AppCertTrustConfiguration.Read.All

Allows the app to read the trusted certificate authority configuration which can be used to restrict application certificates based on their issuing authority, on behalf of the signed-in user.

Merill's Note

For an app to access data in Microsoft Graph, the user or administrator must grant it the permissions it needs. This article lists all the Microsoft Graph APIs and your tenant data that can be accessed by the application (vendor/developer) if you consent to the AppCertTrustConfiguration.Read.All permission.

If you need to create an audit report of the permissions granted to all the apps in your tenant, you can run the Export-MsIdAppConsentGrantReport command. See How To: Run a quick OAuth app audit of your tenant

Category	Application	Delegated
Identifier	-	af281d3a-030d-4122-886e-146fb30a0413
DisplayText	-	Read the trusted certificate authority configuration for applications
Description	-	Allows the app to read the trusted certificate authority configuration which can be used to restrict application certificates based on their issuing authority, on behalf of the signed-in user.
AdminConsentRequired	Yes	Yes

Graph Methods

→ API supports delegated access (access on behalf of a user)
→ API supports app-only access (access without a user)

	Methods

→ API supports delegated access (access on behalf of a user)
→ API supports app-only access (access without a user)

	Methods
	DELETE /directory/certificateAuthorities/certificateBasedApplicationConfigurations/{certificateBasedApplicationConfigurationId}
	DELETE /directory/certificateAuthorities/certificateBasedApplicationConfigurations/{certificateBasedApplicationConfigurationId}/trustedCertificateAuthorities/{trustedCertificateAuthorityId}
	GET /directory/certificateAuthorities/certificateBasedApplicationConfigurations
	GET /directory/certificateAuthorities/certificateBasedApplicationConfigurations/{certificateBasedApplicationConfigurationId}
	GET /directory/certificateAuthorities/certificateBasedApplicationConfigurations/{certificateBasedApplicationConfigurationId}/trustedCertificateAuthorities
	GET /directory/certificateAuthorities/certificateBasedApplicationConfigurations/{certificateBasedApplicationConfigurationId}/trustedCertificateAuthorities/{trustedCertificateAuthorityId}
	PATCH /certificateAuthorityPath/certificateBasedApplicationConfigurations/{certificateBasedApplicationConfigurationId}
	PATCH /directory/certificateAuthorities/certificateBasedApplicationConfigurations/{certificateBasedApplicationConfigurationId}/trustedCertificateAuthorities/{trustedCertificateAuthorityId}
	POST /directory/certificateAuthorities/certificateBasedApplicationConfigurations
	POST /directory/certificateAuthorities/certificateBasedApplicationConfigurations/{certificateBasedApplicationConfigurationId}/trustedCertificateAuthorities

→ Command supports delegated access (access on behalf of a user)
→ Command supports app-only access (access without a user)

	Commands
	Get-MgBetaDirectoryCertificateAuthorityCertificateBasedApplicationConfiguration
	Get-MgBetaDirectoryCertificateAuthorityCertificateBasedApplicationConfigurationTrustedCertificateAuthority
	New-MgBetaDirectoryCertificateAuthorityCertificateBasedApplicationConfiguration
	New-MgBetaDirectoryCertificateAuthorityCertificateBasedApplicationConfigurationTrustedCertificateAuthority
	Remove-MgBetaDirectoryCertificateAuthorityCertificateBasedApplicationConfiguration
	Remove-MgBetaDirectoryCertificateAuthorityCertificateBasedApplicationConfigurationTrustedCertificateAuthority
	Update-MgBetaDirectoryCertificateAuthorityCertificateBasedApplicationConfiguration
	Update-MgBetaDirectoryCertificateAuthorityCertificateBasedApplicationConfigurationTrustedCertificateAuthority

Resources

Granting this permission allows the calling application to access (and/or update) the following information in your tenant.

certificateAuthorityAsEntity
certificateBasedApplicationConfiguration

Graph reference: certificateAuthorityAsEntity

Property	Type	Description
certificate	Binary	The trusted certificate.
id	String	The unique identifier for the certificate authority. Inherited from entity.
isRootAuthority	Boolean	Indicates if the certificate is a root authority. In a certificateBasedApplicationConfiguration object, at least one object in the trustedCertificateAuthorities collection must be a root authority.
issuer	String	The issuer of the trusted certificate.
issuerSubjectKeyIdentifier	String	The subject key identifier of the trusted certificate.

Graph reference: certificateBasedApplicationConfiguration

Property	Type	Description
deletedDateTime	DateTimeOffset	Date and time when this object was deleted. Always `null` when the object hasn't been deleted. Inherited from trustedCertificateAuthorityAsEntityBase.
description	String	The description of the trusted certificate authorities.
displayName	String	The display name of the trusted certificate authorities.
id	String	The unique identifier for the trusted certificate authorities. Inherited from trustedCertificateAuthorityAsEntityBase.

Table of Contents

AppCertTrustConfiguration.Read.All

Graph Methods

Resources