After the MIM PAM system is deployed, the existing Active Directory will continue to have users and groups added, modified and deleted. However, some changes may impact the PAMs system security. For example, if all the users in a security group were migrated to "Just in Time" privileged access management, and suddenly a new user appears in this group, this may indicate a problem. To provide more visibility, in this update we've added a specialized AD monitoring service to MIM. This monitoring service watches for changes applied to security groups in the existing Active Directory environment. When it detects changes, such as users being added directly to groups, it writes events to the event log in the PAM environment, which can then be retrieved by your organization's security monitoring (SIEM) tools. This makes it easier to efficiently monitor your Active Directory for inadvertent or anomalous changes to administrative access.
Next, since PowerShell cmdlets are the main tool for interacting with Microsoft Identity Manager for the PAM scenario in this update there are many new and improved PowerShell cmdlets to administer PAM. Type Get-Command -Module MIMPAM to find out more! Finally, we're introducing a new REST API into MIM, for the PAM scenario. This enables elevation requests to be embedded in your organization's existing tools for administrators, without needing to have the tools wrap PowerShell or the existing MIM SOAP API. We will also provide a sample portal that demonstrates how this API can be used. Updates in the Certificate Management (CM) scenario
MIM includes a modern application that leverage a new REST API to enroll virtual smartcards for a Windows 8.1 computer. This update enhances the user experience and adds new scenarios the Virtual Smartcard Certificate Manager application:
In-place Upgrade One of the concerns that we have received during the community preview, is about the upgrade path from existing FIM 2010 R2 deployments to MIM vNext. Our goal is to make the upgrade experience backward compatible and as smooth as possible. In this preview update we are adding the ability to upgrade FIM 2010 R2 to MIM vNext. The upgrade will be done by using the MSI files, as in the past. In this preview, the in-place upgrade has been tested for the Sync component only. What's next? If you're interested in these capabilities for on-premises and private cloud identity management, kindly download the refreshed preview, follow the Test Lab Guides to try them out and provide feedback. You can download the refreshed preview from the same Connect site as before, simply:
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.