Table of Contents

UserAuthMethod-Passkey.Read

Allows the app to read the signed-in user's passkey authentication methods. This does not allow the app to see secret information like passwords, or to sign-in or otherwise use the authentication methods.

Merill's Note

For an app to access data in Microsoft Graph, the user or administrator must grant it the permissions it needs. This article lists all the Microsoft Graph APIs and your tenant data that can be accessed by the application (vendor/developer) if you consent to the UserAuthMethod-Passkey.Read permission.

If you need to create an audit report of the permissions granted to all the apps in your tenant, you can run the Export-MsIdAppConsentGrantReport command. See How To: Run a quick OAuth app audit of your tenant

Category Application Delegated
Identifier - 828fcbda-0d26-431d-8bfb-83f217224621
DisplayText - Read the signed-in user's passkey authentication methods
Description - Allows the app to read the signed-in user's passkey authentication methods. This does not allow the app to see secret information like passwords, or to sign-in or otherwise use the authentication methods.
AdminConsentRequired Yes Yes

Graph Methods

Resources

Granting this permission allows the calling application to access (and/or update) the following information in your tenant.

Graph reference: fido2AuthenticationMethod

Property Type Description
aaGuid String Authenticator Attestation GUID, an identifier that indicates the type (e.g. make and model) of the authenticator.
attestationCertificates String collection The attestation certificate(s) attached to this security key.
attestationLevel attestationLevel The attestation level of this FIDO2 security key. Possible values are: attested, or notAttested.
createdDateTime DateTimeOffset The timestamp when this key was registered to the user.
displayName String The display name of the key as given by the user.
id String The authentication method identifier.
model String The manufacturer-assigned model of the FIDO2 security key.