Privileged Identity Management Archives

Privileged Identity Management (PIM) – Common Microsoft 365 Security Mistakes Series

Entra ID's P2 license (previously Azure AD Premium P2) unlocks the Privileged Identity Management (PIM). PIM is part of broader identity governance features, and is most known for enabling just-in-time admin rights. For example, you are eligible to become an administrator for a maximum of X hours, at which point the permissions expire and you need to reactivate. This blog covers five of the common misconfigurations and misunderstandings I see with customers. Intuitive as…

Access Reviews Conditional Access Entitlement Management Entra ID (Azure Active Directory) Microsoft 365 Microsoft Defender for Cloud Apps Privileged Identity Management

Conditional Access – Common Microsoft 365 Security Mistakes Series

Conditional Access (CA) is front and center of any attempt to secure Microsoft 365. If you've spent any time securing your tenant and Entra resources, you'll know what Conditional Access is by now, so we'll assume at least a level 200 understanding, skip the introduction, and instead dive into the most common mistakes I see when helping folks out with it. These aren't listed in any particular order, and the devil's in the details,…

Entra ID (Azure Active Directory) Identity Governance Microsoft 365 Privileged Identity Management

Getting Started with Azure AD Identity Governance – Part 3: Privileged Identity Management (PIM)

This blog is the last in a small series on Azure AD Premium P2's Identity Governance toolkit. Part 1: Entitlement Management Part 2: Access Reviews Part 3: Privileged Identity Management (PIM) (this post) PIM is an Azure AD P2 feature that enables just-in-time (JIT) admin rights in Azure and Azure AD. Historically, best practice has been for users to have a separate account for admin tasks, as protection against the primary account if breached. …