Enable PIM
Start course

At a time when security breaches seem to be an everyday occurrence, it’s become more and more important to protect resources with more than just a username and password. It’s even more important to protect resources from INTERNAL threats. By implementing Azure AD Privileged Identity Management, organizations can protect their resources with improved security features, and even keep an eye on what legitimate administrators are doing.

In this course, you’ll learn how to implement Azure AD Privileged Identity Management. We’ll start the course by touching on an overview of what Azure AD Privileged Identity Management is and what it offers. We will then work through the deployment of PIM and how it works with multi-factor authentication. As we work through some demos, you will learn how to enable PIM and how to navigate tasks in PIM.

We’ll then cover the activation of roles and the assignment of those roles, including permanent roles and just-in-time roles. We’ll also cover the concepts of updating and removing role assignments, reinforcing these concepts through demonstrations.

We’ll round out the course with supported management scenarios, configuring PIM management access, and how to process requests. 

Learning Objectives

  • Enable PIM
  • Activate a PIM role
  • Configure just-in-time resource access
  • Configure permanent access to resources
  • Configure PIM management access
  • Configure time-bound resource access
  • Create a Delegated Approver account
  • Process pending approval requests

Intended Audience

  • People who want to become Azure cloud architects
  • People who are preparing to take Microsoft’s AZ-101 exam


  • Moderate knowledge of Azure Active Directory

 To see the full range of Microsoft Azure Content, visit the Azure Training Library.


To start using Azure AD Privileged Identity Management, login to the Azure portal as a global admin with an organizational account. An example of an organizational account would be something like An organizational account is necessary to enable PIM for directory. As such, a Microsoft account, such as an account will not work, you must be a global administrator with an organizational account to enable PIM for directory. Once you're signed into the portal as a global administrator for your directory, click all services and then find the Azure AD Privileged Identity Management Service. Click to open the PIM quick start and then in the list click consent to PIM. Go ahead and click verify my identity so that you can verify your identity with Azure MFA. You'll be asked to pick an account. If more information is requested for verification, you'll be guided through the process of supplying such info. In our case here, we were asked to provide phone verification. Follow the wizard to provide the information that is requested. 

Once you've completed the verification process, click the consent button. In the message that appears, click yes to complete the consent process. Once you've enabled PIM for your directory, you'll need to sign up for PIM to manage Azure AD roles. To do so, switch back over to the Azure AD Privileged Identity Management quick start dashboard and then click Azure AD roles. Click sign up PIM for Azure AD roles in the left pane and then click sign up in the top menu. In the message that appears, click yes to sign up for PIM to manage Azure AD roles. When the process completes, the Azure AD options will be enabled. However, you may need to refresh the portal to see these changes.

About the Author
Learning Paths

Tom is a 25+ year veteran of the IT industry, having worked in environments as large as 40k seats and as small as 50 seats. Throughout the course of a long an interesting career, he has built an in-depth skillset that spans numerous IT disciplines. Tom has designed and architected small, large, and global IT solutions.

In addition to the Cloud Platform and Infrastructure MCSE certification, Tom also carries several other Microsoft certifications. His ability to see things from a strategic perspective allows Tom to architect solutions that closely align with business needs.

In his spare time, Tom enjoys camping, fishing, and playing poker.