Can the role "Authentication Administrator" configure passwordless authentication?

Lasse Vad 20 Reputation points
2024-09-26T07:55:02.7866667+00:00

With the task:

"You need to configure passwordless authentication. The solution must follow the principle of least privilege."

Which role should be assigned to complete the task?
I would say Authentication administrator, but the Microsoft practice assessment for AZ-500 claims that : "Configuring authentication methods requires Global Administrator privileges."
Is this correct?

Azure Role-based access control
Azure Role-based access control
An Azure service that provides fine-grained access management for Azure resources, enabling you to grant users only the rights they need to perform their jobs.
808 questions
Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
21,696 questions
{count} vote

Accepted answer
  1. Vasil Michev 105.7K Reputation points MVP
    2024-09-26T16:47:05.0166667+00:00

    Depends on the "target" user. Only certain roles can change authentication details on privileged/admin accounts. I.e. to change this for a user holding the User administrator role, you will need to be assigned at least the Privileged Authentication admin role. For the rest, you will be fine with Authentication administrator indeed.

    You can refer to this article for the "least privileged" role for any given operation: https://learn.microsoft.com/en-us/entra/identity/role-based-access-control/delegate-by-task

    1 person found this answer helpful.
    0 comments No comments

0 additional answers

Sort by: Most helpful

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.