{"id":13742597,"url":"https://github.com/kayasax/EasyPIM","last_synced_at":"2025-05-09T00:31:28.824Z","repository":{"id":216674353,"uuid":"739133195","full_name":"kayasax/EasyPIM","owner":"kayasax","description":"EasyPIM let you manage PIM Azure Resource, Entra Role and Groups settings and assignments with simplicity","archived":false,"fork":false,"pushed_at":"2025-04-08T10:14:12.000Z","size":497,"stargazers_count":124,"open_issues_count":0,"forks_count":8,"subscribers_count":8,"default_branch":"main","last_synced_at":"2025-04-08T11:25:11.857Z","etag":null,"topics":["entra-id","pim","powershell"],"latest_commit_sha":null,"homepage":"","language":"PowerShell","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/kayasax.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":".github/FUNDING.yml","license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null},"funding":{"github":null,"patreon":null,"open_collective":null,"ko_fi":null,"tidelift":null,"community_bridge":null,"liberapay":null,"issuehunt":null,"otechie":null,"custom":null}},"created_at":"2024-01-04T21:09:15.000Z","updated_at":"2025-04-06T19:00:03.000Z","dependencies_parsed_at":"2024-05-06T17:51:59.961Z","dependency_job_id":"96cd56bd-b9a6-4806-8016-4621f508f2a4","html_url":"https://github.com/kayasax/EasyPIM","commit_stats":null,"previous_names":["kayasax/easypim"],"tags_count":9,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/kayasax%2FEasyPIM","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/kayasax%2FEasyPIM/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/kayasax%2FEasyPIM/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/kayasax%2FEasyPIM/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/kayasax","download_url":"https://codeload.github.com/kayasax/EasyPIM/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":253170943,"owners_count":21865273,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["entra-id","pim","powershell"],"created_at":"2024-08-03T05:00:33.945Z","updated_at":"2025-05-09T00:31:28.800Z","avatar_url":"https://github.com/kayasax.png","language":"PowerShell","funding_links":[],"categories":["Tools"],"sub_categories":["CLI"],"readme":"## Introduction\n\nEasyPIM is a PowerShell module created to help you manage Microsof Entra Privileged Identity Management (PIM).  \nPacked with more than 30 cmdlets, EasyPIM leverages the ARM and Graph APIs complexity to let you configure PIM **Azure Resources**, **Entra Roles** and **groups** settings and assignments in a simple way .  \n🆕 V1.7 comes with 6 cmdlets to approve or deny Entra and Azure role approvals.\n\n\n[![PSGallery Version](https://img.shields.io/powershellgallery/v/easypim.svg?style=flat\u0026logo=powershell\u0026label=PSGallery%20Version)](https://www.powershellgallery.com/packages/easypim) [![PSGallery Downloads](https://img.shields.io/powershellgallery/dt/easypim.svg?style=flat\u0026logo=powershell\u0026label=PSGallery%20Downloads)](https://www.powershellgallery.com/packages/easypim)\n\n🗒️Change log: [https://github.com/kayasax/EasyPIM/wiki/Changelog](https://github.com/kayasax/EasyPIM/wiki/Changelog)\n\n## Key features\n:boom: Support editing multiple roles at once  \n:boom: Copy settings from one role to another   \n:boom: Copy eligible assignments from one user to another   \n:boom: Export role settings to csv  \n:boom: Import role settings from csv  \n:boom: Backup all roles  \n:boom: New in V1.6 get PIM activity reporting  \n:boom: New in V1.7 Approve/Deny pending requests  \n:fire: V1.8.1 Invoke-EasyPIMOrchestrator :fire: [more info](https://github.com/kayasax/EasyPIM/wiki/Invoke%E2%80%90EasyPIMOrchestrator)\n\nWith the export function you can now edit your PIM settings in Excel then import back your changes :wink:\n\n## Installation\nThis module is available on the PowerShell gallery: [https://www.powershellgallery.com/packages/EasyPIM](https://www.powershellgallery.com/packages/EasyPIM), install it with:\n```pwsh\nInstall-Module -Name EasyPIM \n``` \nUpdating from an older version:  \n```pwsh\nUpdate-Module -Name EasyPIM \n``` \n\n## Sample usage\n\n*Note: EasyPIM manage PIM Azure Resource settings **at the subscription level by default** : enter a tenant ID, a subscription ID, a role name \nthen the options you want to set, for example require justification on activation.  \nIf you want to manage the role at another level (Management Group, Resource Group or Resource) please use the `scope` parameter instead of the `subscriptionID`.*\n\n\n:large_blue_diamond: Get configuration of the Azure Resources roles reader and Webmaster\n ```pwsh\n Get-PIMAzureResourcePolicy -TenantID $tenantID -SubscriptionId $subscriptionID -rolename \"reader\",\"webmaster\"\n ```\n\n:large_blue_diamond: Require justification, ticketing and MFA when activating the Entra Role testrole  \n ```pwsh\n Set-PIMEntraRolePolicy -tenantID $tenantID -rolename \"testrole\"  -ActivationRequirement \"Justification\",\"Ticketing\",\"MultiFactorAuthentication\"\n ```\n\n:large_blue_diamond: Require approval and set approvers for Azure roles webmaster and contributor  \n```pwsh\nSet-PIMAzureResourcePolicy -TenantID $tenantID -SubscriptionId $subscriptionID -rolename \"webmaster\",\"contributor\" -Approvers  @(@{\"Id\"=\"00b34bb3-8a6b-45ce-a7bb-c7f7fb400507\";\"Name\"=\"John\";\"Type\"=\"user\"}) -ApprovalRequired $true\n```\n\n:large_blue_diamond: Set maximum activation duration to 4h for the member role of a group   \n```pwsh\nSet-PIMGroupPolicy -tenantID $tenantID -groupID \"ba6af9bf-6b28-4799-976e-ff71aed3a1bd\" -type member -ActivationDuration \"PT4H\"\n```\n\n:large_blue_diamond: Get a reporting of the PIM activities based on Entra ID Audit logs   \n```pwsh\n$r=Show-PIMReport -tenantID $tenantID\n```\n\n:large_blue_diamond: List all eligible assignments for Azure roles\n```pwsh\n Get-PIMAzureResourceEligibleAssignment -tenantID $tenantID -subscriptionID $subscriptionId\n```\n\n:large_blue_diamond: Create an active assignment for a principal and the Entra role testrole\n```pwsh\nNew-PIMEntraRoleActiveAssignment -tenantID $tenantID -rolename \"testrole\" -principalID $groupID\n```\n\n\n\n\nMore samples available in the [documentation](https://github.com/kayasax/EasyPIM/wiki/Documentation)\n\n## Requirement\n* Az.Accounts module\n* Permission:\nThe PIM API for Azure resource roles is developed on top of the Azure Resource Manager framework. You will need to give consent to Azure Resource Management but won’t need any Microsoft Graph API permission. You will also need to make sure the user or the service principal calling the API has at least the Owner or User Access Administrator role on the resource you are trying to administer.\n* an administrator must grant consent these permissions to the Microsoft Graph PowerShell application:  \n\"RoleManagementPolicy.ReadWrite.Directory\",\n                \"RoleManagement.ReadWrite.Directory\",\n                \"RoleManagementPolicy.ReadWrite.AzureADGroup\",\n                \"PrivilegedEligibilitySchedule.ReadWrite.AzureADGroup\",\n                \"PrivilegedAssignmentSchedule.ReadWrite.AzureADGroup\",\n                \"PrivilegedAccess.ReadWrite.AzureADGroup\"\n\n## Documentation\n[documentation](https://github.com/kayasax/EasyPIM/wiki/Documentation)\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fkayasax%2FEasyPIM","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fkayasax%2FEasyPIM","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fkayasax%2FEasyPIM/lists"}