Just-in-Time
JIT access grants privileges only at the moment they are needed and revokes them automatically afterward. Instead of holding standing admin rights, a user requests elevation for a specific task and time window, often with approval. This shrinks the attack surface because there are few powerful accounts sitting around to steal.