Already noted at https://github.com/Azure/azure-powershell/issues/9160, and credit to https://github.com/bingbing8 for describing it very well:

I would like a way to use X509Certifciate2 object in memory to authenticate to a service principal. Using an in-memory certificate would increase security over the current method of having to save the cert to file then import to the cert store, in cases where the connection is temporary and saving it to a temporary file is not ideal.

The AzureADPreview module includes PIM commandlets that purport to enable reporting on PIM role assignments for Azure resources (https://docs.microsoft.com/en-us/powershell/module/azuread/get-azureadmsprivilegedroleassignment), but it doesn't seem to work, and there is no documentation or examples that include how to get subscription-level assignments (i.e. what is the "ResourceID" for a subscription?). There is documentation on doing this for AAD (https://docs.microsoft.com/en-us/azure/active-directory/privileged-identity-management/powershell-for-azure-ad-roles), but nothing for ARM.

Please make PIM for Azure Resources completely manageable from PowerShell.

MFA audit log for security use cases

I wanna ask Microsoft to make available MyStaff portal for all education subscriptions, because it would be useful to allow education departments and faculties, students supervisor to oversee and manage their students data directly

Please add the requisite licenses and subscriptions to all features and all docs about those features, such as https://docs.microsoft.com/en-us/azure/active-directory/roles/groups-assign-role?bcqr=true&WT.mcid=Portal-MicrosoftAzure_Support. This will avoid some confusion around why the features do not appear for some users.

Add the details from the manually managed Azure Licensing Service Plan Reference page to an API so that the values and lookups can be obtained programmatically.
https://docs.microsoft.com/en-us/azure/active-directory/enterprise-users/licensing-service-plan-reference

AT LEAST provide the ability to map a skuId (GUID) or String ID to a user friendly Product Name. Adding details about what Service Plans are included in each product would be a bonus.
Example:

Product name: APP CONNECT IW
String ID: SPZA_IW
GUID: 8f0c5670-4e56-4892-b06d-91c085d7004f

Service plans included:

Service Plan: APP CONNECT
String ID: SPZA
GUID: 0bfc98ed-1dbc-4a97-b246-701754e48b17

Service Plan: EXCHANGE FOUNDATION
String ID: EXCHANGESFOUNDATION
GUID: 113feb6c-3fe4-4440-bddc-54d774bf0318

see above

It would be great to make compatible delegated administration privileges with B2B, as this affects B2B collaborations when external users tried to gain access to Access Packages in Azure AD - Entitlement management.

ԱԲ315933

New

Já tive minha conta raqueda 2 vezes nessa empresa mesmo com todas as provas que a conta é minha comprovando email e dados disseram que nao pode me ajudar 3 dias depois de vários pedidos de socorro.
O racker pode usar seus dados porque ele tem livre acesso mais o cliente nemmoral tem porque para eles a desconfiança e do cliente e nao de quem está roubando seus dados infelizmente uma conta que tenho mais dez anos mas que nao faço mais questão a concorrência está 10 x a frente em relação suporte ao cliente uma vergonha Microsoft outlook

Insider Risk Management Role is not available in PIM role at the moment. Please add the below Role groups to PIM so that users can manage insider risk management features

insider Risk Management Admin
Insider Risk Management
Insider Risk Management Analysts

Insider Risk Management Investigators

I had query like how to control tags only on resources by RBAC

We turn off phone and SMS authentication for security reasons, however how specific applications used by outside contractors that we don't want to support helping them install and configure the Authenticator app.
It would be helpful to have the ability to configure the authentication options for specific groups, or at least do so via powershell per user, not just one option tenant wide.

The OATH tokens can be activated only by Global Administrator at the moment which is really hard to dispatch the hardware tokens. If there is a RBAC role, it can be assigned to HelpDesk and get the OATH tokens activated on demand.
The support of OATH tokens released in 2018 but RBAC is not yet in place.

Make Azure Application Proxy available in South Africa North Region, latency is just to high when you have your connector server running on premises. US is 250ms + and Europe is 150ms +. With this kind of latency application proxy will just be to slow to use in South Africa.