1. Home
  2. Training Library
  3. Microsoft Azure
  4. Courses
  5. Implementing Azure Active Directory Privileged Identity Management

Viewing and Managing Assignments

The course is part of these learning paths

AZ-500 Exam Preparation: Microsoft Azure Security Technologies
course-steps 11 certification 1 lab-steps 3
Azure Services for Security Engineers
course-steps 8 certification 4 lab-steps 3
play-arrow
Start course
Overview
DifficultyIntermediate
Duration41m
Students266
Ratings
4.7/5
star star star star star-half

Description

At a time when security breaches seem to be an everyday occurrence, it’s become more and more important to protect resources with more than just a username and password.  It’s even more important to protect resources from INTERNAL threats.  By implementing Azure AD Privileged Identity Management, organizations can protect their resources with improved security features, and even keep an eye on what legitimate administrators are doing.

In this course, you’ll learn how to implement Azure AD Privileged Identity Management.  We’ll start the course by touching on an overview of what Azure AD Privileged Identity Management is and what it offers. We will then work through the deployment of PIM and how it works with multi-factor authentication.  As we work through some demos, you will learn how to enable PIM and how to navigate tasks in PIM.

We’ll then cover the activation of roles and the assignment of those roles, including permanent roles and just-in-time roles.  We’ll also cover the concepts of updating and removing role assignments, reinforcing these concepts through demonstrations.

We’ll round out the course with supported management scenarios, configuring PIM management access, and how to process requests. 

Learning Objectives

  • Enable PIM
  • Activate a PIM role
  • Configure just-in-time resource access
  • Configure permanent access to resources
  • Configure PIM management access
  • Configure time-bound resource access
  • Create a Delegated Approver account
  • Process pending approval requests

Intended Audience

  • People who want to become Azure cloud architects
  • People who are preparing to take Microsoft’s AZ-101 exam

Prerequisites

  • Moderate knowledge of Azure Active Directory

 To see the full range of Microsoft Azure Content, visit the Azure Training Library.

Transcript

When it comes to Azure AD roles, the only user that can manage assignments for other administrators in Azure AD PIM, is a user who is in the Privileged Role Administrator role. I know that sounds redundant but the role is actually called Privileged Role Administrator. That said, it's possible to provide other users in the directory the ability to manage directory roles in PIM. There are three groups that can view assignments to Azure AD roles in Azure AD PIM. These groups include Global Administrators, Security Administrators and Security Readers. 

As far as RBAC roles go, only certain users can manage assignments for other administrators in Azure AD PIM. They include any user that is a subscription administrator, any user that is a resource owner or any user who is a resource user access administrator. Privileged Role Administrators, Security Administrators and Security Readers do not have the necessary access, by default, to view assignments to Azure RBAC roles in Azure AD Privileged Identity Management.

About the Author

Students3893
Courses15
Learning paths1

Tom is a 25+ year veteran of the IT industry, having worked in environments as large as 40k seats and as small as 50 seats. Throughout the course of a long an interesting career, he has built an in-depth skillset that spans numerous IT disciplines. Tom has designed and architected small, large, and global IT solutions.

In addition to the Cloud Platform and Infrastructure MCSE certification, Tom also carries several other Microsoft certifications. His ability to see things from a strategic perspective allows Tom to architect solutions that closely align with business needs.

In his spare time, Tom enjoys camping, fishing, and playing poker.