Azure AD Privileged Identity Management (PIM) allows just-in-time access to privileged roles in Azure AD and Azure resources. It requires approval and multi-factor authentication to activate time-bound privileged roles. PIM also enables access reviews, notifications, and audit history to provide oversight of privileged access. PIM requires an Azure AD Premium P2, EMS E5, or Microsoft 365 M5 license and designates the first user who enables it as the initial Privileged Role Administrator.