Please enable JavaScript.
Coggle requires JavaScript to display documents.
PIM - Coggle Diagram
PIM
-
-
P2 license required
-
-
-
-
-
No licenses are required for users who set up PIM, configure policies, receive alerts, and set up access reviews
Azure Roles
-
PIM for Azure resources supports time-bound service accounts. You should treat service accounts exactly the same as you would treat a regular user account.
For subscriptions/resources that aren't as critical, you won’t need to set up PIM for all roles. However, you should still protect the Owner and User Access Administrator roles with PIM.
-
-
-
If a role is protected by PIM, eligible users assigned to it must elevate to use the privileges granted by the role. The elevation process might also include obtaining approval, using Azure AD Multi-Factor Authentication, and providing the reason they're activating. PIM can also track elevations through notifications and the PIM and Azure AD audit event logs.
Choosing which roles to protect with PIM can be difficult and will be different for each organization. This section provides our best practices for Azure AD and Azure roles.
-
PIM provides time-based and approval-based role activation to access resources.
Protection of your Azure resources
-