Adam

My feedback

  1. 551 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    Folks,
    We are working on it. There is an elevation of privilege concern associated with this feature. If a group is assigned a role, any IT admin who can manage group membership can manage that group’s membership and indirectly manage who gets the role. So, we have to ensure that the feature is secure.

    We are taking a staged approach to execute this feature –
    Stage 1: Supporting cloud groups to be assigned to roles
    Stage 2: Supporting on-prem groups to be assigned to roles

    Stay tuned!

    Regards,
    Abhijeet Kumar Sinha
    Azure Active Directory Team

    An error occurred while saving the comment
    Adam commented  · 

    any update,, the fact that this basic principle of security and IAM was left out of AAD roles , makes me question our move this!!!

Feedback and Knowledge Base