Your company recently created an Azure subscription. You have, subsequently, been tasked with making sure that you are able to secure Azure AD roles by making use of Azure Active Directory (Azure AD) Privileged Identity Management (PIM).
Which of the following actions should you take FIRST?
To secure Azure AD roles using Azure Active Directory (Azure AD) Privileged Identity Management (PIM), the first action to take is to discover privileged roles. This involves identifying the roles that have elevated permissions and could pose security risks if not properly managed. Understanding which roles are privileged is essential before any further actions such as configuring settings or activating PIM can be taken. This initial step ensures that you have a clear view of the roles that need to be managed and secured using PIM.
"Consent to PIM" is deprecated. No more required. So now only priv users needs to access/ visits PIM (Premium P2 is enabled") - Access will be provided automatically. "When a user who is active in a privileged role in an Azure AD organization with a Premium P2 license goes to Roles and administrators in Azure AD and selects a role (or even just visits Privileged Identity Management): We automatically enable PIM for the organization Their experience is now that they can either assign a "regular" role assignment or an eligible role assignment"
Yeah this question in particular is outdated.
Correct answer is D. First thing you do is Discover Azure resources. 1. Discover Azure resources 2. Configure Azure role settings. 3. Give eligible assignments. 4. Allow eligible users to activate their Azure roles just-in-time. https://learn.microsoft.com/en-us/entra/id-governance/privileged-identity-management/pim-getting-started#prepare-pim-for-azure-roles
Hi please read question carefully , it does not say Enable role for Azure subscription, Your solution is correct but it is for Azure Subscription not Azure Roles. So since we are not talking about resources we must choose C. If in the condiition it says for Azure resource we must chose D in this case - Discover Azure resources.
Step by step getting started - the first step listed in the choices is D: Discover resources https://learn.microsoft.com/en-us/azure/active-directory/privileged-identity-management/pim-getting-started When you first set up Privileged Identity Management for Azure resources, you need to discover and select the resources you want to protect with Privileged Identity Management. When you discover resources through Privileged Identity Management, PIM creates the PIM service principal (MS-PIM) assigned as User Access Administrator on the resource. There's no limit to the number of resources that you can manage with Privileged Identity Management. However, we recommend starting with your most critical production resources. https://learn.microsoft.com/en-us/azure/active-directory/privileged-identity-management/pim-resource-roles-discover-resources
This question is about AD (now Entra) roles. Discovering resources is a step when working with PIM for RBAC roles. Two different contexts.
B. You should consent to Azure Active Directory (Azure AD) Privileged Identity Management (PIM).
Answer is b https://docs.microsoft.com/en-us/azure/active-directory/privileged-identity-management/pim-getting-started
According to the following article "Discover and mitigate privileged roles" is the first step. https://learn.microsoft.com/en-us/azure/active-directory/privileged-identity-management/pim-deployment-plan#plan-and-implement-pim-for-microsoft-entra-roles
The sequence is as follows, as per the documentation: 1. Plan a PIM deployment: a step of this includes 'C. Discover and mitigate privileged roles' https://learn.microsoft.com/en-us/azure/active-directory/privileged-identity-management/pim-deployment-plan 2. Start using PIM: a step of this includes 'D. Discover resources' https://learn.microsoft.com/en-us/azure/active-directory/privileged-identity-management/pim-getting-started So though both steps C & D are valid, C refers to the planning phase, D to the usage phase, therefore C comes first.
ChatGPT: For securing Azure AD roles using Azure Active Directory (Azure AD) Privileged Identity Management (PIM), the FIRST action you should take is: C. You should discover privileged roles. Before enabling and configuring Azure AD Privileged Identity Management (PIM), it's essential to discover and identify the privileged roles within your Azure environment. Understanding the roles and their permissions is a crucial initial step in implementing proper security measures and access controls. Once you have discovered these roles, you can proceed to configure and manage them using Azure AD PIM.
The correct answer is B. Before you can start using Azure AD PIM to manage and secure privileged roles, you must first give your consent to use the service within your Azure environment. This step is crucial as it involves agreeing to the terms of use and understanding the permissions and capabilities that PIM will have within your Azure AD environment. The process of signing up for Azure AD PIM (Option A) typically follows after you have given consent. Signing up may involve configuring specific settings or initiating the service within your Azure subscription, but it cannot be done before consent is provided. Discovering privileged roles (Option C) and discovering resources (Option D) are actions taken after Azure AD PIM is activated and consented to. These steps are part of the process of setting up and configuring PIM, wherein you identify which roles and resources require privileged access management.
https://learn.microsoft.com/en-us/entra/id-governance/privileged-identity-management/pim-getting-started#prepare-pim-for-azure-roles
Answer is C, You discover Azure roles, consenting is deprecated and is auto when accessing Pim first time
Plan and implement PIM for Microsoft Entra roles Follow these tasks to prepare PIM to manage Microsoft Entra roles. Discover and mitigate privileged roles List who has privileged roles in your organization. Review the users assigned, identify administrators who no longer need the role, and remove them from their assignments. You can use Microsoft Entra roles access reviews to automate the discovery, review, and approval or removal of assignments.
To use Privileged Identity Management (PIM), a Microsoft Entra ID P2 subscription is required.
It should be C (Discover priviled roles) for the following reason : - Consent to PIM is an old story (a privileged role need to go to PIM to activate it) - The question mentions "AZ AD Roles" not RBAC so it is Discover Privileges roles, if it was AZ RBAC it would have been D (Discover resources)
The correct answer is D.. https://learn.microsoft.com/en-us/entra/id-governance/privileged-identity-management/pim-getting-started
● C. You should discover privileged roles is the answer The first step in securing Azure AD roles using Azure Active Directory (Azure AD) Privileged Identity Management (PIM) can indeed be to discover privileged roles. This process involves identifying the roles that have privileged access and could therefore pose a security risk if misused. Once these roles are identified, you can then proceed with other steps such as consenting to PIM and managing these roles using PIM.
Ladies and Jentelmens please read question carefully: Hi please read question carefully , it does not say Enable role for Azure subscription, Your solution is correct but it is for Azure Subscription not Azure Roles. So since we are not talking about resources we must choose C. If in the condiition it says for Azure resource we must chose D in this case - Discover Azure resources. Here Answer is C