question

LarsGiesser-0445 avatar image
0 Votes"
LarsGiesser-0445 asked LarsGiesser-0445 edited

Graph API - Application - Create Devices

Hello,

I was trying to use the graph API to create a new device in a test environment. I´ve created an application an assigned the needed application lvl permissions as described here:
https://docs.microsoft.com/en-us/graph/api/device-post-devices

I failed to successfully create a new device using this endpoint. The request returns an authorization issue 403.

Unfortunatley I recognized that the azure-portal-description of permission: "Device.ReadWrite.All" says that it allows all operations except create and delete. I was a little bit confused since I found nothing regarding to this in the docs.

Am I missing some point in the docs? Is there another permission I need to use to create a new device from an registered application using graph API?

microsoft-graph-sdkmicrosoft-graph-data-connectazure-ad-graph-deprecation
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

1 Answer

amanpreetsingh-msft avatar image
0 Votes"
amanpreetsingh-msft answered LarsGiesser-0445 edited

Hi @LarsGiesser-0445 · Thank you for reaching out.

Along with "Device.ReadWrite.All" application permission, you need to assign Global Administrator role to the application as well. Unfortunately, Cloud Device Administrator role can not be used for this purpose as it provides limited access to manage devices in Azure AD and doesn't allow creating device object in the directory.


Please "Accept the answer" if the information helped you. This will help us and others in the community as well.

· 2
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Hi @LarsGiesser-0445 · Just checking if you had a chance to test it out.

0 Votes 0 ·
LarsGiesser-0445 avatar image LarsGiesser-0445 amanpreetsingh-msft ·

Hello @amanpreetsingh-msft,

I finally found some time to test your solution. It works as described. I´ve added the specific Application to the Global Administrator Role and now I wont get an insufficient permission response. The Device is also created properly.

Thanks a lot for you help. I think this circumstance should make its way into the "https://docs.microsoft.com/en-us/graph/api/device-post-devices" api docs. Or maybe I just missed it...

0 Votes 0 ·