DEV Community

loading...

Azure AD Privileged Identity Management

SUNIL KUMAR
Cloud And Web Security Enthusiastic
・2 min read

What is PIM?
Privileged Identity Management (PIM) is a service in Azure Active Directory that enables you to manage, control, and monitor access to important resources in your organization. These resources include resources in Azure AD, Azure, and other Microsoft Online Services such as Microsoft 365 or Microsoft Intune.

Why should you adopt this solution?
If you want to minimize the number of people who have access to secure information or resources because that reduces the chance of a malicious actor getting that access, or an authorized user inadvertently impacting a sensitive resource. However, users still need to carry out privileged operations in Azure AD, Azure, Microsoft 365, or SaaS apps. Organizations can give users just-in-time privileged access to Azure resources and Azure AD. There is a need for oversight for what those users are doing with their administrator privileges.

Now let's deploy PIM-
To deploy PIM first we need to enable Access management for Azure resources. To enable the same we will go to Azure AD> Properties and will enable Access management.

image

Now let's assign an Application Administrator role to John Duo user. To do so first we will find an Application Administrator in the roles section.
image

Now to add members we will click on add assignments and will select user.
image

By default, the assignment type is Eligible which means we need to activate the assignment whenever require.
image

Now John Duo needs to go to PIM and click on my roles. He can see eligible and active roles.
image

Now user can see the resources and resources group he is given access to.

Let's understand some functionalities-
Pending requests-
It displays users' pending requests to activate eligible role assignments.

Approve requests-
Displays a list of requests to activate eligible roles by users in your directory that you are designated to approve.

Review access-
Lists active access reviews you are assigned to complete, whether you're reviewing access for yourself or someone else.

Azure AD roles-
image

Here the administrator can see a log and analysis of roles he has assigned to others.

Hopefully, you get a brief idea about Azure AD PIM. Please hit follow to stay updated about such writeups.

Discussion (0)