Microsoft identity and access management

Microsoft offers a wide range of products related to identity and access management, although its products are considered rather rudimentary compared to competitors and are best suited to those organisations that primarily run Microsoft applications. They appeal in the main part to SMEs, rather than large enterprises, and customer references are thin on the ground. It has recently made acquisitions to fill out its portfolio and to develop capabilities for identity and access management for web and cloud-based services. However, it has been criticised for the slow pace of its development and lack of innovation, and some capabilities are provided via partners. It supports a wide range of standards and a clear focus is on social identity integration. 

Microsoft maintains a strong, worldwide partner network. In terms of identity and access management, partners include Hitachi-ID, Evidian and Courion for provisioning, web access management and enterprise single sign-on capabilities. As a multinational, Microsoft has a worldwide sales and support presence. 

Owing to its tight integration with other Microsoft technologies, the typical customer would be considered to be a Microsoft ‘shop’. Its rudimentary capabilities and low price make it best suited for smaller organisations. It provides little information regarding customers, and very few case studies. 

Microsoft’s identity and access management suite comprises a number of components – Forefront Identity Manager (FIM), Windows Server for Active Directory, Active Directory Federation Services and Windows Identity Foundation. FIM handles policy management, certificate management and user management and aims to promote user self-service. Active Directory Federation Services enables authentication across different domains.

Microsoft has less of a focus on cloud, SIEM, governance, risk and compliance, and DLP integration than its competitors, making it less suitable for the needs of larger organisations. Those wishing to control access to cloud applications should look at its Windows Azure Access Control Service, which can accept attributes from third-party cloud, web and SaaS applications, rather than Active Directory, although it can be used in conjunction with Active Directory Federation Services to provide this functionality. 

Although it has a presence worldwide, support options are heavily skewed towards organisations in North America.