How to use Privileged Identity Management (PIM)

ELEARNINGFORCE uses Azure Privileged Identity Management to protect our organization from accidental or malicious activity by reducing persistent access to Azure resources and Azure AD, providing just-in-time (JIT) or time-limited access when needed including required justification.

More information you can find in the Course "How to use Privileged Identity Management (PIM)

 

Activate Azure AD roles in PIM 

  1. Sign in to the Azure portal or use a direct link to Azure Resources.

  2. Open Azure AD Privileged Identity Management. For information about how to add the Privileged Identity Management tile to your dashboard, see Start using Privileged Identity Management.

  3. Select My roles, and then select Azure AD roles to see a list of your eligible Azure AD roles.

    My roles page showing roles you can activate

  4. In the Azure AD roles list, find the role you want to activate.

    Azure AD roles - My eligible roles list

  5. Select Activate to open the Activate page.

    Azure AD roles - activation page contains duration and scope

  6. If your role requires multi-factor authentication, select Verify your identity before proceeding. You only have to authenticate once per session.

    Verify my identity with MFA before role activation

  7. Select Verify my identity and follow the instructions to provide additional security verification.

    Screen to provide security verification such as a PIN code

  8. If you want to specify a reduced scope, select Scope to open the filter pane. On the filter pane, you can specify the Azure AD resources that you need access to. It's a best practice to request access to only the resources you need.

  9. If necessary, specify a custom activation start time. The Azure AD role would be activated after the selected time.

  10. In the Reason box, enter the reason for the activation request.

  11. Select Activate.

    If the role requires approval to activate, a notification will appear in the upper right corner of your browser informing you the request is pending approval.

    Activation request is pending approval notification

 

Activate my Azure resource roles in PIM 

  1. Sign in to the Azure portal.

  2. Open Azure AD Privileged Identity Management. For information about how to add the Privileged Identity Management tile to your dashboard, see Start using Privileged Identity Management.

  3. Select My roles.

    My roles page showing roles you can activate

  4. Select Azure resource roles to see a list of your eligible Azure resource roles.

    My roles - Azure resource roles page

  5. In the Azure resource roles list, find the role you want to activate.

    Azure resource roles - My eligible roles list

  6. Select Activate to open the Activate page.

    The opened Activate pane with scope, start time, duration, and reason

  7. If your role requires multi-factor authentication, select Verify your identity before proceeding. You only have to authenticate once per session.

    Verify my identity with MFA before role activation

  8. Select Verify my identity and follow the instructions to provide additional security verification.

    Screen to provide security verification such as a PIN code

  9. If you want to specify a reduced scope, select Scope to open the Resource filter pane.

    It's a best practice to only request access to the resources you need. On the Resource filter pane, you can specify the resource groups or resources that you need access to.

    Activate - Resource filter pane to specify scope

  10. If necessary, specify a custom activation start time. The member would be activated after the selected time.

  11. In the Reason box, enter the reason for the activation request.

    Completed Activate pane with scope, start time, duration, and reason

  12. Select Activate.

    If the role requires approval to activate, a notification will appear in the upper right corner of your browser informing you the request is pending approval.

    Activation request is pending approval notification

 

Was this article helpful?
0 out of 0 found this helpful
Have more questions? Submit a request

Comments

Please sign in to leave a comment.