I need to bypass Conditional Access for some mobile devices. The list would be too long to filter by the ExO device ID’s. However, if I can set an Extended Attribute to these devices, that would do the trick.
Exchange shell’s Get-MobileDevice is great to grab the entire list of mobile devices & their Device IDs. This list is absolutely perfect. However, I’m not seeing an Exchange shell commandlet that will add/update/modify ExtendedAttributes.
The Graph shell’s Update-MgDevice doesn’t seem to like the Device IDs listed by Exchange. Get-MgDevice includes a lot of non-mobile devices. Worse, it doesn’t include all the mobile devices known by Exchange.
Anyone have any ideas on how get an ExtendedAttribute added to the Mobile Devices in Exchange Online, and only those devices?
You can’t modify the attributes of a mobile device. A mobile device isn’t a first-class object in the AD, it’s (or they actually) are child objects of a mailbox-enabled user object. Also, a mailbox-enabled user may have multiple mobile devices as children. The mobile device children are created and removed by Exchange, and managed by Exchange. They’re created when a device uses Active Sync. They keep track of things like the last sync time. Their purpose to keep a record of the active sync relationship, not the device itself, but they do record information like the DeviceID, DeviceType, and DeviceOS.
I’ve been retired for 11 years, and don’t have a whole lot (i.e., practically none) of experience with Exchange and Microsofts’ cloud computing. But from what I’ve been able to glean from a light search of things online, you should be able to match DeviceID in the MobileDevice child/children of a mailbox-enabled user to the information in Entra by using something like this Get-MgDevice -Filter “startswith(devicePhysicalIds,‘TheDeviveIDGoesHere’)”.