> For the complete documentation index, see [llms.txt](https://agents.glueckkanja.com/llms.txt). Markdown versions of documentation pages are available by appending `.md` to page URLs; this page is available as [Markdown](https://agents.glueckkanja.com/agents/pim-insights/permissions.md). # Permissions ### Overview This page describes the permissions and access model for this agent.\ The agent uses **read-only access** to Privileged Identity Management (PIM) data, audit logs, and identity activity information through **Security Copilot Plugins**.\ It is designed to analyze PIM activations, privileged access behavior, and compliance metrics without making any configuration changes. *** ### How It Works The agent connects securely to your Microsoft Entra environment through Security Copilot Plugins to retrieve PIM activation data, audit logs, and sign-in information.\ It evaluates role usage patterns, compliance with activation policies, and anomaly detection in privileged activity.\ Optionally, the agent can generate Azure Workbooks for continuous PIM monitoring and visualization. All interactions follow these principles: * **Read-only access:** The agent does not modify or assign roles, change PIM settings, or alter audit data. * **Least privilege:** Only the permissions required to read PIM and audit data are used. * **Transparency:** All data access is auditable in Microsoft Entra and follows Microsoft compliance standards. *** ### Required Entra ID Roles Assign the following roles to the administrator account that installs and runs the agent: | Role | Description | | --------------------------------- | ------------------------------------------------------------------------------- | | **Privileged Role Administrator** | Provides visibility into PIM role assignments and activation history. | | **Security Reader** | Grants access to security insights and identity risk data. | | **Reports Reader** | Allows access to usage and audit reports. | | **Global Reader** | Enables read-only access across the Entra ID tenant for comprehensive analysis. | {% hint style="info" %} These roles represent the recommended least-privilege configuration. Adjust based on your organization’s security and compliance policies. {% endhint %} *** ### Data Access Transparency The following table outlines what data the agent can access and for what purpose. | Data Type | Access Level | Purpose | | ---------------------------------------- | ------------ | ----------------------------------------------------------------------------- | | **PIM role activations and assignments** | Read-only | To evaluate activation frequency, role usage, and least-privilege compliance. | | **Audit logs** | Read-only | To trace activation events, MFA verification, and approval workflows. | | **Sign-in and identity risk logs** | Read-only | To identify anomalous privileged access behavior. | | **Role definitions and policies** | Read-only | To assess configuration alignment with internal governance standards. | **Data handling:** * The agent does **not** modify, delete, or export data outside the tenant boundary. * All access occurs through **Security Copilot Plugins** using delegated or application-level permissions. * Access events are recorded in **Microsoft Entra audit logs** for visibility and traceability. *** ### Agent Settings When running the agent, you can configure optional settings to refine analysis and reporting output. | Setting | Example | Description | | -------------------- | ------------------------------- | --------------------------------------------------------------- | | **TimeRange** | `30` or `2025-01-01/2025-01-31` | Defines the period for analyzing PIM activation events. | | **GenerateWorkbook** | `true` | Generates an Azure Workbook file for continuous PIM monitoring. | | **OutputFormat** | `summary` or `detailed` | Specifies the level of report detail and included metrics. | #### Example Queries * `"Analyze PIM activations for the last 30 days"` * `"Show me Global Administrator access this week"` * `"Generate PIM compliance report for last quarter"` * `"Detect anomalies in privileged access with Azure Workbook"` *** ### Azure Workbook Generation When `GenerateWorkbook: true` is specified, the agent produces an **Azure Workbook configuration file** that can be deployed for ongoing PIM monitoring. The workbook includes dashboards for: * Real-time PIM activation trends * Failed activation attempts * Role usage and frequency metrics * Activation reason compliance tracking * Anomaly alerts and risk visualization Deploy the workbook in the Azure portal under:\ **Monitor → Workbooks → Import → Upload Configuration File** *** ### Data Requirements To ensure accurate and meaningful results, verify that: * **PIM is actively used** with role activations occurring regularly. * **Activation reasons** are required in PIM policy for compliance analysis. * At least **7–30 days of activation data** is available. * **MFA is enforced** for PIM activations. * **Audit logging** is enabled in Microsoft Entra. * **Entra ID audit logs** are saved to a Microsoft Sentinel instance * Said **Microsoft Sentinel** instance must be integrated with **Microsoft Defender XDR** (formerly **Microsoft Security Center**) for unified security operations and advanced analytics. *** ### Security and Compliance Considerations * All communication through Security Copilot Plugins is encrypted using HTTPS and authenticated via Microsoft identity services. * The agent adheres to Microsoft’s **zero trust** and **least privilege** principles. * Access can be reviewed or revoked at any time through **Entra ID role assignments** or **application consent management**. *** ### Next Steps * Confirm that the administrator account has all required roles assigned. * Run the agent to analyze PIM activation activity and compliance status. * Deploy the optional Azure Workbook for continuous privileged access monitoring. --- # Agent Instructions This documentation is published with GitBook. GitBook is the documentation platform designed so that both humans and AI agents can read, navigate, and reason over technical content effectively. Learn more at gitbook.com. ## Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://agents.glueckkanja.com/agents/pim-insights/permissions.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.