Activate an Azure AD PIM role from PowerShell

Share the love

Azure AD Privileged Identity Management helps you manage your users and their permissions. In it I ‘ll show you how to request activation from PowerShell.

Here are the steps you should take to request activation of an Azure AD role:

#Install Azure AD PIM Module
Install-Module Microsoft.Azure.ActiveDirectory.PIM.PSModule

#Check available commands you can use in this module
Get-Command -Module Microsoft.Azure.ActiveDirectory.PIM.PSModule

#Connect as any user who has the required privileges
Connect-PimService -UserName '<user>@<domain>'

#View my eligible roles
Get-PrivilegedRoleAssignment

#Activate a role
$params = @{
             'RoleId'= '62e90394-69f5-4237-9190-012177145e10';
             'Reason' = 'Testing PIM activation with PowerShell';
             'Duration' = '1.0'
            }

Enable-PrivilegedRoleAssignment @params

As you can see, you need to install the Microsoft.Azure.ActiveDirectory.PIM.PSModule module and login with the user who has eligible roles. With Get-PrivilegedRoleAssignment you can see all the ones you have available for activation. Copy the id of the role you want to activate and create a params object with this value, the reason for the activation and the time you want it to be active.

Cloud is Easy

Activate an Azure AD PIM role from PowerShell

Leave a Reply Cancel

Activate an Azure AD PIM role from PowerShell

Related Posts

How to delete a tenant from Azure Active Directory?

Remove sync between Active Directory and Azure Active Directory

Remove orphaned users and groups from Azure Active Directory

Leave a Reply Cancel