What command(s) do I run in the place of Set-AzSKPIMConfiguration in order to activate my PIM roles via script?

[VanessaRussell]

Cross posting here as AzTS has been stated as the AzSK replacement; however, I'm still struggling to figure out which command(s) I should switch to.

I have been using

Set-AzSKPIMConfiguration -ResourceGroupName $ResourceGroupName -RoleName $RoleName -DurationInHours $Duration -Justification $Reason -SubscriptionId $subscriptionId -ActivateMyRole -ErrorAction Stop

to activate my PIM roles via script as it has always been quicker than via the portal.

Now that I've discovered that AzSK was sunset last year, I am trying to figure out what module/command I need to migrate to. Unfortunately, there doesn't seem to be much in the way of migration documentation.

Can anyone point me in the right direction of what command(s) I should be using now in order to accomplish this task?

[TarunKrShukla]

Hi Vanessa,

AzTS is the replacement of AzSK for core security scanning capabilities but there are some features (like PIM helper commands, ARM Checker) which are not migrated to AzTS. AzSK was sunset last year and not actively maintained now but all PIM helper commands are working and you can still use those for PIM role activation.

There are some other modules released by PG team which you can explore as well:

1. AzureADPreview
This module is still in preview but contains commands like Open-AzureADMSPrivilegedRoleAssignmentRequest which can help for PIM role activation.
You can find more about this module here.

2. Az.Resources
In the latest version 6.0.0, team has introduced few funtions like New-AzRoleAssignmentScheduleRequest which can help for PIM role activation.
You can find more details about this module here.

[Aboli-msft]

Hi Vanessa, closing this thread as there had not been any further communication. Please feel free to reach out us at [email protected] in case of any further queries.