Enable Disable Camera Settings using Intune and Microsoft Graph API

This post will explain how to Enable or Disable camera settings using Intune and Microsoft Graph API. This method helps automate configuration policy creation and deployment. You could also use Powershell to automate the creation of Intune configuration profiles.

Microsoft Intune provides a wide range of policies within the admin center. These policies can apply predefined settings to users and devices, all of which can be automated using Graph APIs. I will create a configuration policy that will disable the use of the Camera and deploy it to security groups in this example.

Microsoft Graph, a RESTful web API, facilitates access to Microsoft Cloud service resources. It lets you access data, intelligence, and insights from Microsoft 365 and other Microsoft Cloud services through a single endpoint, including data from Microsoft 365, Windows, and Enterprise Mobility + Security.

The Microsoft Graph API is designed to perform the same range of Intune operations as those available through the portal. Using Microsoft Graph, developers can build intelligent applications that leverage the power of Microsoft 365 and other Microsoft services to enhance productivity and collaboration.

Patch My PC
[sibwp_form id=2]

Reason for Disabling the Use of the Camera

Disabling the Use of the Camera has many advantages. In specific high-security settings, the ability to control camera usage on computer devices is paramount. For enhanced security measures, it is recommended that organizations consider the feasibility of disabling the cameras on end user’s computers.

Enable Disable Camera Settings using Intune and Microsoft Graph API Fig. 01
Enable Disable Camera Settings using Intune and Microsoft Graph API. Fig. 01

When this policy is disabled, it prevents anyone from accessing sensitive visual data without permission. It also allows you to reduce the chances of security issues and protect confidential information. Turning off the use of cameras is essential for preserving unauthorized access and accidental recording.

Disabling the camera will help save battery life and improve workstation performance. It will additionally diminish the likelihood of cyber attacks and guarantee that unauthorized surveillance via the device’s camera is prevented.

Create a Policy to Disable Camera using Intune and Graph API

Let’s learn how to create a policy to Disable the camera using Graph API. I will use Graph Explorer, a handy browser-based tool for running your Graph calls to automate the task. The API call can be made using the graph explorer. You could also use the Postman or Powershell to automate it. When you go to Graph Explorer, you will get a webpage like the one below.

Adaptiva
NOTE! You may need to log in to Graph Explorer using your credentials if it's your first time. 
Enable Disable Camera Settings using Intune and Microsoft Graph API. Fig.02
Enable Disable Camera Settings using Intune and Microsoft Graph API. Fig.02

You can use the Microsoft Graph API endpoint below to Create a Policy to Disable Camera in Microsoft Intune.

HTTP MethodsDescription
GETGET method is to retrieve data from the server simply
POSTThe POST HTTP request method sends data to the server for processing.
PUTThe PUT method completely replaces a resource identified with a given URL.
DELETEThe DELETE method removes or deletes a resource from a server.
Enable Disable Camera Settings using Intune and Microsoft Graph API. Table. 01

https://graph.microsoft.com/v1.0/deviceManagement/deviceConfigurations

You must have enough permission to run the above endpoint. I have created a table below with permission details.

Permission DescriptionAdminConsentRequired
DeviceManagementConfiguration.ReadWrite.AllAllows the app to read and write properties of Microsoft Intune-managed device configuration and device compliance policies and their assignment to groups without a signed-in user.Yes
Enable Disable Camera Settings using Intune and Microsoft Graph API. Table. 02

You should use the POST request method for the endpoint since you are Sending Data to APIs. Change the request method from GET to POST and paste the JSON code below into the request body.

{
    "@odata.type": "#microsoft.graph.windows10CustomConfiguration",
    "displayName": "Disable use of Camera",
    "description": "Policy to disable camera usage",
    "omaSettings": [
        {
            "@odata.type": "#microsoft.graph.omaSettingString",
            "displayName": "Disable use of Camera",
            "description": "Disables the camera on the device",
            "omaUri": "./Device/Vendor/MSFT/Policy/Config/Camera/AllowCamera",
            "value": "0"
        }
    ]
}

The value should be “0” if you want to disable the Camera settings. You can change it to “1” when enabling them. Also, note the omaUri that I used in this example. Camera devices will be enabled if you enable or don’t configure this policy setting. If you disable this property setting, Camera devices will be disabled.

Enable Disable Camera Settings using Intune and Microsoft Graph API. Fig.03
Enable Disable Camera Settings using Intune and Microsoft Graph API. Fig.03

Once you click the Run query button, the graph explorer will return a response message. You will receive a success message with the text created—201. Note down the id for further use.

Enable Disable Camera Settings using Intune and Microsoft Graph API. Fig.04
Enable Disable Camera Settings using Intune and Microsoft Graph API. Fig.04

Well, per the response message, the policy has been created successfully. Sign in to the Microsoft Intune Admin portal and verify the configuration profile.

Enable Disable Camera Settings using Intune and Microsoft Graph API. Fig.05
Enable Disable Camera Settings using Intune and Microsoft Graph API. Fig.05

Get the Security Group ID using Graph API

As discussed above, we will assign the app to a security group in Intune. Hence, you need the Security Group’s groupid to deploy the Intune Camera Settings using Graph API. Let’s learn how to get Security Group’s groupid.

  • Sign in back to Graph Explorer with your admin account.
  • Replace the Graph URL with the following endpoint.

https://graph.microsoft.com/v1.0/groups?$filter=displayName eq 'HTMD - Test Computers'&$select=id,displayName

Within seconds of clicking Run query, you will receive a success message with the text OK- 200. Make a note of the id for further use.

Enable Disable Camera Settings using Intune and Microsoft Graph API Fig. 06
Enable Disable Camera Settings using Intune and Microsoft Graph API. Fig.06

Assign a Configuration Profile to the Security Group using Graph API

Well, I have done enough testing, and it is good to deploy the Configuration Profile I created to disable the camera on my test machines. The test machines are added to the security group, and I have it’s unique id to automate the deployment.

  • Sign in back to Graph Explorer with your admin account.
  • Replace the Graph URL with the following endpoint. Replace the {profile-id} with the actual profile ID.
https://graph.microsoft.com/v1.0/deviceManagement/deviceConfigurations/{profile-id}/assignments

You should use the POST request method for the endpoint since you are Sending Data to APIs. Change the request method from GET to POST and paste the JSON code below into the request body. Make sure to replace the groupId with the id that you noted above.

{
    "@odata.type": "#microsoft.graph.deviceConfigurationAssignment",
    "target": {
        "@odata.type": "#microsoft.graph.groupAssignmentTarget",
        "groupId": "48bd6547-dc18-498e-8143-11c49a818836"
    }
}
Enable Disable Camera Settings using Intune and Microsoft Graph API. Fig.07
Enable Disable Camera Settings using Intune and Microsoft Graph API. Fig.07

You will receive a response as soon as you click on Run query. Let’s sign in to the Microsoft Intune Admin portal and verify the policy assignment. Select the configuration profile you deployed to check the assignment status from properties.

Enable Disable Camera Settings using Intune and Microsoft Graph API. Fig.08
Enable Disable Camera Settings using Intune and Microsoft Graph API. Fig.08

I hope this article will be a valuable resource for you and your organization. Thank you for being so patient in reading this post. I look forward to seeing you in the next post. Keep supporting the HTMD Community.

We are on WhatsApp now. To get the latest step-by-step guides, news, and updates, Join our Channel. Click here. HTMD WhatsApp.

Author

About the Author: Sujin Nelladath, a Microsoft Graph MVP with over ten years of experience in SCCM device management and Automation solutions, writes and shares his experiences with Microsoft device management technologies, Azure, and PowerShell automation.

Leave a Comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.