How to Change Azure Device Owner with Microsoft Graph Powershell?

JayCarper-5747 216

The AzureAD module is being retired and I know how to do this using Add-AzureADDeviceRegisteredOwner. Please read the question before replying.

I have read the documentation for New-MgDeviceRegisteredOwnerByRef, but it appears to be incomplete. I don't see anything in the instructions about how to actually add a registered owner for a device. Is this the correct cmdlet? If so, how do you use it? If not, what is the correct cmdlet?

Sandeep G-MSFT 16,696 Reputation points Microsoft Employee

2023-08-16T04:20:46.4833333+00:00

@JayCarper-5747

Just checking in to see if the below answer helped. If this answers your query, please don’t forget to click "Accept the answer" and Up-Vote for the same, which might be beneficial to other community members reading this thread.
JayCarper-5747 216 Reputation points

2023-08-21T22:28:21.73+00:00

I haven't had time to get back to this yet, but I'll let you know when I do. Thanks.

1 answer

Vasil Michev 100.2K Reputation points MVP

2023-08-03T06:45:09.2733333+00:00

Yes, that's the "replacement" cmdlet. And yes, the documentation leaves a lot to be desired, but that's something you have to learn to live with, then it comes to the Graph SDK :(

Here's an example on how to use it:

New-MgDeviceRegisteredOwnerByRef -DeviceId dd16bf84-xxxx-xxxx-xxxx-89d42328529e -OdataId "https://graph.microsoft.com/v1.0/directoryObjects/e0d7442c-xxxx-xxxx-xxxx-ec9887816677"

where you have to specify the device ID and the desired user's ID. The "https://graph.microsoft.com/v1.0/directoryObjects/" prefix is mandatory, as those cmdlets are all autogenerated and any concept of convenience is foreign to them.

An alternative use of the cmdlet is:

New-MgDeviceRegisteredOwnerByRef -DeviceId dd16bf84-xxxx-xxxx-xxxx-89d42328529e -BodyParameter @{"@odata.id" = "https://graph.microsoft.com/v1.0/directoryObjects/fe506ef0-xxxx-xxxx-xxxx-e82f833c3e91"}
Please sign in to rate this answer.
JayCarper-5747 216 Reputation points

2023-08-16T19:18:02.42+00:00

Thanks. I'll try it out and let you know.

JayCarper-5747 216 Reputation points

2023-08-16T20:52:13.74+00:00

I get an insufficient privileges error. What permissions do I need to assign to be able to do this? I've already granted Device.ReadWrite.All, DeviceManagementConfiguration.ReadWrite.All, and DeviceManagementManagedDevices.ReadWrite.All.

New-MgDeviceRegisteredOwnerByRef : Insufficient privileges to complete the operation. At line:1 char:1 + New-MgDeviceRegisteredOwnerByRef -DeviceId $deviceid -OdataId "https: ... + ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + CategoryInfo : InvalidOperation: ({ DeviceId = 04...ferenceCreate }:<>f__AnonymousType7`2) [New-MgDevic eReg...CreateExpanded1], RestException`1 + FullyQualifiedErrorId : Authorization_RequestDenied,Microsoft.Graph.PowerShell.Cmdlets.NewMgDeviceRegisteredOwne rByRef_CreateExpanded1

Alfredo Revilla - Upwork Top Talent | IAM SWE SWA 27,436 Reputation points

2023-08-17T05:42:54.9233333+00:00

Hello. You need to add Directory.Read.All permission.

Vasil Michev 100.2K Reputation points MVP

2023-08-17T08:05:23.1+00:00

To find out which permissions you need for a specific Graph cmdlet, you can use Find-MgGraphCommand:

Find-MgGraphCommand -Command New-MgDeviceRegisteredOwnerByRef

Or you can review the documentation on the corresponding Graph method: https://learn.microsoft.com/en-us/graph/api/device-post-registeredowners?view=graph-rest-1.0&tabs=http

In this case, you will need the Directory.AccessAsUser.All (impersonation) permissions.

Victoria Brown 0 Reputation points

2024-04-15T16:55:42.7566667+00:00

Is there an option that doesn't require powershell scripting? Apparently, I don't have the license for that. =/ Been trying to use powershell scripts for all kinds of things Office-related the last 2 years, but it seems 365 Business Standard doesn't allow for that.
Sign in to comment

Share via

How to Change Azure Device Owner with Microsoft Graph Powershell?

1 answer