AADCertificateBasedApplicationConfiguration¶
Parameters¶
| Parameter | Attribute | DataType | Description | Allowed Values |
|---|---|---|---|---|
| DisplayName | Key | String | Display name for the configuration. | |
| Id | Write | String | The unique identifier for the configuration. | |
| Description | Write | String | Description for the configuration. | |
| TrustedCertificateAuthorities | Write | MSFT_AADCertificateBasedApplicationConfigurationTrustedCertificateAuthority[] | Collection of trusted certificate authorities. | |
| Ensure | Write | String | Present ensures the instance exists, absent ensures it is removed. | Absent, Present |
| Credential | Write | PSCredential | Credentials of the workload's Admin | |
| ApplicationId | Write | String | Id of the Azure Active Directory application to authenticate with. | |
| TenantId | Write | String | Id of the Azure Active Directory tenant used for authentication. | |
| CertificateThumbprint | Write | String | Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication. | |
| ManagedIdentity | Write | Boolean | Managed ID being used for authentication. | |
| AccessTokens | Write | StringArray[] | Access token used for authentication. |
Embedded Instances¶
MSFT_AADCertificateBasedApplicationConfigurationTrustedCertificateAuthority¶
Parameters¶
| Parameter | Attribute | DataType | Description | Allowed Values |
|---|---|---|---|---|
| Certificate | Write | String | The certificate data in base64 encoded format. | |
| IsRootAuthority | Write | Boolean | Indicates if the certificate is a root authority. | |
| Issuer | Write | String | The issuer of the certificate. | |
| IssuerSubjectKeyIdentifier | Write | String | The subject key identifier of the issuer. |
Description¶
Manages certificate-based application configurations that define trusted certificate authorities for application authentication in Azure AD. These configurations are global tenant-wide objects that can be referenced by multiple app management policies.
Permissions¶
Microsoft Graph¶
To authenticate with the Microsoft Graph API, this resource requires the following permissions:
Delegated permissions¶
- Read
-
Directory.Read.All, AppCertTrustConfiguration.Read.All
-
Update
- Directory.ReadWrite.All, AppCertTrustConfiguration.ReadWrite.All, Organization.ReadWrite.All
Application permissions¶
- Read
-
Directory.Read.All
-
Update
- Directory.ReadWrite.All, Organization.ReadWrite.All
Examples¶
Example 1¶
This example creates a certificate-based application configuration with trusted certificate authorities.
Configuration Example
{
param(
[Parameter()]
[System.String]
$ApplicationId,
[Parameter()]
[System.String]
$TenantId,
[Parameter()]
[System.String]
$CertificateThumbprint
)
Import-DscResource -ModuleName Microsoft365DSC
node localhost
{
AADCertificateBasedApplicationConfiguration "ContosoRootCA"
{
ApplicationId = $ApplicationId;
CertificateThumbprint = $CertificateThumbprint;
Description = "Trusted certificate authorities from Contoso";
DisplayName = "Contoso Root CA Configuration";
Ensure = "Present";
TenantId = $TenantId;
TrustedCertificateAuthorities = @(
MSFT_AADCertificateBasedApplicationConfigurationTrustedCertificateAuthority{
Certificate = "MIIDPzCCAiegAwIBAgIQPbcHn..."
IsRootAuthority = $true
Issuer = "CN=Contoso Root CA, O=Contoso, C=US"
IssuerSubjectKeyIdentifier = "1234567890ABCDEF"
}
);
}
}
}
Example 2¶
This example updates an existing certificate-based application configuration.
Configuration Example
{
param(
[Parameter()]
[System.String]
$ApplicationId,
[Parameter()]
[System.String]
$TenantId,
[Parameter()]
[System.String]
$CertificateThumbprint
)
Import-DscResource -ModuleName Microsoft365DSC
node localhost
{
AADCertificateBasedApplicationConfiguration "ContosoRootCA"
{
ApplicationId = $ApplicationId;
CertificateThumbprint = $CertificateThumbprint;
Description = "Updated: Trusted certificate authorities from Contoso";
DisplayName = "Contoso Root CA Configuration";
Ensure = "Present";
TenantId = $TenantId;
TrustedCertificateAuthorities = @(
MSFT_AADCertificateBasedApplicationConfigurationTrustedCertificateAuthority{
Certificate = "MIIDPzCCAiegAwIBAgIQPbcHn..."
IsRootAuthority = $true
Issuer = "CN=Contoso Root CA, O=Contoso, C=US"
IssuerSubjectKeyIdentifier = "1234567890ABCDEF"
}
MSFT_AADCertificateBasedApplicationConfigurationTrustedCertificateAuthority{
Certificate = "MIIDQzCCAiugAwIBAgIRAJkLm..."
IsRootAuthority = $false
Issuer = "CN=Contoso Intermediate CA, O=Contoso, C=US"
IssuerSubjectKeyIdentifier = "ABCDEF1234567890"
}
);
}
}
}
Example 3¶
This example removes a certificate-based application configuration.
Configuration Example
{
param(
[Parameter()]
[System.String]
$ApplicationId,
[Parameter()]
[System.String]
$TenantId,
[Parameter()]
[System.String]
$CertificateThumbprint
)
Import-DscResource -ModuleName Microsoft365DSC
node localhost
{
AADCertificateBasedApplicationConfiguration "ContosoRootCA"
{
ApplicationId = $ApplicationId;
CertificateThumbprint = $CertificateThumbprint;
DisplayName = "Contoso Root CA Configuration";
Ensure = "Absent";
TenantId = $TenantId;
}
}
}