Set-AzureADDevice
This article provides migration details from Set-AzureADDevice command to Microsoft Graph PowerShell.
Summary
- Azure AD Command: Set-AzureADDevice
- Azure AD Module: AzureAD
- Microsoft Graph Command: Update-MgDevice (Community Examples)
- Graph Module: Microsoft.Graph.Identity.DirectoryManagement
- Graph Endpoint: PATCH /devices/{id}
Permissions
| Permission type | Least privileged permissions | Higher privileged permissions |
|---|---|---|
| Delegated (work or school account) | Directory.AccessAsUser.All | Not available. |
| Delegated (personal Microsoft account) | Not supported. | Not supported. |
| Application | Device.ReadWrite.All | Directory.ReadWrite.All |
View more details on permissions.
In application-only scenarios and for non-Windows devices, that is, where the operatingSystem property is not Windows, the app can update only the extensionAttributes property.
The calling user must also be in one of the following Microsoft Entra roles: Intune Administrator. A calling user in the Cloud Device Administrator role can only enable or disable devices using this API and a user with the Windows 365 Administrator role can only update basic device properties.
Property Mapping
| Azure AD Name | Microsoft Graph Name |
|---|---|
| AccountEnabled | AccountEnabled |
| AlternativeSecurityIds | AlternativeSecurityIds |
| ApproximateLastLogonTimeStamp | NA |
| DeviceId | DeviceId |
| DeviceMetadata | DeviceMetadata |
| DeviceObjectVersion | NA |
| DeviceOSType | NA |
| DeviceOSVersion | NA |
| DevicePhysicalIds | NA |
| DeviceTrustType | NA |
| IsCompliant | IsCompliant |
| DisplayName | DisplayName |
| IsManaged | IsManaged |
| ProfileType | ProfileType |
| SystemLabels | SystemLabels |
| ObjectId | Id |