thanks Vasil.
I have problem with permission in my powershell script error when using Get-MgDeviceManagementWindowAutopilotDeviceIdentity (from
the Microsoft.Graph.DeviceManagement.Enrolment module)

I consented the permissions as needed to my app registration: DeviceManagementServiceConfiguration.Read.All
DeviceManagementServiceConfig.Read.All
DeviceManagementServiceConfiguration.ReadWrite.All
DeviceManagementServiceConfig.ReadWrite.All

Get this error message when running the script:
Get-MgDeviceManagementWindowAutopilotDeviceIdentity : {
"_version": 3,
"Message": "Application is not authorized to perform this operation. Application must have one of the following scopes:
DeviceManagementServiceConfiguration.Read.All, DeviceManagementServiceConfig.Read.All, DeviceManagementServiceConfiguration.ReadWrite.All,
DeviceManagementServiceConfig.ReadWrite.All - Operation ID (for customer support): 00000000-0000-0000-0000-000000000000 - Activity ID:
03aa471b-80a6-446c-9e8e-60b3c013c813 - Url: https://fef.msub02.manage.microsoft.com/DeviceEnrollmentFE_2204/StatelessDeviceEnrollmentFEService/d...
viceManagement/windowsAutopilotDeviceIdentities?api-version=5022-03-28&$filter=contains(serialNumber%2c%27014998402957%27)",
"CustomApiErrorPhrase": "",
"RetryAfter": null,
"ErrorSourceService": "",
"HttpHeaders": "{}"
}

If you have any idea :)
thanks

You're now drifting into Intune territory, that's a different beast altogether. Make sure you refresh your token when querying the Graph with your own application, after granting new permissions. If using the MG module directly, reconnect. The Get-MgContext cmdlet will show you which permissions the current token has.
For the record, the cmdlet works fine for me with DeviceManagementServiceConfig.Read.All scope granted.