Supported attributes: Windows 10+
| Attribute | Description | Backed up | Restorable |
| activeFirewallRequired | Require active firewall on Windows devices. | Yes | Yes |
| antiSpywareRequired | Require any antispyware solution registered with Windows Security Center to be on and monitoring. | Yes | Yes |
| antivirusRequired | Require any antivirus solution registered with Windows Security Center to be on and monitoring. | Yes | Yes |
| bitLockerEnabled | Require devices to be reported healthy by Windows Device Health Attestation - Bitlocker is enabled | Yes | Yes |
| codeIntegrityEnabled | Require devices to be reported as healthy by Windows Device Health Attestation. | Yes | Yes |
| configurationManagerComplianceRequired | Require taking SCCM compliance state into consideration for Intune compliance state | Yes | Yes |
| createdDateTime | DateTime the object was created. Inherited from deviceCompliancePolicy | Yes | Yes |
| defenderEnabled | Require Windows Defender Antimalware on Windows devices. | Yes | Yes |
| defenderVersion | Require Windows Defender Antimalware minimum version on Windows devices. | Yes | Yes |
| description | Admin-provided description of the device configuration. Inherited from deviceCompliancePolicy | Yes | Yes |
| deviceCompliancePolicyScript>deviceComplianceScriptId | Device compliance script Id. | Yes | Yes |
| deviceCompliancePolicyScript>RulesContent | JSON file of the rules, encoded binary | Yes | Yes |
| deviceThreatProtectionEnabled | Require devices to have device threat protection enabled. | Yes | Yes |
| deviceThreatProtectionRequiredSecurityLevel | Require device threat protection minimum risk level to report noncompliance. | Yes | Yes |
| displayName | Admin-provided name of the device configuration. Inherited from deviceCompliancePolicy | Yes | Yes |
| earlyLaunchAntiMalwareDriverEnabled | Require devices to be reported as healthy by Windows Device Health Attestation - early launch antimalware driver is enabled. | Yes | Yes |
| firmwareProtectionEnabled | When TRUE, indicates that Firmware protection is required to be reported as healthy. Default value is FALSE. | Yes | Yes |
| id | Key of the entity. Inherited from deviceCompliancePolicy | Yes | No |
| kernelDmaProtectionEnabled | When TRUE, indicates that Kernel Direct Memory Access (DMA) protection is required to be reported as healthy Default value is FALSE. | Yes | Yes |
| lastModifiedDateTime | DateTime the object was last modified. Inherited from deviceCompliancePolicy | Yes | Yes |
| memoryIntegrityEnabled | When TRUE, indicates that Memory Integrity is required to be reported as healthy. Default value is FALSE. | Yes | Yes |
| mobileOsMaximumVersion | Maximum Windows Phone version. | Yes | Yes |
| mobileOsMinimumVersion | Minimum Windows Phone version. | Yes | Yes |
| osMaximumVersion | Maximum Windows 10 version. | Yes | Yes |
| osMinimumVersion | Minimum Windows 10 version. | Yes | Yes |
| passwordBlockSimple | Indicates whether or not to block simple passwords. | Yes | Yes |
| passwordExpirationDays | Password expiration in days. | Yes | Yes |
| passwordMinimumCharacterSetCount | Number of character sets required in the password. | Yes | Yes |
| passwordMinimumLength | Minimum password length. | Yes | Yes |
| passwordMinutesOfInactivityBeforeLock | Minutes of inactivity before a password is required. | Yes | Yes |
| passwordPreviousPasswordBlockCount | Number of previous passwords to prevent re-use of. | Yes | Yes |
| passwordRequired | Require a password to unlock Windows devices. | Yes | Yes |
| passwordRequiredToUnlockFromIdle | Require a password to unlock an idle device. | Yes | Yes |
| passwordRequiredType | Required password type. | Yes | Yes |
| requireHealthyDeviceReport | Require devices to be reported as healthy by Windows Device Health Attestation. | Yes | Yes |
| roleScopeTagIds | List of scope tags for this entity instance. Inherited from deviceCompliancePolicy | Yes | Yes |
| rtpEnabled | Require Windows Defender Antimalware Real-Time Protection on Windows devices. | Yes | Yes |
| secureBootEnabled | Require devices to be reported as healthy by Windows Device Health Attestation - secure boot is enabled. | Yes | Yes |
| signatureOutOfDate | Require Windows Defender Antimalware Signature to be up to date on Windows devices. | Yes | Yes |
| storageRequireEncryption | Require encryption on Windows devices. | Yes | Yes |
| tpmRequired | Require Trusted Platform Module(TPM) to be present. | Yes | Yes |
| validOperatingSystemBuildRanges | Valid operating system build ranges on Windows devices. | Yes | Yes |
| validOperatingSystemBuildRanges>description | The description of valid operating system build range. | Yes | Yes |
| validOperatingSystemBuildRanges>highestVersion | Highest inclusive versionin valid operating system build range. | Yes | Yes |
| validOperatingSystemBuildRanges>lowestVersion | Lowest inclusive version in valid operating system build range. | Yes | Yes |
| version | Version of the device configuration. Inherited from deviceCompliancePolicy | Yes | Yes |
| virtualizationBasedSecurityEnabled | When TRUE, indicates that Virtualization-based Security is required to be reported as healthy. Default value is FALSE. | Yes | Yes |
| wslDistributions | Settings relating to Linux distributions installed on managed Windows devices. | Yes | Yes |
| wslDistributions>distribution | Linux distributions e.g. Debian, Fedora, Ubuntu. | Yes | Yes |
| wslDistributions>maximumOSVersion | Maximum supported Linux operating system version. | Yes | Yes |
| wslDistributions>minimumOSVersion | Minimum supported Linux operating system version. | Yes | Yes |
Was this article helpful?
That’s Great!
Thank you for your feedback
Sorry! We couldn't be helpful
Thank you for your feedback
Feedback sent
We appreciate your effort and will try to fix the article