Azure Privileged Identity Management provides you the service of controlling, checking and watching the access to the important sources at your institution. It would be helpful to talk about license requirement before what can PIM do. To use the Azure Privileged Identity Management (PIM), you need to have the Azure AD Premium P2 license.
With this service, we are able to give temporary authority instead of permanent authority. We can arrange if the user needs to get approved by the approval system or not. Also, we can change and set expire dates whenever we want. For example; we need to give Security Administrator authority for a day. In case of giving this authority by Office 365 Admin Portal or Azure IAM, we need to cancel the authority after one day, manually What if we forget to cancel the authority? User will still have the authority and It causes phishing attacks to be more dangerous. The authority that is given by PIM will be expired on chosen date and we won’t need to cancel it manually.
Let’s quickly look at how we can activate PIM. Type “portal.azure.com” in your browser.
After reaching the PIM services, you can see your roles, requests and requests waiting for an approval. For example, we want to give Security Administrator authority for a user. For this, clicking “Manage” button on the Manage Access part will send us to the “Assignment” page. On this page, choose the person and authority to assign.
After arranging the selections, continue with next. On this page, choose if the authority permanent or temporary. By choosing “Eligible”, you can allow the user to activate the Security Administrator authority on himself without the permission of approval system according to the type of your institution. Of course, this authority will be valid in the time you have chosen.
I have chosen”Eligible” as you can see on top. Also, you can see the authorities and remove them before the expire date you have chosen or change the expire date
We have completed the authority services through PIM. Well, what should the person we gave the authority do? As you can see at the top, we have chosen “Eligible”, so the person has to activate this authority for himself. In case of completing the authority service as “Active”, the person wouldn’t have to activate the authority for himself.Because we completed the service as “Eligible”, the person has to reach the PIM service through the browser(portal.azure.com)
We can see “Eligible” , “Active” and “Expired” assigments on My Roles by PIM.It looks like at the top because we gave the authority as Eligible. The only thing to do is activating the Eligible authority and entering an explanation.
Authority will be activated after performing the steps at the top) (Now, Adele will have the Security Administrator authority for a time we have chosen for him.
Azure PIM servise is one of the must-have services to secure your institution. It prevents the unnecesarry and remove all of the forgotten services for your institutions security.
I hope it will be helpful…