Microsoft Q&A

Azure Active Directory Priviledged Identity Management

145 questions

An Azure technology that is designed to manage privileged identities and their access rights.

145 questions with Azure Active Directory Priviledged Identity Management-related tags

Sort by: Updated
1 answer

MS-PIM Is Automatically Removing then Adding Privileged Access Group Assignments Back

I'm seeing an odd behavior in the audit logs of some of the Privileged Access groups that we use at my company. The same member is being removed and added back at random times daily. I'm not seeing this behavior with every member of the Privileged…

Azure Active Directory
Azure Active Directory
An Azure enterprise identity service that provides single sign-on and multi-factor authentication.
12,621 questions
Azure Active Directory Priviledged Identity Management
asked 2023-01-27T20:01:29.9066667+00:00
Brandon Boudreau 0 Reputation points
edited an answer 2023-01-27T22:04:23.3433333+00:00
Andy David - MVP 109.5K Reputation points Microsoft MVP
1 answer

Deleting inactive users from Azure AD and On-premise AD

I have a question about managing groups and users. I have a couple of inactive users in my organization whose license has been revoked but their account still exists in my Azure environment. Now my question is how I delete these users in my Azure AD and…

Microsoft Exchange Hybrid Management
Microsoft Exchange Hybrid Management
Microsoft Exchange: Microsoft messaging and collaboration software.Hybrid Management: Organizing, handling, directing or controlling hybrid deployments.
1,236 questions
Azure Active Directory Priviledged Identity Management
Azure Role-based access control
Azure Role-based access control
An Azure service that provides fine-grained access management for Azure resources, enabling you to grant users only the rights they need to perform their jobs.
371 questions
asked 2023-01-27T15:35:38.5633333+00:00
Sri Borra 0 Reputation points
answered 2023-01-27T16:33:21.62+00:00
Marshaljs 26,571 Reputation points
1 answer

We want to send weekly report over a email to Management for resource audit functionality in PIM

We want to send weekly report over a email to Management for resource audit functionality in PIM Azure AD. The requirement is if for certain subscription , suppose "X" number users activated their access through PIM. So, need the report of…

Azure Active Directory Priviledged Identity Management
asked 2023-01-09T08:49:26.43+00:00
Siva Poreddy 1 Reputation point
edited the question 2023-01-27T09:47:27.99+00:00
Shweta Mathur 11,081 Reputation points Microsoft Employee
0 answers

how to take RDP of existing Virtual machine with azure AD

Hi, we need to have 2 accounts set up to have administrative access to all of the Windows Server VM's, so that we can RDP to each VM, map drives between VM's, etc.  I'm not sure how Azure manages this, but there's already an AD domain, with the two user…

Azure Active Directory
Azure Active Directory
An Azure enterprise identity service that provides single sign-on and multi-factor authentication.
12,621 questions
Azure Active Directory Priviledged Identity Management
Remote Desktop
Remote Desktop
A Microsoft app that connects remotely to computers and to virtual apps and desktops.
3,038 questions
Azure Virtual Machines
Azure Virtual Machines
An Azure service that is used to provision Windows and Linux virtual machines.
4,573 questions
asked 2023-01-11T20:50:57.7533333+00:00
sultan 46 Reputation points
edited a comment 2023-01-27T07:36:18.6066667+00:00
Prrudram-MSFT 10,376 Reputation points Microsoft Employee
1 answer

Scoped PIM assignment (schedules) do not show up in API

Active assignments of certain directory roles (for example "Application Administrator") that are limited to the scope of a service principal or application do not show up in /rolemanagement/directory/roleAssignmentScheduleRequests or…

Azure Active Directory
Azure Active Directory
An Azure enterprise identity service that provides single sign-on and multi-factor authentication.
12,621 questions
Azure Active Directory Priviledged Identity Management
Azure Role-based access control
Azure Role-based access control
An Azure service that provides fine-grained access management for Azure resources, enabling you to grant users only the rights they need to perform their jobs.
371 questions
asked 2023-01-25T14:56:08.64+00:00
Stefan Boerner 0 Reputation points
commented 2023-01-26T07:19:03.39+00:00
Stefan Boerner 0 Reputation points
1 answer One of the answers was accepted by the question author.

What is difference between Service Principal and Managed Identity

I would like to know more about Service principal and Managed identity/ User assigned identity and its usage.

Azure Active Directory Priviledged Identity Management
asked 2023-01-23T19:24:42.86+00:00
ATUL PATIL 40 Reputation points
commented 2023-01-24T08:51:14.8+00:00
ATUL PATIL 40 Reputation points
1 answer

Exporting Azure PIM Approvers

How do you export a list of all PIM Approvers from all Azure Built in Roles. As an example screenshot for User Admin, the approval list. How do I export these at once for all roles.

Azure Active Directory Priviledged Identity Management
Azure Active Directory
Azure Active Directory
An Azure enterprise identity service that provides single sign-on and multi-factor authentication.
12,621 questions
asked 2023-01-19T16:48:38.0333333+00:00
H Raja 191 Reputation points
edited a comment 2023-01-20T13:49:53.64+00:00
Vasil Michev 61,741 Reputation points Microsoft MVP
0 answers

When trying to assign roles in subscription via PIM I get an error

I get the following error when trying to assign roles via PIM in subscription. Cannot read properties of null (reading 'externalId') Resource IDNot available ExtensionMicrosoft_Azure_PIMCommon ContentResourceMenuBlade Error code-- I have been able…

Azure Active Directory Priviledged Identity Management
asked 2023-01-16T09:53:24.45+00:00
Michael Bennett 21 Reputation points
commented 2023-01-18T06:11:34.9333333+00:00
Givary-MSFT 11,431 Reputation points Microsoft Employee
1 answer

Azure AD PIM - pass that ticketing rule parameter Graph API

Message: The following policy rules failed: ["TicketingRule"] Can someone please help/advice how can I pass the value for ticket-number field while activating roles. I can easily activate roles which doesn't have ticket Number field. …

Azure Active Directory
Azure Active Directory
An Azure enterprise identity service that provides single sign-on and multi-factor authentication.
12,621 questions
Azure Active Directory Priviledged Identity Management
asked 2023-01-09T05:55:37.307+00:00
Faizan Chaudhary 21 Reputation points
commented 2023-01-17T08:23:15.16+00:00
TP 10,696 Reputation points
1 answer

API Integration issues - OATH content deadline exceeded

Hello, I have an API integration that is failing and showing the following errors. My guess is that while using an PIM elevated account, the elevation expires and the result is a failed authentication and content expiration. Is that the correct way to…

Azure Active Directory Priviledged Identity Management
asked 2023-01-11T18:24:02.6633333+00:00
Mike Flippin 0 Reputation points
commented 2023-01-17T05:47:45.3733333+00:00
Shweta Mathur 11,081 Reputation points Microsoft Employee
1 answer

FIDO Authentication with Security Keys not working on Mobile Devices

Hi there, We are trying to use FIDO security keys as a MFA solution. According to our tests, the login using FIDO security keys from an Android or Apple smartphones is not working as expected. The user chooses the option "Use Windows Hello or…

Azure Active Directory
Azure Active Directory
An Azure enterprise identity service that provides single sign-on and multi-factor authentication.
12,621 questions
Azure Active Directory Priviledged Identity Management
Microsoft Authenticator
Microsoft Authenticator
A Microsoft app for iOS and Android devices that enables authentication with two-factor verification, phone sign-in, and code generation.
2,578 questions
asked 2021-12-09T10:09:51.76+00:00
Ajaz Khan 196 Reputation points
commented 2023-01-11T00:07:15.523+00:00
Oliver Hunger 1 Reputation point
2 answers

How to activate Privileged Access Groups using Powershell?

I am trying to activate my privileged access groups using powershell however so far unable to do so. All the examples either in MS Docs site or google search only have examples regarding instruction to activate roles using powershell for PIM. Has anyone…

Azure Active Directory Priviledged Identity Management
asked 2022-03-25T18:21:33.567+00:00
Sanjeev 11 Reputation points
commented 2023-01-06T11:48:05.78+00:00
Indhumathi Subramanian 1 Reputation point
2 answers One of the answers was accepted by the question author.

Azure PIM expire eligible assignment after 3 year

I am trying confgure Azure Roles for Azure priviledged identity management. I am just wondering, if there is way to increase the eligible or active assignment for more than a year.

Azure Active Directory Priviledged Identity Management
asked 2022-12-27T23:51:50.467+00:00
Malli Boppe 26 Reputation points
commented 2023-01-06T04:02:10.347+00:00
Alfredo Revilla (MSFT) 15,656 Reputation points Microsoft Employee
1 answer

report of eligible members of privileges access group using powershell commandlets

Hi All, Could you please suggest a way to pull report of eligible members of privileges access group using powershell commandlets Thanks, Indhu

Azure Active Directory Priviledged Identity Management
asked 2023-01-04T18:08:07.673+00:00
Indhumathi Subramanian 1 Reputation point
answered 2023-01-04T19:24:21.977+00:00
Michael Durkan 6,136 Reputation points
0 answers

AzureAD Priviledged Access Management (Group Management) from ServiceNow - Cannot assign time-bound (temporary) group assignment

Trying to use API to temporarily assign Users to Groups in Azure AD Azure AD - Privileged Identity Management (PIM) from ServiceNow using ServiceNow - Azure AD Spoke. I can create group assignment in AzureAD as 'Permanent' but I cannot set it to…

Azure Active Directory
Azure Active Directory
An Azure enterprise identity service that provides single sign-on and multi-factor authentication.
12,621 questions
Azure Active Directory Priviledged Identity Management
asked 2022-12-28T11:23:47.17+00:00
Jakub Longauer 1 Reputation point
commented 2022-12-30T20:41:50.187+00:00
Marilee Turscak-MSFT 20,516 Reputation points Microsoft Employee
2 answers

SMTP for O365 with client credentials flow

Hi, As per the note in the following documentation "As per the current test with SMTP Oauth 2.0 client credential flow with non-interactive sign in is not supported." …

Azure Active Directory Priviledged Identity Management
asked 2022-10-13T09:24:20.577+00:00
m2022 1 Reputation point
commented 2022-12-21T10:25:37.513+00:00
Shweta Mathur 11,081 Reputation points Microsoft Employee
2 answers One of the answers was accepted by the question author.

Getting inactive or empty groups in Azure

Access Reviews. My client wants to get a report of inactive or empty groups in Azure I attached the screenshots showing that Access Review has only checkbox to report on inactive users but not groups. How can we get a report in Azure for…

Azure Active Directory
Azure Active Directory
An Azure enterprise identity service that provides single sign-on and multi-factor authentication.
12,621 questions
Azure Active Directory Priviledged Identity Management
asked 2022-06-10T16:54:39.97+00:00
Claudia Ferguson 81 Reputation points Microsoft Employee
commented 2022-12-21T10:16:26.257+00:00
Natkeeran Milan 1 Reputation point
1 answer

Entitlement Management | Provide Mandatory Answers Access Package Request via API

I have an access package that has a policy containing required questions. How would I pass in the required information? Nowhere in the documentation examples show how to pass answers/justification. The API Documentation -…

Azure Active Directory
Azure Active Directory
An Azure enterprise identity service that provides single sign-on and multi-factor authentication.
12,621 questions
Azure Active Directory Priviledged Identity Management
Microsoft Graph
Microsoft Graph
A Microsoft programmability model that exposes REST APIs and client libraries to access data on Microsoft 365 services.
572 questions
asked 2022-11-02T17:55:32.177+00:00
Tim 1 Reputation point
answered 2022-12-19T13:53:58.017+00:00
Akshay-MSFT 3,036 Reputation points Microsoft Employee
2 answers

How to automate rbac binding parameter allow permanent eligible assignment for owner

How can this parameter (Allow permanent eligible assignment) be automated with Terraform or Powershell to toggle from No (default) to Yes for the roles Owner, Contributor and/or Reader? Under Home->Privileged Identity Management|Azure resources…

Azure Active Directory Priviledged Identity Management
Azure Role-based access control
Azure Role-based access control
An Azure service that provides fine-grained access management for Azure resources, enabling you to grant users only the rights they need to perform their jobs.
371 questions
asked 2022-11-30T17:06:02.31+00:00
john lear 1 Reputation point
answered 2022-12-13T17:59:01.437+00:00
Lear, John 1 Reputation point
2 answers

Where can I deactivate E-Mail notifications for a specific PIM role?

Hi! You get an email from Microsoft Azure when someone has assigned themselves to a role, now my question is: How can I disable these emails for a specific user, even if there are other users in the group who want to receive these emails. I…

Azure Active Directory Priviledged Identity Management
asked 2022-11-25T14:21:12.84+00:00
Emre 1 Reputation point
commented 2022-12-02T18:44:21.877+00:00
JamesTran-MSFT 26,526 Reputation points Microsoft Employee