Entra-PIM
1.7.0
Simplify Microsoft Entra PIM role management with an interactive console experience. Features browser-based authentication with passkey/FIDO2 support, automatic step-up MFA handling, one-command activation/deactivation of eligible roles, and auto-installation of dependencies. Just run Start-EntraPIM - no app registration or complex configuration required.
Minimum PowerShell version
7.0
Installation Options
Owners
Copyright
(c) 2025. All rights reserved.
Package Details
Author(s)
- markorr321
Tags
Entra PIM Azure Identity Governance MicrosoftGraph Privileged RoleManagement
Functions
Dependencies
This module has no dependencies.
Release Notes
## 1.7.0
- Switched from WAM to browser-based authentication
- WAM was caching Windows PRT credentials and bypassing Conditional Access step-up requirements
- Browser auth with MSAL ensures fresh authentication and proper passkey/FIDO2 enforcement
- Step-up authentication now correctly prompts for hardware keys when required by CA policies
## 1.6.0
- Added step-up authentication support for PIM role activations
- Handles MFA/claims challenges automatically when activating privileged roles
## 1.5.0
- Added auto-installation of required modules (Az.Accounts, Microsoft.Graph)
- Script now automatically installs missing dependencies on first run
## 1.4.0
- Switched to WAM (Windows Account Manager) authentication for native SSO
- Removed app registration dependency - uses Microsoft public client ID
- Renamed script to Entra-PIM.ps1
- Code cleanup and optimizations
## 1.3.2
- Bug fixes
## 1.3.1
- Fixed project URLs in manifest
## 1.3.0
- Removed Microsoft.Graph.Users dependency
- Fixed module loading issues
- Improved error handling for module imports
## 1.2.0
- Performance optimizations
- Bug fixes
## 1.0.0
- Initial release
- Browser-based authentication with PKCE
- Role activation and deactivation workflows
- Interactive TUI for role selection
- Caching for optimized API calls
FileList
- Entra-PIM.nuspec
- .git\COMMIT_EDITMSG
- PIMActivation\CHANGELOG.md
- .git\hooks\pre-push.sample
- .git\refs\stash
- .git\logs\refs\stash
- .git\objects\0d\4e7aef0c76c62568e59394c03977f155d3c403
- .git\objects\32\1529548d74ae34d3ea0076ab36eef7ef521327
- .git\objects\40\1f7fc6a6fc18a35253555340a8fadb613df9d0
- .git\objects\57\ae5ce2adb918d0691a7da55848393b72dd8a78
- .git\objects\71\67736b24f3100a0a5383f39a01ccb8daade6d1
- .git\objects\85\a9d3b2d4c4d94c7b225dfb5bc1bd6524e3093d
- .git\objects\98\ec0a98354909a0ab0849d1a3e3bc8851d9f742
- .git\objects\b0\e69735a8ad23d13fad6d17b1f2099ef9f617a6
- .git\objects\c2\b6d1079e43725c3cc56132254b0a56f90d026d
- .git\objects\d0\a739ce237b08a401c4139cfb45ad5ab9943c4d
- .git\objects\ef\37767b776d945b85ca5994a7d9989d495e6a5c
- .git\refs\heads\dev-feature
- PIMActivation\.git\hooks\commit-msg.sample
- PIMActivation\.git\hooks\pre-receive.sample
- PIMActivation\.github\ISSUE_TEMPLATE\documentation-issue.md
- PIMActivation\Private\Authentication\Initialize-WebAssembly.ps1
- PIMActivation\Private\RoleManagement\Clear-PIMPolicyCache.ps1
- PIMActivation\Private\RoleManagement\Get-PIMPoliciesBatch.ps1
- PIMActivation\Private\RoleManagement\Invoke-PIMRoleDeactivation.ps1
- PIMActivation\Private\UI\New-PIMEligibleRolesPanel.ps1
- PIMActivation\Private\Utilities\Get-SavedTicketSystem.ps1
- PIMActivation\Private\Utilities\Save-TicketSystemPreference.ps1
- .git\logs\refs\heads\dev-feature
- PIMActivation\.git\refs\heads\main
- PIMActivation\Private\RoleManagement\Entra\Get-EntraIDRoles.ps1
- Entra-PIM.ps1
- .git\config
- PIMActivation\CONTRIBUTING.md
- .git\hooks\pre-rebase.sample
- PIMActivation\.git\config
- .git\objects\02\246baafb40162afd82eacb9bcb7ae0f768e9fa
- .git\objects\0d\8b4e9fb45e59ba87928ffee318013a7ed040fa
- .git\objects\32\2e3fd0c79d1fc37a761b129e740cccc6b3574b
- .git\objects\41\e261406e4ab8743cd7aaba48fe2f1a5828c748
- .git\objects\5e\e8722321618d6a15f4903005453641c60414bc
- .git\objects\72\3572aa3ad6b5c78742add3138a725c7d307549
- .git\objects\86\4be3b060f657ef9921e169680a2d0951dd6fac
- .git\objects\9c\50923a9b62f969660ffec4219259a94e02db68
- .git\objects\b0\fd5aae8e0dbe6f8ab8ec691e19a5bf6fd7ab9c
- .git\objects\c2\c925442545a1963bee72d93405c7b0d9d1b4a0
- .git\objects\d3\51676b9a634d03cadae7cf40ee43796e3574a8
- .git\objects\f2\07e116a6e2c2d8d385e5886f6b13688050b4eb
- .git\refs\heads\main
- PIMActivation\.git\hooks\fsmonitor-watchman.sample
- PIMActivation\.git\hooks\prepare-commit-msg.sample
- PIMActivation\.github\ISSUE_TEMPLATE\feature_request.md
- PIMActivation\Private\Profiles\Clear-AccountHistory.ps1
- PIMActivation\Private\RoleManagement\ConvertTo-PolicyInfo.ps1
- PIMActivation\Private\RoleManagement\Get-PIMRolePolicy.ps1
- PIMActivation\Private\RoleManagement\Invoke-SingleRoleActivation.ps1
- PIMActivation\Private\UI\Show-LoadingSplash.ps1
- PIMActivation\Private\Utilities\Get-ScopeDisplayName.ps1
- PIMActivation\Private\Utilities\Show-TopMostMessageBox.ps1
- .git\logs\refs\heads\main
- PIMActivation\Private\RoleManagement\Azure\Get-AzureMemberType.ps1
- PIMActivation\Private\RoleManagement\Groups\Get-GroupRoles.ps1
- Entra-PIM.psd1
- .git\description
- PIMActivation\LICENSE
- .git\hooks\applypatch-msg.sample
- .git\hooks\pre-receive.sample
- PIMActivation\.git\description
- .git\objects\02\d6261c8cf9dbd66f917c94a491cb31f76fcfac
- .git\objects\0e\a2b0506b8320b971e3f0cecd36dd536d4dc77f
- .git\objects\38\7ed7620fb611387d8bf6afdf406097a3fbc752
- .git\objects\49\a777adb4db7cc6366efb86f2ea363dd68e3fbc
- .git\objects\5f\53bc3bba4a9b18dcdbbefd5b32277dbd611ee4
- .git\objects\77\06674c4142182cf117fed3820cd7ba89bba895
- .git\objects\88\340baa4955d24ba775833e0a54aa9d2d58bdf0
- .git\objects\a5\1b19aab1e30a9981689db13ffd20a402668b75
- .git\objects\b2\60871d2ecf0f8898d251f68f5a31de99e75098
- .git\objects\c3\7a6a7ec61adf2e99c5bd6fa9f7d9e228954635
- .git\objects\d4\20b0f08a47ef99406c7a7bf4607ae4435270e3
- .git\objects\f5\c58de7e70f5995e1b70aa07ff5b0b7c3f3ceff
- .git\refs\tags\v1.0.0
- PIMActivation\.git\hooks\post-update.sample
- PIMActivation\.git\hooks\push-to-checkout.sample
- PIMActivation\.github\workflows\PSGalleryPublish.yml
- PIMActivation\Private\Profiles\Get-LastUsedAccount.ps1
- PIMActivation\Private\RoleManagement\Get-EffectiveDuration.ps1
- PIMActivation\Private\RoleManagement\Get-PIMRoles.ps1
- PIMActivation\Private\RoleManagement\Show-ActivationResults.ps1
- PIMActivation\Private\UI\Show-OperationSplash.ps1
- PIMActivation\Private\Utilities\Import-PIMModule.ps1
- PIMActivation\Private\Utilities\Start-STAProcess.ps1
- .git\refs\remotes\origin\dev-feature
- PIMActivation\Private\RoleManagement\Azure\Get-AzureResourcePIMPolicy.ps1
- .git\logs\refs\remotes\origin\dev-feature
- Entra-PIM.psm1
- .git\FETCH_HEAD
- PIMActivation\PIMActivation.psd1
- .git\hooks\commit-msg.sample
- .git\hooks\prepare-commit-msg.sample
- PIMActivation\.git\HEAD
- .git\objects\03\df8bd4d2634ec5d2bfeef053b62ba3a2256c3e
- .git\objects\14\4cb8ed0c228e9a983bb965567fad49757c0d95
- .git\objects\38\c4ec62fe068ed3b7f3099fc1aec5ea8a34dd97
- .git\objects\4a\192885e4302da9c8236f07cabffa66a2829253
- .git\objects\62\5e5ccac63fa856ce3783ca391f9961ff20a96a
- .git\objects\7a\71b6b9bc97db6cb134816b43a0c41f01899362
- .git\objects\88\90e351fc07703363da5e1d5912e26f3b22b926
- .git\objects\a5\b0910414ceb9571c5dae9ce6416f282f8ddb7e
- .git\objects\b6\cd2e2091e8eaa9c3b2430da9404c1ecfb510b7
- .git\objects\c4\4669ee87762af716a2934a657d136878427c29
- .git\objects\d6\5fbf1a037a5dfa3cce840fad0ccb30aeb1d5fb
- .git\objects\f6\eef97e485fc87934b38607463ef250c370b469
- .git\refs\tags\v1.1.0
- PIMActivation\.git\hooks\pre-applypatch.sample
- PIMActivation\.git\hooks\sendemail-validate.sample
- PIMActivation\Private\Authentication\Clear-AuthenticationCache.ps1
- PIMActivation\Private\Profiles\Get-PIMActivationProfiles.ps1
- PIMActivation\Private\RoleManagement\Get-FriendlyErrorMessage.ps1
- PIMActivation\Private\RoleManagement\Get-PIMRolesBatch.ps1
- PIMActivation\Private\RoleManagement\Test-PIMRoleEligibility.ps1
- PIMActivation\Private\UI\Show-PIMActivationDialog.ps1
- PIMActivation\Private\Utilities\Initialize-AzureResourceSupport.ps1
- PIMActivation\Private\Utilities\Test-AuthenticationContextToken.ps1
- .git\refs\remotes\origin\HEAD
- PIMActivation\Private\RoleManagement\Azure\Get-AzureResourceRoles.ps1
- .git\logs\refs\remotes\origin\HEAD
- LICENSE
- .git\HEAD
- PIMActivation\PIMActivation.psm1
- .git\hooks\fsmonitor-watchman.sample
- .git\hooks\push-to-checkout.sample
- PIMActivation\.git\index
- .git\objects\04\df54acbaf924cf65739e518e3b2094eaa5d753
- .git\objects\24\126acb208621d514d3932e86114dd862254c3c
- .git\objects\39\3f6702b7cfcb61fb37a4e8188f4c2cd7ad0261
- .git\objects\4d\aae80f2fc9e1421bd0301aaa30e9307ec8fcd5
- .git\objects\62\c77ff630232a8ac95aabe86b15bbfdfbef9ec8
- .git\objects\7c\dd65f6380ecf9c763a36fad9bf2b3a93714550
- .git\objects\8c\58126ecccb033821137d367c49ed5a75d68bf7
- .git\objects\a6\c13ce7d5ec26cbb6ddea2306d0dd46ddcb466f
- .git\objects\ba\3a4ceca4d615e213a5b711e8e66e956c0053b3
- .git\objects\c7\6d262470c9147ceec2492538b5d1f4f85a5c8d
- .git\objects\d6\988e06e4e6d499223a564f8929736b76ab5944
- .git\objects\f9\d523c1baa41ec55652d479756ebaad6b94edeb
- .git\refs\tags\v1.2.0
- PIMActivation\.git\hooks\pre-commit.sample
- PIMActivation\.git\hooks\update.sample
- PIMActivation\Private\Authentication\Connect-PIMServices.ps1
- PIMActivation\Private\Profiles\Manage-PIMProfiles.ps1
- PIMActivation\Private\RoleManagement\Get-MembershipType.ps1
- PIMActivation\Private\RoleManagement\Get-RoleActivationParameters.ps1
- PIMActivation\Private\UI\Close-LoadingSplash.ps1
- PIMActivation\Private\UI\Update-LoadingStatus.ps1
- PIMActivation\Private\Utilities\Initialize-PIMModules.ps1
- PIMActivation\Private\Utilities\Test-ModuleVersionConflicts.ps1
- .git\refs\remotes\origin\main
- PIMActivation\Private\RoleManagement\Azure\Get-AzureScopeInfo.ps1
- .git\logs\refs\remotes\origin\main
- msalruntime.dll
- .git\index
- PIMActivation\README.md
- .git\hooks\post-update.sample
- .git\hooks\sendemail-validate.sample
- PIMActivation\.git\packed-refs
- .git\objects\06\0d45c8612092e6be05830e0771f4e04965021b
- .git\objects\26\31e0569f8a03a384c35ed42ba8f7cce3a41245
- .git\objects\3a\704c197dd66141823e0fd486e5a65816f5cb6a
- .git\objects\4d\c88cf176d49fd96623d8208884d7e76475e88e
- .git\objects\65\4a4a1d3f74a090adb0aa2020323109b4435f3a
- .git\objects\7f\11027c4cf6be1d478cbfe219e53a2b5a13dca9
- .git\objects\8e\67076653ace5489d534680c96f3cc1060b8015
- .git\objects\a7\13499a7b74022600d0af0e36a1fd9df46d6587
- .git\objects\bd\6a6339d1de4916a40868c1eaa9f3b8b19d2d20
- .git\objects\c7\f38b15508bb5d5b9bd5678cffb0001ec0bae6b
- .git\objects\da\098ead518cc48475ab13841fe5aeb4497e8d85
- .git\objects\fa\04a93479a4b9a42dd51b2c1fcb8f3c240765dd
- .git\refs\tags\v1.3.0
- PIMActivation\.git\hooks\pre-merge-commit.sample
- PIMActivation\.git\info\exclude
- PIMActivation\Private\Authentication\Disconnect-PIMServices.ps1
- PIMActivation\Private\Profiles\Save-LastUsedAccount.ps1
- PIMActivation\Private\RoleManagement\Get-PIMActiveRoles.ps1
- PIMActivation\Private\RoleManagement\Invoke-PIMActivationWithAuthContextToken.ps1
- PIMActivation\Private\UI\Initialize-PIMForm.ps1
- PIMActivation\Private\UI\Update-PIMRolesList.ps1
- PIMActivation\Private\Utilities\Install-RequiredModules.ps1
- PIMActivation\Private\Utilities\Test-PIMDependencies.ps1
- PIMActivation\.git\objects\pack\pack-82daf2949a19b0fe7f619f62d27465e8ac3d63ec.idx
- PIMActivation\Private\RoleManagement\Azure\Get-FormattedScope.ps1
- PIMActivation\.git\logs\refs\heads\main
- Publish-Module.ps1
- .git\ORIG_HEAD
- .git\hooks\pre-applypatch.sample
- .git\hooks\update.sample
- PIMActivation\docs\about_PIMActivation.help.txt
- .git\objects\0a\a111e70bab190218e3c464e41d54e88d80618c
- .git\objects\2b\61be6418c530848cb0a2753a861d60798e00c3
- .git\objects\3c\dff3a55d4d008696ec44f4634a2d8c4819c734
- .git\objects\53\753e9806c1014f1a186fc02e84991411085a9d
- .git\objects\65\fdd8329028aa384312448ed495ecefaf4241d5
- .git\objects\81\65ce31ed4b1b9b286d65dbc415d9497394c349
- .git\objects\91\0de4cefa8ca48fadcbe9bcf23043f2a85a259d
- .git\objects\af\992ad682a671385d9b38116828262a47a908e0
- .git\objects\bf\5e993bab00bee7675b7e7d04bbb1b8c6b3a0e5
- .git\objects\cb\3af84bd47b235057669264b0eb6537fd803b57
- .git\objects\de\3500fe6d08453b4960c3a4610960e595d0bd13
- .git\objects\fe\60925d469a79e885bbf02bcc2ae9b259a1ceb6
- .git\refs\tags\v1.3.1
- PIMActivation\.git\hooks\pre-push.sample
- PIMActivation\.git\logs\HEAD
- PIMActivation\Private\Authentication\Get-AuthenticationContextsBatch.ps1
- PIMActivation\Private\Profiles\Save-PIMActivationProfile.ps1
- PIMActivation\Private\RoleManagement\Get-PIMEligibleRoles.ps1
- PIMActivation\Private\RoleManagement\Invoke-PIMActivationWithMgGraph.ps1
- PIMActivation\Private\UI\New-PIMActiveRolesPanel.ps1
- PIMActivation\Private\Utilities\Clear-ModuleVersionConflicts.ps1
- PIMActivation\Private\Utilities\Remove-ConflictingModules.ps1
- PIMActivation\Private\Utilities\Test-PIMModuleCompatibility.ps1
- PIMActivation\.git\objects\pack\pack-82daf2949a19b0fe7f619f62d27465e8ac3d63ec.pack
- PIMActivation\Private\RoleManagement\Azure\Get-FormattedScopeDisplay.ps1
- PIMActivation\.git\refs\remotes\origin\HEAD
- README.md
- dev-feature\PIM-Activation-Browser.ps1
- .git\hooks\pre-commit.sample
- .git\info\exclude
- PIMActivation\Public\Start-PIMActivation.ps1
- .git\objects\0b\7da8e586d905aba905741887dab8e535dbb75a
- .git\objects\2e\81286de3750545b3ca51e87269292fd2ec701f
- .git\objects\3d\0770d6e9f8b98a022596cacdac03debf250b18
- .git\objects\54\01268262de6fd5b0aa157aaecc275ce37df096
- .git\objects\70\4a78d5d587acbd687fae0c6679ef2ccad61722
- .git\objects\83\b162451808a7be35b0bfea82e1c1ae90c66d1a
- .git\objects\94\1234a5caa601666ea287ad1207269e7a2399de
- .git\objects\b0\df5c21a9d443e02b9b98167fda8d59f1de66e9
- .git\objects\bf\9fa1ffb4cbc7b92db1386fcfb6b525d96e4d9b
- .git\objects\cd\b494897550a16aeb6b3032d882594ec8ab6a6e
- .git\objects\eb\32facb3ade738736769ebccf2b921a4a54e489
- .git\objects\fe\fedef758dbce8c2a272fa94b35189c7445013c
- PIMActivation\.git\hooks\applypatch-msg.sample
- PIMActivation\.git\hooks\pre-rebase.sample
- PIMActivation\.github\ISSUE_TEMPLATE\bug_report.md
- PIMActivation\Private\Authentication\Get-AuthenticationContextToken.ps1
- PIMActivation\Private\RoleManagement\Add-TypeSpecificProperties.ps1
- PIMActivation\Private\RoleManagement\Get-PIMPendingRequests.ps1
- PIMActivation\Private\RoleManagement\Invoke-PIMRoleActivation.ps1
- PIMActivation\Private\UI\New-PIMDurationPanel.ps1
- PIMActivation\Private\Utilities\Get-PIMModuleStatus.ps1
- PIMActivation\Private\Utilities\Resolve-PIMDependencies.ps1
- PIMActivation\Private\Utilities\Test-STAMode.ps1
- PIMActivation\.git\objects\pack\pack-82daf2949a19b0fe7f619f62d27465e8ac3d63ec.rev
- PIMActivation\Private\RoleManagement\Azure\Invoke-AzureResourceRoleActivation.ps1
- PIMActivation\.git\logs\refs\remotes\origin\HEAD
- .git\AUTO_MERGE
- dev-feature\PIM-Global-SelfActivate.ps1
- .git\hooks\pre-merge-commit.sample
- .git\logs\HEAD