question

knopper avatar image
0 Votes"
knopper asked ·

Deactivate PIM for Azure AD

I have previously activated Azure AD PIM for several admin roles. Now my Premium P2 licenses have expired and I can no longer use PIM, however the roles have not reverted back from Eligible to Permanent. The effect of this is that I can no longer access the Admin portal or perform any administrative tasks using my account. Of course, I have a Permanent role assignment to a cloud-only admin with which I am a Global Admin. However, I want to deactivate PIM entirely as it is useless without P2 licenses. I expected it to happen automatically when the licenses expire, but it did not. What can I do in this case?

azure-ad-privileged-identity-management
10 |1000 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

1 Answer

knopper avatar image
0 Votes"
knopper answered ·

OK, found it - the users are not automatically reassigned their permanent roles after PIM is deactivated - needed to re-add them to the relevant administrative groups for them to regain access.

· Share
10 |1000 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.