Microsoft MIM One-On-Won

By Aaron Lentz ·

With the recent revamping of Microsoft Identity Manager (MIM), formerly known as FIM, there is great potential for their IAM solution to rejoin the heavy hitters in the IAM spectrum in 2015.

One-on-One: Microsoft is taking on the other IAM solutions with more than just a heavy weight name. To match its competitors in the IAM space, Microsoft has added new functionality. Here are a few examples of the direction Microsoft is taking its IAM solution:

  • Addition of Privileged Access Management (PAM) - PAM is incorporated into MIM and the next release of Active Directory (AD) to allow for Just In Time (JIT) provisioning and deprovisioning of AD group memberships. JIT is the concept of getting access when access is needed rather than having access all time. PAM allows a predefined user set, called “candidate members,” to request temporary access to an AD group for a defined period of time. The PAM functionality provides businesses and its end users the peace of mind knowing that access to sensitive resources is only given as needed and is logged.


Image sourced from the Microsoft Identity Manager vNext Overview video.

  • Enhancing Certificate Management (CM) - The next iteration of CM will include a new modern application for self-service CM, a new rest API, OAuth2 Enabled and CM Server support for AD multi-forests.
  • Enhancing Self Service Password Reset (SSPR) - There are additions to SSPR expected with the release of MIM including:
  • Unlock Account: Providing self-service for an end-user to unlock their AD account using SSPR
  • SSPR to Azure AD Services Multi-Factor Authentication (MFA) - Using the Azure services, the MIM SSPR Multi-Factor Gate will call a provided phone number.
  • Additional Enhancements:
  • Modernization to support latest software versions (Windows Server, SharePoint, SQL, etc.)
  • Azure AD Connector
  • Streamlining the IAM Suite to the future of Azure
  • Note: The Microsoft Identity Manager vNext Overview” video provides a comprehensive list of items expected in the release of MIM.

One:  One solution to rule them all. Microsoft has provided a one-stop application to suit a variety of business and technology requirements:

  • MIM is still FIM - Like MIM’s recent ancestors, MIM does not replace FIM. MIM is an upgrade which will allow you to keep your FIM configuration in place. All of FIM’s features will still exist; however, customized features should go through regression testing as needed.
  • PAM - The addition of PAM was a huge step in IAM functionality that Microsoft did not have before.
  • Azure - Should Microsoft’s plan pan out for their projected IAM roadmap, Azure and IAM will become one offering. This means federation, SSO, simplified sign on and data management galore! One of the great perks with Azure is that MIM will now be included (MIM will continue to be offered separately).

Won: While Microsoft hasn’t won the battle for IAM , they have laid a groundwork that will require other IAM solutions to rethink their strategies and offerings to compete with the improved MIM.

Key to Success: Microsoft should continue working to improve their IAM offerings, letting the product’s features speak for themselves and enhancing their reporting, certification, role-based access control and other features as needed to stay competitive and provide businesses with desired functionality.

Microsoft’s MIM has significant potential to shake up the IAM marketplace. Microsoft has alluded that more functionality may come with MIM. We all look forward to BHOLDing what else MIM has to offer.