Evaluating PAM, PIM, and JIT Solutions for On-Premises Active Directory and Local Domains

49885604 215 Reputation points
2024-02-08T11:44:11.3166667+00:00

Hello, I have a need to evaluate PAM, PIM, and JIT solutions to integrate with on-premises Active Directory. The aim is to assign an additional level of control over administrative identities that have permissions to create, delete, or modify on the PKI and beyond. To perform specific administrative activities in AD, Certification Authority, and Templates, a solution is required that can automate the temporary assignment of users to a specific group. It should ensure that these permissions are automatically revoked after a defined time. Thanks in advance, Alessio.

Windows for business | Windows Client for IT Pros | Directory services | Active Directory
Windows for business | Windows Server | User experience | Other
Microsoft Security | Microsoft Identity Manager
0 comments No comments
{count} votes

2 answers

Sort by: Most helpful
  1. Marius Ene 345 Reputation points
    2024-02-08T18:58:46.5166667+00:00

    Hello, Have a look at this article: https://learn.microsoft.com/en-us/microsoft-identity-manager/pam/privileged-identity-management-for-active-directory-domain-services You could extend and apply the concept to CA and templates. As for automation that is a separate issue, each admin manages their own processes but I am sure you can automate something using PowerShell. Regards, Marius - https://mariusene.com/

    0 comments No comments

  2. Michael Leach 15 Reputation points
    2025-02-12T18:27:30.6366667+00:00

    I know this question is a year old. But, this is possible now with some limitations. I'm doing this for a client now. Check out this blog to see how to do it. https://www.linkedin.com/pulse/using-entra-pim-specific-users-access-rdp-on-premises-paulo-silva-4gede/

    0 comments No comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.