The release of Microsoft Identity Manager (MIM) 2016 went slightly under the radar. With the technology giant focused on Windows 10 and its vision of a cloud-first, mobile-first world, a new on-premises identity and access management platform wasn’t part of the script. Yet MIM was arguably the most significant piece of new technology released in 2015 for many businesses.
Since its launch in 2010, Forefront Identity Manager (FIM) has become synonymous with identity lifecycle management. Microsoft’s powerful platform has helped many businesses save a lot of time and money by automating key IAM tasks. However, the way businesses operate has changed significantly over the last five years, and with that has come increased risk and fresh challenges.
Whilst you could argue that MIM is just FIM with an additional interface and a better connection to the Microsoft Cloud; it’s those additions which could be crucial to the success of your business over the next five years…
Privileged Access Management (PAM)
PAM is MIM’s key new security feature – and it’s timely. With TalkTalk and Hilton amongst a number of high profile data breaches in 2015, organisations are starting to think ‘when’ rather than ‘if’ they are going to be compromised by a serious cyber or insider attack.
With PAM, organisations get essential visibility of when users are undertaking administrative tasks within their network. It uses a Bastion directory to provide timely and managed elevation of access for the on-premises directory service. This is achieved by creating a set of administration roles that can be requested and authorised before a user gains the relevant privilege. All of these elements are accessed using a web interface.
PAM will help organisations protect themselves against a number of attack methods used by hackers to gain administration access to their servers.
If you want to learn more about PAM, you can view a webinar recording from December.
Hybrid reporting and synchronisation
Although you were able to provision accounts into a variety of cloud systems using FIM, and this has not changed, the improved integration with Azure Active Directory (AD) Premium in MIM is significant.
MIM links directly to the Azure environment to enable multi-factor authentication (MFA) when users want to reset their own password (via a mobile phone).
You can also report on events that take place within the MIM environment, so they can be included in the Azure AD Premium security reports. Since Azure AD Premium also includes licensing for MIM, this ensures that the identity management on-premises events can be linked to the cloud-based environment.
The user portal has hardly changed and still works in the same way – so the interface is familiar and easy to use, which should help keep your employees happy and more productive.
However, there have been a number of changes in the background. Crucially, this means MIM will support the latest platforms, including Windows Server 2012 R2 (which is the server platform Oxford Computer Group recommends).
Modern APIs will support the certificate management system and the PAM system. The new certificate management APIs are particularly noteworthy, as they allow users and managers to request and renew PKI certificates when utilising RESTful API calls.
The best word to describe Microsoft Identity Manager is continuity. Importantly, MIM retains the core components which its users are familiar with, but the software has been brought up to date. New features may have been kept to a minimum, but they have been carefully considered to ensure businesses can achieve the platform’s full potential and remain secure.
Watch a recording of our recent MIM webinar, and discover more about the latest features in Microsoft’s new identity platform.