Favicon

You are here: Home > API Reference > Windows > Windows Commands > Send configuration commands to device

POST /organizations/:organizationId/mdm/windows/enterprise/devices/:winDeviceId/commands/

Required Permission: mdm.windows.command.create

Send one or more configuration commands to Windows device enabling policy enforcement, settings modification, and registry operations.

POST
/v1/organizations/:organizationId/mdm/windows/enterprise/devices/:winDeviceId/commands/
Copy to clipboard

Send configuration commands to device

Required Permission: mdm.windows.command.create

Send one or more configuration commands to Windows device enabling policy enforcement, settings modification, and registry operations.

Request

Add parameter in header authorization
Example: Authorization: Bearer <token>
organizationId string
required
Match pattern: ^(([a-fA-F0-9]{24})|([a-zA-Z0-9\\-]{3,}))$
winDeviceId string
required
Match pattern: ^(([a-fA-F0-9]{24})|(\w{1,}))$
Body Params application/json
commands array [object] optional
Array of command configurations to execute on target device enabling batch policy enforcement.
config object required
Command configuration object specifying the registry path, action, value, and format for device operation.
path string required
OMA-DM or CSP registry path targeting specific device setting or policy configuration location.
≤ 500 characters
action string required
Operation type to perform on the target path such as add, replace, delete, get, exec, or copy.
Add Copy Delete Exec Get Replace
value string optional
Configuration value to apply at the target path encoded according to the specified format.
≤ 500 characters
format string required
Data type format for the value such as int, chr, bool, b64, xml, or other OMA-DM format types.
b64 bin bool chr int node null xml date time float
{
    "commands": [
        {
            "config": {
                "path": "./Vendor/MSFT/Policy/Config/ApplicationManagement/AllowStore",
                "action": "Add",
                "value": "0",
                "format": "int"
            }
        }
    ]
}

Responses

200 Response application/json
status boolean optional
data object optional
id string optional
Unique identifier for this specific resource instance in the system following a standardized format enabling targeted operations, relationship mapping, and tracking across all platform endpoints and data stores.
Match pattern: ^[a-fA-F0-9]{24}$
organizationId string optional
Organization identifier indicating workspace ownership for access control and data isolation across multi-tenant environments.
Match pattern: ^[a-fA-F0-9]{24}$
winEnterpriseId string optional
Windows enterprise configuration identifier linking command execution to specific enrollment settings and device management context.
Match pattern: ^[a-fA-F0-9]{24}$
winDeviceId string optional
Windows device identifier targeting the specific managed endpoint for command execution and status tracking.
Match pattern: ^[a-fA-F0-9]{24}$
mdmUserId string optional
MDM user identifier indicating the user account associated with this command execution for audit and accountability.
Match pattern: ^[a-fA-F0-9]{24}$
commands array [object] optional
Array of individual command actions within this batch enabling multiple configuration operations in single execution.
cmdId string optional
Unique identifier for individual command action within batch enabling granular status tracking and cancellation.
≤ 128 characters
status string optional
Command processing status indicating current execution state such as pending, acknowledged, or various error conditions.
Pending Awaiting UnexpectedError Acknowledged Cancel MethodNotAllowed Unknown Unauthorized CommandFormatError CommandNotFound NotSupported DeleteWithoutArchive ItemNotDeleted AuthenticationAccepted ChunkedItemAcceptedAndBuffered OperationCanceled CommandNotExecutedUserCanceled CommandInsideAtomicElementAndAtomicFailed RequestedTargetIsOneOfMultipleAlternativesRequestedTarget RequestedTargetHasANewURI RequestedTargetMovedToADifferentURI RequestedTargetCanBeFoundAtAnotherURI RequestedSyncMLCommandNotExecutedOnTarget RequestedTargetMustBeAccessedThroughSpecifiedProxyURI PaymentIsNeeded FailedByRecipientUnderstoodTheCommand InvalidOriginatorAuthentication ExpectedMessageNotReceivedInRequiredPeriodOfTime UpdateConflictBetweenClientAndServerVersion TargetNotLongerAvailable CommandMustBeAccompaniedByByteSizeOrLength IncompleteOrIncorrectFormed RequestItemTooLong TargetURIIsTooLong UnsupportedMediaType ByteSizeTooBig RequestFailRetryAfterSomeTime PutOrAddCommandFailedBecauseTargetAlreadyExists ConflictDetectedResolvedServerCommandWinning NoMoreStorageSpaceForRemainingSynchronizationData SpecifiedSearchGrammarWasNotKnown CGIScriptingInLocURIWasIncorrectlyFormed SoftDeletedItemAlreadyHardDeleted ChunkedObjectReceivedByIncorrectSizeDeclared InvalidAdequateAccessControlPermissions PartialItemNotAccepted ParentCanNotBeDeletedSinceItContainsChildren MoveFailed CommandNotSupported GatewayOrProxyError TemporaryOverloadingOrMaintenanceError GatewayOrProxyTimeout InvalidSyncMLDTDVersion ApplicationErrorWhileProcessingTheRequest ErrorCausedAllSyncMKCommandsFail ErrorARefreshSynchronizationIsNeeded ReservedForFutureUse ErrorInRecipientDataStore SevereErrorInServer ApplicationErrorDuringSynchronization SyncMLSynchronizationVersionNotSupported SyncMlCommandCanceled AtomicRollbackFailed AtomicResponseTooLarge MalformedSyntax
config object optional
Command configuration object containing the registry path, action type, and value to apply on the target device.
path string optional
OMA-DM or CSP registry path targeting specific device setting or policy configuration location.
≤ 500 characters
action string optional
Operation type to perform on the target path such as add, replace, delete, get, exec, or copy.
Add Copy Delete Exec Get Replace
value string optional
Configuration value to apply at the target path encoded according to the specified format.
≤ 500 characters
data array [object] optional
Response data array returned by device after command execution containing status codes and result payloads.
statusCode integer optional
HTTP-style status code indicating command execution result from the device agent.
≥ 0
sentAt string optional
Timestamp when command was sent to device for processing enabling execution time tracking.
Format: date-time
receivedAt string optional
Timestamp when device acknowledged receipt of command indicating communication success.
Format: date-time
canceledAt string optional
Timestamp when command was canceled by administrator preventing further processing on device.
Format: date-time
updatedAt string optional
ISO 8601 timestamp indicating the last time this record was modified in the database useful for tracking changes, synchronization processes, and maintaining audit trails of all modifications.
Format: date-time
createdAt string optional
ISO 8601 timestamp indicating when this record was initially created in the database providing historical context, chronological ordering capabilities, and analytics for lifecycle tracking and reporting.
Format: date-time
{
    "status": true,
    "data": {
        "id": "507f1f77bcf86cd799439011",
        "organizationId": "507f1f77bcf86cd799439022",
        "winEnterpriseId": "507f1f77bcf86cd799439033",
        "winDeviceId": "507f1f77bcf86cd799439044",
        "mdmUserId": "507f1f77bcf86cd799439055",
        "commands": [
            {
                "cmdId": "cmd-550e8400-e29b-41d4",
                "status": "Acknowledged",
                "config": {
                    "path": "./Device/Vendor/MSFT/Policy/Config/Security/RequireDeviceEncryption",
                    "action": "Replace",
                    "value": "1"
                },
                "data": [
                    {}
                ],
                "statusCode": 200,
                "sentAt": "2026-02-10T10: 05: 00.000Z",
                "receivedAt": "2026-02-10T10: 05: 15.000Z",
                "canceledAt": "2026-02-10T10: 06: 00.000Z"
            }
        ],
        "updatedAt": "2026-02-10T14: 30: 00.000Z",
        "createdAt": "2026-02-10T10: 00: 00.000Z"
    }
}
400 Response application/json
status boolean optional
false
error object optional
code number optional
5142
message string optional
Win Device not active
{
    "status": false,
    "error": {
        "code": 5091,
        "message": "Invalid data"
    }
}
401 Response application/json
status boolean optional
false
error object optional
code number optional
4004
message string optional
Invalid Token
{
    "status": false,
    "error": {
        "code": 4002,
        "message": "No auth token"
    }
}
404 Response application/json
status boolean optional
false
error object optional
code number optional
3001
message string optional
Entity not found
{
    "status": false,
    "error": {
        "code": 3001,
        "message": "Entity not found"
    }
}