AdminAzure AD Team (Product Manager, Microsoft Azure)

My feedback

  1. 548 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    Folks,
    We are working on it. There is an elevation of privilege concern associated with this feature. If a group is assigned a role, any IT admin who can manage group membership can manage that group’s membership and indirectly manage who gets the role. So, we have to ensure that the feature is secure.

    We are taking a staged approach to execute this feature –
    Stage 1: Supporting cloud groups to be assigned to roles
    Stage 2: Supporting on-prem groups to be assigned to roles

    Stay tuned!

    Regards,
    Abhijeet Kumar Sinha
    Azure Active Directory Team

    An error occurred while saving the comment
    AdminAzure AD Team (Product Manager, Microsoft Azure) commented  · 

    Folks,
    We are working on it. There is an elevation of privilege concern associated with this feature. If a group is assigned a role, any IT admin who can manage group membership can indirectly manage the membership of that role. So, we have to ensure that the feature is secure.

    Stay tuned!

    Regards,
    Abhijeet Kumar Sinha
    Azure Active Directory Team

    An error occurred while saving the comment
    AdminAzure AD Team (Product Manager, Microsoft Azure) commented  · 

    RE: "High Priority? Request has been posted 2,5 years ago?! Come on Microsoft, this is ridiculous"

    Ugh, you are right to be frustrated with us here. I'm not happy with the pace of progress on assigning groups as members of roles, either. It is a high priority for us, but it's proving more difficult for reasons that aren't obvious.

    I appreciate everyone who has taken the time to provide feedback. It is valuable, and we take it into account in our planning and prioritization process.

    Vince

    An error occurred while saving the comment
    AdminAzure AD Team (Product Manager, Microsoft Azure) commented  · 

    RE: "High Priority? Request has been posted 2,5 years ago?! Come on Microsoft, this is ridiculous"

    Ugh, you are right to be frustrated with us here. I'm not happy with the pace of progress on assigning groups as members of roles, either. It is a high priority for us, but it's proving more difficult for reasons that aren't obvious.

    I appreciate everyone who has taken the time to provide feedback. It is valuable, and we take it into account in our planning and prioritization process.

    Vince

  2. 7 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    planned  ·  4 comments  ·  Azure Active Directory » Role-based Access Control  ·  Flag idea as inappropriate…  ·  Admin →
    An error occurred while saving the comment
    AdminAzure AD Team (Product Manager, Microsoft Azure) commented  · 

    Hi. Thank you for the feedback! We are working on support for custom roles in Azure AD now. It's a fairly large feature, so we're enabling it first for application management, then user and group management, device management, etc. We won't get to the specific permissions for managing security alerts for a bit, but we will get there. I've made a note of this specific ask to track in our backlog.

    Best regards,
    Vince Smith
    Principal Program Manager
    Microsoft Azure Active Directory

    An error occurred while saving the comment
    AdminAzure AD Team (Product Manager, Microsoft Azure) commented  · 

    Hi. Thank you for the feedback! We are working on support for custom roles in Azure AD now. It's a fairly large feature, so we're enabling it first for application management, then user and group management, device management, etc. We won't get to the specific permissions for managing security alerts for a bit, but we will get there. I've made a note of this specific ask to track in our backlog.

    Best regards,
    Vince Smith
    Principal Program Manager
    Microsoft Azure Active Directory

  3. 1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    An error occurred while saving the comment
    AdminAzure AD Team (Product Manager, Microsoft Azure) commented  · 

    Hey Oscar,
    I need a clarification on your scenario.
    1. Do you want to know when a role was last assigned to a user for auditing purpose?
    Or
    2. Do you want to know when a role's permission or name was modified?

  4. 42 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    An error occurred while saving the comment
    AdminAzure AD Team (Product Manager, Microsoft Azure) commented  · 

    Just to provide an update, we have not forgotten about this. We're working away on our backlog and still plan to add support for this.

    Thanks everyone for your votes here.

    Cheers,
    Vince

  5. 320 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    Hi folks,
    Just a quick update here. We’re still actively working on support for custom roles (RBAC) across Azure AD. Stay tuned for more announcements in the next couple of months.

    You can have a look at what we’ve shipped thus far (custom roles for application registration management) here – https://docs.microsoft.com/en-us/azure/active-directory/users-groups-roles/roles-custom-overview.

    Regards,
    Vince Smith
    Azure Active Directory Team

    An error occurred while saving the comment
    AdminAzure AD Team (Product Manager, Microsoft Azure) commented  · 

    Hi folks,
    Very much appreciate the feedback here. Just wanted to provide an update - we are actively working on custom roles support for Azure AD. It's a big project, but we are making good progress. Thanks for your patience!

    Vince

Feedback and Knowledge Base