The IDM team at M&S Consulting is excited about Microsoft’s upcoming release / update / rebranding of Forefront Identity Manager to Microsoft Identity Manager. We’ve stood up a lab using the latest (as of this writing) CTP3 and so far have enjoyed playing around with the various new features and wanted to share our quick thoughts.
Outside of the modernization and support for the latest platforms and infrastructure, such as, Server 2012 R2, SharePoint 2013, SQL Sever 2014, Microsoft has included several new features to add to the product offering. These include Privileged Account Management / Access and Cloud and Hybrid capabilities and an upgraded certificate manager.
One of the latest trends in Identity Management is Privileged Account & Access Management. Microsoft is keeping up with Oracle here (Oracle released its Oracle Privileged Account Manager product a little over 18 months ago) by adding the capabilities to manage this in its next release.
Microsoft implements this through a separate privilege domain and request workflow giving a user temporary access to an entitlement (Microsoft calls this Just-In-Time (JIT) step-up). This can be requested and completed through the request interface of the MIM portal. What this means is, no longer having to allow your administrators full and un-adulterated access to everything, but also allows for better auditing and reporting of access to those privileged resources.
Additionally, Microsoft has added some Hybrid IDM features such as additional Self-Services Password Reset flows (or gates) that enables phone and text message based password resets, without having to subscribe to a 3rd party service. This is enabled through the use of Azure Active Directory.
Architecturally, MIM appears to be very similar, at least in the early CTP’s, to the existing FIM 2010 R2 product. All of the various FIM components including Portal, Sync Services, and the two database backends are all still there. This of course, is all pending on the release of the product, which still seems to be on track for a release in the next couple of months.
As a quick note, the Microsoft BHOLD Suite that provides enterprise-grade RBAC, Attestation, Analytics and Reporting, on top (or separately) of FIM, seems to be undiscussed at this point. There is really not a clear roadmap for this at the moment, but considering the similarity in architecture between FIM and MIM, M&S Consulting would not be surprised to see BHOLD continue to be offered as a separate product with future integrations being done against MIM.
We would love to talk with you about any of your Identity Management needs.