Hi,
using MS graph to enable/disable a device in AzureAD behaves differently if authenticated as user (using delegated permissions) vs. when authenticated as app (using app permissions).
Assume the following device to be an Android phone. Currently signed in using ClientId/ClientSecret (using Application permissions)
Example request:
PATCH https://graph.microsoft.com/v1.0/devices/06d51111-e422-4aa4-b930-e4c6218ef78d
{
"accountEnabled": false
}
this will create the following error:
- code: 400 - Request_BadRequest
- message: Properties other than ExtendedAttribute1..15 can be modified only on windows devices.
Whilst, if i authenticate as user (using delegated permissions) or use Graph Explorer it will succeed on the same object. Response to the same request:
- code: 204 (No Content, Success)
And the device is deactived- even if it is no windows device.
Maybe this is a filtering issue when using app permissions?