| Attribute | Description | Backed up | Restorable |
| activeFirewallRequired | Require active firewall on Windows devices. | Yes | Yes |
| antiSpywareRequired | Require any antispyware solution registered with Windows Security Center to be on and monitoring. | Yes | Yes |
| antivirusRequired | Require any antivirus solution registered with Windows Security Center to be on and monitoring. | Yes | Yes |
| bitLockerEnabled | Require devices to be reported healthy by Windows Device Health Attestation - Bitlocker is enabled | Yes | Yes |
| codeIntegrityEnabled | Require devices to be reported as healthy by Windows Device Health Attestation. | Yes | Yes |
| configurationManagerComplianceRequired | Require taking SCCM compliance state into consideration for Intune compliance state | Yes | Yes |
| createdDateTime | DateTime the object was created. Inherited from deviceCompliancePolicy | Yes | Yes |
| defenderEnabled | Require Windows Defender Antimalware on Windows devices. | Yes | Yes |
| defenderVersion | Require Windows Defender Antimalware minimum version on Windows devices. | Yes | Yes |
| description | Admin-provided description of the device configuration. Inherited from deviceCompliancePolicy | Yes | Yes |
| deviceCompliancePolicyScript>deviceComplianceScriptId | Device compliance script Id. | Yes | Yes |
| deviceCompliancePolicyScript>RulesContent | JSON file of the rules, encoded binary | Yes | Yes |
| deviceThreatProtectionEnabled | Require devices to have device threat protection enabled. | Yes | Yes |
| deviceThreatProtectionRequiredSecurityLevel | Require device threat protection minimum risk level to report noncompliance. | Yes | Yes |
| displayName | Admin-provided name of the device configuration. Inherited from deviceCompliancePolicy | Yes | Yes |
| earlyLaunchAntiMalwareDriverEnabled | Require devices to be reported as healthy by Windows Device Health Attestation - early launch antimalware driver is enabled. | Yes | Yes |
| firmwareProtectionEnabled | When TRUE, indicates that Firmware protection is required to be reported as healthy. Default value is FALSE. | Yes | Yes |
| id | Key of the entity. Inherited from deviceCompliancePolicy | Yes | No |
| kernelDmaProtectionEnabled | When TRUE, indicates that Kernel Direct Memory Access (DMA) protection is required to be reported as healthy Default value is FALSE. | Yes | Yes |
| lastModifiedDateTime | DateTime the object was last modified. Inherited from deviceCompliancePolicy | Yes | Yes |
| memoryIntegrityEnabled | When TRUE, indicates that Memory Integrity is required to be reported as healthy. Default value is FALSE. | Yes | Yes |
| mobileOsMaximumVersion | Maximum Windows Phone version. | Yes | Yes |
| mobileOsMinimumVersion | Minimum Windows Phone version. | Yes | Yes |
| osMaximumVersion | Maximum Windows 10 version. | Yes | Yes |
| osMinimumVersion | Minimum Windows 10 version. | Yes | Yes |
| passwordBlockSimple | Indicates whether or not to block simple passwords. | Yes | Yes |
| passwordExpirationDays | Password expiration in days. | Yes | Yes |
| passwordMinimumCharacterSetCount | Number of character sets required in the password. | Yes | Yes |
| passwordMinimumLength | Minimum password length. | Yes | Yes |
| passwordMinutesOfInactivityBeforeLock | Minutes of inactivity before a password is required. | Yes | Yes |
| passwordPreviousPasswordBlockCount | Number of previous passwords to prevent re-use of. | Yes | Yes |
| passwordRequired | Require a password to unlock Windows devices. | Yes | Yes |
| passwordRequiredToUnlockFromIdle | Require a password to unlock an idle device. | Yes | Yes |
| passwordRequiredType | Required password type. | Yes | Yes |
| requireHealthyDeviceReport | Require devices to be reported as healthy by Windows Device Health Attestation. | Yes | Yes |
| roleScopeTagIds | List of scope tags for this entity instance. Inherited from deviceCompliancePolicy | Yes | Yes |
| rtpEnabled | Require Windows Defender Antimalware Real-Time Protection on Windows devices. | Yes | Yes |
| secureBootEnabled | Require devices to be reported as healthy by Windows Device Health Attestation - secure boot is enabled. | Yes | Yes |
| signatureOutOfDate | Require Windows Defender Antimalware Signature to be up to date on Windows devices. | Yes | Yes |
| storageRequireEncryption | Require encryption on Windows devices. | Yes | Yes |
| tpmRequired | Require Trusted Platform Module(TPM) to be present. | Yes | Yes |
| validOperatingSystemBuildRanges | Valid operating system build ranges on Windows devices. | Yes | Yes |
| validOperatingSystemBuildRanges>description | The description of valid operating system build range. | Yes | Yes |
| validOperatingSystemBuildRanges>highestVersion | Highest inclusive versionin valid operating system build range. | Yes | Yes |
| validOperatingSystemBuildRanges>lowestVersion | Lowest inclusive version in valid operating system build range. | Yes | Yes |
| version | Version of the device configuration. Inherited from deviceCompliancePolicy | Yes | Yes |
| virtualizationBasedSecurityEnabled | When TRUE, indicates that Virtualization-based Security is required to be reported as healthy. Default value is FALSE. | Yes | Yes |
| wslDistributions | Settings relating to Linux distributions installed on managed Windows devices. | Yes | Yes |
| wslDistributions>distribution | Linux distributions e.g. Debian, Fedora, Ubuntu. | Yes | Yes |
| wslDistributions>maximumOSVersion | Maximum supported Linux operating system version. | Yes | Yes |
| wslDistributions>minimumOSVersion | Minimum supported Linux operating system version. | Yes | Yes |
.png)
 1.png)