deviceManagementExchangeOnPremisesPolicy resource type

Note: Using the Microsoft Graph APIs to configure Intune controls and policies still requires that the Intune service is correctly licensed by the customer.

Singleton entity which represents the Exchange OnPremises policy configured for a tenant.


Method Return Type Description
Get deviceManagementExchangeOnPremisesPolicy deviceManagementExchangeOnPremisesPolicy Read properties and relationships of the deviceManagementExchangeOnPremisesPolicy object.
Update deviceManagementExchangeOnPremisesPolicy deviceManagementExchangeOnPremisesPolicy Update the properties of a deviceManagementExchangeOnPremisesPolicy object.
Get onPremisesConditionalAccessSettings onPremisesConditionalAccessSettings Get the onPremisesConditionalAccessSettings from the conditionalAccessSettings navigation property.


Property Type Description
id String Not yet documented
notificationContent Binary Notification text that will be sent to users quarantined by this policy. This is UTF8 encoded byte array HTML.
defaultAccessLevel String Default access state in Exchange. This rule applies globally to the entire Exchange organization Possible values are: none, allow, block, quarantine.
accessRules deviceManagementExchangeAccessRule collection The list of device access rules in Exchange. The access rules apply globally to the entire Exchange organization
knownDeviceClasses deviceManagementExchangeDeviceClass collection The list of device classes known to Exchange


Relationship Type Description
conditionalAccessSettings onPremisesConditionalAccessSettings The Exchange on premises conditional access settings. On premises conditional access will require devices to be both enrolled and compliant for mail access

JSON Representation

Here is a JSON representation of the resource.

  "@odata.type": "#microsoft.graph.deviceManagementExchangeOnPremisesPolicy",
  "id": "String (identifier)",
  "notificationContent": "binary",
  "defaultAccessLevel": "String",
  "accessRules": [
      "@odata.type": "microsoft.graph.deviceManagementExchangeAccessRule",
      "deviceClass": {
        "@odata.type": "microsoft.graph.deviceManagementExchangeDeviceClass",
        "name": "String",
        "type": "String"
      "accessLevel": "String"
  "knownDeviceClasses": [
      "@odata.type": "microsoft.graph.deviceManagementExchangeDeviceClass",
      "name": "String",
      "type": "String"