Azure AD authentication methods API overview

Namespace: microsoft.graph

Important

APIs under the /beta version in Microsoft Graph are subject to change. Use of these APIs in production applications is not supported.

Authentication methods are the ways that users authenticate in Azure Active Directory (AD). Authentication methods in Azure AD include password and phone (for example, SMS and voice calls), which are manageable in Microsoft Graph today, among many others such as FIDO2 security keys and the Microsoft Authenticator app. Authentication methods are used in primary, second-factor, and step-up authentication, and also in the self-service password reset (SSPR) process.

The authentication method APIs are used to manage a user's authentication methods. For example:

  • You can add a phone number to a user. The user can then use that phone number for SMS and voice call authentication if they're enabled to use it by policy.
  • You can update that number, or delete it from the user.
  • You can enable or disable the number for SMS sign-in.
  • You can reset a user's password.

What authentication methods can be managed in Microsoft Graph?

Authentication method Description Examples
passwordAuthenticationMethod A password is currently the default primary authentication method in Azure AD. Reset a user's password
phoneAuthenticationMethod A phone can be used by a user to authenticate using SMS or voice calls (as allowed by policy). See a user's authentication phone numbers. Add, update, or remove a phone number to a user. Enable or disable a primary mobile phone for SMS sign-in.

Next steps

  • Review the authentication method types and their various methods.
  • Try the API in the Graph Explorer.