Ermetic Enables Customers to Enforce Least Privilege for Microsoft Azure

Cloud Infrastructure Security Platform Detects and Remediates Excessive Privileges in Azure Active Directory Privileged Identity Management Service

Ermetic Team By Ermetic Team
Ermetic Enables Customers to Enforce Least Privilege for Microsoft Azure

PALO ALTO and TEL AVIV, Nov. 4, 2021 -- Ermetic, the cloud infrastructure security company, today announced the Ermetic Platform enables organizations to monitor and remediate excessive permissions in the Azure Active Directory (AD) Privileged Identity Management (PIM) service. By detecting unnecessary, unused permissions and generating right-sized roles, Ermetic automates continuous least privilege enforcement to reduce security risk in Azure AD PIM configurations.

The PIM service in Azure AD enables organizations to assign users just-in-time privileged access to Azure and Azure AD resources. For example, administrators use Azure AD PIM to assign time-bound access to resources using start and end dates, require approval to activate privileged roles, enforce multi-factor authentication to activate any role, and more.

The integration of the Ermetic Platform with Azure AD PIM enables customers to right-size cloud identities and enforce least privilege. The same advanced visibility, analytics and automatic remediation capabilities Ermetic provides for securing traditional Azure roles is now available for PIM roles in Azure AD. For example, if an identity in Azure AD PIM doesn’t use one or more of its role assignments or only uses some of its permissions granted by a role, Ermetic will automatically generate recommendations to trim those privileges to exactly what is needed.

“Ermetic now enables customers to implement ‘least privilege’ policies for Azure AD PIM using native Azure capabilities and the intelligence provided by our advanced cloud infrastructure entitlement management platform,” said Sivan Krigsman, Chief Product Officer for Ermetic. “The combination of Azure AD PIM and Ermetic automatically monitors and keeps entitlements in check to eliminate identity-based risk.”

The Ermetic identity-first cloud security platform uses advanced analytics to monitor configurations, policies and activity logs for Azure AD PIM to allow organizations to:

  • Determine what permissions exist and which are necessary
  • Identify which permissions are actually in use and which are excessive
  • Assess which identities are at the greatest risk of being compromised in order to prioritize excessive permissions remediation
  • Automatically replace excessive permissions in PIM roles with least privilege configuration
  • Detect and provide remediation for anomalous activity



The Ermetic Platform with integrated support for Azure AD PIM is available immediately from Ermetic and its business partners worldwide. There is no additional cost for these new capabilities.

About Ermetic

Ermetic helps prevent breaches by reducing the attack surface of cloud infrastructure and enforcing least privilege at scale in the most complex environments. The Ermetic SaaS platform is an identity-first security solution that provides holistic, multicloud protection using advanced analytics to continuously analyze and remediate risks associated with permissions, configurations and behavior across the full cloud infrastructure stack. The company is led by proven technology entrepreneurs whose previous companies have been acquired by Microsoft, Palo Alto Networks and others. Ermetic has received funding from Accel, Glilot Capital Partners, Norwest Venture Partners and Target Global. Visit us at and follow us on LinkedIn, Twitter and Facebook.