0.20.0 release - Enrich examples to boost example quality KPI - Batch 3 [devices]

module/docs/entra-powershell-beta/Microsoft.Graph.Entra.Beta/Add-EntraBetaDeviceRegisteredOwner.md

@@ -36,19 +36,20 @@ Add-EntraBetaDeviceRegisteredOwner
 
 The `Add-EntraBetaDeviceRegisteredOwner` cmdlet adds a registered owner for a Microsoft Entra ID device.
 
+In delegated scenarios involving work or school accounts, the signed-in user must have a supported Microsoft Entra role or a custom role with the required permissions. The following least privileged roles are supported for this operation:
+
+- Intune Administrator  
+- Windows 365 Administrator
+
 ## Examples
 
 ### Example 1: Add a user as a registered owner
 
 ```powershell
 Connect-Entra -Scopes 'Device.ReadWrite.All'
-$User = Get-EntraBetaUser -UserId '[email protected]'
-$Device = Get-EntraBetaDevice -SearchString '<device-display-name>'
-$params = @{
-    DeviceId = $Device.ObjectId 
-    RefObjectId = $User.ObjectId
-}
-Add-EntraBetaDeviceRegisteredOwner  @params
+$user = Get-EntraBetaUser -UserId '[email protected]'
+$device = Get-EntraBetaDevice -SearchString '<device-display-name>'
+Add-EntraBetaDeviceRegisteredOwner -DeviceId $device.ObjectId -RefObjectId $user.Id
 ```
 
 This example shows how to add a registered owner to a device.

module/docs/entra-powershell-beta/Microsoft.Graph.Entra.Beta/Add-EntraBetaDeviceRegisteredUser.md

@@ -36,19 +36,20 @@ Add-EntraBetaDeviceRegisteredUser
 
 The `Add-EntraBetaDeviceRegisteredUser` cmdlet adds a registered user for a Microsoft Entra ID device.
 
+In delegated scenarios involving work or school accounts, the signed-in user must have a supported Microsoft Entra role or a custom role with the required permissions. The following least privileged roles are supported for this operation:
+
+- Intune Administrator  
+- Windows 365 Administrator
+
 ## Examples
 
 ### Example 1: Add a user as a registered user
 
 ```powershell
 Connect-Entra -Scopes 'Device.ReadWrite.All'
-$User = Get-EntraBetaUser -UserId '[email protected]'
-$Device = Get-EntraBetaDevice -SearchString '<device-display-name>'
-$params = @{
-    DeviceId = $Device.ObjectId 
-    RefObjectId = $User.ObjectId
-}
-Add-EntraBetaDeviceRegisteredUser @params
+$user = Get-EntraBetaUser -UserId '[email protected]'
+$device = Get-EntraBetaDevice -SearchString '<device-display-name>'
+Add-EntraBetaDeviceRegisteredUser -DeviceId $device.ObjectId -RefObjectId $user.Id
 ```
 
 This example shows how to add a registered user to a device.

module/docs/entra-powershell-beta/Microsoft.Graph.Entra.Beta/Get-EntraBetaDevice.md

@@ -60,13 +60,22 @@ Get-EntraBetaDevice
 
 The `Get-EntraBetaDevice` cmdlet gets a device from Microsoft Entra ID. Specify the `DeviceId` parameter to get a specific device.
 
+In delegated scenarios with work or school accounts, the signed-in user must have a supported Microsoft Entra role or a custom role with the required permissions. The following least privileged roles are supported:
+
+- Cloud Device Administrator  
+- Intune Administrator  
+- Windows 365 Administrator  
+- Compliance Administrator  
+- Device Managers
+
 ## Examples
 
 ### Example 1: Get a device by ID
 
 ```powershell
 Connect-Entra -Scopes 'Device.Read.All'
-Get-EntraBetaDevice -DeviceId 'bbbbbbbb-1111-1111-1111-cccccccccccc'
+$device = Get-EntraBetaDevice -SearchString '<device-display-name>'
+Get-EntraBetaDevice -DeviceId $device.ObjectId
 ```
 
 ```Output

module/docs/entra-powershell-beta/Microsoft.Graph.Entra.Beta/Get-EntraBetaDeviceRegisteredOwner.md

@@ -38,14 +38,21 @@ Get-EntraBetaDeviceRegisteredOwner
 
 The `Get-EntraBetaDeviceRegisteredOwner` cmdlet gets the registered owner of a device in Microsoft Entra ID. Specify `DeviceId` parameter gets the registered owner of a device.
 
+In delegated scenarios with work or school accounts, the signed-in user must have a supported Microsoft Entra role or a custom role with the necessary permissions. The following least privileged roles are supported:
+
+- Directory Readers  
+- Global Reader  
+- Intune Administrator  
+- Windows 365 Administrator
+
 ## Examples
 
 ### Example 1: Retrieve the registered owner of a device
 
 ```powershell
 Connect-Entra -Scopes 'Device.Read.All'
-$DevId = (Get-EntraDevice -Top 1).ObjectId
-Get-EntraBetaDeviceRegisteredOwner -DeviceId $DevId
+$device = Get-EntraBetaDevice -SearchString '<device-display-name>'
+Get-EntraBetaDeviceRegisteredOwner -DeviceId $device.ObjectId
 ```
 
 ```Output
@@ -58,29 +65,12 @@ This example shows how to find the registered owner of a device..
 
 - `-DeviceId` parameter specifies the device's ID
 
-### Example 2: Retrieve the registered owner of a device
-
-```powershell
-Connect-Entra -Scopes 'Device.Read.All'
-Get-EntraBetaDeviceRegisteredOwner -DeviceId bbbbbbbb-1111-2222-3333-cccccccccccc
-```
-
-```Output
-ObjectId                             DisplayName     UserPrincipalName     UserType
---------                             -----------    -----------------      --------
-aaaaaaaa-0000-1111-2222-bbbbbbbbbbbb Maria Sullivan  [email protected]       Member
-cccccccc-2222-3333-4444-dddddddddddd Parker McLean   [email protected]      Member
-```
-
-This command gets the registered owner of a device.
-
-- `-DeviceId` parameter specifies the device's ID
-
-### Example 3: Retrieve all the registered owners of a device
+### Example 2: Retrieve all the registered owners of a device
 
 ```powershell
 Connect-Entra -Scopes 'Device.Read.All'
-Get-EntraBetaDeviceRegisteredOwner -DeviceId bbbbbbbb-1111-2222-3333-cccccccccccc -All 
+$device = Get-EntraBetaDevice -SearchString '<device-display-name>'
+Get-EntraBetaDeviceRegisteredOwner -DeviceId $device.ObjectId -All 
 ```
 
 ```Output
@@ -94,11 +84,12 @@ This command retrieves all the registered owners of a device.
 
 - `-DeviceId` parameter specifies the device's ID.
 
-### Example 4: Retrieve top one registered owner of a device
+### Example 3: Retrieve top one registered owner of a device
 
 ```powershell
 Connect-Entra -Scopes 'Device.Read.All'
-Get-EntraBetaDeviceRegisteredOwner -DeviceId bbbbbbbb-1111-2222-3333-cccccccccccc -Top 1
+$device = Get-EntraBetaDevice -SearchString '<device-display-name>'
+Get-EntraBetaDeviceRegisteredOwner -DeviceId $device.ObjectId -Top 1
 ```
 
 ```Output

module/docs/entra-powershell-beta/Microsoft.Graph.Entra.Beta/Get-EntraBetaDeviceRegisteredUser.md

@@ -38,14 +38,21 @@ Get-EntraBetaDeviceRegisteredUser
 
 The `Get-EntraBetaDeviceRegisteredUser` cmdlet gets a registered user for a Microsoft Entra ID device. Specify `DeviceId` parameter to get a registered user for a Microsoft Entra ID device.
 
+In delegated scenarios with work or school accounts, the signed-in user must have a supported Microsoft Entra role or a custom role with the necessary permissions. The following least privileged roles are supported:
+
+- Directory Readers  
+- Global Reader  
+- Intune Administrator  
+- Windows 365 Administrator
+
 ## Examples
 
 ### Example 1: Retrieve the registered user of a device
 
 ```powershell
 Connect-Entra -Scopes 'Device.Read.All'
-$DevId = (Get-EntraDevice -Top 1).ObjectId
-Get-EntraBetaDeviceRegisteredUser -DeviceId $DevId
+$device = Get-EntraBetaDevice -SearchString '<device-display-name>'
+Get-EntraBetaDeviceRegisteredUser -DeviceId $device.ObjectId
 ```
 
 ```Output
@@ -63,7 +70,8 @@ This example demonstrates how to retrieve registered user for a specific Microso
 
 ```powershell
 Connect-Entra -Scopes 'Device.Read.All'
-Get-EntraBetaDeviceRegisteredUser -DeviceId 'aaaaaaaa-0000-1111-2222-bbbbbbbbbbbb' -All 
+$device = Get-EntraBetaDevice -SearchString '<device-display-name>'
+Get-EntraBetaDeviceRegisteredUser -DeviceId $device.ObjectId -All 
 ```
 
 ```Output
@@ -83,7 +91,8 @@ This example demonstrates how to retrieve all registered users for a specified d
 
 ```powershell
 Connect-Entra -Scopes 'Device.Read.All'
-Get-EntraBetaDeviceRegisteredUser -DeviceId 'aaaaaaaa-0000-1111-2222-bbbbbbbbbbbb' -Top 2
+$device = Get-EntraBetaDevice -SearchString '<device-display-name>'
+Get-EntraBetaDeviceRegisteredUser -DeviceId $device.ObjectId -Top 2
 ```
 
 ```Output

module/docs/entra-powershell-beta/Microsoft.Graph.Entra.Beta/New-EntraBetaDevice.md

@@ -49,19 +49,24 @@ New-EntraBetaDevice
 
 The `New-EntraBetaDevice` cmdlet creates a device in Microsoft Entra ID.
 
-The calling user must be in one of the following Microsoft Entra roles: Intune Administrator or Windows 365 Administrator.
+In delegated scenarios involving work or school accounts, the signed-in user must have a supported Microsoft Entra role or a custom role with the required permissions. The following least privileged roles are supported for this operation:
+
+- Intune Administrator  
+- Windows 365 Administrator
 
 ## Examples
 
 ### Example 1: Create a device
 
 ```powershell
 Connect-Entra -Scopes 'Directory.AccessAsUser.All','Device.ReadWrite.All'
-
+$newId= New-Object Microsoft.Open.AzureAD.Model.AlternativeSecurityId
+$newId.Key =[System.Text.Encoding]::UTF8.GetBytes('test')
+$newId.type = 2
 $params = @{
     AccountEnabled = $true
     DisplayName = 'My new device'
-    AlternativeSecurityIds = $altsecid
+    AlternativeSecurityIds = $newId
     DeviceId = $guid
     DeviceOSType = 'OS/2'
     DeviceOSVersion = '9.3'
@@ -98,7 +103,7 @@ Accept wildcard characters: False
 
 ### -AlternativeSecurityIds
 
-Specifies alternative security IDs.
+Specifies alternative security IDs. See more details on [security IDs](https://learn.microsoft.com/graph/api/resources/alternativesecurityid).
 
 ```yaml
 Type: System.Collections.Generic.List`1[Microsoft.Open.AzureAD.Model.AlternativeSecurityId]

module/docs/entra-powershell-beta/Microsoft.Graph.Entra.Beta/Remove-EntraBetaDevice.md

@@ -35,16 +35,20 @@ Remove-EntraBetaDevice
 
 The `Remove-EntraBetaDevice` cmdlet removes a device from Microsoft Entra ID.
 
-The calling user must be in one of the following Microsoft Entra roles: Intune Administrator, Windows 365 Administrator, or Cloud Device Administrator.
+In delegated scenarios with work or school accounts, the signed-in user must have a supported Microsoft Entra role or a custom role with the required permissions. The following least privileged roles are supported:
+
+- Intune Administrator  
+- Windows 365 Administrator  
+- Cloud Device Administrator
 
 ## Examples
 
 ### Example 1: Remove a device
 
 ```powershell
 Connect-Entra -Scopes 'Directory.AccessAsUser.All','Device.ReadWrite.All'
-$Device = Get-EntraBetaDevice -Filter "DisplayName eq 'Woodgrove Desktop'"
-Remove-EntraBetaDevice -DeviceId $Device.ObjectId
+$device = Get-EntraBetaDevice -Filter "DisplayName eq 'Woodgrove Desktop'"
+Remove-EntraBetaDevice -DeviceId $device.ObjectId
 ```
 
 This command removes the specified device.

module/docs/entra-powershell-beta/Microsoft.Graph.Entra.Beta/Remove-EntraBetaDeviceRegisteredOwner.md

@@ -36,15 +36,20 @@ Remove-EntraBetaDeviceRegisteredOwner
 
 The `Remove-EntraBetaDeviceRegisteredOwner` cmdlet removes the registered owner of a device in Microsoft Entra ID.
 
+In delegated scenarios involving work or school accounts, the signed-in user must have a supported Microsoft Entra role or a custom role with the required permissions. The following least privileged roles are supported for this operation:
+
+- Intune Administrator  
+- Windows 365 Administrator
+
 ## Examples
 
 ### Example 1: Remove an owner from a device
 
 ```powershell
 Connect-Entra -Scopes 'Directory.AccessAsUser.All'
-$Device = Get-EntraBetaDevice -Top 1
-$Owner = Get-EntraBetaDeviceRegisteredOwner -ObjectId $Device.ObjectId
-Remove-EntraBetaDeviceRegisteredOwner -DeviceId $Device.ObjectId -OwnerId $Owner.ObjectId
+$device = Get-EntraBetaDevice -Filter "DisplayName eq 'Woodgrove Desktop'"
+$owner = Get-EntraBetaDeviceRegisteredOwner -ObjectId $device.ObjectId
+Remove-EntraBetaDeviceRegisteredOwner -DeviceId $device.ObjectId -OwnerId $owner.Id
 ```
 
 This examples shows how to remove the owner of a device.

module/docs/entra-powershell-beta/Microsoft.Graph.Entra.Beta/Remove-EntraBetaDeviceRegisteredUser.md

@@ -36,15 +36,20 @@ Remove-EntraBetaDeviceRegisteredUser
 
 The `Remove-EntraBetaDeviceRegisteredUser` cmdlet removes a registered user from a Microsoft Entra ID device.
 
+In delegated scenarios involving work or school accounts, the signed-in user must have a supported Microsoft Entra role or a custom role with the required permissions. The following least privileged roles are supported for this operation:
+
+- Intune Administrator  
+- Windows 365 Administrator
+
 ## Examples
 
 ### Example 1: Remove a registered user from a device
 
 ```Powershell
 Connect-Entra -Scopes 'Directory.AccessAsUser.All'
-$Device = Get-EntraBetaDevice -Top 1
-$User = Get-EntraBetaDeviceRegisteredUser -DeviceId $Device.ObjectId
-Remove-EntraBetaDeviceRegisteredUser -DeviceId $Device.ObjectId -UserId $User.ObjectId
+$device = Get-EntraBetaDevice -Filter "DisplayName eq 'Woodgrove Desktop'"
+$user = Get-EntraBetaDeviceRegisteredUser -DeviceId $device.ObjectId
+Remove-EntraBetaDeviceRegisteredUser -DeviceId $device.ObjectId -UserId $user.Id
 ```
 
 This example shows how to remove the registered user from device.

module/docs/entra-powershell-beta/Microsoft.Graph.Entra.Beta/Set-EntraBetaDevice.md

@@ -49,15 +49,20 @@ Set-EntraBetaDevice
 
 The `Set-EntraBetaDevice` cmdlet updates a device in Microsoft Entra ID.
 
-The calling user must have at least the Intune Administrator role in Microsoft Entra. A user with the Cloud Device Administrator role can only enable or disable devices, while a user with the Windows 365 Administrator role can only update basic device properties.
+The calling user must have at least:
+
+- Intune Administrator role
+- Cloud Device Administrator role can only enable or disable devices
+- Windows 365 Administrator role can only update basic device properties.
 
 ## Examples
 
 ### Example 1: Update a device display name
 
 ```powershell
 Connect-Entra -Scopes 'Directory.AccessAsUser.All','Device.ReadWrite.All'
-Set-EntraBetaDevice -DeviceObjectId 'aaaaaaaa-0000-1111-2222-bbbbbbbbbbbb' -DisplayName 'My OS/2 computer'
+$device = Get-EntraBetaDevice -Filter "DisplayName eq 'Woodgrove Desktop'"
+Set-EntraBetaDevice -DeviceObjectId $device.ObjectId -DisplayName 'My OS/2 computer'
 ```
 
 This example shows how to update a display name of a specified.
@@ -69,7 +74,8 @@ Connect-Entra -Scopes 'Directory.AccessAsUser.All','Device.ReadWrite.All'
 $NewId= New-Object Microsoft.Open.AzureAD.Model.AlternativeSecurityId
 $NewId.Key =[System.Text.Encoding]::UTF8.GetBytes('test')
 $NewId.type = 2
-Set-EntraBetaDevice -DeviceObjectId 'aaaaaaaa-0000-1111-2222-bbbbbbbbbbbb' -AlternativeSecurityIds $NewId
+$device = Get-EntraBetaDevice -Filter "DisplayName eq 'Woodgrove Desktop'"
+Set-EntraBetaDevice -DeviceObjectId $device.ObjectId -AlternativeSecurityIds $NewId
 ```
 
 This example shows how to update an alternative security ID of a specified device.
@@ -78,7 +84,8 @@ This example shows how to update an alternative security ID of a specified devic
 
 ```powershell
 Connect-Entra -Scopes 'Directory.AccessAsUser.All','Device.ReadWrite.All'
-Set-EntraBetaDevice -DeviceObjectId 'aaaaaaaa-0000-1111-2222-bbbbbbbbbbbb' -AccountEnabled $true
+$device = Get-EntraBetaDevice -Filter "DisplayName eq 'Woodgrove Desktop'"
+Set-EntraBetaDevice -DeviceObjectId $device.ObjectId -AccountEnabled $true
 ```
 
 This example shows how to update an account enabled of a specified device.
@@ -87,7 +94,8 @@ This example shows how to update an account enabled of a specified device.
 
 ```powershell
 Connect-Entra -Scopes 'Directory.AccessAsUser.All','Device.ReadWrite.All'
-Set-EntraBetaDevice -DeviceObjectId 'aaaaaaaa-0000-1111-2222-bbbbbbbbbbbb' -DeviceOSType Windows
+$device = Get-EntraBetaDevice -Filter "DisplayName eq 'Woodgrove Desktop'"
+Set-EntraBetaDevice -DeviceObjectId $device.ObjectId -DeviceOSType Windows
 ```
 
 This example shows how to update an OS type of a specified device.
@@ -96,9 +104,9 @@ This example shows how to update an OS type of a specified device.
 
 ```powershell
 Connect-Entra -Scopes 'Directory.AccessAsUser.All','Device.ReadWrite.All'
-
+$device = Get-EntraBetaDevice -Filter "DisplayName eq 'Woodgrove Desktop'"
 $params = @{
-    DeviceObjectId = 'aaaaaaaa-0000-1111-2222-bbbbbbbbbbbb'
+    DeviceObjectId = $device.ObjectId
     DeviceMetadata = 'Testdevice'
     DeviceObjectVersion = 4
     DevicePhysicalIds = '[GID]:g:1234567890123456'

module/docs/entra-powershell-v1.0/Microsoft.Graph.Entra/Add-EntraDeviceRegisteredOwner.md

@@ -35,19 +35,20 @@ Add-EntraDeviceRegisteredOwner
 
 The `Add-EntraDeviceRegisteredOwner` cmdlet adds a registered owner for a Microsoft Entra ID device.
 
+In delegated scenarios involving work or school accounts, the signed-in user must have a supported Microsoft Entra role or a custom role with the required permissions. The following least privileged roles are supported for this operation:
+
+- Intune Administrator  
+- Windows 365 Administrator
+
 ## Examples
 
 ### Example 1: Add a user as a registered user
 
 ```powershell
 Connect-Entra -Scopes 'Device.ReadWrite.All'
-$User = Get-EntraUser -UserId '[email protected]'
-$Device = Get-EntraDevice -SearchString '<device-display-name>'
-$params = @{
-    DeviceId = $Device.ObjectId 
-    RefObjectId = $User.ObjectId
-}
-Add-EntraDeviceRegisteredOwner @params
+$user = Get-EntraUser -UserId '[email protected]'
+$device = Get-EntraDevice -SearchString '<device-display-name>'
+Add-EntraDeviceRegisteredOwner -DeviceId $device.ObjectId -RefObjectId $user.Id
 ```
 
 This example shows how to add a registered user to a device.