Due to various technical limitations, the first iteration of the customer-owned domains functionality will not be available for a few more months. We will provide an update as soon as we can get a more specific ETA.
We’re continuing to investigate options for adding this support. There are technical challenges to overcome in order to make this happen. We thank you for all your valuable comments so far, and welcome any additional feedback you have on what are the most important use cases involved with these scenarios.
278 votes30 comments · Azure Active Directory » Role-based Access Control · Flag idea as inappropriate… · Admin →
We have released a public preview of custom roles with support for a handful of permissions related to managing application registrations. We’re now working on support for enterprise application management permissions, and will continue to release more permissions iteratively over time.
We very much appreciate all of your feedback here. We’re not done yet, so please keep letting us know what you think and where we can improve.
Azure Active Directory team
Thanks for your feedback. We are looking into it and evaluating different options for solving the use cases mentioned in this thread. We will update this thread once we have more information to share.
yes, would love that too.
the existing cmdlet Restore-AzureADMSDeletedDirectoryObject should be renamed until then, it's kind of misleading with "Objects" when it does only cover specific O365 groups
2 votes0 comments · Azure Monitor-Log Analytics » Search UI and Language · Flag idea as inappropriate… · Admin →
5 votes0 comments · Azure Monitor-Log Analytics » Search UI and Language · Flag idea as inappropriate… · Admin →
1 voteMartin Wüthrich shared this idea ·
This is good feedback and is in our backlog but not currently under development. While we work on prioritizing/designing the feature, it’s helpful to hear from you how you would use this information in your scenarios. Please let us know by adding comments here.
this would be highly needed. but please do not set an existing attribute automatically. It would be great to have an additional attribute like "InvitedBy"
367 votes47 comments · Azure Active Directory » Multi-factor Authentication · Flag idea as inappropriate… · Admin →
The MFA team is currently working on adding get/set/read/delete abilities for StrongAuthentication data to the Graph API.
All consumer logins including local and social/federated are included in the audit logs.
Is there more information that you are looking for?
As another contributor already suggested:
This affects all User Accounts within a Azure AD. We need to be able to alert, if a specific user logs uses the Azure AD as an identity provider.
If you read the following article of Microsoft carefully:
You will find, that Microsoft recommends to use specfic, cloud only Accounts for the permanent Global Administrator assignment. And that you should avoid conditional Access on those, to make sure the Fallback Admins will work, if your Admin Account doesn't.
So with no CA, and maybe also without MFA, we have Global Administrator Accounts with only a Password.
This leads to the fact: We need to be alerted as fast as possible, if one of those Fallback Accounts is used for authentication, because they should not be used, until an emergency.
We’re currently working on this capability and will provide an update when it’s done.
However, instead of expanding the “Additional Local administrators” setting, we will support adding AAD groups to Windows 10 local groups (.e.g Administrators, Remote Desktop Users) via MDM policy and elevate user privileges on logon. This will provide greater flexibility to assign different groups to different devices
and thus there are huge organization, and they only want to have a reasonable amount of admin per device:
Please make the group assignment more finegrained, so that I can add only the Asia IT on the ASIA Devices. Maybe connect it with:
48 votes2 comments · Azure Active Directory » Role-based Access Control · Flag idea as inappropriate… · Admin →
Just wanted to post another update that this is a high priority, but we do not have any details to announce yet.
/Stuart and Vince
Yes, this is highly requested. To be able to delete a Device (Azure AD Join or Device Registration), you will need to be Global Administrator.
IPv6 in Azure VNET is currently previewing globally- in ALL Azure Public cloud regions.
Announcement (Service Update): https://azure.microsoft.com/en-us/updates/public-preview-microsoft-adds-full-ipv6-support-for-azure-vnets/
Links to Documentation & Samples
Full documentation including sample scripts is available here: https://aka.ms/IPv6ForAzureVNETdoc
A sample JSON template is posted in the quickstart repository: https://azure.microsoft.com/en-us/resources/templates/ipv6-in-vnet/
Yes, many of the Microsoft Service do not Support IPv6, an example is also DirSync, which is often used in Hybrid Scenarios.