#FIM2010 & MIM 2016 licensing model is changing as of 1st of april 2015


Download the “Microsoft Product Use Rights (WW, English, April 2015)” document at In short, prior to 1st of april 2015, you required

  • a FIM server license for every FIM server installed and a CAL for every user managed in the FIM Service, or
  • Forefront Identity Manager 2010 R2 External Connector
Functionality Covered by
FIM Server Components (FIM Sync, FIM Services, FIM portal, …) FIM Server SKU
CAL Standalone FIM CAL, or Azure Active Directory Premium (AADP), or Enterprise Mobility Suite (EMS) User, orEnterprise Cloud Suite (ECS) User SL
External Users FIM External Connector license (per server)

After 1st of april 2015:

  • Windows Server license (Standard & Datacenter) will include FIM server entitlement
  • FIM Server 2010 R2 licenses will not be available anymore on the price lists
Functionality Covered by
FIM Server Components (FIM Sync, FIM Services, FIM portal, …) Windows Server license (Standard & Datacenter) will include FIM server entitlement
CAL Standalone (FIM) CAL, or Azure Active Directory Premium (AADP), or Enterprise Mobility Suite (EMS) User, or Enterprise Cloud Suite (ECS) User SL
External Users Windows Connector license

Certificate and Identity Management

  • A CAL is also required for any person for whom the software issues or manages identity information.

Synchronization Service

  • A CAL is not required for users only using the Forefront Identity Manager synchronization service.

From the PUR:

  • External Connector License means a license attached to a Server that permits access to the server software by External Users.
  • External Users means users that are not either your or your Affiliates’ employees, or your or your affiliates’ onsite contractors or onsite agents.
  • CAL means client access license. There are two kinds of CALs: user and device. A user CAL allows access to the server software from any device by one user. A device CAL allows access to the server software from one device by any user.

FIM / MIM is using a user CAL. The FIM server will no longer be sold as a separate license, but instead Windows Server licenses will allow customers to install the FIM Server software. Since FIM users already required a Windows Server CAL or equivalent to access FIM running on Windows Server, no additional Windows Server CALs (or Windows Server External Connector) will be required. Still it’s important to understand that you still need FIM/MIM CALs to manage identities with FIM/MIM (unless you only use the FIM/MIM Sync). Azure Active Directory Premium (AADP) and any suite that contains AADP, including Enterprise Mobility Suite (EMS) and Enterprise Cloud Suite (ECS) or a additive FIM CAL will also entitle users to access FIM. MIM will have the same licensing model. All current FIM customers with active SA on the underlying Windows Server, (since the right to install FIM server is now granted with a Windows Server license), will have rights to upgrade to MIM when it launches. And for my Dutch speaking followers… Tous la même chose:

PS: The FIM licensing page on TechNet Wiki will be updated ASAP (

[ADD-ON, Jan 2016]


Note-to-self: Microsoft Ignite session – Upgrading from #FIM2010 to #MSIM2015 and Azure Active Directory

Mental note: Microsoft Ignite, May 48, 2015 (Chicago, IL)

Check out this session at #MSIgnite and find other content that’s right for you.

“In this session we will cover how to upgrade from Forefront Identity Manager and earlier products to the upcoming Microsoft Identity Manager (MIM), demonstrate how MIM integrates with Azure Active Directory (AD), and review best practices for integrating private and public cloud identity and access management.” 

All info at



New MIM vNext CTP (CTP3) posted on Microsoft Connect #FIM2010 #MSIM2015

Today the FIM/MIM product group posted a new version of the MIM vNext CTP on
Microsoft Connect (Milestone CTP3, 4.3.1691.0)

Head over to the Microsoft Connect site at:

Some interesting new stuff has been published:

[UPDATE, 3/mar/2015, additional files have been published, you need 27GB free space now]

Bestandsnaam: Bestandsgrootte 111,54 MB
CTP3 MIM CM with Modern App TLG.docx 5,38 MB
MIM Preview Questionnaire_clean.docx 25 KB
PAM REST API Reference V1.0.docx 31 KB
TLG for SSLA with MFA – 2015-02-22.docx 4,05 MB 553 KB
MIM CTP Test Lab Guide for Privileged Access Management.docx 394 KB 3.856,65 MB 5.450,5 MB 5.629,68 MB 12.199,95 MB 977 KB

You’ll find the download link published today at:

Microsoft announced further details on the #FIM2010 vNext roadmap (now : aka Microsoft Identity Manager)


Allow me to rephrase the announcement message, to condense the message. Full message at references mentioned earlier.


Today the product group provided an update with further details of the FIM 2010 roadmap.

This is including the approach and the investments they are making to enhance the on-premises, private cloud and hybrid cloud identity management solutions.

(quote) “Forefront Identity Manager helps your organization ensure users have appropriate access corporate information regardless of where it is located—in your datacenter or in the cloud, by providing self-service identity management, automated lifecycle management across heterogeneous platforms, a rich policy framework for enforcing security policies, and detailed audit capabilities.

The approach to the next version of Identity Manager is guided by the following customer feedback and innovation goals:

  • Continue to address risks to critical assets, by enhancing and expanding the available protections for enterprise identity, ensuring the enterprise’s identity infrastructure is resilient to targeted attacks
  • Enable the mobile access scenarios that customers are looking to adopt and manage from a broad range of devices across on-premises and cloud services
  • Connect with Azure Active Directory to integrate with its features and extend the reach of enterprise identity to a range of Software-as-a-Service applications
  • Deliver easy-to-deploy end-to-end scenarios that complement investments in Windows, Office, Microsoft Azure, and Active Directory with end user self-service, delegation and configurable policies

Three major investment areas have been identified for this release of Identity Manager:

  • Hybrid scenarios that leverage cloud-based services delivered in Microsoft Azure, including Multi-Factor Authentication, Azure Active Directory application integration, analytics and reporting
  • Support for the latest platforms and mobile devices with modern user interfaces
  • Improved security with additional controls, analytics and auditing of administrative and privileged user identities and their access to Active Directory, Windows Server and applications


As part of the next release, we will also move Identity Manager under the Microsoft brand, so this release will be known as Microsoft Identity Manager.  

More details will be available next month at the TechEd North America 2014 breakout session PCIT-B328, scheduled for May 14th at 5:00 PM US Central time. We will also have more to share and later in the year including timelines for preview programs and the release schedule.

So now #FIM2010 is not FIM any more, it’s MIM.
We need to find a new hash tag, right? #MIM is taken…

Any suggestion? #MIM2015?