![]() We need to have Azure groups, which support AAD role assignments and hold our local IT employees. The set this all up, we need to configure several objects in Azure AD. Configure the BitLocker Recovery Key Reader role Let’s see how we can configure all these new features, and get our fine-grained BitLocker Recovery key reader role in place. Yes! Finally, we can create a custom role in Azure AD, with only BitLocker key read permissions, and with the support for adding devices to an AU, we can scope this permission per country or BU.Īnd as a bonus to all this news, dynamic administrative units group membership is now also supported (in preview)! – Add devices as members of administrative units and assign built-in or custom roles for managing devices over the scope of an administrative unit. – Create custom roles using permissions for device objects. ![]() ![]() With these new capabilities, you can now: I’m excited to share several new features to enable fine-grained delegation of device administration in Azure AD. Last month Microsoft finally announced new features related to role-based access control with which we can create a custom role that only holds the permissions to read BitLocker keys.īesides the custom role announcement, also support for adding devices to an Azure Administrative Unit (AU) was announced. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |