Table of Contents

 

Short URL

Bookmark: https://aka.ms/FIM2010Security

 

Back to top

Legend 

 = Link to the other Wiki pages of this guide.

 

Back to top

Table of contents

Part 1: Introduction

Purpose & Scope  

Purpose

In scope

Out of scope

Document & Naming Conventions

References

FIM vs MIM

Naming conventions

Account types

Generic security principles

References

Threats

Principle of least privilege (PoLP)

Privilege separation

SoD (Segregation of duties) & Account Isolation

4-eyes principle

Number of accounts vs security risk

Additional reading

 

Back to top

Part 2: FIM security principles

References

Best practices

Best practices for security

 

Back to top

Part 3: Compact Check list

Legend

Pre-installation: Backend configuration

Pre-installation: Account creation

Pre-installation: Account lock down

Post-Installation: Set operational admins

Hotfix installation

 

Back to top

Part 4: Detailed Description

Pre-installation: Securing the FIM backend infrastructure

SQL Server

IIS5

SharePoint6

Pre-installation: Securing FIM/MIM Components

FIM/MIM general

FIM/MIM Setup

FIM/MIM Service

FIM/MIM SSPR – Registration & Reset portals

Management agents

FIM/MIM Certificate Management

FIM/MIM Reporting (SCSM)

BHOLD

Security during Installation

FIM/MIM setup account – functional account

FIM/MIM SSPR – Registration & Reset portals

Post-installation: Securing FIM

FIM/MIM Service

FIM/MIM Portal (SharePoint)

Portal Security

Post-installation: Securing FIM Backend

Portal Security

 

Back to top

Part 5: Operational best practices

References

FIM/MIM Default folders

Source code location

 

Back to top

Part 6: References & Authoritative resources

Security (General)

FIM/MIM

SQL Server

SharePoint

IIS

 

Back to top

Part 7: Additional resources

Security Best practices

FIM/MIM

MIM 2016 Product info

IIS

 

Back to top

Part 8: Glossary

Glossary, abbreviations & acronyms

 

Back to top

Part 9: Release Schedule

Back to top

Only available offline

Appendix A: Account overview for FIM basic configuration

Appendix B: Documentation - Compact Check lists

Pre-installation: Backend configuration

Pre-installation: Account creation

Pre-installation: Account lock down

Post-Installation

Hotfix installation

Appendix C: Security Implementation Sign-off sheet

CISO or authorized security delegate

Sign off

FIM Options implemented

Derogations - Exceptions implemented

 

Back to top

Download

Download the entire guide at once, in PDF version from Technet Gallery.

This document has some additional content, which is not available online.

 

Back to top

Reviewers & Credits

Great thanks to the following people to provide feedback and additional content on the source documentation (see offline document for download)

  • Gill Olsen (Microsoft Premier Field Engineer)
  • Laurent Benmeziani (Microsoft Premier Field Engineer)
  • Thomas Vuylsteke (Microsoft Premier Field Engineer)

Due to privacy reasons some reviewers have requested to be kept anonymous, but their help is greatly appreciated!

 

Back to top

Direct Links

 

Return to Table of Contents of the article series.

Back to top