PublicKeyInfrastructure.ReadWrite.All
Allows the application to read and write certificate-based authentication configuration such as all public key infrastructures (PKI) and certificate authorities (CA) configured for the organization, on behalf of the signed-in user.
Merill's Note
For an app to access data in Microsoft Graph, the user or administrator must grant it the permissions it needs. This article lists all the Microsoft Graph APIs and your tenant data that can be accessed by the application (vendor/developer) if you consent to the
PublicKeyInfrastructure.ReadWrite.Allpermission.If you need to create an audit report of the permissions granted to all the apps in your tenant, you can run the
Export-MsIdAppConsentGrantReportcommand. See How To: Run a quick OAuth app audit of your tenant
| Category | Application | Delegated |
|---|---|---|
| Identifier | a2b63618-5350-462d-b1b3-ba6eb3684e26 | 3591b7f3-dba8-4bad-b667-7a64bd4f2b83 |
| DisplayText | Read and write all certificate based authentication configurations | Read and write certificate based authentication configurations |
| Description | Allows the application to read and write certificate-based authentication configuration such as all public key infrastructures (PKI) and certificate authorities (CA) configured for the organization, without a signed-in user. | Allows the application to read and write certificate-based authentication configuration such as all public key infrastructures (PKI) and certificate authorities (CA) configured for the organization, on behalf of the signed-in user. |
| AdminConsentRequired | Yes | Yes |
Graph Methods
→ API supports delegated access (access on behalf of a user)
→ API supports app-only access (access without a user)
| Methods |
|---|
Resources
Granting this permission allows the calling application to access (and/or update) the following information in your tenant.
Graph reference: certificateAuthorityDetail
| Property | Type | Description |
|---|---|---|
| certificate | Binary | The public key of the certificate authority. |
| certificateAuthorityType | certificateAuthorityType | The type of certificate authority. The possible values are: root, intermediate, unknownFutureValue. Supports $filter (eq). |
| certificateRevocationListUrl | String | The URL to check if the certificate is revoked. |
| createdDateTime | DateTimeOffset | The date and time when the certificate authority was created. |
| deletedDateTime | DateTimeOffset | The date and time when the certificate authority was soft deleted. Inherited from base class and null for objects that are not deleted. Inherited from directoryObject. |
| deltacertificateRevocationListUrl | String | The URL to check to find out whether the certificate is revoked. |
| displayName | String | The display name of the certificate authority. |
| expirationDateTime | DateTimeOffset | The date and time when the certificate authority expires. Supports $filter (eq) and $orderby. |
| id | String | The ID of the certificate authority. Inherited from entity. |
| isIssuerHintEnabled | Boolean | Indicates whether the certificate picker presents the certificate authority to the user to use for authentication. Default value is false. Optional. |
| issuer | String | The issuer of the certificate authority. |
| issuerSubjectKeyIdentifier | String | The subject key identifier of certificate authority. |
| thumbprint | String | The thumbprint of certificate authority certificate. Supports $filter (eq, startswith). |