🔍 Code Extractor

A data class representing the authentication and security registration state of a user, including MFA, passwordless, and self-service password reset capabilities.

Purpose

This class encapsulates the authentication method registration details for a user in a Microsoft 365/Azure AD tenant. It provides read-only access to various authentication-related states such as whether the user is an admin, has registered for multi-factor authentication, is capable of passwordless authentication, and can perform self-service password reset. The class inherits from Entity and exposes user authentication capabilities through property accessors that read from an underlying properties dictionary.

Source Code

class UserRegistrationDetails(Entity):
    """Represents the state of a user's authentication methods, including which methods are registered and which
    features the user is registered and capable of (such as multi-factor authentication, self-service password reset,
    and passwordless authentication)."""

    @property
    def is_admin(self):
        # type: () -> Optional[bool]
        """
        Indicates whether the user has an admin role in the tenant. This value can be used to check the authentication
        methods that privileged accounts are registered for and capable of.
        """
        return self.properties.get("isAdmin", None)

    @property
    def is_mfa_registered(self):
        # type: () -> Optional[bool]
        """
        Indicates whether the user has registered a strong authentication method for multi-factor authentication.
        The method may not necessarily be allowed by the authentication methods policy.
        """
        return self.properties.get("isMfaRegistered", None)

    @property
    def is_passwordless_capable(self):
        # type: () -> Optional[bool]
        """
        Indicates whether the user has registered a passwordless strong authentication method (including FIDO2,
        Windows Hello for Business, and Microsoft Authenticator (Passwordless)) that is allowed by the authentication
        methods policy.
        """
        return self.properties.get("isPasswordlessCapable", None)

    @property
    def is_sspr_capable(self):
        # type: () -> Optional[bool]
        """
        Indicates whether the user has registered the required number of authentication methods for self-service
        password reset and the user is allowed to perform self-service password reset by policy.
        """
        return self.properties.get("isSsprCapable", None)

    @property
    def is_sspr_enabled(self):
        # type: () -> Optional[bool]
        """
        Indicates whether the user is allowed to perform self-service password reset by policy. The user may not
        necessarily have registered the required number of authentication methods for self-service password reset.
        """
        return self.properties.get("isSsprEnabled", None)

    @property
    def user_type(self):
        # type: () -> Optional[str]
        """
        Identifies whether the user is a member or guest in the tenant.
        The possible values are: member, guest, unknownFutureValue.
        """
        return self.properties.get("userType", None)

Parameters

Parameter Details

Entity_base_class: Inherits from Entity base class which provides the underlying properties dictionary and common entity functionality. The constructor parameters are inherited from Entity and typically include entity data from API responses.

Return Value

Instantiation returns a UserRegistrationDetails object that provides read-only access to authentication registration states. All property methods return Optional[bool] (except user_type which returns Optional[str]), meaning they can return True, False, or None if the property is not present in the underlying data.

Class Interface

Methods

Attributes

Dependencies

• typing
• office365

Required Imports

from office365.entity import Entity
from office365.directory.reports.user_registration_details import UserRegistrationDetails

Usage Example

from office365.directory.reports.user_registration_details import UserRegistrationDetails
from office365.graph_client import GraphClient

# Assuming you have an authenticated GraphClient instance
client = GraphClient.with_token(lambda: token)

# Fetch user registration details (typically from reports endpoint)
user_reg_details = client.reports.authentication_methods.user_registration_details.get().execute_query()

# Access properties
for user_detail in user_reg_details:
    if isinstance(user_detail, UserRegistrationDetails):
        print(f"Is Admin: {user_detail.is_admin}")
        print(f"MFA Registered: {user_detail.is_mfa_registered}")
        print(f"Passwordless Capable: {user_detail.is_passwordless_capable}")
        print(f"SSPR Capable: {user_detail.is_sspr_capable}")
        print(f"SSPR Enabled: {user_detail.is_sspr_enabled}")
        print(f"User Type: {user_detail.user_type}")

Best Practices

• This is a read-only data class - all properties are getters only and should not be modified directly
• Always check for None values when accessing properties as they may not be present in the underlying data
• This class is typically instantiated by the office365 SDK when fetching user registration details from the Microsoft Graph API, not manually constructed
• Use this class to audit user authentication method registrations and capabilities across your tenant
• The is_mfa_registered property indicates registration but not necessarily policy compliance - check authentication methods policy separately
• The is_passwordless_capable property considers both registration AND policy allowance, unlike is_mfa_registered
• The is_sspr_capable property checks both registration requirements AND policy, while is_sspr_enabled only checks policy
• The is_admin property is useful for ensuring privileged accounts have appropriate authentication methods registered

Tags

Similar Components

AI-powered semantic similarity - components with related functionality:

• class AuthenticationMethod 70.1% similar

  Represents an authentication method registered to a user in Azure Active Directory, providing functionality to manage authentication credentials such as passwords, phone numbers, and FIDO2 security keys.

  From: /tf/active/vicechatdev/SPFCsync/venv/lib64/python3.11/site-packages/office365/directory/authentication/methods/method.py

• class PasswordProfile 66.6% similar

  A data class representing a user's password profile in Microsoft Graph API, containing password and password change policy settings.

  From: /tf/active/vicechatdev/SPFCsync/venv/lib64/python3.11/site-packages/office365/directory/users/password_profile.py

• class AuthenticationMethodsRoot 65.5% similar

  A container class for navigating and accessing Azure AD authentication methods resources, providing access to user registration details and authentication method statistics.

  From: /tf/active/vicechatdev/SPFCsync/venv/lib64/python3.11/site-packages/office365/directory/authentication/methods/root.py

• class AuthenticationMethodsPolicy 63.7% similar

  A class representing Azure Active Directory authentication methods policy that defines which authentication methods users can use for sign-in and multi-factor authentication (MFA).

  From: /tf/active/vicechatdev/SPFCsync/venv/lib64/python3.11/site-packages/office365/directory/policies/authentication_methods.py

• class PasswordAuthenticationMethod 62.6% similar

  A class representing a user's password authentication method in Microsoft 365/Office 365 directory services. This class provides a secure abstraction for password management without exposing the actual password value.

  From: /tf/active/vicechatdev/SPFCsync/venv/lib64/python3.11/site-packages/office365/directory/authentication/methods/password.py