Azure AD Privileged Identity Management – also called AzureAD PIM.
This it a Azure AD Premium feature that give you Just-in-Time Admin Access in Azure.
The feature is just what you need is you a concerned about who, where and when a admin user have access to your Microsoft cloud. This is the first of a series of blogpost about AzureAD PIM.
AzureAD PIM is at the moment still in preview – that’s not a reason not to getting started with access management for users that have some kind of admin rights.
To setup AzureAD PIM – you need to signin to the new Azure portal with a Global Admin that has a Azure AD Premium license: https://portal.azure.com/
Go to the marketplace and search for Azure AD and select Azure AD Privileged Identity Management (Preview)
Select verify your permission to PIM – after you have verified select Create
Now the PIM service will search your Azure AD for Administrators
Select Admins that you what to make eligible to activate PIM on
Then the Azure AD Privileged Identity Management is pined to your Azure dashboard
You also receive a mail notification
Getting into the service for the first time:
he first ting you will notice is the Alert about you have Roles that don’t requires MFA
Select the link
Select … at the Global Administrator
Select Yes – and all the AzureAD Global Administrators now requires MFA to login.
You need to try this out if you care about security and who have administrators access to your Azure AD.
See my other post about AzureAD PIM