How to bundle roles

In_Rainbows 26 Reputation points
2021-11-01T13:11:13.127+00:00

Users on our support line needs to activate 5-7 roles in Privileged Identity Manager every day to get admin access to Teams, SharePoint, Intune etc.

Activating every role is time consuming and irritating, and it's easy to confuse which one you need.

So how can I bundle these roles so they only need to activate one role every day.
For security reasons they are not given Global admin access.

Microsoft Entra
0 comments No comments
{count} votes

Accepted answer
  1. AmanpreetSingh-MSFT 56,286 Reputation points
    2021-11-01T15:38:05.22+00:00

    Hi @In_Rainbows • Thank you for reaching out.

    This can be done by using Privileged Access Groups. For this purpose, you need to follow below steps:

    • Under Azure AD > Groups > Create a new group > Select Yes for Azure AD Roles can be assigned to the group > Under Roles, select desired roles like, Exchage Online Admin, SharePoint Admin, Teams Admin etc.
      145544-image.png
    • Once the group is created, enable privilege access, as shown below:
      145450-image.png
    • Under Members blade of the group, Add Eligible Assignments
      145499-image.png
    • Eligible users can then go to Privileged Identity Management blade and activate their membership to the group, as shown below:
      145500-image.png

    Once the membership to the group is activated, user will be able to use the privileges/roles assigned to the group, without requesting access to each role individually.

    -----------------------------------------------------------------------------------------------------------

    Please "Accept the answer" if the information helped you. This will help us and others in the community as well.


1 additional answer

Sort by: Most helpful
  1. Sai Kumar Munduri 1 Reputation point
    2021-11-01T15:18:43.627+00:00

    I believe adding a group assignments through PIM is still an unmatured way as azure is still working on it. You can give a try. as last week I have assigned roles through PIM in my current environment and all of a sudden all the permissions got vanished. I am figuring out this situation with Microsoft team. Or else we can create custom role and give a try

    0 comments No comments