Use JiT role activation with PIM

March 29, 2024 ยท View on GitHub

SYNOPSIS

Use just-in-time (JiT) activation of roles instead of persistent role assignment.

DESCRIPTION

PIM helps manage the impact of identity compromise or misuse of permissions by reducing persistent access. With PIM, eligible identities can activate time-bound role assignments on an as needed basis (just-in-time). Activation typically occurs before a schedule change or management operation.

PIM is an Azure Active Directory (AD) feature included in Azure AD Premium P2.

RECOMMENDATION

Consider using Privileged Identity Management (PIM) to activate privileged roles on an as needed basis.