Microsoft Azure · Capability

Microsoft Azure AttestationClient — Policy Management Certificates

Microsoft Azure AttestationClient — Policy Management Certificates. 3 operations. Lead operation: Microsoft Azure Retrieves The Set Of Certificates Used To Express Policy For The Current Tenant. Self-contained Naftiko capability covering one Microsoft Azure business surface.

Run with Naftiko Microsoft AzurePolicy Management Certificates

What You Can Do

GET
Microsoftazurepolicycertificatesget — Microsoft Azure Retrieves The Set Of Certificates Used To Express Policy For The Current Tenant
/v1/certificates
POST
Microsoftazurepolicycertificatesadd — Microsoft Azure Adds A New Attestation Policy Certificate To The Set Of Policy Management Certificates
/v1/certificates-add
POST
Microsoftazurepolicycertificatesremove — Microsoft Azure Removes The Specified Policy Management Certificate Note That The Final Policy Management Certificate Cannot Be Removed
/v1/certificates-remove

MCP Tools

microsoft-azure-retrieves-set-certificates

Microsoft Azure Retrieves The Set Of Certificates Used To Express Policy For The Current Tenant

read-only idempotent
microsoft-azure-adds-new-attestation

Microsoft Azure Adds A New Attestation Policy Certificate To The Set Of Policy Management Certificates

microsoft-azure-removes-specified-policy

Microsoft Azure Removes The Specified Policy Management Certificate Note That The Final Policy Management Certificate Cannot Be Removed

Capability Spec

attestationclient-policy-management-certificates.yaml Raw ↑ 
naftiko: 1.0.0-alpha2
info:
  label: Microsoft Azure AttestationClient — Policy Management Certificates
  description: 'Microsoft Azure AttestationClient — Policy Management Certificates. 3 operations. Lead operation: Microsoft
    Azure Retrieves The Set Of Certificates Used To Express Policy For The Current Tenant. Self-contained Naftiko capability
    covering one Microsoft Azure business surface.'
  tags:
  - Microsoft Azure
  - Policy Management Certificates
  created: '2026-05-19'
  modified: '2026-05-19'
binds:
- namespace: env
  keys:
    MICROSOFT_AZURE_API_KEY: MICROSOFT_AZURE_API_KEY
capability:
  consumes:
  - type: http
    namespace: attestationclient-policy-management-certificates
    baseUri: ''
    description: Microsoft Azure AttestationClient — Policy Management Certificates business capability. Self-contained, no
      shared references.
    resources:
    - name: certificates
      path: /certificates
      operations:
      - name: microsoftazurepolicycertificatesget
        method: GET
        description: Microsoft Azure Retrieves The Set Of Certificates Used To Express Policy For The Current Tenant
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
    - name: certificates:add
      path: /certificates:add
      operations:
      - name: microsoftazurepolicycertificatesadd
        method: POST
        description: Microsoft Azure Adds A New Attestation Policy Certificate To The Set Of Policy Management Certificates
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
        inputParameters:
        - name: policyCertificateToAdd
          in: body
          type: string
          description: An RFC7519 JSON Web Token whose body is an RFC7517 JSON Web Key object. The RFC7519 JWT must be signed
            with one of the existing signing certificates
          required: true
    - name: certificates:remove
      path: /certificates:remove
      operations:
      - name: microsoftazurepolicycertificatesremove
        method: POST
        description: Microsoft Azure Removes The Specified Policy Management Certificate Note That The Final Policy Management
          Certificate Cannot Be Removed
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
        inputParameters:
        - name: policyCertificateToRemove
          in: body
          type: string
          description: An RFC7519 JSON Web Token whose body is an AttestationCertificateManagementBody object. The RFC7519
            JWT must be signed with one of the existing signing certific
          required: true
  exposes:
  - type: rest
    namespace: attestationclient-policy-management-certificates-rest
    port: 8080
    description: REST adapter for Microsoft Azure AttestationClient — Policy Management Certificates. One Spectral-compliant
      resource per consumed operation, prefixed with /v1.
    resources:
    - path: /v1/certificates
      name: certificates
      description: REST surface for certificates.
      operations:
      - method: GET
        name: microsoftazurepolicycertificatesget
        description: Microsoft Azure Retrieves The Set Of Certificates Used To Express Policy For The Current Tenant
        call: attestationclient-policy-management-certificates.microsoftazurepolicycertificatesget
        outputParameters:
        - type: object
          mapping: $.
    - path: /v1/certificates-add
      name: certificates-add
      description: REST surface for certificates:add.
      operations:
      - method: POST
        name: microsoftazurepolicycertificatesadd
        description: Microsoft Azure Adds A New Attestation Policy Certificate To The Set Of Policy Management Certificates
        call: attestationclient-policy-management-certificates.microsoftazurepolicycertificatesadd
        with:
          policyCertificateToAdd: rest.policyCertificateToAdd
        outputParameters:
        - type: object
          mapping: $.
    - path: /v1/certificates-remove
      name: certificates-remove
      description: REST surface for certificates:remove.
      operations:
      - method: POST
        name: microsoftazurepolicycertificatesremove
        description: Microsoft Azure Removes The Specified Policy Management Certificate Note That The Final Policy Management
          Certificate Cannot Be Removed
        call: attestationclient-policy-management-certificates.microsoftazurepolicycertificatesremove
        with:
          policyCertificateToRemove: rest.policyCertificateToRemove
        outputParameters:
        - type: object
          mapping: $.
  - type: mcp
    namespace: attestationclient-policy-management-certificates-mcp
    port: 9090
    transport: http
    description: MCP adapter for Microsoft Azure AttestationClient — Policy Management Certificates. One tool per consumed
      operation, routed inline through this capability's consumes block.
    tools:
    - name: microsoft-azure-retrieves-set-certificates
      description: Microsoft Azure Retrieves The Set Of Certificates Used To Express Policy For The Current Tenant
      hints:
        readOnly: true
        destructive: false
        idempotent: true
      call: attestationclient-policy-management-certificates.microsoftazurepolicycertificatesget
      outputParameters:
      - type: object
        mapping: $.
    - name: microsoft-azure-adds-new-attestation
      description: Microsoft Azure Adds A New Attestation Policy Certificate To The Set Of Policy Management Certificates
      hints:
        readOnly: false
        destructive: false
        idempotent: false
      call: attestationclient-policy-management-certificates.microsoftazurepolicycertificatesadd
      with:
        policyCertificateToAdd: tools.policyCertificateToAdd
      outputParameters:
      - type: object
        mapping: $.
    - name: microsoft-azure-removes-specified-policy
      description: Microsoft Azure Removes The Specified Policy Management Certificate Note That The Final Policy Management
        Certificate Cannot Be Removed
      hints:
        readOnly: false
        destructive: false
        idempotent: false
      call: attestationclient-policy-management-certificates.microsoftazurepolicycertificatesremove
      with:
        policyCertificateToRemove: tools.policyCertificateToRemove
      outputParameters:
      - type: object
        mapping: $.