Note-to-self: Exchange recipient administration rights in ILM/FIM/MIM

Another great post to bookmark, using the blog as my external memory again:
Check Paul Williams’ post at : http://blog.msresource.net/2011/12/02/exchange-recipient-administration-overkill-in-ilm-and-fim/

“What am I talking about?  Reducing the privilege required to perform Exchange recipient provisioning using the Active Directory Domain Services Management Agent (ADMA).  The default documentation on the subject clearly states that in order to provision mailbox-enabled users or linked mailboxes the ADMA account needs to be a member of the Recipient Administrators role group.  Now, while it’s true membership in that group will allow you to run Update-Recipient and successfully invoke the RUS after creating a user and stamping the mandatory Exchange attributes that same membership also grants you access to perform a multitude of recipient administration tasks that the account doesn’t need to perform.”

And also : http://blog.msresource.net/2011/12/14/delegating-the-minimum-set-of-permissions-for-mailbox-enabled-user-and-linked-mailbox-provisioning/

New MIM vNext CTP (CTP4) posted on Microsoft Connect #FIM2010 #MIM2015, now #MIM2016

Source: http://blogs.technet.com/b/ad/archive/2015/04/21/microsoft-identity-manager-public-preview-updated.aspx

Today the FIM/MIM product group posted a new version of the MIM vNext CTP on Microsoft Connect (Milestone CTP4, 4.3.1790.0)

Head over to the Microsoft Connect site at https://connect.microsoft.com/site433/Downloads/DownloadDetails.aspx?DownloadID=57668

As you’ll see quickly you’ll need 35GB free space now, to download the documents and VMs.

In addition to the new functionality, if you carefully read the list of downloads we have got a new product name:

Microsoft Identity Manager 2016.

CTP3 MIM CM with Modern App TLG.docx 5,38 MB Download
MICROSOFT EVALUATION SOFTWARE LICENSE TERMS.docx 70 KB Download
PRIVDC.zip 6.429,13 MB Download
CORPDC.zip 7.438,93 MB Download
CORPWKSTN.zip 7.461,45 MB Download
PAMSRV.zip 13.791,65 MB Download
MIM install 4.3.1790.0.zip 158 MB Download
MIM CTP Test Lab Guide for Privileged Access Management.docx 474 KB Download
TLG – MIM2016 Deployment.docx 8,98 MB Download
TLG – MIM2016 RC Self-Service Login Assistance (SSPR+SSAU) with Azure MFA.docx 4,05 MB Download

The beta release can be downloaded as following:

#FIM2010 & MIM 2016 licensing model is changing as of 1st of april 2015

Source: http://www.microsoft.com/licensing/products/products.aspx

Download the “Microsoft Product Use Rights (WW, English, April 2015)” document at http://www.microsoftvolumelicensing.com/userights/Downloader.aspx?DocumentId=8488 In short, prior to 1st of april 2015, you required

  • a FIM server license for every FIM server installed and a CAL for every user managed in the FIM Service, or
  • Forefront Identity Manager 2010 R2 External Connector
Functionality Covered by
FIM Server Components (FIM Sync, FIM Services, FIM portal, …) FIM Server SKU
CAL Standalone FIM CAL, or Azure Active Directory Premium (AADP), or Enterprise Mobility Suite (EMS) User, orEnterprise Cloud Suite (ECS) User SL
External Users FIM External Connector license (per server)

After 1st of april 2015:

  • Windows Server license (Standard & Datacenter) will include FIM server entitlement
  • FIM Server 2010 R2 licenses will not be available anymore on the price lists
Functionality Covered by
FIM Server Components (FIM Sync, FIM Services, FIM portal, …) Windows Server license (Standard & Datacenter) will include FIM server entitlement
CAL Standalone (FIM) CAL, or Azure Active Directory Premium (AADP), or Enterprise Mobility Suite (EMS) User, or Enterprise Cloud Suite (ECS) User SL
External Users Windows Connector license

Certificate and Identity Management

  • A CAL is also required for any person for whom the software issues or manages identity information.

Synchronization Service

  • A CAL is not required for users only using the Forefront Identity Manager synchronization service.

From the PUR:

  • External Connector License means a license attached to a Server that permits access to the server software by External Users.
  • External Users means users that are not either your or your Affiliates’ employees, or your or your affiliates’ onsite contractors or onsite agents.
  • CAL means client access license. There are two kinds of CALs: user and device. A user CAL allows access to the server software from any device by one user. A device CAL allows access to the server software from one device by any user.

FIM / MIM is using a user CAL. The FIM server will no longer be sold as a separate license, but instead Windows Server licenses will allow customers to install the FIM Server software. Since FIM users already required a Windows Server CAL or equivalent to access FIM running on Windows Server, no additional Windows Server CALs (or Windows Server External Connector) will be required. Still it’s important to understand that you still need FIM/MIM CALs to manage identities with FIM/MIM (unless you only use the FIM/MIM Sync). Azure Active Directory Premium (AADP) and any suite that contains AADP, including Enterprise Mobility Suite (EMS) and Enterprise Cloud Suite (ECS) or a additive FIM CAL will also entitle users to access FIM. MIM will have the same licensing model. All current FIM customers with active SA on the underlying Windows Server, (since the right to install FIM server is now granted with a Windows Server license), will have rights to upgrade to MIM when it launches. And for my Dutch speaking followers… Tous la même chose:

PS: The FIM licensing page on TechNet Wiki will be updated ASAP (http://aka.ms/LicenseToFIM)

[ADD-ON, Jan 2016]
https://identityunderground.wordpress.com/2016/01/06/fimmim-licensing-clarification-on-the-requirement-to-use-cals/

Bookmark:

Note-to-self: Microsoft Ignite session – Upgrading from #FIM2010 to #MSIM2015 and Azure Active Directory

Mental note: Microsoft Ignite, May 48, 2015 (Chicago, IL)

Check out this session at #MSIgnite and find other content that’s right for you.  http://meme.ms/d4973s3

“In this session we will cover how to upgrade from Forefront Identity Manager and earlier products to the upcoming Microsoft Identity Manager (MIM), demonstrate how MIM integrates with Azure Active Directory (AD), and review best practices for integrating private and public cloud identity and access management.” 

All info at http://ignite.microsoft.com/

 

 

New MIM vNext CTP (CTP3) posted on Microsoft Connect #FIM2010 #MSIM2015

Today the FIM/MIM product group posted a new version of the MIM vNext CTP on
Microsoft Connect (Milestone CTP3, 4.3.1691.0)

Head over to the Microsoft Connect site at:
https://connect.microsoft.com/site433/Downloads

Some interesting new stuff has been published:

[UPDATE, 3/mar/2015, additional files have been published, you need 27GB free space now]

Bestandsnaam: Bestandsgrootte
CTP3_MIM_Installers.zip 111,54 MB
CTP3 MIM CM with Modern App TLG.docx 5,38 MB
MICROSOFT EVALUATION SOFTWARE LICENSE TERMS.docx 69 KB
MIM Preview Questionnaire_clean.docx 25 KB
PAM REST API Reference V1.0.docx 31 KB
TLG for SSLA with MFA – 2015-02-22.docx 4,05 MB
PAMSamplePortal.zip 553 KB
MIM CTP Test Lab Guide for Privileged Access Management.docx 394 KB
CORPWKSTN.zip 3.856,65 MB
CORPDC.zip 5.450,5 MB
PRIVDC.zip 5.629,68 MB
PAMSRV.zip 12.199,95 MB
SSPR_MFA_Fix.zip 977 KB

You’ll find the download link published today at:
https://connect.microsoft.com/site433/Downloads/DownloadDetails.aspx?DownloadID=57026

Note-to-self: #FIM2010 R2 SP1 Mainstream Support

Source: FIM TechNet forum post on FIM 2010 R2 SP1 Mainstream Support

Microsoft Product Lifecycle Search for FIM 2010 R2:
http://support2.microsoft.com/lifecycle/search/default.aspx?sort=PN&alpha=forefront+identity+manager&Filter=FilterNO

There is more info on  Microsoft.com/lifecycle which is relevant. From this site (first section in  FAQ):
Microsoft will offer a minimum of 10 years of support for Business, Developer, and Desktop Operating System (consumer or business) Software Products. Mainstream Support for Business, Developer, and Desktop Operating Systems will be provided for 5 years or for 2 years after the successor product (N+1) is released, whichever is longer.
Microsoft will also provide Extended Support for the 5 years following Mainstream support or for 2 years after the second successor product (N+2) is released, whichever is longer. Finally, most Business, Developer, and Desktop Operating System Software products will receive at least 10 years of online self-help support.”

R2 is a minor release and not a vNext product. FIM2010 is the main vNext product and it defines the lifecycle. R2 is a minor release and it will inherit the lifecycle from the main release.

You will find the same policy for other R2 releases, such as Windows Server 2012R2.

At the time MIM vNext is released, FIM2010 will automatically get its support extended by 2 years to summer 2017. That should give customers enough time to upgrade from FIM to MIM even if they start with FIM today. The support statement is on the Lifecycle page is likely to be updated at the moment of RTM of vNext.

And, as announced at TechEd, MIM RTM scheduled for mid-2015.

Note-to-self: Microsoft at Gartner Identity & Access Management Summit

You probably recall that, last year, there was quite some confusion regarding the availability of the MS products on the Magic Quadrant for Identity & Access, right? Well, here is some good news.

Source: http://blogs.technet.com/b/enterprisemobility/archive/2014/11/26/microsoft-at-gartner-identity-amp-access-management-summit.aspx

“December 2-4, 2014 Microsoft will be participating in the Gartner Identity & Access Management Summit in Las Vegas, NV as a Platinum sponsor.

Building on our recent momentum around Identity-as-a-Service and on-premises Identity & Access Management, Microsoft will be featuring our solutions at a booth staffed by Microsoft IAM professionals who will be providing an overview, demonstrations and answering questions.

Please join Microsoft Tuesday December 2, 2014 at 2:45PM at the conference for our dynamic presentation “Azure Active Directory Explained.”

Microsoft Azure Active Directory will be highlighted including analysis and deep information into our market-leading solution, roadmap and customer insights.

We will also be discussing the recently-released Microsoft Identity Manager Public Preview and will be providing technical demonstrations of our Identity & Access Management solutions.

Come join us at the Gartner Identity & Access Management Summit reception, presentation and booth to discuss Microsoft Azure Active Directory and Microsoft Identity Manager.”

As you have seen there was and there is a hopeful lot of activity on Microsoft Identity Management.
Alive and kicking. Better know it.