Pim on Ru Campbell MVP

Privileged Identity Management (PIM) – Common Microsoft 365 Security Mistakes Series

Sun, 19 Nov 2023 14:01:41 +0000

Entra ID’s P2 license (previously Azure AD Premium P2) unlocks the Privileged Identity Management (PIM). PIM is part of broader identity governance features, and is most known for enabling just-in-time admin rights. For example, you are eligible to become an administrator for a maximum of X hours, at which point the permissions expire and you need to reactivate.

This blog covers five of the common misconfigurations and misunderstandings I see with customers. Intuitive as PIM may appear, there are some gotchas you need to be aware of. It is a follow up from my previous Conditional Access – Common Microsoft 365 Security Mistakes Series article.

Getting Started with Azure AD Identity Governance – Part 3: Privileged Identity Management (PIM)

Sun, 16 Aug 2020 14:13:09 +0000

This blog is the last in a small series on Azure AD Premium P2’s Identity Governance toolkit.

Part 1: Entitlement Management

Part 2: Access Reviews

Part 3: Privileged Identity Management (PIM) (this post)

PIM is an Azure AD P2 feature that enables just-in-time (JIT) admin rights in Azure and Azure AD. Historically, best practice has been for users to have a separate account for admin tasks, as protection against the primary account if breached. While this is still supported under PIM, it’s less of a requirement - PIM makes admin rights time bound on the same account and optionally require approval to activate.