News

Microsoft Identity Management Service Hits Preview

Microsoft's new identity and access management product, Microsoft Identity Manager, became available as a preview on Tuesday.

The preview can be downloaded from the Microsoft Connect site here, and requires filling out a sign-up form. This release, which Microsoft describes as a first "Community Technology Preview" (CTP), contains three new capabilities. Additional capabilities will be available in a subsequent test release known as "CTP 2," which is expected to arrive in the next two to three months.

Delivery of the final Microsoft Identity Manager product is expected in "the first half of calendar year 2015," according to Microsoft.

Microsoft's announcement promised that Microsoft Identity Manager "will be part of the Azure Active Directory Premium" cloud-based identity and access management service offering. However, what's meant by that statement is that Azure Active Directory Premium subscribers will have the licensing rights to use Microsoft Identity Manager, according to a Microsoft spokesperson:

As part of Azure AD Premium, customers get on-premises use rights to MIM, so when MIM ships our Premium customers get it too. Azure AD Premium shipped in April 2014 and we are adding new capabilities on a very frequent cadence.

New CTP Features
The most requested new feature in the new Microsoft Identity Manager preview is called "privileged access management," which is aimed at reducing the possibility of outside and internal attacks. It's designed to protect the privileged accounts of IT pros by placing them into a dedicated forest. In addition, privileged access management roles can be set, based on user name and an expiration time, which can be set up via PowerShell or the product's management portal. These users can "step up" to gain privileged access rights, but they don't get those rights forever. Microsoft Identity Manager has a "just-in-time" protection feature that will cause those rights to expire after a specified period.

The second new capability in the preview is the ability to use Azure multifactor authentication with Microsoft Identity Manager's self-service password reset feature. It was possible to set up password resets via phone and Q&A text authentications, but Microsoft claims that using Azure multifactor authentication frees organizations from having to use the services of a telecom service provider or short message service provider to enable this kind of security check.

The third new feature is a Windows Store application for enrolling new virtual smart cards or resetting the personal identification numbers of certificates. The new app is based on a REST API. The main benefit of having the REST-based API is that enrollment operations can be carried out by users with devices that aren't domain joined, according to Microsoft's announcement.

Expanded Platform Support
Microsoft Identity Manager is being designed to support Microsoft's latest server products, as well as Visual Studio 2013 for designing product extensions. The planned platform support includes:

  • "Windows Server 10"
  • Windows Server 2012 R2
  • SharePoint 2013
  • SQL Server 2014
  • Exchange Server 2013

Microsoft Identity Manager was formerly known as "Forefront Identity Manager." Microsoft renamed it after deprecating the rest of its Forefront enterprise security products. The transition away from the Forefront line was announced in late 2012.

About the Author

Kurt Mackie is senior news producer for the 1105 Enterprise Computing Group.