What are the use cases of PIM (Privileged Identity Management) in Azure AD as wanted to understand on all identity and access management aspect?

Vinod Survase 4,756 Reputation points
2023-07-01T17:41:04.85+00:00

What are the use cases of PIM (Privileged Identity Management) in Azure AD as wanted to understand on all identity and access management aspect?

Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
22,896 questions
0 comments No comments
{count} votes

Accepted answer
  1. Dillon Silzer 57,586 Reputation points
    2023-07-02T03:51:04.93+00:00

    I would recommend reading the following section of the PIM overview:

    What is Azure AD Privileged Identity Management? (What does it do?)

    https://learn.microsoft.com/en-us/azure/active-directory/privileged-identity-management/pim-configure#what-does-it-do

    Privileged Identity Management provides time-based and approval-based role activation to mitigate the risks of excessive, unnecessary, or misused access permissions on resources that you care about. Here are some of the key features of Privileged Identity Management:

    • Provide just-in-time privileged access to Azure AD and Azure resources
    • Assign time-bound access to resources using start and end dates
    • Require approval to activate privileged roles
    • Enforce multi-factor authentication to activate any role
    • Use justification to understand why users activate
    • Get notifications when privileged roles are activated
    • Conduct access reviews to ensure users still need roles
    • Download audit history for internal or external audit
    • Prevents removal of the last active Global Administrator and Privileged Role Administrator role assignments

    PIM is meant to "enforce the principle of least privilege by periodically reviewing, renewing, and extending access to resources."

    Cited from https://www.microsoft.com/en-ca/security/business/identity-access/azure-active-directory-privileged-identity-management-pim

    Hopefully this gets you started with understanding it.


    If this is helpful please accept answer.


0 additional answers

Sort by: Most helpful

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.