All classes available with Virtual Classroom Live! Learn More

At the Forefront of Security

When it comes to policy management, data synchronization and user self-service Forefront Identity Manager handles it all.  Computerworld has a nice look at all three areas.

Policy Management

Forefront Identity Manager’s view of identity management is that employees, their roles and their eventual authorizations and authentication should all fall under the purview of policies. Administrators familiar with Group Policy in Windows will find this metaphor holds well. These policies consist of rules that you, as the administrator, can create to dictate what happens when certain actions take place.

These policies that you define are kicked off and then subsequently managed by the Windows Workflow Foundation.  This provides a powerful base for all sorts of interesting and complex workflows, with nesting, conditions and multiple branches. If your group has already invested in creating rules via WF, you can very simply import them into FIM and use and further customize them from within FIM, saving you from reinvesting the time necessary to create the workflows again in a different tool. If you have a proficient developer staff, you can also create workflows in Visual Studio and export them for use within FIM.

Data Synchronization

The core of any identity management product, FIM included, is the ability to keep multiple systems –often on different platforms, from different vendors, with different databases — synchronized as often as possible. The goal is for changes initiated by any system to be replicated accurately and efficiently up and down the chain of related systems.

FIM’s core, a synchronization service, manages the data coming into and out of FIM and handles communicating with the target systems — and in most cases it does so using standards or direct API support with each system. In other words, no messy agents need run on most of these systems.

All of these synchronization actions can be gated via the workflow system so that administrators or other designated personnel have to approve changes before they are sequenced throughout your organization — most helpful for creating and deleting users, but also helpful depending on the sensitivity of the systems in your network.

User Self-Service

One of the big points of emphasis in FIM 2010 is the delegation of simple administrative tasks to users themselves. From resetting passwords to managing distribution groups, FIM’s We- portal makes it reasonably simple for users to manage their group memberships, profile information (like addresses and office and mobile phone numbers, for example) and passwords themselves, without involving a help desk call.

You can check out the full article on testing FIM 2010 by Jonathan Hassell here.

If you’re looking to deploy FIM 2010 in your organization and need to ramp up on all of its little intricacies check out our M-50382 class coming up on 1/10/12 and then again on 2/21/12.

After completing this course, you will be able to:
•Understand FIM concepts and components.
•Identify appropriate FIM scenarios.
•Manage users, groups, and passwords using FIM.
•Synchronize identity data across systems, such as Active Directory and HR.
•Understand the issues involved in loading data (initial load, backup, and disaster recovery).
•Configure security for different levels of user.
•Manage password self-service reset and synchronization.
•Automate run cycles.
•Handle sets, simple workflows, and management policy rules (MPRs).

We also have a couple other Forefront classes you should checkout.

M-50357: Implementing Threat Management Gateway 2010

 After completing this course, you will be able to:
•Understand the new features and the value proposition for Forefront TMG.
•Explain how Forefront TMG protects clients and servers from Web-based threats.
•Describe how Forefront TMG enable outside systems to secure connect to internal services and applications.
•Describe how Forefront TMG integrates with Forefront Protection 2010 for Exchange and Microsoft Exchange Server 2010 to protect an organization from mail-based threats.
•Design an enterprise solution using Forefront TMG considering availability, scalability, operations, and migration from an existing Microsoft Internet Security and Acceleration (ISA) solution.

M-50360: Implementing Forefront Protection 2010 for Exchange and SharePoint

After completing this course, you will be able to:
•Understand the new features and the value proposition for the different product and technologies that are part of the Microsoft Forefront Protection Suite.
•Explain how Microsoft Forefront Threat Management Gateway 2010 can provide secure mail relay functionality combined with Microsoft Forefront Protection 2010 for Exchange Server and Microsoft Exchange Edge server role.
•Describe how Forefront Protection 2010 for Exchange Server and Microsoft Forefront Online Protection for Exchange protect an organization from mail-based threats.
•Describe how Microsoft Forefront Protection 2010 for SharePoint protects the organization from threats involving data in SharePoint Server sites.
•Understand how the Exchange Server and SharePoint Server security solutions are integrated and managed from Microsoft Forefront Protection Manager.

-Matt