To enable or disable a device you use either a global administrator or cloud device administrator role in Azure AD. https://learn.microsoft.com/en-us/azure/active-directory/devices/device-management-azure-portal
Authentication administrator and Privileged authentication administrator roles can manage authentication methods but that doesn't seem to suit your particular needs.