Favicon

You are here: Home > API Reference > Windows > Windows Devices > Retrieve detailed Windows device configuration and status.

Retrieve detailed Windows device configuration and status.

Required Permission: mdm.windows.device.get

Retrieves comprehensive details for a specific Windows device including operating system information, enrollment status, applied policies, and compliance state metrics.

GET
/v1/organizations/:organizationId/mdm/windows/enterprise/devices/:winDeviceId
Copy to clipboard

Retrieve detailed Windows device configuration and status.

Required Permission: mdm.windows.device.get

Retrieves comprehensive details for a specific Windows device including operating system information, enrollment status, applied policies, and compliance state metrics.

Request

Add parameter in header authorization
Example: Authorization: Bearer <token>
organizationId string
required
Match pattern: ^(([a-fA-F0-9]{24})|([a-zA-Z0-9\\-]{3,}))$
winDeviceId string
required
Windows device identifier used for targeting operations, supporting MongoDB ObjectId, IMEI, or serial number formats for flexible device lookup.
Match pattern: ^(([a-fA-F0-9]{24})|(\w{1,}))$

Responses

200 Response application/json
status boolean optional
data object optional
id string optional
Unique identifier for this specific resource instance in the system following a standardized format enabling targeted operations, relationship mapping, and tracking across all platform endpoints and data stores.
Match pattern: ^[a-fA-F0-9]{24}$
organizationId string optional
Organization identifier indicating workspace ownership for access control and data isolation across multi-tenant environments.
Match pattern: ^[a-fA-F0-9]{24}$
winEnterpriseId string optional
Windows enterprise configuration identifier linking device to specific enrollment settings and management policies.
Match pattern: ^[a-fA-F0-9]{24}$
mdmUser object optional
User account information for the individual assigned to this device, enabling user-based policy targeting and accountability.
id string optional
Unique identifier of the user account assigned to this device, linking the endpoint to its designated user.
Match pattern: ^[a-fA-F0-9]{24}$
email string optional
Email address of the assigned user, displayed in device lists for quick identification of device ownership.
≤ 128 characters
displayName string optional
User-friendly device name displayed throughout interfaces for easy identification in device inventories and management workflows.
≤ 128 characters
tags array [string] optional
Organizational labels assigned for grouping, filtering, and automated policy targeting based on departments, locations, or functional roles.
winId string optional
Windows MDM system identifier assigned by Microsoft during device enrollment for communication with Windows management protocols.
≤ 128 characters
state string optional
Current enrollment lifecycle state tracking device management status for administrative workflows and compliance reporting.
PROVISIONING ACTIVE DELETED DELETE_REQUESTED UNKNOWN
config object optional
OMA-DM configuration object containing current device settings, security policies, and restrictions actively enforced on the device.
configDates object optional
Timestamp tracking object recording when specific configuration categories were last updated for change management.
customConfig object optional
Organization-specific configuration overrides and custom settings not part of standard policy definitions.
summary object optional
Device hardware and system information snapshot including OS version, battery status, and enrollment details.
name string optional
Device hardware name as reported by the Windows operating system during enrollment.
≤ 256 characters
osVersion string optional
Windows operating system version number indicating the installed build for compatibility assessment.
≤ 128 characters
osVersionName string optional
Human-readable Windows version name such as Windows 10 or Windows 11 for display in interfaces.
≤ 128 characters
os string optional
Operating system family designation indicating Windows platform for device categorization.
≤ 128 characters
serialNumber string optional
Hardware serial number uniquely identifying the physical device for inventory and warranty tracking.
≤ 128 characters
imei string optional
International Mobile Equipment Identity number for cellular-capable devices enabling carrier management.
≤ 128 characters
battery string optional
Current battery level percentage for mobile devices aiding in maintenance scheduling and user support.
≤ 128 characters
expirationTimestamp string optional
Certificate or enrollment expiration date requiring renewal action to maintain device management.
Format: date-time
supervised boolean optional
Supervision status flag indicating enhanced management capabilities availability on the device.
image string optional
Device model image URL for visual representation in management interfaces and inventories.
≤ 128 characters
compliance object optional
Compliance status object detailing policy adherence and security requirement fulfillment.
scripts array [object] optional
Array of scripts assigned to this device enabling automated PowerShell or batch command operations.
type string optional
Script type classification such as startup, shutdown, or scheduled indicating execution timing.
once loop onDemand
id string optional
Script identifier referencing the script definition in the script library.
≤ 128 characters
loopTime integer optional
Execution interval in minutes for recurring scripts enabling automated periodic operations.
≥ 0
resetDate string optional
Timestamp when recurring script execution schedule resets or was last modified.
Format: date-time
arguments string optional
Command-line arguments passed to the script during execution for customized behavior.
argumentsProcessed string optional
Processed arguments after variable substitution and template rendering applied by the system.
name string optional
Script display name shown in interfaces for identification in script management.
≤ 256 characters
description string optional
Human-readable description explaining script purpose and functionality for administrators.
≤ 500 characters
runner string optional
Script interpreter or execution environment such as PowerShell or cmd determining how script runs.
≤ 256 characters
scriptsInfo array [object] optional
Script metadata array containing execution history, results, and status information for assigned scripts.
lastStatusReportTime string optional
Timestamp of the most recent device status report received from the Windows MDM agent.
Format: date-time
type string optional
Device platform type designation indicating this is a Windows-managed endpoint.
≤ 128 characters
winPolicy object optional
Primary Windows policy object directly assigned to this device containing configurations and restrictions.
id string optional
Unique identifier for this specific resource instance in the system following a standardized format enabling targeted operations, relationship mapping, and tracking across all platform endpoints and data stores.
Match pattern: ^[a-fA-F0-9]{24}$
organizationId string optional
Organization identifier indicating workspace ownership for access control and data isolation across multi-tenant environments.
Match pattern: ^[a-fA-F0-9]{24}$
winEnterpriseId string optional
Windows enterprise configuration identifier linking policy to specific enrollment settings and device management context.
Match pattern: ^[a-fA-F0-9]{24}$
name string optional
Policy display name shown in interfaces and used for identification in listings and device assignments.
≤ 256 characters
config object optional
OMA-DM configuration object containing registry settings, security policies, and device restrictions to apply on managed Windows devices.
applications array [object] optional
Array of application assignments included in policy enabling bundled deployment and management of software packages.
winApplicationId string optional
Windows application identifier for the app to include in policy deployment.
Match pattern: ^[a-fA-F0-9]{24}$
configuration object optional
Application-specific configuration settings applied during deployment enabling customized installation and runtime options.
action string optional
Deployment action specifying whether application is force-installed or made available for optional user installation.
≤ 128 characters
forceInstall available
updatePolicy object optional
Update policy controlling automatic update behavior, scheduling, and version constraints for deployed application.
applicationsInfo array [object] optional
Application metadata array containing name, version, and publisher details for included apps displayed in interfaces.
bookmarks array [object] optional
title string optional
≤ 256 characters
description string optional
≤ 500 characters
url string optional
≤ 500 characters
iconBase64 string optional
iconUrl string optional
≤ 500 characters
scripts array [object] optional
Array of script assignments included in policy enabling automated PowerShell or batch command operations.
type string optional
once loop onDemand
id string optional
≤ 128 characters
loopTime integer optional
≥ 0
resetDate string optional
Format: date-time
arguments string optional
argumentsProcessed string optional
name string optional
≤ 256 characters
description string optional
≤ 500 characters
runner string optional
≤ 256 characters
scriptsInfo array [object] optional
Script metadata array containing name, description, and timing details for included scripts providing comprehensive script information in interfaces.
admxConfigs array [object] optional
Array of ADMX configuration assignments enabling group policy template settings for advanced Windows configurations.
winAdmxConfigId string optional
ADMX configuration identifier for group policy template to include in policy.
Match pattern: ^[a-fA-F0-9]{24}$
admxConfigsInfo array [object] optional
ADMX configuration metadata array containing template details, settings types, and descriptions.
id string optional
Unique identifier for this ADMX configuration template enabling targeted operations and relationship tracking across the platform.
Match pattern: ^[a-fA-F0-9]{24}$
appName string optional
Application name for ADMX template indicating which software or Windows component these settings apply to.
≤ 256 characters
settingType string optional
Setting type classification indicating category such as security, privacy, or functionality for organizational grouping and filtering.
≤ 256 characters
fileName string optional
ADMX template file name indicating original group policy definition source for reference and administrative purposes.
≤ 256 characters
description string optional
Human-readable description explaining purpose and effect of these ADMX settings for administrator understanding and documentation.
≤ 256 characters
agentConfiguration object optional
MDM agent configuration settings controlling agent deployment, permissions, and capabilities on managed devices.
enabled boolean optional
Agent enablement flag controlling whether MDM agent is active on devices and able to perform management operations.
buildTag string optional
Agent build version tag specifying which agent release to deploy on devices for version control and compatibility.
≤ 128 characters
allowLocation boolean optional
Location permission flag controlling whether agent can access device location data for tracking features.
allowNetworkStatus boolean optional
Network status permission flag controlling whether agent can monitor network connectivity for reporting.
allowPackageTime boolean optional
Package time tracking permission flag controlling whether agent reports application usage statistics.
allowPackageTransfer boolean optional
Package transfer permission flag controlling whether agent can facilitate file transfers between devices.
assets array [object] optional
Array of file asset assignments included in policy enabling deployment of certificates, configuration files, or resources.
mdmAssetId string optional
Match pattern: ^[a-fA-F0-9]{24}$
location string optional
≤ 256 characters
assetName string optional
≤ 256 characters
scope string optional
user system all-users
assetsInfo array [object] optional
Asset metadata array containing file names, types, and sizes for included resources displayed in administrative interfaces.
version integer optional
Internal version counter for policy changes enabling conflict detection and synchronization tracking across device updates and modifications.
≥ 0
segmentId integer optional
Segment identifier for scoping policy into an specific segment
≥ 0
updatedAt string optional
ISO 8601 timestamp indicating the last time this record was modified in the database useful for tracking changes, synchronization processes, and maintaining audit trails of all modifications.
Format: date-time
createdAt string optional
ISO 8601 timestamp indicating when this record was initially created in the database providing historical context, chronological ordering capabilities, and analytics for lifecycle tracking and reporting.
Format: date-time
deviceWinPolicy object optional
Effective Windows policy applied to device after composition and conflict resolution across multiple assignments.
id string optional
Unique identifier for this specific resource instance in the system following a standardized format enabling targeted operations, relationship mapping, and tracking across all platform endpoints and data stores.
Match pattern: ^[a-fA-F0-9]{24}$
organizationId string optional
Organization identifier indicating workspace ownership for access control and data isolation across multi-tenant environments.
Match pattern: ^[a-fA-F0-9]{24}$
winEnterpriseId string optional
Windows enterprise configuration identifier linking policy to specific enrollment settings and device management context.
Match pattern: ^[a-fA-F0-9]{24}$
name string optional
Policy display name shown in interfaces and used for identification in listings and device assignments.
≤ 256 characters
config object optional
OMA-DM configuration object containing registry settings, security policies, and device restrictions to apply on managed Windows devices.
applications array [object] optional
Array of application assignments included in policy enabling bundled deployment and management of software packages.
winApplicationId string optional
Windows application identifier for the app to include in policy deployment.
Match pattern: ^[a-fA-F0-9]{24}$
configuration object optional
Application-specific configuration settings applied during deployment enabling customized installation and runtime options.
action string optional
Deployment action specifying whether application is force-installed or made available for optional user installation.
≤ 128 characters
forceInstall available
updatePolicy object optional
Update policy controlling automatic update behavior, scheduling, and version constraints for deployed application.
applicationsInfo array [object] optional
Application metadata array containing name, version, and publisher details for included apps displayed in interfaces.
bookmarks array [object] optional
title string optional
≤ 256 characters
description string optional
≤ 500 characters
url string optional
≤ 500 characters
iconBase64 string optional
iconUrl string optional
≤ 500 characters
scripts array [object] optional
Array of script assignments included in policy enabling automated PowerShell or batch command operations.
type string optional
once loop onDemand
id string optional
≤ 128 characters
loopTime integer optional
≥ 0
resetDate string optional
Format: date-time
arguments string optional
argumentsProcessed string optional
name string optional
≤ 256 characters
description string optional
≤ 500 characters
runner string optional
≤ 256 characters
scriptsInfo array [object] optional
Script metadata array containing name, description, and timing details for included scripts providing comprehensive script information in interfaces.
admxConfigs array [object] optional
Array of ADMX configuration assignments enabling group policy template settings for advanced Windows configurations.
winAdmxConfigId string optional
ADMX configuration identifier for group policy template to include in policy.
Match pattern: ^[a-fA-F0-9]{24}$
admxConfigsInfo array [object] optional
ADMX configuration metadata array containing template details, settings types, and descriptions.
id string optional
Unique identifier for this ADMX configuration template enabling targeted operations and relationship tracking across the platform.
Match pattern: ^[a-fA-F0-9]{24}$
appName string optional
Application name for ADMX template indicating which software or Windows component these settings apply to.
≤ 256 characters
settingType string optional
Setting type classification indicating category such as security, privacy, or functionality for organizational grouping and filtering.
≤ 256 characters
fileName string optional
ADMX template file name indicating original group policy definition source for reference and administrative purposes.
≤ 256 characters
description string optional
Human-readable description explaining purpose and effect of these ADMX settings for administrator understanding and documentation.
≤ 256 characters
agentConfiguration object optional
MDM agent configuration settings controlling agent deployment, permissions, and capabilities on managed devices.
enabled boolean optional
Agent enablement flag controlling whether MDM agent is active on devices and able to perform management operations.
buildTag string optional
Agent build version tag specifying which agent release to deploy on devices for version control and compatibility.
≤ 128 characters
allowLocation boolean optional
Location permission flag controlling whether agent can access device location data for tracking features.
allowNetworkStatus boolean optional
Network status permission flag controlling whether agent can monitor network connectivity for reporting.
allowPackageTime boolean optional
Package time tracking permission flag controlling whether agent reports application usage statistics.
allowPackageTransfer boolean optional
Package transfer permission flag controlling whether agent can facilitate file transfers between devices.
assets array [object] optional
Array of file asset assignments included in policy enabling deployment of certificates, configuration files, or resources.
mdmAssetId string optional
Match pattern: ^[a-fA-F0-9]{24}$
location string optional
≤ 256 characters
assetName string optional
≤ 256 characters
scope string optional
user system all-users
assetsInfo array [object] optional
Asset metadata array containing file names, types, and sizes for included resources displayed in administrative interfaces.
version integer optional
Internal version counter for policy changes enabling conflict detection and synchronization tracking across device updates and modifications.
≥ 0
segmentId integer optional
Segment identifier for scoping policy into an specific segment
≥ 0
updatedAt string optional
ISO 8601 timestamp indicating the last time this record was modified in the database useful for tracking changes, synchronization processes, and maintaining audit trails of all modifications.
Format: date-time
createdAt string optional
ISO 8601 timestamp indicating when this record was initially created in the database providing historical context, chronological ordering capabilities, and analytics for lifecycle tracking and reporting.
Format: date-time
winPolicyAssignments array [object] optional
Array of Windows policy assignments applied to this device including priority ordering for conflict resolution.
winPolicyId string optional
Windows MDM policy unique identifier for assignment tracking and policy composition workflows.
Match pattern: ^[a-fA-F0-9]{24}$
winPolicy object optional
Complete Windows MDM policy object with device security restrictions and application deployment configurations.
id string optional
Unique identifier for this specific resource instance in the system following a standardized format enabling targeted operations, relationship mapping, and tracking across all platform endpoints and data stores.
Match pattern: ^[a-fA-F0-9]{24}$
organizationId string optional
Organization identifier indicating workspace ownership for access control and data isolation across multi-tenant environments.
Match pattern: ^[a-fA-F0-9]{24}$
winEnterpriseId string optional
Windows enterprise configuration identifier linking policy to specific enrollment settings and device management context.
Match pattern: ^[a-fA-F0-9]{24}$
name string optional
Policy display name shown in interfaces and used for identification in listings and device assignments.
≤ 256 characters
config object optional
OMA-DM configuration object containing registry settings, security policies, and device restrictions to apply on managed Windows devices.
applications array [object] optional
Array of application assignments included in policy enabling bundled deployment and management of software packages.
winApplicationId string optional
Windows application identifier for the app to include in policy deployment.
Match pattern: ^[a-fA-F0-9]{24}$
configuration object optional
Application-specific configuration settings applied during deployment enabling customized installation and runtime options.
action string optional
Deployment action specifying whether application is force-installed or made available for optional user installation.
≤ 128 characters
forceInstall available
updatePolicy object optional
Update policy controlling automatic update behavior, scheduling, and version constraints for deployed application.
applicationsInfo array [object] optional
Application metadata array containing name, version, and publisher details for included apps displayed in interfaces.
bookmarks array [object] optional
title string optional
≤ 256 characters
description string optional
≤ 500 characters
url string optional
≤ 500 characters
iconBase64 string optional
iconUrl string optional
≤ 500 characters
scripts array [object] optional
Array of script assignments included in policy enabling automated PowerShell or batch command operations.
type string optional
once loop onDemand
id string optional
≤ 128 characters
loopTime integer optional
≥ 0
resetDate string optional
Format: date-time
arguments string optional
argumentsProcessed string optional
name string optional
≤ 256 characters
description string optional
≤ 500 characters
runner string optional
≤ 256 characters
scriptsInfo array [object] optional
Script metadata array containing name, description, and timing details for included scripts providing comprehensive script information in interfaces.
admxConfigs array [object] optional
Array of ADMX configuration assignments enabling group policy template settings for advanced Windows configurations.
winAdmxConfigId string optional
ADMX configuration identifier for group policy template to include in policy.
Match pattern: ^[a-fA-F0-9]{24}$
admxConfigsInfo array [object] optional
ADMX configuration metadata array containing template details, settings types, and descriptions.
id string optional
Unique identifier for this ADMX configuration template enabling targeted operations and relationship tracking across the platform.
Match pattern: ^[a-fA-F0-9]{24}$
appName string optional
Application name for ADMX template indicating which software or Windows component these settings apply to.
≤ 256 characters
settingType string optional
Setting type classification indicating category such as security, privacy, or functionality for organizational grouping and filtering.
≤ 256 characters
fileName string optional
ADMX template file name indicating original group policy definition source for reference and administrative purposes.
≤ 256 characters
description string optional
Human-readable description explaining purpose and effect of these ADMX settings for administrator understanding and documentation.
≤ 256 characters
agentConfiguration object optional
MDM agent configuration settings controlling agent deployment, permissions, and capabilities on managed devices.
enabled boolean optional
Agent enablement flag controlling whether MDM agent is active on devices and able to perform management operations.
buildTag string optional
Agent build version tag specifying which agent release to deploy on devices for version control and compatibility.
≤ 128 characters
allowLocation boolean optional
Location permission flag controlling whether agent can access device location data for tracking features.
allowNetworkStatus boolean optional
Network status permission flag controlling whether agent can monitor network connectivity for reporting.
allowPackageTime boolean optional
Package time tracking permission flag controlling whether agent reports application usage statistics.
allowPackageTransfer boolean optional
Package transfer permission flag controlling whether agent can facilitate file transfers between devices.
assets array [object] optional
Array of file asset assignments included in policy enabling deployment of certificates, configuration files, or resources.
mdmAssetId string optional
Match pattern: ^[a-fA-F0-9]{24}$
location string optional
≤ 256 characters
assetName string optional
≤ 256 characters
scope string optional
user system all-users
assetsInfo array [object] optional
Asset metadata array containing file names, types, and sizes for included resources displayed in administrative interfaces.
version integer optional
Internal version counter for policy changes enabling conflict detection and synchronization tracking across device updates and modifications.
≥ 0
segmentId integer optional
Segment identifier for scoping policy into an specific segment
≥ 0
updatedAt string optional
ISO 8601 timestamp indicating the last time this record was modified in the database useful for tracking changes, synchronization processes, and maintaining audit trails of all modifications.
Format: date-time
createdAt string optional
ISO 8601 timestamp indicating when this record was initially created in the database providing historical context, chronological ordering capabilities, and analytics for lifecycle tracking and reporting.
Format: date-time
priority integer optional
Policy assignment priority determining precedence when multiple policies apply to device for conflict resolution.
≥ 0
winPolicyAssignmentsEnforced array [object] optional
Array of enforced Windows policy assignments including automation rule metadata documenting assignment sources.
winPolicyId string optional
Windows MDM policy unique identifier for assignment tracking and policy composition workflows.
Match pattern: ^[a-fA-F0-9]{24}$
winPolicy object optional
Complete Windows MDM policy object with device security restrictions and application deployment configurations.
id string optional
Unique identifier for this specific resource instance in the system following a standardized format enabling targeted operations, relationship mapping, and tracking across all platform endpoints and data stores.
Match pattern: ^[a-fA-F0-9]{24}$
organizationId string optional
Organization identifier indicating workspace ownership for access control and data isolation across multi-tenant environments.
Match pattern: ^[a-fA-F0-9]{24}$
winEnterpriseId string optional
Windows enterprise configuration identifier linking policy to specific enrollment settings and device management context.
Match pattern: ^[a-fA-F0-9]{24}$
name string optional
Policy display name shown in interfaces and used for identification in listings and device assignments.
≤ 256 characters
config object optional
OMA-DM configuration object containing registry settings, security policies, and device restrictions to apply on managed Windows devices.
applications array [object] optional
Array of application assignments included in policy enabling bundled deployment and management of software packages.
winApplicationId string optional
Windows application identifier for the app to include in policy deployment.
Match pattern: ^[a-fA-F0-9]{24}$
configuration object optional
Application-specific configuration settings applied during deployment enabling customized installation and runtime options.
action string optional
Deployment action specifying whether application is force-installed or made available for optional user installation.
≤ 128 characters
forceInstall available
updatePolicy object optional
Update policy controlling automatic update behavior, scheduling, and version constraints for deployed application.
applicationsInfo array [object] optional
Application metadata array containing name, version, and publisher details for included apps displayed in interfaces.
bookmarks array [object] optional
title string optional
≤ 256 characters
description string optional
≤ 500 characters
url string optional
≤ 500 characters
iconBase64 string optional
iconUrl string optional
≤ 500 characters
scripts array [object] optional
Array of script assignments included in policy enabling automated PowerShell or batch command operations.
type string optional
once loop onDemand
id string optional
≤ 128 characters
loopTime integer optional
≥ 0
resetDate string optional
Format: date-time
arguments string optional
argumentsProcessed string optional
name string optional
≤ 256 characters
description string optional
≤ 500 characters
runner string optional
≤ 256 characters
scriptsInfo array [object] optional
Script metadata array containing name, description, and timing details for included scripts providing comprehensive script information in interfaces.
admxConfigs array [object] optional
Array of ADMX configuration assignments enabling group policy template settings for advanced Windows configurations.
winAdmxConfigId string optional
ADMX configuration identifier for group policy template to include in policy.
Match pattern: ^[a-fA-F0-9]{24}$
admxConfigsInfo array [object] optional
ADMX configuration metadata array containing template details, settings types, and descriptions.
id string optional
Unique identifier for this ADMX configuration template enabling targeted operations and relationship tracking across the platform.
Match pattern: ^[a-fA-F0-9]{24}$
appName string optional
Application name for ADMX template indicating which software or Windows component these settings apply to.
≤ 256 characters
settingType string optional
Setting type classification indicating category such as security, privacy, or functionality for organizational grouping and filtering.
≤ 256 characters
fileName string optional
ADMX template file name indicating original group policy definition source for reference and administrative purposes.
≤ 256 characters
description string optional
Human-readable description explaining purpose and effect of these ADMX settings for administrator understanding and documentation.
≤ 256 characters
agentConfiguration object optional
MDM agent configuration settings controlling agent deployment, permissions, and capabilities on managed devices.
enabled boolean optional
Agent enablement flag controlling whether MDM agent is active on devices and able to perform management operations.
buildTag string optional
Agent build version tag specifying which agent release to deploy on devices for version control and compatibility.
≤ 128 characters
allowLocation boolean optional
Location permission flag controlling whether agent can access device location data for tracking features.
allowNetworkStatus boolean optional
Network status permission flag controlling whether agent can monitor network connectivity for reporting.
allowPackageTime boolean optional
Package time tracking permission flag controlling whether agent reports application usage statistics.
allowPackageTransfer boolean optional
Package transfer permission flag controlling whether agent can facilitate file transfers between devices.
assets array [object] optional
Array of file asset assignments included in policy enabling deployment of certificates, configuration files, or resources.
mdmAssetId string optional
Match pattern: ^[a-fA-F0-9]{24}$
location string optional
≤ 256 characters
assetName string optional
≤ 256 characters
scope string optional
user system all-users
assetsInfo array [object] optional
Asset metadata array containing file names, types, and sizes for included resources displayed in administrative interfaces.
version integer optional
Internal version counter for policy changes enabling conflict detection and synchronization tracking across device updates and modifications.
≥ 0
segmentId integer optional
Segment identifier for scoping policy into an specific segment
≥ 0
updatedAt string optional
ISO 8601 timestamp indicating the last time this record was modified in the database useful for tracking changes, synchronization processes, and maintaining audit trails of all modifications.
Format: date-time
createdAt string optional
ISO 8601 timestamp indicating when this record was initially created in the database providing historical context, chronological ordering capabilities, and analytics for lifecycle tracking and reporting.
Format: date-time
priority integer optional
Policy assignment priority determining precedence when multiple policies apply to device for conflict resolution.
≥ 0
automationRule object optional
Automation rule object documenting which rule triggered policy assignment for audit trails and compliance reports.
id string optional
Match pattern: ^[a-fA-F0-9]{24}$
name string optional
≤ 256 characters
deviceAudiences array [object] optional
id string optional
Match pattern: ^[a-fA-F0-9]{24}$
name string optional
≤ 256 characters
reasons array [string] optional
subType string optional
Entity classification distinguishing enrolled devices from enrollment token placeholders in inventory queries.
≤ 128 characters
stateHistory array [object] optional
Historical state transitions tracking enrollment lifecycle changes and administrative actions over time.
state string optional
Device state at this point in history such as active, provisioning, or disabled.
PROVISIONING ACTIVE DELETED DELETE_REQUESTED UNKNOWN
date string optional
Timestamp when this state transition occurred for audit and lifecycle tracking.
Format: date-time
config object optional
Configuration snapshot at the time of state transition for change history analysis.
lastLocation object optional
Most recent location information reported by the device agent or determined from IP address.
agent object optional
Location data reported directly by the Windows MDM agent on the device.
origin string optional
Data source type indicating whether location came from GPS, WiFi, IP address, or manual entry.
agent ip
date string optional
Timestamp when location data was captured by the reporting source.
Format: date-time
latitude number optional
Geographic latitude coordinate in decimal degrees format.
Format: float · ≥ -90 · ≤ 90
longitude number optional
Geographic longitude coordinate in decimal degrees format.
Format: float · ≥ -180 · ≤ 180
ip string optional
IP address from which location was determined or reported.
≤ 128 characters
lastReportDate string optional
Timestamp of the most recent location report received from this source.
Format: date-time
address object optional
Reverse-geocoded street address information derived from coordinate data.
address string optional
Street name and identifier component of the physical address.
≤ 500 characters
number string optional
Building or street number component of the physical address.
≤ 500 characters
postalCode string optional
ZIP or postal code for the location enabling regional grouping.
≤ 500 characters
city string optional
City or municipality name component of the physical address.
≤ 500 characters
country string optional
Country name component of the physical address.
≤ 500 characters
ip object optional
Location data derived from IP address geolocation when agent location unavailable.
origin string optional
agent ip
date string optional
Format: date-time
latitude number optional
Format: float · ≥ -90 · ≤ 90
longitude number optional
Format: float · ≥ -180 · ≤ 180
ip string optional
≤ 128 characters
lastReportDate string optional
Format: date-time
address object optional
address string optional
≤ 500 characters
number string optional
≤ 500 characters
postalCode string optional
≤ 500 characters
city string optional
≤ 500 characters
country string optional
≤ 500 characters
refreshInfoNeeded array [string] optional
Array of data categories requiring refresh from the device agent such as hardware, applications, or certificates.
enrolledDate string optional
Timestamp when this device completed initial enrollment and became managed, critical for tracking device age and lifecycle management.
Format: date-time
updatedAt string optional
ISO 8601 timestamp indicating the last time this record was modified in the database useful for tracking changes, synchronization processes, and maintaining audit trails of all modifications.
Format: date-time
createdAt string optional
ISO 8601 timestamp indicating when this record was initially created in the database providing historical context, chronological ordering capabilities, and analytics for lifecycle tracking and reporting.
Format: date-time
{
    "status": true,
    "data": {
        "id": "507f1f77bcf86cd799439011",
        "organizationId": "507f1f77bcf86cd799439022",
        "winEnterpriseId": "507f1f77bcf86cd799439033",
        "mdmUser": {
            "id": "507f1f77bcf86cd799439066",
            "email": "[email protected]"
        },
        "displayName": "Marketing Dept Laptop",
        "tags": [
            "sales",
            "field-team",
            "remote"
        ],
        "winId": "device-win-mdm-12345678",
        "state": "ACTIVE",
        "config": {
            "./Device/Vendor/MSFT/Policy/Config/Security/RequireDeviceEncryption": "1"
        },
        "configDates": {
            "securityPolicy": "2026-02-10T10: 00: 00.000Z",
            "applications": "2026-02-09T15: 30: 00.000Z"
        },
        "customConfig": {
            "customField1": "value1",
            "customField2": true
        },
        "summary": {
            "name": "DESKTOP-ABC123",
            "osVersion": "10.0.19045.3803",
            "osVersionName": "Windows 11 Pro",
            "os": "Windows",
            "serialNumber": "SN123456789",
            "imei": "356938035643809",
            "battery": "85%",
            "expirationTimestamp": "2027-02-10T00: 00: 00.000Z",
            "supervised": true,
            "image": "https://cdn.example.com/device-surface-laptop.png",
            "compliance": {
                "compliant": true,
                "lastCheck": "2026-02-10T12: 00: 00.000Z"
            }
        },
        "scripts": [
            {
                "type": "once",
                "id": "507f1f77bcf86cd799439077",
                "loopTime": 60,
                "resetDate": "2026-02-10T00: 00: 00.000Z",
                "arguments": "-ExecutionPolicy Bypass -Parameter1 Value1",
                "argumentsProcessed": "-ExecutionPolicy Bypass -Parameter1 ProcessedValue",
                "name": "System Configuration Script",
                "description": "Configures network settings and security policies",
                "runner": "powershell.exe"
            }
        ],
        "scriptsInfo": [
            {}
        ],
        "lastStatusReportTime": "2026-02-10T12: 30: 00.000Z",
        "type": "windows",
        "winPolicy": {
            "id": "507f1f77bcf86cd799439011",
            "organizationId": "507f1f77bcf86cd799439022",
            "winEnterpriseId": "507f1f77bcf86cd799439033",
            "name": "Corporate Security Baseline",
            "config": {
                "./Device/Vendor/MSFT/Policy/Config/Security/RequireDeviceEncryption": "1"
            },
            "applications": [
                {
                    "winApplicationId": "507f1f77bcf86cd799439044",
                    "configuration": {
                        "language": "en",
                        "edition": "enterprise"
                    },
                    "action": "available",
                    "updatePolicy": {
                        "autoUpdate": true,
                        "allowedVersions": ">=1.0.0"
                    }
                }
            ],
            "applicationsInfo": [
                {}
            ],
            "bookmarks": [
                {
                    "title": "string",
                    "description": "string",
                    "url": "string",
                    "iconBase64": "string",
                    "iconUrl": "string"
                }
            ],
            "scripts": [
                {
                    "type": "once",
                    "id": "string",
                    "loopTime": 0,
                    "resetDate": "2024-01-01T00: 00:00Z",
                    "arguments": "string",
                    "argumentsProcessed": "string",
                    "name": "string",
                    "description": "string",
                    "runner": "string"
                }
            ],
            "scriptsInfo": [
                {}
            ],
            "admxConfigs": [
                {
                    "winAdmxConfigId": "507f1f77bcf86cd799439055"
                }
            ],
            "admxConfigsInfo": [
                {
                    "id": "507f1f77bcf86cd799439055",
                    "appName": "Microsoft Edge",
                    "settingType": "Privacy",
                    "fileName": "edge.admx",
                    "description": "Controls Edge browser privacy settings"
                }
            ],
            "agentConfiguration": {
                "enabled": true,
                "buildTag": "v2.5.0",
                "allowLocation": true,
                "allowNetworkStatus": true,
                "allowPackageTime": false,
                "allowPackageTransfer": false
            },
            "assets": [
                {
                    "mdmAssetId": "string",
                    "location": "string",
                    "assetName": "string",
                    "scope": "user"
                }
            ],
            "assetsInfo": [
                {}
            ],
            "version": 5,
            "segmentId": "1",
            "updatedAt": "2026-02-10T14: 30: 00.000Z",
            "createdAt": "2025-10-15T09: 00: 00.000Z"
        },
        "deviceWinPolicy": {
            "id": "507f1f77bcf86cd799439011",
            "organizationId": "507f1f77bcf86cd799439022",
            "winEnterpriseId": "507f1f77bcf86cd799439033",
            "name": "Corporate Security Baseline",
            "config": {
                "./Device/Vendor/MSFT/Policy/Config/Security/RequireDeviceEncryption": "1"
            },
            "applications": [
                {
                    "winApplicationId": "507f1f77bcf86cd799439044",
                    "configuration": {
                        "language": "en",
                        "edition": "enterprise"
                    },
                    "action": "available",
                    "updatePolicy": {
                        "autoUpdate": true,
                        "allowedVersions": ">=1.0.0"
                    }
                }
            ],
            "applicationsInfo": [
                {}
            ],
            "bookmarks": [
                {
                    "title": "string",
                    "description": "string",
                    "url": "string",
                    "iconBase64": "string",
                    "iconUrl": "string"
                }
            ],
            "scripts": [
                {
                    "type": "once",
                    "id": "string",
                    "loopTime": 0,
                    "resetDate": "2024-01-01T00: 00:00Z",
                    "arguments": "string",
                    "argumentsProcessed": "string",
                    "name": "string",
                    "description": "string",
                    "runner": "string"
                }
            ],
            "scriptsInfo": [
                {}
            ],
            "admxConfigs": [
                {
                    "winAdmxConfigId": "507f1f77bcf86cd799439055"
                }
            ],
            "admxConfigsInfo": [
                {
                    "id": "507f1f77bcf86cd799439055",
                    "appName": "Microsoft Edge",
                    "settingType": "Privacy",
                    "fileName": "edge.admx",
                    "description": "Controls Edge browser privacy settings"
                }
            ],
            "agentConfiguration": {
                "enabled": true,
                "buildTag": "v2.5.0",
                "allowLocation": true,
                "allowNetworkStatus": true,
                "allowPackageTime": false,
                "allowPackageTransfer": false
            },
            "assets": [
                {
                    "mdmAssetId": "string",
                    "location": "string",
                    "assetName": "string",
                    "scope": "user"
                }
            ],
            "assetsInfo": [
                {}
            ],
            "version": 5,
            "segmentId": "1",
            "updatedAt": "2026-02-10T14: 30: 00.000Z",
            "createdAt": "2025-10-15T09: 00: 00.000Z"
        },
        "winPolicyAssignments": [
            {
                "winPolicyId": "698f42e5457fafa13d0887a3",
                "winPolicy": {},
                "priority": 1
            }
        ],
        "winPolicyAssignmentsEnforced": [
            {
                "winPolicyId": "698f42e5457fafa13d0887a3",
                "winPolicy": {},
                "priority": 1,
                "automationRule": {
                    "id": "698f42e5457fafa13d08879d",
                    "name": "Sales Team iOS Policies",
                    "deviceAudiences": [
                        {
                            "id": "698f42e5457fafa13d0887a7",
                            "name": "Sales Department",
                            "reasons": [
                                "tag:sales",
                                "user.department:Sales"
                            ]
                        }
                    ]
                }
            }
        ],
        "subType": "device",
        "stateHistory": [
            {
                "state": "ACTIVE",
                "date": "2025-10-15T09: 15: 00.000Z",
                "config": {
                    "reason": "initial-enrollment"
                }
            }
        ],
        "lastLocation": {
            "agent": {
                "origin": "agent",
                "date": "2026-02-10T12: 00: 00.000Z",
                "latitude": 40.7128,
                "longitude": -74.006,
                "ip": "203.0.113.45",
                "lastReportDate": "2026-02-10T12: 00: 00.000Z",
                "address": {
                    "address": "123 Main Street",
                    "number": "123",
                    "postalCode": "10001",
                    "city": "New York",
                    "country": "United States"
                }
            },
            "ip": {
                "origin": "agent",
                "date": "2024-01-01T00: 00:00Z",
                "latitude": 0,
                "longitude": 0,
                "ip": "string",
                "lastReportDate": "2024-01-01T00: 00:00Z",
                "address": {
                    "address": "string",
                    "number": "string",
                    "postalCode": "string",
                    "city": "string",
                    "country": "string"
                }
            }
        },
        "refreshInfoNeeded": [
            "hardware",
            "applications"
        ],
        "enrolledDate": "2025-10-15T09: 15: 00.000Z",
        "updatedAt": "2026-02-10T14: 30: 00.000Z",
        "createdAt": "2025-10-15T09: 00: 00.000Z"
    }
}
401 Response application/json
status boolean optional
false
error object optional
code number optional
4001
message string optional
Unauthorized
{
    "status": false,
    "error": {
        "code": 4002,
        "message": "No auth token"
    }
}
404 Response application/json
status boolean optional
false
error object optional
code number optional
3001
message string optional
Entity not found
{
    "status": false,
    "error": {
        "code": 3001,
        "message": "Entity not found"
    }
}