Azure AD Privileged Identity Management, currently in preview, gives organizations more visibility and controls for Microsoft Online Services roles. In particular, Azure AD PIM provides “just in time” activation for highly privileged roles such as Company Administrator. Alongside the Azure portal and PowerShell interfaces for Azure AD PIM, we’re adding it to the Graph API in preview as well. This allows you to write applications that retrieve and update privileged role assignments, and activate users into roles.
The Azure AD Privileged Identity Management Team