Listen to PIM events

Question

Listen to PIM events

Abed Elheyb 85

I am looking for a reliable way to receive real-time PIM events, such as:

When a new PIM request is created

When an approver approves or denies a request

I need to listen to these events as soon as they happen.

I tried using Microsoft Graph API audit logs, but there is noticeable delay in receiving new PIM changes. I also configured Azure AD diagnostic settings to send audit logs to Event Hub, but this approach still does not provide real-time updates.

I am considering creating a dedicated email address and adding it to the PIM role notification settings to capture email notifications and process them programmatically. However, this approach does not seem professional or reliable for production use.

Has anyone implemented a better solution for near real-time PIM event handling?

I would greatly appreciate any guidance or recommendations.

Saraswathi Devadula 16,025 Reputation points Microsoft External Staff Moderator

2026-02-21T07:47:04.4433333+00:00
Hello **Abed Elheyb

**It looks like you're trying to find a reliable way to receive real-time notifications for Privileged Identity Management (PIM) events, but you're experiencing delays with the Microsoft Graph API and Azure AD diagnostic settings. I totally get how frustrating that can be, and it's great that you're looking for more efficient solutions!

Here are a few recommendations you might consider:

Using Webhooks: If available, configure webhooks with Microsoft Graph to listen for specific event triggers. This could allow your application to receive notifications instantly when an event occurs.

Azure Event Grid: You can integrate Azure Event Grid with your Azure services that monitor PIM. By setting up Event Grid, you can trigger events based on certain actions, which may provide a more immediate response compared to polling Graph API.

Microsoft Graph Subscriptions: Consider utilizing Microsoft Graph subscriptions for the specific resources related to PIM events where you need notifications. The Graph API allows you to create a subscription to receive notifications when resources are changed.

Azure Functions: If you're looking to process notifications programmatically, an Azure Function can be triggered by events sent to Azure Event Grid. This way, you can handle notifications about PIM changes without needing to rely on email.

Custom Notification Apps: Building a small application that collates these notifications from different sources (like Microsoft Graph API, Azure Event Grid, etc.) might also be worth considering. This way, you could streamline how you handle and receive notifications.

To provide more tailored guidance, here are some follow-up questions:

Are you already using Event Grid or considering implementing it in your current architecture?

What programming languages or environments are you comfortable working with for building custom notifications?

Is your organization open to building or integrating with Azure Functions or similar solutions?

What would you consider an “acceptable” delay for receiving PIM notifications?

https://learn.microsoft.com/en-us/entra/id-governance/privileged-identity-management/pim-resource-roles-assign-roles
https://learn.microsoft.com/en-us/graph/api/resources/subscription?view=graph-rest-1.0

Hope this helps and looking forward to your response!
Abed Elheyb 85 Reputation points

2026-02-21T07:54:14.5166667+00:00

Microsoft Graph Subscription doesn't support PIM as resource.
The current delay when receiving PIM notifications is around 8-10 minutes, an “acceptable” delay should be around 1-2 minutes or less.
Sridevi Machavarapu 31,585 Reputation points Microsoft External Staff Moderator

2026-02-24T11:44:20.95+00:00

Hello Abed Elheyb,

Could you confirm whether you have any further queries regarding this?

Answer accepted by question author

0 additional answers

Your answer

Abed Elheyb 85 Reputation points

2026-02-21T07:54:14.5166667+00:00

Microsoft Graph Subscription doesn't support PIM as resource.
The current delay when receiving PIM notifications is around 8-10 minutes, an “acceptable” delay should be around 1-2 minutes or less.
Sridevi Machavarapu 31,585 Reputation points Microsoft External Staff Moderator

2026-02-24T11:44:20.95+00:00

Hello Abed Elheyb,

Could you confirm whether you have any further queries regarding this?

Answer 1

Hello Abed Elheyb,

You are correct that Microsoft Graph change notifications (subscriptions/webhooks) do not currently support Privileged Identity Management (PIM), so this option cannot be used to listen for PIM events.

PIM activities such as role activation requests, approvals, and denials are captured in Microsoft Entra Audit Logs under the RoleManagement category. Both Microsoft Graph (directoryAudits) and Diagnostic Settings with Event Hub access these events from the same backend logging system. Because of this, delays like the 8–10 minutes you observed can occur, and delivery within 1–2 minutes is not guaranteed.

PIM also sends email notifications for these events, but they are designed for awareness rather than automation.

As noted in the documentation, most email notifications arrive within 3 to 10 minutes, and in some cases can take up to 15 minutes, so they are not suitable for real-time event processing.

Reference: https://learn.microsoft.com/en-us/entra/id-governance/privileged-identity-management/pim-email-notifications
User's image

Currently, there is no native webhook, Event Grid integration, or subscription-based mechanism available for real-time PIM event notifications.

If this capability is important for your use case, you may consider submitting a feature request through the Microsoft Feedback Portal: https://feedback.azure.com/d365community

Hope this helps! Please let me know if you have any further questions.

Abed Elheyb 85 Reputation points

2026-02-24T13:15:16.8866667+00:00

We need to send a feature request to Microsoft. Thanks for clarifying.

Share via

Listen to PIM events

0 additional answers

Your answer