Azure AD Privileged Identity Management – also called AzureAD PIM.

This it a Azure AD Premium feature that give you Just-in-Time Admin Access in Azure.

The feature is just what you need is you a concerned about who, where and when a admin user have access to your Microsoft cloud. This is the first of a series of blogpost about AzureAD PIM.

AzureAD PIM is at the moment still in preview – that’s not a reason not to getting started with access management for users that have some kind of admin rights.

To setup  AzureAD PIM – you need to signin to the new Azure portal with a Global Admin that has a Azure AD Premium license: https://portal.azure.com/

Go to the marketplace and search for Azure AD and select Azure AD Privileged Identity Management (Preview)

Setup PIM 1

Select Create

Setup PIM 2

Select verify your permission to PIM – after you have verified select Create

Setup PIM 3

Now the PIM service will search your Azure AD for Administrators

Select Next

Setup PIM 4

Select Admins that you what to make eligible to activate PIM on

Select Next

Setup PIM 6

Select Ok

Setup PIM 7

Then the Azure AD Privileged Identity Management is pined to your Azure dashboard

Request GlobalAdmin

You also receive a mail notification

Mail1

Getting into the service for the first time:

he first ting you will notice is the Alert about you have Roles that don’t requires MFA

Select the link

PIM MFA 1

Select … at the Global Administrator

PIM MFA 2

Select Fix

PIM MFA 3

Select Yes – and all the AzureAD Global Administrators now requires MFA to login.

PIM MFA 4

 

You need to try this out if you care about security and who have administrators access to your Azure AD.

See my other post about AzureAD PIM

AzureAD PIM – how to setup a privileged role