New-EntraDevice

Reference

Module:: Microsoft.Entra

Creates a device.

Syntax

New-EntraDevice
   -DisplayName <String>
   -DeviceOSType <String>
   -AccountEnabled <Boolean>
   -DeviceId <String>
   -DeviceOSVersion <String>
   -AlternativeSecurityIds <System.Collections.Generic.List`1[Microsoft.Open.AzureAD.Model.AlternativeSecurityId]>
   [-DevicePhysicalIds <System.Collections.Generic.List`1[System.String]>]
   [-DeviceTrustType <String>]
   [-DeviceMetadata <String>]
   [-ApproximateLastLogonTimeStamp <DateTime>]
   [-IsManaged <Boolean>]
   [-DeviceObjectVersion <Int32>]
   [-IsCompliant <Boolean>]
   [-ProfileType <String>]
   [-SystemLabels <System.Collections.Generic.List`1[System.String]>]
   [<CommonParameters>]

Description

The New-EntraDevice cmdlet creates a device in Microsoft Entra ID.

In delegated scenarios involving work or school accounts, the signed-in user must have a supported Microsoft Entra role or a custom role with the required permissions. The following least privileged roles are supported for this operation:

Intune Administrator
Windows 365 Administrator

Examples

Example 1: Create a device

Connect-Entra -Scopes 'Directory.AccessAsUser.All', 'Device.ReadWrite.All'
$newId = New-Object Microsoft.Open.AzureAD.Model.AlternativeSecurityId
$newId.Key = [System.Text.Encoding]::UTF8.GetBytes('test')
$newId.type = 2
$params = @{
    AccountEnabled         = $true
    DisplayName            = 'My new device'
    AlternativeSecurityIds = $newId
    DeviceId               = $guid
    DeviceOSType           = 'OS/2'
    DeviceOSVersion        = '9.3'
}
New-EntraDevice @params

ObjectId                             DeviceId                             DisplayName
--------                             --------                             -----------
aaaaaaaa-0000-1111-2222-bbbbbbbbbbbb dddddddd-3333-4444-5555-eeeeeeeeeeee My new device

This command creates a new device.

Parameters

-AccountEnabled

Indicates whether the account is enabled.

Type:	System.Boolean
Position:	Named
Default value:	None
Required:	True
Accept pipeline input:	False
Accept wildcard characters:	False

-AlternativeSecurityIds

Specifies alternative security IDs. See more details on security IDs.

Type:	System.Collections.Generic.List`1[Microsoft.Open.AzureAD.Model.AlternativeSecurityId]
Position:	Named
Default value:	None
Required:	True
Accept pipeline input:	False
Accept wildcard characters:	False

-ApproximateLastLogonTimeStamp

Specifies last sign-in date time.

Type:	System.DateTime
Position:	Named
Default value:	None
Required:	False
Accept pipeline input:	False
Accept wildcard characters:	False

-DeviceId

Specifies the ID of the device.

Type:	System.String
Position:	Named
Default value:	None
Required:	True
Accept pipeline input:	False
Accept wildcard characters:	False

-DeviceMetadata

The metadata for this device

Type:	System.String
Position:	Named
Default value:	None
Required:	False
Accept pipeline input:	False
Accept wildcard characters:	False

-DeviceObjectVersion

Specifies the object version of the device.

Type:	System.Int32
Position:	Named
Default value:	None
Required:	False
Accept pipeline input:	False
Accept wildcard characters:	False

-DeviceOSType

Specifies the operating system type of the new device.

Type:	System.String
Position:	Named
Default value:	None
Required:	True
Accept pipeline input:	False
Accept wildcard characters:	False

-DeviceOSVersion

Specifies the operating system version of the new device.

Type:	System.String
Position:	Named
Default value:	None
Required:	True
Accept pipeline input:	False
Accept wildcard characters:	False

-DevicePhysicalIds

Specifies the physical ID.

Type:	System.Collections.Generic.List`1[System.String]
Position:	Named
Default value:	None
Required:	False
Accept pipeline input:	False
Accept wildcard characters:	False

-DeviceTrustType

The trust type for this device

Type:	System.String
Position:	Named
Default value:	None
Required:	False
Accept pipeline input:	False
Accept wildcard characters:	False

-DisplayName

Specifies the display name of the new device.

Type:	System.String
Position:	Named
Default value:	None
Required:	True
Accept pipeline input:	False
Accept wildcard characters:	False

-IsCompliant

True if the device complies with Mobile Device Management (MDM) policies; otherwise, false.

Type:	System.Boolean
Position:	Named
Default value:	None
Required:	False
Accept pipeline input:	False
Accept wildcard characters:	False

-IsManaged

True if the device is managed by a Mobile Device Management (MDM) app such as Intune; otherwise, false.

Type:	System.Boolean
Position:	Named
Default value:	None
Required:	False
Accept pipeline input:	False
Accept wildcard characters:	False

-ProfileType

Specifies profile type of the device.

Type:	System.String
Position:	Named
Default value:	None
Required:	False
Accept pipeline input:	False
Accept wildcard characters:	False

-SystemLabels

Specifies labels for the device.

Type:	System.Collections.Generic.List`1[System.String]
Position:	Named
Default value:	None
Required:	False
Accept pipeline input:	False
Accept wildcard characters:	False

Share via

New-EntraDevice

Syntax

Description

Examples

Example 1: Create a device

Parameters

-AccountEnabled

-AlternativeSecurityIds

-ApproximateLastLogonTimeStamp

-DeviceId

-DeviceMetadata

-DeviceObjectVersion

-DeviceOSType

-DeviceOSVersion

-DevicePhysicalIds

-DeviceTrustType

-DisplayName

-IsCompliant

-IsManaged

-ProfileType

-SystemLabels

Feedback

Additional resources

Share via

New-EntraDevice

Syntax

Description

Examples

Example 1: Create a device

Parameters

-AccountEnabled

-AlternativeSecurityIds

-ApproximateLastLogonTimeStamp

-DeviceId

-DeviceMetadata

-DeviceObjectVersion

-DeviceOSType

-DeviceOSVersion

-DevicePhysicalIds

-DeviceTrustType

-DisplayName

-IsCompliant

-IsManaged

-ProfileType

-SystemLabels

Related Links

Feedback

Additional resources