Ofori, David

My feedback

  1. 58 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    4 comments  ·  (General Feedback) » Other  ·  Flag idea as inappropriate…  ·  Admin →
    Ofori, David supported this idea  · 
  2. 1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Azure Active Directory » Domain Registration  ·  Flag idea as inappropriate…  ·  Admin →
    Ofori, David shared this idea  · 
  3. 5 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    An error occurred while saving the comment An error occurred while saving the comment
    Ofori, David commented  · 

    This functionality is crucial and quite frankly surprised that it wasn't or isn't being worked on. basically i should be able to scope the Privilege Role Administrator role to a role. ie i should be able to create a custom role, say Exchange PRA Administrators. members of this role would be able to assign eligibility only to the Exchange Administrators Role.

    Why is this important, MS best practice is to use PIM to assign roles. we want application owners to be able to assign access to their applications but only to their application.

    Alternatively MS can implement self service role assignment request. ie i should be able to request access to exchange administrator role and role owner should be able to allow or reject the request. if allowed PIM service principle account will make me eligible for the role.

    Ofori, David supported this idea  · 
  4. 58 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    Ofori, David supported this idea  · 
  5. 103 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    An error occurred while saving the comment
    Ofori, David commented  · 

    This would eliminate having to add people to the privilege role administrator role

    Ofori, David supported this idea  · 
  6. 4 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    Ofori, David supported this idea  · 
  7. 4 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    Ofori, David supported this idea  · 
  8. 5 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    Ofori, David supported this idea  · 
  9. 31 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    Ofori, David supported this idea  · 
  10. 40 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    Ofori, David supported this idea  · 
  11. 60 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    Ofori, David supported this idea  · 
  12. 207 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    Ofori, David supported this idea  · 
  13. 513 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    Folks,
    We are working on it. There is an elevation of privilege concern associated with this feature. If a group is assigned a role, any IT admin who can manage group membership can manage that group’s membership and indirectly manage who gets the role. So, we have to ensure that the feature is secure.

    We are taking a staged approach to execute this feature –
    Stage 1: Supporting cloud groups to be assigned to roles
    Stage 2: Supporting on-prem groups to be assigned to roles

    Stay tuned!

    Regards,
    Abhijeet Kumar Sinha
    Azure Active Directory Team

    Ofori, David supported this idea  · 

Feedback and Knowledge Base