Event banner
Microsoft Entra Permissions Management AMA 2023
Event Ended
Monday, Jan 30, 2023, 09:00 AM PSTEvent details
If you attended our Permissions Management swarm and have any additional questions about the CIEM solution, join our Ask Me Anything event to get your questions answered by our product experts!
...
Trevor_Rusher
Updated Jan 30, 2023
___Patrick___
Jan 30, 2023Copper Contributor
Will Entra introduce reduced privilege capabilities around OAuth token administration? How about browser based adding/deleting/updating? Currently GA permissions and uploading csv files are required for use.
SteveBall
Jan 30, 2023Copper Contributor
Thank you, Patrick. We're working on developing and releasing new scenarios in a short term and longer term roadmap - we'd love to hear your ideas (like OAuth token support which we do not support today.) Our current remediation processes are browser-based (or you can remediate via cut and pasting scripts from Entra Permissions Management into the console of choice.) If useful, could you expand on your CSV comment to clarify what you'd like to see with more detail?
- ___Patrick___Jan 30, 2023Copper ContributorCurrently using the (https://entra.microsoft.com/#view/Microsoft_AAD_IAM/MultifactorAuthenticationMenuBlade/~/HardwareTokens/fromProviders~/false?Microsoft_AAD_IAM_legacyAADRedirect=true) link to manage OAuth tokens. Uploading of CSV's is ok for bulk loading but once devices are uploaded, they cannot be changed from the portal without deleting and re-uploading by a Global Administrator. Really would like to delegate administration to our Service Desk staff for regular users. Additionally, being able to add/change device mappings from the web interface. For ease of administration for delegated admins, it would be nice if this was exposed within the UserProfileMenuBlade under "Authentication methods" for a given user.
- dinglehartJan 30, 2023Copper ContributorI want to kind of echo Patrick's comments but more broadly. There are a lot of functions in AAD altogether that require pretty high-level rights to manage, making it hard to delegate to appropriate personnel without over provisioning them. A specific example: If a user reports Fraud via Authenticator, it requires pretty high rights to clear. I would love to be able to delegate this to our SOC, but not giving them all kinds of other access.
- SteveBallJan 30, 2023Copper ContributorDavid, great follow-up. We are thinking through delegation scenarios (like the one you describe.) We'd love to learn more about the specific end to end delegation workflow(s) you'd like to see if you wish to share more details?