Graph API: Bulk Rename Android Devices in Intune

Table of Contents

Introduction

Managing Android devices at scale in Microsoft Intune can become challenging — especially when device naming conventions are inconsistent or outdated. Native Intune enrollment profiles often restrict naming flexibility, particularly for devices enrolled before naming templates were introduced. In this guide, you’ll learn how to bulk update Android device names post-enrollment using the Microsoft Graph API and PowerShell — without the need to wipe or re-enrol devices.

We’ll cover:

Registering an Azure AD app
Authenticating to Microsoft Graph
Retrieving Android device inventory
Applying a custom naming convention
Validating changes in Intune

🔧 Prerequisites: Familiarity with PowerShell, and admin access to both Azure Active Directory and Microsoft Intune.

Why Use Graph API for Device Renaming?

While Intune offers predefined naming tokens during enrollment, they often fall short for dynamic or organisation-specific naming requirements. What happens when naming standards evolve, but devices are already enrolled?

Why Rename Devices After Enrollment?

There are many practical reasons to update device names post-enrollment:

Align with new asset tagging or compliance standards
Reflect changes in user roles, departments, or locations
Improve visibility and reporting in Microsoft Endpoint Manager
Automate name adjustments throughout the device lifecycle

The best part? You can rename devices without wiping or re-enrolling them. With Microsoft Graph API, PowerShell, or Azure Automation, you can implement custom, scalable naming policies, all while minimising disruption to users.

Step 1: Register Azure AD App for Graph API

Permission	Purpose
`DeviceManagementManagedDevices.PrivilegedOperations.All`	Read/update Intune device info

🔒 Security Tip: Use least privilege by granting only the permissions needed.

Check my blog on how to register apps in Azure for the Microsoft Graph API

Step 2: Authenticate to Microsoft Graph

Use a secure method (e.g., Azure Key Vault) to retrieve client credentials.

$tenantId = "<your-tenant-id>"
$clientId = "<your-client-id>"
$clientSecret = "<your-client-secret>"

$tokenBody = @{
    client_id     = $clientId
    scope         = "https://graph.microsoft.com/.default"
    client_secret = $clientSecret
    grant_type    = "client_credentials"
}

$response = Invoke-RestMethod -Uri "https://login.microsoftonline.com/$tenantId/oauth2/v2.0/token" -Method POST -Body $tokenBody

$authHeader = @{ Authorization = "Bearer $($response.access_token)" }

Step 3: Fetch Android Devices from Intune

$uri = "https://graph.microsoft.com/v1.0/deviceManagement/managedDevices?$filter=operatingSystem eq 'Android' and managedDeviceOwnerType eq 'company' "
$devices = Invoke-RestMethod -Uri $uri -Headers $authHeader -Method GET

Preview the devices:

$devices.value | Select deviceName, id, userPrincipalName, serialNumber, manufacturer

Step 4: Define Your Naming Convention

Tailor device names using logic like:

foreach ($device in $devices.value) {
    $serial = $device.serialNumber
    $desiredName = "Mobile-$serial"

    if ($device.deviceName -ne $desiredName) {
        Write-Host "Updating $($device.deviceName) to $desiredName"

        $body = @{ deviceName = $desiredName } | ConvertTo-Json
        $renameUri = "https://graph.microsoft.com/beta/deviceManagement/managedDevices/$($device.id)/microsoft.graph.setDeviceName"

        Invoke-RestMethod -Uri $renameUri -Method POST -Headers $authHeader -Body $body -ContentType "application/json"
    }
}

🔄 Use the /beta endpoint because setDeviceName is currently not in v1.0. See Microsoft’s documentation for changes.

Reference: Microsoft Graph API – Set Device Name (beta)

Step 5: Validate Results in Intune

Once updates are complete, confirm them:

In the Intune portal: Devices > Android > All Devices
Or via PowerShell:

$updated = Invoke-RestMethod -Uri $uri -Headers $authHeader -Method GET
$updated.value | Select deviceName, serialNumber

Troubleshooting Graph API Requests

Issue	Cause	Fix
401 Unauthorized	Missing or invalid permissions	Confirm API permissions and tenant ID
Name not updated	Incorrect URI or payload	Ensure `/beta/managedDevices/{id}/setDeviceName`
Empty device results	API filter too strict	Review Graph query parameters

Conclusion

You can standardise Android device names across your Intune environment using Microsoft Graph API and PowerShell without re-enrollment or manual effort. This process brings: