Privileged Identity Management – PIM – Keep exploring Security concepts

Privileged Identity Management service
Privileged Identity Management service

Hi All,

Greetings for the day !!! LIFE IS BEAUTIFUL πŸ™‚

Recently, got a chance to present session on PIM in M365 Chicago event. So sharing the article – one of the very important Azure AD service as perspective to SECURITY

This will be multiple article series. Today we will discuss – Introduction to PIM

Take away from this article

  • What is PIM
  • What we can do with PIM
  • Navigation to PIM service
  • Licensing requirement for using PIM service

What is PIM

  • Privileged Identity Management (PIM) is a service in Azure Active Directory (Azure AD)
      • PIM enables you to manage, control, and monitor access to important resources in our organization
        • Resources are
          • Resources in
            • Azure AD
            • Azure
            • Microsoft 365
            • Microsoft Intune
        fig : Azure - Azure AD PIM
        fig : Azure – Azure AD PIM

        WHY to use PIM

        • To minimize the number of people who have access to secure information or resources
        • Give users just-in-time privileged access to Azure and Azure AD resources and can oversee what those users are doing with their privileged access


        • Privileged Identity Management provides time-based and approval-based role activation
        • Provide just-in-time privileged access to Azure AD and Azure resources
        • Assign time-bound access to resources using start and end dates
        • Require approval to activate privileged roles
        • Enforce multi-factor authentication to activate any role – We have demo for the same in next article
        • Use justification to understand why users activate – We have demo for the same in next article
        • Get notifications when privileged roles are activated – We have demo for the same in next article
        • Conduct access reviews to ensure users still need roles
        • Download audit history for internal or external audit – We have demo for the same in upcoming article
        • Prevents removal of the last active Global Administrator and Privileged Role Administrator role assignments

        Navigating to PIM service

        fig : Microsoft Entra admin center - Navigating to PIM
        fig : Microsoft Entra admin center – Navigating to PIM

        License requirements

        fig : Azure AD - free trial
        fig : Azure AD – free trial
        fig : Azure AD - free trial
        fig : Azure AD – free trial

        ROLES required

        • Privileged Role Administrator or Global Administrator role can manage assignments for other administrators
        • Global Administrators, Security Administrators, Global Readers, and Security Readers can view assignments to Azure AD roles in Privileged Identity Management.


        Next Article In next article we will discuss one of the use case of PIM – assigning time bound role to user (Assigning specific role to user for specific time)

          Thanks for reading the article !!! Please feel free to discuss in case any issues / suggestions / thoughts / questions !!!


          Prasham Sabadra

          LIFE IS VERY BEAUTIFUL :) ENJOY THE WHOLE JOURNEY :) Founder of Knowledge Junction and, Author, Learner, Passionate Techie, avid reader. Certified Professional Workshop Facilitator / Public Speaker. Scrum Foundation Professional certificated. Motivational, Behavioral , Technical speaker. Speaks in various events including SharePoint Saturdays, Boot camps, Collages / Schools, local chapter. Can reach me for Microsoft 365, Azure, DevOps, SharePoint, Teams, Power Platform, JavaScript.

          You may also like...

          Leave a Reply

          This site uses Akismet to reduce spam. Learn how your comment data is processed.

          %d bloggers like this: