OK so did some more testing noticed that the key value wasn't base64 encoded, seems to be a typo in the documentation.. Try the following:
{
"accountEnabled":false,
"alternativeSecurityIds":
[
{
"type": 2,
"key": "Y3YxN2E1MWFlYw=="
}
],
"deviceId":"4c299165-6e8f-4b45-a5ba-c5d250a707ff",
"displayName":"Test device",
"operatingSystem":"linux",
"operatingSystemVersion":"1"
}
Now it returns
"message": "Insufficient privileges to complete the operation.",
Yet the token the application is using has the following scopes:
"roles": [
"User.ReadBasic.All",
"Device.Read.All",
"Device.ReadWrite.All",
"User.ReadWrite.All",
"Domain.ReadWrite.All",
"Group.Read.All",
"Group.Create",
"Group.ReadWrite.All",
"User.Read.All",
"Domain.Read.All",
"Organization.Read.All"
],