Enable PIM and Manage Subscriptions
Start course
1h 41m

This Designing for Azure Identity Management course will guide you through the theory and practice of recognizing, implementing, and deploying the services on offer within your enterprise. Learn how to better the protection of your organization by designing advanced identity management solutions. Recommended for those who already have some experience with the subject, this course is comprised of 24 lectures, including demos, and expertly instructed by one of our MS Azure subject matter experts.

Learning Objectives

  • Study and understand what Azure AD Domain Services do and what they can offer
  • Learn to create and manage hybrid identities via Azure AD Connect 
  • Understand the principles of Azure MFA and SSO, and how to enable them
  • Recognize and deploy the key principles of Azure AD B2B and B2C 
  • Learn and utilize Privileged Identity Management

Intended Audience

This course is intended for:

  • IT professionals who are interested in getting certified with MS Azure
  • Those looking to become Azure architects and/or tasked with designing identity management solutions


  • A mid-range knowledge of MS Azure is recommended before starting this course
  • An understanding of identity management concepts

Related Training Content

For more courses related to MS Azure, visit our dedicated Content Training Library.





In this demonstration, we're going to enable Privileged Identity Management, and we're going to set up a subscription to be managed by Privileged Identity Management. To enable Privileged Identity Management or PIM for short, Login to the Azure portal, and then click on All services and search for privileged identity management. Click on the Azure AD privileged identity management in the search results. Next, click on "consent to PIM" and then verify your identity when prompted to do so. Provide the additional security verification info that is requested and then click Next. Click Verify to verify your information. At this point you're taken back to the PIM consent screen. To complete the consent process, click the "consent" link and then click Yes to confirm. With PIM enabled, you can now sign up for PIM for Azure AD role management. To do so, click on Azure AD roles, under Manage. Click sign up for PIM in the left pane and then click the sign-up link at the top. When prompted to confirm, click Yes. After setting up PIM to manage AD roles, you need to discover resources in the subscription, so they, too, can be managed with PIM as well. To do this, go back to the quick start page and click Azure Resources. In this demo, here, we're going to manage all resources in the subscription. Click Discover Resources and then select the subscription. Click Manage Resource to onboard the resource for management, and then click Yes to confirm. At this point, you've deployed PIM and configured Azure AD roles and Azure resources to be managed by it.

About the Author
Learning Paths

Tom is a 25+ year veteran of the IT industry, having worked in environments as large as 40k seats and as small as 50 seats. Throughout the course of a long an interesting career, he has built an in-depth skillset that spans numerous IT disciplines. Tom has designed and architected small, large, and global IT solutions.

In addition to the Cloud Platform and Infrastructure MCSE certification, Tom also carries several other Microsoft certifications. His ability to see things from a strategic perspective allows Tom to architect solutions that closely align with business needs.

In his spare time, Tom enjoys camping, fishing, and playing poker.