Privileged Identity Management

PIM
access

Just-in-time privileged access service that enables time-limited, approval-based activation of administrative roles.

What is Privileged Identity Management?

PIM transforms always-on administrative access into on-demand privileged access. Instead of permanent role assignments, users are made "eligible" for roles and must explicitly activate access when needed. Activation can require justification, approval workflows, MFA, and is time-limited (typically 1-8 hours). This reduces the attack window for privileged accounts from 24/7 to the actual minutes of active use.

In Microsoft 365

Azure AD PIM manages both Azure AD roles (like Global Administrator) and Azure resource roles. It provides activation workflows, access reviews, audit history, and alerts for suspicious activity. PIM requires Azure AD P2 licensing.

Examples

  • 1Activating Global Admin for 1 hour to create a CA policy
  • 2Requiring approval for Security Admin activation
  • 3Setting up quarterly access reviews for privileged roles

Related TrueConfig Controls

These controls help implement and verify privileged identity management in your Microsoft 365 environment.

PA-01-L2Eliminate Permanent Global AdministratorsPA-04Require PIM for All Privileged RolesGOV-03Conduct Quarterly Privileged Access Reviews

Frequently Asked Questions

What is Privileged Identity Management (PIM)?
Just-in-time privileged access service that enables time-limited, approval-based activation of administrative roles.
How does Privileged Identity Management work in Microsoft 365?
Azure AD PIM manages both Azure AD roles (like Global Administrator) and Azure resource roles. It provides activation workflows, access reviews, audit history, and alerts for suspicious activity. PIM requires Azure AD P2 licensing.
What are examples of Privileged Identity Management?
Examples of Privileged Identity Management include: Activating Global Admin for 1 hour to create a CA policy, Requiring approval for Security Admin activation, Setting up quarterly access reviews for privileged roles.
Which TrueConfig controls relate to Privileged Identity Management?
TrueConfig controls related to Privileged Identity Management include: PA-01-L2, PA-04, GOV-03. These controls help implement and verify privileged identity management in your environment.

Related Terms

Just-in-Time Access

(JIT)

Security principle that provides access only when needed and only for the minimum time required.

Least Privilege

Security principle that grants users only the minimum access rights necessary to perform their job functions.

← Back to GlossaryBrowse Controls →