Forum Discussion
Office 365 Admin Role Needed for MFA
- Feb 25, 2021
None of the "specialist" roles are able to manage users in the legacy MFA portal, as detailed here: https://docs.microsoft.com/en-us/azure/active-directory/roles/permissions-reference
I looked at that article and gave my limited admin the Authentication Administrator role. I don't think you have to give them global reader as long as you provide the url to the azure ad portal. I don't see anywhere in azure ad where you can set MFA to enabled or enforced. Which is what I believe the original poster is looking for. I would also like to be able to set up a limited admin to do this task. Create the user, license the user, enable MFA. Then when the user first logs in they have to set up MFA. Am I missing something in Azure AD? Require re-register nor revoke authentication appears to change the Multi-Factor Auth Status to enabled for the user.
lspot I was all so trying to do this. So nothing short of God mode will do. Great job Microsoft.