Integrate PIM with AAD enabled clusters
If you elevate yourself to the Cluster Admin Role via PIM you can download cluster admin credentials with the command:
az aks get-credentials -n mycluster -g myrg --admin
If you then deactivate the role via PIM, you can still use the admin credentials locally. It would be nice if we could somehow set an expiration time to stop those credentials from working (from the client that requested them via PIM elevation) after the requested time frame, or if we could invalidate them via a token of some sort.