Azure Active Directory

Welcome to the Azure Active Directory suggestions and feedback site! We love hearing from you. If you have suggestions, please submit an idea or vote up an idea. We are monitoring the site actively.

Thank you for joining our community and helping improve Azure AD!

Wehave a new log in experience integrated with Azure AD, and we stronglyrecommend you log in with your Azure AD (Office 365) account. If yourUserVoice account is the same email address as your Azure AD account, yourprevious activities will be automatically mapped to your Azure AD account.  You can read more here for details: https://techcommunity.microsoft.com/t5/Azure-Active-Directory-Identity/Putting-customers-first-for-f...

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. Enable PIM role assignment by Group membership.

    It would be nice to enable PIM roles to be linked not only to direct assignment to users but also to groups. This enables integration with on-premise IAM solutions that have not been extended to support the Graph API calls to PIM for role management.

    94 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    under review  ·  9 comments  ·  Privileged Identity Management  ·  Flag idea as inappropriate…  ·  Admin →
  2. Enable synchronized AD groups (or AAD groups) to map to PIM.

    Rather than adding single accounts from AAD (which may be synched from AD), it would be great to map AAD (or synched AD) groups to eligibility rules. E.g. AAD group A is eligible for Role Exchange Admin. That way, one could administer AD groups for privileged access like in RBAC and use PIM to activate the privileges. Adding single users may be difficult to handle in large environments.

    72 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    started  ·  6 comments  ·  Privileged Identity Management  ·  Flag idea as inappropriate…  ·  Admin →
  3. Powershell Enable PIM Role Assignment

    We plan to utilize PIM for Azure Resources (Resource Groups), however it is currently not possible to automate thorugh Powershell. It would be nice if existing Roles could be made eligable and configurated with it's settings thorugh powershell when creating resources/resource groups through powershell.

    55 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    planned  ·  6 comments  ·  Privileged Identity Management  ·  Flag idea as inappropriate…  ·  Admin →
  4. Make a App for AzureAD PIM to activate my roles

    Please Make a App for AzureAD PIM to activate my roles - so that the admin user that's only are using portal.office.com need to go into portal.azure.com to active the PIM roles (like global admin)

    41 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    under review  ·  8 comments  ·  Privileged Identity Management  ·  Flag idea as inappropriate…  ·  Admin →
  5. Azure PIM support for custom Exchange RBAC Role Groups

    Add support to manage custom Exchange RBACs through Azure PIM. Currently, as far as I can tell, it is only possible to manage the built-in “Exchange Administraor” role through PIM. However we do not use this role because it provides access to far too many Exchange cmdlets. Instead we have created many custom Exchange RBACs and associated Role Groups which provide minimum levels of access for various different teams in our organisation. We have been testing Azure PIM and would like to use it but it only works with the built-in all powerful “Exchange Administraor” role. Please add support to…

    34 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    2 comments  ·  Privileged Identity Management  ·  Flag idea as inappropriate…  ·  Admin →
  6. PIM in Office 365 Admin Portal

    Will be nice, if Azure AD PIM funcionality and user and admin controls will be somewhere accessible also from Office 365 Admin Portal, not only Azure Portal.

    For example, if PIM is enabled for user and he has not proper rights and go to Admin Center, he is automatically redirected to PIM console.

    33 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    6 comments  ·  Privileged Identity Management  ·  Flag idea as inappropriate…  ·  Admin →
  7. Add support for Time-bound Group membership in Azure AD like Active Directory 2016

    Please add support for Time-bound Group membership in Azure AD like Active Directory 2016. It would be a very appreciated option for managing access like in MIM PIM.

    And if you consider doing this... Please also extend the functionality to Azure PIM to manage temporary membership and approval

    31 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    4 comments  ·  Privileged Identity Management  ·  Flag idea as inappropriate…  ·  Admin →
  8. Additional Email Notifications when Azure AD PIM

    We would like to suggest the ability to request additional email notifications when an Azure AD Privileged Identity Management admin role has been enabled. Only the user themselves can receive email notices that their admin role has been activated. We would like the ability for additional emails to be sent to other sources for auditing reasons. Currently that functionality is not available.

    24 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    4 comments  ·  Privileged Identity Management  ·  Flag idea as inappropriate…  ·  Admin →
  9. Allow 3rd party MFA with PIM

    Azure conditional access policies allow for 3rd party MFA, such as Duo, but Azure PIM does not allow this level of customization with the "Require MFA" configuration for a PIM role. This means that we need to manage 2 different MFA platforms if we're going to leverage both Duo MFA and Azure PIM for security. I'd like the ability to use Duo MFA when activating a PIM role.

    22 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Privileged Identity Management  ·  Flag idea as inappropriate…  ·  Admin →
  10. Azure AD Privileged Identity Management - Display elevation propagation process

    It would be beneficial to be able to track how the role elevation is propagating in the various components in Azure AD/Office 365. It's possible the you activate a role but it would only come effective several minutes later. From a user experience standpoint, the expectation is that everything is active right away once we receive the notification from the Azure Portal. If everything cannot get activated right away, it would be beneficial to be able to track the progress of the activation.

    22 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Privileged Identity Management  ·  Flag idea as inappropriate…  ·  Admin →
  11. Apply the role faster on the backend

    Our customers often mentioned it takes a long time for the role to become active for the end users.

    Can you make it apply the role faster on the backend. They expect maybe 30 seconds for the role to become active.

    21 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    planned  ·  0 comments  ·  Privileged Identity Management  ·  Flag idea as inappropriate…  ·  Admin →
  12. PIM option to request access to AD groups

    PIM option to request access to AD groups

    In our environment, we have AD groups with specific resource rights for the different environments. (OTAP).
    It would be nice if it is possible to ask permission to be added temporarily to an Azure group for the time specified.

    20 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Privileged Identity Management  ·  Flag idea as inappropriate…  ·  Admin →
  13. Extend PIM to manage group membership

    Enable PIM usage to support any Azure AD group membership controls enabling a time based group membership experience using PIM UI and approval functionality.

    20 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    3 comments  ·  Privileged Identity Management  ·  Flag idea as inappropriate…  ·  Admin →
  14. Expose AzureAD PIM Alerts via an API

    AzureAD (AAD) PIM generates alerts when there is suspicious or unsafe activity in the environment. When an AAD PIM alert is triggered, it shows up on the PIM dashboard. We would like for the PIM alerts to be exposed via an API so that we can integrate these alerts with our SIEM solution.

    19 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    under review  ·  1 comment  ·  Privileged Identity Management  ·  Flag idea as inappropriate…  ·  Admin →
  15. Support webhooks for Azure PIM Approval Request

    It would be really great, if you would consider adding support for Webhooks as part of the newly introduced Azure PIM Approval workflowfeature. We would be able to do a lot of interesting stuff with this option :). Alternatively we would have to perform a pull for new approval request all the time. #automation #flow #apps

    https://blogs.technet.microsoft.com/enterprisemobility/2017/05/24/azure-ad-privileged-identity-management-approval-workflows-are-now-in-public-preview/

    19 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    under review  ·  1 comment  ·  Privileged Identity Management  ·  Flag idea as inappropriate…  ·  Admin →
  16. Disabling email notifications for activation of azure ressources in PIM

    When a contributor activates his role in PIM, the owners of the subscription receive an email notification as well. We would like to have the possibility to remove this notification.

    17 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Privileged Identity Management  ·  Flag idea as inappropriate…  ·  Admin →
  17. Additional Approval Options for PIM Roles

    Within the PIM Roles setup, we would like to have the option for some users to be set as 'eligible' and require approval with others in the same role set as 'eligible' and not require approval. Currently, approval is only an all or none option on each role.

    15 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    2 comments  ·  Privileged Identity Management  ·  Flag idea as inappropriate…  ·  Admin →
  18. Force admins to verify via MFA with every activation request

    If PIM role activation requires MFA verification the MFA back-end will abide by the "Don't prompt me again for X days" option which results in admins not being prompted to verify for a role activation.

    PIM should allow for the ability to ignore this setting and prompt admins every time they activate an admin role even though they may not have been prompted when logging into the Azure portal. Placing the MFA gate in front of admin role activation is the whole point to PIM.

    15 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    under review  ·  1 comment  ·  Privileged Identity Management  ·  Flag idea as inappropriate…  ·  Admin →
  19. Get Privilege Role with their Eligible and Permanent Members List using Powershell

    Please add Azure PIM command, which can provide all roles & their members list (should show Eligible & Permanent attribute too) ?

    Get-PrivilegedRoleAssignment shows role details for logged in user only.

    12 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    3 comments  ·  Privileged Identity Management  ·  Flag idea as inappropriate…  ·  Admin →
  20. Integrate Azure AD PIM with on-premises AD

    Azure AD PIM is a cool feature, and easy to use. The on-premises MIMPAM solution is the exact opposite experience. It requires a lot of infrastructure to be in place, and different skillsets are needed to make it secure. It's simply too expensive and complex for a lot of organizations to use.

    Integrating AAD PIM with on-premises AD would solve these issues. A cloud based solution, paid by usage (license per user).

    12 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Privileged Identity Management  ·  Flag idea as inappropriate…  ·  Admin →
← Previous 1 3 4 5
  • Don't see your idea?

Feedback and Knowledge Base