Azure Active Directory

Welcome to the Azure Active Directory suggestions and feedback site! We love hearing from you. If you have suggestions, please submit an idea or vote up an idea. We are monitoring the site actively.

Thank you for joining our community and helping improve Azure AD!

Wehave a new log in experience integrated with Azure AD, and we stronglyrecommend you log in with your Azure AD (Office 365) account. If yourUserVoice account is the same email address as your Azure AD account, yourprevious activities will be automatically mapped to your Azure AD account.  You can read more here for details: https://techcommunity.microsoft.com/t5/Azure-Active-Directory-Identity/Putting-customers-first-for-f...

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. Eliminate delays when activating the SharePoint Administrator role in PIM.

    Currently it can take up to 1 hour or more to wait for permissions to be propagated in the SharePoint environment after activating the SharePoint Administrator role. Logging out, closing all browser windows -- nothing helps.

    This results in lost work time for administrators that require these permissions to do their daily job. And is even worse when there is an issue during off-hours. It does not help your relationship with a business client to tell them that you have to wait for the system to "kick in" and cannot provide an estimate for how long that may take.

    Any…

    9 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Privileged Identity Management  ·  Flag idea as inappropriate…  ·  Admin →
  2. Show ticket number in approval screen

    When requesting a PIM role, you are asked for a ticket number which is then displayed in the audit log. This ticket number should be displayed to the user who is approving the request so they can validate the request

    6 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Privileged Identity Management  ·  Flag idea as inappropriate…  ·  Admin →
  3. Privileged Identity Management event into Event Grid for automation

    We would like to use Privileged Identity Management (PIM) to provide access to content within resource for example a database within a database server. To be able to hook into a successful 'just in time' request and it's timeout I would like to use something like Event Grid.

    The current alerting based on email is not good enough to be able to reliably build automation.

    4 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Privileged Identity Management  ·  Flag idea as inappropriate…  ·  Admin →
  4. Support Diagnostic Settings for PIM Audit Logs

    Azure AD Audit Logs and Sign-in Logs can be forwarded to Log Analytics, Storage Account or Event Hub. It is crucial to have this functionality also for the PIM Audit History. Just using the Azure Portal GUI to export a CSV is not how it should be nowadays.

    4 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    2 comments  ·  Privileged Identity Management  ·  Flag idea as inappropriate…  ·  Admin →
  5. Enable PIM assignment for a guest user in a specific directory

    We use powershell to activate PIM for users, but when we change to a specific directory, the get-privilegedroleassignment cmdlet still lists the roles available in the "home" directory, rather than the directory that you're currently in..

    connect-pimservice -TenantName <XXXX>

    has no effect on the get-privilegedroleassignment command

    12 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Privileged Identity Management  ·  Flag idea as inappropriate…  ·  Admin →
  6. Grant multiple roles through Privilege Identity Management (PIM) to the same user during a single operation

    When assigning more than one role using PIM as "eligible" user must going through the elevation operation for each one of the assigned roles.
    My suggestion is either to allow users to be elevated to all PIM roles in one operation or to be able to customize a new role which include capabilities from different roles.

    4 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Privileged Identity Management  ·  Flag idea as inappropriate…  ·  Admin →
  7. Ability to search on all Azure resources and resource groups in the "Resource filter" experience

    Azure resources/resource groups search in PIM doesn’t search my entire pool of resources /resource groups. It only searches by page. I have to click "load more" 15+ times to find some of my resource groups which is a horrible UX and seems more like a bug to me.

    12 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Privileged Identity Management  ·  Flag idea as inappropriate…  ·  Admin →
  8. Auto suggest role activation on "access denied" error messages if user is eligible

    If I have a role that woudl allow me to access a page via PIM, error messages shoulfd suggest to enable the least privilege role I am elligible for instead of just showing an access error.

    This would:
    1. allow to think about PIM as a workaround
    2. understand that Global Admin is not the role to activate by default and that less powerful roles coudl still allow to get things done
    3. add some friendliness to "access denied" error messages :-)

    2 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Privileged Identity Management  ·  Flag idea as inappropriate…  ·  Admin →
  9. Allow 3rd party MFA with PIM

    Azure conditional access policies allow for 3rd party MFA, such as Duo, but Azure PIM does not allow this level of customization with the "Require MFA" configuration for a PIM role. This means that we need to manage 2 different MFA platforms if we're going to leverage both Duo MFA and Azure PIM for security. I'd like the ability to use Duo MFA when activating a PIM role.

    33 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    2 comments  ·  Privileged Identity Management  ·  Flag idea as inappropriate…  ·  Admin →
  10. ediscovery administrator/manager adds to PIM/PAM roles

    Pls add eDiscovery roles to PIM/PAM, seem to be mia

    5 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Privileged Identity Management  ·  Flag idea as inappropriate…  ·  Admin →
  11. Make Azure AD role activation in PIM faster

    Currently activating an Azure AD role such as Global Admin or User Admin in Privileged Identity Management (PIM) takes 15+ minutes to fully activate (this time starts after following the step to sign-out). Even after logging out and back in again, the role will display as active in the Azure AD overview blade, but when trying to take an action such as updating a user license (in the Office 365 portal) or update an App configuration in the Azure AD Portal, the action will fail claiming access denied. After 15-30 minutes, the role finally comes fully active with no notification…

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Privileged Identity Management  ·  Flag idea as inappropriate…  ·  Admin →
  12. Make sure that in some situations Eligible users are selectable

    In some other parts of Azure AD, you can only select users if they are currently activated in their role. F.e. the Admin Consent reviewers are only selectable if they have the necessary roles permanent, or are activated at that time. It would be nice, that for these kind of situations you can select all the users eligible for the role as well.

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Privileged Identity Management  ·  Flag idea as inappropriate…  ·  Admin →
  13. Make PIM audit more robust. Should be able to filter on all of the key categories (for example, filter on Global Administrator approvals)

    Make PIM audit filtering more robust. Should be able to filter on all of the key categories (for example, ability to create a filter for Global Administrator approvals).

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Privileged Identity Management  ·  Flag idea as inappropriate…  ·  Admin →
  14. Ability for Azure AD PIM users to opt-out of e-mail notifications

    It would be nice with an ability to opt-out of the automatic notification that is sent after people elevate their account. Especially for external consultants using their Azure B2B account at multiple customers.

    I get about 10+ mails each that about customers / colleagues that enable their roles using Azure AD PIM:

    Please make it possible to opt-out of the notification mails: "xxxxx activated the THE ROLE in the xxxx.onmicrosoft.com directory"

    Thanks.
    Peter Selch Dahl - Azure MVP

    7 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Privileged Identity Management  ·  Flag idea as inappropriate…  ·  Admin →
  15. Azure cli PIM activation

    To reduce churn. It would be good if there was a CLI method of activating PIM Azure Resource roles so that the process was less laborious.

    2 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Privileged Identity Management  ·  Flag idea as inappropriate…  ·  Admin →
  16. PIM - multiple approvers required

    At the moment you configure multiple approvers in the role setting details dialog. As soon a one approvers approves the request gets accepted.

    I would like to have an option to require multiple approvers, that allow the request
    eq. configure 5 approvers - 2 are required to approve the request

    2 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Privileged Identity Management  ·  Flag idea as inappropriate…  ·  Admin →
  17. Make PIM more user friendly by adding flash whenever signing 1st time on azure ad PIM

    Whenever we are enabling PIM , we found that portal is not user friendly, there is ROLES, then AZURE AD ROLES then lot of confusing options and even the documentation is not for the beginners, that when we will get consent option,how to check PIM is enabled or not there are lot of people i came accross who are confused with the features and what to enable and all,
    the concepts are clear but how to reach and complete it, its confusing.

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Privileged Identity Management  ·  Flag idea as inappropriate…  ·  Admin →
  18. PIM - Integrate PIM into Portal configuration of Azure Resource RBAC

    Please consider - Merge GUI elements for PIM into Azure Portal Resource Access Control Panel

    a) Azure RBAC panels should show the PIM role assignments in context, similar to (reverse of) the way that regular permanent role assignments are shown in the PIM GUI.

    b) Azure RBAC Access Control "New Role Assignment" should include the option to make the assignment eligible instead of permanent

    The current implementation puts the functionality in the wrong context - the primary function is not to "manage PIM", it is to "assign roles for a resource".

    Thanks
    Ben

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Privileged Identity Management  ·  Flag idea as inappropriate…  ·  Admin →
  19. PIM - Configure default settings for all role assignments

    Separate custom settings for every role in every resource scope is really unwieldy, and makes it infeasible to manage effectively.

    Please consider a configuration for default settings that apply to all roles and scopes (maybe separate for Azure RBAC vs AAD?) so that we can make baseline tenant level configuration change.

    e.g. I would like PIM eligible assignment to default to a maxiumum duration of 2 hours instead of 1; I would like activation to require MFA always; I would like to change the notification lists.

    Thanks
    Ben.

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Privileged Identity Management  ·  Flag idea as inappropriate…  ·  Admin →
  20. PIM - Allow users to extend period of activation for activated eligible roles

    Several times I need to start something that requires a PIM role, when the PIM role is already active but will expire soon (say, 10 minutes). I need to extend the activation period to cover, say, 60 minutes, but this is not possible and I either need to wait until the PIM activation expires, or be disrupted by access failures mid-activity.

    Please consider a new option to PIM role management to allow the extension in time of a role that is already active.

    The current PIM "extend" functionality refers to extension of period of assignment, not period of activation for…

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Privileged Identity Management  ·  Flag idea as inappropriate…  ·  Admin →
← Previous 1 3 4 5 6
  • Don't see your idea?

Feedback and Knowledge Base