I would recommend reading the following section of the PIM overview:
What is Azure AD Privileged Identity Management? (What does it do?)
Privileged Identity Management provides time-based and approval-based role activation to mitigate the risks of excessive, unnecessary, or misused access permissions on resources that you care about. Here are some of the key features of Privileged Identity Management:
- Provide just-in-time privileged access to Azure AD and Azure resources
- Assign time-bound access to resources using start and end dates
- Require approval to activate privileged roles
- Enforce multi-factor authentication to activate any role
- Use justification to understand why users activate
- Get notifications when privileged roles are activated
- Conduct access reviews to ensure users still need roles
- Download audit history for internal or external audit
- Prevents removal of the last active Global Administrator and Privileged Role Administrator role assignments
PIM is meant to "enforce the principle of least privilege by periodically reviewing, renewing, and extending access to resources."
Hopefully this gets you started with understanding it.
If this is helpful please accept answer.