Admins need clear visibility into available device management actions, required permissions, and device updates for effective governance. As device states and ownership change often, having simple, reliable ways to review and update devices in Microsoft Entra ID is essential.
Connect-MgGraph -Scopes "Device.ReadWrite.All"
Get-MgDevice
Update-MgDevice -DeviceId <DeviceId> -DisplayName "NewDeviceName"
Example query:
Connect-MgGraph -Scopes "Device.ReadWrite.All"
Update-MgDevice -DeviceId "d3a4b5c6-7890-4d12-9f34-56a7b8c9d012" `
-DisplayName "Updated-Device-Name"
Example output:
Id: d3a4b5c6-7890-4d12-9f34-56a7b8c9d012
DisplayName: Updated-Device-Name
DeviceId: d3a4b5c6-7890-4d12-9f34-56a7b8c9d012
AccountEnabled: True
ApproximateLastSignInDateTime: 10/17/2025 09:25:42
DeviceTrustType: AzureADJoined
DeviceOwnership: Company
The syntax is as follows:
=Update-MgDevice
-DeviceId <string>
[-ResponseHeadersVariable <string>]
[-AccountEnabled]
[-AdditionalProperties <hashtable>]
[-AlternativeSecurityIds <IMicrosoftGraphAlternativeSecurityId[]>]
[-ApproximateLastSignInDateTime <datetime>]
[-ComplianceExpirationDateTime <datetime>]
[-DeletedDateTime <datetime>]
[-DeviceCategory <string>]
[-DeviceId1 <string>]
[-DeviceMetadata <string>]
[-DeviceOwnership <string>]
[-DeviceVersion ]
[-DisplayName <string>]
[-EnrollmentProfileName <string>]
[-EnrollmentType <string>]
[-Extensions <IMicrosoftGraphExtension[]>]
[-Id <string>]
[-IsCompliant]
[-IsManaged]
[-IsManagementRestricted]
[-IsRooted]
[-ManagementType <string>]
[-Manufacturer <string>]
[-MdmAppId <string>]
[-MemberOf <IMicrosoftGraphDirectoryObject[]>]
[-Model <string>]
[-OnPremisesLastSyncDateTime <datetime>]
[-OnPremisesSecurityIdentifier <string>]
[-OnPremisesSyncEnabled]
[-OperatingSystem <string>]
[-OperatingSystemVersion <string>]
[-PhysicalIds <string[]>]
[-ProfileType <string>]
[-RegisteredOwners <IMicrosoftGraphDirectoryObject[]>]
[-RegisteredUsers <IMicrosoftGraphDirectoryObject[]>]
[-RegistrationDateTime <datetime>]
[-SystemLabels <string[]>]
[-TransitiveMemberOf <IMicrosoftGraphDirectoryObject[]>]
[-TrustType <string>]
[-Break]
[-Headers <IDictionary>]
[-HttpPipelineAppend <SendAsyncStep[]>]
[-HttpPipelinePrepend <SendAsyncStep[]>]
[-Proxy <uri>]
[-ProxyCredential <pscredential>]
[-ProxyUseDefaultCredentials]
[-WhatIf]
[-Confirm]
[<CommonParameters>]
Example query:
Connect-MgGraph -Scopes "Device.ReadWrite.All"
Update-MgDevice -DeviceId "d3a4b5c6-7890-4d12-9f34-56a7b8c9d012" `
-DisplayName "Sales-Laptop-01"
Example output:
Id: d3a4b5c6-7890-4d12-9f34-56a7b8c9d012
DisplayName: Sales-Laptop-01
AccountEnabled: True
DeviceId: d3a4b5c6-7890-4d12-9f34-56a7b8c9d012
ApproximateLastSignInDateTime: 10/22/2025 09:45:21
DeviceTrustType: AzureADJoined
DeviceOwnership: Company
The device Sales-Laptop-01 is identified by the unique Id d3a4b5c6-7890-4d12-9f34-56a7b8c9d012. It remains active (AccountEnabled: True) and is joined to Azure AD under DeviceTrustType: AzureADJoined. The ownership is set to Company, indicating it's a managed corporate device. The record also shows the last sign-in activity, confirming that the update was applied successfully.
ADManager Plus helps Microsoft 365 admins with a clean, intuitive interface that makes everyday Microsoft 365 tasks simpler.
Generate reports on overall sign-in activity across Microsoft 365 to see how users interact with its applications, along with access to more than 200 other prebuilt reports. Spot suspicious logins, inactive usage, or unusual patterns that may point to risk.
Automatically provision user accounts with the right group memberships from day one. Event-driven automation ensures users gain or lose access to applications and groups immediately when their status changes, keeping access aligned with business rules.
Distribute everyday Microsoft 365 tasks with role-based access controls, ensuring responsibilities are shared without compromising security.
Monitor license usage and identify unused or underused licenses, reclaim them, and optimize costs across your tenant.
Run scheduled access reviews of groups that govern application access. Identify stale memberships and remove unnecessary privileges to minimize exposure and strengthen least-privilege policies.
Routinely check compliance states through Intune or other device management tools connected to Microsoft Entra ID. Ensure each device meets baseline security requirements—such as encryption, OS version, and conditional access compliance policies—before allowing access to corporate resources.
Review and update device metadata like display names, ownership (personal vs corporate), and primary users. Correct and up-to-date information helps improve reporting accuracy, access review efficiency, and security visibility.
Identify devices that haven't checked in for a defined period and validate whether they are still in use. Deleting inactive or duplicate entries reduces clutter, minimizes attack surface, and ensures only valid devices retain access to organizational assets.
You can update the device owner in Microsoft Entra ID using both PowerShell and Entra admin center.
Using PowerShell
The Update-MgDevice cmdlet allows you to modify device properties, including registered owners, through the Microsoft Graph API. You can replace or add new owners directly via the RegisteredOwners attribute. This approach updates the ownership metadata directly in Microsoft Entra ID.
You can repeat this command in a loop or script to handle bulk device owner updates from a CSV file.
Connect-MgGraph -Scopes "Device.ReadWrite.All","Directory.ReadWrite.All"
$device = Get-MgDevice -Filter "displayName eq 'YourDeviceName'"
$newOwner = @{
'@odata.id' = "https://graph.microsoft.com/v1.0/directoryObjects/<NewOwnerObjectId>"
}
Update-MgDevice -DeviceId $device.Id -RegisteredOwners @($newOwner)
Using Entra admin center
For devices enrolled in Intune, primary user or ownership is often managed via Microsoft Endpoint Manager Admin Center, which syncs back to Microsoft Entra ID
Device OS and version information in Microsoft Entra ID is generally updated by the device management system, such as Microsoft Intune. To update a device's OS version, initiate a system update on the device via Windows Update or centralized management tools. Manually editing the OS attribute in Microsoft Entra ID is possible via Microsoft Graph PowerShell (Update-MgDevice) but typically synchronization occurs through Intune or MDE.