Azure Active Directory
An Azure enterprise identity service that provides single sign-on and multi-factor authentication.
12,621 questions
Content
145 questions with Azure Active Directory Priviledged Identity Management-related tags
1 answer
MS-PIM Is Automatically Removing then Adding Privileged Access Group Assignments Back
I'm seeing an odd behavior in the audit logs of some of the Privileged Access groups that we use at my company. The same member is being removed and added back at random times daily. I'm not seeing this behavior with every member of the Privileged…
asked 2023-01-27T20:01:29.9066667+00:00
Brandon Boudreau
0
Reputation points
edited an answer 2023-01-27T22:04:23.3433333+00:00
Andy David - MVP
109.5K
Reputation points Microsoft MVP
1 answer
Deleting inactive users from Azure AD and On-premise AD
I have a question about managing groups and users. I have a couple of inactive users in my organization whose license has been revoked but their account still exists in my Azure environment. Now my question is how I delete these users in my Azure AD and…
1 answer
We want to send weekly report over a email to Management for resource audit functionality in PIM
We want to send weekly report over a email to Management for resource audit functionality in PIM Azure AD. The requirement is if for certain subscription , suppose "X" number users activated their access through PIM. So, need the report of…
asked 2023-01-09T08:49:26.43+00:00
Siva Poreddy
1
Reputation point
edited the question 2023-01-27T09:47:27.99+00:00
Shweta Mathur
11,081
Reputation points Microsoft Employee
0 answers
how to take RDP of existing Virtual machine with azure AD
Hi, we need to have 2 accounts set up to have administrative access to all of the Windows Server VM's, so that we can RDP to each VM, map drives between VM's, etc. I'm not sure how Azure manages this, but there's already an AD domain, with the two user…
asked 2023-01-11T20:50:57.7533333+00:00
sultan
46
Reputation points
edited a comment 2023-01-27T07:36:18.6066667+00:00
Prrudram-MSFT
10,376
Reputation points Microsoft Employee
1 answer
Scoped PIM assignment (schedules) do not show up in API
Active assignments of certain directory roles (for example "Application Administrator") that are limited to the scope of a service principal or application do not show up in /rolemanagement/directory/roleAssignmentScheduleRequests or…
asked 2023-01-25T14:56:08.64+00:00
Stefan Boerner
0
Reputation points
commented 2023-01-26T07:19:03.39+00:00
Stefan Boerner
0
Reputation points
1 answer
One of the answers was accepted by the question author.
What is difference between Service Principal and Managed Identity
I would like to know more about Service principal and Managed identity/ User assigned identity and its usage.
asked 2023-01-23T19:24:42.86+00:00
ATUL PATIL
40
Reputation points
commented 2023-01-24T08:51:14.8+00:00
ATUL PATIL
40
Reputation points
1 answer
Exporting Azure PIM Approvers
How do you export a list of all PIM Approvers from all Azure Built in Roles. As an example screenshot for User Admin, the approval list. How do I export these at once for all roles.
asked 2023-01-19T16:48:38.0333333+00:00
H Raja
191
Reputation points
edited a comment 2023-01-20T13:49:53.64+00:00
Vasil Michev
61,741
Reputation points Microsoft MVP
0 answers
When trying to assign roles in subscription via PIM I get an error
I get the following error when trying to assign roles via PIM in subscription. Cannot read properties of null (reading 'externalId') Resource IDNot available ExtensionMicrosoft_Azure_PIMCommon ContentResourceMenuBlade Error code-- I have been able…
asked 2023-01-16T09:53:24.45+00:00
Michael Bennett
21
Reputation points
commented 2023-01-18T06:11:34.9333333+00:00
Givary-MSFT
11,431
Reputation points Microsoft Employee
1 answer
Azure AD PIM - pass that ticketing rule parameter Graph API
Message: The following policy rules failed: ["TicketingRule"] Can someone please help/advice how can I pass the value for ticket-number field while activating roles. I can easily activate roles which doesn't have ticket Number field. …
asked 2023-01-09T05:55:37.307+00:00
Faizan Chaudhary
21
Reputation points
commented 2023-01-17T08:23:15.16+00:00
TP
10,696
Reputation points
1 answer
API Integration issues - OATH content deadline exceeded
Hello, I have an API integration that is failing and showing the following errors. My guess is that while using an PIM elevated account, the elevation expires and the result is a failed authentication and content expiration. Is that the correct way to…
asked 2023-01-11T18:24:02.6633333+00:00
Mike Flippin
0
Reputation points
commented 2023-01-17T05:47:45.3733333+00:00
Shweta Mathur
11,081
Reputation points Microsoft Employee
1 answer
FIDO Authentication with Security Keys not working on Mobile Devices
Hi there, We are trying to use FIDO security keys as a MFA solution. According to our tests, the login using FIDO security keys from an Android or Apple smartphones is not working as expected. The user chooses the option "Use Windows Hello or…
asked 2021-12-09T10:09:51.76+00:00
Ajaz Khan
196
Reputation points
commented 2023-01-11T00:07:15.523+00:00
Oliver Hunger
1
Reputation point
2 answers
How to activate Privileged Access Groups using Powershell?
I am trying to activate my privileged access groups using powershell however so far unable to do so. All the examples either in MS Docs site or google search only have examples regarding instruction to activate roles using powershell for PIM. Has anyone…
asked 2022-03-25T18:21:33.567+00:00
Sanjeev
11
Reputation points
commented 2023-01-06T11:48:05.78+00:00
Indhumathi Subramanian
1
Reputation point
2 answers
One of the answers was accepted by the question author.
Azure PIM expire eligible assignment after 3 year
I am trying confgure Azure Roles for Azure priviledged identity management. I am just wondering, if there is way to increase the eligible or active assignment for more than a year.
asked 2022-12-27T23:51:50.467+00:00
Malli Boppe
26
Reputation points
commented 2023-01-06T04:02:10.347+00:00
Alfredo Revilla (MSFT)
15,656
Reputation points Microsoft Employee
1 answer
report of eligible members of privileges access group using powershell commandlets
Hi All, Could you please suggest a way to pull report of eligible members of privileges access group using powershell commandlets Thanks, Indhu
asked 2023-01-04T18:08:07.673+00:00
Indhumathi Subramanian
1
Reputation point
answered 2023-01-04T19:24:21.977+00:00
Michael Durkan
6,136
Reputation points
0 answers
AzureAD Priviledged Access Management (Group Management) from ServiceNow - Cannot assign time-bound (temporary) group assignment
Trying to use API to temporarily assign Users to Groups in Azure AD Azure AD - Privileged Identity Management (PIM) from ServiceNow using ServiceNow - Azure AD Spoke. I can create group assignment in AzureAD as 'Permanent' but I cannot set it to…
asked 2022-12-28T11:23:47.17+00:00
Jakub Longauer
1
Reputation point
commented 2022-12-30T20:41:50.187+00:00
Marilee Turscak-MSFT
20,516
Reputation points Microsoft Employee
2 answers
SMTP for O365 with client credentials flow
Hi, As per the note in the following documentation "As per the current test with SMTP Oauth 2.0 client credential flow with non-interactive sign in is not supported." …
asked 2022-10-13T09:24:20.577+00:00
m2022
1
Reputation point
commented 2022-12-21T10:25:37.513+00:00
Shweta Mathur
11,081
Reputation points Microsoft Employee
2 answers
One of the answers was accepted by the question author.
Getting inactive or empty groups in Azure
Access Reviews. My client wants to get a report of inactive or empty groups in Azure I attached the screenshots showing that Access Review has only checkbox to report on inactive users but not groups. How can we get a report in Azure for…
asked 2022-06-10T16:54:39.97+00:00
Claudia Ferguson
81
Reputation points Microsoft Employee
commented 2022-12-21T10:16:26.257+00:00
Natkeeran Milan
1
Reputation point
1 answer
Entitlement Management | Provide Mandatory Answers Access Package Request via API
I have an access package that has a policy containing required questions. How would I pass in the required information? Nowhere in the documentation examples show how to pass answers/justification. The API Documentation -…
asked 2022-11-02T17:55:32.177+00:00
Tim
1
Reputation point
answered 2022-12-19T13:53:58.017+00:00
Akshay-MSFT
3,036
Reputation points Microsoft Employee
2 answers
How to automate rbac binding parameter allow permanent eligible assignment for owner
How can this parameter (Allow permanent eligible assignment) be automated with Terraform or Powershell to toggle from No (default) to Yes for the roles Owner, Contributor and/or Reader? Under Home->Privileged Identity Management|Azure resources…
asked 2022-11-30T17:06:02.31+00:00
john lear
1
Reputation point
answered 2022-12-13T17:59:01.437+00:00
Lear, John
1
Reputation point
2 answers
Where can I deactivate E-Mail notifications for a specific PIM role?
Hi! You get an email from Microsoft Azure when someone has assigned themselves to a role, now my question is: How can I disable these emails for a specific user, even if there are other users in the group who want to receive these emails. I…
asked 2022-11-25T14:21:12.84+00:00
Emre
1
Reputation point
commented 2022-12-02T18:44:21.877+00:00
JamesTran-MSFT
26,526
Reputation points Microsoft Employee