Ammert

My feedback

  1. 1,278 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    An error occurred while saving the comment
    Ammert commented  · 

    What is the expected ETA of this change? Any updated or specifics as to which role this is if it was implemented?

    An error occurred while saving the comment
    Ammert commented  · 

    Our user admins cannot be assigned a global admin role in O365. They therefore cannot see any users who are MFA blocked under: Azure Active Directory > Security > MFA > Block/unblock users

    My request to Microsoft is: PLEASE make MFA User Block/Unblocking more manageable
    Per support: As of now, Dec 16 2019, currently, only a Global Admin has rights to view this and it's stored on the MFA backend which does not connect to PowerShell in any way. This is a known issue for our Product Group as well, and there are some changes and/or additional administrative roles coming in the future to allow non-Global Administrators to handle such requests.
    ---> We were unable to get any ETA or further information on this timeline however. Which is not ideal as it gets us no closer to being able to manage these more easily and at scale.

    What other part of Azure AD can my admins at minimum VIEW users MFA Block\unblock status - without giving them other permissions to edit/change configurations, etc.? Is there not a role that even allows viewing this report, other than the Global Admin, which MS advises we (rightfully) guard and limit use of?

    Ammert supported this idea  · 
  2. 20 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    An error occurred while saving the comment
    Ammert commented  · 

    Our user admins cannot be assigned a global admin role in O365. They therefore cannot see any users who are MFA blocked under: Azure Active Directory > Security > MFA > Block/unblock users

    My request to Microsoft is: PLEASE make MFA User Block/Unblocking more manageable

    Per support: As of now, Dec 16 2019, currently, only a Global Admin has rights to view this and it's stored on the MFA backend which does not connect to PowerShell in any way. This is a known issue for our Product Group as well, and there are some changes and/or additional administrative roles coming in the future to allow non-Global Administrators to handle such requests.
    ---> We were unable to get any ETA or further information on this timeline however. Which is not ideal as it gets us no closer to being able to manage these more easily and at scale.

    What other part of Azure AD can my admins at minimum VIEW users MFA Block\unblock status - without giving them other permissions to edit/change configurations, etc.? Is there not a role that even allows viewing this report, other than the Global Admin, which MS advises we (rightfully) guard and limit use of?

  3. 51 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    4 comments  ·  Signup and Billing  ·  Flag idea as inappropriate…  ·  Admin →

    This is great feedback and while we don’t have plans to include this on our roadmap in the near future, we will certainly follow up with the other stakeholders to determine the next steps to getting this feature supported.

    -Adam
    Azure Billing Team

    An error occurred while saving the comment
    Ammert commented  · 

    Submitted by request: It’s my understanding that tagging at the resource group level is the ‘best practice’ from the community, so it is a little frustrating that this data is not available (or at least an option) in reporting tools out-of-the-box.

    http://www.azurefieldnotes.com/2016/07/18/azure-resource-tagging-best-practices/

    Ammert supported this idea  · 

Feedback and Knowledge Base