Microsoft announced further details on the #FIM2010 vNext roadmap (now : aka Microsoft Identity Manager)
- FIM 2010 Group at Facebook: https://www.facebook.com/groups/155109068156/
- Server & Cloud Blog: Forefront Identity Manager vNext roadmap (now Microsoft Identity Manager) at http://blogs.technet.com/b/server-cloud/archive/2014/04/23/forefront-identity-manager-vnext-roadmap-now-microsoft-identity-manager.aspx
Allow me to rephrase the announcement message, to condense the message. Full message at references mentioned earlier.
Today the product group provided an update with further details of the FIM 2010 roadmap.
This is including the approach and the investments they are making to enhance the on-premises, private cloud and hybrid cloud identity management solutions.
(quote) “Forefront Identity Manager helps your organization ensure users have appropriate access corporate information regardless of where it is located—in your datacenter or in the cloud, by providing self-service identity management, automated lifecycle management across heterogeneous platforms, a rich policy framework for enforcing security policies, and detailed audit capabilities.
The approach to the next version of Identity Manager is guided by the following customer feedback and innovation goals:
- Continue to address risks to critical assets, by enhancing and expanding the available protections for enterprise identity, ensuring the enterprise’s identity infrastructure is resilient to targeted attacks
- Enable the mobile access scenarios that customers are looking to adopt and manage from a broad range of devices across on-premises and cloud services
- Connect with Azure Active Directory to integrate with its features and extend the reach of enterprise identity to a range of Software-as-a-Service applications
- Deliver easy-to-deploy end-to-end scenarios that complement investments in Windows, Office, Microsoft Azure, and Active Directory with end user self-service, delegation and configurable policies
Three major investment areas have been identified for this release of Identity Manager:
- Hybrid scenarios that leverage cloud-based services delivered in Microsoft Azure, including Multi-Factor Authentication, Azure Active Directory application integration, analytics and reporting
- Support for the latest platforms and mobile devices with modern user interfaces
- Improved security with additional controls, analytics and auditing of administrative and privileged user identities and their access to Active Directory, Windows Server and applications
As part of the next release, we will also move Identity Manager under the Microsoft brand, so this release will be known as Microsoft Identity Manager.
More details will be available next month at the TechEd North America 2014 breakout session PCIT-B328, scheduled for May 14th at 5:00 PM US Central time. We will also have more to share and later in the year including timelines for preview programs and the release schedule.“
So now #FIM2010 is not FIM any more, it’s MIM.
We need to find a new hash tag, right? #MIM is taken…
Any suggestion? #MIM2015?
Below are the issues fixed or added, full detail available in KB article above
Issues that are fixed or features that are added in this update
This update fixes the following issues or adds the following features that were not previously documented in the Microsoft Knowledge Base.
FIM Service and Portal
If a FIMService instance loses connection to the FIMService database, it can may stop processing FIM Service MA export requests. This results in failed FIM Service MA exports with a run status of “stopped-server.” Additionally, the following exception is logged in the Forefront Identity Manager event log:
System.Data: System.InvalidOperationException: The requested operation cannot be completed because the connection has been broken.
You use a multivalue attribute in a dynamic set. This dynamic set is used in a Transition Out management policy rule. If two or more elements are removed from the attribute in a single request, and if of the elements triggers the Transition-Out MPR, the request fails, and you receive the following exception:
Microsoft.ResourceManagement.WebServices.Exceptions.UnwillingToPerformException: Other —> System.Data.SqlClient.SqlException: Reraised Error 2627, Level 14, State 1, Procedure DoEvaluateRequestInner, Line 1073, Message: Violation of PRIMARY KEY constraint ‘PK__#1B54B73__5330D0771D3CFFB1′. Cannot insert duplicate key in object ‘dbo.@transitionOutApplicableRuleBuffer’.
When an export run in the FIM Service MA includes updates to the Filter attribute of multiple dynamic groups, a “failed-modification-via-web-services” exception can be returned. When you review the details of the exception that is returned, you see that an SQL Deadlock occurred.
FIM Synchronization Service
In the Active Directory management agent, changes to a multivalue attribute such as proxyAddresses are not synchronized to the metaverse in the following scenario:
- A change to proxyAddresses is exported to the Active Directory for User1.
- A second change is made to proxyAddresses outside the synchronization service.
- A Delta Import run profile is run to confirm the exported changes.
If an exception is thrown by the management agent’s password extension during password synchronization, the password interface at which the exception was thrown is discarded. This can cause high processor usage on the computer that is hosting the FIM Synchronization Service when the computer processes password synchronization to multiple management agents.
After you apply this update, exceptions of type PasswordPolicyException and PasswordIllFormedException no longer discard the password interface. This enables the interface to be reused for another password operation to the connected data source.
If a regular expression policy rule is applied for an ABA role, all applied ABA roles are stuck in the pending state for the users and are never assigned.
If a user has an ABA role, and if you try to change a user attribute that is not related to the ABA role, all ABA roles are again marked for policy validation. Additionally, assigned permissions are removed and assigned back.
When you have more than 500 permissions in BHOLD and search permissions on the Supervised Permissions tab of Default Supervisor Role, no results are returned, and you are returned to the previous page.
When you configure an attribute-based role assignment for a role and then you try to click the Show Impact link in the policies section of a role, you receive the following error message:
Object reference not set to an instance of an object
The SP1 build does not let you re-create a permission that was removed from BHOLD earlier.
When you try to change and save a user without changing the end date, you receive the following error message:
Invalid date format
When you try to move an organization unit in the BHOLD Core Portal, you receive the following warning message:
Session ID missing: The Session ID is not found in URL. You can continue working using the menu at the left
The “User by Role” report cannot be generated after the limit of 50,000 users is reached. Additionally, you receive an “Out of memory” exception.
In the BHOLD Self-Service Portal, the role information screen under the Role Requests-Current Roles tab displays no role descriptions or permission details.
When you log on as a typical end-user in the BHOLD Service Portal, the “My Roles” screen is displayed as an empty page even though the user is assigned with both “active” and “proposed” roles.
The BHOLD – Access Management agent cannot perform full imports because of an SQL time-out issue that occurs when there is a load of more than 50,000 to 100,000 users.
BHOLD cannot add permissions to a user by using the BHOLD Connector after these permissions are denied.
When a steward in the BHOLD Attestation portal has multiple resources to attest and is working on approving or denying permissions for one user, other permissions for a different user are changed in the user interface.
Today Andreas Kjellman presented an updated FIM roadmap on the FIM Team User group.
Register and keep an eye on http://thefimteam.com/fim-team-user-group/, as the recording will be published shortly.
Also just a few days ago the new Hybrid Identity website went live (http://www.microsoft.com/en-us/server-cloud/solutions/identity-management.aspx).
The updated website contains the Hybrid Identity White Paper (http://aka.ms/hybrididentitywp)
Microsoft’s approach to identity spans on-premises and the cloud, creating a single user identity for authentication and authorization to all resources, regardless of location.
Also check the Hybrid Identity Datasheet (http://aka.ms/hybrididentityds)
There is a new product “AADSync” to make onboarding to AAD and Office 365 for multi-forest a lot easier. It will also support advanced DirSync scenarios. It is building on FIM2010R2 and DirSync.
The preview is available on Connect. (http://connect.microsoft.com/directory).
Documentation can be found at: http://www.aadsync.com/
There will be more information later in the year about Preview programs and deeper technical information.
There is more news to come, just keep an eye on the Server & Cloud Blog (http://blogs.technet.com/b/server-cloud/)
Also note that the new AADSync tool is referred as Microsoft Azure Active Directory Sync Services (AADSync), as Windows Azure is rebranded to Microsoft Azure…
|Book||http://aka.ms/packtpub_da_troubleshooting||Book: Direct Access troubleshooting|
|Exchange||http://aka.ms/mostpopularexch2010wiki||Most poplar Exchange 2010 articles on TN Wiki|
|FIM||http://aka.ms/ecmaresourcewiki||ECMA Resource Wiki|
|FIM||http://aka.ms/fim_codeplex||FIM projects on Codeplex|
|FIM||http://aka.ms/fim_portsrightspermissions||FIM Ports, rights and permissions|
|FIM||http://aka.ms/msidentitypublicreleases||Microsoft’s Identity Software: Public Release Build Versions|
|FIM||http://aka.ms/msidmpublicbuilds||Microsoft’s Identity Software: Public Release Build Versions|
|FIM||http://aka.ms/msidmpublicreleases||Microsoft’s Identity Software: Public Release Build Versions|
|FIM||http://aka.ms/powershellma||PowerShell Management Agent > The IDM explorer|
|FIM||http://bit.ly/FIM2010R2-RC||FIM 2012 R2 RC|
|FIM||http://bit.ly/FIM2010R2BetaDocs||FIM R2 Beta docs|
|FIM||http://bit.ly/TNEdgeCustomizingFIMPortal||FIM Portal customisation|
|FIM||http://bit.ly/CreatingCustomRCDC||FIM Creating Custom RCDC|
|FIM||http://bit.ly/FIM2010HotfixRSS||FIM Hotfix RSS|
|FIM||http://bit.ly/FIM2010_slowlink||Improve FIM performance over slow link|
|FIM||http://bit.ly/FIM2010Solutions||FIM 2010 Solutions from partners|
|FIM||http://bit.ly/FIM2010CustomActivity_WF||FIM Custom Activity WF|
|FIM||http://bit.ly/FIM2010SDK||FIM 2010 SDK|
|FIM||http://bit.ly/FIM2010Resources||FIM 2010 Resources|
|FIM||http://aka.ms/fim2010bpa||FIM 2010 Best Practice Analyser|
|FIM||http://aka.ms/fim2010functionsref||FIM 2010 Functions Reference|
|FIM||http://aka.ms/fim2010partnermas||FIM 2010: Management Agents from Partners|
|FIM||http://aka.ms/fim2010r2bpa||FIM 2010 Best Practice Analyser|
|FIM||http://aka.ms/fimblogs||FIM 2010 Community, feeds & blogs|
|FIM||http://aka.ms/fimbuild_overview||FIM Build Overveiw|
|FIM||http://aka.ms/fimbuilds||FIM Build Overveiw|
|FIM||http://aka.ms/fimcmpermissions||FIM CM Permisssion|
|FIM||http://aka.ms/fimcommunity||FIM Community overview|
|FIM||http://aka.ms/fimcommunity_feeds_blogs||FIM Community overview|
|FIM||http://aka.ms/fimfilema||FIM File MA|
|FIM||http://aka.ms/fimlpdownload||FIM Language Pack download|
|FIM||http://aka.ms/fimma_ln8||FIM Lotus Notes MA|
|FIM||http://aka.ms/fimmaportspermissions||FIM Rights, Ports & Permissions|
|FIM||http://aka.ms/fimmas||FIM Management Agents|
|FIM||http://aka.ms/fimmasfrompartners||FIM Management Agents from partners|
|FIM||http://aka.ms/fimscriptbox||FIM Script box|
|FIM||http://aka.ms/fimsecurity||FIM Security Setup|
|FIM||http://aka.ms/fimtechoverview||FIM Technical Overview|
|FIM Book||http://aka.ms/fim2010r2bestpracticesbook||FIM Book|
|FIM Book||http://aka.ms/fim2010r2handbook||FIM Book|
|FIM Book||http://aka.ms/fim2010r2handbookshortcuts||FIM Book|
|FIM Book||http://aka.ms/fim_r2_best_practices_vol1||FIM Book|
|FIM Community||http://aka.ms/fimteamug||FIM Team User Group|
|FIM Forum||http://aka.ms/fimforum||FIM Forum on Technet|
|FIM Forum||http://aka.ms/fimforumtn||FIM Forum on Technet|
|FIM Learning||http://aka.ms/fim2010rampup||Learning FIM|
|FIM News||http://aka.ms/2013fimannouncement||2013 FIM Announcement|
|FIM Technet||http://aka.ms/tnwikiforum||FIM 2010 Forum|
|FIM Wiki||http://aka.ms/fim2010resources||FIM 2010 Resources|
|FIM Wiki||http://aka.ms/fim2010wiki||FIM 2010 Wiki|
|Forefront||http://aka.ms/forefrontroadmap||Forefront Roadmap announcement|
|Forefront||http://aka.ms/forefronttechcenter||Forefront Tech Center|
|ILM||http://aka.ms/ilm2007gettingstarted||ILM Getting Started|
|Learning||http://bit.ly/MS_MVA||Microsoft Virtual Academy|
|PFE||http://aka.ms/pfe_wiki||Premier Field Engineering at TN Wiki|
|PFE||http://aka.ms/stayoutoftrouble||Premier Field Engineering|
|PKI||http://bit.ly/MSPKIBook||MS PKI Book|
|PKI||http://bit.ly/CurrentCLMresources||Current CLM Resources|
|Security||http://bit.ly/MS_BRS||Business Ready Security|
|Security||http://bit.ly/NEAT_Spruce||Neat And Spruce at Microsoft|
|Security||http://bit.ly/DownloadBRSTrial||Microsoft Business Ready Security Trial Environment|
|Sharepoint||http://aka.ms/sp2010kernelmodeauthn||Sharepoint Kernel Mode Authentication|
|Technet||http://aka.ms/fim2010forum||FIM Forum on Technet|
|Visual Studio||http://aka.ms/debugextension||Extension debugging|
|Wiki||http://aka.ms/fimwiki||FIM at Wiki|
|Wiki||http://aka.ms/fixrgb||Fix RGB codes to names in HTML|
|Wiki||http://aka.ms/wikitagcloud||TechNet Wiki: easy bookmarks to important TNWiki resources|
|Wiki||http://aka.ms/wikitoolbox||TN Wiki toolbox|
|Wiki||http://bit.ly/AddTocToYourTNWikiDoc||Add TOC to your Wiki article|
|Wiki Blog||http://aka.ms/tnwikiblog||TN Wiki Blog|
|Wiki Blog||http://aka.ms/wikiblog||TN Wiki blog|
|Wiki blog||http://aka.ms/wikininjablog||TN Wiki blog|
|Wiki Governance||http://aka.ms/technetwikicommunitycouncil||Wiki Governance|
|Wiki Governance||http://aka.ms/tnwikicouncil||Wiki Council|
|Wiki Governance||http://aka.ms/tnwikifeedback||Wiki Feedback|
|Wiki Governance||http://aka.ms/wikidevelopment||Wiki Governance|
|Wiki Governance||http://aka.ms/wikiguide||Wiki Governance|
|Wiki Governance||http://aka.ms/wikininjas||Wiki Ninja|
|Wiki Governance||http://aka.ms/wikireputation||Wiki Governance|
|Wiki Governance||http://aka.ms/wikuserguidelines_personalisation||Wiki Governance|
In light of recent research into practical attacks on biases in the RC4 stream cipher, Microsoft is recommending that customers enable TLS1.2 in their services and take steps to retire and deprecate RC4 as used in their TLS implementations.
Microsoft recommends TLS1.2 with AES-GCM as a more secure alternative which will provide similar performance.
And other interesting reading material referenced in the blog:
Microsoft® Forefront® Identity Manager 2010 R2 SP1 Language Packs
Note: These language packs are only for use with FIM 2010 R2 SP1.
The respective FIM 2010 R2 SP1 client or server components must first be installed before installing their language packs. >
See the FIM 2010 TechNet library* for specific requirements of those components.
For the FIM 2010 R2 language packs, see the download at
For the FIM 2010 language packs, see the download at
*As a refresher: Hardware and Software Requirements, http://technet.microsoft.com/en-us/library/hh332708(v=ws.10).aspx