Product:
Microsoft Azure
Issue:
You get a mail about that some of your subscriptions parts are expire in a few days like “Your Storage File Data Privileged Contributor role in the prod subscription will expire in 1 day(s)”
Solution:
Depending how your Azure accounts are setup and handled by your organisation, but it should be similar to this:
(you need to be owner of the subscription, to be able to extend the role for your self)
Go to azure Home – Microsoft Azure
Search for PIM. Click on Privileged Identity Management
Expand tasks and click on my roles.
Go to Azure Resources, and for the subscriptions you need to extend, go to owner line and activate you as owner.
click on activate. After someone have approved, go to next step.
Click on Privileged Identity Management, to get back to the start page of PIM.
Click now on Azure resources under Manage, and from the new page drop down select the subscription you want to handled.
Click on Manage button, after you have selected a subscription.
Click on Assignments under Manage. Then browse the lines to the right, to find what roles you can extend. Click on extend link.
Set a date, at least a year in the future. Press save. Repeat for all roles you need to extend.
If you do not find your role, check under the Expired assignments tab – to see if it is there, and you can extend it there.
Repeat for all subscriptions you have in Azure.
More Information:
Renew Azure resource role assignments in PIM – Microsoft Entra ID Governance | Microsoft Learn
Extend or renew PIM for groups assignments – Microsoft Entra ID Governance | Microsoft Learn
What is Privileged Identity Management? – Microsoft Entra ID Governance | Microsoft Learn