Edit

Share via


certificateBasedAuthConfiguration resource type

Namespace: microsoft.graph

Microsoft Entra ID authenticates you with a client certificate on a Windows, Android, or iOS device when you connect your Exchange Online account to:

  • Microsoft mobile applications such as Outlook and Word
  • Exchange ActiveSync (EAS) clients

Configuring this feature eliminates the need to enter a username and password combination into certain mail and Microsoft Office applications on your mobile device.

Certificate-based authentication configuration is provided through a collection of certificate authorities. Microsoft Entra ID uses the certificate authorities to establish a trusted certificate chain, which enables it to authenticate clients with a client certificate.

Learn more about certificate-based authentication in Microsoft Entra ID.

Note

Administrators are highly recommended to configure the new scalable platform for PKI (Public Key Infrastructure) based store. This new PKI-based CA store supports up to 250 certificate authorities. It also allows each CA file to be as large as 8 KB. Additionally, it introduces new features such as issuer hints.

Methods

Method Return Type Description
List certificateBasedAuthConfiguration List the properties of the certificateBasedAuthConfiguration collection.
Create certificateBasedAuthConfiguration Create a new certificateBasedAuthConfiguration object.
Get certificateBasedAuthConfiguration Read the properties of a certificateBasedAuthConfiguration object.
Delete None Delete a certificateBasedAuthConfiguration object.

Note

Updating certificateBasedAuthConfiguration is not supported. To change a certificateBasedAuthConfiguration, first delete and then create a new certificateBasedAuthConfiguration.

Properties

Property Type Description
certificateAuthorities certificateAuthority collection Collection of certificate authorities which creates a trusted certificate chain.
id String The unique identifier of the certificate based auth configuration. Read-only.

Relationships

None,

JSON representation

The following JSON representation shows the resource type.

{
  "certificateAuthorities": {"@odata.type": "collection(microsoft.graph.certificateAuthority)"},
  "id": "String (identifier)"
}