Start course

At a time when security breaches seem to be an everyday occurrence, it’s become more and more important to protect resources with more than just a username and password. It’s even more important to protect resources from INTERNAL threats. By implementing Azure AD Privileged Identity Management, organizations can protect their resources with improved security features, and even keep an eye on what legitimate administrators are doing.

In this course, you’ll learn how to implement Azure AD Privileged Identity Management. We’ll start the course by touching on an overview of what Azure AD Privileged Identity Management is and what it offers. We will then work through the deployment of PIM and how it works with multi-factor authentication. As we work through some demos, you will learn how to enable PIM and how to navigate tasks in PIM.

We’ll then cover the activation of roles and the assignment of those roles, including permanent roles and just-in-time roles. We’ll also cover the concepts of updating and removing role assignments, reinforcing these concepts through demonstrations.

We’ll round out the course with supported management scenarios, configuring PIM management access, and how to process requests. 

Learning Objectives

  • Enable PIM
  • Activate a PIM role
  • Configure just-in-time resource access
  • Configure permanent access to resources
  • Configure PIM management access
  • Configure time-bound resource access
  • Create a Delegated Approver account
  • Process pending approval requests

Intended Audience

  • People who want to become Azure cloud architects
  • People who are preparing to take Microsoft’s AZ-101 exam


  • Moderate knowledge of Azure Active Directory

 To see the full range of Microsoft Azure Content, visit the Azure Training Library.


I hope you've enjoyed learning about Azure AD Privileged Identity Management. Let's review what you've learned. Azure AD Privileged Identity Management or PIM for short is an Azure offering that allows you to manage and control access to resources within Azure and within Azure AD as well as within other services such as Intune and Office 365. To leverage PIM, a valid Azure AD Premium P2 license is required for all users that will interact with the service or benefit from it. However, you can instead assign an Enterprise Mobility + Security E5 license for each user that interacts with Privileged Identity Management. In this course, you learned how to enable PIM for an Azure subscription and how to configure it to use multi-factor authentication. You learned how to view and manage assignments using PIM and how to navigate the PIM console to manage tasks. During the course, you also saw how to leverage PIM to activate roles that provide administrative access to certain resources for only a predetermined amount of time. 

You also learned during this course about the differences between the eligible assignment type and the active assignment type. After covering assignment types, we looked at what assignment duration is used for and how they are used to provide limited admin access. We also touched on the two different assignment states that are available. Later in the course, we covered approval workflow in PIM as well as the role assignment process. You learned how Azure AD Privileged Identity Management can manage built-in Azure resource roles along with custom roles such as owner, user access administrator, contributor, security admin and security manager. You also learned how to make a user eligible for an Azure resource role and how to remove access. Closing out the course, you learned about supported management scenarios through various examples and how to configure management access in PIM. To learn more about Azure AD Privileged Identity Management you can and should review Microsoft's published documentation on the topic. Be sure to also watch for new Microsoft Azure courses on Cloud Academy because we're always publishing new courses. Please give this course a rating and if you have any questions or comments, please let us know. Thanks for watching and happy learning.

About the Author
Learning Paths

Tom is a 25+ year veteran of the IT industry, having worked in environments as large as 40k seats and as small as 50 seats. Throughout the course of a long an interesting career, he has built an in-depth skillset that spans numerous IT disciplines. Tom has designed and architected small, large, and global IT solutions.

In addition to the Cloud Platform and Infrastructure MCSE certification, Tom also carries several other Microsoft certifications. His ability to see things from a strategic perspective allows Tom to architect solutions that closely align with business needs.

In his spare time, Tom enjoys camping, fishing, and playing poker.