UserAuthMethod-MicrosoftAuthApp.Read

Allows the app to read the signed-in user's Microsoft Authenticator authentication methods. This does not allow the app to see secret information like passwords, or to sign-in or otherwise use the authentication methods.

Merill's Note

For an app to access data in Microsoft Graph, the user or administrator must grant it the permissions it needs. This article lists all the Microsoft Graph APIs and your tenant data that can be accessed by the application (vendor/developer) if you consent to the UserAuthMethod-MicrosoftAuthApp.Read permission.

If you need to create an audit report of the permissions granted to all the apps in your tenant, you can run the Export-MsIdAppConsentGrantReport command. See How To: Run a quick OAuth app audit of your tenant

Category	Application	Delegated
Identifier	-	f14a567b-3280-4124-95a0-eca86006967e
DisplayText	-	Read the signed-in user's Microsoft Authenticator authentication methods
Description	-	Allows the app to read the signed-in user's Microsoft Authenticator authentication methods. This does not allow the app to see secret information like passwords, or to sign-in or otherwise use the authentication methods.
AdminConsentRequired	Yes	Yes

Graph Methods

→ API supports delegated access (access on behalf of a user)
→ API supports app-only access (access without a user)

	Methods
	GET /me/authentication/microsoftAuthenticatorMethods
	GET /me/authentication/microsoftAuthenticatorMethods/{microsoftAuthenticatorAuthenticationMethodId}

→ API supports delegated access (access on behalf of a user)
→ API supports app-only access (access without a user)

	Methods
	GET /me/authentication/microsoftAuthenticatorMethods
	GET /me/authentication/microsoftAuthenticatorMethods/{microsoftAuthenticatorAuthenticationMethodId}
	GET /me/authentication/passwordlessMicrosoftAuthenticatorMethods
	GET /me/authentication/passwordlessMicrosoftAuthenticatorMethods/{id}

→ Command supports delegated access (access on behalf of a user)
→ Command supports app-only access (access without a user)

	Commands
	Get-MgUserAuthenticationMicrosoftAuthenticatorMethod

→ Command supports delegated access (access on behalf of a user)
→ Command supports app-only access (access without a user)

	Commands
	Get-MgBetaUserAuthenticationMicrosoftAuthenticatorMethod
	Get-MgBetaUserAuthenticationPasswordlessMicrosoftAuthenticatorMethod

Resources

Granting this permission allows the calling application to access (and/or update) the following information in your tenant.

microsoftAuthenticatorAuthenticationMethod
passwordlessmicrosoftauthenticatorauthenticationmethod

Graph reference: microsoftAuthenticatorAuthenticationMethod

Property	Type	Description
createdDateTime	DateTimeOffset	The date and time that this app was registered. This property is null if the device isn't registered for passwordless Phone Sign-In.
deviceTag	String	Tags containing app metadata.
displayName	String	The name of the device on which this app is registered.
id	String	A unique identifier for this authentication method. Inherited from authenticationMethod
phoneAppVersion	String	Numerical version of this instance of the Authenticator app.

Graph reference: passwordlessmicrosoftauthenticatorauthenticationmethod

Property	Type	Description
id	String	The authentication method identifier.
displayName	String	The display name of the mobile device as given by the user.
creationDateTime	DateTimeOffset	The timestamp when this method was registered to the user.

Table of Contents

UserAuthMethod-MicrosoftAuthApp.Read

Graph Methods

Resources