UserAuthMethod-QR.ReadWrite.All

Allows the app to read and write QR authentication methods of all users in your organization that the signed-in user has access to. This does not allow the app to see secret information like passwords, or to sign-in or otherwise use the authentication methods.

Merill's Note

For an app to access data in Microsoft Graph, the user or administrator must grant it the permissions it needs. This article lists all the Microsoft Graph APIs and your tenant data that can be accessed by the application (vendor/developer) if you consent to the UserAuthMethod-QR.ReadWrite.All permission.

If you need to create an audit report of the permissions granted to all the apps in your tenant, you can run the Export-MsIdAppConsentGrantReport command. See How To: Run a quick OAuth app audit of your tenant

Category	Application	Delegated
Identifier	4869299f-18c3-40c8-98f2-222657e67db1	db39086a-da7d-4cbd-9ac0-6816f9a80c95
DisplayText	Read and write all users' QR methods	Read and write all users' QR methods.
Description	Allows the application to read and write QR authentication methods of all users in your organization, without a signed-in user. This does not allow the app to see secret information like passwords, or to sign-in or otherwise use the authentication methods.	Allows the app to read and write QR authentication methods of all users in your organization that the signed-in user has access to. This does not allow the app to see secret information like passwords, or to sign-in or otherwise use the authentication methods.
AdminConsentRequired	Yes	Yes

Graph Methods

→ API supports delegated access (access on behalf of a user)
→ API supports app-only access (access without a user)

	Methods

→ API supports delegated access (access on behalf of a user)
→ API supports app-only access (access without a user)

	Methods
	DELETE /me/authentication/qrCodePinMethod
	DELETE /me/authentication/qrCodePinMethod/standardQRCode
	DELETE /me/authentication/qrCodePinMethod/temporaryQRCode
	GET /me/authentication/qrCodePinMethod
	GET /me/authentication/qrCodePinMethod/standardQRCode
	GET /me/authentication/qrCodePinMethod/temporaryQRCode
	PATCH /me/authentication/qrCodePinMethod/pin
	PATCH /me/authentication/qrCodePinMethod/standardQRCode
	PATCH /me/authentication/qrCodePinMethod/temporaryQRCode
	PUT /me/authentication/qrCodePinMethod

→ Command supports delegated access (access on behalf of a user)
→ Command supports app-only access (access without a user)

	Commands
	Get-MgBetaUserAuthenticationQrCodePinMethod
	Get-MgBetaUserAuthenticationQrCodePinMethodStandardQrCode
	Remove-MgBetaUserAuthenticationQrCodePinMethod
	Remove-MgBetaUserAuthenticationQrCodePinMethodStandardQrCode
	Update-MgBetaUserAuthenticationQrCodePinMethodPin
	Update-MgBetaUserAuthenticationQrCodePinMethodStandardQrCode

Resources

Granting this permission allows the calling application to access (and/or update) the following information in your tenant.

Graph reference: qrCode

Property	Type	Description
createdDateTime	DateTimeOffset	The date and time when the QR code was created.
expireDateTime	DateTimeOffset	Temporary QR code lifetime is between 1-12 hours. Standard QR code lifetime is in days and max. is 395 days (13 months) and default value is 365 days (12 months).
id	String	Unique identifier of the QR code. Inherits from entity
image	qrCodeImageDetails	The QR code image's raw data that is returned when a standard or temporary QR code is created.
lastUsedDateTime	DateTimeOffset	The date and time when the QR code was last used for a successful sign-in.
startDateTime	DateTimeOffset	The date and time when the QR code becomes active and available to use.

Graph reference: qrCodePinAuthenticationMethod

Property	Type	Description
id	String	The identifier of the QR code auth added to this user. Inherited from authenticationMethod. Inherits from entity
lastUsedDateTime	DateTimeOffset	The date and time the authentication method was last used by the user. Read-only. Optional. This optional value is `null` if the authentication method doesn't populate it. The timestamp type represents date and time information using ISO 8601 format and is always in UTC. For example, midnight UTC on Jan 1, 2014 is `2014-01-01T00:00:00Z`. Inherited from authenticationMethod.

Graph reference: qrPin

Property	Type	Description
code	String	PIN of the user. It is between 8-20 digits as configured in the QR code authentication method policy. The code is temporary when issued by admin but permanent after the user changes it at the first login attempt. This PIN can be reset by the admin but not the user.
createdDateTime	DateTimeOffset	The date and time when the PIN was created.
forceChangePinNextSignIn	Boolean	Defaults to `true` for a temporary PIN.
updatedDateTime	DateTimeOffset	The date and time when the PIN was updated.

Table of Contents

UserAuthMethod-QR.ReadWrite.All

Graph Methods

Resources