Assign, Activate, Approve, Reject and Renew Roles using Entra PIM
Part 9 covered the basic PIM flow: configure role → assign Eligible → user activates → admin removes when done. This guide adds two layers: An approval workflow — the…
Tag: Admin Roles
Configuring and Activating Roles via Entra Privileged Identity Management (PIM)
Privileged Identity Management (PIM) flips the assumption about admin access. Instead of “users with admin roles always have admin powers”, it’s “users are eligible for admin roles, and must activate…
Enforcing MFA for Admin Roles via Conditional Access in Entra ID
Microsoft’s number-one recommended baseline Conditional Access policy is require MFA for any administrator. The premise is simple: admin accounts have the keys to the kingdom — if an attacker phishes…
2 Ways to Assign Microsoft Entra Admin Roles to a User Account
Two ways to assign Microsoft Entra admin roles to a user. Method 1 is role-first — pick a role, add users to it. Method 2 is user-first — pick a…