I am thrilled to be able to share some news today. We’ve just turned on the public preview of some major updates to the Azure AD Privileged Identity Management service:
- A new, improved user experience
- New approval workflow for improved role security
- Audit History for everyone in temporary role assignments
The redesigned user experience, Audit History, and Approval Workflow are available now for current Azure AD P2 customers (paid and trial). Don’t have PIM? Get your free trial of Enterprise Mobility + Security E5.
Read on for more details about this exciting new preview!For those of you unfamiliar with PIM for Azure AD, this feature helps you:
- Discover and manage privileged role assignments in your directory at scale
- Reduce the risk of permanent assignments by allowing users to activate their roles Just-In-Time (JIT)
- Easily review role assignments for compliance, internal audit, or general lifecycle management
- Detect potential rists and fix them with a click of a button via preconfigured alerts and activity logs
- Provide contractors and vendors the ability to self-activate administration privileges at any time
Strengthen the security of your organization’s applications with Approval Workflow!
This preview allows organizations to require approval for any directory role or Global Administrator role requests, and also define the users who can approve or deny these access requests.
Requesting a role that requires approval is simple. Select the role, provide your reason for access, validate your identity with multi-factor authentication (if required), and click activate. You will receive an email when your role is approved.
Approvers are automatically notified to view and approve pending requests, either individually or in bulk, via the Azure Portal or API.
View all temporary role assignments with the new “My Audit History”
When you request to activate a role that requires approval, it’s critical that you have a way to view the status of the request. So we are introducing My Audit History, a new viewin the updated user interface that lets you see status and activation history for all your temporary role assignments.
Try it out!
I hope you’ll try out these new features and let us know what you think. Visit our documentation for more information or send us feedback directly – we’re always listening.
Alex Simons (Twitter: @Alex_A_Simons)
Director of Program Management
Microsoft Identity Division