Update-MgDeviceManagementManagedDevice does not allow you to update primary user

[aklinden]

Describe the bug

Trying to create an automation that sets the primary user property to reflect the user that's been assigned the device. But it doesn't seem like Update-MgDeviceManagement even works. -ManagedDeviceid works just fine, but neither -Users or -BodyParameters seem to work properly.

Expected behavior

Based on the description, it seems like it should update the device object in Intune.

How to reproduce

With -Bodyparamater

$testid = ((Get-ADComputer computername).objectguid).guid

$deviceid = (Get-MgDeviceManagementManagedDevice -filter "AzureADDeviceid eq '$testid'").id

$user = Get-MgUser -Filter "userprincipalname eq 'first.last@example.com'"

$params = @{
    UserDisplayName = $user.DisplayName
    UserEmail = $user.UserPrincipalName
    userid = $user.id
    UserPrincipalName = $user.UserPrincipalName
   }

Update-MgDeviceManagementManagedDevice -ManagedDeviceId $deviceid -BodyParameter $params

With -Users

$user = Get-MgUser -Filter "userprincipalname eq 'first.last@example.com'"

$testid = ((Get-ADComputer computername).objectguid).guid

$deviceid = (Get-MgDeviceManagementManagedDevice -filter "AzureADDeviceid eq '$testid'").id

Update-MgDeviceManagementManagedDevice -ManagedDeviceId $deviceid -BodyParameter $params -Users $user

### SDK Version

2.19

### Latest version known to work for scenario above?

_No response_

### Known Workarounds

Trying to use the `MgDeviceRegisteredOwnerByRef` cmdlets to make the change in Azure, but those don't have App permissions assigned. 

### Debug output

<details><summary>Click to expand log</summary>

DEBUG: [CmdletBeginProcessing]: - Update-MgDeviceManagementManagedDevice begin processing with parameterSet 'Update'.

Confirm
Continue with this operation?
[Y] Yes [A] Yes to All [H] Halt Command [S] Suspend [?] Help (default is "Y"): y
DEBUG: [Authentication]: - AuthType: 'AppOnly', TokenCredentialType: 'ClientCertificate', ContextScope: 'Process',
AppName: 'Company_App_Name'.

Confirm
Continue with this operation?
[Y] Yes [A] Yes to All [H] Halt Command [S] Suspend [?] Help (default is "Y"): y
DEBUG: [Authentication]: - Scopes: [Device.ReadWrite.All, User.ReadWrite.All, UserAuthenticationMethod.ReadWrite.All,
Directory.ReadWrite.All, DeviceManagementServiceConfig.ReadWrite.All, Organization.ReadWrite.All,
DeviceManagementManagedDevices.ReadWrite.All, GroupMember.ReadWrite.All, AuditLog.Read.All,
DeviceManagementConfiguration.ReadWrite.All, DeviceManagementApps.ReadWrite.All].

Confirm
Continue with this operation?
[Y] Yes [A] Yes to All [H] Halt Command [S] Suspend [?] Help (default is "Y"): y

Confirm
Are you sure you want to perform this action?
Performing the operation "Update-MgDeviceManagementManagedDevice_Update" on target "Call remote 'PATCH
/deviceManagement/managedDevices/{managedDevice-id}' operation".
[Y] Yes [A] Yes to All [N] No [L] No to All [S] Suspend [?] Help (default is "Y"): y
DEBUG: ============================ HTTP REQUEST ============================

HTTP Method:
PATCH

Absolute Uri:
https://graph.microsoft.com/v1.0/deviceManagement/managedDevices/{mymanagedDevice-id}

Headers:
FeatureFlag : 00000043
Cache-Control : no-store, no-cache
User-Agent : Mozilla/5.0,(Windows NT 10.0; Microsoft Windows 10.0.22631;
en-US),PowerShell/5.1.22621.4111
Accept-Encoding : gzip
SdkVersion : graph-powershell/2.19.0
client-request-id : df064533-b8ca-43d5-a3bc-2f16f03d162b

Body:
{
"UserEmail": "first.last@example.com"
}

Confirm
Continue with this operation?
[Y] Yes [A] Yes to All [H] Halt Command [S] Suspend [?] Help (default is "Y"): y
DEBUG: ============================ HTTP RESPONSE ============================

Status Code:
NoContent

Headers:
Strict-Transport-Security : max-age=31536000
request-id : b8271a37-ad0e-46ed-8edf-45751ea28a14
client-request-id : df064533-b8ca-43d5-a3bc-2f16f03d162b
x-ms-ags-diagnostic : {"ServerInfo":{"DataCenter":"West US
2","Slice":"E","Ring":"4","ScaleUnit":"001","RoleInstance":"MW2PEPF000031CA"}}
Date : Fri, 04 Oct 2024 22:17:49 GMT

Body:

Confirm
Continue with this operation?
[Y] Yes [A] Yes to All [H] Halt Command [S] Suspend [?] Help (default is "Y"): y
DEBUG: [CmdletEndProcessing]: - Update-MgDeviceManagementManagedDevice end processing.

Confirm
Continue with this operation?
[Y] Yes [A] Yes to All [H] Halt Command [S] Suspend [?] Help (default is "Y"): y

</details>


### Configuration

Name                           Value
----                           -----
PSVersion                      5.1.22621.4111
PSEdition                      Desktop
PSCompatibleVersions           {1.0, 2.0, 3.0, 4.0...}
BuildVersion                   10.0.22621.4111
CLRVersion                     4.0.30319.42000
WSManStackVersion              3.0
PSRemotingProtocolVersion      2.3
SerializationVersion           1.1.0.1

OS  - Windows 11
Architecture - x64

I don't think this is specific to this configuration.

### Other information

_No response_

[timayabi2020]

Hi @aklinden thank you for identifying and reporting this issue. I am not able to pinpoint any fault associated with the SDK because based on your debug information, it is packaging the attributes as per the documentation here. There is also no error/exception thrown by both the SDK and the service. I therefore advise that you raise an issue here https://developer.microsoft.com/en-us/graph/support so that the API owner can respond to it.

[aklinden]

@timayabi2020

Sorry for the late reply. Thanks for taking a look! Just for clarity, in the documentation you linked, all of the user related attributes say read only in the description. If that were to change to an editable property, that would fall on the API owner, correct?

[aklinden]

Looking more closely, there are only two properties that don't have read-only in the description...

[timayabi2020]

@aklinden yes the service owner should be able to provide more clarity on why some properties are updateable and others not. Kindly open a support ticket here https://developer.microsoft.com/en-us/graph/support.