Share via

How to Create a Device on AAD Using Microsoft Graph API ?

sarvesh chaudhari 0 Reputation points
2024-07-10T11:26:38.5+00:00

I'm trying to use the Microsoft Graph API to create a device in Microsoft Entra ID. I need to generate a device ID and include it in the deviceid property of the POST request. Additionally, I want to know if this API call can join my Windows machine to Entra ID (formerly Azure AD).

Here are the steps I'm trying to follow and my current implementation:

Steps

Ensure the device is registered and can join to Entra ID.

Current Implementation

json

POST https://graph.microsoft.com/v1.0/devices

Content-Type: application/json

Authorization: Bearer {token}

{

"displayName": "My Windows Device",

"deviceId": "{generated_device_id}",

"operatingSystem": "Windows",

"operatingSystemVersion": "10.0",

"alternativeSecurityIds": [

{

  "type": 1,

  "identityProvider": "provider",

  "key": "{base64_encoded_device_id}"

}

]

}

Questions

How do I correctly generate the deviceId and alternativeSecurityIds properties? Specifically, what format and encoding should the key property in alternativeSecurityIds have?

Does the above API call allow a Windows machine to join Entra ID, or is there another specific API for this purpose? If this isn't the correct API to join a device, what is the correct procedure?

Additional Context

I'm using a service principal to authenticate with the Microsoft Graph API.

The device will be managed through Intune after joining Entra ID.

Any guidance or example code would be greatly appreciated!

Microsoft Graph
Microsoft Graph
A Microsoft programmability model that exposes REST APIs and client libraries to access data on Microsoft 365 services.
11,305 questions
C#
C#
An object-oriented and type-safe programming language that has its roots in the C family of languages and includes support for component-oriented programming.
10,596 questions
Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
20,427 questions
0 comments

1 answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. Givary-MSFT 30,346 Reputation points Microsoft Employee
    2024-07-11T05:09:19.66+00:00

    @sarvesh chaudhari Thank you for reaching out to us, As I understand you are trying to creating a Device on AAD/Entra Using Microsoft Graph API.

    As far I know, Device registration service calls Microsoft Graph to create device when device registration is triggered. This can be for Entra registered/Entra joined/Entra Hybrid joined device states.

    The only scenario where non device registration service calls create device is Intune when they create synthetic devices. A device which is not directly registered to Entra ID but registered via another service say Defender is called synthetic device - https://learn.microsoft.com/en-us/mem/intune/protect/mde-security-integration#environment

    In short, its not possible to create a device id via Microsoft Graph manually, Refer to this for more details - Device registration process

    Let me know if you have any further questions, feel free to post back.

    Please remember to "Accept Answer" if answer helped, so that others in the community facing similar issues can easily find the solution.

    0 comments