This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(214.4, 46%, 30%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EA%3C/text%3E%3C/svg%3E)
Is there any way to unblock MFA in azure without having GA rights (maybe other rights have permissions). I don't want to give GA access to team but they should have the ability to unblock MFA.
I wanted to check in and see if you had any other questions or if you were able to resolve this issue?
If you have any other questions, please let me know. Thank you for your time and patience throughout this issue.
If the information helped address your question, please Accept the answer. This will help us and also improve searchability for others in the community who might be researching similar information.
I wanted to check in and see if you had any other questions or if you were able to resolve this issue?
If you have any other questions, please let me know. Thank you for your time and patience throughout this issue.
You can use the Authentication Administrator/Privileged Authentication Administrator roles. For detailed list of the minimum role required for specific tasks, refer to https://learn.microsoft.com/en-us/azure/active-directory/roles/delegate-by-task
I wanted to check in and see if you had any other questions or if you were able to resolve this issue?
If you have any other questions, please let me know. Thank you for your time and patience throughout this issue.
If the information helped address your question, please Accept the answer. This will help us and also improve searchability for others in the community who might be researching similar information.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(64, 82%, 16%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EM%3C/text%3E%3C/svg%3E)
Actually, this just isn't true. I have the role "Authentication Administrator" and is still unable to Unblock users in MFA - even if they have no admin roles assigned. According to the documentation you linked to it states "Block/unblock users: Authentication Policy Administrator" under MFA server. I've been unable to find any other official documentation on this. I tend to use the following documentation as a cheat sheet and there is no mention of unblocking users here at all: https://learn.microsoft.com/en-us/entra/identity/role-based-access-control/permissions-reference So it would seem "Authentication Policy Administrator" is the minimum required role to unblock users from the MFA blade.
Hello @Aditya There are a few ways as said above and you can also use these ways :
We want only delegate MFA unblock access and i tried to create RBAC rule but there is no rule showing which will will work
Hello @Aditya In this case where you cannot use RBAC i suggest to have a look here
https://learn.microsoft.com/en-us/azure/active-directory/roles/my-staff-configure
My Staff enables you to delegate permissions to a figure of authority, such as a store manager or a team lead, to ensure that their staff members are able to access their Azure AD accounts. Instead of relying on a central helpdesk, organizations can delegate common tasks such as resetting passwords or changing phone numbers to a local team manager. With My Staff, a user who can't access their account can regain access in just a couple of clicks, with no helpdesk or IT staff required.
Before you configure My Staff for your organization, we recommend that you review this documentation as well as the user documentation to ensure you understand how it works and how it impacts your users. You can leverage the user documentation to train and prepare your users for the new experience and help to ensure a successful rollout.
If the information helped address your question, please Accept the answer.
BR