Skip to main content
Modern 42 Logo
Engineering & Delivery

Get off MIM without losing your business rules.

Microsoft Identity Manager mainstream support ended October 2023. Extended support ends January 2029. If you are still running MIM, you are carrying technical debt. Modern 42 migrates organisations from MIM to Microsoft Entra ID Governance and Lifecycle Workflows, preserving every business rule in the process.

Talk to our team All engineering services
100+IAM & PAM projects
2023MIM mainstream support ended
1000+Rules analysed
100%Microsoft Cloud Security Partner
The case for change

Why organisations replace MIM.

MIM was built for a different era of identity management. The platform has accumulated significant technical debt and Microsoft's investment has moved to Entra ID.

  • MIM mainstream support ended October 2023 (extended support to January 2029)
  • High maintenance burden: custom DLLs, complex workflows, synchronisation rules
  • Difficulty recruiting engineers with current MIM skills
  • No cloud-native integration with Microsoft 365
  • Modern Entra ID capabilities eliminate the need for most MIM functions
The target state

What replaces MIM.

Microsoft Entra ID provides cloud-native replacements for every core MIM capability.

Entra ID Lifecycle Workflows

Automated joiner, mover, and leaver workflows replacing MIM's workflow engine. Cloud-native, no custom code required for standard scenarios.

Microsoft Identity Governance

Access reviews, entitlement management, and access packages replacing MIM's request and approval engine.

Entra ID Connect / Cloud Sync

On-premises Active Directory synchronisation replacing MIM's synchronisation engine. Simpler configuration, cloud-managed.

HR-driven provisioning

Workday, SAP SuccessFactors, and other HR system integration replacing MIM's HR management agent connectors.

SCIM application provisioning

Application provisioning via SCIM 2.0 replacing MIM's legacy management agent connectors. Hundreds of pre-built integrations available.

Apporetum Identity State Model

For more complex hybrid environments, our identity observability platform provides continuous visibility across HR, Entra ID, and Active Directory. Monitor provisioning effectiveness, detect sync gaps, and validate that lifecycle rules are working as designed.

Platform comparison

Microsoft Identity Manager to Entra ID.

A direct comparison of capabilities between Microsoft Identity Manager (MIM) and its replacement Microsoft Entra ID Governance.

Entra ID Governance
Microsoft Identity Manager
Hosting
Cloud-native, zero infrastructure
On-premise SQL and sync servers
Support status
Active development and investment
Mainstream support ended October 2023
HR integration
Native connectors for Workday and SAP SuccessFactors
Custom Management Agents
Access reviews
Built-in periodic access certification
Not available
Lifecycle workflows
Pre-built joiner, mover, leaver templates
Custom sync rules and stored procedures
Talent pool
Expert Entra Engineers who know the platform inside out
Hybrid identity engineers with limited MIM depth
Identity observability
Apporetum Identity State Model for continuous visibility across HR, Entra ID, and AD
No built-in observability or identity health monitoring
Industry Research
1000+

MIM rules analysed across Australian government and enterprise migrations. Every rule documented, validated, and either migrated or retired.

Plan your migration
The hard part

The business rules problem.

The most complex part of any MIM migration is mapping custom workflows, synchronisation rules, and business logic to the target platform. Many MIM environments have accumulated years of customisation that exists only as code, with no documentation and no design records.

We start every MIM migration by reverse-engineering the existing configuration and documenting every business rule. Nothing goes into the target environment without first being understood and validated. This phase is critical and cannot be skipped.

Equally important is knowing which rules should not be carried forward. Legacy workarounds, redundant logic, and rules that exist only because of MIM limitations have no place in a modern platform. We help you decide what to keep, what to simplify, and what to leave behind entirely.

The documentation produced during this phase has value independent of the migration. For many organisations, it is the first complete record of how their identity lifecycle actually operates.

What makes MIM hard

Where MIM migrations stall.

Every MIM environment is unique. These are the areas where migrations fail when the team has not accounted for the full scope.

Undocumented business rules

Most MIM deployments have accumulated years of custom sync rules, stored procedures, and management agent logic that is poorly documented. Every rule must be understood before it can be replaced.

Custom Management Agents

Custom-built connectors for HR systems, databases, and legacy directories often contain critical business logic that cannot be directly lifted into Entra ID. Each agent requires analysis and re-implementation.

Active Directory dependencies

MIM often manages AD group memberships, attribute synchronisation, and provisioning flows that other systems depend on. Replacing MIM requires understanding every downstream dependency.

FAQ

Common questions

Everything you need to know about migrating from Microsoft Identity Manager to Entra ID.

Microsoft Entra ID Connect (or Cloud Sync for simpler environments) replaces the MIM synchronisation service. We migrate sync rules to Entra ID Connect configuration.
We run MIM and the new platform in parallel during the testing phase. Cutover is planned and controlled, typically during a low-activity window.
Most standard workflows can be replicated using Entra ID Lifecycle Workflows and Governance features. Highly custom workflows may require Azure Logic Apps or Power Automate. We document any gaps before migration begins.
Typically three to six months, depending on the complexity of your MIM configuration and the number of custom workflows and synchronisation rules.
Mainstream support ending means Microsoft no longer provides design changes, feature requests, or non-security hotfixes for MIM. You can still log support tickets, but the platform will not receive new capabilities or improvements. Any bugs that are not security-related will not be fixed.
Extended support ending means Microsoft will stop providing security updates and paid support for MIM entirely. Running MIM after this date means operating on an unsupported platform with no security patches, which creates significant compliance and risk exposure for regulated organisations.
No. A key part of our approach is identifying which rules should not be carried forward. Legacy workarounds, redundant logic, and rules that exist only because of MIM limitations have no place in a modern platform. We help you decide what to keep, what to simplify, and what to leave behind.
This is common. We reverse-engineer your existing MIM configuration and document every business rule, sync rule, and workflow before migration begins. For many organisations, this is the first complete record of how their identity lifecycle actually operates.
Yes. For complex hybrid environments, we deploy our Apporetum Identity State Model to provide continuous visibility across HR, Entra ID, and Active Directory. This ensures your lifecycle rules are working as designed and detects sync gaps or provisioning failures.
We don't like to reinvent the wheel. If we have existing IP that covers your requirements, we will use it and the price will reflect that. We would rather spend time tailoring a proven approach to your environment than building the same document from scratch.

Start your MIM migration journey, one rule at a time

We will review your MIM configuration and build a clear migration path to Entra ID Governance.

Get in touchView all services

We use cookies

We use cookies and similar technologies to help personalise content, measure the performance of our site, and provide a better experience. By clicking Accept, you consent to the use of all cookies.
Learn more.