The following tables show the least privileged permission or permissions required to call this API on each supported resource type. Follow best practices to request least privileged permissions. For details about delegated and application permissions, see Permission types. To learn more about these permissions, see the permissions reference.
Permissions acting on self
Permission type
Least privileged permissions
Higher privileged permissions
Delegated (work or school account)
UserAuthenticationMethod.ReadWrite
UserAuthenticationMethod.ReadWrite.All
Delegated (personal Microsoft account)
Not supported.
Not supported.
Application
Not supported.
Not supported.
Permissions acting on other users
Permission type
Least privileged permissions
Higher privileged permissions
Delegated (work or school account)
UserAuthenticationMethod.ReadWrite.All
Not available.
Delegated (personal Microsoft account)
Not supported.
Not supported.
Application
UserAuthenticationMethod.ReadWrite.All
Not available.
Important
In delegated scenarios with work or school accounts where the signed-in user is acting on another user, they must be assigned a supported Microsoft Entra role or a custom role with a supported role permission. The following least privileged roles are supported for this operation.
Authentication Administrator
Privileged Authentication Administrator
HTTP request
Remove a FIDO2 authentication method from your own account. For a signed-in user to update their own authentication method, they must have satisfied a multi-factor authentication requirement during sign in.
DELETE /me/authentication/fido2Methods/{id}
Remove a FIDO2 authentication method from another user's account.
// Code snippets are only available for the latest version. Current version is 5.x
// To initialize your graphClient, see https://learn.microsoft.com/en-us/graph/sdks/create-client?from=snippets&tabs=csharp
await graphClient.Users["{user-id}"].Authentication.Fido2Methods["{fido2AuthenticationMethod-id}"].DeleteAsync();
// Code snippets are only available for the latest major version. Current major version is $v1.*
// Dependencies
import (
"context"
msgraphsdk "github.com/microsoftgraph/msgraph-sdk-go"
//other-imports
)
// To initialize your graphClient, see https://learn.microsoft.com/en-us/graph/sdks/create-client?from=snippets&tabs=go
graphClient.Users().ByUserId("user-id").Authentication().Fido2Methods().ByFido2AuthenticationMethodId("fido2AuthenticationMethod-id").Delete(context.Background(), nil)
// Code snippets are only available for the latest version. Current version is 6.x
GraphServiceClient graphClient = new GraphServiceClient(requestAdapter);
graphClient.users().byUserId("{user-id}").authentication().fido2Methods().byFido2AuthenticationMethodId("{fido2AuthenticationMethod-id}").delete();
<?php
use Microsoft\Graph\GraphServiceClient;
$graphServiceClient = new GraphServiceClient($tokenRequestContext, $scopes);
$graphServiceClient->users()->byUserId('user-id')->authentication()->fido2Methods()->byFido2AuthenticationMethodId('fido2AuthenticationMethod-id')->delete()->wait();
# Code snippets are only available for the latest version. Current version is 1.x
from msgraph import GraphServiceClient
# To initialize your graph_client, see https://learn.microsoft.com/en-us/graph/sdks/create-client?from=snippets&tabs=python
await graph_client.users.by_user_id('user-id').authentication.fido2_methods.by_fido2_authentication_method_id('fido2AuthenticationMethod-id').delete()