Privileged Identity Management

Overview

PIM provides time-based and approval-based role activation to access resources. This helps to mitigate the risks of excessive, unnecessary, or misused access permissions on resources that you care about. Key features of PIM include:

Provide just-in-time privileged access to Azure AD and Azure resources
Assign time-bound access to resources using start and end dates
Require approval to activate privileged roles
Enforce Azure AD Multi-Factor Authentication to activate any role
Use justification to understand why users activate
Get notifications when privileged roles are activated
Conduct access reviews to ensure users still need roles
Download audit history for internal or external audit

PIM requires a Premium P2 license.

Assignment Types

Active: active when logged in
Eligible: active when requested

Reference

https://learn.microsoft.com/en-us/training/modules/plan-implement-privileged-access/2-define-strategy-for-administrative-users

PreviousManaged Identity NextAzure CLI

Last updated 2 years ago