DeviceTemplate.Create
Allows the app to create device templates. The app is marked as owner of the created device template. As a member of owners, the app will be allowed to manage devices created from the template.
Permission Details
Create device template
Allows the app to create device templates. The app is marked as owner of the created device template. As a member of owners, the app will be allowed to manage devices created from the template.
abf6441f-0772-4932-96e7-0191478dd73a
Create device templates
Allows the app to create device templates on behalf of the signed in user. The user is marked as owners of the created device template. As a member of owners, the user will be allowed to manage devices created from the template.
0b1717ff-3e42-4a73-8c29-e6b2e1093960
Properties
Properties is shown from beta metadata because a stable v1.0 schema is not available for this resource mapping.
| Property | Type | Description |
|---|---|---|
deletedDateTime |
DateTimeOffsetNullable |
Date and time when this object was deleted. Always null when the object hasn't been deleted. Inherited from directoryObject. |
deviceAuthority |
StringNullable |
A tenant-defined name for the party that's responsible for provisioning and managing devices on the Microsoft Entra tenant. For example, Tailwind Traders (the manufacturer) makes security cameras that are installed in customer buildings and managed by Lakeshore Retail (the device authority). This value is provided to the customer by the device authority (manufacturer or reseller). |
id |
String |
The unique identifier for the object. Inherited from directoryObject. Read-only. Supports $filter (eq, in). |
manufacturer |
StringNullable |
Manufacturer name. |
model |
StringNullable |
Model name. |
mutualTlsOauthConfigurationId |
StringNullable |
Object ID of the mutualTlsOauthConfiguration. This value isn't required if self-signed certificates are used. This value is provided to the customer by the device authority (manufacturer or reseller). |
mutualTlsOauthConfigurationTenantId |
StringNullable |
ID (tenant ID for device authority) of the tenant that contains the mutualTlsOauthConfiguration. This value isn't required if self-signed certificates are used. This value is provided to the customer by the device authority (manufacturer or reseller). |
operatingSystem |
StringNullable |
Operating system type. Supports $filter (eq, in). |
deviceInstances |
device collection |
Collection of device objects created based on this template. |
owners |
directoryObject collection |
Collection of directory objects that can manage the device template and the related deviceInstances. Owners can be represented as service principals, users, or applications. An owner has full privileges over the device template and doesn't require other administrator roles to create, update, or delete devices from this template, as well as to add or remove template owners. There can be a maximum of 100 owners on a device template. Supports $expand. |
JSON Representation
JSON representation is shown from beta metadata because a stable v1.0 schema is not available for this resource mapping.
{
"@odata.type": "#microsoft.graph.deviceTemplate",
"deletedDateTime": "String (timestamp)",
"deviceAuthority": "String",
"id": "String (identifier)",
"manufacturer": "String",
"model": "String",
"mutualTlsOauthConfigurationId": "String",
"mutualTlsOauthConfigurationTenantId": "String",
"operatingSystem": "String"
}Relationships
Relationships is shown from beta metadata because a stable v1.0 schema is not available for this resource mapping.
| Relationship | Type | Description |
|---|---|---|
deviceInstances |
device collection |
Collection of device objects created based on this template. |
owners |
directoryObject collection |
Collection of directory objects that can manage the device template and the related deviceInstances. Owners can be represented as service principals, users, or applications. An owner has full privileges over the device template and doesn't require other administrator roles to create, update, or delete devices from this template, as well as to add or remove template owners. There can be a maximum of 100 owners on a device template. , , Supports $expand. |
Graph Methods
Microsoft Graph v1.0 endpoints are mapped directly from refreshed Microsoft Learn permissions tables.
No API methods available for this version.
Microsoft Graph beta endpoints are mapped directly from refreshed Microsoft Learn permissions tables.
| Methods |
|---|
POST
/directory/templates/deviceTemplates
|
Microsoft Graph PowerShell v1.0 commands are mapped directly from refreshed Microsoft Learn PowerShell snippets.
No deterministic PowerShell command map is available for this permission.
Browse PowerShell docsCode Examples
// Code snippets are only available for the latest version. Current version is 5.x
// Dependencies
using Microsoft.Graph.Beta.Models;
var requestBody = new DeviceTemplate
{
MutualTlsOauthConfigurationId = "00001111-aaaa-2222-bbbb-3333cccc4444",
MutualTlsOauthConfigurationTenantId = "00001111-aaaa-2222-bbbb-3333cccc4445",
DeviceAuthority = "Lakeshore Retail",
Manufacturer = "Tailwind Traders",
Model = "DeepFreezerModelAB",
OperatingSystem = "WindowsIoT",
};
// To initialize your graphClient, see https://learn.microsoft.com/en-us/graph/sdks/create-client?from=snippets&tabs=csharp
var result = await graphClient.Directory.Templates.DeviceTemplates.PostAsync(requestBody);const options = {
authProvider,
};
const client = Client.init(options);
const deviceTemplate = {
mutualTlsOauthConfigurationId: '00001111-aaaa-2222-bbbb-3333cccc4444',
mutualTlsOauthConfigurationTenantId: '00001111-aaaa-2222-bbbb-3333cccc4445',
deviceAuthority: 'Lakeshore Retail',
manufacturer: 'Tailwind Traders',
model: 'DeepFreezerModelAB',
operatingSystem: 'WindowsIoT'
};
await client.api('/directory/templates/deviceTemplates')
.version('beta')
.post(deviceTemplate);Import-Module Microsoft.Graph.Beta.Identity.DirectoryManagement
$params = @{
mutualTlsOauthConfigurationId = "00001111-aaaa-2222-bbbb-3333cccc4444"
mutualTlsOauthConfigurationTenantId = "00001111-aaaa-2222-bbbb-3333cccc4445"
deviceAuthority = "Lakeshore Retail"
manufacturer = "Tailwind Traders"
model = "DeepFreezerModelAB"
operatingSystem = "WindowsIoT"
}
New-MgBetaDirectoryTemplateDeviceTemplate -BodyParameter $params# Code snippets are only available for the latest version. Current version is 1.x
from msgraph_beta import GraphServiceClient
from msgraph_beta.generated.models.device_template import DeviceTemplate
# To initialize your graph_client, see https://learn.microsoft.com/en-us/graph/sdks/create-client?from=snippets&tabs=python
request_body = DeviceTemplate(
mutual_tls_oauth_configuration_id = "00001111-aaaa-2222-bbbb-3333cccc4444",
mutual_tls_oauth_configuration_tenant_id = "00001111-aaaa-2222-bbbb-3333cccc4445",
device_authority = "Lakeshore Retail",
manufacturer = "Tailwind Traders",
model = "DeepFreezerModelAB",
operating_system = "WindowsIoT",
)
result = await graph_client.directory.templates.device_templates.post(request_body)App Registration
Navigate to Azure Portal
Go to App registrations in Microsoft Entra admin center
Add API Permission
Select your app → API permissions → Add a permission → Microsoft Graph
Select Permission Type
Choose Application permissions or delegated permissions and search for DeviceTemplate.Create
Grant Admin Consent
Application permissions always require admin consent.