This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(44.800000000000004, 0%, 14%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ERZ%3C/text%3E%3C/svg%3E)
Hi,
i am deploying the azure MFA with conditional access to my users
and i would like to grant limited permissions to my Helpdesk team so the will only have permissions to open the MFA settings for : grant OTP / Block and unblock and also to add new users to conditional access i have created
OTP/Block/Unblock are features only available for MFA server, not Azure MFA. As for managing CA, use the Conditional Access Administrator or pick the best suitable role from the list here: https://learn.microsoft.com/en-us/azure/active-directory/users-groups-roles/directory-assign-admin-roles
what are the permissions that i need to give them to manage only the MFA features
Depends on what exactly you mean there, for example it's recommended to enforce MFA via CA policies, so you might need CA permissions as well. Read the document above for all the details, including which permissions are needed to manage individual features.
i need to grant my helpdesk team permissions that they will be able to do OTP /BLOCK AND UNBLOCK for start
what permissions i need to give them