This guide describes how to use the Archive-StorageAccount.ps1 PowerShell 7 script to archive the contents of an Azure Storage Account from one tenant into an archive/backup Storage Account in a different tenant, using AzCopy and SAS tokens.
The...
Managing role assignments and Privileged Identity Management (PIM) across a large Azure environment quickly becomes opaque — especially when you have 10+ subscriptions, an ALZ hierarchy, and a mix of legacy static assignments alongside newer PIM eligible setups. This post walks through a PowerShell script I built to get a full picture of who has what access, and where the cleanup backlog is.
TL;DR — One script. Two groups. Full PIM-enabled least-privilege access on any Azure subscription. No portal clicking. No manual mistakes.
Setting up Privileged Identity Management (PIM) in Azure the right way involves a surpr...