Event banner

Microsoft Entra Permissions Management AMA 2023

Event Ended
Monday, Jan 30, 2023, 09:00 AM PST
In-Person

Event details

If you attended our Permissions Management swarm and have any additional questions about the CIEM solution, join our Ask Me Anything event to get your questions answered by our product experts!   ...
Trevor_Rusher
Updated Jan 30, 2023
microsoft entra
Permissions Management
___Patrick___'s avatar
___Patrick___
Copper Contributor
Jan 30, 2023

Will Entra introduce reduced privilege capabilities around OAuth token administration? How about browser based adding/deleting/updating? Currently GA permissions and uploading csv files are required for use.

SteveBall's avatar
SteveBall
Copper Contributor
Jan 30, 2023
Thank you, Patrick. We're working on developing and releasing new scenarios in a short term and longer term roadmap - we'd love to hear your ideas (like OAuth token support which we do not support today.) Our current remediation processes are browser-based (or you can remediate via cut and pasting scripts from Entra Permissions Management into the console of choice.) If useful, could you expand on your CSV comment to clarify what you'd like to see with more detail?
  • ___Patrick___'s avatar
    ___Patrick___
    Copper Contributor
    Jan 30, 2023
    Currently using the (https://entra.microsoft.com/#view/Microsoft_AAD_IAM/MultifactorAuthenticationMenuBlade/~/HardwareTokens/fromProviders~/false?Microsoft_AAD_IAM_legacyAADRedirect=true) link to manage OAuth tokens. Uploading of CSV's is ok for bulk loading but once devices are uploaded, they cannot be changed from the portal without deleting and re-uploading by a Global Administrator. Really would like to delegate administration to our Service Desk staff for regular users. Additionally, being able to add/change device mappings from the web interface. For ease of administration for delegated admins, it would be nice if this was exposed within the UserProfileMenuBlade under "Authentication methods" for a given user.
  • dinglehart's avatar
    dinglehart
    Copper Contributor
    Jan 30, 2023
    I want to kind of echo Patrick's comments but more broadly. There are a lot of functions in AAD altogether that require pretty high-level rights to manage, making it hard to delegate to appropriate personnel without over provisioning them. A specific example: If a user reports Fraud via Authenticator, it requires pretty high rights to clear. I would love to be able to delegate this to our SOC, but not giving them all kinds of other access.
    • SteveBall's avatar
      SteveBall
      Copper Contributor
      Jan 30, 2023
      David, great follow-up. We are thinking through delegation scenarios (like the one you describe.) We'd love to learn more about the specific end to end delegation workflow(s) you'd like to see if you wish to share more details?
Date and Time
Jan 30, 20239:00 AM - 10:00 AM PST