Microsoft Secure Tech Accelerator
Apr 03 2024, 07:00 AM - 11:00 AM (PDT)
Microsoft Tech Community

PIM: Assignment of custom roles (e.g. Intune custom roles)

Steel Contributor

Hi folks,

 

i wonder if it's possible to assign custom roles with the privileged identity management.

At the moment i would like to assign our custom intune roles. Is this possible?

 

Thank yyou in advance.

Patrick :)

4 Replies
Hi Patrick,

What I did to assign custom roles was to go the route of creating an access package with the roles assigned and then have access requested via that. This article also has another method to do it. https://docs.microsoft.com/en-us/azure/active-directory/privileged-identity-management/azure-ad-cust... I hope that helps.

Hi @ChonoN 

 

Thank you for your kind reply.

Unfortunatelly in my PIM console there is no menu item called "Azure AD custom roles (Preview)" as mentioned in the MS docs article. :\ Is this an option in your tenant?

 

Could you describe your alternate approach a little more?

As the Intune roles aren't created through AAD, but through Intune

It's not possible to assign them through PIM.

Assigning custom roles is in preview indeed, but now it only support application permissions

@PatrickF11 Yes it's an option in mine and what I did was create a group with the appropriate permissions and access levels and then created an access package via PIM so that when someone needed to perform those task they will activate the role via PIM and be added to group and then upon expiration be automatically removed.