Azure Role-based access control
An Azure service that provides fine-grained access management for Azure resources, enabling you to grant users only the rights they need to perform their jobs.
660 questions
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(300.8, 11%, 39%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ETH%3C/text%3E%3C/svg%3E)
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(44.800000000000004, 78%, 14%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ESG%3C/text%3E%3C/svg%3E)
Hello Mohsen Akhavan,
I hope I can help you with this question.
The limitation you are referring to is a default restriction set by Microsoft for the duration of Azure AD administrator role assignments. By default, the maximum duration for any administrator role assignment is 15 days, regardless of the type of role.
To extend the role assignment duration beyond the default limit, you can use the Azure AD Privileged Identity Management (PIM) feature. With PIM, you can create custom role assignments with specific duration periods, including ones longer than 15 days.
To extend the role assignment for your user using PIM, follow these steps:
- Navigate to the Azure portal and select "Azure Active Directory" from the left-hand menu.
- Click on the "Privileged Identity Management" option.
- Select the "Azure AD roles" option from the "Manage" menu.
- Find the user who you want to extend the role assignment for and click on the "Activate" button next to their name.
- In the "Activation" pane that appears, select the "Custom duration" option.
- Set the desired duration for the role assignment and click "Activate" to confirm the changes.
-
- After completing these steps, the user's role assignment should be extended for the duration you specified.
Note that PIM is available only in Azure AD Premium P2 and Azure AD Free Trial subscriptions. If you don't have access to PIM, you can create a PowerShell script to automate the assignment of the role every 15 days.
Doc link for your help:
https://learn.microsoft.com/en-us/azure/active-directory/privileged-identity-management/pim-resource-roles-renew-extend
https://learn.microsoft.com/en-us/azure/active-directory/privileged-identity-management/pim-resource-roles-assign-roles
Please accept as answer and upvote if the above information is helpful for the benefit of the community.