Allow User Account Administrator to enable MFA for users, not require global admin
A best practice is to limit the number of global admins, yet a global admin is required to enable MFA for users. This should be allowed in the User Account Administrator role to enable MFA for users.
We aren’t planning to add the ability to enable MFA per-user to the Account Administrator, but we do have planned a limited admin role that will be able to perform that function, along with other MFA related settings. If you’ve implemented MFA through Conditional Access policy instead of the per-user enablement, you can use the Conditional Access Policy admin to control who has to do MFA.
Cary Majors commented
Is there a timeline or Road Map item for this change? It seems it has been out there for over 2 years, but no action has been taken.
Magnus Akerman commented
When can we expect this to fixed for non global admins?
Fix this for non admin users for IT support.
Please fix this asap - we need to allow IT support guys to manage MFA for all the users
Andy Ball commented
Hit this today , try to replace expensive Legacy MFA solution with Azure MFA
FWI - you may want to add your votes to https://office365.uservoice.com/forums/273493-office-365-admin/suggestions/17429305-delegate-permissions-for-managing-mfa
Giving permissions to who enables MFA should be left to IT management discretion. Please allow this feature.
Bjorn L commented
Please fix this. We obviously cannot give Helpdesk Global Admin role.