Use JiT role activation with PIM

Security · Subscription · Rule · 2020_09 · Important

Use just-in-time (JiT) activation of roles instead of persistent role assignment.

Description

PIM helps manage the impact of identity compromise or misuse of permissions by reducing persistent access. With PIM, eligible identities can activate time-bound role assignments on an as needed basis (just-in-time). Activation typically occurs before a schedule change or management operation.

PIM is an Azure Active Directory (AD) feature included in Azure AD Premium P2.

Recommendation

Consider using Privileged Identity Management (PIM) to activate privileged roles on an as needed basis.

Links

• What is Azure AD Privileged Identity Management?
• Discover Azure resources to manage in Privileged Identity Management
• Configure Azure resource role settings in Privileged Identity Management
• Lower exposure of privileged accounts
• No standing access / Just in Time privileges
• Use Azure AD Privileged Identity Management

Comments