admin permission for MFA setting and conditional access only

roei zamir 6

Hi,

i am deploying the azure MFA with conditional access to my users
and i would like to grant limited permissions to my Helpdesk team so the will only have permissions to open the MFA settings for : grant OTP / Block and unblock and also to add new users to conditional access i have created

2 answers

Vasil Michev 111.3K Reputation points MVP

2020-02-13T08:07:25.187+00:00

OTP/Block/Unblock are features only available for MFA server, not Azure MFA. As for managing CA, use the Conditional Access Administrator or pick the best suitable role from the list here: https://learn.microsoft.com/en-us/azure/active-directory/users-groups-roles/directory-assign-admin-roles
Please sign in to rate this answer.

1 person found this answer helpful.
roei zamir 6 Reputation points

2020-02-13T15:04:46.353+00:00

what are the permissions that i need to give them to manage only the MFA features

Vasil Michev 111.3K Reputation points MVP

2020-02-13T17:19:34.977+00:00

Depends on what exactly you mean there, for example it's recommended to enforce MFA via CA policies, so you might need CA permissions as well. Read the document above for all the details, including which permissions are needed to manage individual features.
Sign in to comment

Use comments to ask for clarification, additional information, or improvements to the question.
roei zamir 6 Reputation points

2020-02-16T12:34:43.43+00:00

i need to grant my helpdesk team permissions that they will be able to do OTP /BLOCK AND UNBLOCK for start

what permissions i need to give them
Please sign in to rate this answer.

0 comments No comments
Sign in to comment

Use comments to ask for clarification, additional information, or improvements to the question.

Share via

admin permission for MFA setting and conditional access only

2 answers

Your answer