Looking for a Microsoft Graph API that can update device ownership of a deivce
I am looking to update device ownership of a device in AAD using Microsoft Graph API
This closest I have come to is https://learn.microsoft.com/en-us/graph/api/device-post-registeredowners?view=graph-rest-1.0&tabs=csharp but this needs delegated permission.
I would like to do it directly using Application permission type because I have to do the ownership change using a background process without any user involvement.
Note: My devices are not managed by In-tune
I have tried looking for APIs but I was not very successful. I got it working by using new GraphServiceClient(new InteractiveBrowserCredential()); graph api client but it needs user input which is a no for my user case
Solution
I got the error when I tried to registered owner of the device using application Api permissions via clientSecretCredential:
class Program
{
static async Task Main(string[] args)
{
string clientId = "ClientID";
string tenantId = "TenantID";
string clientSecret = "Secret";
string deviceId = "DeviceID";
string ownerId = "OwnerID";
var clientSecretCredential = new ClientSecretCredential(tenantId, clientId, clientSecret);
var graphClient = new GraphServiceClient(clientSecretCredential);
try
{
var ownerReference = new ReferenceCreate
{
OdataId = $"https://graph.microsoft.com/v1.0/directoryObjects/{ownerId}"
};
await graphClient.Devices[deviceId].RegisteredOwners.Ref.PostAsync(ownerReference);
Console.WriteLine("User added as a registered owner successfully.");
}
catch (ODataError odataError)
{
Console.WriteLine($"OData Error: {odataError.Error?.Message}");
if (odataError.Error?.InnerError != null)
{
Console.WriteLine($"Error Code: {odataError.Error?.Code}");
}
}
catch (Exception ex)
{
Console.WriteLine($"Error: {ex.Message}");
}
}
}
Note that: Application permissions are not supported to add a user as a registered owner of the device and there is no other use application Api permission.
- Hence, you need to mandatorily make use of delegated permissions with user interactive only like below:
class Program
{
static async Task Main(string[] args)
{
string clientId = "ClientID";
string deviceId = "DeviceID";
string ownerId = "OwnerID";
// Use InteractiveBrowserCredential for interactive login
var interactiveCredential = new InteractiveBrowserCredential();
var graphClient = new GraphServiceClient(interactiveCredential);
try
{
var ownerReference = new ReferenceCreate
{
OdataId = $"https://graph.microsoft.com/v1.0/directoryObjects/{ownerId}"
};
await graphClient.Devices[deviceId].RegisteredOwners.Ref.PostAsync(ownerReference);
Console.WriteLine("User added as a registered owner successfully.");
}
catch (ODataError odataError)
{
Console.WriteLine($"OData Error: {odataError.Error?.Message}");
if (odataError.Error?.InnerError != null)
{
Console.WriteLine($"Error Code: {odataError.Error?.Code}");
}
}
catch (Exception ex)
{
Console.WriteLine($"Error: {ex.Message}");
}
}
}
Reference:
- How can I add email recipients to a Graph API request programmatically?
- Microsoft Identity Web: Change Redirect Uri
- Azure graph api to search groups whose displayName contains a specific term
- I am getting an error that OAuth2 Code has already been redeemed
- Access OneDrive Directories and files using MSGraph API with client Authentication
- Why is my Azure AD token request returning HTTP 400 consent error for API permissions that have been granted?
- Upload a file using msgraph Python SDK
- How can I use msgraph Python SDK to properly list or get files from OneDrive?
- AADSTS65001: The user or administrator has not consented to use the application with ID <app-id>
- Get-MgUserCalendar fails with "The specified object was not found in the store." for my own calendar
- How to get all the files in OneDrive account using the graph SDK?
- Microsoft Graph API fails to update user birthday and hireDate in GCC high environment
- Looking for a Microsoft Graph API that can update device ownership of a deivce
- Is there an easy way to display the profile image from graph api in a react application
- Trying to Authenticate with SharePoint and get list of files via API using access token
- Find or expand Sharepoint Page titleArea image - Microsoft Graph API
- Adding members to MS Entra Group via MS Graph API fails via Python Azure Function App
- Is it possible to bulk replace strings in an Excel file via API?
- Graph API IAuthenticationProvider removed
- AADSTS70000 Error When Requesting for Access Token
- Returning employeeId of a user through MS Graph API
- Secrets and Certificate Expiry with Graph Powershell
- How to set a Term into the TaxKeyword field of a file with Microsoft Graph
- Microsoft Graph API, Add SharePoint List Item suddenly throws exception for null strings
- How to create a working GraphServiceClient and query Graph for group names
- When i add the "ItemSend" Event handler in my add-ins manifest.xml thrown error while installing the add-ins
- How to call graphClient.Groups[groupId].GetAsync()?
- Get all email message using Microsoft Graph API in c#
- Microsoft graph batch calls for OneNote page renames fails with message "Invalid JSON body for request id"
- How can I "Get Microsoft Teams Users" Using of Microsoft Graph API