Share via

MGGraph Deviceid

Killerbe 50 Reputation points
2023-07-31T13:28:47.1133333+00:00

i got a list of devices i wanted to disable, so placed these devices in an Array. The array contains the displayname, createddatetime, Trusttype and DeviceId.

The array where the abjects are place is called $New.

To disable the devices, i created a suitable parameter:

$params = @{
	accountEnabled = $false
}

Then i wanted to disable the devices which have been registered in 2020:

$New | ? {$_.CreatedDateTime -like "2020*"} | % {Update-MgDevice -deviceid $_.DeviceId -BodyParameter $Param}

To my surprise the Update-MGDevice cannot update the devices because it cannot find the object with the deviceid. When i include my array to include the ID of the device, then it succeeds in finding the referenced object.

$New | ? {$_.CreatedDateTime -like "2020*"} | % {Update-MgDevice -deviceid $_.Id -BodyParameter $Param}

Why is the object DeviceID not the same?

$New = Get-MGDevice -all | ? {($_.TrustType -eq "AzureAD") -and ($_.OperatingSystem -eq "Windows"))} | select-object DisplayName, @{Name=CreatedDateTime;Expression={AdditionalProperties.CreatedDateTime}}, TrustType, DeviceId

Windows for business | Windows Server | User experience | PowerShell
Microsoft Security | Microsoft Graph
0 comments

2 answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. Killerbe 50 Reputation points
    2023-10-30T14:59:45.64+00:00

    Still puzzled by this.

    Get-MGDevice returns following properties:

    Name

    AccountEnabled

    AdditionalProperties

    AlternativeSecurityIds

    ApproximateLastSignInDateTime

    ComplianceExpirationDateTime

    DeletedDateTime

    DeviceId

    DeviceMetadata

    DeviceVersion

    DisplayName

    Extensions

    Id

    IsCompliant

    IsManaged

    MdmAppId

    MemberOf

    OnPremisesLastSyncDateTime

    OnPremisesSyncEnabled

    OperatingSystem

    OperatingSystemVersion

    PhysicalIds

    ProfileType

    RegisteredOwners

    RegisteredUsers

    SystemLabels

    TransitiveMemberOf

    TrustType

    When I check the values for DeviceId, and ID I see two different values, and DeviceId is not empty.

    When removing a device, where I need to specify a DeviceId, I would expect the property of the DeviceID, however this is not true:

    Get-MgDevice -filter "AccountEnabled eq $False" | % {Remove-MgDevice -DevciceID $_.DeviceID}

    This command returns:

    Remove-MgDevice_Delete: Resource '22f51fa0-4ae9-4531-b82e-3ad0f8c1cc18' does not exist or one of its queried reference-property objects are not present.

    However when i specify the ID value it works

    Get-MgDevice -filter "AccountEnabled eq $False" | % {Remove-MgDevice -DeviceId $_.Id}

    Was this answer helpful?

  2. Rich Matheisen 48,116 Reputation points
    2023-07-31T15:28:25.9033333+00:00

    If you were to do this: 1,2 | Select-Object DeviceId` you'd get two results, but the "DeviceID" will be empty.

    You also have a "BodyParam" parameter on the Update-MGDevice cmdlet. What's in that?

    Are you sure that the Get-MGDevice cmdlet produduces an object (IMicrosoftGraphDevice) that has a property named "DeviceID"?

    Examine the output of the Get-MGDevice cmdlet:

    Get-MGDevice -all | Select -First 1 | Get-Member * -Force

    While the IMicrosoftGraphDevice object is supposed to contain a DeviceID parameter, it never hurts to double-check.

    Was this answer helpful?

Your answer

Answers can be marked as 'Accepted' by the question author and 'Recommended' by moderators, which helps users know the answer solved the author's problem.