merge conflict

Author: AshleyYangSZ

api-reference/beta/api/accesspackage-delete-accesspackageresourcerolescopes.md

@@ -1,6 +1,6 @@
 ---
 title: "Remove resourceRoleScope from an access package"
-description: "Remove a resourceRoleScope from an access package."
+description: "Remove an accessPackageResourceRoleScope from an accessPackage list of resource role scopes."
 ms.localizationpriority: medium
 author: "markwahl-msft"
 ms.subservice: "entra-id-governance"
@@ -13,7 +13,7 @@ Namespace: microsoft.graph
 
 [!INCLUDE [beta-disclaimer](../../includes/beta-disclaimer.md)]
 
-Remove a [accessPackageResourceRoleScope](../resources/accesspackageresourcerolescope.md) from an [accessPackage](../resources/accesspackage.md) list of resource role scopes.
+Remove an [accessPackageResourceRoleScope](../resources/accesspackageresourcerolescope.md) from an [accessPackage](../resources/accesspackage.md) list of resource role scopes.
 
 [!INCLUDE [national-cloud-support](../../includes/global-us.md)]
 

api-reference/beta/api/appcredentialsigninactivity-get.md

@@ -24,6 +24,8 @@ Choose the permission or permissions marked as least privileged for this API. Us
 <!-- { "blockType": "permissions", "name": "appcredentialsigninactivity_get" } -->
 [!INCLUDE [permissions-table](../includes/permissions/appcredentialsigninactivity-get-permissions.md)]
 
+[!INCLUDE [rbac-usage-insights-apis](../includes/rbac-for-apis/rbac-usage-insights-apis.md)]
+
 ## HTTP request
 
 <!-- { "blockType": "ignored" } -->

api-reference/beta/api/applicationsignindetailedsummary-get.md

@@ -23,6 +23,8 @@ Choose the permission or permissions marked as least privileged for this API. Us
 <!-- { "blockType": "permissions", "name": "applicationsignindetailedsummary_get" } -->
 [!INCLUDE [permissions-table](../includes/permissions/applicationsignindetailedsummary-get-permissions.md)]
 
+[!INCLUDE [rbac-usage-insights-apis](../includes/rbac-for-apis/rbac-usage-insights-apis.md)]
+
 ## HTTP request
 <!-- { "blockType": "ignored" } -->
 ``` http

api-reference/beta/api/appmanagementpolicy-post.md

@@ -43,6 +43,7 @@ POST /policies/appManagementPolicies
 
 > [!IMPORTANT]
 > Service principals with a createdDateTime `null` are treated as having being created on 01/01/2019.
+
 ## Request body
 
 In the request body, supply a JSON representation of the [appManagementPolicy](../resources/appmanagementpolicy.md) object.
@@ -53,7 +54,7 @@ You can specify the following properties when creating an **appManagementPolicy*
 | :----------- | :---------------------------------------------------------- | :--------------------------------------------------------------------- |
 | displayName  | String                                                      | The display name of the policy. Required.                                       |
 | description  | String                                                      | The description of the policy. Required.                                       |
-| isEnabled    | Boolean                                                     | Denotes whether the policy is enabled.  Optional.                                    |
+| isEnabled    | Boolean                                                     | Denotes whether the policy is enabled. Optional.                                    |
 | restrictions | [appManagementConfiguration](../resources/appManagementConfiguration.md) | Restrictions that apply to an application or service principal object. Optional. |
 
 ## Response
@@ -67,9 +68,10 @@ If successful, this method returns a `201 Created` response code with the new [a
 The following example shows a request. This request created an app management policy with the following settings:
 
 - Enables the policy.
-- Blocks creating of new passwords for applications and service principals created on or after 2019-10-19 at 10:37 AM UTC time.
-- Enforces lifetime on password secrets and key credentials for applications created on or after 2014-10-19 at 10:37 AM UTC time.
-- Limits password secrets for apps and service principals created after 2019-10-19 at 10:37 AM UTC time to less than 4 days, 12 hours, 30 minutes and 5 seconds.
+- Blocks creating of new passwords for applications and service principals created on or after October 19th 2019 at 10:37 AM UTC time.
+- Limits password secrets for apps and service principals created after October 19th 2014 at 10:37 AM UTC time to less than 90 days.
+- Disables the nonDefaultUriAddition restriction. This means that apps with this policy applied to them can add new nondefault identifier URIs to their apps, even if the tenant default policy typically blocks it.
+- Doesn't specify any other restrictions. This means that the behavior for those restrictions on apps/service principals with this policy applied falls back to however the tenant default policy is configured.
 
 
 # [HTTP](#tab/http)
@@ -89,45 +91,35 @@ POST https://graph.microsoft.com/beta/policies/appManagementPolicies
         "passwordCredentials": [
             {
                 "restrictionType": "passwordAddition",
+                "state": "enabled",
                 "maxLifetime": null,
                 "restrictForAppsCreatedAfterDateTime": "2019-10-19T10:37:00Z"
             },
             {
                 "restrictionType": "passwordLifetime",
+                "state": "enabled",
                 "maxLifetime": "P90D",
                 "restrictForAppsCreatedAfterDateTime": "2014-10-19T10:37:00Z"
             },
             {
                 "restrictionType": "symmetricKeyAddition",
+                "state": "enabled",
                 "maxLifetime": null,
                 "restrictForAppsCreatedAfterDateTime": "2019-10-19T10:37:00Z"
             },
             {
                 "restrictionType": "symmetricKeyLifetime",
-                "maxLifetime": "P30D",
-                "restrictForAppsCreatedAfterDateTime": "2014-10-19T10:37:00Z"
-            }
-        ],
-        "keyCredentials": [
-            {
-                "restrictionType": "asymmetricKeyLifetime",
+                "state": "enabled",
                 "maxLifetime": "P90D",
                 "restrictForAppsCreatedAfterDateTime": "2014-10-19T10:37:00Z"
-            },
-            {
-                "restrictionType": "trustedCertificateAuthority",
-                "restrictForAppsCreatedAfterDateTime": "2019-10-19T10:37:00Z",
-                "certificateBasedApplicationConfigurationIds": [
-                    "eec5ba11-2fc0-4113-83a2-ed986ed13743",
-                    "bb8e164b-f9ed-4b98-bc45-65eddc14f4c1"
-                ],
-                "maxLifetime": null
             }
         ],
+        "keyCredentials": [],
         "applicationRestrictions": {
             "identifierUris": {
                 "nonDefaultUriAddition": {
-                    "restrictForAppsCreatedAfterDateTime": "2024-01-01T10:37:00Z",
+                    "state": "disabled",
+                    "restrictForAppsCreatedAfterDateTime": null,
                     "excludeAppsReceivingV2Tokens": true,
                     "excludeSaml": true
                 }
@@ -186,6 +178,7 @@ The following example shows the response.
 HTTP/1.1 200 OK
 Content-type: application/json
 
+
 {
     "@odata.context": "https://graph.microsoft.com/beta/$metadata#policies/appManagementPolicies/$entity",
     "id": "a4ab1ed9-46bb-4bef-88d4-86fd6398dd5d",
@@ -196,15 +189,40 @@ Content-type: application/json
         "passwordCredentials": [
             {
                 "restrictionType": "passwordAddition",
+                "state": "enabled",
                 "maxLifetime": null,
                 "restrictForAppsCreatedAfterDateTime": "2019-10-19T10:37:00Z"
             },
             {
                 "restrictionType": "passwordLifetime",
+                "state": "enabled",
                 "maxLifetime": "P90D",
                 "restrictForAppsCreatedAfterDateTime": "2018-10-19T10:37:00Z"
+            },
+            {
+                "restrictionType": "symmetricKeyAddition",
+                "state": "enabled",
+                "maxLifetime": null,
+                "restrictForAppsCreatedAfterDateTime": "2019-10-19T10:37:00Z"
+            },
+            {
+                "restrictionType": "symmetricKeyLifetime",
+                "state": "enabled",
+                "maxLifetime": "P90D",
+                "restrictForAppsCreatedAfterDateTime": "2014-10-19T10:37:00Z"
             }
-        ]
+        ],
+        "keyCredentials": [],
+        "applicationRestrictions": {
+            "identifierUris": {
+                "nonDefaultUriAddition": {
+                    "state": "disabled",
+                    "restrictForAppsCreatedAfterDateTime": null,
+                    "excludeAppsReceivingV2Tokens": true,
+                    "excludeSaml": true
+                }
+            }
+        }
     }
 }
 ```

api-reference/beta/api/azureadauthentication-get.md

@@ -22,12 +22,7 @@ Choose the permission or permissions marked as least privileged for this API. Us
 <!-- { "blockType": "permissions", "name": "azureadauthentication_get" } -->
 [!INCLUDE [permissions-table](../includes/permissions/azureadauthentication-get-permissions.md)]
 
-For delegated scenarios, the calling user needs to belong to at least one of the following [Microsoft Entra roles](/entra/identity/role-based-access-control/permissions-reference?toc=%2Fgraph%2Ftoc.json):
-+ Global Reader
-+ Reports Reader
-+ Security Administrator
-+ Security Operator
-+ Security Reader
+[!INCLUDE [rbac-entra-health-service-activity-apis](../includes/rbac-for-apis/rbac-entra-health-service-activity-apis.md)]
 
 ## HTTP request
 

api-reference/beta/api/certificateauthoritydetail-get.md

@@ -0,0 +1,103 @@
+---
+title: "Get certificateAuthorityDetail"
+description: "Read the properties and relationships of a certificateAuthorityDetail object."
+author: "suawat"
+ms.localizationpriority: medium
+ms.subservice: "entra-sign-in"
+doc_type: apiPageType
+---
+
+# Get certificateAuthorityDetail
+
+Namespace: microsoft.graph
+
+[!INCLUDE [beta-disclaimer](../../includes/beta-disclaimer.md)]
+
+Read the properties and relationships of a [certificateAuthorityDetail](../resources/certificateauthoritydetail.md) object.
+
+## Permissions
+
+Choose the permission or permissions marked as least privileged for this API. Use a higher privileged permission or permissions [only if your app requires it](/graph/permissions-overview#best-practices-for-using-microsoft-graph-permissions). For details about delegated and application permissions, see [Permission types](/graph/permissions-overview#permission-types). To learn more about these permissions, see the [permissions reference](/graph/permissions-reference).
+
+<!-- { "blockType": "permissions", "name": "certificateauthoritydetail_get" } -->
+[!INCLUDE [permissions-table](../includes/permissions/certificateauthoritydetail-get-permissions.md)]
+
+[!INCLUDE [rbac-cert-based-authpkis-apis](../includes/rbac-for-apis/rbac-cert-based-authpkis-apis.md)]
+
+## HTTP request
+
+<!-- {
+  "blockType": "ignored"
+}
+-->
+
+``` http
+GET /directory/publicKeyInfrastructure/certificateBasedAuthConfigurations/{certificateBasedAuthPkiId}/certificateAuthorities/{certificateAuthorityDetailId}
+```
+
+## Optional query parameters
+
+This method supports the `$select` OData query parameter to help customize the response. For general information, see [OData query parameters](/graph/query-parameters).
+
+## Request headers
+
+|Name|Description|
+|:---|:---|
+|Authorization|Bearer {token}. Required. Learn more about [authentication and authorization](/graph/auth/auth-concepts).|
+
+## Request body
+
+Don't supply a request body for this method.
+
+## Response
+
+If successful, this method returns a `200 OK` response code and a [certificateAuthorityDetail](../resources/certificateauthoritydetail.md) object in the response body.
+
+## Examples
+
+### Request
+
+The following example shows a request.
+<!-- {
+  "blockType": "request",
+  "name": "get_certificateauthoritydetail"
+}
+-->
+``` http
+GET https://graph.microsoft.com/beta/directory/publicKeyInfrastructure/certificateBasedAuthConfigurations/{certificateBasedAuthPkiId}/certificateAuthorities/{certificateAuthorityDetailId}
+```
+
+
+### Response
+
+The following example shows the response.
+>**Note:** The response object shown here might be shortened for readability.
+<!-- {
+  "blockType": "response",
+  "truncated": true,
+  "@odata.type": "microsoft.graph.certificateAuthorityDetail"
+}
+-->
+``` http
+HTTP/1.1 200 OK
+Content-Type: application/json
+
+{
+  "value": {
+    "@odata.type": "#microsoft.graph.certificateAuthorityDetail",
+    "id": "90777c92-2eb3-4a68-931d-4a3e1e1c741f",
+    "deletedDateTime": null,
+    "certificateAuthorityType": "root",
+    "certificate": "Binary",
+    "displayName": "Contoso2 CA1",
+    "issuer": "Contoso2",
+    "issuerSubjectKeyIdentifier": "C0E9....711A",
+    "createdDateTime": "2024-10-25T18:05:28Z",
+    "expirationDateTime": "2027-08-29T02:05:57Z",
+    "thumbprint": "C6FA....4E9CF2",
+    "certificateRevocationListUrl": null,
+    "deltacertificateRevocationListUrl": null,
+    "isIssuerHintEnabled": true
+  }
+}
+```