May 11 2017
- last edited on
Jul 24 2020
Enable/enforce/disable MFA on a user requires Global admin. As I try to limit the number of Global Admins, and the use of that priviligee level I am looking for options.
I would like our access team to be able to handle MFA for normal users, not priviligeed and non synced accounts. The best option would be through groups, and either connected through a service or a service account. The goal is as automated as possible, but still with good enough security.
Anyone out there with solution, thoughts or the same challenge?
May 11 2017 01:26 PM
You can look into using Priviledged Identity Management instead.
May 22 2017 12:30 AM
Thanks for your suggestion. Privileged Identity Management is an option, but also an additional cost, and does not really solve the automation part. Seems like most of it is solved in MFA server, but Azure MFA service is still very limited. Group membership to add MFA in Azure MFA service would have been magnificent.