RBAC role PIM assignments review script

Dave Norton 1 Reputation point
2022-06-23T09:40:32.037+00:00

I'm looking for a way to review eligible and active PIM assignments in my RBAC structure across ALL my Management Groups and Subscriptions scopes. Currently I can do this through the portal by going to Privileged Identity Management -> Azure Resources -> Assignments then generating the output by doing the "Export". This is great and is giving me the output I need to review however I need to do this for each Management Group and Subscription and I'm unable to find a way to do this, either programmatically or via the UI.

Currently I have a script that utilizes Get-AzRoleAssignment to output all my assignments at each scope level but this also outputs any current PIM'd roles which is skewing my review, so by adding in the PIM assignments I will be able to differentiate what's assigned via RBAC at my MG and Sub level as well as what's been assigned for PIM. Hope that makes sense. Anyone else that's done this before?

Azure Active Directory Priviledged Identity Management
Azure Role-based access control
Azure Role-based access control
An Azure service that provides fine-grained access management for Azure resources, enabling you to grant users only the rights they need to perform their jobs.
372 questions
{count} votes