We have a specific process to onboard and manage users that I need to assign to some admins the permissions necessary to perform these specific actions and no more. I can assign the broad supplied roles but that provides more permissions than we'd like. I am lookin at this this document: Tutorial: Create an Azure custom role using Azure PowerShell tutorial-custom-role-powershell .
I need to provide the permissions to perform these specific functions:
- Add/remove an EXISTING user from an existing Azure AD group (not create groups).
- Set MFA Auth Status here: MultifactorVerification.aspx
- In the Azure AD -> User -> Authentication Methods blade, user the "Reset password", "Require re-register MFA", and "Revoke MFA Sessions" links.
From the above document, I seems that I can make a custom role to perform just these tasks but I have to find very specific info on the specific tasks I mention above. So my question - how to I go about identifying these specific tasks enough to create a custom role as described? Try as I might, I can't see how to find how to set this up so any guidance would be very much appreciated!
Thanks!
Jim
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(35.2, 10%, 13%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ED2%3C/text%3E%3C/svg%3E)
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(297.6, 65%, 38%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EDD%3C/text%3E%3C/svg%3E)