I'm trying to improve the offboarding process for OneDrive users, particularly when our scripts don't apply. Ideally, I want my admins to manually use the 'copy to' function if the offboarding script fails, which helps avoid lengthy downloads and uploads when dealing with large OneDrive files.
However, I've encountered serious delays with Microsoft's Privileged Identity Management (PIM) roles. I often wait over an hour for the role to apply, and during this time, accessing a user's OneDrive results in an error message that says something like 'OneDrive information cannot be retrieved.' Plus, if the admin hasn't been given access to the site or folder, that adds another round of waiting for permissions to kick in.
This situation really frustrates me and makes me understand why some admins just stick with global admin permissions instead of using PIM, which can be a hassle.
5 Answers
From my experience, it’s not actually PIM that’s the issue but rather how slow the admin portals are to reflect role changes. When I handle things directly in Purview, they process much quicker. But overall, there are still noticeable delays.
Avoiding the regular admin portal does help a lot. If you plan to use roles often, consider setting up a script to activate PIM roles through Graph API—it’s much more efficient than struggling with delays in the browser.
Honestly, a lot depends on the service you’re working with. Some things, like Purview or SharePoint, have longer sync cycles that can drag things out. I prefer to stick to the Entra portal; it's way more responsive. But I still run into those pesky delays sometimes, especially in SharePoint.
I think the activation speed varies by role. Some activate within seconds, but others can be painfully slow, which makes things a guessing game. Once you figure out the right role, though, it gets a bit easier.
It’s crazy that we need to play a guessing game! I hope they improve the role assignments and documentation to help us out.
I hear you! Generally, PIM role activation is faster than that, often just taking a matter of seconds for me. Try going straight to the roles page right after activating your role, and avoid wandering to other admin pages first. And if you run into issues, opening an incognito window usually clears things up.
I usually do the same! But sometimes, even with my streamlined approach, it takes at least ten minutes. It’s frustrating to come back later just to find my access still isn't working.
Same here! I’ve given up on SharePoint at times too, just to finish stuff the next day when it usually works better.