microsoftgraph
diff --git a/‎api-reference/beta/api/certificateauthoritypath-list-mutualtlsoauthconfigurations.md
Lines changed: 107 additions & 0 deletions b/‎api-reference/beta/api/certificateauthoritypath-list-mutualtlsoauthconfigurations.md
Lines changed: 107 additions & 0 deletions
diff --git a/‎api-reference/beta/api/certificateauthoritypath-post-mutualtlsoauthconfigurations.md
Lines changed: 120 additions & 0 deletions b/‎api-reference/beta/api/certificateauthoritypath-post-mutualtlsoauthconfigurations.md
Lines changed: 120 additions & 0 deletions
diff --git a/‎api-reference/beta/api/device-update.md
Lines changed: 4 additions & 3 deletions b/‎api-reference/beta/api/device-update.md
Lines changed: 4 additions & 3 deletions
diff --git a/‎api-reference/beta/api/devicetemplate-createdevicefromtemplate.md
Lines changed: 136 additions & 0 deletions b/‎api-reference/beta/api/devicetemplate-createdevicefromtemplate.md
Lines changed: 136 additions & 0 deletions
@@ -0,0 +1,107 @@
+---
+title: "List mutualTlsOauthConfigurations"
+description: "Get a list of the available mutualTlsOauthConfiguration resources."
+author: "sofia-geislinger"
+ms.date: 12/31/2024
+ms.localizationpriority: medium
+ms.subservice: "entra-id"
+doc_type: apiPageType
+---
+
+# List mutualTlsOauthConfigurations
+
+Namespace: microsoft.graph
+
+[!INCLUDE [beta-disclaimer](../../includes/beta-disclaimer.md)]
+
+Get a list of the available [mutualTlsOauthConfiguration](../resources/mutualtlsoauthconfiguration.md) resources.
+
+## Permissions
+
+Choose the permission or permissions marked as least privileged for this API. Use a higher privileged permission or permissions [only if your app requires it](/graph/permissions-overview#best-practices-for-using-microsoft-graph-permissions). For details about delegated and application permissions, see [Permission types](/graph/permissions-overview#permission-types). To learn more about these permissions, see the [permissions reference](/graph/permissions-reference).
+
+<!-- {
+  "blockType": "permissions",
+  "name": "certificateauthoritypath-list-mutualtlsoauthconfigurations-permissions"
+}
+-->
+[!INCLUDE [permissions-table](../includes/permissions/certificateauthoritypath-list-mutualtlsoauthconfigurations-permissions.md)]
+
+[!INCLUDE [rbac-mtlsoauthconfig-apis](../includes/rbac-for-apis/rbac-mtlsoauthconfig-apis.md)]
+
+## HTTP request
+
+<!-- {
+  "blockType": "ignored"
+}
+-->
+``` http
+GET /certificateAuthorities/mutualTlsOauthConfigurations
+```
+
+## Optional query parameters
+
+This method supports the `$count`, `$filter`, and `$select` OData query parameters to help customize the response. For general information, see [OData query parameters](/graph/query-parameters).
+
+## Request headers
+
+|Name|Description|
+|:---|:---|
+|Authorization|Bearer {token}. Required. Learn more about [authentication and authorization](/graph/auth/auth-concepts).|
+
+## Request body
+
+Don't supply a request body for this method.
+
+## Response
+
+If successful, this method returns a `200 OK` response code and a collection of [mutualTlsOauthConfiguration](../resources/mutualtlsoauthconfiguration.md) objects in the response body.
+
+For more information, see [Microsoft Graph error responses and resource types](/graph/errors).
+
+## Examples
+
+### Request
+
+The following example shows a request.
+<!-- {
+  "blockType": "request",
+  "name": "certificateauthoritypath-list-mutualtlsoauthconfigurations-permissions"
+}
+-->
+
+```http
+GET https://graph.microsoft.com/beta/directory/certificateAuthorities/mutualTlsOauthConfigurations
+```
+
+### Response
+
+The following example shows the response.
+>**Note:** The response object shown here might be shortened for readability.
+<!-- {
+  "blockType": "response",
+  "truncated": true,
+  "@odata.type": "Collection(microsoft.graph.mutualTlsOauthConfiguration)"
+}
+-->
+``` http
+HTTP/1.1 200 OK
+Content-Type: application/json
+
+{
+  "@odata.context": "https://graph.microsoft.com/beta/$metadata#directory/certificateAuthorities/mutualTlsOauthConfigurations",
+  "value": [
+    {
+      "id": "a7199212-950f-4a2d-ba1e-017c48da1d19",
+      "deletedDateTime": null,
+      "displayName": "Standard TLS cert config",
+      "tlsClientAuthParameter": "tls_client_auth_san_uri",
+      "certificateAuthorities": [
+        {
+          "@odata.type": "microsoft.graph.certificateAuthority"
+        }
+      ]
+    }
+  ]
+}
+```
@@ -0,0 +1,120 @@
+---
+title: "Create mutualTlsOauthConfiguration"
+description: "Create a mutualTlsOauthConfiguration resource that contains a specified certificate authority object."
+author: "sofia-geislinger"
+ms.date: 12/31/2024
+ms.localizationpriority: medium
+ms.subservice: "entra-id"
+doc_type: apiPageType
+---
+
+# Create mutualTlsOauthConfiguration
+
+Namespace: microsoft.graph
+
+[!INCLUDE [beta-disclaimer](../../includes/beta-disclaimer.md)]
+
+Create a [mutualTlsOauthConfiguration](../resources/mutualtlsoauthconfiguration.md) resource that contains a specified certificate authority object.
+
+## Permissions
+
+Choose the permission or permissions marked as least privileged for this API. Use a higher privileged permission or permissions [only if your app requires it](/graph/permissions-overview#best-practices-for-using-microsoft-graph-permissions). For details about delegated and application permissions, see [Permission types](/graph/permissions-overview#permission-types). To learn more about these permissions, see the [permissions reference](/graph/permissions-reference).
+
+<!-- {
+  "blockType": "permissions",
+  "name": "certificateauthoritypath-post-mutualtlsoauthconfigurations-permissions"
+}
+-->
+[!INCLUDE [permissions-table](../includes/permissions/certificateauthoritypath-post-mutualtlsoauthconfigurations-permissions.md)]
+
+[!INCLUDE [rbac-mtlsoauthconfig-apis](../includes/rbac-for-apis/rbac-mtlsoauthconfig-apis.md)]
+
+## HTTP request
+
+<!-- {
+  "blockType": "ignored"
+}
+-->
+
+``` http
+POST /directory/certificateAuthorities/mutualTlsOauthConfigurations
+```
+
+## Request headers
+
+|Name|Description|
+|:---|:---|
+|Authorization|Bearer {token}. Required. Learn more about [authentication and authorization](/graph/auth/auth-concepts).|
+|Content-Type|application/json. Required.|
+
+## Request body
+
+In the request body, supply a JSON representation of the [mutualTlsOauthConfiguration](../resources/mutualtlsoauthconfiguration.md) object.
+
+You can specify the following properties when you create a **mutualTlsOauthConfiguration**.
+
+|Property|Type|Description|
+|:---|:---|:---|
+|certificateAuthority|[certificateAuthority](../resources/certificateauthority.md) collection | Multi-value property that represents a list of trusted certificate authorities. Optional. |
+|displayName|String|Friendly name. Optional. |
+|tlsClientAuthParameter| tlsClientRegistrationMetadata | Specifies which field in the certificate contains the subject ID. The possible values are: `tls_client_auth_subject_dn`, `tls_client_auth_san_dns`, `tls_client_auth_san_uri`, `tls_client_auth_san_ip`, `tls_client_auth_san_email`, `unknownFutureValue`. Required. Read-only. |
+
+## Response
+
+If successful, this method returns a `201 Created` response code and a [mutualTlsOauthConfiguration](../resources/mutualtlsoauthconfiguration.md) object in the response body. If a validation failure occurs during the certificate validation steps, the method returns a `400 Bad Request` along with the error message, `Invalid value specified for property 'certificate' of resource 'CertificateAuthorityInformation'.`.
+
+For more information, see [Microsoft Graph error responses and resource types](/graph/errors).
+
+## Examples
+
+### Request
+
+The following example shows a request.
+<!-- {
+  "blockType": "request",
+  "name": "create_mutualtlsoauthconfiguration_from_"
+}
+-->
+
+```http
+POST https://graph.microsoft.com/beta/directory/certificateAuthorities/mutualTlsOauthConfigurations
+Content-Type: application/json
+
+{
+  "displayName": "DoorCamera_Model_X_TrustedCAs",
+  "tlsClientAuthParameter": "tls_client_auth_san_uri",
+  "certificateAuthorities": [
+    {
+      "@odata.type": "microsoft.graph.certificateAuthority"
+    }
+  ]
+}
+```
+
+
+### Response
+
+The following example shows the response.
+>**Note:** The response object shown here might be shortened for readability.
+<!-- {
+  "blockType": "response",
+  "truncated": true,
+  "@odata.type": "microsoft.graph.mutualTlsOauthConfiguration"
+}
+-->
+``` http
+HTTP/1.1 201 Created
+Content-Type: application/json
+
+{
+  "@odata.context": "https://graph.microsoft.com/beta/$metadata#directory/certificateAuthorities/mutualTlsOauthConfigurations/$entity",
+  "id":"eec5ba11-2fc0-4113-83a2-ed986ed13cdb",
+  "displayName": "DoorCamera_Model_X_TrustedCAs",
+  "tlsClientAuthParameter": "tls_client_auth_san_uri",
+  "certificateAuthorities": [
+    {
+      "@odata.type": "microsoft.graph.certificateAuthority"
+    }
+  ]
+}
+```
@@ -5,7 +5,7 @@ author: "sandeo-MSFT"
 ms.localizationpriority: medium
 ms.subservice: "entra-directory-management"
 doc_type: apiPageType
-ms.date: 10/25/2024
+ms.date: 12/31/2024
 ---
 
 # Update device
@@ -50,11 +50,12 @@ In the request body, supply the values for the [device](../resources/device.md)
 | Property       | Type    |Description|
 |:---------------|:--------|:----------|
 |accountEnabled|Boolean| `true` if the account is enabled; otherwise, `false`. Only callers with at least the *Cloud Device Administrator* role can update this property. |
-|operatingSystem|String|The type of operating system on the device.|
-|operatingSystemVersion|String|The version of the operating system on the device|
+|alternativeNames|String collection|List of alternative names for the device, for example, `resourceIds`.|
 |displayName|String|The display name for the device.|
 |isCompliant|Boolean|`true` if the device complies with Mobile Device Management (MDM) policies; otherwise, `false`. This can only be updated by Intune for any device OS type or by an [approved MDM app](/windows/client-management/mdm/azure-active-directory-integration-with-mdm) for Windows OS devices. |
 |isManaged|Boolean|`true` if the device is managed by a Mobile Device Management (MDM) app; otherwise, `false`. This can only be updated by Intune for any device OS type or by an [approved MDM app](/windows/client-management/mdm/azure-active-directory-integration-with-mdm) for Windows OS devices. |
+|operatingSystem|String|The type of operating system on the device.|
+|operatingSystemVersion|String|The version of the operating system on the device.|
 
 Since the **device** resource supports [extensions](/graph/extensibility-overview), you can use the `PATCH` operation to 
 add, update, or delete your own app-specific data in custom properties of an extension in an existing **device** instance.
 
@@ -0,0 +1,136 @@
+---
+title: "deviceTemplate: createDeviceFromTemplate"
+description: "Create a new device from a device template."
+author: "atastrophic"
+ms.date: 12/31/2024
+ms.localizationpriority: medium
+ms.subservice: "entra-id"
+doc_type: apiPageType
+---
+
+# deviceTemplate: createDeviceFromTemplate
+
+Namespace: microsoft.graph
+
+[!INCLUDE [beta-disclaimer](../../includes/beta-disclaimer.md)]
+
+Create a new [device](../resources/device.md) from a [deviceTemplate](../resources/devicetemplate.md).
+
+## Permissions
+
+Choose the permission or permissions marked as least privileged for this API. Use a higher privileged permission or permissions [only if your app requires it](/graph/permissions-overview#best-practices-for-using-microsoft-graph-permissions). For details about delegated and application permissions, see [Permission types](/graph/permissions-overview#permission-types). To learn more about these permissions, see the [permissions reference](/graph/permissions-reference).
+
+<!-- {
+  "blockType": "permissions",
+  "name": "devicetemplate-createdevicefromtemplate-permissions"
+}
+-->
+[!INCLUDE [permissions-table](../includes/permissions/devicetemplate-createdevicefromtemplate-permissions.md)]
+
+[!INCLUDE [rbac-devicestemplate-apis](../includes/rbac-for-apis/rbac-devicetemplate-apis.md)]
+> **Note:** Users must be owner of the object.
+
+## HTTP request
+
+<!-- {
+  "blockType": "ignored"
+}
+-->
+``` http
+POST /directory/templates/deviceTemplates/{deviceTemplateId}/createDeviceFromTemplate
+```
+
+## Request headers
+
+|Name|Description|
+|:---|:---|
+|Authorization|Bearer {token}. Required. Learn more about [authentication and authorization](/graph/auth/auth-concepts).|
+|Content-Type|application/json. Required.|
+
+## Request body
+
+In the request body, supply a JSON representation of the parameters.
+
+The following table lists the parameters that you can use when you call this action.
+
+|Parameter|Type|Description|
+|:---|:---|:---|
+| accountEnabled       | Boolean                             | `true` if the account is enabled; otherwise, `false`. The default value is `true`. A disabled device can't authenticate with Microsoft Entra ID. Optional.|
+| alternativeNames     | String collection                   | A collection of ARM resource IDs associated with the device, if any. Optional. |
+| externalDeviceId     | String                              | UUID of the device by IoT registry. Must be unique within a tenant. Required. |
+| externalSourceName   | String                              | Identifies the source name of the device. Optional. |
+| keyCredential        | [keyCredential](../resources/keycredential.md) | The key credential when you use self-signed certificates. Optional. |
+| operatingSystemVersion | String                              | The operating system version of the device specified. Optional. |
+
+## Response
+
+If successful, this action returns a `200 OK` response code and a [device](../resources/device.md) object in the response body.
+
+For more information, see [Microsoft Graph error responses and resource types](/graph/errors).
+
+## Examples
+
+### Request
+
+The following example shows a request.
+<!-- {
+  "blockType": "request",
+  "name": "devicetemplatethis.createdevicefromtemplate"
+}
+-->
+``` http
+POST https://graph.microsoft.com/beta/templates/deviceTemplates/2d62b12a-0163-457d-9796-9602e9807e1/createDeviceFromTemplate
+Content-Type: application/json
+
+{
+  "externalDeviceId": "2fa9424e-7ab0-4a22-8c90-2a20d15d8183",
+  "operatingSystemVersion": "Ubuntu 18.04",
+  "externalSourceName": "unknown",
+  "accountEnabled": false,
+  "alternativeNames": [
+    "/subscriptions/00001111-aaaa-2222-bbbb-3333cccc4444/resourcegroups/testrg/providers/microsoft.deviceregistry/assets/asset1"
+  ]
+}
+```
+
+### Response
+
+The following example shows the response.
+>**Note:** The response object shown here might be shortened for readability.
+<!-- {
+  "blockType": "response",
+  "truncated": true,
+  "@odata.type": "microsoft.graph.device"
+}
+-->
+``` http
+HTTP/1.1 200 OK
+Content-Type: application/json
+
+{
+  "id": "06d59f74-dbf3-432a-9971-c5f60374e4f0",
+  "accountEnabled": false,
+  "alternativeNames": [
+    "/subscriptions/00001111-aaaa-2222-bbbb-3333cccc4444/resourcegroups/testrg/providers/microsoft.deviceregistry/assets/asset1"
+  ],
+  "deviceId": "c6ca2657-8685-4398-9edc-a6a603f177b3",
+  "displayName": "2fa9424e-7ab0-4a22-8c90-2a20d15d8183",
+  "externalSourceName": "unknown",
+  "manufacturer": "IoT Device Template Manufacturer",
+  "model": "IoT Device Template Model",
+  "operatingSystem": "WindowsIoT",
+  "operatingSystemVersion": "Ubuntu 18.04",
+  "physicalIds": [
+    "[EXTID]:2fa9424e-7ab0-4a22-8c90-2a20d15d8183"
+  ],
+  "profileType": "IoT",
+  "sourceType": "External",
+  "alternativeSecurityIds": [
+    {
+      "type": 2,
+      "identityProvider": null,
+      "key": "WAA1ADAAOQA6ADwAVQB..."
+    }
+  ]
+}
+```