Feature: Include PIM eligible users
m8r1us opened this issue · comments
Include PIM eligible users. Currently only permanent assigned users via Azure AD are in the report.
I'd love to include this, but PIM isn't included in the Azure AD graph. It is present in the Microsoft Graph but that data model isn't compatible with ROADtools currently. Plus according to the docs you can only enumerate this if you're in an admin role: https://docs.microsoft.com/en-us/graph/api/privilegedrole-get?view=graph-rest-beta&tabs=http
Long story short: will have a look at implementing this but it's not something that will be feasible on a short term
You are right. I will also dig a bit.
For the Azure IaaS/Paas part:
The following endpoint would work for Azure RBAC PIM if you have read rights on the subscription/mgmt group:
https://api.azrbac.mspim.azure.com/api/v2/privilegedAccess