Share via

Azure AD PAM implementation

Nad Ben 6 Reputation points
2023-05-16T13:24:44.4233333+00:00

Hello,

I'm training on somes Azure AD and M365 features. I just tried Azure AD PIM and PAM. For the firt, there is no problem with it, the documentation is enough to implement uses cases.

But I have problem with Azure AD PAM for whom I can't find any recent resource except the official documentation by Microsoft (on MS-500 certification learning, for example) : https://learn.microsoft.com/en-us/training/modules/m365-compliance-insider-implement-privileged-access-management/case-study

Moreover, to access to PAM menu, it was not really clear and the features are very limited.

So, my question is : Is Azure PAM still a product maintained by Microsoft ? Has it been deprecated ? I did not found any information about that, but it's very stranger situation.

Thank you for your help.

Microsoft 365
Microsoft 365
Formerly Office 365, is a line of subscription services offered by Microsoft which adds to and includes the Microsoft Office product line.
4,400 questions
Microsoft Entra
Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
20,707 questions

3 answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. Nad Ben 6 Reputation points
    2023-05-17T06:37:27.16+00:00

    Thank you for your contribution.

    @Nick Riley : It's exactly what I think. Azure AD PAM is very restricted (only Exchange Online available on the "Scope" field). But, it seems we can delegater others Azure AD administratives roles, even you selected Exchange on the Scope, by using "Role Group" on "Policy type" field :

    Azure AD PAM

    So, it's very confused and the official documentation is not really clear about Azure AD PAM. And the uses cases where we need Azure AD PAM are very restricted if there is only these features.

    1 person found this answer helpful.
    0 comments
  2. Andy David - MVP 145.8K Reputation points MVP
    2023-05-16T15:09:44.0466667+00:00
    0 comments
  3. Nick Riley 1 Reputation point
    2023-05-16T19:34:00.8033333+00:00

    I'd just been looking at a similar thing; I know my way around AzureAD PIM. MIM PAM is obviously on-prem AD and as you say, seems to be what people think of when you say PAM - but references to PAM in M365 / AzureAD do seem confusing but do exist!

    As-per the link you provided, you can manage some (limited) PAM here (which I suspect you've found already)
    https://admin.microsoft.com/Adminportal/Home#/Settings/PrivilegedAccess
    Having tried to create a policy, it looks like it's only possible to set the scope to Exchange; I wonder therefore if it'd be better described as Exchange PAM. - I'm not sure what's on the roadmap but it seems to only cover Exchange activities and I've not seen it expand or change at all recently.

    0 comments