Azure Active Directory

Welcome to the Azure Active Directory suggestions and feedback site! We love hearing from you. If you have suggestions, please submit an idea or vote up an idea. We are monitoring the site actively.

Thank you for joining our community and helping improve Azure AD!

Wehave a new log in experience integrated with Azure AD, and we stronglyrecommend you log in with your Azure AD (Office 365) account. If yourUserVoice account is the same email address as your Azure AD account, yourprevious activities will be automatically mapped to your Azure AD account.  You can read more here for details: https://techcommunity.microsoft.com/t5/Azure-Active-Directory-Identity/Putting-customers-first-for-f...

How can we improve Azure Active Directory?

(thinking…)

Enter your idea and we'll search to see if someone has already suggested it.

If a similar idea already exists, you can support and comment on it.

If it doesn't exist, you can post your idea so others can support it.

Enter your idea and we'll search to see if someone has already suggested it.

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. Enable synchronized AD groups (or AAD groups) to map to PIM.

    Rather than adding single accounts from AAD (which may be synched from AD), it would be great to map AAD (or synched AD) groups to eligibility rules. E.g. AAD group A is eligible for Role Exchange Admin. That way, one could administer AD groups for privileged access like in RBAC and use PIM to activate the privileges. Adding single users may be difficult to handle in large environments.

    57 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    planned  ·  6 comments  ·  Privileged Identity Management  ·  Flag idea as inappropriate…  ·  Admin →
  2. Enable PIM role assignment by Group membership.

    It would be nice to enable PIM roles to be linked not only to direct assignment to users but also to groups. This enables integration with on-premise IAM solutions that have not been extended to support the Graph API calls to PIM for role management.

    42 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    under review  ·  8 comments  ·  Privileged Identity Management  ·  Flag idea as inappropriate…  ·  Admin →
  3. Powershell Enable PIM Role Assignment

    We plan to utilize PIM for Azure Resources (Resource Groups), however it is currently not possible to automate thorugh Powershell. It would be nice if existing Roles could be made eligable and configurated with it's settings thorugh powershell when creating resources/resource groups through powershell.

    41 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    planned  ·  5 comments  ·  Privileged Identity Management  ·  Flag idea as inappropriate…  ·  Admin →
  4. Make a App for AzureAD PIM to activate my roles

    Please Make a App for AzureAD PIM to activate my roles - so that the admin user that's only are using portal.office.com need to go into portal.azure.com to active the PIM roles (like global admin)

    33 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    under review  ·  8 comments  ·  Privileged Identity Management  ·  Flag idea as inappropriate…  ·  Admin →
  5. Azure PIM support for custom Exchange RBAC Role Groups

    Add support to manage custom Exchange RBACs through Azure PIM. Currently, as far as I can tell, it is only possible to manage the built-in “Exchange Administraor” role through PIM. However we do not use this role because it provides access to far too many Exchange cmdlets. Instead we have created many custom Exchange RBACs and associated Role Groups which provide minimum levels of access for various different teams in our organisation. We have been testing Azure PIM and would like to use it but it only works with the built-in all powerful “Exchange Administraor” role. Please add support to…

    28 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    2 comments  ·  Privileged Identity Management  ·  Flag idea as inappropriate…  ·  Admin →
  6. PIM in Office 365 Admin Portal

    Will be nice, if Azure AD PIM funcionality and user and admin controls will be somewhere accessible also from Office 365 Admin Portal, not only Azure Portal.

    For example, if PIM is enabled for user and he has not proper rights and go to Admin Center, he is automatically redirected to PIM console.

    27 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    6 comments  ·  Privileged Identity Management  ·  Flag idea as inappropriate…  ·  Admin →
  7. Add support for Time-bound Group membership in Azure AD like Active Directory 2016

    Please add support for Time-bound Group membership in Azure AD like Active Directory 2016. It would be a very appreciated option for managing access like in MIM PIM.

    And if you consider doing this... Please also extend the functionality to Azure PIM to manage temporary membership and approval

    23 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    3 comments  ·  Privileged Identity Management  ·  Flag idea as inappropriate…  ·  Admin →
  8. Additional Email Notifications when Azure AD PIM

    We would like to suggest the ability to request additional email notifications when an Azure AD Privileged Identity Management admin role has been enabled. Only the user themselves can receive email notices that their admin role has been activated. We would like the ability for additional emails to be sent to other sources for auditing reasons. Currently that functionality is not available.

    20 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    3 comments  ·  Privileged Identity Management  ·  Flag idea as inappropriate…  ·  Admin →
  9. Azure AD Privileged Identity Management - Display elevation propagation process

    It would be beneficial to be able to track how the role elevation is propagating in the various components in Azure AD/Office 365. It's possible the you activate a role but it would only come effective several minutes later. From a user experience standpoint, the expectation is that everything is active right away once we receive the notification from the Azure Portal. If everything cannot get activated right away, it would be beneficial to be able to track the progress of the activation.

    19 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Privileged Identity Management  ·  Flag idea as inappropriate…  ·  Admin →
  10. Support webhooks for Azure PIM Approval Request

    It would be really great, if you would consider adding support for Webhooks as part of the newly introduced Azure PIM Approval workflowfeature. We would be able to do a lot of interesting stuff with this option :). Alternatively we would have to perform a pull for new approval request all the time. #automation #flow #apps

    https://blogs.technet.microsoft.com/enterprisemobility/2017/05/24/azure-ad-privileged-identity-management-approval-workflows-are-now-in-public-preview/

    17 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    under review  ·  1 comment  ·  Privileged Identity Management  ·  Flag idea as inappropriate…  ·  Admin →
  11. PIM option to request access to AD groups

    PIM option to request access to AD groups

    In our environment, we have AD groups with specific resource rights for the different environments. (OTAP).
    It would be nice if it is possible to ask permission to be added temporarily to an Azure group for the time specified.

    16 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Privileged Identity Management  ·  Flag idea as inappropriate…  ·  Admin →
  12. Expose AzureAD PIM Alerts via an API

    AzureAD (AAD) PIM generates alerts when there is suspicious or unsafe activity in the environment. When an AAD PIM alert is triggered, it shows up on the PIM dashboard. We would like for the PIM alerts to be exposed via an API so that we can integrate these alerts with our SIEM solution.

    16 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    under review  ·  1 comment  ·  Privileged Identity Management  ·  Flag idea as inappropriate…  ·  Admin →
  13. Apply the role faster on the backend

    Our customers often mentioned it takes a long time for the role to become active for the end users.

    Can you make it apply the role faster on the backend. They expect maybe 30 seconds for the role to become active.

    16 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    planned  ·  0 comments  ·  Privileged Identity Management  ·  Flag idea as inappropriate…  ·  Admin →
  14. Disabling email notifications for activation of azure ressources in PIM

    When a contributor activates his role in PIM, the owners of the subscription receive an email notification as well. We would like to have the possibility to remove this notification.

    14 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Privileged Identity Management  ·  Flag idea as inappropriate…  ·  Admin →
  15. Allow 3rd party MFA with PIM

    Azure conditional access policies allow for 3rd party MFA, such as Duo, but Azure PIM does not allow this level of customization with the "Require MFA" configuration for a PIM role. This means that we need to manage 2 different MFA platforms if we're going to leverage both Duo MFA and Azure PIM for security. I'd like the ability to use Duo MFA when activating a PIM role.

    13 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Privileged Identity Management  ·  Flag idea as inappropriate…  ·  Admin →
  16. Additional Approval Options for PIM Roles

    Within the PIM Roles setup, we would like to have the option for some users to be set as 'eligible' and require approval with others in the same role set as 'eligible' and not require approval. Currently, approval is only an all or none option on each role.

    13 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    2 comments  ·  Privileged Identity Management  ·  Flag idea as inappropriate…  ·  Admin →
  17. Force admins to verify via MFA with every activation request

    If PIM role activation requires MFA verification the MFA back-end will abide by the "Don't prompt me again for X days" option which results in admins not being prompted to verify for a role activation.

    PIM should allow for the ability to ignore this setting and prompt admins every time they activate an admin role even though they may not have been prompted when logging into the Azure portal. Placing the MFA gate in front of admin role activation is the whole point to PIM.

    11 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    under review  ·  1 comment  ·  Privileged Identity Management  ·  Flag idea as inappropriate…  ·  Admin →
  18. Allow longer activation duration for all roles

    Allow a larger max activation duration for all roles. Increase the existing 72 hours max to at least 120 hours (Full work week).

    10 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Privileged Identity Management  ·  Flag idea as inappropriate…  ·  Admin →
  19. Extend PIM to manage group membership

    Enable PIM usage to support any Azure AD group membership controls enabling a time based group membership experience using PIM UI and approval functionality.

    10 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    3 comments  ·  Privileged Identity Management  ·  Flag idea as inappropriate…  ·  Admin →
  20. Be able to select multiple roles for a single user in PIM

    Currently when a new admin is added in AAD, his admin roles can be added only one by one in PIM. It would be great to have another PIM UI workflow to start with the user and not the role. You would select the user and then select any amount of valid roles for this user.

    10 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    under review  ·  0 comments  ·  Privileged Identity Management  ·  Flag idea as inappropriate…  ·  Admin →
← Previous 1 3 4
  • Don't see your idea?

Feedback and Knowledge Base