Securing Privileged Access with JIT,JEA,PAM,PIM Oh the confusion

From time to time (Every other day) , I get asked why and what does it mean for me , Well below is a high level of the what , how , why. Start with the videos on the topic and then move to the reference links. 

Cyber Security Reference Architecture : or

Privileged Access Why :

How can the Privileged Access be managed


  • Add Protection to privileged Accounts
  • Re-establish Control over Active Directory
  • Insight into how admin accounts are used

Security Advantages

  • Pass-the-Hash
  • Pass-the-Ticket
  • Spear phishing

How does this work

  • Shadow Security principals
  • Time-limited group membership
  • PAM cross-forest trust
  • PAM workflow (MIM)

What about Azure? Microsoft has you covered we call it PIM

Azure AD Privileged Identity Management helps your organization

Videos on PIM :

What it can do for you in Azure

  • See which users are assigned privileged roles to manage Azure resources (Preview), as well as which users are assigned administrative roles in Azure AD
  • Enable on-demand, “just in time” administrative access to Microsoft Online Services like Office 365 and Intune, and to Azure resources (Preview) of subscriptions, resource groups, and individual resources such as Virtual Machines
  • See a history of administrator activation, including what changes administrators made to Azure resources (Preview)
  • Get alerts about changes in administrator assignments
  • Require approval to activate Azure AD privileged admin roles (Preview)
  • Review membership of administrative roles and require users to provide a justification for continued membership


David @TheMIMGuy

David Steadman has written 40 articles

Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>