You cannot, not currently. Custom RBAC controls for Azure AD only supports certain actions, MFA reset is not one of them. For the time being, you need to use one of the built-in roles.
Azure MFA Custom Role: Unblock MFA for Users
Tein Mac
36
Reputation points
How can a custom role be created for Azure MFA where the Admin will ONLY have permission to Unblock MFA for Users as their SOLE role without having the other permissions that come out of the box with "Privileged Authentication Administrator" role ?