Azure Active Directory

Welcome to the Azure Active Directory suggestions and feedback site! We love hearing from you. If you have suggestions, please submit an idea or vote up an idea. We are monitoring the site actively.

Thank you for joining our community and helping improve Azure AD!

Wehave a new log in experience integrated with Azure AD, and we stronglyrecommend you log in with your Azure AD (Office 365) account. If yourUserVoice account is the same email address as your Azure AD account, yourprevious activities will be automatically mapped to your Azure AD account.  You can read more here for details: https://techcommunity.microsoft.com/t5/Azure-Active-Directory-Identity/Putting-customers-first-for-f...

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. Enable PIM role assignment by Group membership.

    It would be nice to enable PIM roles to be linked not only to direct assignment to users but also to groups. This enables integration with on-premise IAM solutions that have not been extended to support the Graph API calls to PIM for role management.

    230 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    started  ·  19 comments  ·  Privileged Identity Management  ·  Flag idea as inappropriate…  ·  Admin →
  2. Powershell Enable PIM Role Assignment

    We plan to utilize PIM for Azure Resources (Resource Groups), however it is currently not possible to automate thorugh Powershell. It would be nice if existing Roles could be made eligable and configurated with it's settings thorugh powershell when creating resources/resource groups through powershell.

    109 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    started  ·  7 comments  ·  Privileged Identity Management  ·  Flag idea as inappropriate…  ·  Admin →
  3. Enable synchronized AD groups (or AAD groups) to map to PIM.

    Rather than adding single accounts from AAD (which may be synched from AD), it would be great to map AAD (or synched AD) groups to eligibility rules. E.g. AAD group A is eligible for Role Exchange Admin. That way, one could administer AD groups for privileged access like in RBAC and use PIM to activate the privileges. Adding single users may be difficult to handle in large environments.

    106 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    started  ·  11 comments  ·  Privileged Identity Management  ·  Flag idea as inappropriate…  ·  Admin →
  4. Integrate Azure AD PIM with on-premises AD

    Azure AD PIM is a cool feature, and easy to use. The on-premises MIMPAM solution is the exact opposite experience. It requires a lot of infrastructure to be in place, and different skillsets are needed to make it secure. It's simply too expensive and complex for a lot of organizations to use.

    Integrating AAD PIM with on-premises AD would solve these issues. A cloud based solution, paid by usage (license per user).

    66 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    under review  ·  5 comments  ·  Privileged Identity Management  ·  Flag idea as inappropriate…  ·  Admin →
  5. Add support for Time-bound Group membership in Azure AD like Active Directory 2016

    Please add support for Time-bound Group membership in Azure AD like Active Directory 2016. It would be a very appreciated option for managing access like in MIM PIM.

    And if you consider doing this... Please also extend the functionality to Azure PIM to manage temporary membership and approval

    62 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    started  ·  5 comments  ·  Privileged Identity Management  ·  Flag idea as inappropriate…  ·  Admin →
  6. Make a App for AzureAD PIM to activate my roles

    Please Make a App for AzureAD PIM to activate my roles - so that the admin user that's only are using portal.office.com need to go into portal.azure.com to active the PIM roles (like global admin)

    60 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    under review  ·  11 comments  ·  Privileged Identity Management  ·  Flag idea as inappropriate…  ·  Admin →
  7. Extend PIM to manage group membership

    Enable PIM usage to support any Azure AD group membership controls enabling a time based group membership experience using PIM UI and approval functionality.

    52 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    started  ·  12 comments  ·  Privileged Identity Management  ·  Flag idea as inappropriate…  ·  Admin →
  8. Eliminate delays when activating the SharePoint Administrator role in PIM.

    Currently it can take up to 1 hour or more to wait for permissions to be propagated in the SharePoint environment after activating the SharePoint Administrator role. Logging out, closing all browser windows -- nothing helps.

    This results in lost work time for administrators that require these permissions to do their daily job. And is even worse when there is an issue during off-hours. It does not help your relationship with a business client to tell them that you have to wait for the system to "kick in" and cannot provide an estimate for how long that may take.

    Any…

    46 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    planned  ·  6 comments  ·  Privileged Identity Management  ·  Flag idea as inappropriate…  ·  Admin →
  9. Azure PIM support for custom Exchange RBAC Role Groups

    Add support to manage custom Exchange RBACs through Azure PIM. Currently, as far as I can tell, it is only possible to manage the built-in “Exchange Administraor” role through PIM. However we do not use this role because it provides access to far too many Exchange cmdlets. Instead we have created many custom Exchange RBACs and associated Role Groups which provide minimum levels of access for various different teams in our organisation. We have been testing Azure PIM and would like to use it but it only works with the built-in all powerful “Exchange Administraor” role. Please add support to…

    45 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    planned  ·  2 comments  ·  Privileged Identity Management  ·  Flag idea as inappropriate…  ·  Admin →
  10. PIM in Office 365 Admin Portal

    Will be nice, if Azure AD PIM funcionality and user and admin controls will be somewhere accessible also from Office 365 Admin Portal, not only Azure Portal.

    For example, if PIM is enabled for user and he has not proper rights and go to Admin Center, he is automatically redirected to PIM console.

    45 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    started  ·  7 comments  ·  Privileged Identity Management  ·  Flag idea as inappropriate…  ·  Admin →
  11. Force admins to verify via MFA with every activation request

    If PIM role activation requires MFA verification the MFA back-end will abide by the "Don't prompt me again for X days" option which results in admins not being prompted to verify for a role activation.

    PIM should allow for the ability to ignore this setting and prompt admins every time they activate an admin role even though they may not have been prompted when logging into the Azure portal. Placing the MFA gate in front of admin role activation is the whole point to PIM.

    41 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    under review  ·  2 comments  ·  Privileged Identity Management  ·  Flag idea as inappropriate…  ·  Admin →
  12. Allow 3rd party MFA with PIM

    Azure conditional access policies allow for 3rd party MFA, such as Duo, but Azure PIM does not allow this level of customization with the "Require MFA" configuration for a PIM role. This means that we need to manage 2 different MFA platforms if we're going to leverage both Duo MFA and Azure PIM for security. I'd like the ability to use Duo MFA when activating a PIM role.

    39 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    started  ·  2 comments  ·  Privileged Identity Management  ·  Flag idea as inappropriate…  ·  Admin →
  13. Expose AzureAD PIM Alerts via an API

    AzureAD (AAD) PIM generates alerts when there is suspicious or unsafe activity in the environment. When an AAD PIM alert is triggered, it shows up on the PIM dashboard. We would like for the PIM alerts to be exposed via an API so that we can integrate these alerts with our SIEM solution.

    33 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    under review  ·  3 comments  ·  Privileged Identity Management  ·  Flag idea as inappropriate…  ·  Admin →
  14. Apply the role faster on the backend

    Our customers often mentioned it takes a long time for the role to become active for the end users.

    Can you make it apply the role faster on the backend. They expect maybe 30 seconds for the role to become active.

    31 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    started  ·  0 comments  ·  Privileged Identity Management  ·  Flag idea as inappropriate…  ·  Admin →
  15. PIM option to request access to AD groups

    PIM option to request access to AD groups

    In our environment, we have AD groups with specific resource rights for the different environments. (OTAP).
    It would be nice if it is possible to ask permission to be added temporarily to an Azure group for the time specified.

    28 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    started  ·  1 comment  ·  Privileged Identity Management  ·  Flag idea as inappropriate…  ·  Admin →
  16. Get Privilege Role with their Eligible and Permanent Members List using Powershell

    Please add Azure PIM command, which can provide all roles & their members list (should show Eligible & Permanent attribute too) ?

    Get-PrivilegedRoleAssignment shows role details for logged in user only.

    27 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    started  ·  4 comments  ·  Privileged Identity Management  ·  Flag idea as inappropriate…  ·  Admin →
  17. Support webhooks for Azure PIM Approval Request

    It would be really great, if you would consider adding support for Webhooks as part of the newly introduced Azure PIM Approval workflowfeature. We would be able to do a lot of interesting stuff with this option :). Alternatively we would have to perform a pull for new approval request all the time. #automation #flow #apps

    https://blogs.technet.microsoft.com/enterprisemobility/2017/05/24/azure-ad-privileged-identity-management-approval-workflows-are-now-in-public-preview/

    25 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    under review  ·  2 comments  ·  Privileged Identity Management  ·  Flag idea as inappropriate…  ·  Admin →
  18. Additional Approval Options for PIM Roles

    Within the PIM Roles setup, we would like to have the option for some users to be set as 'eligible' and require approval with others in the same role set as 'eligible' and not require approval. Currently, approval is only an all or none option on each role.

    21 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    planned  ·  2 comments  ·  Privileged Identity Management  ·  Flag idea as inappropriate…  ·  Admin →
  19. Be able to select multiple roles for a single user in PIM

    Currently when a new admin is added in AAD, his admin roles can be added only one by one in PIM. It would be great to have another PIM UI workflow to start with the user and not the role. You would select the user and then select any amount of valid roles for this user.

    20 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Privileged Identity Management  ·  Flag idea as inappropriate…  ·  Admin →

    We are working on assigning roles to groups. With this approach, you can assign multiple roles to a single group, when a user is a member of that group, they will have all the eligible roles assigned to that group.

  20. Customer tenants should be manageable by PIM

    PIM should be able to manage access to customer's tenants. Partner has employees with their own source of authority but should still be able to give out access based on Azure lighthouse for instance. AzLighthouse currently supports groups only, which are not supported by PIM.

    16 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    2 comments  ·  Privileged Identity Management  ·  Flag idea as inappropriate…  ·  Admin →
← Previous 1 3 4 5 6
  • Don't see your idea?

Feedback and Knowledge Base