Andy Ball

My feedback

  1. 33 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    10 comments  ·  SQL Server » Suggestions  ·  Flag idea as inappropriate…  ·  Admin →
    An error occurred while saving the comment
    Andy Ball commented  · 

    Bump

    Andy Ball supported this idea  · 
  2. 53 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    Andy Ball supported this idea  · 
  3. 390 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    23 comments  ·  Automation » Integration with other products  ·  Flag idea as inappropriate…  ·  Admin →
    Andy Ball supported this idea  · 
  4. 4 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    Andy Ball supported this idea  · 
    An error occurred while saving the comment
    Andy Ball commented  · 

    Agreed , especially as it seems to require highly privileged access to view PIM audit logs (ie Global Administrator / Privileged Administrator or Owner for Azure Resources - getting this clarified here https://github.com/MicrosoftDocs/azure-docs/issues/46536#issuecomment-576935717)

  5. 1,244 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    An error occurred while saving the comment
    Andy Ball commented  · 

    Hit this today , try to replace expensive Legacy MFA solution with Azure MFA

    Andy Ball supported this idea  · 
  6. 513 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    Folks,
    We are working on it. There is an elevation of privilege concern associated with this feature. If a group is assigned a role, any IT admin who can manage group membership can manage that group’s membership and indirectly manage who gets the role. So, we have to ensure that the feature is secure.

    We are taking a staged approach to execute this feature –
    Stage 1: Supporting cloud groups to be assigned to roles
    Stage 2: Supporting on-prem groups to be assigned to roles

    Stay tuned!

    Regards,
    Abhijeet Kumar Sinha
    Azure Active Directory Team

    An error occurred while saving the comment
    Andy Ball commented  · 

    I have the same ask of wanting to assign groups to AzureAD Roles. We have an existing PAM product to Self Service Request/ Authorise membership of On Prem Groups (that AD Connected into Azure) via built in workflow*. The logs for this are used for complying with Internal / External Audits etc.

    Currently investigating whether said Product can Manage Azure AD roles directly itself , so at least we have same request / authorise workflow.

    cheers
    Andy.

    * Yep, know about PIM :-;

    Andy Ball supported this idea  · 
  7. 1,953 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    91 comments  ·  Data Factory  ·  Flag idea as inappropriate…  ·  Admin →

    Great news – static IP range for Azure Integration Runtime is now available in all ADF regions! You can whitelist specific IP ranges for ADF as part of firewall rules. The IPs are documented here: https://docs.microsoft.com/en-us/azure/data-factory/azure-integration-runtime-ip-addresses#azure-integration-runtime-ip-addresses-specific-regions. Static IP ranges for gov cloud and China cloud will be published soon!

    Please refer to this blog post on how you can use various mechanisms including trusted Azure service and static IP to secure data access through ADF:
    https://techcommunity.microsoft.com/t5/azure-data-factory/azure-data-factory-now-supports-static-ip-address-ranges/ba-p/1117508

    Service tag support will be made available in next few weeks. Please stay tuned!

    If your network security requirement calls for ADF support for VNet and cannot be met using Trusted Azure service (released in Oct 2019), static IP range (released in Jan 2020), or service tag (upcoming), please vote for VNet feature here: https://feedback.azure.com/forums/270578-data-factory/suggestions/37105363-data-factory-should-be-able-to-use-vnet-without-re

    An error occurred while saving the comment
    Andy Ball commented  · 

    Would like this to . We have a INFOSec requirement to limit access to HDInsight using on Prem Addresses only - ie block access to people outside the company. If we do this via a NSG , it breaks Data Factory connecvity to HDInsight which is used to run a python script as part of transform .

    So at present the only way I can see to fix this , is to change the NSG to allow traffic on Port 443 to the whole Azure IP range which is very open / and has to be checked / refreshed weekly.

  8. 3 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Azure Active Directory » B2B  ·  Flag idea as inappropriate…  ·  Admin →
    Andy Ball shared this idea  · 
  9. 12 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    2 comments  ·  Azure Active Directory » B2B  ·  Flag idea as inappropriate…  ·  Admin →
    An error occurred while saving the comment
    Andy Ball commented  · 

    +1 as well as InviteRedirectUrl and ability to do multiple email addresses at once.

    Andy Ball supported this idea  · 
  10. 12 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Azure Active Directory » B2B  ·  Flag idea as inappropriate…  ·  Admin →
    Andy Ball supported this idea  · 
  11. 143 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    planned  ·  12 comments  ·  Networking » ExpressRoute  ·  Flag idea as inappropriate…  ·  Admin →
    Andy Ball supported this idea  · 
  12. 1,638 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    170 comments  ·  Azure Resource Manager  ·  Flag idea as inappropriate…  ·  Admin →
    Andy Ball supported this idea  · 
  13. 246 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    33 comments  ·  Azure mobile app  ·  Flag idea as inappropriate…  ·  Admin →
    An error occurred while saving the comment
    Andy Ball commented  · 

    Current cost, breakdown, projected like the main portal

    Andy Ball supported this idea  · 
  14. 5 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    2 comments  ·  Virtual Machines » Windows  ·  Flag idea as inappropriate…  ·  Admin →
    An error occurred while saving the comment
    Andy Ball commented  · 

    I mean Get-AzureRMVMSize of course..

    Andy Ball shared this idea  · 
  15. 4 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Virtual Machines  ·  Flag idea as inappropriate…  ·  Admin →
    Andy Ball supported this idea  · 
  16. 2,143 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    283 comments  ·  Virtual Machines  ·  Flag idea as inappropriate…  ·  Admin →

    Thanks for the valid suggestion. Your feedback is now open for the user community to upvote which allows us to effectively prioritize your request against our existing feature list and also gives us insight into the potential impact of implementing the suggested feature

    Andy Ball supported this idea  · 

Feedback and Knowledge Base