Microsoft has released a few new Administrator roles in Azure AD, one of them is the Authentication Administrator, that allows delegation of MFA reset in Azure Active Directory without building custom solutions.
The Authentication Administrator roles is allowed to view, set and reset authentication method information for any non-admin user.
Authentication Administrators can require users to re-register against existing non-password credential (for example, MFA or FIDO) and revoke “remember MFA on the device”, which prompts for MFA on the next sign-in.
More information: https://docs.microsoft.com/en-us/azure/active-directory/users-groups-roles/directory-assign-admin-roles#authentication-administrator
/Enjoy
1 Comment
Pingback: Azure Weekly: March 25, 2019 - Build Azure