Azure PIM – Access Denied for the SharePoint Admin Center

Are you getting an Access Denied error when you navigate to the SharePoint admin center after activating an admin role via Azure Privileged Identity Management (PIM)?

Access Denied error message for the SharePoint admin center

The following steps fixed the error for me:

  • Open an incognito/private window and log in to Microsoft 365.
  • Type (your tenant name) into your address bar.
    • Make sure to replace “(your tenant name)” with your actual tenant name.
  • Close the incognito window and navigate to the SharePoint admin center through your regular browser window.

This approach assumes that the user who is granted admin permissions through Azure PIM gets an Access Denied error due to caching. Microsoft 365 does not recognize that the user has elevated permissions because their services have already authenticated. When the user signs into Microsoft 365 via an incognito/private window, the session will reauthenticate and recognize their new admin role.

If you open a separate incognito/private window, you can reauthenticate without interfering with other tabs where Microsoft 365 is open. However, you could also fix this bug by logging out and then back into Microsoft 365. Choose the approach that will cause the least amount of disruption to your work.

Thanks to Bobby at Microserve who showed me this trick!