Azure Active Directory Privileged Identity Management (Azure AD PIM) integration with Azure Lighthouse, brings us another step towards Zero Trust and least privilege access.
Azure Lighthouse is a simple but useful tool that allows a client company to control access to its network/resources with respect to the service providers that it has appointed to manage those network/resources. Within Azure Lighthouse, the service provider creates an offer requiring the client to elevate the service provider’s access to a privileged role before work can be done on the client’s network.
It is simple to create an Azure AD PIM-enabled Azure Lighthouse offer. Once the client accepts, you can activate an Azure role through an easy-to-use portal experience – which only allows eligible roles to be activated.
Additionally, these capabilities are free to the client, as they are covered by the service provider’s tenant – win-win all round.
Find out More
This blog, Privileged Identity Management with Azure Lighthouse enables Zero Trust gives a useful example of how this can be applied and you can find out more about Azure Lighthouse and Azure AD PIM here Privileged identity management (PIM) – Microsoft Security.