将特权访问组(预览)引入 Privileged Identity ManagementBring privileged access groups (preview) into Privileged Identity Management

在 Azure Active Directory (Azure AD) 中,可以将 Azure AD 内置角色分配给云组,以简化管理角色分配的方式。In Azure Active Directory (Azure AD), you can assign Azure AD built-in roles to cloud groups to simplify how you manage role assignments. 若要保护 Azure AD 角色和确保访问安全,现在可以使用 Privileged Identity Management (PIM) 来管理这些组的成员或所有者的实时访问。To protect Azure AD roles and to secure access, you can now use Privileged Identity Management (PIM) to manage just-in-time access for members or owners of these groups. 若要将 Azure AD 可分配角色的组作为 Privileged Identity Management 中的特权访问组来管理,必须将该组引入 PIM 中进行管理。To manage an Azure AD role-assignable group as a privileged access group in Privileged Identity Management, you must bring it under management in PIM.

标识要管理的组Identify groups to manage

  1. 使用特权角色管理员角色权限登录到 Azure ADSign in to Azure AD with Privileged Role Administrator role permissions.

  2. 选择“组”,然后选择要在 PIM 中管理的可分配角色的组。Select Groups and then select the role-assignable group you want to manage in PIM. 可以搜索和筛选列表。You can search and filter the list.

    查找要在 PIM 中管理的可分配角色的组

  3. 打开组,选择“特权访问(预览)”。Open the group and select Privileged access (Preview).

    打开 Privileged Identity Management 体验

  4. 开始在 PIM 中管理分配。Start managing assignments in PIM.

    管理 Privileged Identity Management 中的分配

备注

一旦某个特权访问组受到管理,就不能将其从管理中删除。Once a privileged access group is managed, it can't be taken out of management. 这可防止其他资源管理员删除 Privileged Identity Management 设置。This prevents another resource administrator from removing Privileged Identity Management settings.

后续步骤Next steps