Planning and Implementing Privileged Identity Management
Privileged Identity Management (PIM) is the logical next step in RBAC and least-privilege identity management. While RBAC addresses what amount of privilege is needed to accomplish a task, PIM addresses the idea of how long this level of privilege is required.
Sometimes called Just-in-Time (JIT) access, PIM is a feature that allows users to request elevation to Azure AD roles or resources for limited periods of time to perform administrative tasks. At the end of the period, the roles and privileges are revoked, returning the user account to their pre-elevation access rights.
Note
PIM is an Azure AD Premium P2 or Enterprise Mobility + Security E5 feature.
PIM has a few key terms that you’ll need to understand:
- Assignment: This describes how the user is granted the role. In the case of Eligible, it means a user has to perform an action to use the role, such as requesting elevation or asking for approval...
