Staff who have administrative roles in UConn’s Entra ID or Microsoft 365 environments are required to activate their role(s) using PIM. A “Just in time” policy is a safeguard for individual accounts. Certain sections of the Microsoft 365 admin portal have more sensitive data, or settings that can effect global change, etc., and user accounts do not need prolonged access to these permissions. With “Just in Time” access via PIM, admin users need to be granted access to certain privileges before performing such tasks. In the event of a compromised admin account, a malicious actor cannot perform certain tasks without asking for permission.
Navigate to or bookmark https://entra.microsoft.com/#view/Microsoft_Azure_PIMCommon/ActivationMenuBlade/~/aadgroup to quickly access & elevate to your admin role via your PIM groups. Step by step instructions are below.
Roles can be activated for up to 8 hours at a time.
Navigate to https://entra.microsoft.com and login with your NetIDAdmin account
Expand the Identity Governance section and click on Privileged Identity Management (PIM)
Optionally pin PIM as a favorite by clicking the star icon to the right of its entry.
Click on My roles under the Tasks section on the left-hand side
Then click Groups in the Active section
Click Activate next to the role assigned group you wish to active roles for
Specify a duration and provide a short justification, then click Activate
The roles associated with your PIM group will be added to your NetIDAdmin account for the duration you specified