Allow the User Admin role to Enable/Disable MFA for users
Managing MFA settings for users seems to fit the scope of the User Admin role. I don't think this activity should require Global Admin access.
This feature is now on the roadmap. The MFA team is planning to adjust admin roles or create a new role that will allow delegation of MFA registration and credentials to an admin role.
Any news? As mobile numbers can't be populated by Powershell we are going to enter them all manually, and we can't even delegate this task as it requires Global Administrator permissions.
when will this role be available? i can see a conditional access admin role on AAD, but it does not give us access to manage MFA settings in Office 365.
First to ask the status of this feature in 2019 ... :)
Guess its never going to arrive...
Bjorn L commented
@Azure AD Team, 13 months later and our Helpdesk staff STILL needs to be Global Admin in order to do their job. Is there a time estimate on this? Thanks.
Mart Lehtmets commented
Excellent idea. Looking forward to it.
Yes, please. Managing MFA settings to be managed by our custom admin role groups.
Please please please, can this feature be prioritised. As per the previous comment, we have stuck to the recommended number of GA's in our environment to less than 6, with a user base of over 80,000 users. We are rolling out MFA and are feeling we are going to drown in MFA reset requests
Can we have an update on this please? There's no sign of this on the roadmap. Can we have a link?
If we followed Microsoft's suggestion of only 3 global admins in an enterprise environment with ~60k users, we'd be resetting MFA almost all day every day. It's crippling our team as we can't focus on important tasks. We're in the process of developing a .NET C# server-client solution using a GA service account, but it's ridiculous we even have to devote that amount of resource in the first place. Please get this implemented ASAP - MFA resets are clearly not a global admin task.
Marc Shaw commented
is this on the public roadmap or the internal roadmap? as we can't see anything and still not showing as a option for us
any news on this matther? We finished our POC and this point is avoiding our implementation, we cant delegate to help desk global admin privileges to restore user MFA settings.
Robert Woods commented
We need an update from the Azure AD Team on this issue.
Shane Foley commented
Any word on this update?
Phillip K commented
is this available yet? I have managers wanting more technicians able to view MFA logs, but don't want to give out global admin..
Nick Turner commented
Any update on this considering the major MFA outage yesterday???
Gerald Egan commented
would be nice to have this feature today seen as MFA is down for everyone worldwide...
ridiculous that this hasn't been implemented yet. DO IT ALREADY!
Andrew Fisher commented
Still nothing? Still ignoring us Microsoft?
"Planned" but haven't "Started"? Please at least provide us some updates...
3 years and counting!
See response from another suggestion in April 2018: "We aren’t planning to add the ability to enable MFA per-user to the Account Administrator, but we do have planned a limited admin role that will be able to perform that function, along with other MFA related settings. If you’ve implemented MFA through Conditional Access policy instead of the per-user enablement, you can use the Conditional Access Policy admin to control who has to do MFA."