15 votesMike commented
Please add this functionality as I am trying to do more or less the same thing; exclude users from accessing O365 / Azure via unmanaged devices if they've not registered for MFA.
My current solution is proper-nasty involving PS searching AAD, csv exports and adding a string to an extension attribute in on-prem AD for an AAD dynamic group to look for after AAD Connect has replicated it up.
It would be sooo much slicker if it could all be done in AAD.
6 votesplanned · 3 comments · Azure Active Directory » Role-based Access Control · Flag idea as inappropriate… · Admin →Mike shared this idea ·
14 votes4 comments · Azure Active Directory » Role-based Access Control · Flag idea as inappropriate… · Admin →Mike commented
User admin team is resourced with junior support staff and apprentices, we can't give Global Admin to this team, desperately need to delegate the task of user MFA management to non-global admins.
965 votes188 comments · Azure Active Directory » Multi-factor Authentication · Flag idea as inappropriate… · Admin →
This feature is now on the roadmap. The MFA team is planning to adjust admin roles or create a new role that will allow delegation of MFA registration and credentials to an admin role.