Ben Hatton

← Customer Feedback for ACE Community Tooling

My feedback

  1. LinkedIn Integration: Need to control whether company users are allowed to share data with LinkedIn

    3 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Forgot password?
    Create a password
    Signed in as (Sign out)
    Close
    Close

    We’ll send you updates on this idea

    1 comment  ·  Azure Active Directory » Other  ·  Flag idea as inappropriate…  ·  Admin →
    Ben Hatton supported this idea  · 
    Ben Hatton commented  · 

    This integration is problematic to say the least.

    a) consent mechanism by-passes the normal 3rd Party AAD user consent security control;
    b) consent UI does not provide full disclosure of what those permission grants mean;
    c) permissions granted to linkedin exposes wildly inappropriate sensitive data and takes consent from a person who does not own that data;
    d) linkedin branding inside the corporate boundary
    e) freely exchanges data between a service designed to protect your information and one that is designed to sell your information
    f) on by default (at least in some tenant types?)

    For those who haven't looked closely, these are the grants:

    People.Read Read users' relevant people lists Allows the app to read a ranked list of relevant people of the signed-in user. The list includes local contacts, contacts from social networking, your organization's directory, and people from recent communications (such as email and Skype).

    Calendars.Read Read user calendars Allows the app to read events in user calendars .

    So basically Linkedin will have the permissions to find out who you've been meeting and communicating with, and why. And don't forget that they have permission to read any attachments to your calendar events too.

    Providing ability to control access to data by third parties is fundamental to OAuth and AAD and this 'functionality' makes AAD a joke. This seriously damages the trust that Microsoft seemed to have been building with Azure and O365 - I wouldn't be surprised to see a run of public Data Breach notifications coming out of companies using O365.

    Remove it entirely. This fails all 6 Microsoft Privacy Principals https://privacy.microsoft.com/en-GB/

  2. Remove LinkedIn Integration

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Forgot password?
    Create a password
    Signed in as (Sign out)
    Close
    Close

    We’ll send you updates on this idea

    0 comments  ·  Azure Active Directory » SaaS Applications  ·  Flag idea as inappropriate…  ·  Admin →
    Ben Hatton shared this idea  · 

  3. Add support for nested groups in Azure AD (app access and provisioning, group-based licensing)

    1,357 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Forgot password?
    Create a password
    Signed in as (Sign out)
    Close
    Close

    We’ll send you updates on this idea

    155 comments  ·  Azure Active Directory » SaaS Applications  ·  Flag idea as inappropriate…  ·  Admin →
    started  ·  AdminAzure AD Team (Product Owner, Microsoft Azure) responded

    We’re continuing to investigate options for adding this support. There are technical challenges to overcome in order to make this happen. We thank you for all your valuable comments so far, and welcome any additional feedback you have on what are the most important use cases involved with these scenarios.

    Ben Hatton supported this idea  · 

  4. Extend PIM into Enterprise Application User Assignment and Roles

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Forgot password?
    Create a password
    Signed in as (Sign out)
    Close
    Close

    We’ll send you updates on this idea

    0 comments  ·  Azure Active Directory » Privileged Identity Management  ·  Flag idea as inappropriate…  ·  Admin →
    Ben Hatton shared this idea  · 

  5. Powershell Enable PIM Role Assignment

    67 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Forgot password?
    Create a password
    Signed in as (Sign out)
    Close
    Close

    We’ll send you updates on this idea

    planned  ·  6 comments  ·  Azure Active Directory » Privileged Identity Management  ·  Flag idea as inappropriate…  ·  Admin →
    Ben Hatton supported this idea  · 

  6. Enable synchronized AD groups (or AAD groups) to map to PIM.

    78 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Forgot password?
    Create a password
    Signed in as (Sign out)
    Close
    Close

    We’ll send you updates on this idea

    started  ·  8 comments  ·  Azure Active Directory » Privileged Identity Management  ·  Flag idea as inappropriate…  ·  Admin →
    Ben Hatton supported this idea  · 

  7. Enable PIM role assignment by Group membership.

    118 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Forgot password?
    Create a password
    Signed in as (Sign out)
    Close
    Close

    We’ll send you updates on this idea

    under review  ·  11 comments  ·  Azure Active Directory » Privileged Identity Management  ·  Flag idea as inappropriate…  ·  Admin →
    Ben Hatton supported this idea  · 

  8. Extend management groups to allow PIM scope changes down to subscriptions and resource groups

    15 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Forgot password?
    Create a password
    Signed in as (Sign out)
    Close
    Close

    We’ll send you updates on this idea

    1 comment  ·  Azure Active Directory » Privileged Identity Management  ·  Flag idea as inappropriate…  ·  Admin →
    Ben Hatton supported this idea  · 

  9. Force admins to verify via MFA with every activation request

    17 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Forgot password?
    Create a password
    Signed in as (Sign out)
    Close
    Close

    We’ll send you updates on this idea

    under review  ·  1 comment  ·  Azure Active Directory » Privileged Identity Management  ·  Flag idea as inappropriate…  ·  Admin →
    Ben Hatton supported this idea  · 

  10. Extend PIM to manage group membership

    24 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Forgot password?
    Create a password
    Signed in as (Sign out)
    Close
    Close

    We’ll send you updates on this idea

    6 comments  ·  Azure Active Directory » Privileged Identity Management  ·  Flag idea as inappropriate…  ·  Admin →
    Ben Hatton supported this idea  · 

  11. Azure AD Privileged Identity Management - Display elevation propagation process

    24 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Forgot password?
    Create a password
    Signed in as (Sign out)
    Close
    Close

    We’ll send you updates on this idea

    0 comments  ·  Azure Active Directory » Privileged Identity Management  ·  Flag idea as inappropriate…  ·  Admin →
    Ben Hatton supported this idea  · 

  12. PIM option to request access to AD groups

    24 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Forgot password?
    Create a password
    Signed in as (Sign out)
    Close
    Close

    We’ll send you updates on this idea

    1 comment  ·  Azure Active Directory » Privileged Identity Management  ·  Flag idea as inappropriate…  ·  Admin →
    Ben Hatton supported this idea  · 

  13. Make a App for AzureAD PIM to activate my roles

    47 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Forgot password?
    Create a password
    Signed in as (Sign out)
    Close
    Close

    We’ll send you updates on this idea

    under review  ·  8 comments  ·  Azure Active Directory » Privileged Identity Management  ·  Flag idea as inappropriate…  ·  Admin →
    Ben Hatton supported this idea  · 

  14. Integrate Resource Health as an Activity Log alert condition

    8 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Forgot password?
    Create a password
    Signed in as (Sign out)
    Close
    Close

    We’ll send you updates on this idea

    0 comments  ·  Azure Service Health » Resource Health  ·  Flag idea as inappropriate…  ·  Admin →
    Ben Hatton supported this idea  · 

  15. Azure AD B2C Data Residency in Australia

    216 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Forgot password?
    Create a password
    Signed in as (Sign out)
    Close
    Close

    We’ll send you updates on this idea

    51 comments  ·  Azure Active Directory » B2C  ·  Flag idea as inappropriate…  ·  Admin →
    Ben Hatton supported this idea  · 

  16. resource health

    11 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Forgot password?
    Create a password
    Signed in as (Sign out)
    Close
    Close
    You have left! (?) (thinking…)
    1 comment  ·  (General Feedback) » azure.microsoft.com  ·  Flag idea as inappropriate…  ·  Admin →
    Ben Hatton supported this idea  · 

  17. Add support for NetworkWatcher / NSG Flow logs for App Service with Regional Vnet Integration enabled

    4 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Forgot password?
    Create a password
    Signed in as (Sign out)
    Close
    Close
    You have left! (?) (thinking…)
    0 comments  ·  Web Apps » Supportability  ·  Flag idea as inappropriate…  ·  Admin →
    Ben Hatton supported this idea  · 

  18. Consumption based pricing for Azure Firewall

    3 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Forgot password?
    Create a password
    Signed in as (Sign out)
    Close
    Close
    You have left! (?) (thinking…)
    triaged  ·  0 comments  ·  Networking » Azure Firewall  ·  Flag idea as inappropriate…  ·  Admin →
    Ben Hatton shared this idea  · 

  19. Add additional Authorized CA for custom Certificate in Azure Front Door

    125 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Forgot password?
    Create a password
    Signed in as (Sign out)
    Close
    Close
    You have left! (?) (thinking…)
    12 comments  ·  Networking » Azure Front Door Service  ·  Flag idea as inappropriate…  ·  Admin →
    Ben Hatton supported this idea  · 

  20. Management of OAuth Consent Expiry Renewal

    3 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Forgot password?
    Create a password
    Signed in as (Sign out)
    Close
    Close

    We’ll send you updates on this idea

    0 comments  ·  Azure Active Directory » Admin Portal  ·  Flag idea as inappropriate…  ·  Admin →
    Ben Hatton shared this idea  · 
← Previous 1 3 4

Feedback and Knowledge Base

(thinking…)
Hosted by UserVoice