MicrosoftHi dishanfrancis iamrufus ,
We've been using PIM for a number of months and are now looking to implement PIM for Groups to help manage access to Global Admins (we have a specific use case that PIM for Groups will resolve).
Our plan is to create a group and configure the group with active Global Admin assignment. We'll then use PIM for Groups to make members of the group as eligible. The idea is in order for users who are in the group to gain the Global Admin role they'll first need to have approved their membership of the PIM controlled group.
All this sounds good. However, reading over the MS Learn page - https://learn.microsoft.com/en-us/entra/id-governance/privileged-identity-management/concept-pim-for-groups#making-group-of-users-eligible-for-microsoft-entra-role - it states ' If you choose to make active assignment of a group to a role and assign users to be eligible to group membership instead, it may take significant time to have all permissions of the role activated and ready to use.'
Can you, or anyone, explain what is meant by 'significant time' and if this is going to impact use of PIM for Groups to manage access to Entra roles.
