question

LamVinhKhang-3785 avatar image
0 Votes"
LamVinhKhang-3785 asked LamVinhKhang-3785 commented

In Azure, Could the user administrator have permissions to manage MFA?

For Example:
Could user administrator add security questions to the reset process?

azure-rbac
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

1 Answer

JamesTran-MSFT avatar image
0 Votes"
JamesTran-MSFT answered LamVinhKhang-3785 commented

@LamVinhKhang-3785
Thank you for your post!

Unfortunately, the User Administrator role does not have permissions to manage MFA. For more info - User Administrator Built-in role
87926-image.png


If you'd like to manage MFA within your tenant, you can leverage the following roles:
Authentication Administrator - Users with this role can set or reset any authentication method (including passwords) for non-administrators and some roles.
Privileged Authentication Administrator - Users with this role can set or reset any authentication method (including passwords) for any user, including Global Administrators.
Authentication Policy Administrator - Users with this role can configure the authentication methods policy, tenant-wide MFA settings, and password protection policy.

87799-image.png
https://docs.microsoft.com/en-us/azure/active-directory/roles/permissions-reference#authentication-policy-administrator


If you have any other questions, please let me know.
Thank you for your time and patience throughout this issue.


Please remember to "Accept Answer" if any answer/reply helped, so that others in the community facing similar issues can easily find the solution.


image.png (29.7 KiB)
image.png (29.4 KiB)
· 1
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Thank you so much for your help

0 Votes 0 ·