SOLVED

Azure PIM with Microsoft Graph Command Line Tools

Iron Contributor

Hi everyone,

 

We are using a powershell script when onboarding \ offboarding users.

The script uses these modules: AzureAD, ExchangeOnlineManagement, MSOL, MicrosoftTeams, Microsoft.Online.Sharepoint.

Since AzureAD and MSOL will be deprecated, I started migrating our script to the MgGraph module.

My problem \ question is: How can I use PIM with MgGraph? The reason I'm asking is because if the app has user consented to permissions how does "Just in time" work in this case?

 

Thanks, Rahamim.

1 Reply
best response confirmed by RahamimL (Iron Contributor)
Solution
To anyone who needs this.
Checked what happens when the user running the script has consent but is without the admin roles and the desired result is achieved. Meaning, even if there is a user consent, no action can be made on the user unless PIM is enforced.
1 best response

Accepted Solutions
best response confirmed by RahamimL (Iron Contributor)
Solution
To anyone who needs this.
Checked what happens when the user running the script has consent but is without the admin roles and the desired result is achieved. Meaning, even if there is a user consent, no action can be made on the user unless PIM is enforced.

View solution in original post