msgraph-sdk-powershell icon indicating copy to clipboard operation
msgraph-sdk-powershell copied to clipboard

Published 20 hours ago verified publisher icon microsoftgraph

Update-MgDevice - Cannot Disable a non-Windows device in Entra ID using PowerShell

Open joshuahipple opened this issue 1 year ago • 1 comments

Summary: My goal is to disable a non-Windows device in Entra ID using PowerShell. AzureAD modules work fine but the Graph modules fail.

Connection info: Keeping it simple I am running this with an interactive PowerShell session with my user account and PIM roles properly activated.

AuthType : Delegated TokenCredentialType : InteractiveBrowser AppName : Microsoft Graph Command Line Tools ContextScope : CurrentUser

The following PowerShell code using the AzureAD modules works just fine:

#Entra ID Object ID for non-Windows device
$ID = "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx"
#Legacy AzureAD command works just fine
Set-AzureADDevice -ObjectId $ID -AccountEnabled $false -Verbose

The following command using the Graph modules fails:

#Entra ID Object ID for non-Windows device
$ID = "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx"
Update-MgDevice -DeviceId $ID -AccountEnabled:$false

Error message: Update-MgDevice : Properties other than ExtendedAttribute1..15 can be modified only on windows devices. Status: 400 (BadRequest) ErrorCode: Request_BadRequest

My goal was to get this code working properly via an interactive session prior to migrating it to a registered application-based method. AzureAD modules will be retired by Microsoft this year so want to plan to migrate to Graph. Based on what I have read in these links there is still some issues with delegated app permissions: https://github.com/microsoftgraph/msgraph-sdk-powershell/issues/2066 https://developer.microsoft.com/en-us/graph/known-issues/?search=17346

joshuahipple avatar Feb 19 '24 17:02 joshuahipple

Hi @joshuahipple thank you for identifying and logging this issue. Unfortunately this is a known API issue as per the documentation here image. However, you can try using delegated permissions (authenticate as a user) to update the property on a non-Windows device.

timayabi2020 avatar Mar 01 '24 07:03 timayabi2020

This issue has been automatically marked as stale because it has been marked as requiring author feedback but has not had any activity for 4 days. It will be closed if no further activity occurs within 3 days of this comment.

microsoft-github-policy-service[bot] avatar Mar 05 '24 07:03 microsoft-github-policy-service[bot]