Recently my role assignments in Azure AD were switched from permanent to eligible ones. This is part of PIM - Privileged Identity Management, you can read more about it on MS Docs: Start using Privileged Identity Management To activate your eligible assignment you can use Azure Portal, Graph API, and PowerShell. The activation in the portal and Graph API is described on MS Docs: Activate my Azure AD roles in PIM My roles within Privileged Identity Management in Azure Portal

This is a guide for how to handle secrets in a logic app in a secure way. It combines three resources: Accessing Key Vault from Logic App with Managed Identity Get Secrets Key Vault API Hide your logic apps secrets from prying eyes First, enable a Managed Identity for your Logic App: In the KeyVault, add a new Access Policy for the new Managed Identity (from the previous step). Use the least priviliges.