| title | authentication resource type |
|---|---|
| description | Exposes authentication method states for users and relationships that represent the authentication methods supported by Microsoft Entra ID. |
| author | jpettere |
| ms.reviewer | intelligentaccesspm |
| ms.localizationpriority | medium |
| ms.subservice | entra-sign-in |
| doc_type | resourcePageType |
| toc.title | Authentication method states |
| ms.date | 12/06/2024 |
Namespace: microsoft.graph
[!INCLUDE beta-disclaimer]
Exposes authentication method states for users and relationships that represent the authentication methods supported by Microsoft Entra ID. The following authentication methods states are supported:
- A user's sign-in preferences (system-preferred MFA)
- A users's MFA state (per-user MFA)
Inherits from entity.
| Method | Return type | Description |
|---|---|---|
| Get | authentication | Get the authentication states for a user, such as their sign-in preferences and their MFA state. |
| Update | authentication | Update the authentication states for a user, such as their sign-in preferences and their MFA state. |
| Property | Type | Description |
|---|---|---|
| id | String | Unique identifier. Read-only. |
| requirements | strongAuthenticationRequirements | The settings and preferences for per-user Microsoft Entra multifactor authentication. |
| signInPreferences | signInPreferences | The settings and preferences for the sign-in experience of a user. Use this property to configure the user's default multifactor authentication (MFA) method. |
| Relationship | Type | Description |
|---|---|---|
| emailMethods | emailAuthenticationMethod collection | Represents the email addresses registered to a user for authentication. |
| externalAuthenticationMethods | externalAuthenticationMethod collection | Represents the external MFA registered to a user for authentication. |
| fido2Methods | fido2AuthenticationMethod collection | Represents the FIDO2 security keys registered to a user for authentication. |
| hardwareOathMethods | hardwareOathAuthenticationMethod collection | The hardware OATH time-based one-time password (TOTP) devices assigned to a user for authentication. |
| methods | authenticationMethod collection | Represents all authentication methods registered to a user. |
| microsoftAuthenticatorMethods | microsoftAuthenticatorAuthenticationMethod collection | The details of the Microsoft Authenticator app registered to a user for authentication. |
| operations | longRunningOperation collection | Represents the status of a long-running operation, such as a password reset operation. |
| passwordlessMicrosoftAuthenticatorMethods | passwordlessMicrosoftAuthenticatorAuthenticationMethod collection | Represents the Microsoft Authenticator Passwordless Phone Sign-in methods registered to a user for authentication. |
| passwordMethods | passwordAuthenticationMethod collection | Represents the details of the password authentication method registered to a user for authentication. |
| phoneMethods | phoneAuthenticationMethod collection | Represents the phone registered to a user for authentication. |
| qrCodePinMethod | qrCodePinAuthenticationMethod | Represents a QR code authentication method registered to a user for authentication. |
| platformCredentialMethods | platformCredentialAuthenticationMethod collection | Represents a platform credential instance registered to a user on Mac OS. |
| softwareOathMethods | softwareOathAuthenticationMethod collection | The software OATH time-based one-time password (TOTP) applications registered to a user for authentication. |
| temporaryAccessPassMethods | temporaryAccessPassAuthenticationMethod collection | Represents a Temporary Access Pass registered to a user for authentication through time-limited passcodes. |
| windowsHelloForBusinessMethods | windowsHelloForBusinessAuthenticationMethod collection | Represents the Windows Hello for Business authentication method registered to a user for authentication. |
The following JSON representation shows the resource type.
{
"@odata.type": "#microsoft.graph.authentication",
"id": "String (identifier)",
"signInPreferences": {
"@odata.type": "microsoft.graph.signInPreferences"
},
"requirements": {
"@odata.type": "microsoft.graph.strongAuthenticationRequirements"
}
}