Get passwordAuthenticationMethod
Namespace: microsoft.graph
Retrieve a password that's registered to a user, represented by a passwordAuthenticationMethod object. For security, the password itself will never be returned in the object and the password property is always null
.
This API is available in the following national cloud deployments.
Global service | US Government L4 | US Government L5 (DOD) | China operated by 21Vianet |
---|---|---|---|
✅ | ✅ | ✅ | ❌ |
Permissions
One of the following permissions is required to call this API. To learn more, including how to choose permissions, see Permissions.
Permissions acting on self
Permission type | Least privileged permissions | Higher privileged permissions |
---|---|---|
Delegated (work or school account) | UserAuthenticationMethod.Read | UserAuthenticationMethod.ReadWrite, UserAuthenticationMethod.Read.All, UserAuthenticationMethod.ReadWrite.All |
Delegated (personal Microsoft account) | Not supported. | Not supported. |
Application | Not supported. | Not supported. |
Permissions acting on other users
Permission type | Least privileged permissions | Higher privileged permissions |
---|---|---|
Delegated (work or school account) | UserAuthenticationMethod.Read.All | UserAuthenticationMethod.ReadWrite.All |
Delegated (personal Microsoft account) | Not supported. | Not supported. |
Application | UserAuthenticationMethod.Read.All | UserAuthenticationMethod.ReadWrite.All |
Important
In delegated scenarios with work or school accounts, the signed-in user must be assigned a supported Microsoft Entra role or a custom role with a supported role permission. The following least privileged roles are supported for this operation.
- Global Reader
- Authentication Administrator
- Privileged Authentication Administrator
Admins with User Administrator, Helpdesk Administrator, or Password Administrator roles can also retrieve password authentication methods for non-admin users and a limited set of admin roles as defined in Who can reset passwords.
HTTP request
The ID of the password authentication method, referenced by {passwordMethods-id}
, is always 28c10230-6103-485e-b985-444c60001490
.
Get details of your own password authentication method.
GET /me/authentication/passwordMethods/{passwordMethods-id}
Get details of your own or another user's password authentication method.
GET /users/{id | userPrincipalName}/authentication/passwordMethods/{passwordMethods-id}
Optional query parameters
This method does not support optional query parameters to customize the response.
Request headers
Name | Description |
---|---|
Authorization | Bearer {token}. Required. Learn more about authentication and authorization. |
Request body
Don't supply a request body for this method.
Response
If successful, this method returns a 200 OK
response code and the requested passwordAuthenticationMethod object in the response body.
Examples
Request
The following example shows a request.
GET https://graph.microsoft.com/v1.0/me/authentication/passwordMethods/28c10230-6103-485e-b985-444c60001490
Response
The following example shows the response.
Note: The response object shown here might be shortened for readability.
HTTP/1.1 200 OK
Content-type: application/json
{
"@odata.context": "https://graph.microsoft.com/v1.0/$metadata#users('67273bfa-5cd8-477a-acf7-e13ff81ebf70')/authentication/passwordMethods/$entity",
"id": "28c10230-6103-485e-b985-444c60001490",
"password": null,
"creationDateTime": null
}