UserAuthenticationMethod.ReadWrite.All
Allows the app to read and write authentication methods of all users in your organization that the signed-in user has access to. Authentication methods include things like a user’s phone numbers and Authenticator app settings. This does not allow the app to see secret information like passwords, or to sign-in or otherwise use the authentication methods.
Graph Methods
Type: A = Application Permission, D = Delegate Permission
| Ver |
Type |
Method |
| V1 |
A,D |
DELETE /me/authentication/microsoftAuthenticatorMethods/{microsoftAuthenticatorAuthenticationMethodId} |
| V1 |
A,D |
DELETE /me/authentication/phoneMethods/{id} |
| V1 |
A,D |
DELETE /me/authentication/temporaryAccessPassMethods/{id} |
| V1 |
A,D |
DELETE /me/authentication/windowsHelloForBusinessMethods/{windowsHelloForBusinessAuthenticationMethodId} |
| V1 |
A,D |
DELETE /users/{id | userPrincipalName}/authentication/emailMethods/{id} |
| V1 |
A,D |
DELETE /users/{id | userPrincipalName}/authentication/fido2Methods/{id} |
| V1 |
A,D |
DELETE /users/{id | userPrincipalName}/authentication/microsoftAuthenticatorMethods/{microsoftAuthenticatorAuthenticationMethodId} |
| V1 |
A,D |
DELETE /users/{id | userPrincipalName}/authentication/passwordlessMicrosoftAuthenticatorMethods/{id} |
| V1 |
A,D |
DELETE /users/{id | userPrincipalName}/authentication/phoneMethods/{id} |
| V1 |
A,D |
DELETE /users/{id | userPrincipalName}/authentication/softwareOathMethods/{id} |
| V1 |
A,D |
DELETE /users/{id | userPrincipalName}/authentication/temporaryAccessPassMethods/{id} |
| V1 |
A,D |
DELETE /users/{id | userPrincipalName}/authentication/windowsHelloForBusinessMethods/{windowsHelloForBusinessAuthenticationMethodId} |
| V1 |
A,D |
GET /me/authentication/emailMethods |
| V1 |
A,D |
GET /me/authentication/emailMethods/{id} |
| V1 |
A,D |
GET /me/authentication/fido2Methods |
| V1 |
A,D |
GET /me/authentication/fido2Methods/{id} |
| V1 |
A,D |
GET /me/authentication/methods |
| V1 |
A,D |
GET /me/authentication/methods/{id} |
| V1 |
A,D |
GET /me/authentication/microsoftAuthenticatorMethods |
| V1 |
A,D |
GET /me/authentication/microsoftAuthenticatorMethods/{microsoftAuthenticatorAuthenticationMethodId} |
| V1 |
A,D |
GET /me/authentication/passwordlessMicrosoftAuthenticatorMethods |
| V1 |
A,D |
GET /me/authentication/passwordlessMicrosoftAuthenticatorMethods/{id} |
| V1 |
A,D |
GET /me/authentication/passwordMethods |
| V1 |
A,D |
GET /me/authentication/passwordMethods/{id} |
| V1 |
A,D |
GET /me/authentication/phoneMethods |
| V1 |
A,D |
GET /me/authentication/phoneMethods/{phoneMethodId} |
| V1 |
A,D |
GET /me/authentication/softwareOathMethods |
| V1 |
A,D |
GET /me/authentication/softwareOathMethods/{id} |
| V1 |
A,D |
GET /me/authentication/temporaryAccessPassMethods |
| V1 |
A,D |
GET /me/authentication/temporaryAccessPassMethods/{temporaryAccessPassAuthenticationMethodId} |
| V1 |
A,D |
GET /me/authentication/windowsHelloForBusinessMethods |
| V1 |
A,D |
GET /me/authentication/windowsHelloForBusinessMethods/{windowsHelloForBusinessAuthenticationMethodId} |
| V1 |
A,D |
GET /users/{id | userPrincipalName}/authentication/emailMethods |
| V1 |
A,D |
GET /users/{id | userPrincipalName}/authentication/emailMethods/{id} |
| V1 |
A,D |
GET /users/{id | userPrincipalName}/authentication/fido2Methods |
| V1 |
A,D |
GET /users/{id | userPrincipalName}/authentication/fido2Methods/{id} |
| V1 |
A,D |
GET /users/{id | userPrincipalName}/authentication/methods |
| V1 |
A,D |
GET /users/{id | userPrincipalName}/authentication/methods/{id} |
| V1 |
A,D |
GET /users/{id | userPrincipalName}/authentication/microsoftAuthenticatorMethods |
| V1 |
A,D |
GET /users/{id | userPrincipalName}/authentication/microsoftAuthenticatorMethods/{microsoftAuthenticatorAuthenticationMethodId} |
| V1 |
D |
GET /users/{id | userPrincipalName}/authentication/operations/{id} |
| V1 |
A,D |
GET /users/{id | userPrincipalName}/authentication/passwordlessMicrosoftAuthenticatorMethods |
| V1 |
A,D |
GET /users/{id | userPrincipalName}/authentication/passwordlessMicrosoftAuthenticatorMethods/{id} |
| V1 |
A,D |
GET /users/{id | userPrincipalName}/authentication/passwordMethods |
| V1 |
A,D |
GET /users/{id | userPrincipalName}/authentication/passwordMethods/{id} |
| V1 |
A,D |
GET /users/{id | userPrincipalName}/authentication/phoneMethods |
| V1 |
A,D |
GET /users/{id | userPrincipalName}/authentication/softwareOathMethods |
| V1 |
A,D |
GET /users/{id | userPrincipalName}/authentication/softwareOathMethods/{id} |
| V1 |
A,D |
GET /users/{id | userPrincipalName}/authentication/temporaryAccessPassMethods |
| V1 |
A,D |
GET /users/{id | userPrincipalName}/authentication/temporaryAccessPassMethods/{temporaryAccessPassAuthenticationMethodId} |
| V1 |
A,D |
GET /users/{id | userPrincipalName}/authentication/windowsHelloForBusinessMethods |
| V1 |
A,D |
GET /users/{id | userPrincipalName}/authentication/windowsHelloForBusinessMethods/{windowsHelloForBusinessAuthenticationMethodId} |
| V1 |
A,D |
GET /users/{userId | userPrincipalName}/authentication/phoneMethods/{phoneMethodId} |
| V1 |
A,D |
PATCH /me/authentication/phoneMethods/{id} |
| V1 |
A,D |
PATCH /users/{id | userPrincipalName}/authentication/emailMethods/{id} |
| V1 |
A,D |
PATCH /users/{id | userPrincipalName}/authentication/phoneMethods/{id} |
| V1 |
A,D |
POST /me/authentication/phoneMethods |
| V1 |
A,D |
POST /me/authentication/phoneMethods/{id}/disableSmsSignIn |
| V1 |
A,D |
POST /me/authentication/phoneMethods/{id}/enableSmsSignIn |
| V1 |
A,D |
POST /users/{id | userPrincipalName}/authentication/emailMethods |
| V1 |
D |
POST /users/{id | userPrincipalName}/authentication/passwordMethods/{id}/resetPassword |
| V1 |
A,D |
POST /users/{id | userPrincipalName}/authentication/phoneMethods |
| V1 |
A,D |
POST /users/{id | userPrincipalName}/authentication/phoneMethods/{id}/disableSmsSignIn |
| V1 |
A,D |
POST /users/{id | userPrincipalName}/authentication/phoneMethods/{id}/enableSmsSignIn |
| V1 |
A,D |
POST /users/{id | userPrincipalName}/authentication/temporaryAccessPassMethods |
Delegate Permission
|
|
| Id |
b7887744-6746-4312-813d-72daeaee7e2d |
| Consent Type |
Admin |
| Display String |
Read and write all users' authentication methods. |
| Description |
Allows the app to read and write authentication methods of all users in your organization that the signed-in user has access to. Authentication methods include things like a user’s phone numbers and Authenticator app settings. This does not allow the app to see secret information like passwords, or to sign-in or otherwise use the authentication methods. |
Application Permission
|
|
| Id |
50483e42-d915-4231-9639-7fdb7fd190e5 |
| Display String |
Read and write all users' authentication methods |
| Description |
Allows the application to read and write authentication methods of all users in your organization, without a signed-in user. Authentication methods include things like a user’s phone numbers and Authenticator app settings. This does not allow the app to see secret information like passwords, or to sign-in or otherwise use the authentication methods |
Resources
| Property |
Type |
Description |
| id |
String |
The identifier of this instance of an authentication method registered to this user. Read-only. |
| Property |
Type |
Description |
| emailAddress |
String |
The email address registered to this user. |
| id |
String |
The identifier of the email address registered to this user. |
| Property |
Type |
Description |
| aaGuid |
String |
Authenticator Attestation GUID, an identifier that indicates the type (e.g. make and model) of the authenticator. |
| attestationCertificates |
String collection |
The attestation certificate(s) attached to this security key. |
| attestationLevel |
attestationLevel |
The attestation level of this FIDO2 security key. Possible values are: attested, or notAttested. |
| createdDateTime |
DateTimeOffset |
The timestamp when this key was registered to the user. |
| displayName |
String |
The display name of the key as given by the user. |
| id |
String |
The authentication method identifier. |
| model |
String |
The manufacturer-assigned model of the FIDO2 security key. |
| Property |
Type |
Description |
| createdDateTime |
DateTimeOffset |
The start time of the operation. The Timestamp type represents date and time information using ISO 8601 format and is always in UTC time. For example, midnight UTC on Jan 1, 2014 is 2014-01-01T00:00:00Z. |
| id |
String |
The unique identifier of the operation. |
| lastActionDateTime |
DateTimeOffset |
The time of the last action in the operation. The Timestamp type represents date and time information using ISO 8601 format and is always in UTC time. For example, midnight UTC on Jan 1, 2014 is 2014-01-01T00:00:00Z. |
| resourceLocation |
String |
URI of the resource that the operation is performed on. |
| status |
longRunningOperationStatus |
The status of the operation. The possible values are: notStarted, running, succeeded, failed, unknownFutureValue. |
| statusDetail |
String |
Details about the status of the operation. |
| Property |
Type |
Description |
| createdDateTime |
DateTimeOffset |
The date and time that this app was registered. This property is null if the device is not registered for passwordless Phone Sign-In. |
| deviceTag |
String |
Tags containing app metadata. |
| displayName |
String |
The name of the device on which this app is registered. |
| id |
String |
A unique identifier for this authentication method. Inherited from authenticationMethod |
| phoneAppVersion |
String |
Numerical version of this instance of the Authenticator app. |
| Property |
Type |
Description |
| createdDateTime |
DateTimeOffset |
The start time of the operation. |
| lastActionDateTime |
DateTimeOffset |
The time of the last action of the operation. |
| status |
operationStatus |
The current status of the operation: notStarted, running, completed, failed |
| Property |
Type |
Description |
| createdDateTime |
DateTimeOffset |
The date and time when this password was last updated. This property is currently not populated. Read-only. The Timestamp type represents date and time information using ISO 8601 format and is always in UTC time. For example, midnight UTC on Jan 1, 2014 is 2014-01-01T00:00:00Z. |
| id |
String |
The identifier of this password registered to this user. This is generally 28c10230-6103-485e-b985-444c60001490. Read-only. |
| password |
String |
For security, the password is always returned as null from a LIST or GET operation. |
| Property |
Type |
Description |
| id |
String |
The authentication method identifier. |
| displayName |
String |
The display name of the mobile device as given by the user. |
| creationDateTime |
DateTimeOffset |
The timestamp when this method was registered to the user. |
| Property |
Type |
Description |
| newPassword |
String |
The Azure AD-generated password. |
| Property |
Type |
Description |
| id |
String |
The identifier of this phone registered to this user. Read-only.
The value of id is one of the following:b6332ec1-7057-4abe-9331-3d72feddfe41 - where phoneType is alternateMobile.e37fc753-ff3b-4958-9484-eaa9425c82bc - where phoneType is office.3179e48a-750b-4051-897c-87b9720928f7 - where phoneType is mobile.
|
| phoneNumber |
String |
The phone number to text or call for authentication. Phone numbers use the format +{country code} {number}x{extension}, with extension optional. For example, +1 5555551234 or +1 5555551234x123 are valid. Numbers are rejected when creating or updating if they do not match the required format. |
| phoneType |
authenticationPhoneType |
The type of this phone. Possible values are: mobile, alternateMobile, or office. |
| smsSignInState |
authenticationMethodSignInState |
Whether a phone is ready to be used for SMS sign-in or not. Possible values are: notSupported, notAllowedByPolicy, notEnabled, phoneNumberNotUnique, ready, or notConfigured, unknownFutureValue. |
| Property |
Type |
Description |
| createdDateTime |
DateTimeOffset |
The date and time the item was created. Read-only. |
| description |
string |
The descriptive text for the site. |
| displayName |
string |
The full title for the site. Read-only. |
| eTag |
string |
ETag for the item. Read-only. |
| id |
string |
The unique identifier of the item. Read-only. |
| lastModifiedDateTime |
DateTimeOffset |
The date and time the item was last modified. Read-only. |
| name |
string |
The name / title of the item. |
| root |
root |
If present, indicates that this is the root site in the site collection. Read-only. |
| sharepointIds |
sharepointIds |
Returns identifiers useful for SharePoint REST compatibility. Read-only. |
| siteCollection |
siteCollection |
Provides details about the site's site collection. Available only on the root site. Read-only. |
| webUrl |
string (url) |
URL that displays the item in the browser. Read-only. |
| Property |
Type |
Description |
| id |
String |
The authentication method identifier. |
| secretKey |
String |
The secret key of the method. Always returns null. |
| Property |
Type |
Description |
| createdDateTime |
DateTimeOffset |
The date and time when the Temporary Access Pass was created. |
| id |
String |
The identifier of the Temporary Access Pass registered to this user. Inherited from entity. |
| isUsable |
Boolean |
The state of the authentication method that indicates whether it's currently usable by the user. |
| isUsableOnce |
Boolean |
Determines whether the pass is limited to a one-time use. If true, the pass can be used once; if false, the pass can be used multiple times within the Temporary Access Pass lifetime. |
| lifetimeInMinutes |
Int32 |
The lifetime of the Temporary Access Pass in minutes starting at startDateTime. Must be between 10 and 43200 inclusive (equivalent to 30 days). |
| methodUsabilityReason |
String |
Details about the usability state (isUsable). Reasons can include: EnabledByPolicy, DisabledByPolicy, Expired, NotYetValid, OneTimeUsed. |
| startDateTime |
DateTimeOffset |
The date and time when the Temporary Access Pass becomes available to use and when isUsable is true is enforced. |
| temporaryAccessPass |
String |
The Temporary Access Pass used to authenticate. Returned only on creation of a new **t |
| Property |
Type |
Description |
| defaultLength |
Int |
Default length in characters of a Temporary Access Pass object. Must be between 8 and 48 characters. |
| defaultLifetimeInMinutes |
Int |
Default lifetime in minutes for a Temporary Access Pass. Value can be any integer between the minimumLifetimeInMinutes and maximumLifetimeInMinutes. |
| id |
String |
The identifier of the authentication method policy. Inherited from entity. |
| isUsableOnce |
Boolean |
If true, all the passes in the tenant will be restricted to one-time use. If false, passes in the tenant can be created to be either one-time use or reusable. |
| maximumLifetimeInMinutes |
Int |
Maximum lifetime in minutes for any Temporary Access Pass created in the tenant. Value can be between 10 and 43200 minutes (equivalent to 30 days). |
| minimumLifetimeInMinutes |
Int |
Minimum lifetime in minutes for any Temporary Access Pass created in the tenant. Value can be between 10 and 43200 minutes (equivalent to 30 days). |
| state |
authenticationMethodState |
Whether the Temporary Access Pass method is enabled in the tenant. Possible values are: enabled, disabled. Inherited from authenticationMethodConfiguration. |
| Property |
Type |
Description |
| createdDateTime |
DateTimeOffset |
The date and time that this Windows Hello for Business key was registered. |
| displayName |
String |
The name of the device on which Windows Hello for Business is registered |
| id |
String |
A unique identifier for this authentication method. Inherited from authenticationMethod |
| keyStrength |
authenticationMethodKeyStrength |
Key strength of this Windows Hello for Business key. Possible values are: normal, weak, unknown. |