Microsoft Identity Manager 2016 Handbook
By David Steadman and Jeff Ingalls
4/5
()
About this ebook
- Get to grips with the basics of identity management and get acquainted with the MIM components and functionalities
- Discover the newly-introduced product features and how they can help your organization
- A step-by-step guide to enhance your foundational skills in using Microsoft Identity Manager from those who have taught and supported large and small enterprise customers
If you are an architect or a developer who wants to deploy, manage, and operate Microsoft Identity Manager 2016, then this book is for you. A basic understanding of Microsoft-based infrastructure using Active Directory is expected. Identity management beginners and experts alike will be able to apply the examples and scenarios to solve real-world customer problems.
Related to Microsoft Identity Manager 2016 Handbook
Related ebooks
Getting Started with Microsoft System Center Operations Manager Rating: 0 out of 5 stars0 ratingsDevOps with Windows Server 2016 Rating: 0 out of 5 stars0 ratingsHybrid Cloud Management with Red Hat CloudForms Rating: 0 out of 5 stars0 ratingsMastering Windows PowerShell Scripting Rating: 4 out of 5 stars4/5Learning VMware vRealize Automation Rating: 0 out of 5 stars0 ratingsMastering Windows Server 2016 Rating: 5 out of 5 stars5/5Microsoft System Center PowerShell Essentials Rating: 0 out of 5 stars0 ratingsTroubleshooting NetScaler Rating: 0 out of 5 stars0 ratingsMCA Microsoft Certified Associate Azure Security Engineer Study Guide: Exam AZ-500 Rating: 0 out of 5 stars0 ratingsMicrosoft Hyper-V Cluster Design Rating: 0 out of 5 stars0 ratingsMastering PowerCLI Rating: 0 out of 5 stars0 ratingsLearning PowerShell DSC Rating: 0 out of 5 stars0 ratingsVMware NSX A Clear and Concise Reference Rating: 0 out of 5 stars0 ratingsCisco CCNA/CCENT Exam 640-802, 640-822, 640-816 Preparation Kit Rating: 1 out of 5 stars1/5Hyper-V 2016 Best Practices Rating: 0 out of 5 stars0 ratingsVMware vRealize Orchestrator Cookbook - Second Edition Rating: 5 out of 5 stars5/5Network Designs A Complete Guide - 2019 Edition Rating: 0 out of 5 stars0 ratingsPowerShell and WMI Rating: 0 out of 5 stars0 ratingsLearn Azure in a Month of Lunches Rating: 0 out of 5 stars0 ratingsLeveraging WMI Scripting: Using Windows Management Instrumentation to Solve Windows Management Problems Rating: 5 out of 5 stars5/5Mastering System Center Configuration Manager Rating: 0 out of 5 stars0 ratingsStorage area network The Ultimate Step-By-Step Guide Rating: 0 out of 5 stars0 ratingsCentOS 8 Essentials: Learn to Install, Administer and Deploy CentOS 8 Systems Rating: 0 out of 5 stars0 ratingsGIAC Certified Windows Security Administrator The Ultimate Step-By-Step Guide Rating: 0 out of 5 stars0 ratingsMicrosoft Azure A Complete Guide - 2019 Edition Rating: 1 out of 5 stars1/5Network Architecture A Complete Guide - 2019 Edition Rating: 0 out of 5 stars0 ratingsPractical Powershell Office 365 Exchange Online Learn to Use Powershell More Efficiently and Effectively With Exchange Online Rating: 0 out of 5 stars0 ratingsPowerShell A Complete Guide - 2019 Edition Rating: 0 out of 5 stars0 ratingsMicrosoft Windows Security Fundamentals: For Windows 2003 SP1 and R2 Rating: 0 out of 5 stars0 ratingsLearn Windows IIS in a Month of Lunches Rating: 0 out of 5 stars0 ratings
Programming For You
HTML & CSS: Learn the Fundaments in 7 Days Rating: 4 out of 5 stars4/5Grokking Algorithms: An illustrated guide for programmers and other curious people Rating: 4 out of 5 stars4/5Python Projects for Beginners: A Ten-Week Bootcamp Approach to Python Programming Rating: 0 out of 5 stars0 ratingsLearn to Code. Get a Job. The Ultimate Guide to Learning and Getting Hired as a Developer. Rating: 5 out of 5 stars5/5SQL QuickStart Guide: The Simplified Beginner's Guide to Managing, Analyzing, and Manipulating Data With SQL Rating: 4 out of 5 stars4/5Python Programming : How to Code Python Fast In Just 24 Hours With 7 Simple Steps Rating: 4 out of 5 stars4/5Coding All-in-One For Dummies Rating: 4 out of 5 stars4/5Learn PowerShell in a Month of Lunches, Fourth Edition: Covers Windows, Linux, and macOS Rating: 0 out of 5 stars0 ratingsJava for Beginners: A Crash Course to Learn Java Programming in 1 Week Rating: 5 out of 5 stars5/5The Unofficial Guide to Open Broadcaster Software: OBS: The World's Most Popular Free Live-Streaming Application Rating: 0 out of 5 stars0 ratingsPYTHON: Practical Python Programming For Beginners & Experts With Hands-on Project Rating: 5 out of 5 stars5/5Hacking: Ultimate Beginner's Guide for Computer Hacking in 2018 and Beyond: Hacking in 2018, #1 Rating: 4 out of 5 stars4/5SQL All-in-One For Dummies Rating: 3 out of 5 stars3/5The Little SAS Book: A Primer, Sixth Edition Rating: 5 out of 5 stars5/5Excel : The Ultimate Comprehensive Step-By-Step Guide to the Basics of Excel Programming: 1 Rating: 5 out of 5 stars5/5SQL: For Beginners: Your Guide To Easily Learn SQL Programming in 7 Days Rating: 5 out of 5 stars5/5Python: For Beginners A Crash Course Guide To Learn Python in 1 Week Rating: 4 out of 5 stars4/5Teach Yourself C++ Rating: 4 out of 5 stars4/5Pokemon Go: Guide + 20 Tips and Tricks You Must Read Hints, Tricks, Tips, Secrets, Android, iOS Rating: 5 out of 5 stars5/5
Reviews for Microsoft Identity Manager 2016 Handbook
1 rating0 reviews
Book preview
Microsoft Identity Manager 2016 Handbook - David Steadman
problem.
Chapter 1. Overview of Microsoft Identity Manager 2016
Microsoft Identity Manager 2016 (MIM 2016) is not one product but a family of products working together to mitigate challenges regarding identity management. In this chapter, we will discuss the MIM family and provide a brief overview of the major components available. The following diagram shows a high-level overview of the MIM family and the components relevant to an MIM 2016 implementation:
Within the MIM family, there are some parts that can live by themselves and others that depend on other parts. To fully utilize the power of MIM 2016, you should have all the parts in place, if possible. At the center, we have MIM Service and MIM Synchronization Service (MIM Sync). The key to a successful implementation of MIM 2016 is to understand how these two components work—by themselves as well as together.
The Financial Company
The name of our fictitious company is The Financial Company. The Financial Company is neither small nor big. We will not give you any indication of the size of this company because we do not want you to take our example setup as being optimized for a company of a particular size, although we will provide some rough sizing guidelines later.
As with many other companies, The Financial Company tries to keep up with modern techniques within their IT infrastructure and is greatly concerned with unauthorized security issues. They are a big fan of Microsoft and live by the following principle:
If Microsoft has a product that can do it, let's try that one first.
The concept of cloud computing is still somewhat fuzzy to them, and they do not yet know how or when they will be using it. They do understand that in the near future, this technology will be an important factor for them, so they have decided that for every new system or function that needs to be implemented, they will take cloud computing into account.
The challenges
During a recent inventory of the systems and functions that their IT department supported, a number of challenges were found. We will now have a look at some of the identity management (IdM)-related challenges that were uncovered.
Provisioning of users
The Financial Company discovered a new employee or contractor may wait up to a week before accounts are provisioned to the various required systems, and the correct access is granted to each person to do his/her job. The Financial Company would like account provisioning and proper access granted within a few hours.
The identity life cycle procedures
A number of identity life cycle management issues were found.
Changes in roles took way too long. Access based on old roles continued even after people were moved to a new function or after they changed their job. The termination and disabling of identities was also sometimes missed. A security review found active accounts of users who had left the company more than six months ago.
The security review found one HR consultant who had left The Financial Company months ago that still had VPN access and an active administrative HR account. The access should have been disabled when the project was completed and the consultant's contract had ended.
The Financial Company would like a way of defining identity management policies and a tool that detects anomalies and enforces their business policies. The Financial Company would like business policy enforcement to take no more than a few hours.
Highly privileged accounts (HPA)
The Financial Company has been successful in reducing the number of powerful administrative accounts over the last few years; however, a few still exist. There are also other highly privileged accounts and a few highly privileged digital identities, such as code signing certificates. The concern is that the security of these accounts is not as strong as it should be.
Public key infrastructure (PKI) within The Financial Company is a one-layer PKI, using an Enterprise Root CA without hardware security module (HSM). The CSO is concerned that it is not sufficient to start using smart cards because he feels the assurance level of the PKI is not high enough.
Password management
The helpdesk at The Financial Company spends a lot of time helping users who have forgotten their password. Password resets are done for internal users as well as partners with access to shared systems.
Traceability
The Financial Company found that they had no processes or tools in place to trace the status of identities and roles historically. They wanted to be able to answer questions such as:
Who was a member of the Domain Admins group in April?
When was John's account disabled, and who approved it?
The environment
The following diagram gives you an overview of the relevant parts of the current infrastructure within The Financial Company:
The diagram does not represent any scaling scenarios but rather shows the different functions we will be using in this