Graph API - Application - Create Devices

Lars Giesser 21 Reputation points
2021-03-31T08:29:38.837+00:00

Hello,

I was trying to use the graph API to create a new device in a test environment. I´ve created an application an assigned the needed application lvl permissions as described here:
https://learn.microsoft.com/en-us/graph/api/device-post-devices

I failed to successfully create a new device using this endpoint. The request returns an authorization issue 403.

Unfortunatley I recognized that the azure-portal-description of permission: "Device.ReadWrite.All" says that it allows all operations except create and delete. I was a little bit confused since I found nothing regarding to this in the docs.

Am I missing some point in the docs? Is there another permission I need to use to create a new device from an registered application using graph API?

Microsoft Graph
Microsoft Graph
A Microsoft programmability model that exposes REST APIs and client libraries to access data on Microsoft 365 services.
10,592 questions
Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
19,473 questions
0 comments
Accepted answer
  1. AmanpreetSingh-MSFT 56,306 Reputation points
    2021-03-31T13:23:14.233+00:00

    Hi @Lars Giesser · Thank you for reaching out.

    Along with "Device.ReadWrite.All" application permission, you need to assign Global Administrator role to the application as well. Unfortunately, Cloud Device Administrator role can not be used for this purpose as it provides limited access to manage devices in Azure AD and doesn't allow creating device object in the directory.

    -----------------------------------------------------------------------------------------------------------

    Please "Accept the answer" if the information helped you. This will help us and others in the community as well.

0 additional answers

Sort by: Most helpful
Most helpful Newest Oldest