Merge branch 'user/satpatel/docChangesRS' of https://github.com/microsoftgraph/microsoft-graph-docs into user/satpatel/docChangesRS

Author: satpatel1

api-reference/beta/api/accesspackage-list-accesspackageresourcerolescopes.md

@@ -1,6 +1,6 @@
 ---
 title: "List accessPackageResourceRoleScopes"
-description: "Retrieve a list of accesspackageresourcerolescope objects."
+description: "Retrieve an access package with a list of accessPackageResourceRoleScope objects."
 ms.localizationpriority: medium
 author: "markwahl-msft"
 ms.subservice: "entra-id-governance"

api-reference/beta/api/accesspackagecatalog-list-accesspackageresourceroles.md

@@ -1,6 +1,6 @@
 ---
 title: "List accessPackageResourceRoles"
-description: "Retrieve a list of accessPackageResourceRole objects."
+description: "Retrieve a list of accessPackageResourceRole objects of an accessPackageResource in an accessPackageCatalog."
 ms.localizationpriority: medium
 author: "markwahl-msft"
 ms.subservice: "entra-id-governance"
@@ -132,9 +132,9 @@ Content-type: application/json
 }
 ```
 
-### Example 2: Retrieve the roles of a resource for a SharePoint Online site
+### Example 2: Retrieve the roles of a resource for a SharePoint site
 
-This is an example of retrieving the roles of a resource, to obtain the **originId** of each role.  This would be used after a SharePoint Online site has been added as a resource to the catalog, as the **originId** of a SharePoint site role, the sequence number of the role in the site, is needed to add the role to an access package.
+The following example shows how to retrieve the roles of a resource, to obtain the **originId** of each role. This would be used after a SharePoint site has been added as a resource to the catalog, as the **originId** of a SharePoint site role, the sequence number of the role in the site, is needed to add the role to an access package.
 
 #### Request
 
@@ -188,7 +188,7 @@ GET https://graph.microsoft.com/beta/identityGovernance/entitlementManagement/ac
 
 #### Response
 
-The following example shows the response.  The **displayName** is the same as shown in the SharePoint Online view of a site, and the **originId** is the underlying identifier established by SharePoint Online for the role.
+The following example shows the response. The **displayName** is the same as shown in the SharePoint view of a site, and the **originId** is the underlying identifier established by SharePoint for the role.
 
 > **Note:** The response object shown here might be shortened for readability.
 

api-reference/beta/api/accesspackagecatalog-list-accesspackageresources.md

@@ -1,6 +1,6 @@
 ---
 title: "List accessPackageResources"
-description: "Retrieve a list of accesspackageresource objects."
+description: "Retrieve a list of accessPackageResource objects in an accessPackageCatalog."
 ms.localizationpriority: medium
 author: "markwahl-msft"
 ms.subservice: "entra-id-governance"

api-reference/beta/api/appmanagementpolicy-post.md

@@ -43,6 +43,7 @@ POST /policies/appManagementPolicies
 
 > [!IMPORTANT]
 > Service principals with a createdDateTime `null` are treated as having being created on 01/01/2019.
+
 ## Request body
 
 In the request body, supply a JSON representation of the [appManagementPolicy](../resources/appmanagementpolicy.md) object.
@@ -53,7 +54,7 @@ You can specify the following properties when creating an **appManagementPolicy*
 | :----------- | :---------------------------------------------------------- | :--------------------------------------------------------------------- |
 | displayName  | String                                                      | The display name of the policy. Required.                                       |
 | description  | String                                                      | The description of the policy. Required.                                       |
-| isEnabled    | Boolean                                                     | Denotes whether the policy is enabled.  Optional.                                    |
+| isEnabled    | Boolean                                                     | Denotes whether the policy is enabled. Optional.                                    |
 | restrictions | [appManagementConfiguration](../resources/appManagementConfiguration.md) | Restrictions that apply to an application or service principal object. Optional. |
 
 ## Response
@@ -67,9 +68,10 @@ If successful, this method returns a `201 Created` response code with the new [a
 The following example shows a request. This request created an app management policy with the following settings:
 
 - Enables the policy.
-- Blocks creating of new passwords for applications and service principals created on or after 2019-10-19 at 10:37 AM UTC time.
-- Enforces lifetime on password secrets and key credentials for applications created on or after 2014-10-19 at 10:37 AM UTC time.
-- Limits password secrets for apps and service principals created after 2019-10-19 at 10:37 AM UTC time to less than 4 days, 12 hours, 30 minutes and 5 seconds.
+- Blocks creating of new passwords for applications and service principals created on or after October 19th 2019 at 10:37 AM UTC time.
+- Limits password secrets for apps and service principals created after October 19th 2014 at 10:37 AM UTC time to less than 90 days.
+- Disables the nonDefaultUriAddition restriction. This means that apps with this policy applied to them can add new nondefault identifier URIs to their apps, even if the tenant default policy typically blocks it.
+- Doesn't specify any other restrictions. This means that the behavior for those restrictions on apps/service principals with this policy applied falls back to however the tenant default policy is configured.
 
 
 # [HTTP](#tab/http)
@@ -89,45 +91,35 @@ POST https://graph.microsoft.com/beta/policies/appManagementPolicies
         "passwordCredentials": [
             {
                 "restrictionType": "passwordAddition",
+                "state": "enabled",
                 "maxLifetime": null,
                 "restrictForAppsCreatedAfterDateTime": "2019-10-19T10:37:00Z"
             },
             {
                 "restrictionType": "passwordLifetime",
+                "state": "enabled",
                 "maxLifetime": "P90D",
                 "restrictForAppsCreatedAfterDateTime": "2014-10-19T10:37:00Z"
             },
             {
                 "restrictionType": "symmetricKeyAddition",
+                "state": "enabled",
                 "maxLifetime": null,
                 "restrictForAppsCreatedAfterDateTime": "2019-10-19T10:37:00Z"
             },
             {
                 "restrictionType": "symmetricKeyLifetime",
-                "maxLifetime": "P30D",
-                "restrictForAppsCreatedAfterDateTime": "2014-10-19T10:37:00Z"
-            }
-        ],
-        "keyCredentials": [
-            {
-                "restrictionType": "asymmetricKeyLifetime",
+                "state": "enabled",
                 "maxLifetime": "P90D",
                 "restrictForAppsCreatedAfterDateTime": "2014-10-19T10:37:00Z"
-            },
-            {
-                "restrictionType": "trustedCertificateAuthority",
-                "restrictForAppsCreatedAfterDateTime": "2019-10-19T10:37:00Z",
-                "certificateBasedApplicationConfigurationIds": [
-                    "eec5ba11-2fc0-4113-83a2-ed986ed13743",
-                    "bb8e164b-f9ed-4b98-bc45-65eddc14f4c1"
-                ],
-                "maxLifetime": null
             }
         ],
+        "keyCredentials": [],
         "applicationRestrictions": {
             "identifierUris": {
                 "nonDefaultUriAddition": {
-                    "restrictForAppsCreatedAfterDateTime": "2024-01-01T10:37:00Z",
+                    "state": "disabled",
+                    "restrictForAppsCreatedAfterDateTime": null,
                     "excludeAppsReceivingV2Tokens": true,
                     "excludeSaml": true
                 }
@@ -186,6 +178,7 @@ The following example shows the response.
 HTTP/1.1 200 OK
 Content-type: application/json
 
+
 {
     "@odata.context": "https://graph.microsoft.com/beta/$metadata#policies/appManagementPolicies/$entity",
     "id": "a4ab1ed9-46bb-4bef-88d4-86fd6398dd5d",
@@ -196,15 +189,40 @@ Content-type: application/json
         "passwordCredentials": [
             {
                 "restrictionType": "passwordAddition",
+                "state": "enabled",
                 "maxLifetime": null,
                 "restrictForAppsCreatedAfterDateTime": "2019-10-19T10:37:00Z"
             },
             {
                 "restrictionType": "passwordLifetime",
+                "state": "enabled",
                 "maxLifetime": "P90D",
                 "restrictForAppsCreatedAfterDateTime": "2018-10-19T10:37:00Z"
+            },
+            {
+                "restrictionType": "symmetricKeyAddition",
+                "state": "enabled",
+                "maxLifetime": null,
+                "restrictForAppsCreatedAfterDateTime": "2019-10-19T10:37:00Z"
+            },
+            {
+                "restrictionType": "symmetricKeyLifetime",
+                "state": "enabled",
+                "maxLifetime": "P90D",
+                "restrictForAppsCreatedAfterDateTime": "2014-10-19T10:37:00Z"
             }
-        ]
+        ],
+        "keyCredentials": [],
+        "applicationRestrictions": {
+            "identifierUris": {
+                "nonDefaultUriAddition": {
+                    "state": "disabled",
+                    "restrictForAppsCreatedAfterDateTime": null,
+                    "excludeAppsReceivingV2Tokens": true,
+                    "excludeSaml": true
+                }
+            }
+        }
     }
 }
 ```

api-reference/beta/api/authorizationpolicy-get.md

@@ -25,6 +25,8 @@ Choose the permission or permissions marked as least privileged for this API. Us
 <!-- { "blockType": "permissions", "name": "authorizationpolicy_get" } -->
 [!INCLUDE [permissions-table](../includes/permissions/authorizationpolicy-get-permissions.md)]
 
+[!INCLUDE [rbac-authorization-policy-apis-read](../includes/rbac-for-apis/rbac-authorization-policy-apis-read.md)]
+
 ## HTTP request
 
 <!-- { "blockType": "ignored" } -->

api-reference/beta/api/authorizationpolicy-update.md

@@ -25,7 +25,7 @@ Choose the permission or permissions marked as least privileged for this API. Us
 <!-- { "blockType": "permissions", "name": "authorizationpolicy_update" } -->
 [!INCLUDE [permissions-table](../includes/permissions/authorizationpolicy-update-permissions.md)]
 
-For delegated scenarios, the user needs to have the *Privileged Role Administrator* [Microsoft Entra role](/entra/identity/role-based-access-control/permissions-reference?toc=%2Fgraph%2Ftoc.json).
+[!INCLUDE [rbac-authorization-policy-apis-update](../includes/rbac-for-apis/rbac-authorization-policy-apis-update.md)]
 
 ## HTTP request
 

api-reference/beta/api/azureadauthentication-get.md

@@ -22,12 +22,7 @@ Choose the permission or permissions marked as least privileged for this API. Us
 <!-- { "blockType": "permissions", "name": "azureadauthentication_get" } -->
 [!INCLUDE [permissions-table](../includes/permissions/azureadauthentication-get-permissions.md)]
 
-For delegated scenarios, the calling user needs to belong to at least one of the following [Microsoft Entra roles](/entra/identity/role-based-access-control/permissions-reference?toc=%2Fgraph%2Ftoc.json):
-+ Global Reader
-+ Reports Reader
-+ Security Administrator
-+ Security Operator
-+ Security Reader
+[!INCLUDE [rbac-entra-health-service-activity-apis](../includes/rbac-for-apis/rbac-entra-health-service-activity-apis.md)]
 
 ## HTTP request
 

api-reference/beta/api/certificateauthoritydetail-get.md

@@ -0,0 +1,103 @@
+---
+title: "Get certificateAuthorityDetail"
+description: "Read the properties and relationships of a certificateAuthorityDetail object."
+author: "suawat"
+ms.localizationpriority: medium
+ms.subservice: "entra-sign-in"
+doc_type: apiPageType
+---
+
+# Get certificateAuthorityDetail
+
+Namespace: microsoft.graph
+
+[!INCLUDE [beta-disclaimer](../../includes/beta-disclaimer.md)]
+
+Read the properties and relationships of a [certificateAuthorityDetail](../resources/certificateauthoritydetail.md) object.
+
+## Permissions
+
+Choose the permission or permissions marked as least privileged for this API. Use a higher privileged permission or permissions [only if your app requires it](/graph/permissions-overview#best-practices-for-using-microsoft-graph-permissions). For details about delegated and application permissions, see [Permission types](/graph/permissions-overview#permission-types). To learn more about these permissions, see the [permissions reference](/graph/permissions-reference).
+
+<!-- { "blockType": "permissions", "name": "certificateauthoritydetail_get" } -->
+[!INCLUDE [permissions-table](../includes/permissions/certificateauthoritydetail-get-permissions.md)]
+
+[!INCLUDE [rbac-cert-based-authpkis-apis](../includes/rbac-for-apis/rbac-cert-based-authpkis-apis.md)]
+
+## HTTP request
+
+<!-- {
+  "blockType": "ignored"
+}
+-->
+
+``` http
+GET /directory/publicKeyInfrastructure/certificateBasedAuthConfigurations/{certificateBasedAuthPkiId}/certificateAuthorities/{certificateAuthorityDetailId}
+```
+
+## Optional query parameters
+
+This method supports the `$select` OData query parameter to help customize the response. For general information, see [OData query parameters](/graph/query-parameters).
+
+## Request headers
+
+|Name|Description|
+|:---|:---|
+|Authorization|Bearer {token}. Required. Learn more about [authentication and authorization](/graph/auth/auth-concepts).|
+
+## Request body
+
+Don't supply a request body for this method.
+
+## Response
+
+If successful, this method returns a `200 OK` response code and a [certificateAuthorityDetail](../resources/certificateauthoritydetail.md) object in the response body.
+
+## Examples
+
+### Request
+
+The following example shows a request.
+<!-- {
+  "blockType": "request",
+  "name": "get_certificateauthoritydetail"
+}
+-->
+``` http
+GET https://graph.microsoft.com/beta/directory/publicKeyInfrastructure/certificateBasedAuthConfigurations/{certificateBasedAuthPkiId}/certificateAuthorities/{certificateAuthorityDetailId}
+```
+
+
+### Response
+
+The following example shows the response.
+>**Note:** The response object shown here might be shortened for readability.
+<!-- {
+  "blockType": "response",
+  "truncated": true,
+  "@odata.type": "microsoft.graph.certificateAuthorityDetail"
+}
+-->
+``` http
+HTTP/1.1 200 OK
+Content-Type: application/json
+
+{
+  "value": {
+    "@odata.type": "#microsoft.graph.certificateAuthorityDetail",
+    "id": "90777c92-2eb3-4a68-931d-4a3e1e1c741f",
+    "deletedDateTime": null,
+    "certificateAuthorityType": "root",
+    "certificate": "Binary",
+    "displayName": "Contoso2 CA1",
+    "issuer": "Contoso2",
+    "issuerSubjectKeyIdentifier": "C0E9....711A",
+    "createdDateTime": "2024-10-25T18:05:28Z",
+    "expirationDateTime": "2027-08-29T02:05:57Z",
+    "thumbprint": "C6FA....4E9CF2",
+    "certificateRevocationListUrl": null,
+    "deltacertificateRevocationListUrl": null,
+    "isIssuerHintEnabled": true
+  }
+}
+```