How to bulk import devices in Entra security group

Photo of author
Jatin Makhija
0

An Entra security group lets you organize users and devices, making it easy to apply policies and deploy apps to those devices. You can add members to the group manually or use dynamic rules for automation.

Background

My scenario of using bulk import devices is to re-group Entra joined devices so that I could apply policies on those devices in batches. I first exported a list of all devices from the Azure active directory and now want to separate the list of devices into 5 different Entra security groups.

There are primarily three ways to Add members to an Entra security group. As we are interested in adding members to an Entra group in bulk, we will be using Bulk Operations method today.

  1. Manually
  2. Powershell Script
  3. Bulk Operations

To perform a bulk device import, we’ll need the ObjectID of the devices and a CSV file template, which can be downloaded from Intune or Azure Active Directory. Let’s go through the steps:

Step 1 – Download CSV Template

You can get this CSV template from either Azure Active Directory or the Intune Admin Center. Let’s explore both methods:

Download a CSV Template from the Intune admin center

  • Sign in to Microsoft Intune admin center
  • Go to Groups > Click on the group in which you want to add devices.
  • Click on Members on the left-hand side
  • Click on drop-down Bulk operations > Import Members.
  • A Bulk Import group pane will open on the right-hand side.
  • Click on the Download button to download.

Download a CSV Template from the Azure Active directory

  • Sign in to the Microsoft Azure portal.
  • Search for Azure active directory.
  • Click on Groups > All groups.
  • Click on the group in which you want to add devices.
  • Click on Members on the left-hand side
  • Click on drop-down Bulk operations > Import Members.
  • A Bulk Import group pane will open on the right-hand side.
  • Click on the Download button to download.
Download a CSV Template from the Azure Active directory
Download csv template from Microsoft Azure Portal
  • The CSV template will appear as shown below. Ensure that the version number is retained in the file. You can remove the ‘Example‘ from row 3. We will explore further into this CSV file to learn how to locate the Object ID and add it to the file with the correct formatting.
Download a CSV Template from the Azure Active directory
Download a CSV Template from the Azure Active directory

Step 2 – Gather Device ObjectIDs

You can get Device Object IDs by downloading a Device Inventory report from the Entra admin center. Let’s check the steps:

  • Sign in to the Entra admin center
  • Click on Devices > All devices.
  • Click on Download Devices to download a report of all devices.
Gather Device ObjectIDs
Gather Device ObjectIDs
  • Once the export process is finished, you’ll receive a notification confirming the successful completion of the operation. To access the Bulk operations, you can click on the link provided in the notification. Alternatively, if you missed the notification, you can find it in the Bell Icon or Notification Icons at the top and click on the Bulk Operations link from there.
  • After clicking on Bulk operations, you’ll see that the Bulk device export job has been completed, and the results are available for download. Simply click on the ‘Download result‘ link to retrieve a device inventory report in CSV format.
Gather Device ObjectIDs
Gather Device ObjectIDs
  • When you open the CSV file, you’ll discover information about the devices in your organization. Among the columns, you’ll find the ‘ObjectID.’ This is the information you’ll need for the CSV template file you downloaded earlier.
Gather Device ObjectIDs
Gather Device ObjectIDs

Step 3 – Add ObjectIDs to CSV Template

  • Now, we’ll insert the Object IDs into the CSV Template, ensuring that rows 1 and 2 remain intact. You can remove row 3 as it’s simply an example to illustrate what the Object ID value should look like.
Add ObjectIDs to CSV Template
Add ObjectIDs to CSV Template
  • Let’s proceed by including the Object IDs of the devices we intend to import in the CSV template.
Add ObjectIDs to CSV Template
Add ObjectIDs to CSV Template

Step 4 – Bulk Import devices into an Entra Security Group

We’ve completed the preparation of our CSV template file and populated it with the Object IDs of the devices we want to import into the Entra security group Production Ring 1.

You can initiate the bulk import process from either Azure Active Directory group management or the Microsoft Intune Admin Center’s group management. The steps for the bulk operation process will remain the same. In our case, we will be utilizing the Microsoft Intune Admin Center for group management.

  • Login on Microsoft Intune admin center
  • Go to Groups > Click on the group in which you want to add devices.
  • Click on Members on the left-hand side
  • Click on drop-down Bulk operations > Import Members.
  • A Bulk Import group pane will open on the right-hand side.
  • Upload the CSV file by clicking on the browse folder button.
Bulk Import devices into an Azure AD group
Bulk Import devices into an Entra Security group
  • Browse to the CSV template file we prepared and then click on the Submit button.
Bulk Import devices into an Azure AD group
Bulk Import devices into an Entra security Group
  • As you can see from below screenshot, Devices from CSV template are imported into the Production Ring 1 group successfully.
Bulk Import devices into an Azure AD group
Bulk Import devices into an Entra Security Group

Troubleshooting – Bad Request Error

If you encounter an error, such as a ‘Bad Request‘ error, while importing devices via the Bulk operation method, you may see the following error message: ‘No user with this user name/object ID exists in this group. Change the user name/object ID in the file to match the user name/object ID of an existing user in this group and resubmit your request.

I’ve encountered this issue a few times when importing devices into an Entra Security group using the Bulk operations method. It happened because I used the Device ID or Entra Device ID instead of the required Object ID in the CSV file. To avoid this error, make sure to use only the ObjectID in the CSV file, as per the template’s requirements.

After populating the device Object IDs in the CSV file, you can proceed to upload the template and successfully import the devices into an Entra security group.

Troubleshooting - Bad Request Error
Troubleshooting – Bad Request Error

Conclusion

In this blog post, we have seen how to Import devices into an Entra security group using Bulk operations method. It’s a very easy process once you have the CSV template file sorted. Make sure to use Object IDs into the CSV file otherwise, it will throw an error. There are other alternative ways to import devices into an Entra security group like using Powershell or Graph API but that has not been explored in this blog post.

Leave a Comment

Detailed Step-by-Step guides for Setup/Troubleshooting/Configuration solutions on Intune, Microsoft 365, Powershell, Windows, Azure, and other Cloud technologies.

About the author
Contact Us
Privacy Policies
Comment Policies
Cookie Policies

Let's Connect!