Azure AD Privileged Identity Management – also called AzureAD PIM.

This it a Azure AD Premium feature that give you Just-in-Time Admin Access in Azure.

The feature is just what you need is you a concerned about who, where and when a admin user have access to your Microsoft cloud. This is the first of a series of blogpost about AzureAD PIM.

AzureAD PIM is at the moment still in preview – that’s not a reason not to getting started with access management for users that have some kind of admin rights.

To setup  AzureAD PIM – you need to signin to the new Azure portal with a Global Admin that has a Azure AD Premium license:

Go to the marketplace and search for Azure AD and select Azure AD Privileged Identity Management (Preview)

Setup PIM 1

Select Create

Setup PIM 2

Select verify your permission to PIM – after you have verified select Create

Setup PIM 3

Now the PIM service will search your Azure AD for Administrators

Select Next

Setup PIM 4

Select Admins that you what to make eligible to activate PIM on

Select Next

Setup PIM 6

Select Ok

Setup PIM 7

Then the Azure AD Privileged Identity Management is pined to your Azure dashboard

Request GlobalAdmin

You also receive a mail notification


Getting into the service for the first time:

he first ting you will notice is the Alert about you have Roles that don’t requires MFA

Select the link


Select … at the Global Administrator


Select Fix


Select Yes – and all the AzureAD Global Administrators now requires MFA to login.



You need to try this out if you care about security and who have administrators access to your Azure AD.

See my other post about AzureAD PIM

AzureAD PIM – how to setup a privileged role