Microsoft removed Graph permission "Directory.Write.Restricted"

Question

Hello,

Microsoft removed Graph permission "Directory.Write.Restricted" without any preannouncement.

We cannot use Update-MgDevice for devices in administrative units any more.

Directory.Write.Restricted available: Microsoft Graph permissions reference - Microsoft Graph | Microsoft Learn (June 2024)

Directory.Write.Restricted not available: Microsoft Graph permissions reference - Microsoft Graph | Microsoft Learn (current)

What is the substitute permission?

Best

Felix

Answer 1

Hi Muster Felix,

Thanks for reaching out to Microsoft!

Microsoft removed the "Directory.Write.Restricted" permission as noted in the changelog under Identity and access | Directory management on September 16, 2024. The previously deprecated permission "Directory.Write.Restricted" was removed from the device resource.

Permissions required to update devices:

Update devices using Microsoft Graph

Hope this helps.

If the answer is helpful, please click Accept Answer and kindly upvote. If you have any further questions about this answer, please click Comment.

Answer 2

Hi @Muster Felix

You can follow the Microsoft Graph Changelog to track any updates to Graph API permissions. I noticed that the "Directory.Write.Restricted" permission for device resources was deprecated on July 31 last year, and then completely removed on September 16.

As @Saranya mentioned, you can currently use the Directory.AccessAsUser.All (delegated) or Device.ReadWrite.All (application-only) permissions to update devices.

Hope this helps.

If the answer is helpful, please click Accept Answer and kindly upvote. If you have any further questions about this answer, please click Comment.