Blocked Sign-in or Rejected MFA - Role Question

%3CLINGO-SUB%20id%3D%22lingo-sub-1853713%22%20slang%3D%22en-US%22%3EBlocked%20Sign-in%20or%20Rejected%20MFA%20-%20Role%20Question%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1853713%22%20slang%3D%22en-US%22%3E%3CP%3EI%20have%20a%20question%20about%20what%20role%20internal%20support%20needs%20to%20unlock%20a%20user%20account%20that%20was%20locked%20bu%20ID%20Protection%20due%20to%20a%20risk%20blocked%20sign-in%20or%20for%20a%20user%20that%20rejected%20MFA.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3ECurrently%2C%20it%20looks%20like%20only%20a%20GA%20is%20able%20to%20do%20this%20but%20I%20obviously%20do%20not%20want%20to%20elevate%20all%20the%20support%20staff%20with%20this%20role.%20But%2C%20I%20have%20not%20seen%20a%20PIM%20eligible%20role%20that%20successfully%20allows%20this%20so%20I%20have%20to%20assume%20I%20am%20missing%20something.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EHave%20asked%20my%20MSFT%20rep%20about%20this%20and%20that%20was%20no%20help%20%3A(%3C%2Fimg%3E%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-LABS%20id%3D%22lingo-labs-1853713%22%20slang%3D%22en-US%22%3E%3CLINGO-LABEL%3EAccess%20Management%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3EAzure%20AD%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3EIdentity%20Management%3C%2FLINGO-LABEL%3E%3C%2FLINGO-LABS%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1856221%22%20slang%3D%22en-US%22%3ERe%3A%20Blocked%20Sign-in%20or%20Rejected%20MFA%20-%20Role%20Question%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1856221%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F852125%22%20target%3D%22_blank%22%3E%40alex3920%3C%2FA%3E%26nbsp%3BHi%2C%20the%20permissions%20options%20are%20described%20here%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fazure%2Factive-directory%2Fidentity-protection%2Foverview-identity-protection%23permissions%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3Ehttps%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fazure%2Factive-directory%2Fidentity-protection%2Foverview-identity-protection%23permissions%3C%2FA%3E%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E
New Contributor

I have a question about what role internal support needs to unlock a user account that was locked bu ID Protection due to a risk blocked sign-in or for a user that rejected MFA.

 

Currently, it looks like only a GA is able to do this but I obviously do not want to elevate all the support staff with this role. But, I have not seen a PIM eligible role that successfully allows this so I have to assume I am missing something.

 

Have asked my MSFT rep about this and that was no help :(

1 Reply