diff --git a/.gitignore b/.gitignore
index 9186e28b..a0fc2bd4 100644
--- a/.gitignore
+++ b/.gitignore
@@ -11,3 +11,7 @@ Tools/NuGet/
packages.config
_themes
+# Ignore all .DS_Store files
+.DS_Store
+**/.DS_Store
+
diff --git a/.openpublishing.build.ps1 b/.openpublishing.build.ps1
deleted file mode 100644
index dd60c684..00000000
--- a/.openpublishing.build.ps1
+++ /dev/null
@@ -1,18 +0,0 @@
-param(
- [string]$buildCorePowershellUrl = "https://opbuildstoragesandbox2.blob.core.windows.net/opps1container/.openpublishing.buildcore.ps1",
- [string]$parameters
-)
-# Main
-$errorActionPreference = 'Stop'
-
-# Step-1 Download buildcore script to local
-echo "download build core script to local with source url: $buildCorePowershellUrl"
-$repositoryRoot = Split-Path -Parent $MyInvocation.MyCommand.Definition
-$buildCorePowershellDestination = "$repositoryRoot\.openpublishing.buildcore.ps1"
-Invoke-WebRequest $buildCorePowershellUrl -OutFile $buildCorePowershellDestination
-
-# Step-2: Run build core
-echo "run build core script with parameters: $parameters"
-$arguments = "-parameters:'$parameters'"
-Invoke-Expression "$buildCorePowershellDestination $arguments"
-exit $LASTEXITCODE
\ No newline at end of file
diff --git a/.openpublishing.redirection.json b/.openpublishing.redirection.json
index 477d0a5f..4cdda62e 100644
--- a/.openpublishing.redirection.json
+++ b/.openpublishing.redirection.json
@@ -30,9 +30,19 @@
"redirect_url": "/microsoft-identity-manager/topology-considerations",
"redirect_document_id": false
},
+ {
+ "source_path": "MIMDocs/mim-adfs-installation-configuration.md",
+ "redirect_url": "/microsoft-identity-manager/microsoft-identity-manager-deploy",
+ "redirect_document_id": false
+ },
+ {
+ "source_path": "MIMDocs/mim-adfs-prepare-installation.md",
+ "redirect_url": "/microsoft-identity-manager/microsoft-identity-manager-deploy",
+ "redirect_document_id": false
+ },
{
"source_path": "MIMDocs/Understand/identity-manager-hybrid-reporting-azure.md",
- "redirect_url": "/microsoft-identity-manager/identity-manager-hybrid-reporting-azure",
+ "redirect_url": "/microsoft-identity-manager/working-with-identity-manager-hybrid-reporting",
"redirect_document_id": false
},
{
@@ -185,6 +195,21 @@
"redirect_url": "/microsoft-identity-manager/bhold/bhold-concepts-guide",
"redirect_document_id": false
},
+ {
+ "source_path": "microsoft-identity-manager/identity-manager-hybrid-reporting-azure.md",
+ "redirect_url": "/microsoft-identity-manager/working-with-identity-manager-hybrid-reporting",
+ "redirect_document_id": false
+ },
+ {
+ "source_path": "MIMDocs/identity-manager-hybrid-reporting-azure.md",
+ "redirect_url": "/microsoft-identity-manager/working-with-identity-manager-hybrid-reporting",
+ "redirect_document_id": false
+ },
+ {
+ "source_path": "MIMDocs/migrate-from-the-fim-connector-for-azure-active-directory.md",
+ "redirect_url": "/microsoft-identity-manager/migrate-entra-id",
+ "redirect_document_id": false
+ },
{
"source_path": "MIMDocs/DeployUse/working-with-self-service-password-reset.md",
"redirect_url": "/microsoft-identity-manager/working-with-self-service-password-reset",
diff --git a/MIMDocs/bhold/bhold-access-management-connector-install.md b/MIMDocs/bhold/bhold-access-management-connector-install.md
index 407ff3af..cc9179e5 100644
--- a/MIMDocs/bhold/bhold-access-management-connector-install.md
+++ b/MIMDocs/bhold/bhold-access-management-connector-install.md
@@ -1,20 +1,13 @@
---
-# required metadata
-
title: BHOLD access management connector installation | Microsoft Docs
description: The BHOLD connector module supports initial and ongoing synchronization of data
-keywords:
-author: billmath
-ms.author: billmath
-manager: amycolannino
-ms.date: 09/14/2023
-ms.topic: article
+author: henrymbuguakiarie
+ms.author: henrymbugua
+ms.date: 04/08/2025
+ms.topic: install-set-up-deploy
ms.service: microsoft-identity-manager
-
-ms.assetid:
-
-
---
+
# Access Management Connector Installation
The BHOLD Suite Access Management Connector module supports both initial and ongoing synchronization of data into BHOLD. The Access Management Connector works with the Microsoft Identity Manager (MIM) Synchronization Service to move data among the BHOLD Core database, the FIM 2010 metaverse, and target applications and identity stores. After installing the Access Management Connector module, you will be able to create FIM Management Agents that control data flow between BHOLD and MIM.
diff --git a/MIMDocs/bhold/bhold-analytics-installation.md b/MIMDocs/bhold/bhold-analytics-installation.md
index 93d81eeb..e34c09ff 100644
--- a/MIMDocs/bhold/bhold-analytics-installation.md
+++ b/MIMDocs/bhold/bhold-analytics-installation.md
@@ -1,19 +1,11 @@
---
-# required metadata
-
title: BHOLD Analytics Installation | Microsoft Docs
description: BHOLD Analytics module provides rule-based testing of data access
-keywords:
-author: billmath
-ms.author: billmath
-manager: amycolannino
-ms.date: 09/14/2023
-ms.topic: article
+author: henrymbuguakiarie
+ms.author: henrymbugua
+ms.date: 04/08/2025
+ms.topic: concept-article
ms.service: microsoft-identity-manager
-
-ms.assetid:
-
-
---
# BHOLD Analytics Installation
diff --git a/MIMDocs/bhold/bhold-attestation-installation.md b/MIMDocs/bhold/bhold-attestation-installation.md
index feec0a73..c6ed314c 100644
--- a/MIMDocs/bhold/bhold-attestation-installation.md
+++ b/MIMDocs/bhold/bhold-attestation-installation.md
@@ -1,19 +1,11 @@
---
-# required metadata
-
title: BHOLD attestation installation | Microsoft Docs
description: BHOLD attestation module lets you designate reviewers and perform reviews
-keywords:
-author: billmath
-ms.author: billmath
-manager: amycolannino
-ms.date: 09/14/2023
-ms.topic: article
+author: henrymbuguakiarie
+ms.author: henrymbugua
+ms.date: 04/08/2025
+ms.topic: install-set-up-deploy
ms.service: microsoft-identity-manager
-
-ms.assetid:
-
-
---
# BHOLD attestation installation
diff --git a/MIMDocs/bhold/bhold-concepts-guide.md b/MIMDocs/bhold/bhold-concepts-guide.md
index 70be020e..131cee28 100644
--- a/MIMDocs/bhold/bhold-concepts-guide.md
+++ b/MIMDocs/bhold/bhold-concepts-guide.md
@@ -1,14 +1,10 @@
---
-# required metadata
-
title: Microsoft BHOLD Suite Concepts Guide
description: Understand how Microsoft BHOLD Suite works with Microsoft Identity Manager.
-keywords:
-author: billmath
-ms.author: billmath
-manager: amycolannino
-ms.date: 09/14/2023
-ms.topic: conceptual
+author: henrymbuguakiarie
+ms.author: henrymbugua
+ms.date: 04/08/2025
+ms.topic: concept-article
ms.assetid:
ms.service: microsoft-identity-manager
diff --git a/MIMDocs/bhold/bhold-core-installation.md b/MIMDocs/bhold/bhold-core-installation.md
index afe82a76..ed6c25c9 100644
--- a/MIMDocs/bhold/bhold-core-installation.md
+++ b/MIMDocs/bhold/bhold-core-installation.md
@@ -1,20 +1,13 @@
---
-# required metadata
-
title: BHOLD core Installation | Microsoft Docs
description: BHOLD suite installation core document
-keywords:
-author: billmath
-ms.author: billmath
-manager: amycolannino
-ms.date: 09/14/2023
-ms.topic: article
+author: henrymbuguakiarie
+ms.author: henrymbugua
+ms.date: 04/08/2025
+ms.topic: install-set-up-deploy
ms.service: microsoft-identity-manager
-
-ms.assetid:
-
-
---
+
# BHOLD Core installation
The BHOLD Core module provides the key features of BHOLD Suite within your environment. The BHOLD Core module must be installed and configured on a server in your local area network before you can install other BHOLD Suite modules.
diff --git a/MIMDocs/bhold/bhold-installation-guide.md b/MIMDocs/bhold/bhold-installation-guide.md
index 9b71d6fa..52d6cffb 100644
--- a/MIMDocs/bhold/bhold-installation-guide.md
+++ b/MIMDocs/bhold/bhold-installation-guide.md
@@ -1,20 +1,13 @@
---
-# required metadata
-
title: BHOLD SP1 Installation
description: BHOLD SP1 installation documentation
-keywords:
-author: billmath
-ms.author: billmath
-manager: amycolannino
-ms.date: 09/14/2023
-ms.topic: article
+author: henrymbuguakiarie
+ms.author: henrymbugua
+ms.date: 04/08/2025
+ms.topic: install-set-up-deploy
ms.service: microsoft-identity-manager
-
-ms.assetid:
-
-
---
+
# Microsoft BHOLD Suite Installation Guide
Microsoft® BHOLD Suite is a collection of applications that, when used with Microsoft Identity Manager 2016 SP2 (MIM), adds effective role management and attestation to MIM. Microsoft BHOLD Suite SP1 consists of the following modules:
diff --git a/MIMDocs/bhold/bhold-integration-installation.md b/MIMDocs/bhold/bhold-integration-installation.md
index 32836e47..6ec9516d 100644
--- a/MIMDocs/bhold/bhold-integration-installation.md
+++ b/MIMDocs/bhold/bhold-integration-installation.md
@@ -1,20 +1,13 @@
---
-# required metadata
-
title: BHOLD FIM/MIM integration installation | Microsoft Docs
description: BHOLD integration module adds self-service role management to MIM and FIM
-keywords:
-author: billmath
-ms.author: billmath
-manager: amycolannino
-ms.date: 09/14/2023
-ms.topic: article
+author: henrymbuguakiarie
+ms.author: henrymbugua
+ms.date: 04/08/2025
+ms.topic: concept-article
ms.service: microsoft-identity-manager
-
-ms.assetid:
-
-
---
+
# BHOLD FIM/MIM Integration Installation
diff --git a/MIMDocs/bhold/bhold-model-generator-installation.md b/MIMDocs/bhold/bhold-model-generator-installation.md
index 769d4d9b..99a0d60f 100644
--- a/MIMDocs/bhold/bhold-model-generator-installation.md
+++ b/MIMDocs/bhold/bhold-model-generator-installation.md
@@ -1,19 +1,11 @@
---
-# required metadata
-
title: BHOLD model generator installation | Microsoft Docs
description: BHOLD model allows you to structure data from various sources
-keywords:
-author: billmath
-ms.author: billmath
-manager: amycolannino
-ms.date: 09/14/2023
-ms.topic: article
+author: henrymbuguakiarie
+ms.author: henrymbugua
+ms.date: 04/08/2025
+ms.topic: concept-article
ms.service: microsoft-identity-manager
-
-ms.assetid:
-
-
---
# BHOLD Model Generator Installation
diff --git a/MIMDocs/bhold/bhold-reporting-installation.md b/MIMDocs/bhold/bhold-reporting-installation.md
index d5b0773b..014e1226 100644
--- a/MIMDocs/bhold/bhold-reporting-installation.md
+++ b/MIMDocs/bhold/bhold-reporting-installation.md
@@ -1,19 +1,11 @@
---
-# required metadata
-
title: BHOLD reporting Installation | Microsoft Docs
description: BHOLD reporting module allows you to generate reports about roles and authorization policies
-keywords:
-author: billmath
-ms.author: billmath
-manager: amycolannino
-ms.date: 09/14/2023
-ms.topic: article
+author: henrymbuguakiarie
+ms.author: henrymbugua
+ms.date: 04/08/2025
+ms.topic: install-set-up-deploy
ms.service: microsoft-identity-manager
-
-ms.assetid:
-
-
---
diff --git a/MIMDocs/bhold/toc.md b/MIMDocs/bhold/toc.md
index f8d61ad1..1d5ec41b 100644
--- a/MIMDocs/bhold/toc.md
+++ b/MIMDocs/bhold/toc.md
@@ -1,9 +1,7 @@
# [Understand and Explore](../microsoft-identity-manager-2016.md)
## [What is MIM 2016?](../microsoft-identity-manager-2016.md)
-
### [MIM2016 SP1 PAM deployment scripts](../sp1-deployment-scripts.md)
## [Learn about PAM](../pam/privileged-identity-management-for-active-directory-domain-services.md)
-## [Hybrid reporting in Azure](../identity-manager-hybrid-reporting-azure.md)
# [Plan and Design](../microsoft-identity-manager-2016-supported-platforms.md)
## [Supported platforms](../microsoft-identity-manager-2016-supported-platforms.md)
## [Connect to directories](../supported-management-agents.md)
@@ -12,7 +10,6 @@
## [Plan your PAM deployment](../pam/environment-overview.md)
# [Deploy and Use](../microsoft-identity-manager-deploy.md)
## [Deprecated features](../microsoft-identity-manager-2016-deprecated-features.md)
-### [Using Azure MFA Server in PAM or SSPR](../working-with-mfaserver-for-mim.md)
### [BHOLD installation topics](bhold-installation-guide.md)
#### [BHOLD core installation](bhold-core-installation.md)
#### [BHOLD attestation installation](bhold-attestation-installation.md)
@@ -54,7 +51,7 @@
### [Step 6 - Create privileged accounts](../pam/step-6-transition-group-to-pam.md)
### [Step 7 - Elevate a user's access](../pam/step-7-elevate-user-access.md)
### [Deploy MIM PAM with Windows Server 2016](../pam/deploy-pam-with-windows-server-2016.md)
-### [Set up Azure MFA](../pam/use-azure-mfa-for-activation.md)
+### [Set up custom MFA](../pam/use-azure-mfa-for-activation.md)
## [Configure PAM using scripts](../pam/sp1-pam-configure-using-scripts.md)
### [Step 1 Configuring the Priv domain](../pam/sp1-step1-configuring-priv-domain.md)
### [Step 2 Configuring the CORP domain](../pam/sp1-step2-configuring-corp-domain.md)
diff --git a/MIMDocs/capacity-planning-guide.md b/MIMDocs/capacity-planning-guide.md
index 9b3b8a7c..ed1cdd79 100644
--- a/MIMDocs/capacity-planning-guide.md
+++ b/MIMDocs/capacity-planning-guide.md
@@ -4,26 +4,13 @@
title: Capacity planning guide | Microsoft Docs
description: Use this guide to understand the variables that should be considered before deploying MIM 2016, including load levels and policy decisions.
keywords:
-author: billmath
-ms.author: billmath
-manager: amycolannino
-ms.date: 04/10/2024
-ms.topic: article
+author: henrymbuguakiarie
+ms.author: henrymbugua
+ms.date: 04/08/2025
+ms.topic: concept-article
ms.service: microsoft-identity-manager
-
-ms.assetid: 3ac5b990-1678-4996-996d-cbd84b8426b4
-
-# optional metadata
-
-#ROBOTS:
-#audience:
-#ms.devlang:
-ms.reviewer: mwahl
-ms.suite: ems
-#ms.tgt_pltfrm:
-#ms.custom:
-
---
+
# Capacity planning guide
Microsoft Identity Manager (MIM) lets you create, update, and remove user accounts throughout your organization. It also gives end users the ability to manage their own accounts self-service features. Even in a small environment, all these actions can add up quickly.
diff --git a/MIMDocs/certificate-manager-for-non-administrators.md b/MIMDocs/certificate-manager-for-non-administrators.md
index 25007b54..d50c1a1b 100644
--- a/MIMDocs/certificate-manager-for-non-administrators.md
+++ b/MIMDocs/certificate-manager-for-non-administrators.md
@@ -4,11 +4,10 @@
title: Microsoft Identity Manager Self-service smart card renewal without Administrator access | Microsoft Docs
description: Learn how to enroll smart cards for users without administrator access to their machines so they can use Certificate Manager.
keywords:
-author: billmath
-ms.author: billmath
-manager: amycolannino
-ms.date: 09/14/2023
-ms.topic: article
+author: henrymbuguakiarie
+ms.author: henrymbugua
+ms.date: 04/08/2025
+ms.topic: how-to
ms.service: microsoft-identity-manager
ms.assetid: bfabc562-a2f0-4cff-ac31-36927f41e102
diff --git a/MIMDocs/certificate-manager-for-software-certificates.md b/MIMDocs/certificate-manager-for-software-certificates.md
index 5fb7227b..9528f9a4 100644
--- a/MIMDocs/certificate-manager-for-software-certificates.md
+++ b/MIMDocs/certificate-manager-for-software-certificates.md
@@ -4,11 +4,10 @@
title: Request certificates in Certificate Manager using templates | Microsoft Docs
description: Learn how to use Certificate Manager to create and renew software certificates with profile templates.
keywords:
-author: billmath
-ms.author: billmath
-manager: amycolannino
-ms.date: 09/14/2023
-ms.topic: article
+author: henrymbuguakiarie
+ms.author: henrymbugua
+ms.date: 04/08/2025
+ms.topic: how-to
ms.service: microsoft-identity-manager
ms.assetid: fed5ada9-d80f-4825-aad7-4172ac5d71d3
diff --git a/MIMDocs/deploying-mim-password-change-notification-service-on-domain-controller.md b/MIMDocs/deploying-mim-password-change-notification-service-on-domain-controller.md
index 0922b424..28243064 100644
--- a/MIMDocs/deploying-mim-password-change-notification-service-on-domain-controller.md
+++ b/MIMDocs/deploying-mim-password-change-notification-service-on-domain-controller.md
@@ -4,11 +4,10 @@
title: Deploy the password change notification service | Microsoft Docs
description: Get the steps to install and configure the MIM Password Change Notification Service on your domain controller.
keywords:
-author: billmath
-ms.author: billmath
-manager: amycolannino
-ms.date: 09/14/2023
-ms.topic: article
+author: henrymbuguakiarie
+ms.author: henrymbugua
+ms.date: 04/08/2025
+ms.topic: install-set-up-deploy
ms.service: microsoft-identity-manager
ms.assetid: 97edae12-6f86-4f9f-8620-a95a096e482a
diff --git a/MIMDocs/docfx.json b/MIMDocs/docfx.json
index f370e0de..ba497646 100644
--- a/MIMDocs/docfx.json
+++ b/MIMDocs/docfx.json
@@ -52,7 +52,9 @@
"globalMetadata": {
"layout": "Conceptual",
"breadcrumb_path": "/enterprise-mobility/toc.json",
- "feedback_system": "Standard"
+ "feedback_system": "Standard",
+ "author": "billmath",
+ "ms.author": "billmath"
},
"markdownEngineName": "markdig"
}
diff --git a/MIMDocs/identity-manager-hybrid-reporting-azure.md b/MIMDocs/identity-manager-hybrid-reporting-azure.md
deleted file mode 100644
index 55a73d59..00000000
--- a/MIMDocs/identity-manager-hybrid-reporting-azure.md
+++ /dev/null
@@ -1,63 +0,0 @@
----
-# required metadata
-
-title: What is hybrid reporting in Microsoft Entra ID?
-description: Hybrid audit activity reports in Microsoft Entra ID lets you view audited events in both the cloud and on-premises.
-keywords:
-author: billmath
-ms.author: billmath
-manager: amycolannino
-ms.date: 09/14/2023
-ms.topic: article
-ms.service: microsoft-identity-manager
-
-ms.assetid: 7320f014-8b60-4866-92de-cfbd3e6edc48
-
-# optional metadata
-
-#ROBOTS:
-#audience:
-#ms.devlang:
-ms.suite: ems
-#ms.tgt_pltfrm:
-#ms.custom:
-
----
-
-# Hybrid identity management audit reporting in Microsoft Entra ID
-
-With Microsoft Entra audit activity reporting, you can monitor identity management activity either on-premises or in the cloud. By managing all your identity and access data in a single report, you can save time and reduce overall costs.
-
-
-
-## What is Microsoft Entra hybrid reporting?
-
-Hybrid audit reporting helps IT professionals address common identity-management reporting challenges, such as:
-
-- **Collecting identity management activities across different systems**. Hybrid reports show you identity management activity from Microsoft Entra ID and Identity Manager.
-
-- **Exporting reporting data and creating custom reports**. In addition to viewing your reports in the Azure portal, you can export the data to generate your own custom views.
-
-- **Reducing reporting system infrastructure cost**. Hybrid reporting in the cloud means you can help eliminate the costs that are associated with your on-premises, data-warehouse infrastructure.
-
-## How does it work?
-
-To collect the on-premises data, you first install a reporting agent on your Identity Manager 2016 server. [Download the Microsoft Identity Manager Hybrid Reporting Agent](https://www.microsoft.com/download/details.aspx?id=55112).
-
-Hybrid reporting undergoes the following process:
-
-1. After you install the reporting agent, the Identity Manager activity data is sent to Windows Event Log.
-2. The reporting agent processes the delta events every 10 minutes or when the Windows Event Log service restarts. The agent then uploads the events to the Azure portal.
-3. The Azure portal processes the received data within one hour of receiving it.
-4. The activity data is stored in Azure for one month.
-5. The Azure portal retrieves the audit reporting data and displays it in the Azure Audit Reporting window.
-
-## Next steps
-
-Learn more about:
-
-- [Working with Identity Manager Hybrid Reporting](working-with-identity-manager-hybrid-reporting.md)
-- [Audit activity reports in the Microsoft Entra admin center](/azure/active-directory/reports-monitoring/concept-audit-logs)
-- [Reporting retention policies](/azure/active-directory/reports-monitoring/reference-reports-data-retention)
-- [Microsoft Azure log integration (SIEM)](/previous-versions/azure/security/fundamentals/azure-log-integration-overview)
-- [Microsoft Entra reporting API](/azure/active-directory/reports-monitoring/concept-reporting-api)
diff --git a/MIMDocs/index.yml b/MIMDocs/index.yml
index 76111c83..698d6318 100644
--- a/MIMDocs/index.yml
+++ b/MIMDocs/index.yml
@@ -7,7 +7,8 @@ metadata:
description: Learn how to use Microsoft Identity Manager.
ms.topic: landing-page # Required
ms.date: 01/05/2021
- ms.author: billmath
+ ms.author: henrymbugua
+ ms.service: microsoft-identity-manager
# linkListType: architecture | concept | deploy | download | get-started | how-to-guide | learn | overview | quickstart | reference | sample | tutorial | video | whats-new
diff --git a/MIMDocs/infrastructure/mim-service-dynamic-logging.md b/MIMDocs/infrastructure/mim-service-dynamic-logging.md
index 48647a7d..5d0e8719 100644
--- a/MIMDocs/infrastructure/mim-service-dynamic-logging.md
+++ b/MIMDocs/infrastructure/mim-service-dynamic-logging.md
@@ -2,12 +2,12 @@
title: MIM Service Dynamic Logging | Microsoft Docs
description: Enable MIM service dynamic logging without having to restart the management service
-author: billmath
-ms.author: billmath
-manager: amycolannino
-ms.date: 09/14/2023
-ms.topic: article
+author: henrymbuguakiarie
+ms.author: henrymbugua
+ms.date: 04/08/2025
+ms.topic: concept-article
ms.service: microsoft-identity-manager
+ms.custom: sfi-image-nochange
---
diff --git a/MIMDocs/infrastructure/mim2016-password-management.md b/MIMDocs/infrastructure/mim2016-password-management.md
index c84dcddd..0b30d915 100644
--- a/MIMDocs/infrastructure/mim2016-password-management.md
+++ b/MIMDocs/infrastructure/mim2016-password-management.md
@@ -4,10 +4,9 @@
title: Microsoft Identity Manager 2016 Password Management| Microsoft Docs
description: Using Microsoft Identity Manager to manage passwords in an enterprise environment.
keywords:
-author: billmath
-ms.author: billmath
-manager: amycolannino
-ms.date: 09/14/2023
+author: henrymbuguakiarie
+ms.author: henrymbugua
+ms.date: 04/08/2025
ms.topic: reference
ms.service: microsoft-identity-manager
diff --git a/MIMDocs/infrastructure/toc.md b/MIMDocs/infrastructure/toc.md
index 2563ee77..fe3caf46 100644
--- a/MIMDocs/infrastructure/toc.md
+++ b/MIMDocs/infrastructure/toc.md
@@ -2,7 +2,6 @@
## [What is MIM 2016?](../microsoft-identity-manager-2016.md)
### [MIM2016 SP1 PAM deployment scripts](../sp1-deployment-scripts.md)
## [Learn about PAM](../pam/privileged-identity-management-for-active-directory-domain-services.md)
-## [Hybrid reporting in Azure](../identity-manager-hybrid-reporting-azure.md)
# [Plan and Design](../microsoft-identity-manager-2016-supported-platforms.md)
## [Supported platforms](../microsoft-identity-manager-2016-supported-platforms.md)
## [Connect to directories](../supported-management-agents.md)
@@ -11,7 +10,6 @@
## [Plan your PAM deployment](../pam/environment-overview.md)
# [Deploy and Use](../microsoft-identity-manager-deploy.md)
## [Deprecated features](../microsoft-identity-manager-2016-deprecated-features.md)
-### [Using Azure MFA Server in PAM or SSPR](../working-with-mfaserver-for-mim.md)
### [BHOLD installation topics](../bhold/bhold-installation-guide.md)
#### [BHOLD core installation](../bhold/bhold-core-installation.md)
#### [BHOLD attestation installation](../bhold/bhold-attestation-installation.md)
@@ -61,7 +59,7 @@
### [Step 6 - Create privileged accounts](../pam/step-6-transition-group-to-pam.md)
### [Step 7 - Elevate a user's access](../pam/step-7-elevate-user-access.md)
### [Deploy MIM PAM with Windows Server 2016](../pam/deploy-pam-with-windows-server-2016.md)
-### [Set up Azure MFA](../pam/use-azure-mfa-for-activation.md)
+### [Set up custom MFA](../pam/use-azure-mfa-for-activation.md)
## [Configure PAM using scripts](../pam/sp1-pam-configure-using-scripts.md)
### [Step 1 Configuring the Priv domain](../pam/sp1-step1-configuring-priv-domain.md)
### [Step 2 Configuring the CORP domain](../pam/sp1-step2-configuring-corp-domain.md)
diff --git a/MIMDocs/install-mim-service-portal-azure-ad-premium.md b/MIMDocs/install-mim-service-portal-azure-ad-premium.md
index 55c1b579..04f34663 100644
--- a/MIMDocs/install-mim-service-portal-azure-ad-premium.md
+++ b/MIMDocs/install-mim-service-portal-azure-ad-premium.md
@@ -6,12 +6,10 @@ description: Get the steps to configure and install MIM Service and Portal for M
services: active-directory
documentationcenter: ''
keywords: MIM
-author: EugeneSergeev
-ms.author: esergeev
-reviewer: markwahl-msft
-manager: amycolannino
+author: henrymbuguakiarie
+ms.author: henrymbugua
ms.date: 03/18/2021
-ms.topic: article
+ms.topic: install-set-up-deploy
ms.service: microsoft-identity-manager
ms.tgt_pltfrm: na
ms.workload: identity
@@ -20,6 +18,9 @@ ms.assetid: b0b39631-66df-4c5f-90c9-a1774346f816
ms.reviewer: mwahl
ms.suite: ems
+ms.custom:
+ - sfi-ga-nochange
+ - sfi-image-nochange
---
# Install MIM 2016 with SP2: MIM Service and Portal for Microsoft Entra ID P1 or P2 customers
@@ -117,9 +118,7 @@ There is a 30-second delay after the application is registered and a browser win
-After you click Accept button, you will be redirected to Microsoft 365 admin center. You can close the browser window and check the script output. It should look like this:
-
-
+After you click Accept button, you will be redirected to Microsoft 365 admin center. You can close the browser window and check the script output.
Copy ApplicationId, TenantId, and ClientSecret values as they will be needed by the MIM Service and Portal installer.
diff --git a/MIMDocs/install-mim-service-portal.md b/MIMDocs/install-mim-service-portal.md
index 8e154f93..74afdc81 100644
--- a/MIMDocs/install-mim-service-portal.md
+++ b/MIMDocs/install-mim-service-portal.md
@@ -6,12 +6,10 @@ description: Get the steps to configure and install MIM Service and Portal for M
services: active-directory
documentationcenter: ''
keywords: MIM
-author: EugeneSergeev
-ms.author: esergeev
-reviewer: markwahl-msft
-manager: amycolannino
+author: henrymbuguakiarie
+ms.author: henrymbugua
ms.date: 03/18/2021
-ms.topic: article
+ms.topic: install-set-up-deploy
ms.service: microsoft-identity-manager
ms.tgt_pltfrm: na
ms.workload: identity
@@ -20,6 +18,7 @@ ms.assetid: b0b39631-66df-4c5f-80c9-a1774346f816
ms.reviewer: mwahl
ms.suite: ems
+ms.custom: sfi-image-nochange
---
# Install MIM 2016: MIM Service and Portal
diff --git a/MIMDocs/install-mim-sync-ad-service.md b/MIMDocs/install-mim-sync-ad-service.md
index 92764b0d..00a9bf68 100644
--- a/MIMDocs/install-mim-sync-ad-service.md
+++ b/MIMDocs/install-mim-sync-ad-service.md
@@ -4,11 +4,10 @@
title: Use Microsoft Identity Manager Synchronize with AD | Microsoft Docs
description: Use management agents and the MIM Sync Service to sync your Active Directory and MIM databases.
keywords:
-author: billmath
-ms.author: billmath
-manager: amycolannino
-ms.date: 09/14/2023
-ms.topic: conceptual
+author: henrymbuguakiarie
+ms.author: henrymbugua
+ms.date: 04/08/2025
+ms.topic: install-set-up-deploy
ms.service: microsoft-identity-manager
ms.assetid: 5e532b67-64a6-4af6-a806-980a6c11a82d
diff --git a/MIMDocs/install-mim-sync.md b/MIMDocs/install-mim-sync.md
index 53cf026d..6a608473 100644
--- a/MIMDocs/install-mim-sync.md
+++ b/MIMDocs/install-mim-sync.md
@@ -6,9 +6,8 @@ description: Installing and configuring the MIM Synchronization Service.
keywords:
author: billmath
ms.author: billmath
-manager: amycolannino
-ms.date: 09/14/2023
-ms.topic: conceptual
+ms.date: 11/05/2025
+ms.topic: install-set-up-deploy
ms.service: microsoft-identity-manager
ms.assetid: 2585e9c5-ce34-46c7-bdcf-8c08773901dc
@@ -20,6 +19,7 @@ ms.assetid: 2585e9c5-ce34-46c7-bdcf-8c08773901dc
#ms.devlang:
ms.reviewer: markwahl-msft
ms.suite: ems
+ms.custom: sfi-image-nochange
#ms.tgt_pltfrm:
#ms.custom:
diff --git a/MIMDocs/media/73e2b8a3c149a4ec6bacb4db2c749946.jpg b/MIMDocs/media/73e2b8a3c149a4ec6bacb4db2c749946.jpg
index 3718ba08..19452b9f 100644
Binary files a/MIMDocs/media/73e2b8a3c149a4ec6bacb4db2c749946.jpg and b/MIMDocs/media/73e2b8a3c149a4ec6bacb4db2c749946.jpg differ
diff --git a/MIMDocs/media/MIM-Hybrid-passwordreset2.jpg b/MIMDocs/media/MIM-Hybrid-passwordreset2.jpg
index 1ec59638..2d3c7bd5 100644
Binary files a/MIMDocs/media/MIM-Hybrid-passwordreset2.jpg and b/MIMDocs/media/MIM-Hybrid-passwordreset2.jpg differ
diff --git a/MIMDocs/media/MIM-SSPR-keepcurrentorsetnewpwd.JPG b/MIMDocs/media/MIM-SSPR-keepcurrentorsetnewpwd.JPG
index af52086c..eef755a0 100644
Binary files a/MIMDocs/media/MIM-SSPR-keepcurrentorsetnewpwd.JPG and b/MIMDocs/media/MIM-SSPR-keepcurrentorsetnewpwd.JPG differ
diff --git a/MIMDocs/media/MIM-SSPR-pFile.png b/MIMDocs/media/MIM-SSPR-pFile.png
deleted file mode 100644
index 66233c6f..00000000
Binary files a/MIMDocs/media/MIM-SSPR-pFile.png and /dev/null differ
diff --git a/MIMDocs/media/MIM_SSPR_keepcurrentorsetnewpwd.JPG b/MIMDocs/media/MIM_SSPR_keepcurrentorsetnewpwd.JPG
deleted file mode 100644
index af52086c..00000000
Binary files a/MIMDocs/media/MIM_SSPR_keepcurrentorsetnewpwd.JPG and /dev/null differ
diff --git a/MIMDocs/media/MIM_reporting_AADview.jpg b/MIMDocs/media/MIM_reporting_AADview.jpg
deleted file mode 100644
index e16a76ed..00000000
Binary files a/MIMDocs/media/MIM_reporting_AADview.jpg and /dev/null differ
diff --git a/MIMDocs/media/fim-request-email.jpg b/MIMDocs/media/fim-request-email.jpg
deleted file mode 100644
index db220a99..00000000
Binary files a/MIMDocs/media/fim-request-email.jpg and /dev/null differ
diff --git a/MIMDocs/media/how-provision-users-adds/image025.jpg b/MIMDocs/media/how-provision-users-adds/image025.jpg
index 35a5b89f..8adcf2db 100644
Binary files a/MIMDocs/media/how-provision-users-adds/image025.jpg and b/MIMDocs/media/how-provision-users-adds/image025.jpg differ
diff --git a/MIMDocs/media/install-mim-service-portal-azure-ad-premium/final-powershell-script-output.png b/MIMDocs/media/install-mim-service-portal-azure-ad-premium/final-powershell-script-output.png
deleted file mode 100644
index 83bcfc66..00000000
Binary files a/MIMDocs/media/install-mim-service-portal-azure-ad-premium/final-powershell-script-output.png and /dev/null differ
diff --git a/MIMDocs/media/microsoft-identity-manager-2016-graph-b2b-scenario/ce9e23ffe17e3dac79b58bba31cb5a8d.png b/MIMDocs/media/microsoft-identity-manager-2016-graph-b2b-scenario/ce9e23ffe17e3dac79b58bba31cb5a8d.png
index 2126eaf4..d3bf9878 100644
Binary files a/MIMDocs/media/microsoft-identity-manager-2016-graph-b2b-scenario/ce9e23ffe17e3dac79b58bba31cb5a8d.png and b/MIMDocs/media/microsoft-identity-manager-2016-graph-b2b-scenario/ce9e23ffe17e3dac79b58bba31cb5a8d.png differ
diff --git a/MIMDocs/media/microsoft-identity-manager-2016-ma-graph/ce9e23ffe17e3dac79b58bba31cb5a8d.png b/MIMDocs/media/microsoft-identity-manager-2016-ma-graph/ce9e23ffe17e3dac79b58bba31cb5a8d.png
index 2126eaf4..fb7e4af4 100644
Binary files a/MIMDocs/media/microsoft-identity-manager-2016-ma-graph/ce9e23ffe17e3dac79b58bba31cb5a8d.png and b/MIMDocs/media/microsoft-identity-manager-2016-ma-graph/ce9e23ffe17e3dac79b58bba31cb5a8d.png differ
diff --git a/MIMDocs/media/microsoft-identity-manager-2016-ma-graph/connector-settings-connectivity.png b/MIMDocs/media/microsoft-identity-manager-2016-ma-graph/connector-settings-connectivity.png
deleted file mode 100644
index 245ba920..00000000
Binary files a/MIMDocs/media/microsoft-identity-manager-2016-ma-graph/connector-settings-connectivity.png and /dev/null differ
diff --git a/MIMDocs/media/microsoft-identity-manager-2016-ma-graph/new-application-id.png b/MIMDocs/media/microsoft-identity-manager-2016-ma-graph/new-application-id.png
deleted file mode 100644
index 2d0db53d..00000000
Binary files a/MIMDocs/media/microsoft-identity-manager-2016-ma-graph/new-application-id.png and /dev/null differ
diff --git a/MIMDocs/media/mim-azure-monitor-reporting/azure-monitor-1.png b/MIMDocs/media/mim-azure-monitor-reporting/azure-monitor-1.png
new file mode 100644
index 00000000..9101d991
Binary files /dev/null and b/MIMDocs/media/mim-azure-monitor-reporting/azure-monitor-1.png differ
diff --git a/MIMDocs/media/mim-azure-monitor-reporting/azure-monitor-2.png b/MIMDocs/media/mim-azure-monitor-reporting/azure-monitor-2.png
new file mode 100644
index 00000000..e19c8fca
Binary files /dev/null and b/MIMDocs/media/mim-azure-monitor-reporting/azure-monitor-2.png differ
diff --git a/MIMDocs/media/mim-azure-monitor-reporting/azure-monitor-3.png b/MIMDocs/media/mim-azure-monitor-reporting/azure-monitor-3.png
new file mode 100644
index 00000000..589dfb42
Binary files /dev/null and b/MIMDocs/media/mim-azure-monitor-reporting/azure-monitor-3.png differ
diff --git a/MIMDocs/media/mim-privacy-compliance/mim-privacy-compliance.PNG b/MIMDocs/media/mim-privacy-compliance/mim-privacy-compliance.PNG
index 6423a9b3..37722aa1 100644
Binary files a/MIMDocs/media/mim-privacy-compliance/mim-privacy-compliance.PNG and b/MIMDocs/media/mim-privacy-compliance/mim-privacy-compliance.PNG differ
diff --git a/MIMDocs/microsoft-identity-manager-2016-connector-graph.md b/MIMDocs/microsoft-identity-manager-2016-connector-graph.md
index d5db1ab7..0031f8d3 100644
--- a/MIMDocs/microsoft-identity-manager-2016-connector-graph.md
+++ b/MIMDocs/microsoft-identity-manager-2016-connector-graph.md
@@ -2,16 +2,16 @@
title: "The Microsoft Identity Manager connector for Microsoft Graph | Microsoft Docs"
description: Microsoft Identity Manager connector for Microsoft Graph enables external user AD account lifecycle management. In this scenario, an organization has invited guests into their Microsoft Entra directory, and wishes to give those guests access to on-premises Windows-Integrated Authentication or Kerberos-based applications
keywords:
-author: EugeneSergeev
-ms.author: esergeev
-reviewer: markwahl-msft
-manager: amycolannino
+author: henrymbuguakiarie
+ms.author: henrymbugua
ms.date: 3/29/2024
-ms.topic: article
-ms.custom: has-azure-ad-ps-ref
+ms.topic: how-to
ms.service: microsoft-identity-manager
ms.assetid: 94a74f1c-2192-4748-9a25-62a526295338
+ms.custom:
+ - has-azure-ad-ps-ref
+ - sfi-image-nochange
---
# Microsoft Identity Manager connector for Microsoft Graph
@@ -20,7 +20,7 @@ ms.assetid: 94a74f1c-2192-4748-9a25-62a526295338
The [Microsoft Identity Manager connector for Microsoft Graph](https://go.microsoft.com/fwlink/?LinkId=717495)
- enables additional integration scenarios for Microsoft Entra ID P1 or P2 customers. It surfaces in the MIM sync metaverse additional objects obtained from the [Microsoft Graph API](https://developer.microsoft.com/en-us/graph/) v1 and beta.
+ enables additional integration scenarios for Microsoft Entra ID P1 or P2 customers. It surfaces in the MIM sync metaverse additional objects obtained from the [Microsoft Graph API](https://developer.microsoft.com/en-us/graph/) v1 and beta.
## Scenarios covered
@@ -32,54 +32,55 @@ The initial scenario for the Microsoft Identity Manager connector for Microsoft
management for external users. In this scenario, an organization is synchronizing employees to Microsoft Entra ID from AD DS using Microsoft Entra Connect, and has also invited guests into their Microsoft Entra directory. Inviting a guest results in an external user object being in that organization's Microsoft Entra directory, which isn't in that organization's AD DS. Then the organization wishes to give those guests access to on-premises Windows Integrated Authentication or Kerberos-based applications, via the [Microsoft Entra application proxy](/azure/active-directory/app-proxy/application-proxy-add-on-premises-application)
or other gateway mechanisms. The Microsoft Entra application proxy requires each user to have their own AD DS account, for identification and delegation purposes.
-To learn how to configure MIM sync to automatically create and maintain AD DS accounts for guests, after reading the instructions in this article, continue reading in the article [Microsoft Entra business-to-business (B2B) collaboration with MIM 2016 and the Microsoft Entra application proxy](~/microsoft-identity-manager-2016-graph-b2b-scenario.md). That article illustrates the sync rules needed for the connector.
+To learn how to configure MIM sync to automatically create and maintain AD DS accounts for guests, after reading the instructions in this article, continue reading in the article [Microsoft Entra business-to-business (B2B) collaboration with MIM 2016 and the Microsoft Entra application proxy](~/microsoft-identity-manager-2016-graph-b2b-scenario.md). That article illustrates the sync rules needed for the connector.
+
+### Migration of identity attributes from MIM to Microsoft Entra
+
+You can use the MIM Graph Connector as part of a migration strategy to move users and groups and their attributes from MIM to Microsoft Entra. For example, if you have been managing groups in MIM using the MIM Portal for self-service or dynamic group membership calculation, you could provision those groups from MIM Sync to Microsoft Entra as cloud groups, and then subsequently remove those groups from MIM.
+
### Other identity management scenarios
-The connector can be used for other specific identity management scenarios involving create, read, update and delete of user, group and contact objects in Microsoft Entra ID, beyond user and group synchronization to Microsoft Entra ID. When evaluating potential scenarios, please keep in mind: this connector can't be operated in a scenario, which would result in a data flow overlap, actual or potential synchronization conflict with a Microsoft Entra Connect deployment. [Microsoft Entra Connect](https://www.microsoft.com/en-us/download/details.aspx?id=47594) is the recommended approach to integrate on-premises directories with Microsoft Entra ID, by synchronizing users and groups from on-premises directories to Microsoft Entra ID. Microsoft Entra Connect has many more synchronization features and enables scenarios such as password and device writeback, which aren't possible for objects created by MIM. If data is being brought into AD DS, for example, ensure that it's excluded from Microsoft Entra Connect attempting to match those objects back to the Microsoft Entra directory. Nor can this connector be used to make changes to Microsoft Entra objects, which were created by Microsoft Entra Connect.
+The connector can be used for other specific identity management scenarios for create, read, update and delete operations of user, group and contact objects in Microsoft Entra ID, beyond user and group synchronization to Microsoft Entra ID. When evaluating potential scenarios, keep in mind that this connector can't be operated in a scenario, which would result in a data flow overlap, actual or potential synchronization conflict with a Microsoft Entra Connect deployment. [Microsoft Entra Connect](https://www.microsoft.com/en-us/download/details.aspx?id=47594) is the recommended approach to integrate on-premises directories with Microsoft Entra ID, by synchronizing users and groups from on-premises directories to Microsoft Entra ID. Microsoft Entra Connect has many more synchronization features and enables scenarios such as password and device writeback, which aren't possible for objects created by MIM. If data is being brought into AD DS, for example, ensure that it's excluded from Microsoft Entra Connect attempting to match those objects back to the Microsoft Entra directory. Nor can this connector be used to make changes to Microsoft Entra objects, which were created by Microsoft Entra Connect.
-## Preparing to use the Connector for Microsoft Graph
+## Prepare to use the Connector for Microsoft Graph
-### Authorizing the connector to retrieve or manage objects in your Microsoft Entra directory
+### Authorize the connector to retrieve or manage objects in your Microsoft Entra directory
-1. The connector requires a Web app / API application to be created in Microsoft Entra ID, so that it can be authorized with appropriate permissions to operate on Microsoft Entra objects through Microsoft Graph.
+1. The connector requires a service principal, a Web app / API application, to be created in Microsoft Entra ID, so that it can be authorized with appropriate permissions to operate on Microsoft Entra objects through Microsoft Graph.
Picture 1. New application registration
-2. In the Azure portal, open the created application, and save the Application ID, as a Client ID to use later on the MA’s connectivity page:
-
- 
-
- Picture 2. Application ID
+1. In the Microsoft Entra portal, open the created application, and save the Application ID, as a Client ID to use later on the MA’s connectivity page:
-3. Generate new Client Secret by opening *Certificates & secrets*. Set some Key description and select the maximum duration. Save changes and retrieve the client secret. The client secret value won't be available to view again after leaving the page.
+1. Generate a new Client Secret by opening *Certificates & secrets*. Set a Key description and select the maximum duration. Save changes and retrieve the client secret. The client secret value won't be available to view again after leaving the page.
- Picture 3. New Client Secret
+ Picture 2. New Client Secret
-4. Grant proper 'Microsoft Graph' permissions to the application by opening "API Permissions"
+1. Grant the necessary 'Microsoft Graph' permissions for the scenario to the application by opening "API Permissions".
- Picture 4. Add new API
+ Picture 3. Add new API
Select 'Microsoft Graph' Application permissions.
- Revoke all unneeded permissions.
+ Revoke any already-existing unneeded permissions.
- The following permission should be added to the application to allow it to use the “Microsoft Graph API”, depending on the scenario:
+ The following permission should be added to the application to allow it to use the Microsoft Graph API, depending on the scenario:
| Operation with object | Permission required | Permission type |
|-----------------------|--------------------------------------------------------------------------------------|-----------------|
@@ -89,69 +90,62 @@ The connector can be used for other specific identity management scenarios invol
More details about required permissions could be found in the [permissions reference](/graph/permissions-reference).
->[!NOTE]
->**Application.Read.All** permission is mandatory for schema detection and must be granted regardless of the object type connector will be working with.
+ >[!NOTE]
+ >**Application.Read.All** permission is mandatory for schema detection and must be granted regardless of the object type connector will be working with.
-5. Grant admin consent for selected permissions.
+1. Grant admin consent for selected permissions.
-## Installing the connector
+## Install the connector
-6. Before you install the Connector, make sure you have the following on the synchronization server:
+1. Before you install the Connector, make sure you have the following on the synchronization server:
- - Microsoft .NET 4.6.2 Framework or later
- - Microsoft Identity Manager 2016 SP2, and must use hotfix 4.4.1642.0 [KB4021562](https://www.microsoft.com/en-us/download/details.aspx?id=55794) or later.
+ - Microsoft .NET 4.6.2 Framework or later
+ - Microsoft Identity Manager 2016 SP2, and must use hotfix 4.4.1642.0 [KB4021562](https://www.microsoft.com/en-us/download/details.aspx?id=55794) or later.
-7. The connector for Microsoft Graph, in addition to other connectors for Microsoft Identity Manager 2016 SP2, is available as a download from the
+1. The connector for Microsoft Graph, in addition to other connectors for Microsoft Identity Manager 2016 SP2, is available as a download from the
[Microsoft Download Center](https://www.microsoft.com/en-us/download/details.aspx?id=51495).
-8. Restart MIM Synchronization Service.
+1. Restart MIM Synchronization Service.
-## Connector configuration
-
-
-
-9. In the Synchronization Service Manager UI, select **Connectors** and **Create**.
-Select **Graph (Microsoft)**, create a connector and give it a descriptive name.
-
-
+## Configure the connector
-10. In the MIM synchronization service UI, specify the Application ID and generated Client Secret. Each management agent configured in MIM Sync should have its own application in Microsoft Entra ID to avoid running import in parallel for the same application.
+1. In the Synchronization Service Manager UI, select **Connectors** and **Create**. Select **Graph (Microsoft)**, create a connector and give it a descriptive name.
-
+ 
-Picture 5. Connectivity page
+1. In the MIM synchronization service UI, specify the Application ID and generated Client Secret. Each management agent configured in MIM Sync should have its own application in Microsoft Entra ID, as you won't be able to run multiple imports in parallel for the same application.
-The connectivity page (Picture 5) contains the Graph API version that is used
-and tenant name. The Client ID and Client Secret represent the Application ID and
-Key value of the application that was previously created in Microsoft Entra ID.
+ The connectivity page specifies the Graph API version that is to be used
+ and the tenant domain name. The Client ID and Client Secret represent the Application ID and
+ Key value of the application that was previously created in Microsoft Entra ID.
-The connector defaults to the v1.0 and the login and graph endpoints of the Microsoft Graph global service. If your tenant is in a national cloud, then you'll need to change your configuration to use the [endpoints for the national cloud](/graph/deployments#microsoft-graph-and-graph-explorer-service-root-endpoints). Note that certain features of Graph that are in the global service might not be available in all of the national clouds.
+ The connector defaults to the v1.0 and the login and graph endpoints of the Microsoft Graph global service. If your tenant is in a national cloud, then you'll need to change your configuration to use the [endpoints for the national cloud](/graph/deployments#microsoft-graph-and-graph-explorer-service-root-endpoints). Note that certain features of Graph that are in the global service might not be available in all of the national clouds.
-11. Make any necessary changes on the Global Parameters page:
+1. Make any necessary changes on the Global Parameters page:
-
+ 
-Picture 6. Global Parameters page
+ Picture 5. Global Parameters page
-Global parameters page contains the following settings:
+ Global parameters page contains the following settings:
-- DateTime format – format that is used for any attribute with Edm.DateTimeOffset type. All dates are converted to string by using that format during the import. Set format is applied for any attribute, which
+ - DateTime format – format that is used for any attribute with Edm.DateTimeOffset type. All dates are converted to string by using that format during the import. Set format is applied for any attribute, which
saves date.
- - HTTP timeout (seconds) – timeout in seconds that will be used during each HTTP call to Graph.
+ - HTTP timeout (seconds) – timeout in seconds that will be used during each HTTP call to Graph.
- - Force change password for created user at next sign – this option is used for new user that will be created during the export. If option is enabled, then [forceChangePasswordNextSignIn](https://developer.microsoft.com/en-us/graph/docs/api-reference/v1.0/resources/passwordprofile) property will be set to true, otherwise it will be false.
+ - Force change password for created user at next sign – this option is used for new user that will be created during the export. If option is enabled, then [forceChangePasswordNextSignIn](https://developer.microsoft.com/en-us/graph/docs/api-reference/v1.0/resources/passwordprofile) property will be set to true, otherwise it will be false.
-## Configuring the connector schema and operations
+## Configure the connector schema and operations
-12. Configure the schema. The connector supports the following list of object types when used with the Graph v1.0 endpoint:
+Next, configure the schema. The connector supports the following list of object types when used with the Graph v1.0 endpoint:
- User
@@ -182,10 +176,10 @@ The list of attribute types that are supported:
Multivalued attributes (Collection) are also supported for any of a type from the list above.
-The connector uses the ‘`id`’ attribute for anchor and DN for all objects. Therefore, rename isn't needed, because Graph API doesn't allow an object to change its `id` attribute.
+The connector uses the `id` attribute for anchor and DN for all objects. Therefore, rename isn't needed, because Graph API doesn't allow an object to change its `id` attribute.
-## Access token lifetime
+## Plan for access token lifetime
A Graph application requires an access token for accessing the Graph API. A connector
@@ -196,23 +190,23 @@ page size). For example:
- Page size configured in connector is 5000
-In this case there will be two iterations during the import, each of them will return 5000 objects to Sync. So, a new access token will be request twice.
+In this case there will be two iterations during the import, each of them will return 5000 objects to Sync. So, a new access token will be requested twice.
-During the export a new access token will be requested for each object that must be added/updated/deleted.
+During the export, a new access token will be requested for each object that must be added/updated/deleted.
-## Query filters
+## Configure Query filters
-Graph API endpoints offer an ability to limit amount of objects returned by GET queries by introducing *$filter* parameter.
+Graph API endpoints offer an ability to limit the number of objects returned by GET queries by introducing the *$filter* parameter.
In order to enable the use of query filters to improve full import performance cycle, on the *Schema 1* page of connector properties, enable **Add objects filter** checkbox.
-After that, on *Schema 2* page type an expression to be used to filter users, groups, contacts or service principals.
+After that, on *Schema 2* page type an expression to be used to filter users, groups, contacts, or service principals.
-On the screenshot above, the filter *startsWith(displayName,'J')* is set to read only users whose displayName attribute value starts with 'J'.
+On the screenshot above, the filter `startsWith(displayName,'J')` is set to read only users whose `displayName` attribute value starts with `J`.
Make sure that the attribute used in filter expression is selected in connector properties.
@@ -222,7 +216,7 @@ Make sure that the attribute used in filter expression is selected in connector
For more information about *$filter* query parameter usage, see this article: [Use query parameters to customize responses](/graph/query-parameters#filter-parameter).
>[!NOTE]
->Delta query endpoint currently doesn't offer filtering capabilities, therefore usage of filters is limited to full import only. you'll get an error trying to start delta import run with query filters enabled.
+>Delta query endpoint currently doesn't offer filtering capabilities, therefore usage of filters is limited to full import only. You'll get an error trying to start delta import run with query filters enabled.
## Troubleshooting
@@ -244,20 +238,18 @@ DateTime, Timestamp, Callstack" />
```
>[!NOTE]
->If ‘Run this management agent in a separate process’ is enabled, then
+>If `Run this management agent in a separate process` is enabled, then
`dllhost.exe.config` should be used instead of `miiserver.exe.config`.
**Access token expired error**
-Connector might return HTTP error 401 Unauthorized, message “Access token has
-expired.”:
+Connector might return HTTP error 401 Unauthorized, message `Access token has expired.`:
-Picture 7. “Access token has expired.” Error
+Picture 6. `Access token has expired.` Error
-The cause of this issue might be configuration of access token lifetime from the
-Azure side. By default, the access token expires after 1 hour. To increase expiration time, see [this article](/azure/active-directory/develop/active-directory-configurable-token-lifetimes).
+The cause of this issue might be configuration of access token lifetime in Microsoft Entra. By default, the access token expires after 1 hour. To increase expiration time, see [this article](/azure/active-directory/develop/active-directory-configurable-token-lifetimes).
Example of this using [Azure AD PowerShell Module Public Preview release](https://www.powershellgallery.com/packages/AzureADPreview)
diff --git a/MIMDocs/microsoft-identity-manager-2016-deprecated-features.md b/MIMDocs/microsoft-identity-manager-2016-deprecated-features.md
index 358e9481..6c36c704 100644
--- a/MIMDocs/microsoft-identity-manager-2016-deprecated-features.md
+++ b/MIMDocs/microsoft-identity-manager-2016-deprecated-features.md
@@ -4,10 +4,9 @@
title: MIM Deprecated Features And Planning For The Future
description: This article documents deprecated features of the MIM Identity Manager 2016 SP2.
keywords:
-author: billmath
-ms.author: billmath
-manager: amycolannino
-ms.date: 4/30/2024
+author: henrymbuguakiarie
+ms.author: henrymbugua
+ms.date: 04/08/2025
ms.topic: reference
ms.service: microsoft-identity-manager
@@ -17,7 +16,7 @@ ms.assetid:
# Deprecated Features and planning for the future
-This article describes the deprecated features of Microsoft Identity Manager 2016 SP2. Where the feature is still present in Microsoft Identity Manager, it is still supported, except where the feature is dependent upon an underlying platform, interface, or separate component that is no longer supported. Deprecated features are not recommended for new deployments, as they may be removed in a future hotfix or service pack release. For developers, we recommend not utilizing deprecated features in any new applications or solutions.
+This article describes the deprecated features of Microsoft Identity Manager 2016 SP2. Where the feature is still present in Microsoft Identity Manager, it's still supported, except where the feature is dependent upon an underlying platform, interface, or separate component that is no longer supported. Deprecated features aren't recommended for new deployments, as they may be removed in a future hotfix or service pack release. For developers, we recommend not utilizing deprecated features in any new applications or solutions.
> [!NOTE]
>
@@ -25,7 +24,7 @@ This article describes the deprecated features of Microsoft Identity Manager 201
## BHOLD
-Microsoft does not recommend customers start new deployments of the Microsoft BHOLD Suite components. For some modules, the underlying component is no longer supported.
+Microsoft doesn't recommend customers start new deployments of the Microsoft BHOLD Suite components. For some modules, the underlying component is no longer supported.
The BHOLD Model Generator, BHOLD Analytics, and BHOLD FIM Integration modules have a dependency on Microsoft Silverlight. Microsoft Silverlight reached its end of support on October 12, 2021. For more information, see [Silverlight End of Support](https://support.microsoft.com/windows/silverlight-end-of-support-0a3be3c7-bead-e203-2dfd-74f0a64f1788). Those BHOLD Suite modules that required Silverlight should no longer be used. Customers with an existing BHOLD deployment of one or more of those modules should uninstall those modules from their BHOLD server computers. Also, they should uninstall Silverlight from any user computers that were previously interacting with that BHOLD deployment.
@@ -33,7 +32,7 @@ Microsoft Entra ID now provides [access reviews](/azure/active-directory/active-
## Service and Portal
-Do not deploy MIM Service or Portal on Windows Server 2008 R2, or use SQL Server 2008 R2 as the underlying database, as these platforms are no longer in mainstream support. Deploying MIM Portal on SharePoint Foundation 2010 is deprecated.
+Don't deploy MIM Service or Portal on Windows Server 2008 R2, or use SQL Server 2008 R2 as the underlying database, as these platforms are no longer in mainstream support. Deploying MIM Portal on SharePoint Foundation 2010 is deprecated.
| **Category** | **Deprecated Feature** | **Comment** |
|-----------------------------|-------------------------------------|----------------------------------------------|
@@ -48,12 +47,23 @@ Do not deploy MIM Service or Portal on Windows Server 2008 R2, or use SQL Server
> [!IMPORTANT]
> In September 2022, Microsoft announced deprecation of Azure Multi-Factor Authentication Server. Beginning September 30, 2024, Azure Multi-Factor Authentication Server deployments no longer service multifactor authentication (MFA) requests. Customers of Azure Multi-Factor Authentication Server, for MIM SSPR or MIM PAM approvals, must move to instead use either custom MFA providers, or Windows Hello or smartcard-based authentication in AD.
+## Hybrid reporting
+
+The MIM hybrid reporting feature, introduced with Microsoft Identity Manager (MIM) 2016, is deprecated. This feature allowed the MIM hybrid reporting agent to send event logs from the MIM service to Microsoft Entra, enabling reports for password reset using self-service password reset (SSPR) and self-service group management (SSGM) in the Microsoft Entra audit log. This is replaced by using Azure Arc agent to send those event logs to Azure Monitor, as this allows more flexible reports. As of November 2025, the cloud endpoints used by the MIM hybrid reporting agent will no longer be available, and customers should transition to Azure Monitor or similar. Other MIM and Entra ID Connect Health capabilities are unaffected by this deprecation.
+
+For more information, see [Microsoft Identity Manager 2016 reporting with Azure Monitor](mim-azure-monitor-reporting.md).
+
## Connectors and Management Agents
-The following MAs were removed in MIM 2016: 1. MA for FIM Certificate Management 2. MA for Lotus Notes 3. MA for SAP R/3 The Lotus Notes and SAP R/3 MAs were replaced with new connectors. For more information, see [Latest Connector Version Release History & Download](/azure/active-directory/connect/active-directory-aadconnectsync-connector-version-history).
+The following MAs were removed in MIM 2016:
+
+- MA for FIM Certificate Management
+- MA for Lotus Notes
+- MA for SAP R/3
+- The Windows Azure AD Connector for FIM
+
+The Lotus Notes and SAP R/3 MAs were replaced with new connectors. For more information, see [Latest Connector Version Release History & Download](/azure/active-directory/connect/active-directory-aadconnectsync-connector-version-history).
-> [!IMPORTANT]
-> The Windows Azure AD Connector for FIM is deprecated. The solution of using FIM and this connector for Microsoft Entra has been superseded. Existing deployments must migrate to [Microsoft Entra Connect](https://azure.microsoft.com/documentation/articles/active-directory-aadconnect), Microsoft Entra Connect Sync, or the [Microsoft Graph Connector](microsoft-identity-manager-2016-connector-graph.md), as described in [how to migrate from the FIM Connector](migrate-from-the-fim-connector-for-azure-active-directory.md). The internal interfaces used by the Windows Azure AD Connector for FIM were removed from Microsoft Entra ID, and the Windows Azure AD Connector cannot connect with Microsoft Entra ID as of April 2024.
## Synchronization Service
@@ -63,19 +73,19 @@ The ECMA1/XMA extensibility framework has been replaced by ECMA 2.0. Updating ex
| **Category** | **Deprecated Feature** | **Comment** |
|-----------------------------|-------------------------------------|----------------------------------------------|
-| Management Agents | Running Connectors out-of-proc | The synchronization service will always call the connector in the same process. It is the responsibility of the connector to start and manage the other process. |
+| Management Agents | Running Connectors out-of-proc | The synchronization service will always call the connector in the same process. It's the responsibility of the connector to start and manage the other process. |
| Management Agents | Configure partition display name | This option was only used to provide an alternative name for a partition in the WMI interfaces. |
-| Run profiles | Combined profiles | The combined profiles delta import/sync, full import/delta sync, and full import/sync may be removed. Use run profiles with two steps instead.
+| Run profiles | Combined profiles | The combined profiles delta import/sync, full import/delta sync, and full import/sync are no longer supported.
> [!NOTE]
> You should keep combined run profiles only in environments where the performance would be impacted by a large number of existing disconnectors.
| **Category** | **Deprecated Feature** | **Comment** |
|-----------------------------|-------------------------------------|----------------------------------------------|
-| Attribute Precedence | Multi- mastery/equal precedence | Equal precedence may be removed. You should configure manual precedence instead. You can continue to use this feature if your environment has a FIM Service management agent deployed. This management agent does not provide manual precedence to avoid export-not-precedent for declarative provisioning. |
-| Join Rules | Join on "Any" object type | All join rules should explicitly define the metaverse object type they are trying to join to. |
+| Attribute Precedence | Multi- mastery/equal precedence | Equal precedence may be removed. You should configure manual precedence instead. You can continue to use this feature if your environment has a FIM Service management agent deployed. This management agent doesn't provide manual precedence to avoid export-not-precedent for declarative provisioning. |
+| Join Rules | Join on "Any" object type | All join rules should explicitly define the metaverse object type they're trying to join to. |
| Attribute flows | Unselect "allow nulls" for exported values | "Allow Nulls" will always be selected, so make sure that you have "Allow Nulls" selected in your current environment. |
-| Attribute flows | "Do not recall attributes" | Attributes will always be recalled, which is the best practice. |
+| Attribute flows | "Don't recall attributes" | Attributes will always be recalled, which is the best practice. |
| Rules Extension | Running metaverse and ma rules extension out- of-proc | The metaverse and attribute flow rules will run in the same process as the synchronization engine. |
| Rules Extension | Transaction properties | Avoid passing data between inbound, provisioning, and outbound synchronization using this utility class. |
| Rules Extension | ExchangeUtils: Create55\* methods | The methods to create objects for Exchange 5.5 servers may be removed. |
@@ -83,7 +93,7 @@ The ECMA1/XMA extensibility framework has been replaced by ECMA 2.0. Updating ex
## Certificate Management
-Do not deploy MIM CM on Windows Server 2008 R2, or use SQL Server 2008 R2 as the underlying database, as those platforms are out of support.
+Don't deploy MIM CM on Windows Server 2008 R2, or use SQL Server 2008 R2 as the underlying database, as those platforms are out of support.
The MIM CM bulk client is not recommended for new deployments.
diff --git a/MIMDocs/microsoft-identity-manager-2016-gmsa.md b/MIMDocs/microsoft-identity-manager-2016-gmsa.md
index 015c7ffd..91249b5e 100644
--- a/MIMDocs/microsoft-identity-manager-2016-gmsa.md
+++ b/MIMDocs/microsoft-identity-manager-2016-gmsa.md
@@ -1,12 +1,13 @@
---
title: "Convert Microsoft Identity Manager-specific services to gMSA | Microsoft Docs"
description: This article presents the prerequisites and basic steps for configuring a group Managed Service Account (gMSA).
-author: EugeneSergeev
-ms.author: esergeev
-manager: amycolannino
+author: henrymbuguakiarie
+ms.author: henrymbugua
+
ms.date: 03/10/2020
-ms.topic: article
+ms.topic: how-to
ms.service: microsoft-identity-manager
+ms.custom: sfi-image-nochange
---
diff --git a/MIMDocs/microsoft-identity-manager-2016-gmsascript.md b/MIMDocs/microsoft-identity-manager-2016-gmsascript.md
index cc46f74e..2074a850 100644
--- a/MIMDocs/microsoft-identity-manager-2016-gmsascript.md
+++ b/MIMDocs/microsoft-identity-manager-2016-gmsascript.md
@@ -1,11 +1,10 @@
---
title: "Updating MIM Specific Services accounts for notification and approvals when gMSA is enabled | Microsoft Docs"
description: Topic describing the basic steps to configure gMSA.
-author: billmath
-ms.author: billmath
-manager: amycolannino
-ms.date: 09/14/2023
-ms.topic: article
+author: henrymbuguakiarie
+ms.author: henrymbugua
+ms.date: 04/08/2025
+ms.topic: how-to
ms.service: microsoft-identity-manager
---
diff --git a/MIMDocs/microsoft-identity-manager-2016-graph-b2b-scenario.md b/MIMDocs/microsoft-identity-manager-2016-graph-b2b-scenario.md
index 1f519c4e..3b20611e 100644
--- a/MIMDocs/microsoft-identity-manager-2016-graph-b2b-scenario.md
+++ b/MIMDocs/microsoft-identity-manager-2016-graph-b2b-scenario.md
@@ -1,16 +1,17 @@
---
title: "Configuring the Microsoft Identity Manager connector for Microsoft Graph for B2B| Microsoft Docs"
-author: billmath
+author: henrymbuguakiarie
-description: Microsoft Graph connector is external user AD account lifecycle management. In this scenario, an organization has invited guests into their Microsoft Entra directory, and wishes to give those guests access to on-premises Windows-Integrated Authentication or Kerberos-based applications
+description: Microsoft Graph connector is external user AD account lifecycle management. In this scenario, an organization invites guests into their Microsoft Entra directory, and wishes to give those guests access to on-premises Windows-Integrated Authentication or Kerberos-based applications
keywords:
-ms.author: billmath
-manager: amycolannino
-ms.date: 09/14/2023
-ms.topic: article
+ms.author: henrymbugua
+
+ms.date: 04/08/2025
+ms.topic: how-to
ms.service: microsoft-identity-manager
ms.assetid: 94a74f1c-2192-4748-9a25-62a526295338
+ms.custom: sfi-image-nochange
---
@@ -18,24 +19,24 @@ Microsoft Entra business-to-business (B2B) collaboration with Microsoft Identity
============================================================================================================================
The initial scenario is external user AD account lifecycle
-management. In this scenario, an organization has invited guests into their Microsoft Entra directory, and wishes to give those guests access to on-premises Windows-Integrated Authentication or Kerberos-based applications, via the [Microsoft Entra application proxy](/azure/active-directory/app-proxy/application-proxy-add-on-premises-application) or other gateway mechanisms. The Microsoft Entra application proxy requires each user to have their own AD DS account, for identification and delegation purposes.
+management. In this scenario, an organization invites guests into their Microsoft Entra directory, and wishes to give those guests access to on-premises Windows-Integrated Authentication or Kerberos-based applications. This access is provided through [Microsoft Entra application proxy](/azure/active-directory/app-proxy/application-proxy-add-on-premises-application) or other gateway mechanisms. The Microsoft Entra application proxy requires each user to have their own AD DS account, for identification and delegation purposes.
## Scenario-Specific Guidance
A few assumptions made in the configuration of B2B with MIM and Microsoft Entra ID
Application Proxy:
-- You have already deployed an on-premises AD, and Microsoft Identity Manager is installed and basic configuration of MIM Service, MIM Portal, Active Directory Management Agent (AD MA) and FIM Management Agent (FIM MA). For more information, see [Deploy Microsoft Identity Manager 2016 SP2](./microsoft-identity-manager-deploy.md).
+- You have an on-premises Active Directory deployed, and Microsoft Identity Manager (MIM) is installed. The MIM Service, MIM Portal, Active Directory Management Agent (AD MA), and FIM Management Agent (FIM MA) are configured with basic settings. For more information, see [Deploy Microsoft Identity Manager 2016 SP2](./microsoft-identity-manager-deploy.md).
-- You have already followed the instructions in the article on how to download and install the [Graph connector](microsoft-identity-manager-2016-connector-graph.md).
+- You follow the instructions in the article to download and install the [Graph connector](microsoft-identity-manager-2016-connector-graph.md).
-- You have Microsoft Entra Connect configured for synchronizing users and groups to Microsoft Entra ID.
+- You have Microsoft Entra Connect configured for synchronizing users and groups to Microsoft Entra ID.
-- You have already set up Application Proxy connectors and connector groups. If not, see [Tutorial: Add an on-premises application for remote access through Application Proxy in Microsoft Entra ID](/azure/active-directory/app-proxy/application-proxy-add-on-premises-application#install-and-register-a-connector) to install and configure.
+- You set up Application Proxy connectors and connector groups. If not, see [Tutorial: Add an on-premises application for remote access through Application Proxy in Microsoft Entra ID](/azure/active-directory/app-proxy/application-proxy-add-on-premises-application#install-and-register-a-connector) to install and configure.
-- You have already published one or more applications, which rely on Windows Integrated Authentication or individual AD accounts via Microsoft Entra application proxy.
+- You publish one or more applications, which rely on Windows Integrated Authentication or individual AD accounts via Microsoft Entra application proxy.
-- You have invited or you invite one or more guests, that have resulted in one or more users being created in Microsoft Entra ID. For more information, see [Self-service for Microsoft Entra B2B collaboration sign-up](/azure/active-directory/active-directory-b2b-self-service-portal).
+- One or more guests are invited, resulting in one or more users being created in Microsoft Entra ID. For more information, see [Self-service for Microsoft Entra B2B collaboration sign-up](/azure/active-directory/active-directory-b2b-self-service-portal).
## B2B End to End Deployment Example scenario
@@ -45,25 +46,21 @@ Contoso Pharmaceuticals works with Trey Research Inc. as part of their R&D
Department. Trey Research employees need to access the research reporting
application provided by Contoso Pharmaceuticals.
-- Contoso Pharmaceuticals are in their own tenant, to have
- configured a custom domain.
+- Contoso Pharmaceuticals exists in its own tenant with a custom domain configured.
-- Someone has invited an external user to the Contoso Pharmaceuticals tenant.
- This user has accepted the invitation and can access resources that are
- shared.
+- Someone invites an external user to the Contoso Pharmaceuticals tenant. The invitation is accepted, and the user can access shared resources.
-- Contoso Pharmaceuticals has published an application via App Proxy. In this scenario, the example application is
- the MIM Portal. This would enable a guest user to participate in MIM processes, for example in help desk scenarios or to request access to groups in MIM.
+- Contoso Pharmaceuticals publish an application via App Proxy. In this scenario, the example application is the MIM Portal. This would enable a guest user to participate in MIM processes, for example in help desk scenarios or to request access to groups in MIM.
## Configure AD and Microsoft Entra Connect to exclude users added from Microsoft Entra ID
-By default, Microsoft Entra Connect will assume that non-admin users in Active Directory need to be synchronized into Microsoft Entra ID. If Microsoft Entra Connect finds an existing user in Microsoft Entra ID that matches the user from on-premises AD, Microsoft Entra Connect will match the two accounts and assume that this is an earlier synchronization of the user, and make the on-premises AD authoritative. However, this default behavior is not suitable for the B2B flow, where the user account originates in Microsoft Entra ID.
+By default, Microsoft Entra Connect assumes that non-admin users in Active Directory synchronize into Microsoft Entra ID. If Microsoft Entra Connect finds an existing user in Microsoft Entra ID that matches the user from on-premises AD, it matches the two accounts. The program treats this as a previous synchronization and makes the on-premises AD authoritative. However, this default behavior isn't suitable for the B2B flow, where the user account originates in Microsoft Entra ID.
-Therefore, the users brought into AD DS by MIM from Microsoft Entra ID need to be stored in a way that Microsoft Entra ID will not attempt to synchronize those users back to Microsoft Entra ID.
-One way to do this is to create a new organizational unit in AD DS, and configure Microsoft Entra Connect to exclude that organizational unit.
+Users brought into AD DS by MIM from Microsoft Entra ID must be stored so that Microsoft Entra ID doesn't synchronize them back.
+One way to do this is to create a new organizational unit in AD DS, and configure Microsoft Entra Connect to exclude that organizational unit.
For more information, see [Microsoft Entra Connect Sync: Configure filtering](/azure/active-directory/hybrid/how-to-connect-sync-configure-filtering).
@@ -71,8 +68,8 @@ For more information, see [Microsoft Entra Connect Sync: Configure filtering](/a
## Create the Microsoft Entra application
-Note: Before creating in MIM Sync the management agent for the graph connector, make sure you have reviewed the guide to deploying the [Graph Connector](microsoft-identity-manager-2016-connector-graph.md), and created an application with a client ID and secret.
-Ensure that the application has been authorized for least one of these permissions: `User.Read.All`, `User.ReadWrite.All`, `Directory.Read.All` or `Directory.ReadWrite.All`.
+Note: Before you create the management agent for the Graph connector in MIM Sync, review the guide to deploying the [Graph Connector](microsoft-identity-manager-2016-connector-graph.md) and create an application with a client ID and secret.
+Ensure that the application is authorized for at least one of these permissions: `User.Read.All`, `User.ReadWrite.All`, `Directory.Read.All` or `Directory.ReadWrite.All`.
## Create the New Management Agent
@@ -85,7 +82,7 @@ Select **Graph (Microsoft)** and give it a descriptive name.
### Connectivity
On the Connectivity page, you must specify the Graph API Version. Production
-ready PAI is **V 1.0**, Non-Production is **Beta**.
+ready PAI is **V 1.0**. Non-Production is **Beta**.
@@ -96,7 +93,7 @@ ready PAI is **V 1.0**, Non-Production is **Beta**.
### Configure Provisioning Hierarchy
This page is used to map the DN component, for example OU, to the object type
-that should be provisioned, for example organizationalUnit. This is not needed for this scenario, so leave this as the default and click next.
+that should be provisioned, for example organizationalUnit. This isn't needed for this scenario, so leave this as the default and click next.
@@ -116,19 +113,19 @@ plan to import. You must select at least 'User'.
#### Select Attributes
-On the Select Attributes screen, select attributes from Microsoft Entra which will be needed to manage B2B users in AD. The Attribute "ID" is required. The attributes `userPrincipalName` and `userType` will be used later in this configuration. Other attributes are optional, including
+On the Select Attributes screen, select attributes from Microsoft Entra that you need to manage B2B users in AD. The Attribute "ID" is required. The attributes `userPrincipalName` and `userType` is used later in this configuration. Other attributes are optional, including
-- `displayName`
+- `displayName`
-- `mail`
+- `mail`
-- `givenName`
+- `givenName`
-- `surname`
+- `surname`
-- `userPrincipalName`
+- `userPrincipalName`
-- `userType`
+- `userType`
@@ -140,31 +137,31 @@ On the Configure Anchor screen, configuring the anchor attribute is a required s
#### Configure Connector Filter
-On the configure Connector Filter page, MIM allows you to filter out objects based on attribute filter. In this scenario for B2B, the goal is to only bring in Users with the value of the `userType` attribute that equals `Guest`, and not users with the userType that equals `member`.
+On the configure Connector Filter page, MIM allows you to filter out objects based on attribute filter. In this scenario for B2B, the goal is to only bring in Users with the value of the `userType` attribute that equals `Guest`, and not users with the userType that equals `member`.
#### Configure Join and Projection Rules
-This guide assumes you will be creating a sync rule. As configuring Join and Projection rules are handled by sync rule, it is not needed have to identify a join and projection on the connector itself. Leave default and click ok.
+This guide assumes you're creating a sync rule. A sync rule handles the configuration of Join and Projection rules, so you don't need to identify a join or projection on the connector itself. Leave default and click ok.
#### Configure Attribute Flow
-This guide assumes you will be creating a sync rule. Projection is not needed to define the attribute flow in MIM Sync, as it is handled by the sync rule that is created later. Leave default and click ok.
+This guide assumes you're creating a sync rule. You don't need to define the attribute flow in MIM Sync, because the sync rule created later handles it. Leave default and click ok.
#### Configure Deprovision
-The setting to configure deprovision allows you to configure MIM sync to delete the object, if the metaverse object is deleted. In this scenario, we make them disconnectors as the goal is to leave them in Microsoft Entra ID. In this scenario, we are not exporting anything to Microsoft Entra ID, and the connector is configured for Import only.
+The setting to configure deprovision allows you to configure MIM sync to delete the object, if the metaverse object is deleted. In this scenario, we make them disconnectors as the goal is to leave them in Microsoft Entra ID. In this scenario, we aren't exporting anything to Microsoft Entra ID, and the connector is configured for Import only.
#### Configure Extensions
-Configure Extensions on this management agent is an option but not required because we are using a synchronization rule. If we decided to use an advanced rule in the attribute flow earlier, then there would be an option to define the rules extension.
+Configure Extensions on this management agent is an option but not required because we're using a synchronization rule. If we decided to use an advanced rule in the attribute flow earlier, then there would be an option to define the rules extension.
@@ -201,7 +198,7 @@ In the steps below we begin the mapping of B2B guest account and the attribute f
-The next steps will require the addition of minimal configuration to the FIM MA and the AD MA.
+The next steps will require the addition of minimal configuration to the FIM MA and the AD MA.
More details can be found here for the configuration
- How Do I Provision Users to AD DS
@@ -210,7 +207,7 @@ More details can be found here for the configuration
### Synchronization Rule: Import Guest User to MV to Synchronization Service Metaverse from Microsoft Entra ID
-Navigate to the MIM Portal, select Synchronization Rules, and click new. Create an inbound synchronization rule for the B2B flow via the graph connector.
+Navigate to the MIM Portal, select Synchronization Rules, and click new. Create an inbound synchronization rule for the B2B flow via the graph connector.
@@ -220,7 +217,7 @@ On the relationship criteria step, be sure to select "Create resource in FIM".
-Configure the following inbound attribute flow rules. Be sure to populate the `accountName`, `userPrincipalName` and `uid` attributes as they will be used later in this scenario :
+Configure the following inbound attribute flow rules. Be sure to populate the `accountName`, `userPrincipalName` and `uid` attributes as they're used later in this scenario:
| **Initial Flow Only** | **Use as Existence Test** | **Flow (Source Value ⇒ FIM Attribute)** |
|-----------------------|---------------------------|-----------------------------------------------------------------------|
@@ -237,7 +234,7 @@ Configure the following inbound attribute flow rules. Be sure to populate the `
### Synchronization Rule: Create Guest User account to Active Directory
-This synchronization rule creates the user in Active Directory. Be sure the flow for `dn` must place the user in the organizational unit which was excluded from Microsoft Entra Connect. Also, update the flow for `unicodePwd` to meet your AD password policy - the user will not need to know the password. Note the value of `262656` for `userAccountControl` encodes the flags `SMARTCARD_REQUIRED` and `NORMAL_ACCOUNT`.
+This synchronization rule creates the user in Active Directory. Be sure the flow for `dn` must place the user in the organizational unit, which was excluded from Microsoft Entra Connect. Also, update the flow for `unicodePwd` to meet your AD password policy - the user doesn't need to know the password. Note the value of `262656` for `userAccountControl` encodes the flags `SMARTCARD_REQUIRED` and `NORMAL_ACCOUNT`.
@@ -260,11 +257,11 @@ Flow Rules:
### Optional Synchronization Rule: Import B2B Guest User Objects SID to allow for login to MIM
-This inbound synchronization rule brings the user's SID attribute from Active Directory back into MIM, so the user can access the MIM Portal. The MIM Portal requires that the user have the attributes `samAccountName`, `domain` and `objectSid` populated in the MIM Service database.
+This inbound synchronization rule brings the user's SID attribute from Active Directory back into MIM, so the user can access the MIM Portal. The MIM Portal requires the user to have the attributes `samAccountName`, `domain` and `objectSid` populated in the MIM Service database.
-Configure the source external system as the `ADMA`, as the `objectSid` attribute will be set automatically by AD when MIM creates the user.
+Configure the source external system as the `ADMA`, because AD automatically sets the `objectSid` attribute when MIM creates the user.
-Note that if you configure users to be created in MIM Service, ensure that they are not in scope of any sets intended for employee SSPR management policy rules. You may need to change your set definitions to exclude users who have been created by the B2B flow.
+Note that if you configure users to be created in MIM Service, make sure they aren't part of any sets used for employee SSPR management policy rules. You may need to change your set definitions to exclude users created by the B2B flow.
@@ -288,27 +285,23 @@ Note that if you configure users to be created in MIM Service, ensure that they
Next, we invite the user, and then run the management agent sync rules in the following
order:
-- Full Import and Synchronization on the `MIMMA` Management Agent. This ensures MIM Sync has the latest synchronization rules configured.
+- Full Import and Synchronization on the `MIMMA` Management Agent. This ensures MIM Sync has the latest synchronization rules configured.
-- Full Import and Synchronization on the `ADMA` Management Agent. This ensures that MIM and Active Directory are consistent. At this point, there will not yet be any pending exports for guests.
+- Full Import and Synchronization on the `ADMA` Management Agent. This ensures that MIM and Active Directory are consistent. At this point, there are no pending exports for guests.
-- Full Import and Synchronization on the B2B Graph Management Agent. This brings in the guest users into the metaverse. At this point, one or more accounts will be pending export for `ADMA`. If there are no pending exports, then check that guest users were imported into the connector space, and that the rules were configured for them to be given AD accounts.
+- Full Import and Synchronization on the B2B Graph Management Agent. This brings in the guest users into the metaverse. At this point, one or more accounts are pending export for `ADMA`. If there are no pending exports, check that guest users were imported into the connector space. Also, make sure the rules are configured to give them AD accounts.
-- Export, Delta Import, and Synchronization on the `ADMA` Management
- Agent. If the exports failed, then check the rule configuration and determine if there were any missing schema requirements.
+- Export, Delta Import, and Synchronization on the `ADMA` Management Agent. If the exports failed, then check the rule configuration and determine if there were any missing schema requirements.
-- Export, Delta Import, and Synchronization on the `MIMMA` Management Agent. When this completes, there should no longer be any pending exports.
+- Export, Delta Import, and Synchronization on the `MIMMA` Management Agent. When this completes, there should no longer be any pending exports.
## Optional: Application Proxy for B2B guests logging into MIM Portal
-Now that we have created the synchronization rules in MIM. In the App Proxy configuration, define use the cloud principal to allow for KCD on app proxy.
-Also, next added the user manually to the manage users and groups. The
-options not to show the user until creation has occurred in MIM to add the guest
-to an office group once provisioned requires a bit more configuration not
-covered in this document.
+Now that we create the synchronization rules in MIM. In the App Proxy configuration, define use the cloud principal to allow for KCD on app proxy.
+Also, next added the user manually to the manage users and groups. Configuring the option to prevent the user from showing until creation in MIM, or to add the guest to an Office group once provisioned, requires additional steps. These steps aren't covered in this document.
@@ -330,6 +323,6 @@ Next Steps
[Functions Reference for FIM 2010](https://technet.microsoft.com/library/ff800820(v=ws.10).aspx)
-[How to provide secure remote access to on-premises applications](/azure/active-directory/app-proxy/application-proxy)
+[How to provide secure remote access to on-premises applications](/entra/identity/app-proxy/overview-what-is-app-proxy)
[Download Microsoft Identity Manager connector for Microsoft Graph](https://go.microsoft.com/fwlink/?LinkId=717495)
diff --git a/MIMDocs/microsoft-identity-manager-2016-language-support.md b/MIMDocs/microsoft-identity-manager-2016-language-support.md
index a0a42f68..22222fe7 100644
--- a/MIMDocs/microsoft-identity-manager-2016-language-support.md
+++ b/MIMDocs/microsoft-identity-manager-2016-language-support.md
@@ -2,11 +2,10 @@
title: Supported Languages of Microsoft Identity Manager 2016 SP1 | Microsoft Docs
description: A list of languages that are supported by Microsoft Identity Manager 2016 SP1.
keywords:
-author: billmath
-ms.author: billmath
-manager: amycolannino
-ms.date: 09/14/2023
-ms.topic: conceptual
+author: henrymbuguakiarie
+ms.author: henrymbugua
+ms.date: 04/08/2025
+ms.topic: concept-article
ms.service: microsoft-identity-manager
ms.assetid: 50345fda-56d7-4b6e-a861-f49ff90a8376
diff --git a/MIMDocs/microsoft-identity-manager-2016-service-pack-2-upgrade-path.md b/MIMDocs/microsoft-identity-manager-2016-service-pack-2-upgrade-path.md
index 2f129556..cd6c6cc5 100644
--- a/MIMDocs/microsoft-identity-manager-2016-service-pack-2-upgrade-path.md
+++ b/MIMDocs/microsoft-identity-manager-2016-service-pack-2-upgrade-path.md
@@ -4,14 +4,13 @@
title: Upgrade from FIM 2010 R2 and MIM 2016 to Microsoft Identity Manager 2016 Service Pack 2 | Microsoft Docs
description: Learn how to upgrade your FIM 2010 R2 or MIM 2016 components, and then install the components that are new in MIM 2016 SP2.
keywords:
-author: EugeneSergeev
-ms.author: esergeev
-manager: amycolannino
+author: henrymbuguakiarie
+ms.author: henrymbugua
ms.date: 09/16/2019
-ms.topic: article
+ms.topic: upgrade-and-migration-article
ms.service: microsoft-identity-manager
-ms.assetid: 9471ccc1-bafe-46ee-b169-1464262380e1
+
# optional metadata
diff --git a/MIMDocs/microsoft-identity-manager-2016-supported-platforms.md b/MIMDocs/microsoft-identity-manager-2016-supported-platforms.md
index 573e6b03..ba4b86a5 100644
--- a/MIMDocs/microsoft-identity-manager-2016-supported-platforms.md
+++ b/MIMDocs/microsoft-identity-manager-2016-supported-platforms.md
@@ -6,9 +6,8 @@ description: Find the products and versions that are compatible with each of the
keywords:
author: billmath
ms.author: billmath
-manager: amycolannino
-ms.date: 09/14/2023
-ms.topic: article
+ms.date: 11/05/2025
+ms.topic: concept-article
ms.service: microsoft-identity-manager
ms.assetid: 4978f60d-044d-4e84-8d93-65801fce1144
@@ -27,38 +26,41 @@ ms.custom: mim
# Supported platforms for MIM 2016
-This table describes the supported platforms and version for each component of Microsoft Identity Manager 2016. The versions marked with a * are only supported in MIM 2016 Service Pack 1, Service Pack 2 or a later hotfix. The versions marked with ** are only supported in MIM 2016 Service Pack 2 or a later hotfix. The versions marked with "NR", for not recommended, are supported but are not recommended if starting a fresh deployment of that platform for MIM. Note that this table does not include all of versions of the connected systems, see [supported connectors](supported-management-agents.md) for more information on the MIM connectors.
+This table describes the supported platforms and version for each component of Microsoft Identity Manager 2016. The versions marked with a * are only supported in MIM 2016 Service Pack 1, Service Pack 2, or a later hotfix. The versions marked with ** are only supported in MIM 2016 Service Pack 2 or a later hotfix. The versions marked with "NR", for not recommended, aren't recommended if starting a fresh deployment of that platform for MIM. Note that this table doesn't include all of versions of the connected systems, see [supported connectors](supported-management-agents.md) for more information on the MIM connectors.
+
+> [!IMPORTANT]
+> Updated platform support will be published with MIM 2016 Service Pack 3. Customers planning upgrades should target current Long-Term Servicing Channel (LTSC) Windows Server releases and Subscription Edition (SE) for SharePoint, Exchange SE, and Outlook.
| **MIM component** | **Platform** | **Version** |
|-------------------|--------------|--------------|
-| **MIM Sync** | Windows Server | Windows Server 2012 (NR)
Windows Server 2012 R2 (NR)
Windows Server 2016 (NR) *
Windows Server 2019 **
Windows Server 2022 **|
-| | Active Directory functional level for user provisioning, PCNS and GAL Sync | Windows 2000 (NR)
Windows Server 2003
Windows Server 2008
Windows Server 2008 R2
Windows Server 2012
Windows Server 2012 R2
Windows Server 2016 *
-| | MIM Sync database | SQL Server 2012 SP4 (NR)
SQL Server 2014 SP3 (NR)
SQL Server 2016 SP2 *
SQL Server 2017 **
SQL Server 2019 ** |
-| | Active Directory for user provisioning, PCNS, and GAL Sync (optional)|Windows Server 2012 (NR)
Windows Server 2012 R2 (NR)
Windows Server 2016 *
Windows Server 2019 **
Windows Server 2022 **|
-| | Exchange for mailbox provisioning and GAL Sync (optional)|Exchange Server 2016 *
Exchange Server 2019 ** |
-| | Development environment (optional) | Visual Studio 2013
Visual Studio 2015
Visual Studio 2017 * |
-| | Additional connected system (optional) | Active Directory Domain Services
Active Directory
Lightweight Directory Services
SQL Server 2012 or later
SharePoint Server 2016 *
SharePoint Server 2019 **
Other third-party products |
-| **MIM Service and Portal** | Windows Server | Windows Server 2012 (NR)
Windows Server 2012 R2 (NR)
Windows Server 2016 (NR)*
Windows Server 2019 **
Windows Server 2022 **|
-| |PAM Scenario: Windows Server | Windows Server 2012 R2 (NR)
Windows Server 2016 (NR)*
Windows Server 2019 **
Windows Server 2022 **|
-| |PAM Scenario: Active Directory for bastion environment PAM forest | Windows Server 2012 R2 (NR)
Windows Server 2016 *
Windows Server 2019 **
Windows Server 2022 **|
-| |PAM Scenario: Active Directory for PAM scenario existing (CORP) forests | Windows Server 2012 *
Windows Server 2012 R2 *
Windows Server 2016 *
Windows Server 2019 **
Windows Server 2022 **|
-| | MIM Service database | SQL Server 2012 SP4 (NR)
SQL Server 2014 SP3 (NR)
SQL Server 2016 SP2 *
SQL Server 2017 **
SQL Server 2019 ** |
-| | SharePoint | SharePoint 2016 *
SharePoint 2019 ** |
-| | Mail server for MIM Service approval and group management emails (optional) | Exchange Server 2016 *
Exchange Server 2019 **
Exchange Online * (Notification only before build [4.4.1749.0](/microsoft-identity-manager/reference/version-history#version-4417490)) |
+| **MIM Sync** | Windows Server | Windows Server 2016 (NR) *
Windows Server 2019 **
Windows Server 2022 **|
+| | Active Directory functional level for user provisioning, PCNS, and GAL Sync | Windows Server 2016 *
+| | MIM Sync database | SQL Server 2016 SP3 *
SQL Server 2017 **
SQL Server 2019 ** |
+| | Active Directory for user provisioning, PCNS, and GAL Sync (optional)| Windows Server 2016 *
Windows Server 2019 **
Windows Server 2022 **|
+| | Exchange for mailbox provisioning and GAL Sync (optional)| |
+| | Development environment (optional) | Visual Studio 2017 * |
+| | Additional connected system (optional) | Active Directory Domain Services
Active Directory
Lightweight Directory Services
SharePoint Server 2016 *
SharePoint Server 2019 **
Other third-party products |
+| **MIM Service and Portal** | Windows Server | Windows Server 2016 (NR)*
Windows Server 2019 **
Windows Server 2022 **|
+| |PAM Scenario: Windows Server | Windows Server 2016 (NR)*
Windows Server 2019 **
Windows Server 2022 **|
+| |PAM Scenario: Active Directory for bastion environment PAM forest | Windows Server 2016 *
Windows Server 2019 **
Windows Server 2022 **|
+| |PAM Scenario: Active Directory for PAM scenario existing (CORP) forests | Windows Server 2016 *
Windows Server 2019 **
Windows Server 2022 **|
+| | MIM Service database | SQL Server 2016 SP3 *
SQL Server 2017 **
SQL Server 2019 ** |
+| | SharePoint | SharePoint Server 2016 *
SharePoint Server 2019 ** |
+| | Mail server for MIM Service approval and group management emails (optional) | Exchange Online * (Notification only before build [4.4.1749.0](/microsoft-identity-manager/reference/version-history#version-4417490)) |
| | Browser | All major supported browsers * (Mobile devices limited)|
-| **MIM Service Reporting** | Windows Server | Windows Server 2012 (NR)
Windows Server 2012 R2 (NR)
Windows Server 2016 (NR)*
Windows Server 2019 **
Windows Server 2022 **|
+| **MIM Service Reporting** | Windows Server | Windows Server 2016 (NR)*
Windows Server 2019 **
Windows Server 2022 **|
| | Data warehouse | System Center 2016 Service Manager * (With 4.4.1459)
System Center 2019 Service Manager ** |
-| **MIM Password Reset and Registration Portals** | Windows Server | Windows Server 2012 (NR)
Windows Server 2012 R2 (NR)
Windows Server 2016 (NR)*
Windows Server 2019 **
Windows Server 2022 **|
+| **MIM Password Reset and Registration Portals** | Windows Server | Windows Server 2016 (NR)*
Windows Server 2019 **
Windows Server 2022 **|
| | Web browser | All major supported browsers |
-| **MIM Add-ins and Extensions** | Windows | Windows 10
Windows 11 **|
-| | Outlook integration (optional) | Outlook 2016 (on Windows 10, except Click-To-Run) *
Outlook for Microsoft 365 (on Windows 10, including Click-To-Run) ** |
-| | PAM PowerShell requestor cmdlets (optional) | Windows 10
Windows 11 **|
-| **MIM Certificate Management** (Server and CA integration) | Windows server | Windows Server 2012 R2
Windows Server 2016 *
Windows Server 2019 ** |
-| | Certificate authority | Windows Server 2012
Windows Server 2012 R2
Windows Server 2016 *
Windows Server 2019 ** |
-| | MIM CM database | SQL Server 2012 SP4 (NR)
SQL Server 2014 SP3 (NR)
SQL Server 2016 SP2 *
SQL Server 2017 ** |
-| **MIM Certificate Management** (Application) | Windows | Windows 10 |
-| **MIM Certificate Management** (Client ActiveX based smart card) | Windows | Windows 10
Internet Explorer (IE) mode in Microsoft Edge 78 or later (on Windows 11) **|
-| **MIM BHOLD Suite** | Windows Server | Windows Server 2012 R2 (NR)
Windows Server 2016 (NR)* |
-| | BHOLD database | SQL Server 2012 SP4
SQL Server 2014 SP3 *
SQL Server 2016 SP2 * |
-| | Mail server (optional) | Exchange Server 2016 * |
+| **MIM Add-ins and Extensions** | Windows | Windows 11 **|
+| | Outlook integration (optional) | Outlook for Microsoft 365 ** |
+| | PAM PowerShell requestor cmdlets (optional) | Windows 11 **|
+| **MIM Certificate Management** (Server and CA integration) | Windows server | Windows Server 2016 *
Windows Server 2019 ** |
+| | Certificate authority | Windows Server 2016 *
Windows Server 2019 ** |
+| | MIM CM database | SQL Server 2016 SP3 *
SQL Server 2017 ** |
+| **MIM Certificate Management** (Application) | Windows | |
+| **MIM Certificate Management** (Client ActiveX based smart card) | Windows | Internet Explorer (IE) mode in Microsoft Edge 78 or later (on Windows 11) **|
+| **MIM BHOLD Suite** | Windows Server | Windows Server 2016 (NR)* |
+| | BHOLD database | SQL Server 2016 SP3 * |
+| | Mail server (optional) | |
diff --git a/MIMDocs/microsoft-identity-manager-2016-upgrade-from-fim-2010-r2.md b/MIMDocs/microsoft-identity-manager-2016-upgrade-from-fim-2010-r2.md
index 14e9efa3..151c1829 100644
--- a/MIMDocs/microsoft-identity-manager-2016-upgrade-from-fim-2010-r2.md
+++ b/MIMDocs/microsoft-identity-manager-2016-upgrade-from-fim-2010-r2.md
@@ -4,14 +4,13 @@
title: Upgrade from FIM 2010 R2 to Microsoft Identity Manager 2016 | Microsoft Docs
description: Learn how to upgrade your FIM 2010 R2 components, and then install the components that are new in MIM 2016.
keywords:
-author: billmath
-ms.author: billmath
-manager: amycolannino
-ms.date: 09/14/2023
-ms.topic: article
+author: henrymbuguakiarie
+ms.author: henrymbugua
+ms.date: 04/08/2025
+ms.topic: upgrade-and-migration-article
ms.service: microsoft-identity-manager
-ms.assetid: 9471ccc1-bafe-46ee-b169-1464262380e1
+
# optional metadata
@@ -20,6 +19,7 @@ ms.assetid: 9471ccc1-bafe-46ee-b169-1464262380e1
#ms.devlang:
ms.reviewer: mwahl
ms.suite: ems
+ms.custom: sfi-image-nochange
#ms.tgt_pltfrm:
#ms.custom:
diff --git a/MIMDocs/microsoft-identity-manager-2016.md b/MIMDocs/microsoft-identity-manager-2016.md
index b6343a18..53c8b1b4 100644
--- a/MIMDocs/microsoft-identity-manager-2016.md
+++ b/MIMDocs/microsoft-identity-manager-2016.md
@@ -6,18 +6,18 @@ description: MIM includes the access management capabilities of MIM 2016 and hel
services: active-directory
documentationcenter: ''
keywords: MIM
-author: EugeneSergeev
+author: billmath
reviewer: markwahl-msft
manager: benyim
ms.assetid: b0b39631-66df-4c5f-90c9-a1774346f816
ms.tgt_pltfrm: na
ms.workload: identity
-ms.topic: article
+ms.topic: whats-new
ms.service: entra-id-governance
ms.subservice: ''
-ms.date: 3/28/2024
-ms.author: esergeev
+ms.date: 11/18/2024
+ms.author: billmath
ms.reviewer: mwahl
ms.suite: ems
---
@@ -48,9 +48,9 @@ For Microsoft Entra ID Premium customers, standard support continues to be avail
### Deprecations of other Microsoft components impacting MIM
- - The Azure AD Connector for FIM from 2014 is deprecated, and the Microsoft Entra ID internal interfaces used by that connector, are in the process of being removed. Existing deployments should migrate to [Microsoft Entra Connect](https://azure.microsoft.com/documentation/articles/active-directory-aadconnect), Microsoft Entra Connect Sync, or the [Microsoft Graph Connector](microsoft-identity-manager-2016-connector-graph.md), as described in [how to migrate from the FIM Connector](migrate-from-the-fim-connector-for-azure-active-directory.md).
- Microsoft Entra Multifactor Authentication Server is deprecated, and beginning September 30, 2024, Microsoft Entra Multifactor Authentication Server deployments no longer services multifactor authentication (MFA) requests. Customers of Microsoft Entra Multifactor Authentication Server, for MIM SSPR or MIM PAM approvals, must move to instead use either custom MFA providers, or Windows Hello or smartcard-based authentication in AD.
- Microsoft Silverlight is no longer available for download and is at [end of support](https://support.microsoft.com/windows/silverlight-end-of-support-0a3be3c7-bead-e203-2dfd-74f0a64f1788). Customers with an existing BHOLD deployment of one or more of those modules with a Silverlight dependency should plan to uninstall those modules from their BHOLD server computers and uninstall Silverlight from any user computers that were previously interacting with that BHOLD deployment.
+ - The MIM hybrid reporting feature, introduced with Microsoft Identity Manager (MIM) 2016, is deprecated, and replaced by using Azure Arc agent to send event logs to Azure Monitor, as this allows more flexible reports. As of November 2025, the cloud endpoints used by the MIM hybrid reporting agent will no longer be available, and customers should transition to Azure Monitor or similar. For more information, see [Microsoft Identity Manager 2016 reporting with Azure Monitor](mim-azure-monitor-reporting.md).
### Major new and updated scenarios in MIM
diff --git a/MIMDocs/microsoft-identity-manager-deploy.md b/MIMDocs/microsoft-identity-manager-deploy.md
index 98e08412..56518375 100644
--- a/MIMDocs/microsoft-identity-manager-deploy.md
+++ b/MIMDocs/microsoft-identity-manager-deploy.md
@@ -6,12 +6,10 @@ description: Get the full list of steps involved in deploying Microsoft Identity
services: active-directory
documentationcenter: ''
keywords: MIM
-author: EugeneSergeev
-ms.author: esergeev
-reviewer: markwahl-msft
-manager: amycolannino
+author: henrymbuguakiarie
+ms.author: henrymbugua
ms.date: 03/18/2021
-ms.topic: article
+ms.topic: concept-article
ms.service: microsoft-identity-manager
ms.tgt_pltfrm: na
ms.workload: identity
diff --git a/MIMDocs/microsoft-identity-manager-licensing.md b/MIMDocs/microsoft-identity-manager-licensing.md
index 0de46c32..8c40acae 100644
--- a/MIMDocs/microsoft-identity-manager-licensing.md
+++ b/MIMDocs/microsoft-identity-manager-licensing.md
@@ -6,9 +6,9 @@ description: This article outlines the approaches for licensing Microsoft Identi
keywords:
author: markwahl-msft
ms.author: mwahl
-manager: amycolannino
-ms.date: 4/6/2021
-ms.topic: article
+
+ms.date: 11/10/2024
+ms.topic: concept-article
ms.service: microsoft-identity-manager
ms.assetid:
@@ -30,7 +30,7 @@ This article outlines the approaches for licensing Microsoft Identity Manager (M
## Licensing MIM for your organization
-Microsoft Identity Manager 2016 is licensed on a per-user basis. The details on licensing are included in the Product Terms and related documents, which can be downloaded from the [licensing terms](https://www.microsoft.com/licensing/product-licensing/products.aspx) page.
+Microsoft Identity Manager 2016 is licensed on a per-user basis. The details on licensing are included in the Product Terms and related documents, which can be downloaded from the [licensing terms](https://www.microsoft.com/licensing/docs/view/Product-Terms) page.
@@ -38,11 +38,11 @@ Microsoft Identity Manager 2016 is licensed on a per-user basis. The details on
Microsoft Identity Manager 2016 is included with Microsoft Entra ID P1 or P2 (P1 and P2), which is part of Enterprise Mobility + Security.
-Microsoft Entra ID P1 or P2 is available through a [Microsoft Enterprise Agreement](https://www.microsoft.com/licensing/licensing-programs/enterprise.aspx), the [Open Volume License Program](https://www.microsoft.com/licensing/licensing-programs/open-license.aspx), and the [Cloud Solution Providers](https://go.microsoft.com/fwlink/?LinkId=614968&clcid=0x409) program. Azure and Microsoft 365 subscribers can also buy Microsoft Entra ID P1 and P2 online. Read more at [Microsoft Entra pricing](https://www.microsoft.com/security/business/identity-access-management/azure-ad-pricing).
+Microsoft Entra ID P1 or P2 is available through a [Microsoft Enterprise Agreement](https://www.microsoft.com/licensing/licensing-programs/enterprise.aspx), the [Open Volume License Program](https://www.microsoft.com/licensing/licensing-programs/open-license.aspx), and the Cloud Solution Providers program. Azure and Microsoft 365 subscribers can also buy Microsoft Entra ID P1 and P2 online. Read more at [Microsoft Entra pricing](https://www.microsoft.com/security/business/microsoft-entra-pricing).
### MIM CALs
-If you do not have Microsoft Entra ID P1 or P2 subscriptions for your users, and are using more MIM capabilities beyond synchronization, then a [Client Access License (CAL)](https://www.microsoft.com/licensing/product-licensing/client-access-license.aspx) is required for each user whose identity is managed in MIM. If you want external users—such as business partners, external contractors, or customers—to be able to access MIM, you can acquire CALs for each of your external users, or acquire External Connector (EC) licenses. Microsoft Identity Manager 2016 CALs are not required for users whose identity is only in the Microsoft Identity Manager synchronization service and is not managed in any other MIM component.
+If you do not have Microsoft Entra ID P1 or P2 subscriptions for your users, and are using more MIM capabilities beyond synchronization, then a [Client Access License (CAL)](https://www.microsoft.com/en-us/licensing/product-licensing/client-access-license.aspx) is required for each user whose identity is managed in MIM. If you want external users—such as business partners, external contractors, or customers—to be able to access MIM, you can acquire CALs for each of your external users, or acquire External Connector (EC) licenses. Microsoft Identity Manager 2016 CALs are not required for users whose identity is only in the Microsoft Identity Manager synchronization service and is not managed in any other MIM component.
### Licenses for platform components
@@ -75,7 +75,7 @@ If you are starting a fresh install, you will need to download the installation
For a new installation, most organizations with Volume License agreements download the MIM installation packages from the [Microsoft 365 admin center](https://www.microsoft.com/licensing/servicecenter/default.aspx). The DVD ISO file contains one folder for each MIM component: `Synchronization Service`, `Service and Portal`, etc. If you are going to install the software on a different computer from which you downloaded it, be sure to copy either the entire ISO file or the folder for the component: do not merely copy just an MSI file out of a folder without the rest of the files and sub-folders.
-If you do not have Volume Licensing and have a subscription for Microsoft Entra ID P1 or P2, you can download the [Microsoft Entra ID P1 or P2 edition of MIM 2016](https://aka.ms/MIMforAADP). This edition includes the `Synchronization Service` and `Service and Portal` components of MIM 2016 SP2. All the changes from published hotfixes as of March 2021 are included in the installers. The MIM Service installer for the Microsoft Entra ID P1 or P2 edition, in order to validate your subscription, requires internet connectivity and will ask you to provide Microsoft Entra credentials with enough permissions to read subscribedSKUs.
+If you do not have Volume Licensing and have a subscription for Microsoft Entra ID P1 or P2, you can download the [Microsoft Entra ID P1 or P2 edition of MIM 2016](https://aka.ms/MIMforAADP). This edition includes the `Synchronization Service` and `Service and Portal` components of MIM 2016 SP2. All the changes from published hotfixes as of March 2021 are included in the installers; later hotfixes must be downloaded separately. The MIM Service installer for the Microsoft Entra ID P1 or P2 edition, in order to validate your subscription, requires internet connectivity and will ask you to provide Microsoft Entra credentials with enough permissions to read subscribedSKUs from your directory.
If you do not have Volume Licensing, customers with an appropriate developer subscription can also download MIM 2016 SP2 as an ISO file from [Visual Studio My Benefits Downloads](https://my.visualstudio.com/Downloads?q=Microsoft%20Identity%20Manager%202016%20with%20Service%20Pack%202&pgroup=). Search for `Microsoft Identity Manager 2016 with Service pack 2`.
diff --git a/MIMDocs/migrate-entra-id.md b/MIMDocs/migrate-entra-id.md
index c8c190e5..eca8905a 100644
--- a/MIMDocs/migrate-entra-id.md
+++ b/MIMDocs/migrate-entra-id.md
@@ -5,11 +5,11 @@ description: This document describes migration options and approaches for moving
services: active-directory
documentationcenter: ''
keywords: MIM
-author: billmath
-ms.author: billmath
+author: henrymbuguakiarie
+ms.author: henrymbugua
reviewer: markwahl-msft
-ms.date: 02/23/2024
-ms.topic: article
+ms.date: 04/08/2025
+ms.topic: concept-article
ms.service: microsoft-identity-manager
ms.tgt_pltfrm: na
ms.workload: identity
@@ -19,6 +19,11 @@ ms.workload: identity
# Migrating Identity and Access Management scenarios to Microsoft Entra from Microsoft Identity Manager
Microsoft Identity Manager is Microsoft’s on-premises-hosted identity and access management product. It's based on technology introduced in 2003, continuously improved through today, and [supported along with Microsoft Entra cloud services](microsoft-identity-manager-2016.md?#support-update-for-microsoft-entra-id-p1-or-p2-customers). MIM has been a core part of many identity and access management strategies, augmenting Microsoft Entra ID's cloud-hosted services and other on-premises agents.
+>[!IMPORTANT]
+>We are seeking feedback from our customers on how they are planning their migration from Microsoft Identity Manager (MIM) before its end of life in January 2029.
+>
+>Please take the time to fill out a small survey here: https://aka.ms/MIMMigrationFeedback
+
Many customers have expressed interest in moving the center of their identity and access management scenarios entirely to the cloud. Some customers will no longer have an on-premises environment, while others integrate the cloud-hosted identity and access management with their remaining on-premises applications, directories and databases. This document provides guidance on migration options and approaches for moving Identity and Access Management (IAM) scenarios from Microsoft Identity Manager to Microsoft Entra cloud-hosted services, and will be updated as new scenarios become available to migrate. Similar guidance is available for migration of other on-premises identity management technologies, including [migrating from ADFS](/entra/identity/enterprise-apps/migrate-ad-fs-application-howto).
## Migration overview
diff --git a/MIMDocs/migrate-from-the-fim-connector-for-azure-active-directory.md b/MIMDocs/migrate-from-the-fim-connector-for-azure-active-directory.md
deleted file mode 100644
index 7d73fdcb..00000000
--- a/MIMDocs/migrate-from-the-fim-connector-for-azure-active-directory.md
+++ /dev/null
@@ -1,59 +0,0 @@
----
-# required metadata
-
-title: Migrate a Microsoft Entra provisioning scenario from the FIM Connector for Microsoft Entra ID to Microsoft Entra Connect or MIM Graph connector
-description: This article documents how customers that had been using the FIM Connector for Microsoft Entra ID could instead use a more recent sync technology or connector.
-keywords:
-author: markwahl-msft
-ms.author: mwahl
-manager: amycolannino
-ms.date: 2/6/2024
-ms.topic: reference
-ms.service: microsoft-identity-manager
-
-ms.assetid:
-
----
-
-# Migrate a Microsoft Entra provisioning scenario from the FIM Connector for Microsoft Entra ID
-
-While Microsoft Identity Manager (MIM) continues to be supported, one of the connectors, the Forefront Identity Manager (FIM) Connector for Azure AD (Microsoft Entra ID) was [deprecated](microsoft-identity-manager-2016-deprecated-features.md) in 2021. That solution of using FIM and that connector that had been made available for multi-forest customers in 2014 has been superseded by more recent integration options which provide more hybrid integration features. If you're still using that connector to provision from FIM or MIM into Microsoft Entra ID, you'll need to update your sync topology to remove that connector and use a different option. This change is necessary because the internal interfaces used by the Windows Azure AD Connector for FIM are being removed from Microsoft Entra ID, and that connector is no longer able to connect to Microsoft Entra ID as of April 2024.
-
-Three options to use in place of this connector are:
-
-* Microsoft Entra Connect cloud sync
-* Microsoft Entra Connect Sync
-* MIM with the Microsoft Graph Connector
-
-Once you've updated your FIM or MIM deployment to one of these options, then the FIM Connector for Microsoft Entra ID should be removed from your FIM or MIM sync engine.
-
- > [!NOTE]
- >
- > Customers who plan to change their synchronization technology in a production environment are recommended to work with a partner for help and guidance for this migration.
-
-
-
-## Migrating to Microsoft Entra Connect cloud sync
-
-This approach is recommended if you already have one or more Active Directory forests.
-
-In this approach, provisioning would occur in two steps. You would use MIM sync with the AD MA to provision users or groups into Active Directory. Then, you would use Microsoft Entra Connect cloud sync to bring those objects from that Active Directory into Microsoft Entra ID. This is because the easiest way to make objects in Active Directory forests available in Microsoft Entra ID is through [Microsoft Entra Connect cloud sync](/azure/active-directory/cloud-sync/what-is-cloud-sync) reading from those forests. If your forests are in one of the [Microsoft Entra Connect cloud sync supported topologies](/azure/active-directory/cloud-sync/plan-cloud-sync-topologies), then you can [pilot](/azure/active-directory/cloud-sync/tutorial-pilot-aadc-aadccp) a deployment of Microsoft Entra Connect cloud sync for a subset of users in one of those domains.
-
-Once you've completed the migration to Microsoft Entra Connect cloud sync, if FIM or MIM had been used only to provision from an on-premises directory to Microsoft Entra ID, then the FIM or MIM sync engine might no longer be needed.
-
-
-
-## Migrating to Microsoft Entra Connect Sync
-
-In this approach, you would use MIM sync with the AD MA or Generic LDAP Connector to provision users or groups into an on-premises directory. Then, you would use [Microsoft Entra Connect Sync](/azure/active-directory/hybrid/how-to-connect-install-roadmap) to bring users and groups from that directory into Microsoft Entra ID. This approach is recommended only if your directory topology isn't one of those topologies supported by Microsoft Entra Connect cloud sync. Microsoft Entra Connect Sync has a different list of [supported topologies](/azure/active-directory/hybrid/plan-connect-topologies) than Microsoft Entra Connect cloud sync, and if needed, can be configured with a [non-AD LDAP directory](/azure/active-directory/fundamentals/sync-ldap) as a source.
-
- > [!NOTE]
- > Deploying the LDAP Connector in Microsoft Entra Connect requires an advanced configuration and this connector is provided under limited support. Customers who require this configuration in a production environment are recommended to work with a partner such as Microsoft Consulting Services for help, guidance and support for this configuration.
-
-## Migrating to the Microsoft Graph Connector
-
-If you aren't already provisioning users and groups into any on-premises directory, then you may wish to change your MIM sync deployment to use the [Microsoft Identity Manager connector for Microsoft Graph](microsoft-identity-manager-2016-connector-graph.md) instead. This connector enables integration scenarios for Microsoft Entra ID P1 or P2 customers, for users and groups that aren't in scope of Microsoft Entra Connect cloud sync or Microsoft Entra Connect Sync. This connector communicates with Microsoft Entra ID via the [Microsoft Graph API](/graph/api/overview) v1.0 and beta.
-
-## Next steps
-
-* [Deprecated features and planning for the future](microsoft-identity-manager-2016-deprecated-features.md)
diff --git a/MIMDocs/mim-azure-monitor-reporting.md b/MIMDocs/mim-azure-monitor-reporting.md
new file mode 100644
index 00000000..8003e478
--- /dev/null
+++ b/MIMDocs/mim-azure-monitor-reporting.md
@@ -0,0 +1,132 @@
+---
+title: Use Azure Monitor for Microsoft Identity Manager reporting
+description: Get the steps to configure Azure Monitor with MIM
+services: active-directory
+documentationcenter: ''
+keywords: MIM
+author: henrymbuguakiarie
+ms.author: henrymbugua
+reviewer: markwahl-msft
+
+ms.date: 04/08/2025
+ms.topic: how-to
+ms.service: microsoft-identity-manager
+ms.tgt_pltfrm: na
+ms.workload: identity
+ms.custom: sfi-image-nochange
+---
+
+# Microsoft Identity Manager 2016 reporting with Azure Monitor
+[Azure Monitor](/azure/azure-monitor/overview) is a monitoring solution for collecting, analyzing, and responding to monitoring data from your cloud and on-premises environments. MIM Synchronization Service writes to the event log for key events, and the MIM Service can be configured to add records to a Windows event log for requests it receives. These event logs are transported by Azure Arc to Azure Monitor, and can be retained in an Azure Monitor workspace alongside the Microsoft Entra audit log, and logs from other [data sources](/azure/azure-monitor/data-sources). You can then use [Azure Monitor workbooks](/azure/azure-monitor/visualize/workbooks-overview) to format the MIM events in a report, and [alerts](/azure/azure-monitor/alerts/alerts-overview) to monitor for specific events in MIM Service. This approach replaces the earlier [MIM hybrid reporting](working-with-identity-manager-hybrid-reporting.md).
+
+Setting up Azure Monitor with your MIM server consists of the following steps:
+
+ 1. [Join MIM servers to Azure with Azure Arc](#join-mim-server-to-azure-with-azure-arc)
+ 2. [Install the Azure Monitor extensions](#install-the-azure-monitor-extensions)
+ 3. [Create a workspace](#create-a-data-collection-rule)
+ 4. [Create a Data Collection Rule (DCR)](#create-a-data-collection-rule)
+ 5. [Verify the MIM data](#verify-data)
+
+
+ The following sections describe each of the individual steps.
+
+## Prerequisites
+You should make sure that you meet the Azure Arc and Azure Monitor prerequisites before attempting the steps outlined below.
+
+- [Azure Arc Prerequisites](/azure/azure-arc/servers/plan-at-scale-deployment#prerequisites)
+- [Collect Windows events with Azure Monitor Agent - Prerequisites](/azure/azure-monitor/agents/data-collection-windows-events#prerequisites)
+
+Also, a resource group in Azure is required before joining the server with Azure Arc. If you do not have a resource group, you can [create one](/azure/azure-resource-manager/management/manage-resource-groups-portal#create-resource-groups) before generating the Azure Arc installation script.
+
+## Join MIM server to Azure with Azure Arc
+You'll likely have one or more Windows Server machines that run MIM Sync or MIM Service in your environment, potentially located on-premises. To join any non-Azure hosted Windows Server to Azure, you generate a script and run it locally on each of those servers. This provides a consistent management experience across native Azure virtual machines and servers anywhere. When a non-Azure machine is Arc-enabled, it becomes a connected machine and is treated as a resource in Azure, with its own resource Id and projection in Azure.
+
+To join your MIM server, you generate a script and run it locally on the MIM server. Follow the prompts in the portal to create the script. Download the script and run it on the MIM server. After the script completes, the MIM server should appear under Azure Arc in the portal.
+
+:::image type="content" source="media/mim-azure-monitor-reporting/azure-monitor-1.png" alt-text="Screenshot Azure Arc." lightbox="media/mim-azure-monitor-reporting/azure-monitor-1.png":::
+
+
+For more information, see [Connect Windows Server machines to Azure through Azure Arc Setup](/azure/azure-arc/servers/onboard-windows-server).
+
+
+## Install the Azure Monitor extensions
+After you've joined the Windows Server machines, which have MIM Sync or MIM Service installed, to Azure, you can use the Azure Monitor agent on those servers to begin collecting Windows Event logs. Azure Arc-enabled servers support the Azure VM extension framework, which provides post-deployment configuration and automation tasks, enabling you to simplify management of your hybrid machines like you can with Azure VMs.
+
+After you have MIM joined to Azure, you can the Azure Monitor agent on the MIM server to beginning collecting Windows Event data. To install the Azure Monitor extensions you can use the following PowerShell script. Be sure to replace the variables with your information.
+
+```PowerShell
+## Install the Azure Monitor Agent
+Install-Module -Name Az.ConnectedMachine
+$subscriptionID = "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx"
+$tenantID = "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx"
+$resourcegroup = "MIM-resource-group"
+$MIMServer = "MIM"
+$location = eastus
+Connect-AzAccount -Tenant $tenantID -SubscriptionId $subscriptionID
+New-AzConnectedMachineExtension -Name AzureMonitorWindowsAgent -ExtensionType AzureMonitorWindowsAgent -Publisher Microsoft.Azure.Monitor -ResourceGroupName $resourcegroup -MachineName $MIMServer -Location $location -EnableAutomaticUpgrade
+```
+
+For more information, see [Deployment options for Azure Monitor agent on Azure Arc-enabled servers](/azure/azure-arc/servers/concept-log-analytics-extension-deployment)
+
+## Create a workspace
+A Log Analytics workspace is a data store into which you can collect any type of log data from all of your Azure and non-Azure resources and applications.
+
+Before we create a data collection rule that collects the Windows Event log information, we need somewhere to send this information. Follow the steps outline in [Create a workspace](/azure/azure-monitor/logs/quick-create-workspace?tabs=azure-portal#create-a-workspace) to create a Log Analytics workspace.
+
+## Create a Data Collection Rule
+Data collection rules (DCRs) are part of an Extract, Transform, and Load (ETL) data collection process that improves on legacy data collection methods for Azure Monitor. This process uses a common data ingestion pipeline, the Azure Monitor pipeline, for all data sources and a standard method of configuration that's more manageable and scalable than other methods.
+
+To create the data collection rule for the MIM server, use the following steps.
+
+1. On the Monitor home screen in the Azure portal, select **Settings** and **Data Collection Rules**.
+2. At the top, click **Create**.
+3. Give your rule a name, associate it with your resource group, and the region your resource group is located in.
+4. Click **Next**.
+5. On the resources tab, click **Add resources** and under your resource group, add the MIM server. Click **Next**.
+6. On **Collect and deliver** and the **Windows Event Logs** as the data source.
+7. On **Basic** you can add the basic Windows Event logs, System, Security, and Application.
+8. Click on **Custom**.
+9. Enter the following in the box under **Use XPath queries to filter event logs and limit data collection**:
+
+|Xpath query|Description|
+|-----|-----|
+|`Forefront Identity Manager!*[System[(Level=1 or Level=2 or Level=3 or Level=4 or Level=0 or Level=5)]]`| The MIM service log|
+|`Forefront Identity Manager Management Agent!*[System[(Level=1 or Level=2 or Level=3 or Level=4 or Level=0 or Level=5)]]`|The MIM management agent log|
+|`Forefront Identity Manager Synchronization%4Operational!*[System[(Level=1 or Level=2 or Level=3 or Level=4 or Level=0 or Level=5)]]`|The operations log for the MIM synchronization engine|
+
+:::image type="content" source="media/mim-azure-monitor-reporting/azure-monitor-2.png" alt-text="Screenshot of data collection sources." lightbox="media/mim-azure-monitor-reporting/azure-monitor-2.png":::
+
+10. Click **Next Destination** and click **Add Destination**.
+11. Enter the following:
+ - Destination Type: Azure Monitor Logs
+ - Subscription: Your subscription
+ - Destination Details: Your workgroup
+
+12. Click **Add data source**.
+13. Click **Review and Create**.
+14. Click **Create**.
+
+Once the DCR is created and deployed, event log information begins to flow from the MIM server.
+
+### Windows events generated by MIM Service
+
+Events that are generated by Microsoft Identity Manager are stored in Windows Event Log. You can view the events corresponding to MIM Service requests in the **Event Viewer** by selecting **Application and Services logs** > **Identity Manager Request Log**. Each MIM Service request is exported as an event in Windows Event Log in the JSON structure.
+
+|Event type|ID|Event details|
+|--------------|------|-----------------|
+|Information|4121|The Identity Manager event data that includes all the request data.|
+|Information|4137|The Identity Manager event 4121 extension, if there is too much data for a single event. The header in this event is displayed in the following format: `"Request: , message out of `.|
+
+## Verify data
+To verify that you are collecting data, you can go to your workspace and run the following query.
+
+1. On your workspace, select logs
+2. Enter the following query: `Event | where TimeGenerated > ago(48h)`
+3. You should see your MIM data.
+
+ :::image type="content" source="media/mim-azure-monitor-reporting/azure-monitor-3.png" alt-text="Screenshot of data collected." lightbox="media/mim-azure-monitor-reporting/azure-monitor-3.png":::
+
+## Create a workbook for your data
+Workbooks provide a flexible canvas for data analysis and the creation of rich visual reports within the Azure portal. Now that the MIM data is in the portal, you can use workbooks. Workbooks let you combine multiple kinds of visualizations and analyses, making them great for freeform exploration.
+
+For more information, see [Create or edit an Azure Workbook](/azure/azure-monitor/visualize/workbooks-create-workbook).
diff --git a/MIMDocs/mim-best-practices.md b/MIMDocs/mim-best-practices.md
index 7afb18c5..a0ccb4db 100644
--- a/MIMDocs/mim-best-practices.md
+++ b/MIMDocs/mim-best-practices.md
@@ -4,10 +4,9 @@
title: Microsoft Identity Manager 2016 Best Practices| Microsoft Docs
description: Best practices for deploying and operating MIM.
keywords:
-author: billmath
-ms.author: billmath
-manager: amycolannino
-ms.date: 09/14/2023
+author: henrymbuguakiarie
+ms.author: henrymbugua
+ms.date: 04/08/2025
ms.topic: reference
ms.service: microsoft-identity-manager
@@ -18,11 +17,11 @@ ms.assetid:
# Microsoft Identity Manager 2016 Best Practices
-This topic describes the best practices for deploying and operating Microsoft Identity Manager 2016 (MIM)
+This article describes the best practices for deploying and operating Microsoft Identity Manager 2016 (MIM)
## SQL setup
> [!NOTE]
-> The following recommendations for setting up a server running SQL presume a SQL instance dedicated to the FIMService and a SQL instance dedicated to the FIMSynchronizationService database. If you are running the FIMService in a consolidated environment, you will have to make adjustments appropriate for your configuration.
+> The following recommendations for setting up a server running SQL presume a SQL instance dedicated to the FIMService and a SQL instance dedicated to the FIMSynchronizationService database. If you're running the FIMService in a consolidated environment, you'll have to make adjustments appropriate for your configuration.
Configuration of the Structured Query Language (SQL) server is critical to optimal system performance. Achieving optimum MIM performance in large-scale implementations depends on the application of best practices for a server running SQL. For more information, see the following topics about SQL best practices:
@@ -36,7 +35,7 @@ Configuration of the Structured Query Language (SQL) server is critical to optim
### Presize data and log files
-Do not rely on autogrow. Instead, manage the growth of these files manually. You can leave autogrow on for safety reasons, but you should proactively manage the growth of the data files. For sample sizes of the MIM database, see the [FIM Capacity Planning Guide](https://go.microsoft.com/fwlink/?LinkID=185246).
+Don't rely on autogrow. Instead, manage the growth of these files manually. You can leave autogrow on for safety reasons, but you should proactively manage the growth of the data files. For sample sizes of the MIM database, see the [FIM Capacity Planning Guide](https://go.microsoft.com/fwlink/?LinkID=185246).
### To presize SQL data and log files
@@ -64,7 +63,7 @@ For optimal performance, we recommend that you create one data file per CPU core
### Ensure adequate space for Log files
-It is important to understand your recovery model’s disk requirements. Simple recovery mode may be appropriate during the initial system load to limit the use of your disk space, but the data created after your most recent backup is exposed to data loss. When using Full recovery mode, you need to manage the disk usage through backups that include frequent backups of the transaction log to prevent high disk space usage. For more information, see [Recovery Model Overview](https://go.microsoft.com/fwlink/?LinkID=185370).
+It's important to understand your recovery model’s disk requirements. Simple recovery mode may be appropriate during the initial system load to limit the use of your disk space, but the data created after your most recent backup is exposed to data loss. When using Full recovery mode, you need to manage the disk usage through backups that include frequent backups of the transaction log to prevent high disk space usage. For more information, see [Recovery Model Overview](https://go.microsoft.com/fwlink/?LinkID=185370).
### Limit SQL server memory
@@ -109,14 +108,14 @@ Depending on how much memory you have on your SQL server and if you share the SQ
In general, you should work with your database administrator to design a backup and recovery strategy. Some recommendations include:
- Perform database backups according to your organization’s backup policy.
-- If incremental log backups are not planned, the database should be set to the Simple recovery mode.
+- If incremental log backups aren't planned, the database should be set to the Simple recovery mode.
- Ensure that you understand the implications of the different recovery models before implementing your backup strategy. Learn the disk space requirements for these models. Full recovery model requires frequent log backups to avoid high disk space usage.
For more information, see [Recovery Model Overview](https://go.microsoft.com/fwlink/?LinkID=185370) and [FIM 2010 Backup and Restore Guide](https://go.microsoft.com/fwlink/?LinkID=165864).
## Create a Backup Administrator account for the FIM Service after installation
-Members of the FIMService Administrators set have unique permissions critical to the operation of your MIM deployment. If you are unable to log on as part of the Administrators set, the only resolution is to roll back to a previous backup of the system. To mitigate this situation, we recommend that you add other users to the FIM Administrative set as part of your post-installation configuration.
+Members of the FIMService Administrators set have unique permissions critical to the operation of your MIM deployment. If you're unable to log on as part of the Administrators set, the only resolution is to roll back to a previous backup of the system. To mitigate this situation, we recommend that you add other users to the FIM Administrative set as part of your post-installation configuration.
## FIM Service
@@ -167,7 +166,7 @@ We recommend that you disable Microsoft Office SharePoint® indexing. There are
## MIM 2016 Initial Data Load
-This section lists a series of steps to increase the performance of the initial data load from external system to MIM. It is important to understand that a number of these steps are only performed during the initial population of the system. They should be reset upon load completion. Those steps are for a one-time operation and not a continuous synchronization.
+This section lists a series of steps to increase the performance of the initial data load from external system to MIM. It's important to understand that a number of these steps are only performed during the initial population of the system. They should be reset upon load completion. Those steps are for a one-time operation and not a continuous synchronization.
>
> [!IMPORTANT]
@@ -244,27 +243,27 @@ If you have to switch to Simple recovery mode, ensure that you reconfigure your
### Avoid changing display names
-For many object types such as MPRs, the syncproduction.ps1 script uses the display name as the only anchor attribute between two systems. Consequently, a change to an existing MPR’s display name results in the deletion of the existing MPR, followed by the creation of a new MPR. This result occurs because the migration process cannot successfully join MPRs whose join criteria have changed. To avoid this issue, you can bind a custom attribute to all configuration object types and use that attribute as the join criteria. This process enables you to modify display names without affecting the migration process.
+For many object types such as MPRs, the syncproduction.ps1 script uses the display name as the only anchor attribute between two systems. Consequently, a change to an existing MPR’s display name results in the deletion of the existing MPR, followed by the creation of a new MPR. This result occurs because the migration process can't successfully join MPRs whose join criteria have changed. To avoid this issue, you can bind a custom attribute to all configuration object types and use that attribute as the join criteria. This process enables you to modify display names without affecting the migration process.
### Avoid changing the content of intermediate files
-While the file format and application programming interface (API) of the low-level objects are public and manipulations are supported by developers, we do not recommend that you change the contents of the intermediate formats during the migration. However, it may be necessary to remove entire ImportObjects from changes.xml or to perform find and replace operations on pilot.xml to replace version numbers or pilot Domain Name System (DNS) information for production DNS information.
+While the file format and application programming interface (API) of the low-level objects are public and manipulations are supported by developers, we don't recommend that you change the contents of the intermediate formats during the migration. However, it may be necessary to remove entire ImportObjects from changes.xml or to perform find and replace operations on pilot.xml to replace version numbers or pilot Domain Name System (DNS) information for production DNS information.
### Ensure that the version number is correct in pilot.xml when migrating across versions
-While migrations across version numbers are not recommended or supported, you can often do this migration by replacing the pilot version number with the production version number in pilot.xml. Specifically, WorkflowDefinition and
+While migrations across version numbers aren't recommended or supported, you can often do this migration by replacing the pilot version number with the production version number in pilot.xml. Specifically, WorkflowDefinition and
ActivityInformationConfiguration objects require the version number to refer precisely to workflow activities in the production environment. Failing to replace the version number results in the Compare-FIMConfig cmdlet identifying differences between the Extensible Object Markup Language (XOML) attributes on WorkflowDefinitions and migrating the pilot’s version number. The production FIM Service may fail to start workflow activities with the incorrect version number.
### Avoid cyclic references
-In general, cyclic references are not recommended in a MIM configuration. However, cycles sometimes occur when Set A refers to Set B and Set B also refers to Set A. To avoid issues with cyclic references, you should change the definition of Set A or Set B so that they both do not refer to each other. Then, restart the migration process. If you do have cyclic references and the Compare-FIMConfig cmdlet results in an error as a result, it is necessary to break the cycle manually. Because the Compare-FIMConfig cmdlet outputs a list of changes in order of precedence, it requires that no cycles exist among the references of configuration objects.
+In general, cyclic references aren't recommended in a MIM configuration. However, cycles sometimes occur when Set A refers to Set B and Set B also refers to Set A. To avoid issues with cyclic references, you should change the definition of Set A or Set B so that they both don't refer to each other. Then, restart the migration process. If you do have cyclic references and the Compare-FIMConfig cmdlet results in an error as a result, it's necessary to break the cycle manually. Because the Compare-FIMConfig cmdlet outputs a list of changes in order of precedence, it requires that no cycles exist among the references of configuration objects.
## Security
### MIM MA account
-The MIM MA account is not considered a service account and should be a regular user account. The accounts must be able to log on locally in order for the FIM Synchronization Service service account to be able to impersonate it.
+The MIM MA account isn't considered a service account and should be a regular user account. The accounts must be able to log on locally in order for the FIM Synchronization Service service account to be able to impersonate it.
To enable the MIM MA account to log on locally
@@ -483,8 +482,7 @@ To remove an entitlement but leave the current members alone (for example, stop
When applying the best practices for sets, you need to consider the impact of the optimizations on the manageability and ease of future administration. Appropriate testing at expected production scale should be performed to identify the right balance between performance and manageability before applying these recommendations.
>[!NOTE]
-> All the following guidelines apply to dynamic sets and dynamic groups.
-
+> All the following guidelines apply to criteria-based groups and criteria-based sets.
#### Minimize the use of dynamic nesting
@@ -492,6 +490,10 @@ This refers to the filter of a set referencing the ComputedMember attribute of a
You may encounter cases where you cannot avoid nesting sets to satisfy a functional requirement. These are the primary situations where you should nest sets. For example, to define the set of all the groups without Full-Time Employee owners, the nesting of sets must be used as follows: `/Group[not(Owner = /Set[ObjectID = ‘X’]/ComputedMember]`, where ‘X’ is the ObjectID of the set of All Full Time Employees.
+#### Filter condition limit
+
+We recommend limiting filter conditions to six or fewer because exceeding this number can cause performance issues and lead to potential UI errors. Keeping conditions within this limit ensures smoother operations and reduces the risk of system instability.
+
#### Minimize the use of negative conditions
Negative conditions are the membership conditions that make use of the following operators or functions: `!=`, `not()`, `\<` , `\<=`. To optimize for performance, where possible, express the condition that you want with multiple positive conditions rather than as a negative condition.
diff --git a/MIMDocs/mim-cm-deploy.md b/MIMDocs/mim-cm-deploy.md
index ac052b7c..407c672b 100644
--- a/MIMDocs/mim-cm-deploy.md
+++ b/MIMDocs/mim-cm-deploy.md
@@ -4,14 +4,14 @@
title: Deploying Microsoft Identity Manager Certificate Manager | Microsoft Docs
description: Install Microsoft Identity Manager 2016 Certificate Manager
keywords:
-author: billmath
-ms.author: billmath
-manager: amycolannino
-ms.date: 09/14/2023
-ms.topic: article
+author: henrymbuguakiarie
+ms.author: henrymbugua
+ms.date: 04/08/2025
+ms.topic: how-to
ms.service: microsoft-identity-manager
ms.assetid:
+ms.custom: sfi-image-nochange
---
@@ -228,6 +228,9 @@ All three of the above accounts will have elevated rights within your organizati
8. In the **Cryptography Selection** dialog box, disable **Microsoft Enhanced Cryptographic Provider v1.0**, enable **Microsoft Enhanced RSA and AES Cryptographic Provider**, and then click **OK**.
+ >[!NOTE]
+ > MIM CM supports SHA-2 hashing. SHA-3 hashing and ECC/ECDSA algorithms are not supported.
+
9. On the **Subject Name** tab, clear the **Include e-mail name in subject name** and **E-mail name** check boxes.
10. On the **Extensions** tab, in the **Extensions included in this template** list, ensure that **Application Policies** is selected, and then click **Edit**.
diff --git a/MIMDocs/mim-how-provision-users-adds.md b/MIMDocs/mim-how-provision-users-adds.md
index a9971e43..54556b55 100644
--- a/MIMDocs/mim-how-provision-users-adds.md
+++ b/MIMDocs/mim-how-provision-users-adds.md
@@ -4,14 +4,14 @@
title: Microsoft Identity Manager 2016 user provisioning to AD | Microsoft Docs
description: Go over the process of creating users in ADDS using Microsoft Identity Manager 2016
keywords:
-author: billmath
-ms.author: billmath
-manager: amycolannino
-ms.date: 09/14/2023
-ms.topic: article
+author: henrymbuguakiarie
+ms.author: henrymbugua
+ms.date: 04/08/2025
+ms.topic: how-to
ms.service: microsoft-identity-manager
ms.assetid:
+ms.custom: sfi-image-nochange
---
diff --git a/MIMDocs/mim-privacy-compliance.md b/MIMDocs/mim-privacy-compliance.md
index 3fee3f28..18489fe0 100644
--- a/MIMDocs/mim-privacy-compliance.md
+++ b/MIMDocs/mim-privacy-compliance.md
@@ -4,11 +4,10 @@
title: Microsoft Identity Manager data handling | Microsoft Docs
description: Understand Microsoft Identity Manager data handling to identify and report on data within the environment, take action in given system based on operational functions and requirement.
keywords:
-author: billmath
-ms.author: billmath
-manager: amycolannino
-ms.date: 09/14/2023
-ms.topic: conceptual
+author: henrymbuguakiarie
+ms.author: henrymbugua
+ms.date: 04/08/2025
+ms.topic: concept-article
ms.service: microsoft-identity-manager
ms.assetid: b0b39631-66df-4c5f-80c9-a1774346f816
@@ -19,6 +18,7 @@ ms.assetid: b0b39631-66df-4c5f-80c9-a1774346f816
#audience:
#ms.devlang:
ms.suite: ems
+ms.custom: sfi-image-nochange
#ms.tgt_pltfrm:
#ms.custom:
diff --git a/MIMDocs/pam/TOC.md b/MIMDocs/pam/TOC.md
index 0f2690f7..80a3fadd 100644
--- a/MIMDocs/pam/TOC.md
+++ b/MIMDocs/pam/TOC.md
@@ -21,7 +21,7 @@
### [Step 6 - Create privileged accounts](step-6-transition-group-to-pam.md)
### [Step 7 - Elevate a user's access](step-7-elevate-user-access.md)
### [Deploy MIM PAM with Windows Server 2016](deploy-pam-with-windows-server-2016.md)
-### [Set up Azure MFA](use-azure-mfa-for-activation.md)
+### [Set up custom MFA](use-azure-mfa-for-activation.md)
## [Configure PAM using scripts](sp1-pam-configure-using-scripts.md)
### [Step 1 Configuring the Priv domain](sp1-step1-configuring-priv-domain.md)
### [Step 2 Configuring the CORP domain](sp1-step2-configuring-corp-domain.md)
diff --git a/MIMDocs/pam/configuring-mim-environment-for-pam.md b/MIMDocs/pam/configuring-mim-environment-for-pam.md
index f0e501df..0ce8a7ca 100644
--- a/MIMDocs/pam/configuring-mim-environment-for-pam.md
+++ b/MIMDocs/pam/configuring-mim-environment-for-pam.md
@@ -4,11 +4,10 @@
title: Configure MIM 2016 for Privileged Access Management | Microsoft Docs
description: The roadmap for installing and MIM and configuring it for Privileged Access Management.
keywords:
-author: billmath
-ms.author: billmath
-manager: amycolannino
-ms.date: 09/14/2023
-ms.topic: article
+author: henrymbuguakiarie
+ms.author: henrymbugua
+ms.date: 04/08/2025
+ms.topic: how-to
ms.service: microsoft-identity-manager
ms.assetid: c4ca5b58-ad0c-48af-a9eb-b71b22d0c67c
diff --git a/MIMDocs/pam/defining-roles-for-pam.md b/MIMDocs/pam/defining-roles-for-pam.md
index 3067a1eb..66ea7f0c 100644
--- a/MIMDocs/pam/defining-roles-for-pam.md
+++ b/MIMDocs/pam/defining-roles-for-pam.md
@@ -4,11 +4,10 @@
title: Define privileged roles for PAM | Microsoft Docs
description: Decide which privileged roles should be managed, and define the management policy for each.
keywords:
-author: billmath
-ms.author: billmath
-manager: amycolannino
-ms.date: 09/14/2023
-ms.topic: article
+author: henrymbuguakiarie
+ms.author: henrymbugua
+ms.date: 04/08/2025
+ms.topic: concept-article
ms.service: microsoft-identity-manager
ms.assetid: 1a368e8e-68e1-4f40-a279-916e605581bc
diff --git a/MIMDocs/pam/deploy-pam-with-windows-server-2016.md b/MIMDocs/pam/deploy-pam-with-windows-server-2016.md
index 319d7a06..25220aa3 100644
--- a/MIMDocs/pam/deploy-pam-with-windows-server-2016.md
+++ b/MIMDocs/pam/deploy-pam-with-windows-server-2016.md
@@ -4,11 +4,10 @@
title: Deploy MIM Privileged Access Management with Windows Server 2016 | Microsoft Docs
description: Learn about deploying Privileged Access Management with server 2016
keywords:
-author: billmath
-ms.author: billmath
-manager: amycolannino
-ms.date: 09/14/2023
-ms.topic: article
+author: henrymbuguakiarie
+ms.author: henrymbugua
+ms.date: 04/08/2025
+ms.topic: how-to
ms.service: microsoft-identity-manager
ms.assetid:
diff --git a/MIMDocs/pam/environment-overview.md b/MIMDocs/pam/environment-overview.md
index dcbf923f..8e73182c 100644
--- a/MIMDocs/pam/environment-overview.md
+++ b/MIMDocs/pam/environment-overview.md
@@ -4,11 +4,10 @@
title: PAM environment overview | Microsoft Docs
description: Find the required number and configuration of virtual machines to successfully deploy Privileged Access Management.
keywords:
-author: billmath
-ms.author: billmath
-manager: amycolannino
-ms.date: 09/14/2023
-ms.topic: article
+author: henrymbuguakiarie
+ms.author: henrymbugua
+ms.date: 04/08/2025
+ms.topic: concept-article
ms.service: microsoft-identity-manager
ms.assetid: 479db14c-1bfb-4d7c-a344-cd718a01f328
diff --git a/MIMDocs/pam/hardware-software-requirements.md b/MIMDocs/pam/hardware-software-requirements.md
index 2156d8ac..961fba41 100644
--- a/MIMDocs/pam/hardware-software-requirements.md
+++ b/MIMDocs/pam/hardware-software-requirements.md
@@ -4,11 +4,10 @@
title: PAM software requirements | Microsoft Docs
description: Find the hardware and software requirements for a successful deployment of Privileged Access Management
keywords:
-author: billmath
-ms.author: billmath
-manager: amycolannino
-ms.date: 09/14/2023
-ms.topic: article
+author: henrymbuguakiarie
+ms.author: henrymbugua
+ms.date: 04/08/2025
+ms.topic: concept-article
ms.service: microsoft-identity-manager
ms.assetid: 82a9085c-9667-4b3b-8079-657eab1d1e58
diff --git a/MIMDocs/pam/high-availability-disaster-recovery-considerations-bastion-environment.md b/MIMDocs/pam/high-availability-disaster-recovery-considerations-bastion-environment.md
index f99de168..0745eb37 100644
--- a/MIMDocs/pam/high-availability-disaster-recovery-considerations-bastion-environment.md
+++ b/MIMDocs/pam/high-availability-disaster-recovery-considerations-bastion-environment.md
@@ -4,11 +4,10 @@
title: PAM disaster recovery | Microsoft Docs
description: Learn how to configure Privileged Access Management for high availability and disaster recovery.
keywords:
-author: billmath
-ms.author: billmath
-manager: amycolannino
-ms.date: 09/14/2023
-ms.topic: article
+author: henrymbuguakiarie
+ms.author: henrymbugua
+ms.date: 04/08/2025
+ms.topic: concept-article
ms.service: microsoft-identity-manager
ms.assetid: 03e521cd-cbf0-49f8-9797-dbc284c63018
@@ -55,37 +54,37 @@ Now let's take a look at each one of these bastion forest functions in turn.
There needs to be a forest trust between the domains of the existing forest and the bastion environment's forest. This is so that users authenticating to the bastion environment can administer resources in the existing forests. Additional configuration may be required, for instance, to permit migration of users from existing domains on earlier versions of Windows Server.
-Trust establishment requires that the existing forest domain controllers be online, as well as the MIM and AD components of the bastion environment. If there is an outage of any of these during trust establishment, the administrator can retry once the outage has been addressed. In case the existing forest domain controllers or bastion environment have been recovered following an outage, MIM also includes PowerShell cmdlets `Test-PAMTrust` and `Test-PAMDomainConfiguration` that can be used to verify that a trust is still in place.
+Trust establishment requires that the existing forest domain controllers be online, as well as the MIM and AD components of the bastion environment. If there is an outage of any of these during trust establishment, the administrator can retry once the outage has been addressed. In case the existing forest domain controllers or bastion environment have been recovered following an outage, MIM also includes PowerShell cmdlets `Test-PAMTrust` and `Test-PAMDomainConfiguration` that can be used to verify that a trust is still in place.
### User and group migration
Once trust has been established, shadow groups can be created in the bastion environment, as well as user accounts for members of those groups and approvers. This enables those users to activate privileged roles and regain effective group memberships.
-User and group migration requires that the existing forest domain controllers be online, as well as the MIM and AD components of the bastion environment. If the existing forest domain controllers are unreachable, then no additional users and groups can be added to the bastion environment, but existing users and groups are unaffected. If an outage of any of the components occurs during the migration, the administrator can retry once the outage has been addressed.
+User and group migration requires that the existing forest domain controllers be online, as well as the MIM and AD components of the bastion environment. If the existing forest domain controllers are unreachable, then no additional users and groups can be added to the bastion environment, but existing users and groups are unaffected. If an outage of any of the components occurs during the migration, the administrator can retry once the outage has been addressed.
### MIM administration
-Once users and groups have been migrated, then an administrator can further configure in MIM the role assignments linking users as candidates for activation into roles. They can also configure the MIM policies for approval.
+Once users and groups have been migrated, then an administrator can further configure in MIM the role assignments linking users as candidates for activation into roles. They can also configure the MIM policies for approval.
MIM administration requires that the MIM and AD components of the bastion environment be online.
### Privileged role activation
-When a user wishes to activate a privileged role, they must authenticate to the bastion environment domain, and submit a request to MIM. MIM includes SOAP and REST APIs, as well as user interfaces in PowerShell and in a web page.
+When a user wishes to activate a privileged role, they must authenticate to the bastion environment domain, and submit a request to MIM. MIM includes SOAP and REST APIs, as well as user interfaces in PowerShell and in a web page.
-Privileged role activation requires that the MIM and AD components of the bastion environment be online. In addition, if MIM had been configured to use [Azure MFA for activation](use-azure-mfa-for-activation.md) of the selected role, then Internet access is required to contact the Azure MFA service.
+Privileged role activation requires that the MIM and AD components of the bastion environment be online.
### Resource Management
Once a user has been successfully activated into the role, the domain controller can generate a Kerberos ticket for them that is usable by domain controllers in the existing domains, and will recognize the user's new temporary group memberships.
-Resource management requires that a domain controller for the resource domain be online, as well as a domain controller in the bastion environment. Once a user is activated, issuing their Kerberos ticket does not require MIM or SQL to be online in the bastion environment. Note that this requires MIM PAM and Windows Server to be using Windows Server 2016 or later as the functional level for the bastion environment, so that AD DS can remove the temporary membership.)
+Resource management requires that a domain controller for the resource domain be online, as well as a domain controller in the bastion environment. Once a user is activated, issuing their Kerberos ticket does not require MIM or SQL to be online in the bastion environment. Note that this requires MIM PAM and Windows Server to be using Windows Server 2016 or later as the functional level for the bastion environment, so that AD DS can remove the temporary membership.)
### Monitoring of users and groups in the existing forest
-MIM also includes a PAM monitoring service, which regularly checks the users and groups in the existing domains, and updates the MIM database and AD accordingly. This service does not need to be online for role activation or during resource management.
+MIM also includes a PAM monitoring service, which regularly checks the users and groups in the existing domains, and updates the MIM database and AD accordingly. This service does not need to be online for role activation or during resource management.
-Monitoring requires that the existing forest domain controllers be online, as well as the MIM and AD components of the bastion environment.
+Monitoring requires that the existing forest domain controllers be online, as well as the MIM and AD components of the bastion environment.
## Deployment options
@@ -93,7 +92,7 @@ The [Environment overview](environment-overview.md) illustrates a basic topology
### Networking
-The network traffic between the computers in the bastion environment should be isolated from the existing networks, such as by using a different physical or virtual network. Depending on the risks to the bastion environment, it may be also necessary to have independent physical interconnects between the computers. Certain failover cluster technologies have additional requirements on network interfaces.
+The network traffic between the computers in the bastion environment should be isolated from the existing networks, such as by using a different physical or virtual network. Depending on the risks to the bastion environment, it may be also necessary to have independent physical interconnects between the computers. Certain failover cluster technologies have additional requirements on network interfaces.
The computers hosting Active Directory Domain Services and those hosting the MIM Services in the bastion environment require bidirectional connectivity to resources in the existing forest for:
@@ -107,12 +106,12 @@ The computers hosting Active Directory Domain Services and those hosting the MIM
An organization can select which functions in their bastion environment require high availability, with the following constraints:
-- High availability for any function provided by the bastion environment requires at least two domain controllers.
+- High availability for any function provided by the bastion environment requires at least two domain controllers.
- High availability for activation requests requires at least two computers hosting the MIM Service and also requires high availability for the SQL Server.
- SQL Server high availability with failover clusters requires at least two servers providing SQL Server, and these cannot be the same as a domain controller.
- MIM Service should not be installed on the domain controller, in order to minimize the attack surface of each server.
-The smallest high availability topology for all functions in a bastion environment comprises at least four servers, and shared storage. Two of the servers must be configured as domain controllers, providing Active Directory Domain Services. The other two servers can be configured as a failover cluster providing SQL Server, and provide the MIM Service.
+The smallest high availability topology for all functions in a bastion environment comprises at least four servers, and shared storage. Two of the servers must be configured as domain controllers, providing Active Directory Domain Services. The other two servers can be configured as a failover cluster providing SQL Server, and provide the MIM Service.
In addition, a typical deployment of the bastion environment would also include a privileged administration workstation for management of these servers, as well as a monitoring component
@@ -120,7 +119,7 @@ The following diagram illustrates one possible architecture:
-Additional servers can be configured for each of these functions, in order to provide higher performance under load conditions, or for geographic redundancy as described below.
+Additional servers can be configured for each of these functions, in order to provide higher performance under load conditions, or for geographic redundancy as described in the following sections.
### Deployments supporting multiple sites
@@ -130,19 +129,19 @@ Choosing the right deployment topology for resources that are deployed across mu
- The hardware capability for hosting the bastion environment
- The administrative work model for each site.
-One of the simplest approaches would be to host the bastion environment at a particular site. Under normal conditions, users would connect to the MIM deployment in that site's bastion environment and request activation, and the activations would have effect across resources at each site. In case the network link is broken or the site hosting the bastion environment is unavailable, offline credentials could be accessed at another site, in order to perform temporary administration until the network is reconnected. This approach might be suitable for situations where local administration of a particular site, such as a branch office, is anticipated to be rare and limited to reconnecting that site to the remainder of an organization's network.
+One of the simplest approaches would be to host the bastion environment at a particular site. Under normal conditions, users would connect to the MIM deployment in that site's bastion environment and request activation, and the activations would have effect across resources at each site. In case the network link is broken or the site hosting the bastion environment is unavailable, offline credentials could be accessed at another site, in order to perform temporary administration until the network is reconnected. This approach might be suitable for situations where local administration of a particular site, such as a branch office, is anticipated to be rare and limited to reconnecting that site to the remainder of an organization's network.
-For high availability and disaster recovery across sites, it is also possible to deploy the components of the bastion environment in each site, sharing a common PRIV directory and common SQL database. In this topology, should the network link be broken, users at each site can continue to operate independently.
+For high availability and disaster recovery across sites, it is also possible to deploy the components of the bastion environment in each site, sharing a common PRIV directory and common SQL database. In this topology, should the network link be broken, users at each site can continue to operate independently.
-One constraint on this deployment approach is that SQL Server requires a cluster that spans both sites, which may be complex to deploy. In that situation, consider as an alternative only replicating the Active Directory (PRIV forest) of the bastion environment. In case there is a network break between sites, users in site B who have previously already activated their privileged roles would be able to continue to operate for administering resources in site B.
+One constraint on this deployment approach is that SQL Server requires a cluster that spans both sites, which may be complex to deploy. In that situation, consider as an alternative only replicating the Active Directory (PRIV forest) of the bastion environment. In case there is a network break between sites, users in site B who have previously already activated their privileged roles would be able to continue to operate for administering resources in site B.
-If each site represents a separate administrative boundary, then it is also possible to deploy multiple independent bastion environments. While each bastion environment would have the same software, the domain names of each would be different, and there would be no commonality between the directories and databases of each bastion environment. A user who wishes to manage resources in a particular site would activate a user account in the bastion environment in that site.
+If each site represents a separate administrative boundary, then it is also possible to deploy multiple independent bastion environments. While each bastion environment would have the same software, the domain names of each would be different, and there would be no commonality between the directories and databases of each bastion environment. A user who wishes to manage resources in a particular site would activate a user account in the bastion environment in that site.
@@ -152,22 +151,22 @@ Finally, more complex deployments are possible, as multiple bastion environments
### Hosted bastion environment
-Some organizations have also considered establishing the bastion environment separate from any of their existing sites. The bastion environment software can be hosted on a virtualization platform either within the organization's networks, or at an external hosting provider. When evaluating this approach, keep in mind that:
+Some organizations have also considered establishing the bastion environment separate from any of their existing sites. The bastion environment software can be hosted on a virtualization platform either within the organization's networks, or at an external hosting provider. When evaluating this approach, keep in mind that:
- In order to protect against attacks originating from the existing domains, administration of the bastion environment must be isolated from the administrative accounts of the existing domain.
-- The bastion environment requires TCP/IP connectivity to the domain controllers in the existing domain. A list of ports can be found at [How to configure a firewall for domains and trusts](https://support.microsoft.com/kb/179442).
+- The bastion environment requires TCP/IP connectivity to the domain controllers in the existing domain. A list of ports can be found at [How to configure a firewall for domains and trusts](https://support.microsoft.com/kb/179442).
- A virtualized deployment of Active Directory Domain Services requires specific features from the virtualization platform, as described in [Virtualized Domain Controller Deployment and Configuration](https://technet.microsoft.com/library/jj574223.aspx).
-- A high availability deployment of SQL Server for MIM Service requires specialized storage configuration, described in the section [SQL Server database storage](#sql-server-database-storage) below. Not all hosting providers may currently offer Windows Server hosting with disk configurations suitable for SQL Server failover clusters.
+- A high availability deployment of SQL Server for MIM Service requires specialized storage configuration, described in the section [SQL Server database storage](#sql-server-database-storage). Not all hosting providers may currently offer Windows Server hosting with disk configurations suitable for SQL Server failover clusters.
## Deployment preparation and recovery procedures
-Preparing for a high availability or disaster recovery-ready deployment of the bastion environment requires consideration for how to install Windows Server Active Directory, SQL Server and its database on shared storage, and the MIM Service and its PAM components.
+Preparing for a high availability or disaster recovery-ready deployment of the bastion environment requires consideration for how to install Windows Server Active Directory, SQL Server, its database on shared storage, and the MIM Service and its PAM components.
### Windows Server
-Windows Server contains a built-in feature for high availability, enabling multiple computers to work together as a failover cluster. The clustered servers are connected by physical cables and by software. If one or more of the cluster nodes fail, other nodes begin to provide service (a process known as failover). More details can be found at the [Failover Clustering overview](https://technet.microsoft.com/library/hh831579.aspx).
+Windows Server contains a built-in feature for high availability, enabling multiple computers to work together as a failover cluster. The clustered servers are connected by physical cables and by software. If one or more of the cluster nodes fail, other nodes begin to provide service (a process known as failover). More details can be found at the [Failover Clustering overview](https://technet.microsoft.com/library/hh831579.aspx).
-Make sure the operating system and applications in the bastion environment receive updates for security issues. Some of these updates may require a server restart, so coordinate the times in which updates are applied across the servers to avoid extended outages. One approach is to use [Cluster-Aware Updating](https://technet.microsoft.com/library/hh831694.aspx) for the servers in a Windows Server failover cluster.
+Make sure the operating system and applications in the bastion environment receive updates for security issues. Some of these updates may require a server restart, so coordinate the times in which updates are applied across the servers to avoid extended outages. One approach is to use [Cluster-Aware Updating](https://technet.microsoft.com/library/hh831694.aspx) for the servers in a Windows Server failover cluster.
The servers in the bastion environment will be joined to a domain, and dependent on the domain services. Make sure that they are not inadvertently configured with a dependency on a particular domain controller for services such as DNS.
@@ -179,7 +178,7 @@ Windows Server Active Directory Domain Services natively includes support for hi
A typical production deployment of privileged access management includes at least two domain controllers in the bastion environment. Instructions for setting up the first domain controller in the bastion environment are included in step 2 of the deployment articles, [Prepare the PRIV domain controller](step-2-prepare-priv-domain-controller.md).
-The procedure for adding an additional domain controller can be found at [Install a Replica Windows Server 2012 Domain Controller in an Existing Domain (Level 200)](https://technet.microsoft.com/library/jj574134.aspx).
+The procedure for adding an additional domain controller can be found at [Install a Replica Windows Server 2012 Domain Controller in an Existing Domain (Level 200)](https://technet.microsoft.com/library/jj574134.aspx).
>[!NOTE]
> If the domain controller is to be hosted on a virtualization platform such as Hyper-V, review the caveats in [Virtualized Domain Controller Deployment and Configuration](https://technet.microsoft.com/library/jj574223.aspx).
@@ -188,7 +187,7 @@ The procedure for adding an additional domain controller can be found at [Instal
After an outage, ensure that at least one domain controller is available in the bastion environment before restarting other servers.
-Within a domain, Active Directory distributes the Flexible Single Master Operation (FSMO) roles across domain controllers, as described in [How Operations Masters Work](https://technet.microsoft.com/library/cc780487.aspx). If a domain controller has failed, it may be necessary to transfer one or more of the [Domain Controller Roles that that domain controller was assigned.
+Within a domain, Active Directory distributes the Flexible Single Master Operation (FSMO) roles across domain controllers, as described in [How Operations Masters Work](https://technet.microsoft.com/library/cc780487.aspx). If a domain controller has failed, it may be necessary to transfer one or more of the [Domain Controller Roles that that domain controller was assigned.
After determining that a domain controller will not be returned to production, be sure to check whether any roles were assigned to that domain controller and reassign them as necessary. Instructions can be found in [View the Current Operations Master Role Holders](https://technet.microsoft.com/library/cc816893.aspx) and its related articles.
@@ -196,46 +195,46 @@ It is also recommended to check DNS settings of computers joined to the bastion
### SQL Server database storage
-A high availability deployment requires SQL Server failover clusters, and SQL Server failover cluster instances reply upon shared storage between all nodes for database and log storage. The shared storage can be in the form of Windows Server Failover Clustering cluster disks, disks on a Storage Area Network (SAN), or file shares on an SMB server. Note that these must be dedicated to the bastion environment; sharing storage with other workloads outside of the bastion environment is not recommended as it could jeopardize the integrity of the bastion environment.
+A high availability deployment requires SQL Server failover clusters, and SQL Server failover cluster instances reply upon shared storage between all nodes for database and log storage. The shared storage can be in the form of Windows Server Failover Clustering cluster disks, disks on a Storage Area Network (SAN), or file shares on an SMB server. Note that these must be dedicated to the bastion environment; sharing storage with other workloads outside of the bastion environment is not recommended as it could jeopardize the integrity of the bastion environment.
### SQL Server
-MIM Service requires a SQL Server deployment in the bastion environment. For High Availability, SQL can be deployed using a failover cluster instance (FCI). Unlike in standalone instances, in FCIs the high availability of SQL Server is protected by the presence of redundant nodes in the FCI. In case of a failure or a planned upgrade, the resource group ownership is moved to another Windows Server Failover Cluster node.
+MIM Service requires a SQL Server deployment in the bastion environment. For High Availability, SQL can be deployed using a failover cluster instance (FCI). Unlike in standalone instances, in FCIs the high availability of SQL Server is protected by the presence of redundant nodes in the FCI. In case of a failure or a planned upgrade, the resource group ownership is moved to another Windows Server Failover Cluster node.
-If you only need support for disaster recovery but not high availability, then log shipping, transaction replication, snapshot replication, or database mirroring can be used instead of failover clustering.
+If you only need support for disaster recovery but not high availability, then log shipping, transaction replication, snapshot replication, or database mirroring can be used instead of failover clustering.
#### Preparation
-When you install the SQL Server in the bastion environment, it must be independent from any SQL Server already present in the CORP forests. Furthermore, it is recommended that the SQL Server be deployed on a dedicated server, distinct from that of the domain controller.
+When you install the SQL Server in the bastion environment, it must be independent from any SQL Server already present in the CORP forests. Furthermore, it is recommended that the SQL Server be deployed on a dedicated server, distinct from that of the domain controller.
More information is documented in the SQL Server guide to [AlwaysOn Failover Cluster Instances](https://msdn.microsoft.com/library/ms189134.aspx).
#### Recovery
-If SQL Server was configured for disaster recovery using log shipping, then action must be taken to update SQL Server during recovery. Furthermore, restarting each MIM Service instance is required.
+If SQL Server was configured for disaster recovery using log shipping, then action must be taken to update SQL Server during recovery. Furthermore, restarting each MIM Service instance is required.
-If SQL Server has failed or connectivity between SQL Server and MIM Service has been lost, then after SQL Server has been restored, it is recommended to restart each MIM Service. This will ensure that MIM Service re-establishes its connection to SQL Server.
+If SQL Server has failed or connectivity between SQL Server and MIM Service has been lost, then after SQL Server has been restored, it is recommended to restart each MIM Service. This will ensure that MIM Service re-establishes its connection to SQL Server.
### MIM Service
-The MIM Service is required to process activation requests. In order that a computer hosting MIM Service can be taken down for maintenance while activation requests are still being received, multiple MIM Service computers can be deployed. Note that MIM Service is not involved in Kerberos operations once a user has been added to a group.
+The MIM Service is required to process activation requests. In order that a computer hosting MIM Service can be taken down for maintenance while activation requests are still being received, multiple MIM Service computers can be deployed. Note that MIM Service is not involved in Kerberos operations once a user has been added to a group.
#### Preparation
It is recommended to deploy the MIM Service on multiple servers joined to the PRIV domain.
For high availability, see the Windows Server documents for [Failover Clustering Hardware Requirements and Storage Options](https://technet.microsoft.com/library/jj612869.aspx) and [Creating a Windows Server 2012 Failover Cluster](https://techcommunity.microsoft.com/t5/failover-clustering/creating-a-windows-server-2012-failover-cluster/ba-p/371763).
-For production deployment across multiple servers, you can use Network Load Balancing (NLB) to distribute the processing load. You should also have a single alias (for instance, A or CNAME records) so that one common name is exposed to the user.
+For production deployment across multiple servers, you can use Network Load Balancing (NLB) to distribute the processing load. You should also have a single alias (for instance, A, or CNAME records) so that one common name is exposed to the user.
>[!IMPORTANT]
> If you use a load-balancing technology other than the NLB feature in Windows Server 2012 R2 or later, make sure your solution will redirect one session to the same server and not to a random server.
-In a multi-server MIM deployment, each MIM Service has an external host name, a service name, and a service partition name. The default value of the service name is the computer's name, and the default value of the external hostname and service partition name are configured during MIM Service installation on the screen that asks for the MIM Service Server address. These three names are stored in file %ProgramFiles%\Microsoft Forefront Identity Manager\Service\Microsoft.ResourceManagementService.exe.config file as attributes `externalHostName`, `serviceName` and `servicePartitionName` of the `resourceManagementService` configuration node.
+In a multi-server MIM deployment, each MIM Service has an external host name, a service name, and a service partition name. The default value of the service name is the computer's name, and the default value of the external hostname and service partition name are configured during MIM Service installation on the screen that asks for the MIM Service Server address. These three names are stored in file %ProgramFiles%\Microsoft Forefront Identity Manager\Service\Microsoft.ResourceManagementService.exe.config file as attributes `externalHostName`, `serviceName`, and `servicePartitionName` of the `resourceManagementService` configuration node.
-When a MIM Service receives a request, the service partition name is stored as an attribute on that request. Subsequently, only other MIM Service installations that have the same service partition name are permitted to interact with that request. As a result, if the PAM scenario includes manual approvals or other long-lived request processing, ensure that each MIM Service has the same `servicePartitionName` attribute in that configuration file.
+When a MIM Service receives a request, the service partition name is stored as an attribute on that request. Subsequently, only other MIM Service installations that have the same service partition name are permitted to interact with that request. As a result, if the PAM scenario includes manual approvals or other long-lived request processing, ensure that each MIM Service has the same `servicePartitionName` attribute in that configuration file.
#### Recovery
-After an outage, ensure that at least one Active Directory domain controller and SQL Server are available in the bastion environment prior to restarting MIM Service.
+After an outage, ensure that at least one Active Directory domain controller and SQL Server are available in the bastion environment prior to restarting MIM Service.
-A workflow instance can only be completed by a MIM Service server that has the same service partition name and service name as the MIM Service server which started it. If a particular computer fails while hosting a MIM Service that was processing requests, and that computer will not be returned to service, then it will be necessary to install MIM Service on a new computer. On the new MIM Service after installation, edit the *resourcemanagementservice.exe.config* file and set the `serviceName` and `servicePartitionName` attributes of the new MIM deployment to be the same as the host name and service partition name of the computer which failed.
+A workflow instance can only be completed by a MIM Service server that has the same service partition name and service name as the MIM Service server which started it. If a particular computer fails while hosting a MIM Service that was processing requests, and that computer will not be returned to service, then it will be necessary to install MIM Service on a new computer. On the new MIM Service after installation, edit the *resourcemanagementservice.exe.config* file and set the `serviceName` and `servicePartitionName` attributes of the new MIM deployment to be the same as the host name and service partition name of the computer which failed.
### MIM PAM components
@@ -243,10 +242,10 @@ The MIM Service and Portal installer also incorporates additional PAM components
#### Preparation
-The Privileged Access Management components should be installed on each computer in the bastion environment where MIM Service is being installed. They cannot be added subsequently.
+The Privileged Access Management components should be installed on each computer in the bastion environment where MIM Service is being installed. They cannot be added subsequently.
#### Recovery
-After recovery from an outage, ensure that the MIM Service is running on at least one server. Then ensure that the MIM PAM monitoring service is also running on that server, using `net start "PAM Monitoring service"`.
+After recovery from an outage, ensure that the MIM Service is running on at least one server. Then ensure that the MIM PAM monitoring service is also running on that server, using `net start "PAM Monitoring service"`.
If the bastion environment forest functional level was not at Windows Server 2012 R2, ensure that the MIM PAM component service is also running on that server, using the command `net start "PAM Component service"`.
diff --git a/MIMDocs/pam/media/PAM-Azure-MFA-Activation-Image-2.png b/MIMDocs/pam/media/PAM-Azure-MFA-Activation-Image-2.png
deleted file mode 100644
index 5ead5da2..00000000
Binary files a/MIMDocs/pam/media/PAM-Azure-MFA-Activation-Image-2.png and /dev/null differ
diff --git a/MIMDocs/pam/planning-bastion-environment.md b/MIMDocs/pam/planning-bastion-environment.md
index 405b7562..c96af54e 100644
--- a/MIMDocs/pam/planning-bastion-environment.md
+++ b/MIMDocs/pam/planning-bastion-environment.md
@@ -4,11 +4,10 @@
title: Planning a bastion environment | Microsoft Docs
description: Planning and setting up a bastion environment with a dedicated administrative forest.
keywords:
-author: billmath
-ms.author: billmath
-manager: amycolannino
-ms.date: 09/14/2023
-ms.topic: article
+author: henrymbuguakiarie
+ms.author: henrymbugua
+ms.date: 04/08/2025
+ms.topic: concept-article
ms.service: microsoft-identity-manager
ms.assetid: bfc7cb64-60c7-4e35-b36a-bbe73b99444b
diff --git a/MIMDocs/pam/principles-of-operation.md b/MIMDocs/pam/principles-of-operation.md
index e0d92fb5..19a8cbd5 100644
--- a/MIMDocs/pam/principles-of-operation.md
+++ b/MIMDocs/pam/principles-of-operation.md
@@ -4,11 +4,10 @@
title: Understand the PAM components | Microsoft Docs
description: Privileged Access Management shares some components with MIM, and has a few of its own. Learn how these work together.
keywords:
-author: billmath
-ms.author: billmath
-manager: amycolannino
-ms.date: 09/14/2023
-ms.topic: article
+author: henrymbuguakiarie
+ms.author: henrymbugua
+ms.date: 04/08/2025
+ms.topic: concept-article
ms.service: microsoft-identity-manager
ms.assetid: 6498f68f-36d3-448c-8fe6-649ad5a7f97d
diff --git a/MIMDocs/pam/privileged-identity-management-for-active-directory-domain-services.experimental.md b/MIMDocs/pam/privileged-identity-management-for-active-directory-domain-services.experimental.md
index e104cc55..b077a6d0 100644
--- a/MIMDocs/pam/privileged-identity-management-for-active-directory-domain-services.experimental.md
+++ b/MIMDocs/pam/privileged-identity-management-for-active-directory-domain-services.experimental.md
@@ -4,11 +4,10 @@
title: What is PAM for ADDS?
description: Privileged Access Management (PAM) helps organizations restrict privileged access within an existing Active Directory environment.
keywords:
-author: billmath
-ms.author: billmath
-manager: amycolannino
-ms.date: 09/14/2023
-ms.topic: article
+author: henrymbuguakiarie
+ms.author: henrymbugua
+ms.date: 04/08/2025
+ms.topic: concept-article
ms.service: microsoft-identity-manager
ms.assetid: cf3796f7-bc68-4cf7-b887-c5b14e855297
diff --git a/MIMDocs/pam/privileged-identity-management-for-active-directory-domain-services.md b/MIMDocs/pam/privileged-identity-management-for-active-directory-domain-services.md
index bcf933b1..7168360d 100644
--- a/MIMDocs/pam/privileged-identity-management-for-active-directory-domain-services.md
+++ b/MIMDocs/pam/privileged-identity-management-for-active-directory-domain-services.md
@@ -4,11 +4,10 @@
title: Privileged Access Management for Active Directory Domain Services
description: Learn about Privileged Access Management, and how it can help you manage and protect your Active Directory environment.
keywords:
-author: billmath
-ms.author: billmath
-manager: amycolannino
-ms.date: 09/14/2023
-ms.topic: article
+author: henrymbuguakiarie
+ms.author: henrymbugua
+ms.date: 04/08/2025
+ms.topic: concept-article
ms.service: microsoft-identity-manager
ms.assetid: cf3796f7-bc68-4cf7-b887-c5b14e855297
diff --git a/MIMDocs/pam/raise-bastion-functional-level.md b/MIMDocs/pam/raise-bastion-functional-level.md
index 2b2492b5..93eca2a4 100644
--- a/MIMDocs/pam/raise-bastion-functional-level.md
+++ b/MIMDocs/pam/raise-bastion-functional-level.md
@@ -3,11 +3,10 @@
title: Raise the bastion forest functional level for Identity Manager to use Active Directory PAM features| Microsoft Docs
description: Raise a privileged access management deployment that started with Windows Server 2012 R2 functional level to the Windows Server 2016 functional level.
-author: billmath
-ms.author: billmath
-manager: amycolannino
-ms.date: 09/14/2023
-ms.topic: article
+author: henrymbuguakiarie
+ms.author: henrymbugua
+ms.date: 04/08/2025
+ms.topic: how-to
ms.service: microsoft-identity-manager
---
diff --git a/MIMDocs/pam/sp1-pam-configure-using-scripts.md b/MIMDocs/pam/sp1-pam-configure-using-scripts.md
index cb042a69..a40e90ad 100644
--- a/MIMDocs/pam/sp1-pam-configure-using-scripts.md
+++ b/MIMDocs/pam/sp1-pam-configure-using-scripts.md
@@ -4,11 +4,10 @@
title: Configure PAM using Scripts
description: This article is part of the series for configuring PAM using scripts. It covers the modification of the XML file that will be used by the PAM deployment scripts.
keywords:
-author: billmath
-ms.author: billmath
-manager: amycolannino
-ms.date: 09/14/2023
-ms.topic: article
+author: henrymbuguakiarie
+ms.author: henrymbugua
+ms.date: 04/08/2025
+ms.topic: how-to
ms.service: microsoft-identity-manager
ms.assetid: 4b524ae7-6610-40a0-8127-de5a08988a8a
diff --git a/MIMDocs/pam/sp1-pam-deployment-addendum.md b/MIMDocs/pam/sp1-pam-deployment-addendum.md
index e66f5604..2020a0b1 100644
--- a/MIMDocs/pam/sp1-pam-deployment-addendum.md
+++ b/MIMDocs/pam/sp1-pam-deployment-addendum.md
@@ -2,11 +2,10 @@
title: Addendum
description: This is the Addendum to the documents covering the scripted deployment of PAM. It covers configuring the PRIV and CORP domains as well as a setting up a client to do the validation and information for how to request assistance.
keywords:
-author: billmath
-ms.author: billmath
-manager: amycolannino
-ms.date: 09/14/2023
-ms.topic: article
+author: henrymbuguakiarie
+ms.author: henrymbugua
+ms.date: 04/08/2025
+ms.topic: how-to
ms.service: microsoft-identity-manager
ms.assetid: 4b524ae7-6610-40a0-8127-de5a08988a8a
diff --git a/MIMDocs/pam/sp1-step1-configuring-priv-domain.md b/MIMDocs/pam/sp1-step1-configuring-priv-domain.md
index e1efe152..86e132c2 100644
--- a/MIMDocs/pam/sp1-step1-configuring-priv-domain.md
+++ b/MIMDocs/pam/sp1-step1-configuring-priv-domain.md
@@ -4,11 +4,10 @@
title: Step 1 Configuring the PRIV domain
description: Prepare the PRIV domain with existing or new identities to be managed by Microsoft Identity Manager using scripts
keywords:
-author: billmath
-ms.author: billmath
-manager: amycolannino
-ms.date: 09/14/2023
-ms.topic: article
+author: henrymbuguakiarie
+ms.author: henrymbugua
+ms.date: 04/08/2025
+ms.topic: how-to
ms.service: microsoft-identity-manager
ms.assetid: 4b524ae7-6610-40a0-8127-de5a08988a8a
diff --git a/MIMDocs/pam/sp1-step2-configuring-corp-domain.md b/MIMDocs/pam/sp1-step2-configuring-corp-domain.md
index ad7676ea..6a057c05 100644
--- a/MIMDocs/pam/sp1-step2-configuring-corp-domain.md
+++ b/MIMDocs/pam/sp1-step2-configuring-corp-domain.md
@@ -4,11 +4,10 @@
title: Step 2 Configuring the CORP domain
description: This article describes the second step required to configure the corp domain which involves running a script after sids.txt is copied to the CORPDC
keywords:
-author: billmath
-ms.author: billmath
-manager: amycolannino
-ms.date: 09/14/2023
-ms.topic: article
+author: henrymbuguakiarie
+ms.author: henrymbugua
+ms.date: 04/08/2025
+ms.topic: how-to
ms.service: microsoft-identity-manager
ms.assetid: 4b524ae7-6610-40a0-8127-de5a08988a8a
diff --git a/MIMDocs/pam/sp1-step3-installing-configuring-sql.md b/MIMDocs/pam/sp1-step3-installing-configuring-sql.md
index 3a17fe98..13ccf33f 100644
--- a/MIMDocs/pam/sp1-step3-installing-configuring-sql.md
+++ b/MIMDocs/pam/sp1-step3-installing-configuring-sql.md
@@ -4,11 +4,10 @@
title: Step 3 Configuring SQL
description: This article is step 3 of the series of articles covering how to configure Microsoft Identity Manager using scripts and it discusses the SQL server configuration steps.
keywords:
-author: billmath
-ms.author: billmath
-manager: amycolannino
-ms.date: 09/14/2023
-ms.topic: article
+author: henrymbuguakiarie
+ms.author: henrymbugua
+ms.date: 04/08/2025
+ms.topic: how-to
ms.service: microsoft-identity-manager
ms.assetid: 4b524ae7-6610-40a0-8127-de5a08988a8a
diff --git a/MIMDocs/pam/sp1-step4-configuring-sharepoint.md b/MIMDocs/pam/sp1-step4-configuring-sharepoint.md
index 31321572..6c6c23fd 100644
--- a/MIMDocs/pam/sp1-step4-configuring-sharepoint.md
+++ b/MIMDocs/pam/sp1-step4-configuring-sharepoint.md
@@ -2,11 +2,10 @@
title: Step 4 Configuring SharePoint
description: This is step 4 of configuring PAM with scripts. In this step you configure SharePoint so that it can be used as part of your PAM deployment.
keywords:
-author: billmath
-ms.author: billmath
-manager: amycolannino
-ms.date: 09/14/2023
-ms.topic: article
+author: henrymbuguakiarie
+ms.author: henrymbugua
+ms.date: 04/08/2025
+ms.topic: how-to
ms.service: microsoft-identity-manager
ms.assetid: 4b524ae7-6610-40a0-8127-de5a08988a8a
diff --git a/MIMDocs/pam/sp1-step5-configuring-pam.md b/MIMDocs/pam/sp1-step5-configuring-pam.md
index c8ee04e4..fb4d6dcf 100644
--- a/MIMDocs/pam/sp1-step5-configuring-pam.md
+++ b/MIMDocs/pam/sp1-step5-configuring-pam.md
@@ -2,11 +2,10 @@
title: Step 5 Installing/Configuring PAM
description: This is step 5 of configuring Microsoft Identity Manager using scripts and it covers the deployment steps on the PAM server.
keywords:
-author: billmath
-ms.author: billmath
-manager: amycolannino
-ms.date: 09/14/2023
-ms.topic: article
+author: henrymbuguakiarie
+ms.author: henrymbugua
+ms.date: 04/08/2025
+ms.topic: how-to
ms.service: microsoft-identity-manager
ms.assetid: 4b524ae7-6610-40a0-8127-de5a08988a8a
diff --git a/MIMDocs/pam/sp1-step6-setup-pam-trust.md b/MIMDocs/pam/sp1-step6-setup-pam-trust.md
index a973d7d9..d0a16b6a 100644
--- a/MIMDocs/pam/sp1-step6-setup-pam-trust.md
+++ b/MIMDocs/pam/sp1-step6-setup-pam-trust.md
@@ -2,11 +2,10 @@
title: Step 6 Setup the PAM trust
description: Step 6 of configuring PAM using scripts. This section covers setting up the necessary trust between the corp and priv domains
keywords:
-author: billmath
-ms.author: billmath
-manager: amycolannino
-ms.date: 09/14/2023
-ms.topic: article
+author: henrymbuguakiarie
+ms.author: henrymbugua
+ms.date: 04/08/2025
+ms.topic: how-to
ms.service: microsoft-identity-manager
ms.assetid: 4b524ae7-6610-40a0-8127-de5a08988a8a
diff --git a/MIMDocs/pam/sp1-step7-setup-sidhistory-sidfiltering.md b/MIMDocs/pam/sp1-step7-setup-sidhistory-sidfiltering.md
index 6ae1bcc0..e887eb07 100644
--- a/MIMDocs/pam/sp1-step7-setup-sidhistory-sidfiltering.md
+++ b/MIMDocs/pam/sp1-step7-setup-sidhistory-sidfiltering.md
@@ -2,11 +2,10 @@
title: Step 7 Setup SID history/SID filtering
description: Step 7 of configuring Microsoft Identity Manager using scripts. This step covers setting up SID history/SID filtering.
keywords:
-author: billmath
-ms.author: billmath
-manager: amycolannino
-ms.date: 09/14/2023
-ms.topic: article
+author: henrymbuguakiarie
+ms.author: henrymbugua
+ms.date: 04/08/2025
+ms.topic: how-to
ms.service: microsoft-identity-manager
ms.assetid: 4b524ae7-6610-40a0-8127-de5a08988a8a
diff --git a/MIMDocs/pam/sp1-step8-pam-deployment-verification.md b/MIMDocs/pam/sp1-step8-pam-deployment-verification.md
index a61aa187..cac19b9a 100644
--- a/MIMDocs/pam/sp1-step8-pam-deployment-verification.md
+++ b/MIMDocs/pam/sp1-step8-pam-deployment-verification.md
@@ -2,11 +2,10 @@
title: Step 8 PAM deployment verification
description: The scripted deployment of PAM includes verification scripts that can execute a PAM scenario to validate the PAM deployment is working as expected.
keywords:
-author: billmath
-ms.author: billmath
-manager: amycolannino
-ms.date: 09/14/2023
-ms.topic: article
+author: henrymbuguakiarie
+ms.author: henrymbugua
+ms.date: 04/08/2025
+ms.topic: how-to
ms.service: microsoft-identity-manager
ms.assetid: 4b524ae7-6610-40a0-8127-de5a08988a8a
diff --git a/MIMDocs/pam/step-1-prepare-corp-domain.md b/MIMDocs/pam/step-1-prepare-corp-domain.md
index 65b7ca27..ed31623e 100644
--- a/MIMDocs/pam/step-1-prepare-corp-domain.md
+++ b/MIMDocs/pam/step-1-prepare-corp-domain.md
@@ -4,11 +4,10 @@
title: Deploy PAM Step 1 - CORP domain | Microsoft Docs
description: Prepare the CORP domain with existing or new identities to be managed by Microsoft Identity Manager
keywords:
-author: billmath
-ms.author: billmath
-manager: amycolannino
-ms.date: 09/14/2023
-ms.topic: article
+author: henrymbuguakiarie
+ms.author: henrymbugua
+ms.date: 04/08/2025
+ms.topic: how-to
ms.service: microsoft-identity-manager
ms.assetid: 4b524ae7-6610-40a0-8127-de5a08988a8a
diff --git a/MIMDocs/pam/step-2-prepare-priv-domain-controller.md b/MIMDocs/pam/step-2-prepare-priv-domain-controller.md
index d33c81bb..ffde73dc 100644
--- a/MIMDocs/pam/step-2-prepare-priv-domain-controller.md
+++ b/MIMDocs/pam/step-2-prepare-priv-domain-controller.md
@@ -4,11 +4,10 @@
title: Deploy PAM step 2 - PRIV DC | Microsoft Docs
description: Prepare the PRIV domain controller, which will provide the bastion environment where Privileged Access Management is isolated.
keywords:
-author: billmath
-ms.author: billmath
-manager: amycolannino
-ms.date: 09/14/2023
-ms.topic: article
+author: henrymbuguakiarie
+ms.author: henrymbugua
+ms.date: 04/08/2025
+ms.topic: how-to
ms.service: microsoft-identity-manager
ms.assetid: 0e9993a0-b8ae-40e2-8228-040256adb7e2
diff --git a/MIMDocs/pam/step-3-prepare-pam-server.md b/MIMDocs/pam/step-3-prepare-pam-server.md
index 879b993d..09eeac63 100644
--- a/MIMDocs/pam/step-3-prepare-pam-server.md
+++ b/MIMDocs/pam/step-3-prepare-pam-server.md
@@ -4,11 +4,10 @@
title: Deploy PAM step 3 – PAM server | Microsoft Docs
description: Prepare a PAM server that will host both SQL and SharePoint for your Privileged Access Management deployment.
keywords:
-author: billmath
-ms.author: billmath
-manager: amycolannino
-ms.date: 09/14/2023
-ms.topic: article
+author: henrymbuguakiarie
+ms.author: henrymbugua
+ms.date: 04/08/2025
+ms.topic: how-to
ms.service: microsoft-identity-manager
ms.assetid: 68ec2145-6faa-485e-b79f-2b0c4ce9eff7
diff --git a/MIMDocs/pam/step-4-install-mim-components-on-pam-server.md b/MIMDocs/pam/step-4-install-mim-components-on-pam-server.md
index 4b2f89fd..f3c6fb93 100644
--- a/MIMDocs/pam/step-4-install-mim-components-on-pam-server.md
+++ b/MIMDocs/pam/step-4-install-mim-components-on-pam-server.md
@@ -4,11 +4,10 @@
title: Deploy PAM step 4 – Install MIM | Microsoft Docs
description: Install and configure MIM Service and Portal on your Privileged Access Management server and workstations.
keywords:
-author: billmath
-ms.author: billmath
-manager: amycolannino
-ms.date: 09/14/2023
-ms.topic: article
+author: henrymbuguakiarie
+ms.author: henrymbugua
+ms.date: 04/08/2025
+ms.topic: how-to
ms.service: microsoft-identity-manager
ms.assetid: ef605496-7ed7-40f4-9475-5e4db4857b4f
@@ -20,6 +19,7 @@ ROBOTS: noindex,nofollow
#ms.devlang:
ms.reviewer: mwahl
ms.suite: ems
+ms.custom: sfi-image-nochange
#ms.tgt_pltfrm:
#ms.custom:
diff --git a/MIMDocs/pam/step-5-establish-trust-between-priv-corp-forests.md b/MIMDocs/pam/step-5-establish-trust-between-priv-corp-forests.md
index ea9b0417..a9e9737b 100644
--- a/MIMDocs/pam/step-5-establish-trust-between-priv-corp-forests.md
+++ b/MIMDocs/pam/step-5-establish-trust-between-priv-corp-forests.md
@@ -4,11 +4,10 @@
title: Deploy PAM step 5 – Forest link | Microsoft Docs
description: Establish trust between the PRIV and CORP forests so that privileged users in PRIV can still access resources in CORP.
keywords:
-author: billmath
-ms.author: billmath
-manager: amycolannino
-ms.date: 09/14/2023
-ms.topic: article
+author: henrymbuguakiarie
+ms.author: henrymbugua
+ms.date: 04/08/2025
+ms.topic: how-to
ms.service: microsoft-identity-manager
ms.assetid: eef248c4-b3b6-4b28-9dd0-ae2f0b552425
diff --git a/MIMDocs/pam/step-6-transition-group-to-pam.md b/MIMDocs/pam/step-6-transition-group-to-pam.md
index 0671d0f2..35804b8e 100644
--- a/MIMDocs/pam/step-6-transition-group-to-pam.md
+++ b/MIMDocs/pam/step-6-transition-group-to-pam.md
@@ -4,11 +4,10 @@
title: Deploy PAM step 6 – Move group | Microsoft Docs
description: Migrate a group to the PRIV forest so that they can be managed with Privilege Access Management.
keywords:
-author: billmath
-ms.author: billmath
-manager: amycolannino
-ms.date: 09/14/2023
-ms.topic: article
+author: henrymbuguakiarie
+ms.author: henrymbugua
+ms.date: 04/08/2025
+ms.topic: how-to
ms.service: microsoft-identity-manager
ms.assetid: 7b689eff-3a10-4f51-97b2-cb1b4827b63c
diff --git a/MIMDocs/pam/step-7-elevate-user-access.md b/MIMDocs/pam/step-7-elevate-user-access.md
index 9ea90850..7c54d3c0 100644
--- a/MIMDocs/pam/step-7-elevate-user-access.md
+++ b/MIMDocs/pam/step-7-elevate-user-access.md
@@ -3,11 +3,10 @@
title: Deploy PAM step 7 – user access | Microsoft Docs
description: As the final step, grant a privileged user access to demonstrate that your Privileged Access Management deployment was successful.
-author: billmath
-ms.author: billmath
-manager: amycolannino
-ms.date: 09/14/2023
-ms.topic: article
+author: henrymbuguakiarie
+ms.author: henrymbugua
+ms.date: 04/08/2025
+ms.topic: how-to
ms.service: microsoft-identity-manager
ms.assetid: 5325fce2-ae35-45b0-9c1a-ad8b592fcd07
diff --git a/MIMDocs/pam/tier-model-for-partitioning-administrative-privileges.md b/MIMDocs/pam/tier-model-for-partitioning-administrative-privileges.md
index a02036f5..95c13b91 100644
--- a/MIMDocs/pam/tier-model-for-partitioning-administrative-privileges.md
+++ b/MIMDocs/pam/tier-model-for-partitioning-administrative-privileges.md
@@ -4,11 +4,10 @@
title: PAM environment tier model | Microsoft Docs
description: Learn about the tier model that segregates your system based on vulnerability to risk.
keywords:
-author: billmath
-ms.author: billmath
-manager: amycolannino
-ms.date: 09/14/2023
-ms.topic: article
+author: henrymbuguakiarie
+ms.author: henrymbugua
+ms.date: 04/08/2025
+ms.topic: concept-article
ms.service: microsoft-identity-manager
ms.assetid: c6e3cd02-1e32-4194-a8ed-3a0b3d022a43
diff --git a/MIMDocs/pam/use-azure-mfa-for-activation.md b/MIMDocs/pam/use-azure-mfa-for-activation.md
index e0925560..aca090de 100644
--- a/MIMDocs/pam/use-azure-mfa-for-activation.md
+++ b/MIMDocs/pam/use-azure-mfa-for-activation.md
@@ -1,19 +1,20 @@
---
-title: Use Microsoft Entra multifactor authentication to activate PAM
-description: Set up Microsoft Entra multifactor authentication as a second layer of security when your users activate roles in Privileged Access Management.
+title: Use custom multifactor authentication to activate PAM
+description: Set up custom multifactor authentication as a second layer of security when your users activate roles in Privileged Access Management.
keywords:
-author: billmath
-ms.author: billmath
+author: henrymbuguakiarie
+ms.author: henrymbugua
ms.reviewer: fimguy
-manager: amycolannino
-ms.date: 09/14/2023
-ms.topic: article
+
+ms.date: 04/08/2025
+ms.topic: how-to
ms.service: microsoft-identity-manager
ms.assetid: 5134a112-f73f-41d0-a5a5-a89f285e1f73
+ms.custom: sfi-image-nochange
---
-# Using Microsoft Entra multifactor authentication for activation in MIM PAM
+# Using custom multifactor authentication for activation in MIM PAM
> [!IMPORTANT]
> In September 2022, Microsoft announced deprecation of Azure Multi-Factor Authentication Server. Beginning September 30, 2024, Azure Multi-Factor Authentication Server deployments no longer service multifactor authentication (MFA) requests. Customers of Azure Multi-Factor Authentication Server must move to instead use either custom MFA providers or Windows Hello or smartcard-based authentication in AD.
@@ -21,68 +22,23 @@ ms.assetid: 5134a112-f73f-41d0-a5a5-a89f285e1f73
When configuring a PAM role, you can choose how to authorize users that request to activate the role. The choices that the PAM authorization activity implements are:
- Role owner approval
-- [Microsoft Entra multifactor authentication](/azure/multi-factor-authentication/multi-factor-authentication)
+- [custom multifactor authentication](../working-with-custommfaserver-for-mim.md)
If neither check is enabled, candidate users are automatically activated for their role.
-Microsoft Entra multifactor authentication is an authentication service that requires users to verify their sign-in attempts by using a mobile app, phone call, or text message.
-
> [!NOTE]
-> The PAM approach with a bastion environment provided by MIM is intended to be used in a custom architecture for isolated environments where Internet access is not available, where this configuration is required by regulation, or in high impact isolated environments like offline research laboratories and disconnected operational technology or supervisory control and data acquisition environments. As Microsoft Entra multifactor authentication is an Internet service, this guidance is provided solely for existing MIM PAM customers or those in environments where this configuration is required by regulation. If your Active Directory is part of an Internet-connected environment, see [securing privileged access](/security/compass/overview) on where to start.
+> The PAM approach with a bastion environment provided by MIM is intended to be used in a custom architecture for isolated environments where Internet access is not available, where this configuration is required by regulation, or in high impact isolated environments like offline research laboratories and disconnected operational technology or supervisory control and data acquisition environments. If your Active Directory is part of an Internet-connected environment, see [securing privileged access](/security/compass/overview) on where to start.
## Prerequisites
-In order to use Microsoft Entra multifactor authentication with MIM PAM, you need:
+In order to use custom multifactor authentication with MIM PAM, you need:
-- Internet access from each MIM Service providing PAM, to contact the Microsoft Entra multifactor authentication Service
-- An Azure subscription
-- Azure Multi-Factor Authentication Server from before July 1, 2019
-- Microsoft Entra ID P1 or P2 licenses for candidate users
+- MIM configured for [custom multifactor authentication](../working-with-custommfaserver-for-mim.md)
- Phone numbers for all candidate users
-
-
-## Downloading the Microsoft Entra multifactor authentication Service Credentials
-
-See [Using Azure Multi-Factor Authentication Server in PAM or SSPR](../working-with-mfaserver-for-mim.md) For information on using Azure Multi-Factor Authentication Server.
-
-
-
-
-## Configuring the MIM Service for Microsoft Entra multifactor authentication
-
-1. On the computer where the MIM Service is installed, sign in as an administrator or as the user who installed MIM.
-
-2. Create a new directory folder under the directory where the MIM Service was installed, such as ```C:\Program Files\Microsoft Forefront Identity Manager\2010\Service\MfaCerts```.
-
-3. Using Windows Explorer, navigate into the ```pf\certs``` folder of the ZIP file downloaded in the previous section. Copy the file ```cert\_key.p12``` to the new directory.
-
-4. Using Windows Explorer, navigate into the ```pf``` folder of the ZIP, and open the file ```pf\_auth.cs``` in a text editor like Notepad.
-
-5. Find these three parameters: ```LICENSE\_KEY```, ```GROUP\_KEY```, ```CERT\_PASSWORD```.
+## Configure PAM users for custom multifactor authentication
-
-
-6. Using Notepad, open **MfaSettings.xml** located in ```C:\Program Files\Microsoft Forefront Identity Manager\2010\Service```.
-
-7. Copy the values from the LICENSE\_KEY, GROUP\_KEY, and CERT\_PASSWORD parameters in the pf\_auth.cs file into their respective xml elements in the MfaSettings.xml file.
-
-8. In the **\** XML element, specify the full path name of the cert\_key.p12 file extracted earlier.
-
-9. In the **\** element, enter any username.
-
-10. In the **\** element, enter the country code for dialing your users, such as 1 for the United States and Canada. This value is used in case users are registered with telephone numbers that do not have a country code. If a user’s phone number has an international country code distinct from that configured for the organization, then that country code must be included in the phone number that will be registered.
-
-11. Save and overwrite the **MfaSettings.xml** file in the MIM Service folder ```C:\Program Files\Microsoft Forefront Identity Manager\2010\\Service```.
-
-> [!NOTE]
-> At the end of the process, ensure that the file **MfaSettings.xml**, or any copies of it or the ZIP file are not publically readable.
-
-
-
-## Configure PAM users for Microsoft Entra multifactor authentication
-
-For a user to activate a role that requires Microsoft Entra multifactor authentication, the user's telephone number must be stored in MIM. There are two ways this attribute is set.
+For a user to activate a role that requires custom multifactor authentication, the user's telephone number must be stored in MIM. There are two ways this attribute is set.
First, the `New-PAMUser` command copies a phone number attribute from the user's directory entry in CORP domain, to the MIM Service database. Note that this is a one-time operation.
@@ -94,15 +50,15 @@ Set-PAMUser (Get-PAMUser -SourceDisplayName Jen) -SourcePhoneNumber 12135551212
-## Configure PAM roles for Microsoft Entra multifactor authentication
+## Configure PAM roles for multifactor authentication
-Once all of the candidate users for a PAM role have their telephone numbers stored in the MIM Service database, the role can be configured to require Microsoft Entra multifactor authentication. This is done using the `New-PAMRole` or `Set-PAMRole` commands. For example,
+Once all of the candidate users for a PAM role have their telephone numbers stored in the MIM Service database, the role can be configured to require custom multifactor authentication. This is done using the `New-PAMRole` or `Set-PAMRole` commands. For example,
```PowerShell
Set-PAMRole (Get-PAMRole -DisplayName "R") -MFAEnabled 1
```
-Microsoft Entra multifactor authentication can be disabled for a role by specifying the parameter "-MFAEnabled 0" in the `Set-PAMRole` command.
+Multifactor authentication can be disabled for a role by specifying the parameter "-MFAEnabled 0" in the `Set-PAMRole` command.
## Troubleshooting
@@ -110,10 +66,7 @@ The following events can be found in the Privileged Access Management event log:
| ID | Severity | Generated by | Description |
|-----|----------|--------------|-------------|
-| 101 | Error | MIM Service | User did not complete Microsoft Entra multifactor authentication (e.g., did not answer the phone) |
-| 103 | Information | MIM Service | User completed Microsoft Entra multifactor authentication during activation |
+| 101 | Error | MIM Service | User did not complete custom multifactor authentication (e.g., did not answer the phone) |
+| 103 | Information | MIM Service | User completed custom multifactor authentication during activation |
| 825 | Warning | PAM Monitoring Service | Telephone number has been changed |
-## Next Steps
-
-- [What is Microsoft Entra multifactor authentication?](/azure/multi-factor-authentication/multi-factor-authentication)
diff --git a/MIMDocs/prepare-server-exchange.md b/MIMDocs/prepare-server-exchange.md
index 5019c499..ecfe572e 100644
--- a/MIMDocs/prepare-server-exchange.md
+++ b/MIMDocs/prepare-server-exchange.md
@@ -4,11 +4,10 @@
title: Configure Exchange for MIM to email and create mailboxes | Microsoft Docs
description: As an optional step, deploy Exchange Server to enable MIM 2016 to send mail and create mailboxes.
keywords:
-author: billmath
-ms.author: billmath
-manager: amycolannino
-ms.date: 09/14/2023
-ms.topic: conceptual
+author: henrymbuguakiarie
+ms.author: henrymbugua
+ms.date: 04/08/2025
+ms.topic: concept-article
ms.service: microsoft-identity-manager
ms.assetid: 34a8c16e-3bed-4e16-939b-b9fe17dd834b
diff --git a/MIMDocs/prepare-server-sharepoint.md b/MIMDocs/prepare-server-sharepoint.md
index e18e3b43..d99b378e 100644
--- a/MIMDocs/prepare-server-sharepoint.md
+++ b/MIMDocs/prepare-server-sharepoint.md
@@ -4,11 +4,11 @@
title: Configure SharePoint for Microsoft Identity Manager 2016 | Microsoft Docs
description: Install and configure SharePoint Foundation so that it can host the MIM Portal page.
keywords:
-author: EugeneSergeev
-ms.author: esergeev
+author: henrymbuguakiarie
+ms.author: henrymbugua
manager: benyim
ms.date: 10/23/2023
-ms.topic: conceptual
+ms.topic: how-to
ms.service: microsoft-identity-manager
ms.assetid: c01487f2-3de6-4fc4-8c3a-7d62f7c2496c
diff --git a/MIMDocs/prepare-server-sql2016.md b/MIMDocs/prepare-server-sql2016.md
index 9133c4f0..ed4766fc 100644
--- a/MIMDocs/prepare-server-sql2016.md
+++ b/MIMDocs/prepare-server-sql2016.md
@@ -4,11 +4,10 @@
title: Configure SQL Server for Microsoft Identity Manager 2016 SP2 | Microsoft Docs
description: Install SQL Server 2016 or 2017 in preparation for your MIM 2016 installation.
keywords:
-author: billmath
-ms.author: billmath
-manager: amycolannino
-ms.date: 09/14/2023
-ms.topic: conceptual
+author: henrymbuguakiarie
+ms.author: henrymbugua
+ms.date: 04/08/2025
+ms.topic: how-to
ms.service: microsoft-identity-manager
ms.assetid: 297df3b3-192e-4ed9-82ed-c95eb5297c84
diff --git a/MIMDocs/prepare-server-ws2016.md b/MIMDocs/prepare-server-ws2016.md
index 9b7f9cc4..3aa99d85 100644
--- a/MIMDocs/prepare-server-ws2016.md
+++ b/MIMDocs/prepare-server-ws2016.md
@@ -4,11 +4,10 @@
title: Configure Windows Server 2016 or later versions for MIM 2016 SP2 | Microsoft Docs
description: Get the steps and minimum requirements to prepare Windows Server 2016 or later versions to work with MIM 2016 SP2.
keywords:
-author: billmath
-ms.author: billmath
-manager: amycolannino
-ms.date: 09/14/2023
-ms.topic: conceptual
+author: henrymbuguakiarie
+ms.author: henrymbugua
+ms.date: 04/08/2025
+ms.topic: how-to
ms.service: microsoft-identity-manager
ms.assetid: 51507d0a-2aeb-4cfd-a642-7c71e666d6cd
diff --git a/MIMDocs/preparing-domain-gmsa.md b/MIMDocs/preparing-domain-gmsa.md
index c9224adb..0c19d055 100644
--- a/MIMDocs/preparing-domain-gmsa.md
+++ b/MIMDocs/preparing-domain-gmsa.md
@@ -4,11 +4,11 @@
title: Set up a gMSAs for Microsoft Identity Manager 2016 | Microsoft Docs
description: Set up Group Managed Service Accounts in a domain for Microsoft Identity Manager 2016
keywords:
-author: EugeneSergeev
-ms.author: esergeev
-manager: amycolannino
+author: henrymbuguakiarie
+ms.author: henrymbugua
+
ms.date: 1/7/2019
-ms.topic: article
+ms.topic: how-to
ms.service: microsoft-identity-manager
ms.assetid: 50345fda-56d7-4b6e-a861-f49ff90a8376
diff --git a/MIMDocs/preparing-domain.md b/MIMDocs/preparing-domain.md
index ba317c15..f24bdaf2 100644
--- a/MIMDocs/preparing-domain.md
+++ b/MIMDocs/preparing-domain.md
@@ -4,11 +4,10 @@
title: Set up a domain for Microsoft Identity Manager 2016 | Microsoft Docs
description: Create an Active Directory domain controller before installing MIM 2016
keywords:
-author: billmath
-ms.author: billmath
-manager: amycolannino
-ms.date: 09/14/2023
-ms.topic: conceptual
+author: henrymbuguakiarie
+ms.author: henrymbugua
+ms.date: 04/08/2025
+ms.topic: how-to
ms.service: microsoft-identity-manager
ms.assetid: 50345fda-56d7-4b6e-a861-f49ff90a8376
diff --git a/MIMDocs/preparing-tls.md b/MIMDocs/preparing-tls.md
index 6360fedf..29d027fc 100644
--- a/MIMDocs/preparing-tls.md
+++ b/MIMDocs/preparing-tls.md
@@ -4,11 +4,10 @@
title: Planning Microsoft Identity Manager 2016 in TLS 1.2 environment | Microsoft Docs
description: Planning Microsoft Identity Manager 2016 in TLS 1.2 environment
keywords:
-author: billmath
-ms.author: billmath
-manager: amycolannino
-ms.date: 09/14/2023
-ms.topic: conceptual
+author: henrymbuguakiarie
+ms.author: henrymbugua
+ms.date: 04/08/2025
+ms.topic: concept-article
ms.service: microsoft-identity-manager
ms.assetid: 50345fda-56d7-4b6e-a861-f49ff90a8376
@@ -43,7 +42,7 @@ When installing MIM 2016 SP2 in the locked-down environment that has all encrypt
>MIM 2016 SP2 unattended install fails in TLS 1.2 only environment. Either install MIM Service in interactive mode or, if installing unattended, make sure TLS 1.1 is enabled. After unattended installation completes, enforce TLS 1.2 if needed.
- Self-signed certificates cannot be used by MIM Service in TLS 1.2 only environment. Choose strong encryption compatible certificate issued by trusted Certification Authority when installing MIM Service.
-- MIM Service installer additionally requires [OLE DB Driver for SQL Server version 18.2](https://www.microsoft.com/download/details.aspx?id=56730) or later.
+- MIM Service installer additionally requires [OLE DB Driver for SQL Server version 18.2](/sql/connect/oledb/release-notes-for-oledb-driver-for-sql-server?view=sql-server-ver16#1823) or later.
## FIPS-mode considerations
diff --git a/MIMDocs/reference/assign-smartcard-to-request.md b/MIMDocs/reference/assign-smartcard-to-request.md
index be1bddfb..d917c26c 100644
--- a/MIMDocs/reference/assign-smartcard-to-request.md
+++ b/MIMDocs/reference/assign-smartcard-to-request.md
@@ -4,10 +4,9 @@
title: Assign a smart card to a request | Microsoft Docs
description: Binding a smart card to a specified request.
keywords:
-author: billmath
-ms.author: billmath
-manager: amycolannino
-ms.date: 09/14/2023
+author: henrymbuguakiarie
+ms.author: henrymbugua
+ms.date: 04/08/2025
ms.topic: reference
ms.service: microsoft-identity-manager
diff --git a/MIMDocs/reference/cancel-abandon-complete-request.md b/MIMDocs/reference/cancel-abandon-complete-request.md
index f784a1a4..a6e381cf 100644
--- a/MIMDocs/reference/cancel-abandon-complete-request.md
+++ b/MIMDocs/reference/cancel-abandon-complete-request.md
@@ -4,10 +4,9 @@
title: Cancel, abandon, or complete a request | Microsoft Docs
description: Changing the status of a MIM CM request.
keywords:
-author: billmath
-ms.author: billmath
-manager: amycolannino
-ms.date: 09/14/2023
+author: henrymbuguakiarie
+ms.author: henrymbugua
+ms.date: 04/08/2025
ms.topic: reference
ms.service: microsoft-identity-manager
diff --git a/MIMDocs/reference/certificate-management-rest-api-reference.md b/MIMDocs/reference/certificate-management-rest-api-reference.md
index c84f5c89..fdbd5f44 100644
--- a/MIMDocs/reference/certificate-management-rest-api-reference.md
+++ b/MIMDocs/reference/certificate-management-rest-api-reference.md
@@ -4,10 +4,9 @@
title: Certificate Management REST API reference | Microsoft Docs
description: Articles related to the MIM CM REST API.
keywords:
-author: billmath
-ms.author: billmath
-manager: amycolannino
-ms.date: 09/14/2023
+author: henrymbuguakiarie
+ms.author: henrymbugua
+ms.date: 04/08/2025
ms.topic: reference
ms.service: microsoft-identity-manager
diff --git a/MIMDocs/reference/certificate-management-rest-api-service-details.md b/MIMDocs/reference/certificate-management-rest-api-service-details.md
index 094debf8..cdec1229 100644
--- a/MIMDocs/reference/certificate-management-rest-api-service-details.md
+++ b/MIMDocs/reference/certificate-management-rest-api-service-details.md
@@ -4,11 +4,10 @@
title: Certificate Management REST API service details | Microsoft Docs
description: MIM CM REST API descriptions and examples.
keywords:
-author: billmath
-ms.author: billmath
-manager: amycolannino
-ms.date: 09/14/2023
-ms.topic: article
+author: henrymbuguakiarie
+ms.author: henrymbugua
+ms.date: 04/08/2025
+ms.topic: concept-article
ms.service: microsoft-identity-manager
ms.assetid: 530047f1-e43b-4a69-9542-75bc1da57bf7
diff --git a/MIMDocs/reference/certificate-operations.md b/MIMDocs/reference/certificate-operations.md
index 4fcfded4..d15c539c 100644
--- a/MIMDocs/reference/certificate-operations.md
+++ b/MIMDocs/reference/certificate-operations.md
@@ -4,10 +4,9 @@
title: Certificate operations | Microsoft Docs
description: Articles related to certificate operations in the MIM CM REST API.
keywords:
-author: billmath
-ms.author: billmath
-manager: amycolannino
-ms.date: 09/14/2023
+author: henrymbuguakiarie
+ms.author: henrymbugua
+ms.date: 04/08/2025
ms.topic: reference
ms.service: microsoft-identity-manager
diff --git a/MIMDocs/reference/certificate-request-operations.md b/MIMDocs/reference/certificate-request-operations.md
index 5b736f3a..813ed836 100644
--- a/MIMDocs/reference/certificate-request-operations.md
+++ b/MIMDocs/reference/certificate-request-operations.md
@@ -4,10 +4,9 @@
title: Certificate request operations | Microsoft Docs
description: Articles related to certificate request operations in the MIM CM REST API.
keywords:
-author: billmath
-ms.author: billmath
-manager: amycolannino
-ms.date: 09/14/2023
+author: henrymbuguakiarie
+ms.author: henrymbugua
+ms.date: 04/08/2025
ms.topic: reference
ms.service: microsoft-identity-manager
diff --git a/MIMDocs/reference/create-request.md b/MIMDocs/reference/create-request.md
index a9a0604c..7c0c0792 100644
--- a/MIMDocs/reference/create-request.md
+++ b/MIMDocs/reference/create-request.md
@@ -4,10 +4,9 @@
title: Create request | Microsoft Docs
description: Instructions and examples for creating a MIM CM request.
keywords:
-author: billmath
-ms.author: billmath
-manager: amycolannino
-ms.date: 09/14/2023
+author: henrymbuguakiarie
+ms.author: henrymbugua
+ms.date: 04/08/2025
ms.topic: reference
ms.service: microsoft-identity-manager
diff --git a/MIMDocs/reference/get-certificate-request-generation-options.md b/MIMDocs/reference/get-certificate-request-generation-options.md
index 6ada52f4..feb68c13 100644
--- a/MIMDocs/reference/get-certificate-request-generation-options.md
+++ b/MIMDocs/reference/get-certificate-request-generation-options.md
@@ -4,10 +4,9 @@
title: Get certificate request generation options | Microsoft Docs
description: Description of MIM CM REST API GET request and response parameters.
keywords:
-author: billmath
-ms.author: billmath
-manager: amycolannino
-ms.date: 09/14/2023
+author: henrymbuguakiarie
+ms.author: henrymbugua
+ms.date: 04/08/2025
ms.topic: reference
ms.service: microsoft-identity-manager
diff --git a/MIMDocs/reference/get-certificate-responses.md b/MIMDocs/reference/get-certificate-responses.md
index e2f24c3a..14cb7b0d 100644
--- a/MIMDocs/reference/get-certificate-responses.md
+++ b/MIMDocs/reference/get-certificate-responses.md
@@ -4,10 +4,9 @@
title: Get certificate responses | Microsoft Docs
description: Description of MIM CM REST API POST request and response parameters.
keywords:
-author: billmath
-ms.author: billmath
-manager: amycolannino
-ms.date: 09/14/2023
+author: henrymbuguakiarie
+ms.author: henrymbugua
+ms.date: 04/08/2025
ms.topic: reference
ms.service: microsoft-identity-manager
diff --git a/MIMDocs/reference/get-profile-data.md b/MIMDocs/reference/get-profile-data.md
index f18352dd..5fb7f2ce 100644
--- a/MIMDocs/reference/get-profile-data.md
+++ b/MIMDocs/reference/get-profile-data.md
@@ -4,10 +4,9 @@
title: Get profile data | Microsoft Docs
description: Using the MIM CM REST API GET command to list software certificate profiles for a user.
keywords:
-author: billmath
-ms.author: billmath
-manager: amycolannino
-ms.date: 09/14/2023
+author: henrymbuguakiarie
+ms.author: henrymbugua
+ms.date: 04/08/2025
ms.topic: reference
ms.service: microsoft-identity-manager
diff --git a/MIMDocs/reference/get-profile-state-operations.md b/MIMDocs/reference/get-profile-state-operations.md
index 0080a00b..da44ca26 100644
--- a/MIMDocs/reference/get-profile-state-operations.md
+++ b/MIMDocs/reference/get-profile-state-operations.md
@@ -4,10 +4,9 @@
title: Get profile state operations | Microsoft Docs
description: Using the MIM CM REST API GET command to list the operations available to a current user.
keywords:
-author: billmath
-ms.author: billmath
-manager: amycolannino
-ms.date: 09/14/2023
+author: henrymbuguakiarie
+ms.author: henrymbugua
+ms.date: 04/08/2025
ms.topic: reference
ms.service: microsoft-identity-manager
diff --git a/MIMDocs/reference/get-profile-templates.md b/MIMDocs/reference/get-profile-templates.md
index f0c5cc7a..d518fb00 100644
--- a/MIMDocs/reference/get-profile-templates.md
+++ b/MIMDocs/reference/get-profile-templates.md
@@ -4,10 +4,9 @@
title: Get profile templates | Microsoft Docs
description: Using the MIM CM REST API GET command to list profile templates available to a specified user.
keywords:
-author: billmath
-ms.author: billmath
-manager: amycolannino
-ms.date: 09/14/2023
+author: henrymbuguakiarie
+ms.author: henrymbugua
+ms.date: 04/08/2025
ms.topic: reference
ms.service: microsoft-identity-manager
diff --git a/MIMDocs/reference/get-request.md b/MIMDocs/reference/get-request.md
index 330ff597..400ddf25 100644
--- a/MIMDocs/reference/get-request.md
+++ b/MIMDocs/reference/get-request.md
@@ -4,10 +4,9 @@
title: Get request | Microsoft Docs
description: Using the MIM CM REST API GET command to list MIM CM requests.
keywords:
-author: billmath
-ms.author: billmath
-manager: amycolannino
-ms.date: 09/14/2023
+author: henrymbuguakiarie
+ms.author: henrymbugua
+ms.date: 04/08/2025
ms.topic: reference
ms.service: microsoft-identity-manager
diff --git a/MIMDocs/reference/get-smartcard-authentication-response.md b/MIMDocs/reference/get-smartcard-authentication-response.md
index 0ea15cb6..ffb33e5e 100644
--- a/MIMDocs/reference/get-smartcard-authentication-response.md
+++ b/MIMDocs/reference/get-smartcard-authentication-response.md
@@ -4,10 +4,9 @@
title: Get smart card authentication response | Microsoft Docs
description: Using the MIM CM REST API GET command to retrieve the response to a base CSP authentication challenge.
keywords:
-author: billmath
-ms.author: billmath
-manager: amycolannino
-ms.date: 09/14/2023
+author: henrymbuguakiarie
+ms.author: henrymbugua
+ms.date: 04/08/2025
ms.topic: reference
ms.service: microsoft-identity-manager
diff --git a/MIMDocs/reference/get-smartcard-data.md b/MIMDocs/reference/get-smartcard-data.md
index 7c45d24c..d79229fe 100644
--- a/MIMDocs/reference/get-smartcard-data.md
+++ b/MIMDocs/reference/get-smartcard-data.md
@@ -4,10 +4,9 @@
title: Get smart card profiles | Microsoft Docs
description: Using the MIM CM REST API GET command to list smart card profiles for a user.
keywords:
-author: billmath
-ms.author: billmath
-manager: amycolannino
-ms.date: 09/14/2023
+author: henrymbuguakiarie
+ms.author: henrymbugua
+ms.date: 04/08/2025
ms.topic: reference
ms.service: microsoft-identity-manager
diff --git a/MIMDocs/reference/get-smartcard-diversified-admin-key.md b/MIMDocs/reference/get-smartcard-diversified-admin-key.md
index 04bbc6db..b59fd912 100644
--- a/MIMDocs/reference/get-smartcard-diversified-admin-key.md
+++ b/MIMDocs/reference/get-smartcard-diversified-admin-key.md
@@ -4,10 +4,9 @@
title: Get smart card diversified admin key | Microsoft Docs
description: Using the MIM CM REST API GET command to find the diversified admin key for a specified smart card.
keywords:
-author: billmath
-ms.author: billmath
-manager: amycolannino
-ms.date: 09/14/2023
+author: henrymbuguakiarie
+ms.author: henrymbugua
+ms.date: 04/08/2025
ms.topic: reference
ms.service: microsoft-identity-manager
diff --git a/MIMDocs/reference/get-smartcard-policy.md b/MIMDocs/reference/get-smartcard-policy.md
index 5012451d..6ef468d1 100644
--- a/MIMDocs/reference/get-smartcard-policy.md
+++ b/MIMDocs/reference/get-smartcard-policy.md
@@ -4,11 +4,10 @@
title: Get smart card policy | Microsoft Docs
description: Using the MIM CM REST API GET command to find the profile template policy for a specified workflow.
keywords:
-author: billmath
-ms.author: billmath
-manager: amycolannino
-ms.date: 09/14/2023
-ms.topic: article
+author: henrymbuguakiarie
+ms.author: henrymbugua
+ms.date: 04/08/2025
+ms.topic: reference
ms.service: microsoft-identity-manager
ms.assetid: c015ffc7-5c94-427e-a3b3-870ec8ab92b6
diff --git a/MIMDocs/reference/get-smartcard-profile-certificates.md b/MIMDocs/reference/get-smartcard-profile-certificates.md
index e536d1ea..dab052ae 100644
--- a/MIMDocs/reference/get-smartcard-profile-certificates.md
+++ b/MIMDocs/reference/get-smartcard-profile-certificates.md
@@ -4,10 +4,9 @@
title: Get smart card or profile certificates | Microsoft Docs
description: Using the MIM CM REST API GET command to list certificates associated with a smart card or software profile.
keywords:
-author: billmath
-ms.author: billmath
-manager: amycolannino
-ms.date: 09/14/2023
+author: henrymbuguakiarie
+ms.author: henrymbugua
+ms.date: 04/08/2025
ms.topic: reference
ms.service: microsoft-identity-manager
diff --git a/MIMDocs/reference/get-smartcard-proposed-pin.md b/MIMDocs/reference/get-smartcard-proposed-pin.md
index ca626624..690a107a 100644
--- a/MIMDocs/reference/get-smartcard-proposed-pin.md
+++ b/MIMDocs/reference/get-smartcard-proposed-pin.md
@@ -4,10 +4,9 @@
title: Get smart card proposed PIN | Microsoft Docs
description: Using the MIM CM REST API GET command to retrieve the server-generated user PIN.
keywords:
-author: billmath
-ms.author: billmath
-manager: amycolannino
-ms.date: 09/14/2023
+author: henrymbuguakiarie
+ms.author: henrymbugua
+ms.date: 04/08/2025
ms.topic: reference
ms.service: microsoft-identity-manager
diff --git a/MIMDocs/reference/get-user-certificates.md b/MIMDocs/reference/get-user-certificates.md
index c6f6e541..14b88fe6 100644
--- a/MIMDocs/reference/get-user-certificates.md
+++ b/MIMDocs/reference/get-user-certificates.md
@@ -4,10 +4,9 @@
title: Get user certificates | Microsoft Docs
description: Using the MIM CM REST API GET command to list the certificates associated with a specified user.
keywords:
-author: billmath
-ms.author: billmath
-manager: amycolannino
-ms.date: 09/14/2023
+author: henrymbuguakiarie
+ms.author: henrymbugua
+ms.date: 04/08/2025
ms.topic: reference
ms.service: microsoft-identity-manager
diff --git a/MIMDocs/reference/get-workflow-policy.md b/MIMDocs/reference/get-workflow-policy.md
index 06c5b654..62ba930e 100644
--- a/MIMDocs/reference/get-workflow-policy.md
+++ b/MIMDocs/reference/get-workflow-policy.md
@@ -4,10 +4,9 @@
title: Get workflow policy | Microsoft Docs
description: Using the MIM CM REST API GET command to find a workflow's profile template policy
keywords:
-author: billmath
-ms.author: billmath
-manager: amycolannino
-ms.date: 09/14/2023
+author: henrymbuguakiarie
+ms.author: henrymbugua
+ms.date: 04/08/2025
ms.topic: reference
ms.service: microsoft-identity-manager
diff --git a/MIMDocs/reference/maerrorcodes.md b/MIMDocs/reference/maerrorcodes.md
index 7f5cfe33..1c6af73e 100644
--- a/MIMDocs/reference/maerrorcodes.md
+++ b/MIMDocs/reference/maerrorcodes.md
@@ -4,10 +4,9 @@
title: Management agent run error codes | Microsoft Docs
description: Error codes for the MIM Synchronization Service Manager user interface.
keywords:
-author: billmath
-ms.author: billmath
-manager: amycolannino
-ms.date: 09/14/2023
+author: henrymbuguakiarie
+ms.author: henrymbugua
+ms.date: 04/08/2025
ms.topic: reference
ms.service: microsoft-identity-manager
diff --git a/MIMDocs/reference/media/microsoft-identity-manager-2016-ma-ws-maconfig/create-ma-connectivity.png b/MIMDocs/reference/media/microsoft-identity-manager-2016-ma-ws-maconfig/create-ma-connectivity.png
index 7c6f583e..5e5ae030 100644
Binary files a/MIMDocs/reference/media/microsoft-identity-manager-2016-ma-ws-maconfig/create-ma-connectivity.png and b/MIMDocs/reference/media/microsoft-identity-manager-2016-ma-ws-maconfig/create-ma-connectivity.png differ
diff --git a/MIMDocs/reference/microsoft-identity-manager-2016-connector-domino.md b/MIMDocs/reference/microsoft-identity-manager-2016-connector-domino.md
index c3888e44..674d0660 100644
--- a/MIMDocs/reference/microsoft-identity-manager-2016-connector-domino.md
+++ b/MIMDocs/reference/microsoft-identity-manager-2016-connector-domino.md
@@ -3,17 +3,18 @@ title: Lotus Domino Connector | Microsoft Docs
description: This article describes how to configure Microsoft's Lotus Domino Connector.
services: active-directory
documentationcenter: ''
-author: billmath
-manager: amycolannino
+author: henrymbuguakiarie
+
editor: ''
ms.assetid: e07fd469-d862-470f-a3c6-3ed2a8d745bf
ms.workload: identity
ms.tgt_pltfrm: na
-ms.topic: article
+ms.topic: concept-article
ms.service: microsoft-identity-manager
-ms.date: 03/29/2024
-ms.author: billmath
+ms.date: 04/08/2025
+ms.author: henrymbugua
+ms.custom: sfi-image-nochange
---
# Lotus Domino Connector technical reference
diff --git a/MIMDocs/reference/microsoft-identity-manager-2016-connector-genericcsv-step-by-step.md b/MIMDocs/reference/microsoft-identity-manager-2016-connector-genericcsv-step-by-step.md
index 905a8059..970eef20 100644
--- a/MIMDocs/reference/microsoft-identity-manager-2016-connector-genericcsv-step-by-step.md
+++ b/MIMDocs/reference/microsoft-identity-manager-2016-connector-genericcsv-step-by-step.md
@@ -11,22 +11,23 @@ ms.assetid: c3e8f6d0-1b4a-4e5b-9f7d-8e1a2b3c4d5e
ms.workload: identity
ms.tgt_pltfrm: na
ms.devlang: powershell
-ms.topic: article
+ms.topic: how-to
ms.service: entra-id-governance
ms.subservice: ''
ms.date: 03/20/2024
ms.author: erkarc
+ms.custom: sfi-image-nochange
---
# Generic CSV Connector - Step-by-Step Reference Guide (Preview)
This article describes the Generic CSV Connector. The article applies to the following products:
-* [Microsoft Identity Manager 2016 (MIM2016)](https://learn.microsoft.com/microsoft-identity-manager)
+* [Microsoft Identity Manager 2016 (MIM2016)](/microsoft-identity-manager)
For MIM 2016, the Connector is available as a download from the [Microsoft Download Center](https://go.microsoft.com/fwlink/?LinkId=717495).
> [!NOTE]
-> The [Azure AD provisioning](https://learn.microsoft.com/azure/active-directory/app-provisioning/user-provisioning) service now provides a lightweight agent based solution for provisioning users into CSV files, without a full MIM sync deployment. We recommend evaluating if it meets your needs. [Learn more](https://learn.microsoft.com/azure/active-directory/app-provisioning/on-premises-sql-connector-configure).
+> The [Azure AD provisioning](/azure/active-directory/app-provisioning/user-provisioning) service now provides a lightweight agent based solution for provisioning users into CSV files, without a full MIM sync deployment. We recommend evaluating if it meets your needs. [Learn more](/azure/active-directory/app-provisioning/on-premises-sql-connector-configure).
## Prepare the Sample CSV files
On a server running the MIM Synchronization Server, create the folder ***C:\GCSV*** and copy the following CSV files found in [Appendix A – Sample CSV Files](#appendix-a---sample-csv-files) into it. Be sure to grant the MIM Synchronization Service account both read-and-write permissions to that folder.
@@ -43,7 +44,7 @@ Copy the following CSV into the ***C:\GCSV\SCRIPTS*** folder:
## Prepare the Sample PowerShell Scripts
On a server running the MIM Synchronization Server, create the folder ***C:\GCSV\SCRIPTS*** and copy the sample PowerShell scripts located in [Appendix B - Sample PowerShell Files](#appendix-b---sample-powershell-files) into it.
-Be sure that the MIM Synchronization service account has appropriate [PowerShell ExecutePolicy permissions](https://learn.microsoft.com/powershell/module/microsoft.powershell.core/about/about_execution_policies) in order to execute the scripts.
+Be sure that the MIM Synchronization service account has appropriate [PowerShell ExecutePolicy permissions](/powershell/module/microsoft.powershell.core/about/about_execution_policies) in order to execute the scripts.
Copy the following PowerShell scripts into the ***C:\GCSV\SCRIPTS*** folder:
@@ -56,7 +57,7 @@ Copy the following PowerShell scripts into the ***C:\GCSV\SCRIPTS*** folder:
> This guide assumes that the CSV files are in the following path on your MIM Synchronization server: C:\GCSV\SCRIPTS. If you install them in a different location, you will need to make the appropriate changes through the reset of this guide.
> [!IMPORTANT]
->The MIM Synchronization Service account requires the appropriate [PowerShell ExecutePolicy permissions](https://learn.microsoft.com/powershell/module/microsoft.powershell.core/about/about_execution_policies) on the MIM Synchronization server in order execute the sample PowerShell scripts.
+>The MIM Synchronization Service account requires the appropriate [PowerShell ExecutePolicy permissions](/powershell/module/microsoft.powershell.core/about/about_execution_policies) on the MIM Synchronization server in order execute the sample PowerShell scripts.
## Create a New Connector
diff --git a/MIMDocs/reference/microsoft-identity-manager-2016-connector-genericcsv.md b/MIMDocs/reference/microsoft-identity-manager-2016-connector-genericcsv.md
index 9b63f071..8994328d 100644
--- a/MIMDocs/reference/microsoft-identity-manager-2016-connector-genericcsv.md
+++ b/MIMDocs/reference/microsoft-identity-manager-2016-connector-genericcsv.md
@@ -11,7 +11,7 @@ ms.assetid: f2a1c6b0-3e7d-4e8e-9a8b-5a6d3f2e1b9d
ms.workload: identity
ms.tgt_pltfrm: na
ms.devlang: powershell
-ms.topic: article
+ms.topic: concept-article
ms.service: entra-id-governance
ms.subservice: ''
ms.date: 03/20/2024
@@ -22,15 +22,15 @@ ms.author: erkarc
This article describes the Generic CSV (GCSV) Connector. The article applies to the following products:
-* [Microsoft Entra Connect Provisioning Agent (ECMA2Host)](https://learn.microsoft.com/entra/identity/app-provisioning/on-premises-application-provisioning-architecture)
-* [Microsoft Identity Manager 2016 (MIM2016)](https://learn.microsoft.com/microsoft-identity-manager)
+* [Microsoft Entra Connect Provisioning Agent (ECMA2Host)](/entra/identity/app-provisioning/on-premises-application-provisioning-architecture)
+* [Microsoft Identity Manager 2016 (MIM2016)](/microsoft-identity-manager)
For MIM 2016, the Connector is available as a download from the [Microsoft Download Center](https://go.microsoft.com/fwlink/?LinkId=717495).
To see this Connector in action, see the [Generic SQL Connector step-by-step](microsoft-identity-manager-2016-connector-genericsql-step-by-step.md) article.
> [!NOTE]
-> The [Azure AD provisioning](https://learn.microsoft.com/azure/active-directory/app-provisioning/user-provisioning) service now provides a lightweight agent based solution for provisioning users into CSV files, without a full MIM sync deployment. We recommend evaluating if it meets your needs. [Learn more](https://learn.microsoft.com/azure/active-directory/app-provisioning/on-premises-sql-connector-configure).
+> The [Azure AD provisioning](/azure/active-directory/app-provisioning/user-provisioning) service now provides a lightweight agent based solution for provisioning users into CSV files, without a full MIM sync deployment. We recommend evaluating if it meets your needs. [Learn more](/azure/active-directory/app-provisioning/on-premises-sql-connector-configure).
## Overview of the Generic CSV Connector
@@ -72,7 +72,7 @@ Before you use the connector, make sure you have the following on the synchroniz
#### MIM Synchronization Service Account Permissions
>[!IMPORTANT]
-> The MIM 2016 Synchronization service account is the security context that performs the file operations to CSV files and runs the pre/post-processing PowerShell scripts. This service account needs Read/Write permissions for all the CSV and PowerShell files that are configured. It also needs the appropriate [PowerShell ExecutePolicy permissions](https://learn.microsoft.com/powershell/module/microsoft.powershell.core/about/about_execution_policies) to run any scripts that are configured.
+> The MIM 2016 Synchronization service account is the security context that performs the file operations to CSV files and runs the pre/post-processing PowerShell scripts. This service account needs Read/Write permissions for all the CSV and PowerShell files that are configured. It also needs the appropriate [PowerShell ExecutePolicy permissions](/powershell/module/microsoft.powershell.core/about/about_execution_policies) to run any scripts that are configured.
## Create a new Connector
@@ -307,7 +307,7 @@ The following image is an example of the *Anchors* page.
In order for the GCSV connector to add new User or Group objects into their corresponding CSV files a new Connector Space Object must be provisioned for it.
-Whether using either [MIM 2016 Declarative Provisioning](https://learn.microsoft.com/microsoft-identity-manager/mim-how-provision-users-adds) or writing your own [MIM Synchronization Rules Extensions](https://learn.microsoft.com/previous-versions/windows/desktop/identity-lifecycle-manager/ms698375(v=vs.85)), new Connector Space objects must have a DN constructed using the following format:
+Whether using either [MIM 2016 Declarative Provisioning](/microsoft-identity-manager/mim-how-provision-users-adds) or writing your own [MIM Synchronization Rules Extensions](/previous-versions/windows/desktop/identity-lifecycle-manager/ms698375(v=vs.85)), new Connector Space objects must have a DN constructed using the following format:
**CN=[ANCHOR_VALUE],Object=User|Group,O=CSV**
@@ -323,7 +323,7 @@ The following image is a *Synchronization Rule* that demonstrates how to constru
-The following code demonstrates the equivalent provisioning logic using [Metaverse Rules Extensions](https://learn.microsoft.com/previous-versions/windows/desktop/forefront-2010/ms695371(v=vs.100)).
+The following code demonstrates the equivalent provisioning logic using [Metaverse Rules Extensions](/previous-versions/windows/desktop/forefront-2010/ms695371(v=vs.100)).
```C#
void IMVSynchronization.Provision(MVEntry mventry)
@@ -449,4 +449,4 @@ The following list contains the known limitations of the GCSV connector.
* Duplicate anchor values between user and group objects are not supported.
* The names of the anchor attributes must be unique across user and group schemas.
* **PowerShell**
- * The passing of input variables into PowerShell scripts is not supported.
\ No newline at end of file
+ * The passing of input variables into PowerShell scripts is not supported.
diff --git a/MIMDocs/reference/microsoft-identity-manager-2016-connector-genericldap.md b/MIMDocs/reference/microsoft-identity-manager-2016-connector-genericldap.md
index e74af822..2ca2d830 100644
--- a/MIMDocs/reference/microsoft-identity-manager-2016-connector-genericldap.md
+++ b/MIMDocs/reference/microsoft-identity-manager-2016-connector-genericldap.md
@@ -3,17 +3,18 @@ title: Generic LDAP Connector
description: This article describes how to configure Microsoft's Generic LDAP Connector.
services: active-directory
documentationcenter: ''
-author: billmath
-manager: amycolannino
+author: henrymbuguakiarie
+
editor: ''
ms.assetid: 984beeb0-4d91-4908-ad81-c19797c4891b
ms.reviewer: davidste
ms.workload: identity
ms.tgt_pltfrm: na
-ms.topic: article
+ms.topic: concept-article
ms.service: microsoft-identity-manager
-ms.date: 03/29/2024
-ms.author: billmath
+ms.date: 04/08/2025
+ms.author: henrymbugua
+ms.custom: sfi-image-nochange
---
# Generic LDAP Connector technical reference
diff --git a/MIMDocs/reference/microsoft-identity-manager-2016-connector-genericsql-step-by-step.md b/MIMDocs/reference/microsoft-identity-manager-2016-connector-genericsql-step-by-step.md
index e1712155..597abe18 100644
--- a/MIMDocs/reference/microsoft-identity-manager-2016-connector-genericsql-step-by-step.md
+++ b/MIMDocs/reference/microsoft-identity-manager-2016-connector-genericsql-step-by-step.md
@@ -3,17 +3,18 @@ title: Generic SQL Connector step-by step
description: This article is walking you through a simple HR system step-by-step using the Generic SQL Connector.
services: active-directory
documentationcenter: ''
-author: billmath
-manager: amycolannino
+author: henrymbuguakiarie
+
editor: ''
ms.assetid: 28c1cc60-24fd-4d0d-a36d-b4aba6de86e7
ms.workload: identity
ms.tgt_pltfrm: na
-ms.topic: article
+ms.topic: how-to
ms.service: microsoft-identity-manager
-ms.date: 09/14/2023
-ms.author: billmath
+ms.date: 04/08/2025
+ms.author: henrymbugua
+ms.custom: sfi-image-nochange
---
# Generic SQL Connector step-by-step
diff --git a/MIMDocs/reference/microsoft-identity-manager-2016-connector-genericsql.md b/MIMDocs/reference/microsoft-identity-manager-2016-connector-genericsql.md
index e46879b2..cf029003 100644
--- a/MIMDocs/reference/microsoft-identity-manager-2016-connector-genericsql.md
+++ b/MIMDocs/reference/microsoft-identity-manager-2016-connector-genericsql.md
@@ -3,17 +3,18 @@ title: Generic SQL Connector
description: This article describes how to configure Microsoft's Generic SQL Connector.
services: active-directory
documentationcenter: ''
-author: billmath
-manager: amycolannino
+author: henrymbuguakiarie
+
editor: ''
ms.assetid: fd8ccef3-6605-47ba-9219-e0c74ffc0ec9
ms.workload: identity
ms.tgt_pltfrm: na
-ms.topic: article
+ms.topic: concept-article
ms.service: microsoft-identity-manager
ms.date: 3/29/2024
-ms.author: esergeev
+ms.author: henrymbugua
+ms.custom: sfi-image-nochange
---
# Generic SQL Connector technical reference
diff --git a/MIMDocs/reference/microsoft-identity-manager-2016-connector-powershell.md b/MIMDocs/reference/microsoft-identity-manager-2016-connector-powershell.md
index 8c9cf125..5716be5c 100644
--- a/MIMDocs/reference/microsoft-identity-manager-2016-connector-powershell.md
+++ b/MIMDocs/reference/microsoft-identity-manager-2016-connector-powershell.md
@@ -3,17 +3,18 @@ title: PowerShell Connector | Microsoft Docs
description: This article describes how to configure Microsoft's Windows PowerShell Connector.
services: active-directory
documentationcenter: ''
-author: billmath
-manager: amycolannino
+author: henrymbuguakiarie
+
editor: ''
ms.assetid: 6dba8e34-a874-4ff0-90bc-bd2b0a4199b5
ms.workload: identity
ms.tgt_pltfrm: na
-ms.topic: article
+ms.topic: concept-article
ms.service: microsoft-identity-manager
-ms.date: 03/29/2024
-ms.author: billmath
+ms.date: 04/08/2025
+ms.author: henrymbugua
+ms.custom: sfi-image-nochange
---
# Windows PowerShell Connector technical reference
diff --git a/MIMDocs/reference/microsoft-identity-manager-2016-connector-version-history.md b/MIMDocs/reference/microsoft-identity-manager-2016-connector-version-history.md
index 7380a9b8..cba12e3e 100644
--- a/MIMDocs/reference/microsoft-identity-manager-2016-connector-version-history.md
+++ b/MIMDocs/reference/microsoft-identity-manager-2016-connector-version-history.md
@@ -3,18 +3,18 @@ title: Connector Version Release History
description: This document lists all releases of the Connectors for Forefront Identity Manager (FIM) and Microsoft Identity Manager (MIM)
services: active-directory
documentationcenter: ''
-author: EugeneSergeev
+author: henrymbuguakiarie
manager: benyim
editor: ''
reviewer: markwahl-msft
ms.assetid: 6a0c66ab-55df-4669-a0c7-1fe1a091a7f9
-ms.topic: article
+ms.topic: release-notes
ms.service: entra-id-governance
ms.subservice: ''
ms.workload: identity
ms.date: 4/30/2024
-ms.author: esergeev
+ms.author: henrymbugua
ms.reviewer: mwahl
ms.suite: ems
@@ -43,9 +43,10 @@ Related links:
* [Lotus Domino Connector](microsoft-identity-manager-2016-connector-domino.md) reference documentation
* [SharePoint User Profile Store Connector](https://go.microsoft.com/fwlink/?LinkID=331344) reference documentation
-## April 2024
-
-* Forefront Identity Manager Connector for Microsoft Azure Active Directory end of support; see [Migrate a Microsoft Entra provisioning scenario from the FIM Connector for Microsoft Entra ID to Microsoft Entra Connect or MIM Graph connector](../migrate-from-the-fim-connector-for-azure-active-directory.md).
+## 1.1.2057.0 (November 2024)
+### Fixed issues
+* Graph Connector
+ * Performance enhancements for the graph connector during full and delta imports.
## 1.1.2038.0 (March 2024)
diff --git a/MIMDocs/reference/microsoft-identity-manager-2016-developer-reference.md b/MIMDocs/reference/microsoft-identity-manager-2016-developer-reference.md
index 3f273708..2590f84d 100644
--- a/MIMDocs/reference/microsoft-identity-manager-2016-developer-reference.md
+++ b/MIMDocs/reference/microsoft-identity-manager-2016-developer-reference.md
@@ -4,11 +4,10 @@
title: Microsoft Identity Manager 2016 developer reference | Microsoft Docs
description: List of MIM developer references by component.
keywords:
-author: billmath
-ms.author: billmath
-manager: amycolannino
-ms.date: 09/14/2023
-ms.topic: article
+author: henrymbuguakiarie
+ms.author: henrymbugua
+ms.date: 04/08/2025
+ms.topic: concept-article
ms.service: microsoft-identity-manager
ms.assetid: 2b5f612f-3119-401b-b1f8-462310c8510f
diff --git a/MIMDocs/reference/microsoft-identity-manager-2016-ma-ws-import.md b/MIMDocs/reference/microsoft-identity-manager-2016-ma-ws-import.md
index 4c5da183..08b4cac1 100644
--- a/MIMDocs/reference/microsoft-identity-manager-2016-ma-ws-import.md
+++ b/MIMDocs/reference/microsoft-identity-manager-2016-ma-ws-import.md
@@ -4,11 +4,10 @@
title: Import Web Services Connector | Microsoft Docs
description: Import Web Services Connector with multiple Web Services configurations in Microsoft Identity Manager.
keywords:
-author: billmath
-ms.author: billmath
-manager: amycolannino
-ms.date: 09/14/2023
-ms.topic: conceptual
+author: henrymbuguakiarie
+ms.author: henrymbugua
+ms.date: 04/08/2025
+ms.topic: how-to
ms.service: microsoft-identity-manager
ms.assetid:
diff --git a/MIMDocs/reference/microsoft-identity-manager-2016-ma-ws-install.md b/MIMDocs/reference/microsoft-identity-manager-2016-ma-ws-install.md
index 5f4ec25d..705eafe3 100644
--- a/MIMDocs/reference/microsoft-identity-manager-2016-ma-ws-install.md
+++ b/MIMDocs/reference/microsoft-identity-manager-2016-ma-ws-install.md
@@ -4,11 +4,10 @@
title: MIM Install the Web Service Cofiguration Tool | Microsoft Docs
description: This article covers the steps to install the Web Service Configuration Tool.
keywords:
-author: billmath
-ms.author: billmath
-manager: amycolannino
-ms.date: 09/14/2023
-ms.topic: conceptual
+author: henrymbuguakiarie
+ms.author: henrymbugua
+ms.date: 04/08/2025
+ms.topic: concept-article
ms.service: microsoft-identity-manager
ms.assetid:
diff --git a/MIMDocs/reference/microsoft-identity-manager-2016-ma-ws-maconfig.md b/MIMDocs/reference/microsoft-identity-manager-2016-ma-ws-maconfig.md
index a6b5116f..40d7cd3a 100644
--- a/MIMDocs/reference/microsoft-identity-manager-2016-ma-ws-maconfig.md
+++ b/MIMDocs/reference/microsoft-identity-manager-2016-ma-ws-maconfig.md
@@ -4,14 +4,15 @@
title: Web Service Connector configuration options | Microsoft Docs
description: This article covers the steps required to install the Web Service Configuration Tool.
keywords:
-author: EugeneSergeev
-ms.author: esergeev
-manager: amycolannino
+author: henrymbuguakiarie
+ms.author: henrymbugua
+
ms.date: 3/27/2020
-ms.topic: conceptual
+ms.topic: how-to
ms.service: microsoft-identity-manager
ms.reviewer: markwahl-msft
ms.assetid:
+ms.custom: sfi-image-nochange
---
# Web Service Connector configuration options
diff --git a/MIMDocs/reference/microsoft-identity-manager-2016-ma-ws-restgeneric.md b/MIMDocs/reference/microsoft-identity-manager-2016-ma-ws-restgeneric.md
index 31e07775..23843e77 100644
--- a/MIMDocs/reference/microsoft-identity-manager-2016-ma-ws-restgeneric.md
+++ b/MIMDocs/reference/microsoft-identity-manager-2016-ma-ws-restgeneric.md
@@ -4,14 +4,14 @@
title: Web Service Connector workflow guide for the REST API | Microsoft Docs
description: This article covers how to deploy a REST API sample.
keywords:
-author: billmath
-ms.author: billmath
-manager: amycolannino
-ms.date: 09/14/2023
-ms.topic: conceptual
+author: henrymbuguakiarie
+ms.author: henrymbugua
+ms.date: 04/08/2025
+ms.topic: how-to
ms.service: microsoft-identity-manager
ms.assetid:
+ms.custom: sfi-image-nochange
---
diff --git a/MIMDocs/reference/microsoft-identity-manager-2016-ma-ws-restsample.md b/MIMDocs/reference/microsoft-identity-manager-2016-ma-ws-restsample.md
index 4b208e4a..0112cb2c 100644
--- a/MIMDocs/reference/microsoft-identity-manager-2016-ma-ws-restsample.md
+++ b/MIMDocs/reference/microsoft-identity-manager-2016-ma-ws-restsample.md
@@ -4,14 +4,14 @@
title: Web Service Connector REST API App Service sample | Microsoft Docs
description: Guide helping you implement a sample REST JSON server in Azure
keywords:
-author: billmath
-ms.author: billmath
-manager: amycolannino
-ms.date: 09/14/2023
-ms.topic: conceptual
+author: henrymbuguakiarie
+ms.author: henrymbugua
+ms.date: 04/08/2025
+ms.topic: how-to
ms.service: microsoft-identity-manager
ms.assetid:
+ms.custom: sfi-image-nochange
---
# Web Service Connector REST API App Service sample
diff --git a/MIMDocs/reference/microsoft-identity-manager-2016-ma-ws-soap.md b/MIMDocs/reference/microsoft-identity-manager-2016-ma-ws-soap.md
index c6c5eb95..da7cf403 100644
--- a/MIMDocs/reference/microsoft-identity-manager-2016-ma-ws-soap.md
+++ b/MIMDocs/reference/microsoft-identity-manager-2016-ma-ws-soap.md
@@ -4,14 +4,14 @@
title: Web Service Connector workflow guide for SOAP | Microsoft Docs
description: This article describes how to create a new project for your SOAP data source by using the Web Service Configuration Tool.
keywords:
-author: billmath
-ms.author: billmath
-manager: amycolannino
-ms.date: 09/14/2023
-ms.topic: conceptual
+author: henrymbuguakiarie
+ms.author: henrymbugua
+ms.date: 04/08/2025
+ms.topic: how-to
ms.service: microsoft-identity-manager
ms.assetid:
+ms.custom: sfi-image-nochange
---
# Web Service Connector workflow guide for SOAP
diff --git a/MIMDocs/reference/microsoft-identity-manager-2016-ma-ws.md b/MIMDocs/reference/microsoft-identity-manager-2016-ma-ws.md
index 3915ae08..322ef7a3 100644
--- a/MIMDocs/reference/microsoft-identity-manager-2016-ma-ws.md
+++ b/MIMDocs/reference/microsoft-identity-manager-2016-ma-ws.md
@@ -4,11 +4,10 @@
title: Overview of the generic Web Service connector | Microsoft Docs
description: Overview of the configuration and requirements for the generic Web Service connector.
keywords:
-author: billmath
-ms.author: billmath
-manager: amycolannino
-ms.date: 09/14/2023
-ms.topic: conceptual
+author: henrymbuguakiarie
+ms.author: henrymbugua
+ms.date: 04/08/2025
+ms.topic: concept-article
ms.service: microsoft-identity-manager
ms.assetid:
diff --git a/MIMDocs/reference/mim-2016-sp1-terms.md b/MIMDocs/reference/mim-2016-sp1-terms.md
index c283031a..055e69a2 100644
--- a/MIMDocs/reference/mim-2016-sp1-terms.md
+++ b/MIMDocs/reference/mim-2016-sp1-terms.md
@@ -4,10 +4,9 @@
title: Microsoft Identity Manager 2016 SP1 terminology | Microsoft Docs
description: Comprehensive list of terms that are referenced in Microsoft Identity Manager 2016 SP1.
keywords: Terminology
-author: billmath
-ms.author: billmath
-manager: amycolannino
-ms.date: 09/14/2023
+author: henrymbuguakiarie
+ms.author: henrymbugua
+ms.date: 04/08/2025
ms.topic: reference
ms.service: microsoft-identity-manager
diff --git a/MIMDocs/reference/mim-portal-customizations.md b/MIMDocs/reference/mim-portal-customizations.md
index ae0c70fd..642998a4 100644
--- a/MIMDocs/reference/mim-portal-customizations.md
+++ b/MIMDocs/reference/mim-portal-customizations.md
@@ -4,10 +4,9 @@
title: Microsoft Identity Manager 2016 portal customizations | Microsoft Docs
description: Using MIM to customize elements of password portals.
keywords:
-author: billmath
-ms.author: billmath
-manager: amycolannino
-ms.date: 09/14/2023
+author: henrymbuguakiarie
+ms.author: henrymbugua
+ms.date: 04/08/2025
ms.topic: reference
ms.service: microsoft-identity-manager
diff --git a/MIMDocs/reference/mim2016-bhold-developer-reference.md b/MIMDocs/reference/mim2016-bhold-developer-reference.md
index c0818109..fce45f1b 100644
--- a/MIMDocs/reference/mim2016-bhold-developer-reference.md
+++ b/MIMDocs/reference/mim2016-bhold-developer-reference.md
@@ -5,10 +5,9 @@
title: BHOLD developer reference for Microsoft Identity Manager 2016 | Microsoft Docs
description: BHOLD developer reference
keywords:
-author: billmath
-ms.author: billmath
-manager: amycolannino
-ms.date: 09/14/2023
+author: henrymbuguakiarie
+ms.author: henrymbugua
+ms.date: 04/08/2025
ms.topic: reference
ms.service: microsoft-identity-manager
diff --git a/MIMDocs/reference/mim2016-functions-reference.md b/MIMDocs/reference/mim2016-functions-reference.md
index b5ed559f..25945616 100644
--- a/MIMDocs/reference/mim2016-functions-reference.md
+++ b/MIMDocs/reference/mim2016-functions-reference.md
@@ -4,10 +4,9 @@
title: Functions reference for Microsoft Identity Manager 2016 | Microsoft Docs
description: Descriptions of MIM functions.
keywords:
-author: billmath
-ms.author: billmath
-manager: amycolannino
-ms.date: 09/14/2023
+author: henrymbuguakiarie
+ms.author: henrymbugua
+ms.date: 04/08/2025
ms.topic: reference
ms.service: microsoft-identity-manager
diff --git a/MIMDocs/reference/policy-operations.md b/MIMDocs/reference/policy-operations.md
index 8da72584..fb924856 100644
--- a/MIMDocs/reference/policy-operations.md
+++ b/MIMDocs/reference/policy-operations.md
@@ -4,10 +4,9 @@
title: Policy operations | Microsoft Docs
description: Articles related to MIM CM REST API policy operations.
keywords:
-author: billmath
-ms.author: billmath
-manager: amycolannino
-ms.date: 09/14/2023
+author: henrymbuguakiarie
+ms.author: henrymbugua
+ms.date: 04/08/2025
ms.topic: reference
ms.service: microsoft-identity-manager
diff --git a/MIMDocs/reference/privileged-access-management-approve-reject-pending-request.md b/MIMDocs/reference/privileged-access-management-approve-reject-pending-request.md
index 877ab839..fe3bf682 100644
--- a/MIMDocs/reference/privileged-access-management-approve-reject-pending-request.md
+++ b/MIMDocs/reference/privileged-access-management-approve-reject-pending-request.md
@@ -4,10 +4,9 @@
title: Approve or reject a pending PAM request | Microsoft Docs
description: Using the PAM REST API POST command to respond to pending PAM role requests.
keywords:
-author: billmath
-ms.author: billmath
-manager: amycolannino
-ms.date: 09/14/2023
+author: henrymbuguakiarie
+ms.author: henrymbugua
+ms.date: 04/08/2025
ms.topic: reference
ms.service: microsoft-identity-manager
diff --git a/MIMDocs/reference/privileged-access-management-close-request.md b/MIMDocs/reference/privileged-access-management-close-request.md
index 6b8a4afb..c30f8263 100644
--- a/MIMDocs/reference/privileged-access-management-close-request.md
+++ b/MIMDocs/reference/privileged-access-management-close-request.md
@@ -4,10 +4,9 @@
title: Close PAM request | Microsoft Docs
description: Using the PAM REST API POST command to close a request to elevate a role.
keywords:
-author: billmath
-ms.author: billmath
-manager: amycolannino
-ms.date: 09/14/2023
+author: henrymbuguakiarie
+ms.author: henrymbugua
+ms.date: 04/08/2025
ms.topic: reference
ms.service: microsoft-identity-manager
diff --git a/MIMDocs/reference/privileged-access-management-create-request.md b/MIMDocs/reference/privileged-access-management-create-request.md
index 1d315933..e9d07eb8 100644
--- a/MIMDocs/reference/privileged-access-management-create-request.md
+++ b/MIMDocs/reference/privileged-access-management-create-request.md
@@ -4,10 +4,9 @@
title: Create PAM request | Microsoft Docs
description: Using the PAM REST API POST command to create a request to elevate a role.
keywords:
-author: billmath
-ms.author: billmath
-manager: amycolannino
-ms.date: 09/14/2023
+author: henrymbuguakiarie
+ms.author: henrymbugua
+ms.date: 04/08/2025
ms.topic: reference
ms.service: microsoft-identity-manager
@@ -95,7 +94,7 @@ This section provides examples to create a PAM request.
### Example: Request 1
```
-POST /api/pamresources/pamrequests?Justification=Sample+Reason&RoleId=c28eab4a-95cf-4c08-a153-d5e8a9e660cd&RequestedTTL=7200&RequestedTime=2015%2F07%2F11+23%3A40 HTTP/1.1
+POST /api/pamresources/pamrequests?Justification=Sample+Reason&RoleId=00000000-0000-0000-0000-000000000000&RequestedTTL=7200&RequestedTime=2015%2F07%2F11+23%3A40 HTTP/1.1
```
### Example: Response 1
@@ -111,7 +110,7 @@ HTTP/1.1 201 Created
"CreationTime":"2015-07-11T23:38:09.036164-07:00",
"CreationMethod":"PAM Web API",
"ExpirationTime":"0001-01-01T00:00:00",
- "RoleId":"c28eab4a-95cf-4c08-a153-d5e8a9e660cd",
+ "RoleId":"00000000-0000-0000-0000-000000000000",
"RequestedTTL":"7200",
"RequestedTime":"2015-07-12T06:40:00Z",
"RequestStatus":"PendingApproval"
@@ -121,7 +120,7 @@ HTTP/1.1 201 Created
### Example: Request 2
```
-POST /api/pamresources/pamrequests?Justification=&RoleId=c28eab4a-95cf-4c08-a153-d5e8a9e660cd&RequestedTTL=3600&RequestedTime= HTTP/1.1
+POST /api/pamresources/pamrequests?Justification=&RoleId=00000000-0000-0000-0000-000000000000&RequestedTTL=3600&RequestedTime= HTTP/1.1
```
### Example: Response 2
@@ -137,7 +136,7 @@ HTTP/1.1 201 Created
"CreationTime":"2015-07-11T23:07:30.2200123-07:00",
"CreationMethod":"PAM Web API",
"ExpirationTime":"0001-01-01T00:00:00",
- "RoleId":"c28eab4a-95cf-4c08-a153-d5e8a9e660cd",
+ "RoleId":"00000000-0000-0000-0000-000000000000",
"RequestedTTL":"3600",
"RequestedTime":"2015-07-12T06:07:27.7229894Z",
"RequestStatus":"PendingApproval"
diff --git a/MIMDocs/reference/privileged-access-management-get-pending-requests.md b/MIMDocs/reference/privileged-access-management-get-pending-requests.md
index ce58009a..e262bcb6 100644
--- a/MIMDocs/reference/privileged-access-management-get-pending-requests.md
+++ b/MIMDocs/reference/privileged-access-management-get-pending-requests.md
@@ -4,10 +4,9 @@
title: Get pending PAM requests | Microsoft Docs
description: Using the PAM REST API GET command to list pending requests.
keywords:
-author: billmath
-ms.author: billmath
-manager: amycolannino
-ms.date: 09/14/2023
+author: henrymbuguakiarie
+ms.author: henrymbugua
+ms.date: 04/08/2025
ms.topic: reference
ms.service: microsoft-identity-manager
diff --git a/MIMDocs/reference/privileged-access-management-get-requests.md b/MIMDocs/reference/privileged-access-management-get-requests.md
index 30546386..6ddedfa4 100644
--- a/MIMDocs/reference/privileged-access-management-get-requests.md
+++ b/MIMDocs/reference/privileged-access-management-get-requests.md
@@ -4,10 +4,9 @@
title: Get PAM requests | Microsoft Docs
description: Using the PAM REST API GET command to list previously posted PAM requests.
keywords:
-author: billmath
-ms.author: billmath
-manager: amycolannino
-ms.date: 09/14/2023
+author: henrymbuguakiarie
+ms.author: henrymbugua
+ms.date: 04/08/2025
ms.topic: reference
ms.service: microsoft-identity-manager
@@ -108,7 +107,7 @@ HTTP/1.1 200 OK
"CreationTime":"2015-06-23T11:34:38.58Z",
"CreationMethod":"PAM Web API",
"ExpirationTime":"2015-06-23T12:34:38.847Z",
- "RoleId":"8f5cec1a-ecba-42ec-b76d-e6e0e4bf4c62",
+ "RoleId":"00000000-0000-0000-0000-000000000000",
"RequestedTTL":"3600",
"RequestedTime":"2015-06-23T11:34:36.417Z",
"RequestStatus":"Expired"
@@ -120,7 +119,7 @@ HTTP/1.1 200 OK
"CreationTime":"2015-07-12T04:35:14.433Z",
"CreationMethod":"PAM Web API",
"ExpirationTime":"2015-07-12T04:43:51.95Z",
- "RoleId":"8f5cec1a-ecba-42ec-b76d-e6e0e4bf4c62",
+ "RoleId":"00000000-0000-0000-0000-000000000000",
"RequestedTTL":"12960000",
"RequestedTime":"2015-07-12T04:35:00Z",
"RequestStatus":"Closed"
@@ -132,7 +131,7 @@ HTTP/1.1 200 OK
"CreationTime":"2015-07-12T04:48:17.46Z",
"CreationMethod":"PAM Web API",
"ExpirationTime":"2015-07-12T05:48:17.853Z",
- "RoleId":"8f5cec1a-ecba-42ec-b76d-e6e0e4bf4c62",
+ "RoleId":"00000000-0000-0000-0000-000000000000",
"RequestedTTL":"3600",
"RequestedTime":"2015-07-12T04:48:14.057Z",
"RequestStatus":"Active"
@@ -144,7 +143,7 @@ HTTP/1.1 200 OK
"CreationTime":"2015-06-30T07:01:13.147Z",
"CreationMethod":"PAM Web API",
"ExpirationTime":"0001-01-01T00:00:00",
- "RoleId":"c28eab4a-95cf-4c08-a153-d5e8a9e660cd",
+ "RoleId":"00000000-0000-0000-0000-000000000000",
"RequestedTTL":"3600",
"RequestedTime":"2015-06-30T07:01:13.119Z",
"RequestStatus":"Rejected"
@@ -156,7 +155,7 @@ HTTP/1.1 200 OK
"CreationTime":"2015-07-12T04:49:09.963Z",
"CreationMethod":"PAM Web API",
"ExpirationTime":"0001-01-01T00:00:00",
- "RoleId":"c28eab4a-95cf-4c08-a153-d5e8a9e660cd",
+ "RoleId":"00000000-0000-0000-0000-000000000000",
"RequestedTTL":"12960000",
"RequestedTime":"2015-07-12T04:50:00Z",
"RequestStatus":"PendingApproval"
diff --git a/MIMDocs/reference/privileged-access-management-get-roles.md b/MIMDocs/reference/privileged-access-management-get-roles.md
index 2ed7803b..66f90dbd 100644
--- a/MIMDocs/reference/privileged-access-management-get-roles.md
+++ b/MIMDocs/reference/privileged-access-management-get-roles.md
@@ -4,10 +4,9 @@
title: Get PAM roles | Microsoft Docs
description: Using the PAM REST API GET command to list PAM roles.
keywords:
-author: billmath
-ms.author: billmath
-manager: amycolannino
-ms.date: 09/14/2023
+author: henrymbuguakiarie
+ms.author: henrymbugua
+ms.date: 04/08/2025
ms.topic: reference
ms.service: microsoft-identity-manager
@@ -100,7 +99,7 @@ HTTP/1.1 200 OK
"odata.metadata":"http://localhost:8086/api/pamresources/%24metadata#pamroles",
"value":[
{
- "RoleId":"8f5cec1a-ecba-42ec-b76d-e6e0e4bf4c62",
+ "RoleId":"00000000-0000-0000-0000-000000000000",
"DisplayName":"Allow AD Access ",
"Description":null,
"TTL":"3600",
@@ -111,7 +110,7 @@ HTTP/1.1 200 OK
"AvailabilityWindowEnabled":false
},
{
- "RoleId":"c28eab4a-95cf-4c08-a153-d5e8a9e660cd",
+ "RoleId":"00000000-0000-0000-0000-000000000000",
"DisplayName":"ApprovalRole",
"Description":null,
"TTL":"3600",
diff --git a/MIMDocs/reference/privileged-access-management-get-session-info.md b/MIMDocs/reference/privileged-access-management-get-session-info.md
index 0e1c7a4d..1caac78c 100644
--- a/MIMDocs/reference/privileged-access-management-get-session-info.md
+++ b/MIMDocs/reference/privileged-access-management-get-session-info.md
@@ -4,10 +4,9 @@
title: Get PAM session info | Microsoft Docs
description: Using the PAM REST API GET command to find the username for the account logged in to a session.
keywords:
-author: billmath
-ms.author: billmath
-manager: amycolannino
-ms.date: 09/14/2023
+author: henrymbuguakiarie
+ms.author: henrymbugua
+ms.date: 04/08/2025
ms.topic: reference
ms.service: microsoft-identity-manager
diff --git a/MIMDocs/reference/privileged-access-management-rest-api-reference.md b/MIMDocs/reference/privileged-access-management-rest-api-reference.md
index 61582712..25c015d8 100644
--- a/MIMDocs/reference/privileged-access-management-rest-api-reference.md
+++ b/MIMDocs/reference/privileged-access-management-rest-api-reference.md
@@ -4,10 +4,9 @@
title: Privileged Access Management REST API reference | Microsoft Docs
description: List of resources for using the MIM PAM REST API to manage privileged user accounts.
keywords:
-author: billmath
-ms.author: billmath
-manager: amycolannino
-ms.date: 09/14/2023
+author: henrymbuguakiarie
+ms.author: henrymbugua
+ms.date: 04/08/2025
ms.topic: reference
ms.service: microsoft-identity-manager
diff --git a/MIMDocs/reference/privileged-access-management-rest-api-service-details.md b/MIMDocs/reference/privileged-access-management-rest-api-service-details.md
index bed853cc..acc37ad4 100644
--- a/MIMDocs/reference/privileged-access-management-rest-api-service-details.md
+++ b/MIMDocs/reference/privileged-access-management-rest-api-service-details.md
@@ -4,11 +4,10 @@
title: PAM REST API service details | Microsoft Docs
description: MIM PAM REST API descriptions.
keywords:
-author: billmath
-ms.author: billmath
-manager: amycolannino
-ms.date: 09/14/2023
-ms.topic: article
+author: henrymbuguakiarie
+ms.author: henrymbugua
+ms.date: 04/08/2025
+ms.topic: concept-article
ms.service: microsoft-identity-manager
ms.assetid: 54c78bbd-8da1-42ff-9edc-47d913011941
diff --git a/MIMDocs/reference/profile-operations.md b/MIMDocs/reference/profile-operations.md
index bdbf14d7..ff96164e 100644
--- a/MIMDocs/reference/profile-operations.md
+++ b/MIMDocs/reference/profile-operations.md
@@ -4,11 +4,10 @@
title: Profile operations | Microsoft Docs
description: Articles related to profile operations in the MIM CM REST API.
keywords:
-author: billmath
-ms.author: billmath
-manager: amycolannino
-ms.date: 09/14/2023
-ms.topic: article
+author: henrymbuguakiarie
+ms.author: henrymbugua
+ms.date: 04/08/2025
+ms.topic: concept-article
ms.service: microsoft-identity-manager
ms.assetid: d9880f36-035c-4f09-b105-ea478ced71d0
diff --git a/MIMDocs/reference/rcd-configuration-xml-reference.md b/MIMDocs/reference/rcd-configuration-xml-reference.md
index 24ba1d66..f224a1f7 100644
--- a/MIMDocs/reference/rcd-configuration-xml-reference.md
+++ b/MIMDocs/reference/rcd-configuration-xml-reference.md
@@ -4,10 +4,9 @@
title: Resource control display configuration XML reference | Microsoft Docs
description: Using RCDC to control how MIM resources appear in the UI.
keywords:
-author: billmath
-ms.author: billmath
-manager: amycolannino
-ms.date: 09/14/2023
+author: henrymbuguakiarie
+ms.author: henrymbugua
+ms.date: 04/08/2025
ms.topic: reference
ms.service: microsoft-identity-manager
diff --git a/MIMDocs/reference/request-operations.md b/MIMDocs/reference/request-operations.md
index 8eb31265..3986928d 100644
--- a/MIMDocs/reference/request-operations.md
+++ b/MIMDocs/reference/request-operations.md
@@ -4,10 +4,9 @@
title: Request operations | Microsoft Docs
description: Articles related to request operations in the MIM CM REST API.
keywords:
-author: billmath
-ms.author: billmath
-manager: amycolannino
-ms.date: 09/14/2023
+author: henrymbuguakiarie
+ms.author: henrymbugua
+ms.date: 04/08/2025
ms.topic: reference
ms.service: microsoft-identity-manager
diff --git a/MIMDocs/reference/sample-enrollment-walkthrough.md b/MIMDocs/reference/sample-enrollment-walkthrough.md
index 0f4a7a5a..034c29f9 100644
--- a/MIMDocs/reference/sample-enrollment-walkthrough.md
+++ b/MIMDocs/reference/sample-enrollment-walkthrough.md
@@ -4,11 +4,10 @@
title: Sample enrollment walkthrough | Microsoft Docs
description: Virtual smart card self-service enrollment using the MIM CM REST API.
keywords:
-author: billmath
-ms.author: billmath
-manager: amycolannino
-ms.date: 09/14/2023
-ms.topic: article
+author: henrymbuguakiarie
+ms.author: henrymbugua
+ms.date: 04/08/2025
+ms.topic: how-to
ms.service: microsoft-identity-manager
ms.assetid: 92b97803-9475-4b90-9a6c-430f107a167d
diff --git a/MIMDocs/reference/smartcard-operations.md b/MIMDocs/reference/smartcard-operations.md
index 42ffec5b..122b7ec1 100644
--- a/MIMDocs/reference/smartcard-operations.md
+++ b/MIMDocs/reference/smartcard-operations.md
@@ -4,10 +4,9 @@
title: Smart card operations | Microsoft Docs
description: Articles related to smart card operations in the MIM CM REST API.
keywords:
-author: billmath
-ms.author: billmath
-manager: amycolannino
-ms.date: 09/14/2023
+author: henrymbuguakiarie
+ms.author: henrymbugua
+ms.date: 04/08/2025
ms.topic: reference
ms.service: microsoft-identity-manager
diff --git a/MIMDocs/reference/update-smartcard-status.md b/MIMDocs/reference/update-smartcard-status.md
index 8d149a7b..fb9bd94d 100644
--- a/MIMDocs/reference/update-smartcard-status.md
+++ b/MIMDocs/reference/update-smartcard-status.md
@@ -4,10 +4,9 @@
title: Update smart card status | Microsoft Docs
description: Updating smart card status from the MIM CM REST API.
keywords:
-author: billmath
-ms.author: billmath
-manager: amycolannino
-ms.date: 09/14/2023
+author: henrymbuguakiarie
+ms.author: henrymbugua
+ms.date: 04/08/2025
ms.topic: reference
ms.service: microsoft-identity-manager
diff --git a/MIMDocs/reference/version-bhold-history.md b/MIMDocs/reference/version-bhold-history.md
index 5239c038..b6adb772 100644
--- a/MIMDocs/reference/version-bhold-history.md
+++ b/MIMDocs/reference/version-bhold-history.md
@@ -4,10 +4,9 @@
title: Identity Manager BHOLD version history | Microsoft Docs
description: This article documents the various changes made as part of updates to BHOLD within MIM 2016
keywords:
-author: billmath
-ms.author: billmath
-manager: amycolannino
-ms.date: 09/14/2023
+author: henrymbuguakiarie
+ms.author: henrymbugua
+ms.date: 04/08/2025
ms.topic: reference
ms.service: microsoft-identity-manager
diff --git a/MIMDocs/reference/version-history.md b/MIMDocs/reference/version-history.md
index 98d8a601..9e7abc27 100644
--- a/MIMDocs/reference/version-history.md
+++ b/MIMDocs/reference/version-history.md
@@ -6,12 +6,12 @@ description: This article documents the various changes made as part of updates
services: active-directory
documentationcenter: ''
keywords: MIM
-author: EugeneSergeev
-ms.author: esergeev
+author: henrymbuguakiarie
+ms.author: henrymbugua
reviewer: markwahl-msft
manager: benyim
ms.date: 10/23/2023
-ms.topic: article
+ms.topic: release-notes
ms.service: microsoft-identity-manager
ms.tgt_pltfrm: na
ms.workload: identity
@@ -216,7 +216,7 @@ This hotfix contains updates for the MIM Service, MIM Portal and PAM components.
- PAM REST API could not be started because it could not load file or assembly
#### Microsoft Identity Portal
-- Portal are displayed with an incorrect table length
+- Portal is displayed with an incorrect table length
- Advanced Search dialog of the Portal, the scrollbars don’t display properly
- Language Pack strong name signature verification failed
@@ -235,7 +235,7 @@ This hotfix contains updates for the MIM Service, MIM Portal and PAM components.
#### Synchronization service
- *Support for Group Managed Service Accounts
-- *Visual Studio Support (Visual Studio 2013,Visual Studio 2015,Visual Studio 2017)
+- *Visual Studio Support (Visual Studio 2013, Visual Studio 2015, Visual Studio 2017)
- Updates to MIISACTIVATE.EXE, gMSA Support added
- non-gMSA: Miisactivate.exe c:\configBU\miiserver_01.bin “contoso\mimSyncService” *
- gMSA: Miisactivate.exe c:\configBU\miiserver_01.bin “contoso\mimSyncService”
@@ -252,14 +252,14 @@ This hotfix contains updates for the MIM Service, MIM Portal and PAM components.
- *Improved Language support to new defined standard
- *FIMAutomation Export-FIMConfig PowerShell cmdlet the “-PamConfig” argument is available to force the PAM configuration objects to be exported
- *FIMAutomation Export-FIMConfig PowerShell cmdlet the “-request” parameter has been added
-- *Boolean attributes are always set to NULL upon binding creation , Previous Boolean before hotfix will not be updated
+- *Boolean attributes are always set to NULL upon binding creation, Previous Boolean before hotfix will not be updated
> [!IMPORTANT]
->This can be a breaking change if preforming a configuration migration. Configuration should be evaluated and updated for new feature as configuration migration is considered a new
+>This can be a breaking change if performing a configuration migration. Configuration should be evaluated and updated for new feature as configuration migration is considered a new
- Implemented initialization of new MIM Boolean attributes to false on creation new object
- Implemented initialization of new MIM Boolean attributes to false on adding new Boolean attribute binding to the resource
- Customer Experience Improvement Program setting is maintained to false
- MIM Service installation failed with Database Upgrade error: Cannot insert the value NULL into column 'Name' if not default database name is used
-- In hotfix cases the Microsoft 365 setting would be cleared , The encrypted password for the MIM Service’s Exchange Online mailbox is not changed
+- In hotfix cases the Microsoft 365 setting would be cleared, The encrypted password for the MIM Service’s Exchange Online mailbox is not changed
- *There was no limit to the MIM Service log file created, Updated logging default setting and implemented circular logging capability
#### Privileged Access Management
@@ -289,7 +289,7 @@ This hotfix contains updates for the MIM Service, MIM Portal and PAM components.
- *Improved Language support to new defined standard
- Identity Picker control, the control seems to dynamically grow its width rather than wrapping the text
- Portal, popup dialogs aren’t displayed properly when viewing in Internet Explorer (IE) 10
-- Cyrillic symbols in the title bar text is displayed correctly
+- Cyrillic symbols in the title bar text are displayed correctly
- Popup windows no longer have the extra scroll bar displaying, when viewed in Internet Explorer
- Failed “Import Workflow Definition” properly throws an exception and recovers, allowing a Synchronization Rule activity to be added to the workflow definition
- `` added to default web.config
diff --git a/MIMDocs/sp1-deployment-scripts.md b/MIMDocs/sp1-deployment-scripts.md
index d9521b23..30885664 100644
--- a/MIMDocs/sp1-deployment-scripts.md
+++ b/MIMDocs/sp1-deployment-scripts.md
@@ -4,11 +4,10 @@
title: MIM PAM Deployment Scripts
description: This page is part of the series of articles about configuring Microsoft Identity Manager using scripts. It includes a list of the assumptions about the environment.
keywords:
-author: billmath
-ms.author: billmath
-manager: amycolannino
-ms.date: 09/14/2023
-ms.topic: article
+author: henrymbuguakiarie
+ms.author: henrymbugua
+ms.date: 04/08/2025
+ms.topic: concept-article
ms.service: microsoft-identity-manager
ms.assetid: 4b524ae7-6610-40a0-8127-de5a08988a8a
diff --git a/MIMDocs/support-update-for-azure-active-directory-premium-customers.md b/MIMDocs/support-update-for-azure-active-directory-premium-customers.md
index e5302b85..a13552a4 100644
--- a/MIMDocs/support-update-for-azure-active-directory-premium-customers.md
+++ b/MIMDocs/support-update-for-azure-active-directory-premium-customers.md
@@ -4,11 +4,11 @@
title: Support update for Microsoft Entra ID P1 or P2 customers using Microsoft Identity Manager
description: This article describes how Microsoft Entra ID P1 or P2 customers can get support after January 21, 2021.
keywords:
-author: EugeneSergeev
-ms.author: esergeev
-manager: amycolannino
+author: henrymbuguakiarie
+ms.author: henrymbugua
+
ms.date: 6/9/2020
-ms.topic: article
+ms.topic: concept-article
ms.service: microsoft-identity-manager
ms.assetid:
diff --git a/MIMDocs/supported-management-agents.md b/MIMDocs/supported-management-agents.md
index b68d3075..5441d381 100644
--- a/MIMDocs/supported-management-agents.md
+++ b/MIMDocs/supported-management-agents.md
@@ -6,17 +6,17 @@ description: Use connectors to manage data transfer between MIM and your connect
keywords:
ms.assetid: 8bc2f6d2-9f53-4db6-aee6-a937ae468163
-author: EugeneSergeev
-manager: amycolannino
+author: henrymbuguakiarie
+
editor: ''
reviewer: markwahl-msft
-ms.topic: article
+ms.topic: concept-article
ms.date: 04/30/2024
ms.service: microsoft-identity-manager
ms.tgt_pltfrm: na
ms.workload: identity
-ms.author: esergeev
+ms.author: henrymbugua
ms.reviewer: mwahl
ms.suite: ems
@@ -28,7 +28,7 @@ Connectors link specific connected data sources to Microsoft Identity Manager (M
In *Microsoft Identity Manager (MIM)*, formerly known as *Forefront Identity Manager (MIM)*, connectors were known as *management agents*. That term is still used in some articles or parts of the product, but know that both terms refer to the same concept.
-This article covers the connectors that are included & supported in MIM, but the connector for [Extensible Connectivity 2.0](/previous-versions/windows/desktop/forefront-2010/hh859557(v=vs.100)) makes it possible to connect with even more data sources. Some partners have created their own connectors in this way, and a full list is available in the wiki [FIM 2010: Management Agents from Partners](/microsoft-identity-manager/mim-best-practices).
+This article covers the connectors that are included & supported in MIM, but the connector for [Extensible Connectivity 2.0](/previous-versions/windows/desktop/forefront-2010/hh859557(v=vs.100)) makes it possible to connect with even more data sources. Some partners have created their own connectors in this way. Partners also have connectors to provision [from Microsoft Entra](/entra/identity/app-provisioning/partner-driven-integrations).
This table doesn't include the software on which MIM itself is deployed; see the [supported platforms](microsoft-identity-manager-2016-supported-platforms.md) list for more information.
@@ -61,7 +61,6 @@ This table doesn't include the software on which MIM itself is deployed; see the
| [LDAP Data Interchange Format (LDIF)](https://technet.microsoft.com/library/cc708662(v=ws.10).aspx) | LDAP Data Interchange Format (LDIF) |
| [Microsoft Graph Connector](microsoft-identity-manager-2016-connector-graph.md) | Microsoft Graph |
-The Microsoft Azure Active Directory Connector is no longer supported; use [Microsoft Entra Connect](https://azure.microsoft.com/documentation/articles/active-directory-aadconnect) sync, Microsoft Entra Connect cloud provisioning, or [Microsoft Graph Connector](microsoft-identity-manager-2016-connector-graph.md) instead.
## Related articles
diff --git a/MIMDocs/toc.md b/MIMDocs/toc.md
index ac4e7b78..9efdc0b6 100644
--- a/MIMDocs/toc.md
+++ b/MIMDocs/toc.md
@@ -1,7 +1,6 @@
# [Overview](microsoft-identity-manager-2016.md)
## [What is MIM 2016?](microsoft-identity-manager-2016.md)
## [Learn about PAM](./pam/privileged-identity-management-for-active-directory-domain-services.md)
-## [Hybrid reporting in Azure](identity-manager-hybrid-reporting-azure.md)
## [Microsoft Entra support process](support-update-for-azure-active-directory-premium-customers.md)
# [Plan and Design](microsoft-identity-manager-2016-supported-platforms.md)
## [Supported platforms](microsoft-identity-manager-2016-supported-platforms.md)
@@ -15,7 +14,6 @@
# [Deploy and Use](microsoft-identity-manager-deploy.md)
## [Deprecated features](microsoft-identity-manager-2016-deprecated-features.md)
### [Upgrade from Forefront Identity Manager 2010 R2](microsoft-identity-manager-2016-upgrade-from-fim-2010-R2.md)
-### [Using Azure Multi-Factor Authentication Server in PAM or SSPR](working-with-mfaserver-for-mim.md)
### [BHOLD installation topics](./bhold/bhold-installation-guide.md)
#### [BHOLD core installation](./bhold/bhold-core-installation.md)
#### [BHOLD attestation installation](./bhold/bhold-attestation-installation.md)
@@ -38,6 +36,7 @@
## [Install MIM certificate management](mim-cm-deploy.md)
## [Password Change Notification Service](deploying-mim-password-change-notification-service-on-domain-controller.md)
## [Identity Manager Hybrid Reporting](working-with-identity-manager-hybrid-reporting.md)
+## [MIM reporting with Azure Monitor](mim-azure-monitor-reporting.md)
## [Self-Service Password Reset](working-with-self-service-password-reset.md)
## [Configuring the Graph Connector for B2B](microsoft-identity-manager-2016-graph-b2b-scenario.md)
## [Using a custom MFA provider in PAM or SSPR](working-with-custommfaserver-for-mim.md)
@@ -46,6 +45,7 @@
## [MIM Certificate Manager](working-with-mim-certificate-manager.md)
### [Enroll smartcards](certificate-manager-for-non-administrators.md)
### [Create software certificates](certificate-manager-for-software-certificates.md)
+## [Known issues](troubleshooting-known-issues.md)
# [Use Privileged Access Management](./pam/privileged-identity-management-for-active-directory-domain-services.md)
## [Understand the components](./pam/principles-of-operation.md)
### [Environment overview](./pam/environment-overview.md)
@@ -64,7 +64,7 @@
### [Step 6 - Create privileged accounts](./pam/step-6-transition-group-to-pam.md)
### [Step 7 - Elevate a user's access](./pam/step-7-elevate-user-access.md)
### [Deploy MIM PAM with Windows Server 2016](./pam/deploy-pam-with-windows-server-2016.md)
-### [Set up Microsoft Entra multifactor authentication](./pam/use-azure-mfa-for-activation.md)
+### [Set up custom MFA](./pam/use-azure-mfa-for-activation.md)
## [Configure PAM using scripts](./pam/sp1-pam-configure-using-scripts.md)
### [MIM2016 SP1 PAM deployment scripts](sp1-deployment-scripts.md)
### [Step 1 Configuring the Priv domain](./pam/sp1-step1-configuring-priv-domain.md)
diff --git a/MIMDocs/topology-considerations.md b/MIMDocs/topology-considerations.md
index 84c54357..37be3d2e 100644
--- a/MIMDocs/topology-considerations.md
+++ b/MIMDocs/topology-considerations.md
@@ -4,11 +4,10 @@
title: Topology guide for deployment | Microsoft Docs
description: Understand the MIM 2016 components, and get suggestions for how to deploy them in your environment.
keywords:
-author: billmath
-ms.author: billmath
-manager: amycolannino
-ms.date: 09/14/2023
-ms.topic: article
+author: henrymbuguakiarie
+ms.author: henrymbugua
+ms.date: 04/08/2025
+ms.topic: concept-article
ms.service: microsoft-identity-manager
ms.assetid: 735dc357-dfba-4f68-a5b3-d66d6c018803
diff --git a/MIMDocs/troubleshooting-known-issues.md b/MIMDocs/troubleshooting-known-issues.md
new file mode 100644
index 00000000..c6ba489d
--- /dev/null
+++ b/MIMDocs/troubleshooting-known-issues.md
@@ -0,0 +1,55 @@
+---
+# required metadata
+
+title: Known issues in MIM 2016
+description: Learn about known issues MIM 2016.
+keywords:
+author: henrymbuguakiarie
+ms.author: henrymbugua
+ms.date: 08/11/2025
+ms.topic: troubleshooting-general
+ms.service: microsoft-identity-manager
+
+ms.assetid: 735dc357-dfba-4f68-a5b3-d66d6c018803
+
+# optional metadata
+
+#ROBOTS:
+#audience:
+#ms.devlang:
+ms.reviewer: quievey
+ms.suite: ems
+#ms.tgt_pltfrm:
+#ms.custom:
+
+---
+
+
+# Known issues: Microsoft Identity Manager (MIM) 2016
+
+This article documents known issues affecting Microsoft Identity Manager (MIM) 2016. It helps users recognize the problem, understand the underlying cause, and apply a validated solution where available.
+
+## Issue: MIM Portal fails after SharePoint security updates KB5002768 and KB5002754
+
+The MIM 2016 SP2 Portal may become partially broken or unresponsive after the installation of SharePoint Server 2016 security updates KB5002768 and KB5002754. The Microsoft MIM Support team has received multiple reports confirming this issue.
+
+These updates were released to address the following critical vulnerabilities:
+
+- [CVE-2025-53770 – Microsoft SharePoint Server Remote Code Execution Vulnerability](https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-53770)
+- [CVE-2025-53771 – Microsoft SharePoint Server Spoofing Vulnerability](https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-53771)
+
+### Troubleshooting steps
+
+To restore MIM Portal functionality, run the following PowerShell script using the SharePoint Management Shell on the server hosting the MIM Portal:
+
+```powershell
+$f = Get-SPFarm $f.AddGenericAllowedListValue("WebPartSupportedBoundPropertyNames", "data-title-text")
+$f.AddGenericAllowedListValue("WebPartSupportedBoundPropertyNames", "data-link-to-tab-text")
+$f.update() iisreset
+```
+
+This workaround aligns with guidance provided in [ASPX file can't be displayed when you create a custom web part (KB5030804)](https://support.microsoft.com/topic/aspx-file-displayed-custom-web-part-kb5030804-4d8e1e49-dfc9-4261-9d67-cb62ad20e332), which addresses ASPX rendering issues in custom web parts.
+
+### Possible causes
+
+The issue stems from changes introduced by the SharePoint security updates. These changes block certain properties used in custom web parts unless they're explicitly allowed, affecting MIM Portal rendering and responsiveness.
diff --git a/MIMDocs/update-portals-accessibility-links.md b/MIMDocs/update-portals-accessibility-links.md
index f21b0efe..edaffb4c 100644
--- a/MIMDocs/update-portals-accessibility-links.md
+++ b/MIMDocs/update-portals-accessibility-links.md
@@ -6,7 +6,7 @@ description: This article documents how customers that are subject to accessibil
keywords:
author: markwahl-msft
ms.author: mwahl
-manager: amycolannino
+
ms.date: 10/20/2022
ms.topic: reference
ms.service: microsoft-identity-manager
diff --git a/MIMDocs/working-with-custommfaserver-for-mim.md b/MIMDocs/working-with-custommfaserver-for-mim.md
index 07a054b1..60e404e1 100644
--- a/MIMDocs/working-with-custommfaserver-for-mim.md
+++ b/MIMDocs/working-with-custommfaserver-for-mim.md
@@ -3,12 +3,12 @@
title: Use an MFA provider via an API to activate PAM or in SSPR scenario | Microsoft Docs
description: Set up Custom MFA API as a second layer of security when your users activate roles in Privileged Access Management and use Self Service Password Reset.
keywords:
-author: billmath
-ms.author: billmath
+author: henrymbuguakiarie
+ms.author: henrymbugua
ms.reviewer: fimguy
-manager: amycolannino
-ms.date: 09/14/2023
-ms.topic: article
+
+ms.date: 04/08/2025
+ms.topic: how-to
ms.service: microsoft-identity-manager
diff --git a/MIMDocs/working-with-identity-manager-hybrid-reporting.md b/MIMDocs/working-with-identity-manager-hybrid-reporting.md
index b23febfd..8f05363d 100644
--- a/MIMDocs/working-with-identity-manager-hybrid-reporting.md
+++ b/MIMDocs/working-with-identity-manager-hybrid-reporting.md
@@ -1,14 +1,13 @@
---
# required metadata
-title: Work with hybrid reporting in Azure by using Identity Manager 2016
-description: Learn how to combine on-premises and cloud data into hybrid reports in Azure, and how to manage and view these reports.
+title: Work with hybrid reporting in Microsoft Entra by using Identity Manager 2016
+description: Learn how to combine on-premises and cloud data into hybrid reports in Microsoft Entra, and how to manage and view these reports.
keywords:
-author: billmath
-ms.author: billmath
-manager: amycolannino
-ms.date: 09/14/2023
-ms.topic: article
+author: henrymbuguakiarie
+ms.author: henrymbugua
+ms.date: 04/08/2025
+ms.topic: how-to
ms.service: microsoft-identity-manager
ms.assetid: 68df2817-2040-407d-b6d2-f46b9a9a3dbb
@@ -19,6 +18,9 @@ ms.assetid: 68df2817-2040-407d-b6d2-f46b9a9a3dbb
#audience:
#ms.devlang:
ms.suite: ems
+ms.custom:
+ - sfi-ga-nochange
+ - sfi-image-nochange
#ms.tgt_pltfrm:
#ms.custom:
@@ -26,11 +28,15 @@ ms.suite: ems
# Work with hybrid reporting in Identity Manager
-This article discusses how to combine on-premises and cloud data into hybrid reports in Azure, and how to manage and view these reports.
+This article discusses how to combine on-premises and cloud data into hybrid reports in Microsoft Entra, and how to manage and view these reports.
+
+> [!IMPORTANT]
+> The MIM hybrid reporting feature, described in this article, is deprecated. This is replaced by using Azure Arc agent to send event logs to Azure Monitor, as this allows more flexible reports. As of November 2025, the cloud endpoints used by the MIM hybrid reporting agent will no longer be available, and customers should transition to Azure Monitor or similar.
+> For more information, see [Microsoft Identity Manager 2016 reporting with Azure Monitor](mim-azure-monitor-reporting.md).
## Available hybrid reports
-The first three Microsoft Identity Manager reports available in Microsoft Entra ID are as follows:
+The three Microsoft Identity Manager reports available in Microsoft Entra ID are as follows:
- **Password reset activity**: Displays each instance when a user performed password reset using self-service password reset (SSPR) and provides the gates or methods used for authentication.
@@ -38,14 +44,13 @@ The first three Microsoft Identity Manager reports available in Microsoft Entra
> [!NOTE]
> For *Password reset registration* reports, no differentiation is made between the SMS gate and MFA gate. Both are considered mobile phone methods.
-- **Self-service groups activity**: Displays each attempt made by someone to add or delete him or herself from a group and group creation.
+- **Self-service groups activity**: Displays each attempt made by someone to add or delete themselves from a group and group creation.
> [!NOTE]
> * The reports currently present data for up to one month of activity.
-> * The previous Hybrid Reporting Agent must be uninstalled.
-> * To uninstall hybrid reports, uninstall the MIMreportingAgent.msi agent.
+
## Prerequisites
@@ -76,9 +81,9 @@ The requirements for using Identity Manager hybrid reporting are listed in the f
## Install Identity Manager Reporting Agent in Microsoft Entra ID
-After Reporting Agent is installed, the data from Identity Manager activity is exported from Identity Manager to Windows Event Log. Identity Manager Reporting Agent processes the events and then uploads them to Azure. In Azure, the events are parsed, decrypted, and filtered for the required reports.
+After Reporting Agent is installed, the data from Identity Manager activity is exported from Identity Manager to Windows Event Log. Identity Manager Reporting Agent processes the events and then uploads them to Microsoft Entra. In Microsoft Entra, the events are parsed, decrypted, and filtered for the required reports.
-1. Install Identity Manager 2016.
+1. Before reinstalling, the previous Hybrid Reporting Agent must be uninstalled. To uninstall hybrid reports, uninstall the MIMreportingAgent.msi agent.
2. Download Identity Manager Reporting Agent, and then do the following:
@@ -123,11 +128,3 @@ After Reporting Agent is installed, the data from Identity Manager activity is e
If you want to stop uploading reporting audit data from Identity Manager to Microsoft Entra ID, uninstall Hybrid Reporting Agent. Use the Windows Add or Remove Programs tool to uninstall Identity Manager hybrid reporting.
-## Windows events used for hybrid reporting
-
-Events that are generated by Identity Manager are stored in Windows Event Log. You can view the events in the **Event Viewer** by selecting **Application and Services logs** > **Identity Manager Request Log**. Each Identity Manager request is exported as an event in Windows Event Log in the JSON structure. You can export the result to your security information and event management (SIEM) system.
-
-|Event type|ID|Event details|
-|--------------|------|-----------------|
-|Information|4121|The Identity Manager event data that includes all the request data.|
-|Information|4137|The Identity Manager event 4121 extension, if there is too much data for a single event. The header in this event is displayed in the following format: `"Request: , message out of `.|
diff --git a/MIMDocs/working-with-mfaserver-for-mim.md b/MIMDocs/working-with-mfaserver-for-mim.md
index ea705751..8666a9b1 100644
--- a/MIMDocs/working-with-mfaserver-for-mim.md
+++ b/MIMDocs/working-with-mfaserver-for-mim.md
@@ -3,13 +3,13 @@
title: Use Azure Multi-Factor Authentication Server to activate PAM or SSPR scenarios
description: Set up Azure Multi-Factor Authentication Server as a second layer of security when your users activate roles in Privileged Access Management and Self Service Password Reset.
keywords:
-author: billmath
-ms.author: billmath
-manager: amycolannino
-ms.date: 09/14/2023
-ms.topic: article
+author: henrymbuguakiarie
+ms.author: henrymbugua
+ms.date: 04/08/2025
+ms.topic: concept-article
ms.service: microsoft-identity-manager
ms.assetid: 94a74f1c-2192-4748-9a25-62a526295338
+ms.custom: sfi-image-nochange
---
# Use Azure Multi-Factor Authentication Server to activate PAM or SSPR
diff --git a/MIMDocs/working-with-mim-certificate-manager.md b/MIMDocs/working-with-mim-certificate-manager.md
index cc63f2e5..b3e98a50 100644
--- a/MIMDocs/working-with-mim-certificate-manager.md
+++ b/MIMDocs/working-with-mim-certificate-manager.md
@@ -4,11 +4,10 @@
title: Deploy the MIM Certificate Manager Windows application | Microsoft Docs
description: Learn how to deploy the Certificate Manager app to enable your users to manage their own access rights.
keywords:
-author: billmath
-ms.author: billmath
-manager: amycolannino
-ms.date: 09/14/2023
-ms.topic: article
+author: henrymbuguakiarie
+ms.author: henrymbugua
+ms.date: 04/08/2025
+ms.topic: how-to
ms.service: microsoft-identity-manager
ms.assetid: 66060045-d0be-4874-914b-5926fd924ede
diff --git a/MIMDocs/working-with-self-service-password-reset.md b/MIMDocs/working-with-self-service-password-reset.md
index a6d71509..36d57ec9 100644
--- a/MIMDocs/working-with-self-service-password-reset.md
+++ b/MIMDocs/working-with-self-service-password-reset.md
@@ -3,14 +3,14 @@
title: Working with Self-Service Password Reset | Microsoft Docs
description: See what's new with Self-Service Password Reset (SSPR) in MIM 2016, including how SSPR works with multifactor authentication.
keywords:
-author: billmath
-ms.author: billmath
-manager: amycolannino
-ms.date: 09/14/2023
-ms.topic: article
+author: henrymbuguakiarie
+ms.author: henrymbugua
+ms.date: 04/08/2025
+ms.topic: how-to
ms.service: microsoft-identity-manager
ms.assetid: 94a74f1c-2192-4748-9a25-62a526295338
+ms.custom: sfi-image-nochange
---