We have an Azure AD tenant and on-prem AD and use AD Connect to keep them in sync. I'm told that I can leverage Azure AD to implement PAM on-prem but can't find any approach on how to do this, step by step. We also do not want to use MIM since it's already at EOL and would like to avoid using another 3rd party tool.
On-prem it is no problem for us to set up the second bastion forest but we don't know how Azure AD would be able to work with this.
Thanks!
MIM (formerly Forefront Identity Manager, and Identity Lifecycle Manager before that) is a widely used service for managing user lifecycles and access rights in Active Directory.Right now, it is moving into well-earned retirement phase.
In simple terms, yes. It is no longer actively developed by Microsoft. Mainstream support for MIM ended in January 2021. Azure AD Premium customers can get extended support until 2026.
The closest replacement is, Azure AD. It has a range of features that enable simple identity and access management for internal and external users.
Azure AD is the closest substitute. By adding third-party tools you can easily replace all of MIM’s features, and add many new ones.
Note these functionalities are only available at the Azure AD Premium P2 license level.
Would suggest you follow this link to get it apply: https://www.predicagroup.com/blog/azure-ad-identity-governance/
Or you can reach out to their MS support for information or predicagorup support as well.
Here are the first steps to developing your MIM migration roadmap: