Configure security alerts for Azure roles in Privileged Identity Management
Privileged Identity Management (PIM) generates alerts when there's suspicious or unsafe activity in your organization in Azure Active Directory (Azure AD), part of Microsoft Entra. When an alert is triggered, it shows up on the Alerts page.
Select an alert to see a report that lists the users or roles that triggered the alert, along with remediation guidance.
|Too many owners assigned to a resource||Medium||Too many users have the owner role.||Review the users in the list and reassign some to less privileged roles.|
|Too many permanent owners assigned to a resource||Medium||Too many users are permanently assigned to a role.||Review the users in the list and reassign some to require activation for role use.|
|Duplicate role created||Medium||Multiple roles have the same criteria.||Use only one of these roles.|
|Roles are being assigned outside of Privileged Identity Management (Preview)||High||A role is managed directly through the Azure IAM resource, or the Azure Resource Manager API.||Review the users in the list and remove them from privileged roles assigned outside of Privilege Identity Management.|
During the public preview of the Roles are being assigned outside of Privileged Identity Management (Preview) alert, Microsoft supports only permissions that are assigned at the subscription level.
- High: Requires immediate action because of a policy violation.
- Medium: Doesn't require immediate action but signals a potential policy violation.
- Low: Doesn't require immediate action but suggests a preferred policy change.
Configure security alert settings
Follow these steps to configure security alerts for Azure roles in Privileged Identity Management:
Sign in to the Azure portal.
Open Azure AD Privileged Identity Management. For information about how to add the Privileged Identity Management tile to your dashboard, see Start using Privileged Identity Management.
From the left menu, select Azure resources.
From the list of resources, select your Azure subscription.
On the Alerts page, select Settings.
Customize settings on the different alerts to work with your environment and security goals.