IntuneCorporateDeviceIdentifier¶
Parameters¶
| Parameter | Attribute | DataType | Description | Allowed Values |
|---|---|---|---|---|
| IsSingleInstance | Key | String | Only valid value is 'Yes'. | Yes |
| Devices | Write | MSFT_IntuneDeviceIdentifier[] | Array of corporate device identifiers. | |
| Ensure | Write | String | Present ensures the identifiers exist, absent ensures all are removed. | Present, Absent |
| Credential | Write | PSCredential | Credentials of the Intune Admin | |
| ApplicationId | Write | String | Id of the Azure Active Directory application to authenticate with. | |
| TenantId | Write | String | Id of the Azure Active Directory tenant used for authentication. | |
| ApplicationSecret | Write | PSCredential | Secret of the Azure Active Directory tenant used for authentication. | |
| CertificateThumbprint | Write | String | Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication. | |
| ManagedIdentity | Write | Boolean | Managed ID being used for authentication. | |
| AccessTokens | Write | StringArray[] | Access token used for authentication. |
MSFT_IntuneDeviceIdentifier¶
Parameters¶
| Parameter | Attribute | DataType | Description | Allowed Values |
|---|---|---|---|---|
| Id | Write | String | Unique identifier for the imported device identity. | |
| importedDeviceIdentifier | Key | String | Imported Device Identifier | |
| importedDeviceIdentityType | Write | String | Type of Imported Device Identity. Possible values are: unknown, imei, serialNumber, manufacturerModelSerial. | unknown, imei, serialNumber, manufacturerModelSerial |
| description | Write | String | Description for the device identity. | |
| platform | Write | String | Platform of the device (e.g., Windows, Android, iOS). |
Description¶
This resource manages Intune corporate device identifiers used to pre-register devices as corporate-owned. Identifiers can include serial numbers, IMEI numbers, or manufacturer/model/serial combinations.
Important: This resource enforces the desired state by: - Adding identifiers that are in the configuration but not in Intune - Removing identifiers that are in Intune but NOT in the configuration
This ensures the Intune corporate identifiers exactly match your configuration as the single source of truth.
Graph API Endpoints¶
- GET/POST:
/beta/deviceManagement/importedDeviceIdentities - DELETE:
/beta/deviceManagement/importedDeviceIdentities/{id}
Cloud Support¶
This resource is cloud-agnostic and works with: - Microsoft 365 Global (Commercial) - Microsoft 365 GCC - Microsoft 365 GCC High - Microsoft 365 DoD
The resource automatically uses the correct Graph API endpoint based on your cloud environment.
Permissions¶
Microsoft Graph¶
To authenticate with the Microsoft Graph API, this resource requires the following permissions:
Delegated permissions¶
-
Read
- DeviceManagementServiceConfig.Read.All, DeviceManagementManagedDevices.Read.All
-
Update
- DeviceManagementServiceConfig.ReadWrite.All, DeviceManagementManagedDevices.ReadWrite.All
Application permissions¶
-
Read
- DeviceManagementServiceConfig.Read.All, DeviceManagementManagedDevices.Read.All
-
Update
- DeviceManagementServiceConfig.ReadWrite.All, DeviceManagementManagedDevices.ReadWrite.All
Examples¶
Example 1¶
This example creates corporate device identifiers in Intune.
Configuration Example
{
param(
[Parameter()]
[System.String]
$ApplicationId,
[Parameter()]
[System.String]
$TenantId,
[Parameter()]
[System.String]
$CertificateThumbprint
)
Import-DscResource -ModuleName Microsoft365DSC
node localhost
{
IntuneCorporateDeviceIdentifier 'CorporateDevices'
{
IsSingleInstance = 'Yes'
Devices = @(
MSFT_IntuneDeviceIdentifier {
importedDeviceIdentifier = 'ABC123456'
importedDeviceIdentityType = 'serialNumber'
description = 'Corporate laptop'
platform = 'windows'
}
MSFT_IntuneDeviceIdentifier {
importedDeviceIdentifier = '353456789012345'
importedDeviceIdentityType = 'imei'
description = 'Corporate phone'
platform = 'android'
}
)
Ensure = 'Present'
ApplicationId = $ApplicationId
TenantId = $TenantId
CertificateThumbprint = $CertificateThumbprint
}
}
}
Example 2¶
This example updates corporate device identifiers by adding an additional device.
Configuration Example
{
param(
[Parameter()]
[System.String]
$ApplicationId,
[Parameter()]
[System.String]
$TenantId,
[Parameter()]
[System.String]
$CertificateThumbprint
)
Import-DscResource -ModuleName Microsoft365DSC
node localhost
{
IntuneCorporateDeviceIdentifier 'CorporateDevices'
{
IsSingleInstance = 'Yes'
Devices = @(
MSFT_IntuneDeviceIdentifier {
importedDeviceIdentifier = 'ABC123456'
importedDeviceIdentityType = 'serialNumber'
description = 'Corporate laptop'
platform = 'windows'
}
MSFT_IntuneDeviceIdentifier {
importedDeviceIdentifier = '353456789012345'
importedDeviceIdentityType = 'imei'
description = 'Corporate phone'
platform = 'android'
}
MSFT_IntuneDeviceIdentifier {
importedDeviceIdentifier = 'XYZ987654'
importedDeviceIdentityType = 'serialNumber'
description = 'Executive laptop'
platform = 'macos'
}
)
Ensure = 'Present'
ApplicationId = $ApplicationId
TenantId = $TenantId
CertificateThumbprint = $CertificateThumbprint
}
}
}
Example 3¶
This example removes all corporate device identifiers from Intune.
Configuration Example
{
param(
[Parameter()]
[System.String]
$ApplicationId,
[Parameter()]
[System.String]
$TenantId,
[Parameter()]
[System.String]
$CertificateThumbprint
)
Import-DscResource -ModuleName Microsoft365DSC
node localhost
{
IntuneCorporateDeviceIdentifier 'CorporateDevices'
{
IsSingleInstance = 'Yes'
Ensure = 'Absent'
ApplicationId = $ApplicationId
TenantId = $TenantId
CertificateThumbprint = $CertificateThumbprint
}
}
}