Partner Access to a Client's Admin Portal -> Disabling Multi-Factor Authentication

Iron Contributor

We're a MSP and have been granted delegated access to our client's O365 tenant as their "partner of record". When accessing their admin center, using our own partner O365 credentials, everything works fine EXCEPT the option to manage MFA (the link in the Active User List at the bottom) is missing.

 

If I login with an admin account that is part of their O365 Tenant, I can see the MFA link fine. It's only when using any of our accounts that are part of our company (which is their partner of record), is MFA is missing. Everything else works fine.

 

Managing MFA is a pretty common support request. I'm trying to keep accountability for my support engineers by us using our own accounts vs us all logging in with their admin account (in which case there is no accountability). Is this by design or am I missing something?

3 Replies

Hi Brian, 

 

  1. Go to the Partner Center.
  2. Select the customer.
  3. In the Service Management option, select Azure Active Directory in the Administer services.
  4. Go to Users option and check if you are able to management MFA from there.

 

I don't think the MFA option for delegate administrator is present in the Office 365 Admin center instead you can use Azure AD for this.

 

Hope this works, let me know in case of any issues.

@Abhishek Kumar

 

Followed the instructions provided. On that user, within Azure AD, there is a tab for "Authentication Methods". There is a button at the top to "Require Re-Register MFA" and "revoke MFA sessions". There are a couple text boxes for Phone and email. It does not indicate if they ARE using MFA, or how to see if the push notification is on or not 

 

I examined two different users at a client. One of the users I know for certain has MFA turned on, and one that I know for sure DOES NOT. I cannot see/tell any difference within this screen in azure ad, nor the user's "profile" screen.

Hi Brian,

Please find the below steps:
1. Go to the Partner Center > CSP > Customer.
2. Select the customer.
3. Select Azure Active Directory in the Administer services.
4. You will be redirected to Azure AD, go to All users and you will be able to find the option "Per User MFA".

You will be able to see for whom MFA is enabled or not and you can manage MFA.

Let me know if this helps.
Thanks!