Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
Namespace: microsoft.graph
Important
APIs under the /beta version in Microsoft Graph are subject to change. Use of these APIs in production applications is not supported. To determine whether an API is available in v1.0, use the Version selector.
Represents the classic certificate-based authentication (CBA) trust store.
Certificate-based authentication allows you to authenticate to Microsoft Entra ID with a client certificate on a Windows, Android, or iOS device when you connect your Exchange Online account to:
- Microsoft mobile applications such as Outlook and Word
- Exchange ActiveSync (EAS) clients
Configuring this feature eliminates the need to enter a username and password combination into certain mail and Microsoft Office applications on your mobile device.
Certificate-based authentication configuration is provided through a collection of certificate authorities. The certificate authorities are used to establish a trusted certificate chain that enables clients to be authenticated by Microsoft Entra ID with a client certificate.
Learn more about Get started with certificate-based authentication in Microsoft Entra ID with federation.
Important
We highly recommend you use the new PKI-based trust store, which is more scalable than this classic trust store. It supports up to 250 Certificate Authorities (CAs) with up to 8KB per CA file and also supports new functionality such as issuer hints.
Methods
| Method | Return Type | Description |
|---|---|---|
| List | certificateBasedAuthConfiguration | List the properties of the certificateBasedAuthConfiguration collection. |
| Get | certificateBasedAuthConfiguration | Read the properties of a certificateBasedAuthConfiguration object. |
| Create | certificateBasedAuthConfiguration | Create a new certificateBasedAuthConfiguration object. |
| Delete | None | Delete a certificateBasedAuthConfiguration object. |
Note
Updating cerficateBasedAuthConfiguration isn't supported. To change a cerficateBasedAuthConfiguration, first delete and then create a new cerficateBasedAuthConfiguration.
Properties
| Property | Type | Description |
|---|---|---|
| certificateAuthorities | certificateAuthority collection | Collection of certificate authorities that creates a trusted certificate chain. |
| id | String | The unique identifier of the certificate based auth configuration. Read-only. |
Relationships
None
JSON representation
The following JSON representation shows the resource type.
{
"certificateAuthorities": {"@odata.type": "collection(microsoft.graph.certificateAuthority)"},
"id": "String (identifier)"
}