Microsoft Endpoint Configuration Management · Capability

Microsoft Endpoint Configuration Management Microsoft Intune Graph API — Device Actions

Microsoft Endpoint Configuration Management Microsoft Intune Graph API — Device Actions. 6 operations. Lead operation: Microsoft Endpoint Configuration Management Reboot device. Self-contained Naftiko capability covering one Microsoft Endpoint Configuration Management business surface.

Run with Naftiko Microsoft Endpoint Configuration ManagementDevice Actions

What You Can Do

POST
Rebootmanageddevice — Microsoft Endpoint Configuration Management Reboot device
/v1/devicemanagement/manageddevices/{manageddeviceid}/rebootnow
POST
Remotelockmanageddevice — Microsoft Endpoint Configuration Management Remote lock a device
/v1/devicemanagement/manageddevices/{manageddeviceid}/remotelock
POST
Resetpasscode — Microsoft Endpoint Configuration Management Reset passcode
/v1/devicemanagement/manageddevices/{manageddeviceid}/resetpasscode
POST
Retiremanageddevice — Microsoft Endpoint Configuration Management Retire a device
/v1/devicemanagement/manageddevices/{manageddeviceid}/retire
POST
Syncmanageddevice — Microsoft Endpoint Configuration Management Sync device
/v1/devicemanagement/manageddevices/{manageddeviceid}/syncdevice
POST
Wipemanageddevice — Microsoft Endpoint Configuration Management Wipe a device
/v1/devicemanagement/manageddevices/{manageddeviceid}/wipe

MCP Tools

microsoft-endpoint-configuration-management-reboot

Microsoft Endpoint Configuration Management Reboot device

microsoft-endpoint-configuration-management-remote

Microsoft Endpoint Configuration Management Remote lock a device

microsoft-endpoint-configuration-management-reset

Microsoft Endpoint Configuration Management Reset passcode

microsoft-endpoint-configuration-management-retire

Microsoft Endpoint Configuration Management Retire a device

microsoft-endpoint-configuration-management-sync

Microsoft Endpoint Configuration Management Sync device

microsoft-endpoint-configuration-management-wipe

Microsoft Endpoint Configuration Management Wipe a device

Capability Spec

intune-graph-device-actions.yaml Raw ↑ 
naftiko: 1.0.0-alpha2
info:
  label: Microsoft Endpoint Configuration Management Microsoft Intune Graph API — Device Actions
  description: 'Microsoft Endpoint Configuration Management Microsoft Intune Graph API — Device Actions. 6 operations. Lead
    operation: Microsoft Endpoint Configuration Management Reboot device. Self-contained Naftiko capability covering one Microsoft
    Endpoint Configuration Management business surface.'
  tags:
  - Microsoft Endpoint Configuration Management
  - Device Actions
  created: '2026-05-19'
  modified: '2026-05-19'
binds:
- namespace: env
  keys:
    MICROSOFT_ENDPOINT_CONFIGURATION_MANAGEMENT_API_KEY: MICROSOFT_ENDPOINT_CONFIGURATION_MANAGEMENT_API_KEY
capability:
  consumes:
  - type: http
    namespace: intune-graph-device-actions
    baseUri: https://graph.microsoft.com/v1.0
    description: Microsoft Endpoint Configuration Management Microsoft Intune Graph API — Device Actions business capability.
      Self-contained, no shared references.
    resources:
    - name: deviceManagement-managedDevices-managedDeviceId-rebootNow
      path: /deviceManagement/managedDevices/{managedDeviceId}/rebootNow
      operations:
      - name: rebootmanageddevice
        method: POST
        description: Microsoft Endpoint Configuration Management Reboot device
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
        inputParameters:
        - name: managedDeviceId
          in: path
          type: string
          required: true
    - name: deviceManagement-managedDevices-managedDeviceId-remoteLock
      path: /deviceManagement/managedDevices/{managedDeviceId}/remoteLock
      operations:
      - name: remotelockmanageddevice
        method: POST
        description: Microsoft Endpoint Configuration Management Remote lock a device
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
        inputParameters:
        - name: managedDeviceId
          in: path
          type: string
          required: true
    - name: deviceManagement-managedDevices-managedDeviceId-resetPasscode
      path: /deviceManagement/managedDevices/{managedDeviceId}/resetPasscode
      operations:
      - name: resetpasscode
        method: POST
        description: Microsoft Endpoint Configuration Management Reset passcode
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
        inputParameters:
        - name: managedDeviceId
          in: path
          type: string
          required: true
    - name: deviceManagement-managedDevices-managedDeviceId-retire
      path: /deviceManagement/managedDevices/{managedDeviceId}/retire
      operations:
      - name: retiremanageddevice
        method: POST
        description: Microsoft Endpoint Configuration Management Retire a device
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
        inputParameters:
        - name: managedDeviceId
          in: path
          type: string
          required: true
    - name: deviceManagement-managedDevices-managedDeviceId-syncDevice
      path: /deviceManagement/managedDevices/{managedDeviceId}/syncDevice
      operations:
      - name: syncmanageddevice
        method: POST
        description: Microsoft Endpoint Configuration Management Sync device
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
        inputParameters:
        - name: managedDeviceId
          in: path
          type: string
          required: true
    - name: deviceManagement-managedDevices-managedDeviceId-wipe
      path: /deviceManagement/managedDevices/{managedDeviceId}/wipe
      operations:
      - name: wipemanageddevice
        method: POST
        description: Microsoft Endpoint Configuration Management Wipe a device
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
        inputParameters:
        - name: managedDeviceId
          in: path
          type: string
          required: true
        - name: body
          in: body
          type: object
          description: Request body (JSON).
          required: false
    authentication:
      type: bearer
      token: '{{env.MICROSOFT_ENDPOINT_CONFIGURATION_MANAGEMENT_API_KEY}}'
  exposes:
  - type: rest
    namespace: intune-graph-device-actions-rest
    port: 8080
    description: REST adapter for Microsoft Endpoint Configuration Management Microsoft Intune Graph API — Device Actions.
      One Spectral-compliant resource per consumed operation, prefixed with /v1.
    resources:
    - path: /v1/devicemanagement/manageddevices/{manageddeviceid}/rebootnow
      name: devicemanagement-manageddevices-manageddeviceid-rebootnow
      description: REST surface for deviceManagement-managedDevices-managedDeviceId-rebootNow.
      operations:
      - method: POST
        name: rebootmanageddevice
        description: Microsoft Endpoint Configuration Management Reboot device
        call: intune-graph-device-actions.rebootmanageddevice
        with:
          managedDeviceId: rest.managedDeviceId
        outputParameters:
        - type: object
          mapping: $.
    - path: /v1/devicemanagement/manageddevices/{manageddeviceid}/remotelock
      name: devicemanagement-manageddevices-manageddeviceid-remotelock
      description: REST surface for deviceManagement-managedDevices-managedDeviceId-remoteLock.
      operations:
      - method: POST
        name: remotelockmanageddevice
        description: Microsoft Endpoint Configuration Management Remote lock a device
        call: intune-graph-device-actions.remotelockmanageddevice
        with:
          managedDeviceId: rest.managedDeviceId
        outputParameters:
        - type: object
          mapping: $.
    - path: /v1/devicemanagement/manageddevices/{manageddeviceid}/resetpasscode
      name: devicemanagement-manageddevices-manageddeviceid-resetpasscode
      description: REST surface for deviceManagement-managedDevices-managedDeviceId-resetPasscode.
      operations:
      - method: POST
        name: resetpasscode
        description: Microsoft Endpoint Configuration Management Reset passcode
        call: intune-graph-device-actions.resetpasscode
        with:
          managedDeviceId: rest.managedDeviceId
        outputParameters:
        - type: object
          mapping: $.
    - path: /v1/devicemanagement/manageddevices/{manageddeviceid}/retire
      name: devicemanagement-manageddevices-manageddeviceid-retire
      description: REST surface for deviceManagement-managedDevices-managedDeviceId-retire.
      operations:
      - method: POST
        name: retiremanageddevice
        description: Microsoft Endpoint Configuration Management Retire a device
        call: intune-graph-device-actions.retiremanageddevice
        with:
          managedDeviceId: rest.managedDeviceId
        outputParameters:
        - type: object
          mapping: $.
    - path: /v1/devicemanagement/manageddevices/{manageddeviceid}/syncdevice
      name: devicemanagement-manageddevices-manageddeviceid-syncdevice
      description: REST surface for deviceManagement-managedDevices-managedDeviceId-syncDevice.
      operations:
      - method: POST
        name: syncmanageddevice
        description: Microsoft Endpoint Configuration Management Sync device
        call: intune-graph-device-actions.syncmanageddevice
        with:
          managedDeviceId: rest.managedDeviceId
        outputParameters:
        - type: object
          mapping: $.
    - path: /v1/devicemanagement/manageddevices/{manageddeviceid}/wipe
      name: devicemanagement-manageddevices-manageddeviceid-wipe
      description: REST surface for deviceManagement-managedDevices-managedDeviceId-wipe.
      operations:
      - method: POST
        name: wipemanageddevice
        description: Microsoft Endpoint Configuration Management Wipe a device
        call: intune-graph-device-actions.wipemanageddevice
        with:
          managedDeviceId: rest.managedDeviceId
          body: rest.body
        outputParameters:
        - type: object
          mapping: $.
  - type: mcp
    namespace: intune-graph-device-actions-mcp
    port: 9090
    transport: http
    description: MCP adapter for Microsoft Endpoint Configuration Management Microsoft Intune Graph API — Device Actions.
      One tool per consumed operation, routed inline through this capability's consumes block.
    tools:
    - name: microsoft-endpoint-configuration-management-reboot
      description: Microsoft Endpoint Configuration Management Reboot device
      hints:
        readOnly: false
        destructive: false
        idempotent: false
      call: intune-graph-device-actions.rebootmanageddevice
      with:
        managedDeviceId: tools.managedDeviceId
      outputParameters:
      - type: object
        mapping: $.
    - name: microsoft-endpoint-configuration-management-remote
      description: Microsoft Endpoint Configuration Management Remote lock a device
      hints:
        readOnly: false
        destructive: false
        idempotent: false
      call: intune-graph-device-actions.remotelockmanageddevice
      with:
        managedDeviceId: tools.managedDeviceId
      outputParameters:
      - type: object
        mapping: $.
    - name: microsoft-endpoint-configuration-management-reset
      description: Microsoft Endpoint Configuration Management Reset passcode
      hints:
        readOnly: false
        destructive: false
        idempotent: false
      call: intune-graph-device-actions.resetpasscode
      with:
        managedDeviceId: tools.managedDeviceId
      outputParameters:
      - type: object
        mapping: $.
    - name: microsoft-endpoint-configuration-management-retire
      description: Microsoft Endpoint Configuration Management Retire a device
      hints:
        readOnly: false
        destructive: false
        idempotent: false
      call: intune-graph-device-actions.retiremanageddevice
      with:
        managedDeviceId: tools.managedDeviceId
      outputParameters:
      - type: object
        mapping: $.
    - name: microsoft-endpoint-configuration-management-sync
      description: Microsoft Endpoint Configuration Management Sync device
      hints:
        readOnly: false
        destructive: false
        idempotent: false
      call: intune-graph-device-actions.syncmanageddevice
      with:
        managedDeviceId: tools.managedDeviceId
      outputParameters:
      - type: object
        mapping: $.
    - name: microsoft-endpoint-configuration-management-wipe
      description: Microsoft Endpoint Configuration Management Wipe a device
      hints:
        readOnly: false
        destructive: false
        idempotent: false
      call: intune-graph-device-actions.wipemanageddevice
      with:
        managedDeviceId: tools.managedDeviceId
        body: tools.body
      outputParameters:
      - type: object
        mapping: $.