Set-EntraDevice

Updates a device.

Syntax

Set-EntraDevice
   -DeviceObjectId <String>
   [-DevicePhysicalIds <System.Collections.Generic.List`1[String]>]
   [-DeviceOSType <String>]
   [-DeviceTrustType <String>]
   [-DisplayName <String>]
   [-DeviceMetadata <String>]
   [-ApproximateLastLogonTimeStamp <DateTime>]
   [-AccountEnabled <Boolean>]
   [-IsManaged <Boolean >]
   [-DeviceId <String>]
   [-DeviceObjectVersion <Int32>]
   [-IsCompliant <Boolean>]
   [-DeviceOSVersion <String>]
   [-AlternativeSecurityIds <System.Collections.Generic.List`1[Microsoft.Open.AzureAD.Model.AlternativeSecurityId]>]
   [-ProfileType <String>]
   [-SystemLabels <System.Collections.Generic.List`1[String]>]
   [<CommonParameters>]

Description

The Set-EntraDevice cmdlet updates a device in Microsoft Entra ID.

The calling user must have at least the Intune Administrator role in Microsoft Entra. A user with the Cloud Device Administrator role can only enable or disable devices, while a user with the Windows 365 Administrator role can only update basic device properties.

Examples

Example 1: Update a device display name

Connect-Entra -Scopes 'Directory.AccessAsUser.All','Device.ReadWrite.All'
Set-EntraDevice -DeviceObjectId 'aaaaaaaa-0000-1111-2222-bbbbbbbbbbbb' -DisplayName 'My OS/2 computer'

This example shows how to update a display name of a specified.

Example 2: Update a device alternative security ID

Connect-Entra -Scopes 'Directory.AccessAsUser.All','Device.ReadWrite.All'
$NewId= New-Object Microsoft.Open.AzureAD.Model.AlternativeSecurityId
$NewId.Key =[System.Text.Encoding]::UTF8.GetBytes('test')
$NewId.type = 2
Set-EntraDevice -DeviceObjectId 'aaaaaaaa-0000-1111-2222-bbbbbbbbbbbb' -AlternativeSecurityIds $NewId

This example shows how to update an alternative security ID of a specified device.

Example 3: Update a device account enabled

Connect-Entra -Scopes 'Directory.AccessAsUser.All','Device.ReadWrite.All'
Set-EntraDevice -DeviceObjectId 'aaaaaaaa-0000-1111-2222-bbbbbbbbbbbb' -AccountEnabled $true

This example shows how to update an account enabled of a specified device.

Example 4: Update a device OS type

Connect-Entra -Scopes 'Directory.AccessAsUser.All','Device.ReadWrite.All'
Set-EntraDevice -DeviceObjectId 'aaaaaaaa-0000-1111-2222-bbbbbbbbbbbb' -DeviceOSType Windows

This example shows how to update an OS type of a specified device.

Example 5: Update a device

Connect-Entra -Scopes 'Directory.AccessAsUser.All','Device.ReadWrite.All'

$params = @{
    DeviceObjectId = 'aaaaaaaa-0000-1111-2222-bbbbbbbbbbbb'
    DeviceMetadata = 'Testdevice'
    DeviceObjectVersion = 4
    DevicePhysicalIds = '[GID]:g:1234567890123456'
    IsCompliant = $false
}

Set-EntraDevice @params

This example shows how to update multiple properties of a specified device.

Parameters

-AccountEnabled

Indicates whether the account is enabled.

Type:System.Boolean
Position:Named
Default value:None
Required:False
Accept pipeline input:False
Accept wildcard characters:False

-AlternativeSecurityIds

Specifies alternative security IDs.

Type:System.Collections.Generic.List`1[Microsoft.Open.AzureAD.Model.AlternativeSecurityId]
Position:Named
Default value:None
Required:False
Accept pipeline input:False
Accept wildcard characters:False

-ApproximateLastLogonTimeStamp

The timestamp type represents date and time information using ISO 8601 format and is always in UTC time. For example, midnight UTC on Jan 1, 2014 is 2014-01-01T00:00:00Z. Read-only. Supports $filter (eq, ne, not, ge, le, and eq on null values) and $orderby.

Type:System.DateTime
Position:Named
Default value:None
Required:False
Accept pipeline input:False
Accept wildcard characters:False

-DeviceId

Specifies the device ID.

Type:System.String
Position:Named
Default value:None
Required:False
Accept pipeline input:False
Accept wildcard characters:False

-DeviceMetadata

The device metadata for this device.

Type:System.String
Position:Named
Default value:None
Required:False
Accept pipeline input:False
Accept wildcard characters:False

-DeviceObjectId

Specifies the object ID of a device in Microsoft Entra ID.

Type:System.String
Aliases:ObjectId
Position:Named
Default value:None
Required:True
Accept pipeline input:True
Accept wildcard characters:False

-DeviceObjectVersion

Specifies the object version of the device.

Type:System.Int32
Position:Named
Default value:None
Required:False
Accept pipeline input:False
Accept wildcard characters:False

-DeviceOSType

Specifies the operating system.

Type:System.String
Position:Named
Default value:None
Required:False
Accept pipeline input:False
Accept wildcard characters:False

-DeviceOSVersion

Specifies the operating system version.

Type:System.String
Position:Named
Default value:None
Required:False
Accept pipeline input:False
Accept wildcard characters:False

-DevicePhysicalIds

Specifies the physical ID.

Type:System.Collections.Generic.List`1[System.String]
Position:Named
Default value:None
Required:False
Accept pipeline input:False
Accept wildcard characters:False

-DeviceTrustType

Specifies the device trust type.

Type:System.String
Position:Named
Default value:None
Required:False
Accept pipeline input:False
Accept wildcard characters:False

-DisplayName

Specifies the display name.

Type:System.String
Position:Named
Default value:None
Required:False
Accept pipeline input:False
Accept wildcard characters:False

-IsCompliant

Indicates whether the device is compliant.

Type:System.Boolean
Position:Named
Default value:None
Required:False
Accept pipeline input:False
Accept wildcard characters:False

-IsManaged

Indicates whether the device is managed.

Type:System.Boolean
Position:Named
Default value:None
Required:False
Accept pipeline input:False
Accept wildcard characters:False

-ProfileType

Specifies the profile type of the device. Possible values: RegisteredDevice (default), SecureVM, Printer, Shared, IoT.

Type:System.String
Position:Named
Default value:None
Required:False
Accept pipeline input:False
Accept wildcard characters:False

-SystemLabels

Specifies list of labels applied to the device by the system.

Type:System.Collections.Generic.List`1[System.String]
Position:Named
Default value:None
Required:False
Accept pipeline input:False
Accept wildcard characters:False