In Azure, Could the user administrator have permissions to manage MFA?

Lam Vinh Khang 46 Reputation points
2021-04-14T02:47:05.93+00:00

For Example:
Could user administrator add security questions to the reset process?

Azure Role-based access control
Azure Role-based access control
An Azure service that provides fine-grained access management for Azure resources, enabling you to grant users only the rights they need to perform their jobs.
372 questions
No comments
{count} votes

Accepted answer
  1. JamesTran-MSFT 26,531 Reputation points Microsoft Employee
    2021-04-14T21:58:44.833+00:00

    @Lam Vinh Khang
    Thank you for your post!

    Unfortunately, the User Administrator role does not have permissions to manage MFA. For more info - User Administrator Built-in role
    87926-image.png

    If you'd like to manage MFA within your tenant, you can leverage the following roles:
    Authentication Administrator - Users with this role can set or reset any authentication method (including passwords) for non-administrators and some roles.
    Privileged Authentication Administrator - Users with this role can set or reset any authentication method (including passwords) for any user, including Global Administrators.
    Authentication Policy Administrator - Users with this role can configure the authentication methods policy, tenant-wide MFA settings, and password protection policy.

    87799-image.png
    https://learn.microsoft.com/en-us/azure/active-directory/roles/permissions-reference#authentication-policy-administrator

    If you have any other questions, please let me know.
    Thank you for your time and patience throughout this issue.

    ----------

    Please remember to "Accept Answer" if any answer/reply helped, so that others in the community facing similar issues can easily find the solution.


0 additional answers

Sort by: Most helpful