What needs improvement with Microsoft Identity Manager?

If we don't use Microsoft Identity Manager for data masking, we can use some other tools, like IBM InfoSphere. The scope of Microsoft Identity Manager is limited to the identity part of our applications. Microsoft Identity Manager is an old technology, and Microsoft will discontinue it soon. Microsoft Identity Manager is very complex compared with other platforms. For example, I know Microsoft Azure is working on Azure Identity. In the future, Microsoft Identity Manager will migrate to Azure Identity because Azure Identity is a software asset and is less complex. The solution's technical support is bad, making it an area where improvements are required.

Microsoft Identity Manager has shown a strong focus on cloud solutions, but it could improve its support for legacy products and on-premise infrastructure. Legacy applications or solutions are often not fully supported, which can be a limitation for customers with existing on-premise setups. The emphasis on cloud-based solutions is beneficial for modernization as it is crucial to address customers' needs relying on legacy systems. Microsoft should address the gap in support for legacy products to ensure a more comprehensive and inclusive approach.

The security could be slightly improved.

I haven't identified any significant issues with Microsoft Identity Manager. It is constantly evolving, and Microsoft regularly introduces new features and improvements. It used to be known as Azure Active Directory, and now it is part of Microsoft InTouch, indicating its commitment to enhancing the platform. The continuous updates and changes are a positive sign, ensuring that the product remains robust and up-to-date. However, while it offers numerous features, not all of them are well-known or easily discoverable. Some valuable features might go unused because they are not well-documented or connected clearly in user guides. While the basic features are straightforward, more complex ones lack accessible documentation, making it challenging to understand their full potential. Improving the documentation and providing clearer guidance on how to connect different features would make it even better.

Microsoft Identity Manager could be more intuitive in terms of interface. Also, the product’s life cycle is very short. It is going to expire soon. It becomes tough to manage projects in this case.

The product's pricing and integration features could be improved.

It would be good if Microsoft Identity Manager Maybe could be integrated with Azure Active Directory directly and made as a cloud platform. Right now, Microsoft Identity Manager is just an on-premises application and can't be a cloud application. It can come as a SaaS (software as a service provider) solution.

I always appreciate products that provide technical information. It would be helpful to understand what's happening behind the scenes, such as log information. It doesn't need to be extensive, but it should show the process and provide insights. For example, in any Identity Manager software, having a console that displays the ongoing process helps identify any issues. Once you stop the process, you can refer to the problem and determine which system it's related to. This is very useful. In the case of Microsoft Identity Manager, it would be beneficial to have a similar process where each stage of the process is clearly documented. For example, if there's a problem with communication between the identity manager and the human resource services when requesting a new account or adding a profile, having visibility into the systems involved helps identify the root cause. It could be a problem with the sales system, even if the product itself is not the Active Directory server solution. Understanding the connection and how to resolve the issue is crucial.

The prices can always be improved, and the integration with the software from other vendors could use an improvement, especially if you are using something like Oracle for a database, SAP for ERP, or something like that.

MIM's reliability could be improved.

It requires a lot of improvements. Microsoft is killing this product and migrating some of the features to Azure AD. The last version of this solution was 2016. If it is going to stay and integrate with Azure AD, its integration needs to be worked on in terms of connectors, etc. It doesn't seem that they are improving it alone. Microsoft wants to integrate it with Azure AD, but the integration is still not complete. Their support is bad, and it should be improved.

We always need to log into the servers to do anything which means that the product is not very user friendly because we can't invoke it. You can't open it from your laptop, for example. If someone needs to carry out a joining or some other functionality which doesn't require them to be an admin but just a regular user doing something else, they need to log in to the server and we need to provide privileges for that. The other issue is the SQL Server. The solution is tightly tied to the SQL Server, which means it does not have any compatibility with the AWS RDS and it doesn't support the SQL Server RDS version. It also means there is a very high dependency on the SQL and for that reason instead of RDS we need to set up our own SQL Server on EC2 and I think that is something which they need to change. There's no compatability for Azure to manage the SQL Servers. It doesn't need to be vendor specific, but it should be able to support whichever database is provided by the vendor. I'd like to see more connectivity in the synchronization. What they currently have should be expanded. You should be able to connect to Azure AD Connect and get more cloud support. And again, the program should be able to connect to any of the cloud SQL.

The information that is available for the Active Directory portal is segregated here and there. It's not in one single location where you can see, for example, all of the security features and maybe the customization feature. In the next release of this solution, I would like to see the manageability, the web-based access to the portal, and the reconfiguration of things to be made simpler and more straightforward.

Support needs improvement. It is very easy to get somebody to help with the implementation of the Microsoft product itself, but when it comes to support it's a challenge as an IT team. You have to tell people, "Well we need to get back to Microsoft" and that can take forever. Sometimes the waiting process really gets you stuck. If you have deployed a feature in your environment and you're using it and you cannot get the necessary support to be able to get back aspects of it, then it's as if Microsoft has whet our appetite, but then we can't use it any more. It's frustrating for everyone. I want to be able to have access to somebody from Microsoft to be able to help me when I have challenges.

In terms of the identity and access management solution for an on-premise environment, I think Microsoft needs to eliminate or minimize the number of workloads for the solution to run in an on-premise environment. For example, you need more instances, more servers on-premise for the whole solution to completely function. You need ADFS servers, farms application proxies, a MIM server, SQL databases, and Cluster databases, which leads to more costs in running and maintaining the solution. I think Microsoft should minimize the number of instances in terms of hardware and software. In the next edition, I prefer that Microsoft would start looking at giving the solution the ability to integrate on-premise workloads, specifically Linux on-premise workloads, with the cloud-based identity and access management solution, which is Microsoft Azure Active Directory. Currently, the provided Microsoft identity and access management solution does not have the capability to integrate with a Linux or Unix environment and the cloud-based Azure Active Directory.

They have to improve the User Entity and Behavioral Analysis. They have all of these features, scattered around in different components. For example, if a user logs into a computer, from that point the behavior is not completely monitored. Windows Defender is monitoring the action, but if you go into the website, the solution is not capable of understanding it. Therefore, in the case of a user browsing a malicious website, there is no way to identify it. There should be a way to create a profile for each and every employee. For example, if an employee is searching websites for a job then the organization should be able to identify that and recognize that he's going to leave the company soon. Or, if the user is trying to access a confidential document then that identity should be tagged as a malicious user. You should be able to create metrics or risk levels for a particular user. Generally, the security features need to be improved so that they do not have to rely on other solutions. Importantly, browser behavior should be integrated. Properties such as what department an employee is in, and what resources they access, as well as the relevant correlations, should all be determined and stored.

This product was only launched two or three years ago, and it is still in the process of becoming stable. We have to make use of the current feature set before looking for new features.

If we compare this Microsoft Identity Manager with Okta or OneLogin, both provide multiple connectors and box connectors. Whereas with Microsoft Identity Manager, there are limits. Instead of using the connectors from the third-party companies, they should make the Microsoft templates available with this product. If Microsoft would increase the number of the box connectors that would be helpful to all the customers who use it daily. Microsoft Identity Manager is good for using in production and increasing recruitment.