400 votes58 comments · Azure Active Directory » Role-based Access Control · Flag idea as inappropriate… · Admin →
We are working on it. There is an elevation of privilege concern associated with this feature. If a group is assigned a role, any IT admin who can manage group membership can manage that group’s membership and indirectly manage who gets the role. So, we have to ensure that the feature is secure.
We are taking a staged approach to execute this feature –
Stage 1: Supporting cloud groups to be assigned to roles
Stage 2: Supporting on-prem groups to be assigned to roles
Abhijeet Kumar Sinha
Azure Active Directory Team
I’ve many costumers who want that functionality too. During the implementation time I’ve published my finished solution on GitHub.
Feel free and give me a feedback.
9 votesHannes Lagler-Gruener supported this idea ·
The feature in planned for support and we will update as development proceeds.
during the development/planned time, I've created an Azure ARM template where I've implement an Azure Function with hybrid connection.
You can find the whole solution at my GitHub Account.
Feel free and give me a feedback, if anything wasn't clear or not implemented.
Detail readme file is in development.
Multiple scenarios are still being investigated.
(We changed the status to because Started implied we were working on the feature and we did not want to represent it inaccurately. We are investigating and therefore, we are marking it under review.
Hi Mike Stephens.
the implementation of ADDS in combination with NPS is supportet, when you ensure that:
1) Skip registering the NPS server and
2) ensure your network policy has “Ignore user account dial-in properties” selected.
The reason why I ask, I want to implement ADDS with Radius for P2S VPN.
I know, the Azure AD auth for P2S is also in preview but only for windows clients...