MF Auth for Partners who manage many Office 365 Tenancies
Hello folks, i have a question with regards to Microsoft Partners who manage quite a few Office 365 Tenancies on the end users behalf. We know Multi-Factor Auth needs to be configured for admin accounts, but i would like to hear about ways to manage all the end user admins? We manage our own MFA through the Microsoft Authenticator app on our phones, but say i manage 80 end user tenancies, i'd then need 80 end user accounts adding to the Authenticator App? Or, the other way is to auth via an SMS txt message...but, i have multiple engineers on site, so a central mobile phone for SMS is not viable.
So, my question really is how are other Microsoft Partners managing MFA on their many end user Office 365 tenancies?
Thanks in advance for any insight and info
Re: MF Auth for Partners who manage many Office 365 Tenancies
The easiest way is to use the delegated administration feature available for CSp resellers or via Office 365 Partner Admin portal. Thereby you will only use a single account in your Partner tenant to manage all customers.
Note: Delegated administration has some known limitations - e.g. "Security & Compliance Center" can not be managed via UI, also not SkypeForBusiness Admin center.
Customer perspective - add Partner for delegated adminsitration: https://docs.microsoft.com/en-us/office365/admin/misc/add-partner?redirectSourcePath=%252farticle%252f201ccb3b-6011-4bf1-a6b2-84e7cc1ee2d0.aspx&view=o365-worldwide
CSP Partner perspective: https://docs.microsoft.com/en-us/partner-center/customers_revoke_admin_privileges
Delegated admin via Partner Admin Center (When no CSP Partner): https://support.office.com/en-us/article/Partners-Offer-delegated-administration-26530DC0-EBBA-415B-86B1-B55BC06B073E