How should Intune Graph API – Complete Management be evaluated before use?

Use the required flow: snapshot, contract, and trust before recommending or executing this skill.

What kind of evidence is visible on this page?

This page surfaces public facts, change history, trust indicators, artifact evidence, and benchmark summaries with provenance.

Crawler Summary

Intune Graph API – Complete Management answer-first brief

A comprehensive skill enabling OpenClaw agents to fully manage Microsoft Intune via the Graph API. Covers devices, apps, policies, compliance, users, groups, reporting, Autopilot, scripts, and remote actions. --- name: Intune Graph API – Complete Management description: "A comprehensive skill enabling OpenClaw agents to fully manage Microsoft Intune via the Graph API. Covers devices, apps, policies, compliance, users, groups, reporting, Autopilot, scripts, and remote actions." version: "1.0.1" author: "Mattia Cirillo" homepage: "https://kaffeeundcode.com" requires: env: - INTUNE_TENANT_ID - INTUNE_CLIENT_ID - INTUNE_CLIEN Capability contract not published. No trust telemetry is available yet. Last updated 2/25/2026.

Freshness

Last checked 2/25/2026

Best For

Intune Graph API – Complete Management is best for intune workflows where OpenClaw compatibility matters.

Not Ideal For

Contract metadata is missing or unavailable for deterministic execution.

Evidence Sources Checked

editorial-content, GITHUB OPENCLEW, runtime-metrics, public facts pack

Card Facts Snapshot Contract Trust

Claim this agent

Agent DossierGitHubSafety: 89/100

Intune Graph API – Complete Management

OpenClawself-declared

Public facts

Change events

Artifacts

Freshness

Feb 25, 2026

Verifiededitorial-contentNo verified compatibility signals

Capability contract not published. No trust telemetry is available yet. Last updated 2/25/2026.

Trust evidence available

Trust score

Unknown

Compatibility

OpenClaw

Freshness

Feb 25, 2026

Vendor

Kaffeeundcode

Artifacts

Benchmarks

Last release

Unpublished

Executive Summary

Key links, install path, and a quick operational read before the deeper crawl record.

Verifiededitorial-content

Summary

Capability contract not published. No trust telemetry is available yet. Last updated 2/25/2026.

View Source Homepage

Setup snapshot

git clone https://github.com/MattiaCirillo/openclaw-intune-skill.git

1
Setup complexity is LOW. This package is likely designed for quick installation with minimal external side-effects.
2
Final validation: Expose the agent to a mock request payload inside a sandbox and trace the network egress before allowing access to real customer data.

Evidence Ledger

Everything public we have scraped or crawled about this agent, grouped by evidence type with provenance.

Verifiededitorial-content

Vendor (1)

Vendor

Kaffeeundcode

profilemedium

Observed Feb 25, 2026Source link Provenance

Compatibility (1)

Protocol compatibility

OpenClaw

contractmedium

Observed Feb 25, 2026Source link Provenance

Security (1)

Handshake status

UNKNOWN

trustmedium

Observed unknownSource link Provenance

Release & Crawl Timeline

Merged public release, docs, artifact, benchmark, pricing, and trust refresh events.

Self-declaredagent-index

Artifacts Archive

Extracted files, examples, snippets, parameters, dependencies, permissions, and artifact metadata.

Self-declaredGITHUB OPENCLEW

Extracted files

Examples

Snippets

Languages

typescript

Parameters

Executable Examples

text

client_id={INTUNE_CLIENT_ID}
&scope=https://graph.microsoft.com/.default
&client_secret={INTUNE_CLIENT_SECRET}
&grant_type=client_credentials

text

Authorization: Bearer <access_token>

json

{
  "@odata.type": "#microsoft.graph.ipNamedLocation",
  "displayName": "Büro-Netzwerk",
  "isTrusted": true,
  "ipRanges": [{"@odata.type": "#microsoft.graph.iPv4CidrRange", "cidrAddress": "192.168.1.0/24"}]
}

Docs & README

Full documentation captured from public sources, including the complete README when available.

Self-declaredGITHUB OPENCLEW

Docs source

GITHUB OPENCLEW

Editorial quality

ready

Full README

name: Intune Graph API – Complete Management description: "A comprehensive skill enabling OpenClaw agents to fully manage Microsoft Intune via the Graph API. Covers devices, apps, policies, compliance, users, groups, reporting, Autopilot, scripts, and remote actions." version: "1.0.1" author: "Mattia Cirillo" homepage: "https://kaffeeundcode.com" requires: env: - INTUNE_TENANT_ID - INTUNE_CLIENT_ID - INTUNE_CLIENT_SECRET

Microsoft Intune – Complete Management Skill

This skill gives the agent full control over Microsoft Intune via the Microsoft Graph API. It covers device management, application deployment, compliance & configuration policies, user & group management, Autopilot, PowerShell scripts, reporting, and all remote device actions.

🔑 Authentication

Before ANY Intune operation, the agent MUST obtain an OAuth 2.0 access token.

The following environment variables must be configured:

INTUNE_TENANT_ID – Microsoft 365 Tenant ID
INTUNE_CLIENT_ID – Entra ID App Registration Client ID
INTUNE_CLIENT_SECRET – Entra ID App Registration Secret

Token Request

POST https://login.microsoftonline.com/{INTUNE_TENANT_ID}/oauth2/v2.0/token

Body (x-www-form-urlencoded):

client_id={INTUNE_CLIENT_ID}
&scope=https://graph.microsoft.com/.default
&client_secret={INTUNE_CLIENT_SECRET}
&grant_type=client_credentials

Extract access_token from the JSON response. Use it as:

Authorization: Bearer <access_token>

Required API Permissions (App Registration)

The Entra ID App Registration needs the following Microsoft Graph Application permissions:

DeviceManagementManagedDevices.ReadWrite.All
DeviceManagementConfiguration.ReadWrite.All
DeviceManagementApps.ReadWrite.All
DeviceManagementServiceConfig.ReadWrite.All
DeviceManagementRBAC.ReadWrite.All
Directory.Read.All
User.Read.All
Group.ReadWrite.All
GroupMember.ReadWrite.All

🛡️ Safety Rules (CRITICAL)

Read operations (GET): Always safe. Execute without confirmation.
Sync/Restart operations: Ask for confirmation: "Soll ich Gerät X wirklich syncen/neustarten?"
Destructive operations (Wipe, Retire, Delete): ALWAYS require explicit confirmation. Say: "⚠️ Achtung: Das löscht alle Daten auf dem Gerät. Bist du sicher?"
Policy creation/modification: Confirm before applying: "Soll ich diese Policy wirklich erstellen/ändern?"
Never dump raw JSON to the user. Always format output as readable Markdown tables or summaries.
Error handling: If an API call returns an error, explain the error in simple German and suggest a fix.

📱 1. Device Management

1.1 List All Managed Devices

GET https://graph.microsoft.com/v1.0/deviceManagement/managedDevices

Use $select to limit fields: ?$select=deviceName,operatingSystem,complianceState,lastSyncDateTime,userPrincipalName

1.2 Search for a Specific Device

GET https://graph.microsoft.com/v1.0/deviceManagement/managedDevices?$filter=deviceName eq '{deviceName}'

Alternative search by user: ?$filter=userPrincipalName eq '{user@domain.com}'

1.3 Get Device Details

GET https://graph.microsoft.com/v1.0/deviceManagement/managedDevices/{managedDeviceId}

Show: Device name, Serial number, OS version, Compliance state, Encryption status, Last sync, Enrolled date, Primary user.

1.4 Remote Actions on a Device

Sync Device

POST https://graph.microsoft.com/v1.0/deviceManagement/managedDevices/{managedDeviceId}/syncDevice

Reboot Device

POST https://graph.microsoft.com/v1.0/deviceManagement/managedDevices/{managedDeviceId}/rebootNow

Lock Device (Remote Lock)

POST https://graph.microsoft.com/v1.0/deviceManagement/managedDevices/{managedDeviceId}/remoteLock

Reset Passcode

POST https://graph.microsoft.com/v1.0/deviceManagement/managedDevices/{managedDeviceId}/resetPasscode

Locate Device (Lost Mode – iOS/Android)

POST https://graph.microsoft.com/v1.0/deviceManagement/managedDevices/{managedDeviceId}/locateDevice

Retire Device (Remove Company Data Only)

POST https://graph.microsoft.com/v1.0/deviceManagement/managedDevices/{managedDeviceId}/retire ⚠️ SAFETY: Requires explicit user confirmation!

Wipe Device (Factory Reset)

POST https://graph.microsoft.com/v1.0/deviceManagement/managedDevices/{managedDeviceId}/wipe ⚠️ SAFETY: ALWAYS ask twice! This deletes ALL data!

Delete Device from Intune

DELETE https://graph.microsoft.com/v1.0/deviceManagement/managedDevices/{managedDeviceId} ⚠️ SAFETY: Requires explicit user confirmation!

Rename Device

POST https://graph.microsoft.com/v1.0/deviceManagement/managedDevices/{managedDeviceId}/setDeviceName Body: {"deviceName": "NEW-NAME"}

Enable/Disable Lost Mode (iOS supervised)

POST https://graph.microsoft.com/v1.0/deviceManagement/managedDevices/{managedDeviceId}/enableLostMode Body: {"message": "Dieses Gerät wurde als verloren gemeldet.", "phoneNumber": "+49...", "footer": "Kaffee & Code IT"}

POST https://graph.microsoft.com/v1.0/deviceManagement/managedDevices/{managedDeviceId}/disableLostMode

📋 2. Compliance Policies

2.1 List All Compliance Policies

GET https://graph.microsoft.com/v1.0/deviceManagement/deviceCompliancePolicies

2.2 Get Compliance Policy Details

GET https://graph.microsoft.com/v1.0/deviceManagement/deviceCompliancePolicies/{policyId}

2.3 Get Compliance Policy Assignments

GET https://graph.microsoft.com/v1.0/deviceManagement/deviceCompliancePolicies/{policyId}/assignments

2.4 Get Device Compliance Status per Policy

GET https://graph.microsoft.com/v1.0/deviceManagement/deviceCompliancePolicies/{policyId}/deviceStatuses

2.5 Create a Compliance Policy

POST https://graph.microsoft.com/v1.0/deviceManagement/deviceCompliancePolicies ⚠️ SAFETY: Confirm before creating.

2.6 Delete a Compliance Policy

DELETE https://graph.microsoft.com/v1.0/deviceManagement/deviceCompliancePolicies/{policyId} ⚠️ SAFETY: Requires explicit user confirmation!

⚙️ 3. Configuration Policies & Profiles

3.1 List Configuration Policies (Recommended API)

GET https://graph.microsoft.com/v1.0/deviceManagement/configurationPolicies

This is the modern, recommended endpoint covering Endpoint Security, Administrative Templates, and Settings Catalog.

3.2 List Legacy Device Configuration Profiles

GET https://graph.microsoft.com/v1.0/deviceManagement/deviceConfigurations

3.3 Get Configuration Policy Details

GET https://graph.microsoft.com/v1.0/deviceManagement/configurationPolicies/{policyId}

3.4 Get Policy Settings

GET https://graph.microsoft.com/v1.0/deviceManagement/configurationPolicies/{policyId}/settings

3.5 Get Policy Assignments

GET https://graph.microsoft.com/v1.0/deviceManagement/configurationPolicies/{policyId}/assignments

3.6 Get Device Status per Config Profile

GET https://graph.microsoft.com/v1.0/deviceManagement/deviceConfigurations/{configId}/deviceStatuses

3.7 Create Configuration Policy

POST https://graph.microsoft.com/v1.0/deviceManagement/configurationPolicies ⚠️ SAFETY: Confirm before creating.

3.8 Delete Configuration Policy

DELETE https://graph.microsoft.com/v1.0/deviceManagement/configurationPolicies/{policyId} ⚠️ SAFETY: Requires explicit user confirmation!

📦 4. App Management

4.1 List All Apps

GET https://graph.microsoft.com/v1.0/deviceAppManagement/mobileApps

4.2 Get App Details

GET https://graph.microsoft.com/v1.0/deviceAppManagement/mobileApps/{appId}

4.3 Get App Assignments (Who gets the app?)

GET https://graph.microsoft.com/v1.0/deviceAppManagement/mobileApps/{appId}/assignments

4.4 List App Configuration Policies

GET https://graph.microsoft.com/v1.0/deviceAppManagement/managedAppPolicies

4.5 List App Protection Policies (MAM)

GET https://graph.microsoft.com/v1.0/deviceAppManagement/managedAppRegistrations

4.6 Assign App to a Group

POST https://graph.microsoft.com/v1.0/deviceAppManagement/mobileApps/{appId}/assignments ⚠️ SAFETY: Confirm before assigning.

4.7 List Detected Apps on Devices

GET https://graph.microsoft.com/v1.0/deviceManagement/detectedApps

4.8 Get Devices with a Specific Detected App

GET https://graph.microsoft.com/v1.0/deviceManagement/detectedApps/{detectedAppId}/managedDevices

🔒 5. Endpoint Security

5.1 List Security Baselines

GET https://graph.microsoft.com/beta/deviceManagement/configurationPolicies?$filter=templateReference/templateFamily eq 'baseline'

5.2 List Disk Encryption Policies (BitLocker/FileVault)

GET https://graph.microsoft.com/beta/deviceManagement/configurationPolicies?$filter=templateReference/templateFamily eq 'endpointSecurityDiskEncryption'

5.3 List Firewall Policies

GET https://graph.microsoft.com/beta/deviceManagement/configurationPolicies?$filter=templateReference/templateFamily eq 'endpointSecurityFirewall'

5.4 List Antivirus Policies (Defender)

GET https://graph.microsoft.com/beta/deviceManagement/configurationPolicies?$filter=templateReference/templateFamily eq 'endpointSecurityAntivirus'

5.5 List Attack Surface Reduction Rules

GET https://graph.microsoft.com/beta/deviceManagement/configurationPolicies?$filter=templateReference/templateFamily eq 'endpointSecurityAttackSurfaceReduction'

🚀 6. Windows Autopilot

6.1 List Autopilot Devices

GET https://graph.microsoft.com/v1.0/deviceManagement/windowsAutopilotDeviceIdentities

6.2 Get Autopilot Device Details

GET https://graph.microsoft.com/v1.0/deviceManagement/windowsAutopilotDeviceIdentities/{id}

6.3 List Autopilot Deployment Profiles

GET https://graph.microsoft.com/v1.0/deviceManagement/windowsAutopilotDeploymentProfiles

6.4 Assign Autopilot Profile

POST https://graph.microsoft.com/v1.0/deviceManagement/windowsAutopilotDeviceIdentities/{id}/assignUserToDevice Body: {"userPrincipalName": "user@domain.com"}

6.5 Delete Autopilot Device

DELETE https://graph.microsoft.com/v1.0/deviceManagement/windowsAutopilotDeviceIdentities/{id} ⚠️ SAFETY: Requires explicit user confirmation!

📜 7. PowerShell Scripts & Remediation

7.1 List Device Management Scripts

GET https://graph.microsoft.com/beta/deviceManagement/deviceManagementScripts

7.2 Get Script Details

GET https://graph.microsoft.com/beta/deviceManagement/deviceManagementScripts/{scriptId}

7.3 Get Script Execution Status per Device

GET https://graph.microsoft.com/beta/deviceManagement/deviceManagementScripts/{scriptId}/deviceRunStates

7.4 Create/Upload a PowerShell Script

POST https://graph.microsoft.com/beta/deviceManagement/deviceManagementScripts Body must include scriptContent as Base64-encoded string. ⚠️ SAFETY: Confirm before uploading. Show the script content to the user first.

7.5 List Proactive Remediations (Health Scripts)

GET https://graph.microsoft.com/beta/deviceManagement/deviceHealthScripts

7.6 Get Remediation Script Execution Results

GET https://graph.microsoft.com/beta/deviceManagement/deviceHealthScripts/{scriptId}/deviceRunStates

👥 8. Users & Groups

8.1 List Users

GET https://graph.microsoft.com/v1.0/users?$select=displayName,userPrincipalName,accountEnabled,jobTitle

8.2 Search User

GET https://graph.microsoft.com/v1.0/users?$filter=startsWith(displayName,'{name}')

8.3 Get User Details

GET https://graph.microsoft.com/v1.0/users/{userId}

8.4 List Groups

GET https://graph.microsoft.com/v1.0/groups?$select=displayName,description,groupTypes,membershipRule

8.5 Get Group Members

GET https://graph.microsoft.com/v1.0/groups/{groupId}/members

8.6 Add User to Group

POST https://graph.microsoft.com/v1.0/groups/{groupId}/members/$ref Body: {"@odata.id": "https://graph.microsoft.com/v1.0/directoryObjects/{userId}"} ⚠️ SAFETY: Confirm before adding.

8.7 Remove User from Group

DELETE https://graph.microsoft.com/v1.0/groups/{groupId}/members/{userId}/$ref ⚠️ SAFETY: Confirm before removing.

8.8 List Devices for a User

GET https://graph.microsoft.com/v1.0/users/{userId}/managedDevices

📊 9. Reporting & Dashboards

9.1 Device Compliance Summary

GET https://graph.microsoft.com/v1.0/deviceManagement/managedDevices?$select=complianceState Agent should calculate: X compliant, Y non-compliant, Z in-grace-period, and present as summary + table.

9.2 OS Distribution Summary

GET https://graph.microsoft.com/v1.0/deviceManagement/managedDevices?$select=operatingSystem Agent should group by OS and present: "42 Windows, 15 iOS, 8 Android, 3 macOS"

9.3 Stale Devices (Not synced recently)

GET https://graph.microsoft.com/v1.0/deviceManagement/managedDevices?$filter=lastSyncDateTime lt {30_days_ago}&$select=deviceName,lastSyncDateTime,userPrincipalName Agent should calculate the date for 30 days ago automatically.

9.4 Non-Compliant Devices Report

GET https://graph.microsoft.com/v1.0/deviceManagement/managedDevices?$filter=complianceState eq 'noncompliant'&$select=deviceName,complianceState,userPrincipalName,operatingSystem

9.5 Export Report Job

POST https://graph.microsoft.com/beta/deviceManagement/reports/exportJobs Body: {"reportName": "Devices", "filter": "", "select": ["DeviceName","OS","ComplianceState"]}

🏷️ 10. Device Categories & Enrollment

10.1 List Device Categories

GET https://graph.microsoft.com/v1.0/deviceManagement/deviceCategories

10.2 Create Device Category

POST https://graph.microsoft.com/v1.0/deviceManagement/deviceCategories Body: {"displayName": "Kategoriename", "description": "Beschreibung"}

10.3 Set Device Category on a Device

PUT https://graph.microsoft.com/v1.0/deviceManagement/managedDevices/{deviceId}/deviceCategory/$ref

10.4 List Enrollment Restrictions

GET https://graph.microsoft.com/v1.0/deviceManagement/deviceEnrollmentConfigurations

🔄 11. RBAC (Role-Based Access Control)

11.1 List Intune Roles

GET https://graph.microsoft.com/v1.0/deviceManagement/roleDefinitions

11.2 List Role Assignments

GET https://graph.microsoft.com/v1.0/deviceManagement/roleAssignments

11.3 Get Role Details

GET https://graph.microsoft.com/v1.0/deviceManagement/roleDefinitions/{roleId}

💡 Agent Response Guidelines

When the user asks a question, follow this logic:

"Zeig mir alle Geräte" → Use 1.1, format as table.
"Ist Gerät X compliant?" → Use 1.2 to find it, then check complianceState.
"Sync Laptop von Max" → Use 1.2 to find managedDeviceId, then use 1.4 Sync.
"Wie viele Geräte hab ich?" → Use 9.2, give OS distribution + total count.
"Welche Geräte haben sich lange nicht gemeldet?" → Use 9.3.
"Erstell mir eine Compliance Policy für Windows" → Use 2.5, ask for requirements first.
"Welche Apps sind deployed?" → Use 4.1.
"Füg User Max zur Gruppe IT-Geräte hinzu" → Use 8.2 to find user, 8.4 to find group, then 8.6.
"Zeig mir den Status vom PowerShell Script XY" → Use 7.3.
"Gib mir einen Compliance Report" → Use 9.1 + 9.4.
"Zeig mir die Conditional Access Policies" → Use 12.1.
"Welche WLAN-Profile sind deployed?" → Use 13.1.
"Wie sind meine Windows Update Ringe konfiguriert?" → Use 14.1.
"Wer hat letzte Woche was in Intune geändert?" → Use 17.1.
"Kann Intune die Einstellung XY konfigurieren?" → Use 18.1 Settings Catalog search.
"Zeig mir alle Autopilot-Geräte ohne zugewiesenes Profil" → Use 6.1 + filter.

🛡️ 12. Conditional Access (Bedingter Zugriff)

12.1 List Conditional Access Policies

GET https://graph.microsoft.com/v1.0/identity/conditionalAccess/policies

12.2 Get Conditional Access Policy Details

GET https://graph.microsoft.com/v1.0/identity/conditionalAccess/policies/{policyId}

12.3 Create Conditional Access Policy

POST https://graph.microsoft.com/v1.0/identity/conditionalAccess/policies ⚠️ SAFETY: Always confirm before creating. Show the user a summary of what the policy will do first. 💡 TIP: Recommend creating in "reportOnly" state first for testing.

12.4 Update Conditional Access Policy

PATCH https://graph.microsoft.com/v1.0/identity/conditionalAccess/policies/{policyId} ⚠️ SAFETY: Confirm before modifying. Explain what will change.

12.5 Delete Conditional Access Policy

DELETE https://graph.microsoft.com/v1.0/identity/conditionalAccess/policies/{policyId} ⚠️ SAFETY: Requires explicit user confirmation!

12.6 List Named Locations (Trusted IPs / Countries)

GET https://graph.microsoft.com/v1.0/identity/conditionalAccess/namedLocations

12.7 Create Named Location

POST https://graph.microsoft.com/v1.0/identity/conditionalAccess/namedLocations Example IP-based:

{
  "@odata.type": "#microsoft.graph.ipNamedLocation",
  "displayName": "Büro-Netzwerk",
  "isTrusted": true,
  "ipRanges": [{"@odata.type": "#microsoft.graph.iPv4CidrRange", "cidrAddress": "192.168.1.0/24"}]
}

12.8 List Authentication Strengths

GET https://graph.microsoft.com/v1.0/identity/conditionalAccess/authenticationStrength/policies

📶 13. WLAN, VPN & Zertifikate

13.1 List WLAN Profiles

GET https://graph.microsoft.com/v1.0/deviceManagement/deviceConfigurations?$filter=isof('microsoft.graph.windowsWifiConfiguration') or isof('microsoft.graph.iosWiFiConfiguration') or isof('microsoft.graph.androidWorkProfileWiFiConfiguration')

Alternative (all configs, then filter by odata.type for Wi-Fi): GET https://graph.microsoft.com/v1.0/deviceManagement/deviceConfigurations Agent should filter results where @odata.type contains WiFi or wifi.

13.2 List VPN Profiles

GET https://graph.microsoft.com/v1.0/deviceManagement/deviceConfigurations Agent should filter results where @odata.type contains Vpn or vpn.

13.3 Get WLAN/VPN Profile Details

GET https://graph.microsoft.com/v1.0/deviceManagement/deviceConfigurations/{configId}

13.4 Get WLAN/VPN Profile Assignment

GET https://graph.microsoft.com/v1.0/deviceManagement/deviceConfigurations/{configId}/assignments

13.5 List SCEP Certificate Profiles

GET https://graph.microsoft.com/v1.0/deviceManagement/deviceConfigurations Agent should filter results where @odata.type contains Scep or Certificate.

13.6 List PKCS Certificate Profiles

Same endpoint, filter for Pkcs in @odata.type.

13.7 List Trusted Root Certificate Profiles

Same endpoint, filter for TrustedRootCertificate in @odata.type.

🔄 14. Windows Update Management

14.1 List Windows Update Rings

GET https://graph.microsoft.com/v1.0/deviceManagement/deviceConfigurations?$filter=isof('microsoft.graph.windowsUpdateForBusinessConfiguration')

14.2 Get Update Ring Details

GET https://graph.microsoft.com/v1.0/deviceManagement/deviceConfigurations/{ringId}

14.3 List Feature Update Profiles

GET https://graph.microsoft.com/beta/deviceManagement/windowsFeatureUpdateProfiles

14.4 Get Feature Update Profile Details

GET https://graph.microsoft.com/beta/deviceManagement/windowsFeatureUpdateProfiles/{profileId}

14.5 Get Feature Update Deployment State per Device

GET https://graph.microsoft.com/beta/deviceManagement/windowsFeatureUpdateProfiles/{profileId}/deviceUpdateStates

14.6 List Driver Update Profiles

GET https://graph.microsoft.com/beta/deviceManagement/windowsDriverUpdateProfiles

14.7 Get Driver Update Profile Details

GET https://graph.microsoft.com/beta/deviceManagement/windowsDriverUpdateProfiles/{profileId}

14.8 List Quality Update Profiles (Expedited Updates)

GET https://graph.microsoft.com/beta/deviceManagement/windowsQualityUpdateProfiles

14.9 Pause/Resume an Update Ring

POST https://graph.microsoft.com/beta/deviceManagement/deviceConfigurations/{ringId}/windowsUpdateForBusinessConfiguration/pause POST https://graph.microsoft.com/beta/deviceManagement/deviceConfigurations/{ringId}/windowsUpdateForBusinessConfiguration/resume ⚠️ SAFETY: Confirm before pausing/resuming.

🍎 15. Apple Device Management

15.1 List Apple DEP/ADE Enrollment Profiles

GET https://graph.microsoft.com/beta/deviceManagement/depOnboardingSettings

15.2 List Apple DEP Tokens

GET https://graph.microsoft.com/beta/deviceManagement/depOnboardingSettings/{depId}/enrollmentProfiles

15.3 List Apple Push Notification Certificate Info

GET https://graph.microsoft.com/v1.0/deviceManagement/applePushNotificationCertificate

Shows: Expiration date, Subject, Certificate serial number. 💡 Agent should proactively warn if certificate expires within 30 days!

15.4 List VPP Tokens (Volume Purchase Program)

GET https://graph.microsoft.com/beta/deviceManagement/vppTokens

15.5 List iOS/macOS Managed App Configurations

GET https://graph.microsoft.com/v1.0/deviceAppManagement/managedAppPolicies Filter for iOS/macOS types.

15.6 Activation Lock Bypass (iOS Supervised)

POST https://graph.microsoft.com/v1.0/deviceManagement/managedDevices/{managedDeviceId}/bypassActivationLock ⚠️ SAFETY: Requires explicit user confirmation!

🤖 16. Android Enterprise Management

16.1 List Android Managed Store Apps

GET https://graph.microsoft.com/beta/deviceManagement/androidManagedStoreAccountEnterpriseSettings

16.2 List Android Enrollment Profiles

GET https://graph.microsoft.com/beta/deviceManagement/androidDeviceOwnerEnrollmentProfiles

16.3 Get Android Enterprise Binding Status

GET https://graph.microsoft.com/beta/deviceManagement/androidManagedStoreAccountEnterpriseSettings

Shows if Android Enterprise (Work Profile / Fully Managed / Dedicated) is connected.

16.4 List Android App Protection Policies

GET https://graph.microsoft.com/v1.0/deviceAppManagement/androidManagedAppProtections

📝 17. Audit Logs & Activity

17.1 List Intune Audit Events

GET https://graph.microsoft.com/v1.0/deviceManagement/auditEvents

17.2 Filter Audit Events by Date Range

GET https://graph.microsoft.com/v1.0/deviceManagement/auditEvents?$filter=activityDateTime gt {startDate} and activityDateTime lt {endDate}

Agent should calculate the date range based on user request (e.g., "letzte Woche" → last 7 days).

17.3 Filter Audit Events by User

GET https://graph.microsoft.com/v1.0/deviceManagement/auditEvents?$filter=actor/userPrincipalName eq '{user@domain.com}'

17.4 Get Audit Event Details

GET https://graph.microsoft.com/v1.0/deviceManagement/auditEvents/{auditEventId}

17.5 List Directory Audit Logs (Entra ID level)

GET https://graph.microsoft.com/v1.0/auditLogs/directoryAudits?$filter=category eq 'Device'

17.6 List Sign-In Logs

GET https://graph.microsoft.com/v1.0/auditLogs/signIns?$filter=appDisplayName eq 'Microsoft Intune'

🏗️ 18. Settings Catalog & GPO Analytics

18.1 Search Settings Catalog

GET https://graph.microsoft.com/beta/deviceManagement/configurationSettings?$search="{searchTerm}"

This is extremely useful when the user asks: "Can Intune configure setting X?" or "Hat Intune eine Einstellung für Bildschirmschoner?"

18.2 List Group Policy Migration Reports

GET https://graph.microsoft.com/beta/deviceManagement/groupPolicyMigrationReports

Use this when the user asks about migrating from on-premises GPO to Intune.

18.3 Get Migration Report Details

GET https://graph.microsoft.com/beta/deviceManagement/groupPolicyMigrationReports/{reportId}

Shows: Which GPO settings are supported in Intune, which are not, and recommended alternatives.

18.4 List Group Policy Uploaded Definition Files

GET https://graph.microsoft.com/beta/deviceManagement/groupPolicyUploadedDefinitionFiles

📄 19. Terms & Conditions and Notifications

19.1 List Terms & Conditions

GET https://graph.microsoft.com/v1.0/deviceManagement/termsAndConditions

19.2 Get Terms & Conditions Details

GET https://graph.microsoft.com/v1.0/deviceManagement/termsAndConditions/{termsId}

19.3 Get Terms Acceptance Status

GET https://graph.microsoft.com/v1.0/deviceManagement/termsAndConditions/{termsId}/acceptanceStatuses

Shows which users have accepted which version.

19.4 Create Terms & Conditions

POST https://graph.microsoft.com/v1.0/deviceManagement/termsAndConditions ⚠️ SAFETY: Confirm before creating.

19.5 List Notification Message Templates

GET https://graph.microsoft.com/v1.0/deviceManagement/notificationMessageTemplates

19.6 Create Notification Template (Non-Compliance Email)

POST https://graph.microsoft.com/v1.0/deviceManagement/notificationMessageTemplates ⚠️ SAFETY: Confirm before creating.

19.7 Send Test Notification

POST https://graph.microsoft.com/v1.0/deviceManagement/notificationMessageTemplates/{templateId}/sendTestMessage

🔐 20. App Protection Policies (MAM)

20.1 List iOS App Protection Policies

GET https://graph.microsoft.com/v1.0/deviceAppManagement/iosManagedAppProtections

20.2 List Android App Protection Policies

GET https://graph.microsoft.com/v1.0/deviceAppManagement/androidManagedAppProtections

20.3 List Windows Information Protection Policies

GET https://graph.microsoft.com/v1.0/deviceAppManagement/windowsInformationProtectionPolicies

20.4 Get App Protection Policy Details

GET https://graph.microsoft.com/v1.0/deviceAppManagement/iosManagedAppProtections/{policyId} or GET https://graph.microsoft.com/v1.0/deviceAppManagement/androidManagedAppProtections/{policyId}

20.5 Get App Protection Status per User

GET https://graph.microsoft.com/v1.0/deviceAppManagement/managedAppRegistrations?$filter=userId eq '{userId}'

20.6 Create App Protection Policy

POST https://graph.microsoft.com/v1.0/deviceAppManagement/iosManagedAppProtections or POST https://graph.microsoft.com/v1.0/deviceAppManagement/androidManagedAppProtections ⚠️ SAFETY: Confirm before creating. Show policy summary first.

📱 21. Enrollment Configuration

21.1 List All Enrollment Configurations

GET https://graph.microsoft.com/v1.0/deviceManagement/deviceEnrollmentConfigurations

Includes: Device Limit Restrictions, Platform Restrictions, Enrollment Status Page (ESP), Windows Hello for Business.

21.2 Get Enrollment Configuration Details

GET https://graph.microsoft.com/v1.0/deviceManagement/deviceEnrollmentConfigurations/{configId}

21.3 Get Enrollment Configuration Assignments

GET https://graph.microsoft.com/v1.0/deviceManagement/deviceEnrollmentConfigurations/{configId}/assignments

21.4 List Enrollment Status Page (ESP) Profiles

GET https://graph.microsoft.com/v1.0/deviceManagement/deviceEnrollmentConfigurations?$filter=isof('microsoft.graph.windows10EnrollmentCompletionPageConfiguration')

21.5 List Windows Hello for Business Configurations

GET https://graph.microsoft.com/v1.0/deviceManagement/deviceEnrollmentConfigurations?$filter=isof('microsoft.graph.deviceEnrollmentWindowsHelloForBusinessConfiguration')

🧮 22. Filters & Scope Tags

22.1 List Assignment Filters

GET https://graph.microsoft.com/beta/deviceManagement/assignmentFilters

22.2 Get Filter Details

GET https://graph.microsoft.com/beta/deviceManagement/assignmentFilters/{filterId}

22.3 Create Assignment Filter

POST https://graph.microsoft.com/beta/deviceManagement/assignmentFilters ⚠️ SAFETY: Confirm before creating.

22.4 Test/Preview Filter Results

POST https://graph.microsoft.com/beta/deviceManagement/assignmentFilters/{filterId}/getState

22.5 List Scope Tags

GET https://graph.microsoft.com/beta/deviceManagement/roleScopeTags

22.6 Create Scope Tag

POST https://graph.microsoft.com/beta/deviceManagement/roleScopeTags ⚠️ SAFETY: Confirm before creating.

Contract & API

Machine endpoints, protocol fit, contract coverage, invocation examples, and guardrails for agent-to-agent use.

MissingGITHUB OPENCLEW

Endpoints

Dossier API Snapshot API Contract API Trust API

Contract coverage

Status

missing

Auth

None

Streaming

Data region

Unspecified

Protocol support

OpenClaw: self-declared

Requires: none

Forbidden: none

Guardrails

Operational confidence: low

No positive guardrails captured.

Invocation examples

curl -s "https://xpersona.co/api/v1/agents/mattiacirillo-openclaw-intune-skill/snapshot"

curl -s "https://xpersona.co/api/v1/agents/mattiacirillo-openclaw-intune-skill/contract"

curl -s "https://xpersona.co/api/v1/agents/mattiacirillo-openclaw-intune-skill/trust"

Reliability & Benchmarks

Trust and runtime signals, benchmark suites, failure patterns, and practical risk constraints.

Missingruntime-metrics

Trust signals

Handshake

UNKNOWN

Confidence

unknown

Attempts 30d

unknown

Fallback rate

unknown

Runtime metrics

Observed P50

unknown

Observed P95

unknown

Rate limit

unknown

Estimated cost

unknown

Do not use if

Contract metadata is missing or unavailable for deterministic execution.

No benchmark suites or observed failure patterns are available.

Media & Demo

Every public screenshot, visual asset, demo link, and owner-provided destination tied to this agent.

Missingno-media

No screenshots, media assets, or demo links are available.

Related Agents

Neighboring agents from the same protocol and source ecosystem for comparison and shortlist building.

Self-declaredprotocol-neighbors

GITHUB_REPOSactivepieces

Rank

AI Agents & MCPs & AI Workflow Automation • (~400 MCP servers for AI agents) • AI Automation / AI Agent with MCPs • AI Workflows & AI Agents • MCPs for AI Agents

Traction

No public download signal

Freshness

Updated 2d ago

OPENCLAW

GITHUB_REPOScherry-studio

Rank

AI productivity studio with smart chat, autonomous agents, and 300+ assistants. Unified access to frontier LLMs

Traction

No public download signal

Freshness

Updated 5d ago

MCPOPENCLAW

GITHUB_REPOSAionUi

Rank

Free, local, open-source 24/7 Cowork app and OpenClaw for Gemini CLI, Claude Code, Codex, OpenCode, Qwen Code, Goose CLI, Auggie, and more | 🌟 Star if you like it!

Traction

No public download signal

Freshness

Updated 6d ago

MCPOPENCLAW

GITHUB_REPOSCopilotKit

Rank

The Frontend for Agents & Generative UI. React + Angular

Traction

No public download signal

Freshness

Updated 23d ago

OPENCLAW

Machine Appendix

Contract JSON

{
  "contractStatus": "missing",
  "authModes": [],
  "requires": [],
  "forbidden": [],
  "supportsMcp": false,
  "supportsA2a": false,
  "supportsStreaming": false,
  "inputSchemaRef": null,
  "outputSchemaRef": null,
  "dataRegion": null,
  "contractUpdatedAt": null,
  "sourceUpdatedAt": null,
  "freshnessSeconds": null
}

Invocation Guide

{
  "preferredApi": {
    "snapshotUrl": "https://xpersona.co/api/v1/agents/mattiacirillo-openclaw-intune-skill/snapshot",
    "contractUrl": "https://xpersona.co/api/v1/agents/mattiacirillo-openclaw-intune-skill/contract",
    "trustUrl": "https://xpersona.co/api/v1/agents/mattiacirillo-openclaw-intune-skill/trust"
  },
  "curlExamples": [
    "curl -s \"https://xpersona.co/api/v1/agents/mattiacirillo-openclaw-intune-skill/snapshot\"",
    "curl -s \"https://xpersona.co/api/v1/agents/mattiacirillo-openclaw-intune-skill/contract\"",
    "curl -s \"https://xpersona.co/api/v1/agents/mattiacirillo-openclaw-intune-skill/trust\""
  ],
  "jsonRequestTemplate": {
    "query": "summarize this repo",
    "constraints": {
      "maxLatencyMs": 2000,
      "protocolPreference": [
        "OPENCLEW"
      ]
    }
  },
  "jsonResponseTemplate": {
    "ok": true,
    "result": {
      "summary": "...",
      "confidence": 0.9
    },
    "meta": {
      "source": "GITHUB_OPENCLEW",
      "generatedAt": "2026-04-16T23:42:40.192Z"
    }
  },
  "retryPolicy": {
    "maxAttempts": 3,
    "backoffMs": [
      500,
      1500,
      3500
    ],
    "retryableConditions": [
      "HTTP_429",
      "HTTP_503",
      "NETWORK_TIMEOUT"
    ]
  }
}

Trust JSON

{
  "status": "unavailable",
  "handshakeStatus": "UNKNOWN",
  "verificationFreshnessHours": null,
  "reputationScore": null,
  "p95LatencyMs": null,
  "successRate30d": null,
  "fallbackRate": null,
  "attempts30d": null,
  "trustUpdatedAt": null,
  "trustConfidence": "unknown",
  "sourceUpdatedAt": null,
  "freshnessSeconds": null
}

Capability Matrix

{
  "rows": [
    {
      "key": "OPENCLEW",
      "type": "protocol",
      "support": "unknown",
      "confidenceSource": "profile",
      "notes": "Listed on profile"
    },
    {
      "key": "intune",
      "type": "capability",
      "support": "supported",
      "confidenceSource": "profile",
      "notes": "Declared in agent profile metadata"
    }
  ],
  "flattenedTokens": "protocol:OPENCLEW|unknown|profile capability:intune|supported|profile"
}

Facts JSON

[
  {
    "factKey": "vendor",
    "category": "vendor",
    "label": "Vendor",
    "value": "Kaffeeundcode",
    "href": "https://kaffeeundcode.com",
    "sourceUrl": "https://kaffeeundcode.com",
    "sourceType": "profile",
    "confidence": "medium",
    "observedAt": "2026-02-25T01:46:11.790Z",
    "isPublic": true
  },
  {
    "factKey": "protocols",
    "category": "compatibility",
    "label": "Protocol compatibility",
    "value": "OpenClaw",
    "href": "https://xpersona.co/api/v1/agents/mattiacirillo-openclaw-intune-skill/contract",
    "sourceUrl": "https://xpersona.co/api/v1/agents/mattiacirillo-openclaw-intune-skill/contract",
    "sourceType": "contract",
    "confidence": "medium",
    "observedAt": "2026-02-25T01:46:11.790Z",
    "isPublic": true
  },
  {
    "factKey": "handshake_status",
    "category": "security",
    "label": "Handshake status",
    "value": "UNKNOWN",
    "href": "https://xpersona.co/api/v1/agents/mattiacirillo-openclaw-intune-skill/trust",
    "sourceUrl": "https://xpersona.co/api/v1/agents/mattiacirillo-openclaw-intune-skill/trust",
    "sourceType": "trust",
    "confidence": "medium",
    "observedAt": null,
    "isPublic": true
  }
]

Change Events JSON

[]