Attestation REST API (stable:2025-06-01)

2025/10/10 • 15 updated methods

MetadataConfiguration_Get (updated)
Description Retrieves metadata about the attestation signing keys in use by the attestation service
Reference Link ¶

⚶ Changes

{
  "#id": "MetadataConfiguration_Get",
  "Description": {
    "new": "Retrieves metadata about the attestation signing keys in use by the attestation\nservice",
    "old": "Retrieves metadata about the attestation signing keys in use by the attestation service"
  },
  "$responses": {
    "default": {
      "Description": {
        "new": "A response containing error details.",
        "old": "An error response from Attestation."
      },
      "$properties": [
        {
          "#name": "error",
          "Description": {
            "new": "The error object.",
            "old": "An error response from Attestation."
          },
          "Required": {
            "new": true,
            "old": false
          },
          "$properties": [
            {
              "#name": "code",
              "Description": {
                "new": "One of a server-defined set of error codes.",
                "old": "An identifier for the error. Codes are invariant and are intended to be consumed programmatically."
              },
              "Required": {
                "new": true,
                "old": false
              }
            },
            {
              "#name": "message",
              "Description": {
                "new": "A human-readable representation of the error.",
                "old": "A message describing the error, intended to be suitable for displaying in a user interface."
              },
              "Required": {
                "new": true,
                "old": false
              }
            },
            {
              "@added_81aca927c65b4e1185503cd2ffd4c41b": {
                "#name": "target",
                "Description": "The target of the error.",
                "Required": false,
                "Type": "string"
              }
            },
            {
              "@added_436aa11dd2ae45be97406f3020381868": {
                "#name": "details",
                "Description": "An array of details about specific errors that led to this reported error.",
                "Required": false,
                "Type": "array",
                "$items": {
                  "Type": "string"
                }
              }
            },
            {
              "@added_569c6776be8b4ae9a84f799489d3aaa8": {
                "#name": "innererror",
                "Description": "An object containing more specific information than the current object about the error.",
                "Required": false,
                "Type": "object",
                "$properties": [
                  {
                    "#name": "code",
                    "Description": "One of a server-defined set of error codes.",
                    "Required": false,
                    "Type": "string"
                  },
                  {
                    "#name": "innererror",
                    "Required": false,
                    "Type": "string"
                  }
                ]
              }
            }
          ]
        }
      ]
    }
  }
}

⚼ Request

GET:  /.well-known/openid-configuration
{
api-version:
{
Description: The API version to use for this operation. ,
Required: True ,
}
string ,
}

⚐ Response (200)

{
response_types_supported:
{
Description: Types supported in the OpenID metadata API ,
Required: False ,
}
[
string ,
]
,
id_token_signing_alg_values_supported:
{
Description: List of the supported signing algorithms ,
Required: False ,
}
[
string ,
]
,
revocation_endpoint:
{
Description: Revocation endpoint ,
Required: False ,
}
string ,
issuer:
{
Description: Issuer tenant base endpoint ,
Required: False ,
}
string ,
jwks_uri:
{
Description: The URI to retrieve the signing keys ,
Required: False ,
}
string ,
claims_supported:
{
Description: Set of claims supported by the OpenID metadata endpoint ,
Required: False ,
}
[
string ,
]
,
}

⚐ Response (default)

{
$headers:
{
x-ms-error-code:
{
Description: String error code indicating what went wrong. ,
}
string ,
}
,
$schema:
{
Description: A response containing error details. ,
}
{
error:
{
Description: The error object. ,
Required: True ,
}
{
code:
{
Description: One of a server-defined set of error codes. ,
Required: True ,
}
string ,
message:
{
Description: A human-readable representation of the error. ,
Required: True ,
}
string ,
target:
{
Description: The target of the error. ,
Required: False ,
}
string ,
details:
{
Description: An array of details about specific errors that led to this reported error. ,
Required: False ,
}
[
string ,
]
,
innererror:
{
Description: An object containing more specific information than the current object about the error. ,
Required: False ,
}
{
code:
{
Description: One of a server-defined set of error codes. ,
Required: False ,
}
string ,
innererror:
{
Required: False ,
}
string ,
}
,
}
,
}
,
}
Attestation_AttestAzureGuest (updated)
Description Processes an Azure Guest TCG Log, producing an artifact. The type of artifact produced is dependent upon attestation policy.
Reference Link ¶

⚶ Changes

{
  "#id": "Attestation_AttestAzureGuest",
  "Description": {
    "new": "Processes an Azure Guest TCG Log, producing an artifact. The type of artifact\nproduced is dependent upon attestation policy.",
    "old": "Processes an Azure Guest TCG Log, producing an artifact. The type of artifact produced is dependent upon attestation policy."
  },
  "$parameters": [
    {
      "#name": "api-version",
      "Description": {
        "new": "The API version to use for this operation.",
        "old": "Client API version. Current version is 2025-06-01"
      }
    },
    {
      "@added_d097499f649b4521a845d9c95fe0249d": {
        "#name": "body",
        "Required": true,
        "$schema": {
          "Description": "Attestation request for Azure Guest Gen2 VMs",
          "Type": "object",
          "$properties": [
            {
              "#name": "attestationInfo",
              "Description": "Attestation client information containing all artifacts required for Guest\nAttestation.",
              "Required": false,
              "Type": "string"
            }
          ]
        }
      }
    },
    {
      "@removed_0ab44aecce2e40b78d6ead4be865c797": {
        "#name": "request",
        "Description": "Request object containing TCG Logs from the Azure Guest.",
        "Required": true,
        "$schema": {
          "Description": "Attestation request for Azure Guest Gen2 VMs",
          "Type": "object",
          "$properties": [
            {
              "#name": "attestationInfo",
              "Description": "Attestation client information containing all artifacts required for Guest Attestation.",
              "Required": false,
              "Type": "string"
            }
          ]
        }
      }
    }
  ],
  "$responses": {
    "200": {
      "$properties": [
        {
          "#name": "token",
          "Description": {
            "new": "A sealed RFC 7519 JSON Web Token, the body of which is an AttestationResult\nobject.",
            "old": "A sealed RFC 7519 JSON Web Token, the body of which is an AttestationResult object."
          }
        }
      ]
    },
    "default": {
      "Description": {
        "new": "A response containing error details.",
        "old": "An error response from Attestation."
      },
      "$properties": [
        {
          "#name": "error",
          "Description": {
            "new": "The error object.",
            "old": "An error response from Attestation."
          },
          "Required": {
            "new": true,
            "old": false
          },
          "$properties": [
            {
              "#name": "code",
              "Description": {
                "new": "One of a server-defined set of error codes.",
                "old": "An identifier for the error. Codes are invariant and are intended to be consumed programmatically."
              },
              "Required": {
                "new": true,
                "old": false
              }
            },
            {
              "#name": "message",
              "Description": {
                "new": "A human-readable representation of the error.",
                "old": "A message describing the error, intended to be suitable for displaying in a user interface."
              },
              "Required": {
                "new": true,
                "old": false
              }
            },
            {
              "@added_1898671d31b946028bb54f89aab6d046": {
                "#name": "target",
                "Description": "The target of the error.",
                "Required": false,
                "Type": "string"
              }
            },
            {
              "@added_483116a8fad34166a795ddd0300d12d4": {
                "#name": "details",
                "Description": "An array of details about specific errors that led to this reported error.",
                "Required": false,
                "Type": "array",
                "$items": {
                  "Type": "string"
                }
              }
            },
            {
              "@added_fd0529fc93e846fba51a021234743b1d": {
                "#name": "innererror",
                "Description": "An object containing more specific information than the current object about the error.",
                "Required": false,
                "Type": "object",
                "$properties": [
                  {
                    "#name": "code",
                    "Description": "One of a server-defined set of error codes.",
                    "Required": false,
                    "Type": "string"
                  },
                  {
                    "#name": "innererror",
                    "Required": false,
                    "Type": "string"
                  }
                ]
              }
            }
          ]
        }
      ]
    }
  }
}

⚼ Request

POST:  /attest/AzureGuest
{
api-version:
{
Description: The API version to use for this operation. ,
Required: True ,
}
string ,
body:
{
Required: True ,
}
{
attestationInfo:
{
Description: Attestation client information containing all artifacts required for Guest Attestation. ,
Required: False ,
}
string ,
}
,
}

⚐ Response (200)

{
token:
{
Description: A sealed RFC 7519 JSON Web Token, the body of which is an AttestationResult object. ,
Required: False ,
}
string ,
}

⚐ Response (default)

{
$headers:
{
x-ms-error-code:
{
Description: String error code indicating what went wrong. ,
}
string ,
}
,
$schema:
{
Description: A response containing error details. ,
}
{
error:
{
Description: The error object. ,
Required: True ,
}
{
code:
{
Description: One of a server-defined set of error codes. ,
Required: True ,
}
string ,
message:
{
Description: A human-readable representation of the error. ,
Required: True ,
}
string ,
target:
{
Description: The target of the error. ,
Required: False ,
}
string ,
details:
{
Description: An array of details about specific errors that led to this reported error. ,
Required: False ,
}
[
string ,
]
,
innererror:
{
Description: An object containing more specific information than the current object about the error. ,
Required: False ,
}
{
code:
{
Description: One of a server-defined set of error codes. ,
Required: False ,
}
string ,
innererror:
{
Required: False ,
}
string ,
}
,
}
,
}
,
}
Attestation_AttestOpenEnclave (updated)
Description Processes an OpenEnclave report , producing an artifact. The type of artifact produced is dependent upon attestation policy.
Reference Link ¶

⚶ Changes

{
  "#id": "Attestation_AttestOpenEnclave",
  "Description": {
    "new": "Processes an OpenEnclave report , producing an artifact. The type of artifact\nproduced is dependent upon attestation policy.",
    "old": "Processes an OpenEnclave report , producing an artifact. The type of artifact produced is dependent upon attestation policy."
  },
  "$parameters": [
    {
      "#name": "api-version",
      "Description": {
        "new": "The API version to use for this operation.",
        "old": "Client API version. Current version is 2025-06-01"
      }
    },
    {
      "@added_c9e2af1e3f2a46c19d38583a9d1d87c2": {
        "#name": "body",
        "Required": true,
        "$schema": {
          "Description": "Attestation request for Intel SGX enclaves",
          "Type": "object",
          "$properties": [
            {
              "#name": "report",
              "Description": "OpenEnclave report from the enclave to be attested",
              "Format": "byte",
              "Required": false,
              "Type": "string"
            },
            {
              "#name": "runtimeData",
              "Description": "Runtime data provided by the enclave at the time of report generation. The MAA\nwill verify that the first 32 bytes of the report_data field of the quote\ncontains the SHA256 hash of the decoded \"data\" field of the runtime data.",
              "Required": false,
              "Type": "object",
              "$properties": [
                {
                  "#name": "data",
                  "Description": "Runtime data are generated by the Trusted Execution Environment (TEE). For an\nSGX quote (Coffeelake or Icelake), the SHA256 hash of the RuntimeData must\nmatch the lower 32 bytes of the quote's \"report data\" attribute. For a SEV-SNP\nquote, the SHA256 hash of the RuntimeData must match the quote's \"report data\"\nattribute.",
                  "Format": "byte",
                  "Required": false,
                  "Type": "string"
                },
                {
                  "#name": "dataType",
                  "Description": "The type of data contained within the \"data\" field",
                  "Enum": [
                    [
                      "Binary",
                      "The field's content should be treated as binary and not interpreted by MAA."
                    ],
                    [
                      "JSON",
                      "The field's content should be treated as UTF-8 JSON text that may be further\ninterpreted by MAA. Refer to RFC 8259 for a description of JSON serialization\nstandards for interoperability."
                    ]
                  ],
                  "Required": false,
                  "Type": "string"
                }
              ]
            },
            {
              "#name": "initTimeData",
              "Description": "Base64Url encoded \"InitTime data\". The MAA will verify that the init data was\nknown to the enclave. Note that InitTimeData is invalid for CoffeeLake\nprocessors.",
              "Required": false,
              "Type": "object",
              "$properties": [
                {
                  "#name": "data",
                  "Description": "Initialization time data are passed into the Trusted Execution Environment\n(TEE) when it is created. For an Icelake SGX quote, the SHA256 hash of the\nInitTimeData must match the lower 32 bytes of the quote's \"config id\"\nattribute. For a SEV-SNP quote, the SHA256 hash of the InitTimeData must match\nthe quote's \"host data\" attribute.",
                  "Format": "byte",
                  "Required": false,
                  "Type": "string"
                },
                {
                  "#name": "dataType",
                  "Description": "The type of data contained within the \"data\" field",
                  "Enum": [
                    [
                      "Binary",
                      "The field's content should be treated as binary and not interpreted by MAA."
                    ],
                    [
                      "JSON",
                      "The field's content should be treated as UTF-8 JSON text that may be further\ninterpreted by MAA. Refer to RFC 8259 for a description of JSON serialization\nstandards for interoperability."
                    ]
                  ],
                  "Required": false,
                  "Type": "string"
                }
              ]
            },
            {
              "#name": "draftPolicyForAttestation",
              "Description": "Attest against the provided draft policy. Note that the resulting token cannot\nbe validated.",
              "Required": false,
              "Type": "string"
            },
            {
              "#name": "nonce",
              "Description": "Nonce for incoming request - emitted in the generated attestation token",
              "Required": false,
              "Type": "string"
            }
          ]
        }
      }
    },
    {
      "@removed_18ea07564ee046dda5930abbf1f67c80": {
        "#name": "request",
        "Description": "Request object containing the quote",
        "Required": true,
        "$schema": {
          "Description": "Attestation request for Intel SGX enclaves",
          "Type": "object",
          "$properties": [
            {
              "#name": "report",
              "Description": "OpenEnclave report from the enclave to be attested",
              "Format": "base64url",
              "Required": false,
              "Type": "string"
            },
            {
              "#name": "runtimeData",
              "Description": "Runtime data provided by the enclave at the time of report generation. The MAA will verify that the first 32 bytes of the report_data field of the quote contains the SHA256 hash of the decoded \"data\" field of the runtime data.",
              "Required": false,
              "Type": "object",
              "$properties": [
                {
                  "#name": "data",
                  "Description": "Runtime data are generated by the Trusted Execution Environment (TEE). For an SGX quote (Coffeelake or Icelake), the SHA256 hash of the RuntimeData must match the lower 32 bytes of the quote's \"report data\" attribute. For a SEV-SNP quote, the SHA256 hash of the RuntimeData must match the quote's \"report data\" attribute.",
                  "Format": "base64url",
                  "Required": false,
                  "Type": "string"
                },
                {
                  "#name": "dataType",
                  "Description": "The type of data contained within the \"data\" field",
                  "Enum": [
                    [
                      "Binary",
                      "The field's content should be treated as binary and not interpreted by MAA."
                    ],
                    [
                      "JSON",
                      "The field's content should be treated as UTF-8 JSON text that may be further interpreted by MAA. Refer to RFC 8259 for a description of JSON serialization standards for interoperability."
                    ]
                  ],
                  "Required": false,
                  "Type": "string"
                }
              ]
            },
            {
              "#name": "initTimeData",
              "Description": "Base64Url encoded \"InitTime data\". The MAA will verify that the init data was known to the enclave. Note that InitTimeData is invalid for CoffeeLake processors.",
              "Required": false,
              "Type": "object",
              "$properties": [
                {
                  "#name": "data",
                  "Description": "Initialization time data are passed into the Trusted Execution Environment (TEE) when it is created. For an Icelake SGX quote, the SHA256 hash of the InitTimeData must match the lower 32 bytes of the quote's \"config id\" attribute. For a SEV-SNP quote, the SHA256 hash of the InitTimeData must match the quote's \"host data\" attribute.",
                  "Format": "base64url",
                  "Required": false,
                  "Type": "string"
                },
                {
                  "#name": "dataType",
                  "Description": "The type of data contained within the \"data\" field",
                  "Enum": [
                    [
                      "Binary",
                      "The field's content should be treated as binary and not interpreted by MAA."
                    ],
                    [
                      "JSON",
                      "The field's content should be treated as UTF-8 JSON text that may be further interpreted by MAA. Refer to RFC 8259 for a description of JSON serialization standards for interoperability."
                    ]
                  ],
                  "Required": false,
                  "Type": "string"
                }
              ]
            },
            {
              "#name": "draftPolicyForAttestation",
              "Description": "Attest against the provided draft policy. Note that the resulting token cannot be validated.",
              "Required": false,
              "Type": "string"
            },
            {
              "#name": "nonce",
              "Description": "Nonce for incoming request - emitted in the generated attestation token",
              "Required": false,
              "Type": "string"
            }
          ]
        }
      }
    }
  ],
  "$responses": {
    "default": {
      "Description": {
        "new": "A response containing error details.",
        "old": "An error response from Attestation."
      },
      "$properties": [
        {
          "#name": "error",
          "Description": {
            "new": "The error object.",
            "old": "An error response from Attestation."
          },
          "Required": {
            "new": true,
            "old": false
          },
          "$properties": [
            {
              "#name": "code",
              "Description": {
                "new": "One of a server-defined set of error codes.",
                "old": "An identifier for the error. Codes are invariant and are intended to be consumed programmatically."
              },
              "Required": {
                "new": true,
                "old": false
              }
            },
            {
              "#name": "message",
              "Description": {
                "new": "A human-readable representation of the error.",
                "old": "A message describing the error, intended to be suitable for displaying in a user interface."
              },
              "Required": {
                "new": true,
                "old": false
              }
            },
            {
              "@added_f874dcba186e4ab5b22fa48409ef288f": {
                "#name": "target",
                "Description": "The target of the error.",
                "Required": false,
                "Type": "string"
              }
            },
            {
              "@added_1a7a9008475d42bda84843410cd1c5da": {
                "#name": "details",
                "Description": "An array of details about specific errors that led to this reported error.",
                "Required": false,
                "Type": "array",
                "$items": {
                  "Type": "string"
                }
              }
            },
            {
              "@added_270bc6dbb43d461097dd8c4c3b8ee747": {
                "#name": "innererror",
                "Description": "An object containing more specific information than the current object about the error.",
                "Required": false,
                "Type": "object",
                "$properties": [
                  {
                    "#name": "code",
                    "Description": "One of a server-defined set of error codes.",
                    "Required": false,
                    "Type": "string"
                  },
                  {
                    "#name": "innererror",
                    "Required": false,
                    "Type": "string"
                  }
                ]
              }
            }
          ]
        }
      ]
    }
  }
}

⚼ Request

POST:  /attest/OpenEnclave
{
api-version:
{
Description: The API version to use for this operation. ,
Required: True ,
}
string ,
body:
{
Required: True ,
}
{
report:
{
Description: OpenEnclave report from the enclave to be attested ,
Format: byte ,
Required: False ,
}
string ,
runtimeData:
{
Description: Runtime data provided by the enclave at the time of report generation. The MAA will verify that the first 32 bytes of the report_data field of the quote contains the SHA256 hash of the decoded "data" field of the runtime data. ,
Required: False ,
}
{
data:
{
Description: Runtime data are generated by the Trusted Execution Environment (TEE). For an SGX quote (Coffeelake or Icelake), the SHA256 hash of the RuntimeData must match the lower 32 bytes of the quote's "report data" attribute. For a SEV-SNP quote, the SHA256 hash of the RuntimeData must match the quote's "report data" attribute. ,
Format: byte ,
Required: False ,
}
string ,
dataType:
{
Description: The type of data contained within the "data" field ,
Enum:
{
Binary: The field's content should be treated as binary and not interpreted by MAA. ,
JSON: The field's content should be treated as UTF-8 JSON text that may be further interpreted by MAA. Refer to RFC 8259 for a description of JSON serialization standards for interoperability. ,
}
,
Required: False ,
}
enum ,
}
,
initTimeData:
{
Description: Base64Url encoded "InitTime data". The MAA will verify that the init data was known to the enclave. Note that InitTimeData is invalid for CoffeeLake processors. ,
Required: False ,
}
{
data:
{
Description: Initialization time data are passed into the Trusted Execution Environment (TEE) when it is created. For an Icelake SGX quote, the SHA256 hash of the InitTimeData must match the lower 32 bytes of the quote's "config id" attribute. For a SEV-SNP quote, the SHA256 hash of the InitTimeData must match the quote's "host data" attribute. ,
Format: byte ,
Required: False ,
}
string ,
dataType:
{
Description: The type of data contained within the "data" field ,
Enum:
{
Binary: The field's content should be treated as binary and not interpreted by MAA. ,
JSON: The field's content should be treated as UTF-8 JSON text that may be further interpreted by MAA. Refer to RFC 8259 for a description of JSON serialization standards for interoperability. ,
}
,
Required: False ,
}
enum ,
}
,
draftPolicyForAttestation:
{
Description: Attest against the provided draft policy. Note that the resulting token cannot be validated. ,
Required: False ,
}
string ,
nonce:
{
Description: Nonce for incoming request - emitted in the generated attestation token ,
Required: False ,
}
string ,
}
,
}

⚐ Response (200)

{
token:
{
Description: An RFC 7519 JSON Web Token, the body of which is an AttestationResult object. ,
Required: False ,
}
string ,
}

⚐ Response (default)

{
$headers:
{
x-ms-error-code:
{
Description: String error code indicating what went wrong. ,
}
string ,
}
,
$schema:
{
Description: A response containing error details. ,
}
{
error:
{
Description: The error object. ,
Required: True ,
}
{
code:
{
Description: One of a server-defined set of error codes. ,
Required: True ,
}
string ,
message:
{
Description: A human-readable representation of the error. ,
Required: True ,
}
string ,
target:
{
Description: The target of the error. ,
Required: False ,
}
string ,
details:
{
Description: An array of details about specific errors that led to this reported error. ,
Required: False ,
}
[
string ,
]
,
innererror:
{
Description: An object containing more specific information than the current object about the error. ,
Required: False ,
}
{
code:
{
Description: One of a server-defined set of error codes. ,
Required: False ,
}
string ,
innererror:
{
Required: False ,
}
string ,
}
,
}
,
}
,
}
Attestation_AttestSevSnpVm (updated)
Description Processes a SEV SNP Boot chain. The type of artifact produced is dependent upon attestation policy.
Reference Link ¶

⚶ Changes

{
  "#id": "Attestation_AttestSevSnpVm",
  "Description": {
    "new": "Processes a SEV SNP Boot chain. The type of artifact produced is dependent upon\nattestation policy.",
    "old": "Processes a SEV SNP Boot chain. The type of artifact produced is dependent upon attestation policy."
  },
  "$parameters": [
    {
      "#name": "api-version",
      "Description": {
        "new": "The API version to use for this operation.",
        "old": "Client API version. Current version is 2025-06-01"
      }
    },
    {
      "@added_f37108d28f5a40299715b4694344d8ae": {
        "#name": "body",
        "Required": true,
        "$schema": {
          "Description": "Attestation request for AMD SEV SNP Virtual Machine",
          "Type": "object",
          "$properties": [
            {
              "#name": "report",
              "Description": "Hardware rooted report of the virtual machine being attested along with the\nsigning certificate chain and optionally, additional endorsements",
              "Required": false,
              "Type": "string"
            },
            {
              "#name": "runtimeData",
              "Description": "Runtime data provided by the enclave at the time of report generation. The MAA\nwill verify that the run time data is known to the attestation target.",
              "Required": false,
              "Type": "object",
              "$properties": [
                {
                  "#name": "data",
                  "Description": "Runtime data are generated by the Trusted Execution Environment (TEE). For an\nSGX quote (Coffeelake or Icelake), the SHA256 hash of the RuntimeData must\nmatch the lower 32 bytes of the quote's \"report data\" attribute. For a SEV-SNP\nquote, the SHA256 hash of the RuntimeData must match the quote's \"report data\"\nattribute.",
                  "Format": "byte",
                  "Required": false,
                  "Type": "string"
                },
                {
                  "#name": "dataType",
                  "Description": "The type of data contained within the \"data\" field",
                  "Enum": [
                    [
                      "Binary",
                      "The field's content should be treated as binary and not interpreted by MAA."
                    ],
                    [
                      "JSON",
                      "The field's content should be treated as UTF-8 JSON text that may be further\ninterpreted by MAA. Refer to RFC 8259 for a description of JSON serialization\nstandards for interoperability."
                    ]
                  ],
                  "Required": false,
                  "Type": "string"
                }
              ]
            },
            {
              "#name": "initTimeData",
              "Description": "Initialization data provided by the enclave at the time of report generation.\nThe MAA will verify that the init time data is known to the attestation target.",
              "Required": false,
              "Type": "object",
              "$properties": [
                {
                  "#name": "data",
                  "Description": "Initialization time data are passed into the Trusted Execution Environment\n(TEE) when it is created. For an Icelake SGX quote, the SHA256 hash of the\nInitTimeData must match the lower 32 bytes of the quote's \"config id\"\nattribute. For a SEV-SNP quote, the SHA256 hash of the InitTimeData must match\nthe quote's \"host data\" attribute.",
                  "Format": "byte",
                  "Required": false,
                  "Type": "string"
                },
                {
                  "#name": "dataType",
                  "Description": "The type of data contained within the \"data\" field",
                  "Enum": [
                    [
                      "Binary",
                      "The field's content should be treated as binary and not interpreted by MAA."
                    ],
                    [
                      "JSON",
                      "The field's content should be treated as UTF-8 JSON text that may be further\ninterpreted by MAA. Refer to RFC 8259 for a description of JSON serialization\nstandards for interoperability."
                    ]
                  ],
                  "Required": false,
                  "Type": "string"
                }
              ]
            },
            {
              "#name": "draftPolicyForAttestation",
              "Description": "Attest against the provided draft policy. Note that the resulting token cannot\nbe validated.",
              "Required": false,
              "Type": "string"
            },
            {
              "#name": "nonce",
              "Description": "Nonce for incoming request - emitted in the generated attestation token",
              "Required": false,
              "Type": "string"
            }
          ]
        }
      }
    },
    {
      "@removed_ad6be9e0150b49abae6433fd5e7f37b0": {
        "#name": "request",
        "Description": "Request object containing the quote",
        "Required": true,
        "$schema": {
          "Description": "Attestation request for AMD SEV SNP Virtual Machine",
          "Type": "object",
          "$properties": [
            {
              "#name": "report",
              "Description": "Hardware rooted report of the virtual machine being attested along with the signing certificate chain and optionally, additional endorsements",
              "Required": false,
              "Type": "string"
            },
            {
              "#name": "runtimeData",
              "Description": "Runtime data provided by the enclave at the time of report generation. The MAA will verify that the run time data is known to the attestation target.",
              "Required": false,
              "Type": "object",
              "$properties": [
                {
                  "#name": "data",
                  "Description": "Runtime data are generated by the Trusted Execution Environment (TEE). For an SGX quote (Coffeelake or Icelake), the SHA256 hash of the RuntimeData must match the lower 32 bytes of the quote's \"report data\" attribute. For a SEV-SNP quote, the SHA256 hash of the RuntimeData must match the quote's \"report data\" attribute.",
                  "Format": "base64url",
                  "Required": false,
                  "Type": "string"
                },
                {
                  "#name": "dataType",
                  "Description": "The type of data contained within the \"data\" field",
                  "Enum": [
                    [
                      "Binary",
                      "The field's content should be treated as binary and not interpreted by MAA."
                    ],
                    [
                      "JSON",
                      "The field's content should be treated as UTF-8 JSON text that may be further interpreted by MAA. Refer to RFC 8259 for a description of JSON serialization standards for interoperability."
                    ]
                  ],
                  "Required": false,
                  "Type": "string"
                }
              ]
            },
            {
              "#name": "initTimeData",
              "Description": "Initialization data provided by the enclave at the time of report generation. The MAA will verify that the init time data is known to the attestation target.",
              "Required": false,
              "Type": "object",
              "$properties": [
                {
                  "#name": "data",
                  "Description": "Initialization time data are passed into the Trusted Execution Environment (TEE) when it is created. For an Icelake SGX quote, the SHA256 hash of the InitTimeData must match the lower 32 bytes of the quote's \"config id\" attribute. For a SEV-SNP quote, the SHA256 hash of the InitTimeData must match the quote's \"host data\" attribute.",
                  "Format": "base64url",
                  "Required": false,
                  "Type": "string"
                },
                {
                  "#name": "dataType",
                  "Description": "The type of data contained within the \"data\" field",
                  "Enum": [
                    [
                      "Binary",
                      "The field's content should be treated as binary and not interpreted by MAA."
                    ],
                    [
                      "JSON",
                      "The field's content should be treated as UTF-8 JSON text that may be further interpreted by MAA. Refer to RFC 8259 for a description of JSON serialization standards for interoperability."
                    ]
                  ],
                  "Required": false,
                  "Type": "string"
                }
              ]
            },
            {
              "#name": "draftPolicyForAttestation",
              "Description": "Attest against the provided draft policy. Note that the resulting token cannot be validated.",
              "Required": false,
              "Type": "string"
            },
            {
              "#name": "nonce",
              "Description": "Nonce for incoming request - emitted in the generated attestation token",
              "Required": false,
              "Type": "string"
            }
          ]
        }
      }
    }
  ],
  "$responses": {
    "default": {
      "Description": {
        "new": "A response containing error details.",
        "old": "An error response from Attestation."
      },
      "$properties": [
        {
          "#name": "error",
          "Description": {
            "new": "The error object.",
            "old": "An error response from Attestation."
          },
          "Required": {
            "new": true,
            "old": false
          },
          "$properties": [
            {
              "#name": "code",
              "Description": {
                "new": "One of a server-defined set of error codes.",
                "old": "An identifier for the error. Codes are invariant and are intended to be consumed programmatically."
              },
              "Required": {
                "new": true,
                "old": false
              }
            },
            {
              "#name": "message",
              "Description": {
                "new": "A human-readable representation of the error.",
                "old": "A message describing the error, intended to be suitable for displaying in a user interface."
              },
              "Required": {
                "new": true,
                "old": false
              }
            },
            {
              "@added_100cb88826dc4724835e8d4680b65b09": {
                "#name": "target",
                "Description": "The target of the error.",
                "Required": false,
                "Type": "string"
              }
            },
            {
              "@added_767d33d879984b10ba5ca7266347a462": {
                "#name": "details",
                "Description": "An array of details about specific errors that led to this reported error.",
                "Required": false,
                "Type": "array",
                "$items": {
                  "Type": "string"
                }
              }
            },
            {
              "@added_5a0e8e0df3194c9c8e3cad72a7dd7e87": {
                "#name": "innererror",
                "Description": "An object containing more specific information than the current object about the error.",
                "Required": false,
                "Type": "object",
                "$properties": [
                  {
                    "#name": "code",
                    "Description": "One of a server-defined set of error codes.",
                    "Required": false,
                    "Type": "string"
                  },
                  {
                    "#name": "innererror",
                    "Required": false,
                    "Type": "string"
                  }
                ]
              }
            }
          ]
        }
      ]
    }
  }
}

⚼ Request

POST:  /attest/SevSnpVm
{
api-version:
{
Description: The API version to use for this operation. ,
Required: True ,
}
string ,
body:
{
Required: True ,
}
{
report:
{
Description: Hardware rooted report of the virtual machine being attested along with the signing certificate chain and optionally, additional endorsements ,
Required: False ,
}
string ,
runtimeData:
{
Description: Runtime data provided by the enclave at the time of report generation. The MAA will verify that the run time data is known to the attestation target. ,
Required: False ,
}
{
data:
{
Description: Runtime data are generated by the Trusted Execution Environment (TEE). For an SGX quote (Coffeelake or Icelake), the SHA256 hash of the RuntimeData must match the lower 32 bytes of the quote's "report data" attribute. For a SEV-SNP quote, the SHA256 hash of the RuntimeData must match the quote's "report data" attribute. ,
Format: byte ,
Required: False ,
}
string ,
dataType:
{
Description: The type of data contained within the "data" field ,
Enum:
{
Binary: The field's content should be treated as binary and not interpreted by MAA. ,
JSON: The field's content should be treated as UTF-8 JSON text that may be further interpreted by MAA. Refer to RFC 8259 for a description of JSON serialization standards for interoperability. ,
}
,
Required: False ,
}
enum ,
}
,
initTimeData:
{
Description: Initialization data provided by the enclave at the time of report generation. The MAA will verify that the init time data is known to the attestation target. ,
Required: False ,
}
{
data:
{
Description: Initialization time data are passed into the Trusted Execution Environment (TEE) when it is created. For an Icelake SGX quote, the SHA256 hash of the InitTimeData must match the lower 32 bytes of the quote's "config id" attribute. For a SEV-SNP quote, the SHA256 hash of the InitTimeData must match the quote's "host data" attribute. ,
Format: byte ,
Required: False ,
}
string ,
dataType:
{
Description: The type of data contained within the "data" field ,
Enum:
{
Binary: The field's content should be treated as binary and not interpreted by MAA. ,
JSON: The field's content should be treated as UTF-8 JSON text that may be further interpreted by MAA. Refer to RFC 8259 for a description of JSON serialization standards for interoperability. ,
}
,
Required: False ,
}
enum ,
}
,
draftPolicyForAttestation:
{
Description: Attest against the provided draft policy. Note that the resulting token cannot be validated. ,
Required: False ,
}
string ,
nonce:
{
Description: Nonce for incoming request - emitted in the generated attestation token ,
Required: False ,
}
string ,
}
,
}

⚐ Response (200)

{
token:
{
Description: An RFC 7519 JSON Web Token, the body of which is an AttestationResult object. ,
Required: False ,
}
string ,
}

⚐ Response (default)

{
$headers:
{
x-ms-error-code:
{
Description: String error code indicating what went wrong. ,
}
string ,
}
,
$schema:
{
Description: A response containing error details. ,
}
{
error:
{
Description: The error object. ,
Required: True ,
}
{
code:
{
Description: One of a server-defined set of error codes. ,
Required: True ,
}
string ,
message:
{
Description: A human-readable representation of the error. ,
Required: True ,
}
string ,
target:
{
Description: The target of the error. ,
Required: False ,
}
string ,
details:
{
Description: An array of details about specific errors that led to this reported error. ,
Required: False ,
}
[
string ,
]
,
innererror:
{
Description: An object containing more specific information than the current object about the error. ,
Required: False ,
}
{
code:
{
Description: One of a server-defined set of error codes. ,
Required: False ,
}
string ,
innererror:
{
Required: False ,
}
string ,
}
,
}
,
}
,
}
Attestation_AttestSgxEnclave (updated)
Description Processes an SGX enclave quote, producing an artifact. The type of artifact produced is dependent upon attestation policy.
Reference Link ¶

⚶ Changes

{
  "#id": "Attestation_AttestSgxEnclave",
  "Description": {
    "new": "Processes an SGX enclave quote, producing an artifact. The type of artifact\nproduced is dependent upon attestation policy.",
    "old": "Processes an SGX enclave quote, producing an artifact. The type of artifact produced is dependent upon attestation policy."
  },
  "$parameters": [
    {
      "#name": "api-version",
      "Description": {
        "new": "The API version to use for this operation.",
        "old": "Client API version. Current version is 2025-06-01"
      }
    },
    {
      "@added_1f627b3ed7314eeaa510b77cae71018d": {
        "#name": "body",
        "Required": true,
        "$schema": {
          "Description": "Attestation request for Intel SGX enclaves",
          "Type": "object",
          "$properties": [
            {
              "#name": "quote",
              "Description": "Quote of the enclave to be attested",
              "Format": "byte",
              "Required": false,
              "Type": "string"
            },
            {
              "#name": "runtimeData",
              "Description": "Runtime data provided by the enclave at the time of quote generation. The MAA\nwill verify that the first 32 bytes of the report_data field of the quote\ncontains the SHA256 hash of the decoded \"data\" field of the runtime data.",
              "Required": false,
              "Type": "object",
              "$properties": [
                {
                  "#name": "data",
                  "Description": "Runtime data are generated by the Trusted Execution Environment (TEE). For an\nSGX quote (Coffeelake or Icelake), the SHA256 hash of the RuntimeData must\nmatch the lower 32 bytes of the quote's \"report data\" attribute. For a SEV-SNP\nquote, the SHA256 hash of the RuntimeData must match the quote's \"report data\"\nattribute.",
                  "Format": "byte",
                  "Required": false,
                  "Type": "string"
                },
                {
                  "#name": "dataType",
                  "Description": "The type of data contained within the \"data\" field",
                  "Enum": [
                    [
                      "Binary",
                      "The field's content should be treated as binary and not interpreted by MAA."
                    ],
                    [
                      "JSON",
                      "The field's content should be treated as UTF-8 JSON text that may be further\ninterpreted by MAA. Refer to RFC 8259 for a description of JSON serialization\nstandards for interoperability."
                    ]
                  ],
                  "Required": false,
                  "Type": "string"
                }
              ]
            },
            {
              "#name": "initTimeData",
              "Description": "Initialization data provided when the enclave is created. MAA will verify that\nthe init data was known to the enclave. Note that InitTimeData is invalid for\nCoffeeLake processors.",
              "Required": false,
              "Type": "object",
              "$properties": [
                {
                  "#name": "data",
                  "Description": "Initialization time data are passed into the Trusted Execution Environment\n(TEE) when it is created. For an Icelake SGX quote, the SHA256 hash of the\nInitTimeData must match the lower 32 bytes of the quote's \"config id\"\nattribute. For a SEV-SNP quote, the SHA256 hash of the InitTimeData must match\nthe quote's \"host data\" attribute.",
                  "Format": "byte",
                  "Required": false,
                  "Type": "string"
                },
                {
                  "#name": "dataType",
                  "Description": "The type of data contained within the \"data\" field",
                  "Enum": [
                    [
                      "Binary",
                      "The field's content should be treated as binary and not interpreted by MAA."
                    ],
                    [
                      "JSON",
                      "The field's content should be treated as UTF-8 JSON text that may be further\ninterpreted by MAA. Refer to RFC 8259 for a description of JSON serialization\nstandards for interoperability."
                    ]
                  ],
                  "Required": false,
                  "Type": "string"
                }
              ]
            },
            {
              "#name": "draftPolicyForAttestation",
              "Description": "Attest against the provided draft policy. Note that the resulting token cannot\nbe validated.",
              "Required": false,
              "Type": "string"
            },
            {
              "#name": "nonce",
              "Description": "Nonce for incoming request - emitted in the generated attestation token",
              "Required": false,
              "Type": "string"
            }
          ]
        }
      }
    },
    {
      "@removed_63d68da11ecd469f920ceca57596f620": {
        "#name": "request",
        "Description": "Request object containing the quote",
        "Required": true,
        "$schema": {
          "Description": "Attestation request for Intel SGX enclaves",
          "Type": "object",
          "$properties": [
            {
              "#name": "quote",
              "Description": "Quote of the enclave to be attested",
              "Format": "base64url",
              "Required": false,
              "Type": "string"
            },
            {
              "#name": "runtimeData",
              "Description": "Runtime data provided by the enclave at the time of quote generation. The MAA will verify that the first 32 bytes of the report_data field of the quote contains the SHA256 hash of the decoded \"data\" field of the runtime data.",
              "Required": false,
              "Type": "object",
              "$properties": [
                {
                  "#name": "data",
                  "Description": "Runtime data are generated by the Trusted Execution Environment (TEE). For an SGX quote (Coffeelake or Icelake), the SHA256 hash of the RuntimeData must match the lower 32 bytes of the quote's \"report data\" attribute. For a SEV-SNP quote, the SHA256 hash of the RuntimeData must match the quote's \"report data\" attribute.",
                  "Format": "base64url",
                  "Required": false,
                  "Type": "string"
                },
                {
                  "#name": "dataType",
                  "Description": "The type of data contained within the \"data\" field",
                  "Enum": [
                    [
                      "Binary",
                      "The field's content should be treated as binary and not interpreted by MAA."
                    ],
                    [
                      "JSON",
                      "The field's content should be treated as UTF-8 JSON text that may be further interpreted by MAA. Refer to RFC 8259 for a description of JSON serialization standards for interoperability."
                    ]
                  ],
                  "Required": false,
                  "Type": "string"
                }
              ]
            },
            {
              "#name": "initTimeData",
              "Description": "Initialization data provided when the enclave is created. MAA will verify that the init data was known to the enclave. Note that InitTimeData is invalid for CoffeeLake processors.",
              "Required": false,
              "Type": "object",
              "$properties": [
                {
                  "#name": "data",
                  "Description": "Initialization time data are passed into the Trusted Execution Environment (TEE) when it is created. For an Icelake SGX quote, the SHA256 hash of the InitTimeData must match the lower 32 bytes of the quote's \"config id\" attribute. For a SEV-SNP quote, the SHA256 hash of the InitTimeData must match the quote's \"host data\" attribute.",
                  "Format": "base64url",
                  "Required": false,
                  "Type": "string"
                },
                {
                  "#name": "dataType",
                  "Description": "The type of data contained within the \"data\" field",
                  "Enum": [
                    [
                      "Binary",
                      "The field's content should be treated as binary and not interpreted by MAA."
                    ],
                    [
                      "JSON",
                      "The field's content should be treated as UTF-8 JSON text that may be further interpreted by MAA. Refer to RFC 8259 for a description of JSON serialization standards for interoperability."
                    ]
                  ],
                  "Required": false,
                  "Type": "string"
                }
              ]
            },
            {
              "#name": "draftPolicyForAttestation",
              "Description": "Attest against the provided draft policy. Note that the resulting token cannot be validated.",
              "Required": false,
              "Type": "string"
            },
            {
              "#name": "nonce",
              "Description": "Nonce for incoming request - emitted in the generated attestation token",
              "Required": false,
              "Type": "string"
            }
          ]
        }
      }
    }
  ],
  "$responses": {
    "default": {
      "Description": {
        "new": "A response containing error details.",
        "old": "An error response from Attestation."
      },
      "$properties": [
        {
          "#name": "error",
          "Description": {
            "new": "The error object.",
            "old": "An error response from Attestation."
          },
          "Required": {
            "new": true,
            "old": false
          },
          "$properties": [
            {
              "#name": "code",
              "Description": {
                "new": "One of a server-defined set of error codes.",
                "old": "An identifier for the error. Codes are invariant and are intended to be consumed programmatically."
              },
              "Required": {
                "new": true,
                "old": false
              }
            },
            {
              "#name": "message",
              "Description": {
                "new": "A human-readable representation of the error.",
                "old": "A message describing the error, intended to be suitable for displaying in a user interface."
              },
              "Required": {
                "new": true,
                "old": false
              }
            },
            {
              "@added_eeda9f9b262a49da871243c5511874d8": {
                "#name": "target",
                "Description": "The target of the error.",
                "Required": false,
                "Type": "string"
              }
            },
            {
              "@added_2a35001aa939424aa24673eae4e4c150": {
                "#name": "details",
                "Description": "An array of details about specific errors that led to this reported error.",
                "Required": false,
                "Type": "array",
                "$items": {
                  "Type": "string"
                }
              }
            },
            {
              "@added_a0e3c55bfc7e47deacec2197558d8e1b": {
                "#name": "innererror",
                "Description": "An object containing more specific information than the current object about the error.",
                "Required": false,
                "Type": "object",
                "$properties": [
                  {
                    "#name": "code",
                    "Description": "One of a server-defined set of error codes.",
                    "Required": false,
                    "Type": "string"
                  },
                  {
                    "#name": "innererror",
                    "Required": false,
                    "Type": "string"
                  }
                ]
              }
            }
          ]
        }
      ]
    }
  }
}

⚼ Request

POST:  /attest/SgxEnclave
{
api-version:
{
Description: The API version to use for this operation. ,
Required: True ,
}
string ,
body:
{
Required: True ,
}
{
quote:
{
Description: Quote of the enclave to be attested ,
Format: byte ,
Required: False ,
}
string ,
runtimeData:
{
Description: Runtime data provided by the enclave at the time of quote generation. The MAA will verify that the first 32 bytes of the report_data field of the quote contains the SHA256 hash of the decoded "data" field of the runtime data. ,
Required: False ,
}
{
data:
{
Description: Runtime data are generated by the Trusted Execution Environment (TEE). For an SGX quote (Coffeelake or Icelake), the SHA256 hash of the RuntimeData must match the lower 32 bytes of the quote's "report data" attribute. For a SEV-SNP quote, the SHA256 hash of the RuntimeData must match the quote's "report data" attribute. ,
Format: byte ,
Required: False ,
}
string ,
dataType:
{
Description: The type of data contained within the "data" field ,
Enum:
{
Binary: The field's content should be treated as binary and not interpreted by MAA. ,
JSON: The field's content should be treated as UTF-8 JSON text that may be further interpreted by MAA. Refer to RFC 8259 for a description of JSON serialization standards for interoperability. ,
}
,
Required: False ,
}
enum ,
}
,
initTimeData:
{
Description: Initialization data provided when the enclave is created. MAA will verify that the init data was known to the enclave. Note that InitTimeData is invalid for CoffeeLake processors. ,
Required: False ,
}
{
data:
{
Description: Initialization time data are passed into the Trusted Execution Environment (TEE) when it is created. For an Icelake SGX quote, the SHA256 hash of the InitTimeData must match the lower 32 bytes of the quote's "config id" attribute. For a SEV-SNP quote, the SHA256 hash of the InitTimeData must match the quote's "host data" attribute. ,
Format: byte ,
Required: False ,
}
string ,
dataType:
{
Description: The type of data contained within the "data" field ,
Enum:
{
Binary: The field's content should be treated as binary and not interpreted by MAA. ,
JSON: The field's content should be treated as UTF-8 JSON text that may be further interpreted by MAA. Refer to RFC 8259 for a description of JSON serialization standards for interoperability. ,
}
,
Required: False ,
}
enum ,
}
,
draftPolicyForAttestation:
{
Description: Attest against the provided draft policy. Note that the resulting token cannot be validated. ,
Required: False ,
}
string ,
nonce:
{
Description: Nonce for incoming request - emitted in the generated attestation token ,
Required: False ,
}
string ,
}
,
}

⚐ Response (200)

{
token:
{
Description: An RFC 7519 JSON Web Token, the body of which is an AttestationResult object. ,
Required: False ,
}
string ,
}

⚐ Response (default)

{
$headers:
{
x-ms-error-code:
{
Description: String error code indicating what went wrong. ,
}
string ,
}
,
$schema:
{
Description: A response containing error details. ,
}
{
error:
{
Description: The error object. ,
Required: True ,
}
{
code:
{
Description: One of a server-defined set of error codes. ,
Required: True ,
}
string ,
message:
{
Description: A human-readable representation of the error. ,
Required: True ,
}
string ,
target:
{
Description: The target of the error. ,
Required: False ,
}
string ,
details:
{
Description: An array of details about specific errors that led to this reported error. ,
Required: False ,
}
[
string ,
]
,
innererror:
{
Description: An object containing more specific information than the current object about the error. ,
Required: False ,
}
{
code:
{
Description: One of a server-defined set of error codes. ,
Required: False ,
}
string ,
innererror:
{
Required: False ,
}
string ,
}
,
}
,
}
,
}
Attestation_AttestTdxVm (updated)
Description Processes an TDX quote, producing an artifact. The type of artifact produced is dependent upon attestation policy.
Reference Link ¶

⚶ Changes

{
  "#id": "Attestation_AttestTdxVm",
  "Description": {
    "new": "Processes an TDX quote, producing an artifact. The type of artifact produced is\ndependent upon attestation policy.",
    "old": "Processes an TDX quote, producing an artifact. The type of artifact produced is dependent upon attestation policy."
  },
  "$parameters": [
    {
      "#name": "api-version",
      "Description": {
        "new": "The API version to use for this operation.",
        "old": "Client API version. Current version is 2025-06-01"
      }
    },
    {
      "@added_75da6ae4e6b14c699e68c9ef635c8cdf": {
        "#name": "body",
        "Required": true,
        "$schema": {
          "Description": "Attestation request for Intel TDX Virtual Machine",
          "Type": "object",
          "$properties": [
            {
              "#name": "quote",
              "Description": "Quote of the TDX virtual machine to be attested",
              "Format": "byte",
              "Required": false,
              "Type": "string"
            },
            {
              "#name": "runtimeData",
              "Description": "Runtime data provided by the enclave at the time of quote generation. The MAA\nwill verify that the first 32 bytes of the report_data field of the quote\ncontains the SHA256 hash of the decoded \"data\" field of the runtime data.",
              "Required": false,
              "Type": "object",
              "$properties": [
                {
                  "#name": "data",
                  "Description": "Runtime data are generated by the Trusted Execution Environment (TEE). For an\nSGX quote (Coffeelake or Icelake), the SHA256 hash of the RuntimeData must\nmatch the lower 32 bytes of the quote's \"report data\" attribute. For a SEV-SNP\nquote, the SHA256 hash of the RuntimeData must match the quote's \"report data\"\nattribute.",
                  "Format": "byte",
                  "Required": false,
                  "Type": "string"
                },
                {
                  "#name": "dataType",
                  "Description": "The type of data contained within the \"data\" field",
                  "Enum": [
                    [
                      "Binary",
                      "The field's content should be treated as binary and not interpreted by MAA."
                    ],
                    [
                      "JSON",
                      "The field's content should be treated as UTF-8 JSON text that may be further\ninterpreted by MAA. Refer to RFC 8259 for a description of JSON serialization\nstandards for interoperability."
                    ]
                  ],
                  "Required": false,
                  "Type": "string"
                }
              ]
            },
            {
              "#name": "initTimeData",
              "Description": "Initialization data provided when the enclave is created. MAA will verify that\nthe init data was known to the enclave.",
              "Required": false,
              "Type": "object",
              "$properties": [
                {
                  "#name": "data",
                  "Description": "Initialization time data are passed into the Trusted Execution Environment\n(TEE) when it is created. For an Icelake SGX quote, the SHA256 hash of the\nInitTimeData must match the lower 32 bytes of the quote's \"config id\"\nattribute. For a SEV-SNP quote, the SHA256 hash of the InitTimeData must match\nthe quote's \"host data\" attribute.",
                  "Format": "byte",
                  "Required": false,
                  "Type": "string"
                },
                {
                  "#name": "dataType",
                  "Description": "The type of data contained within the \"data\" field",
                  "Enum": [
                    [
                      "Binary",
                      "The field's content should be treated as binary and not interpreted by MAA."
                    ],
                    [
                      "JSON",
                      "The field's content should be treated as UTF-8 JSON text that may be further\ninterpreted by MAA. Refer to RFC 8259 for a description of JSON serialization\nstandards for interoperability."
                    ]
                  ],
                  "Required": false,
                  "Type": "string"
                }
              ]
            },
            {
              "#name": "nonce",
              "Description": "Nonce for incoming request - emitted in the generated attestation token",
              "Required": false,
              "Type": "string"
            }
          ]
        }
      }
    },
    {
      "@removed_e592ee4cc8f54947b051477da2505fc9": {
        "#name": "request",
        "Description": "Request object containing the quote",
        "Required": true,
        "$schema": {
          "Description": "Attestation request for Intel TDX Virtual Machine",
          "Type": "object",
          "$properties": [
            {
              "#name": "quote",
              "Description": "Quote of the TDX virtual machine to be attested",
              "Format": "base64url",
              "Required": false,
              "Type": "string"
            },
            {
              "#name": "runtimeData",
              "Description": "Runtime data provided by the enclave at the time of quote generation. The MAA will verify that the first 32 bytes of the report_data field of the quote contains the SHA256 hash of the decoded \"data\" field of the runtime data.",
              "Required": false,
              "Type": "object",
              "$properties": [
                {
                  "#name": "data",
                  "Description": "Runtime data are generated by the Trusted Execution Environment (TEE). For an SGX quote (Coffeelake or Icelake), the SHA256 hash of the RuntimeData must match the lower 32 bytes of the quote's \"report data\" attribute. For a SEV-SNP quote, the SHA256 hash of the RuntimeData must match the quote's \"report data\" attribute.",
                  "Format": "base64url",
                  "Required": false,
                  "Type": "string"
                },
                {
                  "#name": "dataType",
                  "Description": "The type of data contained within the \"data\" field",
                  "Enum": [
                    [
                      "Binary",
                      "The field's content should be treated as binary and not interpreted by MAA."
                    ],
                    [
                      "JSON",
                      "The field's content should be treated as UTF-8 JSON text that may be further interpreted by MAA. Refer to RFC 8259 for a description of JSON serialization standards for interoperability."
                    ]
                  ],
                  "Required": false,
                  "Type": "string"
                }
              ]
            },
            {
              "#name": "initTimeData",
              "Description": "Initialization data provided when the enclave is created. MAA will verify that the init data was known to the enclave.",
              "Required": false,
              "Type": "object",
              "$properties": [
                {
                  "#name": "data",
                  "Description": "Initialization time data are passed into the Trusted Execution Environment (TEE) when it is created. For an Icelake SGX quote, the SHA256 hash of the InitTimeData must match the lower 32 bytes of the quote's \"config id\" attribute. For a SEV-SNP quote, the SHA256 hash of the InitTimeData must match the quote's \"host data\" attribute.",
                  "Format": "base64url",
                  "Required": false,
                  "Type": "string"
                },
                {
                  "#name": "dataType",
                  "Description": "The type of data contained within the \"data\" field",
                  "Enum": [
                    [
                      "Binary",
                      "The field's content should be treated as binary and not interpreted by MAA."
                    ],
                    [
                      "JSON",
                      "The field's content should be treated as UTF-8 JSON text that may be further interpreted by MAA. Refer to RFC 8259 for a description of JSON serialization standards for interoperability."
                    ]
                  ],
                  "Required": false,
                  "Type": "string"
                }
              ]
            },
            {
              "#name": "nonce",
              "Description": "Nonce for incoming request - emitted in the generated attestation token",
              "Required": false,
              "Type": "string"
            }
          ]
        }
      }
    }
  ],
  "$responses": {
    "default": {
      "Description": {
        "new": "A response containing error details.",
        "old": "An error response from Attestation."
      },
      "$properties": [
        {
          "#name": "error",
          "Description": {
            "new": "The error object.",
            "old": "An error response from Attestation."
          },
          "Required": {
            "new": true,
            "old": false
          },
          "$properties": [
            {
              "#name": "code",
              "Description": {
                "new": "One of a server-defined set of error codes.",
                "old": "An identifier for the error. Codes are invariant and are intended to be consumed programmatically."
              },
              "Required": {
                "new": true,
                "old": false
              }
            },
            {
              "#name": "message",
              "Description": {
                "new": "A human-readable representation of the error.",
                "old": "A message describing the error, intended to be suitable for displaying in a user interface."
              },
              "Required": {
                "new": true,
                "old": false
              }
            },
            {
              "@added_949b465e7e294b1d87e36324156fa40c": {
                "#name": "target",
                "Description": "The target of the error.",
                "Required": false,
                "Type": "string"
              }
            },
            {
              "@added_9432e4248ba747aea63b44762e2fe233": {
                "#name": "details",
                "Description": "An array of details about specific errors that led to this reported error.",
                "Required": false,
                "Type": "array",
                "$items": {
                  "Type": "string"
                }
              }
            },
            {
              "@added_e68ebb0a556149399ac455acb608564e": {
                "#name": "innererror",
                "Description": "An object containing more specific information than the current object about the error.",
                "Required": false,
                "Type": "object",
                "$properties": [
                  {
                    "#name": "code",
                    "Description": "One of a server-defined set of error codes.",
                    "Required": false,
                    "Type": "string"
                  },
                  {
                    "#name": "innererror",
                    "Required": false,
                    "Type": "string"
                  }
                ]
              }
            }
          ]
        }
      ]
    }
  }
}

⚼ Request

POST:  /attest/TdxVm
{
api-version:
{
Description: The API version to use for this operation. ,
Required: True ,
}
string ,
body:
{
Required: True ,
}
{
quote:
{
Description: Quote of the TDX virtual machine to be attested ,
Format: byte ,
Required: False ,
}
string ,
runtimeData:
{
Description: Runtime data provided by the enclave at the time of quote generation. The MAA will verify that the first 32 bytes of the report_data field of the quote contains the SHA256 hash of the decoded "data" field of the runtime data. ,
Required: False ,
}
{
data:
{
Description: Runtime data are generated by the Trusted Execution Environment (TEE). For an SGX quote (Coffeelake or Icelake), the SHA256 hash of the RuntimeData must match the lower 32 bytes of the quote's "report data" attribute. For a SEV-SNP quote, the SHA256 hash of the RuntimeData must match the quote's "report data" attribute. ,
Format: byte ,
Required: False ,
}
string ,
dataType:
{
Description: The type of data contained within the "data" field ,
Enum:
{
Binary: The field's content should be treated as binary and not interpreted by MAA. ,
JSON: The field's content should be treated as UTF-8 JSON text that may be further interpreted by MAA. Refer to RFC 8259 for a description of JSON serialization standards for interoperability. ,
}
,
Required: False ,
}
enum ,
}
,
initTimeData:
{
Description: Initialization data provided when the enclave is created. MAA will verify that the init data was known to the enclave. ,
Required: False ,
}
{
data:
{
Description: Initialization time data are passed into the Trusted Execution Environment (TEE) when it is created. For an Icelake SGX quote, the SHA256 hash of the InitTimeData must match the lower 32 bytes of the quote's "config id" attribute. For a SEV-SNP quote, the SHA256 hash of the InitTimeData must match the quote's "host data" attribute. ,
Format: byte ,
Required: False ,
}
string ,
dataType:
{
Description: The type of data contained within the "data" field ,
Enum:
{
Binary: The field's content should be treated as binary and not interpreted by MAA. ,
JSON: The field's content should be treated as UTF-8 JSON text that may be further interpreted by MAA. Refer to RFC 8259 for a description of JSON serialization standards for interoperability. ,
}
,
Required: False ,
}
enum ,
}
,
nonce:
{
Description: Nonce for incoming request - emitted in the generated attestation token ,
Required: False ,
}
string ,
}
,
}

⚐ Response (200)

{
token:
{
Description: An RFC 7519 JSON Web Token, the body of which is an AttestationResult object. ,
Required: False ,
}
string ,
}

⚐ Response (default)

{
$headers:
{
x-ms-error-code:
{
Description: String error code indicating what went wrong. ,
}
string ,
}
,
$schema:
{
Description: A response containing error details. ,
}
{
error:
{
Description: The error object. ,
Required: True ,
}
{
code:
{
Description: One of a server-defined set of error codes. ,
Required: True ,
}
string ,
message:
{
Description: A human-readable representation of the error. ,
Required: True ,
}
string ,
target:
{
Description: The target of the error. ,
Required: False ,
}
string ,
details:
{
Description: An array of details about specific errors that led to this reported error. ,
Required: False ,
}
[
string ,
]
,
innererror:
{
Description: An object containing more specific information than the current object about the error. ,
Required: False ,
}
{
code:
{
Description: One of a server-defined set of error codes. ,
Required: False ,
}
string ,
innererror:
{
Required: False ,
}
string ,
}
,
}
,
}
,
}
Attestation_AttestTpm (updated)
Description Processes attestation evidence from a VBS enclave, producing an attestation result. The attestation result produced is dependent upon the attestation policy.
Reference Link ¶

⚶ Changes

{
  "#id": "Attestation_AttestTpm",
  "Description": {
    "new": "Processes attestation evidence from a VBS enclave, producing an attestation\nresult. The attestation result produced is dependent upon the attestation\npolicy.",
    "old": "Processes attestation evidence from a VBS enclave, producing an attestation result. The attestation result produced is dependent upon the attestation policy."
  },
  "$parameters": [
    {
      "#name": "api-version",
      "Description": {
        "new": "The API version to use for this operation.",
        "old": "Client API version. Current version is 2025-06-01"
      }
    },
    {
      "@added_164cb53f62a442c58abd48d4ff2bc0dc": {
        "#name": "body",
        "Required": true,
        "$schema": {
          "Description": "Attestation request for Trusted Platform Module (TPM) attestation.",
          "Type": "object",
          "$properties": [
            {
              "#name": "data",
              "Description": "Protocol data containing artifacts for attestation.",
              "Format": "byte",
              "Required": false,
              "Type": "string"
            }
          ]
        }
      }
    },
    {
      "@removed_dc95006fe93140a2a08209302412a8e3": {
        "#name": "request",
        "Description": "Request object",
        "Required": true,
        "$schema": {
          "Description": "Attestation request for Trusted Platform Module (TPM) attestation.",
          "Type": "object",
          "$properties": [
            {
              "#name": "data",
              "Description": "Protocol data containing artifacts for attestation.",
              "Format": "base64url",
              "Required": false,
              "Type": "string"
            }
          ]
        }
      }
    }
  ],
  "$responses": {
    "200": {
      "$properties": [
        {
          "#name": "data",
          "Format": {
            "new": "byte",
            "old": "base64url"
          }
        }
      ]
    },
    "default": {
      "Description": {
        "new": "A response containing error details.",
        "old": "An error response from Attestation."
      },
      "$properties": [
        {
          "#name": "error",
          "Description": {
            "new": "The error object.",
            "old": "An error response from Attestation."
          },
          "Required": {
            "new": true,
            "old": false
          },
          "$properties": [
            {
              "#name": "code",
              "Description": {
                "new": "One of a server-defined set of error codes.",
                "old": "An identifier for the error. Codes are invariant and are intended to be consumed programmatically."
              },
              "Required": {
                "new": true,
                "old": false
              }
            },
            {
              "#name": "message",
              "Description": {
                "new": "A human-readable representation of the error.",
                "old": "A message describing the error, intended to be suitable for displaying in a user interface."
              },
              "Required": {
                "new": true,
                "old": false
              }
            },
            {
              "@added_5a9838b75a7147ac98e95d1252e825d0": {
                "#name": "target",
                "Description": "The target of the error.",
                "Required": false,
                "Type": "string"
              }
            },
            {
              "@added_a5636461bf2142c18d89fe118c695de6": {
                "#name": "details",
                "Description": "An array of details about specific errors that led to this reported error.",
                "Required": false,
                "Type": "array",
                "$items": {
                  "Type": "string"
                }
              }
            },
            {
              "@added_94f3ab6223b842b08783f4857b4f6867": {
                "#name": "innererror",
                "Description": "An object containing more specific information than the current object about the error.",
                "Required": false,
                "Type": "object",
                "$properties": [
                  {
                    "#name": "code",
                    "Description": "One of a server-defined set of error codes.",
                    "Required": false,
                    "Type": "string"
                  },
                  {
                    "#name": "innererror",
                    "Required": false,
                    "Type": "string"
                  }
                ]
              }
            }
          ]
        }
      ]
    }
  }
}

⚼ Request

POST:  /attest/Tpm
{
api-version:
{
Description: The API version to use for this operation. ,
Required: True ,
}
string ,
body:
{
Required: True ,
}
{
data:
{
Description: Protocol data containing artifacts for attestation. ,
Format: byte ,
Required: False ,
}
string ,
}
,
}

⚐ Response (200)

{
data:
{
Description: Protocol data containing attestation service response. ,
Format: byte ,
Required: False ,
}
string ,
}

⚐ Response (default)

{
$headers:
{
x-ms-error-code:
{
Description: String error code indicating what went wrong. ,
}
string ,
}
,
$schema:
{
Description: A response containing error details. ,
}
{
error:
{
Description: The error object. ,
Required: True ,
}
{
code:
{
Description: One of a server-defined set of error codes. ,
Required: True ,
}
string ,
message:
{
Description: A human-readable representation of the error. ,
Required: True ,
}
string ,
target:
{
Description: The target of the error. ,
Required: False ,
}
string ,
details:
{
Description: An array of details about specific errors that led to this reported error. ,
Required: False ,
}
[
string ,
]
,
innererror:
{
Description: An object containing more specific information than the current object about the error. ,
Required: False ,
}
{
code:
{
Description: One of a server-defined set of error codes. ,
Required: False ,
}
string ,
innererror:
{
Required: False ,
}
string ,
}
,
}
,
}
,
}
PolicyCertificates_Get (updated)
Description Retrieves the set of certificates used to express policy for the current tenant.
Reference Link ¶

⚶ Changes

{
  "#id": "PolicyCertificates_Get",
  "$parameters": [
    {
      "#name": "api-version",
      "Description": {
        "new": "The API version to use for this operation.",
        "old": "Client API version. Current version is 2025-06-01"
      }
    }
  ],
  "$responses": {
    "200": {
      "$properties": [
        {
          "#name": "token",
          "Description": {
            "new": "An RFC7519 JSON Web Token structure containing a PolicyCertificatesResults\nobject which contains the certificates used to validate policy changes",
            "old": "An RFC7519 JSON Web Token structure containing a PolicyCertificatesResults object which contains the certificates used to validate policy changes"
          }
        }
      ]
    },
    "default": {
      "Description": {
        "new": "A response containing error details.",
        "old": "An error response from Attestation."
      },
      "$properties": [
        {
          "#name": "error",
          "Description": {
            "new": "The error object.",
            "old": "An error response from Attestation."
          },
          "Required": {
            "new": true,
            "old": false
          },
          "$properties": [
            {
              "#name": "code",
              "Description": {
                "new": "One of a server-defined set of error codes.",
                "old": "An identifier for the error. Codes are invariant and are intended to be consumed programmatically."
              },
              "Required": {
                "new": true,
                "old": false
              }
            },
            {
              "#name": "message",
              "Description": {
                "new": "A human-readable representation of the error.",
                "old": "A message describing the error, intended to be suitable for displaying in a user interface."
              },
              "Required": {
                "new": true,
                "old": false
              }
            },
            {
              "@added_5d4d2380eb1f45168d9c8183a37bb01b": {
                "#name": "target",
                "Description": "The target of the error.",
                "Required": false,
                "Type": "string"
              }
            },
            {
              "@added_dd76cda0140f4b439828d0c62be45e3a": {
                "#name": "details",
                "Description": "An array of details about specific errors that led to this reported error.",
                "Required": false,
                "Type": "array",
                "$items": {
                  "Type": "string"
                }
              }
            },
            {
              "@added_6755a0f5cf37477a97f2d21c08da3f46": {
                "#name": "innererror",
                "Description": "An object containing more specific information than the current object about the error.",
                "Required": false,
                "Type": "object",
                "$properties": [
                  {
                    "#name": "code",
                    "Description": "One of a server-defined set of error codes.",
                    "Required": false,
                    "Type": "string"
                  },
                  {
                    "#name": "innererror",
                    "Required": false,
                    "Type": "string"
                  }
                ]
              }
            }
          ]
        }
      ]
    }
  }
}

⚼ Request

GET:  /certificates
{
api-version:
{
Description: The API version to use for this operation. ,
Required: True ,
}
string ,
}

⚐ Response (200)

{
token:
{
Description: An RFC7519 JSON Web Token structure containing a PolicyCertificatesResults object which contains the certificates used to validate policy changes ,
Required: False ,
}
string ,
}

⚐ Response (default)

{
$headers:
{
x-ms-error-code:
{
Description: String error code indicating what went wrong. ,
}
string ,
}
,
$schema:
{
Description: A response containing error details. ,
}
{
error:
{
Description: The error object. ,
Required: True ,
}
{
code:
{
Description: One of a server-defined set of error codes. ,
Required: True ,
}
string ,
message:
{
Description: A human-readable representation of the error. ,
Required: True ,
}
string ,
target:
{
Description: The target of the error. ,
Required: False ,
}
string ,
details:
{
Description: An array of details about specific errors that led to this reported error. ,
Required: False ,
}
[
string ,
]
,
innererror:
{
Description: An object containing more specific information than the current object about the error. ,
Required: False ,
}
{
code:
{
Description: One of a server-defined set of error codes. ,
Required: False ,
}
string ,
innererror:
{
Required: False ,
}
string ,
}
,
}
,
}
,
}
PolicyCertificates_Add (updated)
Description Adds a new attestation policy certificate to the set of policy management certificates.
Reference Link ¶

⚶ Changes

{
  "#id": "PolicyCertificates_Add",
  "Summary": {
    "new": "Adds a new attestation policy certificate to the set of policy management\ncertificates.",
    "old": "Adds a new attestation policy certificate to the set of policy management certificates."
  },
  "$parameters": [
    {
      "#name": "api-version",
      "Description": {
        "new": "The API version to use for this operation.",
        "old": "Client API version. Current version is 2025-06-01"
      }
    },
    {
      "@added_244ac82f5cfc4a2783868a08bbb2c61d": {
        "#name": "body",
        "Required": true,
        "$schema": {
          "Description": "Request model for adding a policy certificate",
          "Type": "object",
          "$properties": [
            {
              "#name": "policyCertificateToAdd",
              "Description": "The certificate to add, as a string (e.g., PEM or JWK)",
              "Required": true,
              "Type": "string"
            }
          ]
        }
      }
    },
    {
      "@removed_4a6d9e79321a48ae89715b400c64b7be": {
        "#name": "policyCertificateToAdd",
        "Description": "An RFC7519 JSON Web Token whose body is an RFC7517 JSON Web Key object. The RFC7519 JWT must be signed with one of the existing signing certificates",
        "Required": true,
        "$schema": {
          "Description": "An RFC 7519 Json Web Token",
          "Type": "string"
        }
      }
    }
  ],
  "$responses": {
    "200": {
      "$properties": [
        {
          "#name": "token",
          "Description": {
            "new": "An RFC7519 JSON Web Token structure whose body is a\nPolicyCertificatesModificationResult object.",
            "old": "An RFC7519 JSON Web Token structure whose body is a PolicyCertificatesModificationResult object."
          }
        }
      ]
    },
    "default": {
      "Description": {
        "new": "A response containing error details.",
        "old": "An error response from Attestation."
      },
      "$properties": [
        {
          "#name": "error",
          "Description": {
            "new": "The error object.",
            "old": "An error response from Attestation."
          },
          "Required": {
            "new": true,
            "old": false
          },
          "$properties": [
            {
              "#name": "code",
              "Description": {
                "new": "One of a server-defined set of error codes.",
                "old": "An identifier for the error. Codes are invariant and are intended to be consumed programmatically."
              },
              "Required": {
                "new": true,
                "old": false
              }
            },
            {
              "#name": "message",
              "Description": {
                "new": "A human-readable representation of the error.",
                "old": "A message describing the error, intended to be suitable for displaying in a user interface."
              },
              "Required": {
                "new": true,
                "old": false
              }
            },
            {
              "@added_f28a554551ca4b58949ef57a87f0214f": {
                "#name": "target",
                "Description": "The target of the error.",
                "Required": false,
                "Type": "string"
              }
            },
            {
              "@added_c32cdd08efdc4126b3a2c5f17802f358": {
                "#name": "details",
                "Description": "An array of details about specific errors that led to this reported error.",
                "Required": false,
                "Type": "array",
                "$items": {
                  "Type": "string"
                }
              }
            },
            {
              "@added_5d1db4702e1642419acabda62e25e69e": {
                "#name": "innererror",
                "Description": "An object containing more specific information than the current object about the error.",
                "Required": false,
                "Type": "object",
                "$properties": [
                  {
                    "#name": "code",
                    "Description": "One of a server-defined set of error codes.",
                    "Required": false,
                    "Type": "string"
                  },
                  {
                    "#name": "innererror",
                    "Required": false,
                    "Type": "string"
                  }
                ]
              }
            }
          ]
        }
      ]
    }
  }
}

⚼ Request

POST:  /certificates:add
{
api-version:
{
Description: The API version to use for this operation. ,
Required: True ,
}
string ,
body:
{
Required: True ,
}
{
policyCertificateToAdd:
{
Description: The certificate to add, as a string (e.g., PEM or JWK) ,
Required: True ,
}
string ,
}
,
}

⚐ Response (200)

{
token:
{
Description: An RFC7519 JSON Web Token structure whose body is a PolicyCertificatesModificationResult object. ,
Required: False ,
}
string ,
}

⚐ Response (default)

{
$headers:
{
x-ms-error-code:
{
Description: String error code indicating what went wrong. ,
}
string ,
}
,
$schema:
{
Description: A response containing error details. ,
}
{
error:
{
Description: The error object. ,
Required: True ,
}
{
code:
{
Description: One of a server-defined set of error codes. ,
Required: True ,
}
string ,
message:
{
Description: A human-readable representation of the error. ,
Required: True ,
}
string ,
target:
{
Description: The target of the error. ,
Required: False ,
}
string ,
details:
{
Description: An array of details about specific errors that led to this reported error. ,
Required: False ,
}
[
string ,
]
,
innererror:
{
Description: An object containing more specific information than the current object about the error. ,
Required: False ,
}
{
code:
{
Description: One of a server-defined set of error codes. ,
Required: False ,
}
string ,
innererror:
{
Required: False ,
}
string ,
}
,
}
,
}
,
}
PolicyCertificates_Remove (updated)
Description Removes the specified policy management certificate. Note that the final policy management certificate cannot be removed.
Reference Link ¶

⚶ Changes

{
  "#id": "PolicyCertificates_Remove",
  "Summary": {
    "new": "Removes the specified policy management certificate. Note that the final policy\nmanagement certificate cannot be removed.",
    "old": "Removes the specified policy management certificate. Note that the final policy management certificate cannot be removed."
  },
  "$parameters": [
    {
      "#name": "api-version",
      "Description": {
        "new": "The API version to use for this operation.",
        "old": "Client API version. Current version is 2025-06-01"
      }
    },
    {
      "@added_ff2f4557cfe7460fa2c2d8bd3bf60b7a": {
        "#name": "body",
        "Required": true,
        "$schema": {
          "Description": "Request model for removing a policy certificate",
          "Type": "object",
          "$properties": [
            {
              "#name": "policyCertificateToRemove",
              "Description": "The certificate to remove, as a string (e.g., PEM or JWK)",
              "Required": true,
              "Type": "string"
            }
          ]
        }
      }
    },
    {
      "@removed_ea5541d947454cacb64324c848aaf714": {
        "#name": "policyCertificateToRemove",
        "Description": "An RFC7519 JSON Web Token whose body is an AttestationCertificateManagementBody object. The RFC7519 JWT must be signed with one of the existing signing certificates",
        "Required": true,
        "$schema": {
          "Description": "An RFC 7519 Json Web Token",
          "Type": "string"
        }
      }
    }
  ],
  "$responses": {
    "200": {
      "$properties": [
        {
          "#name": "token",
          "Description": {
            "new": "An RFC7519 JSON Web Token structure whose body is a\nPolicyCertificatesModificationResult object.",
            "old": "An RFC7519 JSON Web Token structure whose body is a PolicyCertificatesModificationResult object."
          }
        }
      ]
    },
    "default": {
      "Description": {
        "new": "A response containing error details.",
        "old": "An error response from Attestation."
      },
      "$properties": [
        {
          "#name": "error",
          "Description": {
            "new": "The error object.",
            "old": "An error response from Attestation."
          },
          "Required": {
            "new": true,
            "old": false
          },
          "$properties": [
            {
              "#name": "code",
              "Description": {
                "new": "One of a server-defined set of error codes.",
                "old": "An identifier for the error. Codes are invariant and are intended to be consumed programmatically."
              },
              "Required": {
                "new": true,
                "old": false
              }
            },
            {
              "#name": "message",
              "Description": {
                "new": "A human-readable representation of the error.",
                "old": "A message describing the error, intended to be suitable for displaying in a user interface."
              },
              "Required": {
                "new": true,
                "old": false
              }
            },
            {
              "@added_ce19c81a9b694b88843292f3ae36fef9": {
                "#name": "target",
                "Description": "The target of the error.",
                "Required": false,
                "Type": "string"
              }
            },
            {
              "@added_16758a0b315e47a2aa72328852bc5a21": {
                "#name": "details",
                "Description": "An array of details about specific errors that led to this reported error.",
                "Required": false,
                "Type": "array",
                "$items": {
                  "Type": "string"
                }
              }
            },
            {
              "@added_705df5c66fae4d3286f75d532cf83c27": {
                "#name": "innererror",
                "Description": "An object containing more specific information than the current object about the error.",
                "Required": false,
                "Type": "object",
                "$properties": [
                  {
                    "#name": "code",
                    "Description": "One of a server-defined set of error codes.",
                    "Required": false,
                    "Type": "string"
                  },
                  {
                    "#name": "innererror",
                    "Required": false,
                    "Type": "string"
                  }
                ]
              }
            }
          ]
        }
      ]
    }
  }
}

⚼ Request

POST:  /certificates:remove
{
api-version:
{
Description: The API version to use for this operation. ,
Required: True ,
}
string ,
body:
{
Required: True ,
}
{
policyCertificateToRemove:
{
Description: The certificate to remove, as a string (e.g., PEM or JWK) ,
Required: True ,
}
string ,
}
,
}

⚐ Response (200)

{
token:
{
Description: An RFC7519 JSON Web Token structure whose body is a PolicyCertificatesModificationResult object. ,
Required: False ,
}
string ,
}

⚐ Response (default)

{
$headers:
{
x-ms-error-code:
{
Description: String error code indicating what went wrong. ,
}
string ,
}
,
$schema:
{
Description: A response containing error details. ,
}
{
error:
{
Description: The error object. ,
Required: True ,
}
{
code:
{
Description: One of a server-defined set of error codes. ,
Required: True ,
}
string ,
message:
{
Description: A human-readable representation of the error. ,
Required: True ,
}
string ,
target:
{
Description: The target of the error. ,
Required: False ,
}
string ,
details:
{
Description: An array of details about specific errors that led to this reported error. ,
Required: False ,
}
[
string ,
]
,
innererror:
{
Description: An object containing more specific information than the current object about the error. ,
Required: False ,
}
{
code:
{
Description: One of a server-defined set of error codes. ,
Required: False ,
}
string ,
innererror:
{
Required: False ,
}
string ,
}
,
}
,
}
,
}
SigningCertificates_Get (updated)
Description Retrieves metadata signing certificates in use by the attestation service
Reference Link ¶

⚶ Changes

{
  "#id": "SigningCertificates_Get",
  "$responses": {
    "default": {
      "Description": {
        "new": "A response containing error details.",
        "old": "An error response from Attestation."
      },
      "$properties": [
        {
          "#name": "error",
          "Description": {
            "new": "The error object.",
            "old": "An error response from Attestation."
          },
          "Required": {
            "new": true,
            "old": false
          },
          "$properties": [
            {
              "#name": "code",
              "Description": {
                "new": "One of a server-defined set of error codes.",
                "old": "An identifier for the error. Codes are invariant and are intended to be consumed programmatically."
              },
              "Required": {
                "new": true,
                "old": false
              }
            },
            {
              "#name": "message",
              "Description": {
                "new": "A human-readable representation of the error.",
                "old": "A message describing the error, intended to be suitable for displaying in a user interface."
              },
              "Required": {
                "new": true,
                "old": false
              }
            },
            {
              "@added_0e29c77596d0464d9619a59de74379c3": {
                "#name": "target",
                "Description": "The target of the error.",
                "Required": false,
                "Type": "string"
              }
            },
            {
              "@added_b2ffac1356b449f88db063fefb0954bc": {
                "#name": "details",
                "Description": "An array of details about specific errors that led to this reported error.",
                "Required": false,
                "Type": "array",
                "$items": {
                  "Type": "string"
                }
              }
            },
            {
              "@added_0b575c892f55401893acb4d8674c513e": {
                "#name": "innererror",
                "Description": "An object containing more specific information than the current object about the error.",
                "Required": false,
                "Type": "object",
                "$properties": [
                  {
                    "#name": "code",
                    "Description": "One of a server-defined set of error codes.",
                    "Required": false,
                    "Type": "string"
                  },
                  {
                    "#name": "innererror",
                    "Required": false,
                    "Type": "string"
                  }
                ]
              }
            }
          ]
        }
      ]
    }
  }
}

⚼ Request

GET:  /certs
{
api-version:
{
Description: The API version to use for this operation. ,
Required: True ,
}
string ,
}

⚐ Response (200)

{
keys:
{
Description: The value of the "keys" parameter is an array of JWK values. By default, the order of the JWK values within the array does not imply an order of preference among them, although applications of JWK Sets can choose to assign a meaning to the order for their purposes, if desired. ,
Required: False ,
}
[
{
alg:
{
Description: The "alg" (algorithm) parameter identifies the algorithm intended for use with the key. The values used should either be registered in the IANA "JSON Web Signature and Encryption Algorithms" registry established by [JWA] or be a value that contains a Collision- Resistant Name. ,
Required: False ,
}
string ,
crv:
{
Description: The "crv" (curve) parameter identifies the curve type ,
Required: False ,
}
string ,
d:
{
Description: RSA private exponent or ECC private key ,
Required: False ,
}
string ,
dp:
{
Description: RSA Private Key Parameter ,
Required: False ,
}
string ,
dq:
{
Description: RSA Private Key Parameter ,
Required: False ,
}
string ,
e:
{
Description: RSA public exponent, in Base64 ,
Required: False ,
}
string ,
k:
{
Description: Symmetric key ,
Required: False ,
}
string ,
kid:
{
Description: The "kid" (key ID) parameter is used to match a specific key. This is used, for instance, to choose among a set of keys within a JWK Set during key rollover. The structure of the "kid" value is unspecified. When "kid" values are used within a JWK Set, different keys within the JWK Set SHOULD use distinct "kid" values. (One example in which different keys might use the same "kid" value is if they have different "kty" (key type) values but are considered to be equivalent alternatives by the application using them.) The "kid" value is a case-sensitive string. ,
Required: False ,
}
string ,
kty:
{
Description: The "kty" (key type) parameter identifies the cryptographic algorithm family used with the key, such as "RSA" or "EC". "kty" values should either be registered in the IANA "JSON Web Key Types" registry established by [JWA] or be a value that contains a Collision- Resistant Name. The "kty" value is a case-sensitive string. ,
Required: True ,
}
string ,
n:
{
Description: RSA modulus, in Base64 ,
Required: False ,
}
string ,
p:
{
Description: RSA secret prime ,
Required: False ,
}
string ,
q:
{
Description: RSA secret prime, with p < q ,
Required: False ,
}
string ,
qi:
{
Description: RSA Private Key Parameter ,
Required: False ,
}
string ,
use:
{
Description: Use ("public key use") identifies the intended use of the public key. The "use" parameter is employed to indicate whether a public key is used for encrypting data or verifying the signature on data. Values are commonly "sig" (signature) or "enc" (encryption). ,
Required: False ,
}
string ,
x:
{
Description: X coordinate for the Elliptic Curve point ,
Required: False ,
}
string ,
x5c:
{
Description: The "x5c" (X.509 certificate chain) parameter contains a chain of one or more PKIX certificates [RFC5280]. The certificate chain is represented as a JSON array of certificate value strings. Each string in the array is a base64-encoded (Section 4 of [RFC4648] -- not base64url-encoded) DER [ITU.X690.1994] PKIX certificate value. The PKIX certificate containing the key value MUST be the first certificate. ,
Required: False ,
}
[
string ,
]
,
y:
{
Description: Y coordinate for the Elliptic Curve point ,
Required: False ,
}
string ,
}
,
]
,
}

⚐ Response (default)

{
$headers:
{
x-ms-error-code:
{
Description: String error code indicating what went wrong. ,
}
string ,
}
,
$schema:
{
Description: A response containing error details. ,
}
{
error:
{
Description: The error object. ,
Required: True ,
}
{
code:
{
Description: One of a server-defined set of error codes. ,
Required: True ,
}
string ,
message:
{
Description: A human-readable representation of the error. ,
Required: True ,
}
string ,
target:
{
Description: The target of the error. ,
Required: False ,
}
string ,
details:
{
Description: An array of details about specific errors that led to this reported error. ,
Required: False ,
}
[
string ,
]
,
innererror:
{
Description: An object containing more specific information than the current object about the error. ,
Required: False ,
}
{
code:
{
Description: One of a server-defined set of error codes. ,
Required: False ,
}
string ,
innererror:
{
Required: False ,
}
string ,
}
,
}
,
}
,
}
Policy_Get (updated)
Description Retrieves the current policy for an attestation type.
Reference Link ¶

⚶ Changes

{
  "#id": "Policy_Get",
  "$parameters": [
    {
      "#name": "api-version",
      "Description": {
        "new": "The API version to use for this operation.",
        "old": "Client API version. Current version is 2025-06-01"
      }
    }
  ],
  "$responses": {
    "default": {
      "Description": {
        "new": "A response containing error details.",
        "old": "An error response from Attestation."
      },
      "$properties": [
        {
          "#name": "error",
          "Description": {
            "new": "The error object.",
            "old": "An error response from Attestation."
          },
          "Required": {
            "new": true,
            "old": false
          },
          "$properties": [
            {
              "#name": "code",
              "Description": {
                "new": "One of a server-defined set of error codes.",
                "old": "An identifier for the error. Codes are invariant and are intended to be consumed programmatically."
              },
              "Required": {
                "new": true,
                "old": false
              }
            },
            {
              "#name": "message",
              "Description": {
                "new": "A human-readable representation of the error.",
                "old": "A message describing the error, intended to be suitable for displaying in a user interface."
              },
              "Required": {
                "new": true,
                "old": false
              }
            },
            {
              "@added_06477061bf294cabaf3dde0bc2580706": {
                "#name": "target",
                "Description": "The target of the error.",
                "Required": false,
                "Type": "string"
              }
            },
            {
              "@added_eec52d84c47a420385a18fa364292972": {
                "#name": "details",
                "Description": "An array of details about specific errors that led to this reported error.",
                "Required": false,
                "Type": "array",
                "$items": {
                  "Type": "string"
                }
              }
            },
            {
              "@added_25998cb866c142a298a276c2aa999ab1": {
                "#name": "innererror",
                "Description": "An object containing more specific information than the current object about the error.",
                "Required": false,
                "Type": "object",
                "$properties": [
                  {
                    "#name": "code",
                    "Description": "One of a server-defined set of error codes.",
                    "Required": false,
                    "Type": "string"
                  },
                  {
                    "#name": "innererror",
                    "Required": false,
                    "Type": "string"
                  }
                ]
              }
            }
          ]
        }
      ]
    }
  }
}

⚼ Request

GET:  /policies/{attestationType}
{
api-version:
{
Description: The API version to use for this operation. ,
Required: True ,
}
string ,
attestationType:
{
Description: Specifies the trusted execution environment to be used to validate the evidence ,
Required: True ,
}
string ,
}

⚐ Response (200)

{
token:
{
Description: An RFC7519 JSON Web Token structure whose body is an PolicyResult object. ,
Required: False ,
}
string ,
}

⚐ Response (default)

{
$headers:
{
x-ms-error-code:
{
Description: String error code indicating what went wrong. ,
}
string ,
}
,
$schema:
{
Description: A response containing error details. ,
}
{
error:
{
Description: The error object. ,
Required: True ,
}
{
code:
{
Description: One of a server-defined set of error codes. ,
Required: True ,
}
string ,
message:
{
Description: A human-readable representation of the error. ,
Required: True ,
}
string ,
target:
{
Description: The target of the error. ,
Required: False ,
}
string ,
details:
{
Description: An array of details about specific errors that led to this reported error. ,
Required: False ,
}
[
string ,
]
,
innererror:
{
Description: An object containing more specific information than the current object about the error. ,
Required: False ,
}
{
code:
{
Description: One of a server-defined set of error codes. ,
Required: False ,
}
string ,
innererror:
{
Required: False ,
}
string ,
}
,
}
,
}
,
}
Policy_Set (updated)
Description Sets the policy for a given attestation type.
Reference Link ¶

⚶ Changes

{
  "#id": "Policy_Set",
  "$parameters": [
    {
      "#name": "api-version",
      "Description": {
        "new": "The API version to use for this operation.",
        "old": "Client API version. Current version is 2025-06-01"
      }
    }
  ],
  "$responses": {
    "default": {
      "Description": {
        "new": "A response containing error details.",
        "old": "An error response from Attestation."
      },
      "$properties": [
        {
          "#name": "error",
          "Description": {
            "new": "The error object.",
            "old": "An error response from Attestation."
          },
          "Required": {
            "new": true,
            "old": false
          },
          "$properties": [
            {
              "#name": "code",
              "Description": {
                "new": "One of a server-defined set of error codes.",
                "old": "An identifier for the error. Codes are invariant and are intended to be consumed programmatically."
              },
              "Required": {
                "new": true,
                "old": false
              }
            },
            {
              "#name": "message",
              "Description": {
                "new": "A human-readable representation of the error.",
                "old": "A message describing the error, intended to be suitable for displaying in a user interface."
              },
              "Required": {
                "new": true,
                "old": false
              }
            },
            {
              "@added_37fef0fa92fc464fb4c439eead550af3": {
                "#name": "target",
                "Description": "The target of the error.",
                "Required": false,
                "Type": "string"
              }
            },
            {
              "@added_d55e5fdb7ecf4cd09080b88c2bfba663": {
                "#name": "details",
                "Description": "An array of details about specific errors that led to this reported error.",
                "Required": false,
                "Type": "array",
                "$items": {
                  "Type": "string"
                }
              }
            },
            {
              "@added_2f47273748e444fe8171bb73d5c787b7": {
                "#name": "innererror",
                "Description": "An object containing more specific information than the current object about the error.",
                "Required": false,
                "Type": "object",
                "$properties": [
                  {
                    "#name": "code",
                    "Description": "One of a server-defined set of error codes.",
                    "Required": false,
                    "Type": "string"
                  },
                  {
                    "#name": "innererror",
                    "Required": false,
                    "Type": "string"
                  }
                ]
              }
            }
          ]
        }
      ]
    }
  }
}

⚼ Request

PUT:  /policies/{attestationType}
{
api-version:
{
Description: The API version to use for this operation. ,
Required: True ,
}
string ,
attestationType:
{
Description: Specifies the trusted execution environment to be used to validate the evidence ,
Required: True ,
}
string ,
newAttestationPolicy:
{
Description: JWT Expressing the new policy whose body is a StoredAttestationPolicy object. ,
Required: True ,
}
string ,
}

⚐ Response (200)

{
token:
{
Description: An RFC7519 JSON Web Token structure whose body is an PolicyResult object. ,
Required: False ,
}
string ,
}

⚐ Response (default)

{
$headers:
{
x-ms-error-code:
{
Description: String error code indicating what went wrong. ,
}
string ,
}
,
$schema:
{
Description: A response containing error details. ,
}
{
error:
{
Description: The error object. ,
Required: True ,
}
{
code:
{
Description: One of a server-defined set of error codes. ,
Required: True ,
}
string ,
message:
{
Description: A human-readable representation of the error. ,
Required: True ,
}
string ,
target:
{
Description: The target of the error. ,
Required: False ,
}
string ,
details:
{
Description: An array of details about specific errors that led to this reported error. ,
Required: False ,
}
[
string ,
]
,
innererror:
{
Description: An object containing more specific information than the current object about the error. ,
Required: False ,
}
{
code:
{
Description: One of a server-defined set of error codes. ,
Required: False ,
}
string ,
innererror:
{
Required: False ,
}
string ,
}
,
}
,
}
,
}
Policy_Reset (updated)
Description Resets the attestation policy for the specified tenant and reverts to the default policy.
Reference Link ¶

⚶ Changes

{
  "#id": "Policy_Reset",
  "Summary": {
    "new": "Resets the attestation policy for the specified tenant and reverts to the\ndefault policy.",
    "old": "Resets the attestation policy for the specified tenant and reverts to the default policy."
  },
  "$parameters": [
    {
      "#name": "api-version",
      "Description": {
        "new": "The API version to use for this operation.",
        "old": "Client API version. Current version is 2025-06-01"
      }
    },
    {
      "@added_39c9ea2c4bd94d6d8baa1cdfdb0e2daa": {
        "#name": "policyJws",
        "Description": "JSON Web Signature with an empty policy document",
        "Required": true,
        "$schema": {
          "Type": "string"
        }
      }
    },
    {
      "@removed_e320f283b109444aa2aeeb9015b6e0dc": {
        "#name": "PolicyJws",
        "Description": "JSON Web Signature with an empty policy document",
        "Required": true,
        "$schema": {
          "Description": "An RFC 7519 Json Web Token",
          "Type": "string"
        }
      }
    }
  ],
  "$responses": {
    "default": {
      "Description": {
        "new": "A response containing error details.",
        "old": "An error response from Attestation."
      },
      "$properties": [
        {
          "#name": "error",
          "Description": {
            "new": "The error object.",
            "old": "An error response from Attestation."
          },
          "Required": {
            "new": true,
            "old": false
          },
          "$properties": [
            {
              "#name": "code",
              "Description": {
                "new": "One of a server-defined set of error codes.",
                "old": "An identifier for the error. Codes are invariant and are intended to be consumed programmatically."
              },
              "Required": {
                "new": true,
                "old": false
              }
            },
            {
              "#name": "message",
              "Description": {
                "new": "A human-readable representation of the error.",
                "old": "A message describing the error, intended to be suitable for displaying in a user interface."
              },
              "Required": {
                "new": true,
                "old": false
              }
            },
            {
              "@added_7bfaaf02e2014e7581b6fb6b9ff30749": {
                "#name": "target",
                "Description": "The target of the error.",
                "Required": false,
                "Type": "string"
              }
            },
            {
              "@added_5986d8162e294e1d85f9c8b467d0546d": {
                "#name": "details",
                "Description": "An array of details about specific errors that led to this reported error.",
                "Required": false,
                "Type": "array",
                "$items": {
                  "Type": "string"
                }
              }
            },
            {
              "@added_30e54011f2a5481a8e7787a076d4b2fe": {
                "#name": "innererror",
                "Description": "An object containing more specific information than the current object about the error.",
                "Required": false,
                "Type": "object",
                "$properties": [
                  {
                    "#name": "code",
                    "Description": "One of a server-defined set of error codes.",
                    "Required": false,
                    "Type": "string"
                  },
                  {
                    "#name": "innererror",
                    "Required": false,
                    "Type": "string"
                  }
                ]
              }
            }
          ]
        }
      ]
    }
  }
}

⚼ Request

POST:  /policies/{attestationType}:reset
{
api-version:
{
Description: The API version to use for this operation. ,
Required: True ,
}
string ,
attestationType:
{
Description: Specifies the trusted execution environment to be used to validate the evidence ,
Required: True ,
}
string ,
policyJws:
{
Description: JSON Web Signature with an empty policy document ,
Required: True ,
}
string ,
}

⚐ Response (200)

{
token:
{
Description: An RFC7519 JSON Web Token structure whose body is an PolicyResult object. ,
Required: False ,
}
string ,
}

⚐ Response (default)

{
$headers:
{
x-ms-error-code:
{
Description: String error code indicating what went wrong. ,
}
string ,
}
,
$schema:
{
Description: A response containing error details. ,
}
{
error:
{
Description: The error object. ,
Required: True ,
}
{
code:
{
Description: One of a server-defined set of error codes. ,
Required: True ,
}
string ,
message:
{
Description: A human-readable representation of the error. ,
Required: True ,
}
string ,
target:
{
Description: The target of the error. ,
Required: False ,
}
string ,
details:
{
Description: An array of details about specific errors that led to this reported error. ,
Required: False ,
}
[
string ,
]
,
innererror:
{
Description: An object containing more specific information than the current object about the error. ,
Required: False ,
}
{
code:
{
Description: One of a server-defined set of error codes. ,
Required: False ,
}
string ,
innererror:
{
Required: False ,
}
string ,
}
,
}
,
}
,
}
TcbBaselines_Get (updated)
Description Retrieves a list of all Azure supported baseline details for the a TEE type along with an indication of which one is in enforced for the attestation provider.
Reference Link ¶

⚶ Changes

{
  "#id": "TcbBaselines_Get",
  "Summary": {
    "new": "Retrieves a list of all Azure supported baseline details for the a TEE type\nalong with an indication of which one is in enforced for the attestation\nprovider.",
    "old": "Retrieves a list of all Azure supported baseline details for the a TEE type along with an indication of which one is in enforced for the attestation provider."
  },
  "$parameters": [
    {
      "#name": "api-version",
      "Description": {
        "new": "The API version to use for this operation.",
        "old": "Client API version. Current version is 2025-06-01"
      }
    }
  ],
  "$responses": {
    "200": {
      "Description": {
        "new": "A list of all Azure supported baseline details for the a TEE type along with an\nindication of which one is in enforced for the attestation provider",
        "old": "A list of all Azure supported baseline details for the a TEE type along with an indication of which one is in enforced for the attestation provider"
      },
      "$properties": [
        {
          "#name": "tcbBaselines",
          "Description": {
            "new": "A list of all Azure supported baseline details for the a TEE type along with an\nindication of which one is in enforced for the attestation provider",
            "old": "A list of all Azure supported baseline details for the a TEE type along with an indication of which one is in enforced for the attestation provider"
          },
          "$items": {
            "Description": {
              "new": "TEE specific Tcb baseline used in attestation, and baseline details including\nbaseline identifier, release date and minimum required software version",
              "old": "TEE specific Tcb baseline used in attestation, and baseline details including baseline identifier, release date and minimum required software version"
            },
            "$properties": [
              {
                "#name": "tcbEvaluationDataNumber",
                "Description": {
                  "new": "A monotonically increasing sequence number changed when Intel updates the\ncontent of the TCB evaluation data set. SGX TEE specific property",
                  "old": "A monotonically increasing sequence number changed when Intel updates the content of the TCB evaluation data set. SGX TEE specific property"
                }
              },
              {
                "#name": "minimumPswLinuxVersion",
                "Description": {
                  "new": "Minimum Linux PSW version required to support the corresponding Tcb baseline.\nSGX TEE specific property",
                  "old": "Minimum Linux PSW version required to support the corresponding Tcb baseline. SGX TEE specific property"
                }
              },
              {
                "#name": "minimumPswWindowsVersion",
                "Description": {
                  "new": "Minimum Windows PSW version required to support the corresponding Tcb baseline.\nSGX TEE specific property",
                  "old": "Minimum Windows PSW version required to support the corresponding Tcb baseline. SGX TEE specific property"
                }
              },
              {
                "#name": "isSelectedTcb",
                "Description": {
                  "new": "The corresponding Tcb baseline is set in attestation policy and is used in\nattestation request if set to true",
                  "old": "The corresponding Tcb baseline is set in attestation policy and is used in attestation request if set to true"
                }
              }
            ]
          }
        }
      ]
    },
    "default": {
      "Description": {
        "new": "A response containing error details.",
        "old": "An error response from Attestation."
      },
      "$properties": [
        {
          "#name": "error",
          "Description": {
            "new": "The error object.",
            "old": "An error response from Attestation."
          },
          "Required": {
            "new": true,
            "old": false
          },
          "$properties": [
            {
              "#name": "code",
              "Description": {
                "new": "One of a server-defined set of error codes.",
                "old": "An identifier for the error. Codes are invariant and are intended to be consumed programmatically."
              },
              "Required": {
                "new": true,
                "old": false
              }
            },
            {
              "#name": "message",
              "Description": {
                "new": "A human-readable representation of the error.",
                "old": "A message describing the error, intended to be suitable for displaying in a user interface."
              },
              "Required": {
                "new": true,
                "old": false
              }
            },
            {
              "@added_67b7c85b576a46ff9705bffe0d9742bb": {
                "#name": "target",
                "Description": "The target of the error.",
                "Required": false,
                "Type": "string"
              }
            },
            {
              "@added_2e9452cdca204e0a8f7de02d534b10fe": {
                "#name": "details",
                "Description": "An array of details about specific errors that led to this reported error.",
                "Required": false,
                "Type": "array",
                "$items": {
                  "Type": "string"
                }
              }
            },
            {
              "@added_858548c55d3241258d55b90cb323768b": {
                "#name": "innererror",
                "Description": "An object containing more specific information than the current object about the error.",
                "Required": false,
                "Type": "object",
                "$properties": [
                  {
                    "#name": "code",
                    "Description": "One of a server-defined set of error codes.",
                    "Required": false,
                    "Type": "string"
                  },
                  {
                    "#name": "innererror",
                    "Required": false,
                    "Type": "string"
                  }
                ]
              }
            }
          ]
        }
      ]
    }
  }
}

⚼ Request

GET:  /tcbbaselines/{attestationType}
{
api-version:
{
Description: The API version to use for this operation. ,
Required: True ,
}
string ,
attestationType:
{
Description: Specifies the trusted execution environment to be used to validate the evidence ,
Required: True ,
}
string ,
}

⚐ Response (200)

{
tcbBaselines:
{
Description: A list of all Azure supported baseline details for the a TEE type along with an indication of which one is in enforced for the attestation provider ,
Required: False ,
}
[
{
tcbIdentifier:
{
Description: The Tcb baseline Identifier used in attestation policy ,
Required: False ,
}
string ,
tcbEvaluationDataNumber:
{
Description: A monotonically increasing sequence number changed when Intel updates the content of the TCB evaluation data set. SGX TEE specific property ,
Format: int32 ,
Required: False ,
}
integer ,
tcbReleaseDate:
{
Description: Date and time when the Tcb is released. SGX TEE specific property ,
Format: date-time ,
Required: False ,
}
string ,
minimumPswLinuxVersion:
{
Description: Minimum Linux PSW version required to support the corresponding Tcb baseline. SGX TEE specific property ,
Required: False ,
}
string ,
minimumPswWindowsVersion:
{
Description: Minimum Windows PSW version required to support the corresponding Tcb baseline. SGX TEE specific property ,
Required: False ,
}
string ,
isSelectedTcb:
{
Description: The corresponding Tcb baseline is set in attestation policy and is used in attestation request if set to true ,
Required: False ,
}
boolean ,
}
,
]
,
}

⚐ Response (default)

{
$headers:
{
x-ms-error-code:
{
Description: String error code indicating what went wrong. ,
}
string ,
}
,
$schema:
{
Description: A response containing error details. ,
}
{
error:
{
Description: The error object. ,
Required: True ,
}
{
code:
{
Description: One of a server-defined set of error codes. ,
Required: True ,
}
string ,
message:
{
Description: A human-readable representation of the error. ,
Required: True ,
}
string ,
target:
{
Description: The target of the error. ,
Required: False ,
}
string ,
details:
{
Description: An array of details about specific errors that led to this reported error. ,
Required: False ,
}
[
string ,
]
,
innererror:
{
Description: An object containing more specific information than the current object about the error. ,
Required: False ,
}
{
code:
{
Description: One of a server-defined set of error codes. ,
Required: False ,
}
string ,
innererror:
{
Required: False ,
}
string ,
}
,
}
,
}
,
}