Azure Privileged Identity Management

To use PIM, you need one of the following paid or trial licenses: Azure AD Premium P2, Enterprise Mobility + Security (EMS) E5, or Microsoft 365 M5

• PIM is about providing just-in-time (JIT) privileged access to resources.
• The activation period can be between 0.5 and 24 hours. Specifies the duration the role can active.
• Access is time-bounded. Specified a start and end date for when the role can be used.
• One or more approvers can be designated to activate privileges.
• Require MFA to activate role.
• See justification for why a privilege role was used