Forefront Identity Manager (FIM) will soon be out of support.
What does that mean for organisations who rely on the system to manage users’ digital identities and credentials?
Now that withdrawal of mainstream support has been announced, FIM to MIM migration has gone from being a recommended course of action to an essential one. Here’s an overview of everything that current FIM users need to know about this upcoming change.
According to the Microsoft product lifecycle site, mainstream support for FIM 2010 R2 SP1 is due to end on October 10 2017.
To enable continuous improvement of Microsoft software, updates and fixes are created and released as a single package (called a service pack) that is made available for installation. When a new service pack is released, Microsoft provides either 12 or 14 months of support for the previous service pack.
When support for a service pack ends, Microsoft no longer provides new security updates, DST updates, or other non-security updates for that service pack. Customers are highly encouraged to stay on a fully supported service pack to ensure they are on the latest and most secure version of their product.
Note that extended support is due to end on October 11 2022. For definitions of mainstream support, extended support and self-help online support, see here: https://support.microsoft.com/en-us/help/14085. Note that support for FIM 2010 R2 ended on April 8 2014.
Unless the organisation pays Microsoft for extended support after October 10 2017, only security updates will be issued. Also, if you have a support contract with a Microsoft Partner such as OCG, they will be unable to assist with non-security related issues caused by bugs in the product. There have been no hot fixes for FIM since MIM SP1 was released.
Well, you can either pay Microsoft for the extended support to keep them updated until 2022. Alternatively, you can upgrade your IAM system by migrating from FIM to its replacement, Microsoft Identity Manager (MIM), which was released in 2016.
Microsoft Identity Manager (MIM) 2016 builds on the identity and access management capabilities of FIM 2010 R2, helping you to manage the users, credentials, policies and access within your organization.
Additionally, MIM 2016 adds a hybrid experience, privileged access management (PAM) capabilities, and support for new platforms.
None of this new functionality has been released in any FIM hot fixes. It is therefore only available with MIM.
A further case for FIM to MIM migration can be made in terms of the added benefits Microsoft’s more recent product provides. MIM 2016 works alongside Azure to give you control over your full environment. It retains the same familiar interface as FIM 2010 R2 SP1, but with the addition of:
This means you can give administrators only as much permission as necessary, which lowers the chances of a cyber attacker gaining full administrative access. In addition, PAM extracts and isolates administrative accounts from existing Active Directory forests.
The MIM 2016 Service Pack 1 improves further on MIM 2016 RTM by providing:
Customers often ask us how long it would take to migrate from FIM to MIM. This varies considerably depending upon such things as the complexity of the FIM solution, how many environments (Dev, Test, Pre-Prod, Prod etc.) need to be updated, the number and type of Management Agents, and the risk assessment of the solution.
We have some clients who have upgraded within a few weeks, and some which take months of consulting, planning and project management effort to complete. One thing we strongly advise is that you don’t try and change any functionality at the same time as migration to MIM, otherwise troubleshooting will be adversely affected.
Customers also ask what would happen if they don’t migrate to MIM before mainstream support is withdrawn. In actual fact, usually nothing. Security updates will continue to be released until the end of extended support in 2022, but if you experience a problem caused by a bug in the product, it will not be addressed by Microsoft unless you have purchased extended support. Even then, per-incident charges may apply.
In summary, it’s a risk-based decision which you need to discuss with your business representatives.
Eight-time winner of the Microsoft Partner of the Year Award for Identity Management, Enterprise Mobility, Security and Compliance.
Oxford Computer Group UK officially rebranded as ThirdSpace in the UK on 16 October. This rebrand reflects our broadening identity and security solutions, as working practices extend from the office and home into working flexibly and collaboratively from anywhere – Your "ThirdSpace".Continue to ThirdSpace
You are seeing this because you are using a browser that is not supported. The ThirdSpace website is built using modern technology and standards. We recommend upgrading your browser with one of the following to properly view our website:Windows
Please note that this is not an exhaustive list of browsers. We also do not intend to recommend a particular manufacturer's browser over another's; only to suggest upgrading to a browser version that is compliant with current standards to give you the best and most secure browsing experience.