Merge branch 'main' into surabhi-calla-windowsupdates-hotpatchupdate

Author: Lauragra

api-reference/beta/api/accesspackage-list-accesspackageresourcerolescopes.md

@@ -1,6 +1,6 @@
 ---
 title: "List accessPackageResourceRoleScopes"
-description: "Retrieve a list of accesspackageresourcerolescope objects."
+description: "Retrieve an access package with a list of accessPackageResourceRoleScope objects."
 ms.localizationpriority: medium
 author: "markwahl-msft"
 ms.subservice: "entra-id-governance"

api-reference/beta/api/accesspackagecatalog-list-accesspackageresourceroles.md

@@ -1,6 +1,6 @@
 ---
 title: "List accessPackageResourceRoles"
-description: "Retrieve a list of accessPackageResourceRole objects."
+description: "Retrieve a list of accessPackageResourceRole objects of an accessPackageResource in an accessPackageCatalog."
 ms.localizationpriority: medium
 author: "markwahl-msft"
 ms.subservice: "entra-id-governance"
@@ -132,9 +132,9 @@ Content-type: application/json
 }
 ```
 
-### Example 2: Retrieve the roles of a resource for a SharePoint Online site
+### Example 2: Retrieve the roles of a resource for a SharePoint site
 
-This is an example of retrieving the roles of a resource, to obtain the **originId** of each role.  This would be used after a SharePoint Online site has been added as a resource to the catalog, as the **originId** of a SharePoint site role, the sequence number of the role in the site, is needed to add the role to an access package.
+The following example shows how to retrieve the roles of a resource, to obtain the **originId** of each role. This would be used after a SharePoint site has been added as a resource to the catalog, as the **originId** of a SharePoint site role, the sequence number of the role in the site, is needed to add the role to an access package.
 
 #### Request
 
@@ -188,7 +188,7 @@ GET https://graph.microsoft.com/beta/identityGovernance/entitlementManagement/ac
 
 #### Response
 
-The following example shows the response.  The **displayName** is the same as shown in the SharePoint Online view of a site, and the **originId** is the underlying identifier established by SharePoint Online for the role.
+The following example shows the response. The **displayName** is the same as shown in the SharePoint view of a site, and the **originId** is the underlying identifier established by SharePoint for the role.
 
 > **Note:** The response object shown here might be shortened for readability.
 

api-reference/beta/api/accesspackagecatalog-list-accesspackageresources.md

@@ -1,6 +1,6 @@
 ---
 title: "List accessPackageResources"
-description: "Retrieve a list of accesspackageresource objects."
+description: "Retrieve a list of accessPackageResource objects in an accessPackageCatalog."
 ms.localizationpriority: medium
 author: "markwahl-msft"
 ms.subservice: "entra-id-governance"

api-reference/beta/api/authorizationpolicy-get.md

@@ -25,6 +25,8 @@ Choose the permission or permissions marked as least privileged for this API. Us
 <!-- { "blockType": "permissions", "name": "authorizationpolicy_get" } -->
 [!INCLUDE [permissions-table](../includes/permissions/authorizationpolicy-get-permissions.md)]
 
+[!INCLUDE [rbac-authorization-policy-apis-read](../includes/rbac-for-apis/rbac-authorization-policy-apis-read.md)]
+
 ## HTTP request
 
 <!-- { "blockType": "ignored" } -->

api-reference/beta/api/authorizationpolicy-update.md

@@ -25,7 +25,7 @@ Choose the permission or permissions marked as least privileged for this API. Us
 <!-- { "blockType": "permissions", "name": "authorizationpolicy_update" } -->
 [!INCLUDE [permissions-table](../includes/permissions/authorizationpolicy-update-permissions.md)]
 
-For delegated scenarios, the user needs to have the *Privileged Role Administrator* [Microsoft Entra role](/entra/identity/role-based-access-control/permissions-reference?toc=%2Fgraph%2Ftoc.json).
+[!INCLUDE [rbac-authorization-policy-apis-update](../includes/rbac-for-apis/rbac-authorization-policy-apis-update.md)]
 
 ## HTTP request
 

api-reference/beta/api/azureadauthentication-get.md

@@ -22,12 +22,7 @@ Choose the permission or permissions marked as least privileged for this API. Us
 <!-- { "blockType": "permissions", "name": "azureadauthentication_get" } -->
 [!INCLUDE [permissions-table](../includes/permissions/azureadauthentication-get-permissions.md)]
 
-For delegated scenarios, the calling user needs to belong to at least one of the following [Microsoft Entra roles](/entra/identity/role-based-access-control/permissions-reference?toc=%2Fgraph%2Ftoc.json):
-+ Global Reader
-+ Reports Reader
-+ Security Administrator
-+ Security Operator
-+ Security Reader
+[!INCLUDE [rbac-entra-health-service-activity-apis](../includes/rbac-for-apis/rbac-entra-health-service-activity-apis.md)]
 
 ## HTTP request
 

api-reference/beta/api/certificateauthoritydetail-get.md

@@ -0,0 +1,103 @@
+---
+title: "Get certificateAuthorityDetail"
+description: "Read the properties and relationships of a certificateAuthorityDetail object."
+author: "suawat"
+ms.localizationpriority: medium
+ms.subservice: "entra-sign-in"
+doc_type: apiPageType
+---
+
+# Get certificateAuthorityDetail
+
+Namespace: microsoft.graph
+
+[!INCLUDE [beta-disclaimer](../../includes/beta-disclaimer.md)]
+
+Read the properties and relationships of a [certificateAuthorityDetail](../resources/certificateauthoritydetail.md) object.
+
+## Permissions
+
+Choose the permission or permissions marked as least privileged for this API. Use a higher privileged permission or permissions [only if your app requires it](/graph/permissions-overview#best-practices-for-using-microsoft-graph-permissions). For details about delegated and application permissions, see [Permission types](/graph/permissions-overview#permission-types). To learn more about these permissions, see the [permissions reference](/graph/permissions-reference).
+
+<!-- { "blockType": "permissions", "name": "certificateauthoritydetail_get" } -->
+[!INCLUDE [permissions-table](../includes/permissions/certificateauthoritydetail-get-permissions.md)]
+
+[!INCLUDE [rbac-cert-based-authpkis-apis](../includes/rbac-for-apis/rbac-cert-based-authpkis-apis.md)]
+
+## HTTP request
+
+<!-- {
+  "blockType": "ignored"
+}
+-->
+
+``` http
+GET /directory/publicKeyInfrastructure/certificateBasedAuthConfigurations/{certificateBasedAuthPkiId}/certificateAuthorities/{certificateAuthorityDetailId}
+```
+
+## Optional query parameters
+
+This method supports the `$select` OData query parameter to help customize the response. For general information, see [OData query parameters](/graph/query-parameters).
+
+## Request headers
+
+|Name|Description|
+|:---|:---|
+|Authorization|Bearer {token}. Required. Learn more about [authentication and authorization](/graph/auth/auth-concepts).|
+
+## Request body
+
+Don't supply a request body for this method.
+
+## Response
+
+If successful, this method returns a `200 OK` response code and a [certificateAuthorityDetail](../resources/certificateauthoritydetail.md) object in the response body.
+
+## Examples
+
+### Request
+
+The following example shows a request.
+<!-- {
+  "blockType": "request",
+  "name": "get_certificateauthoritydetail"
+}
+-->
+``` http
+GET https://graph.microsoft.com/beta/directory/publicKeyInfrastructure/certificateBasedAuthConfigurations/{certificateBasedAuthPkiId}/certificateAuthorities/{certificateAuthorityDetailId}
+```
+
+
+### Response
+
+The following example shows the response.
+>**Note:** The response object shown here might be shortened for readability.
+<!-- {
+  "blockType": "response",
+  "truncated": true,
+  "@odata.type": "microsoft.graph.certificateAuthorityDetail"
+}
+-->
+``` http
+HTTP/1.1 200 OK
+Content-Type: application/json
+
+{
+  "value": {
+    "@odata.type": "#microsoft.graph.certificateAuthorityDetail",
+    "id": "90777c92-2eb3-4a68-931d-4a3e1e1c741f",
+    "deletedDateTime": null,
+    "certificateAuthorityType": "root",
+    "certificate": "Binary",
+    "displayName": "Contoso2 CA1",
+    "issuer": "Contoso2",
+    "issuerSubjectKeyIdentifier": "C0E9....711A",
+    "createdDateTime": "2024-10-25T18:05:28Z",
+    "expirationDateTime": "2027-08-29T02:05:57Z",
+    "thumbprint": "C6FA....4E9CF2",
+    "certificateRevocationListUrl": null,
+    "deltacertificateRevocationListUrl": null,
+    "isIssuerHintEnabled": true
+  }
+}
+```

api-reference/beta/api/certificateauthoritydetail-update.md

@@ -0,0 +1,123 @@
+---
+title: "Update certificateAuthorityDetail"
+description: "Update the properties of a certificateAuthorityDetail object."
+author: "suawat"
+ms.localizationpriority: medium
+ms.subservice: "entra-sign-in"
+doc_type: apiPageType
+---
+
+# Update certificateAuthorityDetail
+
+Namespace: microsoft.graph
+
+[!INCLUDE [beta-disclaimer](../../includes/beta-disclaimer.md)]
+
+Update the properties of a [certificateAuthorityDetail](../resources/certificateauthoritydetail.md) object.
+
+## Permissions
+
+Choose the permission or permissions marked as least privileged for this API. Use a higher privileged permission or permissions [only if your app requires it](/graph/permissions-overview#best-practices-for-using-microsoft-graph-permissions). For details about delegated and application permissions, see [Permission types](/graph/permissions-overview#permission-types). To learn more about these permissions, see the [permissions reference](/graph/permissions-reference).
+
+<!-- { "blockType": "permissions", "name": "certificateauthoritydetail_update" } -->
+[!INCLUDE [permissions-table](../includes/permissions/certificateauthoritydetail-update-permissions.md)]
+
+[!INCLUDE [rbac-cert-based-authpkis-apis](../includes/rbac-for-apis/rbac-cert-based-authpkis-apis.md)]
+
+
+## HTTP request
+
+<!-- {
+  "blockType": "ignored"
+}
+-->
+``` http
+PATCH /directory/publicKeyInfrastructure/certificateBasedAuthConfigurations/{certificateBasedAuthPkiId}/certificateAuthorities/{certificateAuthorityDetailId}
+```
+
+## Request headers
+
+|Name|Description|
+|:---|:---|
+|Authorization|Bearer {token}. Required. Learn more about [authentication and authorization](/graph/auth/auth-concepts).|
+|Content-Type|application/json. Required.|
+
+## Request body
+
+[!INCLUDE [table-intro](../../includes/update-property-table-intro.md)]
+
+|Property|Type|Description|
+|:---|:---|:---|
+|certificateAuthorityType|certificateAuthorityType|The type of certificate authority. The possible values are: `root`, `intermediate`, `unknownFutureValue`. |
+|certificate|Binary|The type of certificate authority. Possible values are: `root`, `intermediate`.|
+|displayName|String|The name of the certificate authority. |
+|issuer|String|The issuer of the certificate authority. |
+|issuerSubjectKeyIdentifier|String|The subject key identifier of certificate authority. |
+|createdDateTime|DateTimeOffset|The date and time when the certificate authority was created. |
+|expirationDateTime|DateTimeOffset|The date and time when the certificate authority expires. Required.|
+|thumbprint|String|The thumbprint of certificate authority certificate. Required.|
+|certificateRevocationListUrl|String|The URL to check if the certificate is revoked. |
+|deltacertificateRevocationListUrl|String|The URL to check if the certificate is revoked. |
+|isIssuerHintEnabled|Boolean|Indicates whether the certificate picker presents the certificate authority to the user to use for authentication. Default value is `false`. |
+
+
+
+## Response
+
+If successful, this method returns a `200 OK` response code and an updated [certificateAuthorityDetail](../resources/certificateauthoritydetail.md) object in the response body.
+
+## Examples
+
+### Request
+
+The following example shows a request.
+<!-- {
+  "blockType": "request",
+  "name": "update_certificateauthoritydetail"
+}
+-->
+``` http
+PATCH https://graph.microsoft.com/beta/directory/publicKeyInfrastructure/certificateBasedAuthConfigurations/{certificateBasedAuthPkiId}/certificateAuthorities/{certificateAuthorityDetailId}
+Content-Type: application/json
+
+{
+
+   "isIssuerHintEnabled": true
+   
+}
+```
+
+
+### Response
+
+The following example shows the response.
+>**Note:** The response object shown here might be shortened for readability.
+<!-- {
+  "blockType": "response",
+  "truncated": true,
+  "@odata.type": "microsoft.graph.certificateAuthorityDetail"
+}
+-->
+``` http
+HTTP/1.1 200 OK
+Content-Type: application/json
+
+{
+  "@odata.type": "#microsoft.graph.certificateAuthorityDetail",
+  "id": "90777c92-2eb3-4a68-931d-4a3e1e1c741f",
+  "deletedDateTime": null,
+  "certificateAuthorityType": "root",
+  "certificate": "Binary",
+  "displayName": "Contoso2 CA1",
+  "issuer": "Contoso2",
+  "issuerSubjectKeyIdentifier": "C0E9....711A",
+  "createdDateTime": "2024-10-25T18:05:28Z",
+  "expirationDateTime": "2027-08-29T02:05:57Z",
+  "thumbprint": "C6FA....4E9CF2",
+  "certificateRevocationListUrl": null,
+  "deltacertificateRevocationListUrl": null,
+  "isIssuerHintEnabled": true
+
+}
+```
+

api-reference/v1.0/api/filestorage-delete-deletedcontainers.md renamed to api-reference/beta/api/certificatebasedauthpki-delete-certificateauthorities.md

@@ -1,30 +1,28 @@
 ---
-title: "Remove deleted fileStorageContainer"
-description: "Remove a deleted fileStorageContainer object."
-author: "harmoneddie"
+title: "Delete certificateAuthorityDetail"
+description: "Delete a certificateAuthorityDetail object."
+author: "suawat"
 ms.localizationpriority: medium
-ms.subservice: "onedrive"
+ms.subservice: "entra-sign-in"
 doc_type: apiPageType
 ---
 
-# Remove deleted fileStorageContainer
+# Delete certificateAuthorityDetail
 
 Namespace: microsoft.graph
 
-Permanently remove a [fileStorageContainer](../resources/filestoragecontainer.md) from the deleted container collection. Removing a file storage container with this API permanently removes it from the deleted container collection. Therefore, it can't be restored later. 
+[!INCLUDE [beta-disclaimer](../../includes/beta-disclaimer.md)]
+
+Delete a [certificateAuthorityDetail](../resources/certificateauthoritydetail.md) object.
 
 ## Permissions
 
 Choose the permission or permissions marked as least privileged for this API. Use a higher privileged permission or permissions [only if your app requires it](/graph/permissions-overview#best-practices-for-using-microsoft-graph-permissions). For details about delegated and application permissions, see [Permission types](/graph/permissions-overview#permission-types). To learn more about these permissions, see the [permissions reference](/graph/permissions-reference).
 
-<!-- {
-  "blockType": "permissions",
-  "name": "filestorage-delete-deletedcontainers-permissions"
-}
--->
-[!INCLUDE [permissions-table](../includes/permissions/filestorage-delete-deletedcontainers-permissions.md)]
+<!-- { "blockType": "permissions", "name": "certificatebasedauthpki_delete_certificateauthorities" } -->
+[!INCLUDE [permissions-table](../includes/permissions/certificatebasedauthpki-delete-certificateauthorities-permissions.md)]
 
-[!INCLUDE [app-permissions](../includes/sharepoint-embedded-app-permissions.md)]
+[!INCLUDE [rbac-cert-based-authpkis-apis](../includes/rbac-for-apis/rbac-cert-based-authpkis-apis.md)]
 
 ## HTTP request
 
@@ -33,7 +31,7 @@ Choose the permission or permissions marked as least privileged for this API. Us
 }
 -->
 ``` http
-DELETE /storage/fileStorage/deletedContainers/{containerId}
+DELETE /directory/publicKeyInfrastructure/certificateBasedAuthConfigurations/{certificateBasedAuthPkiId}/certificateAuthorities/{certificateAuthorityDetailId}
 ```
 
 ## Request headers
@@ -55,24 +53,22 @@ If successful, this method returns a `204 No Content` response code.
 ### Request
 
 The following example shows a request.
-
 <!-- {
   "blockType": "request",
-  "name": "remove_deleted_filestoragecontainer"
+  "name": "delete_certificateauthoritydetail"
 }
 -->
 ``` http
-DELETE https://graph.microsoft.com/v1.0/storage/fileStorage/deletedContainers/b!ISJs1WRro0y0EWgkUYcktDa0mE8zSlFEqFzqRn70Zwp1CEtDEBZgQICPkRbil_5Z
+DELETE https://graph.microsoft.com/beta/directory/publicKeyInfrastructure/certificateBasedAuthConfigurations/{certificateBasedAuthPkiId}/certificateAuthorities/{certificateAuthorityDetailId}
 ```
----
+
 
 ### Response
 
 The following example shows the response.
->**Note:** The response object shown here might be shortened for readability.
 <!-- {
   "blockType": "response",
-  "truncated": true,
+  "truncated": true
 }
 -->
 ``` http