Control Architecture

Entra ID Roles For Insider Threat Investigators

This article aims to educate insider threat investigation teams on Entra ID Privileged Identity Management (PIM), just-in-time privileged access, and Entra ID roles that enable access to key resources or actions required for common insider threat/event investigations.The information in this article is subject to change by Microsoft at any time. Efforts will be made to maintain the accuracy.Just-in-time (JIT) privileged access is a Privileged Identity Management (PIM) concept that minimizes the risk of unauthorized access and reduces the attack surface by granting elevated access only when needed and for the duration required. PIM is highly relevant for insider threat programs,...