Microsoft Graph Device Application Management

Microsoft Graph Device Application Management is the set of Graph API endpoints that lets you automate Intune app lifecycle tasks across your organization. It enables you to discover, upload, categorize, and assign mobile and Windows apps (including line-of-business and store apps) to user or device groups, apply app configuration policies, and monitor install and update status. It also supports mobile application management without device enrollment by creating and targeting app protection policies for iOS and Android, tracking managed app registrations and status, and managing Windows Information Protection policies. Beyond apps, it provides capabilities to manage Apple VPP/Apple Business Manager tokens and licenses, distribute managed eBooks, maintain enterprise code-signing certificates, and run app management tasks. With appropriate permissions (for example, DeviceManagementApps.ReadWrite.All and DeviceManagementManagedApps.ReadWrite), it enables end-to-end automation and integration with CI/CD and reporting workflows.