UserAuthenticationMethod.ReadWrite.All
Allows the app to read and write authentication methods of all users in your organization that the signed-in user has access to. Authentication methods include things like a user’s phone numbers and Authenticator app settings. This does not allow the app to see secret information like passwords, or to sign-in or otherwise use the authentication methods.
Graph Methods
Type: A = Application Permission, D = Delegate Permission
Ver |
Type |
Method |
V1 |
A,D |
DELETE /me/authentication/microsoftAuthenticatorMethods/{microsoftAuthenticatorAuthenticationMethodId} |
Beta |
A,D |
DELETE /me/authentication/phoneMethods/{id} |
Beta |
A,D |
DELETE /me/authentication/temporaryAccessPassMethods/{id} |
V1 |
A,D |
DELETE /me/authentication/windowsHelloForBusinessMethods/{windowsHelloForBusinessAuthenticationMethodId} |
Beta |
A,D |
DELETE /users/{id | userPrincipalName}/authentication/emailMethods/{id} |
V1 |
A,D |
DELETE /users/{id | userPrincipalName}/authentication/fido2Methods/{id} |
V1 |
A,D |
DELETE /users/{id | userPrincipalName}/authentication/microsoftAuthenticatorMethods/{microsoftAuthenticatorAuthenticationMethodId} |
Beta |
A,D |
DELETE /users/{id | userPrincipalName}/authentication/passwordlessMicrosoftAuthenticatorMethods/{id} |
Beta |
A,D |
DELETE /users/{id | userPrincipalName}/authentication/phoneMethods/{id} |
Beta |
A,D |
DELETE /users/{id | userPrincipalName}/authentication/softwareOathMethods/{id} |
Beta |
A,D |
DELETE /users/{id | userPrincipalName}/authentication/temporaryAccessPassMethods/{id} |
V1 |
A,D |
DELETE /users/{id | userPrincipalName}/authentication/windowsHelloForBusinessMethods/{windowsHelloForBusinessAuthenticationMethodId} |
Beta |
A,D |
GET /me/authentication/emailMethods |
Beta |
A,D |
GET /me/authentication/emailMethods/{id} |
V1 |
A,D |
GET /me/authentication/fido2Methods |
V1 |
A,D |
GET /me/authentication/fido2Methods/{id} |
V1 |
A,D |
GET /me/authentication/methods |
V1 |
A,D |
GET /me/authentication/methods/{id} |
V1 |
A,D |
GET /me/authentication/microsoftAuthenticatorMethods |
V1 |
A,D |
GET /me/authentication/microsoftAuthenticatorMethods/{microsoftAuthenticatorAuthenticationMethodId} |
Beta |
A,D |
GET /me/authentication/passwordlessMicrosoftAuthenticatorMethods |
Beta |
A,D |
GET /me/authentication/passwordlessMicrosoftAuthenticatorMethods/{id} |
Beta |
A,D |
GET /me/authentication/passwordMethods |
Beta |
A,D |
GET /me/authentication/passwordMethods/{id} |
Beta |
A,D |
GET /me/authentication/phoneMethods |
Beta |
A,D |
GET /me/authentication/phoneMethods/{phoneMethodId} |
Beta |
A,D |
GET /me/authentication/softwareOathMethods |
Beta |
A,D |
GET /me/authentication/softwareOathMethods/{id} |
Beta |
A,D |
GET /me/authentication/temporaryAccessPassMethods |
Beta |
A,D |
GET /me/authentication/temporaryAccessPassMethods/{temporaryAccessPassAuthenticationMethodId} |
V1 |
A,D |
GET /me/authentication/windowsHelloForBusinessMethods |
V1 |
A,D |
GET /me/authentication/windowsHelloForBusinessMethods/{windowsHelloForBusinessAuthenticationMethodId} |
Beta |
A,D |
GET /users/{id | userPrincipalName}/authentication/emailMethods |
Beta |
A,D |
GET /users/{id | userPrincipalName}/authentication/emailMethods/{id} |
V1 |
A,D |
GET /users/{id | userPrincipalName}/authentication/fido2Methods |
V1 |
A,D |
GET /users/{id | userPrincipalName}/authentication/fido2Methods/{id} |
V1 |
A,D |
GET /users/{id | userPrincipalName}/authentication/methods |
V1 |
A,D |
GET /users/{id | userPrincipalName}/authentication/methods/{id} |
V1 |
A,D |
GET /users/{id | userPrincipalName}/authentication/microsoftAuthenticatorMethods |
V1 |
A,D |
GET /users/{id | userPrincipalName}/authentication/microsoftAuthenticatorMethods/{microsoftAuthenticatorAuthenticationMethodId} |
Beta |
D |
GET /users/{id | userPrincipalName}/authentication/operations/{id} |
Beta |
A,D |
GET /users/{id | userPrincipalName}/authentication/passwordlessMicrosoftAuthenticatorMethods |
Beta |
A,D |
GET /users/{id | userPrincipalName}/authentication/passwordlessMicrosoftAuthenticatorMethods/{id} |
Beta |
A,D |
GET /users/{id | userPrincipalName}/authentication/passwordMethods |
Beta |
A,D |
GET /users/{id | userPrincipalName}/authentication/passwordMethods/{id} |
Beta |
A,D |
GET /users/{id | userPrincipalName}/authentication/phoneMethods |
Beta |
A,D |
GET /users/{id | userPrincipalName}/authentication/softwareOathMethods |
Beta |
A,D |
GET /users/{id | userPrincipalName}/authentication/softwareOathMethods/{id} |
Beta |
A,D |
GET /users/{id | userPrincipalName}/authentication/temporaryAccessPassMethods |
Beta |
A,D |
GET /users/{id | userPrincipalName}/authentication/temporaryAccessPassMethods/{temporaryAccessPassAuthenticationMethodId} |
V1 |
A,D |
GET /users/{id | userPrincipalName}/authentication/windowsHelloForBusinessMethods |
V1 |
A,D |
GET /users/{id | userPrincipalName}/authentication/windowsHelloForBusinessMethods/{windowsHelloForBusinessAuthenticationMethodId} |
Beta |
A,D |
GET /users/{userId | userPrincipalName}/authentication/phoneMethods/{phoneMethodId} |
Beta |
A,D |
POST /me/authentication/phoneMethods |
Beta |
A,D |
POST /me/authentication/phoneMethods/{id}/disableSmsSignIn |
Beta |
A,D |
POST /me/authentication/phoneMethods/{id}/enableSmsSignIn |
Beta |
A,D |
POST /users/{id | userPrincipalName}/authentication/emailMethods |
Beta |
D |
POST /users/{id | userPrincipalName}/authentication/passwordMethods/{id}/resetPassword |
Beta |
A,D |
POST /users/{id | userPrincipalName}/authentication/phoneMethods |
Beta |
A,D |
POST /users/{id | userPrincipalName}/authentication/phoneMethods/{id}/disableSmsSignIn |
Beta |
A,D |
POST /users/{id | userPrincipalName}/authentication/phoneMethods/{id}/enableSmsSignIn |
Beta |
A,D |
POST /users/{id | userPrincipalName}/authentication/temporaryAccessPassMethods |
Beta |
A,D |
PUT /me/authentication/phoneMethods/{id} |
Beta |
A,D |
PUT /users/{id | userPrincipalName}/authentication/emailMethods/{id} |
Beta |
A,D |
PUT /users/{id | userPrincipalName}/authentication/phoneMethods/{id} |
Delegate Permission
|
|
Id |
b7887744-6746-4312-813d-72daeaee7e2d |
Consent Type |
Admin |
Display String |
Read and write all users' authentication methods. |
Description |
Allows the app to read and write authentication methods of all users in your organization that the signed-in user has access to. Authentication methods include things like a user’s phone numbers and Authenticator app settings. This does not allow the app to see secret information like passwords, or to sign-in or otherwise use the authentication methods. |
Application Permission
|
|
Id |
50483e42-d915-4231-9639-7fdb7fd190e5 |
Display String |
Read and write all users' authentication methods |
Description |
Allows the application to read and write authentication methods of all users in your organization, without a signed-in user. Authentication methods include things like a user’s phone numbers and Authenticator app settings. This does not allow the app to see secret information like passwords, or to sign-in or otherwise use the authentication methods |
Resources
Property |
Type |
Description |
id |
String |
The identifier of this instance of an authentication method registered to this user. Read-only. |
Property |
Type |
Description |
id |
String |
The identifier of the email address registered to this user. |
emailAddress |
String |
The email address registered to this user. |
Property |
Type |
Description |
id |
String |
The authentication method identifier. |
displayName |
String |
The display name of the key as given by the user. |
createdDateTime |
DateTimeOffset |
The timestamp when this key was registered to the user. |
aaGuid |
String |
Authenticator Attestation GUID, an identifier that indicates the type (e.g. make and model) of the authenticator. |
model |
String |
The manufacturer-assigned model of the FIDO2 security key. |
attestationCertificates |
String collection |
The attestation certificate(s) attached to this security key. |
attestationLevel |
attestationLevel |
The attestation level of this FIDO2 security key. Possible values are: attested , or notAttested . |
Property |
Type |
Description |
createdDateTime |
DateTimeOffset |
The date and time that this app was registered. This property is null if the device is not registered for passwordless Phone Sign-In. |
displayName |
String |
The name of the device on which this app is registered. |
id |
String |
A unique identifier for this authentication method. Inherited from authenticationMethod |
deviceTag |
String |
Tags containing app metadata. |
phoneAppVersion |
String |
Numerical version of this instance of the Authenticator app. |
Property |
Type |
Description |
createdDateTime |
DateTimeOffset |
The start time of the operation. |
lastActionDateTime |
DateTimeOffset |
The time of the last action of the operation. |
status |
operationStatus |
The current status of the operation: notStarted , running , completed , failed |
Property |
Type |
Description |
creationDateTime |
DateTimeOffset |
The date and time when this password was last updated. This property is currently not populated. Read-only. The Timestamp type represents date and time information using ISO 8601 format and is always in UTC time. For example, midnight UTC on Jan 1, 2014 is 2014-01-01T00:00:00Z . |
id |
String |
The identifier of this password registered to this user. This is generally 28c10230-6103-485e-b985-444c60001490 . Read-only. |
password |
String |
For security, the password is always returned as null from a LIST or GET operation. |
Property |
Type |
Description |
id |
String |
The authentication method identifier. |
displayName |
String |
The display name of the mobile device as given by the user. |
creationDateTime |
DateTimeOffset |
The timestamp when this method was registered to the user. |
Property |
Type |
Description |
id |
String |
The identifier of this phone registered to this user. Read-only.
The value of id is one of the following:b6332ec1-7057-4abe-9331-3d72feddfe41 - where phoneType is alternateMobile .e37fc753-ff3b-4958-9484-eaa9425c82bc - where phoneType is office .3179e48a-750b-4051-897c-87b9720928f7 - where phoneType is mobile .
|
phoneNumber |
String |
The phone number to text or call for authentication. Phone numbers use the format "+<country code> <number>x<extension>", with extension optional. For example, +1 5555551234 or +1 5555551234x123 are valid. Numbers are rejected when creating/updating if they do not match the required format. |
phoneType |
authenticationPhoneType |
The type of this phone. Possible values are: mobile , alternateMobile , or office . |
smsSignInState |
authenticationMethodSignInState |
Whether a phone is ready to be used for SMS sign-in or not. Possible values are: notSupported , notAllowedByPolicy , notEnabled , phoneNumberNotUnique , ready , or notConfigured , unknownFutureValue . |
Property |
Type |
Description |
id |
String |
The authentication method identifier. |
secretKey |
String |
The secret key of the method. Always returns null . |
Property |
Type |
Description |
id |
String |
The identifier of the Temporary Access Pass registered to this user. |
temporaryAccessPass |
String |
The temporaryAccessPass used to authenticate. Returned only on creation of a new temporaryAccessPass; returned as NULL with GET. |
createdDateTime |
DateTimeOffset |
The date and time when the temporaryAccessPass was created. |
startDateTime |
DateTimeOffset |
The date and time when the temporaryAccessPass becomes available to use. |
lifetimeInMinutes |
Int32 |
The lifetime of the temporaryAccessPass in minutes starting at startDateTime. Minimum 10, Maximum 43200 (equivalent to 30 days). |
isUsableOnce |
Boolean |
Determines whether the pass is limited to a one time use. If true , the pass can be used once; if false , the pass can be used multiple times within the temporaryAccessPass lifetime. |
isUsable |
Boolean |
The state of the authentication method that indicates whether it's currently usable by the user. |
methodUsabilityReason |
String |
Details about usability state (isUsable). Reasons can include: enabledByPolicy , disabledByPolicy , expired , notYetValid , oneTimeUsed . |
Property |
Type |
Description |
createdDateTime |
DateTimeOffset |
The date and time that this Windows Hello for Business key was registered. |
displayName |
String |
The name of the device on which Windows Hello for Business is registered |
id |
String |
A unique identifier for this authentication method. Inherited from authenticationMethod |
keyStrength |
authenticationMethodKeyStrength |
Key strength of this Windows Hello for Business key. Possible values are: normal , weak , unknown . |