+# [PowerShell](#tab/powershell)

+# [PowerShell](#tab/powershell)

+ Title: "List emailAuthenticationMethods"

+description: "Get a list of the emailAuthenticationMethod objects and their properties."

+ms.localizationpriority: medium

+# List emailAuthenticationMethods

+Namespace: microsoft.graph

+Retrieve a list of a user's [email Authentication Method](../resources/emailauthenticationmethod.md) objects and their properties. This call will only return a single object as only one email method can be set on users.

+## Permissions

+One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Permissions](/graph/permissions-reference).

+### Permissions acting on self

+|Permission type | Permissions (from least to most privileged) |

+|:|:-|

+| Delegated (work or school account) | UserAuthenticationMethod.Read, UserAuthenticationMethod.ReadWrite |

+| Delegated (personal Microsoft account) | Not supported. |

+| Application | Not supported. |

+### Permissions acting on other users

+|Permission type | Permissions (from least to most privileged) |

+|:|:-|:--|

+| Delegated (work or school account) | UserAuthenticationMethod.Read.All, UserAuthenticationMethod.ReadWrite.All |

+| Delegated (personal Microsoft account) | Not supported. |

+| Application | UserAuthenticationMethod.Read.All, UserAuthenticationMethod.ReadWrite.All |

+For delegated scenarios where an admin is acting on another user, the admin needs one of the following [roles](/azure/active-directory/users-groups-roles/directory-assign-admin-roles#available-roles):

+* Global administrator

+* Global reader

+* Privileged authentication administrator

+* Authentication administrator

+## HTTP request

+<!-- {

+ "blockType": "ignored"

+}

+-->

+``` http

+GET /me/authentication/emailMethods

+GET /users/{id | userPrincipalName}/authentication/emailMethods

+```

+## Optional query parameters

+This method does not support optional query parameters to customize the response.

+## Request headers

+|Name|Description|

+|:|:|

+|Authorization|Bearer {token}|

+## Request body

+Do not supply a request body for this method.

+## Response

+If successful, this method returns a `200 OK` response code and a collection of [emailAuthenticationMethod](../resources/emailauthenticationmethod.md) objects in the response body.

+## Examples

+### Request

+# [HTTP](#tab/http)

+<!-- {

+ "blockType": "request",

+ "name": "get_emailauthenticationmethod_2"

+}

+-->

+``` http

+GET https://graph.microsoft.com/beta/me/authentication/emailMethods

+```

+# [C#](#tab/csharp)

+# [JavaScript](#tab/javascript)

+# [Java](#tab/java)

+# [Go](#tab/go)

+# [PowerShell](#tab/powershell)

+# [PHP](#tab/php)

+### Response

+The following is an example of the response.

+**Note:** The response object shown here might be shortened for readability.

+<!-- {

+ "blockType": "response",

+ "truncated": true,

+ "@odata.type": "Collection(microsoft.graph.emailAuthenticationMethod)"

+}

+-->

+``` http

+HTTP/1.1 200 OK

+Content-type: application/json

+{

+ "value": [

+ {

+ "id": "3ddfcfc8-9383-446f-83cc-3ab9be4be18f",

+ "emailAddress": "KimA@contoso.com"

+ }

+ ]

+}

+```

+ Title: "Create emailAuthenticationMethod"

+description: "Create a new emailAuthenticationMethod object."

+ms.localizationpriority: medium

+# Create emailAuthenticationMethod

+Namespace: microsoft.graph

+Set a user's [emailAuthenticationMethod](../resources/emailauthenticationmethod.md) object. Email authentication is a self-service password reset method. A user may only have one email authentication method.

+## Permissions

+One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Permissions](/graph/permissions-reference).

+### Permissions acting on self

+|Permission type | Permissions (from least to most privileged) |

+|:|:-|

+| Delegated (work or school account) | UserAuthenticationMethod.ReadWrite |

+| Delegated (personal Microsoft account) | Not supported. |

+| Application | Not supported. |

+### Permissions acting on other users

+|Permission type | Permissions (from least to most privileged) |

+|:|:-|

+| Delegated (work or school account) | UserAuthenticationMethod.ReadWrite.All |

+| Delegated (personal Microsoft account) | Not supported. |

+| Application | UserAuthenticationMethod.ReadWrite.All |

+For delegated scenarios where an admin is acting on another user, the admin needs one of the following [roles](/azure/active-directory/users-groups-roles/directory-assign-admin-roles#available-roles):

+* Global administrator

+* Privileged authentication administrator

+* Authentication administrator

+## HTTP request

+<!-- {

+ "blockType": "ignored"

+}

+-->

+``` http

+POST /users/{id | userPrincipalName}/authentication/emailMethods

+```

+## Request headers

+|Name|Description|

+|:|:|

+|Authorization|Bearer {token}. Required.|

+|Content-Type|application/json. Required.|

+## Request body

+In the request body, supply a JSON representation of the [emailAuthenticationMethod](../resources/emailauthenticationmethod.md) object with the desired email address.

+The following table shows the properties that are required when you create the [emailAuthenticationMethod](../resources/emailauthenticationmethod.md).

+|Property|Type|Description|

+|:|:|:|

+|emailAddress|String|Email address|

+## Response

+If successful, this method returns a `201 Created` response code and a new [emailAuthenticationMethod](../resources/emailauthenticationmethod.md) object in the response body.

+## Examples

+### Request

+# [HTTP](#tab/http)

+<!-- {

+ "blockType": "request",

+ "name": "create_emailauthenticationmethod_from_",

+ "sampleKeys": ["kim@contoso.com"]

+}

+-->

+``` http

+POST https://graph.microsoft.com/beta/users/kim@contoso.com/authentication/emailMethods

+Content-Type: application/json

+{

+ "emailAddress": "kim@contoso.com"

+}

+```

+# [C#](#tab/csharp)

+# [JavaScript](#tab/javascript)

+# [Java](#tab/java)

+# [Go](#tab/go)

+# [PowerShell](#tab/powershell)

+# [PHP](#tab/php)

+### Response

+The following is an example of the response.

+**Note:** The response object shown here might be shortened for readability.

+<!-- {

+ "blockType": "response",

+ "truncated": true,

+ "@odata.type": "microsoft.graph.emailAuthenticationMethod"

+}

+-->

+``` http

+HTTP/1.1 200 OK

+Content-type: application/json

+{

+ "id": "3ddfcfc8-9383-446f-83cc-3ab9be4be18f",

+ "emailAddress": "kim@contoso.com"

+}

+```

+| Application | BookingsAppointment.ReadWrite.All, Bookings.Read.All |

+ Title: "Permanently delete item (directory object)"

+description: "Permanently delete a recently deleted application, group, service principal, or user from deleted items."

+# Permanently delete item (directory object)

+Permanently delete a recently deleted [application](../resources/application.md), [group](../resources/group.md), [servicePrincipal](../resources/serviceprincipal.md), or [user](../resources/user.md) object from [deleted items](../resources/directory.md). You can permanently delete an item from deleted items. But, once an item is permanently deleted, it **cannot** be restored.

+ Title: "Get deleted item (directory object)"

+description: "Retrieve the properties of a recently deleted application, group, service principal, or user from deleted items."

+# Get deleted item (directory object)

+Retrieve the properties of a recently deleted [application](../resources/application.md), [group](../resources/group.md), [servicePrincipal](../resources/serviceprincipal.md), or [user](../resources/user.md) object from [deleted items](../resources/directory.md).

+ Title: "List deleted items (directory objects) owned by a user"

+description: "Retrieves a list of recently deleted application or group objects that are owned by the specified user."

+ms.localizationpriority: medium

+# List deleted items (directory objects) owned by a user

+Namespace: microsoft.graph

+Retrieve a list of recently deleted [application](../resources/application.md) and [group](../resources/group.md) objects owned by the specified user.

+This API returns up to 1,000 deleted objects owned by the user, sorted by ID, and doesn't support pagination.

+## Permissions

+One of the following permissions is required to call this API. To learn

+more, including how to choose permissions, see

+[Permissions](/graph/permissions-reference).

+| Permission type | Permissions (from least to most privileged) |

+| | |

+| Delegated (work or school account) | Group.Read.All, Group.ReadWrite.All |

+| Delegated (personal Microsoft account) | Not supported. |

+| Application | Group.Read.All, Group.ReadWrite.All |

+## HTTP request

+``` http

+POST /directory/deletedItems/getUserOwnedObjects

+```

+## Request headers

+| Name | Description |

+| - | - |

+| Authorization | Bearer {token}. Required. |

+## Request body

+The request body requires the following parameters:

+| Parameter | Type |Description|

+|:|:--|:-|

+|userId|String|ID of the owner.|

+|type|String|Type of owned objects to return; `Group` and `Application` are currently the only supported values.|

+## Response

+Successful requests return `200 OK` response codes; the response object includes [directory (deleted items)](../resources/directory.md) properties.

+## Example

+##### Request

+Here is an example of the request.

+``` http

+POST https://graph.microsoft.com/beta/directory/deletedItems/getUserOwnedObjects

+Content-type: application/json

+{

+ "userId":"55ac777c-109e-4022-b58c-470c8fcb6892",

+ "type":"Group"

+}

+```

+###### Response

+Here is an example of the response. Note: This response object may be truncated for brevity. All supported properties are returned

+from actual calls.

+``` http

+HTTP/1.1 200

+Content-type: application/json

+{

+"value": [

+ {

+ "@odata.type": "#microsoft.graph.group",

+ "id": "bfa7033a-7367-4644-85f5-95aaf385cbd7",

+ "deletedDateTime": "2018-04-01T12:39:16Z",

+ "classification": null,

+ "createdDateTime": "2017-03-22T12:39:16Z",

+ "description": null,

+ "displayName": "Test",

+ "groupTypes": [

+ "Unified"

+ ],

+ "mail": "Test@contoso.com",

+ "mailEnabled": true,

+ "mailNickname": "Test",

+ "membershipRule": null,

+ "membershipRuleProcessingState": null,

+ "preferredDataLocation": null,

+ "preferredLanguage": null,

+ "proxyAddresses": [

+ "SMTP:Test@contoso.com"

+ ],

+ "renewedDateTime": "2017-09-22T22:30:39Z",

+ "securityEnabled": false,

+ "theme": null,

+ "visibility": "Public"

+ }

+ ]

+ }

+```

+ Title: "Restore deleted item (directory object)"

+description: "Restore a recently deleted application, group, service principal, or user from deleted items."

+# Restore deleted item (directory object)

+Restore a recently deleted [application](../resources/application.md), [group](../resources/group.md), [servicePrincipal](../resources/serviceprincipal.md), or [user](../resources/user.md) object from [deleted items](../resources/directory.md). If an item was accidentally deleted, you can fully restore the item. This is not applicable to security groups, which are deleted permanently.

+PATCH /users/{id | userPrincipalName}/authentication/emailMethods/{id}

+PATCH https://graph.microsoft.com/beta/users/kim@contoso.com/authentication/emailMethods/3ddfcfc8-9383-446f-83cc-3ab9be4be18f

+# [HTTP](#tab/http)

+# [C#](#tab/csharp)

+# [JavaScript](#tab/javascript)

+# [Java](#tab/java)

+# [Go](#tab/go)

+# [PHP](#tab/php)

+# [HTTP](#tab/http)

+```msgraph-interactive

+# [C#](#tab/csharp)

+# [JavaScript](#tab/javascript)

+# [Java](#tab/java)

+# [Go](#tab/go)

+# [PowerShell](#tab/powershell)

+# [PHP](#tab/php)

+# [HTTP](#tab/http)

+# [C#](#tab/csharp)

+# [JavaScript](#tab/javascript)

+# [Java](#tab/java)

+# [Go](#tab/go)

+# [PHP](#tab/php)

+# [HTTP](#tab/http)

+# [C#](#tab/csharp)

+# [JavaScript](#tab/javascript)

+# [Java](#tab/java)

+# [Go](#tab/go)

+# [PHP](#tab/php)

+# [Go](#tab/go)

+# [PHP](#tab/php)

+# [Java](#tab/java)

+# [Java](#tab/java)

+# [Java](#tab/java)

+# [Java](#tab/java)

+# [Java](#tab/java)

+# [PowerShell](#tab/powershell)

+PATCH /me/authentication/phoneMethods/{id}

+PATCH /users/{id | userPrincipalName}/authentication/phoneMethods/{id}

+PATCH https://graph.microsoft.com/beta/me/authentication/phoneMethods/3179e48a-750b-4051-897c-87b9720928f7

+* A [room](../resources/room.md), which includes rich properties such as an email address for the room, and accessibility, capacity, and device support.

+* A [workspace](../resources/workspace.md), which includes properties such as an email address for the workspace, and accessibility and capacity.

+* A [room list](../resources/roomlist.md), which includes an email address for the room list, and a navigation property to get the collection of **room** instances in that room list.

+The **room**, **workspace**, and **roomList** resources are derived from the **place** object.

+Use `$select` to get specific **place** properties.

+For more information about OData query options, see [OData query parameters](/graph/query-parameters).

+ "sampleKeys": ["3162F1E1-C4C0-604B-51D8-91DA78989EB1"],

+ "name": "get_room"

+ "displayDeviceName": "surface hub"

+### Example 2: Get a workspace

+#### Request

+The following example specifies the **id** of a **workspace** to get its properties.

+<!-- {

+ "blockType": "request",

+ "sampleKeys": ["3162F1E1-C4C0-604B-51D8-91DA78989EB1"],

+ "name": "get_workspace"

+}-->

+```http

+GET https://graph.microsoft.com/beta/places/3162F1E1-C4C0-604B-51D8-91DA78989EB1

+```

+#### Response

+The following is an example of the response.

+>**Note**: The response object shown here might be shortened for readability.

+<!-- {

+ "blockType": "response",

+ "name": "get_workspace",

+ "truncated": true,

+ "@odata.type": "microsoft.graph.workspace"

+} -->

+```http

+HTTP/1.1 200 OK

+Content-type: application/json

+{

+ "@odata.context": "https://graph.microsoft.com/beta/$metadata#places/$entity",

+ "@odata.type": "#microsoft.graph.workspace",

+ "id": "3162F1E1-C4C0-604B-51D8-91DA78989EB1",

+ "emailAddress": "ws100@contoso.com",

+ "displayName": "Workspace 100",

+ "address": {

+ "street": "4567 Main Street",

+ "city": "Buffalo",

+ "state": "NY",

+ "postalCode": "98052",

+ "countryOrRegion": "USA"

+ },

+ "geoCoordinates": {

+ "latitude": 47.640568390488626,

+ "longitude": -122.1293731033803

+ },

+ "phone": "000-000-0000",

+ "nickname": "Workspace",

+ "label": "100",

+ "capacity": 50,

+ "building": "1",

+ "floorNumber": 1,

+ "isWheelChairAccessible": false,

+ "tags": [

+ "bean bags"

+ ]

+}

+```

+### Example 3: Get a room list

+ "sampleKeys": ["bldg1@contoso.com"],

+ "name": "get_roomlist"

+ "geoCoordinates": null,

+Get a collection of the specified type of [place](../resources/place.md) objects defined in the tenant.

+You can do the following for a given tenant:

+- [List all the rooms](#example-1-list-all-the-rooms-defined-in-the-tenant).

+- [List all the workspaces](#example-2-list-all-the-workspaces-defined-in-the-tenant).

+- [List all the room lists](#example-3-list-all-the-room-lists-defined-in-the-tenant).

+- [List rooms in a specific room list](#example-4-list-rooms-contained-in-a-room-list).

+- [List workspaces in a specific room list](#example-5-list-workspaces-contained-in-a-room-list).

+* A [room](../resources/room.md), which includes rich properties such as an email address for the room, and accessibility, capacity, and device support.

+* A [workspace](../resources/workspace.md), which includes properties such as an email address for the workspace, and accessibility and capacity.

+* A [roomList](../resources/roomlist.md), which includes an email address for the room list, and a navigation property to get the collection of room instances in the room list.

+The **room**, **workspace** and **roomList** resources are derived from the **place** object.

+By default, this operation returns up to 100 places per page.

+Compared with the [findRooms](../api/user-findrooms.md) and [findRoomLists](../api/user-findroomlists.md) functions, this operation returns a richer payload for rooms and room lists. For details about how they compare, see [Using the places API](../resources/place.md#using-the-places-api).

+To get all the workspaces in a tenant:

+```http

+GET /places/microsoft.graph.workspace

+```

+To get all the workspaces in the specified room list:

+```http

+GET /places/{room-list-emailaddress}/microsoft.graph.roomlist/workspaces

+```

+>**Note**: To get rooms or workspaces in a room list, you must specify the room list by its **emailAddress** property, not by its **id**.

+- `$filter`

+- `$select`

+- `$top`

+- `$skip`

+- `$count=true`

+Use `$top` to customize the page size. The default page size is 100.

+ "displayDeviceName": "surface hub"

+ "displayDeviceName": "surface hub"

+### Example 2: List all the workspaces defined in the tenant

+#### Request

+The following example shows how to get all the [workspaces](../resources/workspace.md) objects in the tenant.

+<!-- {

+ "blockType": "request",

+ "name": "get_all_workspaces"

+}-->

+```http

+GET https://graph.microsoft.com/beta/places/microsoft.graph.workspace

+```

+#### Response

+The following is an example of the response.

+>**Note**: The response object shown here might be shortened for readability.

+<!-- {

+ "blockType": "response",

+ "name": "get_all_workspaces",

+ "truncated": true,

+ "@odata.type": "microsoft.graph.workspace",

+ "isCollection": true

+} -->

+```http

+HTTP/1.1 200 OK

+Content-type: application/json

+{

+ "@odata.context": "https://graph.microsoft.com/beta/$metadata#places/microsoft.graph.workspace",

+ "value": [

+ {

+ "id": "3162F1E1-C4C0-604B-51D8-91DA78989EB1",

+ "emailAddress": "ws100@contoso.com",

+ "displayName": "Workspace 100",

+ "address": {

+ "street": "4567 Main Street",

+ "city": "Buffalo",

+ "state": "NY",

+ "postalCode": "98052",

+ "countryOrRegion": "USA"

+ },

+ "geoCoordinates": {

+ "latitude": 47.640568390488626,

+ "longitude": -122.1293731033803

+ },

+ "phone": "000-000-0000",

+ "nickname": "Workspace",

+ "label": "100",

+ "capacity": 50,

+ "building": "1",

+ "floorNumber": 1,

+ "isWheelChairAccessible": false,

+ "tags": [

+ "bean bags"

+ ]

+ },

+ {

+ "id": "3162F1E1-C4C0-604B-51D8-91DA78970B97",

+ "emailAddress": "ws200@contoso.com",

+ "displayName": "Workspace 200",

+ "address": {

+ "street": "4567 Main Street",

+ "city": "Buffalo",

+ "state": "NY",

+ "postalCode": "98052",

+ "countryOrRegion": "USA"

+ },

+ "geoCoordinates": {

+ "latitude": 47.640568390488625,

+ "longitude": -122.1293731033802

+ },

+ "phone": "000-000-0000",

+ "nickname": "Workspace",

+ "label": "200",

+ "capacity": 40,

+ "building": "2",

+ "floorNumber": 2,

+ "isWheelChairAccessible": false,

+ "tags": [

+ "benches",

+ "nice view"

+ ]

+ }

+ ]

+}

+```

+### Example 3: List all the room lists defined in the tenant

+ "geoCoordinates": null,

+ "geoCoordinates": null,

+### Example 4: List rooms contained in a room list

+ "displayDeviceName": "surface hub"

+### Example 5: List workspaces contained in a room list

+#### Request

+The following example shows how to get a list of [workspace](../resources/workspace.md) objects contained in a **roomList**.

+<!-- {

+ "blockType": "request",

+ "name": "get_workspaces_in_roomlist"

+}-->

+```http

+GET https://graph.microsoft.com/beta/places/bldg2@contoso.com/microsoft.graph.roomlist/workspaces

+```

+#### Response

+The following is an example of the response.

+>**Note**: The response object shown here might be shortened for readability.

+<!-- {

+ "blockType": "response",

+ "name": "get_workspaces_in_roomlist",

+ "truncated": true,

+ "@odata.type": "microsoft.graph.workspace",

+ "isCollection": true

+} -->

+```http

+HTTP/1.1 200 OK

+Content-type: application/json

+{

+ "@odata.context": "https://graph.microsoft.com/beta/$metadata#places('bldg2%40contoso.com')/microsoft.graph.roomList/workspaces",

+ "value": [

+ {

+ "id": "3162F1E1-C4C0-604B-51D8-91DA78970B97",

+ "emailAddress": "ws200@contoso.com",

+ "displayName": "Workspace 200",

+ "address": {

+ "street": "4567 Main Street",

+ "city": "Buffalo",

+ "state": "NY",

+ "postalCode": "98052",

+ "countryOrRegion": "USA"

+ },

+ "geoCoordinates": {

+ "latitude": 47.640568390488625,

+ "longitude": -122.1293731033802

+ },

+ "phone": "000-000-0000",

+ "nickname": "Workspace",

+ "label": "200",

+ "capacity": 40,

+ "building": "2",

+ "floorNumber": 2,

+ "isWheelChairAccessible": false,

+ "tags": [

+ "benches",

+ "nice view"

+ ]

+ }

+ ]

+}

+```

+Update the properties of [place](../resources/place.md) object, which can be a [room](../resources/room.md), [workspace](../resources/workspace.md), or [roomList](../resources/roomlist.md). You can identify the **room**, **workspace**, or **roomList** by specifying the **id** or **emailAddress** property.

+In the request body, supply the values for relevant fields that should be updated. Only one instance of a place resource (**room**, **workspace**, or **roomList**) can be updated at a time. In the request body, use `@odata.type` to specify the type of place, and include the properties of that type to update. Existing properties that are not included in the request body will maintain their previous values or be recalculated based on changes to other property values. For best performance, don't include existing values that haven't changed.

+>**Note**: You cannot use this API to update the **id**, **emailAddress**, **displayName**, or **bookingType** of a [place](../resources/place.md) object.

+| address | [physicalAddress](../resources/physicaladdress.md) | The street address of the room, workspace, or roomlist. |

+| building | String | Specifies the building name or building number that the room or workspace is in. |

+| capacity | Int32 | Specifies the capacity of the room or workspace. |

+| floorLabel | String | Specifies the floor letter that the room or workspace is on. |

+| floorNumber | Int32 | Specifies the floor number that the room or workspace is on. |

+| geoCoordinates | [outlookGeoCoordinates](../resources/outlookgeocoordinates.md) | Specifies the room, workspace, or roomlist location in latitude, longitude and optionally, altitude coordinates. |

+| isWheelChairAccessible | Boolean | Specifies whether the room or workspace is wheelchair accessible. |

+| label | String | Specifies a descriptive label for the room or workspace, for example, a number or name. |

+| nickname | String | Specifies a nickname for the room or workspace, for example, "conf room". |

+| phone | String | The phone number of the room, workspace, or roomlist. |

+| tags | String collection | Specifies additional features of the room or workspace, for example, details like the type of view or furniture type. |

+ "sampleKeys": ["cf100@contoso.com"],

+ "name": "update_room"

+>**Note**: The response object shown here might be shortened for readability.

+ "displayDeviceName": "surface hub"

+### Example 2: Update a workspace

+<!-- {

+ "blockType": "request",

+ "sampleKeys": ["ws100@contoso.com"],

+ "name": "update_workspace"

+}-->

+```http

+PATCH https://graph.microsoft.com/beta/places/ws100@contoso.com

+Content-type: application/json

+{

+ "@odata.type": "microsoft.graph.workspace",

+ "nickname": "Conf Room",

+ "building": "1",

+ "label": "100",

+ "capacity": 50,

+ "isWheelChairAccessible": false

+}

+```

+### Response

+The following is an example of the response.

+>**Note**: The response object shown here might be shortened for readability.

+<!-- {

+ "blockType": "response",

+ "truncated": true,

+ "@odata.type": "microsoft.graph.workspace"

+} -->

+```http

+HTTP/1.1 200 OK

+Content-type: application/json

+{

+ "@odata.context": "https://graph.microsoft.com/beta/$metadata#places/$entity",

+ "@odata.type": "#microsoft.graph.workspace",

+ "id": "3162F1E1-C4C0-604B-51D8-91DA78989EB1",

+ "emailAddress": "ws100@contoso.com",

+ "displayName": "Workspace 100",

+ "address": {

+ "street": "4567 Main Street",

+ "city": "Buffalo",

+ "state": "NY",

+ "postalCode": "98052",

+ "countryOrRegion": "USA"

+ },

+ "geoCoordinates": {

+ "latitude": 47.0,

+ "longitude": -122.0

+ },

+ "phone": "555-555-0100",

+ "nickname": "Workspace",

+ "label": "100",

+ "capacity": 50,

+ "building": "1",

+ "floorLabel": "1P",

+ "floorNumber": 1,

+ "isWheelChairAccessible": false,

+ "tags": [

+ "bean bags"

+ ]

+}

+```

+### Example 3: Update a roomlist

+### Request

+The following is an example of the request.

+ "sampleKeys": ["Building1RroomList@contoso.onmicrosoft.com"],

+ "name": "update_roomlist"

+>**Note**: The response object shown here might be shortened for readability.

+# [PowerShell](#tab/powershell)

+# [PowerShell](#tab/powershell)

+# [PowerShell](#tab/powershell)

+# [HTTP](#tab/http)

+```msgraph-interactive

+# [C#](#tab/csharp)

+# [JavaScript](#tab/javascript)

+# [Java](#tab/java)

+# [Go](#tab/go)

+# [PHP](#tab/php)

+# [HTTP](#tab/http)

+# [C#](#tab/csharp)

+# [JavaScript](#tab/javascript)

+# [Java](#tab/java)

+# [HTTP](#tab/http)

+# [C#](#tab/csharp)

+# [JavaScript](#tab/javascript)

+# [Java](#tab/java)

+# [Go](#tab/go)

+# [PHP](#tab/php)

+# [HTTP](#tab/http)

+```msgraph-interactive

+# [C#](#tab/csharp)

+# [JavaScript](#tab/javascript)

+# [Java](#tab/java)

+# [Go](#tab/go)

+# [PHP](#tab/php)

+# [HTTP](#tab/http)

+```msgraph-interactive

+# [C#](#tab/csharp)

+# [JavaScript](#tab/javascript)

+# [Java](#tab/java)

+# [Go](#tab/go)

+# [PHP](#tab/php)

+# [PowerShell](#tab/powershell)

+# [PowerShell](#tab/powershell)

+# [PowerShell](#tab/powershell)

+# [HTTP](#tab/http)

+# [C#](#tab/csharp)

+# [JavaScript](#tab/javascript)

+# [Java](#tab/java)

+# [HTTP](#tab/http)

+# [C#](#tab/csharp)

+# [JavaScript](#tab/javascript)

+# [Java](#tab/java)

+# [HTTP](#tab/http)

+# [JavaScript](#tab/javascript)

+# [HTTP](#tab/http)

+# [JavaScript](#tab/javascript)

+| [List deleted applications owned by user](../api/directory-deleteditems-getuserownedobjects.md) | [directoryObject](directoryobject.md) collection | Retrieve the applications deleted in the tenant in the last 30 days and that are owned by a user. |

+* You can retrieve details of a user's Windows Hello for Business registration, and delete it if the user has lost the device.

+|Require re-register MFA | A control that requires that when user signs in next time and MFA is required, they're requested to set up a new MFA authentication method.|**NOTE:** This feature is replaced by the individual authentication method APIs listed above. These can be used to delete a user's existing registered authentication methods; once the user has no more methods, they'll be prompted to register the next time they sign in where strong authentication is required (the user can also register at any time using [MySecurityInfo](https://aka.ms/mysecurityinfo)). This can be done using the Azure AD admin UX, the Microsoft Graph APIs, and the Microsoft Graph Powershell SDK. <br/> The legacy version of this feature is currently supported only through the MSOL`Set-MsolUser` cmdlet, using the **StrongAuthenticationMethods** property. |

+|[List deleted items owned by a user](../api/directory-deleteditems-getuserownedobjects.md) | [directoryObject](directoryobject.md) collection | Lists directory items owned by a user. |

+|[List emailMethods](../api/authentication-list-emailmethods.md)|[emailAuthenticationMethod](../resources/emailauthenticationmethod.md) collection|Retrieve a list of a user's emailAuthenticationMethods. Users may only have one email authentication method.|

+|[Create emailMethod](../api/authentication-post-emailmethods.md)|[emailAuthenticationMethod](../resources/emailauthenticationmethod.md)|Create a user's emailMethod object.|

+|[Get emailAuthenticationMethod](../api/emailauthenticationmethod-get.md)|[emailAuthenticationMethod](../resources/emailauthenticationmethod.md)|Retrieve the properties of the user's emailAuthenticationMethod object.|

+|[Update emailAuthenticationMethod](../api/emailauthenticationmethod-update.md)|[emailAuthenticationMethod](../resources/emailauthenticationmethod.md)|Update the properties of a user's emailMethods object.|

+|[Delete emailAuthenticationMethod](../api/emailauthenticationmethod-delete.md)|None|Delete a user's emailAuthenticationMethod object.|

+| [List deleted groups owned by user](../api/directory-deleteditems-getuserownedobjects.md) | [directoryObject](directoryobject.md) collection | Retrieve the groups deleted in the tenant in the last 30 days and that are owned by a user. |

+| [List phoneMethods](../api/authentication-list-phonemethods.md) | [phoneAuthenticationMethod](phoneauthenticationmethod.md) | Read properties and relationships of all of this user's phoneAuthenticationMethod objects. |

+| [Get phoneAuthenticationMethod](../api/phoneauthenticationmethod-get.md) | [phoneAuthenticationMethod](phoneauthenticationmethod.md) | Read properties and relationships of phoneAuthenticationMethod object. |

+|[Create phoneMethod](../api/authentication-post-phonemethods.md)|[phoneAuthenticationMethod](phoneauthenticationmethod.md)|Create a user's phoneAuthenticationMethod object.|

+| [Update phoneAuthenticationMethod](../api/phoneauthenticationmethod-update.md) | [phoneAuthenticationMethod](phoneauthenticationmethod.md) | Update phoneAuthenticationMethod object. |

+| [Delete phoneAuthenticationMethod](../api/phoneauthenticationmethod-delete.md) | None | Delete phoneAuthenticationMethod object. |

+### authenticationPhoneType values

+Phones can be of three types, the following are the possible values.

+|Value|Description|

+|--|--|

+|mobile|A primary mobile phone, usable for SMS and voice calls.|

+|alternateMobile|An alternate or backup mobile phone, usable for SMS and voice calls.|

+|office|An office phone or landline, usable only for voice calls.|

+### authenticationMethodSignInState values

+Represents basic location attributes such as name, physical address, and geographic coordinates. This is the base type for richer location types such as [room](room.md), [workspace](workspace.md), and [roomList](roomlist.md).

+Exchange Online administrators can organize meeting rooms and workspaces in a tenant into room lists. Using the places API, you can use the [list](../api/place-list.md) operation to get all the rooms, workspaces, or room lists in the tenant, or get the rooms and workspaces in a specific room list.

+Places like [room](room.md), [workspace](workspace.md), and [roomList](roomlist.md) contain the basic **id**, display name, and email address. In addition, they contain navigational information like physical address and geographical coordinates, and in the case of rooms, other relevant information such as AV capabilities, floor number, and capacity.

+The [findRooms](../api/user-findrooms.md) and [findRoomLists](../api/user-findroomlists.md) functions support similar lookup for rooms and room lists in a tenant. The following is a comparison between the places API and these functions. If you are creating a production app, choose the places API as the API is now generally available in v1.0. Plan to update any existing code that uses **findRooms** or **findRoomLists** to use the places API, because **findRooms** or **findRoomLists** will be deprecated at the end of 2022.

+Represents a group of [room](room.md) or [workspace](workspace.md) resources defined in the tenant. A **roomList** can contain a mix of **room** and **workspace** resources.

+In Exchange Online, each **roomList** is associated with a mailbox.

+| [List places](../api/place-list.md) | A collection of the requested, derived type of [place](place.md) | Get a collection of the specified type of **place** object defined in the tenant. For example, you can get all the rooms, all the workspaces, all the room lists, the workspaces in a specific room list, or the rooms in a specific room list in the tenant.|

+| [Update place](../api/place-update.md) | The requested, derived type of [place](place.md) | Update the properties and relationships of a specified **place** object. |

+| workspaces | [place](place.md) collection | Read-only. Nullable. |

+ "@odata.type": "microsoft.graph.roomList",

+ "baseType": "microsoft.graph.place",

+ "openType": false

+}

+-->

+``` json

+ "@odata.type": "#microsoft.graph.roomList",

+ "displayName": "String",

+ "geoCoordinates": {

+ "@odata.type": "microsoft.graph.outlookGeoCoordinates"

+ },

+ "phone": "String",

+ "address": {

+ "@odata.type": "microsoft.graph.physicalAddress"

+ },

+ "emailAddress": "String"

+Represents a report of an item to Microsoft Defender for Office 365 for analysis, to confirm whether the item is malicious or safe. Items can include an email, email file attachment, or URL. Users can submit a report at the Microsoft 365 Defender portal (https://security.microsoft.com).

+This resource can represent a threat - a false negative case of an email which can be malware, phish, or spam, or a malicious file attachment to an email, or a malicious URL. Or it can represent a false positive case where an email, attachment, or URL is legitimate but blocked by Microsoft Defender for Office 365, for example, an email that's not junk, or an email file attachment or URL that is safe. False negative and false positive cases could have been respectively allowed or blocked by tenant policies overriding Microsoft Defender for Office 365.

+This resource is an abstract type. It is the base type for [emailThreatSubmission](../resources/security-emailthreatsubmission.md), [fileThreatSubmissin](../resources/security-filethreatsubmission.md), and [urlThreatSubmission](../resources/security-urlthreatsubmission.md).

+ Title: "workspace resource type"

+description: "Specifies the properties of a workspace in a tenant."

+ms.localizationpriority: medium

+# workspace resource type

+Namespace: microsoft.graph

+Represents a workspace in a tenant.

+In Exchange Online, each workspace is associated with a workspace mailbox. Derived from [place](place.md).

+## Methods

+| Method | Return Type | Description |

+|:|:--|:--|

+| [List places](../api/place-list.md) | A collection of the requested, derived type of [place](place.md) | Get a collection of the specified type of **place** object defined in the tenant. For example, you can get all the rooms all the workspaces, all the room lists, the workspaces in a specific room list, or the rooms in a specific room list in the tenant. |

+| [Get place](../api/place-get.md) | The requested, derived type of [place](place.md) | Get the properties and relationships of the specified **place** object, such as a room. |

+| [Update place](../api/place-update.md) | The requested, derived type of [place](place.md) | Update the properties and relationships of a specified **place** object. |

+## Properties

+| Property | Type | Description |

+|:--|:--|:--|

+| address | [physicalAddress](physicaladdress.md) | The street address of the workspace. |

+| building | String | Specifies the building name or building number that the workspace is in. |

+| capacity | Int32 | Specifies the capacity of the workspace. |

+| displayName | String | The name associated with the workspace. |

+| emailAddress | String | Email address of the workspace. |

+| floorLabel | String | Specifies a descriptive label for the floor, for example, P. |

+| floorNumber | Int32 | Specifies the floor number that the workspace is on. |

+| geoCoordinates | [outlookGeoCoordinates](outlookgeocoordinates.md) | Specifies the workspace location in latitude, longitude and optionally, altitude coordinates. |

+| id | String | Unique identifier for the workspace. Read-only. |

+| isWheelChairAccessible | Boolean | Specifies whether the workspace is wheelchair accessible. |

+| label | String | Specifies a descriptive label for the workspace, for example, a number or name. |

+| nickname | String | Specifies a nickname for the workspace, for example, "quiet workspace". |

+| phone | String | The phone number of the workspace. |

+| tags | String collection | Specifies additional features of the workspace, for example, details like the type of view or furniture type. |

+### bookingType values

+| Value | Description |

+|:|:-|

+| standard | The workspace can be reserved based on the other settings in this cmdlet. This is the default value. |

+| reserved | The workspace is available only on a first come, first served basis. It cannot be reserved.|

+## Relationships

+None.

+## JSON representation

+The following is a JSON representation of the resource.

+<!-- {

+ "blockType": "resource",

+ "keyProperty": "id",

+ "@odata.type": "microsoft.graph.workspace",

+ "baseType": "microsoft.graph.place",

+ "openType": false

+}

+-->

+``` json

+{

+ "@odata.type": "#microsoft.graph.workspace",

+ "id": "String (identifier)",

+ "displayName": "String",

+ "geoCoordinates": {

+ "@odata.type": "microsoft.graph.outlookGeoCoordinates"

+ },

+ "phone": "String",

+ "address": {

+ "@odata.type": "microsoft.graph.physicalAddress"

+ },

+ "emailAddress": "String",

+ "nickname": "String",

+ "building": "String",

+ "floorNumber": "Integer",

+ "label": "String",

+ "capacity": "Integer",

+ "isWheelChairAccessible": "Boolean",

+ "tags": [

+ "String"

+ ],

+ "floorLabel": "String"

+}

+```

+ Title: "List emailMethods"

+description: "Get a list of the emailAuthenticationMethod objects for a user."

+ms.localizationpriority: medium

+# List emailMethods

+Namespace: microsoft.graph

+Retrieve a list of a user's [emailAuthenticationMethod](../resources/emailauthenticationmethod.md) objects and their properties. This API will return only a single object in the collection as only one email method can be set for a user.

+## Permissions

+One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Permissions](/graph/permissions-reference).

+### Permissions acting on self

+|Permission type | Permissions (from least to most privileged) |

+|:|:-|

+| Delegated (work or school account) | UserAuthenticationMethod.Read, UserAuthenticationMethod.ReadWrite |

+| Delegated (personal Microsoft account) | Not supported. |

+| Application | Not supported. |

+### Permissions acting on other users

+|Permission type | Permissions (from least to most privileged) |

+|:|:-|:--|

+| Delegated (work or school account) | UserAuthenticationMethod.Read.All, UserAuthenticationMethod.ReadWrite.All |

+| Delegated (personal Microsoft account) | Not supported. |

+| Application | UserAuthenticationMethod.Read.All, UserAuthenticationMethod.ReadWrite.All |

+For delegated scenarios where an admin is acting on another user, the admin needs one of the following [roles](/azure/active-directory/users-groups-roles/directory-assign-admin-roles#available-roles):

+* Global administrator

+* Global reader

+* Privileged authentication administrator

+* Authentication administrator

+## HTTP request

+<!-- {

+ "blockType": "ignored"

+}

+-->

+``` http

+GET /me/authentication/emailMethods

+GET /users/{id | userPrincipalName}/authentication/emailMethods

+```

+## Optional query parameters

+This method does not support optional query parameters to customize the response.

+## Request headers

+|Name|Description|

+|:|:|

+|Authorization|Bearer {token}|

+## Request body

+Do not supply a request body for this method.

+## Response

+If successful, this method returns a `200 OK` response code and a collection of [emailAuthenticationMethod](../resources/emailauthenticationmethod.md) objects in the response body. Only one **emailAuthenticationMethod** object is returned in the collection as only one email method can be set for a user.

+## Examples

+### Request

+<!-- {

+ "blockType": "request",

+ "name": "get_emailauthenticationmethod_2"

+}

+-->

+``` http

+GET https://graph.microsoft.com/v1.0/me/authentication/emailMethods

+```

+### Response

+The following is an example of the response.

+>**Note:** The response object shown here might be shortened for readability.

+<!-- {

+ "blockType": "response",

+ "truncated": true,

+ "@odata.type": "Collection(microsoft.graph.emailAuthenticationMethod)"

+}

+-->

+``` http

+HTTP/1.1 200 OK

+Content-type: application/json

+{

+ "value": [

+ {

+ "id": "3ddfcfc8-9383-446f-83cc-3ab9be4be18f",

+ "emailAddress": "Kim@contoso.com"

+ }

+ ]

+}

+```

+ Title: "List phoneMethods"

+description: "Retrieve a list of phone authentication method objects for a user."

+ms.localizationpriority: medium

+# List phoneMethods

+Namespace: microsoft.graph

+Retrieve a list of [phone authentication method](../resources/phoneauthenticationmethod.md) objects for a user. This will return up to three objects, as a user can have up to three phones usable for authentication. This method is available only for standard Azure AD and B2B users, but not B2C users.

+## Permissions

+One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Permissions](/graph/permissions-reference).

+### Permissions acting on self

+|Permission type | Permissions (from least to most privileged) |

+|:|:-|

+| Delegated (work or school account) | UserAuthenticationMethod.Read, UserAuthenticationMethod.ReadWrite |

+| Delegated (personal Microsoft account) | Not supported. |

+| Application | Not supported. |

+### Permissions acting on other users

+|Permission type | Permissions (from least to most privileged) |

+|:|:-|:--|

+| Delegated (work or school account) | UserAuthenticationMethod.Read.All, UserAuthenticationMethod.ReadWrite.All |

+| Delegated (personal Microsoft account) | Not supported. |

+| Application | UserAuthenticationMethod.Read.All, UserAuthenticationMethod.ReadWrite.All |

+For delegated scenarios where an admin is acting on another user, the admin needs one of the following [Azure AD roles](/azure/active-directory/users-groups-roles/directory-assign-admin-roles#available-roles):

+* Global administrator

+* Global reader

+* Privileged authentication administrator

+* Authentication administrator (only sees masked phone numbers)

+## HTTP request

+<!-- { "blockType": "ignored" } -->

+```http

+GET /me/authentication/phoneMethods

+GET /users/{id | userPrincipalName}/authentication/phoneMethods

+```

+## Optional query parameters

+This method does not support optional query parameters to customize the response.

+## Request headers

+| Name |Description|

+|:-|:-|

+| Authorization | Bearer {token} |

+## Request body

+Do not supply a request body for this method.

+## Response

+If successful, this method returns a `200 OK` response code and a collection of [phoneAuthenticationMethod](../resources/phoneauthenticationmethod.md) objects in the response body.

+## Examples

+### Request

+The following is an example of the request.

+<!-- {

+ "blockType": "request",

+ "name": "get_phonemethods"

+}-->

+```msgraph-interactive

+GET https://graph.microsoft.com/v1.0/me/authentication/phoneMethods

+```

+### Response

+The following is an example of the response.

+> **Note:** The response object shown here might be shortened for readability.

+<!-- {

+ "blockType": "response",

+ "truncated": true,

+ "@odata.type": "microsoft.graph.phoneAuthenticationMethod",

+ "isCollection": true

+} -->

+```http

+HTTP/1.1 200 OK

+Content-type: application/json

+{

+ "value": [

+ {

+ "phoneNumber": "+1 2065555555",

+ "phoneType": "mobile",

+ "smsSignInState": "ready",

+ "id": "3179e48a-750b-4051-897c-87b9720928f7"

+ },

+ {

+ "phoneNumber": "+1 2065555556",

+ "phoneType": "alternateMobile",

+ "smsSignInState": "notSupported",

+ "id": "b6332ec1-7057-4abe-9331-3d72feddfe41"

+ },

+ {

+ "phoneNumber": "+1 2065555557",

+ "phoneType": "office",

+ "smsSignInState": "notSupported",

+ "id": "e37fc753-ff3b-4958-9484-eaa9425c82bc"

+ }

+ ]

+}

+```

+<!-- uuid: 16cd6b66-4b1a-43a1-adaf-3a886856ed98

+2019-02-04 14:57:30 UTC -->

+<!-- {

+ "type": "#page.annotation",

+ "description": "List phoneMethods",

+ "keywords": "",

+ "section": "documentation",

+ "tocPath": ""

+}-->

+ Title: "List softwareOathMethods"

+description: "Retrieve a list of a user's softwareOathAuthenticationMethods objects and their properties."

+ms.localizationpriority: medium

+# List softwareOathMethods

+Namespace: microsoft.graph

+Retrieve a list of a user's [software OATH token authentication method](../resources/softwareoathauthenticationmethod.md) objects and their properties.

+## Permissions

+One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Permissions](/graph/permissions-reference).

+### Permissions acting on self

+|Permission type | Permissions (from least to most privileged) |

+|:|:-|

+| Delegated (work or school account) | UserAuthenticationMethod.Read, UserAuthenticationMethod.ReadWrite |

+| Delegated (personal Microsoft account) | Not supported. |

+| Application | Not supported. |

+### Permissions acting on other users

+|Permission type | Permissions (from least to most privileged) |

+|:|:-|

+| Delegated (work or school account) | UserAuthenticationMethod.Read.All, UserAuthenticationMethod.ReadWrite.All |

+| Delegated (personal Microsoft account) | Not supported. |

+| Application | UserAuthenticationMethod.Read.All, UserAuthenticationMethod.ReadWrite.All |

+For delegated scenarios where an admin is acting on another user, the admin needs [one of the following directory roles](/azure/active-directory/users-groups-roles/directory-assign-admin-roles#available-roles):

+* Global Reader

+* Authentication administrator

+* Privileged authentication administrator

+* Global administrator

+## HTTP request

+<!-- {

+ "blockType": "ignored"

+}

+-->

+``` http

+GET /me/authentication/softwareOathMethods

+GET /users/{id | userPrincipalName}/authentication/softwareOathMethods

+```

+## Request headers

+|Name|Description|

+|:|:|

+|Authorization|Bearer {token}. Required.|

+## Request body

+Do not supply a request body for this method.

+## Response

+If successful, this method returns a `200 OK` response code and a collection of [softwareOathAuthenticationMethod](../resources/softwareoathauthenticationmethod.md) objects in the response body.

+## Examples

+### Request

+<!-- {

+ "blockType": "request",

+ "name": "list_softwareoathauthenticationmethod"

+}

+-->

+``` http

+GET https://graph.microsoft.com/v1.0/me/authentication/softwareOathMethods

+```

+### Response

+>**Note:** The response object shown here might be shortened for readability.

+<!-- {

+ "blockType": "response",

+ "truncated": true,

+ "@odata.type": "Collection(microsoft.graph.softwareOathAuthenticationMethod)"

+}

+-->

+``` http

+HTTP/1.1 200 OK

+Content-Type: application/json

+{

+ "value": [

+ {

+ "@odata.type": "#microsoft.graph.softwareOathAuthenticationMethod",

+ "id": "b172893e-893e-b172-3e89-72b13e8972b1",

+ "secretKey": null

+ }

+ ]

+}

+```

+ Title: "Create emailMethod"

+description: "Create a new emailAuthenticationMethod object for a user."

+ms.localizationpriority: medium

+# Create emailMethod

+Namespace: microsoft.graph

+Set a user's [emailAuthenticationMethod](../resources/emailauthenticationmethod.md) object. Email authentication is a self-service password reset method. A user may only have one email authentication method.

+## Permissions

+One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Permissions](/graph/permissions-reference).

+### Permissions acting on self

+|Permission type | Permissions (from least to most privileged) |

+|:|:-|

+| Delegated (work or school account) | UserAuthenticationMethod.ReadWrite |

+| Delegated (personal Microsoft account) | Not supported. |

+| Application | Not supported. |

+### Permissions acting on other users

+|Permission type | Permissions (from least to most privileged) |

+|:|:-|

+| Delegated (work or school account) | UserAuthenticationMethod.ReadWrite.All |

+| Delegated (personal Microsoft account) | Not supported. |

+| Application | UserAuthenticationMethod.ReadWrite.All |

+For delegated scenarios where an admin is acting on another user, the admin needs one of the following [roles](/azure/active-directory/users-groups-roles/directory-assign-admin-roles#available-roles):

+* Global administrator

+* Privileged authentication administrator

+* Authentication administrator

+## HTTP request

+<!-- {

+ "blockType": "ignored"

+}

+-->

+``` http

+POST /users/{id | userPrincipalName}/authentication/emailMethods

+```

+## Request headers

+|Name|Description|

+|:|:|

+|Authorization|Bearer {token}. Required.|

+|Content-Type|application/json. Required.|

+## Request body

+In the request body, supply a JSON representation of the [emailAuthenticationMethod](../resources/emailauthenticationmethod.md) object with the desired email address.

+The following table shows the properties that are required when you create the [emailAuthenticationMethod](../resources/emailauthenticationmethod.md).

+|Property|Type|Description|

+|:|:|:|

+|emailAddress|String|Email address.|

+## Response

+If successful, this method returns a `201 Created` response code and a new [emailAuthenticationMethod](../resources/emailauthenticationmethod.md) object in the response body.

+## Examples

+### Request

+<!-- {

+ "blockType": "request",

+ "name": "create_emailauthenticationmethod_from_"

+}

+-->

+``` http

+POST https://graph.microsoft.com/v1.0/users/kim@contoso.com/authentication/emailMethods

+Content-Type: application/json

+{

+ "emailAddress": "kim@contoso.com"

+}

+```

+### Response

+The following is an example of the response.

+>**Note:** The response object shown here might be shortened for readability.

+<!-- {

+ "blockType": "response",

+ "truncated": true,

+ "@odata.type": "microsoft.graph.emailAuthenticationMethod"

+}

+-->

+``` http

+HTTP/1.1 201 Created

+Content-type: application/json

+{

+ "id": "3ddfcfc8-9383-446f-83cc-3ab9be4be18f",

+ "emailAddress": "kim@contoso.com"

+}

+```

+ Title: "Create phoneMethod"

+description: "Add a new phone authentication method for a user."

+ms.localizationpriority: medium

+# Create phoneMethod

+Namespace: microsoft.graph

+Add a new [phone authentication method](../resources/phoneauthenticationmethod.md) for a user. A user may only have one phone of each type, captured in the **phoneType** property. This means, for example, adding a `mobile` phone to a user with a preexisting `mobile` phone will fail. Additionally, a user must always have a `mobile` phone before adding an `alternateMobile` phone.

+Adding a phone number makes it available for use in both Azure multi-factor authentication (MFA) and self-service password reset (SSPR), if enabled.

+Additionally, if a user is enabled by policy to use SMS sign-in and a `mobile` number is added, the system will attempt to register the number for use in that system.

+## Permissions

+One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Permissions](/graph/permissions-reference).

+### Permissions acting on self

+|Permission type | Permissions (from least to most privileged) |

+|:|:-|

+| Delegated (work or school account) | UserAuthenticationMethod.ReadWrite |

+| Delegated (personal Microsoft account) | Not supported. |

+| Application | Not supported. |

+### Permissions acting on other users

+|Permission type | Permissions (from least to most privileged) |

+|:|:-|

+| Delegated (work or school account) | UserAuthenticationMethod.ReadWrite.All |

+| Delegated (personal Microsoft account) | Not supported. |

+| Application | UserAuthenticationMethod.ReadWrite.All |

+For delegated scenarios where an admin is acting on another user, the admin needs one of the following [Azure AD roles](/azure/active-directory/users-groups-roles/directory-assign-admin-roles#available-roles):

+* Global administrator

+* Privileged authentication administrator

+* Authentication administrator

+## HTTP request

+<!-- { "blockType": "ignored" } -->

+```http

+POST /me/authentication/phoneMethods

+POST /users/{id | userPrincipalName}/authentication/phoneMethods

+```

+## Request headers

+| Name | Description |

+|:--|:--|

+| Authorization | Bearer {token}. Required. |

+| Content-Type | application/json. Required. |

+## Request body

+In the request body, supply a JSON representation of a [phoneAuthenticationMethod](../resources/phoneauthenticationmethod.md) object. The JSON must include `phoneNumber` and `phoneType`, but not `smsSignInState` (which is read-only).

+| Property | Type | Description |

+|:-|:|:|

+|phoneNumber|String|The phone number to text or call for authentication. Phone numbers use the format `+{country code} {number}x{extension}`, with extension optional. For example, `+1 5555551234` or `+1 5555551234x123` are valid. Numbers are rejected when creating or updating if they do not match the required format.|

+|phoneType|String|Possible values are: `mobile`, `alternateMobile`, and `office`.|

+## Response

+If successful, this method returns a `201 Created` response code and a new [phoneAuthenticationMethod](../resources/phoneauthenticationmethod.md) object in the response body.

+## Examples

+### Request

+The following is an example of the request.

+<!-- {

+ "blockType": "request",

+ "name": "create_phoneauthenticationmethod_from_authentication"

+}-->

+```http

+POST https://graph.microsoft.com/v1.0/me/authentication/phoneMethods

+Content-type: application/json

+{

+ "phoneNumber": "+1 2065555555",

+ "phoneType": "mobile"

+}

+```

+### Response

+The following is an example of the response.

+> **Note:** The response object shown here might be shortened for readability.

+<!-- {

+ "blockType": "response",

+ "truncated": true,

+ "@odata.type": "microsoft.graph.phoneAuthenticationMethod"

+} -->

+```http

+HTTP/1.1 201 Created

+Content-type: application/json

+{

+ "phoneNumber": "+1 2065555555",

+ "phoneType": "phoneType-value",

+ "smsSignInState": "ready",

+ "id": "3179e48a-750b-4051-897c-87b9720928f7"

+}

+```

+<!-- uuid: 16cd6b66-4b1a-43a1-adaf-3a886856ed98

+2019-02-04 14:57:30 UTC -->

+<!-- {

+ "type": "#page.annotation",

+ "description": "Create phoneAuthenticationMethod",

+ "keywords": "",

+ "section": "documentation",

+ "tocPath": ""

+}-->

+# [PowerShell](#tab/powershell)

+|Application | BookingsAppointment.ReadWrite.All, Bookings.Read.All |

+|Application | Not supported. |

+| Application | BookingsAppointment.ReadWrite.All, Bookings.Read.All |

+# [PowerShell](#tab/powershell)

+# [PowerShell](#tab/powershell)

+ Title: "Permanently delete an item (directory object)"

+description: "Permanently delete a recently deleted application, group, service principal, or user from deleted items."

+# Permanently delete an item (directory object)

+Permanently delete a recently deleted [application](../resources/application.md), [group](../resources/group.md), [servicePrincipal](../resources/serviceprincipal.md), or [user](../resources/user.md) object from [deleted items](../resources/directory.md). You can permanently delete an item from deleted items. But, once an item is permanently deleted, it **cannot** be restored.

+ Title: "Get deleted item (directory object)"

+description: "Retrieve the properties of a recently deleted application, group, service principal, or user from deleted items."

+# Get deleted item (directory object)

+Retrieve the properties of a recently deleted [application](../resources/application.md), [group](../resources/group.md), [servicePrincipal](../resources/serviceprincipal.md), or [user](../resources/user.md) object from [deleted items](../resources/directory.md).

+ Title: "List deleted items (directory objects) owned by a user"

+description: "Retrieves a list of recently deleted application or group objects that are owned by the specified user."

+ms.localizationpriority: medium

+# List deleted items (directory objects) owned by a user

+Namespace: microsoft.graph

+Retrieve a list of recently deleted [application](../resources/application.md) and [group](../resources/group.md) objects owned by the specified user.

+This API returns up to 1,000 deleted objects owned by the user, sorted by ID, and doesn't support pagination.

+## Permissions

+One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Permissions](/graph/permissions-reference).

+| Permission type | Permissions (from least to most privileged) |

+| | |

+| Delegated (work or school account) | Group.Read.All, Group.ReadWrite.All |

+| Delegated (personal Microsoft account) | Not supported. |

+| Application | Group.Read.All, Group.ReadWrite.All |

+## HTTP request

+``` http

+POST /directory/deletedItems/getUserOwnedObjects

+```

+## Request headers

+| Name | Description |

+| - | - |

+| Authorization | Bearer {token}. Required. |

+## Request body

+The request body requires the following parameters:

+| Parameter | Type |Description|

+|:|:--|:-|

+|userId|String|ID of the owner.|

+|type|String|Type of owned objects to return; `Group` and `Application` are currently the only supported values.|

+## Response

+Successful requests return `200 OK` response codes; the response object includes [directory (deleted items)](../resources/directory.md) properties.

+## Example

+##### Request

+Here is an example of the request.

+``` http

+POST https://graph.microsoft.com/v1.0/directory/deletedItems/getUserOwnedObjects

+Content-type: application/json

+```

+``` json

+{

+ "userId":"55ac777c-109e-4022-b58c-470c8fcb6892",

+ "type":"Group"

+}

+```

+###### Response

+Here is an example of the response. Note: This response object may be truncated for brevity. All supported properties are returned

+from actual calls.

+``` http

+HTTP/1.1 200

+Content-type: application/json

+{

+"value": [

+ {

+ "@odata.type": "#microsoft.graph.group",

+ "id": "bfa7033a-7367-4644-85f5-95aaf385cbd7",

+ "deletedDateTime": 2018-04-01T12:39:16Z,

+ "classification": null,

+ "createdDateTime": "2017-03-22T12:39:16Z",

+ "description": null,

+ "displayName": "Test",

+ "groupTypes": [

+ "Unified"

+ ],

+ "mail": "Test@contoso.com",

+ "mailEnabled": true,

+ "mailNickname": "Test",

+ "membershipRule": null,

+ "membershipRuleProcessingState": null,

+ "preferredDataLocation": null,

+ "preferredLanguage": null,

+ "proxyAddresses": [

+ "SMTP:Test@contoso.com"

+ ],

+ "renewedDateTime": "2017-09-22T22:30:39Z",

+ "securityEnabled": false,

+ "theme": null,

+ "visibility": "Public"

+ }

+ ]

+ }

+```

+ Title: "Restore deleted item (directory object)"

+description: "Restore a recently deleted application, group, service principal, or user from deleted items."

+# Restore deleted item (directory object)

+Restore a recently deleted [application](../resources/application.md), [group](../resources/group.md), [servicePrincipal](../resources/serviceprincipal.md), or [user](../resources/user.md) object from [deleted items](../resources/directory.md). If an item was accidentally deleted, you can fully restore the item. This is not applicable to security groups, which are deleted permanently.

+# [PowerShell](#tab/powershell)

+# [PowerShell](#tab/powershell)

+ Title: "Delete emailAuthenticationMethod"

+description: "Deletes a user's emailAuthenticationMethod object."

+ms.localizationpriority: medium

+# Delete emailAuthenticationMethod

+Namespace: microsoft.graph

+Deletes a user's [emailAuthenticationMethod](../resources/emailauthenticationmethod.md) object.

+## Permissions

+One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Permissions](/graph/permissions-reference).

+|Permission type | Permissions (from least to most privileged) |

+|:|:-|

+| Delegated (work or school account) | UserAuthenticationMethod.ReadWrite |

+| Delegated (personal Microsoft account) | Not supported. |

+| Application | Not supported. |

+### Permissions acting on other users

+|Permission type | Permissions (from least to most privileged) |

+|:|:-|

+| Delegated (work or school account) | UserAuthenticationMethod.ReadWrite.All |

+| Delegated (personal Microsoft account) | Not supported. |

+| Application | UserAuthenticationMethod.ReadWrite.All |

+For delegated scenarios where an admin is acting on another user, the admin needs one of the following [Azure AD roles](/azure/active-directory/users-groups-roles/directory-assign-admin-roles#available-roles):

+* Global administrator

+* Privileged authentication administrator

+* Authentication admin

+## HTTP request

+<!-- {

+ "blockType": "ignored"

+}

+-->

+``` http

+DELETE /users/{id | userPrincipalName}/authentication/emailMethods/{id}

+```

+## Request headers

+|Name|Description|

+|:|:|

+|Authorization|Bearer {token}. Required.|

+## Request body

+Do not supply a request body for this method.

+## Response

+If successful, this method returns a `204 No Content` response code. It does not return anything in the response body.

+## Examples

+### Request

+<!-- {

+ "blockType": "request",

+ "name": "delete_emailauthenticationmethod"

+}

+-->

+``` http

+DELETE https://graph.microsoft.com/v1.0/users/kim@contoso.com/authentication/emailMethods/3ddfcfc8-9383-446f-83cc-3ab9be4be18f

+```

+### Response

+The following is an example of the response.

+<!-- {

+ "blockType": "response",

+ "truncated": true

+}

+-->

+``` http

+HTTP/1.1 204 No Content

+```

+ Title: "Get emailAuthenticationMethod"

+description: "Retrieve a user's emailAuthenticationMethod object."

+ms.localizationpriority: medium

+# Get emailAuthenticationMethod

+Namespace: microsoft.graph

+Retrieve a user's single [email authentication method](../resources/emailauthenticationmethod.md) object.

+## Permissions

+One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Permissions](/graph/permissions-reference).

+### Permissions acting on self

+|Permission type | Permissions (from least to most privileged) |

+|:|:-|

+| Delegated (work or school account) | UserAuthenticationMethod.Read, UserAuthenticationMethod.ReadWrite |

+| Delegated (personal Microsoft account) | Not supported. |

+| Application | Not supported. |

+### Permissions acting on other users

+|Permission type | Permissions (from least to most privileged) |

+|:|:-|

+| Delegated (work or school account) | UserAuthenticationMethod.Read.All, UserAuthenticationMethod.ReadWrite.All |

+| Delegated (personal Microsoft account) | Not supported. |

+| Application | UserAuthenticationMethod.Read.All, UserAuthenticationMethod.ReadWrite.All |

+For delegated scenarios where an admin is acting on another user, the admin needs one of the following [roles](/azure/active-directory/users-groups-roles/directory-assign-admin-roles#available-roles):

+* Global administrator

+* Global reader

+* Privileged authentication administrator

+* Authentication administrator

+## HTTP request

+<!-- {

+ "blockType": "ignored"

+}

+-->

+``` http

+GET /me/authentication/emailMethods/{id}

+GET /users/{id | userPrincipalName}/authentication/emailMethods/{id}

+```

+## Request headers

+|Name|Description|

+|:|:|

+|Authorization|Bearer {token}. Required.|

+## Request body

+Do not supply a request body for this method.

+## Response

+If successful, this method returns a `200 OK` response code and the requested [emailAuthenticationMethod](../resources/emailauthenticationmethod.md) object in the response body.

+## Examples

+### Request

+<!-- {

+ "blockType": "request",

+ "name": "get_emailauthenticationmethod_1"

+}

+-->

+``` http

+GET https://graph.microsoft.com/v1.0/me/authentication/emailMethods/3ddfcfc8-9383-446f-83cc-3ab9be4be18f

+```

+### Response

+The following is an example of the response.

+>**Note:** The response object shown here might be shortened for readability.

+<!-- {

+ "blockType": "response",

+ "truncated": true,

+ "@odata.type": "microsoft.graph.emailAuthenticationMethod"

+}

+-->

+``` http

+HTTP/1.1 200 OK

+Content-type: application/json

+{

+ "value": {

+ "id": "3ddfcfc8-9383-446f-83cc-3ab9be4be18f",

+ "emailAddress": "Kim@contoso.com"

+ }

+}

+```

+ Title: "Update emailAuthenticationMethod"

+description: "Update a user's emailAuthenticationMethod object."

+ms.localizationpriority: medium

+# Update emailAuthenticationMethod

+Namespace: microsoft.graph

+Update a user's email address represented by an [emailAuthenticationMethod](../resources/emailauthenticationmethod.md) object.

+## Permissions

+One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Permissions](/graph/permissions-reference).

+### Permissions acting on self

+|Permission type | Permissions (from least to most privileged) |

+|:|:-|

+| Delegated (work or school account) | UserAuthenticationMethod.ReadWrite |

+| Delegated (personal Microsoft account) | Not supported. |

+| Application | Not supported. |

+### Permissions acting on other users

+|Permission type | Permissions (from least to most privileged) |

+|:|:-|

+| Delegated (work or school account) | UserAuthenticationMethod.ReadWrite.All |

+| Delegated (personal Microsoft account) | Not supported. |

+| Application | UserAuthenticationMethod.ReadWrite.All |

+For delegated scenarios where an admin is acting on another user, the admin needs one of the following [roles](/azure/active-directory/users-groups-roles/directory-assign-admin-roles#available-roles):

+* Global administrator

+* Privileged authentication administrator

+* Authentication administrator

+## HTTP request

+<!-- {

+ "blockType": "ignored"

+}

+-->

+``` http

+PATCH /users/{id | userPrincipalName}/authentication/emailMethods/{id}

+```

+## Request headers

+|Name|Description|

+|:|:|

+|Authorization|Bearer {token}. Required.|

+|Content-Type|application/json. Required.|

+## Request body

+In the request body, supply a JSON representation of the [emailAuthenticationMethod](../resources/emailauthenticationmethod.md) object with the updated email address.

+The following table shows the properties that are required when you update the [emailAuthenticationMethod](../resources/emailauthenticationmethod.md).

+|Property|Type|Description|

+|:|:|:|

+|emailAddress|String|New email address.|

+## Response

+If successful, this method returns a `204 No Content` response code.

+## Examples

+### Request

+<!-- {

+ "blockType": "request",

+ "name": "update_emailauthenticationmethod"

+}

+-->

+``` http

+PATCH https://graph.microsoft.com/v1.0/users/kim@contoso.com/authentication/emailMethods/3ddfcfc8-9383-446f-83cc-3ab9be4be18f

+Content-Type: application/json

+{

+ "emailAddress": "kim@contoso.com"

+}

+```

+### Response

+The following is an example of the response.

+>**Note:** The response object shown here might be shortened for readability.

+<!-- {

+ "blockType": "response",

+ "truncated": true

+} -->

+``` http

+HTTP/1.1 204 No Content

+```

+# [HTTP](#tab/http)

+```msgraph-interactive

+# [C#](#tab/csharp)

+# [JavaScript](#tab/javascript)

+# [Java](#tab/java)

+# [Go](#tab/go)

+# [PowerShell](#tab/powershell)

+# [PHP](#tab/php)

+# [HTTP](#tab/http)

+# [C#](#tab/csharp)

+# [JavaScript](#tab/javascript)

+# [Java](#tab/java)

+# [Go](#tab/go)

+# [PowerShell](#tab/powershell)

+# [PHP](#tab/php)

+# [PowerShell](#tab/powershell)

+# [PowerShell](#tab/powershell)

+# [PowerShell](#tab/powershell)

+ Title: "Delete phoneAuthenticationMethod"

+description: "Delete a user's phone authentication method."

+ms.localizationpriority: medium

+# Delete phoneAuthenticationMethod

+Namespace: microsoft.graph

+Delete a user's [phone authentication method](../resources/phoneauthenticationmethod.md). This removes the phone number from the user and they will no longer be able to use the number for authentication, whether via SMS or voice calls.

+A user cannot have an `alternateMobile` number without a `mobile` number. If you want to remove a `mobile` number from a user that also has an `alternateMobile` number, first [update](phoneauthenticationmethod-update.md) the `mobile` number to the new number, then delete the `alternateMobile` number.

+If the phone number is the user's default Azure multi-factor authentication (MFA) authentication method, it cannot be deleted. Have the user change their default authentication method, and then delete the number.

+## Permissions

+One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Permissions](/graph/permissions-reference).

+### Permissions acting on self

+|Permission type | Permissions (from least to most privileged) |

+|:|:-|

+| Delegated (work or school account) | UserAuthenticationMethod.ReadWrite |

+| Delegated (personal Microsoft account) | Not supported. |

+| Application | Not supported. |

+### Permissions acting on other users

+|Permission type | Permissions (from least to most privileged) |

+|:|:-|

+| Delegated (work or school account) | UserAuthenticationMethod.ReadWrite.All |

+| Delegated (personal Microsoft account) | Not supported. |

+| Application | UserAuthenticationMethod.ReadWrite.All |

+For delegated scenarios where an admin is acting on another user, the admin needs one of the following [Azure AD roles](/azure/active-directory/users-groups-roles/directory-assign-admin-roles#available-roles):

+* Global administrator

+* Privileged authentication administrator

+* Authentication administrator

+## HTTP request

+<!-- { "blockType": "ignored" } -->

+```http

+DELETE /me/authentication/phoneMethods/{id}

+DELETE /users/{id | userPrincipalName}/authentication/phoneMethods/{id}

+```

+The value of `id` corresponding to the phoneType to delete is one of the following:

+## Request headers

+| Name | Description |

+|:--|:--|

+| Authorization | Bearer {token}. Required. |

+## Request body

+Do not supply a request body for this method.

+## Response

+If successful, this method returns a `204 No Content` response code. It does not return anything in the response body.

+## Examples

+### Request

+The following is an example of the request.

+<!-- {

+ "blockType": "request",

+ "name": "delete_phoneauthenticationmethod"

+}-->

+```http

+DELETE https://graph.microsoft.com/v1.0/me/authentication/phoneMethods/3179e48a-750b-4051-897c-87b9720928f7

+```

+### Response

+The following is an example of the response.

+<!-- {

+ "blockType": "response",

+ "truncated": true

+} -->

+```http

+HTTP/1.1 204 No Content

+```

+<!-- uuid: 16cd6b66-4b1a-43a1-adaf-3a886856ed98

+2019-02-04 14:57:30 UTC -->

+<!-- {

+ "type": "#page.annotation",

+ "description": "Delete phoneAuthenticationMethod",

+ "keywords": "",

+ "section": "documentation",

+ "tocPath": ""

+}-->

+ Title: "phoneAuthenticationMethod: disableSmsSignIn"

+description: "Disable SMS sign-in for a mobile phone registered to a user."

+ms.localizationpriority: medium

+# phoneAuthenticationMethod: disableSmsSignIn

+Namespace: microsoft.graph

+Disable SMS sign-in for an existing `mobile` phone number registered to a user. The number will no longer be available for SMS sign-in, which can prevent your user from signing in.

+## Permissions

+One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Permissions](/graph/permissions-reference).

+### Permissions acting on self

+|Permission type | Permissions (from least to most privileged) |

+|:|:-|

+| Delegated (work or school account) | UserAuthenticationMethod.ReadWrite |

+| Delegated (personal Microsoft account) | Not supported. |

+| Application | Not supported. |

+### Permissions acting on other users

+|Permission type | Permissions (from least to most privileged) |

+|:|:-|

+| Delegated (work or school account) | UserAuthenticationMethod.ReadWrite.All |

+| Delegated (personal Microsoft account) | Not supported. |

+| Application | UserAuthenticationMethod.ReadWrite.All |

+For delegated scenarios where an admin is acting on another user, the admin needs one of the following [Azure AD roles](/azure/active-directory/users-groups-roles/directory-assign-admin-roles#available-roles):

+* Global administrator

+* Privileged authentication administrator

+* Authentication administrator

+## HTTP request

+<!-- { "blockType": "ignored" } -->

+```http

+POST /me/authentication/phoneMethods/{id}/disableSmsSignIn

+POST /users/{id | userPrincipalName}/authentication/phoneMethods/{id}/disableSmsSignIn

+```

+The value of `id` for the `mobile` phoneType is `3179e48a-750b-4051-897c-87b9720928f7`.

+## Request headers

+| Name | Description |

+|:--|:--|

+| Authorization | Bearer {token}. Required. |

+## Request body

+Do not supply a request body for this method.

+## Response

+If successful, this method returns a `204 No Content` response code. It does not return anything in the response body.

+## Examples

+The following example shows how to call this API.

+### Request

+The following is an example of the request.

+<!-- {

+ "blockType": "request",

+ "name": "phoneauthenticationmethod_disablesmssignin"

+}-->

+```http

+POST https://graph.microsoft.com/v1.0/me/authentication/phoneMethods/3179e48a-750b-4051-897c-87b9720928f7/disableSmsSignIn

+```

+### Response

+The following is an example of the response.

+<!-- {

+ "blockType": "response"

+} -->

+```http

+HTTP/1.1 204 No Content

+```

+<!-- uuid: 16cd6b66-4b1a-43a1-adaf-3a886856ed98

+2019-02-04 14:57:30 UTC -->

+<!-- {

+ "type": "#page.annotation",

+ "description": "phoneAuthenticationMethod: disableSmsSignIn",

+ "keywords": "",

+ "section": "documentation",

+ "tocPath": ""

+}-->

+ Title: "phoneAuthenticationMethod: enableSmsSignIn"

+description: "Enable SMS sign-in for a mobile phone number registered to a user."

+ms.localizationpriority: medium

+# phoneAuthenticationMethod: enableSmsSignIn

+Namespace: microsoft.graph

+Enable SMS sign-in for an existing `mobile` phone number registered to a user. To be successfully enabled:

+* The phone must have `"phoneType": "mobile"`.

+* The phone must be unique in the SMS sign-in system (no one else can also be using that number).

+* The user must be enabled for SMS sign-in in the [authentication methods](/azure/active-directory/authentication/concept-authentication-methods) policy.

+## Permissions

+One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Permissions](/graph/permissions-reference).

+### Permissions acting on self

+|Permission type | Permissions (from least to most privileged) |

+|:|:-|

+| Delegated (work or school account) | UserAuthenticationMethod.ReadWrite |

+| Delegated (personal Microsoft account) | Not supported. |

+| Application | Not supported. |

+### Permissions acting on other users

+|Permission type | Permissions (from least to most privileged) |

+|:|:-|

+| Delegated (work or school account) | UserAuthenticationMethod.ReadWrite.All |

+| Delegated (personal Microsoft account) | Not supported. |

+| Application | UserAuthenticationMethod.ReadWrite.All |

+For delegated scenarios where an admin is acting on another user, the admin needs one of the following [Azure AD roles](/azure/active-directory/users-groups-roles/directory-assign-admin-roles#available-roles):

+* Global administrator

+* Privileged authentication administrator

+* Authentication administrator

+## HTTP request

+<!-- { "blockType": "ignored" } -->

+```http

+POST /me/authentication/phoneMethods/{id}/enableSmsSignIn

+POST /users/{id | userPrincipalName}/authentication/phoneMethods/{id}/enableSmsSignIn

+```

+The value of `id` for the `mobile` phoneType is `3179e48a-750b-4051-897c-87b9720928f7`.

+## Request headers

+| Name | Description |

+|:--|:--|

+| Authorization | Bearer {token}. Required. |

+## Request body

+Do not supply a request body for this method.

+## Response

+If successful, this method returns a `204 No Content` response code. It does not return anything in the response body.

+## Examples

+The following example shows how to call this API.

+### Request

+The following is an example of the request.

+<!-- {

+ "blockType": "request",

+ "name": "phoneauthenticationmethod_enablesmssignin"

+}-->

+```http

+POST https://graph.microsoft.com/v1.0/me/authentication/phoneMethods/3179e48a-750b-4051-897c-87b9720928f7/enableSmsSignIn

+```

+### Response

+The following is an example of the response.

+<!-- {

+ "blockType": "response"

+} -->

+```http

+HTTP/1.1 204 No Content

+```

+<!-- uuid: 16cd6b66-4b1a-43a1-adaf-3a886856ed98

+2019-02-04 14:57:30 UTC -->

+<!-- {

+ "type": "#page.annotation",

+ "description": "phoneAuthenticationMethod: enableSmsSignIn",

+ "keywords": "",

+ "section": "documentation",

+ "tocPath": ""

+}-->

+ Title: "Get phoneAuthenticationMethod"

+description: "Retrieve a single phoneAuthenticationMethod object for a user."

+ms.localizationpriority: medium

+# Get phoneAuthenticationMethod

+Namespace: microsoft.graph

+Retrieve a single [phoneAuthenticationMethod](../resources/phoneauthenticationmethod.md) object for a user. This method is available only for standard Azure AD and B2B users, but not B2C users.

+## Permissions

+One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Permissions](/graph/permissions-reference).

+### Permissions acting on self

+|Permission type | Permissions (from least to most privileged) |

+|:|:-|

+| Delegated (work or school account) | UserAuthenticationMethod.Read, UserAuthenticationMethod.ReadWrite |

+| Delegated (personal Microsoft account) | Not supported. |

+| Application | Not supported. |

+### Permissions acting on other users

+|Permission type | Permissions (from least to most privileged) |

+|:|:-|

+| Delegated (work or school account) | UserAuthenticationMethod.Read.All, UserAuthenticationMethod.ReadWrite.All |

+| Delegated (personal Microsoft account) | Not supported. |

+| Application | UserAuthenticationMethod.Read.All, UserAuthenticationMethod.ReadWrite.All |

+For delegated scenarios where an admin is acting on another user, the admin needs one of the following [Azure AD roles](/azure/active-directory/users-groups-roles/directory-assign-admin-roles#available-roles):

+* Global administrator

+* Global reader

+* Privileged authentication administrator

+* Authentication administrator (only sees masked phone numbers)

+## HTTP request

+<!-- { "blockType": "ignored" } -->

+```http

+GET /me/authentication/phoneMethods/{phoneMethodId}

+GET /users/{userId | userPrincipalName}/authentication/phoneMethods/{phoneMethodId}

+```

+The value of `phoneMethodId` corresponding to the phoneType is one of the following:

+## Optional query parameters

+This method does not support optional query parameters to customize the response.

+## Request headers

+| Name |Description|

+|:-|:-|

+| Authorization | Bearer {token}. Required. |

+## Request body

+Do not supply a request body for this method.

+## Response

+If successful, this method returns a `200 OK` response code and the requested [phoneAuthenticationMethod](../resources/phoneauthenticationmethod.md) object in the response body.

+## Examples

+### Request

+The following is an example of the request.

+<!-- {

+ "blockType": "request",

+ "name": "get_phoneauthenticationmethod"

+}-->

+```msgraph-interactive

+GET https://graph.microsoft.com/v1.0/me/authentication/phoneMethods/3179e48a-750b-4051-897c-87b9720928f7

+```

+### Response

+The following is an example of the response.

+> **Note:** The response object shown here might be shortened for readability.

+<!-- {

+ "blockType": "response",

+ "truncated": true,

+ "@odata.type": "microsoft.graph.phoneAuthenticationMethod"

+} -->

+```http

+HTTP/1.1 200 OK

+Content-type: application/json

+{

+ "phoneNumber": "+1 2065555555",

+ "phoneType": "mobile",

+ "smsSignInState": "ready",

+ "id": "3179e48a-750b-4051-897c-87b9720928f7"

+}

+```

+<!-- uuid: 16cd6b66-4b1a-43a1-adaf-3a886856ed98

+2019-02-04 14:57:30 UTC -->

+<!-- {

+ "type": "#page.annotation",

+ "description": "Get phoneAuthenticationMethod",

+ "keywords": "",

+ "section": "documentation",

+ "tocPath": ""

+}-->

+ Title: "Update phoneAuthenticationMethod"

+description: "Update a user's phone number associated with a phoneAuthenticationMethod object."

+ms.localizationpriority: medium

+# Update phoneAuthenticationMethod

+Namespace: microsoft.graph

+Update a user's phone number associated with a [phone authentication method](../resources/phoneauthenticationmethod.md) object.

+You can't change a phone's type. To change a phone's type, add a new number of the desired type and then delete the object with the original type.

+If a user is enabled by policy to use SMS to sign in and the `mobile` number is changed, the system will attempt to register the number for use in that system.

+## Permissions

+One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Permissions](/graph/permissions-reference).

+### Permissions acting on self

+|Permission type | Permissions (from least to most privileged) |

+|:|:-|

+| Delegated (work or school account) | UserAuthenticationMethod.ReadWrite |

+| Delegated (personal Microsoft account) | Not supported. |

+| Application | Not supported. |

+### Permissions acting on other users

+|Permission type | Permissions (from least to most privileged) |

+|:|:-|

+| Delegated (work or school account) | UserAuthenticationMethod.ReadWrite.All |

+| Delegated (personal Microsoft account) | Not supported. |

+| Application | UserAuthenticationMethod.ReadWrite.All |

+For delegated scenarios where an admin is acting on another user, the admin needs one of the following [Azure AD roles](/azure/active-directory/users-groups-roles/directory-assign-admin-roles#available-roles):

+* Global administrator

+* Privileged authentication administrator

+* Authentication administrator

+## HTTP request

+<!-- { "blockType": "ignored" } -->

+```http

+PATCH /me/authentication/phoneMethods/{id}

+PATCH /users/{id | userPrincipalName}/authentication/phoneMethods/{id}

+```

+The value of `id` corresponding to the phoneType to update is one of the following:

+## Request headers

+| Name | Description|

+|:--|:--|

+| Authorization | Bearer {token}. Required. |

+| Content-type | application/json. Required. |

+## Request body

+In the request body, supply the values for relevant fields that should be updated. Existing properties that are not included in the request body will be recalculated based on changes to other property values.

+| Property | Type | Description |

+|:-|:|:|

+|phoneNumber|String|The phone number to text or call for authentication. Phone numbers use the format `+{country code} {number}x{extension}`, with extension optional. For example, `+1 5555551234` or `+1 5555551234x123` are valid. Numbers are rejected when creating or updating if they do not match the required format.|

+|phoneType|string| Possible values are: `mobile`, `alternateMobile`, or `office`.|

+## Response

+If successful, this method returns a `204 No Content` response code and an updated [phoneAuthenticationMethod](../resources/phoneauthenticationmethod.md) object in the response body.

+## Examples

+### Request

+The following is an example of the request.

+<!-- {

+ "blockType": "request",

+ "name": "update_phoneauthenticationmethod"

+}-->

+```http

+PATCH https://graph.microsoft.com/v1.0/me/authentication/phoneMethods/3179e48a-750b-4051-897c-87b9720928f7

+Content-type: application/json

+{

+ "phoneNumber": "+1 2065555554",

+ "phoneType": "mobile",

+}

+```

+### Response

+The following is an example of the response.

+<!-- {

+ "blockType": "response",

+ "truncated": true

+} -->

+```http

+HTTP/1.1 204 No Content

+```

+<!-- uuid: 16cd6b66-4b1a-43a1-adaf-3a886856ed98

+2019-02-04 14:57:30 UTC -->

+<!-- {

+ "type": "#page.annotation",

+ "description": "Update phoneauthenticationmethod",

+ "keywords": "",

+ "section": "documentation",

+ "tocPath": ""

+}-->

+# [PowerShell](#tab/powershell)

+# [PowerShell](#tab/powershell)

+# [PowerShell](#tab/powershell)

+# [PowerShell](#tab/powershell)

+# [PowerShell](#tab/powershell)

+ Title: "Delete softwareOathAuthenticationMethod"

+description: "Deletes a user's softwareOathAuthenticationMethod object."

+ms.localizationpriority: medium

+# Delete softwareOathAuthenticationMethod

+Namespace: microsoft.graph

+Delete a user's [Software OATH token authentication method](../resources/softwareoathauthenticationmethod.md) object.

+## Permissions

+One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Permissions](/graph/permissions-reference).

+### Permissions acting on self

+|Permission type | Permissions (from least to most privileged) |

+|:|:-|

+| Delegated (work or school account) | UserAuthenticationMethod.ReadWrite |

+| Delegated (personal Microsoft account) | Not supported. |

+| Application | Not supported. |

+### Permissions acting on other users

+|Permission type | Permissions (from least to most privileged) |

+|:|:-|

+| Delegated (work or school account) | UserAuthenticationMethod.ReadWrite.All |

+| Delegated (personal Microsoft account) | Not supported. |

+| Application | UserAuthenticationMethod.ReadWrite.All |

+For delegated scenarios where an admin is acting on another user, the admin needs [one of the following directory roles](/azure/active-directory/users-groups-roles/directory-assign-admin-roles#available-roles):

+* Authentication administrator

+* Privileged authentication administrator

+* Global administrator

+## HTTP request

+<!-- {

+ "blockType": "ignored"

+}

+-->

+``` http

+DELETE /users/{id | userPrincipalName}/authentication/softwareOathMethods/{id}

+```

+## Request headers

+|Name|Description|

+|:|:|

+|Authorization|Bearer {token}. Required.|

+## Request body

+Do not supply a request body for this method.

+## Response

+If successful, this method returns a `204 No Content` response code.

+## Examples

+### Request

+<!-- {

+ "blockType": "request",

+ "name": "delete_softwareoathauthenticationmethod"

+}

+-->

+``` http

+DELETE https://graph.microsoft.com/v1.0/users/kim@contoso.com/authentication/softwareOathMethods/b172893e-893e-b172-3e89-72b13e8972b1

+```

+### Response

+<!-- {

+ "blockType": "response",

+ "truncated": true

+}

+-->

+``` http

+HTTP/1.1 204 No Content

+```

+ Title: "Get softwareOathAuthenticationMethod"

+description: "Retrieve a user's softwareOathAuthenticationMethod object and is properties."

+ms.localizationpriority: medium

+# Get softwareOathAuthenticationMethod

+Namespace: microsoft.graph

+Retrieve a user's single [Software OATH token authentication method](../resources/softwareoathauthenticationmethod.md) object and its properties.

+## Permissions

+One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Permissions](/graph/permissions-reference).

+### Permissions acting on self

+|Permission type | Permissions (from least to most privileged) |

+|:|:-|

+| Delegated (work or school account) | UserAuthenticationMethod.Read, UserAuthenticationMethod.ReadWrite |

+| Delegated (personal Microsoft account) | Not supported. |

+| Application | Not supported. |

+### Permissions acting on other users

+|Permission type | Permissions (from least to most privileged) |

+|:|:-|

+| Delegated (work or school account) | UserAuthenticationMethod.Read.All, UserAuthenticationMethod.ReadWrite.All |

+| Delegated (personal Microsoft account) | Not supported. |

+| Application | UserAuthenticationMethod.Read.All, UserAuthenticationMethod.ReadWrite.All |

+For delegated scenarios where an admin is acting on another user, the admin needs [one of the following directory roles](/azure/active-directory/users-groups-roles/directory-assign-admin-roles#available-roles):

+* Global Reader

+* Authentication administrator

+* Privileged authentication administrator

+* Global administrator

+## HTTP request

+<!-- {

+ "blockType": "ignored"

+}

+-->

+``` http

+GET /me/authentication/softwareOathMethods/{id}

+GET /users/{id | userPrincipalName}/authentication/softwareOathMethods/{id}

+```

+## Request headers

+|Name|Description|

+|:|:|

+|Authorization|Bearer {token}. Required.|

+## Request body

+Do not supply a request body for this method.

+## Response

+If successful, this method returns a `200 OK` response code and a [softwareOathAuthenticationMethod](../resources/softwareoathauthenticationmethod.md) object in the response body.

+## Examples

+### Request

+<!-- {

+ "blockType": "request",

+ "name": "get_softwareoathauthenticationmethod"

+}

+-->

+``` http

+GET https://graph.microsoft.com/v1.0/me/authentication/softwareOathMethods/b172893e-893e-b172-3e89-72b13e8972b1

+```

+### Response

+>**Note:** The response object shown here might be shortened for readability.

+<!-- {

+ "blockType": "response",

+ "truncated": true,

+ "@odata.type": "microsoft.graph.softwareOathAuthenticationMethod"

+}

+-->

+``` http

+HTTP/1.1 200 OK

+Content-Type: application/json

+{

+ "value": {

+ "@odata.type": "#microsoft.graph.softwareOathAuthenticationMethod",

+ "id": "b172893e-893e-b172-3e89-72b13e8972b1",

+ "secretKey": null

+ }

+}

+```

+# [HTTP](#tab/http)

+# [C#](#tab/csharp)

+# [JavaScript](#tab/javascript)

+# [Java](#tab/java)

+# [Go](#tab/go)

+# [PHP](#tab/php)

+# [PowerShell](#tab/powershell)

+# [PowerShell](#tab/powershell)

+# [PowerShell](#tab/powershell)

+| [List deleted applications owned by user](../api/directory-deleteditems-getuserownedobjects.md) | [directoryObject](directoryobject.md) collection | Retrieve the applications deleted in the tenant in the last 30 days and that are owned by a user. |

+|emailMethods|[emailAuthenticationMethod](../resources/emailauthenticationmethod.md) collection|The email address registered to a user for authentication. |

+|phoneMethods|[phoneAuthenticationMethod](../resources/phoneauthenticationmethod.md) collection|The phone numbers registered to a user for authentication.|

+|softwareOathMethods|[softwareOathAuthenticationMethod](../resources/softwareoathauthenticationmethod.md) collection|The software OATH TOTP applications registered to a user for authentication.|

+* You can add a phone number to a user. The user can then use that phone number for SMS and voice call authentication if they're enabled to use it by policy.

+ * You can update that number, or delete it from the user.

+ * You can enable or disable the number for SMS sign-in.

+* You can retrieve details of a user's Windows Hello for Business registration, and delete it if the user has lost the device.

+* You can add an email address to a user. The user can then use that email as part of the Self-Service Password Reset (SSPR) process.

+ * You can update that email, or delete it from the user.

+|[emailAuthenticationMethod](emailauthenticationmethod.md)|An email address can be used by a user as part of the Self-Service Password Reset (SSPR) process.|See a user's authentication email address. Add, update, or remove an email address to a user.|

+|[phoneAuthenticationMethod](phoneauthenticationmethod.md)|A phone can be used by a user to authenticate using [SMS or voice calls](/azure/active-directory/authentication/concept-authentication-methods#phone-options) as allowed by policy.|See a user's authentication phone numbers. Add, update, or remove a phone number for a user. Enable or disable a primary mobile phone for SMS sign-in.|

+|[softwareOathAuthenticationMethod](softwareoathauthenticationmethod.md)| Allow users to perform multifactor authentication using an application that supporters the OATH TOTP specification and provides a one-time code.|Get and delete a software OATH token assigned to a user.|

+|Require re-register MFA | Represents a configuration that requires that when user signs in next time, they're requested to set up a new MFA authentication method.| **NOTE:** This feature is replaced by the individual authentication method APIs listed above. These can be used to delete a user's existing registered authentication methods; once the user has no more methods, they'll be prompted to register the next time they sign in where strong authentication is required (the user can also register at any time using [MySecurityInfo](https://aka.ms/mysecurityinfo)). This can be done using the Azure portal, Microsoft Graph APIs, and the Microsoft Graph Powershell SDK. The legacy version of this feature is currently supported only through the MSOL`Set-MsolUser` cmdlet, using the **StrongAuthenticationMethods** property. |

+|[List deleted items owned by a user](../api/directory-deleteditems-getuserownedobjects.md) | [directoryObject](directoryobject.md) collection | Lists directory items owned by a user. |

+ Title: "emailAuthenticationMethod resource type"

+description: "Represents an email address registered to a user. Email as an authentication method is available only for self-service password reset (SSPR)."

+ms.localizationpriority: medium

+# emailAuthenticationMethod resource type

+Namespace: microsoft.graph

+Represents an email address registered to a user. Email as an authentication method is available only for self-service password reset (SSPR). Users may only have one email authentication method.

+## Methods

+|Method|Return type|Description|

+|:|:|:|

+|[List emailMethods](../api/authentication-list-emailmethods.md)|[emailAuthenticationMethod](../resources/emailauthenticationmethod.md) collection|Retrieve a list of a user's email authentication methods. Users may only have one email authentication method.|

+|[Create emailMethod](../api/authentication-post-emailmethods.md)|[emailAuthenticationMethod](../resources/emailauthenticationmethod.md)|Create a user's **emailAuthenticationMethod** object.|

+|[Get emailAuthenticationMethod](../api/emailauthenticationmethod-get.md)|[emailAuthenticationMethod](../resources/emailauthenticationmethod.md)|Retrieve the properties of the user's **emailAuthenticationMethod** object.|

+|[Update emailAuthenticationMethod](../api/emailauthenticationmethod-update.md)| None |Update the properties of a user's **emailAuthenticationMethod** object.|

+|[Delete emailAuthenticationMethod](../api/emailauthenticationmethod-delete.md)|None|Delete a user's **emailAuthenticationMethod** object.|

+## Properties

+|Property|Type|Description|

+|:|:|:|

+|emailAddress|String|The email address registered to this user.|

+|id|String|The identifier of the email address registered to this user.|

+## Relationships

+None.

+## JSON representation

+The following is a JSON representation of the resource.

+<!-- {

+ "blockType": "resource",

+ "keyProperty": "id",

+ "@odata.type": "microsoft.graph.emailAuthenticationMethod",

+ "baseType": "microsoft.graph.authenticationMethod",

+ "openType": false

+}

+-->

+``` json

+{

+ "@odata.type": "#microsoft.graph.emailAuthenticationMethod",

+ "id": "String (identifier)",

+ "emailAddress": "String"

+}

+```

+| [List deleted groups owned by user](../api/directory-deleteditems-getuserownedobjects.md) | [directoryObject](directoryobject.md) collection | Retrieve the groups deleted in the tenant in the last 30 days and that are owned by a user. |

+ Title: "phoneAuthenticationMethod resource type"

+description: "Represents a phone number and type that's registered to a user."

+ms.localizationpriority: medium

+# phoneAuthenticationMethod resource type

+Namespace: microsoft.graph

+Represents a phone number and type that's registered to a user, and whether it's configured for the user to sign in via SMS.

+A phone has one of three types: mobile, alternate mobile, or office. A user can have one number registered for each type, and must have a mobile phone before an alternate mobile phone is added. When using a phone for multi-factor authentication (MFA) or self-service password reset (SSPR), the mobile phone is the default and the alternate mobile phone is the backup.

+Mobile phones can be used for both SMS and voice calls, depending on the tenant settings.

+An office phone can only receive voice calls, not SMS messages.

+## Methods

+| Method | Return Type | Description |

+|:-|:|:|

+| [List phoneMethods](../api/authentication-list-phonemethods.md) | [phoneAuthenticationMethod](phoneauthenticationmethod.md) | Read properties and relationships of all this user's phoneAuthenticationMethod objects. |

+| [Get phoneAuthenticationMethod](../api/phoneauthenticationmethod-get.md) | [phoneAuthenticationMethod](phoneauthenticationmethod.md) | Read properties and relationships of the phoneAuthenticationMethod object for a user. |

+|[Create phoneMethod](../api/authentication-post-phonemethods.md)|[phoneAuthenticationMethod](phoneauthenticationmethod.md)|Create a user's phoneAuthenticationMethod object.|

+| [Update phoneAuthenticationMethod](../api/phoneauthenticationmethod-update.md) | None | Update the phoneAuthenticationMethod object for a user. |

+| [Delete phoneAuthenticationMethod](../api/phoneauthenticationmethod-delete.md) | None | Delete the phoneAuthenticationMethod object for a user. |

+|[Disable SMS signin](../api/phoneauthenticationmethod-disablesmssignin.md)|None|Turn off SMS sign-in for a user.|

+|[Enable SMS signin](../api/phoneauthenticationmethod-enablesmssignin.md)|None|Turn on SMS sign-in for a user.|

+## Properties

+| Property | Type | Description |

+|:-|:|:|

+|id|String| The identifier of this phone registered to this user. Read-only. <br/><br/>The value of id is one of the following:<ul><li>`b6332ec1-7057-4abe-9331-3d72feddfe41` - where **phoneType** is `alternateMobile`.</li><li>`e37fc753-ff3b-4958-9484-eaa9425c82bc` - where **phoneType** is `office`.</li><li>`3179e48a-750b-4051-897c-87b9720928f7` - where **phoneType** is `mobile`.</li>|

+|phoneNumber|String|The phone number to text or call for authentication. Phone numbers use the format `+{country code} {number}x{extension}`, with extension optional. For example, `+1 5555551234` or `+1 5555551234x123` are valid. Numbers are rejected when creating or updating if they do not match the required format. |

+|phoneType|authenticationPhoneType|The type of this phone. Possible values are: `mobile`, `alternateMobile`, or `office`.|

+|smsSignInState|authenticationMethodSignInState|Whether a phone is ready to be used for SMS sign-in or not. Possible values are: `notSupported`, `notAllowedByPolicy`, `notEnabled`, `phoneNumberNotUnique`, `ready`, or `notConfigured`, `unknownFutureValue`.|

+### authenticationPhoneType values

+Phones can be of three types, the following are the possible values.

+|Value|Description|

+|--|--|

+|mobile|A primary mobile phone, usable for SMS and voice calls.|

+|alternateMobile|An alternate or backup mobile phone, usable for SMS and voice calls.|

+|office|An office phone or landline, usable only for voice calls.|

+### authenticationMethodSignInState values

+The SMS sign-in state property gives information about whether or not a phone number is ready for sign in via SMS. The following are the possible values.

+|Value|Description|

+|--|--|

+|notSupported|Primary sign-in is not supported on this authentication method. For example, sign-in can be enabled only on a user's primary mobile number but not the alternate number.|

+|notAllowedByPolicy|This user isn't enabled by policy to use this method as a primary sign-in.|

+|notConfigured|This user is enabled by policy to use this method as primary sign-in but needs to take additional action to configure it.|

+|phoneNumberNotUnique|This user attempted to set up a phone number as primary sign-in but the number was not unique and can't be used as a sign-in name.|

+|ready|This authentication method is ready for use in primary sign-in.|

+|notEnabled|This sign-in method is not enabled|

+## Relationships

+None.

+## JSON representation

+The following is a JSON representation of the resource.

+<!-- {

+ "blockType": "resource",

+ "optionalProperties": [

+ ],

+ "@odata.type": "microsoft.graph.phoneAuthenticationMethod",

+ "keyProperty": "id"

+}-->

+```json

+{

+ "id": "String (identifier)",

+ "phoneNumber": "String",

+ "phoneType": "string",

+ "smsSignInState": "string"

+}

+```

+<!-- uuid: 16cd6b66-4b1a-43a1-adaf-3a886856ed98

+2019-02-04 14:57:30 UTC -->

+<!-- {

+ "type": "#page.annotation",

+ "description": "phoneAuthenticationMethod resource",

+ "keywords": "",

+ "section": "documentation",

+ "tocPath": ""

+}-->

+ Title: "softwareOathAuthenticationMethod resource type"

+description: "Represents a Software OATH token registered to a user. Software OATH is a multi-factor authentication method."

+ms.localizationpriority: medium

+# softwareOathAuthenticationMethod resource type

+Namespace: microsoft.graph

+Represents a software OATH token registered to a user. A software OATH token is a software-based number generator that uses the OATH Time-Based One Time Password (TOTP) standard for multi-factor authentication. This API will not return Microsoft Authenticator authentication method entities, though it will return an entity if Microsoft Authenticator was set up via the third-party software authenticator flow.

+## Methods

+|Method|Return type|Description|

+|:|:|:|

+|[List softwareOathMethods](../api/authentication-list-softwareoathmethods.md)|[softwareOathAuthenticationMethod](../resources/softwareoathauthenticationmethod.md) collection|Retrieve a list of a user's softwareOathAuthenticationMethod objects and their properties.|

+|[Get softwareOathAuthenticationMethod](../api/softwareoathauthenticationmethod-get.md)|[softwareOathAuthenticationMethod](../resources/softwareoathauthenticationmethod.md)|Read the properties of a user's softwareOathAuthenticationMethod object.|

+|[Delete softwareOathAuthenticationMethod](../api/softwareoathauthenticationmethod-delete.md)|None|Delete a user's softwareOathAuthenticationMethod object.|

+## Properties

+|Property|Type|Description|

+|:|:|:|

+|id|String|The authentication method identifier.|

+|secretKey|String|The secret key of the method. Always returns `null`.|

+## Relationships

+None.

+## JSON representation

+The following is a JSON representation of the resource.

+<!-- {

+ "blockType": "resource",

+ "keyProperty": "id",

+ "@odata.type": "microsoft.graph.softwareOathAuthenticationMethod",

+ "baseType": "microsoft.graph.authenticationMethod",

+ "openType": false

+}

+-->

+``` json

+{

+ "@odata.type": "#microsoft.graph.softwareOathAuthenticationMethod",

+ "id": "String (identifier)",

+ "secretKey": "String"

+}

+```

+| [List deleted groups owned by user](../api/directory-deleteditems-getuserownedobjects.md) | [directoryObject](directoryobject.md) collection | Retrieve the groups deleted in the tenant in the last 30 days and that are owned by a user. |

+ href: api/directory-deleteditems-getuserownedobjects.md

+ href: api/directory-deleteditems-getuserownedobjects.md

+ href: api/directory-deleteditems-getuserownedobjects.md

+ - name: Software OATH token

+ href: resources/softwareOathAuthenticationMethod.md

+ items:

+ - name: List

+ href: api/authentication-list-softwareoathmethods.md

+ - name: Get

+ href: api/softwareOathAuthenticationMethod-get.md

+ - name: Delete

+ href: api/softwareOathAuthenticationMethod-delete.md

+ - name: Phone

+ href: resources/phoneauthenticationmethod.md

+ href: api/authentication-list-phonemethods.md

+ href: api/phoneauthenticationmethod-get.md

+ - name: Update

+ href: api/phoneauthenticationmethod-update.md

+ href: api/phoneauthenticationmethod-delete.md

+ - name: Add

+ href: api/authentication-post-phonemethods.md

+ - name: Enable SMS sign-in

+ href: api/phoneauthenticationmethod-enablesmssignin.md

+ - name: Disable SMS sign-in

+ href: api/phoneauthenticationmethod-disablesmssignin.md

+ - name: Email

+ href: resources/emailauthenticationmethod.md

+ items:

+ - name: List

+ href: api/authentication-list-emailmethods.md

+ - name: Get

+ href: api/emailauthenticationmethod-get.md

+ - name: Update

+ href: api/emailauthenticationmethod-update.md

+ - name: Delete

+ href: api/emailauthenticationmethod-delete.md

+ - name: Add

+ href: api/authentication-post-emailmethods.md

+ displayName: CBA

+ - name: Temporary Access Pass

+ href: resources/temporaryaccesspassauthenticationmethod.md

+ items:

+ - name: List

+ href: api/authentication-list-temporaryaccesspassmethods.md

+ - name: Create

+ href: api/authentication-post-temporaryaccesspassmethods.md

+ - name: Get

+ href: api/temporaryaccesspassauthenticationmethod-get.md

+ - name: Delete

+ href: api/temporaryaccesspassauthenticationmethod-delete.md

+ href: api/directory-deleteditems-getuserownedobjects.md