Yaroslav Solovyov

My feedback

  1. 2,002 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    416 comments  ·  Azure Active Directory » SaaS Applications  ·  Flag idea as inappropriate…  ·  Admin →

    We’re currently evaluating an option that will provide the functionality offered by nested groups, but removes the complexity nested groups adds. We appreciate your patience on this ask and want to ensure we deliver a solution that benefits all of our customers. Below are use cases that we’d like for you to stack rank, with #1 being priority for you. We thank you for the continued comments and feedback.

    Use case A: nested group in a cloud security group inherits apps assignment
    Use case B: nested group in a cloud security group inherits license assignment
    Use case C: nesting groups under Office 365 groups

    Yaroslav Solovyov supported this idea  · 
  2. 82 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    8 comments  ·  Azure Active Directory » B2B  ·  Flag idea as inappropriate…  ·  Admin →

    This is in our backlog, but votes and comments about how you would expect this to work are very helpful to our planning/designing the feature so please keep them coming.

    Also, for some scenarios in this space Access Reviews (https://docs.microsoft.com/en-us/azure/active-directory/governance/manage-guest-access-with-access-reviews) can be a good way of removing users who no longer need access, including those who don’t have accounts anymore. (Thanks Shawn for pointing that out for everyone!)

    /Elisabeth

    An error occurred while saving the comment
    Yaroslav Solovyov commented  · 

    Ideally the behaviour shall be configurable to align to an individual organisation needs or policies. Upon detection of an account termination in the External AAD guest AAD can:
    1. Automatically terminated in GuestAAD,
    2. Automatically deactivate B2B user account in guest AAD (set "Block sign in" to "Yes") and initiate a review by a responsible person.
    3. No change to an account and instigate a revision by a responsible person (central function or Manager field)
    Current user account revision process lacks completeness and if a user account is neither a member of a group or assigned to an Application (eg. directly invited to the SharePoint site, or removed from groups) such account will not be reviewed. So, organisations willing to have 360 degree control over Azure AD accounts including B2B have a need to augment Azure AD with either a manual process or a 3rd party tool such as an Identity Governance and Administration Tool.

    Yaroslav Solovyov supported this idea  · 
  3. 5 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Azure Active Directory » B2B  ·  Flag idea as inappropriate…  ·  Admin →
    Yaroslav Solovyov shared this idea  · 
  4. 190 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    20 comments  ·  Azure Active Directory » B2B  ·  Flag idea as inappropriate…  ·  Admin →

    We do have some capabilities in this space by using either Access Reviews (https://docs.microsoft.com/en-us/azure/active-directory/governance/manage-guest-access-with-access-reviews) or the newly-released-to-preview Entitlement Management feature (https://docs.microsoft.com/en-us/azure/active-directory/governance/entitlement-management-overview).

    If neither of those fulfill your requirements, please add a comment with your scenario for the feature to help us prioritize and design it better.

    /Elisabeth

    Yaroslav Solovyov supported this idea  · 
  5. 5 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Azure Active Directory » B2B  ·  Flag idea as inappropriate…  ·  Admin →
    Yaroslav Solovyov shared this idea  · 

Feedback and Knowledge Base