Privileged Identity Management – PIM – Keep exploring Security concepts

Hi All,
Greetings for the day !!! LIFE IS BEAUTIFUL 🙂
Recently, got a chance to present session on PIM in M365 Chicago event. So sharing the article – one of the very important Azure AD service as perspective to SECURITY
This will be multiple article series. Today we will discuss – Introduction to PIM
Take away from this article
- What is PIM
- What we can do with PIM
- Navigation to PIM service
- Licensing requirement for using PIM service
What is PIM
- Privileged Identity Management (PIM) is a service in Azure Active Directory (Azure AD)
- PIM enables you to manage, control, and monitor access to important resources in our organization
- Resources are
- Resources in
- Azure AD
- Azure
- Microsoft 365
- Microsoft Intune
- Resources in
WHY to use PIM
- To minimize the number of people who have access to secure information or resources
- Give users just-in-time privileged access to Azure and Azure AD resources and can oversee what those users are doing with their privileged access
WHAT PIM DOES
- Privileged Identity Management provides time-based and approval-based role activation
- Provide just-in-time privileged access to Azure AD and Azure resources
- Assign time-bound access to resources using start and end dates
- Require approval to activate privileged roles
- Enforce multi-factor authentication to activate any role – We have demo for the same in next article
- Use justification to understand why users activate – We have demo for the same in next article
- Get notifications when privileged roles are activated – We have demo for the same in next article
- Conduct access reviews to ensure users still need roles
- Download audit history for internal or external audit – We have demo for the same in upcoming article
- Prevents removal of the last active Global Administrator and Privileged Role Administrator role assignments
Navigating to PIM service
- There are two ways we can navigate to PIM service
- Azure Portal
- Microsoft Entra admin center
- We have very detailed article to navigate PIM service from AZURE portal – Small Tips and Tricks – Azure – Navigating to – Privileged Identity Management service – https://knowledge-junction.in/2022/11/06/small-tips-and-tricks-azure-navigating-to-privileged-identity-management-service/
- Navigating PIM service from Microsoft Entra admin center
- Navigate to URL – https://entra.microsoft.com/
- From left pane – expand the section – “Identity Governance”
- From the options, click on “Privileged Identity Management“
License requirements
- We must have one of the following licenses
- Azure AD Premium P2
- Enterprise Mobility + Security (EMS) E5
- If you dont have PIM you could try for PIM free trial – https://www.microsoft.com/en-us/security/business/identity-access/azure-active-directory-enable
- We can also also try free trial from – https://www.microsoft.com/en-us/security/business/get-started/start-free-trial

ROLES required
- Privileged Role Administrator or Global Administrator role can manage assignments for other administrators
- Global Administrators, Security Administrators, Global Readers, and Security Readers can view assignments to Azure AD roles in Privileged Identity Management.
REFERENCES
- Azure Identity And Access Management Part 11 – Azure Active Directory – Privileged Identity Management (PIM) – https://knowledge-junction.in/2020/05/17/azure-identity-and-access-management-part-11-azure-active-directory-privileged-identity-management-pim/
- Small Tips and Tricks – Azure – Navigating to – Privileged Identity Management service from Azure Portal – https://knowledge-junction.in/2022/11/06/small-tips-and-tricks-azure-navigating-to-privileged-identity-management-service/
Next Article – In next article we will discuss one of the use case of PIM – assigning time bound role to user (Assigning specific role to user for specific time)
Thanks for reading the article !!! Please feel free to discuss in case any issues / suggestions / thoughts / questions !!!
HAVE A GREAT TIME AHEAD !!! LIFE IS BEAUTIFUL 🙂
You must be logged in to post a comment.