Update groups-concept.md #1609
Open
Update groups-concept.md #1609
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Updated the Known issues with the following information: Guest accounts that are owners of a PIM-enabled group will face restricted access when their guest access is configured as "Guest users have limited access to properties and memberships of directory objects" or "Guest user access is restricted to properties and memberships of their own directory objects (most restrictive)." These accounts will experience limitations when participating in "Privileged Identity Management" activities within the group. They won't be able to determine if the group is already enabled for PIM and will instead see a prompt asking, "Enable PIM for this group?" Furthermore, limited/restricted guest accounts will lack visibility into activated roles for other users.
|
@rodrigooliani : Thanks for your contribution! The author(s) and reviewer(s) have been notified to review your proposed change. |
|
Learn Build status updates of commit 907820d: ✅ Validation status: passed
For more details, please refer to the build report. |
| @@ -73,6 +73,7 @@ The following are known issues with role-assignable groups: | |||
| - Use the new [Exchange admin center](/exchange/exchange-admin-center) for role assignments via dynamic membership groups. The old Exchange admin center doesn't support this feature. If accessing the old Exchange admin center is required, assign the eligible role directly to the user (not via role-assignable groups). Exchange PowerShell cmdlets work as expected. | |||
| - If an administrator role is assigned to a role-assignable group instead of individual users, members of the group won't be able to access Rules, Organization, or Public Folders in the new [Exchange admin center](/exchange/exchange-admin-center). The workaround is to assign the role directly to users instead of the group. | |||
| - Azure Information Protection Portal (the classic portal) doesn't recognize role membership via group yet. You can [migrate to the unified sensitivity labeling platform](/azure/information-protection/configure-policy-migrate-labels) and then use the Microsoft Purview compliance portal to use group assignments to manage roles. | |||
| - Guest accounts that are owners of a PIM-enabled group will face restricted access when their guest access is configured as "Guest users have limited access to properties and memberships of directory objects" or "Guest user access is restricted to properties and memberships of their own directory objects (most restrictive)." These accounts will experience limitations when participating in "Privileged Identity Management" activities within the group. They won't be able to determine if the group is already enabled for PIM and will instead see a prompt asking, "Enable PIM for this group?" Furthermore, limited/restricted guest accounts will lack visibility into activated roles for other users. | |||
There was a problem hiding this comment.
Suggested change
| - Guest accounts that are owners of a PIM-enabled group will face restricted access when their guest access is configured as "Guest users have limited access to properties and memberships of directory objects" or "Guest user access is restricted to properties and memberships of their own directory objects (most restrictive)." These accounts will experience limitations when participating in "Privileged Identity Management" activities within the group. They won't be able to determine if the group is already enabled for PIM and will instead see a prompt asking, "Enable PIM for this group?" Furthermore, limited/restricted guest accounts will lack visibility into activated roles for other users. | |
| - Guest accounts that are owners of a Privileged Identity Management (PIM) enabled group will face restricted access when their guest access is configured as "Guest users have limited access to properties and memberships of directory objects" or "Guest user access is restricted to properties and memberships of their own directory objects (most restrictive)." These accounts will experience limitations when participating in PIM activities within the group. They won't be able to determine if the group is already enabled for PIM and will instead see a prompt asking, "Enable PIM for this group?" Furthermore, limited/restricted guest accounts will lack visibility into activated roles for other users. |
|
@barclayn - Can you review the proposed changes? IMPORTANT: When the changes are ready for publication, adding a #label:"aq-pr-triaged" |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Updated the Known issues with the following information:
Guest accounts that are owners of a PIM-enabled group will face restricted access when their guest access is configured as "Guest users have limited access to properties and memberships of directory objects" or "Guest user access is restricted to properties and memberships of their own directory objects (most restrictive)." These accounts will experience limitations when participating in "Privileged Identity Management" activities within the group. They won't be able to determine if the group is already enabled for PIM and will instead see a prompt asking, "Enable PIM for this group?" Furthermore, limited/restricted guest accounts will lack visibility into activated roles for other users.