Differences

This shows you the differences between two versions of the page.

--- azure:az-500:azure_privileged_identity_management [2022/06/02 18:37] – mmuze
+++ azure:az-500:azure_privileged_identity_management [2022/06/28 03:10] (current) – mmuze
@@ Line 1: / Line 1: @@
 ====== Azure Privileged Identity Management ======
+  * **PIM** (Privilege Identity Management) allows access to be granted in a just-in-time manner. It can apply to AAD roles and general ARM roles.
+  * [[https://docs.microsoft.com/en-us/learn/modules/azure-ad-privileged-identity-management/4-privileged-identity-management]]
+  * [[https://docs.microsoft.com/en-us/azure/active-directory/privileged-identity-management/pim-configure#what-does-it-do]]
+  * [[https://docs.microsoft.com/en-us/azure/active-directory/privileged-identity-management/subscription-requirements]]
+  * PIM is part of zero-trust solution
 > To use PIM, you need one of the following paid or trial licenses: Azure AD Premium P2, Enterprise Mobility + Security (EMS) E5, or Microsoft 365 M5
   * PIM is about providing just-in-time (JIT) privileged access to resources.
-  * PIM requires a P2 license for Azure AD tenant.
+  * PIM requires a P2 license for Azure AD tenant for all users that use PIM features, except for Global Administrator users (they are exempt from licensing requirement).
-  * It requires Microsoft E5 licenses for all users that use PIM features, except for Global Administrator users (they are exempt from licensing requirement).
   * The activation period can be between 0.5 and 24 hours. Specifies the duration the role can active.
-  * Access is time-bounded. Specify a start and end date for when the role can be used.
+  * Access is time-bounded. Specify a start and end date for when the role can be used. The maximum duration is 1 year.
   * One or more approvers can be designated to activate privileges.
   * Require MFA to activate role.