This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(35.2, 1%, 13%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ETP%3C/text%3E%3C/svg%3E)
Hello,
I have been granted authentication admin and privileged auth admin by my global admin and I can no longer change the authentication settings of users (enforced, enabled, disabled) for anyone, including non-admin users. This happened after a recent change to the look of the website to match the overall aesthetic of entra so I was wondering if there was a permission change to these roles or if its just broken and Microsoft needs to fix it.
I can confirm I can still require reregister - I just cant require that users authenticate with the authenticator and have been raising these up to my global admins to do so.
Any help you can provide is apricated because I'm at my wits end here.
Priv Auth Admin can not manage per user MFA by design:
Hi Andy,
I just ran a test with my supervisor after she unassigned the admin license and it still failed to set the auth setting. Also this is the error message I receive when attempting.
Thanks.
Using what role?
I only have authentication admin now. Here is the list-
I only have Auth admin now. Here is the list-
Ok, and this worked before as Auth Admin? I use CA policies so I never mess with that.
This worked before with both auth admin licenses, Im not sure why it suddenly stopped working but we have 4 admins who are setup like I am and they have the same story.
Also Im not sure what CA policy means. Do you think its worth making a ms support ticket for?
CA policy = Conditional Access Policy
By the way, I can reproduce this.
Do you mean reproduce the issue that neither admin licenses allow me to change settings or the conditional access policy? I think we have and E3 subscription so I don't know if ca is in it or no. Sorry for the cluelessness, new to 365 administration.
I see the same error as you using the Auth Admin to change per user MFA.