1) In a separate browser browse to the following URL: https://outlook.office365.com/ to view Isaiah Langer’s email.
2) Sign in as isaiah.langer@<Tenant>.onmicrosoft.com. The password is “M1crosoft123”
3) Open the email from Microsoft Azure AD Notification Service for Activating Global Administrator access, as shown in Figure 22.
Figure 22: PIM Notification Email
4) Click on the Azure Portal link in the email.
5) In the Azure Portal, click All Services > then search for priv and select Azure AD Privileged Identity Management.
6) Click My roles.
7) Click Global Administrator.
8) Click Verify your identity before proceeding.
9) Click Verify my identity.
10) Respond to the phone verification.
11) You will be returned to the Global Administrator Role Activation Details blade. If not, follow these steps:
- In the left navigation, click All Services, and then select Azure AD Privileged Identity Management.
- Click My roles.
- Click Global Administrator.
12) In the top navigation, click Activate.
In the Reason for role activation text box, type User administration.
14) Click OK.
15) On the Global Administrator blade, look at the Expiration field – it will be +4 hours from activation time.
16) Verify this change, click Azure Active Directory >Users and groups > All users > Isaiah Langer > Directory role, Isaiah is now a Global Administrator and no longer a user.
17) In the left navigation, click All Services, and then select Azure AD Privileged Identity Management.
18) Click on Azure AD Directory Roles.
19) Under ACTIVITY, click Directory Roles Audit History.
20) Note the business justification entered above (User administration), which is displayed in the Reasoning column.
21) Close all browsers