EasyPIM let you manage PIM Azure Resource, Entra Role and Groups settings and assignements with ease
Powershell module to manage PIM Azure Resources, Entra Roles and groups settings and assignments with simplicity in mind.
Easily manage PIM Azure Resource settings at the subscription level by default : enter a tenant ID, a subscription ID, a role name
then the options you want to set, for example require justification on activation.
If you want to manage the role at another level (Management Group, Resource Group or Resource) please use the scope
parameter instead of the subscriptionID
.
:boom: Support editing multiple roles at once
:boom: Copy settings from another role
:boom: Export role settings to csv
:boom: Import role settings from csv
:boom: Backup all roles
With the export function you can now edit your PIM settings in Excel then import back your changes :wink:
You can now audit, create or remove PIM Azure Resource assignments whether they are active or eligible
EasyPIM now lets you manage PIM Entra Roles!
You can now audit, create or remove PIM Entra Role assignments whether they are active or eligible
This module is available in the PowerShell gallery: https://www.powershellgallery.com/packages/EasyPIM/, install it with:
Install-Module -Name EasyPIM
Updating from an older version:
Update-Module -Name EasyPIM
:large_blue_diamond: Get configuration of the role "Webmaster"
Get-PIMAzureResourcePolicy -TenantID <tenantID> -SubscriptionId <subscriptionID> -rolename "webmaster"
:large_blue_diamond: Require justification, ticketing and MFA when activating the role "Webmaster"
Set-PIMAzureResourcePolicy -TenantID <tenantID> -SubscriptionId <subscriptionID> -rolename "webmaster" -ActivationRequirement "Justification","Ticketing","MultiFactorAuthentication"
:large_blue_diamond: Require approval and set approvers for roles webmaster and contributor
Set-PIMAzureResourcePolicy -TenantID <tenantID> -SubscriptionId <subscriptionID> -rolename "webmaster","contributor" -Approvers @(@{"Id"="00b34bb3-8a6b-45ce-a7bb-c7f7fb400507";"Name"="John";"Type"="user"}) -ApprovalRequired $true
:large_blue_diamond: Set maximum activation duration to 12h
Set-PIMAzureResourcePolicy -TenantID <tenantID> -SubscriptionId <subscriptionID> -rolename "webmaster" -ActivationDuration "PT12H"
More samples in the documentation