Tech Community Live: Microsoft Security
Dec 03 2024, 07:00 AM - 11:30 AM (PST)
Microsoft Tech Community
SOLVED

Allow Help-Desk to trigger MFA notifications to users (identify confirmation)

Copper Contributor

We have implemented SSPR (Self-Service Password Reset) with success, however there are situations where our users can't perform the process (or are not willing to). So they call Help-Desk, in order to reset their AD password. It would be nice to have a way where Help-Desk staff could trigger a MFA verification (e.g. text message) to the user, based on his/her MFA notification methods. Then once user confirms the code, Help-Desk would go ahead and reset password.
Some tool or section in Azure Portal would be interesting...

5 Replies
best response confirmed by MarcioOlivieri (Copper Contributor)
Solution
Unfortunately there’s no native functionality for this within Azure AD. It sounds like an interesting idea though. Seeing there is no programmatic way to do this either, a third party solution may be able to offer this but it would require its own ‘Authenticator app’ for this to work. It might be worthwhile to raise this on UserVoice to get more traction and/or attention from Microsoft aswell.

@MarcioOlivieri 

 

FYI. 

There is a uservoice named “Enable Helpdesk push notification for user verification” that we can upvote.  

 

https://feedback.azure.com/d365community/idea/97898804-e825-ec11-b6e6-000d3a4f06a4

While there is no native or supported solution with MS Authenticator, it is technically possible to send an MFA push with PowerShell and some Microsoft software.

@CB23786 would you mind sharing that PowerShell script if you got one working for this?
1 best response

Accepted Solutions
best response confirmed by MarcioOlivieri (Copper Contributor)
Solution
Unfortunately there’s no native functionality for this within Azure AD. It sounds like an interesting idea though. Seeing there is no programmatic way to do this either, a third party solution may be able to offer this but it would require its own ‘Authenticator app’ for this to work. It might be worthwhile to raise this on UserVoice to get more traction and/or attention from Microsoft aswell.

View solution in original post