0

I'm trying to register a device programmatically with Entra ID (formerly known as Azure Active Directory) for my organization's internal application. I've read through the official Microsoft documentation, but I'm still having trouble understanding the exact steps and the necessary API calls.

What I have tried:

  1. Reading the official documentation: I've looked at the official Microsoft documentation but found it difficult to understand the exact steps required.

  2. Using the Microsoft Graph API: I attempted to use the Microsoft Graph API for device registration, but I'm not sure if I'm doing it correctly.

  3. Questions:

    1. What are the exact steps to register a device with Entra ID programmatically?

    2. Are there specific permissions or scopes required to register a device?

    3. Is my approach correct, and if not, what should I change to successfully register a device?

    Any help or guidance would be greatly appreciated!

Improve this question
1

1 Answer 1

Reset to default
0

To create and register a new device in the organization, check the below:

Create a Microsoft Entra ID application and grant Directory.AccessAsUser.All delegated API permission:

enter image description here

Generate auth-code by using below endpoint:

https://login.microsoftonline.com/TenantID/oauth2/v2.0/authorize?
&client_id=ClientID
&response_type=code
&redirect_uri=https://jwt.ms
&response_mode=query
&scope=https://graph.microsoft.com/.default
&state=12345

enter image description here

Generate access token using below parameter's:

https://login.microsoftonline.com/TenantID/oauth2/v2.0/token

grant_type:authorization_code
client_id:ClientID
client_secret:ClientSecret
scope:https://graph.microsoft.com/.default
code:code
redirect_uri:https://jwt.ms

enter image description here

Make sure that the scope is present in the token:

enter image description here

Use the below API call to create device in Microsoft Entra:

POST https://graph.microsoft.com/v1.0/devices
Content-type: application/json

{
  "accountEnabled":false,
  "alternativeSecurityIds":
  [
    {
      "type":2,
      "key":"xxx"
    }
  ],
  "deviceId":"DeviceID",
  "displayName":"DeviceName",
  "operatingSystem":"OsName",
  "operatingSystemVersion":"OsVersion"
}

enter image description here

You will get a 201 Created response if the device is registered.

Reference:

Create device - Microsoft Graph v1.0 | Microsoft

Improve this answer
Recognized by Microsoft Azure Collective

Not the answer you're looking for? Browse other questions tagged or ask your own question.