906 votes180 comments · Azure Active Directory » Multi-factor Authentication · Flag idea as inappropriate… · Admin →
This feature is now on the roadmap. The MFA team is planning to adjust admin roles or create a new role that will allow delegation of MFA registration and credentials to an admin role.without prejudice commented
Assigning a Helpdesk staff member "Authenication administrator" and "User Administrator" rights in Azure Active Directory admin center does not allow the Helpdesk staff member to Enable or Disable MFA.
It does appear to allow the Helpdesk staff member to "Require re-register MFA" and "Revoke MFA Sessions" and change "Authentication Contact Info" in Azure which is helpful once the user is setup.
This still means however that a Global Admin has to get involved in the creation of every new user to enable MFA or the Global Admin role needs to be given to Helpdesk which is extremely undesirable.
Please could you raise the priority on this request?