Microsoft Graph User

The Entra ID Users integration (formerly Azure Active Directory Users) is a Unified gateway to security insights - all from a unified Microsoft Graph User API.

Analytics & SIEM · Microsoft Graph User

Configuration parameters

  • azure_cloud — Azure Cloud
  • host — Server URL (e.g., https://graph.microsoft.com) (required)
  • creds_auth_id
  • creds_tenant_id
  • creds_enc_key
  • auth_id — ID (received from the admin consent - see Detailed Instructions (?)
  • tenant_id — Token (received from the admin consent - see Detailed Instructions (?) section)
  • enc_key — Key (received from the admin consent - see Detailed Instructions (?)
  • creds_certificate — Certificate Thumbprint
  • certificate_thumbprint — Certificate Thumbprint
  • private_key — Private Key
  • self_deployed — Use a self-deployed Azure application
  • redirect_uri — Application redirect URI (for Self Deployed - Authorization Code Flow)
  • creds_auth_code
  • auth_code — Authorization code (for Authorization Code flow mode - received from the authorization step. see Detailed Instructions (?) section)
  • use_managed_identities — Use Azure Managed Identities
  • managed_identities_client_id
  • insecure — Trust any certificate (not secure)
  • proxy — Use system proxy settings
  • handle_error — Suppress Errors for Non Found Users
  • allow_secret_generators — Allow secret generators commands execution

Commands (43)

  • msgraph-direct-reports

    Retrieves the direct reports for a user. Direct reports are the people who have that user configured as their manager.

  • msgraph-user-account-disable

    Disables a user from all Office 365 applications, and prevents sign in. Note: This command disables the user but does not terminate an existing session. Supported only in a self deployed app flow with the Permission: Directory.AccessAsUser.All(Delegated).

  • msgraph-user-assign-manager

    Assigns a manager to the specified user. Permission: - User.ReadWrite (Delegated) or - User.ReadWrite (Application).

  • msgraph-user-auth-reset

    Run this command if for some reason you need to rerun the authentication process.

  • msgraph-user-authenticator-method-delete

    Deletes a Microsoft Authenticator authentication method from a user. Permission: UserAuthenticationMethod.ReadWrite.All - Delegated or Application

  • msgraph-user-authenticator-method-list

    Lists the Microsoft Authenticator authentication methods registered to a user, or retrieves a specific method by ID. Permission: UserAuthenticationMethod.Read.All or UserAuthenticationMethod.ReadWrite.All - Delegated or Application

  • msgraph-user-change-password

    Changes the user password. Supported only in a self deployed app flow with the Permission: Directory.AccessAsUser.All(Delegated).

  • msgraph-user-change-password-on-premise

    Changes the password of an on-premise user. See documentation for full permissions and roles to execute this command. Providing a password is required (password auto-generation is not supported).

  • msgraph-user-create

    Creates a new user. Permissions: - User.ReadWrite.All (Delegated & Application).

  • msgraph-user-create-mfa-client-access-token

    Issue a new access token for the MFA app.

  • msgraph-user-create-mfa-client-secret

    Issue a new client secret for the MFA app.

  • msgraph-user-delete

    Deletes an existing user. Permissions: - Directory.AccessAsUser.All (Delegated) - User.ReadWrite.All (Application).

  • msgraph-user-email-method-delete

    Deletes an email authentication method from a user. Permission: UserAuthenticationMethod.ReadWrite.All - Delegated or Application

  • msgraph-user-email-method-list

    Lists the email authentication methods registered to a user, or retrieves a specific email method by ID. Permission: UserAuthenticationMethod.Read.All or UserAuthenticationMethod.ReadWrite.All - Delegated or Application

  • msgraph-user-fido2-method-delete

    Deletes a FIDO2 authentication method from a user. Permission: UserAuthenticationMethod.ReadWrite.All - Delegated or Application

  • msgraph-user-fido2-method-list

    Lists the FIDO2 authentication methods registered to a user or retrieves a specific method by ID. Permission: UserAuthenticationMethod.Read.All or UserAuthenticationMethod.ReadWrite.All

  • msgraph-user-force-reset-password

    Forces a user to reset their password the next time they log in. Note that this action does not terminate the user’s current session. If you also want to force the user to sign in again, use the msgraph-user-session-revoke command. This operation is supported only when using a self-deployed app flow with the Directory.AccessAsUser.All and User-PasswordProfile.ReadWrite.All delegated permissions. For further info, see https://learn.microsoft.com/en-us/graph/api/user-update?view=graph-rest-1.0&tabs=http#example-3-update-the-passwordprofile-of-a-user-and-reset-their-password Furthermore, the signed in user must have a higher privileged administrator role than the user who's password is being reset. The admin hierarchy table can be viewed here: https://learn.microsoft.com/en-us/graph/api/resources/users?view=graph-rest-1.0#who-can-reset-passwords

  • msgraph-user-generate-login-url

    Generate the login url used for Authorization code flow.

  • msgraph-user-get

    Retrieves the properties and relationships of a user object. For more information, visit: https://learn.microsoft.com/en-us/graph/api/user-get?view=graph-rest-1.0&tabs=http. Permissions: - User.Read (Delegated) - User.Read.All (Application).

  • msgraph-user-get-auth-methods

    Retrieve a list of authentication methods registered to a user.

  • msgraph-user-get-delta Deprecated

    Deprecated. This command only returns a single page. Use the msgraph-user-list command instead, which gets newly created, updated, or deleted users without performing a full read of the entire user collection. Permissions: - User.Read (Delegated) - User.Read.All (Application).

  • msgraph-user-get-groups

    Retrieves the groups a user is part of.

  • msgraph-user-get-manager

    Retrieves the properties from the manager of a user.

  • msgraph-user-get-user-default-auth-method

    Retrieves the authentication preferences for a user, including the default method.

  • msgraph-user-list

    Retrieves a list of user objects. Permissions: - User.ReadBasic.All (Delegated) - User.Read.All (Application).

  • msgraph-user-owned-devices-list

    Lists the devices that are owned by the user. Permission: User.Read.All,Directory.Read.All - Delegated

  • msgraph-user-phone-method-delete

    Deletes a phone authentication method from a user. Permission: UserAuthenticationMethod.ReadWrite.All - Delegated or Application

  • msgraph-user-phone-method-list

    Lists the phone authentication methods registered to a user, or retrieves a specific phone method by ID. Permission: UserAuthenticationMethod.Read.All or UserAuthenticationMethod.ReadWrite.All - Delegated or Application

  • msgraph-user-request-mfa

    Pops a synchronous MFA request for the given user. This is a blocking call that waits for user response or timeout.

  • msgraph-user-session-revoke

    Revoke a user session by invalidating all refresh tokens issued to applications for a user. This command requires an administrator role. Permission required: Directory.AccessAsUser.All (Delegated).

  • msgraph-user-software-oath-method-delete

    Deletes a software OATH authentication method from a user. Permission: UserAuthenticationMethod.ReadWrite.All - Delegated or Application

  • msgraph-user-software-oath-method-list

    Lists the software OATH authentication methods registered to a user, or retrieves a specific method by ID. Permission: UserAuthenticationMethod.Read.All or UserAuthenticationMethod.ReadWrite.All - Delegated or Application

  • msgraph-user-tap-policy-create

    Create a new TAP policy for a user. During the command execution, a password-protected zip file will be generated, including the new TAP password. You can download the file, use your password to unlock it, and get the TAP password. A user can only have one Temporary Access Pass that's usable within its specified lifetime. Permission:UserAuthenticationMethod.ReadWrite.All

  • msgraph-user-tap-policy-delete

    Deletes a specific TAP policy. Permission:UserAuthenticationMethod.ReadWrite.All

  • msgraph-user-tap-policy-list

    Lists all TAP policies for a user. This command will only return a single object in the collection as a user can have only one Temporary Access Pass (TAP) method. Permission:UserAuthenticationMethod.Read.All

  • msgraph-user-temp-access-pass-method-delete

    Deletes a Temporary Access Pass authentication method from a user. Permission: UserAuthenticationMethod.ReadWrite.All - Delegated or Application

  • msgraph-user-temp-access-pass-method-list

    Lists the Temporary Access Pass authentication methods registered to a user, or retrieves a specific method by ID. Permission: UserAuthenticationMethod.Read.All or UserAuthenticationMethod.ReadWrite.All - Delegated or Application

  • msgraph-user-terminate-session Deprecated

    Deprecated. Use the msgraph-user-account-disable command instead.

  • msgraph-user-test

    Tests connectivity to Microsoft Graph User.

  • msgraph-user-unblock

    Unblock a user.

  • msgraph-user-update

    Updates the properties of a user object. Permissions: - User.ReadWrite (Delegated & Application).

  • msgraph-user-windows-hello-method-delete

    Deletes a Windows Hello for Business authentication method from a user. Permission: UserAuthenticationMethod.ReadWrite.All - Delegated or Application

  • msgraph-user-windows-hello-method-list

    Lists the Windows Hello for Business authentication methods registered to a user, or retrieves a specific method by ID. Permission: UserAuthenticationMethod.Read.All or UserAuthenticationMethod.ReadWrite.All - Delegated or Application