Update: Microsoft will be moving away from UserVoice sites on a product-by-product basis throughout the 2021 calendar year. We will leverage 1st party solutions for customer feedback. Learn more here.

Azure Active Directory

Welcome to the Azure Active Directory suggestions and feedback site! We love hearing from you. If you have suggestions, please submit an idea or vote up an idea. We are monitoring the site actively.

Thank you for joining our community and helping improve Azure AD!

Wehave a new log in experience integrated with Azure AD, and we stronglyrecommend you log in with your Azure AD (Office 365) account. If yourUserVoice account is the same email address as your Azure AD account, yourprevious activities will be automatically mapped to your Azure AD account.  You can read more here for details: https://techcommunity.microsoft.com/t5/Azure-Active-Directory-Identity/Putting-customers-first-for-f...

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. PIM sync on-prem so you can get Just in time for on-prem admin accounts

    Is it in the roadmap to have Some sort of sync / agent / function that allow you to use just in time functionality on-prem for admin accounts without syncing "admin accounts" up to Azure AD.

    1 vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Privileged Identity Management  ·  Flag idea as inappropriate…  ·  Admin →
  2. In the absence of an approver

    Currently PIM sends notification to all approvers when a request made to activate a privileged role in PIM. It would be nice if approval workflow can be configured in hierarchy manner if the 1st approver is not available it resend the notification 2nd approver.

    for PIM roles receives an email with a link and they need to login to Azure AD to approve or deny the request that is becoming bit tedious task for managers to approve the request of a privileged role activation. A mobile app to approve or deny the request would more efficient way for the manager…

    1 vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Privileged Identity Management  ·  Flag idea as inappropriate…  ·  Admin →
  3. Approver mobile app to approve or deny the request

    Currently the approvers for PIM roles receives an email with a link and they need to login to Azure AD to approve or deny the request that is becoming bit tedious task for managers to approve the request of a privileged role activation. A mobile app to approve or deny the request would more efficient way for the manager to respond the requests for privileged role activation from PIM

    1 vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Privileged Identity Management  ·  Flag idea as inappropriate…  ·  Admin →
  4. M365 Billing Notifications with regards to Azure AD PIM

    The cx is requesting a design change so that users who are assigned eligible PIM roles (Global admin and Billing Admin) don't miss billing notifications if they haven't activated the role. It would be nice to have the option add to use a distribution list in M365 Billing > Billing Notifications.

    This is currently impacting 20,000 users in the cx tenant since mid-March 2021 and there is a major work stoppage where Teams Administrators have had not received billing notifications on time and were not able to get invoices over to the finance department to have the invoices paid on…

    2 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Privileged Identity Management  ·  Flag idea as inappropriate…  ·  Admin →
  5. Azure Databricks SCIM Connector

    Privileged Access groups cab be used as Groups (PAG) for Azure Databricks SCIM Connector . These PAG contains member users (USER01). When Provisioning happens in SCIM , PAG will be provisioned with in Databricks WS.

    Now USER01 can login to portal.azure.com and to enable eligible member role to active.

    Now Issue is: Provisioning interval is 40 Mts and Fixed. Until the provisioning cycle kicks-off , USER01 is not going to be shown in the Databricks WS.

    If we get an option with in Azure Databricks SCIM Connector to provision automatically in real time as soon as changes happen with in…

    1 vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Privileged Identity Management  ·  Flag idea as inappropriate…  ·  Admin →
  6. Allow built in local admin roles to be centrally managed in AD Azure / PIM

    Currently when you manage roles in PIM, you are able to manage the roles centrally for all Azure AD services. However there are several services where you can set roles that will only apply for that specific service as noted here: https://docs.microsoft.com/en-us/microsoft-365/security/office-365-security/permissions-microsoft-365-compliance-security?view=o365-worldwide#breaking-inheritance

    This can make it hard to track all the assigned permissions across all services and leave open gaps that can cause security issues. It would be great to have a central place to view and manage all the permissions across each service.

    1 vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Privileged Identity Management  ·  Flag idea as inappropriate…  ·  Admin →
  7. fix the caching issue!

    Every time I assign myself a role, I have to log out of the O365 portal clear my browser cache then sign back in and even then it doesnt always work. Its been getting worse the more I'm using Azure PIM

    1 vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Privileged Identity Management  ·  Flag idea as inappropriate…  ·  Admin →
  8. For eligible assignment through PIM increase time upto 4 days

    Currently for PIM eligible assignment users can activate only for a maximum of 24 hours. This is good but does not work for roles like SharePoint administrator. After activating the SharePoint administrator role, SharePoint takes 24 to 72 hours for the role to activated in SharePoint. The other option is to give an active assignment to the Sharepoint role for 4 days and then wait for SharePoint to reflect the permissions. Either PIM should allow eligible assignment activation upto 4 days or SharePoint should fix it for immediate synch from Azure AD to Sharepoint.

    1 vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Privileged Identity Management  ·  Flag idea as inappropriate…  ·  Admin →
  9. How to manage Azure Service Principal in PIM?

    We have Azure Service Principals, looking for solution to manage Service Principals, automatic onboarding and secret key rotation, Is Azure PIM the solution.

    1 vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Privileged Identity Management  ·  Flag idea as inappropriate…  ·  Admin →
  10. Eliminate role activation delay between portals open in different browser tabs

    There is a delay in role activation when the target portal (i.e. Power Platform admin center) is open in one tab and PIM activation is initiated in a separate browser tab. It can take up to 15 minutes for the role to activate in the target portal, even if the tab is refreshed multiple times following role activation. While logging out and back in resolves this delay, it is not a sustainable option for urgent troubleshooting.

    7 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Privileged Identity Management  ·  Flag idea as inappropriate…  ·  Admin →
  11. Global Administrator role via group

    When I will assign Global Administrator role via a security group to someone he/she is not able to access Exchange Admin portal.

    1 vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Privileged Identity Management  ·  Flag idea as inappropriate…  ·  Admin →
  12. Allow additional recipient email for Request to approve an activation

    Our privileged identities and PIM approvers, do not have an email address assigned to them. This means that the Approvers never see an email to approve a request.
    Please allow us to add the approver's personal email address in additional recipients for Request to approve an activation.

    1 vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Privileged Identity Management  ·  Flag idea as inappropriate…  ·  Admin →
  13. Authentication Policy Admin role

    The new role "AUTHENTICATION POLICY ADMINISTRATOR" lets you import the OAUTH hardware token seed file and then it shows the error that the import failed.
    When the same file is imported by the Global Admin role, it goes through successfully.

    Looks like the broken or untested functionality of the new role.

    1 vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Privileged Identity Management  ·  Flag idea as inappropriate…  ·  Admin →
  14. PIM Access reviews should exclude emergency accounts

    When creating an access review there should be the ability to exclude the emergency accounts, otherwise you could lock yourself out!

    2 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Privileged Identity Management  ·  Flag idea as inappropriate…  ·  Admin →
  15. PIM - Powershell for Azure Roles

    The AzureADPreview module includes PIM commandlets that purport to enable reporting on PIM role assignments for Azure resources (https://docs.microsoft.com/en-us/powershell/module/azuread/get-azureadmsprivilegedroleassignment), but it doesn't seem to work, and there is no documentation or examples that include how to get subscription-level assignments (i.e. what is the "ResourceID" for a subscription?). There is documentation on doing this for AAD (https://docs.microsoft.com/en-us/azure/active-directory/privileged-identity-management/powershell-for-azure-ad-roles), but nothing for ARM.

    Please make PIM for Azure Resources completely manageable from PowerShell.

    1 vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Privileged Identity Management  ·  Flag idea as inappropriate…  ·  Admin →
  16. PIM - Powershell for Azure Roles

    The AzureADPreview module includes PIM commandlets that purport to enable reporting on PIM role assignments for Azure resources (https://docs.microsoft.com/en-us/powershell/module/azuread/get-azureadmsprivilegedroleassignment), but it doesn't seem to work, and there is no documentation or examples that include how to get subscription-level assignments (i.e. what is the "ResourceID" for a subscription?). There is documentation on doing this for AAD (https://docs.microsoft.com/en-us/azure/active-directory/privileged-identity-management/powershell-for-azure-ad-roles), but nothing for ARM.

    Please make PIM for Azure Resources completely manageable from PowerShell.

    1 vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Privileged Identity Management  ·  Flag idea as inappropriate…  ·  Admin →
  17. Additional detail in email subject for Azure Resources

    When escalating to gain access to an Azure resource, in our case an Azure subscription, the email that is sent mentions the fact we have elevated to owner, but does not mention which Azure subscription we are working with.

    When you have hundreds of these emails it makes it difficult for anyone overseeing the PIM service to know which elevations are in need of a closer inspection.

    The AAD roles does display this level of detail, so the Azure Resources side of PIM needs to work in a similar way.

    1 vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Privileged Identity Management  ·  Flag idea as inappropriate…  ·  Admin →
  18. 3 things I think would improve PIM


    1. Option to activate multiple roles in one activate operation.
      Sometimes you just need two or three roles in your working day.


    2. Option to go directy to the service from PIM - My roles.
      I am thinking link on the role name or, from a receipt page after activating.


    3. My roles should always apper in alphabetical order.


    2 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Privileged Identity Management  ·  Flag idea as inappropriate…  ·  Admin →
  19. PIM groups for B2B accounts

    When trying to manage PIM groups as an owner + privileged admin role using a B2B account you cannot access the PIM preview feature. This works fine for tenant accounts but with same access using a b2b account the PIM blade shows no groups and in Azure AD when opening the PIM blade under a group no information is shown

    1 vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Privileged Identity Management  ·  Flag idea as inappropriate…  ·  Admin →
  20. need to configure which users could receive Privileged Identity Management [PIM] emails

    Please implement the feature for PIM like implemented on IP

    the uservoice is called "need to configure which users could receive Identity protection weekly digest report"

    If possible also add the option for the ad hoc emails like "PIM: A privileged directory role was assigned outside of PIM"

    This way a security officer without privileged admin roles is able to monitor and act on important info

    5 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Privileged Identity Management  ·  Flag idea as inappropriate…  ·  Admin →
← Previous 1 3 4 5 6
  • Don't see your idea?

Feedback and Knowledge Base