ThirdSpace ThirdSpace
ThirdSpace Contact Us
Close 0 Reset Search Run Search What are you looking for? Type at least three characters to search. Filter Search Results
  • All Content
  • Blog
  • Page
  • Case Studies
  • Event
  • Resources
  • News
  • Careers
  • Access Centre
  • Technologies
  • Workshops
  • Service
  • Solutions
  • People
Load more
07 June 2017

FIM to MIM migration: What you need to know

Profile shot of Joe Liptrot.
Written by Joe Liptrot

Forefront Identity Manager (FIM) will soon be out of support.

What does that mean for organisations who rely on the system to manage users’ digital identities and credentials?

Now that withdrawal of mainstream support has been announced, FIM to MIM migration has gone from being a recommended course of action to an essential one. Here’s an overview of everything that current FIM users need to know about this upcoming change.

What is happening with FIM support?

According to the Microsoft product lifecycle site, mainstream support for FIM 2010 R2 SP1 is due to end on October 10 2017.

To enable continuous improvement of Microsoft software, updates and fixes are created and released as a single package (called a service pack) that is made available for installation. When a new service pack is released, Microsoft provides either 12 or 14 months of support for the previous service pack.

When support for a service pack ends, Microsoft no longer provides new security updates, DST updates, or other non-security updates for that service pack. Customers are highly encouraged to stay on a fully supported service pack to ensure they are on the latest and most secure version of their product.

Note that extended support is due to end on October 11 2022. For definitions of mainstream support, extended support and self-help online support, see here: Note that support for FIM 2010 R2 ended on April 8 2014.

What impact will the end of FIM support have on organisations using FIM for their identity management?

Unless the organisation pays Microsoft for extended support after October 10 2017, only security updates will be issued. Also, if you have a support contract with a Microsoft Partner such as OCG, they will be unable to assist with non-security related issues caused by bugs in the product. There have been no hot fixes for FIM since MIM SP1 was released.

So what are the options?

Well, you can either pay Microsoft for the extended support to keep them updated until 2022. Alternatively, you can upgrade your IAM system by migrating from FIM to its replacement, Microsoft Identity Manager (MIM), which was released in 2016.

What is Microsoft Identity Manager (MIM)?

Microsoft Identity Manager (MIM) 2016 builds on the identity and access management capabilities of FIM 2010 R2, helping you to manage the users, credentials, policies and access within your organization.

Additionally, MIM 2016 adds a hybrid experience, privileged access management (PAM) capabilities, and support for new platforms.

None of this new functionality has been released in any FIM hot fixes. It is therefore only available with MIM.

Watch – Agile reporting and UI add-ons that MIM users will love

Watch – Agile reporting and UI add-ons that MIM users will love

Love Microsoft Identity Manager, but want more? Looking to bring your other identity systems to life? We can help. Watch and discover how you can:

  • View and report on identities across MIM and other connected systems
  • Easily generate powerful reports on user status and changes
Watch on-demand now

What’s the difference between FIM and MIM?

A further case for FIM to MIM migration can be made in terms of the added benefits Microsoft’s more recent product provides. MIM 2016 works alongside Azure to give you control over your full environment. It retains the same familiar interface as FIM 2010 R2 SP1, but with the addition of:

  • Hybrid reporting in Azure presents your cloud and on-premises data in one place.
  • Self-Service Password Reset portal supports Azure multi-factor authentication (MFA)
  • Self-service scenarios, which now include Account Unlock and multi-factor authentication gate for Password Reset
  • Privileged Access Management (PAM) which controls and manages administrative access to on-premises resources, including Active Directory Domain Services, by providing temporary, task-based access.

This means you can give administrators only as much permission as necessary, which lowers the chances of a cyber attacker gaining full administrative access. In addition, PAM extracts and isolates administrative accounts from existing Active Directory forests.

The MIM 2016 Service Pack 1 improves further on MIM 2016 RTM by providing:

  • MIM Portal cross-browser compatibility for end-user self-service: Microsoft has introduced support for most major browsers. Users may now access and interact with the MIM Portal for self-service group and profile management from Edge, Chrome, and Safari.
  • MIM Service support for Exchange Online: the MIM Service has long supported sending and receiving emails for approvals and notifications. Prior to SP1, MIM only supported Exchange Server to SMTP. With SP1, the MIM Service can send and receive requests as well as email notifications using an Office 365 Exchange online account.
  • Image file format validation on upload: MIM is now able to validate the file format of images when they are uploaded to the portal
  • PAM Enhancements
    • “PRIV” (bastion) forest support for Windows Server 2016 functional level
    • Privileged account elevation into groups exclusive to the “PRIV” (bastion) forest
    • PAM Deployment Scripts
    • PAM Cmdlets for Authentication Policy Silo configuration
    • Upgraded platform support including Windows Server 2016, SQL 2016 and SharePoint 2016
    • Bug fixes for MIM 2016 RTM
  • A new hot fix (4.4.1459.0) has been released for MIM 2016 SP1 which, as well as addressing some bugs, offers the following enhancements:
    • Support for SQL 2016 Always On Availability Groups
    • SSPR with Web Application Proxy
    • Support for SCSM 2016 for FIM / MIM Reporting
    • Support for FIMService Dynamic Logging
    • Support for CustomObject (ExplicitMember) Membership Management
    • Approval Justification Blog
    • Updated Support Platforms – note that Microsoft have confirmed that they have not correctly updated their website to reflect the newly-supported platforms yet, but are working on it

FIM to MIM Migration

Clients often ask us how long it would take to migrate from FIM to MIM. This varies considerably depending upon such things as the complexity of the FIM solution, how many environments (Dev, Test, Pre-Prod, Prod etc.) need to be updated, the number and type of Management Agents, and the risk assessment of the solution.

We have some clients who have upgraded within a few weeks, and some which take months of consulting, planning and project management effort to complete. One thing we strongly advise is that you don’t try and change any functionality at the same time as migration to MIM, otherwise troubleshooting will be adversely affected.

Clients also ask what would happen if they don’t migrate to MIM before mainstream support is withdrawn. In actual fact, usually nothing. Security updates will continue to be released until the end of extended support in 2022, but if you experience a problem caused by a bug in the product, it will not be addressed by Microsoft unless you have purchased extended support. Even then, per-incident charges may apply.

In summary, it’s a risk-based decision which you need to discuss with your business representatives.

Next, watch the Microsoft identity stack demos to see how Microsoft’s key identity management technologies (including MIM) enable seamless user creation journeys.

Subscribe to the ThirdSpace mailing list and get your free buyer’s guide to Microsoft Enterprise Security

Subscribe to the ThirdSpace mailing list and get your free buyer’s guide to Microsoft Enterprise Security

Submit your business email to join our mailing list and we'll send you 'A buyer’s guide to Microsoft Enterprise Security'.

Profile shot of Joe Liptrot.

About Joe Liptrot

Senior Architect

Responsible for ThirdSpace’s identity and access management practice, Joe is a member of both the leadership team and the technical leadership committee. You’ll frequently find him working onsite...


You may also like...


How the SolarWinds breach highlights the dangers of federated authentication – and what you can do to protect against it


What is Microsoft Identity Manager (MIM)? Everything you need to know


Uniting disparate directories: What is Azure AD Connect cloud provisioning?

Recent Blog Articles

View All
Related topics

Agile reporting and UI add-ons for MIM users

Discover how you can report on identities across MIM and other connected systems.

Watch now

Need some help?

Send us your questions or feedback.

Friendly folks are standing by!

Contact Us
Award-winning solutions Award-winning solutions

Eight-time winner of the Microsoft Partner of the Year Award for Identity Management, Enterprise Mobility, and Security and Compliance.

ThirdSpace Please upgrade your browser

You are seeing this because you are using a browser that is not supported. The ThirdSpace website is built using modern technology and standards. We recommend upgrading your browser with one of the following to properly view our website:

Windows Mac

Please note that this is not an exhaustive list of browsers. We also do not intend to recommend a particular manufacturer's browser over another's; only to suggest upgrading to a browser version that is compliant with current standards to give you the best and most secure browsing experience.