Differences

This shows you the differences between two versions of the page.

--- azure:az-500:azure_privileged_identity_management [2022/05/27 18:56] – created mmuze
+++ azure:az-500:azure_privileged_identity_management [2022/06/28 03:10] (current) – mmuze
@@ Line 1: / Line 1: @@
 ====== Azure Privileged Identity Management ======
-PIM is about providing just-in-time (JIT) privileged access to resources.
+  * **PIM** (Privilege Identity Management) allows access to be granted in a just-in-time manner. It can apply to AAD roles and general ARM roles.
+  * [[https://docs.microsoft.com/en-us/learn/modules/azure-ad-privileged-identity-management/4-privileged-identity-management]]
+  * [[https://docs.microsoft.com/en-us/azure/active-directory/privileged-identity-management/pim-configure#what-does-it-do]]
+  * [[https://docs.microsoft.com/en-us/azure/active-directory/privileged-identity-management/subscription-requirements]]
+  * PIM is part of zero-trust solution
+> To use PIM, you need one of the following paid or trial licenses: Azure AD Premium P2, Enterprise Mobility + Security (EMS) E5, or Microsoft 365 M5
+  * PIM is about providing just-in-time (JIT) privileged access to resources.
+  * PIM requires a P2 license for Azure AD tenant for all users that use PIM features, except for Global Administrator users (they are exempt from licensing requirement).
+  * The activation period can be between 0.5 and 24 hours. Specifies the duration the role can active.
+  * Access is time-bounded. Specify a start and end date for when the role can be used. The maximum duration is 1 year.
+  * One or more approvers can be designated to activate privileges.
+  * Require MFA to activate role.
+  * See justification for why a privilege role was used