question

roeizamir-7597 avatar image
0 Votes"
roeizamir-7597 asked roeizamir-7597 answered

admin permission for MFA setting and conditional access only

Hi,

i am deploying the azure MFA with conditional access to my users
and i would like to grant limited permissions to my Helpdesk team so the will only have permissions to open the MFA settings for : grant OTP / Block and unblock and also to add new users to conditional access i have created

azure-ad-multi-factor-authentication
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

michev avatar image
1 Vote"
michev answered michev commented

OTP/Block/Unblock are features only available for MFA server, not Azure MFA. As for managing CA, use the Conditional Access Administrator or pick the best suitable role from the list here: https://docs.microsoft.com/en-us/azure/active-directory/users-groups-roles/directory-assign-admin-roles

· 2
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Depends on what exactly you mean there, for example it's recommended to enforce MFA via CA policies, so you might need CA permissions as well. Read the document above for all the details, including which permissions are needed to manage individual features.


1 Vote 1 ·

what are the permissions that i need to give them to manage only the MFA features


0 Votes 0 ·
roeizamir-7597 avatar image
0 Votes"
roeizamir-7597 answered

i need to grant my helpdesk team permissions that they will be able to do OTP /BLOCK AND UNBLOCK for start

what permissions i need to give them

5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.