Wednesday, April 29, 2015

Microsoft Updates Next Identity Manager Beta


Microsoft announced on Tuesday an upcoming update of the public "preview of the next Microsoft Identity Manager (MIM) product.

MIM is Microsoft's next iteration of its Forefront Identity Manager product, with an expected product release in the first half of this year, although Rob Helm of Directions on Microsoft expects "late 2015." Microsoft has largely deprecated its Forefront product line, but its identity and access management solution will live on with the forthcoming MIM product. This latest "major" update to the MIM beta, announced today, includes improvements that are arriving on top of an earlier beta release that occurred in March, Microsoft explained today.

Back in March, Microsoft had added privileged access management (PAM) support for Windows Server 2012 R2 (the MIM beta formerly had just supported Microsoft's next Windows Server product). Microsoft also added certificate management improvements, plus a new self-service password unlock feature for end users. In addition, Microsoft had rolled out the ability to perform an "in-place upgrade" from Forefront Identity Manager 2010 R2 product to the new MIM product.

PAM is a big part of Microsoft's new identity and access management solution. The earlier Forefront Identity Manager product had focused on role management, certificate management, group management and password reset capabilities. The upcoming MIM product will have three main investments, Microsoft explained back in an October TechEd Europe session. First, Microsoft is aiming to modernize the platform. Next, it's adding the PAM feature that controls administrative access to resources. Lastly, Microsoft is planning to support hybrid configurations, where the identity and access management solution will work across Azure Active Directory and premises-based AD environments.

Microsoft showed off a list of those coming MIM improvements at the TechEd Europe session in this slide:

http://mcpmag.com/articles/2015/04/22/~/media/ECG/redmondmag/Images/2015/04/150421MIMInvestments_sm.ashx 
Microsoft Identity Manager investments: Source: Microsoft TechEd Europe 2014 session.

The latest beta release, available today via the Microsoft Connect portal, has improved the PAM capability by adding the ability to instigate multifactor authentication challenges to persons requesting resource access. By "multifactor authentication," Microsoft typically means some other means of verifying a user's identity besides using a password, such as getting a response to a text message or a smartphone call. It's also now possible to specify that manual approvals are required to enable resource access with this updated beta.

Also new in this beta is the ability to integrate MIM reporting with the Azure Management Portal. However, this so-called "hybrid reporting" capability is just available as a private preview for testers who use the Azure AD Premium service. To test this capability, organizations have to request access by sending Microsoft an e-mail, as described in Microsoft's announcement today.

The new hybrid reporting capability will allow users to see MIM activity in the Azure Management Portal. However, Microsoft seems to be adding to this capability bit by bit. For instance, the first capability Microsoft is adding is the ability to see self-service password resets performed by end users.

Microsoft showed off this hybrid reporting capability in the Azure Management Portal with this screenshot during the TechEd Europe talk:

http://mcpmag.com/articles/2015/04/22/~/media/ECG/redmondmag/Images/2015/04/150421MIMHybridReporting_lg.ashx

Screenshot of Microsoft Identity Manager hybrid reporting via the Azure Management Portal: Source: Microsoft TechEd Europe 2014 session.

Microsoft plans to provide more details about its coming MIM product at next month's Ignite event. The event will include a session on performing upgrades from the current Forefront Identity Manager product. Microsoft plans to sell the new MIM solution as a standalone product or as part of an Azure AD Premium subscription.

No comments:

Post a Comment

Note: Only a member of this blog may post a comment.