Azure Privileged Identity Management (PIM)

Question 1

Azure Privilege Identity Management (PIM)

Answer 1

Key features:
-Provides just-in-time privileged access to Azure AD and Azure resources
-Assigning time-bound access to resources using start and end dates.
-Requiring approval to activate privileged roles
-Enforcing MFA for role activation
-Conducting access reviews to ensure users still need roles
-Allows you to download audit history for internal and external users
-Able to send notifications
-Requires Azure AD Premium P2 license!

Question 2

Implement Privileged Identity Management

Answer 2

1. Verify your identity by using MFA
2. Consent to PIM
3. Sign up PIM for Azure AD roles

Question 3

Which two of the following are objects you can configure to apply Azure AD PIM to?

Answer 3

Azure AD roles, Azure roles (for resources), or Cloud groups with the setting configured

Question 4

Which roles can enable PIM and manage assignments for other admins?

Answer 4

Only a user who is Privileged Role Administrator or Global Administrator can manage assignments for other admins, and can ENABLE PIM

Question 5

PIM assignments

Answer 5

Eligible: require the member to perform an action to use the role. Actions might include activation, or requesting approval.

Active: does not require the member to perform any action to use the role. Members assigned as active have the privileges assigned automatically.

Question 6

PIM assignment states

Answer 6

Assigned: users that are assigned as active

Activated: users that activated an eligible assignment

Question 7

Can users approve their own PIM request?

Answer 7

No, users cannot approve their own requests