New versions of additonal FIM/MIM connectors released

New version of the additional FIM/MIM connectors are relased some days ago.

This connector package contains the following connectors:

There are a couple of fixes and enhancements on those connectors, you can get the complete list from the version release history:

https://docs.microsoft.com/en-us/azure/active-directory/connect/active-directory-aadconnectsync-connector-version-history

(And yes, the placement of the documentation also makes no sense to me since these are FIM/MIM only connectors)

Connectors can be downloaded from here: https://www.microsoft.com/en-us/download/details.aspx?id=51495

 

MIM Portal: regular user access and unable to process your request

Getting the error „Unable to process your request“, is a common issue a lot of people are facing when accessing the FIM/MIM portal a regular user.

There are a lot of forums discussions and blog posts around that issue and how to solve it.

However, I think I found another reason why that issue can occur even if that will not be a common scenario for most people but still worth to write about it in my opinion.

Read more of this post

New Azure Group Based Licensing (V2) available as public preview

Just saw it in my demo tenant today that the new Azure Group Based Licensing (V2) is now available within the new Azure portal http://portal.azure.com under the Active Directory Node.

Until today, since all of you know, you could only assign EMS licenses by groups created in Azure or synchronized from an On-Premises directory. In addition, you could only assign the whole license/suite in one piece without the ability to disable sub plans, like RMS for example.

With the new group based licensing, you now can also assign other services license like Office 365 for example and are also be able to disable specific sub plans.

Here is how it looks like:

Navigate to the new portal (the artist formerly known as “the island”): http://portal.azure.com

Go to the Azure Active Directory Management (Preview):

01

You will see an overview of all your licenses and current assigned users and groups via the “All products” option:

02

03

Let us assign the Office 365 license by a group and disable some of the features:

Click “Licensed Group” and then “+ Assign”

04

Select a group created in Azure or synchronized from your On-Premises directory.

Click “assignment option (optional)”

05

Done, license assignment changes will now be scheduled and you can check the state of pending or active (should be active within one minute.)

06

You can have multiple groups with different sub plans disabled to reflect the licenses needed for different user type (Power Users, Limited Users or Guests)

There is also an audit log for all license assignment but with by early tests there is nothing logged, I assume because the necessary categories are missing until rollout of preview is complete.

 

Re-Awarded a 3rd time as an MVP

Just recieved my mail that I got the MVP award a 3rd time.

Still honored and proud to be part of the great community.

Lithnet FIM/MIM Synchronization Service PowerShell Module released

Ryan Newington (Developer of FIM/MIM Lithnet PS Module, new FIM/MIM Service Client and RestAPI) already anounced new PowerShell Cmdlets for the FIM/MIM Synchronization Service on the last MIM Team User Group Meeting.

You can now download that module on github.

See documentation on the modules and also the disclaimer.

Download the FIM/MIM Sync PowerShell Module.

Great job again Ryan.

Here is a list of modules included:

Read more of this post

Create PAM (Privileged Access Management) Mobile Apps with PowerApps

Maybe you already read my last blog post about using PowerApps for Microsoft Identity Manager where you find a definitions file for the Lithnet RestAPI for MIM to create a custom API for PowerApps. If not, please do so for some basic information’s.

I also will present the MIM and PAM PowerApps solution with some detailed information on the next MIM Team User Group meeting on June 15.

This time I give to all of you the swagger JSON definition file for the Privileged Access Management (PAM) RestAPI around with a demo PowerApp.

The swagger JSON and YAML files contains all the API calls that PAM provides, so you can do the following:

  • Get a list of all PAM roles you are a candidate for
  • Get the PAM role request history
  • Request a PAM role and also Cancel your request before TTL exceeds
  • Get a list of all PAM role requests you should approve
  • Approve of Reject a PAM role request

Since PowerApps is still a preview feature you might have some issues like I have, but I was able to test all scenarios mentioned above.
Read more of this post

MIMTeam User Group: MIM Handbook and upcomming MIM features

At the last MIM Team Usergroup meeting last week, David Steadman and Jeff Ingalls talked about their journey of writing the upcomming new MIM 2016 Handbook which is expected to be released in July.

Beside some very interesting facts on their experience and some funny things, there where one slide from David talking abount upcomming MIM 2016 CTP (preview) feature which fill then be comming to MIM GA some time in future.

Here is a screenshot of that slide:

MIMUpcommingCTPs

One of the most interesting facts I think is the support of Exchange Online for approvals, so you do not need to have your FIMService mailbox be onPremises, while you are maybe having already all other mailboxes migrated to O365.

Also all the feedback seems to be recognized by Microsoft so we can see their will be a PAM Single forest deployment scenario.

A lot of you I guess will also like the Cross Browser Support for MIM components lile SSPR and Portal.

So stay tuned for that and have a look to Microsoft Connect (Identity and AccessManagement Site) where those new CTPs will arrive.

 

%d bloggers like this: