Explore Microsoft Identity Manager
Microsoft Identity Manager (MIM) helps organizations manage the users, credentials, policies, and access within their organizations and hybrid environments. With MIM, organizations can simplify identity lifecycle management with:
- automated workflows
- business rules
- integration with heterogenous platforms across the datacenter
MIM enables Active Directory to have the right users and access rights for on-premises apps. Microsoft Entra Connect and Microsoft Entra Connect cloud sync can then make those users and permissions available in Microsoft Entra ID for Microsoft 365 and cloud-hosted apps.
On-premises Active Directory, Microsoft Entra ID, or a hybrid combination of the two offer services for user and device authentication, identity and role management, and provisioning.
Common MIM scenarios include:
- Automatic identity and group provisioning based on business policy and workflow-driven provisioning.
- Integration of the contents of directories with HR systems and other sources of authority.
- Synchronizing identities between directories, databases, and on-premises applications through common APIs and protocols, Microsoft-delivered connectors, and partner-delivered connectors.
Identity has become the common factor among many services, like Microsoft 365 and Xbox Live, where the person is the center of the service. Identity is now the security boundary, the new firewall, the control plane—whichever comparison you prefer. Your digital identity is the combination of your credentials and what you’re allowed to do. In other words:
Credentials + privileges = digital identity
MIM enables organizations to protect its privileged accounts. These identities have more than the normal user rights and, if compromised, allow a malicious hacker to access sensitive corporate assets. Helping secure these privileged identities is a critical step to establishing security assurances for business assets in a modern organization. Cybercriminals target these accounts and other privileged services in their kill chain to carry out their goals.
Within Microsoft 365, Microsoft Entra Privileged Identity Management (PIM) is recommended as the service to help protect your privileged accounts.
Evolution of identities
The following diagram displays the evolution of identity authentication.
Organizations should complete the following steps to prepare for a passwordless world:
- Enforce MFA. Conform to the fast identity online (FIDO) 2.0 standard. Doing so enables organizations to require a PIN and a biometric for authentication rather than a password. Windows Hello is one good example, but choose the MFA method that works for your organization.
- Reduce legacy authentication workflows. Place apps that require passwords into a separate user access portal and migrate users to modern authentication flows most of the time. For example, only 10 percent of Microsoft's users enter a password on a given day.
- Remove passwords. Create consistency across Active Directory and Microsoft Entra ID to enable administrators to remove passwords from identity directory.
Knowledge check
Choose the best response for the following question. Then select “Check your answers.”