Choose the permission or permissions marked as least privileged for this API. Use a higher privileged permission or permissions only if your app requires it. For details about delegated and application permissions, see Permission types. To learn more about these permissions, see the permissions reference.
Permission type
Least privileged permissions
Higher privileged permissions
Delegated (work or school account)
Directory.AccessAsUser.All
Not available.
Delegated (personal Microsoft account)
Not supported.
Not supported.
Application
Not supported.
Not supported.
When an application queries a relationship that returns a directoryObject type collection, if it does not have permission to read a certain derived type (like device), members of that type are returned but with limited information. With this behavior, applications can request the least privileged permissions they need, rather than rely on the set of Directory.* permissions. For details, see Limited information returned for inaccessible member objects.
HTTP request
DELETE /devices/{id}/registeredUsers/{id}/$ref
Caution
If /$ref is not appended to the request and the calling app has permissions to manage the user who is a registered user of the device, the user will also be deleted from Microsoft Entra ID; otherwise, a 403 Forbidden error is returned. You can restore deleted users through the Restore deleted items API.
Request headers
Name
Type
Description
Authorization
string
Bearer {token}. Required.
Request body
Don't supply a request body for this method.
Response
If successful, this method returns a 204 No Content response code.
// Code snippets are only available for the latest version. Current version is 5.x
// To initialize your graphClient, see https://learn.microsoft.com/en-us/graph/sdks/create-client?from=snippets&tabs=csharp
await graphClient.Devices["{device-id}"].RegisteredUsers["{directoryObject-id}"].Ref.DeleteAsync();
// THE CLI IS IN PREVIEW. NON-PRODUCTION USE ONLY
mgc devices registered-users ref-by-id delete --device-id {device-id} --directory-object-id {directoryObject-id}
// Code snippets are only available for the latest version. Current version is 6.x
GraphServiceClient graphClient = new GraphServiceClient(requestAdapter);
graphClient.devices().byDeviceId("{device-id}").registeredUsers().byDirectoryObjectId("{directoryObject-id}").ref().delete();
<?php
use Microsoft\Graph\GraphServiceClient;
$graphServiceClient = new GraphServiceClient($tokenRequestContext, $scopes);
$graphServiceClient->devices()->byDeviceId('device-id')->registeredUsers()->byDirectoryObjectId('directoryObject-id')->ref()->delete()->wait();
Coming soon: Throughout 2024 we will be phasing out GitHub Issues as the feedback mechanism for content and replacing it with a new feedback system. For more information see: https://aka.ms/ContentUserFeedback.