We have heard the feedback and we’ve added it to our upcoming investments. While we do not have a date for this yet, we hope to be able to provide one soon. Thank you for the continued feedback.
An error occurred while saving the commentThomas Cannervall commented
You can use Privilieged Authentication Administrator Role to reset mfa. You can ofcourse use this with PIM or whatever.
Yesterday I set-up a reset flow with Automation Accounts (Azure Automate) -> power automate -> power app to handle reset of MFA by support agents.
I created a service account with Priviliged Authentication Admin role, imported msol module in the automation account and created a pretty basic ps runbook
[Parameter (Mandatory= $true, HelpMessage = "Email of the user to reset MFA for")]
[parameter(Mandatory = $true, HelpMessage = "Email of the support agent")]
$ErrorActionPreference = 'Stop'
$creds = Get-AutomationPSCredential -Name '<redacted>'
Connect-MsolService -Credential $creds
Reset-MsolStrongAuthenticationMethodByUpn -UserPrincipalName $UserEmail
Write-Output "MFA was reset for user $UserEmail. Support agent who triggered the reset was $AuthUser"
$ErrorMessage = $_.Exception.Message
Write-Output "Reset MFA for user $UserEmail Failed. the error is: $ErrorMessage"
Had to give the support agents Automation Job Operator permissions on the Automation Account / Resource group and ofcourse access to app flow.
Hope it helps someone