Make Azure AD role activation in PIM faster
Currently activating an Azure AD role such as Global Admin or User Admin in Privileged Identity Management (PIM) takes 15+ minutes to fully activate (this time starts after following the step to sign-out). Even after logging out and back in again, the role will display as active in the Azure AD overview blade, but when trying to take an action such as updating a user license (in the Office 365 portal) or update an App configuration in the Azure AD Portal, the action will fail claiming access denied. After 15-30 minutes, the role finally comes fully active with no notification and the same actions then succeed.
This delay is causing frustration with our users who need to assign licenses, update app configurations, etc.
Activating Azure Resource roles is reasonably fast (log out when prompted, log in again and the role is usually active).
Please add the specific roles and portals that are impacted by this.
Bruce Redfern commented
I get similar results. For me, it's global admin , teams admin, and exchange admin that are slow to activate. 10-15 mins is not unusual. Logging out and back in can help. Azure access seems to work almost right away.
Rob Angell commented
Update since this was raised: some roles are much better, eg: Global Admin activates immediately.
Other roles such as Application Administrator, License Administrator and User Administrator take 20+ minutes to become active.
After discussing with Microsoft support recently, they suggested a "workaround" being to logout/login 3 times to force a refresh of the users access tokens. This works, but is still cumbersome for users.
This is all done using the PIM section in the Azure Portal.