PIMActivation

2.1.0

PowerShell module for managing Microsoft Entra ID Privileged Identity Management (PIM) role activations through a modern GUI interface. Supports Entra ID roles, PIM-enabled groups, and Azure Resource roles. Features authentication context, bulk operations, and policy compliance. Developed with AI assistance. Requires PowerShell 7+.

Minimum PowerShell version

7.0

Installation Options

Copy and Paste the following command to install this package using PowerShellGet More Info

Install-Module -Name PIMActivation

Copy and Paste the following command to install this package using Microsoft.PowerShell.PSResourceGet More Info

Install-PSResource -Name PIMActivation

You can deploy this package directly to Azure Automation. Note that deploying packages with dependencies will deploy all the dependencies to Azure Automation. Learn More

Manually download the .nupkg file to your system's default download location. Note that the file won't be unpacked, and won't include any dependencies. Learn More

Owners

Copyright

(c) 2025 Sebastian Flæng Markdanner. All rights reserved.

Package Details

Author(s)

  • Sebastian Flæng Markdanner

Tags

PIM PrivilegedIdentityManagement EntraID AzureAD Azure AzureResources Identity Governance RBAC GUI Authentication ConditionalAccess Security Microsoft Graph

Functions

Start-PIMActivation

PSEditions

Core

Dependencies

This module has no dependencies.

Release Notes

## PIMActivation v2.1.0 - Patch & Enhancements

### ✅ Enhancements
- Management group display names: management-group scopes are now shown with their friendly display name (or `/` for tenant root) instead of raw MG IDs.
- Inherited eligible role suppression: subscription-scoped inherited eligible roles are suppressed when the same role is available at the management-group level to avoid duplicate activation entries.
- Temporary activation detection: initial tenant-root and management-group active assignments are enriched with PIM activation schedule Start/End windows so temporarily activated roles show expiry rather than appearing permanently active.
- Role definition normalization: role definition identifiers are normalized (GUID) during deduplication to eliminate duplicates caused by full-path vs GUID variants.
- Import-time PSGallery notification: on import the module performs a best-effort check against the PowerShell Gallery and warns when a newer release is available. The notification follows Microsoft module style and provides Update-Module / Install-Module examples. This check can be suppressed via `$script:SuppressUpdateNotification`.

### 🛠️ Fixes (Community Contribution)
- Activation/Deactivation Scope and Safety: Added explicit `Scope` support when activating and deactivating Azure PIM roles and improved error handling to prevent attempting to deactivate a role that was activated less than the required 5-minute window. (Thanks to Lukas Gosling (@l-gosling) for this contribution.)

### ⚡ Notes
- These changes are additive and preserve existing public APIs. They improve display fidelity and de-duplication for Azure resource roles and make temporary activations visible as such in the UI.

PowerShell module for comprehensive PIM role management across Entra ID, Groups, and Azure Resources with parallel processing engine and modern GUI.

FileList

Version History

Version Downloads Last updated
2.1.0 (current version) 57 1/27/2026
2.0.0 151 1/5/2026
1.2.6 96 11/27/2025
1.2.5 288 8/14/2025
1.2.4 113 8/4/2025
1.2.3 13 8/4/2025
1.2.2 17 8/4/2025
1.2.1 11 8/4/2025
1.2.0 29 8/1/2025
1.1.1 8 7/30/2025
1.1.0 10 7/30/2025
1.0.1 9 7/29/2025
1.0.0 9 7/29/2025
Show more