PIMTools is a PowerShell module with commands for working with Azure AD Privileged Identity Management.
See this blog-post for more information.
- Start Windows PowerShell
Press the Start button and search for "PowerShell". You will likely get two hits: "Windows PowerShell" and "Windows PowerShell ISE". For more modern console and editor features you may also want to check out Windows Terminal and Visual Studio Code.
- Allow PowerShell scripts to be executed
PowerShell has a feature called "execution policy" which by default is set to "Restricted", meaning that no scripts is allowed to run. In the context of this article, I will recommend to set the execution policy to "RemoteSigned". This means that you can run scripts locally without having to sign it with a digital signature.
# Check current settings
Get-ExecutionPolicy
# If the execution policy is set to Restricted, run the following command to configure the execution policy to RemoteSigned
Set-ExecutionPolicy RemoteSigned
# Make sure you start PowerShell with "Run As Administrator" before running the command. Alternatively, run the following if you do not have Administrator privileges:
Set-ExecutionPolicy RemoteSigned -Scope CurrentUser- Install the PIMTools module
The module is available from the PowerShell Gallery, meaning we can install it by simply running the following:
Install-Module -Name PIMToolsIf this is the first time you run this command, you will be prompted to install NuGet which is being used under the hood to interact with the PowerShell Gallery. Answer Yes when prompted to install this prerequisite. Next, you will be warned that the PowerShell Gallery by default is configured as an untrusted source. Answer Yes to acknowledge this and install the module.
Now the module is installed and is ready to be used.
After you have installed the module, you can later on run the following to get any new version which may contain bug fixes and new functionality:
Update-Module -Name PIMTools- Example usage
# Elevate an eligble Azure AD role
New-AzureADPIMRequest -RoleName 'Global Administrator'
# Elevate an eligble Azure role
New-AzurePIMRequest -RoleName Owner -ResourceName IT -ResourceType ManagementGroup
New-AzurePIMRequest -RoleName Contributor -ResourceName MySubscription -ResourceType SubscriptionThis project has adopted this code of conduct.
This is the branch containing the latest release - no contributions should be made directly to this branch.
This is the development branch to which contributions should be proposed by contributors as pull requests. This development branch will periodically be merged to the master branch, and be released to PowerShell Gallery.
If you would like to contribute to this repository, please read the contributing guidelines.