Share the love

Azure AD Privileged Identity Management helps you manage your users and their permissions. In it I ‘ll show you how to request activation from PowerShell.

Here are the steps you should take to request activation of an Azure AD role:

#Install Azure AD PIM Module
Install-Module Microsoft.Azure.ActiveDirectory.PIM.PSModule

#Check available commands you can use in this module
Get-Command -Module Microsoft.Azure.ActiveDirectory.PIM.PSModule

#Connect as any user who has the required privileges
Connect-PimService -UserName '<user>@<domain>'

#View my eligible roles

#Activate a role
$params = @{
             'RoleId'= '62e90394-69f5-4237-9190-012177145e10';
             'Reason' = 'Testing PIM activation with PowerShell';
             'Duration' = '1.0'

Enable-PrivilegedRoleAssignment @params

As you can see, you need to install the Microsoft.Azure.ActiveDirectory.PIM.PSModule module and login with the user who has eligible roles. With Get-PrivilegedRoleAssignment you can see all the ones you have available for activation. Copy the id of the role you want to activate and create a params object with this value, the reason for the activation and the time you want it to be active.