Microsoft Identity Manager
What is Microsoft Identity Manager (MIM)?
Microsoft Identity Manager -- also called Microsoft Identity Manager 2016 or MIM -- is an on-premises tool that enables organizations to manage access, users, policies and credentials. MIM is a server-based synchronization engine and is the successor to Microsoft's Forefront Identity Manager 2010 R2.
MIM is designed for enterprise security and systems administrators tasked with organizing enterprise-class identity management responsibilities. MIM ensures that an organization has the correct users and access rights for Active Directory (AD) as well as for any on-premises applications. By synchronizing its users' identity data between systems, MIM helps simplify identity lifecycle management. When used with AD and Azure AD Connect, MIM enables consistent sign-on experiences for on-premises and software-as-a-service applications.
MIM works by bringing together authoritative systems or authentication stores such as AD, Lightweight Directory Access Protocol or other SQL systems.
MIM is licensed per user, and a Client Access License is required for each user with a managed identity. A Windows Server license is required to run MIM as a server. However, MIM is included with Azure AD Premium, which is part of the Enterprise Mobility Suite.
What does Microsoft Identity Manager do?
Microsoft Identity Manager consists of components, including MIM Service, the Synchronization Service database, Reporting, Privileged Access Management (PAM) and MIM client add-ins. Through these components and others, MIM supports a variety of related identity features. In addition to local identity management, MIM supports the following:
- Hybrid environments, by working in tandem with the Microsoft Azurepublic cloud.
- Privileged identity management, which restricts privileged access and provides users with temporary access to certain administrative capabilities. This helps reduce the workload for IT administrators while limiting the attack opportunities for malicious users.
- Group management options for manual, manager-based or dynamic groups. Options include self-service workflows as well as access request and approval processes.
- Credential management is enabled by self-service, multifactor authentication (MFA) and synchronization of passwords.
- Policy management, which enables the use of authentication, authorization, codeless provisioning and an admin portal for SharePoint.
- Role-based access control and other functionalities such as PAM, certificate management and reporting.
How do I deploy Microsoft Identity Manager?
The following three steps are used to set up Microsoft Identify Manager:
- Prepare a domain. Follow Microsoft's steps to configure the AD domain controller.
- Prepare identity management servers. Identity management servers need to be set up, which includes configuring Windows Server, SQL Server and SharePoint Server.
- Install MIM components. MIM components can be installed and synced with AD, along with MIM Synchronization Service and MIM Service and Portal.
Is Microsoft Identity Manager still being supported?
Mainstream support for Microsoft Identify Manager ended in January 2021, meaning that Microsoft is no longer actively developing MIM. Azure AD Premium users, however, receive extended support until 2026.
The most recent version of MIM is 4.6.607.0. This version includes updates to PAM components, Service and Portal, Synchronization Service and Self-Service Password portals.
MIM still performs well in scenarios where there is frequent employee onboarding and offboarding, as well as when users need quick Microsoft 365 contact and on-premises synchronizations. Azure AD is a potential replacement for MIM, as the tool provides identity and access management features for users.
History of Microsoft Identity Manager
Microsoft Identity Manager, originally known as Zoomit Corp's VIA, was acquired by Microsoft in 1999 and renamed Microsoft Metadirectory Services. In 2007, following a set of acquisitions, mergers and changes, the product became Identity Lifecycle Manager (ILM). Three years later, ILM was renamed to Forefront Identity Manager (FIM). FIM added features to the software such as administration, web-based portal configuration and self-service. This enabled systems administrators to reset passwords, manage groups and start actions based on the passage of time.
FIM changed names again in 2015, this time to Microsoft Identity Manager 2016. MIM had new features such as Privileged Access Management to help secure corporate Windows environments. MIM has been continually updated over time, with a long-running version release history. Updates normally included hotfixes to different MIM components, like numerous updates to PAM, Service and Portal and Synchronization Service. Notable updates included service pack updates, which provided more substantial updates for MIM components.
Support for Microsoft Identify Manager ended in January 2021, with Azure AD Premium users receiving extended support until 2026.
Learn more about using Azure AD for identity management here.