It works just fine. The effective permissions are the subset of those granted to the app (i.e. the consented permissions) and those granted to the user you're running it with. If the user is currently not elevated, he will not be able to run any admin operations. Just remember to close the current session after you've elevated, as it can take up to 1 hour for the token to be renewed.
Azure PIM with Microsoft Graph Command Line Tools powershell
Rahamim Levi
156
Reputation points
We are using a powershell script when onboarding \ offboarding users.
The script uses these modules: AzureAD, ExchangeOnlineManagement, MSOL, MicrosoftTeams, Microsoft.Online.Sharepoint.
Since AzureAD and MSOL will be deprecated, I started migrating our script to the MgGraph module.
My problem \ question is: How can I use PIM with MgGraph? The reason I'm asking is because if the app has user consented to permissions how does "Just in time" work in this case?
Thanks, Rahamim.