How to bulk import devices in Azure AD security group

by Leave a comment

Azure AD security group is used to group users and devices. We can then use the Azure AD security group to apply Device configuration policies or deployment of apps on those devices. You can add members into Azure AD group either manually or by using a Dynamic membership rule.

My scenario of using bulk import devices is to re-group Azure AD joined devices so that I could apply policies on those devices in batches. I exported the list of all devices from Azure active directory and divided it in to 5 Azure AD security groups which makes it easier to apply policies or deploy any application in a phased manner.

You can add devices into Azure AD security groups manually or by using a powershell script or by using Bulk operations option in Azure AD. Manually adding 100’s of devices in to a group can be time consuming, therefore today we would be using Bulk operations method to add devices in to Azure AD security group.

To import devices in bulk, we need to use ObjectID of devices and a CSV file template which we will download from Intune or Azure active directory. Let’s check the steps:

Download CSV Template

First, we need to download a CSV template which will be used to Bulk import devices. You can download this template either from Azure active directory or from Microsoft Intune admin center. Let’s check both the ways:

Download CSV Template from Intune admin center

  • Login on Microsoft Intune admin center.
  • Go to Groups > Click on the group in which you want to add devices.
  • Click on Members on the left hand side
  • Click on drop-down Bulk operations > Import Members.
  • A Bulk Import group pane will open on the right hand side.
  • Click on Download button to download.

Download CSV Template from Azure Active directory

  • Login on Microsoft Azure portal.
  • Search for Azure active directory.
  • Click on Groups > All groups.
  • Click on the group in which you want to add devices.
  • Click on Members on the left hand side
  • Click on drop-down Bulk operations > Import Members.
  • A Bulk Import group pane will open on the right hand side.
  • Click on Download button to download.
Download CSV Template from Azure Active directory
Download csv template from Microsoft Azure Portal

CSV template will look like below. You need to make sure version number is not removed from the file. You can remove Example from row 3. We are going to explore more on this CSV file and see how we can find the object ID and add it to this CSV file with proper formatting.

CSV Template Bulk Import Devices
Source: Microsoft

Finding Device ObjectIDs

You will need to populate Object IDs of devices in the CSV template which you want to Import in Azure AD group. But Where you can find device object IDs ? You can download a device inventory report from Azure active directory and then check the ObjectID column. Let’s check the steps:

  • Login on Microsoft Azure portal.
  • Search for Azure active directory.
  • Click on Devices > All devices.
  • Click on Download devices to download a report of all devices.
Export Azure AD device with Object ID
  • When the Export process completes, you will see a message notification that the operation has been completed successfully. You can click on Bulk operations link from the notification or if you missed that you can go to the Bell Icon / Notification Icons on the top and then click on Bulk operations link from there.
  • After you click on Bulk operations. You will find the Bulk device export job has been completed and Results are available for you to download. You can now click on Download result link to download a device inventory report in a CSV file.
Azure AD devices downloaded

When you open the CSV file, you will find information about devices in your organization. One of the Column will be ObjectID. You will require this info for CSV template file we downloaded earlier. Do not get confuse with Device ID or Azure AD device ID, we do not need those values, we just need Object IDs of devices which we want to import.

ObjectID in Device Inventory Azure AD

Add ObjectID’s to CSV Template

Now we will add Object IDs into the CSV Template and make it ready for Import process. Do not remove row 1 and row 2. You can remove row 3 as its just an Example to show how object ID vlaue looks.

Add ObjectID's to CSV Template

Let’s add the object IDs of the devices which we want to Import. We have created a new Azure AD security group called Production Ring 1. We want to import the devices into this group. Therefore, we have added Object IDs of those devices into the CSV template.

Add ObjectID's to CSV Template

Bulk Import devices into an Azure AD group

We have prepared our CSV template file and populated with the Object IDs of the devices which we want to import into Production Ring 1 Azure AD group.

You can start bulk import process from Azure active directory group management or Microsoft Intune admin center group management. Whichever way you prefer to go the Bulk operation process will remain the same. We will be using Microsoft intune admin center for group management.

  • Login on Microsoft Intune admin center.
  • Go to Groups > Click on the group in which you want to add devices.
  • Click on Members on the left hand side
  • Click on drop-down Bulk operations > Import Members.
  • A Bulk Import group pane will open on the right hand side.
  • Upload the CSV file by click on browse folder button.
Bulk Import devices into Azure AD security group
  • Browse to the CSV template file we prepared and then click on Submit button.
Devices imported Bulk operations
  • As you can see that the devices are imported into Production Ring 1 group successfully.
Azure AD security group members bulk operations method import

Troubleshooting

You may receive an error message or Bad Request error when Importing devices via Bulk operation method. The error message is “No user with this user name/object ID exists in this group. Change the user name/object ID in the file to match the user name/object ID of an existing user in this group and resubmit your request.

I have faced this issue couple of times when I was importing devices into an Azure AD group using Bulk operations method. I was using DeviceID or Azure AD Device ID instead of Object ID. As per CSV template requirement, you should only use ObjectID in CSV file.

Once you have populated device Object IDs, then you can upload CSV file template and Import Devices into an Azure AD group successfully.

No user with this user name/object ID exists in this group. Change the user name/object ID in the file to match the user name/object ID of an existing user in this group and resubmit your request

Conclusion

In this blog post, we have seen how to Import devices into an Azure AD security group using Bulk operations method. Its very easy process once you have the CSV template file sorted. Make sure to use Object IDs into the CSV file otherwise it will throw an error. There are other alternative ways to import devices into an Azure AD group like using Powershell or Graph API but that has not been explored in this blog post.

Leave a Comment