Azure PIM with Microsoft Graph Command Line Tools powershell

Rahamim Levi 156 Reputation points
2023-07-27T07:24:22.0433333+00:00

We are using a powershell script when onboarding \ offboarding users.

The script uses these modules: AzureAD, ExchangeOnlineManagement, MSOL, MicrosoftTeams, Microsoft.Online.Sharepoint.

Since AzureAD and MSOL will be deprecated, I started migrating our script to the MgGraph module.

My problem \ question is: How can I use PIM with MgGraph? The reason I'm asking is because if the app has user consented to permissions how does "Just in time" work in this case?

 

Thanks, Rahamim.

Microsoft Graph
Microsoft Graph
A Microsoft programmability model that exposes REST APIs and client libraries to access data on Microsoft 365 services.
13,029 questions
0 comments No comments
{count} votes

Accepted answer
  1. Vasil Michev 113.5K Reputation points MVP
    2023-07-27T07:32:51.85+00:00

    It works just fine. The effective permissions are the subset of those granted to the app (i.e. the consented permissions) and those granted to the user you're running it with. If the user is currently not elevated, he will not be able to run any admin operations. Just remember to close the current session after you've elevated, as it can take up to 1 hour for the token to be renewed.


0 additional answers

Sort by: Most helpful

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.