Forum Discussion
Office 365 Admin Role Needed for MFA
None of the "specialist" roles are able to manage users in the legacy MFA portal, as detailed here: https://docs.microsoft.com/en-us/azure/active-directory/roles/permissions-reference
I checked that article and assigned the Authentication Administrator role to my limited admin. You don't need to give them the global reader role if you provide the Azure AD portal URL. However, I couldn't find where to set MFA to enabled or enforced in Azure AD, which seems to be what the original poster needs. I also want a limited admin to create a user, assign a license, and enable MFA so the user sets up MFA on their first login. Am I missing something in Azure AD? "Require re-register" and "revoke authentication" don't seem to change the user's Multi-Factor Auth Status to enabled.
