Favicon

You are here: Home > API Reference > Windows > Windows Policies > Create new Windows policy configuration

Create new Windows policy configuration

Required Permission: mdm.windows.policy.create

Create new Windows device policy bundling applications, scripts, configurations, and agent settings for deployment to managed devices.

POST
/v1/organizations/:organizationId/mdm/windows/enterprise/policies/
Copy to clipboard

Create new Windows policy configuration

Required Permission: mdm.windows.policy.create

Create new Windows device policy bundling applications, scripts, configurations, and agent settings for deployment to managed devices.

Request

Add parameter in header authorization
Example: Authorization: Bearer <token>
organizationId string
required
Match pattern: ^(([a-fA-F0-9]{24})|([a-zA-Z0-9\\-]{3,}))$
Body Params application/json
name string required
Policy name to assign upon creation for identification in management interfaces and device assignment workflows.
≤ 256 characters
config object optional
OMA-DM configuration object containing registry settings, security policies, and device restrictions to apply on managed Windows devices.
applications array [object] optional
Array of application assignments included in policy enabling bundled deployment and management of software packages.
winApplicationId string required
Windows application identifier for the app to include in policy deployment.
Match pattern: ^[a-fA-F0-9]{24}$
configuration object optional
Application-specific configuration settings applied during deployment enabling customized installation and runtime options.
action string optional
Deployment action specifying whether application is force-installed or made available for optional user installation.
forceInstall available
updatePolicy object optional
Update policy controlling automatic update behavior, scheduling, and version constraints for deployed application.
scripts array [object] optional
Array of script assignments included in policy enabling automated PowerShell or batch command operations.
type string optional
once loop onDemand
id string optional
≤ 128 characters
loopTime integer optional
≥ 0
resetDate string optional
Format: date-time
arguments string optional
argumentsProcessed string optional
name string optional
≤ 256 characters
description string optional
≤ 500 characters
runner string optional
≤ 256 characters
admxConfigs array [object] optional
Array of ADMX configuration assignments enabling group policy template settings for advanced Windows configurations.
winAdmxConfigId string required
ADMX configuration identifier for group policy template to include in policy.
Match pattern: ^[a-fA-F0-9]{24}$
assets array [object] optional
Array of file asset assignments included in policy enabling deployment of certificates, configuration files, or resources.
mdmAssetId string optional
Match pattern: ^[a-fA-F0-9]{24}$
location string optional
≤ 256 characters
assetName string optional
≤ 256 characters
scope string optional
user system all-users
agentConfiguration object optional
MDM agent configuration settings controlling agent deployment, permissions, and capabilities on managed devices.
enabled boolean optional
Agent enablement flag controlling whether MDM agent is active on devices and able to perform management operations.
buildTag string optional
Agent build version tag specifying which agent release to deploy on devices for version control and compatibility.
≤ 128 characters
allowLocation boolean optional
Location permission flag controlling whether agent can access device location data for tracking features.
allowNetworkStatus boolean optional
Network status permission flag controlling whether agent can monitor network connectivity for reporting.
allowPackageTime boolean optional
Package time tracking permission flag controlling whether agent reports application usage statistics.
allowPackageTransfer boolean optional
Package transfer permission flag controlling whether agent can facilitate file transfers between devices.
segmentId integer optional
Segment identifier for scoping policy into an specific segment
≥ 0
{
    "name": "New Security Policy",
    "config": {
        "./Device/Vendor/MSFT/Policy/Config/Security/RequireDeviceEncryption": "1"
    },
    "applications": [
        {
            "winApplicationId": "507f1f77bcf86cd799439044",
            "configuration": {
                "language": "en",
                "edition": "enterprise"
            },
            "action": "available",
            "updatePolicy": {
                "autoUpdate": true,
                "allowedVersions": ">=1.0.0"
            }
        }
    ],
    "scripts": [
        {
            "type": "once",
            "id": "string",
            "loopTime": 0,
            "resetDate": "2024-01-01T00: 00:00Z",
            "arguments": "string",
            "argumentsProcessed": "string",
            "name": "string",
            "description": "string",
            "runner": "string"
        }
    ],
    "admxConfigs": [
        {
            "winAdmxConfigId": "507f1f77bcf86cd799439055"
        }
    ],
    "assets": [
        {
            "mdmAssetId": "string",
            "location": "string",
            "assetName": "string",
            "scope": "user"
        }
    ],
    "agentConfiguration": {
        "enabled": true,
        "buildTag": "v2.5.0",
        "allowLocation": true,
        "allowNetworkStatus": true,
        "allowPackageTime": false,
        "allowPackageTransfer": false
    },
    "segmentId": "1"
}

Responses

200 Response application/json
status boolean optional
data object optional
id string optional
Unique identifier for this specific resource instance in the system following a standardized format enabling targeted operations, relationship mapping, and tracking across all platform endpoints and data stores.
Match pattern: ^[a-fA-F0-9]{24}$
organizationId string optional
Organization identifier indicating workspace ownership for access control and data isolation across multi-tenant environments.
Match pattern: ^[a-fA-F0-9]{24}$
winEnterpriseId string optional
Windows enterprise configuration identifier linking policy to specific enrollment settings and device management context.
Match pattern: ^[a-fA-F0-9]{24}$
name string optional
Policy display name shown in interfaces and used for identification in listings and device assignments.
≤ 256 characters
config object optional
OMA-DM configuration object containing registry settings, security policies, and device restrictions to apply on managed Windows devices.
applications array [object] optional
Array of application assignments included in policy enabling bundled deployment and management of software packages.
winApplicationId string optional
Windows application identifier for the app to include in policy deployment.
Match pattern: ^[a-fA-F0-9]{24}$
configuration object optional
Application-specific configuration settings applied during deployment enabling customized installation and runtime options.
action string optional
Deployment action specifying whether application is force-installed or made available for optional user installation.
≤ 128 characters
forceInstall available
updatePolicy object optional
Update policy controlling automatic update behavior, scheduling, and version constraints for deployed application.
applicationsInfo array [object] optional
Application metadata array containing name, version, and publisher details for included apps displayed in interfaces.
bookmarks array [object] optional
title string optional
≤ 256 characters
description string optional
≤ 500 characters
url string optional
≤ 500 characters
iconBase64 string optional
iconUrl string optional
≤ 500 characters
scripts array [object] optional
Array of script assignments included in policy enabling automated PowerShell or batch command operations.
type string optional
once loop onDemand
id string optional
≤ 128 characters
loopTime integer optional
≥ 0
resetDate string optional
Format: date-time
arguments string optional
argumentsProcessed string optional
name string optional
≤ 256 characters
description string optional
≤ 500 characters
runner string optional
≤ 256 characters
scriptsInfo array [object] optional
Script metadata array containing name, description, and timing details for included scripts providing comprehensive script information in interfaces.
admxConfigs array [object] optional
Array of ADMX configuration assignments enabling group policy template settings for advanced Windows configurations.
winAdmxConfigId string optional
ADMX configuration identifier for group policy template to include in policy.
Match pattern: ^[a-fA-F0-9]{24}$
admxConfigsInfo array [object] optional
ADMX configuration metadata array containing template details, settings types, and descriptions.
id string optional
Unique identifier for this ADMX configuration template enabling targeted operations and relationship tracking across the platform.
Match pattern: ^[a-fA-F0-9]{24}$
appName string optional
Application name for ADMX template indicating which software or Windows component these settings apply to.
≤ 256 characters
settingType string optional
Setting type classification indicating category such as security, privacy, or functionality for organizational grouping and filtering.
≤ 256 characters
fileName string optional
ADMX template file name indicating original group policy definition source for reference and administrative purposes.
≤ 256 characters
description string optional
Human-readable description explaining purpose and effect of these ADMX settings for administrator understanding and documentation.
≤ 256 characters
agentConfiguration object optional
MDM agent configuration settings controlling agent deployment, permissions, and capabilities on managed devices.
enabled boolean optional
Agent enablement flag controlling whether MDM agent is active on devices and able to perform management operations.
buildTag string optional
Agent build version tag specifying which agent release to deploy on devices for version control and compatibility.
≤ 128 characters
allowLocation boolean optional
Location permission flag controlling whether agent can access device location data for tracking features.
allowNetworkStatus boolean optional
Network status permission flag controlling whether agent can monitor network connectivity for reporting.
allowPackageTime boolean optional
Package time tracking permission flag controlling whether agent reports application usage statistics.
allowPackageTransfer boolean optional
Package transfer permission flag controlling whether agent can facilitate file transfers between devices.
assets array [object] optional
Array of file asset assignments included in policy enabling deployment of certificates, configuration files, or resources.
mdmAssetId string optional
Match pattern: ^[a-fA-F0-9]{24}$
location string optional
≤ 256 characters
assetName string optional
≤ 256 characters
scope string optional
user system all-users
assetsInfo array [object] optional
Asset metadata array containing file names, types, and sizes for included resources displayed in administrative interfaces.
version integer optional
Internal version counter for policy changes enabling conflict detection and synchronization tracking across device updates and modifications.
≥ 0
segmentId integer optional
Segment identifier for scoping policy into an specific segment
≥ 0
updatedAt string optional
ISO 8601 timestamp indicating the last time this record was modified in the database useful for tracking changes, synchronization processes, and maintaining audit trails of all modifications.
Format: date-time
createdAt string optional
ISO 8601 timestamp indicating when this record was initially created in the database providing historical context, chronological ordering capabilities, and analytics for lifecycle tracking and reporting.
Format: date-time
{
    "status": true,
    "data": {
        "id": "507f1f77bcf86cd799439011",
        "organizationId": "507f1f77bcf86cd799439022",
        "winEnterpriseId": "507f1f77bcf86cd799439033",
        "name": "Corporate Security Baseline",
        "config": {
            "./Device/Vendor/MSFT/Policy/Config/Security/RequireDeviceEncryption": "1"
        },
        "applications": [
            {
                "winApplicationId": "507f1f77bcf86cd799439044",
                "configuration": {
                    "language": "en",
                    "edition": "enterprise"
                },
                "action": "available",
                "updatePolicy": {
                    "autoUpdate": true,
                    "allowedVersions": ">=1.0.0"
                }
            }
        ],
        "applicationsInfo": [
            {}
        ],
        "bookmarks": [
            {
                "title": "string",
                "description": "string",
                "url": "string",
                "iconBase64": "string",
                "iconUrl": "string"
            }
        ],
        "scripts": [
            {
                "type": "once",
                "id": "string",
                "loopTime": 0,
                "resetDate": "2024-01-01T00: 00:00Z",
                "arguments": "string",
                "argumentsProcessed": "string",
                "name": "string",
                "description": "string",
                "runner": "string"
            }
        ],
        "scriptsInfo": [
            {}
        ],
        "admxConfigs": [
            {
                "winAdmxConfigId": "507f1f77bcf86cd799439055"
            }
        ],
        "admxConfigsInfo": [
            {
                "id": "507f1f77bcf86cd799439055",
                "appName": "Microsoft Edge",
                "settingType": "Privacy",
                "fileName": "edge.admx",
                "description": "Controls Edge browser privacy settings"
            }
        ],
        "agentConfiguration": {
            "enabled": true,
            "buildTag": "v2.5.0",
            "allowLocation": true,
            "allowNetworkStatus": true,
            "allowPackageTime": false,
            "allowPackageTransfer": false
        },
        "assets": [
            {
                "mdmAssetId": "string",
                "location": "string",
                "assetName": "string",
                "scope": "user"
            }
        ],
        "assetsInfo": [
            {}
        ],
        "version": 5,
        "segmentId": "1",
        "updatedAt": "2026-02-10T14: 30: 00.000Z",
        "createdAt": "2025-10-15T09: 00: 00.000Z"
    }
}
400 Response application/json
status boolean optional
false
error object optional
code number optional
5146
message string optional
WinPolicy name already used
{
    "status": false,
    "error": {
        "code": 5146,
        "message": "WinPolicy name already used"
    }
}
401 Response application/json
status boolean optional
false
error object optional
code number optional
4001
message string optional
Unauthorized
{
    "status": false,
    "error": {
        "code": 4002,
        "message": "No auth token"
    }
}
404 Response application/json
status boolean optional
false
error object optional
code number optional
3001
message string optional
Entity not found
{
    "status": false,
    "error": {
        "code": 3001,
        "message": "Entity not found"
    }
}