I have a few colleagues working on the help desk. These must be given the rights to enable MFA in AAD for new accounts but also existing accounts. As far as I can see I need to make them Azure Global Admin. Of course I don't want that. The fewer rights someone has, the better.
I add the colleguas of the supportdesk to the "Privileged Authentication Administrator". But then still can't access this page ( https://account.activedirectory.windowsazure.com/UserManagement/MultifactorVerification.aspx ) to enable MFA.
I hope you can help me.