What is the different between Azure PIM and Identity Governance

Brass Contributor

As I can see both are doing the same, 

The main key is to delegate administrators and help desk a certain time to do a certain task. 

Still I find its more easier to tell the user to request access though myaccess.microsoft.com rather having them access AAD to request for access.

did I miss a point ?

4 Replies
with Identity Governance you get 3 features: 1. Access Packages, 2. Access Review, 3. PIM so pim is one part of ident-governance
Identity governance is more focused on managing the lifecycle that include normal users or PIM rather PIM is focused on providing privilege's access . as an example you will use PIM to define users , access levels and JIT etc. and then you will use Identity governance to create access reviews maybe monthly or quarterly to make sure no user is having access which is don't need to have because he left the project or organization

@Chandrasekhar_Arya @tommykneetz 

Thanks for your response, but is it correct to do such an implementation for administration delegation, or do I need to do that through PIM and use Identity governance for access review only, or there is no best practice on which approach to use as long as it work!

Yes you need to have owner/manager to certify and approve for all the Privilege's accounts and it doesn't matter weather it is a human or non-human account(service accounts) . It is always recommended to use identity governance and access reviews and re-certify all users at least one in every 90 days which is minimum recommended that most of the organization follow. This way you are establishing an accountability to make sure that only valid users are having access. If you don't use access reviews under identity governance then over a period of time your environment will be be uncontrolledly as it will be very difficult to certify if the users still need access