Automating Entra Device Extension Attributes with Intune Remediation Scripts and Azure Automation

By /

Listen to this Post

Managing device attributes in Entra ID (formerly Azure AD) can be streamlined using Intune remediation scripts and Azure Automation. This approach ensures consistent metadata across devices, simplifies reporting, and enhances security policies.

You Should Know:

1. PowerShell Script for Extension Attributes

Use this script to collect device details and push them to Entra ID:

 Collect device information 
$deviceName = $env:COMPUTERNAME 
$serialNumber = (Get-CimInstance Win32_BIOS).SerialNumber 
$osVersion = (Get-CimInstance Win32_OperatingSystem).Version

Update Entra Device Extension Attributes 
$device = Get-MgDevice -Filter "displayName eq '$deviceName'" 
if ($device) { 
Update-MgDevice -DeviceId $device.Id -AdditionalProperties @{ 
"extensionAttributes" = @{ 
"serialNumber" = $serialNumber 
"osVersion" = $osVersion 
} 
} 
Write-Output "Device attributes updated successfully." 
} else { 
Write-Output "Device not found in Entra ID." 
}

2. Deploying via Intune Remediation

1. Create a remediation script in Microsoft Intune:

  • Navigate to Devices > Scripts > Remediation
  • Upload the PowerShell script (above) as both Detection and Remediation scripts.
  1. Assign to devices – Target specific Azure AD groups.

3. Automating with Azure Automation

For scheduled updates, use Azure Automation:

 Connect to Microsoft Graph 
Connect-MgGraph -Scopes "Device.ReadWrite.All"

Fetch all Intune-managed devices 
$devices = Get-MgDevice -All

foreach ($device in $devices) { 
$serial = (Invoke-MgGraphRequest -Method GET "https://graph.microsoft.com/v1.0/deviceManagement/managedDevices?`$filter=deviceName eq '$($device.DisplayName)'").value.serialNumber 
Update-MgDevice -DeviceId $device.Id -AdditionalProperties @{ 
"extensionAttributes" = @{ 
"serialNumber" = $serial 
} 
} 
}

4. Verify Updates in Entra ID

Run this to check updated attributes:

Get-MgDevice -DeviceId <DeviceID> | Select-Object DisplayName, AdditionalProperties

5. Linux Alternative (for Hybrid Environments)

For Linux devices, use `jq` and `curl` to update attributes: 

!/bin/bash 
serial=$(sudo dmidecode -s system-serial-number) 
curl -X PATCH "https://graph.microsoft.com/v1.0/devices/<DeviceID>" \ 
-H "Authorization: Bearer $ACCESS_TOKEN" \ 
-H "Content-Type: application/json" \ 
-d "{'extensionAttributes':{'serialNumber':'$serial'}}"

What Undercode Say

Automating Entra device extension attributes ensures accurate device tracking, improves compliance reporting, and reduces manual errors. Combining Intune remediation scripts with Azure Automation allows scalable management across Windows and Linux devices.

For further reading, visit:

Expected Output:

Device attributes updated successfully.

References:

Reported By: Joe Loveless – Hackers Feeds
Extra Hub: Undercode MoN
Basic Verification: Pass ✅

Join Our Cyber World:

💬 Whatsapp | 💬 TelegramFeatured Image

Related Posts: