Privileged Identity Management – Custom Roles

Privileged Identity Management – Custom Roles

As I have mentioned earlier, I believe and hope that Microsoft will be implementing more and more self service features in Azure.

This is because I believe that automation and self service are key components in a secure infrastructure, simply because manuel processes often are bypassed or not followed correctly. Either because the process is poorly described or implemented or because it´s easier to not.

Automated processes does the job as good as they are programmed to, everytime!

From that perspective Microsofts release of custom roles in Azure AD Privileged Identity Management is a great new feature.

As always, it is not quite there yet, but I hope that they will evolve this feature to meet my expectations. Winking smile

As you will know if you read earlier posts, Privileged Identity Management is a feature that allows for dynamically adding privileges to varoius types of administrative roles.

But with the new release it is possible to create custom roles in Azure AD, that can be controlled in Privileged Identity Management.

There are 3 steps to this, creating the role in Azure AD, adjusting settings for the custom role in PIM and assigning members.

Creating the role in Azure AD:

Creating a custom role is a fairly simple procedure.

Locate Roles and administrators under Azure Active Directory and choose New custom role at the top.


Name the role.


Add the permissions.


And create the custom role.


As I wrote it is fairly simple. It will after a sync be available in PIM, from my tests, this takes a little time, so be patient.

Adjusting the settings:

First locate Custom roles in PIM under Manage.


Under manage select Settings and select the role you wish to configure


Click Edit in the top and set the settings as desired


Assigning members:

Under manage roles your custom role should now be listed. Select the custom role and click Add member


This will bring up the following where you can select the directory, custom role, members and settings


After setting the settings wanted, I can now see the new custom role under my roles.


Selecting Activate, I will get the normal PIM Activation window.



As mentioned I am a big fan of automation when it comes to security management and this feature is straight up my ally.

Note that it is a preview so test it out, but I wouldn´t recommend building any new business processes on it yet.

As always, if you would like a live demo or have any questions, feel free to reach out to us at Mindcore.

Table of Contents

Share this post
Search blog posts
Modern Workplace consultant and a Microsoft MVP in Enterprise Mobility.
Modern Workplace consultant and a Microsoft MVP in Windows and Devices for IT.

Infrastructure architect with focus on Modern Workplace and Microsoft 365 security.

Cloud & security specialist with focus on Microsoft backend products and cloud technologies.

Cloud & security specialist with focus on Microsoft 365.

Cloud & Security Specialist, with a passion for all things Cybersecurity

Cloud and infrastructure security specialist with background in networking.

Infrastructure architect with focus on design, implementation, migration and consolidation.

Infrastructure consultant with focus on cloud solutions in Office365 and Azure.

follow us in feedly

Follow on SoMe