Feedback by UserVoice

How can we improve the tenant admin features O365?

Delegate permissions for managing MFA

To be able to delegate the permission of administering user account MFA setting like enable/disabled forcing reset of MFA code etc.

Currently the Global Admin permission is needed. It would be able very useful to delegate this to a service desk function without having to provide full admin access to the tenant.

1,837 votes
Vote
Sign in
Check!
(thinking…)
Reset
or sign in with
  • facebook
  • google
    Password icon
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    Jacob McGuire shared this idea  ·   ·  Flag idea as inappropriate…  ·  Admin →

    84 comments

    Sign in
    Check!
    (thinking…)
    Reset
    or sign in with
    • facebook
    • google
      Password icon
      Signed in as (Sign out)
      Submitting...
      • Jeremiah Moberly commented  ·   ·  Flag as inappropriate

        We would love to be able to delegate this role asap. We have only two Global Admins (one of which is a manager, not a tech) and a staff of over 400. Our helpdesk staff should be able to manage this for users having trouble. I'm surprised this is still being requested after two years, with no updates or timeline given!

      • Jose Rivera commented  ·   ·  Flag as inappropriate

        We need that ASAP... We managed thousands of accounts with MFA... and our Help Desk Team cannot do that

      • Anonymous commented  ·   ·  Flag as inappropriate

        agreed. This feature is definitely required. Its crazy that I have to give Global admin rights to lower tier support personnel

      • Evan Mintzer commented  ·   ·  Flag as inappropriate

        I was told by Microsoft that it would be implemented by Q4 2017 - it is now Q3 2018 and still not available. Forcing Global Admin privileges to do a simple task is horrible for security.

      • DaithiG commented  ·   ·  Flag as inappropriate

        Once again I come to what seems to be a straightforward suggestion and find nothing has been done about it for ages.

      • Nathan_CEI commented  ·   ·  Flag as inappropriate

        The fact this has sat here for almost two years proves Microsoft doesn't care, and isn't changing anytime soon.

      • Mike Sharratt commented  ·   ·  Flag as inappropriate

        it is truly crazy that we need to make our helpdesk staff Office 365 Global Admins' just so that they can set/reset MFA for our end-users...………..

      • Dan Crisci commented  ·   ·  Flag as inappropriate

        Is there any update on this from Microsoft? Currently in the process of rolling out MFA to 6000+ users and this is a huge oversight from Microsoft. Need Service Desk staff to be able to manage end users MFA settings.

      • Anne O'Day commented  ·   ·  Flag as inappropriate

        Since November 2017, this suggestion has gotten more than 900 votes and moved from #18 to #9, and still nothing. In November someone in the Azure AD thread marked that request as "planned" but six months later I still can't find anything in the official O365 roadmap. When will we hear?

      • David Thompson commented  ·   ·  Flag as inappropriate

        MFA is now a low-level, essential, user attribute - we are enforcing across our tenancy, and for 3k+ users I need to delegate this to helpdesk staff, not the GAs.

      • Bryan commented  ·   ·  Flag as inappropriate

        Hello Microsoft, can you please provide an update on this request? Global Administrators in an enterprise organization should not tie up their time with a basic user administration task. At this point, MFA is almost impossible to support in a 25,000 person tenant.

      • patrick commented  ·   ·  Flag as inappropriate

        Yes need this feature asap.
        While we wait, anyone has details on setting up powerapps or flow to run the "Set-MSOLUser -UserPrincipalName $UserPrincipalName -StrongAuthenticationMethods @()" command using a service account?

      ← Previous 1 3 4 5

      Feedback and Knowledge Base