« Previous 1 2 3 4
Delegate and restrict authorizations in Azure AD
Temporary Admin
Role Requests by Admins
Once the customizations are in place, you can request access to the role by clicking Activate in the Azure AD portal when managing PIM. You can also see the roles for which you are authorized and enable access. When doing so, admins must enter a reason. Once access is requested, the user will receive an email to approve access. However, you can also unlock access directly on the Azure portal when managing Azure AD roles. Once access is approved, the admin will receive an email message that their request has been approved. (All operations are traceable in Azure and the monitoring system.) After that the admin is a member of that role, which in turn can be a member of an administrative unit.
Conclusions
Administrative units enable structured delegation of authorizations in Azure AD. In the current version, it is also possible to manage devices or make memberships dynamic. Together with role-based entitlement management and privileged identity management, the management entities can be used to create effective structures for managing authorizations in Azure AD.
Infos
- Licensing requirements to use PIM: https://learn.microsoft.com/en-us/azure/active-directory/privileged-identity-management/subscription-requirements
« Previous 1 2 3 4
Buy this article as PDF
(incl. VAT)