Retrieve single Windows policy details

GET

/v1/organizations/:organizationId/mdm/windows/enterprise/policies/:winPolicyId

Retrieve single Windows policy details

Required Permission: mdm.windows.policy.get

Retrieve complete details for specific Windows policy including configurations, application assignments, scripts, and deployment information for management.

Request

Add parameter in header authorization

Example: Authorization: Bearer <token>

organizationId string

required

Match pattern: ^(([a-fA-F0-9]{24})|([a-zA-Z0-9\\-]{3,}))$

winPolicyId string

required

Windows policy identifier used for retrieving, updating, or deleting specific policy configurations within the management system.

Match pattern: ^[a-fA-F0-9]{24}$

Responses

200 Response application/json

status boolean optional

data object optional

id string optional

Unique identifier for this specific resource instance in the system following a standardized format enabling targeted operations, relationship mapping, and tracking across all platform endpoints and data stores.

Match pattern: ^[a-fA-F0-9]{24}$

organizationId string optional

Organization identifier indicating workspace ownership for access control and data isolation across multi-tenant environments.

Match pattern: ^[a-fA-F0-9]{24}$

winEnterpriseId string optional

Windows enterprise configuration identifier linking policy to specific enrollment settings and device management context.

Match pattern: ^[a-fA-F0-9]{24}$

name string optional

Policy display name shown in interfaces and used for identification in listings and device assignments.

≤ 256 characters

config object optional

OMA-DM configuration object containing registry settings, security policies, and device restrictions to apply on managed Windows devices.

applications array [object] optional

Array of application assignments included in policy enabling bundled deployment and management of software packages.

winApplicationId string optional

Windows application identifier for the app to include in policy deployment.

Match pattern: ^[a-fA-F0-9]{24}$

configuration object optional

Application-specific configuration settings applied during deployment enabling customized installation and runtime options.

action string optional

Deployment action specifying whether application is force-installed or made available for optional user installation.

≤ 128 characters

forceInstall available

updatePolicy object optional

Update policy controlling automatic update behavior, scheduling, and version constraints for deployed application.

applicationsInfo array [object] optional

Application metadata array containing name, version, and publisher details for included apps displayed in interfaces.

bookmarks array [object] optional

title string optional

≤ 256 characters

description string optional

≤ 500 characters

url string optional

≤ 500 characters

iconBase64 string optional

iconUrl string optional

≤ 500 characters

scripts array [object] optional

Array of script assignments included in policy enabling automated PowerShell or batch command operations.

type string optional

once loop onDemand

id string optional

≤ 128 characters

loopTime integer optional

≥ 0

resetDate string optional

Format: date-time

arguments string optional

argumentsProcessed string optional

name string optional

≤ 256 characters

description string optional

≤ 500 characters

runner string optional

≤ 256 characters

scriptsInfo array [object] optional

Script metadata array containing name, description, and timing details for included scripts providing comprehensive script information in interfaces.

admxConfigs array [object] optional

Array of ADMX configuration assignments enabling group policy template settings for advanced Windows configurations.

winAdmxConfigId string optional

ADMX configuration identifier for group policy template to include in policy.

Match pattern: ^[a-fA-F0-9]{24}$

admxConfigsInfo array [object] optional

ADMX configuration metadata array containing template details, settings types, and descriptions.

id string optional

Unique identifier for this ADMX configuration template enabling targeted operations and relationship tracking across the platform.

Match pattern: ^[a-fA-F0-9]{24}$

appName string optional

Application name for ADMX template indicating which software or Windows component these settings apply to.

≤ 256 characters

settingType string optional

Setting type classification indicating category such as security, privacy, or functionality for organizational grouping and filtering.

≤ 256 characters

fileName string optional

ADMX template file name indicating original group policy definition source for reference and administrative purposes.

≤ 256 characters

description string optional

Human-readable description explaining purpose and effect of these ADMX settings for administrator understanding and documentation.

≤ 256 characters

agentConfiguration object optional

MDM agent configuration settings controlling agent deployment, permissions, and capabilities on managed devices.

enabled boolean optional

Agent enablement flag controlling whether MDM agent is active on devices and able to perform management operations.

buildTag string optional

Agent build version tag specifying which agent release to deploy on devices for version control and compatibility.

≤ 128 characters

allowLocation boolean optional

Location permission flag controlling whether agent can access device location data for tracking features.

allowNetworkStatus boolean optional

Network status permission flag controlling whether agent can monitor network connectivity for reporting.

allowPackageTime boolean optional

Package time tracking permission flag controlling whether agent reports application usage statistics.

allowPackageTransfer boolean optional

Package transfer permission flag controlling whether agent can facilitate file transfers between devices.

assets array [object] optional

Array of file asset assignments included in policy enabling deployment of certificates, configuration files, or resources.

mdmAssetId string optional

Match pattern: ^[a-fA-F0-9]{24}$

location string optional

≤ 256 characters

assetName string optional

≤ 256 characters

scope string optional

user system all-users

assetsInfo array [object] optional

Asset metadata array containing file names, types, and sizes for included resources displayed in administrative interfaces.

version integer optional

Internal version counter for policy changes enabling conflict detection and synchronization tracking across device updates and modifications.

≥ 0

segmentId integer optional

Segment identifier for scoping policy into an specific segment

≥ 0

updatedAt string optional

ISO 8601 timestamp indicating the last time this record was modified in the database useful for tracking changes, synchronization processes, and maintaining audit trails of all modifications.

Format: date-time

createdAt string optional

ISO 8601 timestamp indicating when this record was initially created in the database providing historical context, chronological ordering capabilities, and analytics for lifecycle tracking and reporting.

Format: date-time

{
    "status": true,
    "data": {
        "id": "507f1f77bcf86cd799439011",
        "organizationId": "507f1f77bcf86cd799439022",
        "winEnterpriseId": "507f1f77bcf86cd799439033",
        "name": "Corporate Security Baseline",
        "config": {
            "./Device/Vendor/MSFT/Policy/Config/Security/RequireDeviceEncryption": "1"
        },
        "applications": [
            {
                "winApplicationId": "507f1f77bcf86cd799439044",
                "configuration": {
                    "language": "en",
                    "edition": "enterprise"
                },
                "action": "available",
                "updatePolicy": {
                    "autoUpdate": true,
                    "allowedVersions": ">=1.0.0"
                }
            }
        ],
        "applicationsInfo": [
            {}
        ],
        "bookmarks": [
            {
                "title": "string",
                "description": "string",
                "url": "string",
                "iconBase64": "string",
                "iconUrl": "string"
            }
        ],
        "scripts": [
            {
                "type": "once",
                "id": "string",
                "loopTime": 0,
                "resetDate": "2024-01-01T00: 00:00Z",
                "arguments": "string",
                "argumentsProcessed": "string",
                "name": "string",
                "description": "string",
                "runner": "string"
            }
        ],
        "scriptsInfo": [
            {}
        ],
        "admxConfigs": [
            {
                "winAdmxConfigId": "507f1f77bcf86cd799439055"
            }
        ],
        "admxConfigsInfo": [
            {
                "id": "507f1f77bcf86cd799439055",
                "appName": "Microsoft Edge",
                "settingType": "Privacy",
                "fileName": "edge.admx",
                "description": "Controls Edge browser privacy settings"
            }
        ],
        "agentConfiguration": {
            "enabled": true,
            "buildTag": "v2.5.0",
            "allowLocation": true,
            "allowNetworkStatus": true,
            "allowPackageTime": false,
            "allowPackageTransfer": false
        },
        "assets": [
            {
                "mdmAssetId": "string",
                "location": "string",
                "assetName": "string",
                "scope": "user"
            }
        ],
        "assetsInfo": [
            {}
        ],
        "version": 5,
        "segmentId": "1",
        "updatedAt": "2026-02-10T14: 30: 00.000Z",
        "createdAt": "2025-10-15T09: 00: 00.000Z"
    }
}

401 Response application/json

status boolean optional

false

error object optional

code number optional

4001

message string optional

Unauthorized

{
    "status": false,
    "error": {
        "code": 4002,
        "message": "No auth token"
    }
}

404 Response application/json

status boolean optional

false

error object optional

code number optional

3001

message string optional

Entity not found

{
    "status": false,
    "error": {
        "code": 3001,
        "message": "Entity not found"
    }
}