MutualTlsOauthConfiguration.Read.All
Allows the app to read configuration used for OAuth 2.0 mutual-TLS client authentication, on behalf of the signed-in user. This includes reading trusted certificate authorities.
Merill's Note
For an app to access data in Microsoft Graph, the user or administrator must grant it the permissions it needs. This article lists all the Microsoft Graph APIs and your tenant data that can be accessed by the application (vendor/developer) if you consent to the
MutualTlsOauthConfiguration.Read.Allpermission.If you need to create an audit report of the permissions granted to all the apps in your tenant, you can run the
Export-MsIdAppConsentGrantReportcommand. See How To: Run a quick OAuth app audit of your tenant
| Category | Application | Delegated |
|---|---|---|
| Identifier | 6daaff82-2880-496d-9d80-57e8e31195e2 | 51ae584e-e736-4718-897b-10af70f8e3cc |
| DisplayText | Read all configurations used for mutual-TLS client authentication. | Read all configurations used for mutual-TLS client authentication. |
| Description | Allows the app to read configuration used for OAuth 2.0 mutual-TLS client authentication, without a signed-in user. This includes reading trusted certificate authorities. | Allows the app to read configuration used for OAuth 2.0 mutual-TLS client authentication, on behalf of the signed-in user. This includes reading trusted certificate authorities. |
| AdminConsentRequired | Yes | Yes |
Graph Methods
→ API supports delegated access (access on behalf of a user)
→ API supports app-only access (access without a user)
| Methods |
|---|
Resources
Granting this permission allows the calling application to access (and/or update) the following information in your tenant.
Graph reference: deviceTemplate
| Property | Type | Description |
|---|---|---|
| deletedDateTime | DateTimeOffset | Date and time when this object was deleted. Always null when the object hasn't been deleted. Inherited from directoryObject. |
| deviceAuthority | String | A tenant-defined name for the party that's responsible for provisioning and managing devices on the Microsoft Entra tenant. For example, Tailwind Traders (the manufacturer) makes security cameras that are installed in customer buildings and managed by Lakeshore Retail (the device authority). This value is provided to the customer by the device authority (manufacturer or reseller). |
| id | String | The unique identifier for the object. Inherited from directoryObject. Read-only. Supports $filter (eq, in). |
| manufacturer | String | Manufacturer name. |
| model | String | Model name. |
| mutualTlsOauthConfigurationId | String | Object ID of the mutualTlsOauthConfiguration. This value isn't required if self-signed certificates are used. This value is provided to the customer by the device authority (manufacturer or reseller). |
| mutualTlsOauthConfigurationTenantId | String | ID (tenant ID for device authority) of the tenant that contains the mutualTlsOauthConfiguration. This value isn't required if self-signed certificates are used. This value is provided to the customer by the device authority (manufacturer or reseller). |
| operatingSystem | String | Operating system type. Supports $filter (eq, in). |