Ermetic enables customers to implement least privilege policies for Azure AD PIM

Ermetic announced the Ermetic Platform enables organizations to monitor and remediate excessive permissions in the Azure Active Directory (AD) Privileged Identity Management (PIM) service. By detecting unnecessary, unused permissions and generating right-sized roles, Ermetic automates continuous least privilege enforcement to reduce security risk in Azure AD PIM configurations.

Ermetic Azure AD PIM

The PIM service in Azure AD enables organizations to assign users just-in-time privileged access to Azure and Azure AD resources. For example, administrators use Azure AD PIM to assign time-bound access to resources using start and end dates, require approval to activate privileged roles, enforce multi-factor authentication to activate any role, and more.

The integration of the Ermetic Platform with Azure AD PIM enables customers to right-size cloud identities and enforce least privilege. The same advanced visibility, analytics and automatic remediation capabilities Ermetic provides for securing traditional Azure roles is now available for PIM roles in Azure AD.

For example, if an identity in Azure AD PIM doesn’t use one or more of its role assignments or only uses some of its permissions granted by a role, Ermetic will automatically generate recommendations to trim those privileges to exactly what is needed.

“Ermetic now enables customers to implement ‘least privilege’ policies for Azure AD PIM using native Azure capabilities and the intelligence provided by our advanced cloud infrastructure entitlement management platform,” said Sivan Krigsman, Chief Product Officer for Ermetic. “The combination of Azure AD PIM and Ermetic automatically monitors and keeps entitlements in check to eliminate identity-based risk.”

The Ermetic cloud security platform uses advanced analytics to monitor configurations, policies and activity logs for Azure AD PIM to allow organizations to:

  • Determine what permissions exist and which are necessary
  • Identify which permissions are actually in use and which are excessive
  • Assess which identities are at the greatest risk of being compromised in order to prioritize excessive permissions remediation
  • Automatically replace excessive permissions in PIM roles with least privilege configuration
  • Detect and provide remediation for anomalous activity


The Ermetic Platform with integrated support for Azure AD PIM is available immediately from Ermetic and its business partners worldwide. There is no additional cost for these new capabilities.

More about

Don't miss