Hello Mohsen Akhavan,
I hope I can help you with this question.
The limitation you are referring to is a default restriction set by Microsoft for the duration of Azure AD administrator role assignments. By default, the maximum duration for any administrator role assignment is 15 days, regardless of the type of role.
To extend the role assignment duration beyond the default limit, you can use the Azure AD Privileged Identity Management (PIM) feature. With PIM, you can create custom role assignments with specific duration periods, including ones longer than 15 days.
To extend the role assignment for your user using PIM, follow these steps:
- Navigate to the Azure portal and select "Azure Active Directory" from the left-hand menu.
- Click on the "Privileged Identity Management" option.
- Select the "Azure AD roles" option from the "Manage" menu.
- Find the user who you want to extend the role assignment for and click on the "Activate" button next to their name.
- In the "Activation" pane that appears, select the "Custom duration" option.
- Set the desired duration for the role assignment and click "Activate" to confirm the changes.
- After completing these steps, the user's role assignment should be extended for the duration you specified.
Note that PIM is available only in Azure AD Premium P2 and Azure AD Free Trial subscriptions. If you don't have access to PIM, you can create a PowerShell script to automate the assignment of the role every 15 days.
Doc link for your help:
Please accept as answer and upvote if the above information is helpful for the benefit of the community.
@Subrotho Das Thanks for your reply. Regarding your screenshots and document, I saw my role in Active Role because it's valid. But when another admin wants to extend my role from Azure Active Directory we received 15 days limitation. If we extend from Privilege Identity Management we don't have this 15 days limitation. Is it right?