Set-EntraDevice
Updates a device.
Syntax
Set-EntraDevice
-DeviceObjectId <String>
[-DevicePhysicalIds <System.Collections.Generic.List`1[String]>]
[-DeviceOSType <String>]
[-DeviceTrustType <String>]
[-DisplayName <String>]
[-DeviceMetadata <String>]
[-ApproximateLastLogonTimeStamp <DateTime>]
[-AccountEnabled <Boolean>]
[-IsManaged <Boolean >]
[-DeviceId <String>]
[-DeviceObjectVersion <Int32>]
[-IsCompliant <Boolean>]
[-DeviceOSVersion <String>]
[-AlternativeSecurityIds <System.Collections.Generic.List`1[Microsoft.Open.AzureAD.Model.AlternativeSecurityId]>]
[-ProfileType <String>]
[-SystemLabels <System.Collections.Generic.List`1[String]>]
[<CommonParameters>]
Description
The Set-EntraDevice
cmdlet updates a device in Microsoft Entra ID.
The calling user must have at least the Intune Administrator role in Microsoft Entra. A user with the Cloud Device Administrator role can only enable or disable devices, while a user with the Windows 365 Administrator role can only update basic device properties.
Examples
Example 1: Update a device display name
Connect-Entra -Scopes 'Directory.AccessAsUser.All','Device.ReadWrite.All'
Set-EntraDevice -DeviceObjectId 'aaaaaaaa-0000-1111-2222-bbbbbbbbbbbb' -DisplayName 'My OS/2 computer'
This example shows how to update a display name of a specified.
Example 2: Update a device alternative security ID
Connect-Entra -Scopes 'Directory.AccessAsUser.All','Device.ReadWrite.All'
$NewId= New-Object Microsoft.Open.AzureAD.Model.AlternativeSecurityId
$NewId.Key =[System.Text.Encoding]::UTF8.GetBytes('test')
$NewId.type = 2
Set-EntraDevice -DeviceObjectId 'aaaaaaaa-0000-1111-2222-bbbbbbbbbbbb' -AlternativeSecurityIds $NewId
This example shows how to update an alternative security ID of a specified device.
Example 3: Update a device account enabled
Connect-Entra -Scopes 'Directory.AccessAsUser.All','Device.ReadWrite.All'
Set-EntraDevice -DeviceObjectId 'aaaaaaaa-0000-1111-2222-bbbbbbbbbbbb' -AccountEnabled $true
This example shows how to update an account enabled of a specified device.
Example 4: Update a device OS type
Connect-Entra -Scopes 'Directory.AccessAsUser.All','Device.ReadWrite.All'
Set-EntraDevice -DeviceObjectId 'aaaaaaaa-0000-1111-2222-bbbbbbbbbbbb' -DeviceOSType Windows
This example shows how to update an OS type of a specified device.
Example 5: Update a device
Connect-Entra -Scopes 'Directory.AccessAsUser.All','Device.ReadWrite.All'
$params = @{
DeviceObjectId = 'aaaaaaaa-0000-1111-2222-bbbbbbbbbbbb'
DeviceMetadata = 'Testdevice'
DeviceObjectVersion = 4
DevicePhysicalIds = '[GID]:g:1234567890123456'
IsCompliant = $false
}
Set-EntraDevice @params
This example shows how to update multiple properties of a specified device.
Parameters
-AccountEnabled
Indicates whether the account is enabled.
Type: | System.Boolean |
Position: | Named |
Default value: | None |
Required: | False |
Accept pipeline input: | False |
Accept wildcard characters: | False |
-AlternativeSecurityIds
Specifies alternative security IDs.
Type: | System.Collections.Generic.List`1[Microsoft.Open.AzureAD.Model.AlternativeSecurityId] |
Position: | Named |
Default value: | None |
Required: | False |
Accept pipeline input: | False |
Accept wildcard characters: | False |
-ApproximateLastLogonTimeStamp
The timestamp type represents date and time information using ISO 8601 format and is always in UTC time. For example, midnight UTC on Jan 1, 2014 is 2014-01-01T00:00:00Z. Read-only. Supports $filter (eq, ne, not, ge, le, and eq on null values) and $orderby.
Type: | System.DateTime |
Position: | Named |
Default value: | None |
Required: | False |
Accept pipeline input: | False |
Accept wildcard characters: | False |
-DeviceId
Specifies the device ID.
Type: | System.String |
Position: | Named |
Default value: | None |
Required: | False |
Accept pipeline input: | False |
Accept wildcard characters: | False |
-DeviceMetadata
The device metadata for this device.
Type: | System.String |
Position: | Named |
Default value: | None |
Required: | False |
Accept pipeline input: | False |
Accept wildcard characters: | False |
-DeviceObjectId
Specifies the object ID of a device in Microsoft Entra ID.
Type: | System.String |
Aliases: | ObjectId |
Position: | Named |
Default value: | None |
Required: | True |
Accept pipeline input: | True |
Accept wildcard characters: | False |
-DeviceObjectVersion
Specifies the object version of the device.
Type: | System.Int32 |
Position: | Named |
Default value: | None |
Required: | False |
Accept pipeline input: | False |
Accept wildcard characters: | False |
-DeviceOSType
Specifies the operating system.
Type: | System.String |
Position: | Named |
Default value: | None |
Required: | False |
Accept pipeline input: | False |
Accept wildcard characters: | False |
-DeviceOSVersion
Specifies the operating system version.
Type: | System.String |
Position: | Named |
Default value: | None |
Required: | False |
Accept pipeline input: | False |
Accept wildcard characters: | False |
-DevicePhysicalIds
Specifies the physical ID.
Type: | System.Collections.Generic.List`1[System.String] |
Position: | Named |
Default value: | None |
Required: | False |
Accept pipeline input: | False |
Accept wildcard characters: | False |
-DeviceTrustType
Specifies the device trust type.
Type: | System.String |
Position: | Named |
Default value: | None |
Required: | False |
Accept pipeline input: | False |
Accept wildcard characters: | False |
-DisplayName
Specifies the display name.
Type: | System.String |
Position: | Named |
Default value: | None |
Required: | False |
Accept pipeline input: | False |
Accept wildcard characters: | False |
-IsCompliant
Indicates whether the device is compliant.
Type: | System.Boolean |
Position: | Named |
Default value: | None |
Required: | False |
Accept pipeline input: | False |
Accept wildcard characters: | False |
-IsManaged
Indicates whether the device is managed.
Type: | System.Boolean |
Position: | Named |
Default value: | None |
Required: | False |
Accept pipeline input: | False |
Accept wildcard characters: | False |
-ProfileType
Specifies the profile type of the device. Possible values: RegisteredDevice (default), SecureVM, Printer, Shared, IoT.
Type: | System.String |
Position: | Named |
Default value: | None |
Required: | False |
Accept pipeline input: | False |
Accept wildcard characters: | False |
-SystemLabels
Specifies list of labels applied to the device by the system.
Type: | System.Collections.Generic.List`1[System.String] |
Position: | Named |
Default value: | None |
Required: | False |
Accept pipeline input: | False |
Accept wildcard characters: | False |