Privileged Identity Management or PIM, is great way to ensure that users are not given standing administrative access. Instead, with PIM, these rights can be requested, approved and removed in an automated and audited way.
In the scenario where a user may need administrative rights to multiple services at the same time, say Exchange Online administration and SharePoint Online administration together, you can achieve this by using the capability in Azure AD to assign multiple roles to an Azure AD group. You then have users go through the PIM process to become members of that group. When they do, they automatically get access to the roles that are part of that group. Once PIM deactivated them, they are removed from that group and lose those permissions.
This video take you through that process.
https://www.youtube.com/watch?v=mAA1KjxjAuQ
remember, to achieve this you’ll need to have an Azure AD P2 assigned and that currently this feature is in preview.
For more information consult the following documentation from Microsoft:
Management capabilities for Privileged Access groups
CIAOPS 