I need to make a note of this somewhere.
Here’s an Intune enrolled device in Entra ID. It’s got a Device ID and an Object ID.
This Object ID is what Entra ID usually cares about. As in, if you are doing Graph for instance, you’d do:
Get-MgDevice -DeviceId '<Object ID>'
Confusingly, in the output of this is a property called DeviceId… which is the Device ID in the portal.
Argh!
So if you want to search Graph based on Device ID, don’t use the -DeviceId switch but do a search for it. Not confusing at all. :)
Now, Intune itself has a separate ID.
That’s what you use with Intune specific cmdlets such as Get-MgDeviceManagementManagedDevice. (I realize I keep talking about cmdlets, but what I am really talking about is the underlying Graph API to Entra ID and Intune. PowerShell cmdlets is just how I interact with the API).
When using Intune cmdlets, what they need as an Id (usually exposed via the -ManagedDeviceId switch) is the ID in the Intune portal. If you want to query the Entra Device ID (which is the Device ID in Entra portal too), you gotta use filters.
|
1 |
Get-MgDeviceManagementManagedDevice -Filter "AzureAdDeviceId eq 'xxx'" |
Device ID is thus the one that connects Entra and Intune. But it’s confusingly not what the
-DeviceId switch of Get-MgDevice (or Graph API) expects.