Show / Hide Table of Contents

UserAuthenticationMethod.ReadWrite.All

Allows the app to read and write authentication methods of all users in your organization that the signed-in user has access to. Authentication methods include things like a user’s phone numbers and Authenticator app settings. This does not allow the app to see secret information like passwords, or to sign-in or otherwise use the authentication methods.

Graph Methods

Type: A = Application Permission, D = Delegate Permission

Ver Type Method
V1 A,D DELETE /me/authentication/microsoftAuthenticatorMethods/{microsoftAuthenticatorAuthenticationMethodId}
Beta A,D DELETE /me/authentication/phoneMethods/{id}
Beta A,D DELETE /me/authentication/temporaryAccessPassMethods/{id}
V1 A,D DELETE /me/authentication/windowsHelloForBusinessMethods/{windowsHelloForBusinessAuthenticationMethodId}
Beta A,D DELETE /users/{id | userPrincipalName}/authentication/emailMethods/{id}
V1 A,D DELETE /users/{id | userPrincipalName}/authentication/fido2Methods/{id}
V1 A,D DELETE /users/{id | userPrincipalName}/authentication/microsoftAuthenticatorMethods/{microsoftAuthenticatorAuthenticationMethodId}
Beta A,D DELETE /users/{id | userPrincipalName}/authentication/passwordlessMicrosoftAuthenticatorMethods/{id}
Beta A,D DELETE /users/{id | userPrincipalName}/authentication/phoneMethods/{id}
Beta A,D DELETE /users/{id | userPrincipalName}/authentication/softwareOathMethods/{id}
Beta A,D DELETE /users/{id | userPrincipalName}/authentication/temporaryAccessPassMethods/{id}
V1 A,D DELETE /users/{id | userPrincipalName}/authentication/windowsHelloForBusinessMethods/{windowsHelloForBusinessAuthenticationMethodId}
Beta A,D GET /me/authentication/emailMethods
Beta A,D GET /me/authentication/emailMethods/{id}
V1 A,D GET /me/authentication/fido2Methods
V1 A,D GET /me/authentication/fido2Methods/{id}
V1 A,D GET /me/authentication/methods
V1 A,D GET /me/authentication/methods/{id}
V1 A,D GET /me/authentication/microsoftAuthenticatorMethods
V1 A,D GET /me/authentication/microsoftAuthenticatorMethods/{microsoftAuthenticatorAuthenticationMethodId}
Beta A,D GET /me/authentication/passwordlessMicrosoftAuthenticatorMethods
Beta A,D GET /me/authentication/passwordlessMicrosoftAuthenticatorMethods/{id}
Beta A,D GET /me/authentication/passwordMethods
Beta A,D GET /me/authentication/passwordMethods/{id}
Beta A,D GET /me/authentication/phoneMethods
Beta A,D GET /me/authentication/phoneMethods/{phoneMethodId}
Beta A,D GET /me/authentication/softwareOathMethods
Beta A,D GET /me/authentication/softwareOathMethods/{id}
Beta A,D GET /me/authentication/temporaryAccessPassMethods
Beta A,D GET /me/authentication/temporaryAccessPassMethods/{temporaryAccessPassAuthenticationMethodId}
V1 A,D GET /me/authentication/windowsHelloForBusinessMethods
V1 A,D GET /me/authentication/windowsHelloForBusinessMethods/{windowsHelloForBusinessAuthenticationMethodId}
Beta A,D GET /users/{id | userPrincipalName}/authentication/emailMethods
Beta A,D GET /users/{id | userPrincipalName}/authentication/emailMethods/{id}
V1 A,D GET /users/{id | userPrincipalName}/authentication/fido2Methods
V1 A,D GET /users/{id | userPrincipalName}/authentication/fido2Methods/{id}
V1 A,D GET /users/{id | userPrincipalName}/authentication/methods
V1 A,D GET /users/{id | userPrincipalName}/authentication/methods/{id}
V1 A,D GET /users/{id | userPrincipalName}/authentication/microsoftAuthenticatorMethods
V1 A,D GET /users/{id | userPrincipalName}/authentication/microsoftAuthenticatorMethods/{microsoftAuthenticatorAuthenticationMethodId}
Beta D GET /users/{id | userPrincipalName}/authentication/operations/{id}
Beta A,D GET /users/{id | userPrincipalName}/authentication/passwordlessMicrosoftAuthenticatorMethods
Beta A,D GET /users/{id | userPrincipalName}/authentication/passwordlessMicrosoftAuthenticatorMethods/{id}
Beta A,D GET /users/{id | userPrincipalName}/authentication/passwordMethods
Beta A,D GET /users/{id | userPrincipalName}/authentication/passwordMethods/{id}
Beta A,D GET /users/{id | userPrincipalName}/authentication/phoneMethods
Beta A,D GET /users/{id | userPrincipalName}/authentication/softwareOathMethods
Beta A,D GET /users/{id | userPrincipalName}/authentication/softwareOathMethods/{id}
Beta A,D GET /users/{id | userPrincipalName}/authentication/temporaryAccessPassMethods
Beta A,D GET /users/{id | userPrincipalName}/authentication/temporaryAccessPassMethods/{temporaryAccessPassAuthenticationMethodId}
V1 A,D GET /users/{id | userPrincipalName}/authentication/windowsHelloForBusinessMethods
V1 A,D GET /users/{id | userPrincipalName}/authentication/windowsHelloForBusinessMethods/{windowsHelloForBusinessAuthenticationMethodId}
Beta A,D GET /users/{userId | userPrincipalName}/authentication/phoneMethods/{phoneMethodId}
Beta A,D POST /me/authentication/phoneMethods
Beta A,D POST /me/authentication/phoneMethods/{id}/disableSmsSignIn
Beta A,D POST /me/authentication/phoneMethods/{id}/enableSmsSignIn
Beta A,D POST /users/{id | userPrincipalName}/authentication/emailMethods
Beta D POST /users/{id | userPrincipalName}/authentication/passwordMethods/{id}/resetPassword
Beta A,D POST /users/{id | userPrincipalName}/authentication/phoneMethods
Beta A,D POST /users/{id | userPrincipalName}/authentication/phoneMethods/{id}/disableSmsSignIn
Beta A,D POST /users/{id | userPrincipalName}/authentication/phoneMethods/{id}/enableSmsSignIn
Beta A,D POST /users/{id | userPrincipalName}/authentication/temporaryAccessPassMethods
Beta A,D PUT /me/authentication/phoneMethods/{id}
Beta A,D PUT /users/{id | userPrincipalName}/authentication/emailMethods/{id}
Beta A,D PUT /users/{id | userPrincipalName}/authentication/phoneMethods/{id}

Delegate Permission

Id b7887744-6746-4312-813d-72daeaee7e2d
Consent Type Admin
Display String Read and write all users' authentication methods.
Description Allows the app to read and write authentication methods of all users in your organization that the signed-in user has access to. Authentication methods include things like a user’s phone numbers and Authenticator app settings. This does not allow the app to see secret information like passwords, or to sign-in or otherwise use the authentication methods.

Application Permission

Id 50483e42-d915-4231-9639-7fdb7fd190e5
Display String Read and write all users' authentication methods
Description Allows the application to read and write authentication methods of all users in your organization, without a signed-in user. Authentication methods include things like a user’s phone numbers and Authenticator app settings. This does not allow the app to see secret information like passwords, or to sign-in or otherwise use the authentication methods

Resources

authenticationMethod

Property Type Description
id String The identifier of this instance of an authentication method registered to this user. Read-only.

authenticationmethods-overview

emailAuthenticationMethod

Property Type Description
id String The identifier of the email address registered to this user.
emailAddress String The email address registered to this user.

fido2AuthenticationMethod

Property Type Description
id String The authentication method identifier.
displayName String The display name of the key as given by the user.
createdDateTime DateTimeOffset The timestamp when this key was registered to the user.
aaGuid String Authenticator Attestation GUID, an identifier that indicates the type (e.g. make and model) of the authenticator.
model String The manufacturer-assigned model of the FIDO2 security key.
attestationCertificates String collection The attestation certificate(s) attached to this security key.
attestationLevel attestationLevel The attestation level of this FIDO2 security key. Possible values are: attested, or notAttested.

microsoftAuthenticatorAuthenticationMethod

Property Type Description
createdDateTime DateTimeOffset The date and time that this app was registered. This property is null if the device is not registered for passwordless Phone Sign-In.
displayName String The name of the device on which this app is registered.
id String A unique identifier for this authentication method. Inherited from authenticationMethod
deviceTag String Tags containing app metadata.
phoneAppVersion String Numerical version of this instance of the Authenticator app.

operation

Property Type Description
createdDateTime DateTimeOffset The start time of the operation.
lastActionDateTime DateTimeOffset The time of the last action of the operation.
status operationStatus The current status of the operation: notStarted, running, completed, failed

passwordAuthenticationMethod

Property Type Description
creationDateTime DateTimeOffset The date and time when this password was last updated. This property is currently not populated. Read-only. The Timestamp type represents date and time information using ISO 8601 format and is always in UTC time. For example, midnight UTC on Jan 1, 2014 is 2014-01-01T00:00:00Z.
id String The identifier of this password registered to this user. This is generally 28c10230-6103-485e-b985-444c60001490. Read-only.
password String For security, the password is always returned as null from a LIST or GET operation.

passwordlessmicrosoftauthenticatorauthenticationmethod

Property Type Description
id String The authentication method identifier.
displayName String The display name of the mobile device as given by the user.
creationDateTime DateTimeOffset The timestamp when this method was registered to the user.

phoneAuthenticationMethod

Property Type Description
id String The identifier of this phone registered to this user. Read-only.

The value of id is one of the following:
  • b6332ec1-7057-4abe-9331-3d72feddfe41 - where phoneType is alternateMobile.
  • e37fc753-ff3b-4958-9484-eaa9425c82bc - where phoneType is office.
  • 3179e48a-750b-4051-897c-87b9720928f7 - where phoneType is mobile.
phoneNumber String The phone number to text or call for authentication. Phone numbers use the format "+<country code> <number>x<extension>", with extension optional. For example, +1 5555551234 or +1 5555551234x123 are valid. Numbers are rejected when creating/updating if they do not match the required format.
phoneType authenticationPhoneType The type of this phone. Possible values are: mobile, alternateMobile, or office.
smsSignInState authenticationMethodSignInState Whether a phone is ready to be used for SMS sign-in or not. Possible values are: notSupported, notAllowedByPolicy, notEnabled, phoneNumberNotUnique, ready, or notConfigured, unknownFutureValue.

softwareOathAuthenticationMethod

Property Type Description
id String The authentication method identifier.
secretKey String The secret key of the method. Always returns null.

temporaryAccessPassAuthenticationMethod

Property Type Description
id String The identifier of the Temporary Access Pass registered to this user.
temporaryAccessPass String The temporaryAccessPass used to authenticate. Returned only on creation of a new temporaryAccessPass; returned as NULL with GET.
createdDateTime DateTimeOffset The date and time when the temporaryAccessPass was created.
startDateTime DateTimeOffset The date and time when the temporaryAccessPass becomes available to use.
lifetimeInMinutes Int32 The lifetime of the temporaryAccessPass in minutes starting at startDateTime. Minimum 10, Maximum 43200 (equivalent to 30 days).
isUsableOnce Boolean Determines whether the pass is limited to a one time use. If true, the pass can be used once; if false, the pass can be used multiple times within the temporaryAccessPass lifetime.
isUsable Boolean The state of the authentication method that indicates whether it's currently usable by the user.
methodUsabilityReason String Details about usability state (isUsable). Reasons can include: enabledByPolicy, disabledByPolicy, expired, notYetValid, oneTimeUsed.

windowsHelloForBusinessAuthenticationMethod

Property Type Description
createdDateTime DateTimeOffset The date and time that this Windows Hello for Business key was registered.
displayName String The name of the device on which Windows Hello for Business is registered
id String A unique identifier for this authentication method. Inherited from authenticationMethod
keyStrength authenticationMethodKeyStrength Key strength of this Windows Hello for Business key. Possible values are: normal, weak, unknown.
In This Article
Back to top Created by merill | Submit feedback