Microsoft has released a new features for Azure AD Privileged Identity Management (Azure AD PIM).

This feature is currently in preview.

You can now define an approval workflow before any role privileges are granted.

To do so you need to edit the role you want to enable the approval workflow; to do so

  • Access the Azure portal (https://portal.azure.com) and go to Azure Privileged Identity Management blade to open the Azure AD Directory Role

image 

  • Next, go the Settings section and select Privileged Roles

image 

  • Select the role you want to enable for workflow and enable Require Approval and select the approver(s); you can select individuals or groups as approver

image 

Once the approval workflow has been enabled for a role, approver will automatically receive a notification email to manage the request

You can view all your requests and their status from the Azure AD PIM portal

image 

End-users which have been set as eligible for a role can then request to activate the role from the Azure Portal and fill the justification to get the role activated

imageimageimage 

The approver(s) automatically receive a notification and can then approve/deny the request

imageimage