cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Partner Access to a Client's Admin Portal -> Disabling Multi-Factor Authentication

Brian Martin
Iron Contributor

‎Oct 25 2018 01:41 PM - last edited on ‎Feb 07 2023 07:09 PM by

‎Oct 25 2018 01:41 PM - last edited on ‎Feb 07 2023 07:09 PM by

Partner Access to a Client's Admin Portal -> Disabling Multi-Factor Authentication

We're a MSP and have been granted delegated access to our client's O365 tenant as their "partner of record". When accessing their admin center, using our own partner O365 credentials, everything works fine EXCEPT the option to manage MFA (the link in the Active User List at the bottom) is missing.

 

If I login with an admin account that is part of their O365 Tenant, I can see the MFA link fine. It's only when using any of our accounts that are part of our company (which is their partner of record), is MFA is missing. Everything else works fine.

 

Managing MFA is a pretty common support request. I'm trying to keep accountability for my support engineers by us using our own accounts vs us all logging in with their admin account (in which case there is no accountability). Is this by design or am I missing something?

Labels:
9,169 Views
0 Likes
3 Replies
Reply
3 Replies
Abhishek Kumar

‎Feb 20 2019 11:39 PM

‎Feb 20 2019 11:39 PM

Re: Partner Access to a Client's Admin Portal -> Disabling Multi-Factor Authentication

Hi Brian, 

 

  1. Go to the Partner Center.
  2. Select the customer.
  3. In the Service Management option, select Azure Active Directory in the Administer services.
  4. Go to Users option and check if you are able to management MFA from there.

 

I don't think the MFA option for delegate administrator is present in the Office 365 Admin center instead you can use Azure AD for this.

 

Hope this works, let me know in case of any issues.

0 Likes
Reply
Brian Martin

‎May 05 2020 03:40 PM

‎May 05 2020 03:40 PM

Re: Partner Access to a Client's Admin Portal -> Disabling Multi-Factor Authentication

@Abhishek Kumar

 

Followed the instructions provided. On that user, within Azure AD, there is a tab for "Authentication Methods". There is a button at the top to "Require Re-Register MFA" and "revoke MFA sessions". There are a couple text boxes for Phone and email. It does not indicate if they ARE using MFA, or how to see if the push notification is on or not 

 

I examined two different users at a client. One of the users I know for certain has MFA turned on, and one that I know for sure DOES NOT. I cannot see/tell any difference within this screen in azure ad, nor the user's "profile" screen.

0 Likes
Reply
Abhishek_kum1

‎Aug 25 2021 11:26 PM

‎Aug 25 2021 11:26 PM

Re: Partner Access to a Client's Admin Portal -> Disabling Multi-Factor Authentication

Hi Brian,

Please find the below steps:
1. Go to the Partner Center > CSP > Customer.
2. Select the customer.
3. Select Azure Active Directory in the Administer services.
4. You will be redirected to Azure AD, go to All users and you will be able to find the option "Per User MFA".

You will be able to see for whom MFA is enabled or not and you can manage MFA.

Let me know if this helps.
Thanks!
0 Likes
Reply