#security-architecture 1 post tagged security-architecture. Privileged Identity Management: How a Two-State Role Assignment Retired Standing Admin May 24, 2026 Microsoft Entra PIM did not add eight features. It added one field to the role-assignment object -- and everything else, from activation policies to GDAP, is downstream.