Microsoft Graph User
The Entra ID Users integration (formerly Azure Active Directory Users) is a Unified gateway to security insights - all from a unified Microsoft Graph User API.
Analytics & SIEM · Microsoft Graph User
Configuration parameters
azure_cloud— Azure Cloudhost— Server URL (e.g., https://graph.microsoft.com) (required)creds_auth_id—creds_tenant_id—creds_enc_key—auth_id— ID (received from the admin consent - see Detailed Instructions (?)tenant_id— Token (received from the admin consent - see Detailed Instructions (?) section)enc_key— Key (received from the admin consent - see Detailed Instructions (?)creds_certificate— Certificate Thumbprintcertificate_thumbprint— Certificate Thumbprintprivate_key— Private Keyself_deployed— Use a self-deployed Azure applicationredirect_uri— Application redirect URI (for Self Deployed - Authorization Code Flow)creds_auth_code—auth_code— Authorization code (for Authorization Code flow mode - received from the authorization step. see Detailed Instructions (?) section)use_managed_identities— Use Azure Managed Identitiesmanaged_identities_client_id—insecure— Trust any certificate (not secure)proxy— Use system proxy settingshandle_error— Suppress Errors for Non Found Usersallow_secret_generators— Allow secret generators commands execution
Commands (43)
-
msgraph-direct-reportsRetrieves the direct reports for a user. Direct reports are the people who have that user configured as their manager.
-
msgraph-user-account-disableDisables a user from all Office 365 applications, and prevents sign in. Note: This command disables the user but does not terminate an existing session. Supported only in a self deployed app flow with the Permission: Directory.AccessAsUser.All(Delegated).
-
msgraph-user-assign-managerAssigns a manager to the specified user. Permission: - User.ReadWrite (Delegated) or - User.ReadWrite (Application).
-
msgraph-user-auth-resetRun this command if for some reason you need to rerun the authentication process.
-
msgraph-user-authenticator-method-deleteDeletes a Microsoft Authenticator authentication method from a user. Permission: UserAuthenticationMethod.ReadWrite.All - Delegated or Application
-
msgraph-user-authenticator-method-listLists the Microsoft Authenticator authentication methods registered to a user, or retrieves a specific method by ID. Permission: UserAuthenticationMethod.Read.All or UserAuthenticationMethod.ReadWrite.All - Delegated or Application
-
msgraph-user-change-passwordChanges the user password. Supported only in a self deployed app flow with the Permission: Directory.AccessAsUser.All(Delegated).
-
msgraph-user-change-password-on-premiseChanges the password of an on-premise user. See documentation for full permissions and roles to execute this command. Providing a password is required (password auto-generation is not supported).
-
msgraph-user-createCreates a new user. Permissions: - User.ReadWrite.All (Delegated & Application).
-
msgraph-user-create-mfa-client-access-tokenIssue a new access token for the MFA app.
-
msgraph-user-create-mfa-client-secretIssue a new client secret for the MFA app.
-
msgraph-user-deleteDeletes an existing user. Permissions: - Directory.AccessAsUser.All (Delegated) - User.ReadWrite.All (Application).
-
msgraph-user-email-method-deleteDeletes an email authentication method from a user. Permission: UserAuthenticationMethod.ReadWrite.All - Delegated or Application
-
msgraph-user-email-method-listLists the email authentication methods registered to a user, or retrieves a specific email method by ID. Permission: UserAuthenticationMethod.Read.All or UserAuthenticationMethod.ReadWrite.All - Delegated or Application
-
msgraph-user-fido2-method-deleteDeletes a FIDO2 authentication method from a user. Permission: UserAuthenticationMethod.ReadWrite.All - Delegated or Application
-
msgraph-user-fido2-method-listLists the FIDO2 authentication methods registered to a user or retrieves a specific method by ID. Permission: UserAuthenticationMethod.Read.All or UserAuthenticationMethod.ReadWrite.All
-
msgraph-user-force-reset-passwordForces a user to reset their password the next time they log in. Note that this action does not terminate the user’s current session. If you also want to force the user to sign in again, use the msgraph-user-session-revoke command. This operation is supported only when using a self-deployed app flow with the Directory.AccessAsUser.All and User-PasswordProfile.ReadWrite.All delegated permissions. For further info, see https://learn.microsoft.com/en-us/graph/api/user-update?view=graph-rest-1.0&tabs=http#example-3-update-the-passwordprofile-of-a-user-and-reset-their-password Furthermore, the signed in user must have a higher privileged administrator role than the user who's password is being reset. The admin hierarchy table can be viewed here: https://learn.microsoft.com/en-us/graph/api/resources/users?view=graph-rest-1.0#who-can-reset-passwords
-
msgraph-user-generate-login-urlGenerate the login url used for Authorization code flow.
-
msgraph-user-getRetrieves the properties and relationships of a user object. For more information, visit: https://learn.microsoft.com/en-us/graph/api/user-get?view=graph-rest-1.0&tabs=http. Permissions: - User.Read (Delegated) - User.Read.All (Application).
-
msgraph-user-get-auth-methodsRetrieve a list of authentication methods registered to a user.
-
msgraph-user-get-deltaDeprecatedDeprecated. This command only returns a single page. Use the msgraph-user-list command instead, which gets newly created, updated, or deleted users without performing a full read of the entire user collection. Permissions: - User.Read (Delegated) - User.Read.All (Application).
-
msgraph-user-get-groupsRetrieves the groups a user is part of.
-
msgraph-user-get-managerRetrieves the properties from the manager of a user.
-
msgraph-user-get-user-default-auth-methodRetrieves the authentication preferences for a user, including the default method.
-
msgraph-user-listRetrieves a list of user objects. Permissions: - User.ReadBasic.All (Delegated) - User.Read.All (Application).
-
msgraph-user-owned-devices-listLists the devices that are owned by the user. Permission: User.Read.All,Directory.Read.All - Delegated
-
msgraph-user-phone-method-deleteDeletes a phone authentication method from a user. Permission: UserAuthenticationMethod.ReadWrite.All - Delegated or Application
-
msgraph-user-phone-method-listLists the phone authentication methods registered to a user, or retrieves a specific phone method by ID. Permission: UserAuthenticationMethod.Read.All or UserAuthenticationMethod.ReadWrite.All - Delegated or Application
-
msgraph-user-request-mfaPops a synchronous MFA request for the given user. This is a blocking call that waits for user response or timeout.
-
msgraph-user-session-revokeRevoke a user session by invalidating all refresh tokens issued to applications for a user. This command requires an administrator role. Permission required: Directory.AccessAsUser.All (Delegated).
-
msgraph-user-software-oath-method-deleteDeletes a software OATH authentication method from a user. Permission: UserAuthenticationMethod.ReadWrite.All - Delegated or Application
-
msgraph-user-software-oath-method-listLists the software OATH authentication methods registered to a user, or retrieves a specific method by ID. Permission: UserAuthenticationMethod.Read.All or UserAuthenticationMethod.ReadWrite.All - Delegated or Application
-
msgraph-user-tap-policy-createCreate a new TAP policy for a user. During the command execution, a password-protected zip file will be generated, including the new TAP password. You can download the file, use your password to unlock it, and get the TAP password. A user can only have one Temporary Access Pass that's usable within its specified lifetime. Permission:UserAuthenticationMethod.ReadWrite.All
-
msgraph-user-tap-policy-deleteDeletes a specific TAP policy. Permission:UserAuthenticationMethod.ReadWrite.All
-
msgraph-user-tap-policy-listLists all TAP policies for a user. This command will only return a single object in the collection as a user can have only one Temporary Access Pass (TAP) method. Permission:UserAuthenticationMethod.Read.All
-
msgraph-user-temp-access-pass-method-deleteDeletes a Temporary Access Pass authentication method from a user. Permission: UserAuthenticationMethod.ReadWrite.All - Delegated or Application
-
msgraph-user-temp-access-pass-method-listLists the Temporary Access Pass authentication methods registered to a user, or retrieves a specific method by ID. Permission: UserAuthenticationMethod.Read.All or UserAuthenticationMethod.ReadWrite.All - Delegated or Application
-
msgraph-user-terminate-sessionDeprecatedDeprecated. Use the msgraph-user-account-disable command instead.
-
msgraph-user-testTests connectivity to Microsoft Graph User.
-
msgraph-user-unblockUnblock a user.
-
msgraph-user-updateUpdates the properties of a user object. Permissions: - User.ReadWrite (Delegated & Application).
-
msgraph-user-windows-hello-method-deleteDeletes a Windows Hello for Business authentication method from a user. Permission: UserAuthenticationMethod.ReadWrite.All - Delegated or Application
-
msgraph-user-windows-hello-method-listLists the Windows Hello for Business authentication methods registered to a user, or retrieves a specific method by ID. Permission: UserAuthenticationMethod.Read.All or UserAuthenticationMethod.ReadWrite.All - Delegated or Application