You have an Azure Active Directory (Azure AD) tenant that contains a user named User1. You plan to enable passwordless authentication for the tenant. You need t...

Authentication Administrator.
Users with this role can set or reset any authentication method (including passwords) for non-administrators and some roles. Authentication Administrators can require users who are non-administrators or assigned to some roles to re-register against existing non-password credentials (for example, MFA or FIDO), and can also revoke remember MFA on the device, which prompts for MFA on the next sign-in.
Note: Before combined registration, users registered authentication methods for Azure AD Multi-Factor Authentication and self-service password reset (SSPR) separately. People were confused that similar methods were used for Azure AD Multi-Factor Authentication and SSPR but they had to register for both features.
Now, with combined registration, users can register once and get the benefits of both Azure AD Multi-Factor Authentication and SSPR.
Azure Active Directory role enable the combined registration experience
Incorrect:
Privileged Role Administrator.
Users with this role can manage role assignments in Azure Active Directory, as well as within Azure AD Privileged Identity Management. They can create and manage groups that can be assigned to Azure AD roles. In addition, this role allows management of all aspects of Privileged Identity Management and administrative units.
Reference:
https://docs.microsoft.com/en-us/azure/active-directory/authentication/howto-registration-mfa-sspr-combined
https://docs.microsoft.com/en-us/azure/active-directory/roles/permissions-reference#privileged-role-administrator