Microsoft Identity Manager SP3: What it means for your identity strategy
Steven Connelly
Head of Identity
Published: 27 April 2026
Microsoft have released Service Pack 3 for MIM 2016, easing some short-term compatibility pressures. However, while this buys organisations time, with SharePoint 2016 and 2019 reaching end of support in July 2026, it doesn’t remove the need for identity modernisation.
Microsoft has confirmed the release of Service Pack 3 (SP3) for Microsoft Identity Manager (MIM) 2016, delivering the long anticipated compatibility updates many organisations have been waiting for.
For organisations running the MIM Portal on SharePoint Server 2016 or 2019, SP3 is particularly significant. Both SharePoint versions reach end of support on 14 July 2026, and SP3 removes the immediate uncertainty that previously surrounded that deadline.
What it does not do is alter Microsoft’s strategic direction for identity.
What MIM SP3 delivers
The purpose behind the MIM 2016 SP3 release is to keep existing MIM deployments running on supported Microsoft components and reduce near-term infrastructure risk.
Core compatibility updates in SP3 include:
- Support for Windows Server 2025 and SQL Server 2022
- Support for Azure SQL using Managed Identity authentication
- ADFS claims-based single sign-on for the MIM Portal
- Support for running the MIM Portal on SharePoint Server Subscription Edition (SPSE)
Note: SP3 supports hosting the MIM Portal on SharePoint Server Subscription Edition (SPSE). To stay on a supported SharePoint platform after SharePoint Server 2016/2019 leave support in July 2026, you will need to move the Portal to SPSE. There is no in-place upgrade, so plan a new Portal deployment. SPSE is subscription licensed, so budget for renewals and possible higher run costs.
SP3 extends the operational life of MIM in modern hybrid environments, offering a bridge for organisations not yet ready to fully transition to Microsoft Entra. But it’s very much a short-term bridge and certainly not intended as a long-term solution.
Why SP3 changes the timeline, not the challenge
While SP3 addresses immediate platform support gaps and the associated security and compliance risks, it doesn’t change the fact that MIM remains an on‑premises platform built on ageing components, with a shrinking support window and limited future investment.
Nor does SP3 alter Microsoft’s move towards cloud‑native identity in Microsoft Entra. Investment, innovation, and new capability continue to be concentrated in Entra rather than in MIM. SP3 should therefore be viewed as a tactical extension, not a long‑term answer.
The key difference SP3 creates is timing. Organisations can use the breathing space to modernise deliberately or defer the issue to a point in the future.
Where organisations should focus now
With SP3 available, organisations have a defined period in which identity decisions can be made without immediate deadline pressure. That time should be used deliberately.
In practice, this means:
- Mapping where MIM Portal functionality is genuinely required versus historically accumulated
- Identifying workflows that can be redesigned or decoupled rather than carried forward unchanged
- Reducing reliance on SharePoint‑based identity components where alternatives already exist
- Clarifying which MIM use cases are transitional and which are genuinely long‑term
SP3 removes urgency, not responsibility. The organisations that benefit most will be those that treat this as a planning window, not a pause.
So, is it time to move to Microsoft Entra?
Microsoft Entra now provides Microsoft‑native capabilities that address many of the dependency patterns historically solved through MIM, including:
- Native identity lifecycle workflows
- Access packages and access reviews
- Privileged Identity Management
- SCIM and API‑based provisioning
- Modern self‑service password reset with on‑premises writeback
Entra is not a one‑for‑one replacement for every MIM deployment, particularly where complex metaverse logic or multiple authoritative data sources are involved. However, for a growing proportion of identity workloads, it removes the need to maintain bespoke orchestration and SharePoint‑based delivery mechanisms.
The most effective strategies do not attempt a wholesale replacement. They reduce dependency incrementally, moving suitable workloads first and leaving edge cases in place until they can be addressed safely.
What you can do now
Recommended actions:
The key here is to acknowledge that modernisation still needs to happen. SP3 is all about offering some breathing space so you can make decisions free from the sense of urgency that can lead to rushed decisions.
How Kocho can help
Kocho is one of the UK’s longest-standing specialists in Microsoft identity. We have supported organisations through every phase of Microsoft’s identity evolution, from early on-premises directory services and MIM deployments through to today’s Entra-first architectures.
Working exclusively within the Microsoft identity platform, we help organisations assess MIM dependencies, navigate supportability decisions, and introduce Entra capabilities in a controlled, operationally realistic way.
If you need a Microsoft identity partner who understands both legacy reality and Microsoft’s long-term direction, we are here to help.
For more identity news, advice, demos, and updates visit the Kocho Identity Hub.
latest edition
Everything you need to know about Microsoft Entra
A clear, practical view of how Microsoft Entra works as a unified platform.
Expert guidance on modern identity design, security, governance, and Entra licensing.
Discover how you can:
- Run Entra as one coherent identity platform
- Apply end-to-end security and governance
- Modernise IAM safely, from MIM to AI-driven identity
Become Greater Newsletter
Sign up for expert analysis and exclusive invites
Subscribe to the Kocho newsletter if you want:
- Demos of the latest Microsoft tech
- Invites to exclusive events and webinars
- Resources that make your job easier
Don't Miss
