DeviceManagementCloudCA.Read.All
Allows the app to read certification authority information on behalf of the signed-in user.
Merill's Note
For an app to access data in Microsoft Graph, the user or administrator must grant it the permissions it needs. This article lists all the Microsoft Graph APIs and your tenant data that can be accessed by the application (vendor/developer) if you consent to the
DeviceManagementCloudCA.Read.Allpermission.If you need to create an audit report of the permissions granted to all the apps in your tenant, you can run the
Export-MsIdAppConsentGrantReportcommand. See How To: Run a quick OAuth app audit of your tenant
| Category | Application | Delegated |
|---|---|---|
| Identifier | 315b6e8c-d92a-4691-919d-00ce76d1344a | ac5c8443-d999-471f-9247-ce92cf5c5560 |
| DisplayText | Read Microsoft Cloud PKI objects | Read Microsoft Cloud PKI objects |
| Description | Allows the app to read certification authority information without a signed-in user. | Allows the app to read certification authority information on behalf of the signed-in user. |
| AdminConsentRequired | Yes | Yes |
Graph Methods
→ API supports delegated access (access on behalf of a user)
→ API supports app-only access (access without a user)
| Methods |
|---|
Resources
Granting this permission allows the calling application to access (and/or update) the following information in your tenant.
Graph reference: cloudCertificationAuthority
| Property | Type | Description |
|---|---|---|
| id | String | The certification authority entity instance identifier, which is a globally unique identifier. Read-only. Supports $select. |
| displayName | String | The certification authority display name the Intune admin console. Read/write. Supports $select and $orderby. |
| description | String | The certification authority description displayed in the Intune admin console. Nullable. Read/write. Returns null if not set. |
| scepServerUrl | String | The SCEP server URL for device SCEP connections to request certificates. Read-only. |
| certificateRevocationListUrl | String | The cloud certification authority's Certificate Revocation List URL that can be used to determine revocation status. Read-only. |
| certificateDownloadUrl | String | The URL to download the certification authority certificate. Read-only. |
| certificationAuthorityIssuerUri | String | The URI of the issuing certification authority of a subordinate certification authority. Returns null if a root certification authority. Nullable. Read-only. |
| ocspResponderUri | String | The Online Certificate Status Protocol (OCSP) responder URI that can be used to determine certificate status. Read-only. |
| certificationAuthorityStatus | cloudCertificationAuthorityStatus | Cloud certification authority current status. Unknown value returned by default if the cloud certification authority status is not known. After cloud certification authorities are created their status is set to active. Cloud certification authorities can be set to paused to stop issuing certificates. Possible values are: unknown, active, paused, signingPending, revoked. Read-only. Supports $filter and $orderby. Possible values are: unknown, active, paused, revoked, signingPending, unknownFutureValue. |
| eTag | String | ETag for optimistic concurrency control. Read/write. |
| lastModifiedDateTime | DateTimeOffset | Last modification date and time of this certification authority entity instance. The DateTimeOffset type represents date and time information using ISO 8601 format and is always in UTC time. For example, midnight UTC on Jan 1, 2014 would look like this: '2014-01-01T00:00:00Z'. Nullable. Read/write. |
| roleScopeTagIds | String collection | List of Scope Tags for this entity instance. Scope tags limit access to an entity instance. Nullable. Read/write. |
| createdDateTime | DateTimeOffset | Creation date of this cloud certification authority entity instance. The DateTimeOffset type represents date and time information using ISO 8601 format and is always in UTC time. For example, midnight UTC on Jan 1, 2014 would look like this: '2014-01-01T00:00:00Z'. Nullable. Read-only. |
| certificationAuthorityIssuerId | String | Issuer (parent) certification authority identifier. Nullable. Read-only. Supports $orderby and $select. |
| issuerCommonName | String | |
| cloudCertificationAuthorityType | cloudCertificationAuthorityType | The certification authority type. rootCertificationAuthority value indicates root certification authorities that be used to create issuing certification authorities. issuingCertificationAuthority value indicates that a certification authority can be used to issue leaf certificates. Possible values are: rootCertificationAuthority, issuingCertificationAuthority, issuingCertificationAuthorityWithExternalRoot. Read-only. Supports $orderby. Possible values are: unknown, rootCertificationAuthority, issuingCertificationAuthority, issuingCertificationAuthorityWithExternalRoot, unknownFutureValue. |
| validityPeriodInYears | Int32 | The certification authority validity period in years configured by admins. |
| validityStartDateTime | DateTimeOffset | The start date time of the validity period of a certification authority certificate. Certificates cannot be used before this date time as they are not yet valid. The DateTimeOffset type represents date and time information using ISO 8601 format and is always in UTC time. For example, midnight UTC on Jan 1, 2014 would look like this: '2014-01-01T00:00:00Z'. Nullable. Read-only. Supports $orderby. |
| validityEndDateTime | DateTimeOffset | The end date time of the validity period of a certification authority certificate. Certificates cannot be used after this date time as they are longer valid. The DateTimeOffset type represents date and time information using ISO 8601 format and is always in UTC time. For example, midnight UTC on Jan 1, 2014 would look like this: '2014-01-01T00:00:00Z'. Nullable. Read-only. Supports $orderby. |
| organizationName | String | The organization name that is used as a distinguished name in the subject name of a certification authority certificate in the form "O= |
| organizationUnit | String | The organization unit name that is used as a distinguished name in the subject name of a certification authority certificate in the form "OU= |
| countryName | String | The country name that is used to compose the subject name of a certification authority certificate in the form "C= |
| stateName | String | The state or province name that is used to compose the subject name of a certification authority certificate in the form "ST= |
| localityName | String | The locality (town, city, etc.) name that is used to compose the subject name of a certification authority certificate in the form "L= |
| certificateKeySize | cloudCertificationAuthorityCertificateKeySize | The configured cryptography and key size in bits used to generate the certification authority certificate. Possible values are: rsa2048, rsa3072, rsa4096, eCP256, eCP256k, eCP384, eCP521. Read-only. Possible values are: unknown, rsa2048, rsa3072, rsa4096, eCP256, eCP256k, eCP384, eCP521, unknownFutureValue. |
| cloudCertificationAuthorityHashingAlgorithm | cloudCertificationAuthorityHashingAlgorithm | Certification authority certificate hashing algorithm. Possible values are: sha256, sha384, sha512. Read-only. Possible values are: unknown, sha256, sha384, sha512, unknownFutureValue. |
| thumbprint | String | Secure Hash Algorithm 1 digest of the certificate that can be used to identify it. Read-only. Supports $select. |
| serialNumber | String | The serial number used to uniquely identify a certificate with its issuing certification authority. Read-only. Supports $select. |
| subjectName | String | The subject name of the certificate. The subject is the target or intended beneficiary of the security being provided, such as a company or government entity. Read-only. Supports $orderby and $select. |
| commonName | String | The common name of the certificate subject name, which must be unique. This property is a relative distinguished name used to compose the certificate subject name. Read-only. Supports $select. |
| certificateSigningRequest | String | The certificate signing request used to create an issuing certification authority with a root certification authority external to Microsoft Cloud PKI. The based-64 encoded certificate signing request can be downloaded through this property. After downloading the certificate signing request, it must be signed by the external root certifcation authority. Read-only. |
| extendedKeyUsages | extendedKeyUsage collection | The certificate extended key usages, which specify the usage capabilities of the certificate. Read-only. |
| versionNumber | Int32 | The certification authority version, which is incremented each time the certification authority is renewed. Read-only. |
| rootCertificateCommonName | String | The common name of the certificate subject name of the certification authority issuer. This property can be used to identify the certification authority that issued the current certification authority. For issuing certification authorities, this is the common name of the certificate subject name of the root certification authority to which it is anchored. For externally signed certification authorities, this is the common name of the certificate subject name of the signing certification authority. For root certification authorities, this is the common name of the certification authority's own certificate subject name. Read-only. |
| keyPlatform | cloudCertificationAuthorityKeyPlatformType | The key platform used to store the certification authority keys. Read-only. Possible values are: unknown, software, hardwareSecurityModule, unknownFutureValue. |