Enterprise Mobility and Security Blog

RSS

Howdy folks,

It’s a great day here in Redmond! The weather is amazing and I have the fun job of letting you know that a updated public preview of Microsoft Identity Manager (MIM, the product formerly known as Forefront Identity Manager) is now available. This release is beta quality and includes a lot of new capabilities:

  1. Manual approval of elevation requests
  2. The ability to require a Multi-Factor Authentication challenge as part of an elevation request
  3. Improved security monitoring of your privileged forest
  4. Azure AD based reporting capabilities in the cloud

To give you the key details for this release, including where you can get it, I’ve asked Sharon Laivand from our MIM Program Management team to write up a quick guest post. You’ll find it below.

I hope you’ll find this new set of capabilities useful in improving the identity automation and security posture of your company both on-premises and in the cloud.

And as always, we’d love to hear any feedback or suggestions you have!

Best Regards,

Alex Simons (Twitter: @Alex_A_Simons)

Director of Program Management

Microsoft Identity and Security Division

——————————–

Greetings Everyone,

Today we are excited to announce a major update to the Microsoft Identity Manager (MIM) vNext Public Preview–a “beta” quality release.

This release improves MIM’s readiness for production environments and adds new, exciting capabilities: user approval for Privileged Access Management (PAM) workflows, PAM elevation now with Multi-Factor Authentication (MFA), better security monitoring of privileged forests, MIM reporting in the Azure Active Directory portal and an in-place upgrade from Forefront Identity Manager (FIM) 2010 R2 to MIM.

This major update builds upon our release from last month.

Many of the added enhancements in this release are based on the feedback that we got from you, our customers and partners. Thanks!

We would like to get your feedback on this release after you have tested it in your labs.

Just in case you are new to MIM, MIM offers on-premises Identity and Access Management with connections to the cloud. It is included with your Azure Active Directory Premium licenses or it can be purchased on its own for your on-premises scenarios.

Updates to Privileged Access Management

The PAM elevation authorization workflow now supports both approvals and MFA challenge. In the earlier Public Preview, requests to elevate to privileged roles would be approved automatically if the user’s account was enabled and a candidate for the role.

In this update, you can enable manual approval for specified roles by role approvers. When creating a role, you can specify whether it requires manual approvals and who is authorized to approve the elevation requests.

This is how approvals look in the PAM sample portal:

This Public Preview also adds the ability to specify that the user must complete a phone based Multi-Factor Authentication (MFA) during elevation. This can reduce the risk of exposure in case a user’s credentials have been compromised.

We will also be continuing to add more features to the PowerShell cmdlets and enhancing the MIM PAM monitoring services to warn of anomalies in the PAM forest.

MIM Reports in Azure AD

Today, we are also starting the private preview of MIM reporting in the Azure Management Portal. This new capability enables a MIM customer who is also using Azure AD Premium to see MIM’s activity in Azure AD reports alongside activity occurring in Azure AD itself. The first report that will include MIM activity will be self-service password resets.

If your organization uses MIM and Azure AD Premium for self-service password reset, then you will be able to see a combined view of users performing password resets using either. This will show up in the Azure AD Reports tab in the Password Reset Activity Report.

If you want to try MIM reporting in Azure AD, please send us an email with your Azure AD tenant ID and we will work to enable this feature in private preview for your tenant.

How to get the Public Preview

We are eager to get your feedback on this major update release. We encourage our customers and partners to download the Public Preview, test it out in a lab and provide feedback. You can download the Public Preview release from the Microsoft Connect site below:

  • Register at the Connect site and sign in
  • Join to the CTP program  (search for:  “Active Directory Identity and Access Management CTP”)
  • Download documents, product binaries and VMs and try the scenarios
  • Provide feedback via the Connect feedback form

Finally, we would like to meet you in-person at Ignite at our booth or in one of our many great Identity and Access Management sessions. Find out more info about Enterprise Mobility at Ignite here!

As always, please feel free to email us with any comments or questions.

Thank you,

Sharon Laivand