Forum Discussion
Get a list of AAD device in graph (equivalent to Get-AzureADDevice in AzureAD module)
HI, I could not find the command in microsoft graph equivalent to the Get-AzureADDevice in AzureAD module. Thanks
thanks Vasil.
I have problem with permission in my powershell script error when using Get-MgDeviceManagementWindowAutopilotDeviceIdentity (from
the Microsoft.Graph.DeviceManagement.Enrolment module)
I consented the permissions as needed to my app registration: DeviceManagementServiceConfiguration.Read.All
DeviceManagementServiceConfig.Read.All
DeviceManagementServiceConfiguration.ReadWrite.All
DeviceManagementServiceConfig.ReadWrite.All
Get this error message when running the script:
Get-MgDeviceManagementWindowAutopilotDeviceIdentity : {
"_version": 3,
"Message": "Application is not authorized to perform this operation. Application must have one of the following scopes:
DeviceManagementServiceConfiguration.Read.All, DeviceManagementServiceConfig.Read.All, DeviceManagementServiceConfiguration.ReadWrite.All,
DeviceManagementServiceConfig.ReadWrite.All - Operation ID (for customer support): 00000000-0000-0000-0000-000000000000 - Activity ID:
03aa471b-80a6-446c-9e8e-60b3c013c813 - Url: https://fef.msub02.manage.microsoft.com/DeviceEnrollmentFE_2204/StatelessDeviceEnrollmentFEService/de
viceManagement/windowsAutopilotDeviceIdentities?api-version=5022-03-28&$filter=contains(serialNumber%2c%27014998402957%27)",
"CustomApiErrorPhrase": "",
"RetryAfter": null,
"ErrorSourceService": "",
"HttpHeaders": "{}"
}
If you have any idea 🙂
thanks
I have problem with permission in my powershell script error when using Get-MgDeviceManagementWindowAutopilotDeviceIdentity (from
the Microsoft.Graph.DeviceManagement.Enrolment module)
I consented the permissions as needed to my app registration: DeviceManagementServiceConfiguration.Read.All
DeviceManagementServiceConfig.Read.All
DeviceManagementServiceConfiguration.ReadWrite.All
DeviceManagementServiceConfig.ReadWrite.All
Get this error message when running the script:
Get-MgDeviceManagementWindowAutopilotDeviceIdentity : {
"_version": 3,
"Message": "Application is not authorized to perform this operation. Application must have one of the following scopes:
DeviceManagementServiceConfiguration.Read.All, DeviceManagementServiceConfig.Read.All, DeviceManagementServiceConfiguration.ReadWrite.All,
DeviceManagementServiceConfig.ReadWrite.All - Operation ID (for customer support): 00000000-0000-0000-0000-000000000000 - Activity ID:
03aa471b-80a6-446c-9e8e-60b3c013c813 - Url: https://fef.msub02.manage.microsoft.com/DeviceEnrollmentFE_2204/StatelessDeviceEnrollmentFEService/de
viceManagement/windowsAutopilotDeviceIdentities?api-version=5022-03-28&$filter=contains(serialNumber%2c%27014998402957%27)",
"CustomApiErrorPhrase": "",
"RetryAfter": null,
"ErrorSourceService": "",
"HttpHeaders": "{}"
}
If you have any idea 🙂
thanks
You're now drifting into Intune territory, that's a different beast altogether. Make sure you refresh your token when querying the Graph with your own application, after granting new permissions. If using the MG module directly, reconnect. The Get-MgContext cmdlet will show you which permissions the current token has.
For the record, the cmdlet works fine for me with DeviceManagementServiceConfig.Read.All scope granted.
For the record, the cmdlet works fine for me with DeviceManagementServiceConfig.Read.All scope granted.