Before we look into PIM configuration, there are certain things we need to consider:
- Access Audit: Before we start protecting, we need to know what we are protecting. The only way we can do this is via a proper audit. Azure AD has almost 35 different directory roles. Each of these roles has a different level of privileges. We can review the group memberships and their activities manually, but this takes time. If tasks are manual, and if they take time, then most administrators probably won't do them more regularly. By using Azure PIM access reviews, we can review the access and activities of members in privileged groups and adjust their memberships accordingly. PIM access review is fully automated so we can schedule ...