Forum Discussion
Solved
Office 365 Admin Role Needed for MFA
I would like to assign members of the help desk access to manage MFA for non-admin users. I already assigned the Authentication admin role and this partially works. Right now the help desk can go i...
None of the "specialist" roles are able to manage users in the legacy MFA portal, as detailed here: https://docs.microsoft.com/en-us/azure/active-directory/roles/permissions-reference
I checked that article and assigned the Authentication Administrator role to my limited admin. You don't need to give them the global reader role if you provide the Azure AD portal URL. However, I couldn't find where to set MFA to enabled or enforced in Azure AD, which seems to be what the original poster needs. I also want a limited admin to create a user, assign a license, and enable MFA so the user sets up MFA on their first login. Am I missing something in Azure AD? "Require re-register" and "revoke authentication" don't seem to change the user's Multi-Factor Auth Status to enabled.
