Azure Active Directory
Welcome to the Azure Active Directory suggestions and feedback site! We love hearing from you. If you have suggestions, please submit an idea or vote up an idea. We are monitoring the site actively.
Thank you for joining our community and helping improve Azure AD!
Wehave a new log in experience integrated with Azure AD, and we stronglyrecommend you log in with your Azure AD (Office 365) account. If yourUserVoice account is the same email address as your Azure AD account, yourprevious activities will be automatically mapped to your Azure AD account. You can read more here for details: https://techcommunity.microsoft.com/t5/Azure-Active-Directory-Identity/Putting-customers-first-for-f...
-
Utilize AAD Security Groups for Device "Additional Local Administrators" support
Emulating the Intune Roles method with Assignments, Members and Scopes would be ideal. Also the ability to disable Global Admin access (limit to groups/scopes added).
158 votesWe’re currently working on this capability and will provide an update when it’s done.
However, instead of expanding the “Additional Local administrators” setting, we will support adding AAD groups to Windows 10 local groups (.e.g Administrators, Remote Desktop Users) via MDM policy and elevate user privileges on logon. This will provide greater flexibility to assign different groups to different devices
—
Ravi -
Delegate permissions to remove devices
The user role User administrator is not able to remove users registered device objekts in Azure AD. I think that roles should be granted that permisson.
Or create an addiotional role that have the permission to remove device objects in Azure AD.69 votesCloud Device Administrator is the new role that will provide this capability . This will be generally available in the coming months
-
AzureAD join give user Admin access- needs to restrict
By Default AzureAD join gives user Admin access can we restrict this? This is a huge security risk.
27 votesThanks for the feedback, this is currently in development. We will be adding an option in Azure AD to control this
Currently, this can be controlled via Windows Autopilot or Bulk enrollment. Please see https://docs.microsoft.com/en-us/azure/active-directory/devices/azureadjoin-plan#understand-your-provisioning-options for more details
/Ravi
- Don't see your idea?