PIM - Configure default settings for all role assignments
Separate custom settings for every role in every resource scope is really unwieldy, and makes it infeasible to manage effectively.
Please consider a configuration for default settings that apply to all roles and scopes (maybe separate for Azure RBAC vs AAD?) so that we can make baseline tenant level configuration change.
e.g. I would like PIM eligible assignment to default to a maxiumum duration of 2 hours instead of 1; I would like activation to require MFA always; I would like to change the notification lists.
Morgan Simonsen commented
Why can't we just use the "Other Emails" attribute on admins to forward whatever messages they should receive to a licensed user with a mailbox? That would take care of all notifications, not just the ones for PIM. If Other Emails could work something like "targetAddress" does in Exchange we would be good.