Azure Active Directory

Welcome to the Azure Active Directory suggestions and feedback site! We love hearing from you. If you have suggestions, please submit an idea or vote up an idea. We are monitoring the site actively.

Thank you for joining our community and helping improve Azure AD!

Wehave a new log in experience integrated with Azure AD, and we stronglyrecommend you log in with your Azure AD (Office 365) account. If yourUserVoice account is the same email address as your Azure AD account, yourprevious activities will be automatically mapped to your Azure AD account.  You can read more here for details: https://techcommunity.microsoft.com/t5/Azure-Active-Directory-Identity/Putting-customers-first-for-f...

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. Access package policy for dynamic assignment

    The ability to have a policy to dynamically assign access packages automatically to users, based on criteria / filters is very important, as this will greatly improve an organizations ability to provide a set of default access packages to their users based on division, company, etc.

    17 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    under review  ·  2 comments  ·  Entitlement Management  ·  Flag idea as inappropriate…  ·  Admin →
  2. Allow Multi-Stage Reviews And Active Directory Manager Reviews

    Please allow multi-stage reviews. This is already the case for approvals. Compliance/Audit teams typically have one person/group reviewing fist, and another person/group of higher job title/function/level reviewing after.
    Also, we already have the option to make the Manager (via the manager attribute in Active Directory) an approver. Please make this available for Reviews as well.

    11 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Entitlement Management  ·  Flag idea as inappropriate…  ·  Admin →
  3. Allow on behalf of requests for manager approval

    The existing manager approval is great, but often a manager would like to be able to assign certain permissions before the user has his first working day.

    An option allowing a manager to request access packages on behalf of their direct reports, or for a manager to assign their direct reports access packages that have a manager approval policy linked to it, would greatly improve the manager experience.

    6 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Entitlement Management  ·  Flag idea as inappropriate…  ·  Admin →
  4. Customized message for approved access packages

    When access package requests are being approved, the user receives a generic email informing of "You now have access to XYZ".
    It would improve the service vastly if the contents of this "approved-mail" could be customized with further instructions for where the user may access the resources they have been assigned.

    As it is now, the user even get's a misleading button in the email saying "Get started" which just leads back to the My Access portal.

    4 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    under review  ·  0 comments  ·  Entitlement Management  ·  Flag idea as inappropriate…  ·  Admin →
  5. Support Exchange Groups in Entitlement Management

    In order to improve easy of adoption for existing organizations, Distribution groups and Mail Enabled Security Groups needs to be supported as resoruces for access packages

    3 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Entitlement Management  ·  Flag idea as inappropriate…  ·  Admin →
  6. NDA / DPA Requirenments

    We have a large number of independent companies (legal entities).Each company is obliged to sign an NDA with each supplier whose employees we authorize in the tenant. The purpose of the data processing must be defined by a DPA between a company and the supplier.

    DPA Suplier <> Company.Data could perhaps be implemented at Access Package level

    NDA Suplier <> Company could perhaps be implemented at the catalog level

    Allow the Catalog Owner role to add a Connected Organization

    Allow the Catalog Owner role to manage which connected organizations may be used in the catalog

    3 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Entitlement Management  ·  Flag idea as inappropriate…  ·  Admin →
  7. Entitlement Management, Graph API: Filtering on nested objects.

    Filtering on nested objects with Graph API in Entitlement Management is currently very limited and is thus also limiting the flexibility by programmatically scripting Automation runbooks.

    Example:
    Filtering on "requestorSettings/scopeType" is not supported. This would be good to have in order to filter out assignmentPolicies that are for example admin-add only.

    https://graph.microsoft.com/beta/identityGovernance/entitlementManagement/accessPackageAssignmentPolicies?$filter=requestorSettings/scopeType eq 'NoSubjects'

    Returns:
    "error": {
    "code": "InvalidFilter",
    "message": "OData query is invalid: Filter 'requestorSettings/scopeType Equals NoSubjects is not supported. .",

    3 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Entitlement Management  ·  Flag idea as inappropriate…  ·  Admin →
  8. Support License Assignment on Entitlement Management

    Currently, we are using assignment to group method for office 365 license.
    I hope enhance our administration for license assignment task.

    If you support to license assignment on entitlement management, we are able to complex license assignments for restrict access users.
    (ex. only e-maill access, device managment only, etc.)

    I hope support the entitlement management to the license resource.

    3 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Entitlement Management  ·  Flag idea as inappropriate…  ·  Admin →
  9. Integrate Entitlement Management with MyApps

    It would be great integrate Entitlement Management with the MyApp portal.

    Example:
    1) User navigates to the MyApps portal and clicks on "+Add app"
    2) Within Entitlement Management, there are a number of applications that the user is already entitled too, but require either approval or a licence.
    3) These applications are listed within the "+Add app" section.
    4) User selects an application within this section, which then starts the approval process within Entitlement Management. It would be a great user experience to be redirected to the MyAccess portal, or this is done transparently.
    5) User and approvers receive emails…

    3 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Entitlement Management  ·  Flag idea as inappropriate…  ·  Admin →
  10. Entitlement Management Role enhancements

    We have some usages of applications and SharePoint that entail a large number of roles and individuals can be members of lots of them. At this point, we'd have to create a package for each role and grant access to individuals for each one.

    I'd like the ability to create a package that's tied to the underlying applications. Then define the package roles that correlate to various roles in the underlying applications (And one package role could be multiple application roles, like multiple SharePoint groups). And finally, allow for users to select 1 or more of the roles of the…

    2 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Entitlement Management  ·  Flag idea as inappropriate…  ·  Admin →
  11. Ability to remove last assigned User Access Administrator in a subscription

    When subscriptions are created, they inherit a User Access Administrator from Root. If we add a User or Group to the User Access Administrator role to the Subscription, we are no longer able to remove it after even though it could be redundant due to inheritance from the group above. We have to assign a new permission to be able to remove a previous assignment. From my understanding this is so that we do not lose access to the subscription. I believe this behavior should only exist at the Root level because a Subscription will always inherit permissions from those…

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Entitlement Management  ·  Flag idea as inappropriate…  ·  Admin →
  12. Add Custom Fields when Requesting Access Package

    Ability to add new fields to the Request Access Package blade - We use EM for JIT access to specific services/resources and is all based on tickets generated in ITSM.

    It would be great to make mandatory a custom 'ticket number' field, then we can use that value along with a workflow to update the ITSM ticket with the Access Package request information.

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Entitlement Management  ·  Flag idea as inappropriate…  ·  Admin →
  13. Make Entitlement Management part of Identity & Threat Protection

    Currently, it's only comming to AAD P2, but it would make sense to have it in Identity & Threat Protection as well.

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Entitlement Management  ·  Flag idea as inappropriate…  ·  Admin →
  • Don't see your idea?

Feedback and Knowledge Base