UserAuthenticationMethod.ReadWrite.All
Allows the application to read and write authentication methods of all users in your organization, without a signed-in user. Authentication methods include things like a user’s phone numbers and Authenticator app settings. This does not allow the app to see secret information like passwords, or to sign-in or otherwise use the authentication methods
Permission Details
Read and write all users' authentication methods
Allows the application to read and write authentication methods of all users in your organization, without a signed-in user. Authentication methods include things like a user’s phone numbers and Authenticator app settings. This does not allow the app to see secret information like passwords, or to sign-in or otherwise use the authentication methods
50483e42-d915-4231-9639-7fdb7fd190e5
Read and write all users' authentication methods.
Allows the app to read and write authentication methods of all users in your organization that the signed-in user has access to. Authentication methods include things like a user’s phone numbers and Authenticator app settings. This does not allow the app to see secret information like passwords, or to sign-in or otherwise use the authentication methods.
b7887744-6746-4312-813d-72daeaee7e2d
Properties
Properties is shown from stable Microsoft Graph v1.0 metadata.
| Property | Type | Description |
|---|---|---|
id |
String |
Unique identifier. Read-only. |
emailMethods |
emailAuthenticationMethod collection |
The email address registered to a user for authentication. |
externalAuthenticationMethods |
externalAuthenticationMethod collection |
Represents the external MFA registered to a user for authentication using an external identity provider. |
fido2Methods |
fido2AuthenticationMethod collection |
Represents the FIDO2 security keys registered to a user for authentication. |
methods |
authenticationMethod collection |
Represents all authentication methods registered to a user. |
microsoftAuthenticatorMethods |
microsoftAuthenticatorAuthenticationMethod collection |
The details of the Microsoft Authenticator app registered to a user for authentication. |
operations |
longRunningOperation collection |
Represents the status of a long-running operation, such as a password reset operation. |
passwordMethods |
passwordAuthenticationMethod collection |
Represents the password registered to a user for authentication. For security, the password itself is never returned in the object, but action can be taken to reset a password. |
phoneMethods |
phoneAuthenticationMethod collection |
The phone numbers registered to a user for authentication. |
platformCredentialMethods |
platformCredentialAuthenticationMethod collection |
Represents a platform credential instance registered to a user on Mac OS. |
softwareOathMethods |
softwareOathAuthenticationMethod collection |
The software OATH time-based one-time password (TOTP) applications registered to a user for authentication. |
temporaryAccessPassMethods |
temporaryAccessPassAuthenticationMethod collection |
Represents a Temporary Access Pass registered to a user for authentication through time-limited passcodes. |
windowsHelloForBusinessMethods |
windowsHelloForBusinessAuthenticationMethod collection |
Represents the Windows Hello for Business authentication method registered to a user for authentication. |
JSON Representation
JSON representation is shown from stable Microsoft Graph v1.0 metadata.
{
"@odata.type": "#microsoft.graph.authentication"
}Relationships
Relationships is shown from stable Microsoft Graph v1.0 metadata.
| Relationship | Type | Description |
|---|---|---|
emailMethods |
emailAuthenticationMethod collection |
The email address registered to a user for authentication. |
externalAuthenticationMethods |
externalAuthenticationMethod collection |
Represents the external MFA registered to a user for authentication using an external identity provider. |
fido2Methods |
fido2AuthenticationMethod collection |
Represents the FIDO2 security keys registered to a user for authentication. |
methods |
authenticationMethod collection |
Represents all authentication methods registered to a user. |
microsoftAuthenticatorMethods |
microsoftAuthenticatorAuthenticationMethod collection |
The details of the Microsoft Authenticator app registered to a user for authentication. |
operations |
longRunningOperation collection |
Represents the status of a long-running operation, such as a password reset operation. |
passwordMethods |
passwordAuthenticationMethod collection |
Represents the password registered to a user for authentication. For security, the password itself is never returned in the object, but action can be taken to reset a password. |
platformCredentialMethods |
platformCredentialAuthenticationMethod collection |
Represents a platform credential instance registered to a user on Mac OS. |
phoneMethods |
phoneAuthenticationMethod collection |
The phone numbers registered to a user for authentication. |
softwareOathMethods |
softwareOathAuthenticationMethod collection |
The software OATH time-based one-time password (TOTP) applications registered to a user for authentication. |
temporaryAccessPassMethods |
temporaryAccessPassAuthenticationMethod collection |
Represents a Temporary Access Pass registered to a user for authentication through time-limited passcodes. |
windowsHelloForBusinessMethods |
windowsHelloForBusinessAuthenticationMethod collection |
Represents the Windows Hello for Business authentication method registered to a user for authentication. |
hardwareOathMethods |
hardwareOathAuthenticationMethod collection |
The hardware OATH time-based one-time password (TOTP) devices assigned to a user for authentication. |
passwordlessMicrosoftAuthenticatorMethods |
passwordlessMicrosoftAuthenticatorAuthenticationMethod collection |
Represents the Microsoft Authenticator Passwordless Phone Sign-in methods registered to a user for authentication. |
Graph Methods
Microsoft Graph v1.0 endpoints are mapped directly from refreshed Microsoft Learn permissions tables.
Microsoft Graph beta endpoints are mapped directly from refreshed Microsoft Learn permissions tables.
Microsoft Graph PowerShell v1.0 commands are mapped directly from refreshed Microsoft Learn PowerShell snippets.
Microsoft Graph PowerShell beta commands are mapped directly from refreshed Microsoft Learn PowerShell snippets.
Code Examples
// Code snippets are only available for the latest version. Current version is 5.x
// Dependencies
using Microsoft.Graph.Users.Item.Authentication.Methods.Item.ResetPassword;
var requestBody = new ResetPasswordPostRequestBody
{
NewPassword = "Cuyo5459",
};
// To initialize your graphClient, see https://learn.microsoft.com/en-us/graph/sdks/create-client?from=snippets&tabs=csharp
var result = await graphClient.Users["{user-id}"].Authentication.Methods["{authenticationMethod-id}"].ResetPassword.PostAsync(requestBody);const options = {
authProvider,
};
const client = Client.init(options);
const passwordResetResponse = {
newPassword: 'Cuyo5459'
};
await client.api('/users/6ea91a8d-e32e-41a1-b7bd-d2d185eed0e0/authentication/methods/28c10230-6103-485e-b985-444c60001490/resetPassword')
.post(passwordResetResponse);Import-Module Microsoft.Graph.Identity.SignIns
$params = @{
newPassword = "Cuyo5459"
}
Reset-MgUserAuthenticationMethodPassword -UserId $userId -AuthenticationMethodId $authenticationMethodId -BodyParameter $params# Code snippets are only available for the latest version. Current version is 1.x
from msgraph import GraphServiceClient
from msgraph.generated.users.item.authentication.methods.item.reset_password.reset_password_post_request_body import ResetPasswordPostRequestBody
# To initialize your graph_client, see https://learn.microsoft.com/en-us/graph/sdks/create-client?from=snippets&tabs=python
request_body = ResetPasswordPostRequestBody(
new_password = "Cuyo5459",
)
result = await graph_client.users.by_user_id('user-id').authentication.methods.by_authentication_method_id('authenticationMethod-id').reset_password.post(request_body)App Registration
Navigate to Azure Portal
Go to App registrations in Microsoft Entra admin center
Add API Permission
Select your app → API permissions → Add a permission → Microsoft Graph
Select Permission Type
Choose Application permissions or delegated permissions and search for UserAuthenticationMethod.ReadWrite.All
Grant Admin Consent
Application permissions always require admin consent.