Azure Active Directory

Welcome to the Azure Active Directory suggestions and feedback site! We love hearing from you. If you have suggestions, please submit an idea or vote up an idea. We are monitoring the site actively.

Thank you for joining our community and helping improve Azure AD!

Wehave a new log in experience integrated with Azure AD, and we stronglyrecommend you log in with your Azure AD (Office 365) account. If yourUserVoice account is the same email address as your Azure AD account, yourprevious activities will be automatically mapped to your Azure AD account.  You can read more here for details: https://techcommunity.microsoft.com/t5/Azure-Active-Directory-Identity/Putting-customers-first-for-f...

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. Build custom access review

    As a user I should be able to upload a CSV file containing:

    Users
    Groups
    User and Group relationship

    I should be able to launch an access review based on above files. I should be able to select reviewers based on AAD identities or specify them in the file.

    Most ID governance tools have this function built in.

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Access Reviews  ·  Flag idea as inappropriate…  ·  Admin →
  2. Access reviews: icon in myapps portal

    Access reviews icon is showing for all users in myapps portal when we onboard the feature. It could be better if this icon appears only when you are in the scope of ongoing review as reviewer or self reviewer. That's create a lot of questions from users about the utility. And it could be the case also for group icon.

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Access Reviews  ·  Flag idea as inappropriate…  ·  Admin →
  3. Access Reviews: Azure recommendations

    The recommendation given by Azure in Access Reviews is based on user's activity ONLY in Azure and not specifically based on the Admin role activity that is being reviewed. Access reviews should give you the recommendation based on user activity with the role, otherwise, any user that logs into Azure but don't activate their role, will never be catch by the Azure recommendation(inactive for 30 days), is that make sense ?

    Also, the Azure PIM alerts gives you very little possibilities. We can't export, store the information, would be great having more option on that, or at least exposing via…

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Access Reviews  ·  Flag idea as inappropriate…  ·  Admin →

    Hi Johnny,

    Thanks for the detailed feedback! Yes, it makes a lot of sense to scope the recommendations to user’s activity in the role being reviewed, and we are working to collect more insights on user’s activity in addition to signing in. It’s in our roadmap and we will update here when we have a preview to share!

    Regarding your comment on PIM alerts, I have directed your feedback to our PIM team, if you any more questions on the development of the alerts, please don’t hesitate to email pim_preview@microsoft.com!

    - Fionna

  4. Implement our own logic on trigger Access Review

    Only a timer based Access Review is not enough for us.
    We have multiple situation we need to trigger review again, including:
    1. Based on some user's attributes update, e.g. Manager reporting line changes, Department changes, job role changes
    2. Based on usage pattern, e.g. a user haven't use a certain app/resource for last X days.

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Access Reviews  ·  Flag idea as inappropriate…  ·  Admin →

    Hi Gordon!

    Thanks for the feedback! We are working on adding more triggers to kick off access reviews like what you listed in 1!

    For 2. we do show user’s sign-in data to the reviewers to help them make the decisions. If a user hasn’t signed in to the tenant in the last 30 days, then the system will recommend denying that user’s continued access. Are you referring to automatically triggering a review on users who have not accessed an app/resource in the last X days?

    - Fionna

  5. Support to choose another "Group" as reviewer

    We have two scenario:
    1. For internal organization users, we need FTE manager as reviewer
    2. For external organization users, we need to have "sponsor" as reviewer.

    I already saw there is a feedback on supporting Manager as reviewer which should be fulfill our requirement 1. above.

    For requirement 2 above, we need to assign different "sponsor group" as reviewers (instead of individual users hardcode in Access Review)

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Access Reviews  ·  Flag idea as inappropriate…  ·  Admin →

    Hi Gordon,

    Thanks for the detailed feedback! Yes we are working on adding both manager and sponsor groups as reviewers, will update here when we have a preview ready. In the mean time, if you have any more questions or more requirements, please let us know by commenting here!

    - Fionna

  6. Integrate with Microsoft Flow for Customizing Emails and Approvers

    Right now, you can only do out of the box emails and approvals. Integrating as an application from flow will allow you to create different approval processes as needed; and customize email messages as needed.

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Access Reviews  ·  Flag idea as inappropriate…  ·  Admin →

    Hi Justin, thanks so much for the feedback! We currently use AEO (Azure email orchestrator) for sending emails, I can see how Flow can be helpful here, will look into it with the team, thanks for the suggestion! Do you know any services customizing their emails using Flow? I would love to know!

    /Fionna

2 Next →
  • Don't see your idea?

Feedback and Knowledge Base