Update: Microsoft will be moving away from UserVoice sites on a product-by-product basis throughout the 2021 calendar year. We will leverage 1st party solutions for customer feedback. Learn more here.

Paul Hugill

My feedback

  1. 2 votes
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  (General Feedback) » azure.microsoft.com  ·  Flag idea as inappropriate…  ·  Admin →
    Paul Hugill shared this idea  · 
  2. 101 votes
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinking…)
    5 comments  ·  (General Feedback) » Offers  ·  Flag idea as inappropriate…  ·  Admin →
    An error occurred while saving the comment
    Paul Hugill commented  · 

    I think this is helped with a new role called 'Authentication Policy Administrator'.
    https://docs.microsoft.com/en-us/azure/active-directory/roles/permissions-reference#authentication-policy-administrator

    I looking for the same thing and actually stumbled on it by accident when I saw the policy listed for 'Manage MFA Settings' here:
    https://docs.microsoft.com/en-us/azure/active-directory/roles/delegate-by-task#multi-factor-authentication

    I tested that out and it works, however it does give the ability to change actual MFA settings like the Block on Fraud Report and other things related to it, so it may still be too high level a role for what you need.
    It should solve our purpose though and is definitely better than Global Admin.

Feedback and Knowledge Base