Why and how to move on from Microsoft Identity Manager 2016? Identity governance

MIM (formerly Forefront Identity Manager, and Identity Lifecycle Manager before that) is a widely used service for managing user lifecycles and access rights in Active Directory.  

Right now, it is slowly moving into a well-earned retirement phase. But don’t worry, it’s not the end of the world. There are tools you can use in its place, and there’s still time to move to another service. 

Is Microsoft Identity Manager reaching the end of life?

In simple terms, yes. It is no longer actively developed by Microsoft, although mainstream support for MIM will be available till January 2029.

Still, for many organizations, it is time to look for a replacement.

Microsoft has turned its focus to Azure AD. Can it really replace MIM entirely?

As we consultants like to say: it depends. Let’s have a look at what you can use to manage identities and up your IAG game.

What does Microsoft Identity Manager do?

MIM can synchronize your Active Directory with multiple external systems to centralize the management of user accounts. Its key features include:

1. Identity management – including user on- and offboarding, attribute synchronization, and self-service profile management
2. Group management – for manual, manager-based, and dynamic groups, featuring self-service workflows and access request & approval process
3. Credential management – with self-service functionalities, MFA, and password synchronization
4. Policy management – covering authentication, authorization, codeless provisioning, and a SharePoint-based admin portal.

This is just a snapshot of its capabilities. MIM also facilitates RBAC (with BHOLD), PAM, certificate management and reporting, and many other functionalities.

For on-premises environments, it has been the cornerstone of Identity and Access Management for a very long time.

Is it over for MIM? Watch our webinar to find out

Do you need Microsoft Identity Manager?

There are some scenarios where MIM still performs very well. This is especially true for environments based largely on-premises. Example use cases include:

• A frequent user on/offboarding, e.g. in hospitality or retail industries
• Automating Microsoft 365 license management
• Helping with MS Teams management
• Facilitating quick synchronization during mergers & acquisitions (possible with the addition of Azure B2B to allow guests to a tenant)
• Office 365 contact synchronization between tenants
• On-premises synchronization from AD to other directories and applications
• The need for compliance and meeting audit requirements.

You can also build custom workflows and connectors to integrate the platform with internal systems, such as CISCO Unified Communications Manager.

What to replace MIM with?

Does it mean MIM is the only option for identity management? Not necessarily. Especially considering that MIM will soon be decommissioned, it is a good time to start looking at alternatives.

The closest replacement is, of course, Azure AD. It has a range of features that enable simple identity and access management for internal and external users.

If you’ve got a cloud-first or hybrid environment, it’s a perfect choice.

Disadvantages of using MIM

Some important functionalities are not available in Microsoft Identity Manager 2016. These include:

• Reporting and auditing
• Passwordless authentication
• Compliance and governance tools
• Access review and Entitlement Management.

If you’re looking to upgrade your identity and access governance, use Azure AD to plug these gaps.

Disadvantages of using Azure AD

Particularly for on-premises environments, there are some features in MIM that are currently not available in Azure AD. They include:

• Role-Based Access Control (RBAC) for on-premises resources including access management, role mining, segregation of duties, attestation campaigns, and reporting
• Privileged Access Management (PAM) for on-premises AD DS environment with just-in-time access to security groups
• Certificate Management for managing the complete life cycle of smart cards and software-based certificates
• Audit Reports covering identity and access governance including identity attribute change log, role management, and access attestation.

What’s the strategy for moving on from Microsoft Identity Manager 2016?

MIM was great for on-premises environments, but with more and more organizations moving towards the cloud, they’re starting to look for cloud-based replacements.

As we’ve indicated, Azure AD is the closest substitute. By adding third-party tools you can easily replace all of MIM’s features, and add many new ones.

Here are the first steps to developing your MIM migration roadmap:

1. Review your MIM implementation. What are the key functionalities you use and need to migrate?
2. Reduce the dependency on MIM 2016 infrastructure by implementing the quick wins listed above
3. Consider Azure AD Identity Governance for simple governance of your cloud resources.
4. Enable SSO for on-premises and SaaS applications with Azure AD SSO
5. Evaluate Omada Identity for hybrid access governance. Start by introducing the key elements alongside your MIM implementation.

Click the image to download the infographic

In need of MIM platform support? Get in touch and we’ll help you out.