微软(Microsoft)在他们的一篇博客文章中宣布,微软身份管理器(Microsoft Identity Manager)( MIM ) 已经商业发布。如果您是第一次听说Microsoft Identity Manager,那么它是一种独家身份管理产品,旨在与Microsoft的基于 Azure 的服务配合使用。本质上(Essentially),它准备 Active Directory身份以与Azure Active Directory同步,帮助您在Azure 多重身份验证(Azure Multi-Factor Authentication)的帮助下重置密码,并为动态组提供批准以及重新设计的证书管理选项。
除了上述功能外,MIM还具有增强安全性的巨大价值,因为它具有混合报告和特权访问管理等功能,可保护管理员帐户,并增加对任何新安全协议的支持。
微软身份管理器
Microsoft Identity Manager是Forefront Identity Manager的后续产品,支持本地计算环境的身份和访问管理,此版本对Windows 10客户端具有独家支持。尽管Microsoft Identity Manager 2016现已普遍可用,但Microsoft计划在未来 90 天内发布一个附加部署包,这有助于自动准备特权身份管理环境,Microsoft Active Directory团队在他们的一篇博客文章中表示。
使用Microsoft 身份管理器的好处(Microsoft Identity Manager)
以下是Microsoft Identity Manager 2016必须提供的一些好处:
共同身份(Common identity)
通过自动化工作流、业务规则以及与跨云和数据中心的异构平台的无缝集成,它简化了身份生命周期管理。利用它提供的单一界面,可以根据业务策略自动执行身份和组配置,并实施工作流驱动的配置。在 Visual Studio和.NET开发环境的帮助下,您可以扩展MIM以支持新的场景和用例。
启用用户(Enable users)
MIM充当一站式界面,允许用户自我修复身份问题,包括组成员资格、重置智能卡和密码等功能,从而提高生产力和满意度。
保护数据(Protect data)
角色挖掘工具可帮助您发现跨多个系统的权限并将其映射到个人。使用这些角色挖掘工具还可以为整个企业的用户探索权限集,这些权限集以后可以集中建模和应用。深入的审计和报告功能提高了对整个组织的合规性和系统安全状态的可见性。
统一访问(Unify access)
统一访问的概念就是减少登录所需的用户名和密码的数量。组(Groups)可以自动更新其成员资格,这确保只有具有正确访问权限的人才能使用正确的资源。
Microsoft 身份管理器功能
要开始使用并更好地了解此产品,了解Microsoft Identity Manager的工作原理非常重要。
连接(Connect)
您可以首先将Active Directory身份连接到不同的位置,例如目录、数据库和应用程序。
交换(Exchange)
您可以享受在这些位置之间交换身份的特权,并在需要时对其进行调整。
自助服务(Self-service)
您可以通过使用强安全性的简单自助服务为您的用户启用密码、组和证书管理。
分享(Share)
利用(Make)Azure Active Directory Connect 将(Azure Active Directory Connect)身份从Active Directory同步到Azure Active Directory,这有助于在云中提供SaaS应用单点登录和自助服务。
如何购买Microsoft 身份管理器(Microsoft Identity Manager)
每个用户都需要一个客户端访问许可证(Client Access License)( CAL ),因为该产品是按用户授予许可的,因此其身份受到管理。此外,需要具有有效软件保障的(Software Assurance)Windows Server许可证才能将Microsoft Identity Manager 2016的服务器软件用作Windows Server插件。
Microsoft Enterprise Mobility Suite 的Azure Active Directory Premium包括Microsoft Identity Manager 2016,这使其成为获取所有包含的云服务的最具成本效益的方式:Azure Active Directory Premium、Azure Rights Management和Intune。
可以在此处(here)(here)找到有关Microsoft Identity Manager(Microsoft Identity Manager)的更多详细信息。如果您的 PC 满足产品中指定的系统要求,您可以试用Microsoft Identity Manager的 180 天评估版。
Microsoft Identity Manager: Features, Download
Microsoft made an announcement in one of their blog posts that Microsoft Identity Manager (MIM) has been commercially released. If you are hearing Microsoft Identity Manager for the first time, it is an exclusive identity management product designed to work with Azure-based services from Microsoft. Essentially it prepares Active Directory identities for synchronization with Azure Active Directory, helps you to reset passwords with the help of Azure Multi-Factor Authentication, and provides dynamic groups with approvals along with redesigned certificate management options.
Along with the above said features, MIM adds great value in enhancing the security as it comes with capabilities like hybrid reporting and privileged access management to protect accounts of administrators as well as adds support for any new security protocols.
Microsoft Identity Manager
Microsoft Identity Manager is the successor product to Forefront Identity Manager and supports identity and access management for premises-based computing environments, this version has exclusive support for Windows 10 clients. Although Microsoft Identity Manager 2016 is now generally made available, Microsoft plans to release an add-on deployment pack in the next 90 days which helps automate the preparation of the privileged identity management environment said the Microsoft Active Directory team in one of their blog posts.
Benefits of using Microsoft Identity Manager
Here are some of the benefits which Microsoft Identity Manager 2016 has to offer:
Common identity
With automated workflows, business rules, and seamless integration with heterogeneous platforms across the cloud and datacenter, it simplifies the identity lifecycle management. Making use of one single interface which it offers, one could automate the identity and group provisioning based on business policy and implement workflow-driven provisioning. With the help of Visual Studio and .NET development environments, you could Extend MIM to support new scenarios and use cases.
Enable users
MIM acts as a one-stop interface by allowing users to self-remediate identity issues which include functions like group membership, resetting smart cards, and passwords, there by delivering increased productivity and satisfaction.
Protect data
The role mining tools helps you to discover and map permissions across many systems to individual. Use these role mining tools to also explore permission sets for users across the enterprise which could later be modeled and applied centrally. The in-depth auditing and reporting features provide increased visibility into compliance and the security state of systems across the organization.
Unify access
The concept of unifying access is all about reducing the number of usernames and passwords which are needed to log in. Groups could automatically update their membership, this ensures only people with the right access can use the right resources.
Microsoft Identity Manager features
To get started and to better understand this product, it is important to know how Microsoft Identity Manager works.
Connect
You can start by connecting Active Directory identities to different locations like directories, databases, and applications.
Exchange
You can enjoy the privilege of exchanging identities among these locations, tuning them up if needed.
Self-service
You can enable password, group as well as certificate management for your users with simple self-service that uses strong security.
Share
Make use of Azure Active Directory Connect in order to sync identities from Active Directory to Azure Active Directory which helps deliver SaaS app single sign-on and self-service in the cloud.
How to Buy Microsoft Identity Manager
A Client Access License (CAL) is required for each user whose identity is managed as this product is licensed on a per-user basis. Also, a Windows Server license with active Software Assurance is required to use Microsoft Identity Manager 2016’s server software as a Windows Server add-on.
Microsoft Enterprise Mobility Suite’s Azure Active Directory Premium includes Microsoft Identity Manager 2016 which makes it the most cost-effective way to acquire all of the included cloud services: Azure Active Directory Premium, Azure Rights Management, and Intune.
More details on Microsoft Identity Manager can be found here. You can try the 180-day evaluation copy of Microsoft Identity Manager if your PC meets the system requirements specified in the product.