Azure Active Directory- Privileged Identity Management
- Privileged Identity Management (PIM) is used to manage, control, and monitor access within your Azure Active Directory (Azure AD) organization.
- With PIM you can provide as-needed and just-in-time access to Azure resources, Azure AD resources, and other Microsoft online services like Microsoft 365 or Microsoft Intune.
To use Privileged Identity Management, you must have one of the following licenses:
- Azure AD Premium P2
- Enterprise Mobility + Security (EMS) E5
Lock down inbound traffic to your Azure Virtual Machines with Azure Security Center’s just-in-time (JIT) virtual machine (VM) access feature. This reduces exposure to attacks while providing easy access when you need to connect to a VM.
For a full explanation about how JIT works and the underlying logic, see Just-in-time explained.
This page teaches you how to include JIT in your security program. You’ll learn how to:
- Enable JIT on your VMs — You can enable JIT with your own custom options for one or more VMs using Security Center, PowerShell, or the REST API. Alternatively, you can enable JIT with default, hard-coded parameters, from Azure virtual machines. When enabled, JIT locks down inbound traffic to your Azure VMs by creating a rule in your network security group.
- Request access to a VM that has JIT enabled — The goal of JIT is to ensure that even though your inbound traffic is locked down, Security Center still provides easy access to connect to VMs when needed. You can request access to a JIT-enabled VM from Security Center, Azure virtual machines, PowerShell, or the REST API.
- Audit the activity — To ensure your VMs are secured appropriately, review the accesses to your JIT-enabled VMs as part of your regular security checks.