Azure AD Privileged Identity Management (PIM) lets admins manage and monitor the access in Azure, either to Azure AD roles or Azure resources. PIM gives just-in-time access to Azure AD roles and Azure resources that is also time-bound and approval based, which helps to mitigate risks of malicious actors gaining privileged access to Azure items and potentially causing harm to the organization. This also helps to mitigate the risk of excessive and unnecessary access permissions to resources. 

In this lab, you will assign a privileged role to a user and activate that role using PIM.

Note:

• Due to this lab requiring the creation of a Microsoft 365 organization with an Admin Center, if you don't already have one you will need to provide a mobile phone number to pass the account creation process.
• This lab requires signing in with a test user account. You may have to deal with additional security prompts by Azure AD. In which case, you may wish to skip these requests or disable the underlying feature for learning purposes. Cloud Academy does not endorse or recommend disabling any security measure in a production environment.

Learning Objectives

Upon completion of this lab, you will be able to:

• Assign an eligible Azure AD role to a user
• Activate the user's eligible role

Intended Audience

• Candidates who are studying for the SC-900 (Security, Compliance, and Identity Fundamentals) Certification Exam

Prerequisites

• Familiarity with Azure AD
• An understanding of identity management concepts

 

Updates

April 5th, 2023 - Updated instructions to clarify developer account sign up