Just in Time Administration (JIT) in Azure AD Premium for Preview

Seems that the new MIM 2016 feature called PAM (Privileged Access Management) found its way into Azure AD Premium also.
In Azure AD Premium this is called PIM (Privileged Identity Management).

See the following accouncment on the Alex Technet AD Blog:

You can also have a quick look into this with whis video on Channel 9:

Here are some details:

Azure AD Privileged Identity Management reduces this risk by enabling you to:

  • Discover and monitor privileged roles. The Azure AD PIM Dashboard gives you visibility into and tracking of users with privileged roles.
  • Automatically restrict the time that users have these privileged permissions through on-demand “just in time (JIT)” activation of permissions for pre-configured time windows.
  • Monitor and track privileged operations for audit purposes or security incident forensics.

Preview scope and next steps

This preview currently manages only the built-in Azure AD privileged roles, and their access to directory resources: Global administrator, Billing administrator, Service administrator, User administrator, Password administrator.

In upcoming releases we will add a bunch of new capabilities:

  • Add stronger workflow gates for activation: Multi-Factor Authentication, human approval, and integration with ticketing systems
  • Expanded management coverage for additional privileged roles and resources such as Office 365, Azure, & SaaS apps managed by Azure AD
  • Expose APIs so you can to integrate your own workflow experiences.

About Peter Stapf
Senior Consultant Identity and Access MVP (Enterprise Mobility)

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.

%d bloggers like this: