DeviceLocalCredential.Read.All
Allows the app to read device local credential properties including passwords, on behalf of the signed-in user.
Merill's Note
For an app to access data in Microsoft Graph, the user or administrator must grant it the permissions it needs. This article lists all the Microsoft Graph APIs and your tenant data that can be accessed by the application (vendor/developer) if you consent to the
DeviceLocalCredential.Read.Allpermission.If you need to create an audit report of the permissions granted to all the apps in your tenant, you can run the
Export-MsIdAppConsentGrantReportcommand. See How To: Run a quick OAuth app audit of your tenant
| Category | Application | Delegated |
|---|---|---|
| Identifier | 884b599e-4d48-43a5-ba94-15c414d00588 | 280b3b69-0437-44b1-bc20-3b2fca1ee3e9 |
| DisplayText | Read device local credential passwords | Read device local credential passwords |
| Description | Allows the app to read device local credential properties including passwords, without a signed-in user. | Allows the app to read device local credential properties including passwords, on behalf of the signed-in user. |
| AdminConsentRequired | Yes | Yes |
Graph Methods
→ API supports delegated access (access on behalf of a user)
→ API supports app-only access (access without a user)
| Methods | |
|---|---|
Resources
Granting this permission allows the calling application to access (and/or update) the following information in your tenant.
Graph reference: deviceLocalCredential
| Property | Type | Description |
|---|---|---|
| accountName | String | The name of the local admin account for which LAPS is enabled. |
| accountSid | String | The SID of the local admin account for which LAPS is enabled. |
| backupDateTime | DateTimeOffset | When the local administrator account credential for the device object was backed up to Azure Active Directory. |
| passwordBase64 | String | The password for the local administrator account that is backed up to Azure Active Directory and returned as a Base64 encoded value. |