Privileged Identity Management
Start course
1h 41m

This Designing for Azure Identity Management course will guide you through the theory and practice of recognizing, implementing, and deploying the services on offer within your enterprise. Learn how to better the protection of your organization by designing advanced identity management solutions. Recommended for those who already have some experience with the subject, this course is comprised of 24 lectures, including demos, and expertly instructed by one of our MS Azure subject matter experts.

Learning Objectives

  • Study and understand what Azure AD Domain Services do and what they can offer
  • Learn to create and manage hybrid identities via Azure AD Connect 
  • Understand the principles of Azure MFA and SSO, and how to enable them
  • Recognize and deploy the key principles of Azure AD B2B and B2C 
  • Learn and utilize Privileged Identity Management

Intended Audience

This course is intended for:

  • IT professionals who are interested in getting certified with MS Azure
  • Those looking to become Azure architects and/or tasked with designing identity management solutions


  • A mid-range knowledge of MS Azure is recommended before starting this course
  • An understanding of identity management concepts

Related Training Content

For more courses related to MS Azure, visit our dedicated Content Training Library.





Azure Active Directory Privileged Identity Management, otherwise known as PIM, is an Azure offering that allows you to manage and control access to resources within Azure and Azure AD, as well as within other services, such as Intune and Office 365. A valid Azure AD Premium P2 license is required for all users that will interact with or benefit from Privileged Identity Management before enabling the service on a tenant. Alternatively, you can assign an Enterprise Mobility + Security E5 license for each user that interacts with Privileged Identity Management. Generally speaking, licensing is required for users that are assigned to the Privileged Identity Role Administrator role or who are assigned as eligible to other directory roles that are manageable through Privileged Identity Management. If a user can approve or reject requests in Privileged Identity Management, that user also requires a license. Users assigned to a role with time-based assignments, such as Just in time or Direct, or those assigned to an access review role, also require licensing. With Azure AD Privileged Identity Management, an organization can see which users are assigned privileged roles that are used to manage Azure resources. Organizations can also see which users are assigned administrative roles within Azure Active Directory. 

Privileged Identity Management also offers the ability to enable on-demand, or just in time, administrative access to services such as Office 365 and Intune, as well as to Azure subscriptions, resource groups, and even individual Azure resources, like virtual machines and such. Azure AD Privileged Identity Management offers the ability to view a history of administrator activation, along with a history of changes that administrators have made to Azure resources. Alerts can also be configured to notify you about changes in administrator assignments. Privileged Identity Management also allows you to require approval for activation of Azure AD privileged admin roles, to review membership of such administrative roles, and to force users to provide justification for ongoing membership in these roles. In Azure Active Directory, Privileged Identity Management can be used to manage users that are assigned to built-in Azure AD roles, such as Global Admin. In Azure itself, Privileged Identity Management can manage users and groups assigned via Azure RBAC roles, such as the Owner and Contributor roles.

About the Author
Learning Paths

Tom is a 25+ year veteran of the IT industry, having worked in environments as large as 40k seats and as small as 50 seats. Throughout the course of a long an interesting career, he has built an in-depth skillset that spans numerous IT disciplines. Tom has designed and architected small, large, and global IT solutions.

In addition to the Cloud Platform and Infrastructure MCSE certification, Tom also carries several other Microsoft certifications. His ability to see things from a strategic perspective allows Tom to architect solutions that closely align with business needs.

In his spare time, Tom enjoys camping, fishing, and playing poker.