Customer is currently leveraging the Privileged Identity Management (PIM) feature of Entra ID to elevate permissions only when necessary. These elevated permissions automatically expire after 8 hours, at which point users can re-elevate if needed. This approach aligns with the customer’s ISO security certification requirements and reflects the company’s commitment to best security practices. In my view, Entra ID’s PIM feature is specifically designed to support this model.

However, even after applying for the system admin role via PIM, the customer encountered an error when using the self-elevate function in PPAC, with the system indicating insufficient privileges. Backend data confirms that the customer is not recognized as a system admin following the application.

We hope the product team will consider addressing this issue in a future update.