What is our primary use case?
We are currently using a hybrid identity access management solution. We've got an on-premise ADFS that is running a Server 2016 ADFS farm. That is coupled to a Microsoft Identity Management Server 2016, which is then coupled to Azure Active Directory as the cloud-based identity and access management solution.
How has it helped my organization?
We're a partner and a reseller. We're a Microsoft Gold Partner and Cloud Platform, and we have achieved the Microsoft competency at the highest level due to our commitment to delivering successful solutions in both on-premises and cloud-based environments. So we are a Microsoft delivery partner and a Tier 2 reseller. In other words, we're reselling Microsoft licenses.
We're also a deployment partner for Microsoft services, meaning that we can deploy services and migrate customers and design solutions and be involved in adoption and innovation programs on behalf of Microsoft. So we're a big partner in Microsoft solutions.
What is most valuable?
The feature that I find most valuable is the security layer of the identity and access management solution. The ability to secure on-premise and cloud-based workloads and to provide seamless authentication into hybrid workloads. In addition to cloud-based authentication, we've also got advanced adaptive authentication with a privileged identity management feature for protecting identities.
What needs improvement?
In terms of the identity and access management solution for an on-premise environment, I think Microsoft needs to eliminate or minimize the number of workloads for the solution to run in an on-premise environment.
For example, you need more instances, more servers on-premise for the whole solution to completely function. You need ADFS servers, farms application proxies, a MIM server, SQL databases, and Cluster databases, which leads to more costs in running and maintaining the solution.
I think Microsoft should minimize the number of instances in terms of hardware and software.
In the next edition, I prefer that Microsoft would start looking at giving the solution the ability to integrate on-premise workloads, specifically Linux on-premise workloads, with the cloud-based identity and access management solution, which is Microsoft Azure Active Directory. Currently, the provided Microsoft identity and access management solution does not have the capability to integrate with a Linux or Unix environment and the cloud-based Azure Active Directory.
For how long have I used the solution?
I've been using this solution for over five years.
What do I think about the stability of the solution?
I'm satisfied with the stability. It is quite stable these days because Microsoft updates all of its identity management solution technologies monthly. In terms of stability, I'm quite impressed.
What do I think about the scalability of the solution?
I'm not quite impressed with the scalability of the solution, because you need more workloads in terms of scalability. For small businesses, I wouldn't recommend the Microsoft identity and management solution for on-premises environments for SMBs, because they won't see any return on investment since they will still need to invest in hardware, which is quite costly, and also in software. Maintaining the solution in general also requires more workload and instances to operate, so I wouldn't recommend on-premises environment for small businesses.
That is why most of my customers are enterprise customers. They will be best with a complex environment. Specifically, they will have hybrid environments that are running the on-premises MIM, Microsoft Identity Management.
For cloud-based identity and access management solution for Microsoft, specifically the Microsoft Azure Active Directory, it's an excellent solution for small businesses. It's excellent and it's easy to scale because you don't need to be an enterprise business to protect your applications with Azure Active Directory. It's quite good for cloud-based environments.
How are customer service and support?
They provide excellent support. Now when you log a call with them they engage with you until they resolve the solution. They give you a dedicated engineer, a PSE specifically, to come and correct any issues.
How was the initial setup?
To be honest, the on-premise configuration is complex. You need to know what you are doing to successfully deploy the solution. You need components such as an SSL certificate. Also, you can't use a self-signed certificate. You need a certificate with a publicly known CA, such as GoDaddy or DigiCert. Additionally, you need to configure your application proxies, all your ADFS and MIM servers, and also the database servers correctly. It's quite complex, you need to know what you're doing in terms of getting the solution up to speed.
What other advice do I have?
My advice to someone implementing this solution would be to implement the on-premise identity and access management solution if they've got more than 1,000 identities on-premise. I strongly recommend implementing an on-premise environment in that case, or if they are a financial institution, such as a bank or underwriting institution. They also should implement the hybrid deployment, which means there would be an integration of the identity management solution sitting on-premises and a combination of the Azure Active Directory as an identity and access management in the cloud-based environment.
For small businesses, I would recommend that they implement the cloud-based identity and access management solution, leveraging the provided Azure Active Directory by Microsoft.
I'd give Microsoft Identity Manager a rating of nine out of ten. I'm giving it a nine because I'm looking at the hybrid scenario and more strongly on the cloud-based identity and access management solution for Microsoft. It has a lot of features; it has all the bells and whistles of identity and access management, such as adaptive MFA, intelligent graph security API, and being powered by Microsoft Graph API. Also, the multi-factor authentication is easy to set up, with a single button. For Windows environments, you just install one application API, called AD Connect, to sync all the on-premises identity to the Microsoft Azure Active Directory.
The reason why I'm not giving it a ten is that they still need to upgrade their solution to enable a new feature to accommodate Linux and Unix identity directory specifically to integrate with Microsoft Azure Active Directory. It seems as if the company does not want to provide that capability because now they are focusing on growing their own Microsoft Azure cloud, which means they are forcing all those customers that are running the Linux or Unix environment to come and migrate or lift and shift all their Linux or Unix workloads into Microsoft Azure. I think they are focusing on growing their own environment, which is why they are not providing this capability.
*Disclosure: My company has a business relationship with this vendor other than being a customer: Reseller and partner.
