Your company recently created an Azure subscription.
You have been tasked with making sure that a specified user is able to implement Azure AD Privileged Identity Management (PIM).
Which of the following is the role you should assign to the user?
Your company recently created an Azure subscription.
You have been tasked with making sure that a specified user is able to implement Azure AD Privileged Identity Management (PIM).
Which of the following is the role you should assign to the user?
The Global administrator role is required to enable and manage Azure AD Privileged Identity Management (PIM). This role has the highest level of privilege in Azure AD and allows a user to configure, manage, and implement PIM settings and assignments. This role gives the necessary permissions to perform all administrative functions, including those related to PIM.
Given answer is correct. https://docs.microsoft.com/en-us/azure/active-directory/privileged-identity-management/pim-configure
Today, this not 100% correct. PIM ready to use without consent. Any user that have active role enables PIM.
No. You havent got the meaning of question. "Anyone" can enable PIM and get the admin access for assigned duration but who has right and permission to assign admin role using PIM to others ? I hope its clear for you.
A. The Global administrator role.
Correct
Global admin is correct answer.
A. The Global administrator role.
The Global administrator role - Should be assign. The correct answer is A
Global admin is the correct answer.
A is correct
A is the answer. https://learn.microsoft.com/en-us/azure/active-directory/privileged-identity-management/pim-deployment-plan#assign-and-activate-azure-ad-roles For Azure AD roles in PIM, only a user who is in the Privileged Role Administrator or Global Administrator role can manage assignments for other administrators. Global Administrators, Security Administrators, Global Readers, and Security Readers can also view assignments to Azure AD roles in PIM.
"Only a user who is in the Privileged Role Administrator or Global Administrator role can manage assignments for other administrators" https://learn.microsoft.com/en-us/entra/id-governance/privileged-identity-management/pim-deployment-plan Privileged Role Administrator is not an option, thus Global Administrator it is.
A. The Global administrator role. Explanation: To implement Azure AD Privileged Identity Management (PIM), a user must have elevated privileges that allow them to manage role assignments and access controls. The Global Administrator role has the highest level of permissions in Azure AD, including the ability to enable and configure Privileged Identity Management (PIM). Why not the other options? B. Security Administrator → Can manage security-related policies but does not have permissions to configure PIM. C. Password Administrator → Only manages password-related tasks and cannot implement PIM. D. Compliance Administrator → Focuses on compliance settings and auditing but lacks control over PIM.
correct answer
Who can do what? For Azure AD roles in Privileged Identity Management, only a user who is in the Privileged Role Administrator or Global Administrator role can manage assignments for other administrators.
reponse A
Correct answer
Correct, need to be global admin to set up PIM
The highest priviliges is the global user. A right answer
true<!--
Global admin is the correct answer.
Definitely not: The correct ans: Security Administrator https://learn.microsoft.com/en-us/azure/active-directory/roles/permissions-reference#privileged-role-administrator
B. The Security administrator role. The Security administrator role in Azure AD is required to manage Azure AD Privileged Identity Management. This role allows the user to configure and manage PIM settings, including configuring role assignments, activating PIM for specific roles, and managing the PIM security settings.
Correct answer
correct answer
Correct Answer B
The correct answer is A and not B
A is correct. For Azure AD roles in Privileged Identity Management, only a user who is in the Privileged Role Administrator or Global Administrator role can manage assignments for other administrators. Global Administrators, Security Administrators, Global Readers, and Security Readers can also view assignments to Azure AD roles in Privileged Identity Management.
In real world you should always give Privileged Role Administrator over global admin For Azure AD roles in Privileged Identity Management, only a user who is in the Privileged Role Administrator or Global Administrator role can manage assignments for other administrators. Global Administrators, Security Administrators, Global Readers, and Security Readers can also view assignments to Azure AD roles in Privileged Identity Management.
A. The Global administrator role.
To start using PIM in your directory, you must first enable PIM. 1. Sign in to the Azure portal as a Global Administrator of your directory. You must be a Global Administrator with an organizational account (for example, @yourdomain.com), not a Microsoft account (for example, @outlook.com), to enable PIM for a directory. Scenario: Technical requirements include: Enable Azure AD Privileged Identity Management (PIM) for contoso.com
B. Security administrator role Here's why: The Security administrator role provides the necessary permissions to manage Azure AD security features, including PIM. It grants control over security policies, access management, and monitoring, which aligns with PIM's functionalities.
"Only a user who is in the Privileged Role Administrator or Global Administrator role can manage assignments for other administrators" https://learn.microsoft.com/en-us/entra/id-governance/privileged-identity-management/pim-deployment-plan
Seems an outdated question as PIM now is automatically enabled when a P2 license enabled user logs in? https://learn.microsoft.com/en-us/entra/id-governance/privileged-identity-management/pim-getting-started When a user who is active in a privileged role in a Microsoft Entra organization with a Premium P2 license goes to Roles and administrators in Microsoft Entra ID and selects a role (or even just visits Privileged Identity Management): "We automatically enable PIM for the organization Their experience is now that they can either assign a "regular" role assignment or an eligible role assignment"
The Global administrator role has the highest level of privilege in Azure AD and provides full access to all administrative features, including the ability to configure and manage Azure AD PIM. This role allows the user to enable and configure Azure AD PIM for managing privileged roles and access in the Azure subscription. Therefore, the correct answer is: A. The Global administrator role.
Answer: A, Global Administrator Reason: Azure AD Privileged Identity Management (PIM) requires Global Administrator permissions to be configured initially. While other administrators can manage specific PIM roles once it's set up, only Global Administrators can implement and configure PIM for the first time in an Azure AD tenant. Reference: https://learn.microsoft.com/en-us/azure/active-directory/privileged-identity-management/pim-getting-started#prerequisites Note: Although a Security Administrator can manage some PIM settings after initial setup, they cannot implement PIM for the first time in an organization.
Privileged Role Administrator or Global Administrator role can manage assignments for other administrators
PIM itself is a high-privilege service because it controls admin role assignments. Other roles like Security administrator, Password administrator, and Compliance administrator don’t have permission to enable/configure PIM or assign roles at that level.