https://github.com/expecho/privileged-identity-management

This repository contains a set of Polyglot Notebooks which can be used to bulk edit Microsoft Entra ID Privileged Identity Management role settings.
https://github.com/expecho/privileged-identity-management

automation azure entra-id identity-management microsoft-entra-id microsoft-entra-roles-and-permissions pim privileged-access-management privileged-identity-management

Last synced: 3 months ago
JSON representation

This repository contains a set of Polyglot Notebooks which can be used to bulk edit Microsoft Entra ID Privileged Identity Management role settings.

• Host: GitHub
• URL: https://github.com/expecho/privileged-identity-management
• Owner: Expecho
• License: mit
• Created: 2024-03-08T07:52:23.000Z (over 1 year ago)
• Default Branch: main
• Last Pushed: 2024-06-28T13:29:41.000Z (over 1 year ago)
• Last Synced: 2025-01-17T04:21:24.342Z (9 months ago)
• Topics: automation, azure, entra-id, identity-management, microsoft-entra-id, microsoft-entra-roles-and-permissions, pim, privileged-access-management, privileged-identity-management
• Language: Jupyter Notebook
• Homepage:
• Size: 18.6 KB
• Stars: 0
• Watchers: 1
• Forks: 0
• Open Issues: 0
• Metadata Files:
  • Readme: README.MD
  • License: LICENSE

Awesome Lists containing this project

README

          
# Overview of Privileged Identity Management

[Privileged Identity Management](https://learn.microsoft.com/en-us/entra/id-governance/privileged-identity-management/pim-configure) provides time-based and approval-based role activation to mitigate the risks of excessive, unnecessary, or misused access permissions on resources that you care about. Here are some of the key features of Privileged Identity Management:

- Provide just-in-time privileged access to Microsoft Entra ID and Azure resources

- Assign time-bound access to resources using start and end dates

- Require approval to activate privileged roles

- Enforce multifactor authentication to activate any role

- Use justification to understand why users activate

- Get notifications when privileged roles are activated

# Contents of this repository

This repository contains a set of [Polyglot Notebooks](https://github.com/dotnet/interactive#readme) which can be used to bulk edit the PIM role settings using automation. Managing PIM settings for a large number resources is a time consuming task when done using the Azure Portal as it lacks bulk editing features. Each notebook in this repository is designed to bulk edit PIM settings for a specific resource type. The notebooks are written in C# and can be run in on your local machine using [Visual Studio Code](https://code.visualstudio.com/) and the [Polyglot Notebook extension](https://marketplace.visualstudio.com/items?itemName=ms-dotnettools.dotnet-interactive-vscode).

All notebooks can also handle assigning eligible roles to groups or individual users in bulk mode.

There is also a [Kusto](https://learn.microsoft.com/en-us/azure/data-explorer/kusto/query/) query then can be used to generate an overview of PIM requests and approvals for auditing purposes.