UserAuthenticationMethod.ReadWrite

Allows the app to read and write the signed-in user's authentication methods, including phone numbers and Authenticator app settings. This does not allow the app to see secret information like the signed-in user's passwords, or to sign-in or otherwise use the signed-in user's authentication methods.

Graph Methods

Type: A = Application Permission, D = Delegate Permission

Ver	Type	Method
V1	D	DELETE /me/authentication/microsoftAuthenticatorMethods/{microsoftAuthenticatorAuthenticationMethodId}
V1	D	DELETE /me/authentication/phoneMethods/{id}
V1	D	DELETE /me/authentication/temporaryAccessPassMethods/{id}
V1	D	DELETE /me/authentication/windowsHelloForBusinessMethods/{windowsHelloForBusinessAuthenticationMethodId}
V1	D	DELETE /users/{id \| userPrincipalName}/authentication/emailMethods/{id}
V1	D	DELETE /users/{id \| userPrincipalName}/authentication/fido2Methods/{id}
V1	D	DELETE /users/{id \| userPrincipalName}/authentication/microsoftAuthenticatorMethods/{microsoftAuthenticatorAuthenticationMethodId}
V1	D	DELETE /users/{id \| userPrincipalName}/authentication/passwordlessMicrosoftAuthenticatorMethods/{id}
V1	D	DELETE /users/{id \| userPrincipalName}/authentication/phoneMethods/{id}
V1	D	DELETE /users/{id \| userPrincipalName}/authentication/softwareOathMethods/{id}
V1	D	DELETE /users/{id \| userPrincipalName}/authentication/temporaryAccessPassMethods/{id}
V1	D	DELETE /users/{id \| userPrincipalName}/authentication/windowsHelloForBusinessMethods/{windowsHelloForBusinessAuthenticationMethodId}
V1	D	GET /me/authentication/emailMethods
V1	D	GET /me/authentication/emailMethods/{id}
V1	D	GET /me/authentication/fido2Methods
V1	D	GET /me/authentication/fido2Methods/{id}
V1	D	GET /me/authentication/methods
V1	D	GET /me/authentication/methods/{id}
V1	D	GET /me/authentication/microsoftAuthenticatorMethods
V1	D	GET /me/authentication/microsoftAuthenticatorMethods/{microsoftAuthenticatorAuthenticationMethodId}
V1	D	GET /me/authentication/passwordlessMicrosoftAuthenticatorMethods
V1	D	GET /me/authentication/passwordlessMicrosoftAuthenticatorMethods/{id}
V1	D	GET /me/authentication/passwordMethods
V1	D	GET /me/authentication/passwordMethods/{id}
V1	D	GET /me/authentication/phoneMethods
V1	D	GET /me/authentication/phoneMethods/{phoneMethodId}
V1	D	GET /me/authentication/softwareOathMethods
V1	D	GET /me/authentication/softwareOathMethods/{id}
V1	D	GET /me/authentication/temporaryAccessPassMethods
V1	D	GET /me/authentication/temporaryAccessPassMethods/{temporaryAccessPassAuthenticationMethodId}
V1	D	GET /me/authentication/windowsHelloForBusinessMethods
V1	D	GET /me/authentication/windowsHelloForBusinessMethods/{windowsHelloForBusinessAuthenticationMethodId}
V1	D	GET /users/{id \| userPrincipalName}/authentication/emailMethods
V1	D	GET /users/{id \| userPrincipalName}/authentication/emailMethods/{id}
V1	D	GET /users/{id \| userPrincipalName}/authentication/fido2Methods
V1	D	GET /users/{id \| userPrincipalName}/authentication/fido2Methods/{id}
V1	D	GET /users/{id \| userPrincipalName}/authentication/methods
V1	D	GET /users/{id \| userPrincipalName}/authentication/methods/{id}
V1	D	GET /users/{id \| userPrincipalName}/authentication/microsoftAuthenticatorMethods
V1	D	GET /users/{id \| userPrincipalName}/authentication/microsoftAuthenticatorMethods/{microsoftAuthenticatorAuthenticationMethodId}
V1	D	GET /users/{id \| userPrincipalName}/authentication/operations/{id}
V1	D	GET /users/{id \| userPrincipalName}/authentication/passwordlessMicrosoftAuthenticatorMethods
V1	D	GET /users/{id \| userPrincipalName}/authentication/passwordlessMicrosoftAuthenticatorMethods/{id}
V1	D	GET /users/{id \| userPrincipalName}/authentication/passwordMethods
V1	D	GET /users/{id \| userPrincipalName}/authentication/passwordMethods/{id}
V1	D	GET /users/{id \| userPrincipalName}/authentication/phoneMethods
V1	D	GET /users/{id \| userPrincipalName}/authentication/softwareOathMethods
V1	D	GET /users/{id \| userPrincipalName}/authentication/softwareOathMethods/{id}
V1	D	GET /users/{id \| userPrincipalName}/authentication/temporaryAccessPassMethods
V1	D	GET /users/{id \| userPrincipalName}/authentication/temporaryAccessPassMethods/{temporaryAccessPassAuthenticationMethodId}
V1	D	GET /users/{id \| userPrincipalName}/authentication/windowsHelloForBusinessMethods
V1	D	GET /users/{id \| userPrincipalName}/authentication/windowsHelloForBusinessMethods/{windowsHelloForBusinessAuthenticationMethodId}
V1	D	GET /users/{userId \| userPrincipalName}/authentication/phoneMethods/{phoneMethodId}
V1	D	PATCH /me/authentication/phoneMethods/{id}
V1	D	PATCH /users/{id \| userPrincipalName}/authentication/emailMethods/{id}
V1	D	PATCH /users/{id \| userPrincipalName}/authentication/phoneMethods/{id}
V1	D	POST /me/authentication/phoneMethods
V1	D	POST /me/authentication/phoneMethods/{id}/disableSmsSignIn
V1	D	POST /me/authentication/phoneMethods/{id}/enableSmsSignIn
V1	D	POST /users/{id \| userPrincipalName}/authentication/emailMethods
V1	D	POST /users/{id \| userPrincipalName}/authentication/phoneMethods
V1	D	POST /users/{id \| userPrincipalName}/authentication/phoneMethods/{id}/disableSmsSignIn
V1	D	POST /users/{id \| userPrincipalName}/authentication/phoneMethods/{id}/enableSmsSignIn

Delegate Permission


Id	48971fc1-70d7-4245-af77-0beb29b53ee2
Consent Type	Admin
Display String	Read and write user authentication methods
Description	Allows the app to read and write the signed-in user's authentication methods, including phone numbers and Authenticator app settings. This does not allow the app to see secret information like the signed-in user's passwords, or to sign-in or otherwise use the signed-in user's authentication methods.

Resources

authenticationMethod

Property	Type	Description
id	String	The identifier of this instance of an authentication method registered to this user. Read-only.

authenticationmethods-overview

emailAuthenticationMethod

Property	Type	Description
emailAddress	String	The email address registered to this user.
id	String	The identifier of the email address registered to this user.

fido2AuthenticationMethod

Property	Type	Description
aaGuid	String	Authenticator Attestation GUID, an identifier that indicates the type (e.g. make and model) of the authenticator.
attestationCertificates	String collection	The attestation certificate(s) attached to this security key.
attestationLevel	attestationLevel	The attestation level of this FIDO2 security key. Possible values are: `attested`, or `notAttested`.
createdDateTime	DateTimeOffset	The timestamp when this key was registered to the user.
displayName	String	The display name of the key as given by the user.
id	String	The authentication method identifier.
model	String	The manufacturer-assigned model of the FIDO2 security key.

list

longRunningOperation

Property	Type	Description
createdDateTime	DateTimeOffset	The start time of the operation. The Timestamp type represents date and time information using ISO 8601 format and is always in UTC time. For example, midnight UTC on Jan 1, 2014 is `2014-01-01T00:00:00Z`.
id	String	The unique identifier of the operation.
lastActionDateTime	DateTimeOffset	The time of the last action in the operation. The Timestamp type represents date and time information using ISO 8601 format and is always in UTC time. For example, midnight UTC on Jan 1, 2014 is `2014-01-01T00:00:00Z`.
resourceLocation	String	URI of the resource that the operation is performed on.
status	longRunningOperationStatus	The status of the operation. The possible values are: `notStarted`, `running`, `succeeded`, `failed`, `unknownFutureValue`.
statusDetail	String	Details about the status of the operation.

microsoftAuthenticatorAuthenticationMethod

Property	Type	Description
createdDateTime	DateTimeOffset	The date and time that this app was registered. This property is null if the device is not registered for passwordless Phone Sign-In.
deviceTag	String	Tags containing app metadata.
displayName	String	The name of the device on which this app is registered.
id	String	A unique identifier for this authentication method. Inherited from authenticationMethod
phoneAppVersion	String	Numerical version of this instance of the Authenticator app.

operation

Property	Type	Description
createdDateTime	DateTimeOffset	The start time of the operation.
lastActionDateTime	DateTimeOffset	The time of the last action of the operation.
status	operationStatus	The current status of the operation: `notStarted`, `running`, `completed`, `failed`

passwordAuthenticationMethod

Property	Type	Description
createdDateTime	DateTimeOffset	The date and time when this password was last updated. This property is currently not populated. Read-only. The Timestamp type represents date and time information using ISO 8601 format and is always in UTC time. For example, midnight UTC on Jan 1, 2014 is `2014-01-01T00:00:00Z`.
id	String	The identifier of this password registered to this user. This is generally `28c10230-6103-485e-b985-444c60001490`. Read-only.
password	String	For security, the password is always returned as `null` from a LIST or GET operation.

passwordlessmicrosoftauthenticatorauthenticationmethod

Property	Type	Description
id	String	The authentication method identifier.
displayName	String	The display name of the mobile device as given by the user.
creationDateTime	DateTimeOffset	The timestamp when this method was registered to the user.

phoneAuthenticationMethod

Property	Type	Description
id	String	The identifier of this phone registered to this user. Read-only. The value of id is one of the following: `b6332ec1-7057-4abe-9331-3d72feddfe41` - where phoneType is `alternateMobile`. `e37fc753-ff3b-4958-9484-eaa9425c82bc` - where phoneType is `office`. `3179e48a-750b-4051-897c-87b9720928f7` - where phoneType is `mobile`.
phoneNumber	String	The phone number to text or call for authentication. Phone numbers use the format `+{country code} {number}x{extension}`, with extension optional. For example, `+1 5555551234` or `+1 5555551234x123` are valid. Numbers are rejected when creating or updating if they do not match the required format.
phoneType	authenticationPhoneType	The type of this phone. Possible values are: `mobile`, `alternateMobile`, or `office`.
smsSignInState	authenticationMethodSignInState	Whether a phone is ready to be used for SMS sign-in or not. Possible values are: `notSupported`, `notAllowedByPolicy`, `notEnabled`, `phoneNumberNotUnique`, `ready`, or `notConfigured`, `unknownFutureValue`.

site

Property	Type	Description
createdDateTime	DateTimeOffset	The date and time the item was created. Read-only.
description	string	The descriptive text for the site.
displayName	string	The full title for the site. Read-only.
eTag	string	ETag for the item. Read-only.
id	string	The unique identifier of the item. Read-only.
lastModifiedDateTime	DateTimeOffset	The date and time the item was last modified. Read-only.
name	string	The name / title of the item.
root	root	If present, indicates that this is the root site in the site collection. Read-only.
sharepointIds	sharepointIds	Returns identifiers useful for SharePoint REST compatibility. Read-only.
siteCollection	siteCollection	Provides details about the site's site collection. Available only on the root site. Read-only.
webUrl	string (url)	URL that displays the item in the browser. Read-only.

softwareOathAuthenticationMethod

Property	Type	Description
id	String	The authentication method identifier.
secretKey	String	The secret key of the method. Always returns `null`.

temporaryAccessPassAuthenticationMethod

Property	Type	Description
createdDateTime	DateTimeOffset	The date and time when the Temporary Access Pass was created.
id	String	The identifier of the Temporary Access Pass registered to this user. Inherited from entity.
isUsable	Boolean	The state of the authentication method that indicates whether it's currently usable by the user.
isUsableOnce	Boolean	Determines whether the pass is limited to a one-time use. If `true`, the pass can be used once; if `false`, the pass can be used multiple times within the Temporary Access Pass lifetime.
lifetimeInMinutes	Int32	The lifetime of the Temporary Access Pass in minutes starting at startDateTime. Must be between 10 and 43200 inclusive (equivalent to 30 days).
methodUsabilityReason	String	Details about the usability state (isUsable). Reasons can include: `EnabledByPolicy`, `DisabledByPolicy`, `Expired`, `NotYetValid`, `OneTimeUsed`.
startDateTime	DateTimeOffset	The date and time when the Temporary Access Pass becomes available to use and when isUsable is `true` is enforced.
temporaryAccessPass	String	The Temporary Access Pass used to authenticate. Returned only on creation of a new **t

windowsHelloForBusinessAuthenticationMethod

Property	Type	Description
createdDateTime	DateTimeOffset	The date and time that this Windows Hello for Business key was registered.
displayName	String	The name of the device on which Windows Hello for Business is registered
id	String	A unique identifier for this authentication method. Inherited from authenticationMethod
keyStrength	authenticationMethodKeyStrength	Key strength of this Windows Hello for Business key. Possible values are: `normal`, `weak`, `unknown`.