0

I have a delegate App with Directory.ReadWrite.All permissions and a PS script to auth users over the app. It works when I use GET but I'm getting Forbidden when try PATCH method Here's the part of that script:

$uri = "https://graph.microsoft.com/v1.0/devices/1111-2222-3333-4444-5555"

$method = "PATCH"

$body = '{

"extensionAttributes": {
    "extensionAttribute2": "text"
}
}'

Invoke-WebRequest -Method $method -Uri $uri -Body $body -ContentType "application/json" -Headers @{Authorization = "Bearer $token"} -UseBasicParsing -ErrorAction Stop

Another thing: when using device ObjectID to construct Uri I'm getting the 403 Forbidden but if I use a $filter over a DeviceID I get 405 Method not allowed. Does it mean it doesn't like a filter and have to stick with the ObjectID? Is there a way when I run the GET with $filter to save in a variable only ObjectID within JSON query?

Thanks

c4os
  • 29
  • 6

1 Answers1

0

sorted it, I needed Directory.AccessAsUser.All and used this to get the objectId variable:

$DsregCmdStatus = dsregcmd /status
if($DsregCmdStatus -match "DeviceId")
{
$DeviceId = $DsregCmdStatus -match "DeviceID"
$DeviceId = ($DeviceId.Split(":").trim())
$DeviceId = $DeviceId[1]
}

# Find Id 
$uri = "https://graph.microsoft.com/v1.0/devices?`$filter=deviceId eq '$DeviceId'"
$method = "GET"

# Run Graph API query 
$query = Invoke-WebRequest -Method $method -Uri $uri -ContentType "application/json" -Headers @{Authorization = "Bearer $token"} -UseBasicParsing -ErrorAction Stop
$output = ConvertFrom-Json $query.Content
$id = $output.value
$id = $id.id
Write-Host "Machine ID is $id"
c4os
  • 29
  • 6