SOLVED

RBAC for the PowerShell access

%3CLINGO-SUB%20id%3D%22lingo-sub-1578406%22%20slang%3D%22en-US%22%3ERBAC%20for%20the%20PowerShell%20access%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1578406%22%20slang%3D%22en-US%22%3E%3CP%3EHi%20all%2C%26nbsp%3B%3C%2FP%3E%3CP%3EI%20want%20to%20use%20RBAC%20to%20set%20access%20to%20a%20user%20that%20only%20needs%20to%20read%20the%20users'%20MFA%20information%20and%20change%20it(Disable%2FEnforced).%3C%2FP%3E%3CP%3EI've%20set%20the%20Authentication%20Admin%20role%20to%20the%20user%20but%20still%2C%20the%20%22%3CSPAN%3EStrongAuthenticationRequirements%3C%2FSPAN%3E%22%20shows%20empty!%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EI'm%20using%20MSOL%20module.%3C%2FP%3E%3CP%3EDo%20you%20have%20any%20idea%20in%20this%20case%3F%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EBR%2C%3C%2FP%3E%3CP%3ESaeid%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-LABS%20id%3D%22lingo-labs-1578406%22%20slang%3D%22en-US%22%3E%3CLINGO-LABEL%3EAdmin%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3EIdentity%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3EOffice%20365%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3ESecurity%3C%2FLINGO-LABEL%3E%3C%2FLINGO-LABS%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1578722%22%20slang%3D%22en-US%22%3ERe%3A%20RBAC%20for%20the%20PowerShell%20access%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1578722%22%20slang%3D%22en-US%22%3E%3CP%3EThe%20MSOL%20module%20doesn't%20support%20any%20of%20the%20%22new%22%20roles%2C%20you'll%20only%20be%20able%20to%20use%20a%20Global%20admin%20account%20with%20it.%20Use%20the%20Graph%20API%20endpoint%20instead.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1580250%22%20slang%3D%22en-US%22%3ERe%3A%20RBAC%20for%20the%20PowerShell%20access%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1580250%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F58%22%20target%3D%22_blank%22%3E%40Vasil%20Michev%3C%2FA%3E%26nbsp%3B%3C%2FP%3E%3CP%3EOk%2C%3C%2FP%3E%3CP%3EThanks%20man!%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1580326%22%20slang%3D%22en-US%22%3ERe%3A%20RBAC%20for%20the%20PowerShell%20access%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1580326%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F58%22%20target%3D%22_blank%22%3E%40Vasil%20Michev%3C%2FA%3E%26nbsp%3B%3C%2FP%3E%3CP%3EOne%20more%20question!%26nbsp%3B%3C%2FP%3E%3CP%3EWhich%20one%20of%20the%20APIs%20can%20I%20use%20in%20this%20case%3F%20because%20I%20cannot%20find%20them%20that%20related%20to%20the%20MFA%20settings%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EThanks%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1580338%22%20slang%3D%22en-US%22%3ERe%3A%20RBAC%20for%20the%20PowerShell%20access%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1580338%22%20slang%3D%22en-US%22%3E%3CP%3EDepends%20on%20what%20exactly%20you%20are%20looking%20for%2C%20you%20can%20check%20the%20authenticationmethods%20endpoint%20or%20the%20registration%20one%3A%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fgraph%2Fapi%2Freportroot-list-credentialuserregistrationdetails%3Fview%3Dgraph-rest-beta%26amp%3Btabs%3Dhttp%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%20noopener%20noreferrer%22%3Ehttps%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fgraph%2Fapi%2Freportroot-list-credentialuserregistrationdetails%3Fview%3Dgraph-rest-beta%26amp%3Btabs%3Dhttp%3C%2FA%3E%3C%2FP%3E%3C%2FLINGO-BODY%3E
Highlighted
Occasional Contributor

Hi all, 

I want to use RBAC to set access to a user that only needs to read the users' MFA information and change it(Disable/Enforced).

I've set the Authentication Admin role to the user but still, the "StrongAuthenticationRequirements" shows empty! 

 

I'm using MSOL module.

Do you have any idea in this case?

 

BR,

Saeid

4 Replies
Highlighted
Best Response confirmed by Saeid_Abdollahzadeh (Occasional Contributor)
Solution

The MSOL module doesn't support any of the "new" roles, you'll only be able to use a Global admin account with it. Use the Graph API endpoint instead.

Highlighted

@Vasil Michev 

Ok,

Thanks man!

Highlighted

@Vasil Michev 

One more question! 

Which one of the APIs can I use in this case? because I cannot find them that related to the MFA settings

 

Thanks 

Highlighted

Depends on what exactly you are looking for, you can check the authenticationmethods endpoint or the registration one: https://docs.microsoft.com/en-us/graph/api/reportroot-list-credentialuserregistrationdetails?view=gr...