Get-EntraUserAuthenticationMethod
Retrieve a list of a user's registered authentication methods.
Syntax
Get-EntraUserAuthenticationMethod
-UserId <String>
[<CommonParameters>] Description
The Get-EntraUserAuthenticationMethod cmdlet retrieves a list of a user's registered authentication methods. An authentication method is a way for a user to verify their identity, such as a password, phone (SMS or voice), or FIDO2 security key.
In delegated scenarios involving work or school accounts, where the signed-in user is acting on behalf of another user, the signed-in user must be assigned either a supported Microsoft Entra role or a custom role with the necessary permissions. For this operation, the following least privileged roles are supported:
- Global Reader
- Authentication Administrator
- Privileged Authentication Administrator
Examples
Example 1: Get a list of authentication methods registered to a user
Connect-Entra -Scopes 'UserAuthenticationMethod.Read.All'
Get-EntraUserAuthenticationMethod -UserId 'SawyerM@Contoso.com' | Select-Object Id, DisplayName, AuthenticationMethodType
Id DisplayName AuthenticationMethodType
-- ----------- ------------------------
00001111-aaaa-2222-bbbb-3333cccc4444 #microsoft.graph.passwordAuthenticationMethod
11112222-bbbb-3333-cccc-4444dddd5555 iPhone 16 #microsoft.graph.microsoftAuthenticatorAuthenticationMethodThis example retrieves a Get a list of a user's registered authentication methods.
-UserIdparameter specifies the object ID of a user(as a UserPrincipalName or ObjectId).
Parameters
-UserId
Specifies the ID of a user (as a UserPrincipalName or ObjectId) in Microsoft Entra ID.
| Type: | System.String |
| Aliases: | ObjectId |
| Position: | Named |
| Default value: | None |
| Required: | True |
| Accept pipeline input: | True |
| Accept wildcard characters: | False |
Notes
The authentication administrator only sees masked phone numbers.