Looking for a Microsoft Graph API that can update device ownership of a deivce
I am looking to update device ownership of a device in AAD using Microsoft Graph API
This closest I have come to is https://learn.microsoft.com/en-us/graph/api/device-post-registeredowners?view=graph-rest-1.0&tabs=csharp but this needs delegated permission.
I would like to do it directly using Application permission type because I have to do the ownership change using a background process without any user involvement.
Note: My devices are not managed by In-tune
I have tried looking for APIs but I was not very successful. I got it working by using new GraphServiceClient(new InteractiveBrowserCredential()); graph api client but it needs user input which is a no for my user case
Solution
I got the error when I tried to registered owner of the device using application Api permissions via clientSecretCredential:
class Program
{
static async Task Main(string[] args)
{
string clientId = "ClientID";
string tenantId = "TenantID";
string clientSecret = "Secret";
string deviceId = "DeviceID";
string ownerId = "OwnerID";
var clientSecretCredential = new ClientSecretCredential(tenantId, clientId, clientSecret);
var graphClient = new GraphServiceClient(clientSecretCredential);
try
{
var ownerReference = new ReferenceCreate
{
OdataId = $"https://graph.microsoft.com/v1.0/directoryObjects/{ownerId}"
};
await graphClient.Devices[deviceId].RegisteredOwners.Ref.PostAsync(ownerReference);
Console.WriteLine("User added as a registered owner successfully.");
}
catch (ODataError odataError)
{
Console.WriteLine($"OData Error: {odataError.Error?.Message}");
if (odataError.Error?.InnerError != null)
{
Console.WriteLine($"Error Code: {odataError.Error?.Code}");
}
}
catch (Exception ex)
{
Console.WriteLine($"Error: {ex.Message}");
}
}
}
Note that: Application permissions are not supported to add a user as a registered owner of the device and there is no other use application Api permission.
- Hence, you need to mandatorily make use of delegated permissions with user interactive only like below:
class Program
{
static async Task Main(string[] args)
{
string clientId = "ClientID";
string deviceId = "DeviceID";
string ownerId = "OwnerID";
// Use InteractiveBrowserCredential for interactive login
var interactiveCredential = new InteractiveBrowserCredential();
var graphClient = new GraphServiceClient(interactiveCredential);
try
{
var ownerReference = new ReferenceCreate
{
OdataId = $"https://graph.microsoft.com/v1.0/directoryObjects/{ownerId}"
};
await graphClient.Devices[deviceId].RegisteredOwners.Ref.PostAsync(ownerReference);
Console.WriteLine("User added as a registered owner successfully.");
}
catch (ODataError odataError)
{
Console.WriteLine($"OData Error: {odataError.Error?.Message}");
if (odataError.Error?.InnerError != null)
{
Console.WriteLine($"Error Code: {odataError.Error?.Code}");
}
}
catch (Exception ex)
{
Console.WriteLine($"Error: {ex.Message}");
}
}
}
Reference:
- How to embed Image inline in Email Body using Microsoft Graph
- C# Graph api SDK V5 - Add User to multiple Groups
- How to create chart in power apps which shows number of post done by team member in teams channel?
- Why must "force_change_password_next_sign_in" be set to false for MS External ID Local Accounts?
- Ordering Microsoft Graph API Messages by hasAttachments with External Email Filters Causes "InefficientFilter" Error
- MS Graph Subscription for Event Grid is failing with 400 Invalid Request
- Implementing SSO for Azure AD B2C
- Implementing Microsoft SSO with passport-azure-ad and without msal
- S/MIME Email Sent via Python and Microsoft Graph Works in Gmail but Not in Outlook
- File upload to SharePoint is not working and is not throwing any errors
- Is it possible to manually construct a skiptoken to paginate search results in Microsoft Graph API?
- How to setup Microsoft authentication in a django based project
- Graph JSON response seldom contains raw HTML
- Microsoft Graph API: How to get url for Task in Planner?
- How to Use MS Graph Beta API for Recalling Sent Emails?
- Java - ODataError "The mailbox is either inactive, soft-deleted, or is hosted on-premise."
- How to subscribe to updates to the root drive of a SharePoint Site using Microsoft Graph
- How to assign Entra user User.Read.All and Group.Read.All from Graph Explorer
- How to create event by MS Graph with room as location?
- GraphServiceClient filter issue
- Read 'Attribute & Claims' from SAML Entra application configuration using PowerShell
- Upload drive files via MS Graph API
- how to list ExternalItems from a graph-connector
- Retrieve all Users from all Groups?
- Microsoft Graph SDK v5.61 : Ordering Mail List by Size
- How to access response header in Graph v5.0 SDK?
- Attempting to set DisableCustomAppAuthentication to false for Azure not working from Powershell
- Unable to call Graph API using an on-behalf-of flow from ASP.NET Core Web API
- Access Microsoft Todo List via Rest API
- SharePoint REST API returns invalidRequest apiNotFound when registering Container Type