Summary:
My goal is to disable a non-Windows device in Entra ID using PowerShell. AzureAD modules work fine but the Graph modules fail.
Connection info:
Keeping it simple I am running this with an interactive PowerShell session with my user account and PIM roles properly activated.
AuthType : Delegated
TokenCredentialType : InteractiveBrowser
AppName : Microsoft Graph Command Line Tools
ContextScope : CurrentUser
The following PowerShell code using the AzureAD modules works just fine:
#Entra ID Object ID for non-Windows device
$ID = "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx"
#Legacy AzureAD command works just fine
Set-AzureADDevice -ObjectId $ID -AccountEnabled $false -Verbose
The following command using the Graph modules fails:
#Entra ID Object ID for non-Windows device
$ID = "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx"
Update-MgDevice -DeviceId $ID -AccountEnabled:$false
Error message:
Update-MgDevice : Properties other than ExtendedAttribute1..15 can be modified only on windows devices.
Status: 400 (BadRequest)
ErrorCode: Request_BadRequest
My goal was to get this code working properly via an interactive session prior to migrating it to a registered application-based method. AzureAD modules will be retired by Microsoft this year so want to plan to migrate to Graph. Based on what I have read in these links there is still some issues with delegated app permissions:
#2066
https://developer.microsoft.com/en-us/graph/known-issues/?search=17346
Summary:
My goal is to disable a non-Windows device in Entra ID using PowerShell. AzureAD modules work fine but the Graph modules fail.
Connection info:
Keeping it simple I am running this with an interactive PowerShell session with my user account and PIM roles properly activated.
AuthType : Delegated
TokenCredentialType : InteractiveBrowser
AppName : Microsoft Graph Command Line Tools
ContextScope : CurrentUser
The following PowerShell code using the AzureAD modules works just fine:
The following command using the Graph modules fails:
Error message:
Update-MgDevice : Properties other than ExtendedAttribute1..15 can be modified only on windows devices.
Status: 400 (BadRequest)
ErrorCode: Request_BadRequest
My goal was to get this code working properly via an interactive session prior to migrating it to a registered application-based method. AzureAD modules will be retired by Microsoft this year so want to plan to migrate to Graph. Based on what I have read in these links there is still some issues with delegated app permissions:
#2066
https://developer.microsoft.com/en-us/graph/known-issues/?search=17346