Update: Microsoft will be moving away from UserVoice sites on a product-by-product basis throughout the 2021 calendar year. We will leverage 1st party solutions for customer feedback. Learn more here.

Azure Active Directory

Welcome to the Azure Active Directory suggestions and feedback site! We love hearing from you. If you have suggestions, please submit an idea or vote up an idea. We are monitoring the site actively.

Thank you for joining our community and helping improve Azure AD!

Wehave a new log in experience integrated with Azure AD, and we stronglyrecommend you log in with your Azure AD (Office 365) account. If yourUserVoice account is the same email address as your Azure AD account, yourprevious activities will be automatically mapped to your Azure AD account.  You can read more here for details: https://techcommunity.microsoft.com/t5/Azure-Active-Directory-Identity/Putting-customers-first-for-f...

How can we improve Azure Active Directory?

(thinking…)

Enter your idea and we'll search to see if someone has already suggested it.

If a similar idea already exists, you can support and comment on it.

If it doesn't exist, you can post your idea so others can support it.

Enter your idea and we'll search to see if someone has already suggested it.

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback

  1. AzureAD Role Delegation to Groups

    Currently in AzureAD msolroles can only be assigned to users and servicePrincipals using the add-msolRoleMember cmdlet. Groups cannot be a msol-roleMember - although the add-msolroleMember cmdlets' RoleMemberType Parameter can be set to Group. But we always get an exception which says that this value is invalid....
    Usually we delegate access to resources using ActiveDirectory Groups instead of users, which makes the Management much easier. To achieve a Role Delegation to Groups we have to deploy a Powershell that synchronizes Group-Members with Role-Members of a specific role. This is a valid Workaround but a nasty one compared to a direct delegation…

    621 votes

    We're glad you're here

    Please sign in to leave feedback
    Signed in as (Sign out)
    Close
    Close

    We’ll send you updates on this idea

    83 comments  ·  Role-based Access Control  ·  Flag idea as inappropriate…  ·  Admin →
    started  ·  AdminAzure AD Team (Product Manager, Microsoft Azure) responded

    Folks,
    Assigning built-in roles, custom roles and admin unit scoped roles to cloud groups is in public preview. Thanks a ton for all the great feedback that you shared with us. Here’s the published documentation -

    https://docs.microsoft.com/en-us/azure/active-directory/users-groups-roles/roles-groups-concept

    https://docs.microsoft.com/en-us/azure/active-directory/privileged-identity-management/groups-features

    Next steps —> Support for on-prem groups. Stay tuned!

    Regards,
    Abhijeet Kumar Sinha
    Azure Active Directory Team

  2. RBAC for AAD

    The Azure teams have done an awesome job implementing RBAC. I would love to have this same functionality (granular permissions + custom roles) for AAD itself.

    Currently there's too many activities that only a global admin can do. RBAC would allow us to delegate appropriate activities without increasing our security attack surface.

    372 votes

    We're glad you're here

    Please sign in to leave feedback
    Signed in as (Sign out)
    Close
    Close

    We’ll send you updates on this idea

    44 comments  ·  Role-based Access Control  ·  Flag idea as inappropriate…  ·  Admin →
    started  ·  AdminAzure AD Team (Product Manager, Microsoft Azure) responded

    Hi folks,
    Just a quick update here. We’re still actively working on support for custom roles (RBAC) across Azure AD. Stay tuned for more announcements in the next couple of months.

    You can have a look at what we’ve shipped thus far (custom roles for application registration management) here – https://docs.microsoft.com/en-us/azure/active-directory/users-groups-roles/roles-custom-overview.

    Regards,
    Vince Smith
    Azure Active Directory Team

  3. We need to be able to manage Azure AD helpdesk administration & other administration roles via on-prem AD groups

    One Item I would like corrected \ added as a feature.
    We need to be able to manage Azure AD helpdesk administration & other administration roles via on-prem AD groups. Currently we need to add users individually to each of the various roles. Helpdesk is a good example of this as many people come & go from this role & we need to add and remove users individually to the Azure AD Helpdesk administration role. If we had a AD group (example: Servicedesk AD group) with all members of the helpdesk in there, we just have to manage this group…

    64 votes

    We're glad you're here

    Please sign in to leave feedback
    Signed in as (Sign out)
    Close
    Close

    We’ll send you updates on this idea

    5 comments  ·  Role-based Access Control  ·  Flag idea as inappropriate…  ·  Admin →
    started  ·  AdminAzure AD Team (Product Manager, Microsoft Azure) responded

    Hi,
    Assigning cloud groups to built-in roles is in public preview starting today. Here’s the published documentation -

    https://docs.microsoft.com/en-us/azure/active-directory/users-groups-roles/roles-groups-concept

    https://docs.microsoft.com/en-us/azure/active-directory/privileged-identity-management/groups-features

    We will get started on on-prem groups shortly. Stay tuned!

    Regards,
    Abhijeet Kumar Sinha
    Azure Active Directory Team

  4. Allow Applications to be added to AD Security Groups

    See https://stackoverflow.com/questions/47762262/add-aad-application-as-a-member-of-a-security-group

    Basically allow adding Service Principals (i.e. Applications) into AD Security Groups just like User Principals are allowed today.

    47 votes

    We're glad you're here

    Please sign in to leave feedback
    Signed in as (Sign out)
    Close
    Close

    We’ll send you updates on this idea

    6 comments  ·  Role-based Access Control  ·  Flag idea as inappropriate…  ·  Admin →

  5. Allow creation of custom directory roles in Azure AD

    Being able to create custom directory roles in Azure AD can allow Administrators the ability to grant users custom tailored roles in Azure AD. One example would be allowing the security office in your organization access to the risky events and risky users tabs with the ability to close,reopen, or mark for false positive without having to give them permissions that they do not need. This essentially takes the idea of "least privileged roles" and expands it to allow for further customization.

    14 votes

    We're glad you're here

    Please sign in to leave feedback
    Signed in as (Sign out)
    Close
    Close

    We’ll send you updates on this idea

    1 comment  ·  Role-based Access Control  ·  Flag idea as inappropriate…  ·  Admin →
    started  ·  AdminAzure AD Team (Product Manager, Microsoft Azure) responded

    Hi,
    This is duplicate of – https://feedback.azure.com/forums/169401/suggestions/12868950 . Latest status of Azure AD custom roles will be updated there.

    Just a quick update here. We’re still actively working on support for custom roles (RBAC) across Azure AD. Stay tuned for more announcements in the next couple of months.

    You can have a look at what we’ve shipped thus far (custom roles for application registration management) here – https://docs.microsoft.com/en-us/azure/active-directory/users-groups-roles/roles-custom-overview.

    Abhijeet Sinha
    Azure AD RBAC team

  6. aad custom roles

    Would be nice if we could create custom aad roles, might be wrong but the concept of creator/owner and being able to assign permissions to the owner role would be nice.

    13 votes

    We're glad you're here

    Please sign in to leave feedback
    Signed in as (Sign out)
    Close
    Close

    We’ll send you updates on this idea

    2 comments  ·  Role-based Access Control  ·  Flag idea as inappropriate…  ·  Admin →
    started  ·  AdminAzure AD Team (Product Manager, Microsoft Azure) responded

    Hi,
    This is duplicate of – https://feedback.azure.com/forums/169401/suggestions/12868950 . Latest status of Azure AD custom roles will be updated there.

    Just a quick update here. We’re still actively working on support for custom roles (RBAC) across Azure AD. Stay tuned for more announcements in the next couple of months.

    You can have a look at what we’ve shipped thus far (custom roles for application registration management) here – https://docs.microsoft.com/en-us/azure/active-directory/users-groups-roles/roles-custom-overview.

    Abhijeet Sinha
    Azure AD RBAC team

  7. Assign directory roles to groups

    Allow the ability to assign Groups to directory roles for better RBAC implementations. As an example, I would like to assign the role "Application Administrator" to a group using the cmdlt add-MsolRoleMember -RoleObjectId "objectID" -RoleMemberType Group -RoleMemberObjectId "objectID" but even though the switch for group is available, it is not supported. So I have to add every single individual user to this role (and many others) in order to extend our on-prem RBAC model to Azure. This is not scalable.

    13 votes

    We're glad you're here

    Please sign in to leave feedback
    Signed in as (Sign out)
    Close
    Close

    We’ll send you updates on this idea

    4 comments  ·  Role-based Access Control  ·  Flag idea as inappropriate…  ·  Admin →
    started  ·  AdminAzure AD Team (Product Manager, Microsoft Azure) responded

    Hi,
    Assigning cloud groups to built-in roles is in public preview starting today. Thanks a ton for all the great feedback that you shared with us. Here’s the published documentation -

    https://docs.microsoft.com/en-us/azure/active-directory/users-groups-roles/roles-groups-concept

    https://docs.microsoft.com/en-us/azure/active-directory/privileged-identity-management/groups-features

    Next steps —> Support for custom roles and on-prem groups. Stay tuned!

    This feedback is similar to – https://feedback.azure.com/forums/169401/suggestions/12938997. Latest status of assigning groups to Azure AD roles will be updated there.

    Regards,
    Abhijeet Kumar Sinha
    Azure Active Directory Team

  8. Enterprise Application

    Create a SSO/Enterprise Application Admin role similar to Intune/Sharepoint admin role. Allow the delegation of the SSO and enterprise applications to an admin other than the global tenant admin.

    8 votes

    We're glad you're here

    Please sign in to leave feedback
    Signed in as (Sign out)
    Close
    Close

    We’ll send you updates on this idea

    1 comment  ·  Role-based Access Control  ·  Flag idea as inappropriate…  ·  Admin →

  9. Add Azure Active Directory Role Customization

    Add a Role Customization for Azure AD Roles to get more specified permission settings in Azure AD

    7 votes

    We're glad you're here

    Please sign in to leave feedback
    Signed in as (Sign out)
    Close
    Close

    We’ll send you updates on this idea

    1 comment  ·  Role-based Access Control  ·  Flag idea as inappropriate…  ·  Admin →
    started  ·  AdminAzure AD Team (Product Manager, Microsoft Azure) responded

    Hi,
    Just a quick update here. We’re still actively working on support for custom roles (RBAC) across Azure AD. Stay tuned for more announcements in the next couple of months.

    You can have a look at what we’ve shipped thus far (custom roles for application registration management) here – https://docs.microsoft.com/en-us/azure/active-directory/users-groups-roles/roles-custom-overview.

    Regards,
    Abhijeet Sinha
    Azure AD RBAC team

  10. A GUI interface for edit or create custom role on Azure

    A GUI interface for edit or create custom role on Azure.

    Currently any custom role create / edit needed to change by powershell, a GUI interface is more user friendly and easy to manage for customer admin.

    7 votes

    We're glad you're here

    Please sign in to leave feedback
    Signed in as (Sign out)
    Close
    Close

    We’ll send you updates on this idea

    1 comment  ·  Role-based Access Control  ·  Flag idea as inappropriate…  ·  Admin →

  11. RBAC roles export/backup

    Currently there are actions that can wipe out RBAC roles such as cross tenant subscription transfers, but there is no way to export these roles so they can be easily applied to the subscription once the transaction is complete. Being able to backup this data/export this data could be useful for a number of applications allowing quick management of access across subscriptions

    1 vote

    We're glad you're here

    Please sign in to leave feedback
    Signed in as (Sign out)
    Close
    Close

    We’ll send you updates on this idea

    0 comments  ·  Role-based Access Control  ·  Flag idea as inappropriate…  ·  Admin →
    started  ·  AdminAzure AD Team (Product Manager, Microsoft Azure) responded

    We shipped ability to export role assignments in Azure AD portal on a per role basis. Next step is ability to export assignments for all roles in one go.

    Azure portal —> Azure Active Directory —> Roles & admin —> {role} —> Download role assignments

    Thanks,
    Abhijeet Kumar Sinha
    Azure AD RBAC team

  12. Separate create and modify permissions for resources

    Make the write permission for resources more granular. There are many cases where we would like to allow admins to modify resources but not create them. To achieve this we have to assign them a role directly to the resource. This would allow a more general assignment with only modify permissions.

    1 vote

    We're glad you're here

    Please sign in to leave feedback
    Signed in as (Sign out)
    Close
    Close

    We’ll send you updates on this idea

    0 comments  ·  Role-based Access Control  ·  Flag idea as inappropriate…  ·  Admin →
    started  ·  AdminAzure AD Team (Product Manager, Microsoft Azure) responded

    Hi,
    Just a quick update here. We’re actively working on support for custom roles (RBAC) across Azure AD. Stay tuned for more announcements in the next couple of months.

    You can have a look at what we’ve shipped thus far (custom roles for application registration management) here – https://docs.microsoft.com/en-us/azure/active-directory/users-groups-roles/roles-custom-overview.

    Regards,
    Abhijeet Sinha
    Azure AD RBAC Team

  13. We would like to have an ETA for when custom Azure AD admin roles will be usable.. This is a huge request from all around the world. Thank

    We would like to have an ETA for when custom Azure AD admin roles will be usable.. This is a huge request from all around the world. Thank

    1 vote

    We're glad you're here

    Please sign in to leave feedback
    Signed in as (Sign out)
    Close
    Close

    We’ll send you updates on this idea

    0 comments  ·  Role-based Access Control  ·  Flag idea as inappropriate…  ·  Admin →

  14. Costume AAD roles creation

    Create customized Azre Active Directory administration roles like RABAC roles on resources.

    1 vote

    We're glad you're here

    Please sign in to leave feedback
    Signed in as (Sign out)
    Close
    Close

    We’ll send you updates on this idea

    0 comments  ·  Role-based Access Control  ·  Flag idea as inappropriate…  ·  Admin →
  • Don't see your idea?

Azure Active Directory

Categories

Feedback and Knowledge Base

(thinking…)
Hosted by UserVoice