Hi @Lars Giesser · Thank you for reaching out.
Along with "Device.ReadWrite.All" application permission, you need to assign Global Administrator role to the application as well. Unfortunately, Cloud Device Administrator role can not be used for this purpose as it provides limited access to manage devices in Azure AD and doesn't allow creating device object in the directory.
-----------------------------------------------------------------------------------------------------------
Please "Accept the answer" if the information helped you. This will help us and others in the community as well.