malware Driver Enabled | False |
| Bit Locker Enabled | False |
| Secure Boot Enabled | False |
| Code Integrity Enabled | False |
| Memory Integrity Enabled | False |
| Kernel Dma Protection Enabled | False |
| Virtualization Based Security Enabled | False |
| Firmware Protection Enabled | False |
| Storage Require Encryption | False |
| Active Firewall Required | False |
| Defender Enabled | False |
| Defender Version | |
| Signature Out Of Date | False |
| Rtp Enabled | False |
| Antivirus Required | False |
| Anti Spyware Required | False |
| Device Threat Protection Enabled | False |
| Device Threat Protection Required Security Level | unavailable |
| Configuration Manager Compliance Required | False |
| Tpm Required | False |
| Device Compliance Policy Script | |
| Valid Operating System Build Ranges | |
| Scheduled Actions For Rule | ruleName: None scheduledActionConfigurations:
actionType: block notificationTemplateId: 00000000-0000-0000-0000-000000000000 notificationMessageCCList: |
[back to top] Description: 1202
| setting | value |
|---|---|
| Odata type | #microsoft.graph.windows10CompliancePolicy |
| Role Scope Tag Ids | Default |
| Display Name | M365 Chicago |
| Password Required | False |
| Password Block Simple | False |
| Password Required To Unlock From Idle | False |
| Password Minutes Of Inactivity Before Lock | |
| Password Expiration Days | |
| Password Minimum Length | |
| Password Minimum Character Set Count | |
| Password Required Type | deviceDefault |
| Password Previous Password Block Count | |
| Require Healthy Device Report | False |
| Os Minimum Version | |
| Os Maximum Version | |
| Mobile Os Minimum Version | |
| Mobile Os Maximum Version | |
| Early Launch Anti Malware Driver Enabled | False |
| Bit Locker Enabled | True |
| Secure Boot Enabled | False |
| Code Integrity Enabled | False |
| Memory Integrity Enabled | False |
| Kernel Dma Protection Enabled | False |
| Virtualization Based Security Enabled | False |
| Firmware Protection Enabled | False |
| Storage Require Encryption | False |
| Active Firewall Required | False |
| Defender Enabled | False |
| Defender Version | |
| Signature Out Of Date | False |
| Rtp Enabled | False |
| Antivirus Required | False |
| Anti Spyware Required | False |
| Device Threat Protection Enabled | False |
| Device Threat Protection Required Security Level | unavailable |
| Configuration Manager Compliance Required | False |
| Tpm Required | False |
| Device Compliance Policy Script | |
| Valid Operating System Build Ranges | |
| Scheduled Actions For Rule | ruleName: None scheduledActionConfigurations:
actionType: block notificationTemplateId: 00000000-0000-0000-0000-000000000000 notificationMessageCCList: |
| setting | value |
|---|---|
| Template Id | |
| Display Name | Exchange Online Requires Compliant Device |
| State | disabled |
| Partial Enablement Strategy | |
| Session Controls | |
| Conditions | userRiskLevels:
locations: None times: None deviceStates: None devices: None clientApplications: None applications:
excludeGuestsOrExternalUsers: None |
| Grant Controls | operator: OR builtInControls:
|
| setting | value |
|---|---|
| Template Id | 4200930c-0da2-4e33-ca01-000000000005 |
| Display Name | Multifactor authentication for Microsoft partners and vendors |
| State | enabled |
| Partial Enablement Strategy | |
| Session Controls | |
| Conditions | userRiskLevels:
locations: None times: None deviceStates: None devices: None clientApplications: None applications:
excludeGuestsOrExternalUsers: None |
| Grant Controls | operator: OR builtInControls:
|
| setting | value |
|---|---|
| Template Id | |
| Display Name | Office 365 App Control |
| State | disabled |
| Grant Controls | |
| Partial Enablement Strategy | |
| Conditions | userRiskLevels:
locations: None times: None deviceStates: None devices: None clientApplications: None applications:
excludeGuestsOrExternalUsers: None |
| Session Controls | disableResilienceDefaults: None applicationEnforcedRestrictions: None signInFrequency: None persistentBrowser: None continuousAccessEvaluation: None secureSignInSession: None cloudAppSecurity:
isEnabled: True |
| setting | value |
|---|---|
| Device Compliance Checkin Threshold Days | 0 |
| Is Scheduled Action Enabled | True |
| Secure By Default | False |
| Enhanced Jail Break | False |
| Device Inactivity Before Retirement In Day | 0 |
| Derived Credential Provider | notConfigured |
| Derived Credential Url | |
| Android Device Administrator Enrollment Enabled | False |
| Ignore Devices For Unsupported Settings Enabled | False |
| Enable Log Collection | True |
| Enable Autopilot Diagnostics | True |
| Enable Enhanced Troubleshooting Experience | False |
| Enable Device Group Membership Report | False |
| M365 App Diagnostics Enabled | True |
[back to top] Description: This is the default enrollment status screen configuration applied with the lowest priority to all users and all devices regardless of group membership.
| target | filter type | filter name |
|---|---|---|
| All Devices | none |
| setting | value |
|---|---|
| Odata type | #microsoft.graph.windows10EnrollmentCompletionPageConfiguration |
| Display Name | All users and all devices |
| Priority | 0 |
| Role Scope Tag Ids | |
| Device Enrollment Configuration Type | windows10EnrollmentCompletionPageConfiguration |
| Show Installation Progress | False |
| Block Device Setup Retry By User | True |
| Allow Device Reset On Install Failure | False |
| Allow Log Collection On Install Failure | False |
| Custom Error Message | |
| Install Progress Timeout In Minutes | 0 |
| Allow Device Use On Install Failure | False |
| Selected Mobile App Ids | |
| Allow Non Blocking App Installation | False |
| Install Quality Updates | False |
| Track Install Progress For Autopilot Only | False |
| Disable User Status Tracking After First User | False |
[back to top] Description: This is the default Device Limit Restriction applied with the lowest priority to all users regardless of group membership.
| target | filter type | filter name |
|---|---|---|
| All Devices | none |
| setting | value |
|---|---|
| Odata type | #microsoft.graph.deviceEnrollmentLimitConfiguration |
| Display Name | All users and all devices |
| Priority | 0 |
| Role Scope Tag Ids | |
| Device Enrollment Configuration Type | limit |
| Limit | 5 |
[back to top] Description: This is the default Device Type Restriction applied with the lowest priority to all users regardless of group membership.
| target | filter type | filter name |
|---|---|---|
| All Devices | none |
| setting | value |
|---|---|
| Odata type | #microsoft.graph.deviceEnrollmentPlatformRestrictionsConfiguration |
| Display Name | All users and all devices |
| Priority | 0 |
| Role Scope Tag Ids | |
| Device Enrollment Configuration Type | platformRestrictions |
| Ios Restriction | platformBlocked: False personalDeviceEnrollmentBlocked: False osMinimumVersion: osMaximumVersion: blockedManufacturers: |
| Windows Restriction | platformBlocked: False personalDeviceEnrollmentBlocked: False osMinimumVersion: osMaximumVersion: blockedManufacturers: |
| Windows Home Sku Restriction | platformBlocked: False personalDeviceEnrollmentBlocked: False osMinimumVersion: None osMaximumVersion: None blockedManufacturers: |
| Windows Mobile Restriction | platformBlocked: True personalDeviceEnrollmentBlocked: False osMinimumVersion: osMaximumVersion: blockedManufacturers: |
| Android Restriction | platformBlocked: False personalDeviceEnrollmentBlocked: False osMinimumVersion: osMaximumVersion: blockedManufacturers: |
| Android For Work Restriction | platformBlocked: False personalDeviceEnrollmentBlocked: False osMinimumVersion: osMaximumVersion: blockedManufacturers: |
| Mac Restriction | platformBlocked: False personalDeviceEnrollmentBlocked: False osMinimumVersion: None osMaximumVersion: None blockedManufacturers: |
| Mac O S Restriction | platformBlocked: False personalDeviceEnrollmentBlocked: False osMinimumVersion: None osMaximumVersion: None blockedManufacturers: |
[back to top] Description: This is the default Windows Hello for Business configuration applied with the lowest priority to all users regardless of group membership.
| target | filter type | filter name |
|---|---|---|
| All Devices | none |
| setting | value |
|---|---|
| Odata type | #microsoft.graph.deviceEnrollmentWindowsHelloForBusinessConfiguration |
| Display Name | All users and all devices |
| Priority | 0 |
| Role Scope Tag Ids | |
| Device Enrollment Configuration Type | windowsHelloForBusiness |
| Pin Minimum Length | 6 |
| Pin Maximum Length | 127 |
| Pin Uppercase Characters Usage | disallowed |
| Pin Lowercase Characters Usage | disallowed |
| Pin Special Characters Usage | disallowed |
| State | notConfigured |
| Security Device Required | False |
| Unlock With Biometrics Enabled | True |
| Remote Passport Enabled | True |
| Pin Previous Block Count | 0 |
| Pin Expiration In Days | 0 |
| Enhanced Biometrics State | notConfigured |
| Security Key For Sign In | notConfigured |
| Enhanced Sign In Security | 0 |
[back to top] Description: Default Role Scope Tag. This will exist by default on all Intune entities whenever a user defined Role Scope Tag is not present.
| setting | value |
|---|---|
| Display Name | Default |
| Is Built In | True |