Forum Discussion
ChrisP1975
Feb 24, 2021Copper Contributor
Office 365 Admin Role Needed for MFA
I would like to assign members of the help desk access to manage MFA for non-admin users. I already assigned the Authentication admin role and this partially works. Right now the help desk can go i...
- Feb 25, 2021
None of the "specialist" roles are able to manage users in the legacy MFA portal, as detailed here: https://docs.microsoft.com/en-us/azure/active-directory/roles/permissions-reference
acerimeli
Copper Contributor
I found a solution to this.
From this post:https://learn.microsoft.com/en-us/answers/questions/325505/allow-support-users-to-enable-mfa-for
"To allow help desk users to enable per user MFA via Multi-factor Authentication Portal, you need to assign both directory roles mentioned below:
Authentication Policy Administrator: This role will allow access to Multi-factor Authentication Portal but won't allow enabling/disabling per-user MFA.
Privileged Authentication Administrator: This role allows enabling/disabling per-user MFA."
From this post:https://learn.microsoft.com/en-us/answers/questions/325505/allow-support-users-to-enable-mfa-for
"To allow help desk users to enable per user MFA via Multi-factor Authentication Portal, you need to assign both directory roles mentioned below:
Authentication Policy Administrator: This role will allow access to Multi-factor Authentication Portal but won't allow enabling/disabling per-user MFA.
Privileged Authentication Administrator: This role allows enabling/disabling per-user MFA."
HamzaDurrani
Apr 16, 2024Copper Contributor
It worked for me thanks acerimeli