Forum Discussion

alex3920's avatar
alex3920
Copper Contributor
Nov 04, 2020

Blocked Sign-in or Rejected MFA - Role Question

I have a question about what role internal support needs to unlock a user account that was locked bu ID Protection due to a risk blocked sign-in or for a user that rejected MFA.

 

Currently, it looks like only a GA is able to do this but I obviously do not want to elevate all the support staff with this role. But, I have not seen a PIM eligible role that successfully allows this so I have to assume I am missing something.

 

Have asked my MSFT rep about this and that was no help 😞

Access Management
Azure Active Directory (AAD)
Identity Management

1 Reply

  • ChristianBergstrom's avatar
    ChristianBergstrom
    Silver Contributor
    Nov 05, 2020

    alex3920 Hi, the permissions options are described here https://docs.microsoft.com/en-us/azure/active-directory/identity-protection/overview-identity-protection#permissions