Table of Contents

AppCertTrustConfiguration.ReadWrite.All

Allows the app to create, read, update and delete the trusted certificate authority configuration which can be used to restrict application certificates based on their issuing authority, on behalf of the signed-in user.

Merill's Note

For an app to access data in Microsoft Graph, the user or administrator must grant it the permissions it needs. This article lists all the Microsoft Graph APIs and your tenant data that can be accessed by the application (vendor/developer) if you consent to the AppCertTrustConfiguration.ReadWrite.All permission.

If you need to create an audit report of the permissions granted to all the apps in your tenant, you can run the Export-MsIdAppConsentGrantReport command. See How To: Run a quick OAuth app audit of your tenant

Category Application Delegated
Identifier - 4bae2ed4-473e-4841-a493-9829cfd51d48
DisplayText - Read and write the trusted certificate authority configuration for applications
Description - Allows the app to create, read, update and delete the trusted certificate authority configuration which can be used to restrict application certificates based on their issuing authority, on behalf of the signed-in user.
AdminConsentRequired Yes Yes

Graph Methods

API supports delegated access (access on behalf of a user)
API supports app-only access (access without a user)

Methods

Resources

Granting this permission allows the calling application to access (and/or update) the following information in your tenant.

Graph reference: certificateAuthorityAsEntity

Property Type Description
certificate Binary The trusted certificate.
id String The unique identifier for the certificate authority. Inherited from entity.
isRootAuthority Boolean Indicates if the certificate is a root authority. In a certificateBasedApplicationConfiguration object, at least one object in the trustedCertificateAuthorities collection must be a root authority.
issuer String The issuer of the trusted certificate.
issuerSubjectKeyIdentifier String The subject key identifier of the trusted certificate.