MFA Blocked Devices and Roles

Maranya, Damon 296 Reputation points

We'd like to allow the helpdesk to check the Azure Active Directory > Security > MFA > Block/unblock users blade, but not allow them to make changes to blocked accounts. It is possible to to allow a user read only visibility through Azure AD?

As far as I can tell it is only read/write access or nothing. But I figured I'd ask the experts before I start looking for alternate options.

Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
17,605 questions
0 comments No comments
{count} votes

Accepted answer
  1. Carlos Solís Salazar 15,171 Reputation points

    Hi @Maranya, Damon

    Thank you for asking this question on the **Microsoft Q&A Platform. **

    If you what that Help Desk just can do a specific activity, you need to create a Custom Role

    If You what that Help Desk can read everything in your Azure AD, you can assign them a Global Reader Role.

    Hope this helps,
    Carlos Solís Salazar


    Accept Answer and Upvote, if any of the above helped, this thread can help others in the community looking for remediation for similar issues.

    NOTE: To answer you as quickly as possible, please mention me in your reply.

0 additional answers

Sort by: Most helpful