Enable Helpdesk push notification for user verification to Azure MFA

Bryan 6 Reputation points
2020-11-11T17:25:19.873+00:00

Even though we have enabled user self-service features for password resets using Azure SSPR, there are times were a user still needs to call the helpdesk. In order for the helpdesk to verify the user is who they say they are, we have to ( using another tool) require the user to answer security questions which are only used to verify the user. The Helpdesk is required to be able to see the users answer, allowing the Heskdesk person to challenge the user for the answer.

It would be nice to get away from this and allow a Helpdesk person the ability to push a MFA notification to a MFA registered user. Is this something on your road-map? I know that other MFA products like Dou offer this. I have looked through many forums and have not seen an answer to this yet.

any help would be appreciated.

Kind regards.

Microsoft Entra
{count} vote

2 answers

Sort by: Most helpful
  1. Andy David - MVP 151.2K Reputation points MVP
    2020-11-11T17:54:19.253+00:00

    That feature does not exist in Azure. I know many would love to see this.
    You can add your opinion at Azure UserVoice and give some feedback.

    https://feedback.azure.com/forums/34192--general-feedback?category_id=64938

    1 person found this answer helpful.
    0 comments No comments

  2. Ayers, Chris 0 Reputation points
    2023-05-17T14:29:39.95+00:00

    Hi James,

    The MFA process can be triggered using Powershell. I created a simple script to trigger the user to validate themselves and then for it to send helpdesk a mail:

            $AADLogin = Connect-AzureAD
            $AADAccount = $AADLogin.Account
            $AADuser = Get-AzureADUser -Filter "userPrincipalName eq '$AADAccount'"
            $AADUserManager = Get-AzureADUserManager -ObjectId $AADUser.ObjectId
    ...
    
     
    Send-Mailmessage -smtpServer "smtpservr" -Port 587 -UseSsl -from $AADinfo.Account -to "serviceDesk email" -subject 'User Authenticated' -body 'User is valid' -Credential $MailCredentials
    

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.