Create azure user groups, give specific accounts permissionto to reset MFA for users in that groups.

ZVIO VEKU 1 Reputation point
2022-02-06T14:55:02.013+00:00

Hello Team,

Last few weeks I am trying to find solution about MFA delegation, I want to allow specific users permission to reset MFA for specific people/group. There are two kinds of assignment as I found out, Privileged authentication administrator and Authentication administrator. Privileged cant be used, cause It can reset everyone's MFA, including administrator, while Authentication administrator is restricted to do that with admin's account. So how can we create groups add users and assign permission to only members of that group.

Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
19,394 questions
0 comments No comments
{count} votes

1 answer

Sort by: Most helpful
  1. risolis 8,701 Reputation points
    2022-02-06T21:54:10.24+00:00

    Hello @ZVIO VEKU

    Please check this out....

    https://learn.microsoft.com/en-us/microsoft-identity-manager/working-with-self-service-password-reset

    Try it using what is mentioned on the doc plus MIM settings as well. Finally, I expect that on your groups besides adding members you also add owners to the group itself.

    I hope this can address your concern.

    0 comments No comments