With Microsoft withdrawing mainstream support for Forefront Identity Manager on 10 October 2017, what better reason do you need to upgrade from FIM to MIM? Without technical support and security updates, organisations using the popular identity management platform will be taking unnecessary risks. But there are 3 big reasons why that move should have already happened.
FIM Vs. MIM: A Clear Winner
Since its launch in 2010, Forefront Identity Manager (FIM) has become synonymous with identity lifecycle management. Microsoft’s powerful platform has helped many businesses save a lot of time and money by automating key IAM tasks. However, the way businesses operate has changed significantly over the last few years, and with that has come increased risk and fresh challenges.
Whilst you could argue that Microsoft Identity Manager is just FIM with an additional interface and a better connection to the Microsoft Cloud; it’s those additions which could be crucial to the success of your business over the next five years.
The good news is that MIM has been around for some time. Since it hit general availability status in June 2015, it has been tried and tested, with 3 factors cited for its success:
1. Privileged Access Management (PAM)
PAM is MIM’s key security feature – and it’s timely. With Wonga, Tesco and Yahoo! amongst a number of high profile data breaches in 2016/17, organisations are starting to think ‘when’ rather than ‘if’ they are going to be compromised by a serious cyber or insider attack.
With PAM, organisations get essential visibility of when users are undertaking administrative tasks within their network. It uses a Bastion directory to provide timely and managed elevation of access for the on-premises directory service. This is achieved by creating a set of administration roles that can be requested and authorised before a user gains the relevant privilege. All of these elements are accessed using a web interface.
PAM will help organisations protect themselves against a number of attack methods used by hackers to gain administration access to their servers.
If you want to learn more about PAM, you can view a webinar recording that explores the tool in detail.
2. Hybrid reporting and synchronisation
Although you were able to provision accounts into a variety of cloud systems using FIM, and this has not changed, the improved integration with Azure Active Directory (AD) Premium in MIM is significant.
MIM links directly to the Azure environment to enable multi-factor authentication (MFA) when users want to reset their own password (via a mobile phone).
You can also report on events that take place within the MIM environment, so they can be included in the Azure AD Premium security reports. Since Azure AD Premium also includes licensing for MIM, this ensures that the identity management on-premises events can be linked to the cloud-based environment.
The user portal has hardly changed and still works in the same way – so the interface is familiar and easy to use, which should help keep your employees happy and more productive.
However, there have been a number of changes in the background. Crucially, this means MIM will support the latest platforms, including Windows Server 2012 R2 (which is the server platform Oxford Computer Group recommends).
Modern APIs will support the certificate management system and the PAM system. The new certificate management APIs are particularly noteworthy, as they allow users and managers to request and renew PKI certificates when utilising RESTful API calls.
The best word to describe Microsoft Identity Manager is continuity. Importantly, MIM retains the core components which its users are familiar with, but the software has been brought up to date. New features may have been kept to a minimum, but they have been carefully considered to ensure businesses can achieve the platform’s full potential and remain secure.
Watch a recording of our MIM webinar, and discover more about the key features in Microsoft’s identity platform.
Last updated: 18 April 2017