Two years ago, we implemented AzureAD PIM in our baseVISION infrastructure to rise the security level. But after some time, we recognized, that it has too many drawbacks because the activation of the requested role took sometimes longer than a few hours. Especially in Exchange, Skype or Intune this was a big Problem. Therefore, we had to migrate back and assign the roles permanent. Now in January I discovered that Uservoice Feedback of PIM was updated. So, I started playing around with it again it’s now really working.
This led me to a part in PIM which I have never used. It’s PIM for Azure IaaS resources. I will share my feedback about it in this blog.
Setup
Enable Azure PIM for a user
Feedback
Now the PIM functionalities are working without issues for O365 and Azure IaaS. Therefore, we can start really using this solution in our customer environments. It’s a big security benefit.
- Microsoft Sentinel ASIM Parser demystified - March 31, 2024
- Enhancing Network Security Insights with IDS/IPS of Ubiquiti Dream Machine Pro and Microsoft Sentinel - March 10, 2024
- Ubiquiti Dream Machine Pro Logs to Microsoft Sentinel - February 6, 2024
2 Comments
Robert Burton · February 12, 2021 at 16:19
Hi Thomas,
with regards to Azure Resource PIM, have you found a way to document the setup at all?
Regards
Rob Burton
Cloud Security Architect – CCSP
Thomas Kurth · March 1, 2021 at 14:43
Hi Robert
Sadly no, but it’s a good input, perhaps I can add this to my documentation framework.