An update on product requests: bringing shadow IT controls to Trello and Bitbucket

Still absolutely disgusting that this is only available on the Enterprise plan. We pay in excess of $60k a year for Jira yet cannot control this unless we pay almost double that. 

It is absolutely unbelievable that you take pride in resolving this issue for high-paying customers, while leaving others to struggle with Atlassian-facilitated shadow IT.

@Vikki Ulmer when will shadow IT controls be available to standard plan customers please? There are many functions where it's understandable why they are only available to Enterprise or Premium level customers, but this is NOT one of them! 

Agreed. Locking a feature meant to prevent costly misuse behind a more expensive plan is unacceptable. We need controls to stop users from unintentionally creating sub-Confluences and similar items that are automatically added to our bill (adding, that these rogue additions are not straightforward to cancel).

While it's good to see improvements on this topic, I can just agree with what everyone else is saying and forward that all of our clients and partners are unhappy with not having the option to disable new product installs by their managed users. In my opinion, this feature should be available for all paid plans.

Joining everyone else here to say that giving this ability to Enterprise only plans is not acceptable. Many businesses with a larger footprint still use Premium, and it's unrealistic to suggest that they should upgrade their plan just for this basic security admin feature. Furthermore the option to block product creation is clearly already available in the admin panel for Premium users, we're justg not able to select it. Bad form.

I agree that this should not just be for Enterprise customers but also what I noticed that even though we have JSM Enterprise we can't limit the creation of Confluence and Jira products because "You need a Jira Enterprise subscription to change this request setting." I assume it must be Jira Software Enterprise and even JSM Enterprise is not enough?

>Why is product requests in the Cloud Enterprise plan (for Jira, Confluence, and JSM)?

Chose the possible answer (multiselect or none possible)

1) Atlassian wants to create Cash by pain. First you create the pain in a pretty stupid way. 18 of our currently 22 discovered products were reportedly created by pretty new users by accident. It's like shooting people in the foot and then selling bandages. 

2) Atlassian has reports running for its stakeholders that show how many new orgs and sites get created every month. Currently we run with an average of about 1-3 pages per month getting created accidently per 1000 users. Someone must have run the numbers and is scared now to correct the numbers.

3) "The Cloud Enterprise plan solves the challenges of customers who manage many teams and data across their Atlassian toolchain. These customers operate at a complex scale, which can imply they have arduous workflows; the need to scale administrative practices to ensure no impact on security or performance; have high M&A activity; and more. In addition, these customers often operate in highly regulated industries and geographies or have stricter security and compliance requirements.

Given this, we've made product requests - an advanced security feature - available in our Cloud Enterprise plan to help customers in large, complex environments more closely monitor shadow IT risks as they scale or manage compliance requirements."

This is completely unacceptable that these Shadow IT controls are behind the Enterprise plan only. This is a security risk, especially considering Trello's history. This needs a sense check

Being able to control the creation of new organizations/sites/products by managed users must be a standard feature, otherwise why name the user a managed user?

The standard Atlassian products contain the ability to set permissions on users and groups, but not the ability to block organization/site/product creation by managed users? C'mon!

Even worse, the whole UI design by Atlassian continuously tricks the managed users into creating new organizations/sites/products by accident, especially during login.

Instead, while logging in to the platform, a managed user should be guided towards the organizations/sites/products that he/she has access to.

Any organization that takes security and data protection seriously, cannot allow such practices of guiding the users away from the managed environment. Any self-respecting organization should also not implement such "features".

Hi @Vikki Ulmer 

It would be great if that could be featured in the Premium plans as well. The way I see it currently this feature is coming from the "Enterprise admin experience team" rather than an "admin experience" team. These news are not quite what I was expecting. :(

Hi @Vikki Ulmer ,

thank you. It is great improvement, but I totally agree with the others. This is big problem in every organization and I would really appreciate, if this is available for at least Premium plan, not only Enterprise.

This needs to be available to all paid plans, not a good look for Atlassian if the motivation is to force us all to Enterprise. 

Hi,

Let's have a look at the products and the product names:

• Premium products: the "premium" versions of Jira and Confluence are not cheap. Many companies, like ours, are spending a small fortune on these products! All customers for the so-called “premium” products are expecting those products to be mature and secure, and well suited for professional use.
• Managed users: the users are "managed" but what does this mean? In my opinion, the company must have control over those users and what they can do or can’t do on the platform. But not for Atlassian! For them, a "managed" user means a user that belongs to a claimed domain, that's all! On the contrary, Atlassian guides our “managed” users away from the “premium” managed environment, and allows (and encourages!) them to subscribe for new products outside of the managed environment! This shadow IT is a major security hazard!
• Guard: according to the name, this product should guard their customers from a number of things. The first one, and the most obvious one in my opinion, is guarding the company from the above mentioned security hazard that Atlassian is creating for their "premium" customers, who have "managed" users!

Although obvious for every customer of Atlassian, it seems none of this makes sense for the so-called product managers of Atlassian! Stopping these shadow IT practices and guiding our managed users towards to our managed environment, is basic stuff for any product that deserves the naming premium/managed/guard, and should never be hidden behind an enterprise paywall.

Atlassian, if you really want to be what you claim to be (a provider of secure and good quality platforms and services), then just act like that by providing value for money! Now you are providing a lot of garbage for “premium” money (a continuous flood of security hazards), and you are asking “enterprise” money for stopping to provide the same garbage? This is not what I understand under “provide value for money”.

We must open a support ticket every time a user is accidentially creating an site and let the Atlassian support clean up the mess until we get some opportunity to prevent users from creating new instances without any admin consent.

Indeed, we must keep on bringing this to the attention of Atlassian, using all possible means, and make them spend their time on the cleanup work, too! We must also keep posting and creating new bug reports for this issue.

In the support tickets, always repeat the same information (I even made a "template" ticket for site removal requests!):

• The site has been created entirely by accident by one of your "managed" users
• You don't agree with the shadow IT activities of Atlassian towards the managed users of your "premium" subscriptions
• This is a huge security issue which must be resolved by Atlassian if they want to show any respect for their customers
• If this continues, you will have no other option than advising AGAINST the further use of any Atlassian tools

Also make references to some relevant articles:

• https://jira.atlassian.com/browse/CLOUD-10325
• https://community.atlassian.com/t5/Confluence-questions/SECURITY-ISSUE-during-login-procedure-of-managed-users/qaq-p/2841895
• https://community.atlassian.com/t5/Questions/Why-is-Atlassian-promoting-Shadow-IT-Or-Accidental-IT/qaq-p/2731538
• https://jira.atlassian.com/browse/CLOUD-12089
• https://community.atlassian.com/t5/Enterprise-articles/An-update-on-product-requests-bringing-shadow-IT-controls-to/ba-p/2840760

Ask for the immediate and permanent deletion of the site.

And finally, also ask to keep the ticket open until the site has been completely removed (because they like to close tickets before the site has been deleted and when deletion fails you have to start all over again!).

"How can Atlassian better support your organization?"

That is the title of an email from Atlassian, which you have probably also received, containing an invitation to "Share your thoughts in a short 5-7 minute survey".

I recommend everyone to participate and share your thoughts about Atlassian pushing shadow IT towards the managed users of customers with Jira Premium and Confluence Premium.

During the survey, there are 3 text boxes where you can type free text. Keep Atlassian informed about your thoughts!

@Vikki Ulmer - This is disappointing and is not customer-focused.  It would be one thing if this functionality didn't exist at all, but having it available and choosing to paywall it behind Enterprise goes away from a core Atlassian value: "Dont #@!% the customer"

This should be available for any organization, no matter the license tier, that has managed accounts.

Vikki, can you please address the extremely reasonable outrage the community has about gating this functionality behind enterprise?  The community has provided TONS of feedback about this here, in the product feature request boards, and elsewhere and have received ZERO response from you or anyone else on the product management team.  We are waiting.  

[ID-7697] Prevent managed users from creating cloud site using a verified domain. - Create and track feature requests for Atlassian products.