From 63600fe1458f2f163579ea001599f9752ee0a2d6 Mon Sep 17 00:00:00 2001 From: Steve Mutungi <132555836+SteveMutungi254@users.noreply.github.com> Date: Fri, 8 Nov 2024 18:24:05 +0000 Subject: [PATCH 1/3] Enrich device registered owner example --- .../Add-EntraBetaDeviceRegisteredOwner.md | 10 +++------- .../Add-EntraDeviceRegisteredOwner.md | 10 +++------- 2 files changed, 6 insertions(+), 14 deletions(-) diff --git a/module/docs/entra-powershell-beta/Microsoft.Graph.Entra.Beta/Add-EntraBetaDeviceRegisteredOwner.md b/module/docs/entra-powershell-beta/Microsoft.Graph.Entra.Beta/Add-EntraBetaDeviceRegisteredOwner.md index 2cf35cf043..b4fa387d07 100644 --- a/module/docs/entra-powershell-beta/Microsoft.Graph.Entra.Beta/Add-EntraBetaDeviceRegisteredOwner.md +++ b/module/docs/entra-powershell-beta/Microsoft.Graph.Entra.Beta/Add-EntraBetaDeviceRegisteredOwner.md @@ -42,13 +42,9 @@ The `Add-EntraBetaDeviceRegisteredOwner` cmdlet adds a registered owner for a Mi ```powershell Connect-Entra -Scopes 'Device.ReadWrite.All' -$User = Get-EntraBetaUser -UserId 'SawyerM@contoso.com' -$Device = Get-EntraBetaDevice -SearchString '' -$params = @{ - DeviceId = $Device.ObjectId - RefObjectId = $User.ObjectId -} -Add-EntraBetaDeviceRegisteredOwner @params +$user = Get-EntraBetaUser -UserId 'SawyerM@contoso.com' +$device = Get-EntraBetaDevice -SearchString '' +Add-EntraBetaDeviceRegisteredOwner -DeviceId $device.ObjectId -RefObjectId $user.Id ``` This example shows how to add a registered owner to a device. diff --git a/module/docs/entra-powershell-v1.0/Microsoft.Graph.Entra/Add-EntraDeviceRegisteredOwner.md b/module/docs/entra-powershell-v1.0/Microsoft.Graph.Entra/Add-EntraDeviceRegisteredOwner.md index b0f4c794f1..8b2be300db 100644 --- a/module/docs/entra-powershell-v1.0/Microsoft.Graph.Entra/Add-EntraDeviceRegisteredOwner.md +++ b/module/docs/entra-powershell-v1.0/Microsoft.Graph.Entra/Add-EntraDeviceRegisteredOwner.md @@ -41,13 +41,9 @@ The `Add-EntraDeviceRegisteredOwner` cmdlet adds a registered owner for a Micros ```powershell Connect-Entra -Scopes 'Device.ReadWrite.All' -$User = Get-EntraUser -UserId 'SawyerM@contoso.com' -$Device = Get-EntraDevice -SearchString '' -$params = @{ - DeviceId = $Device.ObjectId - RefObjectId = $User.ObjectId -} -Add-EntraDeviceRegisteredOwner @params +$user = Get-EntraUser -UserId 'SawyerM@contoso.com' +$device = Get-EntraDevice -SearchString '' +Add-EntraDeviceRegisteredOwner -DeviceId $device.ObjectId -RefObjectId $user.Id ``` This example shows how to add a registered user to a device. From 89f7185e66b219bc90ffa034ce2da811bb09c2ef Mon Sep 17 00:00:00 2001 From: Steve Mutungi <132555836+SteveMutungi254@users.noreply.github.com> Date: Sat, 9 Nov 2024 15:44:20 +0000 Subject: [PATCH 2/3] Flattening device registered users examples --- .../Add-EntraBetaDeviceRegisteredOwner.md | 2 +- .../Add-EntraBetaDeviceRegisteredUser.md | 10 +++------- .../Add-EntraDeviceRegisteredUser.md | 10 +++------- 3 files changed, 7 insertions(+), 15 deletions(-) diff --git a/module/docs/entra-powershell-beta/Microsoft.Graph.Entra.Beta/Add-EntraBetaDeviceRegisteredOwner.md b/module/docs/entra-powershell-beta/Microsoft.Graph.Entra.Beta/Add-EntraBetaDeviceRegisteredOwner.md index b4fa387d07..df697f2f1f 100644 --- a/module/docs/entra-powershell-beta/Microsoft.Graph.Entra.Beta/Add-EntraBetaDeviceRegisteredOwner.md +++ b/module/docs/entra-powershell-beta/Microsoft.Graph.Entra.Beta/Add-EntraBetaDeviceRegisteredOwner.md @@ -44,7 +44,7 @@ The `Add-EntraBetaDeviceRegisteredOwner` cmdlet adds a registered owner for a Mi Connect-Entra -Scopes 'Device.ReadWrite.All' $user = Get-EntraBetaUser -UserId 'SawyerM@contoso.com' $device = Get-EntraBetaDevice -SearchString '' -Add-EntraBetaDeviceRegisteredOwner -DeviceId $device.ObjectId -RefObjectId $user.Id +Add-EntraBetaDeviceRegisteredOwner -DeviceId $device.ObjectId -RefObjectId $user.Id ``` This example shows how to add a registered owner to a device. diff --git a/module/docs/entra-powershell-beta/Microsoft.Graph.Entra.Beta/Add-EntraBetaDeviceRegisteredUser.md b/module/docs/entra-powershell-beta/Microsoft.Graph.Entra.Beta/Add-EntraBetaDeviceRegisteredUser.md index d70008ee95..5ff05ad5bc 100644 --- a/module/docs/entra-powershell-beta/Microsoft.Graph.Entra.Beta/Add-EntraBetaDeviceRegisteredUser.md +++ b/module/docs/entra-powershell-beta/Microsoft.Graph.Entra.Beta/Add-EntraBetaDeviceRegisteredUser.md @@ -42,13 +42,9 @@ The `Add-EntraBetaDeviceRegisteredUser` cmdlet adds a registered user for a Micr ```powershell Connect-Entra -Scopes 'Device.ReadWrite.All' -$User = Get-EntraBetaUser -UserId 'SawyerM@contoso.com' -$Device = Get-EntraBetaDevice -SearchString '' -$params = @{ - DeviceId = $Device.ObjectId - RefObjectId = $User.ObjectId -} -Add-EntraBetaDeviceRegisteredUser @params +$user = Get-EntraBetaUser -UserId 'SawyerM@contoso.com' +$device = Get-EntraBetaDevice -SearchString '' +Add-EntraBetaDeviceRegisteredUser -DeviceId $device.ObjectId -RefObjectId $user.Id ``` This example shows how to add a registered user to a device. diff --git a/module/docs/entra-powershell-v1.0/Microsoft.Graph.Entra/Add-EntraDeviceRegisteredUser.md b/module/docs/entra-powershell-v1.0/Microsoft.Graph.Entra/Add-EntraDeviceRegisteredUser.md index 354cbf34c6..ff24a9de7d 100644 --- a/module/docs/entra-powershell-v1.0/Microsoft.Graph.Entra/Add-EntraDeviceRegisteredUser.md +++ b/module/docs/entra-powershell-v1.0/Microsoft.Graph.Entra/Add-EntraDeviceRegisteredUser.md @@ -42,13 +42,9 @@ The `Add-EntraDeviceRegisteredUser` cmdlet adds a registered user for a Microsof ```powershell Connect-Entra -Scopes 'Device.ReadWrite.All' -$User = Get-EntraUser -UserId 'SawyerM@contoso.com' -$Device = Get-EntraDevice -SearchString '' -$params = @{ - DeviceId = $Device.ObjectId - RefObjectId = $User.ObjectId -} -Add-EntraDeviceRegisteredUser @params +$user = Get-EntraUser -UserId 'SawyerM@contoso.com' +$device = Get-EntraDevice -SearchString '' +Add-EntraDeviceRegisteredUser -DeviceId $device.ObjectId -RefObjectId $user.Id ``` This example shows how to add a registered user to a device. From 186a5f23932f6bd6f524112eb1fb1e7c40d5828d Mon Sep 17 00:00:00 2001 From: Steve Mutungi <132555836+SteveMutungi254@users.noreply.github.com> Date: Sat, 9 Nov 2024 16:27:41 +0000 Subject: [PATCH 3/3] Updating device examples + added roles information --- .../Add-EntraBetaDeviceRegisteredOwner.md | 5 +++ .../Add-EntraBetaDeviceRegisteredUser.md | 5 +++ .../Get-EntraBetaDevice.md | 11 +++++- .../Get-EntraBetaDeviceRegisteredOwner.md | 39 +++++++------------ .../Get-EntraBetaDeviceRegisteredUser.md | 17 ++++++-- .../New-EntraBetaDevice.md | 13 +++++-- .../Remove-EntraBetaDevice.md | 10 +++-- .../Remove-EntraBetaDeviceRegisteredOwner.md | 11 ++++-- .../Remove-EntraBetaDeviceRegisteredUser.md | 11 ++++-- .../Set-EntraBetaDevice.md | 22 +++++++---- .../Add-EntraDeviceRegisteredOwner.md | 5 +++ .../Add-EntraDeviceRegisteredUser.md | 5 +++ .../Microsoft.Graph.Entra/Get-EntraDevice.md | 11 +++++- .../Get-EntraDeviceRegisteredOwner.md | 39 +++++++------------ .../Get-EntraDeviceRegisteredUser.md | 17 ++++++-- .../Microsoft.Graph.Entra/New-EntraDevice.md | 13 +++++-- .../Remove-EntraDevice.md | 10 +++-- .../Remove-EntraDeviceRegisteredOwner.md | 11 ++++-- .../Remove-EntraDeviceRegisteredUser.md | 11 ++++-- .../Microsoft.Graph.Entra/Set-EntraDevice.md | 28 ++++++++----- 20 files changed, 193 insertions(+), 101 deletions(-) diff --git a/module/docs/entra-powershell-beta/Microsoft.Graph.Entra.Beta/Add-EntraBetaDeviceRegisteredOwner.md b/module/docs/entra-powershell-beta/Microsoft.Graph.Entra.Beta/Add-EntraBetaDeviceRegisteredOwner.md index df697f2f1f..54b18577f1 100644 --- a/module/docs/entra-powershell-beta/Microsoft.Graph.Entra.Beta/Add-EntraBetaDeviceRegisteredOwner.md +++ b/module/docs/entra-powershell-beta/Microsoft.Graph.Entra.Beta/Add-EntraBetaDeviceRegisteredOwner.md @@ -36,6 +36,11 @@ Add-EntraBetaDeviceRegisteredOwner The `Add-EntraBetaDeviceRegisteredOwner` cmdlet adds a registered owner for a Microsoft Entra ID device. +In delegated scenarios involving work or school accounts, the signed-in user must have a supported Microsoft Entra role or a custom role with the required permissions. The following least privileged roles are supported for this operation: + +- Intune Administrator +- Windows 365 Administrator + ## Examples ### Example 1: Add a user as a registered owner diff --git a/module/docs/entra-powershell-beta/Microsoft.Graph.Entra.Beta/Add-EntraBetaDeviceRegisteredUser.md b/module/docs/entra-powershell-beta/Microsoft.Graph.Entra.Beta/Add-EntraBetaDeviceRegisteredUser.md index 5ff05ad5bc..34f6e2fa32 100644 --- a/module/docs/entra-powershell-beta/Microsoft.Graph.Entra.Beta/Add-EntraBetaDeviceRegisteredUser.md +++ b/module/docs/entra-powershell-beta/Microsoft.Graph.Entra.Beta/Add-EntraBetaDeviceRegisteredUser.md @@ -36,6 +36,11 @@ Add-EntraBetaDeviceRegisteredUser The `Add-EntraBetaDeviceRegisteredUser` cmdlet adds a registered user for a Microsoft Entra ID device. +In delegated scenarios involving work or school accounts, the signed-in user must have a supported Microsoft Entra role or a custom role with the required permissions. The following least privileged roles are supported for this operation: + +- Intune Administrator +- Windows 365 Administrator + ## Examples ### Example 1: Add a user as a registered user diff --git a/module/docs/entra-powershell-beta/Microsoft.Graph.Entra.Beta/Get-EntraBetaDevice.md b/module/docs/entra-powershell-beta/Microsoft.Graph.Entra.Beta/Get-EntraBetaDevice.md index 9f42545918..0cc17e7471 100644 --- a/module/docs/entra-powershell-beta/Microsoft.Graph.Entra.Beta/Get-EntraBetaDevice.md +++ b/module/docs/entra-powershell-beta/Microsoft.Graph.Entra.Beta/Get-EntraBetaDevice.md @@ -60,13 +60,22 @@ Get-EntraBetaDevice The `Get-EntraBetaDevice` cmdlet gets a device from Microsoft Entra ID. Specify the `DeviceId` parameter to get a specific device. +In delegated scenarios with work or school accounts, the signed-in user must have a supported Microsoft Entra role or a custom role with the required permissions. The following least privileged roles are supported: + +- Cloud Device Administrator +- Intune Administrator +- Windows 365 Administrator +- Compliance Administrator +- Device Managers + ## Examples ### Example 1: Get a device by ID ```powershell Connect-Entra -Scopes 'Device.Read.All' -Get-EntraBetaDevice -DeviceId 'bbbbbbbb-1111-1111-1111-cccccccccccc' +$device = Get-EntraBetaDevice -SearchString '' +Get-EntraBetaDevice -DeviceId $device.ObjectId ``` ```Output diff --git a/module/docs/entra-powershell-beta/Microsoft.Graph.Entra.Beta/Get-EntraBetaDeviceRegisteredOwner.md b/module/docs/entra-powershell-beta/Microsoft.Graph.Entra.Beta/Get-EntraBetaDeviceRegisteredOwner.md index 393ec542f5..da23e1d31b 100644 --- a/module/docs/entra-powershell-beta/Microsoft.Graph.Entra.Beta/Get-EntraBetaDeviceRegisteredOwner.md +++ b/module/docs/entra-powershell-beta/Microsoft.Graph.Entra.Beta/Get-EntraBetaDeviceRegisteredOwner.md @@ -38,14 +38,21 @@ Get-EntraBetaDeviceRegisteredOwner The `Get-EntraBetaDeviceRegisteredOwner` cmdlet gets the registered owner of a device in Microsoft Entra ID. Specify `DeviceId` parameter gets the registered owner of a device. +In delegated scenarios with work or school accounts, the signed-in user must have a supported Microsoft Entra role or a custom role with the necessary permissions. The following least privileged roles are supported: + +- Directory Readers +- Global Reader +- Intune Administrator +- Windows 365 Administrator + ## Examples ### Example 1: Retrieve the registered owner of a device ```powershell Connect-Entra -Scopes 'Device.Read.All' -$DevId = (Get-EntraDevice -Top 1).ObjectId -Get-EntraBetaDeviceRegisteredOwner -DeviceId $DevId +$device = Get-EntraBetaDevice -SearchString '' +Get-EntraBetaDeviceRegisteredOwner -DeviceId $device.ObjectId ``` ```Output @@ -58,29 +65,12 @@ This example shows how to find the registered owner of a device.. - `-DeviceId` parameter specifies the device's ID -### Example 2: Retrieve the registered owner of a device - -```powershell -Connect-Entra -Scopes 'Device.Read.All' -Get-EntraBetaDeviceRegisteredOwner -DeviceId bbbbbbbb-1111-2222-3333-cccccccccccc -``` - -```Output -ObjectId DisplayName UserPrincipalName UserType --------- ----------- ----------------- -------- -aaaaaaaa-0000-1111-2222-bbbbbbbbbbbb Maria Sullivan maria@contoso.com Member -cccccccc-2222-3333-4444-dddddddddddd Parker McLean parker@contoso.com Member -``` - -This command gets the registered owner of a device. - -- `-DeviceId` parameter specifies the device's ID - -### Example 3: Retrieve all the registered owners of a device +### Example 2: Retrieve all the registered owners of a device ```powershell Connect-Entra -Scopes 'Device.Read.All' -Get-EntraBetaDeviceRegisteredOwner -DeviceId bbbbbbbb-1111-2222-3333-cccccccccccc -All +$device = Get-EntraBetaDevice -SearchString '' +Get-EntraBetaDeviceRegisteredOwner -DeviceId $device.ObjectId -All ``` ```Output @@ -94,11 +84,12 @@ This command retrieves all the registered owners of a device. - `-DeviceId` parameter specifies the device's ID. -### Example 4: Retrieve top one registered owner of a device +### Example 3: Retrieve top one registered owner of a device ```powershell Connect-Entra -Scopes 'Device.Read.All' -Get-EntraBetaDeviceRegisteredOwner -DeviceId bbbbbbbb-1111-2222-3333-cccccccccccc -Top 1 +$device = Get-EntraBetaDevice -SearchString '' +Get-EntraBetaDeviceRegisteredOwner -DeviceId $device.ObjectId -Top 1 ``` ```Output diff --git a/module/docs/entra-powershell-beta/Microsoft.Graph.Entra.Beta/Get-EntraBetaDeviceRegisteredUser.md b/module/docs/entra-powershell-beta/Microsoft.Graph.Entra.Beta/Get-EntraBetaDeviceRegisteredUser.md index 72c34dc82c..90ad6595f4 100644 --- a/module/docs/entra-powershell-beta/Microsoft.Graph.Entra.Beta/Get-EntraBetaDeviceRegisteredUser.md +++ b/module/docs/entra-powershell-beta/Microsoft.Graph.Entra.Beta/Get-EntraBetaDeviceRegisteredUser.md @@ -38,14 +38,21 @@ Get-EntraBetaDeviceRegisteredUser The `Get-EntraBetaDeviceRegisteredUser` cmdlet gets a registered user for a Microsoft Entra ID device. Specify `DeviceId` parameter to get a registered user for a Microsoft Entra ID device. +In delegated scenarios with work or school accounts, the signed-in user must have a supported Microsoft Entra role or a custom role with the necessary permissions. The following least privileged roles are supported: + +- Directory Readers +- Global Reader +- Intune Administrator +- Windows 365 Administrator + ## Examples ### Example 1: Retrieve the registered user of a device ```powershell Connect-Entra -Scopes 'Device.Read.All' -$DevId = (Get-EntraDevice -Top 1).ObjectId -Get-EntraBetaDeviceRegisteredUser -DeviceId $DevId +$device = Get-EntraBetaDevice -SearchString '' +Get-EntraBetaDeviceRegisteredUser -DeviceId $device.ObjectId ``` ```Output @@ -63,7 +70,8 @@ This example demonstrates how to retrieve registered user for a specific Microso ```powershell Connect-Entra -Scopes 'Device.Read.All' -Get-EntraBetaDeviceRegisteredUser -DeviceId 'aaaaaaaa-0000-1111-2222-bbbbbbbbbbbb' -All +$device = Get-EntraBetaDevice -SearchString '' +Get-EntraBetaDeviceRegisteredUser -DeviceId $device.ObjectId -All ``` ```Output @@ -83,7 +91,8 @@ This example demonstrates how to retrieve all registered users for a specified d ```powershell Connect-Entra -Scopes 'Device.Read.All' -Get-EntraBetaDeviceRegisteredUser -DeviceId 'aaaaaaaa-0000-1111-2222-bbbbbbbbbbbb' -Top 2 +$device = Get-EntraBetaDevice -SearchString '' +Get-EntraBetaDeviceRegisteredUser -DeviceId $device.ObjectId -Top 2 ``` ```Output diff --git a/module/docs/entra-powershell-beta/Microsoft.Graph.Entra.Beta/New-EntraBetaDevice.md b/module/docs/entra-powershell-beta/Microsoft.Graph.Entra.Beta/New-EntraBetaDevice.md index 87385aaabd..9b9381fef2 100644 --- a/module/docs/entra-powershell-beta/Microsoft.Graph.Entra.Beta/New-EntraBetaDevice.md +++ b/module/docs/entra-powershell-beta/Microsoft.Graph.Entra.Beta/New-EntraBetaDevice.md @@ -49,7 +49,10 @@ New-EntraBetaDevice The `New-EntraBetaDevice` cmdlet creates a device in Microsoft Entra ID. -The calling user must be in one of the following Microsoft Entra roles: Intune Administrator or Windows 365 Administrator. +In delegated scenarios involving work or school accounts, the signed-in user must have a supported Microsoft Entra role or a custom role with the required permissions. The following least privileged roles are supported for this operation: + +- Intune Administrator +- Windows 365 Administrator ## Examples @@ -57,11 +60,13 @@ The calling user must be in one of the following Microsoft Entra roles: Intune A ```powershell Connect-Entra -Scopes 'Directory.AccessAsUser.All','Device.ReadWrite.All' - +$newId= New-Object Microsoft.Open.AzureAD.Model.AlternativeSecurityId +$newId.Key =[System.Text.Encoding]::UTF8.GetBytes('test') +$newId.type = 2 $params = @{ AccountEnabled = $true DisplayName = 'My new device' - AlternativeSecurityIds = $altsecid + AlternativeSecurityIds = $newId DeviceId = $guid DeviceOSType = 'OS/2' DeviceOSVersion = '9.3' @@ -98,7 +103,7 @@ Accept wildcard characters: False ### -AlternativeSecurityIds -Specifies alternative security IDs. +Specifies alternative security IDs. See more details on [security IDs](https://learn.microsoft.com/graph/api/resources/alternativesecurityid). ```yaml Type: System.Collections.Generic.List`1[Microsoft.Open.AzureAD.Model.AlternativeSecurityId] diff --git a/module/docs/entra-powershell-beta/Microsoft.Graph.Entra.Beta/Remove-EntraBetaDevice.md b/module/docs/entra-powershell-beta/Microsoft.Graph.Entra.Beta/Remove-EntraBetaDevice.md index c8ff0fee95..ef50ba84e3 100644 --- a/module/docs/entra-powershell-beta/Microsoft.Graph.Entra.Beta/Remove-EntraBetaDevice.md +++ b/module/docs/entra-powershell-beta/Microsoft.Graph.Entra.Beta/Remove-EntraBetaDevice.md @@ -35,7 +35,11 @@ Remove-EntraBetaDevice The `Remove-EntraBetaDevice` cmdlet removes a device from Microsoft Entra ID. -The calling user must be in one of the following Microsoft Entra roles: Intune Administrator, Windows 365 Administrator, or Cloud Device Administrator. +In delegated scenarios with work or school accounts, the signed-in user must have a supported Microsoft Entra role or a custom role with the required permissions. The following least privileged roles are supported: + +- Intune Administrator +- Windows 365 Administrator +- Cloud Device Administrator ## Examples @@ -43,8 +47,8 @@ The calling user must be in one of the following Microsoft Entra roles: Intune A ```powershell Connect-Entra -Scopes 'Directory.AccessAsUser.All','Device.ReadWrite.All' -$Device = Get-EntraBetaDevice -Filter "DisplayName eq 'Woodgrove Desktop'" -Remove-EntraBetaDevice -DeviceId $Device.ObjectId +$device = Get-EntraBetaDevice -Filter "DisplayName eq 'Woodgrove Desktop'" +Remove-EntraBetaDevice -DeviceId $device.ObjectId ``` This command removes the specified device. diff --git a/module/docs/entra-powershell-beta/Microsoft.Graph.Entra.Beta/Remove-EntraBetaDeviceRegisteredOwner.md b/module/docs/entra-powershell-beta/Microsoft.Graph.Entra.Beta/Remove-EntraBetaDeviceRegisteredOwner.md index 36e98b9802..0c9ce87dc5 100644 --- a/module/docs/entra-powershell-beta/Microsoft.Graph.Entra.Beta/Remove-EntraBetaDeviceRegisteredOwner.md +++ b/module/docs/entra-powershell-beta/Microsoft.Graph.Entra.Beta/Remove-EntraBetaDeviceRegisteredOwner.md @@ -36,15 +36,20 @@ Remove-EntraBetaDeviceRegisteredOwner The `Remove-EntraBetaDeviceRegisteredOwner` cmdlet removes the registered owner of a device in Microsoft Entra ID. +In delegated scenarios involving work or school accounts, the signed-in user must have a supported Microsoft Entra role or a custom role with the required permissions. The following least privileged roles are supported for this operation: + +- Intune Administrator +- Windows 365 Administrator + ## Examples ### Example 1: Remove an owner from a device ```powershell Connect-Entra -Scopes 'Directory.AccessAsUser.All' -$Device = Get-EntraBetaDevice -Top 1 -$Owner = Get-EntraBetaDeviceRegisteredOwner -ObjectId $Device.ObjectId -Remove-EntraBetaDeviceRegisteredOwner -DeviceId $Device.ObjectId -OwnerId $Owner.ObjectId +$device = Get-EntraBetaDevice -Filter "DisplayName eq 'Woodgrove Desktop'" +$owner = Get-EntraBetaDeviceRegisteredOwner -ObjectId $device.ObjectId +Remove-EntraBetaDeviceRegisteredOwner -DeviceId $device.ObjectId -OwnerId $owner.Id ``` This examples shows how to remove the owner of a device. diff --git a/module/docs/entra-powershell-beta/Microsoft.Graph.Entra.Beta/Remove-EntraBetaDeviceRegisteredUser.md b/module/docs/entra-powershell-beta/Microsoft.Graph.Entra.Beta/Remove-EntraBetaDeviceRegisteredUser.md index 13e371247f..eba63cc20e 100644 --- a/module/docs/entra-powershell-beta/Microsoft.Graph.Entra.Beta/Remove-EntraBetaDeviceRegisteredUser.md +++ b/module/docs/entra-powershell-beta/Microsoft.Graph.Entra.Beta/Remove-EntraBetaDeviceRegisteredUser.md @@ -36,15 +36,20 @@ Remove-EntraBetaDeviceRegisteredUser The `Remove-EntraBetaDeviceRegisteredUser` cmdlet removes a registered user from a Microsoft Entra ID device. +In delegated scenarios involving work or school accounts, the signed-in user must have a supported Microsoft Entra role or a custom role with the required permissions. The following least privileged roles are supported for this operation: + +- Intune Administrator +- Windows 365 Administrator + ## Examples ### Example 1: Remove a registered user from a device ```Powershell Connect-Entra -Scopes 'Directory.AccessAsUser.All' -$Device = Get-EntraBetaDevice -Top 1 -$User = Get-EntraBetaDeviceRegisteredUser -DeviceId $Device.ObjectId -Remove-EntraBetaDeviceRegisteredUser -DeviceId $Device.ObjectId -UserId $User.ObjectId +$device = Get-EntraBetaDevice -Filter "DisplayName eq 'Woodgrove Desktop'" +$user = Get-EntraBetaDeviceRegisteredUser -DeviceId $device.ObjectId +Remove-EntraBetaDeviceRegisteredUser -DeviceId $device.ObjectId -UserId $user.Id ``` This example shows how to remove the registered user from device. diff --git a/module/docs/entra-powershell-beta/Microsoft.Graph.Entra.Beta/Set-EntraBetaDevice.md b/module/docs/entra-powershell-beta/Microsoft.Graph.Entra.Beta/Set-EntraBetaDevice.md index 7b3848a67a..fd156393a5 100644 --- a/module/docs/entra-powershell-beta/Microsoft.Graph.Entra.Beta/Set-EntraBetaDevice.md +++ b/module/docs/entra-powershell-beta/Microsoft.Graph.Entra.Beta/Set-EntraBetaDevice.md @@ -49,7 +49,11 @@ Set-EntraBetaDevice The `Set-EntraBetaDevice` cmdlet updates a device in Microsoft Entra ID. -The calling user must have at least the Intune Administrator role in Microsoft Entra. A user with the Cloud Device Administrator role can only enable or disable devices, while a user with the Windows 365 Administrator role can only update basic device properties. +The calling user must have at least: + +- Intune Administrator role +- Cloud Device Administrator role can only enable or disable devices +- Windows 365 Administrator role can only update basic device properties. ## Examples @@ -57,7 +61,8 @@ The calling user must have at least the Intune Administrator role in Microsoft E ```powershell Connect-Entra -Scopes 'Directory.AccessAsUser.All','Device.ReadWrite.All' -Set-EntraBetaDevice -DeviceObjectId 'aaaaaaaa-0000-1111-2222-bbbbbbbbbbbb' -DisplayName 'My OS/2 computer' +$device = Get-EntraBetaDevice -Filter "DisplayName eq 'Woodgrove Desktop'" +Set-EntraBetaDevice -DeviceObjectId $device.ObjectId -DisplayName 'My OS/2 computer' ``` This example shows how to update a display name of a specified. @@ -69,7 +74,8 @@ Connect-Entra -Scopes 'Directory.AccessAsUser.All','Device.ReadWrite.All' $NewId= New-Object Microsoft.Open.AzureAD.Model.AlternativeSecurityId $NewId.Key =[System.Text.Encoding]::UTF8.GetBytes('test') $NewId.type = 2 -Set-EntraBetaDevice -DeviceObjectId 'aaaaaaaa-0000-1111-2222-bbbbbbbbbbbb' -AlternativeSecurityIds $NewId +$device = Get-EntraBetaDevice -Filter "DisplayName eq 'Woodgrove Desktop'" +Set-EntraBetaDevice -DeviceObjectId $device.ObjectId -AlternativeSecurityIds $NewId ``` This example shows how to update an alternative security ID of a specified device. @@ -78,7 +84,8 @@ This example shows how to update an alternative security ID of a specified devic ```powershell Connect-Entra -Scopes 'Directory.AccessAsUser.All','Device.ReadWrite.All' -Set-EntraBetaDevice -DeviceObjectId 'aaaaaaaa-0000-1111-2222-bbbbbbbbbbbb' -AccountEnabled $true +$device = Get-EntraBetaDevice -Filter "DisplayName eq 'Woodgrove Desktop'" +Set-EntraBetaDevice -DeviceObjectId $device.ObjectId -AccountEnabled $true ``` This example shows how to update an account enabled of a specified device. @@ -87,7 +94,8 @@ This example shows how to update an account enabled of a specified device. ```powershell Connect-Entra -Scopes 'Directory.AccessAsUser.All','Device.ReadWrite.All' -Set-EntraBetaDevice -DeviceObjectId 'aaaaaaaa-0000-1111-2222-bbbbbbbbbbbb' -DeviceOSType Windows +$device = Get-EntraBetaDevice -Filter "DisplayName eq 'Woodgrove Desktop'" +Set-EntraBetaDevice -DeviceObjectId $device.ObjectId -DeviceOSType Windows ``` This example shows how to update an OS type of a specified device. @@ -96,9 +104,9 @@ This example shows how to update an OS type of a specified device. ```powershell Connect-Entra -Scopes 'Directory.AccessAsUser.All','Device.ReadWrite.All' - +$device = Get-EntraBetaDevice -Filter "DisplayName eq 'Woodgrove Desktop'" $params = @{ - DeviceObjectId = 'aaaaaaaa-0000-1111-2222-bbbbbbbbbbbb' + DeviceObjectId = $device.ObjectId DeviceMetadata = 'Testdevice' DeviceObjectVersion = 4 DevicePhysicalIds = '[GID]:g:1234567890123456' diff --git a/module/docs/entra-powershell-v1.0/Microsoft.Graph.Entra/Add-EntraDeviceRegisteredOwner.md b/module/docs/entra-powershell-v1.0/Microsoft.Graph.Entra/Add-EntraDeviceRegisteredOwner.md index 8b2be300db..de1a7694aa 100644 --- a/module/docs/entra-powershell-v1.0/Microsoft.Graph.Entra/Add-EntraDeviceRegisteredOwner.md +++ b/module/docs/entra-powershell-v1.0/Microsoft.Graph.Entra/Add-EntraDeviceRegisteredOwner.md @@ -35,6 +35,11 @@ Add-EntraDeviceRegisteredOwner The `Add-EntraDeviceRegisteredOwner` cmdlet adds a registered owner for a Microsoft Entra ID device. +In delegated scenarios involving work or school accounts, the signed-in user must have a supported Microsoft Entra role or a custom role with the required permissions. The following least privileged roles are supported for this operation: + +- Intune Administrator +- Windows 365 Administrator + ## Examples ### Example 1: Add a user as a registered user diff --git a/module/docs/entra-powershell-v1.0/Microsoft.Graph.Entra/Add-EntraDeviceRegisteredUser.md b/module/docs/entra-powershell-v1.0/Microsoft.Graph.Entra/Add-EntraDeviceRegisteredUser.md index ff24a9de7d..9c1343ea23 100644 --- a/module/docs/entra-powershell-v1.0/Microsoft.Graph.Entra/Add-EntraDeviceRegisteredUser.md +++ b/module/docs/entra-powershell-v1.0/Microsoft.Graph.Entra/Add-EntraDeviceRegisteredUser.md @@ -36,6 +36,11 @@ Add-EntraDeviceRegisteredUser The `Add-EntraDeviceRegisteredUser` cmdlet adds a registered user for a Microsoft Entra ID device. +In delegated scenarios involving work or school accounts, the signed-in user must have a supported Microsoft Entra role or a custom role with the required permissions. The following least privileged roles are supported for this operation: + +- Intune Administrator +- Windows 365 Administrator + ## Examples ### Example 1: Add a user as a registered user diff --git a/module/docs/entra-powershell-v1.0/Microsoft.Graph.Entra/Get-EntraDevice.md b/module/docs/entra-powershell-v1.0/Microsoft.Graph.Entra/Get-EntraDevice.md index 9d6749d3d4..1eb65fd212 100644 --- a/module/docs/entra-powershell-v1.0/Microsoft.Graph.Entra/Get-EntraDevice.md +++ b/module/docs/entra-powershell-v1.0/Microsoft.Graph.Entra/Get-EntraDevice.md @@ -59,13 +59,22 @@ Get-EntraDevice The `Get-EntraDevice` cmdlet gets a device from Microsoft Entra ID. Specify the `DeviceId` parameter to get a specific device. +In delegated scenarios with work or school accounts, the signed-in user must have a supported Microsoft Entra role or a custom role with the required permissions. The following least privileged roles are supported: + +- Cloud Device Administrator +- Intune Administrator +- Windows 365 Administrator +- Compliance Administrator +- Device Managers + ## Examples ### Example 1: Get a device by ID ```powershell Connect-Entra -Scopes 'Device.Read.All' -Get-EntraDevice -DeviceId 'bbbbbbbb-1111-2222-3333-cccccccccccc' +$device = Get-EntraDevice -SearchString '' +Get-EntraDevice -DeviceId $device.ObjectId ``` ```Output diff --git a/module/docs/entra-powershell-v1.0/Microsoft.Graph.Entra/Get-EntraDeviceRegisteredOwner.md b/module/docs/entra-powershell-v1.0/Microsoft.Graph.Entra/Get-EntraDeviceRegisteredOwner.md index 1149f5438e..f52702d0a3 100644 --- a/module/docs/entra-powershell-v1.0/Microsoft.Graph.Entra/Get-EntraDeviceRegisteredOwner.md +++ b/module/docs/entra-powershell-v1.0/Microsoft.Graph.Entra/Get-EntraDeviceRegisteredOwner.md @@ -38,14 +38,21 @@ Get-EntraDeviceRegisteredOwner The `Get-EntraDeviceRegisteredOwner` cmdlet gets the registered owner of a device in Microsoft Entra ID. Specify `DeviceId` parameter gets the registered owner of a device. +In delegated scenarios with work or school accounts, the signed-in user must have a supported Microsoft Entra role or a custom role with the necessary permissions. The following least privileged roles are supported: + +- Directory Readers +- Global Reader +- Intune Administrator +- Windows 365 Administrator + ## Examples ### Example 1: Retrieve the registered owner of a device ```powershell Connect-Entra -Scopes 'Device.Read.All' -$DevId = (Get-EntraDevice -Top 1).ObjectId -Get-EntraDeviceRegisteredOwner -DeviceId $DevId +$device = Get-EntraDevice -SearchString '' +Get-EntraDeviceRegisteredOwner -DeviceId $device.ObjectId ``` ```Output @@ -58,29 +65,12 @@ This example shows how to find the registered owner of a device.. - `-DeviceId` parameter specifies the device's ID. -### Example 2: Retrieve the registered owner of a device - -```powershell -Connect-Entra -Scopes 'Device.Read.All' -Get-EntraDeviceRegisteredOwner -DeviceId 'bbbbbbbb-1111-2222-3333-cccccccccccc' -``` - -```Output -Id DeletedDateTime --- --------------- -aaaaaaaa-0000-1111-2222-bbbbbbbbbbbb -cccccccc-2222-3333-4444-dddddddddddd -``` - -This command gets the registered owner of a device. - -- `-DeviceId` parameter specifies the device's ID - -### Example 3: Retrieve all the registered owners of a device +### Example 2: Retrieve all the registered owners of a device ```powershell Connect-Entra -Scopes 'Device.Read.All' -Get-EntraDeviceRegisteredOwner -DeviceId 'bbbbbbbb-1111-2222-3333-cccccccccccc' -All +$device = Get-EntraDevice -SearchString '' +Get-EntraDeviceRegisteredOwner -DeviceId $device.ObjectId -All ``` ```Output @@ -94,11 +84,12 @@ This command retrieves all the registered owners of a device. - `-DeviceId` parameter specifies the device's ID. -### Example 4: Retrieve top one registered owner of a device +### Example 3: Retrieve top one registered owner of a device ```powershell Connect-Entra -Scopes 'Device.Read.All' -Get-EntraDeviceRegisteredOwner -DeviceId 'bbbbbbbb-1111-2222-3333-cccccccccccc' -Top 1 +$device = Get-EntraDevice -SearchString '' +Get-EntraDeviceRegisteredOwner -DeviceId $device.ObjectId -Top 1 ``` ```Output diff --git a/module/docs/entra-powershell-v1.0/Microsoft.Graph.Entra/Get-EntraDeviceRegisteredUser.md b/module/docs/entra-powershell-v1.0/Microsoft.Graph.Entra/Get-EntraDeviceRegisteredUser.md index 810e5ec600..610d2aac48 100644 --- a/module/docs/entra-powershell-v1.0/Microsoft.Graph.Entra/Get-EntraDeviceRegisteredUser.md +++ b/module/docs/entra-powershell-v1.0/Microsoft.Graph.Entra/Get-EntraDeviceRegisteredUser.md @@ -38,14 +38,21 @@ Get-EntraDeviceRegisteredUser The `Get-EntraDeviceRegisteredUser` cmdlet gets a registered user for a Microsoft Entra ID device. Specify `DeviceId` parameter to get a registered user for a Microsoft Entra ID device. +In delegated scenarios with work or school accounts, the signed-in user must have a supported Microsoft Entra role or a custom role with the necessary permissions. The following least privileged roles are supported: + +- Directory Readers +- Global Reader +- Intune Administrator +- Windows 365 Administrator + ## Examples ### Example 1: Retrieve the registered user of a device ```powershell Connect-Entra -Scopes 'Device.Read.All' -$DevId = (Get-EntraDevice -Top 1).ObjectId -Get-EntraDeviceRegisteredUser -DeviceId $DevId +$device = Get-EntraDevice -SearchString '' +Get-EntraDeviceRegisteredUser -DeviceId $device.ObjectId ``` ```Output @@ -63,7 +70,8 @@ This example demonstrates how to retrieve registered user for a specific Microso ```powershell Connect-Entra -Scopes 'Device.Read.All' -Get-EntraDeviceRegisteredUser -DeviceId 'aaaaaaaa-0000-1111-2222-bbbbbbbbbbbb' -All +$device = Get-EntraDevice -SearchString '' +Get-EntraDeviceRegisteredUser -DeviceId $device.ObjectId -All ``` ```Output @@ -83,7 +91,8 @@ This example demonstrates how to retrieve all registered users for a specified d ```powershell Connect-Entra -Scopes 'Device.Read.All' -Get-EntraDeviceRegisteredUser -DeviceId 'aaaaaaaa-0000-1111-2222-bbbbbbbbbbbb' -Top 2 +$device = Get-EntraDevice -SearchString '' +Get-EntraDeviceRegisteredUser -DeviceId $device.ObjectId -Top 2 ``` ```Output diff --git a/module/docs/entra-powershell-v1.0/Microsoft.Graph.Entra/New-EntraDevice.md b/module/docs/entra-powershell-v1.0/Microsoft.Graph.Entra/New-EntraDevice.md index d81f8e00ad..a46d19bd1c 100644 --- a/module/docs/entra-powershell-v1.0/Microsoft.Graph.Entra/New-EntraDevice.md +++ b/module/docs/entra-powershell-v1.0/Microsoft.Graph.Entra/New-EntraDevice.md @@ -49,7 +49,10 @@ New-EntraDevice The `New-EntraDevice` cmdlet creates a device in Microsoft Entra ID. -The calling user must be in one of the following Microsoft Entra roles: Intune Administrator or Windows 365 Administrator. +In delegated scenarios involving work or school accounts, the signed-in user must have a supported Microsoft Entra role or a custom role with the required permissions. The following least privileged roles are supported for this operation: + +- Intune Administrator +- Windows 365 Administrator ## Examples @@ -57,11 +60,13 @@ The calling user must be in one of the following Microsoft Entra roles: Intune A ```powershell Connect-Entra -Scopes 'Directory.AccessAsUser.All','Device.ReadWrite.All' - +$newId= New-Object Microsoft.Open.AzureAD.Model.AlternativeSecurityId +$newId.Key =[System.Text.Encoding]::UTF8.GetBytes('test') +$newId.type = 2 $params = @{ AccountEnabled = $true DisplayName = 'My new device' - AlternativeSecurityIds = $altsecid + AlternativeSecurityIds = $newId DeviceId = $guid DeviceOSType = 'OS/2' DeviceOSVersion = '9.3' @@ -98,7 +103,7 @@ Accept wildcard characters: False ### -AlternativeSecurityIds -Specifies alternative security IDs. +Specifies alternative security IDs. See more details on [security IDs](https://learn.microsoft.com/graph/api/resources/alternativesecurityid). ```yaml Type: System.Collections.Generic.List`1[Microsoft.Open.AzureAD.Model.AlternativeSecurityId] diff --git a/module/docs/entra-powershell-v1.0/Microsoft.Graph.Entra/Remove-EntraDevice.md b/module/docs/entra-powershell-v1.0/Microsoft.Graph.Entra/Remove-EntraDevice.md index bacb0d4a0c..0c32c8ad58 100644 --- a/module/docs/entra-powershell-v1.0/Microsoft.Graph.Entra/Remove-EntraDevice.md +++ b/module/docs/entra-powershell-v1.0/Microsoft.Graph.Entra/Remove-EntraDevice.md @@ -34,7 +34,11 @@ Remove-EntraDevice The `Remove-EntraDevice` cmdlet removes a device from Microsoft Entra ID. -The calling user must be in one of the following Microsoft Entra roles: Intune Administrator, Windows 365 Administrator, or Cloud Device Administrator. +In delegated scenarios with work or school accounts, the signed-in user must have a supported Microsoft Entra role or a custom role with the required permissions. The following least privileged roles are supported: + +- Intune Administrator +- Windows 365 Administrator +- Cloud Device Administrator ## Examples @@ -42,8 +46,8 @@ The calling user must be in one of the following Microsoft Entra roles: Intune A ```powershell Connect-Entra -Scopes 'Directory.AccessAsUser.All','Device.ReadWrite.All' -$Device = Get-EntraDevice -Filter "DisplayName eq 'Woodgrove Desktop'" -Remove-EntraDevice -DeviceId $Device.ObjectId +$device = Get-EntraDevice -Filter "DisplayName eq 'Woodgrove Desktop'" +Remove-EntraDevice -DeviceId $device.ObjectId ``` This command removes the specified device. diff --git a/module/docs/entra-powershell-v1.0/Microsoft.Graph.Entra/Remove-EntraDeviceRegisteredOwner.md b/module/docs/entra-powershell-v1.0/Microsoft.Graph.Entra/Remove-EntraDeviceRegisteredOwner.md index ec6b3a8a33..d401fe867d 100644 --- a/module/docs/entra-powershell-v1.0/Microsoft.Graph.Entra/Remove-EntraDeviceRegisteredOwner.md +++ b/module/docs/entra-powershell-v1.0/Microsoft.Graph.Entra/Remove-EntraDeviceRegisteredOwner.md @@ -35,15 +35,20 @@ Remove-EntraDeviceRegisteredOwner The `Remove-EntraDeviceRegisteredOwner` cmdlet removes the registered owner of a device in Microsoft Entra ID. +In delegated scenarios involving work or school accounts, the signed-in user must have a supported Microsoft Entra role or a custom role with the required permissions. The following least privileged roles are supported for this operation: + +- Intune Administrator +- Windows 365 Administrator + ## Examples ### Example 1: Remove an owner from a device ```powershell Connect-Entra -Scopes 'Directory.AccessAsUser.All' -$Device = Get-EntraDevice -Top 1 -$Owner = Get-EntraDeviceRegisteredOwner -DeviceId $Device.ObjectId -Remove-EntraDeviceRegisteredOwner -DeviceId $Device.ObjectId -OwnerId $Owner.ObjectId +$device = Get-EntraDevice -Filter "DisplayName eq 'Woodgrove Desktop'" +$owner = Get-EntraDeviceRegisteredOwner -DeviceId $device.ObjectId +Remove-EntraDeviceRegisteredOwner -DeviceId $device.ObjectId -OwnerId $owner.Id ``` This examples shows how to remove the owner of a device. diff --git a/module/docs/entra-powershell-v1.0/Microsoft.Graph.Entra/Remove-EntraDeviceRegisteredUser.md b/module/docs/entra-powershell-v1.0/Microsoft.Graph.Entra/Remove-EntraDeviceRegisteredUser.md index ec9ca2ff64..e8552af556 100644 --- a/module/docs/entra-powershell-v1.0/Microsoft.Graph.Entra/Remove-EntraDeviceRegisteredUser.md +++ b/module/docs/entra-powershell-v1.0/Microsoft.Graph.Entra/Remove-EntraDeviceRegisteredUser.md @@ -35,15 +35,20 @@ Remove-EntraDeviceRegisteredUser The `Remove-EntraDeviceRegisteredUser` cmdlet removes a registered user from a Microsoft Entra ID device. +In delegated scenarios involving work or school accounts, the signed-in user must have a supported Microsoft Entra role or a custom role with the required permissions. The following least privileged roles are supported for this operation: + +- Intune Administrator +- Windows 365 Administrator + ## Examples ### Example 1: Remove a registered user from a device ```Powershell Connect-Entra -Scopes 'Directory.AccessAsUser.All' -$Device = Get-EntraDevice -Top 1 -$User = Get-EntraDeviceRegisteredUser -DeviceId $Device.ObjectId -Remove-EntraDeviceRegisteredUser -DeviceId $Device.ObjectId -UserId $User.ObjectId +$device = Get-EntraDevice -Filter "DisplayName eq 'Woodgrove Desktop'" +$user = Get-EntraDeviceRegisteredUser -DeviceId $device.ObjectId +Remove-EntraDeviceRegisteredUser -DeviceId $device.ObjectId -UserId $user.Id ``` This example shows how to remove the registered user from device. diff --git a/module/docs/entra-powershell-v1.0/Microsoft.Graph.Entra/Set-EntraDevice.md b/module/docs/entra-powershell-v1.0/Microsoft.Graph.Entra/Set-EntraDevice.md index 2e21b12941..072dcecba2 100644 --- a/module/docs/entra-powershell-v1.0/Microsoft.Graph.Entra/Set-EntraDevice.md +++ b/module/docs/entra-powershell-v1.0/Microsoft.Graph.Entra/Set-EntraDevice.md @@ -49,7 +49,11 @@ Set-EntraDevice The `Set-EntraDevice` cmdlet updates a device in Microsoft Entra ID. -The calling user must have at least the Intune Administrator role in Microsoft Entra. A user with the Cloud Device Administrator role can only enable or disable devices, while a user with the Windows 365 Administrator role can only update basic device properties. +The calling user must have at least: + +- Intune Administrator role +- Cloud Device Administrator role can only enable or disable devices +- Windows 365 Administrator role can only update basic device properties. ## Examples @@ -57,7 +61,8 @@ The calling user must have at least the Intune Administrator role in Microsoft E ```powershell Connect-Entra -Scopes 'Directory.AccessAsUser.All','Device.ReadWrite.All' -Set-EntraDevice -DeviceObjectId 'aaaaaaaa-0000-1111-2222-bbbbbbbbbbbb' -DisplayName 'My OS/2 computer' +$device = Get-EntraDevice -Filter "DisplayName eq 'Woodgrove Desktop'" +Set-EntraDevice -DeviceObjectId $device.ObjectId -DisplayName 'My OS/2 computer' ``` This example shows how to update a display name of a specified. @@ -66,10 +71,11 @@ This example shows how to update a display name of a specified. ```powershell Connect-Entra -Scopes 'Directory.AccessAsUser.All','Device.ReadWrite.All' -$NewId= New-Object Microsoft.Open.AzureAD.Model.AlternativeSecurityId -$NewId.Key =[System.Text.Encoding]::UTF8.GetBytes('test') -$NewId.type = 2 -Set-EntraDevice -DeviceObjectId 'aaaaaaaa-0000-1111-2222-bbbbbbbbbbbb' -AlternativeSecurityIds $NewId +$newId= New-Object Microsoft.Open.AzureAD.Model.AlternativeSecurityId +$newId.Key =[System.Text.Encoding]::UTF8.GetBytes('test') +$newId.type = 2 +$device = Get-EntraDevice -Filter "DisplayName eq 'Woodgrove Desktop'" +Set-EntraDevice -DeviceObjectId $device.ObjectId -AlternativeSecurityIds $newId ``` This example shows how to update an alternative security ID of a specified device. @@ -78,7 +84,8 @@ This example shows how to update an alternative security ID of a specified devic ```powershell Connect-Entra -Scopes 'Directory.AccessAsUser.All','Device.ReadWrite.All' -Set-EntraDevice -DeviceObjectId 'aaaaaaaa-0000-1111-2222-bbbbbbbbbbbb' -AccountEnabled $true +$device = Get-EntraDevice -Filter "DisplayName eq 'Woodgrove Desktop'" +Set-EntraDevice -DeviceObjectId $device.ObjectId -AccountEnabled $true ``` This example shows how to update an account enabled of a specified device. @@ -87,7 +94,8 @@ This example shows how to update an account enabled of a specified device. ```powershell Connect-Entra -Scopes 'Directory.AccessAsUser.All','Device.ReadWrite.All' -Set-EntraDevice -DeviceObjectId 'aaaaaaaa-0000-1111-2222-bbbbbbbbbbbb' -DeviceOSType Windows +$device = Get-EntraDevice -Filter "DisplayName eq 'Woodgrove Desktop'" +Set-EntraDevice -DeviceObjectId $device.ObjectId -DeviceOSType Windows ``` This example shows how to update an OS type of a specified device. @@ -96,9 +104,9 @@ This example shows how to update an OS type of a specified device. ```powershell Connect-Entra -Scopes 'Directory.AccessAsUser.All','Device.ReadWrite.All' - +$device = Get-EntraDevice -Filter "DisplayName eq 'Woodgrove Desktop'" $params = @{ - DeviceObjectId = 'aaaaaaaa-0000-1111-2222-bbbbbbbbbbbb' + DeviceObjectId = $device.ObjectId DeviceMetadata = 'Testdevice' DeviceObjectVersion = 4 DevicePhysicalIds = '[GID]:g:1234567890123456'