I've recently started using Privileged Identity Management (PIM) at my new job after having experience with it in previous roles. However, I'm facing some frustrating delays, especially with SharePoint and Exchange access. For instance, when the SharePoint admin activates PIM, I often have to wait 15 to 20 minutes for access. On the other hand, when I activate my global admin role, I get into Exchange almost instantly, but Entra access never comes through, and SharePoint access can take up to 30 minutes. This wasn't an issue in my previous positions, so I'm wondering if there could be a configuration problem. Is anyone else experiencing similar issues or have any insights on what might be causing this?
5 Answers
Are you required to get approval for your role activation? If you're activating an eligible role assignment instead of granting access to a role-enabled group, it could take some time. Also, consider how you're accessing these permissions—are you using the portal or a graph session? The latter might need extra time for token refreshes. Reaching out to your identity or operations team could provide more clarity on this issue as they might have insights on delays.
I've found that clearing access tokens via developer tools can help when I'm facing unexpected delays. If you want to give it a try, check out the Chrome DevTools guide on session storage, and remove any Azure storage entries in there. It could make a difference!
Honestly, for us, SharePoint and Exchange both can take ages—even sometimes around 20 minutes. It seems to be standard for PIM, though it can be pretty annoying. Are you facing the same with Exchange?
I haven't seen such delays with Exchange, but SharePoint consistently takes over 10 minutes for me.
According to Microsoft, 20 minutes is considered an acceptable delay for role activation. I’ve opened several tickets about this and have had better luck using the mobile app for role activation instead.
Yeah, it's super annoying. I sometimes think it might just be a Microsoft issue. My PIM roles sometimes expire, and when I reactive, it can take almost an hour to get the role back. Have others faced that too?
That's solid advice! I’ve noticed that cached access tokens can cause delays even when they're still valid.