Unable to Disable mobile device using Automation Account

Amol Pawar 21 Reputation points

We get an error “SetDevice Code: Request_BadRequest Message: Properties other than ExtendedAttribute1..15 can be modified only on windows devices”. Here is the script that we are using:

$dev = Get-AzureADDevice -All:$true | Where {$_.AccountEnabled -eq $true}

foreach ($d in $dev) {

Set-AzureADDevice -ObjectId $d.ObjectId -AccountEnabled $false


Even though this returns error, but it still disables the Windows devices and however does not disable mobile devices.

Also, one thing to note is, we can remove the devices using Remove-AzureADDevice using Automation.

The same scripts is running fine without error on Windows Powershell.

Azure Automation
Azure Automation
An Azure service that is used to automate, configure, and install updates across hybrid environments.
1,184 questions
Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
20,448 questions
{count} votes

2 answers

Sort by: Most helpful
  1. bharathn-msft 5,086 Reputation points Microsoft Employee

    <<Converting the information from comments to here for broader community usage>>

    Thank you @Amol Pawar for your query.

    Came across a similar case notes I could find below information , which I thought would help our community members having similar issue. So sharing it here.

    If you are performing an app-only auth, which results the above error. Which is by design.
    However to modify the attributes, you need to use PowerShell or perform a User auth to acquire a token.

    Hope the above information helps for other community members facing this issue. Thank you

    0 comments No comments

  2. Dennis 1 Reputation point

    is that a bug or is that "by design" and we cannot use app-permissions to disable devices?

    0 comments No comments