Book Image

Microsoft Identity Manager 2016 Handbook

By : David Steadman, Jeff Ingalls
Book Image

Microsoft Identity Manager 2016 Handbook

By: David Steadman, Jeff Ingalls

Overview of this book

Microsoft Identity Manager 2016 is Microsoft’s solution to identity management. When fully installed, the product utilizes SQL, SharePoint, IIS, web services, the .NET Framework, and SCSM to name a few, allowing it to be customized to meet nearly every business requirement. The book is divided into 15 chapters and begins with an overview of the product, what it does, and what it does not do. To better understand the concepts in MIM, we introduce a fictitious company and their problems and goals, then build an identity solutions to fit those goals. Over the course of this book, we cover topics such as MIM installation and configuration, user and group management options, self-service solutions, role-based access control, reducing security threats, and finally operational troubleshooting and best practices. By the end of this book, you will have gained the necessary skills to deploy, manage and operate Microsoft Identity Manager 2016 to meet your business requirements and solve real-world customer problems.
Table of Contents (22 chapters)
Microsoft Identity Manager 2016 Handbook
Credits
About the Authors
About the Reviewers
www.PacktPub.com
Preface
Index

Considerations


Microsoft's PAM deployment considerations are well documented and can be found at http://bit.ly/PAMDeploymentConsiderations. We will highlight the key points.

As already mentioned, PAM helps mitigate attacks on accounts that have permanent membership in elevated groups. PAM is not an all-inclusive component that will mitigate every security-related issue. Consider one security situation in which end users have administrative access to their own workstations. It may seem harmless enough, but security software such as antivirus, antimalware, and firewall can be turned off or removed, and new (potentially malicious) software can be installed. Once malicious software is installed on a workstation, an attacker only needs to find a way to elevate access to gain control over the entire domain or forest. Not logging into untrusted workstations with an elevated account, such as a domain administrator, has been best practice in security for years and is helpful, but you can do better...