Table of Contents

UserAuthMethod-Phone.ReadWrite.All

Allows the app to read and write Phone methods of all users in your organization that the signed-in user has access to. This does not allow the app to see secret information like passwords, or to sign-in or otherwise use the authentication methods.

Merill's Note

For an app to access data in Microsoft Graph, the user or administrator must grant it the permissions it needs. This article lists all the Microsoft Graph APIs and your tenant data that can be accessed by the application (vendor/developer) if you consent to the UserAuthMethod-Phone.ReadWrite.All permission.

If you need to create an audit report of the permissions granted to all the apps in your tenant, you can run the Export-MsIdAppConsentGrantReport command. See How To: Run a quick OAuth app audit of your tenant

Category Application Delegated
Identifier 6e85d483-7092-4375-babe-0a94a8213a58 48c99302-9a24-4f27-a8a7-acef4debba14
DisplayText Read and write all users' phone methods Read and write all users' phone methods.
Description Allows the application to read and write phone methods of all users in your organization, without a signed-in user. This does not allow the app to see secret information like passwords, or to sign-in or otherwise use the authentication methods. Allows the app to read and write Phone methods of all users in your organization that the signed-in user has access to. This does not allow the app to see secret information like passwords, or to sign-in or otherwise use the authentication methods.
AdminConsentRequired Yes No

Graph Methods

API supports delegated access (access on behalf of a user)
API supports app-only access (access without a user)

Methods
DELETE /me/authentication/phoneMethods/{phoneMethodId}
GET /me/authentication/phoneMethods
GET /me/authentication/phoneMethods/{phoneMethodId}
PATCH /users/{id | userPrincipalName}/authentication/phoneMethods/{phoneMethodId}
POST /me/authentication/phoneMethods/{id}/enableSmsSignIn
POST /me/authentication/phoneMethods/{mobilePhoneMethodId}/disableSmsSignIn
POST /users/{id | userPrincipalName}/authentication/phoneMethods

Resources

Granting this permission allows the calling application to access (and/or update) the following information in your tenant.

Graph reference: phoneAuthenticationMethod

Property Type Description
id String The identifier of this phone registered to this user. Read-only.

The value of ID is one of the following:
  • b6332ec1-7057-4abe-9331-3d72feddfe41 - where phoneType is alternateMobile.
  • e37fc753-ff3b-4958-9484-eaa9425c82bc - where phoneType is office.
  • 3179e48a-750b-4051-897c-87b9720928f7 - where phoneType is mobile.
phoneNumber String The phone number to text or call for authentication. Phone numbers use the format +{country code} {number}x{extension}, with extension optional. For example, +1 5555551234 or +1 5555551234x123 are valid. Numbers are rejected when creating or updating if they don't match the required format.
phoneType authenticationPhoneType The type of this phone. Possible values are: mobile, alternateMobile, or office.
smsSignInState authenticationMethodSignInState Whether a phone is ready to be used for SMS sign-in or not. Possible values are: notSupported, notAllowedByPolicy, notEnabled, phoneNumberNotUnique, ready, or notConfigured, unknownFutureValue.