Activating MFA for a User: Which built-in Role is required?

Bühler Gabriel 81 Reputation points
2023-01-04T11:50:17.987+00:00

Hey Guys

We are currently using Privileged Identity Management and I wanted to check, which Built-In role allows you to toggle Multi-Factor Authentication per User to "enabled" and "disabled". This article here says that a global admin is required: https://learn.microsoft.com/en-us/azure/active-directory/authentication/howto-mfa-userstates

Is that really the case? Then can you elaborate what the "Security" and "Authentication"-Administrators are for?

Thank you for your Help.

Kind regards,

Gabe

Azure Policy
Azure Policy
An Azure service that is used to implement corporate governance and standards at scale for Azure resources.
945 questions
Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
22,894 questions
0 comments No comments
{count} votes

1 answer

Sort by: Most helpful
  1. JimmySalian-2011 42,221 Reputation points
    2023-01-04T12:14:26.01+00:00

    Hi,

    I think it provides a baseline to use GA account but as per this directive you can use Security Administrator and Authentication Administrator role to setup the MFA.

    delegate-by-task

    Hope this helps.
    JS

    ==
    Please Accept the answer if the information helped you. This will help us and others in the community as well.


Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.