Navigating Tasks in PIM
Start course

At a time when security breaches seem to be an everyday occurrence, it’s become more and more important to protect resources with more than just a username and password. It’s even more important to protect resources from INTERNAL threats. By implementing Azure AD Privileged Identity Management, organizations can protect their resources with improved security features, and even keep an eye on what legitimate administrators are doing.

In this course, you’ll learn how to implement Azure AD Privileged Identity Management. We’ll start the course by touching on an overview of what Azure AD Privileged Identity Management is and what it offers. We will then work through the deployment of PIM and how it works with multi-factor authentication. As we work through some demos, you will learn how to enable PIM and how to navigate tasks in PIM.

We’ll then cover the activation of roles and the assignment of those roles, including permanent roles and just-in-time roles. We’ll also cover the concepts of updating and removing role assignments, reinforcing these concepts through demonstrations.

We’ll round out the course with supported management scenarios, configuring PIM management access, and how to process requests. 

Learning Objectives

  • Enable PIM
  • Activate a PIM role
  • Configure just-in-time resource access
  • Configure permanent access to resources
  • Configure PIM management access
  • Configure time-bound resource access
  • Create a Delegated Approver account
  • Process pending approval requests

Intended Audience

  • People who want to become Azure cloud architects
  • People who are preparing to take Microsoft’s AZ-101 exam


  • Moderate knowledge of Azure Active Directory

 To see the full range of Microsoft Azure Content, visit the Azure Training Library.


After setting up Privileged Identity Management, use the PIM Quick start blade to perform identity management tasks. For example, the My roles pane provides a list of all eligible and active roles that are assigned to you. Use this pane to activate any assigned eligible roles. The My requests pane is used to display any of your pending requests and is also used to activate eligible role assignments. The Application access pane allows you to limit possible delays and use a role immediately after activation. Approve requests provides a list of requests that have been made to activate eligible roles by users in the directory. In the Review access pane, you are provided with a list of active access reviews that you are assigned to complete. Azure AD directory roles presents a dashboard and settings that are used by privileged role administrators for managing Azure AD directory role assignments. The Azure AD directory roles dashboard is disabled for users who are not a privileged role administrator.

However, these users do have access instead to another dashboard called My view which only displays information about the user who is accessing the dashboard. It does not provide info for the entire tenant. The Azure resources dashboard displays settings for privileged role administrators so that they can manage Azure resource role assignments. In this case, as is the case with the Azure AD directory roles pane, this dashboard is also disabled for anyone who isn't a privileged role administrator. However, as was the case with the Azure AD directory roles dashboard, users are offered a different dashboard again called My view. The My view dashboard only displays information about the user accessing the dashboard, not the entire tenant.

About the Author
Learning Paths

Tom is a 25+ year veteran of the IT industry, having worked in environments as large as 40k seats and as small as 50 seats. Throughout the course of a long an interesting career, he has built an in-depth skillset that spans numerous IT disciplines. Tom has designed and architected small, large, and global IT solutions.

In addition to the Cloud Platform and Infrastructure MCSE certification, Tom also carries several other Microsoft certifications. His ability to see things from a strategic perspective allows Tom to architect solutions that closely align with business needs.

In his spare time, Tom enjoys camping, fishing, and playing poker.