Azure Active Directory

Welcome to the Azure Active Directory suggestions and feedback site! We love hearing from you. If you have suggestions, please submit an idea or vote up an idea. We are monitoring the site actively.

Thank you for joining our community and helping improve Azure AD!

Wehave a new log in experience integrated with Azure AD, and we stronglyrecommend you log in with your Azure AD (Office 365) account. If yourUserVoice account is the same email address as your Azure AD account, yourprevious activities will be automatically mapped to your Azure AD account.  You can read more here for details: https://techcommunity.microsoft.com/t5/Azure-Active-Directory-Identity/Putting-customers-first-for-f...

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. More info on audit of resources

    Want to see more activities information when accessing resource audit. Activities detail did not show tickets number info and reason input by user during the activation stage.

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Privileged Identity Management  ·  Flag idea as inappropriate…  ·  Admin →
  2. The approver to be able to set all at once in PIM.

    "Require approval" and "SELECTED APPROVER" can be set in “Default for all roles” of PIM.

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Privileged Identity Management  ·  Flag idea as inappropriate…  ·  Admin →
  3. Enable multi-select when activating roles in Privileged Identity Management - My roles

    My daily job requires me to activate multiple roles through PIM. I need to be able to do this in one go instead of activate, reason, duration, wait, repeat for all the roles I need that day. Let me just select them all and go through the screen only once.

    2 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Privileged Identity Management  ·  Flag idea as inappropriate…  ·  Admin →
  4. Ability for Azure AD PIM users to opt-out of e-mail notifications

    It would be nice with an ability to opt-out of the automatic notification that is sent after people elevate their account. Especially for external consultants using their Azure B2B account at multiple customers.

    I get about 10+ mails each that about customers / colleagues that enable their roles using Azure AD PIM:

    Please make it possible to opt-out of the notification mails: "xxxxx activated the THE ROLE in the xxxx.onmicrosoft.com directory"

    Thanks.
    Peter Selch Dahl - Azure MVP

    6 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Privileged Identity Management  ·  Flag idea as inappropriate…  ·  Admin →
  5. PIM - Privileged Identity Management - Different policies for one role

    Would be great to have the possibility to have different policies for same role.

    Example

    PIM Policy - Global Admin Require Approval: No
    User1 will have to request access to 'Global Admin' through PIM and will be automatically granted the role

    PIM Policy - Global Admin Require Approval: Yes
    User2 will have to request access to 'Global Admin' through PIM and request needs to be 'Approved' by any 'Global Admin'

    2 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Privileged Identity Management  ·  Flag idea as inappropriate…  ·  Admin →
  6. Enable PIM assignment for a guest user in a specific directory

    We use powershell to activate PIM for users, but when we change to a specific directory, the get-privilegedroleassignment cmdlet still lists the roles available in the "home" directory, rather than the directory that you're currently in..

    connect-pimservice -TenantName <XXXX>

    has no effect on the get-privilegedroleassignment command

    8 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Privileged Identity Management  ·  Flag idea as inappropriate…  ·  Admin →
  7. Ability to search on all Azure resources and resource groups in the "Resource filter" experience

    Azure resources/resource groups search in PIM doesn’t search my entire pool of resources /resource groups. It only searches by page. I have to click "load more" 15+ times to find some of my resource groups which is a horrible UX and seems more like a bug to me.

    11 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Privileged Identity Management  ·  Flag idea as inappropriate…  ·  Admin →
  8. Error Insufficent roles or permission

    It has been observed that after enabling the GA role in the tenant , access to AIP is restricted.

    The below screen shot is from the Azure Portal itself and does show that after activating a PIM role for all services in the security and compliance center the role can take up to a few hours to activate.

    In the below screen shot this will confirm it is a known issue with PIM in Azure and they are working on resolving it. Unfortunately, the time delay will fluctuate from a few minutes some days to a “few hours”. Because Azure…

    4 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Privileged Identity Management  ·  Flag idea as inappropriate…  ·  Admin →
  9. Add Roles and Groups from other M365 services to PIM

    Enable PIM to support roles and groups from other M365 services such as Intune Roles and AzureAD groups to support services like MCAS and Defender ATP

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Privileged Identity Management  ·  Flag idea as inappropriate…  ·  Admin →
  10. Push notification when new request is pending of approval on PIM

    Currently, the only option for PIM approvers to receive notification of a new request is email (or my log in at AAD PIM -> Approve Requests).
    By having a push notification, the approval process would be faster when email is not monitored.

    4 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Privileged Identity Management  ·  Flag idea as inappropriate…  ·  Admin →
  11. To provide the option to the admins to enforce the Password complexity options by selecting all the 4 combinations of properties.

    admins should be able to manage AD as well as Azure AD to enforce password complexity by using all 4 options. Currently only 3 out of 4 are applied while changing user password,

    Characters allowed
    A – Z
    a - z
    0 – 9
    @ # $ % ^ & * - _ ! + = [ ] { } | \ : ‘ , . ? / ` ~ " ( ) ;
    blank space

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Privileged Identity Management  ·  Flag idea as inappropriate…  ·  Admin →

    Thanks for the valid suggestion. Your feedback is now open for the user community to upvote which allows us to effectively prioritize your request against our existing feature list and also gives us insight into the potential impact of implementing the suggested feature

  12. PIM Review Settings

    For PIM, there should be a way and documentation regarding how to change reviewers. Currently when it's set to self-review, there is no way to change the setting except by deleting the review and starting over.

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Privileged Identity Management  ·  Flag idea as inappropriate…  ·  Admin →
  13. Privileged Identity Management Activations duration should have both Maximum and Default activation duration.

    Privileged Identity Management Activations duration should have another configuratuion settings together with Maximum activation duration.

    - Maximum activation duration set to 8 hours
    - Default activation duration set to 4 hours

    This way administrators can extend the time if requered, replaces the need for automaticly have maximum activation time

    3 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Privileged Identity Management  ·  Flag idea as inappropriate…  ·  Admin →
  14. PIM make incident/request ticket number visible in approve/deny flow

    If the option "Require incident/request ticket number during activation" is enabled it should also be visible to the approver when making the decision on approve or deny.

    As it is now it is only visible after the decision on approve or deny is made.

    8 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Privileged Identity Management  ·  Flag idea as inappropriate…  ·  Admin →
  15. Azure AD PIM directory roles audit history support for 1 year

    For customers that have purchased the Microsoft Office 365 E5 license for there users and new logging feature exist that extends standard logging in Azure AD for 1 year. The feature is known as "Long-term Office 365 audit log private preview" and is mentioned in this article: https://docs.microsoft.com/en-us/office365/securitycompliance/search-the-audit-log-in-security-and-compliance

    Please allow "Directory roles audit history" to search back in time for at least a year, if customers have the proper logs available in there Azure AD tenants.

    Workaround: As a work around for now. I'm using Azure Log Analytics for storing role changes for long-term history. Customers would like to see…

    5 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Privileged Identity Management  ·  Flag idea as inappropriate…  ·  Admin →
  16. Organization Management / Search and Purge

    In order to combat dangerous / phishing messages, is it possible to add the O365 Organization Management or the Search and Purge management role into PIM?

    Since these roles are very powerful, it would be great if they can be added.

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Privileged Identity Management  ·  Flag idea as inappropriate…  ·  Admin →
  17. PowerShell module to manage and configure Azure RM PIM roles

    It is tedious and error-prone to manually configure PIM roles on multiple individual resources/resource groups through the portal. Would be nice to have a PowerShell module to make this task easier.

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Privileged Identity Management  ·  Flag idea as inappropriate…  ·  Admin →
  18. Allow Azure AD member to request role eligibility in Azure AD PIM

    I heard from customers that they would like the ability to switch on a toggle in Azure AD PIM that would allow normal users to request eligibility for a Azure AD Role.

    Basically:

    1. Toggle On - > Allow members to request Azure AD Role
    2. User/Member request role eligibility / Azure AD role
    3. Azure AD PIM admin approves the request for becoming member of the Azure AD role and with either eligibility/approval depending on the default roles.
    4. The member/user would afterwards be able to request approval / eligibility and get approval by the defined approver.

    2 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Privileged Identity Management  ·  Flag idea as inappropriate…  ·  Admin →
  19. Add support to group multiple Azure Resource Role assignments for one single activation

    We're using Azure AD PIM to assign permissions for our admins and developers. We're using Resource Groups as the scope for all role assignments. We have divided our Azure resources in a different resource groups depending on the application or service life-cycles.
    Using Resource Groups as the scope in PIM works good but sometimes it results in many activations for our users. If we have an app service in one RG that relies on an App Service Environment that's located in another RG that relies on a vNet located in a third RG the users needs to activate three role…

    7 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Privileged Identity Management  ·  Flag idea as inappropriate…  ·  Admin →
  20. Enable 'require approval' on a per user (vs per role) basis

    Currently, PIM only provides a "Require approval to activate this role" setting on a per role basis. I would like to see this on a PER USER basis. So a user would be either: Permanent, Eligible, or Eligible (approval required)".

    This is more in line with the trust model we want, allowing fewer permanent assignments. Some people would be trusted to self-elevate; others would require independent approval.

    2 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Privileged Identity Management  ·  Flag idea as inappropriate…  ·  Admin →
← Previous 1 3 4 5
  • Don't see your idea?

Feedback and Knowledge Base