Deactivate PIM for Azure AD

Yordan Yordanov 466 Reputation points
2020-03-08T18:56:21.997+00:00

I have previously activated Azure AD PIM for several admin roles. Now my Premium P2 licenses have expired and I can no longer use PIM, however the roles have not reverted back from Eligible to Permanent. The effect of this is that I can no longer access the Admin portal or perform any administrative tasks using my account. Of course, I have a Permanent role assignment to a cloud-only admin with which I am a Global Admin. However, I want to deactivate PIM entirely as it is useless without P2 licenses. I expected it to happen automatically when the licenses expire, but it did not. What can I do in this case?

Microsoft Entra
0 comments
Accepted answer
  1. Yordan Yordanov 466 Reputation points
    2020-03-08T19:20:54.94+00:00

    OK, found it - the users are not automatically reassigned their permanent roles after PIM is deactivated - needed to re-add them to the relevant administrative groups for them to regain access.

    1 person found this answer helpful.
    0 comments

0 additional answers

Sort by: Most helpful
Most helpful Newest Oldest