The document outlines the process for activating administrator roles in Azure, which includes mandatory multi-factor authentication (MFA) and approval from a designated individual. It describes how access reviews are used to manage and evaluate user access to privileged roles to prevent misuse. Notifications are sent out for various actions related to role activation and management within Azure Active Directory's Privileged Identity Management.

1. User signs into Azure and goes to Eligible Roles.
When they attempting to activate an Administrator
Role, you will be required to Authenticate using MFA,
and the request is sent for approval by a designated
Person:
(Manager, PIM Administrator, Global Admin, etc)
Roles Provide Access to Specific Resources
and Applications
Request-Reply
Access Reviews are used to review and manage a user's
access to Privileged Roles.
After completing the review, the reviewer can continue to grant
access or revoke access to the Privileged Role.
This insures that Privileged Roles arent being abused or
unnecessarily assigned.
Approve or
Deny?
Privileged Identity Management sends emails when the
following events occur for Azure AD roles:
- When a privileged role activation is pending approval
- When a privileged role activation request is completed
- When Azure AD Privileged Identity Management is enabled
Privilege Identity Administrator
Billing Administrator
D365 Administrator
Teams Communications Admin
Security Administrator
Usage Report Reader
Azure
Azure Resource
Group
VM
Azure AD Privileged
Identity Management
Manager
Access Review
Azure DevOps
Azure SQL
database
Privileged Identity Management(PIM)
Just in Time Access
Role Granted
Multi-Factor
Authentication
Request
Approved