Share via

Authentication Administrator permission not working as expected

Ahasub Chowdhury 16 Reputation points
2022-03-09T00:39:29.087+00:00

Hi all,

We have assigned "Authentication administrator" role to our ServiceDesk and as per MS doco they should have access to view, set and reset authentication method for any non-admin user.
181203-roles.png

However, in our case the ServiceDesk team can only view the authentication method for admin users and can't see the method for any non-admin users.

Someone recommended to assign "Privileged Authentication administrator" role but we are hesitant to do that because then they can view, set and reset the authentication method for everyone including global administrator.

TIA for your advise.

Microsoft Security | Microsoft Entra | Microsoft Entra ID

1 answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. Carlos Solís Salazar 18,291 Reputation points MVP Volunteer Moderator
    2022-03-10T00:32:49.58+00:00

    Hi @Ahasub Chowdhury
    Welcome to Microsoft Q&A Platform, thanks for posting your query here.

    You can create a custom role from an existing role (in you case "Privileged Authentication administrator") from there you can remove those permission that are not required https://learn.microsoft.com/en-us/azure/active-directory/roles/custom-create

    Hope this helps,
    Carlos Solís Salazar

    ----------

    Please "Accept as Answer" and/or Upvote if any of the above helped so that, it can help others in the community looking for remediation for similar issues.

    1 person found this answer helpful.

Your answer

Answers can be marked as 'Accepted' by the question author and 'Recommended' by moderators, which helps users know the answer solved the author's problem.