Microsoft Intune · Capability

Microsoft Intune Graph API — Managed Devices

Microsoft Intune Graph API — Managed Devices. 11 operations. Lead operation: Microsoft Intune List managed devices. Self-contained Naftiko capability covering one Microsoft Intune business surface.

Run with Naftiko Microsoft IntuneManaged Devices

What You Can Do

GET
Listmanageddevices — Microsoft Intune List managed devices
/v1/devicemanagement/manageddevices
POST
Createmanageddevice — Microsoft Intune Create managed device
/v1/devicemanagement/manageddevices
GET
Getmanageddevice — Microsoft Intune Get managed device
/v1/devicemanagement/manageddevices/{manageddeviceid}
PATCH
Updatemanageddevice — Microsoft Intune Update managed device
/v1/devicemanagement/manageddevices/{manageddeviceid}
DELETE
Deletemanageddevice — Microsoft Intune Delete managed device
/v1/devicemanagement/manageddevices/{manageddeviceid}
POST
Rebootmanageddevice — Microsoft Intune Reboot a device
/v1/devicemanagement/manageddevices/{manageddeviceid}/rebootnow
POST
Remotelockmanageddevice — Microsoft Intune Remote lock a device
/v1/devicemanagement/manageddevices/{manageddeviceid}/remotelock
POST
Resetpasscodemanageddevice — Microsoft Intune Reset device passcode
/v1/devicemanagement/manageddevices/{manageddeviceid}/resetpasscode
POST
Retiremanageddevice — Microsoft Intune Retire a device
/v1/devicemanagement/manageddevices/{manageddeviceid}/retire
POST
Syncmanageddevice — Microsoft Intune Sync a device
/v1/devicemanagement/manageddevices/{manageddeviceid}/syncdevice
POST
Wipemanageddevice — Microsoft Intune Wipe a device
/v1/devicemanagement/manageddevices/{manageddeviceid}/wipe

MCP Tools

microsoft-intune-list-managed-devices

Microsoft Intune List managed devices

read-only idempotent
microsoft-intune-create-managed-device

Microsoft Intune Create managed device

microsoft-intune-get-managed-device

Microsoft Intune Get managed device

read-only idempotent
microsoft-intune-update-managed-device

Microsoft Intune Update managed device

idempotent
microsoft-intune-delete-managed-device

Microsoft Intune Delete managed device

idempotent
microsoft-intune-reboot-device

Microsoft Intune Reboot a device

microsoft-intune-remote-lock-device

Microsoft Intune Remote lock a device

microsoft-intune-reset-device-passcode

Microsoft Intune Reset device passcode

microsoft-intune-retire-device

Microsoft Intune Retire a device

microsoft-intune-sync-device

Microsoft Intune Sync a device

microsoft-intune-wipe-device

Microsoft Intune Wipe a device

Capability Spec

microsoft-intune-managed-devices.yaml Raw ↑ 
naftiko: 1.0.0-alpha2
info:
  label: Microsoft Intune Graph API — Managed Devices
  description: 'Microsoft Intune Graph API — Managed Devices. 11 operations. Lead operation: Microsoft Intune List managed
    devices. Self-contained Naftiko capability covering one Microsoft Intune business surface.'
  tags:
  - Microsoft Intune
  - Managed Devices
  created: '2026-05-19'
  modified: '2026-05-19'
binds:
- namespace: env
  keys:
    MICROSOFT_INTUNE_API_KEY: MICROSOFT_INTUNE_API_KEY
capability:
  consumes:
  - type: http
    namespace: microsoft-intune-managed-devices
    baseUri: https://graph.microsoft.com/v1.0
    description: Microsoft Intune Graph API — Managed Devices business capability. Self-contained, no shared references.
    resources:
    - name: deviceManagement-managedDevices
      path: /deviceManagement/managedDevices
      operations:
      - name: listmanageddevices
        method: GET
        description: Microsoft Intune List managed devices
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
      - name: createmanageddevice
        method: POST
        description: Microsoft Intune Create managed device
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
        inputParameters:
        - name: body
          in: body
          type: object
          description: Request body (JSON).
          required: true
    - name: deviceManagement-managedDevices-managedDeviceId
      path: /deviceManagement/managedDevices/{managedDeviceId}
      operations:
      - name: getmanageddevice
        method: GET
        description: Microsoft Intune Get managed device
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
      - name: updatemanageddevice
        method: PATCH
        description: Microsoft Intune Update managed device
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
        inputParameters:
        - name: body
          in: body
          type: object
          description: Request body (JSON).
          required: true
      - name: deletemanageddevice
        method: DELETE
        description: Microsoft Intune Delete managed device
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
    - name: deviceManagement-managedDevices-managedDeviceId-rebootNow
      path: /deviceManagement/managedDevices/{managedDeviceId}/rebootNow
      operations:
      - name: rebootmanageddevice
        method: POST
        description: Microsoft Intune Reboot a device
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
    - name: deviceManagement-managedDevices-managedDeviceId-remoteLock
      path: /deviceManagement/managedDevices/{managedDeviceId}/remoteLock
      operations:
      - name: remotelockmanageddevice
        method: POST
        description: Microsoft Intune Remote lock a device
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
    - name: deviceManagement-managedDevices-managedDeviceId-resetPasscode
      path: /deviceManagement/managedDevices/{managedDeviceId}/resetPasscode
      operations:
      - name: resetpasscodemanageddevice
        method: POST
        description: Microsoft Intune Reset device passcode
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
    - name: deviceManagement-managedDevices-managedDeviceId-retire
      path: /deviceManagement/managedDevices/{managedDeviceId}/retire
      operations:
      - name: retiremanageddevice
        method: POST
        description: Microsoft Intune Retire a device
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
    - name: deviceManagement-managedDevices-managedDeviceId-syncDevice
      path: /deviceManagement/managedDevices/{managedDeviceId}/syncDevice
      operations:
      - name: syncmanageddevice
        method: POST
        description: Microsoft Intune Sync a device
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
    - name: deviceManagement-managedDevices-managedDeviceId-wipe
      path: /deviceManagement/managedDevices/{managedDeviceId}/wipe
      operations:
      - name: wipemanageddevice
        method: POST
        description: Microsoft Intune Wipe a device
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
        inputParameters:
        - name: body
          in: body
          type: object
          description: Request body (JSON).
          required: false
    authentication:
      type: bearer
      token: '{{env.MICROSOFT_INTUNE_API_KEY}}'
  exposes:
  - type: rest
    namespace: microsoft-intune-managed-devices-rest
    port: 8080
    description: REST adapter for Microsoft Intune Graph API — Managed Devices. One Spectral-compliant resource per consumed
      operation, prefixed with /v1.
    resources:
    - path: /v1/devicemanagement/manageddevices
      name: devicemanagement-manageddevices
      description: REST surface for deviceManagement-managedDevices.
      operations:
      - method: GET
        name: listmanageddevices
        description: Microsoft Intune List managed devices
        call: microsoft-intune-managed-devices.listmanageddevices
        outputParameters:
        - type: object
          mapping: $.
      - method: POST
        name: createmanageddevice
        description: Microsoft Intune Create managed device
        call: microsoft-intune-managed-devices.createmanageddevice
        with:
          body: rest.body
        outputParameters:
        - type: object
          mapping: $.
    - path: /v1/devicemanagement/manageddevices/{manageddeviceid}
      name: devicemanagement-manageddevices-manageddeviceid
      description: REST surface for deviceManagement-managedDevices-managedDeviceId.
      operations:
      - method: GET
        name: getmanageddevice
        description: Microsoft Intune Get managed device
        call: microsoft-intune-managed-devices.getmanageddevice
        outputParameters:
        - type: object
          mapping: $.
      - method: PATCH
        name: updatemanageddevice
        description: Microsoft Intune Update managed device
        call: microsoft-intune-managed-devices.updatemanageddevice
        with:
          body: rest.body
        outputParameters:
        - type: object
          mapping: $.
      - method: DELETE
        name: deletemanageddevice
        description: Microsoft Intune Delete managed device
        call: microsoft-intune-managed-devices.deletemanageddevice
        outputParameters:
        - type: object
          mapping: $.
    - path: /v1/devicemanagement/manageddevices/{manageddeviceid}/rebootnow
      name: devicemanagement-manageddevices-manageddeviceid-rebootnow
      description: REST surface for deviceManagement-managedDevices-managedDeviceId-rebootNow.
      operations:
      - method: POST
        name: rebootmanageddevice
        description: Microsoft Intune Reboot a device
        call: microsoft-intune-managed-devices.rebootmanageddevice
        outputParameters:
        - type: object
          mapping: $.
    - path: /v1/devicemanagement/manageddevices/{manageddeviceid}/remotelock
      name: devicemanagement-manageddevices-manageddeviceid-remotelock
      description: REST surface for deviceManagement-managedDevices-managedDeviceId-remoteLock.
      operations:
      - method: POST
        name: remotelockmanageddevice
        description: Microsoft Intune Remote lock a device
        call: microsoft-intune-managed-devices.remotelockmanageddevice
        outputParameters:
        - type: object
          mapping: $.
    - path: /v1/devicemanagement/manageddevices/{manageddeviceid}/resetpasscode
      name: devicemanagement-manageddevices-manageddeviceid-resetpasscode
      description: REST surface for deviceManagement-managedDevices-managedDeviceId-resetPasscode.
      operations:
      - method: POST
        name: resetpasscodemanageddevice
        description: Microsoft Intune Reset device passcode
        call: microsoft-intune-managed-devices.resetpasscodemanageddevice
        outputParameters:
        - type: object
          mapping: $.
    - path: /v1/devicemanagement/manageddevices/{manageddeviceid}/retire
      name: devicemanagement-manageddevices-manageddeviceid-retire
      description: REST surface for deviceManagement-managedDevices-managedDeviceId-retire.
      operations:
      - method: POST
        name: retiremanageddevice
        description: Microsoft Intune Retire a device
        call: microsoft-intune-managed-devices.retiremanageddevice
        outputParameters:
        - type: object
          mapping: $.
    - path: /v1/devicemanagement/manageddevices/{manageddeviceid}/syncdevice
      name: devicemanagement-manageddevices-manageddeviceid-syncdevice
      description: REST surface for deviceManagement-managedDevices-managedDeviceId-syncDevice.
      operations:
      - method: POST
        name: syncmanageddevice
        description: Microsoft Intune Sync a device
        call: microsoft-intune-managed-devices.syncmanageddevice
        outputParameters:
        - type: object
          mapping: $.
    - path: /v1/devicemanagement/manageddevices/{manageddeviceid}/wipe
      name: devicemanagement-manageddevices-manageddeviceid-wipe
      description: REST surface for deviceManagement-managedDevices-managedDeviceId-wipe.
      operations:
      - method: POST
        name: wipemanageddevice
        description: Microsoft Intune Wipe a device
        call: microsoft-intune-managed-devices.wipemanageddevice
        with:
          body: rest.body
        outputParameters:
        - type: object
          mapping: $.
  - type: mcp
    namespace: microsoft-intune-managed-devices-mcp
    port: 9090
    transport: http
    description: MCP adapter for Microsoft Intune Graph API — Managed Devices. One tool per consumed operation, routed inline
      through this capability's consumes block.
    tools:
    - name: microsoft-intune-list-managed-devices
      description: Microsoft Intune List managed devices
      hints:
        readOnly: true
        destructive: false
        idempotent: true
      call: microsoft-intune-managed-devices.listmanageddevices
      outputParameters:
      - type: object
        mapping: $.
    - name: microsoft-intune-create-managed-device
      description: Microsoft Intune Create managed device
      hints:
        readOnly: false
        destructive: false
        idempotent: false
      call: microsoft-intune-managed-devices.createmanageddevice
      with:
        body: tools.body
      outputParameters:
      - type: object
        mapping: $.
    - name: microsoft-intune-get-managed-device
      description: Microsoft Intune Get managed device
      hints:
        readOnly: true
        destructive: false
        idempotent: true
      call: microsoft-intune-managed-devices.getmanageddevice
      outputParameters:
      - type: object
        mapping: $.
    - name: microsoft-intune-update-managed-device
      description: Microsoft Intune Update managed device
      hints:
        readOnly: false
        destructive: false
        idempotent: true
      call: microsoft-intune-managed-devices.updatemanageddevice
      with:
        body: tools.body
      outputParameters:
      - type: object
        mapping: $.
    - name: microsoft-intune-delete-managed-device
      description: Microsoft Intune Delete managed device
      hints:
        readOnly: false
        destructive: true
        idempotent: true
      call: microsoft-intune-managed-devices.deletemanageddevice
      outputParameters:
      - type: object
        mapping: $.
    - name: microsoft-intune-reboot-device
      description: Microsoft Intune Reboot a device
      hints:
        readOnly: false
        destructive: false
        idempotent: false
      call: microsoft-intune-managed-devices.rebootmanageddevice
      outputParameters:
      - type: object
        mapping: $.
    - name: microsoft-intune-remote-lock-device
      description: Microsoft Intune Remote lock a device
      hints:
        readOnly: false
        destructive: false
        idempotent: false
      call: microsoft-intune-managed-devices.remotelockmanageddevice
      outputParameters:
      - type: object
        mapping: $.
    - name: microsoft-intune-reset-device-passcode
      description: Microsoft Intune Reset device passcode
      hints:
        readOnly: false
        destructive: false
        idempotent: false
      call: microsoft-intune-managed-devices.resetpasscodemanageddevice
      outputParameters:
      - type: object
        mapping: $.
    - name: microsoft-intune-retire-device
      description: Microsoft Intune Retire a device
      hints:
        readOnly: false
        destructive: false
        idempotent: false
      call: microsoft-intune-managed-devices.retiremanageddevice
      outputParameters:
      - type: object
        mapping: $.
    - name: microsoft-intune-sync-device
      description: Microsoft Intune Sync a device
      hints:
        readOnly: false
        destructive: false
        idempotent: false
      call: microsoft-intune-managed-devices.syncmanageddevice
      outputParameters:
      - type: object
        mapping: $.
    - name: microsoft-intune-wipe-device
      description: Microsoft Intune Wipe a device
      hints:
        readOnly: false
        destructive: false
        idempotent: false
      call: microsoft-intune-managed-devices.wipemanageddevice
      with:
        body: tools.body
      outputParameters:
      - type: object
        mapping: $.