1 min read

Azure AD – New administration roles for managing domain name and authentication methods

Good news, you don’t need to be a global administrator to manage Multi Factor Authentication (MFA) or authentication methods.

A new role called Authentication Policy Admin allows you to delegate authentication methods management, covering MFA or password protection policies.

NOTE the legacy MFA setting is not available for the authentication policy admin role

Below is a comparison table between authentication administrator, privileged authentication administrator and authentication policy administrator permissions

Role User’s auth method Per user MFA MFA Settings Auth method policy Password protection policy
Authentication Admin

Yes for some users

Yes for some users

No

No

No

Privileged authentication admin

Yes for all users

Yes for all users

No

No

No

Authentication policy admin

No

No

Yes

Yes

Yes

image_thumb-391-2203617

An additional new role is also available to delegate domain name management, called Domain Name Administrator.

It allows you adding, validating and removing custom domain in Azure AD. It also includes the capability to set federation with on-premises.

image_thumb-392-3101330

Azure AD – New administration roles to delegate administration tasks and reduce the need to grant global administrator

As you know, Azure Active Directory provides a large list of administration roles to allow delegating administration tasks and reduce the need to...

Read More

Azure AD – You can use your Microsoft Authenticator mobile application to update your security info

As you know, end-users can access the Microsoft My Sign-Ins website (https://mysignins.microsoft.com/) to manage their security information (register...

Read More

Office 365 – Manage modern authentication for Exchange Online from the administration portal

As you know Microsoft has been recommending to turn off basic authentication protocols for some time now.

Read More