Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
Namespace: microsoft.graph
Important: Microsoft supports Intune /beta APIs, but they are subject to more frequent change. Microsoft recommends using version v1.0 when possible. Check an API's availability in version v1.0 using the Version selector.
Note: The Microsoft Graph API for Intune requires an active Intune license for the tenant.
Create a new deviceManagementScript object.
This API is available in the following national cloud deployments.
| Global service | US Government L4 | US Government L5 (DOD) | China operated by 21Vianet | 
|---|---|---|---|
| ✅ | ✅ | ✅ | ✅ | 
Permissions
One of the following permissions is required to call this API. To learn more, including how to choose permissions, see Permissions.
| Permission type | Permissions (from most to least privileged) | 
|---|---|
| Delegated (work or school account) | |
| Device management | DeviceManagementConfiguration.ReadWrite.All | 
| Policy Set | DeviceManagementConfiguration.ReadWrite.All | 
| Delegated (personal Microsoft account) | Not supported. | 
| Application | |
| Device management | DeviceManagementConfiguration.ReadWrite.All | 
| Policy Set | DeviceManagementConfiguration.ReadWrite.All | 
HTTP Request
POST /deviceManagement/deviceManagementScripts
Request headers
| Header | Value | 
|---|---|
| Authorization | Bearer {token}. Required. Learn more about authentication and authorization. | 
| Accept | application/json | 
Request body
In the request body, supply a JSON representation for the deviceManagementScript object.
The following table shows the properties that are required when you create the deviceManagementScript.
| Property | Type | Description | 
|---|---|---|
| id | String | Unique Identifier for the device management script. | 
| displayName | String | Name of the device management script. | 
| description | String | Optional description for the device management script. | 
| scriptContent | Binary | The script content. | 
| createdDateTime | DateTimeOffset | The date and time the device management script was created. This property is read-only. | 
| lastModifiedDateTime | DateTimeOffset | The date and time the device management script was last modified. This property is read-only. | 
| runAsAccount | runAsAccountType | Indicates the type of execution context. Possible values are: system,user. | 
| enforceSignatureCheck | Boolean | Indicate whether the script signature needs be checked. | 
| fileName | String | Script file name. | 
| roleScopeTagIds | String collection | List of Scope Tag IDs for this PowerShellScript instance. | 
| runAs32Bit | Boolean | A value indicating whether the PowerShell script should run as 32-bit | 
Response
If successful, this method returns a 201 Created response code and a deviceManagementScript object in the response body.
Example
Request
Here is an example of the request.
POST https://graph.microsoft.com/beta/deviceManagement/deviceManagementScripts
Content-type: application/json
Content-length: 443
{
  "@odata.type": "#microsoft.graph.deviceManagementScript",
  "displayName": "Display Name value",
  "description": "Description value",  
  "scriptContent": "c2NyaXB0Q29udGVudA==",
  "runAsAccount": "user",
  "enforceSignatureCheck": true,
  "fileName": "File Name value",
  "roleScopeTagIds": [
    "Role Scope Tag Ids value"
  ],
  "runAs32Bit": true
}
Response
Here is an example of the response. Note: The response object shown here may be truncated for brevity. All of the properties will be returned from an actual call.
HTTP/1.1 201 Created
Content-Type: application/json
Content-Length: 615
{
  "@odata.type": "#microsoft.graph.deviceManagementScript",
  "id": "59ea4525-4525-59ea-2545-ea592545ea59",
  "displayName": "Display Name value",
  "description": "Description value",
  "scriptContent": "c2NyaXB0Q29udGVudA==",
  "createdDateTime": "2017-01-01T00:02:43.5775965-08:00",
  "lastModifiedDateTime": "2017-01-01T00:00:35.1329464-08:00",
  "runAsAccount": "user",
  "enforceSignatureCheck": true,
  "fileName": "File Name value",
  "roleScopeTagIds": [
    "Role Scope Tag Ids value"
  ],
  "runAs32Bit": true
}