Pim Me Now !
Are you working with different accounts, Azure AD roles and tenants?
That’s why I have written a small tool in PowerShell (yes, with a GUI) to PIM myself with comfort ;-).
It makes the use of Azure AD Privileged Identity Management with multiple accounts easier:
As you probably have immediately recognized, this app will not exactly win the next design award. Anyway, it does a few cool things. I will show you here in this Video, before we proceed with how to ‘install’ and use it:
Ok, now you know what it does – and if you think it might be useful for you – download or clone it from GitHub.
The GitHub repository consists of 2 important files, the actual ps1 script and the shortcut (lnk) to it:
You might know by yourself how to start a PowerShell script from a shortcut. I always have to google for it – so I put it into the repo. Download everything to a location on your computer, put the shortcut on your desktop and edit it, by right clicking it and choose “properties”. Modify “Target” and “Start in” according to the location where you copied PimMeNow.ps1 to.
If it is started the first time, it will try to install the Azure AD preview module, if it is not installed. The preview module has new capabilities to work with PIM. If this is done, PimMeNow! should work as expected.
Now you are ready to configure your PIM profiles:
Open PimMeNow.ps1 with the editor of your choice, e.g. Visual Studio Code. At the top of the script, you need to adjust your profile settings. Provide
- Profile Name –> choose something meaningful that will appear in the GUI of the tool
- Account Name (UPN)
- Microsoft Edge Profile Name –> see below
- PIM Role Name
- Duration in hours –> you can set the configured max duration of PIM or less
Regarding the ‘Microsoft Edge Profile Name’: As you have seen in the Video, PimMeNow! opens your desired Edge Profile after you have successfully pimmed yourself. However, its not straight forward to find out which profile is which, because Edge names them “Profile 1”, “Profile 2” etc. Not joking here. So the easiest way to find out which is which is trial an error. Use a PowerShell for that:
Start-Process -FilePath "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" -ArgumentList "--profile-directory=`"Profile 1`""
Then proceed with “Profile 2” etc. Sorry for that.
Ok, we are done with the “installation”. Let’s use it!
PimMeNow! will create a new txt file (“justificationreasons.txt”) in it’s home directory. Here it will save each and every justification reason you will ever provide and then offer you the next time via autocomplete:
Of course you can modify this txt file anytime manually to meet your needs.
The counter will start after you successfully pimmed yourself and counts down until you role gets deactivated.
Of course, you can minimize or even close the counter window, if you don’t need it. It will not change anything on your PIM status.
I have implemented a small update notification thing, that will give you a hint, if there is a new version available on GitHub. If you have cloned the repository with e.g. GitHub Desktop, you can simply pull the new version when you got a notification in the GUI.
I have implemented a high-end error handling in the tool. No, really, I am just checking if _something_ happened during run time by parsing $error and then writing it to errors.txt in the home directory of the tool. Start your troubleshooting there.
Help / Support / Warranty
If PimMeNow! destroys your IPhone or does anything else unexpected: you are using it on your own risk. However, I am using it on a daily basis and do not have any issues with it nor did it ever harm anything.
Please use the comment function of this blog here, if you need assistance. I am happy to help.
If you like the tool – please: let me know! 🙂
Pingback: Lessons learned while implementing Azure AD Privileged Identity Management (PIM) | Modern Workplace Blog
Thhanks great blog