Home

Azure - PIM

%3CLINGO-SUB%20id%3D%22lingo-sub-427564%22%20slang%3D%22en-US%22%3EAzure%20-%20PIM%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-427564%22%20slang%3D%22en-US%22%3E%3CP%3EHi%2C%3C%2FP%3E%3CP%3EWe%20have%20enable%20PIM%20for%20our%20tenant.%3C%2FP%3E%3CP%3EWhen%20we%20enable%20our%20role%20through%20PIM%2C%20how%20much%20time%20does%20it%20take%20to%20activate%20that%20role%20on%20that%20user%20level%20%3F%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-LABS%20id%3D%22lingo-labs-427564%22%20slang%3D%22en-US%22%3E%3CLINGO-LABEL%3ESecurity%3C%2FLINGO-LABEL%3E%3C%2FLINGO-LABS%3E%3CLINGO-SUB%20id%3D%22lingo-sub-427681%22%20slang%3D%22en-US%22%3ERe%3A%20Azure%20-%20PIM%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-427681%22%20slang%3D%22en-US%22%3EDepends%20if%20you%20have%20additional%20security%20measures%20like%202%20factor%20enabled.%20It%E2%80%99s%20a%20good%20practice%20to%20have%20PIM%20based%20roles%20to%20avoid%20accidents%20in%20production%20but%20be%20mindful%20about%20any%20accounts%20that%20need%20elevated%20permissions%20in%20Azure%20like%20data%20analytics%20or%20PowerBI%20those%20roles%20need%20to%20be%20assigned%20prior.%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-430972%22%20slang%3D%22en-US%22%3ERe%3A%20Azure%20-%20PIM%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-430972%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F123820%22%20target%3D%22_blank%22%3E%40Faiza%20Qadri%3C%2FA%3E%26nbsp%3B%20Thank%20you%20for%20your%20answer%20but%20what%20do%20you%20mean%20by%20assigned%20Prior.%20Also%20the%20reason%20of%20my%20asking%20this%20question%20is%20sometimes%20we%20see%20our%20roles%20activated%20in%20few%20seconds%20and%20sometimes%20it%20takes%20time%20to%20activate%20our%20privileged%20roles.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-433929%22%20slang%3D%22en-US%22%3ERe%3A%20Azure%20-%20PIM%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-433929%22%20slang%3D%22en-US%22%3EI%20meant%20that%20any%20service%20accounts%20that%20have%20elevated%20privileges%20other%20than%20user%20account%20privileges%20would%20need%20to%20be%20assigned%20prior.%20For%20example%20you%20might%20have%20a%20reporting%20service%20that%20uses%20a%20service%20account%20but%20is%20part%20of%20the%20reporting%20group%20or%20user%20admin%20group%2C%20those%20roles%20need%20to%20be%20assigned%20to%20them.%3CBR%20%2F%3E%3CBR%20%2F%3EIn%20terms%20of%20timing%20the%20time%20varies%20from%2010%20secs%20to%20about%20a%20min%20(having%20MFA%20or%202%20factor)%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-473356%22%20slang%3D%22en-US%22%3ERe%3A%20Azure%20-%20PIM%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-473356%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F123820%22%20target%3D%22_blank%22%3E%40Faiza%20Qadri%3C%2FA%3E%26nbsp%3BThank%20you.%3C%2FP%3E%3CBLOCKQUOTE%3E%3CHR%20%2F%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F123820%22%20target%3D%22_blank%22%3E%40Faiza%20Qadri%3C%2FA%3E%26nbsp%3Bwrote%3A%3CBR%20%2F%3EI%20meant%20that%20any%20service%20accounts%20that%20have%20elevated%20privileges%20other%20than%20user%20account%20privileges%20would%20need%20to%20be%20assigned%20prior.%20For%20example%20you%20might%20have%20a%20reporting%20service%20that%20uses%20a%20service%20account%20but%20is%20part%20of%20the%20reporting%20group%20or%20user%20admin%20group%2C%20those%20roles%20need%20to%20be%20assigned%20to%20them.In%20terms%20of%20timing%20the%20time%20varies%20from%2010%20secs%20to%20about%20a%20min%20(having%20MFA%20or%202%20factor)%3CHR%20%2F%3E%3C%2FBLOCKQUOTE%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E
Amit_Trivedi112214
New Contributor

Hi,

We have enable PIM for our tenant.

When we enable our role through PIM, how much time does it take to activate that role on that user level ? 

4 Replies
Depends if you have additional security measures like 2 factor enabled. It’s a good practice to have PIM based roles to avoid accidents in production but be mindful about any accounts that need elevated permissions in Azure like data analytics or PowerBI those roles need to be assigned prior.

@Faiza Qadri  Thank you for your answer but what do you mean by assigned Prior. Also the reason of my asking this question is sometimes we see our roles activated in few seconds and sometimes it takes time to activate our privileged roles.

I meant that any service accounts that have elevated privileges other than user account privileges would need to be assigned prior. For example you might have a reporting service that uses a service account but is part of the reporting group or user admin group, those roles need to be assigned to them.

In terms of timing the time varies from 10 secs to about a min (having MFA or 2 factor)

@Faiza Qadri Thank you.


@Faiza Qadri wrote:
I meant that any service accounts that have elevated privileges other than user account privileges would need to be assigned prior. For example you might have a reporting service that uses a service account but is part of the reporting group or user admin group, those roles need to be assigned to them.

In terms of timing the time varies from 10 secs to about a min (having MFA or 2 factor)

 

Related Conversations