Azure AD Users MFA Settings - Global Admins only ?

Jammedherbs 21 Reputation points


Am I right in believing that only GAs can modify MFA settings for users ?

I tried experimenting with some of the recently added roles, but still couldn't find one that gave the appropriate rights.


Azure Active Directory
Azure Active Directory
An Azure enterprise identity service that provides single sign-on and multi-factor authentication.
14,876 questions
0 comments No comments
{count} votes

3 answers

Sort by: Most helpful
  1. Moamen Hany 1,091 Reputation points

    You can manage it automatically by enable conditional access policy.

    Please do not forget to "Accept the answer" and Upvote on the post that helps you, this can be beneficial to other community members.

    3 people found this answer helpful.
    0 comments No comments

  2. Vasil Michev 71,621 Reputation points MVP

    Yup, global admins. Authentication admins can reset MFA details for regular, but not change them:
    Privileged auth admins can do the same, for any user.

    We should eventually get a role or API permission that allows this, but for the moment you need GA.

    2 people found this answer helpful.

  3. Zein ELnashar 121 Reputation points
    0 comments No comments