MS-PIM Is Automatically Removing then Adding Privileged Access Group Assignments Back

Brandon Boudreau 0 Reputation points
2023-01-27T20:01:29.9066667+00:00

I'm seeing an odd behavior in the audit logs of some of the Privileged Access groups that we use at my company. The same member is being removed and added back at random times daily.

ms-pim

I'm not seeing this behavior with every member of the Privileged Access groups, so it leads me to believe that this is a bug. Has anyone else seen this?

Microsoft Entra
Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
23,261 questions
0 comments No comments
{count} votes

1 answer

Sort by: Most helpful
  1. Andy David - MVP 152.3K Reputation points MVP
    2023-01-27T22:02:17.53+00:00

    Hi, that looks normal to me if you are using the Privileged access (Preview) for PIM enabled groups and the activation time is set to 8 hours.

    Once the 8 hour mark is hit, the PIM agent (Initiated by (actor)

    will remove the user from the group.

    If you creating a role assignable group and making it PIM eligible and not using the Privileged access (Preview) feature, the audit logs wont show that

    0 comments No comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.