Forum Discussion
PIM does not support per‑action approval so you have the following 2 options.
Privileged Access Management (PAM) for Office 365 – Adds task‑level approval for now it is limited to Exchange Online only. Even after PIM activation, users must request and get approval for specific sensitive actions (e.g., mailbox searches, data access). This is the key feature for “approval per action.
Privileged access management in Office 365 is now Generally Available | Microsoft Community Hub
Conditional Access Authentication Contexts – Adds step‑up controls (stronger MFA, device compliance) for specific sensitive resources or actions, not approval workflows.
This is best used alongside PIM/PAM for extra security at execution time.
Targeting Resources in Conditional Access Policies - Microsoft Entra ID | Microsoft Learn
If you find the answer useful, please do not forget to like and mark it as a solution 🙂