Feedback by UserVoice

How can we improve the tenant admin features O365?

Delegate permissions for managing MFA

To be able to delegate the permission of administering user account MFA setting like enable/disabled forcing reset of MFA code etc.

Currently the Global Admin permission is needed. It would be able very useful to delegate this to a service desk function without having to provide full admin access to the tenant.

1,452 votes
Vote
Sign in
Check!
(thinking…)
Reset
or sign in with
  • facebook
  • google
    Password icon
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    Jacob McGuire shared this idea  ·   ·  Flag idea as inappropriate…  ·  Admin →

    71 comments

    Sign in
    Check!
    (thinking…)
    Reset
    or sign in with
    • facebook
    • google
      Password icon
      Signed in as (Sign out)
      Submitting...
      • Anne O'Day commented  ·   ·  Flag as inappropriate

        Since November 2017, this suggestion has gotten more than 900 votes and moved from #18 to #9, and still nothing. In November someone in the Azure AD thread marked that request as "planned" but six months later I still can't find anything in the official O365 roadmap. When will we hear?

      • David Thompson commented  ·   ·  Flag as inappropriate

        MFA is now a low-level, essential, user attribute - we are enforcing across our tenancy, and for 3k+ users I need to delegate this to helpdesk staff, not the GAs.

      • Bryan commented  ·   ·  Flag as inappropriate

        Hello Microsoft, can you please provide an update on this request? Global Administrators in an enterprise organization should not tie up their time with a basic user administration task. At this point, MFA is almost impossible to support in a 25,000 person tenant.

      • patrick commented  ·   ·  Flag as inappropriate

        Yes need this feature asap.
        While we wait, anyone has details on setting up powerapps or flow to run the "Set-MSOLUser -UserPrincipalName $UserPrincipalName -StrongAuthenticationMethods @()" command using a service account?

      • Anonymous commented  ·   ·  Flag as inappropriate

        When will this be available? Global admins in most organizations have better things to do than enabling MFA.

      • James commented  ·   ·  Flag as inappropriate

        Good Afternoon MS, could you please provide an update on this request? This is a critical feature that needs to be delegated to help desk technicians, especially when you recommend no more than 5 Global Admins.

        Please?

      • Francois Lachance commented  ·   ·  Flag as inappropriate

        Seriously Microsoft, why do we even have to ask for this? Delegated administrative tasks is a no-brainer - unless you didn't think about the enterprise user when you put O365 together, which is what it feels like. You need to take a look at ALL O365 tasks and make an assessment on how to provide an efficient experience for administrators. These single feature user requests are an inefficient way to get there.

      • Jonas Klaiber commented  ·   ·  Flag as inappropriate

        Hello, as mentioned in some comments earlier, this is on the roadmap.
        BUT i cant find it on the roadmap, can someone provide me a URL to the Feature on the Roadmap?
        BR

      • Nicolas Cools commented  ·   ·  Flag as inappropriate

        Hello It seems that only global admins can enable mfa for the users? Is this still a bug/missing feature or am i missing something. Since I am the only one with global admin priviliges and the knowledge on how to do this, this could be a real problem for when I'm sick or on holidays. It seems ridiculoud to give every support engineer global admins priviliges just for mfa administration. Please advise, Thanks in advance.

      • Brian Mecca commented  ·   ·  Flag as inappropriate

        MS tells you to limit the total number for Global Admins to 5 or less then they require it to be able to add MFA as a security feature. It would be able very useful to delegate this to a service desk function without having to provide full admin access to the tenant. This needs to be done ASAP - we are in the process of rolling out MFA to our 1100 users and need to do this slowly with more than a few GA's able to enable it.

      • Anonymous commented  ·   ·  Flag as inappropriate

        It should be devolved to a lower level of admin permissions, we cant make everyone who needs to manage MFA a global admin - please remedy ASAP.

      • Roger Allen commented  ·   ·  Flag as inappropriate

        It should be devolved to a lower level of admin permissions, we cant make everyone who needs to manage MFA a global admin - please remedy ASAP.

      ← Previous 1 3 4

      Feedback and Knowledge Base