Entra-PIM
2.3.2
Minimum PowerShell version
7.0
Installation Options
Owners
Copyright
(c) 2025. All rights reserved.
Package Details
Author(s)
- markorr321
Tags
Entra PIM Azure Identity Governance MicrosoftGraph Privileged RoleManagement AzureResources Groups CrossPlatform macOS
Functions
Start-EntraPIM Configure-EntraPIM Clear-EntraPIMConfig Get-EntraPIMHelp
Dependencies
This module has no dependencies.
Release Notes
## 2.3.2
- Script signature for enhanced security
- Updated demo video
- General maintenance and stability improvements
## 2.3.1
- Added Groups PIM support - activate/deactivate Entra group memberships (member and owner roles)
- Policy duration display shows max allowed time for each group in selection menu
- Activation preview when requested duration exceeds policy limits
- Smart duration capping - each group activates for its individual policy maximum if exceeded
- Fixed Ctrl+A select all in Azure role menus
- Added branded HTML authentication success/error pages
- Updated help documentation (Get-EntraPIMHelp) with Groups PIM permissions
- Updated README with Groups PIM features and permissions
## 2.3.0
- Added back navigation to all menus - select "← Back" to return to the previous screen
- Live countdown timers on deactivation role selection (expiration updates every second)
- Back from Azure action menu returns to subscription selection (not workflow selector)
- Step-back through activation form: ESC goes reason → duration → role selection
- Back button on 5-minute deactivation countdown screen (any key to go back)
## 2.2.9
- Added step-up authentication support for Azure PIM roles
- Handles Conditional Access claims challenges (C1/C4) automatically when activating Azure roles
- Seamless re-authentication and retry on claims challenge, matching Entra PIM behavior
## 2.2.8
- Fixed Azure PIM group-based role activation (uses user OID from JWT token)
- Consistent activation/deactivation UI messages between Entra and Azure workflows
- Simplified exit handling (disconnect only, no terminal close attempts)
## 2.2.4
- Development version for testing update notifications
## 2.2.3
- Fixed update notification version detection - now properly extracts version from PowerShell Gallery redirect headers
- Update notifications now work correctly for all users
## 2.2.2
- Test release for update notification functionality
## 2.2.1
- Interactive update prompt - users can now update immediately when prompted (Y/N/Enter)
- Auto-update on confirmation with automatic module reload
- Improved user experience with "Press Enter to Exit" prompts (no colon)
## 2.2.0
- Added automatic update notifications - checks PowerShell Gallery once per 24 hours
- Inline red notification when newer version is available
- Cached version checks to minimize network calls
- 5-second timeout for non-blocking updates
- Can be disabled via ENTRAPIM_DISABLE_UPDATE_CHECK environment variable
## 2.1.0
- Added Configure-EntraPIM command for persistent configuration via environment variables
- Added Clear-EntraPIMConfig command to remove saved configuration
- Added Get-EntraPIMHelp command for comprehensive command reference
- Added visual confirmation of which app registration is being used during authentication
- Fixed Windows terminal exit behavior for Ctrl+Q in Entra workflow
- Fixed MSAL assembly conflict when multiple Microsoft modules are loaded
- macOS: Automatic PowerShell profile integration for persistent configuration
## 2.0.9
- Bug fix: Module wrapper now properly exposes ClientId and TenantId parameters
## 2.0.8
- Added ClientId and TenantId parameters for custom app registration support
- Switched to least-privilege Graph permissions for better security
- Fixed macOS terminal exit to avoid session save messages
## 2.0.7
- Additional macOS compatibility improvements
## 2.0.6
- Fixed macOS auto-exit issue - clear input buffer after setting TreatControlCAsInput
## 2.0.5
- Fixed Ctrl+C not working on macOS - now properly captures as keyboard input
- Added TreatControlCAsInput for macOS/Linux platforms
- Ctrl+C now works as quit shortcut alongside Ctrl+Q on all platforms
## 2.0.4
- Fixed exit behavior - no longer kills parent apps like VS Code or Windows Terminal
- Only terminates parent PowerShell processes when running nested
## 2.0.3
- Performance optimization: REST API calls with $select for faster role loading
- Fixed deactivation workflow - includes all required fields (PrincipalId, DirectoryScopeId)
- Fixed terminal exit behavior - properly closes terminal on exit
- Simplified input prompts with inline cursor positioning
- Azure PIM: Better subscription discovery via PIM eligible roles API
## 2.0.2
- Handle Ctrl+C gracefully with proper disconnect from Graph/Azure
## 2.0.1
- Fix activation status detection for roles with pending requests
## 2.0.0
- **MAJOR**: Added Azure Resource role support alongside Entra ID roles
- Workflow selector to choose between Entra ID and Azure Resource PIM
- Cross-platform support for Windows and macOS
- Browser-based authentication with ForceLogin prompt
- Dynamic keyboard shortcuts based on platform
- Silent prerequisite checking (only shows output when modules need installing)
## 1.6.0
- Added step-up authentication support for PIM role activations
- Handles MFA/claims challenges automatically when activating privileged roles
## 1.5.0
- Added auto-installation of required modules (Az.Accounts, Microsoft.Graph)
- Script now automatically installs missing dependencies on first run
## 1.4.0
- Switched to WAM (Windows Account Manager) authentication for native SSO
- Removed app registration dependency - uses Microsoft public client ID
- Renamed script to Entra-PIM.ps1
- Code cleanup and optimizations
## 1.3.2
- Bug fixes
## 1.3.1
- Fixed project URLs in manifest
## 1.3.0
- Removed Microsoft.Graph.Users dependency
- Fixed module loading issues
- Improved error handling for module imports
## 1.2.0
- Performance optimizations
- Bug fixes
## 1.0.0
- Initial release
- Browser-based authentication with PKCE
- Role activation and deactivation workflows
- Interactive TUI for role selection
- Caching for optimized API calls
FileList
- Entra-PIM.nuspec
- Entra-PIM (Updated Demo).mp4
- Entra-PIM.ps1
- LICENSE
- Publish-Module.ps1
- .git\config
- .git\index
- docs\CNAME
- docs\robots.txt
- docs\step2-action.png
- .git\hooks\applypatch-msg.sample
- .git\hooks\post-update.sample
- .git\hooks\pre-merge-commit.sample
- .git\hooks\pre-receive.sample
- .git\hooks\sendemail-validate.sample
- .git\logs\HEAD
- .git\objects\34\3747510f44b1873fb361ffd1ca41a08dd93d02
- .git\objects\51\588f597b48d3cf2f067a54efe8ea90a93df2a3
- .git\objects\69\5724302a96ead279fd8d3ea09feea6698d5ca9
- .git\objects\95\fae8313984e84120dc9fbbb9480d137658874e
- .git\objects\98\7a202962b3d37ffb94bddfa07a6ea467a12cef
- .git\objects\a6\acf98aecad5cd5872ae0eeb1f16a605776395f
- .git\objects\b8\59911490dcbbb44a9582f37145b6a77c4e1eea
- .git\objects\c7\04176e47900fa22bc26300f46939527b63c839
- .git\objects\d2\6bc8297cd831096182f2330824daadc2101b75
- .git\objects\ff\d5bcd1d4493a9db578ce76e846df42195acbc5
- .git\objects\pack\pack-7e1abaec38b85ecbf88ad722d1302c75a03d9f2e.pack
- .git\refs\heads\main
- .git\refs\remotes\origin\HEAD
- .git\logs\refs\remotes\origin\HEAD
- Entra-PIM.gif
- Entra-PIM.psd1
- msalruntime.dll
- README.md
- .git\description
- .git\packed-refs
- docs\Entra-PIM.gif
- docs\sitemap.xml
- docs\step3-roles.png
- .git\hooks\commit-msg.sample
- .git\hooks\pre-applypatch.sample
- .git\hooks\pre-push.sample
- .git\hooks\prepare-commit-msg.sample
- .git\hooks\update.sample
- .git\objects\0f\5f80246ae51dc0145785e6b896517e2a73d7e1
- .git\objects\42\37b007ee06af94beeb18a61aa572e35b08cf28
- .git\objects\53\4bb38f0293034c822adbb2edee905c9a959940
- .git\objects\87\5065a8de34cff9ef11a340e757d33ec330260c
- .git\objects\97\6638f1ea27380e55d59d6cfffc99673eab32b1
- .git\objects\a4\71e3a530966bda8a25e74f49068a174b40825e
- .git\objects\b1\9a75feb499fe91fe382bf5ddc2a0e92c155da9
- .git\objects\b9\499b2a1636d781e222ded491a3cedd14fbdb9b
- .git\objects\c9\c4f7cd159fd55a8c132978759c2ed903b701a0
- .git\objects\fe\226ebb6bb4962af996efdba494b8e7a577d346
- .git\objects\pack\pack-7e1abaec38b85ecbf88ad722d1302c75a03d9f2e.idx
- .git\objects\pack\pack-7e1abaec38b85ecbf88ad722d1302c75a03d9f2e.rev
- .git\logs\refs\heads\main
- .git\refs\remotes\origin\main
- .git\logs\refs\remotes\origin\main
- Entra-PIM.psm1
- publish-gallery.ps1
- .git\COMMIT_EDITMSG
- .git\HEAD
- dev-feature\Entra-PIM.ps1
- docs\index.html
- docs\step1-workflow.png
- docs\step4-activation.png
- .git\hooks\fsmonitor-watchman.sample
- .git\hooks\pre-commit.sample
- .git\hooks\pre-rebase.sample
- .git\hooks\push-to-checkout.sample
- .git\info\exclude
- .git\objects\1e\43ad964f9e303bd04b3ca61a06418d31f52fbf
Version History
| Version | Downloads | Last updated |
|---|---|---|
| 2.3.2 (current version) | 21 | 3/1/2026 |
| 2.3.1 | 29 | 2/23/2026 |
| 2.3.0 | 21 | 2/15/2026 |
| 2.2.9 | 10 | 2/12/2026 |
| 2.2.8 | 8 | 2/11/2026 |
| 2.2.7 | 6 | 2/11/2026 |
| 2.2.6 | 9 | 2/10/2026 |
| 2.2.5 | 15 | 2/6/2026 |
| 2.2.4 | 24 | 1/31/2026 |
| 2.2.3 | 5 | 1/31/2026 |
| 2.2.2 | 4 | 1/31/2026 |
| 2.2.1 | 3 | 1/31/2026 |
| 2.2.0 | 6 | 1/31/2026 |
| 2.1.0 | 12 | 1/28/2026 |
| 2.0.9 | 9 | 1/27/2026 |
| 2.0.8 | 9 | 1/21/2026 |
| 2.0.7 | 10 | 1/14/2026 |
| 2.0.6 | 10 | 1/14/2026 |
| 2.0.5 | 6 | 1/14/2026 |
| 2.0.4 | 7 | 1/13/2026 |
| 2.0.3 | 5 | 1/13/2026 |
| 2.0.2 | 8 | 1/13/2026 |
| 2.0.1 | 5 | 1/13/2026 |
| 2.0.0 | 6 | 1/13/2026 |
| 1.7.0 | 8 | 1/12/2026 |
| 1.6.2 | 21 | 12/30/2025 |
| 1.6.1 | 4 | 12/30/2025 |
| 1.6.0 | 7 | 12/29/2025 |
| 1.5.0 | 7 | 12/29/2025 |
| 1.4.0 | 6 | 12/29/2025 |
| 1.3.2 | 5 | 12/29/2025 |
| 1.3.1 | 8 | 12/27/2025 |
| 1.3.0 | 5 | 12/27/2025 |
| 1.2.0 | 8 | 12/27/2025 |
| 1.1.0 | 5 | 12/27/2025 |
| 1.0.0 | 5 | 12/27/2025 |