The MIM Security Feature Leaving FIM Behind

Posted on 9 July 2018

According to world-leading tech analysts Gartner, ‘privileged account management’ was the No.1 business security concern for 2018.  

With Microsoft Identity Manager (MIM), organisations can begin to address this major issue. MIM can help stop many of these problems – staff sharing system passwords, simple passwords (“password” is still in the top 10 commonly used passwords!), all while helping to reduce the opportunities for malicious attacks on the network. 

Let’s Start at the Beginning… 

MIM’s identity management suite ensures users have the correct access to organisational resources according to their job role. It includes improves automation and self-service features to give the end-user a quicker, more efficient experience.

MIM also lets you apply automatic expiration to delete accounts. This saves your team time and effort checking they’re deleted. Ideal if your company hires a lot of contractors. 

Identity Management is about more than just having multiple password for multiple applications. It’s about using a strategic approach to ensure people don’t have access to company data they don’t need to see. It’s about reducing those malicious attacks. It’s about putting those stories of MD’s expenses or employee wages left on the shared drives a thing of the past.  

Why Do These Problems Occur? 

You’re not going to like this. But the main reason why problems like this often happen is simply down to good old fashioned human error.

IT teams are still creating and deactivating staff accounts manually. Not only is this eating up resource time, but it increases the chances of a security breach. Unfortunately, humans aren’t perfect. They make mistakes, they forget things (e.g. passwords!) and therefore pose a risk to a business if all access accounts are managed manually.   

But it doesn’t have to be this way.  

What Can MIM Dto Help? 

For years, FIM has allowed businesses to automate user access based on job titles.  This simply means when a user starts working for you they have the access required for their role, through predetermined rules and when they leave all of that is removed.  

This automated process removes the risk of human error. This is more important than ever, especially in a world where any company can be brought to its knees by data reaching the wrong hands.  

But what about privileged access to the domain? 

It’s Called Privileged Access Management 

Privileged Access Management (PAM) is a new feature added to the MIM suite of products allowing IT teams to grant temporary privileged access to users. This is instead of granting permanent access which is often left indefinitely, widening the attack surface on the network.

Quite simply, if there are fewer permanent admins, then there are fewer opportunities for attackers to compromise systems.  

PAM also reduces the risk of disclosed passwords or day-to-day accounts being used as domain administrators – exactly the kind of thing that make a hacker’s job easier. 

Of course, this is just the tip of the iceberg: there’s much more to Microsoft Identity Manager and its many features.

To find out more about these features, please get in touch with a member of our team for a more in-depth conversation about MIM. 

A few people we've already done it for