Staff who intended to have administrative roles in UConn’s Entra ID or Microsoft 365 environments are required to activate their role(s) using PIM. A PIM “Just in time” policy is a safeguard for individual accounts. Certain sections of the Microsoft 365 admin portal have more sensitive data, or settings that can effect global change, etc., and user accounts do not need prolonged access to these permissions. With “Just in Time” access via PIM, admin users need to be granted access to certain privileges before performing such tasks. In the event of a compromised admin account, a malicious actor cannot perform certain tasks without asking for permissionensures that accounts only hold elevated privileges while they are necessary to perform administrative tasks.
| Tip |
|---|
Navigate to or bookmark https://entra.microsoft.com/#view/Microsoft_Azure_PIMCommon/ActivationMenuBlade/~/aadgroup to quickly access & elevate to your admin role via your PIM groups. Step by step instructions are below. |
...
Navigate to https://entra.microsoft.com and login with your NetIDAdmin account
Expand the Identity Governance section and click on Privileged Identity Management (PIM)
Optionally pin PIM as a favorite by clicking the star icon to the right of its entry.
Click on My roles under the Tasks section on the left-hand side
Then click Groups in the Active section
Click Activate next to the role assigned group you wish to active roles for
If you are responsible for managing a PIM group in your area, you will see an additional Owner role row under Eligible assignments. You can activate this owner role to manage other assignments in that group. Please review Managing "Just in Time" Microsoft Admin Roles via Privileged Identity Management (PIM) for more information on how to do so.
Specify a duration and provide a short justification, then click Activate
The roles associated with your PIM group will be added to your NetIDAdmin account for the duration you specified
...