Allows the app to read the signed-in user's authentication methods, including phone numbers and Authenticator app settings. This does not allow the app to see secret information like the signed-in user's passwords, or to sign-in or otherwise use the signed-in user's authentication methods.
Merill's Note
For an app to access data in Microsoft Graph, the user or administrator must grant it the permissions it needs. This article lists all the Microsoft Graph APIs and your tenant data that can be accessed by the application (vendor/developer) if you consent to the UserAuthenticationMethod.Read permission.
If you need to create an audit report of the permissions granted to all the apps in your tenant, you can run the Export-MsIdAppConsentGrantReport command. See How To: Run a quick OAuth app audit of your tenant
Category
Application
Delegated
Identifier
-
1f6b61c5-2f65-4135-9c9f-31c0f8d32b52
DisplayText
-
Read user authentication methods.
Description
-
Allows the app to read the signed-in user's authentication methods, including phone numbers and Authenticator app settings. This does not allow the app to see secret information like the signed-in user's passwords, or to sign-in or otherwise use the signed-in user's authentication methods.
The date and time when this password was last updated. This property is currently not populated. Read-only. The Timestamp type represents date and time information using ISO 8601 format and is always in UTC time. For example, midnight UTC on Jan 1, 2014 is 2014-01-01T00:00:00Z.
id
String
The identifier of this password registered to this user. This is generally 28c10230-6103-485e-b985-444c60001490. Read-only.
password
String
For security, the password is always returned as null from a LIST or GET operation.
The identifier of this phone registered to this user. Read-only.
The value of ID is one of the following:
b6332ec1-7057-4abe-9331-3d72feddfe41 - where phoneType is alternateMobile.
e37fc753-ff3b-4958-9484-eaa9425c82bc - where phoneType is office.
3179e48a-750b-4051-897c-87b9720928f7 - where phoneType is mobile.
phoneNumber
String
The phone number to text or call for authentication. Phone numbers use the format +{country code} {number}x{extension}, with extension optional. For example, +1 5555551234 or +1 5555551234x123 are valid. Numbers are rejected when creating or updating if they don't match the required format.
phoneType
authenticationPhoneType
The type of this phone. Possible values are: mobile, alternateMobile, or office.
smsSignInState
authenticationMethodSignInState
Whether a phone is ready to be used for SMS sign-in or not. Possible values are: notSupported, notAllowedByPolicy, notEnabled, phoneNumberNotUnique, ready, or notConfigured, unknownFutureValue.
Sets the per-user MFA state for the user. The possible values are: disabled, enforced, enabled, unknownFutureValue. When you update a user's MFA state to enabled and the user has already registered an MFA method, their state changes automatically to enforced.
The date and time when the Temporary Access Pass was created.
id
String
The identifier of the Temporary Access Pass registered to this user. Inherited from entity.
isUsable
Boolean
The state of the authentication method that indicates whether it's currently usable by the user.
isUsableOnce
Boolean
Determines whether the pass is limited to a one-time use. If true, the pass can be used once; if false, the pass can be used multiple times within the Temporary Access Pass lifetime.
lifetimeInMinutes
Int32
The lifetime of the Temporary Access Pass in minutes starting at startDateTime. Must be between 10 and 43200 inclusive (equivalent to 30 days).
methodUsabilityReason
String
Details about the usability state (isUsable). Reasons can include: EnabledByPolicy, DisabledByPolicy, Expired, NotYetValid, OneTimeUsed.
startDateTime
DateTimeOffset
The date and time when the Temporary Access Pass becomes available to use and when isUsable is true is enforced.
temporaryAccessPass
String
The Temporary Access Pass used to authenticate. Returned only on creation of a new **t