Share via

Enabling optional PAM feature

Bojan Zivkovic 441 Reputation points
2021-02-11T12:47:13.373+00:00

Hi, I have forest which in the future will become managed forest when ESAE or its successor approach is implemented. Can I now enable PAM feature which can help me a lot by allowing time limited group membership without affecting future architecture where JIT will be implemented by MIM/PAM? Asking this because having been enabled, PAM feature can not be disabled.

Microsoft Identity Manager
Microsoft Identity Manager
A family of Microsoft products that manage a user's digital identity using identity synchronization, certificate management, and user provisioning.
694 questions
0 comments

2 answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. Fan Fan 15,336 Reputation points Microsoft Vendor
    2021-02-12T02:38:18.343+00:00

    Hi,

    Since you it is more related to the MIM deployment , I can't give you more professional advice .
    I would suggest you open a new thread with the tag Microsoft-Identity-Management.

    Following link for your reference:
    https://learn.microsoft.com/en-us/microsoft-identity-manager/pam/privileged-identity-management-for-active-directory-domain-services

    Best Regards,

  2. Tom Houston 176 Reputation points
    2021-02-12T20:17:07.04+00:00

    Hey @Bojan Zivkovic ,

    Yes you can enable the PAM feature in your Bastion forest without impacting a future MIM/PAM deployment. You may want to consider Microsoft's updated privileged user access strategy before making a substantial investment in the ESAE.

    Hope this helps

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.