Joel

My feedback

  1. 90 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    An error occurred while saving the comment
    Joel commented  · 

    Update on my last comment: It looks like the script in Anuj's blog post now supports MFA, which is great! A true PowerShell module for PIM is still a necessity for assigning roles, reporting on roles, etc.

    An error occurred while saving the comment
    Joel commented  · 

    We really need this feature to activate, configure, and apply roles for Azure Resource Manager. The app in the blog post does not work when MFA is required to activate the role. We require MFA on most of our roles. So, we are stuck configuring, applying, and activating in the portal.

  2. 9 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    An error occurred while saving the comment
    Joel commented  · 

    Yes, this! I'm amazed this doesn't have more votes, which makes me think not many people are leveraging PIM for Azure Resource Manager, or maybe they assign roles at the subscription scope.

    For those of us who truly want to utilize a least-privileges model, assigning access at the Resource Group scope is the way to go. Activating multiple roles one-at-a-time is a long, tedious process for our users.

    Ideally, we could have role groups that would allow a single role at multiple scopes, or even multiple roles at multiple scopes. Then users could activate that role group with one single activation.

    Joel supported this idea  · 
  3. 12 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    Joel supported this idea  · 
  4. 90 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    11 comments  ·  Azure Active Directory » Reporting  ·  Flag idea as inappropriate…  ·  Admin →
    started  ·  Azure AD Team responded

    We are working on this but we don’t have a public ETA to share at this time. We will keep you updated as we get closer.

    Joel supported this idea  · 
  5. 292 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    Hi folks,
    Just a quick update here. We’re still actively working on support for custom roles (RBAC) across Azure AD. Stay tuned for more announcements in the next couple of months.

    You can have a look at what we’ve shipped thus far (custom roles for application registration management) here – https://docs.microsoft.com/en-us/azure/active-directory/users-groups-roles/roles-custom-overview.

    Regards,
    Vince Smith
    Azure Active Directory Team

    Joel supported this idea  · 
  6. 4 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    An error occurred while saving the comment
    Joel commented  · 

    This works great for Azure resources, but we currently need this functionality for Azure AD roles.

    Joel supported this idea  · 
  7. 3 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    Joel supported this idea  · 
  8. 2 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    Joel supported this idea  · 
  9. 24 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    Joel supported this idea  · 
    An error occurred while saving the comment
    Joel commented  · 

    Yes. We are using PIM for all contribute and owner roles in Azure Resource Manager. Currently any auditing of role eligibility needs to be done manually, which is a nightmare.

  10. 32 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    Joel shared this idea  · 

Feedback and Knowledge Base