550 votes71 comments · Azure Active Directory » Role-based Access Control · Flag idea as inappropriate… · Admin →
We are working on it. There is an elevation of privilege concern associated with this feature. If a group is assigned a role, any IT admin who can manage group membership can manage that group’s membership and indirectly manage who gets the role. So, we have to ensure that the feature is secure.
We are taking a staged approach to execute this feature –
Stage 1: Supporting cloud groups to be assigned to roles
Stage 2: Supporting on-prem groups to be assigned to roles
Abhijeet Kumar Sinha
Azure Active Directory Team
An error occurred while saving the commentBen Gliddon commented
Agree with the others. Not having this feature really goes against RBAC fundamentals and increases management overheads for our IT department.
Microsoft please resolve asap.
1,278 votes246 comments · Azure Active Directory » Multi-factor Authentication · Flag idea as inappropriate… · Admin →
This feature is now on the roadmap. The MFA team is planning to adjust admin roles or create a new role that will allow delegation of MFA registration and credentials to an admin role.