-->

10/02/2022

Azure PIM Provisioning and Configuration

Setting up PIM Administrator

Global Admins enable PIM provisioning and create PIM Admin role assignment.

PIM Admin Account Pre-requisites:

PIM admin account need to have below 2 licenses assigned.

  1.  Azure AD Premium P2
  2.  Enterprise Mobility + Security (EMS) E5

PIM Admin Setup:

1. Login to Azure portal as Global admin, navigate to Azure Active Directory.

2. In Featured highlights, click on
3. Click on “Azure AD roles” in left pane=> Navigate to “Roles” by clicking on
4. Search for “privileged role administrator”.



5. Click on “Privileged Role Administrator” role. Click on
6. Follow below configuration

Field

Value

Reason

Selected Member(s)*

PIM Admin Account

This should be an account which will be permanently treated as PIM admin

Assignment type

Eligible

This means PIM admin account is always eligible, but not active. PIM admin need to activate this role every time the changes need to be made to PIM configuration

Permanently eligible

YES

Always eligible, but not active.

 7. PIM Admin setup is finished.