I was wondering if anyone can help me figure out the permissions needed to access and reset a users MFA details in Azure/ Entra? I can only see that a Global Administrator has access to do this at the moment, but I can't give this level of access to all members of my IT Support Team. Attached is the a screenshot of what I mean.
Found an article that suggested either Conditional Access Administrator and Security Administrator would allow this, but it didn't though when I asked a colleague to test.
If someone can help and advise, then that would be great.
Apart from the Global administrator, the Privileged Authentication Administrator role have access to perform the reset MFA on all users account and Authentication Administrator role have access to perform the reset MFA on some user's account. Hope this helps.
The global admin can use the following steps to disable multi-factor authentication for an account: Go to Office 365 Admin Center > Users > Active users > Click More next to +Add a user > Multifactor Authentication setup.Check an account>click Disable under quick steps on the right.
Permissions Reset can reset the owner, group, access permissions, Access Control Lists (ACLS), Extended Attributes (including Quarantine) to default settings, simply by dragging an app, folder or file into Permissions Reset, selecting what you'd like reset, then clicking on "Reset".
This action is equivalent to removing or deleting the user's MFA registration. The MFA settings associated with the user will be removed, which allows them to set up MFA as if they were a new user on their next login attempt.
To disable MFA for a user, Sign in to the Azure portal with your admin credentials > Go to Azure Active Directory > Select Users > Select the user you want to disable MFA for > Select Authentication methods > Under MFA, select Disable > Select Save.
Go to the Microsoft account recovery page (https://account.live.com/password/reset) and try to reset your password by providing information about your account, such as the email address or phone number associated with it.
If you're using mobile data, try switching to Wi-Fi and vice-versa. Make sure Airplane mode is off. Make sure you're using the latest version of Authenticator - Microsoft does not support any app versions more than 12 months old. Tap Settings and make sure App updates is turned on.
Resetting a user's MFA details requires the user to re-register at next log-on. Proceed as follows. Go to https://portal.azure.com, and sign into the Microsoft Azure portal using an account with administrative privileges. From the left-hand menu, click Azure Active Directory and, from the options given, click Users.
In the “Manage” section of the left menu for the user, select “Authentication methods”
From the toolbar above the resulting pane, click “Revoke multifactor authentication sessions”. You may need to click the ellipsis (three dots) on the toolbar to view that choice.
The bucket owner, the AWS account that created the bucket (root account), and all authorized users can enable versioning. However, only the bucket owner (root account) can enable MFA delete.
Hobby: Web surfing, Rafting, Dowsing, Stand-up comedy, Ghost hunting, Swimming, Amateur radio
Introduction: My name is Virgilio Hermann JD, I am a fine, gifted, beautiful, encouraging, kind, talented, zealous person who loves writing and wants to share my knowledge and understanding with you.
We notice you're using an ad blocker
Without advertising income, we can't keep making this site awesome for you.