Microsoft Identity Manager 2016 Handbook
By David Steadman and Jeff Ingalls
4/5
()
About this ebook
- Get to grips with the basics of identity management and get acquainted with the MIM components and functionalities
- Discover the newly-introduced product features and how they can help your organization
- A step-by-step guide to enhance your foundational skills in using Microsoft Identity Manager from those who have taught and supported large and small enterprise customers
If you are an architect or a developer who wants to deploy, manage, and operate Microsoft Identity Manager 2016, then this book is for you. A basic understanding of Microsoft-based infrastructure using Active Directory is expected. Identity management beginners and experts alike will be able to apply the examples and scenarios to solve real-world customer problems.
Related to Microsoft Identity Manager 2016 Handbook
Related ebooks
DevOps with Windows Server 2016 Rating: 0 out of 5 stars0 ratingsGetting Started with Microsoft System Center Operations Manager Rating: 0 out of 5 stars0 ratingsMicrosoft Hyper-V Cluster Design Rating: 0 out of 5 stars0 ratingsMastering Windows Server 2016 Rating: 5 out of 5 stars5/5Microsoft System Center PowerShell Essentials Rating: 0 out of 5 stars0 ratingsMastering Windows PowerShell Scripting Rating: 4 out of 5 stars4/5System Center 2012 R2 Virtual Machine Manager Cookbook Rating: 0 out of 5 stars0 ratingsMicrosoft Windows Security Essentials Rating: 5 out of 5 stars5/5Mastering System Center Configuration Manager Rating: 0 out of 5 stars0 ratingsHybrid Cloud Management with Red Hat CloudForms Rating: 0 out of 5 stars0 ratingsHybrid Cloud For Dummies Rating: 0 out of 5 stars0 ratingsDesigning Hyper-V Solutions Rating: 0 out of 5 stars0 ratingsLearning PowerCLI - Second Edition Rating: 0 out of 5 stars0 ratingsHyper-V 2016 Best Practices Rating: 0 out of 5 stars0 ratingsvSphere 5 AutoLab 1.1a Deployment Guide Rating: 0 out of 5 stars0 ratingsPowerShell A Complete Guide - 2019 Edition Rating: 0 out of 5 stars0 ratingsLeveraging WMI Scripting: Using Windows Management Instrumentation to Solve Windows Management Problems Rating: 5 out of 5 stars5/5Windows PowerShell for .NET Developers - Second Edition Rating: 4 out of 5 stars4/5Practical Powershell Office 365 Exchange Online Learn to Use Powershell More Efficiently and Effectively With Exchange Online Rating: 0 out of 5 stars0 ratingsCompTIA Linux+ and LPIC Practice Tests: Exams LX0-103/LPIC-1 101-400, LX0-104/LPIC-1 102-400, LPIC-2 201, and LPIC-2 202 Rating: 0 out of 5 stars0 ratingsMastering VMware NSX for vSphere Rating: 0 out of 5 stars0 ratingsMicrosoft Azure A Complete Guide - 2019 Edition Rating: 1 out of 5 stars1/5MCA Microsoft Certified Associate Azure Administrator Study Guide: Exam AZ-104 Rating: 0 out of 5 stars0 ratingsNetwork Designs A Complete Guide - 2019 Edition Rating: 0 out of 5 stars0 ratingsMicrosoft Windows Security Fundamentals: For Windows 2003 SP1 and R2 Rating: 0 out of 5 stars0 ratingsVMware NSX A Clear and Concise Reference Rating: 0 out of 5 stars0 ratingsMastering PowerCLI Rating: 0 out of 5 stars0 ratingsWindows Server A Complete Guide - 2019 Edition Rating: 0 out of 5 stars0 ratingsEnterprise PowerShell Scripting Bootcamp Rating: 0 out of 5 stars0 ratingsVMware vRealize Orchestrator Cookbook - Second Edition Rating: 5 out of 5 stars5/5
Programming For You
Coding All-in-One For Dummies Rating: 4 out of 5 stars4/5HTML & CSS: Learn the Fundaments in 7 Days Rating: 4 out of 5 stars4/5Python Programming : How to Code Python Fast In Just 24 Hours With 7 Simple Steps Rating: 4 out of 5 stars4/5Learn to Code. Get a Job. The Ultimate Guide to Learning and Getting Hired as a Developer. Rating: 5 out of 5 stars5/5Hacking: Ultimate Beginner's Guide for Computer Hacking in 2018 and Beyond: Hacking in 2018, #1 Rating: 4 out of 5 stars4/5SQL QuickStart Guide: The Simplified Beginner's Guide to Managing, Analyzing, and Manipulating Data With SQL Rating: 4 out of 5 stars4/5Grokking Algorithms: An illustrated guide for programmers and other curious people Rating: 4 out of 5 stars4/5Python Projects for Beginners: A Ten-Week Bootcamp Approach to Python Programming Rating: 0 out of 5 stars0 ratingsExcel : The Ultimate Comprehensive Step-By-Step Guide to the Basics of Excel Programming: 1 Rating: 5 out of 5 stars5/5PYTHON: Practical Python Programming For Beginners & Experts With Hands-on Project Rating: 5 out of 5 stars5/5SQL All-in-One For Dummies Rating: 3 out of 5 stars3/5Python: For Beginners A Crash Course Guide To Learn Python in 1 Week Rating: 4 out of 5 stars4/5Web Designer's Idea Book, Volume 4: Inspiration from the Best Web Design Trends, Themes and Styles Rating: 4 out of 5 stars4/5OneNote: The Ultimate Guide on How to Use Microsoft OneNote for Getting Things Done Rating: 1 out of 5 stars1/5Learn PowerShell in a Month of Lunches, Fourth Edition: Covers Windows, Linux, and macOS Rating: 0 out of 5 stars0 ratingsLinux: Learn in 24 Hours Rating: 5 out of 5 stars5/5C++ Learn in 24 Hours Rating: 0 out of 5 stars0 ratingsHTML in 30 Pages Rating: 5 out of 5 stars5/5Learn JavaScript in 24 Hours Rating: 3 out of 5 stars3/5Beginning Programming with Python For Dummies Rating: 3 out of 5 stars3/5Raspberry Pi Cookbook for Python Programmers Rating: 0 out of 5 stars0 ratings
Reviews for Microsoft Identity Manager 2016 Handbook
1 rating0 reviews
Book preview
Microsoft Identity Manager 2016 Handbook - David Steadman
problem.
Chapter 1. Overview of Microsoft Identity Manager 2016
Microsoft Identity Manager 2016 (MIM 2016) is not one product but a family of products working together to mitigate challenges regarding identity management. In this chapter, we will discuss the MIM family and provide a brief overview of the major components available. The following diagram shows a high-level overview of the MIM family and the components relevant to an MIM 2016 implementation:
Within the MIM family, there are some parts that can live by themselves and others that depend on other parts. To fully utilize the power of MIM 2016, you should have all the parts in place, if possible. At the center, we have MIM Service and MIM Synchronization Service (MIM Sync). The key to a successful implementation of MIM 2016 is to understand how these two components work—by themselves as well as together.
The Financial Company
The name of our fictitious company is The Financial Company. The Financial Company is neither small nor big. We will not give you any indication of the size of this company because we do not want you to take our example setup as being optimized for a company of a particular size, although we will provide some rough sizing guidelines later.
As with many other companies, The Financial Company tries to keep up with modern techniques within their IT infrastructure and is greatly concerned with unauthorized security issues. They are a big fan of Microsoft and live by the following principle:
If Microsoft has a product that can do it, let's try that one first.
The concept of cloud computing is still somewhat fuzzy to them, and they do not yet know how or when they will be using it. They do understand that in the near future, this technology will be an important factor for them, so they have decided that for every new system or function that needs to be implemented, they will take cloud computing into account.
The challenges
During a recent inventory of the systems and functions that their IT department supported, a number of challenges were found. We will now have a look at some of the identity management (IdM)-related challenges that were uncovered.
Provisioning of users
The Financial Company discovered a new employee or contractor may wait up to a week before accounts are provisioned to the various required systems, and the correct access is granted to each person to do his/her job. The Financial Company would like account provisioning and proper access granted within a few hours.
The identity life cycle procedures
A number of identity life cycle management issues were found.
Changes in roles took way too long. Access based on old roles continued even after people were moved to a new function or after they changed their job. The termination and disabling of identities was also sometimes missed. A security review found active accounts of users who had left the company more than six months ago.
The security review found one HR consultant who had left The Financial Company months ago that still had VPN access and an active administrative HR account. The access should have been disabled when the project was completed and the consultant's contract had ended.
The Financial Company would like a way of defining identity management policies and a tool that detects anomalies and enforces their business policies. The Financial Company would like business policy enforcement to take no more than a few hours.
Highly privileged accounts (HPA)
The Financial Company has been successful in reducing the number of powerful administrative accounts over the last few years; however, a few still exist. There are also other highly privileged accounts and a few highly privileged digital identities, such as code signing certificates. The concern is that the security of these accounts is not as strong as it should be.
Public key infrastructure (PKI) within The Financial Company is a one-layer PKI, using an Enterprise Root CA without hardware security module (HSM). The CSO is concerned that it is not sufficient to start using smart cards because he feels the assurance level of the PKI is not high enough.
Password management
The helpdesk at The Financial Company spends a lot of time helping users who have forgotten their password. Password resets are done for internal users as well as partners with access to shared systems.
Traceability
The Financial Company found that they had no processes or tools in place to trace the status of identities and roles historically. They wanted to be able to answer questions such as:
Who was a member of the Domain Admins group in April?
When was John's account disabled, and who approved it?
The environment
The following diagram gives you an overview of the relevant parts of the current infrastructure within The Financial Company:
The diagram does not represent any scaling scenarios but rather shows the different functions we will be using in this