Connect with experts and redefine what’s possible at work – join us at the Microsoft 365 Community Conference May 6-8. Learn more >

Azure AD Roles PIM

2 Topics

Right role to reading groups members on Azure AD
Hi Azure community, I have a user who needs to access to the Azure Portal so he can look up only for Azure AD Groups/Members and Ownership. I just want to give right and enough privilege to does his job. Which role is the best to assign to him via PIM? Thanks
Ali Fadavinia
Sep 10, 2022 Place Azure
10KViews
0likes
3Comments
Can we Configure AAD Roles assignment Automatically for few hours and expire?
Hi All, I would really appreciate your input into the following: Can we Configure AAD Roles assignment Automatically for few hours and expire? We have E5 licenses assigned to all users and upgraded AAD to P2. The Management is asking if it is possible with Azure AD Governance PIM feature that: We should have only two users as global Admins. All other Users who need Admin privilege from time to time may "request" AAD Role Assignment i.e. Sharepoint Administrator or Teams Administrator etc gets assigned automatically the role for a limited time like few hours and then this role expires(UnAssigned) automatically as well. When the Tech support L1 or L2 needs it again then request and get assigned for few hours again. Also For more critical roles like Application Administrator or Global Administrator the L1 / L2 support admins need to request the role and the role be manually assigned, for few hours, not months / year. Does AAD PIM offer few hour activation as well? Any help would be greatly appreciated. Regards, Amir.
Solved
AmirShahzad
Aug 02, 2022 Place Azure Governance and Management
2KViews
0likes
3Comments