DEVHIDE
Login Or Sign up

How to add Extension Properties for Azure-AD Device Objects using PowerShell?

5.7k Views Asked by At

I want to add extension properties for device objects in Azure AD using Power-Shell. I have search a lot but found examples for only User objects.I have written a script and its successful for User Objects but am not be able to set extension properties for Device.

A command Set-AzureADUserExtension

exists for User but for devices, there is no such commands e.g

Set-AzureADDeviceExtension

(there is no command exists like it). Can anyone help me how to achieve this?How can i set extension properties for Device Objects? I want to achieve something like this:

New-AzureADApplicationExtensionProperty -ObjectId $MyApp -Name "MyNewProperty" -DataType "String" -TargetObjects "Device";

Set-AzureADDeviceExtension -ObjectId $deviceId -ExtensionName "extension_0380f0f700c040b5aa577c9268940b53_MyNewProperty" -ExtensionValue "MyNewValue";
azure powershell azure-active-directory azure-ad-powershell-v2
Original Q&A
1

There are 1 best solutions below

0
On

I was looking for exactly the same and I did not find anything then and today either. I had to use the Microsoft Graph API to add new extensions to the device object. The same for consulting.

Step 1: Install or import the azure module.

Install-Module AzureAD
or
Import-Module AzureAD

Step 2: Search Object and save ObjectID.

$ObjectID = (Get-AzureADDevice -SearchString 'Object-Name').ObjectId

Note: The "id" in the request is the "id" property of the device, not the "deviceId" property.

Step 3: Create App

https://portal.azure.com - Azure Active Directory - App registrations - New registration

Step 4: Configure App

https://portal.azure.com - Azure Active Directory - App registrations - YourAppName

  1. Certificates & secrets - New client secret

    • Save client secret value

  2. API permissions - Add a permission - Microsoft Graph - Delegated permissions

    • Directory.AccessAsUser.All

Step 5: Get access_token

## Directory.AccessAsUser.All : Minimun privilege for Get, add, update and delete extensions. (https://learn.microsoft.com/en-us/graph/api/opentypeextension-post-opentypeextension?view=graph-rest-1.0)
$scopes = "Directory.AccessAsUser.All"
$redirectURL = "https://login.microsoftonline.com/common/oauth2/nativeclient"

$clientID = "YourAppIdClient"

$clientSecret = [System.Web.HttpUtility]::UrlEncode("YourAppClientSecret")

$authorizeUrl = "https://login.microsoftonline.com/common/oauth2/v2.0/authorize"

$requestUrl = $authorizeUrl + "?scope=$scopes"
$requestUrl += "&response_type=code"
$requestUrl += "&client_id=$clientID"
$requestUrl += "&redirect_uri=$redirectURL"
$requestUrl += "&response_mode=query"   

Write-Host
Write-Host "Copy the following URL and paste the following into your browser:"
Write-Host
Write-Host $requestUrl -ForegroundColor Cyan
Write-Host
Write-Host "Copy the code querystring value from the browser and paste it below."
Write-Host
$code = Read-Host -Prompt "Enter the code"

$body = "client_id=$clientID&client_secret=$clientSecret&scope=$scopes&grant_type=authorization_code&code=$code&redirect_uri=$redirectURL"

$tokenUrl = "https://login.microsoftonline.com/common/oauth2/v2.0/token"

$response = Invoke-RestMethod -Method Post -Uri $tokenUrl -Headers @{"Content-Type" = "application/x-www-form-urlencoded"} -Body $body

$token = $response.access_token

Get Extensions device

$apiUrl = 'https://graph.microsoft.com/v1.0/devices/<ID-Object>/extensions'   ## change <ID-Object> for your ObjectID.
(https://learn.microsoft.com/en-us/graph/api/device-get?view=graph-rest-1.0&tabs=cs)
$Data = Invoke-RestMethod -Headers @{Authorization = "Bearer $accessToken"} -Uri $apiUrl -Method Get
$Data.Value | fl

Add extensions device

$apiUrl = 'https://graph.microsoft.com/v1.0/devices/<ID-Object>/extensions'
$body = '{
  "@odata.type": "microsoft.graph.openTypeExtension",
  "id": "test.extension",
  "name_extension": "example"
  }'
Invoke-RestMethod -Headers @{Authorization = "Bearer $token"; "Content-type" = "application/json"} -Uri $apiUrl -Method Post -Body $body

Update extensions device

## Actualizar datos de una extensión
$apiUrl = 'https://graph.microsoft.com/v1.0/devices/<ID-Object>/extensions/test.extension' ## Extension ID to update
$body = '{
  "@odata.type": "microsoft.graph.openTypeExtension",
  "id": "test.extension",
  "name_extension": "new_value"
  }'
Invoke-RestMethod -Headers @{Authorization = "Bearer $token"; "Content-type" = "application/json"} -Uri $apiUrl -Method Patch -Body $body

Delete extensions device

$apiUrl = 'https://graph.microsoft.com/v1.0/devices/<ID-Object>/extensions/test.extension'
Invoke-RestMethod -Headers @{Authorization = "Bearer $token"; "Content-type" = "application/json"} -Uri $apiUrl -Method Delete

Related Questions in AZURE

Related Questions in POWERSHELL

Related Questions in AZURE-ACTIVE-DIRECTORY

Related Questions in AZURE-AD-POWERSHELL-V2

Trending Questions

Popular # Hahtags

javascript python java c# php android html jquery c++ css ios sql mysql r reactjs node.js arrays c asp.net json python-3.x ruby-on-rails .net sql-server swift django angular objective-c pandas excel

Popular Questions

Copyright © 2021 Jogjafile Inc.