PIMActivation

2.2.0

PowerShell module for managing Microsoft Entra ID Privileged Identity Management (PIM) role activations through a modern GUI interface. Supports Entra ID roles, PIM-enabled groups, Azure Resource roles, scheduled activations, activation profiles, Azure reduced scope, authentication-context batching, bulk operations, persistent policy metadata caching, and policy compl

Minimum PowerShell version

7.0

Installation Options

Copy and Paste the following command to install this package using PowerShellGet More Info

Install-Module -Name PIMActivation

Copy and Paste the following command to install this package using Microsoft.PowerShell.PSResourceGet More Info

Install-PSResource -Name PIMActivation

You can deploy this package directly to Azure Automation. Note that deploying packages with dependencies will deploy all the dependencies to Azure Automation. Learn More

Manually download the .nupkg file to your system's default download location. Note that the file won't be unpacked, and won't include any dependencies. Learn More

Owners

SebastianMarkdanner

Copyright

Package Details

Author(s)

Sebastian Flæng Markdanner

Functions

Start-PIMActivation

PSEditions

Core

Dependencies

This module has no dependencies.

Release Notes

## PIMActivation v2.2.0 - Scheduling, Activation Profiles, Reduced Scope, and Policy Cache

## What's included

• Activation Profiles: save frequently used role selections as named local profiles under %LOCALAPPDATA%\PIMActivation\ActivationProfiles. A new Activation Profiles button in the header gives quick access to saved profiles. Any current role selection can be saved from the activation dialog, and profiles support one-click launch with pre-filled roles and duration. Profiles can be updated or deleted within the activation flow.
• Scheduled Activations: choose a future local date/time for regular and profile-based activation requests within the selected role eligibility window. The chosen time is honoured across Entra ID, Azure Resource, and authentication-context flows.
• Azure Reduced Scope: Azure Resource role activations can optionally target a narrower effective scope using a guided picker through subscription, resource group, and resource. The last-used scope path is remembered for repeat activations.
• Persistent Policy Cache: PIM policy metadata is cached under %LOCALAPPDATA%\PIMActivation\PolicyCache in tenant-scoped folders, reducing API calls at startup. Stale entries are revalidated in the background to keep policy data current.
• Azure Scope Display: Azure Resource scopes in the eligible and active role lists now show as Sub: <subscription>, RG: <resource group>, or Resource: <name> (and MG: <name> or Tenant Root for higher-level scopes) so the effective scope is readable without inspecting the raw ARM path.
• Administrative Unit Scope Column: Entra ID and Group role assignments scoped to an Administrative Unit now show Administrative Unit in the Scope column with the AU name in the Resource column, making the scope kind visible at a glance.
• Authentication Context Claim ID Display: authentication-context requirements show as their claim ID, for example Required (C2), removing the need for Conditional Access display-name lookups at startup and avoiding access-denied noise in restricted environments.
• Activation Progress Visibility: the activation splash shows a grouped batch overview shared across Entra ID (Graph) and Azure Resource (ARM) channels so a multi-role activation reads as a single logical operation rather than separate mini-batches.
• Adaptive Operation Splash: the operation splash auto-resizes on each status update to fit the current message. Long batch overviews and multi-line messages are no longer clipped.
• Approval-Required Activation Refresh: the eligible roles list refreshes after submission of an approval-required activation so the Pending Approval column reflects the newly submitted request without a manual refresh.
• Full Refresh Behavior: Full Refresh clears both in-memory role/policy data and the on-disk persistent policy cache before rebuilding, ensuring fresh policy requirements from source.
• Faster Startup and Dependency Loading: Microsoft Graph and Azure (Az.Accounts, Az.Resources) modules are now validated and loaded at module import time rather than during Start-PIMActivation. The GUI opens noticeably faster, Azure Resource role support is ready immediately without the previous mid-launch module-install pause, and import-time errors surface clearly before the activation workflow starts.
• Azure Resource Role and Policy Collection: Azure Resource role enumeration and ARM policy parsing now more accurately reflect active, eligible, direct, inherited, and provisioned assignment states, so the eligible and active lists better match what the Azure portal shows.

## Fixes

• Azure Resource Eligible Role Discovery: resolved a catch-22 where listing Azure Resource PIM eligibility could fail because eligibility enumeration appeared to require an existing Azure role. Eligible role discovery now uses the ARM asTarget() filter so users can enumerate their own Azure Resource PIM eligibility from a clean state without any pre-existing Azure role assignment.

## Notes

• Local files under %LOCALAPPDATA%\PIMActivation\ store metadata only. Tokens, refresh tokens, authentication-context tokens, activation request bodies, scheduled start times, justifications, ticket values, and secrets are not persisted.
• Multi-channel activations still use the appropriate channel per role (Graph, Azure Resource Manager, authentication-context step-up); the unified batch overview reflects the logical operation without merging the underlying HTTP calls.

FileList

Version History

Version	Downloads	Last updated
2.2.0 (current version)	0	5/17/2026
2.1.0	536	1/27/2026
2.0.0	153	1/5/2026
1.2.6	100	11/27/2025
1.2.5	294	8/14/2025
1.2.4	114	8/4/2025
1.2.3	14	8/4/2025
1.2.2	18	8/4/2025
1.2.1	12	8/4/2025
1.2.0	34	8/1/2025
1.1.1	10	7/30/2025
1.1.0	11	7/30/2025
1.0.1	10	7/29/2025
1.0.0	10	7/29/2025