Azure – Azure AD Privileged Identity Management approval workflow now in preview

Microsoft has released a new features for Azure AD Privileged Identity Management (Azure AD PIM).

This feature is currently in preview.

You can now define an approval workflow before any role privileges are granted.

To do so you need to edit the role you want to enable the approval workflow; to do so

  • Access the Azure portal ( and go to Azure Privileged Identity Management blade to open the Azure AD Directory Role


  • Next, go the Settings section and select Privileged Roles


  • Select the role you want to enable for workflow and enable Require Approval and select the approver(s); you can select individuals or groups as approver


Once the approval workflow has been enabled for a role, approver will automatically receive a notification email to manage the request

You can view all your requests and their status from the Azure AD PIM portal


End-users which have been set as eligible for a role can then request to activate the role from the Azure Portal and fill the justification to get the role activated


The approver(s) automatically receive a notification and can then approve/deny the request


Leave a Comment

Your email address will not be published. Required fields are marked *