Forum Discussion

Christophe Barneaud's avatar
Christophe Barneaud
Brass Contributor
May 18, 2022

Get a list of AAD device in graph (equivalent to Get-AzureADDevice in AzureAD module)

HI,

I could not find the command in microsoft graph equivalent to the Get-AzureADDevice in AzureAD module.

 

Thanks

3 Replies

  • VasilMichev's avatar
    VasilMichev
    MVP
    May 18, 2022
    You can get them via the /devices endpoint, Get-MgDevice if using the Microsoft Graph SDK module.
    • Christophe Barneaud's avatar
      Christophe Barneaud
      Brass Contributor
      May 24, 2022
      thanks Vasil.
      I have problem with permission in my powershell script error when using Get-MgDeviceManagementWindowAutopilotDeviceIdentity (from
      the Microsoft.Graph.DeviceManagement.Enrolment module)

      I consented the permissions as needed to my app registration: DeviceManagementServiceConfiguration.Read.All
      DeviceManagementServiceConfig.Read.All
      DeviceManagementServiceConfiguration.ReadWrite.All
      DeviceManagementServiceConfig.ReadWrite.All

      Get this error message when running the script:
      Get-MgDeviceManagementWindowAutopilotDeviceIdentity : {
      "_version": 3,
      "Message": "Application is not authorized to perform this operation. Application must have one of the following scopes:
      DeviceManagementServiceConfiguration.Read.All, DeviceManagementServiceConfig.Read.All, DeviceManagementServiceConfiguration.ReadWrite.All,
      DeviceManagementServiceConfig.ReadWrite.All - Operation ID (for customer support): 00000000-0000-0000-0000-000000000000 - Activity ID:
      03aa471b-80a6-446c-9e8e-60b3c013c813 - Url: https://fef.msub02.manage.microsoft.com/DeviceEnrollmentFE_2204/StatelessDeviceEnrollmentFEService/de
      viceManagement/windowsAutopilotDeviceIdentities?api-version=5022-03-28&$filter=contains(serialNumber%2c%27014998402957%27)",
      "CustomApiErrorPhrase": "",
      "RetryAfter": null,
      "ErrorSourceService": "",
      "HttpHeaders": "{}"
      }

      If you have any idea ๐Ÿ™‚
      thanks

      • VasilMichev's avatar
        VasilMichev
        MVP
        May 24, 2022
        You're now drifting into Intune territory, that's a different beast altogether. Make sure you refresh your token when querying the Graph with your own application, after granting new permissions. If using the MG module directly, reconnect. The Get-MgContext cmdlet will show you which permissions the current token has.
        For the record, the cmdlet works fine for me with DeviceManagementServiceConfig.Read.All scope granted.

Resources