UserAuthenticationMethod.ReadWrite
Export JSON
Export CSV
Copy URL
Print
Delegated
Read/Write
User Scope
Allows the app to read and write the signed-in user's authentication methods, including phone numbers and Authenticator app settings. This does not allow the app to see secret information like the signed-in user's passwords, or to sign-in or otherwise use the signed-in user's authentication methods.
Permission data: April 6, 2026 at 4:06 AM UTC
Delegated Access
App-Only Access
Permission Details
Delegated Permission
Admin consent required
Read and write user authentication methods
Allows the app to read and write the signed-in user's authentication methods, including phone numbers and Authenticator app settings. This does not allow the app to see secret information like the signed-in user's passwords, or to sign-in or otherwise use the signed-in user's authentication methods.
User sees: Allows the app to read and write your authentication methods, including phone numbers and Authenticator app settings.This does not allow the app to see secret information like your passwords, or to sign-in or otherwise use your authentication methods.
Permission ID:
48971fc1-70d7-4245-af77-0beb29b53ee2
Properties
Microsoft Graph v1.0
endpoint-derived-docs
Properties is shown from stable Microsoft Graph v1.0 metadata.
| Property | Type | Description |
|---|---|---|
id |
String |
Unique identifier. Read-only. |
emailMethods |
emailAuthenticationMethod collection |
The email address registered to a user for authentication. |
externalAuthenticationMethods |
externalAuthenticationMethod collection |
Represents the external MFA registered to a user for authentication using an external identity provider. |
fido2Methods |
fido2AuthenticationMethod collection |
Represents the FIDO2 security keys registered to a user for authentication. |
methods |
authenticationMethod collection |
Represents all authentication methods registered to a user. |
microsoftAuthenticatorMethods |
microsoftAuthenticatorAuthenticationMethod collection |
The details of the Microsoft Authenticator app registered to a user for authentication. |
operations |
longRunningOperation collection |
Represents the status of a long-running operation, such as a password reset operation. |
passwordMethods |
passwordAuthenticationMethod collection |
Represents the password registered to a user for authentication. For security, the password itself is never returned in the object, but action can be taken to reset a password. |
phoneMethods |
phoneAuthenticationMethod collection |
The phone numbers registered to a user for authentication. |
platformCredentialMethods |
platformCredentialAuthenticationMethod collection |
Represents a platform credential instance registered to a user on Mac OS. |
softwareOathMethods |
softwareOathAuthenticationMethod collection |
The software OATH time-based one-time password (TOTP) applications registered to a user for authentication. |
temporaryAccessPassMethods |
temporaryAccessPassAuthenticationMethod collection |
Represents a Temporary Access Pass registered to a user for authentication through time-limited passcodes. |
windowsHelloForBusinessMethods |
windowsHelloForBusinessAuthenticationMethod collection |
Represents the Windows Hello for Business authentication method registered to a user for authentication. |
JSON Representation
Microsoft Graph v1.0
endpoint-derived-docs
JSON representation is shown from stable Microsoft Graph v1.0 metadata.
JSON representation
{
"@odata.type": "#microsoft.graph.authentication"
}Relationships
Microsoft Graph v1.0
endpoint-derived-docs
Relationships is shown from stable Microsoft Graph v1.0 metadata.
| Relationship | Type | Description |
|---|---|---|
emailMethods |
emailAuthenticationMethod collection |
The email address registered to a user for authentication. |
externalAuthenticationMethods |
externalAuthenticationMethod collection |
Represents the external MFA registered to a user for authentication using an external identity provider. |
fido2Methods |
fido2AuthenticationMethod collection |
Represents the FIDO2 security keys registered to a user for authentication. |
methods |
authenticationMethod collection |
Represents all authentication methods registered to a user. |
microsoftAuthenticatorMethods |
microsoftAuthenticatorAuthenticationMethod collection |
The details of the Microsoft Authenticator app registered to a user for authentication. |
operations |
longRunningOperation collection |
Represents the status of a long-running operation, such as a password reset operation. |
passwordMethods |
passwordAuthenticationMethod collection |
Represents the password registered to a user for authentication. For security, the password itself is never returned in the object, but action can be taken to reset a password. |
platformCredentialMethods |
platformCredentialAuthenticationMethod collection |
Represents a platform credential instance registered to a user on Mac OS. |
phoneMethods |
phoneAuthenticationMethod collection |
The phone numbers registered to a user for authentication. |
softwareOathMethods |
softwareOathAuthenticationMethod collection |
The software OATH time-based one-time password (TOTP) applications registered to a user for authentication. |
temporaryAccessPassMethods |
temporaryAccessPassAuthenticationMethod collection |
Represents a Temporary Access Pass registered to a user for authentication through time-limited passcodes. |
windowsHelloForBusinessMethods |
windowsHelloForBusinessAuthenticationMethod collection |
Represents the Windows Hello for Business authentication method registered to a user for authentication. |
hardwareOathMethods |
hardwareOathAuthenticationMethod collection |
The hardware OATH time-based one-time password (TOTP) devices assigned to a user for authentication. |
passwordlessMicrosoftAuthenticatorMethods |
passwordlessMicrosoftAuthenticatorAuthenticationMethod collection |
Represents the Microsoft Authenticator Passwordless Phone Sign-in methods registered to a user for authentication. |
Graph Methods
Delegated access
App-only access
Exact Microsoft Learn match
Microsoft Graph v1.0 endpoints are mapped directly from refreshed Microsoft Learn permissions tables.
Exact Microsoft Learn match
Microsoft Graph beta endpoints are mapped directly from refreshed Microsoft Learn permissions tables.
Exact Microsoft Learn PowerShell match
Microsoft Graph PowerShell v1.0 commands are mapped directly from refreshed Microsoft Learn PowerShell snippets.
Exact Microsoft Learn PowerShell match
Microsoft Graph PowerShell beta commands are mapped directly from refreshed Microsoft Learn PowerShell snippets.
Code Examples
C# / .NET SDK
Delete microsoftAuthenticatorAuthenticationMethod
// Code snippets are only available for the latest version. Current version is 5.x
// To initialize your graphClient, see https://learn.microsoft.com/en-us/graph/sdks/create-client?from=snippets&tabs=csharp
await graphClient.Users["{user-id}"].Authentication.MicrosoftAuthenticatorMethods["{microsoftAuthenticatorAuthenticationMethod-id}"].DeleteAsync();
JavaScript
Delete microsoftAuthenticatorAuthenticationMethod
const options = {
authProvider,
};
const client = Client.init(options);
await client.api('/users/[email protected]/authentication/microsoftAuthenticatorMethods/_jpuR-TGZtk6aQCLF3BQjA2')
.delete();
PowerShell
Delete microsoftAuthenticatorAuthenticationMethod
Import-Module Microsoft.Graph.Identity.SignIns
Remove-MgUserAuthenticationMicrosoftAuthenticatorMethod -UserId $userId -MicrosoftAuthenticatorAuthenticationMethodId $microsoftAuthenticatorAuthenticationMethodId
Python
Delete microsoftAuthenticatorAuthenticationMethod
# Code snippets are only available for the latest version. Current version is 1.x
from msgraph import GraphServiceClient
# To initialize your graph_client, see https://learn.microsoft.com/en-us/graph/sdks/create-client?from=snippets&tabs=python
await graph_client.users.by_user_id('user-id').authentication.microsoft_authenticator_methods.by_microsoft_authenticator_authentication_method_id('microsoftAuthenticatorAuthenticationMethod-id').delete()App Registration
1
Navigate to Azure Portal
Go to App registrations in Microsoft Entra admin center
2
Add API Permission
Select your app → API permissions → Add a permission → Microsoft Graph
3
Select Permission Type
Choose Delegated permissions and search for UserAuthenticationMethod.ReadWrite
4
Grant Admin Consent
This delegated permission requires admin consent.