Create windows10XSCEPCertificateProfile
Namespace: microsoft.graph
Important: Microsoft Graph APIs under the /beta version are subject to change; production use is not supported.
Note: The Microsoft Graph API for Intune requires an active Intune license for the tenant.
Create a new windows10XSCEPCertificateProfile object.
This API is available in the following national cloud deployments.
| Global service | US Government L4 | US Government L5 (DOD) | China operated by 21Vianet |
|---|---|---|---|
| ✅ | ✅ | ✅ | ✅ |
Permissions
One of the following permissions is required to call this API. To learn more, including how to choose permissions, see Permissions.
| Permission type | Permissions (from least to most privileged) |
|---|---|
| Delegated (work or school account) | DeviceManagementServiceConfig.ReadWrite.All |
| Delegated (personal Microsoft account) | Not supported. |
| Application | DeviceManagementServiceConfig.ReadWrite.All |
HTTP Request
POST /deviceManagement/resourceAccessProfiles
Request headers
| Header | Value |
|---|---|
| Authorization | Bearer {token}. Required. Learn more about authentication and authorization. |
| Accept | application/json |
Request body
In the request body, supply a JSON representation for the windows10XSCEPCertificateProfile object.
The following table shows the properties that are required when you create the windows10XSCEPCertificateProfile.
| Property | Type | Description |
|---|---|---|
| id | String | Profile identifier Inherited from deviceManagementResourceAccessProfileBase |
| version | Int32 | Version of the profile Inherited from deviceManagementResourceAccessProfileBase |
| displayName | String | Profile display name Inherited from deviceManagementResourceAccessProfileBase |
| description | String | Profile description Inherited from deviceManagementResourceAccessProfileBase |
| creationDateTime | DateTimeOffset | DateTime profile was created Inherited from deviceManagementResourceAccessProfileBase |
| lastModifiedDateTime | DateTimeOffset | DateTime profile was last modified Inherited from deviceManagementResourceAccessProfileBase |
| roleScopeTagIds | String collection | Scope Tags Inherited from deviceManagementResourceAccessProfileBase |
| serverApplicabilityRules | applicabilityRule collection | The list of Applicability Rules for a Device Configuration Profile Inherited from deviceManagementResourceAccessProfileBase |
| certificateStore | certificateStore | Target store certificate. Possible values are: user, machine. |
| certificateValidityPeriodScale | certificateValidityPeriodScale | Scale for the Certificate Validity Period. Possible values are: days, months, years. |
| certificateValidityPeriodValue | Int32 | Value for the Certificate Validity Period |
| extendedKeyUsages | extendedKeyUsage collection | Extended Key Usage (EKU) settings. |
| hashAlgorithm | hashAlgorithms collection | SCEP Hash Algorithm. Possible values are: sha1, sha2. |
| keySize | keySize | SCEP Key Size. Possible values are: size1024, size2048, size4096. |
| keyStorageProvider | keyStorageProviderOption | Key Storage Provider (KSP). Possible values are: useTpmKspOtherwiseUseSoftwareKsp, useTpmKspOtherwiseFail, usePassportForWorkKspOtherwiseFail, useSoftwareKsp. |
| keyUsage | keyUsages | SCEP Key Usage. Possible values are: keyEncipherment, digitalSignature. |
| renewalThresholdPercentage | Int32 | Certificate renewal threshold percentage |
| rootCertificateId | Guid | Trusted Root Certificate ID |
| scepServerUrls | String collection | SCEP Server Url(s). |
| subjectAlternativeNameFormats | windows10XCustomSubjectAlternativeName collection | Custom AAD Attributes. |
| subjectNameFormatString | String | Custom format to use with SubjectNameFormat = Custom. Example: CN={{EmailAddress}},E={{EmailAddress}},OU=Enterprise Users,O=Contoso Corporation,L=Redmond,ST=WA,C=US |
Response
If successful, this method returns a 201 Created response code and a windows10XSCEPCertificateProfile object in the response body.
Example
Request
Here is an example of the request.
POST https://graph.microsoft.com/beta/deviceManagement/resourceAccessProfiles
Content-type: application/json
Content-length: 1321
{
"@odata.type": "#microsoft.graph.windows10XSCEPCertificateProfile",
"version": 7,
"displayName": "Display Name value",
"description": "Description value",
"creationDateTime": "2017-01-01T00:00:43.1365422-08:00",
"roleScopeTagIds": [
"Role Scope Tag Ids value"
],
"serverApplicabilityRules": [
{
"@odata.type": "microsoft.graph.applicabilityRule",
"filterType": "include"
}
],
"certificateStore": "machine",
"certificateValidityPeriodScale": "months",
"certificateValidityPeriodValue": 14,
"extendedKeyUsages": [
{
"@odata.type": "microsoft.graph.extendedKeyUsage",
"name": "Name value",
"objectIdentifier": "Object Identifier value"
}
],
"hashAlgorithm": [
"sha2"
],
"keySize": "size2048",
"keyStorageProvider": "useTpmKspOtherwiseFail",
"keyUsage": "digitalSignature",
"renewalThresholdPercentage": 10,
"rootCertificateId": "ed919bbc-9bbc-ed91-bc9b-91edbc9b91ed",
"scepServerUrls": [
"Scep Server Urls value"
],
"subjectAlternativeNameFormats": [
{
"@odata.type": "microsoft.graph.windows10XCustomSubjectAlternativeName",
"sanType": "emailAddress",
"name": "Name value"
}
],
"subjectNameFormatString": "Subject Name Format String value"
}
Response
Here is an example of the response. Note: The response object shown here may be truncated for brevity. All of the properties will be returned from an actual call.
HTTP/1.1 201 Created
Content-Type: application/json
Content-Length: 1434
{
"@odata.type": "#microsoft.graph.windows10XSCEPCertificateProfile",
"id": "d174d58e-d58e-d174-8ed5-74d18ed574d1",
"version": 7,
"displayName": "Display Name value",
"description": "Description value",
"creationDateTime": "2017-01-01T00:00:43.1365422-08:00",
"lastModifiedDateTime": "2017-01-01T00:00:35.1329464-08:00",
"roleScopeTagIds": [
"Role Scope Tag Ids value"
],
"serverApplicabilityRules": [
{
"@odata.type": "microsoft.graph.applicabilityRule",
"filterType": "include"
}
],
"certificateStore": "machine",
"certificateValidityPeriodScale": "months",
"certificateValidityPeriodValue": 14,
"extendedKeyUsages": [
{
"@odata.type": "microsoft.graph.extendedKeyUsage",
"name": "Name value",
"objectIdentifier": "Object Identifier value"
}
],
"hashAlgorithm": [
"sha2"
],
"keySize": "size2048",
"keyStorageProvider": "useTpmKspOtherwiseFail",
"keyUsage": "digitalSignature",
"renewalThresholdPercentage": 10,
"rootCertificateId": "ed919bbc-9bbc-ed91-bc9b-91edbc9b91ed",
"scepServerUrls": [
"Scep Server Urls value"
],
"subjectAlternativeNameFormats": [
{
"@odata.type": "microsoft.graph.windows10XCustomSubjectAlternativeName",
"sanType": "emailAddress",
"name": "Name value"
}
],
"subjectNameFormatString": "Subject Name Format String value"
}