Enabling PIM for Azure Resources

Today I had to enable Just-in-time access for a client at subscription level to all the high privileged roles. It was my first time implementing it. This blog is about how you can implement the same for VM users with maximum activatation duration of 2 hours.

The steps to implement are as following:

Step 1

Search and open Privileged Identity Management.

Step 2

Select the Azure Resources. If you are adding new resources into PIM then click on “Discover Resources”.

PIM Discover resources

Step 3

Search for the resource and click “Manage resource”.

Add resource to manage

I have selected Pay-As-You-Go subscription in this case.

Resource added in Azure resources

Step 4

Once this has been registered, click on the resource. Select “Roles under Manage”. Search for Virtual Machine User Login and click it.

Virtual Machine User Login

Step 5

Select Settings and click edit. By default the “Activation maximum duration” is 8 hours change it to 2.

Activation time changed to 2 hours

Step 6

Once this is done Click “Add Member” and add the members for whom you wish to enable access to the VM for the duration of 2 hours only.

Add member

Once this is enabled any user who needs to access the VM has to login into Azure portal go to PIM and have to activate its role as below.

I hope it helps!

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s