You wont be able to create a custom role for just those tasks. Here is the list of available permissions you can customize:
To use the built in Entra Roles:
and to manage other Priv Accounts:
This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
How to delegate permissions to Service desk team for managing MFA in Azure Active Directory. just MFA reset (revoke and re-register) rights. please suggest
You wont be able to create a custom role for just those tasks. Here is the list of available permissions you can customize:
To use the built in Entra Roles:
and to manage other Priv Accounts:
Thank you for your post!
I understand that you would like to delegate permissions to the Service desk team for managing MFA in Entra ID.
To delegate permissions to the Service desk team, you can assign "Authentication Administrator" role in Entra ID. This role allows the team to manage MFA for all users in the directory.
The following table compares the capabilities of authentication-related roles.
For more readings: Authentication Administrator
Privileged roles and permissions
Also, you can refer the third-party document which is similar to your ask
How to delegate permissions for managing MFA in Azure Active Directory
Hope this helps. Do let us know if you any further queries.
Thanks,
Akhilesh.
If this answers your query, do click Accept Answer
and Yes
for was this answer helpful. And, if you have any further query do let us know.