From Intune to EntraID – Add custom data to the Extension Attributes

Many people wonder why they can’t find the serial number of devices in EntraID. This is because the serial number is not a property of the device object in EntraID; it’s a property in Intune.

When you enable the device cleanup feature in Intune, the device gets deleted from Intune, but the corresponding EntraID object remains. This happens because the cleanup feature only affects Intune.

For Windows devices, you could theoretically check each device in Autopilot and search for the EntraID object, but this isn’t practical.

Similarly, for MacOS devices, you could check each device in Apple Business Manager and search for the EntraID object, but this also isn’t practical.

A better solution is to write the serial number of each device to an extension attribute of the corresponding EntraID object. This way, you can search for the device in EntraID and retrieve the serial number from the extension attribute.

Introduction

What are Extension Attributes?

Extension Attributes are custom properties that can be added to objects in Entra ID (formerly Azure AD) to store additional information beyond the standard attributes. These custom attributes allow organizations to extend the schema of Entra ID objects, including devices, to accommodate specific business needs or integrate with other systems.

For devices, Extension Attributes provide a flexible way to associate custom metadata with each device record in Entra ID. This can include information such as asset tags, department assignments, custom configuration details, or any other relevant data that isn’t covered by the default device attributes.

Why use Extension Attributes for devices?

• Customization: Every organization has unique needs. Extension Attributes allow you to tailor device information to your specific requirements, storing data that’s relevant to your business processes.
• Enhanced Inventory Management: By adding custom attributes, you can improve your device inventory, making it easier to track and manage devices across your organization.
• Improved Reporting and Filtering: With additional attributes, you can create more detailed and customized reports about your device fleet, as well as filter devices based on these custom properties.
• Automation Support: Extension Attributes can be used in automation scripts and policies, allowing for more sophisticated device management workflows.

Writing Data to Extension Attributes using the Data in Intune

The general workflow for writing data to Extension Attributes using the Data in Intune is as follows:

• Create a PowerShell script that gathers the required data and formats it for the Extension Attributes.
• Authenticate the script to access the Microsoft Graph API.
• Get the available device infomrations from Intune for each device.
• Use Graph API calls to update the Extension Attributes for the target devices.

Practical Examples

Write Device Details to Extension Attributes

This script comes in two variants:

• All Devices
• Groups

The following details are written to the extension attributes:

• SerialNumber
• DeviceEnrollmentType
• IsEncrypted
• TotalStorageSpaceInGB
• EnrollmentProfileName
• ComplianceState
• Model
• Manufacturer

Write Device Details to Extension Attributes for All Devices

This script writes various device details to Extension Attributes for all devices in your Entra ID tenant.

Download Script: https://github.com/ugurkocde/Intune/blob/main/Extension%20Attributes/Write_DeviceDetails_to_ExtensionAttributes_All_Devices.ps1

Key features of this script:

• Authenticates to Microsoft Graph
• Retrieves all devices from Entra ID
• Collects device information such as OS version, manufacturer, model, etc.
• Updates Extension Attributes for each device object in EntraID with the collected information

Sample Output:

Write Device Details to Extension Attributes for a single Group

This variant of the script performs the same function but targets only devices in a specific Entra ID group.

Download Link: https://github.com/ugurkocde/Intune/blob/main/Extension%20Attributes/Write_DeviceDetails_to_ExtensionAttributes_Group.ps1

Key differences from the all-devices version:

• Retrieves devices only from a specified Entra ID group (Input the object ID from a group)
• Allows for more targeted attribute updates

Sample Output:

Delete All Extension Attributes

This script provides a way to remove all custom Extension Attributes from devices, which can be useful for cleanup or resetting purposes.

Download: https://github.com/ugurkocde/Intune/blob/main/Extension%20Attributes/Delete_All_ExtensionAttributes.ps1

Key features of this script:

• Authenticates to Microsoft Graph using a service principal
• Retrieves all devices from Entra ID
• Identifies and removes all custom Extension Attributes from each device

Sample Output:

Retrieving and Using Extension Attribute Data

You have multiple options to show the extension Attributes. I will explain the following three options (I prefer Powershell):

• Graph Explorer
• Powershell with Graph API
• EntraID Portal

Querying Extension Attributes in the Graph Explorer

Microsoft Graph API provides a powerful way to programmatically access and manipulate data in Entra ID, including Extension Attributes. Here’s how you can query Extension Attributes using the Graph Explorer:

1. Authentication: Sign in, on the top right:

2. API Endpoint: Use the following endpoint to retrieve device information:

 https://graph.microsoft.com/v1.0/devices

3. Query Parameters: To include Extension Attributes in the response, use the $select parameter:

 https://graph.microsoft.com/v1.0/devices?$select=id,displayName,extensionAttributes

Querying Extension Attributes with a PowerShell Script

Here’s a basic PowerShell script to query devices and their Extension Attributes:

Download Script: https://github.com/ugurkocde/Intune/blob/main/Extension%20Attributes/Search_ExtensionAttributes.ps1

This script will take any string as an input (Example: Serialnumber) and will iterate over all devices and find you the device that has that specific extension attribute value inside. This makes it super easy to find a EntraID Device based on a Serial Number.

Here is an example where I am searching for a Device in EntraID based on the Serial Number:

Showing Extension Attributes in the Entra ID Portal

While programmatic access through Graph API is powerful, sometimes you need a quick visual reference. Extension Attributes can be viewed directly in the Entra ID Portal:

• Navigate to Devices:
• Log in to the Entra ID Portal
• Go to “Devices” > “All devices”

• Click on a specific device to view its “Extension attributes”

Filter by extension Attribute

You can add a filter inside the device overview in EntraID:

Disclaimer

The information and scripts provided in this blog post are for educational and informational purposes only. While efforts have been made to ensure the accuracy and effectiveness of the content, it is provided “as is” without warranty of any kind, express or implied.