Search code examples
c#microsoft-graph-apimicrosoft-graph-sdksintune

Why is C# app unable to enroll device into MS Intune via Microsoft graph API?


I´m trying to create a C# app which will enroll devices into Intune via Microsoft graph API, but after calling graphClient.DeviceManagement.WindowsAutopilotDeviceIdentities.PostAsync(newDevice), It keeps throwing this exception:

No OData route exists that match template ~/singleton/navigation with http verb POST for request /DeviceEnrollmentFE/StatelessDeviceEnrollmentFEService/deviceManagement/windowsAutopilotDeviceIdentities."} Microsoft.Graph.Models.ODataErrors.ODataError

First of all, It is possible to enroll devices into Intune when I use powershell script with same Tenant ID / App ID / App Secret, which I´m using in my C# app.

The problem shouldnt be also caused by unseficcient permissions of an app. In Azure AD, the app has these permissions, all of them with admin consent:

  • DeviceManagementManagedDevices.ReadWrite.All
  • DeviceManagementServiceConfig.ReadWrite.All
  • DeviceManagementApps.ReadWrite.All

List of all permissions

When I was investigating communication with MS server, my app correctly calls and receives Access token from the server. But there are no packet sent after calling the register method:

graphClient.DeviceManagement.WindowsAutopilotDeviceIdentities.PostAsync(newDevice);

and It just throws exception mentioned above.

Does anybody know how to make C# app communicate with MS Intune via Graph API?

Here is a simplified example of code which I´m using:

namespace IntuneTest
{
    public partial class MainWindow : Window
    {
        private GraphServiceClient graphClient;

        public MainWindow()
        {
            InitializeComponent();
            InitializeGraphClient();
        }

        // Initialize Graph Client with ClientSecretCredential for authentication
        private async void InitializeGraphClient()
        {
            var credential = new ClientSecretCredential(
                "TenantID",   // Replace with your Tenant ID
                "AppID",      // Replace with your App ID
                "ClientSecret" // Replace with your Client Secret
            );

            graphClient = new GraphServiceClient(credential, new[] { "https://graph.microsoft.com/.default" });

            var token = await credential.GetTokenAsync(new TokenRequestContext(new[] { "https://graph.microsoft.com/.default" }), CancellationToken.None);
            Debug.WriteLine($"Access Token: {token.Token}");
        }

        // Register a Windows Autopilot device
        private async Task RegisterDeviceAsync()
        {
            try
            {
                var newDevice = new WindowsAutopilotDeviceIdentity
                {
                    SerialNumber = "6WX8WT2",   // Required: Serial number
                    Manufacturer = "Dell Inc.", // Optional
                    Model = "Latitude 5590",    // Optional
                    EnrollmentState = EnrollmentState.Enrolled
                };

                await graphClient.DeviceManagement.WindowsAutopilotDeviceIdentities.PostAsync(newDevice);
                Debug.WriteLine("Device registered.");
                MessageBox.Show("Device registered successfully!", "Success");
            }
            catch (ServiceException ex)
            {
                Debug.WriteLine($"Error: {ex.Message}");
                MessageBox.Show($"Error registering device: {ex.Message}", "Error");
            }
        }

        // Triggered by button click to register the device
        private async void Button_Click(object sender, RoutedEventArgs e)
        {
            await RegisterDeviceAsync();
        }
    }
}

Thank you very much!


Solution

  • To clear things up a bit.

    The method you are using is not supposed to register devices in Intune. The method registers devices with Windows Autopilot service. Are you sure this is what you are trying to achieve?

    The method is probably failing because your call is missing parameters. According to this article, all 17 properties are required: Create windowsAutopilotDeviceIdentity

    Since Device ID is mentioned as one of required properties, the device must already be joined to Entra ID for this to work.