MS Azure (IaaS)

Azure AD Privileged Identity Management

Just Thought of to cover the Azure access review in this blogs Because most of the organization looking to provide the secure subscription access to their users and partners and how they archive this task.In current trends most of the organization are using third party tools.

In this blogs i am covering the few things :

  • How we can secure the our Azure infrastructure ,
  • How we can review the access of users/Partners/Vendors etc.
  • we can see the feature of audit logs of azure ad access review policy which will help us keep the data for auditing  purpose if its require.

What is Azure AD Privileged Identity  Management ?  

User AD PIM solution , We can manage, Control and monitor the access with in the organization

  • We can Review the Access of Users .
  • We can Approve/Reject the Access .
  • Using PIM we can provide the time Based Access .
  • We can manage the Directory Role using PIM Solution.

How to Create An Azure AD PIM:


  • Azure Ad Premium 2 License Required to get all the feature
  • P2 License cost may come approx 600 RS/M.

Step: 1

  • Click on All services
  • Search the Azure Privileged Identity Management
  • Click on this
  • Pre1.jpg

Step: 2:–

  • Click on Quick Start.
  • Enable the One month Free Azure AD P2 License .



How to Activate the 1 month Free P2 License.

  • Click on the My Role
  • It will ask to enable the Free trail for Azure Ad services P2  License .
  • Click on the role
  • Signup


Click on the Azure Ad Premium: 2


Once you will click on that it will start activating the Azure AD P2 License .

Once that is done , We will explore the more option.


Once the Azure AD P2 is enabled you will be able to View and access the below option.

My Roles:

  • It will provide the information, What kind of role you have in subscription .
  • It will give an access to activate the other tole as well if your administrator has assigned to it.
  • It will give the option for eligible role and Expired Role option as well if Role is time bound.


MY Request :

  • In my Requested, If i have requested for an access or Any role assignment , then it will show in My Request tab basically just show the request.


Approve Requests:

  • IF you are a security admin and you need to approved  or reject the access , We can do it from here.


Review Access 

If we want to review the access of our user access we can do that ,while selecting the Review Access tab and get the data and keep it for auditing purpose.

access review.JPG

Azure AD Identity Role:

It will show what AD roles , User has apart from the subscription Role.

  • We will have 2 View
  • Admin View : which will have audit history other directory Role .

admin view

  • My View : Which will show only account activation part of Ad Role.

my view

Azure Resources :

Azure Resources tab will show you want kind of recourse you have and you can add multiple resources or subscription which is in one ID can be discover.


My Audit History 

In My audit history , We will have the audit logs in azure and help security administrator to understand the task by perform by him or his team . If required , we can keep those logs for auditing purpose.





3 thoughts on “Azure AD Privileged Identity Management”

    1. You need to configure the PIM and you can see those logs in Audit Logs. You can configure to archive in storage accounts.

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.