Please share with the community what you think needs improvement with Microsoft Identity Manager.
What are its weaknesses? What would you like to see changed in a future version?
We always need to log into the servers to do anything which means that the product is not very user friendly because we can't invoke it. You can't open it from your laptop, for example. If someone needs to carry out a joining or some other functionality which doesn't require them to be an admin but just a regular user doing something else, they need to log in to the server and we need to provide privileges for that. The other issue is the SQL Server. The solution is tightly tied to the SQL Server, which means it does not have any compatibility with the AWS RDS and it doesn't support the SQL Server RDS version. It also means there is a very high dependency on the SQL and for that reason instead of RDS we need to set up our own SQL Server on EC2 and I think that is something which they need to change. There's no compatability for Azure to manage the SQL Servers. It doesn't need to be vendor specific, but it should be able to support whichever database is provided by the vendor. I'd like to see more connectivity in the synchronization. What they currently have should be expanded. You should be able to connect to Azure AD Connect and get more cloud support. And again, the program should be able to connect to any of the cloud SQL.
The information that is available for the Active Directory portal is segregated here and there. It's not in one single location where you can see, for example, all of the security features and maybe the customization feature. In the next release of this solution, I would like to see the manageability, the web-based access to the portal, and the reconfiguration of things to be made simpler and more straightforward.
Support needs improvement. It is very easy to get somebody to help with the implementation of the Microsoft product itself, but when it comes to support it's a challenge as an IT team. You have to tell people, "Well we need to get back to Microsoft" and that can take forever. Sometimes the waiting process really gets you stuck. If you have deployed a feature in your environment and you're using it and you cannot get the necessary support to be able to get back aspects of it, then it's as if Microsoft has whet our appetite, but then we can't use it any more. It's frustrating for everyone. I want to be able to have access to somebody from Microsoft to be able to help me when I have challenges.
In terms of the identity and access management solution for an on-premise environment, I think Microsoft needs to eliminate or minimize the number of workloads for the solution to run in an on-premise environment. For example, you need more instances, more servers on-premise for the whole solution to completely function. You need ADFS servers, farms application proxies, a MIM server, SQL databases, and Cluster databases, which leads to more costs in running and maintaining the solution. I think Microsoft should minimize the number of instances in terms of hardware and software. In the next edition, I prefer that Microsoft would start looking at giving the solution the ability to integrate on-premise workloads, specifically Linux on-premise workloads, with the cloud-based identity and access management solution, which is Microsoft Azure Active Directory. Currently, the provided Microsoft identity and access management solution does not have the capability to integrate with a Linux or Unix environment and the cloud-based Azure Active Directory.
They have to improve the User Entity and Behavioral Analysis. They have all of these features, scattered around in different components. For example, if a user logs into a computer, from that point the behavior is not completely monitored. Windows Defender is monitoring the action, but if you go into the website, the solution is not capable of understanding it. Therefore, in the case of a user browsing a malicious website, there is no way to identify it. There should be a way to create a profile for each and every employee. For example, if an employee is searching websites for a job then the organization should be able to identify that and recognize that he's going to leave the company soon. Or, if the user is trying to access a confidential document then that identity should be tagged as a malicious user. You should be able to create metrics or risk levels for a particular user. Generally, the security features need to be improved so that they do not have to rely on other solutions. Importantly, browser behavior should be integrated. Properties such as what department an employee is in, and what resources they access, as well as the relevant correlations, should all be determined and stored.
This product was only launched two or three years ago, and it is still in the process of becoming stable. We have to make use of the current feature set before looking for new features.
If we compare this Microsoft Identity Manager with Okta or OneLogin, both provide multiple connectors and box connectors. Whereas with Microsoft Identity Manager, there are limits. Instead of using the connectors from the third-party companies, they should make the Microsoft templates available with this product. If Microsoft would increase the number of the box connectors that would be helpful to all the customers who use it daily. Microsoft Identity Manager is good for using in production and increasing recruitment.
I'm researching identity management/identity and access management solutions. Are there any good comparison matrices comparing Microsoft Identity Manager to other identity and access management solutions?
Thanks in advance,