Just in time access for privileged roles

Microsoft Entra Privileged Identity Management (PIM) is a service that enables the management, control and monitoring of privileged role access within an organisation. PIM can be used to grant eligible roles to users whereby their access can be elevated on a just-in-time basis. With that, PIM is used to reduce the need for permanently assigned roles within an environment, whilst enforcing additional management controls such as time limits for user promotion, justification requirements for auditing purposes, additional approvals from management teams and a requirement to approve multi-factor authentication.

Lastly all eligible promotions are audited and built in capabilities to regular access reviews can be implemented to ensure only necessary users have the prevailed roles they require. During this engagement, ITC will provide guidance on configuring and scoping PIM for Microsoft Entra administrator roles to ensure administrators maintain the rights to fulfil their role whist securing the account, ensuring the privileges are activated when required.

Key activities:

• Week 1 - Discovery workshops
• Week 2 - Low-level design & documentation
• Week 3 - Configuration
• Week 4 - Testing
• Week 5 - Staged Roll out - up to 10 administrators

Key Deliverables:

• A workshop to gather configuration and additional information
• Low-level design documentation
• Implementation and testing of PIM deployment for up to 5 Microsoft Entra roles
• Handover workshop to continue full rollout

Customer pre-requisites

• Access to relevant the Customer’s team members.
• All users in scope for Microsoft Entra have the correct licences assigned Microsoft Entra ID P2.
• Remote access to Microsoft Entra, portal (via B2B with PIM is used or, a dedicated account within the Microsoft 365 tenant or secure remote access tooling such as CyberArk).
• Global Administrator required to configure PIM (if PIM has been activated a Privileged management administrator Microsoft Entra role is required).