What is Azure AD Privileged Identity Management (PIM)
Azure Active Directory Overview
In this section, the speaker introduces the topic of Azure Active Directory and discusses Security Defaults and Azure AD Multi-Factor Authentication.
Privileged Identity Management (PIM)
- PIM in Azure AD allows managing, controlling, and monitoring access to critical resources within an organization.
- Definition and purpose of PIM.
- Role assignment example: Assigning roles to users for resource management necessitates dedicated roles like User Administrator or InTune Administrator.
- Explanation of role assignments in organizations.
Features of Privileged Identity Management
- Time-based role activation: Permissions can be assigned for a specific duration, automatically revoked after the set time.
- Importance of time-based role activation.
- Approval-based role activation: Delegated approver approves or rejects requests for role assignments.
- Significance of approval-based role activation.
- Just-in-time access: Users receive temporary permissions for privileged tasks that are revoked once completed.
- Description and benefits of just-in-time access.
License Requirements and Access Reviews
- License needed: Azure AD Premium P2 license is required for using PIM; Enterprise Mobility & Security E5 or Microsoft 365 E5 also include this license.
- Licensing requirements for utilizing PIM.
- Access reviews feature: Enables reviewing access to Azure resources and roles with notifications on role assignments.
- Utilizing access reviews for monitoring permissions.
Management Roles and Privileged Identity Management
In this section, the discussion revolves around management roles within privileged identity management. The focus is on the roles of administrator and Security administrator in managing the privileged identity management console.
Management Roles in Privileged Identity Management
- Management roles include privileged role administrator and Security administrator.
- Only members of the privileged role administrator can manage the privileged identity management console.
- Privileged Identity Management allows for managing Azure Active Directory roles, Azure roles, and Microsoft 365.
Role Assignment and Configuration
This part delves into the specifics of role assignment and configuration within privileged identity management, highlighting which roles can be managed using this system.
Role Assignment with Privileged Identity Management
- Roles such as Exchange administrator, SharePoint administrator, or InTune administrator can be managed using privileged identity management.
- However, certain roles like account administrator, service administrator, or co-administrator cannot be managed through this system.
Configuration Settings and Role Assignments
The final segment discusses configuring settings for Azure AD roles, assigning roles to end users, approval processes for role assignments, renewal of role assignments by end users, and encourages engagement from viewers.
Configuring Settings and Role Assignments
- Configure settings for Azure AD roles within privileged identity management.
- Assign various roles to end users effectively.
- Understand how end users activate assigned roles.
- Learn about the approval process for role assignment requests by an approver.