Child pages
  • Azure AD Change Management Process

Versions Compared


  • This line was added.
  • This line was removed.
  • Formatting was changed.



Comprehensive changes include the following:

  • Any request that meets the entry criteria and not previously called out explicitly as an routine change by the AAD CAB

Routine changes do not require the CAB to approve them. The approved routine changes include the following:

  • If a new setting or Microsoft app is deployed to our AAD tenant as enabled, upon discovery a tenant admin can immediately disable that setting/app treating it as a routine change. Communication of this change should happen among tenant admins, and to the MI service manager. Back out: Remove as routine. Goal: Mitigate Microsoft from implementing changes without our consideration. (approved 2/8/2016) 
  • Requests for Basic AAD Applications authored by UW developer. Back out: Remove as routine. Goal: Streamline AAD applications for UW developers, removing friction of waiting a month for low-risk use; value is provided in a timely manner. (approved 4/11/2016)
  • Requests to add additional permissions to the Azure AD risky permissions list can be approved by the Microsoft Infrastructure service manager. Customers who disagree with a denied request can escalate to the AAD CAB. (approved 10/10/2016)
  • AAD apps with a risky permission which has not been explicitly approved should be disabled by Microsoft Infrastructure service team members. This should happen within 72 hours of the app's creation, but can happen outside that period. (approved 10/10/2016)

Entry Criteria

The MI service has a request for a change to: