Cloudshell + VSCode to get Devices per User for a Pilot Group in Entra ID

In this blog I will show a case where you for example have created a teams enabled Microsoft 365 Group that you use as a Pilot Group for example when you implement defender products. Some features in this kind of project needs to be tested and enabled on devices. This blog will showcase how you can get the devices that is registered to the users in the Pilot. Off course there can be different circumstances that require you to do some minor changes to the scripts.

Cloud Shell and VS Code

My preferred way of working is to use VS Code for my projects. A nice thing is that you can connect to Azure Cloud Shell from within VS Code. Follow the steps below.

To set up Cloud Shell in Visual Studio Code you need to do two things. First, you need to install nodeJS and the Azure Account extension.

• On Windows: Requires Node.js 6 or later to be installed (https://nodejs.org).
• Visual Studio Code Azure Account extension.

Next step is to open VSCode and

1. Press CTRL+SHIFT+P
2. Sign in to Microsoft Azure, by typing Azure: Sign In
3. A browser window will open to login to Azure
4. Press CTRL+ SHIFT+P
5. Type Open PowerShell in Cloud Shell or Open Bash in Cloud Shell
6. This will connect you directly to your Cloud Shell running in Azure.

You can get a full guide of this setup on this link that also is the source for the text above.

Create Groups and add Devices for pilot

In this example I just create 2 groups for Windows and iOS. Off course you can extend this if you will use more device types. I will use the MG Graph PowerShell module. This means that even if we use the cloud shell we might need to install and connect to MG Graph again. Here is my PowerShell script to setup the groups and add the devices.

install-module microsoft.graph

Connect-MgGraph -Scopes User.ReadWrite, Directory.ReadWrite.All

#Here you take the group ID of the Microsoft 365 Pilot group that is created for this project
$PilotUserGroup = Get-MgGroupMember -GroupId <Group ID>

#This loop will is collecting all devices for the users pilot group
$PilotDeviceGroup = @()

foreach ($pilotuser in $pilotUserGroup){
    $PilotDeviceGroup += Get-MgUserOwnedDevice -UserId $pilotuser.Id | Select-Object -Property id, @{Name="DeviceDisplayName";Expression={$_.AdditionalProperties.displayName}}, @{Name="OperatingSystem";Expression={$_.AdditionalProperties.operatingSystem}}, @{Name="DeviceOwner";Expression={get-mguser -UserId $pilotuser.id |select UserPrincipalName -ExpandProperty UserPrincipalName}}
}

#Create pilot groups for devices
$WindowsDeviceGroup = New-MgGroup -DisplayName "Pilot Device Windows" -MailEnabled:$false -MailNickname "pilotdevicewindows" -SecurityEnabled:$true
$iOSDeviceGroup = New-MgGroup -DisplayName "Pilot Device iOS" -MailEnabled:$false -MailNickname "pilotdeviceios" -SecurityEnabled:$true

#Add devices to each pilot group that was created in the step before
foreach ($pilotdevice in $PilotDeviceGroup){
    if ($pilotdevice.OperatingSystem -eq "Windows") {
        New-MgGroupMember -GroupId $WindowsDeviceGroup.Id -DirectoryObjectId $pilotdevice.Id
        Write-Host $pilotdevice.DeviceDisplayName "was addes to group" $WindowsDeviceGroup.DisplayName
        }
    if ($pilotdevice.OperatingSystem -eq "iOS") {
        New-MgGroupMember -GroupId $iOSDeviceGroup -DirectoryObjectId $pilotdevice.Id
        Write-Host $pilotdevice.DeviceDisplayName "was addes to group" $iOSDeviceGroup.DisplayName
    }
}

Summarize

Now you got an easy explanation of how to start using VS Code with Cloud Shell. You also got an idea of how to use the MG Graph PowerShell module to create some easy configuration for a pilot.