Free tool that connects to your Log Analytics Workspace and generates a comprehensive report of your PIM activation patterns, user behavior, and justification quality.
Request Free ToolYou deployed Entra ID PIM. Users activate roles daily. But do you actually know what's happening?
PIM without visibility is just a checkbox.
You need data to know if it's actually working.
One script. Five minutes.
See your complete PIM picture.
A self-contained report with interactive tables, filtering, sorting, and visual charts. No external dependencies. Opens in any browser.
Total activations, unique users, unique roles, activation type breakdown (Entra Role / Azure Resource / Group) and daily averages.
All users with activation counts, average duration per user, and number of distinct roles used. Visual bars and sortable columns.
Every activated role and group with usage count, unique users, type badge, and average duration. Full breakdown.
Average, median, min, max duration in minutes. Distribution buckets: under 1h, 1-4h, 4-8h, and over 8h.
Empty and short justification counts with percentages. Every unique justification listed with frequency and usage share.
Line chart with weekly activation trends plus a full raw data table with every activation record, filterable and sortable.
Three simple steps from request to report
The tool runs entirely in your environment. No data leaves your tenant. No external services contacted.
Everything you need to know about the WatchTower PIM Assessment Tool.
Yes, completely free. No hidden costs, no trial period, no feature limitations. You get the full tool with all report capabilities. We built this to help organizations understand their PIM posture.
No. Absolutely not. The tool runs 100% locally on your machine. It queries your Log Analytics Workspace directly and writes the report to your local disk. There are no external calls, no telemetry, and no data exfiltration of any kind.
The tool requires Log Analytics Reader role on your workspace. This is a read-only role - the tool never writes to or modifies your environment. The tool uses interactive Azure login for authentication.
The tool requires PIM audit logs to be sent to a Log Analytics Workspace. If you haven't configured diagnostic settings for Entra ID audit logs, you'll need to set that up first. Once configured, PIM activation data will start flowing into the AuditLogs table in your workspace.
We want to ensure you get proper onboarding and support. By reviewing requests, we can provide you with the right version, setup documentation, and follow up to make sure you successfully run the assessment. It also helps us understand how the tool is being used so we can improve it.
WatchTower PIM Coach is our full PIM monitoring and governance platform. While this free tool gives you a one-time snapshot, PIM Coach provides continuous monitoring, AI-powered justification scoring, policy enforcement, and automated remediation. Learn more about PIM Coach.
Fill out the form below and we'll review your request and send you the tool with setup instructions.
If you don't see the request form below, please click here to open the request form.
Please sign in to access exclusive premium content
For authorized members only
Sign in with GitHub