DeviceTemplate.ReadWrite.All | Graph Permissions

Permission Details

Application Permission

Read and write all device templates

Allows the app to create, read, update and delete any device template, without a signed-in user. It also allows the app to add or remove owners on any device template.

Permission ID: 9fadb66e-6421-4744-aede-4ab6fb98a884

Delegated Permission

Read and write all device templates

Allows the app to create, read, update and delete the device template, on behalf of the signed in user. It also allows the app to add or remove owners on any device template.

Permission ID: 2d372e98-f1ae-406c-a157-2ea83f6f5e4a

Properties

Microsoft Graph beta exact-category-docs

Properties is shown from beta metadata because a stable v1.0 schema is not available for this resource mapping.

Property	Type	Description
`deletedDateTime`	`DateTimeOffset`Nullable	Date and time when this object was deleted. Always null when the object hasn't been deleted. Inherited from directoryObject.
`deviceAuthority`	`String`Nullable	A tenant-defined name for the party that's responsible for provisioning and managing devices on the Microsoft Entra tenant. For example, Tailwind Traders (the manufacturer) makes security cameras that are installed in customer buildings and managed by Lakeshore Retail (the device authority). This value is provided to the customer by the device authority (manufacturer or reseller).
`id`	`String`	The unique identifier for the object. Inherited from directoryObject. Read-only. Supports $filter (eq, in).
`manufacturer`	`String`Nullable	Manufacturer name.
`model`	`String`Nullable	Model name.
`mutualTlsOauthConfigurationId`	`String`Nullable	Object ID of the mutualTlsOauthConfiguration. This value isn't required if self-signed certificates are used. This value is provided to the customer by the device authority (manufacturer or reseller).
`mutualTlsOauthConfigurationTenantId`	`String`Nullable	ID (tenant ID for device authority) of the tenant that contains the mutualTlsOauthConfiguration. This value isn't required if self-signed certificates are used. This value is provided to the customer by the device authority (manufacturer or reseller).
`operatingSystem`	`String`Nullable	Operating system type. Supports $filter (eq, in).
`deviceInstances`	`device collection`	Collection of device objects created based on this template.
`owners`	`directoryObject collection`	Collection of directory objects that can manage the device template and the related deviceInstances. Owners can be represented as service principals, users, or applications. An owner has full privileges over the device template and doesn't require other administrator roles to create, update, or delete devices from this template, as well as to add or remove template owners. There can be a maximum of 100 owners on a device template. Supports $expand.

JSON Representation

Microsoft Graph beta exact-category-docs

JSON representation is shown from beta metadata because a stable v1.0 schema is not available for this resource mapping.

JSON representation

{
  "@odata.type": "#microsoft.graph.deviceTemplate",
  "deletedDateTime": "String (timestamp)",
  "deviceAuthority": "String",
  "id": "String (identifier)",
  "manufacturer": "String",
  "model": "String",
  "mutualTlsOauthConfigurationId": "String",
  "mutualTlsOauthConfigurationTenantId": "String",
  "operatingSystem": "String"
}

Relationships

Microsoft Graph beta exact-category-docs

Relationships is shown from beta metadata because a stable v1.0 schema is not available for this resource mapping.

Relationship	Type	Description
`deviceInstances`	`device collection`	Collection of device objects created based on this template.
`owners`	`directoryObject collection`	Collection of directory objects that can manage the device template and the related deviceInstances. Owners can be represented as service principals, users, or applications. An owner has full privileges over the device template and doesn't require other administrator roles to create, update, or delete devices from this template, as well as to add or remove template owners. There can be a maximum of 100 owners on a device template. , , Supports $expand.

Graph Methods

Delegated access App-only access

Exact Microsoft Learn match

Microsoft Graph v1.0 endpoints are mapped directly from refreshed Microsoft Learn permissions tables.

No API methods available for this version.

Exact Microsoft Learn match

Microsoft Graph beta endpoints are mapped directly from refreshed Microsoft Learn permissions tables.

Methods
GET `/directory/templates/deviceTemplates`
GET `/directory/templates/deviceTemplates/{id}`
GET `/directory/templates/deviceTemplates/{id}/owners`
POST `/directory/templates/deviceTemplates`
POST `/directory/templates/deviceTemplates/{id}/owners/$ref`
DELETE `/directory/templates/deviceTemplates/{deviceTemplateId}/owners/{id}/$ref`
DELETE `/directory/templates/deviceTemplates/{id}`

Exact Microsoft Learn PowerShell match

Microsoft Graph PowerShell v1.0 commands are mapped directly from refreshed Microsoft Learn PowerShell snippets.

No deterministic PowerShell command map is available for this permission.

Browse PowerShell docs

Exact Microsoft Learn PowerShell match

Microsoft Graph PowerShell beta commands are mapped directly from refreshed Microsoft Learn PowerShell snippets.

Commands
`Get-MgBetaDirectoryTemplateDeviceTemplate` /directory/templates/deviceTemplates List deviceTemplates
`Get-MgBetaDirectoryTemplateDeviceTemplate` /directory/templates/deviceTemplates/{id} Get deviceTemplate
`Get-MgBetaDirectoryTemplateDeviceTemplateOwner` /directory/templates/deviceTemplates/{id}/owners List deviceTemplate owners
`New-MgBetaDirectoryTemplateDeviceTemplate` /directory/templates/deviceTemplates Create deviceTemplate
`Remove-MgBetaDirectoryTemplateDeviceTemplate` /directory/templates/deviceTemplates/{id} Delete deviceTemplate

Code Examples

C# / .NET SDK

Delete deviceTemplate

View official example on Microsoft Learn

// Code snippets are only available for the latest version. Current version is 5.x

// To initialize your graphClient, see https://learn.microsoft.com/en-us/graph/sdks/create-client?from=snippets&tabs=csharp
await graphClient.Directory.Templates.DeviceTemplates["{deviceTemplate-id}"].DeleteAsync();

JavaScript

Add deviceTemplate owner

View official example on Microsoft Learn

const options = {
	authProvider,
};

const client = Client.init(options);

const directoryObject = {
  '@odata.id': 'https://graph.microsoft.com/beta/users/00001111-aaaa-2222-bbbb-3333cccc4444'
};

await client.api('/directory/templates/deviceTemplates/2d62b12a-0163-457d-9796-9602e9807e1/owners/$ref')
	.version('beta')
	.post(directoryObject);

PowerShell

Delete deviceTemplate

View official example on Microsoft Learn

Import-Module Microsoft.Graph.Beta.Identity.DirectoryManagement

Remove-MgBetaDirectoryTemplateDeviceTemplate -DeviceTemplateId $deviceTemplateId

Python

Delete deviceTemplate

View official example on Microsoft Learn

# Code snippets are only available for the latest version. Current version is 1.x
from msgraph_beta import GraphServiceClient
# To initialize your graph_client, see https://learn.microsoft.com/en-us/graph/sdks/create-client?from=snippets&tabs=python

await graph_client.directory.templates.device_templates.by_device_template_id('deviceTemplate-id').delete()

App Registration

1

Navigate to Azure Portal

Go to App registrations in Microsoft Entra admin center

2

Add API Permission

Select your app → API permissions → Add a permission → Microsoft Graph

3

Select Permission Type

Choose Application permissions or delegated permissions and search for DeviceTemplate.ReadWrite.All

4

Grant Admin Consent

Application permissions always require admin consent.