msgraph-sdk-powershell icon indicating copy to clipboard operation
msgraph-sdk-powershell copied to clipboard
verified publisher icon microsoftgraph

Update-MgDevice failed: Update-MgDevice_Update: Insufficient privileges to complete the operation.

Open markoglogovac opened this issue 8 months ago • 2 comments

Describe the bug

I am trying to update existing device: vm-CL1-tstx I want to add ExtensionAttributes using Update-MGDevice. Commands: $mydevice = get-mgdevice | Where-Object {$_.DisplayName -eq "vm-CL1-tstx"} $param = @{'extensionAttributes' = @{'extensionAttribute1'='tiruriru'}}
update-mgdevice -deviceId $myDevice.Id -BodyParameter ($param | ConvertTo-Json -Depth 10)

I have following permissions: Device.Read.All Device.ReadWrite.All Directory.AccessAsUser.All Directory.ReadWrite.All openid Policy.Read.All profile User.Read email

Expected behavior

command pass successfully.

How to reproduce

$mydevice = get-mgdevice | Where-Object {$_.DisplayName -eq "vm-CL1-tstx"} $param = @{'extensionAttributes' = @{'extensionAttribute1'='tiruriru'}}
update-mgdevice -deviceId $myDevice.Id -BodyParameter ($param | ConvertTo-Json -Depth 10)

SDK Version

No response

Latest version known to work for scenario above?

No response

Known Workarounds

No response

Debug output

Click to expand log ``` 
</details>


### Configuration

_No response_

### Other information

_No response_

markoglogovac avatar Apr 25 '25 13:04 markoglogovac

I have the same issue. I have an App Registration with the following rights:

  • Device.ReadWrite.All
  • Directory.ReadWrite.All

I want to change the enrollment profile name without having to reprovision all W365 devices. This is the script I'm using:

$W365Devices = Get-MgBetaDevice -Search "enrollmentProfileName:$OldProfileName" -ConsistencyLevel eventual; foreach ($Device in $W365Devices) { Update-MgBetaDevice -DeviceId $Device.Id -EnrollmentProfileName $NewProfileName }

This also happens with the non-beta commands. I also tried this with delegated permissions after enabling the Global Admin role but I get the same Insufficient privileges error. I also tried this using the BodyParameter method but no dice. I also gave the Enterprise App the Cloud Device Administrator role, but that doesn't work either.

ITMicaH avatar Jun 27 '25 07:06 ITMicaH

An API owner needs to review this issue to determine whether this is a bug, or if there is a configuration setting required to successfully run these APIs.

MIchaelMainer avatar Oct 20 '25 20:10 MIchaelMainer