Login

u/Noble_Efficiency13

PIM activations, directly from your pocket! PIMActivation Portal announcement
▲ 20 r/SysAdminBlogs+2 crossposts

PIM activations, directly from your pocket! PIMActivation Portal announcement

Back in 2025 I created PIMActivation as a PowerShell module to make PIM activations faster and less frustrating. Since then, the project has evolved quite a bit.

Today I released the new PIMActivation Portal, a fully open-source Progressive Web App for Microsoft Entra PIM activations.

Main goals:

  • Faster activations
  • Bulk role activation
  • Cross-tenant support
  • Mobile + desktop support
  • Better UX overall

Some highlights:

  • No backend or token cache
  • Browser-only architecture using sessionStorage + IndexedDB
  • Installable as a desktop/mobile app
  • Self-hosted deployment option
  • Managed multi-tenant version available
  • MIT licensed

It supports Entra roles, Groups, Azure Resources, reduced scope activations, activation profiles, bulk deactivation, and more.

This was built together with Lukas Gosling after we independently ended up building very similar PoCs and decided to collaborate instead.

Would love feedback from others working heavily with PIM, RBAC, and cross-tenant administration.

You can check out the full write-up here:
https://www.chanceofsecurity.com/post/introducing-the-new-pimactivation-portal-managed-self-hosted-and-mobile-ready

Access the landing page:
https://pimactivation.com

Direct portal access:
https://portal.pimactivation.com

u/Noble_Efficiency13 — 4 days ago
▲ 43 r/SysAdminBlogs+3 crossposts

Microsoft seems to be testing Time-Based Conditional Access through the beta Graph API, this is my take

I recently spent some time experimenting with the new “Time” condition that started appearing in Conditional Access policies through Graph, and I put together a write-up covering how it behaves today, how to create policies with it, and where it currently falls apart.

Some key findings:

- The condition appears across user, workload, and agent-based policy types

- Only user/group-based policies currently work in practice

- No GUI support yet, so policies very interesting in the portal

I also explored some practical use cases, including:

  1. Restricting critical applications to working hours 
  2. Shift-based access enforcement for production workers 
  3. Tightening sessions and auth requirements after hours

I think this has huge potential!

Check out the post here: Getting With The Times: Time-Based Conditional Access

What use cases do you see for this feature?

u/Noble_Efficiency13 — 7 days ago
▲ 5 r/IBMi

Hello,

I'm reaching out as I'm struggling with a request from a costumer, and I need some kind of closure.

We've got a client that's running an AS400, and they are in the middle of transitioning from on-prem devices, vpn etc. to more modern and secure solutions. One of these being Microsofts ZTNA solution Global Secure Access, though we have an issue with Kerberos SSO to AS400 over GSA.

Can anyone confirm that it's either not possible, or hopefully, is possible and how to get it working?

We've spent way too many hours pulling our hair out over this issue.

Thank you in advance!

reddit.com
u/Noble_Efficiency13 — 29 days ago