Use JiT role activation with PIM#
Security · Subscription · Rule · 2020_09 · Important
Use just-in-time (JiT) activation of roles instead of persistent role assignment.
Description#
PIM helps manage the impact of identity compromise or misuse of permissions by reducing persistent access. With PIM, eligible identities can activate time-bound role assignments on an as needed basis (just-in-time). Activation typically occurs before a schedule change or management operation.
PIM is an Azure Active Directory (AD) feature included in Azure AD Premium P2.
Recommendation#
Consider using Privileged Identity Management (PIM) to activate privileged roles on an as needed basis.
Links#
- What is Azure AD Privileged Identity Management?
- Discover Azure resources to manage in Privileged Identity Management
- Configure Azure resource role settings in Privileged Identity Management
- Lower exposure of privileged accounts
- No standing access / Just in Time privileges
- Use Azure AD Privileged Identity Management