Forum Discussion
Solved
Office 365 Admin Role Needed for MFA
I would like to assign members of the help desk access to manage MFA for non-admin users. I already assigned the Authentication admin role and this partially works. Right now the help desk can go into AAD, switch to Authentication methods and do everything that is needed there.
However, as a Global Admin from the Microsoft 365 admin center I can see Users > Active Users > Multi-Factor Authentication and I can manage Manage multifactor authentication from the User itself. These options are not available for the help desk.
Is there another role that I can use to grant access to the legacy MFA management portal?
None of the "specialist" roles are able to manage users in the legacy MFA portal, as detailed here: https://docs.microsoft.com/en-us/azure/active-directory/roles/permissions-reference
None of the "specialist" roles are able to manage users in the legacy MFA portal, as detailed here: https://docs.microsoft.com/en-us/azure/active-directory/roles/permissions-reference
It looks like you’ve set up the Authentication admin role, which is a great start. To ensure full access to MFA management features, consider assigning the "Privileged Authentication Administrator" role. This role will grant the help desk the permissions needed to manage MFA settings directly from the Microsoft 365 admin center. For additional tech resources.
- So is the answer
"You must be a global admin in order to do this?"- I am using Authentication Administrator to grant my help desk team access to make changes to MFA.
