Table of Contents

DeviceLocalCredential.ReadBasic.All

Allows the app to read device local credential properties excluding passwords, on behalf of the signed-in user.

Merill's Note

For an app to access data in Microsoft Graph, the user or administrator must grant it the permissions it needs. This article lists all the Microsoft Graph APIs and your tenant data that can be accessed by the application (vendor/developer) if you consent to the DeviceLocalCredential.ReadBasic.All permission.

If you need to create an audit report of the permissions granted to all the apps in your tenant, you can run the Export-MsIdAppConsentGrantReport command. See How To: Run a quick OAuth app audit of your tenant

Category Application Delegated
Identifier db51be59-e728-414b-b800-e0f010df1a79 9917900e-410b-4d15-846e-42a357488545
DisplayText Read device local credential properties Read device local credential properties
Description Allows the app to read device local credential properties excluding passwords, without a signed-in user. Allows the app to read device local credential properties excluding passwords, on behalf of the signed-in user.
AdminConsentRequired Yes Yes

Graph Methods

Resources

Granting this permission allows the calling application to access (and/or update) the following information in your tenant.

Graph reference: deviceLocalCredential

Property Type Description
accountName String The name of the local admin account for which LAPS is enabled.
accountSid String The SID of the local admin account for which LAPS is enabled.
backupDateTime DateTimeOffset When the local administrator account credential for the device object was backed up to Azure Active Directory.
passwordBase64 String The password for the local administrator account that is backed up to Azure Active Directory and returned as a Base64 encoded value.