What is PIM and how to activate Roles?
Azure Active Directory (Azure AD) Privileged Identity Management (PIM) simplifies how enterprises manage privileged access to resources in Azure AD and other Microsoft online services like Office 365 or Microsoft Intune.
If you have been made eligible for an administrative role, that means you can activate that role when you need to perform privileged actions. For example, if you occasionally manage Office 365 features, your organization’s privileged role administrators may not make you a permanent Global Administrator, since that role impacts other services, too. Instead, they make you eligible for Azure AD roles such as Exchange Online Administrator. You can request to activate that role when you need its privileges, and then you’ll have administrator control for a predetermined time period.
How to activate my role
When you need to take on an Azure AD role, you can request activation by using the My roles navigation option in PIM.
- Sign in to the portal.azure.com using your Admin Account. You should use ‘Private browsing mode’ so that there is no confusion with your standard O365 account
- Click on All services in the left column
- Search for Azure AD Privileged Identity Management.
- Open Azure AD Privileged Identity Management. For information about how to add the PIM tile to your dashboard. Search it
- Click My roles to see a list of your eligible Azure AD roles.
- Find a role that you want to activate.
- Click Activate to open the Role activation details panel.
- Click the ‘play’ activate button
- You may need to re-authenticate after initial logon as all roles require multi-factor authentication (MFA), However, you only have to authenticate once per session.
- If necessary, specify a custom activation start time. (If left blank, time limit will start once you click activate.
- Specify the activation duration.
- In the Activation reason box, enter the reason for the activation request. Ticket number – please provide ServiceNOW ticket number Ticket system – change request . project work (activation reason – in depth what you are doing)
- Click Activate.
If the role does not require approval, an Activation status panel appears that displays the status of the activation.
Once all the stages are complete, click the Sign out link to sign out of the Azure portal.
You should allow a couple of minutes for the change to take effect.
When you sign back into either the Office 365 or Azure portal, you will now be able to use the role.