SpiffeTrustDomain.ReadWrite.All

Permission Details

Application Permission

Read and write SPIFFE trust domains and child resources

Allows the app to read and write your organization's SPIFFE trust domains and child resources without a signed in user.

Permission ID: 17b78cfd-eeff-447d-8bab-2795af00055a

Delegated Permission

Read and write SPIFFE trust domains and child resources

Allows the app to read and write your organization's SPIFFE trust domains and child resources on behalf of the user.

Permission ID: 8ba47079-8c47-4bfe-b2ce-13f28ef37247

Properties

Properties metadata is not available for this permission mapping. View on Microsoft Learn

JSON Representation

JSON representation is not available for this permission mapping. View on Microsoft Learn

Relationships

Relationships metadata is not available for this permission mapping.

View resource documentation

Graph Methods

Delegated access App-only access

No Learn or OpenAPI mapping available

Microsoft Graph v1.0 endpoints are not available from refreshed Microsoft Learn or Microsoft Graph OpenAPI metadata for this permission.

No API methods available for this version.

No Learn or OpenAPI mapping available

Microsoft Graph beta endpoints are not available from refreshed Microsoft Learn or Microsoft Graph OpenAPI metadata for this permission.

No API methods available for this version.

No Microsoft Learn PowerShell mapping available

Microsoft Graph PowerShell v1.0 commands are not available from refreshed Microsoft Learn PowerShell snippets for this permission.

No deterministic PowerShell command map is available for this permission.

Browse PowerShell docs

No Microsoft Learn PowerShell mapping available

Microsoft Graph PowerShell beta commands are not available from refreshed Microsoft Learn PowerShell snippets for this permission.

No deterministic PowerShell command map is available for this permission.

Browse PowerShell docs

Code Examples

C# / .NET SDK

using Azure.Identity;
using Microsoft.Graph;

var scopes = new[] { "SpiffeTrustDomain.ReadWrite.All" };
var credential = new InteractiveBrowserCredential(
    new InteractiveBrowserCredentialOptions
    {
        ClientId = "YOUR_CLIENT_ID",
        TenantId = "YOUR_TENANT_ID",
        RedirectUri = new Uri("http://localhost")
    });

var graphClient = new GraphServiceClient(credential, scopes);
var response = await graphClient
    .WithUrl("https://graph.microsoft.com/v1.0/spiffetrustdomain")
    .GetAsync();

JavaScript

import { Client } from "@microsoft/microsoft-graph-client";
import { InteractiveBrowserCredential } from "@azure/identity";

const credential = new InteractiveBrowserCredential({
  clientId: "YOUR_CLIENT_ID",
  tenantId: "YOUR_TENANT_ID",
  redirectUri: "http://localhost"
});

const token = await credential.getToken(["SpiffeTrustDomain.ReadWrite.All"]);
const client = Client.init({
  authProvider: (done) => done(null, token.token)
});

const response = await client.api("/spiffetrustdomain").get();

PowerShell

Connect-MgGraph -Scopes "SpiffeTrustDomain.ReadWrite.All"
Invoke-MgGraphRequest -Method GET -Uri "https://graph.microsoft.com/v1.0/spiffetrustdomain"

Python

from azure.identity import InteractiveBrowserCredential
import requests

credential = InteractiveBrowserCredential(
    client_id="YOUR_CLIENT_ID",
    tenant_id="YOUR_TENANT_ID"
)

token = credential.get_token("SpiffeTrustDomain.ReadWrite.All")
response = requests.get(
    "https://graph.microsoft.com/v1.0/spiffetrustdomain",
    headers={"Authorization": f"Bearer {token.token}"}
)

print(response.json())

App Registration

1

Navigate to Azure Portal

Go to App registrations in Microsoft Entra admin center

2

Add API Permission

Select your app → API permissions → Add a permission → Microsoft Graph

3

Select Permission Type

Choose Application permissions or delegated permissions and search for SpiffeTrustDomain.ReadWrite.All

4

Grant Admin Consent

Application permissions always require admin consent.