Microsoft Identity Manager 2016 (MIM) is the latest incarnation of an on-premises server-based Microsoft product that used to be called ForeFront Identity Manager 2010 R2 (FIM), and Identity Lifecycle Manager (ILM) before that, and Microsoft Identity Integration Server 2003 (MIIS) before that. For a historical comparison see MIM, FIM and ILM compared.

​

Note that Azure AD Connect is based on MIM, too.

Fundamentally, MIM synchronizes identity data between various systems.

​

MIM is very flexible in what it can connect to (like Active Directory, other directories, HR systems, ERP systems, email systems etc.), and what objects it synchronizes (always users, often groups, and maybe roles, permissions, computers etc.)

 

It can provision and de-provision, enable and disable, move, and generally synchronize all types of attributes – even passwords (though passwords are not handled like other attributes – being propagated in real time, while regular attributes are synchronized on a schedule).

​

It comes with some options:

​

• A portal that includes a workflow engine for managing employees, contractors and groups, and for providing self-service password reset (it is noteworthy that the portal functionality is largely replaceable by features in Azure ADPremium, while the above synchronization capability remains a fundamental requirement to many hybrid implementations, and is actually part of Azure AD Premium)

• Reporting – though again, there are significant limitations, and third party alternatives are available (talk to us if you have reporting requirements)