This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
Hi,
Am I right in believing that only GAs can modify MFA settings for users ?
I tried experimenting with some of the recently added roles, but still couldn't find one that gave the appropriate rights.
Thanks...
You can manage it automatically by enable conditional access policy.
Please do not forget to "Accept the answer" and Upvote on the post that helps you, this can be beneficial to other community members.
http://www.moamenhany.com
Yup, global admins. Authentication admins can reset MFA details for regular, but not change them: https://learn.microsoft.com/en-us/azure/active-directory/users-groups-roles/directory-assign-admin-roles#authentication-administrator
Privileged auth admins can do the same, for any user.
We should eventually get a role or API permission that allows this, but for the moment you need GA.
Thanks for the clarification, that's what I thought.
Let's hope the new role materialises soon :-)
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(179.20000000000002, 96%, 27%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EZE%3C/text%3E%3C/svg%3E)