Azure Active Directory- Privileged Identity Management

  • With PIM you can provide as-needed and just-in-time access to Azure resources, Azure AD resources, and other Microsoft online services like Microsoft 365 or Microsoft Intune.


To use Privileged Identity Management, you must have one of the following licenses:

  • Enterprise Mobility + Security (EMS) E5

Lock down inbound traffic to your Azure Virtual Machines with Azure Security Center’s just-in-time (JIT) virtual machine (VM) access feature. This reduces exposure to attacks while providing easy access when you need to connect to a VM.

For a full explanation about how JIT works and the underlying logic, see Just-in-time explained.

This page teaches you how to include JIT in your security program. You’ll learn how to:

  • Request access to a VM that has JIT enabled — The goal of JIT is to ensure that even though your inbound traffic is locked down, Security Center still provides easy access to connect to VMs when needed. You can request access to a JIT-enabled VM from Security Center, Azure virtual machines, PowerShell, or the REST API.
  • Audit the activity — To ensure your VMs are secured appropriately, review the accesses to your JIT-enabled VMs as part of your regular security checks.



Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store