Even though more and more Canadian businesses are reopening, many have decided to continue with their remote work and Bring Your Own Device (BYOD) arrangements. A 2021 McKinsey survey found that 9 out 10 organizations will rely on remote and on-site working in 2022 for increased productivity.
If your business is opting for remote work as a permanent solution, it’s important to take cybersecurity seriously. Cyberthreats such as ransomware and data breaches are the biggest threats to small businesses in Canada today.
Thankfully, there are a wide variety of tools that SMBs can use to improve their data security and protect employees’ devices. One such tool is Microsoft Identity Manager (MIM).
What is Microsoft Identity Manager (MIM)?
Identity management and access control are at the core of most data security policies. Defining and enforcing who has access to what would be a top priority in a physical office so why shouldn’t that be the case in a hybrid or virtual environment? In fact, mobile security and Identity Management solutions have been recommended as best practices for years now.
Most businesses contain valuable employee and customer data that attracts malicious actors (and then hefty fines). Instead of having different keys and server security, IT administrators use software like MIM for authentication to determine a user’s virtual identity (who are they) and access control (what they have access to).
What differentiates Microsoft MIM from other Identity and Access Management (IAM) tools is that MIM is targeted towards on-premises use or companies that aren’t currently using the cloud (or only partially using it).
What Does Microsoft Identity Manager Do?
Most SMBs today have on-premises business applications in one form or another. For a number of reasons including data security and productivity, it’s important to have policies governing who has access to apps and data. MIM automates this process of provisioning and removing roles as well as and access management for all users and groups in the company.
IT administrators set up policies that MIM implements using its advanced rules-based synchronization engine for automatic IAM across the company. Additionally, Microsoft MIM seamlessly integrates with a wide range of services and platforms including business applications, directories, and on-premises databases.
How SMBs Use Microsoft Identity Manager?
Microsoft Identity Manager (MIM) is part of Microsoft’s massive ecosystem of business services. But its key function is to enable the right employees to access the cloud-hosted Azure Active Directory and other on-premises business apps.
1. Azure AD Connect
MIM consists of various components but the main component is called MIM Synchronization Service. Similarly, the main component in Azure AD Connect is called Azure AD Connect Sync.
As their name suggests, both of these services share similar functions but with slight differences. The primary reason SMBs would choose MIM over Azure AD Connect is that MIM supports quite a few more scenarios including synchronizing identities in on-premises systems in addition to cloud-based systems.
2. Automatic Identity and Group Provisioning
As mentioned earlier, one of the main use cases for MIM is automating IAM and group provisioning based on policies developed by IT admins as well as provisioning roles based on workflows.
3. Synchronizing Identities
Another very common use case for MIM is synchronizing identities between directories, databases, departmental systems (HR, finance, sales, etc), and on-premises business applications. Microsoft has a wide library of data connectors that can be used for this, in addition to commonly-used APIs and protocols.
These are the main and most common use cases but Microsoft MIM is very versatile, especially for on-premises infrastructures.
Once the business has identified their use for MIM, deployment is fairly simple.
How to Deploy Microsoft MIM?
SMBs can deploy Microsoft Microsoft Identity Manager 2016 SP2 (the latest version) in three simple steps:
1. Set up your domain
MIM is based on Microsoft Active Directory (AD) so businesses must first set up an AD domain and then install a domain controller as Administrator. With this, user accounts, identities, and groups can be created.
2. Create a corporate identity management server
Once you have configured your domain, you can set up an identity management server that includes setting up a Windows Server, SQL Server, and SharePoint Server. Businesses can also set up additional services for Exchange, Outlook, PAM PowerShell, etc.
3. Install MIM components
Finally, install the following MIM components to wrap up:
- MIM Synchronization Service
- MIM Service
- MIM Portal
- MIM Service databases
- MIM Client Add-ins
What is the Difference between FIM and MIM?
FIM or Forefront Identity Manager is the predecessor to Microsoft Identity Manager. Because MIM is built upon FIM, they both share many functionalities and technologies but MIM is an evolution of FIM that has been long in the making.
With the 2016 update, Forefront Identity Manager was officially rebranded as Microsoft Identity Manager. The key difference between FIM and MIM is that the latter supports the latest Windows operation systems, SQL, SharePoint, and more. The update also added new features such as Privileged Access Management (PAM).
Additionally, the updates in MIM make multi-factor authentication, integration with Office 365 apps, and support for Microsoft connectors all possible.
Deploying Microsoft Identity Manager without IT Support
The world of identity and access management can be daunting, especially for non-tech founders who do not have a background in this field. The high risks involved with data security in today’s remote work do not help either. Unfortunately, most SMBs do not have an IT team to deploy Microsoft Identity Manager or Azure AD to protect employee devices.
As a result, most SMBs partner with managed services providers like TUCU to get things done, securely and on time. TUCU is a top-rated IT provider in Toronto, Canada.
If you’d like to learn more about how you can maximize productivity and security in remote working, reach out to TUCU Managed IT Services Inc. for a free consultation today.