I'm trying to set up Privileged Identity Management (PIM) for my new group, which includes the User Administrator and Exchange Recipient Administrator roles. A few weeks ago, I created another group with these roles plus SharePoint Administrator, and I was able to make some users permanently eligible. However, now it seems like I can't do the same for this new group. Could it be related to having these roles in another group? I'm a bit puzzled about why the option for permanent eligibility isn't showing up this time.
1 Answer
It sounds like you might be overlooking a specific setting when you set up PIM. There’s usually an option at the role configuration level where you can enable permanent eligibility. If that's not set for your new group, that might explain why you're not seeing it.
That makes sense! I've got a similar group that does allow permanent eligibility, so maybe I need to double-check those settings.