| title | Get authentication states |
|---|---|
| description | Read the properties of a user's authentication method states, such as their sign-in preferences (system-preferred MFA) and per-user MFA state. |
| author | jpettere |
| ms.reviewer | intelligentaccesspm |
| ms.localizationpriority | medium |
| ms.subservice | entra-sign-in |
| doc_type | apiPageType |
| ms.date | 10/22/2024 |
Namespace: microsoft.graph
[!INCLUDE beta-disclaimer]
Read the properties of a user's authentication states. Use this API to retrieve the following information:
- A user's signInPreferences (system-preferred MFA)
- A user's strongAuthenticationRequirements (per-user MFA)
[!INCLUDE national-cloud-support]
Choose the permission or permissions marked as least privileged for this API. Use a higher privileged permission or permissions only if your app requires it. For details about delegated and application permissions, see Permission types. To learn more about these permissions, see the permissions reference.
[!INCLUDE permissions-table]
[!INCLUDE rbac-authentication-methods-apis-read-others]
[!INCLUDE permissions-table]
[!INCLUDE permissions-table]
[!INCLUDE rbac-authentication-methods-policy-apis-read]
To retrieve the sign-in preferences (system-preferred MFA) for a user:
GET /users/{id | userPrincipalName}/authentication/signInPreferencesTo retrieve the per-user multifactor authentication state for the signed-in user:
GET /me/authentication/requirements[!INCLUDE me-apis-sign-in-note]
To retrieve the per-user multifactor authentication state for a user:
GET /users/{id | userPrincipalName}/authentication/requirements| Name | Description |
|---|---|
| Authorization | Bearer {token}. Required. Learn more about authentication and authorization. |
Don't supply a request body for this method.
For sign-in preferences: If successful, this method returns a 200 OK response code and a signInPreferences object in the response body.
The following example shows a request.
GET https://graph.microsoft.com/beta/users/071cc716-8147-4397-a5ba-b2105951cc0b/authentication/signInPreferences
[!INCLUDE sample-code] [!INCLUDE sdk-documentation]
[!INCLUDE sample-code] [!INCLUDE sdk-documentation]
[!INCLUDE sample-code] [!INCLUDE sdk-documentation]
[!INCLUDE sample-code] [!INCLUDE sdk-documentation]
[!INCLUDE sample-code] [!INCLUDE sdk-documentation]
[!INCLUDE sample-code] [!INCLUDE sdk-documentation]
[!INCLUDE sample-code] [!INCLUDE sdk-documentation]
The following example shows the response.
Note: The response object shown here might be shortened for readability.
HTTP/1.1 200 OK
Content-Type: application/json
{
"isSystemPreferredAuthenticationMethodEnabled": false,
"userPreferredMethodForSecondaryAuthentication": "push"
}The following example shows a request.
GET https://graph.microsoft.com/beta/users/071cc716-8147-4397-a5ba-b2105951cc0b/authentication/requirements
[!INCLUDE sample-code] [!INCLUDE sdk-documentation]
[!INCLUDE sample-code] [!INCLUDE sdk-documentation]
[!INCLUDE sample-code] [!INCLUDE sdk-documentation]
[!INCLUDE sample-code] [!INCLUDE sdk-documentation]
[!INCLUDE sample-code] [!INCLUDE sdk-documentation]
[!INCLUDE sample-code] [!INCLUDE sdk-documentation]
[!INCLUDE sample-code] [!INCLUDE sdk-documentation]
The following example shows the response.
Note: The response object shown here might be shortened for readability.
HTTP/1.1 200 OK
Content-Type: application/json
{
"perUserMfaState": "enforced"
}