This article lists the Intune device configuration policies that can and cannot be protected as part of Microsoft Entra ID. Only the deviceConfiguration policy type is supported, and only for the templates named below.


It should be noted that there is no Compare attributes option when restoring these objects. They can only be viewed in JSON format.


Supported policy types

  • deviceConfiguration


Supported device configuration templates

  • aospDeviceOwnerDeviceConfiguration
  • androidDeviceOwnerDerivedCredentialAuthenticationConfiguration
  • androidWorkProfileTrustedRootCertificate
  • aospDeviceOwnerTrustedRootCertificate
  • aospDeviceOwnerWiFiConfiguration
  • androidDeviceOwnerTrustedRootCertificate
  • androidDeviceOwnerVpnConfiguration
  • androidDeviceOwnerGeneralDeviceConfiguration
  • androidDeviceOwnerWiFiConfiguration
  • androidDeviceOwnerImportedPFXCertificateProfile
  • androidWorkProfileCustomConfiguration
  • androidWorkProfileGeneralDeviceConfiguration
  • androidWorkProfileVpnConfiguration
  • androidWorkProfileWiFiConfiguration
  • androidWorkProfileGmailEasConfiguration
  • iosDerivedCredentialAuthenticationConfiguration
  • iosDeviceFeaturesConfiguration
  • iosGeneralDeviceConfiguration
  • iosUpdateConfiguration
  • iosEasEmailProfileConfiguration
  • iosImportedPFXCertificateProfile
  • iosPkcsCertificateProfile
  • iosTrustedRootCertificate
  • iosVpnConfiguration
  • iosWiFiConfiguration
  • macOSDeviceFeaturesConfiguration
  • macOSGeneralDeviceConfiguration
  • macOSPkcsCertificateProfile
  • macOSImportedPFXCertificateProfile
  • macOSSoftwareUpdateConfiguration
  • macOSTrustedRootCertificate
  • macOSVpnConfiguration
  • macOSWiFiConfiguration
  • macOSWiredNetworkConfiguration
  • windows10SecureAssessmentConfiguration
  • windowsDeliveryOptimizationConfiguration
  • windows10CustomConfiguration
  • windows10DeviceFirmwareConfigurationInterface
  • windows10GeneralConfiguration
  • windows10TeamGeneralConfiguration
  • windowsDomainJoinConfiguration
  • editionUpgradeConfiguration
  • windows10EasEmailProfileConfiguration
  • windows10EndpointProtectionConfiguration
  • windowsKioskConfiguration
  • windows10NetworkBoundaryConfiguration
  • windows10ImportedPFXCertificateProfile
  • sharedPCConfiguration
  • windowsWifiConfiguration
  • windowsWiredNetworkConfiguration


Unsupported device configuration templates

  • windows81GeneralConfiguration
  • windows81TrustedRootCertificate
  • windows81VpnConfiguration


Unsupported policy types

  • ADMX templates, i.e group policy configurations
  • Android OEM configurations
  • certificate profiles, i.e resource access profiles
  • hardware configurations
  • properties catalogs, i.e inventory policies
  • settings catalogs