Blog Post

Microsoft Entra Blog
3 MIN READ

Azure AD Certificate-Based Authentication now in Public Preview

Alex_Simons's avatar
Alex_Simons
Icon for Microsoft rankMicrosoft
Feb 14, 2022
Howdy folks,  Today I'm very excited to announce the public preview of Azure Active Directory certificate-based authentication (Azure AD CBA) across our commercial and US Government clouds! ...
Updated Feb 11, 2022
Version 1.0
Alex_Simons's avatar
Icon for Microsoft rankMicrosoft
Joined May 01, 2017
View Profile
Microsoft Entra Blog
Stay informed on how to secure access for employees, customers, and non-human identities, from anywhere, to multicloud and on-premises resources, with comprehensive identity and network access solutions powered by AI.
plsfix's avatar
plsfix
Brass Contributor
Nov 08, 2022

MaYnMaN, I had to use PowerShell to set the CertificateUserIds value in the GCC-High environment I tested with last weekend.

 

It really was as simple as 1. Configuring the Root and Intermediate CAs and 2. Setting the CertificateUserIds. Here's the PowerShell to retrieve and set the value for one user.

 

Connect-MgGraph -Environment usgov -Scopes "User.ReadWrite.All"

$upnuser = "email address removed for privacy reasons"
$upncert = "1234567890123456@mil"


## Retrieve Authorization Info
$user = Get-MgUser -UserId $upnuser -Property Id,DisplayName,UserPrincipalName,UserType,AuthorizationInfo
$user | select Id,DisplayName,UserPrincipalName,UserType,@{n="CertificateUserIds";e={$_.AuthorizationInfo.CertificateUserIds}} | ft -AutoSize


## Set Authorization Info
$contenttype = "application/json; charset=utf-8"
$body = @{
    authorizationInfo = @{
        certificateUserIds = @("X509:<PN>{0}" -f $upncert)
    }
} | ConvertTo-Json
$uri = "https://graph.microsoft.us/v1.0/users/{0}" -f $upnuser

Invoke-MgGraphRequest -Method PATCH -Uri $uri -ContentType $contenttype -Body $body