PAM installed some new objects in the MIM service. Let's take a look at three new objects: PAM roles, PAM requests, and another object called PAM configuration that provides a configurable PAM setting interface. If you were to open up the MIM portal on PRIVPAMSRV, which again is optional, you will immediately see PAM roles and PAM requests, as follows:
If you were to click on the PAM Roles link, you would see an interface to create a new PAM role and delete and see the details of existing PAM roles. Here's the window to create a new PAM role:
Display Name: This is the display name of the role.
PAM Privileges: This is the security group(s) associated with the role.
PAM Role TTL (sec): This is the maximum number of seconds before the role expires and the privileges are removed.
MFA Enabled: If checked, this requires the user to use Azure multi-factor authentication (MFA). We will discuss this concept later in the chapter.
Approval required: This indicates whether elevation...