Skip to content

Use JiT role activation with PIM#

Security · Subscription · Rule · 2020_09 · Important

Use just-in-time (JiT) activation of roles instead of persistent role assignment.

Description#

PIM helps manage the impact of identity compromise or misuse of permissions by reducing persistent access. With PIM, eligible identities can activate time-bound role assignments on an as needed basis (just-in-time). Activation typically occurs before a schedule change or management operation.

PIM is an Azure Active Directory (AD) feature included in Azure AD Premium P2.

Recommendation#

Consider using Privileged Identity Management (PIM) to activate privileged roles on an as needed basis.

Comments