Forum Discussion
Restrict Global Admin MFA Methods
Not possible afaik, you can block specific options globally, or leave it to the users themselves. Perhaps in the future we will be able to scope this on a group basis, much like we can do for primary/passwordless auth today (https://portal.azure.com/#blade/Microsoft_AAD_IAM/AuthenticationMethodsMenuBlade/AdminAuthMethods)
VasilMichev is correct. Not possible at the moment.
If you have concerns over the security of your privileged admin accounts though, you could look at minimising the risk by setting up Privileged Identity Management and making some of these accounts eligible for these roles instead of having them permanently. This is an Azure AD Premium P2 feature, but well worth it if you can justify it.
The P2 licence will also give you Identity protection which enables risk based conditional access based on user and sign in risk. Not what you were asking for I appreciate, but it may offer an alternative means of protecting your environment and reducing the number of privileged accounts,
- Thanks to you as well! Good to know my reply to Shannon was correct. Cheers mate!
