Public/TenantConfiguration/Baseline/Add-DeviceRegistrationPolicy.ps1
function Add-DeviceRegistrationPolicy { param( [Parameter(Mandatory)] [string]$TenantId ) try { Connect-CustomerGraph -CustomerTenantId $TenantId $DeviceRegistrationPolicy = @{ "multiFactorAuthConfiguration" = "notRequired" "userDeviceQuota" = 50 "azureADRegistration" = @{ "isAdminConfigurable"= $false "allowedToRegister" = @{ "@odata.type" = "#microsoft.graph.allDeviceRegistrationMembership" } } "azureADJoin" = @{ "isAdminConfigurable" = $true "allowedToJoin" = @{ "@odata.type" = "#microsoft.graph.allDeviceRegistrationMembership" } "localAdmins" = @{ "enableGlobalAdmins" = $true "registeringUsers" = @{ "@odata.type" = "#microsoft.graph.allDeviceRegistrationMembership" } } } "localAdminPassword" = @{ "isEnabled" = $true } } $DeviceRegistrationPolicy = Invoke-GraphRequest -Method PUT -Uri 'https://graph.microsoft.com/beta/policies/deviceRegistrationPolicy' -Body $DeviceRegistrationPolicy Write-Host "Updated device registration policy!" -ForegroundColor Green } catch { throw "Failed to update device registration policy: $_" } } |