We need to automate adding / removing AzureAD computer (device) objects from groups. The SN Spoke for AzureAD "Add User to Group" works with devices which is brilliant. But it only works if you provide the ObjectID.

The ServiceGraph for Intune connector brings back device data with only the DeviceID - not the ObjectID. Similarly if we use the SN Spoke 'Get Managed Device' and provide the DeviceID, we do not get the ObjectID.

Possible solutions could include:

a) Get a spoke for "Device to Group management" (insert/remove/check) working with DeviceID instead of ObjectID to represent the computer account. Currently we use the "Add User to Group" spoke which works for Devices, but only if we provide the ObjectID (not the deviceID). I don't see any Microsoft API that supports this however.

c) Get an API to bring back computer data with objectID instead of deviceID. The ServiceGraph connector for Intune, with the provided transforms, works great. But only provides DeviceID. Again I cannot find an API from Microsoft which provides device data and objectID.

b) Get an API to lookup ObjectID from DeviceID and use that to enrich our CMDB so we have the right key. This is less ideal, but if we have to we could schedule calls to an API like this to update any CI which has a DeviceID but no ObjectID. Then we can keep our CMDB up to date with ObjectIDs which can be used in this automation. Yet again, I can't see any option for this.

We have multiple use cases which require automation of both User to Group and Device to Group management in AzureAD so this is critical for our build. If anyone has achieved anything similar please advise how you did it!