It doesn't appear like there are any PowerShell cmdlets for PIM to support access review creation and management. This would be helpful for automation purposes so someone doesn't have to log into the GUI to create access reviews, check status, etc.43 votes
In the Azure Consent Workflow (currently in preview) once a user is approved they receive an email. It would be great if the approved resource / app was linked so that the user can navigate from the approval email directly to the approved site / resource / app.7 votes
Thanks for the great suggestion! Sending users emails about their approvals and having a link to the resource would be very helpful. I’ll take this back to the team and will update here when we make some progress!
Would be great having the opportunity to edit or add a message into the Email sent by Azure.
Eg. When someone has the role membership denied by a role owner, the user should get the email WITH the reason and not just the email saying that the has been removed.
Also would be great allowing the GA's to add a message or create the reminders by themselves AND schedule it.5 votes
Thanks, the team is reviewing this ask!
At the moment we are not able to download the information with the users listed in Azure AD roles - Alerts. It would be very helpful if we had this option as we have in Access Reviews.3 votes
Thanks for the confirmation, the product team will start the investigation and update here soon.
We have a challenging situation to manage group owners in Azure Active Directory. If a person leaves organization, his/her identity will be set to "disabled" state. Is there a way automatic emails can be sent to admins notifying Group Owner ID is disabled for all the managed groups?2 votes
Hi Jaya, thanks for the feedback! I’d love to understand your scenario a bit more and loop in the team working on Groups. To clarify your concern – Is the disabling of group owners when they leave the organization affecting the completion of your existing access reviews? Feel free to comment here or email firstname.lastname@example.org directly. Thanks!
In access reviews, it would be helpful to see the current status of the account. For example, we have accounts that are recommended for "Deny" but in AAD the account is already blocked from signing-in.
Also accounts surface in the access review that have been removed from AAD.1 vote
Thanks for submitting the feedback!
You’re right that currently we don’t reflect the status of the account in real time, because when the review is created we take a snapshot of the users in the review right before the review starts, so the reviewers get a view of the user’s activity X days before the review. This has been an audit requirement for some customers. I’d like to hear more about your use case in dynamically updating the user’s status, and how that contributes to your audits (if any).
We’ll keep this feedback in mind when planning, thanks again!
Right now, you can only do out of the box emails and approvals. Integrating as an application from flow will allow you to create different approval processes as needed; and customize email messages as needed.1 vote
Hi Justin, thanks so much for the feedback! We currently use AEO (Azure email orchestrator) for sending emails, I can see how Flow can be helpful here, will look into it with the team, thanks for the suggestion! Do you know any services customizing their emails using Flow? I would love to know!
- Don't see your idea?