every change · a commit
Your audit trail
is git history.
An Azure DevOps pipeline that scans Entra ID PIM 4 times a day by default and commits every change. No dashboard. No UI. Just commits.
4f3c9a1scan: permanent grant on
Global Administrator06:00a1bde02scan: policy duration 8h→24h on
Exchange Admin00:008e2f01bscan: no changes18:00
77c0114scan: no changes12:00
pim/monitorchange report
Total 3High 1Medium 2Low 02026-04-26T06:00Z
[!!] highGlobal Administrator+ permanent assignment added
[!] medExchange AdministratorM activation duration 8h → 24h
[!] medExchange AdministratorM max eligible duration 180d → 365d
policy.json · global-administrator−1+2
before8e2f01b
@@ Enablement_EndUser_Assignment
42{
43 "requireMfa": false,
44 "enabledRules": ["Justification"]
45}
after4f3c9a1
@@ Enablement_EndUser_Assignment
42{
43 "requireMfa": true,
44 "requireJustification": true,
45 "enabledRules": ["Justification"]
46}