Create managedDeviceCertificateState
Namespace: microsoft.graph
Important: Microsoft Graph APIs under the /beta version are subject to change; production use is not supported.
Note: The Microsoft Graph API for Intune requires an active Intune license for the tenant.
Create a new managedDeviceCertificateState object.
This API is available in the following national cloud deployments.
Global service | US Government L4 | US Government L5 (DOD) | China operated by 21Vianet |
---|---|---|---|
✅ | ✅ | ✅ | ✅ |
Permissions
One of the following permissions is required to call this API. To learn more, including how to choose permissions, see Permissions.
Permission type | Permissions (from least to most privileged) |
---|---|
Delegated (work or school account) | DeviceManagementConfiguration.ReadWrite.All |
Delegated (personal Microsoft account) | Not supported. |
Application | DeviceManagementConfiguration.ReadWrite.All |
HTTP Request
POST /deviceManagement/deviceConfigurations/{deviceConfigurationId}/microsoft.graph.iosPkcsCertificateProfile/managedDeviceCertificateStates
POST /deviceManagement/deviceConfigurations/{deviceConfigurationId}/microsoft.graph.iosScepCertificateProfile/managedDeviceCertificateStates
POST /deviceManagement/deviceConfigurations/{deviceConfigurationId}/microsoft.graph.androidPkcsCertificateProfile/managedDeviceCertificateStates
POST /deviceManagement/deviceConfigurations/{deviceConfigurationId}/microsoft.graph.androidScepCertificateProfile/managedDeviceCertificateStates
POST /deviceManagement/deviceConfigurations/{deviceConfigurationId}/microsoft.graph.iosImportedPFXCertificateProfile/managedDeviceCertificateStates
POST /deviceManagement/deviceConfigurations/{deviceConfigurationId}/microsoft.graph.androidImportedPFXCertificateProfile/managedDeviceCertificateStates
POST /deviceManagement/deviceConfigurations/{deviceConfigurationId}/microsoft.graph.aospDeviceOwnerPkcsCertificateProfile/managedDeviceCertificateStates
POST /deviceManagement/deviceConfigurations/{deviceConfigurationId}/microsoft.graph.aospDeviceOwnerScepCertificateProfile/managedDeviceCertificateStates
POST /deviceManagement/deviceConfigurations/{deviceConfigurationId}/microsoft.graph.androidDeviceOwnerPkcsCertificateProfile/managedDeviceCertificateStates
POST /deviceManagement/deviceConfigurations/{deviceConfigurationId}/microsoft.graph.androidDeviceOwnerScepCertificateProfile/managedDeviceCertificateStates
POST /deviceManagement/deviceConfigurations/{deviceConfigurationId}/microsoft.graph.androidWorkProfilePkcsCertificateProfile/managedDeviceCertificateStates
POST /deviceManagement/deviceConfigurations/{deviceConfigurationId}/microsoft.graph.androidWorkProfileScepCertificateProfile/managedDeviceCertificateStates
POST /deviceManagement/deviceConfigurations/{deviceConfigurationId}/microsoft.graph.androidForWorkImportedPFXCertificateProfile/managedDeviceCertificateStates
POST /deviceManagement/deviceConfigurations/{deviceConfigurationId}/microsoft.graph.androidDeviceOwnerImportedPFXCertificateProfile/managedDeviceCertificateStates
POST /deviceManagement/deviceConfigurations/{deviceConfigurationId}/identityCertificate/microsoft.graph.androidForWorkPkcsCertificateProfile/managedDeviceCertificateStates
POST /deviceManagement/deviceConfigurations/{deviceConfigurationId}/identityCertificate/microsoft.graph.androidForWorkScepCertificateProfile/managedDeviceCertificateStates
POST /deviceManagement/deviceConfigurations/{deviceConfigurationId}/microsoft.graph.windowsPhone81VpnConfiguration/identityCertificate/microsoft.graph.windowsPhone81SCEPCertificateProfile/managedDeviceCertificateStates
POST /deviceManagement/deviceConfigurations/{deviceConfigurationId}/microsoft.graph.macOSWiredNetworkConfiguration/identityCertificateForClientAuthentication/microsoft.graph.macOSPkcsCertificateProfile/managedDeviceCertificateStates
POST /deviceManagement/deviceConfigurations/{deviceConfigurationId}/microsoft.graph.macOSWiredNetworkConfiguration/identityCertificateForClientAuthentication/microsoft.graph.macOSScepCertificateProfile/managedDeviceCertificateStates
POST /deviceManagement/deviceConfigurations/{deviceConfigurationId}/microsoft.graph.macOSWiredNetworkConfiguration/identityCertificateForClientAuthentication/microsoft.graph.macOSImportedPFXCertificateProfile/managedDeviceCertificateStates
POST /deviceManagement/deviceConfigurations/{deviceConfigurationId}/microsoft.graph.windowsWifiEnterpriseEAPConfiguration/identityCertificateForClientAuthentication/microsoft.graph.windows10PkcsCertificateProfile/managedDeviceCertificateStates
POST /deviceManagement/deviceConfigurations/{deviceConfigurationId}/microsoft.graph.windowsWifiEnterpriseEAPConfiguration/identityCertificateForClientAuthentication/microsoft.graph.windows81SCEPCertificateProfile/managedDeviceCertificateStates
POST /deviceManagement/deviceConfigurations/{deviceConfigurationId}/microsoft.graph.windowsWifiEnterpriseEAPConfiguration/identityCertificateForClientAuthentication/microsoft.graph.windows10ImportedPFXCertificateProfile/managedDeviceCertificateStates
POST /deviceManagement/deviceConfigurations/{deviceConfigurationId}/microsoft.graph.windowsWifiEnterpriseEAPConfiguration/identityCertificateForClientAuthentication/microsoft.graph.windowsPhone81ImportedPFXCertificateProfile/managedDeviceCertificateStates
Request headers
Header | Value |
---|---|
Authorization | Bearer {token}. Required. Learn more about authentication and authorization. |
Accept | application/json |
Request body
In the request body, supply a JSON representation for the managedDeviceCertificateState object.
The following table shows the properties that are required when you create the managedDeviceCertificateState.
Property | Type | Description |
---|---|---|
id | String | Key of the entity. |
devicePlatform | devicePlatformType | Device platform. Possible values are: android , androidForWork , iOS , macOS , windowsPhone81 , windows81AndLater , windows10AndLater , androidWorkProfile , unknown , androidAOSP , androidMobileApplicationManagement , iOSMobileApplicationManagement , unknownFutureValue , windowsMobileApplicationManagement . |
certificateKeyUsage | keyUsages | Key usage. Possible values are: keyEncipherment , digitalSignature . |
certificateValidityPeriodUnits | certificateValidityPeriodScale | Validity period units. Possible values are: days , months , years . |
certificateIssuanceState | certificateIssuanceStates | Issuance State. Possible values are: unknown , challengeIssued , challengeIssueFailed , requestCreationFailed , requestSubmitFailed , challengeValidationSucceeded , challengeValidationFailed , issueFailed , issuePending , issued , responseProcessingFailed , responsePending , enrollmentSucceeded , enrollmentNotNeeded , revoked , removedFromCollection , renewVerified , installFailed , installed , deleteFailed , deleted , renewalRequested , requested . |
certificateKeyStorageProvider | keyStorageProviderOption | Key Storage Provider. Possible values are: useTpmKspOtherwiseUseSoftwareKsp , useTpmKspOtherwiseFail , usePassportForWorkKspOtherwiseFail , useSoftwareKsp . |
certificateSubjectNameFormat | subjectNameFormat | Subject name format. Possible values are: commonName , commonNameIncludingEmail , commonNameAsEmail , custom , commonNameAsIMEI , commonNameAsSerialNumber , commonNameAsAadDeviceId , commonNameAsIntuneDeviceId , commonNameAsDurableDeviceId . |
certificateSubjectAlternativeNameFormat | subjectAlternativeNameType | Subject alternative name format. Possible values are: none , emailAddress , userPrincipalName , customAzureADAttribute , domainNameService , universalResourceIdentifier . |
certificateRevokeStatus | certificateRevocationStatus | Revoke status. Possible values are: none , pending , issued , failed , revoked . |
certificateProfileDisplayName | String | Certificate profile display name |
deviceDisplayName | String | Device display name |
userDisplayName | String | User display name |
certificateExpirationDateTime | DateTimeOffset | Certificate expiry date |
certificateLastIssuanceStateChangedDateTime | DateTimeOffset | Last certificate issuance state change |
lastCertificateStateChangeDateTime | DateTimeOffset | Last certificate issuance state change |
certificateIssuer | String | Issuer |
certificateThumbprint | String | Thumbprint |
certificateSerialNumber | String | Serial number |
certificateKeyLength | Int32 | Key length |
certificateEnhancedKeyUsage | String | Extended key usage |
certificateValidityPeriod | Int32 | Validity period |
certificateSubjectNameFormatString | String | Subject name format string for custom subject name formats |
certificateSubjectAlternativeNameFormatString | String | Subject alternative name format string for custom formats |
certificateIssuanceDateTime | DateTimeOffset | Issuance date |
certificateErrorCode | Int32 | Error code |
Response
If successful, this method returns a 201 Created
response code and a managedDeviceCertificateState object in the response body.
Example
Request
Here is an example of the request.
POST https://graph.microsoft.com/beta/deviceManagement/deviceConfigurations/{deviceConfigurationId}/microsoft.graph.iosPkcsCertificateProfile/managedDeviceCertificateStates
Content-type: application/json
Content-length: 1517
{
"@odata.type": "#microsoft.graph.managedDeviceCertificateState",
"devicePlatform": "androidForWork",
"certificateKeyUsage": "digitalSignature",
"certificateValidityPeriodUnits": "months",
"certificateIssuanceState": "challengeIssued",
"certificateKeyStorageProvider": "useTpmKspOtherwiseFail",
"certificateSubjectNameFormat": "commonNameIncludingEmail",
"certificateSubjectAlternativeNameFormat": "emailAddress",
"certificateRevokeStatus": "pending",
"certificateProfileDisplayName": "Certificate Profile Display Name value",
"deviceDisplayName": "Device Display Name value",
"userDisplayName": "User Display Name value",
"certificateExpirationDateTime": "2017-01-01T00:02:14.9489247-08:00",
"certificateLastIssuanceStateChangedDateTime": "2017-01-01T00:00:27.7468732-08:00",
"lastCertificateStateChangeDateTime": "2017-01-01T00:01:10.7144639-08:00",
"certificateIssuer": "Certificate Issuer value",
"certificateThumbprint": "Certificate Thumbprint value",
"certificateSerialNumber": "Certificate Serial Number value",
"certificateKeyLength": 4,
"certificateEnhancedKeyUsage": "Certificate Enhanced Key Usage value",
"certificateValidityPeriod": 9,
"certificateSubjectNameFormatString": "Certificate Subject Name Format String value",
"certificateSubjectAlternativeNameFormatString": "Certificate Subject Alternative Name Format String value",
"certificateIssuanceDateTime": "2016-12-31T23:59:41.5044473-08:00",
"certificateErrorCode": 4
}
Response
Here is an example of the response. Note: The response object shown here may be truncated for brevity. All of the properties will be returned from an actual call.
HTTP/1.1 201 Created
Content-Type: application/json
Content-Length: 1566
{
"@odata.type": "#microsoft.graph.managedDeviceCertificateState",
"id": "d99bc884-c884-d99b-84c8-9bd984c89bd9",
"devicePlatform": "androidForWork",
"certificateKeyUsage": "digitalSignature",
"certificateValidityPeriodUnits": "months",
"certificateIssuanceState": "challengeIssued",
"certificateKeyStorageProvider": "useTpmKspOtherwiseFail",
"certificateSubjectNameFormat": "commonNameIncludingEmail",
"certificateSubjectAlternativeNameFormat": "emailAddress",
"certificateRevokeStatus": "pending",
"certificateProfileDisplayName": "Certificate Profile Display Name value",
"deviceDisplayName": "Device Display Name value",
"userDisplayName": "User Display Name value",
"certificateExpirationDateTime": "2017-01-01T00:02:14.9489247-08:00",
"certificateLastIssuanceStateChangedDateTime": "2017-01-01T00:00:27.7468732-08:00",
"lastCertificateStateChangeDateTime": "2017-01-01T00:01:10.7144639-08:00",
"certificateIssuer": "Certificate Issuer value",
"certificateThumbprint": "Certificate Thumbprint value",
"certificateSerialNumber": "Certificate Serial Number value",
"certificateKeyLength": 4,
"certificateEnhancedKeyUsage": "Certificate Enhanced Key Usage value",
"certificateValidityPeriod": 9,
"certificateSubjectNameFormatString": "Certificate Subject Name Format String value",
"certificateSubjectAlternativeNameFormatString": "Certificate Subject Alternative Name Format String value",
"certificateIssuanceDateTime": "2016-12-31T23:59:41.5044473-08:00",
"certificateErrorCode": 4
}