Set Entra device owner using Graph PowerShell

This script changes the user displayed in Entra ID. For the sake of simplicity, it changes both user and owner, but may be easily coerced

PowerShell

#
# Examples:
#
# Set-EntraDeviceOwner -DeviceName "DEV-E-0001" -UserPrincipalName $null
# Set-EntraDeviceOwner -DeviceName "DEV-E-0001" -UserPrincipalName "[email protected]"
#
#

function Set-EntraDeviceUser {
    param(
        [Parameter(Mandatory = $true)][string] $DeviceName,
        [Parameter(Mandatory = $true)][AllowEmptyString()][string] $UserPrincipalName
    )

    $deviceId = (Get-MgDevice -Filter "displayname eq '$DeviceName'").Id

    # Remove owners
    Get-MgDeviceRegisteredOwner -DeviceId $deviceId | Foreach-Object {
        Remove-MgDeviceRegisteredOwnerDirectoryObjectByRef -DeviceId $deviceId -DirectoryObjectId $_.Id | Out-Null
    }

    # Remove users
    Get-MgDeviceRegisteredUser -DeviceId $deviceId | Foreach-Object {
        Remove-MgDeviceRegisteredUserDirectoryObjectByRef -DeviceId $deviceId -DirectoryObjectId $_.Id | Out-Null
    }

    if ($UserPrincipalName) {
        $userObject = Get-MgUser -Filter "userprincipalname eq '$UserPrincipalName'"

        if (!$userObject) {
            Write-Error "User not found"

            return 1
        }

        $userId = $userObject.Id
            
        $params = @{
            "@odata.id" = "https://graph.microsoft.com/v1.0/directoryObjects/$userId"
        }

        New-MgDeviceRegisteredOwnerByRef -DeviceId $deviceId -BodyParameter $params | Out-Null
        New-MgDeviceRegisteredUserByRef -DeviceId $deviceId -BodyParameter $params | Out-Null
    }
}

Report of users and owners:

PowerShell

#
# Get-EntraDeviceState -DeviceName "DEV-E-0001"
# Get-MgDevice -Filter "startswith(displayname,'DEV-E-')" | ForEach-Object { Get-EntraDeviceState -DeviceName $_.DisplayName }
#

function Get-EntraDeviceState {
    param(
        [Parameter(Mandatory = $true)][string] $DeviceName
    )

    $device = Get-MgDevice -Filter "displayname eq '$DeviceName'"

    $ownerList = @()
    Get-MgDeviceRegisteredOwner -DeviceId $device.Id | ForEach-Object {
        $ownerList += ($_ | Select-Object -ExpandProperty AdditionalProperties)['userPrincipalName']
    }

    $userList = @()
    Get-MgDeviceRegisteredUser -DeviceId $device.Id | ForEach-Object {
        $userList += ($_ | Select-Object -ExpandProperty AdditionalProperties)['userPrincipalName']
    }

    $response = [PSCustomObject]@{
        Name   = $device.DisplayName
        Owners = $ownerList -join ' , '
        Users  = $userList -join ' , '
        Id     = $device.Id
    }

    return $response
}