ESC
Type to search...
Navigate Open ESC Close

UserAuthMethod-SoftwareOATH.ReadWrite

Export JSON
Export CSV
Copy URL
Print
Delegated Read/Write User Scope

Allows the app to read and write the signed-in user's SoftwareOATH authentication methods. This does not allow the app to see secret information like passwords, or to sign-in or otherwise use the authentication methods.

Permission data: April 6, 2026 at 4:06 AM UTC
Delegated Access App-Only Access

Permission Details

Delegated Permission Admin consent required

Read and write the signed-in user's SoftwareOATH authentication methods

Allows the app to read and write the signed-in user's SoftwareOATH authentication methods. This does not allow the app to see secret information like passwords, or to sign-in or otherwise use the authentication methods.

User sees: Allows the app to read and write your SoftwareOATH authentication methods. This does not allow the app to see secret information like passwords, or to sign-in or otherwise use the authentication methods.
Permission ID: 16721eb3-4493-4ae1-9542-264d9ffe3ce9

Properties

Microsoft Graph v1.0 endpoint-derived-docs

Properties is shown from stable Microsoft Graph v1.0 metadata.

Property Type Description
id String Unique identifier. Read-only.
emailMethods emailAuthenticationMethod collection The email address registered to a user for authentication.
externalAuthenticationMethods externalAuthenticationMethod collection Represents the external MFA registered to a user for authentication using an external identity provider.
fido2Methods fido2AuthenticationMethod collection Represents the FIDO2 security keys registered to a user for authentication.
methods authenticationMethod collection Represents all authentication methods registered to a user.
microsoftAuthenticatorMethods microsoftAuthenticatorAuthenticationMethod collection The details of the Microsoft Authenticator app registered to a user for authentication.
operations longRunningOperation collection Represents the status of a long-running operation, such as a password reset operation.
passwordMethods passwordAuthenticationMethod collection Represents the password registered to a user for authentication. For security, the password itself is never returned in the object, but action can be taken to reset a password.
phoneMethods phoneAuthenticationMethod collection The phone numbers registered to a user for authentication.
platformCredentialMethods platformCredentialAuthenticationMethod collection Represents a platform credential instance registered to a user on Mac OS.
softwareOathMethods softwareOathAuthenticationMethod collection The software OATH time-based one-time password (TOTP) applications registered to a user for authentication.
temporaryAccessPassMethods temporaryAccessPassAuthenticationMethod collection Represents a Temporary Access Pass registered to a user for authentication through time-limited passcodes.
windowsHelloForBusinessMethods windowsHelloForBusinessAuthenticationMethod collection Represents the Windows Hello for Business authentication method registered to a user for authentication.

JSON Representation

Microsoft Graph v1.0 endpoint-derived-docs

JSON representation is shown from stable Microsoft Graph v1.0 metadata.

JSON representation 
{
  "@odata.type": "#microsoft.graph.authentication"
}

Relationships

Microsoft Graph v1.0 endpoint-derived-docs

Relationships is shown from stable Microsoft Graph v1.0 metadata.

Relationship Type Description
emailMethods emailAuthenticationMethod collection The email address registered to a user for authentication.
externalAuthenticationMethods externalAuthenticationMethod collection Represents the external MFA registered to a user for authentication using an external identity provider.
fido2Methods fido2AuthenticationMethod collection Represents the FIDO2 security keys registered to a user for authentication.
methods authenticationMethod collection Represents all authentication methods registered to a user.
microsoftAuthenticatorMethods microsoftAuthenticatorAuthenticationMethod collection The details of the Microsoft Authenticator app registered to a user for authentication.
operations longRunningOperation collection Represents the status of a long-running operation, such as a password reset operation.
passwordMethods passwordAuthenticationMethod collection Represents the password registered to a user for authentication. For security, the password itself is never returned in the object, but action can be taken to reset a password.
platformCredentialMethods platformCredentialAuthenticationMethod collection Represents a platform credential instance registered to a user on Mac OS.
phoneMethods phoneAuthenticationMethod collection The phone numbers registered to a user for authentication.
softwareOathMethods softwareOathAuthenticationMethod collection The software OATH time-based one-time password (TOTP) applications registered to a user for authentication.
temporaryAccessPassMethods temporaryAccessPassAuthenticationMethod collection Represents a Temporary Access Pass registered to a user for authentication through time-limited passcodes.
windowsHelloForBusinessMethods windowsHelloForBusinessAuthenticationMethod collection Represents the Windows Hello for Business authentication method registered to a user for authentication.
hardwareOathMethods hardwareOathAuthenticationMethod collection The hardware OATH time-based one-time password (TOTP) devices assigned to a user for authentication.
passwordlessMicrosoftAuthenticatorMethods passwordlessMicrosoftAuthenticatorAuthenticationMethod collection Represents the Microsoft Authenticator Passwordless Phone Sign-in methods registered to a user for authentication.

Graph Methods

Delegated access App-only access
Exact Microsoft Learn match

Microsoft Graph v1.0 endpoints are mapped directly from refreshed Microsoft Learn permissions tables.

Methods
GET /me/authentication/softwareOathMethods
GET /me/authentication/softwareOathMethods/{id}
GET /users/{id | userPrincipalName}/authentication/softwareOathMethods
GET /users/{id | userPrincipalName}/authentication/softwareOathMethods/{id}
DELETE /me/authentication/softwareOathMethods/{id}
DELETE /users/{id | userPrincipalName}/authentication/softwareOathMethods/{id}
Exact Microsoft Learn match

Microsoft Graph beta endpoints are mapped directly from refreshed Microsoft Learn permissions tables.

Methods
GET /me/authentication/softwareOathMethods
GET /me/authentication/softwareOathMethods/{id}
GET /users/{id | userPrincipalName}/authentication/softwareOathMethods
GET /users/{id | userPrincipalName}/authentication/softwareOathMethods/{id}
DELETE /me/authentication/softwareOathMethods/{id}
DELETE /users/{id | userPrincipalName}/authentication/softwareOathMethods/{id}
Exact Microsoft Learn PowerShell match

Microsoft Graph PowerShell v1.0 commands are mapped directly from refreshed Microsoft Learn PowerShell snippets.

Commands
Get-MgUserAuthenticationSoftwareOathMethod /me/authentication/softwareOathMethods
List softwareOathMethods
Get-MgUserAuthenticationSoftwareOathMethod /me/authentication/softwareOathMethods/{id}
Get softwareOathAuthenticationMethod
Remove-MgUserAuthenticationSoftwareOathMethod /me/authentication/softwareOathMethods/{id}
Delete softwareOathAuthenticationMethod
Exact Microsoft Learn PowerShell match

Microsoft Graph PowerShell beta commands are mapped directly from refreshed Microsoft Learn PowerShell snippets.

Commands
Get-MgBetaUserAuthenticationSoftwareOathMethod /me/authentication/softwareOathMethods
List softwareOathMethods
Get-MgBetaUserAuthenticationSoftwareOathMethod /me/authentication/softwareOathMethods/{id}
Get softwareOathAuthenticationMethod
Remove-MgBetaUserAuthenticationSoftwareOathMethod /me/authentication/softwareOathMethods/{id}
Delete softwareOathAuthenticationMethod

Code Examples

C# / .NET SDK
Delete softwareOathAuthenticationMethod
View official example on Microsoft Learn
// Code snippets are only available for the latest version. Current version is 5.x

// To initialize your graphClient, see https://learn.microsoft.com/en-us/graph/sdks/create-client?from=snippets&tabs=csharp
await graphClient.Users["{user-id}"].Authentication.SoftwareOathMethods["{softwareOathAuthenticationMethod-id}"].DeleteAsync();
JavaScript
Delete softwareOathAuthenticationMethod
View official example on Microsoft Learn
const options = {
	authProvider,
};

const client = Client.init(options);

await client.api('/users/[email protected]/authentication/softwareOathMethods/b172893e-893e-b172-3e89-72b13e8972b1')
	.delete();
PowerShell
Delete softwareOathAuthenticationMethod
View official example on Microsoft Learn
Import-Module Microsoft.Graph.Identity.SignIns

Remove-MgUserAuthenticationSoftwareOathMethod -UserId $userId -SoftwareOathAuthenticationMethodId $softwareOathAuthenticationMethodId
Python
Delete softwareOathAuthenticationMethod
View official example on Microsoft Learn
# Code snippets are only available for the latest version. Current version is 1.x
from msgraph import GraphServiceClient
# To initialize your graph_client, see https://learn.microsoft.com/en-us/graph/sdks/create-client?from=snippets&tabs=python

await graph_client.users.by_user_id('user-id').authentication.software_oath_methods.by_software_oath_authentication_method_id('softwareOathAuthenticationMethod-id').delete()

App Registration

1

Navigate to Azure Portal

Go to App registrations in Microsoft Entra admin center

2

Add API Permission

Select your app → API permissions → Add a permission → Microsoft Graph

3

Select Permission Type

Choose Delegated permissions and search for UserAuthMethod-SoftwareOATH.ReadWrite

4

Grant Admin Consent

This delegated permission requires admin consent.