Identity Manager (FIM/MIM): Planning security setup for accounts, groups and services - Part 6. References & authoritative resources
Return to Table of Contents of the article series
The following documents and authors were used as core reference in this guide.
Security (General)
| Ref. no. | Document |
Description |
| [1.] | Microsoft Security Intelligence Report | https://www.microsoft.com/security/sir/default.aspx |
| [2.] | Security Risk Management Guide | https://technet.microsoft.com/library/cc163143.aspx |
| [3.] | IT Infrastructure Threat Modeling Guide | https://www.microsoft.com/en-us/download/details.aspx?id=2220
To download a copy of the IT Infrastructure Threat Modeling Guide, click here. |
| [4.] | The Administrator Accounts Security Planning Guide | https://technet.microsoft.com/en-us/library/cc162797.aspx
Click here to download The Administrator Accounts Security Planning Guide from the Microsoft Download Center. |
| [5.] | Segregation of duties aka. Separation of duties | https://en.wikipedia.org/wiki/Separation_of_duties |
| [6.] | Principle of least privilege | https://en.wikipedia.org/wiki/Principle_of_least_privilege |
| [7.] | Privilege separation | https://en.wikipedia.org/wiki/Privilege_separation |
| [8.] | 4-eyes principle | https://whatis.techtarget.com/definition/four-eyes-principle |
FIM
Overview
| Ref. no. | Document | Description |
| [9.] | FIM 2010 Technical Overview | https://technet.microsoft.com/en-us/library/ff621362(v=ws.10).aspx |
FIM Best practices
| Ref. no. | Document | Description |
| [10.] | Forefront Identity Manager 2010 R Best Practices General | https://aka.ms/fimbeforeyoubegin |
| [11.] | Change the Forefront Identity Manager 2010 R Synchronization Service Account | https://technet.microsoft.com/en-us/library/jj590224(v=ws.10).aspx |
FIM Security
| Ref. no. | Document | Description |
|---|---|---|
| [12.] | FIM 2010 Installation Guide > Before you begin | https://aka.ms/fimbeforeyoubegin |
| [13.] | Using Security Groups |
https://aka.ms/fimsecuritygroups
https://technet.microsoft.com/en-us/library/jj590183(v=ws.10).aspx |
| [14.] | Test Lab Guide: Installing Forefront Identity Manager 2010 R2 | https://technet.microsoft.com/en-us/library/hh322905(v=ws.10).aspx |
| [15.] | Step 7: Perform FIM 2010 R Prerequisite Tasks | https://technet.microsoft.com/en-us/library/hh322882(v=ws.10) |
| [16.] | FIM 2010 R Kerberos Settings (SPN Configuration) | https://technet.microsoft.com/en-us/library/jj134299(v=ws.10).aspx |
| [17.] | Considerations for New Installation of FIM 2010 R2 | https://technet.microsoft.com/en-us/library/jj134293(v=ws.10).aspx |
| [18.] | Installing the FIM 2010 R Server Components | https://technet.microsoft.com/en-us/library/hh332711(v=ws.10).aspx |
FIM Best practices for security
| Ref. no. | Title (alphabetically) | URL |
| [19.] | Forefront Identity Manager 2010 R Best Practices for Security | https://aka.ms/fim2010r2bestpracticessecurity |
| [20.] | FIM 2010 (R2): Well-known GUIDS | https://aka.ms/FIMGuids |
| [21.] | Best practices for the FIM Portal Administrator account | https://www.wapshere.com/missmiis/best-practices-for-the-fim-portal-administrator-account |
FIM Best practice analyzer
| Ref. no. | Title (alphabetically) | URL |
| [22.] | FIM 2010 R2: Same Account being used for FIM Synchronization Service and FIM MA |
https://technet.microsoft.com/en-us/library/jj204553(v=ws.10).aspx |
| [23.] | FIM 2010 R2: FIM Service or the FIM Synchronization Service Account does not have Deny Logon As Batch Job set | https://technet.microsoft.com/en-us/library/jj204563(v=ws.10).aspx |
FIM Sync
| Ref. no. | Title (alphabetically) | URL |
| [24.] | Forefront Identity Manager Password Management | https://technet.microsoft.com/en-us/library/jj590203(v=ws.10).aspx |
| [25.] | Management Agent Communication Ports, Rights, and Permissions | https://aka.ms/fim_portsrightspermissions |
FIM PCNS
| Ref. no. | Title (alphabetically) | URL |
| [26.] | Forefront Identity Manager Password Management | https://technet.microsoft.com/en-us/library/jj590203(v=ws.10).aspx |
| [27.] | Pcnscfg: Password Change Notification Service (PCNS) Configuration Utility |
https://technet.microsoft.com/en-us/library/jj590227(v=ws.10).aspx |
| [28.] | Using Password Synchronization | https://technet.microsoft.com/en-us/library/jj590288(v=ws.10).aspx |
FIM Service
| Ref. no. | Title (alphabetically) | URL |
| [29.] | Configure Message Delivery Restrictions | https://go.microsoft.com/fwlink/?LinkId=183625 |
| [30.] | Configure Message Size Limits for a Mailbox or a Mail-enabled Public Folder |
https://go.microsoft.com/fwlink/?LinkId=183626 |
| [31.] | Configure Storage Quotas for a Mailbox | https://go.microsoft.com/fwlink/?LinkId=156929 |
FIM SSPR
| Ref. no. | Title (alphabetically) |
URL |
| [32.] | To allow SSPR for users that forgot their password you must allow anonymous access to the password reset portal. | https://technet.microsoft.com/en-us/library/ee534892(v=ws.10).aspx#allow_anony_access_pswd_reset_portal |
| [33.] | Password Reset Deployment Guide | https://technet.microsoft.com/en-us/library/ee534892(v=ws.10).aspx |
| [34.] | Password Registration and Reset Portal Deployment | https://technet.microsoft.com/en-us/library/jj134295(v=ws.10).aspx |
FIM CM
| Ref. no. | Title (alphabetically) |
URL |
| [35.] | Create FIM 2010 CM service accounts using PowerShell | https://konab.com/create-fim-2010-cm-service-accounts-using-PowerShell/ |
| [36.] | Create an OU and User Accounts for FIM CM Agents | https://technet.microsoft.com/en-us/library/gg430115(v=ws.10).aspx |
FIM Reporting
| Ref. no. | Title (alphabetically) |
URL |
| [37.] | FIM 2010 R Reporting Permissions | https://aka.ms/fimreportingpermissions |
BHOLD
| Ref. no. | Title (alphabetically) | URL |
| [38.] | FIM 2010: Quick Guide to installing BHOLD Core | https://social.technet.microsoft.com/wiki/contents/articles/18334.fim-2010-quick-guide-to-installing-bhold-core.aspx |
| [39.] | Microsoft BHOLD Suite SP1 Installation Guide | https://technet.microsoft.com/en-us/library/jj134107(v=ws.10).aspx |
| [40.] | BHOLD Core Installation | https://technet.microsoft.com/en-us/library/jj134095(v=ws.10).aspx |
| [41.] | BHOLD Core technical reference | https://technet.microsoft.com/en-us/library/jj134937(v=ws.10).aspx |
SQL Server
| Ref. no. | Title (alphabetically) | URL |
| [42.] | Guidelines on choosing Service Accounts for SQL Server Services. |
https://support.microsoft.com/kb/2160720 |
| [43.] | Server Configuration - Service Accounts | https://msdn.microsoft.com/en-us/library/cc281953.aspx |
| [44.] | SQL Server 2005 Security Best Practices - Operational and Administrative Tasks | https://aka.ms/sql2005securitybestpractices |
| [45.] | SQL Server 2008 R Security Best Practice Whitepaper | https://aka.ms/sql2008securitybestpractices |
| [46.] | SQL Server 201 Security Best Practice Whitepaper | https://aka.ms/sql2012securitybestpractices |
| [47.] | Service Account Types Supported for SQL Server Agent: | https://go.microsoft.com/fwlink/?LinkId=183624 |
| [48.] | Selecting an Account for the SQL Server Agent Service | https://go.microsoft.com/fwlink/?LinkId=12295 |
SharePoint
| Ref. no. | Title (alphabetically) |
URL |
|---|---|---|
| [49.] | Plan for administrative and service accounts (Office SharePoint Server) | https://technet.microsoft.com/en-us/library/cc263445(v=office.12).aspx |
| [50.] | Plan administrative tasks in a least-privilege environment (SharePoint Server 2010) | https://technet.microsoft.com/en-us/library/hh377944(v=office.14).aspx |
| [51.] | Initial deployment administrative and service accounts (SharePoint Server 2010 | https://technet.microsoft.com/en-us/library/ee662513%28v=office.14%29.aspx |
| [52.] | Administrative accounts | https://technet.microsoft.com/en-us/library/55b99d80-3fa7-49f0-bdf4-adb5aa959019(v=office.14)#Section2 |
| [53.] | Harden SQL Server for SharePoint environments (SharePoint Server 2010) | https://technet.microsoft.com/en-us/library/ff607733(v=office.14).aspx |
IIS
| Ref. no. | Title (alphabetically) | URL |
| [54.] | Security Best Practices for IIS 8 | https://technet.microsoft.com/en-us/library/cc263445(v=office.12).aspx |
Download
Download the entire guide at once, in PDF version from Technet Gallery 
.
This document has some additional content, which is not available online.
Direct Links
- FIM/MIM: Planning security setup for accounts, groups and services - Table of contents
- FIM/MIM: Planning security setup for accounts, groups and services - Part 1. Introduction
- FIM/MIM: Planning security setup for accounts, groups and services - Part 2. FIM Security principles
- FIM/MIM: Planning security setup for accounts, groups and services - Part 3. Compact Checklist
- FIM/MIM: Planning security setup for accounts, groups and services - Part 4. Detailed Description
- FIM/MIM: Planning security setup for accounts, groups and services - Part 5. Operational Best Practices
- FIM/MIM: Planning security setup for accounts, groups and services - Part 6. References & authoritative resources** **
- FIM/MIM: Planning security setup for accounts, groups and services - Part 7. Additional resources** **
- FIM/MIM: Planning security setup for accounts, groups and services - Part 8. Glossary
- Identity Manager (FIM/MIM): Planning security setup for accounts, groups and services - Part 9. Release Schedule
- Identity Manager (FIM/MIM): Planning security for accounts, groups and services - Core account type differentiators (Part 10)
Return to Table of Contents of the article series.