Azure AD Privileged Identity Management – also called AzureAD PIM.

This it a Azure AD Premium feature that give you Just-in-Time Admin Access in Azure.

The feature is just what you need is you a concerned about who, where and when a admin user have access to your Microsoft cloud. This is the first of a series of blogpost about AzureAD PIM.

AzureAD PIM is at the moment still in preview – that’s not a reason not to getting started with access management for users that have some kind of admin rights.

To setup  AzureAD PIM – you need to signin to the new Azure portal with a Global Admin that has a Azure AD Premium license: https://portal.azure.com/

Go to the marketplace and search for Azure AD and select Azure AD Privileged Identity Management (Preview)

Select Create

Select verify your permission to PIM – after you have verified select Create

Now the PIM service will search your Azure AD for Administrators

Select Next

Select Admins that you what to make eligible to activate PIM on

Select Next

Select Ok

Then the Azure AD Privileged Identity Management is pined to your Azure dashboard

You also receive a mail notification

Getting into the service for the first time:

he first ting you will notice is the Alert about you have Roles that don’t requires MFA

Select the link

Select … at the Global Administrator

Select Fix

Select Yes – and all the AzureAD Global Administrators now requires MFA to login.

You need to try this out if you care about security and who have administrators access to your Azure AD.

See my other post about AzureAD PIM

AzureAD PIM – how to setup a privileged role