Child pages
  • Azure AD Change Management Process
Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 5 Next »

Status: Draft (not proposed or accepted)


This page describes the AAD CAB, including the goals, roles, and operational processes used to manage changes to our enterprise Azure AD tenant(


  1. Enable business use 
  2. Mitigate risks
    1. Provide excellent infrastructure via reliable service design
    2. Show due care for the impact of changes on services dependent on our enterprise Azure AD

These goals imply a variety of desired outcomes which we won't explicitly call out, e.g. communication with customers, roll-back plans, pursuing solutions that broadly meet business needs, etc.


The following parties are involved in this process. Listed by name, role, and responsibilities.

CustomerRequestorSubmit a request for AAD change with sufficient information about business need. 
UWWI Support Coordinator 

Support the requestor through this process, at times suggesting or supplying technical detail and specifics the customer won't be able to supply. 

Guide requested change through the process to completion.

UWWI Engineering Solution Designer, Implementer 

As needed, design solutions which meet requests.

Implement approved changes.

UWWI Service Manager 

Approver (Gate #1),
Approver (Gate #3)

Approve change to be submitted ...
Azure AD Governance team Approver (Gate #2)  
AAD CAB Approver (Gate #4)  


The UWWI Support role is filled by the service team members.

The UWWI Engineering role is filled by the service team engineers.

The UWWI Service manager is filled by the service manager or their designated alternate during leave.

The AAD Governance team is defined separately at

The AAD CAB is comprised of:

  • UWWI Service Owner, which currently is Brad Greer
  • MSCA Service Owner, which currently is Tom Lewis

Change Request Process

 Standard Change Request vs. Expedited Change Request


Standard changes include the following:

  • Any request not previously called out explicitly as an expedited change by the AAD CAB

Expedited changes include the following:

  • None at this time. 

Entry Criteria

The UWWI service has a request for a change to:

  • the enterprise Azure AD tenant design, including the following items
    • namespace design or accepted domains,
    • tenant-wide configuration settings,
    • enable or disable a new Azure AD capability that Microsoft has released (depends on what the default state of the new capability is)
    • change to provisioning or authentication integration design 
  • Azure services which can only be enabled or changed by a tenant global admin (e.g. Azure RMS, InTune, and many more)
  • a one-time change or recurring change--outside existing service design--to some number of objects in our AAD
  • implement significant management or operational practices (e.g. AAD app approval process or tenant global admin practices)
  • a change to MSCA service design which may have impact to the Azure AD design (note: MSCA may have a separate change approval process, but when a change intersects with AAD design should also use this mechanism)

Process Steps



  • No labels