Forum Discussion
Remove a privileged access group?
Please could someone advise how to remove a `Privileged Access Group` from PIM?
I deleted the security group from AAD, however, the group has not been removed from Privileged Access Groups.
18 Replies
o remove a Privileged Access Group from PIM, you'll need to follow these steps https://mypcgames.net/project-igi-1-setup-download/:
Go to the Azure portal.
Navigate to Azure AD.
Select "Azure AD Privileged Identity Management."
Under "Roles," choose "Privileged Access Groups" and locate the group you want to remove.
Click on the group, and in the top menu, select "Delete."
This should remove the Privileged Access Group from PIM after deleting it from AAD.- I have been able to remove it from my PIM group roles, but there's still a trace of it in the group management options of the PIM solution.
Thanks for the info anyway!https://applisolve.com/bettertouchtool-for-mac/ For Mac Version 4.388 Overview
- Same here. I just deleted a security group from AAD, and it still persists in my PIM group roles.
I've waited in case it was something related to the cache, and I even recreated the same group, with the same permissions, and assigned it to the same users to see if the information could be overwritten for later deletion, but nothing.
There seems to be no solution at the moment. I was kinda hoping this was fixed after 3,5 years, but it doesn't look like it is.
- Any news on this ? I am trying to work with such Groups and just renamed the groups... I noticed that in Catalogs of the Identity Management there is an option to "Refresh from Origin" button that seems to fix this... Hopefully we get something like that in PIM Groups.
TS-noodlemctwoodle and ChristianBergstrom , I have the same issue. Group is deleted in Azure AD, but it's still showing under "privileged access groups (Preview)" in the Groups and PIM section.
I even looked for the Object ID via PowerShell and the Azure AD Group IS DELETED.
Any ETA on when they will clear the cache?
Deleted Hello, thanks for the info. I have no idea to be honest. But you should open up a ticket with the official support to get an estimation or at least a better explanation than the "we are fixing this".
Would you mind updating this conversation if you do that? Thanks!
TS-noodlemctwoodle Hi, sounds like this could be what you're describing.
- Azure AD P2 licensed customers only Even after deleting the group, it is still shown an eligible member of the role in PIM UI. Functionally there's no problem; it's just a cache issue in the Azure portal.
https://docs.microsoft.com/en-us/azure/active-directory/users-groups-roles/roles-groups-concept#known-issues
ChristianBergstrom I initially thought it might be a caching issue, however, its been 5 days now that the group remains in PIM and has been removed from AAD.
TS-noodlemctwoodle Hey, from my understanding that is the issue (gonna stay there until they fix it).
"We are fixing these issues."
You could reach out to the Microsoft support, meaning creating a service request, to have an official response though.
