AzureAD Role Delegation to Groups
Currently in AzureAD msolroles can only be assigned to users and servicePrincipals using the add-msolRoleMember cmdlet. Groups cannot be a msol-roleMember - although the add-msolroleMember cmdlets' RoleMemberType Parameter can be set to Group. But we always get an exception which says that this value is invalid....
Usually we delegate access to resources using ActiveDirectory Groups instead of users, which makes the Management much easier. To achieve a Role Delegation to Groups we have to deploy a Powershell that synchronizes Group-Members with Role-Members of a specific role. This is a valid Workaround but a nasty one compared to a direct delegation to AzureAD Groups.
Just wanted to post another update that this is a high priority, but we do not have any details to announce yet.
/Stuart and Vince
I agree. Has this gone anywhere? It's crazy to me that one has to log into the various Admin Centers in O365 and assign in some instances multiple roles to potentially multiple users vs. having the ability to use AD-synced groups nested in those roles.
Definitely a must have
Luckily we have a relatively small team but this would make adminsitration easier going forward.
Absolutely an improvement to assign Azure AD Management rights to AD Groups !
I am working with a customer who has a number of security requirements . they are looking at managing the office 365 admin access based on the users AD Group membership. What would be really useful is the ability to assign Office 365 Admin roles to a group as opposed to a user explicitly.
This is all for their internal auditing purposes and processes. Users request access to a specific services through their service desk and through their internal processes a request is raised, then approved by a manager and the user is then added in to the relevant AD Group. this would then be synced to O365 and the user would then have the relevant Admin role assigned as opposed to someone logging on to add the role in the cloud.
has this been implemented yet?