Privileged Identity Management - Configuring an eligible role

Question

Dear all,

Although Azure AD Premium P2 is active on Azure AD, I do not get the options for Privileged Identity Management config when I create a new assignment.
https://learn.microsoft.com/en-us/azure/active-directory/privileged-identity-management/pim-configure

Any ideas why it happens?
Premium P2 is in its trial period.

Many thanks !

Answer 1

Did you onboard the resources?

https://learn.microsoft.com/en-us/azure/active-directory/privileged-identity-management/pim-resource-roles-discover-resources

Answer 2

Quick update, from some reason it seems that now Privileged Identity Management works correctly in Azure AD.
Could it be that it takes time to the license info to propagate within my Azure account ... very strange.

Answer 3

Hi @Nir Gluzman ,

To add to Andy David's answer, you need to make sure that you have enabled the trial for Microsoft Entra ID Governance Step-Up for Microsoft Entra ID P2. If your tenant has Azure AD Premium P2, you need to select Details below Microsoft Entra ID Governance Step-Up for Microsoft Entra ID P2. Then select Start free trial. https://learn.microsoft.com/en-us/azure/active-directory/governance/licensing-fundamentals#starting-a-trial

You also need to make sure that you have the correct number of licenses for the eligible users and roles. https://learn.microsoft.com/en-us/azure/active-directory/governance/licensing-fundamentals#example-license-scenarios-for-pim

For more specific pricing/licensing questions, it is always free to speak with the Sales team or your licensing representative of choice. https://azure.microsoft.com/en-in/contact/

Let me know if this helps and if you have further questions.

If the information helped you, please Accept the answer. This will help us as well as others in the community who may be researching similar information.

Answer 4

Dear @Andy David - MVP and @Marilee Turscak-MSFT , many thanks for the fast reply!

Unfortunately the steps described in the link you provided - Discover Azure resources to manage in PIM - does not change the info displayed when creating new assignment (assign role to a user) in Azure AD.
The console does not show all options for time-based and approval-based role activation.

I followed the steps described by Marilee to enable Identity Governance, but still I get an error (see snapshot).
Moreover, I cannot login to Sign in to the Microsoft 365 admin center with my Gmail account assigned to my Azure account.

Any ideas what could be the issue?
Do you need additional info from my side to understand better the settings?

Many thanks !

Answer 5

Hi @Nir Gluzman ,

Thanks for following up on this. I'm glad that you were able to resolve your issue and thank you for posting your solution so that others experiencing the same thing can easily reference this! Since the Microsoft Q&A community has a policy that "The question author cannot accept their own answer. They can only accept answers by others ", I'll repost your solution in case you'd like to "Accept " the answer.

Issue:

When creating a new role assignment, you were not able to see the options for the Privileged Identity Management configuration, even though you had the appropriate Azure AD Premium P2 license.

Solution:

After waiting some time, you were able to see the Privileged Identity Management options. It is possible that it took some time for the license information to propogate on your tenant.

Please remember to "Accept Answer" if any answer/reply helped, so that others in the community facing similar issues can easily find the solution.