Enable/enforce/disable MFA on a user requires Global admin, options?

Alex Wilhelmsen · ‎May 11 2017

Hi

Enable/enforce/disable MFA on a user requires Global admin. As I try to limit the number of Global Admins, and the use of that priviligee level I am looking for options.

I would like our access team to be able to handle MFA for normal users, not priviligeed and non synced accounts. The best option would be through groups, and either connected through a service or a service account. The goal is as automated as possible, but still with good enough security.

Anyone out there with solution, thoughts or the same challenge?

Vasil Michev · ‎May 11 2017

You can look into using Priviledged Identity Management instead.

Alex Wilhelmsen · ‎May 22 2017

Hi

Thanks for your suggestion. Privileged Identity Management is an option, but also an additional cost, and does not really solve the automation part. Seems like most of it is solved in MFA server, but Azure MFA service is still very limited. Group membership to add MFA in Azure MFA service would have been magnificent.

Enable/enforce/disable MFA on a user requires Global admin, options?

Enable/enforce/disable MFA on a user requires Global admin, options?

Re: Enable/enforce/disable MFA on a user requires Global admin, options?

Re: Enable/enforce/disable MFA on a user requires Global admin, options?

Products (50)

Special Topics (27)

Video Hub (462)

Most Active Hubs

Most Active Hubs

Video Hub

Enable/enforce/disable MFA on a user requires Global admin, options?

Enable/enforce/disable MFA on a user requires Global admin, options?

Re: Enable/enforce/disable MFA on a user requires Global admin, options?

Re: Enable/enforce/disable MFA on a user requires Global admin, options?