Table of Contents

UserAuthMethod-WindowsHello.Read

Allows the app to read the signed-in user's Windows Hello authentication methods. This does not allow the app to see secret information like passwords, or to sign-in or otherwise use the authentication methods.

Merill's Note

For an app to access data in Microsoft Graph, the user or administrator must grant it the permissions it needs. This article lists all the Microsoft Graph APIs and your tenant data that can be accessed by the application (vendor/developer) if you consent to the UserAuthMethod-WindowsHello.Read permission.

If you need to create an audit report of the permissions granted to all the apps in your tenant, you can run the Export-MsIdAppConsentGrantReport command. See How To: Run a quick OAuth app audit of your tenant

Category Application Delegated
Identifier - efe2b5aa-3a8e-486c-b0be-cc4d185c1b40
DisplayText - Read the signed-in user's Windows Hello methods
Description - Allows the app to read the signed-in user's Windows Hello authentication methods. This does not allow the app to see secret information like passwords, or to sign-in or otherwise use the authentication methods.
AdminConsentRequired Yes Yes

Graph Methods

Resources

Granting this permission allows the calling application to access (and/or update) the following information in your tenant.

Graph reference: windowsHelloForBusinessAuthenticationMethod

Property Type Description
createdDateTime DateTimeOffset The date and time that this Windows Hello for Business key was registered.
displayName String The name of the device on which Windows Hello for Business is registered
id String A unique identifier for this authentication method. Inherited from authenticationMethod
keyStrength authenticationMethodKeyStrength Key strength of this Windows Hello for Business key. Possible values are: normal, weak, unknown.