Joel

My feedback

  1. 70 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    Joel commented  · 

    Update on my last comment: It looks like the script in Anuj's blog post now supports MFA, which is great! A true PowerShell module for PIM is still a necessity for assigning roles, reporting on roles, etc.

    Joel commented  · 

    We really need this feature to activate, configure, and apply roles for Azure Resource Manager. The app in the blog post does not work when MFA is required to activate the role. We require MFA on most of our roles. So, we are stuck configuring, applying, and activating in the portal.

  2. 7 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    Joel commented  · 

    Yes, this! I'm amazed this doesn't have more votes, which makes me think not many people are leveraging PIM for Azure Resource Manager, or maybe they assign roles at the subscription scope.

    For those of us who truly want to utilize a least-privileges model, assigning access at the Resource Group scope is the way to go. Activating multiple roles one-at-a-time is a long, tedious process for our users.

    Ideally, we could have role groups that would allow a single role at multiple scopes, or even multiple roles at multiple scopes. Then users could activate that role group with one single activation.

    Joel supported this idea  · 
  3. 11 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    Joel supported this idea  · 
  4. 63 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    10 comments  ·  Azure Active Directory » Reporting  ·  Flag idea as inappropriate…  ·  Admin →
    Joel supported this idea  · 
  5. 276 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    We have released a public preview of custom roles with support for a handful of permissions related to managing application registrations. We’re now working on support for enterprise application management permissions, and will continue to release more permissions iteratively over time.

    https://docs.microsoft.com/en-us/azure/active-directory/users-groups-roles/roles-custom-overview

    We very much appreciate all of your feedback here. We’re not done yet, so please keep letting us know what you think and where we can improve.

    Regards,
    Vince Smith
    Azure Active Directory team

    Joel supported this idea  · 
  6. 4 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    Joel commented  · 

    This works great for Azure resources, but we currently need this functionality for Azure AD roles.

    Joel supported this idea  · 
  7. 3 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    Joel supported this idea  · 
  8. 2 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    Joel supported this idea  · 
  9. 13 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    Joel supported this idea  · 
    Joel commented  · 

    Yes. We are using PIM for all contribute and owner roles in Azure Resource Manager. Currently any auditing of role eligibility needs to be done manually, which is a nightmare.

  10. 28 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    Joel shared this idea  · 

Feedback and Knowledge Base