The Microsoft Identity Manager 2016 product hit “general availability” release status today, meaning that it’s available for commercial deployments.
MIM 2016 is the successor product to Forefront Identity Manager 2010 R2. It was at a second beta stage back in April, but it now can be downloaded as a 180-day evaluation copy at this page. Getting the commercial product is somewhat unclear as links today on Microsoft’s main page for MIM just go to the trial version. Updated links to get the product apparently will be available “next week,” according to Microsoft’s announcement today.
The product, which supports identity and access management for premises-based computing environments, is notable for having support for Windows 10 clients. It also supports Windows 8.1 clients, Windows Server 2012 R2 and the latest System Center Service Manager products, according to Microsoft’s TechNet specs.
Microsoft is touting MIM 2016 as a “modernized” product. It now has support for using REST-based APIs for certificate management in multiforest environments, for instance.
Microsoft is also touting “hybrid identity management” support (for cloud and premises-based environments) with Azure Active Directory. MIM 2016 can be used to establish end user single sign-on access privileges to cloud-based apps that are supported by Azure Active Directory, according to a Microsoft blog post. MIM 2016 also works with the Azure Management Portal to generate hybrid reports, but that capability possibly may require having an Azure Active Directory Premium subscription.
Microsoft built “privileged access management” controls into MIM 2016 as a way to fine tune network access privileges by IT personnel. MIM 2016 uses Just Enough Administration, a Microsoft PowerShell scheme, to control administrative rights, for instance. It’s also possible to set time limits on IT personnel access privileges.
The product enables self-service capabilities for requesting access privileges, based on “group, profile, certificate and role management” categories. Self-service requests can be verified by multifactor authentication, which typically entails sending a text message or an automated phone call to a device to secondarily verify the user’s identity.
Although the product is commercially released, a deployment pack for MIM 2016 will be arriving “in the next 90 days,” Microsoft’s announcement indicated. This deployment pack seems rather crucial. It will help automate “the preparation of the privileged identity management environment” and it will help harden that environment by “setting up the privileged AD forest security principals,” among other such details.