357 votes40 comments · Azure Active Directory » Role-based Access Control · Flag idea as inappropriate… · Admin →
Just a quick update here. We’re still actively working on support for custom roles (RBAC) across Azure AD. Stay tuned for more announcements in the next couple of months.
You can have a look at what we’ve shipped thus far (custom roles for application registration management) here – https://docs.microsoft.com/en-us/azure/active-directory/users-groups-roles/roles-custom-overview.
Azure Active Directory Team
An error occurred while saving the commentTim Nielsen (Admin) commented
I would like to modify or create a copy of the Helpdesk Administrator RBAC role, in order to add a few more relevant permissions to either the built in role - or a new role based on that role.
Unfortunately permssions to "microsoft.directory/users/*" and "microsoft.directory/signInReports/*" are unavailable for a custom role, even though they exist in the built-in roles.
Why not allow creation of a custom role using already existing allowed resource actions from the built in roles, in order to mix them to custom roles?
887 votes127 comments · Azure Active Directory » Multi-factor Authentication · Flag idea as inappropriate… · Admin →
We’re really pleased to let you know that we’ve released the first authentication method APIs to public preview:
So far there are APIs for managing phone numbers and password resets. When phone numbers are set with the API, the user can use that number for MFA and SSPR (as allowed by your tenant’s policy).
The team is hard at work at building out APIs for all of the other authentication methods, and we’ll update the response here as they’re released.