It would be VERY beneficial to apply an Access Review policy to new groups as they are created, eliminating the management overhead of creating new policies AFTER each group created.
Also, if a Access Review Policy could be applied to multiple groups at a time, Access Reviewmanagement overhead would be reduced.12 votes
Thanks for the comment! Yes this is a great scenario and the team is invested already, should be making some updates in the next few months. If you have any more feedback or questions on this, feel free to comment on this thread or email email@example.com.
Expand access reviews to support Azure Subscription and Resources for explicit assigned identity.4 votes
Thanks for the suggestion!
Could you please expand on this scenario – Are you referring to review the Azure subscriptions that you own, or review a user on the list of Azure subscriptions s/he has? Thanks!
Our organization requires Managers to approve access to Applications. Please give the option to require a manager to approve application access via the Access Reviews option.4 votes
Hi Justin, thanks for the feedback! It will definitely be helpful to have managers as the reviewers, there is a “manager” attribute in AAD’s user profile, but it’s currently a string only. We are working to improve the architecture first, then we can leverage the data to automatically assign managers to be reviewers. If you have any more feedback or questions on this, feel free to comment on this thread or email firstname.lastname@example.org.
Give us the ability to lower or raise the Risk Level on Risk events. I would like to specifically be able to change Sign-ins from unfamiliar locations to Low due to a high volume mobile workforce.3 votes
Hi there, by “Risk events”, are you referring to the sign-in activity in “Access Info” column from the reviewer experience (access panel)?
There should be a validation message to check the end date before or equal start date.3 votes
Thanks Manli, I have emailed you on 9/11 asking for specifics, could you please check or elaborate on the scenario here? Appreciated!
Access Reviews should let you review guest users access on the directory level. Using a dynamic group with all guest users in it, I should be able to have access reviews DELETE the user from the Azure Active Directory rather than just removing the user from a group.1 vote
Junk it! I've been trying for 1/2 hour. By the time I've sent in a code sent to me, I've received 3 or 4 more new codes. None of them work. Infuriating. Junk it and let me get to my email which is important! Such incompetence... What's the use of sending you my cofc account, I can't get in to read it. **** such incompetence.1 vote
Fix it so I can sign in to my course and post messages and grades. It's completely screwed now. Bill Harter Physics
Make this !@#$%^&* system work!
Cannot access my grade sheets anymore.1 vote
extend access reviews to sharepoint online sites1 vote
Thanks for the suggestion! Could you help me clarify if you want to review the SPO sites you have, or the users that have access to certain SPO sites? Thanks
At the moment we are not able to download the information with the users listed in Azure AD roles - Alerts. It would be very helpful if we had this option as we have in Access Reviews.1 vote
Thanks for the feedback! Is this ask for the Alerts in Azure AD Privileged Identity Management, or a different user experience?
Would be great having the opportunity to edit or add a message into the Email sent by Azure.
Eg. When someone has the role membership denied by a role owner, the user should get the email WITH the reason and not just the email saying that the has been removed.
Also would be great allowing the GA's to add a message or create the reminders by themselves AND schedule it.1 vote
Thanks, the team is reviewing this ask!
This link, in your automated email, does not lead to any "troubleshooter" than can be "run"1 vote
Thanks for the feedback, could you elaborate on the “link” that you are referring to? Screenshots would also help, thanks!
The system is irreversible
Uncontrolled by the concerned body
Can you say yes or no?????1 vote
Could you give a specific example of the problem you encountered?
If a group is empty the owner still get's an email to complete a review, this is confusing as they don't know what to do when they click the link to the review as there are no actions to complete. Access Review should be smart enough to know that an email to the manager is not necessary if there are no members to review.1 vote
Thank you Joachim for the feedback! That is a valid point and we have this feature in our roadmap. Please stay tuned for updates! If you have any more questions – feel free to email email@example.com.
Would be great if Access Reviews could include the on-prem group Domain Admins, and the Cloud based group GLobal Admins. Right now this is not possible.1 vote
Thank you John for the feedback! My understanding is that you are referring to access reviews of privileged roles in the PIM experience.
In regards to reviewing on-prem group Domain Admins, historically, groups like that were blocked by AAD connecto for not sending them to AAD, so they are filtered out.
For cloud based group Global Admins, you can review global admins in the current PIM experience, these 2 articles should help you get started –
If you have any more questions – feel free to email firstname.lastname@example.org
- Don't see your idea?