Microsoft

Microsoft Endpoint Configuration Manager Feedback

Suggestion box powered by UserVoice - Update: Microsoft will be moving away from UserVoice sites on a product-by-product basis throughout the 2021 calendar year. We will leverage 1st party solutions for customer feedback. Learn more

How can we improve Configuration Manager?

← Ideas

Allow granting ConfigMgr rights to AAD users/groups

With the introduction of tenant attach, there is a growing need to be able to grant ConfigMgr permissions to AAD objects.

In many environments ConfigMgr admins have following accounts:
- a normal user account which is synced to AAD
- an admin account which is not synced to AAD
- an AAD-only account for the cloud stuff

When you implement the tenant attach, you need an AD account that is synced to AAD & have permissions in ConfigMgr. None of those accounts is a perfect solution.
1) Don't want to grant any ConfigMgr rights to the normal user
2) Don't want to sync on-prem admin accounts to AAD
3) Cannot grant ConfigMgr rights to AAD users/groups

Thus, it would be useful to be able to grant ConfigMgr rights to AAD users/groups, so the admin wouldn't need any additional account for tenant attach operations.

53 votes
Vote

We're glad you're here

Please sign in to leave feedback
Signed in as (Sign out)
Close
Close
You have left! (?) (thinking…)
Panu Saukko shared this idea  ·   ·  Flag idea as inappropriate…  ·  Admin →

0 comments

We're glad you're here

Please sign in to leave feedback
Signed in as (Sign out)
Close
Close
Submitting...
An error occurred while saving the comment

Ideas: Role Based Access & Security

Categories

Feedback and Knowledge Base

(thinking…)