@David Broggy - Thanks for the question and using MS Q&A platform.
Here is the response from the internal team:
- Yes, you can have a security group within a Purview role group as a member: and yes, the security groups support PIM for groups. However, when a user is eligible for the group membership and activates the membership, we see that it takes up to 2 hours for their permissions to become effective within Purview, which is a large area of friction as it is not "just in time".
- We have documented this 2 hour activation delay here
- We have work item planned this feature soon.
- Entra roles which support PIM: There are some roles within Entra that have permissions within Microsoft Purview. a. We document at a high level what entra roles do in Purview here.
Hope this helps. Do let us know if you any further queries.
If this answers your query, do click Accept Answer
and Yes
for was this answer helpful. And, if you have any further query do let us know.