Hi All,

Greetings for the day !!! LIFE IS BEAUTIFUL 🙂

Recently, got a chance to present session on PIM in M365 Chicago event. So sharing the article – one of the very important Azure AD service as perspective to SECURITY

This will be multiple article series. Today we will discuss – Introduction to PIM

Take away from this article

• What is PIM
• What we can do with PIM
• Navigation to PIM service
• Licensing requirement for using PIM service

What is PIM

• Privileged Identity Management (PIM) is a service in Azure Active Directory (Azure AD)
• PIM enables you to manage, control, and monitor access to important resources in our organization
• Resources are
  • Resources in
    • Azure AD
    • Azure
    • Microsoft 365
    • Microsoft Intune

WHY to use PIM

• To minimize the number of people who have access to secure information or resources
• Give users just-in-time privileged access to Azure and Azure AD resources and can oversee what those users are doing with their privileged access

WHAT PIM DOES

• Privileged Identity Management provides time-based and approval-based role activation
• Provide just-in-time privileged access to Azure AD and Azure resources
• Assign time-bound access to resources using start and end dates
• Require approval to activate privileged roles
• Enforce multi-factor authentication to activate any role – We have demo for the same in next article
• Use justification to understand why users activate – We have demo for the same in next article
• Get notifications when privileged roles are activated – We have demo for the same in next article
• Conduct access reviews to ensure users still need roles
• Download audit history for internal or external audit – We have demo for the same in upcoming article
• Prevents removal of the last active Global Administrator and Privileged Role Administrator role assignments

Navigating to PIM service

• There are two ways we can navigate to PIM service
  • Azure Portal
  • Microsoft Entra admin center
• We have very detailed article to navigate PIM service from AZURE portal – Small Tips and Tricks – Azure – Navigating to – Privileged Identity Management service – https://knowledge-junction.in/2022/11/06/small-tips-and-tricks-azure-navigating-to-privileged-identity-management-service/
• Navigating PIM service from Microsoft Entra admin center
  • Navigate to URL – https://entra.microsoft.com/
  • From left pane – expand the section – “Identity Governance”
  • From the options, click on “Privileged Identity Management“

License requirements

• We must have one of the following licenses
  • Azure AD Premium P2
  • Enterprise Mobility + Security (EMS) E5
• If you dont have PIM you could try for PIM free trial – https://www.microsoft.com/en-us/security/business/identity-access/azure-active-directory-enable

• We can also also try free trial from – https://www.microsoft.com/en-us/security/business/get-started/start-free-trial

ROLES required

• Privileged Role Administrator or Global Administrator role can manage assignments for other administrators
• Global Administrators, Security Administrators, Global Readers, and Security Readers can view assignments to Azure AD roles in Privileged Identity Management.

REFERENCES

• Azure Identity And Access Management Part 11 – Azure Active Directory – Privileged Identity Management (PIM) – https://knowledge-junction.in/2020/05/17/azure-identity-and-access-management-part-11-azure-active-directory-privileged-identity-management-pim/
• Small Tips and Tricks – Azure – Navigating to – Privileged Identity Management service from Azure Portal – https://knowledge-junction.in/2022/11/06/small-tips-and-tricks-azure-navigating-to-privileged-identity-management-service/

Next Article – In next article we will discuss one of the use case of PIM – assigning time bound role to user (Assigning specific role to user for specific time)

Thanks for reading the article !!! Please feel free to discuss in case any issues / suggestions / thoughts / questions !!!

HAVE A GREAT TIME AHEAD !!! LIFE IS BEAUTIFUL 🙂