Introduction Azure PIM is an Azure service that enables you to implement the least privilege principles such as just in time, just in place and reduction of privilege on your AAD-managed identities. At large it's a very simple solution and fits in a niche market as it's less developed than a Privileged Access Management tool such as cyber ark or thycotic but at minimum, it will fulfil your requirements in your journey to zero trust architecture. How it works At large PIM is divided into four sections: Request, Approval, Configuring and Audit. Each section is pretty self-explanatory and when you select each one in the interface a unique page is presented. Below is the breakdown of each section in the order you will likely use them: Configuring Once you have enabled PIM within Azure Active Directory you will need to create assignments. You can create assignments for Azure AD roles, PIM Groups and Azure Resources. Assignments control who and how people have access to a role.