image
Assign a Role in PIM

Contents

Introduction
1
Introduction
PREVIEW2m 9s
2
PIM Overview
PREVIEW2m 38s
Getting Started
3
Getting Started
51s
4
MFA
1m 52s
5
Enable PIM
3m 31s
Summary
23
Conclusion
2m 34s

The course is part of these learning paths

MS-102 Exam Prep: Microsoft 365 Administrator
17
3
1
Operations with Azure - Level 2
9
Implementing and Managing Identity and Access in Microsoft 365 - Level 2
9
SC-900 Exam Prep: Microsoft Security, Compliance, and Identity Fundamentals
32
1
2
1
SC-300 Exam Prep: Microsoft Identity and Access Administrator
16
1
3
1
MS-500 Exam Preparation: Microsoft 365 Security Administration
38
17
3
1
AZ-400 Exam Prep: Microsoft Azure DevOps Solutions
17
1
7
1
MS-100 Exam Preparation: Microsoft 365 Identity and Services
29
1
4
AZ-500 Exam Preparation: Microsoft Azure Security Technologies
31
1
12
1
Azure Services for Security Engineers
29
1
12
more_horizSee 7 more
Start course
Overview
Difficulty
Intermediate
Duration
41m
Students
4278
Ratings
4.7/5
starstarstarstarstar-half
Description

At a time when security breaches seem to be an everyday occurrence, it’s become more and more important to protect resources with more than just a username and password. It’s even more important to protect resources from INTERNAL threats. By implementing Azure AD Privileged Identity Management, organizations can protect their resources with improved security features, and even keep an eye on what legitimate administrators are doing.

In this course, you’ll learn how to implement Azure AD Privileged Identity Management. We’ll start the course by touching on an overview of what Azure AD Privileged Identity Management is and what it offers. We will then work through the deployment of PIM and how it works with multi-factor authentication. As we work through some demos, you will learn how to enable PIM and how to navigate tasks in PIM.

We’ll then cover the activation of roles and the assignment of those roles, including permanent roles and just-in-time roles. We’ll also cover the concepts of updating and removing role assignments, reinforcing these concepts through demonstrations.

We’ll round out the course with supported management scenarios, configuring PIM management access, and how to process requests. 

Learning Objectives

  • Enable PIM
  • Activate a PIM role
  • Configure just-in-time resource access
  • Configure permanent access to resources
  • Configure PIM management access
  • Configure time-bound resource access
  • Create a Delegated Approver account
  • Process pending approval requests

Intended Audience

  • People who want to become Azure cloud architects
  • People who are preparing to take Microsoft’s AZ-101 exam

Prerequisites

  • Moderate knowledge of Azure Active Directory

 To see the full range of Microsoft Azure Content, visit the Azure Training Library.

Transcript

Making a user eligible for an Azure resource role requires just a few steps. To make a user eligible for an Azure resource role, make sure that you are logged in to the Azure portal with an account that is already a member of the Privileged Role Administrator role. Open the Azure AD Privileged Identity Management Console. Click on Azure Resources and use the Resource Filter to filter the list of managed resources. From here, click on the resource that you want to manage. In this demonstration, we'll select the entire subscription. Click Roles which can be found under Manage to view the list of roles for Azure Resources. Next, open the New Assignment pane by clicking Add member and then click Select a Role to open the Select a Role pane. Click on the role that you want to assign and then click Select. At this point, the Select a Member or Group pane will open.

 Click on the user or group that you want to assign to the role and then click Select. When the Membership Settings pane opens, go to the Assignment Type list and then click either Eligible or Active. An Eligible assignment will require the user who has been assigned the role to perform an action to actually use the role. Such actions might typically include successfully performing an MFA check or simply providing a business justification. The user might also need to request approval from a designated approver before using the role. That said, an active assignment won't require the user to perform any action to use the role. In our demo here, we're going to make the user eligible and we are going to accept the default timeframe. Click Done. And to complete creation of the new role assignment, click Add.

About the Author
Avatar
Thomas Mitchell
Instructor
Students
82408
Courses
86
Learning Paths
63

Tom is a 25+ year veteran of the IT industry, having worked in environments as large as 40k seats and as small as 50 seats. Throughout the course of a long an interesting career, he has built an in-depth skillset that spans numerous IT disciplines. Tom has designed and architected small, large, and global IT solutions.

In addition to the Cloud Platform and Infrastructure MCSE certification, Tom also carries several other Microsoft certifications. His ability to see things from a strategic perspective allows Tom to architect solutions that closely align with business needs.

In his spare time, Tom enjoys camping, fishing, and playing poker.

Covered Topics

Identity and Access ManagementSecurityMicrosoft AzureSecurity for AzureAzure Active Directory