Allow the User Admin role to Enable/Disable MFA for users
Managing MFA settings for users seems to fit the scope of the User Admin role. I don't think this activity should require Global Admin access.
Ben Virkler
shared this idea
This feature is now on the roadmap. The MFA team is planning to adjust admin roles or create a new role that will allow delegation of MFA registration and credentials to an admin role.
180 comments
-
Remi
commented
Any news? As mobile numbers can't be populated by Powershell we are going to enter them all manually, and we can't even delegate this task as it requires Global Administrator permissions.
-
Azurenutcase
commented
when will this role be available? i can see a conditional access admin role on AAD, but it does not give us access to manage MFA settings in Office 365.
-
EagerFor2019
commented
First to ask the status of this feature in 2019 ... :)
Guess its never going to arrive... -
Bjorn L
commented
@Azure AD Team, 13 months later and our Helpdesk staff STILL needs to be Global Admin in order to do their job. Is there a time estimate on this? Thanks.
-
Mart Lehtmets
commented
Excellent idea. Looking forward to it.
-
Anonymous
commented
Yes, please. Managing MFA settings to be managed by our custom admin role groups.
-
Anonymous
commented
Please please please, can this feature be prioritised. As per the previous comment, we have stuck to the recommended number of GA's in our environment to less than 6, with a user base of over 80,000 users. We are rolling out MFA and are feeling we are going to drown in MFA reset requests
-
RW
commented
Can we have an update on this please? There's no sign of this on the roadmap. Can we have a link?
If we followed Microsoft's suggestion of only 3 global admins in an enterprise environment with ~60k users, we'd be resetting MFA almost all day every day. It's crippling our team as we can't focus on important tasks. We're in the process of developing a .NET C# server-client solution using a GA service account, but it's ridiculous we even have to devote that amount of resource in the first place. Please get this implemented ASAP - MFA resets are clearly not a global admin task.
-
Marc Shaw
commented
is this on the public roadmap or the internal roadmap? as we can't see anything and still not showing as a option for us
-
Anonymous
commented
any news on this matther? We finished our POC and this point is avoiding our implementation, we cant delegate to help desk global admin privileges to restore user MFA settings.
-
Robert Woods
commented
We need an update from the Azure AD Team on this issue.
-
Shane Foley
commented
Any word on this update?
-
mdsabbir
commented
log:103.103.33.34
name:?
Password:?
.....♡ -
Phillip K
commented
is this available yet? I have managers wanting more technicians able to view MFA logs, but don't want to give out global admin..
-
Nick Turner
commented
Any update on this considering the major MFA outage yesterday???
-
Gerald Egan
commented
would be nice to have this feature today seen as MFA is down for everyone worldwide...
-
Anonymous
commented
ridiculous that this hasn't been implemented yet. DO IT ALREADY!
-
Andrew Fisher
commented
Still nothing? Still ignoring us Microsoft?
-
bt102
commented
"Planned" but haven't "Started"? Please at least provide us some updates...
-
Anonymous
commented
3 years and counting!
See response from another suggestion in April 2018: "We aren’t planning to add the ability to enable MFA per-user to the Account Administrator, but we do have planned a limited admin role that will be able to perform that function, along with other MFA related settings. If you’ve implemented MFA through Conditional Access policy instead of the per-user enablement, you can use the Conditional Access Policy admin to control who has to do MFA."
https://feedback.azure.com/forums/169401-azure-active-directory/suggestions/31266781-allow-user-account-administrator-to-enable-mfa-forAlso, with 2000+ votes: https://office365.uservoice.com/forums/273493-office-365-admin/suggestions/17429305-delegate-permissions-for-managing-mfa?page=3&per_page=20