-
Notifications
You must be signed in to change notification settings - Fork 10
Features
Sebastian F. Markdanner edited this page Dec 29, 2025
·
3 revisions
Comprehensive overview of all PIMActivation features and capabilities.
Activate multiple roles simultaneously with lightning-fast parallel processing and enhanced user experience.
How it works:
- Use the Select All button for quick bulk selection or select individual roles using checkboxes
- Enter a single justification for all selected roles
- Click "Activate Selected Roles"
- Module handles each activation with parallel processing and real-time progress tracking
Benefits:
- Lightning Performance: Parallel processing dramatically reduces activation time
- Real-Time Progress: Visual feedback with emoji indicators (✅, ❌) and timing metrics
- Select All Functionality: Quick bulk selection for efficient role management
- Consistent justification across related roles
- Thread-safe operations ensure reliable bulk activations
High-performance concurrent execution engine that transforms PIM operation speed.
Key capabilities:
- Concurrent Operations: Processes Azure subscriptions, Entra policies, and Group policies simultaneously
- Real-Time Progress Tracking: Enhanced verbose output with emoji indicators and completion timing
- Smart Throttling: Default 10 concurrent operations, configurable up to 50
- Thread-Safe Collections: ConcurrentBag and ConcurrentDictionary for safe parallel execution
-
Flexible Control: Optional
DisableParallelProcessingfor troubleshooting scenarios
Example usage:
# Default parallel processing (fastest performance)
Start-PIMActivation -IncludeAzureResources
# Custom throttle limit for large environments
Start-PIMActivation -IncludeAzureResources -ThrottleLimit 15
# Disable parallel processing for troubleshooting
Start-PIMActivation -DisableParallelProcessingSeamlessly handles Conditional Access policies requiring authentication contexts using Windows Web Account Manager (WAM).
Key capabilities:
- WAM Integration: Uses Windows Web Account Manager for reliable authentication
- Dual Context Management: Simultaneous Microsoft Graph and Azure PowerShell authentication
- Silent SSO: Leverages existing Graph authentication for Azure PowerShell connection
- Automatic detection of authentication context requirements
- Token caching to minimize re-authentication
- Immediate activation after context validation
- Support for multiple context levels (c1, c3, etc.)
- Enhanced security through direct MSAL.NET integration
Example scenario:
# Authentication context and dual SSO handled automatically
# User authenticated once, then seamless access to both Entra and Azure resources
Start-PIMActivation -IncludeAzureResourcesAutomatic detection and handling of all PIM policy requirements across all role types.
Supported policies:
- ✅ Multi-Factor Authentication (MFA)
- ✅ Justification requirements
- ✅ Ticket information
- ✅ Approval workflows
- ✅ Maximum duration limits
- ✅ Authentication context
- ✅ Cross-cloud policy enforcement (Entra and Azure)
- Select All Button - Quick bulk selection for efficient role management
- Real-time progress tracking - Visual feedback during parallel operations
- Performance metrics - Completion times and operation counts displayed
- Active role monitoring - Shows current active roles and expiration times
- Automatic refresh - Updates role lists when changes occur
- Pending request tracking - Shows roles awaiting approval
- Policy-aware duration - Respects maximum duration policies across all role types
- Custom duration - Set activation time from 30 minutes to 24 hours
- Duration persistence - Remembers your last selected duration
- Quick account switching - Change accounts without restarting
- Credential caching - Reduces authentication prompts
- Last account memory - Remembers previously used account
- Multi-cloud context - Maintains both Graph and Azure authentication
# Launch with all role types and optimal parallel performance
Start-PIMActivation -IncludeEntraRoles -IncludeGroups -IncludeAzureResources
# Entra roles only with parallel processing
Start-PIMActivation -IncludeEntraRoles
# Groups only
Start-PIMActivation -IncludeGroups
# Azure Resource roles only (cross-subscription)
Start-PIMActivation -IncludeAzureResources
# Custom app registration with parallel processing
Start-PIMActivation -ClientId "<appId>" -TenantId "<tenantId>" -IncludeAzureResources# Increase concurrency for large environments
Start-PIMActivation -IncludeAzureResources -ThrottleLimit 20
# Sequential processing for compatibility
Start-PIMActivation -DisableParallelProcessing
# Monitor parallel processing performance
$VerbosePreference = 'Continue'
Start-PIMActivation -IncludeAzureResources -Verbose# Enable detailed parallel processing feedback
$VerbosePreference = 'Continue'
Start-PIMActivation -Verbose
# Output includes:
# Starting parallel processing for X items
# ✅ Completed operation Y in Z seconds
# ❌ Failed operation with detailed error info
# Performance timing and metrics- Parallel-safe error handling with proper exception propagation
- Automatic retry for transient failures
- Detailed error messages for troubleshooting
- Partial success handling in bulk operations
- Thread-safe logging for concurrent operations
- All built-in administrator roles
- Custom directory roles
- Administrative units scoped roles
- Parallel policy processing for faster loading
- Security groups configured for PIM
- Automatic group member activation
- Group-based access management
- Concurrent group policy fetching
- Cross-subscription enumeration with parallel processing
- Subscription-level roles with intelligent scope parsing
- Resource group roles with enhanced display
- Individual resource roles with proper resource type detection
- Management group roles with hierarchy support
- Silent SSO authentication using existing Graph context
- PIM-eligible and active role support
-
Enhanced role display with
[Azure]prefix and portal-aligned columns
- Default concurrent execution for all operations
- Thread-safe collections (ConcurrentBag, ConcurrentDictionary)
- Real-time progress tracking with visual indicators
- Smart throttling with configurable limits
- Memory optimization with efficient resource usage
- 85% reduction in API calls through intelligent batching
- Memoized lookups for scope display names
- Intelligent deduplication across all role types
- Progressive loading with granular progress tracking
- WAM Integration: Windows Web Account Manager for secure token handling
- Dual authentication contexts: Microsoft Graph and Azure PowerShell
- Silent SSO: Seamless authentication between contexts
- Secure token storage in memory only
- Automatic token cleanup on exit
- Token expiration handling with automatic refresh
- Assembly loading from Az.Accounts module for MSAL.NET support
- Unified authentication across Entra ID and Azure Resource roles
- Context preservation during parallel operations
- Secure credential handling for multi-cloud scenarios
- Justification tracking for all activations across all role types
- Ticket number recording when required
- Activity logging for troubleshooting
- Parallel operation logging with thread-safe output
Version: 1.1.0
Last Updated: July 2025